Cannot start Libreoffice with the latest Firejail

[youknow16]

No description provided.

[matu3ba]

Please dont link to images, if possible, because they may be removed.
The error is

[context="user"] caught unexpected com.sun.start.deployment.DeloymentException: 
Extension Manager: failed to read data entry in configuration backend db: 
file:////home/user/.config/libreoffice/XXX/backenddb.xml

Looks like this may be unrelated.
Libreoffice profiles may just break.

Please try resetting your profile and report.
Meta: Are you running libreoffice as superuser?

If the problem persists:
It is weird that the program fails to read from that path, because the libreoffice profile contains noblacklist ${HOME}/.config/libreoffice.
What is your output of firejail --debug libreoffice ?

[rusty-snake]

Meta: Are you running libreoffice as superuser?

https://github.com/netblue30/firejail/wiki/Frequently-Asked-Questions#ive-noticed-the-title-bar-in-firefox-shows-as-superuser-is-this-normal

It is weird that the program fails to read from that path, because the libreoffice profile contains noblacklist ${HOME}/.config/libreoffice.

Describe clear and concise what changed calling firejail --noprofile PROGRAM in a shell.
The exact same thing happens with firejail --noprofile libreoffice.
The only way to run libreoffice is by directly running /usr/bin/libreoffice

[matu3ba]

Searching $PATH for libreoffice
trying #/home/ThisUser/anaconda3/bin/libreoffice#
trying #/home/ThisUser/anaconda3/condabin/libreoffice#
trying #/usr/local/sbin/libreoffice#
trying #/usr/local/bin/libreoffice#
trying #/usr/sbin/libreoffice#
trying #/usr/bin/libreoffice#
Installing /run/firejail/mnt/seccomp/seccomp seccomp filter
Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter
Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter
monitoring pid 10

I/O warning : failed to load external entity "/home/ThisUser/.config/libreoffice/4/user/config/javasettings_Linux_X86_64.xml"
javaldx failed!
Warning: failed to read path from javaldx

(soffice:27): dbind-WARNING **: 13:33:30.077: Couldn't register with accessibility bus: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
Gtk-Message: 13:33:31.444: GtkDialog mapped without a transient parent. This is discouraged.
Sandbox monitor: waitpid 10 retval 10 status 19712

Parent is shutting down, bye...

I will check later, when I have time.

[matu3ba]

@youknow10 Oh boy, these error messages are most unhelpful.
Could be access related (owner of subfolders .config/libreoffice is not user), could be a bug/race condition in dbus. Could be related to setup.

Do you have JAVA_HOME=/opt/jdk or where is java installed?

[matu3ba]

@youknow10 what is the output of which java ?

[rusty-snake]

@youknow10 what happens with firejail --private --noprofile /usr/bin/libreoffice.

[matu3ba]

@rusty-snake What does noblacklist ${PATH}/java evaluate?

@youknow10 Can you try to adjust the paths in etc/allow-java.inc ?
noblacklist /etc/java is the path in profile instead of /etc/alternatives/java
noblacklist /usr/lib/java instead of /usr/lib/jvm/java-11-openjdk-amd64/bin/java.
Change it to your setup and report.

[matu3ba]

@youknow10 What is the output of echo $PATH ?

[matu3ba]

@youknow10 What is your echo $PATH ?

[rusty-snake]

@youknow10 then it is caused by your LO config.

@matu3ba changing paths in allow-java.inc makes no sense, because noblacklist hasn't any effect if there is no blacklist.

[rusty-snake]

Or some java files in your home or something else in your home.

[captaidman]

I've never been able to run Libreoffice in firejail on Linux Mint 19.x. I can only run it outside of firejail. I'm starting to think I should switch to Ubuntu. Linux Mint + firejail is only giving me problems with the apps I use.

[rusty-snake]

works it with whitelisting?

libreoffice.local:

whitelist ${HOME}/.config/libreoffice
include whitelist-common.inc

If you run firejail --build /usr/bin/libreoffice, what additional (dot) files are whitelisted in your home.

Or some java files in your home or something else in your home.

Since --private works something in your home must be the cause.

[rusty-snake]

How can I add that --private to the profile?

Just add it, but then you can save your work.

If you just whitelist .config/libreoffice?
firejail '--whitelist=${HOME}/.config/libreoffice' /usr/bin/libreoffice

[rusty-snake]

With just whitelist, I mean just. Remove include whitelist-common.inc form libreoffice.local.

[matu3ba]

@rusty-snake Would it make sense to label this firecfg, because it is a bug of the load-path (of the OS) ? I mean this looks like a mess on Linux Mint.

[matu3ba]

Candidate for wiki FAQ #2792
"Linux Mint + firejail is only giving me problems with the apps I use."

[rusty-snake]

Would it make sense to label this firecfg

No, because the firecfg label is for bugs/enhancements in/for firecfg.

[bbhtt]

I've never been able to run Libreoffice in firejail on Linux Mint 19.x. I can only run it outside of firejail. I'm starting to think I should switch to Ubuntu. Linux Mint + firejail is only giving me problems with the apps I use.

I booted up a Mint 20 VM today to reproduce all Mint specific firejail issues and Libreoffice works perfectly fine under default firejail profiles.

Kernel: 5.4.0-40-generic x86_64 bits: 64 compiler: gcc v: 9.3.0 
  Desktop: Cinnamon 4.6.6 Distro: Linux Mint 20 Ulyana 
  base: Ubuntu 20.04 focal 
$ firejail --version
firejail version 0.9.62
Compile time support:
	- AppArmor support is enabled
	- AppImage support is enabled
	- chroot support is enabled
	- file and directory whitelisting support is enabled
	- file transfer support is enabled
	- firetunnel support is enabled
	- networking support is enabled
	- overlayfs support is enabled
	- private-home support is enabled
	- seccomp-bpf support is enabled
	- user namespace support is enabled
	- X11 sandboxing support is enabled
echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games
which java
/usr/bin/java

profile.txt

Is this something specific to 19.3 or firejail 0.9.63?

[rusty-snake]

still an issue?

[ffff135]

Deleting ~/.config/libreoffice/ works, but I have to do it again every time after running LibreOffice, even when using firejail. I'm using the official LibreOffice AppImage on Debian GNU/Linux 10 (buster).

Command used to start LibreOffice:

$ firejail --appimage /usr/local/bin/LibreOffice-7.1.0.0.beta1-x86_64.AppImage
Mounting appimage type 2
Reading profile /etc/firejail/default.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Warning: networking feature is disabled in Firejail configuration file

** Note: you can use --noprofile to disable default.profile **

Parent pid 15609, child pid 15612

**     Warning: dropping all Linux capabilities     **
Child process initialized in 121.48 ms
javaldx failed!
Warning: failed to read path from javaldx

Parent is shutting down, bye...
AppImage unmounted

Firejail version info:

$ firejail --version
firejail version 0.9.58.2

Compile time support:
        - AppArmor support is enabled
        - AppImage support is enabled
        - chroot support is enabled
        - file and directory whitelisting support is enabled
        - file transfer support is enabled
        - networking support is enabled
        - overlayfs support is enabled
        - private-home support is enabled
        - seccomp-bpf support is enabled
        - user namespace support is enabled
        - X11 sandboxing support is enabled

[glitsj16]

$ firejail --appimage /usr/local/bin/LibreOffice-7.1.0.0.beta1-x86_64.AppImage

@ffff135 As you can see from your output posted above you're instructing firejail to use the default.profile, which isn't designed for LO. FYI, when using AppImages, explicitly append the --profile=foo option:

$ firejail --profile=/etc/firefox/libreoffice.profile --appimage  /usr/local/bin/LibreOffice-7.1.0.0.beta1-x86_64.AppImage

[ffff135]

Oops, sorry about that. Running with firejail --profile=/etc/firejail/libreoffice.profile --appimage works correctly on my version of firejail. Thank you.

[rusty-snake]

I'm closing here due to inactivity, please fell free to request to reopen if you still have this issue.