[ISSUE] firejail on certain programs gives Error mounting tmpfs: fs.c:499 fs_tmpfs: Invalid argument

[ISSUE] firejail on certain programs gives Error mounting tmpfs: fs.c:499 fs_tmpfs: Invalid argument

[ben-cooper]

[-- Attachment #1: Type: text/plain, Size: 1723 bytes --]

New issue by ben-cooper on void-packages repository

https://github.com/void-linux/void-packages/issues/31837

Description:
<!-- Don't request update of package. We have a script for that. https://alpha.de.repo.voidlinux.org/void-updates/void-updates.txt . However, a quality pull request may help. -->
### System

* xuname:  
  Void 5.12.14_1 x86_64-musl AuthenticAMD notuptodate rFFFFF
* package:  
  firejail-0.9.66_1

### Expected behavior

Running `firejail firefox` or `firejail mpv` should launch these programs within firejail.

### Actual behavior

Running `firejail firefox` returns:

```
Reading profile /etc/firejail/firefox.profile
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/firefox-common.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-runuser-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
Parent pid 19549, child pid 19552
Warning: cannot find /dev/null/utmp
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Error mounting tmpfs: fs.c:499 fs_tmpfs: Invalid argument
Error: proc 19549 cannot sync with peer: unexpected EOF
Peer 19552 unexpectedly exited with status 1
```

### Steps to reproduce the behavior

1. Run `firejail firefox` in the terminal.

Re: firejail on certain programs gives Error mounting tmpfs: fs.c:499 fs_tmpfs: Invalid argument

[darmon77]

[-- Attachment #1: Type: text/plain, Size: 202 bytes --]

New comment by darmon77 on void-packages repository

https://github.com/void-linux/void-packages/issues/31837#issuecomment-875249439

Comment:
You can send us what this prints firejail --debug firefox 

Re: firejail on certain programs gives Error mounting tmpfs: fs.c:499 fs_tmpfs: Invalid argument

[ben-cooper]

[-- Attachment #1: Type: text/plain, Size: 224 bytes --]

New comment by ben-cooper on void-packages repository

https://github.com/void-linux/void-packages/issues/31837#issuecomment-875293162

Comment:
[log.txt](https://github.com/void-linux/void-packages/files/6774503/log.txt)

Re: firejail on certain programs gives Error mounting tmpfs: fs.c:499 fs_tmpfs: Invalid argument

[ben-cooper]

[-- Attachment #1: Type: text/plain, Size: 240 bytes --]

New comment by ben-cooper on void-packages repository

https://github.com/void-linux/void-packages/issues/31837#issuecomment-875293162

Comment:
Here you go:

[log.txt](https://github.com/void-linux/void-packages/files/6774503/log.txt)

Re: firejail on certain programs gives Error mounting tmpfs: fs.c:499 fs_tmpfs: Invalid argument

[wibed]

[-- Attachment #1: Type: text/plain, Size: 304 bytes --]

New comment by wibed on void-packages repository

https://github.com/void-linux/void-packages/issues/31837#issuecomment-876234000

Comment:
same here:

su - user -c "DBUS_SESSION_BUS_ADDRESS=unix:path=/tmp/1002/dbus-1/services firejail --debug firefox | nc termbin.com 9999"

http://termbin.com/1i8t

Re: firejail on certain programs gives Error mounting tmpfs: fs.c:499 fs_tmpfs: Invalid argument

[D-RX]

[-- Attachment #1: Type: text/plain, Size: 570 bytes --]

New comment by D-RX on void-packages repository

https://github.com/void-linux/void-packages/issues/31837#issuecomment-883714405

Comment:
I worked with upstream on this (see https://github.com/netblue30/firejail/issues/4387; the problem was that the `MS_REMOUNT` flag was not being cleared before some calls to `mount`).
The upstream commit `ba5f5c8` should fix this bug, as I verified by manually patching /usr/bin/firejail to match that commit (clearing the `MS_REMOUNT` flag before the call to `mount`).

I expect this will be fixed in the next firejail release.

Re: firejail on certain programs gives Error mounting tmpfs: fs.c:499 fs_tmpfs: Invalid argument

[ben-cooper]

[-- Attachment #1: Type: text/plain, Size: 198 bytes --]

New comment by ben-cooper on void-packages repository

https://github.com/void-linux/void-packages/issues/31837#issuecomment-883755107

Comment:
That's great to hear.  Thanks for looking into this.

Re: firejail on certain programs gives Error mounting tmpfs: fs.c:499 fs_tmpfs: Invalid argument

[Piraty]

[-- Attachment #1: Type: text/plain, Size: 360 bytes --]

New comment by Piraty on void-packages repository

https://github.com/void-linux/void-packages/issues/31837#issuecomment-884521977

Comment:
worth to note: alpine removed firejail (which i second)
1. https://gitlab.alpinelinux.org/alpine/aports/-/issues/12635
2. https://gitlab.alpinelinux.org/alpine/aports/-/commit/a583a65eab6c9a60d027f712a965c969448bce65

Re: firejail on certain programs gives Error mounting tmpfs: fs.c:499 fs_tmpfs: Invalid argument

[darmon77]

[-- Attachment #1: Type: text/plain, Size: 369 bytes --]

New comment by darmon77 on void-packages repository

https://github.com/void-linux/void-packages/issues/31837#issuecomment-885458899

Comment:
Firejail, more than a solution, can be a big problem, many are unaware of the danger, and others settle for the illusive peace of mind of being the only user.
It is never a good idea to run applications as root using SUIDs. 

Re: firejail on certain programs gives Error mounting tmpfs: fs.c:499 fs_tmpfs: Invalid argument

[kmk3]

[-- Attachment #1: Type: text/plain, Size: 235 bytes --]

New comment by kmk3 on void-packages repository

https://github.com/void-linux/void-packages/issues/31837#issuecomment-1035766230

Comment:
Hello, netblue30/firejail#4387 should be fixed as of firejail 0.9.68 (released
5 days ago).

Re: firejail on certain programs gives Error mounting tmpfs: fs.c:499 fs_tmpfs: Invalid argument

[kmk3]

[-- Attachment #1: Type: text/plain, Size: 647 bytes --]

New comment by kmk3 on void-packages repository

https://github.com/void-linux/void-packages/issues/31837#issuecomment-1035769693

Comment:
For those concerned about the security/usability tradeoffs of firejail, there
have been multiple discussions about it, the latest of which appears to be the
following one (see also the linked threads of previous discussions):

* <https://github.com/netblue30/firejail/discussions/4601>

If you have anything new to add there, feel free to do so.

If you have discovered a security bug, please report it as explained on [SECURITY.md](https://github.com/netblue30/firejail/blob/master/SECURITY.md).

Re: firejail on certain programs gives Error mounting tmpfs: fs.c:499 fs_tmpfs: Invalid argument

[rusty-snake]

[-- Attachment #1: Type: text/plain, Size: 509 bytes --]

New comment by rusty-snake on void-packages repository

https://github.com/void-linux/void-packages/issues/31837#issuecomment-1038394107

Comment:
> For those concerned about the security/usability tradeoffs of firejail, there
have been multiple discussions about it, the latest of which appears to be the
following one (see also the linked threads of previous discussions):

Regarding the removal from alpine I wrote something at https://github.com/netblue30/firejail/issues/4210#issuecomment-841882340.

Re: [ISSUE] [CLOSED] firejail on certain programs gives Error mounting tmpfs: fs.c:499 fs_tmpfs: Invalid argument

[Piraty]

[-- Attachment #1: Type: text/plain, Size: 1726 bytes --]

Closed issue by ben-cooper on void-packages repository

https://github.com/void-linux/void-packages/issues/31837

Description:
<!-- Don't request update of package. We have a script for that. https://alpha.de.repo.voidlinux.org/void-updates/void-updates.txt . However, a quality pull request may help. -->
### System

* xuname:  
  Void 5.12.14_1 x86_64-musl AuthenticAMD notuptodate rFFFFF
* package:  
  firejail-0.9.66_1

### Expected behavior

Running `firejail firefox` or `firejail mpv` should launch these programs within firejail.

### Actual behavior

Running `firejail firefox` returns:

```
Reading profile /etc/firejail/firefox.profile
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/firefox-common.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-runuser-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
Parent pid 19549, child pid 19552
Warning: cannot find /dev/null/utmp
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Error mounting tmpfs: fs.c:499 fs_tmpfs: Invalid argument
Error: proc 19549 cannot sync with peer: unexpected EOF
Peer 19552 unexpectedly exited with status 1
```

### Steps to reproduce the behavior

1. Run `firejail firefox` in the terminal.

Re: firejail on certain programs gives Error mounting tmpfs: fs.c:499 fs_tmpfs: Invalid argument

[Piraty]

[-- Attachment #1: Type: text/plain, Size: 212 bytes --]

New comment by Piraty on void-packages repository

https://github.com/void-linux/void-packages/issues/31837#issuecomment-1074464011

Comment:
`0.9.68` is in the repo now, b770010ac168c0dc308c66d25929a438d1ed7305