diff options
author | powerjungle <fabsidereal@gmail.com> | 2024-02-19 18:04:14 +0100 |
---|---|---|
committer | powerjungle <fabsidereal@gmail.com> | 2024-02-19 18:21:11 +0100 |
commit | 1a2e8ab852dce3dcfa3ad39dc009613ce6ffe53f (patch) | |
tree | 68d0040289099a0b875b98daaf6edf257a4e193b | |
parent | build(deps): bump github/codeql-action from 3.24.0 to 3.24.3 (diff) | |
download | firejail-1a2e8ab852dce3dcfa3ad39dc009613ce6ffe53f.tar.gz firejail-1a2e8ab852dce3dcfa3ad39dc009613ce6ffe53f.tar.zst firejail-1a2e8ab852dce3dcfa3ad39dc009613ce6ffe53f.zip |
multimc: instances not running, because of missing permissions
When starting an instance, in the logs, a failed attempt to load the lwjgl
library is shown and the game doesn't run.
The library is in the /tmp directory. The reason for this appears to
be, in the lwjgl source code, the shared library loading function,
extracts in the temporary directory and continues from there.
This is fixed by whitelisting.
The reason for adding "ignore noexec /tmp" as well, is that without it, the game
can't run, even if the directory is whitelisted. It seems the library needs
to be loaded from /tmp.
A second error for a failed attempt to access /home/user/.cache/JNA is also
shown in the logs. This is also fixed by whitelisting.
-rw-r--r-- | etc/profile-m-z/multimc5.profile | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/etc/profile-m-z/multimc5.profile b/etc/profile-m-z/multimc5.profile index 41f82bd07..734d9c11f 100644 --- a/etc/profile-m-z/multimc5.profile +++ b/etc/profile-m-z/multimc5.profile | |||
@@ -8,11 +8,16 @@ include globals.local | |||
8 | noblacklist ${HOME}/.local/share/multimc | 8 | noblacklist ${HOME}/.local/share/multimc |
9 | noblacklist ${HOME}/.local/share/multimc5 | 9 | noblacklist ${HOME}/.local/share/multimc5 |
10 | noblacklist ${HOME}/.multimc5 | 10 | noblacklist ${HOME}/.multimc5 |
11 | noblacklist ${HOME}/.cache/JNA | ||
12 | noblacklist /tmp/lwjgl_* | ||
11 | 13 | ||
12 | # Ignore noexec on ${HOME} as MultiMC installs LWJGL native | 14 | # Ignore noexec on ${HOME} as MultiMC installs LWJGL native |
13 | # libraries in ${HOME}/.local/share/multimc | 15 | # libraries in ${HOME}/.local/share/multimc |
14 | ignore noexec ${HOME} | 16 | ignore noexec ${HOME} |
15 | 17 | ||
18 | # Ignore noexec on /tmp as LWJGL extracts libraries to /tmp | ||
19 | ignore noexec /tmp | ||
20 | |||
16 | # Allow java (blacklisted by disable-devel.inc) | 21 | # Allow java (blacklisted by disable-devel.inc) |
17 | include allow-java.inc | 22 | include allow-java.inc |
18 | 23 | ||
@@ -25,9 +30,12 @@ include disable-programs.inc | |||
25 | mkdir ${HOME}/.local/share/multimc | 30 | mkdir ${HOME}/.local/share/multimc |
26 | mkdir ${HOME}/.local/share/multimc5 | 31 | mkdir ${HOME}/.local/share/multimc5 |
27 | mkdir ${HOME}/.multimc5 | 32 | mkdir ${HOME}/.multimc5 |
33 | mkdir ${HOME}/.cache/JNA | ||
28 | whitelist ${HOME}/.local/share/multimc | 34 | whitelist ${HOME}/.local/share/multimc |
29 | whitelist ${HOME}/.local/share/multimc5 | 35 | whitelist ${HOME}/.local/share/multimc5 |
30 | whitelist ${HOME}/.multimc5 | 36 | whitelist ${HOME}/.multimc5 |
37 | whitelist ${HOME}/.cache/JNA | ||
38 | whitelist /tmp/lwjgl_* | ||
31 | include whitelist-common.inc | 39 | include whitelist-common.inc |
32 | 40 | ||
33 | caps.drop all | 41 | caps.drop all |
@@ -49,4 +57,7 @@ disable-mnt | |||
49 | private-dev | 57 | private-dev |
50 | private-tmp | 58 | private-tmp |
51 | 59 | ||
60 | dbus-user none | ||
61 | dbus-system none | ||
62 | |||
52 | #restrict-namespaces | 63 | #restrict-namespaces |