rusty-snake
commented
1 year ago Related: #4961
Open tzsz0 opened 1 year ago
rusty-snake
commented
1 year ago Related: #4961
rusty-snake
commented
1 year ago Is there anything in the syslog?
tzsz0
commented
1 year ago I just performed the steps above twice and with different syslog output. For the first run i go:
/usr/libexec/gdm-x-session[6066]: ThunarThumbnailCache: failed to call Move(): GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name is not activatable(is this even related, i don't know but the timestamp matches)
And the second run result in
Dez 02 18:10:07 SH-Tower.fritz.box audit[810847]: ANOM_ABEND auid=1000 uid=1000 gid=1000 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=810847 comm="minecraft-launc" exe="/home/tzsz/.minecraft/launcher/minecraft-launcher" sig=6 res=1
Dez 02 18:10:07 SH-Tower.fritz.box audit: BPF prog-id=496 op=LOAD
Dez 02 18:10:07 SH-Tower.fritz.box audit: BPF prog-id=497 op=LOAD
Dez 02 18:10:07 SH-Tower.fritz.box audit: BPF prog-id=498 op=LOAD
Dez 02 18:10:07 SH-Tower.fritz.box systemd[1]: Started systemd-coredump@23-810852-0.service - Process Core Dump (PID 810852/UID 0).
Dez 02 18:10:07 SH-Tower.fritz.box audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-coredump@23-810852-0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Dez 02 18:10:07 SH-Tower.fritz.box systemd-coredump[810853]: [🡕] Process 810847 (minecraft-launc) of user 1000 dumped core.
Module /home/tzsz/.minecraft/launcher/minecraft-launcher with build-id 902147eadba5befdafcb78397e0d848a28c1bfbc
Metadata for module /home/tzsz/.minecraft/launcher/minecraft-launcher owned by FDO found: {
"type" : "rpm",
"name" : "libunistring",
"version" : "1.0-2.fc37",
"architecture" : "x86_64",
"osCpe" : "cpe:/o:fedoraproject:fedora:37"
}
Module /home/tzsz/.minecraft/launcher/libcef.so with build-id 3ed2fdcfd233a40c7cd1fda5c6f0bf5476c336d5
Metadata for module /home/tzsz/.minecraft/launcher/libcef.so owned by FDO found: {
"type" : "rpm",
"name" : "libunistring",
"version" : "1.0-2.fc37",
"architecture" : "x86_64",
"osCpe" : "cpe:/o:fedoraproject:fedora:37"
}
Module /home/tzsz/.minecraft/launcher/liblauncher.so with build-id d605e443e6f1146f2e6b72cd883cfad17a29d04b
Metadata for module /home/tzsz/.minecraft/launcher/liblauncher.so owned by FDO found: {
"type" : "rpm",
"name" : "libunistring",
"version" : "1.0-2.fc37",
"architecture" : "x86_64",
"osCpe" : "cpe:/o:fedoraproject:fedora:37"
}
Module /run/firejail/lib/libtracelog.so with build-id 58b86ef7bd8ee516b77bac85efebe79077fbd488
Metadata for module /run/firejail/lib/libtracelog.so owned by FDO found: {
"type" : "rpm",
"name" : "libunistring",
"version" : "1.0-2.fc37",
"architecture" : "x86_64",
"osCpe" : "cpe:/o:fedoraproject:fedora:37"
}
Module linux-vdso.so.1 with build-id f1344d7d7c9efcbcc6c90cee049c4f55e997d439
Module libgmp.so.10 with build-id c88399b381c39d7e45a5c8d078e8f34a237cb03b
Metadata for module libgmp.so.10 owned by FDO found: {
"type" : "rpm",
"name" : "gmp",
"version" : "6.2.1-3.fc37",
"architecture" : "x86_64",
"osCpe" : "cpe:/o:fedoraproject:fedora:37"
}
Module libhogweed.so.6 with build-id 6f32d090a6de6b372ab9258d2f9656c808aba96d
Metadata for module libhogweed.so.6 owned by FDO found: {
"type" : "rpm",
"name" : "nettle",
"version" : "3.8-2.fc37",
"architecture" : "x86_64",
"osCpe" : "cpe:/o:fedoraproject:fedora:37"
}
Module libnettle.so.8 with build-id c0f18d9e28d93220296008fe3bc58b22347b1835
Metadata for module libnettle.so.8 owned by FDO found: {
"type" : "rpm",
"name" : "nettle",
"version" : "3.8-2.fc37",
"architecture" : "x86_64",
"osCpe" : "cpe:/o:fedoraproject:fedora:37"
}
Module libtasn1.so.6 with build-id fca2bdc5861a580a09853fbc80c9f63591bf0ea6
Metadata for module libtasn1.so.6 owned by FDO found: {
"type" : "rpm",
"name" : "libtasn1",
"version" : "4.18.0-3.fc37",
"architecture" : "x86_64",
"osCpe" : "cpe:/o:fedoraproject:fedora:37"
}
Module libunistring.so.2 with build-id 0c89f0c5be4a239b6ab72dc3aa015b95fc8ede0d
Metadata for module libunistring.so.2 owned by FDO found: {
"type" : "rpm",
"name" : "libunistring",
"version" : "1.0-2.fc37",
"architecture" : "x86_64",
"osCpe" : "cpe:/o:fedoraproject:fedora:37"
}
Module libidn2.so.0 with build-id 220865bcdf15c803f8dd897650798ecb5c2ef1e6
Metadata for module libidn2.so.0 owned by FDO found: {
"type" : "rpm",
"name" : "libidn2",
"version" : "2.3.4-1.fc37",
"architecture" : "x86_64",
"osCpe" : "cpe:/o:fedoraproject:fedora:37"
}
--SNIP-- ( i removed some lines because this continued for like 900+ lines only with different libraries.)
Module libglib-2.0.so.0 with build-id 2e3f66df3fd65783975e00e471f9ba46bc371aec
Metadata for module libglib-2.0.so.0 owned by FDO found: {
"type" : "rpm",
"name" : "glib2",
"version" : "2.74.1-2.fc37",
"architecture" : "x86_64",
"osCpe" : "cpe:/o:fedoraproject:fedora:37"
}
Module libgmodule-2.0.so.0 with build-id 96a9fd2bb241550a525c810efc1be53dd6a5e0f7
Metadata for module libgmodule-2.0.so.0 owned by FDO found: {
"type" : "rpm",
"name" : "glib2",
"version" : "2.74.1-2.fc37",
"architecture" : "x86_64",
"osCpe" : "cpe:/o:fedoraproject:fedora:37"
}
Module ld-linux-x86-64.so.2 with build-id 3abf9e1b0792e260bf11a8023ddc3e2721563ea6
Module libc.so.6 with build-id 765237b0355c030ff41d969eedcb87bfccb43595
Module libgcc_s.so.1 with build-id bad96a3adc0a3a006e7ef4900ff3ae1ddcc33ed2
Module libm.so.6 with build-id fd53990348f5eed735f9a8021f7a47063691353e
Module libstdc++.so.6 with build-id 5c63442039be42a72c8722574572171b19f18d66
Module libgobject-2.0.so.0 with build-id be217b1a4293170c6f560645618214fe20be3278
Metadata for module libgobject-2.0.so.0 owned by FDO found: {
"type" : "rpm",
"name" : "glib2",
"version" : "2.74.1-2.fc37",
"architecture" : "x86_64",
"osCpe" : "cpe:/o:fedoraproject:fedora:37"
}
Module libgdk-3.so.0 with build-id 0dcfd702ed51964d768492623f9390ea15992b8a
Metadata for module libgdk-3.so.0 owned by FDO found: {
"type" : "rpm",
"name" : "gtk3",
"version" : "3.24.35-1.fc37",
"architecture" : "x86_64",
"osCpe" : "cpe:/o:fedoraproject:fedora:37"
}
Module libgtk-3.so.0 with build-id 97206f44d073afdd51487210d43f2d5808c0464a
Metadata for module libgtk-3.so.0 owned by FDO found: {
"type" : "rpm",
"name" : "gtk3",
"version" : "3.24.35-1.fc37",
"architecture" : "x86_64",
"osCpe" : "cpe:/o:fedoraproject:fedora:37"
}
Module libpthread.so.0 with build-id 2b81e8ee3d186efc93bb38d855841ae193d09853
Module libdl.so.2 with build-id 9b8f976e7c6d2c96004d734f77fa2282b6241268
Stack trace of thread 330:
#0 0x00007ffac96afe7c __pthread_kill_implementation (libc.so.6 + 0x8ce7c)
#1 0x00007ffac965faa6 raise (libc.so.6 + 0x3caa6)
#2 0x00007ffac96497fc abort (libc.so.6 + 0x267fc)
#3 0x00007ffac98a2b97 _ZN9__gnu_cxx27__verbose_terminate_handlerEv.cold (libstdc++.so.6 + 0xa2b97)
#4 0x00007ffac98ae48c _ZN10__cxxabiv111__terminateEPFvvE (libstdc++.so.6 + 0xae48c)
#5 0x00007ffac98ad4f9 __cxa_call_terminate (libstdc++.so.6 + 0xad4f9)
#6 0x00007ffac98adc16 __gxx_personality_v0 (libstdc++.so.6 + 0xadc16)
#7 0x00007ffaca436c74 _Unwind_RaiseException_Phase2 (libgcc_s.so.1 + 0x16c74)
#8 0x00007ffaca4376cd _Unwind_Resume (libgcc_s.so.1 + 0x176cd)
#9 0x00007ffab2558347 n/a (/home/me/.minecraft/launcher/liblauncher.so + 0x558347)
ELF object binary architecture: AMD x86-64
Dez 02 18:10:07 SH-Tower.fritz.box systemd[1]: systemd-coredump@23-810852-0.service: Deactivated successfully.
Dez 02 18:10:07 SH-Tower.fritz.box audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-coredump@23-810852-0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Dez 02 18:10:07 SH-Tower.fritz.box audit: BPF prog-id=0 op=UNLOAD
Dez 02 18:10:07 SH-Tower.fritz.box audit: BPF prog-id=0 op=UNLOAD
Dez 02 18:10:07 SH-Tower.fritz.box audit: BPF prog-id=0 op=UNLOAD
Dez 02 18:10:08 SH-Tower.fritz.box abrt-server[810998]: Executable '/home/me/.minecraft/launcher/minecraft-launcher' doesn't belong to any package and ProcessUnpackaged is set to 'no'
Dez 02 18:10:08 SH-Tower.fritz.box abrt-server[810998]: 'post-create' on '/var/spool/abrt/ccpp-2022-12-02-18:10:08.149052-810847' exited with 1
Dez 02 18:10:08 SH-Tower.fritz.box abrt-server[810998]: Deleting problem directory '/var/spool/abrt/ccpp-2022-12-02-18:10:08.149052-810847'
Dez 02 18:11:33 SH-Tower.fritz.box /usr/libexec/gdm-x-session[6066]: ThunarThumbnailCache: failed to call Move(): GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name is not activatableThere is the stacktrace, I just don't know why it didn't show in the first run.
kmk3
commented
1 year ago (Offtopic)
@tzsz0
Please see the following links for how to format code blocks in markdown:
tzsz0
commented
1 year ago (fixed formatting)
tzsz0
commented
1 year ago So, I tried to find the line in the profile that hinders the game from launching. After some digging, I thought I found it but now I am at a state where firejail doesnt sandbox anything anymore.
Running firejail --profile=/etc/firejail/minecraft-launcher.profile games/minecraft/minecraft-launcher/minecraft-launcher launches the launcher and(!) the game but the first line in the terminal states
Warning: an existing sandbox was detected. games/minecraft/minecraft-launcher/minecraft-launcher will run without any additional sandboxing featuresSo I guess that refers to the chromium part of the launcher. However, it would still leave the rest of the game without any further security constraints. The most problematic part is that malicious mods could escape the game and do harm to my system and/or read/write important files in my /home directory.*
And I don't know why the game runs now, I am using the same profile as I did in the beginning
*EDIT: I tried, the program can read all subdirectories (incl contents) in my homedir EDIT2: /etc/firejail/minecraft-launcher.profile is the original file, I made all modifications to a local file EDIT3: appearently I was in a sandboxed shell...
kmk3
commented
1 year ago @tzsz0 commented on Dec 2:
Install firejail (0.9.70), download minecraft-launcher from minecraft.net and extract it to games/minecraft-launcher. Create file minecraft.local with content
include /etc/firejail/minecraft-launcher.profile whitelist ~/games/minecraft-launcher
Note that /etc/firejail/minecraft-launcher.profile already includes minecraft-launcher.local at the beginning of the file.
So that include should either be removed or changed into something like the following:
whitelist ~/games/minecraft-launcher include ${CFG}/minecraft-launcher.local
Which includes /etc/firejail/minecraft-launcher.local if it exists. This way, the commands in the profiles would effectively be executed in the following order:
Description
While it's possible to open the minecraft launcher itself, the actual game does not start. I can open the launcher, den then click on Start/Play, this only results in Exit Code 1.
Steps to Reproduce
Install firejail (0.9.70), download minecraft-launcher from minecraft.net and extract it to games/minecraft-launcher. Create file minecraft.local with content
And then execute
firejail --profile=minecraft.local games/minecraft-launcher/minecraft-launcher. Login to minecraft and try launching the game with the latest version (1.19.2 as of writing this)Note, the launcher does not crash but only displays a small pop up with the exit code. When running with --noprofile, the game works fine.
LC_ALL=C firejail PROGRAM(LC_ALL=Cto get a consistent output in English that can be understood by everybody)ERRORExpected behavior
Successful game startup
Actual behavior
Launcher can't start game and reports Exit Code 1
Behavior without a profile
Game was playable
Additional context
.
Environment
Checklist
/usr/bin/vlc) "fixes" it).https://github.com/netblue30/firejail/issues/1139)[? ]]browser-allow-drm yes/browser-disable-u2f noinfirejail.configto allow DRM/U2F in browsers.--profile=PROFILENAMEto set the right profile. (Only relevant for AppImages)EDIT by @rusty-snake: Fix markdown