From 1a2e8ab852dce3dcfa3ad39dc009613ce6ffe53f Mon Sep 17 00:00:00 2001 From: powerjungle Date: Mon, 19 Feb 2024 18:04:14 +0100 Subject: multimc: instances not running, because of missing permissions When starting an instance, in the logs, a failed attempt to load the lwjgl library is shown and the game doesn't run. The library is in the /tmp directory. The reason for this appears to be, in the lwjgl source code, the shared library loading function, extracts in the temporary directory and continues from there. This is fixed by whitelisting. The reason for adding "ignore noexec /tmp" as well, is that without it, the game can't run, even if the directory is whitelisted. It seems the library needs to be loaded from /tmp. A second error for a failed attempt to access /home/user/.cache/JNA is also shown in the logs. This is also fixed by whitelisting. --- etc/profile-m-z/multimc5.profile | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'etc/profile-m-z') diff --git a/etc/profile-m-z/multimc5.profile b/etc/profile-m-z/multimc5.profile index 41f82bd07..734d9c11f 100644 --- a/etc/profile-m-z/multimc5.profile +++ b/etc/profile-m-z/multimc5.profile @@ -8,11 +8,16 @@ include globals.local noblacklist ${HOME}/.local/share/multimc noblacklist ${HOME}/.local/share/multimc5 noblacklist ${HOME}/.multimc5 +noblacklist ${HOME}/.cache/JNA +noblacklist /tmp/lwjgl_* # Ignore noexec on ${HOME} as MultiMC installs LWJGL native # libraries in ${HOME}/.local/share/multimc ignore noexec ${HOME} +# Ignore noexec on /tmp as LWJGL extracts libraries to /tmp +ignore noexec /tmp + # Allow java (blacklisted by disable-devel.inc) include allow-java.inc @@ -25,9 +30,12 @@ include disable-programs.inc mkdir ${HOME}/.local/share/multimc mkdir ${HOME}/.local/share/multimc5 mkdir ${HOME}/.multimc5 +mkdir ${HOME}/.cache/JNA whitelist ${HOME}/.local/share/multimc whitelist ${HOME}/.local/share/multimc5 whitelist ${HOME}/.multimc5 +whitelist ${HOME}/.cache/JNA +whitelist /tmp/lwjgl_* include whitelist-common.inc caps.drop all @@ -49,4 +57,7 @@ disable-mnt private-dev private-tmp +dbus-user none +dbus-system none + #restrict-namespaces -- cgit v1.2.3-70-g09d2