LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (https://www.linuxquestions.org/questions/slackware-14/)
-   -   Is there a way to prevent Firefox from placing a lock on xtables? (https://www.linuxquestions.org/questions/slackware-14/is-there-a-way-to-prevent-firefox-from-placing-a-lock-on-xtables-4175480324/)

jon lee 10-10-2013 01:53 PM
Is there a way to prevent Firefox from placing a lock on xtables?
 
I have a standard firewall script built with firewall builder. When I try to reload the script with Firefox up and running I get this:
Quote:
bash-4.2# /etc/rc.d/rc.firewall reload
Another app is currently holding the xtables lock. Perhaps you want to use the -w option?
Another app is currently holding the xtables lock. Perhaps you want to use the -w option?
Another app is currently holding the xtables lock. Perhaps you want to use the -w option?
iptables: Too many links.
I have to close down Firefox to reload the firewall script.

jon lee 10-15-2013 08:01 AM
OK, I've set up a chroot jail environment for firefox. I have it mostly working except for domain name resolution (I have to type an IP in the address bar directly). Some/most IP's will reverse resolve the IP to a domain name which then firefox will complain that it can't find the server.

Anyway, I can still access google and a few others by entering a direct IP. I have also made sure to have /etc/resolv.conf within the chroot jail.

Anyone have any ideas on what I am missing to get DNS resolution for firefox within a chroot jail? Or how to proceed to troubleshoot this further? I've searched the internet for answers and it seems I have everything needed.

(BTW, my Firefox configure options probably helped with being able to place it in a chroot jail, as it can run without dbus, etc... although I could have done without gstreamer.

Configure arguments

--prefix=/usr --disable-dbus --disable-gconf --disable-gnomevfs --enable-gstreamer --enable-address-sanitizer --enable-faststripe --disable-logging --enable-strip --enable-install-strip)

jon lee 10-15-2013 05:55 PM
(The magic file I was missing was libnss_dns.so.2)

If anyone is interested, here is a chroot jail version of Firefox 17.0.9:
http://www.mediafire.com/download/iv...ootjail.tar.gz

Source can be found on slackbuilds or the mozilla site.

Quick instructions for use. Extract the firefox folder somewhere.

open a terminal
xhost +
mount -o bind /dev /$PATH_TO/firefox/dev

The above step isn't entirely necessary for it to work, but without it Firefox will thrash your harddrive looking for something on every web page you visit.

chroot $PATH_TO/firefox
firefox

Now this runs it as root which isn't the best idea. If anyone would like to come up with a script/instructions to run it as a separate user, that would be great.

Anyway, placing firefox in a chroot jail fixes my original problem.


All times are GMT -5. The time now is 04:49 AM.