Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Wiki: Frequently Asked Questions #2792

Closed
matu3ba opened this issue Jun 22, 2019 · 46 comments
Closed

Wiki: Frequently Asked Questions #2792

matu3ba opened this issue Jun 22, 2019 · 46 comments
Labels
wiki Discussions about the wiki

Comments

@matu3ba
Copy link
Contributor

matu3ba commented Jun 22, 2019

The text on support/FAQ is an ideal candidate to for the wiki.

Edit:

New FAQ page here: https://github.com/netblue30/firejail/wiki/Frequently-Asked-Questions

@matu3ba
Copy link
Contributor Author

matu3ba commented Jun 22, 2019

content to add for FAQ: #1385, #2046, #2387
[TODO:review]

@chiraag-nataraj chiraag-nataraj added the wiki Discussions about the wiki label Jun 22, 2019
@matu3ba

This comment has been minimized.

@rusty-snake
Copy link
Collaborator

rusty-snake commented Jun 22, 2019

@rusty-snake
Copy link
Collaborator

rusty-snake commented Jun 22, 2019

done

I started translating the FAQ to Markdown: https://gist.github.com/rusty-snake/3b62c4c433320415dee6f1f836887d5f

EDIT: I also add some comments (<!--TODO:) about the content.

@rusty-snake
Copy link
Collaborator

rusty-snake commented Jun 23, 2019

Note: Update the FAQ link in the README when this is Finish. done

@netblue30
Copy link
Owner

I'll move it in the wiki today!

@netblue30
Copy link
Owner

netblue30 commented Jun 24, 2019

New wiki page, thanks @rusty-snake, start editing! I'm not sure what I'll do with the one on the web page, probably I'll redirect it to wiki.

@netblue30 netblue30 changed the title Wiki: Move FAQ from website for easier maintenance (more often changes needed) Wiki: Frequently Asked Questions Jun 24, 2019
@rusty-snake
Copy link
Collaborator

rusty-snake commented Jun 24, 2019

done

@netblue30
Copy link
Owner

@rusty-snake - go for it!

@Fred-Barclay
Copy link
Collaborator

For the PulseAudio FAQ https://github.com/netblue30/firejail/wiki/Frequently-Asked-Questions#pulseaudio-7080-issue it says

It affects among others Arch, Ubuntu 16.04 and Mint users. This problem was fixed PulseAudio version 9.0.

Since this issue is only present for pulseaudio 7 or 8, and currently on Arch pulseaudio is at version 12.2, any reason to leave Arch in the list?

@netblue30
Copy link
Owner

Arch removed from PulseAudio issue!

@matu3ba

This comment has been minimized.

@matu3ba
Copy link
Contributor Author

matu3ba commented Jun 27, 2019

@rusty-snake https://github.com/netblue30/firejail/projects/1 explains several things. Do you want me to write some tests on that for explanation?
I do not get exactly what the use cases are and would likely write maybe 1 sentence to each functionality.
Regarding https://github.com/netblue30/firejail/issues?&q=is%3Aissue+label%3Aquestion, https://github.com/netblue30/firejail/issues?&q=is%3Aissue+label%3Ainformation would it maybe not easier to tag them as FAQ or hint a proper searching for the user on github?
Copy-pasting loads of text for uncertain gain does not look super interesting to me.

@rusty-snake
Copy link
Collaborator

https://github.com/netblue30/firejail/projects/1 explains several things

I think only the Usage section is good for the FAQ, the other are better for a own page.

https://github.com/netblue30/firejail/issues?&q=is%3Aissue+label%3Aquestion, https://github.com/netblue30/firejail/issues?&q=is%3Aissue+label%3Ainformation

that was rather meant that if you have time / energy you can go through it to see which of them are suitable


#404 Found. 🤣

@matu3ba
Copy link
Contributor Author

matu3ba commented Jun 27, 2019

> > https://github.com/netblue30/firejail/projects/1 explains several things

I think only the Usage section is good for the FAQ, the other are better for a own page.

Will look into that.

https://github.com/netblue30/firejail/issues?&q=is%3Aissue+label%3Aquestion, https://github.com/netblue30/firejail/issues?&q=is%3Aissue+label%3Ainformation

> that was rather meant that if you have time / energy you can go through it to see which of them are suitable > I did request a search option for duplicates in github and will do it by that means. Aside hopefully soon the related options are searchable/usable to group issues.

#404 Found. rofl

xD

@matu3ba
Copy link
Contributor Author

matu3ba commented Jun 27, 2019

@netblue30
What do you want to do with all the questions/comments on the support page?
Are there tools for extracting the comments and importing them into another github repo?
Or do you think it is even worth the effort?

@matu3ba
Copy link
Contributor Author

matu3ba commented Jun 27, 2019

@rusty-snake I was thinking of explaining one profile, but after a while I realized
that it is more useful to integrate that into the profile creation (for the part Usage).

So the overall idea is to change name of "Wiki: creating profile" to "Wiki: Usage and Profiles".
I have several duplicate stuff already and generally the shell parameters are quite the same as the profile options.
dirty idea thingy to be integrated:
https://gist.github.com/matu3ba/2fe10dc599d1f0671a23cce8aeb0a975
What do you think?

@rusty-snake
Copy link
Collaborator

i think that creating profiles should contain all information that makes writing your own profiles easier, so what about spliting a small usage out of your Idea and add it to FAQ and the rest to Creating profiels

@netblue30
Copy link
Owner

What do you want to do with all the questions/comments on the support page?

Maybe we can extract some of the questions/solutions they come up with, but other than that is not worth the trouble importing them.

@netblue30
Copy link
Owner

#2812

Quite a common question, I'll added to the FAQ.

@matu3ba

This comment has been minimized.

@matu3ba

This comment has been minimized.

@SkewedZeppelin
Copy link
Collaborator

$ firejail --allow-debuggers --ignore=seccomp --ignore=protocol --ignore=noroot --ignore=nogroups --ignore=nonewprivs firefox --no-remote

I don't like recommending this, nor have I seen it necessary. Where is it from?

@rusty-snake
Copy link
Collaborator

rusty-snake commented Jul 1, 2019

@SkewedZeppelin from the wordpress FAQ.

line 135: https://github.com/netblue30/firejail/wiki/Frequently-Asked-Questions/_compare/edf31690da5d6fe123482a3b7d21aef013f53b54

I add only --ignore=noroot --ignore=nogroups --ignore=nonewprivs.

@matu3ba

This comment has been minimized.

@SkewedZeppelin
Copy link
Collaborator

SkewedZeppelin commented Jul 1, 2019

Netflix (Widevine CDM) should only need browser-allow-drm yes.
The only time ptrace is used with with Widevine CDM under Chromium in certain edge cases iirc.

and I thought ignore noroot was all that was needed for NVIDIA proprietary drivers?

I haven't tested AMDGPU PRO in a while but I don't think it uses any SUID binaries like the NVIDIA ones, so it can be removed from there.

@matu3ba

This comment has been minimized.

@matu3ba
Copy link
Contributor Author

matu3ba commented Jul 8, 2019

Last update of tasks 2019-07-02
Last update of work 2019-07-09

Common problem
1.Symlink fixing(installation path in /usr/local #1995 #2629
2. whitelist and blacklist #2419 whitelist-blacklist discussion #1569
3. allowing specific profiles #2097

Guidelines

  1. server Unable to run a C executable in firejail: Permission denied error. #1521
  2. cgroup Limit the memory size used by the jailed process #593
  3. wlan interfaces Is there a recommended workaround for using wlan interfaces with firejail? #1600, ip tables filter
  4. strace Improved strace syscall editing instructions #404
  5. Xephyr ??? Odd behaviour with --x11=xorg under GNOME 3 / gdm #1652

@SkewedZeppelin
Copy link
Collaborator

Can we please not use the hide/resolve comment feature?
I know it can be handy, but evil GitHub prevents non-logged in users from reading hidden comments (even ones that aren't spam and are simply outdated/resolved) for whatever crazy reason.

Commenting here since this issue has the most hidden comments.

@matu3ba
Copy link
Contributor Author

matu3ba commented Jul 9, 2019

@SkewedZeppelin

Summary ```js const x = 1 ```

explained in here could be used or can you think of a better way?
I dont like the need to write the annoying tags, so I requested a github functionality for this.

@rusty-snake
Copy link
Collaborator

@matu3ba

I dont like the need to write the annoying tags, so I requested a github functionality for this.

Easyer: GH allow all users to show the comments.

@SkewedZeppelin OK, that's real evil from GH. I will not use it for now, but one questions. Do you mean that also for the profile request issue or just for the wiki issues?

@matu3ba
Copy link
Contributor Author

matu3ba commented Jul 9, 2019

TODO
1.allowing specific profiles #2097
2. LD_PRELOAD, once finished

@rusty-snake
Copy link
Collaborator

@matu3ba I don't really understand what your new "A program does not start with firejail" point is about. starts the program fine, but not in firejail or firejail breaks the program from starting.

@matu3ba
Copy link
Contributor Author

matu3ba commented Jul 13, 2019

@rusty-snake It is the description of the problem.
Do you have a better idea how to reformulate?
Or shall I leave it out?

@rusty-snake
Copy link
Collaborator

firejail --list does not show the running program to be inside a firejail sandbox.

  1. There is no firejail profile

@matu3ba that makes no sense, becausefirejail PROGRAM_WITHOUT_PROFILE will load the default profile.

@rusty-snake
Copy link
Collaborator

rusty-snake commented Sep 9, 2019

#2953
#2880

@rusty-snake
Copy link
Collaborator

#3173
#3185

@matu3ba
Copy link
Contributor Author

matu3ba commented Apr 10, 2020

#3224 zombies
#3100 common signalling problems in applications

@rusty-snake
Copy link
Collaborator

@NetSysFire

- First make sure you have run `sudo firecfg`.
+ First make sure you have run `firecfg` as root.

There is a huge difference between running firecfg as root and sudo firecfg:
firecfg does only perform a desktop-file fix-up if it is started with sudo.

IMHO: The explicit note for firejail /opt/foo/bar was easier for unskilled users.

@NetSysFire
Copy link
Contributor

For some reason I did not see this.
Fixed: https://github.com/netblue30/firejail/wiki/Frequently-Asked-Questions/_compare/a45691b053a8e7431dd4574b0c426c6b4eb85de3...bc30985c2ee1e2d65dce375652757c687a317dd3

@NetSysFire
Copy link
Contributor

I made some relatively small changes to the page.

One thing that is still missing imo is a section or even a page on how to debug errors.

@matu3ba
Copy link
Contributor Author

matu3ba commented Aug 17, 2020

@NetSysFire You find this here. Probably the name should be Debugging Tips instead of Developing Firejail renamed, since there was no activity on that wiki page for a long time

@NetSysFire
Copy link
Contributor

This will not help the average user to debug common issues, like a broken profile. I would like to add something like this:

  • run it in your terminal if you have not done that already, the output may contain relevant errors
    • also try to increase the verbosity of the affected application because it may report that it can not access a specific file or directory
    • if it segfaults, check your syslog for audit messages which indicate a blocked syscall
  • try using the default profile (--profile=default)
  • use the --debug* arguments
  • ...

I will probably add this to the debugging page later but the list is not complete yet.

Hints on how to debug a specific error message would also be very useful. Error: proc 30891 cannot sync with peer: unexpected EOF for example is not that easy to understand.

@rusty-snake
Copy link
Collaborator

We need to change all the dbus stuff.

@kmk3
Copy link
Collaborator

kmk3 commented Mar 5, 2021

@SkewedZeppelin commented on Jul 8, 2019:

Can we please not use the hide/resolve comment feature?

I know it can be handy, but evil GitHub prevents non-logged in users from
reading hidden comments (even ones that aren't spam and are simply
outdated/resolved) for whatever crazy reason.

Commenting here since this issue has the most hidden comments.

The loginwall is very unfortunate indeed.

I just checked if it also affects Pull Request threads marked as "resolved",
and fortunately it doesn't.

@rusty-snake
Copy link
Collaborator

#4446

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
wiki Discussions about the wiki
Projects
None yet
Development

No branches or pull requests

8 participants