LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
LinkBack Search this Thread
Old 10-10-2013, 01:53 PM   #1
jon lee
Member
 
Registered: Jul 2013
Posts: 81

Rep: Reputation: Disabled
Is there a way to prevent Firefox from placing a lock on xtables?


I have a standard firewall script built with firewall builder. When I try to reload the script with Firefox up and running I get this:
Quote:
bash-4.2# /etc/rc.d/rc.firewall reload
Another app is currently holding the xtables lock. Perhaps you want to use the -w option?
Another app is currently holding the xtables lock. Perhaps you want to use the -w option?
Another app is currently holding the xtables lock. Perhaps you want to use the -w option?
iptables: Too many links.
I have to close down Firefox to reload the firewall script.
 
Old 10-15-2013, 08:01 AM   #2
jon lee
Member
 
Registered: Jul 2013
Posts: 81

Original Poster
Rep: Reputation: Disabled
OK, I've set up a chroot jail environment for firefox. I have it mostly working except for domain name resolution (I have to type an IP in the address bar directly). Some/most IP's will reverse resolve the IP to a domain name which then firefox will complain that it can't find the server.

Anyway, I can still access google and a few others by entering a direct IP. I have also made sure to have /etc/resolv.conf within the chroot jail.

Anyone have any ideas on what I am missing to get DNS resolution for firefox within a chroot jail? Or how to proceed to troubleshoot this further? I've searched the internet for answers and it seems I have everything needed.

(BTW, my Firefox configure options probably helped with being able to place it in a chroot jail, as it can run without dbus, etc... although I could have done without gstreamer.

Configure arguments

--prefix=/usr --disable-dbus --disable-gconf --disable-gnomevfs --enable-gstreamer --enable-address-sanitizer --enable-faststripe --disable-logging --enable-strip --enable-install-strip)
 
Old 10-15-2013, 05:55 PM   #3
jon lee
Member
 
Registered: Jul 2013
Posts: 81

Original Poster
Rep: Reputation: Disabled
(The magic file I was missing was libnss_dns.so.2)

If anyone is interested, here is a chroot jail version of Firefox 17.0.9:
http://www.mediafire.com/download/iv...ootjail.tar.gz

Source can be found on slackbuilds or the mozilla site.

Quick instructions for use. Extract the firefox folder somewhere.

open a terminal
xhost +
mount -o bind /dev /$PATH_TO/firefox/dev

The above step isn't entirely necessary for it to work, but without it Firefox will thrash your harddrive looking for something on every web page you visit.

chroot $PATH_TO/firefox
firefox

Now this runs it as root which isn't the best idea. If anyone would like to come up with a script/instructions to run it as a separate user, that would be great.

Anyway, placing firefox in a chroot jail fixes my original problem.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
rebuilding libxt_TCPOPTSTRIP.so library: xtables.h does not exist hayf Linux - Kernel 4 11-18-2011 07:30 AM
[SOLVED] Prevent thunderbird/xscreensaver from viewing new email notifications during lock. irmin Linux - Software 2 10-31-2010 09:38 AM
[SOLVED] prevent file system corruption on hard lock-up [GOD]Anck Slackware 9 04-07-2010 05:31 PM
LXer: If open source on its own doesn't prevent vendor lock-in, what's ... LXer Syndicated Linux News 0 04-29-2006 10:33 AM
How prevent firefox from sucking up so much memory? pdmackenzie Linux - Software 1 06-03-2005 10:33 PM


All times are GMT -5. The time now is 09:29 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration