Mount point /proc/xen in appVM prevents flatpak packages from starting (Issue #2540 impact wider than reported)
62 views
Skip to first unread message
Alex
Feb 10, 2017, 6:23:11 AM2/10/17
to qubes-users
Hi all,
I've been trying to use MonoDevelop 6, now distributed as a flatpak
package instead of the usual RPM (fedora 25).
I've had some problems in trying to run it, mainly because of an obscure
error message "Can't mount proc on /newroot/proc: Operation not permitted".
Further debugging had me starting flatpak with "-v" (verbose) option,
where I discovered that flatpak is just a wrapper around bubblewrap (no
pun intended).
Investigating bubblewrap led me to
https://github.com/projectatomic/bubblewrap/issues/134 where a Qubes
user laments a non-working sandboxed tor browser.
There Marek casually mentions /proc/xen being the cause of this
situation, and actually unmounting it allows MonoDevelop to start.
Since this issue is already tracked for TOR browser here
https://github.com/QubesOS/qubes-issues/issues/2540 I'm not suggesting
to open another issue; instead, I commented on the issue reporting that
the impact is wider than TOR browser and I'm writing to the mailing list
to let other puzzled flatpak-distributed-software-users know.
--
Alex
I've been trying to use MonoDevelop 6, now distributed as a flatpak
package instead of the usual RPM (fedora 25).
I've had some problems in trying to run it, mainly because of an obscure
error message "Can't mount proc on /newroot/proc: Operation not permitted".
Further debugging had me starting flatpak with "-v" (verbose) option,
where I discovered that flatpak is just a wrapper around bubblewrap (no
pun intended).
Investigating bubblewrap led me to
https://github.com/projectatomic/bubblewrap/issues/134 where a Qubes
user laments a non-working sandboxed tor browser.
There Marek casually mentions /proc/xen being the cause of this
situation, and actually unmounting it allows MonoDevelop to start.
Since this issue is already tracked for TOR browser here
https://github.com/QubesOS/qubes-issues/issues/2540 I'm not suggesting
to open another issue; instead, I commented on the issue reporting that
the impact is wider than TOR browser and I'm writing to the mailing list
to let other puzzled flatpak-distributed-software-users know.
--
Alex
Andrew David Wong
Feb 11, 2017, 2:07:54 AM2/11/17
to Alex, qubes-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Thanks, Alex! :)
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJYnrgwAAoJENtN07w5UDAwfV0QAJ1SQy/xvFRw5NoBsRRJLCKd
E6vrFrFLkj6mdhvDlEumFU6NwN4ol2l9avQchSCRuzaU7an6gpMn6/Z8z664bbU4
1kLTCEpzinbZzEegV+c66V+sSm42H/xPacrE7hn5vBlUTnAcYlZaf1bKQN8TKyPz
NO42EFJ/W9CfEKrIJDi3/B4CbMnGiXG3EcWaOGJZr/vK9SmgUWrRC21s1MRLhA6L
XeBrehVk53ZSPJrj+7zmphrgHuBJ8RniWWOdRicoTAlzr4Y/eReXNAIzBr/nz0DH
JmxQdE6BFv/inAAfmqMTzur8OXrd8he+K+FZ7O1SxYpHMqjPrSQbsuE47lxwY9nM
N1NSehoajQ6WIXcbvpXc4nDRc7nkUFpaEh/Xe5PuXqc3QDyDDTpSQ0e98hOYWdqr
C4s+nw8GRyx8XBHJgDC+tT6MsOALJPWxJxEXdgNmq4yAX6L3DhhDsvgNuPB6ta4v
1PNKPd0PklHds3dRQG1RbAFxsIe+c+XfrDTc8ptEomIhzIH/w+bAJ5glV0Z3NDnn
K3GCJkC7PCjXIlcOw/3ENgnNh7f8qUbyaRU1FwQ1OraeJRxHhX1BM+vkt9BxEkFc
f+8JQQ7zEGlkJo1bubq8+/d6HW27QATX6y8H50ws9AYjt34vEslSzm+M5SpACfIr
QjkaNHGPh2zIQh8gXiwD
=Dm1U
-----END PGP SIGNATURE-----
Hash: SHA512
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJYnrgwAAoJENtN07w5UDAwfV0QAJ1SQy/xvFRw5NoBsRRJLCKd
E6vrFrFLkj6mdhvDlEumFU6NwN4ol2l9avQchSCRuzaU7an6gpMn6/Z8z664bbU4
1kLTCEpzinbZzEegV+c66V+sSm42H/xPacrE7hn5vBlUTnAcYlZaf1bKQN8TKyPz
NO42EFJ/W9CfEKrIJDi3/B4CbMnGiXG3EcWaOGJZr/vK9SmgUWrRC21s1MRLhA6L
XeBrehVk53ZSPJrj+7zmphrgHuBJ8RniWWOdRicoTAlzr4Y/eReXNAIzBr/nz0DH
JmxQdE6BFv/inAAfmqMTzur8OXrd8he+K+FZ7O1SxYpHMqjPrSQbsuE47lxwY9nM
N1NSehoajQ6WIXcbvpXc4nDRc7nkUFpaEh/Xe5PuXqc3QDyDDTpSQ0e98hOYWdqr
C4s+nw8GRyx8XBHJgDC+tT6MsOALJPWxJxEXdgNmq4yAX6L3DhhDsvgNuPB6ta4v
1PNKPd0PklHds3dRQG1RbAFxsIe+c+XfrDTc8ptEomIhzIH/w+bAJ5glV0Z3NDnn
K3GCJkC7PCjXIlcOw/3ENgnNh7f8qUbyaRU1FwQ1OraeJRxHhX1BM+vkt9BxEkFc
f+8JQQ7zEGlkJo1bubq8+/d6HW27QATX6y8H50ws9AYjt34vEslSzm+M5SpACfIr
QjkaNHGPh2zIQh8gXiwD
=Dm1U
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages