Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

firejail with wine and optirun #1658

Open
silvervellum opened this issue Nov 25, 2017 · 2 comments
Open

firejail with wine and optirun #1658

silvervellum opened this issue Nov 25, 2017 · 2 comments
Labels
information_old (Deprecated; use "doc-todo" or "needinfo" instead) Information was/is required

Comments

@silvervellum
Copy link

silvervellum commented Nov 25, 2017
edited
Loading

Hello!

I would like to use firejail with wine and optirun (to use a dedicated Nvidia graphics card) but I didn't find a case such this documented.

I tried a bit to work with this setup and I would like to share my notes and have a confirmation that my approach is correct. I am using firejail 9.50 on Debian Testing.

Firejail can be used with wine as everything else:
firejail wine <path/to/application>

In this way the wine.profile is loaded and the application should be jailed as expected.

To run the application with a dedicated Nvidia graphics card one has to use optirun:
optirun <options> wine <path/to/application>

How to use firejail whit this? Given that I have to jail wine, I tried at first with this syntax (somewhere else on the Internet I found another user doing the same):
optirun <options> firejail wine <path/to/application>

In this way I expected to see all the commands following optirun to run on the dedicated graphics card. Instead, despite that optirun ran and firejail loaded the wine.profile, the application launched with wine used the integrated graphics card. I didn't look at the documentation but at first it seems counterintuitive.

Then I changed the order of the commands and it worked, sort of:
firejail optirun <options> wine <path/to/application>

In fact firejail tried to load a profile for the first command it saw, in this case optirun, but given that there were no optirun profile it loaded the generic default one. Therefore I manually chose the correct profile:
firejail --profile=/etc/firejail/wine.profile optirun <options> wine <path/to/application>

To verify that everything works I made a simple test:
firejail --profile=/etc/firejail/wine.profile --private optirun wine notepad

and notepad was exposed to the fake home directory.

Therefore in this way everything seems to work as expected, but is it the correct way to do it? Thank you!
@SkewedZeppelin
Copy link
Collaborator

SkewedZeppelin commented Nov 25, 2017
edited
Loading

firejail optirun [program] is probably the right way. I haven't used Bumblebee in a while, but afaik opti/primusrun was like LD_PRELOAD and you can't LD_PRELOAD on suid binaries.

Maybe someone can add an '--optirun' option to allow running with optirun instead of having to firejail --profile=realprogram optirun program

Edit: closed by accident.

@SkewedZeppelin SkewedZeppelin added the information_old (Deprecated; use "doc-todo" or "needinfo" instead) Information was/is required label Nov 25, 2017
@rusty-snake
Copy link
Collaborator

Can we close here?

@rusty-snake rusty-snake reopened this Aug 4, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
information_old (Deprecated; use "doc-todo" or "needinfo" instead) Information was/is required
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@SkewedZeppelin @silvervellum @rusty-snake