Firejail not properly opening Firefox-Solved

Forum Forums General Software Firejail not properly opening Firefox-Solved

  • This topic has 13 replies, 3 voices, and was last updated Feb 12-5:06 pm by roytobin.
Viewing 14 posts - 1 through 14 (of 14 total)
  • Author
    Posts
  • #31584
    Member
    Avatargreyowl

    I use antiX 17 fully updated and Firefox 72.0.1 and Firetools/Firejail 0.9.44
    When I click on Firefox icon in Firetools, FF will open with previous tabs, but it will not open a webpage.
    If FF is already open and I click on the FF icon in Firetools, then another instance of FF will open and work properly, but it does not show in the firejail –list so it is not actually in the sandbox.
    I want FF to open along with apulse so I have sound.
    I assume it is not configured properly, but I don’t know how to do this.

    Chromium works fine with Firejail–and it shows in the firejail –list.

    I will sure appreciate some help with this.

    • This topic was modified 1 month, 2 weeks ago by greyowl.
    • This topic was modified 1 month, 2 weeks ago by greyowl.
    • This topic was modified 1 month, 2 weeks ago by greyowl.

    Dell Latitude D610 laptop (1.86 GHz, 2G RAM, 32 bit) - antiX 17

    #31597
    Member
    Avatarimschmeg

    When using FF with firejail, make use of FF’s –new-instance and –no-remote options. Otherwise FF will search for existing instances of itself.

    #31600
    Member
    Avatargreyowl

    When using FF with firejail, make use of FF’s –new-instance and –no-remote options. Otherwise FF will search for existing instances of itself.

    Thanks for the help.

    I don’t understand how to do this–please walk me through it.

    • This reply was modified 1 month, 2 weeks ago by greyowl.

    Dell Latitude D610 laptop (1.86 GHz, 2G RAM, 32 bit) - antiX 17

    #31602
    Member
    Avatarimschmeg

    Suppose you are using a command line such as:
    firejail firefox

    which is what firetools is doing for you. But at that time you have other firefox instances up. What will happen is that firefox when run without the command line options I mentioned, defaults to attempting to find another already running instance of itself, and just re-uses that instance.

    Instead, you can do this:
    firejail firefox --new-instance --no-remote

    This firefox instance will not attempt to contact others (which is what –new-instance does), and also will not accept attempts from others (which is what –no-remote) does. I think the –no-remote option alone does both, actually – so you just need that.

    The problem with the setup of firetools is that it does not add these options to the firefox command line. I use firejail quite heavily, but I don’t use the firetools launcher, for that reason among others.

    #31603
    Member
    Avatargreyowl

    I tried “firejail firefox –new-instance –no-remote” in the terminal. It opened FF with my tabs, but the websites would not open.

    Here is the terminal response:
    user@antix1:~
    $ firejail firefox –new-instance –no-remote
    Reading profile /etc/firejail/firefox.profile
    Reading profile /etc/firejail/disable-common.inc
    Reading profile /etc/firejail/disable-programs.inc
    Reading profile /etc/firejail/disable-devel.inc
    Reading profile /etc/firejail/whitelist-common.inc
    Parent pid 11783, child pid 11784
    Blacklist violations are logged to syslog
    Child process initialized
    Sandbox: /tmp/.X11-unix/X0 is inaccessible (No such file or directory); can’t isolate network namespace in content processes

    Parent is shutting down, bye…
    user@antix1:~
    $

    • This reply was modified 1 month, 2 weeks ago by greyowl.

    Dell Latitude D610 laptop (1.86 GHz, 2G RAM, 32 bit) - antiX 17

    #31605
    Member
    Avatarimschmeg

    Oh – that’s a second problem. First of all, do the profiles in your /etc/firejail folder match the version of firejail you have installed? I have seen errors like that when the profiles are for more recent versions of firejail. If you’re using firejail 0.9.44, you should be useing firejail-profiles 0.9.44 as well.

    #31606
    Member
    Avatargreyowl

    I reinstalled firejail 0.9.44 today so I would think that firejail profile would be 0.9.44.
    Here is the firefox profile which is in firejail:

    # Firejail profile for Mozilla Firefox (Iceweasel in Debian)

    noblacklist ~/.mozilla
    noblacklist ~/.cache/mozilla
    include /etc/firejail/disable-common.inc
    include /etc/firejail/disable-programs.inc
    include /etc/firejail/disable-devel.inc

    caps.drop all
    netfilter
    nonewprivs
    noroot
    protocol unix,inet,inet6,netlink
    seccomp
    tracelog

    whitelist ${DOWNLOADS}
    mkdir ~/.mozilla
    whitelist ~/.mozilla
    mkdir ~/.cache/mozilla/firefox
    whitelist ~/.cache/mozilla/firefox
    whitelist ~/dwhelper
    whitelist ~/.zotero
    whitelist ~/.vimperatorrc
    whitelist ~/.vimperator
    whitelist ~/.pentadactylrc
    whitelist ~/.pentadactyl
    whitelist ~/.keysnail.js
    whitelist ~/.config/gnome-mplayer
    whitelist ~/.cache/gnome-mplayer/plugin
    whitelist ~/.pki

    # lastpass, keepassx
    whitelist ~/.keepassx
    whitelist ~/.config/keepassx
    whitelist ~/keepassx.kdbx
    whitelist ~/.lastpass
    whitelist ~/.config/lastpass

    #silverlight
    whitelist ~/.wine-pipelight
    whitelist ~/.wine-pipelight64
    whitelist ~/.config/pipelight-widevine
    whitelist ~/.config/pipelight-silverlight5.1

    include /etc/firejail/whitelist-common.inc

    # experimental features
    #private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse

    Dell Latitude D610 laptop (1.86 GHz, 2G RAM, 32 bit) - antiX 17

    #31607
    Member
    Avatarimschmeg

    I am using a much more recent version of fireajail, and the differences between our firefox profiles are many. However, I notice one in particular:

    #disable tracelog, it breaks or causes major issues with many firefox based browsers, see github issue #1930
    #tracelog

    You can try to see if this is causing your problem by starting firefox this way:

    firejail --ignore=tracelog firefox --noremote

    and see if it produces the same problem or not.

    #31608
    Member
    Avatargreyowl

    It still produces the same problem–FF opens but the websites will not open.

    I completely removed firejail 0.9.44 again and reinstalled it, but this did not fix the problem.

    Dell Latitude D610 laptop (1.86 GHz, 2G RAM, 32 bit) - antiX 17

    #31609
    Member
    Avatarimschmeg

    We can first establish whether that version of firejail alone is the issue. Try this:
    firejail --noprofile firefox --noremote

    If that doesn’t work, there’s no hope for that version of firejail with whatever version of firefox you are using. I would advise upgrading firejail to a newer version. If it does work, then there are other lines in your firejail.profile that we can try to “–ignore” one-by-one to see which is causing the issue.

    #31610
    Member
    Avatargreyowl

    The noprofile firefox worked with firejail 0.9.44.
    I also uninstalled firejail 0.9.44 and installed the current version of firejail 0.9.62 which also works with no problems.
    I do however notice that it really slows down the opening of web pages.
    Thank you for the help with this.

    • This reply was modified 1 month, 2 weeks ago by greyowl.

    Dell Latitude D610 laptop (1.86 GHz, 2G RAM, 32 bit) - antiX 17

    #32591
    Member
    Avatarroytobin

    Please, how did you acquire & install firejail 0.9.62 on your antix 17 system?

    I have the same firejail problem on antix17 that appeared upon upgrading
    firefox from 59 to 72.

    I see only firejail version 0.9.44 available when I run apt-cache
    policy firejail. Searching packages on debian.org, I see only version
    0.9.58.2-2… is available for stretch on the repo “stretch-backports”
    (seems the firejail-profiles package doesn’t appear until buster, aka
    debian 10)

    Or is the updated firejail package available on a antix 17 community repo
    I don’t know about?

    I’m wary about getting a .deb from
    https://sourceforge.net/projects/firejail/files/firejail/ because I
    don’t know if this prepared package is for stretch or buster.

    Thank you very much for posting the solution and having a descriptive
    thread subject and updating to “solved” on the thread subject line.
    And big thanks to imschmeg for helpful assistance that coalesced to
    the solution. The antix-specific forum and helpful community members
    had the answer!

    #32599
    Member
    Avatargreyowl

    I used firejail_0.9.62_1_i386.deb from https://sourceforge.net/projects/firejail/files/firejail/

    It works fine with my antiX 17 stretch.

    Dell Latitude D610 laptop (1.86 GHz, 2G RAM, 32 bit) - antiX 17

    #32664
    Member
    Avatarroytobin

    Hi,

    greyowl, thanks for confirmation upgraded firejail works fine with antix 17 stretch.

    (below text is merely for reference and forum keyword search in case
    anyone else finds info in this thread helpful)

    Summary: firefox version 72 does not work with firejail 0.9.44 on antix17
    — a sysadmin must manually upgrade firejail as solved by others in
    this thread.

    I downloaded firejail_0.9.62_1_amd64.deb to my antix17 system and it
    installed fine (no errors) atop the old version with this shell command:

    sudo dpkg -D013 -i firejail_0.9.62_1_amd64.deb

    Now this command works:

    firejail firefox –no-remote

    with firefox 72.

    Of note: it seems a output line from firejail is a red herring, as
    I still get this “Sandbox” message but now, after upgrading firejail,
    browsing works fine (i.e. will now open external web pages)

    Sandbox: /tmp/.X11-unix/X0 is inaccessible (No such file or directory); can’t isolate network namespace in content processes

    I’m very thankful firefox 72 is available in the antix repository for
    antix17. It fixed browsing problems with a few sites, eg. homedepot.com.
    It seems at some point between firefox 59 and 72, firejail 0.9.44 (the
    default for antix17) is incompatible. Perhaps create a dependency?

Viewing 14 posts - 1 through 14 (of 14 total)
  • You must be logged in to reply to this topic.