firejail --x11=xorg result in unable to open display

[ckorder]

Bug and expected behavior firejail --x11=xorg firefox result in unable to open display x11=xorg isnt working for any application while xpra is working

No protocol specified /usr/bin/xauth: (argv):1: unable to open display ":0". Failed to create untrusted X cookie: xauth: exit 1

Reproduce Using default profiles with sudo firecfg

im only getting this kind of errors with Intel © Core™ i7 and not with AMD.

• What changed calling firejail --noprofile /path/to/program in a terminal? nothing beside not loading profile firejail --noprofile --x11=xorg firefox

  Parent pid 607099, child pid 607100
  No protocol specified
  /usr/bin/xauth: (argv):1:  unable to open display ":0".
  Failed to create untrusted X cookie: xauth: exit 1
  Error: proc 607099 cannot sync with peer: unexpected EOF
  Peer 607100 unexpectedly exited with status 1

firejail --noprofile --x11=xorg firefox Parent pid 607099, child pid 607100 No protocol specified /usr/bin/xauth: (argv):1: unable to open display ":0". Failed to create untrusted X cookie: xauth: exit 1 Error: proc 607099 cannot sync with peer: unexpected EOF Peer 607100 unexpectedly exited with status 1 user@pc:/opt$ firejail --x11=xorg firefox Reading profile /etc/firejail/firefox.profile Reading profile /etc/firejail/whitelist-usr-share-common.inc Reading profile /etc/firejail/firefox-common.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Warning: networking feature is disabled in Firejail configuration file Parent pid 607408, child pid 607409 Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Warning: cleaning all supplementary groups Warning: cleaning all supplementary groups Warning: cleaning all supplementary groups Warning: cleaning all supplementary groups Post-exec seccomp protector enabled No protocol specified /usr/bin/xauth: (argv):1: unable to open display ":0". Failed to create untrusted X cookie: xauth: exit 1 Error: proc 607408 cannot sync with peer: unexpected EOF Peer 607409 unexpectedly exited with status 1

Environment Linux Mint 20.1 firejail version 0.9.62 Compile time support:

• AppArmor support is enabled
• AppImage support is enabled
• chroot support is enabled
• file and directory whitelisting support is enabled
• file transfer support is enabled
• firetunnel support is enabled
• networking support is enabled
• overlayfs support is enabled
• private-home support is enabled
• seccomp-bpf support is enabled
• user namespace support is enabled
• X11 sandboxing support is enabled

within virtual machine its working without these errors used sudo firecfg as well, but window is showing everything is working. rly weird like #4104 where the issue just does not occur in a virtual machine, but i don't get why

Reading profile /etc/firejail/firefox.profile
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/firefox-common.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Warning: networking feature is disabled in Firejail configuration file
Parent pid 3738, child pid 3739
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Warning: cleaning all supplementary groups
Warning: cleaning all supplementary groups
Warning: cleaning all supplementary groups
Warning: cleaning all supplementary groups
Post-exec seccomp protector enabled
Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
Child process initialized in 130.06 ms
Warning: an existing sandbox was detected. /usr/bin/firefox will run without any additional sandboxing features
dpkg-query: error: failed to open package info file '/var/lib/dpkg/status' for reading: No such file or directory
[GFX1-]: glxtest: GLX extension missing
^C
Parent received signal 2, shutting down the child process...

Child received signal 2, shutting down the sandbox...

Parent is shutting down, bye...

[glitsj16]

firejail version 0.9.62

Please update this 0.9.62 version as soon as possible. Besides being outdated it is vulnerable to CVE-2021-26910, which is fixed in 0.9.64.4. You can install/update firejail from this PPA, which happens to be maintained by one of our collaborators.

It could be that you'll encounter the reported issue on the latest stable release too, but at least we then have a sound 'base' to start looking at it in detail.

[ckorder]

official-package-repositories.list:
ubuntu focal main restricted universe multiverse

who's responsible for... never mind, i dont care its ubuntu anyway 🗑️ 😄

[rusty-snake]

Duplicate of #1741

[ckorder]

@eevee any one else please respond if the circumstances are equal or different

im only getting this kind of errors with Intel © Core™ i7 and not with AMD.

[u132]

Try running xhost si:localuser:username