Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

It seems that 8d3d67e8960f87a7592bc3a1623f27b45a52edb5 breaks Firefox #4482

Closed
6 of 7 tasks
KOLANICH opened this issue Aug 26, 2021 · 5 comments
Closed
6 of 7 tasks

It seems that 8d3d67e8960f87a7592bc3a1623f27b45a52edb5 breaks Firefox #4482

KOLANICH opened this issue Aug 26, 2021 · 5 comments

Comments

@KOLANICH
Copy link
Contributor

KOLANICH commented Aug 26, 2021
edited
Loading

Bug and expected behavior
Firefox cannot access internet after 8d3d67e

No profile and disabling firejail

  • What changed calling firejail --noprofile /path/to/program in a terminal?: works
  • What changed calling the program by path (e.g. /usr/bin/vlc)?: works

Reproduce
Steps to reproduce the behavior:

  1. Run in bash firejail firefox
  2. Open any networked website.
  3. DNS is not available.

Environment

  • Linux distribution and version (ie output of lsb_release -a, screenfetch or cat /etc/os-release) Ubuntu 21.04 hirsute
  • Firejail version (output of firejail --version) exclusive or used git commit (git rev-parse HEAD) 8d3d67e

Additional context

Checklist

  • The profile (and redirect profile if exists) hasn't already been fixed upstream.
  • The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
  • I have performed a short search for similar issues (to avoid opening a duplicate).
  • If it is a AppImage, --profile=PROFILENAME is used to set the right profile.: n/a
  • Used LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 PROGRAM to get english error-messages.
  • I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.
  • This is not a question. Questions should be asked in https://github.com/netblue30/firejail/discussions.

Debug output contains nothing useful at the moments I try to open websites from Firefox.

UPD: after manually replacing the files from a good commit with the ones of f4b36e8 it stopped breaking on f4b36e8. Now it breaks on 8d3d67e
@KOLANICH KOLANICH changed the title It is extremily strange, but f4b36e80321379c4917c7ab9c9b3bbcfad05899f somehow have managed to break ... Firefox. It seems that 8d3d67e8960f87a7592bc3a1623f27b45a52edb5 breaks Firefox Aug 26, 2021
@rusty-snake
Copy link
Collaborator

Where does your /etc/resolv.conf point?

@KOLANICH
Copy link
Contributor Author

/run/resolvconf/resolv.conf (127.0.0.53)

@rusty-snake
Copy link
Collaborator

Then we should whitelist /run/resolvconf/resolv.conf in whitelist-run-common.inc too.

@KOLANICH
Copy link
Contributor Author

KOLANICH commented Sep 3, 2021

Thank you.

@mjanonis
Copy link
Contributor

mjanonis commented Sep 3, 2021

On Arch Linux, /etc/resolv.conf points to /run/systemd/resolve/stub-resolv.conf when systemd-resolved is used, so that needs to get added to the whitelist too. I had the same problem and doing that fixed it.

@mjanonis mjanonis mentioned this issue Sep 3, 2021
Merged
rusty-snake pushed a commit that referenced this issue Sep 3, 2021
@mjanonis
Update wrc for Arch Linux (#4507)
6192585 
This is a quick fix of #4482 for distributions that link /etc/resolv.conf to /run/systemd/resolve/stub-resolv.conf (Arch Linux is one of them).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@KOLANICH @mjanonis @rusty-snake