You are not logged in.

#1 2016-08-29 12:20:56

epinephrine
Member
From: Frankfurt
Registered: 2012-10-18
Posts: 92

firejail --private issue "cannot transfer .Xauthority"

Hi,
I cannot start any application in firejail private mode. E.g. running firejail --private gedit gives me

Reading profile /etc/firejail/default.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Warning: user namespaces not available in the current kernel.

** Note: you can use --noprofile to disable default.profile **

Parent pid 12498, child pid 12499
Warning: failed to clean up /etc/passwd
Warning: failed to clean up /etc/group
Warning: cannot open /home/stammler/.Xauthority, file not copied
Warning: cannot transfer .Xauthority in private home directory
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted

Child process initialized
No protocol specified
Unable to init server: Could not connect: Connection refused

(gedit:2): Gtk-WARNING **: cannot open display: :0

Parent is shutting down, bye...

I think the important lines are (as the other ones are also shown when running gedit without the private flag):

Warning: cannot open /home/stammler/.Xauthority, file not copied
Warning: cannot transfer .Xauthority in private home directory
...
No protocol specified
Unable to init server: Could not connect: Connection refused

(gedit:2): Gtk-WARNING **: cannot open display: :0

Running gedit without the --private option works.
Specifying a private home directory with the same flag or custom configuration in ~/.config/firejail produces the same error.

My .Xauthority file has mode 600 (u=rw) and I am running i3wm, which I start from the login console with startx.

Offline

#2 2016-08-29 13:52:44

loafer
Member
From: the pub
Registered: 2009-04-14
Posts: 1,772

Re: firejail --private issue "cannot transfer .Xauthority"

Have you tried specifying the path i.e.

firejail --private=/home/your_user_name gedit

All men have stood for freedom...
For freedom is the man that will turn the world upside down.
Gerrard Winstanley.

Offline

#3 2016-08-29 14:28:01

epinephrine
Member
From: Frankfurt
Registered: 2012-10-18
Posts: 92

Re: firejail --private issue "cannot transfer .Xauthority"

I did (penultimate sentence).
Specifying $HOME as private home via --private=$HOME is the same as not setting the option --private at all, i.e., running firejail gedit. But if I set any other private home dir than $HOME, I get the error about firejail being unable to "transfer", i.e., copy the .Xauthority file, which then results in the firejailed application not being able to connect to the X Server, I guess.

Last edited by epinephrine (2016-08-29 14:29:04)

Offline

#4 2016-08-30 09:58:57

epinephrine
Member
From: Frankfurt
Registered: 2012-10-18
Posts: 92

Re: firejail --private issue "cannot transfer .Xauthority"

The problem was my restricted xhost access control. I fixed it by adding my local user to the authorized client list:

$ xhost +si:localuser:<user>

Now I can start a private gedit... However, starting a private firefox with firejail --private firefox doesn't work, it just starts a new window of my already running firefox. But that's something else I have to figure out now.

Offline

#5 2016-08-30 10:01:52

epinephrine
Member
From: Frankfurt
Registered: 2012-10-18
Posts: 92

Re: firejail --private issue "cannot transfer .Xauthority"

However, this doesn't solve the actual problem of firejail not being able to copy the .Xauthority file.

Offline

#6 2016-09-07 15:41:03

epinephrine
Member
From: Frankfurt
Registered: 2012-10-18
Posts: 92

Re: firejail --private issue "cannot transfer .Xauthority"

I filed this bug on github - the issue is that my home directory is mounted via NFS and firejail doesn't support NFS yet. NFS support is now on the list of future enhancements.

Offline

Board footer

Powered by FluxBB