-
Notifications
You must be signed in to change notification settings - Fork 557
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to run a C executable in firejail: Permission denied error. #1521
Comments
The server profile has 'private' which means it cannot access any files in your home directory. As for why it didn't work when you used --noprofile is probably due to being logged in as root. You should first create a dedicated user and then create a dedicated profile based off of /etc/firejai/default.profile as specific as possible to the programs you'll be running. And there isn't really a need for a program to test, you could just cat /etc/shadow and get a "No such file or directory" if using private-etc or "Permission denied" without. |
SpotComms, many thanks for your suggestion! I'm able to execute the program using firejail when I use the su command for the user rgrover: These are the contents of the default.profile:
|
Hello,
I'm interested in using firejail for testing student programs that are written in C/C++ so that they are contained within a sandbox and isolated from the rest of the system. However, I'm unable to execute any C/C++ executables with firejail. I've written a simple C program and am trying to execute it with firejail. The executable is named bfs and it runs as expected when I don't use firejail. However, it fails to execute with firejail and produces the following output:
[root@spel-lin01 rgrover]# firejail ./bfs
Reading profile /etc/firejail/server.profile
** Note: you can use --noprofile to disable server.profile **
Parent pid 24281, child pid 24282
The new log directory is /proc/24282/root/var/log
Child process initialized in 56.42 ms
/bin/bash: ./bfs: No such file or directory
Parent is shutting down, bye...
[root@spel-lin01 rgrover]# firejail ./bfs
Reading profile /etc/firejail/server.profile
** Note: you can use --noprofile to disable server.profile **
Parent pid 24787, child pid 24788
The new log directory is /proc/24788/root/var/log
Child process initialized in 20.52 ms
/bin/bash: ./bfs: No such file or directory
Parent is shutting down, bye...
[root@spel-lin01 rgrover]# firejail ./bfs
Reading profile /etc/firejail/server.profile
** Note: you can use --noprofile to disable server.profile **
Parent pid 24804, child pid 24805
The new log directory is /proc/24805/root/var/log
Child process initialized in 29.30 ms
/bin/bash: ./bfs: No such file or directory
Parent is shutting down, bye...
[root@spel-lin01 rgrover]# firejail --noprofile ./bfs
Parent pid 24298, child pid 24299
The new log directory is /proc/24299/root/var/log
Child process initialized in 23.18 ms
/bin/bash: ./bfs: Permission denied
Parent is shutting down, bye.
These are the contents /etc/firejail/server.profile:
The file permissions for bfs are shown here:
-rwxr-xr-x. 1 root root 14944 Sep 2 21:35 bfs
-rw-r--r--. 1 rgrover rgrover 6223 Sep 2 20:14 bfs.c
drwxr-xr-x. 2 rgrover rgrover 63 Sep 2 19:56 Desktop
drwxr-xr-x. 2 rgrover rgrover 6 Sep 2 18:45 Documents
drwxr-xr-x. 3 rgrover rgrover 47 Sep 2 19:03 Downloads
-rwxr-xr-x. 1 root root 8720 Sep 2 22:01 exploit1
-rw-rw-r--. 1 rgrover rgrover 244 Sep 2 19:35 exploit1.c
-rwxr-xr-x. 1 root root 849424 Sep 2 20:03 exploit2
-rw-rw-r--. 1 rgrover rgrover 85 Sep 2 19:34 exploit2.c
drwxr-xr-x. 2 rgrover rgrover 6 Sep 2 18:45 Music
drwxr-xr-x. 2 rgrover rgrover 6 Sep 2 18:45 Pictures
drwxr-xr-x. 2 rgrover rgrover 6 Sep 2 18:45 Public
drwxr-xr-x. 2 rgrover rgrover 6 Sep 2 18:45 Templates
drwxr-xr-x. 2 root root 17 Sep 2 20:17 test
drwxr-xr-x. 2 rgrover rgrover 6 Sep 2 18:45 Videos
[root@spel-lin01 rgrover]#
I've also created two "exploits" (programs that display the contents of /etc/shadow) to test firejail. However, I'm unable to execute any of these programs.
The text was updated successfully, but these errors were encountered: