search

netblue30 / firejail

Linux namespaces and seccomp-bpf sandbox
https://firejail.wordpress.com
GNU General Public License v2.0
5.74k stars 561 forks source link

librewolf: cannot open new URLs into running instance 3 #6413

Closed Lonniebiz closed 1 month ago

Lonniebiz commented 2 months ago

Firejail Version: 0.9.72 Debian 12 LibreWolf AppImage 128.0-2:

This issue was previously fixed in #4891 and #5227. Yet after upgrading to LibreWolf AppImage 128.0-2 the problem has returned.

Here's the command I'm using to run LibreWolf: firejail --appimage --profile=/etc/firejail/librewolf.profile ~/AppImages/LibreWolf.x86_64.AppImage

The problem occurs after first launch, when I'm trying to open additional web pages. For example, let's say LibreWolf is already running, and I want to open Ebay from the command line: firejail --appimage --profile=/etc/firejail/librewolf.profile ~/AppImages/LibreWolf.x86_64.AppImage https://www.ebay.com

Instead of opening Ebay into a new tab, I get this error: "Firefox is already running, but is not responding. To use Firefox, you must first close the existing Firefox process, restart your device, or use a different profile."

glitsj16 commented 2 months ago

FYI, Librewolf offers .deb files: https://librewolf.net/installation/debian/. Can you test if your issue changes when you don't use an AppImage?

kmk3 commented 2 months ago

Basic debugging information is missing; please follow the bug report template:

kmk3 commented 2 months ago

Does it still happen with firejail-git?

What is the output in trace.txt in the following command?

firejail --trace=trace.txt --appimage \
  --profile=/etc/firejail/librewolf.profile \
  ~/AppImages/LibreWolf.x86_64.AppImage https://www.ebay.com
Lonniebiz commented 2 months ago

@kmk3 : After initially launching LibreWolf successfully, here's the output of the command you provided (that fails to open Ebay into a new tab):

2024-07-23_10-12 View trace.txt.

This wasn't an issue in the previous version of LibreWolf (v127.0-2), it only started happening again (#4891, #5227) in the latest v128.0-2.

I think significant changes were made to LibreWolf starting in version 128.0-2. I say this because after downgrading back to v127.0.2-2, I got a message upon launch saying that I could no longer load my browser-profile touched by v128.0-2. 128.0-2 apparently modified my browser-profile in a manner where v127.0.2-2 could no longer read it. I had to restore my LibreWolf browser-profile from a backup before I could load it again in v127.0.2-2.

For applications not in the debian repository, I only run AppImages (with FireJail), and I avoid installing .deb files from websites. However, I did attempt to grant your request of testing a .deb install of LibreWolf in a VM; Launching without firejail worked, but I couldn't get firejail to launch the deb installed version. Hopefully, this is a separate issue that can just be avoided due to the other info I've provided.

stormtheory commented 2 months ago

Try using --name=sandyfox --name creates a sandbox name and every firejail you create with that name will link them together. You can also join a sandbox so use --join=sandyfox but I found that --join isn't needed, after a lot of testing to fix this for me, a couple of days ago.

Please note that the use of --nodbus will break the joining of two firefox seesions and you will get: "Firefox is already running, but is not responding."

This works in firefox and I even wrote a python script wrapper for firejail to handle all this. I have a handler/wrapper sitting at /usr/bin/firefox to make all the commands and my options and translates then runs all commands for firejail and firefox. HA, if that makes sense. So whenever a program or a GUI wants to open a webpage, it is always sandbox'd and working, creating new windows or tabs.

Lonniebiz commented 1 month ago

@stormtheory : I tried using --name=sandyfox and even --join=sandyfox, but have the same problem. Only the first command launches LibreWolf. Subsequent commands all get the same error I screen captured above. I need subsequent commands to all launch into new tabs within the already launched browser without error.

stormtheory commented 1 month ago

@Lonniebiz I just tried this and it worked in Firefox. In your librewolf.profile make sure of the following is set in order for it to talk on the dbus or the instances won't be able to talk:

dbus-user filter
ignore dbus-user none

Run commands like this but with your profile and LibreWolf command. I'm able to open many tabs from different terminals to one sandbox.

firejail --profile=/sandbox/firefox.profile --name=sandyfox firefox
firejail --profile=/sandbox/firefox.profile --name=sandyfox firefox --new-tab www.google.com

https://github.com/stormtheory/firefox-firejail-wrapper

Lonniebiz commented 1 month ago

@stormtheory : My custom profile does indeed contain:

dbus-user filter ignore dbus-user none

The difference is that I'm specifically trying to accomplish this using the latest AppImage of LibreWolf (version 129.0.2-1) which is located here: https://gitlab.com/api/v4/projects/24386000/packages/generic/librewolf/129.0.2-1/LibreWolf.x86_64.AppImage

So, when I try the arguments you're suggesting, with this exact AppImage, they look like this:

firejail --appimage --profile=/home/user1/.config/firejail/librewolf.profile --name=sandyfox ~/AppImage/LibreWolf.x86_64.AppImage

firejail --appimage --profile=/home/user1/.config/firejail/librewolf.profile --name=sandyfox ~/AppImage/LibreWolf.x86_64.AppImage --new-tab www.google.com

Yet, upon running the 2nd command, I'm getting the error I screen captured in a prior post. I simply can't launch new tabs from the command line.

Previously, in LibreWolf v127.0-2 AppImage, I was able to launch new tabs from the command line without getting that error (even without --name=sandyfox), but in every version after v127.0-2, I've found no way to launch new tabs from the command line without error.

kmk3 commented 1 month ago

4897 added io.gitlab.librewolf.*; is that what Librewolf is currently using?

Does it work if you remove all dbus-related entries from all the relevant .profile and .local files?

I'd try using something like busctl or d-feet to inspect what dbus commands Librewolf is using.

kmk3 commented 1 month ago

@Lonniebiz

What is the dbus name returned in the following?

busctl --user | grep librewolf

It appears as io.gitlab.firefox.* to me, which is different from the io.gitlab.librewolf.* name that is in librewolf.profile (see #4897).

Does it work with the following in librewolf.local?

dbus-user.own io.gitlab.firefox.*
Lonniebiz commented 1 month ago

@kmk3 Thank you so much for taking the time to reproduce my issue and fix it.

I confirm that after adding dbus-user.own io.gitlab.firefox.*, to my custom profile, there after I was able to launch new tabs in the latest LibreWolf AppImage v130.0-3.

How long do you expect it will take before your changes land in Debian 12? Once there, I'll likely switch back to using the default profile.

kmk3 commented 1 month ago

Thank you so much for taking the time to reproduce my issue and fix it.

I confirm that after adding dbus-user.own io.gitlab.firefox.*, to my custom profile, there after I was able to launch new tabs in the latest LibreWolf AppImage v130.0-3.

All good, thanks for confirming.

How long do you expect it will take before your changes land in Debian 12? Once there, I'll likely switch back to using the default profile.

Personally I'm working on a few fixes for new features before they ship.

Then the idea is to work on the release itself.

No ETA though.