You could compile it yourself without the sandboxing or manually edit the sandbox policies but both of these are maintenance effort you'd have to do overtime and they're not particularly worth that effort. If you're not willing to set the bind mount up or can't otherwise change the mount point, then realistically, the best option is probably just abandon the snap and use the official AppImage method. If you're interested this stack overflow question has some good information in the "Linux bind mount" section. This would be the best approach if you really wanted to keep using the Snap version. You can set up a bindmind to automount in /etc/fstab, and then you could feasibly have a folder such as $HOME/joplin-sync and have it bind mounted to the FUSE folder, set the target in the Joplin snap to $HOME/joplin-sync and the Sandboxing would allow it. Apparmor can tell a symbolic link is pointing at a prohibited file but it can't in the case of a bind mount. Inet 10.11.12.41 peer 10.11.12.I'm not sure if the Joplin GUI itself has any feedback on the permissions being blocked, but they'd appear in the systems logs, so something like sudo journalctl -since=yesterday | grep audit | grep joplin would show the kernel itself enforcing the sandbox which would be blocking the sync.Īs far as I'm aware, you can use a bind mount to get around this but not a symbolic link. Inet6 fe80::48ae:3767:b432:aca4/64 scope link noprefixrouteĦ: tunsnx: mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100 snx_browser::Established: CCC_CLIENT_BAD_FORMATġ: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 snx_browser::Receive: complete message received snx_browser::Receive: message size should be = 411 snx_CCC_browser::getMessageSize: header length is 279, content length found - 128 talkssl::client_handler: calling recv with dlen 411 talkssl::client_handler: got 411 bytes, wanted 512 bytes talkssl::client_handler: state: SSL_RECV - entering fwasync_mux_in: 6: managed to read 411 of 512 bytes fwasync_mux_in: 6: got 0 of 512 bytes = 512 bytes required talkssl::client_handler: after sending packet fwasync_mux_out: 6: call: 80f2060 with 3 fwasync_mux_out: 6: managed to send 281 of 281 bytes fwasync_mux_out: 6: sent 0 of 281 bytes = 281 bytes to send fwasync_connbuf_realloc: reallocating 0 from 0 to 1305 talkssl::send_data: Entering for 281 bytes When looking into the debug log (-g option from command line) I see, that all is ok, but the communication on the end is not wrong, looks like a wrong format: =snx_CCC_browser::send_auth_message= From "connection aborted" I have shifted to "authentication failed". I am playing now with 800010003 from Checkpoint's site (link given by thanks), but no success. Looks like older versions of SNX are not able to work with TLS 1.1. proxy_user username for proxy authentication reauth enable automatic reauthentication. sslport The SNX SSL port (if not default) abhishekitsfoss: sudo apt-key list sudo password for abhishek: Warning. What you have to do here is to look for the keys associated with the warning message. This will show a huge list of keys stored in your system. Snx: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 2.2.5, stripped Method 1: Import the key Proper but complicated way First, list all the GPG keys added to your system. Snx snx_install.sh snx.n snx_uninstall.sh Snx.n: bzip2 compressed data, block size = 900k You can extract the snx binary: $ tail -n +78 snx_install.sh > snx.n it's very common on proprietary software for Linux. It's a compressed tar archive located at the end of the script.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |