Arch Linux

gcb

Member

Registered: 2014-02-12

Posts: 130

how exactly firejail messes with path?

using firecfg to set up aliases automatically, until I realized arch package ship a default profile for `spectacle` that is completely broken.

So i added a `!` before `!spectacle` to my `/etc/firejail/firecfg.config` and re run `firecfg`

Also noticed that all the fixes to properly remove a override are in a version newer (https://github.com/netblue30/firejail/pull/6153 9.74) than the one available on arch repos (9.72) and of course now it is broken. So i try to manually point everything back to /usr/bin instead of /usr/local/bin/

 $ ls -la /usr/local/bin/spectacle
ls: cannot access '/usr/local/bin/spectacle': No such file or directory

 $ ls -la /usr/bin/spectacle
-rwxr-xr-x 1 root root 1819320 2024-04-09 14:55 /usr/bin/spectacle

 $ grep -r spectacle /usr/share/applications/
/usr/share/applications/org.kde.spectacle.desktop:Exec=/usr/bin/spectacle
/usr/share/applications/org.kde.spectacle.desktop:Icon=spectacle
/usr/share/applications/org.kde.spectacle.desktop:Exec=/usr/bin/spectacle -f
/usr/share/applications/org.kde.spectacle.desktop:Exec=/usr/bin/spectacle -m
/usr/share/applications/org.kde.spectacle.desktop:Exec=/usr/bin/spectacle -a
/usr/share/applications/org.kde.spectacle.desktop:Exec=/usr/bin/spectacle -r
/usr/share/applications/org.kde.spectacle.desktop:Exec=/usr/bin/spectacle -u
/usr/share/applications/org.kde.spectacle.desktop:Exec=/usr/bin/spectacle -R region
/usr/share/applications/org.kde.spectacle.desktop:Exec=/usr/bin/spectacle -R screen
/usr/share/applications/org.kde.spectacle.desktop:Exec=/usr/bin/spectacle -R window
/usr/share/applications/org.kde.spectacle.desktop:Exec=/usr/bin/spectacle -l

 $ /usr/bin/spectacle
Screenshot request failed: "The process is not authorized to take a screenshot"

but it DOES NOT show up on `firejail --list`

reading more on https://github.com/netblue30/firejail/i … 1152955529

i also delete `.local/share/applications/org.kde.spectacle.desktop`

(while realizing firecfg works in silly ways... it should move all binaries somewhere and symlink the original locations... this way it is trivial for a malicious application to exclude itself from next run since almost everything gets access to ~/.local/share... but i digress)

now spectacle launched from a shell works, but pressing my shortcut key on kde gives me a notification:

*launching spectacle failed*
Unable to make the service Spectacle executable, aborting execution.
No such file or directory.

so, what else is being messed up by firecfg previously shadowing spectacle? I tried to follow the code that 'fixes' removal of application but doesn't seem i missed anything. Does KDE caches those .desktop files?

gcb

Member

Registered: 2014-02-12

Posts: 130

Re: how exactly firejail messes with path?

it fixes itself after a reboot. but would still would like to know what was being messed up with that moving files around couldn't clear up.