mousepad profile not behaving correctly - Cannot edit any setting
exchaex opened this issue · comments
Description
Cannot edit any mousepad settings, nothing happens at all.
dconf-WARNING.
Steps to Reproduce
Steps to reproduce the behavior
- RunMousepad 0.6.1 with bash to see firejail logs
- (one of many examples) Change color scheme in view dropdown menu
- Nothing changes.
Expected behavior
Color scheme changed
Actual behavior
No ui behavior. lots of dconf warnings:
(mousepad:7): dconf-WARNING **: 17:20:10.923: failed to commit changes to dconf: Could not connect: No such file or directory
Behavior without a profile
No warning or errors in logs. Everything works at expected
Additional context
Any other detail that may help to understand/debug the problem
Environment
- Artix linux
- firejail 0.9.72
Checklist
- The issues is caused by firejail (i.e. running the program by path (e.g.
/usr/bin/vlc
) "fixes" it). - I can reproduce the issue without custom modifications (e.g. globals.local).
- The program has a profile. (If not, request one in
https://github.com/netblue30/firejail/issues/1139
) - The profile (and redirect profile if exists) hasn't already been fixed upstream.
- I have performed a short search for similar issues (to avoid opening a duplicate).
- I'm aware of
browser-allow-drm yes
/browser-disable-u2f no
infirejail.config
to allow DRM/U2F in browsers.
- I'm aware of
- I used
--profile=PROFILENAME
to set the right profile. (Only relevant for AppImages)
Log
Output of LC_ALL=C firejail /path/to/program
Reading profile /etc/firejail/mousepad.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-shell.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Warning: private-lib feature is disabled in Firejail configuration file
Parent pid 12979, child pid 12980
1 program installed in 1.68 ms
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Child process initialized in 77.84 ms
Mousepad-Message: 17:20:09.635: Failed to load plugin "mousepad-plugin-gspell": libgspell-1.so.2: cannot open shared object file: No such file or directory
(mousepad:7): dconf-WARNING **: 17:20:09.697: failed to commit changes to dconf: Could not connect: No such file or directory
(mousepad:7): dconf-WARNING **: 17:20:09.697: failed to commit changes to dconf: Could not connect: No such file or directory
Failed to create secure directory (/run/user/1000/pulse): Permission denied
(mousepad:7): dconf-WARNING **: 17:20:10.806: failed to commit changes to dconf: Could not connect: No such file or directory
(mousepad:7): dconf-WARNING **: 17:20:10.806: failed to commit changes to dconf: Could not connect: No such file or directory
(mousepad:7): dconf-WARNING **: 17:20:10.923: failed to commit changes to dconf: Could not connect: No such file or directory
(mousepad:7): dconf-WARNING **: 17:20:10.923: failed to commit changes to dconf: Could not connect: No such file or directory
Output of LC_ALL=C firejail --debug /path/to/program
Building quoted command line: '/usr/bin/mousepad'
Command name #mousepad#
Found mousepad.profile profile in /etc/firejail directory
Reading profile /etc/firejail/mousepad.profile
Found disable-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-common.inc
Found disable-devel.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-devel.inc
Found disable-exec.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-exec.inc
Found disable-interpreters.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-interpreters.inc
Found disable-programs.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-programs.inc
Found disable-shell.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-shell.inc
Found whitelist-var-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-var-common.inc
[profile] combined protocol list: "unix"
Warning: private-lib feature is disabled in Firejail configuration file
DISPLAY=:0 parsed as 0
Parent pid 13140, child pid 13141
Initializing child process
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp directory
Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp/seccomp.namespaces file
Creating empty /run/firejail/mnt/seccomp/seccomp.namespaces.32 file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file
sbox run: /run/firejail/lib/fnet ifup lo
Set caps filter 3000
Network namespace enabled, only loopback interface available
Build protocol filter: unix
sbox run: /run/firejail/lib/fseccomp protocol build unix /run/firejail/mnt/seccomp/seccomp.protocol
Dropping all capabilities
Drop privileges: pid 3, uid 1000, gid 1000, force_nogroups 1
No supplementary groups
Mounting /proc filesystem representing the PID namespace
Basic read-only filesystem:
Mounting read-only /etc
360 325 259:3 /etc /etc ro,relatime - ext4 /dev/nvme0n1p3 rw
mountid=360 fsname=/etc dir=/etc fstype=ext4
Mounting noexec /etc
361 360 259:3 /etc /etc ro,nosuid,nodev,noexec,relatime - ext4 /dev/nvme0n1p3 rw
mountid=361 fsname=/etc dir=/etc fstype=ext4
Mounting read-only /var
362 325 259:3 /var /var ro,relatime - ext4 /dev/nvme0n1p3 rw
mountid=362 fsname=/var dir=/var fstype=ext4
Mounting noexec /var
363 362 259:3 /var /var ro,nosuid,nodev,noexec,relatime - ext4 /dev/nvme0n1p3 rw
mountid=363 fsname=/var dir=/var fstype=ext4
Mounting read-only /usr
364 325 259:3 /usr /usr ro,relatime - ext4 /dev/nvme0n1p3 rw
mountid=364 fsname=/usr dir=/usr fstype=ext4
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Cleaning /run/user directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /run/firejail/sandbox
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/profile
Disable /run/firejail/x11
Mounting tmpfs on /dev
mounting /run/firejail/mnt/dev/dri directory
Process /dev/shm directory
Copying files in the new bin directory
Checking /usr/local/bin/mousepad
Checking /usr/bin/mousepad
sbox run: /run/firejail/lib/fcopy /usr/bin/mousepad /run/firejail/mnt/bin
Mount-bind /run/firejail/mnt/bin on top of /usr/local/bin
Mount-bind /run/firejail/mnt/bin on top of /usr/bin
Mount-bind /run/firejail/mnt/bin on top of /bin
Mount-bind /run/firejail/mnt/bin on top of /usr/local/games
Mount-bind /run/firejail/mnt/bin on top of /usr/local/sbin
Mount-bind /run/firejail/mnt/bin on top of /usr/sbin
Mount-bind /run/firejail/mnt/bin on top of /sbin
1 program installed in 1.35 ms
Generate private-tmp whitelist commands
blacklist /run/firejail/dbus
Mounting read-only /proc/sys
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/timer_list
Disable /proc/kcore
Disable /proc/kallsyms
Disable /usr/lib/modules (requested /lib/modules)
Disable /boot
Disable /run/user/1000/gnupg
Disable /run/user/1000/systemd
Disable /proc/kmsg
Debug 588: whitelist /var/lib/aspell
Debug 609: expanded: /var/lib/aspell
Debug 620: new_name: /var/lib/aspell
Debug 630: dir: /var
Adding whitelist top level directory /var
Removed path: whitelist /var/lib/aspell
new_name: /var/lib/aspell
realpath: (null)
No such file or directory
Debug 588: whitelist /var/lib/ca-certificates
Debug 609: expanded: /var/lib/ca-certificates
Debug 620: new_name: /var/lib/ca-certificates
Debug 630: dir: /var
Removed path: whitelist /var/lib/ca-certificates
new_name: /var/lib/ca-certificates
realpath: (null)
No such file or directory
Debug 588: whitelist /var/lib/dbus
Debug 609: expanded: /var/lib/dbus
Debug 620: new_name: /var/lib/dbus
Debug 630: dir: /var
Removed path: whitelist /var/lib/dbus
new_name: /var/lib/dbus
realpath: (null)
No such file or directory
Debug 588: whitelist /var/lib/menu-xdg
Debug 609: expanded: /var/lib/menu-xdg
Debug 620: new_name: /var/lib/menu-xdg
Debug 630: dir: /var
Removed path: whitelist /var/lib/menu-xdg
new_name: /var/lib/menu-xdg
realpath: (null)
No such file or directory
Debug 588: whitelist /var/lib/uim
Debug 609: expanded: /var/lib/uim
Debug 620: new_name: /var/lib/uim
Debug 630: dir: /var
Removed path: whitelist /var/lib/uim
new_name: /var/lib/uim
realpath: (null)
No such file or directory
Debug 588: whitelist /var/cache/fontconfig
Debug 609: expanded: /var/cache/fontconfig
Debug 620: new_name: /var/cache/fontconfig
Debug 630: dir: /var
Debug 588: whitelist /var/tmp
Debug 609: expanded: /var/tmp
Debug 620: new_name: /var/tmp
Debug 630: dir: /var
Debug 588: whitelist /var/run
Debug 609: expanded: /var/run
Debug 620: new_name: /var/run
Debug 630: dir: /var
Debug 588: whitelist /var/lock
Debug 609: expanded: /var/lock
Debug 620: new_name: /var/lock
Debug 630: dir: /var
Debug 588: whitelist /tmp/.X11-unix
Debug 609: expanded: /tmp/.X11-unix
Debug 620: new_name: /tmp/.X11-unix
Debug 630: dir: /tmp
Adding whitelist top level directory /tmp
Debug 588: whitelist /tmp/sndio
Debug 609: expanded: /tmp/sndio
Debug 620: new_name: /tmp/sndio
Debug 630: dir: /tmp
Removed path: whitelist /tmp/sndio
new_name: /tmp/sndio
realpath: (null)
No such file or directory
Debug 588: whitelist /tmp/pulse-PKdhtXMmr18n
Debug 609: expanded: /tmp/pulse-PKdhtXMmr18n
Debug 620: new_name: /tmp/pulse-PKdhtXMmr18n
Debug 630: dir: /tmp
Mounting tmpfs on /var, check owner: no
401 363 0:66 / /var rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,mode=755,inode64
mountid=401 fsname=/ dir=/var fstype=tmpfs
Mounting tmpfs on /tmp, check owner: no
402 325 0:67 / /tmp rw,nosuid,nodev,relatime - tmpfs tmpfs rw,inode64
mountid=402 fsname=/ dir=/tmp fstype=tmpfs
Whitelisting /var/cache/fontconfig
403 401 259:3 /var/cache/fontconfig /var/cache/fontconfig ro,nosuid,nodev,noexec,relatime - ext4 /dev/nvme0n1p3 rw
mountid=403 fsname=/var/cache/fontconfig dir=/var/cache/fontconfig fstype=ext4
Whitelisting /var/tmp
404 401 0:59 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw,inode64
mountid=404 fsname=/ dir=/var/tmp fstype=tmpfs
Created symbolic link /var/run -> /run
Created symbolic link /var/lock -> /run/lock
Whitelisting /tmp/.X11-unix
405 402 259:3 /tmp/.X11-unix /tmp/.X11-unix rw,relatime - ext4 /dev/nvme0n1p3 rw
mountid=405 fsname=/tmp/.X11-unix dir=/tmp/.X11-unix fstype=ext4
Whitelisting /tmp/pulse-PKdhtXMmr18n
406 402 259:3 /tmp/pulse-PKdhtXMmr18n /tmp/pulse-PKdhtXMmr18n rw,relatime - ext4 /dev/nvme0n1p3 rw
mountid=406 fsname=/tmp/pulse-PKdhtXMmr18n dir=/tmp/pulse-PKdhtXMmr18n fstype=ext4
Disable /home/corinto/.bash_history
Disable /home/corinto/.lesshst
Disable /home/corinto/.config/autostart
Disable /home/corinto/.xinitrc
Disable /etc/xdg/autostart
Mounting read-only /home/corinto/.Xauthority
412 371 259:3 /home/corinto/.Xauthority /home/corinto/.Xauthority ro,relatime - ext4 /dev/nvme0n1p3 rw
mountid=412 fsname=/home/corinto/.Xauthority dir=/home/corinto/.Xauthority fstype=ext4
Mounting read-only /home/corinto/.config/dconf
413 371 259:3 /home/corinto/.config/dconf /home/corinto/.config/dconf ro,relatime - ext4 /dev/nvme0n1p3 rw
mountid=413 fsname=/home/corinto/.config/dconf dir=/home/corinto/.config/dconf fstype=ext4
Disable /run/user/1000/systemd
Disable /etc/init.d
Disable /home/corinto/.config/libvirt
Disable /etc/apparmor
Disable /etc/apparmor.d
Disable /etc/cron.daily
Disable /etc/default
Disable /etc/dkms
Disable /etc/grub.d
Disable /etc/logrotate.conf
Disable /etc/logrotate.d
Disable /etc/modules-load.d
Disable /etc/rc.local
Disable /etc/sysconfig
Mounting read-only /home/corinto/.bash_logout
428 371 259:3 /home/corinto/.bash_logout /home/corinto/.bash_logout ro,relatime - ext4 /dev/nvme0n1p3 rw
mountid=428 fsname=/home/corinto/.bash_logout dir=/home/corinto/.bash_logout fstype=ext4
Mounting read-only /home/corinto/.bash_profile
429 371 259:3 /home/corinto/.bash_profile /home/corinto/.bash_profile ro,relatime - ext4 /dev/nvme0n1p3 rw
mountid=429 fsname=/home/corinto/.bash_profile dir=/home/corinto/.bash_profile fstype=ext4
Mounting read-only /home/corinto/.bashrc
430 371 259:3 /home/corinto/.bashrc /home/corinto/.bashrc ro,relatime - ext4 /dev/nvme0n1p3 rw
mountid=430 fsname=/home/corinto/.bashrc dir=/home/corinto/.bashrc fstype=ext4
Mounting read-only /home/corinto/.local/lib
431 371 259:3 /home/corinto/.local/lib /home/corinto/.local/lib ro,relatime - ext4 /dev/nvme0n1p3 rw
mountid=431 fsname=/home/corinto/.local/lib dir=/home/corinto/.local/lib fstype=ext4
Mounting read-only /home/corinto/.rustup
432 371 259:3 /home/corinto/.rustup /home/corinto/.rustup ro,relatime - ext4 /dev/nvme0n1p3 rw
mountid=432 fsname=/home/corinto/.rustup dir=/home/corinto/.rustup fstype=ext4
Mounting read-only /home/corinto/.config/menus
433 371 259:3 /home/corinto/.config/menus /home/corinto/.config/menus ro,relatime - ext4 /dev/nvme0n1p3 rw
mountid=433 fsname=/home/corinto/.config/menus dir=/home/corinto/.config/menus fstype=ext4
Mounting read-only /home/corinto/.gnome/apps
434 371 259:3 /home/corinto/.gnome/apps /home/corinto/.gnome/apps ro,relatime - ext4 /dev/nvme0n1p3 rw
mountid=434 fsname=/home/corinto/.gnome/apps dir=/home/corinto/.gnome/apps fstype=ext4
Mounting read-only /home/corinto/.local/share/applications
435 371 259:3 /home/corinto/.local/share/applications /home/corinto/.local/share/applications ro,relatime - ext4 /dev/nvme0n1p3 rw
mountid=435 fsname=/home/corinto/.local/share/applications dir=/home/corinto/.local/share/applications fstype=ext4
Mounting read-only /home/corinto/.config/mimeapps.list
436 371 259:3 /home/corinto/.config/mimeapps.list /home/corinto/.config/mimeapps.list ro,relatime - ext4 /dev/nvme0n1p3 rw
mountid=436 fsname=/home/corinto/.config/mimeapps.list dir=/home/corinto/.config/mimeapps.list fstype=ext4
Mounting read-only /home/corinto/.local/share/mime
437 371 259:3 /home/corinto/.local/share/mime /home/corinto/.local/share/mime ro,relatime - ext4 /dev/nvme0n1p3 rw
mountid=437 fsname=/home/corinto/.local/share/mime dir=/home/corinto/.local/share/mime fstype=ext4
Disable /etc/group-
Disable /etc/gshadow
Disable /etc/gshadow-
Disable /etc/passwd-
Disable /etc/shadow
Disable /etc/shadow-
Disable /etc/ssh
Warning (blacklisting): cannot open /etc/ssh/*: Permission denied
Disable /home/corinto/Passwords.kdbx
Disable /home/corinto/.gnupg
Disable /home/corinto/.local/share/pki
Disable /home/corinto/.netrc
Disable /home/corinto/.pki
Warning: /sbin directory link was not blacklisted
Disable /usr/local/sbin
Warning: /usr/sbin directory link was not blacklisted
Warning (blacklisting): cannot open /usr/local/sbin/at: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/busybox: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/chage: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/chfn: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/chsh: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/crontab: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/doas: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/evtest: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/expiry: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/fusermount: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/gksu: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/gksudo: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/gpasswd: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/kdesudo: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/ksu: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/mount: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/mount.ecryptfs_private: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/nc: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/ncat: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/nmap: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/newgidmap: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/newgrp: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/newuidmap: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/ntfs-3g: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/pkexec: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/procmail: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/sg: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/strace: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/su: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/sudo: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/tcpdump: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/umount: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/unix_chkpwd: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/xev: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/xinput: Permission denied
Disable /usr/lib/ssh
Warning (blacklisting): cannot open /usr/local/sbin/passwd: Permission denied
Disable /usr/lib/dbus-1.0/dbus-daemon-launch-helper
Warning (blacklisting): cannot open /usr/local/sbin/suexec: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/slock: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/physlock: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/schroot: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/wshowkeys: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/pmount: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/pumount: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/bmon: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/fping: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/fping6: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/hostname: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/mtr: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/mtr-packet: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/netstat: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/nm-online: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/nmcli: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/nmtui: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/nmtui-connect: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/nmtui-edit: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/nmtui-hostname: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/networkctl: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/ss: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/traceroute: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/gnome-terminal: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/gnome-terminal.wrapper: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/kgx: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/lilyterm: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/lxterminal: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/mate-terminal: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/mate-terminal.wrapper: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/pantheon-terminal: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/roxterm: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/roxterm-config: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/terminix: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/tilix: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/urxvtc: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/urxvtcd: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/xfce4-terminal: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/xfce4-terminal.wrapper: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/bwrap: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/snap: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/snapctl: Permission denied
Disable /proc/config.gz
Warning (blacklisting): cannot open /usr/local/sbin/dig: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/dlint: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/dns2tcp: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/dnssec-*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/dnswalk: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/drill: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/host: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/iodine: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/kdig: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/khost: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/knsupdate: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/ldns-*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/ldnsd: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/nslookup: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/resolvectl: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/unbound-host: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/ftp: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/ssh: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/telnet: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/clang*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/lldb*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/llvm*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/as: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/cc: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/c++*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/c8*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/c9*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/cpp*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/g++*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/gcc*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/gdb: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/ld: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/*-gcc*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/*-g++*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/*-gcc*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/*-g++*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/gccgo: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/go: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/gofmt: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/java: Permission denied
Disable /usr/lib/jvm/java-21-openjdk/bin/java (requested /usr/lib/jvm/default/bin/java)
Warning (blacklisting): cannot open /usr/local/sbin/javac: Permission denied
Disable /usr/share/java
Warning (blacklisting): cannot open /usr/local/sbin/scala: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/scala3: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/scala3-compiler: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/scala3-repl: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/scalac: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/openssl: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/openssl-1.0: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/rust-gdb: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/rust-lldb: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/rustc: Permission denied
Disable /home/corinto/.rustup
Warning (blacklisting): cannot open /usr/local/sbin/tcc: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/x86_64-tcc: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/valgrind*: Permission denied
Disable /usr/src
Disable /usr/local/src
Disable /usr/include
Disable /usr/local/include
Mounting noexec /home/corinto
484 461 0:24 /firejail/firejail.ro.dir /home/corinto/.pki ro,nosuid,nodev,relatime - tmpfs run rw,mode=755,inode64
mountid=484 fsname=/firejail/firejail.ro.dir dir=/home/corinto/.pki fstype=tmpfs
Mounting noexec /home/corinto/.bash_history
485 462 0:24 /firejail/firejail.ro.file /home/corinto/.bash_history ro,nosuid,nodev,noexec,relatime - tmpfs run rw,mode=755,inode64
mountid=485 fsname=/firejail/firejail.ro.file dir=/home/corinto/.bash_history fstype=tmpfs
Mounting noexec /home/corinto/.lesshst
486 463 0:24 /firejail/firejail.ro.file /home/corinto/.lesshst ro,nosuid,nodev,noexec,relatime - tmpfs run rw,mode=755,inode64
mountid=486 fsname=/firejail/firejail.ro.file dir=/home/corinto/.lesshst fstype=tmpfs
Mounting noexec /home/corinto/.config/autostart
487 464 0:24 /firejail/firejail.ro.dir /home/corinto/.config/autostart ro,nosuid,nodev,noexec,relatime - tmpfs run rw,mode=755,inode64
mountid=487 fsname=/firejail/firejail.ro.dir dir=/home/corinto/.config/autostart fstype=tmpfs
Mounting noexec /home/corinto/.xinitrc
488 465 0:24 /firejail/firejail.ro.file /home/corinto/.xinitrc ro,nosuid,nodev,noexec,relatime - tmpfs run rw,mode=755,inode64
mountid=488 fsname=/firejail/firejail.ro.file dir=/home/corinto/.xinitrc fstype=tmpfs
Mounting noexec /home/corinto/.Xauthority
489 466 259:3 /home/corinto/.Xauthority /home/corinto/.Xauthority ro,nosuid,nodev,noexec,relatime - ext4 /dev/nvme0n1p3 rw
mountid=489 fsname=/home/corinto/.Xauthority dir=/home/corinto/.Xauthority fstype=ext4
Mounting noexec /home/corinto/.config/dconf
490 467 259:3 /home/corinto/.config/dconf /home/corinto/.config/dconf ro,nosuid,nodev,noexec,relatime - ext4 /dev/nvme0n1p3 rw
mountid=490 fsname=/home/corinto/.config/dconf dir=/home/corinto/.config/dconf fstype=ext4
Mounting noexec /home/corinto/.config/libvirt
491 468 0:24 /firejail/firejail.ro.dir /home/corinto/.config/libvirt ro,nosuid,nodev,noexec,relatime - tmpfs run rw,mode=755,inode64
mountid=491 fsname=/firejail/firejail.ro.dir dir=/home/corinto/.config/libvirt fstype=tmpfs
Mounting noexec /home/corinto/.bash_logout
492 469 259:3 /home/corinto/.bash_logout /home/corinto/.bash_logout ro,nosuid,nodev,noexec,relatime - ext4 /dev/nvme0n1p3 rw
mountid=492 fsname=/home/corinto/.bash_logout dir=/home/corinto/.bash_logout fstype=ext4
Mounting noexec /home/corinto/.bash_profile
493 470 259:3 /home/corinto/.bash_profile /home/corinto/.bash_profile ro,nosuid,nodev,noexec,relatime - ext4 /dev/nvme0n1p3 rw
mountid=493 fsname=/home/corinto/.bash_profile dir=/home/corinto/.bash_profile fstype=ext4
Mounting noexec /home/corinto/.bashrc
494 471 259:3 /home/corinto/.bashrc /home/corinto/.bashrc ro,nosuid,nodev,noexec,relatime - ext4 /dev/nvme0n1p3 rw
mountid=494 fsname=/home/corinto/.bashrc dir=/home/corinto/.bashrc fstype=ext4
Mounting noexec /home/corinto/.local/lib
495 472 259:3 /home/corinto/.local/lib /home/corinto/.local/lib ro,nosuid,nodev,noexec,relatime - ext4 /dev/nvme0n1p3 rw
mountid=495 fsname=/home/corinto/.local/lib dir=/home/corinto/.local/lib fstype=ext4
Mounting noexec /home/corinto/.rustup
496 474 0:24 /firejail/firejail.ro.dir /home/corinto/.rustup ro,nosuid,nodev,noexec,relatime - tmpfs run rw,mode=755,inode64
mountid=496 fsname=/firejail/firejail.ro.dir dir=/home/corinto/.rustup fstype=tmpfs
Mounting noexec /home/corinto/.config/menus
497 475 259:3 /home/corinto/.config/menus /home/corinto/.config/menus ro,nosuid,nodev,noexec,relatime - ext4 /dev/nvme0n1p3 rw
mountid=497 fsname=/home/corinto/.config/menus dir=/home/corinto/.config/menus fstype=ext4
Mounting noexec /home/corinto/.gnome/apps
498 476 259:3 /home/corinto/.gnome/apps /home/corinto/.gnome/apps ro,nosuid,nodev,noexec,relatime - ext4 /dev/nvme0n1p3 rw
mountid=498 fsname=/home/corinto/.gnome/apps dir=/home/corinto/.gnome/apps fstype=ext4
Mounting noexec /home/corinto/.local/share/applications
499 477 259:3 /home/corinto/.local/share/applications /home/corinto/.local/share/applications ro,nosuid,nodev,noexec,relatime - ext4 /dev/nvme0n1p3 rw
mountid=499 fsname=/home/corinto/.local/share/applications dir=/home/corinto/.local/share/applications fstype=ext4
Mounting noexec /home/corinto/.config/mimeapps.list
500 478 259:3 /home/corinto/.config/mimeapps.list /home/corinto/.config/mimeapps.list ro,nosuid,nodev,noexec,relatime - ext4 /dev/nvme0n1p3 rw
mountid=500 fsname=/home/corinto/.config/mimeapps.list dir=/home/corinto/.config/mimeapps.list fstype=ext4
Mounting noexec /home/corinto/.local/share/mime
501 479 259:3 /home/corinto/.local/share/mime /home/corinto/.local/share/mime ro,nosuid,nodev,noexec,relatime - ext4 /dev/nvme0n1p3 rw
mountid=501 fsname=/home/corinto/.local/share/mime dir=/home/corinto/.local/share/mime fstype=ext4
Mounting noexec /home/corinto/Passwords.kdbx
502 480 0:24 /firejail/firejail.ro.file /home/corinto/Passwords.kdbx ro,nosuid,nodev,noexec,relatime - tmpfs run rw,mode=755,inode64
mountid=502 fsname=/firejail/firejail.ro.file dir=/home/corinto/Passwords.kdbx fstype=tmpfs
Mounting noexec /home/corinto/.gnupg
503 481 0:24 /firejail/firejail.ro.dir /home/corinto/.gnupg ro,nosuid,nodev,noexec,relatime - tmpfs run rw,mode=755,inode64
mountid=503 fsname=/firejail/firejail.ro.dir dir=/home/corinto/.gnupg fstype=tmpfs
Mounting noexec /home/corinto/.local/share/pki
504 482 0:24 /firejail/firejail.ro.dir /home/corinto/.local/share/pki ro,nosuid,nodev,noexec,relatime - tmpfs run rw,mode=755,inode64
mountid=504 fsname=/firejail/firejail.ro.dir dir=/home/corinto/.local/share/pki fstype=tmpfs
Mounting noexec /home/corinto/.netrc
505 483 0:24 /firejail/firejail.ro.file /home/corinto/.netrc ro,nosuid,nodev,noexec,relatime - tmpfs run rw,mode=755,inode64
mountid=505 fsname=/firejail/firejail.ro.file dir=/home/corinto/.netrc fstype=tmpfs
Mounting noexec /home/corinto/.pki
506 484 0:24 /firejail/firejail.ro.dir /home/corinto/.pki ro,nosuid,nodev,noexec,relatime - tmpfs run rw,mode=755,inode64
mountid=506 fsname=/firejail/firejail.ro.dir dir=/home/corinto/.pki fstype=tmpfs
Mounting noexec /run/user/1000
510 509 0:24 /firejail/firejail.ro.dir /run/user/1000/systemd ro,nosuid,nodev,relatime - tmpfs run rw,mode=755,inode64
mountid=510 fsname=/firejail/firejail.ro.dir dir=/run/user/1000/systemd fstype=tmpfs
Mounting noexec /run/user/1000/gnupg
511 508 0:24 /firejail/firejail.ro.dir /run/user/1000/gnupg ro,nosuid,nodev,noexec,relatime - tmpfs run rw,mode=755,inode64
mountid=511 fsname=/firejail/firejail.ro.dir dir=/run/user/1000/gnupg fstype=tmpfs
Mounting noexec /run/user/1000/systemd
512 510 0:24 /firejail/firejail.ro.dir /run/user/1000/systemd ro,nosuid,nodev,noexec,relatime - tmpfs run rw,mode=755,inode64
mountid=512 fsname=/firejail/firejail.ro.dir dir=/run/user/1000/systemd fstype=tmpfs
Mounting noexec /dev/shm
513 387 0:63 /shm /dev/shm rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64
mountid=513 fsname=/shm dir=/dev/shm fstype=tmpfs
Mounting noexec /tmp
516 514 259:3 /tmp/pulse-PKdhtXMmr18n /tmp/pulse-PKdhtXMmr18n rw,relatime - ext4 /dev/nvme0n1p3 rw
mountid=516 fsname=/tmp/pulse-PKdhtXMmr18n dir=/tmp/pulse-PKdhtXMmr18n fstype=ext4
Mounting noexec /tmp/.X11-unix
517 515 259:3 /tmp/.X11-unix /tmp/.X11-unix rw,nosuid,nodev,noexec,relatime - ext4 /dev/nvme0n1p3 rw
mountid=517 fsname=/tmp/.X11-unix dir=/tmp/.X11-unix fstype=ext4
Mounting noexec /tmp/pulse-PKdhtXMmr18n
518 516 259:3 /tmp/pulse-PKdhtXMmr18n /tmp/pulse-PKdhtXMmr18n rw,nosuid,nodev,noexec,relatime - ext4 /dev/nvme0n1p3 rw
mountid=518 fsname=/tmp/pulse-PKdhtXMmr18n dir=/tmp/pulse-PKdhtXMmr18n fstype=ext4
Warning (blacklisting): cannot open /usr/local/sbin/gjs: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/gjs-console: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/lua*: Permission denied
Warning (blacklisting): cannot open /usr/include/lua*: Permission denied
Disable /usr/lib/liblua++.so.5.4.6 (requested /usr/lib/liblua++.so)
Disable /usr/lib/liblua++.so.5.4.6 (requested /usr/lib/liblua++.so.5.4)
Disable /usr/lib/liblua.so.5.4.6
Disable /usr/lib/liblua.so.5.4.6 (requested /usr/lib/liblua.so)
Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib/liblua.so.5.2)
Disable /usr/lib/libluajit-5.1.so.2.1.1702233742 (requested /usr/lib/libluajit-5.1.so)
Disable /usr/lib/liblua5.2.so.5.2.4
Disable /usr/lib/liblua.so.5.4.6 (requested /usr/lib/liblua5.4.so)
Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib/liblua5.2.so.5.2)
Disable /usr/lib/liblua.so.5.4.6 (requested /usr/lib/liblua.so.5.4)
Disable /usr/lib/liblua++.so.5.4.6 (requested /usr/lib/liblua++5.4.so)
Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib/liblua5.2.so)
Disable /usr/lib/libluajit-5.1.so.2.1.1702233742
Disable /usr/lib/liblua++.so.5.4.6
Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib/liblua.so.5.2.4)
Disable /usr/lib/libluajit-5.1.so.2.1.1702233742 (requested /usr/lib/libluajit-5.1.so.2)
Disable /usr/lib/lua
Disable /usr/lib/liblua++.so.5.4.6 (requested /usr/lib64/liblua++.so)
Disable /usr/lib/liblua++.so.5.4.6 (requested /usr/lib64/liblua++.so.5.4)
Disable /usr/lib/liblua.so.5.4.6 (requested /usr/lib64/liblua.so.5.4.6)
Disable /usr/lib/liblua.so.5.4.6 (requested /usr/lib64/liblua.so)
Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib64/liblua.so.5.2)
Disable /usr/lib/libluajit-5.1.so.2.1.1702233742 (requested /usr/lib64/libluajit-5.1.so)
Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib64/liblua5.2.so.5.2.4)
Disable /usr/lib/liblua.so.5.4.6 (requested /usr/lib64/liblua5.4.so)
Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib64/liblua5.2.so.5.2)
Disable /usr/lib/liblua.so.5.4.6 (requested /usr/lib64/liblua.so.5.4)
Disable /usr/lib/liblua++.so.5.4.6 (requested /usr/lib64/liblua++5.4.so)
Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib64/liblua5.2.so)
Disable /usr/lib/libluajit-5.1.so.2.1.1702233742 (requested /usr/lib64/libluajit-5.1.so.2.1.1702233742)
Disable /usr/lib/liblua++.so.5.4.6 (requested /usr/lib64/liblua++.so.5.4.6)
Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib64/liblua.so.5.2.4)
Disable /usr/lib/libluajit-5.1.so.2.1.1702233742 (requested /usr/lib64/libluajit-5.1.so.2)
Disable /usr/lib/lua (requested /usr/lib64/lua)
Disable /usr/share/luajit-2.1
Disable /usr/share/lua
Warning (blacklisting): cannot open /usr/local/sbin/node: Permission denied
Warning (blacklisting): cannot open /usr/include/node: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/core_perl: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/cpan*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/perl: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/site_perl: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/vendor_perl: Permission denied
Disable /usr/lib/perl5
Disable /usr/lib/perl5 (requested /usr/lib64/perl5)
Disable /usr/share/perl-image-exiftool
Disable /usr/share/perl5
Warning (blacklisting): cannot open /usr/local/sbin/rxvt: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/php*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/ruby: Permission denied
Disable /usr/lib/ruby
Disable /usr/lib/ruby (requested /usr/lib64/ruby)
Warning (blacklisting): cannot open /usr/local/sbin/python2*: Permission denied
Warning (blacklisting): cannot open /usr/include/python2*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/python3*: Permission denied
Warning (blacklisting): cannot open /usr/include/python3*: Permission denied
Disable /usr/lib/python3.11
Disable /usr/lib/python3.10
Disable /usr/lib/python3.11 (requested /usr/lib64/python3.11)
Disable /usr/lib/python3.10 (requested /usr/lib64/python3.10)
Disable /usr/local/lib/python3.10
Disable /home/corinto/.android
Disable /home/corinto/.cache/keepassxc
Disable /home/corinto/.cache/mozilla
Disable /home/corinto/.cargo
Disable /home/corinto/.config/GIMP
Disable /home/corinto/.config/Google
Not blacklist /home/corinto/.config/Mousepad
Disable /home/corinto/.config/Thunar
Disable /home/corinto/.config/abiword
Disable /home/corinto/.config/keepassxc
Disable /home/corinto/.config/libreoffice
Disable /home/corinto/.config/mpv
Disable /home/corinto/.config/pavucontrol.ini
Disable /home/corinto/.config/pcmanfm
Disable /home/corinto/.config/redshift
Disable /home/corinto/.config/wireshark
Disable /home/corinto/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml
Disable /home/corinto/.gradle
Disable /home/corinto/.java
Disable /home/corinto/.local/share/quadrapassel
Disable /home/corinto/.mozilla
Disable /home/corinto/.npm
Disable /home/corinto/.wget-hsts
Warning (blacklisting): cannot open /usr/local/sbin/bash: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/csh: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/dash: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/fish: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/ksh: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/mksh: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/oksh: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/sh: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/tclsh: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/tcsh: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/zsh: Permission denied
Disable /etc/environment
Disable /etc/profile
Disable /etc/profile.d
Disable /etc/shells
Disable /etc/skel
Disable /etc/bash
Mounting read-only /tmp/.X11-unix
594 517 259:3 /tmp/.X11-unix /tmp/.X11-unix ro,nosuid,nodev,noexec,relatime - ext4 /dev/nvme0n1p3 rw
mountid=594 fsname=/tmp/.X11-unix dir=/tmp/.X11-unix fstype=ext4
Disable /sys/fs
Disable /sys/module
disable pulseaudio
blacklist /home/corinto/.config/pulse
blacklist /run/user/1000/pulse/native
blacklist /run/user/1000/pulse
blacklist /tmp/pulse-PKdhtXMmr18n
disable pipewire
Current directory: /home/corinto
DISPLAY=:0 parsed as 0
Install protocol filter: unix
configuring 19 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol
sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol
Dropping all capabilities
Drop privileges: pid 5, uid 1000, gid 1000, force_nogroups 1
No supplementary groups
line OP JT JF K
=================================
0000: 20 00 00 00000004 ld data.architecture
0001: 15 04 00 c000003e jeq ARCH_64 0006 (false 0002)
0002: 20 00 00 00000000 ld data.syscall-number
0003: 15 01 00 00000167 jeq unknown 0005 (false 0004)
0004: 06 00 00 7fff0000 ret ALLOW
0005: 05 00 00 00000009 jmp 000f
0006: 20 00 00 00000004 ld data.architecture
0007: 15 01 00 c000003e jeq ARCH_64 0009 (false 0008)
0008: 06 00 00 7fff0000 ret ALLOW
0009: 20 00 00 00000000 ld data.syscall-number
000a: 35 01 00 40000000 jge X32_ABI 000c (false 000b)
000b: 35 01 00 00000000 jge read 000d (false 000c)
000c: 06 00 00 00050001 ret ERRNO(1)
000d: 15 01 00 00000029 jeq socket 000f (false 000e)
000e: 06 00 00 7fff0000 ret ALLOW
000f: 20 00 00 00000010 ld data.args[0]
0010: 15 00 01 00000001 jeq 1 0011 (false 0012)
0011: 06 00 00 7fff0000 ret ALLOW
0012: 06 00 00 0005005f ret ERRNO(95)
configuring 54 seccomp entries in /run/firejail/mnt/seccomp/seccomp.32
sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp.32
Dropping all capabilities
Drop privileges: pid 6, uid 1000, gid 1000, force_nogroups 1
No supplementary groups
line OP JT JF K
=================================
0000: 20 00 00 00000004 ld data.architecture
0001: 15 01 00 40000003 jeq ARCH_32 0003 (false 0002)
0002: 06 00 00 7fff0000 ret ALLOW
0003: 20 00 00 00000000 ld data.syscall-number
0004: 15 30 00 00000015 jeq 15 0035 (false 0005)
0005: 15 2f 00 00000034 jeq 34 0035 (false 0006)
0006: 15 2e 00 0000001a jeq 1a 0035 (false 0007)
0007: 15 2d 00 0000011b jeq 11b 0035 (false 0008)
0008: 15 2c 00 00000155 jeq 155 0035 (false 0009)
0009: 15 2b 00 00000156 jeq 156 0035 (false 000a)
000a: 15 2a 00 0000007f jeq 7f 0035 (false 000b)
000b: 15 29 00 00000080 jeq 80 0035 (false 000c)
000c: 15 28 00 0000015e jeq 15e 0035 (false 000d)
000d: 15 27 00 00000081 jeq 81 0035 (false 000e)
000e: 15 26 00 0000006e jeq 6e 0035 (false 000f)
000f: 15 25 00 00000065 jeq 65 0035 (false 0010)
0010: 15 24 00 00000121 jeq 121 0035 (false 0011)
0011: 15 23 00 00000057 jeq 57 0035 (false 0012)
0012: 15 22 00 00000073 jeq 73 0035 (false 0013)
0013: 15 21 00 00000067 jeq 67 0035 (false 0014)
0014: 15 20 00 0000015b jeq 15b 0035 (false 0015)
0015: 15 1f 00 0000015c jeq 15c 0035 (false 0016)
0016: 15 1e 00 00000087 jeq 87 0035 (false 0017)
0017: 15 1d 00 00000095 jeq 95 0035 (false 0018)
0018: 15 1c 00 0000007c jeq 7c 0035 (false 0019)
0019: 15 1b 00 00000157 jeq 157 0035 (false 001a)
001a: 15 1a 00 000000fd jeq fd 0035 (false 001b)
001b: 15 19 00 00000150 jeq 150 0035 (false 001c)
001c: 15 18 00 00000152 jeq 152 0035 (false 001d)
001d: 15 17 00 0000015d jeq 15d 0035 (false 001e)
001e: 15 16 00 0000011e jeq 11e 0035 (false 001f)
001f: 15 15 00 0000011f jeq 11f 0035 (false 0020)
0020: 15 14 00 00000120 jeq 120 0035 (false 0021)
0021: 15 13 00 00000056 jeq 56 0035 (false 0022)
0022: 15 12 00 00000033 jeq 33 0035 (false 0023)
0023: 15 11 00 0000007b jeq 7b 0035 (false 0024)
0024: 15 10 00 000000d9 jeq d9 0035 (false 0025)
0025: 15 0f 00 000000f5 jeq f5 0035 (false 0026)
0026: 15 0e 00 000000f6 jeq f6 0035 (false 0027)
0027: 15 0d 00 000000f7 jeq f7 0035 (false 0028)
0028: 15 0c 00 000000f8 jeq f8 0035 (false 0029)
0029: 15 0b 00 000000f9 jeq f9 0035 (false 002a)
002a: 15 0a 00 00000101 jeq 101 0035 (false 002b)
002b: 15 09 00 00000112 jeq 112 0035 (false 002c)
002c: 15 08 00 00000114 jeq 114 0035 (false 002d)
002d: 15 07 00 00000126 jeq 126 0035 (false 002e)
002e: 15 06 00 0000013d jeq 13d 0035 (false 002f)
002f: 15 05 00 0000013c jeq 13c 0035 (false 0030)
0030: 15 04 00 0000003d jeq 3d 0035 (false 0031)
0031: 15 03 00 00000058 jeq 58 0035 (false 0032)
0032: 15 02 00 000000a9 jeq a9 0035 (false 0033)
0033: 15 01 00 00000082 jeq 82 0035 (false 0034)
0034: 06 00 00 7fff0000 ret ALLOW
0035: 06 00 00 00050001 ret ERRNO(1)
Dual 32/64 bit seccomp filter configured
configuring 80 seccomp entries in /run/firejail/mnt/seccomp/seccomp
sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp
Dropping all capabilities
Drop privileges: pid 7, uid 1000, gid 1000, force_nogroups 1
No supplementary groups
line OP JT JF K
=================================
0000: 20 00 00 00000004 ld data.architecture
0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002)
0002: 06 00 00 7fff0000 ret ALLOW
0003: 20 00 00 00000000 ld data.syscall-number
0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005)
0005: 35 01 00 00000000 jge read 0007 (false 0006)
0006: 06 00 00 00050001 ret ERRNO(1)
0007: 15 47 00 0000009f jeq adjtimex 004f (false 0008)
0008: 15 46 00 00000131 jeq clock_adjtime 004f (false 0009)
0009: 15 45 00 000000e3 jeq clock_settime 004f (false 000a)
000a: 15 44 00 000000a4 jeq settimeofday 004f (false 000b)
000b: 15 43 00 0000009a jeq modify_ldt 004f (false 000c)
000c: 15 42 00 000000d4 jeq lookup_dcookie 004f (false 000d)
000d: 15 41 00 0000012a jeq perf_event_open 004f (false 000e)
000e: 15 40 00 000001b6 jeq pidfd_getfd 004f (false 000f)
000f: 15 3f 00 00000137 jeq process_vm_writev 004f (false 0010)
0010: 15 3e 00 000000b0 jeq delete_module 004f (false 0011)
0011: 15 3d 00 00000139 jeq finit_module 004f (false 0012)
0012: 15 3c 00 000000af jeq init_module 004f (false 0013)
0013: 15 3b 00 000000a1 jeq chroot 004f (false 0014)
0014: 15 3a 00 000001af jeq fsconfig 004f (false 0015)
0015: 15 39 00 000001b0 jeq fsmount 004f (false 0016)
0016: 15 38 00 000001ae jeq fsopen 004f (false 0017)
0017: 15 37 00 000001b1 jeq fspick 004f (false 0018)
0018: 15 36 00 000000a5 jeq mount 004f (false 0019)
0019: 15 35 00 000001ad jeq move_mount 004f (false 001a)
001a: 15 34 00 000001ac jeq open_tree 004f (false 001b)
001b: 15 33 00 0000009b jeq pivot_root 004f (false 001c)
001c: 15 32 00 000000a6 jeq umount2 004f (false 001d)
001d: 15 31 00 0000009c jeq _sysctl 004f (false 001e)
001e: 15 30 00 000000b7 jeq afs_syscall 004f (false 001f)
001f: 15 2f 00 000000ae jeq create_module 004f (false 0020)
0020: 15 2e 00 000000b1 jeq get_kernel_syms 004f (false 0021)
0021: 15 2d 00 000000b5 jeq getpmsg 004f (false 0022)
0022: 15 2c 00 000000b6 jeq putpmsg 004f (false 0023)
0023: 15 2b 00 000000b2 jeq query_module 004f (false 0024)
0024: 15 2a 00 000000b9 jeq security 004f (false 0025)
0025: 15 29 00 0000008b jeq sysfs 004f (false 0026)
0026: 15 28 00 000000b8 jeq tuxcall 004f (false 0027)
0027: 15 27 00 00000086 jeq uselib 004f (false 0028)
0028: 15 26 00 00000088 jeq ustat 004f (false 0029)
0029: 15 25 00 000000ec jeq vserver 004f (false 002a)
002a: 15 24 00 000000ad jeq ioperm 004f (false 002b)
002b: 15 23 00 000000ac jeq iopl 004f (false 002c)
002c: 15 22 00 000000f6 jeq kexec_load 004f (false 002d)
002d: 15 21 00 00000140 jeq kexec_file_load 004f (false 002e)
002e: 15 20 00 000000a9 jeq reboot 004f (false 002f)
002f: 15 1f 00 000000a7 jeq swapon 004f (false 0030)
0030: 15 1e 00 000000a8 jeq swapoff 004f (false 0031)
0031: 15 1d 00 00000130 jeq open_by_handle_at 004f (false 0032)
0032: 15 1c 00 0000012f jeq name_to_handle_at 004f (false 0033)
0033: 15 1b 00 000000fb jeq ioprio_set 004f (false 0034)
0034: 15 1a 00 00000067 jeq syslog 004f (false 0035)
0035: 15 19 00 0000012c jeq fanotify_init 004f (false 0036)
0036: 15 18 00 000000f8 jeq add_key 004f (false 0037)
0037: 15 17 00 000000f9 jeq request_key 004f (false 0038)
0038: 15 16 00 000000ed jeq mbind 004f (false 0039)
0039: 15 15 00 00000100 jeq migrate_pages 004f (false 003a)
003a: 15 14 00 00000117 jeq move_pages 004f (false 003b)
003b: 15 13 00 000000fa jeq keyctl 004f (false 003c)
003c: 15 12 00 000000ce jeq io_setup 004f (false 003d)
003d: 15 11 00 000000cf jeq io_destroy 004f (false 003e)
003e: 15 10 00 000000d0 jeq io_getevents 004f (false 003f)
003f: 15 0f 00 000000d1 jeq io_submit 004f (false 0040)
0040: 15 0e 00 000000d2 jeq io_cancel 004f (false 0041)
0041: 15 0d 00 000000d8 jeq remap_file_pages 004f (false 0042)
0042: 15 0c 00 000000ee jeq set_mempolicy 004f (false 0043)
0043: 15 0b 00 00000116 jeq vmsplice 004f (false 0044)
0044: 15 0a 00 00000143 jeq userfaultfd 004f (false 0045)
0045: 15 09 00 000000a3 jeq acct 004f (false 0046)
0046: 15 08 00 00000141 jeq bpf 004f (false 0047)
0047: 15 07 00 000000b4 jeq nfsservctl 004f (false 0048)
0048: 15 06 00 000000ab jeq setdomainname 004f (false 0049)
0049: 15 05 00 000000aa jeq sethostname 004f (false 004a)
004a: 15 04 00 00000099 jeq vhangup 004f (false 004b)
004b: 15 03 00 00000065 jeq ptrace 004f (false 004c)
004c: 15 02 00 00000087 jeq personality 004f (false 004d)
004d: 15 01 00 00000136 jeq process_vm_readv 004f (false 004e)
004e: 06 00 00 7fff0000 ret ALLOW
004f: 06 00 01 00050001 ret ERRNO(1)
seccomp filter configured
Build restrict-namespaces filter
sbox run: /run/firejail/lib/fseccomp restrict-namespaces /run/firejail/mnt/seccomp/seccomp.namespaces cgroup,ipc,net,mnt,pid,time,user,uts
Dropping all capabilities
Drop privileges: pid 8, uid 1000, gid 1000, force_nogroups 1
No supplementary groups
restrict-namespaces filter configured
Build restrict-namespaces filter
sbox run: /run/firejail/lib/fseccomp restrict-namespaces.32 /run/firejail/mnt/seccomp/seccomp.namespaces.32 cgroup,ipc,net,mnt,pid,time,user,uts
Dropping all capabilities
Drop privileges: pid 9, uid 1000, gid 1000, force_nogroups 1
No supplementary groups
restrict-namespaces filter configured
Install namespaces filter
configuring 26 seccomp entries in /run/firejail/mnt/seccomp/seccomp.namespaces
sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp.namespaces
Dropping all capabilities
Drop privileges: pid 10, uid 1000, gid 1000, force_nogroups 1
No supplementary groups
line OP JT JF K
=================================
0000: 20 00 00 00000004 ld data.architecture
0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002)
0002: 06 00 00 7fff0000 ret ALLOW
0003: 20 00 00 00000000 ld data.syscall-number
0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005)
0005: 35 01 00 00000000 jge read 0007 (false 0006)
0006: 06 00 00 00050001 ret ERRNO(1)
0007: 15 00 04 00000038 jeq clone 0008 (false 000c)
0008: 20 00 00 00000010 ld data.args[0]
0009: 45 00 01 7e020000 jset 7e020000 000a (false 000b)
000a: 06 00 00 00050001 ret ERRNO(1)
000b: 06 00 00 7fff0000 ret ALLOW
000c: 15 00 01 000001b3 jeq 1b3 000d (false 000e)
000d: 06 00 00 00050026 ret ERRNO(38)
000e: 15 00 04 00000110 jeq 110 000f (false 0013)
000f: 20 00 00 00000010 ld data.args[0]
0010: 45 00 01 7e020080 jset 7e020080 0011 (false 0012)
0011: 06 00 00 00050001 ret ERRNO(1)
0012: 06 00 00 7fff0000 ret ALLOW
0013: 15 00 04 00000134 jeq 134 0014 (false 0018)
0014: 20 00 00 00000018 ld data.args[8]
0015: 15 01 00 00000000 jeq 0 0017 (false 0016)
0016: 45 00 01 7e020080 jset 7e020080 0017 (false 0018)
0017: 06 00 00 00050001 ret ERRNO(1)
0018: 06 00 00 7fff0000 ret ALLOW
0019: 06 00 00 7fff0000 ret ALLOW
configuring 23 seccomp entries in /run/firejail/mnt/seccomp/seccomp.namespaces.32
sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp.namespaces.32
Dropping all capabilities
Drop privileges: pid 11, uid 1000, gid 1000, force_nogroups 1
No supplementary groups
line OP JT JF K
=================================
0000: 20 00 00 00000004 ld data.architecture
0001: 15 01 00 40000003 jeq ARCH_32 0003 (false 0002)
0002: 06 00 00 7fff0000 ret ALLOW
0003: 20 00 00 00000000 ld data.syscall-number
0004: 15 00 04 00000078 jeq 78 0005 (false 0009)
0005: 20 00 00 00000010 ld data.args[0]
0006: 45 00 01 7e020000 jset 7e020000 0007 (false 0008)
0007: 06 00 00 00050001 ret ERRNO(1)
0008: 06 00 00 7fff0000 ret ALLOW
0009: 15 00 01 000001b3 jeq 1b3 000a (false 000b)
000a: 06 00 00 00050026 ret ERRNO(38)
000b: 15 00 04 00000136 jeq 136 000c (false 0010)
000c: 20 00 00 00000010 ld data.args[0]
000d: 45 00 01 7e020080 jset 7e020080 000e (false 000f)
000e: 06 00 00 00050001 ret ERRNO(1)
000f: 06 00 00 7fff0000 ret ALLOW
0010: 15 00 04 0000015a jeq 15a 0011 (false 0015)
0011: 20 00 00 00000018 ld data.args[8]
0012: 15 01 00 00000000 jeq 0 0014 (false 0013)
0013: 45 00 01 7e020080 jset 7e020080 0014 (false 0015)
0014: 06 00 00 00050001 ret ERRNO(1)
0015: 06 00 00 7fff0000 ret ALLOW
0016: 06 00 00 7fff0000 ret ALLOW
Mounting read-only /run/firejail/mnt/seccomp
601 357 0:56 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755,inode64
mountid=601 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs
Seccomp directory:
ls /run/firejail/mnt/seccomp
drwxr-xr-x root root 200 .
drwxr-xr-x root root 240 ..
-rw-r--r-- corinto corinto 640 seccomp
-rw-r--r-- corinto corinto 432 seccomp.32
-rw-r--r-- corinto corinto 207 seccomp.list
-rw-r--r-- corinto corinto 208 seccomp.namespaces
-rw-r--r-- corinto corinto 184 seccomp.namespaces.32
-rw-r--r-- corinto corinto 0 seccomp.postexec
-rw-r--r-- corinto corinto 0 seccomp.postexec32
-rw-r--r-- corinto corinto 152 seccomp.protocol
Active seccomp files:
cat /run/firejail/mnt/seccomp/seccomp.list
/run/firejail/mnt/seccomp/seccomp.protocol
/run/firejail/mnt/seccomp/seccomp.32
/run/firejail/mnt/seccomp/seccomp
/run/firejail/mnt/seccomp/seccomp.namespaces
/run/firejail/mnt/seccomp/seccomp.namespaces.32
Dropping all capabilities
nogroups command not ignored
noroot user namespace installed
Dropping all capabilities
NO_NEW_PRIVS set
Drop privileges: pid 1, uid 1000, gid 1000, force_nogroups 0
nogroups command not ignored
No supplementary groups
AppArmor enabled
Closing non-standard file descriptors
Starting application
LD_PRELOAD=(null)
execvp argument 0: /usr/bin/mousepad
Child process initialized in 79.44 ms
Installing /run/firejail/mnt/seccomp/seccomp.namespaces.32 seccomp filter
Installing /run/firejail/mnt/seccomp/seccomp.namespaces seccomp filter
Installing /run/firejail/mnt/seccomp/seccomp seccomp filter
Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter
Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter
monitoring pid 12
Mousepad-Message: 17:26:57.435: Failed to load plugin "mousepad-plugin-gspell": libgspell-1.so.2: cannot open shared object file: No such file or directory
(mousepad:12): dconf-WARNING **: 17:26:57.499: failed to commit changes to dconf: Could not connect: No such file or directory
(mousepad:12): dconf-WARNING **: 17:26:57.499: failed to commit changes to dconf: Could not connect: No such file or directory
Failed to create secure directory (/run/user/1000/pulse): Permission denied
(mousepad:12): dconf-WARNING **: 17:26:58.805: failed to commit changes to dconf: Could not connect: No such file or directory
(mousepad:12): dconf-WARNING **: 17:26:58.805: failed to commit changes to dconf: Could not connect: No such file or directory
(mousepad:12): dconf-WARNING **: 17:26:59.353: failed to commit changes to dconf: Could not connect: No such file or directory
(mousepad:12): dconf-WARNING **: 17:26:59.353: failed to commit changes to dconf: Could not connect: No such file or directory
Sandbox monitor: waitpid 12 retval 12 status 0
Parent is shutting down, bye...
From what I start? I don't know what to check.. New to firejail
Running firejail mousepad with root does not give any warning, what should I add to mousepad.local?
Check echo $DBUS_SESSION_BUS_ADDRESS
. If it starts with /tmp/dbus-
after the unix:path=
add whitelist /tmp/dbus-*
.
It works! Thanks, I will try this with other program with same warnings