E [FATAL] Error (exec): no such file or directory

[ghost]

Hi.

I've experimented creating and installing the following Oz profile for Wire:

{
"path": "/opt/wire-desktop/wire-desktop"
, "xserver": {
	"enabled": true
	, "tray_icon":"/usr/share/icons/hicolor/256x256/apps/wire-desktop.png"
	, "enable_tray": false
	, "enable_notifications": true
}
, "networking":{
	"type":"empty"
	, "sockets": [
		{"type":"client", "proto":"tcp", "port":9050}
	]
}
, "whitelist": [
	{"path":"${HOME}/.config/Wire", "can_create": true}
	, {"path": "/opt/wire-desktop", "read_only": true}
]
, "blacklist": [
]
, "environment": [
]
, "seccomp": {
	"mode":"blacklist"
	, "enforce": true
}
}

It was successfully installed:

user@subgraph:~$ sudo oz-setup status wire-desktop
Package divert is installed for:     /opt/wire-desktop/wire-desktop
user@subgraph:~$ 

But when I try running it, it does not launch and I get this using sudo journalctl -f:

Oct 29 19:18:52 subgraph oz-daemon[25328]: 2017/10/29 19:18:52 [wire-desktop] (stderr) E [FATAL] Error (exec): no such file or directory /opt/wire-desktop-oz/wire-desktop

Though,

user@subgraph:~$ ls -l /opt/wire-desktop-oz/wire-desktop 
-rwxr-xr-x 1 root root 83393032 Oct 10 15:36 /opt/wire-desktop-oz/wire-desktop
user@subgraph:~$ 

How could I fix this?

Thanks!

[dma]

Oz doesn't support opt this way. this is an open issue. Here's what I recommend you do:

have the oz profile point to /usr/bin/wire-desktop

/usr/bin/wire-desktop should be a symlink to /usr/bin/oz

In /usr/bin-oz/, create a symlink to /opt/wire-desktop-oz/wire-desktop

The rest is good (you've already added /opt/wire-desktop as a whitelisted path).

Let me know if this works.

[ghost]

Hello dma,

It worked, the application has been launched in a sandbox. Though, upon launching the application says it has no internet access. Do you know why that would be the case? After all, I've copied the networking settings straight out of Coyim's.

Thanks.

[unsigned-nerd]

I have a similar issue. The application is signal-desktop. I install it by adding an additional apt repository as instructed on signal.org's website, the Signal for Debian-based Linux. After that it couldn't run until I set a paxrat config for signal-desktop, which is fine. Then, I tried to sandbox it. Even though signal-desktop is installed under /opt/Signal/, but, it also has a link from /usr/local/bin, so, I could just use oz-setup to install it. Here is my config file (/var/lib/oz/cells.d/signal-desktop.json). Notice the "networking" section which I use "host" instead of "empty" with "sockets" like this:

, "networking":{
  "type":"host"
}

but not this:

, "networking":{
  "type":"empty"
  , "sockets": [
    {"type":"client", "proto":"tcp", "port":9050}
  ]
}

Using "host" as the "networking" works. Signal can be run in a sandbox with Internet access. But, if I use "empty, sockets, client, tcp, 9050", it has no Internet access.

What are the consequences of using "host"? From my understanding, Signal with "host" setting still accesses the Internet through Tor like any other applications e.g. w3m, (but not chromium which has a special configuration to use direct access), right? Do all applications either command line or GUI access the Internet through Tor? If so, then the consequence of me using "host" for now is that if there is a malicious code in signal-desktop, then my host's network can be attacked directly, right?

Thank you very much.