Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"firejail playonlinux" starts GUI but not installed programme #3800

Closed
Rosika2 opened this issue Dec 9, 2020 · 4 comments
Closed

"firejail playonlinux" starts GUI but not installed programme #3800

Rosika2 opened this issue Dec 9, 2020 · 4 comments

Comments

@Rosika2
Copy link

Rosika2 commented Dec 9, 2020

Environment

  • Linux distribution and version: Lubuntu 18.04.5 KTS, 64 bit
  • Firejail version 0.9.64

Hi altogether,

I installed the programme "notepad++" in wine using playonlinux.
The installation went well. Issuing the command "firejail playonlinux" produced the playonlinux GUI alright and I could see the entry "Notepad++" with its icon.
Yet trying to execute the programme failed.
I looked up the error-logs which I post here: https://gist.github.com/Rosika2/bfcd72ad53485d44fdb18b85d9b7d27c

(they´re probably a bit too long for posting them here):

Running "firejail --noprofile playonlinux" works alright but won´t give me much of a protection, I guess.

What might be done about it?

Thanks a lot in advance.

Many greetings.
Rosika
@rusty-snake
Copy link
Collaborator 

...
wine: chdir to /tmp/.wine-1000/server-812-1a0037 : Permission denied
...
wine: chdir to /tmp/.wine-1000/server-812-1a0037 : Permission denied
...

$ fjp diff playonlinux.profile wine.profile
The following commands are unique to playonlinux.profile:
include playonlinux.local
noblacklist ${HOME}/.PlayOnLinux
noblacklist ${PATH}/nc
include allow-python2.inc
include allow-python3.inc
include allow-perl.inc

The following commands are unique to wine.profile:
include wine.local
noblacklist ${HOME}/.cache/winetricks
noblacklist ${HOME}/.wine
noblacklist /tmp/.wine-*                  <-------------------------
include disable-passwdmgr.inc
include whitelist-var-common.inc
allow-debuggers
private-dev

So try firejail '--noblacklist=/tmp/.wine-*' playonlinux.

@Rosika2
Copy link
Author

Rosika2 commented Dec 10, 2020

Hello @rusty-snake,

thank you so much for your help.
Indeed firejail '--noblacklist=/tmp/.wine-*' playonlinux works as desired. Thhe installed programme (notepad++) can be accessed now. Great!

One additional question, if I may ask just another one.

You helped with the issue of "running wine in firejail (--private option)" (#3793 ) a few days ago. Thanks again for that.

Now I´d like to accomplish the same with playonlinux. So basically what I want to achieve is running playonlinux within firejail using the "--private=DEFINED_WORK_DIRECTORY" option.

The path for playonlinux is:
/home/rosika/.PlayOnLinux/
I´m not quite sure whether the procedure you instructed me to follow for wine would be applicable to the playonlinux scenario as well. I´m bit at a loss here.

Thanks again for your help.

Many greetings.
Rosika

@rusty-snake
Copy link
Collaborator

Now I´d like to accomplish the same with playonlinux. So basically what I want to achieve is running playonlinux within firejail using the "--private=DEFINED_WORK_DIRECTORY" option.

The path for playonlinux is:
/home/rosika/.PlayOnLinux/
I´m not quite sure whether the procedure you instructed me to follow for wine would be applicable to the playonlinux scenario as well. I´m bit at a loss here.

Just try it 😉 if it does not work, you can revert it. It should work for the most programs if you move the files/dirs with a noblacklist command in the profile. There are a few exceptions like (1) if you don't use steam you don't need to move it or (2) if there's a nobacklist ${HOME}/.gnupg moving it will break other programs.

Indeed firejail '--noblacklist=/tmp/.wine-*' playonlinux works as desired.

I'll add it to playonlinux. General question to all: There are more differences between wine.profile and playonlinx.profile (se my post above). Since playonlinux is just a GUI wrapper for wine, wouldn't it makes sense to make it a redirect profile to wine and only add POLs own paths/command?

@Rosika2
Copy link
Author

Rosika2 commented Dec 11, 2020
edited
Loading

@rusty-snake:

Hello again and thank you so much for your help.

Just try it if it does not work, you can revert it

O.K. My system consists if 3 partitions: root-, home- and a data-partition. Until now I´ve just done a few experiments with wine and playonlinux all of which were performed within the home-partition.

As of now I want to use my data-partition for playonlinux. So I did the following:

cd /media/rosika/f14a27c2-0b49-4607-94ea-2e56bbf76fe1/DATEN-PARTITION/
mkdir PLAYONLINUX
firejail '--noblacklist=/tmp/.wine-*' --private=media/rosika/f14a27c2-0b49-4607-94ea-2e56bbf76fe1/DATEN-PARTITION/PLAYONLINUX playonlinux

That worked well.
Playonlinux created everything it needed anew. I installed a certain wine-version there. Upon creating "drive_c" the programme also downloaded and installed "Mono" and "Gecko".
Afterwards I could install "Notepad++". So I can run it the sandboxed way I like. Wonderful.

Since playonlinux is just a GUI wrapper for wine, wouldn't it makes sense to make it a redirect profile to wine and only add POLs own paths/command?

In my modest opinion I think that´s a good suggestion.

Thanks a lot again for your help.

Stay safe and many greetings.
Rosika

@Rosika2 Rosika2 closed this as completed Dec 11, 2020
@rusty-snake rusty-snake mentioned this issue Dec 11, 2020
Merged
@Rosika2 Rosika2 mentioned this issue Dec 14, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Rosika2 @rusty-snake