firejail and firetools for Bionicpup64 and other PUPPIES
Posted: Tue 16 Jun 2020, 00:08
Anyone have any ideas how to get these applications to run under Bionicpup64 and other Puppies.
There have been discussions about firejail on the Forum. labbe5 has posted about it a couple of times. There are reports of it working fine under the debiandogs. I think I read of it working under FatDog64; and Puli's repo provides a Ubuntu deb. But, 'though woofed, FatDog isn't exactly a Puppy; and Puli is a highly modified one. Looking for a post about how to get it running or configure it under a Puppy, I can't find any.
Both firejail and firetools are easy to install via Bionicpup64's PPM. But those versions are now deprecated. They're almost as easy to install using the debs which following links from this website https://firejail.wordpress.com/download-2/ will locate. Either way, ldd reports no missing dependencies.
The only modifications I made to installing the debs was to edit the /usr/share/XXX.desktop files to spell out that their associated icons were pngs in /usr/share/pixmaps and that they should appear on the System Submenu. Neither change should have had any effect on the actual running of these applications.
Two menu items were created. Attempting to start it via the menu, Firetools complained "Cannot run firejail sandbox. You may not have permissions to access this program." That message persists even after firetools was configured to run as spot. Started via the terminal, the terminal reports: QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-spot'
I'm don't know how to configure firetools to run without a sandbox; and especially don't think if that could be done it wouldn't cripple the very reason for using firejail.
Starting the other menu listing "firejail configuration wizard", a nice GUI appears. But after making a selection, nothing appears to happen. So I figured maybe it configured the system so that a designated application would be run 'in a firejail'. I first tried with Web-browsers as that category is actually the only one I'd want to run in a firejail. To do so I had to use the GUI's file-browser utility. Then, opening a terminal and typing without the quotes and using the binary or wrapper's name to call the binary --i.e. "firejail NAME"-- in all instances the terminal reported:
"root# firejail
Error: cannot read UID_MIN and/or GID_MIN from /etc/login.defs, using 1000 by default
Error: cannot find the program in the path".
Well, my web-browsers are portables run from /mnt/home and Google-Chrome.sfs which locates it files in /home. So even though I have no interest in running them in a firejail, I figured the best way to see if something without those complications could be run in a firejail, I used the GUI to select mtpaint (a builtin) and xfe, an installed application, both of which had listing in the GUI's Right-panel. When those applications were selected, the GUI reported below the main panels that their binaries were in /usr/bin. Still nothing happened after "continue" was selected. And trying to start either via a terminal produced the above noted Error.
Any idea? Any interest in providing Puppy with a security device available in all other Linuxes?
There have been discussions about firejail on the Forum. labbe5 has posted about it a couple of times. There are reports of it working fine under the debiandogs. I think I read of it working under FatDog64; and Puli's repo provides a Ubuntu deb. But, 'though woofed, FatDog isn't exactly a Puppy; and Puli is a highly modified one. Looking for a post about how to get it running or configure it under a Puppy, I can't find any.
Both firejail and firetools are easy to install via Bionicpup64's PPM. But those versions are now deprecated. They're almost as easy to install using the debs which following links from this website https://firejail.wordpress.com/download-2/ will locate. Either way, ldd reports no missing dependencies.
The only modifications I made to installing the debs was to edit the /usr/share/XXX.desktop files to spell out that their associated icons were pngs in /usr/share/pixmaps and that they should appear on the System Submenu. Neither change should have had any effect on the actual running of these applications.
Two menu items were created. Attempting to start it via the menu, Firetools complained "Cannot run firejail sandbox. You may not have permissions to access this program." That message persists even after firetools was configured to run as spot. Started via the terminal, the terminal reports: QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-spot'
I'm don't know how to configure firetools to run without a sandbox; and especially don't think if that could be done it wouldn't cripple the very reason for using firejail.
Starting the other menu listing "firejail configuration wizard", a nice GUI appears. But after making a selection, nothing appears to happen. So I figured maybe it configured the system so that a designated application would be run 'in a firejail'. I first tried with Web-browsers as that category is actually the only one I'd want to run in a firejail. To do so I had to use the GUI's file-browser utility. Then, opening a terminal and typing without the quotes and using the binary or wrapper's name to call the binary --i.e. "firejail NAME"-- in all instances the terminal reported:
"root# firejail
Error: cannot read UID_MIN and/or GID_MIN from /etc/login.defs, using 1000 by default
Error: cannot find the program in the path".
Well, my web-browsers are portables run from /mnt/home and Google-Chrome.sfs which locates it files in /home. So even though I have no interest in running them in a firejail, I figured the best way to see if something without those complications could be run in a firejail, I used the GUI to select mtpaint (a builtin) and xfe, an installed application, both of which had listing in the GUI's Right-panel. When those applications were selected, the GUI reported below the main panels that their binaries were in /usr/bin. Still nothing happened after "continue" was selected. And trying to start either via a terminal produced the above noted Error.
Any idea? Any interest in providing Puppy with a security device available in all other Linuxes?