[GH-ISSUE #4044] skypeforlinux fails to start on Arch Linux #2513

New issue

Closed

opened 2026-05-05 09:11:45 -06:00 by gitea-mirror · 1 comment

gitea-mirror commented 2026-05-05 09:11:45 -06:00

Owner

Copy link

Originally created by @Kishore96in on GitHub (Mar 4, 2021).
Original GitHub issue: https://github.com/netblue30/firejail/issues/4044

firejail skypeforlinux fails to start on Archlinux unless I add ignore apparmor to my skypeforlinux.local file. apparmor is enabled in this profile by the inclusion of electron.profile.

Reproduce
Steps to reproduce the behavior:

1. Run in bash firejail skypeforlinux

Result
firejail skypeforlinux exits without any obvious error, but does not launch the application. Skype launches normally if I type skypeforlinux or firejail --noprofile skypeforlinux. Skype also launches in firejail if I add ignore apparmor to my skypeforlinux.local file.

Environment

• Linux distribution and version: Arch Linux
• Firejail version: 0.9.64.4

Checklist

• The profile (and redirect profile if exists) hasn't already been fixed upstream.
• The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
• I have performed a short search for similar issues (to avoid opening a duplicate).
• If it is a AppImage, --profile=PROFILENAME is used to set the right profile.
• Used LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 PROGRAM to get english error-messages.
• I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.

debug output

OUTPUT OF `firejail --debug PROGRAM`

Autoselecting /bin/bash as shell
Building quoted command line: 'skypeforlinux'
Command name #skypeforlinux#
Found skypeforlinux.profile profile in /etc/firejail directory
Reading profile /etc/firejail/skypeforlinux.profile
Found skypeforlinux.local profile in /home/kishore/.config/firejail directory
Reading profile /home/kishore/.config/firejail/skypeforlinux.local
Found electron.profile profile in /home/kishore/.config/firejail directory
Reading profile /home/kishore/.config/firejail/electron.profile
Found disable-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-common.inc
Found disable-devel.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-devel.inc
Found disable-exec.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-exec.inc
Found disable-interpreters.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-interpreters.inc
Found disable-passwdmgr.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-passwdmgr.inc
Found disable-programs.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-programs.inc
Found disable-xdg.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-xdg.inc
DISPLAY=:0 parsed as 0
Using the local network stack
Parent pid 113012, child pid 113013
Initializing child process
Host network configured
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp directory
Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file
IBUS_ADDRESS=unix:abstract=/home/kishore/.cache/ibus/dbus-v1PGMsMf,guid=20a23992ada65edb1baa65f260409df3
IBUS_DAEMON_PID=5428
Mounting /proc filesystem representing the PID namespace
Basic read-only filesystem:
Mounting read-only /etc
1593 1446 254:2 /etc /etc ro,relatime master:1 - ext4 /dev/mapper/VolGroup-root rw
mountid=1593 fsname=/etc dir=/etc fstype=ext4
Mounting noexec /etc
1594 1593 254:2 /etc /etc ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/VolGroup-root rw
mountid=1594 fsname=/etc dir=/etc fstype=ext4
Mounting read-only /var
1595 1446 254:2 /var /var ro,relatime master:1 - ext4 /dev/mapper/VolGroup-root rw
mountid=1595 fsname=/var dir=/var fstype=ext4
Mounting noexec /var
1596 1595 254:2 /var /var ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/VolGroup-root rw
mountid=1596 fsname=/var dir=/var fstype=ext4
Mounting read-only /usr
1597 1446 254:2 /usr /usr ro,relatime master:1 - ext4 /dev/mapper/VolGroup-root rw
mountid=1597 fsname=/usr dir=/usr fstype=ext4
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Cleaning /run/user directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /home/kishore/.config/firejail
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/profile
Disable /run/firejail/x11
Disable /run/firejail/appimage
Generate private-tmp whitelist commands
blacklist /run/firejail/dbus
Mounting read-only /proc/sys
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/sched_debug
Disable /proc/timer_list
Disable /proc/kcore
Disable /proc/kallsyms
Disable /usr/lib/modules/5.11.2-arch1-1/build (requested /usr/src/linux)
Disable /usr/lib/modules (requested /lib/modules)
Disable /boot
Disable /dev/port
Disable /run/user/1000/gnupg
Disable /run/user/1000/systemd
Disable /dev/kmsg
Disable /proc/kmsg
Debug 456: new_name #/home/kishore/.config/Skype#, whitelist
Debug 571: fname #/home/kishore/.config/Skype#, cfg.homedir #/home/kishore#
Replaced whitelist path: whitelist /home/kishore/.config/Skype
Debug 456: new_name #/home/kishore/.config/skypeforlinux#, whitelist
Debug 571: fname #/home/kishore/.config/skypeforlinux#, cfg.homedir #/home/kishore#
Replaced whitelist path: whitelist /home/kishore/.config/skypeforlinux
Debug 456: new_name #/tmp/.X11-unix#, whitelist
Mounting tmpfs on /tmp directory
Drop privileges: pid 2, uid 1000, gid 1000, nogroups 0
Mounting a new /root directory
Mounting a new /home directory
Create a new user directory
Drop privileges: pid 3, uid 1000, gid 1000, nogroups 0
Drop privileges: pid 4, uid 1000, gid 1000, nogroups 0
Whitelisting /home/kishore/.config/Skype
1630 1629 254:3 /kishore/.config/Skype /home/kishore/.config/Skype rw,relatime master:74 - ext4 /dev/mapper/VolGroup-home rw
mountid=1630 fsname=/kishore/.config/Skype dir=/home/kishore/.config/Skype fstype=ext4
Whitelisting /home/kishore/.config/skypeforlinux
1631 1629 254:3 /kishore/.config/skypeforlinux /home/kishore/.config/skypeforlinux rw,relatime master:74 - ext4 /dev/mapper/VolGroup-home rw
mountid=1631 fsname=/kishore/.config/skypeforlinux dir=/home/kishore/.config/skypeforlinux fstype=ext4
Whitelisting /tmp/.X11-unix
1632 1625 0:49 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev master:70 - tmpfs tmpfs rw,nr_inodes=409600,inode64
mountid=1632 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Disable /run/media
Disable /etc/X11/Xsession.d
Disable /etc/xdg/autostart
Mounting read-only /home/kishore/.Xauthority
1638 1629 0:141 /kishore/.Xauthority /home/kishore/.Xauthority ro,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64
mountid=1638 fsname=/kishore/.Xauthority dir=/home/kishore/.Xauthority fstype=tmpfs
Disable /run/user/1000/dolphinwWnuqe.9.slave-socket
Disable /run/user/1000/dolphinQYhJcg.9.slave-socket
Disable /run/user/1000/dolphinAsBBOY.9.slave-socket
Disable /run/user/1000/okularIYGiFD.20.slave-socket
Disable /run/user/1000/okularovmVbS.18.slave-socket
Disable /run/user/1000/okularEXZquE.17.slave-socket
Disable /run/user/1000/okularapwUfF.16.slave-socket
Disable /run/user/1000/okularuEdXWn.15.slave-socket
Disable /run/user/1000/okulardjGAGh.13.slave-socket
Disable /run/user/1000/okularDVOgEX.12.slave-socket
Disable /run/user/1000/okularKxYbkw.11.slave-socket
Disable /run/user/1000/okularFPZouP.10.slave-socket
Disable /run/user/1000/okularUwRFqi.9.slave-socket
Disable /run/user/1000/dolphineHViXx.11.slave-socket
Disable /run/user/1000/dolphinWoSFmr.9.slave-socket
Disable /run/user/1000/dolphindSlnWq.9.slave-socket
Disable /run/user/1000/dolphinCmJLHn.9.slave-socket
Disable /run/user/1000/klauncherAXelIC.1.slave-socket
Disable /run/user/1000/kdeinit5__0
Disable /var/lib/systemd
Disable /usr/bin/systemd-run
Disable /run/user/1000/systemd
Disable /var/cache/libvirt
Disable /var/lib/libvirt
Disable /var/log/libvirt
Disable /var/cache/pacman
Disable /var/lib/clamav
Disable /var/lib/dkms
Disable /var/lib/pacman
Disable /var/lib/upower
Disable /var/spool/mail (requested /var/mail)
Disable /var/opt
Disable /var/spool/mail
Disable /etc/profile.d
Disable /etc/kernel
Disable /etc/grub.d
Disable /etc/dkms
Disable /etc/apparmor.d
Disable /etc/apparmor
Disable /etc/modules-load.d
Disable /etc/logrotate.d
Mounting read-only /home/kishore/.bashrc
1680 1629 0:141 /kishore/.bashrc /home/kishore/.bashrc ro,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64
mountid=1680 fsname=/kishore/.bashrc dir=/home/kishore/.bashrc fstype=tmpfs
Disable /etc/group-
Disable /etc/gshadow
Disable /etc/gshadow-
Disable /etc/passwd-
Disable /etc/shadow
Disable /etc/shadow-
Disable /etc/ssh
Warning: /sbin directory link was not blacklisted
Disable /usr/local/sbin
Warning: /usr/sbin directory link was not blacklisted
Disable /usr/bin/chage
Disable /usr/bin/chfn
Disable /usr/bin/chsh
Disable /usr/bin/expiry
Disable /usr/bin/fusermount
Disable /usr/bin/gpasswd
Disable /usr/bin/ksu
Disable /usr/bin/mount
Disable /usr/bin/ncat
Disable /usr/bin/newgidmap
Disable /usr/bin/newgrp
Disable /usr/bin/newuidmap
Disable /usr/bin/ntfs-3g
Disable /usr/bin/pkexec
Disable /usr/bin/sg
Disable /usr/bin/su
Disable /usr/bin/sudo
Disable /usr/bin/umount
Disable /usr/bin/unix_chkpwd
Disable /usr/bin/xev
Disable /usr/bin/xinput
Disable /usr/lib/virtualbox
Disable /usr/lib/virtualbox (requested /usr/lib64/virtualbox)
Warning: /run/user/1000/doc does not exist, skipping...
Disable /usr/bin/bwrap
Disable /proc/config.gz
Disable /usr/bin/drill
Disable /usr/bin/ldns-revoke
Disable /usr/bin/ldns-signzone
Disable /usr/bin/ldns-key2ds
Disable /usr/bin/ldns-gen-zone
Disable /usr/bin/ldns-rrsig
Disable /usr/bin/ldns-resolver
Disable /usr/bin/ldns-keyfetcher
Disable /usr/bin/ldns-compare-zones
Disable /usr/bin/ldns-chaos
Disable /usr/bin/ldns-keygen
Disable /usr/bin/ldns-dpa
Disable /usr/bin/ldns-update
Disable /usr/bin/ldns-testns
Disable /usr/bin/ldns-read-zone
Disable /usr/bin/ldns-walk
Disable /usr/bin/ldns-nsec3-hash
Disable /usr/bin/ldns-mx
Disable /usr/bin/ldns-zsplit
Disable /usr/bin/ldns-dane
Disable /usr/bin/ldns-config
Disable /usr/bin/ldns-zcat
Disable /usr/bin/ldns-test-edns
Disable /usr/bin/ldns-notify
Disable /usr/bin/ldns-version
Disable /usr/bin/ldns-verify-zone
Disable /usr/bin/ldnsd
Disable /usr/bin/resolvectl
Disable /run/user/1000/pipewire-0.lock
Disable /usr/bin/clang-tidy
Disable /usr/bin/clang-query
Disable /usr/bin/clang-11 (requested /usr/bin/clang++)
Disable /usr/bin/clang-extdef-mapping
Disable /usr/bin/clang-move
Disable /usr/bin/clang-11 (requested /usr/bin/clang-cl)
Disable /usr/bin/clang-refactor
Disable /usr/bin/clang-rename
Disable /usr/bin/clang-reorder-fields
Disable /usr/bin/clang-11
Disable /usr/bin/clang-offload-wrapper
Disable /usr/bin/clang-change-namespace
Disable /usr/bin/clang-offload-bundler
Disable /usr/bin/clang-11 (requested /usr/bin/clang-cpp)
Disable /usr/bin/clang-11 (requested /usr/bin/clang)
Disable /usr/bin/clangd
Disable /usr/bin/clang-format
Disable /usr/bin/clang-include-fixer
Disable /usr/bin/clang-check
Disable /usr/bin/clang-apply-replacements
Disable /usr/bin/clang-scan-deps
Disable /usr/bin/clang-doc
Disable /usr/bin/as
Disable /usr/bin/gcc (requested /usr/bin/cc)
Disable /usr/bin/c++
Disable /usr/bin/c++filt
Disable /usr/bin/c89
Disable /usr/bin/c99
Disable /usr/bin/cpp
Disable /usr/bin/cpp2html
Disable /usr/bin/g++
Disable /usr/bin/gcc-ranlib
Disable /usr/bin/gcc-nm
Disable /usr/bin/gcc
Disable /usr/bin/gcc-ar
Disable /usr/bin/gdb
Disable /usr/bin/ld
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-ranlib
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-10.2.0
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-nm
Disable /usr/bin/x86_64-pc-linux-gnu-gcc
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-ar
Disable /usr/bin/x86_64-pc-linux-gnu-g++
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-ranlib
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-10.2.0
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-nm
Disable /usr/bin/x86_64-pc-linux-gnu-gcc
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-ar
Disable /usr/bin/x86_64-pc-linux-gnu-g++
Disable /usr/lib/jvm/java-15-openjdk/bin/java (requested /usr/bin/java)
Disable /usr/lib/jvm/java-15-openjdk/bin/java (requested /usr/lib/jvm/default/bin/java)
Disable /usr/lib/jvm/java-15-openjdk/bin/javac (requested /usr/lib/jvm/default/bin/javac)
Disable /usr/share/java
Disable /usr/bin/openssl
Disable /usr/src
Disable /usr/local/src
Disable /usr/include
Disable /usr/local/include
Mounting noexec /home/kishore/.config/Skype
1801 1630 254:3 /kishore/.config/Skype /home/kishore/.config/Skype rw,nosuid,nodev,noexec,relatime master:74 - ext4 /dev/mapper/VolGroup-home rw
mountid=1801 fsname=/kishore/.config/Skype dir=/home/kishore/.config/Skype fstype=ext4
Mounting noexec /home/kishore/.config/skypeforlinux
1802 1631 254:3 /kishore/.config/skypeforlinux /home/kishore/.config/skypeforlinux rw,nosuid,nodev,noexec,relatime master:74 - ext4 /dev/mapper/VolGroup-home rw
mountid=1802 fsname=/kishore/.config/skypeforlinux dir=/home/kishore/.config/skypeforlinux fstype=ext4
Mounting noexec /run/user/1000
1827 1803 0:24 /firejail/firejail.ro.file /run/user/1000/pipewire-0.lock rw,nosuid,nodev,relatime master:14 - tmpfs run rw,mode=755,inode64
mountid=1827 fsname=/firejail/firejail.ro.file dir=/run/user/1000/pipewire-0.lock fstype=tmpfs
Warning: not remounting /run/user/1000/doc
Mounting noexec /dev/shm
1828 1551 0:26 / /dev/shm rw,nosuid,nodev,noexec master:3 - tmpfs tmpfs rw,inode64
mountid=1828 fsname=/ dir=/dev/shm fstype=tmpfs
Disable /usr/bin/lua
Disable /usr/bin/luajit-2.0.5 (requested /usr/bin/luajit)
Disable /usr/share/texmf-dist/scripts/luaotfload/luaotfload-tool.lua (requested /usr/bin/luaotfload-tool)
Disable /usr/bin/luajithbtex
Disable /usr/bin/luatex
Disable /usr/bin/lua5.3
Disable /usr/bin/lua (requested /usr/bin/lua5.4)
Disable /usr/bin/luac
Disable /usr/share/texmf-dist/scripts/context/stubs/unix/luatools (requested /usr/bin/luatools)
Disable /usr/bin/luajit-2.0.5
Disable /usr/bin/luahbtex (requested /usr/bin/lualatex)
Disable /usr/bin/luac5.3
Disable /usr/bin/luahbtex
Disable /usr/bin/lua5.2
Disable /usr/bin/luajittex
Disable /usr/bin/luac5.2
Disable /usr/bin/luac (requested /usr/bin/luac5.4)
Disable /usr/lib/liblua.so.5.4.2
Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib/liblua5.2.so)
Disable /usr/lib/liblua.so.5.4.2 (requested /usr/lib/liblua.so)
Disable /usr/lib/liblua5.2.so.5.2.4
Disable /usr/lib/liblua5.3.so.5.3.6 (requested /usr/lib/liblua.so.5.3.6)
Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib/liblua.so.5.2.4)
Disable /usr/lib/liblua.so.5.4.2 (requested /usr/lib/liblua.so.5.4)
Disable /usr/lib/libluajit-5.1.so.2.0.5
Disable /usr/lib/liblua5.3.so.5.3.6 (requested /usr/lib/liblua5.3.so)
Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib/liblua5.2.so.5.2)
Disable /usr/lib/libluajit-5.1.so.2.0.5 (requested /usr/lib/libluajit-5.1.so.2)
Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib/liblua.so.5.2)
Disable /usr/lib/liblua5.3.so.5.3.6 (requested /usr/lib/liblua.so.5.3)
Disable /usr/lib/liblua.so.5.4.2 (requested /usr/lib/liblua5.4.so)
Disable /usr/lib/liblua5.3.so.5.3.6 (requested /usr/lib/liblua5.3.so.5.3)
Disable /usr/lib/liblua5.3.so.5.3.6
Disable /usr/lib/libluajit-5.1.so.2.0.5 (requested /usr/lib/libluajit-5.1.so)
Disable /usr/lib/lua
Disable /usr/lib/liblua.so.5.4.2 (requested /usr/lib64/liblua.so.5.4.2)
Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib64/liblua5.2.so)
Disable /usr/lib/liblua.so.5.4.2 (requested /usr/lib64/liblua.so)
Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib64/liblua5.2.so.5.2.4)
Disable /usr/lib/liblua5.3.so.5.3.6 (requested /usr/lib64/liblua.so.5.3.6)
Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib64/liblua.so.5.2.4)
Disable /usr/lib/liblua.so.5.4.2 (requested /usr/lib64/liblua.so.5.4)
Disable /usr/lib/libluajit-5.1.so.2.0.5 (requested /usr/lib64/libluajit-5.1.so.2.0.5)
Disable /usr/lib/liblua5.3.so.5.3.6 (requested /usr/lib64/liblua5.3.so)
Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib64/liblua5.2.so.5.2)
Disable /usr/lib/libluajit-5.1.so.2.0.5 (requested /usr/lib64/libluajit-5.1.so.2)
Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib64/liblua.so.5.2)
Disable /usr/lib/liblua5.3.so.5.3.6 (requested /usr/lib64/liblua.so.5.3)
Disable /usr/lib/liblua.so.5.4.2 (requested /usr/lib64/liblua5.4.so)
Disable /usr/lib/liblua5.3.so.5.3.6 (requested /usr/lib64/liblua5.3.so.5.3)
Disable /usr/lib/liblua5.3.so.5.3.6 (requested /usr/lib64/liblua5.3.so.5.3.6)
Disable /usr/lib/libluajit-5.1.so.2.0.5 (requested /usr/lib64/libluajit-5.1.so)
Disable /usr/lib/lua (requested /usr/lib64/lua)
Disable /usr/share/lua
Disable /usr/share/luajit-2.0.5
Disable /usr/lib/libmozjs-78.so (requested /usr/lib64/libmozjs-78.so)
Disable /usr/bin/core_perl/cpan
Disable /usr/bin/core_perl
Disable /usr/bin/perl
Disable /usr/bin/site_perl
Disable /usr/bin/vendor_perl
Disable /usr/lib/perl5
Disable /usr/lib/perl5 (requested /usr/lib64/perl5)
Disable /usr/share/perl5
Disable /usr/bin/ruby
Disable /usr/lib/ruby
Disable /usr/bin/python2.7 (requested /usr/bin/python2)
Disable /usr/bin/python2.7-config (requested /usr/bin/python2-config)
Disable /usr/bin/python2.7-config
Disable /usr/bin/python2.7
Disable /usr/lib/python2.7
Disable /usr/bin/python3.9-config (requested /usr/bin/python3-config)
Disable /usr/bin/python3.9-config
Disable /usr/bin/python3.9
Disable /usr/bin/python3.9 (requested /usr/bin/python3)
Disable /usr/lib/python3.9
Disable /usr/lib/python3.9 (requested /usr/lib64/python3.9)
Not blacklist /home/kishore/.config/skypeforlinux
Mounting read-only /tmp/.X11-unix
1906 1632 0:49 /.X11-unix /tmp/.X11-unix ro,nosuid,nodev master:70 - tmpfs tmpfs rw,nr_inodes=409600,inode64
mountid=1906 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Disable /sys/fs
Disable /sys/module
Disable /mnt
Disable /media
Disable /run/mount
Disable /run/media
Mounting noexec /run/firejail/mnt/pulse
1913 1590 0:130 /pulse /run/firejail/mnt/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64
mountid=1913 fsname=/pulse dir=/run/firejail/mnt/pulse fstype=tmpfs
Creating empty /home/kishore/.config/pulse directory
Drop privileges: pid 5, uid 1000, gid 1000, nogroups 0
Mounting /run/firejail/mnt/pulse on /home/kishore/.config/pulse
1914 1629 0:130 /pulse /home/kishore/.config/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64
mountid=1914 fsname=/pulse dir=/home/kishore/.config/pulse fstype=tmpfs
Current directory: /home/kishore
DISPLAY=:0 parsed as 0
Mounting read-only /run/firejail/mnt/seccomp
1916 1590 0:130 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755,inode64
mountid=1916 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs
Seccomp directory:
ls /run/firejail/mnt/seccomp
drwxr-xr-x root root 120 .
drwxr-xr-x root root 260 ..
-rw-r--r-- kishore kishore 1072 seccomp
-rw-r--r-- kishore kishore 808 seccomp.32
-rw-r--r-- kishore kishore 0 seccomp.postexec
-rw-r--r-- kishore kishore 0 seccomp.postexec32
No active seccomp files
Set caps filter 240000
Drop privileges: pid 1, uid 1000, gid 1000, nogroups 1
No supplementary groups
AppArmor enabled
Starting application
LD_PRELOAD=(null)
execvp argument 0: skypeforlinux
Child process initialized in 117.72 ms
Searching $PATH for skypeforlinux
trying #/usr/local/sbin/skypeforlinux#
trying #/usr/local/bin/skypeforlinux#
trying #/usr/bin/skypeforlinux#
monitoring pid 6

Sandbox monitor: waitpid 6 retval 6 status 0
Sandbox monitor: monitoring 11
monitoring pid 11

Sandbox monitor: waitpid 11 retval 11 status 32256

Parent is shutting down, bye...

Originally created by @Kishore96in on GitHub (Mar 4, 2021). Original GitHub issue: https://github.com/netblue30/firejail/issues/4044 `firejail skypeforlinux` fails to start on Archlinux unless I add `ignore apparmor` to my `skypeforlinux.local` file. `apparmor` is enabled in this profile by the inclusion of `electron.profile`. **Reproduce** Steps to reproduce the behavior: 1. Run in bash `firejail skypeforlinux` **Result** `firejail skypeforlinux` exits without any obvious error, but does not launch the application. Skype launches normally if I type `skypeforlinux` or `firejail --noprofile skypeforlinux`. Skype also launches in firejail if I add `ignore apparmor` to my `skypeforlinux.local` file. **Environment** - Linux distribution and version: Arch Linux - Firejail version: 0.9.64.4 **Checklist** - [x] The profile (and redirect profile if exists) hasn't already been fixed [upstream](https://github.com/netblue30/firejail/tree/master/etc). - [x] The program has a profile. (If not, request one in `https://github.com/netblue30/firejail/issues/1139`) - [x] I have performed a short search for similar issues (to avoid opening a duplicate). - [x] If it is a AppImage, `--profile=PROFILENAME` is used to set the right profile. - [x] Used `LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 PROGRAM` to get english error-messages. - [x] I'm aware of `browser-allow-drm yes`/`browser-disable-u2f no` in `firejail.config` to allow DRM/U2F in browsers. <details><summary> debug output </summary> ``` OUTPUT OF `firejail --debug PROGRAM` ``` Autoselecting /bin/bash as shell Building quoted command line: 'skypeforlinux' Command name #skypeforlinux# Found skypeforlinux.profile profile in /etc/firejail directory Reading profile /etc/firejail/skypeforlinux.profile Found skypeforlinux.local profile in /home/kishore/.config/firejail directory Reading profile /home/kishore/.config/firejail/skypeforlinux.local Found electron.profile profile in /home/kishore/.config/firejail directory Reading profile /home/kishore/.config/firejail/electron.profile Found disable-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-common.inc Found disable-devel.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-devel.inc Found disable-exec.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-exec.inc Found disable-interpreters.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-interpreters.inc Found disable-passwdmgr.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-passwdmgr.inc Found disable-programs.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-programs.inc Found disable-xdg.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-xdg.inc DISPLAY=:0 parsed as 0 Using the local network stack Parent pid 113012, child pid 113013 Initializing child process Host network configured PID namespace installed Mounting tmpfs on /run/firejail/mnt directory Creating empty /run/firejail/mnt/seccomp directory Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file IBUS_ADDRESS=unix:abstract=/home/kishore/.cache/ibus/dbus-v1PGMsMf,guid=20a23992ada65edb1baa65f260409df3 IBUS_DAEMON_PID=5428 Mounting /proc filesystem representing the PID namespace Basic read-only filesystem: Mounting read-only /etc 1593 1446 254:2 /etc /etc ro,relatime master:1 - ext4 /dev/mapper/VolGroup-root rw mountid=1593 fsname=/etc dir=/etc fstype=ext4 Mounting noexec /etc 1594 1593 254:2 /etc /etc ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/VolGroup-root rw mountid=1594 fsname=/etc dir=/etc fstype=ext4 Mounting read-only /var 1595 1446 254:2 /var /var ro,relatime master:1 - ext4 /dev/mapper/VolGroup-root rw mountid=1595 fsname=/var dir=/var fstype=ext4 Mounting noexec /var 1596 1595 254:2 /var /var ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/VolGroup-root rw mountid=1596 fsname=/var dir=/var fstype=ext4 Mounting read-only /usr 1597 1446 254:2 /usr /usr ro,relatime master:1 - ext4 /dev/mapper/VolGroup-root rw mountid=1597 fsname=/usr dir=/usr fstype=ext4 Mounting tmpfs on /var/lock Mounting tmpfs on /var/tmp Mounting tmpfs on /var/log Create the new utmp file Mount the new utmp file Cleaning /home directory Cleaning /run/user directory Sanitizing /etc/passwd, UID_MIN 1000 Sanitizing /etc/group, GID_MIN 1000 Disable /home/kishore/.config/firejail Disable /run/firejail/network Disable /run/firejail/bandwidth Disable /run/firejail/name Disable /run/firejail/profile Disable /run/firejail/x11 Disable /run/firejail/appimage Generate private-tmp whitelist commands blacklist /run/firejail/dbus Mounting read-only /proc/sys Remounting /sys directory Disable /sys/firmware Disable /sys/hypervisor Disable /sys/power Disable /sys/kernel/debug Disable /sys/kernel/vmcoreinfo Disable /proc/sys/fs/binfmt_misc Disable /proc/sys/kernel/core_pattern Disable /proc/sys/kernel/modprobe Disable /proc/sysrq-trigger Disable /proc/sys/vm/panic_on_oom Disable /proc/irq Disable /proc/bus Disable /proc/sched_debug Disable /proc/timer_list Disable /proc/kcore Disable /proc/kallsyms Disable /usr/lib/modules/5.11.2-arch1-1/build (requested /usr/src/linux) Disable /usr/lib/modules (requested /lib/modules) Disable /boot Disable /dev/port Disable /run/user/1000/gnupg Disable /run/user/1000/systemd Disable /dev/kmsg Disable /proc/kmsg Debug 456: new_name #/home/kishore/.config/Skype#, whitelist Debug 571: fname #/home/kishore/.config/Skype#, cfg.homedir #/home/kishore# Replaced whitelist path: whitelist /home/kishore/.config/Skype Debug 456: new_name #/home/kishore/.config/skypeforlinux#, whitelist Debug 571: fname #/home/kishore/.config/skypeforlinux#, cfg.homedir #/home/kishore# Replaced whitelist path: whitelist /home/kishore/.config/skypeforlinux Debug 456: new_name #/tmp/.X11-unix#, whitelist Mounting tmpfs on /tmp directory Drop privileges: pid 2, uid 1000, gid 1000, nogroups 0 Mounting a new /root directory Mounting a new /home directory Create a new user directory Drop privileges: pid 3, uid 1000, gid 1000, nogroups 0 Drop privileges: pid 4, uid 1000, gid 1000, nogroups 0 Whitelisting /home/kishore/.config/Skype 1630 1629 254:3 /kishore/.config/Skype /home/kishore/.config/Skype rw,relatime master:74 - ext4 /dev/mapper/VolGroup-home rw mountid=1630 fsname=/kishore/.config/Skype dir=/home/kishore/.config/Skype fstype=ext4 Whitelisting /home/kishore/.config/skypeforlinux 1631 1629 254:3 /kishore/.config/skypeforlinux /home/kishore/.config/skypeforlinux rw,relatime master:74 - ext4 /dev/mapper/VolGroup-home rw mountid=1631 fsname=/kishore/.config/skypeforlinux dir=/home/kishore/.config/skypeforlinux fstype=ext4 Whitelisting /tmp/.X11-unix 1632 1625 0:49 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev master:70 - tmpfs tmpfs rw,nr_inodes=409600,inode64 mountid=1632 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Disable /run/media Disable /etc/X11/Xsession.d Disable /etc/xdg/autostart Mounting read-only /home/kishore/.Xauthority 1638 1629 0:141 /kishore/.Xauthority /home/kishore/.Xauthority ro,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64 mountid=1638 fsname=/kishore/.Xauthority dir=/home/kishore/.Xauthority fstype=tmpfs Disable /run/user/1000/dolphinwWnuqe.9.slave-socket Disable /run/user/1000/dolphinQYhJcg.9.slave-socket Disable /run/user/1000/dolphinAsBBOY.9.slave-socket Disable /run/user/1000/okularIYGiFD.20.slave-socket Disable /run/user/1000/okularovmVbS.18.slave-socket Disable /run/user/1000/okularEXZquE.17.slave-socket Disable /run/user/1000/okularapwUfF.16.slave-socket Disable /run/user/1000/okularuEdXWn.15.slave-socket Disable /run/user/1000/okulardjGAGh.13.slave-socket Disable /run/user/1000/okularDVOgEX.12.slave-socket Disable /run/user/1000/okularKxYbkw.11.slave-socket Disable /run/user/1000/okularFPZouP.10.slave-socket Disable /run/user/1000/okularUwRFqi.9.slave-socket Disable /run/user/1000/dolphineHViXx.11.slave-socket Disable /run/user/1000/dolphinWoSFmr.9.slave-socket Disable /run/user/1000/dolphindSlnWq.9.slave-socket Disable /run/user/1000/dolphinCmJLHn.9.slave-socket Disable /run/user/1000/klauncherAXelIC.1.slave-socket Disable /run/user/1000/kdeinit5__0 Disable /var/lib/systemd Disable /usr/bin/systemd-run Disable /run/user/1000/systemd Disable /var/cache/libvirt Disable /var/lib/libvirt Disable /var/log/libvirt Disable /var/cache/pacman Disable /var/lib/clamav Disable /var/lib/dkms Disable /var/lib/pacman Disable /var/lib/upower Disable /var/spool/mail (requested /var/mail) Disable /var/opt Disable /var/spool/mail Disable /etc/profile.d Disable /etc/kernel Disable /etc/grub.d Disable /etc/dkms Disable /etc/apparmor.d Disable /etc/apparmor Disable /etc/modules-load.d Disable /etc/logrotate.d Mounting read-only /home/kishore/.bashrc 1680 1629 0:141 /kishore/.bashrc /home/kishore/.bashrc ro,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64 mountid=1680 fsname=/kishore/.bashrc dir=/home/kishore/.bashrc fstype=tmpfs Disable /etc/group- Disable /etc/gshadow Disable /etc/gshadow- Disable /etc/passwd- Disable /etc/shadow Disable /etc/shadow- Disable /etc/ssh Warning: /sbin directory link was not blacklisted Disable /usr/local/sbin Warning: /usr/sbin directory link was not blacklisted Disable /usr/bin/chage Disable /usr/bin/chfn Disable /usr/bin/chsh Disable /usr/bin/expiry Disable /usr/bin/fusermount Disable /usr/bin/gpasswd Disable /usr/bin/ksu Disable /usr/bin/mount Disable /usr/bin/ncat Disable /usr/bin/newgidmap Disable /usr/bin/newgrp Disable /usr/bin/newuidmap Disable /usr/bin/ntfs-3g Disable /usr/bin/pkexec Disable /usr/bin/sg Disable /usr/bin/su Disable /usr/bin/sudo Disable /usr/bin/umount Disable /usr/bin/unix_chkpwd Disable /usr/bin/xev Disable /usr/bin/xinput Disable /usr/lib/virtualbox Disable /usr/lib/virtualbox (requested /usr/lib64/virtualbox) Warning: /run/user/1000/doc does not exist, skipping... Disable /usr/bin/bwrap Disable /proc/config.gz Disable /usr/bin/drill Disable /usr/bin/ldns-revoke Disable /usr/bin/ldns-signzone Disable /usr/bin/ldns-key2ds Disable /usr/bin/ldns-gen-zone Disable /usr/bin/ldns-rrsig Disable /usr/bin/ldns-resolver Disable /usr/bin/ldns-keyfetcher Disable /usr/bin/ldns-compare-zones Disable /usr/bin/ldns-chaos Disable /usr/bin/ldns-keygen Disable /usr/bin/ldns-dpa Disable /usr/bin/ldns-update Disable /usr/bin/ldns-testns Disable /usr/bin/ldns-read-zone Disable /usr/bin/ldns-walk Disable /usr/bin/ldns-nsec3-hash Disable /usr/bin/ldns-mx Disable /usr/bin/ldns-zsplit Disable /usr/bin/ldns-dane Disable /usr/bin/ldns-config Disable /usr/bin/ldns-zcat Disable /usr/bin/ldns-test-edns Disable /usr/bin/ldns-notify Disable /usr/bin/ldns-version Disable /usr/bin/ldns-verify-zone Disable /usr/bin/ldnsd Disable /usr/bin/resolvectl Disable /run/user/1000/pipewire-0.lock Disable /usr/bin/clang-tidy Disable /usr/bin/clang-query Disable /usr/bin/clang-11 (requested /usr/bin/clang++) Disable /usr/bin/clang-extdef-mapping Disable /usr/bin/clang-move Disable /usr/bin/clang-11 (requested /usr/bin/clang-cl) Disable /usr/bin/clang-refactor Disable /usr/bin/clang-rename Disable /usr/bin/clang-reorder-fields Disable /usr/bin/clang-11 Disable /usr/bin/clang-offload-wrapper Disable /usr/bin/clang-change-namespace Disable /usr/bin/clang-offload-bundler Disable /usr/bin/clang-11 (requested /usr/bin/clang-cpp) Disable /usr/bin/clang-11 (requested /usr/bin/clang) Disable /usr/bin/clangd Disable /usr/bin/clang-format Disable /usr/bin/clang-include-fixer Disable /usr/bin/clang-check Disable /usr/bin/clang-apply-replacements Disable /usr/bin/clang-scan-deps Disable /usr/bin/clang-doc Disable /usr/bin/as Disable /usr/bin/gcc (requested /usr/bin/cc) Disable /usr/bin/c++ Disable /usr/bin/c++filt Disable /usr/bin/c89 Disable /usr/bin/c99 Disable /usr/bin/cpp Disable /usr/bin/cpp2html Disable /usr/bin/g++ Disable /usr/bin/gcc-ranlib Disable /usr/bin/gcc-nm Disable /usr/bin/gcc Disable /usr/bin/gcc-ar Disable /usr/bin/gdb Disable /usr/bin/ld Disable /usr/bin/x86_64-pc-linux-gnu-gcc-ranlib Disable /usr/bin/x86_64-pc-linux-gnu-gcc-10.2.0 Disable /usr/bin/x86_64-pc-linux-gnu-gcc-nm Disable /usr/bin/x86_64-pc-linux-gnu-gcc Disable /usr/bin/x86_64-pc-linux-gnu-gcc-ar Disable /usr/bin/x86_64-pc-linux-gnu-g++ Disable /usr/bin/x86_64-pc-linux-gnu-gcc-ranlib Disable /usr/bin/x86_64-pc-linux-gnu-gcc-10.2.0 Disable /usr/bin/x86_64-pc-linux-gnu-gcc-nm Disable /usr/bin/x86_64-pc-linux-gnu-gcc Disable /usr/bin/x86_64-pc-linux-gnu-gcc-ar Disable /usr/bin/x86_64-pc-linux-gnu-g++ Disable /usr/lib/jvm/java-15-openjdk/bin/java (requested /usr/bin/java) Disable /usr/lib/jvm/java-15-openjdk/bin/java (requested /usr/lib/jvm/default/bin/java) Disable /usr/lib/jvm/java-15-openjdk/bin/javac (requested /usr/lib/jvm/default/bin/javac) Disable /usr/share/java Disable /usr/bin/openssl Disable /usr/src Disable /usr/local/src Disable /usr/include Disable /usr/local/include Mounting noexec /home/kishore/.config/Skype 1801 1630 254:3 /kishore/.config/Skype /home/kishore/.config/Skype rw,nosuid,nodev,noexec,relatime master:74 - ext4 /dev/mapper/VolGroup-home rw mountid=1801 fsname=/kishore/.config/Skype dir=/home/kishore/.config/Skype fstype=ext4 Mounting noexec /home/kishore/.config/skypeforlinux 1802 1631 254:3 /kishore/.config/skypeforlinux /home/kishore/.config/skypeforlinux rw,nosuid,nodev,noexec,relatime master:74 - ext4 /dev/mapper/VolGroup-home rw mountid=1802 fsname=/kishore/.config/skypeforlinux dir=/home/kishore/.config/skypeforlinux fstype=ext4 Mounting noexec /run/user/1000 1827 1803 0:24 /firejail/firejail.ro.file /run/user/1000/pipewire-0.lock rw,nosuid,nodev,relatime master:14 - tmpfs run rw,mode=755,inode64 mountid=1827 fsname=/firejail/firejail.ro.file dir=/run/user/1000/pipewire-0.lock fstype=tmpfs Warning: not remounting /run/user/1000/doc Mounting noexec /dev/shm 1828 1551 0:26 / /dev/shm rw,nosuid,nodev,noexec master:3 - tmpfs tmpfs rw,inode64 mountid=1828 fsname=/ dir=/dev/shm fstype=tmpfs Disable /usr/bin/lua Disable /usr/bin/luajit-2.0.5 (requested /usr/bin/luajit) Disable /usr/share/texmf-dist/scripts/luaotfload/luaotfload-tool.lua (requested /usr/bin/luaotfload-tool) Disable /usr/bin/luajithbtex Disable /usr/bin/luatex Disable /usr/bin/lua5.3 Disable /usr/bin/lua (requested /usr/bin/lua5.4) Disable /usr/bin/luac Disable /usr/share/texmf-dist/scripts/context/stubs/unix/luatools (requested /usr/bin/luatools) Disable /usr/bin/luajit-2.0.5 Disable /usr/bin/luahbtex (requested /usr/bin/lualatex) Disable /usr/bin/luac5.3 Disable /usr/bin/luahbtex Disable /usr/bin/lua5.2 Disable /usr/bin/luajittex Disable /usr/bin/luac5.2 Disable /usr/bin/luac (requested /usr/bin/luac5.4) Disable /usr/lib/liblua.so.5.4.2 Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib/liblua5.2.so) Disable /usr/lib/liblua.so.5.4.2 (requested /usr/lib/liblua.so) Disable /usr/lib/liblua5.2.so.5.2.4 Disable /usr/lib/liblua5.3.so.5.3.6 (requested /usr/lib/liblua.so.5.3.6) Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib/liblua.so.5.2.4) Disable /usr/lib/liblua.so.5.4.2 (requested /usr/lib/liblua.so.5.4) Disable /usr/lib/libluajit-5.1.so.2.0.5 Disable /usr/lib/liblua5.3.so.5.3.6 (requested /usr/lib/liblua5.3.so) Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib/liblua5.2.so.5.2) Disable /usr/lib/libluajit-5.1.so.2.0.5 (requested /usr/lib/libluajit-5.1.so.2) Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib/liblua.so.5.2) Disable /usr/lib/liblua5.3.so.5.3.6 (requested /usr/lib/liblua.so.5.3) Disable /usr/lib/liblua.so.5.4.2 (requested /usr/lib/liblua5.4.so) Disable /usr/lib/liblua5.3.so.5.3.6 (requested /usr/lib/liblua5.3.so.5.3) Disable /usr/lib/liblua5.3.so.5.3.6 Disable /usr/lib/libluajit-5.1.so.2.0.5 (requested /usr/lib/libluajit-5.1.so) Disable /usr/lib/lua Disable /usr/lib/liblua.so.5.4.2 (requested /usr/lib64/liblua.so.5.4.2) Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib64/liblua5.2.so) Disable /usr/lib/liblua.so.5.4.2 (requested /usr/lib64/liblua.so) Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib64/liblua5.2.so.5.2.4) Disable /usr/lib/liblua5.3.so.5.3.6 (requested /usr/lib64/liblua.so.5.3.6) Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib64/liblua.so.5.2.4) Disable /usr/lib/liblua.so.5.4.2 (requested /usr/lib64/liblua.so.5.4) Disable /usr/lib/libluajit-5.1.so.2.0.5 (requested /usr/lib64/libluajit-5.1.so.2.0.5) Disable /usr/lib/liblua5.3.so.5.3.6 (requested /usr/lib64/liblua5.3.so) Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib64/liblua5.2.so.5.2) Disable /usr/lib/libluajit-5.1.so.2.0.5 (requested /usr/lib64/libluajit-5.1.so.2) Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib64/liblua.so.5.2) Disable /usr/lib/liblua5.3.so.5.3.6 (requested /usr/lib64/liblua.so.5.3) Disable /usr/lib/liblua.so.5.4.2 (requested /usr/lib64/liblua5.4.so) Disable /usr/lib/liblua5.3.so.5.3.6 (requested /usr/lib64/liblua5.3.so.5.3) Disable /usr/lib/liblua5.3.so.5.3.6 (requested /usr/lib64/liblua5.3.so.5.3.6) Disable /usr/lib/libluajit-5.1.so.2.0.5 (requested /usr/lib64/libluajit-5.1.so) Disable /usr/lib/lua (requested /usr/lib64/lua) Disable /usr/share/lua Disable /usr/share/luajit-2.0.5 Disable /usr/lib/libmozjs-78.so (requested /usr/lib64/libmozjs-78.so) Disable /usr/bin/core_perl/cpan Disable /usr/bin/core_perl Disable /usr/bin/perl Disable /usr/bin/site_perl Disable /usr/bin/vendor_perl Disable /usr/lib/perl5 Disable /usr/lib/perl5 (requested /usr/lib64/perl5) Disable /usr/share/perl5 Disable /usr/bin/ruby Disable /usr/lib/ruby Disable /usr/bin/python2.7 (requested /usr/bin/python2) Disable /usr/bin/python2.7-config (requested /usr/bin/python2-config) Disable /usr/bin/python2.7-config Disable /usr/bin/python2.7 Disable /usr/lib/python2.7 Disable /usr/bin/python3.9-config (requested /usr/bin/python3-config) Disable /usr/bin/python3.9-config Disable /usr/bin/python3.9 Disable /usr/bin/python3.9 (requested /usr/bin/python3) Disable /usr/lib/python3.9 Disable /usr/lib/python3.9 (requested /usr/lib64/python3.9) Not blacklist /home/kishore/.config/skypeforlinux Mounting read-only /tmp/.X11-unix 1906 1632 0:49 /.X11-unix /tmp/.X11-unix ro,nosuid,nodev master:70 - tmpfs tmpfs rw,nr_inodes=409600,inode64 mountid=1906 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Disable /sys/fs Disable /sys/module Disable /mnt Disable /media Disable /run/mount Disable /run/media Mounting noexec /run/firejail/mnt/pulse 1913 1590 0:130 /pulse /run/firejail/mnt/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64 mountid=1913 fsname=/pulse dir=/run/firejail/mnt/pulse fstype=tmpfs Creating empty /home/kishore/.config/pulse directory Drop privileges: pid 5, uid 1000, gid 1000, nogroups 0 Mounting /run/firejail/mnt/pulse on /home/kishore/.config/pulse 1914 1629 0:130 /pulse /home/kishore/.config/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64 mountid=1914 fsname=/pulse dir=/home/kishore/.config/pulse fstype=tmpfs Current directory: /home/kishore DISPLAY=:0 parsed as 0 Mounting read-only /run/firejail/mnt/seccomp 1916 1590 0:130 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755,inode64 mountid=1916 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs Seccomp directory: ls /run/firejail/mnt/seccomp drwxr-xr-x root root 120 . drwxr-xr-x root root 260 .. -rw-r--r-- kishore kishore 1072 seccomp -rw-r--r-- kishore kishore 808 seccomp.32 -rw-r--r-- kishore kishore 0 seccomp.postexec -rw-r--r-- kishore kishore 0 seccomp.postexec32 No active seccomp files Set caps filter 240000 Drop privileges: pid 1, uid 1000, gid 1000, nogroups 1 No supplementary groups AppArmor enabled Starting application LD_PRELOAD=(null) execvp argument 0: skypeforlinux Child process initialized in 117.72 ms Searching $PATH for skypeforlinux trying #/usr/local/sbin/skypeforlinux# trying #/usr/local/bin/skypeforlinux# trying #/usr/bin/skypeforlinux# monitoring pid 6 Sandbox monitor: waitpid 6 retval 6 status 0 Sandbox monitor: monitoring 11 monitoring pid 11 Sandbox monitor: waitpid 11 retval 11 status 32256 Parent is shutting down, bye... </details>

gitea-mirror closed this issue 2026-05-05 09:11:46 -06:00

gitea-mirror commented 2026-05-05 09:11:48 -06:00

Author

Owner

Copy link

@rusty-snake commented on GitHub (Mar 5, 2021):

Thanks for reporting, apparmor was mistakly added (through include chain) in f4f6767458.

<!-- gh-comment-id:791576535 --> @rusty-snake commented on GitHub (Mar 5, 2021): Thanks for reporting, `apparmor` was mistakly added (through include chain) in f4f6767458208a127084e4c0103fab88761d9056.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

serialize_remounts_v2

landlock_v4

landlock

release-0.9.64

release-0.9.62

gitlab_ci

LTSbase

fred_ctests

docs

0.9.80

0.9.80-rc1

0.9.78

0.9.76

0.9.76-rc4

0.9.76-rc3

0.9.76-rc2

0.9.76-rc1

0.9.74

landlock-split

0.9.72

0.9.72rc1

0.9.70

0.9.68

0.9.68rc1

0.9.66

0.9.66rc1

0.9.64.4

0.9.64.2

0.9.64

0.9.64rc1

0.9.62.4

0.9.62.2

0.9.62

0.9.56.2-LTS

0.9.60

0.9.60-rc1

0.9.58.2

0.9.58

0.9.58-rc1

0.9.56-LTS-release

0.9.56-LTS

0.9.56

0.9.56-rc1

0.9.54

0.9.54-rc2

0.9.54-rc1

0.9.52

0.9.38.12

0.9.50

0.9.50-rc1

0.9.48

0.9.46

0.9.46-rc1

0.9.44.10

0.9.44.8

0.9.44.6

0.9.38.10

0.9.44.4

0.9.38.8

0.9.44.2

0.9.44

0.9.44-rc1

0.9.38.4

0.9.42

0.9.42-rc2

0.9.38.2

0.9.42-rc1

disable-globalcfg

0.9.40

0.9.40-rc1

0.9.38

0.9.38-rc1

0.9.36

0.9.36-rc1

0.9.34

0.9.34-rc1

0.9.32

0.9.32-rc1

0.9.30

0.9.30-rc1

Labels

Clear labels   

LTS merge

  

LTS merge

  

bug

  

bug

  

converted-to-discussion

  

doc-todo

  

documentation

  

duplicate

  

enhancement

  

file-transfer

  

firecfg

  

firejail-in-firejail

  

firetools

  

graphics

  

help wanted

  

information_old

  

installation

  

invalid

  

modif

  

moved

  

needinfo

  

networking

  

notabug

  

notourbug

  

old-version

  

overlayfs

  

packaging

  

profile-request

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question_old

  

removal

  

runtime-permissions

  

sandbox-ipc

  

security

  

stale

  

wiki

  

wiki

  

wontfix

  

wordpress

  

workaround

No labels

LTS merge

LTS merge

bug

bug

converted-to-discussion

doc-todo

documentation

duplicate

enhancement

file-transfer

firecfg

firejail-in-firejail

firetools

graphics

help wanted

information_old

installation

invalid

modif

moved

needinfo

networking

notabug

notourbug

old-version

overlayfs

packaging

profile-request

pull-request

question

question_old

removal

runtime-permissions

sandbox-ipc

security

stale

wiki

wiki

wontfix

wordpress

workaround

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2513

No description provided.