Welcome!

Please read this important information about Spectre and Meltdown vulnerabilities.
Please read this important information about MX sources lists.
News
  • MX Linux on social media: here
  • Mepis support still here
Current releases
  • MX-17 Final release info here
  • MX-16.1 release info here
  • antiX-17 release info here
    New users
    • Please read this first, and don't forget to add system and hardware information to posts!
    • Read Forum Rules

MEPIS 12/MX 14 Community Repo: The Firejail Thread

News about updates on package status for CR packages compiled for MEPIS 12.0
Message
Author
User avatar
linexer2016
Forum Regular
Forum Regular
Posts: 308
Joined: Thu Dec 15, 2016 9:15 pm

Re: MEPIS 12/MX 14 Community Repo: The Firejail Thread

#11 Postby linexer2016 » Sun Dec 18, 2016 10:59 pm

Hello Stevo,
I am running MX16 final upgraded from RC1. I have again uninstalled firejail and firetools for if the Mozilla family doesn't work in it, it's not much use to me I'm afraid. Could it be that I run such extras as Ghostery, adblock etc that creates a mismatch somehow (that's in firefox but I have no such extras in Tbird).
You said you will move them over to the main as they fix the security holes does that mean that the firejail suite will be the only short term method of dealing with those vulnerabilities? If so, it would almost demand everyone downloads firejail. I will try and download and install firejail one more time :happy:

User avatar
linexer2016
Forum Regular
Forum Regular
Posts: 308
Joined: Thu Dec 15, 2016 9:15 pm

Re: MEPIS 12/MX 14 Community Repo: The Firejail Thread

#12 Postby linexer2016 » Sun Dec 18, 2016 11:18 pm

Stevo, I have reinstalled the firejail suite (i.e., including firetools and liparmor). I report that once again the actual browser fails to open, however, using firetools and doubleclicking on the firefox icon (again fails to launch the browser itself) at least describes in the right click menu under tools, that firefox is running sandboxed. That is fine and what one wants however, what one doesn't want is no way to launch the actual program to the extent that I could write this message - the browser simply refuses to open. If I try and launch an instance of firefox outside firejail, it fails with the error message of two instances close one to continue. It must be that something in the MX Test Repo tool is not working properly and it will be interesting to see if when you port the firejail into the main distro if downloading from there is any different.

User avatar
v3g4n
Forum Guide
Forum Guide
Posts: 1779
Joined: Sat Jan 16, 2016 8:20 pm

Re: MEPIS 12/MX 14 Community Repo: The Firejail Thread

#13 Postby v3g4n » Mon Dec 19, 2016 12:50 am

Lets verify what version of firejail you actually have. Please post the output of

Code: Select all

apt-cache policy firejail

User avatar
linexer2016
Forum Regular
Forum Regular
Posts: 308
Joined: Thu Dec 15, 2016 9:15 pm

Re: MEPIS 12/MX 14 Community Repo: The Firejail Thread

#14 Postby linexer2016 » Mon Dec 19, 2016 1:26 am

v3g4n, hwi info requested ...
apt-cache policy firejail
firejail:
Installed: 0.9.44.2-1mx15+1
Candidate: 0.9.44.2-1mx15+1
Version table:
*** 0.9.44.2-1mx15+1 0
----------------------------------
and for firetools
apt-cache policy firetools
firetools:
Installed: 0.9.44-1mx15+1
Candidate: 0.9.44-1mx15+1
Version table:
*** 0.9.44-1mx15+1 0
-------------------
I do see a slight mismatch in the main program and the tools program - i.e., 0.9.44.2-1 and 0.9.44-1 respectively although I am not sure that would have an effect. Is mx15+1 correctly mx16?

User avatar
linexer2016
Forum Regular
Forum Regular
Posts: 308
Joined: Thu Dec 15, 2016 9:15 pm

Re: MEPIS 12/MX 14 Community Repo: The Firejail Thread

#15 Postby linexer2016 » Wed Dec 21, 2016 6:29 am

v3g4n,
I posted the output you requested, does your non-comment mean there's nothing more that can be done to get firejail working properly? It really amazes me that audacious (for example) works fine (or appears to) under firejail/firetools however, anything Mozilla related and whilst the firejail status suggests the browser is indeed running sandboxed, I can't use the browser because it refuses to load from within the call firejail firefox.
Do you think it might be best to uninstall firefox from the stable repo and get it from the testing if indeed that's possible? Or perhaps download it direct from Mozilla?

User avatar
v3g4n
Forum Guide
Forum Guide
Posts: 1779
Joined: Sat Jan 16, 2016 8:20 pm

Re: MEPIS 12/MX 14 Community Repo: The Firejail Thread

#16 Postby v3g4n » Wed Dec 21, 2016 9:58 am

I will test it out on a fresh MX 16 install tonight and see if it works on my end. If it does then we got some issues on your end, which might be the case since it's also working fine for Stevo. To be honest though I don't use firejail, so I'm not sure if I will be much help in troubleshooting it, but will try.

User avatar
linexer2016
Forum Regular
Forum Regular
Posts: 308
Joined: Thu Dec 15, 2016 9:15 pm

Re: MEPIS 12/MX 14 Community Repo: The Firejail Thread

#17 Postby linexer2016 » Thu Dec 22, 2016 12:28 am

Thanks v3g4n, look forward to your feedback. You say you don't use firejail ... does that suggest that you don't think the risks of not using a sandbox type program in Linux are anything more than low or do you use another strategy?

User avatar
v3g4n
Forum Guide
Forum Guide
Posts: 1779
Joined: Sat Jan 16, 2016 8:20 pm

Re: MEPIS 12/MX 14 Community Repo: The Firejail Thread

#18 Postby v3g4n » Thu Dec 22, 2016 8:19 am

It appears to be working fine here.

Code: Select all

$ firejail --debug firefox
Autoselecting /bin/bash as shell
Command name #firefox#
Found firefox profile in /etc/firejail directory
Reading profile /etc/firejail/firefox.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/whitelist-common.inc
DISPLAY :0.0, 0
Using the local network stack
Parent pid 1335, child pid 1336
Initializing child process
Host network configured
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Mounting read-only /bin, /sbin, /lib, /lib32, /lib64, /usr, /etc, /var
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Mounting tmpfs on /var/lib/dhcp
Mounting tmpfs on /var/lib/snmp
Mounting tmpfs on /var/lib/sudo
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/x11
Remounting /proc and /proc/sys filesystems
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/module
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/sched_debug
Disable /proc/timer_list
Disable /proc/timer_stats
Disable /proc/kcore
Disable /proc/kallsyms
Disable /lib/modules
Disable /boot
Disable /dev/port
Disable /dev/kmsg
Disable /proc/kmsg
Downloads directory resolved as "/home/v3g4n/Downloads"
Debug 358: new_name #/home/v3g4n/Downloads#
Debug 420: fname #/home/v3g4n/Downloads#, cfg.homedir #/home/v3g4n#
Replaced whitelist path: whitelist /home/v3g4n/Downloads
Debug 358: new_name #/home/v3g4n/.mozilla#
Debug 420: fname #/home/v3g4n/.mozilla#, cfg.homedir #/home/v3g4n#
Replaced whitelist path: whitelist /home/v3g4n/.mozilla
Debug 358: new_name #/home/v3g4n/.cache/mozilla/firefox#
Debug 420: fname #/home/v3g4n/.cache/mozilla/firefox#, cfg.homedir #/home/v3g4n#
Replaced whitelist path: whitelist /home/v3g4n/.cache/mozilla/firefox
Debug 358: new_name #/home/v3g4n/dwhelper#
Removed whitelist path: whitelist ~/dwhelper
   expanded: /home/v3g4n/dwhelper
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.zotero#
Removed whitelist path: whitelist ~/.zotero
   expanded: /home/v3g4n/.zotero
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.vimperatorrc#
Removed whitelist path: whitelist ~/.vimperatorrc
   expanded: /home/v3g4n/.vimperatorrc
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.vimperator#
Removed whitelist path: whitelist ~/.vimperator
   expanded: /home/v3g4n/.vimperator
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.pentadactylrc#
Removed whitelist path: whitelist ~/.pentadactylrc
   expanded: /home/v3g4n/.pentadactylrc
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.pentadactyl#
Removed whitelist path: whitelist ~/.pentadactyl
   expanded: /home/v3g4n/.pentadactyl
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.keysnail.js#
Removed whitelist path: whitelist ~/.keysnail.js
   expanded: /home/v3g4n/.keysnail.js
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.config/gnome-mplayer#
Removed whitelist path: whitelist ~/.config/gnome-mplayer
   expanded: /home/v3g4n/.config/gnome-mplayer
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.cache/gnome-mplayer/plugin#
Removed whitelist path: whitelist ~/.cache/gnome-mplayer/plugin
   expanded: /home/v3g4n/.cache/gnome-mplayer/plugin
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.pki#
Removed whitelist path: whitelist ~/.pki
   expanded: /home/v3g4n/.pki
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.keepassx#
Removed whitelist path: whitelist ~/.keepassx
   expanded: /home/v3g4n/.keepassx
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.config/keepassx#
Removed whitelist path: whitelist ~/.config/keepassx
   expanded: /home/v3g4n/.config/keepassx
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/keepassx.kdbx#
Removed whitelist path: whitelist ~/keepassx.kdbx
   expanded: /home/v3g4n/keepassx.kdbx
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.lastpass#
Removed whitelist path: whitelist ~/.lastpass
   expanded: /home/v3g4n/.lastpass
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.config/lastpass#
Removed whitelist path: whitelist ~/.config/lastpass
   expanded: /home/v3g4n/.config/lastpass
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.wine-pipelight#
Removed whitelist path: whitelist ~/.wine-pipelight
   expanded: /home/v3g4n/.wine-pipelight
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.wine-pipelight64#
Removed whitelist path: whitelist ~/.wine-pipelight64
   expanded: /home/v3g4n/.wine-pipelight64
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.config/pipelight-widevine#
Removed whitelist path: whitelist ~/.config/pipelight-widevine
   expanded: /home/v3g4n/.config/pipelight-widevine
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.config/pipelight-silverlight5.1#
Removed whitelist path: whitelist ~/.config/pipelight-silverlight5.1
   expanded: /home/v3g4n/.config/pipelight-silverlight5.1
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.XCompose#
Removed whitelist path: whitelist ~/.XCompose
   expanded: /home/v3g4n/.XCompose
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.config/mimeapps.list#
Debug 420: fname #/home/v3g4n/.config/mimeapps.list#, cfg.homedir #/home/v3g4n#
Replaced whitelist path: whitelist /home/v3g4n/.config/mimeapps.list
Debug 358: new_name #/home/v3g4n/.icons#
Removed whitelist path: whitelist ~/.icons
   expanded: /home/v3g4n/.icons
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.config/user-dirs.dirs#
Debug 420: fname #/home/v3g4n/.config/user-dirs.dirs#, cfg.homedir #/home/v3g4n#
Replaced whitelist path: whitelist /home/v3g4n/.config/user-dirs.dirs
Debug 358: new_name #/home/v3g4n/.asoundrc#
Removed whitelist path: whitelist ~/.asoundrc
   expanded: /home/v3g4n/.asoundrc
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.config/Trolltech.conf#
Debug 420: fname #/home/v3g4n/.config/Trolltech.conf#, cfg.homedir #/home/v3g4n#
Replaced whitelist path: whitelist /home/v3g4n/.config/Trolltech.conf
Debug 358: new_name #/home/v3g4n/.fonts#
Removed whitelist path: whitelist ~/.fonts
   expanded: /home/v3g4n/.fonts
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.fonts.d#
Removed whitelist path: whitelist ~/.fonts.d
   expanded: /home/v3g4n/.fonts.d
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.fontconfig#
Removed whitelist path: whitelist ~/.fontconfig
   expanded: /home/v3g4n/.fontconfig
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.fonts.conf#
Removed whitelist path: whitelist ~/.fonts.conf
   expanded: /home/v3g4n/.fonts.conf
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.fonts.conf.d#
Removed whitelist path: whitelist ~/.fonts.conf.d
   expanded: /home/v3g4n/.fonts.conf.d
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.config/fontconfig#
Removed whitelist path: whitelist ~/.config/fontconfig
   expanded: /home/v3g4n/.config/fontconfig
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.cache/fontconfig#
Debug 420: fname #/home/v3g4n/.cache/fontconfig#, cfg.homedir #/home/v3g4n#
Replaced whitelist path: whitelist /home/v3g4n/.cache/fontconfig
Debug 358: new_name #/home/v3g4n/.gtkrc#
Removed whitelist path: whitelist ~/.gtkrc
   expanded: /home/v3g4n/.gtkrc
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.gtkrc-2.0#
Removed whitelist path: whitelist ~/.gtkrc-2.0
   expanded: /home/v3g4n/.gtkrc-2.0
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.config/gtk-2.0#
Removed whitelist path: whitelist ~/.config/gtk-2.0
   expanded: /home/v3g4n/.config/gtk-2.0
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.config/gtk-3.0#
Removed whitelist path: whitelist ~/.config/gtk-3.0
   expanded: /home/v3g4n/.config/gtk-3.0
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.themes#
Removed whitelist path: whitelist ~/.themes
   expanded: /home/v3g4n/.themes
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.kde/share/config/gtkrc#
Removed whitelist path: whitelist ~/.kde/share/config/gtkrc
   expanded: /home/v3g4n/.kde/share/config/gtkrc
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.kde/share/config/gtkrc-2.0#
Removed whitelist path: whitelist ~/.kde/share/config/gtkrc-2.0
   expanded: /home/v3g4n/.kde/share/config/gtkrc-2.0
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.config/dconf#
Debug 420: fname #/home/v3g4n/.config/dconf#, cfg.homedir #/home/v3g4n#
Replaced whitelist path: whitelist /home/v3g4n/.config/dconf
Debug 358: new_name #/home/v3g4n/.config/kdeglobals#
Removed whitelist path: whitelist ~/.config/kdeglobals
   expanded: /home/v3g4n/.config/kdeglobals
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.kde/share/config/oxygenrc#
Removed whitelist path: whitelist ~/.kde/share/config/oxygenrc
   expanded: /home/v3g4n/.kde/share/config/oxygenrc
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.kde/share/config/kdeglobals#
Debug 420: fname #/home/v3g4n/.kde/share/config/kdeglobals#, cfg.homedir #/home/v3g4n#
Replaced whitelist path: whitelist /home/v3g4n/.kde/share/config/kdeglobals
Debug 358: new_name #/home/v3g4n/.kde/share/icons#
Removed whitelist path: whitelist ~/.kde/share/icons
   expanded: /home/v3g4n/.kde/share/icons
   real path: (null)
   realpath: No such file or directory
Mounting a new /home directory
Mounting a new /root directory
Create a new user directory
Whitelisting /home/v3g4n/Downloads
Whitelisting /home/v3g4n/.mozilla
Whitelisting /home/v3g4n/.cache/mozilla/firefox
Whitelisting /home/v3g4n/.config/mimeapps.list
Whitelisting /home/v3g4n/.config/user-dirs.dirs
Whitelisting /home/v3g4n/.config/Trolltech.conf
Whitelisting /home/v3g4n/.cache/fontconfig
Whitelisting /home/v3g4n/.config/dconf
Whitelisting /home/v3g4n/.kde/share/config/kdeglobals
Disable /etc/xdg/autostart
Disable /etc/X11/Xsession.d
Disable /var/spool/cron
Disable /var/spool/anacron
Disable /run/acpid.socket
Disable /run/rpcbind.sock
Disable /etc/cron.monthly
Disable /etc/cron.hourly
Disable /etc/cron.weekly
Disable /etc/cron.daily
Disable /etc/cron.d
Disable /etc/profile.d
Disable /etc/rc.local
Disable /etc/anacrontab
Mounting read-only /home/v3g4n/.bashrc
Disable /etc/shadow
Disable /etc/gshadow
Disable /etc/group-
Disable /etc/gshadow-
Disable /etc/ssh
Disable /bin/umount
Disable /bin/mount
Disable /bin/fusermount
Disable /bin/su
Disable /usr/bin/sudo
Disable /usr/bin/xinput
Disable /usr/bin/xev
Disable /usr/bin/strace
Disable /bin/nc.traditional
Disable /sbin
Disable /usr/sbin
Disable /usr/local/sbin
Disable /usr/bin/xfce4-terminal
Disable /usr/bin/xfce4-terminal.wrapper
Not blacklist /home/v3g4n/.mozilla
Not blacklist /home/v3g4n/.cache/mozilla
Disable /usr/include
Disable /usr/bin/gcc-4.9
Disable /usr/bin/gcc-ranlib-4.9
Disable /usr/bin/gcc-nm-4.9
Disable /usr/bin/gcc-ranlib-4.9
Disable /usr/bin/gcc-4.9
Disable /usr/bin/gcc-ar-4.9
Disable /usr/bin/gcc-nm-4.9
Disable /usr/bin/gcc-ar-4.9
Disable /usr/bin/cpp-4.9
Disable /usr/bin/cpp-4.9
Disable /usr/bin/c99-gcc
Disable /usr/bin/c99-gcc
Disable /usr/bin/c89-gcc
Disable /usr/bin/c89-gcc
Disable /usr/bin/g++-4.9
Disable /usr/bin/c++filt
Disable /usr/bin/as
Disable /usr/bin/ld.bfd
Disable /usr/bin/g++-4.9
Disable /usr/bin/g++-4.9
Disable /usr/bin/g++-4.9
Disable /usr/bin/g++-4.9
Disable /usr/bin/gcc-nm-4.9
Disable /usr/bin/gcc-ar-4.9
Disable /usr/bin/gcc-nm-4.9
Disable /usr/bin/gcc-ranlib-4.9
Disable /usr/bin/gcc-4.9
Disable /usr/bin/gcc-ar-4.9
Disable /usr/bin/gcc-ranlib-4.9
Disable /usr/bin/gcc-4.9
Disable /usr/lib/valgrind
Disable /usr/bin/perl
Disable /usr/bin/cpan
Disable /usr/share/perl
Disable /usr/share/perl5
Disable /usr/lib/perl5
Mounting read-only /home/v3g4n/.config/user-dirs.dirs
Disable /sys/fs
Create the new ld.so.preload file
Blacklist violations are logged to syslog
Mount the new ld.so.preload file
DISPLAY :0.0, 0
Dropping all capabilities
Set protocol filter: unix,inet,inet6,netlink
Dual i386/amd64 seccomp filter configured
SECCOMP Filter:
  VALIDATE_ARCHITECTURE
  EXAMINE_SYSCAL
  UNKNOWN ENTRY!!!
  UNKNOWN ENTRY!!!
  UNKNOWN ENTRY!!!
  BLACKLIST 165 mount
  BLACKLIST 166 umount2
  BLACKLIST 101 ptrace
  BLACKLIST 246 kexec_load
  BLACKLIST 304 open_by_handle_at
  BLACKLIST 303 name_to_handle_at
  BLACKLIST 175 init_module
  BLACKLIST 313 finit_module
  BLACKLIST 174 create_module
  BLACKLIST 176 delete_module
  BLACKLIST 172 iopl
  BLACKLIST 173 ioperm
  BLACKLIST 251 ioprio_set
  BLACKLIST 167 swapon
  BLACKLIST 168 swapoff
  BLACKLIST 103 syslog
  BLACKLIST 310 process_vm_readv
  BLACKLIST 311 process_vm_writev
  BLACKLIST 139 sysfs
  BLACKLIST 156 _sysctl
  BLACKLIST 159 adjtimex
  BLACKLIST 305 clock_adjtime
  BLACKLIST 212 lookup_dcookie
  BLACKLIST 298 perf_event_open
  BLACKLIST 300 fanotify_init
  BLACKLIST 312 kcmp
  BLACKLIST 248 add_key
  BLACKLIST 249 request_key
  BLACKLIST 250 keyctl
  BLACKLIST 134 uselib
  BLACKLIST 163 acct
  BLACKLIST 154 modify_ldt
  BLACKLIST 155 pivot_root
  BLACKLIST 206 io_setup
  BLACKLIST 207 io_destroy
  BLACKLIST 208 io_getevents
  BLACKLIST 209 io_submit
  BLACKLIST 210 io_cancel
  BLACKLIST 216 remap_file_pages
  BLACKLIST 237 mbind
  BLACKLIST 239 get_mempolicy
  BLACKLIST 238 set_mempolicy
  BLACKLIST 256 migrate_pages
  BLACKLIST 279 move_pages
  BLACKLIST 278 vmsplice
  BLACKLIST 161 chroot
  BLACKLIST 184 tuxcall
  BLACKLIST 169 reboot
  BLACKLIST 180 nfsservctl
  BLACKLIST 177 get_kernel_syms
  RETURN_ALLOW
Save seccomp filter, size 864 bytes
noroot user namespace installed
Dropping all capabilities
NO_NEW_PRIVS set
starting application
LD_PRELOAD=(null)
Running 'firefox'  command through /bin/bash
execvp argument 0: /bin/bash
execvp argument 1: -c
execvp argument 2: 'firefox'
Child process initialized
monitoring pid 2


(firefox:3): GLib-GObject-CRITICAL **: g_object_ref: assertion 'object->ref_count > 0' failed

(firefox:3): GLib-GObject-CRITICAL **: g_object_unref: assertion 'object->ref_count > 0' failed

(firefox:3): GLib-GObject-CRITICAL **: g_object_ref: assertion 'object->ref_count > 0' failed

(firefox:3): GLib-GObject-CRITICAL **: g_object_unref: assertion 'object->ref_count > 0' failed

(/opt/firefox/plugin-container:41): GLib-GObject-CRITICAL **: g_object_ref: assertion 'object->ref_count > 0' failed

(/opt/firefox/plugin-container:41): GLib-GObject-CRITICAL **: g_object_unref: assertion 'object->ref_count > 0' failed

(/opt/firefox/plugin-container:41): GLib-GObject-CRITICAL **: g_object_ref: assertion 'object->ref_count > 0' failed

(/opt/firefox/plugin-container:41): GLib-GObject-CRITICAL **: g_object_unref: assertion 'object->ref_count > 0' failed


Code: Select all

$ firejail --seccomp --debug firefox
Autoselecting /bin/bash as shell
Command name #firefox#
Found firefox profile in /etc/firejail directory
Reading profile /etc/firejail/firefox.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/whitelist-common.inc
DISPLAY :0.0, 0
Using the local network stack
Parent pid 1024, child pid 1025
Initializing child process
Host network configured
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Mounting read-only /bin, /sbin, /lib, /lib32, /lib64, /usr, /etc, /var
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Mounting tmpfs on /var/lib/dhcp
Mounting tmpfs on /var/lib/snmp
Mounting tmpfs on /var/lib/sudo
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/x11
Remounting /proc and /proc/sys filesystems
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/module
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/sched_debug
Disable /proc/timer_list
Disable /proc/timer_stats
Disable /proc/kcore
Disable /proc/kallsyms
Disable /lib/modules
Disable /boot
Disable /dev/port
Disable /dev/kmsg
Disable /proc/kmsg
Downloads directory resolved as "/home/v3g4n/Downloads"
Debug 358: new_name #/home/v3g4n/Downloads#
Debug 420: fname #/home/v3g4n/Downloads#, cfg.homedir #/home/v3g4n#
Replaced whitelist path: whitelist /home/v3g4n/Downloads
Debug 358: new_name #/home/v3g4n/.mozilla#
Debug 420: fname #/home/v3g4n/.mozilla#, cfg.homedir #/home/v3g4n#
Replaced whitelist path: whitelist /home/v3g4n/.mozilla
Debug 358: new_name #/home/v3g4n/.cache/mozilla/firefox#
Debug 420: fname #/home/v3g4n/.cache/mozilla/firefox#, cfg.homedir #/home/v3g4n#
Replaced whitelist path: whitelist /home/v3g4n/.cache/mozilla/firefox
Debug 358: new_name #/home/v3g4n/dwhelper#
Removed whitelist path: whitelist ~/dwhelper
   expanded: /home/v3g4n/dwhelper
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.zotero#
Removed whitelist path: whitelist ~/.zotero
   expanded: /home/v3g4n/.zotero
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.vimperatorrc#
Removed whitelist path: whitelist ~/.vimperatorrc
   expanded: /home/v3g4n/.vimperatorrc
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.vimperator#
Removed whitelist path: whitelist ~/.vimperator
   expanded: /home/v3g4n/.vimperator
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.pentadactylrc#
Removed whitelist path: whitelist ~/.pentadactylrc
   expanded: /home/v3g4n/.pentadactylrc
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.pentadactyl#
Removed whitelist path: whitelist ~/.pentadactyl
   expanded: /home/v3g4n/.pentadactyl
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.keysnail.js#
Removed whitelist path: whitelist ~/.keysnail.js
   expanded: /home/v3g4n/.keysnail.js
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.config/gnome-mplayer#
Removed whitelist path: whitelist ~/.config/gnome-mplayer
   expanded: /home/v3g4n/.config/gnome-mplayer
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.cache/gnome-mplayer/plugin#
Removed whitelist path: whitelist ~/.cache/gnome-mplayer/plugin
   expanded: /home/v3g4n/.cache/gnome-mplayer/plugin
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.pki#
Removed whitelist path: whitelist ~/.pki
   expanded: /home/v3g4n/.pki
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.keepassx#
Removed whitelist path: whitelist ~/.keepassx
   expanded: /home/v3g4n/.keepassx
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.config/keepassx#
Removed whitelist path: whitelist ~/.config/keepassx
   expanded: /home/v3g4n/.config/keepassx
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/keepassx.kdbx#
Removed whitelist path: whitelist ~/keepassx.kdbx
   expanded: /home/v3g4n/keepassx.kdbx
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.lastpass#
Removed whitelist path: whitelist ~/.lastpass
   expanded: /home/v3g4n/.lastpass
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.config/lastpass#
Removed whitelist path: whitelist ~/.config/lastpass
   expanded: /home/v3g4n/.config/lastpass
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.wine-pipelight#
Removed whitelist path: whitelist ~/.wine-pipelight
   expanded: /home/v3g4n/.wine-pipelight
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.wine-pipelight64#
Removed whitelist path: whitelist ~/.wine-pipelight64
   expanded: /home/v3g4n/.wine-pipelight64
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.config/pipelight-widevine#
Removed whitelist path: whitelist ~/.config/pipelight-widevine
   expanded: /home/v3g4n/.config/pipelight-widevine
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.config/pipelight-silverlight5.1#
Removed whitelist path: whitelist ~/.config/pipelight-silverlight5.1
   expanded: /home/v3g4n/.config/pipelight-silverlight5.1
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.XCompose#
Removed whitelist path: whitelist ~/.XCompose
   expanded: /home/v3g4n/.XCompose
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.config/mimeapps.list#
Debug 420: fname #/home/v3g4n/.config/mimeapps.list#, cfg.homedir #/home/v3g4n#
Replaced whitelist path: whitelist /home/v3g4n/.config/mimeapps.list
Debug 358: new_name #/home/v3g4n/.icons#
Removed whitelist path: whitelist ~/.icons
   expanded: /home/v3g4n/.icons
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.config/user-dirs.dirs#
Debug 420: fname #/home/v3g4n/.config/user-dirs.dirs#, cfg.homedir #/home/v3g4n#
Replaced whitelist path: whitelist /home/v3g4n/.config/user-dirs.dirs
Debug 358: new_name #/home/v3g4n/.asoundrc#
Removed whitelist path: whitelist ~/.asoundrc
   expanded: /home/v3g4n/.asoundrc
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.config/Trolltech.conf#
Debug 420: fname #/home/v3g4n/.config/Trolltech.conf#, cfg.homedir #/home/v3g4n#
Replaced whitelist path: whitelist /home/v3g4n/.config/Trolltech.conf
Debug 358: new_name #/home/v3g4n/.fonts#
Removed whitelist path: whitelist ~/.fonts
   expanded: /home/v3g4n/.fonts
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.fonts.d#
Removed whitelist path: whitelist ~/.fonts.d
   expanded: /home/v3g4n/.fonts.d
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.fontconfig#
Removed whitelist path: whitelist ~/.fontconfig
   expanded: /home/v3g4n/.fontconfig
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.fonts.conf#
Removed whitelist path: whitelist ~/.fonts.conf
   expanded: /home/v3g4n/.fonts.conf
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.fonts.conf.d#
Removed whitelist path: whitelist ~/.fonts.conf.d
   expanded: /home/v3g4n/.fonts.conf.d
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.config/fontconfig#
Removed whitelist path: whitelist ~/.config/fontconfig
   expanded: /home/v3g4n/.config/fontconfig
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.cache/fontconfig#
Debug 420: fname #/home/v3g4n/.cache/fontconfig#, cfg.homedir #/home/v3g4n#
Replaced whitelist path: whitelist /home/v3g4n/.cache/fontconfig
Debug 358: new_name #/home/v3g4n/.gtkrc#
Removed whitelist path: whitelist ~/.gtkrc
   expanded: /home/v3g4n/.gtkrc
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.gtkrc-2.0#
Removed whitelist path: whitelist ~/.gtkrc-2.0
   expanded: /home/v3g4n/.gtkrc-2.0
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.config/gtk-2.0#
Removed whitelist path: whitelist ~/.config/gtk-2.0
   expanded: /home/v3g4n/.config/gtk-2.0
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.config/gtk-3.0#
Removed whitelist path: whitelist ~/.config/gtk-3.0
   expanded: /home/v3g4n/.config/gtk-3.0
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.themes#
Removed whitelist path: whitelist ~/.themes
   expanded: /home/v3g4n/.themes
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.kde/share/config/gtkrc#
Removed whitelist path: whitelist ~/.kde/share/config/gtkrc
   expanded: /home/v3g4n/.kde/share/config/gtkrc
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.kde/share/config/gtkrc-2.0#
Removed whitelist path: whitelist ~/.kde/share/config/gtkrc-2.0
   expanded: /home/v3g4n/.kde/share/config/gtkrc-2.0
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.config/dconf#
Debug 420: fname #/home/v3g4n/.config/dconf#, cfg.homedir #/home/v3g4n#
Replaced whitelist path: whitelist /home/v3g4n/.config/dconf
Debug 358: new_name #/home/v3g4n/.config/kdeglobals#
Removed whitelist path: whitelist ~/.config/kdeglobals
   expanded: /home/v3g4n/.config/kdeglobals
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.kde/share/config/oxygenrc#
Removed whitelist path: whitelist ~/.kde/share/config/oxygenrc
   expanded: /home/v3g4n/.kde/share/config/oxygenrc
   real path: (null)
   realpath: No such file or directory
Debug 358: new_name #/home/v3g4n/.kde/share/config/kdeglobals#
Debug 420: fname #/home/v3g4n/.kde/share/config/kdeglobals#, cfg.homedir #/home/v3g4n#
Replaced whitelist path: whitelist /home/v3g4n/.kde/share/config/kdeglobals
Debug 358: new_name #/home/v3g4n/.kde/share/icons#
Removed whitelist path: whitelist ~/.kde/share/icons
   expanded: /home/v3g4n/.kde/share/icons
   real path: (null)
   realpath: No such file or directory
Mounting a new /home directory
Mounting a new /root directory
Create a new user directory
Whitelisting /home/v3g4n/Downloads
Whitelisting /home/v3g4n/.mozilla
Whitelisting /home/v3g4n/.cache/mozilla/firefox
Whitelisting /home/v3g4n/.config/mimeapps.list
Whitelisting /home/v3g4n/.config/user-dirs.dirs
Whitelisting /home/v3g4n/.config/Trolltech.conf
Whitelisting /home/v3g4n/.cache/fontconfig
Whitelisting /home/v3g4n/.config/dconf
Whitelisting /home/v3g4n/.kde/share/config/kdeglobals
Disable /etc/xdg/autostart
Disable /etc/X11/Xsession.d
Disable /var/spool/cron
Disable /var/spool/anacron
Disable /run/acpid.socket
Disable /run/rpcbind.sock
Disable /etc/cron.monthly
Disable /etc/cron.hourly
Disable /etc/cron.weekly
Disable /etc/cron.daily
Disable /etc/cron.d
Disable /etc/profile.d
Disable /etc/rc.local
Disable /etc/anacrontab
Mounting read-only /home/v3g4n/.bashrc
Disable /etc/shadow
Disable /etc/gshadow
Disable /etc/group-
Disable /etc/gshadow-
Disable /etc/ssh
Disable /bin/umount
Disable /bin/mount
Disable /bin/fusermount
Disable /bin/su
Disable /usr/bin/sudo
Disable /usr/bin/xinput
Disable /usr/bin/xev
Disable /usr/bin/strace
Disable /bin/nc.traditional
Disable /sbin
Disable /usr/sbin
Disable /usr/local/sbin
Disable /usr/bin/xfce4-terminal
Disable /usr/bin/xfce4-terminal.wrapper
Not blacklist /home/v3g4n/.mozilla
Not blacklist /home/v3g4n/.cache/mozilla
Disable /usr/include
Disable /usr/bin/gcc-4.9
Disable /usr/bin/gcc-ranlib-4.9
Disable /usr/bin/gcc-nm-4.9
Disable /usr/bin/gcc-ranlib-4.9
Disable /usr/bin/gcc-4.9
Disable /usr/bin/gcc-ar-4.9
Disable /usr/bin/gcc-nm-4.9
Disable /usr/bin/gcc-ar-4.9
Disable /usr/bin/cpp-4.9
Disable /usr/bin/cpp-4.9
Disable /usr/bin/c99-gcc
Disable /usr/bin/c99-gcc
Disable /usr/bin/c89-gcc
Disable /usr/bin/c89-gcc
Disable /usr/bin/g++-4.9
Disable /usr/bin/c++filt
Disable /usr/bin/as
Disable /usr/bin/ld.bfd
Disable /usr/bin/g++-4.9
Disable /usr/bin/g++-4.9
Disable /usr/bin/g++-4.9
Disable /usr/bin/g++-4.9
Disable /usr/bin/gcc-nm-4.9
Disable /usr/bin/gcc-ar-4.9
Disable /usr/bin/gcc-nm-4.9
Disable /usr/bin/gcc-ranlib-4.9
Disable /usr/bin/gcc-4.9
Disable /usr/bin/gcc-ar-4.9
Disable /usr/bin/gcc-ranlib-4.9
Disable /usr/bin/gcc-4.9
Disable /usr/lib/valgrind
Disable /usr/bin/perl
Disable /usr/bin/cpan
Disable /usr/share/perl
Disable /usr/share/perl5
Disable /usr/lib/perl5
Mounting read-only /home/v3g4n/.config/user-dirs.dirs
Disable /sys/fs
Create the new ld.so.preload file
Blacklist violations are logged to syslog
Mount the new ld.so.preload file
DISPLAY :0.0, 0
Dropping all capabilities
Set protocol filter: unix,inet,inet6,netlink
Dual i386/amd64 seccomp filter configured
SECCOMP Filter:
  VALIDATE_ARCHITECTURE
  EXAMINE_SYSCAL
  UNKNOWN ENTRY!!!
  UNKNOWN ENTRY!!!
  UNKNOWN ENTRY!!!
  BLACKLIST 165 mount
  BLACKLIST 166 umount2
  BLACKLIST 101 ptrace
  BLACKLIST 246 kexec_load
  BLACKLIST 304 open_by_handle_at
  BLACKLIST 303 name_to_handle_at
  BLACKLIST 175 init_module
  BLACKLIST 313 finit_module
  BLACKLIST 174 create_module
  BLACKLIST 176 delete_module
  BLACKLIST 172 iopl
  BLACKLIST 173 ioperm
  BLACKLIST 251 ioprio_set
  BLACKLIST 167 swapon
  BLACKLIST 168 swapoff
  BLACKLIST 103 syslog
  BLACKLIST 310 process_vm_readv
  BLACKLIST 311 process_vm_writev
  BLACKLIST 139 sysfs
  BLACKLIST 156 _sysctl
  BLACKLIST 159 adjtimex
  BLACKLIST 305 clock_adjtime
  BLACKLIST 212 lookup_dcookie
  BLACKLIST 298 perf_event_open
  BLACKLIST 300 fanotify_init
  BLACKLIST 312 kcmp
  BLACKLIST 248 add_key
  BLACKLIST 249 request_key
  BLACKLIST 250 keyctl
  BLACKLIST 134 uselib
  BLACKLIST 163 acct
  BLACKLIST 154 modify_ldt
  BLACKLIST 155 pivot_root
  BLACKLIST 206 io_setup
  BLACKLIST 207 io_destroy
  BLACKLIST 208 io_getevents
  BLACKLIST 209 io_submit
  BLACKLIST 210 io_cancel
  BLACKLIST 216 remap_file_pages
  BLACKLIST 237 mbind
  BLACKLIST 239 get_mempolicy
  BLACKLIST 238 set_mempolicy
  BLACKLIST 256 migrate_pages
  BLACKLIST 279 move_pages
  BLACKLIST 278 vmsplice
  BLACKLIST 161 chroot
  BLACKLIST 184 tuxcall
  BLACKLIST 169 reboot
  BLACKLIST 180 nfsservctl
  BLACKLIST 177 get_kernel_syms
  RETURN_ALLOW
Save seccomp filter, size 864 bytes
noroot user namespace installed
Dropping all capabilities
NO_NEW_PRIVS set
starting application
LD_PRELOAD=(null)
Running 'firefox'  command through /bin/bash
execvp argument 0: /bin/bash
execvp argument 1: -c
execvp argument 2: 'firefox'
Child process initialized
monitoring pid 2


(firefox:3): GLib-GObject-CRITICAL **: g_object_ref: assertion 'object->ref_count > 0' failed

(firefox:3): GLib-GObject-CRITICAL **: g_object_unref: assertion 'object->ref_count > 0' failed

(firefox:3): GLib-GObject-CRITICAL **: g_object_ref: assertion 'object->ref_count > 0' failed

(firefox:3): GLib-GObject-CRITICAL **: g_object_unref: assertion 'object->ref_count > 0' failed

(/opt/firefox/plugin-container:41): GLib-GObject-CRITICAL **: g_object_ref: assertion 'object->ref_count > 0' failed

(/opt/firefox/plugin-container:41): GLib-GObject-CRITICAL **: g_object_unref: assertion 'object->ref_count > 0' failed

(/opt/firefox/plugin-container:41): GLib-GObject-CRITICAL **: g_object_ref: assertion 'object->ref_count > 0' failed

(/opt/firefox/plugin-container:41): GLib-GObject-CRITICAL **: g_object_unref: assertion 'object->ref_count > 0' failed

(/opt/firefox/plugin-container:66): GLib-GObject-CRITICAL **: g_object_ref: assertion 'object->ref_count > 0' failed

(/opt/firefox/plugin-container:66): GLib-GObject-CRITICAL **: g_object_unref: assertion 'object->ref_count > 0' failed

(/opt/firefox/plugin-container:66): GLib-GObject-CRITICAL **: g_object_ref: assertion 'object->ref_count > 0' failed

(/opt/firefox/plugin-container:66): GLib-GObject-CRITICAL **: g_object_unref: assertion 'object->ref_count > 0' failed
^C
Parent received signal 2, shutting down the child process...

Child received signal 15, shutting down the sandbox...

Parent is shutting down, bye...

Code: Select all

$ sudo firemon --list
[sudo] password for v3g4n:
1024:v3g4n:firejail --seccomp --debug firefox

User avatar
v3g4n
Forum Guide
Forum Guide
Posts: 1779
Joined: Sat Jan 16, 2016 8:20 pm

Re: MEPIS 12/MX 14 Community Repo: The Firejail Thread

#19 Postby v3g4n » Thu Dec 22, 2016 9:30 am

As far as why I don't use it, well I simply just forgot about it. I think I first used it a couple years ago and edited my launchers so that the applications would be launched with firejail automatically without having to open the, imho, ugly, firetools app. After some reinstalls it just got lost in the mix. Since then I have moved on to using Whonix.
https://www.whonix.org/

Now that firejail has been brought back to my attention I may add it back to my browser to be used when streaming since Whonix/Tor is not well suited for it.

User avatar
linexer2016
Forum Regular
Forum Regular
Posts: 308
Joined: Thu Dec 15, 2016 9:15 pm

Re: MEPIS 12/MX 14 Community Repo: The Firejail Thread

#20 Postby linexer2016 » Fri Dec 23, 2016 8:30 am

Thanks v m for your feedback on firejail. I have run the scripts/commands that you've alluded/pointed to however, they don't really address with any clarity why my firejail just seems to work for some applications but steadfastly refuses to allow me to get mozilla product to actually launch. That is, it may show that for example, firefox is sandboxed but there's no way to get me into the pertinent firefox session as the application won't load. If I try to run a second instance outside of firejail, I get the error message that firefox is already running - you may see the irony in that, given as I said, I can't get into that "running" session. I will explore that other program you've described (at whonix.org).
Cheers.


Return to “Package Status - 12.0 Beta”

Who is online

Users browsing this forum: No registered users and 1 guest