Running Firefox From a Zone

I know a lot of folks that VPN into their office environment. However, VPN connections generally reduce your bandwidth and in many cases restrict your connections to local network services (such as printers).

A common workaround that some folks use is to setup their VPN environment in a VirtualBox image, freeing their host OS from the shackles of VPN. However, the VirtualBox approach has its own limitations, as you're now dedicating a significant amount of system resources to running another operating system just to get VPN access. I also use VirtualBox on a daily basis so dedicating a VM for VPN is not really an option.

This is where zones and network virtualization really shine. I've created an exclusive IP zone and installed my VPN software - no problem. The trickier part was actually getting Firefox up and running from the zone so I could browse the Oracle intranet. For future reference, I'm documenting those steps here.

Step 1: Install Firefox

The obvious...

root@myzone:~# pkg install firefox
               Packages to install:    46
           Create boot environment:    No
               Services to restart:     8
DOWNLOAD                                  PKGS       FILES    XFER (MB)
Completed                                46/46   8916/8916    62.3/62.3

PHASE                                        ACTIONS
Install Phase                            11116/11116 

PHASE                                          ITEMS
Package State Update Phase                     46/46 
Image State Update Phase                         2/2 
Loading smf(5) service descriptions: 1/1

Step 2: Create a User Account

To share the display with the global zone, we're going to ssh into the zone. By default, root is not allowed to ssh into a zone. If you don't already have a user account in the zone, create one now:

root@myzone:~# useradd -m -d /bleonard -s /usr/bin/bash bleonard
80 blocks

root@myzone:~# passwd bleonard
New Password: 
Re-enter new Password: 
passwd: password successfully changed for bleonard

Step 3: Install the X authority file utility

If you ssh into the zone and attempt to start Firefox, you'll get a "no display specified" error:

bleonard@solaris:~$ ssh -X bleonard@10.0.2.50
The authenticity of host '10.0.2.50 (10.0.2.50)' can't be established.
RSA key fingerprint is b3:1b:be:55:69:95:51:5d:b8:23:c7:9c:57:73:1a:98.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.2.50' (RSA) to the list of known hosts.
Password: 
Last login: Wed Jun  8 12:17:28 2011 from 10.0.2.15
Oracle Corporation      SunOS 5.11      snv_151a        November 2010

bleonard@myzone:~$ firefox 
Error: no display specified

The X authority file utility manages the display authorization when using the -X option to ssh into a zone:

root@myzone:~# pkg install xauth
               Packages to install:     1
           Create boot environment:    No
DOWNLOAD                                  PKGS       FILES    XFER (MB)
Completed                                  1/1         6/6      0.0/0.0

PHASE                                        ACTIONS
Install Phase                                  37/37

PHASE                                          ITEMS
Package State Update Phase                       1/1 
Image State Update Phase                         2/2 

You then have to exit and re-ssh into the zone. Then try starting Firefox again. This is where things get interesting. If you already have Firefox running in the global zone, Firefox on a remote machine (à la, the zone) will hand off to a process already running on your local box if it is available. For our purposes, this is not what we want as we need a unique instance of Firefox running form the zone. The solution is to use the -no-remote option. However, with this approach we're kindly greeted with a core dump:

bleonard@myzone:~$ firefox -no-remote
GLib: Cannot convert message: Conversion from character set 'UTF-8' to 'ASCII' is not supported
Gtk-Message: Failed to load module "canberra-gtk-module": ld.so.1: firefox-bin: fatal: libcanberra-gtk-module.so: open failed: No such file or directory
process 2976: D-Bus library appears to be incorrectly set up; failed to read machine uuid: Failed to open "/var/lib/dbus/machine-id": No such file or directory
See the manual page for dbus-uuidgen to correct this issue.
  D-Bus not built with -rdynamic so unable to print a backtrace
/usr/lib/firefox/run-mozilla.sh: line 131:  2976 Abort                   (core dumped) "$prog" ${1+"$@"}


We've got several issues to deal with here, and we'll take them 1 at a time.

Step 4: Deal with the Error Messages

Install a Locale

One of the messages we see in the above output is:

bleonard@myzone:~$ GLib: Cannot convert message: Conversion from character set 'UTF-8' to 'ASCII' is not supported

If we look at the default locale on the system, it's "C":

bleonard@myzone:~$ locale
LANG=
LC_CTYPE="C"
LC_NUMERIC="C"
LC_TIME="C"
LC_COLLATE="C"
LC_MONETARY="C"
LC_MESSAGES="C"
LC_ALL=

Let's install something more appropriate that supports UTF-8, in my case en_us:

root@myzone:~# pkg install en_us
               Packages to install:     2
           Create boot environment:    No
DOWNLOAD                                  PKGS       FILES    XFER (MB)
Completed                                  2/2       16/16      2.0/2.0

PHASE                                        ACTIONS
Install Phase                                  82/82 

PHASE                                          ITEMS
Package State Update Phase                       2/2 
Image State Update Phase                         2/2 

And then set that locale:

bleonard@myzone:~$ export LANG=en_US.UTF-8

bleonard@myzone:~$ locale
LANG=en_US.UTF-8
LC_CTYPE="en_US.UTF-8"
LC_NUMERIC="en_US.UTF-8"
LC_TIME="en_US.UTF-8"
LC_COLLATE="en_US.UTF-8"
LC_MONETARY="en_US.UTF-8"
LC_MESSAGES="en_US.UTF-8"
LC_ALL=

Install the Event Sound API

Another message we see in the above:

Gtk-Message: Failed to load module "canberra-gtk-module": ld.so.1: firefox-bin: fatal: libcanberra-gtk-module.so: open failed: No such file or directory

The missing libcanberra-gtk-module.so is found in the libcanberra package:

root@myzone:~# pkg install libcanberra    
               Packages to install:    14
           Create boot environment:    No
               Services to restart:     2
DOWNLOAD                                  PKGS       FILES    XFER (MB)
Completed                                14/14   2024/2024    18.9/18.9

PHASE                                        ACTIONS
Install Phase                              2773/2773 

PHASE                                          ITEMS
Package State Update Phase                     14/14 
Image State Update Phase                         2/2 

Install the D-Bus Message Bus System

And the final message we see in the output above:

process 3730: D-Bus library appears to be incorrectly set up; failed to read machine uuid: Failed to open "/var/lib/dbus/machine-id": No such file or directory
See the manual page for dbus-uuidgen to correct this issue.
  D-Bus not built with -rdynamic so unable to print a backtrace

So let's install D-Bus:

root@myzone:~# pkg install dbus
               Packages to install:     1
           Create boot environment:    No
               Services to restart:     2
DOWNLOAD                                  PKGS       FILES    XFER (MB)
Completed                                  1/1       31/31      0.4/0.4

PHASE                                        ACTIONS
Install Phase                                  77/77 

PHASE                                          ITEMS
Package State Update Phase                       1/1 
Image State Update Phase                         2/2 
Loading smf(5) service descriptions: 1/1

And try starting Firefox again:

bleonard@myzone:~$ firefox -no-remote

(firefox-bin:3393): Pango-WARNING **: failed to choose a font, expect ugly output. engine-type='PangoRenderFc', script='common'
/usr/lib/firefox/run-mozilla.sh: line 131:  3393 Segmentation Fault      (core dumped) "$prog" ${1+"$@"}

Now we've got a new issue to deal with, fonts.

Step 5: Install Fonts

root@myzone:~# pkg install fonts-core
               Packages to install:     1
           Create boot environment:    No
               Services to restart:     1
DOWNLOAD                                  PKGS       FILES    XFER (MB)
Completed                                  1/1       84/84      9.5/9.5

PHASE                                        ACTIONS
Install Phase                                108/108 

PHASE                                          ITEMS
Package State Update Phase                       1/1 
Image State Update Phase                         2/2 

And we're finally greeted with Firefox:

A couple of points to note here. Notice the header which indicates from which host Firefox is running (on myzone). This is very nice as mine says (on vpn).

You'll also notice we're missing the Nimbus look & feel. This can be quickly addressed by installing the nimbus package:

root@myzone:~# pkg install nimbus
               Packages to install:     1
           Create boot environment:    No
               Services to restart:     1
DOWNLOAD                                  PKGS       FILES    XFER (MB)
Completed                                  1/1   1352/1352      3.5/3.5

PHASE                                        ACTIONS
Install Phase                              3126/3126 

PHASE                                          ITEMS
Package State Update Phase                       1/1 
Image State Update Phase                         2/2 

And finally, the Oracle Solaris welcome page is missing. If you care about this, just install the os-welcome package:

root@myzone:~# pkg install os-welcome
               Packages to install:     1
           Create boot environment:    No
               Services to restart:     1
DOWNLOAD                                  PKGS       FILES    XFER (MB)
Completed                                  1/1       69/69      0.1/0.1

PHASE                                        ACTIONS
Install Phase                                166/166 

PHASE                                          ITEMS
Package State Update Phase                       1/1 
Image State Update Phase                         2/2 

All set and done we look as follows:

Step 6: Optional Niceties

Flash

One suggestion (from the comments below), install Flash:

root@myzone:~# pkg install firefox-flashplayer
               Packages to install:     1
           Create boot environment:    No
DOWNLOAD                                  PKGS       FILES    XFER (MB)
Completed                                  1/1         2/2      4.7/4.7

PHASE                                        ACTIONS
Install Phase                                  30/30 

PHASE                                          ITEMS
Package State Update Phase                       1/1 
Image State Update Phase                         2/2 

Dictionary

Installing a dictionary will give Firefox spell checking capabilities. Pick the one appropriate for your language:
root@myzone:~# pkg install dictionary/en
               Packages to install:     1
           Create boot environment:    No
DOWNLOAD                                  PKGS       FILES    XFER (MB)
Completed                                  1/1         4/4      0.2/0.2

PHASE                                        ACTIONS
Install Phase                                  29/29

PHASE                                          ITEMS
Package State Update Phase                       1/1 
Image State Update Phase                         2/2 

PDF Viewer

root@punchin-zone:~# pkg install evince
               Packages to install:    20
           Create boot environment:    No
               Services to restart:     6
DOWNLOAD                                  PKGS       FILES    XFER (MB)
Completed                                20/20   5515/5515    47.3/47.3

PHASE                                        ACTIONS
Install Phase                              6821/6821 

PHASE                                          ITEMS
Package State Update Phase                     20/20 
Image State Update Phase                         2/2 
Loading smf(5) service descriptions: 



Comments:

Seems to me the firefox package is missing some deps. The -no-remote flag is not the most obvious, no.

Posted by Andreas on June 08, 2011 at 09:49 PM GMT #

I did one extra step to install the plugins for firefox root@myzone:~# pkg install web/firefox/plugin/flash Packages to install: 1 Create boot environment: No DOWNLOAD PKGS FILES XFER (MB) Completed 1/1 2/2 4.7/4.7 PHASE ACTIONS Install Phase 30/30 PHASE ITEMS Package State Update Phase 1/1 Image State Update Phase 2/2 root@myzone:~#

Posted by guest on June 09, 2011 at 02:08 AM GMT #

guest - thanks. I've updated the post with your suggestion.

Posted by W Brian Leonard on June 09, 2011 at 07:04 AM GMT #

Andreas, agreed on the deps issue. I just filed: https://defect.opensolaris.org/bz/show_bug.cgi?id=18515. Also, agree on the -no-remote flag - it's not an option listed in the firefox man page.

Posted by W Brian Leonard on June 09, 2011 at 10:18 AM GMT #

Sure, the -no-remote flag is a well hidden treasure. Actually, I can't think of a single case where the default ff behavior is what I wanted, I always wanted a remote ff via X forwarding. I would like to see the use cases they envisioned when they choose the default behavior.

Posted by Andreas on June 09, 2011 at 02:17 PM GMT #

Would you please clarify that portion on Firefox --no-remote in relation to GZ and NGZ. I don't get it as from what I know there's no way of a process from the NGZ to interact with some in the GZ. Would you mean that X would somehow bridge the isolation? Or do you refer to some other Firefox process running on your remote laptop? Thanks!

Posted by guest on April 19, 2013 at 11:52 AM GMT #

Post a Comment:
  • HTML Syntax: NOT allowed
About

The Observatory is a blog for users of Oracle Solaris. Tune in here for tips, tricks and more as we explore the Solaris operating system from Oracle.

Connect with Oracle Solaris:


Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
20
21
22
23
24
25
26
27
28
29
30
   
       
Today