Closed exchaex closed 8 months ago
Possibly the same cause as in #5745, #6031, #5086, #3769, #5971. Check your dbus setup.
From what I start? I don't know what to check.. New to firejail Running firejail mousepad with root does not give any warning, what should I add to mousepad.local?
Check echo $DBUS_SESSION_BUS_ADDRESS
. If it starts with /tmp/dbus-
after the unix:path=
add whitelist /tmp/dbus-*
.
It works! Thanks, I will try this with other program with same warnings
Description
Cannot edit any mousepad settings, nothing happens at all. dconf-WARNING.
Steps to Reproduce
Steps to reproduce the behavior
Expected behavior
Color scheme changed
Actual behavior
No ui behavior. lots of dconf warnings:
Behavior without a profile
No warning or errors in logs. Everything works at expected
Additional context
Any other detail that may help to understand/debug the problem
Environment
Checklist
/usr/bin/vlc
) "fixes" it).https://github.com/netblue30/firejail/issues/1139
)browser-allow-drm yes
/browser-disable-u2f no
infirejail.config
to allow DRM/U2F in browsers.--profile=PROFILENAME
to set the right profile. (Only relevant for AppImages)Log
Output of
LC_ALL=C firejail /path/to/program
``` Reading profile /etc/firejail/mousepad.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-shell.inc Reading profile /etc/firejail/whitelist-var-common.inc Warning: private-lib feature is disabled in Firejail configuration file Parent pid 12979, child pid 12980 1 program installed in 1.68 ms Warning: /sbin directory link was not blacklisted Warning: /usr/sbin directory link was not blacklisted Child process initialized in 77.84 ms Mousepad-Message: 17:20:09.635: Failed to load plugin "mousepad-plugin-gspell": libgspell-1.so.2: cannot open shared object file: No such file or directory (mousepad:7): dconf-WARNING **: 17:20:09.697: failed to commit changes to dconf: Could not connect: No such file or directory (mousepad:7): dconf-WARNING **: 17:20:09.697: failed to commit changes to dconf: Could not connect: No such file or directory Failed to create secure directory (/run/user/1000/pulse): Permission denied (mousepad:7): dconf-WARNING **: 17:20:10.806: failed to commit changes to dconf: Could not connect: No such file or directory (mousepad:7): dconf-WARNING **: 17:20:10.806: failed to commit changes to dconf: Could not connect: No such file or directory (mousepad:7): dconf-WARNING **: 17:20:10.923: failed to commit changes to dconf: Could not connect: No such file or directory (mousepad:7): dconf-WARNING **: 17:20:10.923: failed to commit changes to dconf: Could not connect: No such file or directory ```
Output of
LC_ALL=C firejail --debug /path/to/program
``` Building quoted command line: '/usr/bin/mousepad' Command name #mousepad# Found mousepad.profile profile in /etc/firejail directory Reading profile /etc/firejail/mousepad.profile Found disable-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-common.inc Found disable-devel.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-devel.inc Found disable-exec.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-exec.inc Found disable-interpreters.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-interpreters.inc Found disable-programs.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-programs.inc Found disable-shell.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-shell.inc Found whitelist-var-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-var-common.inc [profile] combined protocol list: "unix" Warning: private-lib feature is disabled in Firejail configuration file DISPLAY=:0 parsed as 0 Parent pid 13140, child pid 13141 Initializing child process PID namespace installed Mounting tmpfs on /run/firejail/mnt directory Creating empty /run/firejail/mnt/seccomp directory Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file Creating empty /run/firejail/mnt/seccomp/seccomp.namespaces file Creating empty /run/firejail/mnt/seccomp/seccomp.namespaces.32 file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file sbox run: /run/firejail/lib/fnet ifup lo Set caps filter 3000 Network namespace enabled, only loopback interface available Build protocol filter: unix sbox run: /run/firejail/lib/fseccomp protocol build unix /run/firejail/mnt/seccomp/seccomp.protocol Dropping all capabilities Drop privileges: pid 3, uid 1000, gid 1000, force_nogroups 1 No supplementary groups Mounting /proc filesystem representing the PID namespace Basic read-only filesystem: Mounting read-only /etc 360 325 259:3 /etc /etc ro,relatime - ext4 /dev/nvme0n1p3 rw mountid=360 fsname=/etc dir=/etc fstype=ext4 Mounting noexec /etc 361 360 259:3 /etc /etc ro,nosuid,nodev,noexec,relatime - ext4 /dev/nvme0n1p3 rw mountid=361 fsname=/etc dir=/etc fstype=ext4 Mounting read-only /var 362 325 259:3 /var /var ro,relatime - ext4 /dev/nvme0n1p3 rw mountid=362 fsname=/var dir=/var fstype=ext4 Mounting noexec /var 363 362 259:3 /var /var ro,nosuid,nodev,noexec,relatime - ext4 /dev/nvme0n1p3 rw mountid=363 fsname=/var dir=/var fstype=ext4 Mounting read-only /usr 364 325 259:3 /usr /usr ro,relatime - ext4 /dev/nvme0n1p3 rw mountid=364 fsname=/usr dir=/usr fstype=ext4 Mounting tmpfs on /var/lock Mounting tmpfs on /var/tmp Mounting tmpfs on /var/log Create the new utmp file Mount the new utmp file Cleaning /home directory Cleaning /run/user directory Sanitizing /etc/passwd, UID_MIN 1000 Sanitizing /etc/group, GID_MIN 1000 Disable /run/firejail/sandbox Disable /run/firejail/network Disable /run/firejail/bandwidth Disable /run/firejail/name Disable /run/firejail/profile Disable /run/firejail/x11 Mounting tmpfs on /dev mounting /run/firejail/mnt/dev/dri directory Process /dev/shm directory Copying files in the new bin directory Checking /usr/local/bin/mousepad Checking /usr/bin/mousepad sbox run: /run/firejail/lib/fcopy /usr/bin/mousepad /run/firejail/mnt/bin Mount-bind /run/firejail/mnt/bin on top of /usr/local/bin Mount-bind /run/firejail/mnt/bin on top of /usr/bin Mount-bind /run/firejail/mnt/bin on top of /bin Mount-bind /run/firejail/mnt/bin on top of /usr/local/games Mount-bind /run/firejail/mnt/bin on top of /usr/local/sbin Mount-bind /run/firejail/mnt/bin on top of /usr/sbin Mount-bind /run/firejail/mnt/bin on top of /sbin 1 program installed in 1.35 ms Generate private-tmp whitelist commands blacklist /run/firejail/dbus Mounting read-only /proc/sys Remounting /sys directory Disable /sys/firmware Disable /sys/hypervisor Disable /sys/power Disable /sys/kernel/debug Disable /sys/kernel/vmcoreinfo Disable /proc/sys/fs/binfmt_misc Disable /proc/sys/kernel/core_pattern Disable /proc/sys/kernel/modprobe Disable /proc/sysrq-trigger Disable /proc/sys/vm/panic_on_oom Disable /proc/irq Disable /proc/bus Disable /proc/timer_list Disable /proc/kcore Disable /proc/kallsyms Disable /usr/lib/modules (requested /lib/modules) Disable /boot Disable /run/user/1000/gnupg Disable /run/user/1000/systemd Disable /proc/kmsg Debug 588: whitelist /var/lib/aspell Debug 609: expanded: /var/lib/aspell Debug 620: new_name: /var/lib/aspell Debug 630: dir: /var Adding whitelist top level directory /var Removed path: whitelist /var/lib/aspell new_name: /var/lib/aspell realpath: (null) No such file or directory Debug 588: whitelist /var/lib/ca-certificates Debug 609: expanded: /var/lib/ca-certificates Debug 620: new_name: /var/lib/ca-certificates Debug 630: dir: /var Removed path: whitelist /var/lib/ca-certificates new_name: /var/lib/ca-certificates realpath: (null) No such file or directory Debug 588: whitelist /var/lib/dbus Debug 609: expanded: /var/lib/dbus Debug 620: new_name: /var/lib/dbus Debug 630: dir: /var Removed path: whitelist /var/lib/dbus new_name: /var/lib/dbus realpath: (null) No such file or directory Debug 588: whitelist /var/lib/menu-xdg Debug 609: expanded: /var/lib/menu-xdg Debug 620: new_name: /var/lib/menu-xdg Debug 630: dir: /var Removed path: whitelist /var/lib/menu-xdg new_name: /var/lib/menu-xdg realpath: (null) No such file or directory Debug 588: whitelist /var/lib/uim Debug 609: expanded: /var/lib/uim Debug 620: new_name: /var/lib/uim Debug 630: dir: /var Removed path: whitelist /var/lib/uim new_name: /var/lib/uim realpath: (null) No such file or directory Debug 588: whitelist /var/cache/fontconfig Debug 609: expanded: /var/cache/fontconfig Debug 620: new_name: /var/cache/fontconfig Debug 630: dir: /var Debug 588: whitelist /var/tmp Debug 609: expanded: /var/tmp Debug 620: new_name: /var/tmp Debug 630: dir: /var Debug 588: whitelist /var/run Debug 609: expanded: /var/run Debug 620: new_name: /var/run Debug 630: dir: /var Debug 588: whitelist /var/lock Debug 609: expanded: /var/lock Debug 620: new_name: /var/lock Debug 630: dir: /var Debug 588: whitelist /tmp/.X11-unix Debug 609: expanded: /tmp/.X11-unix Debug 620: new_name: /tmp/.X11-unix Debug 630: dir: /tmp Adding whitelist top level directory /tmp Debug 588: whitelist /tmp/sndio Debug 609: expanded: /tmp/sndio Debug 620: new_name: /tmp/sndio Debug 630: dir: /tmp Removed path: whitelist /tmp/sndio new_name: /tmp/sndio realpath: (null) No such file or directory Debug 588: whitelist /tmp/pulse-PKdhtXMmr18n Debug 609: expanded: /tmp/pulse-PKdhtXMmr18n Debug 620: new_name: /tmp/pulse-PKdhtXMmr18n Debug 630: dir: /tmp Mounting tmpfs on /var, check owner: no 401 363 0:66 / /var rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,mode=755,inode64 mountid=401 fsname=/ dir=/var fstype=tmpfs Mounting tmpfs on /tmp, check owner: no 402 325 0:67 / /tmp rw,nosuid,nodev,relatime - tmpfs tmpfs rw,inode64 mountid=402 fsname=/ dir=/tmp fstype=tmpfs Whitelisting /var/cache/fontconfig 403 401 259:3 /var/cache/fontconfig /var/cache/fontconfig ro,nosuid,nodev,noexec,relatime - ext4 /dev/nvme0n1p3 rw mountid=403 fsname=/var/cache/fontconfig dir=/var/cache/fontconfig fstype=ext4 Whitelisting /var/tmp 404 401 0:59 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw,inode64 mountid=404 fsname=/ dir=/var/tmp fstype=tmpfs Created symbolic link /var/run -> /run Created symbolic link /var/lock -> /run/lock Whitelisting /tmp/.X11-unix 405 402 259:3 /tmp/.X11-unix /tmp/.X11-unix rw,relatime - ext4 /dev/nvme0n1p3 rw mountid=405 fsname=/tmp/.X11-unix dir=/tmp/.X11-unix fstype=ext4 Whitelisting /tmp/pulse-PKdhtXMmr18n 406 402 259:3 /tmp/pulse-PKdhtXMmr18n /tmp/pulse-PKdhtXMmr18n rw,relatime - ext4 /dev/nvme0n1p3 rw mountid=406 fsname=/tmp/pulse-PKdhtXMmr18n dir=/tmp/pulse-PKdhtXMmr18n fstype=ext4 Disable /home/corinto/.bash_history Disable /home/corinto/.lesshst Disable /home/corinto/.config/autostart Disable /home/corinto/.xinitrc Disable /etc/xdg/autostart Mounting read-only /home/corinto/.Xauthority 412 371 259:3 /home/corinto/.Xauthority /home/corinto/.Xauthority ro,relatime - ext4 /dev/nvme0n1p3 rw mountid=412 fsname=/home/corinto/.Xauthority dir=/home/corinto/.Xauthority fstype=ext4 Mounting read-only /home/corinto/.config/dconf 413 371 259:3 /home/corinto/.config/dconf /home/corinto/.config/dconf ro,relatime - ext4 /dev/nvme0n1p3 rw mountid=413 fsname=/home/corinto/.config/dconf dir=/home/corinto/.config/dconf fstype=ext4 Disable /run/user/1000/systemd Disable /etc/init.d Disable /home/corinto/.config/libvirt Disable /etc/apparmor Disable /etc/apparmor.d Disable /etc/cron.daily Disable /etc/default Disable /etc/dkms Disable /etc/grub.d Disable /etc/logrotate.conf Disable /etc/logrotate.d Disable /etc/modules-load.d Disable /etc/rc.local Disable /etc/sysconfig Mounting read-only /home/corinto/.bash_logout 428 371 259:3 /home/corinto/.bash_logout /home/corinto/.bash_logout ro,relatime - ext4 /dev/nvme0n1p3 rw mountid=428 fsname=/home/corinto/.bash_logout dir=/home/corinto/.bash_logout fstype=ext4 Mounting read-only /home/corinto/.bash_profile 429 371 259:3 /home/corinto/.bash_profile /home/corinto/.bash_profile ro,relatime - ext4 /dev/nvme0n1p3 rw mountid=429 fsname=/home/corinto/.bash_profile dir=/home/corinto/.bash_profile fstype=ext4 Mounting read-only /home/corinto/.bashrc 430 371 259:3 /home/corinto/.bashrc /home/corinto/.bashrc ro,relatime - ext4 /dev/nvme0n1p3 rw mountid=430 fsname=/home/corinto/.bashrc dir=/home/corinto/.bashrc fstype=ext4 Mounting read-only /home/corinto/.local/lib 431 371 259:3 /home/corinto/.local/lib /home/corinto/.local/lib ro,relatime - ext4 /dev/nvme0n1p3 rw mountid=431 fsname=/home/corinto/.local/lib dir=/home/corinto/.local/lib fstype=ext4 Mounting read-only /home/corinto/.rustup 432 371 259:3 /home/corinto/.rustup /home/corinto/.rustup ro,relatime - ext4 /dev/nvme0n1p3 rw mountid=432 fsname=/home/corinto/.rustup dir=/home/corinto/.rustup fstype=ext4 Mounting read-only /home/corinto/.config/menus 433 371 259:3 /home/corinto/.config/menus /home/corinto/.config/menus ro,relatime - ext4 /dev/nvme0n1p3 rw mountid=433 fsname=/home/corinto/.config/menus dir=/home/corinto/.config/menus fstype=ext4 Mounting read-only /home/corinto/.gnome/apps 434 371 259:3 /home/corinto/.gnome/apps /home/corinto/.gnome/apps ro,relatime - ext4 /dev/nvme0n1p3 rw mountid=434 fsname=/home/corinto/.gnome/apps dir=/home/corinto/.gnome/apps fstype=ext4 Mounting read-only /home/corinto/.local/share/applications 435 371 259:3 /home/corinto/.local/share/applications /home/corinto/.local/share/applications ro,relatime - ext4 /dev/nvme0n1p3 rw mountid=435 fsname=/home/corinto/.local/share/applications dir=/home/corinto/.local/share/applications fstype=ext4 Mounting read-only /home/corinto/.config/mimeapps.list 436 371 259:3 /home/corinto/.config/mimeapps.list /home/corinto/.config/mimeapps.list ro,relatime - ext4 /dev/nvme0n1p3 rw mountid=436 fsname=/home/corinto/.config/mimeapps.list dir=/home/corinto/.config/mimeapps.list fstype=ext4 Mounting read-only /home/corinto/.local/share/mime 437 371 259:3 /home/corinto/.local/share/mime /home/corinto/.local/share/mime ro,relatime - ext4 /dev/nvme0n1p3 rw mountid=437 fsname=/home/corinto/.local/share/mime dir=/home/corinto/.local/share/mime fstype=ext4 Disable /etc/group- Disable /etc/gshadow Disable /etc/gshadow- Disable /etc/passwd- Disable /etc/shadow Disable /etc/shadow- Disable /etc/ssh Warning (blacklisting): cannot open /etc/ssh/*: Permission denied Disable /home/corinto/Passwords.kdbx Disable /home/corinto/.gnupg Disable /home/corinto/.local/share/pki Disable /home/corinto/.netrc Disable /home/corinto/.pki Warning: /sbin directory link was not blacklisted Disable /usr/local/sbin Warning: /usr/sbin directory link was not blacklisted Warning (blacklisting): cannot open /usr/local/sbin/at: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/busybox: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/chage: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/chfn: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/chsh: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/crontab: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/doas: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/evtest: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/expiry: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/fusermount: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/gksu: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/gksudo: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/gpasswd: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/kdesudo: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/ksu: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/mount: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/mount.ecryptfs_private: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/nc: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/ncat: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/nmap: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/newgidmap: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/newgrp: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/newuidmap: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/ntfs-3g: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/pkexec: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/procmail: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/sg: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/strace: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/su: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/sudo: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/tcpdump: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/umount: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/unix_chkpwd: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/xev: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/xinput: Permission denied Disable /usr/lib/ssh Warning (blacklisting): cannot open /usr/local/sbin/passwd: Permission denied Disable /usr/lib/dbus-1.0/dbus-daemon-launch-helper Warning (blacklisting): cannot open /usr/local/sbin/suexec: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/slock: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/physlock: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/schroot: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/wshowkeys: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/pmount: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/pumount: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/bmon: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/fping: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/fping6: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/hostname: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/mtr: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/mtr-packet: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/netstat: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/nm-online: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/nmcli: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/nmtui: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/nmtui-connect: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/nmtui-edit: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/nmtui-hostname: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/networkctl: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/ss: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/traceroute: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/gnome-terminal: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/gnome-terminal.wrapper: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/kgx: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/lilyterm: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/lxterminal: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/mate-terminal: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/mate-terminal.wrapper: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/pantheon-terminal: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/roxterm: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/roxterm-config: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/terminix: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/tilix: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/urxvtc: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/urxvtcd: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/xfce4-terminal: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/xfce4-terminal.wrapper: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/bwrap: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/snap: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/snapctl: Permission denied Disable /proc/config.gz Warning (blacklisting): cannot open /usr/local/sbin/dig: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/dlint: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/dns2tcp: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/dnssec-*: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/dnswalk: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/drill: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/host: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/iodine: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/kdig: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/khost: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/knsupdate: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/ldns-*: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/ldnsd: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/nslookup: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/resolvectl: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/unbound-host: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/ftp: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/ssh: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/telnet: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/clang*: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/lldb*: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/llvm*: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/as: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/cc: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/c++*: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/c8*: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/c9*: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/cpp*: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/g++*: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/gcc*: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/gdb: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/ld: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/*-gcc*: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/*-g++*: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/*-gcc*: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/*-g++*: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/gccgo: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/go: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/gofmt: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/java: Permission denied Disable /usr/lib/jvm/java-21-openjdk/bin/java (requested /usr/lib/jvm/default/bin/java) Warning (blacklisting): cannot open /usr/local/sbin/javac: Permission denied Disable /usr/share/java Warning (blacklisting): cannot open /usr/local/sbin/scala: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/scala3: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/scala3-compiler: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/scala3-repl: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/scalac: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/openssl: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/openssl-1.0: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/rust-gdb: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/rust-lldb: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/rustc: Permission denied Disable /home/corinto/.rustup Warning (blacklisting): cannot open /usr/local/sbin/tcc: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/x86_64-tcc: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/valgrind*: Permission denied Disable /usr/src Disable /usr/local/src Disable /usr/include Disable /usr/local/include Mounting noexec /home/corinto 484 461 0:24 /firejail/firejail.ro.dir /home/corinto/.pki ro,nosuid,nodev,relatime - tmpfs run rw,mode=755,inode64 mountid=484 fsname=/firejail/firejail.ro.dir dir=/home/corinto/.pki fstype=tmpfs Mounting noexec /home/corinto/.bash_history 485 462 0:24 /firejail/firejail.ro.file /home/corinto/.bash_history ro,nosuid,nodev,noexec,relatime - tmpfs run rw,mode=755,inode64 mountid=485 fsname=/firejail/firejail.ro.file dir=/home/corinto/.bash_history fstype=tmpfs Mounting noexec /home/corinto/.lesshst 486 463 0:24 /firejail/firejail.ro.file /home/corinto/.lesshst ro,nosuid,nodev,noexec,relatime - tmpfs run rw,mode=755,inode64 mountid=486 fsname=/firejail/firejail.ro.file dir=/home/corinto/.lesshst fstype=tmpfs Mounting noexec /home/corinto/.config/autostart 487 464 0:24 /firejail/firejail.ro.dir /home/corinto/.config/autostart ro,nosuid,nodev,noexec,relatime - tmpfs run rw,mode=755,inode64 mountid=487 fsname=/firejail/firejail.ro.dir dir=/home/corinto/.config/autostart fstype=tmpfs Mounting noexec /home/corinto/.xinitrc 488 465 0:24 /firejail/firejail.ro.file /home/corinto/.xinitrc ro,nosuid,nodev,noexec,relatime - tmpfs run rw,mode=755,inode64 mountid=488 fsname=/firejail/firejail.ro.file dir=/home/corinto/.xinitrc fstype=tmpfs Mounting noexec /home/corinto/.Xauthority 489 466 259:3 /home/corinto/.Xauthority /home/corinto/.Xauthority ro,nosuid,nodev,noexec,relatime - ext4 /dev/nvme0n1p3 rw mountid=489 fsname=/home/corinto/.Xauthority dir=/home/corinto/.Xauthority fstype=ext4 Mounting noexec /home/corinto/.config/dconf 490 467 259:3 /home/corinto/.config/dconf /home/corinto/.config/dconf ro,nosuid,nodev,noexec,relatime - ext4 /dev/nvme0n1p3 rw mountid=490 fsname=/home/corinto/.config/dconf dir=/home/corinto/.config/dconf fstype=ext4 Mounting noexec /home/corinto/.config/libvirt 491 468 0:24 /firejail/firejail.ro.dir /home/corinto/.config/libvirt ro,nosuid,nodev,noexec,relatime - tmpfs run rw,mode=755,inode64 mountid=491 fsname=/firejail/firejail.ro.dir dir=/home/corinto/.config/libvirt fstype=tmpfs Mounting noexec /home/corinto/.bash_logout 492 469 259:3 /home/corinto/.bash_logout /home/corinto/.bash_logout ro,nosuid,nodev,noexec,relatime - ext4 /dev/nvme0n1p3 rw mountid=492 fsname=/home/corinto/.bash_logout dir=/home/corinto/.bash_logout fstype=ext4 Mounting noexec /home/corinto/.bash_profile 493 470 259:3 /home/corinto/.bash_profile /home/corinto/.bash_profile ro,nosuid,nodev,noexec,relatime - ext4 /dev/nvme0n1p3 rw mountid=493 fsname=/home/corinto/.bash_profile dir=/home/corinto/.bash_profile fstype=ext4 Mounting noexec /home/corinto/.bashrc 494 471 259:3 /home/corinto/.bashrc /home/corinto/.bashrc ro,nosuid,nodev,noexec,relatime - ext4 /dev/nvme0n1p3 rw mountid=494 fsname=/home/corinto/.bashrc dir=/home/corinto/.bashrc fstype=ext4 Mounting noexec /home/corinto/.local/lib 495 472 259:3 /home/corinto/.local/lib /home/corinto/.local/lib ro,nosuid,nodev,noexec,relatime - ext4 /dev/nvme0n1p3 rw mountid=495 fsname=/home/corinto/.local/lib dir=/home/corinto/.local/lib fstype=ext4 Mounting noexec /home/corinto/.rustup 496 474 0:24 /firejail/firejail.ro.dir /home/corinto/.rustup ro,nosuid,nodev,noexec,relatime - tmpfs run rw,mode=755,inode64 mountid=496 fsname=/firejail/firejail.ro.dir dir=/home/corinto/.rustup fstype=tmpfs Mounting noexec /home/corinto/.config/menus 497 475 259:3 /home/corinto/.config/menus /home/corinto/.config/menus ro,nosuid,nodev,noexec,relatime - ext4 /dev/nvme0n1p3 rw mountid=497 fsname=/home/corinto/.config/menus dir=/home/corinto/.config/menus fstype=ext4 Mounting noexec /home/corinto/.gnome/apps 498 476 259:3 /home/corinto/.gnome/apps /home/corinto/.gnome/apps ro,nosuid,nodev,noexec,relatime - ext4 /dev/nvme0n1p3 rw mountid=498 fsname=/home/corinto/.gnome/apps dir=/home/corinto/.gnome/apps fstype=ext4 Mounting noexec /home/corinto/.local/share/applications 499 477 259:3 /home/corinto/.local/share/applications /home/corinto/.local/share/applications ro,nosuid,nodev,noexec,relatime - ext4 /dev/nvme0n1p3 rw mountid=499 fsname=/home/corinto/.local/share/applications dir=/home/corinto/.local/share/applications fstype=ext4 Mounting noexec /home/corinto/.config/mimeapps.list 500 478 259:3 /home/corinto/.config/mimeapps.list /home/corinto/.config/mimeapps.list ro,nosuid,nodev,noexec,relatime - ext4 /dev/nvme0n1p3 rw mountid=500 fsname=/home/corinto/.config/mimeapps.list dir=/home/corinto/.config/mimeapps.list fstype=ext4 Mounting noexec /home/corinto/.local/share/mime 501 479 259:3 /home/corinto/.local/share/mime /home/corinto/.local/share/mime ro,nosuid,nodev,noexec,relatime - ext4 /dev/nvme0n1p3 rw mountid=501 fsname=/home/corinto/.local/share/mime dir=/home/corinto/.local/share/mime fstype=ext4 Mounting noexec /home/corinto/Passwords.kdbx 502 480 0:24 /firejail/firejail.ro.file /home/corinto/Passwords.kdbx ro,nosuid,nodev,noexec,relatime - tmpfs run rw,mode=755,inode64 mountid=502 fsname=/firejail/firejail.ro.file dir=/home/corinto/Passwords.kdbx fstype=tmpfs Mounting noexec /home/corinto/.gnupg 503 481 0:24 /firejail/firejail.ro.dir /home/corinto/.gnupg ro,nosuid,nodev,noexec,relatime - tmpfs run rw,mode=755,inode64 mountid=503 fsname=/firejail/firejail.ro.dir dir=/home/corinto/.gnupg fstype=tmpfs Mounting noexec /home/corinto/.local/share/pki 504 482 0:24 /firejail/firejail.ro.dir /home/corinto/.local/share/pki ro,nosuid,nodev,noexec,relatime - tmpfs run rw,mode=755,inode64 mountid=504 fsname=/firejail/firejail.ro.dir dir=/home/corinto/.local/share/pki fstype=tmpfs Mounting noexec /home/corinto/.netrc 505 483 0:24 /firejail/firejail.ro.file /home/corinto/.netrc ro,nosuid,nodev,noexec,relatime - tmpfs run rw,mode=755,inode64 mountid=505 fsname=/firejail/firejail.ro.file dir=/home/corinto/.netrc fstype=tmpfs Mounting noexec /home/corinto/.pki 506 484 0:24 /firejail/firejail.ro.dir /home/corinto/.pki ro,nosuid,nodev,noexec,relatime - tmpfs run rw,mode=755,inode64 mountid=506 fsname=/firejail/firejail.ro.dir dir=/home/corinto/.pki fstype=tmpfs Mounting noexec /run/user/1000 510 509 0:24 /firejail/firejail.ro.dir /run/user/1000/systemd ro,nosuid,nodev,relatime - tmpfs run rw,mode=755,inode64 mountid=510 fsname=/firejail/firejail.ro.dir dir=/run/user/1000/systemd fstype=tmpfs Mounting noexec /run/user/1000/gnupg 511 508 0:24 /firejail/firejail.ro.dir /run/user/1000/gnupg ro,nosuid,nodev,noexec,relatime - tmpfs run rw,mode=755,inode64 mountid=511 fsname=/firejail/firejail.ro.dir dir=/run/user/1000/gnupg fstype=tmpfs Mounting noexec /run/user/1000/systemd 512 510 0:24 /firejail/firejail.ro.dir /run/user/1000/systemd ro,nosuid,nodev,noexec,relatime - tmpfs run rw,mode=755,inode64 mountid=512 fsname=/firejail/firejail.ro.dir dir=/run/user/1000/systemd fstype=tmpfs Mounting noexec /dev/shm 513 387 0:63 /shm /dev/shm rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64 mountid=513 fsname=/shm dir=/dev/shm fstype=tmpfs Mounting noexec /tmp 516 514 259:3 /tmp/pulse-PKdhtXMmr18n /tmp/pulse-PKdhtXMmr18n rw,relatime - ext4 /dev/nvme0n1p3 rw mountid=516 fsname=/tmp/pulse-PKdhtXMmr18n dir=/tmp/pulse-PKdhtXMmr18n fstype=ext4 Mounting noexec /tmp/.X11-unix 517 515 259:3 /tmp/.X11-unix /tmp/.X11-unix rw,nosuid,nodev,noexec,relatime - ext4 /dev/nvme0n1p3 rw mountid=517 fsname=/tmp/.X11-unix dir=/tmp/.X11-unix fstype=ext4 Mounting noexec /tmp/pulse-PKdhtXMmr18n 518 516 259:3 /tmp/pulse-PKdhtXMmr18n /tmp/pulse-PKdhtXMmr18n rw,nosuid,nodev,noexec,relatime - ext4 /dev/nvme0n1p3 rw mountid=518 fsname=/tmp/pulse-PKdhtXMmr18n dir=/tmp/pulse-PKdhtXMmr18n fstype=ext4 Warning (blacklisting): cannot open /usr/local/sbin/gjs: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/gjs-console: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/lua*: Permission denied Warning (blacklisting): cannot open /usr/include/lua*: Permission denied Disable /usr/lib/liblua++.so.5.4.6 (requested /usr/lib/liblua++.so) Disable /usr/lib/liblua++.so.5.4.6 (requested /usr/lib/liblua++.so.5.4) Disable /usr/lib/liblua.so.5.4.6 Disable /usr/lib/liblua.so.5.4.6 (requested /usr/lib/liblua.so) Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib/liblua.so.5.2) Disable /usr/lib/libluajit-5.1.so.2.1.1702233742 (requested /usr/lib/libluajit-5.1.so) Disable /usr/lib/liblua5.2.so.5.2.4 Disable /usr/lib/liblua.so.5.4.6 (requested /usr/lib/liblua5.4.so) Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib/liblua5.2.so.5.2) Disable /usr/lib/liblua.so.5.4.6 (requested /usr/lib/liblua.so.5.4) Disable /usr/lib/liblua++.so.5.4.6 (requested /usr/lib/liblua++5.4.so) Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib/liblua5.2.so) Disable /usr/lib/libluajit-5.1.so.2.1.1702233742 Disable /usr/lib/liblua++.so.5.4.6 Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib/liblua.so.5.2.4) Disable /usr/lib/libluajit-5.1.so.2.1.1702233742 (requested /usr/lib/libluajit-5.1.so.2) Disable /usr/lib/lua Disable /usr/lib/liblua++.so.5.4.6 (requested /usr/lib64/liblua++.so) Disable /usr/lib/liblua++.so.5.4.6 (requested /usr/lib64/liblua++.so.5.4) Disable /usr/lib/liblua.so.5.4.6 (requested /usr/lib64/liblua.so.5.4.6) Disable /usr/lib/liblua.so.5.4.6 (requested /usr/lib64/liblua.so) Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib64/liblua.so.5.2) Disable /usr/lib/libluajit-5.1.so.2.1.1702233742 (requested /usr/lib64/libluajit-5.1.so) Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib64/liblua5.2.so.5.2.4) Disable /usr/lib/liblua.so.5.4.6 (requested /usr/lib64/liblua5.4.so) Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib64/liblua5.2.so.5.2) Disable /usr/lib/liblua.so.5.4.6 (requested /usr/lib64/liblua.so.5.4) Disable /usr/lib/liblua++.so.5.4.6 (requested /usr/lib64/liblua++5.4.so) Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib64/liblua5.2.so) Disable /usr/lib/libluajit-5.1.so.2.1.1702233742 (requested /usr/lib64/libluajit-5.1.so.2.1.1702233742) Disable /usr/lib/liblua++.so.5.4.6 (requested /usr/lib64/liblua++.so.5.4.6) Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib64/liblua.so.5.2.4) Disable /usr/lib/libluajit-5.1.so.2.1.1702233742 (requested /usr/lib64/libluajit-5.1.so.2) Disable /usr/lib/lua (requested /usr/lib64/lua) Disable /usr/share/luajit-2.1 Disable /usr/share/lua Warning (blacklisting): cannot open /usr/local/sbin/node: Permission denied Warning (blacklisting): cannot open /usr/include/node: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/core_perl: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/cpan*: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/perl: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/site_perl: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/vendor_perl: Permission denied Disable /usr/lib/perl5 Disable /usr/lib/perl5 (requested /usr/lib64/perl5) Disable /usr/share/perl-image-exiftool Disable /usr/share/perl5 Warning (blacklisting): cannot open /usr/local/sbin/rxvt: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/php*: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/ruby: Permission denied Disable /usr/lib/ruby Disable /usr/lib/ruby (requested /usr/lib64/ruby) Warning (blacklisting): cannot open /usr/local/sbin/python2*: Permission denied Warning (blacklisting): cannot open /usr/include/python2*: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/python3*: Permission denied Warning (blacklisting): cannot open /usr/include/python3*: Permission denied Disable /usr/lib/python3.11 Disable /usr/lib/python3.10 Disable /usr/lib/python3.11 (requested /usr/lib64/python3.11) Disable /usr/lib/python3.10 (requested /usr/lib64/python3.10) Disable /usr/local/lib/python3.10 Disable /home/corinto/.android Disable /home/corinto/.cache/keepassxc Disable /home/corinto/.cache/mozilla Disable /home/corinto/.cargo Disable /home/corinto/.config/GIMP Disable /home/corinto/.config/Google Not blacklist /home/corinto/.config/Mousepad Disable /home/corinto/.config/Thunar Disable /home/corinto/.config/abiword Disable /home/corinto/.config/keepassxc Disable /home/corinto/.config/libreoffice Disable /home/corinto/.config/mpv Disable /home/corinto/.config/pavucontrol.ini Disable /home/corinto/.config/pcmanfm Disable /home/corinto/.config/redshift Disable /home/corinto/.config/wireshark Disable /home/corinto/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml Disable /home/corinto/.gradle Disable /home/corinto/.java Disable /home/corinto/.local/share/quadrapassel Disable /home/corinto/.mozilla Disable /home/corinto/.npm Disable /home/corinto/.wget-hsts Warning (blacklisting): cannot open /usr/local/sbin/bash: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/csh: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/dash: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/fish: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/ksh: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/mksh: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/oksh: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/sh: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/tclsh: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/tcsh: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/zsh: Permission denied Disable /etc/environment Disable /etc/profile Disable /etc/profile.d Disable /etc/shells Disable /etc/skel Disable /etc/bash Mounting read-only /tmp/.X11-unix 594 517 259:3 /tmp/.X11-unix /tmp/.X11-unix ro,nosuid,nodev,noexec,relatime - ext4 /dev/nvme0n1p3 rw mountid=594 fsname=/tmp/.X11-unix dir=/tmp/.X11-unix fstype=ext4 Disable /sys/fs Disable /sys/module disable pulseaudio blacklist /home/corinto/.config/pulse blacklist /run/user/1000/pulse/native blacklist /run/user/1000/pulse blacklist /tmp/pulse-PKdhtXMmr18n disable pipewire Current directory: /home/corinto DISPLAY=:0 parsed as 0 Install protocol filter: unix configuring 19 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol Dropping all capabilities Drop privileges: pid 5, uid 1000, gid 1000, force_nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 04 00 c000003e jeq ARCH_64 0006 (false 0002) 0002: 20 00 00 00000000 ld data.syscall-number 0003: 15 01 00 00000167 jeq unknown 0005 (false 0004) 0004: 06 00 00 7fff0000 ret ALLOW 0005: 05 00 00 00000009 jmp 000f 0006: 20 00 00 00000004 ld data.architecture 0007: 15 01 00 c000003e jeq ARCH_64 0009 (false 0008) 0008: 06 00 00 7fff0000 ret ALLOW 0009: 20 00 00 00000000 ld data.syscall-number 000a: 35 01 00 40000000 jge X32_ABI 000c (false 000b) 000b: 35 01 00 00000000 jge read 000d (false 000c) 000c: 06 00 00 00050001 ret ERRNO(1) 000d: 15 01 00 00000029 jeq socket 000f (false 000e) 000e: 06 00 00 7fff0000 ret ALLOW 000f: 20 00 00 00000010 ld data.args[0] 0010: 15 00 01 00000001 jeq 1 0011 (false 0012) 0011: 06 00 00 7fff0000 ret ALLOW 0012: 06 00 00 0005005f ret ERRNO(95) configuring 54 seccomp entries in /run/firejail/mnt/seccomp/seccomp.32 sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp.32 Dropping all capabilities Drop privileges: pid 6, uid 1000, gid 1000, force_nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 40000003 jeq ARCH_32 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 15 30 00 00000015 jeq 15 0035 (false 0005) 0005: 15 2f 00 00000034 jeq 34 0035 (false 0006) 0006: 15 2e 00 0000001a jeq 1a 0035 (false 0007) 0007: 15 2d 00 0000011b jeq 11b 0035 (false 0008) 0008: 15 2c 00 00000155 jeq 155 0035 (false 0009) 0009: 15 2b 00 00000156 jeq 156 0035 (false 000a) 000a: 15 2a 00 0000007f jeq 7f 0035 (false 000b) 000b: 15 29 00 00000080 jeq 80 0035 (false 000c) 000c: 15 28 00 0000015e jeq 15e 0035 (false 000d) 000d: 15 27 00 00000081 jeq 81 0035 (false 000e) 000e: 15 26 00 0000006e jeq 6e 0035 (false 000f) 000f: 15 25 00 00000065 jeq 65 0035 (false 0010) 0010: 15 24 00 00000121 jeq 121 0035 (false 0011) 0011: 15 23 00 00000057 jeq 57 0035 (false 0012) 0012: 15 22 00 00000073 jeq 73 0035 (false 0013) 0013: 15 21 00 00000067 jeq 67 0035 (false 0014) 0014: 15 20 00 0000015b jeq 15b 0035 (false 0015) 0015: 15 1f 00 0000015c jeq 15c 0035 (false 0016) 0016: 15 1e 00 00000087 jeq 87 0035 (false 0017) 0017: 15 1d 00 00000095 jeq 95 0035 (false 0018) 0018: 15 1c 00 0000007c jeq 7c 0035 (false 0019) 0019: 15 1b 00 00000157 jeq 157 0035 (false 001a) 001a: 15 1a 00 000000fd jeq fd 0035 (false 001b) 001b: 15 19 00 00000150 jeq 150 0035 (false 001c) 001c: 15 18 00 00000152 jeq 152 0035 (false 001d) 001d: 15 17 00 0000015d jeq 15d 0035 (false 001e) 001e: 15 16 00 0000011e jeq 11e 0035 (false 001f) 001f: 15 15 00 0000011f jeq 11f 0035 (false 0020) 0020: 15 14 00 00000120 jeq 120 0035 (false 0021) 0021: 15 13 00 00000056 jeq 56 0035 (false 0022) 0022: 15 12 00 00000033 jeq 33 0035 (false 0023) 0023: 15 11 00 0000007b jeq 7b 0035 (false 0024) 0024: 15 10 00 000000d9 jeq d9 0035 (false 0025) 0025: 15 0f 00 000000f5 jeq f5 0035 (false 0026) 0026: 15 0e 00 000000f6 jeq f6 0035 (false 0027) 0027: 15 0d 00 000000f7 jeq f7 0035 (false 0028) 0028: 15 0c 00 000000f8 jeq f8 0035 (false 0029) 0029: 15 0b 00 000000f9 jeq f9 0035 (false 002a) 002a: 15 0a 00 00000101 jeq 101 0035 (false 002b) 002b: 15 09 00 00000112 jeq 112 0035 (false 002c) 002c: 15 08 00 00000114 jeq 114 0035 (false 002d) 002d: 15 07 00 00000126 jeq 126 0035 (false 002e) 002e: 15 06 00 0000013d jeq 13d 0035 (false 002f) 002f: 15 05 00 0000013c jeq 13c 0035 (false 0030) 0030: 15 04 00 0000003d jeq 3d 0035 (false 0031) 0031: 15 03 00 00000058 jeq 58 0035 (false 0032) 0032: 15 02 00 000000a9 jeq a9 0035 (false 0033) 0033: 15 01 00 00000082 jeq 82 0035 (false 0034) 0034: 06 00 00 7fff0000 ret ALLOW 0035: 06 00 00 00050001 ret ERRNO(1) Dual 32/64 bit seccomp filter configured configuring 80 seccomp entries in /run/firejail/mnt/seccomp/seccomp sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp Dropping all capabilities Drop privileges: pid 7, uid 1000, gid 1000, force_nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005) 0005: 35 01 00 00000000 jge read 0007 (false 0006) 0006: 06 00 00 00050001 ret ERRNO(1) 0007: 15 47 00 0000009f jeq adjtimex 004f (false 0008) 0008: 15 46 00 00000131 jeq clock_adjtime 004f (false 0009) 0009: 15 45 00 000000e3 jeq clock_settime 004f (false 000a) 000a: 15 44 00 000000a4 jeq settimeofday 004f (false 000b) 000b: 15 43 00 0000009a jeq modify_ldt 004f (false 000c) 000c: 15 42 00 000000d4 jeq lookup_dcookie 004f (false 000d) 000d: 15 41 00 0000012a jeq perf_event_open 004f (false 000e) 000e: 15 40 00 000001b6 jeq pidfd_getfd 004f (false 000f) 000f: 15 3f 00 00000137 jeq process_vm_writev 004f (false 0010) 0010: 15 3e 00 000000b0 jeq delete_module 004f (false 0011) 0011: 15 3d 00 00000139 jeq finit_module 004f (false 0012) 0012: 15 3c 00 000000af jeq init_module 004f (false 0013) 0013: 15 3b 00 000000a1 jeq chroot 004f (false 0014) 0014: 15 3a 00 000001af jeq fsconfig 004f (false 0015) 0015: 15 39 00 000001b0 jeq fsmount 004f (false 0016) 0016: 15 38 00 000001ae jeq fsopen 004f (false 0017) 0017: 15 37 00 000001b1 jeq fspick 004f (false 0018) 0018: 15 36 00 000000a5 jeq mount 004f (false 0019) 0019: 15 35 00 000001ad jeq move_mount 004f (false 001a) 001a: 15 34 00 000001ac jeq open_tree 004f (false 001b) 001b: 15 33 00 0000009b jeq pivot_root 004f (false 001c) 001c: 15 32 00 000000a6 jeq umount2 004f (false 001d) 001d: 15 31 00 0000009c jeq _sysctl 004f (false 001e) 001e: 15 30 00 000000b7 jeq afs_syscall 004f (false 001f) 001f: 15 2f 00 000000ae jeq create_module 004f (false 0020) 0020: 15 2e 00 000000b1 jeq get_kernel_syms 004f (false 0021) 0021: 15 2d 00 000000b5 jeq getpmsg 004f (false 0022) 0022: 15 2c 00 000000b6 jeq putpmsg 004f (false 0023) 0023: 15 2b 00 000000b2 jeq query_module 004f (false 0024) 0024: 15 2a 00 000000b9 jeq security 004f (false 0025) 0025: 15 29 00 0000008b jeq sysfs 004f (false 0026) 0026: 15 28 00 000000b8 jeq tuxcall 004f (false 0027) 0027: 15 27 00 00000086 jeq uselib 004f (false 0028) 0028: 15 26 00 00000088 jeq ustat 004f (false 0029) 0029: 15 25 00 000000ec jeq vserver 004f (false 002a) 002a: 15 24 00 000000ad jeq ioperm 004f (false 002b) 002b: 15 23 00 000000ac jeq iopl 004f (false 002c) 002c: 15 22 00 000000f6 jeq kexec_load 004f (false 002d) 002d: 15 21 00 00000140 jeq kexec_file_load 004f (false 002e) 002e: 15 20 00 000000a9 jeq reboot 004f (false 002f) 002f: 15 1f 00 000000a7 jeq swapon 004f (false 0030) 0030: 15 1e 00 000000a8 jeq swapoff 004f (false 0031) 0031: 15 1d 00 00000130 jeq open_by_handle_at 004f (false 0032) 0032: 15 1c 00 0000012f jeq name_to_handle_at 004f (false 0033) 0033: 15 1b 00 000000fb jeq ioprio_set 004f (false 0034) 0034: 15 1a 00 00000067 jeq syslog 004f (false 0035) 0035: 15 19 00 0000012c jeq fanotify_init 004f (false 0036) 0036: 15 18 00 000000f8 jeq add_key 004f (false 0037) 0037: 15 17 00 000000f9 jeq request_key 004f (false 0038) 0038: 15 16 00 000000ed jeq mbind 004f (false 0039) 0039: 15 15 00 00000100 jeq migrate_pages 004f (false 003a) 003a: 15 14 00 00000117 jeq move_pages 004f (false 003b) 003b: 15 13 00 000000fa jeq keyctl 004f (false 003c) 003c: 15 12 00 000000ce jeq io_setup 004f (false 003d) 003d: 15 11 00 000000cf jeq io_destroy 004f (false 003e) 003e: 15 10 00 000000d0 jeq io_getevents 004f (false 003f) 003f: 15 0f 00 000000d1 jeq io_submit 004f (false 0040) 0040: 15 0e 00 000000d2 jeq io_cancel 004f (false 0041) 0041: 15 0d 00 000000d8 jeq remap_file_pages 004f (false 0042) 0042: 15 0c 00 000000ee jeq set_mempolicy 004f (false 0043) 0043: 15 0b 00 00000116 jeq vmsplice 004f (false 0044) 0044: 15 0a 00 00000143 jeq userfaultfd 004f (false 0045) 0045: 15 09 00 000000a3 jeq acct 004f (false 0046) 0046: 15 08 00 00000141 jeq bpf 004f (false 0047) 0047: 15 07 00 000000b4 jeq nfsservctl 004f (false 0048) 0048: 15 06 00 000000ab jeq setdomainname 004f (false 0049) 0049: 15 05 00 000000aa jeq sethostname 004f (false 004a) 004a: 15 04 00 00000099 jeq vhangup 004f (false 004b) 004b: 15 03 00 00000065 jeq ptrace 004f (false 004c) 004c: 15 02 00 00000087 jeq personality 004f (false 004d) 004d: 15 01 00 00000136 jeq process_vm_readv 004f (false 004e) 004e: 06 00 00 7fff0000 ret ALLOW 004f: 06 00 01 00050001 ret ERRNO(1) seccomp filter configured Build restrict-namespaces filter sbox run: /run/firejail/lib/fseccomp restrict-namespaces /run/firejail/mnt/seccomp/seccomp.namespaces cgroup,ipc,net,mnt,pid,time,user,uts Dropping all capabilities Drop privileges: pid 8, uid 1000, gid 1000, force_nogroups 1 No supplementary groups restrict-namespaces filter configured Build restrict-namespaces filter sbox run: /run/firejail/lib/fseccomp restrict-namespaces.32 /run/firejail/mnt/seccomp/seccomp.namespaces.32 cgroup,ipc,net,mnt,pid,time,user,uts Dropping all capabilities Drop privileges: pid 9, uid 1000, gid 1000, force_nogroups 1 No supplementary groups restrict-namespaces filter configured Install namespaces filter configuring 26 seccomp entries in /run/firejail/mnt/seccomp/seccomp.namespaces sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp.namespaces Dropping all capabilities Drop privileges: pid 10, uid 1000, gid 1000, force_nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005) 0005: 35 01 00 00000000 jge read 0007 (false 0006) 0006: 06 00 00 00050001 ret ERRNO(1) 0007: 15 00 04 00000038 jeq clone 0008 (false 000c) 0008: 20 00 00 00000010 ld data.args[0] 0009: 45 00 01 7e020000 jset 7e020000 000a (false 000b) 000a: 06 00 00 00050001 ret ERRNO(1) 000b: 06 00 00 7fff0000 ret ALLOW 000c: 15 00 01 000001b3 jeq 1b3 000d (false 000e) 000d: 06 00 00 00050026 ret ERRNO(38) 000e: 15 00 04 00000110 jeq 110 000f (false 0013) 000f: 20 00 00 00000010 ld data.args[0] 0010: 45 00 01 7e020080 jset 7e020080 0011 (false 0012) 0011: 06 00 00 00050001 ret ERRNO(1) 0012: 06 00 00 7fff0000 ret ALLOW 0013: 15 00 04 00000134 jeq 134 0014 (false 0018) 0014: 20 00 00 00000018 ld data.args[8] 0015: 15 01 00 00000000 jeq 0 0017 (false 0016) 0016: 45 00 01 7e020080 jset 7e020080 0017 (false 0018) 0017: 06 00 00 00050001 ret ERRNO(1) 0018: 06 00 00 7fff0000 ret ALLOW 0019: 06 00 00 7fff0000 ret ALLOW configuring 23 seccomp entries in /run/firejail/mnt/seccomp/seccomp.namespaces.32 sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp.namespaces.32 Dropping all capabilities Drop privileges: pid 11, uid 1000, gid 1000, force_nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 40000003 jeq ARCH_32 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 15 00 04 00000078 jeq 78 0005 (false 0009) 0005: 20 00 00 00000010 ld data.args[0] 0006: 45 00 01 7e020000 jset 7e020000 0007 (false 0008) 0007: 06 00 00 00050001 ret ERRNO(1) 0008: 06 00 00 7fff0000 ret ALLOW 0009: 15 00 01 000001b3 jeq 1b3 000a (false 000b) 000a: 06 00 00 00050026 ret ERRNO(38) 000b: 15 00 04 00000136 jeq 136 000c (false 0010) 000c: 20 00 00 00000010 ld data.args[0] 000d: 45 00 01 7e020080 jset 7e020080 000e (false 000f) 000e: 06 00 00 00050001 ret ERRNO(1) 000f: 06 00 00 7fff0000 ret ALLOW 0010: 15 00 04 0000015a jeq 15a 0011 (false 0015) 0011: 20 00 00 00000018 ld data.args[8] 0012: 15 01 00 00000000 jeq 0 0014 (false 0013) 0013: 45 00 01 7e020080 jset 7e020080 0014 (false 0015) 0014: 06 00 00 00050001 ret ERRNO(1) 0015: 06 00 00 7fff0000 ret ALLOW 0016: 06 00 00 7fff0000 ret ALLOW Mounting read-only /run/firejail/mnt/seccomp 601 357 0:56 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755,inode64 mountid=601 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs Seccomp directory: ls /run/firejail/mnt/seccomp drwxr-xr-x root root 200 . drwxr-xr-x root root 240 .. -rw-r--r-- corinto corinto 640 seccomp -rw-r--r-- corinto corinto 432 seccomp.32 -rw-r--r-- corinto corinto 207 seccomp.list -rw-r--r-- corinto corinto 208 seccomp.namespaces -rw-r--r-- corinto corinto 184 seccomp.namespaces.32 -rw-r--r-- corinto corinto 0 seccomp.postexec -rw-r--r-- corinto corinto 0 seccomp.postexec32 -rw-r--r-- corinto corinto 152 seccomp.protocol Active seccomp files: cat /run/firejail/mnt/seccomp/seccomp.list /run/firejail/mnt/seccomp/seccomp.protocol /run/firejail/mnt/seccomp/seccomp.32 /run/firejail/mnt/seccomp/seccomp /run/firejail/mnt/seccomp/seccomp.namespaces /run/firejail/mnt/seccomp/seccomp.namespaces.32 Dropping all capabilities nogroups command not ignored noroot user namespace installed Dropping all capabilities NO_NEW_PRIVS set Drop privileges: pid 1, uid 1000, gid 1000, force_nogroups 0 nogroups command not ignored No supplementary groups AppArmor enabled Closing non-standard file descriptors Starting application LD_PRELOAD=(null) execvp argument 0: /usr/bin/mousepad Child process initialized in 79.44 ms Installing /run/firejail/mnt/seccomp/seccomp.namespaces.32 seccomp filter Installing /run/firejail/mnt/seccomp/seccomp.namespaces seccomp filter Installing /run/firejail/mnt/seccomp/seccomp seccomp filter Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter monitoring pid 12 Mousepad-Message: 17:26:57.435: Failed to load plugin "mousepad-plugin-gspell": libgspell-1.so.2: cannot open shared object file: No such file or directory (mousepad:12): dconf-WARNING **: 17:26:57.499: failed to commit changes to dconf: Could not connect: No such file or directory (mousepad:12): dconf-WARNING **: 17:26:57.499: failed to commit changes to dconf: Could not connect: No such file or directory Failed to create secure directory (/run/user/1000/pulse): Permission denied (mousepad:12): dconf-WARNING **: 17:26:58.805: failed to commit changes to dconf: Could not connect: No such file or directory (mousepad:12): dconf-WARNING **: 17:26:58.805: failed to commit changes to dconf: Could not connect: No such file or directory (mousepad:12): dconf-WARNING **: 17:26:59.353: failed to commit changes to dconf: Could not connect: No such file or directory (mousepad:12): dconf-WARNING **: 17:26:59.353: failed to commit changes to dconf: Could not connect: No such file or directory Sandbox monitor: waitpid 12 retval 12 status 0 Parent is shutting down, bye... ```