Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Firefox 83 Issues with crashing tabs on PRoot #139

Open
ghost opened this issue Dec 8, 2020 · 23 comments
Open

Firefox 83 Issues with crashing tabs on PRoot #139

ghost opened this issue Dec 8, 2020 · 23 comments

Comments

@ghost
Copy link

ghost commented Dec 8, 2020
edited by ghost

Hello, recently i installed the latest version Firefox and it seems there's a bug with it,

Webpages keeps crashing at this point:
Screenshot_2020-12-07-18-01-18-78_00dcaf2fcbe692c602a0957f19a66664.jpg

Tried with/without sysvipc enabled but this error still persists

I don't know if this is proot-related bug or not

With the ESR Version, it works fine without any issues

Tested on Ubuntu and Arch Linux
@ghost
Copy link

ghost commented Dec 8, 2020

Start firefox from terminal and see if some errors were printed.

@ghost
Copy link
Author

ghost commented Dec 8, 2020
edited by ghost

@xeffyr It seems it reports about fonts:
https://pastebin.com/8Ltf6rq5

However I'm still investigating it (Pango, ttf-dejavu, xfonts-base) are installed and idk why this happens (haven't straced it for further output)

On ESR Version, no Output is printed and Webpages loads fine

@ghost
Copy link

ghost commented Dec 8, 2020

ttf-dejavu

Try different font. Here is what I have on my desktop (not proot):

fonts-beng
fonts-beng-extra
fonts-crosextra-caladea
fonts-crosextra-carlito
fonts-dejavu
fonts-dejavu-core
fonts-dejavu-extra
fonts-deva
fonts-deva-extra
fonts-droid-fallback
fonts-freefont-ttf
fonts-gargi
fonts-gubbi
fonts-gujr
fonts-gujr-extra
fonts-guru
fonts-guru-extra
fonts-indic
fonts-kacst
fonts-kacst-one
fonts-kalapi
fonts-khmeros-core
fonts-knda
fonts-lao
fonts-liberation
fonts-liberation2
fonts-linuxlibertine
fonts-lklug-sinhala
fonts-lohit-beng-assamese
fonts-lohit-beng-bengali
fonts-lohit-deva
fonts-lohit-gujr
fonts-lohit-guru
fonts-lohit-knda
fonts-lohit-mlym
fonts-lohit-orya
fonts-lohit-taml
fonts-lohit-taml-classical
fonts-lohit-telu
fonts-mlym
fonts-nakula
fonts-navilu
fonts-noto-cjk
fonts-noto-color-emoji
fonts-noto-core
fonts-noto-extra
fonts-noto-mono
fonts-noto-ui-core
fonts-open-sans
fonts-opensymbol
fonts-orya
fonts-orya-extra
fonts-pagul
fonts-sahadeva
fonts-samyak-deva
fonts-samyak-gujr
fonts-samyak-mlym
fonts-samyak-taml
fonts-sarai
fonts-sil-abyssinica
fonts-sil-gentium
fonts-sil-gentium-basic
fonts-sil-padauk
fonts-smc
fonts-smc-anjalioldlipi
fonts-smc-chilanka
fonts-smc-dyuthi
fonts-smc-gayathri
fonts-smc-karumbi
fonts-smc-keraleeyam
fonts-smc-manjari
fonts-smc-meera
fonts-smc-rachana
fonts-smc-raghumalayalamsans
fonts-smc-suruma
fonts-smc-uroob
fonts-taml
fonts-telu
fonts-telu-extra
fonts-thai-tlwg
fonts-tibetan-machine
fonts-tlwg-garuda
fonts-tlwg-garuda-ttf
fonts-tlwg-kinnari
fonts-tlwg-kinnari-ttf
fonts-tlwg-laksaman
fonts-tlwg-laksaman-ttf
fonts-tlwg-loma
fonts-tlwg-loma-ttf
fonts-tlwg-mono
fonts-tlwg-mono-ttf
fonts-tlwg-norasi
fonts-tlwg-norasi-ttf
fonts-tlwg-purisa
fonts-tlwg-purisa-ttf
fonts-tlwg-sawasdee
fonts-tlwg-sawasdee-ttf
fonts-tlwg-typewriter
fonts-tlwg-typewriter-ttf
fonts-tlwg-typist
fonts-tlwg-typist-ttf
fonts-tlwg-typo
fonts-tlwg-typo-ttf
fonts-tlwg-umpush
fonts-tlwg-umpush-ttf
fonts-tlwg-waree
fonts-tlwg-waree-ttf
fonts-ubuntu
fonts-urw-base35
fonts-yrsa-rasa

@ghost
Copy link
Author

ghost commented Dec 8, 2020
edited by ghost

Ok i found a new output:

###!!! [Parent][RunMessage] Error: Channel error: cannot send/recv


###!!! [Parent][RunMessage] Error: Channel error: cannot send/recv


###!!! [Parent][MessageChannel] Error: (msgtype=0x5C0015,name=PHttpChannel::Msg_DeleteSelf) Channel error: cannot send/recv


###!!! [Parent][MessageChannel] Error: (msgtype=0x5C0015,name=PHttpChannel::Msg_DeleteSelf) Channel error: cannot send/recv


###!!! [Parent][MessageChannel] Error: (msgtype=0x5C0015,name=PHttpChannel::Msg_DeleteSelf) Channel error: cannot send/recv


###!!! [Parent][MessageChannel] Error: (msgtype=0x5C0015,name=PHttpChannel::Msg_DeleteSelf) Channel error: cannot send/recv

###!!! [Parent][MessageChannel] Error: (msgtype=0x230076,name=PBrowser::Msg_ChildToParentMatrix) Channel error: cannot send/recv

It also shows about channel error cannot send/recv

But i don't think fonts could cause this kind of problem to render such sites but I'll try it again by installing fonts

@ghost
Copy link

ghost commented Dec 8, 2020

This is something IPC-related.

@lypanov
Copy link

lypanov commented Dec 16, 2020

This was also reported to Firefox directly at https://bugzilla.mozilla.org/show_bug.cgi?id=1681502.

IMHO if it's hitting Firefox running in Alpine / headless it's most likely not a proot specific issue.

@ghost
Copy link
Author

ghost commented Dec 17, 2020
edited by ghost

@lypanov Thanks for the information, until firefox updated and Everything goes back to normal, will close this issue

@ghost
Copy link
Author

ghost commented Dec 19, 2020

Firefox 84 is released btw, i haven't tested it on Ubuntu proot, if it works this time. i should close this issue

@ghost
Copy link
Author

ghost commented Dec 19, 2020

Still no luck with Firefox 84, it still crashes

@michalbednarski
Copy link
Collaborator

Keep issue open, I'm looking into this but since Firefox is large program it might take me some time.

@2moe 2moe mentioned this issue Dec 20, 2020
Closed
@michalbednarski
Copy link
Collaborator

For now Firefox can be used with MOZ_FAKE_NO_SANDBOX=1 env variable set, although I'm still looking for PRoot implementation which will nicely support sandbox.

Firefox (and possibly also Chromium as parts of sandboxing are taken from Chromium) installs own seccomp filter with SECCOMP_RET_TRAP for actions for which it wants to run own syscall handler and registers SIGSYS signal handler which asks unsandboxed process to perform operation.

PRoot on the other hand when sees SIGSYS it considers that to be due to Android enforced policy restricting access to syscalls unused by bionic and performs redirections such as open(2) -> openat(2) and for syscalls for which it doesn't have special redirection it'll make syscall return -ENOSYS without triggering signal. That is what is needed for most cases but in case of Firefox/Chromium sandbox this prevents brokered syscalls from being usable at all.

I think I'll add additional logic which upon detection of browser sandbox will disable most proot SIGSYS interceptors, but I don't yet have fully working implementation.

@ghost
Copy link
Author

ghost commented Dec 21, 2020

Using that environment variable makes firefox work again:

Screenshot_2020-12-21-09-29-56-91.jpg

@2moe
Copy link

2moe commented Dec 21, 2020

For now Firefox can be used with MOZ_FAKE_NO_SANDBOX=1 env variable set, although I'm still looking for PRoot implementation which will nicely support sandbox.

Thank you very much.

@ZhymabekRoman
Copy link

ZhymabekRoman commented Dec 29, 2020
edited

For now Firefox can be used with MOZ_FAKE_NO_SANDBOX=1 env variable set, although I'm still looking for PRoot implementation which will nicely support sandbox.

Thanks, your method perfectly works.

I want will offer the another solution of this problem.

  1. Install Firefox (not important what edition)
  2. Open Firefox and enter the address "about:config"
  3. Accept a warning of safety
  4. In a search box enter "sandbox"
  5. Near the line "media.cubeb.sandbox" press the toggle button that its value became "false", and near the line "security.sandbox.content.level" it is necessary to appropriate value "0"
  6. Close and reopen Firefox

My way kills two "hares" - fixes the problem with tabs as well as the problem with sound in Firefox

Screenshot_20201229_140855.jpg

@ghost
Copy link
Author

ghost commented Dec 29, 2020
edited by ghost

Thanks, that fixed the sound problem as well

Although I haven't tested this one if this fixes the sound as well if disabling Gecko Sandboxing:
export MOZ_DISABLE_GMP_SANDBOX=1

@ghost ghost mentioned this issue Jan 7, 2021
Open
michalbednarski added a commit that referenced this issue Jan 10, 2021
@michalbednarski
Support for Firefox sandbox
7bf5cfe 
- Pass through seccomp SIGSYS if si_code!=0
  (Android seccomp policy always uses SECCOMP_RET_TRAP
  without specyfing si_code value,
  while Firefox fills SECCOMP_RET_DATA with hook number)
- Prevent tracee from blocking SIGSYS
  (When trap is triggered but SIGSYS is blocked Linux kernel unregisters
  signal handler and unblocks it in order to kill process.
  That signal is suppressed by proot (as ptracer), however signal
  handler is unregistered in that case nevertheless)

#139
@michalbednarski
Copy link
Collaborator

I've pushed experimental support onto firefoxsandbox branch, so far only tested on AArch64 (on x86_64 there is additional problem that SYSCALL_AVOIDER kills process according to Firefox seccomp policy)

For now this is on branch for further testing, although probably it'll be better to use that instead of users/distros disabling sandboxing)

@ghost ghost mentioned this issue Jun 6, 2021
Open
@arcans arcans mentioned this issue Jul 13, 2021
Closed
@Dawimpy
Copy link

Dawimpy commented Aug 18, 2021

if still occur, just change to chromium.
HOWTO:https://github.com/ayitsleo/terminaltricks/blob/master/apt-pinning-chromium/README.md

@Pedro1234-code
Copy link

Install Firefox ESR

@Yonle
Copy link

Yonle commented Aug 28, 2021

Now when using firefox without sandbox enabled, The whole proot environment freezes except the host.

@krmanik krmanik mentioned this issue Sep 13, 2021
Closed
@ghost
Copy link

ghost commented Sep 16, 2021

Solution:

  • Enter about:config in address bar
  • Click “Accept the risk and continue”
  • Click “Show all”
  • Search for sandbox
  • Change first two values to false, and change security.sandbox.content.level to 1, exactly as in this picture:

Restart firefox

@ZhymabekRoman
Copy link

Solution:

  • Enter about:config in address bar
  • Click “Accept the risk and continue”
  • Click “Show all”
  • Search for sandbox
  • Change first two values to false, and change security.sandbox.content.level to 1, exactly as in this picture:

Restart firefox

What is the difference from my method? #139 (comment)

@ghost
Copy link

ghost commented Sep 17, 2021

Solution:

  • Enter about:config in address bar
  • Click “Accept the risk and continue”
  • Click “Show all”
  • Search for sandbox
  • Change first two values to false, and change security.sandbox.content.level to 1, exactly as in this picture:

Restart firefox

What is the difference from my method? #139 (comment)

Both

@ayubmetah
Copy link

Here are the steps I picked up from the trailing comments @ghost that resolved a similar issue;

Enter about:config in address bar
Click “Accept the risk and continue”
Click “Show all”
Search for sandbox
Change the following values to false,

"dom.block_download_in_sandboxed_iframes"

"media.cubeb.sandbox"

"media.cubeb.sandbox"

Finally, change numerical values for "security.sandbox.content.level" to 1 and "security.sandbox.socket.process.level" to 0.

Close and reopen Firefox.

@Li70 Li70 mentioned this issue Mar 20, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@lypanov @michalbednarski @ayubmetah @2moe @ZhymabekRoman @Yonle @Pedro1234-code @Dawimpy