opera-beta_34.0.2036.16_amd64.deb crashed using Firejail on Debian

walrus8

walrus8 last edited by

user@hostname:~$ firejail /usr/bin/opera-beta

Parent pid 13092, child pid 13093
Child process initialized
[1127/101523:FATAL:setuid_sandbox_host.cc(159)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /usr/lib/x86_64-linux-gnu/opera-beta/opera_sandbox is owned by root and has mode 4755.

parent is shutting down, bye...

https://l3net.wordpress.com/projects/firejail/

avl

avl Opera last edited by

Opera already runs in a sandbox using seccomp-bpf, so my guess is it conflicts. There's no need to run Opera inside firejail.

If you want to, make sure to disable seccomp sandboxing in firejail.

walrus8

walrus8 last edited by

Chromium have no problem with firejail. Opera is based on Chromium.

walrus8

walrus8 last edited by

opera_12.16.1860_i386.deb is working fine with firejail.

avl

avl Opera last edited by

@walrus8 did you read what I wrote above? Both Chromium and Opera already run inside a seccomp-bpf sandbox, so you have to disable this feature of FireJail to run Opera. There's a command-line flag for this AFAIK.

walrus8

walrus8 last edited by

From the Firejail authors' blog :

Firejail – A Security Sandbox for Mozilla Firefox, Part 1

https://l3net.wordpress.com/2014/09/19/firejail-a-security-sandbox-for-mozilla-firefox/

"Chromium sandbox is similar to Firejail, it implements its own seccomp filter, but it leaves the filesystem wide open."

To give us understanding on the Chromium sandbox implementation, enter the following on the Chromium URL address bar on a plain Chromium running without Firejail.

file:///home/

Try to browse your home directory. Your home directory and the whole /home directory are accessible.

Now lets try running Chromium inside a Firejail via CLI or on the terminal :

$firejail --private chromium

Then access your home file directory by entering on the Chromium URL address bar

file:///home/

Here is another option, create a sandboxed folder in your home directory then run the following:

$firejail --private=/home/user/sandboxed chromium

Replace user with your username account, .

Access again your home file directory by entering on the Chromium URL address bar to see the difference.

file:///home/

The above example can also be easily done on Firefox using the File menu instead of entering on the URL address bar.

walrus8

walrus8 last edited by

Hi @avl,

opera-beta_34.0.2036.16_amd64.deb is already working with Firejail (0.9.34-1) in Ubuntu 15.10 if it is invoked with the following --noprofile option :

$firejail --noprofile opera-beta

Firejail is a must especially if you have installed Flash-plugin in Opera.