Unable to run a C executable in firejail: Permission denied error. #1521
Comments
|
The server profile has 'private' which means it cannot access any files in your home directory. As for why it didn't work when you used --noprofile is probably due to being logged in as root. You should first create a dedicated user and then create a dedicated profile based off of /etc/firejai/default.profile as specific as possible to the programs you'll be running. And there isn't really a need for a program to test, you could just cat /etc/shadow and get a "No such file or directory" if using private-etc or "Permission denied" without. |
|
SpotComms, many thanks for your suggestion! I'm able to execute the program using firejail when I use the su command for the user rgrover: These are the contents of the default.profile: |
netblue30
added
the
information_old
Hello,
I'm interested in using firejail for testing student programs that are written in C/C++ so that they are contained within a sandbox and isolated from the rest of the system. However, I'm unable to execute any C/C++ executables with firejail. I've written a simple C program and am trying to execute it with firejail. The executable is named bfs and it runs as expected when I don't use firejail. However, it fails to execute with firejail and produces the following output:
[root@spel-lin01 rgrover]# firejail ./bfs
Reading profile /etc/firejail/server.profile
** Note: you can use --noprofile to disable server.profile **
Parent pid 24281, child pid 24282
The new log directory is /proc/24282/root/var/log
Child process initialized in 56.42 ms
/bin/bash: ./bfs: No such file or directory
Parent is shutting down, bye...
[root@spel-lin01 rgrover]# firejail ./bfs
Reading profile /etc/firejail/server.profile
** Note: you can use --noprofile to disable server.profile **
Parent pid 24787, child pid 24788
The new log directory is /proc/24788/root/var/log
Child process initialized in 20.52 ms
/bin/bash: ./bfs: No such file or directory
Parent is shutting down, bye...
[root@spel-lin01 rgrover]# firejail ./bfs
Reading profile /etc/firejail/server.profile
** Note: you can use --noprofile to disable server.profile **
Parent pid 24804, child pid 24805
The new log directory is /proc/24805/root/var/log
Child process initialized in 29.30 ms
/bin/bash: ./bfs: No such file or directory
Parent is shutting down, bye...
[root@spel-lin01 rgrover]# firejail --noprofile ./bfs
Parent pid 24298, child pid 24299
The new log directory is /proc/24299/root/var/log
Child process initialized in 23.18 ms
/bin/bash: ./bfs: Permission denied
Parent is shutting down, bye.
These are the contents /etc/firejail/server.profile:
The file permissions for bfs are shown here:
-rwxr-xr-x. 1 root root 14944 Sep 2 21:35 bfs
-rw-r--r--. 1 rgrover rgrover 6223 Sep 2 20:14 bfs.c
drwxr-xr-x. 2 rgrover rgrover 63 Sep 2 19:56 Desktop
drwxr-xr-x. 2 rgrover rgrover 6 Sep 2 18:45 Documents
drwxr-xr-x. 3 rgrover rgrover 47 Sep 2 19:03 Downloads
-rwxr-xr-x. 1 root root 8720 Sep 2 22:01 exploit1
-rw-rw-r--. 1 rgrover rgrover 244 Sep 2 19:35 exploit1.c
-rwxr-xr-x. 1 root root 849424 Sep 2 20:03 exploit2
-rw-rw-r--. 1 rgrover rgrover 85 Sep 2 19:34 exploit2.c
drwxr-xr-x. 2 rgrover rgrover 6 Sep 2 18:45 Music
drwxr-xr-x. 2 rgrover rgrover 6 Sep 2 18:45 Pictures
drwxr-xr-x. 2 rgrover rgrover 6 Sep 2 18:45 Public
drwxr-xr-x. 2 rgrover rgrover 6 Sep 2 18:45 Templates
drwxr-xr-x. 2 root root 17 Sep 2 20:17 test
drwxr-xr-x. 2 rgrover rgrover 6 Sep 2 18:45 Videos
[root@spel-lin01 rgrover]#
I've also created two "exploits" (programs that display the contents of /etc/shadow) to test firejail. However, I'm unable to execute any of these programs.
The text was updated successfully, but these errors were encountered: