Closed pirate486743186 closed 6 months ago
rusty-snake
commented
6 months ago To me it is not clear what the actionable part is here. Can you reformulate it or give examples.
private-etc copies both of them, that's 300MB... so the 500MB limit is often hit.
So there are 200MB left. What else is in /etc that takes so much space?
pirate486743186
commented
6 months ago things started breaking in a chaotic manner and it wasn't obvious that etc was "filled up".... with symlinks.
also electron apps build with electron builder, use update alternative and they are 166MB each because they are statically linked to death. Yes, that's just the executable, i'm discovering this now. Then they are a few normal fonts at 7MB and liblapack.so at 7MB, the rest are smaller. So you only need 3 electron apps build with electron builder to brake firejail.
WITHOUT the soundfonts... du -shL /etc/alternatives/ 375MB
Fedora has update-alternatives?
you can check your's with: du -hL /etc/alternatives/* | grep M for anything weird.
At the very least, that folder should be treated in a special way. Does it really need to copy the symlinked files?
rusty-snake
commented
6 months ago Note that there was recently a change that might fixes this in the next release. https://github.com/netblue30/firejail/pull/5957
pirate486743186
commented
6 months ago yea ok, it seams a duplicate of #5378
I'm on Debian, i installed a soundfont (fluid-soundfont-gm), that is 150MB. That soundfont uses the update-alternatives system, so it shows up in the etc as a symlink, for compatibility reasons it's linked twice. private-etc copies both of them, that's 300MB... so the 500MB limit is often hit.
Then it seams that it simply ignores what ever exceeds the limit but still runs the app, so the end result is random chaos for any profile that uses private-etc.
At the very least, firejail should not try to run if it loads part of what it was expected to load.