Bug#839868: [Fwd: Re: Bug#839868: firejail: running steam in firejail causes segfault]
Forwarded Message From: synp1...@gmail.com To: Reiner Herrmann <rei...@reiner-h.de> Subject: Re: Bug#839868: firejail: running steam in firejail causes segfault Date: Thu, 06 Oct 2016 13:43:25 -0700 On Thu, 2016-10-06 at 18:44 +0200, Reiner Herrmann wrote: > Hi synp1t0n, > > thank you for the report. > > On Wed, Oct 05, 2016 at 01:07:37PM -0700, synp1t0n wrote: > > * What led up to the situation? > > It seems to be that after the latest nvidia-driver update to > > 367.44-2, steam no > > longer runs in firejail. It previously worked without issue. > > > > Are other programs working with the steam profile, which are using 3D > acceleration, like glxgears? > > $ firejail --profile=/etc/firejail/steam.profile glxgears > > > And just to confirm, steam is working fine without crashes when used > without firejail? > > I don't have an nvidia card, but with my intel card steam is not > crashing when started with firejail. > > Can you perhaps try to find a line in the steam.profile which causes > problems by commenting them out and checking if it's still crashing? > > Regards, > Reiner > Hello, "Are other programs working with the steam profile, which are using 3Dacceleration, like glxgears? $ firejail --profile=/etc/firejail/steam.profile glxgears" I get a blank screen instead of the moving gears animation for glxgears when running it under the firejail steam profile. The terminal shows the refresh rate like normal and no errors though. Glxgears works fine outside of firejail. "And just to confirm, steam is working fine without crashes when used without firejail?" Yes, that is correct. "Can you perhaps try to find a line in the steam.profile which causes problems by commenting them out and checking if it's still crashing" Sure. I guess I should have done this in the first place... my apologies, this is my first bug report. Anyway, yes if I comment out the "noroot" line in the steam profile it works. Strange that this stopped working after a video driver update but maybe not... I have much to learn still. Thank you for your time. Synp1t0n
Bug#839868: firejail: running steam in firejail causes segfault
On Thu, 2016-10-06 at 18:44 +0200, Reiner Herrmann wrote: > Hi synp1t0n, > > thank you for the report. > > On Wed, Oct 05, 2016 at 01:07:37PM -0700, synp1t0n wrote: > > * What led up to the situation? > > It seems to be that after the latest nvidia-driver update to > > 367.44-2, steam no > > longer runs in firejail. It previously worked without issue. > > > Are other programs working with the steam profile, which are using 3D > acceleration, like glxgears? > > $ firejail --profile=/etc/firejail/steam.profile glxgears > > > And just to confirm, steam is working fine without crashes when used > without firejail? > > I don't have an nvidia card, but with my intel card steam is not > crashing when started with firejail. > > Can you perhaps try to find a line in the steam.profile which causes > problems by commenting them out and checking if it's still crashing? > > Regards, > Reiner > Hello, "Are other programs working with the steam profile, which are using 3Dacceleration, like glxgears? $ firejail --profile=/etc/firejail/steam.profile glxgears" I get a blank screen instead of the moving gears animation for glxgears when running it under the firejail steam profile. The terminal shows the refresh rate like normal and no errors though. Glxgears works fine outside of firejail. "And just to confirm, steam is working fine without crashes when used without firejail?" Yes, that is correct. "Can you perhaps try to find a line in the steam.profile which causes problems by commenting them out and checking if it's still crashing" Sure. I guess I should have done this in the first place... my apologies, this is my first bug report. Anyway, yes if I comment out the "noroot" line in the steam profile it works. Strange that this stopped working after a video driver update but maybe not... I have much to learn still. Thank you for your time. Synp1t0n
Bug#839868: firejail: running steam in firejail causes segfault
Package: firejail Version: 0.9.42-1 Severity: normal Dear Maintainer, *** Reporter, please consider answering these questions, where appropriate *** * What led up to the situation? It seems to be that after the latest nvidia-driver update to 367.44-2, steam no longer runs in firejail. It previously worked without issue. * What exactly did you do (or not do) that was effective (or ineffective)? Launcning from terminal gives me this: @titanV:~$ firejail --debug steam Autoselecting /bin/bash as shell Command name #steam# Found steam profile in /etc/firejail directory Reading profile /etc/firejail/steam.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-passwdmgr.inc DISPLAY :1, 1 Using the local network stack Parent pid 8220, child pid 8221 Initializing child process Host network configured PID namespace installed Mounting tmpfs on /run/firejail/mnt directory Mounting read-only /bin, /sbin, /lib, /lib32, /lib64, /usr, /etc, /var Mounting tmpfs on /var/lock Mounting tmpfs on /var/tmp Mounting tmpfs on /var/log Mounting tmpfs on /var/lib/dhcp Mounting tmpfs on /var/lib/snmp Mounting tmpfs on /var/lib/sudo Create the new utmp file Mount the new utmp file Cleaning /home directory Sanitizing /etc/passwd, UID_MIN 1000 Sanitizing /etc/group, GID_MIN 1000 Disable /run/firejail/network Disable /run/firejail/bandwidth Disable /run/firejail/name Disable /run/firejail/x11 Remounting /proc and /proc/sys filesystems Remounting /sys directory Disable /sys/firmware Disable /sys/hypervisor Disable /sys/fs Disable /sys/module Disable /sys/power Disable /sys/kernel/debug Disable /sys/kernel/vmcoreinfo Disable /proc/sys/fs/binfmt_misc Disable /proc/sys/kernel/core_pattern Disable /proc/sys/kernel/modprobe Disable /proc/sysrq-trigger Disable /proc/sys/vm/panic_on_oom Disable /proc/irq Disable /proc/bus Disable /proc/sched_debug Disable /proc/timer_list Disable /proc/timer_stats Disable /proc/kcore Disable /proc/kallsyms Disable /lib/modules Disable /boot Disable /dev/port Disable /dev/kmsg Disable /proc/kmsg Disable /home//.bash_history Mounting read-only /home//.local/share/applications Disable /home//.config/autostart Disable /etc/xdg/autostart Disable /etc/X11/Xsession.d Disable /var/spool/cron Disable /var/spool/anacron Disable /run/minissdpd.sock Disable /run/rpcbind.sock Disable /etc/cron.d Disable /etc/cron.hourly Disable /etc/cron.daily Disable /etc/cron.weekly Disable /etc/cron.monthly Disable /etc/profile.d Disable /etc/rc.local Disable /etc/anacrontab Mounting read-only /home//.profile Mounting read-only /home//.bashrc Mounting read-only /home//.bash_logout Mounting read-only /home//.profile Mounting read-only /home//.reportbugrc Disable /home//.ssh Disable /home//.gnupg Disable /etc/shadow Disable /etc/gshadow Disable /etc/passwd- Disable /etc/group- Disable /etc/shadow- Disable /etc/gshadow- Disable /etc/ssh Disable /bin/umount Disable /bin/mount Disable /bin/fusermount Disable /bin/su Disable /usr/bin/sudo Disable /usr/bin/xev Disable /bin/nc.traditional Disable /usr/bin/ncat Disable /sbin Disable /usr/sbin Disable /usr/local/sbin Disable /usr/bin/gnome-terminal Disable /usr/bin/gnome-terminal.wrapper Disable /home//.config/libreoffice Disable /home//.mozilla Disable /home//.config/chromium Not blacklist /home//.steam Disable /home//.cache/mozilla Disable /home//.cache/chromium Not blacklist /home//.local/share/steam Disable /tmp/ssh-oNRep5al0P30 Disable /usr/include Disable /usr/lib/gcc Disable /usr/bin/gcc-4.8 Disable /usr/bin/x86_64-linux-gnu-gcc-6 Disable /usr/bin/gcc-nm-4.8 Disable /usr/bin/gcc-ar-5 Disable /usr/bin/x86_64-linux-gnu-gcc-6 Disable /usr/bin/x86_64-linux-gnu-gcc-ar-6 Disable /usr/bin/gcc-ranlib-5 Disable /usr/bin/gcc-ar-4.8 Disable /usr/bin/gcc-ranlib-4.9 Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-6 Disable /usr/bin/gcc-nm-4.9 Disable /usr/bin/x86_64-linux-gnu-gcc-nm-6 Disable /usr/bin/x86_64-linux-gnu-gcc-nm-6 Disable /usr/bin/x86_64-linux-gnu-gcc-ar-6 Disable /usr/bin/gcc-ar-4.9 Disable /usr/bin/gcc-nm-5 Disable /usr/bin/gcc-5 Disable /usr/bin/gcc-4.9 Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-6 Disable /usr/bin/gcc-ranlib-4.8 Disable /usr/bin/x86_64-linux-gnu-cpp-6 Disable /usr/bin/cpp-4.8 Disable /usr/bin/x86_64-linux-gnu-cpp-6 Disable /usr/bin/cpp-5 Disable /usr/bin/cpp-4.9 Disable /usr/bin/c99-gcc Disable /usr/bin/c99-gcc Disable /usr/bin/c89-gcc Disable /usr/bin/c89-gcc Disable /usr/bin/x86_64-linux-gnu-c++filt Disable /usr/bin/x86_64-linux-gnu-as Disable /usr/bin/x86_64-linux-gnu-ld.bfd Disable /usr/bin/gcc-nm-4.9 Disable /usr/bin/x86_64-linux-gnu-gcc-nm-6 Disable /usr/bin/x86_64-linux-gnu-gcc-nm-6 Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-6 Disable /usr/bin/gcc-ar-4.9 Disable /usr/bin/gcc-ranlib-5 Disable /usr/bin/gcc-5 Disable
