Open anomalocaris452 opened 1 year ago
Can you check if https://github.com/netblue30/firejail/commit/72eac267253543dd00e802d01123c4af5add33a3 fixed that too.
Also consider to format your posts and provided information requested in the bug report template.
@rusty-snake disabling apparmor aint helps (new eerrors)
firejail audacity
Reading profile /etc/firejail/audacity.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-shell.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 4973, child pid 4974
1 program installed in 1224.26 ms
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Warning: not remounting /run/user/1000/doc
Warning: not remounting /run/user/1000/gvfs
Blacklist violations are logged to syslog
Child process initialized in 1512.63 ms
audacity: error while loading shared libraries: lib-project-rate.so: cannot open shared object file: No such file or directory
Parent is shutting down, bye...
BUT disabling private-bin WORKS well!! Thanks
(Offtopic)
@anomalocaris452
Please see the following links for how to format code blocks in markdown:
Can you check if 72eac26 fixed that too.
@rusty-snake IMO it is related (cfr. the discussion in #5281). I normally don't use audacity but have installed it to test all this. Will need some time. But I can already confirm having apparmor + private-bin works flawlessly on Arch Linux. But we might need to loosen up the profile to support distro's where private-bin might be causing issues.
@anomalocaris452 What distro are you running? And do you actually use AppArmor?
On another note, Audacity 3.2.2 apparently now supports XDG_CONFIG_HOME. It no longer uses ${HOME/.audacity-data by default. I'll be opening a PR for this shortly, as that's something we can do right now without breaking things.
@glitsj16 manjaro
@glitsj16 manjaro
Fine, thanks. I assume Manjaro packages Audacity in the same way Arch Linux does, but I'll check up on that.
We still would like to know if you're running with AppArmor
enabled or not. Details on how to find out are on the Arch wiki. This can help us to determine how best to fix this. Currently our audacity.profile is pretty tight, and private-bin audacity
is an important part of that, which we'd prefer to keep as tight as possible. Also, we just recently made a few changes to it, as Audacity 3.2.2 started to support different configuration locations:
If you still have a ${HOME}/.audacity-data, move that out of the way and test with the below ~/.config/firejail/audacity.profile
if you can:
# Firejail profile for audacity
# Description: Fast, cross-platform audio editor
# This file is overwritten after every install/update
# Persistent local customizations
include audacity.local
# Persistent global definitions
include globals.local
# Add the below lines to your audacity.local if you need online plugins.
#ignore net none
#netfilter
#protocol inet6
noblacklist ${HOME}/.audacity-data
noblacklist ${HOME}/.cache/audacity
noblacklist ${HOME}/.config/audacity
noblacklist ${HOME}/.local/share/audacity
noblacklist ${HOME}/.local/state/audacity
noblacklist ${DOCUMENTS}
noblacklist ${MUSIC}
include disable-common.inc
include disable-devel.inc
include disable-exec.inc
include disable-interpreters.inc
include disable-programs.inc
include disable-shell.inc
include disable-xdg.inc
include whitelist-var-common.inc
# Silence blacklist violation. See #5539.
allow-debuggers
## Enabling App Armor appears to break some Fedora / Arch installs
#apparmor
caps.drop all
net none
no3d
nodvd
nogroups
noinput
nonewprivs
noroot
notv
nou2f
novideo
protocol unix,inet
seccomp
tracelog
private-bin audacity
private-dev
private-tmp
# problems on Fedora 27
# dbus-user none
# dbus-system none
Manjaro Audacity 3.2.2 firejail 0.9.70