from:"debbug . firejail"

Bug#1026928: wget: “Cannot write to ‘myfile.mp3’ (Permission denied).” when using the default profile.

2022-12-24 Thread debbug . firejail

Package: firejail
Version: 0.9.64.4-2
Followup-For: Bug #1026928
X-Debbugs-Cc: debbug.firej...@sideload.33mail.com

> I can't reproduce it yet. What do you mean with "local directory"?
> Your home directory? Is there anything special about this directory?
> Please provide full output when running firejail with --debug.

I meant the "$CWD", which was something like /collection/music. There
is nothing special about the directory. I have write permission and in
fact it has no problem writing the file if I use --noprofile.

I ran it again using --debug. There is a huge amount of output which
would be cumbersome to sanitize, but not enough output at the very end
where it fails:

===8<--
Current directory: /collection/music
…
Connecting to web.archive.org (web.archive.org)|207.241.237.3|:80... connected.
HTTP request sent, awaiting response... 302 FOUND
Location: http://web.archive.org/web/«url» [following]
--«timestamp»--   http://web.archive.org/web/«url»
Reusing existing connection to web.archive.org:80.
HTTP request sent, awaiting response... 200 OK
Length: 33763692 (35M) [audio/mpeg]
myfile.mp3: Permission denied

Cannot write to ‘myfile.mp3’ (Permission denied).
Sandbox monitor: waitpid 15 retval 15 status 768
===8<--

Perhaps it was fixed in a later version. I’m using Firejail 0.9.64.4-2
(apparently with cgroup=no for some reason) & GNU Wget 1.21.

Bug#1026928: wget: “Cannot write to ‘myfile.mp3’ (Permission denied).” when using the default profile.

2022-12-23 Thread debbug . firejail

Package: firejail
Version: 0.9.64.4-2
Severity: normal
X-Debbugs-Cc: debbug.firej...@sideload.33mail.com

There is no problem if the --noprofile option is given.  But if
firejail is allowed to use the default profile
(/etc/firejail/wget.profile), fetched files cannot be written to the
local directory.

===8<--
  $ firejail --net=vnet0 --dns="$mydns" --noblacklist=. wget --no-netrc "$url"
  --«timestamp»--  «url»
  Resolving web.archive.org (web.archive.org)... 207.241.237.3
  Connecting to web.archive.org (web.archive.org)|207.241.237.3|:80... 
connected.
  HTTP request sent, awaiting response... 302 FOUND
  Location: http://web.archive.org/web/«url» [following]
  --«timestamp»--  http://web.archive.org/web/«url»
  Reusing existing connection to web.archive.org:80.
  HTTP request sent, awaiting response... 200 OK
  Length: 33763692 (36M) [audio/mpeg]
  myfile.mp3: Permission denied

  Cannot write to ‘myfile.mp3’ (Permission denied).
===8<--

This is /etc/firejail/wget.profile:

===8<--
  # Firejail profile for wget
  # Description: Retrieves files from the web
  # This file is overwritten after every install/update
  quiet
  # Persistent local customizations
  include wget.local
  # Persistent global definitions
  include globals.local

  noblacklist ${HOME}/.netrc
  noblacklist ${HOME}/.wget-hsts
  noblacklist ${HOME}/.wgetrc

  blacklist /tmp/.X11-unix
  blacklist ${RUNUSER}

  include disable-common.inc
  include disable-devel.inc
  include disable-exec.inc
  include disable-interpreters.inc
  include disable-passwdmgr.inc
  include disable-programs.inc
  include disable-shell.inc
  # depending on workflow you can uncomment the below or put 'include 
disable-xdg.inc' in your wget.local
  #include disable-xdg.inc

  include whitelist-usr-share-common.inc
  include whitelist-var-common.inc

  apparmor
  caps.drop all
  ipc-namespace
  machine-id
  netfilter
  no3d
  nodvd
  nogroups
  nonewprivs
  noroot
  nosound
  notv
  nou2f
  novideo
  protocol unix,inet,inet6
  seccomp
  seccomp.block-secondary
  shell none
  tracelog

  private-bin wget
  private-cache
  private-dev
  # depending on workflow you can uncomment the below or put this private-etc 
in your wget.local
  #private-etc 
alternatives,ca-certificates,crypto-policies,pki,resolv.conf,ssl,wgetrc
  #private-tmp

  dbus-user none
  dbus-system none

  memory-deny-write-execute
===8<--

-- System Information:
Debian Release: 11.5
  APT prefers stable-updates
  APT policy: (990, 'stable-updates'), (990, 'stable-security'), (990, 
'testing'), (990, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-19-amd64 (SMP w/2 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages firejail depends on:
ii  libapparmor1  2.13.6-10
ii  libc6 2.31-13+deb11u5
ii  libselinux1   3.1-3

Versions of packages firejail recommends:
ii  firejail-profiles  0.9.64.4-2+deb11u1
ii  iproute2   5.10.0-4
ii  iptables   1.8.7-1
ii  xauth  1:1.1-1
ii  xdg-dbus-proxy 0.1.2-2
ii  xpra   3.0.13+dfsg1-1
ii  xvfb   2:1.20.11-1+deb11u3

firejail suggests no packages.

-- Configuration Files:
/etc/firejail/firejail.config changed:
cgroup no


-- no debconf information

Bug#1026109: firejail: “Error fbuilder: invalid program” when pairing --build & --env options together

2022-12-14 Thread debbug . firejail

Package: firejail
Version: 0.9.64.4-2
Severity: normal
X-Debbugs-Cc: debbug.firej...@sideload.33mail.com

Ran this:

  ===8<--
  $ LC_ALL=C firejail --build=kalium.profile --net=vnet0 --dns=$mydns 
--env=XDG_CONFIG_HOME="${myconfig_dir}" /usr/local/src/kalium/gradlew jvmTest
  ===8<--

Output:

  ===8<--
  Error fbuilder: invalid program
  Firejail profile builder
  Usage: firejail [--debug] --build[=profile-file] program-and-arguments
  ===8<--

Omitting “--build=kalium.profile” is syntactically accepted, but it
craps out with lots of other errors. Omitting “--env=…” is also
syntactically accepted. Apparently “--build=kalium.profile” &
“--env=…” options cannot be used together.

-- System Information:
Debian Release: 11.5
  APT prefers stable-updates
  APT policy: (990, 'stable-updates'), (990, 'stable-security'), (990, 
'testing'), (990, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-19-amd64 (SMP w/2 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages firejail depends on:
ii  libapparmor1  2.13.6-10
ii  libc6 2.31-13+deb11u5
ii  libselinux1   3.1-3

Versions of packages firejail recommends:
ii  firejail-profiles  0.9.64.4-2+deb11u1
ii  iproute2   5.10.0-4
ii  iptables   1.8.7-1
ii  xauth  1:1.1-1
ii  xdg-dbus-proxy 0.1.2-2
ii  xpra   3.0.13+dfsg1-1
ii  xvfb   2:1.20.11-1+deb11u3

firejail suggests no packages.

-- Configuration Files:
/etc/firejail/firejail.config changed:
cgroup no

-- no debconf information

Bug#1026928: wget: “Cannot write to ‘myfile.mp3’ (Permission denied).” when using the default profile.

Bug#1026928: wget: “Cannot write to ‘myfile.mp3’ (Permission denied).” when using the default profile.

Bug#1026109: firejail: “Error fbuilder: invalid program” when pairing --build & --env options together

3 matches

Site Navigation

Mail list logo

Footer information