Open JeremiahSecrist opened 2 years ago
Hey @arouzing, thanks for reporting this.
I think the problem is this line:
chcon: failed to change context of '/opt/safing/portmaster/portmaster-start'
I believe this is similar, possibly a duplicate of https://github.com/safing/portmaster/issues/465.
We will look into this. Internall tracked with CC#2168.
Thanks! Silverblue works a bit differently then normal fedora. it may require slightly different packaging in order to get it to work. If you would like I could link you to the information and limitation of packaging for fedora Silverblue.
I see. Yes, a couple references would definitely be nice.
https://docs.fedoraproject.org/en-US/fedora-silverblue/troubleshooting/ Here in the FAQ is a section mentioning issues when installing into opt or local. It points to here If you need a tester for installing onto silverblue I'd be happy to test packages. As I would love to use postmaster on this machine!
As silver blue is mostly immutable certain most areas can not have dynamic data stored in them. The areas where mutable information is stored is located here
Thanks for the pointers!
silver blue is mostly immutable
Ah, yes. That would be a problem. But /opt seems to linked to /var/opt now, so maybe this isn't a problem after all.
chcon: failed to change context of '/opt/safing/portmaster/portmaster-start'
Does port-master make changes to /opt over time (I think you answered this before)? Do you think it would be possible to have the package detect silverblue and change directories? The github issue I linked before only works for chrome currently.
Does port-master make changes to /opt over time
Yes. All data is there: config, databases, updates, logs.
Do you think it would be possible to have the package detect silverblue and change directories?
Maybe. Does silverblue have a special system for this in place? Eg. to query if silverblue is there and ways to interact?
But if /opt is really linked to /var/opt, then this shouldn't be a problem, should it?
Yes. All data is there: config, databases, updates, logs. I'll have to look around more and see how different project accomplish this on fedora and still work with silverblue
But if /opt is really linked to /var/opt, then this shouldn't be a problem, should it? It should with the current workaround in place but something seams off with the current configuration that the patch cant handle. I did some testing on my system and found some packages that accomplished patching into /var/opt with no issue.
I am asking around for some guidelines to see if I can help further! I do have some packages that I have used that store in opt and work, let me link them here: Tabby vagrant
other information: https://www.pathname.com/fhs/pub/fhs-2.3.pdf
Thanks so much for taking the time to read all this I know you guys are busy!
I've looked into Tabby and Vagrant a bit and it seems they don't do automatic updates, which I think is causing the trouble here.
Another app I know does automatic updates and installs to /opt, is Google Chrome. Don't know if they have support for Silverblue.
This is interesting. I haven't yet encountered such a detailed description yet.
I can say that we do not fully follow the definitions laid out here. Well, except if Silverblue really just links /opt to /var/opt - then we should be ok.
Can you find out how exactly Silverblue handles /opt and /var/opt?
Thanks so much for taking the time to read all this I know you guys are busy!
Thanks for the appreciation. It's always nice when someone understands.
I think I found a Potential fix to the issue. It might be worth trying on a fedora silverblue vm. change the paths and install the compiled rpm with rpm-ostree install custom-package.rpm
The solution may not even apply in this situation. Maybe I'll see if I can find someone working on the silverblue team to take a look at this project and give some guidance?
I noticed they have a community section where you could reach out: https://discussion.fedoraproject.org/tag/silverblue
This issue is caused by https://github.com/safing/portmaster-packaging/blob/0284b11d5f68efca0a108d689d934d88391e2b6d/linux/templates/snippets/post-install.sh#L18..L20
chcon: failed to change context of '/opt/safing/portmaster/portmaster-start' to ‘system_u:object_r:bin_t:s0’: Operation not supported
Removing lines mentioned above makes it install with rpm-ostree just fine.
I'm not sure if chcon should be in postinstall. Perhaps you could try something like below instead:
if command -V getenforce >/dev/null 2>&1; then
semanage fcontext -a -t bin_t /opt/safing/portmaster/portmaster-start
restorecon -v /opt/safing/portmaster/portmaster-start
fi
Thanks for the pointers!
silver blue is mostly immutable
Ah, yes. That would be a problem. But /opt seems to linked to /var/opt now, so maybe this isn't a problem after all.
While /opt
is ordinarily linked to /var/opt
, rpm-ostree install
actually redirects files in /opt
to /usr/lib/opt
. This is because rpm-ostree expects all system code tracked by rpm
to live under /usr
and reserves /opt
strictly for programs with custom (non-rpm) installers.
This issue is caused by https://github.com/safing/portmaster-packaging/blob/0284b11d5f68efca0a108d689d934d88391e2b6d/linux/templates/snippets/post-install.sh#L18..L20
chcon: failed to change context of '/opt/safing/portmaster/portmaster-start' to ‘system_u:object_r:bin_t:s0’: Operation not supported
Removing lines mentioned above makes it install with rpm-ostree just fine.
I'm not sure if chcon should be in postinstall. Perhaps you could try something like below instead:
if command -V getenforce >/dev/null 2>&1; then semanage fcontext -a -t bin_t /opt/safing/portmaster/portmaster-start restorecon -v /opt/safing/portmaster/portmaster-start fi
Would it be alright if I ask how you modified the rpm? Did you recompile or just modify the rpm? If the latter, how did you go about that. Thanks in advance!
This issue is caused by https://github.com/safing/portmaster-packaging/blob/0284b11d5f68efca0a108d689d934d88391e2b6d/linux/templates/snippets/post-install.sh#L18..L20
chcon: failed to change context of '/opt/safing/portmaster/portmaster-start' to ‘system_u:object_r:bin_t:s0’: Operation not supported
Removing lines mentioned above makes it install with rpm-ostree just fine. I'm not sure if chcon should be in postinstall. Perhaps you could try something like below instead:if command -V getenforce >/dev/null 2>&1; then semanage fcontext -a -t bin_t /opt/safing/portmaster/portmaster-start restorecon -v /opt/safing/portmaster/portmaster-start fi
Would it be alright if I ask how you modified the rpm? Did you recompile or just modify the rpm? If the latter, how did you go about that. Thanks in advance!
@arouzing I cloned this repo, modified the mentioned lines and ran make rpm
command. Before that would work I had to install bunch of weird golang deps as it looks like this RPM is being built by some lazy do it all magical go app.
FROM fedora:35
RUN dnf -y install '@Development tools'
RUN mkdir /tmp/build
RUN git clone https://github.com/JayDoubleu/portmaster-packaging.git /tmp/build
WORKDIR /tmp/build/linux
RUN dnf -y install ImageMagick
ADD https://github.com/hairyhenderson/gomplate/releases/download/v3.10.0/gomplate_linux-amd64 /usr/bin/gomplate
RUN chmod +x /usr/bin/gomplate
RUN echo [goreleaser] > /etc/yum.repos.d/goreleaser.repo
RUN echo name=GoReleaser >> /etc/yum.repos.d/goreleaser.repo
RUN echo baseurl=https://repo.goreleaser.com/yum/ >> /etc/yum.repos.d/goreleaser.repo
RUN echo enabled=1 >> /etc/yum.repos.d/goreleaser.repo
RUN echo gpgcheck=0 >> /etc/yum.repos.d/goreleaser.repo
RUN dnf -y install nfpm
RUN make rpm
Add above to Containerfile
then run podman build -t portmaster .
It will build you an rpm.
Then you can extract it from container with :
podman run -it -v $(pwd):/tmp/pwd:Z portmaster cp dist/portmaster-0.7.0~2.x86_64.rpm /tmp/pwd
You will end up with portmaster-0.7.0~2.x86_64.rpm
in your current working directory.
Then just simply install it with rpm-ostree install portmaster-0.7.0~2.x86_64.rpm
@JayDoubleu thankyou very much!
After a successful install and a reboot, it is however unable to startup.
The desktop file is misconfigured, since it is trying to write data on startup.
/opt/safing/portmaster/portmaster-start app --data=/opt/safing/portmaster
(is the default command for portmaster.desktop)
changing it to /var/opt does not seam to be the solution either.
Error log
After a successful install and a reboot, it is however unable to startup. The desktop file is misconfigured, since it is trying to write data on startup.
/opt/safing/portmaster/portmaster-start app --data=/opt/safing/portmaster
(is the default command for portmaster.desktop) changing it to /var/opt does not seam to be the solution either. Error log
I would try getting fedora workstation in gnome boxes and see if it works at all in fedora.
Perks of being an early adopter for alpha software ;)
Perks of being an early adopter for alpha software ;) It certainly is. I came across this project and really want to see it work on silver blue. A worthy price to pay.
I have a vm up and running, let me give it a shot. edit: I know un-modded portmaster works just fine on fedora workstation.
I also noticed this :
Feb 06 00:27:26 rpm-ostree(portmaster.post)[12328]: portmaster: Failed to download modules
Feb 06 00:27:26 rpm-ostree(portmaster.post)[12328]: portmaster: Please run '/opt/safing/portmaster/portmaster-start --data /opt/safing/portmaster update' manually.\n
So you could try running sudo /opt/safing/portmaster/portmaster-start --data /opt/safing/portmaster update
That was attempted:
220205 19:29:58.159 ▶ BOF
220205 19:29:58.310 r/updating:099 ▶ WARN 001 updates: failed to save updated index stable.json: open /opt/safing/portmaster/updates/stable.json: permission denied
220205 19:29:58.310 r/updating:102 ▶ INFO 003 updates: updated index stable.json
220205 19:29:58.456 r/updating:092 ▶ WARN 004 updates: failed to ensure directory for updated index all/intel/intel.json: could not create dir /opt/safing/portmaster/updates/all: mkdir /opt/safing/portmaster/updates/all: permission denied
220205 19:29:58.456 r/updating:099 ▶ WARN 006 updates: failed to save updated index all/intel/intel.json: open /opt/safing/portmaster/updates/all/intel/intel.json: no such file or directory
220205 19:29:58.456 r/updating:102 ▶ INFO 008 updates: updated index all/intel/intel.json
220205 19:29:58.456 r/updating:144 ▶ INFO 009 updates: starting to download 12 updates
220205 19:30:03.457 r/updating:155 ▶ WARN 010 updates: failed to download all/ui/modules/assets.zip version 0.2.4: could not create updates folder: /opt/safing/portmaster/updates/all/ui/modules
Did you run it with sudo ?
I forgot sudo !! (I feel a bit stupid ) That being said, it does seam to hang at this phase, I'll let it set for a bit.
Currently hanging here:
220205 19:32:23.319 ▶ BOF
220205 19:32:23.448 r/updating:102 ▶ INFO 001 updates: updated index stable.json
220205 19:32:23.582 r/updating:102 ▶ INFO 002 updates: updated index all/intel/intel.json
220205 19:32:23.582 r/updating:144 ▶ INFO 003 updates: starting to download 12 updates
Update: workstation vm behaves almost the same way. Seems it may have been broken during compile or I / we are using the unstable branch during compile time? did you fork from master or https://github.com/safing/portmaster-packaging/releases/tag/v0.7.0 ?
Looks like it installs into read only part of system safing -> /usr/lib/opt/safing
Update: workstation vm behaves almost the same way. Seems it may have been broken during compile or I / we are using the unstable branch during compile time? did you fork from master or https://github.com/safing/portmaster-packaging/releases/tag/v0.7.0 ?
master
Would it be possible to revert your fork back to that release? Or shall I make a new fork from that release?
I've just rebased it to 0.7.0
Awesome, I'll recompile and see how it goes.
I don't think thats the issue here.
I moved it from /usr/lib/opt to /var/opt and looks like its launching ok.
[jaydoubleu@thinkXPS updates]$ sudo /opt/safing/portmaster/portmaster-start --data /opt/safing/portmaster update
[sudo] password for jaydoubleu:
220206 00:48:53.250 ▶ BOF
220206 00:48:53.282 r/updating:102 ▶ INFO 001 updates: updated index stable.json
220206 00:48:53.313 r/updating:102 ▶ INFO 002 updates: updated index all/intel/intel.json
220206 00:48:53.313 r/updating:144 ▶ INFO 003 updates: starting to download 12 updates
220206 00:48:55.142 ater/fetch:073 ▶ INFO 004 updates: fetched https://updates.safing.io/linux_amd64/core/portmaster-core_v0-7-18 (stored to /opt/safing/portmaster/updates/linux_amd64/core/portmaster-core_v0-7-18)
220206 00:49:08.130 ater/fetch:073 ▶ INFO 005 updates: fetched https://updates.safing.io/linux_amd64/app/portmaster-app_v0-2-2.zip (stored to /opt/safing/portmaster/updates/linux_amd64/app/portmaster-app_v0-2-2.zip)
220206 00:49:08.217 ater/fetch:073 ▶ INFO 006 updates: fetched https://updates.safing.io/all/intel/lists/urgent_v20220205-20-0.dsdl (stored to /opt/safing/portmaster/updates/all/intel/lists/urgent_v20220205-20-0.dsdl)
220206 00:49:09.546 ater/fetch:073 ▶ INFO 007 updates: fetched https://updates.safing.io/linux_amd64/notifier/portmaster-notifier_v0-2-3 (stored to /opt/safing/portmaster/updates/linux_amd64/notifier/portmaster-notifier_v0-2-3)
220206 00:49:11.910 ater/fetch:073 ▶ INFO 008 updates: fetched https://updates.safing.io/linux_amd64/start/portmaster-start_v0-7-0 (stored to /opt/safing/portmaster/updates/linux_amd64/start/portmaster-start_v0-7-0)
220206 00:49:11.993 ater/fetch:073 ▶ INFO 009 updates: fetched https://updates.safing.io/all/intel/lists/intermediate_v20220205-23-0.dsdl (stored to /opt/safing/portmaster/updates/all/intel/lists/intermediate_v20220205-23-0.dsdl)
220206 00:49:12.026 ater/fetch:073 ▶ INFO 010 updates: fetched https://updates.safing.io/all/intel/lists/index_v2022-2-3.dsd (stored to /opt/safing/portmaster/updates/all/intel/lists/index_v2022-2-3.dsd)
220206 00:49:19.227 ater/fetch:073 ▶ INFO 011 updates: fetched https://updates.safing.io/all/intel/geoip/geoipv6_v20210929-18-58.mmdb.gz (stored to /opt/safing/portmaster/updates/all/intel/geoip/geoipv6_v20210929-18-58.mmdb.gz)
220206 00:49:22.066 ater/fetch:073 ▶ INFO 012 updates: fetched https://updates.safing.io/all/intel/geoip/geoipv4_v20210929-18-58.mmdb.gz (stored to /opt/safing/portmaster/updates/all/intel/geoip/geoipv4_v20210929-18-58.mmdb.gz)
220206 00:49:22.454 ater/fetch:073 ▶ INFO 013 updates: fetched https://updates.safing.io/all/ui/modules/assets_v0-2-4.zip (stored to /opt/safing/portmaster/updates/all/ui/modules/assets_v0-2-4.zip)
220206 00:49:22.545 ater/fetch:073 ▶ INFO 014 updates: fetched https://updates.safing.io/all/ui/modules/portmaster_v0-1-24.zip (stored to /opt/safing/portmaster/updates/all/ui/modules/portmaster_v0-1-24.zip)
220206 00:49:23.555 ater/fetch:073 ▶ INFO 015 updates: fetched https://updates.safing.io/all/intel/lists/base_v20220131-23-0.dsdl (stored to /opt/safing/portmaster/updates/all/intel/lists/base_v20220131-23-0.dsdl)
220206 00:49:23.555 r/updating:158 ▶ INFO 016 updates: finished downloading updates
220206 00:49:23.555 r/resource:256 ▶ TRAC 017 updater: selected version 0.3.18 for resource linux_amd64/hub/spn-hub
220206 00:49:23.555 r/resource:256 ▶ TRAC 018 updater: selected version 1.0.11 for resource windows_amd64/kext/portmaster-kext.sys
220206 00:49:23.555 r/resource:256 ▶ TRAC 019 updater: selected version 0.7.18 for resource darwin_amd64/core/portmaster-core
220206 00:49:23.555 r/resource:256 ▶ TRAC 020 updater: selected version 0.7.0 for resource linux_amd64/packages/portmaster-installer.deb
220206 00:49:23.555 r/resource:256 ▶ TRAC 021 updater: selected version 0.7.0 for resource darwin_amd64/start/portmaster-start
220206 00:49:23.555 r/resource:256 ▶ TRAC 022 updater: selected version 20220131.23.0 for resource all/intel/lists/base.dsdl
220206 00:49:23.555 r/resource:256 ▶ TRAC 023 updater: selected version 0.1.11 for resource all/ui/modules/console.zip
220206 00:49:23.555 r/resource:256 ▶ TRAC 024 updater: selected version 0.7.18 for resource linux_amd64/core/portmaster-core
220206 00:49:23.555 r/resource:256 ▶ TRAC 025 updater: selected version 0.3.18 for resource windows_amd64/hub/spn-hub.exe
220206 00:49:23.555 r/resource:256 ▶ TRAC 026 updater: selected version 0.0.5 for resource all/spn/bootstrap.dsd
220206 00:49:23.555 r/resource:256 ▶ TRAC 027 updater: selected version 0.6.0 for resource windows_amd64/notifier/portmaster-snoretoast.exe
220206 00:49:23.555 r/resource:256 ▶ TRAC 028 updater: selected version 0.7.0 for resource windows_amd64/packages/portmaster-installer.exe
220206 00:49:23.555 r/resource:256 ▶ TRAC 029 updater: selected version 0.1.8 for resource all/ui/modules/settings.zip
220206 00:49:23.555 r/resource:256 ▶ TRAC 030 updater: selected version 0.2.2 for resource linux_amd64/app/portmaster-app.zip
220206 00:49:23.555 r/resource:256 ▶ TRAC 031 updater: selected version 1.0.11 for resource windows_amd64/kext/portmaster-kext.dll
220206 00:49:23.555 r/resource:256 ▶ TRAC 032 updater: selected version 20220205.20.0 for resource all/intel/lists/urgent.dsdl
220206 00:49:23.555 r/resource:256 ▶ TRAC 033 updater: selected version 20220113.8.47 for resource all/intel/spn/main-intel.json
220206 00:49:23.555 r/resource:256 ▶ TRAC 034 updater: selected version 20211214.14.13 for resource all/intel/portmaster/notifications.json
220206 00:49:23.555 r/resource:256 ▶ TRAC 035 updater: selected version 0.2.2 for resource windows_amd64/app/portmaster-app.zip
220206 00:49:23.555 r/resource:256 ▶ TRAC 036 updater: selected version 0.7.0 for resource linux_amd64/packages/portmaster-installer.rpm
220206 00:49:23.555 r/resource:256 ▶ TRAC 037 updater: selected version 1.0.11 for resource windows_amd64/kext/portmaster-kext.pdb
220206 00:49:23.555 r/resource:256 ▶ TRAC 038 updater: selected version 0.2.3 for resource linux_amd64/notifier/portmaster-notifier
220206 00:49:23.555 r/resource:256 ▶ TRAC 039 updater: selected version 0.7.0 for resource windows_amd64/start/portmaster-start.exe
220206 00:49:23.555 r/resource:256 ▶ TRAC 040 updater: selected version 0.2.11 for resource all/ui/modules/base.zip
220206 00:49:23.555 r/resource:256 ▶ TRAC 041 updater: selected version 20220113.13.47 for resource all/intel/portmaster/notifications.yaml
220206 00:49:23.555 r/resource:256 ▶ TRAC 042 updater: selected version 0.7.0 for resource linux_amd64/start/portmaster-start
220206 00:49:23.555 r/resource:256 ▶ TRAC 043 updater: selected version 0.3.18 for resource darwin_amd64/hub/spn-hub
220206 00:49:23.555 r/resource:256 ▶ TRAC 044 updater: selected version 20220205.23.0 for resource all/intel/lists/intermediate.dsdl
220206 00:49:23.555 r/resource:256 ▶ TRAC 045 updater: selected version 2022.2.3 for resource all/intel/lists/index.dsd
220206 00:49:23.555 r/resource:256 ▶ TRAC 046 updater: selected version 20210929.18.58 for resource all/intel/geoip/geoipv6.mmdb.gz
220206 00:49:23.555 r/resource:256 ▶ TRAC 047 updater: selected version 0.1.7 for resource all/ui/modules/profilemgr.zip
220206 00:49:23.555 r/resource:256 ▶ TRAC 048 updater: selected version 0.7.18 for resource windows_amd64/core/portmaster-core.exe
220206 00:49:23.555 r/resource:256 ▶ TRAC 049 updater: selected version 0.2.3 for resource windows_amd64/notifier/portmaster-notifier.exe
220206 00:49:23.555 r/resource:256 ▶ TRAC 050 updater: selected version 20220127.9.46 for resource all/intel/spn/main-intel.yaml
220206 00:49:23.555 r/resource:256 ▶ TRAC 051 updater: selected version 20210929.18.58 for resource all/intel/geoip/geoipv4.mmdb.gz
220206 00:49:23.555 r/resource:256 ▶ TRAC 052 updater: selected version 0.2.4 for resource all/ui/modules/assets.zip
220206 00:49:23.555 r/resource:256 ▶ TRAC 053 updater: selected version 0.2.4 for resource all/ui/modules/monitor.zip
220206 00:49:23.555 r/resource:256 ▶ TRAC 054 updater: selected version 0.1.24 for resource all/ui/modules/portmaster.zip
220206 00:49:23.555 r/resource:256 ▶ TRAC 055 updater: selected version 20220111.16.57 for resource all/intel/spn/main-intel.dsd
220206 00:49:24.582 /unpacking:142 ▶ INFO 056 updates: unpacked linux_amd64/app/portmaster-app_v0-2-2.zip
220206 00:49:24.582 r/electron:036 ▶ DEBU 057 updates: kernel support for unprivileged USERNS_CLONE disabled
220206 00:49:24.582 dater/file:060 ▶ DEBU 058 updater: setting active version of resource linux_amd64/app/portmaster-app.zip from <nil> to 0.2.2
220206 00:49:24.582 r/electron:051 ▶ INFO 059 updates: fixed SUID permission for chrome-sandbox
220206 00:49:24.592 ◀ EOF
Well, at least it's trying.
Its getting blocked by selinux
Progress!!! Now to figure out the SELinux issue, right?
I did restorecon on it + changed the portmaster-start label with chcon as well. It looks like it was launching but GUI coudnt connect to it, looks like it was denying itself from accessing it lol.
Ill try to build only without rpm out of curiosity to see if that makes it any better
Is the postmaster service actually running? I noticed it was disabled even though it is in the post install script to enable it.
yeah GUI starts running the service properly when you move it to proper /opt
TBH you might have better luck just extracting the deb file from release and sticking it to your /var/opt.
Just did that and looks like its working fine
TBH you might have better luck just extracting the deb file from release and sticking it to your /var/opt.
Just did that and looks like its working fine
I could be wrong but how would that work on silverblue?
Its just a binary file. Makefile included in this repo just builds the same binary to deb and rpm. deb files can be extracted using archive manager so you could just play with it that way.
But probably best solution here would be waiting for at least beta version of this software.
And if you desperately need software like this I can highly recommend opensnitch. Works on silverblue without any modifications and it's based on eBPF
Understood, thanks for the work you have done though! Hopefully this may shed some light for them on how to package this in the future.
Hey @arouzing and @JayDoubleu, thanks for all the effort here!
I think there are two issues here (please correct me):
I'm not sure if chcon should be in postinstall.
Do rpm
s have a way to set SELinux context instead? Don't know where else we should but that.
looks like this RPM is being built by some lazy do it all magical go app.
Yes, our experience has been much smoother since we switched.
I'm also assigning this to @ppacher, as he is much more versed in this space than I am.
We have already been thinking about creating a plain scripted installer, so you could just install to /opt in this case, without going through the package manager. What do you think about that?
This wont exactly be a solution. System modificarions should be done with rpms if the package cant run as a flatpak or toolbox.
from what @JayDoubleu mentioned the installer from what he could compile put it in the wrong directory via the rpm. If the selinux is fixed (which was with his suggested edit) and the install directory is fixed it may just work out of the box for silverblue. minus requiring manually starting services.
Run down of issues: Install location is incorrect with current rpm packaging causing it to break. Selinux needs to be adjusted.
Feel free to correct my statements @JayDoubleu
I just found this issue since I had experienced the same problem (cf. https://github.com/fedora-silverblue/issue-tracker/issues/317). According to that issue, the problem seems to be related to the non standard packaging tool (nfpm)
Since you did a deep investigation of the RPM and the installation process, I thought this could be useful to find a solution.
Another option would be to change https://github.com/safing/portmaster-packaging/blob/master/linux/templates/snippets/post-install.sh#L18 to check for the presence of /run/ostree-booted
(indicates an rpm-ostree managed system) and change the path for the chcon / skip it.
Flatpak is suggested in Fedora
But I tried to install the RPM on Fedora Silverblue today by opening the rpm file in Software and it succeeded in layering the package and networkmanager is installed. But opening the app does nothing and after setting the SE Linux policy this is what error I get:
portmaster.service - Portmaster by Safing Loaded: loaded (/usr/lib/systemd/system/portmaster.service; disabled; vendor preset: disabled) Active: activating (auto-restart) (Result: exit-code) since Wed 2022-11-02 16:42:03 EET; 8s ago Docs: https://safing.io https://docs.safing.io Process: 21224 ExecStart=/opt/safing/portmaster/portmaster-start --data /opt/safing/portmaster core -- $PORTMASTER_ARGS (code=exited, status=1/FAILURE) Process: 21271 ExecStopPost=/opt/safing/portmaster/portmaster-start recover-iptables (code=exited, status=1/FAILURE) Main PID: 21224 (code=exited, status=1/FAILURE) CPU: 186ms
Outside variables , I have FirewallD installed and this was in X11 windowing not wayland.
Everything is working fine if one install Portmaster manually in home dir. I'm currently running it on Silverblue that way without issues.
And to avoid SELinux problems just do sudo chcon -t bin_t /path/to/portmaster-start
Really! How does one go about this manual home dir install?
Really! How does one go about this manual home dir install?
Just follow official guide - https://docs.safing.io/portmaster/install/linux#manual-install-and-launching and change all directories in commands to some folder in your home dir instead /opt/
Also remove sudo from command lines, it's needed only for SELinux sudo chcon -t bin_t
in case of home install + for creating systemd service.
If you want autostart via systemd you need create portmaster.service according to manual install guide and change dirs to your new home location.
The point is, that you only need to alter dir paths to point your location instead of /opt
I have everything in here /var/home/pryka/Portmaster
All work fine for 2 days now.
Okay thanks so much, I got it working but there are some problems to mention:
The download was very slow and the only way to check that it was still going was to watch the folder size until it stopped increasing.
I had to stop nextdns cli to avoid issues.
Had some errors running sudo /var/home/user/Applications/Portmaster/portmaster-start core
[sudo] password for user: [control] 2022/11/07 07:18:45 starting /var/home/user/Applications/Portmaster/updates/linux_amd64/core/portmaster-core_v1-0-0 --data /var/home/user/Applications/Portmaster 221107 09:18:45.771 ▶ BOF 221107 09:18:46.183 v/location:299 ▶ WARN 001 netenv: failed to get IPv4 device location from traceroute: failed to send icmp packet: write ip4 0.0.0.0->1.1.1.1: sendto: operation not permitted 221107 10:12:38.218 nameserver:286 ▶ WARN 003 nameserver: failed to resolve noreply-watch-gjib39.go.dnscheck.tools.A: all 5 query-compliant resolvers failed, last error: read udp [fdc6:ff62:38b1::87e]:48529->[fdc6:ff62:38b1::1]:53: i/o timeout This kept failing a number of times
/var/home/user/Applications/Portmaster/portmaster-start app
[control] 2022/11/07 07:19:20 starting /var/home/user/Applications/Portmaster/updates/linux_amd64/app/portmaster-app_v0-2-5/portmaster-app_v0-2-5 --data /var/home/user/Applications/Portmaster Portmaster data directory: /var/home/user/Applications/Portmaster [10229:1107/091921.407643:ERROR:gl_surface_egl.cc(783)] No suitable EGL configs found. [10229:1107/091921.407785:ERROR:gl_context_egl.cc(138)] eglGetConfigAttrib failed with error EGL_BAD_CONFIG [10229:1107/091921.475387:ERROR:gl_surface_egl.cc(783)] No suitable EGL configs found. [10229:1107/091921.475554:ERROR:gl_surface_egl.cc(2113)] eglCreatePbufferSurface failed with error EGL_BAD_CONFIG [10229:1107/091921.475649:ERROR:gpu_info_collector.cc(80)] gl::GLContext::CreateOffscreenGLSurface failed [10229:1107/091921.475744:ERROR:gpu_info_collector.cc(348)] Could not create surface for info collection. [10229:1107/091921.475811:ERROR:gpu_init.cc(86)] CollectGraphicsInfo failed. [10229:1107/091921.477681:ERROR:viz_main_impl.cc(186)] Exiting GPU process due to errors during initialization [10255:1107/091921.689442:ERROR:command_buffer_proxy_impl.cc(128)] ContextResult::kTransientFailure: Failed to send GpuControl.CreateCommandBuffer. TypeError [ERR_INVALID_URL]: Invalid URL at new NodeError (node:internal/errors:372:5) at URL.onParseError (node:internal/url:553:9) at new URL (node:internal/url:629:5) at AppAPI.
(/var/home/user/Applications/Portmaster/updates/linux_amd64/app/portmaster-app_v0-2-5/resources/app.asar/api.js:131:25) at step (/var/home/user/Applications/Portmaster/updates/linux_amd64/app/portmaster-app_v0-2-5/resources/app.asar/api.js:42:23) at Object.next (/var/home/user/Applications/Portmaster/updates/linux_amd64/app/portmaster-app_v0-2-5/resources/app.asar/api.js:23:53) at /var/home/user/Applications/Portmaster/updates/linux_amd64/app/portmaster-app_v0-2-5/resources/app.asar/api.js:17:71 at new Promise ( ) at __awaiter (/var/home/user/Applications/Portmaster/updates/linux_amd64/app/portmaster-app_v0-2-5/resources/app.asar/api.js:13:12) at AppAPI.openExternal (/var/home/user/Applications/Portmaster/updates/linux_amd64/app/portmaster-app_v0-2-5/resources/app.asar/api.js:124:16) { input: '/ui/modules/portmaster/settings?setting=filter%2FpreventBypassing', code: 'ERR_INVALID_URL' } opening external: file:///ui/modules/portmaster/settings?setting=filter%252FpreventBypassing gio: file:///ui/modules/portmaster/settings?setting=filter%252FpreventBypassing: Error when getting information for file “/ui/modules/portmaster/settings?setting=filter%2FpreventBypassing”: No such file or directory
systemctl status portmaster
Unit portmaster.service could not be found.I have only this warning 221107 11:42:25.499 v/location:299 ▶ WARN 001 netenv: failed to get IPv4 device location from traceroute: failed to send icmp packet: write ip4 0.0.0.0->1.1.1.1: sendto: operation not permitted
For me it only prompts some MESA-LOADER errors.
I think so.
You must create .desktop file in /var/home/user/.local/share/applications
you can find in web how to do it.
Create portmaster.service manually, it's in the installation guide.
Pre-Submit Checklist:
What happened: Program failed to install. After install the prerequisites needed for protmaster and rebooted I downloaded the rpm and run
rpm-ostree install /path/to/rpm
During the installation it failed giving the following error. I understand silver-blue is more edge case scenario. That being said I'm willing to help test an any way possible.What did you expect to happen?: The program to install properly.
How did you reproduce it?: Simply by downloading and installing into fedora silver-blue
Debug Information:
error: Running %post for portmaster: bwrap(/bin/sh): Child process killed by signal 1; run journalctl -t 'rpm-ostree(portmaster.post)' for more information
Portmaster.log