netblue30 / firejail

Linux namespaces and seccomp-bpf sandbox
https://firejail.wordpress.com
GNU General Public License v2.0
5.8k stars 567 forks source link

Harcoded /usr/lib profile entries do not apply to /usr/lib64 (Gentoo) #5952

Open CaseOf opened 1 year ago

CaseOf commented 1 year ago

Description

I was looking at allowing ssh for vscodium then I did find the issue #5480 and reading allow-ssh.inc made me see some distributions specific lib directories matching counterparts in disable-common.inc.

I am running on Gentoo on a x86 64bit computer. On this configuration (and widely available hardware), lib directories are named lib64 on Gentoo.

Then, it is actually not applied on such configuration.

Steps to Reproduce

Install and use a Gentoo distribution on an x86 64bit computer, look lib directories being called lib64. Run firejail and watch lib directories not being affected by firejail rules.

Expected behavior

It would be nice that this Gentoo specific naming convention being covered by firejail.

Actual behavior

Gentoo specific naming convention on lib directories is not covered by firejail.

Behavior without a profile

Not applicable

Additional context

Any other detail that may help to understand/debug the problem

Environment

Checklist

Log

Output of LC_ALL=C firejail /path/to/program

``` output goes here ```

Output of LC_ALL=C firejail --debug vscodium

``` Building quoted command line: 'vscodium' Command name #vscodium# Found vscodium.profile profile in /etc/firejail directory Reading profile /etc/firejail/vscodium.profile Found code.profile profile in /etc/firejail directory Reading profile /etc/firejail/code.profile Found allow-common-devel.inc profile in /etc/firejail directory Reading profile /etc/firejail/allow-common-devel.inc Found electron.profile profile in /etc/firejail directory Reading profile /etc/firejail/electron.profile Found disable-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-common.inc Found disable-programs.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-programs.inc DISPLAY=:0.0 parsed as 0 Using the local network stack Parent pid 8953, child pid 8954 Initializing child process Host network configured PID namespace installed Mounting tmpfs on /run/firejail/mnt directory Creating empty /run/firejail/mnt/seccomp directory Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file Mounting /proc filesystem representing the PID namespace Basic read-only filesystem: Mounting read-only /etc 751 723 8:2 /etc /etc ro,relatime - ext4 /dev/root rw,discard mountid=751 fsname=/etc dir=/etc fstype=ext4 Mounting noexec /etc 752 751 8:2 /etc /etc ro,nosuid,nodev,noexec,relatime - ext4 /dev/root rw,discard mountid=752 fsname=/etc dir=/etc fstype=ext4 Mounting read-only /var 753 723 8:2 /var /var ro,relatime - ext4 /dev/root rw,discard mountid=753 fsname=/var dir=/var fstype=ext4 Mounting noexec /var 754 753 8:2 /var /var ro,nosuid,nodev,noexec,relatime - ext4 /dev/root rw,discard mountid=754 fsname=/var dir=/var fstype=ext4 Mounting read-only /usr 755 723 8:2 /usr /usr ro,relatime - ext4 /dev/root rw,discard mountid=755 fsname=/usr dir=/usr fstype=ext4 Mounting read-only /bin 756 723 8:2 /bin /bin ro,relatime - ext4 /dev/root rw,discard mountid=756 fsname=/bin dir=/bin fstype=ext4 Mounting read-only /sbin 757 723 8:2 /sbin /sbin ro,relatime - ext4 /dev/root rw,discard mountid=757 fsname=/sbin dir=/sbin fstype=ext4 Mounting read-only /lib 758 723 8:2 /lib /lib ro,relatime - ext4 /dev/root rw,discard mountid=758 fsname=/lib dir=/lib fstype=ext4 Mounting read-only /lib64 759 723 8:2 /lib64 /lib64 ro,relatime - ext4 /dev/root rw,discard mountid=759 fsname=/lib64 dir=/lib64 fstype=ext4 Mounting tmpfs on /var/lock Mounting tmpfs on /var/tmp Mounting tmpfs on /var/log Create the new utmp file Mount the new utmp file Cleaning /home directory Cleaning /run/user directory Sanitizing /etc/passwd, UID_MIN 1000 Sanitizing /etc/group, GID_MIN 1000 Disable /run/firejail/sandbox Disable /run/firejail/network Disable /run/firejail/bandwidth Disable /run/firejail/name Disable /run/firejail/profile Disable /run/firejail/x11 Mounting tmpfs on /dev mounting /run/firejail/mnt/dev/dri directory Process /dev/shm directory Generate private-tmp whitelist commands blacklist /run/firejail/dbus Mounting read-only /proc/sys Remounting /sys directory Disable /sys/firmware Disable /sys/power Disable /sys/kernel/debug Disable /sys/kernel/vmcoreinfo Disable /sys/kernel/uevent_helper Disable /proc/sys/fs/binfmt_misc Disable /proc/sys/kernel/core_pattern Disable /proc/sysrq-trigger Disable /proc/sys/kernel/hotplug Disable /proc/sys/vm/panic_on_oom Disable /proc/irq Disable /proc/bus Disable /proc/timer_list Disable /proc/kcore Disable /proc/kallsyms Disable /usr/src/linux-6.1.41-gentoo (requested /usr/src/linux) Disable /lib/modules Disable /boot Disable /run/user/1000/gnupg Disable /run/user/1000/systemd Disable /proc/kmsg Debug 588: whitelist /tmp/.X11-unix Debug 609: expanded: /tmp/.X11-unix Debug 620: new_name: /tmp/.X11-unix Debug 630: dir: /tmp Adding whitelist top level directory /tmp Debug 588: whitelist /tmp/sndio Debug 609: expanded: /tmp/sndio Debug 620: new_name: /tmp/sndio Debug 630: dir: /tmp Removed path: whitelist /tmp/sndio new_name: /tmp/sndio realpath: (null) No such file or directory Mounting tmpfs on /tmp, check owner: no 807 723 0:72 / /tmp rw,nosuid,nodev,relatime - tmpfs tmpfs rw mountid=807 fsname=/ dir=/tmp fstype=tmpfs Whitelisting /tmp/.X11-unix 808 807 8:2 /tmp/.X11-unix /tmp/.X11-unix rw,relatime - ext4 /dev/root rw,discard mountid=808 fsname=/tmp/.X11-unix dir=/tmp/.X11-unix fstype=ext4 Mounting noexec /tmp 810 809 8:2 /tmp/.X11-unix /tmp/.X11-unix rw,relatime - ext4 /dev/root rw,discard mountid=810 fsname=/tmp/.X11-unix dir=/tmp/.X11-unix fstype=ext4 Mounting noexec /tmp/.X11-unix 811 810 8:2 /tmp/.X11-unix /tmp/.X11-unix rw,nosuid,nodev,noexec,relatime - ext4 /dev/root rw,discard mountid=811 fsname=/tmp/.X11-unix dir=/tmp/.X11-unix fstype=ext4 Disable /home/quentin/.local/share/Trash Not blacklist /home/quentin/.python-history Not blacklist /home/quentin/.python_history Not blacklist /home/quentin/.pythonhist Disable /home/quentin/.lesshst Disable /home/quentin/.config/autostart Disable /home/quentin/.xinitrc Disable /home/quentin/.xprofile Disable /etc/xdg/autostart Mounting read-only /home/quentin/.Xauthority 819 766 8:3 /quentin/.Xauthority /home/quentin/.Xauthority ro,relatime - ext4 /dev/sda3 rw,discard,data=ordered mountid=819 fsname=/quentin/.Xauthority dir=/home/quentin/.Xauthority fstype=ext4 Disable /home/quentin/.local/share/gvfs-metadata Mounting read-only /home/quentin/.config/dconf 821 766 8:3 /quentin/.config/dconf /home/quentin/.config/dconf ro,relatime - ext4 /dev/sda3 rw,discard,data=ordered mountid=821 fsname=/quentin/.config/dconf dir=/home/quentin/.config/dconf fstype=ext4 Disable /run/user/1000/systemd Disable /etc/init.d Disable /etc/rc.conf Disable /etc/runlevels Disable /var/cache/binpkgs Disable /var/cache/distfiles Disable /var/lib/ip6tables Disable /var/lib/iptables Disable /var/lib/portage Disable /var/lib/upower Disable /var/spool/cron Disable /etc/apparmor.d Disable /etc/apparmor Disable /etc/crontab Disable /etc/cron.daily Disable /etc/cron.weekly Disable /etc/cron.hourly Disable /etc/cron.monthly Disable /etc/default Disable /etc/grub.d Disable /etc/kernel Disable /etc/kernels Disable /etc/logrotate.conf Disable /etc/logrotate.d Disable /etc/sysconfig Mounting read-only /home/quentin/.bash_profile 847 766 8:3 /quentin/.bash_profile /home/quentin/.bash_profile ro,relatime - ext4 /dev/sda3 rw,discard,data=ordered mountid=847 fsname=/quentin/.bash_profile dir=/home/quentin/.bash_profile fstype=ext4 Mounting read-only /home/quentin/.bashrc 848 766 8:3 /quentin/.bashrc /home/quentin/.bashrc ro,relatime - ext4 /dev/sda3 rw,discard,data=ordered mountid=848 fsname=/quentin/.bashrc dir=/home/quentin/.bashrc fstype=ext4 Mounting read-only /home/quentin/.ssh/config 849 766 8:3 /quentin/.ssh/config /home/quentin/.ssh/config ro,relatime - ext4 /dev/sda3 rw,discard,data=ordered mountid=849 fsname=/quentin/.ssh/config dir=/home/quentin/.ssh/config fstype=ext4 Mounting read-only /home/quentin/.local/bin 850 766 8:3 /quentin/.local/bin /home/quentin/.local/bin ro,relatime - ext4 /dev/sda3 rw,discard,data=ordered mountid=850 fsname=/quentin/.local/bin dir=/home/quentin/.local/bin fstype=ext4 Mounting read-only /home/quentin/.config/menus 851 766 8:3 /quentin/.config/menus /home/quentin/.config/menus ro,relatime - ext4 /dev/sda3 rw,discard,data=ordered mountid=851 fsname=/quentin/.config/menus dir=/home/quentin/.config/menus fstype=ext4 Mounting read-only /home/quentin/.gnome/apps 852 766 8:3 /quentin/.gnome/apps /home/quentin/.gnome/apps ro,relatime - ext4 /dev/sda3 rw,discard,data=ordered mountid=852 fsname=/quentin/.gnome/apps dir=/home/quentin/.gnome/apps fstype=ext4 Mounting read-only /home/quentin/.local/share/applications 853 766 8:3 /quentin/.local/share/applications /home/quentin/.local/share/applications ro,relatime - ext4 /dev/sda3 rw,discard,data=ordered mountid=853 fsname=/quentin/.local/share/applications dir=/home/quentin/.local/share/applications fstype=ext4 Mounting read-only /home/quentin/.config/mimeapps.list 854 766 8:3 /quentin/.config/mimeapps.list /home/quentin/.config/mimeapps.list ro,relatime - ext4 /dev/sda3 rw,discard,data=ordered mountid=854 fsname=/quentin/.config/mimeapps.list dir=/home/quentin/.config/mimeapps.list fstype=ext4 Mounting read-only /home/quentin/.config/user-dirs.dirs 855 766 8:3 /quentin/.config/user-dirs.dirs /home/quentin/.config/user-dirs.dirs ro,relatime - ext4 /dev/sda3 rw,discard,data=ordered mountid=855 fsname=/quentin/.config/user-dirs.dirs dir=/home/quentin/.config/user-dirs.dirs fstype=ext4 Mounting read-only /home/quentin/.config/user-dirs.locale 856 766 8:3 /quentin/.config/user-dirs.locale /home/quentin/.config/user-dirs.locale ro,relatime - ext4 /dev/sda3 rw,discard,data=ordered mountid=856 fsname=/quentin/.config/user-dirs.locale dir=/home/quentin/.config/user-dirs.locale fstype=ext4 Mounting read-only /home/quentin/.local/share/mime 857 766 8:3 /quentin/.local/share/mime /home/quentin/.local/share/mime ro,relatime - ext4 /dev/sda3 rw,discard,data=ordered mountid=857 fsname=/quentin/.local/share/mime dir=/home/quentin/.local/share/mime fstype=ext4 Disable /etc/group- Disable /etc/gshadow Disable /etc/gshadow- Disable /etc/passwd- Disable /etc/shadow Disable /etc/shadow- Disable /etc/ssh Warning (blacklisting): cannot open /etc/ssh/*: Permission denied Not blacklist /home/quentin/.git-credentials Disable /home/quentin/.gnupg Disable /home/quentin/.local/share/keyrings Disable /home/quentin/.local/share/pki Disable /home/quentin/.pki Disable /home/quentin/.ssh Disable /sbin Disable /usr/local/sbin Disable /usr/sbin Warning (blacklisting): cannot open /usr/local/sbin/at: Permission denied Warning (blacklisting): cannot open /usr/sbin/at: Permission denied Warning (blacklisting): cannot open /sbin/at: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/busybox: Permission denied Warning (blacklisting): cannot open /usr/sbin/busybox: Permission denied Warning (blacklisting): cannot open /sbin/busybox: Permission denied Disable /bin/busybox Warning (blacklisting): cannot open /usr/local/sbin/chage: Permission denied Warning (blacklisting): cannot open /usr/sbin/chage: Permission denied Disable /usr/bin/chage Warning (blacklisting): cannot open /sbin/chage: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/chfn: Permission denied Warning (blacklisting): cannot open /usr/sbin/chfn: Permission denied Disable /usr/bin/chfn Warning (blacklisting): cannot open /sbin/chfn: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/chsh: Permission denied Warning (blacklisting): cannot open /usr/sbin/chsh: Permission denied Disable /usr/bin/chsh Warning (blacklisting): cannot open /sbin/chsh: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/crontab: Permission denied Warning (blacklisting): cannot open /usr/sbin/crontab: Permission denied Disable /usr/bin/fcrontab (requested /usr/bin/crontab) Warning (blacklisting): cannot open /sbin/crontab: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/doas: Permission denied Warning (blacklisting): cannot open /usr/sbin/doas: Permission denied Warning (blacklisting): cannot open /sbin/doas: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/evtest: Permission denied Warning (blacklisting): cannot open /usr/sbin/evtest: Permission denied Warning (blacklisting): cannot open /sbin/evtest: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/expiry: Permission denied Warning (blacklisting): cannot open /usr/sbin/expiry: Permission denied Disable /usr/bin/expiry Warning (blacklisting): cannot open /sbin/expiry: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/fusermount: Permission denied Warning (blacklisting): cannot open /usr/sbin/fusermount: Permission denied Warning (blacklisting): cannot open /sbin/fusermount: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/gksu: Permission denied Warning (blacklisting): cannot open /usr/sbin/gksu: Permission denied Warning (blacklisting): cannot open /sbin/gksu: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/gksudo: Permission denied Warning (blacklisting): cannot open /usr/sbin/gksudo: Permission denied Warning (blacklisting): cannot open /sbin/gksudo: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/gpasswd: Permission denied Warning (blacklisting): cannot open /usr/sbin/gpasswd: Permission denied Disable /usr/bin/gpasswd Warning (blacklisting): cannot open /sbin/gpasswd: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/kdesudo: Permission denied Warning (blacklisting): cannot open /usr/sbin/kdesudo: Permission denied Warning (blacklisting): cannot open /sbin/kdesudo: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/ksu: Permission denied Warning (blacklisting): cannot open /usr/sbin/ksu: Permission denied Disable /usr/bin/ksu Warning (blacklisting): cannot open /sbin/ksu: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/mount: Permission denied Warning (blacklisting): cannot open /usr/sbin/mount: Permission denied Warning (blacklisting): cannot open /sbin/mount: Permission denied Disable /bin/mount Warning (blacklisting): cannot open /usr/local/sbin/mount.ecryptfs_private: Permission denied Warning (blacklisting): cannot open /usr/sbin/mount.ecryptfs_private: Permission denied Warning (blacklisting): cannot open /sbin/mount.ecryptfs_private: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/nc: Permission denied Warning (blacklisting): cannot open /usr/sbin/nc: Permission denied Disable /usr/bin/nc Warning (blacklisting): cannot open /sbin/nc: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/ncat: Permission denied Warning (blacklisting): cannot open /usr/sbin/ncat: Permission denied Disable /usr/bin/ncat Warning (blacklisting): cannot open /sbin/ncat: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/nmap: Permission denied Warning (blacklisting): cannot open /usr/sbin/nmap: Permission denied Disable /usr/bin/nmap Warning (blacklisting): cannot open /sbin/nmap: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/newgidmap: Permission denied Warning (blacklisting): cannot open /usr/sbin/newgidmap: Permission denied Disable /usr/bin/newgidmap Warning (blacklisting): cannot open /sbin/newgidmap: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/newgrp: Permission denied Warning (blacklisting): cannot open /usr/sbin/newgrp: Permission denied Disable /usr/bin/newgrp Warning (blacklisting): cannot open /sbin/newgrp: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/newuidmap: Permission denied Warning (blacklisting): cannot open /usr/sbin/newuidmap: Permission denied Disable /usr/bin/newuidmap Warning (blacklisting): cannot open /sbin/newuidmap: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/ntfs-3g: Permission denied Warning (blacklisting): cannot open /usr/sbin/ntfs-3g: Permission denied Disable /usr/bin/ntfs-3g Warning (blacklisting): cannot open /sbin/ntfs-3g: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/pkexec: Permission denied Warning (blacklisting): cannot open /usr/sbin/pkexec: Permission denied Disable /usr/bin/pkexec Warning (blacklisting): cannot open /sbin/pkexec: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/procmail: Permission denied Warning (blacklisting): cannot open /usr/sbin/procmail: Permission denied Warning (blacklisting): cannot open /sbin/procmail: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/sg: Permission denied Warning (blacklisting): cannot open /usr/sbin/sg: Permission denied Disable /usr/bin/newgrp (requested /usr/bin/sg) Warning (blacklisting): cannot open /sbin/sg: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/strace: Permission denied Warning (blacklisting): cannot open /usr/sbin/strace: Permission denied Disable /usr/bin/strace Warning (blacklisting): cannot open /sbin/strace: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/su: Permission denied Warning (blacklisting): cannot open /usr/sbin/su: Permission denied Warning (blacklisting): cannot open /sbin/su: Permission denied Disable /bin/su Warning (blacklisting): cannot open /usr/local/sbin/sudo: Permission denied Warning (blacklisting): cannot open /usr/sbin/sudo: Permission denied Disable /usr/bin/sudo Warning (blacklisting): cannot open /sbin/sudo: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/tcpdump: Permission denied Warning (blacklisting): cannot open /usr/sbin/tcpdump: Permission denied Warning (blacklisting): cannot open /sbin/tcpdump: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/umount: Permission denied Warning (blacklisting): cannot open /usr/sbin/umount: Permission denied Warning (blacklisting): cannot open /sbin/umount: Permission denied Disable /bin/umount Warning (blacklisting): cannot open /usr/local/sbin/unix_chkpwd: Permission denied Warning (blacklisting): cannot open /usr/sbin/unix_chkpwd: Permission denied Warning (blacklisting): cannot open /sbin/unix_chkpwd: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/xev: Permission denied Warning (blacklisting): cannot open /usr/sbin/xev: Permission denied Disable /usr/bin/xev Warning (blacklisting): cannot open /sbin/xev: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/xinput: Permission denied Warning (blacklisting): cannot open /usr/sbin/xinput: Permission denied Disable /usr/bin/xinput Warning (blacklisting): cannot open /sbin/xinput: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/passwd: Permission denied Warning (blacklisting): cannot open /usr/sbin/passwd: Permission denied Disable /bin/passwd (requested /usr/bin/passwd) Warning (blacklisting): cannot open /sbin/passwd: Permission denied Disable /bin/passwd Warning (blacklisting): cannot open /usr/local/sbin/suexec: Permission denied Warning (blacklisting): cannot open /usr/sbin/suexec: Permission denied Warning (blacklisting): cannot open /sbin/suexec: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/slock: Permission denied Warning (blacklisting): cannot open /usr/sbin/slock: Permission denied Warning (blacklisting): cannot open /sbin/slock: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/physlock: Permission denied Warning (blacklisting): cannot open /usr/sbin/physlock: Permission denied Warning (blacklisting): cannot open /sbin/physlock: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/schroot: Permission denied Warning (blacklisting): cannot open /usr/sbin/schroot: Permission denied Warning (blacklisting): cannot open /sbin/schroot: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/wshowkeys: Permission denied Warning (blacklisting): cannot open /usr/sbin/wshowkeys: Permission denied Warning (blacklisting): cannot open /sbin/wshowkeys: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/pmount: Permission denied Warning (blacklisting): cannot open /usr/sbin/pmount: Permission denied Warning (blacklisting): cannot open /sbin/pmount: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/pumount: Permission denied Warning (blacklisting): cannot open /usr/sbin/pumount: Permission denied Warning (blacklisting): cannot open /sbin/pumount: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/bmon: Permission denied Warning (blacklisting): cannot open /usr/sbin/bmon: Permission denied Warning (blacklisting): cannot open /sbin/bmon: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/fping: Permission denied Warning (blacklisting): cannot open /usr/sbin/fping: Permission denied Warning (blacklisting): cannot open /sbin/fping: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/fping6: Permission denied Warning (blacklisting): cannot open /usr/sbin/fping6: Permission denied Warning (blacklisting): cannot open /sbin/fping6: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/hostname: Permission denied Warning (blacklisting): cannot open /usr/sbin/hostname: Permission denied Warning (blacklisting): cannot open /sbin/hostname: Permission denied Disable /bin/hostname Warning (blacklisting): cannot open /usr/local/sbin/mtr: Permission denied Warning (blacklisting): cannot open /usr/sbin/mtr: Permission denied Warning (blacklisting): cannot open /sbin/mtr: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/mtr-packet: Permission denied Warning (blacklisting): cannot open /usr/sbin/mtr-packet: Permission denied Warning (blacklisting): cannot open /sbin/mtr-packet: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/netstat: Permission denied Warning (blacklisting): cannot open /usr/sbin/netstat: Permission denied Warning (blacklisting): cannot open /sbin/netstat: Permission denied Disable /bin/netstat Warning (blacklisting): cannot open /usr/local/sbin/nm-online: Permission denied Warning (blacklisting): cannot open /usr/sbin/nm-online: Permission denied Warning (blacklisting): cannot open /sbin/nm-online: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/nmcli: Permission denied Warning (blacklisting): cannot open /usr/sbin/nmcli: Permission denied Warning (blacklisting): cannot open /sbin/nmcli: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/nmtui: Permission denied Warning (blacklisting): cannot open /usr/sbin/nmtui: Permission denied Warning (blacklisting): cannot open /sbin/nmtui: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/nmtui-connect: Permission denied Warning (blacklisting): cannot open /usr/sbin/nmtui-connect: Permission denied Warning (blacklisting): cannot open /sbin/nmtui-connect: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/nmtui-edit: Permission denied Warning (blacklisting): cannot open /usr/sbin/nmtui-edit: Permission denied Warning (blacklisting): cannot open /sbin/nmtui-edit: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/nmtui-hostname: Permission denied Warning (blacklisting): cannot open /usr/sbin/nmtui-hostname: Permission denied Warning (blacklisting): cannot open /sbin/nmtui-hostname: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/networkctl: Permission denied Warning (blacklisting): cannot open /usr/sbin/networkctl: Permission denied Warning (blacklisting): cannot open /sbin/networkctl: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/ss: Permission denied Warning (blacklisting): cannot open /usr/sbin/ss: Permission denied Warning (blacklisting): cannot open /sbin/ss: Permission denied Disable /bin/ss Warning (blacklisting): cannot open /usr/local/sbin/traceroute: Permission denied Warning (blacklisting): cannot open /usr/sbin/traceroute: Permission denied Disable /usr/bin/traceroute Warning (blacklisting): cannot open /sbin/traceroute: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/gnome-terminal: Permission denied Warning (blacklisting): cannot open /usr/sbin/gnome-terminal: Permission denied Warning (blacklisting): cannot open /sbin/gnome-terminal: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/gnome-terminal.wrapper: Permission denied Warning (blacklisting): cannot open /usr/sbin/gnome-terminal.wrapper: Permission denied Warning (blacklisting): cannot open /sbin/gnome-terminal.wrapper: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/kgx: Permission denied Warning (blacklisting): cannot open /usr/sbin/kgx: Permission denied Warning (blacklisting): cannot open /sbin/kgx: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/lilyterm: Permission denied Warning (blacklisting): cannot open /usr/sbin/lilyterm: Permission denied Warning (blacklisting): cannot open /sbin/lilyterm: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/lxterminal: Permission denied Warning (blacklisting): cannot open /usr/sbin/lxterminal: Permission denied Warning (blacklisting): cannot open /sbin/lxterminal: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/mate-terminal: Permission denied Warning (blacklisting): cannot open /usr/sbin/mate-terminal: Permission denied Warning (blacklisting): cannot open /sbin/mate-terminal: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/mate-terminal.wrapper: Permission denied Warning (blacklisting): cannot open /usr/sbin/mate-terminal.wrapper: Permission denied Warning (blacklisting): cannot open /sbin/mate-terminal.wrapper: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/pantheon-terminal: Permission denied Warning (blacklisting): cannot open /usr/sbin/pantheon-terminal: Permission denied Warning (blacklisting): cannot open /sbin/pantheon-terminal: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/roxterm: Permission denied Warning (blacklisting): cannot open /usr/sbin/roxterm: Permission denied Warning (blacklisting): cannot open /sbin/roxterm: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/roxterm-config: Permission denied Warning (blacklisting): cannot open /usr/sbin/roxterm-config: Permission denied Warning (blacklisting): cannot open /sbin/roxterm-config: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/terminix: Permission denied Warning (blacklisting): cannot open /usr/sbin/terminix: Permission denied Warning (blacklisting): cannot open /sbin/terminix: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/tilix: Permission denied Warning (blacklisting): cannot open /usr/sbin/tilix: Permission denied Warning (blacklisting): cannot open /sbin/tilix: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/urxvtc: Permission denied Warning (blacklisting): cannot open /usr/sbin/urxvtc: Permission denied Warning (blacklisting): cannot open /sbin/urxvtc: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/urxvtcd: Permission denied Warning (blacklisting): cannot open /usr/sbin/urxvtcd: Permission denied Warning (blacklisting): cannot open /sbin/urxvtcd: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/xfce4-terminal: Permission denied Warning (blacklisting): cannot open /usr/sbin/xfce4-terminal: Permission denied Disable /usr/bin/xfce4-terminal Warning (blacklisting): cannot open /sbin/xfce4-terminal: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/xfce4-terminal.wrapper: Permission denied Warning (blacklisting): cannot open /usr/sbin/xfce4-terminal.wrapper: Permission denied Warning (blacklisting): cannot open /sbin/xfce4-terminal.wrapper: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/bwrap: Permission denied Warning (blacklisting): cannot open /usr/sbin/bwrap: Permission denied Disable /usr/bin/bwrap Warning (blacklisting): cannot open /sbin/bwrap: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/snap: Permission denied Warning (blacklisting): cannot open /usr/sbin/snap: Permission denied Warning (blacklisting): cannot open /sbin/snap: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/snapctl: Permission denied Warning (blacklisting): cannot open /usr/sbin/snapctl: Permission denied Warning (blacklisting): cannot open /sbin/snapctl: Permission denied Disable /proc/config.gz Warning (blacklisting): cannot open /usr/local/sbin/dig: Permission denied Warning (blacklisting): cannot open /usr/sbin/dig: Permission denied Disable /usr/bin/dig Warning (blacklisting): cannot open /sbin/dig: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/dlint: Permission denied Warning (blacklisting): cannot open /usr/sbin/dlint: Permission denied Warning (blacklisting): cannot open /sbin/dlint: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/dns2tcp: Permission denied Warning (blacklisting): cannot open /usr/sbin/dns2tcp: Permission denied Warning (blacklisting): cannot open /sbin/dns2tcp: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/dnssec-*: Permission denied Warning (blacklisting): cannot open /usr/sbin/dnssec-*: Permission denied Disable /usr/bin/dnssec-keygen Disable /usr/bin/dnssec-signzone Disable /usr/bin/dnssec-verify Disable /usr/bin/dnssec-importkey Disable /usr/bin/dnssec-dsfromkey Disable /usr/bin/dnssec-settime Disable /usr/bin/dnssec-keyfromlabel Disable /usr/bin/dnssec-revoke Warning (blacklisting): cannot open /sbin/dnssec-*: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/dnswalk: Permission denied Warning (blacklisting): cannot open /usr/sbin/dnswalk: Permission denied Warning (blacklisting): cannot open /sbin/dnswalk: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/drill: Permission denied Warning (blacklisting): cannot open /usr/sbin/drill: Permission denied Warning (blacklisting): cannot open /sbin/drill: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/host: Permission denied Warning (blacklisting): cannot open /usr/sbin/host: Permission denied Disable /usr/bin/host Warning (blacklisting): cannot open /sbin/host: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/iodine: Permission denied Warning (blacklisting): cannot open /usr/sbin/iodine: Permission denied Warning (blacklisting): cannot open /sbin/iodine: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/kdig: Permission denied Warning (blacklisting): cannot open /usr/sbin/kdig: Permission denied Warning (blacklisting): cannot open /sbin/kdig: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/khost: Permission denied Warning (blacklisting): cannot open /usr/sbin/khost: Permission denied Warning (blacklisting): cannot open /sbin/khost: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/knsupdate: Permission denied Warning (blacklisting): cannot open /usr/sbin/knsupdate: Permission denied Warning (blacklisting): cannot open /sbin/knsupdate: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/ldns-*: Permission denied Warning (blacklisting): cannot open /usr/sbin/ldns-*: Permission denied Warning (blacklisting): cannot open /sbin/ldns-*: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/ldnsd: Permission denied Warning (blacklisting): cannot open /usr/sbin/ldnsd: Permission denied Warning (blacklisting): cannot open /sbin/ldnsd: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/nslookup: Permission denied Warning (blacklisting): cannot open /usr/sbin/nslookup: Permission denied Disable /usr/bin/nslookup Warning (blacklisting): cannot open /sbin/nslookup: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/resolvectl: Permission denied Warning (blacklisting): cannot open /usr/sbin/resolvectl: Permission denied Warning (blacklisting): cannot open /sbin/resolvectl: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/unbound-host: Permission denied Warning (blacklisting): cannot open /usr/sbin/unbound-host: Permission denied Warning (blacklisting): cannot open /sbin/unbound-host: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/ftp: Permission denied Warning (blacklisting): cannot open /usr/sbin/ftp: Permission denied Warning (blacklisting): cannot open /sbin/ftp: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/ssh: Permission denied Warning (blacklisting): cannot open /usr/sbin/ssh: Permission denied Disable /usr/bin/ssh Warning (blacklisting): cannot open /sbin/ssh: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/telnet: Permission denied Warning (blacklisting): cannot open /usr/sbin/telnet: Permission denied Warning (blacklisting): cannot open /sbin/telnet: Permission denied Not blacklist /home/quentin/.VSCodium Not blacklist /home/quentin/.ammonite Disable /home/quentin/.android Disable /home/quentin/.audacity-data Disable /home/quentin/.bogofilter Not blacklist /home/quentin/.bundle Disable /home/quentin/.cache/0ad Disable /home/quentin/.cache/MusicBrainz Disable /home/quentin/.cache/Tox Disable /home/quentin/.cache/babl Disable /home/quentin/.cache/evolution Disable /home/quentin/.cache/falkon Disable /home/quentin/.cache/font-manager Disable /home/quentin/.cache/gegl-0.4 Disable /home/quentin/.cache/gimp Disable /home/quentin/.cache/inkscape Disable /home/quentin/.cache/keepassxc Disable /home/quentin/.cache/librewolf Disable /home/quentin/.cache/midori Disable /home/quentin/.cache/moonchild productions/pale moon Disable /home/quentin/.cache/mozilla Disable /home/quentin/.cache/pip Disable /home/quentin/.cache/psi Disable /home/quentin/.cache/supertuxkart Disable /home/quentin/.cache/thunderbird Disable /home/quentin/.cache/vlc Disable /home/quentin/.cache/winetricks Disable /home/quentin/.cache/youtube-dl Disable /home/quentin/.cache/yt-dlp Not blacklist /home/quentin/.cargo Disable /home/quentin/.config/0ad Not blacklist /home/quentin/.config/Code Not blacklist /home/quentin/.config/Code - OSS Not blacklist /home/quentin/.config/Electron Disable /home/quentin/.config/GIMP Disable /home/quentin/.config/Meltytech Disable /home/quentin/.config/Mousepad Disable /home/quentin/.config/Mumble Disable /home/quentin/.config/MusicBrainz Disable /home/quentin/.config/Seafile Disable /home/quentin/.config/Thunar Not blacklist /home/quentin/.config/VSCodium Disable /home/quentin/.config/aacs Disable /home/quentin/.config/abiword Disable /home/quentin/.config/atril Disable /home/quentin/.config/audacious Disable /home/quentin/.config/catfish Disable /home/quentin/.config/clipit Disable /home/quentin/.config/deadbeef Not blacklist /home/quentin/.config/electron*-flag*.conf Disable /home/quentin/.config/enchant Disable /home/quentin/.config/evolution Disable /home/quentin/.config/filezilla Disable /home/quentin/.config/flameshot Disable /home/quentin/.config/font-manager Disable /home/quentin/.config/galculator Disable /home/quentin/.config/gconf Disable /home/quentin/.config/geany Not blacklist /home/quentin/.config/git Disable /home/quentin/.config/globaltime Disable /home/quentin/.config/gpicview Disable /home/quentin/.config/hexchat Disable /home/quentin/.config/inkscape Not blacklist /home/quentin/.config/jgit Disable /home/quentin/.config/keepassxc Disable /home/quentin/.config/kritarc Disable /home/quentin/.config/leafpad Disable /home/quentin/.config/libreoffice Disable /home/quentin/.config/midori Disable /home/quentin/.config/mpv Disable /home/quentin/.config/obs-studio Disable /home/quentin/.config/orage Disable /home/quentin/.config/pcmanfm Disable /home/quentin/.config/qpdfview Disable /home/quentin/.config/ristretto Disable /home/quentin/.config/sqlitebrowser Disable /home/quentin/.config/supertuxkart Disable /home/quentin/.config/tox Disable /home/quentin/.config/vlc Disable /home/quentin/.config/xfburn Disable /home/quentin/.config/xfce4/xfce4-notes.gtkrc Disable /home/quentin/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml Disable /home/quentin/.dia Disable /home/quentin/.elinks Disable /home/quentin/.etr Disable /home/quentin/.fltk Not blacklist /home/quentin/.g8 Not blacklist /home/quentin/.gitconfig Not blacklist /home/quentin/.gradle Disable /home/quentin/.hedgewars Not blacklist /home/quentin/.ivy2 Not blacklist /home/quentin/.java Disable /home/quentin/.librewolf Disable /home/quentin/.local/share/0ad Disable /home/quentin/.local/share/Mumble Disable /home/quentin/.local/share/clipit Disable /home/quentin/.local/share/evolution Disable /home/quentin/.local/share/krita Disable /home/quentin/.local/share/meld Disable /home/quentin/.local/share/notes Disable /home/quentin/.local/share/orage Disable /home/quentin/.local/share/psi Disable /home/quentin/.local/share/qpdfview Disable /home/quentin/.local/share/supertux2 Disable /home/quentin/.local/share/supertuxkart Disable /home/quentin/.local/share/telepathy Disable /home/quentin/.local/share/vlc Disable /home/quentin/.moonchild productions/basilisk Disable /home/quentin/.moonchild productions/pale moon Disable /home/quentin/.mozilla Disable /home/quentin/.mplayer Not blacklist /home/quentin/.node-gyp Not blacklist /home/quentin/.npm Not blacklist /home/quentin/.npmrc Not blacklist /home/quentin/.nvm Disable /home/quentin/.openshot_qt Disable /home/quentin/.pingus Disable /home/quentin/.purple Not blacklist /home/quentin/.pylint.d Disable /home/quentin/.retroshare Not blacklist /home/quentin/.sbt Disable /home/quentin/.steam Disable /home/quentin/.thunderbird Not blacklist /home/quentin/.vscode Not blacklist /home/quentin/.vscode-oss Disable /home/quentin/.weechat Disable /home/quentin/.wget-hsts Disable /home/quentin/.xonotic Not blacklist /home/quentin/.yarn Not blacklist /home/quentin/.yarn-config Not blacklist /home/quentin/.yarncache Not blacklist /home/quentin/.yarnrc Disable /home/quentin/Seafile/.seafile-data Mounting tmpfs on /home/quentin/.cache, check owner: yes 1023 766 0:73 / /home/quentin/.cache rw,nosuid,nodev,relatime - tmpfs tmpfs rw,mode=755,uid=1000,gid=1000 mountid=1023 fsname=/ dir=/home/quentin/.cache fstype=tmpfs Mounting read-only /tmp/.X11-unix 1024 811 8:2 /tmp/.X11-unix /tmp/.X11-unix ro,nosuid,nodev,noexec,relatime - ext4 /dev/root rw,discard mountid=1024 fsname=/tmp/.X11-unix dir=/tmp/.X11-unix fstype=ext4 Disable /sys/fs Disable /sys/module disable pulseaudio disable pipewire Current directory: /home/quentin DISPLAY=:0.0 parsed as 0 Mounting read-only /run/firejail/mnt/seccomp 2435 748 0:63 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755 mountid=2435 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs Seccomp directory: ls /run/firejail/mnt/seccomp drwxr-xr-x root root 120 . drwxr-xr-x root root 220 .. -rw-r--r-- quentin quentin 640 seccomp -rw-r--r-- quentin quentin 432 seccomp.32 -rw-r--r-- quentin quentin 0 seccomp.postexec -rw-r--r-- quentin quentin 0 seccomp.postexec32 No active seccomp files Set caps filter 240000 NO_NEW_PRIVS set Drop privileges: pid 1, uid 1000, gid 1000, force_nogroups 0 Supplementary groups: 35 7 Closing non-standard file descriptors Starting application LD_PRELOAD=(null) execvp argument 0: vscodium Child process initialized in 65.29 ms Searching $PATH for vscodium trying #/home/quentin/.local/bin/vscodium# trying #/home/quentin/.local/bin/vscodium# trying #/usr/local/sbin/vscodium# trying #/usr/local/bin/vscodium# Warning: an existing sandbox was detected. /usr/bin/vscodium will run without any additional sandboxing features monitoring pid 2 Sandbox monitor: waitpid 2 retval 2 status 0 Sandbox monitor: monitoring 19 monitoring pid 19 Sandbox monitor: waitpid 19 retval 19 status 0 Sandbox monitor: monitoring 22 monitoring pid 22 Sandbox monitor: waitpid 22 retval 22 status 0 Sandbox monitor: monitoring 23 monitoring pid 23 Sandbox monitor: waitpid 23 retval 23 status 0 Parent is shutting down, bye... ```

glitsj16 commented 1 year ago

I am running on Gentoo on a x86 64bit computer. On this configuration (and widely available hardware), lib directories are named lib64 on Gentoo.

Thank you for reporting! I'm marking this as a bug. Can you open a PR to add the lib64 directories for Gentoo support?

kmk3 commented 1 year ago

I am running on Gentoo on a x86 64bit computer. On this configuration (and widely available hardware), lib directories are named lib64 on Gentoo.

Thank you for reporting! I'm marking this as a bug. Can you open a PR to add the lib64 directories for Gentoo support?

If I understand this correctly, every /usr/lib profile entry would also need a /usr/lib64 entry?

In that case I think it would make more sense to add a ${LIB} macro and replace the existing /usr/lib usage with it.

CaseOf commented 1 year ago

I am running on Gentoo on a x86 64bit computer. On this configuration (and widely available hardware), lib directories are named lib64 on Gentoo.

Thank you for reporting! I'm marking this as a bug. Can you open a PR to add the lib64 directories for Gentoo support?

If I understand this correctly, every /usr/lib profile entry would also need a /usr/lib64 entry?

In that case I think it would make more sense to add a ${LIB} macro and replace the existing /usr/lib usage with it.

That's it. This change makes sense to me to handle every distro path.