zoom: program does not start (missing whitelist)

educanorama commented 3 years ago

Zoom loads in firejail with:

firejail --noprofile /usr/bin/zoom and firejail --noprofile zoom , but crashes with firejail zoom although 'firejail zoom' ran perfectly only a week ago.

I am now on openSUSE Tumbleweed snapshot 20201110. The zoom.profile file date is 11/8/2020.

The problem looks similar to: 3726. Unfortunately, I'm not nearly as sophisticated as the users who contributed to this thread, and have no idea what troubleshooting steps to take next.

Attached are my /etc/firejail/zoom.profile, zoom.local, zoous.conf and the output of firejail --debug zoom.

[firejail_debug_educanorama.txt](https://github.com/netblue30/firejail/files/5531 zoom.local.txt zoom.profile.txt zoomus.conf.txt

educanorama commented 3 years ago

The output of firejail --debug zoom didn't come through. I'll cut and paste:

Autoselecting /bin/bash as shell
Building quoted command line: 'zoom' 
Command name #zoom#
Found zoom.profile profile in /etc/firejail directory
Found zoom.local profile in /home/educanorama/.config/firejail directory
Found disable-common.inc profile in /etc/firejail directory
Found disable-devel.inc profile in /etc/firejail directory
Found disable-exec.inc profile in /etc/firejail directory
Found disable-interpreters.inc profile in /etc/firejail directory
Found disable-passwdmgr.inc profile in /etc/firejail directory
Found disable-programs.inc profile in /etc/firejail directory
Found disable-xdg.inc profile in /etc/firejail directory
Found whitelist-common.inc profile in /etc/firejail directory
Found whitelist-runuser-common.inc profile in /etc/firejail directory
Found whitelist-usr-share-common.inc profile in /etc/firejail directory
Found whitelist-var-common.inc profile in /etc/firejail directory
Using the local network stack
Using the local network stack
Initializing child process
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp directory
Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file
IBUS_ADDRESS=unix:abstract=/home/educanorama/.cache/ibus/dbus-BmSoX7nL,guid=2d82c3a2aedfca30a5fb2d685fad2baf
IBUS_DAEMON_PID=1906
Build protocol filter: unix,inet,inet6,netlink
sbox run: /run/firejail/lib/fseccomp protocol build unix,inet,inet6,netlink /run/firejail/mnt/seccomp/seccomp.protocol 
Mounting /proc filesystem representing the PID namespace
Basic read-only filesystem:
Mounting read-only /etc
1537 1494 8:3 /etc /etc ro,relatime master:1 - ext4 /dev/sda3 rw
mountid=1537 fsname=/etc dir=/etc fstype=ext4
Mounting noexec /etc
1538 1537 8:3 /etc /etc ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/sda3 rw
mountid=1538 fsname=/etc dir=/etc fstype=ext4
Mounting read-only /var
1539 1494 8:3 /var /var ro,relatime master:1 - ext4 /dev/sda3 rw
mountid=1539 fsname=/var dir=/var fstype=ext4
Mounting noexec /var
1540 1539 8:3 /var /var ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/sda3 rw
mountid=1540 fsname=/var dir=/var fstype=ext4
Mounting read-only /usr
1541 1494 8:3 /usr /usr ro,relatime master:1 - ext4 /dev/sda3 rw
mountid=1541 fsname=/usr dir=/usr fstype=ext4
Mounting read-only /bin
1542 1494 8:3 /bin /bin ro,relatime master:1 - ext4 /dev/sda3 rw
mountid=1542 fsname=/bin dir=/bin fstype=ext4
Mounting read-only /sbin
1543 1494 8:3 /sbin /sbin ro,relatime master:1 - ext4 /dev/sda3 rw
mountid=1543 fsname=/sbin dir=/sbin fstype=ext4
Mounting read-only /lib
1544 1494 8:3 /lib /lib ro,relatime master:1 - ext4 /dev/sda3 rw
mountid=1544 fsname=/lib dir=/lib fstype=ext4
Mounting read-only /lib64
1545 1494 8:3 /lib64 /lib64 ro,relatime master:1 - ext4 /dev/sda3 rw
mountid=1545 fsname=/lib64 dir=/lib64 fstype=ext4
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Mounting tmpfs on /var/lib/dhcp
Mounting tmpfs on /var/lib/sudo
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Cleaning /run/user directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /home/educanorama/.config/firejail
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/profile
Disable /run/firejail/x11
Mounting tmpfs on /dev
mounting /run/firejail/mnt/dev/snd directory
mounting /run/firejail/mnt/dev/dri directory
mounting /run/firejail/mnt/dev/nvidia0 file
mounting /run/firejail/mnt/dev/nvidiactl file
mounting /run/firejail/mnt/dev/nvidia-modeset file
Process /dev/shm directory
Mounting tmpfs on /home/educanorama/.cache
1588 1554 0:116 / /home/educanorama/.cache rw,nosuid,nodev,relatime - tmpfs tmpfs rw,mode=755,uid=1000,gid=100,inode64
mountid=1588 fsname=/ dir=/home/educanorama/.cache fstype=tmpfs
Generate private-tmp whitelist commands
blacklist /run/firejail/dbus
Mounting read-only /proc/sys
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /sys/kernel/uevent_helper
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/kernel/hotplug
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/sched_debug
Disable /proc/timer_list
Disable /proc/kcore
Disable /proc/kallsyms
Disable /usr/src/linux-5.9.1-2 (requested /usr/src/linux)
Disable /lib/modules
Disable /boot
Disable /run/user/1000/gnupg
Disable /run/user/1000/systemd
Disable /proc/kmsg
Copying files in the new /etc directory:
copying /etc/alternatives to private /etc
Creating empty /run/firejail/mnt/etc/alternatives directory
sbox run: /run/firejail/lib/fcopy /etc/alternatives /run/firejail/mnt/etc/alternatives 
copying /etc/ca-certificates to private /etc
Creating empty /run/firejail/mnt/etc/ca-certificates directory
sbox run: /run/firejail/lib/fcopy /etc/ca-certificates /run/firejail/mnt/etc/ca-certificates 
copying /etc/fonts to private /etc
Creating empty /run/firejail/mnt/etc/fonts directory
sbox run: /run/firejail/lib/fcopy /etc/fonts /run/firejail/mnt/etc/fonts 
copying /etc/ld.so.cache to private /etc
sbox run: /run/firejail/lib/fcopy /etc/ld.so.cache /run/firejail/mnt/etc 
copying /etc/ld.so.conf to private /etc
sbox run: /run/firejail/lib/fcopy /etc/ld.so.conf /run/firejail/mnt/etc 
copying /etc/ld.so.conf.d to private /etc
Creating empty /run/firejail/mnt/etc/ld.so.conf.d directory
sbox run: /run/firejail/lib/fcopy /etc/ld.so.conf.d /run/firejail/mnt/etc/ld.so.conf.d 
copying /etc/ld.so.preload to private /etc
sbox run: /run/firejail/lib/fcopy /etc/ld.so.preload /run/firejail/mnt/etc 
copying /etc/machine-id to private /etc
sbox run: /run/firejail/lib/fcopy /etc/machine-id /run/firejail/mnt/etc 
copying /etc/nsswitch.conf to private /etc
sbox run: /run/firejail/lib/fcopy /etc/nsswitch.conf /run/firejail/mnt/etc 
copying /etc/pki to private /etc
Creating empty /run/firejail/mnt/etc/pki directory
sbox run: /run/firejail/lib/fcopy /etc/pki /run/firejail/mnt/etc/pki 
copying /etc/resolv.conf to private /etc
sbox run: /run/firejail/lib/fcopy /etc/resolv.conf /run/firejail/mnt/etc 
copying /etc/ssl to private /etc
Creating empty /run/firejail/mnt/etc/ssl directory
sbox run: /run/firejail/lib/fcopy /etc/ssl /run/firejail/mnt/etc/ssl 
Mount-bind /run/firejail/mnt/etc on top of /etc
Copying files in the new /usr/etc directory:
copying /usr/etc/nsswitch.conf to private /usr/etc
sbox run: /run/firejail/lib/fcopy /usr/etc/nsswitch.conf /run/firejail/mnt/usretc 
Mount-bind /run/firejail/mnt/usretc on top of /usr/etc
Removed whitelist/nowhitelist path: whitelist ${HOME}/.cache/zoom
    expanded: /home/educanorama/.cache/zoom
    real path: (null)
    Replaced whitelist path: whitelist /home/educanorama/.config/zoomus.conf
Replaced whitelist path: whitelist /home/educanorama/.zoom
Removed whitelist/nowhitelist path: whitelist ${HOME}/.XCompose
    expanded: /home/educanorama/.XCompose
    real path: (null)
    Removed whitelist/nowhitelist path: whitelist ${HOME}/.asoundrc
    expanded: /home/educanorama/.asoundrc
    real path: (null)
    Replaced whitelist path: whitelist /home/educanorama/.config/ibus
Replaced whitelist path: whitelist /home/educanorama/.config/mimeapps.list
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/pkcs11
    expanded: /home/educanorama/.config/pkcs11
    real path: (null)
    Replaced whitelist path: whitelist /home/educanorama/.config/user-dirs.dirs
Replaced whitelist path: whitelist /home/educanorama/.config/user-dirs.locale
Removed whitelist/nowhitelist path: whitelist ${HOME}/.drirc
    expanded: /home/educanorama/.drirc
    real path: (null)
    Removed whitelist/nowhitelist path: whitelist ${HOME}/.icons
    expanded: /home/educanorama/.icons
    real path: (null)
    Replaced whitelist path: whitelist /home/educanorama/.local/share/applications
Replaced whitelist path: whitelist /home/educanorama/.local/share/icons
Replaced whitelist path: whitelist /home/educanorama/.local/share/mime
Replaced whitelist path: whitelist /home/educanorama/.mime.types
Removed whitelist/nowhitelist path: whitelist ${HOME}/.uim.d
    expanded: /home/educanorama/.uim.d
    real path: (null)
    Replaced whitelist path: whitelist /home/educanorama/.config/dconf
Removed whitelist/nowhitelist path: whitelist ${HOME}/.cache/fontconfig
    expanded: /home/educanorama/.cache/fontconfig
    real path: (null)
    Replaced whitelist path: whitelist /home/educanorama/.config/fontconfig
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fontconfig
    expanded: /home/educanorama/.fontconfig
    real path: (null)
    Replaced whitelist path: whitelist /home/educanorama/.fonts
Replaced whitelist path: whitelist /home/educanorama/.fonts.conf
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf.d
    expanded: /home/educanorama/.fonts.conf.d
    real path: (null)
    Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.d
    expanded: /home/educanorama/.fonts.d
    real path: (null)
    Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/fonts
    expanded: /home/educanorama/.local/share/fonts
    real path: (null)
    Removed whitelist/nowhitelist path: whitelist ${HOME}/.pangorc
    expanded: /home/educanorama/.pangorc
    real path: (null)
    Replaced whitelist path: whitelist /home/educanorama/.config/gtk-2.0
Replaced whitelist path: whitelist /home/educanorama/.config/gtk-3.0
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtk-4.0
    expanded: /home/educanorama/.config/gtk-4.0
    real path: (null)
    Replaced whitelist path: whitelist /home/educanorama/.config/gtkrc
Replaced whitelist path: whitelist /home/educanorama/.config/gtkrc-2.0
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2
    expanded: /home/educanorama/.gnome2
    real path: (null)
    Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2-private
    expanded: /home/educanorama/.gnome2-private
    real path: (null)
    Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtk-2.0
    expanded: /home/educanorama/.gtk-2.0
    real path: (null)
    Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtkrc
    expanded: /home/educanorama/.gtkrc
    real path: (null)
    Replaced whitelist path: whitelist /home/educanorama/.gtkrc-2.0
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc
    expanded: /home/educanorama/.kde/share/config/gtkrc
    real path: (null)
    Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc-2.0
    expanded: /home/educanorama/.kde/share/config/gtkrc-2.0
    real path: (null)
    Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc
    expanded: /home/educanorama/.kde4/share/config/gtkrc
    real path: (null)
    Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc-2.0
    expanded: /home/educanorama/.kde4/share/config/gtkrc-2.0
    real path: (null)
    Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/themes
    expanded: /home/educanorama/.local/share/themes
    real path: (null)
    Replaced whitelist path: whitelist /home/educanorama/.themes
Removed whitelist/nowhitelist path: whitelist ${HOME}/.cache/kioexec/krun
    expanded: /home/educanorama/.cache/kioexec/krun
    real path: (null)
    Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/Kvantum
    expanded: /home/educanorama/.config/Kvantum
    real path: (null)
    Replaced whitelist path: whitelist /home/educanorama/.config/Trolltech.conf
Replaced whitelist path: whitelist /home/educanorama/.config/kdeglobals
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kio_httprc
    expanded: /home/educanorama/.config/kio_httprc
    real path: (null)
    Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kioslaverc
    expanded: /home/educanorama/.config/kioslaverc
    real path: (null)
    Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/ksslcablacklist
    expanded: /home/educanorama/.config/ksslcablacklist
    real path: (null)
    Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/qt5ct
    expanded: /home/educanorama/.config/qt5ct
    real path: (null)
    Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kdeglobals
    expanded: /home/educanorama/.kde/share/config/kdeglobals
    real path: (null)
    Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kio_httprc
    expanded: /home/educanorama/.kde/share/config/kio_httprc
    real path: (null)
    Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kioslaverc
    expanded: /home/educanorama/.kde/share/config/kioslaverc
    real path: (null)
    Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/ksslcablacklist
    expanded: /home/educanorama/.kde/share/config/ksslcablacklist
    real path: (null)
    Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/oxygenrc
    expanded: /home/educanorama/.kde/share/config/oxygenrc
    real path: (null)
    Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/icons
    expanded: /home/educanorama/.kde/share/icons
    real path: (null)
    Replaced whitelist path: whitelist /home/educanorama/.kde4/share/config/kdeglobals
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kio_httprc
    expanded: /home/educanorama/.kde4/share/config/kio_httprc
    real path: (null)
    Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kioslaverc
    expanded: /home/educanorama/.kde4/share/config/kioslaverc
    real path: (null)
    Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/ksslcablacklist
    expanded: /home/educanorama/.kde4/share/config/ksslcablacklist
    real path: (null)
    Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/oxygenrc
    expanded: /home/educanorama/.kde4/share/config/oxygenrc
    real path: (null)
    Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/icons
    expanded: /home/educanorama/.kde4/share/icons
    real path: (null)
    Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/qt5ct
    expanded: /home/educanorama/.local/share/qt5ct
    real path: (null)
    Replaced whitelist path: whitelist /run/user/1000/bus
Replaced whitelist path: whitelist /run/user/1000/dconf
Removed whitelist/nowhitelist path: whitelist ${RUNUSER}/gdm/Xauthority
    expanded: /run/user/1000/gdm/Xauthority
    real path: (null)
    Removed whitelist/nowhitelist path: whitelist ${RUNUSER}/ICEauthority
    expanded: /run/user/1000/ICEauthority
    real path: (null)
    Removed whitelist/nowhitelist path: whitelist ${RUNUSER}/.mutter-Xwaylandauth.*
    expanded: /run/user/1000/.mutter-Xwaylandauth.*
    real path: (null)
    Replaced whitelist path: whitelist /run/user/1000/pulse/native
Removed whitelist/nowhitelist path: whitelist ${RUNUSER}/wayland-0
    expanded: /run/user/1000/wayland-0
    real path: (null)
    Removed whitelist/nowhitelist path: whitelist /usr/share/ca-certificates
    expanded: /usr/share/ca-certificates
    real path: (null)
    Removed whitelist/nowhitelist path: whitelist /usr/share/crypto-policies
    expanded: /usr/share/crypto-policies
    real path: (null)
    Removed whitelist/nowhitelist path: whitelist /usr/share/cursors
    expanded: /usr/share/cursors
    real path: (null)
    Removed whitelist/nowhitelist path: whitelist /usr/share/dconf
    expanded: /usr/share/dconf
    real path: (null)
    Removed whitelist/nowhitelist path: whitelist /usr/share/distro-info
    expanded: /usr/share/distro-info
    real path: (null)
    Removed whitelist/nowhitelist path: whitelist /usr/share/enchant-2
    expanded: /usr/share/enchant-2
    real path: (null)
    Removed whitelist/nowhitelist path: whitelist /usr/share/file
    expanded: /usr/share/file
    real path: (null)
    Removed whitelist/nowhitelist path: whitelist /usr/share/gjs-1.0
    expanded: /usr/share/gjs-1.0
    real path: (null)
    Removed whitelist/nowhitelist path: whitelist /usr/share/gtk-2.0
    expanded: /usr/share/gtk-2.0
    real path: (null)
    Removed whitelist/nowhitelist path: whitelist /usr/share/gtk-3.0
    expanded: /usr/share/gtk-3.0
    real path: (null)
    Removed whitelist/nowhitelist path: whitelist /usr/share/gtksourceview-4
    expanded: /usr/share/gtksourceview-4
    real path: (null)
    Removed whitelist/nowhitelist path: whitelist /usr/share/Kvantum
    expanded: /usr/share/Kvantum
    real path: (null)
    Removed whitelist/nowhitelist path: whitelist /usr/share/Modules
    expanded: /usr/share/Modules
    real path: (null)
    Removed whitelist/nowhitelist path: whitelist /usr/share/perl
    expanded: /usr/share/perl
    real path: (null)
    Removed whitelist/nowhitelist path: whitelist /usr/share/perl5
    expanded: /usr/share/perl5
    real path: (null)
    Removed whitelist/nowhitelist path: whitelist /usr/share/qt
    expanded: /usr/share/qt
    real path: (null)
    Removed whitelist/nowhitelist path: whitelist /usr/share/qt4
    expanded: /usr/share/qt4
    real path: (null)
    Removed whitelist/nowhitelist path: whitelist /usr/share/qt5ct
    expanded: /usr/share/qt5ct
    real path: (null)
    Removed whitelist/nowhitelist path: whitelist /usr/share/tcl8.6
    expanded: /usr/share/tcl8.6
    real path: (null)
    Removed whitelist/nowhitelist path: whitelist /usr/share/tcltk
    expanded: /usr/share/tcltk
    real path: (null)
    Removed whitelist/nowhitelist path: whitelist /usr/share/texlive
    expanded: /usr/share/texlive
    real path: (null)
    Removed whitelist/nowhitelist path: whitelist /usr/share/texmf
    expanded: /usr/share/texmf
    real path: (null)
    Removed whitelist/nowhitelist path: whitelist /usr/share/thumbnail.so
    expanded: /usr/share/thumbnail.so
    real path: (null)
    Removed whitelist/nowhitelist path: whitelist /var/lib/menu-xdg
    expanded: /var/lib/menu-xdg
    real path: (null)
    Removed whitelist/nowhitelist path: whitelist /var/lib/uim
    expanded: /var/lib/uim
    real path: (null)
    Replaced whitelist path: whitelist /run
Replaced whitelist path: whitelist /run/lock
Mounting tmpfs on /tmp directory
Mounting tmpfs on /var directory
Mounting tmpfs on /usr/share directory
Mounting tmpfs on /run/user/1000 directory
Mounting a new /root directory
Mounting a new /home directory
Create a new user directory
Whitelisting /home/educanorama/.config/zoomus.conf
1620 1619 8:3 /home/educanorama/.config/zoomus.conf /home/educanorama/.config/zoomus.conf rw,relatime master:1 - ext4 /dev/sda3 rw
mountid=1620 fsname=/home/educanorama/.config/zoomus.conf dir=/home/educanorama/.config/zoomus.conf fstype=ext4
Whitelisting /home/educanorama/.zoom
1621 1619 8:3 /home/educanorama/.zoom /home/educanorama/.zoom rw,relatime master:1 - ext4 /dev/sda3 rw
mountid=1621 fsname=/home/educanorama/.zoom dir=/home/educanorama/.zoom fstype=ext4
Whitelisting /home/educanorama/.config/ibus
1622 1619 8:3 /home/educanorama/.config/ibus /home/educanorama/.config/ibus rw,relatime master:1 - ext4 /dev/sda3 rw
mountid=1622 fsname=/home/educanorama/.config/ibus dir=/home/educanorama/.config/ibus fstype=ext4
Whitelisting /home/educanorama/.config/mimeapps.list
1623 1619 8:3 /home/educanorama/.config/mimeapps.list /home/educanorama/.config/mimeapps.list rw,relatime master:1 - ext4 /dev/sda3 rw
mountid=1623 fsname=/home/educanorama/.config/mimeapps.list dir=/home/educanorama/.config/mimeapps.list fstype=ext4
Whitelisting /home/educanorama/.config/user-dirs.dirs
1624 1619 8:3 /home/educanorama/.config/user-dirs.dirs /home/educanorama/.config/user-dirs.dirs rw,relatime master:1 - ext4 /dev/sda3 rw
mountid=1624 fsname=/home/educanorama/.config/user-dirs.dirs dir=/home/educanorama/.config/user-dirs.dirs fstype=ext4
Whitelisting /home/educanorama/.config/user-dirs.locale
1625 1619 8:3 /home/educanorama/.config/user-dirs.locale /home/educanorama/.config/user-dirs.locale rw,relatime master:1 - ext4 /dev/sda3 rw
mountid=1625 fsname=/home/educanorama/.config/user-dirs.locale dir=/home/educanorama/.config/user-dirs.locale fstype=ext4
Whitelisting /home/educanorama/.local/share/applications
1626 1619 8:3 /home/educanorama/.local/share/applications /home/educanorama/.local/share/applications rw,relatime master:1 - ext4 /dev/sda3 rw
mountid=1626 fsname=/home/educanorama/.local/share/applications dir=/home/educanorama/.local/share/applications fstype=ext4
Whitelisting /home/educanorama/.local/share/icons
1627 1619 8:3 /home/educanorama/.local/share/icons /home/educanorama/.local/share/icons rw,relatime master:1 - ext4 /dev/sda3 rw
mountid=1627 fsname=/home/educanorama/.local/share/icons dir=/home/educanorama/.local/share/icons fstype=ext4
Whitelisting /home/educanorama/.local/share/mime
1628 1619 8:3 /home/educanorama/.local/share/mime /home/educanorama/.local/share/mime rw,relatime master:1 - ext4 /dev/sda3 rw
mountid=1628 fsname=/home/educanorama/.local/share/mime dir=/home/educanorama/.local/share/mime fstype=ext4
Whitelisting /home/educanorama/.mime.types
1629 1619 8:3 /home/educanorama/.mime.types /home/educanorama/.mime.types rw,relatime master:1 - ext4 /dev/sda3 rw
mountid=1629 fsname=/home/educanorama/.mime.types dir=/home/educanorama/.mime.types fstype=ext4
Whitelisting /home/educanorama/.config/dconf
1630 1619 8:3 /home/educanorama/.config/dconf /home/educanorama/.config/dconf rw,relatime master:1 - ext4 /dev/sda3 rw
mountid=1630 fsname=/home/educanorama/.config/dconf dir=/home/educanorama/.config/dconf fstype=ext4
Whitelisting /home/educanorama/.config/fontconfig
1631 1619 8:3 /home/educanorama/.config/fontconfig /home/educanorama/.config/fontconfig rw,relatime master:1 - ext4 /dev/sda3 rw
mountid=1631 fsname=/home/educanorama/.config/fontconfig dir=/home/educanorama/.config/fontconfig fstype=ext4
Whitelisting /home/educanorama/.fonts
1632 1619 8:3 /home/educanorama/.fonts /home/educanorama/.fonts rw,relatime master:1 - ext4 /dev/sda3 rw
mountid=1632 fsname=/home/educanorama/.fonts dir=/home/educanorama/.fonts fstype=ext4
Whitelisting /home/educanorama/.fonts.conf
1633 1619 8:3 /home/educanorama/.fonts.conf /home/educanorama/.fonts.conf rw,relatime master:1 - ext4 /dev/sda3 rw
mountid=1633 fsname=/home/educanorama/.fonts.conf dir=/home/educanorama/.fonts.conf fstype=ext4
Whitelisting /home/educanorama/.config/gtk-2.0
1634 1619 8:3 /home/educanorama/.config/gtk-2.0 /home/educanorama/.config/gtk-2.0 rw,relatime master:1 - ext4 /dev/sda3 rw
mountid=1634 fsname=/home/educanorama/.config/gtk-2.0 dir=/home/educanorama/.config/gtk-2.0 fstype=ext4
Whitelisting /home/educanorama/.config/gtk-3.0
1635 1619 8:3 /home/educanorama/.config/gtk-3.0 /home/educanorama/.config/gtk-3.0 rw,relatime master:1 - ext4 /dev/sda3 rw
mountid=1635 fsname=/home/educanorama/.config/gtk-3.0 dir=/home/educanorama/.config/gtk-3.0 fstype=ext4
Whitelisting /home/educanorama/.config/gtkrc
1636 1619 8:3 /home/educanorama/.config/gtkrc /home/educanorama/.config/gtkrc rw,relatime master:1 - ext4 /dev/sda3 rw
mountid=1636 fsname=/home/educanorama/.config/gtkrc dir=/home/educanorama/.config/gtkrc fstype=ext4
Whitelisting /home/educanorama/.config/gtkrc-2.0
1637 1619 8:3 /home/educanorama/.config/gtkrc-2.0 /home/educanorama/.config/gtkrc-2.0 rw,relatime master:1 - ext4 /dev/sda3 rw
mountid=1637 fsname=/home/educanorama/.config/gtkrc-2.0 dir=/home/educanorama/.config/gtkrc-2.0 fstype=ext4
Whitelisting /home/educanorama/.gtkrc-2.0
1638 1619 8:3 /home/educanorama/.gtkrc-2.0 /home/educanorama/.gtkrc-2.0 rw,relatime master:1 - ext4 /dev/sda3 rw
mountid=1638 fsname=/home/educanorama/.gtkrc-2.0 dir=/home/educanorama/.gtkrc-2.0 fstype=ext4
Whitelisting /home/educanorama/.themes
1639 1619 8:3 /home/educanorama/.themes /home/educanorama/.themes rw,relatime master:1 - ext4 /dev/sda3 rw
mountid=1639 fsname=/home/educanorama/.themes dir=/home/educanorama/.themes fstype=ext4
Whitelisting /home/educanorama/.config/Trolltech.conf
1640 1619 8:3 /home/educanorama/.config/Trolltech.conf /home/educanorama/.config/Trolltech.conf rw,relatime master:1 - ext4 /dev/sda3 rw
mountid=1640 fsname=/home/educanorama/.config/Trolltech.conf dir=/home/educanorama/.config/Trolltech.conf fstype=ext4
Whitelisting /home/educanorama/.config/kdeglobals
1641 1619 8:3 /home/educanorama/.config/kdeglobals /home/educanorama/.config/kdeglobals rw,relatime master:1 - ext4 /dev/sda3 rw
mountid=1641 fsname=/home/educanorama/.config/kdeglobals dir=/home/educanorama/.config/kdeglobals fstype=ext4
Whitelisting /home/educanorama/.kde4/share/config/kdeglobals
1642 1619 8:3 /home/educanorama/.kde4/share/config/kdeglobals /home/educanorama/.kde4/share/config/kdeglobals rw,relatime master:1 - ext4 /dev/sda3 rw
mountid=1642 fsname=/home/educanorama/.kde4/share/config/kdeglobals dir=/home/educanorama/.kde4/share/config/kdeglobals fstype=ext4
Whitelisting /run/user/1000/bus
1643 1614 0:51 /bus /run/user/1000/bus rw,nosuid,nodev,relatime master:396 - tmpfs tmpfs rw,size=1631444k,nr_inodes=407861,mode=700,uid=1000,gid=100,inode64
mountid=1643 fsname=/bus dir=/run/user/1000/bus fstype=tmpfs
Whitelisting /run/user/1000/dconf
1644 1614 0:51 /dconf /run/user/1000/dconf rw,nosuid,nodev,relatime master:396 - tmpfs tmpfs rw,size=1631444k,nr_inodes=407861,mode=700,uid=1000,gid=100,inode64
mountid=1644 fsname=/dconf dir=/run/user/1000/dconf fstype=tmpfs
Whitelisting /run/user/1000/pulse/native
1645 1614 0:51 /pulse/native /run/user/1000/pulse/native rw,nosuid,nodev,relatime master:396 - tmpfs tmpfs rw,size=1631444k,nr_inodes=407861,mode=700,uid=1000,gid=100,inode64
mountid=1645 fsname=/pulse/native dir=/run/user/1000/pulse/native fstype=tmpfs
Whitelisting /usr/share/alsa
1646 1608 8:3 /usr/share/alsa /usr/share/alsa ro,relatime master:1 - ext4 /dev/sda3 rw
mountid=1646 fsname=/usr/share/alsa dir=/usr/share/alsa fstype=ext4
Whitelisting /usr/share/applications
1647 1608 8:3 /usr/share/applications /usr/share/applications ro,relatime master:1 - ext4 /dev/sda3 rw
mountid=1647 fsname=/usr/share/applications dir=/usr/share/applications fstype=ext4
Whitelisting /usr/share/drirc.d
1648 1608 8:3 /usr/share/drirc.d /usr/share/drirc.d ro,relatime master:1 - ext4 /dev/sda3 rw
mountid=1648 fsname=/usr/share/drirc.d dir=/usr/share/drirc.d fstype=ext4
Whitelisting /usr/share/enchant
1649 1608 8:3 /usr/share/enchant /usr/share/enchant ro,relatime master:1 - ext4 /dev/sda3 rw
mountid=1649 fsname=/usr/share/enchant dir=/usr/share/enchant fstype=ext4
Whitelisting /usr/share/fontconfig
1650 1608 8:3 /usr/share/fontconfig /usr/share/fontconfig ro,relatime master:1 - ext4 /dev/sda3 rw
mountid=1650 fsname=/usr/share/fontconfig dir=/usr/share/fontconfig fstype=ext4
Whitelisting /usr/share/fonts
1651 1608 8:3 /usr/share/fonts /usr/share/fonts ro,relatime master:1 - ext4 /dev/sda3 rw
mountid=1651 fsname=/usr/share/fonts dir=/usr/share/fonts fstype=ext4
Whitelisting /usr/share/gir-1.0
1652 1608 8:3 /usr/share/gir-1.0 /usr/share/gir-1.0 ro,relatime master:1 - ext4 /dev/sda3 rw
mountid=1652 fsname=/usr/share/gir-1.0 dir=/usr/share/gir-1.0 fstype=ext4
Whitelisting /usr/share/glib-2.0
1653 1608 8:3 /usr/share/glib-2.0 /usr/share/glib-2.0 ro,relatime master:1 - ext4 /dev/sda3 rw
mountid=1653 fsname=/usr/share/glib-2.0 dir=/usr/share/glib-2.0 fstype=ext4
Whitelisting /usr/share/glvnd
1654 1608 8:3 /usr/share/glvnd /usr/share/glvnd ro,relatime master:1 - ext4 /dev/sda3 rw
mountid=1654 fsname=/usr/share/glvnd dir=/usr/share/glvnd fstype=ext4
Whitelisting /usr/share/gtk-engines
1655 1608 8:3 /usr/share/gtk-engines /usr/share/gtk-engines ro,relatime master:1 - ext4 /dev/sda3 rw
mountid=1655 fsname=/usr/share/gtk-engines dir=/usr/share/gtk-engines fstype=ext4
Whitelisting /usr/share/gtksourceview-3.0
1656 1608 8:3 /usr/share/gtksourceview-3.0 /usr/share/gtksourceview-3.0 ro,relatime master:1 - ext4 /dev/sda3 rw
mountid=1656 fsname=/usr/share/gtksourceview-3.0 dir=/usr/share/gtksourceview-3.0 fstype=ext4
Whitelisting /usr/share/hunspell
1657 1608 8:3 /usr/share/hunspell /usr/share/hunspell ro,relatime master:1 - ext4 /dev/sda3 rw
mountid=1657 fsname=/usr/share/hunspell dir=/usr/share/hunspell fstype=ext4
Whitelisting /usr/share/hwdata
1658 1608 8:3 /usr/share/hwdata /usr/share/hwdata ro,relatime master:1 - ext4 /dev/sda3 rw
mountid=1658 fsname=/usr/share/hwdata dir=/usr/share/hwdata fstype=ext4
Whitelisting /usr/share/icons
1659 1608 8:3 /usr/share/icons /usr/share/icons ro,relatime master:1 - ext4 /dev/sda3 rw
mountid=1659 fsname=/usr/share/icons dir=/usr/share/icons fstype=ext4
Whitelisting /usr/share/icu
1660 1608 8:3 /usr/share/icu /usr/share/icu ro,relatime master:1 - ext4 /dev/sda3 rw
mountid=1660 fsname=/usr/share/icu dir=/usr/share/icu fstype=ext4
Whitelisting /usr/share/knotifications5
1661 1608 8:3 /usr/share/knotifications5 /usr/share/knotifications5 ro,relatime master:1 - ext4 /dev/sda3 rw
mountid=1661 fsname=/usr/share/knotifications5 dir=/usr/share/knotifications5 fstype=ext4
Whitelisting /usr/share/kservices5
1662 1608 8:3 /usr/share/kservices5 /usr/share/kservices5 ro,relatime master:1 - ext4 /dev/sda3 rw
mountid=1662 fsname=/usr/share/kservices5 dir=/usr/share/kservices5 fstype=ext4
Whitelisting /usr/share/kxmlgui5
1663 1608 8:3 /usr/share/kxmlgui5 /usr/share/kxmlgui5 ro,relatime master:1 - ext4 /dev/sda3 rw
mountid=1663 fsname=/usr/share/kxmlgui5 dir=/usr/share/kxmlgui5 fstype=ext4
Whitelisting /usr/share/libdrm
1664 1608 8:3 /usr/share/libdrm /usr/share/libdrm ro,relatime master:1 - ext4 /dev/sda3 rw
mountid=1664 fsname=/usr/share/libdrm dir=/usr/share/libdrm fstype=ext4
Whitelisting /usr/share/libthai
1665 1608 8:3 /usr/share/libthai /usr/share/libthai ro,relatime master:1 - ext4 /dev/sda3 rw
mountid=1665 fsname=/usr/share/libthai dir=/usr/share/libthai fstype=ext4
Whitelisting /usr/share/locale
1666 1608 8:3 /usr/share/locale /usr/share/locale ro,relatime master:1 - ext4 /dev/sda3 rw
mountid=1666 fsname=/usr/share/locale dir=/usr/share/locale fstype=ext4
Whitelisting /usr/share/mime
1667 1608 8:3 /usr/share/mime /usr/share/mime ro,relatime master:1 - ext4 /dev/sda3 rw
mountid=1667 fsname=/usr/share/mime dir=/usr/share/mime fstype=ext4
Whitelisting /usr/share/misc
1668 1608 8:3 /usr/share/misc /usr/share/misc ro,relatime master:1 - ext4 /dev/sda3 rw
mountid=1668 fsname=/usr/share/misc dir=/usr/share/misc fstype=ext4
Whitelisting /usr/share/myspell
1669 1608 8:3 /usr/share/myspell /usr/share/myspell ro,relatime master:1 - ext4 /dev/sda3 rw
mountid=1669 fsname=/usr/share/myspell dir=/usr/share/myspell fstype=ext4
Whitelisting /usr/share/p11-kit
1670 1608 8:3 /usr/share/p11-kit /usr/share/p11-kit ro,relatime master:1 - ext4 /dev/sda3 rw
mountid=1670 fsname=/usr/share/p11-kit dir=/usr/share/p11-kit fstype=ext4
Whitelisting /usr/share/pixmaps
1671 1608 8:3 /usr/share/pixmaps /usr/share/pixmaps ro,relatime master:1 - ext4 /dev/sda3 rw
mountid=1671 fsname=/usr/share/pixmaps dir=/usr/share/pixmaps fstype=ext4
Whitelisting /usr/share/pki
1672 1608 8:3 /usr/share/pki /usr/share/pki ro,relatime master:1 - ext4 /dev/sda3 rw
mountid=1672 fsname=/usr/share/pki dir=/usr/share/pki fstype=ext4
Whitelisting /usr/share/plasma
1673 1608 8:3 /usr/share/plasma /usr/share/plasma ro,relatime master:1 - ext4 /dev/sda3 rw
mountid=1673 fsname=/usr/share/plasma dir=/usr/share/plasma fstype=ext4
Whitelisting /usr/share/publicsuffix
1674 1608 8:3 /usr/share/publicsuffix /usr/share/publicsuffix ro,relatime master:1 - ext4 /dev/sda3 rw
mountid=1674 fsname=/usr/share/publicsuffix dir=/usr/share/publicsuffix fstype=ext4
Whitelisting /usr/share/qt5
1675 1608 8:3 /usr/share/qt5 /usr/share/qt5 ro,relatime master:1 - ext4 /dev/sda3 rw
mountid=1675 fsname=/usr/share/qt5 dir=/usr/share/qt5 fstype=ext4
Whitelisting /usr/share/sounds
1676 1608 8:3 /usr/share/sounds /usr/share/sounds ro,relatime master:1 - ext4 /dev/sda3 rw
mountid=1676 fsname=/usr/share/sounds dir=/usr/share/sounds fstype=ext4
Whitelisting /usr/share/terminfo
1677 1608 8:3 /usr/share/terminfo /usr/share/terminfo ro,relatime master:1 - ext4 /dev/sda3 rw
mountid=1677 fsname=/usr/share/terminfo dir=/usr/share/terminfo fstype=ext4
Whitelisting /usr/share/themes
1678 1608 8:3 /usr/share/themes /usr/share/themes ro,relatime master:1 - ext4 /dev/sda3 rw
mountid=1678 fsname=/usr/share/themes dir=/usr/share/themes fstype=ext4
Whitelisting /usr/share/X11
1679 1608 8:3 /usr/share/X11 /usr/share/X11 ro,relatime master:1 - ext4 /dev/sda3 rw
mountid=1679 fsname=/usr/share/X11 dir=/usr/share/X11 fstype=ext4
Whitelisting /usr/share/xml
1680 1608 8:3 /usr/share/xml /usr/share/xml ro,relatime master:1 - ext4 /dev/sda3 rw
mountid=1680 fsname=/usr/share/xml dir=/usr/share/xml fstype=ext4
Whitelisting /usr/share/zoneinfo
1681 1608 8:3 /usr/share/zoneinfo /usr/share/zoneinfo ro,relatime master:1 - ext4 /dev/sda3 rw
mountid=1681 fsname=/usr/share/zoneinfo dir=/usr/share/zoneinfo fstype=ext4
Whitelisting /var/lib/ca-certificates
1682 1606 8:3 /var/lib/ca-certificates /var/lib/ca-certificates ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/sda3 rw
mountid=1682 fsname=/var/lib/ca-certificates dir=/var/lib/ca-certificates fstype=ext4
Whitelisting /var/lib/dbus
1683 1606 8:3 /var/lib/dbus /var/lib/dbus ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/sda3 rw
mountid=1683 fsname=/var/lib/dbus dir=/var/lib/dbus fstype=ext4
Whitelisting /var/cache/fontconfig
1684 1606 8:3 /var/cache/fontconfig /var/cache/fontconfig ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/sda3 rw
mountid=1684 fsname=/var/cache/fontconfig dir=/var/cache/fontconfig fstype=ext4
Whitelisting /var/tmp
1685 1606 0:106 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw,inode64
mountid=1685 fsname=/ dir=/var/tmp fstype=tmpfs
Created symbolic link /var/run -> /run
Created symbolic link /var/lock -> /run/lock
Whitelisting /tmp/.X11-unix
1686 1600 0:45 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev master:30 - tmpfs tmpfs rw,nr_inodes=409600,inode64
mountid=1686 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Mounting read-only /home/educanorama/.Xauthority
1692 1619 0:124 /educanorama/.Xauthority /home/educanorama/.Xauthority ro,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64
mountid=1692 fsname=/educanorama/.Xauthority dir=/home/educanorama/.Xauthority fstype=tmpfs
Mounting read-only /home/educanorama/.config/kdeglobals
1693 1641 8:3 /home/educanorama/.config/kdeglobals /home/educanorama/.config/kdeglobals ro,relatime master:1 - ext4 /dev/sda3 rw
mountid=1693 fsname=/home/educanorama/.config/kdeglobals dir=/home/educanorama/.config/kdeglobals fstype=ext4
Mounting read-only /home/educanorama/.kde4/share/config/kdeglobals
1694 1642 8:3 /home/educanorama/.kde4/share/config/kdeglobals /home/educanorama/.kde4/share/config/kdeglobals ro,relatime master:1 - ext4 /dev/sda3 rw
mountid=1694 fsname=/home/educanorama/.kde4/share/config/kdeglobals dir=/home/educanorama/.kde4/share/config/kdeglobals fstype=ext4
Mounting read-only /home/educanorama/.config/dconf
1695 1630 8:3 /home/educanorama/.config/dconf /home/educanorama/.config/dconf ro,relatime master:1 - ext4 /dev/sda3 rw
mountid=1695 fsname=/home/educanorama/.config/dconf dir=/home/educanorama/.config/dconf fstype=ext4
Disable /usr/bin/systemd-run
Disable /run/screens (requested /var/run/screens)
Mounting read-only /home/educanorama/.local/share/applications
1702 1626 8:3 /home/educanorama/.local/share/applications /home/educanorama/.local/share/applications ro,relatime master:1 - ext4 /dev/sda3 rw
mountid=1702 fsname=/home/educanorama/.local/share/applications dir=/home/educanorama/.local/share/applications fstype=ext4
Mounting read-only /home/educanorama/.config/mimeapps.list
1703 1623 8:3 /home/educanorama/.config/mimeapps.list /home/educanorama/.config/mimeapps.list ro,relatime master:1 - ext4 /dev/sda3 rw
mountid=1703 fsname=/home/educanorama/.config/mimeapps.list dir=/home/educanorama/.config/mimeapps.list fstype=ext4
Mounting read-only /home/educanorama/.config/user-dirs.dirs
1704 1624 8:3 /home/educanorama/.config/user-dirs.dirs /home/educanorama/.config/user-dirs.dirs ro,relatime master:1 - ext4 /dev/sda3 rw
mountid=1704 fsname=/home/educanorama/.config/user-dirs.dirs dir=/home/educanorama/.config/user-dirs.dirs fstype=ext4
Mounting read-only /home/educanorama/.config/user-dirs.locale
1705 1625 8:3 /home/educanorama/.config/user-dirs.locale /home/educanorama/.config/user-dirs.locale ro,relatime master:1 - ext4 /dev/sda3 rw
mountid=1705 fsname=/home/educanorama/.config/user-dirs.locale dir=/home/educanorama/.config/user-dirs.locale fstype=ext4
Mounting read-only /home/educanorama/.local/share/mime
1706 1628 8:3 /home/educanorama/.local/share/mime /home/educanorama/.local/share/mime ro,relatime master:1 - ext4 /dev/sda3 rw
mountid=1706 fsname=/home/educanorama/.local/share/mime dir=/home/educanorama/.local/share/mime fstype=ext4
Disable /sbin
Disable /usr/local/sbin
Disable /usr/sbin
Disable /usr/bin/chage
Disable /usr/bin/chfn
Disable /usr/bin/chsh
Disable /usr/bin/crontab
Disable /usr/bin/expiry
Disable /usr/bin/fusermount
Disable /usr/bin/gpasswd
Disable /usr/bin/mount
Disable /usr/bin/mount (requested /bin/mount)
Disable /usr/bin/nc
Disable /usr/bin/newgidmap
Disable /usr/bin/newgrp
Disable /usr/bin/newuidmap
Disable /usr/bin/ntfs-3g
Disable /usr/bin/pkexec
Disable /usr/bin/procmail
Disable /usr/bin/newgrp (requested /usr/bin/sg)
Disable /usr/bin/strace
Disable /usr/bin/su
Disable /usr/bin/su (requested /bin/su)
Disable /usr/bin/sudo
Disable /usr/bin/umount
Disable /usr/bin/umount (requested /bin/umount)
Disable /usr/lib/virtualbox
Disable /usr/bin/bwrap
Disable /proc/config.gz
Disable /usr/bin/dig
Disable /usr/bin/nslookup
Disable /usr/bin/host
Disable /usr/bin/as
Disable /usr/bin/gcc-10 (requested /usr/bin/cc)
Disable /usr/bin/g++-10 (requested /usr/bin/c++)
Disable /usr/bin/c++filt
Disable /usr/bin/c89
Disable /usr/bin/c99
Disable /usr/bin/cpp-10
Disable /usr/bin/cpp-10 (requested /usr/bin/cpp)
Disable /usr/bin/cpp-9
Disable /usr/bin/g++-9
Disable /usr/bin/g++-10
Disable /usr/bin/g++-10 (requested /usr/bin/g++)
Disable /usr/bin/gcc-10
Disable /usr/bin/gcc-nm-9
Disable /usr/bin/gcc-ar-9
Disable /usr/bin/gcc-ranlib-9
Disable /usr/bin/gcc-ar-10
Disable /usr/bin/gcc-ranlib-10
Disable /usr/bin/gcc-nm-10
Disable /usr/bin/gcc-10 (requested /usr/bin/gcc)
Disable /usr/bin/gcc-9
Disable /usr/bin/gcc-ranlib-10 (requested /usr/bin/gcc-ranlib)
Disable /usr/bin/gcc-nm-10 (requested /usr/bin/gcc-nm)
Disable /usr/bin/gcc-ar-10 (requested /usr/bin/gcc-ar)
Disable /usr/bin/gdb
Disable /usr/bin/ld.bfd (requested /usr/bin/ld)
Disable /usr/java/jre1.8.0_241-amd64/bin/java (requested /usr/bin/java)
Disable /usr/bin/openssl
Disable /usr/bin/valgrind
Disable /usr/bin/valgrind-listener
Disable /usr/bin/valgrind-di-server
Disable /usr/src
Disable /usr/local/src
Disable /usr/include
Disable /usr/local/include
Mounting noexec /home/educanorama/.config/zoomus.conf
1774 1620 8:3 /home/educanorama/.config/zoomus.conf /home/educanorama/.config/zoomus.conf rw,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/sda3 rw
mountid=1774 fsname=/home/educanorama/.config/zoomus.conf dir=/home/educanorama/.config/zoomus.conf fstype=ext4
Mounting noexec /home/educanorama/.zoom
1775 1621 8:3 /home/educanorama/.zoom /home/educanorama/.zoom rw,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/sda3 rw
mountid=1775 fsname=/home/educanorama/.zoom dir=/home/educanorama/.zoom fstype=ext4
Mounting noexec /home/educanorama/.config/ibus
1776 1622 8:3 /home/educanorama/.config/ibus /home/educanorama/.config/ibus rw,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/sda3 rw
mountid=1776 fsname=/home/educanorama/.config/ibus dir=/home/educanorama/.config/ibus fstype=ext4
Mounting noexec /home/educanorama/.config/mimeapps.list
1777 1703 8:3 /home/educanorama/.config/mimeapps.list /home/educanorama/.config/mimeapps.list ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/sda3 rw
mountid=1777 fsname=/home/educanorama/.config/mimeapps.list dir=/home/educanorama/.config/mimeapps.list fstype=ext4
Mounting noexec /home/educanorama/.config/user-dirs.dirs
1778 1704 8:3 /home/educanorama/.config/user-dirs.dirs /home/educanorama/.config/user-dirs.dirs ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/sda3 rw
mountid=1778 fsname=/home/educanorama/.config/user-dirs.dirs dir=/home/educanorama/.config/user-dirs.dirs fstype=ext4
Mounting noexec /home/educanorama/.config/user-dirs.locale
1779 1705 8:3 /home/educanorama/.config/user-dirs.locale /home/educanorama/.config/user-dirs.locale ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/sda3 rw
mountid=1779 fsname=/home/educanorama/.config/user-dirs.locale dir=/home/educanorama/.config/user-dirs.locale fstype=ext4
Mounting noexec /home/educanorama/.local/share/applications
1780 1702 8:3 /home/educanorama/.local/share/applications /home/educanorama/.local/share/applications ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/sda3 rw
mountid=1780 fsname=/home/educanorama/.local/share/applications dir=/home/educanorama/.local/share/applications fstype=ext4
Mounting noexec /home/educanorama/.local/share/icons
1781 1627 8:3 /home/educanorama/.local/share/icons /home/educanorama/.local/share/icons rw,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/sda3 rw
mountid=1781 fsname=/home/educanorama/.local/share/icons dir=/home/educanorama/.local/share/icons fstype=ext4
Mounting noexec /home/educanorama/.local/share/mime
1782 1706 8:3 /home/educanorama/.local/share/mime /home/educanorama/.local/share/mime ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/sda3 rw
mountid=1782 fsname=/home/educanorama/.local/share/mime dir=/home/educanorama/.local/share/mime fstype=ext4
Mounting noexec /home/educanorama/.mime.types
1783 1629 8:3 /home/educanorama/.mime.types /home/educanorama/.mime.types rw,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/sda3 rw
mountid=1783 fsname=/home/educanorama/.mime.types dir=/home/educanorama/.mime.types fstype=ext4
Mounting noexec /home/educanorama/.config/dconf
1784 1695 8:3 /home/educanorama/.config/dconf /home/educanorama/.config/dconf ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/sda3 rw
mountid=1784 fsname=/home/educanorama/.config/dconf dir=/home/educanorama/.config/dconf fstype=ext4
Mounting noexec /home/educanorama/.config/fontconfig
1785 1631 8:3 /home/educanorama/.config/fontconfig /home/educanorama/.config/fontconfig rw,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/sda3 rw
mountid=1785 fsname=/home/educanorama/.config/fontconfig dir=/home/educanorama/.config/fontconfig fstype=ext4
Mounting noexec /home/educanorama/.fonts
1786 1632 8:3 /home/educanorama/.fonts /home/educanorama/.fonts rw,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/sda3 rw
mountid=1786 fsname=/home/educanorama/.fonts dir=/home/educanorama/.fonts fstype=ext4
Mounting noexec /home/educanorama/.fonts.conf
1787 1633 8:3 /home/educanorama/.fonts.conf /home/educanorama/.fonts.conf rw,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/sda3 rw
mountid=1787 fsname=/home/educanorama/.fonts.conf dir=/home/educanorama/.fonts.conf fstype=ext4
Mounting noexec /home/educanorama/.config/gtk-2.0
1788 1634 8:3 /home/educanorama/.config/gtk-2.0 /home/educanorama/.config/gtk-2.0 rw,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/sda3 rw
mountid=1788 fsname=/home/educanorama/.config/gtk-2.0 dir=/home/educanorama/.config/gtk-2.0 fstype=ext4
Mounting noexec /home/educanorama/.config/gtk-3.0
1789 1635 8:3 /home/educanorama/.config/gtk-3.0 /home/educanorama/.config/gtk-3.0 rw,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/sda3 rw
mountid=1789 fsname=/home/educanorama/.config/gtk-3.0 dir=/home/educanorama/.config/gtk-3.0 fstype=ext4
Mounting noexec /home/educanorama/.config/gtkrc
1790 1636 8:3 /home/educanorama/.config/gtkrc /home/educanorama/.config/gtkrc rw,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/sda3 rw
mountid=1790 fsname=/home/educanorama/.config/gtkrc dir=/home/educanorama/.config/gtkrc fstype=ext4
Mounting noexec /home/educanorama/.config/gtkrc-2.0
1791 1637 8:3 /home/educanorama/.config/gtkrc-2.0 /home/educanorama/.config/gtkrc-2.0 rw,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/sda3 rw
mountid=1791 fsname=/home/educanorama/.config/gtkrc-2.0 dir=/home/educanorama/.config/gtkrc-2.0 fstype=ext4
Mounting noexec /home/educanorama/.gtkrc-2.0
1792 1638 8:3 /home/educanorama/.gtkrc-2.0 /home/educanorama/.gtkrc-2.0 rw,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/sda3 rw
mountid=1792 fsname=/home/educanorama/.gtkrc-2.0 dir=/home/educanorama/.gtkrc-2.0 fstype=ext4
Mounting noexec /home/educanorama/.themes
1793 1639 8:3 /home/educanorama/.themes /home/educanorama/.themes rw,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/sda3 rw
mountid=1793 fsname=/home/educanorama/.themes dir=/home/educanorama/.themes fstype=ext4
Mounting noexec /home/educanorama/.config/Trolltech.conf
1794 1640 8:3 /home/educanorama/.config/Trolltech.conf /home/educanorama/.config/Trolltech.conf rw,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/sda3 rw
mountid=1794 fsname=/home/educanorama/.config/Trolltech.conf dir=/home/educanorama/.config/Trolltech.conf fstype=ext4
Mounting noexec /home/educanorama/.config/kdeglobals
1795 1693 8:3 /home/educanorama/.config/kdeglobals /home/educanorama/.config/kdeglobals ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/sda3 rw
mountid=1795 fsname=/home/educanorama/.config/kdeglobals dir=/home/educanorama/.config/kdeglobals fstype=ext4
Mounting noexec /home/educanorama/.kde4/share/config/kdeglobals
1796 1694 8:3 /home/educanorama/.kde4/share/config/kdeglobals /home/educanorama/.kde4/share/config/kdeglobals ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/sda3 rw
mountid=1796 fsname=/home/educanorama/.kde4/share/config/kdeglobals dir=/home/educanorama/.kde4/share/config/kdeglobals fstype=ext4
Mounting noexec /run/user/1000
1800 1797 0:51 /pulse/native /run/user/1000/pulse/native rw,nosuid,nodev,relatime master:396 - tmpfs tmpfs rw,size=1631444k,nr_inodes=407861,mode=700,uid=1000,gid=100,inode64
mountid=1800 fsname=/pulse/native dir=/run/user/1000/pulse/native fstype=tmpfs
Mounting noexec /run/user/1000/bus
1801 1798 0:51 /bus /run/user/1000/bus rw,nosuid,nodev,noexec,relatime master:396 - tmpfs tmpfs rw,size=1631444k,nr_inodes=407861,mode=700,uid=1000,gid=100,inode64
mountid=1801 fsname=/bus dir=/run/user/1000/bus fstype=tmpfs
Mounting noexec /run/user/1000/dconf
1802 1799 0:51 /dconf /run/user/1000/dconf rw,nosuid,nodev,noexec,relatime master:396 - tmpfs tmpfs rw,size=1631444k,nr_inodes=407861,mode=700,uid=1000,gid=100,inode64
mountid=1802 fsname=/dconf dir=/run/user/1000/dconf fstype=tmpfs
Mounting noexec /run/user/1000/pulse/native
1803 1800 0:51 /pulse/native /run/user/1000/pulse/native rw,nosuid,nodev,noexec,relatime master:396 - tmpfs tmpfs rw,size=1631444k,nr_inodes=407861,mode=700,uid=1000,gid=100,inode64
mountid=1803 fsname=/pulse/native dir=/run/user/1000/pulse/native fstype=tmpfs
Mounting noexec /dev/shm
1804 1578 0:114 /shm /dev/shm rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64
mountid=1804 fsname=/shm dir=/dev/shm fstype=tmpfs
Mounting noexec /tmp
1806 1805 0:45 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev master:30 - tmpfs tmpfs rw,nr_inodes=409600,inode64
mountid=1806 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Mounting noexec /tmp/.X11-unix
1807 1806 0:45 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev,noexec master:30 - tmpfs tmpfs rw,nr_inodes=409600,inode64
mountid=1807 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Mounting noexec /var
1812 1808 0:106 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw,inode64
mountid=1812 fsname=/ dir=/var/tmp fstype=tmpfs
Disable /usr/lib/liblua5.3.so.5.3.0 (requested /usr/lib/liblua5.3.so.5)
Disable /usr/lib/liblua5.3.so.5.3.0
Disable /usr/lib/liblua5.3.so.5.3.0 (requested /usr/lib/liblua5.3.so.0)
Disable /usr/lib/liblua5.3.so.5.3.0 (requested /usr/lib/liblua5.3.so.5.3)
Disable /usr/lib/liblua5.3.so.5.3.0 (requested /usr/lib/liblua.so.5.3)
Disable /usr/lib64/libmozjs-68.so
Disable /usr/lib64/libmozjs-78.so.0.0.0
Disable /usr/lib64/libmozjs-78.so.0.0.0 (requested /usr/lib64/libmozjs-78.so.0)
Disable /usr/bin/cpanel_json_xs
Disable /usr/bin/cpan
Disable /usr/bin/perl
Disable /usr/lib/perl5
Disable /usr/bin/ruby
Disable /usr/bin/python2.7
Disable /usr/bin/python2.7 (requested /usr/bin/python2)
Disable /usr/lib/python2.7
Disable /usr/local/lib/python2.7
Disable /usr/bin/python3.8 (requested /usr/bin/python3)
Disable /usr/bin/python3.8
Disable /usr/lib/python3.8
Disable /usr/lib64/python3.8
Disable /usr/local/lib/python3.8
Not blacklist /home/educanorama/.config/zoomus.conf
Not blacklist /home/educanorama/.zoom
Mounting read-only /tmp/.X11-unix
1835 1807 0:45 /.X11-unix /tmp/.X11-unix ro,nosuid,nodev,noexec master:30 - tmpfs tmpfs rw,nr_inodes=409600,inode64
mountid=1835 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Disable /sys/fs
Disable /sys/module
Disable /mnt
Disable /run/mount
Disable /run/media
/etc/pulse/client.conf not found
Create the new ld.so.preload file
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 04 00 c000003e   jeq ARCH_64 0006 (false 0002)
 0002: 20 00 00 00000000   ld  data.syscall-number
 0003: 15 01 00 00000167   jeq unknown 0005 (false 0004)
 0004: 06 00 00 7fff0000   ret ALLOW
 0005: 05 00 00 00000006   jmp 000c
 0006: 20 00 00 00000004   ld  data.architecture
 0007: 15 01 00 c000003e   jeq ARCH_64 0009 (false 0008)
 0008: 06 00 00 7fff0000   ret ALLOW
 0009: 20 00 00 00000000   ld  data.syscall-number
 000a: 15 01 00 00000029   jeq socket 000c (false 000b)
 000b: 06 00 00 7fff0000   ret ALLOW
 000c: 20 00 00 00000010   ld  data.args[0]
 000d: 15 00 01 00000001   jeq 1 000e (false 000f)
 000e: 06 00 00 7fff0000   ret ALLOW
 000f: 15 00 01 00000002   jeq 2 0010 (false 0011)
 0010: 06 00 00 7fff0000   ret ALLOW
 0011: 15 00 01 0000000a   jeq a 0012 (false 0013)
 0012: 06 00 00 7fff0000   ret ALLOW
 0013: 15 00 01 00000010   jeq 10 0014 (false 0015)
 0014: 06 00 00 7fff0000   ret ALLOW
 0015: 06 00 00 0005005f   ret ERRNO(95)
Mount the new ld.so.preload file
Current directory: /usr/local/bin
Install protocol filter: unix,inet,inet6,netlink
configuring 22 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol
sbox run: /usr/lib64/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol 
Mounting read-only /run/firejail/mnt/seccomp
1842 1534 0:103 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755,inode64
mountid=1842 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs
Seccomp directory:
ls /run/firejail/mnt/seccomp
drwxr-xr-x root     root             160 .
drwxr-xr-x root     root             440 ..
-rw-r--r-- educanorama    users           1072 seccomp
-rw-r--r-- educanorama    users            808 seccomp.32
-rw-r--r-- educanorama    users             43 seccomp.list
-rw-r--r-- educanorama    users              0 seccomp.postexec
-rw-r--r-- educanorama    users              0 seccomp.postexec32
-rw-r--r-- educanorama    users            176 seccomp.protocol
Active seccomp files:
cat /run/firejail/mnt/seccomp/seccomp.list
/run/firejail/mnt/seccomp/seccomp.protocol
Dropping all capabilities
noroot user namespace installed
Dropping all capabilities
NO_NEW_PRIVS set
Drop privileges: pid 1, uid 1000, gid 100, nogroups 0
starting application
LD_PRELOAD=(null)
execvp argument 0: zoom
Child process initialized in 98.54 ms
Searching $PATH for zoom
trying #/home/educanorama/bin/zoom#
trying #/usr/local/bin/zoom#
trying #/usr/bin/zoom#
Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter
monitoring pid 20

Sandbox monitor: waitpid 20 retval 20 status 0

Parent is shutting down, bye...

glitsj16 commented 3 years ago

Discussion in #3726 resulted in disabling private-etc in our zoom.profile, see https://github.com/netblue30/firejail/commit/796b4cf3358a1111ba932fc0e83c288701e56e58. Your firejail version probably still comes with an older version of that file, so you'll need to create ${HOME}/.config/firejail/zoom.local and add ignore private-etc to it.

educanorama commented 3 years ago

Still crashes, unfortunately. With your addition, my zoom.local file now reads:

protocol unix,inet,inet6,netlink
ignore seccomp
ignore private-etc
seccomp !chroot

glitsj16 commented 3 years ago

@educanorama Your attached zoom.profile shows it already has:

protocol unix,inet,inet6,netlink
seccomp !chroot

Better take those out of your zoom.local and only keep ignore private-etc while trying to debug further. Not seeing anything obvious I'm afraid, so you will have to experiment with commenting every line until something useful turns up.

educanorama commented 3 years ago

Progress. Firejail zoom worked after I commented out the line:

include whitelist-runuser-common.inc

as root while editing /etc/firejail/zoom.profile.

I undid this edit, and then looked at whitelist-runuser-common.inc. It reads:

# Local customizations come here
include whitelist-runuser-common.local

# common ${RUNUSER} (=/run/user/$UID) whitelist for all profiles

whitelist ${RUNUSER}/bus
whitelist ${RUNUSER}/dconf
whitelist ${RUNUSER}/gdm/Xauthority
whitelist ${RUNUSER}/ICEauthority
whitelist ${RUNUSER}/.mutter-Xwaylandauth.*
whitelist ${RUNUSER}/pulse/native
whitelist ${RUNUSER}/wayland-0

I tried commenting out the seven whitelist lines above individually as root, without success. However, when I commented out all seven at the same time, firejail zoom again worked.

I undid these edits, and added the lines below as non-root user to ~/.config/firejail/zoom.local .

ignore whitelist ${RUNUSER}/bus
ignore whitelist ${RUNUSER}/dconf
ignore whitelist ${RUNUSER}/gdm/Xauthority
ignore whitelist ${RUNUSER}/ICEauthority
ignore whitelist ${RUNUSER}/.mutter-Xwaylandauth.*
ignore whitelist ${RUNUSER}/pulse/native
ignore whitelist ${RUNUSER}/wayland-0

Firejail zoom works again. I also added back the lines you suggested I delete while troubleshooting, and commented out ignore private-etc. The current zoom.local reads:

protocol unix,inet,inet6,netlink
# ignore private-etc
ignore seccomp
seccomp !chroot
ignore whitelist ${RUNUSER}/bus
ignore whitelist ${RUNUSER}/dconf
ignore whitelist ${RUNUSER}/gdm/Xauthority
ignore whitelist ${RUNUSER}/ICEauthority
ignore whitelist ${RUNUSER}/.mutter-Xwaylandauth.*
ignore whitelist ${RUNUSER}/pulse/native
ignore whitelist ${RUNUSER}/wayland-0

Firejail zoom works properly with this configuration.

Is it safe to presume the problem to be fixed? I don't know what these parameters mean, how much (if any) firejail functionality I have disabled through these edits.

FWIW: I run X, rather than Wayland, with the nvidia driver.

And before I forget: thanks very much for helping me troubleshoot this issue.

rusty-snake commented 3 years ago

Can you post ls -la /run/user/$UID.

protocol unix,inet,inet6,netlink

This line is in zoom.profile too

ignore seccomp seccomp !chroot

This disables all seccomp filtering.

ignore whitelist ${RUNUSER}/…

ignore include whitelist-runuser-common.inc should work

However, when I commented out all seven at the same time, firejail zoom again worked.

Because whitelisting in /run/user/UID is then not enabled.

educanorama commented 3 years ago

Happily:

ls -la /run/user/$UID
total 8
drwx------ 11 educanorama users 360 Nov 12 21:15 .
drwxr-xr-x  3 root  root   60 Nov 12 21:07 ..
drwxr-xr-x  2 educanorama users 120 Nov 12 21:07 akonadi
srw-rw-rw-  1 educanorama users   0 Nov 12 21:07 bus
drwx------  3 educanorama users  60 Nov 12 21:07 dbus-1
drwx------  2 educanorama users  60 Nov 12 21:07 dconf
dr-x------  2 educanorama users   0 Jan  1  1970 doc
drwx------  2 educanorama users 120 Nov 12 21:07 gnupg
dr-x------  2 educanorama users   0 Nov 12 21:07 gvfs
srw-------  1 educanorama users   0 Nov 12 21:07 kdeinit5__0
drwx------  2 educanorama users  60 Nov 12 21:07 keyring
srwxr-xr-x  1 educanorama users   0 Nov 12 21:07 klauncherZwOFNe.1.slave-socket
-rw-r--r--  1 educanorama users 101 Nov 12 21:07 KSMserver__0
srw-rw-rw-  1 educanorama users   0 Nov 12 21:07 pipewire-0
-rw-r-----  1 educanorama users   0 Nov 12 21:07 pipewire-0.lock
drwx------  2 educanorama users  80 Nov 12 21:07 pulse
drwxr-xr-x  6 educanorama users 160 Nov 12 21:07 systemd
-rw-------  1 educanorama users  99 Nov 12 21:07 xauth_xELoDU

If i understand the rest of your message, it sounds like protocol unix,inet,inet6,netlink in zoom.local is redundant/unnecessary, and that my system is more secure without ignore seccomp and seccomp !chroot in zoom.local. Is that correct?

educanorama commented 3 years ago

Rusty-snake, I just saw the edit to your message above:

ignore include whitelist-runuser-common.inc in place of the seven specific 'ignore whitelist' lines did not work. My current zoom.local reads:

ignore whitelist ${RUNUSER}/bus
ignore whitelist ${RUNUSER}/dconf
ignore whitelist ${RUNUSER}/gdm/Xauthority
ignore whitelist ${RUNUSER}/ICEauthority
ignore whitelist ${RUNUSER}/.mutter-Xwaylandauth.*
ignore whitelist ${RUNUSER}/pulse/native
ignore whitelist ${RUNUSER}/wayland-0

I'm running KDE Plasma 5.20.2.

rusty-snake commented 3 years ago

Remove all the ignore wruc lines in your zoom.local. Then add whitelist ${RUNUSER}/xauth_*.

Beside, is anything in the syslog (journcalctl --boot --pager-end --follow)?

if i understand the rest of your message, it sounds like protocol unix,inet,inet6,netlink in zoom.local is redundant/unnecessary

Yes, see zoom.profile (cat /etc/firejail/zoom.profile)

and that my system is more secure without ignore seccomp and seccomp !chroot in zoom.local

it's more secure w/o ignore seccomp. seccomp !chroot is redundant as it is in zoom.profile.

educanorama commented 3 years ago

Remove all the ignore wruc lines in your zoom.local. Then add whitelist ${RUNUSER}/xauth_*.

Success. whitelist ${RUNUSER}/xauth_* is now the only line in zoom.local. Firejail zoom works.

Beside, is anything in the syslog (journcalctl --boot --pager-end --follow)?

A lot! I have attached a log.
journalctl_boot_pager-end_follow.txt

Thanks for responding to my other questions, and for all your help with troubleshooting.

It's getting late here (I'm in Europe), so I'm about to disappear for the night, but will return to this thread in the morning.

educanorama commented 3 years ago

Please let me know if there are any other troubleshooting steps you'd like me to try, either for my benefit or to help with firejail.

I will be hosting two Zoom meetings this weekend. If all goes well, I will close this thread on Monday.

rusty-snake commented 3 years ago

bd539da

educanorama commented 3 years ago

I just wrapped up the second meeting while running Zoom in firejail, with whitelist ${RUNUSER}/xauth_* as the only line in zoom.local and no other changes to standard configuration.

No problems at all! Thanks again very much for your help.

netblue30 / firejail

zoom: program does not start (missing whitelist) #3744