- This topic has 13 replies, 3 voices, and was last updated Feb 12-5:06 pm by roytobin.
-
Posts
-
greyowl
I use antiX 17 fully updated and Firefox 72.0.1 and Firetools/Firejail 0.9.44
When I click on Firefox icon in Firetools, FF will open with previous tabs, but it will not open a webpage.
If FF is already open and I click on the FF icon in Firetools, then another instance of FF will open and work properly, but it does not show in the firejail –list so it is not actually in the sandbox.
I want FF to open along with apulse so I have sound.
I assume it is not configured properly, but I don’t know how to do this.Chromium works fine with Firejail–and it shows in the firejail –list.
I will sure appreciate some help with this.
- This topic was modified 3 years, 4 months ago by greyowl.
- This topic was modified 3 years, 4 months ago by greyowl.
- This topic was modified 3 years, 3 months ago by greyowl.
Dell Latitude D620 laptop with antiX 22 (64 bit)
imschmeg
When using FF with firejail, make use of FF’s –new-instance and –no-remote options. Otherwise FF will search for existing instances of itself.
When using FF with firejail, make use of FF’s –new-instance and –no-remote options. Otherwise FF will search for existing instances of itself.
Thanks for the help.
I don’t understand how to do this–please walk me through it.
- This reply was modified 3 years, 4 months ago by greyowl.
Dell Latitude D620 laptop with antiX 22 (64 bit)
Suppose you are using a command line such as:
firejail firefoxwhich is what firetools is doing for you. But at that time you have other firefox instances up. What will happen is that firefox when run without the command line options I mentioned, defaults to attempting to find another already running instance of itself, and just re-uses that instance.
Instead, you can do this:
firejail firefox --new-instance --no-remoteThis firefox instance will not attempt to contact others (which is what –new-instance does), and also will not accept attempts from others (which is what –no-remote) does. I think the –no-remote option alone does both, actually – so you just need that.
The problem with the setup of firetools is that it does not add these options to the firefox command line. I use firejail quite heavily, but I don’t use the firetools launcher, for that reason among others.
I tried “firejail firefox –new-instance –no-remote” in the terminal. It opened FF with my tabs, but the websites would not open.
Here is the terminal response:
user@antix1:~
$ firejail firefox –new-instance –no-remote
Reading profile /etc/firejail/firefox.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/whitelist-common.inc
Parent pid 11783, child pid 11784
Blacklist violations are logged to syslog
Child process initialized
Sandbox: /tmp/.X11-unix/X0 is inaccessible (No such file or directory); can’t isolate network namespace in content processesParent is shutting down, bye…
user@antix1:~
$- This reply was modified 3 years, 4 months ago by greyowl.
Dell Latitude D620 laptop with antiX 22 (64 bit)
Oh – that’s a second problem. First of all, do the profiles in your /etc/firejail folder match the version of firejail you have installed? I have seen errors like that when the profiles are for more recent versions of firejail. If you’re using firejail 0.9.44, you should be useing firejail-profiles 0.9.44 as well.
I reinstalled firejail 0.9.44 today so I would think that firejail profile would be 0.9.44.
Here is the firefox profile which is in firejail:# Firejail profile for Mozilla Firefox (Iceweasel in Debian)
noblacklist ~/.mozilla
noblacklist ~/.cache/mozilla
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-devel.inccaps.drop all
netfilter
nonewprivs
noroot
protocol unix,inet,inet6,netlink
seccomp
tracelogwhitelist ${DOWNLOADS}
mkdir ~/.mozilla
whitelist ~/.mozilla
mkdir ~/.cache/mozilla/firefox
whitelist ~/.cache/mozilla/firefox
whitelist ~/dwhelper
whitelist ~/.zotero
whitelist ~/.vimperatorrc
whitelist ~/.vimperator
whitelist ~/.pentadactylrc
whitelist ~/.pentadactyl
whitelist ~/.keysnail.js
whitelist ~/.config/gnome-mplayer
whitelist ~/.cache/gnome-mplayer/plugin
whitelist ~/.pki# lastpass, keepassx
whitelist ~/.keepassx
whitelist ~/.config/keepassx
whitelist ~/keepassx.kdbx
whitelist ~/.lastpass
whitelist ~/.config/lastpass#silverlight
whitelist ~/.wine-pipelight
whitelist ~/.wine-pipelight64
whitelist ~/.config/pipelight-widevine
whitelist ~/.config/pipelight-silverlight5.1include /etc/firejail/whitelist-common.inc
# experimental features
#private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulseDell Latitude D620 laptop with antiX 22 (64 bit)
I am using a much more recent version of fireajail, and the differences between our firefox profiles are many. However, I notice one in particular:
#disable tracelog, it breaks or causes major issues with many firefox based browsers, see github issue #1930 #tracelogYou can try to see if this is causing your problem by starting firefox this way:
firejail --ignore=tracelog firefox --noremoteand see if it produces the same problem or not.
It still produces the same problem–FF opens but the websites will not open.
I completely removed firejail 0.9.44 again and reinstalled it, but this did not fix the problem.
Dell Latitude D620 laptop with antiX 22 (64 bit)
We can first establish whether that version of firejail alone is the issue. Try this:
firejail --noprofile firefox --noremoteIf that doesn’t work, there’s no hope for that version of firejail with whatever version of firefox you are using. I would advise upgrading firejail to a newer version. If it does work, then there are other lines in your firejail.profile that we can try to “–ignore” one-by-one to see which is causing the issue.
The noprofile firefox worked with firejail 0.9.44.
I also uninstalled firejail 0.9.44 and installed the current version of firejail 0.9.62 which also works with no problems.
I do however notice that it really slows down the opening of web pages.
Thank you for the help with this.- This reply was modified 3 years, 4 months ago by greyowl.
Dell Latitude D620 laptop with antiX 22 (64 bit)
roytobin
Please, how did you acquire & install firejail 0.9.62 on your antix 17 system?
I have the same firejail problem on antix17 that appeared upon upgrading
firefox from 59 to 72.I see only firejail version 0.9.44 available when I run apt-cache
policy firejail. Searching packages on debian.org, I see only version
0.9.58.2-2… is available for stretch on the repo “stretch-backports”
(seems the firejail-profiles package doesn’t appear until buster, aka
debian 10)Or is the updated firejail package available on a antix 17 community repo
I don’t know about?I’m wary about getting a .deb from
https://sourceforge.net/projects/firejail/files/firejail/ because I
don’t know if this prepared package is for stretch or buster.Thank you very much for posting the solution and having a descriptive
thread subject and updating to “solved” on the thread subject line.
And big thanks to imschmeg for helpful assistance that coalesced to
the solution. The antix-specific forum and helpful community members
had the answer!I used firejail_0.9.62_1_i386.deb from https://sourceforge.net/projects/firejail/files/firejail/
It works fine with my antiX 17 stretch.
Dell Latitude D620 laptop with antiX 22 (64 bit)
Hi,
greyowl, thanks for confirmation upgraded firejail works fine with antix 17 stretch.
(below text is merely for reference and forum keyword search in case
anyone else finds info in this thread helpful)Summary: firefox version 72 does not work with firejail 0.9.44 on antix17
— a sysadmin must manually upgrade firejail as solved by others in
this thread.I downloaded firejail_0.9.62_1_amd64.deb to my antix17 system and it
installed fine (no errors) atop the old version with this shell command:sudo dpkg -D013 -i firejail_0.9.62_1_amd64.deb
Now this command works:
firejail firefox –no-remote
with firefox 72.
Of note: it seems a output line from firejail is a red herring, as
I still get this “Sandbox” message but now, after upgrading firejail,
browsing works fine (i.e. will now open external web pages)Sandbox: /tmp/.X11-unix/X0 is inaccessible (No such file or directory); can’t isolate network namespace in content processes
I’m very thankful firefox 72 is available in the antix repository for
antix17. It fixed browsing problems with a few sites, eg. homedepot.com.
It seems at some point between firefox 59 and 72, firejail 0.9.44 (the
default for antix17) is incompatible. Perhaps create a dependency?
- You must be logged in to reply to this topic.
