fcopy cant copy files in private-etc mode

[osevan]

I have trouble with firejail and systemd again.
In my debianvm bullseye systemd starting well with php-fpm and user nginx and group nginx, when i disable private-etc

When i try to start with privare-etc last days working well but now not.

with private-etc nginx in php-fpm.profile
ul 25 01:26:16 debianb firejail[992]: Copying /etc/passwd to private /etc
Jul 25 01:26:16 debianb firejail[992]: sbox run: /run/firejail/lib/fcopy --follow-link /etc/pas>
Jul 25 01:26:16 debianb firejail[992]: Copying /etc/group to private /etc
Jul 25 01:26:16 debianb firejail[992]: sbox run: /run/firejail/lib/fcopy --follow-link /etc/gro>
Jul 25 01:26:16 debianb firejail[992]: Copying /etc/nginx to private /etc
Jul 25 01:26:16 debianb firejail[992]: sbox run: /run/firejail/lib/fcopy --follow-link /etc/ngi>
Jul 25 01:26:16 debianb systemd[1]: php-fpm.service: Main process exited, code=exited, status=1>
Jul 25 01:26:16 debianb firejail[991]: Error: proc 991 cannot sync with peer: unexpected EOF
Jul 25 01:26:16 debianb firejail[991]: Peer 992 unexpectedly exited with status 1
Jul 25 01:26:16 debianb systemd[1]: php-fpm.service: Failed with result 'exit-code'.

I tried with chown -R nginx:nginx /etc/nginx/ same error. ..

root@debianb:~# ls -al /etc/nginx/|cut -f1-9 -d' '

drwxr-xr-x 3 nginx root 4096 7. Jun
drwxr-xr-x 98 root root 8192 25. Jul 02:57
-rw-r--r-- 1 nginx root 99 17.
-rw-r--r-- 1 nginx root 1077 15. Mai 15:03
-rw-r--r-- 1 nginx root 1077 7. Jun
-rw-r--r-- 1 nginx root 1007 15. Mai 15:03
-rw-r--r-- 1 nginx root 1007 7. Jun
drwxr-xr-x 2 nginx root 56 19.
-rw-r--r-- 1 nginx root 2837 7. Jun
-rw-r--r-- 1 nginx root 2223 7. Jun
-rw-r--r-- 1 nginx root 5349 15. Mai 15:03
-rw-r--r-- 1 nginx root 5349 7. Jun
-rw-r--r-- 1 nginx root 6404 7. Jun
-rw-r--r-- 1 nginx root 2656 7. Jun
-rw-r--r-- 1 nginx root 2656 15. Mai 15:03
-rw-r--r-- 1 nginx root 4208 17. Mai 13:12
-rw-r--r-- 1 nginx root 1009 17. Mai 16:37
-rw-r--r-- 1 nginx root 3918 17. Mai 13:12
-rw-r--r-- 1 nginx root 636 15. Mai
-rw-r--r-- 1 nginx root 636 7.
-rw-r--r-- 1 nginx root 3255 17. Mai 13:12
-rw-r--r-- 1 nginx root 3780 17. Mai 13:12
-rw-r--r-- 1 nginx root 664 15. Mai
-rw-r--r-- 1 nginx root 664 7.
-rw-r--r-- 1 nginx root 3610 7. Jun

when i disable private-etc everything works...

but its appear suddenly... suddenly cant fcopy to new overlayfs i think... week before it could start wity private-etc nginx very well.

[osevan]

My fix is, copy files to another location and copy back fixed my problem.

But now new question: setfacl feature ignored by Firejail fcopy? I think so.

I think fcopy cant recognize setfacl users in some directorys i hope it will be fixed in private-etc

[smitsohu]

But now new question: setfacl feature ignored by Firejail fcopy?

Yes, your are right. fcopy knows nothing about access control lists currently.

[osevan]

Ok thx for response

Please inform me here if setfacl features are considered and taken into account by Firejail.

Because acl feature is for hardening guys very important.

Thanks and

Best regards