Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

lyx profile seems to be broken #3777

Closed
2 tasks
dx-0 opened this issue Nov 27, 2020 · 3 comments
Closed
2 tasks

lyx profile seems to be broken #3777

dx-0 opened this issue Nov 27, 2020 · 3 comments

Comments

@dx-0
Copy link

dx-0 commented Nov 27, 2020

Bug and expected behavior
If I want to start lyx in firejail, I get the following error message and lyx does not start:
(lyx:15): dbind-WARNING **: 09:48:51.198: Couldn't connect to accessibility bus: Failed to connect to socket /tmp/dbus-79qfGHVXDX: Connection refused dbus[15]: D-Bus library appears to be incorrectly set up: see the manual page for dbus-uuidgen to correct this issue. (Failed to open "/var/lib/dbus/machine-id": No such file or directory; Failed to open "/etc/machine-id": No such file or directory) D-Bus not built with -rdynamic so unable to print a backtrace
Expected behaviour: Lyx should start.

No profile and disabling firejail

  • What changed calling firejail --noprofile /path/to/program in a terminal?

Lyx starts as expected.

  • What changed calling the program by path (check which <program> or firejail --list while the sandbox is running)?

160274:flo::firejail --noprofile lyx

Reproduce
Steps to reproduce the behavior:

  1. Run in bash firejail lyx
  2. See error (lyx:15): dbind-WARNING **: 09:48:51.198: Couldn't connect to accessibility bus: Failed to connect to socket /tmp/dbus-79qfGHVXDX: Connection refused dbus[15]: D-Bus library appears to be incorrectly set up: see the manual page for dbus-uuidgen to correct this issue. (Failed to open "/var/lib/dbus/machine-id": No such file or directory; Failed to open "/etc/machine-id": No such file or directory) D-Bus not built with -rdynamic so unable to print a backtrace

Environment

  • Ubuntu 20.04.1 LTS Kernel 5.4.0-54-generic
  • Firejail version 0.9.64

Additional context
There was no problem with the profile in Ubuntu 18.04 (I can't remember the firejail version)

Checklist

  • [ x] The upstream profile (and redirect profile if exists) have no changes fixing it.
  • [ x] The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
  • [ ?] Programs needed for interaction are listed in the profile.
  • [ x] A short search for duplicates was performed.
  • If it is a AppImage, --profile=PROFILENAME is used to set the right profile.
  • Used LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 PROGRAM to get english error-messages.
debug output 
firejail --debug lyx
Autoselecting /bin/bash as shell
Building quoted command line: 'lyx' 
Command name #lyx#
Found lyx.profile profile in /etc/firejail directory
Reading profile /etc/firejail/lyx.profile
Found allow-lua.inc profile in /etc/firejail directory
Reading profile /etc/firejail/allow-lua.inc
Found allow-perl.inc profile in /etc/firejail directory
Reading profile /etc/firejail/allow-perl.inc
Found allow-python2.inc profile in /etc/firejail directory
Reading profile /etc/firejail/allow-python2.inc
Found allow-python3.inc profile in /etc/firejail directory
Reading profile /etc/firejail/allow-python3.inc
Found whitelist-usr-share-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Found latex-common.profile profile in /etc/firejail directory
Reading profile /etc/firejail/latex-common.profile
Found disable-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-common.inc
Found disable-devel.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-devel.inc
Found disable-exec.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-exec.inc
Found disable-interpreters.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-interpreters.inc
Found disable-passwdmgr.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-passwdmgr.inc
Found disable-programs.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-programs.inc
Found whitelist-runuser-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-runuser-common.inc
Found whitelist-var-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-var-common.inc
DISPLAY=:0 parsed as 0
Parent pid 160096, child pid 160097
Initializing child process
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp directory
Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file
sbox run: /run/firejail/lib/fnet ifup lo 
Set caps filter 3000
Network namespace enabled, only loopback interface available
Build protocol filter: unix
sbox run: /run/firejail/lib/fseccomp protocol build unix /run/firejail/mnt/seccomp/seccomp.protocol 
Dropping all capabilities
Drop privileges: pid 3, uid 1000, gid 1000, nogroups 1
No supplementary groups
Mounting /proc filesystem representing the PID namespace
Basic read-only filesystem:
Mounting read-only /etc
3288 3232 253:1 /etc /etc ro,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3288 fsname=/etc dir=/etc fstype=ext4
Mounting noexec /etc
3289 3288 253:1 /etc /etc ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3289 fsname=/etc dir=/etc fstype=ext4
Mounting read-only /var
3290 3232 253:1 /var /var ro,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3290 fsname=/var dir=/var fstype=ext4
Mounting noexec /var
3291 3290 253:1 /var /var ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3291 fsname=/var dir=/var fstype=ext4
Mounting read-only /usr
3292 3232 253:1 /usr /usr ro,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3292 fsname=/usr dir=/usr fstype=ext4
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Mounting tmpfs on /var/lib/dhcp
Mounting tmpfs on /var/lib/snmp
Mounting tmpfs on /var/lib/sudo
Create the new utmp file
Mount the new utmp file
Generating a new machine-id
installing a new /etc/machine-id
Cleaning /home directory
Cleaning /run/user directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /home/flo/.config/firejail
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/profile
Disable /run/firejail/x11
Mounting tmpfs on /dev
Process /dev/shm directory
Mounting tmpfs on /home/flo/.cache
3331 3304 0:171 / /home/flo/.cache rw,nosuid,nodev,relatime - tmpfs tmpfs rw,mode=700,uid=1000,gid=1000
mountid=3331 fsname=/ dir=/home/flo/.cache fstype=tmpfs
Creating empty /run/firejail/mnt/dbus directory
Creating empty /run/firejail/mnt/dbus/user file
blacklist /run/user/1000/bus
Creating empty /run/firejail/mnt/dbus/system file
blacklist /run/dbus/system_bus_socket
blacklist /run/firejail/dbus
Mounting read-only /proc/sys
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /sys/kernel/uevent_helper
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/kernel/hotplug
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/sched_debug
Disable /proc/timer_list
Disable /proc/kcore
Disable /proc/kallsyms
Disable /usr/lib/modules (requested /lib/modules)
Disable /usr/lib/debug
Disable /boot
Disable /run/user/1000/gnupg
Disable /run/user/1000/systemd
Disable /proc/kmsg
Copying files in the new /etc directory:
copying /etc/alternatives to private /etc
Creating empty /run/firejail/mnt/etc/alternatives directory
sbox run: /run/firejail/lib/fcopy /etc/alternatives /run/firejail/mnt/etc/alternatives 
copying /etc/dconf to private /etc
Creating empty /run/firejail/mnt/etc/dconf directory
sbox run: /run/firejail/lib/fcopy /etc/dconf /run/firejail/mnt/etc/dconf 
copying /etc/fonts to private /etc
Creating empty /run/firejail/mnt/etc/fonts directory
sbox run: /run/firejail/lib/fcopy /etc/fonts /run/firejail/mnt/etc/fonts 
copying /etc/gtk-2.0 to private /etc
Creating empty /run/firejail/mnt/etc/gtk-2.0 directory
sbox run: /run/firejail/lib/fcopy /etc/gtk-2.0 /run/firejail/mnt/etc/gtk-2.0 
copying /etc/gtk-3.0 to private /etc
Creating empty /run/firejail/mnt/etc/gtk-3.0 directory
sbox run: /run/firejail/lib/fcopy /etc/gtk-3.0 /run/firejail/mnt/etc/gtk-3.0 
Warning: file /etc/locale not found.
Warning: skipping locale for private /etc
copying /etc/locale.alias to private /etc
sbox run: /run/firejail/lib/fcopy /etc/locale.alias /run/firejail/mnt/etc 
Warning: file /etc/locale.conf not found.
Warning: skipping locale.conf for private /etc
Warning: file /etc/lyx not found.
Warning: skipping lyx for private /etc
copying /etc/mime.types to private /etc
sbox run: /run/firejail/lib/fcopy /etc/mime.types /run/firejail/mnt/etc 
copying /etc/passwd to private /etc
sbox run: /run/firejail/lib/fcopy /etc/passwd /run/firejail/mnt/etc 
copying /etc/texmf to private /etc
Creating empty /run/firejail/mnt/etc/texmf directory
sbox run: /run/firejail/lib/fcopy /etc/texmf /run/firejail/mnt/etc/texmf 
copying /etc/X11 to private /etc
Creating empty /run/firejail/mnt/etc/X11 directory
sbox run: /run/firejail/lib/fcopy /etc/X11 /run/firejail/mnt/etc/X11 
copying /etc/xdg to private /etc
Creating empty /run/firejail/mnt/etc/xdg directory
sbox run: /run/firejail/lib/fcopy /etc/xdg /run/firejail/mnt/etc/xdg 
Mount-bind /run/firejail/mnt/etc on top of /etc
Private /etc installed in 22.77 ms
Cannot find /usr/etc
Creating an empty /etc/ld.so.preload file
Debug 456: new_name #/usr/share/lyx#, whitelist
Debug 456: new_name #/usr/share/texinfo#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/texinfo
	expanded: /usr/share/texinfo
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/texlive#, whitelist
Debug 456: new_name #/usr/share/texmf-dist#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/texmf-dist
	expanded: /usr/share/texmf-dist
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/tlpkg#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/tlpkg
	expanded: /usr/share/tlpkg
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/alsa#, whitelist
Debug 456: new_name #/usr/share/applications#, whitelist
Debug 456: new_name #/usr/share/ca-certificates#, whitelist
Debug 456: new_name #/usr/share/crypto-policies#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/crypto-policies
	expanded: /usr/share/crypto-policies
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/cursors#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/cursors
	expanded: /usr/share/cursors
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/dconf#, whitelist
Debug 456: new_name #/usr/share/distro-info#, whitelist
Debug 456: new_name #/usr/share/drirc.d#, whitelist
Debug 456: new_name #/usr/share/enchant#, whitelist
Debug 456: new_name #/usr/share/enchant-2#, whitelist
Debug 456: new_name #/usr/share/file#, whitelist
Debug 456: new_name #/usr/share/fontconfig#, whitelist
Debug 456: new_name #/usr/share/fonts#, whitelist
Debug 456: new_name #/usr/share/gir-1.0#, whitelist
Debug 456: new_name #/usr/share/gjs-1.0#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/gjs-1.0
	expanded: /usr/share/gjs-1.0
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/glib-2.0#, whitelist
Debug 456: new_name #/usr/share/glvnd#, whitelist
Debug 456: new_name #/usr/share/gtk-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/gtk-2.0
	expanded: /usr/share/gtk-2.0
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/gtk-3.0#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/gtk-3.0
	expanded: /usr/share/gtk-3.0
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/gtk-engines#, whitelist
Debug 456: new_name #/usr/share/gtksourceview-3.0#, whitelist
Debug 456: new_name #/usr/share/gtksourceview-4#, whitelist
Debug 456: new_name #/usr/share/hunspell#, whitelist
Debug 456: new_name #/usr/share/hwdata#, whitelist
Debug 456: new_name #/usr/share/icons#, whitelist
Debug 456: new_name #/usr/share/icu#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/icu
	expanded: /usr/share/icu
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/knotifications5#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/knotifications5
	expanded: /usr/share/knotifications5
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/kservices5#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/kservices5
	expanded: /usr/share/kservices5
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/Kvantum#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/Kvantum
	expanded: /usr/share/Kvantum
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/kxmlgui5#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/kxmlgui5
	expanded: /usr/share/kxmlgui5
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/libdrm#, whitelist
Debug 456: new_name #/usr/share/libthai#, whitelist
Debug 456: new_name #/usr/share/locale#, whitelist
Debug 456: new_name #/usr/share/mime#, whitelist
Debug 456: new_name #/usr/share/misc#, whitelist
Debug 456: new_name #/usr/share/Modules#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/Modules
	expanded: /usr/share/Modules
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/myspell#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/myspell
	expanded: /usr/share/myspell
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/p11-kit#, whitelist
Debug 456: new_name #/usr/share/perl#, whitelist
Debug 456: new_name #/usr/share/perl5#, whitelist
Debug 456: new_name #/usr/share/pixmaps#, whitelist
Debug 456: new_name #/usr/share/pki#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/pki
	expanded: /usr/share/pki
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/plasma#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/plasma
	expanded: /usr/share/plasma
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/publicsuffix#, whitelist
Debug 456: new_name #/usr/share/qt#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/qt
	expanded: /usr/share/qt
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/qt4#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/qt4
	expanded: /usr/share/qt4
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/qt5#, whitelist
Debug 456: new_name #/usr/share/qt5ct#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/qt5ct
	expanded: /usr/share/qt5ct
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/sounds#, whitelist
Debug 456: new_name #/usr/share/tcl8.6#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/tcl8.6
	expanded: /usr/share/tcl8.6
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/tcltk#, whitelist
Debug 456: new_name #/usr/share/terminfo#, whitelist
Debug 456: new_name #/usr/share/texlive#, whitelist
Debug 456: new_name #/usr/share/texmf#, whitelist
Debug 456: new_name #/usr/share/themes#, whitelist
Debug 456: new_name #/usr/share/thumbnail.so#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/thumbnail.so
	expanded: /usr/share/thumbnail.so
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/X11#, whitelist
Debug 456: new_name #/usr/share/xml#, whitelist
Debug 456: new_name #/usr/share/zoneinfo#, whitelist
Debug 456: new_name #/var/lib#, whitelist
Debug 456: new_name #/run/user/1000/bus#, whitelist
Replaced whitelist path: whitelist /run/user/1000/bus
Debug 456: new_name #/run/user/1000/dconf#, whitelist
Replaced whitelist path: whitelist /run/user/1000/dconf
Debug 456: new_name #/run/user/1000/gdm/Xauthority#, whitelist
Replaced whitelist path: whitelist /run/user/1000/gdm/Xauthority
Debug 456: new_name #/run/user/1000/ICEauthority#, whitelist
Replaced whitelist path: whitelist /run/user/1000/ICEauthority
Debug 456: new_name #/run/user/1000/.mutter-Xwaylandauth.*#, whitelist
Removed whitelist/nowhitelist path: whitelist ${RUNUSER}/.mutter-Xwaylandauth.*
	expanded: /run/user/1000/.mutter-Xwaylandauth.*
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/run/user/1000/pulse/native#, whitelist
Replaced whitelist path: whitelist /run/user/1000/pulse/native
Debug 456: new_name #/run/user/1000/wayland-0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${RUNUSER}/wayland-0
	expanded: /run/user/1000/wayland-0
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/var/lib/ca-certificates#, whitelist
Removed whitelist/nowhitelist path: whitelist /var/lib/ca-certificates
	expanded: /var/lib/ca-certificates
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/var/lib/dbus#, whitelist
Debug 456: new_name #/var/lib/menu-xdg#, whitelist
Removed whitelist/nowhitelist path: whitelist /var/lib/menu-xdg
	expanded: /var/lib/menu-xdg
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/var/lib/uim#, whitelist
Removed whitelist/nowhitelist path: whitelist /var/lib/uim
	expanded: /var/lib/uim
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/var/cache/fontconfig#, whitelist
Debug 456: new_name #/var/tmp#, whitelist
Debug 456: new_name #/var/run#, whitelist
Replaced whitelist path: whitelist /run
Debug 456: new_name #/var/lock#, whitelist
Replaced whitelist path: whitelist /run/lock
Mounting tmpfs on /var directory
Mounting tmpfs on /usr/share directory
Mounting tmpfs on /run/user/1000 directory
Whitelisting /usr/share/lyx
3356 3349 253:1 /usr/share/lyx /usr/share/lyx ro,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3356 fsname=/usr/share/lyx dir=/usr/share/lyx fstype=ext4
Whitelisting /usr/share/texlive
3357 3349 253:1 /usr/share/texlive /usr/share/texlive ro,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3357 fsname=/usr/share/texlive dir=/usr/share/texlive fstype=ext4
Whitelisting /usr/share/alsa
3358 3349 253:1 /usr/share/alsa /usr/share/alsa ro,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3358 fsname=/usr/share/alsa dir=/usr/share/alsa fstype=ext4
Whitelisting /usr/share/applications
3359 3349 253:1 /usr/share/applications /usr/share/applications ro,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3359 fsname=/usr/share/applications dir=/usr/share/applications fstype=ext4
Whitelisting /usr/share/ca-certificates
3360 3349 253:1 /usr/share/ca-certificates /usr/share/ca-certificates ro,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3360 fsname=/usr/share/ca-certificates dir=/usr/share/ca-certificates fstype=ext4
Whitelisting /usr/share/dconf
3361 3349 253:1 /usr/share/dconf /usr/share/dconf ro,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3361 fsname=/usr/share/dconf dir=/usr/share/dconf fstype=ext4
Whitelisting /usr/share/distro-info
3362 3349 253:1 /usr/share/distro-info /usr/share/distro-info ro,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3362 fsname=/usr/share/distro-info dir=/usr/share/distro-info fstype=ext4
Whitelisting /usr/share/drirc.d
3363 3349 253:1 /usr/share/drirc.d /usr/share/drirc.d ro,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3363 fsname=/usr/share/drirc.d dir=/usr/share/drirc.d fstype=ext4
Whitelisting /usr/share/enchant
3364 3349 253:1 /usr/share/enchant /usr/share/enchant ro,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3364 fsname=/usr/share/enchant dir=/usr/share/enchant fstype=ext4
Whitelisting /usr/share/enchant-2
3365 3349 253:1 /usr/share/enchant-2 /usr/share/enchant-2 ro,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3365 fsname=/usr/share/enchant-2 dir=/usr/share/enchant-2 fstype=ext4
Whitelisting /usr/share/file
3366 3349 253:1 /usr/share/file /usr/share/file ro,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3366 fsname=/usr/share/file dir=/usr/share/file fstype=ext4
Whitelisting /usr/share/fontconfig
3367 3349 253:1 /usr/share/fontconfig /usr/share/fontconfig ro,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3367 fsname=/usr/share/fontconfig dir=/usr/share/fontconfig fstype=ext4
Whitelisting /usr/share/fonts
3368 3349 253:1 /usr/share/fonts /usr/share/fonts ro,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3368 fsname=/usr/share/fonts dir=/usr/share/fonts fstype=ext4
Whitelisting /usr/share/gir-1.0
3369 3349 253:1 /usr/share/gir-1.0 /usr/share/gir-1.0 ro,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3369 fsname=/usr/share/gir-1.0 dir=/usr/share/gir-1.0 fstype=ext4
Whitelisting /usr/share/glib-2.0
3370 3349 253:1 /usr/share/glib-2.0 /usr/share/glib-2.0 ro,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3370 fsname=/usr/share/glib-2.0 dir=/usr/share/glib-2.0 fstype=ext4
Whitelisting /usr/share/glvnd
3371 3349 253:1 /usr/share/glvnd /usr/share/glvnd ro,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3371 fsname=/usr/share/glvnd dir=/usr/share/glvnd fstype=ext4
Whitelisting /usr/share/gtk-engines
3372 3349 253:1 /usr/share/gtk-engines /usr/share/gtk-engines ro,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3372 fsname=/usr/share/gtk-engines dir=/usr/share/gtk-engines fstype=ext4
Whitelisting /usr/share/gtksourceview-3.0
3373 3349 253:1 /usr/share/gtksourceview-3.0 /usr/share/gtksourceview-3.0 ro,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3373 fsname=/usr/share/gtksourceview-3.0 dir=/usr/share/gtksourceview-3.0 fstype=ext4
Whitelisting /usr/share/gtksourceview-4
3374 3349 253:1 /usr/share/gtksourceview-4 /usr/share/gtksourceview-4 ro,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3374 fsname=/usr/share/gtksourceview-4 dir=/usr/share/gtksourceview-4 fstype=ext4
Whitelisting /usr/share/hunspell
3375 3349 253:1 /usr/share/hunspell /usr/share/hunspell ro,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3375 fsname=/usr/share/hunspell dir=/usr/share/hunspell fstype=ext4
Whitelisting /usr/share/hwdata
3376 3349 253:1 /usr/share/hwdata /usr/share/hwdata ro,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3376 fsname=/usr/share/hwdata dir=/usr/share/hwdata fstype=ext4
Whitelisting /usr/share/icons
3377 3349 253:1 /usr/share/icons /usr/share/icons ro,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3377 fsname=/usr/share/icons dir=/usr/share/icons fstype=ext4
Whitelisting /usr/share/libdrm
3378 3349 253:1 /usr/share/libdrm /usr/share/libdrm ro,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3378 fsname=/usr/share/libdrm dir=/usr/share/libdrm fstype=ext4
Whitelisting /usr/share/libthai
3379 3349 253:1 /usr/share/libthai /usr/share/libthai ro,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3379 fsname=/usr/share/libthai dir=/usr/share/libthai fstype=ext4
Whitelisting /usr/share/locale
3380 3349 253:1 /usr/share/locale /usr/share/locale ro,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3380 fsname=/usr/share/locale dir=/usr/share/locale fstype=ext4
Whitelisting /usr/share/mime
3381 3349 253:1 /usr/share/mime /usr/share/mime ro,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3381 fsname=/usr/share/mime dir=/usr/share/mime fstype=ext4
Whitelisting /usr/share/misc
3382 3349 253:1 /usr/share/misc /usr/share/misc ro,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3382 fsname=/usr/share/misc dir=/usr/share/misc fstype=ext4
Whitelisting /usr/share/p11-kit
3383 3349 253:1 /usr/share/p11-kit /usr/share/p11-kit ro,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3383 fsname=/usr/share/p11-kit dir=/usr/share/p11-kit fstype=ext4
Whitelisting /usr/share/perl
3384 3349 253:1 /usr/share/perl /usr/share/perl ro,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3384 fsname=/usr/share/perl dir=/usr/share/perl fstype=ext4
Whitelisting /usr/share/perl5
3385 3349 253:1 /usr/share/perl5 /usr/share/perl5 ro,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3385 fsname=/usr/share/perl5 dir=/usr/share/perl5 fstype=ext4
Whitelisting /usr/share/pixmaps
3386 3349 253:1 /usr/share/pixmaps /usr/share/pixmaps ro,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3386 fsname=/usr/share/pixmaps dir=/usr/share/pixmaps fstype=ext4
Whitelisting /usr/share/publicsuffix
3387 3349 253:1 /usr/share/publicsuffix /usr/share/publicsuffix ro,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3387 fsname=/usr/share/publicsuffix dir=/usr/share/publicsuffix fstype=ext4
Whitelisting /usr/share/qt5
3388 3349 253:1 /usr/share/qt5 /usr/share/qt5 ro,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3388 fsname=/usr/share/qt5 dir=/usr/share/qt5 fstype=ext4
Whitelisting /usr/share/sounds
3389 3349 253:1 /usr/share/sounds /usr/share/sounds ro,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3389 fsname=/usr/share/sounds dir=/usr/share/sounds fstype=ext4
Whitelisting /usr/share/tcltk
3390 3349 253:1 /usr/share/tcltk /usr/share/tcltk ro,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3390 fsname=/usr/share/tcltk dir=/usr/share/tcltk fstype=ext4
Whitelisting /usr/share/terminfo
3391 3349 253:1 /usr/share/terminfo /usr/share/terminfo ro,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3391 fsname=/usr/share/terminfo dir=/usr/share/terminfo fstype=ext4
Whitelisting /usr/share/texlive
3392 3357 253:1 /usr/share/texlive /usr/share/texlive ro,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3392 fsname=/usr/share/texlive dir=/usr/share/texlive fstype=ext4
Whitelisting /usr/share/texmf
3393 3349 253:1 /usr/share/texmf /usr/share/texmf ro,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3393 fsname=/usr/share/texmf dir=/usr/share/texmf fstype=ext4
Whitelisting /usr/share/themes
3394 3349 253:1 /usr/share/themes /usr/share/themes ro,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3394 fsname=/usr/share/themes dir=/usr/share/themes fstype=ext4
Whitelisting /usr/share/X11
3395 3349 253:1 /usr/share/X11 /usr/share/X11 ro,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3395 fsname=/usr/share/X11 dir=/usr/share/X11 fstype=ext4
Whitelisting /usr/share/xml
3396 3349 253:1 /usr/share/xml /usr/share/xml ro,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3396 fsname=/usr/share/xml dir=/usr/share/xml fstype=ext4
Whitelisting /usr/share/zoneinfo
3397 3349 253:1 /usr/share/zoneinfo /usr/share/zoneinfo ro,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3397 fsname=/usr/share/zoneinfo dir=/usr/share/zoneinfo fstype=ext4
Whitelisting /var/lib
3401 3398 0:164 / /var/lib/sudo rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755
mountid=3401 fsname=/ dir=/var/lib/sudo fstype=tmpfs
Whitelisting /run/user/1000/bus
3402 3355 0:25 /firejail/firejail.ro.file /run/user/1000/bus rw,nosuid,nodev,noexec,relatime master:5 - tmpfs tmpfs rw,size=1611140k,mode=755
mountid=3402 fsname=/firejail/firejail.ro.file dir=/run/user/1000/bus fstype=tmpfs
Whitelisting /run/user/1000/dconf
3403 3355 0:55 /dconf /run/user/1000/dconf rw,nosuid,nodev,relatime master:916 - tmpfs tmpfs rw,size=1611136k,mode=700,uid=1000,gid=1000
mountid=3403 fsname=/dconf dir=/run/user/1000/dconf fstype=tmpfs
Whitelisting /run/user/1000/gdm/Xauthority
3404 3355 0:55 /gdm/Xauthority /run/user/1000/gdm/Xauthority rw,nosuid,nodev,relatime master:916 - tmpfs tmpfs rw,size=1611136k,mode=700,uid=1000,gid=1000
mountid=3404 fsname=/gdm/Xauthority dir=/run/user/1000/gdm/Xauthority fstype=tmpfs
Whitelisting /run/user/1000/ICEauthority
3405 3355 0:55 /ICEauthority /run/user/1000/ICEauthority rw,nosuid,nodev,relatime master:916 - tmpfs tmpfs rw,size=1611136k,mode=700,uid=1000,gid=1000
mountid=3405 fsname=/ICEauthority dir=/run/user/1000/ICEauthority fstype=tmpfs
Whitelisting /run/user/1000/pulse/native
3406 3355 0:55 /pulse/native /run/user/1000/pulse/native rw,nosuid,nodev,relatime master:916 - tmpfs tmpfs rw,size=1611136k,mode=700,uid=1000,gid=1000
mountid=3406 fsname=/pulse/native dir=/run/user/1000/pulse/native fstype=tmpfs
Whitelisting /var/lib/dbus
3407 3398 253:1 /var/lib/dbus /var/lib/dbus ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3407 fsname=/var/lib/dbus dir=/var/lib/dbus fstype=ext4
Whitelisting /var/cache/fontconfig
3408 3347 253:1 /var/cache/fontconfig /var/cache/fontconfig ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3408 fsname=/var/cache/fontconfig dir=/var/cache/fontconfig fstype=ext4
Whitelisting /var/tmp
3409 3347 0:160 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw
mountid=3409 fsname=/ dir=/var/tmp fstype=tmpfs
Created symbolic link /var/run -> /run
Created symbolic link /var/lock -> /run/lock
Disable /home/flo/.local/share/Trash
Disable /home/flo/.bash_history
Disable /home/flo/.config/autostart
Disable /etc/X11/Xsession.d
Disable /etc/xdg/autostart
Disable /home/flo/.local/share/gnome-shell
Mounting read-only /home/flo/.config/dconf
3419 3304 253:1 /home/flo/.config/dconf /home/flo/.config/dconf ro,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3419 fsname=/home/flo/.config/dconf dir=/home/flo/.config/dconf fstype=ext4
Disable /var/lib/systemd
Disable /usr/bin/systemd-run
Disable /usr/bin/systemd-run (requested /bin/systemd-run)
Disable /var/lib/apt
Disable /var/lib/upower
Disable /run/acpid.socket (requested /var/run/acpid.socket)
Mounting read-only /home/flo/.bash_logout
3426 3304 253:1 /home/flo/.bash_logout /home/flo/.bash_logout ro,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3426 fsname=/home/flo/.bash_logout dir=/home/flo/.bash_logout fstype=ext4
Mounting read-only /home/flo/.bashrc
3427 3304 253:1 /home/flo/.bashrc /home/flo/.bashrc ro,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3427 fsname=/home/flo/.bashrc dir=/home/flo/.bashrc fstype=ext4
Mounting read-only /home/flo/.pam_environment
3428 3304 253:1 /home/flo/.pam_environment /home/flo/.pam_environment ro,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3428 fsname=/home/flo/.pam_environment dir=/home/flo/.pam_environment fstype=ext4
Mounting read-only /home/flo/.profile
3429 3304 253:1 /home/flo/.profile /home/flo/.profile ro,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3429 fsname=/home/flo/.profile dir=/home/flo/.profile fstype=ext4
Mounting read-only /home/flo/.local/share/applications
3430 3304 253:1 /home/flo/.local/share/applications /home/flo/.local/share/applications ro,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3430 fsname=/home/flo/.local/share/applications dir=/home/flo/.local/share/applications fstype=ext4
Mounting read-only /home/flo/.config/mimeapps.list
3431 3304 253:1 /home/flo/.config/mimeapps.list /home/flo/.config/mimeapps.list ro,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3431 fsname=/home/flo/.config/mimeapps.list dir=/home/flo/.config/mimeapps.list fstype=ext4
Mounting read-only /home/flo/.config/user-dirs.dirs
3432 3304 253:1 /home/flo/.config/user-dirs.dirs /home/flo/.config/user-dirs.dirs ro,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3432 fsname=/home/flo/.config/user-dirs.dirs dir=/home/flo/.config/user-dirs.dirs fstype=ext4
Mounting read-only /home/flo/.config/user-dirs.locale
3433 3304 253:1 /home/flo/.config/user-dirs.locale /home/flo/.config/user-dirs.locale ro,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3433 fsname=/home/flo/.config/user-dirs.locale dir=/home/flo/.config/user-dirs.locale fstype=ext4
Disable /home/flo/.gnupg
Disable /home/flo/.local/share/keyrings
Disable /home/flo/.pki
Disable /home/flo/.local/share/pki
Disable /home/flo/.ssh
Disable /usr/sbin (requested /sbin)
Disable /usr/local/sbin
Disable /usr/sbin
Disable /usr/bin/busybox
Disable /usr/bin/busybox (requested /bin/busybox)
Disable /usr/bin/chage
Disable /usr/bin/chage (requested /bin/chage)
Disable /usr/bin/chfn
Disable /usr/bin/chfn (requested /bin/chfn)
Disable /usr/bin/chsh
Disable /usr/bin/chsh (requested /bin/chsh)
Disable /usr/bin/crontab
Disable /usr/bin/crontab (requested /bin/crontab)
Disable /usr/bin/expiry
Disable /usr/bin/expiry (requested /bin/expiry)
Disable /usr/bin/fusermount
Disable /usr/bin/fusermount (requested /bin/fusermount)
Disable /usr/bin/gpasswd
Disable /usr/bin/gpasswd (requested /bin/gpasswd)
Disable /usr/bin/mount
Disable /usr/bin/mount (requested /bin/mount)
Disable /usr/bin/nc.openbsd (requested /usr/bin/nc)
Disable /usr/bin/nc.openbsd (requested /bin/nc)
Disable /usr/bin/newgrp
Disable /usr/bin/newgrp (requested /bin/newgrp)
Disable /usr/bin/ntfs-3g
Disable /usr/bin/ntfs-3g (requested /bin/ntfs-3g)
Disable /usr/bin/pkexec
Disable /usr/bin/pkexec (requested /bin/pkexec)
Disable /usr/bin/newgrp (requested /usr/bin/sg)
Disable /usr/bin/newgrp (requested /bin/sg)
Disable /usr/bin/strace
Disable /usr/bin/strace (requested /bin/strace)
Disable /usr/bin/su
Disable /usr/bin/su (requested /bin/su)
Disable /usr/bin/sudo
Disable /usr/bin/sudo (requested /bin/sudo)
Disable /usr/bin/umount
Disable /usr/bin/umount (requested /bin/umount)
Disable /usr/bin/xev
Disable /usr/bin/xev (requested /bin/xev)
Disable /usr/bin/xinput
Disable /usr/bin/xinput (requested /bin/xinput)
Disable /usr/bin/gnome-terminal
Disable /usr/bin/gnome-terminal (requested /bin/gnome-terminal)
Disable /usr/bin/gnome-terminal.wrapper
Disable /usr/bin/gnome-terminal.wrapper (requested /bin/gnome-terminal.wrapper)
Disable /home/flo/.local/share/flatpak/db
Disable /usr/bin/bwrap
Disable /usr/bin/bwrap (requested /bin/bwrap)
Disable /usr/bin/dig
Disable /usr/bin/dig (requested /bin/dig)
Disable /usr/bin/nslookup
Disable /usr/bin/nslookup (requested /bin/nslookup)
Disable /usr/bin/host
Disable /usr/bin/host (requested /bin/host)
Disable /usr/bin/resolvectl
Disable /usr/bin/resolvectl (requested /bin/resolvectl)
Disable /usr/bin/x86_64-linux-gnu-cpp-9 (requested /usr/bin/cpp-9)
Disable /usr/bin/x86_64-linux-gnu-cpp-9 (requested /usr/bin/cpp)
Disable /usr/bin/x86_64-linux-gnu-cpp-9 (requested /bin/cpp-9)
Disable /usr/bin/x86_64-linux-gnu-cpp-9 (requested /bin/cpp)
Disable /usr/bin/gdb
Disable /usr/bin/gdb (requested /bin/gdb)
Disable /usr/lib/jvm/java-11-openjdk-amd64/bin/java (requested /usr/bin/java)
Disable /usr/lib/jvm/java-11-openjdk-amd64/bin/java (requested /bin/java)
Disable /usr/bin/openssl
Disable /usr/bin/openssl (requested /bin/openssl)
Disable /usr/lib/valgrind
Disable /usr/src
Disable /usr/local/src
Not blacklist /usr/include
Disable /usr/local/include
Mounting noexec /home/flo
3532 3511 0:25 /firejail/firejail.ro.dir /home/flo/.local/share/flatpak/db rw,nosuid,nodev,noexec,relatime master:5 - tmpfs tmpfs rw,size=1611140k,mode=755
mountid=3532 fsname=/firejail/firejail.ro.dir dir=/home/flo/.local/share/flatpak/db fstype=tmpfs
Mounting noexec /home/flo/.cache
3533 3513 0:171 / /home/flo/.cache rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,mode=700,uid=1000,gid=1000
mountid=3533 fsname=/ dir=/home/flo/.cache fstype=tmpfs
Mounting noexec /home/flo/.config/dconf
3534 3518 253:1 /home/flo/.config/dconf /home/flo/.config/dconf ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3534 fsname=/home/flo/.config/dconf dir=/home/flo/.config/dconf fstype=ext4
Mounting noexec /home/flo/.bash_logout
3535 3519 253:1 /home/flo/.bash_logout /home/flo/.bash_logout ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3535 fsname=/home/flo/.bash_logout dir=/home/flo/.bash_logout fstype=ext4
Mounting noexec /home/flo/.bashrc
3536 3520 253:1 /home/flo/.bashrc /home/flo/.bashrc ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3536 fsname=/home/flo/.bashrc dir=/home/flo/.bashrc fstype=ext4
Mounting noexec /home/flo/.pam_environment
3537 3521 253:1 /home/flo/.pam_environment /home/flo/.pam_environment ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3537 fsname=/home/flo/.pam_environment dir=/home/flo/.pam_environment fstype=ext4
Mounting noexec /home/flo/.profile
3538 3522 253:1 /home/flo/.profile /home/flo/.profile ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3538 fsname=/home/flo/.profile dir=/home/flo/.profile fstype=ext4
Mounting noexec /home/flo/.local/share/applications
3539 3523 253:1 /home/flo/.local/share/applications /home/flo/.local/share/applications ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3539 fsname=/home/flo/.local/share/applications dir=/home/flo/.local/share/applications fstype=ext4
Mounting noexec /home/flo/.config/mimeapps.list
3540 3524 253:1 /home/flo/.config/mimeapps.list /home/flo/.config/mimeapps.list ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3540 fsname=/home/flo/.config/mimeapps.list dir=/home/flo/.config/mimeapps.list fstype=ext4
Mounting noexec /home/flo/.config/user-dirs.dirs
3541 3525 253:1 /home/flo/.config/user-dirs.dirs /home/flo/.config/user-dirs.dirs ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3541 fsname=/home/flo/.config/user-dirs.dirs dir=/home/flo/.config/user-dirs.dirs fstype=ext4
Mounting noexec /home/flo/.config/user-dirs.locale
3542 3526 253:1 /home/flo/.config/user-dirs.locale /home/flo/.config/user-dirs.locale ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3542 fsname=/home/flo/.config/user-dirs.locale dir=/home/flo/.config/user-dirs.locale fstype=ext4
Mounting noexec /run/user/1000
3548 3543 0:55 /pulse/native /run/user/1000/pulse/native rw,nosuid,nodev,relatime master:916 - tmpfs tmpfs rw,size=1611136k,mode=700,uid=1000,gid=1000
mountid=3548 fsname=/pulse/native dir=/run/user/1000/pulse/native fstype=tmpfs
Mounting noexec /run/user/1000/dconf
3549 3545 0:55 /dconf /run/user/1000/dconf rw,nosuid,nodev,noexec,relatime master:916 - tmpfs tmpfs rw,size=1611136k,mode=700,uid=1000,gid=1000
mountid=3549 fsname=/dconf dir=/run/user/1000/dconf fstype=tmpfs
Mounting noexec /run/user/1000/gdm/Xauthority
3550 3546 0:55 /gdm/Xauthority /run/user/1000/gdm/Xauthority rw,nosuid,nodev,noexec,relatime master:916 - tmpfs tmpfs rw,size=1611136k,mode=700,uid=1000,gid=1000
mountid=3550 fsname=/gdm/Xauthority dir=/run/user/1000/gdm/Xauthority fstype=tmpfs
Mounting noexec /run/user/1000/ICEauthority
3551 3547 0:55 /ICEauthority /run/user/1000/ICEauthority rw,nosuid,nodev,noexec,relatime master:916 - tmpfs tmpfs rw,size=1611136k,mode=700,uid=1000,gid=1000
mountid=3551 fsname=/ICEauthority dir=/run/user/1000/ICEauthority fstype=tmpfs
Mounting noexec /run/user/1000/pulse/native
3552 3548 0:55 /pulse/native /run/user/1000/pulse/native rw,nosuid,nodev,noexec,relatime master:916 - tmpfs tmpfs rw,size=1611136k,mode=700,uid=1000,gid=1000
mountid=3552 fsname=/pulse/native dir=/run/user/1000/pulse/native fstype=tmpfs
Mounting noexec /dev/shm
3553 3326 0:169 /shm /dev/shm rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755
mountid=3553 fsname=/shm dir=/dev/shm fstype=tmpfs
Mounting noexec /tmp
3554 3232 253:1 /tmp /tmp rw,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
mountid=3554 fsname=/tmp dir=/tmp fstype=ext4
Mounting noexec /var
3565 3555 0:160 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw
mountid=3565 fsname=/ dir=/var/tmp fstype=tmpfs
Disable /usr/bin/gjs-console (requested /usr/bin/gjs)
Disable /usr/bin/gjs-console (requested /bin/gjs)
Disable /usr/bin/gjs-console
Disable /usr/bin/gjs-console (requested /bin/gjs-console)
Not blacklist /usr/local/sbin/lua*
Not blacklist /usr/local/bin/lua*
Not blacklist /usr/sbin/lua*
Not blacklist /usr/bin/luajittex
Not blacklist /usr/bin/luatex
Not blacklist /usr/bin/lualatex
Not blacklist /usr/bin/lualatex-dev
Not blacklist /sbin/lua*
Not blacklist /bin/luajittex
Not blacklist /bin/luatex
Not blacklist /bin/lualatex
Not blacklist /bin/lualatex-dev
Not blacklist /usr/games/lua*
Not blacklist /usr/local/games/lua*
Not blacklist /snap/bin/lua*
Not blacklist /usr/lib/liblua*
Not blacklist /usr/lib/lua
Not blacklist /usr/share/lua*
Not blacklist /usr/local/sbin/cpan*
Not blacklist /usr/local/bin/cpan*
Not blacklist /usr/sbin/cpan*
Not blacklist /usr/bin/cpan
Not blacklist /usr/bin/cpan5.30-x86_64-linux-gnu
Not blacklist /sbin/cpan*
Not blacklist /bin/cpan
Not blacklist /bin/cpan5.30-x86_64-linux-gnu
Not blacklist /usr/games/cpan*
Not blacklist /usr/local/games/cpan*
Not blacklist /snap/bin/cpan*
Not blacklist /usr/local/sbin/core_perl
Not blacklist /usr/local/bin/core_perl
Not blacklist /usr/sbin/core_perl
Not blacklist /usr/bin/core_perl
Not blacklist /sbin/core_perl
Not blacklist /bin/core_perl
Not blacklist /usr/games/core_perl
Not blacklist /usr/local/games/core_perl
Not blacklist /snap/bin/core_perl
Not blacklist /usr/local/sbin/perl
Not blacklist /usr/local/bin/perl
Not blacklist /usr/sbin/perl
Not blacklist /usr/bin/perl
Not blacklist /sbin/perl
Not blacklist /bin/perl
Not blacklist /usr/games/perl
Not blacklist /usr/local/games/perl
Not blacklist /snap/bin/perl
Not blacklist /usr/local/sbin/site_perl
Not blacklist /usr/local/bin/site_perl
Not blacklist /usr/sbin/site_perl
Not blacklist /usr/bin/site_perl
Not blacklist /sbin/site_perl
Not blacklist /bin/site_perl
Not blacklist /usr/games/site_perl
Not blacklist /usr/local/games/site_perl
Not blacklist /snap/bin/site_perl
Not blacklist /usr/local/sbin/vendor_perl
Not blacklist /usr/local/bin/vendor_perl
Not blacklist /usr/sbin/vendor_perl
Not blacklist /usr/bin/vendor_perl
Not blacklist /sbin/vendor_perl
Not blacklist /bin/vendor_perl
Not blacklist /usr/games/vendor_perl
Not blacklist /usr/local/games/vendor_perl
Not blacklist /snap/bin/vendor_perl
Not blacklist /usr/lib/perl*
Not blacklist /usr/share/perl5
Not blacklist /usr/share/perl
Disable /usr/bin/ruby2.7 (requested /usr/bin/ruby)
Disable /usr/bin/ruby2.7 (requested /bin/ruby)
Disable /usr/lib/ruby
Not blacklist /usr/local/sbin/python2*
Not blacklist /usr/local/bin/python2*
Not blacklist /usr/sbin/python2*
Not blacklist /usr/bin/python2.7
Not blacklist /usr/bin/python2
Not blacklist /sbin/python2*
Not blacklist /bin/python2.7
Not blacklist /bin/python2
Not blacklist /usr/games/python2*
Not blacklist /usr/local/games/python2*
Not blacklist /snap/bin/python2*
Not blacklist /usr/include/python2*
Not blacklist /usr/lib/python2.7
Not blacklist /usr/local/lib/python2.7
Not blacklist /usr/share/python2*
Not blacklist /usr/local/sbin/python3*
Not blacklist /usr/local/bin/python3*
Not blacklist /usr/sbin/python3*
Not blacklist /usr/bin/python3.8
Not blacklist /usr/bin/python3
Not blacklist /sbin/python3*
Not blacklist /bin/python3.8
Not blacklist /bin/python3
Not blacklist /usr/games/python3*
Not blacklist /usr/local/games/python3*
Not blacklist /snap/bin/python3*
Not blacklist /usr/include/python3.8
Not blacklist /usr/lib/python3.8
Not blacklist /usr/lib/python3
Not blacklist /usr/lib/python3.9
Not blacklist /usr/lib64/python3*
Not blacklist /usr/local/lib/python3.8
Not blacklist /usr/share/python3*
Disable /home/flo/.config/keepassxc
Not blacklist /home/flo/.config/LyX
Disable /home/flo/.config/enchant
Disable /home/flo/.config/evolution
Disable /home/flo/.config/gedit
Disable /home/flo/.config/gnome-initial-setup-done
Disable /home/flo/.config/gnome-session
Disable /home/flo/.config/libreoffice
Disable /home/flo/.config/nautilus
Disable /home/flo/.config/nemo
Disable /home/flo/.config/vlc
Disable /home/flo/.config/yelp
Disable /home/flo/.cups
Disable /home/flo/.local/share/evolution
Disable /home/flo/.local/share/lollypop
Disable /home/flo/.local/share/nautilus
Disable /home/flo/.local/share/nemo
Disable /home/flo/.local/share/rhythmbox
Disable /home/flo/.local/share/vlc
Not blacklist /home/flo/.lyx
Disable /home/flo/.mozilla
Disable /home/flo/.thunderbird
Disable /sys/fs
Disable /sys/module
disable pulseaudio
blacklist /home/flo/.config/pulse
blacklist /run/user/1000/pulse/native
blacklist /run/user/1000/pulse
blacklist /tmp/pulse-PKdhtXMmr18n
Create the new ld.so.preload file
Blacklist violations are logged to syslog
Mount the new ld.so.preload file
Current directory: /home/flo
DISPLAY=:0 parsed as 0
Install protocol filter: unix
configuring 16 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol 
Dropping all capabilities
Drop privileges: pid 15, uid 1000, gid 1000, nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 04 00 c000003e   jeq ARCH_64 0006 (false 0002)
 0002: 20 00 00 00000000   ld  data.syscall-number
 0003: 15 01 00 00000167   jeq unknown 0005 (false 0004)
 0004: 06 00 00 7fff0000   ret ALLOW
 0005: 05 00 00 00000006   jmp 000c
 0006: 20 00 00 00000004   ld  data.architecture
 0007: 15 01 00 c000003e   jeq ARCH_64 0009 (false 0008)
 0008: 06 00 00 7fff0000   ret ALLOW
 0009: 20 00 00 00000000   ld  data.syscall-number
 000a: 15 01 00 00000029   jeq socket 000c (false 000b)
 000b: 06 00 00 7fff0000   ret ALLOW
 000c: 20 00 00 00000010   ld  data.args[0]
 000d: 15 00 01 00000001   jeq 1 000e (false 000f)
 000e: 06 00 00 7fff0000   ret ALLOW
 000f: 06 00 00 0005005f   ret ERRNO(95)
configuring 101 seccomp entries in /run/firejail/mnt/seccomp/seccomp.32
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.32 
Dropping all capabilities
Drop privileges: pid 16, uid 1000, gid 1000, nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 40000003   jeq ARCH_32 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 15 00 01 00000015   jeq 15 0005 (false 0006)
 0005: 06 00 00 00000001   ret KILL
 0006: 15 00 01 00000034   jeq 34 0007 (false 0008)
 0007: 06 00 00 00000001   ret KILL
 0008: 15 00 01 0000001a   jeq 1a 0009 (false 000a)
 0009: 06 00 00 00000001   ret KILL
 000a: 15 00 01 0000011b   jeq 11b 000b (false 000c)
 000b: 06 00 00 00000001   ret KILL
 000c: 15 00 01 00000155   jeq 155 000d (false 000e)
 000d: 06 00 00 00000001   ret KILL
 000e: 15 00 01 00000156   jeq 156 000f (false 0010)
 000f: 06 00 00 00000001   ret KILL
 0010: 15 00 01 0000007f   jeq 7f 0011 (false 0012)
 0011: 06 00 00 00000001   ret KILL
 0012: 15 00 01 00000080   jeq 80 0013 (false 0014)
 0013: 06 00 00 00000001   ret KILL
 0014: 15 00 01 0000015e   jeq 15e 0015 (false 0016)
 0015: 06 00 00 00000001   ret KILL
 0016: 15 00 01 00000081   jeq 81 0017 (false 0018)
 0017: 06 00 00 00000001   ret KILL
 0018: 15 00 01 0000006e   jeq 6e 0019 (false 001a)
 0019: 06 00 00 00000001   ret KILL
 001a: 15 00 01 00000065   jeq 65 001b (false 001c)
 001b: 06 00 00 00000001   ret KILL
 001c: 15 00 01 00000121   jeq 121 001d (false 001e)
 001d: 06 00 00 00000001   ret KILL
 001e: 15 00 01 00000057   jeq 57 001f (false 0020)
 001f: 06 00 00 00000001   ret KILL
 0020: 15 00 01 00000073   jeq 73 0021 (false 0022)
 0021: 06 00 00 00000001   ret KILL
 0022: 15 00 01 00000067   jeq 67 0023 (false 0024)
 0023: 06 00 00 00000001   ret KILL
 0024: 15 00 01 0000015b   jeq 15b 0025 (false 0026)
 0025: 06 00 00 00000001   ret KILL
 0026: 15 00 01 0000015c   jeq 15c 0027 (false 0028)
 0027: 06 00 00 00000001   ret KILL
 0028: 15 00 01 00000087   jeq 87 0029 (false 002a)
 0029: 06 00 00 00000001   ret KILL
 002a: 15 00 01 00000095   jeq 95 002b (false 002c)
 002b: 06 00 00 00000001   ret KILL
 002c: 15 00 01 0000007c   jeq 7c 002d (false 002e)
 002d: 06 00 00 00000001   ret KILL
 002e: 15 00 01 00000157   jeq 157 002f (false 0030)
 002f: 06 00 00 00000001   ret KILL
 0030: 15 00 01 000000fd   jeq fd 0031 (false 0032)
 0031: 06 00 00 00000001   ret KILL
 0032: 15 00 01 00000150   jeq 150 0033 (false 0034)
 0033: 06 00 00 00000001   ret KILL
 0034: 15 00 01 00000152   jeq 152 0035 (false 0036)
 0035: 06 00 00 00000001   ret KILL
 0036: 15 00 01 0000015d   jeq 15d 0037 (false 0038)
 0037: 06 00 00 00000001   ret KILL
 0038: 15 00 01 0000011e   jeq 11e 0039 (false 003a)
 0039: 06 00 00 00000001   ret KILL
 003a: 15 00 01 0000011f   jeq 11f 003b (false 003c)
 003b: 06 00 00 00000001   ret KILL
 003c: 15 00 01 00000120   jeq 120 003d (false 003e)
 003d: 06 00 00 00000001   ret KILL
 003e: 15 00 01 00000056   jeq 56 003f (false 0040)
 003f: 06 00 00 00000001   ret KILL
 0040: 15 00 01 00000033   jeq 33 0041 (false 0042)
 0041: 06 00 00 00000001   ret KILL
 0042: 15 00 01 0000007b   jeq 7b 0043 (false 0044)
 0043: 06 00 00 00000001   ret KILL
 0044: 15 00 01 000000d9   jeq d9 0045 (false 0046)
 0045: 06 00 00 00000001   ret KILL
 0046: 15 00 01 000000f5   jeq f5 0047 (false 0048)
 0047: 06 00 00 00000001   ret KILL
 0048: 15 00 01 000000f6   jeq f6 0049 (false 004a)
 0049: 06 00 00 00000001   ret KILL
 004a: 15 00 01 000000f7   jeq f7 004b (false 004c)
 004b: 06 00 00 00000001   ret KILL
 004c: 15 00 01 000000f8   jeq f8 004d (false 004e)
 004d: 06 00 00 00000001   ret KILL
 004e: 15 00 01 000000f9   jeq f9 004f (false 0050)
 004f: 06 00 00 00000001   ret KILL
 0050: 15 00 01 00000101   jeq 101 0051 (false 0052)
 0051: 06 00 00 00000001   ret KILL
 0052: 15 00 01 00000112   jeq 112 0053 (false 0054)
 0053: 06 00 00 00000001   ret KILL
 0054: 15 00 01 00000114   jeq 114 0055 (false 0056)
 0055: 06 00 00 00000001   ret KILL
 0056: 15 00 01 00000126   jeq 126 0057 (false 0058)
 0057: 06 00 00 00000001   ret KILL
 0058: 15 00 01 0000013d   jeq 13d 0059 (false 005a)
 0059: 06 00 00 00000001   ret KILL
 005a: 15 00 01 0000013c   jeq 13c 005b (false 005c)
 005b: 06 00 00 00000001   ret KILL
 005c: 15 00 01 0000003d   jeq 3d 005d (false 005e)
 005d: 06 00 00 00000001   ret KILL
 005e: 15 00 01 00000058   jeq 58 005f (false 0060)
 005f: 06 00 00 00000001   ret KILL
 0060: 15 00 01 000000a9   jeq a9 0061 (false 0062)
 0061: 06 00 00 00000001   ret KILL
 0062: 15 00 01 00000082   jeq 82 0063 (false 0064)
 0063: 06 00 00 00000001   ret KILL
 0064: 06 00 00 7fff0000   ret ALLOW
Dual 32/64 bit seccomp filter configured
configuring 134 seccomp entries in /run/firejail/mnt/seccomp/seccomp
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp 
Dropping all capabilities
Drop privileges: pid 17, uid 1000, gid 1000, nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 35 01 00 40000000   jge X32_ABI 0006 (false 0005)
 0005: 35 01 00 00000000   jge read 0007 (false 0006)
 0006: 06 00 00 00050001   ret ERRNO(1)
 0007: 15 00 01 0000009f   jeq adjtimex 0008 (false 0009)
 0008: 06 00 00 00000001   ret KILL
 0009: 15 00 01 00000131   jeq clock_adjtime 000a (false 000b)
 000a: 06 00 00 00000001   ret KILL
 000b: 15 00 01 000000e3   jeq clock_settime 000c (false 000d)
 000c: 06 00 00 00000001   ret KILL
 000d: 15 00 01 000000a4   jeq settimeofday 000e (false 000f)
 000e: 06 00 00 00000001   ret KILL
 000f: 15 00 01 0000009a   jeq modify_ldt 0010 (false 0011)
 0010: 06 00 00 00000001   ret KILL
 0011: 15 00 01 000000d4   jeq lookup_dcookie 0012 (false 0013)
 0012: 06 00 00 00000001   ret KILL
 0013: 15 00 01 0000012a   jeq perf_event_open 0014 (false 0015)
 0014: 06 00 00 00000001   ret KILL
 0015: 15 00 01 00000137   jeq process_vm_writev 0016 (false 0017)
 0016: 06 00 00 00000001   ret KILL
 0017: 15 00 01 000000b0   jeq delete_module 0018 (false 0019)
 0018: 06 00 00 00000001   ret KILL
 0019: 15 00 01 00000139   jeq finit_module 001a (false 001b)
 001a: 06 00 00 00000001   ret KILL
 001b: 15 00 01 000000af   jeq init_module 001c (false 001d)
 001c: 06 00 00 00000001   ret KILL
 001d: 15 00 01 000000a1   jeq chroot 001e (false 001f)
 001e: 06 00 00 00000001   ret KILL
 001f: 15 00 01 000000a5   jeq mount 0020 (false 0021)
 0020: 06 00 00 00000001   ret KILL
 0021: 15 00 01 0000009b   jeq pivot_root 0022 (false 0023)
 0022: 06 00 00 00000001   ret KILL
 0023: 15 00 01 000000a6   jeq umount2 0024 (false 0025)
 0024: 06 00 00 00000001   ret KILL
 0025: 15 00 01 0000009c   jeq _sysctl 0026 (false 0027)
 0026: 06 00 00 00000001   ret KILL
 0027: 15 00 01 000000b7   jeq afs_syscall 0028 (false 0029)
 0028: 06 00 00 00000001   ret KILL
 0029: 15 00 01 000000ae   jeq create_module 002a (false 002b)
 002a: 06 00 00 00000001   ret KILL
 002b: 15 00 01 000000b1   jeq get_kernel_syms 002c (false 002d)
 002c: 06 00 00 00000001   ret KILL
 002d: 15 00 01 000000b5   jeq getpmsg 002e (false 002f)
 002e: 06 00 00 00000001   ret KILL
 002f: 15 00 01 000000b6   jeq putpmsg 0030 (false 0031)
 0030: 06 00 00 00000001   ret KILL
 0031: 15 00 01 000000b2   jeq query_module 0032 (false 0033)
 0032: 06 00 00 00000001   ret KILL
 0033: 15 00 01 000000b9   jeq security 0034 (false 0035)
 0034: 06 00 00 00000001   ret KILL
 0035: 15 00 01 0000008b   jeq sysfs 0036 (false 0037)
 0036: 06 00 00 00000001   ret KILL
 0037: 15 00 01 000000b8   jeq tuxcall 0038 (false 0039)
 0038: 06 00 00 00000001   ret KILL
 0039: 15 00 01 00000086   jeq uselib 003a (false 003b)
 003a: 06 00 00 00000001   ret KILL
 003b: 15 00 01 00000088   jeq ustat 003c (false 003d)
 003c: 06 00 00 00000001   ret KILL
 003d: 15 00 01 000000ec   jeq vserver 003e (false 003f)
 003e: 06 00 00 00000001   ret KILL
 003f: 15 00 01 000000ad   jeq ioperm 0040 (false 0041)
 0040: 06 00 00 00000001   ret KILL
 0041: 15 00 01 000000ac   jeq iopl 0042 (false 0043)
 0042: 06 00 00 00000001   ret KILL
 0043: 15 00 01 000000f6   jeq kexec_load 0044 (false 0045)
 0044: 06 00 00 00000001   ret KILL
 0045: 15 00 01 00000140   jeq kexec_file_load 0046 (false 0047)
 0046: 06 00 00 00000001   ret KILL
 0047: 15 00 01 000000a9   jeq reboot 0048 (false 0049)
 0048: 06 00 00 00000001   ret KILL
 0049: 15 00 01 000000a7   jeq swapon 004a (false 004b)
 004a: 06 00 00 00000001   ret KILL
 004b: 15 00 01 000000a8   jeq swapoff 004c (false 004d)
 004c: 06 00 00 00000001   ret KILL
 004d: 15 00 01 00000130   jeq open_by_handle_at 004e (false 004f)
 004e: 06 00 00 00000001   ret KILL
 004f: 15 00 01 0000012f   jeq name_to_handle_at 0050 (false 0051)
 0050: 06 00 00 00000001   ret KILL
 0051: 15 00 01 000000fb   jeq ioprio_set 0052 (false 0053)
 0052: 06 00 00 00000001   ret KILL
 0053: 15 00 01 00000067   jeq syslog 0054 (false 0055)
 0054: 06 00 00 00000001   ret KILL
 0055: 15 00 01 0000012c   jeq fanotify_init 0056 (false 0057)
 0056: 06 00 00 00000001   ret KILL
 0057: 15 00 01 00000138   jeq kcmp 0058 (false 0059)
 0058: 06 00 00 00000001   ret KILL
 0059: 15 00 01 000000f8   jeq add_key 005a (false 005b)
 005a: 06 00 00 00000001   ret KILL
 005b: 15 00 01 000000f9   jeq request_key 005c (false 005d)
 005c: 06 00 00 00000001   ret KILL
 005d: 15 00 01 000000ed   jeq mbind 005e (false 005f)
 005e: 06 00 00 00000001   ret KILL
 005f: 15 00 01 00000100   jeq migrate_pages 0060 (false 0061)
 0060: 06 00 00 00000001   ret KILL
 0061: 15 00 01 00000117   jeq move_pages 0062 (false 0063)
 0062: 06 00 00 00000001   ret KILL
 0063: 15 00 01 000000fa   jeq keyctl 0064 (false 0065)
 0064: 06 00 00 00000001   ret KILL
 0065: 15 00 01 000000ce   jeq io_setup 0066 (false 0067)
 0066: 06 00 00 00000001   ret KILL
 0067: 15 00 01 000000cf   jeq io_destroy 0068 (false 0069)
 0068: 06 00 00 00000001   ret KILL
 0069: 15 00 01 000000d0   jeq io_getevents 006a (false 006b)
 006a: 06 00 00 00000001   ret KILL
 006b: 15 00 01 000000d1   jeq io_submit 006c (false 006d)
 006c: 06 00 00 00000001   ret KILL
 006d: 15 00 01 000000d2   jeq io_cancel 006e (false 006f)
 006e: 06 00 00 00000001   ret KILL
 006f: 15 00 01 000000d8   jeq remap_file_pages 0070 (false 0071)
 0070: 06 00 00 00000001   ret KILL
 0071: 15 00 01 00000143   jeq userfaultfd 0072 (false 0073)
 0072: 06 00 00 00000001   ret KILL
 0073: 15 00 01 000000a3   jeq acct 0074 (false 0075)
 0074: 06 00 00 00000001   ret KILL
 0075: 15 00 01 00000141   jeq bpf 0076 (false 0077)
 0076: 06 00 00 00000001   ret KILL
 0077: 15 00 01 000000b4   jeq nfsservctl 0078 (false 0079)
 0078: 06 00 00 00000001   ret KILL
 0079: 15 00 01 000000ab   jeq setdomainname 007a (false 007b)
 007a: 06 00 00 00000001   ret KILL
 007b: 15 00 01 000000aa   jeq sethostname 007c (false 007d)
 007c: 06 00 00 00000001   ret KILL
 007d: 15 00 01 00000099   jeq vhangup 007e (false 007f)
 007e: 06 00 00 00000001   ret KILL
 007f: 15 00 01 00000065   jeq ptrace 0080 (false 0081)
 0080: 06 00 00 00000001   ret KILL
 0081: 15 00 01 00000087   jeq personality 0082 (false 0083)
 0082: 06 00 00 00000001   ret KILL
 0083: 15 00 01 00000136   jeq process_vm_readv 0084 (false 0085)
 0084: 06 00 00 00000001   ret KILL
 0085: 06 00 00 7fff0000   ret ALLOW
seccomp filter configured
Mounting read-only /run/firejail/mnt/seccomp
3600 3285 0:158 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755
mountid=3600 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs
Seccomp directory:
ls /run/firejail/mnt/seccomp
drwxr-xr-x root     root             160 .
drwxr-xr-x root     root             420 ..
-rw-r--r-- flo      1000            1072 seccomp
-rw-r--r-- flo      1000             808 seccomp.32
-rw-r--r-- flo      1000             114 seccomp.list
-rw-r--r-- flo      1000               0 seccomp.postexec
-rw-r--r-- flo      1000               0 seccomp.postexec32
-rw-r--r-- flo      1000             128 seccomp.protocol
Active seccomp files:
cat /run/firejail/mnt/seccomp/seccomp.list
/run/firejail/mnt/seccomp/seccomp.protocol
/run/firejail/mnt/seccomp/seccomp.32
/run/firejail/mnt/seccomp/seccomp
Dropping all capabilities
noroot user namespace installed
Dropping all capabilities
NO_NEW_PRIVS set
Drop privileges: pid 1, uid 1000, gid 1000, nogroups 1
No supplementary groups
AppArmor enabled
starting application
LD_PRELOAD=(null)
execvp argument 0: lyx
Child process initialized in 182.34 ms
Searching $PATH for lyx
trying #/usr/local/sbin/lyx#
trying #/usr/local/bin/lyx#
trying #/usr/sbin/lyx#
trying #/usr/bin/lyx#
Installing /run/firejail/mnt/seccomp/seccomp seccomp filter
Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter
Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter
monitoring pid 18


(lyx:18): dbind-WARNING **: 09:55:24.640: Couldn't connect to accessibility bus: Failed to connect to socket /tmp/dbus-79qfGHVXDX: Connection refused
dbus[18]: D-Bus library appears to be incorrectly set up: see the manual page for dbus-uuidgen to correct this issue. (Failed to open "/var/lib/dbus/machine-id": No such file or directory; Failed to open "/etc/machine-id": No such file or directory)
  D-Bus not built with -rdynamic so unable to print a backtrace
Sandbox monitor: waitpid 18 retval 18 status 134

Parent is shutting down, bye...
`
@rusty-snake
Copy link
Collaborator

Can you try firejail --private-etc=machine-id lyx.

@dx-0
Copy link
Author

dx-0 commented Nov 27, 2020

With
firejail --private-etc=machine-id lyx
I get the following output:

Reading profile /etc/firejail/lyx.profile
Reading profile /etc/firejail/allow-lua.inc
Reading profile /etc/firejail/allow-perl.inc
Reading profile /etc/firejail/allow-python2.inc
Reading profile /etc/firejail/allow-python3.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/latex-common.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-runuser-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 163368, child pid 163369
Warning: skipping locale for private /etc
Warning: skipping locale.conf for private /etc
Warning: skipping lyx for private /etc
Private /etc installed in 23.34 ms
Blacklist violations are logged to syslog
Child process initialized in 166.42 ms

(lyx:16): dbind-WARNING **: 11:20:01.219: Couldn't connect to accessibility bus: Failed to connect to socket /tmp/dbus-79qfGHVXDX: Connection refused
libGL error: MESA-LOADER: failed to retrieve device information
libGL error: Version 4 or later of flush extension not found
libGL error: failed to load driver: i915
libGL error: failed to open /dev/dri/card0: No such file or directory
libGL error: failed to load driver: iris

However, lyx starts and seems to work normal.

@rusty-snake
Copy link
Collaborator

I get the following output:
However, lyx starts and seems to work normal.

That's happens if no3d is set and you use Qt programs as native Wayland clients. I don't no program which breaks with it, so we have a lot such profiles here.

@matu3ba matu3ba mentioned this issue Oct 7, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

luarocks matu3ba/firejail
2 participants
@rusty-snake @dx-0