opera-beta_34.0.2036.16_amd64.deb crashed using Firejail on Debian

  • user@hostname:~$ firejail /usr/bin/opera-beta

    Parent pid 13092, child pid 13093
    Child process initialized
    [1127/101523:FATAL:setuid_sandbox_host.cc(159)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /usr/lib/x86_64-linux-gnu/opera-beta/opera_sandbox is owned by root and has mode 4755.

    parent is shutting down, bye...

    https://l3net.wordpress.com/projects/firejail/

  • Opera already runs in a sandbox using seccomp-bpf, so my guess is it conflicts. There's no need to run Opera inside firejail.

    If you want to, make sure to disable seccomp sandboxing in firejail.

  • Chromium have no problem with firejail. Opera is based on Chromium.

  • opera_12.16.1860_i386.deb is working fine with firejail.

  • @walrus8 did you read what I wrote above? Both Chromium and Opera already run inside a seccomp-bpf sandbox, so you have to disable this feature of FireJail to run Opera. There's a command-line flag for this AFAIK.

  • From the Firejail authors' blog :

    Firejail – A Security Sandbox for Mozilla Firefox, Part 1

    https://l3net.wordpress.com/2014/09/19/firejail-a-security-sandbox-for-mozilla-firefox/

    "Chromium sandbox is similar to Firejail, it implements its own seccomp filter, but it leaves the filesystem wide open."

    To give us understanding on the Chromium sandbox implementation, enter the following on the Chromium URL address bar on a plain Chromium running without Firejail.

    file:///home/
    

    Try to browse your home directory. Your home directory and the whole /home directory are accessible.

    Now lets try running Chromium inside a Firejail via CLI or on the terminal :

    $firejail --private chromium
    

    Then access your home file directory by entering on the Chromium URL address bar

    file:///home/
    

    Here is another option, create a sandboxed folder in your home directory then run the following:

    $firejail --private=/home/user/sandboxed chromium
    

    Replace user with your username account, .

    Access again your home file directory by entering on the Chromium URL address bar to see the difference.

    file:///home/
    

    The above example can also be easily done on Firefox using the File menu instead of entering on the URL address bar.

  • Hi @avl,

    opera-beta_34.0.2036.16_amd64.deb is already working with Firejail (0.9.34-1) in Ubuntu 15.10 if it is invoked with the following --noprofile option :

    $firejail --noprofile opera-beta
    

    Firejail is a must especially if you have installed Flash-plugin in Opera.

Log in to reply
 

Looks like your connection to Opera forums was lost, please wait while we try to reconnect.