You are not logged in.
- Topics: Active | Unanswered
#1 2020-07-09 08:51:01
- roinincoder
- Member
- Registered: 2019-10-15
- Posts: 12
slack does not run with firejail and apparmor
Installed slack from slack-desktop AUR, but it won't run with firejail and apparmor. I traced the issue to secomp as commenting it out solves the issue. I then researched and came across an article on firejail wordpress blog that had a sample of keeping a few secomps, but it did not solve the issue. Specifying secomp prevents slack from launching using default configurations. Any ideas on how to resolve this and keep secomp?
Offline
#2 2020-07-11 06:15:28
- heywoodlh
- Member
- Registered: 2016-10-31
- Posts: 26
- Website
Re: slack does not run with firejail and apparmor
This issue has been addressed in the master branch of Firejail by removing the seccomp line from the slack.profile file in Firejail.
The devs were aware of this issue for a while.
Anyway, the fix is to remove the seccomp line completely. Replacing the pacman firejail package with firejail-git "fixes" this issue as it uses the updated slack.profile that doesn't have the seccomp parameter.
I used strace to get every syscall made by Slack and even with the compiled list of syscalls nothing worked with the seccomp whitelist I made. Which led me to the Github repo and it seems that if the Firejail guys are just removing that seccomp parameter from the profile it probably just won't work to limit Slack with seccomp on newer versions of Slack + Firejail. In some of the issues it seems that multiple Electron applications are an issue, not just Slack.
If you find this problematic, I would recommend you open an issue on the Github repository of Firejail and continue the conversation there since they are aware of the issue and have made their decision on how it should be fixed.
Anyway, hope this info helps, sorry it's not really a fix for the functionality you were trying to achieve.
Offline