Good day,
I have programs.firejail.enable=true set in my configuration however when i try to run, for example, firejail firefox, I get an error stating
Error: too long environment variables, please use --rmenvFrom the man page, the --rmenv flag is used to remove a specific environment variable, however, Im unsure which one(s) to remove. Any help would be appreciated
Update:
I did some investigating and realized that specifically the following environment variables are the issue:
/nix/store/6qciynnpzbxbxvknzafwgg4lfp3h0i0m-konsole-21.04.0/share:/nix/store/xacprfsps52z4y345kb7ikxgvyw997dx-knewstuff-5.81.0/share:/nix/store/m9vdl0izsf9ffg3a0yvnqps5wlyhhakf-kpackage-5.81.0/share:/nix/store/2fi03imjksi3nr0kl1blbkzacyv0g3mc-kpackage-5.81.0-bin/share:/nix/store/k0159z503v1hkn7w97098rp37r1iz8qf-kirigami2-5.81.0/share:/nix/store/hl4yb3fl3hiih4qi1nln7kwxrl0mp7s7-kpty-5.81.0/share:/nix/store/w730fpc1dj19rf6ry0x45scp4v0dxd1z-kparts-5.81.0/share:/nix/store/qzwfrna75lw1650sras8kxgsbqfkyhfm-kparts-5.81.0-bin/share:/nix/store/ahkmncxakl59x6il5kxv20si6dnp22fy-knotifyconfig-5.81.0/share:/nix/store/n5xg5g8pjn191rw3kdql6vs762wcyl65-kinit-5.81.0/share:/nix/store/5hr5xaxfpvfw0zss4vij256h72dgymwc-kwallet-5.81.0/share:/nix/store/acwwlniyfc43i4nv35yg2j1nj56grqyx-kwallet-5.81.0-bin/share:/nix/store/z4cwxdq9573pyjcfj86byi473x28cpyz-knotifications-5.81.0/share:/nix/store/70986qc3wxmbjs7qax9ka0mlzc2gn7ny-knotifications-5.81.0-bin/share:/nix/store/b2gjjhlic3zaaiydy6q03lm4zsg92abr-solid-5.81.0/share:/ni /nix/store/fwmm1pvg74ajijwdhn401b0m9vdfx0la-knewstuff-5.81.0-bin/lib/qt-5.15.2/qml:/nix/store/k0159z503v1hkn7w97098rp37r1iz8qf-kirigami2-5.81.0/lib/qt-5.15.2/qml:/nix/store/hbzpwa68vwz762m00fnypr794f426yzz-qtgraphicaleffects-5.15.2/lib/qt-5.15.2/qml:/nix/store/x3fk82mlnrcdkq4k78dfa2cszg61spgi-qtquickcontrols2-5.15.2-bin/lib/qt-5.15.2/qml:/nix/store/wrzk8qf9hg18bbvymf2mlzmzmw5dx7h1-solid-5.81.0-bin/lib/qt-5.15.2/qml:/nix/store/si44xd5cwvjxa8yiapi7lqpbvhiagqsr-qtwayland-5.15.2-bin/lib/qt-5.15.2/qml:/nix/store/0xzzbcpa83fj119gf94kmxl7852c4wq4-qtquickcontrols-5.15.2/lib/qt-5.15.2/qml:/ni/nix/store/6qciynnpzbxbxvknzafwgg4lfp3h0i0m-konsole-21.04.0/lib/qt-5.15.2/plugins:/nix/store/9061biwjgjqp0y3hgbkzydw8i659442y-kio-5.81.0/lib/qt-5.15.2/plugins:/nix/store/cbpi6d5zpx9dmj0a53qhqjw8pnqbg6q5-phonon-4.11.1/lib/qt-5.15.2/plugins:/nix/store/61alx6ch9w80kp9hv1wnk25hh8j8kq4r-kxmlgui-5.81.0-bin/lib/qt-5.15.2/plugins:/nix/store/yg1fa67wvcc94rl9zl4zc223j8lqqih6-ktextwidgets-5.81.0-bin/lib/qt-5.15.2/plugins:/nix/store/6bm8bni2762689xwm6dlq0j780iflx5w-kcompletion-5.81.0/lib/qt-5.15.2/plugins:/nix/store/f877qfi41l3fp4d8qzy40868dq4p8ajv-sonnet-5.81.0-bin/lib/qt-5.15.2/plugins:/nix/store/3qa7z24dpjz3zdnzc2s3vnp696cskl16-kglobalaccel-5.81.0/lib/qt-5.15.2/plugins:/nix/store/x599in4sf3ss04p8m1ybsrxw9y11yr7i-kwindowsystem-5.81.0/lib/qt-5.15.2/plugins:/nix/store/cl3yp6q530ajdnji5l6maql5gibpwdci-kiconthemes-5.81.0-bin/lib/qt-5.15.2/plugins:/nix/store/jfiwbcj5nkydzzkp6hkxj38hcj0r5zkx-kitemviews-5.81.0/lib/qt-5.15.2/plugins:/ni/nix/store/9061biwjgjqp0y3hgbkzydw8i659442y-kio-5.81.0/etc/xdg:/nix/store/07lq8c21fl59hcfzpi8i49pdhw8wmnps-kservice-5.81.0-bin/etc/xdg:/nix/store/61alx6ch9w80kp9hv1wnk25hh8j8kq4r-kxmlgui-5.81.0-bin/etc/xdg:/nix/store/07lq8c21fl59hcfzpi8i49pdhw8wmnps-kservice-5.81.0-bin/etc/xdg:/nix/store/9061biwjgjqp0y3hgbkzydw8i659442y-kio-5.81.0/etc/xdg:/nix/store/61alx6ch9w80kp9hv1wnk25hh8j8kq4r-kxmlgui-5.81.0-bin/etc/xdg:/nix/store/6wp36jywdmdnq0akzp6zpd1hpsxvsqdc-plasma-workspace-5.21.5/etc/xdg:/nix/store/5v104c70ninvmndd73f4ns01aqg3xix3-kdelibs4support-5.81.0/etc/xdg:/nix/store/kykb1s7r2419cjy6mprcsm20w39xwa61-baloo-5.81.0-bin/etc/xdg:/nix/store/07lq8c21fl59hcfzpi8i49pdhw8wmnps-kservice-5.81.0-bin/etc/xdg:/nix/store/9061biwjgjqp0y3hgbkzydw8i659442y-kio-5.81.0/etc/xdg:/nix/stoI am using kde plasma and the issue only appears when I am in a graphical session. If i log into another tty, the issue disappears. Furthermore, after creating a new user, I have the same issue in a graphical session while it works in a tty. Therefore, the issue is most likely in the system configuration.
My configuration is quite simple, (the file below is sanitized)
#configuration.nix
{ config, pkgs, ... }:
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
./packages.nix
];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot = {
enable = true;
consoleMode="max";
};
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "MYNAME"; # Define your hostname.
networking.networkmanager.enable=true;
#networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.wireless.networks={
"NETWORK".psk="PASSWORD"; # note that this doesnt work
};
# Set your time zone.
time.timeZone = "America/Port_of_Spain";
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour.
networking.useDHCP = false;
networking.interfaces.enp3s0.useDHCP = true;
networking.interfaces.wlp0s20f0u6.useDHCP = true;
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
console = {
#font = "Lat2-Terminus16";
keyMap = "us";
};
i18n.inputMethod = {
enabled="ibus";
};
# Enable the X11 windowing system.
services.xserver.enable = true;
# Enable the Plasma 5 Desktop Environment.
services.xserver.displayManager.sddm.enable = true;
services.xserver.desktopManager.plasma5.enable = true;
# Enable CUPS to print documents.
services.printing.enable = true;
# Enable sound.
sound.enable = true;
hardware.pulseaudio.enable = true;
# Define a user account. Don't forget to set a password with ‘passwd’.
users.users = {
myname={
isNormalUser=true;
group="myname";
extraGroups=["wheel" "extra_drives" "networkmanager"];
};
mytester={
isNormalUser=true;
};
};
users.groups = {
myname={};
extra_drives={
# gid=1001;
};
};
environment.variables = {
EDITOR="nvim";
};
system.stateVersion = "21.05"; # Did you read the comment?
}#packages.nix
{
config, lib, pkgs, ...
}:{
environment.systemPackages = with pkgs;[
neovim
wget
firefox
git
borgbackup
ark
mpv
elisa
kate
libreoffice
gwenview
okular
copyq
gimp
vscodium
octave
texlive.combined.scheme-medium
sage
whatsapp-for-linux
pavucontrol
multimc
virt-manager-qt
];
programs.droidcam.enable=true;
fonts.fonts=with pkgs;[
lmodern
ubuntu_font_family
];
boot.kernelModules = ["kvm-intel"];
virtualisation.libvirtd.enable = true;
services.gnome.glib-networking.enable = true;
programs.firejail = {
enable=true;
wrappedBinaries = with pkgs;{
coolfox = {
executable="${lib.getBin firefox}/bin/firefox";
profile="${firejail}/etc/firejail/firefox.profile";
};
};
};
}#hardware-configuration.nix
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/<omitted>";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/<omitted>";
fsType = "vfat";
};
fileSystems."/media/Data" =
{ device = "/dev/disk/by-uuid/<omitted>";
fsType = "ext4";
};
swapDevices = [ ];
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
}
Any luck solving this issue?
I am trying to get firejail running on my system with Gnome 40, but it too fails with
Error: too long environment variables, please use --rmenv.
Sadly no, I mentioned the issue on github but no help was given there. However, someone said that the issue should have been fixed when firejail got updated which I think it did. So now, since I am running nixos-unstable, the issue no longer exists. I dont recall when it got fixed, but it did when I tried it one day. So almost definitely, the problem shouldnt exist in the next release
I also think it might have been fixed. I switched to nixos-unstable as well and I can at least run firejail firefox now without any issues. Let’s hope it stays that way, I like my sandbox 