search

netblue30 / firejail

Linux namespaces and seccomp-bpf sandbox
https://firejail.wordpress.com
GNU General Public License v2.0
5.71k stars 559 forks source link

Everdo appimage can't start with Firejail #3374

Closed omega3 closed 4 years ago

omega3 commented 4 years ago

Everdo appimage can be downloaded from project site: https://everdo.net/#download-form

$ firejail --debug --appimage ./Everdo-1.3.5.AppImage        
Autoselecting /bin/bash as shell
Configuring appimage environment
AppImage ELF size 188392
Mounting appimage type 2
appimage mounted on /run/firejail/appimage/.appimage-155050
Building AppImage command line: /run/firejail/appimage/.appimage-155050/AppRun
AppImage quoted command line: '/run/firejail/appimage/.appimage-155050/AppRun' 
Command name #./Everdo-1.3.5.AppImage#
Attempting to find default.profile...
Found default.profile profile in /etc/firejail directory
Reading profile /etc/firejail/default.profile
Found disable-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-common.inc
Found disable-passwdmgr.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-passwdmgr.inc
Found disable-programs.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-programs.inc

** Note: you can use --noprofile to disable default.profile **

DISPLAY=:0 parsed as 0
Using the local network stack
Parent pid 155050, child pid 155053
Initializing child process
Host network configured
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp directory
Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file
Build protocol filter: unix,inet,inet6
sbox run: /run/firejail/lib/fseccomp protocol build unix,inet,inet6 /run/firejail/mnt/seccomp/seccomp.protocol 
Dropping all capabilities
Drop privileges: pid 2, uid 1000, gid 1001, nogroups 1
No supplementary groups

**     Warning: dropping all Linux capabilities     **

Mounting /proc filesystem representing the PID namespace
Basic read-only filesystem:
Mounting read-only /etc
1210 1167 0:23 /@/etc /etc ro,noatime master:1 - btrfs /dev/sda1 rw,ssd,space_cache,autodefrag,subvolid=444,subvol=/@/etc
mountid=1210 fsname=/@/etc dir=/etc fstype=btrfs
Mounting noexec /etc
1211 1210 0:23 /@/etc /etc ro,nosuid,nodev,noexec,noatime master:1 - btrfs /dev/sda1 rw,ssd,space_cache,autodefrag,subvolid=444,subvol=/@/etc
mountid=1211 fsname=/@/etc dir=/etc fstype=btrfs
Mounting read-only /var
1212 1167 0:23 /@/var /var ro,noatime master:1 - btrfs /dev/sda1 rw,ssd,space_cache,autodefrag,subvolid=444,subvol=/@/var
mountid=1212 fsname=/@/var dir=/var fstype=btrfs
Mounting noexec /var
1213 1212 0:23 /@/var /var ro,nosuid,nodev,noexec,noatime master:1 - btrfs /dev/sda1 rw,ssd,space_cache,autodefrag,subvolid=444,subvol=/@/var
mountid=1213 fsname=/@/var dir=/var fstype=btrfs
Mounting read-only /usr
1214 1167 0:23 /@/usr /usr ro,noatime master:1 - btrfs /dev/sda1 rw,ssd,space_cache,autodefrag,subvolid=444,subvol=/@/usr
mountid=1214 fsname=/@/usr dir=/usr fstype=btrfs
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Cleaning /run/user directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /home/user_name/.config/firejail
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/profile
Disable /run/firejail/x11
Mounting read-only /proc/sys
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/sched_debug
Disable /proc/timer_list
Disable /proc/kcore
Disable /proc/kallsyms
Disable /usr/lib/modules (requested /lib/modules)
Disable /boot
Disable /dev/port
Disable /run/user/1000/gnupg
Disable /run/user/1000/systemd
Disable /dev/kmsg
Disable /proc/kmsg
Disable /home/user_name/.local/share/Trash
Disable /home/user_name/.bash_history
Disable /home/user_name/.local/share/klipper
Disable /home/user_name/.config/autostart
Disable /home/user_name/.config/autostart-scripts
Disable /home/user_name/.config/plasma-workspace
Disable /home/user_name/.config/startupconfig
Disable /home/user_name/.config/startupconfigkeys
Disable /home/user_name/.xinitrc
Disable /home/user_name/.xprofile
Disable /etc/xdg/autostart
Mounting read-only /home/user_name/.Xauthority
1256 1222 0:23 /@home/user_name/.Xauthority /home/user_name/.Xauthority ro,noatime master:96 - btrfs /dev/sda1 rw,ssd,space_cache,autodefrag,subvolid=400,subvol=/@home/user_name/.Xauthority
mountid=1256 fsname=/@home/user_name/.Xauthority dir=/home/user_name/.Xauthority fstype=btrfs
Disable /home/user_name/.config/khotkeysrc
Disable /home/user_name/.config/krunnerrc
Disable /home/user_name/.config/kscreenlockerrc
Disable /home/user_name/.config/kwalletrc
Disable /home/user_name/.config/kwinrc
Disable /home/user_name/.config/kwinrulesrc
Disable /home/user_name/.config/plasma-org.kde.plasma.desktop-appletsrc
Disable /home/user_name/.config/plasmashellrc
Disable /home/user_name/.local/share/kglobalaccel
Disable /home/user_name/.local/share/plasma
Mounting read-only /home/user_name/.cache/ksycoca5_pl_1ozrsyVXhxoG9qJgwjo8WZijHOE=
1267 1222 0:23 /@home/user_name/.cache/ksycoca5_pl_1ozrsyVXhxoG9qJgwjo8WZijHOE= /home/user_name/.cache/ksycoca5_pl_1ozrsyVXhxoG9qJgwjo8WZijHOE= ro,noatime master:96 - btrfs /dev/sda1 rw,ssd,space_cache,autodefrag,subvolid=400,subvol=/@home/user_name/.cache/ksycoca5_pl_1ozrsyVXhxoG9qJgwjo8WZijHOE=
mountid=1267 fsname=/@home/user_name/.cache/ksycoca5_pl_1ozrsyVXhxoG9qJgwjo8WZijHOE= dir=/home/user_name/.cache/ksycoca5_pl_1ozrsyVXhxoG9qJgwjo8WZijHOE= fstype=btrfs
Mounting read-only /home/user_name/.cache/ksycoca5_en_xooYlTfCc1MsbniZOn9MX2_y5qE=
1268 1222 0:23 /@home/user_name/.cache/ksycoca5_en_xooYlTfCc1MsbniZOn9MX2_y5qE= /home/user_name/.cache/ksycoca5_en_xooYlTfCc1MsbniZOn9MX2_y5qE= ro,noatime master:96 - btrfs /dev/sda1 rw,ssd,space_cache,autodefrag,subvolid=400,subvol=/@home/user_name/.cache/ksycoca5_en_xooYlTfCc1MsbniZOn9MX2_y5qE=
mountid=1268 fsname=/@home/user_name/.cache/ksycoca5_en_xooYlTfCc1MsbniZOn9MX2_y5qE= dir=/home/user_name/.cache/ksycoca5_en_xooYlTfCc1MsbniZOn9MX2_y5qE= fstype=btrfs
Mounting read-only /home/user_name/.cache/ksycoca5_pl_xooYlTfCc1MsbniZOn9MX2_y5qE=
1269 1222 0:23 /@home/user_name/.cache/ksycoca5_pl_xooYlTfCc1MsbniZOn9MX2_y5qE= /home/user_name/.cache/ksycoca5_pl_xooYlTfCc1MsbniZOn9MX2_y5qE= ro,noatime master:96 - btrfs /dev/sda1 rw,ssd,space_cache,autodefrag,subvolid=400,subvol=/@home/user_name/.cache/ksycoca5_pl_xooYlTfCc1MsbniZOn9MX2_y5qE=
mountid=1269 fsname=/@home/user_name/.cache/ksycoca5_pl_xooYlTfCc1MsbniZOn9MX2_y5qE= dir=/home/user_name/.cache/ksycoca5_pl_xooYlTfCc1MsbniZOn9MX2_y5qE= fstype=btrfs
Mounting read-only /home/user_name/.cache/ksycoca5_pl__3GSV27wCPk480_MOsz8Rg6TYdM=
1270 1222 0:23 /@home/user_name/.cache/ksycoca5_pl__3GSV27wCPk480_MOsz8Rg6TYdM= /home/user_name/.cache/ksycoca5_pl__3GSV27wCPk480_MOsz8Rg6TYdM= ro,noatime master:96 - btrfs /dev/sda1 rw,ssd,space_cache,autodefrag,subvolid=400,subvol=/@home/user_name/.cache/ksycoca5_pl__3GSV27wCPk480_MOsz8Rg6TYdM=
mountid=1270 fsname=/@home/user_name/.cache/ksycoca5_pl__3GSV27wCPk480_MOsz8Rg6TYdM= dir=/home/user_name/.cache/ksycoca5_pl__3GSV27wCPk480_MOsz8Rg6TYdM= fstype=btrfs
Mounting read-only /home/user_name/.cache/ksycoca5_pl_l63GZ6LPRUww9vrPeBdiPByu31E=
1271 1222 0:23 /@home/user_name/.cache/ksycoca5_pl_l63GZ6LPRUww9vrPeBdiPByu31E= /home/user_name/.cache/ksycoca5_pl_l63GZ6LPRUww9vrPeBdiPByu31E= ro,noatime master:96 - btrfs /dev/sda1 rw,ssd,space_cache,autodefrag,subvolid=400,subvol=/@home/user_name/.cache/ksycoca5_pl_l63GZ6LPRUww9vrPeBdiPByu31E=
mountid=1271 fsname=/@home/user_name/.cache/ksycoca5_pl_l63GZ6LPRUww9vrPeBdiPByu31E= dir=/home/user_name/.cache/ksycoca5_pl_l63GZ6LPRUww9vrPeBdiPByu31E= fstype=btrfs
Mounting read-only /home/user_name/.cache/ksycoca5_en_l63GZ6LPRUww9vrPeBdiPByu31E=
1272 1222 0:23 /@home/user_name/.cache/ksycoca5_en_l63GZ6LPRUww9vrPeBdiPByu31E= /home/user_name/.cache/ksycoca5_en_l63GZ6LPRUww9vrPeBdiPByu31E= ro,noatime master:96 - btrfs /dev/sda1 rw,ssd,space_cache,autodefrag,subvolid=400,subvol=/@home/user_name/.cache/ksycoca5_en_l63GZ6LPRUww9vrPeBdiPByu31E=
mountid=1272 fsname=/@home/user_name/.cache/ksycoca5_en_l63GZ6LPRUww9vrPeBdiPByu31E= dir=/home/user_name/.cache/ksycoca5_en_l63GZ6LPRUww9vrPeBdiPByu31E= fstype=btrfs
Mounting read-only /home/user_name/.cache/ksycoca5_pl_mK4xil6TJs0wfyrHnnmO8yVx5MI=
1273 1222 0:23 /@home/user_name/.cache/ksycoca5_pl_mK4xil6TJs0wfyrHnnmO8yVx5MI= /home/user_name/.cache/ksycoca5_pl_mK4xil6TJs0wfyrHnnmO8yVx5MI= ro,noatime master:96 - btrfs /dev/sda1 rw,ssd,space_cache,autodefrag,subvolid=400,subvol=/@home/user_name/.cache/ksycoca5_pl_mK4xil6TJs0wfyrHnnmO8yVx5MI=
mountid=1273 fsname=/@home/user_name/.cache/ksycoca5_pl_mK4xil6TJs0wfyrHnnmO8yVx5MI= dir=/home/user_name/.cache/ksycoca5_pl_mK4xil6TJs0wfyrHnnmO8yVx5MI= fstype=btrfs
Mounting read-only /home/user_name/.config/freespacenotifier.notifyrc
1274 1222 0:23 /@home/user_name/.config/freespacenotifier.notifyrc /home/user_name/.config/freespacenotifier.notifyrc ro,noatime master:96 - btrfs /dev/sda1 rw,ssd,space_cache,autodefrag,subvolid=400,subvol=/@home/user_name/.config/freespacenotifier.notifyrc
mountid=1274 fsname=/@home/user_name/.config/freespacenotifier.notifyrc dir=/home/user_name/.config/freespacenotifier.notifyrc fstype=btrfs
Mounting read-only /home/user_name/.config/k3b.notifyrc
1275 1222 0:23 /@home/user_name/.config/k3b.notifyrc /home/user_name/.config/k3b.notifyrc ro,noatime master:96 - btrfs /dev/sda1 rw,ssd,space_cache,autodefrag,subvolid=400,subvol=/@home/user_name/.config/k3b.notifyrc
mountid=1275 fsname=/@home/user_name/.config/k3b.notifyrc dir=/home/user_name/.config/k3b.notifyrc fstype=btrfs
Mounting read-only /home/user_name/.config/kcm_touchpad.notifyrc
1276 1222 0:23 /@home/user_name/.config/kcm_touchpad.notifyrc /home/user_name/.config/kcm_touchpad.notifyrc ro,noatime master:96 - btrfs /dev/sda1 rw,ssd,space_cache,autodefrag,subvolid=400,subvol=/@home/user_name/.config/kcm_touchpad.notifyrc
mountid=1276 fsname=/@home/user_name/.config/kcm_touchpad.notifyrc dir=/home/user_name/.config/kcm_touchpad.notifyrc fstype=btrfs
Mounting read-only /home/user_name/.config/konversation.notifyrc
1277 1222 0:23 /@home/user_name/.config/konversation.notifyrc /home/user_name/.config/konversation.notifyrc ro,noatime master:96 - btrfs /dev/sda1 rw,ssd,space_cache,autodefrag,subvolid=400,subvol=/@home/user_name/.config/konversation.notifyrc
mountid=1277 fsname=/@home/user_name/.config/konversation.notifyrc dir=/home/user_name/.config/konversation.notifyrc fstype=btrfs
Mounting read-only /home/user_name/.config/kwrited.notifyrc
1278 1222 0:23 /@home/user_name/.config/kwrited.notifyrc /home/user_name/.config/kwrited.notifyrc ro,noatime master:96 - btrfs /dev/sda1 rw,ssd,space_cache,autodefrag,subvolid=400,subvol=/@home/user_name/.config/kwrited.notifyrc
mountid=1278 fsname=/@home/user_name/.config/kwrited.notifyrc dir=/home/user_name/.config/kwrited.notifyrc fstype=btrfs
Mounting read-only /home/user_name/.config/networkmanagement.notifyrc
1279 1222 0:23 /@home/user_name/.config/networkmanagement.notifyrc /home/user_name/.config/networkmanagement.notifyrc ro,noatime master:96 - btrfs /dev/sda1 rw,ssd,space_cache,autodefrag,subvolid=400,subvol=/@home/user_name/.config/networkmanagement.notifyrc
mountid=1279 fsname=/@home/user_name/.config/networkmanagement.notifyrc dir=/home/user_name/.config/networkmanagement.notifyrc fstype=btrfs
Mounting read-only /home/user_name/.config/phonon.notifyrc
1280 1222 0:23 /@home/user_name/.config/phonon.notifyrc /home/user_name/.config/phonon.notifyrc ro,noatime master:96 - btrfs /dev/sda1 rw,ssd,space_cache,autodefrag,subvolid=400,subvol=/@home/user_name/.config/phonon.notifyrc
mountid=1280 fsname=/@home/user_name/.config/phonon.notifyrc dir=/home/user_name/.config/phonon.notifyrc fstype=btrfs
Mounting read-only /home/user_name/.config/plasma_workspace.notifyrc
1281 1222 0:23 /@home/user_name/.config/plasma_workspace.notifyrc /home/user_name/.config/plasma_workspace.notifyrc ro,noatime master:96 - btrfs /dev/sda1 rw,ssd,space_cache,autodefrag,subvolid=400,subvol=/@home/user_name/.config/plasma_workspace.notifyrc
mountid=1281 fsname=/@home/user_name/.config/plasma_workspace.notifyrc dir=/home/user_name/.config/plasma_workspace.notifyrc fstype=btrfs
Mounting read-only /home/user_name/.config/powerdevil.notifyrc
1282 1222 0:23 /@home/user_name/.config/powerdevil.notifyrc /home/user_name/.config/powerdevil.notifyrc ro,noatime master:96 - btrfs /dev/sda1 rw,ssd,space_cache,autodefrag,subvolid=400,subvol=/@home/user_name/.config/powerdevil.notifyrc
mountid=1282 fsname=/@home/user_name/.config/powerdevil.notifyrc dir=/home/user_name/.config/powerdevil.notifyrc fstype=btrfs
Mounting read-only /home/user_name/.config/printmanager.notifyrc
1283 1222 0:23 /@home/user_name/.config/printmanager.notifyrc /home/user_name/.config/printmanager.notifyrc ro,noatime master:96 - btrfs /dev/sda1 rw,ssd,space_cache,autodefrag,subvolid=400,subvol=/@home/user_name/.config/printmanager.notifyrc
mountid=1283 fsname=/@home/user_name/.config/printmanager.notifyrc dir=/home/user_name/.config/printmanager.notifyrc fstype=btrfs
Mounting read-only /home/user_name/.config/knotifyrc
1284 1222 0:23 /@home/user_name/.config/knotifyrc /home/user_name/.config/knotifyrc ro,noatime master:96 - btrfs /dev/sda1 rw,ssd,space_cache,autodefrag,subvolid=400,subvol=/@home/user_name/.config/knotifyrc
mountid=1284 fsname=/@home/user_name/.config/knotifyrc dir=/home/user_name/.config/knotifyrc fstype=btrfs
Mounting read-only /home/user_name/.config/plasmanotifyrc
1285 1222 0:23 /@home/user_name/.config/plasmanotifyrc /home/user_name/.config/plasmanotifyrc ro,noatime master:96 - btrfs /dev/sda1 rw,ssd,space_cache,autodefrag,subvolid=400,subvol=/@home/user_name/.config/plasmanotifyrc
mountid=1285 fsname=/@home/user_name/.config/plasmanotifyrc dir=/home/user_name/.config/plasmanotifyrc fstype=btrfs
Mounting read-only /home/user_name/.config/kdeglobals
1286 1222 0:23 /@home/user_name/.config/kdeglobals /home/user_name/.config/kdeglobals ro,noatime master:96 - btrfs /dev/sda1 rw,ssd,space_cache,autodefrag,subvolid=400,subvol=/@home/user_name/.config/kdeglobals
mountid=1286 fsname=/@home/user_name/.config/kdeglobals dir=/home/user_name/.config/kdeglobals fstype=btrfs
Mounting read-only /home/user_name/.config/kiorc
1287 1222 0:23 /@home/user_name/.config/kiorc /home/user_name/.config/kiorc ro,noatime master:96 - btrfs /dev/sda1 rw,ssd,space_cache,autodefrag,subvolid=400,subvol=/@home/user_name/.config/kiorc
mountid=1287 fsname=/@home/user_name/.config/kiorc dir=/home/user_name/.config/kiorc fstype=btrfs
Mounting read-only /home/user_name/.kde4/share/config/kdeglobals
1288 1222 0:23 /@home/user_name/.kde4/share/config/kdeglobals /home/user_name/.kde4/share/config/kdeglobals ro,noatime master:96 - btrfs /dev/sda1 rw,ssd,space_cache,autodefrag,subvolid=400,subvol=/@home/user_name/.kde4/share/config/kdeglobals
mountid=1288 fsname=/@home/user_name/.kde4/share/config/kdeglobals dir=/home/user_name/.kde4/share/config/kdeglobals fstype=btrfs
Mounting read-only /home/user_name/.local/share/konsole
1289 1222 0:23 /@home/user_name/.local/share/konsole /home/user_name/.local/share/konsole ro,noatime master:96 - btrfs /dev/sda1 rw,ssd,space_cache,autodefrag,subvolid=400,subvol=/@home/user_name/.local/share/konsole
mountid=1289 fsname=/@home/user_name/.local/share/konsole dir=/home/user_name/.local/share/konsole fstype=btrfs
Disable /run/user/1000/klauncherRqnQPv.1.slave-socket
Disable /run/user/1000/kdeinit5__0
Mounting read-only /home/user_name/.config/dconf
1292 1222 0:23 /@home/user_name/.config/dconf /home/user_name/.config/dconf ro,noatime master:96 - btrfs /dev/sda1 rw,ssd,space_cache,autodefrag,subvolid=400,subvol=/@home/user_name/.config/dconf
mountid=1292 fsname=/@home/user_name/.config/dconf dir=/home/user_name/.config/dconf fstype=btrfs
Disable /var/lib/systemd
Disable /var/cache/pacman
Disable /var/lib/pacman
Disable /var/lib/upower
Disable /var/spool/mail (requested /var/mail)
Disable /var/opt
Disable /var/spool/anacron
Disable /var/spool/cron
Disable /var/spool/mail
Disable /etc/anacrontab
Disable /etc/cron.d
Disable /etc/cron.daily
Disable /etc/cron.hourly
Disable /etc/cron.monthly
Disable /etc/cron.weekly
Disable /etc/cron.deny
Disable /etc/profile.d
Disable /etc/kernel
Disable /etc/grub.d.old
Disable /etc/grub.d
Disable /etc/apparmor
Disable /etc/apparmor.d
Disable /etc/modules-load.d
Disable /etc/logrotate.d
Disable /etc/logrotate.conf
Mounting read-only /home/user_name/.bash_logout
1318 1222 0:23 /@home/user_name/.bash_logout /home/user_name/.bash_logout ro,noatime master:96 - btrfs /dev/sda1 rw,ssd,space_cache,autodefrag,subvolid=400,subvol=/@home/user_name/.bash_logout
mountid=1318 fsname=/@home/user_name/.bash_logout dir=/home/user_name/.bash_logout fstype=btrfs
Mounting read-only /home/user_name/.bash_profile
1319 1222 0:23 /@home/user_name/.bash_profile /home/user_name/.bash_profile ro,noatime master:96 - btrfs /dev/sda1 rw,ssd,space_cache,autodefrag,subvolid=400,subvol=/@home/user_name/.bash_profile
mountid=1319 fsname=/@home/user_name/.bash_profile dir=/home/user_name/.bash_profile fstype=btrfs
Mounting read-only /home/user_name/.bashrc
1320 1222 0:23 /@home/user_name/.bashrc /home/user_name/.bashrc ro,noatime master:96 - btrfs /dev/sda1 rw,ssd,space_cache,autodefrag,subvolid=400,subvol=/@home/user_name/.bashrc
mountid=1320 fsname=/@home/user_name/.bashrc dir=/home/user_name/.bashrc fstype=btrfs
Mounting read-only /home/user_name/.config/menus
1321 1222 0:23 /@home/user_name/.config/menus /home/user_name/.config/menus ro,noatime master:96 - btrfs /dev/sda1 rw,ssd,space_cache,autodefrag,subvolid=400,subvol=/@home/user_name/.config/menus
mountid=1321 fsname=/@home/user_name/.config/menus dir=/home/user_name/.config/menus fstype=btrfs
Mounting read-only /home/user_name/.local/share/applications
1322 1222 0:23 /@home/user_name/.local/share/applications /home/user_name/.local/share/applications ro,noatime master:96 - btrfs /dev/sda1 rw,ssd,space_cache,autodefrag,subvolid=400,subvol=/@home/user_name/.local/share/applications
mountid=1322 fsname=/@home/user_name/.local/share/applications dir=/home/user_name/.local/share/applications fstype=btrfs
Disable /home/user_name/.gnupg
Disable /home/user_name/.local/share/keyrings
Disable /home/user_name/.local/share/kwalletd
Disable /home/user_name/.pki
Disable /home/user_name/.local/share/pki
Disable /home/user_name/.ssh
Disable /etc/group-
Disable /etc/gshadow
Disable /etc/gshadow-
Disable /etc/passwd-
Disable /etc/shadow
Disable /etc/shadow-
Disable /etc/ssh
Warning: /sbin directory link was not blacklisted
Disable /usr/local/sbin
Warning: /usr/sbin directory link was not blacklisted
Disable /usr/bin/chage (requested /bin/chage)
Disable /usr/bin/chage
Disable /usr/bin/chfn (requested /bin/chfn)
Disable /usr/bin/chfn
Disable /usr/bin/chsh (requested /bin/chsh)
Disable /usr/bin/chsh
Disable /usr/bin/crontab (requested /bin/crontab)
Disable /usr/bin/crontab
Disable /usr/bin/expiry (requested /bin/expiry)
Disable /usr/bin/expiry
Disable /usr/bin/fusermount (requested /bin/fusermount)
Disable /usr/bin/fusermount
Disable /usr/bin/gpasswd (requested /bin/gpasswd)
Disable /usr/bin/gpasswd
Disable /usr/bin/ksu (requested /bin/ksu)
Disable /usr/bin/ksu
Disable /usr/bin/mount (requested /bin/mount)
Disable /usr/bin/mount
Disable /usr/bin/mount.ecryptfs_private (requested /bin/mount.ecryptfs_private)
Disable /usr/bin/mount.ecryptfs_private
Disable /usr/bin/newgidmap (requested /bin/newgidmap)
Disable /usr/bin/newgidmap
Disable /usr/bin/newgrp (requested /bin/newgrp)
Disable /usr/bin/newgrp
Disable /usr/bin/newuidmap (requested /bin/newuidmap)
Disable /usr/bin/newuidmap
Disable /usr/bin/ntfs-3g (requested /bin/ntfs-3g)
Disable /usr/bin/ntfs-3g
Disable /usr/bin/pkexec (requested /bin/pkexec)
Disable /usr/bin/pkexec
Disable /usr/bin/sg (requested /bin/sg)
Disable /usr/bin/sg
Disable /usr/bin/su (requested /bin/su)
Disable /usr/bin/su
Disable /usr/bin/sudo (requested /bin/sudo)
Disable /usr/bin/sudo
Disable /usr/bin/umount (requested /bin/umount)
Disable /usr/bin/umount
Disable /usr/bin/unix_chkpwd (requested /bin/unix_chkpwd)
Disable /usr/bin/unix_chkpwd
Disable /home/user_name/.local/share/flatpak/db
Disable /var/lib/flatpak
Disable /proc/config.gz
Disable /home/user_name/.config/Code Industry
Disable /home/user_name/.config/GIMP
Disable /home/user_name/.config/akonadi
Disable /home/user_name/.config/akonadi_akonotes_resource_0rc
Disable /home/user_name/.config/akonadi_ical_resource_0rc
Disable /home/user_name/.config/akonadi_indexing_agentrc
Disable /home/user_name/.config/akonadi_kalarm_dir_resource_0rc
Disable /home/user_name/.config/akonadi_kalarm_resource_0rc
Disable /home/user_name/.config/akonadi_kalarm_resource_1rc
Disable /home/user_name/.config/akonadi_kalarm_resource_2rc
Disable /home/user_name/.config/akonadi_maildir_resource_0rc
Disable /home/user_name/.config/akonadi-firstrunrc
Disable /home/user_name/.config/akonadi-migrationrc
Disable /home/user_name/.config/akregatorrc
Disable /home/user_name/.config/arkrc
Disable /home/user_name/.config/autokey
Disable /home/user_name/.config/baloofilerc
Disable /home/user_name/.config/baloorc
Disable /home/user_name/.config/calibre
Disable /home/user_name/.config/cantata
Disable /home/user_name/.config/cherrytree
Disable /home/user_name/.config/chromium
Disable /home/user_name/.config/chromium-flags.conf
Disable /home/user_name/.config/dolphinrc
Disable /home/user_name/.config/emaildefaults
Disable /home/user_name/.config/emailidentities
Disable /home/user_name/.config/enchant
Disable /home/user_name/.config/gconf
Disable /home/user_name/.config/ghb
Disable /home/user_name/.config/google-chrome
Disable /home/user_name/.config/gwenviewrc
Disable /home/user_name/.config/inkscape
Disable /home/user_name/.config/k3brc
Disable /home/user_name/.config/katemetainfos
Disable /home/user_name/.config/katepartrc
Disable /home/user_name/.config/katerc
Disable /home/user_name/.config/kateschemarc
Disable /home/user_name/.config/katesyntaxhighlightingrc
Disable /home/user_name/.config/katevirc
Disable /home/user_name/.config/kdeconnect
Disable /home/user_name/.config/klipperrc
Disable /home/user_name/.config/libreoffice
Disable /home/user_name/.config/mpv
Disable /home/user_name/.config/okularpartrc
Disable /home/user_name/.config/okularrc
Disable /home/user_name/.config/org.kde.gwenviewrc
Disable /home/user_name/.config/pdfmod
Disable /home/user_name/.config/Pinta
Disable /home/user_name/.config/qpdfview
Disable /home/user_name/.config/qupzilla
Disable /home/user_name/.config/smplayer
Disable /home/user_name/.config/specialmailcollectionsrc
Disable /home/user_name/.config/vlc
Disable /home/user_name/.jak
Disable /home/user_name/.java
Disable /home/user_name/.kingsoft
Disable /home/user_name/.local/share/akonadi
Disable /home/user_name/.local/share/apps/korganizer
Disable /home/user_name/.local/share/autokey
Disable /home/user_name/.local/share/baloo
Disable /home/user_name/.local/share/cantata
Disable /home/user_name/.local/share/contacts
Disable /home/user_name/.local/share/dolphin
Disable /home/user_name/.local/share/gwenview
Disable /home/user_name/.local/share/kate
Disable /home/user_name/.local/share/kget
Disable /home/user_name/.local/share/local-mail
Disable /home/user_name/.local/share/notes
Disable /home/user_name/.local/share/okular
Disable /home/user_name/.local/share/org.kde.gwenview
Disable /home/user_name/.local/share/plasma_notes
Disable /home/user_name/.local/share/vlc
Disable /home/user_name/.mozilla
Disable /home/user_name/.mplayer
Disable /home/user_name/.nv
Disable /home/user_name/.ssr
Disable /home/user_name/.cache/babl
Disable /home/user_name/.cache/calibre
Disable /home/user_name/.cache/chromium
Disable /home/user_name/.cache/dolphin
Disable /home/user_name/.cache/gegl-0.4
Disable /home/user_name/.cache/gimp
Disable /home/user_name/.cache/inkscape
Disable /home/user_name/.cache/kcmshell5
Disable /home/user_name/.cache/kinfocenter
Disable /home/user_name/.cache/krunner
Disable /home/user_name/.cache/ksmserver-logout-greeter
Disable /home/user_name/.cache/ksplashqml
Disable /home/user_name/.cache/kwin
Disable /home/user_name/.cache/moonchild productions/pale moon
Disable /home/user_name/.cache/mozilla
Disable /home/user_name/.cache/pdfmod
Disable /home/user_name/.cache/plasmashell
Disable /home/user_name/.cache/systemsettings
Disable /home/user_name/.cache/vlc
Disable /sys/fs
Disable /sys/module
Mounting noexec /run/firejail/mnt/pulse
1493 1207 0:85 /pulse /run/firejail/mnt/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755
mountid=1493 fsname=/pulse dir=/run/firejail/mnt/pulse fstype=tmpfs
Mounting /run/firejail/mnt/pulse on /home/user_name/.config/pulse
1494 1222 0:85 /pulse /home/user_name/.config/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755
mountid=1494 fsname=/pulse dir=/home/user_name/.config/pulse fstype=tmpfs
Current directory: /home/user_name/Dane/backup/jail/Pobrane
DISPLAY=:0 parsed as 0
Install protocol filter: unix,inet,inet6
configuring 14 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol
sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol 
Dropping all capabilities
Drop privileges: pid 3, uid 1000, gid 1001, nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 15 01 00 00000029   jeq socket 0006 (false 0005)
 0005: 06 00 00 7fff0000   ret ALLOW
 0006: 20 00 00 00000010   ld  data.args[0]
 0007: 15 00 01 00000001   jeq 1 0008 (false 0009)
 0008: 06 00 00 7fff0000   ret ALLOW
 0009: 15 00 01 00000002   jeq 2 000a (false 000b)
 000a: 06 00 00 7fff0000   ret ALLOW
 000b: 15 00 01 0000000a   jeq a 000c (false 000d)
 000c: 06 00 00 7fff0000   ret ALLOW
 000d: 06 00 00 0005005f   ret ERRNO(95)
configuring 54 seccomp entries in /run/firejail/mnt/seccomp/seccomp.32
sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.32 
Dropping all capabilities
Drop privileges: pid 4, uid 1000, gid 1001, nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 40000003   jeq ARCH_32 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 15 30 00 00000015   jeq 15 0035 (false 0005)
 0005: 15 2f 00 00000034   jeq 34 0035 (false 0006)
 0006: 15 2e 00 0000001a   jeq 1a 0035 (false 0007)
 0007: 15 2d 00 0000011b   jeq 11b 0035 (false 0008)
 0008: 15 2c 00 00000155   jeq 155 0035 (false 0009)
 0009: 15 2b 00 00000156   jeq 156 0035 (false 000a)
 000a: 15 2a 00 0000007f   jeq 7f 0035 (false 000b)
 000b: 15 29 00 00000080   jeq 80 0035 (false 000c)
 000c: 15 28 00 0000015e   jeq 15e 0035 (false 000d)
 000d: 15 27 00 00000081   jeq 81 0035 (false 000e)
 000e: 15 26 00 0000006e   jeq 6e 0035 (false 000f)
 000f: 15 25 00 00000065   jeq 65 0035 (false 0010)
 0010: 15 24 00 00000121   jeq 121 0035 (false 0011)
 0011: 15 23 00 00000057   jeq 57 0035 (false 0012)
 0012: 15 22 00 00000073   jeq 73 0035 (false 0013)
 0013: 15 21 00 00000067   jeq 67 0035 (false 0014)
 0014: 15 20 00 0000015b   jeq 15b 0035 (false 0015)
 0015: 15 1f 00 0000015c   jeq 15c 0035 (false 0016)
 0016: 15 1e 00 00000087   jeq 87 0035 (false 0017)
 0017: 15 1d 00 00000095   jeq 95 0035 (false 0018)
 0018: 15 1c 00 0000007c   jeq 7c 0035 (false 0019)
 0019: 15 1b 00 00000157   jeq 157 0035 (false 001a)
 001a: 15 1a 00 000000fd   jeq fd 0035 (false 001b)
 001b: 15 19 00 00000150   jeq 150 0035 (false 001c)
 001c: 15 18 00 00000152   jeq 152 0035 (false 001d)
 001d: 15 17 00 0000015d   jeq 15d 0035 (false 001e)
 001e: 15 16 00 0000011e   jeq 11e 0035 (false 001f)
 001f: 15 15 00 0000011f   jeq 11f 0035 (false 0020)
 0020: 15 14 00 00000120   jeq 120 0035 (false 0021)
 0021: 15 13 00 00000056   jeq 56 0035 (false 0022)
 0022: 15 12 00 00000033   jeq 33 0035 (false 0023)
 0023: 15 11 00 0000007b   jeq 7b 0035 (false 0024)
 0024: 15 10 00 000000d9   jeq d9 0035 (false 0025)
 0025: 15 0f 00 000000f5   jeq f5 0035 (false 0026)
 0026: 15 0e 00 000000f6   jeq f6 0035 (false 0027)
 0027: 15 0d 00 000000f7   jeq f7 0035 (false 0028)
 0028: 15 0c 00 000000f8   jeq f8 0035 (false 0029)
 0029: 15 0b 00 000000f9   jeq f9 0035 (false 002a)
 002a: 15 0a 00 00000101   jeq 101 0035 (false 002b)
 002b: 15 09 00 00000112   jeq 112 0035 (false 002c)
 002c: 15 08 00 00000114   jeq 114 0035 (false 002d)
 002d: 15 07 00 00000126   jeq 126 0035 (false 002e)
 002e: 15 06 00 0000013d   jeq 13d 0035 (false 002f)
 002f: 15 05 00 0000013c   jeq 13c 0035 (false 0030)
 0030: 15 04 00 0000003d   jeq 3d 0035 (false 0031)
 0031: 15 03 00 00000058   jeq 58 0035 (false 0032)
 0032: 15 02 00 000000a9   jeq a9 0035 (false 0033)
 0033: 15 01 00 00000082   jeq 82 0035 (false 0034)
 0034: 06 00 00 7fff0000   ret ALLOW
 0035: 06 00 00 00000000   ret KILL
Dual 32/64 bit seccomp filter configured
configuring 72 seccomp entries in /run/firejail/mnt/seccomp/seccomp
sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp 
Dropping all capabilities
Drop privileges: pid 5, uid 1000, gid 1001, nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 35 01 00 40000000   jge X32_ABI 0006 (false 0005)
 0005: 35 01 00 00000000   jge read 0007 (false 0006)
 0006: 06 00 00 00050001   ret ERRNO(1)
 0007: 15 3f 00 0000009f   jeq adjtimex 0047 (false 0008)
 0008: 15 3e 00 00000131   jeq clock_adjtime 0047 (false 0009)
 0009: 15 3d 00 000000e3   jeq clock_settime 0047 (false 000a)
 000a: 15 3c 00 000000a4   jeq settimeofday 0047 (false 000b)
 000b: 15 3b 00 0000009a   jeq modify_ldt 0047 (false 000c)
 000c: 15 3a 00 000000d4   jeq lookup_dcookie 0047 (false 000d)
 000d: 15 39 00 0000012a   jeq perf_event_open 0047 (false 000e)
 000e: 15 38 00 00000137   jeq process_vm_writev 0047 (false 000f)
 000f: 15 37 00 000000b0   jeq delete_module 0047 (false 0010)
 0010: 15 36 00 00000139   jeq finit_module 0047 (false 0011)
 0011: 15 35 00 000000af   jeq init_module 0047 (false 0012)
 0012: 15 34 00 0000009c   jeq _sysctl 0047 (false 0013)
 0013: 15 33 00 000000b7   jeq afs_syscall 0047 (false 0014)
 0014: 15 32 00 000000ae   jeq create_module 0047 (false 0015)
 0015: 15 31 00 000000b1   jeq get_kernel_syms 0047 (false 0016)
 0016: 15 30 00 000000b5   jeq getpmsg 0047 (false 0017)
 0017: 15 2f 00 000000b6   jeq putpmsg 0047 (false 0018)
 0018: 15 2e 00 000000b2   jeq query_module 0047 (false 0019)
 0019: 15 2d 00 000000b9   jeq security 0047 (false 001a)
 001a: 15 2c 00 0000008b   jeq sysfs 0047 (false 001b)
 001b: 15 2b 00 000000b8   jeq tuxcall 0047 (false 001c)
 001c: 15 2a 00 00000086   jeq uselib 0047 (false 001d)
 001d: 15 29 00 00000088   jeq ustat 0047 (false 001e)
 001e: 15 28 00 000000ec   jeq vserver 0047 (false 001f)
 001f: 15 27 00 000000ad   jeq ioperm 0047 (false 0020)
 0020: 15 26 00 000000ac   jeq iopl 0047 (false 0021)
 0021: 15 25 00 000000f6   jeq kexec_load 0047 (false 0022)
 0022: 15 24 00 00000140   jeq kexec_file_load 0047 (false 0023)
 0023: 15 23 00 000000a9   jeq reboot 0047 (false 0024)
 0024: 15 22 00 000000a7   jeq swapon 0047 (false 0025)
 0025: 15 21 00 000000a8   jeq swapoff 0047 (false 0026)
 0026: 15 20 00 00000130   jeq open_by_handle_at 0047 (false 0027)
 0027: 15 1f 00 0000012f   jeq name_to_handle_at 0047 (false 0028)
 0028: 15 1e 00 000000fb   jeq ioprio_set 0047 (false 0029)
 0029: 15 1d 00 00000067   jeq syslog 0047 (false 002a)
 002a: 15 1c 00 0000012c   jeq fanotify_init 0047 (false 002b)
 002b: 15 1b 00 00000138   jeq kcmp 0047 (false 002c)
 002c: 15 1a 00 000000f8   jeq add_key 0047 (false 002d)
 002d: 15 19 00 000000f9   jeq request_key 0047 (false 002e)
 002e: 15 18 00 000000ed   jeq mbind 0047 (false 002f)
 002f: 15 17 00 00000100   jeq migrate_pages 0047 (false 0030)
 0030: 15 16 00 00000117   jeq move_pages 0047 (false 0031)
 0031: 15 15 00 000000fa   jeq keyctl 0047 (false 0032)
 0032: 15 14 00 000000ce   jeq io_setup 0047 (false 0033)
 0033: 15 13 00 000000cf   jeq io_destroy 0047 (false 0034)
 0034: 15 12 00 000000d0   jeq io_getevents 0047 (false 0035)
 0035: 15 11 00 000000d1   jeq io_submit 0047 (false 0036)
 0036: 15 10 00 000000d2   jeq io_cancel 0047 (false 0037)
 0037: 15 0f 00 000000d8   jeq remap_file_pages 0047 (false 0038)
 0038: 15 0e 00 00000143   jeq userfaultfd 0047 (false 0039)
 0039: 15 0d 00 000000a3   jeq acct 0047 (false 003a)
 003a: 15 0c 00 00000141   jeq bpf 0047 (false 003b)
 003b: 15 0b 00 000000a1   jeq chroot 0047 (false 003c)
 003c: 15 0a 00 000000a5   jeq mount 0047 (false 003d)
 003d: 15 09 00 000000b4   jeq nfsservctl 0047 (false 003e)
 003e: 15 08 00 0000009b   jeq pivot_root 0047 (false 003f)
 003f: 15 07 00 000000ab   jeq setdomainname 0047 (false 0040)
 0040: 15 06 00 000000aa   jeq sethostname 0047 (false 0041)
 0041: 15 05 00 000000a6   jeq umount2 0047 (false 0042)
 0042: 15 04 00 00000099   jeq vhangup 0047 (false 0043)
 0043: 15 03 00 00000065   jeq ptrace 0047 (false 0044)
 0044: 15 02 00 00000087   jeq personality 0047 (false 0045)
 0045: 15 01 00 00000136   jeq process_vm_readv 0047 (false 0046)
 0046: 06 00 00 7fff0000   ret ALLOW
 0047: 06 00 01 00000000   ret KILL
seccomp filter configured
Mounting read-only /run/firejail/mnt/seccomp
1495 1207 0:85 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755
mountid=1495 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs
Dropping all capabilities
noroot user namespace installed
Dropping all capabilities
NO_NEW_PRIVS set
Drop privileges: pid 1, uid 1000, gid 1001, nogroups 1
No supplementary groups
starting application
LD_PRELOAD=(null)
Running '/run/firejail/appimage/.appimage-155050/AppRun'  command through /bin/bash
execvp argument 0: /bin/bash
execvp argument 1: -c
execvp argument 2: '/run/firejail/appimage/.appimage-155050/AppRun' 
Child process initialized in 245.08 ms
Installing /run/firejail/mnt/seccomp/seccomp seccomp filter
Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter
Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter
/bin/bash: /run/firejail/appimage/.appimage-155050/AppRun: Brak dostępu
monitoring pid 6

Sandbox monitor: waitpid 6 retval 6 status 32256

Parent is shutting down, bye...
AppImage unmounted
$

I would like to run it in --private=/home/user_name/path

rusty-snake commented 4 years ago

"Brak dostępu" means "Permission denied"? see #2690.

smitsohu commented 4 years ago

@omega3 It's a permission issue in the AppImage. The problem is that Firejail doesn't use FUSE to mount the AppImage, which means that usual UNIX permissions apply. You could reach out to the Everdo developers and ask them to provide an AppImage where the executable is world readable. For the moment there is no workaround in Firejail.

omega3 commented 4 years ago

"Brak dostępu" means "Permission denied"?

Correct.

You could reach out to the Everdo developers and ask them to provide an AppImage where the executable is world readable.

Ok. I will. Thank you very much.