github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #4107] evolution - gpg card #2537

New issue
Closed
opened 2026-05-05 09:12:43 -06:00 by gitea-mirror · 5 comments
gitea-mirror commented 2026-05-05 09:12:43 -06:00
Owner
Copy link

Originally created by @madbehaviorus on GitHub (Mar 17, 2021).
Original GitHub issue: https://github.com/netblue30/firejail/issues/4107

Write clear, concise and in textual form.

Bug and expected behavior

  • If I use evolution with firejail, I can't connect to the pgp card like Nitrokey or Yubikey
  • What did you expect to happen?
    That it works, because there is no dbus command in the local profile (/usr/local/etc/firejail/evolution.profile).
    And that is also the fix in thunderbird to use a pgp smartcard.

No profile and disabling firejail

  • What changed calling firejail --noprofile /path/to/program in a terminal?
firejail --noprofile /usr/bin/evolution

Parent pid 286584, child pid 286585
Child process initialized in 20.05 ms

(evolution:2): Gtk-WARNING **: 14:55:46.907: Failed to register client: GDBus.Error:org.freedesktop.DBus.Error.UnknownMethod: Method "RegisterClient" with signature "ss" on interface "org.xfce.Session.Manager" doesn't exist

RSS Plugin enabled (evolution 3.30, evolution-rss 0.3.95)
soup init()

(evolution:2): camel-local-provider-WARNING **: 14:55:48.247: failed a quick-sync, trying a full sync

(evolution:2): camel-local-provider-WARNING **: 14:55:48.248: failed a quick-sync, trying a full sync

The smartcard works.

  • What changed calling the program by path (check which <program> or firejail --list while the sandbox is running)?
 /usr/bin/evolution

(evolution:287021): Gtk-WARNING **: 14:57:34.651: Failed to register client: GDBus.Error:org.freedesktop.DBus.Error.UnknownMethod: Method "RegisterClient" with signature "ss" on interface "org.xfce.Session.Manager" doesn't exist

RSS Plugin enabled (evolution 3.30, evolution-rss 0.3.95)
soup init()

The smartcard works also.

Reproduce
Steps to reproduce the behavior:

  1. Run in bash firejail PROGRAM
  2. See error ERROR
  3. Click on '....'
  4. Scroll down to '....'

Environment

  • Up to date Debian Buster
  • Firejail version 0.9.56.2-LTS

Compile time support:
- AppArmor support is disabled
- AppImage support is enabled
- file and directory whitelisting support is enabled
- networking support is enabled
- seccomp-bpf support is enabled
- user namespace support is enabled

Additional context
Other context about the problem like related errors to understand the problem.

Checklist
all yes

debug output 
OUTPUT OF `firejail --debug PROGRAM`

Autoselecting /bin/bash as shell
Building quoted command line: 'evolution' 
Command name #evolution#
Found evolution profile in /usr/local/etc/firejail directory
Reading profile /usr/local/etc/firejail/evolution.profile
Reading profile /usr/local/etc/firejail/disable-common.inc
Reading profile /usr/local/etc/firejail/disable-devel.inc
Reading profile /usr/local/etc/firejail/disable-interpreters.inc
Reading profile /usr/local/etc/firejail/disable-passwdmgr.inc
Reading profile /usr/local/etc/firejail/disable-programs.inc
Using the local network stack
Parent pid 289348, child pid 289349
Host network configured
Initializing child process
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp directory
Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file
Build protocol filter: unix,inet,inet6
sbox run: /usr/local/lib/firejail/fseccomp protocol build unix,inet,inet6 /run/firejail/mnt/seccomp/seccomp.protocol (null) 
Dropping all capabilities
Drop privileges: pid 2, uid 1000, gid 1000, nogroups 1
No supplementary groups
Mounting read-only /bin, /sbin, /lib, /lib32, /lib64, /usr, /etc
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Mounting tmpfs on /var/lib/dhcp
Mounting tmpfs on /var/lib/snmp
Mounting tmpfs on /var/lib/sudo
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Cleaning /run/user directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/x11
Mounting tmpfs on /dev
mounting /run/firejail/mnt/dev/dri directory
mounting /run/firejail/mnt/dev/hidraw0 file
mounting /run/firejail/mnt/dev/hidraw1 file
mounting /run/firejail/mnt/dev/hidraw2 file
mounting /run/firejail/mnt/dev/hidraw3 file
mounting /run/firejail/mnt/dev/usb directory
Process /dev/shm directory
Remounting /proc and /proc/sys filesystems
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/sched_debug
Disable /proc/timer_list
Disable /proc/kcore
Disable /proc/kallsyms
Disable /usr/lib/modules (requested /lib/modules)
Disable /usr/lib/debug
Disable /boot
Disable /run/user/1000/gnupg
Disable /run/user/1000/systemd
Disable /proc/kmsg
Debug 399: new_name #/var/mail#, whitelist
Debug 399: new_name #/var/spool/mail#, whitelist
Replaced whitelist path: whitelist /var/mail
Debug 399: new_name #/tmp/.X11-unix#, whitelist
Debug 399: new_name #/tmp/pulse-PKdhtXMmr18n#, whitelist
Mounting tmpfs on /tmp directory
Mounting tmpfs on /var directory
Whitelisting /var/mail
4421 4420 253:1 /mail /var/mail rw,relatime master:44 - ext4 /dev/mapper/$user-group rw
fsname=/mail dir=/var/mail fstype=ext4
Whitelisting /var/mail
4422 4421 253:1 /mail /var/mail rw,relatime master:44 - ext4 /dev/mapper/$user-group rw
fsname=/mail dir=/var/mail fstype=ext4
Created symbolic link /var/spool/mail -> /var/mail
Whitelisting /tmp/.X11-unix
4423 4413 253:2 /.X11-unix /tmp/.X11-unix rw,relatime master:46 - ext4 /dev/mapper/$user-vg-temp rw
fsname=/.X11-unix dir=/tmp/.X11-unix fstype=ext4
Whitelisting /tmp/pulse-PKdhtXMmr18n
4424 4413 253:2 /pulse-PKdhtXMmr18n /tmp/pulse-PKdhtXMmr18n rw,relatime master:46 - ext4 /dev/mapper/$user-vg-temp rw
fsname=/pulse-PKdhtXMmr18n dir=/tmp/pulse-PKdhtXMmr18n fstype=ext4
Disable /home/$user/.bash_history
Disable /home/$user/.config/autostart
Disable /etc/X11/Xsession.d
Disable /etc/xdg/autostart
Mounting read-only /home/$user/.Xauthority
Mounting read-only /home/$user/.cache/ksycoca5_de_WCyh+brHAtchndjeD_+6FKtHXmw=
Mounting read-only /home/$user/.config/kdeglobals
Disable /usr/bin/zuluCrypt-cli
Disable /usr/bin/zuluCrypt-cli (requested /bin/zuluCrypt-cli)
Not blacklist /var/mail
Not blacklist /var/spool/mail
Disable /etc/anacrontab
Disable /etc/crontab
Disable /etc/cron.daily
Disable /etc/cron
Disable /etc/cron.monthly
Disable /etc/cron.hourly
Disable /etc/cron.d
Disable /etc/cron.weekly
Disable /etc/profile.d
Disable /etc/rcS.d
Disable /etc/rc0.d
Disable /etc/rc5.d
Disable /etc/rc2.d
Disable /etc/rc4.d
Disable /etc/rc6.d
Disable /etc/rc1.d
Disable /etc/rc3.d
Disable /etc/kernel
Disable /etc/kernel-img.conf
Disable /etc/grub.d
Disable /etc/apparmor.d
Disable /etc/apparmor
Disable /etc/selinux
Disable /etc/modules
Disable /etc/modules-load.d
Disable /etc/logrotate.conf
Disable /etc/logrotate.d
Disable /etc/adduser.conf
Mounting read-only /home/$user/.bash_logout
Mounting read-only /home/$user/.bashrc
Mounting read-only /home/$user/.profile
Disable /home/$user/.local/share/Trash
Mounting read-only /home/$user/.local/share/applications
Not blacklist /home/$user/.gnupg
Disable /home/$user/.local/share/keyrings
Disable /home/$user/.local/share/kwalletd
Not blacklist /home/$user/.pki
Disable /home/$user/.ssh
Disable /etc/group-
Disable /etc/gshadow
Disable /etc/gshadow-
Disable /etc/passwd-
Disable /etc/shadow
Disable /etc/shadow-
Disable /etc/ssh
Disable /usr/sbin (requested /sbin)
Disable /usr/local/sbin
Disable /usr/sbin
Disable /usr/bin/chage
Disable /usr/bin/chage (requested /bin/chage)
Disable /usr/bin/chfn
Disable /usr/bin/chfn (requested /bin/chfn)
Disable /usr/bin/chsh
Disable /usr/bin/chsh (requested /bin/chsh)
Disable /usr/bin/crontab
Disable /usr/bin/crontab (requested /bin/crontab)
Disable /usr/bin/expiry
Disable /usr/bin/expiry (requested /bin/expiry)
Disable /usr/bin/fusermount
Disable /usr/bin/fusermount (requested /bin/fusermount)
Disable /usr/bin/gpasswd
Disable /usr/bin/gpasswd (requested /bin/gpasswd)
Disable /usr/bin/mount
Disable /usr/bin/mount (requested /bin/mount)
Disable /usr/bin/nc.openbsd (requested /usr/bin/nc)
Disable /usr/bin/nc.openbsd (requested /bin/nc)
Disable /usr/bin/newgrp
Disable /usr/bin/newgrp (requested /bin/newgrp)
Disable /usr/bin/ntfs-3g
Disable /usr/bin/ntfs-3g (requested /bin/ntfs-3g)
Disable /usr/bin/pkexec
Disable /usr/bin/pkexec (requested /bin/pkexec)
Disable /usr/bin/newgrp (requested /usr/bin/sg)
Disable /usr/bin/newgrp (requested /bin/sg)
Disable /usr/bin/su
Disable /usr/bin/su (requested /bin/su)
Disable /usr/bin/sudo
Disable /usr/bin/sudo (requested /bin/sudo)
Disable /usr/bin/umount
Disable /usr/bin/umount (requested /bin/umount)
Disable /usr/bin/xev
Disable /usr/bin/xev (requested /bin/xev)
Disable /usr/bin/xfce4-terminal
Disable /usr/bin/xfce4-terminal (requested /bin/xfce4-terminal)
Disable /usr/bin/xfce4-terminal.wrapper
Disable /usr/bin/xfce4-terminal.wrapper (requested /bin/xfce4-terminal.wrapper)
Disable /usr/bin/bwrap
Disable /usr/bin/bwrap (requested /bin/bwrap)
Mounting noexec /tmp/.X11-unix
Disable /usr/bin/x86_64-linux-gnu-as (requested /usr/bin/as)
Disable /usr/bin/x86_64-linux-gnu-as (requested /bin/as)
Disable /usr/bin/x86_64-linux-gnu-gcc-10 (requested /usr/bin/cc)
Disable /usr/bin/x86_64-linux-gnu-gcc-10 (requested /bin/cc)
Disable /usr/bin/x86_64-linux-gnu-g++-10 (requested /usr/bin/c++)
Disable /usr/bin/x86_64-linux-gnu-c++filt (requested /usr/bin/c++filt)
Disable /usr/bin/x86_64-linux-gnu-g++-10 (requested /bin/c++)
Disable /usr/bin/x86_64-linux-gnu-c++filt (requested /bin/c++filt)
Disable /usr/bin/c89-gcc (requested /usr/bin/c89)
Disable /usr/bin/c89-gcc
Disable /usr/bin/c89-gcc (requested /bin/c89)
Disable /usr/bin/c89-gcc (requested /bin/c89-gcc)
Disable /usr/bin/c99-gcc
Disable /usr/bin/c99-gcc (requested /usr/bin/c99)
Disable /usr/bin/c99-gcc (requested /bin/c99-gcc)
Disable /usr/bin/c99-gcc (requested /bin/c99)
Disable /usr/bin/x86_64-linux-gnu-cpp-10 (requested /usr/bin/cpp)
Disable /usr/bin/x86_64-linux-gnu-cpp-10 (requested /usr/bin/cpp-10)
Disable /usr/bin/x86_64-linux-gnu-cpp-10 (requested /bin/cpp)
Disable /usr/bin/x86_64-linux-gnu-cpp-10 (requested /bin/cpp-10)
Disable /usr/bin/x86_64-linux-gnu-g++-10 (requested /usr/bin/g++-10)
Disable /usr/bin/x86_64-linux-gnu-g++-10 (requested /usr/bin/g++)
Disable /usr/bin/x86_64-linux-gnu-g++-10 (requested /bin/g++-10)
Disable /usr/bin/x86_64-linux-gnu-g++-10 (requested /bin/g++)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-10 (requested /usr/bin/gcc-ar-10)
Disable /usr/bin/x86_64-linux-gnu-gcc-10 (requested /usr/bin/gcc-10)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-10 (requested /usr/bin/gcc-ar)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-10 (requested /usr/bin/gcc-ranlib)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-10 (requested /usr/bin/gcc-ranlib-10)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-10 (requested /usr/bin/gcc-nm-10)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-10 (requested /usr/bin/gcc-nm)
Disable /usr/bin/x86_64-linux-gnu-gcc-10 (requested /usr/bin/gcc)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-10 (requested /bin/gcc-ar-10)
Disable /usr/bin/x86_64-linux-gnu-gcc-10 (requested /bin/gcc-10)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-10 (requested /bin/gcc-ar)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-10 (requested /bin/gcc-ranlib)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-10 (requested /bin/gcc-ranlib-10)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-10 (requested /bin/gcc-nm-10)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-10 (requested /bin/gcc-nm)
Disable /usr/bin/x86_64-linux-gnu-gcc-10 (requested /bin/gcc)
Disable /usr/bin/gdb
Disable /usr/bin/gdb (requested /bin/gdb)
Disable /usr/bin/x86_64-linux-gnu-ld.bfd (requested /usr/bin/ld)
Disable /usr/bin/x86_64-linux-gnu-ld.bfd (requested /bin/ld)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-10 (requested /usr/bin/x86_64-linux-gnu-gcc-nm)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-10 (requested /usr/bin/x86_64-linux-gnu-gcc-ranlib)
Disable /usr/bin/x86_64-linux-gnu-gcc-10 (requested /usr/bin/x86_64-linux-gnu-gcc)
Disable /usr/bin/c99-gcc
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-10
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-10
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-10 (requested /usr/bin/x86_64-linux-gnu-gcc-ar)
Disable /usr/bin/c89-gcc
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-10
Disable /usr/bin/x86_64-linux-gnu-gcc-10
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-10 (requested /bin/x86_64-linux-gnu-gcc-nm)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-10 (requested /bin/x86_64-linux-gnu-gcc-ranlib)
Disable /usr/bin/x86_64-linux-gnu-gcc-10 (requested /bin/x86_64-linux-gnu-gcc)
Disable /usr/bin/c99-gcc (requested /bin/c99-gcc)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-10 (requested /bin/x86_64-linux-gnu-gcc-ranlib-10)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-10 (requested /bin/x86_64-linux-gnu-gcc-ar-10)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-10 (requested /bin/x86_64-linux-gnu-gcc-ar)
Disable /usr/bin/c89-gcc (requested /bin/c89-gcc)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-10 (requested /bin/x86_64-linux-gnu-gcc-nm-10)
Disable /usr/bin/x86_64-linux-gnu-gcc-10 (requested /bin/x86_64-linux-gnu-gcc-10)
Disable /usr/bin/x86_64-linux-gnu-g++-10
Disable /usr/bin/x86_64-linux-gnu-g++-10 (requested /usr/bin/x86_64-linux-gnu-g++)
Disable /usr/bin/x86_64-linux-gnu-g++-10 (requested /bin/x86_64-linux-gnu-g++-10)
Disable /usr/bin/x86_64-linux-gnu-g++-10 (requested /bin/x86_64-linux-gnu-g++)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-10 (requested /usr/bin/x86_64-linux-gnu-gcc-nm)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-10 (requested /usr/bin/x86_64-linux-gnu-gcc-ranlib)
Disable /usr/bin/x86_64-linux-gnu-gcc-10 (requested /usr/bin/x86_64-linux-gnu-gcc)
Disable /usr/bin/c99-gcc
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-10
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-10
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-10 (requested /usr/bin/x86_64-linux-gnu-gcc-ar)
Disable /usr/bin/c89-gcc
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-10
Disable /usr/bin/x86_64-linux-gnu-gcc-10
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-10 (requested /bin/x86_64-linux-gnu-gcc-nm)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-10 (requested /bin/x86_64-linux-gnu-gcc-ranlib)
Disable /usr/bin/x86_64-linux-gnu-gcc-10 (requested /bin/x86_64-linux-gnu-gcc)
Disable /usr/bin/c99-gcc (requested /bin/c99-gcc)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-10 (requested /bin/x86_64-linux-gnu-gcc-ranlib-10)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-10 (requested /bin/x86_64-linux-gnu-gcc-ar-10)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-10 (requested /bin/x86_64-linux-gnu-gcc-ar)
Disable /usr/bin/c89-gcc (requested /bin/c89-gcc)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-10 (requested /bin/x86_64-linux-gnu-gcc-nm-10)
Disable /usr/bin/x86_64-linux-gnu-gcc-10 (requested /bin/x86_64-linux-gnu-gcc-10)
Disable /usr/bin/x86_64-linux-gnu-g++-10
Disable /usr/bin/x86_64-linux-gnu-g++-10 (requested /usr/bin/x86_64-linux-gnu-g++)
Disable /usr/bin/x86_64-linux-gnu-g++-10 (requested /bin/x86_64-linux-gnu-g++-10)
Disable /usr/bin/x86_64-linux-gnu-g++-10 (requested /bin/x86_64-linux-gnu-g++)
Disable /usr/include
Disable /usr/lib/valgrind
Disable /usr/lib/jvm/java-11-openjdk-amd64/bin/java (requested /usr/bin/java)
Disable /usr/lib/jvm/java-11-openjdk-amd64/bin/java (requested /bin/java)
Disable /usr/lib/jvm/java-11-openjdk-amd64/bin/javac (requested /usr/bin/javac)
Disable /usr/lib/jvm/java-11-openjdk-amd64/bin/javac (requested /bin/javac)
Disable /usr/lib/java
Disable /etc/java
Disable /usr/share/java
Disable /usr/bin/openssl
Disable /usr/bin/openssl (requested /bin/openssl)
Disable /usr/bin/luatex
Disable /usr/bin/luatex (requested /usr/bin/lualatex)
Disable /usr/bin/luajittex
Disable /usr/bin/luatex53
Disable /usr/bin/luatex (requested /bin/luatex)
Disable /usr/bin/luatex (requested /bin/lualatex)
Disable /usr/bin/luajittex (requested /bin/luajittex)
Disable /usr/bin/luatex53 (requested /bin/luatex53)
Disable /usr/share/lua
Disable /usr/bin/cpan
Disable /usr/bin/cpan5.32-x86_64-linux-gnu
Disable /usr/bin/cpan5.28-x86_64-linux-gnu
Disable /usr/bin/cpan (requested /bin/cpan)
Disable /usr/bin/cpan5.32-x86_64-linux-gnu (requested /bin/cpan5.32-x86_64-linux-gnu)
Disable /usr/bin/cpan5.28-x86_64-linux-gnu (requested /bin/cpan5.28-x86_64-linux-gnu)
Disable /usr/bin/perl
Disable /usr/bin/perl (requested /bin/perl)
Disable /usr/share/perl
Disable /usr/share/perl5
Disable /usr/share/perl-openssl-defaults
Disable /usr/bin/ruby2.5 (requested /usr/bin/ruby)
Disable /usr/bin/ruby2.5 (requested /bin/ruby)
Disable /usr/lib/ruby
Disable /usr/bin/python2.7
Disable /usr/bin/python2.7 (requested /usr/bin/python2)
Disable /usr/bin/python2.7 (requested /bin/python2.7)
Disable /usr/bin/python2.7 (requested /bin/python2)
Disable /usr/lib/python2.7
Disable /usr/local/lib/python2.7
Disable /usr/bin/python3-qr
Disable /usr/bin/python3.9
Disable /usr/bin/python3.9 (requested /usr/bin/python3)
Disable /usr/bin/python3-qr (requested /bin/python3-qr)
Disable /usr/bin/python3.9 (requested /bin/python3.9)
Disable /usr/bin/python3.9 (requested /bin/python3)
Disable /usr/lib/python3.9
Disable /usr/lib/python3.7
Disable /usr/lib/python3
Disable /usr/local/lib/python3.9
Disable /usr/share/python3
Disable /home/$user/.password-store
Disable /home/$user/.audacity-data
Disable /home/$user/.config/Mousepad
Disable /home/$user/.config/Thunar
Disable /home/$user/.config/emaildefaults
Disable /home/$user/.config/enchant
Not blacklist /home/$user/.config/evolution
Disable /home/$user/.config/galculator
Disable /home/$user/.config/gedit
Disable /home/$user/.config/ghb
Disable /home/$user/.config/libreoffice
Disable /home/$user/.config/liferea
Disable /home/$user/.config/nautilus
Disable /home/$user/.config/xfce4/xfce4-notes.gtkrc
Disable /home/$user/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml
Disable /home/$user/.config/xfce4-dict
Disable /home/$user/.gitconfig
Disable /home/$user/.gradle
Not blacklist /home/$user/.local/share/evolution
Disable /home/$user/.local/share/liferea
Disable /home/$user/.local/share/maps-places.json
Disable /home/$user/.local/share/nautilus
Disable /home/$user/.local/share/notes
Disable /home/$user/.mozilla
Disable /home/$user/.purple
Disable /home/$user/.thunderbird
Disable /home/$user/.tooling
Disable /home/$user/.cache/Clementine
Disable /home/$user/.cache/champlain
Not blacklist /home/$user/.cache/evolution
Disable /home/$user/.cache/gajim
Disable /home/$user/.cache/kdenlive
Disable /home/$user/.cache/liferea
Disable /home/$user/.cache/mozilla
Disable /home/$user/.cache/thunderbird
Mounting noexec /home/$user
Mounting noexec /tmp
Disable /sys/fs
Disable /sys/module
disable pulseaudio
blacklist /home/$user/.config/pulse
blacklist /run/user/1000/pulse/native
blacklist /run/user/1000/pulse/native
blacklist /tmp/pulse-PKdhtXMmr18n
blacklist /dev/snd
blacklist /dev/dvb
blacklist /dev/sr0
blacklist /dev/video0
blacklist /dev/video1
blacklist /dev/video2
blacklist /dev/video3
blacklist /dev/video4
blacklist /dev/video5
blacklist /dev/video6
blacklist /dev/video7
blacklist /dev/video8
blacklist /dev/video9
Current directory: /home/$user/Downloads
Install protocol filter: unix,inet,inet6
configuring 14 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol
sbox run: /usr/local/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol (null) 
Dropping all capabilities
Drop privileges: pid 3, uid 1000, gid 1000, nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 15 01 00 00000029   jeq socket 0006 (false 0005)
 0005: 06 00 00 7fff0000   ret ALLOW
 0006: 20 00 00 00000010   ld  data.args[0]
 0007: 15 00 01 00000001   jeq 1 0008 (false 0009)
 0008: 06 00 00 7fff0000   ret ALLOW
 0009: 15 00 01 00000002   jeq 2 000a (false 000b)
 000a: 06 00 00 7fff0000   ret ALLOW
 000b: 15 00 01 0000000a   jeq a 000c (false 000d)
 000c: 06 00 00 7fff0000   ret ALLOW
 000d: 06 00 00 0005005f   ret ERRNO(95)
configuring 54 seccomp entries in /run/firejail/mnt/seccomp/seccomp.32
sbox run: /usr/local/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.32 (null) 
Dropping all capabilities
Drop privileges: pid 4, uid 1000, gid 1000, nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 40000003   jeq ARCH_32 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 15 30 00 00000015   jeq 15 0035 (false 0005)
 0005: 15 2f 00 00000034   jeq 34 0035 (false 0006)
 0006: 15 2e 00 0000001a   jeq 1a 0035 (false 0007)
 0007: 15 2d 00 0000011b   jeq 11b 0035 (false 0008)
 0008: 15 2c 00 00000155   jeq 155 0035 (false 0009)
 0009: 15 2b 00 00000156   jeq 156 0035 (false 000a)
 000a: 15 2a 00 0000007f   jeq 7f 0035 (false 000b)
 000b: 15 29 00 00000080   jeq 80 0035 (false 000c)
 000c: 15 28 00 0000015e   jeq 15e 0035 (false 000d)
 000d: 15 27 00 00000081   jeq 81 0035 (false 000e)
 000e: 15 26 00 0000006e   jeq 6e 0035 (false 000f)
 000f: 15 25 00 00000065   jeq 65 0035 (false 0010)
 0010: 15 24 00 00000121   jeq 121 0035 (false 0011)
 0011: 15 23 00 00000057   jeq 57 0035 (false 0012)
 0012: 15 22 00 00000073   jeq 73 0035 (false 0013)
 0013: 15 21 00 00000067   jeq 67 0035 (false 0014)
 0014: 15 20 00 0000015b   jeq 15b 0035 (false 0015)
 0015: 15 1f 00 0000015c   jeq 15c 0035 (false 0016)
 0016: 15 1e 00 00000087   jeq 87 0035 (false 0017)
 0017: 15 1d 00 00000095   jeq 95 0035 (false 0018)
 0018: 15 1c 00 0000007c   jeq 7c 0035 (false 0019)
 0019: 15 1b 00 00000157   jeq 157 0035 (false 001a)
 001a: 15 1a 00 000000fd   jeq fd 0035 (false 001b)
 001b: 15 19 00 00000150   jeq 150 0035 (false 001c)
 001c: 15 18 00 00000152   jeq 152 0035 (false 001d)
 001d: 15 17 00 0000015d   jeq 15d 0035 (false 001e)
 001e: 15 16 00 0000011e   jeq 11e 0035 (false 001f)
 001f: 15 15 00 0000011f   jeq 11f 0035 (false 0020)
 0020: 15 14 00 00000120   jeq 120 0035 (false 0021)
 0021: 15 13 00 00000056   jeq 56 0035 (false 0022)
 0022: 15 12 00 00000033   jeq 33 0035 (false 0023)
 0023: 15 11 00 0000007b   jeq 7b 0035 (false 0024)
 0024: 15 10 00 000000d9   jeq d9 0035 (false 0025)
 0025: 15 0f 00 000000f5   jeq f5 0035 (false 0026)
 0026: 15 0e 00 000000f6   jeq f6 0035 (false 0027)
 0027: 15 0d 00 000000f7   jeq f7 0035 (false 0028)
 0028: 15 0c 00 000000f8   jeq f8 0035 (false 0029)
 0029: 15 0b 00 000000f9   jeq f9 0035 (false 002a)
 002a: 15 0a 00 00000101   jeq 101 0035 (false 002b)
 002b: 15 09 00 00000112   jeq 112 0035 (false 002c)
 002c: 15 08 00 00000114   jeq 114 0035 (false 002d)
 002d: 15 07 00 00000126   jeq 126 0035 (false 002e)
 002e: 15 06 00 0000013d   jeq 13d 0035 (false 002f)
 002f: 15 05 00 0000013c   jeq 13c 0035 (false 0030)
 0030: 15 04 00 0000003d   jeq 3d 0035 (false 0031)
 0031: 15 03 00 00000058   jeq 58 0035 (false 0032)
 0032: 15 02 00 000000a9   jeq a9 0035 (false 0033)
 0033: 15 01 00 00000082   jeq 82 0035 (false 0034)
 0034: 06 00 00 7fff0000   ret ALLOW
 0035: 06 00 00 00000000   ret KILL
Dual 32/64 bit seccomp filter configured
configuring 74 seccomp entries in /run/firejail/mnt/seccomp/seccomp
sbox run: /usr/local/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp (null) 
Dropping all capabilities
Drop privileges: pid 5, uid 1000, gid 1000, nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 35 01 00 40000000   jge X32_ABI 0006 (false 0005)
 0005: 35 01 00 00000000   jge read 0007 (false 0006)
 0006: 06 00 00 00050001   ret ERRNO(1)
 0007: 15 41 00 0000009a   jeq modify_ldt 0049 (false 0008)
 0008: 15 40 00 000000d4   jeq lookup_dcookie 0049 (false 0009)
 0009: 15 3f 00 0000012a   jeq perf_event_open 0049 (false 000a)
 000a: 15 3e 00 00000137   jeq process_vm_writev 0049 (false 000b)
 000b: 15 3d 00 0000009c   jeq _sysctl 0049 (false 000c)
 000c: 15 3c 00 000000b7   jeq afs_syscall 0049 (false 000d)
 000d: 15 3b 00 000000ae   jeq create_module 0049 (false 000e)
 000e: 15 3a 00 000000b1   jeq get_kernel_syms 0049 (false 000f)
 000f: 15 39 00 000000b5   jeq getpmsg 0049 (false 0010)
 0010: 15 38 00 000000b6   jeq putpmsg 0049 (false 0011)
 0011: 15 37 00 000000b2   jeq query_module 0049 (false 0012)
 0012: 15 36 00 000000b9   jeq security 0049 (false 0013)
 0013: 15 35 00 0000008b   jeq sysfs 0049 (false 0014)
 0014: 15 34 00 000000b8   jeq tuxcall 0049 (false 0015)
 0015: 15 33 00 00000086   jeq uselib 0049 (false 0016)
 0016: 15 32 00 00000088   jeq ustat 0049 (false 0017)
 0017: 15 31 00 000000ec   jeq vserver 0049 (false 0018)
 0018: 15 30 00 0000009f   jeq adjtimex 0049 (false 0019)
 0019: 15 2f 00 00000131   jeq clock_adjtime 0049 (false 001a)
 001a: 15 2e 00 000000e3   jeq clock_settime 0049 (false 001b)
 001b: 15 2d 00 000000a4   jeq settimeofday 0049 (false 001c)
 001c: 15 2c 00 000000b0   jeq delete_module 0049 (false 001d)
 001d: 15 2b 00 00000139   jeq finit_module 0049 (false 001e)
 001e: 15 2a 00 000000af   jeq init_module 0049 (false 001f)
 001f: 15 29 00 000000ad   jeq ioperm 0049 (false 0020)
 0020: 15 28 00 000000ac   jeq iopl 0049 (false 0021)
 0021: 15 27 00 000000f6   jeq kexec_load 0049 (false 0022)
 0022: 15 26 00 00000140   jeq kexec_file_load 0049 (false 0023)
 0023: 15 25 00 000000a9   jeq reboot 0049 (false 0024)
 0024: 15 24 00 000000a7   jeq swapon 0049 (false 0025)
 0025: 15 23 00 000000a8   jeq swapoff 0049 (false 0026)
 0026: 15 22 00 000000a3   jeq acct 0049 (false 0027)
 0027: 15 21 00 00000141   jeq bpf 0049 (false 0028)
 0028: 15 20 00 000000a1   jeq chroot 0049 (false 0029)
 0029: 15 1f 00 000000a5   jeq mount 0049 (false 002a)
 002a: 15 1e 00 000000b4   jeq nfsservctl 0049 (false 002b)
 002b: 15 1d 00 0000009b   jeq pivot_root 0049 (false 002c)
 002c: 15 1c 00 000000ab   jeq setdomainname 0049 (false 002d)
 002d: 15 1b 00 000000aa   jeq sethostname 0049 (false 002e)
 002e: 15 1a 00 000000a6   jeq umount2 0049 (false 002f)
 002f: 15 19 00 00000099   jeq vhangup 0049 (false 0030)
 0030: 15 18 00 000000ee   jeq set_mempolicy 0049 (false 0031)
 0031: 15 17 00 00000100   jeq migrate_pages 0049 (false 0032)
 0032: 15 16 00 00000117   jeq move_pages 0049 (false 0033)
 0033: 15 15 00 000000ed   jeq mbind 0049 (false 0034)
 0034: 15 14 00 00000130   jeq open_by_handle_at 0049 (false 0035)
 0035: 15 13 00 0000012f   jeq name_to_handle_at 0049 (false 0036)
 0036: 15 12 00 000000fb   jeq ioprio_set 0049 (false 0037)
 0037: 15 11 00 00000067   jeq syslog 0049 (false 0038)
 0038: 15 10 00 0000012c   jeq fanotify_init 0049 (false 0039)
 0039: 15 0f 00 00000138   jeq kcmp 0049 (false 003a)
 003a: 15 0e 00 000000f8   jeq add_key 0049 (false 003b)
 003b: 15 0d 00 000000f9   jeq request_key 0049 (false 003c)
 003c: 15 0c 00 000000fa   jeq keyctl 0049 (false 003d)
 003d: 15 0b 00 000000ce   jeq io_setup 0049 (false 003e)
 003e: 15 0a 00 000000cf   jeq io_destroy 0049 (false 003f)
 003f: 15 09 00 000000d0   jeq io_getevents 0049 (false 0040)
 0040: 15 08 00 000000d1   jeq io_submit 0049 (false 0041)
 0041: 15 07 00 000000d2   jeq io_cancel 0049 (false 0042)
 0042: 15 06 00 000000d8   jeq remap_file_pages 0049 (false 0043)
 0043: 15 05 00 00000116   jeq vmsplice 0049 (false 0044)
 0044: 15 04 00 00000143   jeq userfaultfd 0049 (false 0045)
 0045: 15 03 00 00000065   jeq ptrace 0049 (false 0046)
 0046: 15 02 00 00000087   jeq personality 0049 (false 0047)
 0047: 15 01 00 00000136   jeq process_vm_readv 0049 (false 0048)
 0048: 06 00 00 7fff0000   ret ALLOW
 0049: 06 00 01 00000000   ret KILL
seccomp filter configured
Dropping all capabilities
noroot user namespace installed
Dropping all capabilities
NO_NEW_PRIVS set
Drop privileges: pid 1, uid 1000, gid 1000, nogroups 1
No supplementary groups
starting application
LD_PRELOAD=(null)
execvp argument 0: evolution
Child process initialized in 154.05 ms
Searching $PATH for evolution
trying #/usr/local/bin/evolution#
Installing /run/firejail/mnt/seccomp/seccomp seccomp filter
Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter
Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter
Warning: an existing sandbox was detected. /usr/bin/evolution will run without any additional sandboxing features
monitoring pid 6


(evolution:6): Gtk-WARNING **: 15:11:41.620: Failed to register client: GDBus.Error:org.freedesktop.DBus.Error.UnknownMethod: Method "RegisterClient" with signature "ss" on interface "org.xfce.Session.Manager" doesn't exist

RSS Plugin enabled (evolution 3.30, evolution-rss 0.3.95)
soup init()
Originally created by @madbehaviorus on GitHub (Mar 17, 2021). Original GitHub issue: https://github.com/netblue30/firejail/issues/4107 Write clear, concise and in textual form. **Bug and expected behavior** - If I use evolution with firejail, I can't connect to the pgp card like Nitrokey or Yubikey - What did you expect to happen? That it works, because there is no dbus command in the local profile (/usr/local/etc/firejail/evolution.profile). And that is also the fix in thunderbird to use a pgp smartcard. **No profile and disabling firejail** - What changed calling `firejail --noprofile /path/to/program` in a terminal? ``` firejail --noprofile /usr/bin/evolution Parent pid 286584, child pid 286585 Child process initialized in 20.05 ms (evolution:2): Gtk-WARNING **: 14:55:46.907: Failed to register client: GDBus.Error:org.freedesktop.DBus.Error.UnknownMethod: Method "RegisterClient" with signature "ss" on interface "org.xfce.Session.Manager" doesn't exist RSS Plugin enabled (evolution 3.30, evolution-rss 0.3.95) soup init() (evolution:2): camel-local-provider-WARNING **: 14:55:48.247: failed a quick-sync, trying a full sync (evolution:2): camel-local-provider-WARNING **: 14:55:48.248: failed a quick-sync, trying a full sync ``` The smartcard works. - What changed calling the program by path (check `which <program>` or `firejail --list` while the sandbox is running)? ``` /usr/bin/evolution (evolution:287021): Gtk-WARNING **: 14:57:34.651: Failed to register client: GDBus.Error:org.freedesktop.DBus.Error.UnknownMethod: Method "RegisterClient" with signature "ss" on interface "org.xfce.Session.Manager" doesn't exist RSS Plugin enabled (evolution 3.30, evolution-rss 0.3.95) soup init() ``` The smartcard works also. **Reproduce** Steps to reproduce the behavior: 1. Run in bash `firejail PROGRAM` 2. See error `ERROR` 3. Click on '....' 4. Scroll down to '....' **Environment** - Up to date Debian Buster - Firejail version 0.9.56.2-LTS Compile time support: - AppArmor support is disabled - AppImage support is enabled - file and directory whitelisting support is enabled - networking support is enabled - seccomp-bpf support is enabled - user namespace support is enabled **Additional context** Other context about the problem like related errors to understand the problem. **Checklist** all yes <details><summary> debug output </summary> ``` OUTPUT OF `firejail --debug PROGRAM` Autoselecting /bin/bash as shell Building quoted command line: 'evolution' Command name #evolution# Found evolution profile in /usr/local/etc/firejail directory Reading profile /usr/local/etc/firejail/evolution.profile Reading profile /usr/local/etc/firejail/disable-common.inc Reading profile /usr/local/etc/firejail/disable-devel.inc Reading profile /usr/local/etc/firejail/disable-interpreters.inc Reading profile /usr/local/etc/firejail/disable-passwdmgr.inc Reading profile /usr/local/etc/firejail/disable-programs.inc Using the local network stack Parent pid 289348, child pid 289349 Host network configured Initializing child process PID namespace installed Mounting tmpfs on /run/firejail/mnt directory Creating empty /run/firejail/mnt/seccomp directory Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file Build protocol filter: unix,inet,inet6 sbox run: /usr/local/lib/firejail/fseccomp protocol build unix,inet,inet6 /run/firejail/mnt/seccomp/seccomp.protocol (null) Dropping all capabilities Drop privileges: pid 2, uid 1000, gid 1000, nogroups 1 No supplementary groups Mounting read-only /bin, /sbin, /lib, /lib32, /lib64, /usr, /etc Mounting tmpfs on /var/lock Mounting tmpfs on /var/tmp Mounting tmpfs on /var/log Mounting tmpfs on /var/lib/dhcp Mounting tmpfs on /var/lib/snmp Mounting tmpfs on /var/lib/sudo Create the new utmp file Mount the new utmp file Cleaning /home directory Cleaning /run/user directory Sanitizing /etc/passwd, UID_MIN 1000 Sanitizing /etc/group, GID_MIN 1000 Disable /run/firejail/network Disable /run/firejail/bandwidth Disable /run/firejail/name Disable /run/firejail/x11 Mounting tmpfs on /dev mounting /run/firejail/mnt/dev/dri directory mounting /run/firejail/mnt/dev/hidraw0 file mounting /run/firejail/mnt/dev/hidraw1 file mounting /run/firejail/mnt/dev/hidraw2 file mounting /run/firejail/mnt/dev/hidraw3 file mounting /run/firejail/mnt/dev/usb directory Process /dev/shm directory Remounting /proc and /proc/sys filesystems Remounting /sys directory Disable /sys/firmware Disable /sys/hypervisor Disable /sys/power Disable /sys/kernel/debug Disable /sys/kernel/vmcoreinfo Disable /proc/sys/fs/binfmt_misc Disable /proc/sys/kernel/core_pattern Disable /proc/sys/kernel/modprobe Disable /proc/sysrq-trigger Disable /proc/sys/vm/panic_on_oom Disable /proc/irq Disable /proc/bus Disable /proc/sched_debug Disable /proc/timer_list Disable /proc/kcore Disable /proc/kallsyms Disable /usr/lib/modules (requested /lib/modules) Disable /usr/lib/debug Disable /boot Disable /run/user/1000/gnupg Disable /run/user/1000/systemd Disable /proc/kmsg Debug 399: new_name #/var/mail#, whitelist Debug 399: new_name #/var/spool/mail#, whitelist Replaced whitelist path: whitelist /var/mail Debug 399: new_name #/tmp/.X11-unix#, whitelist Debug 399: new_name #/tmp/pulse-PKdhtXMmr18n#, whitelist Mounting tmpfs on /tmp directory Mounting tmpfs on /var directory Whitelisting /var/mail 4421 4420 253:1 /mail /var/mail rw,relatime master:44 - ext4 /dev/mapper/$user-group rw fsname=/mail dir=/var/mail fstype=ext4 Whitelisting /var/mail 4422 4421 253:1 /mail /var/mail rw,relatime master:44 - ext4 /dev/mapper/$user-group rw fsname=/mail dir=/var/mail fstype=ext4 Created symbolic link /var/spool/mail -> /var/mail Whitelisting /tmp/.X11-unix 4423 4413 253:2 /.X11-unix /tmp/.X11-unix rw,relatime master:46 - ext4 /dev/mapper/$user-vg-temp rw fsname=/.X11-unix dir=/tmp/.X11-unix fstype=ext4 Whitelisting /tmp/pulse-PKdhtXMmr18n 4424 4413 253:2 /pulse-PKdhtXMmr18n /tmp/pulse-PKdhtXMmr18n rw,relatime master:46 - ext4 /dev/mapper/$user-vg-temp rw fsname=/pulse-PKdhtXMmr18n dir=/tmp/pulse-PKdhtXMmr18n fstype=ext4 Disable /home/$user/.bash_history Disable /home/$user/.config/autostart Disable /etc/X11/Xsession.d Disable /etc/xdg/autostart Mounting read-only /home/$user/.Xauthority Mounting read-only /home/$user/.cache/ksycoca5_de_WCyh+brHAtchndjeD_+6FKtHXmw= Mounting read-only /home/$user/.config/kdeglobals Disable /usr/bin/zuluCrypt-cli Disable /usr/bin/zuluCrypt-cli (requested /bin/zuluCrypt-cli) Not blacklist /var/mail Not blacklist /var/spool/mail Disable /etc/anacrontab Disable /etc/crontab Disable /etc/cron.daily Disable /etc/cron Disable /etc/cron.monthly Disable /etc/cron.hourly Disable /etc/cron.d Disable /etc/cron.weekly Disable /etc/profile.d Disable /etc/rcS.d Disable /etc/rc0.d Disable /etc/rc5.d Disable /etc/rc2.d Disable /etc/rc4.d Disable /etc/rc6.d Disable /etc/rc1.d Disable /etc/rc3.d Disable /etc/kernel Disable /etc/kernel-img.conf Disable /etc/grub.d Disable /etc/apparmor.d Disable /etc/apparmor Disable /etc/selinux Disable /etc/modules Disable /etc/modules-load.d Disable /etc/logrotate.conf Disable /etc/logrotate.d Disable /etc/adduser.conf Mounting read-only /home/$user/.bash_logout Mounting read-only /home/$user/.bashrc Mounting read-only /home/$user/.profile Disable /home/$user/.local/share/Trash Mounting read-only /home/$user/.local/share/applications Not blacklist /home/$user/.gnupg Disable /home/$user/.local/share/keyrings Disable /home/$user/.local/share/kwalletd Not blacklist /home/$user/.pki Disable /home/$user/.ssh Disable /etc/group- Disable /etc/gshadow Disable /etc/gshadow- Disable /etc/passwd- Disable /etc/shadow Disable /etc/shadow- Disable /etc/ssh Disable /usr/sbin (requested /sbin) Disable /usr/local/sbin Disable /usr/sbin Disable /usr/bin/chage Disable /usr/bin/chage (requested /bin/chage) Disable /usr/bin/chfn Disable /usr/bin/chfn (requested /bin/chfn) Disable /usr/bin/chsh Disable /usr/bin/chsh (requested /bin/chsh) Disable /usr/bin/crontab Disable /usr/bin/crontab (requested /bin/crontab) Disable /usr/bin/expiry Disable /usr/bin/expiry (requested /bin/expiry) Disable /usr/bin/fusermount Disable /usr/bin/fusermount (requested /bin/fusermount) Disable /usr/bin/gpasswd Disable /usr/bin/gpasswd (requested /bin/gpasswd) Disable /usr/bin/mount Disable /usr/bin/mount (requested /bin/mount) Disable /usr/bin/nc.openbsd (requested /usr/bin/nc) Disable /usr/bin/nc.openbsd (requested /bin/nc) Disable /usr/bin/newgrp Disable /usr/bin/newgrp (requested /bin/newgrp) Disable /usr/bin/ntfs-3g Disable /usr/bin/ntfs-3g (requested /bin/ntfs-3g) Disable /usr/bin/pkexec Disable /usr/bin/pkexec (requested /bin/pkexec) Disable /usr/bin/newgrp (requested /usr/bin/sg) Disable /usr/bin/newgrp (requested /bin/sg) Disable /usr/bin/su Disable /usr/bin/su (requested /bin/su) Disable /usr/bin/sudo Disable /usr/bin/sudo (requested /bin/sudo) Disable /usr/bin/umount Disable /usr/bin/umount (requested /bin/umount) Disable /usr/bin/xev Disable /usr/bin/xev (requested /bin/xev) Disable /usr/bin/xfce4-terminal Disable /usr/bin/xfce4-terminal (requested /bin/xfce4-terminal) Disable /usr/bin/xfce4-terminal.wrapper Disable /usr/bin/xfce4-terminal.wrapper (requested /bin/xfce4-terminal.wrapper) Disable /usr/bin/bwrap Disable /usr/bin/bwrap (requested /bin/bwrap) Mounting noexec /tmp/.X11-unix Disable /usr/bin/x86_64-linux-gnu-as (requested /usr/bin/as) Disable /usr/bin/x86_64-linux-gnu-as (requested /bin/as) Disable /usr/bin/x86_64-linux-gnu-gcc-10 (requested /usr/bin/cc) Disable /usr/bin/x86_64-linux-gnu-gcc-10 (requested /bin/cc) Disable /usr/bin/x86_64-linux-gnu-g++-10 (requested /usr/bin/c++) Disable /usr/bin/x86_64-linux-gnu-c++filt (requested /usr/bin/c++filt) Disable /usr/bin/x86_64-linux-gnu-g++-10 (requested /bin/c++) Disable /usr/bin/x86_64-linux-gnu-c++filt (requested /bin/c++filt) Disable /usr/bin/c89-gcc (requested /usr/bin/c89) Disable /usr/bin/c89-gcc Disable /usr/bin/c89-gcc (requested /bin/c89) Disable /usr/bin/c89-gcc (requested /bin/c89-gcc) Disable /usr/bin/c99-gcc Disable /usr/bin/c99-gcc (requested /usr/bin/c99) Disable /usr/bin/c99-gcc (requested /bin/c99-gcc) Disable /usr/bin/c99-gcc (requested /bin/c99) Disable /usr/bin/x86_64-linux-gnu-cpp-10 (requested /usr/bin/cpp) Disable /usr/bin/x86_64-linux-gnu-cpp-10 (requested /usr/bin/cpp-10) Disable /usr/bin/x86_64-linux-gnu-cpp-10 (requested /bin/cpp) Disable /usr/bin/x86_64-linux-gnu-cpp-10 (requested /bin/cpp-10) Disable /usr/bin/x86_64-linux-gnu-g++-10 (requested /usr/bin/g++-10) Disable /usr/bin/x86_64-linux-gnu-g++-10 (requested /usr/bin/g++) Disable /usr/bin/x86_64-linux-gnu-g++-10 (requested /bin/g++-10) Disable /usr/bin/x86_64-linux-gnu-g++-10 (requested /bin/g++) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-10 (requested /usr/bin/gcc-ar-10) Disable /usr/bin/x86_64-linux-gnu-gcc-10 (requested /usr/bin/gcc-10) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-10 (requested /usr/bin/gcc-ar) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-10 (requested /usr/bin/gcc-ranlib) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-10 (requested /usr/bin/gcc-ranlib-10) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-10 (requested /usr/bin/gcc-nm-10) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-10 (requested /usr/bin/gcc-nm) Disable /usr/bin/x86_64-linux-gnu-gcc-10 (requested /usr/bin/gcc) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-10 (requested /bin/gcc-ar-10) Disable /usr/bin/x86_64-linux-gnu-gcc-10 (requested /bin/gcc-10) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-10 (requested /bin/gcc-ar) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-10 (requested /bin/gcc-ranlib) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-10 (requested /bin/gcc-ranlib-10) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-10 (requested /bin/gcc-nm-10) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-10 (requested /bin/gcc-nm) Disable /usr/bin/x86_64-linux-gnu-gcc-10 (requested /bin/gcc) Disable /usr/bin/gdb Disable /usr/bin/gdb (requested /bin/gdb) Disable /usr/bin/x86_64-linux-gnu-ld.bfd (requested /usr/bin/ld) Disable /usr/bin/x86_64-linux-gnu-ld.bfd (requested /bin/ld) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-10 (requested /usr/bin/x86_64-linux-gnu-gcc-nm) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-10 (requested /usr/bin/x86_64-linux-gnu-gcc-ranlib) Disable /usr/bin/x86_64-linux-gnu-gcc-10 (requested /usr/bin/x86_64-linux-gnu-gcc) Disable /usr/bin/c99-gcc Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-10 Disable /usr/bin/x86_64-linux-gnu-gcc-ar-10 Disable /usr/bin/x86_64-linux-gnu-gcc-ar-10 (requested /usr/bin/x86_64-linux-gnu-gcc-ar) Disable /usr/bin/c89-gcc Disable /usr/bin/x86_64-linux-gnu-gcc-nm-10 Disable /usr/bin/x86_64-linux-gnu-gcc-10 Disable /usr/bin/x86_64-linux-gnu-gcc-nm-10 (requested /bin/x86_64-linux-gnu-gcc-nm) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-10 (requested /bin/x86_64-linux-gnu-gcc-ranlib) Disable /usr/bin/x86_64-linux-gnu-gcc-10 (requested /bin/x86_64-linux-gnu-gcc) Disable /usr/bin/c99-gcc (requested /bin/c99-gcc) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-10 (requested /bin/x86_64-linux-gnu-gcc-ranlib-10) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-10 (requested /bin/x86_64-linux-gnu-gcc-ar-10) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-10 (requested /bin/x86_64-linux-gnu-gcc-ar) Disable /usr/bin/c89-gcc (requested /bin/c89-gcc) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-10 (requested /bin/x86_64-linux-gnu-gcc-nm-10) Disable /usr/bin/x86_64-linux-gnu-gcc-10 (requested /bin/x86_64-linux-gnu-gcc-10) Disable /usr/bin/x86_64-linux-gnu-g++-10 Disable /usr/bin/x86_64-linux-gnu-g++-10 (requested /usr/bin/x86_64-linux-gnu-g++) Disable /usr/bin/x86_64-linux-gnu-g++-10 (requested /bin/x86_64-linux-gnu-g++-10) Disable /usr/bin/x86_64-linux-gnu-g++-10 (requested /bin/x86_64-linux-gnu-g++) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-10 (requested /usr/bin/x86_64-linux-gnu-gcc-nm) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-10 (requested /usr/bin/x86_64-linux-gnu-gcc-ranlib) Disable /usr/bin/x86_64-linux-gnu-gcc-10 (requested /usr/bin/x86_64-linux-gnu-gcc) Disable /usr/bin/c99-gcc Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-10 Disable /usr/bin/x86_64-linux-gnu-gcc-ar-10 Disable /usr/bin/x86_64-linux-gnu-gcc-ar-10 (requested /usr/bin/x86_64-linux-gnu-gcc-ar) Disable /usr/bin/c89-gcc Disable /usr/bin/x86_64-linux-gnu-gcc-nm-10 Disable /usr/bin/x86_64-linux-gnu-gcc-10 Disable /usr/bin/x86_64-linux-gnu-gcc-nm-10 (requested /bin/x86_64-linux-gnu-gcc-nm) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-10 (requested /bin/x86_64-linux-gnu-gcc-ranlib) Disable /usr/bin/x86_64-linux-gnu-gcc-10 (requested /bin/x86_64-linux-gnu-gcc) Disable /usr/bin/c99-gcc (requested /bin/c99-gcc) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-10 (requested /bin/x86_64-linux-gnu-gcc-ranlib-10) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-10 (requested /bin/x86_64-linux-gnu-gcc-ar-10) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-10 (requested /bin/x86_64-linux-gnu-gcc-ar) Disable /usr/bin/c89-gcc (requested /bin/c89-gcc) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-10 (requested /bin/x86_64-linux-gnu-gcc-nm-10) Disable /usr/bin/x86_64-linux-gnu-gcc-10 (requested /bin/x86_64-linux-gnu-gcc-10) Disable /usr/bin/x86_64-linux-gnu-g++-10 Disable /usr/bin/x86_64-linux-gnu-g++-10 (requested /usr/bin/x86_64-linux-gnu-g++) Disable /usr/bin/x86_64-linux-gnu-g++-10 (requested /bin/x86_64-linux-gnu-g++-10) Disable /usr/bin/x86_64-linux-gnu-g++-10 (requested /bin/x86_64-linux-gnu-g++) Disable /usr/include Disable /usr/lib/valgrind Disable /usr/lib/jvm/java-11-openjdk-amd64/bin/java (requested /usr/bin/java) Disable /usr/lib/jvm/java-11-openjdk-amd64/bin/java (requested /bin/java) Disable /usr/lib/jvm/java-11-openjdk-amd64/bin/javac (requested /usr/bin/javac) Disable /usr/lib/jvm/java-11-openjdk-amd64/bin/javac (requested /bin/javac) Disable /usr/lib/java Disable /etc/java Disable /usr/share/java Disable /usr/bin/openssl Disable /usr/bin/openssl (requested /bin/openssl) Disable /usr/bin/luatex Disable /usr/bin/luatex (requested /usr/bin/lualatex) Disable /usr/bin/luajittex Disable /usr/bin/luatex53 Disable /usr/bin/luatex (requested /bin/luatex) Disable /usr/bin/luatex (requested /bin/lualatex) Disable /usr/bin/luajittex (requested /bin/luajittex) Disable /usr/bin/luatex53 (requested /bin/luatex53) Disable /usr/share/lua Disable /usr/bin/cpan Disable /usr/bin/cpan5.32-x86_64-linux-gnu Disable /usr/bin/cpan5.28-x86_64-linux-gnu Disable /usr/bin/cpan (requested /bin/cpan) Disable /usr/bin/cpan5.32-x86_64-linux-gnu (requested /bin/cpan5.32-x86_64-linux-gnu) Disable /usr/bin/cpan5.28-x86_64-linux-gnu (requested /bin/cpan5.28-x86_64-linux-gnu) Disable /usr/bin/perl Disable /usr/bin/perl (requested /bin/perl) Disable /usr/share/perl Disable /usr/share/perl5 Disable /usr/share/perl-openssl-defaults Disable /usr/bin/ruby2.5 (requested /usr/bin/ruby) Disable /usr/bin/ruby2.5 (requested /bin/ruby) Disable /usr/lib/ruby Disable /usr/bin/python2.7 Disable /usr/bin/python2.7 (requested /usr/bin/python2) Disable /usr/bin/python2.7 (requested /bin/python2.7) Disable /usr/bin/python2.7 (requested /bin/python2) Disable /usr/lib/python2.7 Disable /usr/local/lib/python2.7 Disable /usr/bin/python3-qr Disable /usr/bin/python3.9 Disable /usr/bin/python3.9 (requested /usr/bin/python3) Disable /usr/bin/python3-qr (requested /bin/python3-qr) Disable /usr/bin/python3.9 (requested /bin/python3.9) Disable /usr/bin/python3.9 (requested /bin/python3) Disable /usr/lib/python3.9 Disable /usr/lib/python3.7 Disable /usr/lib/python3 Disable /usr/local/lib/python3.9 Disable /usr/share/python3 Disable /home/$user/.password-store Disable /home/$user/.audacity-data Disable /home/$user/.config/Mousepad Disable /home/$user/.config/Thunar Disable /home/$user/.config/emaildefaults Disable /home/$user/.config/enchant Not blacklist /home/$user/.config/evolution Disable /home/$user/.config/galculator Disable /home/$user/.config/gedit Disable /home/$user/.config/ghb Disable /home/$user/.config/libreoffice Disable /home/$user/.config/liferea Disable /home/$user/.config/nautilus Disable /home/$user/.config/xfce4/xfce4-notes.gtkrc Disable /home/$user/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml Disable /home/$user/.config/xfce4-dict Disable /home/$user/.gitconfig Disable /home/$user/.gradle Not blacklist /home/$user/.local/share/evolution Disable /home/$user/.local/share/liferea Disable /home/$user/.local/share/maps-places.json Disable /home/$user/.local/share/nautilus Disable /home/$user/.local/share/notes Disable /home/$user/.mozilla Disable /home/$user/.purple Disable /home/$user/.thunderbird Disable /home/$user/.tooling Disable /home/$user/.cache/Clementine Disable /home/$user/.cache/champlain Not blacklist /home/$user/.cache/evolution Disable /home/$user/.cache/gajim Disable /home/$user/.cache/kdenlive Disable /home/$user/.cache/liferea Disable /home/$user/.cache/mozilla Disable /home/$user/.cache/thunderbird Mounting noexec /home/$user Mounting noexec /tmp Disable /sys/fs Disable /sys/module disable pulseaudio blacklist /home/$user/.config/pulse blacklist /run/user/1000/pulse/native blacklist /run/user/1000/pulse/native blacklist /tmp/pulse-PKdhtXMmr18n blacklist /dev/snd blacklist /dev/dvb blacklist /dev/sr0 blacklist /dev/video0 blacklist /dev/video1 blacklist /dev/video2 blacklist /dev/video3 blacklist /dev/video4 blacklist /dev/video5 blacklist /dev/video6 blacklist /dev/video7 blacklist /dev/video8 blacklist /dev/video9 Current directory: /home/$user/Downloads Install protocol filter: unix,inet,inet6 configuring 14 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol sbox run: /usr/local/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol (null) Dropping all capabilities Drop privileges: pid 3, uid 1000, gid 1000, nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 15 01 00 00000029 jeq socket 0006 (false 0005) 0005: 06 00 00 7fff0000 ret ALLOW 0006: 20 00 00 00000010 ld data.args[0] 0007: 15 00 01 00000001 jeq 1 0008 (false 0009) 0008: 06 00 00 7fff0000 ret ALLOW 0009: 15 00 01 00000002 jeq 2 000a (false 000b) 000a: 06 00 00 7fff0000 ret ALLOW 000b: 15 00 01 0000000a jeq a 000c (false 000d) 000c: 06 00 00 7fff0000 ret ALLOW 000d: 06 00 00 0005005f ret ERRNO(95) configuring 54 seccomp entries in /run/firejail/mnt/seccomp/seccomp.32 sbox run: /usr/local/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.32 (null) Dropping all capabilities Drop privileges: pid 4, uid 1000, gid 1000, nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 40000003 jeq ARCH_32 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 15 30 00 00000015 jeq 15 0035 (false 0005) 0005: 15 2f 00 00000034 jeq 34 0035 (false 0006) 0006: 15 2e 00 0000001a jeq 1a 0035 (false 0007) 0007: 15 2d 00 0000011b jeq 11b 0035 (false 0008) 0008: 15 2c 00 00000155 jeq 155 0035 (false 0009) 0009: 15 2b 00 00000156 jeq 156 0035 (false 000a) 000a: 15 2a 00 0000007f jeq 7f 0035 (false 000b) 000b: 15 29 00 00000080 jeq 80 0035 (false 000c) 000c: 15 28 00 0000015e jeq 15e 0035 (false 000d) 000d: 15 27 00 00000081 jeq 81 0035 (false 000e) 000e: 15 26 00 0000006e jeq 6e 0035 (false 000f) 000f: 15 25 00 00000065 jeq 65 0035 (false 0010) 0010: 15 24 00 00000121 jeq 121 0035 (false 0011) 0011: 15 23 00 00000057 jeq 57 0035 (false 0012) 0012: 15 22 00 00000073 jeq 73 0035 (false 0013) 0013: 15 21 00 00000067 jeq 67 0035 (false 0014) 0014: 15 20 00 0000015b jeq 15b 0035 (false 0015) 0015: 15 1f 00 0000015c jeq 15c 0035 (false 0016) 0016: 15 1e 00 00000087 jeq 87 0035 (false 0017) 0017: 15 1d 00 00000095 jeq 95 0035 (false 0018) 0018: 15 1c 00 0000007c jeq 7c 0035 (false 0019) 0019: 15 1b 00 00000157 jeq 157 0035 (false 001a) 001a: 15 1a 00 000000fd jeq fd 0035 (false 001b) 001b: 15 19 00 00000150 jeq 150 0035 (false 001c) 001c: 15 18 00 00000152 jeq 152 0035 (false 001d) 001d: 15 17 00 0000015d jeq 15d 0035 (false 001e) 001e: 15 16 00 0000011e jeq 11e 0035 (false 001f) 001f: 15 15 00 0000011f jeq 11f 0035 (false 0020) 0020: 15 14 00 00000120 jeq 120 0035 (false 0021) 0021: 15 13 00 00000056 jeq 56 0035 (false 0022) 0022: 15 12 00 00000033 jeq 33 0035 (false 0023) 0023: 15 11 00 0000007b jeq 7b 0035 (false 0024) 0024: 15 10 00 000000d9 jeq d9 0035 (false 0025) 0025: 15 0f 00 000000f5 jeq f5 0035 (false 0026) 0026: 15 0e 00 000000f6 jeq f6 0035 (false 0027) 0027: 15 0d 00 000000f7 jeq f7 0035 (false 0028) 0028: 15 0c 00 000000f8 jeq f8 0035 (false 0029) 0029: 15 0b 00 000000f9 jeq f9 0035 (false 002a) 002a: 15 0a 00 00000101 jeq 101 0035 (false 002b) 002b: 15 09 00 00000112 jeq 112 0035 (false 002c) 002c: 15 08 00 00000114 jeq 114 0035 (false 002d) 002d: 15 07 00 00000126 jeq 126 0035 (false 002e) 002e: 15 06 00 0000013d jeq 13d 0035 (false 002f) 002f: 15 05 00 0000013c jeq 13c 0035 (false 0030) 0030: 15 04 00 0000003d jeq 3d 0035 (false 0031) 0031: 15 03 00 00000058 jeq 58 0035 (false 0032) 0032: 15 02 00 000000a9 jeq a9 0035 (false 0033) 0033: 15 01 00 00000082 jeq 82 0035 (false 0034) 0034: 06 00 00 7fff0000 ret ALLOW 0035: 06 00 00 00000000 ret KILL Dual 32/64 bit seccomp filter configured configuring 74 seccomp entries in /run/firejail/mnt/seccomp/seccomp sbox run: /usr/local/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp (null) Dropping all capabilities Drop privileges: pid 5, uid 1000, gid 1000, nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005) 0005: 35 01 00 00000000 jge read 0007 (false 0006) 0006: 06 00 00 00050001 ret ERRNO(1) 0007: 15 41 00 0000009a jeq modify_ldt 0049 (false 0008) 0008: 15 40 00 000000d4 jeq lookup_dcookie 0049 (false 0009) 0009: 15 3f 00 0000012a jeq perf_event_open 0049 (false 000a) 000a: 15 3e 00 00000137 jeq process_vm_writev 0049 (false 000b) 000b: 15 3d 00 0000009c jeq _sysctl 0049 (false 000c) 000c: 15 3c 00 000000b7 jeq afs_syscall 0049 (false 000d) 000d: 15 3b 00 000000ae jeq create_module 0049 (false 000e) 000e: 15 3a 00 000000b1 jeq get_kernel_syms 0049 (false 000f) 000f: 15 39 00 000000b5 jeq getpmsg 0049 (false 0010) 0010: 15 38 00 000000b6 jeq putpmsg 0049 (false 0011) 0011: 15 37 00 000000b2 jeq query_module 0049 (false 0012) 0012: 15 36 00 000000b9 jeq security 0049 (false 0013) 0013: 15 35 00 0000008b jeq sysfs 0049 (false 0014) 0014: 15 34 00 000000b8 jeq tuxcall 0049 (false 0015) 0015: 15 33 00 00000086 jeq uselib 0049 (false 0016) 0016: 15 32 00 00000088 jeq ustat 0049 (false 0017) 0017: 15 31 00 000000ec jeq vserver 0049 (false 0018) 0018: 15 30 00 0000009f jeq adjtimex 0049 (false 0019) 0019: 15 2f 00 00000131 jeq clock_adjtime 0049 (false 001a) 001a: 15 2e 00 000000e3 jeq clock_settime 0049 (false 001b) 001b: 15 2d 00 000000a4 jeq settimeofday 0049 (false 001c) 001c: 15 2c 00 000000b0 jeq delete_module 0049 (false 001d) 001d: 15 2b 00 00000139 jeq finit_module 0049 (false 001e) 001e: 15 2a 00 000000af jeq init_module 0049 (false 001f) 001f: 15 29 00 000000ad jeq ioperm 0049 (false 0020) 0020: 15 28 00 000000ac jeq iopl 0049 (false 0021) 0021: 15 27 00 000000f6 jeq kexec_load 0049 (false 0022) 0022: 15 26 00 00000140 jeq kexec_file_load 0049 (false 0023) 0023: 15 25 00 000000a9 jeq reboot 0049 (false 0024) 0024: 15 24 00 000000a7 jeq swapon 0049 (false 0025) 0025: 15 23 00 000000a8 jeq swapoff 0049 (false 0026) 0026: 15 22 00 000000a3 jeq acct 0049 (false 0027) 0027: 15 21 00 00000141 jeq bpf 0049 (false 0028) 0028: 15 20 00 000000a1 jeq chroot 0049 (false 0029) 0029: 15 1f 00 000000a5 jeq mount 0049 (false 002a) 002a: 15 1e 00 000000b4 jeq nfsservctl 0049 (false 002b) 002b: 15 1d 00 0000009b jeq pivot_root 0049 (false 002c) 002c: 15 1c 00 000000ab jeq setdomainname 0049 (false 002d) 002d: 15 1b 00 000000aa jeq sethostname 0049 (false 002e) 002e: 15 1a 00 000000a6 jeq umount2 0049 (false 002f) 002f: 15 19 00 00000099 jeq vhangup 0049 (false 0030) 0030: 15 18 00 000000ee jeq set_mempolicy 0049 (false 0031) 0031: 15 17 00 00000100 jeq migrate_pages 0049 (false 0032) 0032: 15 16 00 00000117 jeq move_pages 0049 (false 0033) 0033: 15 15 00 000000ed jeq mbind 0049 (false 0034) 0034: 15 14 00 00000130 jeq open_by_handle_at 0049 (false 0035) 0035: 15 13 00 0000012f jeq name_to_handle_at 0049 (false 0036) 0036: 15 12 00 000000fb jeq ioprio_set 0049 (false 0037) 0037: 15 11 00 00000067 jeq syslog 0049 (false 0038) 0038: 15 10 00 0000012c jeq fanotify_init 0049 (false 0039) 0039: 15 0f 00 00000138 jeq kcmp 0049 (false 003a) 003a: 15 0e 00 000000f8 jeq add_key 0049 (false 003b) 003b: 15 0d 00 000000f9 jeq request_key 0049 (false 003c) 003c: 15 0c 00 000000fa jeq keyctl 0049 (false 003d) 003d: 15 0b 00 000000ce jeq io_setup 0049 (false 003e) 003e: 15 0a 00 000000cf jeq io_destroy 0049 (false 003f) 003f: 15 09 00 000000d0 jeq io_getevents 0049 (false 0040) 0040: 15 08 00 000000d1 jeq io_submit 0049 (false 0041) 0041: 15 07 00 000000d2 jeq io_cancel 0049 (false 0042) 0042: 15 06 00 000000d8 jeq remap_file_pages 0049 (false 0043) 0043: 15 05 00 00000116 jeq vmsplice 0049 (false 0044) 0044: 15 04 00 00000143 jeq userfaultfd 0049 (false 0045) 0045: 15 03 00 00000065 jeq ptrace 0049 (false 0046) 0046: 15 02 00 00000087 jeq personality 0049 (false 0047) 0047: 15 01 00 00000136 jeq process_vm_readv 0049 (false 0048) 0048: 06 00 00 7fff0000 ret ALLOW 0049: 06 00 01 00000000 ret KILL seccomp filter configured Dropping all capabilities noroot user namespace installed Dropping all capabilities NO_NEW_PRIVS set Drop privileges: pid 1, uid 1000, gid 1000, nogroups 1 No supplementary groups starting application LD_PRELOAD=(null) execvp argument 0: evolution Child process initialized in 154.05 ms Searching $PATH for evolution trying #/usr/local/bin/evolution# Installing /run/firejail/mnt/seccomp/seccomp seccomp filter Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter Warning: an existing sandbox was detected. /usr/bin/evolution will run without any additional sandboxing features monitoring pid 6 (evolution:6): Gtk-WARNING **: 15:11:41.620: Failed to register client: GDBus.Error:org.freedesktop.DBus.Error.UnknownMethod: Method "RegisterClient" with signature "ss" on interface "org.xfce.Session.Manager" doesn't exist RSS Plugin enabled (evolution 3.30, evolution-rss 0.3.95) soup init() ``` </details>
gitea-mirror 2026-05-05 09:12:43 -06:00
  • closed this issue
  • added the
    stale
         label
gitea-mirror commented 2026-05-05 09:12:46 -06:00
Author
Owner
Copy link

@madbehaviorus commented on GitHub (Mar 17, 2021):

*** Reproduce ***
After install run firecfg und firejail use the profile /usr/local/etc/firejail/evolution.profile.
If I would encrypt a mail, it does nothing. The smartcard are not in use or unreachable.

evolution profile

# Firejail profile for evolution
# Description: Groupware suite with mail client and organizer
# This file is overwritten after every install/update
# Persistent local customizations
include /usr/local/etc/firejail/evolution.local
# Persistent global definitions
include /usr/local/etc/firejail/globals.local

noblacklist /var/mail
noblacklist /var/spool/mail
whitelist /var/mail
whitelist /var/spool/mail


# noblacklist ${HOME}/.bogofilter
noblacklist ${HOME}/.cache/evolution
noblacklist ${HOME}/.config/evolution
noblacklist ${HOME}/.gnupg
noblacklist ${HOME}/.local/share/evolution
noblacklist ${HOME}/.pki

include /usr/local/etc/firejail/disable-common.inc
include /usr/local/etc/firejail/disable-devel.inc
include /usr/local/etc/firejail/disable-interpreters.inc
include /usr/local/etc/firejail/disable-passwdmgr.inc
include /usr/local/etc/firejail/disable-programs.inc

ignore nodbus
caps.drop all
netfilter
# no3d breaks under wayland
#no3d
nodvd
nogroups
nonewprivs
noroot
nosound
notv
novideo
protocol unix,inet,inet6
seccomp
shell none

writable-var
private-dev
private-tmp

noexec ${HOME}
noexec /tmp
<!-- gh-comment-id:801133485 --> @madbehaviorus commented on GitHub (Mar 17, 2021): *** Reproduce *** After install run firecfg und firejail use the profile /usr/local/etc/firejail/evolution.profile. If I would encrypt a mail, it does nothing. The smartcard are not in use or unreachable. *evolution profile* ``` # Firejail profile for evolution # Description: Groupware suite with mail client and organizer # This file is overwritten after every install/update # Persistent local customizations include /usr/local/etc/firejail/evolution.local # Persistent global definitions include /usr/local/etc/firejail/globals.local noblacklist /var/mail noblacklist /var/spool/mail whitelist /var/mail whitelist /var/spool/mail # noblacklist ${HOME}/.bogofilter noblacklist ${HOME}/.cache/evolution noblacklist ${HOME}/.config/evolution noblacklist ${HOME}/.gnupg noblacklist ${HOME}/.local/share/evolution noblacklist ${HOME}/.pki include /usr/local/etc/firejail/disable-common.inc include /usr/local/etc/firejail/disable-devel.inc include /usr/local/etc/firejail/disable-interpreters.inc include /usr/local/etc/firejail/disable-passwdmgr.inc include /usr/local/etc/firejail/disable-programs.inc ignore nodbus caps.drop all netfilter # no3d breaks under wayland #no3d nodvd nogroups nonewprivs noroot nosound notv novideo protocol unix,inet,inet6 seccomp shell none writable-var private-dev private-tmp noexec ${HOME} noexec /tmp ```
gitea-mirror commented 2026-05-05 09:12:47 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Mar 17, 2021):

You must insert your pgp/gpg/u2f/auth-card/stick/devices nitrokey/yubikey before you start the sandbox and keep it inserted. Or you use ignore private-dev.

<!-- gh-comment-id:801162767 --> @rusty-snake commented on GitHub (Mar 17, 2021): You must insert your pgp/gpg/u2f/auth-card/stick/devices nitrokey/yubikey before you start the sandbox and keep it inserted. Or you use `ignore private-dev`.
gitea-mirror commented 2026-05-05 09:12:47 -06:00
Author
Owner
Copy link

@madbehaviorus commented on GitHub (Mar 17, 2021):

I have tested both without any effect.
Any suggestions?

<!-- gh-comment-id:801439271 --> @madbehaviorus commented on GitHub (Mar 17, 2021): I have tested both without any effect. Any suggestions?
gitea-mirror commented 2026-05-05 09:12:48 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Mar 19, 2021):

Is anything in the syslog? If not I've no future ideas.

<!-- gh-comment-id:802941051 --> @rusty-snake commented on GitHub (Mar 19, 2021): Is anything in the syslog? If not I've no future ideas.
gitea-mirror commented 2026-05-05 09:12:48 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Aug 4, 2021):

I'm closing here due to inactivity, please fell free to request to reopen if you still have this issue.

<!-- gh-comment-id:892665017 --> @rusty-snake commented on GitHub (Aug 4, 2021): I'm closing here due to inactivity, please fell free to request to reopen if you still have this issue.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2537
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?