Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

gimp 2.10.22-3: gegl:introspect broken #4367

Closed
7 tasks done
themahnamahna opened this issue Jun 21, 2021 · 19 comments
Closed
7 tasks done

gimp 2.10.22-3: gegl:introspect broken #4367

themahnamahna opened this issue Jun 21, 2021 · 19 comments

Comments

@themahnamahna
Copy link

themahnamahna commented Jun 21, 2021
edited
Loading

  • Describe the bug.

when starting gimp via firejail (default profile, no modifications, filedate in /etc/firejail all feb 8th) I get the error from gimp:
"GEGL operation missing!

GIMP requires the GEGL operation "gegl:introspect".
This operation cannot be found. Check your
GEGL install and ensure it has been compiled
with any dependencies required for GIMP."

  • What did you expect to happen?

gimp to start up properly

No profile and disabling firejail

  • What changed calling firejail --noprofile /path/to/program in a terminal?
  • What changed calling the program by path (e.g. /usr/bin/vlc)?

works flawlessly, both versions

Environment

  • Linux distribution and version (ie output of lsb_release -a, screenfetch or cat /etc/os-release)
    No LSB modules are available.
    Distributor ID: Ubuntu
    Description: Ubuntu 21.04
    Release: 21.04
    Codename: hirsute

(with 20.10 everything worked, so something in ubuntu 21.04 changed with the update yesterday)

  • Firejail version (output of firejail --version) exclusive or used git commit (git rev-parse HEAD)

firejail version 0.9.64.4

Additional context
Other context about the problem like related errors to understand the problem.

Checklist

  • The profile (and redirect profile if exists) hasn't already been fixed upstream.
  • The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
  • I have performed a short search for similar issues (to avoid opening a duplicate).
  • no appimage
  • Used LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 PROGRAM to get english error-messages.
  • not browser related
  • This is not a question. Questions should be asked in https://github.com/netblue30/firejail/discussions.
debug output 
OUTPUT OF `firejail --debug PROGRAM`

could I email this? it's 2200 lines!

I grepped for "gegl";

Removed whitelist/nowhitelist path: whitelist /usr/share/gegl-0.4
expanded: /usr/share/gegl-0.4
Not blacklist /home/elcondor/.cache/gegl-0.4
Debug 456: new_name #/usr/share/gegl-0.4#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/gegl-0.4
expanded: /usr/share/gegl-0.4
Not blacklist /home/elcondor/.cache/gegl-0.4

strange thing: there is no "/usr/share/gegl-0.4" anymore. I tried to whitelist /usr/lib/x86_64-linux-gnu/gegl-0.4 (which contains lots of .so files) but get
Error: invalid whitelist path /usr/lib/x86_64-linux-gnu/gegl-0.4

sorry not to be more specific, let me know what else you need or what I should try.

thanks in advance (and overall for the great software!)
@rusty-snake
Copy link
Collaborator

Is anything in the syslog (watch journalctl --boot --pager-end --follow while starting gimp)? (Do you have an AMD-GPU?)

it's 2200 lines!

That's why there are the details-summary tags.

@rusty-snake
Copy link
Collaborator

I'm closing here due to inactivity, please fell free to request to reopen if you still have this issue.

@themahnamahna
Copy link
Author

sorry, I didn't get the notification that you replied.

  • nothing in journalctl/syslog
  • CPU is Intel i5-8265U
  • what are detail-summary tags? (sorry)

@rusty-snake rusty-snake reopened this Sep 7, 2021
@themahnamahna
Copy link
Author

I just found out, that I hadn't updated - was on 0.9.64, updated to 0.9.66 (vie PPA)
now nothing works anymore (calling gimp just as an example):

mahnamahna@snooths:~$ firejail --noprofile /usr/bin/gimp
Error clone: main.c:3015 main: Operation not permitted
mahnamahna@snooths:~$ firejail /usr/bin/gimp
Error: cannot create /run/firejail/profile/7096

I updated all configs to the one that came from the repo. had to remove all links in /usr/local/bin/ to be able to start anything covered by firejail :(

Seems I broke it something completely ..

@rusty-snake
Copy link
Collaborator

ls -l /usr/bin/firejail?

@themahnamahna
Copy link
Author

themahnamahna commented Sep 7, 2021
edited
Loading

-rwxr-xr-x 1 root root 462528 Jul 11 12:00 /usr/bin/firejail

found the following in journalctl:

Sep 07 13:35:37 snooths audit[7646]: AVC apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="firejail-default" pid=7646 comm="apparmor_parser"
Sep 07 13:35:37 snooths kernel: audit: type=1400 audit(1631014537.486:32): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="firejail-default" pid=7646 comm="apparmor_parser"
Sep 07 13:35:37 snooths kernel: audit: type=1400 audit(1631014537.490:33): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="firejail-default" pid=7647 comm="apparmor_parser"
Sep 07 13:35:37 snooths audit[7647]: AVC apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="firejail-default" pid=7647 comm="apparmor_parser"

@rusty-snake
Copy link
Collaborator

rusty-snake commented Sep 7, 2021
edited
Loading

firejail must be SUID. sudo chmod u+s /usr/bin/firejail to fix this.

@themahnamahna
Copy link
Author

works! thanks!
(had to fix some other configs due to new default restrictions, but everything else (I need) seems to run fine)
.. except for gimp, so back to square 1 there (sorry for the detour)
starting works with firejail --noprofile gimp but fails with the originally mention "GEGL operation missing!" error.
--debug log is at https://pastebin.com/raw/5HsfAKA1

@rusty-snake
Copy link
Collaborator

gimp.local

What's in it.

starting works with firejail --noprofile gimp but fails with the originally mention "GEGL operation missing!" error.

So you get this error even with noprofile?

what are detail-summary tags? (sorry)
--debug log is at https://pastebin.com/raw/5HsfAKA1

Markdown:

<details><summary>debug output</summary>

```
DEBUG OUTPUT
goes here

Blank lines around the html tags are required.
```

</details>

Rendered:

debug output 
DEBUG OUTPUT
goes here

Blank lines around the html tags are required.

@themahnamahna
Copy link
Author

themahnamahna commented Sep 7, 2021
edited by rusty-snake
Loading

  • no gimp.local, just regular config as coming from PPA
  • no error with --noprofile
  • ( I have no idea why the debug output below is formatted so strange )
debug output 
Reading profile /etc/firejail/gimp.profile
Autoselecting /bin/bash as shell
Building quoted command line: '/usr/bin/gimp' 
Command name #gimp#
Found gimp.profile profile in /etc/firejail directory
Reading profile /etc/firejail/disable-common.inc
Found gimp.local profile in /home/mahnamahna/.config/firejail directory
Found disable-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-exec.inc
Found disable-exec.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-devel.inc
Found disable-devel.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-passwdmgr.inc
Found disable-passwdmgr.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-programs.inc
Found disable-programs.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-xdg.inc
Found disable-xdg.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Found whitelist-usr-share-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-var-common.inc
Found whitelist-var-common.inc profile in /etc/firejail directory
[profile] combined protocol list: "unix"
DISPLAY=:0 parsed as 0
Parent pid 18856, child pid 18857
Seccomp list in: !mbind, check list: @default-keep, prelist: unknown,
Seccomp list in: !mbind, check list: @default-keep, prelist: unknown,
Initializing child process
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp directory
Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file
sbox run: /run/firejail/lib/fnet ifup lo 
Network namespace enabled, only loopback interface available
Build protocol filter: unix
sbox run: /run/firejail/lib/fseccomp protocol build unix /run/firejail/mnt/seccomp/seccomp.protocol 
Mounting /proc filesystem representing the PID namespace
Basic read-only filesystem:
Mounting read-only /etc
5847 5794 0:28 /@/etc /etc ro,relatime master:1 - btrfs /dev/mapper/snooths-root rw,ssd,space_cache,subvolid=256,subvol=/@
mountid=5847 fsname=/@/etc dir=/etc fstype=btrfs
Mounting noexec /etc
5848 5847 0:28 /@/etc /etc ro,nosuid,nodev,noexec,relatime master:1 - btrfs /dev/mapper/snooths-root rw,ssd,space_cache,subvolid=256,subvol=/@
mountid=5848 fsname=/@/etc dir=/etc fstype=btrfs
Mounting read-only /var
5849 5794 0:28 /@/var /var ro,relatime master:1 - btrfs /dev/mapper/snooths-root rw,ssd,space_cache,subvolid=256,subvol=/@
mountid=5849 fsname=/@/var dir=/var fstype=btrfs
Mounting noexec /var
5850 5849 0:28 /@/var /var ro,nosuid,nodev,noexec,relatime master:1 - btrfs /dev/mapper/snooths-root rw,ssd,space_cache,subvolid=256,subvol=/@
mountid=5850 fsname=/@/var dir=/var fstype=btrfs
Mounting read-only /usr
5851 5794 0:28 /@/usr /usr ro,relatime master:1 - btrfs /dev/mapper/snooths-root rw,ssd,space_cache,subvolid=256,subvol=/@
mountid=5851 fsname=/@/usr dir=/usr fstype=btrfs
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Mounting tmpfs on /var/lib/dhcp
Mounting tmpfs on /var/lib/snmp
Mounting tmpfs on /var/lib/sudo
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Cleaning /run/user directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /home/mahnamahna/.config/firejail
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/profile
Disable /run/firejail/x11
Mounting tmpfs on /dev
mounting /run/firejail/mnt/dev/dri directory
mounting /run/firejail/mnt/dev/video0 file
mounting /run/firejail/mnt/dev/video1 file
mounting /run/firejail/mnt/dev/video2 file
mounting /run/firejail/mnt/dev/video3 file
mounting /run/firejail/mnt/dev/video4 file
mounting /run/firejail/mnt/dev/video5 file
Process /dev/shm directory
Generate private-tmp whitelist commands
Creating empty /run/firejail/mnt/dbus directory
Creating empty /run/firejail/mnt/dbus/user file
blacklist /run/user/1000/bus
Creating empty /run/firejail/mnt/dbus/system file
blacklist /run/dbus/system_bus_socket
blacklist /run/firejail/dbus
Mounting read-only /proc/sys
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /sys/kernel/uevent_helper
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/kernel/hotplug
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/timer_list
Disable /proc/kcore
Disable /proc/kallsyms
Disable /usr/lib/modules (requested /lib/modules)
Disable /usr/lib/debug
Disable /boot
Disable /run/user/1000/gnupg
Disable /run/user/1000/systemd
Disable /proc/kmsg
Debug 553: whitelist /usr/share/gegl-0.4
Debug 574: expanded: /usr/share/gegl-0.4
Debug 585: new_name: /usr/share/gegl-0.4
Debug 599: dir: /usr/share
Adding whitelist top level directory /usr/share
Removed path: whitelist /usr/share/gegl-0.4
	expanded: /usr/share/gegl-0.4
	realpath: (null)
	No such file or directory
Debug 553: whitelist /usr/share/gimp
Debug 574: expanded: /usr/share/gimp
Debug 585: new_name: /usr/share/gimp
Debug 599: dir: /usr/share
Debug 553: whitelist /usr/share/mypaint-data
Debug 574: expanded: /usr/share/mypaint-data
Debug 585: new_name: /usr/share/mypaint-data
Debug 599: dir: /usr/share
Removed path: whitelist /usr/share/mypaint-data
	expanded: /usr/share/mypaint-data
	realpath: (null)
	No such file or directory
Debug 553: whitelist /usr/share/lensfun
Debug 574: expanded: /usr/share/lensfun
Debug 585: new_name: /usr/share/lensfun
Debug 599: dir: /usr/share
Removed path: whitelist /usr/share/lensfun
	expanded: /usr/share/lensfun
	realpath: (null)
	No such file or directory
Debug 553: whitelist /usr/share/alsa
Debug 574: expanded: /usr/share/alsa
Debug 585: new_name: /usr/share/alsa
Debug 599: dir: /usr/share
Debug 553: whitelist /usr/share/applications
Debug 574: expanded: /usr/share/applications
Debug 585: new_name: /usr/share/applications
Debug 599: dir: /usr/share
Debug 553: whitelist /usr/share/ca-certificates
Debug 574: expanded: /usr/share/ca-certificates
Debug 585: new_name: /usr/share/ca-certificates
Debug 599: dir: /usr/share
Debug 553: whitelist /usr/share/crypto-policies
Debug 574: expanded: /usr/share/crypto-policies
Debug 585: new_name: /usr/share/crypto-policies
Debug 599: dir: /usr/share
Removed path: whitelist /usr/share/crypto-policies
	expanded: /usr/share/crypto-policies
	realpath: (null)
	No such file or directory
Debug 553: whitelist /usr/share/cursors
Debug 574: expanded: /usr/share/cursors
Debug 585: new_name: /usr/share/cursors
Debug 599: dir: /usr/share
Removed path: whitelist /usr/share/cursors
	expanded: /usr/share/cursors
	realpath: (null)
	No such file or directory
Debug 553: whitelist /usr/share/dconf
Debug 574: expanded: /usr/share/dconf
Debug 585: new_name: /usr/share/dconf
Debug 599: dir: /usr/share
Removed path: whitelist /usr/share/dconf
	expanded: /usr/share/dconf
	realpath: (null)
	No such file or directory
Debug 553: whitelist /usr/share/distro-info
Debug 574: expanded: /usr/share/distro-info
Debug 585: new_name: /usr/share/distro-info
Debug 599: dir: /usr/share
Debug 553: whitelist /usr/share/drirc.d
Debug 574: expanded: /usr/share/drirc.d
Debug 585: new_name: /usr/share/drirc.d
Debug 599: dir: /usr/share
Debug 553: whitelist /usr/share/enchant
Debug 574: expanded: /usr/share/enchant
Debug 585: new_name: /usr/share/enchant
Debug 599: dir: /usr/share
Removed path: whitelist /usr/share/enchant
	expanded: /usr/share/enchant
	realpath: (null)
	No such file or directory
Debug 553: whitelist /usr/share/enchant-2
Debug 574: expanded: /usr/share/enchant-2
Debug 585: new_name: /usr/share/enchant-2
Debug 599: dir: /usr/share
Debug 553: whitelist /usr/share/file
Debug 574: expanded: /usr/share/file
Debug 585: new_name: /usr/share/file
Debug 599: dir: /usr/share
Debug 553: whitelist /usr/share/fontconfig
Debug 574: expanded: /usr/share/fontconfig
Debug 585: new_name: /usr/share/fontconfig
Debug 599: dir: /usr/share
Debug 553: whitelist /usr/share/fonts
Debug 574: expanded: /usr/share/fonts
Debug 585: new_name: /usr/share/fonts
Debug 599: dir: /usr/share
Debug 553: whitelist /usr/share/fonts-config
Debug 574: expanded: /usr/share/fonts-config
Debug 585: new_name: /usr/share/fonts-config
Debug 599: dir: /usr/share
Removed path: whitelist /usr/share/fonts-config
	expanded: /usr/share/fonts-config
	realpath: (null)
	No such file or directory
Debug 553: whitelist /usr/share/gir-1.0
Debug 574: expanded: /usr/share/gir-1.0
Debug 585: new_name: /usr/share/gir-1.0
Debug 599: dir: /usr/share
Removed path: whitelist /usr/share/gir-1.0
	expanded: /usr/share/gir-1.0
	realpath: (null)
	No such file or directory
Debug 553: whitelist /usr/share/gjs-1.0
Debug 574: expanded: /usr/share/gjs-1.0
Debug 585: new_name: /usr/share/gjs-1.0
Debug 599: dir: /usr/share
Removed path: whitelist /usr/share/gjs-1.0
	expanded: /usr/share/gjs-1.0
	realpath: (null)
	No such file or directory
Debug 553: whitelist /usr/share/glib-2.0
Debug 574: expanded: /usr/share/glib-2.0
Debug 585: new_name: /usr/share/glib-2.0
Debug 599: dir: /usr/share
Debug 553: whitelist /usr/share/glvnd
Debug 574: expanded: /usr/share/glvnd
Debug 585: new_name: /usr/share/glvnd
Debug 599: dir: /usr/share
Debug 553: whitelist /usr/share/gtk-2.0
Debug 574: expanded: /usr/share/gtk-2.0
Debug 585: new_name: /usr/share/gtk-2.0
Debug 599: dir: /usr/share
Removed path: whitelist /usr/share/gtk-2.0
	expanded: /usr/share/gtk-2.0
	realpath: (null)
	No such file or directory
Debug 553: whitelist /usr/share/gtk-3.0
Debug 574: expanded: /usr/share/gtk-3.0
Debug 585: new_name: /usr/share/gtk-3.0
Debug 599: dir: /usr/share
Removed path: whitelist /usr/share/gtk-3.0
	expanded: /usr/share/gtk-3.0
	realpath: (null)
	No such file or directory
Debug 553: whitelist /usr/share/gtk-engines
Debug 574: expanded: /usr/share/gtk-engines
Debug 585: new_name: /usr/share/gtk-engines
Debug 599: dir: /usr/share
Debug 553: whitelist /usr/share/gtksourceview-3.0
Debug 574: expanded: /usr/share/gtksourceview-3.0
Debug 585: new_name: /usr/share/gtksourceview-3.0
Debug 599: dir: /usr/share
Debug 553: whitelist /usr/share/gtksourceview-4
Debug 574: expanded: /usr/share/gtksourceview-4
Debug 585: new_name: /usr/share/gtksourceview-4
Debug 599: dir: /usr/share
Debug 553: whitelist /usr/share/hunspell
Debug 574: expanded: /usr/share/hunspell
Debug 585: new_name: /usr/share/hunspell
Debug 599: dir: /usr/share
Debug 553: whitelist /usr/share/hwdata
Debug 574: expanded: /usr/share/hwdata
Debug 585: new_name: /usr/share/hwdata
Debug 599: dir: /usr/share
Removed path: whitelist /usr/share/hwdata
	expanded: /usr/share/hwdata
	realpath: (null)
	No such file or directory
Debug 553: whitelist /usr/share/icons
Debug 574: expanded: /usr/share/icons
Debug 585: new_name: /usr/share/icons
Debug 599: dir: /usr/share
Debug 553: whitelist /usr/share/icu
Debug 574: expanded: /usr/share/icu
Debug 585: new_name: /usr/share/icu
Debug 599: dir: /usr/share
Removed path: whitelist /usr/share/icu
	expanded: /usr/share/icu
	realpath: (null)
	No such file or directory
Debug 553: whitelist /usr/share/knotifications5
Debug 574: expanded: /usr/share/knotifications5
Debug 585: new_name: /usr/share/knotifications5
Debug 599: dir: /usr/share
Removed path: whitelist /usr/share/knotifications5
	expanded: /usr/share/knotifications5
	realpath: (null)
	No such file or directory
Debug 553: whitelist /usr/share/kservices5
Debug 574: expanded: /usr/share/kservices5
Debug 585: new_name: /usr/share/kservices5
Debug 599: dir: /usr/share
Removed path: whitelist /usr/share/kservices5
	expanded: /usr/share/kservices5
	realpath: (null)
	No such file or directory
Debug 553: whitelist /usr/share/Kvantum
Debug 574: expanded: /usr/share/Kvantum
Debug 585: new_name: /usr/share/Kvantum
Debug 599: dir: /usr/share
Removed path: whitelist /usr/share/Kvantum
	expanded: /usr/share/Kvantum
	realpath: (null)
	No such file or directory
Debug 553: whitelist /usr/share/kxmlgui5
Debug 574: expanded: /usr/share/kxmlgui5
Debug 585: new_name: /usr/share/kxmlgui5
Debug 599: dir: /usr/share
Removed path: whitelist /usr/share/kxmlgui5
	expanded: /usr/share/kxmlgui5
	realpath: (null)
	No such file or directory
Debug 553: whitelist /usr/share/libdrm
Debug 574: expanded: /usr/share/libdrm
Debug 585: new_name: /usr/share/libdrm
Debug 599: dir: /usr/share
Debug 553: whitelist /usr/share/libthai
Debug 574: expanded: /usr/share/libthai
Debug 585: new_name: /usr/share/libthai
Debug 599: dir: /usr/share
Debug 553: whitelist /usr/share/locale
Debug 574: expanded: /usr/share/locale
Debug 585: new_name: /usr/share/locale
Debug 599: dir: /usr/share
Debug 553: whitelist /usr/share/mime
Debug 574: expanded: /usr/share/mime
Debug 585: new_name: /usr/share/mime
Debug 599: dir: /usr/share
Debug 553: whitelist /usr/share/misc
Debug 574: expanded: /usr/share/misc
Debug 585: new_name: /usr/share/misc
Debug 599: dir: /usr/share
Debug 553: whitelist /usr/share/Modules
Debug 574: expanded: /usr/share/Modules
Debug 585: new_name: /usr/share/Modules
Debug 599: dir: /usr/share
Removed path: whitelist /usr/share/Modules
	expanded: /usr/share/Modules
	realpath: (null)
	No such file or directory
Debug 553: whitelist /usr/share/myspell
Debug 574: expanded: /usr/share/myspell
Debug 585: new_name: /usr/share/myspell
Debug 599: dir: /usr/share
Removed path: whitelist /usr/share/myspell
	expanded: /usr/share/myspell
	realpath: (null)
	No such file or directory
Debug 553: whitelist /usr/share/p11-kit
Debug 574: expanded: /usr/share/p11-kit
Debug 585: new_name: /usr/share/p11-kit
Debug 599: dir: /usr/share
Debug 553: whitelist /usr/share/perl
Debug 574: expanded: /usr/share/perl
Debug 585: new_name: /usr/share/perl
Debug 599: dir: /usr/share
Debug 553: whitelist /usr/share/perl5
Debug 574: expanded: /usr/share/perl5
Debug 585: new_name: /usr/share/perl5
Debug 599: dir: /usr/share
Debug 553: whitelist /usr/share/pixmaps
Debug 574: expanded: /usr/share/pixmaps
Debug 585: new_name: /usr/share/pixmaps
Debug 599: dir: /usr/share
Debug 553: whitelist /usr/share/pki
Debug 574: expanded: /usr/share/pki
Debug 585: new_name: /usr/share/pki
Debug 599: dir: /usr/share
Removed path: whitelist /usr/share/pki
	expanded: /usr/share/pki
	realpath: (null)
	No such file or directory
Debug 553: whitelist /usr/share/plasma
Debug 574: expanded: /usr/share/plasma
Debug 585: new_name: /usr/share/plasma
Debug 599: dir: /usr/share
Removed path: whitelist /usr/share/plasma
	expanded: /usr/share/plasma
	realpath: (null)
	No such file or directory
Debug 553: whitelist /usr/share/publicsuffix
Debug 574: expanded: /usr/share/publicsuffix
Debug 585: new_name: /usr/share/publicsuffix
Debug 599: dir: /usr/share
Debug 553: whitelist /usr/share/qt
Debug 574: expanded: /usr/share/qt
Debug 585: new_name: /usr/share/qt
Debug 599: dir: /usr/share
Removed path: whitelist /usr/share/qt
	expanded: /usr/share/qt
	realpath: (null)
	No such file or directory
Debug 553: whitelist /usr/share/qt4
Debug 574: expanded: /usr/share/qt4
Debug 585: new_name: /usr/share/qt4
Debug 599: dir: /usr/share
Removed path: whitelist /usr/share/qt4
	expanded: /usr/share/qt4
	realpath: (null)
	No such file or directory
Debug 553: whitelist /usr/share/qt5
Debug 574: expanded: /usr/share/qt5
Debug 585: new_name: /usr/share/qt5
Debug 599: dir: /usr/share
Debug 553: whitelist /usr/share/qt5ct
Debug 574: expanded: /usr/share/qt5ct
Debug 585: new_name: /usr/share/qt5ct
Debug 599: dir: /usr/share
Removed path: whitelist /usr/share/qt5ct
	expanded: /usr/share/qt5ct
	realpath: (null)
	No such file or directory
Debug 553: whitelist /usr/share/sounds
Debug 574: expanded: /usr/share/sounds
Debug 585: new_name: /usr/share/sounds
Debug 599: dir: /usr/share
Debug 553: whitelist /usr/share/tcl8.6
Debug 574: expanded: /usr/share/tcl8.6
Debug 585: new_name: /usr/share/tcl8.6
Debug 599: dir: /usr/share
Removed path: whitelist /usr/share/tcl8.6
	expanded: /usr/share/tcl8.6
	realpath: (null)
	No such file or directory
Debug 553: whitelist /usr/share/tcltk
Debug 574: expanded: /usr/share/tcltk
Debug 585: new_name: /usr/share/tcltk
Debug 599: dir: /usr/share
Debug 553: whitelist /usr/share/terminfo
Debug 574: expanded: /usr/share/terminfo
Debug 585: new_name: /usr/share/terminfo
Debug 599: dir: /usr/share
Debug 553: whitelist /usr/share/texlive
Debug 574: expanded: /usr/share/texlive
Debug 585: new_name: /usr/share/texlive
Debug 599: dir: /usr/share
Removed path: whitelist /usr/share/texlive
	expanded: /usr/share/texlive
	realpath: (null)
	No such file or directory
Debug 553: whitelist /usr/share/texmf
Debug 574: expanded: /usr/share/texmf
Debug 585: new_name: /usr/share/texmf
Debug 599: dir: /usr/share
Removed path: whitelist /usr/share/texmf
	expanded: /usr/share/texmf
	realpath: (null)
	No such file or directory
Debug 553: whitelist /usr/share/themes
Debug 574: expanded: /usr/share/themes
Debug 585: new_name: /usr/share/themes
Debug 599: dir: /usr/share
Debug 553: whitelist /usr/share/thumbnail.so
Debug 574: expanded: /usr/share/thumbnail.so
Debug 585: new_name: /usr/share/thumbnail.so
Debug 599: dir: /usr/share
Removed path: whitelist /usr/share/thumbnail.so
	expanded: /usr/share/thumbnail.so
	realpath: (null)
	No such file or directory
Debug 553: whitelist /usr/share/uim
Debug 574: expanded: /usr/share/uim
Debug 585: new_name: /usr/share/uim
Debug 599: dir: /usr/share
Removed path: whitelist /usr/share/uim
	expanded: /usr/share/uim
	realpath: (null)
	No such file or directory
Debug 553: whitelist /usr/share/vulkan
Debug 574: expanded: /usr/share/vulkan
Debug 585: new_name: /usr/share/vulkan
Debug 599: dir: /usr/share
Debug 553: whitelist /usr/share/X11
Debug 574: expanded: /usr/share/X11
Debug 585: new_name: /usr/share/X11
Debug 599: dir: /usr/share
Debug 553: whitelist /usr/share/xml
Debug 574: expanded: /usr/share/xml
Debug 585: new_name: /usr/share/xml
Debug 599: dir: /usr/share
Debug 553: whitelist /usr/share/zenity
Debug 574: expanded: /usr/share/zenity
Debug 585: new_name: /usr/share/zenity
Debug 599: dir: /usr/share
Debug 553: whitelist /usr/share/zoneinfo
Debug 574: expanded: /usr/share/zoneinfo
Debug 585: new_name: /usr/share/zoneinfo
Debug 599: dir: /usr/share
Debug 553: whitelist /var/lib/aspell
Debug 574: expanded: /var/lib/aspell
Debug 585: new_name: /var/lib/aspell
Debug 599: dir: /var
Adding whitelist top level directory /var
Debug 553: whitelist /var/lib/ca-certificates
Debug 574: expanded: /var/lib/ca-certificates
Debug 585: new_name: /var/lib/ca-certificates
Debug 599: dir: /var
Removed path: whitelist /var/lib/ca-certificates
	expanded: /var/lib/ca-certificates
	realpath: (null)
	No such file or directory
Debug 553: whitelist /var/lib/dbus
Debug 574: expanded: /var/lib/dbus
Debug 585: new_name: /var/lib/dbus
Debug 599: dir: /var
Debug 553: whitelist /var/lib/menu-xdg
Debug 574: expanded: /var/lib/menu-xdg
Debug 585: new_name: /var/lib/menu-xdg
Debug 599: dir: /var
Debug 553: whitelist /var/lib/uim
Debug 574: expanded: /var/lib/uim
Debug 585: new_name: /var/lib/uim
Debug 599: dir: /var
Removed path: whitelist /var/lib/uim
	expanded: /var/lib/uim
	realpath: (null)
	No such file or directory
Debug 553: whitelist /var/cache/fontconfig
Debug 574: expanded: /var/cache/fontconfig
Debug 585: new_name: /var/cache/fontconfig
Debug 599: dir: /var
Debug 553: whitelist /var/tmp
Debug 574: expanded: /var/tmp
Debug 585: new_name: /var/tmp
Debug 599: dir: /var
Debug 553: whitelist /var/run
Debug 574: expanded: /var/run
Debug 585: new_name: /var/run
Debug 599: dir: /var
Debug 553: whitelist /var/lock
Debug 574: expanded: /var/lock
Debug 585: new_name: /var/lock
Debug 599: dir: /var
Debug 553: whitelist /tmp/.X11-unix
Debug 574: expanded: /tmp/.X11-unix
Debug 585: new_name: /tmp/.X11-unix
Debug 599: dir: /tmp
Adding whitelist top level directory /tmp
Mounting tmpfs on /usr/share, check owner: no
5902 5851 0:210 / /usr/share rw,nosuid,nodev,relatime - tmpfs tmpfs rw,mode=755,inode64
mountid=5902 fsname=/ dir=/usr/share fstype=tmpfs
Mounting tmpfs on /var, check owner: no
5903 5850 0:211 / /var rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,mode=755,inode64
mountid=5903 fsname=/ dir=/var fstype=tmpfs
Mounting tmpfs on /tmp, check owner: no
5904 5794 0:212 / /tmp rw,nosuid,nodev,relatime - tmpfs tmpfs rw,inode64
mountid=5904 fsname=/ dir=/tmp fstype=tmpfs
Debug 735: file: /usr/share/gimp; dirfd: 4; topdir: /usr/share; rel: gimp
Whitelisting /usr/share/gimp
5905 5902 0:28 /@/usr/share/gimp /usr/share/gimp ro,relatime master:1 - btrfs /dev/mapper/snooths-root rw,ssd,space_cache,subvolid=256,subvol=/@
mountid=5905 fsname=/@/usr/share/gimp dir=/usr/share/gimp fstype=btrfs
Debug 735: file: /usr/share/alsa; dirfd: 4; topdir: /usr/share; rel: alsa
Whitelisting /usr/share/alsa
5906 5902 0:28 /@/usr/share/alsa /usr/share/alsa ro,relatime master:1 - btrfs /dev/mapper/snooths-root rw,ssd,space_cache,subvolid=256,subvol=/@
mountid=5906 fsname=/@/usr/share/alsa dir=/usr/share/alsa fstype=btrfs
Debug 735: file: /usr/share/applications; dirfd: 4; topdir: /usr/share; rel: applications
Whitelisting /usr/share/applications
5907 5902 0:28 /@/usr/share/applications /usr/share/applications ro,relatime master:1 - btrfs /dev/mapper/snooths-root rw,ssd,space_cache,subvolid=256,subvol=/@
mountid=5907 fsname=/@/usr/share/applications dir=/usr/share/applications fstype=btrfs
Debug 735: file: /usr/share/ca-certificates; dirfd: 4; topdir: /usr/share; rel: ca-certificates
Whitelisting /usr/share/ca-certificates
5908 5902 0:28 /@/usr/share/ca-certificates /usr/share/ca-certificates ro,relatime master:1 - btrfs /dev/mapper/snooths-root rw,ssd,space_cache,subvolid=256,subvol=/@
mountid=5908 fsname=/@/usr/share/ca-certificates dir=/usr/share/ca-certificates fstype=btrfs
Debug 735: file: /usr/share/distro-info; dirfd: 4; topdir: /usr/share; rel: distro-info
Whitelisting /usr/share/distro-info
5909 5902 0:28 /@/usr/share/distro-info /usr/share/distro-info ro,relatime master:1 - btrfs /dev/mapper/snooths-root rw,ssd,space_cache,subvolid=256,subvol=/@
mountid=5909 fsname=/@/usr/share/distro-info dir=/usr/share/distro-info fstype=btrfs
Debug 735: file: /usr/share/drirc.d; dirfd: 4; topdir: /usr/share; rel: drirc.d
Whitelisting /usr/share/drirc.d
5910 5902 0:28 /@/usr/share/drirc.d /usr/share/drirc.d ro,relatime master:1 - btrfs /dev/mapper/snooths-root rw,ssd,space_cache,subvolid=256,subvol=/@
mountid=5910 fsname=/@/usr/share/drirc.d dir=/usr/share/drirc.d fstype=btrfs
Debug 735: file: /usr/share/enchant-2; dirfd: 4; topdir: /usr/share; rel: enchant-2
Whitelisting /usr/share/enchant-2
5911 5902 0:28 /@/usr/share/enchant-2 /usr/share/enchant-2 ro,relatime master:1 - btrfs /dev/mapper/snooths-root rw,ssd,space_cache,subvolid=256,subvol=/@
mountid=5911 fsname=/@/usr/share/enchant-2 dir=/usr/share/enchant-2 fstype=btrfs
Debug 735: file: /usr/share/file; dirfd: 4; topdir: /usr/share; rel: file
Whitelisting /usr/share/file
5912 5902 0:28 /@/usr/share/file /usr/share/file ro,relatime master:1 - btrfs /dev/mapper/snooths-root rw,ssd,space_cache,subvolid=256,subvol=/@
mountid=5912 fsname=/@/usr/share/file dir=/usr/share/file fstype=btrfs
Debug 735: file: /usr/share/fontconfig; dirfd: 4; topdir: /usr/share; rel: fontconfig
Whitelisting /usr/share/fontconfig
5913 5902 0:28 /@/usr/share/fontconfig /usr/share/fontconfig ro,relatime master:1 - btrfs /dev/mapper/snooths-root rw,ssd,space_cache,subvolid=256,subvol=/@
mountid=5913 fsname=/@/usr/share/fontconfig dir=/usr/share/fontconfig fstype=btrfs
Debug 735: file: /usr/share/fonts; dirfd: 4; topdir: /usr/share; rel: fonts
Whitelisting /usr/share/fonts
5914 5902 0:28 /@/usr/share/fonts /usr/share/fonts ro,relatime master:1 - btrfs /dev/mapper/snooths-root rw,ssd,space_cache,subvolid=256,subvol=/@
mountid=5914 fsname=/@/usr/share/fonts dir=/usr/share/fonts fstype=btrfs
Debug 735: file: /usr/share/glib-2.0; dirfd: 4; topdir: /usr/share; rel: glib-2.0
Whitelisting /usr/share/glib-2.0
5915 5902 0:28 /@/usr/share/glib-2.0 /usr/share/glib-2.0 ro,relatime master:1 - btrfs /dev/mapper/snooths-root rw,ssd,space_cache,subvolid=256,subvol=/@
mountid=5915 fsname=/@/usr/share/glib-2.0 dir=/usr/share/glib-2.0 fstype=btrfs
Debug 735: file: /usr/share/glvnd; dirfd: 4; topdir: /usr/share; rel: glvnd
Whitelisting /usr/share/glvnd
5916 5902 0:28 /@/usr/share/glvnd /usr/share/glvnd ro,relatime master:1 - btrfs /dev/mapper/snooths-root rw,ssd,space_cache,subvolid=256,subvol=/@
mountid=5916 fsname=/@/usr/share/glvnd dir=/usr/share/glvnd fstype=btrfs
Debug 735: file: /usr/share/gtk-engines; dirfd: 4; topdir: /usr/share; rel: gtk-engines
Whitelisting /usr/share/gtk-engines
5917 5902 0:28 /@/usr/share/gtk-engines /usr/share/gtk-engines ro,relatime master:1 - btrfs /dev/mapper/snooths-root rw,ssd,space_cache,subvolid=256,subvol=/@
mountid=5917 fsname=/@/usr/share/gtk-engines dir=/usr/share/gtk-engines fstype=btrfs
Debug 735: file: /usr/share/gtksourceview-3.0; dirfd: 4; topdir: /usr/share; rel: gtksourceview-3.0
Whitelisting /usr/share/gtksourceview-3.0
5918 5902 0:28 /@/usr/share/gtksourceview-3.0 /usr/share/gtksourceview-3.0 ro,relatime master:1 - btrfs /dev/mapper/snooths-root rw,ssd,space_cache,subvolid=256,subvol=/@
mountid=5918 fsname=/@/usr/share/gtksourceview-3.0 dir=/usr/share/gtksourceview-3.0 fstype=btrfs
Debug 735: file: /usr/share/gtksourceview-4; dirfd: 4; topdir: /usr/share; rel: gtksourceview-4
Whitelisting /usr/share/gtksourceview-4
5919 5902 0:28 /@/usr/share/gtksourceview-4 /usr/share/gtksourceview-4 ro,relatime master:1 - btrfs /dev/mapper/snooths-root rw,ssd,space_cache,subvolid=256,subvol=/@
mountid=5919 fsname=/@/usr/share/gtksourceview-4 dir=/usr/share/gtksourceview-4 fstype=btrfs
Debug 735: file: /usr/share/hunspell; dirfd: 4; topdir: /usr/share; rel: hunspell
Whitelisting /usr/share/hunspell
5920 5902 0:28 /@/usr/share/hunspell /usr/share/hunspell ro,relatime master:1 - btrfs /dev/mapper/snooths-root rw,ssd,space_cache,subvolid=256,subvol=/@
mountid=5920 fsname=/@/usr/share/hunspell dir=/usr/share/hunspell fstype=btrfs
Debug 735: file: /usr/share/icons; dirfd: 4; topdir: /usr/share; rel: icons
Whitelisting /usr/share/icons
5921 5902 0:28 /@/usr/share/icons /usr/share/icons ro,relatime master:1 - btrfs /dev/mapper/snooths-root rw,ssd,space_cache,subvolid=256,subvol=/@
mountid=5921 fsname=/@/usr/share/icons dir=/usr/share/icons fstype=btrfs
Debug 735: file: /usr/share/libdrm; dirfd: 4; topdir: /usr/share; rel: libdrm
Whitelisting /usr/share/libdrm
5922 5902 0:28 /@/usr/share/libdrm /usr/share/libdrm ro,relatime master:1 - btrfs /dev/mapper/snooths-root rw,ssd,space_cache,subvolid=256,subvol=/@
mountid=5922 fsname=/@/usr/share/libdrm dir=/usr/share/libdrm fstype=btrfs
Debug 735: file: /usr/share/libthai; dirfd: 4; topdir: /usr/share; rel: libthai
Whitelisting /usr/share/libthai
5923 5902 0:28 /@/usr/share/libthai /usr/share/libthai ro,relatime master:1 - btrfs /dev/mapper/snooths-root rw,ssd,space_cache,subvolid=256,subvol=/@
mountid=5923 fsname=/@/usr/share/libthai dir=/usr/share/libthai fstype=btrfs
Debug 735: file: /usr/share/locale; dirfd: 4; topdir: /usr/share; rel: locale
Whitelisting /usr/share/locale
5924 5902 0:28 /@/usr/share/locale /usr/share/locale ro,relatime master:1 - btrfs /dev/mapper/snooths-root rw,ssd,space_cache,subvolid=256,subvol=/@
mountid=5924 fsname=/@/usr/share/locale dir=/usr/share/locale fstype=btrfs
Debug 735: file: /usr/share/mime; dirfd: 4; topdir: /usr/share; rel: mime
Whitelisting /usr/share/mime
5925 5902 0:28 /@/usr/share/mime /usr/share/mime ro,relatime master:1 - btrfs /dev/mapper/snooths-root rw,ssd,space_cache,subvolid=256,subvol=/@
mountid=5925 fsname=/@/usr/share/mime dir=/usr/share/mime fstype=btrfs
Debug 735: file: /usr/share/misc; dirfd: 4; topdir: /usr/share; rel: misc
Whitelisting /usr/share/misc
5926 5902 0:28 /@/usr/share/misc /usr/share/misc ro,relatime master:1 - btrfs /dev/mapper/snooths-root rw,ssd,space_cache,subvolid=256,subvol=/@
mountid=5926 fsname=/@/usr/share/misc dir=/usr/share/misc fstype=btrfs
Debug 735: file: /usr/share/p11-kit; dirfd: 4; topdir: /usr/share; rel: p11-kit
Whitelisting /usr/share/p11-kit
5927 5902 0:28 /@/usr/share/p11-kit /usr/share/p11-kit ro,relatime master:1 - btrfs /dev/mapper/snooths-root rw,ssd,space_cache,subvolid=256,subvol=/@
mountid=5927 fsname=/@/usr/share/p11-kit dir=/usr/share/p11-kit fstype=btrfs
Debug 735: file: /usr/share/perl; dirfd: 4; topdir: /usr/share; rel: perl
Whitelisting /usr/share/perl
5928 5902 0:28 /@/usr/share/perl /usr/share/perl ro,relatime master:1 - btrfs /dev/mapper/snooths-root rw,ssd,space_cache,subvolid=256,subvol=/@
mountid=5928 fsname=/@/usr/share/perl dir=/usr/share/perl fstype=btrfs
Debug 735: file: /usr/share/perl5; dirfd: 4; topdir: /usr/share; rel: perl5
Whitelisting /usr/share/perl5
5929 5902 0:28 /@/usr/share/perl5 /usr/share/perl5 ro,relatime master:1 - btrfs /dev/mapper/snooths-root rw,ssd,space_cache,subvolid=256,subvol=/@
mountid=5929 fsname=/@/usr/share/perl5 dir=/usr/share/perl5 fstype=btrfs
Debug 735: file: /usr/share/pixmaps; dirfd: 4; topdir: /usr/share; rel: pixmaps
Whitelisting /usr/share/pixmaps
5930 5902 0:28 /@/usr/share/pixmaps /usr/share/pixmaps ro,relatime master:1 - btrfs /dev/mapper/snooths-root rw,ssd,space_cache,subvolid=256,subvol=/@
mountid=5930 fsname=/@/usr/share/pixmaps dir=/usr/share/pixmaps fstype=btrfs
Debug 735: file: /usr/share/publicsuffix; dirfd: 4; topdir: /usr/share; rel: publicsuffix
Whitelisting /usr/share/publicsuffix
5931 5902 0:28 /@/usr/share/publicsuffix /usr/share/publicsuffix ro,relatime master:1 - btrfs /dev/mapper/snooths-root rw,ssd,space_cache,subvolid=256,subvol=/@
mountid=5931 fsname=/@/usr/share/publicsuffix dir=/usr/share/publicsuffix fstype=btrfs
Debug 735: file: /usr/share/qt5; dirfd: 4; topdir: /usr/share; rel: qt5
Whitelisting /usr/share/qt5
5932 5902 0:28 /@/usr/share/qt5 /usr/share/qt5 ro,relatime master:1 - btrfs /dev/mapper/snooths-root rw,ssd,space_cache,subvolid=256,subvol=/@
mountid=5932 fsname=/@/usr/share/qt5 dir=/usr/share/qt5 fstype=btrfs
Debug 735: file: /usr/share/sounds; dirfd: 4; topdir: /usr/share; rel: sounds
Whitelisting /usr/share/sounds
5933 5902 0:28 /@/usr/share/sounds /usr/share/sounds ro,relatime master:1 - btrfs /dev/mapper/snooths-root rw,ssd,space_cache,subvolid=256,subvol=/@
mountid=5933 fsname=/@/usr/share/sounds dir=/usr/share/sounds fstype=btrfs
Debug 735: file: /usr/share/tcltk; dirfd: 4; topdir: /usr/share; rel: tcltk
Whitelisting /usr/share/tcltk
5934 5902 0:28 /@/usr/share/tcltk /usr/share/tcltk ro,relatime master:1 - btrfs /dev/mapper/snooths-root rw,ssd,space_cache,subvolid=256,subvol=/@
mountid=5934 fsname=/@/usr/share/tcltk dir=/usr/share/tcltk fstype=btrfs
Debug 735: file: /usr/share/terminfo; dirfd: 4; topdir: /usr/share; rel: terminfo
Whitelisting /usr/share/terminfo
5935 5902 0:28 /@/usr/share/terminfo /usr/share/terminfo ro,relatime master:1 - btrfs /dev/mapper/snooths-root rw,ssd,space_cache,subvolid=256,subvol=/@
mountid=5935 fsname=/@/usr/share/terminfo dir=/usr/share/terminfo fstype=btrfs
Debug 735: file: /usr/share/themes; dirfd: 4; topdir: /usr/share; rel: themes
Whitelisting /usr/share/themes
5936 5902 0:28 /@/usr/share/themes /usr/share/themes ro,relatime master:1 - btrfs /dev/mapper/snooths-root rw,ssd,space_cache,subvolid=256,subvol=/@
mountid=5936 fsname=/@/usr/share/themes dir=/usr/share/themes fstype=btrfs
Debug 735: file: /usr/share/vulkan; dirfd: 4; topdir: /usr/share; rel: vulkan
Whitelisting /usr/share/vulkan
5937 5902 0:28 /@/usr/share/vulkan /usr/share/vulkan ro,relatime master:1 - btrfs /dev/mapper/snooths-root rw,ssd,space_cache,subvolid=256,subvol=/@
mountid=5937 fsname=/@/usr/share/vulkan dir=/usr/share/vulkan fstype=btrfs
Debug 735: file: /usr/share/X11; dirfd: 4; topdir: /usr/share; rel: X11
Whitelisting /usr/share/X11
5938 5902 0:28 /@/usr/share/X11 /usr/share/X11 ro,relatime master:1 - btrfs /dev/mapper/snooths-root rw,ssd,space_cache,subvolid=256,subvol=/@
mountid=5938 fsname=/@/usr/share/X11 dir=/usr/share/X11 fstype=btrfs
Debug 735: file: /usr/share/xml; dirfd: 4; topdir: /usr/share; rel: xml
Whitelisting /usr/share/xml
5939 5902 0:28 /@/usr/share/xml /usr/share/xml ro,relatime master:1 - btrfs /dev/mapper/snooths-root rw,ssd,space_cache,subvolid=256,subvol=/@
mountid=5939 fsname=/@/usr/share/xml dir=/usr/share/xml fstype=btrfs
Debug 735: file: /usr/share/zenity; dirfd: 4; topdir: /usr/share; rel: zenity
Whitelisting /usr/share/zenity
5940 5902 0:28 /@/usr/share/zenity /usr/share/zenity ro,relatime master:1 - btrfs /dev/mapper/snooths-root rw,ssd,space_cache,subvolid=256,subvol=/@
mountid=5940 fsname=/@/usr/share/zenity dir=/usr/share/zenity fstype=btrfs
Debug 735: file: /usr/share/zoneinfo; dirfd: 4; topdir: /usr/share; rel: zoneinfo
Whitelisting /usr/share/zoneinfo
5941 5902 0:28 /@/usr/share/zoneinfo /usr/share/zoneinfo ro,relatime master:1 - btrfs /dev/mapper/snooths-root rw,ssd,space_cache,subvolid=256,subvol=/@
mountid=5941 fsname=/@/usr/share/zoneinfo dir=/usr/share/zoneinfo fstype=btrfs
Debug 735: file: /var/lib/aspell; dirfd: 5; topdir: /var; rel: lib/aspell
Whitelisting /var/lib/aspell
5942 5903 0:28 /@/var/lib/aspell /var/lib/aspell ro,nosuid,nodev,noexec,relatime master:1 - btrfs /dev/mapper/snooths-root rw,ssd,space_cache,subvolid=256,subvol=/@
mountid=5942 fsname=/@/var/lib/aspell dir=/var/lib/aspell fstype=btrfs
Debug 735: file: /var/lib/dbus; dirfd: 5; topdir: /var; rel: lib/dbus
Whitelisting /var/lib/dbus
5943 5903 0:28 /@/var/lib/dbus /var/lib/dbus ro,nosuid,nodev,noexec,relatime master:1 - btrfs /dev/mapper/snooths-root rw,ssd,space_cache,subvolid=256,subvol=/@
mountid=5943 fsname=/@/var/lib/dbus dir=/var/lib/dbus fstype=btrfs
Debug 735: file: /var/lib/menu-xdg; dirfd: 5; topdir: /var; rel: lib/menu-xdg
Whitelisting /var/lib/menu-xdg
5944 5903 0:28 /@/var/lib/menu-xdg /var/lib/menu-xdg ro,nosuid,nodev,noexec,relatime master:1 - btrfs /dev/mapper/snooths-root rw,ssd,space_cache,subvolid=256,subvol=/@
mountid=5944 fsname=/@/var/lib/menu-xdg dir=/var/lib/menu-xdg fstype=btrfs
Debug 735: file: /var/cache/fontconfig; dirfd: 5; topdir: /var; rel: cache/fontconfig
Whitelisting /var/cache/fontconfig
5945 5903 0:28 /@/var/cache/fontconfig /var/cache/fontconfig ro,nosuid,nodev,noexec,relatime master:1 - btrfs /dev/mapper/snooths-root rw,ssd,space_cache,subvolid=256,subvol=/@
mountid=5945 fsname=/@/var/cache/fontconfig dir=/var/cache/fontconfig fstype=btrfs
Debug 735: file: /var/tmp; dirfd: 5; topdir: /var; rel: tmp
Whitelisting /var/tmp
5946 5903 0:200 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw,inode64
mountid=5946 fsname=/ dir=/var/tmp fstype=tmpfs
Created symbolic link /var/run -> /run
Created symbolic link /var/lock -> /run/lock
Debug 735: file: /tmp/.X11-unix; dirfd: 7; topdir: /tmp; rel: .X11-unix
Whitelisting /tmp/.X11-unix
5947 5904 0:28 /@/tmp/.X11-unix /tmp/.X11-unix rw,relatime master:1 - btrfs /dev/mapper/snooths-root rw,ssd,space_cache,subvolid=256,subvol=/@
mountid=5947 fsname=/@/tmp/.X11-unix dir=/tmp/.X11-unix fstype=btrfs
Directory ${DOCUMENTS} resolved as Dokumente
Directory ${PICTURES} resolved as Bilder
Disable /home/mahnamahna/.local/share/Trash
Disable /home/mahnamahna/.bash_history
Disable /home/mahnamahna/.lesshst
Disable /home/mahnamahna/.viminfo
Disable /home/mahnamahna/.config/autostart
Disable /home/mahnamahna/.config/i3
Disable /etc/X11/Xsession.d
Disable /etc/xdg/autostart
Mounting read-only /home/mahnamahna/.Xauthority
5956 5861 0:55 /@home/mahnamahna/.Xauthority /home/mahnamahna/.Xauthority ro,relatime master:78 - btrfs /dev/mapper/snooths-home rw,ssd,space_cache,subvolid=256,subvol=/@home
mountid=5956 fsname=/@home/mahnamahna/.Xauthority dir=/home/mahnamahna/.Xauthority fstype=btrfs
Disable /home/mahnamahna/.local/share/gvfs-metadata
Mounting read-only /home/mahnamahna/.config/dconf
5958 5861 0:55 /@home/mahnamahna/.config/dconf /home/mahnamahna/.config/dconf ro,relatime master:78 - btrfs /dev/mapper/snooths-home rw,ssd,space_cache,subvolid=256,subvol=/@home
mountid=5958 fsname=/@home/mahnamahna/.config/dconf dir=/home/mahnamahna/.config/dconf fstype=btrfs
Disable /home/mahnamahna/.config/systemd
Disable /usr/bin/systemd-run
Disable /usr/bin/systemd-run (requested /bin/systemd-run)
Disable /run/user/1000/systemd
Disable /etc/init.d (requested /etc/init.d/)
Disable /home/mahnamahna/.config/VirtualBox
Disable /run/acpid.socket (requested /var/run/acpid.socket)
Disable /run/rpcbind.sock (requested /var/run/rpcbind.sock)
Disable /etc/anacrontab
Disable /etc/cron.d
Disable /etc/cron.daily
Disable /etc/cron.hourly
Disable /etc/cron.monthly
Disable /etc/cron.weekly
Disable /etc/crontab
Disable /etc/profile.d
Disable /etc/rc0.d
Disable /etc/rc1.d
Disable /etc/rc2.d
Disable /etc/rc3.d
Disable /etc/rc4.d
Disable /etc/rc5.d
Disable /etc/rc6.d
Disable /etc/rcS.d
Disable /etc/kernel
Disable /etc/kerneloops.conf
Disable /etc/kernel-img.conf
Disable /etc/grub.d
Disable /etc/dkms
Disable /etc/apparmor
Disable /etc/apparmor.d
Disable /etc/selinux
Disable /etc/modules-load.d
Disable /etc/modules
Disable /etc/logrotate.d
Disable /etc/logrotate.conf
Disable /etc/adduser.conf
Mounting read-only /home/mahnamahna/.bash_aliases
5996 5861 0:55 /@home/mahnamahna/.bash_aliases /home/mahnamahna/.bash_aliases ro,relatime master:78 - btrfs /dev/mapper/snooths-home rw,ssd,space_cache,subvolid=256,subvol=/@home
mountid=5996 fsname=/@home/mahnamahna/.bash_aliases dir=/home/mahnamahna/.bash_aliases fstype=btrfs
Mounting read-only /home/mahnamahna/.bash_logout
5997 5861 0:55 /@home/mahnamahna/.bash_logout /home/mahnamahna/.bash_logout ro,relatime master:78 - btrfs /dev/mapper/snooths-home rw,ssd,space_cache,subvolid=256,subvol=/@home
mountid=5997 fsname=/@home/mahnamahna/.bash_logout dir=/home/mahnamahna/.bash_logout fstype=btrfs
Mounting read-only /home/mahnamahna/.bashrc
5998 5861 0:55 /@home/mahnamahna/.bashrc /home/mahnamahna/.bashrc ro,relatime master:78 - btrfs /dev/mapper/snooths-home rw,ssd,space_cache,subvolid=256,subvol=/@home
mountid=5998 fsname=/@home/mahnamahna/.bashrc dir=/home/mahnamahna/.bashrc fstype=btrfs
Mounting read-only /home/mahnamahna/.profile
5999 5861 0:55 /@home/mahnamahna/.profile /home/mahnamahna/.profile ro,relatime master:78 - btrfs /dev/mapper/snooths-home rw,ssd,space_cache,subvolid=256,subvol=/@home
mountid=5999 fsname=/@home/mahnamahna/.profile dir=/home/mahnamahna/.profile fstype=btrfs
Disable /home/mahnamahna/.ssh/authorized_keys
Mounting read-only /home/mahnamahna/.ssh/config
6001 5861 0:55 /@home/mahnamahna/.ssh/config /home/mahnamahna/.ssh/config ro,relatime master:78 - btrfs /dev/mapper/snooths-home rw,ssd,space_cache,subvolid=256,subvol=/@home
mountid=6001 fsname=/@home/mahnamahna/.ssh/config dir=/home/mahnamahna/.ssh/config fstype=btrfs
Mounting read-only /home/mahnamahna/.vim
6002 5861 0:55 /@home/mahnamahna/.vim /home/mahnamahna/.vim ro,relatime master:78 - btrfs /dev/mapper/snooths-home rw,ssd,space_cache,subvolid=256,subvol=/@home
mountid=6002 fsname=/@home/mahnamahna/.vim dir=/home/mahnamahna/.vim fstype=btrfs
Mounting read-only /home/mahnamahna/.viminfo
6003 5951 0:25 /firejail/firejail.ro.file /home/mahnamahna/.viminfo ro,nosuid,nodev,noexec,relatime master:5 - tmpfs tmpfs rw,size=2426604k,mode=755,inode64
mountid=6003 fsname=/firejail/firejail.ro.file dir=/home/mahnamahna/.viminfo fstype=tmpfs
Mounting read-only /home/mahnamahna/bin
6004 5861 0:55 /@home/mahnamahna/bin /home/mahnamahna/bin ro,relatime master:78 - btrfs /dev/mapper/snooths-home rw,ssd,space_cache,subvolid=256,subvol=/@home
mountid=6004 fsname=/@home/mahnamahna/bin dir=/home/mahnamahna/bin fstype=btrfs
Mounting read-only /home/mahnamahna/.config/menus
6005 5861 0:55 /@home/mahnamahna/.config/menus /home/mahnamahna/.config/menus ro,relatime master:78 - btrfs /dev/mapper/snooths-home rw,ssd,space_cache,subvolid=256,subvol=/@home
mountid=6005 fsname=/@home/mahnamahna/.config/menus dir=/home/mahnamahna/.config/menus fstype=btrfs
Mounting read-only /home/mahnamahna/.local/share/applications
6006 5861 0:55 /@home/mahnamahna/.local/share/applications /home/mahnamahna/.local/share/applications ro,relatime master:78 - btrfs /dev/mapper/snooths-home rw,ssd,space_cache,subvolid=256,subvol=/@home
mountid=6006 fsname=/@home/mahnamahna/.local/share/applications dir=/home/mahnamahna/.local/share/applications fstype=btrfs
Mounting read-only /home/mahnamahna/.config/mimeapps.list
6007 5861 0:55 /@home/mahnamahna/.config/mimeapps.list /home/mahnamahna/.config/mimeapps.list ro,relatime master:78 - btrfs /dev/mapper/snooths-home rw,ssd,space_cache,subvolid=256,subvol=/@home
mountid=6007 fsname=/@home/mahnamahna/.config/mimeapps.list dir=/home/mahnamahna/.config/mimeapps.list fstype=btrfs
Mounting read-only /home/mahnamahna/.config/user-dirs.dirs
6008 5861 0:55 /@home/mahnamahna/.config/user-dirs.dirs /home/mahnamahna/.config/user-dirs.dirs ro,relatime master:78 - btrfs /dev/mapper/snooths-home rw,ssd,space_cache,subvolid=256,subvol=/@home
mountid=6008 fsname=/@home/mahnamahna/.config/user-dirs.dirs dir=/home/mahnamahna/.config/user-dirs.dirs fstype=btrfs
Mounting read-only /home/mahnamahna/.config/user-dirs.locale
6009 5861 0:55 /@home/mahnamahna/.config/user-dirs.locale /home/mahnamahna/.config/user-dirs.locale ro,relatime master:78 - btrfs /dev/mapper/snooths-home rw,ssd,space_cache,subvolid=256,subvol=/@home
mountid=6009 fsname=/@home/mahnamahna/.config/user-dirs.locale dir=/home/mahnamahna/.config/user-dirs.locale fstype=btrfs
Mounting read-only /home/mahnamahna/.local/share/mime
6010 5861 0:55 /@home/mahnamahna/.local/share/mime /home/mahnamahna/.local/share/mime ro,relatime master:78 - btrfs /dev/mapper/snooths-home rw,ssd,space_cache,subvolid=256,subvol=/@home
mountid=6010 fsname=/@home/mahnamahna/.local/share/mime dir=/home/mahnamahna/.local/share/mime fstype=btrfs
Disable /home/mahnamahna/.gnupg
Disable /home/mahnamahna/.local/share/keyrings
Disable /home/mahnamahna/.pki
Disable /home/mahnamahna/.local/share/pki
Disable /home/mahnamahna/.ssh
Disable /etc/group-
Disable /etc/gshadow
Disable /etc/gshadow-
Disable /etc/passwd-
Disable /etc/shadow
Disable /etc/shadow-
Disable /etc/ssh
Warning (blacklisting): cannot open /etc/ssh/*: Permission denied
Disable /usr/sbin (requested /sbin)
Disable /usr/local/sbin
Disable /usr/sbin
Warning (blacklisting): cannot open /usr/local/sbin/at: Permission denied
Warning (blacklisting): cannot open /usr/sbin/at: Permission denied
Warning (blacklisting): cannot open /sbin/at: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/busybox: Permission denied
Warning (blacklisting): cannot open /usr/sbin/busybox: Permission denied
Disable /usr/bin/busybox
Warning (blacklisting): cannot open /sbin/busybox: Permission denied
Disable /usr/bin/busybox (requested /bin/busybox)
Warning (blacklisting): cannot open /usr/local/sbin/chage: Permission denied
Warning (blacklisting): cannot open /usr/sbin/chage: Permission denied
Disable /usr/bin/chage
Warning (blacklisting): cannot open /sbin/chage: Permission denied
Disable /usr/bin/chage (requested /bin/chage)
Warning (blacklisting): cannot open /usr/local/sbin/chfn: Permission denied
Warning (blacklisting): cannot open /usr/sbin/chfn: Permission denied
Disable /usr/bin/chfn
Warning (blacklisting): cannot open /sbin/chfn: Permission denied
Disable /usr/bin/chfn (requested /bin/chfn)
Warning (blacklisting): cannot open /usr/local/sbin/chsh: Permission denied
Warning (blacklisting): cannot open /usr/sbin/chsh: Permission denied
Disable /usr/bin/chsh
Warning (blacklisting): cannot open /sbin/chsh: Permission denied
Disable /usr/bin/chsh (requested /bin/chsh)
Warning (blacklisting): cannot open /usr/local/sbin/crontab: Permission denied
Warning (blacklisting): cannot open /usr/sbin/crontab: Permission denied
Disable /usr/bin/crontab
Warning (blacklisting): cannot open /sbin/crontab: Permission denied
Disable /usr/bin/crontab (requested /bin/crontab)
Warning (blacklisting): cannot open /usr/local/sbin/evtest: Permission denied
Warning (blacklisting): cannot open /usr/sbin/evtest: Permission denied
Warning (blacklisting): cannot open /sbin/evtest: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/expiry: Permission denied
Warning (blacklisting): cannot open /usr/sbin/expiry: Permission denied
Disable /usr/bin/expiry
Warning (blacklisting): cannot open /sbin/expiry: Permission denied
Disable /usr/bin/expiry (requested /bin/expiry)
Warning (blacklisting): cannot open /usr/local/sbin/fusermount: Permission denied
Warning (blacklisting): cannot open /usr/sbin/fusermount: Permission denied
Disable /usr/bin/fusermount
Warning (blacklisting): cannot open /sbin/fusermount: Permission denied
Disable /usr/bin/fusermount (requested /bin/fusermount)
Warning (blacklisting): cannot open /usr/local/sbin/gksu: Permission denied
Warning (blacklisting): cannot open /usr/sbin/gksu: Permission denied
Warning (blacklisting): cannot open /sbin/gksu: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/gksudo: Permission denied
Warning (blacklisting): cannot open /usr/sbin/gksudo: Permission denied
Warning (blacklisting): cannot open /sbin/gksudo: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/gpasswd: Permission denied
Warning (blacklisting): cannot open /usr/sbin/gpasswd: Permission denied
Disable /usr/bin/gpasswd
Warning (blacklisting): cannot open /sbin/gpasswd: Permission denied
Disable /usr/bin/gpasswd (requested /bin/gpasswd)
Warning (blacklisting): cannot open /usr/local/sbin/kdesudo: Permission denied
Warning (blacklisting): cannot open /usr/sbin/kdesudo: Permission denied
Warning (blacklisting): cannot open /sbin/kdesudo: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/ksu: Permission denied
Warning (blacklisting): cannot open /usr/sbin/ksu: Permission denied
Warning (blacklisting): cannot open /sbin/ksu: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/mount: Permission denied
Warning (blacklisting): cannot open /usr/sbin/mount: Permission denied
Disable /usr/bin/mount
Warning (blacklisting): cannot open /sbin/mount: Permission denied
Disable /usr/bin/mount (requested /bin/mount)
Warning (blacklisting): cannot open /usr/local/sbin/mount.ecryptfs_private: Permission denied
Warning (blacklisting): cannot open /usr/sbin/mount.ecryptfs_private: Permission denied
Warning (blacklisting): cannot open /sbin/mount.ecryptfs_private: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/nc: Permission denied
Warning (blacklisting): cannot open /usr/sbin/nc: Permission denied
Disable /usr/bin/nc.openbsd (requested /usr/bin/nc)
Warning (blacklisting): cannot open /sbin/nc: Permission denied
Disable /usr/bin/nc.openbsd (requested /bin/nc)
Warning (blacklisting): cannot open /usr/local/sbin/ncat: Permission denied
Warning (blacklisting): cannot open /usr/sbin/ncat: Permission denied
Warning (blacklisting): cannot open /sbin/ncat: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/nmap: Permission denied
Warning (blacklisting): cannot open /usr/sbin/nmap: Permission denied
Disable /usr/bin/nmap
Warning (blacklisting): cannot open /sbin/nmap: Permission denied
Disable /usr/bin/nmap (requested /bin/nmap)
Warning (blacklisting): cannot open /usr/local/sbin/newgidmap: Permission denied
Warning (blacklisting): cannot open /usr/sbin/newgidmap: Permission denied
Warning (blacklisting): cannot open /sbin/newgidmap: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/newgrp: Permission denied
Warning (blacklisting): cannot open /usr/sbin/newgrp: Permission denied
Disable /usr/bin/newgrp
Warning (blacklisting): cannot open /sbin/newgrp: Permission denied
Disable /usr/bin/newgrp (requested /bin/newgrp)
Warning (blacklisting): cannot open /usr/local/sbin/newuidmap: Permission denied
Warning (blacklisting): cannot open /usr/sbin/newuidmap: Permission denied
Warning (blacklisting): cannot open /sbin/newuidmap: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/ntfs-3g: Permission denied
Warning (blacklisting): cannot open /usr/sbin/ntfs-3g: Permission denied
Disable /usr/bin/ntfs-3g
Warning (blacklisting): cannot open /sbin/ntfs-3g: Permission denied
Disable /usr/bin/ntfs-3g (requested /bin/ntfs-3g)
Warning (blacklisting): cannot open /usr/local/sbin/pkexec: Permission denied
Warning (blacklisting): cannot open /usr/sbin/pkexec: Permission denied
Disable /usr/bin/pkexec
Warning (blacklisting): cannot open /sbin/pkexec: Permission denied
Disable /usr/bin/pkexec (requested /bin/pkexec)
Warning (blacklisting): cannot open /usr/local/sbin/procmail: Permission denied
Warning (blacklisting): cannot open /usr/sbin/procmail: Permission denied
Warning (blacklisting): cannot open /sbin/procmail: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/sg: Permission denied
Warning (blacklisting): cannot open /usr/sbin/sg: Permission denied
Disable /usr/bin/newgrp (requested /usr/bin/sg)
Warning (blacklisting): cannot open /sbin/sg: Permission denied
Disable /usr/bin/newgrp (requested /bin/sg)
Warning (blacklisting): cannot open /usr/local/sbin/strace: Permission denied
Warning (blacklisting): cannot open /usr/sbin/strace: Permission denied
Disable /usr/bin/strace
Warning (blacklisting): cannot open /sbin/strace: Permission denied
Disable /usr/bin/strace (requested /bin/strace)
Warning (blacklisting): cannot open /usr/local/sbin/su: Permission denied
Warning (blacklisting): cannot open /usr/sbin/su: Permission denied
Disable /usr/bin/su
Warning (blacklisting): cannot open /sbin/su: Permission denied
Disable /usr/bin/su (requested /bin/su)
Warning (blacklisting): cannot open /usr/local/sbin/sudo: Permission denied
Warning (blacklisting): cannot open /usr/sbin/sudo: Permission denied
Disable /usr/bin/sudo
Warning (blacklisting): cannot open /sbin/sudo: Permission denied
Disable /usr/bin/sudo (requested /bin/sudo)
Warning (blacklisting): cannot open /usr/local/sbin/tcpdump: Permission denied
Warning (blacklisting): cannot open /usr/sbin/tcpdump: Permission denied
Warning (blacklisting): cannot open /sbin/tcpdump: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/umount: Permission denied
Warning (blacklisting): cannot open /usr/sbin/umount: Permission denied
Disable /usr/bin/umount
Warning (blacklisting): cannot open /sbin/umount: Permission denied
Disable /usr/bin/umount (requested /bin/umount)
Warning (blacklisting): cannot open /usr/local/sbin/unix_chkpwd: Permission denied
Warning (blacklisting): cannot open /usr/sbin/unix_chkpwd: Permission denied
Warning (blacklisting): cannot open /sbin/unix_chkpwd: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/xev: Permission denied
Warning (blacklisting): cannot open /usr/sbin/xev: Permission denied
Disable /usr/bin/xev
Warning (blacklisting): cannot open /sbin/xev: Permission denied
Disable /usr/bin/xev (requested /bin/xev)
Warning (blacklisting): cannot open /usr/local/sbin/xinput: Permission denied
Warning (blacklisting): cannot open /usr/sbin/xinput: Permission denied
Disable /usr/bin/xinput
Warning (blacklisting): cannot open /sbin/xinput: Permission denied
Disable /usr/bin/xinput (requested /bin/xinput)
Disable /usr/lib/virtualbox
Warning (blacklisting): cannot open /usr/local/sbin/lxterminal: Permission denied
Warning (blacklisting): cannot open /usr/sbin/lxterminal: Permission denied
Warning (blacklisting): cannot open /sbin/lxterminal: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/gnome-terminal: Permission denied
Warning (blacklisting): cannot open /usr/sbin/gnome-terminal: Permission denied
Warning (blacklisting): cannot open /sbin/gnome-terminal: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/gnome-terminal.wrapper: Permission denied
Warning (blacklisting): cannot open /usr/sbin/gnome-terminal.wrapper: Permission denied
Warning (blacklisting): cannot open /sbin/gnome-terminal.wrapper: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/lilyterm: Permission denied
Warning (blacklisting): cannot open /usr/sbin/lilyterm: Permission denied
Warning (blacklisting): cannot open /sbin/lilyterm: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/mate-terminal: Permission denied
Warning (blacklisting): cannot open /usr/sbin/mate-terminal: Permission denied
Disable /usr/bin/mate-terminal
Warning (blacklisting): cannot open /sbin/mate-terminal: Permission denied
Disable /usr/bin/mate-terminal (requested /bin/mate-terminal)
Warning (blacklisting): cannot open /usr/local/sbin/mate-terminal.wrapper: Permission denied
Warning (blacklisting): cannot open /usr/sbin/mate-terminal.wrapper: Permission denied
Disable /usr/bin/mate-terminal.wrapper
Warning (blacklisting): cannot open /sbin/mate-terminal.wrapper: Permission denied
Disable /usr/bin/mate-terminal.wrapper (requested /bin/mate-terminal.wrapper)
Warning (blacklisting): cannot open /usr/local/sbin/pantheon-terminal: Permission denied
Warning (blacklisting): cannot open /usr/sbin/pantheon-terminal: Permission denied
Warning (blacklisting): cannot open /sbin/pantheon-terminal: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/roxterm: Permission denied
Warning (blacklisting): cannot open /usr/sbin/roxterm: Permission denied
Warning (blacklisting): cannot open /sbin/roxterm: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/roxterm-config: Permission denied
Warning (blacklisting): cannot open /usr/sbin/roxterm-config: Permission denied
Warning (blacklisting): cannot open /sbin/roxterm-config: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/terminix: Permission denied
Warning (blacklisting): cannot open /usr/sbin/terminix: Permission denied
Warning (blacklisting): cannot open /sbin/terminix: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/tilix: Permission denied
Warning (blacklisting): cannot open /usr/sbin/tilix: Permission denied
Warning (blacklisting): cannot open /sbin/tilix: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/urxvtc: Permission denied
Warning (blacklisting): cannot open /usr/sbin/urxvtc: Permission denied
Warning (blacklisting): cannot open /sbin/urxvtc: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/urxvtcd: Permission denied
Warning (blacklisting): cannot open /usr/sbin/urxvtcd: Permission denied
Warning (blacklisting): cannot open /sbin/urxvtcd: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/xfce4-terminal: Permission denied
Warning (blacklisting): cannot open /usr/sbin/xfce4-terminal: Permission denied
Warning (blacklisting): cannot open /sbin/xfce4-terminal: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/xfce4-terminal.wrapper: Permission denied
Warning (blacklisting): cannot open /usr/sbin/xfce4-terminal.wrapper: Permission denied
Warning (blacklisting): cannot open /sbin/xfce4-terminal.wrapper: Permission denied
Warning (blacklisting): cannot access /run/user/1000/doc: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/bwrap: Permission denied
Warning (blacklisting): cannot open /usr/sbin/bwrap: Permission denied
Disable /usr/bin/bwrap
Warning (blacklisting): cannot open /sbin/bwrap: Permission denied
Disable /usr/bin/bwrap (requested /bin/bwrap)
Warning (blacklisting): cannot open /usr/local/sbin/dig: Permission denied
Warning (blacklisting): cannot open /usr/sbin/dig: Permission denied
Disable /usr/bin/dig
Warning (blacklisting): cannot open /sbin/dig: Permission denied
Disable /usr/bin/dig (requested /bin/dig)
Warning (blacklisting): cannot open /usr/local/sbin/dlint: Permission denied
Warning (blacklisting): cannot open /usr/sbin/dlint: Permission denied
Warning (blacklisting): cannot open /sbin/dlint: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/dns2tcp: Permission denied
Warning (blacklisting): cannot open /usr/sbin/dns2tcp: Permission denied
Warning (blacklisting): cannot open /sbin/dns2tcp: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/dnssec-*: Permission denied
Warning (blacklisting): cannot open /usr/sbin/dnssec-*: Permission denied
Warning (blacklisting): cannot open /sbin/dnssec-*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/dnswalk: Permission denied
Warning (blacklisting): cannot open /usr/sbin/dnswalk: Permission denied
Warning (blacklisting): cannot open /sbin/dnswalk: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/drill: Permission denied
Warning (blacklisting): cannot open /usr/sbin/drill: Permission denied
Warning (blacklisting): cannot open /sbin/drill: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/host: Permission denied
Warning (blacklisting): cannot open /usr/sbin/host: Permission denied
Disable /usr/bin/host
Warning (blacklisting): cannot open /sbin/host: Permission denied
Disable /usr/bin/host (requested /bin/host)
Warning (blacklisting): cannot open /usr/local/sbin/iodine: Permission denied
Warning (blacklisting): cannot open /usr/sbin/iodine: Permission denied
Warning (blacklisting): cannot open /sbin/iodine: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/kdig: Permission denied
Warning (blacklisting): cannot open /usr/sbin/kdig: Permission denied
Warning (blacklisting): cannot open /sbin/kdig: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/khost: Permission denied
Warning (blacklisting): cannot open /usr/sbin/khost: Permission denied
Warning (blacklisting): cannot open /sbin/khost: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/knsupdate: Permission denied
Warning (blacklisting): cannot open /usr/sbin/knsupdate: Permission denied
Warning (blacklisting): cannot open /sbin/knsupdate: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/ldns-*: Permission denied
Warning (blacklisting): cannot open /usr/sbin/ldns-*: Permission denied
Warning (blacklisting): cannot open /sbin/ldns-*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/ldnsd: Permission denied
Warning (blacklisting): cannot open /usr/sbin/ldnsd: Permission denied
Warning (blacklisting): cannot open /sbin/ldnsd: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/nslookup: Permission denied
Warning (blacklisting): cannot open /usr/sbin/nslookup: Permission denied
Disable /usr/bin/nslookup
Warning (blacklisting): cannot open /sbin/nslookup: Permission denied
Disable /usr/bin/nslookup (requested /bin/nslookup)
Warning (blacklisting): cannot open /usr/local/sbin/resolvectl: Permission denied
Warning (blackWarning: not remounting /run/user/1000/gvfs
Warning: not remounting /run/user/1000/doc
listing): cannot open /usr/sbin/resolvectl: Permission denied
Disable /usr/bin/resolvectl
Warning (blacklisting): cannot open /sbin/resolvectl: Permission denied
Disable /usr/bin/resolvectl (requested /bin/resolvectl)
Warning (blacklisting): cannot open /usr/local/sbin/unbound-host: Permission denied
Warning (blacklisting): cannot open /usr/sbin/unbound-host: Permission denied
Warning (blacklisting): cannot open /sbin/unbound-host: Permission denied
Disable /run/user/1000/pipewire-0.lock
Disable /run/user/1000/pk-debconf-socket
Disable /run/user/1000/update-notifier.pid
Mounting noexec /run/user/1000
6095 6086 0:25 /firejail/firejail.ro.file /run/user/1000/update-notifier.pid rw,nosuid,nodev,noexec,relatime master:5 - tmpfs tmpfs rw,size=2426604k,mode=755,inode64
mountid=6095 fsname=/firejail/firejail.ro.file dir=/run/user/1000/update-notifier.pid fstype=tmpfs
Mounting noexec /dev/shm
6096 5886 0:207 /shm /dev/shm rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64
mountid=6096 fsname=/shm dir=/dev/shm fstype=tmpfs
Mounting noexec /tmp
6098 6097 0:28 /@/tmp/.X11-unix /tmp/.X11-unix rw,relatime master:1 - btrfs /dev/mapper/snooths-root rw,ssd,space_cache,subvolid=256,subvol=/@
mountid=6098 fsname=/@/tmp/.X11-unix dir=/tmp/.X11-unix fstype=btrfs
Mounting noexec /tmp/.X11-unix
6099 6098 0:28 /@/tmp/.X11-unix /tmp/.X11-unix rw,nosuid,nodev,noexec,relatime master:1 - btrfs /dev/mapper/snooths-root rw,ssd,space_cache,subvolid=256,subvol=/@
mountid=6099 fsname=/@/tmp/.X11-unix dir=/tmp/.X11-unix fstype=btrfs
Warning (blacklisting): cannot open /usr/local/sbin/clang*: Permission denied
Warning (blacklisting): cannot open /usr/sbin/clang*: Permission denied
Warning (blacklisting): cannot open /sbin/clang*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/lldb*: Permission denied
Warning (blacklisting): cannot open /usr/sbin/lldb*: Permission denied
Warning (blacklisting): cannot open /sbin/lldb*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/llvm*: Permission denied
Warning (blacklisting): cannot open /usr/sbin/llvm*: Permission denied
Warning (blacklisting): cannot open /sbin/llvm*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/as: Permission denied
Warning (blacklisting): cannot open /usr/sbin/as: Permission denied
Disable /usr/bin/x86_64-linux-gnu-as (requested /usr/bin/as)
Warning (blacklisting): cannot open /sbin/as: Permission denied
Disable /usr/bin/x86_64-linux-gnu-as (requested /bin/as)
Warning (blacklisting): cannot open /usr/local/sbin/cc: Permission denied
Warning (blacklisting): cannot open /usr/sbin/cc: Permission denied
Disable /usr/bin/x86_64-linux-gnu-gcc-10 (requested /usr/bin/cc)
Warning (blacklisting): cannot open /sbin/cc: Permission denied
Disable /usr/bin/x86_64-linux-gnu-gcc-10 (requested /bin/cc)
Warning (blacklisting): cannot open /usr/local/sbin/c++*: Permission denied
Warning (blacklisting): cannot open /usr/sbin/c++*: Permission denied
Disable /usr/bin/x86_64-linux-gnu-g++-10 (requested /usr/bin/c++)
Disable /usr/bin/x86_64-linux-gnu-c++filt (requested /usr/bin/c++filt)
Warning (blacklisting): cannot open /sbin/c++*: Permission denied
Disable /usr/bin/x86_64-linux-gnu-g++-10 (requested /bin/c++)
Disable /usr/bin/x86_64-linux-gnu-c++filt (requested /bin/c++filt)
Warning (blacklisting): cannot open /usr/local/sbin/c8*: Permission denied
Warning (blacklisting): cannot open /usr/sbin/c8*: Permission denied
Disable /usr/bin/c89-gcc (requested /usr/bin/c89)
Disable /usr/bin/c89-gcc
Warning (blacklisting): cannot open /sbin/c8*: Permission denied
Disable /usr/bin/c89-gcc (requested /bin/c89)
Disable /usr/bin/c89-gcc (requested /bin/c89-gcc)
Warning (blacklisting): cannot open /usr/local/sbin/c9*: Permission denied
Warning (blacklisting): cannot open /usr/sbin/c9*: Permission denied
Disable /usr/bin/c99-gcc (requested /usr/bin/c99)
Disable /usr/bin/c99-gcc
Warning (blacklisting): cannot open /sbin/c9*: Permission denied
Disable /usr/bin/c99-gcc (requested /bin/c99)
Disable /usr/bin/c99-gcc (requested /bin/c99-gcc)
Warning (blacklisting): cannot open /usr/local/sbin/cpp*: Permission denied
Warning (blacklisting): cannot open /usr/sbin/cpp*: Permission denied
Disable /usr/bin/x86_64-linux-gnu-cpp-10 (requested /usr/bin/cpp-10)
Disable /usr/bin/x86_64-linux-gnu-cpp-10 (requested /usr/bin/cpp)
Disable /usr/bin/x86_64-linux-gnu-cpp-9 (requested /usr/bin/cpp-9)
Warning (blacklisting): cannot open /sbin/cpp*: Permission denied
Disable /usr/bin/x86_64-linux-gnu-cpp-10 (requested /bin/cpp-10)
Disable /usr/bin/x86_64-linux-gnu-cpp-10 (requested /bin/cpp)
Disable /usr/bin/x86_64-linux-gnu-cpp-9 (requested /bin/cpp-9)
Warning (blacklisting): cannot open /usr/local/sbin/g++*: Permission denied
Warning (blacklisting): cannot open /usr/sbin/g++*: Permission denied
Disable /usr/bin/x86_64-linux-gnu-g++-10 (requested /usr/bin/g++-10)
Disable /usr/bin/x86_64-linux-gnu-g++-10 (requested /usr/bin/g++)
Warning (blacklisting): cannot open /sbin/g++*: Permission denied
Disable /usr/bin/x86_64-linux-gnu-g++-10 (requested /bin/g++-10)
Disable /usr/bin/x86_64-linux-gnu-g++-10 (requested /bin/g++)
Warning (blacklisting): cannot open /usr/local/sbin/gcc*: Permission denied
Warning (blacklisting): cannot open /usr/sbin/gcc*: Permission denied
Disable /usr/bin/x86_64-linux-gnu-gcc-10 (requested /usr/bin/gcc-10)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-10 (requested /usr/bin/gcc-ar-10)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-10 (requested /usr/bin/gcc-nm-10)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-10 (requested /usr/bin/gcc-ranlib-10)
Disable /usr/bin/x86_64-linux-gnu-gcc-10 (requested /usr/bin/gcc)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-10 (requested /usr/bin/gcc-ar)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-10 (requested /usr/bin/gcc-nm)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-10 (requested /usr/bin/gcc-ranlib)
Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /usr/bin/gcc-9)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9 (requested /usr/bin/gcc-ar-9)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9 (requested /usr/bin/gcc-nm-9)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9 (requested /usr/bin/gcc-ranlib-9)
Warning (blacklisting): cannot open /sbin/gcc*: Permission denied
Disable /usr/bin/x86_64-linux-gnu-gcc-10 (requested /bin/gcc-10)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-10 (requested /bin/gcc-ar-10)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-10 (requested /bin/gcc-nm-10)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-10 (requested /bin/gcc-ranlib-10)
Disable /usr/bin/x86_64-linux-gnu-gcc-10 (requested /bin/gcc)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-10 (requested /bin/gcc-ar)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-10 (requested /bin/gcc-nm)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-10 (requested /bin/gcc-ranlib)
Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /bin/gcc-9)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9 (requested /bin/gcc-ar-9)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9 (requested /bin/gcc-nm-9)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9 (requested /bin/gcc-ranlib-9)
Warning (blacklisting): cannot open /usr/local/sbin/gdb: Permission denied
Warning (blacklisting): cannot open /usr/sbin/gdb: Permission denied
Disable /usr/bin/gdb
Warning (blacklisting): cannot open /sbin/gdb: Permission denied
Disable /usr/bin/gdb (requested /bin/gdb)
Warning (blacklisting): cannot open /usr/local/sbin/ld: Permission denied
Warning (blacklisting): cannot open /usr/sbin/ld: Permission denied
Disable /usr/bin/x86_64-linux-gnu-ld.bfd (requested /usr/bin/ld)
Warning (blacklisting): cannot open /sbin/ld: Permission denied
Disable /usr/bin/x86_64-linux-gnu-ld.bfd (requested /bin/ld)
Warning (blacklisting): cannot open /usr/local/sbin/*-gcc*: Permission denied
Warning (blacklisting): cannot open /usr/sbin/*-gcc*: Permission denied
Disable /usr/bin/x86_64-linux-gnu-gcc-10
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-10
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-10
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-10
Disable /usr/bin/c89-gcc
Disable /usr/bin/c99-gcc
Disable /usr/bin/x86_64-linux-gnu-gcc-10 (requested /usr/bin/x86_64-linux-gnu-gcc)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-10 (requested /usr/bin/x86_64-linux-gnu-gcc-ar)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-10 (requested /usr/bin/x86_64-linux-gnu-gcc-nm)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-10 (requested /usr/bin/x86_64-linux-gnu-gcc-ranlib)
Disable /usr/bin/x86_64-linux-gnu-gcc-9
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9
Warning (blacklisting): cannot open /sbin/*-gcc*: Permission denied
Disable /usr/bin/x86_64-linux-gnu-gcc-10 (requested /bin/x86_64-linux-gnu-gcc-10)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-10 (requested /bin/x86_64-linux-gnu-gcc-ar-10)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-10 (requested /bin/x86_64-linux-gnu-gcc-nm-10)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-10 (requested /bin/x86_64-linux-gnu-gcc-ranlib-10)
Disable /usr/bin/c89-gcc (requested /bin/c89-gcc)
Disable /usr/bin/c99-gcc (requested /bin/c99-gcc)
Disable /usr/bin/x86_64-linux-gnu-gcc-10 (requested /bin/x86_64-linux-gnu-gcc)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-10 (requested /bin/x86_64-linux-gnu-gcc-ar)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-10 (requested /bin/x86_64-linux-gnu-gcc-nm)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-10 (requested /bin/x86_64-linux-gnu-gcc-ranlib)
Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /bin/x86_64-linux-gnu-gcc-9)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9 (requested /bin/x86_64-linux-gnu-gcc-ar-9)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9 (requested /bin/x86_64-linux-gnu-gcc-nm-9)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9 (requested /bin/x86_64-linux-gnu-gcc-ranlib-9)
Warning (blacklisting): cannot open /usr/local/sbin/*-g++*: Permission denied
Warning (blacklisting): cannot open /usr/sbin/*-g++*: Permission denied
Disable /usr/bin/x86_64-linux-gnu-g++-10
Disable /usr/bin/x86_64-linux-gnu-g++-10 (requested /usr/bin/x86_64-linux-gnu-g++)
Warning (blacklisting): cannot open /sbin/*-g++*: Permission denied
Disable /usr/bin/x86_64-linux-gnu-g++-10 (requested /bin/x86_64-linux-gnu-g++-10)
Disable /usr/bin/x86_64-linux-gnu-g++-10 (requested /bin/x86_64-linux-gnu-g++)
Warning (blacklisting): cannot open /usr/local/sbin/*-gcc*: Permission denied
Warning (blacklisting): cannot open /usr/sbin/*-gcc*: Permission denied
Disable /usr/bin/x86_64-linux-gnu-gcc-10
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-10
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-10
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-10
Disable /usr/bin/c89-gcc
Disable /usr/bin/c99-gcc
Disable /usr/bin/x86_64-linux-gnu-gcc-10 (requested /usr/bin/x86_64-linux-gnu-gcc)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-10 (requested /usr/bin/x86_64-linux-gnu-gcc-ar)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-10 (requested /usr/bin/x86_64-linux-gnu-gcc-nm)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-10 (requested /usr/bin/x86_64-linux-gnu-gcc-ranlib)
Disable /usr/bin/x86_64-linux-gnu-gcc-9
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9
Warning (blacklisting): cannot open /sbin/*-gcc*: Permission denied
Disable /usr/bin/x86_64-linux-gnu-gcc-10 (requested /bin/x86_64-linux-gnu-gcc-10)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-10 (requested /bin/x86_64-linux-gnu-gcc-ar-10)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-10 (requested /bin/x86_64-linux-gnu-gcc-nm-10)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-10 (requested /bin/x86_64-linux-gnu-gcc-ranlib-10)
Disable /usr/bin/c89-gcc (requested /bin/c89-gcc)
Disable /usr/bin/c99-gcc (requested /bin/c99-gcc)
Disable /usr/bin/x86_64-linux-gnu-gcc-10 (requested /bin/x86_64-linux-gnu-gcc)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-10 (requested /bin/x86_64-linux-gnu-gcc-ar)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-10 (requested /bin/x86_64-linux-gnu-gcc-nm)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-10 (requested /bin/x86_64-linux-gnu-gcc-ranlib)
Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /bin/x86_64-linux-gnu-gcc-9)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9 (requested /bin/x86_64-linux-gnu-gcc-ar-9)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9 (requested /bin/x86_64-linux-gnu-gcc-nm-9)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9 (requested /bin/x86_64-linux-gnu-gcc-ranlib-9)
Warning (blacklisting): cannot open /usr/local/sbin/*-g++*: Permission denied
Warning (blacklisting): cannot open /usr/sbin/*-g++*: Permission denied
Disable /usr/bin/x86_64-linux-gnu-g++-10
Disable /usr/bin/x86_64-linux-gnu-g++-10 (requested /usr/bin/x86_64-linux-gnu-g++)
Warning (blacklisting): cannot open /sbin/*-g++*: Permission denied
Disable /usr/bin/x86_64-linux-gnu-g++-10 (requested /bin/x86_64-linux-gnu-g++-10)
Disable /usr/bin/x86_64-linux-gnu-g++-10 (requested /bin/x86_64-linux-gnu-g++)
Warning (blacklisting): cannot open /usr/local/sbin/gccgo: Permission denied
Warning (blacklisting): cannot open /usr/sbin/gccgo: Permission denied
Warning (blacklisting): cannot open /sbin/gccgo: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/go: Permission denied
Warning (blacklisting): cannot open /usr/sbin/go: Permission denied
Warning (blacklisting): cannot open /sbin/go: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/gofmt: Permission denied
Warning (blacklisting): cannot open /usr/sbin/gofmt: Permission denied
Warning (blacklisting): cannot open /sbin/gofmt: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/java: Permission denied
Warning (blacklisting): cannot open /usr/sbin/java: Permission denied
Disable /usr/lib/jvm/java-11-openjdk-amd64/bin/java (requested /usr/bin/java)
Warning (blacklisting): cannot open /sbin/java: Permission denied
Disable /usr/lib/jvm/java-11-openjdk-amd64/bin/java (requested /bin/java)
Warning (blacklisting): cannot open /usr/local/sbin/javac: Permission denied
Warning (blacklisting): cannot open /usr/sbin/javac: Permission denied
Warning (blacklisting): cannot open /sbin/javac: Permission denied
Disable /etc/java
Disable /usr/lib/java
Warning (blacklisting): cannot open /usr/local/sbin/openssl: Permission denied
Warning (blacklisting): cannot open /usr/sbin/openssl: Permission denied
Disable /usr/bin/openssl
Warning (blacklisting): cannot open /sbin/openssl: Permission denied
Disable /usr/bin/openssl (requested /bin/openssl)
Warning (blacklisting): cannot open /usr/local/sbin/openssl-1.0: Permission denied
Warning (blacklisting): cannot open /usr/sbin/openssl-1.0: Permission denied
Warning (blacklisting): cannot open /sbin/openssl-1.0: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/rust-gdb: Permission denied
Warning (blacklisting): cannot open /usr/sbin/rust-gdb: Permission denied
Warning (blacklisting): cannot open /sbin/rust-gdb: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/rust-lldb: Permission denied
Warning (blacklisting): cannot open /usr/sbin/rust-lldb: Permission denied
Warning (blacklisting): cannot open /sbin/rust-lldb: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/rustc: Permission denied
Warning (blacklisting): cannot open /usr/sbin/rustc: Permission denied
Warning (blacklisting): cannot open /sbin/rustc: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/tcc: Permission denied
Warning (blacklisting): cannot open /usr/sbin/tcc: Permission denied
Warning (blacklisting): cannot open /sbin/tcc: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/x86_64-tcc: Permission denied
Warning (blacklisting): cannot open /usr/sbin/x86_64-tcc: Permission denied
Warning (blacklisting): cannot open /sbin/x86_64-tcc: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/valgrind*: Permission denied
Warning (blacklisting): cannot open /usr/sbin/valgrind*: Permission denied
Warning (blacklisting): cannot open /sbin/valgrind*: Permission denied
Disable /usr/lib/valgrind
Disable /usr/src
Disable /usr/local/src
Disable /usr/include
Disable /usr/local/include
Disable /home/mahnamahna/.config/KeePass
Disable /home/mahnamahna/.config/keepassxc
Disable /home/mahnamahna/.local/share/KeePass
Disable /home/mahnamahna/Nextcloud
Warning (blacklisting): cannot open /home/mahnamahna/Nextcloud/Notes: Permission denied
Disable /home/mahnamahna/.FBReader
Disable /home/mahnamahna/.android
Disable /home/mahnamahna/.anydesk
Disable /home/mahnamahna/.audacity-data
Disable /home/mahnamahna/.config/Code Industry
Disable /home/mahnamahna/.config/Dharkael
Disable /home/mahnamahna/.config/Element
Disable /home/mahnamahna/.config/Element (Riot)
Disable /home/mahnamahna/.config/Epic
Not blacklist /home/mahnamahna/.config/GIMP
Disable /home/mahnamahna/.config/Google
Disable /home/mahnamahna/.config/Nextcloud
Disable /home/mahnamahna/.config/Riot
Disable /home/mahnamahna/.config/Signal
Disable /home/mahnamahna/.config/Unknown Organization
Disable /home/mahnamahna/.config/VirtualBox
Disable /home/mahnamahna/.config/atril
Disable /home/mahnamahna/.config/caja
Disable /home/mahnamahna/.config/calibre
Disable /home/mahnamahna/.config/chromium
Disable /home/mahnamahna/.config/enchant
Disable /home/mahnamahna/.config/evolution
Disable /home/mahnamahna/.config/flameshot
Disable /home/mahnamahna/.config/geany
Disable /home/mahnamahna/.config/gnote
Disable /home/mahnamahna/.config/google-chrome
Disable /home/mahnamahna/.config/guvcview2
Disable /home/mahnamahna/.config/homebank
Disable /home/mahnamahna/.config/libreoffice
Disable /home/mahnamahna/.config/mate/eom
Disable /home/mahnamahna/.config/Microsoft
Disable /home/mahnamahna/.config/pluma
Disable /home/mahnamahna/.config/remmina
Disable /home/mahnamahna/.config/smplayer
Disable /home/mahnamahna/.config/teams
Disable /home/mahnamahna/.config/transgui
Disable /home/mahnamahna/.config/vlc
Disable /home/mahnamahna/.config/yelp
Disable /home/mahnamahna/.config/zoomus.conf
Not blacklist /home/mahnamahna/.gimp*
Disable /home/mahnamahna/.googleearth
Disable /home/mahnamahna/.java
Disable /home/mahnamahna/.killingfloor
Disable /home/mahnamahna/.local/share/3909/PapersPlease
Disable /home/mahnamahna/.local/share/Nextcloud
Disable /home/mahnamahna/.steam (requested /home/mahnamahna/.local/share/Steam)
Disable /home/mahnamahna/.local/share/SuperHexagon
Disable /home/mahnamahna/.local/share/TelegramDesktop
Disable /home/mahnamahna/.local/share/Terraria
Disable /home/mahnamahna/.local/share/aspyr-media
Disable /home/mahnamahna/.local/share/bohemiainteractive
Disable /home/mahnamahna/.local/share/cdprojektred
Disable /home/mahnamahna/.local/share/evolution
Disable /home/mahnamahna/.local/share/FasterThanLight
Disable /home/mahnamahna/.local/share/feral-interactive
Disable /home/mahnamahna/.local/share/gnote
Disable /home/mahnamahna/.local/share/IntoTheBreach
Disable /home/mahnamahna/.local/share/Paradox Interactive
Disable /home/mahnamahna/.local/share/remmina
Disable /home/mahnamahna/.local/share/vlc
Disable /home/mahnamahna/.local/share/vpltd
Disable /home/mahnamahna/.local/share/vulkan
Disable /home/mahnamahna/.mbwarband
Disable /home/mahnamahna/.mozilla
Disable /home/mahnamahna/.mplayer
Disable /home/mahnamahna/.paradoxinteractive
Disable /home/mahnamahna/.remmina
Disable /home/mahnamahna/.steam
Warning (blacklisting): cannot open /home/mahnamahna/.steampath: Permission denied
Warning (blacklisting): cannot open /home/mahnamahna/.steampid: Permission denied
Disable /home/mahnamahna/.vim
Disable /home/mahnamahna/.vmware
Disable /home/mahnamahna/.wget-hsts
Disable /home/mahnamahna/.wine
Disable /home/mahnamahna/.zoom
Disable /home/mahnamahna/.cache/atril
Not blacklist /home/mahnamahna/.cache/babl
Disable /home/mahnamahna/.cache/calibre
Disable /home/mahnamahna/.cache/chromium
Disable /home/mahnamahna/.cache/evolution
Not blacklist /home/mahnamahna/.cache/gegl-0.4
Not blacklist /home/mahnamahna/.cache/gimp
Disable /home/mahnamahna/.cache/keepassxc
Disable /home/mahnamahna/.cache/mozilla
Disable /home/mahnamahna/.cache/vlc
Disable /home/mahnamahna/.cache/vmware
Directory ${DOCUMENTS} resolved as Dokumente
Not blacklist /home/mahnamahna/Dokumente
Directory ${MUSIC} resolved as Videos
Disable /home/mahnamahna/Videos
Directory ${PICTURES} resolved as Bilder
Not blacklist /home/mahnamahna/Bilder
Directory ${VIDEOS} resolved as Videos
Disable /home/mahnamahna/Videos
Mounting read-only /tmp/.X11-unix
6314 6099 0:28 /@/tmp/.X11-unix /tmp/.X11-unix ro,nosuid,nodev,noexec,relatime master:1 - btrfs /dev/mapper/snooths-root rw,ssd,space_cache,subvolid=256,subvol=/@
mountid=6314 fsnameDISPLAY=:0 parsed as 0
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 04 00 c000003e   jeq ARCH_64 0006 (false 0002)
 0002: 20 00 00 00000000   ld  data.syscall-number
 0003: 15 01 00 00000167   jeq unknown 0005 (false 0004)
 0004: 06 00 00 7fff0000   ret ALLOW
 0005: 05 00 00 00000006   jmp 000c
 0006: 20 00 00 00000004   ld  data.architecture
 0007: 15 01 00 c000003e   jeq ARCH_64 0009 (false 0008)
 0008: 06 00 00 7fff0000   ret ALLOW
 0009: 20 00 00 00000000   ld  data.syscall-number
 000a: 15 01 00 00000029   jeq socket 000c (false 000b)
 000b: 06 00 00 7fff0000   ret ALLOW
 000c: 20 00 00 00000010   ld  data.args[0]
 000d: 15 00 01 00000001   jeq 1 000e (false 000f)
 000e: 06 00 00 7fff0000   ret ALLOW
 000f: 06 00 00 0005005f   ret ERRNO(95)
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 40000003   jeq ARCH_32 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 15 30 00 00000015   jeq 15 0035 (false 0005)
 0005: 15 2f 00 00000034   jeq 34 0035 (false 0006)
 0006: 15 2e 00 0000001a   jeq 1a 0035 (false 0007)
 0007: 15 2d 00 0000011b   jeq 11b 0035 (false 0008)
 0008: 15 2c 00 00000155   jeq 155 0035 (false 0009)
 0009: 15 2b 00 00000156   jeq 156 0035 (false 000a)
 000a: 15 2a 00 0000007f   jeq 7f 0035 (false 000b)
 000b: 15 29 00 00000080   jeq 80 0035 (false 000c)
 000c: 15 28 00 0000015e   jeq 15e 0035 (false 000d)
 000d: 15 27 00 00000081   jeq 81 0035 (false 000e)
 000e: 15 26 00 0000006e   jeq 6e 0035 (false 000f)
 000f: 15 25 00 00000065   jeq 65 0035 (false 0010)
 0010: 15 24 00 00000121   jeq 121 0035 (false 0011)
 0011: 15 23 00 00000057   jeq 57 0035 (false 0012)
 0012: 15 22 00 00000073   jeq 73 0035 (false 0013)
 0013: 15 21 00 00000067   jeq 67 0035 (false 0014)
 0014: 15 20 00 0000015b   jeq 15b 0035 (false 0015)
 0015: 15 1f 00 0000015c   jeq 15c 0035 (false 0016)
 0016: 15 1e 00 00000087   jeq 87 0035 (false 0017)
 0017: 15 1d 00 00000095   jeq 95 0035 (false 0018)
 0018: 15 1c 00 0000007c   jeq 7c 0035 (false 0019)
 0019: 15 1b 00 00000157   jeq 157 0035 (false 001a)
 001a: 15 1a 00 000000fd   jeq fd 0035 (false 001b)
 001b: 15 19 00 00000150   jeq 150 0035 (false 001c)
 001c: 15 18 00 00000152   jeq 152 0035 (false 001d)
 001d: 15 17 00 0000015d   jeq 15d 0035 (false 001e)
 001e: 15 16 00 0000011e   jeq 11e 0035 (false 001f)
 001f: 15 15 00 0000011f   jeq 11f 0035 (false 0020)
 0020: 15 14 00 00000120   jeq 120 0035 (false 0021)
 0021: 15 13 00 00000056   jeq 56 0035 (false 0022)
 0022: 15 12 00 00000033   jeq 33 0035 (false 0023)
 0023: 15 11 00 0000007b   jeq 7b 0035 (false 0024)
 0024: 15 10 00 000000d9   jeq d9 0035 (false 0025)
 0025: 15 0f 00 000000f5   jeq f5 0035 (false 0026)
 0026: 15 0e 00 000000f6   jeq f6 0035 (false 0027)
 0027: 15 0d 00 000000f7   jeq f7 0035 (false 0028)
 0028: 15 0c 00 000000f8   jeq f8 0035 (false 0029)
 0029: 15 0b 00 000000f9   jeq f9 0035 (false 002a)
 002a: 15 0a 00 00000101   jeq 101 0035 (false 002b)
 002b: 15 09 00 00000112   jeq 112 0035 (false 002c)
 002c: 15 08 00 00000114   jeq 114 0035 (false 002d)
 002d: 15 07 00 00000126   jeq 126 0035 (false 002e)
 002e: 15 06 00 0000013d   jeq 13d 0035 (false 002f)
 002f: 15 05 00 0000013c   jeq 13c 0035 (false 0030)
 0030: 15 04 00 0000003d   jeq 3d 0035 (false 0031)
 0031: 15 03 00 00000058   jeq 58 0035 (false 0032)
 0032: 15 02 00 000000a9   jeq a9 0035 (false 0033)
 0033: 15 01 00 00000082   jeq 82 0035 (false 0034)
 0034: 06 00 00 7fff0000   ret ALLOW
 0035: 06 00 00 00050001   ret ERRNO(1)
Seccomp list in: !mbind, check list: @default-keep, prelist: unknown,
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 35 01 00 40000000   jge X32_ABI 0006 (false 0005)
 0005: 35 01 00 00000000   jge read 0007 (false 0006)
 0006: 06 00 00 00050001   ret ERRNO(1)
 0007: 15 00 01 000000ed   jeq mbind 0008 (false 0009)
 0008: 06 00 00 7fff0000   ret ALLOW
 0009: 15 3e 00 0000009f   jeq adjtimex 0048 (false 000a)
 000a: 15 3d 00 00000131   jeq clock_adjtime 0048 (false 000b)
 000b: 15 3c 00 000000e3   jeq clock_settime 0048 (false 000c)
 000c: 15 3b 00 000000a4   jeq settimeofday 0048 (false 000d)
 000d: 15 3a 00 0000009a   jeq modify_ldt 0048 (false 000e)
 000e: 15 39 00 000000d4   jeq lookup_dcookie 0048 (false 000f)
 000f: 15 38 00 0000012a   jeq perf_event_open 0048 (false 0010)
 0010: 15 37 00 00000137   jeq process_vm_writev 0048 (false 0011)
 0011: 15 36 00 000000b0   jeq delete_module 0048 (false 0012)
 0012: 15 35 00 00000139   jeq finit_module 0048 (false 0013)
 0013: 15 34 00 000000af   jeq init_module 0048 (false 0014)
 0014: 15 33 00 000000a1   jeq chroot 0048 (false 0015)
 0015: 15 32 00 000000a5   jeq mount 0048 (false 0016)
 0016: 15 31 00 0000009b   jeq pivot_root 0048 (false 0017)
 0017: 15 30 00 000000a6   jeq umount2 0048 (false 0018)
 0018: 15 2f 00 0000009c   jeq _sysctl 0048 (false 0019)
 0019: 15 2e 00 000000b7   jeq afs_syscall 0048 (false 001a)
 001a: 15 2d 00 000000ae   jeq create_module 0048 (false 001b)
 001b: 15 2c 00 000000b1   jeq get_kernel_syms 0048 (false 001c)
 001c: 15 2b 00 000000b5   jeq getpmsg 0048 (false 001d)
 001d: 15 2a 00 000000b6   jeq putpmsg 0048 (false 001e)
 001e: 15 29 00 000000b2   jeq query_module 0048 (false 001f)
 001f: 15 28 00 000000b9   jeq security 0048 (false 0020)
 0020: 15 27 00 0000008b   jeq sysfs 0048 (false 0021)
 0021: 15 26 00 000000b8   jeq tuxcall 0048 (false 0022)
 0022: 15 25 00 00000086   jeq uselib 0048 (false 0023)
 0023: 15 24 00 00000088   jeq ustat 0048 (false 0024)
 0024: 15 23 00 000000ec   jeq vserver 0048 (false 0025)
 0025: 15 22 00 000000ad   jeq ioperm 0048 (false 0026)
 0026: 15 21 00 000000ac   jeq iopl 0048 (false 0027)
 0027: 15 20 00 000000f6   jeq kexec_load 0048 (false 0028)
 0028: 15 1f 00 00000140   jeq kexec_file_load 0048 (false 0029)
 0029: 15 1e 00 000000a9   jeq reboot 0048 (false 002a)
 002a: 15 1d 00 000000a7   jeq swapon 0048 (false 002b)
 002b: 15 1c 00 000000a8   jeq swapoff 0048 (false 002c)
 002c: 15 1b 00 00000130   jeq open_by_handle_at 0048 (false 002d)
 002d: 15 1a 00 0000012f   jeq name_to_handle_at 0048 (false 002e)
 002e: 15 19 00 000000fb   jeq ioprio_set 0048 (false 002f)
 002f: 15 18 00 00000067   jeq syslog 0048 (false 0030)
 0030: 15 17 00 0000012c   jeq fanotify_init 0048 (false 0031)
 0031: 15 16 00 000000f8   jeq add_key 0048 (false 0032)
 0032: 15 15 00 000000f9   jeq request_key 0048 (false 0033)
 0033: 15 14 00 000000ed   jeq mbind 0048 (false 0034)
 0034: 15 13 00 00000100   jeq migrate_pages 0048 (false 0035)
 0035: 15 12 00 00000117   jeq move_pages 0048 (false 0036)
 0036: 15 11 00 000000fa   jeq keyctl 0048 (false 0037)
 0037: 15 10 00 000000ce   jeq io_setup 0048 (false 0038)
 0038: 15 0f 00 000000cf   jeq io_destroy 0048 (false 0039)
 0039: 15 0e 00 000000d0   jeq io_getevents 0048 (false 003a)
 003a: 15 0d 00 000000d1   jeq io_submit 0048 (false 003b)
 003b: 15 0c 00 000000d2   jeq io_cancel 0048 (false 003c)
 003c: 15 0b 00 000000d8   jeq remap_file_pages 0048 (false 003d)
 003d: 15 0a 00 00000143   jeq userfaultfd 0048 (false 003e)
 003e: 15 09 00 000000a3   jeq acct 0048 (false 003f)
 003f: 15 08 00 00000141   jeq bpf 0048 (false 0040)
 0040: 15 07 00 000000b4   jeq nfsservctl 0048 (false 0041)
 0041: 15 06 00 000000ab   jeq setdomainname 0048 (false 0042)
 0042: 15 05 00 000000aa   jeq sethostname 0048 (false 0043)
 0043: 15 04 00 00000099   jeq vhangup 0048 (false 0044)
 0044: 15 03 00 00000065   jeq ptrace 0048 (false 0045)
 0045: 15 02 00 00000087   jeq personality 0048 (false 0046)
 0046: 15 01 00 00000136   jeq process_vm_readv 0048 (false 0047)
 0047: 06 00 00 7fff0000   ret ALLOW
 0048: 06 00 00 00050001   ret ERRNO(1)
=/@/tmp/.X11-unix dir=/tmp/.X11-unix fstype=btrfs
Disable /sys/fs
Disable /sys/module
disable pulseaudio
blacklist /home/mahnamahna/.config/pulse
blacklist /run/user/1000/pulse/native
blacklist /run/user/1000/pulse
Current directory: /home/mahnamahna
Install protocol filter: unix
configuring 16 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol 
configuring 54 seccomp entries in /run/firejail/mnt/seccomp/seccomp.32
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.32 
Dual 32/64 bit seccomp filter configured
Build default+drop seccomp filter
sbox run: /run/firejail/lib/fseccomp default drop /run/firejail/mnt/seccomp/seccomp /run/firejail/mnt/seccomp/seccomp.postexec !mbind 
sbox run: /run/firejail/lib/fsec-optimize /run/firejail/mnt/seccomp/seccomp 
configuring 73 seccomp entries in /run/firejail/mnt/seccomp/seccomp
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp 
seccomp filter configured
Mounting read-only /run/firejail/mnt/seccomp
6320 5844 0:197 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755,inode64
mountid=6320 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs
Seccomp directory:
ls /run/firejail/mnt/seccomp
drwxr-xr-x root     root             160 .
drwxr-xr-x root     root             260 ..
-rw-r--r-- mahnamahna mahnamahna         584 seccomp
-rw-r--r-- mahnamahna mahnamahna         432 seccomp.32
-rw-r--r-- mahnamahna mahnamahna         114 seccomp.list
-rw-r--r-- mahnamahna mahnamahna           0 seccomp.postexec
-rw-r--r-- mahnamahna mahnamahna           0 seccomp.postexec32
-rw-r--r-- mahnamahna mahnamahna         128 seccomp.protocol
Active seccomp files:
cat /run/firejail/mnt/seccomp/seccomp.list
/run/firejail/mnt/seccomp/seccomp.protocol
/run/firejail/mnt/seccomp/seccomp.32
/run/firejail/mnt/seccomp/seccomp
Blacklist violations are logged to syslog
Create the new ld.so.preload file
Mount the new ld.so.preload file
Dropping all capabilities
noroot user namespace installed
Dropping all capabilities
NO_NEW_PRIVS set
Drop privileges: pid 1, uid 1000, gid 1000, nogroups 1
No supplementary groups
AppArmor enabled
Child process initialized in 126.72 ms
Starting application
LD_PRELOAD=(null)
execvp argument 0: /usr/bin/gimp

** (gimp:9): WARNING **: 14:15:33.067: Unable to connect to dbus: Could not connect: Permission denied

(gimp:9): dbind-WARNING **: 14:15:33.071: Couldn't connect to accessibility bus: Failed to connect to socket /tmp/dbus-RfSKgVC3e8: No such file or directory
Could not connect: Permission denied

(gimp:9): GLib-GIO-CRITICAL **: 14:15:33.154: g_dbus_connection_register_object: assertion 'G_IS_DBUS_CONNECTION (connection)' failed

(gimp:9): GLib-GIO-CRITICAL **: 14:15:33.154: g_dbus_connection_register_object: assertion 'G_IS_DBUS_CONNECTION (connection)' failed

(gimp:9): GLib-GIO-CRITICAL **: 14:15:33.154: g_dbus_connection_get_unique_name: assertion 'G_IS_DBUS_CONNECTION (connection)' failed

Parent is shutting down, bye...

EDIT by @rusty-snake: add code-block

@rusty-snake
Copy link
Collaborator

rusty-snake commented Sep 7, 2021
edited
Loading

  • no gimp.local, just regular config as coming from PPA

Found gimp.local profile in /home/mahnamahna/.config/firejail directory

I have no idea why the debug output below is formatted so strange

Put it in a code-block (```) to prevent markdown interpretation.

@themahnamahna
Copy link
Author

Found gimp.local profile in /home/mahnamahna/.config/firejail directory

yes, but it's completely empty :) (0 byte, leftover from failing with experimenting)

@rusty-snake
Copy link
Collaborator

I'm out of idea for now. Try to see what --build gives you and if that does not point out things, comment the profile and uncomment it line for line.

@themahnamahna
Copy link
Author

with --build it starts without problems, when exiting gimp (windows is gone) the process is still in background:

├─bash,32501
 │   └─fbuilder,132900 --build /usr/bin/gimp
 │       └─firejail,132901 --quiet --noprofile --caps.drop=all --nonewprivs --trace=/tmp/firejail-trace.FVGKGN --shell=none  /usr/bin/strace -c -f -o/tmp/firejail-strace.AC4ZWj ...
 │           └─firejail,132902 --quiet --noprofile --caps.drop=all --nonewprivs --trace=/tmp/firejail-trace.FVGKGN --shell=none /usr/bin/strace -c -f -o/tmp/firejail-strace.AC4ZWj ...
 │               ├─dbus-daemon,132920 --syslog-only --fork --print-pid 6 --print-address 8 --session
 │               ├─dbus-launch,132919 --autolaunch=8491418801204428a1e969ca135522dd --binary-syntax --close-stderr
 │               └─strace,132904 -c -f -o/tmp/firejail-strace.AC4ZWj /usr/bin/gimp

I will go through the gimp.profile now

@themahnamahna
Copy link
Author

fixing it can be done by commenting line 426 and 428 in disable-common.inc:

# system directories
#blacklist /sbin
blacklist /usr/local/sbin
#blacklist /usr/sbin

then startup of gimp works. ( /sbin is just a symlink to /usr/sbin)
there are ~400 binaries (excluding symlinks) in /usr/sbin, in the debug log ~100 of those listed, so I tried to

  • leave disable-common.inc as it was with both sbins blacklisted
    and
  • create a gimp.local with either noblacklist or whitelist for those 100 binaries from debug log (like whitelist /usr/sbin/ld, both /sbin and /usr/sbin)

but doesn't change anything, still get the error.
Can this be traced better? or how else can I remove blacklisting for single files?

@rusty-snake
Copy link
Collaborator

So

noblacklist /sbin
noblacklist /usr/sbin

fixes it, right?

@themahnamahna
Copy link
Author

So

noblacklist /sbin
noblacklist /usr/sbin

fixes it, right?

yes, just wanted to find out WHICH binary it requires, not allow whole sbin - but that's more interest than requirement.
thank you for the support! (und lass mich wissen, wie ich dir ein bier zukommen lassen kann ;) )

@rusty-snake
Copy link
Collaborator

but that's more interest than requirement.

try --trace or strace

@themahnamahna
Copy link
Author

I found the culprit:
gimp seems to require /usr/bin/dot which is a symlink to /usr/sbin/libgvc6-config-update
but adding
noblacklist /usr/sbin/libgvc6-config-update
to gimp.local does not work.
but it's definitely that file that causes the problem, after removing the symlink and
sudo cp /usr/sbin/libgvc6-config-update /usr/bin/dot
gimp starts with no need to change any firejail config.

@matu3ba matu3ba mentioned this issue Oct 7, 2021
Closed
@rusty-snake rusty-snake mentioned this issue Oct 16, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

luarocks matu3ba/firejail
2 participants
@themahnamahna @rusty-snake