[GH-ISSUE #4576] Requesting rework of geekbench.profile

gitea-mirror commented

2026-05-05 09:22:07 -06:00

Owner

Originally created by @ghost on GitHub (Sep 23, 2021).
Original GitHub issue: https://github.com/netblue30/firejail/issues/4576

Description

Current profile for the crossplatform benchmarking utility Geekbench is not up-to-date and unusable.

Steps to Reproduce

Install current geekbench version 5.
Run firecfg
Run geekbench

Expected behavior

Geekbench should run confined to its jail.

Actual behavior

Denies execution during firejail start up procedure.

Behavior without a profile

Geekbench begins executing as expected.

Additional context

Geekbench exists in different versions. The current version is 5.x

Environment

Linux distribution: Arch Linux
Firejail version firejail version 0.9.66

Checklist

The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it).
I can reproduce the issue without custom modifications (e.g. globals.local).
The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
The profile (and redirect profile if exists) hasn't already been fixed upstream.
I have performed a short search for similar issues (to avoid opening a duplicate).
- I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.
I used --profile=PROFILENAME to set the right profile. (Only relevant for AppImages)

Log

Reading profile /etc/firejail/geekbench.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 1145925, child pid 1145930
Warning: skipping none for private /opt
Private /opt installed in 0.11 ms
Warning: invalid private-bin path /usr/bin/geekbench
Warning: invalid private-bin path /bin/geekbench
Warning: invalid private-bin path /usr/sbin/geekbench
Warning: invalid private-bin path /sbin/geekbench
5 programs installed in 9.01 ms
Standard C library installed in 2.31 ms
Error fldd: cannot access /usr/bin/firejail
Error: failed to run /run/firejail/lib/fldd, exiting...
Error: proc 1145925 cannot sync with peer: unexpected EOF
Peer 1145930 unexpectedly exited with status 1

Originally created by @ghost on GitHub (Sep 23, 2021). Original GitHub issue: https://github.com/netblue30/firejail/issues/4576 ### Description Current profile for the crossplatform benchmarking utility Geekbench is not up-to-date and unusable. ### Steps to Reproduce 1. Install current geekbench version 5. 2. Run firecfg 3. Run geekbench ### Expected behavior Geekbench should run confined to its jail. ### Actual behavior Denies execution during firejail start up procedure. ### Behavior without a profile Geekbench begins executing as expected. ### Additional context Geekbench exists in different versions. The current version is 5.x ### Environment - Linux distribution: Arch Linux - Firejail version firejail version 0.9.66 ### Checklist - [x] The issues is caused by firejail (i.e. running the program by path (e.g. `/usr/bin/vlc`) "fixes" it). - [x] I can reproduce the issue without custom modifications (e.g. globals.local). - [x] The program has a profile. (If not, request one in `https://github.com/netblue30/firejail/issues/1139`) - [x] The profile (and redirect profile if exists) hasn't already been fixed [upstream](https://github.com/netblue30/firejail/tree/master/etc). - [x] I have performed a short search for similar issues (to avoid opening a duplicate). - [ ] I'm aware of `browser-allow-drm yes`/`browser-disable-u2f no` in `firejail.config` to allow DRM/U2F in browsers. - [ ] I used `--profile=PROFILENAME` to set the right profile. (Only relevant for AppImages) ### Log ``` Reading profile /etc/firejail/geekbench.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-passwdmgr.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-xdg.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-usr-share-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Parent pid 1145925, child pid 1145930 Warning: skipping none for private /opt Private /opt installed in 0.11 ms Warning: invalid private-bin path /usr/bin/geekbench Warning: invalid private-bin path /bin/geekbench Warning: invalid private-bin path /usr/sbin/geekbench Warning: invalid private-bin path /sbin/geekbench 5 programs installed in 9.01 ms Standard C library installed in 2.31 ms Error fldd: cannot access /usr/bin/firejail Error: failed to run /run/firejail/lib/fldd, exiting... Error: proc 1145925 cannot sync with peer: unexpected EOF Peer 1145930 unexpectedly exited with status 1 ```

gitea-mirror closed this issue

2026-05-05 09:22:08 -06:00

gitea-mirror commented

2026-05-05 09:22:09 -06:00

Author

Owner

@smitsohu commented on GitHub (Sep 23, 2021):

Error fldd: cannot access /usr/bin/firejail
Error: failed to run /run/firejail/lib/fldd, exiting...

That's curious. Does firejail --noprofile --private-lib work?

If not, what does ls -l /usr/bin/firejail say?

@smitsohu commented on GitHub (Sep 23, 2021): > Error fldd: cannot access /usr/bin/firejail Error: failed to run /run/firejail/lib/fldd, exiting... That's curious. Does `firejail --noprofile --private-lib` work? If not, what does `ls -l /usr/bin/firejail` say?

gitea-mirror commented

2026-05-05 09:22:10 -06:00

Author

Owner

@ghost commented on GitHub (Sep 23, 2021):

firejail --noprofile --private-lib

Parent pid 1205021, child pid 1205022
Standard C library installed in 2.30 ms
Error fldd: cannot access /usr/bin/firejail
Error: failed to run /run/firejail/lib/fldd, exiting...
Error: proc 1205021 cannot sync with peer: unexpected EOF
Peer 1205022 unexpectedly exited with status 1

ls -l /usr/bin/firejail

-rwsr-x--- 1 root firejail 515440 Aug 21 06:22 /usr/bin/firejail

@ghost commented on GitHub (Sep 23, 2021): `firejail --noprofile --private-lib` ``` Parent pid 1205021, child pid 1205022 Standard C library installed in 2.30 ms Error fldd: cannot access /usr/bin/firejail Error: failed to run /run/firejail/lib/fldd, exiting... Error: proc 1205021 cannot sync with peer: unexpected EOF Peer 1205022 unexpectedly exited with status 1 ``` `ls -l /usr/bin/firejail` ``` -rwsr-x--- 1 root firejail 515440 Aug 21 06:22 /usr/bin/firejail ```

gitea-mirror commented

2026-05-05 09:22:11 -06:00

Author

Owner

@smitsohu commented on GitHub (Sep 23, 2021):

-rwsr-x--- 1 root firejail 515440 Aug 21 06:22 /usr/bin/firejail

Thanks! I think this is a bug. Probably the reason is that our helper fldd is not a member of the firejail group.

@smitsohu commented on GitHub (Sep 23, 2021): ``` -rwsr-x--- 1 root firejail 515440 Aug 21 06:22 /usr/bin/firejail ``` Thanks! I think this is a bug. Probably the reason is that our helper `fldd` is not a member of the `firejail` group.

gitea-mirror commented

2026-05-05 09:22:13 -06:00

Author

Owner

@ghost commented on GitHub (Sep 23, 2021):

Great, if it gets solved in the end all is well. What is the estimated timeframe for a fix to get merged to master? Is there any kind of manual workaround that can be applied in the meantime?

@ghost commented on GitHub (Sep 23, 2021): Great, if it gets solved in the end all is well. What is the estimated timeframe for a fix to get merged to master? Is there any kind of manual workaround that can be applied in the meantime?

gitea-mirror commented

2026-05-05 09:22:14 -06:00

Author

Owner

@rusty-snake commented on GitHub (Sep 23, 2021):

ignore private-lib

@rusty-snake commented on GitHub (Sep 23, 2021): `ignore private-lib`

gitea-mirror commented

2026-05-05 09:22:15 -06:00

Author

Owner

@ghost commented on GitHub (Sep 23, 2021):

ignore private-lib

For now, of my programs, only geekbench is affected. What would be the ignore private-lib equivalent for the *.local file.

@ghost commented on GitHub (Sep 23, 2021): > `ignore private-lib` For now, of my programs, only geekbench is affected. What would be the `ignore private-lib` equivalent for the *.local file.

gitea-mirror commented

2026-05-05 09:22:17 -06:00

Author

Owner

@rusty-snake commented on GitHub (Sep 23, 2021):

echo "ignore private-lib" >> ~/.config/firejail/geekbench.local

This will affect all program if their profile contains private-lib as I understand.

@rusty-snake commented on GitHub (Sep 23, 2021): `echo "ignore private-lib" >> ~/.config/firejail/geekbench.local` This will affect all program if their profile contains `private-lib` as I understand.

gitea-mirror commented

2026-05-05 09:22:18 -06:00

Author

Owner

@ghost commented on GitHub (Sep 23, 2021):

Reading profile /etc/firejail/geekbench.profile
Reading profile /home/sapiens/.config/firejail/geekbench.local
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 1227730, child pid 1227731
Warning: skipping none for private /opt
Private /opt installed in 0.06 ms
Warning: invalid private-bin path /usr/bin/geekbench
Warning: invalid private-bin path /bin/geekbench
Warning: invalid private-bin path /usr/sbin/geekbench
Warning: invalid private-bin path /sbin/geekbench
5 programs installed in 9.59 ms
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Warning: skipping alternatives for private /etc
Warning: skipping lsb-release for private /etc
Private /etc installed in 1.42 ms
Private /usr/etc installed in 0.00 ms
Warning: cleaning all supplementary groups
Warning: cleaning all supplementary groups
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Warning: not remounting /run/user/1000/gvfs
Blacklist violations are logged to syslog
Child process initialized in 75.81 ms
Error: no suitable /sbin/geekbench executable found

Parent is shutting down, bye...

The geekbench binary is located at /opt/geekbench/geekbench5

@ghost commented on GitHub (Sep 23, 2021): ``` Reading profile /etc/firejail/geekbench.profile Reading profile /home/sapiens/.config/firejail/geekbench.local Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-passwdmgr.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-xdg.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-usr-share-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Parent pid 1227730, child pid 1227731 Warning: skipping none for private /opt Private /opt installed in 0.06 ms Warning: invalid private-bin path /usr/bin/geekbench Warning: invalid private-bin path /bin/geekbench Warning: invalid private-bin path /usr/sbin/geekbench Warning: invalid private-bin path /sbin/geekbench 5 programs installed in 9.59 ms Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Warning: skipping alternatives for private /etc Warning: skipping lsb-release for private /etc Private /etc installed in 1.42 ms Private /usr/etc installed in 0.00 ms Warning: cleaning all supplementary groups Warning: cleaning all supplementary groups Warning: /sbin directory link was not blacklisted Warning: /usr/sbin directory link was not blacklisted Warning: not remounting /run/user/1000/gvfs Blacklist violations are logged to syslog Child process initialized in 75.81 ms Error: no suitable /sbin/geekbench executable found Parent is shutting down, bye... ``` The geekbench binary is located at `/opt/geekbench/geekbench5`

gitea-mirror commented

2026-05-05 09:22:18 -06:00

Author

Owner

@rusty-snake commented on GitHub (Sep 23, 2021):

noblacklist /sbin
noblacklist /usr/sbin

Does anyone know if private-bin bash,geekbenc*,sh is intended or is this a typo and should be geekbench* (with a "h")?

@rusty-snake commented on GitHub (Sep 23, 2021): ``` noblacklist /sbin noblacklist /usr/sbin ``` --- Does anyone know if `private-bin bash,geekbenc*,sh` is intended or is this a typo and should be `geekbench*` (with a "h")?

gitea-mirror commented

2026-05-05 09:22:19 -06:00

Author

Owner

@ghost commented on GitHub (Sep 23, 2021):

noblacklist /sbin
noblacklist /usr/sbin./

Error: no suitable /sbin/geekbench executable found

ls -al | grep geekbench
lrwxrwxrwx  1 root root           25 Sep 23 21:29 geekbench -> /opt/geekbench/geekbench5

@ghost commented on GitHub (Sep 23, 2021): ``` noblacklist /sbin noblacklist /usr/sbin./ ``` `Error: no suitable /sbin/geekbench executable found` ``` ls -al | grep geekbench lrwxrwxrwx 1 root root 25 Sep 23 21:29 geekbench -> /opt/geekbench/geekbench5 ```

gitea-mirror commented

2026-05-05 09:22:20 -06:00

Author

Owner

@rusty-snake commented on GitHub (Sep 23, 2021):

Warning: invalid private-bin path /usr/bin/geekbench
Warning: invalid private-bin path /bin/geekbench
Warning: invalid private-bin path /usr/sbin/geekbench
Warning: invalid private-bin path /sbin/geekbench

452916a894/src/firejail/fs_bin.c (L162-L169)

@rusty-snake commented on GitHub (Sep 23, 2021): > Warning: invalid private-bin path /usr/bin/geekbench > Warning: invalid private-bin path /bin/geekbench > Warning: invalid private-bin path /usr/sbin/geekbench > Warning: invalid private-bin path /sbin/geekbench https://github.com/netblue30/firejail/blob/452916a8948bba24c84b8efe97a6f9c53df7acc5/src/firejail/fs_bin.c#L162-L169

gitea-mirror commented

2026-05-05 09:22:20 -06:00

Author

Owner

@rusty-snake commented on GitHub (Sep 23, 2021):

Does firejail --profile=geekbench /opt/geekbench/geekbench5 work?

@rusty-snake commented on GitHub (Sep 23, 2021): Does `firejail --profile=geekbench /opt/geekbench/geekbench5` work?

gitea-mirror commented

2026-05-05 09:22:21 -06:00

Author

Owner

@ghost commented on GitHub (Sep 23, 2021):

[sapiens]$ firejail --profile=geekbench /opt/geekbench/geekbench5
Reading profile geekbench
Error: line 1 in geekbench is invalid

@ghost commented on GitHub (Sep 23, 2021): ``` [sapiens]$ firejail --profile=geekbench /opt/geekbench/geekbench5 Reading profile geekbench Error: line 1 in geekbench is invalid ```

gitea-mirror commented

2026-05-05 09:22:22 -06:00

Author

Owner

@rusty-snake commented on GitHub (Sep 23, 2021):

Do you have a geekbench file/dir in your cwd?

@rusty-snake commented on GitHub (Sep 23, 2021): Do you have a `geekbench` file/dir in your cwd?

gitea-mirror commented

2026-05-05 09:22:22 -06:00

Author

Owner

@ghost commented on GitHub (Sep 23, 2021):

Our current geekbench.profile has private-opt none, which stops the symlink in /usr/bin to find /opt/geekbench/geekbench5. Have you tried private-opt geekbench yet?

@ghost commented on GitHub (Sep 23, 2021): Our current geekbench.profile has `private-opt none`, which stops the symlink in /usr/bin to find /opt/geekbench/geekbench5. Have you tried `private-opt geekbench` yet?

gitea-mirror commented

2026-05-05 09:22:23 -06:00

Author

Owner

@ghost commented on GitHub (Sep 23, 2021):

Ups, yes, I was in /sbin.

[sapiens@pc ~]$ cat .config/firejail/geekbench.local 
ignore private-lib
noblacklist /sbin
noblacklist /usr/sbin

[sapiens@pc ~]$ firejail --profile=geekbench /opt/geekbench/geekbench5
Reading profile /etc/firejail/geekbench.profile
Reading profile /home/sapiens/.config/firejail/geekbench.local
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 1243215, child pid 1243216
Warning: skipping none for private /opt
Private /opt installed in 0.06 ms
Warning: invalid private-bin path /usr/bin/geekbench
Warning: invalid private-bin path /bin/geekbench
Warning: invalid private-bin path /usr/sbin/geekbench
Warning: invalid private-bin path /sbin/geekbench
5 programs installed in 9.41 ms
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Warning: skipping alternatives for private /etc
Warning: skipping lsb-release for private /etc
Private /etc installed in 2.06 ms
Private /usr/etc installed in 0.00 ms
Warning: cleaning all supplementary groups
Warning: cleaning all supplementary groups
Warning: not remounting /run/user/1000/gvfs
Blacklist violations are logged to syslog
Child process initialized in 77.10 ms
Error: no suitable /opt/geekbench/geekbench5 executable found

Parent is shutting down, bye...

@ghost commented on GitHub (Sep 23, 2021): Ups, yes, I was in `/sbin`. ``` [sapiens@pc ~]$ cat .config/firejail/geekbench.local ignore private-lib noblacklist /sbin noblacklist /usr/sbin ``` ``` [sapiens@pc ~]$ firejail --profile=geekbench /opt/geekbench/geekbench5 Reading profile /etc/firejail/geekbench.profile Reading profile /home/sapiens/.config/firejail/geekbench.local Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-passwdmgr.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-xdg.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-usr-share-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Parent pid 1243215, child pid 1243216 Warning: skipping none for private /opt Private /opt installed in 0.06 ms Warning: invalid private-bin path /usr/bin/geekbench Warning: invalid private-bin path /bin/geekbench Warning: invalid private-bin path /usr/sbin/geekbench Warning: invalid private-bin path /sbin/geekbench 5 programs installed in 9.41 ms Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Warning: skipping alternatives for private /etc Warning: skipping lsb-release for private /etc Private /etc installed in 2.06 ms Private /usr/etc installed in 0.00 ms Warning: cleaning all supplementary groups Warning: cleaning all supplementary groups Warning: not remounting /run/user/1000/gvfs Blacklist violations are logged to syslog Child process initialized in 77.10 ms Error: no suitable /opt/geekbench/geekbench5 executable found Parent is shutting down, bye... ```

gitea-mirror commented

2026-05-05 09:22:23 -06:00

Author

Owner

@rusty-snake commented on GitHub (Sep 23, 2021):

🤦 was to obvious
452916a894/etc/profile-a-l/geekbench.profile (L47)

Either use private-opt geekbench or, if du -sc /opt/geekbench is more than a few MB, ignore private-opt.

EDIT: Did not saw @glitsj16 comment until now.

@rusty-snake commented on GitHub (Sep 23, 2021): :facepalm: was _to_ obvious https://github.com/netblue30/firejail/blob/452916a8948bba24c84b8efe97a6f9c53df7acc5/etc/profile-a-l/geekbench.profile#L47 Either use `private-opt geekbench` or, if `du -sc /opt/geekbench` is more than a few MB, `ignore private-opt`. EDIT: Did not saw @glitsj16 comment until now.

gitea-mirror commented

2026-05-05 09:22:24 -06:00

Author

Owner

@ghost commented on GitHub (Sep 23, 2021):

[sapiens@pc ~]$ du -hsc /opt/geekbench
95M	/opt/geekbench
95M	total

What should the geekbench.local look now?

[sapiens@pc ~]$ cat .config/firejail/geekbench.local 
ignore private-opt

Results in:

[sapiens@pc ~]$ geekbench
Reading profile /etc/firejail/geekbench.profile
Reading profile /home/sapiens/.config/firejail/geekbench.local
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 1258300, child pid 1258301
9 programs installed in 12.67 ms
Standard C library installed in 1.75 ms
Error fldd: cannot access /usr/bin/firejail
Error: failed to run /run/firejail/lib/fldd, exiting...
Error: proc 1258300 cannot sync with peer: unexpected EOF
Peer 1258301 unexpectedly exited with status 1

@ghost commented on GitHub (Sep 23, 2021): ``` [sapiens@pc ~]$ du -hsc /opt/geekbench 95M /opt/geekbench 95M total ``` What should the geekbench.local look now? ``` [sapiens@pc ~]$ cat .config/firejail/geekbench.local ignore private-opt ``` Results in: ``` [sapiens@pc ~]$ geekbench Reading profile /etc/firejail/geekbench.profile Reading profile /home/sapiens/.config/firejail/geekbench.local Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-passwdmgr.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-xdg.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-usr-share-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Parent pid 1258300, child pid 1258301 9 programs installed in 12.67 ms Standard C library installed in 1.75 ms Error fldd: cannot access /usr/bin/firejail Error: failed to run /run/firejail/lib/fldd, exiting... Error: proc 1258300 cannot sync with peer: unexpected EOF Peer 1258301 unexpectedly exited with status 1 ```

gitea-mirror commented

2026-05-05 09:22:24 -06:00

Author

Owner

@rusty-snake commented on GitHub (Sep 23, 2021):

What should the geekbench.local look now?

All 4 lines (2 noblacklist and 2 ignore).

@rusty-snake commented on GitHub (Sep 23, 2021): > What should the geekbench.local look now? All 4 lines (2 `noblacklist` and 2 `ignore`).

gitea-mirror commented

2026-05-05 09:22:25 -06:00

Author

Owner

@ghost commented on GitHub (Sep 23, 2021):

[sapiens@pc ~]$ cat .config/firejail/geekbench.local 
ignore private-opt
ignore private-lib
noblacklist /sbin
noblacklist /usr/sbin

[sapiens@pc ~]$ geekbench
Reading profile /etc/firejail/geekbench.profile
Reading profile /home/sapiens/.config/firejail/geekbench.local
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 1264114, child pid 1264115
9 programs installed in 11.40 ms
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Warning: skipping alternatives for private /etc
Warning: skipping lsb-release for private /etc
Private /etc installed in 1.45 ms
Private /usr/etc installed in 0.00 ms
Warning: cleaning all supplementary groups
Warning: cleaning all supplementary groups
Warning: not remounting /run/user/1000/gvfs
Blacklist violations are logged to syslog
Child process initialized in 78.47 ms
Error: no suitable /sbin/geekbench executable found

Parent is shutting down, bye...

@ghost commented on GitHub (Sep 23, 2021): ``` [sapiens@pc ~]$ cat .config/firejail/geekbench.local ignore private-opt ignore private-lib noblacklist /sbin noblacklist /usr/sbin ``` ``` [sapiens@pc ~]$ geekbench Reading profile /etc/firejail/geekbench.profile Reading profile /home/sapiens/.config/firejail/geekbench.local Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-passwdmgr.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-xdg.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-usr-share-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Parent pid 1264114, child pid 1264115 9 programs installed in 11.40 ms Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Warning: skipping alternatives for private /etc Warning: skipping lsb-release for private /etc Private /etc installed in 1.45 ms Private /usr/etc installed in 0.00 ms Warning: cleaning all supplementary groups Warning: cleaning all supplementary groups Warning: not remounting /run/user/1000/gvfs Blacklist violations are logged to syslog Child process initialized in 78.47 ms Error: no suitable /sbin/geekbench executable found Parent is shutting down, bye... ```

gitea-mirror commented

2026-05-05 09:22:25 -06:00

Author

Owner

@rusty-snake commented on GitHub (Sep 23, 2021):

And with firejail --profile=geekbench /opt/geekbench/geekbench5?

@rusty-snake commented on GitHub (Sep 23, 2021): And with `firejail --profile=geekbench /opt/geekbench/geekbench5`?

gitea-mirror commented

2026-05-05 09:22:26 -06:00

Author

Owner

@ghost commented on GitHub (Sep 23, 2021):

With firejail --profile=geekbench /opt/geekbench/geekbench5 geekbench starts!

@ghost commented on GitHub (Sep 23, 2021): With `firejail --profile=geekbench /opt/geekbench/geekbench5` geekbench starts!

gitea-mirror commented

2026-05-05 09:22:26 -06:00

Author

Owner

@ghost commented on GitHub (Sep 23, 2021):

ignore private-libwas for the issue with the helper.
But why does just geekbench not work if I have ignore private-opt and noblacklist /sbin?

@ghost commented on GitHub (Sep 23, 2021): `ignore private-lib`was for the issue with the helper. But why does just `geekbench` not work if I have `ignore private-opt` and `noblacklist /sbin`?

gitea-mirror commented

2026-05-05 09:22:27 -06:00

Author

Owner

@ghost commented on GitHub (Sep 23, 2021):

Linux distribution: Arch Linux
[...]
ls -l /usr/bin/firejail
-rwsr-x--- 1 root firejail 515440 Aug 21 06:22 /usr/bin/firejail

Just out of curiosity, did you create the firejail group yourself? I'm on Arch Linux too and can't recall ever seeing that when installing firejail via pacman. Not that @smitsohu 's reasoning is in any way off regarding our fldd helper. But it might be confusing for other AL users when seeing this thread.

@ghost commented on GitHub (Sep 23, 2021): ``` Linux distribution: Arch Linux [...] ls -l /usr/bin/firejail -rwsr-x--- 1 root firejail 515440 Aug 21 06:22 /usr/bin/firejail ``` Just out of curiosity, did you create the `firejail` group yourself? I'm on Arch Linux too and can't recall ever seeing that when installing firejail via pacman. Not that @smitsohu 's reasoning is in any way off regarding our fldd helper. But it might be confusing for other AL users when seeing this thread.

gitea-mirror commented

2026-05-05 09:22:27 -06:00

Author

Owner

@ghost commented on GitHub (Sep 23, 2021):

Just out of curiosity, did you create the firejail group yourself?

https://wiki.archlinux.org/title/Firejail#Hardening_Firejail
https://firejail.wordpress.com/documentation-2/basic-usage/#suid

@ghost commented on GitHub (Sep 23, 2021): > Just out of curiosity, did you create the `firejail` group yourself? https://wiki.archlinux.org/title/Firejail#Hardening_Firejail https://firejail.wordpress.com/documentation-2/basic-usage/#suid

gitea-mirror commented

2026-05-05 09:22:27 -06:00

Author

Owner

@ghost commented on GitHub (Sep 25, 2021):

I still have some questions.

Why do I need firejail --profile=geekbench /opt/geekbench/geekbench5when I habe ignore private-opt and noblacklist /sbin
What is the estimated timeframe for a fix to get merged to master?

@ghost commented on GitHub (Sep 25, 2021): I still have some questions. 1. Why do I need `firejail --profile=geekbench /opt/geekbench/geekbench5`when I habe `ignore private-opt` and `noblacklist /sbin` 2. What is the estimated timeframe for a fix to get merged to master?

gitea-mirror commented

2026-05-05 09:22:28 -06:00

Author

Owner

@smitsohu commented on GitHub (Sep 25, 2021):

There is a fix in master for the private-lib part, you can give it a try.

@smitsohu commented on GitHub (Sep 25, 2021): There is a fix in master for the `private-lib` part, you can give it a try.

gitea-mirror commented

2026-05-05 09:22:28 -06:00

Author

Owner

@rusty-snake commented on GitHub (Sep 25, 2021):

Why do I need firejail --profile=geekbench /opt/geekbench/geekbench5 when I habe ignore private-opt and noblacklist /sbin

That's what I want to findout first. My guess is private-bin, so try to ignore it.
What does firejail --profile=geekbench /proc/self/fd/3 /sbin 3</bin/ls show?

@rusty-snake commented on GitHub (Sep 25, 2021): > 1. Why do I need `firejail --profile=geekbench /opt/geekbench/geekbench5` when I habe `ignore private-opt` and `noblacklist /sbin` That's what I want to findout first. My guess is `private-bin`, so try to `ignore` it. What does `firejail --profile=geekbench /proc/self/fd/3 /sbin 3</bin/ls` show?

gitea-mirror commented

2026-05-05 09:22:29 -06:00

Author

Owner

@ghost commented on GitHub (Sep 25, 2021):

That's what I want to findout first. My guess is private-bin, so try to ignore it.

[sapiens@pc ~]$ cat .config/firejail/geekbench.local 
ignore private-opt
ignore private-bin
ignore private-lib
noblacklist /sbin
noblacklist /usr/sbin

With the above setting geekbench starts.

With the above settings, including ignore private-bin firejail --profile=geekbench /proc/self/fd/3 /sbin 3</bin/ls outbuts all binaries.

Without ignore private-bin:

[sapiens@pc ~]$ firejail --profile=geekbench /proc/self/fd/3 /sbin 3</bin/ls
Reading profile /etc/firejail/geekbench.profile
Reading profile /home/sapiens/.config/firejail/geekbench.local
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 58609, child pid 58610
9 programs installed in 14.10 ms
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Warning: skipping alternatives for private /etc
Warning: skipping lsb-release for private /etc
Private /etc installed in 2.26 ms
Private /usr/etc installed in 0.00 ms
Warning: cleaning all supplementary groups
Warning: cleaning all supplementary groups
Warning: not remounting /run/user/1000/gvfs
Blacklist violations are logged to syslog
Child process initialized in 81.38 ms
bash  firejail	geekbench  sh

Parent is shutting down, bye...

@ghost commented on GitHub (Sep 25, 2021): > That's what I want to findout first. My guess is `private-bin`, so try to `ignore` it. ``` [sapiens@pc ~]$ cat .config/firejail/geekbench.local ignore private-opt ignore private-bin ignore private-lib noblacklist /sbin noblacklist /usr/sbin ``` With the above setting geekbench starts. With the above settings, including `ignore private-bin` `firejail --profile=geekbench /proc/self/fd/3 /sbin 3</bin/ls` outbuts all binaries. Without `ignore private-bin`: ``` [sapiens@pc ~]$ firejail --profile=geekbench /proc/self/fd/3 /sbin 3</bin/ls Reading profile /etc/firejail/geekbench.profile Reading profile /home/sapiens/.config/firejail/geekbench.local Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-passwdmgr.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-xdg.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-usr-share-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Parent pid 58609, child pid 58610 9 programs installed in 14.10 ms Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Warning: skipping alternatives for private /etc Warning: skipping lsb-release for private /etc Private /etc installed in 2.26 ms Private /usr/etc installed in 0.00 ms Warning: cleaning all supplementary groups Warning: cleaning all supplementary groups Warning: not remounting /run/user/1000/gvfs Blacklist violations are logged to syslog Child process initialized in 81.38 ms bash firejail geekbench sh Parent is shutting down, bye... ```

gitea-mirror commented

2026-05-05 09:22:29 -06:00

Author

Owner

@ghost commented on GitHub (Sep 29, 2021):

While we are on the topic, geekbench does not seem to have permissions to save the registration key if you have bought a licence.

[sapiens@pc ~]$ cat .config/firejail/geekbench.local
ignore private-opt
ignore private-bin
ignore private-lib
noblacklist /sbin
noblacklist /usr/sbin

[sapiens@pc ~]$ geekbench --unlock <redacted_email> <redacted_key>
Reading profile /etc/firejail/geekbench.profile
Reading profile /home/sapiens/.config/firejail/geekbench.local
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 79980, child pid 79981
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Warning: skipping alternatives for private /etc
Warning: skipping lsb-release for private /etc
Private /etc installed in 2.15 ms
Private /usr/etc installed in 0.00 ms
Warning: cleaning all supplementary groups
Warning: cleaning all supplementary groups
Warning: not remounting /run/user/1000/gvfs
Blacklist violations are logged to syslog
Child process initialized in 121.88 ms
Geekbench 5.4.1 Tryout : https://www.geekbench.com/

Could not unlock Geekbench. There was a problem saving your license 
information. Contact support at support@primatelabs.com for more assistance.

Parent is shutting down, bye...

@ghost commented on GitHub (Sep 29, 2021): While we are on the topic, geekbench does not seem to have permissions to save the registration key if you have bought a licence. ``` [sapiens@pc ~]$ cat .config/firejail/geekbench.local ignore private-opt ignore private-bin ignore private-lib noblacklist /sbin noblacklist /usr/sbin ``` ``` [sapiens@pc ~]$ geekbench --unlock <redacted_email> <redacted_key> Reading profile /etc/firejail/geekbench.profile Reading profile /home/sapiens/.config/firejail/geekbench.local Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-passwdmgr.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-xdg.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-usr-share-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Parent pid 79980, child pid 79981 Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Warning: skipping alternatives for private /etc Warning: skipping lsb-release for private /etc Private /etc installed in 2.15 ms Private /usr/etc installed in 0.00 ms Warning: cleaning all supplementary groups Warning: cleaning all supplementary groups Warning: not remounting /run/user/1000/gvfs Blacklist violations are logged to syslog Child process initialized in 121.88 ms Geekbench 5.4.1 Tryout : https://www.geekbench.com/ Could not unlock Geekbench. There was a problem saving your license information. Contact support at support@primatelabs.com for more assistance. Parent is shutting down, bye... ```

gitea-mirror commented

2026-05-05 09:22:30 -06:00

Author

Owner

@rusty-snake commented on GitHub (Sep 29, 2021):

Where and how does it store the license key? Does it need additional whitelists, libraries or D-Bus access?

edit: um, yes then it is clear what the problem is

6988a8027b/etc/profile-a-l/geekbench.profile (L54)

edit2: adding read-write ${HOME}/.foo/bar/geekbench (together with mkdir) will not make it persistent without whitelist.

@rusty-snake commented on GitHub (Sep 29, 2021): Where and how does it store the license key? Does it need additional `whitelist`s, libraries or D-Bus access? edit: um, yes then it is clear what the problem is https://github.com/netblue30/firejail/blob/6988a8027bb0f86400c77ccabe1ec95fdadba9ac/etc/profile-a-l/geekbench.profile#L54 edit2: adding `read-write ${HOME}/.foo/bar/geekbench` (together with `mkdir`) will not make it persistent without `whitelist`.

gitea-mirror commented

2026-05-05 09:22:30 -06:00

Author

Owner

@ghost commented on GitHub (Sep 29, 2021):

I have no idea where it is trying to save the key. How would I go about finding that out?

@ghost commented on GitHub (Sep 29, 2021): I have no idea where it is trying to save the key. How would I go about finding that out?

gitea-mirror commented

2026-05-05 09:22:31 -06:00

Author

Owner

@rusty-snake commented on GitHub (Sep 29, 2021):

6988a8027b/etc/templates/profile.template (L62-L73)

@rusty-snake commented on GitHub (Sep 29, 2021): https://github.com/netblue30/firejail/blob/6988a8027bb0f86400c77ccabe1ec95fdadba9ac/etc/templates/profile.template#L62-L73

gitea-mirror commented

2026-05-05 09:22:31 -06:00

Author

Owner

@ghost commented on GitHub (Sep 29, 2021):

Geekbench without any additonal parameters will not try to save the licence and Geekbench called via:
firejail --name=test --profile=geekbench --private /opt/geekbench/geekbench5 --unlock email@address.com xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx will immediately exit with the following message.

Reading profile /etc/firejail/geekbench.profile
Reading profile /home/sapiens/.config/firejail/geekbench.local
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 107204, child pid 107205
Warning: cleaning all supplementary groups
Warning: cleaning all supplementary groups
Warning: cleaning all supplementary groups
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Warning: skipping alternatives for private /etc
Warning: skipping lsb-release for private /etc
Private /etc installed in 1.97 ms
Private /usr/etc installed in 0.00 ms
Warning: not remounting /run/user/1000/gvfs
Warning: cleaning all supplementary groups
Blacklist violations are logged to syslog
Child process initialized in 111.70 ms
Geekbench 5.4.1 Tryout : https://www.geekbench.com/

Could not unlock Geekbench. There was a problem saving your license 
information. Contact support at support@primatelabs.com for more assistance.

Parent is shutting down, bye...

Geekbench is not an interactive program I can just leave running.

[sapiens@pc ~]$ sudo find / -name "geek*" -print
/etc/firejail/geekbench.profile
/usr/bin/geekbench
/usr/local/bin/geekbench
/var/lib/pacman/local/geekbench-5.4.1-1
/opt/geekbench
/opt/geekbench/geekbench5
/opt/geekbench/geekbench.plar
/opt/geekbench/geekbench_x86_64
/home/sapiens/.cache/yay/geekbench
/home/sapiens/.cache/yay/geekbench/geekbench-5.4.1-1-x86_64.pkg.tar.zst
/home/sapiens/.config/firejail/geekbench.local

I might just write the support.

@ghost commented on GitHub (Sep 29, 2021): Geekbench without any additonal parameters will not try to save the licence and Geekbench called via: `firejail --name=test --profile=geekbench --private /opt/geekbench/geekbench5 --unlock email@address.com xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx` will immediately exit with the following message. ``` Reading profile /etc/firejail/geekbench.profile Reading profile /home/sapiens/.config/firejail/geekbench.local Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-passwdmgr.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-xdg.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-usr-share-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Parent pid 107204, child pid 107205 Warning: cleaning all supplementary groups Warning: cleaning all supplementary groups Warning: cleaning all supplementary groups Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Warning: skipping alternatives for private /etc Warning: skipping lsb-release for private /etc Private /etc installed in 1.97 ms Private /usr/etc installed in 0.00 ms Warning: not remounting /run/user/1000/gvfs Warning: cleaning all supplementary groups Blacklist violations are logged to syslog Child process initialized in 111.70 ms Geekbench 5.4.1 Tryout : https://www.geekbench.com/ Could not unlock Geekbench. There was a problem saving your license information. Contact support at support@primatelabs.com for more assistance. Parent is shutting down, bye... ``` Geekbench is not an interactive program I can just leave running. ``` [sapiens@pc ~]$ sudo find / -name "geek*" -print /etc/firejail/geekbench.profile /usr/bin/geekbench /usr/local/bin/geekbench /var/lib/pacman/local/geekbench-5.4.1-1 /opt/geekbench /opt/geekbench/geekbench5 /opt/geekbench/geekbench.plar /opt/geekbench/geekbench_x86_64 /home/sapiens/.cache/yay/geekbench /home/sapiens/.cache/yay/geekbench/geekbench-5.4.1-1-x86_64.pkg.tar.zst /home/sapiens/.config/firejail/geekbench.local ``` I might just write the support.

gitea-mirror commented

2026-05-05 09:22:31 -06:00

Author

Owner

@rusty-snake commented on GitHub (Sep 29, 2021):

firejail --name=test --ignore=private-bin --profile=geekbench --private /bin/sh -c "/opt/geekbench/geekbench5 --unlock email@address.com xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx && tree -a" (or && ls -lRa).

@rusty-snake commented on GitHub (Sep 29, 2021): `firejail --name=test --ignore=private-bin --profile=geekbench --private /bin/sh -c "/opt/geekbench/geekbench5 --unlock email@address.com xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx && tree -a"` (or `&& ls -lRa`).

gitea-mirror commented

2026-05-05 09:22:32 -06:00

Author

Owner

@ghost commented on GitHub (Sep 29, 2021):

[sapiens@pc ~]$ firejail --name=test --profile=geekbench --private /bin/sh -c "/opt/geekbench/geekbench5 --unlock <redacted> <redacted> && ls -lRa"
Reading profile /etc/firejail/geekbench.profile
Reading profile /home/sapiens/.config/firejail/geekbench.local
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 128882, child pid 128883
Warning: cleaning all supplementary groups
Warning: cleaning all supplementary groups
Warning: cleaning all supplementary groups
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Warning: skipping alternatives for private /etc
Warning: skipping lsb-release for private /etc
Private /etc installed in 2.25 ms
Private /usr/etc installed in 0.00 ms
Warning: not remounting /run/user/1000/gvfs
Warning: cleaning all supplementary groups
Blacklist violations are logged to syslog
Child process initialized in 110.05 ms
Geekbench 5.4.1 Tryout : https://www.geekbench.com/

Could not unlock Geekbench. There was a problem saving your license 
information. Contact support at support@primatelabs.com for more assistance.

Parent is shutting down, bye...

I wrote the support, maybe they are willing to give us a shortcut to figuring this out.

@ghost commented on GitHub (Sep 29, 2021): ``` [sapiens@pc ~]$ firejail --name=test --profile=geekbench --private /bin/sh -c "/opt/geekbench/geekbench5 --unlock <redacted> <redacted> && ls -lRa" Reading profile /etc/firejail/geekbench.profile Reading profile /home/sapiens/.config/firejail/geekbench.local Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-passwdmgr.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-xdg.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-usr-share-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Parent pid 128882, child pid 128883 Warning: cleaning all supplementary groups Warning: cleaning all supplementary groups Warning: cleaning all supplementary groups Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Warning: skipping alternatives for private /etc Warning: skipping lsb-release for private /etc Private /etc installed in 2.25 ms Private /usr/etc installed in 0.00 ms Warning: not remounting /run/user/1000/gvfs Warning: cleaning all supplementary groups Blacklist violations are logged to syslog Child process initialized in 110.05 ms Geekbench 5.4.1 Tryout : https://www.geekbench.com/ Could not unlock Geekbench. There was a problem saving your license information. Contact support at support@primatelabs.com for more assistance. Parent is shutting down, bye... ``` I wrote the support, maybe they are willing to give us a shortcut to figuring this out.

gitea-mirror commented

2026-05-05 09:22:32 -06:00

Author

Owner

@rusty-snake commented on GitHub (Sep 29, 2021):

&& -> ;

firejail --name=test --ignore=private-bin --profile=geekbench --private /bin/sh -c "/opt/geekbench/geekbench5 --unlock email@address.com xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx ; tree -a"

@rusty-snake commented on GitHub (Sep 29, 2021): `&&` -> `;` `firejail --name=test --ignore=private-bin --profile=geekbench --private /bin/sh -c "/opt/geekbench/geekbench5 --unlock email@address.com xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx ; tree -a"`

gitea-mirror commented

2026-05-05 09:22:33 -06:00

Author

Owner

@ghost commented on GitHub (Sep 29, 2021):

[sapiens@pc ~]$ firejail --name=test --ignore=private-bin --profile=geekbench --private /bin/sh -c "/opt/geekbench/geekbench5 --unlock <email> <key> ; tree -a"
Reading profile /etc/firejail/geekbench.profile
Reading profile /home/sapiens/.config/firejail/geekbench.local
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 135929, child pid 135930
Warning: cleaning all supplementary groups
Warning: cleaning all supplementary groups
Warning: cleaning all supplementary groups
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Warning: skipping alternatives for private /etc
Warning: skipping lsb-release for private /etc
Private /etc installed in 1.93 ms
Private /usr/etc installed in 0.00 ms
Warning: not remounting /run/user/1000/gvfs
Warning: cleaning all supplementary groups
Blacklist violations are logged to syslog
Child process initialized in 112.24 ms
Geekbench 5.4.1 Tryout : https://www.geekbench.com/

Could not unlock Geekbench. There was a problem saving your license 
information. Contact support at support@primatelabs.com for more assistance.
.
├── .bashrc
├── .config
│   └── dconf
└── .Xauthority

2 directories, 2 files

[sapiens@pc ~]$ firejail --name=test --ignore=private-bin --profile=geekbench --private /bin/sh -c "/opt/geekbench/geekbench5 --unlock <email> <key> ; ls -lRa"
Reading profile /etc/firejail/geekbench.profile
Reading profile /home/sapiens/.config/firejail/geekbench.local
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 133511, child pid 133512
Warning: cleaning all supplementary groups
Warning: cleaning all supplementary groups
Warning: cleaning all supplementary groups
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Warning: skipping alternatives for private /etc
Warning: skipping lsb-release for private /etc
Private /etc installed in 2.08 ms
Private /usr/etc installed in 0.00 ms
Warning: not remounting /run/user/1000/gvfs
Warning: cleaning all supplementary groups
Blacklist violations are logged to syslog
Child process initialized in 112.71 ms
Geekbench 5.4.1 Tryout : https://www.geekbench.com/

Could not unlock Geekbench. There was a problem saving your license 
information. Contact support at support@primatelabs.com for more assistance.
.:
total 4
drwx------ 3 sapiens sapiens 100 Sep 29 20:18 .
drwxr-xr-x 3 nobody  nobody   60 Sep 29 20:18 ..
-rw-r--r-- 1 sapiens sapiens 141 Sep 29 20:18 .bashrc
drwx------ 3 sapiens sapiens  60 Sep 29 20:18 .config
-rw------- 1 sapiens sapiens   0 Sep 29 20:18 .Xauthority

./.config:
total 0
drwx------ 3 sapiens sapiens  60 Sep 29 20:18 .
drwx------ 3 sapiens sapiens 100 Sep 29 20:18 ..
drwx------ 2 sapiens sapiens  40 Sep 29 20:18 dconf

./.config/dconf:
total 0
drwx------ 2 sapiens sapiens 40 Sep 29 20:18 .
drwx------ 3 sapiens sapiens 60 Sep 29 20:18 ..

Parent is shutting down, bye...

@ghost commented on GitHub (Sep 29, 2021): ``` [sapiens@pc ~]$ firejail --name=test --ignore=private-bin --profile=geekbench --private /bin/sh -c "/opt/geekbench/geekbench5 --unlock <email> <key> ; tree -a" Reading profile /etc/firejail/geekbench.profile Reading profile /home/sapiens/.config/firejail/geekbench.local Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-passwdmgr.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-xdg.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-usr-share-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Parent pid 135929, child pid 135930 Warning: cleaning all supplementary groups Warning: cleaning all supplementary groups Warning: cleaning all supplementary groups Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Warning: skipping alternatives for private /etc Warning: skipping lsb-release for private /etc Private /etc installed in 1.93 ms Private /usr/etc installed in 0.00 ms Warning: not remounting /run/user/1000/gvfs Warning: cleaning all supplementary groups Blacklist violations are logged to syslog Child process initialized in 112.24 ms Geekbench 5.4.1 Tryout : https://www.geekbench.com/ Could not unlock Geekbench. There was a problem saving your license information. Contact support at support@primatelabs.com for more assistance. . ├── .bashrc ├── .config │ └── dconf └── .Xauthority 2 directories, 2 files ``` ``` [sapiens@pc ~]$ firejail --name=test --ignore=private-bin --profile=geekbench --private /bin/sh -c "/opt/geekbench/geekbench5 --unlock <email> <key> ; ls -lRa" Reading profile /etc/firejail/geekbench.profile Reading profile /home/sapiens/.config/firejail/geekbench.local Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-passwdmgr.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-xdg.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-usr-share-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Parent pid 133511, child pid 133512 Warning: cleaning all supplementary groups Warning: cleaning all supplementary groups Warning: cleaning all supplementary groups Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Warning: skipping alternatives for private /etc Warning: skipping lsb-release for private /etc Private /etc installed in 2.08 ms Private /usr/etc installed in 0.00 ms Warning: not remounting /run/user/1000/gvfs Warning: cleaning all supplementary groups Blacklist violations are logged to syslog Child process initialized in 112.71 ms Geekbench 5.4.1 Tryout : https://www.geekbench.com/ Could not unlock Geekbench. There was a problem saving your license information. Contact support at support@primatelabs.com for more assistance. .: total 4 drwx------ 3 sapiens sapiens 100 Sep 29 20:18 . drwxr-xr-x 3 nobody nobody 60 Sep 29 20:18 .. -rw-r--r-- 1 sapiens sapiens 141 Sep 29 20:18 .bashrc drwx------ 3 sapiens sapiens 60 Sep 29 20:18 .config -rw------- 1 sapiens sapiens 0 Sep 29 20:18 .Xauthority ./.config: total 0 drwx------ 3 sapiens sapiens 60 Sep 29 20:18 . drwx------ 3 sapiens sapiens 100 Sep 29 20:18 .. drwx------ 2 sapiens sapiens 40 Sep 29 20:18 dconf ./.config/dconf: total 0 drwx------ 2 sapiens sapiens 40 Sep 29 20:18 . drwx------ 3 sapiens sapiens 60 Sep 29 20:18 .. Parent is shutting down, bye... ```

gitea-mirror commented

2026-05-05 09:22:33 -06:00

Author

Owner

@rusty-snake commented on GitHub (Sep 29, 2021):

~~It isn't a filesystem operation (most likely). I should know this sicen https://github.com/netblue30/firejail/issues/4576#issuecomment-930466884.~~

firejail --ignore=private-bin --ignore=read-only --profile=geekbench --private /bin/sh -c "/opt/geekbench/geekbench5 --unlock <email> <key> ; ls -lRa"
(if 1 fails) firejail --ignore="dbus-user none" --profile=geekbench /opt/geekbench/geekbench5 --unlock <email> <key>
(if 1 and 2 fail) firejail --noprofile --private /bin/sh -c "/opt/geekbench/geekbench5 --unlock <email> <key> ; ls -lRa"
(if all fail) /opt/geekbench/geekbench5 --unlock <email> <key>

@rusty-snake commented on GitHub (Sep 29, 2021): ~It isn't a filesystem operation (most likely). I should know this sicen https://github.com/netblue30/firejail/issues/4576#issuecomment-930466884.~ 1. `firejail --ignore=private-bin --ignore=read-only --profile=geekbench --private /bin/sh -c "/opt/geekbench/geekbench5 --unlock <email> <key> ; ls -lRa"` 2. (if 1 fails) `firejail --ignore="dbus-user none" --profile=geekbench /opt/geekbench/geekbench5 --unlock <email> <key>` 3. (if 1 and 2 fail) `firejail --noprofile --private /bin/sh -c "/opt/geekbench/geekbench5 --unlock <email> <key> ; ls -lRa"` 4. (if all fail) `/opt/geekbench/geekbench5 --unlock <email> <key>`

gitea-mirror commented

2026-05-05 09:22:34 -06:00

Author

Owner

@ghost commented on GitHub (Sep 29, 2021):

There it is! It's~/.geekbench5

[sapiens@pc ~]$ firejail --ignore=private-bin --ignore=read-only --profile=geekbench --private /bin/sh -c "/opt/geekbench/geekbench5 --unlock <email> <key> ; ls -lRa"
Reading profile /etc/firejail/geekbench.profile
Reading profile /home/sapiens/.config/firejail/geekbench.local
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 137724, child pid 137725
Warning: cleaning all supplementary groups
Warning: cleaning all supplementary groups
Warning: cleaning all supplementary groups
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Warning: skipping alternatives for private /etc
Warning: skipping lsb-release for private /etc
Private /etc installed in 1.75 ms
Private /usr/etc installed in 0.00 ms
Warning: not remounting /run/user/1000/gvfs
Warning: cleaning all supplementary groups
Blacklist violations are logged to syslog
Child process initialized in 106.31 ms
Geekbench 5.4.1 Tryout : https://www.geekbench.com/

Thank you for purchasing Geekbench! All the limitations of tryout mode have 
been removed. Thank you for your purchase, and we hope you enjoy using 
Geekbench 5.
.:
total 8
drwx------ 3 sapiens sapiens 120 Sep 29 20:27 .
drwxr-xr-x 3 nobody  nobody   60 Sep 29 20:27 ..
-rw-r--r-- 1 sapiens sapiens 141 Sep 29 20:27 .bashrc
drwx------ 3 sapiens sapiens  60 Sep 29 20:27 .config
-rw-r--r-- 1 sapiens sapiens 113 Sep 29 20:27 .geekbench5
-rw------- 1 sapiens sapiens   0 Sep 29 20:27 .Xauthority

./.config:
total 0
drwx------ 3 sapiens sapiens  60 Sep 29 20:27 .
drwx------ 3 sapiens sapiens 120 Sep 29 20:27 ..
drwx------ 2 sapiens sapiens  40 Sep 29 20:27 dconf

./.config/dconf:
total 0
drwx------ 2 sapiens sapiens 40 Sep 29 20:27 .
drwx------ 3 sapiens sapiens 60 Sep 29 20:27 ..

Parent is shutting down, bye...

@ghost commented on GitHub (Sep 29, 2021): There it is! It's`~/.geekbench5` ``` [sapiens@pc ~]$ firejail --ignore=private-bin --ignore=read-only --profile=geekbench --private /bin/sh -c "/opt/geekbench/geekbench5 --unlock <email> <key> ; ls -lRa" Reading profile /etc/firejail/geekbench.profile Reading profile /home/sapiens/.config/firejail/geekbench.local Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-passwdmgr.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-xdg.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-usr-share-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Parent pid 137724, child pid 137725 Warning: cleaning all supplementary groups Warning: cleaning all supplementary groups Warning: cleaning all supplementary groups Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Warning: skipping alternatives for private /etc Warning: skipping lsb-release for private /etc Private /etc installed in 1.75 ms Private /usr/etc installed in 0.00 ms Warning: not remounting /run/user/1000/gvfs Warning: cleaning all supplementary groups Blacklist violations are logged to syslog Child process initialized in 106.31 ms Geekbench 5.4.1 Tryout : https://www.geekbench.com/ Thank you for purchasing Geekbench! All the limitations of tryout mode have been removed. Thank you for your purchase, and we hope you enjoy using Geekbench 5. .: total 8 drwx------ 3 sapiens sapiens 120 Sep 29 20:27 . drwxr-xr-x 3 nobody nobody 60 Sep 29 20:27 .. -rw-r--r-- 1 sapiens sapiens 141 Sep 29 20:27 .bashrc drwx------ 3 sapiens sapiens 60 Sep 29 20:27 .config -rw-r--r-- 1 sapiens sapiens 113 Sep 29 20:27 .geekbench5 -rw------- 1 sapiens sapiens 0 Sep 29 20:27 .Xauthority ./.config: total 0 drwx------ 3 sapiens sapiens 60 Sep 29 20:27 . drwx------ 3 sapiens sapiens 120 Sep 29 20:27 .. drwx------ 2 sapiens sapiens 40 Sep 29 20:27 dconf ./.config/dconf: total 0 drwx------ 2 sapiens sapiens 40 Sep 29 20:27 . drwx------ 3 sapiens sapiens 60 Sep 29 20:27 .. Parent is shutting down, bye... ```

gitea-mirror commented

2026-05-05 09:22:35 -06:00

Author

Owner

@rusty-snake commented on GitHub (Sep 29, 2021):

Can you try this. (note the read-write must come after the read-only therefore it does not work from a .local).

diff --git a/etc/profile-a-l/geekbench.profile b/etc/profile-a-l/geekbench.profile
index 60f2f338..4812e136 100644
--- a/etc/profile-a-l/geekbench.profile
+++ b/etc/profile-a-l/geekbench.profile
@@ -6,6 +6,10 @@ include geekbench.local
 # Persistent global definitions
 include globals.local
 
+noblacklist ${HOME}/.geekbench5
+noblacklist /sbin
+noblacklist /usr/sbin
+
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc
@@ -13,6 +17,8 @@ include disable-interpreters.inc
 include disable-programs.inc
 include disable-xdg.inc
 
+mkdir ${HOME}/.geekbench5
+whitelist ${HOME}/.geekbench5
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
@@ -39,16 +45,14 @@ shell none
 tracelog
 
 disable-mnt
-private-bin bash,geekbenc*,sh
+#private-bin bash,geekbench*,sh -- #4576
 private-cache
 private-dev
 private-etc alternatives,group,ld.so.preload,lsb-release,passwd
-private-lib gcc/*/*/libstdc++.so.*
-private-opt none
 private-tmp
 
 dbus-user none
 dbus-system none
 
-#memory-deny-write-execute - breaks on Arch (see issue #1803)
 read-only ${HOME}
+read-write ${HOME}/.geekbench5

@rusty-snake commented on GitHub (Sep 29, 2021): Can you try this. (note the `read-write` must come after the `read-only` therefore it does not work from a .local). ```patch diff --git a/etc/profile-a-l/geekbench.profile b/etc/profile-a-l/geekbench.profile index 60f2f338..4812e136 100644 --- a/etc/profile-a-l/geekbench.profile +++ b/etc/profile-a-l/geekbench.profile @@ -6,6 +6,10 @@ include geekbench.local # Persistent global definitions include globals.local +noblacklist ${HOME}/.geekbench5 +noblacklist /sbin +noblacklist /usr/sbin + include disable-common.inc include disable-devel.inc include disable-exec.inc @@ -13,6 +17,8 @@ include disable-interpreters.inc include disable-programs.inc include disable-xdg.inc +mkdir ${HOME}/.geekbench5 +whitelist ${HOME}/.geekbench5 include whitelist-common.inc include whitelist-usr-share-common.inc include whitelist-var-common.inc @@ -39,16 +45,14 @@ shell none tracelog disable-mnt -private-bin bash,geekbenc*,sh +#private-bin bash,geekbench*,sh -- #4576 private-cache private-dev private-etc alternatives,group,ld.so.preload,lsb-release,passwd -private-lib gcc/*/*/libstdc++.so.* -private-opt none private-tmp dbus-user none dbus-system none -#memory-deny-write-execute - breaks on Arch (see issue #1803) read-only ${HOME} +read-write ${HOME}/.geekbench5 ```

gitea-mirror commented

2026-05-05 09:22:35 -06:00

Author

Owner

@ghost commented on GitHub (Sep 29, 2021):

I needed to modify the patch a little, since it seems the ld.so.preload part hasn't reached Arch, yet! Also profiles are stored in /etc/firejail/* for me on Arch!

diff --git a/etc/firejail/geekbench.profile b/etc/firejail/geekbench.profile
index 60f2f338..4812e136 100644
--- a/etc/firejail/geekbench.profile
+++ b/etc/firejail/geekbench.profile
@@ -6,6 +6,10 @@ include geekbench.local
 # Persistent global definitions
 include globals.local
 
+noblacklist ${HOME}/.geekbench5
+noblacklist /sbin
+noblacklist /usr/sbin
+
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc
@@ -13,6 +17,8 @@ include disable-interpreters.inc
 include disable-programs.inc
 include disable-xdg.inc
 
+mkdir ${HOME}/.geekbench5
+whitelist ${HOME}/.geekbench5
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
@@ -39,16 +45,14 @@ shell none
 tracelog
 
 disable-mnt
-private-bin bash,geekbenc*,sh
+#private-bin bash,geekbench*,sh -- #4576
 private-cache
 private-dev
-private-etc alternatives,group,lsb-release,passwd
+private-etc alternatives,group,ld.so.preload,lsb-release,passwd
-private-lib gcc/*/*/libstdc++.so.*
-private-opt none
 private-tmp
 
 dbus-user none
 dbus-system none
 
-#memory-deny-write-execute - breaks on Arch (see issue #1803)
 read-only ${HOME}
+read-write ${HOME}/.geekbench5

Now geekbench runs smoothly!

@ghost commented on GitHub (Sep 29, 2021): I needed to modify the patch a little, since it seems the `ld.so.preload` part hasn't reached Arch, yet! Also profiles are stored in `/etc/firejail/*` for me on Arch! ``` diff --git a/etc/firejail/geekbench.profile b/etc/firejail/geekbench.profile index 60f2f338..4812e136 100644 --- a/etc/firejail/geekbench.profile +++ b/etc/firejail/geekbench.profile @@ -6,6 +6,10 @@ include geekbench.local # Persistent global definitions include globals.local +noblacklist ${HOME}/.geekbench5 +noblacklist /sbin +noblacklist /usr/sbin + include disable-common.inc include disable-devel.inc include disable-exec.inc @@ -13,6 +17,8 @@ include disable-interpreters.inc include disable-programs.inc include disable-xdg.inc +mkdir ${HOME}/.geekbench5 +whitelist ${HOME}/.geekbench5 include whitelist-common.inc include whitelist-usr-share-common.inc include whitelist-var-common.inc @@ -39,16 +45,14 @@ shell none tracelog disable-mnt -private-bin bash,geekbenc*,sh +#private-bin bash,geekbench*,sh -- #4576 private-cache private-dev -private-etc alternatives,group,lsb-release,passwd +private-etc alternatives,group,ld.so.preload,lsb-release,passwd -private-lib gcc/*/*/libstdc++.so.* -private-opt none private-tmp dbus-user none dbus-system none -#memory-deny-write-execute - breaks on Arch (see issue #1803) read-only ${HOME} +read-write ${HOME}/.geekbench5 ``` Now geekbench runs smoothly!

gitea-mirror referenced this issue

2026-05-05 10:21:09 -06:00

[PR #2708] [MERGED] Refactor eog and eom profiles with common redirect #4493

Rows
Columns

[GH-ISSUE #4576] Requesting rework of geekbench.profile #2708

Description

Steps to Reproduce

Expected behavior

Actual behavior

Behavior without a profile

Additional context

Environment

Checklist

Log