search

netblue30 / firejail

Linux namespaces and seccomp-bpf sandbox
https://firejail.wordpress.com
GNU General Public License v2.0
5.75k stars 562 forks source link

discord: cannot open links in the browser #3881

Closed realnc closed 3 years ago

realnc commented 3 years ago

Discord is unable to open links when clicking on them in the chat window. When clicking a link, I get this error in the output log:

/usr/local/bin/xdg-open: line 608: kde-open5: command not found

I tried adding kde-open5 to private-bin in discord-common.profile, but then I get this error:

"kf5-applications.menu"  not found in  ()
kf.kio.core: Unknown protocol requested: "" ( QUrl("") )

And this window appears:

image

When I run:

$ firejail --noprofile /usr/bin/discord

Or when running without firejail, everything works fine.

Steps to reproduce the behavior:

  1. Run firejail discord.
  2. In a chat room, find a URL someone posted and click on it.

Environment

Checklist

debug output ``` Autoselecting /bin/bash as shell Building quoted command line: 'discord' Command name #discord# Found discord.profile profile in /etc/firejail directory Reading profile /etc/firejail/discord.profile Found discord-common.profile profile in /etc/firejail directory Reading profile /etc/firejail/discord-common.profile Found disable-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-common.inc Found disable-devel.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-devel.inc Found disable-exec.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-exec.inc Found disable-passwdmgr.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-passwdmgr.inc Found disable-programs.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-programs.inc Found whitelist-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-common.inc Found whitelist-var-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-var-common.inc Warning: Warning: NVIDIA card detected, nogroups command disabled Seccomp list in: !chroot, check list: @default-keep, prelist: unknown, DISPLAY=:0 parsed as 0 Using the local network stack Parent pid 27828, child pid 27829 Initializing child process Host network configured PID namespace installed Mounting tmpfs on /run/firejail/mnt directory Creating empty /run/firejail/mnt/seccomp directory Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file IBUS_ADDRESS=unix:abstract=/home/realnc/.cache/ibus/dbus-5ulnIj3B,guid=bac70a42008844012f7efa655ffa9220 IBUS_DAEMON_PID=326764 Build protocol filter: unix,inet,inet6,netlink sbox run: /run/firejail/lib/fseccomp protocol build unix,inet,inet6,netlink /run/firejail/mnt/seccomp/seccomp.protocol Dropping all capabilities Drop privileges: pid 2, uid 1000, gid 1000, nogroups 1 No supplementary groups Mounting /proc filesystem representing the PID namespace Basic read-only filesystem: Mounting read-only /etc 635 592 8:6 /etc /etc ro,relatime master:1 - ext4 /dev/root rw mountid=635 fsname=/etc dir=/etc fstype=ext4 Mounting noexec /etc 636 635 8:6 /etc /etc ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/root rw mountid=636 fsname=/etc dir=/etc fstype=ext4 Mounting read-only /var 638 637 0:45 / /var/tmp/portage rw,relatime master:108 - tmpfs tmpfs rw,size=10485760k,mode=775,uid=250,gid=250 mountid=638 fsname=/ dir=/var/tmp/portage fstype=tmpfs Mounting read-only /var/tmp/portage 639 638 0:45 / /var/tmp/portage ro,relatime master:108 - tmpfs tmpfs rw,size=10485760k,mode=775,uid=250,gid=250 mountid=639 fsname=/ dir=/var/tmp/portage fstype=tmpfs Mounting noexec /var 642 641 0:45 / /var/tmp/portage ro,relatime master:108 - tmpfs tmpfs rw,size=10485760k,mode=775,uid=250,gid=250 mountid=642 fsname=/ dir=/var/tmp/portage fstype=tmpfs Mounting noexec /var/tmp/portage 643 642 0:45 / /var/tmp/portage ro,nosuid,nodev,noexec,relatime master:108 - tmpfs tmpfs rw,size=10485760k,mode=775,uid=250,gid=250 mountid=643 fsname=/ dir=/var/tmp/portage fstype=tmpfs Mounting read-only /usr 644 592 8:6 /usr /usr ro,relatime master:1 - ext4 /dev/root rw mountid=644 fsname=/usr dir=/usr fstype=ext4 Mounting read-only /bin 645 592 8:6 /bin /bin ro,relatime master:1 - ext4 /dev/root rw mountid=645 fsname=/bin dir=/bin fstype=ext4 Mounting read-only /sbin 646 592 8:6 /sbin /sbin ro,relatime master:1 - ext4 /dev/root rw mountid=646 fsname=/sbin dir=/sbin fstype=ext4 Mounting read-only /lib 647 592 8:6 /lib /lib ro,relatime master:1 - ext4 /dev/root rw mountid=647 fsname=/lib dir=/lib fstype=ext4 Mounting read-only /lib64 648 592 8:6 /lib64 /lib64 ro,relatime master:1 - ext4 /dev/root rw mountid=648 fsname=/lib64 dir=/lib64 fstype=ext4 Mounting tmpfs on /var/lock Mounting tmpfs on /var/tmp Mounting tmpfs on /var/log Mounting tmpfs on /var/lib/dhcp Create the new utmp file Mount the new utmp file Cleaning /home directory Cleaning /run/user directory Sanitizing /etc/passwd, UID_MIN 1000 Sanitizing /etc/group, GID_MIN 1000 Disable /run/firejail/network Disable /run/firejail/bandwidth Disable /run/firejail/name Disable /run/firejail/profile Disable /run/firejail/x11 Mounting tmpfs on /dev mounting /run/firejail/mnt/dev/snd directory mounting /run/firejail/mnt/dev/dri directory mounting /run/firejail/mnt/dev/nvidia0 file mounting /run/firejail/mnt/dev/nvidiactl file mounting /run/firejail/mnt/dev/nvidia-modeset file Process /dev/shm directory Copying files in the new /opt directory: copying /opt/discord to private /opt Creating empty /run/firejail/mnt/opt/discord directory sbox run: /run/firejail/lib/fcopy /opt/discord /run/firejail/mnt/opt/discord Mount-bind /run/firejail/mnt/opt on top of /opt Private /opt installed in 266.61 ms Copying files in the new bin directory Checking /usr/local/bin/discord Checking /usr/bin/discord file /opt/discord/Discord not found sbox run: /run/firejail/lib/fcopy /usr/bin/discord /run/firejail/mnt/bin Checking /usr/local/bin/bash Checking /usr/bin/bash Checking /bin/bash sbox run: /run/firejail/lib/fcopy /bin/bash /run/firejail/mnt/bin Checking /usr/local/bin/cut Checking /usr/bin/cut sbox run: /run/firejail/lib/fcopy /bin/cut /run/firejail/mnt/bin sbox run: /run/firejail/lib/fcopy /usr/bin/cut /run/firejail/mnt/bin Checking /usr/local/bin/echo Checking /usr/bin/echo Checking /bin/echo sbox run: /run/firejail/lib/fcopy /bin/echo /run/firejail/mnt/bin Checking /usr/local/bin/egrep Checking /usr/bin/egrep Checking /bin/egrep sbox run: /run/firejail/lib/fcopy /bin/egrep /run/firejail/mnt/bin Checking /usr/local/bin/fish Checking /usr/bin/fish Checking /bin/fish Checking /usr/games/fish Checking /usr/local/games/fish Checking /usr/local/sbin/fish Checking /usr/sbin/fish Checking /sbin/fish Warning: file fish not found Checking /usr/local/bin/grep Checking /usr/bin/grep Checking /bin/grep sbox run: /run/firejail/lib/fcopy /bin/grep /run/firejail/mnt/bin Checking /usr/local/bin/head Checking /usr/bin/head sbox run: /run/firejail/lib/fcopy /bin/head /run/firejail/mnt/bin sbox run: /run/firejail/lib/fcopy /usr/bin/head /run/firejail/mnt/bin Checking /usr/local/bin/sed Checking /usr/bin/sed Checking /bin/sed sbox run: /run/firejail/lib/fcopy /bin/sed /run/firejail/mnt/bin Checking /usr/local/bin/sh Checking /usr/bin/sh Checking /bin/sh sbox run: /run/firejail/lib/fcopy /bin/bash /run/firejail/mnt/bin sbox run: /run/firejail/lib/fcopy /bin/sh /run/firejail/mnt/bin Checking /usr/local/bin/tclsh Checking /usr/bin/tclsh sbox run: /run/firejail/lib/fcopy /usr/bin/tclsh8.6 /run/firejail/mnt/bin sbox run: /run/firejail/lib/fcopy /usr/bin/tclsh /run/firejail/mnt/bin Checking /usr/local/bin/tr Checking /usr/bin/tr sbox run: /run/firejail/lib/fcopy /bin/tr /run/firejail/mnt/bin sbox run: /run/firejail/lib/fcopy /usr/bin/tr /run/firejail/mnt/bin Checking /usr/local/bin/xdg-mime Checking /usr/bin/xdg-mime sbox run: /run/firejail/lib/fcopy /usr/bin/xdg-mime /run/firejail/mnt/bin Checking /usr/local/bin/xdg-open Checking /usr/bin/xdg-open sbox run: /run/firejail/lib/fcopy /usr/bin/xdg-open /run/firejail/mnt/bin Checking /usr/local/bin/zsh Checking /usr/bin/zsh Checking /bin/zsh Checking /usr/games/zsh Checking /usr/local/games/zsh Checking /usr/local/sbin/zsh Checking /usr/sbin/zsh Checking /sbin/zsh Warning: file zsh not found Mount-bind /run/firejail/mnt/bin on top of /usr/local/bin Mount-bind /run/firejail/mnt/bin on top of /usr/bin Mount-bind /run/firejail/mnt/bin on top of /bin Mount-bind /run/firejail/mnt/bin on top of /usr/local/sbin Mount-bind /run/firejail/mnt/bin on top of /usr/sbin Mount-bind /run/firejail/mnt/bin on top of /sbin 18 programs installed in 16.84 ms Generate private-tmp whitelist commands blacklist /run/firejail/dbus Mounting read-only /proc/sys Remounting /sys directory Disable /sys/firmware Disable /sys/power Disable /sys/kernel/debug Disable /sys/kernel/vmcoreinfo Disable /sys/kernel/uevent_helper Disable /proc/sys/fs/binfmt_misc Disable /proc/sys/kernel/core_pattern Disable /proc/sys/kernel/modprobe Disable /proc/sysrq-trigger Disable /proc/sys/kernel/hotplug Disable /proc/sys/vm/panic_on_oom Disable /proc/irq Disable /proc/bus Disable /proc/timer_list Disable /proc/kcore Disable /proc/kallsyms Disable /usr/src/linux-5.4.87-gentoo (requested /usr/src/linux) Disable /lib/modules Disable /usr/lib/debug Disable /boot Disable /run/user/1000/gnupg Disable /run/user/1000/systemd Disable /proc/kmsg Copying files in the new /etc directory: copying /etc/alternatives to private /etc Creating empty /run/firejail/mnt/etc/alternatives directory sbox run: /run/firejail/lib/fcopy /etc/alternatives /run/firejail/mnt/etc/alternatives copying /etc/ca-certificates to private /etc Creating empty /run/firejail/mnt/etc/ca-certificates directory sbox run: /run/firejail/lib/fcopy /etc/ca-certificates /run/firejail/mnt/etc/ca-certificates Warning: file /etc/crypto-policies not found. Warning: skipping crypto-policies for private /etc copying /etc/fonts to private /etc Creating empty /run/firejail/mnt/etc/fonts directory sbox run: /run/firejail/lib/fcopy /etc/fonts /run/firejail/mnt/etc/fonts copying /etc/group to private /etc sbox run: /run/firejail/lib/fcopy /etc/group /run/firejail/mnt/etc copying /etc/ld.so.cache to private /etc sbox run: /run/firejail/lib/fcopy /etc/ld.so.cache /run/firejail/mnt/etc copying /etc/localtime to private /etc sbox run: /run/firejail/lib/fcopy /etc/localtime /run/firejail/mnt/etc copying /etc/login.defs to private /etc sbox run: /run/firejail/lib/fcopy /etc/login.defs /run/firejail/mnt/etc copying /etc/machine-id to private /etc sbox run: /run/firejail/lib/fcopy /etc/machine-id /run/firejail/mnt/etc Warning: file /etc/password not found. Warning: skipping password for private /etc Warning: file /etc/pki not found. Warning: skipping pki for private /etc copying /etc/pulse to private /etc Creating empty /run/firejail/mnt/etc/pulse directory sbox run: /run/firejail/lib/fcopy /etc/pulse /run/firejail/mnt/etc/pulse copying /etc/resolv.conf to private /etc sbox run: /run/firejail/lib/fcopy /etc/resolv.conf /run/firejail/mnt/etc copying /etc/ssl to private /etc Creating empty /run/firejail/mnt/etc/ssl directory sbox run: /run/firejail/lib/fcopy /etc/ssl /run/firejail/mnt/etc/ssl Mount-bind /run/firejail/mnt/etc on top of /etc Private /etc installed in 20.57 ms Cannot find /usr/etc Debug 456: new_name #/home/realnc/.config/discord#, whitelist Debug 571: fname #/home/realnc/.config/discord#, cfg.homedir #/home/realnc# Replaced whitelist path: whitelist /home/realnc/.config/discord Directory ${DOWNLOADS} resolved as Downloads Debug 456: new_name #/home/realnc/Downloads#, whitelist Debug 571: fname #/home/realnc/Downloads#, cfg.homedir #/home/realnc# Replaced whitelist path: whitelist /home/realnc/Downloads Debug 456: new_name #/home/realnc/.config/BetterDiscord#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/BetterDiscord expanded: /home/realnc/.config/BetterDiscord real path: (null) realpath: No such file or directory Debug 456: new_name #/home/realnc/.local/share/betterdiscordctl#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/betterdiscordctl expanded: /home/realnc/.local/share/betterdiscordctl real path: (null) realpath: No such file or directory Debug 456: new_name #/home/realnc/.XCompose#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.XCompose expanded: /home/realnc/.XCompose real path: (null) realpath: No such file or directory Debug 456: new_name #/home/realnc/.asoundrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.asoundrc expanded: /home/realnc/.asoundrc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/realnc/.config/ibus#, whitelist Debug 571: fname #/home/realnc/.config/ibus#, cfg.homedir #/home/realnc# Replaced whitelist path: whitelist /home/realnc/.config/ibus Debug 456: new_name #/home/realnc/.config/mimeapps.list#, whitelist Debug 571: fname #/home/realnc/.config/mimeapps.list#, cfg.homedir #/home/realnc# Replaced whitelist path: whitelist /home/realnc/.config/mimeapps.list Debug 456: new_name #/home/realnc/.config/pkcs11#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/pkcs11 expanded: /home/realnc/.config/pkcs11 real path: (null) realpath: No such file or directory Debug 456: new_name #/home/realnc/.config/user-dirs.dirs#, whitelist Debug 571: fname #/home/realnc/.config/user-dirs.dirs#, cfg.homedir #/home/realnc# Replaced whitelist path: whitelist /home/realnc/.config/user-dirs.dirs Debug 456: new_name #/home/realnc/.config/user-dirs.locale#, whitelist Debug 571: fname #/home/realnc/.config/user-dirs.locale#, cfg.homedir #/home/realnc# Replaced whitelist path: whitelist /home/realnc/.config/user-dirs.locale Debug 456: new_name #/home/realnc/.drirc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.drirc expanded: /home/realnc/.drirc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/realnc/.icons#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.icons expanded: /home/realnc/.icons real path: (null) realpath: No such file or directory Debug 456: new_name #/home/realnc/.local/share/applications#, whitelist Debug 571: fname #/home/realnc/.local/share/applications#, cfg.homedir #/home/realnc# Replaced whitelist path: whitelist /home/realnc/.local/share/applications Debug 456: new_name #/home/realnc/.local/share/icons#, whitelist Debug 571: fname #/home/realnc/.local/share/icons#, cfg.homedir #/home/realnc# Replaced whitelist path: whitelist /home/realnc/.local/share/icons Debug 456: new_name #/home/realnc/.local/share/mime#, whitelist Debug 571: fname #/home/realnc/.local/share/mime#, cfg.homedir #/home/realnc# Replaced whitelist path: whitelist /home/realnc/.local/share/mime Debug 456: new_name #/home/realnc/.mime.types#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.mime.types expanded: /home/realnc/.mime.types real path: (null) realpath: No such file or directory Debug 456: new_name #/home/realnc/.uim.d#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.uim.d expanded: /home/realnc/.uim.d real path: (null) realpath: No such file or directory Debug 456: new_name #/home/realnc/.config/dconf#, whitelist Debug 571: fname #/home/realnc/.config/dconf#, cfg.homedir #/home/realnc# Replaced whitelist path: whitelist /home/realnc/.config/dconf Debug 456: new_name #/home/realnc/.cache/fontconfig#, whitelist Debug 571: fname #/home/realnc/.cache/fontconfig#, cfg.homedir #/home/realnc# Replaced whitelist path: whitelist /home/realnc/.cache/fontconfig Debug 456: new_name #/home/realnc/.config/fontconfig#, whitelist Debug 571: fname #/home/realnc/.config/fontconfig#, cfg.homedir #/home/realnc# Replaced whitelist path: whitelist /home/realnc/.config/fontconfig Debug 456: new_name #/home/realnc/.fontconfig#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fontconfig expanded: /home/realnc/.fontconfig real path: (null) realpath: No such file or directory Debug 456: new_name #/home/realnc/.fonts#, whitelist Debug 571: fname #/home/realnc/.fonts#, cfg.homedir #/home/realnc# Replaced whitelist path: whitelist /home/realnc/.fonts Debug 456: new_name #/home/realnc/.fonts.conf#, whitelist Debug 571: fname #/home/realnc/.fonts.conf#, cfg.homedir #/home/realnc# Replaced whitelist path: whitelist /home/realnc/.fonts.conf Debug 456: new_name #/home/realnc/.fonts.conf.d#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf.d expanded: /home/realnc/.fonts.conf.d real path: (null) realpath: No such file or directory Debug 456: new_name #/home/realnc/.fonts.d#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.d expanded: /home/realnc/.fonts.d real path: (null) realpath: No such file or directory Debug 456: new_name #/home/realnc/.local/share/fonts#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/fonts expanded: /home/realnc/.local/share/fonts real path: (null) realpath: No such file or directory Debug 456: new_name #/home/realnc/.pangorc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.pangorc expanded: /home/realnc/.pangorc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/realnc/.config/gtk-2.0#, whitelist Debug 571: fname #/home/realnc/.config/gtk-2.0#, cfg.homedir #/home/realnc# Replaced whitelist path: whitelist /home/realnc/.config/gtk-2.0 Debug 456: new_name #/home/realnc/.config/gtk-3.0#, whitelist Debug 571: fname #/home/realnc/.config/gtk-3.0#, cfg.homedir #/home/realnc# Replaced whitelist path: whitelist /home/realnc/.config/gtk-3.0 Debug 456: new_name #/home/realnc/.config/gtk-4.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtk-4.0 expanded: /home/realnc/.config/gtk-4.0 real path: (null) realpath: No such file or directory Debug 456: new_name #/home/realnc/.config/gtkrc#, whitelist Debug 571: fname #/home/realnc/.config/gtkrc#, cfg.homedir #/home/realnc# Replaced whitelist path: whitelist /home/realnc/.config/gtkrc Debug 456: new_name #/home/realnc/.config/gtkrc-2.0#, whitelist Debug 571: fname #/home/realnc/.config/gtkrc-2.0#, cfg.homedir #/home/realnc# Replaced whitelist path: whitelist /home/realnc/.config/gtkrc-2.0 Debug 456: new_name #/home/realnc/.gnome2#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2 expanded: /home/realnc/.gnome2 real path: (null) realpath: No such file or directory Debug 456: new_name #/home/realnc/.gnome2-private#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2-private expanded: /home/realnc/.gnome2-private real path: (null) realpath: No such file or directory Debug 456: new_name #/home/realnc/.gtk-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtk-2.0 expanded: /home/realnc/.gtk-2.0 real path: (null) realpath: No such file or directory Debug 456: new_name #/home/realnc/.gtkrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtkrc expanded: /home/realnc/.gtkrc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/realnc/.gtkrc-2.0#, whitelist Debug 571: fname #/home/realnc/.gtkrc-2.0#, cfg.homedir #/home/realnc# Replaced whitelist path: whitelist /home/realnc/.gtkrc-2.0 Debug 456: new_name #/home/realnc/.kde/share/config/gtkrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc expanded: /home/realnc/.kde/share/config/gtkrc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/realnc/.kde/share/config/gtkrc-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc-2.0 expanded: /home/realnc/.kde/share/config/gtkrc-2.0 real path: (null) realpath: No such file or directory Debug 456: new_name #/home/realnc/.kde4/share/config/gtkrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc expanded: /home/realnc/.kde4/share/config/gtkrc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/realnc/.kde4/share/config/gtkrc-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc-2.0 expanded: /home/realnc/.kde4/share/config/gtkrc-2.0 real path: (null) realpath: No such file or directory Debug 456: new_name #/home/realnc/.local/share/themes#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/themes expanded: /home/realnc/.local/share/themes real path: (null) realpath: No such file or directory Debug 456: new_name #/home/realnc/.themes#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.themes expanded: /home/realnc/.themes real path: (null) realpath: No such file or directory Debug 456: new_name #/home/realnc/.cache/kioexec/krun#, whitelist Debug 571: fname #/home/realnc/.cache/kioexec/krun#, cfg.homedir #/home/realnc# Replaced whitelist path: whitelist /home/realnc/.cache/kioexec/krun Debug 456: new_name #/home/realnc/.config/Kvantum#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/Kvantum expanded: /home/realnc/.config/Kvantum real path: (null) realpath: No such file or directory Debug 456: new_name #/home/realnc/.config/Trolltech.conf#, whitelist Debug 571: fname #/home/realnc/.config/Trolltech.conf#, cfg.homedir #/home/realnc# Replaced whitelist path: whitelist /home/realnc/.config/Trolltech.conf Debug 456: new_name #/home/realnc/.config/kdeglobals#, whitelist Debug 571: fname #/home/realnc/.config/kdeglobals#, cfg.homedir #/home/realnc# Replaced whitelist path: whitelist /home/realnc/.config/kdeglobals Debug 456: new_name #/home/realnc/.config/kio_httprc#, whitelist Debug 571: fname #/home/realnc/.config/kio_httprc#, cfg.homedir #/home/realnc# Replaced whitelist path: whitelist /home/realnc/.config/kio_httprc Debug 456: new_name #/home/realnc/.config/kioslaverc#, whitelist Debug 571: fname #/home/realnc/.config/kioslaverc#, cfg.homedir #/home/realnc# Replaced whitelist path: whitelist /home/realnc/.config/kioslaverc Debug 456: new_name #/home/realnc/.config/ksslcablacklist#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/ksslcablacklist expanded: /home/realnc/.config/ksslcablacklist real path: (null) realpath: No such file or directory Debug 456: new_name #/home/realnc/.config/qt5ct#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/qt5ct expanded: /home/realnc/.config/qt5ct real path: (null) realpath: No such file or directory Debug 456: new_name #/home/realnc/.kde/share/config/kdeglobals#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kdeglobals expanded: /home/realnc/.kde/share/config/kdeglobals real path: (null) realpath: No such file or directory Debug 456: new_name #/home/realnc/.kde/share/config/kio_httprc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kio_httprc expanded: /home/realnc/.kde/share/config/kio_httprc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/realnc/.kde/share/config/kioslaverc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kioslaverc expanded: /home/realnc/.kde/share/config/kioslaverc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/realnc/.kde/share/config/ksslcablacklist#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/ksslcablacklist expanded: /home/realnc/.kde/share/config/ksslcablacklist real path: (null) realpath: No such file or directory Debug 456: new_name #/home/realnc/.kde/share/config/oxygenrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/oxygenrc expanded: /home/realnc/.kde/share/config/oxygenrc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/realnc/.kde/share/icons#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/icons expanded: /home/realnc/.kde/share/icons real path: (null) realpath: No such file or directory Debug 456: new_name #/home/realnc/.kde4/share/config/kdeglobals#, whitelist Debug 571: fname #/home/realnc/.kde4/share/config/kdeglobals#, cfg.homedir #/home/realnc# Replaced whitelist path: whitelist /home/realnc/.kde4/share/config/kdeglobals Debug 456: new_name #/home/realnc/.kde4/share/config/kio_httprc#, whitelist Debug 571: fname #/home/realnc/.kde4/share/config/kio_httprc#, cfg.homedir #/home/realnc# Replaced whitelist path: whitelist /home/realnc/.kde4/share/config/kio_httprc Debug 456: new_name #/home/realnc/.kde4/share/config/kioslaverc#, whitelist Debug 571: fname #/home/realnc/.kde4/share/config/kioslaverc#, cfg.homedir #/home/realnc# Replaced whitelist path: whitelist /home/realnc/.kde4/share/config/kioslaverc Debug 456: new_name #/home/realnc/.kde4/share/config/ksslcablacklist#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/ksslcablacklist expanded: /home/realnc/.kde4/share/config/ksslcablacklist real path: (null) realpath: No such file or directory Debug 456: new_name #/home/realnc/.kde4/share/config/oxygenrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/oxygenrc expanded: /home/realnc/.kde4/share/config/oxygenrc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/realnc/.kde4/share/icons#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/icons expanded: /home/realnc/.kde4/share/icons real path: (null) realpath: No such file or directory Debug 456: new_name #/home/realnc/.local/share/qt5ct#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/qt5ct expanded: /home/realnc/.local/share/qt5ct real path: (null) realpath: No such file or directory Debug 456: new_name #/var/lib/ca-certificates#, whitelist Removed whitelist/nowhitelist path: whitelist /var/lib/ca-certificates expanded: /var/lib/ca-certificates real path: (null) realpath: No such file or directory Debug 456: new_name #/var/lib/dbus#, whitelist Debug 456: new_name #/var/lib/menu-xdg#, whitelist Removed whitelist/nowhitelist path: whitelist /var/lib/menu-xdg expanded: /var/lib/menu-xdg real path: (null) realpath: No such file or directory Debug 456: new_name #/var/lib/uim#, whitelist Removed whitelist/nowhitelist path: whitelist /var/lib/uim expanded: /var/lib/uim real path: (null) realpath: No such file or directory Debug 456: new_name #/var/cache/fontconfig#, whitelist Debug 456: new_name #/var/tmp#, whitelist Debug 456: new_name #/var/run#, whitelist Replaced whitelist path: whitelist /run Debug 456: new_name #/var/lock#, whitelist Replaced whitelist path: whitelist /run/lock Debug 456: new_name #/tmp/.X11-unix#, whitelist Debug 456: new_name #/tmp/pulse-PKdhtXMmr18n#, whitelist Mounting tmpfs on /tmp directory Mounting tmpfs on /var directory Drop privileges: pid 33, uid 1000, gid 1000, nogroups 0 Supplementary groups: 18 27 35 Mounting a new /root directory Mounting a new /home directory Create a new user directory Drop privileges: pid 34, uid 1000, gid 1000, nogroups 0 Supplementary groups: 18 27 35 Whitelisting /home/realnc/.config/discord 715 714 8:6 /home/realnc/.config/discord /home/realnc/.config/discord rw,relatime master:1 - ext4 /dev/root rw mountid=715 fsname=/home/realnc/.config/discord dir=/home/realnc/.config/discord fstype=ext4 Whitelisting /home/realnc/Downloads 716 714 8:6 /home/realnc/Downloads /home/realnc/Downloads rw,relatime master:1 - ext4 /dev/root rw mountid=716 fsname=/home/realnc/Downloads dir=/home/realnc/Downloads fstype=ext4 Whitelisting /home/realnc/.config/ibus 717 714 8:6 /home/realnc/.config/ibus /home/realnc/.config/ibus rw,relatime master:1 - ext4 /dev/root rw mountid=717 fsname=/home/realnc/.config/ibus dir=/home/realnc/.config/ibus fstype=ext4 Whitelisting /home/realnc/.config/mimeapps.list 718 714 8:6 /home/realnc/.config/mimeapps.list /home/realnc/.config/mimeapps.list rw,relatime master:1 - ext4 /dev/root rw mountid=718 fsname=/home/realnc/.config/mimeapps.list dir=/home/realnc/.config/mimeapps.list fstype=ext4 Whitelisting /home/realnc/.config/user-dirs.dirs 719 714 8:6 /home/realnc/.config/user-dirs.dirs /home/realnc/.config/user-dirs.dirs rw,relatime master:1 - ext4 /dev/root rw mountid=719 fsname=/home/realnc/.config/user-dirs.dirs dir=/home/realnc/.config/user-dirs.dirs fstype=ext4 Whitelisting /home/realnc/.config/user-dirs.locale 720 714 8:6 /home/realnc/.config/user-dirs.locale /home/realnc/.config/user-dirs.locale rw,relatime master:1 - ext4 /dev/root rw mountid=720 fsname=/home/realnc/.config/user-dirs.locale dir=/home/realnc/.config/user-dirs.locale fstype=ext4 Whitelisting /home/realnc/.local/share/applications 721 714 8:6 /home/realnc/.local/share/applications /home/realnc/.local/share/applications rw,relatime master:1 - ext4 /dev/root rw mountid=721 fsname=/home/realnc/.local/share/applications dir=/home/realnc/.local/share/applications fstype=ext4 Whitelisting /home/realnc/.local/share/icons 722 714 8:6 /home/realnc/.local/share/icons /home/realnc/.local/share/icons rw,relatime master:1 - ext4 /dev/root rw mountid=722 fsname=/home/realnc/.local/share/icons dir=/home/realnc/.local/share/icons fstype=ext4 Whitelisting /home/realnc/.local/share/mime 723 714 8:6 /home/realnc/.local/share/mime /home/realnc/.local/share/mime rw,relatime master:1 - ext4 /dev/root rw mountid=723 fsname=/home/realnc/.local/share/mime dir=/home/realnc/.local/share/mime fstype=ext4 Whitelisting /home/realnc/.config/dconf 724 714 8:6 /home/realnc/.config/dconf /home/realnc/.config/dconf rw,relatime master:1 - ext4 /dev/root rw mountid=724 fsname=/home/realnc/.config/dconf dir=/home/realnc/.config/dconf fstype=ext4 Whitelisting /home/realnc/.cache/fontconfig 725 714 8:6 /home/realnc/.cache/fontconfig /home/realnc/.cache/fontconfig rw,relatime master:1 - ext4 /dev/root rw mountid=725 fsname=/home/realnc/.cache/fontconfig dir=/home/realnc/.cache/fontconfig fstype=ext4 Whitelisting /home/realnc/.config/fontconfig 726 714 8:6 /home/realnc/.config/fontconfig /home/realnc/.config/fontconfig rw,relatime master:1 - ext4 /dev/root rw mountid=726 fsname=/home/realnc/.config/fontconfig dir=/home/realnc/.config/fontconfig fstype=ext4 Whitelisting /home/realnc/.fonts 727 714 8:6 /home/realnc/.fonts /home/realnc/.fonts rw,relatime master:1 - ext4 /dev/root rw mountid=727 fsname=/home/realnc/.fonts dir=/home/realnc/.fonts fstype=ext4 Whitelisting /home/realnc/.fonts.conf 728 714 8:6 /home/realnc/.fonts.conf /home/realnc/.fonts.conf rw,relatime master:1 - ext4 /dev/root rw mountid=728 fsname=/home/realnc/.fonts.conf dir=/home/realnc/.fonts.conf fstype=ext4 Whitelisting /home/realnc/.config/gtk-2.0 729 714 8:6 /home/realnc/.config/gtk-2.0 /home/realnc/.config/gtk-2.0 rw,relatime master:1 - ext4 /dev/root rw mountid=729 fsname=/home/realnc/.config/gtk-2.0 dir=/home/realnc/.config/gtk-2.0 fstype=ext4 Whitelisting /home/realnc/.config/gtk-3.0 730 714 8:6 /home/realnc/.config/gtk-3.0 /home/realnc/.config/gtk-3.0 rw,relatime master:1 - ext4 /dev/root rw mountid=730 fsname=/home/realnc/.config/gtk-3.0 dir=/home/realnc/.config/gtk-3.0 fstype=ext4 Whitelisting /home/realnc/.config/gtkrc 731 714 8:6 /home/realnc/.config/gtkrc /home/realnc/.config/gtkrc rw,relatime master:1 - ext4 /dev/root rw mountid=731 fsname=/home/realnc/.config/gtkrc dir=/home/realnc/.config/gtkrc fstype=ext4 Whitelisting /home/realnc/.config/gtkrc-2.0 732 714 8:6 /home/realnc/.config/gtkrc-2.0 /home/realnc/.config/gtkrc-2.0 rw,relatime master:1 - ext4 /dev/root rw mountid=732 fsname=/home/realnc/.config/gtkrc-2.0 dir=/home/realnc/.config/gtkrc-2.0 fstype=ext4 Whitelisting /home/realnc/.gtkrc-2.0 733 714 8:6 /home/realnc/.gtkrc-2.0 /home/realnc/.gtkrc-2.0 rw,relatime master:1 - ext4 /dev/root rw mountid=733 fsname=/home/realnc/.gtkrc-2.0 dir=/home/realnc/.gtkrc-2.0 fstype=ext4 Whitelisting /home/realnc/.cache/kioexec/krun 734 714 8:6 /home/realnc/.cache/kioexec/krun /home/realnc/.cache/kioexec/krun rw,relatime master:1 - ext4 /dev/root rw mountid=734 fsname=/home/realnc/.cache/kioexec/krun dir=/home/realnc/.cache/kioexec/krun fstype=ext4 Whitelisting /home/realnc/.config/Trolltech.conf 735 714 8:6 /home/realnc/.config/Trolltech.conf /home/realnc/.config/Trolltech.conf rw,relatime master:1 - ext4 /dev/root rw mountid=735 fsname=/home/realnc/.config/Trolltech.conf dir=/home/realnc/.config/Trolltech.conf fstype=ext4 Whitelisting /home/realnc/.config/kdeglobals 736 714 8:6 /home/realnc/.config/kdeglobals /home/realnc/.config/kdeglobals rw,relatime master:1 - ext4 /dev/root rw mountid=736 fsname=/home/realnc/.config/kdeglobals dir=/home/realnc/.config/kdeglobals fstype=ext4 Whitelisting /home/realnc/.config/kio_httprc 737 714 8:6 /home/realnc/.config/kio_httprc /home/realnc/.config/kio_httprc rw,relatime master:1 - ext4 /dev/root rw mountid=737 fsname=/home/realnc/.config/kio_httprc dir=/home/realnc/.config/kio_httprc fstype=ext4 Whitelisting /home/realnc/.config/kioslaverc 738 714 8:6 /home/realnc/.config/kioslaverc /home/realnc/.config/kioslaverc rw,relatime master:1 - ext4 /dev/root rw mountid=738 fsname=/home/realnc/.config/kioslaverc dir=/home/realnc/.config/kioslaverc fstype=ext4 Whitelisting /home/realnc/.kde4/share/config/kdeglobals 739 714 8:6 /home/realnc/.kde4/share/config/kdeglobals /home/realnc/.kde4/share/config/kdeglobals rw,relatime master:1 - ext4 /dev/root rw mountid=739 fsname=/home/realnc/.kde4/share/config/kdeglobals dir=/home/realnc/.kde4/share/config/kdeglobals fstype=ext4 Whitelisting /home/realnc/.kde4/share/config/kio_httprc 740 714 8:6 /home/realnc/.kde4/share/config/kio_httprc /home/realnc/.kde4/share/config/kio_httprc rw,relatime master:1 - ext4 /dev/root rw mountid=740 fsname=/home/realnc/.kde4/share/config/kio_httprc dir=/home/realnc/.kde4/share/config/kio_httprc fstype=ext4 Whitelisting /home/realnc/.kde4/share/config/kioslaverc 741 714 8:6 /home/realnc/.kde4/share/config/kioslaverc /home/realnc/.kde4/share/config/kioslaverc rw,relatime master:1 - ext4 /dev/root rw mountid=741 fsname=/home/realnc/.kde4/share/config/kioslaverc dir=/home/realnc/.kde4/share/config/kioslaverc fstype=ext4 Whitelisting /var/lib/dbus 742 711 8:6 /var/lib/dbus /var/lib/dbus ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/root rw mountid=742 fsname=/var/lib/dbus dir=/var/lib/dbus fstype=ext4 Whitelisting /var/cache/fontconfig 743 711 8:6 /var/cache/fontconfig /var/cache/fontconfig ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/root rw mountid=743 fsname=/var/cache/fontconfig dir=/var/cache/fontconfig fstype=ext4 Whitelisting /var/tmp 744 711 0:56 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw mountid=744 fsname=/ dir=/var/tmp fstype=tmpfs Created symbolic link /var/run -> /run Created symbolic link /var/lock -> /run/lock Whitelisting /tmp/.X11-unix 745 703 0:44 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev master:105 - tmpfs tmpfs rw,nr_inodes=409600 mountid=745 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Whitelisting /tmp/pulse-PKdhtXMmr18n 746 703 0:44 /pulse-PKdhtXMmr18n /tmp/pulse-PKdhtXMmr18n rw,nosuid,nodev master:105 - tmpfs tmpfs rw,nr_inodes=409600 mountid=746 fsname=/pulse-PKdhtXMmr18n dir=/tmp/pulse-PKdhtXMmr18n fstype=tmpfs Mounting read-only /home/realnc/.Xauthority 750 714 0:71 /realnc/.Xauthority /home/realnc/.Xauthority ro,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755 mountid=750 fsname=/realnc/.Xauthority dir=/home/realnc/.Xauthority fstype=tmpfs Mounting read-only /home/realnc/.config/kdeglobals 751 736 8:6 /home/realnc/.config/kdeglobals /home/realnc/.config/kdeglobals ro,relatime master:1 - ext4 /dev/root rw mountid=751 fsname=/home/realnc/.config/kdeglobals dir=/home/realnc/.config/kdeglobals fstype=ext4 Mounting read-only /home/realnc/.config/kio_httprc 752 737 8:6 /home/realnc/.config/kio_httprc /home/realnc/.config/kio_httprc ro,relatime master:1 - ext4 /dev/root rw mountid=752 fsname=/home/realnc/.config/kio_httprc dir=/home/realnc/.config/kio_httprc fstype=ext4 Mounting read-only /home/realnc/.config/kioslaverc 753 738 8:6 /home/realnc/.config/kioslaverc /home/realnc/.config/kioslaverc ro,relatime master:1 - ext4 /dev/root rw mountid=753 fsname=/home/realnc/.config/kioslaverc dir=/home/realnc/.config/kioslaverc fstype=ext4 Mounting read-only /home/realnc/.kde4/share/config/kdeglobals 754 739 8:6 /home/realnc/.kde4/share/config/kdeglobals /home/realnc/.kde4/share/config/kdeglobals ro,relatime master:1 - ext4 /dev/root rw mountid=754 fsname=/home/realnc/.kde4/share/config/kdeglobals dir=/home/realnc/.kde4/share/config/kdeglobals fstype=ext4 Mounting read-only /home/realnc/.kde4/share/config/kio_httprc 755 740 8:6 /home/realnc/.kde4/share/config/kio_httprc /home/realnc/.kde4/share/config/kio_httprc ro,relatime master:1 - ext4 /dev/root rw mountid=755 fsname=/home/realnc/.kde4/share/config/kio_httprc dir=/home/realnc/.kde4/share/config/kio_httprc fstype=ext4 Mounting read-only /home/realnc/.kde4/share/config/kioslaverc 756 741 8:6 /home/realnc/.kde4/share/config/kioslaverc /home/realnc/.kde4/share/config/kioslaverc ro,relatime master:1 - ext4 /dev/root rw mountid=756 fsname=/home/realnc/.kde4/share/config/kioslaverc dir=/home/realnc/.kde4/share/config/kioslaverc fstype=ext4 Disable /run/user/1000/klauncherwBZCXg.1.slave-socket Disable /run/user/1000/kdeinit5__0 Mounting read-only /home/realnc/.config/dconf 760 724 8:6 /home/realnc/.config/dconf /home/realnc/.config/dconf ro,relatime master:1 - ext4 /dev/root rw mountid=760 fsname=/home/realnc/.config/dconf dir=/home/realnc/.config/dconf fstype=ext4 Disable /run/user/1000/systemd Disable /run/docker.sock (requested /var/run/docker.sock) Mounting read-only /home/realnc/.local/share/applications 763 721 8:6 /home/realnc/.local/share/applications /home/realnc/.local/share/applications ro,relatime master:1 - ext4 /dev/root rw mountid=763 fsname=/home/realnc/.local/share/applications dir=/home/realnc/.local/share/applications fstype=ext4 Mounting read-only /home/realnc/.config/mimeapps.list 764 718 8:6 /home/realnc/.config/mimeapps.list /home/realnc/.config/mimeapps.list ro,relatime master:1 - ext4 /dev/root rw mountid=764 fsname=/home/realnc/.config/mimeapps.list dir=/home/realnc/.config/mimeapps.list fstype=ext4 Mounting read-only /home/realnc/.config/user-dirs.dirs 765 719 8:6 /home/realnc/.config/user-dirs.dirs /home/realnc/.config/user-dirs.dirs ro,relatime master:1 - ext4 /dev/root rw mountid=765 fsname=/home/realnc/.config/user-dirs.dirs dir=/home/realnc/.config/user-dirs.dirs fstype=ext4 Mounting read-only /home/realnc/.config/user-dirs.locale 766 720 8:6 /home/realnc/.config/user-dirs.locale /home/realnc/.config/user-dirs.locale ro,relatime master:1 - ext4 /dev/root rw mountid=766 fsname=/home/realnc/.config/user-dirs.locale dir=/home/realnc/.config/user-dirs.locale fstype=ext4 Mounting read-only /home/realnc/.local/share/mime 767 723 8:6 /home/realnc/.local/share/mime /home/realnc/.local/share/mime ro,relatime master:1 - ext4 /dev/root rw mountid=767 fsname=/home/realnc/.local/share/mime dir=/home/realnc/.local/share/mime fstype=ext4 Disable /sbin Disable /usr/local/sbin Disable /usr/sbin Debug: no access to file /run/user/1000/doc, forcing mount Disable /run/user/1000/doc Disable /usr/share/flatpak Disable /proc/config.gz Disable /usr/lib/llvm/11/bin/clang-11 (requested /usr/lib/llvm/11/bin/clang++-11) Disable /usr/lib/llvm/11/bin/clang-refactor Disable /usr/lib/llvm/11/bin/clangd Disable /usr/lib/llvm/11/bin/clang-query Disable /usr/lib/llvm/11/bin/clang-reorder-fields Disable /usr/lib/llvm/11/bin/clang-11 (requested /usr/lib/llvm/11/bin/clang) Disable /usr/lib/llvm/11/bin/clang-scan-deps Disable /usr/lib/llvm/11/bin/clang-format Disable /usr/lib/llvm/11/bin/clang-change-namespace Disable /usr/lib/llvm/11/bin/clang-11 (requested /usr/lib/llvm/11/bin/clang-cl) Disable /usr/lib/llvm/11/bin/clang-include-fixer Disable /usr/lib/llvm/11/bin/clang-11 Disable /usr/lib/llvm/11/bin/clang-move Disable /usr/lib/llvm/11/bin/clang-apply-replacements Disable /usr/lib/llvm/11/bin/clang-11 (requested /usr/lib/llvm/11/bin/clang-cl-11) Disable /usr/lib/llvm/11/bin/clang-11 (requested /usr/lib/llvm/11/bin/clang-cpp) Disable /usr/lib/llvm/11/bin/clang-11 (requested /usr/lib/llvm/11/bin/clang++) Disable /usr/lib/llvm/11/bin/clang-offload-wrapper Disable /usr/lib/llvm/11/bin/clang-extdef-mapping Disable /usr/lib/llvm/11/bin/clang-doc Disable /usr/lib/llvm/11/bin/clang-tidy Disable /usr/lib/llvm/11/bin/clang-rename Disable /usr/lib/llvm/11/bin/clang-offload-bundler Disable /usr/lib/llvm/11/bin/clang-check Disable /usr/lib/llvm/11/bin/clang-11 (requested /usr/lib/llvm/11/bin/clang-cpp-11) Disable /usr/lib/llvm/11/bin/llvm-size Disable /usr/lib/llvm/11/bin/llvm-ar Disable /usr/lib/llvm/11/bin/llvm-cov Disable /usr/lib/llvm/11/bin/llvm-c-test Disable /usr/lib/llvm/11/bin/llvm-ar (requested /usr/lib/llvm/11/bin/llvm-ranlib) Disable /usr/lib/llvm/11/bin/llvm-PerfectShuffle Disable /usr/lib/llvm/11/bin/llvm-tblgen Disable /usr/lib/llvm/11/bin/llvm-cat Disable /usr/lib/llvm/11/bin/llvm-profdata Disable /usr/lib/llvm/11/bin/llvm-diff Disable /usr/lib/llvm/11/bin/llvm-bcanalyzer Disable /usr/lib/llvm/11/bin/llvm-mca Disable /usr/lib/llvm/11/bin/llvm-ar (requested /usr/lib/llvm/11/bin/llvm-lib) Disable /usr/lib/llvm/11/bin/llvm-objcopy (requested /usr/lib/llvm/11/bin/llvm-install-name-tool) Disable /usr/lib/llvm/11/bin/llvm-link Disable /usr/lib/llvm/11/bin/llvm-cxxdump Disable /usr/lib/llvm/11/bin/llvm-jitlink Disable /usr/lib/llvm/11/bin/llvm-xray Disable /usr/lib/llvm/11/bin/llvm-undname Disable /usr/lib/llvm/11/bin/llvm-opt-report Disable /usr/lib/llvm/11/bin/llvm-lto2 Disable /usr/lib/llvm/11/bin/llvm-split Disable /usr/lib/llvm/11/bin/llvm-pdbutil Disable /usr/lib/llvm/11/bin/llvm-objcopy Disable /usr/lib/llvm/11/bin/llvm-cvtres Disable /usr/lib/llvm/11/bin/llvm-symbolizer (requested /usr/lib/llvm/11/bin/llvm-addr2line) Disable /usr/lib/llvm/11/bin/llvm-modextract Disable /usr/lib/llvm/11/bin/llvm-lipo Disable /usr/lib/llvm/11/bin/llvm-dwp Disable /usr/lib/llvm/11/bin/llvm-dwarfdump Disable /usr/lib/llvm/11/bin/llvm-readobj Disable /usr/lib/llvm/11/bin/llvm-exegesis Disable /usr/lib/llvm/11/bin/llvm-objdump Disable /usr/lib/llvm/11/bin/llvm-ml Disable /usr/lib/llvm/11/bin/llvm-reduce Disable /usr/lib/llvm/11/bin/llvm-mc Disable /usr/lib/llvm/11/bin/llvm-cfi-verify Disable /usr/lib/llvm/11/bin/llvm-symbolizer Disable /usr/lib/llvm/11/bin/llvm-mt Disable /usr/lib/llvm/11/bin/llvm-strings Disable /usr/lib/llvm/11/bin/llvm-readobj (requested /usr/lib/llvm/11/bin/llvm-readelf) Disable /usr/lib/llvm/11/bin/llvm-rtdyld Disable /usr/lib/llvm/11/bin/llvm-elfabi Disable /usr/lib/llvm/11/bin/llvm-stress Disable /usr/lib/llvm/11/bin/llvm-dis Disable /usr/lib/llvm/11/bin/llvm-gsymutil Disable /usr/lib/llvm/11/bin/llvm-as Disable /usr/lib/llvm/11/bin/llvm-nm Disable /usr/lib/llvm/11/bin/llvm-cxxfilt Disable /usr/lib/llvm/11/bin/llvm-cxxmap Disable /usr/lib/llvm/11/bin/x86_64-pc-linux-gnu-llvm-config (requested /usr/lib/llvm/11/bin/llvm-config) Disable /usr/lib/llvm/11/bin/llvm-ar (requested /usr/lib/llvm/11/bin/llvm-dlltool) Disable /usr/lib/llvm/11/bin/llvm-ifs Disable /usr/lib/llvm/11/bin/llvm-lto Disable /usr/lib/llvm/11/bin/llvm-objcopy (requested /usr/lib/llvm/11/bin/llvm-strip) Disable /usr/lib/llvm/11/bin/llvm-rc Disable /usr/lib/llvm/11/bin/llvm-extract Disable /usr/src Disable /usr/include Disable /usr/local/include Mounting noexec /run/user/1000 866 859 0:22 /firejail/firejail.ro.file /run/user/1000/kdeinit5__0 rw,nosuid,nodev master:13 - tmpfs tmpfs rw,size=3273516k,nr_inodes=819200,mode=755 mountid=866 fsname=/firejail/firejail.ro.file dir=/run/user/1000/kdeinit5__0 fstype=tmpfs Mounting noexec /run/user/1000/doc 867 861 0:22 /firejail/firejail.ro.dir /run/user/1000/doc rw,nosuid,nodev,noexec master:13 - tmpfs tmpfs rw,size=3273516k,nr_inodes=819200,mode=755 mountid=867 fsname=/firejail/firejail.ro.dir dir=/run/user/1000/doc fstype=tmpfs Mounting noexec /dev/shm 868 677 0:63 /shm /dev/shm rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755 mountid=868 fsname=/shm dir=/dev/shm fstype=tmpfs Mounting noexec /tmp 871 869 0:44 /pulse-PKdhtXMmr18n /tmp/pulse-PKdhtXMmr18n rw,nosuid,nodev master:105 - tmpfs tmpfs rw,nr_inodes=409600 mountid=871 fsname=/pulse-PKdhtXMmr18n dir=/tmp/pulse-PKdhtXMmr18n fstype=tmpfs Mounting noexec /tmp/.X11-unix 872 870 0:44 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev,noexec master:105 - tmpfs tmpfs rw,nr_inodes=409600 mountid=872 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Mounting noexec /tmp/pulse-PKdhtXMmr18n 873 871 0:44 /pulse-PKdhtXMmr18n /tmp/pulse-PKdhtXMmr18n rw,nosuid,nodev,noexec master:105 - tmpfs tmpfs rw,nr_inodes=409600 mountid=873 fsname=/pulse-PKdhtXMmr18n dir=/tmp/pulse-PKdhtXMmr18n fstype=tmpfs Mounting noexec /var 879 874 0:56 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw mountid=879 fsname=/ dir=/var/tmp fstype=tmpfs Not blacklist /home/realnc/.config/discord Mounting read-only /tmp/.X11-unix 880 872 0:44 /.X11-unix /tmp/.X11-unix ro,nosuid,nodev,noexec master:105 - tmpfs tmpfs rw,nr_inodes=409600 mountid=880 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Disable /sys/fs Disable /sys/module Mounting noexec /run/firejail/mnt/pulse 896 632 0:54 /pulse /run/firejail/mnt/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755 mountid=896 fsname=/pulse dir=/run/firejail/mnt/pulse fstype=tmpfs Creating empty /home/realnc/.config/pulse directory Drop privileges: pid 35, uid 1000, gid 1000, nogroups 0 Supplementary groups: 18 27 35 Mounting /run/firejail/mnt/pulse on /home/realnc/.config/pulse 897 714 0:54 /pulse /home/realnc/.config/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755 mountid=897 fsname=/pulse dir=/home/realnc/.config/pulse fstype=tmpfs Current directory: /home/realnc DISPLAY=:0 parsed as 0 Install protocol filter: unix,inet,inet6,netlink configuring 22 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol sbox run: /usr/lib64/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol Dropping all capabilities Drop privileges: pid 36, uid 1000, gid 1000, nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 04 00 c000003e jeq ARCH_64 0006 (false 0002) 0002: 20 00 00 00000000 ld data.syscall-number 0003: 15 01 00 00000167 jeq unknown 0005 (false 0004) 0004: 06 00 00 7fff0000 ret ALLOW 0005: 05 00 00 00000006 jmp 000c 0006: 20 00 00 00000004 ld data.architecture 0007: 15 01 00 c000003e jeq ARCH_64 0009 (false 0008) 0008: 06 00 00 7fff0000 ret ALLOW 0009: 20 00 00 00000000 ld data.syscall-number 000a: 15 01 00 00000029 jeq socket 000c (false 000b) 000b: 06 00 00 7fff0000 ret ALLOW 000c: 20 00 00 00000010 ld data.args[0] 000d: 15 00 01 00000001 jeq 1 000e (false 000f) 000e: 06 00 00 7fff0000 ret ALLOW 000f: 15 00 01 00000002 jeq 2 0010 (false 0011) 0010: 06 00 00 7fff0000 ret ALLOW 0011: 15 00 01 0000000a jeq a 0012 (false 0013) 0012: 06 00 00 7fff0000 ret ALLOW 0013: 15 00 01 00000010 jeq 10 0014 (false 0015) 0014: 06 00 00 7fff0000 ret ALLOW 0015: 06 00 00 0005005f ret ERRNO(95) configuring 101 seccomp entries in /run/firejail/mnt/seccomp/seccomp.32 sbox run: /usr/lib64/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.32 Dropping all capabilities Drop privileges: pid 37, uid 1000, gid 1000, nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 40000003 jeq ARCH_32 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 15 00 01 00000015 jeq 15 0005 (false 0006) 0005: 06 00 00 00000001 ret KILL 0006: 15 00 01 00000034 jeq 34 0007 (false 0008) 0007: 06 00 00 00000001 ret KILL 0008: 15 00 01 0000001a jeq 1a 0009 (false 000a) 0009: 06 00 00 00000001 ret KILL 000a: 15 00 01 0000011b jeq 11b 000b (false 000c) 000b: 06 00 00 00000001 ret KILL 000c: 15 00 01 00000155 jeq 155 000d (false 000e) 000d: 06 00 00 00000001 ret KILL 000e: 15 00 01 00000156 jeq 156 000f (false 0010) 000f: 06 00 00 00000001 ret KILL 0010: 15 00 01 0000007f jeq 7f 0011 (false 0012) 0011: 06 00 00 00000001 ret KILL 0012: 15 00 01 00000080 jeq 80 0013 (false 0014) 0013: 06 00 00 00000001 ret KILL 0014: 15 00 01 0000015e jeq 15e 0015 (false 0016) 0015: 06 00 00 00000001 ret KILL 0016: 15 00 01 00000081 jeq 81 0017 (false 0018) 0017: 06 00 00 00000001 ret KILL 0018: 15 00 01 0000006e jeq 6e 0019 (false 001a) 0019: 06 00 00 00000001 ret KILL 001a: 15 00 01 00000065 jeq 65 001b (false 001c) 001b: 06 00 00 00000001 ret KILL 001c: 15 00 01 00000121 jeq 121 001d (false 001e) 001d: 06 00 00 00000001 ret KILL 001e: 15 00 01 00000057 jeq 57 001f (false 0020) 001f: 06 00 00 00000001 ret KILL 0020: 15 00 01 00000073 jeq 73 0021 (false 0022) 0021: 06 00 00 00000001 ret KILL 0022: 15 00 01 00000067 jeq 67 0023 (false 0024) 0023: 06 00 00 00000001 ret KILL 0024: 15 00 01 0000015b jeq 15b 0025 (false 0026) 0025: 06 00 00 00000001 ret KILL 0026: 15 00 01 0000015c jeq 15c 0027 (false 0028) 0027: 06 00 00 00000001 ret KILL 0028: 15 00 01 00000087 jeq 87 0029 (false 002a) 0029: 06 00 00 00000001 ret KILL 002a: 15 00 01 00000095 jeq 95 002b (false 002c) 002b: 06 00 00 00000001 ret KILL 002c: 15 00 01 0000007c jeq 7c 002d (false 002e) 002d: 06 00 00 00000001 ret KILL 002e: 15 00 01 00000157 jeq 157 002f (false 0030) 002f: 06 00 00 00000001 ret KILL 0030: 15 00 01 000000fd jeq fd 0031 (false 0032) 0031: 06 00 00 00000001 ret KILL 0032: 15 00 01 00000150 jeq 150 0033 (false 0034) 0033: 06 00 00 00000001 ret KILL 0034: 15 00 01 00000152 jeq 152 0035 (false 0036) 0035: 06 00 00 00000001 ret KILL 0036: 15 00 01 0000015d jeq 15d 0037 (false 0038) 0037: 06 00 00 00000001 ret KILL 0038: 15 00 01 0000011e jeq 11e 0039 (false 003a) 0039: 06 00 00 00000001 ret KILL 003a: 15 00 01 0000011f jeq 11f 003b (false 003c) 003b: 06 00 00 00000001 ret KILL 003c: 15 00 01 00000120 jeq 120 003d (false 003e) 003d: 06 00 00 00000001 ret KILL 003e: 15 00 01 00000056 jeq 56 003f (false 0040) 003f: 06 00 00 00000001 ret KILL 0040: 15 00 01 00000033 jeq 33 0041 (false 0042) 0041: 06 00 00 00000001 ret KILL 0042: 15 00 01 0000007b jeq 7b 0043 (false 0044) 0043: 06 00 00 00000001 ret KILL 0044: 15 00 01 000000d9 jeq d9 0045 (false 0046) 0045: 06 00 00 00000001 ret KILL 0046: 15 00 01 000000f5 jeq f5 0047 (false 0048) 0047: 06 00 00 00000001 ret KILL 0048: 15 00 01 000000f6 jeq f6 0049 (false 004a) 0049: 06 00 00 00000001 ret KILL 004a: 15 00 01 000000f7 jeq f7 004b (false 004c) 004b: 06 00 00 00000001 ret KILL 004c: 15 00 01 000000f8 jeq f8 004d (false 004e) 004d: 06 00 00 00000001 ret KILL 004e: 15 00 01 000000f9 jeq f9 004f (false 0050) 004f: 06 00 00 00000001 ret KILL 0050: 15 00 01 00000101 jeq 101 0051 (false 0052) 0051: 06 00 00 00000001 ret KILL 0052: 15 00 01 00000112 jeq 112 0053 (false 0054) 0053: 06 00 00 00000001 ret KILL 0054: 15 00 01 00000114 jeq 114 0055 (false 0056) 0055: 06 00 00 00000001 ret KILL 0056: 15 00 01 00000126 jeq 126 0057 (false 0058) 0057: 06 00 00 00000001 ret KILL 0058: 15 00 01 0000013d jeq 13d 0059 (false 005a) 0059: 06 00 00 00000001 ret KILL 005a: 15 00 01 0000013c jeq 13c 005b (false 005c) 005b: 06 00 00 00000001 ret KILL 005c: 15 00 01 0000003d jeq 3d 005d (false 005e) 005d: 06 00 00 00000001 ret KILL 005e: 15 00 01 00000058 jeq 58 005f (false 0060) 005f: 06 00 00 00000001 ret KILL 0060: 15 00 01 000000a9 jeq a9 0061 (false 0062) 0061: 06 00 00 00000001 ret KILL 0062: 15 00 01 00000082 jeq 82 0063 (false 0064) 0063: 06 00 00 00000001 ret KILL 0064: 06 00 00 7fff0000 ret ALLOW Dual 32/64 bit seccomp filter configured Build default+drop seccomp filter sbox run: /run/firejail/lib/fseccomp default drop /run/firejail/mnt/seccomp/seccomp /run/firejail/mnt/seccomp/seccomp.postexec !chroot Dropping all capabilities Drop privileges: pid 38, uid 1000, gid 1000, nogroups 1 No supplementary groups Seccomp list in: !chroot, check list: @default-keep, prelist: unknown, sbox run: /run/firejail/lib/fsec-optimize /run/firejail/mnt/seccomp/seccomp Dropping all capabilities Drop privileges: pid 39, uid 1000, gid 1000, nogroups 1 No supplementary groups configuring 136 seccomp entries in /run/firejail/mnt/seccomp/seccomp sbox run: /usr/lib64/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp Dropping all capabilities Drop privileges: pid 40, uid 1000, gid 1000, nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005) 0005: 35 01 00 00000000 jge read 0007 (false 0006) 0006: 06 00 00 00050001 ret ERRNO(1) 0007: 15 00 01 000000a1 jeq chroot 0008 (false 0009) 0008: 06 00 00 7fff0000 ret ALLOW 0009: 15 00 01 0000009f jeq adjtimex 000a (false 000b) 000a: 06 00 00 00050001 ret ERRNO(1) 000b: 15 00 01 00000131 jeq clock_adjtime 000c (false 000d) 000c: 06 00 00 00050001 ret ERRNO(1) 000d: 15 00 01 000000e3 jeq clock_settime 000e (false 000f) 000e: 06 00 00 00050001 ret ERRNO(1) 000f: 15 00 01 000000a4 jeq settimeofday 0010 (false 0011) 0010: 06 00 00 00050001 ret ERRNO(1) 0011: 15 00 01 0000009a jeq modify_ldt 0012 (false 0013) 0012: 06 00 00 00050001 ret ERRNO(1) 0013: 15 00 01 000000d4 jeq lookup_dcookie 0014 (false 0015) 0014: 06 00 00 00050001 ret ERRNO(1) 0015: 15 00 01 0000012a jeq perf_event_open 0016 (false 0017) 0016: 06 00 00 00050001 ret ERRNO(1) 0017: 15 00 01 00000137 jeq process_vm_writev 0018 (false 0019) 0018: 06 00 00 00050001 ret ERRNO(1) 0019: 15 00 01 000000b0 jeq delete_module 001a (false 001b) 001a: 06 00 00 00050001 ret ERRNO(1) 001b: 15 00 01 00000139 jeq finit_module 001c (false 001d) 001c: 06 00 00 00050001 ret ERRNO(1) 001d: 15 00 01 000000af jeq init_module 001e (false 001f) 001e: 06 00 00 00050001 ret ERRNO(1) 001f: 15 00 01 000000a1 jeq chroot 0020 (false 0021) 0020: 06 00 00 00050001 ret ERRNO(1) 0021: 15 00 01 000000a5 jeq mount 0022 (false 0023) 0022: 06 00 00 00050001 ret ERRNO(1) 0023: 15 00 01 0000009b jeq pivot_root 0024 (false 0025) 0024: 06 00 00 00050001 ret ERRNO(1) 0025: 15 00 01 000000a6 jeq umount2 0026 (false 0027) 0026: 06 00 00 00050001 ret ERRNO(1) 0027: 15 00 01 0000009c jeq _sysctl 0028 (false 0029) 0028: 06 00 00 00050001 ret ERRNO(1) 0029: 15 00 01 000000b7 jeq afs_syscall 002a (false 002b) 002a: 06 00 00 00050001 ret ERRNO(1) 002b: 15 00 01 000000ae jeq create_module 002c (false 002d) 002c: 06 00 00 00050001 ret ERRNO(1) 002d: 15 00 01 000000b1 jeq get_kernel_syms 002e (false 002f) 002e: 06 00 00 00050001 ret ERRNO(1) 002f: 15 00 01 000000b5 jeq getpmsg 0030 (false 0031) 0030: 06 00 00 00050001 ret ERRNO(1) 0031: 15 00 01 000000b6 jeq putpmsg 0032 (false 0033) 0032: 06 00 00 00050001 ret ERRNO(1) 0033: 15 00 01 000000b2 jeq query_module 0034 (false 0035) 0034: 06 00 00 00050001 ret ERRNO(1) 0035: 15 00 01 000000b9 jeq security 0036 (false 0037) 0036: 06 00 00 00050001 ret ERRNO(1) 0037: 15 00 01 0000008b jeq sysfs 0038 (false 0039) 0038: 06 00 00 00050001 ret ERRNO(1) 0039: 15 00 01 000000b8 jeq tuxcall 003a (false 003b) 003a: 06 00 00 00050001 ret ERRNO(1) 003b: 15 00 01 00000086 jeq uselib 003c (false 003d) 003c: 06 00 00 00050001 ret ERRNO(1) 003d: 15 00 01 00000088 jeq ustat 003e (false 003f) 003e: 06 00 00 00050001 ret ERRNO(1) 003f: 15 00 01 000000ec jeq vserver 0040 (false 0041) 0040: 06 00 00 00050001 ret ERRNO(1) 0041: 15 00 01 000000ad jeq ioperm 0042 (false 0043) 0042: 06 00 00 00050001 ret ERRNO(1) 0043: 15 00 01 000000ac jeq iopl 0044 (false 0045) 0044: 06 00 00 00050001 ret ERRNO(1) 0045: 15 00 01 000000f6 jeq kexec_load 0046 (false 0047) 0046: 06 00 00 00050001 ret ERRNO(1) 0047: 15 00 01 00000140 jeq kexec_file_load 0048 (false 0049) 0048: 06 00 00 00050001 ret ERRNO(1) 0049: 15 00 01 000000a9 jeq reboot 004a (false 004b) 004a: 06 00 00 00050001 ret ERRNO(1) 004b: 15 00 01 000000a7 jeq swapon 004c (false 004d) 004c: 06 00 00 00050001 ret ERRNO(1) 004d: 15 00 01 000000a8 jeq swapoff 004e (false 004f) 004e: 06 00 00 00050001 ret ERRNO(1) 004f: 15 00 01 00000130 jeq open_by_handle_at 0050 (false 0051) 0050: 06 00 00 00050001 ret ERRNO(1) 0051: 15 00 01 0000012f jeq name_to_handle_at 0052 (false 0053) 0052: 06 00 00 00050001 ret ERRNO(1) 0053: 15 00 01 000000fb jeq ioprio_set 0054 (false 0055) 0054: 06 00 00 00050001 ret ERRNO(1) 0055: 15 00 01 00000067 jeq syslog 0056 (false 0057) 0056: 06 00 00 00050001 ret ERRNO(1) 0057: 15 00 01 0000012c jeq fanotify_init 0058 (false 0059) 0058: 06 00 00 00050001 ret ERRNO(1) 0059: 15 00 01 00000138 jeq kcmp 005a (false 005b) 005a: 06 00 00 00050001 ret ERRNO(1) 005b: 15 00 01 000000f8 jeq add_key 005c (false 005d) 005c: 06 00 00 00050001 ret ERRNO(1) 005d: 15 00 01 000000f9 jeq request_key 005e (false 005f) 005e: 06 00 00 00050001 ret ERRNO(1) 005f: 15 00 01 000000ed jeq mbind 0060 (false 0061) 0060: 06 00 00 00050001 ret ERRNO(1) 0061: 15 00 01 00000100 jeq migrate_pages 0062 (false 0063) 0062: 06 00 00 00050001 ret ERRNO(1) 0063: 15 00 01 00000117 jeq move_pages 0064 (false 0065) 0064: 06 00 00 00050001 ret ERRNO(1) 0065: 15 00 01 000000fa jeq keyctl 0066 (false 0067) 0066: 06 00 00 00050001 ret ERRNO(1) 0067: 15 00 01 000000ce jeq io_setup 0068 (false 0069) 0068: 06 00 00 00050001 ret ERRNO(1) 0069: 15 00 01 000000cf jeq io_destroy 006a (false 006b) 006a: 06 00 00 00050001 ret ERRNO(1) 006b: 15 00 01 000000d0 jeq io_getevents 006c (false 006d) 006c: 06 00 00 00050001 ret ERRNO(1) 006d: 15 00 01 000000d1 jeq io_submit 006e (false 006f) 006e: 06 00 00 00050001 ret ERRNO(1) 006f: 15 00 01 000000d2 jeq io_cancel 0070 (false 0071) 0070: 06 00 00 00050001 ret ERRNO(1) 0071: 15 00 01 000000d8 jeq remap_file_pages 0072 (false 0073) 0072: 06 00 00 00050001 ret ERRNO(1) 0073: 15 00 01 00000143 jeq userfaultfd 0074 (false 0075) 0074: 06 00 00 00050001 ret ERRNO(1) 0075: 15 00 01 000000a3 jeq acct 0076 (false 0077) 0076: 06 00 00 00050001 ret ERRNO(1) 0077: 15 00 01 00000141 jeq bpf 0078 (false 0079) 0078: 06 00 00 00050001 ret ERRNO(1) 0079: 15 00 01 000000b4 jeq nfsservctl 007a (false 007b) 007a: 06 00 00 00050001 ret ERRNO(1) 007b: 15 00 01 000000ab jeq setdomainname 007c (false 007d) 007c: 06 00 00 00050001 ret ERRNO(1) 007d: 15 00 01 000000aa jeq sethostname 007e (false 007f) 007e: 06 00 00 00050001 ret ERRNO(1) 007f: 15 00 01 00000099 jeq vhangup 0080 (false 0081) 0080: 06 00 00 00050001 ret ERRNO(1) 0081: 15 00 01 00000065 jeq ptrace 0082 (false 0083) 0082: 06 00 00 00050001 ret ERRNO(1) 0083: 15 00 01 00000087 jeq personality 0084 (false 0085) 0084: 06 00 00 00050001 ret ERRNO(1) 0085: 15 00 01 00000136 jeq process_vm_readv 0086 (false 0087) 0086: 06 00 00 00050001 ret ERRNO(1) 0087: 06 00 00 7fff0000 ret ALLOW seccomp filter configured Mounting read-only /run/firejail/mnt/seccomp 900 632 0:54 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755 mountid=900 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs Seccomp directory: ls /run/firejail/mnt/seccomp drwxr-xr-x root root 160 . drwxr-xr-x root root 420 .. -rw-r--r-- 1000 realnc 1088 seccomp -rw-r--r-- 1000 realnc 808 seccomp.32 -rw-r--r-- 1000 realnc 114 seccomp.list -rw-r--r-- 1000 realnc 0 seccomp.postexec -rw-r--r-- 1000 realnc 0 seccomp.postexec32 -rw-r--r-- 1000 realnc 176 seccomp.protocol Active seccomp files: cat /run/firejail/mnt/seccomp/seccomp.list /run/firejail/mnt/seccomp/seccomp.protocol /run/firejail/mnt/seccomp/seccomp.32 /run/firejail/mnt/seccomp/seccomp Dropping all capabilities noroot user namespace installed Dropping all capabilities NO_NEW_PRIVS set Drop privileges: pid 1, uid 1000, gid 1000, nogroups 0 Supplementary groups: 18 27 35 starting application LD_PRELOAD=(null) Running 'discord' command through /bin/bash execvp argument 0: /bin/bash execvp argument 1: -c execvp argument 2: 'discord' Child process initialized in 402.61 ms Installing /run/firejail/mnt/seccomp/seccomp seccomp filter Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter monitoring pid 41 Discord 0.0.13 (node:41) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead. Starting app. Starting updater. [Modules] Modules initializing [Modules] Distribution: remote [Modules] Host updates: enabled [Modules] Module updates: enabled [Modules] Module install path: /home/realnc/.config/discord/0.0.13/modules [Modules] Module installed file path: /home/realnc/.config/discord/0.0.13/modules/installed.json [Modules] Module download path: /home/realnc/.config/discord/0.0.13/modules/pending [Modules] No updates to install [Modules] Checking for host updates. [Modules] Host is up to date. [Modules] Checking for module updates at https://discord.com/api/modules/stable/versions.json [Modules] No module updates available. (discord:41): IBUS-WARNING **: 11:04:33.864: Unable to connect to ibus: Could not connect: Connection refused /usr/local/bin/xdg-open: line 608: kde-open5: command not found ```
smitsohu commented 3 years ago

You'll need to go to the discord profile and find the offending line by commenting out everything (which is equal to noprofile), and then uncommenting one line after the other.

Wild guesses: If I recall correctly, kde-open5 creates files in temporary locations and then issues commands via D-Bus. So --whitelist=~/.cache or --ignore=private-tmp could be something worth trying. To check if you are missing a file on the whitelist, run --ignore=whitelist and see if it works.

smitsohu commented 3 years ago

You could also try firejail --build discord. After exiting the application it usually suggests a profile, which can be quite helpful in debugging.

jas0n098 commented 3 years ago

A good solution for this problem is to add gdbus to private-bin and by launching Discord with something like env XDG_CURRENT_DESKTOP= KDE_FULL_SESSION= DE=flatpak discord This will force xdg-open to open links with xdg-desktop-portal instead which is better suited for sandboxed environments.

rusty-snake commented 3 years ago

@jas0n098 you are a genius. Why didn't I realize earlier that portals are exactly the right solution?

Until now I had a /usr/local/bin/xdg-open script that uses D-Bus+systemd to escape the sandbox.

#!/bin/sh
systemd-run --user --quiet --no-block /usr/bin/xdg-open "$@" || /usr/bin/xdg-open "$@"

But this requires that the sandbox can execute shell-script and can talk to org.freedesktop.systemd1 which gives it full control over systemd --user.

So portals are better, but replacing this script with a script that talks to the portal would still require a shell in the sandbox, therefore I made it in C: https://gist.github.com/rusty-snake/5104dc53ce3e52eef86cc34d359aa10e

glitsj16 commented 3 years ago

The use/misuse of portals (I assume that includes xdg-desktop-portal) for sandbox escaping recently raised this RFC: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/3943. Just adding it here for reference - things on the portal side are likely to undergo changes we need to be aware of.

rusty-snake commented 3 years ago

I'm closing here due to inactivity, please fell free to request to reopen if you still have this issue.

realnc commented 2 years ago

You could also try firejail --build discord. After exiting the application it usually suggests a profile, which can be quite helpful in debugging.

I just tried that and nothing happens. Discord doesn't start and I have to press ctrl+c to abort.

realnc commented 2 years ago

I got it to work by commenting out these lines in discord.profile:

private-bin discord
private-opt discord

And these lines in discord-common.profile:

private-bin bash,cut,echo,egrep,fish,grep,head,sed,sh,tclsh,tr,xdg-mime,xdg-open,zsh
private-etc alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,localtime,login.defs,machine-id,password,pki,pulse,resolv.conf,ssl

Furthermore, I had to comment out this in electron.profile, otherwise the system tray icon in KDE is invisible (no icon is visible):

private-tmp

It also works if I restore all the edited profiles and instead put this in my discord.local:

ignore private-bin
ignore private-opt
ignore private-tmp
ignore private-etc

This might have something to do with the Firefox executable not being called firefox here, but rather /usr/bin/firefox-bin, which is a wrapper to start Firefox which is installed in /opt/firefox. I have tried adding firefox-bin to private-bin and private-opt, but it doesn't seem to help.

shervinsahba commented 2 years ago

@jas0n098 's solution worked for me. Thanks! I'll be honest that I'm not familiar enough with firejail or flatpak to know why this worked...

Anyway, to log it for others: I made a discord.local with private-bin gdbus. Then launching Discord with env DE=flatpak discord sufficed for links to open in Firefox under my actual profile.

Prior to this I had tried ignore private-bin for discord.local, which allowed links to open in Firefox under a brand new (i.e. blank) profile. That, though, was undesirable.