-
Notifications
You must be signed in to change notification settings - Fork 556
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fcopy cant copy files in private-etc mode #5272
Comments
My fix is, copy files to another location and copy back fixed my problem. But now new question: setfacl feature ignored by Firejail fcopy? I think so. I think fcopy cant recognize setfacl users in some directorys i hope it will be fixed in private-etc |
Yes, your are right. fcopy knows nothing about access control lists currently. |
Ok thx for response Please inform me here if setfacl features are considered and taken into account by Firejail. Because acl feature is for hardening guys very important. Thanks and Best regards |
I have trouble with firejail and systemd again.
In my debianvm bullseye systemd starting well with php-fpm and user nginx and group nginx, when i disable private-etc
When i try to start with privare-etc last days working well but now not.
with private-etc nginx in php-fpm.profile
ul 25 01:26:16 debianb firejail[992]: Copying /etc/passwd to private /etc
Jul 25 01:26:16 debianb firejail[992]: sbox run: /run/firejail/lib/fcopy --follow-link /etc/pas>
Jul 25 01:26:16 debianb firejail[992]: Copying /etc/group to private /etc
Jul 25 01:26:16 debianb firejail[992]: sbox run: /run/firejail/lib/fcopy --follow-link /etc/gro>
Jul 25 01:26:16 debianb firejail[992]: Copying /etc/nginx to private /etc
Jul 25 01:26:16 debianb firejail[992]: sbox run: /run/firejail/lib/fcopy --follow-link /etc/ngi>
Jul 25 01:26:16 debianb systemd[1]: php-fpm.service: Main process exited, code=exited, status=1>
Jul 25 01:26:16 debianb firejail[991]: Error: proc 991 cannot sync with peer: unexpected EOF
Jul 25 01:26:16 debianb firejail[991]: Peer 992 unexpectedly exited with status 1
Jul 25 01:26:16 debianb systemd[1]: php-fpm.service: Failed with result 'exit-code'.
I tried with chown -R nginx:nginx /etc/nginx/ same error. ..
root@debianb:~# ls -al /etc/nginx/|cut -f1-9 -d' '
drwxr-xr-x 3 nginx root 4096 7. Jun
drwxr-xr-x 98 root root 8192 25. Jul 02:57
-rw-r--r-- 1 nginx root 99 17.
-rw-r--r-- 1 nginx root 1077 15. Mai 15:03
-rw-r--r-- 1 nginx root 1077 7. Jun
-rw-r--r-- 1 nginx root 1007 15. Mai 15:03
-rw-r--r-- 1 nginx root 1007 7. Jun
drwxr-xr-x 2 nginx root 56 19.
-rw-r--r-- 1 nginx root 2837 7. Jun
-rw-r--r-- 1 nginx root 2223 7. Jun
-rw-r--r-- 1 nginx root 5349 15. Mai 15:03
-rw-r--r-- 1 nginx root 5349 7. Jun
-rw-r--r-- 1 nginx root 6404 7. Jun
-rw-r--r-- 1 nginx root 2656 7. Jun
-rw-r--r-- 1 nginx root 2656 15. Mai 15:03
-rw-r--r-- 1 nginx root 4208 17. Mai 13:12
-rw-r--r-- 1 nginx root 1009 17. Mai 16:37
-rw-r--r-- 1 nginx root 3918 17. Mai 13:12
-rw-r--r-- 1 nginx root 636 15. Mai
-rw-r--r-- 1 nginx root 636 7.
-rw-r--r-- 1 nginx root 3255 17. Mai 13:12
-rw-r--r-- 1 nginx root 3780 17. Mai 13:12
-rw-r--r-- 1 nginx root 664 15. Mai
-rw-r--r-- 1 nginx root 664 7.
-rw-r--r-- 1 nginx root 3610 7. Jun
when i disable private-etc everything works...
but its appear suddenly... suddenly cant fcopy to new overlayfs i think... week before it could start wity private-etc nginx very well.
The text was updated successfully, but these errors were encountered: