-
Notifications
You must be signed in to change notification settings - Fork 20
Known problems
GUI crash/exception/does not show up
OpenSnitch icon doesn't show up on gnome-shell
Kernel panic on >= 5.6.16 || kernel hardening incompatibilities
If you have installed it by double clicking on the pkgs, using a graphical installer, try to install it from command line:
$ sudo dpkg -i
*opensnitch*deb; sudo apt -f install
See issue #25 and issue #16 for additional information.
--
Check that you don't have a previous installation of opensnitch GUI in /usr/lib/python3*/*/opensnitch/ or /usr/local/lib/python3*/*/opensnitch/
If you have a previous installation remove it, and install the GUI again (you may have an installation of the original repo).
If it doesn't work, report it describing the steps to reproduce it, and the exception or log. For example:
Traceback (most recent call last):
File "/usr/lib/python3.8/site-packages/opensnitch/dialogs/prompt.py", line 362, in _on_apply_clicked
self._rule.name = slugify("%s %s %s" % (self._rule.action, self._rule.operator.type, self._rule.operator.data))
File "/usr/lib/python3.8/site-packages/slugify.py", line 24, in slugify
unicode(
NameError: name 'unicode' is not defined
--
For ArchLinux/Manjaro users this worked:
installed was from AUR python-unicode-slugify-git r43.b696c37-1
removed it and installed python-unicode-slugify 0.1.3-1.
--
On gnome-shell3, the systray icon doesn't show up. Some recommend installing gnome-shell-extension-appindicator,[desktop-icons,top-icons], but none of them works (as of today: 23/02/2020, on Debian 10/sid).
If you know how to fix this problem, open a bug indicating the workaround, or send a PR.
--
A common error you may encounter (in the original repo):
[2019-08-08 11:51:14] !!! Error while enabling probe descriptor for opensnitch_exec_probe: write /sys/kernel/debug/tracing/kprobe_events: no such file or directory
This is because opensnitch uses ftrace to get running processes (PIDs).
ftrace mounts a file system called debugfs in /sys/kernel/debugfs, and outputs kernel events to /sys/kernel/debugfs/tracing/trace and /sys/kernel/debugfs/tracing/trace_pipe
If for some reason those files can not be opened, opensnitch will not work.
Some reasons because ftrace is not available:
- debugfs is not mounted. If it's mounted you should see a similar output:
$ mount | grep debugfs
none on /sys/kernel/debug type debugfs (rw)
$
- log in syslog or journalctl: Lockdown: opensnitchd: Use of kprobes is restricted; see man kernel_lockdown.7
Quoting anreiple in issue #235:
Since kernel 4.17 if you have UEFI Secure Boot enabled then kernel does lockdown - using kernel probes, 3rd party kernel modules (even signed), etc is restricted
Starting from version v1.0.0-rc3, there's an alternative method to workaround this problem.
Another possible error
[2020-06-13 17:07:34] !!! Error while creating queue #0: Error binding to queue: operation not permitted.
Fixed in 1.0.0rc10. If you still see this error open a new issue and provide the following information
Some users have reported kernel panics with kernel 5.6.16 (#297) and other kernels(#41). deathtrip found that the culprit in his/her case was a configuration of the Arch's linux-hardened kernel command line option.
Removing the following options from the kernel booting parameters solved the issue:
slab_nomerge, slub_debug=FZP and page_alloc.shuffle=1
- Installation
-
Getting started
- Events window
- Process monitor dialog
- Configuration
- Compilation
- GUI translations
- FAQs and common errors
- Examples OpenSnitch in action