Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pacman needs to send signals to mullvad to restart + other logs #596

Open
odomingao opened this issue Oct 31, 2024 · 4 comments
Open

pacman needs to send signals to mullvad to restart + other logs #596

odomingao opened this issue Oct 31, 2024 · 4 comments

Comments

@odomingao
Copy link
Contributor 

ALLOWED pacman signal comm=pkill requested_mask=send denied_mask=send signal=term peer=mullvad-gui
DENIED  mullvad-gui signal comm=pkill requested_mask=receive denied_mask=receive signal=term peer=pacman

DENIED  mullvad-setup open @{sys}/fs/cgroup/user.slice/user-@{uid}.slice/session-1.scope/cpu.max comm=mullvad-setup requested_mask=r denied_mask=r
DENIED  mullvad-setup open @{sys}/fs/cgroup/user.slice/user-@{uid}.slice/cpu.max comm=mullvad-setup requested_mask=r denied_mask=r
DENIED  mullvad-setup open @{sys}/fs/cgroup/user.slice/cpu.max comm=mullvad-setup requested_mask=r denied_mask=r

also there's a bunch of complaints from makepkg after I installed firejail. It wants mount permissions for a bunch of directories such as:

ALLOWED makepkg mount @{HOME}/Pictures/ info="failed mntpnt match" comm=firejail error=-13 srcname=/run/firejail/firejail.ro.dir/ flags="rw, rbind"
ALLOWED makepkg mount @{HOME}/Videos/ info="failed mntpnt match" comm=firejail error=-13 srcname=/run/firejail/firejail.ro.dir/ flags="rw, rbind"
ALLOWED makepkg mount /tmp/.X11-unix/ info="failed mntpnt match" comm=firejail srcname=/run/firejail/firejail.ro.dir/ flags="rw, rbind" error=-13
ALLOWED makepkg mount @{HOME}/.Xauthority info="failed mntpnt match" comm=firejail error=-13 srcname=/run/firejail/firejail.ro.file flags="rw, rbind"
ALLOWED makepkg mount @{sys}/fs/ info="failed mntpnt match" comm=firejail flags="rw, rbind" error=-13 srcname=/run/firejail/firejail.ro.dir/
ALLOWED makepkg mount @{sys}/module/ info="failed mntpnt match" comm=firejail error=-13 srcname=/run/firejail/firejail.ro.dir/ flags="rw, rbind"
ALLOWED makepkg mount @{user_config_dirs}/pulse/ info="failed mntpnt match" comm=firejail error=-13 srcname=/run/firejail/firejail.ro.dir/ flags="rw, rbind"
ALLOWED makepkg mount @{user_config_dirs}/pipewire/ info="failed mntpnt match" comm=firejail flags="rw, rbind" srcname=/run/firejail/firejail.ro.dir/ error=-13
ALLOWED makepkg capable comm=firejail capability=1 capname=dac_override
ALLOWED makepkg mount @{run}/firejail/mnt/seccomp/ info="failed mntpnt match" comm=firejail error=-13 srcname=/run/firejail/mnt/seccomp/ flags="rw, rbind"
ALLOWED makepkg mount @{run}/firejail/mnt/seccomp/ info="failed mntpnt match" comm=firejail error=-13 flags="ro, nosuid, remount, bind"
ALLOWED makepkg getattr owner dev/pts/4 info="Failed name lookup - disconnected path" comm=patch requested_mask=r denied_mask=r error=-13
roddhjav added a commit that referenced this issue Nov 1, 2024
@roddhjav
feat(profile): pacman can restart any updated program.
a9a41ef 
See #596
@roddhjav
Copy link
Owner

roddhjav commented Nov 10, 2024
edited
Loading

The pacman issue should be fixed. Regarding makepkg, well... I think it is doing its jobs... The pkgbuild of firejail really wants to mount directories such as @{HOME}/Pictures/ into /run/firejail/firejail.ro.dir/???

@odomingao
Copy link
Contributor Author

Thank you!

The pkgbuild of firejail really wants to mount directories such as @{HOME}/Pictures/ into /run/firejail/firejail.ro.dir/???

I have no clue.. I get similar logs for a lot of directories, not sure what's going on there but thought I'd share.

ALLOWED makepkg capable comm=patch capability=6 capname=setgid
ALLOWED makepkg ptrace comm=firejail requested_mask=read denied_mask=read peer=unconfined
ALLOWED makepkg ptrace comm=firejail requested_mask=read denied_mask=read peer=systemd-journald
ALLOWED makepkg capable comm=firejail capability=19 capname=sys_ptrace
ALLOWED makepkg ptrace comm=firejail requested_mask=read denied_mask=read peer=systemd-networkd
ALLOWED makepkg ptrace comm=firejail requested_mask=read denied_mask=read peer=systemd-resolved
ALLOWED makepkg ptrace comm=firejail requested_mask=read denied_mask=read peer=auditd
ALLOWED makepkg ptrace comm=firejail requested_mask=read denied_mask=read peer=earlyoom
ALLOWED makepkg ptrace comm=firejail requested_mask=read denied_mask=read peer=irqbalance
ALLOWED makepkg ptrace comm=firejail requested_mask=read denied_mask=read peer=polkitd
ALLOWED makepkg ptrace comm=firejail requested_mask=read denied_mask=read peer=systemd-logind
ALLOWED makepkg ptrace comm=firejail requested_mask=read denied_mask=read peer=systemd-machined
ALLOWED makepkg ptrace comm=firejail requested_mask=read denied_mask=read peer=NetworkManager
ALLOWED makepkg ptrace comm=firejail requested_mask=read denied_mask=read peer=chronyd
ALLOWED makepkg ptrace comm=firejail requested_mask=read denied_mask=read peer=ModemManager
ALLOWED makepkg ptrace comm=firejail requested_mask=read denied_mask=read peer=libvirtd
ALLOWED makepkg ptrace comm=firejail requested_mask=read denied_mask=read peer=mullvad-daemon
ALLOWED makepkg ptrace comm=firejail requested_mask=read denied_mask=read peer=login
ALLOWED makepkg ptrace comm=firejail requested_mask=read denied_mask=read peer=tor
ALLOWED makepkg ptrace comm=firejail requested_mask=read denied_mask=read peer=dnsmasq
ALLOWED makepkg ptrace comm=firejail requested_mask=read denied_mask=read peer=pipewire
ALLOWED makepkg ptrace comm=firejail requested_mask=read denied_mask=read peer=wireplumber
ALLOWED makepkg ptrace comm=firejail requested_mask=read denied_mask=read peer=hyprland
ALLOWED makepkg ptrace comm=firejail requested_mask=read denied_mask=read peer=rtkit-daemon
ALLOWED makepkg ptrace comm=firejail requested_mask=read denied_mask=read peer=dconf-service
ALLOWED makepkg ptrace comm=firejail requested_mask=read denied_mask=read peer=waybar
ALLOWED makepkg ptrace comm=firejail requested_mask=read denied_mask=read peer=xdg-desktop-portal
ALLOWED makepkg ptrace comm=firejail requested_mask=read denied_mask=read peer=wl-copy
ALLOWED makepkg ptrace comm=firejail requested_mask=read denied_mask=read peer=pypr
ALLOWED makepkg ptrace comm=firejail requested_mask=read denied_mask=read peer=xdg-document-portal
ALLOWED makepkg ptrace comm=firejail requested_mask=read denied_mask=read peer=nemo
ALLOWED makepkg ptrace comm=firejail requested_mask=read denied_mask=read peer=mullvad-gui
ALLOWED makepkg ptrace comm=firejail requested_mask=read denied_mask=read peer=xdg-permission-store
ALLOWED makepkg ptrace comm=firejail requested_mask=read denied_mask=read peer=xdg-document-portal//fusermount
ALLOWED makepkg ptrace comm=firejail requested_mask=read denied_mask=read peer=xdg-desktop-portal-gtk
ALLOWED makepkg ptrace comm=firejail requested_mask=read denied_mask=read peer=nm-applet
ALLOWED makepkg ptrace comm=firejail requested_mask=read denied_mask=read peer=emacs
ALLOWED makepkg ptrace comm=firejail requested_mask=read denied_mask=read peer=gitstatusd
ALLOWED makepkg ptrace comm=firejail requested_mask=read denied_mask=read peer=xdg-dbus-proxy
ALLOWED makepkg ptrace comm=firejail requested_mask=read denied_mask=read peer=librewolf
ALLOWED makepkg ptrace comm=firejail requested_mask=read denied_mask=read peer=floorp
ALLOWED makepkg ptrace comm=firejail requested_mask=read denied_mask=read peer=brave//&brave-crashpad-handler
ALLOWED makepkg ptrace comm=firejail requested_mask=read denied_mask=read peer=upowerd
ALLOWED makepkg ptrace comm=firejail requested_mask=read denied_mask=read peer=freetube
ALLOWED makepkg ptrace comm=firejail requested_mask=read denied_mask=read peer=yay
ALLOWED makepkg ptrace comm=firejail requested_mask=read denied_mask=read peer=inotifywait
ALLOWED makepkg getattr  info="Failed name lookup - disconnected path" comm=firejail requested_mask=r denied_mask=r error=-13
ALLOWED makepkg capable comm=firejail capability=21 capname=sys_admin
ALLOWED makepkg mount / info="failed mntpnt match" comm=firejail error=-13 flags="rw, rslave"
ALLOWED makepkg mount @{run}/firejail/mnt/ info="failed mntpnt match" comm=firejail srcname=tmpfs error=-13 fstype=tmpfs flags="rw, nosuid, strictatime"
ALLOWED makepkg capable comm=firejail capability=0 capname=chown
ALLOWED makepkg capable comm=firejail capability=3 capname=fowner
ALLOWED makepkg mount @{run}/firejail/lib/ info="failed mntpnt match" comm=firejail srcname=/usr/lib/firejail/ flags="rw, bind" error=-13
ALLOWED makepkg mount @{run}/firejail/lib/ info="failed mntpnt match" comm=firejail flags="ro, nosuid, nodev, remount, bind" error=-13
ALLOWED makepkg capable comm=firejail capability=8 capname=setpcap
ALLOWED makepkg capable comm=3 capability=12 capname=net_admin
ALLOWED makepkg capable comm=firejail capname=setgid capability=6
ALLOWED makepkg mount @{PROC}/ info="failed mntpnt match" comm=firejail fstype=proc srcname=proc flags="rw, nosuid, nodev, noexec" error=-13
ALLOWED makepkg mount /etc/ info="failed mntpnt match" comm=firejail srcname=/etc/ flags="rw, rbind" error=-13
ALLOWED makepkg mount /etc/ info="failed mntpnt match" comm=firejail error=-13 flags="ro, remount, noatime, bind"
ALLOWED makepkg mount /etc/ info="failed mntpnt match" comm=firejail error=-13 flags="ro, nosuid, nodev, noexec, remount, noatime, bind"
ALLOWED makepkg mount /var/ info="failed mntpnt match" comm=firejail srcname=/var/ flags="rw, rbind" error=-13
ALLOWED makepkg mount /var/ info="failed mntpnt match" comm=firejail error=-13 flags="ro, nosuid, remount, noatime, bind"
ALLOWED makepkg mount /var/ info="failed mntpnt match" comm=firejail error=-13 flags="ro, nosuid, nodev, noexec, remount, noatime, bind"
ALLOWED makepkg mount /usr/ info="failed mntpnt match" comm=firejail srcname=/usr/ error=-13 flags="rw, rbind"
ALLOWED makepkg mount /usr/ info="failed mntpnt match" comm=firejail flags="ro, remount, noatime, bind" error=-13

@roddhjav
Copy link
Owner

Can you tell me the firejail package you built from the aur? firejail-git ? I had not such logs with it

@odomingao
Copy link
Contributor Author

No, I installed it from the main repos. Version: 0.9.72-3

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@roddhjav @odomingao