-
Notifications
You must be signed in to change notification settings - Fork 557
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can't run Chromium in firejail with --overlay-tmpfs option #1008
Comments
I'll put a fix in. |
All fixed in git. |
Unfortunately can't try it out due to build failure -
|
Fixed, problem in the Makefile.in. |
Thanks! In 14.04, Chromium now does run with Still fails in 16.04 though, same error as before. 🙁 |
It's possible, I only tested it here on Debian stable. I'll give it a try on 16.04. |
Sorry I had to drop this, there are some security issues. For now, OverlayFS will require seccomp, and seccomp will prevent Chromium from starting. |
Thank you for letting me know. I tried building the latest firejail with the Anyway, I may have found a workaround -
Do I lose out on anything this way? |
You will still have seccomp enabled, it is just moved from chromium process to firejail process. It is very difficult to say what is the best place for seccomp to be. In both cases there are advantages and disadvantages. |
Xubuntu 16.04
firejail 0.9.44.2
Chromium version -
This works -
This, however, does not -
This also fails in firejail 0.9.38.
In Lubuntu 14.04, this still fails under firejail 0.9.44.2. But there it works fine in firejail 0.9.38.
How to get Chromium to run in firejail 0.9.44.2 with the
--overlay-tmpfs
option?The text was updated successfully, but these errors were encountered: