You are not logged in.
Hi,
I cannot start any application in firejail private mode. E.g. running firejail --private gedit gives me
Reading profile /etc/firejail/default.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Warning: user namespaces not available in the current kernel.
** Note: you can use --noprofile to disable default.profile **
Parent pid 12498, child pid 12499
Warning: failed to clean up /etc/passwd
Warning: failed to clean up /etc/group
Warning: cannot open /home/stammler/.Xauthority, file not copied
Warning: cannot transfer .Xauthority in private home directory
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Child process initialized
No protocol specified
Unable to init server: Could not connect: Connection refused
(gedit:2): Gtk-WARNING **: cannot open display: :0
Parent is shutting down, bye...
I think the important lines are (as the other ones are also shown when running gedit without the private flag):
Warning: cannot open /home/stammler/.Xauthority, file not copied
Warning: cannot transfer .Xauthority in private home directory
...
No protocol specified
Unable to init server: Could not connect: Connection refused
(gedit:2): Gtk-WARNING **: cannot open display: :0
Running gedit without the --private option works.
Specifying a private home directory with the same flag or custom configuration in ~/.config/firejail produces the same error.
My .Xauthority file has mode 600 (u=rw) and I am running i3wm, which I start from the login console with startx.
Offline
Have you tried specifying the path i.e.
firejail --private=/home/your_user_name gedit
All men have stood for freedom...
For freedom is the man that will turn the world upside down.
Gerrard Winstanley.
Offline
I did (penultimate sentence).
Specifying $HOME as private home via --private=$HOME is the same as not setting the option --private at all, i.e., running firejail gedit. But if I set any other private home dir than $HOME, I get the error about firejail being unable to "transfer", i.e., copy the .Xauthority file, which then results in the firejailed application not being able to connect to the X Server, I guess.
Last edited by epinephrine (2016-08-29 14:29:04)
Offline
The problem was my restricted xhost access control. I fixed it by adding my local user to the authorized client list:
$ xhost +si:localuser:<user>
Now I can start a private gedit... However, starting a private firefox with firejail --private firefox doesn't work, it just starts a new window of my already running firefox. But that's something else I have to figure out now.
Offline
However, this doesn't solve the actual problem of firejail not being able to copy the .Xauthority file.
Offline
I filed this bug on github - the issue is that my home directory is mounted via NFS and firejail doesn't support NFS yet. NFS support is now on the list of future enhancements.
Offline