27.9.1 Won't start with Firejail

Support and discussions for the x86/x64 Linux version of Pale Moon.

Moderators: trava90, satrow

User avatar
Amii_Leigh
Newbie
Newbie
Posts: 3
Joined: Sat, 24 Dec 2016, 01:34

27.9.1 Won't start with Firejail

Unread postby Amii_Leigh » Tue, 08 May 2018, 06:28

Trying to start Palemoon:

Code: Select all

$ firejail palemoon
Reading profile /etc/firejail/palemoon.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Parent pid 27197, child pid 27198
TESTING warning: noblacklist /home/amii/.moonchild productions/pale moon not matched by a proper blacklist command in disable*.inc
Blacklist violations are logged to syslog
Child process initialized in 80.64 ms


There it hangs. I don't know how to write or change code, but I do like Palemoon. I just updated my Firejail to

Code: Select all

firejail version 0.9.52

Compile time support:
   - AppArmor support is disabled
   - AppImage support is enabled
   - bind support is enabled
   - chroot support is enabled
   - file and directory whitelisting support is enabled
   - file transfer support is enabled
   - git install support is enabled
   - networking support is enabled
   - overlayfs support is enabled
   - private-home support is enabled
   - seccomp-bpf support is enabled
   - user namespace support is enabled
   - X11 sandboxing support is enabled


So, I was hoping this could be fixed? Or could someone tell me what to do to get firejail to play nice with Palemoon again?

VITecNet
New to the forum
New to the forum
Posts: 1
Joined: Tue, 08 May 2018, 13:57

Re: 27.9.1 Won't start with Firejail

Unread postby VITecNet » Tue, 08 May 2018, 14:03

I have exactly the same problem.

User avatar
New Tobin Paradigm
Knows the dark side
Knows the dark side
Posts: 4625
Joined: Tue, 09 Oct 2012, 19:37

Re: 27.9.1 Won't start with Firejail

Unread postby New Tobin Paradigm » Tue, 08 May 2018, 14:40

I don't know what you expect us to do about it.. We didn't create nor have any ties to firejail.. Have you asked them? Also, sandboxing Pale Moon is a terrible idea.. It can cause issues.
Last edited by New Tobin Paradigm on Tue, 08 May 2018, 14:41, edited 2 times in total.

User avatar
Amii_Leigh
Newbie
Newbie
Posts: 3
Joined: Sat, 24 Dec 2016, 01:34

Re: 27.9.1 Won't start with Firejail

Unread postby Amii_Leigh » Tue, 08 May 2018, 15:48

I only experienced this issue AFTER I 'upgraded' Palemoon. I had upgraded my Firejail before that, but Palemoon worked with the newer edition of Firejail just fine.

User avatar
Moonraker
Keeps coming back
Keeps coming back
Posts: 881
Joined: Wed, 30 Sep 2015, 23:02
Location: Lincolnshire.UK.

Re: 27.9.1 Won't start with Firejail

Unread postby Moonraker » Tue, 08 May 2018, 15:51

New Tobin Paradigm wrote:I don't know what you expect us to do about it.. We didn't create nor have any ties to firejail.. Have you asked them? Also, sandboxing Pale Moon is a terrible idea.. It can cause issues.

Strange answer.
Why would sandboxing pale moon be a bad idea and not for other browsers.?.That is exactly what firejail is designed to do so your response is puzzling to say the least.
Best wishes.
Slacko puppy linux 64bit.
Pale moon 27.9.0

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 22140
Joined: Sun, 28 Aug 2011, 17:27
Location: 58.5°N 15.5°E
Contact:

Re: 27.9.1 Won't start with Firejail

Unread postby Moonchild » Tue, 08 May 2018, 17:21

Moonraker wrote:Why would sandboxing pale moon be a bad idea and not for other browsers.?.That is exactly what firejail is designed to do so your response is puzzling to say the least.

Sandboxing any browser is a bad idea. Browsers have their own advanced security measures because they are designed to load and display untrusted remote content -- as a result it's a similar situation as running multiple antivirus suites concurrently.
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.

"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne

Image

User avatar
Amii_Leigh
Newbie
Newbie
Posts: 3
Joined: Sat, 24 Dec 2016, 01:34

Re: 27.9.1 Won't start with Firejail

Unread postby Amii_Leigh » Wed, 09 May 2018, 05:00

Thank You, kind sir.

CdeMills
Moongazer
Moongazer
Posts: 8
Joined: Tue, 17 Apr 2018, 15:23

Re: 27.9.1 Won't start with Firejail

Unread postby CdeMills » Wed, 09 May 2018, 20:14

Hello,
to elaborate a bit:
1) yes, it was reported on firejail BTS. A person with the same avatar as the first poster of this thread
2) in fact, palemoon is started and runs, but the main window never opens
3) given ALL the dirty tricks used to collect personal data from GAFA and associated enterprises, I have one separate profile for each of them; while the non-firejailed version never got any cookie or login or password from them.

Do you have any idea of changes between 27.9 and 27.9.1 which could have broken the GUI interface ? It is the first time this occurs since I use firejail.

Regards

Pascal

User avatar
Moonraker
Keeps coming back
Keeps coming back
Posts: 881
Joined: Wed, 30 Sep 2015, 23:02
Location: Lincolnshire.UK.

Re: 27.9.1 Won't start with Firejail

Unread postby Moonraker » Wed, 09 May 2018, 20:21

Could somebody be so kind as to elaborate just what firejail is actually for and its purpose,.?
Judging by previous posts it would appear sandboxing/firejailing a browser is not a good idea.So if sandboxing a browser is a bad idea then why would we assume any form of sandboxing is a good idea.?does this not put the actual usefulness and purpose of the program into question.
Slacko puppy linux 64bit.
Pale moon 27.9.0

CdeMills
Moongazer
Moongazer
Posts: 8
Joined: Tue, 17 Apr 2018, 15:23

Re: 27.9.1 Won't start with Firejail

Unread postby CdeMills » Wed, 09 May 2018, 22:43

Hello,
to my eyes, the important point is that the target program, whatever it is, runs in a chrooted environment. In the case of a browser, I use a chrooted env for specific sessions. When the browser starts in such a fresh environment, there is no single trace (history, cookies, ...) of previous browsing. Even no settings nor extensions. This makes cross-sites information leakage impossible, as one session can not play with cookies from another session. There is insulation at the file system level. The number of extensions is kept at a minimum, to counteract browser fingerprinting.

So I use palemoon inside a firejail environment to protect my privacy. I live in Europe. I had concerns since a long time about Facebook and its "interesting" content. I believed it was some way to make the visit longer and serve you more ads. In the previous month, with the Cambridge Analytica revelations, it appears that the "interesting" content was just psychological tests in disguise. As a scientist, I have no concerns participating in a test conducted with ethic, meaning e.a. informing the patient. In the case of Facebook, firejail permitted me to pro-actively defend myself against this data collection.

Another issue is about travel site looking at your previous browsing history. You go there ? We have the right car and the right hotel. Cross-site and cookies interchange. Once again solved by firejail.

Basically, I consider Palemoon as a very good browser and that all due diligence is made about safety. But there are so many companies targeting your personal information in hidden ways or using regular cookies that browser security is not enough. Forcing amnesia between sessions is another line of defense.

Regards

Pascal
Last edited by CdeMills on Wed, 09 May 2018, 22:51, edited 1 time in total.

CdeMills
Moongazer
Moongazer
Posts: 8
Joined: Tue, 17 Apr 2018, 15:23

Re: 27.9.1 Won't start with Firejail

Unread postby CdeMills » Wed, 09 May 2018, 22:46

Now a side question. I looked at the changes between 27.9 and 27.9.1. I noticed there are two changes about cairo in Windows. But then, under linux, "ldd `which palemoon`" shows no trace of calls to libcairo. In linux, do you use your own embedded lib or the system-wide lib ?

Regards

Pascal

User avatar
Moonraker
Keeps coming back
Keeps coming back
Posts: 881
Joined: Wed, 30 Sep 2015, 23:02
Location: Lincolnshire.UK.

Re: 27.9.1 Won't start with Firejail

Unread postby Moonraker » Wed, 09 May 2018, 22:55

CdeMills wrote:Hello,
to my eyes, the important point is that the target program, whatever it is, runs in a chrooted environment. In the case of a browser, I use a chrooted env for specific sessions. When the browser starts in such a fresh environment, there is no single trace (history, cookies, ...) of previous browsing. Even no settings nor extensions. This makes cross-sites information leakage impossible, as one session can not play with cookies from another session. There is insulation at the file system level. The number of extensions is kept at a minimum, to counteract browser fingerprinting.

So I use palemoon inside a firejail environment to protect my privacy. I live in Europe. I had concerns since a long time about Facebook and its "interesting" content. I believed it was some way to make the visit longer and serve you more ads. In the previous month, with the Cambridge Analytica revelations, it appears that the "interesting" content was just psychological tests in disguise. As a scientist, I have no concerns participating in a test conducted with ethic, meaning e.a. informing the patient. In the case of Facebook, firejail permitted me to pro-actively defend myself against this data collection.

Another issue is about travel site looking at your previous browsing history. You go there ? We have the right car and the right hotel. Cross-site and cookies interchange. Once again solved by firejail.

Basically, I consider Palemoon as a very good browser and that all due diligence is made about safety. But there are so many companies targeting your personal information in hidden ways or using regular cookies that browser security is not enough. Forcing amnesia between sessions is another line of defense.

Regards

Pascal

I thank you sincerely for that long and very informative reply.
Slacko puppy linux 64bit.
Pale moon 27.9.0

Nightbird
Fanatic
Fanatic
Posts: 158
Joined: Mon, 18 Jul 2016, 21:12

Re: 27.9.1 Won't start with Firejail

Unread postby Nightbird » Wed, 09 May 2018, 23:56

https://github.com/netblue30/firejail/issues/1930

The problem and perhaps the solution.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 22140
Joined: Sun, 28 Aug 2011, 17:27
Location: 58.5°N 15.5°E
Contact:

Re: 27.9.1 Won't start with Firejail

Unread postby Moonchild » Thu, 10 May 2018, 00:15

Apologies about the assumption that firejail was just for Firefox; it isn't. However, the profile in use for Pale Moon is a firefox-based profile, which may or may not work as-is.

So, the solution is apparently changing something in the configuration of the Pale Moon profile in firejail.

Commenting out the "tracelog" line apparently fixes the hangup.
Last edited by Moonchild on Thu, 10 May 2018, 00:16, edited 1 time in total.
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.

"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne

Image

Walter Dnes
Astronaut
Astronaut
Posts: 563
Joined: Thu, 30 Jul 2015, 20:29
Location: Vaughan, ON, Canada

Re: 27.9.1 Won't start with Firejail

Unread postby Walter Dnes » Thu, 10 May 2018, 07:16

CdeMills wrote:Hello,
to my eyes, the important point is that the target program, whatever it is, runs in a chrooted environment. In the case of a browser, I use a chrooted env for specific sessions. When the browser starts in such a fresh environment, there is no single trace (history, cookies, ...) of previous browsing. Even no settings nor extensions. This makes cross-sites information leakage impossible, as one session can not play with cookies from another session. There is insulation at the file system level. The number of extensions is kept at a minimum, to counteract browser fingerprinting.

This can be accomplished by using separate profiles for separate forums. E.g. to launch the profile for this forum, I run palemoon -new-instance -p palemoon Note that you have to create a "palemoon" profile ahead of time. The "-new-instance" insures that the correct profile is launched. Since each profile is a separate directory in "$HOME/.moonchild productions", cookies cannot be linked between profiles, of which I have approx 20. Note that "-no-remote" can be used instead of "-new-instance". In Pale Moon Tools/Preferences"Home Page" you can specify a list of URLs for the profile separated by space-pipe-space; e.g. the following is one long line for my "palemoon" profile...

http://www.palemoon.org/ | https://forum.palemoon.org | https://github.com/MoonchildProductions/Pale-Moon.git | viewforum.php?f=1 | viewforum.php?f=37 | viewforum.php?f=40

To block Facebook, in iptables block the following ranges input and output

  • 31.13.24.0/21
  • 31.13.64.0/18
  • 66.220.144.0/20
  • 69.63.176.0/20
  • 69.171.224.0/19
  • 74.119.76.0/22
  • 103.4.96.0/22
  • 173.252.64.0/18
  • 204.15.20.0/22

The one(s) that you actually see traffic for will depend on where you are on the planet.
There's a right way
There's a wrong way
And then there's my way

mrabc
Newbie
Newbie
Posts: 4
Joined: Sun, 13 May 2018, 08:44

Re: 27.9.1 Won't start with Firejail

Unread postby mrabc » Sun, 13 May 2018, 08:48

Nightbird wrote:https://github.com/netblue30/firejail/issues/1930

The problem and perhaps the solution.



Thank you for this link.

Is it the case that resolving the failure of Pale Moon 27.9.1 to work with Firejail will remain entirely the responsibility of individual users or is there likely to be an official solution in the next version of Pale Moon?

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 22140
Joined: Sun, 28 Aug 2011, 17:27
Location: 58.5°N 15.5°E
Contact:

Re: 27.9.1 Won't start with Firejail

Unread postby Moonchild » Sun, 13 May 2018, 08:54

mrabc wrote:Is it the case that resolving the failure of Pale Moon 27.9.1 to work with Firejail will remain entirely the responsibility of individual users or is there likely to be an official solution in the next version of Pale Moon?


It will remain the case for the individual users to fix until firejail fixes this on their end.
We can't do anything about this. There's nothing wrong with Pale Moon.
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.

"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne

Image

mrabc
Newbie
Newbie
Posts: 4
Joined: Sun, 13 May 2018, 08:44

Re: 27.9.1 Won't start with Firejail

Unread postby mrabc » Sun, 13 May 2018, 09:14

Moonchild wrote:
mrabc wrote:Is it the case that resolving the failure of Pale Moon 27.9.1 to work with Firejail will remain entirely the responsibility of individual users or is there likely to be an official solution in the next version of Pale Moon?


It will remain the case for the individual users to fix until firejail fixes this on their end.
We can't do anything about this. There's nothing wrong with Pale Moon.


Ok.

Thanks for the heads up. :thumbup:


Return to “Pale Moon for Linux”

Who is online

Users browsing this forum: No registered users and 6 guests