Bug#1015151: firejail: (Regression) Segfault when using --net=$namespace

Mon, 18 Jul 2022 13:06:14 -0700 

Package: firejail
Followup-For: Bug #1015151
X-Debbugs-Cc: debbug.1015...@sideload.33mail.com

I tried the suggestion and it made no difference, but I suspect I have
a separate problem with local profiles.  I first looked through the
man page for a commandline equivalent to “ignore noroot” and found
nothing.  So then I created:

  /home/user/my_symlinked_configs/firejail/my_app.local

with “ignore noroot” along with a whitelisted path and “net
vnet0”. Then I ran:

  $ firejail --profile=/home/user/my_symlinked_configs/firejail/my_app.local\
             --dns="$(ip address show dev vnet0 | awk 
'/inet\>/{gsub(/[/].*/,""); print $2 }')\
             my_app

(note that the --dns option *must* be on the CLI because unfortunately
 profiles are incapable of command substitution)

It got the segfault as before.  Then I downgraded to version
0.9.64.4-2 again and ran the same command.  The app ran but it acted
as if the whitelisted folder did not exist.  So I have a problem
making profiles work (likely because firejail cannot handle symlinks
properly [or even real dirs that happen to have a symlink]). So
apparently I cannot test the “ignore noroot” profile-only option.

-- System Information:
Debian Release: 11.4
  APT prefers stable-updates
  APT policy: (990, 'stable-updates'), (990, 'stable-security'), (990, 
'testing'), (990, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-16-amd64 (SMP w/2 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages firejail depends on:
ii  libapparmor1  2.13.6-10
ii  libc6         2.31-13+deb11u3
ii  libselinux1   3.1-3

Versions of packages firejail recommends:
ii  firejail-profiles  0.9.64.4-2+deb11u1
ii  iproute2           5.10.0-4
ii  iptables           1.8.7-1
ii  xauth              1:1.1-1
ii  xdg-dbus-proxy     0.1.2-2
ii  xpra               3.0.13+dfsg1-1
ii  xvfb               2:1.20.11-1+deb11u1

firejail suggests no packages.

-- Configuration Files:
/etc/firejail/firejail.config changed [not included]

-- no debconf information

Reply via email to