Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Firejail breaks daemonizing processes #3491

Open
NetSysFire opened this issue Jul 4, 2020 · 6 comments
Open

Firejail breaks daemonizing processes #3491

NetSysFire opened this issue Jul 4, 2020 · 6 comments
Labels
bug Something isn't working

Comments

@NetSysFire
Copy link
Contributor

The following snippet works without problems when executed without firejail. However, when run with firejail (firejail bash snippet.sh), it keeps this process in the foreground.
This causes problems with the SSH connection multiplexing feature and causes ansible and even git over SSH to hang, because SSH can not daemonize and lingers indefinitely.

#!/bin/bash

some_loop(){
  while true; do
    echo "looped"
    sleep 3
  done
}

echo "some interactive stuff"
echo -n "enter something: "
read -r spam
echo "you entered $spam"
echo "forking loop and exiting"
(some_loop&)

Related: #1518
@rusty-snake
Copy link
Collaborator

Duplicate of #2433?

@glitsj16
Copy link
Collaborator

glitsj16 commented Jul 4, 2020

@rusty-snake I was talking with the OP on IRC about this for quite a while. I think there are a few other potentially related issues. The fact there's seemingly something keeping firejail from backgrounding processes might be the root cause or the common-denominator for issues that go beyond SSH and git. I'll add proper links to those i could find as soon as i can track them down again.

@rusty-snake rusty-snake added the bug Something isn't working label Nov 9, 2020
@ghost
Copy link

ghost commented Apr 27, 2021
edited by ghost

Might be not the right issues here? I have problems with ansible. Might be a similar problem to the other issues.

Unlink /usr/local/bin/ssh works but if I'm using firejail then I can't use Ansible. The Gathering Facts already can't reach the hosts:
{"changed": false, "msg": "Failed to connect to the host via ssh: ", "unreachable": true}.

But I can connect just fine with ssh.

Edit:
It fits better with this issue #1518

@rusty-snake rusty-snake mentioned this issue Aug 4, 2021
Open
@ndorf
Copy link

ndorf commented Sep 21, 2021

To daemonize, a process must sever its relationship with its parent (e.g, the shell). This is done by forking and exiting; the new, orphaned process is usually assigned PID 1 (init) as a parent.

Under firejail, it seems that orphaned processes are instead inherited by the same firejail process that spawned their parents, so it's not possible to "fork away" from your parent -- you'll just inherit the same one again.

Could this possibly be solved by having a second firejail process, that itself is daemonized (detached from both its original parent process and the tty), and inherits orphaned processes instead of the main one?

@itoffshore
Copy link

I came across this issue with ansible - I did notice that connections to localhost worked & it was only remote ssh connections that failed.

Mentioning here in case helpful as the other issue is closed.

@rusty-snake rusty-snake mentioned this issue Jan 19, 2022
Merged
@glitsj16 glitsj16 mentioned this issue Feb 7, 2023
Open
@kmk3 kmk3 mentioned this issue Apr 5, 2023
Open
@kmk3
Copy link
Collaborator

kmk3 commented Apr 6, 2023

See the following thread for a potential workaround:

@glitsj16 glitsj16 mentioned this issue Oct 2, 2023
Closed
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@glitsj16 @itoffshore @ndorf @kmk3 @rusty-snake @NetSysFire