Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Patch fails to run in Artix Linux #4039

Open
5 of 6 tasks
ZachIndigo opened this issue Mar 3, 2021 · 8 comments
Open
5 of 6 tasks

Patch fails to run in Artix Linux #4039

ZachIndigo opened this issue Mar 3, 2021 · 8 comments

Comments

@ZachIndigo
Copy link

Write clear, concise and in textual form.

Bug and expected behavior

  • Describe the bug.

Patch always fails to run, complains about missing libdl.so.2 library (which is installed and in /usr/lib).

  • What did you expect to happen?

I expected the patch command to work properly.

No profile and disabling firejail

  • What changed calling firejail --noprofile /path/to/program in a terminal?

Patch works properly, no complaint about missing library.

  • What changed calling the program by path (check which <program> or firejail --list while the sandbox is running)?

Patch works correctly, no complaint about missing library.

Reproduce
Steps to reproduce the behavior:

  1. Run in bash firejail patch
  2. See error /usr/sbin/patch: error while loading shared libraries: libdl.so.2: cannot open shared object file: No such file or directory

Environment

  • Linux distribution and version (ie output of lsb_release -a, screenfetch or cat /etc/os-release)

Artix Linux (fork of Arch), up-to-date

  • Firejail version (output of firejail --version) exclusive or used git commit (git rev-parse HEAD)

Firejail version 0.9.64.4

Additional context
Other context about the problem like related errors to understand the problem.

Patch will also start to work if I comment out the 'private-lib' line in the config.

Checklist

  • The profile (and redirect profile if exists) hasn't already been fixed upstream.

Trying the master-branch patch.profile does not fix the issue either.

  • The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)

I am using the upstream patch.profile

  • I have performed a short search for similar issues (to avoid opening a duplicate).
  • If it is a AppImage, --profile=PROFILENAME is used to set the right profile.

It is not an appimage.

  • Used LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 PROGRAM to get english error-messages.

  • I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.

debug output 
OUTPUT OF `firejail --debug PROGRAM`

DISPLAY=:0 parsed as 0
Autoselecting /bin/zsh as shell
Building quoted command line: 'patch' '-p1' 
Command name #patch#
Found patch.profile profile in /etc/firejail directory
Found patch.local profile in /etc/firejail directory
Found disable-common.inc profile in /etc/firejail directory
Found disable-devel.inc profile in /etc/firejail directory
Found disable-exec.inc profile in /etc/firejail directory
Found disable-interpreters.inc profile in /etc/firejail directory
Found disable-passwdmgr.inc profile in /etc/firejail directory
Found disable-shell.inc profile in /etc/firejail directory
Found disable-xdg.inc profile in /etc/firejail directory
Found whitelist-usr-share-common.inc profile in /etc/firejail directory
Found whitelist-var-common.inc profile in /etc/firejail directory
Enabling IPC namespace
Initializing child process
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp directory
Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file
sbox run: /run/firejail/lib/fnet ifup lo 
Network namespace enabled, only loopback interface available
Build protocol filter: unix
sbox run: /run/firejail/lib/fseccomp protocol build unix /run/firejail/mnt/seccomp/seccomp.protocol 
Mounting /proc filesystem representing the PID namespace
Basic read-only filesystem:
Mounting read-only /etc
94 59 254:0 /etc /etc ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=94 fsname=/etc dir=/etc fstype=ext4
Mounting noexec /etc
95 94 254:0 /etc /etc ro,nosuid,nodev,noexec,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=95 fsname=/etc dir=/etc fstype=ext4
Mounting read-only /var
96 59 254:0 /var /var ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=96 fsname=/var dir=/var fstype=ext4
Mounting noexec /var
97 96 254:0 /var /var ro,nosuid,nodev,noexec,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=97 fsname=/var dir=/var fstype=ext4
Mounting read-only /usr
98 59 254:0 /usr /usr ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=98 fsname=/usr dir=/usr fstype=ext4
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Cleaning /run/user directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /home/zachir/.config/firejail
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/profile
Disable /run/firejail/x11
Disable /run/firejail/appimage
Mounting tmpfs on /dev
Process /dev/shm directory
Copying files in the new bin directory
Checking /usr/local/bin/patch
firejail exec symlink detected
Checking /usr/bin/patch
sbox run: /run/firejail/lib/fcopy /usr/bin/patch /run/firejail/mnt/bin 
Checking /usr/local/bin/red
Checking /usr/bin/red
Checking /bin/red
Checking /usr/games/red
Checking /usr/local/games/red
Checking /usr/local/sbin/red
Checking /usr/sbin/red
Checking /sbin/red
Mount-bind /run/firejail/mnt/bin on top of /usr/local/bin
Mount-bind /run/firejail/mnt/bin on top of /usr/bin
Mount-bind /run/firejail/mnt/bin on top of /bin
Mount-bind /run/firejail/mnt/bin on top of /usr/local/games
Mount-bind /run/firejail/mnt/bin on top of /usr/local/sbin
Mount-bind /run/firejail/mnt/bin on top of /usr/sbin
Mount-bind /run/firejail/mnt/bin on top of /sbin
Starting private-lib processing: program patch, shell none
Installing standard C library
    copying /lib64/libapparmor.so.1 to private /run/firejail/mnt/lib
sbox run: /run/firejail/lib/fcopy --follow-link /lib64/libapparmor.so.1 /run/firejail/mnt/lib 
    copying /lib64/libc.so.6 to private /run/firejail/mnt/lib
sbox run: /run/firejail/lib/fcopy --follow-link /lib64/libc.so.6 /run/firejail/mnt/lib 
    copying /lib64/libnsl.so.2 to private /run/firejail/mnt/lib
sbox run: /run/firejail/lib/fcopy --follow-link /lib64/libnsl.so.2 /run/firejail/mnt/lib 
    copying /lib64/libnsl.so.2.0.1 to private /run/firejail/mnt/lib
sbox run: /run/firejail/lib/fcopy --fDebug 456: new_name #/usr/share/alsa#, whitelist
Debug 456: new_name #/usr/share/applications#, whitelist
Debug 456: new_name #/usr/share/ca-certificates#, whitelist
Debug 456: new_name #/usr/share/crypto-policies#, whitelist
ollow-link /lib64/libnsl.so.2.0.1 /run/firejail/mnt/lib 
    copying /lib64/libapparmor.so.1.8.0 to private /run/firejail/mnt/lib
sbox run: /run/firejail/lib/fcopy --follow-link /lib64/libapparmor.so.1.8.0 /run/firejail/mnt/lib 
    copying /lib64/libpcre2-8.so.0.10.1 to private /run/firejail/mnt/lib
sbox run: /run/firejail/lib/fcopy --follow-link /lib64/libpcre2-8.so.0.10.1 /run/firejail/mnt/lib 
    copying /lib64/libmemusage.so to private /run/firejail/mnt/lib
sbox run: /run/firejail/lib/fcopy --follow-link /lib64/libmemusage.so /run/firejail/mnt/lib 
    copying /lib64/libcrypt.so.2.0.0 to private /run/firejail/mnt/lib
sbox run: /run/firejail/lib/fcopy --follow-link /lib64/libcrypt.so.2.0.0 /run/firejail/mnt/lib 
    copying /lib64/libpcre2-8.so.0 to private /run/firejail/mnt/lib
sbox run: /run/firejail/lib/fcopy --follow-link /lib64/libpcre2-8.so.0 /run/firejail/mnt/lib 
    copying /lib64/libthread_db.so.1 to private /run/firejail/mnt/lib
sbox run: /run/firejail/lib/fcopy --follow-link /lib64/libthread_db.so.1 /run/firejail/mnt/lib 
    copying /lib64/ld-linux-x86-64.so.2 to private /run/firejail/mnt/lib
sbox run: /run/firejail/lib/fcopy --follow-link /lib64/ld-linux-x86-64.so.2 /run/firejail/mnt/lib 
    copying /lib64/libcrypt.so.2 to private /run/firejail/mnt/lib
sbox run: /run/firejail/lib/fcopy --follow-link /lib64/libcrypt.so.2 /run/firejail/mnt/lib 
    copying /lib64/libpthread.so.0 to private /run/firejail/mnt/lib
sbox run: /run/firejail/lib/fcopy --follow-link /lib64/libpthread.so.0 /run/firejail/mnt/lib 
    fslib_copy_dir /usr/lib/locale
Installing Firejail libraries
    fslib_install_list  /usr/bin/firejail
    fslib_install_list  /usr/lib/firejail
    fslib_copy_dir /usr/lib/firejail
Installing sandboxed program libraries
Searching $PATH for patch
trying #/home/zachir/.local/scripts/patch#
trying #/home/zachir/.local/share/cargo/bin/patch#
trying #/home/zachir/.local/share/go/bin/patch#
trying #/home/zachir/.local/bin/patch#
trying #/opt/REAPER/patch#
trying #/usr/local/sbin/patch#
    fslib_install_list  /usr/local/sbin/patch
    fslib_copy_libs /usr/local/sbin/patch
Creating empty /run/firejail/mnt/libfiles file
    running fldd /usr/local/sbin/patch
sbox run: /run/firejail/lib/fldd /usr/local/sbin/patch /run/firejail/mnt/libfiles 
    copying /lib64/libattr.so.1 to private /run/firejail/mnt/lib
sbox run: /run/firejail/lib/fcopy --follow-link /lib64/libattr.so.1 /run/firejail/mnt/lib 
Processing private-lib files
    fslib_install_list  libdl.so.*,libfakeroot
    fslib_copy_dir /usr/lib/libfakeroot
    fslib_copy_dir /lib/libfakeroot
    fslib_copy_dir /lib64/libfakeroot
    fslib_copy_dir /usr/lib/libfakeroot
Processing private-bin files
    fslib_install_list  patch,/usr/bin/patch
    fslib_copy_libs /usr/bin/patch
Creating empty /run/firejail/mnt/libfiles file
    running fldd /usr/bin/patch
sbox run: /run/firejail/lib/fldd /usr/bin/patch /run/firejail/mnt/libfiles 
Installing system libraries
Mount-bind /run/firejail/mnt/lib on top of /lib /lib64 /usr/lib
Creating empty /run/firejail/mnt/dbus directory
Creating empty /run/firejail/mnt/dbus/user file
blacklist /run/dbus/system_bus_socket
blacklist /home/zachir/.dbus
Creating empty /run/firejail/mnt/dbus/system file
blacklist /run/dbus/system_bus_socket
blacklist /run/firejail/dbus
Mounting read-only /proc/sys
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/sched_debug
Disable /proc/timer_list
Disable /proc/kcore
Disable /proc/kallsyms
Disable /boot
Disable /run/user/1000/gnupg
Disable /run/user/1000/systemd
Disable /proc/kmsg
Removed whitelist/nowhitelist path: whitelist /usr/share/crypto-policies
	expanded: /usr/share/crypto-policies
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/cursors#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/cursors
	expanded: /usr/share/cursors
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/dconf#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/dconf
	expanded: /usr/share/dconf
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/distro-info#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/distro-info
	expanded: /usr/share/distro-info
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/drirc.d#, whitelist
Debug 456: new_name #/usr/share/enchant#, whitelist
Debug 456: new_name #/usr/share/enchant-2#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/enchant-2
	expanded: /usr/share/enchant-2
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/file#, whitelist
Debug 456: new_name #/usr/share/fontconfig#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/fontconfig
	expanded: /usr/share/fontconfig
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/fonts#, whitelist
Debug 456: new_name #/usr/share/fonts-config#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/fonts-config
	expanded: /usr/share/fonts-config
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/gir-1.0#, whitelist
Debug 456: new_name #/usr/share/gjs-1.0#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/gjs-1.0
	expanded: /usr/share/gjs-1.0
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/glib-2.0#, whitelist
Debug 456: new_name #/usr/share/glvnd#, whitelist
Debug 456: new_name #/usr/share/gtk-2.0#, whitelist
Debug 456: new_name #/usr/share/gtk-3.0#, whitelist
Debug 456: new_name #/usr/share/gtk-engines#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/gtk-engines
	expanded: /usr/share/gtk-engines
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/gtksourceview-3.0#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/gtksourceview-3.0
	expanded: /usr/share/gtksourceview-3.0
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/gtksourceview-4#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/gtksourceview-4
	expanded: /usr/share/gtksourceview-4
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/hunspell#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/hunspell
	expanded: /usr/share/hunspell
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/hwdata#, whitelist
Debug 456: new_name #/usr/share/icons#, whitelist
Debug 456: new_name #/usr/share/icu#, whitelist
Debug 456: new_name #/usr/share/knotifications5#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/knotifications5
	expanded: /usr/share/knotifications5
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/kservices5#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/kservices5
	expanded: /usr/share/kservices5
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/Kvantum#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/Kvantum
	expanded: /usr/share/Kvantum
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/kxmlgui5#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/kxmlgui5
	expanded: /usr/share/kxmlgui5
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/libdrm#, whitelist
Debug 456: new_name #/usr/share/libthai#, whitelist
Debug 456: new_name #/usr/share/locale#, whitelist
Debug 456: new_name #/usr/share/mime#, whitelist
Debug 456: new_name #/usr/share/misc#, whitelist
Debug 456: new_name #/usr/share/Modules#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/Modules
	expanded: /usr/share/Modules
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/myspell#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/myspell
	expanded: /usr/share/myspell
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/p11-kit#, whitelist
Debug 456: new_name #/usr/share/perl#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/perl
	expanded: /usr/share/perl
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/perl5#, whitelist
Debug 456: new_name #/usr/share/pixmaps#, whitelist
Debug 456: new_name #/usr/share/pki#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/pki
	expanded: /usr/share/pki
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/plasma#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/plasma
	expanded: /usr/share/plasma
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/publicsuffix#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/publicsuffix
	expanded: /usr/share/publicsuffix
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/qt#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/qt
	expanded: /usr/share/qt
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/qt4#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/qt4
	expanded: /usr/share/qt4
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/qt5#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/qt5
	expanded: /usr/share/qt5
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/qt5ct#, whitelist
Debug 456: new_name #/usr/share/sounds#, whitelist
Debug 456: new_name #/usr/share/tcl8.6#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/tcl8.6
	expanded: /usr/share/tcl8.6
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/tcltk#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/tcltk
	expanded: /usr/share/tcltk
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/terminfo#, whitelist
Debug 456: new_name #/usr/share/texlive#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/texlive
	expanded: /usr/share/texlive
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/texmf#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/texmf
	expanded: /usr/share/texmf
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/themes#, whitelist
Debug 456: new_name #/usr/share/thumbnail.so#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/thumbnail.so
	expanded: /usr/share/thumbnail.so
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/vulkan#, whitelist
Debug 456: new_name #/usr/share/X11#, whitelist
Debug 456: new_name #/usr/share/xml#, whitelist
Debug 456: new_name #/usr/share/zenity#, whitelist
Debug 456: new_name #/usr/share/zoneinfo#, whitelist
Debug 456: new_name #/var/lib/ca-certificates#, whitelist
Removed whitelist/nowhitelist path: whitelist /var/lib/ca-certificates
	expanded: /var/lib/ca-certificates
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/var/lib/dbus#, whitelist
Removed whitelist/nowhitelist path: whitelist /var/lib/dbus
	expanded: /var/lib/dbus
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/var/lib/menu-xdg#, whitelist
Removed whitelist/nowhitelist path: whitelist /var/lib/menu-xdg
	expanded: /var/lib/menu-xdg
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/var/lib/uim#, whitelist
Removed whitelist/nowhitelist path: whitelist /var/lib/uim
	expanded: /var/lib/uim
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/var/cache/fontconfig#, whitelist
Debug 456: new_name #/var/tmp#, whitelist
Debug 456: new_name #/var/run#, whitelist
Debug 456: new_name #/var/lock#, whitelist
Replaced whitelist path: whitelist /run
Replaced whitelist path: whitelist /run/lock
Mounting tmpfs on /var directory
Mounting tmpfs on /usr/share directory
Whitelisting /usr/share/alsa
161 160 254:0 /usr/share/alsa /usr/share/alsa ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=161 fsname=/usr/share/alsa dir=/usr/share/alsa fstype=ext4
Whitelisting /usr/share/applications
162 160 254:0 /usr/share/applications /usr/share/applications ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=162 fsname=/usr/share/applications dir=/usr/share/applications fstype=ext4
Whitelisting /usr/share/ca-certificates
163 160 254:0 /usr/share/ca-certificates /usr/share/ca-certificates ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=163 fsname=/usr/share/ca-certificates dir=/usr/share/ca-certificates fstype=ext4
Whitelisting /usr/share/drirc.d
164 160 254:0 /usr/share/drirc.d /usr/share/drirc.d ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=164 fsname=/usr/share/drirc.d dir=/usr/share/drirc.d fstype=ext4
Whitelisting /usr/share/enchant
165 160 254:0 /usr/share/enchant /usr/share/enchant ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=165 fsname=/usr/share/enchant dir=/usr/share/enchant fstype=ext4
Whitelisting /usr/share/file
166 160 254:0 /usr/share/file /usr/share/file ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=166 fsname=/usr/share/file dir=/usr/share/file fstype=ext4
Whitelisting /usr/share/fonts
167 160 254:0 /usr/share/fonts /usr/share/fonts ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=167 fsname=/usr/share/fonts dir=/usr/share/fonts fstype=ext4
Whitelisting /usr/share/gir-1.0
168 160 254:0 /usr/share/gir-1.0 /usr/share/gir-1.0 ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=168 fsname=/usr/share/gir-1.0 dir=/usr/share/gir-1.0 fstype=ext4
Whitelisting /usr/share/glib-2.0
169 160 254:0 /usr/share/glib-2.0 /usr/share/glib-2.0 ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=169 fsname=/usr/share/glib-2.0 dir=/usr/share/glib-2.0 fstype=ext4
Whitelisting /usr/share/glvnd
170 160 254:0 /usr/share/glvnd /usr/share/glvnd ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=170 fsname=/usr/share/glvnd dir=/usr/share/glvnd fstype=ext4
Whitelisting /usr/share/gtk-2.0
171 160 254:0 /usr/share/gtk-2.0 /usr/share/gtk-2.0 ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=171 fsname=/usr/share/gtk-2.0 dir=/usr/share/gtk-2.0 fstype=ext4
Whitelisting /usr/share/gtk-3.0
172 160 254:0 /usr/share/gtk-3.0 /usr/share/gtk-3.0 ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=172 fsname=/usr/share/gtk-3.0 dir=/usr/share/gtk-3.0 fstype=ext4
Whitelisting /usr/share/hwdata
173 160 254:0 /usr/share/hwdata /usr/share/hwdata ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=173 fsname=/usr/share/hwdata dir=/usr/share/hwdata fstype=ext4
Whitelisting /usr/share/icons
174 160 254:0 /usr/share/icons /usr/share/icons ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=174 fsname=/usr/share/icons dir=/usr/share/icons fstype=ext4
Whitelisting /usr/share/icu
175 160 254:0 /usr/share/icu /usr/share/icu ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=175 fsname=/usr/share/icu dir=/usr/share/icu fstype=ext4
Whitelisting /usr/share/libdrm
176 160 254:0 /usr/share/libdrm /usr/share/libdrm ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=176 fsname=/usr/share/libdrm dir=/usr/share/libdrm fstype=ext4
Whitelisting /usr/share/libthai
177 160 254:0 /usr/share/libthai /usr/share/libthai ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=177 fsname=/usr/share/libthai dir=/usr/share/libthai fstype=ext4
Whitelisting /usr/share/locale
178 160 254:0 /usr/share/locale /usr/share/locale ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=178 fsname=/usr/share/locale dir=/usr/share/locale fstype=ext4
Whitelisting /usr/share/mime
179 160 254:0 /usr/share/mime /usr/share/mime ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=179 fsname=/usr/share/mime dir=/usr/share/mime fstype=ext4
Whitelisting /usr/share/misc
180 160 254:0 /usr/share/misc /usr/share/misc ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=180 fsname=/usr/share/misc dir=/usr/share/misc fstype=ext4
Whitelisting /usr/share/p11-kit
181 160 254:0 /usr/share/p11-kit /usr/share/p11-kit ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=181 fsname=/usr/share/p11-kit dir=/usr/share/p11-kit fstype=ext4
Whitelisting /usr/share/perl5
182 160 254:0 /usr/share/perl5 /usr/share/perl5 ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=182 fsname=/usr/share/perl5 dir=/usr/share/perl5 fstype=ext4
Whitelisting /usr/share/pixmaps
183 160 254:0 /usr/share/pixmaps /usr/share/pixmaps ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=183 fsname=/usr/share/pixmaps dir=/usr/share/pixmaps fstype=ext4
Whitelisting /usr/share/qt5ct
184 160 254:0 /usr/share/qt5ct /usr/share/qt5ct ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=184 fsname=/usr/share/qt5ct dir=/usr/share/qt5ct fstype=ext4
Whitelisting /usr/share/sounds
185 160 254:0 /usr/share/sounds /usr/share/sounds ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=185 fsname=/usr/share/sounds dir=/usr/share/sounds fstype=ext4
Whitelisting /usr/share/terminfo
186 160 254:0 /usr/share/terminfo /usr/share/terminfo ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=186 fsname=/usr/share/terminfo dir=/usr/share/terminfo fstype=ext4
Whitelisting /usr/share/themes
187 160 254:0 /usr/share/themes /usr/share/themes ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=187 fsname=/usr/share/themes dir=/usr/share/themes fstype=ext4
Whitelisting /usr/share/vulkan
188 160 254:0 /usr/share/vulkan /usr/share/vulkan ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=188 fsname=/usr/share/vulkan dir=/usr/share/vulkan fstype=ext4
Whitelisting /usr/share/X11
189 160 254:0 /usr/share/X11 /usr/share/X11 ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=189 fsname=/usr/share/X11 dir=/usr/share/X11 fstype=ext4
Whitelisting /usr/share/xml
190 160 254:0 /usr/share/xml /usr/share/xml ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=190 fsname=/usr/share/xml dir=/usr/share/xml fstype=ext4
Whitelisting /usr/share/zenity
191 160 254:0 /usr/share/zenity /usr/share/zenity ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=191 fsname=/usr/share/zenity dir=/usr/share/zenity fstype=ext4
Whitelisting /usr/share/zoneinfo
192 160 254:0 /usr/share/zoneinfo /usr/share/zoneinfo ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=192 fsname=/usr/share/zoneinfo dir=/usr/share/zoneinfo fstype=ext4
Whitelisting /var/cache/fontconfig
193 158 254:0 /var/cache/fontconfig /var/cache/fontconfig ro,nosuid,nodev,noexec,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=193 fsname=/var/cache/fontconfig dir=/var/cache/fontconfig fstype=ext4
Whitelisting /var/tmp
194 158 0:54 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw,inode64
mountid=194 fsname=/ dir=/var/tmp fstype=tmpfs
Created symbolic link /var/run -> /run
Created symbolic link /var/lock -> /run/lock
Disable /run/user/1000
Directory ${DOCUMENTS} resolved as Documents
Disable /home/zachir/.local/share/Trash
Disable /home/zachir/.bash_history
Disable /home/zachir/.python_history
Disable /home/zachir/.python_history
Disable /home/zachir/.viminfo
Disable /home/zachir/.config/autostart
Disable /home/zachir/.config/awesome
Disable /home/zachir/.xinitrc
Disable /home/zachir/.xprofile
Disable /home/zachir/.xserverrc
Disable /home/zachir/.xsession
Disable /home/zachir/.xsessionrc
Disable /etc/xdg/autostart
Mounting read-only /home/zachir/.Xauthority
211 105 0:46 /zachir/.Xauthority /home/zachir/.Xauthority ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=211 fsname=/zachir/.Xauthority dir=/home/zachir/.Xauthority fstype=btrfs
Mounting read-only /home/zachir/.config/kdeglobals
212 105 0:46 /zachir/.config/kdeglobals /home/zachir/.config/kdeglobals ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=212 fsname=/zachir/.config/kdeglobals dir=/home/zachir/.config/kdeglobals fstype=btrfs
Disable /home/zachir/.local/share/gvfs-metadata
Mounting read-only /home/zachir/.config/dconf
214 105 0:46 /zachir/.config/dconf /home/zachir/.config/dconf ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=214 fsname=/zachir/.config/dconf dir=/home/zachir/.config/dconf fstype=btrfs
Disable /home/zachir/.config/systemd
Disable /etc/init.d (requested /etc/init.d/)
Disable /home/zachir/.config/VirtualBox
Disable /etc/anacrontab
Disable /etc/cron.daily
Disable /etc/cron.weekly
Disable /etc/cron.hourly
Disable /etc/cron.monthly
Disable /etc/cron.deny
Disable /etc/cron.d
Disable /etc/profile.d
Disable /etc/rc.local
Disable /etc/grub.d
Disable /etc/apparmor.d
Disable /etc/apparmor
Disable /etc/logrotate.conf
Disable /etc/logrotate.d
Mounting read-only /home/zachir/.profile
232 105 0:46 /zachir/.profile /home/zachir/.profile ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=232 fsname=/zachir/.profile dir=/home/zachir/.profile fstype=btrfs
Mounting read-only /home/zachir/.config/zsh/.zshenv
233 105 0:46 /zachir/.config/zsh/.zshenv /home/zachir/.config/zsh/.zshenv ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=233 fsname=/zachir/.config/zsh/.zshenv dir=/home/zachir/.config/zsh/.zshenv fstype=btrfs
Mounting read-only /home/zachir/.ssh/authorized_keys
234 105 0:46 /zachir/.ssh/authorized_keys /home/zachir/.ssh/authorized_keys ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=234 fsname=/zachir/.ssh/authorized_keys dir=/home/zachir/.ssh/authorized_keys fstype=btrfs
Mounting read-only /home/zachir/.local/lib
235 105 0:46 /zachir/.local/lib /home/zachir/.local/lib ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=235 fsname=/zachir/.local/lib dir=/home/zachir/.local/lib fstype=btrfs
Mounting read-only /home/zachir/.viminfo
236 202 0:24 /firejail/firejail.ro.file /home/zachir/.viminfo ro,nosuid,nodev,relatime - tmpfs run rw,mode=755,inode64
mountid=236 fsname=/firejail/firejail.ro.file dir=/home/zachir/.viminfo fstype=tmpfs
Mounting read-only /home/zachir/.xmonad
237 105 0:46 /zachir/.xmonad /home/zachir/.xmonad ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=237 fsname=/zachir/.xmonad dir=/home/zachir/.xmonad fstype=btrfs
Mounting read-only /home/zachir/.xscreensaver
238 105 0:46 /zachir/.xscreensaver /home/zachir/.xscreensaver ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=238 fsname=/zachir/.xscreensaver dir=/home/zachir/.xscreensaver fstype=btrfs
Mounting read-only /home/zachir/.yarnrc
239 105 0:46 /zachir/.yarnrc /home/zachir/.yarnrc ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=239 fsname=/zachir/.yarnrc dir=/home/zachir/.yarnrc fstype=btrfs
Mounting read-only /home/zachir/.gem
240 105 0:46 /zachir/.gem /home/zachir/.gem ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=240 fsname=/zachir/.gem dir=/home/zachir/.gem fstype=btrfs
Mounting read-only /home/zachir/.local/bin
241 105 0:46 /zachir/.local/bin /home/zachir/.local/bin ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=241 fsname=/zachir/.local/bin dir=/home/zachir/.local/bin fstype=btrfs
Mounting read-only /home/zachir/.config/menus
242 105 0:46 /zachir/.config/menus /home/zachir/.config/menus ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=242 fsname=/zachir/.config/menus dir=/home/zachir/.config/menus fstype=btrfs
Mounting read-only /home/zachir/.local/share/applications
243 105 0:46 /zachir/.local/share/applications /home/zachir/.local/share/applications ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=243 fsname=/zachir/.local/share/applications dir=/home/zachir/.local/share/applications fstype=btrfs
Mounting read-only /home/zachir/.config/mimeapps.list
244 105 0:46 /zachir/.config/mimeapps.list /home/zachir/.config/mimeapps.list ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=244 fsname=/zachir/.config/mimeapps.list dir=/home/zachir/.config/mimeapps.list fstype=btrfs
Mounting read-only /home/zachir/.config/user-dirs.dirs
245 105 0:46 /zachir/.config/user-dirs.dirs /home/zachir/.config/user-dirs.dirs ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=245 fsname=/zachir/.config/user-dirs.dirs dir=/home/zachir/.config/user-dirs.dirs fstype=btrfs
Mounting read-only /home/zachir/.config/user-dirs.locale
246 105 0:46 /zachir/.config/user-dirs.locale /home/zachir/.config/user-dirs.locale ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=246 fsname=/zachir/.config/user-dirs.locale dir=/home/zachir/.config/user-dirs.locale fstype=btrfs
Mounting read-only /home/zachir/.local/share/mime
247 105 0:46 /zachir/.local/share/mime /home/zachir/.local/share/mime ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=247 fsname=/zachir/.local/share/mime dir=/home/zachir/.local/share/mime fstype=btrfs
Disable /home/zachir/.cert
Disable /home/zachir/.gnupg
Disable /home/zachir/.local/share/keyrings
Disable /home/zachir/.pki
Disable /home/zachir/.local/share/pki
Disable /home/zachir/.ssh
Disable /etc/group-
Disable /etc/gshadow
Disable /etc/gshadow-
Disable /etc/passwd-
Disable /etc/shadow
Disable /etc/shadow-
Disable /etc/ssh
Disable /usr/local/sbin
Disable /home/zachir/.cache/flatpak
Disable /home/zachir/.local/share/flatpak/repo
Disable /home/zachir/.local/share/flatpak/.changed
Disable /home/zachir/.local/share/flatpak/db
Disable /proc/config.gz
Disable /home/zachir/.rustup
Disable /usr/src
Disable /usr/local/src
Disable /usr/include
Disable /usr/local/include
Mounting noexec /home/zachir
319 272 0:24 /firejail/firejail.ro.dir /home/zachir/.rustup rw,nosuid,nodev,relatime - tmpfs run rw,mode=755,inode64
mountid=319 fsname=/firejail/firejail.ro.dir dir=/home/zachir/.rustup fstype=tmpfs
Mounting noexec /home/zachir/.Xauthority
320 288 0:46 /zachir/.Xauthority /home/zachir/.Xauthority ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=320 fsname=/zachir/.Xauthority dir=/home/zachir/.Xauthority fstype=btrfs
Mounting noexec /home/zachir/.config/kdeglobals
321 289 0:46 /zachir/.config/kdeglobals /home/zachir/.config/kdeglobals ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=321 fsname=/zachir/.config/kdeglobals dir=/home/zachir/.config/kdeglobals fstype=btrfs
Mounting noexec /home/zachir/.config/dconf
322 291 0:46 /zachir/.config/dconf /home/zachir/.config/dconf ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=322 fsname=/zachir/.config/dconf dir=/home/zachir/.config/dconf fstype=btrfs
Mounting noexec /home/zachir/.profile
323 294 0:46 /zachir/.profile /home/zachir/.profile ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=323 fsname=/zachir/.profile dir=/home/zachir/.profile fstype=btrfs
Mounting noexec /home/zachir/.config/zsh/.zshenv
324 295 0:46 /zachir/.config/zsh/.zshenv /home/zachir/.config/zsh/.zshenv ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=324 fsname=/zachir/.config/zsh/.zshenv dir=/home/zachir/.config/zsh/.zshenv fstype=btrfs
Mounting noexec /home/zachir/.local/lib
325 297 0:46 /zachir/.local/lib /home/zachir/.local/lib ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=325 fsname=/zachir/.local/lib dir=/home/zachir/.local/lib fstype=btrfs
Mounting noexec /home/zachir/.xmonad
326 298 0:46 /zachir/.xmonad /home/zachir/.xmonad ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=326 fsname=/zachir/.xmonad dir=/home/zachir/.xmonad fstype=btrfs
Mounting noexec /home/zachir/.xscreensaver
327 299 0:46 /zachir/.xscreensaver /home/zachir/.xscreensaver ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=327 fsname=/zachir/.xscreensaver dir=/DISPLAY=:0 parsed as 0
home/zachir/.xscreensaver fstype=btrfs
Mounting noexec /home/zachir/.yarnrc
328 300 0:46 /zachir/.yarnrc /home/zachir/.yarnrc ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=328 fsname=/zachir/.yarnrc dir=/home/zachir/.yarnrc fstype=btrfs
Mounting noexec /home/zachir/.gem
329 301 0:46 /zachir/.gem /home/zachir/.gem ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=329 fsname=/zachir/.gem dir=/home/zachir/.gem fstype=btrfs
Mounting noexec /home/zachir/.local/bin
330 302 0:46 /zachir/.local/bin /home/zachir/.local/bin ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=330 fsname=/zachir/.local/bin dir=/home/zachir/.local/bin fstype=btrfs
Mounting noexec /home/zachir/.config/menus
331 303 0:46 /zachir/.config/menus /home/zachir/.config/menus ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=331 fsname=/zachir/.config/menus dir=/home/zachir/.config/menus fstype=btrfs
Mounting noexec /home/zachir/.local/share/applications
332 304 0:46 /zachir/.local/share/applications /home/zachir/.local/share/applications ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=332 fsname=/zachir/.local/share/applications dir=/home/zachir/.local/share/applications fstype=btrfs
Mounting noexec /home/zachir/.config/mimeapps.list
333 305 0:46 /zachir/.config/mimeapps.list /home/zachir/.config/mimeapps.list ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=333 fsname=/zachir/.config/mimeapps.list dir=/home/zachir/.config/mimeapps.list fstype=btrfs
Mounting noexec /home/zachir/.config/user-dirs.dirs
334 306 0:46 /zachir/.config/user-dirs.dirs /home/zachir/.config/user-dirs.dirs ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=334 fsname=/zachir/.config/user-dirs.dirs dir=/home/zachir/.config/user-dirs.dirs fstype=btrfs
Mounting noexec /home/zachir/.config/user-dirs.locale
335 307 0:46 /zachir/.config/user-dirs.locale /home/zachir/.config/user-dirs.locale ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=335 fsname=/zachir/.config/user-dirs.locale dir=/home/zachir/.config/user-dirs.locale fstype=btrfs
Mounting noexec /home/zachir/.local/share/mime
336 308 0:46 /zachir/.local/share/mime /home/zachir/.local/share/mime ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=336 fsname=/zachir/.local/share/mime dir=/home/zachir/.local/share/mime fstype=btrfs
Mounting noexec /dev/shm
337 123 0:60 /shm /dev/shm rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64
mountid=337 fsname=/shm dir=/dev/shm fstype=tmpfs
Mounting noexec /tmp
338 59 254:0 /tmp /tmp rw,nosuid,nodev,noexec,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=338 fsname=/tmp dir=/tmp fstype=ext4
Mounting noexec /var
341 339 0:54 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw,inode64
mountid=341 fsname=/ dir=/var/tmp fstype=tmpfs
Disable /home/zachir/.nvm
Disable /usr/share/perl5
Disable /home/zachir/.config/keepassxc
Directory ${DOCUMENTS} resolved as Documents
Not blacklist /home/zachir/Documents
Directory ${MUSIC} resolved as Music
Disable /home/zachir/Music
Directory ${PICTURES} resolved as Pictures
Disable /home/zachir/Pictures
Directory ${VIDEOS} resolved as Videos
Disable /home/zachir/Videos
Disable /tmp/.X11-unix
Disable /home/zachir/.Xauthority
Disable /home/zachir/.Xauthority
Disable /sys/fs
Disable /sys/module
disable pulseaudio
blacklist /home/zachir/.config/pulse
Create the new ld.so.preload file
Mount the new ld.so.preload file
Current directory: /home/zachir/suckless/dwm
Install protocol filter: unix
configuring 16 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol
sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol/usr/lib/firejail/fsec-print: error while loading shared libraries: libdl.so.2: cannot open shared object file: No such file or directory
Error: failed to run /usr/lib/firejail/fsec-print
 
Error: proc 781 cannot sync with peer: unexpected EOF
Peer 783 unexpectedly exited with status 1
Autoselecting /bin/zsh as shell
Building quoted command line: 'patch' '-p1' 
Command name #patch#
Found patch.profile profile in /etc/firejail directory
Found patch.local profile in /etc/firejail directory
Found disable-common.inc profile in /etc/firejail directory
Found disable-devel.inc profile in /etc/firejail directory
Found disable-exec.inc profile in /etc/firejail directory
Found disable-interpreters.inc profile in /etc/firejail directory
Found disable-passwdmgr.inc profile in /etc/firejail directory
Found disable-shell.inc profile in /etc/firejail directory
Found disable-xdg.inc profile in /etc/firejail directory
Found whitelist-usr-share-common.inc profile in /etc/firejail directory
Found whitelist-var-common.inc profile in /etc/firejail directory
Enabling IPC namespace
@rusty-snake
Copy link
Collaborator

What shows ls -l /usr/lib*/libdl*?

@rusty-snake
Copy link
Collaborator

Found patch.local profile in /etc/firejail directory

What's in it?

@kmk3
Copy link
Collaborator

kmk3 commented Mar 3, 2021
edited
Loading

Reproduce

Steps to reproduce the behavior:

  1. Run in bash firejail patch

  2. See error /usr/sbin/patch: error while loading shared libraries: libdl.so.2: cannot open shared object file: No such file or directory

Same error with a relatively recent firejail-git version, also on Artix.

  • The profile (and redirect profile if exists) hasn't already been fixed
    upstream.

It has been fixed by #4000 on master:

https://github.com/zupatisc/firejail/blob/38a5cb1440e000545d7d5802da43170d55f6560b/etc/profile-m-z/patch.profile#L46

So put the following on patch.local:

private-lib libdl.so.*,libfakeroot
ignore private-lib

Or, alternatively, use firejail-git from the AUR until the next release.

@ZachIndigo
Copy link
Author

ZachIndigo commented Mar 4, 2021
edited by kmk3
Loading 

$ ls -l /usr/lib*/libdl*
-rwxr-xr-x 1 dhcpcd dhcpcd 18K Feb 13 17:02 /usr/lib32/libdl-2.33.so
-rw-r--r-- 1 dhcpcd dhcpcd 14K Feb 13 17:02 /usr/lib32/libdl.a
lrwxrwxrwx 1 root   root    10 Feb 13 17:02 /usr/lib32/libdl.so -> libdl.so.2
lrwxrwxrwx 1 root   root    13 Feb 13 17:02 /usr/lib32/libdl.so.2 -> libdl-2.33.so
-rwxr-xr-x 1 dhcpcd dhcpcd 23K Feb 13 17:02 /usr/lib64/libdl-2.33.so
-rw-r--r-- 1 dhcpcd dhcpcd 15K Feb 13 17:02 /usr/lib64/libdl.a
lrwxrwxrwx 1 root   root    10 Feb 13 17:02 /usr/lib64/libdl.so -> libdl.so.2
lrwxrwxrwx 1 root   root    13 Feb 13 17:02 /usr/lib64/libdl.so.2 -> libdl-2.33.so
-rwxr-xr-x 1 dhcpcd dhcpcd 23K Feb 13 17:02 /usr/lib/libdl-2.33.so
-rw-r--r-- 1 dhcpcd dhcpcd 15K Feb 13 17:02 /usr/lib/libdl.a
lrwxrwxrwx 1 root   root    10 Feb 13 17:02 /usr/lib/libdl.so -> libdl.so.2
lrwxrwxrwx 1 root   root    13 Feb 13 17:02 /usr/lib/libdl.so.2 -> libdl-2.33.so

Also, adding in 'ignore private-lib' worked, which is weird, because I copied the Master branch patch.profile into my etc directory and it didn't work. But it is working now, so thanks.

Edit: Fixed code block formatting.

@kmk3
Copy link
Collaborator

kmk3 commented Mar 4, 2021

Also, adding in 'ignore private-lib' worked, which is weird, because I copied
the Master branch patch.profile into my etc directory and it didn't work. But
it is working now, so thanks.

Apologies; I wanted to reply quickly and ended up speaking assuming too much
and without properly testing my suggestions. #4000 by itself does not really
fix it on Artix and the problem still happens on the current master.

It fails even with the following on patch.local:

private-lib libd*,libfakeroot
ignore private-lib

So it's also likely not due to the file names (though it could be a globbing
issue).

$ ls -l /usr/lib*/libdl*
-rwxr-xr-x 1 dhcpcd dhcpcd 18K Feb 13 17:02 /usr/lib32/libdl-2.33.so
-rw-r--r-- 1 dhcpcd dhcpcd 14K Feb 13 17:02 /usr/lib32/libdl.a
lrwxrwxrwx 1 root   root    10 Feb 13 17:02 /usr/lib32/libdl.so -> libdl.so.2
lrwxrwxrwx 1 root   root    13 Feb 13 17:02 /usr/lib32/libdl.so.2 -> libdl-2.33.so
-rwxr-xr-x 1 dhcpcd dhcpcd 23K Feb 13 17:02 /usr/lib64/libdl-2.33.so
-rw-r--r-- 1 dhcpcd dhcpcd 15K Feb 13 17:02 /usr/lib64/libdl.a
lrwxrwxrwx 1 root   root    10 Feb 13 17:02 /usr/lib64/libdl.so -> libdl.so.2
lrwxrwxrwx 1 root   root    13 Feb 13 17:02 /usr/lib64/libdl.so.2 -> libdl-2.33.so
-rwxr-xr-x 1 dhcpcd dhcpcd 23K Feb 13 17:02 /usr/lib/libdl-2.33.so
-rw-r--r-- 1 dhcpcd dhcpcd 15K Feb 13 17:02 /usr/lib/libdl.a
lrwxrwxrwx 1 root   root    10 Feb 13 17:02 /usr/lib/libdl.so -> libdl.so.2
lrwxrwxrwx 1 root   root    13 Feb 13 17:02 /usr/lib/libdl.so.2 -> libdl-2.33.so

I have the same output and it does not seem quite right. Why are these
libraries owned by dhcpcd when it is not the provider of any of them?

$ pacman -Qo /usr/lib*/libdl* | sort
/usr/lib/libdl-2.33.so is owned by glibc 2.33-4
/usr/lib/libdl-2.33.so is owned by glibc 2.33-4
/usr/lib/libdl.a is owned by glibc 2.33-4
/usr/lib/libdl.a is owned by glibc 2.33-4
/usr/lib/libdl.so is owned by glibc 2.33-4
/usr/lib/libdl.so is owned by glibc 2.33-4
/usr/lib/libdl.so.2 is owned by glibc 2.33-4
/usr/lib/libdl.so.2 is owned by glibc 2.33-4
/usr/lib32/libdl-2.33.so is owned by lib32-glibc 2.33-4
/usr/lib32/libdl.a is owned by lib32-glibc 2.33-4
/usr/lib32/libdl.so is owned by lib32-glibc 2.33-4
/usr/lib32/libdl.so.2 is owned by lib32-glibc 2.33-4

dhcpcd does not even provide any libraries outside of its own directory:

$ pacman -Q dhcpcd
dhcpcd 9.4.0-1
$ pacman -Qlq dhcpcd
/etc/
/etc/dhcpcd.conf
/usr/
/usr/bin/
/usr/bin/dhcpcd
/usr/lib/
/usr/lib/dhcpcd/
/usr/lib/dhcpcd/dev/
/usr/lib/dhcpcd/dev/udev.so
/usr/lib/dhcpcd/dhcpcd-hooks/
/usr/lib/dhcpcd/dhcpcd-hooks/01-test
/usr/lib/dhcpcd/dhcpcd-hooks/20-resolv.conf
/usr/lib/dhcpcd/dhcpcd-hooks/30-hostname
/usr/lib/dhcpcd/dhcpcd-run-hooks
/usr/lib/sysusers.d/
/usr/lib/sysusers.d/dhcpcd.conf
/usr/lib/tmpfiles.d/
/usr/lib/tmpfiles.d/dhcpcd.conf
/usr/share/
/usr/share/dhcpcd/
/usr/share/dhcpcd/hooks/
/usr/share/dhcpcd/hooks/10-wpa_supplicant
/usr/share/dhcpcd/hooks/15-timezone
/usr/share/dhcpcd/hooks/29-lookup-hostname
/usr/share/licenses/
/usr/share/licenses/dhcpcd/
/usr/share/licenses/dhcpcd/LICENSE
/usr/share/man/
/usr/share/man/man5/
/usr/share/man/man5/dhcpcd.conf.5.gz
/usr/share/man/man8/
/usr/share/man/man8/dhcpcd-run-hooks.8.gz
/usr/share/man/man8/dhcpcd.8.gz
/var/
/var/lib/
/var/lib/dhcpcd

I think that the problem might be packaging-related. Will check later.

@kmk3 kmk3 reopened this Mar 4, 2021
@rusty-snake
Copy link
Collaborator

Will check later.

@kmk3 ping

I think that the problem might be packaging-related.

Could it be #3236?

@kmk3
Copy link
Collaborator

kmk3 commented May 14, 2021
edited
Loading

Will check later.

@kmk3 ping

Sorry for the delay, but I still have some patches that I want to send
beforehand (some are even from months ago). If anybody wants to take this in
the meantime feel free to do so.

Currently I just run unlink /usr/local/bin/patch after running firecfg.

Would be nice if firecfg supported a /etc/firejail/firecfg_ignore.config
counterpart to /usr/lib/firejail/firecfg.config, to skip problematic
profiles.

I think that the problem might be packaging-related.

To be clear, I meant issues with the dhcpcd package.

By the way, I stopped using dhcpcd, as it would happily and knowingly let the
clock drift over an hour without syncing. And there is no way to force it to
sync.

Could it be #3236?

Seems plausible; thanks for the link.

@rusty-snake
Copy link
Collaborator

Would be nice if firecfg supported a /etc/firejail/firecfg_ignore.config
counterpart to /usr/lib/firejail/firecfg.config, to skip problematic
profiles.

And here's an other link for you: #2097 😃

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kmk3 @rusty-snake @ZachIndigo