-
Notifications
You must be signed in to change notification settings - Fork 561
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
obs: program does not start #3865
Comments
Which firejail version do you use? What distro are you on? Are there any errors in the terminal or in the syslog if you run |
Firejail 0.9.64-2. I am on Manjaro. As far as I know there are no errors. yes |
That's good and bad. Bad: no error message means we have no hint what could go wrong. Good: because --noprofile works, this can be solved by adopting obs.profile. Can you copy obs.profile to your home and the use |
Add: |
In that case, the cause is likely the same as #3219. What's the gpu vendor/driver? glxinfo | grep '^OpenGL vendor'
glxinfo | grep '^OpenGL version' |
In my case: Archlinux & AMD OpenGL version string: 4.6 (Compatibility Profile) Mesa 20.3.2. |
Then it's probably #3219 indeed. @energrizer-9032 Does #3865 (comment) solve it for you? If not, does firejail/etc/templates/syscalls.txt Line 89 in 6d95214
give any results? |
Since firejail 0.9.64 you need to use |
It has always appeared on /var/log/kernel.log on Artix for me, using the I just tested it again on 0.9.64 to confirm, by forcing the keepassxc violation The way I understand it is that whenever there's a seccomp violation, the |
Fedora 32; Firejail 0.9.65 (d5824f1); Linux 5.9.16-100.fc32.x86_64 #include <unistd.h>
#include <string.h>
int main() {
char hello[] = "Hello";
write(1, &hello, strlen(hello));
}
|
What is not working is the virtual camera feature added some releases ago: obsproject/obs-studio#3845 Even |
@rusty-snake Alright, same results here. Well, the only times I remember having seccomp issues were with keepassxc and And strangely enough, these do not log: $ firejail --seccomp.drop=@basic-io keepassxc; echo $?
Reading profile /etc/firejail/keepassxc.profile
Reading profile /etc/firejail/keepassxc.local
Reading profile /etc/firejail/disable-dbus.inc.local
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-common.local
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-shell.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Seccomp list in: !name_to_handle_at, check list: @default-keep, prelist: unknown,
Seccomp list in: @basic-io, check list: @default-keep, prelist: close,dup,dup2,dup3,lseek,pread64,preadv,preadv2,pwrite64,pwritev,pwritev2,read,readv,write,writev,
Parent pid 2177, child pid 2178
3 programs installed in 54.39 ms
Warning: skipping alternatives for private /etc
Private /etc installed in 9.12 ms
Warning: skipping alternatives for private /usr/etc
Warning: skipping fonts for private /usr/etc
Warning: skipping ld.so.cache for private /usr/etc
Warning: skipping machine-id for private /usr/etc
Private /usr/etc installed in 0.15 ms
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Blacklist violations are logged to syslog
Seccomp list in: @basic-io, check list: @default-keep, prelist: close,dup,dup2,dup3,lseek,pread64,preadv,preadv2,pwrite64,pwritev,pwritev2,read,readv,write,writev,
Child process initialized in 222.41 ms
Parent is shutting down, bye...
127 (this works; not sure what to do to force it to fail) $ firejail --seccomp.drop=@basic-io steam; echo $?
[...]
Parent is shutting down, bye...
0 But these always do: $ firejail --ignore='seccomp !name_to_handle_at' keepassxc; echo $?
Reading profile /etc/firejail/keepassxc.profile
Reading profile /etc/firejail/keepassxc.local
Reading profile /etc/firejail/disable-dbus.inc.local
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-common.local
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-shell.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 13423, child pid 13424
3 programs installed in 54.51 ms
Warning: skipping alternatives for private /etc
Private /etc installed in 9.15 ms
Warning: skipping alternatives for private /usr/etc
Warning: skipping fonts for private /usr/etc
Warning: skipping ld.so.cache for private /usr/etc
Warning: skipping machine-id for private /usr/etc
Private /usr/etc installed in 0.22 ms
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Blacklist violations are logged to syslog
Child process initialized in 230.26 ms
# (hangs)
^C
Parent received signal 2, shutting down the child process...
Child received signal 2, shutting down the sandbox...
Parent is shutting down, bye...
2 $ firejail --ignore='seccomp.drop' steam; echo $?
[...]
# (hangs)
^C
Parent received signal 2, shutting down the child process...
Child received signal 2, shutting down the sandbox...
Parent is shutting down, bye...
2 The seccomp.drop line is this (from #3267 (comment)):
Maybe it only happens with GUI programs or with specific syscalls? |
Best (for debugging): |
I'm closing here due to inactivity, please fell free to request to reopen if you still have this issue. |
I replaced my desktop shortcut of obs studio by running command
firecfg
.obs studio is not even showing up.(it shows in htop )
Please help me
The text was updated successfully, but these errors were encountered: