search

netblue30 / firejail

Linux namespaces and seccomp-bpf sandbox
https://firejail.wordpress.com
GNU General Public License v2.0
5.79k stars 566 forks source link

trans: program hangs ("translate shell") #4935

Open Rosika2 opened 2 years ago

Rosika2 commented 2 years ago

Hi all,

after upgrading firejail to the latest version 0.9.68 I seem to run into problems when trying to use "translate shell".

In order to make sure it has nothing to with "translate shell" itself I downloaded the latest version of it: https://www.soimort.org/translate-shell/ That way I got the "trans"-script written in Perl. After making it executable: chmod +x ./trans it should work.

From the respective directory: (example):

./trans -shell hu:en

And it does. But when trying to run it from within firejail the programm still starts but hangs at a certain point:

Parent pid 14014, child pid 14015
Child process initialized in 22.17 ms
Translate Shell
(:q to quit)
Magyar> ház

Nothing happens and I can eventually quit the process by invoking "CTRL-C":

Parent received signal 2, shutting down the child process...
Child received signal 2, shutting down the sandbox...
Parent is shutting down, bye...

Curiously enough "firejail --noprofile" yields the exact same results.

Until now the "/.trans"-command used to work perfectly within firejail. It´s just the latest firejail version which seems to trigger the problem...

Can anybody help, please?

Many thanks in advance and many greetings.

Rosika

P.S.:

My system: Linux Lubuntu 20.04.3 LTS, 64 bit

Rosika2 commented 2 years ago

UPDATE:

Hi again,

what strikes me as odd is the following fact:

From the terminal I can cd into the directory where the trans script resides: cd /media/rosika/f14a27c2-0b49-4607-94ea-2e56bbf76fe1/DATEN-PARTITION/Dokumente/Ergänzungen_zu_Programmen/zu_translate-shell_Feb2022/ Then: firejail --private=(pwd)

From the sandbox created this way trans can be used as per normal:

./trans -shell hu:en
Translate Shell
(:q to quit)
Magyar> ház
ház

house

Definitionen von ház
[ Magyar -> English ]

Substantiv
    house
        ház, lakóház, lakóhely
    housing
        ház, lakás, szállás, lakásügy, elhelyezés, elszállásolás
    shell
        héj, kagyló, ház, akna
    chamber
        kamra, kamara, szoba, ház

ház
    house

Magyar> 

But it just works this way and apparently no other...
rusty-snake commented 2 years ago

Does firejail --noprofile /bin/sh -c "./trans -shell hu:en" work?

Rosika2 commented 2 years ago

Hi @rusty-snake,

thanks for helping me.

I´ve tried what you suggested:

firejail --noprofile /bin/sh -c "/media/rosika/f14a27c2-0b49-4607-94ea-2e56bbf76fe1/DATEN-PARTITION/Dokumente/Ergänzungen_zu_Programmen/zu_translate-shell_Feb2022/trans -shell hu:en" 
Parent pid 27778, child pid 27779
Child process initialized in 20.41 ms
Translate Shell
(:q to quit)
Magyar> ház

So the trans process is still stuck like in the beginning. Sorry.

Rosika2 commented 2 years ago

I just tried the following command:

firejail --noprofile /bin/sh -c "/media/rosika/f14a27c2-0b49-4607-94ea-2e56bbf76fe1/DATEN-PARTITION/Dokumente/Ergänzungen_zu_Programmen/zu_translate-shell_Feb2022/trans -shell -R"

explanation:

-R, -reference-english Print reference table of languages (in English names) and exit.

As you can see this one worked:

firejail --noprofile /bin/sh -c "/media/rosika/f14a27c2-0b49-4607-94ea-2e56bbf76fe1/DATEN-PARTITION/Dokumente/Ergänzungen_zu_Programmen/zu_translate-shell_Feb2022/trans -shell -R"
Parent pid 28728, child pid 28729
Child process initialized in 21.95 ms
┌───────────────────────┬───────────────────────┬───────────────────────┐
│ Afrikaans      -   af │ Hebrew         -   he │ Portuguese     -   pt │
│ Albanian       -   sq │ Hill Mari      -  mrj │ Punjabi        -   pa │
│ Amharic        -   am │ Hindi          -   hi │ Querétaro Otomi-  otq │
│ Arabic         -   ar │ Hmong          -  hmn │ Romanian       -   ro │
│ Armenian       -   hy │ Hmong Daw      -  mww │ Russian        -   ru │
│ Azerbaijani    -   az │ Hungarian      -   hu │ Samoan         -   sm │
│ Bashkir        -   ba │ Icelandic      -   is │ Scots Gaelic   -   gd │
│ Basque         -   eu │ Igbo           -   ig │ Serbian (Cyr...-sr-Cyrl
│ Belarusian     -   be │ Indonesian     -   id │ Serbian (Latin)-sr-Latn
│ Bengali        -   bn │ Irish          -   ga │ Sesotho        -   st │
│ Bosnian        -   bs │ Italian        -   it │ Shona          -   sn │
│ Bulgarian      -   bg │ Japanese       -   ja │ Sindhi         -   sd │
│ Cantonese      -  yue │ Javanese       -   jv │ Sinhala        -   si │
│ Catalan        -   ca │ Kannada        -   kn │ Slovak         -   sk │
│ Cebuano        -  ceb │ Kazakh         -   kk │ Slovenian      -   sl │
│ Chichewa       -   ny │ Khmer          -   km │ Somali         -   so │
│ Chinese Simp...- zh-CN│ Klingon        -  tlh │ Spanish        -   es │
│ Chinese Trad...- zh-TW│ Klingon (pIqaD)tlh-Qaak Sundanese      -   su │
│ Corsican       -   co │ Korean         -   ko │ Swahili        -   sw │
│ Croatian       -   hr │ Kurdish        -   ku │ Swedish        -   sv │
│ Czech          -   cs │ Kyrgyz         -   ky │ Tahitian       -   ty │
│ Danish         -   da │ Lao            -   lo │ Tajik          -   tg │
│ Dutch          -   nl │ Latin          -   la │ Tamil          -   ta │
│ Eastern Mari   -  mhr │ Latvian        -   lv │ Tatar          -   tt │
│ Emoji          -  emj │ Lithuanian     -   lt │ Telugu         -   te │
│ English        -   en │ Luxembourgish  -   lb │ Thai           -   th │
│ Esperanto      -   eo │ Macedonian     -   mk │ Tongan         -   to │
│ Estonian       -   et │ Malagasy       -   mg │ Turkish        -   tr │
│ Fijian         -   fj │ Malay          -   ms │ Udmurt         -  udm │
│ Filipino       -   tl │ Malayalam      -   ml │ Ukrainian      -   uk │
│ Finnish        -   fi │ Maltese        -   mt │ Urdu           -   ur │
│ French         -   fr │ Maori          -   mi │ Uzbek          -   uz │
│ Frisian        -   fy │ Marathi        -   mr │ Vietnamese     -   vi │
│ Galician       -   gl │ Mongolian      -   mn │ Welsh          -   cy │
│ Georgian       -   ka │ Myanmar        -   my │ Xhosa          -   xh │
│ German         -   de │ Nepali         -   ne │ Yiddish        -   yi │
│ Greek          -   el │ Norwegian      -   no │ Yoruba         -   yo │
│ Gujarati       -   gu │ Papiamento     -  pap │ Yucatec Maya   -  yua │
│ Haitian Creole -   ht │ Pashto         -   ps │ Zulu           -   zu │
│ Hausa          -   ha │ Persian        -   fa │                       │
│ Hawaiian       -  haw │ Polish         -   pl │                       │
└───────────────────────┴───────────────────────┴───────────────────────┘

Parent is shutting down, bye...

This command didn´t require any internet connection, I guess. Could it mean that internet connection is somehow refused?

Rosika2 commented 2 years ago

Hi again,

I don´t know if it helps at all but just want to let you know: In order to get trans working I don´t even have to cd into the respective folder but can start it from anywhere. The direct command then works even with the default.profile.

BUT: I have to create an empty sandbox first. From there I can invoke the respective command by adding the correct path:

rosika@rosika-10159 ~ [SIGINT]> firejail
Reading profile /etc/firejail/default.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-programs.inc
Warning: networking feature is disabled in Firejail configuration file

** Note: you can use --noprofile to disable default.profile **

Parent pid 3871, child pid 3872
Child process initialized in 84.67 ms
Willkommen zu fish, der freundlichen interaktiven Shell
Type `help` for instructions on how to use fish
rosika@rosika-10159 ~> /media/rosika/f14a27c2-0b49-4607-94ea-2e56bbf76fe1/DATEN-PARTITION/Dokumente/Ergänzungen_zu_Programmen/zu_translate-shell_Feb2022/trans -shell hu:en
Translate Shell
(:q to quit)
Magyar> anya
anya

maternal

Definitionen von anya
[ Magyar -> English ]

Substantiv
    mother
        anya, mama, édesanya, családanya

anya
    maternal, mother

Magyar>

After using trans I can close the sandbox. Yet it seems to work just this way.

I´m still at a loss as why to the command

firejail --noprofile /bin/sh -c "/media/rosika/f14a27c2-0b49-4607-94ea-2e56bbf76fe1/DATEN-PARTITION/Dokumente/Ergänzungen_zu_Programmen/zu_translate-shell_Feb2022/trans -shell hu:en"

doesn´t work any more.

Many greetings Rosika

Rosika2 commented 2 years ago

Hi once more,

in order to find out some more about the matter I copied the folder containing the trans script to my Debian buster virtual machine with sftp. Here an older version of firejail is installed:

BUT actually in Debian the old command works:

rosika2@debian ~> firejail --private=/home/rosika2/Dokumente/Ergänzungen_zu_Programmen/zu_translate-shell_Feb2022 ./trans -shell hu:en
Reading profile /etc/firejail/default.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Warning: networking feature is disabled in Firejail configuration file

** Note: you can use --noprofile to disable default.profile **

Parent pid 2433, child pid 2434
Child process initialized in 75.09 ms
Translate Shell
(:q to quit)
Magyar> anya
anya

maternal

Definitionen von anya
[ Magyar -> English ]

Substantiv
    mother
        anya, mama, édesanya, családanya

anya
    maternal, mother

Magyar> :q

Parent is shutting down, bye...

So I took a closer look at the profiles which are read during the initializing process and there is one difference between the two firejail versions:

In Lubuntu with firejail version 0.9.68-3~0ubuntu20.04.0:

Reading profile /etc/firejail/default.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-programs.inc
Warning: networking feature is disabled in Firejail configuration file

** Note: you can use --noprofile to disable default.profile **

In Debian with firejail version 0.9.58.2-2+deb10u2:

Reading profile /etc/firejail/default.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Warning: networking feature is disabled in Firejail configuration file

** Note: you can use --noprofile to disable default.profile **

The difference being

Reading profile /etc/firejail/disable-passwdmgr.inc

which is only set in the older version. It seems this one (or rather the lack of it) should be responsible for the problem. Yet I´m not totally sure of that.

Many greetings from Rosika

rusty-snake commented 2 years ago

It seems this one (or rather the lack of it) should be responsible for the problem. Yet I´m not totally sure of that.

Nope, that not the issue here.

Rosika2 commented 2 years ago

Hi,

o.k., thanks for the feedback.

That was just a wild guess on my part as I couldn´t find any other differences in the behaviour of the two firejail versions (see above).

Many greetings Rosika

rusty-snake commented 2 years ago

Anything useful if you run firejail --profile=noprofile ./trans --debug? firejail --profile=noprofile /usr/bin/gawk --debug -f ./trans?

Rosika2 commented 2 years ago

Hi @rusty-snake,

thanks so much for your help.

The first command won´t work and I get this output:

firejail --profile=noprofile ./trans --debug
Reading profile /etc/firejail/noprofile.profile
Parent pid 5517, child pid 5518
Warning: cannot open source file /usr/lib/x86_64-linux-gnu/firejail/seccomp.debug32, file not copied
Child process initialized in 41.42 ms

As for the second command I get this:

firejail --profile=noprofile /usr/bin/gawk --debug -f ./trans
Reading profile /etc/firejail/noprofile.profile
Parent pid 5859, child pid 5860
Warning: cannot open source file /usr/lib/x86_64-linux-gnu/firejail/seccomp.debug32, file not copied
Child process initialized in 16.48 ms
gawk: ./trans:2: export TRANS_ENTRY="$0"
gawk: ./trans:2:                   ^ syntax error
gawk: ./trans:3: if [[ ! $LANG =~ (UTF|utf)-?8$ ]]; then export LANG=en_US.UTF-8; fi
gawk: ./trans:3: ^ syntax error
gawk: ./trans:3: if [[ ! $LANG =~ (UTF|utf)-?8$ ]]; then export LANG=en_US.UTF-8; fi
gawk: ./trans:3:               ^ syntax error
gawk: ./trans:3: if [[ ! $LANG =~ (UTF|utf)-?8$ ]]; then export LANG=en_US.UTF-8; fi
gawk: ./trans:3:                       ^ syntax error
gawk: ./trans:3: if [[ ! $LANG =~ (UTF|utf)-?8$ ]]; then export LANG=en_US.UTF-8; fi
gawk: ./trans:3:                           ^ syntax error
gawk: ./trans:3: if [[ ! $LANG =~ (UTF|utf)-?8$ ]]; then export LANG=en_US.UTF-8; fi
gawk: ./trans:3:                                                    ^ syntax error
gawk: ./trans:3: if [[ ! $LANG =~ (UTF|utf)-?8$ ]]; then export LANG=en_US.UTF-8; fi
gawk: ./trans:3:                                                                ^ syntax error
gawk: ./trans:4: read -r -d '' TRANS_PROGRAM << 'EOF'
gawk: ./trans:4:            ^ ungültiges Zeichen »'« in einem Ausdruck
gawk: ./trans:4: read -r -d '' TRANS_PROGRAM << 'EOF'
gawk: ./trans:4:            ^ syntax error

Parent is shutting down, bye...

Here firejail shuts down by itself.

Hopefully this will help a bit. I myself am not sure what to make of it.

Many thanks and many greetings. Rosika