search

netblue30 / firejail

Linux namespaces and seccomp-bpf sandbox
https://firejail.wordpress.com
GNU General Public License v2.0
5.69k stars 557 forks source link

firefox: cannot run without X11 abstract sockets #4715

Open placidchat opened 2 years ago

placidchat commented 2 years ago

Description

Running firefox 94 with no X11 abstract sockets fails

Steps to Reproduce

  1. Disable X11 abstract sockets, and use only unix domain sockets
  2. Create a lightdm config file in /etc/lightdm/lightdm.d : do [Seat:*] xserver-command=X -nolisten local
  3. Restart and login
  4. ss -lp | grep X11
  5. observe that there are no @ abstract sockets
  6. firejail --profile=firefox firefox
  7. There is an error message Unable to create Xauthority file

Additional context

  1. firejail --profile=firefox xeyes works fine, so it isn't purely a firejail issue

Environment

ubuntu 20.04

placidchat commented 2 years ago

Slight mistake firejail --profile=firefox --x11=xorg firefox --no-remote gives the error

DISPLAY=:0.0 parsed as 0 Generating a new .Xauthority file Drop privileges: pid 5, uid 1002, gid 1002, nogroups 1 No supplementary groups Using authority file /tmp/.tmpXauth-RLK1Oh /usr/bin/xauth: (argv):1: unable to open display ":0.0". Failed to create untrusted X cookie: xauth: exit 1 Error: proc 8574 cannot sync with peer: unexpected EOF Peer 8575 unexpectedly exited with status 1

whereas firejail --profile=firefox firefox seems to work fine. Isn't the default supposed to be --x11=xorg to begin with ?

placidchat commented 2 years ago

My mistake firejail --profile=firefox --x11=xorg xeyes fails as well.

rusty-snake commented 2 years ago

FTR, similar issues: #4105 #1741 #3627