Web lists-archives.com

Firejail, firefox, and xpra




Hi!
Im trying to run firefox-esr with firejail.

I installed firejail and when I'm trying to run it with the following
command

firejail --x11=xpra firefox-esr

I manage to start it but when I close firefox I get a black screen with
the a cursor blinking

I'm not sure if its a bug or I made some kind of mistake.

Thanks in advance for your help.


ps.The output I get when i start firefox-esr through firejail is:

$ firejail --x11=xpra firefox-esr
2019-05-04 09:49:08,906 cannot access python uinput module:
2019-05-04 09:49:08,906  No module named uinput

X.Org X Server 1.20.3
X Protocol Version 11, Revision 0
Build Operating System: Linux 4.9.0-8-amd64 x86_64 Debian
Current Operating System: Linux Laptop 4.19.0-4-amd64 #1 SMP Debian
4.19.28-2 (2019-03-15) x86_64
Kernel command line: BOOT_IMAGE=/vmlinuz-4.19.0-4-amd64
root=/dev/mapper/Laptop--vg-root ro quiet splash intel_iommu=on
Build Date: 25 October 2018  06:15:23PM
xorg-server 2:1.20.3-1 (https://www.debian.org/support)
Current version of pixman: 0.36.0
	Before reporting problems, check http://wiki.x.org
	to make sure that you have the latest version.
Markers: (--) probed, (**) from config file, (==) default setting,
	(++) from command line, (!!) notice, (II) informational,
	(WW) warning, (EE) error, (NI) not implemented, (??) unknown.
(++) Log file: "/run/user/1000/xpra/Xorg.:846.log", Time: Sat May  4
09:49:08 2019
(++) Using config file: "/etc/xpra/xorg.conf"
(==) Using system config directory "/usr/share/X11/xorg.conf.d"
2019-05-04 09:49:11,622 created unix domain socket:
/run/user/1000/xpra/Laptop-846
2019-05-04 09:49:11,622 cannot create group socket '/run/xpra/Laptop-846'
2019-05-04 09:49:11,622  [Errno 13] Permission denied
2019-05-04 09:49:11,756 pointer device emulation using XTest
2019-05-04 09:49:12,643  OpenGL is supported on this display
2019-05-04 09:49:12,674 html server unavailable, cannot find websockify
module
2019-05-04 09:49:12,794 D-Bus notification forwarding is available
2019-05-04 09:49:13,017 Warning: webcam forwarding is disabled
2019-05-04 09:49:13,017  the virtual video directory
'/sys/devices/virtual/video4linux' was not found
2019-05-04 09:49:13,017  make sure that the 'v4l2loopback' kernel module
is installed and loaded
2019-05-04 09:49:13,017 found 0 virtual video devices for webcam forwarding
2019-05-04 09:49:13,260 Warning: failed to load the mdns publisher
2019-05-04 09:49:13,261  No module named avahi
2019-05-04 09:49:13,261  either fix your installation or use the
'mdns=no' option
2019-05-04 09:49:13,261 xpra X11 version 2.4.3-r21350M 64-bit
2019-05-04 09:49:13,262  uid=1000 (gpdsbe), gid=1000 (gpdsbe)
2019-05-04 09:49:13,263  running with pid 3153 on Linux Debian testing
buster
2019-05-04 09:49:13,263  connected to X11 display :846 with 24 bit colors
2019-05-04 09:49:13,350 xpra is ready.
2019-05-04 09:49:13,370 7.5GB of system memory

*** Attaching to xpra display 846 ***

Xpra server pid 3153, xpra client pid 3471, jail 3472
Reading profile /etc/firejail/firefox-esr.profile
Reading profile /etc/firejail/firefox.profile
Reading profile /etc/firejail/firefox-common.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Warning: networking feature is disabled in Firejail configuration file
Parent pid 3472, child pid 3474
Warning: An abstract unix socket for session D-BUS might still be
available. Use --net or remove unix from --protocol set.
Post-exec seccomp protector enabled
Seccomp list in:
@clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice,
check list: @default-keep, prelist:
adjtimex,clock_adjtime,clock_settime,settimeofday,modify_ldt,lookup_dcookie,perf_event_open,process_vm_writev,delete_module,finit_module,init_module,_sysctl,afs_syscall,create_module,get_kernel_syms,getpmsg,putpmsg,query_module,security,sysfs,tuxcall,uselib,ustat,vserver,ioperm,iopl,kexec_load,kexec_file_load,reboot,set_mempolicy,migrate_pages,move_pages,mbind,swapon,swapoff,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount2,userfaultfd,vhangup,vmsplice,
Child process initialized in 80.07 ms
2019-05-04 09:49:14,864 Xpra gtk2 client version 2.4.3-r21350M 64-bit
2019-05-04 09:49:14,864  running on Linux Debian testing buster
2019-05-04 09:49:14,865  window manager is 'Xfwm4'
2019-05-04 09:49:14,874 Warning: failed to import opencv:
2019-05-04 09:49:14,874  No module named cv2
2019-05-04 09:49:14,874  webcam forwarding is disabled
2019-05-04 09:49:15,595 GStreamer version 1.14.4 for Python 2.7.16 64-bit
2019-05-04 09:49:15,703 No OpenGL_accelerate module loaded: No module
named OpenGL_accelerate
2019-05-04 09:49:15,809 Warning: vendor 'Intel Open Source Technology
Center' is greylisted,
2019-05-04 09:49:15,809  you may want to turn off OpenGL if you
encounter bugs
2019-05-04 09:49:15,849 OpenGL enabled with Mesa DRI Intel(R) HD
Graphics (Whiskey Lake 3x8 GT2)
2019-05-04 09:49:15,912  keyboard settings: rules=evdev, model=pc105,
layout=us,gr
2019-05-04 09:49:15,914  desktop size is 1920x1080 with 1 screen:
2019-05-04 09:49:15,914   :0.0 (508x285 mm - DPI: 96x96) workarea: 1920x1054
2019-05-04 09:49:15,914     monitor 1 (309x174 mm - DPI: 157x157)
2019-05-04 09:49:16,224 New unix-domain connection received on
/run/user/1000/xpra/Laptop-846
2019-05-04 09:49:16,231 Handshake complete; enabling connection
2019-05-04 09:49:16,263  mmap is enabled using 256MB area in
/run/user/1000/xpra/xpra.J0BbbB.mmap
2019-05-04 09:49:16,265 Python/Gtk2 Linux Debian testing buster x11
client version 2.4.3-r21350 64-bit
2019-05-04 09:49:16,265  connected from 'Laptop' as 'gpdsbe' - 'Georgios'
2019-05-04 09:49:16,345 setting key repeat rate from client: 500ms delay
/ 50ms interval
2019-05-04 09:49:16,347 setting keymap: rules=evdev, model=pc105,
layout=us,gr
The XKEYBOARD keymap compiler (xkbcomp) reports:
> Warning:          Symbol map for key <KPDL> redefined
>                   Using last definition for conflicting fields
Errors from xkbcomp are not fatal to the X server
2019-05-04 09:49:16,361 setting keyboard layout to 'us,gr'
The XKEYBOARD keymap compiler (xkbcomp) reports:
> Warning:          Symbol map for key <KPDL> redefined
>                   Using last definition for conflicting fields
Errors from xkbcomp are not fatal to the X server
2019-05-04 09:49:16,378 Warning: keymapping changed:
2019-05-04 09:49:16,378  keycode 108 points to 2 modifiers: mod1, mod5
2019-05-04 09:49:16,378  from definition: ISO_Next_Group,
ISO_Level3_Shift, Alt_R
2019-05-04 09:49:16,378  mod1: Alt_R
2019-05-04 09:49:16,378  mod5: ISO_Level3_Shift
2019-05-04 09:49:16,378  keeping: Alt_R for mod1
2019-05-04 09:49:16,384  client root window size is 1920x1080 with 1
display:
2019-05-04 09:49:16,384   :0.0 (508x285 mm - DPI: 96x96) workarea: 1920x1054
2019-05-04 09:49:16,384     monitor 1 (309x174 mm - DPI: 157x157)
2019-05-04 09:49:16,416 server virtual display now set to 1920x1080
2019-05-04 09:49:16,431 enabled fast mmap transfers using 256MB shared
memory area
2019-05-04 09:49:16,432 enabled remote logging
2019-05-04 09:49:16,432 Xpra X11 server version 2.4.3-r21350 64-bit
2019-05-04 09:49:16,432  running on Linux Debian testing buster
2019-05-04 09:49:16,436 Attached to :846
2019-05-04 09:49:16,437  (press Control-C to detach)

2019-05-04 09:49:16,439 client @01.567 Xpra X11 server version
2.4.3-r21350 64-bit
2019-05-04 09:49:16,440 client @01.568  running on Linux Debian testing
buster
2019-05-04 09:49:16,440 client @01.572 Attached to :846
2019-05-04 09:49:16,441 client @01.572  (press Control-C to detach)
2019-05-04 09:49:16,451 DPI set to 23 x 25 (wanted 90 x 90)
2019-05-04 09:49:16,451  you may experience scaling problems, such as
huge or small fonts, etc
2019-05-04 09:49:16,451  to fix this issue, try the dpi switch, or use a
patched Xorg dummy driver
2019-05-04 09:49:16,539 server does not support xi input devices
2019-05-04 09:49:16,539  server uses: xtest
2019-05-04 09:49:16,540 client @01.674 server does not support xi input
devices
2019-05-04 09:49:16,540 client @01.675  server uses: xtest
2019-05-04 09:49:16,924 New unix-domain connection received on
/run/user/1000/xpra/Laptop-846