firejail: Error: cannot establish communication with the parent, exiting...

[tex]

Issue description

firejail bash
...
Error: cannot establish communication with the parent, exiting...
...

Steps to reproduce

[milan@nixos ~]$ firejail --debug bash ~
Autoselecting /nix/store/fibk8jc2iwswn1q1d7aw98pcw2l3lzjf-bash-4.4-p12/bin/bash as shell
Command name #bash#
Attempting to find default.profile...
Found default profile in /nix/store/y4ai4pgjizcanjahcfcd785i7n0h6r4q-firejail-0.9.44.8/etc/firejail directory
Reading profile /nix/store/y4ai4pgjizcanjahcfcd785i7n0h6r4q-firejail-0.9.44.8/etc/firejail/default.profile
Reading profile /nix/store/y4ai4pgjizcanjahcfcd785i7n0h6r4q-firejail-0.9.44.8/etc/firejail/disable-common.inc
Reading profile /nix/store/y4ai4pgjizcanjahcfcd785i7n0h6r4q-firejail-0.9.44.8/etc/firejail/disable-programs.inc
Reading profile /nix/store/y4ai4pgjizcanjahcfcd785i7n0h6r4q-firejail-0.9.44.8/etc/firejail/disable-passwdmgr.inc

** Note: you can use --noprofile to disable default.profile **

DISPLAY :0, 0
Using the local network stack
Parent pid 17474, child pid 17475
Initializing child process
Host network configured
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Mounting read-only /bin, /sbin, /lib, /lib32, /lib64, /usr, /etc, /var
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/x11
Remounting /proc and /proc/sys filesystems
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/module
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/config.gz
Disable /proc/timer_list
Disable /proc/timer_stats
Disable /proc/kcore
Disable /proc/kallsyms
Disable /boot
Disable /dev/port
Disable /dev/kmsg
Disable /proc/kmsg
Disable /home/milan/.gnuplot_history
Disable /home/milan/.zsh_history
Disable /home/milan/.bash_history
Mounting read-only /home/milan/.local/share/applications
Disable /home/milan/.kde/Autostart
Error: cannot establish communication with the parent, exiting...
[milan@nixos ~]$

Technical details

• System: (NixOS: nixos-version, Ubuntu/Fedora: lsb_release -a, ...)
  17.09.git.d9b36c3 (Hummingbird)

• Nix version: (run nix-env --version)
  nix-env (Nix) 1.11.8

• Nixpkgs version: (run nix-instantiate --eval '<nixpkgs>' -A lib.nixpkgsVersion)
  "17.09.git.d9b36c36c5"

[lheckemann]

May be caused by netblue30/firejail#1098 . Does the same occur with firejail --noprofile --whitelist=~/.nix-profile, and not with firejail --noprofile?

[r-raymond]

I'm having the same issue on Nixos 17.03. There at least it is exactly as you have described it, hence almost certainly the referenced issue.

[tex]

Failure:
[milan@nixos nixpkgs]$ firejail --noprofile --whitelist=~/.nix-profile firefox /etc/nixos/nixpkgs
Parent pid 17347, child pid 17351
Error: invalid whitelist path /home/milan/.nix-profile
Error: cannot establish communication with the parent, exiting...

Success:
[milan@nixos nixpkgs]$ firejail --noprofile firefox /etc/nixos/nixpkgs
Parent pid 17559, child pid 17560
Child process initialized

[lheckemann]

Yep, that does look like it's that issue.