Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

skypeforlinux fails to start on Arch Linux #4044

Closed
6 tasks done
Kishore96in opened this issue Mar 4, 2021 · 1 comment
Closed
6 tasks done

skypeforlinux fails to start on Arch Linux #4044

Kishore96in opened this issue Mar 4, 2021 · 1 comment

Comments

@Kishore96in
Copy link
Contributor

firejail skypeforlinux fails to start on Archlinux unless I add ignore apparmor to my skypeforlinux.local file. apparmor is enabled in this profile by the inclusion of electron.profile.

Reproduce
Steps to reproduce the behavior:

  1. Run in bash firejail skypeforlinux

Result
firejail skypeforlinux exits without any obvious error, but does not launch the application. Skype launches normally if I type skypeforlinux or firejail --noprofile skypeforlinux. Skype also launches in firejail if I add ignore apparmor to my skypeforlinux.local file.

Environment

  • Linux distribution and version: Arch Linux
  • Firejail version: 0.9.64.4

Checklist

  • The profile (and redirect profile if exists) hasn't already been fixed upstream.
  • The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
  • I have performed a short search for similar issues (to avoid opening a duplicate).
  • If it is a AppImage, --profile=PROFILENAME is used to set the right profile.
  • Used LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 PROGRAM to get english error-messages.
  • I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.
debug output 
OUTPUT OF `firejail --debug PROGRAM`

Autoselecting /bin/bash as shell
Building quoted command line: 'skypeforlinux'
Command name #skypeforlinux#
Found skypeforlinux.profile profile in /etc/firejail directory
Reading profile /etc/firejail/skypeforlinux.profile
Found skypeforlinux.local profile in /home/kishore/.config/firejail directory
Reading profile /home/kishore/.config/firejail/skypeforlinux.local
Found electron.profile profile in /home/kishore/.config/firejail directory
Reading profile /home/kishore/.config/firejail/electron.profile
Found disable-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-common.inc
Found disable-devel.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-devel.inc
Found disable-exec.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-exec.inc
Found disable-interpreters.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-interpreters.inc
Found disable-passwdmgr.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-passwdmgr.inc
Found disable-programs.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-programs.inc
Found disable-xdg.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-xdg.inc
DISPLAY=:0 parsed as 0
Using the local network stack
Parent pid 113012, child pid 113013
Initializing child process
Host network configured
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp directory
Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file
IBUS_ADDRESS=unix:abstract=/home/kishore/.cache/ibus/dbus-v1PGMsMf,guid=20a23992ada65edb1baa65f260409df3
IBUS_DAEMON_PID=5428
Mounting /proc filesystem representing the PID namespace
Basic read-only filesystem:
Mounting read-only /etc
1593 1446 254:2 /etc /etc ro,relatime master:1 - ext4 /dev/mapper/VolGroup-root rw
mountid=1593 fsname=/etc dir=/etc fstype=ext4
Mounting noexec /etc
1594 1593 254:2 /etc /etc ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/VolGroup-root rw
mountid=1594 fsname=/etc dir=/etc fstype=ext4
Mounting read-only /var
1595 1446 254:2 /var /var ro,relatime master:1 - ext4 /dev/mapper/VolGroup-root rw
mountid=1595 fsname=/var dir=/var fstype=ext4
Mounting noexec /var
1596 1595 254:2 /var /var ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/VolGroup-root rw
mountid=1596 fsname=/var dir=/var fstype=ext4
Mounting read-only /usr
1597 1446 254:2 /usr /usr ro,relatime master:1 - ext4 /dev/mapper/VolGroup-root rw
mountid=1597 fsname=/usr dir=/usr fstype=ext4
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Cleaning /run/user directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /home/kishore/.config/firejail
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/profile
Disable /run/firejail/x11
Disable /run/firejail/appimage
Generate private-tmp whitelist commands
blacklist /run/firejail/dbus
Mounting read-only /proc/sys
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/sched_debug
Disable /proc/timer_list
Disable /proc/kcore
Disable /proc/kallsyms
Disable /usr/lib/modules/5.11.2-arch1-1/build (requested /usr/src/linux)
Disable /usr/lib/modules (requested /lib/modules)
Disable /boot
Disable /dev/port
Disable /run/user/1000/gnupg
Disable /run/user/1000/systemd
Disable /dev/kmsg
Disable /proc/kmsg
Debug 456: new_name #/home/kishore/.config/Skype#, whitelist
Debug 571: fname #/home/kishore/.config/Skype#, cfg.homedir #/home/kishore#
Replaced whitelist path: whitelist /home/kishore/.config/Skype
Debug 456: new_name #/home/kishore/.config/skypeforlinux#, whitelist
Debug 571: fname #/home/kishore/.config/skypeforlinux#, cfg.homedir #/home/kishore#
Replaced whitelist path: whitelist /home/kishore/.config/skypeforlinux
Debug 456: new_name #/tmp/.X11-unix#, whitelist
Mounting tmpfs on /tmp directory
Drop privileges: pid 2, uid 1000, gid 1000, nogroups 0
Mounting a new /root directory
Mounting a new /home directory
Create a new user directory
Drop privileges: pid 3, uid 1000, gid 1000, nogroups 0
Drop privileges: pid 4, uid 1000, gid 1000, nogroups 0
Whitelisting /home/kishore/.config/Skype
1630 1629 254:3 /kishore/.config/Skype /home/kishore/.config/Skype rw,relatime master:74 - ext4 /dev/mapper/VolGroup-home rw
mountid=1630 fsname=/kishore/.config/Skype dir=/home/kishore/.config/Skype fstype=ext4
Whitelisting /home/kishore/.config/skypeforlinux
1631 1629 254:3 /kishore/.config/skypeforlinux /home/kishore/.config/skypeforlinux rw,relatime master:74 - ext4 /dev/mapper/VolGroup-home rw
mountid=1631 fsname=/kishore/.config/skypeforlinux dir=/home/kishore/.config/skypeforlinux fstype=ext4
Whitelisting /tmp/.X11-unix
1632 1625 0:49 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev master:70 - tmpfs tmpfs rw,nr_inodes=409600,inode64
mountid=1632 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Disable /run/media
Disable /etc/X11/Xsession.d
Disable /etc/xdg/autostart
Mounting read-only /home/kishore/.Xauthority
1638 1629 0:141 /kishore/.Xauthority /home/kishore/.Xauthority ro,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64
mountid=1638 fsname=/kishore/.Xauthority dir=/home/kishore/.Xauthority fstype=tmpfs
Disable /run/user/1000/dolphinwWnuqe.9.slave-socket
Disable /run/user/1000/dolphinQYhJcg.9.slave-socket
Disable /run/user/1000/dolphinAsBBOY.9.slave-socket
Disable /run/user/1000/okularIYGiFD.20.slave-socket
Disable /run/user/1000/okularovmVbS.18.slave-socket
Disable /run/user/1000/okularEXZquE.17.slave-socket
Disable /run/user/1000/okularapwUfF.16.slave-socket
Disable /run/user/1000/okularuEdXWn.15.slave-socket
Disable /run/user/1000/okulardjGAGh.13.slave-socket
Disable /run/user/1000/okularDVOgEX.12.slave-socket
Disable /run/user/1000/okularKxYbkw.11.slave-socket
Disable /run/user/1000/okularFPZouP.10.slave-socket
Disable /run/user/1000/okularUwRFqi.9.slave-socket
Disable /run/user/1000/dolphineHViXx.11.slave-socket
Disable /run/user/1000/dolphinWoSFmr.9.slave-socket
Disable /run/user/1000/dolphindSlnWq.9.slave-socket
Disable /run/user/1000/dolphinCmJLHn.9.slave-socket
Disable /run/user/1000/klauncherAXelIC.1.slave-socket
Disable /run/user/1000/kdeinit5__0
Disable /var/lib/systemd
Disable /usr/bin/systemd-run
Disable /run/user/1000/systemd
Disable /var/cache/libvirt
Disable /var/lib/libvirt
Disable /var/log/libvirt
Disable /var/cache/pacman
Disable /var/lib/clamav
Disable /var/lib/dkms
Disable /var/lib/pacman
Disable /var/lib/upower
Disable /var/spool/mail (requested /var/mail)
Disable /var/opt
Disable /var/spool/mail
Disable /etc/profile.d
Disable /etc/kernel
Disable /etc/grub.d
Disable /etc/dkms
Disable /etc/apparmor.d
Disable /etc/apparmor
Disable /etc/modules-load.d
Disable /etc/logrotate.d
Mounting read-only /home/kishore/.bashrc
1680 1629 0:141 /kishore/.bashrc /home/kishore/.bashrc ro,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64
mountid=1680 fsname=/kishore/.bashrc dir=/home/kishore/.bashrc fstype=tmpfs
Disable /etc/group-
Disable /etc/gshadow
Disable /etc/gshadow-
Disable /etc/passwd-
Disable /etc/shadow
Disable /etc/shadow-
Disable /etc/ssh
Warning: /sbin directory link was not blacklisted
Disable /usr/local/sbin
Warning: /usr/sbin directory link was not blacklisted
Disable /usr/bin/chage
Disable /usr/bin/chfn
Disable /usr/bin/chsh
Disable /usr/bin/expiry
Disable /usr/bin/fusermount
Disable /usr/bin/gpasswd
Disable /usr/bin/ksu
Disable /usr/bin/mount
Disable /usr/bin/ncat
Disable /usr/bin/newgidmap
Disable /usr/bin/newgrp
Disable /usr/bin/newuidmap
Disable /usr/bin/ntfs-3g
Disable /usr/bin/pkexec
Disable /usr/bin/sg
Disable /usr/bin/su
Disable /usr/bin/sudo
Disable /usr/bin/umount
Disable /usr/bin/unix_chkpwd
Disable /usr/bin/xev
Disable /usr/bin/xinput
Disable /usr/lib/virtualbox
Disable /usr/lib/virtualbox (requested /usr/lib64/virtualbox)
Warning: /run/user/1000/doc does not exist, skipping...
Disable /usr/bin/bwrap
Disable /proc/config.gz
Disable /usr/bin/drill
Disable /usr/bin/ldns-revoke
Disable /usr/bin/ldns-signzone
Disable /usr/bin/ldns-key2ds
Disable /usr/bin/ldns-gen-zone
Disable /usr/bin/ldns-rrsig
Disable /usr/bin/ldns-resolver
Disable /usr/bin/ldns-keyfetcher
Disable /usr/bin/ldns-compare-zones
Disable /usr/bin/ldns-chaos
Disable /usr/bin/ldns-keygen
Disable /usr/bin/ldns-dpa
Disable /usr/bin/ldns-update
Disable /usr/bin/ldns-testns
Disable /usr/bin/ldns-read-zone
Disable /usr/bin/ldns-walk
Disable /usr/bin/ldns-nsec3-hash
Disable /usr/bin/ldns-mx
Disable /usr/bin/ldns-zsplit
Disable /usr/bin/ldns-dane
Disable /usr/bin/ldns-config
Disable /usr/bin/ldns-zcat
Disable /usr/bin/ldns-test-edns
Disable /usr/bin/ldns-notify
Disable /usr/bin/ldns-version
Disable /usr/bin/ldns-verify-zone
Disable /usr/bin/ldnsd
Disable /usr/bin/resolvectl
Disable /run/user/1000/pipewire-0.lock
Disable /usr/bin/clang-tidy
Disable /usr/bin/clang-query
Disable /usr/bin/clang-11 (requested /usr/bin/clang++)
Disable /usr/bin/clang-extdef-mapping
Disable /usr/bin/clang-move
Disable /usr/bin/clang-11 (requested /usr/bin/clang-cl)
Disable /usr/bin/clang-refactor
Disable /usr/bin/clang-rename
Disable /usr/bin/clang-reorder-fields
Disable /usr/bin/clang-11
Disable /usr/bin/clang-offload-wrapper
Disable /usr/bin/clang-change-namespace
Disable /usr/bin/clang-offload-bundler
Disable /usr/bin/clang-11 (requested /usr/bin/clang-cpp)
Disable /usr/bin/clang-11 (requested /usr/bin/clang)
Disable /usr/bin/clangd
Disable /usr/bin/clang-format
Disable /usr/bin/clang-include-fixer
Disable /usr/bin/clang-check
Disable /usr/bin/clang-apply-replacements
Disable /usr/bin/clang-scan-deps
Disable /usr/bin/clang-doc
Disable /usr/bin/as
Disable /usr/bin/gcc (requested /usr/bin/cc)
Disable /usr/bin/c++
Disable /usr/bin/c++filt
Disable /usr/bin/c89
Disable /usr/bin/c99
Disable /usr/bin/cpp
Disable /usr/bin/cpp2html
Disable /usr/bin/g++
Disable /usr/bin/gcc-ranlib
Disable /usr/bin/gcc-nm
Disable /usr/bin/gcc
Disable /usr/bin/gcc-ar
Disable /usr/bin/gdb
Disable /usr/bin/ld
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-ranlib
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-10.2.0
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-nm
Disable /usr/bin/x86_64-pc-linux-gnu-gcc
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-ar
Disable /usr/bin/x86_64-pc-linux-gnu-g++
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-ranlib
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-10.2.0
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-nm
Disable /usr/bin/x86_64-pc-linux-gnu-gcc
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-ar
Disable /usr/bin/x86_64-pc-linux-gnu-g++
Disable /usr/lib/jvm/java-15-openjdk/bin/java (requested /usr/bin/java)
Disable /usr/lib/jvm/java-15-openjdk/bin/java (requested /usr/lib/jvm/default/bin/java)
Disable /usr/lib/jvm/java-15-openjdk/bin/javac (requested /usr/lib/jvm/default/bin/javac)
Disable /usr/share/java
Disable /usr/bin/openssl
Disable /usr/src
Disable /usr/local/src
Disable /usr/include
Disable /usr/local/include
Mounting noexec /home/kishore/.config/Skype
1801 1630 254:3 /kishore/.config/Skype /home/kishore/.config/Skype rw,nosuid,nodev,noexec,relatime master:74 - ext4 /dev/mapper/VolGroup-home rw
mountid=1801 fsname=/kishore/.config/Skype dir=/home/kishore/.config/Skype fstype=ext4
Mounting noexec /home/kishore/.config/skypeforlinux
1802 1631 254:3 /kishore/.config/skypeforlinux /home/kishore/.config/skypeforlinux rw,nosuid,nodev,noexec,relatime master:74 - ext4 /dev/mapper/VolGroup-home rw
mountid=1802 fsname=/kishore/.config/skypeforlinux dir=/home/kishore/.config/skypeforlinux fstype=ext4
Mounting noexec /run/user/1000
1827 1803 0:24 /firejail/firejail.ro.file /run/user/1000/pipewire-0.lock rw,nosuid,nodev,relatime master:14 - tmpfs run rw,mode=755,inode64
mountid=1827 fsname=/firejail/firejail.ro.file dir=/run/user/1000/pipewire-0.lock fstype=tmpfs
Warning: not remounting /run/user/1000/doc
Mounting noexec /dev/shm
1828 1551 0:26 / /dev/shm rw,nosuid,nodev,noexec master:3 - tmpfs tmpfs rw,inode64
mountid=1828 fsname=/ dir=/dev/shm fstype=tmpfs
Disable /usr/bin/lua
Disable /usr/bin/luajit-2.0.5 (requested /usr/bin/luajit)
Disable /usr/share/texmf-dist/scripts/luaotfload/luaotfload-tool.lua (requested /usr/bin/luaotfload-tool)
Disable /usr/bin/luajithbtex
Disable /usr/bin/luatex
Disable /usr/bin/lua5.3
Disable /usr/bin/lua (requested /usr/bin/lua5.4)
Disable /usr/bin/luac
Disable /usr/share/texmf-dist/scripts/context/stubs/unix/luatools (requested /usr/bin/luatools)
Disable /usr/bin/luajit-2.0.5
Disable /usr/bin/luahbtex (requested /usr/bin/lualatex)
Disable /usr/bin/luac5.3
Disable /usr/bin/luahbtex
Disable /usr/bin/lua5.2
Disable /usr/bin/luajittex
Disable /usr/bin/luac5.2
Disable /usr/bin/luac (requested /usr/bin/luac5.4)
Disable /usr/lib/liblua.so.5.4.2
Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib/liblua5.2.so)
Disable /usr/lib/liblua.so.5.4.2 (requested /usr/lib/liblua.so)
Disable /usr/lib/liblua5.2.so.5.2.4
Disable /usr/lib/liblua5.3.so.5.3.6 (requested /usr/lib/liblua.so.5.3.6)
Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib/liblua.so.5.2.4)
Disable /usr/lib/liblua.so.5.4.2 (requested /usr/lib/liblua.so.5.4)
Disable /usr/lib/libluajit-5.1.so.2.0.5
Disable /usr/lib/liblua5.3.so.5.3.6 (requested /usr/lib/liblua5.3.so)
Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib/liblua5.2.so.5.2)
Disable /usr/lib/libluajit-5.1.so.2.0.5 (requested /usr/lib/libluajit-5.1.so.2)
Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib/liblua.so.5.2)
Disable /usr/lib/liblua5.3.so.5.3.6 (requested /usr/lib/liblua.so.5.3)
Disable /usr/lib/liblua.so.5.4.2 (requested /usr/lib/liblua5.4.so)
Disable /usr/lib/liblua5.3.so.5.3.6 (requested /usr/lib/liblua5.3.so.5.3)
Disable /usr/lib/liblua5.3.so.5.3.6
Disable /usr/lib/libluajit-5.1.so.2.0.5 (requested /usr/lib/libluajit-5.1.so)
Disable /usr/lib/lua
Disable /usr/lib/liblua.so.5.4.2 (requested /usr/lib64/liblua.so.5.4.2)
Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib64/liblua5.2.so)
Disable /usr/lib/liblua.so.5.4.2 (requested /usr/lib64/liblua.so)
Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib64/liblua5.2.so.5.2.4)
Disable /usr/lib/liblua5.3.so.5.3.6 (requested /usr/lib64/liblua.so.5.3.6)
Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib64/liblua.so.5.2.4)
Disable /usr/lib/liblua.so.5.4.2 (requested /usr/lib64/liblua.so.5.4)
Disable /usr/lib/libluajit-5.1.so.2.0.5 (requested /usr/lib64/libluajit-5.1.so.2.0.5)
Disable /usr/lib/liblua5.3.so.5.3.6 (requested /usr/lib64/liblua5.3.so)
Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib64/liblua5.2.so.5.2)
Disable /usr/lib/libluajit-5.1.so.2.0.5 (requested /usr/lib64/libluajit-5.1.so.2)
Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib64/liblua.so.5.2)
Disable /usr/lib/liblua5.3.so.5.3.6 (requested /usr/lib64/liblua.so.5.3)
Disable /usr/lib/liblua.so.5.4.2 (requested /usr/lib64/liblua5.4.so)
Disable /usr/lib/liblua5.3.so.5.3.6 (requested /usr/lib64/liblua5.3.so.5.3)
Disable /usr/lib/liblua5.3.so.5.3.6 (requested /usr/lib64/liblua5.3.so.5.3.6)
Disable /usr/lib/libluajit-5.1.so.2.0.5 (requested /usr/lib64/libluajit-5.1.so)
Disable /usr/lib/lua (requested /usr/lib64/lua)
Disable /usr/share/lua
Disable /usr/share/luajit-2.0.5
Disable /usr/lib/libmozjs-78.so (requested /usr/lib64/libmozjs-78.so)
Disable /usr/bin/core_perl/cpan
Disable /usr/bin/core_perl
Disable /usr/bin/perl
Disable /usr/bin/site_perl
Disable /usr/bin/vendor_perl
Disable /usr/lib/perl5
Disable /usr/lib/perl5 (requested /usr/lib64/perl5)
Disable /usr/share/perl5
Disable /usr/bin/ruby
Disable /usr/lib/ruby
Disable /usr/bin/python2.7 (requested /usr/bin/python2)
Disable /usr/bin/python2.7-config (requested /usr/bin/python2-config)
Disable /usr/bin/python2.7-config
Disable /usr/bin/python2.7
Disable /usr/lib/python2.7
Disable /usr/bin/python3.9-config (requested /usr/bin/python3-config)
Disable /usr/bin/python3.9-config
Disable /usr/bin/python3.9
Disable /usr/bin/python3.9 (requested /usr/bin/python3)
Disable /usr/lib/python3.9
Disable /usr/lib/python3.9 (requested /usr/lib64/python3.9)
Not blacklist /home/kishore/.config/skypeforlinux
Mounting read-only /tmp/.X11-unix
1906 1632 0:49 /.X11-unix /tmp/.X11-unix ro,nosuid,nodev master:70 - tmpfs tmpfs rw,nr_inodes=409600,inode64
mountid=1906 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Disable /sys/fs
Disable /sys/module
Disable /mnt
Disable /media
Disable /run/mount
Disable /run/media
Mounting noexec /run/firejail/mnt/pulse
1913 1590 0:130 /pulse /run/firejail/mnt/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64
mountid=1913 fsname=/pulse dir=/run/firejail/mnt/pulse fstype=tmpfs
Creating empty /home/kishore/.config/pulse directory
Drop privileges: pid 5, uid 1000, gid 1000, nogroups 0
Mounting /run/firejail/mnt/pulse on /home/kishore/.config/pulse
1914 1629 0:130 /pulse /home/kishore/.config/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64
mountid=1914 fsname=/pulse dir=/home/kishore/.config/pulse fstype=tmpfs
Current directory: /home/kishore
DISPLAY=:0 parsed as 0
Mounting read-only /run/firejail/mnt/seccomp
1916 1590 0:130 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755,inode64
mountid=1916 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs
Seccomp directory:
ls /run/firejail/mnt/seccomp
drwxr-xr-x root root 120 .
drwxr-xr-x root root 260 ..
-rw-r--r-- kishore kishore 1072 seccomp
-rw-r--r-- kishore kishore 808 seccomp.32
-rw-r--r-- kishore kishore 0 seccomp.postexec
-rw-r--r-- kishore kishore 0 seccomp.postexec32
No active seccomp files
Set caps filter 240000
Drop privileges: pid 1, uid 1000, gid 1000, nogroups 1
No supplementary groups
AppArmor enabled
Starting application
LD_PRELOAD=(null)
execvp argument 0: skypeforlinux
Child process initialized in 117.72 ms
Searching $PATH for skypeforlinux
trying #/usr/local/sbin/skypeforlinux#
trying #/usr/local/bin/skypeforlinux#
trying #/usr/bin/skypeforlinux#
monitoring pid 6

Sandbox monitor: waitpid 6 retval 6 status 0
Sandbox monitor: monitoring 11
monitoring pid 11

Sandbox monitor: waitpid 11 retval 11 status 32256

Parent is shutting down, bye...
@rusty-snake
Copy link
Collaborator

Thanks for reporting, apparmor was mistakly added (through include chain) in f4f6767.

@matu3ba matu3ba mentioned this issue Oct 7, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

luarocks matu3ba/firejail
2 participants
@Kishore96in @rusty-snake