Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

telegram-desktop 2.8.2 not starting using firejail-git #4377

Closed
X6B opened this issue Jun 28, 2021 · 2 comments
Closed

telegram-desktop 2.8.2 not starting using firejail-git #4377

X6B opened this issue Jun 28, 2021 · 2 comments

Comments

@X6B
Copy link

X6B commented Jun 28, 2021
edited
Loading

On Archlinux, latest Telegram (2.8.2) is not starting using firejail-git compiled just now from AUR, however it does work using the stable version from the repos (0.9.64.4).

[xxx@xxx ~]$ telegram-desktop 
Reading profile /etc/firejail/telegram-desktop.profile
Reading profile /etc/firejail/telegram.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-shell.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-runuser-common.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 194588, child pid 194591
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Warning: skipping alternatives for private /etc
Warning: skipping crypto-policies for private /etc
Warning: skipping pki for private /etc
Private /etc installed in 22.02 ms
Private /usr/etc installed in 0.00 ms
Warning: cleaning all supplementary groups
Warning: cleaning all supplementary groups
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Warning: cleaning all supplementary groups
Blacklist violations are logged to syslog
Warning: cleaning all supplementary groups
Child process initialized in 98.49 ms
Error: cannot read UID_MIN and/or GID_MIN from /etc/login.defs, using 1000 by default
Error: cannot read UID_MIN and/or GID_MIN from /etc/login.defs, using 1000 by default

EDIT by @rusty-snake: fix code-block
@rusty-snake
Copy link
Collaborator

This is the diff since 0.9.64.4, can you check which added/changed line causes this.

diff --git a/etc/profile-m-z/telegram.profile b/etc/profile-m-z/telegram.profile
index 0e7413fc94..05c621fb28 100644
--- a/etc/profile-m-z/telegram.profile
+++ b/etc/profile-m-z/telegram.profile
@@ -12,18 +12,45 @@ include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc
 include disable-interpreters.inc
+include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
 
+mkdir ${HOME}/.TelegramDesktop
+mkdir ${HOME}/.local/share/TelegramDesktop
+whitelist ${HOME}/.TelegramDesktop
+whitelist ${HOME}/.local/share/TelegramDesktop
+whitelist ${DOWNLOADS}
+include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+
+apparmor
 caps.drop all
 netfilter
 nodvd
+noinput
 nonewprivs
 noroot
 notv
 protocol unix,inet,inet6,netlink
 seccomp
+seccomp.block-secondary
+shell none
+tracelog
 
 disable-mnt
+#private-bin telegram,Telegram,telegram-desktop
 private-cache
-private-etc alsa,alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,localtime,machine-id,os-release,pki,pulse,resolv.conf,ssl,xdg
+private-dev
+private-etc alsa,alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,localtime,machine-id,os-release,passwd,pki,pulse,resolv.conf,ssl,xdg
 private-tmp
+
+dbus-user filter
+dbus-user.talk org.freedesktop.Notifications
+dbus-user.talk org.kde.StatusNotifierWatcher
+dbus-user.talk org.gnome.Mutter.IdleMonitor
+dbus-user.talk org.freedesktop.ScreenSaver
+dbus-system none

@X6B
Copy link
Author

X6B commented Jun 28, 2021

Tracelog is the culprit. Telegram 2.8.2 works again on firejail-git commenting it.

@dmitryvakulenko dmitryvakulenko mentioned this issue Jun 28, 2021
Closed
@matu3ba matu3ba mentioned this issue Oct 7, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

luarocks matu3ba/firejail
2 participants
@rusty-snake @X6B