Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chmod chrome-sandbox: operation not permitted #62

Open
northys opened this issue Dec 13, 2021 · 6 comments
Open

chmod chrome-sandbox: operation not permitted #62

northys opened this issue Dec 13, 2021 · 6 comments
Assignees
@ppacher
Labels
bug TYPE: a report on something that isn't working

Comments

@northys
Copy link

northys commented Dec 13, 2021
edited
Loading

What happened:

I just noticed a warning about chmod failing for chrome-sadnbox while digging into different issue. I'm not sure if it is a problem actually. It's happening since 14. November. All paths I got by grepping logs start with /opt/safing so I suppose that started after me switching from manuall installation to fedora package.

211213 14:23:19.211 s/upgrader:074 ▶ WARN 061 updates: failed to handle electron upgrade: chmod /opt/safing/portmaster/updates/linux_amd64/app/portmaster-app_v0-2-2/chrome-sandbox: operation not permitted

What did you expect to happen?:

How did you reproduce it?:

Debug Information:

Version 0.7.11 
Portmaster
version 0.7.11

commit tags/v0.7.11-0-ge0c2a846278b9e6256a75da50e44b29f52b8e5e9
built with go1.15.8 (gc) linux/amd64
  using options main.go
  by user@docker
  on 13.12.2021

Licensed under the AGPLv3 license.
The source code is available here: https://github.com/safing/portmaster
Platform: fedora 35 
System: fedora linux (fedora) 35
Kernel: 5.15.6-200.fc35.x86_64 x86_64
Status: Trusted 
ActiveSecurityLevel:   Trusted
SelectedSecurityLevel: Off
ThreatMitigationLevel: Trusted
CaptivePortal:         
OnlineStatus:          Online
Resolvers: 5/5 
Cloudflare
  dot://1.1.1.2:853#config
  Failing: false

Cloudflare
  dot://1.0.0.2:853#config
  Failing: false

1.1.1.1
  dns://1.1.1.1:53#system
  Failing: false

8.8.8.8
  dns://8.8.8.8:53#system
  Failing: false

8.8.4.4
  dns://8.8.4.4:53#system
  Failing: false
No Module Error
Unexpected Logs 
211213 14:23:19.211 s/upgrader:074 ▶ WARN 061 updates: failed to handle electron upgrade: chmod /opt/safing/portmaster/updates/linux_amd64/app/portmaster-app_v0-2-2/chrome-sandbox: operation not permitted
211213 14:23:42.468 CURRENT TIME
Goroutine Stack 
goroutine profile: total 85
12 @ 0x43a405 0x44a56f 0xb18365 0x46de21
#	0xb18364	github.com/xtaci/kcp-go/v5.(*TimedSched).sched+0x2c4	/home/user/go/pkg/mod/github.com/xtaci/kcp-go/[email protected]/timedsched.go:67

11 @ 0x43a405 0x44a56f 0x7f021f 0x7f0890 0x46de21
#	0x7f021e	github.com/safing/portbase/api.(*DatabaseAPI).processSub+0x21e	/home/user/git/safing/portbase/api/database.go:415
#	0x7f088f	github.com/safing/portbase/api.(*DatabaseAPI).handleQsub+0x12f	/home/user/git/safing/portbase/api/database.go:478

5 @ 0x43a405 0x4328db 0x4684b5 0x49cd85 0x49dc85 0x49dc63 0x5af62f 0x5be64e 0x6b616d 0x57a405 0x57b13d 0x57b374 0x64cccc 0x6b216a 0x6b2199 0x6b75fa 0x6bbca5 0x46de21
#	0x4684b4	internal/poll.runtime_pollWait+0x54		/usr/local/go/src/runtime/netpoll.go:222
#	0x49cd84	internal/poll.(*pollDesc).wait+0x44		/usr/local/go/src/internal/poll/fd_poll_runtime.go:87
#	0x49dc84	internal/poll.(*pollDesc).waitRead+0x1a4	/usr/local/go/src/internal/poll/fd_poll_runtime.go:92
#	0x49dc62	internal/poll.(*FD).Read+0x182			/usr/local/go/src/internal/poll/fd_unix.go:159
#	0x5af62e	net.(*netFD).Read+0x4e				/usr/local/go/src/net/fd_posix.go:55
#	0x5be64d	net.(*conn).Read+0x8d				/usr/local/go/src/net/net.go:182
#	0x6b616c	net/http.(*connReader).Read+0x1ac		/usr/local/go/src/net/http/server.go:798
#	0x57a404	bufio.(*Reader).fill+0x104			/usr/local/go/src/bufio/bufio.go:101
#	0x57b13c	bufio.(*Reader).ReadSlice+0x3c			/usr/local/go/src/bufio/bufio.go:360
#	0x57b373	bufio.(*Reader).ReadLine+0x33			/usr/local/go/src/bufio/bufio.go:389
#	0x64cccb	net/textproto.(*Reader).readLineSlice+0x6b	/usr/local/go/src/net/textproto/reader.go:58
#	0x6b2169	net/textproto.(*Reader).ReadLine+0xa9		/usr/local/go/src/net/textproto/reader.go:39
#	0x6b2198	net/http.readRequest+0xd8			/usr/local/go/src/net/http/request.go:1012
#	0x6b75f9	net/http.(*conn).readRequest+0x199		/usr/local/go/src/net/http/server.go:984
#	0x6bbca4	net/http.(*conn).serve+0x704			/usr/local/go/src/net/http/server.go:1851

4 @ 0x43a405 0x40676f 0x4063ab 0xb7e04c 0x46de21
#	0xb7e04b	github.com/florianl/go-nfqueue.(*Nfqueue).socketCallback.func2+0x4b	/home/user/go/pkg/mod/github.com/florianl/[email protected]/nfqueue_gteq_1.12.go:132

4 @ 0x43a405 0x4328db 0x4684b5 0x49cd85 0x49ff7c 0x49ff59 0x4a9245 0xb73567 0xb73032 0xb7740b 0xb75ccf 0xb75a25 0xb7593c 0xb7dbb0 0x46de21
#	0x4684b4	internal/poll.runtime_pollWait+0x54				/usr/local/go/src/runtime/netpoll.go:222
#	0x49cd84	internal/poll.(*pollDesc).wait+0x44				/usr/local/go/src/internal/poll/fd_poll_runtime.go:87
#	0x49ff7b	internal/poll.(*pollDesc).waitRead+0xfb				/usr/local/go/src/internal/poll/fd_poll_runtime.go:92
#	0x49ff58	internal/poll.(*FD).RawRead+0xd8				/usr/local/go/src/internal/poll/fd_unix.go:533
#	0x4a9244	os.(*rawConn).Read+0x64						/usr/local/go/src/os/rawconn.go:31
#	0xb73566	github.com/mdlayher/socket.(*Conn).read+0xe6			/home/user/go/pkg/mod/github.com/mdlayher/[email protected]/conn.go:441
#	0xb73031	github.com/mdlayher/socket.(*Conn).Recvmsg+0x191		/home/user/go/pkg/mod/github.com/mdlayher/[email protected]/conn.go:344
#	0xb7740a	github.com/mdlayher/netlink.(*conn).Receive+0xea		/home/user/go/pkg/mod/github.com/mdlayher/[email protected]/conn_linux.go:133
#	0xb75cce	github.com/mdlayher/netlink.(*Conn).receive+0x6e		/home/user/go/pkg/mod/github.com/mdlayher/[email protected]/conn.go:273
#	0xb75a24	github.com/mdlayher/netlink.(*Conn).lockedReceive+0x44		/home/user/go/pkg/mod/github.com/mdlayher/[email protected]/conn.go:232
#	0xb7593b	github.com/mdlayher/netlink.(*Conn).Receive+0x7b		/home/user/go/pkg/mod/github.com/mdlayher/[email protected]/conn.go:225
#	0xb7dbaf	github.com/florianl/go-nfqueue.(*Nfqueue).socketCallback+0x34f	/home/user/go/pkg/mod/github.com/florianl/[email protected]/nfqueue_gteq_1.12.go:142

4 @ 0x43a405 0x44a56f 0xb800cc 0x46de21
#	0xb800cb	github.com/safing/portmaster/firewall/interception/nfq.New.func1+0x22b	/home/user/git/safing/portmaster/firewall/interception/nfq/nfq.go:66

2 @ 0x43a405 0x4328db 0x4684b5 0x49cd85 0x49dc85 0x49dc63 0x5af62f 0x5be64e 0x57a405 0x57a56f 0x7baa45 0x7bcf1c 0x7bdfcf 0x7be78f 0x7edca5 0x7a14e2 0x7a0c39 0x7a3219 0x46de21
#	0x4684b4	internal/poll.runtime_pollWait+0x54					/usr/local/go/src/runtime/netpoll.go:222
#	0x49cd84	internal/poll.(*pollDesc).wait+0x44					/usr/local/go/src/internal/poll/fd_poll_runtime.go:87
#	0x49dc84	internal/poll.(*pollDesc).waitRead+0x1a4				/usr/local/go/src/internal/poll/fd_poll_runtime.go:92
#	0x49dc62	internal/poll.(*FD).Read+0x182						/usr/local/go/src/internal/poll/fd_unix.go:159
#	0x5af62e	net.(*netFD).Read+0x4e							/usr/local/go/src/net/fd_posix.go:55
#	0x5be64d	net.(*conn).Read+0x8d							/usr/local/go/src/net/net.go:182
#	0x57a404	bufio.(*Reader).fill+0x104						/usr/local/go/src/bufio/bufio.go:101
#	0x57a56e	bufio.(*Reader).Peek+0x4e						/usr/local/go/src/bufio/bufio.go:139
#	0x7baa44	github.com/gorilla/websocket.(*Conn).read+0x44				/home/user/go/pkg/mod/github.com/gorilla/[email protected]/conn.go:370
#	0x7bcf1b	github.com/gorilla/websocket.(*Conn).advanceFrame+0x5b			/home/user/go/pkg/mod/github.com/gorilla/[email protected]/conn.go:798
#	0x7bdfce	github.com/gorilla/websocket.(*Conn).NextReader+0x8e			/home/user/go/pkg/mod/github.com/gorilla/[email protected]/conn.go:980
#	0x7be78e	github.com/gorilla/websocket.(*Conn).ReadMessage+0x2e			/home/user/go/pkg/mod/github.com/gorilla/[email protected]/conn.go:1064
#	0x7edca4	github.com/safing/portbase/api.(*DatabaseAPI).handler+0x44		/home/user/git/safing/portbase/api/database.go:150
#	0x7a14e1	github.com/safing/portbase/modules.(*Module).runWorker+0xa1		/home/user/git/safing/portbase/modules/worker.go:119
#	0x7a0c38	github.com/safing/portbase/modules.(*Module).RunWorker+0x98		/home/user/git/safing/portbase/modules/worker.go:47
#	0x7a3218	github.com/safing/portbase/modules.(*Module).StartWorker.func1+0x58	/home/user/git/safing/portbase/modules/worker.go:27

2 @ 0x43a405 0x4328db 0x4684b5 0x49cd85 0x49e5a6 0x49e584 0x5af8f0 0x5cb691 0x5c961d 0x860f57 0x84c259 0x8495e5 0x84ae3a 0x849e31 0xb9cd1c 0x7a14e2 0x7a0f45 0x46de21
#	0x4684b4	internal/poll.runtime_pollWait+0x54					/usr/local/go/src/runtime/netpoll.go:222
#	0x49cd84	internal/poll.(*pollDesc).wait+0x44					/usr/local/go/src/internal/poll/fd_poll_runtime.go:87
#	0x49e5a5	internal/poll.(*pollDesc).waitRead+0x245				/usr/local/go/src/internal/poll/fd_poll_runtime.go:92
#	0x49e583	internal/poll.(*FD).ReadMsg+0x223					/usr/local/go/src/internal/poll/fd_unix.go:242
#	0x5af8ef	net.(*netFD).readMsg+0x8f						/usr/local/go/src/net/fd_posix.go:67
#	0x5cb690	net.(*UDPConn).readMsg+0x90						/usr/local/go/src/net/udpsock_posix.go:59
#	0x5c961c	net.(*UDPConn).ReadMsgUDP+0x9c						/usr/local/go/src/net/udpsock.go:139
#	0x860f56	github.com/miekg/dns.ReadFromSessionUDP+0xb6				/home/user/go/pkg/mod/github.com/miekg/[email protected]/udp.go:42
#	0x84c258	github.com/miekg/dns.(*Server).readUDP+0xd8				/home/user/go/pkg/mod/github.com/miekg/[email protected]/server.go:687
#	0x8495e4	github.com/miekg/dns.defaultReader.ReadUDP+0x44				/home/user/go/pkg/mod/github.com/miekg/[email protected]/server.go:174
#	0x84ae39	github.com/miekg/dns.(*Server).serveUDP+0x1f9				/home/user/go/pkg/mod/github.com/miekg/[email protected]/server.go:501
#	0x849e30	github.com/miekg/dns.(*Server).ListenAndServe+0x390			/home/user/go/pkg/mod/github.com/miekg/[email protected]/server.go:330
#	0xb9cd1b	github.com/safing/portmaster/nameserver.startListener.func1+0x3b	/home/user/git/safing/portmaster/nameserver/module.go:114
#	0x7a14e1	github.com/safing/portbase/modules.(*Module).runWorker+0xa1		/home/user/git/safing/portbase/modules/worker.go:119
#	0x7a0f44	github.com/safing/portbase/modules.(*Module).runServiceWorker+0x124	/home/user/git/safing/portbase/modules/worker.go:78

2 @ 0x43a405 0x44a56f 0x793978 0x7a14e2 0x7a0f45 0x46de21
#	0x793977	github.com/safing/portbase/database.(*Interface).DelayedCacheWriter+0x1d7	/home/user/git/safing/portbase/database/interface_cache.go:34
#	0x7a14e1	github.com/safing/portbase/modules.(*Module).runWorker+0xa1			/home/user/git/safing/portbase/modules/worker.go:119
#	0x7a0f44	github.com/safing/portbase/modules.(*Module).runServiceWorker+0x124		/home/user/git/safing/portbase/modules/worker.go:78

2 @ 0x43a405 0x44a56f 0x7ee785 0x7a14e2 0x7a0c39 0x7a3219 0x46de21
#	0x7ee784	github.com/safing/portbase/api.(*DatabaseAPI).writer+0x124		/home/user/git/safing/portbase/api/database.go:217
#	0x7a14e1	github.com/safing/portbase/modules.(*Module).runWorker+0xa1		/home/user/git/safing/portbase/modules/worker.go:119
#	0x7a0c38	github.com/safing/portbase/modules.(*Module).RunWorker+0x98		/home/user/git/safing/portbase/modules/worker.go:47
#	0x7a3218	github.com/safing/portbase/modules.(*Module).StartWorker.func1+0x58	/home/user/git/safing/portbase/modules/worker.go:27

2 @ 0x43a405 0x44a56f 0x7f021f 0x7efe2b 0x46de21
#	0x7f021e	github.com/safing/portbase/api.(*DatabaseAPI).processSub+0x21e	/home/user/git/safing/portbase/api/database.go:415
#	0x7efe2a	github.com/safing/portbase/api.(*DatabaseAPI).handleSub+0xca	/home/user/git/safing/portbase/api/database.go:387

1 @ 0x40c434 0x46a77d 0x808625 0x46de21
#	0x46a77c	os/signal.signal_recv+0x9c	/usr/local/go/src/runtime/sigqueue.go:147
#	0x808624	os/signal.loop+0x24		/usr/local/go/src/os/signal/signal_unix.go:23

1 @ 0x43a405 0x40676f 0x4063ab 0x9a75eb 0x46de21
#	0x9a75ea	github.com/godbus/dbus/v5.newConn.func1+0x4a	/home/user/go/pkg/mod/github.com/godbus/dbus/[email protected]/conn.go:288

1 @ 0x43a405 0x40676f 0x4063ab 0xa1b82c 0x7a14e2 0x7a0f45 0x46de21
#	0xa1b82b	github.com/safing/portmaster/resolver.listenToMDNS+0x54b		/home/user/git/safing/portmaster/resolver/resolver-mdns.go:130
#	0x7a14e1	github.com/safing/portbase/modules.(*Module).runWorker+0xa1		/home/user/git/safing/portbase/modules/worker.go:119
#	0x7a0f44	github.com/safing/portbase/modules.(*Module).runServiceWorker+0x124	/home/user/git/safing/portbase/modules/worker.go:78

1 @ 0x43a405 0x4328db 0x4684b5 0x49cd85 0x49dc85 0x49dc63 0x5af62f 0x5be64e 0x60b9c2 0x4fd191 0x60bc13 0x608a35 0x60ecff 0x60ed0a 0x57aa82 0x47a9e7 0x685009 0x684fba 0x6857a5 0x6a482d 0x6a3fcf 0x46de21
#	0x4684b4	internal/poll.runtime_pollWait+0x54		/usr/local/go/src/runtime/netpoll.go:222
#	0x49cd84	internal/poll.(*pollDesc).wait+0x44		/usr/local/go/src/internal/poll/fd_poll_runtime.go:87
#	0x49dc84	internal/poll.(*pollDesc).waitRead+0x1a4	/usr/local/go/src/internal/poll/fd_poll_runtime.go:92
#	0x49dc62	internal/poll.(*FD).Read+0x182			/usr/local/go/src/internal/poll/fd_unix.go:159
#	0x5af62e	net.(*netFD).Read+0x4e				/usr/local/go/src/net/fd_posix.go:55
#	0x5be64d	net.(*conn).Read+0x8d				/usr/local/go/src/net/net.go:182
#	0x60b9c1	crypto/tls.(*atLeastReader).Read+0x61		/usr/local/go/src/crypto/tls/conn.go:779
#	0x4fd190	bytes.(*Buffer).ReadFrom+0xb0			/usr/local/go/src/bytes/buffer.go:204
#	0x60bc12	crypto/tls.(*Conn).readFromUntil+0xf2		/usr/local/go/src/crypto/tls/conn.go:801
#	0x608a34	crypto/tls.(*Conn).readRecordOrCCS+0x114	/usr/local/go/src/crypto/tls/conn.go:608
#	0x60ecfe	crypto/tls.(*Conn).readRecord+0x15e		/usr/local/go/src/crypto/tls/conn.go:576
#	0x60ed09	crypto/tls.(*Conn).Read+0x169			/usr/local/go/src/crypto/tls/conn.go:1252
#	0x57aa81	bufio.(*Reader).Read+0x221			/usr/local/go/src/bufio/bufio.go:227
#	0x47a9e6	io.ReadAtLeast+0x86				/usr/local/go/src/io/io.go:314
#	0x685008	io.ReadFull+0x88				/usr/local/go/src/io/io.go:333
#	0x684fb9	net/http.http2readFrameHeader+0x39		/usr/local/go/src/net/http/h2_bundle.go:1477
#	0x6857a4	net/http.(*http2Framer).ReadFrame+0xa4		/usr/local/go/src/net/http/h2_bundle.go:1735
#	0x6a482c	net/http.(*http2clientConnReadLoop).run+0x8c	/usr/local/go/src/net/http/h2_bundle.go:8257
#	0x6a3fce	net/http.(*http2ClientConn).readLoop+0x6e	/usr/local/go/src/net/http/h2_bundle.go:8185

1 @ 0x43a405 0x4328db 0x4684b5 0x49cd85 0x49dc85 0x49dc63 0x5af62f 0x5be64e 0x6b5bf8 0x46de21
#	0x4684b4	internal/poll.runtime_pollWait+0x54		/usr/local/go/src/runtime/netpoll.go:222
#	0x49cd84	internal/poll.(*pollDesc).wait+0x44		/usr/local/go/src/internal/poll/fd_poll_runtime.go:87
#	0x49dc84	internal/poll.(*pollDesc).waitRead+0x1a4	/usr/local/go/src/internal/poll/fd_poll_runtime.go:92
#	0x49dc62	internal/poll.(*FD).Read+0x182			/usr/local/go/src/internal/poll/fd_unix.go:159
#	0x5af62e	net.(*netFD).Read+0x4e				/usr/local/go/src/net/fd_posix.go:55
#	0x5be64d	net.(*conn).Read+0x8d				/usr/local/go/src/net/net.go:182
#	0x6b5bf7	net/http.(*connReader).backgroundRead+0x57	/usr/local/go/src/net/http/server.go:690

1 @ 0x43a405 0x4328db 0x4684b5 0x49cd85 0x49dc85 0x49dc63 0x5af62f 0x5be64e 0xa1dacc 0xa2a04a 0x7a14e2 0x7a0f45 0x46de21
#	0x4684b4	internal/poll.runtime_pollWait+0x54					/usr/local/go/src/runtime/netpoll.go:222
#	0x49cd84	internal/poll.(*pollDesc).wait+0x44					/usr/local/go/src/internal/poll/fd_poll_runtime.go:87
#	0x49dc84	internal/poll.(*pollDesc).waitRead+0x1a4				/usr/local/go/src/internal/poll/fd_poll_runtime.go:92
#	0x49dc62	internal/poll.(*FD).Read+0x182						/usr/local/go/src/internal/poll/fd_unix.go:159
#	0x5af62e	net.(*netFD).Read+0x4e							/usr/local/go/src/net/fd_posix.go:55
#	0x5be64d	net.(*conn).Read+0x8d							/usr/local/go/src/net/net.go:182
#	0xa1dacb	github.com/safing/portmaster/resolver.listenForDNSPackets+0x8b		/home/user/git/safing/portmaster/resolver/resolver-mdns.go:328
#	0xa2a049	github.com/safing/portmaster/resolver.listenToMDNS.func1+0x49		/home/user/git/safing/portmaster/resolver/resolver-mdns.go:86
#	0x7a14e1	github.com/safing/portbase/modules.(*Module).runWorker+0xa1		/home/user/git/safing/portbase/modules/worker.go:119
#	0x7a0f44	github.com/safing/portbase/modules.(*Module).runServiceWorker+0x124	/home/user/git/safing/portbase/modules/worker.go:78

1 @ 0x43a405 0x4328db 0x4684b5 0x49cd85 0x49dc85 0x49dc63 0x5af62f 0x5be64e 0xa1dacc 0xa2a0ca 0x7a14e2 0x7a0f45 0x46de21
#	0x4684b4	internal/poll.runtime_pollWait+0x54					/usr/local/go/src/runtime/netpoll.go:222
#	0x49cd84	internal/poll.(*pollDesc).wait+0x44					/usr/local/go/src/internal/poll/fd_poll_runtime.go:87
#	0x49dc84	internal/poll.(*pollDesc).waitRead+0x1a4				/usr/local/go/src/internal/poll/fd_poll_runtime.go:92
#	0x49dc62	internal/poll.(*FD).Read+0x182						/usr/local/go/src/internal/poll/fd_unix.go:159
#	0x5af62e	net.(*netFD).Read+0x4e							/usr/local/go/src/net/fd_posix.go:55
#	0x5be64d	net.(*conn).Read+0x8d							/usr/local/go/src/net/net.go:182
#	0xa1dacb	github.com/safing/portmaster/resolver.listenForDNSPackets+0x8b		/home/user/git/safing/portmaster/resolver/resolver-mdns.go:328
#	0xa2a0c9	github.com/safing/portmaster/resolver.listenToMDNS.func2+0x49		/home/user/git/safing/portmaster/resolver/resolver-mdns.go:97
#	0x7a14e1	github.com/safing/portbase/modules.(*Module).runWorker+0xa1		/home/user/git/safing/portbase/modules/worker.go:119
#	0x7a0f44	github.com/safing/portbase/modules.(*Module).runServiceWorker+0x124	/home/user/git/safing/portbase/modules/worker.go:78

1 @ 0x43a405 0x4328db 0x4684b5 0x49cd85 0x49dc85 0x49dc63 0x5af62f 0x5be64e 0xa1dacc 0xa2a14a 0x7a14e2 0x7a0f45 0x46de21
#	0x4684b4	internal/poll.runtime_pollWait+0x54					/usr/local/go/src/runtime/netpoll.go:222
#	0x49cd84	internal/poll.(*pollDesc).wait+0x44					/usr/local/go/src/internal/poll/fd_poll_runtime.go:87
#	0x49dc84	internal/poll.(*pollDesc).waitRead+0x1a4				/usr/local/go/src/internal/poll/fd_poll_runtime.go:92
#	0x49dc62	internal/poll.(*FD).Read+0x182						/usr/local/go/src/internal/poll/fd_unix.go:159
#	0x5af62e	net.(*netFD).Read+0x4e							/usr/local/go/src/net/fd_posix.go:55
#	0x5be64d	net.(*conn).Read+0x8d							/usr/local/go/src/net/net.go:182
#	0xa1dacb	github.com/safing/portmaster/resolver.listenForDNSPackets+0x8b		/home/user/git/safing/portmaster/resolver/resolver-mdns.go:328
#	0xa2a149	github.com/safing/portmaster/resolver.listenToMDNS.func3+0x49		/home/user/git/safing/portmaster/resolver/resolver-mdns.go:108
#	0x7a14e1	github.com/safing/portbase/modules.(*Module).runWorker+0xa1		/home/user/git/safing/portbase/modules/worker.go:119
#	0x7a0f44	github.com/safing/portbase/modules.(*Module).runServiceWorker+0x124	/home/user/git/safing/portbase/modules/worker.go:78

1 @ 0x43a405 0x4328db 0x4684b5 0x49cd85 0x49dc85 0x49dc63 0x5af62f 0x5be64e 0xa1dacc 0xa2a1ca 0x7a14e2 0x7a0f45 0x46de21
#	0x4684b4	internal/poll.runtime_pollWait+0x54					/usr/local/go/src/runtime/netpoll.go:222
#	0x49cd84	internal/poll.(*pollDesc).wait+0x44					/usr/local/go/src/internal/poll/fd_poll_runtime.go:87
#	0x49dc84	internal/poll.(*pollDesc).waitRead+0x1a4				/usr/local/go/src/internal/poll/fd_poll_runtime.go:92
#	0x49dc62	internal/poll.(*FD).Read+0x182						/usr/local/go/src/internal/poll/fd_unix.go:159
#	0x5af62e	net.(*netFD).Read+0x4e							/usr/local/go/src/net/fd_posix.go:55
#	0x5be64d	net.(*conn).Read+0x8d							/usr/local/go/src/net/net.go:182
#	0xa1dacb	github.com/safing/portmaster/resolver.listenForDNSPackets+0x8b		/home/user/git/safing/portmaster/resolver/resolver-mdns.go:328
#	0xa2a1c9	github.com/safing/portmaster/resolver.listenToMDNS.func4+0x49		/home/user/git/safing/portmaster/resolver/resolver-mdns.go:119
#	0x7a14e1	github.com/safing/portbase/modules.(*Module).runWorker+0xa1		/home/user/git/safing/portbase/modules/worker.go:119
#	0x7a0f44	github.com/safing/portbase/modules.(*Module).runServiceWorker+0x124	/home/user/git/safing/portbase/modules/worker.go:78

1 @ 0x43a405 0x4328db 0x4684b5 0x49cd85 0x49e5a6 0x49e584 0x5af8f0 0x5ce7f1 0x5cca7d 0x9a446d 0x47a9e7 0x9a4c66 0x9a4c26 0x98c532 0x46de21
#	0x4684b4	internal/poll.runtime_pollWait+0x54				/usr/local/go/src/runtime/netpoll.go:222
#	0x49cd84	internal/poll.(*pollDesc).wait+0x44				/usr/local/go/src/internal/poll/fd_poll_runtime.go:87
#	0x49e5a5	internal/poll.(*pollDesc).waitRead+0x245			/usr/local/go/src/internal/poll/fd_poll_runtime.go:92
#	0x49e583	internal/poll.(*FD).ReadMsg+0x223				/usr/local/go/src/internal/poll/fd_unix.go:242
#	0x5af8ef	net.(*netFD).readMsg+0x8f					/usr/local/go/src/net/fd_posix.go:67
#	0x5ce7f0	net.(*UnixConn).readMsg+0x90					/usr/local/go/src/net/unixsock_posix.go:115
#	0x5cca7c	net.(*UnixConn).ReadMsgUnix+0x9c				/usr/local/go/src/net/unixsock.go:143
#	0x9a446c	github.com/godbus/dbus/v5.(*oobReader).Read+0x8c		/home/user/go/pkg/mod/github.com/godbus/dbus/[email protected]/transport_unix.go:21
#	0x47a9e6	io.ReadAtLeast+0x86						/usr/local/go/src/io/io.go:314
#	0x9a4c65	io.ReadFull+0x125						/usr/local/go/src/io/io.go:333
#	0x9a4c25	github.com/godbus/dbus/v5.(*unixTransport).ReadMessage+0xe5	/home/user/go/pkg/mod/github.com/godbus/dbus/[email protected]/transport_unix.go:91
#	0x98c531	github.com/godbus/dbus/v5.(*Conn).inWorker+0x51			/home/user/go/pkg/mod/github.com/godbus/dbus/[email protected]/conn.go:389

1 @ 0x43a405 0x4328db 0x4684b5 0x49cd85 0x49f83c 0x49f81e 0x5b0ba5 0x5c8632 0x5c7185 0x6c0186 0x6bfeb7 0x7f93cd 0x7a14e2 0x7a0c39 0x7f7056 0x46de21
#	0x4684b4	internal/poll.runtime_pollWait+0x54				/usr/local/go/src/runtime/netpoll.go:222
#	0x49cd84	internal/poll.(*pollDesc).wait+0x44				/usr/local/go/src/internal/poll/fd_poll_runtime.go:87
#	0x49f83b	internal/poll.(*pollDesc).waitRead+0x1fb			/usr/local/go/src/internal/poll/fd_poll_runtime.go:92
#	0x49f81d	internal/poll.(*FD).Accept+0x1dd				/usr/local/go/src/internal/poll/fd_unix.go:394
#	0x5b0ba4	net.(*netFD).accept+0x44					/usr/local/go/src/net/fd_unix.go:172
#	0x5c8631	net.(*TCPListener).accept+0x31					/usr/local/go/src/net/tcpsock_posix.go:139
#	0x5c7184	net.(*TCPListener).Accept+0x64					/usr/local/go/src/net/tcpsock.go:261
#	0x6c0185	net/http.(*Server).Serve+0x265					/usr/local/go/src/net/http/server.go:2937
#	0x6bfeb6	net/http.(*Server).ListenAndServe+0xb6				/usr/local/go/src/net/http/server.go:2866
#	0x7f93cc	github.com/safing/portbase/api.Serve.func1+0x2c			/home/user/git/safing/portbase/api/router.go:63
#	0x7a14e1	github.com/safing/portbase/modules.(*Module).runWorker+0xa1	/home/user/git/safing/portbase/modules/worker.go:119
#	0x7a0c38	github.com/safing/portbase/modules.(*Module).RunWorker+0x98	/home/user/git/safing/portbase/modules/worker.go:47
#	0x7f7055	github.com/safing/portbase/api.Serve+0x1d5			/home/user/git/safing/portbase/api/router.go:62

1 @ 0x43a405 0x44a56f 0x7526d4 0x7522d1 0x46de21
#	0x7526d3	github.com/safing/portbase/log.writer+0x393		/home/user/git/safing/portbase/log/output.go:156
#	0x7522d0	github.com/safing/portbase/log.writerManager+0x90	/home/user/git/safing/portbase/log/output.go:113

1 @ 0x43a405 0x44a56f 0x79a585 0x46de21
#	0x79a584	github.com/safing/portbase/modules.microTaskScheduler+0x1a4	/home/user/git/safing/portbase/modules/microtasks.go:184

1 @ 0x43a405 0x44a56f 0x7a06a5 0x46de21
#	0x7a06a4	github.com/safing/portbase/modules.taskQueueHandler+0x1c4	/home/user/git/safing/portbase/modules/tasks.go:447

1 @ 0x43a405 0x44a56f 0x7a0968 0x46de21
#	0x7a0967	github.com/safing/portbase/modules.taskScheduleHandler+0xe7	/home/user/git/safing/portbase/modules/tasks.go:497

1 @ 0x43a405 0x44a56f 0x7ab29e 0x7a14e2 0x7a0f45 0x46de21
#	0x7ab29d	github.com/safing/portbase/rng.(*Feeder).run+0x13d			/home/user/git/safing/portbase/rng/entropy.go:101
#	0x7a14e1	github.com/safing/portbase/modules.(*Module).runWorker+0xa1		/home/user/git/safing/portbase/modules/worker.go:119
#	0x7a0f44	github.com/safing/portbase/modules.(*Module).runServiceWorker+0x124	/home/user/git/safing/portbase/modules/worker.go:78

1 @ 0x43a405 0x44a56f 0x7ab425 0x7a14e2 0x7a0f45 0x46de21
#	0x7ab424	github.com/safing/portbase/rng.(*Feeder).run+0x2c4			/home/user/git/safing/portbase/rng/entropy.go:119
#	0x7a14e1	github.com/safing/portbase/modules.(*Module).runWorker+0xa1		/home/user/git/safing/portbase/modules/worker.go:119
#	0x7a0f44	github.com/safing/portbase/modules.(*Module).runServiceWorker+0x124	/home/user/git/safing/portbase/modules/worker.go:78

1 @ 0x43a405 0x44a56f 0x7ab75d 0x7a14e2 0x7a0f45 0x46de21
#	0x7ab75c	github.com/safing/portbase/rng.fullFeeder+0x15c				/home/user/git/safing/portbase/rng/fullfeed.go:25
#	0x7a14e1	github.com/safing/portbase/modules.(*Module).runWorker+0xa1		/home/user/git/safing/portbase/modules/worker.go:119
#	0x7a0f44	github.com/safing/portbase/modules.(*Module).runServiceWorker+0x124	/home/user/git/safing/portbase/modules/worker.go:78

1 @ 0x43a405 0x44a56f 0x7ac197 0x7a14e2 0x7a0f45 0x46de21
#	0x7ac196	github.com/safing/portbase/rng.osFeeder+0x1d6				/home/user/git/safing/portbase/rng/osfeeder.go:27
#	0x7a14e1	github.com/safing/portbase/modules.(*Module).runWorker+0xa1		/home/user/git/safing/portbase/modules/worker.go:119
#	0x7a0f44	github.com/safing/portbase/modules.(*Module).runServiceWorker+0x124	/home/user/git/safing/portbase/modules/worker.go:78

1 @ 0x43a405 0x44a56f 0x808bb0 0xb9d825 0x43a009 0x46de21
#	0x808baf	github.com/safing/portbase/run.Run+0x22f	/home/user/git/safing/portbase/run/main.go:66
#	0xb9d824	main.main+0xc4					/home/user/git/safing/portmaster/cmds/portmaster-core/main.go:31
#	0x43a008	runtime.main+0x208				/usr/local/go/src/runtime/proc.go:204

1 @ 0x43a405 0x44a56f 0x9721f5 0x7a14e2 0x7a0f45 0x46de21
#	0x9721f4	github.com/safing/portbase/notifications.cleaner+0x114			/home/user/git/safing/portbase/notifications/cleaner.go:13
#	0x7a14e1	github.com/safing/portbase/modules.(*Module).runWorker+0xa1		/home/user/git/safing/portbase/modules/worker.go:119
#	0x7a0f44	github.com/safing/portbase/modules.(*Module).runServiceWorker+0x124	/home/user/git/safing/portbase/modules/worker.go:78

1 @ 0x43a405 0x44a56f 0x9bf578 0x7a14e2 0x7a0f45 0x46de21
#	0x9bf577	github.com/safing/portmaster/intel/geoip.(*updateWorker).run+0x117	/home/user/git/safing/portmaster/intel/geoip/database.go:173
#	0x7a14e1	github.com/safing/portbase/modules.(*Module).runWorker+0xa1		/home/user/git/safing/portbase/modules/worker.go:119
#	0x7a0f44	github.com/safing/portbase/modules.(*Module).runServiceWorker+0x124	/home/user/git/safing/portbase/modules/worker.go:78

1 @ 0x43a405 0x44a56f 0x9c8b97 0x7a14e2 0x7a0f45 0x46de21
#	0x9c8b96	github.com/safing/portmaster/netenv.monitorNetworkChanges+0x156		/home/user/git/safing/portmaster/netenv/network-change.go:48
#	0x7a14e1	github.com/safing/portbase/modules.(*Module).runWorker+0xa1		/home/user/git/safing/portbase/modules/worker.go:119
#	0x7a0f44	github.com/safing/portbase/modules.(*Module).runServiceWorker+0x124	/home/user/git/safing/portbase/modules/worker.go:78

1 @ 0x43a405 0x44a56f 0x9ca07c 0x7a14e2 0x7a0f45 0x46de21
#	0x9ca07b	github.com/safing/portmaster/netenv.monitorOnlineStatus+0x13b		/home/user/git/safing/portmaster/netenv/online-status.go:357
#	0x7a14e1	github.com/safing/portbase/modules.(*Module).runWorker+0xa1		/home/user/git/safing/portbase/modules/worker.go:119
#	0x7a0f44	github.com/safing/portbase/modules.(*Module).runServiceWorker+0x124	/home/user/git/safing/portbase/modules/worker.go:78

1 @ 0x43a405 0x44a56f 0x9dbd3c 0x7a14e2 0x7a0c39 0x7a3219 0x46de21
#	0x9dbd3b	github.com/safing/portmaster/status.autoPilot+0xdb			/home/user/git/safing/portmaster/status/autopilot.go:16
#	0x7a14e1	github.com/safing/portbase/modules.(*Module).runWorker+0xa1		/home/user/git/safing/portbase/modules/worker.go:119
#	0x7a0c38	github.com/safing/portbase/modules.(*Module).RunWorker+0x98		/home/user/git/safing/portbase/modules/worker.go:47
#	0x7a3218	github.com/safing/portbase/modules.(*Module).StartWorker.func1+0x58	/home/user/git/safing/portbase/modules/worker.go:27

1 @ 0x43a405 0x44a56f 0xa1bd0e 0xa2a23e 0x7a14e2 0x7a0f45 0x46de21
#	0xa1bd0d	github.com/safing/portmaster/resolver.handleMDNSMessages+0xed		/home/user/git/safing/portmaster/resolver/resolver-mdns.go:137
#	0xa2a23d	github.com/safing/portmaster/resolver.listenToMDNS.func5+0x3d		/home/user/git/safing/portmaster/resolver/resolver-mdns.go:126
#	0x7a14e1	github.com/safing/portbase/modules.(*Module).runWorker+0xa1		/home/user/git/safing/portbase/modules/worker.go:119
#	0x7a0f44	github.com/safing/portbase/modules.(*Module).runServiceWorker+0x124	/home/user/git/safing/portbase/modules/worker.go:78

1 @ 0x43a405 0x44a56f 0xa7e1a5 0x7a14e2 0x7a0f45 0x46de21
#	0xa7e1a4	github.com/safing/portmaster/profile.cleanActiveProfiles+0x184		/home/user/git/safing/portmaster/profile/active.go:84
#	0x7a14e1	github.com/safing/portbase/modules.(*Module).runWorker+0xa1		/home/user/git/safing/portbase/modules/worker.go:119
#	0x7a0f44	github.com/safing/portbase/modules.(*Module).runServiceWorker+0x124	/home/user/git/safing/portbase/modules/worker.go:78

1 @ 0x43a405 0x44a56f 0xb188a5 0x46de21
#	0xb188a4	github.com/xtaci/kcp-go/v5.(*TimedSched).prepend+0x284	/home/user/go/pkg/mod/github.com/xtaci/kcp-go/[email protected]/timedsched.go:103

1 @ 0x43a405 0x44a56f 0xb3e645 0x7a14e2 0x7a0f45 0x46de21
#	0xb3e644	github.com/safing/portmaster/network.connectionCleaner+0x104		/home/user/git/safing/portmaster/network/clean.go:24
#	0x7a14e1	github.com/safing/portbase/modules.(*Module).runWorker+0xa1		/home/user/git/safing/portbase/modules/worker.go:119
#	0x7a0f44	github.com/safing/portbase/modules.(*Module).runServiceWorker+0x124	/home/user/git/safing/portbase/modules/worker.go:78

1 @ 0x43a405 0x44a56f 0xb433d5 0x7a14e2 0x7a0f45 0x46de21
#	0xb433d4	github.com/safing/portmaster/network.openDNSRequestWriter+0x114		/home/user/git/safing/portmaster/network/dns.go:91
#	0x7a14e1	github.com/safing/portbase/modules.(*Module).runWorker+0xa1		/home/user/git/safing/portbase/modules/worker.go:119
#	0x7a0f44	github.com/safing/portbase/modules.(*Module).runServiceWorker+0x124	/home/user/git/safing/portbase/modules/worker.go:78

1 @ 0x43a405 0x44a56f 0xb83db2 0x46de21
#	0xb83db1	github.com/safing/portmaster/firewall/interception.handleInterception+0x1f1	/home/user/git/safing/portmaster/firewall/interception/nfqueue_linux.go:300

1 @ 0x43a405 0x44a56f 0xb8f297 0x7a14e2 0x7a0c39 0x7a3219 0x46de21
#	0xb8f296	github.com/safing/portmaster/firewall.packetHandler+0xf6		/home/user/git/safing/portmaster/firewall/interception.go:522
#	0x7a14e1	github.com/safing/portbase/modules.(*Module).runWorker+0xa1		/home/user/git/safing/portbase/modules/worker.go:119
#	0x7a0c38	github.com/safing/portbase/modules.(*Module).RunWorker+0x98		/home/user/git/safing/portbase/modules/worker.go:47
#	0x7a3218	github.com/safing/portbase/modules.(*Module).StartWorker.func1+0x58	/home/user/git/safing/portbase/modules/worker.go:27

1 @ 0x43a405 0x44a56f 0xb8f572 0x7a14e2 0x7a0c39 0x7a3219 0x46de21
#	0xb8f571	github.com/safing/portmaster/firewall.statLogger+0x231			/home/user/git/safing/portmaster/firewall/interception.go:536
#	0x7a14e1	github.com/safing/portbase/modules.(*Module).runWorker+0xa1		/home/user/git/safing/portbase/modules/worker.go:119
#	0x7a0c38	github.com/safing/portbase/modules.(*Module).RunWorker+0x98		/home/user/git/safing/portbase/modules/worker.go:47
#	0x7a3218	github.com/safing/portbase/modules.(*Module).StartWorker.func1+0x58	/home/user/git/safing/portbase/modules/worker.go:27

1 @ 0x43a405 0x46af3f 0x7ac8f9 0x7a14e2 0x7a0f45 0x46de21
#	0x46af3e	time.Sleep+0xbe								/usr/local/go/src/runtime/time.go:188
#	0x7ac8f8	github.com/safing/portbase/rng.tickFeeder+0x98				/home/user/git/safing/portbase/rng/tickfeeder.go:46
#	0x7a14e1	github.com/safing/portbase/modules.(*Module).runWorker+0xa1		/home/user/git/safing/portbase/modules/worker.go:119
#	0x7a0f44	github.com/safing/portbase/modules.(*Module).runServiceWorker+0x124	/home/user/git/safing/portbase/modules/worker.go:78

1 @ 0x4680bd 0x7cf4c2 0x7cf285 0x7cbdf2 0x7e8792 0xa75736 0x7f3a04 0x7f2fcd 0x7f7d4f 0x7f9445 0x7a14e2 0x7a0c39 0x7f719d 0x6bfdc3 0x6bbe4d 0x46de21
#	0x4680bc	runtime/pprof.runtime_goroutineProfileWithLabels+0x5c			/usr/local/go/src/runtime/mprof.go:716
#	0x7cf4c1	runtime/pprof.writeRuntimeProfile+0xe1					/usr/local/go/src/runtime/pprof/pprof.go:724
#	0x7cf284	runtime/pprof.writeGoroutine+0xa4					/usr/local/go/src/runtime/pprof/pprof.go:684
#	0x7cbdf1	runtime/pprof.(*Profile).WriteTo+0x3f1					/usr/local/go/src/runtime/pprof/pprof.go:331
#	0x7e8791	github.com/safing/portbase/utils/debug.(*Info).AddGoroutineStack+0x91	/home/user/git/safing/portbase/utils/debug/debug.go:132
#	0xa75735	github.com/safing/portmaster/core.debugInfo+0xf5			/home/user/git/safing/portmaster/core/api.go:91
#	0x7f3a03	github.com/safing/portbase/api.(*Endpoint).ServeHTTP+0xa03		/home/user/git/safing/portbase/api/endpoints.go:438
#	0x7f2fcc	github.com/safing/portbase/api.(*endpointHandler).ServeHTTP+0xac	/home/user/git/safing/portbase/api/endpoints.go:357
#	0x7f7d4e	github.com/safing/portbase/api.(*mainHandler).handle+0xb8e		/home/user/git/safing/portbase/api/router.go:197
#	0x7f9444	github.com/safing/portbase/api.(*mainHandler).ServeHTTP.func1+0x44	/home/user/git/safing/portbase/api/router.go:81
#	0x7a14e1	github.com/safing/portbase/modules.(*Module).runWorker+0xa1		/home/user/git/safing/portbase/modules/worker.go:119
#	0x7a0c38	github.com/safing/portbase/modules.(*Module).RunWorker+0x98		/home/user/git/safing/portbase/modules/worker.go:47
#	0x7f719c	github.com/safing/portbase/api.(*mainHandler).ServeHTTP+0x9c		/home/user/git/safing/portbase/api/router.go:80
#	0x6bfdc2	net/http.serverHandler.ServeHTTP+0xa2					/usr/local/go/src/net/http/server.go:2843
#	0x6bbe4c	net/http.(*conn).serve+0x8ac						/usr/local/go/src/net/http/server.go:1925
@northys northys added the bug TYPE: a report on something that isn't working label Dec 13, 2021
@dhaavi
Copy link
Member

dhaavi commented Dec 14, 2021

Hey @northys, thanks for the report.

This is a fix for electron on older kernels that don't support unprivileged USERNS_CLONE.

You can find the details here:
safing/portmaster@9751a52#diff-f839e53dfe3b32402a831af008948d464c0b056563b68230e8da21764df5a914R22-R55

This shouldn't fail though, but more, this shouldn't be executed as your kernel should have support for unprivileged USERNS_CLONE.

@ppacher
Copy link
Contributor

ppacher commented Jan 25, 2022

Hi @northys, could you share the output of sysctl kernel.unprivileged_userns_clone ?

@northys
Copy link
Author

northys commented Jan 25, 2022 via email

@ppacher
Copy link
Contributor

ppacher commented Jan 27, 2022

Thanks for the output. Seems like there's no such file on your system. I just downloaded and installed a fedora locally to test that and I'm able to reproduce the issue. I will ping you once we have a proper patch available (we changed some stuff in the beta release channel but I fear that fix is incomplete).

@ppacher
Copy link
Contributor

ppacher commented Feb 28, 2022
edited
Loading

So it turns out there just no easy way to reliably detect whether or not unprivileged user namespaces are enabled or not. Right now I see the following possibilities:

  • We could try to parse /proc/config.gz but that file is not always available. In that case, we would need to start searching the boot partition for config-<kver> files and try to parse them. Then we need to check if CONFIG_USER_NS and CONFIG_USER_NS_UNPRIVILEGED are enabled. Though the existence of those files is not guaranteed and this approach will likely fail.
  • To detect user namespaces we can check if /proc/self/ns/user exists but that does not tell us whether unprivileged (CONFIG_USER_NS_UNPRIVILEGED) is enabled as well.
  • We could try to run unshare --map-root-user id -u and check whether it executes successfully and outputs 0. Though, this adds a new dependency for the unshare binary and will likely require some tweaks/hacks for different verions of that binary.

To sum up, I'm not sure trying to correctly detect that is worth the effort. Maybe we can just set the SUID bit by default on chrome-sandbox and provide a flag to disable that behavior in case somebody really want's to avoid having an SUID binary lying around. That would be the best choice for user experience. Security wise, we could NOT set the SUID bit and rather try to inform the user that this needs to be done manually after an upgrade of electron. Though, communicating this is hard since the UI doesn't start and it might be hard to fix for less tech-savvy users.

My pitch would be to set the SUID bit and let users disable the behavior using a --disable-sandbox-suid flag.

@northys
Copy link
Author

northys commented Mar 17, 2022

Sorry for late reply I forgot about this issue. I actually don't understand the internals much and the log isn't bothering me since everything works. I just wanted to ask if everything is fine and whether I should care about the warning.

So it's up to you to figure out how to solve this issue. Someone would say to write it to doc but who reads the doc right? :D

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ppacher ppacher

Labels
bug TYPE: a report on something that isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ppacher @northys @dhaavi