FS#69523 - firejail 0.9.64.2-1 update - breaks firefox profiles
Attached to Project:
Community Packages
Opened by mark (qinohe) - Wednesday, 03 February 2021, 22:02 GMT
Last edited by Daniel M. Capella (polyzen) - Saturday, 21 August 2021, 03:24 GMT
Opened by mark (qinohe) - Wednesday, 03 February 2021, 22:02 GMT
Last edited by Daniel M. Capella (polyzen) - Saturday, 21 August 2021, 03:24 GMT
|
Details
Description:
Installing firejail 0.9.64.2-1[Community] breaks at least Firefox profiles - both Firefox and Firefox-developer. Downgrading to previous version ((0.9.64-2) solves the problem and makes existing profiles accessible again. I haven't done anymore testing than this, replacing the profile after every reboot made me downgrade. I also use 'psd' (profile-sync-daemon) I did not test it's impact, it wasn't updated, though. Normally I don't reboot that often but a 'systemd' update came right after firejail, that's how I found out.. Steps to reproduce:pacman -Syu firejail |
This task depends upon
Closed by Daniel M. Capella (polyzen)
Saturday, 21 August 2021, 03:24 GMT
Reason for closing: None
Additional comments about closing: Appears to be resolved. 0.9.66 (currently in the repos) also includes a fix for the issue linked in the last comment.
Saturday, 21 August 2021, 03:24 GMT
Reason for closing: None
Additional comments about closing: Appears to be resolved. 0.9.66 (currently in the repos) also includes a fix for the issue linked in the last comment.
The Firefox profiles didn't have a change since April 2020.
I can handle firejail enough to use it, but troubleshooting it is a little above my 'pay grade', that is, I wouldn't know where to start?
[1] https://aur.archlinux.org/packages/firejail-git/
[2] https://wiki.archlinux.org/index.php/Bisecting_bugs_with_Git
What I did:
$makepkg -Codd
$cd src/firejail-git
$git bisect start
$git bisect good 0.9.64.2
$git bisect bad 0.9.64.2-1
$error: Bad rev input: 0.9.64.2-1
The bad version is '0.9.64.2-1' for sure (see)https://archlinux.org/packages/community/x86_64/firejail/
I want to learn this now 'once and for all'
If you want me to open a thread on it on the forum, I will, thanks.
$ git bisect good 0.9.64
$ git bisect bad 0.9.64.2
Bisecting: 143 revisions left to test after this (roughly 7 steps)
[9d26477548875a167a68556d746016f1f146223b] curl HSTS cache support (#3813)
Edit:
See Scimmia's explanation.
Ask git to pick another nearby commit.
$git bisect good
$Bisecting: 39 revisions left to test after this (roughly 5 steps)
$[4b0b7ec216ec1a1f337a3a37b2c514bcd6842629] Update build.yml (#3779)
Am I understanding correct, that I now restart with 'makepgs -efsi' - 'git bisect bad/good' until I find the 'troublesome commit'?
It seems, this commit is the offending one:
$git bisect bad
$096d0de5f8bb253d0c1035796464bc5982f06f81 is the first bad commit
$commit 096d0de5f8bb253d0c1035796464bc5982f06f81
$Author: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
$Date: Mon Nov 16 11:41:35 2020 +0100
https://github.com/netblue30/firejail/commit/096d0de5f8bb253d0c1035796464bc5982f06f81
After that I disabled the added commit for FF
##include whitelist-runuser-common.inc
Now FF opens again without problems.
Thanks for the help @loqs & @Scimmia, appreciated ;-)
mark
edit: I tried to see, if I could find the offending line in '/etc/firejail/whitelist-runuser-common.inc'
I had to disable all of them before FF would start, so for now I disabled the above commit!
Also, I see you mentioning 'psd'. That is not related to this issue, but you can still harden your firejail setup if you use it:
globals.local
# psd
blacklist ${RUNUSER}/*-firefox-*
firefox.local
# psd
noblacklist ${RUNUSER}/*-firefox-*
whitelist ${RUNUSER}/*-firefox-*
I have used the above solution while testing only, I now have 'ignore include whitelist-runuser-common.inc' in
- firefox.local
- firefox-developer-edition.local
This is working as it should, I just thought the added line is a bug for Arch users.
Now, no one actually reported back to this bug report having the same issue, maybe it's only me?
Thanks for the hardening lines regarding psd & already added to the local profiles, appreciated.
Now, no one actually reported back to this bug report having the same issue, maybe it's only me?
Whether it's only you is hard to judge. I'm pleased you did though, at least upstream is aware of it now.
Firejail's Firefox profile - a collection of split files that can get included or not AND each of them having .local overrides - is one of the more complex ones to follow the 'logic' in, as it caters for several possible use-cases. That makes 'debugging' stuff related to Firefox a bit more involved. For example, it could depend on the addons/plugins used (like KeePassXC). We have only seen one Arch Linux user reporting an issue lately (https://github.com/netblue30/firejail/issues/3952) that seems related to this one.
You're always welcome to open an issue on our tracker if you'd like, so we can get a better view on your specific setup without adding noise to this bug report.
I will do that, thanks for the invitation.
edit: Tue Feb 9 06:04 PM CET 2021
The issue seems to be solved.
I have no idea what solved it.
Anyway, thanks to all that chimed in for the help / support, mark
edit: This may me be more complicated than I thought.
I may not be affected by it right now, it's not solved
(see)https://github.com/netblue30/firejail/issues/3952#issuecomment-776113224