-
Notifications
You must be signed in to change notification settings - Fork 557
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fseccomp not found with private-bin+private-lib+seccomp #3113
Comments
Looks like the binary is not installed on the VM. |
looks like the private-bin must have an invalid argument. |
ffmpegthumbnailer is not needed, as the test script is running the echo binary ("echo done"). But the error I posted above is not one of the expected ones. |
I get
It works with OS: Fedora 31 |
While looking through errors of the test suite I noticed that
test/profiles/profiles.sh
was failing while testing the ffmpegthumbnailer profile.For some reason it is not able to execute
/run/firejail/lib/fseccomp
(No such file or directory
) for generating the seccomp filter.I am able to reproduce it inside a container/qemu (but not on the host). Just running
firejail --profile=/etc/firejail/ffmpegthumbnailer.profile $ANYCOMMAND
is failing, as it can't complete the seccomp setup.I then reduced the profile to the following lines:
All three of them are needed to trigger the issue (
seccomp
alone is not sufficient, it needs an argument so that a new filter actually has to be generated).Does anyone have an idea what could go wrong? Or why it fails inside a container/VM, but not on my main system?
CC @netblue30
Here is the output without
quiet
and with--debug
(where it fails because offsec-print
):The text was updated successfully, but these errors were encountered: