github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #3524] Arch build breaking due to pandoc #2217

New issue
Closed
opened 2026-05-05 08:54:04 -06:00 by gitea-mirror · 1 comment
gitea-mirror commented 2026-05-05 08:54:04 -06:00
Owner
Copy link

Originally created by @ask6155 on GitHub (Jul 19, 2020).
Original GitHub issue: https://github.com/netblue30/firejail/issues/3524

Bug and expected behavior
I decided to compile notcurses from the AUR and it was going fine untill pandoc had an error.
Here's the log.

No profile or disabling firejail

  • What changed calling firejail --noprofile PROGRAM in a shell?
    I didn't know how to run makepkg in a way it doesn't invoke firejail.

  • What changed calling the program by path=without firejail (check whereis PROGRAM, firejail --list, stat $programpath)?
    Again I don't know how to do that.

Reproduce
Steps to reproduce the behavior:

  1. Install AUR package notcurses from AUR .
  2. Get error pandoc: /home/me/.cache/yay/notcurses/src/notcurses-1.6.0/doc/man/man3/notcurses_lines.3.md: openBinaryFile: does not exist (No such file or directory)

Environment

  • LSB Version: 1.4 Distributor ID: Arch Description: Arch Linux Release: rolling Codename: n/a

Firejail version 0.9.62

Compile time support:
- AppArmor support is enabled
- AppImage support is enabled
- chroot support is enabled
- file and directory whitelisting support is enabled
- file transfer support is enabled
- firetunnel support is enabled
- networking support is enabled
- overlayfs support is enabled
- private-home support is enabled
- seccomp-bpf support is enabled
- user namespace support is enabled
- X11 sandboxing support is enabled

  • What other programs interact with the affected program for the functionality?
    Most of the AUR packages which have some kind of documentation use pandoc for compiling it's documentation
  • Are these listed in the profile?
    I don't know?

Additional context
Other context about the problem like related errors to understand the problem.
Since the package was failing due to pandoc, I decided to see if pandoc was working.
I ran:
$ pandoc -t pdf issue.md
and it gave error:

warning: kpathsea: configuration file texmf.cnf not found in these directories: /usr/bin:/usr/bin/share/texmf-local/web2c:/usr/bin/share/texmf-dist/web2c:/usr/bin/share/texmf/web2c:/usr/bin/texmf-local/web2c:/usr/bin/texmf-dist/web2c:/usr/bin/texmf/web2c:/usr:/usr/share/texmf-local/web2c:/usr/share/texmf-dist/web2c:/usr/share/texmf/web2c:/usr/texmf-local/web2c:/usr/texmf-dist/web2c:/usr/texmf/web2c://texmf-local/web2c:/://share/texmf-local/web2c://share/texmf-dist/web2c://share/texmf/web2c://texmf-local/web2c://texmf-dist/web2c://texmf/web2c.

kpathsea: Running mktexfmt pdflatex.fmt
mktexfmt: Permission denied
warning: kpathsea: configuration file texmf.cnf not found in these directories: /usr/bin:/usr/bin/share/texmf-local/web2c:/usr/bin/share/texmf-dist/web2c:/usr/bin/share/texmf/web2c:/usr/bin/texmf-local/web2c:/usr/bin/texmf-dist/web2c:/usr/bin/texmf/web2c:/usr:/usr/share/texmf-local/web2c:/usr/share/texmf-dist/web2c:/usr/share/texmf/web2c:/usr/texmf-local/web2c:/usr/texmf-dist/web2c:/usr/texmf/web2c://texmf-local/web2c:/://share/texmf-local/web2c://share/texmf-dist/web2c://share/texmf/web2c://texmf-local/web2c://texmf-dist/web2c://texmf/web2c.

kpathsea: Running mktexfmt pdflatex.fmt
mktexfmt: Permission denied
Error producing PDF.
This is pdfTeX, Version 3.14159265-2.6-1.40.21 (TeX Live 2020/Arch Linux) (preloaded format=pdflatex)
I can't find the format file `pdflatex.fmt'!

So pandoc is breaking, I searched on web and found this: link
This guy just unsandboxed pandoc to make it work. Should I do so too? But doesn't that just defeat the purpose?

Checklist

  • The upstream profile (and redirect profile if exists) have no changes fixing it.
  • The upstream profile exists (find / -name 'firejail' 2>/dev/null/fd firejail to locate profiles ie in /usr/local/etc/firejail/PROGRAM.profile)
  • Programs needed for interaction are listed.
  • Error was checked in search engine and on issue list without success.
debug output

I don't know how to do so, so I ran pandoc on a pdf and here is it's output:

DISPLAY=:0 parsed as 0
Autoselecting /usr/bin/zsh as shell
Building quoted command line: 'pandoc' '-t' 'pdf' 'issue.md' 
Command name #pandoc#
Found pandoc.profile profile in /etc/firejail directory
Found disable-common.inc profile in /etc/firejail directory
Found disable-devel.inc profile in /etc/firejail directory
Found disable-exec.inc profile in /etc/firejail directory
Found disable-interpreters.inc profile in /etc/firejail directory
Found disable-passwdmgr.inc profile in /etc/firejail directory
Found disable-programs.inc profile in /etc/firejail directory
Found disable-xdg.inc profile in /etc/firejail directory
Enabling IPC namespace
Initializing child process
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp directory
Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file
sbox run: /run/firejail/lib/fnet ifup lo (null) 
Network namespace enabled, only loopback interface available
Build protocol filter: unix
sbox run: /run/firejail/lib/fseccomp protocol build unix /run/firejail/mnt/seccomp/seccomp.protocol (null) 
Mounting /proc filesystem representing the PID namespace
Basic read-only filesystem:
Mounting read-only /etc
Mounting noexec /etc
Mounting read-only /var
Mounting noexec /var
Mounting read-only /bin
Mounting read-only /lib
Mounting read-only /usr
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Mounting tmpfs on /var/cache/lighttpd
Create the new utmp file
Mount the new utmp file
Generating a new machine-id
installing a new /etc/machine-id
Cleaning /home directory
Cleaning /run/user directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /home/me/.config/firejail
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/profile
Disable /run/firejail/x11
Mounting tmpfs on /dev
Process /dev/shm directory
Copying files in the new /etc directory:
Mount-bind /run/firejail/mnt/etc on top of /etc
Creating an empty /etc/ld.so.preload file
Copying files in the new bin directory
Checking /usr/local/bin/context
Checking /usr/bin/context
file /usr/share/texmf-dist/scripts/context/stubs/unix/context not found
sbox run: /run/firejail/lib/fcopy /usr/bin/context /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/latex
Checking /usr/bin/latex
sbox run: /run/firejail/lib/fcopy /usr/bin/pdftex /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/latex /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/mktexfmt
Checking /usr/bin/mktexfmt
file /usr/share/texmf-dist/scripts/texlive/fmtutil.pl not found
sbox run: /run/firejail/lib/fcopy /usr/bin/mktexfmt /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/pandoc
firejail exec symlink detected
Checking /usr/bin/pandoc
sbox run: /run/firejail/lib/fcopy /usr/bin/pandoc /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/pdflatex
Checking /usr/bin/pdflatex
sbox run: /run/firejail/lib/fcopy /usr/bin/pdftex /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/pdflatex /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/pdfroff
Checking /usr/bin/pdfroff
sbox run: /run/firejail/lib/fcopy /usr/bin/pdfroff /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/prince
Checking /usr/bin/prince
Checking /bin/prince
Checking /usr/games/prince
Checking /usr/local/games/prince
Checking /usr/local/sbin/prince
Checking /usr/sbin/prince
Checking /sbin/prince
Checking /usr/local/bin/weasyprint
Checking /usr/bin/weasyprint
Checking /bin/weasyprint
Checking /usr/games/weasyprint
Checking /usr/local/games/weasyprint
Checking /usr/local/sbin/weasyprint
Checking /usr/sbin/weasyprint
Checking /sbin/weasyprint
Checking /usr/local/bin/wkhtmltopdf
Checking /usr/bin/wkhtmltopdf
sbox run: /run/firejail/lib/fcopy /usr/bin/wkhtmltopdf /run/firejail/mnt/bin (null) 
Mount-bind /run/firejail/mnt/bin on top of /usr/local/bin
Mount-bind /run/firejail/mnt/bin on top of /usr/bin
Mount-bind /run/firejail/mnt/bin on top of /bin
Mount-bind /run/Debug 423: new_name #/tmp/.X11-unix#, whitelist
Debug 423: new_name #/tmp/pulse-socket#, whitelist
firejail/mnt/bin on top of /usr/local/games
Mount-bind /run/firejail/mnt/bin on top of /usr/local/sbin
Mount-bind /run/firejail/mnt/bin on top of /usr/sbin
Mount-bind /run/firejail/mnt/bin on top of /sbin
Mounting tmpfs on /home/me/.cache
1625 1589 0:86 / /home/me/.cache rw,nosuid,nodev,relatime - tmpfs tmpfs rw,mode=755,uid=1000,gid=998
mountid=1625 fsname=/ dir=/home/me/.cache fstype=tmpfs
Generate private-tmp whitelist commands
blacklist /run/user/1000/bus
blacklist /run/dbus/system_bus_socket
Mounting read-only /proc/sys
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/sched_debug
Disable /proc/timer_list
Disable /proc/kcore
Disable /proc/kallsyms
Disable /usr/lib/modules/5.7.7-arch1-1/build (requested /usr/src/linux)
Disable /usr/lib/modules (requested /lib/modules)
Disable /boot
Disable /run/user/1000/gnupg
Disable /run/user/1000/systemd
Disable /proc/kmsg
Mounting tmpfs on /tmp directory
Whitelisting /tmp/.X11-unix
1632 1631 0:46 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev master:65 - tmpfs tmpfs rw
mountid=1632 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Whitelisting /tmp/pulse-socket
1633 1631 0:46 /pulse-socket /tmp/pulse-socket rw,nosuid,nodev master:65 - tmpfs tmpfs rw
mountid=1633 fsname=/pulse-socket dir=/tmp/pulse-socket fstype=tmpfs
Directory ${DOCUMENTS} resolved as Documents
Disable /home/me/.local/share/Trash
Disable /home/me/.bash_history
Disable /home/me/.python_history
Disable /home/me/.histfile
Disable /home/me/.local/share/fish/fish_history
Disable /home/me/.python_history
Disable /home/me/.lesshst
Disable /home/me/.viminfo
Disable /home/me/.config/autostart
Disable /home/me/.config/i3
Disable /home/me/.xinitrc
Mounting read-only /home/me/.Xauthority
1646 1589 8:4 /me/.Xauthority /home/me/.Xauthority ro,relatime master:69 - ext4 /dev/sda4 rw,data=ordered
mountid=1646 fsname=/me/.Xauthority dir=/home/me/.Xauthority fstype=ext4
Mounting read-only /home/me/.config/rsibreak.notifyrc
1647 1589 8:4 /me/.config/rsibreak.notifyrc /home/me/.config/rsibreak.notifyrc ro,relatime master:69 - ext4 /dev/sda4 rw,data=ordered
mountid=1647 fsname=/me/.config/rsibreak.notifyrc dir=/home/me/.config/rsibreak.notifyrc fstype=ext4
Mounting read-only /home/me/.config/kdeglobals
1648 1589 8:4 /me/.config/kdeglobals /home/me/.config/kdeglobals ro,relatime master:69 - ext4 /dev/sda4 rw,data=ordered
mountid=1648 fsname=/me/.config/kdeglobals dir=/home/me/.config/kdeglobals fstype=ext4
Mounting read-only /home/me/.local/share/konsole
1649 1589 8:4 /me/.local/share/konsole /home/me/.local/share/konsole ro,relatime master:69 - ext4 /dev/sda4 rw,data=ordered
mountid=1649 fsname=/me/.local/share/konsole dir=/home/me/.local/share/konsole fstype=ext4
Mounting read-only /home/me/.config/dconf
1650 1589 8:4 /me/.config/dconf /home/me/.config/dconf ro,relatime master:69 - ext4 /dev/sda4 rw,data=ordered
mountid=1650 fsname=/me/.config/dconf dir=/home/me/.config/dconf fstype=ext4
Disable /home/me/.config/systemd
Disable /var/lib/systemd
Disable /home/me/.config/VirtualBox
Disable /var/cache/pacman
Disable /var/lib/dkms
Disable /var/lib/pacman
Disable /var/lib/upower
Disable /var/spool/mail (requested /var/mail)
Disable /var/opt
Disable /var/spool/anacron
Disable /var/spool/cron
Disable /var/spool/mail
Mounting read-only /home/me/.config/fish
1663 1589 8:4 /me/.config/fish /home/me/.config/fish ro,relatime master:69 - ext4 /dev/sda4 rw,data=ordered
mountid=1663 fsname=/me/.config/fish dir=/home/me/.config/fish fstype=ext4
Mounting read-only /home/me/.local/share/fish
1665 1664 0:24 /firejail/firejail.ro.file /home/me/.local/share/fish/fish_history rw,nosuid,nodev,relatime master:13 - tmpfs run rw,mode=755
mountid=1665 fsname=/firejail/firejail.ro.file dir=/home/me/.local/share/fish/fish_history fstype=tmpfs
Mounting read-only /home/me/.profile
1666 1589 8:4 /me/.profile /home/me/.profile ro,relatime master:69 - ext4 /dev/sda4 rw,data=ordered
mountid=1666 fsname=/me/.profile dir=/home/me/.profile fstype=ext4
Mounting read-only /home/me/.zshrc
1667 1589 8:4 /me/.zshrc /home/me/.zshrc ro,relatime master:69 - ext4 /dev/sda4 rw,data=ordered
mountid=1667 fsname=/me/.zshrc dir=/home/me/.zshrc fstype=ext4
Mounting read-only /home/me/.ssh/authorized_keys
1668 1589 8:4 /me/.ssh/authorized_keys /home/me/.ssh/authorized_keys ro,relatime master:69 - ext4 /dev/sda4 rw,data=ordered
mountid=1668 fsname=/me/.ssh/authorized_keys dir=/home/me/.ssh/authorized_keys fstype=ext4
Mounting read-only /home/me/.emacs
1669 1589 8:4 /me/.emacs /home/me/.emacs ro,relatime master:69 - ext4 /dev/sda4 rw,data=ordered
mountid=1669 fsname=/me/.emacs dir=/home/me/.emacs fstype=ext4
Mounting read-only /home/me/.emacs.d
1670 1589 8:4 /me/.emacs.d /home/me/.emacs.d ro,relatime master:69 - ext4 /dev/sda4 rw,data=ordered
mountid=1670 fsname=/me/.emacs.d dir=/home/me/.emacs.d fstype=ext4
Mounting read-only /home/me/.vim
1671 1589 8:4 /me/.vim /home/me/.vim ro,relatime master:69 - ext4 /dev/sda4 rw,data=ordered
mountid=1671 fsname=/me/.vim dir=/home/me/.vim fstype=ext4
Mounting read-only /home/me/.viminfo
1672 1642 0:24 /firejail/firejail.ro.file /home/me/.viminfo ro,nosuid,nodev,relatime master:13 - tmpfs run rw,mode=755
mountid=1672 fsname=/firejail/firejail.ro.file dir=/home/me/.viminfo fstype=tmpfs
Mounting read-only /home/me/.vimrc
1673 1589 8:4 /me/.vimrc /home/me/.vimrc ro,relatime master:69 - ext4 /dev/sda4 rw,data=ordered
mountid=1673 fsname=/me/.vimrc dir=/home/me/.vimrc fstype=ext4
Mounting read-only /home/me/.xscreensaver
1674 1589 8:4 /me/.xscreensaver /home/me/.xscreensaver ro,relatime master:69 - ext4 /dev/sda4 rw,data=ordered
mountid=1674 fsname=/me/.xscreensaver dir=/home/me/.xscreensaver fstype=ext4
Mounting read-only /home/me/.local/bin
1675 1589 8:4 /me/.local/bin /home/me/.local/bin ro,relatime master:69 - ext4 /dev/sda4 rw,data=ordered
mountid=1675 fsname=/me/.local/bin dir=/home/me/.local/bin fstype=ext4
Mounting read-only /home/me/.config/menus
1676 1589 8:4 /me/.config/menus /home/me/.config/menus ro,relatime master:69 - ext4 /dev/sda4 rw,data=ordered
mountid=1676 fsname=/me/.config/menus dir=/home/me/.config/menus fstype=ext4
Mounting read-only /home/me/.local/share/applications
1677 1589 8:4 /me/.local/share/applications /home/me/.local/share/applications ro,relatime master:69 - ext4 /dev/sda4 rw,data=ordered
mountid=1677 fsname=/me/.local/share/applications dir=/home/me/.local/share/applications fstype=ext4
Disable /home/me/.gnupg
Disable /home/me/.local/share/keyrings
Disable /home/me/.local/share/kwalletd
Disable /home/me/.pki
Disable /home/me/.ssh
Disable /usr/local/sbin
Disable /usr/lib/plan9/bin/mount
Disable /proc/config.gz
Disable /usr/include
Disable /usr/share/java
Mounting noexec /home/me
1728 1688 0:24 /firejail/firejail.ro.dir /home/me/.ssh rw,nosuid,nodev,relatime master:13 - tmpfs run rw,mode=755
mountid=1728 fsname=/firejail/firejail.ro.dir dir=/home/me/.ssh fstype=tmpfs
Mounting noexec /home/me/.cache
1729 1690 0:86 / /home/me/.cache rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,mode=755,uid=1000,gid=998
mountid=1729 fsname=/ dir=/home/me/.cache fstype=tmpfs
Mounting noexec /home/me/.Xauthority
1730 1703 8:4 /me/.Xauthority /home/me/.Xauthority ro,nosuid,nodev,noexec,relatime master:69 - ext4 /dev/sda4 rw,data=ordered
mountid=1730 fsname=/me/.Xauthority dir=/home/me/.Xauthority fstype=ext4
Mounting noexec /home/me/.config/rsibreak.notifyrc
1731 1704 8:4 /me/.config/rsibreak.notifyrc /home/me/.config/rsibreak.notifyrc ro,nosuid,nodev,noexec,relatime master:69 - ext4 /dev/sda4 rw,data=ordered
mountid=1731 fsname=/me/.config/rsibreak.notifyrc dir=/home/me/.config/rsibreak.notifyrc fstype=ext4
Mounting noexec /home/me/.config/kdeglobals
1732 1705 8:4 /me/.config/kdeglobals /home/me/.config/kdeglobals ro,nosuid,nodev,noexec,relatime master:69 - ext4 /dev/sda4 rw,data=ordered
mountid=1732 fsname=/me/.config/kdeglobals dir=/home/me/.config/kdeglobals fstype=ext4
Mounting noexec /home/me/.local/share/konsole
1733 1706 8:4 /me/.local/share/konsole /home/me/.local/share/konsole ro,nosuid,nodev,noexec,relatime master:69 - ext4 /dev/sda4 rw,data=ordered
mountid=1733 fsname=/me/.local/share/konsole dir=/home/me/.local/share/konsole fstype=ext4
Mounting noexec /home/me/.config/dconf
1734 1707 8:4 /me/.config/dconf /home/me/.config/dconf ro,nosuid,nodev,noexec,relatime master:69 - ext4 /dev/sda4 rw,data=ordered
mountid=1734 fsname=/me/.config/dconf dir=/home/me/.config/dconf fstype=ext4
Mounting noexec /home/me/.config/fish
1735 1710 8:4 /me/.config/fish /home/me/.config/fish ro,nosuid,nodev,noexec,relatime master:69 - ext4 /dev/sda4 rw,data=ordered
mountid=1735 fsname=/me/.config/fish dir=/home/me/.config/fish fstype=ext4
Mounting noexec /home/me/.local/share/fish
1737 1736 0:24 /firejail/firejail.ro.file /home/me/.local/share/fish/fish_history rw,nosuid,nodev,relatime master:13 - tmpfs run rw,mode=755
mountid=1737 fsname=/firejail/firejail.ro.file dir=/home/me/.local/share/fish/fish_history fstype=tmpfs
Mounting noexec /home/me/.profile
1738 1713 8:4 /me/.profile /home/me/.profile ro,nosuid,nodev,noexec,relatime master:69 - ext4 /dev/sda4 rw,data=ordered
mountid=1738 fsname=/me/.profile dir=/home/me/.profile fstype=ext4
Mounting noexec /home/me/.zshrc
1739 1714 8:4 /me/.zshrc /home/me/.zshrc ro,nosuid,nodev,noexec,relatime master:69 - ext4 /dev/sda4 rw,data=ordered
mountid=1739 fsname=/me/.zshrc dir=/home/me/.zshrc fstype=ext4
Mounting noexec /home/me/.emacs
1740 1716 8:4 /me/.emacs /home/me/.emacs ro,nosuid,nodev,noexec,relatime master:69 - ext4 /dev/sda4 rw,data=ordered
mountid=1740 fsname=/me/.emacs dir=/home/me/.emacs fstype=ext4
Mounting noexec /home/me/.emacs.d
1741 1717 8:4 /me/.emacs.d /home/me/.emacs.d ro,nosuid,nodev,noexec,relatime master:69 - ext4 /dev/sda4 rw,data=ordered
mountid=1741 fsname=/me/.emacs.d dir=/home/me/.emacs.d fstype=ext4
Mounting noexec /home/me/.vim
1742 1718 8:4 /me/.vim /home/me/.vim ro,nosuid,nodev,noexec,relatime master:69 - ext4 /dev/sda4 rw,data=ordered
mountid=1742 fsname=/me/.vim dir=/home/me/.vim fstype=ext4
Mounting noexec /home/me/.vimrc
1743 1719 8:4 /me/.vimrc /home/me/.vimrc ro,nosuid,nodev,noexec,relatime master:69 - ext4 /dev/sda4 rw,data=ordered
mountid=1743 fsname=/me/.vimrc dir=/home/me/.vimrc fstype=ext4
Mounting noexec /home/me/.xscreensaver
1744 1720 8:4 /me/.xscreensaver /home/me/.xscreensaver ro,nosuid,nodev,noexec,relatime master:69 - ext4 /dev/sda4 rw,data=ordered
mountid=1744 fsname=/me/.xscreensaver dir=/home/me/.xscreensaver fstype=ext4
Mounting noexec /home/me/.local/bin
1745 1721 8:4 /me/.local/bin /home/me/.local/bin ro,nosuid,nodev,noexec,relatime master:69 - ext4 /dev/sda4 rw,data=ordered
mountid=1745 fsname=/me/.local/bin dir=/home/me/.local/bin fstype=ext4
Mounting noexec /home/me/.config/menus
1746 1722 8:4 /me/.config/menus /home/me/.config/menus ro,nosuid,nodev,noexec,relatime master:69 - ext4 /dev/sda4 rw,data=ordered
mountid=1746 fsname=/me/.config/menus dir=/home/me/.config/menus fstype=ext4
Mounting noexec /home/me/.local/share/applications
1747 1723 8:4 /me/.local/share/applications /home/me/.local/share/applications ro,nosuid,nodev,noexec,relatime master:69 - ext4 /dev/sda4 rw,data=ordered
mountid=1747 fsname=/me/.local/share/applications dir=/home/me/.local/share/applications fstype=ext4
Mounting noexec /run/user/1000
1752 1748 0:24 /firejail/firejail.ro.dir /run/user/1000/systemd rw,nosuid,nodev,relatime master:13 - tmpfs run rw,mode=755
mountid=1752 fsname=/firejail/firejail.ro.dir dir=/run/user/1000/systemd fstype=tmpfs
Mounting noexec /dev/shm
1753 1611 0:82 /shm /dev/shm rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755
mountid=1753 fsname=/shm dir=/dev/shm fstype=tmpfs
Mounting noexec /tmp
1756 1754 0:46 /pulse-socket /tmp/pulse-socket rw,nosuid,nodev master:65 - tmpfs tmpfs rw
mountid=1756 fsname=/pulse-socket dir=/tmp/pulse-socket fstype=tmpfs
Mounting noexec /tmp/.X11-unix
1757 1755 0:46 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev,noexec master:65 - tmpfs tmpfs rw
mountid=1757 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Mounting noexec /tmp/pulse-socket
1758 1756 0:46 /pulse-socket /tmp/pulse-socket rw,nosuid,nodev,noexec master:65 - tmpfs tmpfs rw
mountid=1758 fsname=/pulse-socket dir=/tmp/pulse-socket fstype=tmpfs
Disable /usr/lib/lua
Disable /usr/share/lua
Disable /usr/lib/perl5
Disable /usr/share/perl5
Disable /usr/share/perl-image-exiftool
Disable /usr/lib/ruby
Disable /usr/lib/python2.7
Disable /usr/lib/python3.7
Disable /usr/lib/python3.8
Disable /usr/lib/python3.6
Disable /usr/local/lib/python3.7
Disable /home/me/.config/keepassxc
Disable /home/me/.password-store
Disable /home/me/Monero/wallets
Disable /home/me/.Natron
Disable /home/me/.PlayOnLinux
Disable /home/me/.anydesk
Disable /home/me/.audacity-data
Disable /home/me/.cargo/registry
Disable /home/me/.config/0ad
Disable /home/me/.config/BraveSoftware
Disable /home/me/.config/Code
Disable /home/me/.config/FreeCAD
Disable /home/me/.config/GIMP
Disable /home/me/.config/INRIA
Disable /home/me/.config/Mumble
Disable /home/me/.config/Riot
Disable /home/me/.config/Signal
Disable /home/me/.config/VirtualBox
Disable /home/me/.config/blender
Disable /home/me/.config/chromium
Disable /home/me/.config/cmus
Disable /home/me/.config/deluge
Disable /home/me/.config/discord
Disable /home/me/.config/d-feet
Disable /home/me/.config/enchant
Disable /home/me/.config/epiphany
Disable /home/me/.config/evolution
Disable /home/me/.config/falkon
Disable /home/me/.config/filezilla
Disable /home/me/.config/gajim
Disable /home/me/.config/gconf
Disable /home/me/.config/gedit
Disable /home/me/.config/ghostwriter
Disable /home/me/.config/gnome-mplayer
Disable /home/me/.config/godot
Disable /home/me/.config/google-chrome-unstable
Disable /home/me/.config/hexchat
Disable /home/me/.config/inkscape
Disable /home/me/.config/itch
Disable /home/me/.config/katepartrc
Disable /home/me/.config/kateschemarc
Disable /home/me/.config/katesyntaxhighlightingrc
Disable /home/me/.config/katevirc
Disable /home/me/.config/kdenliverc
Disable /home/me/.config/kritarc
Disable /home/me/.config/libreoffice
Disable /home/me/.config/mate/eom
Disable /home/me/.config/midori
Disable /home/me/.config/mpd
Disable /home/me/.config/mpv
Disable /home/me/.config/nautilus
Disable /home/me/.config/netsurf
Disable /home/me/.config/nheko
Disable /home/me/.config/okularpartrc
Disable /home/me/.config/okularrc
Disable /home/me/.config/pavucontrol.ini
Disable /home/me/.config/pitivi
Disable /home/me/.config/pluma
Disable /home/me/.config/qutebrowser
Disable /home/me/.config/ranger
Disable /home/me/.config/scribus
Disable /home/me/.config/smplayer
Disable /home/me/.config/smtube
Disable /home/me/.config/spotify
Disable /home/me/.config/supertuxkart
Disable /home/me/.config/synfig
Disable /home/me/.config/torbrowser
Disable /home/me/.config/tox
Disable /home/me/.config/transmission
Disable /home/me/.config/uGet
Disable /home/me/.config/uzbl
Disable /home/me/.config/vivaldi
Disable /home/me/.config/vlc
Disable /home/me/.config/wireshark
Disable /home/me/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml
Disable /home/me/.config/yelp
Disable /home/me/.config/zathura
Disable /home/me/.dosbox
Disable /home/me/.emacs
Disable /home/me/.emacs.d
Disable /home/me/.gimp-2.10
Disable /home/me/.gradle
Disable /home/me/.itch
Disable /home/me/.java
Disable /home/me/.local/lib/vivaldi
Disable /home/me/.local/share/0ad
Disable /home/me/.local/share/JetBrains
Disable /home/me/.local/share/Mumble
Disable /home/me/.local/share/Steam
Disable /home/me/.local/share/TelegramDesktop
Disable /home/me/.local/share/autokey
Disable /home/me/.local/share/bibletime
Disable /home/me/.local/share/dino
Disable /home/me/.local/share/epiphany
Disable /home/me/.local/share/evolution
Disable /home/me/.local/share/gajim
Disable /home/me/.local/share/godot
Disable /home/me/.local/share/kdenlive
Disable /home/me/.local/share/krita
Disable /home/me/.local/share/lollypop
Disable /home/me/.local/share/multimc
Disable /home/me/.local/share/nautilus
Disable /home/me/.local/share/okular
Disable /home/me/.local/share/qutebrowser
Disable /home/me/.DISPLAY=:0 parsed as 0
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 15 01 00 00000029   jeq socket 0006 (false 0005)
 0005: 06 00 00 7fff0000   ret ALLOW
 0006: 20 00 00 00000010   ld  data.args[0]
 0007: 15 00 01 00000001   jeq 1 0008 (false 0009)
 0008: 06 00 00 7fff0000   ret ALLOW
 0009: 06 00 00 0005005f   ret ERRNO(95)
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 40000003   jeq ARCH_32 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 15 30 00 00000015   jeq 15 0035 (false 0005)
 0005: 15 2f 00 00000034   jeq 34 0035 (false 0006)
 0006: 15 2e 00 0000001a   jeq 1a 0035 (false 0007)
 0007: 15 2d 00 0000011b   jeq 11b 0035 (false 0008)
 0008: 15 2c 00 00000155   jeq 155 0035 (false 0009)
 0009: 15 2b 00 00000156   jeq 156 0035 (false 000a)
 000a: 15 2a 00 0000007f   jeq 7f 0035 (false 000b)
 000b: 15 29 00 00000080   jeq 80 0035 (false 000c)
 000c: 15 28 00 0000015e   jeq 15e 0035 (false 000d)
 000d: 15 27 00 00000081   jeq 81 0035 (false 000e)
 000e: 15 26 00 0000006e   jeq 6e 0035 (false 000f)
 000f: 15 25 00 00000065   jeq 65 0035 (false 0010)
 0010: 15 24 00 00000121   jeq 121 0035 (false 0011)
 0011: 15 23 00 00000057   jeq 57 0035 (false 0012)
 0012: 15 22 00 00000073   jeq 73 0035 (false 0013)
 0013: 15 21 00 00000067   jeq 67 0035 (false 0014)
 0014: 15 20 00 0000015b   jeq 15b 0035 (false 0015)
 0015: 15 1f 00 0000015c   jeq 15c 0035 (false 0016)
 0016: 15 1e 00 00000087   jeq 87 0035 (false 0017)
 0017: 15 1d 00 00000095   jeq 95 0035 (false 0018)
 0018: 15 1c 00 0000007c   jeq 7c 0035 (false 0019)
 0019: 15 1b 00 00000157   jeq 157 0035 (false 001a)
 001a: 15 1a 00 000000fd   jeq fd 0035 (false 001b)
 001b: 15 19 00 00000150   jeq 150 0035 (false 001c)
 001c: 15 18 00 00000152   jeq 152 0035 (false 001d)
 001d: 15 17 00 0000015d   jeq 15d 0035 (false 001e)
 001e: 15 16 00 0000011e   jeq 11e 0035 (false 001f)
 001f: 15 15 00 0000011f   jeq 11f 0035 (false 0020)
 0020: 15 14 00 00000120   jeq 120 0035 (false 0021)
 0021: 15 13 00 00000056   jeq 56 0035 (false 0022)
 0022: 15 12 00 00000033   jeq 33 0035 (false 0023)
 0023: 15 11 00 0000007b   jeq 7b 0035 (false 0024)
 0024: 15 10 00 000000d9   jeq d9 0035 (false 0025)
 0025: 15 0f 00 000000f5   jeq f5 0035 (false 0026)
 0026: 15 0e 00 000000f6   jeq f6 0035 (false 0027)
 0027: 15 0d 00 000000f7   jeq f7 0035 (false 0028)
 0028: 15 0c 00 000000f8   jeq f8 0035 (false 0029)
 0029: 15 0b 00 000000f9   jeq f9 0035 (false 002a)
 002a: 15 0a 00 00000101   jeq 101 0035 (false 002b)
 002b: 15 09 00 00000112   jeq 112 0035 (false 002c)
 002c: 15 08 00 00000114   jeq 114 0035 (false 002d)
 002d: 15 07 00 00000126   jeq 126 0035 (false 002e)
 002e: 15 06 00 0000013d   jeq 13d 0035 (false 002f)
 002f: 15 05 00 0000013c   jeq 13c 0035 (false 0030)
 0030: 15 04 00 0000003d   jeq 3d 0035 (false 0031)
 0031: 15 03 00 00000058   jeq 58 0035 (false 0032)
 0032: 15 02 00 000000a9   jeq a9 0035 (false 0033)
 0033: 15 01 00 00000082   jeq 82 0035 (false 0034)
 0034: 06 00 00 7fff0000   ret ALLOW
 0035: 06 00 00 00000000   ret KILL
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 35 01 00 40000000   jge X32_ABI 0006 (false 0005)
 0005: 35 01 00 00000000   jge read 0007 (false 0006)
 0006: 06 00 00 00050001   ret ERRNO(1)
 0007: 15 3f 00 0000009f   jeq adjtimex 0047 (false 0008)
 0008: 15 3e 00 00000131   jeq clock_adjtime 0047 (false 0009)
 0009: 15 3d 00 000000e3   jeq clock_settime 0047 (false 000a)
 000a: 15 3c 00 000000a4   jeq settimeofday 0047 (false 000b)
 000b: 15 3b 00 0000009a   jeq modify_ldt 0047 (false 000c)
 000c: 15 3a 00 000000d4   jeq lookup_dcookie 0047 (false 000d)
 000d: 15 39 00 0000012a   jeq perf_event_open 0047 (false 000e)
 000e: 15 38 00 00000137   jeq process_vm_writev 0047 (false 000f)
 000f: 15 37 00 000000b0   jeq delete_module 0047 (false 0010)
 0010: 15 36 00 00000139   jeq finit_module 0047 (false 0011)
 0011: 15 35 00 000000af   jeq init_module 0047 (false 0012)
 0012: 15 34 00 0000009c   jeq _sysctl 0047 (false 0013)
 0013: 15 33 00 000000b7   jeq afs_syscall 0047 (false 0014)
 0014: 15 32 00 000000ae   jeq create_module 0047 (false 0015)
 0015: 15 31 00 000000b1   jeq get_kernel_syms 0047 (false 0016)
 0016: 15 30 00 000000b5   jeq getpmsg 0047 (false 0017)
 0017: 15 2f 00 000000b6   jeq putpmsg 0047 (false 0018)
 0018: 15 2e 00 000000b2   jeq query_module 0047 (false 0019)
 0019: 15 2d 00 000000b9   jeq security 0047 (false 001a)
 001a: 15 2c 00 0000008b   jeq sysfs 0047 (false 001b)
 001b: 15 2b 00 000000b8   jeq tuxcall 0047 (false 001c)
 001c: 15 2a 00 00000086   jeq uselib 0047 (false 001d)
 001d: 15 29 00 00000088   jeq ustat 0047 (false 001e)
 001e: 15 28 00 000000ec   jeq vserver 0047 (false 001f)
 001f: 15 27 00 000000ad   jeq ioperm 0047 (false 0020)
 0020: 15 26 00 000000ac   jeq iopl 0047 (false 0021)
 0021: 15 25 00 000000f6   jeq kexec_load 0047 (false 0022)
 0022: 15 24 00 00000140   jeq kexec_file_load 0047 (false 0023)
 0023: 15 23 00 000000a9   jeq reboot 0047 (false 0024)
 0024: 15 22 00 000000a7   jeq swapon 0047 (false 0025)
 0025: 15 21 00 000000a8   jeq swapoff 0047 (false 0026)
 0026: 15 20 00 00000130   jeq open_by_handle_at 0047 (false 0027)
 0027: 15 1f 00 0000012f   jeq name_to_handle_at 0047 (false 0028)
 0028: 15 1e 00 000000fb   jeq ioprio_set 0047 (false 0029)
 0029: 15 1d 00 00000067   jeq syslog 0047 (false 002a)
 002a: 15 1c 00 0000012c   jeq fanotify_init 0047 (false 002b)
 002b: 15 1b 00 00000138   jeq kcmp 0047 (false 002c)
 002c: 15 1a 00 000000f8   jeq add_key 0047 (false 002d)
 002d: 15 19 00 000000f9   jeq request_key 0047 (false 002e)
 002e: 15 18 00 000000ed   jeq mbind 0047 (false 002f)
 002f: 15 17 00 00000100   jeq migrate_pages 0047 (false 0030)
 0030: 15 16 00 00000117   jeq move_pages 0047 (false 0031)
 0031: 15 15 00 000000fa   jeq keyctl 0047 (false 0032)
 0032: 15 14 00 000000ce   jeq io_setup 0047 (false 0033)
 0033: 15 13 00 000000cf   jeq io_destroy 0047 (false 0034)
 0034: 15 12 00 000000d0   jeq io_getevents 0047 (false 0035)
 0035: 15 11 00 000000d1   jeq io_submit 0047 (false 0036)
 0036: 15 10 00 000000d2   jeq io_cancel 0047 (false 0037)
 0037: 15 0f 00 000000d8   jeq remap_file_pages 0047 (false 0038)
 0038: 15 0e 00 00000143   jeq userfaultfd 0047 (false 0039)
 0039: 15 0d 00 000000a3   jeq acct 0047 (false 003a)
 003a: 15 0c 00 00000141   jeq bpf 0047 (false 003b)
 003b: 15 0b 00 000000a1   jeq chroot 0047 (false 003c)
 003c: 15 0a 00 000000a5   jeq mount 0047 (false 003d)
 003d: 15 09 00 000000b4   jeq nfsservctl 0047 (false 003e)
 003e: 15 08 00 0000009b   jeq pivot_root 0047 (false 003f)
 003f: 15 07 00 000000ab   jeq setdomainname 0047 (false 0040)
 0040: 15 06 00 000000aa   jeq sethostname 0047 (false 0041)
 0041: 15 05 00 000000a6   jeq umount2 0047 (false 0042)
 0042: 15 04 00 00000099   jeq vhangup 0047 (false 0043)
 0043: 15 03 00 00000065   jeq ptrace 0047 (false 0044)
 0044: 15 02 00 00000087   jeq personality 0047 (false 0045)
 0045: 15 01 00 00000136   jeq process_vm_readv 0047 (false 0046)
 0046: 06 00 00 7fff0000   ret ALLOW
 0047: 06 00 01 00000000   ret KILL
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 35 01 00 40000000   jge X32_ABI 0006 (false 0005)
 0005: 35 01 00 00000000   jge read 0007 (false 0006)
 0006: 06 00 00 00050001   ret ERRNO(1)
 0007: 15 00 05 00000009   jeq mmap 0008 (false 000d)
 0008: 20 00 00 00000020   ld  data.args[10]
 0009: 54 00 00 00000006   and 00000006
 000a: 15 00 01 00000006   jeq 6 000b (false 000c)
 000b: 06 00 00 00000000   ret KILL
 000c: 06 00 00 7fff0000   ret ALLOW
 000d: 15 00 05 0000000a   jeq a 000e (false 0013)
 000e: 20 00 00 00000020   ld  data.args[10]
 000f: 54 00 00 00000004   and 00000004
 0010: 15 00 01 00000004   jeq 4 0011 (false 0012)
 0011: 06 00 00 00000000   ret KILL
 0012: 06 00 00 7fff0000   ret ALLOW
 0013: 15 00 05 00000149   jeq 149 0014 (false 0019)
 0014: 20 00 00 00000020   ld  data.args[10]
 0015: 54 00 00 00000004   and 00000004
 0016: 15 00 01 00000004   jeq 4 0017 (false 0018)
 0017: 06 00 00 00000000   ret KILL
 0018: 06 00 00 7fff0000   ret ALLOW
 0019: 15 00 05 0000001e   jeq 1e 001a (false 001f)
 001a: 20 00 00 00000020   ld  data.args[10]
 001b: 54 00 00 00008000   and 00008000
 001c: 15 00 01 00008000   jeq 8000 001d (false 001e)
 001d: 06 00 00 00000000   ret KILL
 001e: 06 00 00 7fff0000   ret ALLOW
 001f: 15 00 01 0000013f   jeq 13f 0020 (false 0021)
 0020: 06 00 00 00000000   ret KILL
 0021: 06 00 00 7fff0000   ret ALLOW
 0022: 06 00 00 7fff0000   ret ALLOW
local/share/scribus
Disable /home/me/.local/share/supertuxkart
Disable /home/me/.local/share/torbrowser
Disable /home/me/.local/share/uzbl
Disable /home/me/.local/share/vlc
Disable /home/me/.local/share/vulkan
Disable /home/me/.local/share/zathura
Disable /home/me/.mozilla
Disable /home/me/.mplayer
Disable /home/me/.newsboat
Disable /home/me/.nv
Disable /home/me/.openttd
Disable /home/me/.pioneer
Disable /home/me/.purple
Disable /home/me/.repo_.gitconfig.json
Disable /home/me/.steam
Disable /home/me/.subversion
Disable /home/me/.tooling
Disable /home/me/.vim
Disable /home/me/.vimrc
Disable /home/me/.w3m
Disable /home/me/.wget-hsts
Disable /home/me/.wine
Disable /var/games/nethack
Directory ${DOCUMENTS} resolved as Documents
Not blacklist /home/me/Documents
Directory ${MUSIC} resolved as Videos
Disable /home/me/Videos
Directory ${PICTURES} resolved as Pictures
Disable /home/me/Pictures
Directory ${VIDEOS} resolved as Videos
Disable /home/me/Videos
Disable /tmp/.X11-unix
Disable /home/me/.Xauthority
Disable /home/me/.Xauthority
Disable /sys/fs
Disable /sys/module
Disable /mnt
Disable /media
Disable /run/mount
Disable /run/media
disable pulseaudio
blacklist /home/me/.config/pulse
blacklist /run/user/1000/pulse/native
blacklist /run/user/1000/pulse/native
blacklist /tmp/pulse-socket
Create the new ld.so.preload file
Mount the new ld.so.preload file
Current directory: /home/me
Install protocol filter: unix
configuring 10 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol
sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol (null) 
configuring 54 seccomp entries in /run/firejail/mnt/seccomp/seccomp.32
sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.32 (null) 
Dual 32/64 bit seccomp filter configured
configuring 72 seccomp entries in /run/firejail/mnt/seccomp/seccomp
sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp (null) 
seccomp filter configured
Install memory write&execute filter
configuring 35 seccomp entries in /run/firejail/mnt/seccomp/seccomp.mdwx
sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.mdwx (null) 
Mounting read-only /run/firejail/mnt/seccomp
Dropping all capabilities
noroot user namespace installed
Dropping all capabilities
NO_NEW_PRIVS set
Drop privileges: pid 1, uid 1000, gid 998, nogroups 1
No supplementary groups
AppArmor enabled
warning: kpathsea: configuration file texmf.cnf not found in these directories: /usr/bin:/usr/bin/share/texmf-local/web2c:/usr/bin/share/texmf-dist/web2c:/usr/bin/share/texmf/web2c:/usr/bin/texmf-local/web2c:/usr/bin/texmf-dist/web2c:/usr/bin/texmf/web2c:/usr:/usr/share/texmf-local/web2c:/usr/share/texmf-dist/web2c:/usr/share/texmf/web2c:/usr/texmf-local/web2c:/usr/texmf-dist/web2c:/usr/texmf/web2c://texmf-local/web2c:/://share/texmf-local/web2c://share/texmf-dist/web2c://share/texmf/web2c://texmf-local/web2c://texmf-dist/web2c://texmf/web2c.

kpathsea: Running mktexfmt pdflatex.fmt
mktexfmt: Permission denied
warning: kpathsea: configuration file texmf.cnf not found in these directories: /usr/bin:/usr/bin/share/texmf-local/web2c:/usr/bin/share/texmf-dist/web2c:/usr/bin/share/texmf/web2c:/usr/bin/texmf-local/web2c:/usr/bin/texmf-dist/web2c:/usr/bin/texmf/web2c:/usr:/usr/share/texmf-local/web2c:/usr/share/texmf-dist/web2c:/usr/share/texmf/web2c:/usr/texmf-local/web2c:/usr/texmf-dist/web2c:/usr/texmf/web2c://texmf-local/web2c:/://share/texmf-local/web2c://share/texmf-dist/web2c://share/texmf/web2c://texmf-local/web2c://texmf-dist/web2c://texmf/web2c.

kpathsea: Running mktexfmt pdflatex.fmt
mktexfmt: Permission denied
Error producing PDF.
This is pdfTeX, Version 3.14159265-2.6-1.40.21 (TeX Live 2020/Arch Linux) (preloaded format=pdflatex)
I can't find the format file `pdflatex.fmt'!

Autoselecting /usr/bin/zsh as shell
Building quoted command line: 'pandoc' '-t' 'pdf' 'issue.md' 
Command name #pandoc#
Found pandoc.profile profile in /etc/firejail directory
Found disable-common.inc profile in /etc/firejail directory
Found disable-devel.inc profile in /etc/firejail directory
Found disable-exec.inc profile in /etc/firejail directory
Found disable-interpreters.inc profile in /etc/firejail directory
Found disable-passwdmgr.inc profile in /etc/firejail directory
Found disable-programs.inc profile in /etc/firejail directory
Found disable-xdg.inc profile in /etc/firejail directory
Enabling IPC namespace
Originally created by @ask6155 on GitHub (Jul 19, 2020). Original GitHub issue: https://github.com/netblue30/firejail/issues/3524 **Bug and expected behavior** I decided to compile notcurses from the AUR and it was going fine untill pandoc had an error. Here's the [log](https://bin.snopyta.org/?badaefaa5e7597e3#5F5QxQJPEqNoHA2BjvKByiHY7yYbbZwvK5YNMpzDND52). **No profile or disabling firejail** - What changed calling `firejail --noprofile PROGRAM` in a shell? I didn't know how to run makepkg in a way it doesn't invoke firejail. - What changed calling the program *by path*=without firejail (check `whereis PROGRAM`, `firejail --list`, `stat $programpath`)? Again I don't know how to do that. **Reproduce** Steps to reproduce the behavior: 1. Install AUR package notcurses from AUR . 2. Get error `pandoc: /home/me/.cache/yay/notcurses/src/notcurses-1.6.0/doc/man/man3/notcurses_lines.3.md: openBinaryFile: does not exist (No such file or directory)` **Environment** - `LSB Version: 1.4 Distributor ID: Arch Description: Arch Linux Release: rolling Codename: n/a` Firejail version 0.9.62 Compile time support: - AppArmor support is enabled - AppImage support is enabled - chroot support is enabled - file and directory whitelisting support is enabled - file transfer support is enabled - firetunnel support is enabled - networking support is enabled - overlayfs support is enabled - private-home support is enabled - seccomp-bpf support is enabled - user namespace support is enabled - X11 sandboxing support is enabled - What other programs interact with the affected program for the functionality? Most of the AUR packages which have some kind of documentation use pandoc for compiling it's documentation - Are these listed in the profile? I don't know? **Additional context** Other context about the problem like related errors to understand the problem. Since the package was failing due to pandoc, I decided to see if pandoc was working. I ran: `$ pandoc -t pdf issue.md` and it gave error: ``` warning: kpathsea: configuration file texmf.cnf not found in these directories: /usr/bin:/usr/bin/share/texmf-local/web2c:/usr/bin/share/texmf-dist/web2c:/usr/bin/share/texmf/web2c:/usr/bin/texmf-local/web2c:/usr/bin/texmf-dist/web2c:/usr/bin/texmf/web2c:/usr:/usr/share/texmf-local/web2c:/usr/share/texmf-dist/web2c:/usr/share/texmf/web2c:/usr/texmf-local/web2c:/usr/texmf-dist/web2c:/usr/texmf/web2c://texmf-local/web2c:/://share/texmf-local/web2c://share/texmf-dist/web2c://share/texmf/web2c://texmf-local/web2c://texmf-dist/web2c://texmf/web2c. kpathsea: Running mktexfmt pdflatex.fmt mktexfmt: Permission denied warning: kpathsea: configuration file texmf.cnf not found in these directories: /usr/bin:/usr/bin/share/texmf-local/web2c:/usr/bin/share/texmf-dist/web2c:/usr/bin/share/texmf/web2c:/usr/bin/texmf-local/web2c:/usr/bin/texmf-dist/web2c:/usr/bin/texmf/web2c:/usr:/usr/share/texmf-local/web2c:/usr/share/texmf-dist/web2c:/usr/share/texmf/web2c:/usr/texmf-local/web2c:/usr/texmf-dist/web2c:/usr/texmf/web2c://texmf-local/web2c:/://share/texmf-local/web2c://share/texmf-dist/web2c://share/texmf/web2c://texmf-local/web2c://texmf-dist/web2c://texmf/web2c. kpathsea: Running mktexfmt pdflatex.fmt mktexfmt: Permission denied Error producing PDF. This is pdfTeX, Version 3.14159265-2.6-1.40.21 (TeX Live 2020/Arch Linux) (preloaded format=pdflatex) I can't find the format file `pdflatex.fmt'! ``` So pandoc is breaking, I searched on web and found this: [link](https://unix.stackexchange.com/questions/591009/pandoc-error-permission-denied) This guy just unsandboxed pandoc to make it work. Should I do so too? But doesn't that just defeat the purpose? **Checklist** - [x] The upstream profile (and redirect profile if exists) have no changes fixing it. - [x] The upstream profile exists (`find / -name 'firejail' 2>/dev/null`/`fd firejail` to locate profiles ie in `/usr/local/etc/firejail/PROGRAM.profile`) - [x] Programs needed for interaction are listed. - [x] Error was checked in search engine and on issue list without success. <details><summary> debug output </summary> I don't know how to do so, so I ran pandoc on a pdf and here is it's output: ``` DISPLAY=:0 parsed as 0 Autoselecting /usr/bin/zsh as shell Building quoted command line: 'pandoc' '-t' 'pdf' 'issue.md' Command name #pandoc# Found pandoc.profile profile in /etc/firejail directory Found disable-common.inc profile in /etc/firejail directory Found disable-devel.inc profile in /etc/firejail directory Found disable-exec.inc profile in /etc/firejail directory Found disable-interpreters.inc profile in /etc/firejail directory Found disable-passwdmgr.inc profile in /etc/firejail directory Found disable-programs.inc profile in /etc/firejail directory Found disable-xdg.inc profile in /etc/firejail directory Enabling IPC namespace Initializing child process PID namespace installed Mounting tmpfs on /run/firejail/mnt directory Creating empty /run/firejail/mnt/seccomp directory Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file sbox run: /run/firejail/lib/fnet ifup lo (null) Network namespace enabled, only loopback interface available Build protocol filter: unix sbox run: /run/firejail/lib/fseccomp protocol build unix /run/firejail/mnt/seccomp/seccomp.protocol (null) Mounting /proc filesystem representing the PID namespace Basic read-only filesystem: Mounting read-only /etc Mounting noexec /etc Mounting read-only /var Mounting noexec /var Mounting read-only /bin Mounting read-only /lib Mounting read-only /usr Mounting tmpfs on /var/lock Mounting tmpfs on /var/tmp Mounting tmpfs on /var/log Mounting tmpfs on /var/cache/lighttpd Create the new utmp file Mount the new utmp file Generating a new machine-id installing a new /etc/machine-id Cleaning /home directory Cleaning /run/user directory Sanitizing /etc/passwd, UID_MIN 1000 Sanitizing /etc/group, GID_MIN 1000 Disable /home/me/.config/firejail Disable /run/firejail/network Disable /run/firejail/bandwidth Disable /run/firejail/name Disable /run/firejail/profile Disable /run/firejail/x11 Mounting tmpfs on /dev Process /dev/shm directory Copying files in the new /etc directory: Mount-bind /run/firejail/mnt/etc on top of /etc Creating an empty /etc/ld.so.preload file Copying files in the new bin directory Checking /usr/local/bin/context Checking /usr/bin/context file /usr/share/texmf-dist/scripts/context/stubs/unix/context not found sbox run: /run/firejail/lib/fcopy /usr/bin/context /run/firejail/mnt/bin (null) Checking /usr/local/bin/latex Checking /usr/bin/latex sbox run: /run/firejail/lib/fcopy /usr/bin/pdftex /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/latex /run/firejail/mnt/bin (null) Checking /usr/local/bin/mktexfmt Checking /usr/bin/mktexfmt file /usr/share/texmf-dist/scripts/texlive/fmtutil.pl not found sbox run: /run/firejail/lib/fcopy /usr/bin/mktexfmt /run/firejail/mnt/bin (null) Checking /usr/local/bin/pandoc firejail exec symlink detected Checking /usr/bin/pandoc sbox run: /run/firejail/lib/fcopy /usr/bin/pandoc /run/firejail/mnt/bin (null) Checking /usr/local/bin/pdflatex Checking /usr/bin/pdflatex sbox run: /run/firejail/lib/fcopy /usr/bin/pdftex /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/pdflatex /run/firejail/mnt/bin (null) Checking /usr/local/bin/pdfroff Checking /usr/bin/pdfroff sbox run: /run/firejail/lib/fcopy /usr/bin/pdfroff /run/firejail/mnt/bin (null) Checking /usr/local/bin/prince Checking /usr/bin/prince Checking /bin/prince Checking /usr/games/prince Checking /usr/local/games/prince Checking /usr/local/sbin/prince Checking /usr/sbin/prince Checking /sbin/prince Checking /usr/local/bin/weasyprint Checking /usr/bin/weasyprint Checking /bin/weasyprint Checking /usr/games/weasyprint Checking /usr/local/games/weasyprint Checking /usr/local/sbin/weasyprint Checking /usr/sbin/weasyprint Checking /sbin/weasyprint Checking /usr/local/bin/wkhtmltopdf Checking /usr/bin/wkhtmltopdf sbox run: /run/firejail/lib/fcopy /usr/bin/wkhtmltopdf /run/firejail/mnt/bin (null) Mount-bind /run/firejail/mnt/bin on top of /usr/local/bin Mount-bind /run/firejail/mnt/bin on top of /usr/bin Mount-bind /run/firejail/mnt/bin on top of /bin Mount-bind /run/Debug 423: new_name #/tmp/.X11-unix#, whitelist Debug 423: new_name #/tmp/pulse-socket#, whitelist firejail/mnt/bin on top of /usr/local/games Mount-bind /run/firejail/mnt/bin on top of /usr/local/sbin Mount-bind /run/firejail/mnt/bin on top of /usr/sbin Mount-bind /run/firejail/mnt/bin on top of /sbin Mounting tmpfs on /home/me/.cache 1625 1589 0:86 / /home/me/.cache rw,nosuid,nodev,relatime - tmpfs tmpfs rw,mode=755,uid=1000,gid=998 mountid=1625 fsname=/ dir=/home/me/.cache fstype=tmpfs Generate private-tmp whitelist commands blacklist /run/user/1000/bus blacklist /run/dbus/system_bus_socket Mounting read-only /proc/sys Remounting /sys directory Disable /sys/firmware Disable /sys/hypervisor Disable /sys/power Disable /sys/kernel/debug Disable /sys/kernel/vmcoreinfo Disable /proc/sys/fs/binfmt_misc Disable /proc/sys/kernel/core_pattern Disable /proc/sys/kernel/modprobe Disable /proc/sysrq-trigger Disable /proc/sys/vm/panic_on_oom Disable /proc/irq Disable /proc/bus Disable /proc/sched_debug Disable /proc/timer_list Disable /proc/kcore Disable /proc/kallsyms Disable /usr/lib/modules/5.7.7-arch1-1/build (requested /usr/src/linux) Disable /usr/lib/modules (requested /lib/modules) Disable /boot Disable /run/user/1000/gnupg Disable /run/user/1000/systemd Disable /proc/kmsg Mounting tmpfs on /tmp directory Whitelisting /tmp/.X11-unix 1632 1631 0:46 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev master:65 - tmpfs tmpfs rw mountid=1632 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Whitelisting /tmp/pulse-socket 1633 1631 0:46 /pulse-socket /tmp/pulse-socket rw,nosuid,nodev master:65 - tmpfs tmpfs rw mountid=1633 fsname=/pulse-socket dir=/tmp/pulse-socket fstype=tmpfs Directory ${DOCUMENTS} resolved as Documents Disable /home/me/.local/share/Trash Disable /home/me/.bash_history Disable /home/me/.python_history Disable /home/me/.histfile Disable /home/me/.local/share/fish/fish_history Disable /home/me/.python_history Disable /home/me/.lesshst Disable /home/me/.viminfo Disable /home/me/.config/autostart Disable /home/me/.config/i3 Disable /home/me/.xinitrc Mounting read-only /home/me/.Xauthority 1646 1589 8:4 /me/.Xauthority /home/me/.Xauthority ro,relatime master:69 - ext4 /dev/sda4 rw,data=ordered mountid=1646 fsname=/me/.Xauthority dir=/home/me/.Xauthority fstype=ext4 Mounting read-only /home/me/.config/rsibreak.notifyrc 1647 1589 8:4 /me/.config/rsibreak.notifyrc /home/me/.config/rsibreak.notifyrc ro,relatime master:69 - ext4 /dev/sda4 rw,data=ordered mountid=1647 fsname=/me/.config/rsibreak.notifyrc dir=/home/me/.config/rsibreak.notifyrc fstype=ext4 Mounting read-only /home/me/.config/kdeglobals 1648 1589 8:4 /me/.config/kdeglobals /home/me/.config/kdeglobals ro,relatime master:69 - ext4 /dev/sda4 rw,data=ordered mountid=1648 fsname=/me/.config/kdeglobals dir=/home/me/.config/kdeglobals fstype=ext4 Mounting read-only /home/me/.local/share/konsole 1649 1589 8:4 /me/.local/share/konsole /home/me/.local/share/konsole ro,relatime master:69 - ext4 /dev/sda4 rw,data=ordered mountid=1649 fsname=/me/.local/share/konsole dir=/home/me/.local/share/konsole fstype=ext4 Mounting read-only /home/me/.config/dconf 1650 1589 8:4 /me/.config/dconf /home/me/.config/dconf ro,relatime master:69 - ext4 /dev/sda4 rw,data=ordered mountid=1650 fsname=/me/.config/dconf dir=/home/me/.config/dconf fstype=ext4 Disable /home/me/.config/systemd Disable /var/lib/systemd Disable /home/me/.config/VirtualBox Disable /var/cache/pacman Disable /var/lib/dkms Disable /var/lib/pacman Disable /var/lib/upower Disable /var/spool/mail (requested /var/mail) Disable /var/opt Disable /var/spool/anacron Disable /var/spool/cron Disable /var/spool/mail Mounting read-only /home/me/.config/fish 1663 1589 8:4 /me/.config/fish /home/me/.config/fish ro,relatime master:69 - ext4 /dev/sda4 rw,data=ordered mountid=1663 fsname=/me/.config/fish dir=/home/me/.config/fish fstype=ext4 Mounting read-only /home/me/.local/share/fish 1665 1664 0:24 /firejail/firejail.ro.file /home/me/.local/share/fish/fish_history rw,nosuid,nodev,relatime master:13 - tmpfs run rw,mode=755 mountid=1665 fsname=/firejail/firejail.ro.file dir=/home/me/.local/share/fish/fish_history fstype=tmpfs Mounting read-only /home/me/.profile 1666 1589 8:4 /me/.profile /home/me/.profile ro,relatime master:69 - ext4 /dev/sda4 rw,data=ordered mountid=1666 fsname=/me/.profile dir=/home/me/.profile fstype=ext4 Mounting read-only /home/me/.zshrc 1667 1589 8:4 /me/.zshrc /home/me/.zshrc ro,relatime master:69 - ext4 /dev/sda4 rw,data=ordered mountid=1667 fsname=/me/.zshrc dir=/home/me/.zshrc fstype=ext4 Mounting read-only /home/me/.ssh/authorized_keys 1668 1589 8:4 /me/.ssh/authorized_keys /home/me/.ssh/authorized_keys ro,relatime master:69 - ext4 /dev/sda4 rw,data=ordered mountid=1668 fsname=/me/.ssh/authorized_keys dir=/home/me/.ssh/authorized_keys fstype=ext4 Mounting read-only /home/me/.emacs 1669 1589 8:4 /me/.emacs /home/me/.emacs ro,relatime master:69 - ext4 /dev/sda4 rw,data=ordered mountid=1669 fsname=/me/.emacs dir=/home/me/.emacs fstype=ext4 Mounting read-only /home/me/.emacs.d 1670 1589 8:4 /me/.emacs.d /home/me/.emacs.d ro,relatime master:69 - ext4 /dev/sda4 rw,data=ordered mountid=1670 fsname=/me/.emacs.d dir=/home/me/.emacs.d fstype=ext4 Mounting read-only /home/me/.vim 1671 1589 8:4 /me/.vim /home/me/.vim ro,relatime master:69 - ext4 /dev/sda4 rw,data=ordered mountid=1671 fsname=/me/.vim dir=/home/me/.vim fstype=ext4 Mounting read-only /home/me/.viminfo 1672 1642 0:24 /firejail/firejail.ro.file /home/me/.viminfo ro,nosuid,nodev,relatime master:13 - tmpfs run rw,mode=755 mountid=1672 fsname=/firejail/firejail.ro.file dir=/home/me/.viminfo fstype=tmpfs Mounting read-only /home/me/.vimrc 1673 1589 8:4 /me/.vimrc /home/me/.vimrc ro,relatime master:69 - ext4 /dev/sda4 rw,data=ordered mountid=1673 fsname=/me/.vimrc dir=/home/me/.vimrc fstype=ext4 Mounting read-only /home/me/.xscreensaver 1674 1589 8:4 /me/.xscreensaver /home/me/.xscreensaver ro,relatime master:69 - ext4 /dev/sda4 rw,data=ordered mountid=1674 fsname=/me/.xscreensaver dir=/home/me/.xscreensaver fstype=ext4 Mounting read-only /home/me/.local/bin 1675 1589 8:4 /me/.local/bin /home/me/.local/bin ro,relatime master:69 - ext4 /dev/sda4 rw,data=ordered mountid=1675 fsname=/me/.local/bin dir=/home/me/.local/bin fstype=ext4 Mounting read-only /home/me/.config/menus 1676 1589 8:4 /me/.config/menus /home/me/.config/menus ro,relatime master:69 - ext4 /dev/sda4 rw,data=ordered mountid=1676 fsname=/me/.config/menus dir=/home/me/.config/menus fstype=ext4 Mounting read-only /home/me/.local/share/applications 1677 1589 8:4 /me/.local/share/applications /home/me/.local/share/applications ro,relatime master:69 - ext4 /dev/sda4 rw,data=ordered mountid=1677 fsname=/me/.local/share/applications dir=/home/me/.local/share/applications fstype=ext4 Disable /home/me/.gnupg Disable /home/me/.local/share/keyrings Disable /home/me/.local/share/kwalletd Disable /home/me/.pki Disable /home/me/.ssh Disable /usr/local/sbin Disable /usr/lib/plan9/bin/mount Disable /proc/config.gz Disable /usr/include Disable /usr/share/java Mounting noexec /home/me 1728 1688 0:24 /firejail/firejail.ro.dir /home/me/.ssh rw,nosuid,nodev,relatime master:13 - tmpfs run rw,mode=755 mountid=1728 fsname=/firejail/firejail.ro.dir dir=/home/me/.ssh fstype=tmpfs Mounting noexec /home/me/.cache 1729 1690 0:86 / /home/me/.cache rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,mode=755,uid=1000,gid=998 mountid=1729 fsname=/ dir=/home/me/.cache fstype=tmpfs Mounting noexec /home/me/.Xauthority 1730 1703 8:4 /me/.Xauthority /home/me/.Xauthority ro,nosuid,nodev,noexec,relatime master:69 - ext4 /dev/sda4 rw,data=ordered mountid=1730 fsname=/me/.Xauthority dir=/home/me/.Xauthority fstype=ext4 Mounting noexec /home/me/.config/rsibreak.notifyrc 1731 1704 8:4 /me/.config/rsibreak.notifyrc /home/me/.config/rsibreak.notifyrc ro,nosuid,nodev,noexec,relatime master:69 - ext4 /dev/sda4 rw,data=ordered mountid=1731 fsname=/me/.config/rsibreak.notifyrc dir=/home/me/.config/rsibreak.notifyrc fstype=ext4 Mounting noexec /home/me/.config/kdeglobals 1732 1705 8:4 /me/.config/kdeglobals /home/me/.config/kdeglobals ro,nosuid,nodev,noexec,relatime master:69 - ext4 /dev/sda4 rw,data=ordered mountid=1732 fsname=/me/.config/kdeglobals dir=/home/me/.config/kdeglobals fstype=ext4 Mounting noexec /home/me/.local/share/konsole 1733 1706 8:4 /me/.local/share/konsole /home/me/.local/share/konsole ro,nosuid,nodev,noexec,relatime master:69 - ext4 /dev/sda4 rw,data=ordered mountid=1733 fsname=/me/.local/share/konsole dir=/home/me/.local/share/konsole fstype=ext4 Mounting noexec /home/me/.config/dconf 1734 1707 8:4 /me/.config/dconf /home/me/.config/dconf ro,nosuid,nodev,noexec,relatime master:69 - ext4 /dev/sda4 rw,data=ordered mountid=1734 fsname=/me/.config/dconf dir=/home/me/.config/dconf fstype=ext4 Mounting noexec /home/me/.config/fish 1735 1710 8:4 /me/.config/fish /home/me/.config/fish ro,nosuid,nodev,noexec,relatime master:69 - ext4 /dev/sda4 rw,data=ordered mountid=1735 fsname=/me/.config/fish dir=/home/me/.config/fish fstype=ext4 Mounting noexec /home/me/.local/share/fish 1737 1736 0:24 /firejail/firejail.ro.file /home/me/.local/share/fish/fish_history rw,nosuid,nodev,relatime master:13 - tmpfs run rw,mode=755 mountid=1737 fsname=/firejail/firejail.ro.file dir=/home/me/.local/share/fish/fish_history fstype=tmpfs Mounting noexec /home/me/.profile 1738 1713 8:4 /me/.profile /home/me/.profile ro,nosuid,nodev,noexec,relatime master:69 - ext4 /dev/sda4 rw,data=ordered mountid=1738 fsname=/me/.profile dir=/home/me/.profile fstype=ext4 Mounting noexec /home/me/.zshrc 1739 1714 8:4 /me/.zshrc /home/me/.zshrc ro,nosuid,nodev,noexec,relatime master:69 - ext4 /dev/sda4 rw,data=ordered mountid=1739 fsname=/me/.zshrc dir=/home/me/.zshrc fstype=ext4 Mounting noexec /home/me/.emacs 1740 1716 8:4 /me/.emacs /home/me/.emacs ro,nosuid,nodev,noexec,relatime master:69 - ext4 /dev/sda4 rw,data=ordered mountid=1740 fsname=/me/.emacs dir=/home/me/.emacs fstype=ext4 Mounting noexec /home/me/.emacs.d 1741 1717 8:4 /me/.emacs.d /home/me/.emacs.d ro,nosuid,nodev,noexec,relatime master:69 - ext4 /dev/sda4 rw,data=ordered mountid=1741 fsname=/me/.emacs.d dir=/home/me/.emacs.d fstype=ext4 Mounting noexec /home/me/.vim 1742 1718 8:4 /me/.vim /home/me/.vim ro,nosuid,nodev,noexec,relatime master:69 - ext4 /dev/sda4 rw,data=ordered mountid=1742 fsname=/me/.vim dir=/home/me/.vim fstype=ext4 Mounting noexec /home/me/.vimrc 1743 1719 8:4 /me/.vimrc /home/me/.vimrc ro,nosuid,nodev,noexec,relatime master:69 - ext4 /dev/sda4 rw,data=ordered mountid=1743 fsname=/me/.vimrc dir=/home/me/.vimrc fstype=ext4 Mounting noexec /home/me/.xscreensaver 1744 1720 8:4 /me/.xscreensaver /home/me/.xscreensaver ro,nosuid,nodev,noexec,relatime master:69 - ext4 /dev/sda4 rw,data=ordered mountid=1744 fsname=/me/.xscreensaver dir=/home/me/.xscreensaver fstype=ext4 Mounting noexec /home/me/.local/bin 1745 1721 8:4 /me/.local/bin /home/me/.local/bin ro,nosuid,nodev,noexec,relatime master:69 - ext4 /dev/sda4 rw,data=ordered mountid=1745 fsname=/me/.local/bin dir=/home/me/.local/bin fstype=ext4 Mounting noexec /home/me/.config/menus 1746 1722 8:4 /me/.config/menus /home/me/.config/menus ro,nosuid,nodev,noexec,relatime master:69 - ext4 /dev/sda4 rw,data=ordered mountid=1746 fsname=/me/.config/menus dir=/home/me/.config/menus fstype=ext4 Mounting noexec /home/me/.local/share/applications 1747 1723 8:4 /me/.local/share/applications /home/me/.local/share/applications ro,nosuid,nodev,noexec,relatime master:69 - ext4 /dev/sda4 rw,data=ordered mountid=1747 fsname=/me/.local/share/applications dir=/home/me/.local/share/applications fstype=ext4 Mounting noexec /run/user/1000 1752 1748 0:24 /firejail/firejail.ro.dir /run/user/1000/systemd rw,nosuid,nodev,relatime master:13 - tmpfs run rw,mode=755 mountid=1752 fsname=/firejail/firejail.ro.dir dir=/run/user/1000/systemd fstype=tmpfs Mounting noexec /dev/shm 1753 1611 0:82 /shm /dev/shm rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755 mountid=1753 fsname=/shm dir=/dev/shm fstype=tmpfs Mounting noexec /tmp 1756 1754 0:46 /pulse-socket /tmp/pulse-socket rw,nosuid,nodev master:65 - tmpfs tmpfs rw mountid=1756 fsname=/pulse-socket dir=/tmp/pulse-socket fstype=tmpfs Mounting noexec /tmp/.X11-unix 1757 1755 0:46 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev,noexec master:65 - tmpfs tmpfs rw mountid=1757 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Mounting noexec /tmp/pulse-socket 1758 1756 0:46 /pulse-socket /tmp/pulse-socket rw,nosuid,nodev,noexec master:65 - tmpfs tmpfs rw mountid=1758 fsname=/pulse-socket dir=/tmp/pulse-socket fstype=tmpfs Disable /usr/lib/lua Disable /usr/share/lua Disable /usr/lib/perl5 Disable /usr/share/perl5 Disable /usr/share/perl-image-exiftool Disable /usr/lib/ruby Disable /usr/lib/python2.7 Disable /usr/lib/python3.7 Disable /usr/lib/python3.8 Disable /usr/lib/python3.6 Disable /usr/local/lib/python3.7 Disable /home/me/.config/keepassxc Disable /home/me/.password-store Disable /home/me/Monero/wallets Disable /home/me/.Natron Disable /home/me/.PlayOnLinux Disable /home/me/.anydesk Disable /home/me/.audacity-data Disable /home/me/.cargo/registry Disable /home/me/.config/0ad Disable /home/me/.config/BraveSoftware Disable /home/me/.config/Code Disable /home/me/.config/FreeCAD Disable /home/me/.config/GIMP Disable /home/me/.config/INRIA Disable /home/me/.config/Mumble Disable /home/me/.config/Riot Disable /home/me/.config/Signal Disable /home/me/.config/VirtualBox Disable /home/me/.config/blender Disable /home/me/.config/chromium Disable /home/me/.config/cmus Disable /home/me/.config/deluge Disable /home/me/.config/discord Disable /home/me/.config/d-feet Disable /home/me/.config/enchant Disable /home/me/.config/epiphany Disable /home/me/.config/evolution Disable /home/me/.config/falkon Disable /home/me/.config/filezilla Disable /home/me/.config/gajim Disable /home/me/.config/gconf Disable /home/me/.config/gedit Disable /home/me/.config/ghostwriter Disable /home/me/.config/gnome-mplayer Disable /home/me/.config/godot Disable /home/me/.config/google-chrome-unstable Disable /home/me/.config/hexchat Disable /home/me/.config/inkscape Disable /home/me/.config/itch Disable /home/me/.config/katepartrc Disable /home/me/.config/kateschemarc Disable /home/me/.config/katesyntaxhighlightingrc Disable /home/me/.config/katevirc Disable /home/me/.config/kdenliverc Disable /home/me/.config/kritarc Disable /home/me/.config/libreoffice Disable /home/me/.config/mate/eom Disable /home/me/.config/midori Disable /home/me/.config/mpd Disable /home/me/.config/mpv Disable /home/me/.config/nautilus Disable /home/me/.config/netsurf Disable /home/me/.config/nheko Disable /home/me/.config/okularpartrc Disable /home/me/.config/okularrc Disable /home/me/.config/pavucontrol.ini Disable /home/me/.config/pitivi Disable /home/me/.config/pluma Disable /home/me/.config/qutebrowser Disable /home/me/.config/ranger Disable /home/me/.config/scribus Disable /home/me/.config/smplayer Disable /home/me/.config/smtube Disable /home/me/.config/spotify Disable /home/me/.config/supertuxkart Disable /home/me/.config/synfig Disable /home/me/.config/torbrowser Disable /home/me/.config/tox Disable /home/me/.config/transmission Disable /home/me/.config/uGet Disable /home/me/.config/uzbl Disable /home/me/.config/vivaldi Disable /home/me/.config/vlc Disable /home/me/.config/wireshark Disable /home/me/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml Disable /home/me/.config/yelp Disable /home/me/.config/zathura Disable /home/me/.dosbox Disable /home/me/.emacs Disable /home/me/.emacs.d Disable /home/me/.gimp-2.10 Disable /home/me/.gradle Disable /home/me/.itch Disable /home/me/.java Disable /home/me/.local/lib/vivaldi Disable /home/me/.local/share/0ad Disable /home/me/.local/share/JetBrains Disable /home/me/.local/share/Mumble Disable /home/me/.local/share/Steam Disable /home/me/.local/share/TelegramDesktop Disable /home/me/.local/share/autokey Disable /home/me/.local/share/bibletime Disable /home/me/.local/share/dino Disable /home/me/.local/share/epiphany Disable /home/me/.local/share/evolution Disable /home/me/.local/share/gajim Disable /home/me/.local/share/godot Disable /home/me/.local/share/kdenlive Disable /home/me/.local/share/krita Disable /home/me/.local/share/lollypop Disable /home/me/.local/share/multimc Disable /home/me/.local/share/nautilus Disable /home/me/.local/share/okular Disable /home/me/.local/share/qutebrowser Disable /home/me/.DISPLAY=:0 parsed as 0 line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 15 01 00 00000029 jeq socket 0006 (false 0005) 0005: 06 00 00 7fff0000 ret ALLOW 0006: 20 00 00 00000010 ld data.args[0] 0007: 15 00 01 00000001 jeq 1 0008 (false 0009) 0008: 06 00 00 7fff0000 ret ALLOW 0009: 06 00 00 0005005f ret ERRNO(95) line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 40000003 jeq ARCH_32 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 15 30 00 00000015 jeq 15 0035 (false 0005) 0005: 15 2f 00 00000034 jeq 34 0035 (false 0006) 0006: 15 2e 00 0000001a jeq 1a 0035 (false 0007) 0007: 15 2d 00 0000011b jeq 11b 0035 (false 0008) 0008: 15 2c 00 00000155 jeq 155 0035 (false 0009) 0009: 15 2b 00 00000156 jeq 156 0035 (false 000a) 000a: 15 2a 00 0000007f jeq 7f 0035 (false 000b) 000b: 15 29 00 00000080 jeq 80 0035 (false 000c) 000c: 15 28 00 0000015e jeq 15e 0035 (false 000d) 000d: 15 27 00 00000081 jeq 81 0035 (false 000e) 000e: 15 26 00 0000006e jeq 6e 0035 (false 000f) 000f: 15 25 00 00000065 jeq 65 0035 (false 0010) 0010: 15 24 00 00000121 jeq 121 0035 (false 0011) 0011: 15 23 00 00000057 jeq 57 0035 (false 0012) 0012: 15 22 00 00000073 jeq 73 0035 (false 0013) 0013: 15 21 00 00000067 jeq 67 0035 (false 0014) 0014: 15 20 00 0000015b jeq 15b 0035 (false 0015) 0015: 15 1f 00 0000015c jeq 15c 0035 (false 0016) 0016: 15 1e 00 00000087 jeq 87 0035 (false 0017) 0017: 15 1d 00 00000095 jeq 95 0035 (false 0018) 0018: 15 1c 00 0000007c jeq 7c 0035 (false 0019) 0019: 15 1b 00 00000157 jeq 157 0035 (false 001a) 001a: 15 1a 00 000000fd jeq fd 0035 (false 001b) 001b: 15 19 00 00000150 jeq 150 0035 (false 001c) 001c: 15 18 00 00000152 jeq 152 0035 (false 001d) 001d: 15 17 00 0000015d jeq 15d 0035 (false 001e) 001e: 15 16 00 0000011e jeq 11e 0035 (false 001f) 001f: 15 15 00 0000011f jeq 11f 0035 (false 0020) 0020: 15 14 00 00000120 jeq 120 0035 (false 0021) 0021: 15 13 00 00000056 jeq 56 0035 (false 0022) 0022: 15 12 00 00000033 jeq 33 0035 (false 0023) 0023: 15 11 00 0000007b jeq 7b 0035 (false 0024) 0024: 15 10 00 000000d9 jeq d9 0035 (false 0025) 0025: 15 0f 00 000000f5 jeq f5 0035 (false 0026) 0026: 15 0e 00 000000f6 jeq f6 0035 (false 0027) 0027: 15 0d 00 000000f7 jeq f7 0035 (false 0028) 0028: 15 0c 00 000000f8 jeq f8 0035 (false 0029) 0029: 15 0b 00 000000f9 jeq f9 0035 (false 002a) 002a: 15 0a 00 00000101 jeq 101 0035 (false 002b) 002b: 15 09 00 00000112 jeq 112 0035 (false 002c) 002c: 15 08 00 00000114 jeq 114 0035 (false 002d) 002d: 15 07 00 00000126 jeq 126 0035 (false 002e) 002e: 15 06 00 0000013d jeq 13d 0035 (false 002f) 002f: 15 05 00 0000013c jeq 13c 0035 (false 0030) 0030: 15 04 00 0000003d jeq 3d 0035 (false 0031) 0031: 15 03 00 00000058 jeq 58 0035 (false 0032) 0032: 15 02 00 000000a9 jeq a9 0035 (false 0033) 0033: 15 01 00 00000082 jeq 82 0035 (false 0034) 0034: 06 00 00 7fff0000 ret ALLOW 0035: 06 00 00 00000000 ret KILL line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005) 0005: 35 01 00 00000000 jge read 0007 (false 0006) 0006: 06 00 00 00050001 ret ERRNO(1) 0007: 15 3f 00 0000009f jeq adjtimex 0047 (false 0008) 0008: 15 3e 00 00000131 jeq clock_adjtime 0047 (false 0009) 0009: 15 3d 00 000000e3 jeq clock_settime 0047 (false 000a) 000a: 15 3c 00 000000a4 jeq settimeofday 0047 (false 000b) 000b: 15 3b 00 0000009a jeq modify_ldt 0047 (false 000c) 000c: 15 3a 00 000000d4 jeq lookup_dcookie 0047 (false 000d) 000d: 15 39 00 0000012a jeq perf_event_open 0047 (false 000e) 000e: 15 38 00 00000137 jeq process_vm_writev 0047 (false 000f) 000f: 15 37 00 000000b0 jeq delete_module 0047 (false 0010) 0010: 15 36 00 00000139 jeq finit_module 0047 (false 0011) 0011: 15 35 00 000000af jeq init_module 0047 (false 0012) 0012: 15 34 00 0000009c jeq _sysctl 0047 (false 0013) 0013: 15 33 00 000000b7 jeq afs_syscall 0047 (false 0014) 0014: 15 32 00 000000ae jeq create_module 0047 (false 0015) 0015: 15 31 00 000000b1 jeq get_kernel_syms 0047 (false 0016) 0016: 15 30 00 000000b5 jeq getpmsg 0047 (false 0017) 0017: 15 2f 00 000000b6 jeq putpmsg 0047 (false 0018) 0018: 15 2e 00 000000b2 jeq query_module 0047 (false 0019) 0019: 15 2d 00 000000b9 jeq security 0047 (false 001a) 001a: 15 2c 00 0000008b jeq sysfs 0047 (false 001b) 001b: 15 2b 00 000000b8 jeq tuxcall 0047 (false 001c) 001c: 15 2a 00 00000086 jeq uselib 0047 (false 001d) 001d: 15 29 00 00000088 jeq ustat 0047 (false 001e) 001e: 15 28 00 000000ec jeq vserver 0047 (false 001f) 001f: 15 27 00 000000ad jeq ioperm 0047 (false 0020) 0020: 15 26 00 000000ac jeq iopl 0047 (false 0021) 0021: 15 25 00 000000f6 jeq kexec_load 0047 (false 0022) 0022: 15 24 00 00000140 jeq kexec_file_load 0047 (false 0023) 0023: 15 23 00 000000a9 jeq reboot 0047 (false 0024) 0024: 15 22 00 000000a7 jeq swapon 0047 (false 0025) 0025: 15 21 00 000000a8 jeq swapoff 0047 (false 0026) 0026: 15 20 00 00000130 jeq open_by_handle_at 0047 (false 0027) 0027: 15 1f 00 0000012f jeq name_to_handle_at 0047 (false 0028) 0028: 15 1e 00 000000fb jeq ioprio_set 0047 (false 0029) 0029: 15 1d 00 00000067 jeq syslog 0047 (false 002a) 002a: 15 1c 00 0000012c jeq fanotify_init 0047 (false 002b) 002b: 15 1b 00 00000138 jeq kcmp 0047 (false 002c) 002c: 15 1a 00 000000f8 jeq add_key 0047 (false 002d) 002d: 15 19 00 000000f9 jeq request_key 0047 (false 002e) 002e: 15 18 00 000000ed jeq mbind 0047 (false 002f) 002f: 15 17 00 00000100 jeq migrate_pages 0047 (false 0030) 0030: 15 16 00 00000117 jeq move_pages 0047 (false 0031) 0031: 15 15 00 000000fa jeq keyctl 0047 (false 0032) 0032: 15 14 00 000000ce jeq io_setup 0047 (false 0033) 0033: 15 13 00 000000cf jeq io_destroy 0047 (false 0034) 0034: 15 12 00 000000d0 jeq io_getevents 0047 (false 0035) 0035: 15 11 00 000000d1 jeq io_submit 0047 (false 0036) 0036: 15 10 00 000000d2 jeq io_cancel 0047 (false 0037) 0037: 15 0f 00 000000d8 jeq remap_file_pages 0047 (false 0038) 0038: 15 0e 00 00000143 jeq userfaultfd 0047 (false 0039) 0039: 15 0d 00 000000a3 jeq acct 0047 (false 003a) 003a: 15 0c 00 00000141 jeq bpf 0047 (false 003b) 003b: 15 0b 00 000000a1 jeq chroot 0047 (false 003c) 003c: 15 0a 00 000000a5 jeq mount 0047 (false 003d) 003d: 15 09 00 000000b4 jeq nfsservctl 0047 (false 003e) 003e: 15 08 00 0000009b jeq pivot_root 0047 (false 003f) 003f: 15 07 00 000000ab jeq setdomainname 0047 (false 0040) 0040: 15 06 00 000000aa jeq sethostname 0047 (false 0041) 0041: 15 05 00 000000a6 jeq umount2 0047 (false 0042) 0042: 15 04 00 00000099 jeq vhangup 0047 (false 0043) 0043: 15 03 00 00000065 jeq ptrace 0047 (false 0044) 0044: 15 02 00 00000087 jeq personality 0047 (false 0045) 0045: 15 01 00 00000136 jeq process_vm_readv 0047 (false 0046) 0046: 06 00 00 7fff0000 ret ALLOW 0047: 06 00 01 00000000 ret KILL line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005) 0005: 35 01 00 00000000 jge read 0007 (false 0006) 0006: 06 00 00 00050001 ret ERRNO(1) 0007: 15 00 05 00000009 jeq mmap 0008 (false 000d) 0008: 20 00 00 00000020 ld data.args[10] 0009: 54 00 00 00000006 and 00000006 000a: 15 00 01 00000006 jeq 6 000b (false 000c) 000b: 06 00 00 00000000 ret KILL 000c: 06 00 00 7fff0000 ret ALLOW 000d: 15 00 05 0000000a jeq a 000e (false 0013) 000e: 20 00 00 00000020 ld data.args[10] 000f: 54 00 00 00000004 and 00000004 0010: 15 00 01 00000004 jeq 4 0011 (false 0012) 0011: 06 00 00 00000000 ret KILL 0012: 06 00 00 7fff0000 ret ALLOW 0013: 15 00 05 00000149 jeq 149 0014 (false 0019) 0014: 20 00 00 00000020 ld data.args[10] 0015: 54 00 00 00000004 and 00000004 0016: 15 00 01 00000004 jeq 4 0017 (false 0018) 0017: 06 00 00 00000000 ret KILL 0018: 06 00 00 7fff0000 ret ALLOW 0019: 15 00 05 0000001e jeq 1e 001a (false 001f) 001a: 20 00 00 00000020 ld data.args[10] 001b: 54 00 00 00008000 and 00008000 001c: 15 00 01 00008000 jeq 8000 001d (false 001e) 001d: 06 00 00 00000000 ret KILL 001e: 06 00 00 7fff0000 ret ALLOW 001f: 15 00 01 0000013f jeq 13f 0020 (false 0021) 0020: 06 00 00 00000000 ret KILL 0021: 06 00 00 7fff0000 ret ALLOW 0022: 06 00 00 7fff0000 ret ALLOW local/share/scribus Disable /home/me/.local/share/supertuxkart Disable /home/me/.local/share/torbrowser Disable /home/me/.local/share/uzbl Disable /home/me/.local/share/vlc Disable /home/me/.local/share/vulkan Disable /home/me/.local/share/zathura Disable /home/me/.mozilla Disable /home/me/.mplayer Disable /home/me/.newsboat Disable /home/me/.nv Disable /home/me/.openttd Disable /home/me/.pioneer Disable /home/me/.purple Disable /home/me/.repo_.gitconfig.json Disable /home/me/.steam Disable /home/me/.subversion Disable /home/me/.tooling Disable /home/me/.vim Disable /home/me/.vimrc Disable /home/me/.w3m Disable /home/me/.wget-hsts Disable /home/me/.wine Disable /var/games/nethack Directory ${DOCUMENTS} resolved as Documents Not blacklist /home/me/Documents Directory ${MUSIC} resolved as Videos Disable /home/me/Videos Directory ${PICTURES} resolved as Pictures Disable /home/me/Pictures Directory ${VIDEOS} resolved as Videos Disable /home/me/Videos Disable /tmp/.X11-unix Disable /home/me/.Xauthority Disable /home/me/.Xauthority Disable /sys/fs Disable /sys/module Disable /mnt Disable /media Disable /run/mount Disable /run/media disable pulseaudio blacklist /home/me/.config/pulse blacklist /run/user/1000/pulse/native blacklist /run/user/1000/pulse/native blacklist /tmp/pulse-socket Create the new ld.so.preload file Mount the new ld.so.preload file Current directory: /home/me Install protocol filter: unix configuring 10 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol (null) configuring 54 seccomp entries in /run/firejail/mnt/seccomp/seccomp.32 sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.32 (null) Dual 32/64 bit seccomp filter configured configuring 72 seccomp entries in /run/firejail/mnt/seccomp/seccomp sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp (null) seccomp filter configured Install memory write&execute filter configuring 35 seccomp entries in /run/firejail/mnt/seccomp/seccomp.mdwx sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.mdwx (null) Mounting read-only /run/firejail/mnt/seccomp Dropping all capabilities noroot user namespace installed Dropping all capabilities NO_NEW_PRIVS set Drop privileges: pid 1, uid 1000, gid 998, nogroups 1 No supplementary groups AppArmor enabled warning: kpathsea: configuration file texmf.cnf not found in these directories: /usr/bin:/usr/bin/share/texmf-local/web2c:/usr/bin/share/texmf-dist/web2c:/usr/bin/share/texmf/web2c:/usr/bin/texmf-local/web2c:/usr/bin/texmf-dist/web2c:/usr/bin/texmf/web2c:/usr:/usr/share/texmf-local/web2c:/usr/share/texmf-dist/web2c:/usr/share/texmf/web2c:/usr/texmf-local/web2c:/usr/texmf-dist/web2c:/usr/texmf/web2c://texmf-local/web2c:/://share/texmf-local/web2c://share/texmf-dist/web2c://share/texmf/web2c://texmf-local/web2c://texmf-dist/web2c://texmf/web2c. kpathsea: Running mktexfmt pdflatex.fmt mktexfmt: Permission denied warning: kpathsea: configuration file texmf.cnf not found in these directories: /usr/bin:/usr/bin/share/texmf-local/web2c:/usr/bin/share/texmf-dist/web2c:/usr/bin/share/texmf/web2c:/usr/bin/texmf-local/web2c:/usr/bin/texmf-dist/web2c:/usr/bin/texmf/web2c:/usr:/usr/share/texmf-local/web2c:/usr/share/texmf-dist/web2c:/usr/share/texmf/web2c:/usr/texmf-local/web2c:/usr/texmf-dist/web2c:/usr/texmf/web2c://texmf-local/web2c:/://share/texmf-local/web2c://share/texmf-dist/web2c://share/texmf/web2c://texmf-local/web2c://texmf-dist/web2c://texmf/web2c. kpathsea: Running mktexfmt pdflatex.fmt mktexfmt: Permission denied Error producing PDF. This is pdfTeX, Version 3.14159265-2.6-1.40.21 (TeX Live 2020/Arch Linux) (preloaded format=pdflatex) I can't find the format file `pdflatex.fmt'! Autoselecting /usr/bin/zsh as shell Building quoted command line: 'pandoc' '-t' 'pdf' 'issue.md' Command name #pandoc# Found pandoc.profile profile in /etc/firejail directory Found disable-common.inc profile in /etc/firejail directory Found disable-devel.inc profile in /etc/firejail directory Found disable-exec.inc profile in /etc/firejail directory Found disable-interpreters.inc profile in /etc/firejail directory Found disable-passwdmgr.inc profile in /etc/firejail directory Found disable-programs.inc profile in /etc/firejail directory Found disable-xdg.inc profile in /etc/firejail directory Enabling IPC namespace ``` </details>
gitea-mirror commented 2026-05-05 08:54:07 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Jul 19, 2020):

Fixed.

You need to remove the symlink (sudo rm /usr/local/bin/pandoc) or edit /usr/lib/firejail/firecfg.config and run sudo firecfg.

<!-- gh-comment-id:660627690 --> @rusty-snake commented on GitHub (Jul 19, 2020): Fixed. You need to remove the symlink (`sudo rm /usr/local/bin/pandoc`) or edit /usr/lib/firejail/firecfg.config and run `sudo firecfg`.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2217
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?