Page MenuHomeSolus
Create Task
Maniphest T9663

Possible Apparmor/Firejail profile bug
Closed, ResolvedPublic
Actions

Description

was asked to file this per @stalebrim at the forum.

On this thread https://discuss.getsol.us/d/6600-still-got-that-nagging-apparmor-problem/17, I provide anecdotal log evidence that soon after (minutes) an eopkg firejail install, my apparmor profiles became corrupt, thereby failing to load apparmor profiles for a week and leaving me vulnerable.

The last two log entries of that thread (

journalctl -xe
``` and

eopkg history

) is where we think we put 2 an 2 together..Since an eopkg rm firejail has cured this problem, I can no longer replicate, but thought it might be prudent to bring to your attention. Thank you.

Revisions and Commits

R756 firejail
D12343R756:0a5eee97749a Update firejail to 0.9.66

Related Objects

Event Timeline

brent created this task.Apr 6 2021, 1:01 PM
Herald added a project: Lacks Project. · View Herald TranscriptApr 6 2021, 1:01 PM
brent added a comment.Apr 6 2021, 1:03 PM

my formatting went to heck, sorry

clumsyfingers added a subscriber: clumsyfingers.Apr 6 2021, 1:38 PM

just to confirm that brent isnt crazy (not regarding this issue anyway), i had the same issue, removing firejail fixes it

fernkaufmann added a subscriber: fernkaufmann.Apr 14 2021, 8:01 AM

This bug can be fixed by editing /etc/apparmor.d/firejail-default.

Just add:

#include if exists <tunables/run>

to the top of the file. Then run "sudo usysconf run -f" and "sudo systemctl start apparmor".

I hope this fix will be added to the next release.

DrSheppard added a subscriber: DrSheppard.Apr 14 2021, 8:09 PM
brent added a comment.Apr 16 2021, 5:49 PM
In T9663#183597, @fernkaufmann wrote:

This bug can be fixed by editing /etc/apparmor.d/firejail-default.

Just add:

#include if exists <tunables/run>

to the top of the file. Then run "sudo usysconf run -f" and "sudo systemctl start apparmor".

I hope this fix will be added to the next release.

Thanks for furnishing this. If this is not updated, I cut an paste your directions if I use firejail again down the road.

DataDrake triaged this task as Normal priority.Apr 22 2021, 10:28 PM
DataDrake edited projects, added Software; removed Lacks Project.
DataDrake moved this task from Backlog to Package Fixes on the Software board.
DataDrake added a subscriber: DataDrake.

This looks like an issue with the current version of firejail which likely needs an update.

solene added a revision: D12343: Update firejail to 0.9.66.Nov 18 2021, 3:54 PM
solene mentioned this in D12343: Update firejail to 0.9.66.Nov 18 2021, 7:31 PM
JoshStrobl closed this task as Resolved by committing R756:0a5eee97749a: Update firejail to 0.9.66.Nov 27 2021, 12:54 PM
JoshStrobl claimed this task.
JoshStrobl added a commit: R756:0a5eee97749a: Update firejail to 0.9.66.
brent added a comment.Nov 28 2021, 1:28 AM

as the OP, thank you to all involved for investigating and remedying. look forward to using this app again.

Copyright © 2015-2021 Solus Project. The Solus logo is Copyright © 2016-2021 Solus Project. All Rights Reserved.