Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

End-of-options indicator "--" breaks firejail when login shell is set to /sbin/nologin #5606

Open
1 of 7 tasks
rusty-snake opened this issue Jan 21, 2023 · 2 comments
Open
1 of 7 tasks

End-of-options indicator "--" breaks firejail when login shell is set to /sbin/nologin #5606

rusty-snake opened this issue Jan 21, 2023 · 2 comments
Labels
bug Something isn't working

Comments

@rusty-snake
Copy link
Collaborator

Description

End-of-options indicator "--" breaks firejail when login shell is set to /sbin/nologin

Steps to Reproduce

  1. Have a user with /sbin/nologin as login shell
  2. LC_ALL=C firejail --quiet --noprofile -- echo "TARDIS"

Expected behavior

Seeing TARDIS

Actual behavior

This account is currently not available.

Behavior without a profile

N/A

Additional context

Using firejail --quiet --noprofile echo "TARDIS" works.

Relates to #5599.
Relates to #5598.
Relates to #5605.

Environment

Checklist

  • The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it).
  • I can reproduce the issue without custom modifications (e.g. globals.local).
  • The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
  • The profile (and redirect profile if exists) hasn't already been fixed upstream.
  • I have performed a short search for similar issues (to avoid opening a duplicate).
    • I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.
  • I used --profile=PROFILENAME to set the right profile. (Only relevant for AppImages)

Log

logs 
$ firejail --quiet --noprofile --debug echo "TARDIS"
Building quoted command line: 'echo' 'TARDIS' 
Command name #echo#
...
Starting application
LD_PRELOAD=(null)
execvp argument 0: echo
execvp argument 1: TARDIS
Child process initialized in 6.44 ms
Searching $PATH for echo
trying #/home/rusty-snake/.config/firecfg.py/overrides/bin/echo#
trying #/etc/firecfg.py/overrides/bin/echo#
trying #/usr/local/bin/echo#
trying #/usr/local/sbin/echo#
trying #/usr/bin/echo#
TARDIS
$ firejail --quiet --noprofile --debug -- echo "TARDIS"
Building quoted command line: 'echo' 'TARDIS' 
Command name #echo#
...
Starting application
LD_PRELOAD=(null)
Running 'echo' 'TARDIS'  command through /sbin/nologin
execvp argument 0: /sbin/nologin
execvp argument 1: -c
execvp argument 2: 'echo' 'TARDIS' 
Child process initialized in 10.51 ms
This account is currently not available.
This was referenced Feb 12, 2023
Merged
Open
@rusty-snake rusty-snake added the bug Something isn't working label Feb 12, 2023
@rusty-snake
Copy link
Collaborator Author

Looks like this is intentional. 7ad735d#diff-767ac3de885e9c994fed6eb2a0f8234fd8d8611a5f817d2b0a37b50f4101b321

@paladox
Copy link

paladox commented Dec 11, 2023

We get this when using the www-data user.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@paladox @rusty-snake