opera-beta_34.0.2036.16_amd64.deb crashed using Firejail on Debian
user@hostname:~$ firejail /usr/bin/opera-beta
Parent pid 13092, child pid 13093
Child process initialized
[1127/101523:FATAL:setuid_sandbox_host.cc(159)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /usr/lib/x86_64-linux-gnu/opera-beta/opera_sandbox is owned by root and has mode 4755.
parent is shutting down, bye...
Opera already runs in a sandbox using seccomp-bpf, so my guess is it conflicts. There's no need to run Opera inside firejail.
If you want to, make sure to disable seccomp sandboxing in firejail.
Chromium have no problem with firejail. Opera is based on Chromium.
opera_12.16.1860_i386.deb is working fine with firejail.
From the Firejail authors' blog :
Firejail – A Security Sandbox for Mozilla Firefox, Part 1
"Chromium sandbox is similar to Firejail, it implements its own seccomp filter, but it leaves the filesystem wide open."
To give us understanding on the Chromium sandbox implementation, enter the following on the Chromium URL address bar on a plain Chromium running without Firejail.
Try to browse your home directory. Your home directory and the whole /home directory are accessible.
Now lets try running Chromium inside a Firejail via CLI or on the terminal :
$firejail --private chromium
Then access your home file directory by entering on the Chromium URL address bar
Here is another option, create a sandboxed folder in your home directory then run the following:
$firejail --private=/home/user/sandboxed chromium
Replace user with your username account, .
Access again your home file directory by entering on the Chromium URL address bar to see the difference.
The above example can also be easily done on Firefox using the File menu instead of entering on the URL address bar.