github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #6798] private-etc: Error: invalid file type, /etc/login.defs. (file mode 640, OpenMandriva) #3377

New issue
Open
opened 2026-05-05 09:57:03 -06:00 by gitea-mirror · 26 comments
gitea-mirror commented 2026-05-05 09:57:03 -06:00
Owner
Copy link

Originally created by @ZeroAbility on GitHub (Jul 5, 2025).
Original GitHub issue: https://github.com/netblue30/firejail/issues/6798

Description

nheko does not open when using a profile.

Steps to Reproduce

Steps to reproduce the behavior

  1. Run in bash LC_ALL=C firejail /path/to/program (LC_ALL=C to get a consistent
    output in English that can be understood by everybody)
  2. Click on '....'
  3. Scroll down to '....'
  4. See error ERROR

Expected behavior

nheko opens successfully.

Actual behavior

nheko does not open

Behavior without a profile

nheko opens:

Additional context

strace:

strace 

$ strace /usr/bin/nheko 2>&1 | grep open | grep etc                              
openat(AT_FDCWD, "/etc/ld.so.preload", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/etc/gcrypt/hwf.deny", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/xdg/QtProject/qtlogging.ini", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 8
openat(AT_FDCWD, "/etc/xdg/kdeglobals", O_RDONLY|O_CLOEXEC) = 8
openat(AT_FDCWD, "/etc/xdg/kcminputrc", O_RDONLY|O_CLOEXEC) = 8
openat(AT_FDCWD, "/etc/os-release", O_RDONLY|O_CLOEXEC) = 8
openat(AT_FDCWD, "/etc/localtime", O_RDONLY|O_CLOEXEC) = 8
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 8
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 8
openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 12
openat(AT_FDCWD, "/etc/xdg/kwinrc", O_RDONLY|O_CLOEXEC) = 12
openat(AT_FDCWD, "/etc/xdg/kwinrc", O_RDONLY|O_CLOEXEC) = 12
openat(AT_FDCWD, "/etc/xdg/kwinrc", O_RDONLY|O_CLOEXEC) = 12
openat(AT_FDCWD, "/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 12
openat(AT_FDCWD, "/etc/passwd", O_RDONLY|O_CLOEXEC) = 12
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 20
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 20
openat(AT_FDCWD, "/etc/gnutls/config", O_RDONLY|O_CLOEXEC) = 20
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 20
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 20
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 20
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 20
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 20
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 20
openat(AT_FDCWD, "/etc/vdpau_wrapper.cfg", O_RDONLY) = 21
openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/libva.conf", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/libva.conf", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/libva.conf", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/libva.conf", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 20
openat(AT_FDCWD, "/etc/xdg/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20
openat(AT_FDCWD, "/etc/xdg/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20
openat(AT_FDCWD, "/etc/xdg/vulkan/explicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/vulkan/explicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20
openat(AT_FDCWD, "/etc/xdg/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20
openat(AT_FDCWD, "/etc/xdg/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20
openat(AT_FDCWD, "/etc/xdg/vulkan/explicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/vulkan/explicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20
openat(AT_FDCWD, "/etc/xdg/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20
openat(AT_FDCWD, "/etc/xdg/vulkan/icd.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/vulkan/icd.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20
openat(AT_FDCWD, "/etc/xdg/vulkan/icd.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/vulkan/icd.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20
openat(AT_FDCWD, "/etc/xdg/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20
openat(AT_FDCWD, "/etc/xdg/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20
openat(AT_FDCWD, "/etc/xdg/vulkan/icd.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/vulkan/icd.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20
openat(AT_FDCWD, "/etc/xdg/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20
openat(AT_FDCWD, "/etc/xdg/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20
openat(AT_FDCWD, "/etc/xdg/vulkan/explicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/vulkan/explicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20
openat(AT_FDCWD, "/etc/xdg/vulkan/icd.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/vulkan/icd.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 20
openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/pulse/client.conf", O_RDONLY|O_CLOEXEC) = 22
openat(AT_FDCWD, "/etc/pulse/client.conf.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/fonts/fonts.conf", O_RDONLY|O_CLOEXEC) = 25
openat(AT_FDCWD, "/etc/fonts/conf.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 25
openat(AT_FDCWD, "/etc/fonts/conf.d/25-no-bitmap-fedora.conf", O_RDONLY|O_CLOEXEC) = 26
openat(AT_FDCWD, "/etc/fonts/conf.d/30-mdv-urwfonts.conf", O_RDONLY|O_CLOEXEC) = 26
access("/etc/fonts/conf.d/60-open-sans.conf", R_OK) = 0
access("/etc/fonts/conf.d/60-open-sans.conf", R_OK) = 0
readlink("/etc/fonts/conf.d/60-open-sans.conf", "../../../usr/share/fontconfig/co"..., 4095) = 58
openat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-bookman.conf", O_RDONLY|O_CLOEXEC) = 26
openat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-c059.conf", O_RDONLY|O_CLOEXEC) = 26
openat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-d050000l.conf", O_RDONLY|O_CLOEXEC) = 26
openat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-fallback-backwards.conf", O_RDONLY|O_CLOEXEC) = 26
openat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-fallback-generics.conf", O_RDONLY|O_CLOEXEC) = 26
openat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-fallback-specifics.conf", O_RDONLY|O_CLOEXEC) = 26
openat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-gothic.conf", O_RDONLY|O_CLOEXEC) = 26
openat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-nimbus-mono-ps.conf", O_RDONLY|O_CLOEXEC) = 26
openat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-nimbus-roman.conf", O_RDONLY|O_CLOEXEC) = 26
openat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-nimbus-sans.conf", O_RDONLY|O_CLOEXEC) = 26
openat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-p052.conf", O_RDONLY|O_CLOEXEC) = 26
openat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-standard-symbols-ps.conf", O_RDONLY|O_CLOEXEC) = 26
openat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-z003.conf", O_RDONLY|O_CLOEXEC) = 26
openat(AT_FDCWD, "/etc/fonts/conf.d/65-lang-pl.conf", O_RDONLY|O_CLOEXEC) = 26
openat(AT_FDCWD, "/etc/fonts/conf.d/90-noto-emoji.conf", O_RDONLY|O_CLOEXEC) = 26
openat(AT_FDCWD, "/etc/fonts/conf.d/99-konsole.conf", O_RDONLY|O_CLOEXEC) = 26
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 25
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 25
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 25
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 25
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 25
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 25
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 25
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 25
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 25
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 25
openat(AT_FDCWD, "/etc/passwd", O_RDONLY|O_CLOEXEC) = 25
openat(AT_FDCWD, "/etc/pki/tls/openssl.cnf", O_RDONLY) = 26

Environment

  • Name/version/arch of the Linux kernel (uname -srm): Linux 6.15.4-desktop-2omv2590 x86_64
  • Name/version of the Linux distribution (e.g. "Ubuntu 20.04" or "Arch Linux"): OpenMandriva Lx Cooker
  • Name/version of the relevant program(s)/package(s) (e.g. "firefox 134.0-1,
    mesa 1:24.3.3-2"): nheko.x86_64 0.12.0-4 cooker-x86_64
  • Version of Firejail (firejail --version): 0.9.74
  • If you use a development version of firejail, also the commit from which it
    was compiled (git rev-parse HEAD): n/a

Checklist

  • The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it).
  • I can reproduce the issue without custom modifications (e.g. globals.local).
  • The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
  • The profile (and redirect profile if exists) hasn't already been fixed upstream.
  • I have performed a short search for similar issues (to avoid opening a duplicate).
    • I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.
  • I used --profile=PROFILENAME to set the right profile. (Only relevant for AppImages)

Log

Output of LC_ALL=C firejail /path/to/program 

$ LC_ALL=C firejail /usr/bin/nheko
Error: cannot read UID_MIN and/or GID_MIN from /etc/login.defs, using 1000 by default
Reading profile /home/<user>/.config/firejail/nheko.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-shell.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-runuser-common.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
firejail version 0.9.74

Parent pid 157389, child pid 157394
1 program installed in 21.88 ms
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Warning fcopy: cannot create symbolic link /etc/alternatives/luac
Warning fcopy: cannot create symbolic link /etc/alternatives/gs
Warning fcopy: cannot create symbolic link /etc/alternatives/ssh-askpass
Warning fcopy: cannot create symbolic link /etc/alternatives/ssh_askpass
Warning fcopy: cannot create symbolic link /etc/alternatives/bssh_askpass
Warning fcopy: cannot create symbolic link /etc/alternatives/lua
Warning fcopy: cannot create symbolic link /etc/alternatives/bssh-askpass
Warning fcopy: cannot create symbolic link /etc/alternatives/ebtables
Warning fcopy: cannot create symbolic link /etc/alternatives/yacc
Warning fcopy: cannot create symbolic link /etc/alternatives/brave-browser
Error: invalid file type, /etc/login.defs.
Error: proc 157389 cannot sync with peer: unexpected EOF
Peer 157394 unexpectedly exited with status 1

Output of LC_ALL=C firejail --debug /path/to/program 

$ LC_ALL=C firejail --debug /usr/bin/nheko               
Error: cannot read UID_MIN and/or GID_MIN from /etc/login.defs, using 1000 by default
Looking for kernel processes
Found kthreadd process, we are not running in a sandbox
pid=157618: locking /run/firejail/firejail-run.lock ...
pid=157618: locked /run/firejail/firejail-run.lock
pid=157618: unlocking /run/firejail/firejail-run.lock ...
pid=157618: unlocked /run/firejail/firejail-run.lock
Building quoted command line: '/usr/bin/nheko' 
Command name #nheko#
Found nheko.profile profile in /home/<user>/.config/firejail directory
Reading profile /home/<user>/.config/firejail/nheko.profile
Cannot access .local file nheko.local: No such file or directory, skipping...
Cannot access .local file globals.local: No such file or directory, skipping...
Found disable-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-common.inc
Cannot access .local file disable-common.local: No such file or directory, skipping...
Found disable-devel.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-devel.inc
Cannot access .local file disable-devel.local: No such file or directory, skipping...
Found disable-exec.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-exec.inc
Cannot access .local file disable-exec.local: No such file or directory, skipping...
Found disable-interpreters.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-interpreters.inc
Cannot access .local file disable-interpreters.local: No such file or directory, skipping...
Found disable-programs.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-programs.inc
Cannot access .local file disable-programs.local: No such file or directory, skipping...
Found disable-shell.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-shell.inc
Cannot access .local file disable-shell.local: No such file or directory, skipping...
Found disable-xdg.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-xdg.inc
Cannot access .local file disable-xdg.local: No such file or directory, skipping...
Found whitelist-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-common.inc
Cannot access .local file whitelist-common.local: No such file or directory, skipping...
Found whitelist-runuser-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-runuser-common.inc
Cannot access .local file whitelist-runuser-common.local: No such file or directory, skipping...
Found whitelist-usr-share-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Cannot access .local file whitelist-usr-share-common.local: No such file or directory, skipping...
Found whitelist-var-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-var-common.inc
Cannot access .local file whitelist-var-common.local: No such file or directory, skipping...
[profile] combined protocol list: "unix,inet,inet6"
firejail version 0.9.74

pid=157618: locking /run/firejail/firejail-run.lock ...
pid=157618: locked /run/firejail/firejail-run.lock
DISPLAY=:0 parsed as 0
pid=157618: unlocking /run/firejail/firejail-run.lock ...
pid=157618: unlocked /run/firejail/firejail-run.lock
xdg-dbus-proxy arg: unix:path=/run/user/1001/bus
xdg-dbus-proxy arg: /run/firejail/dbus/1001/157618-user
xdg-dbus-proxy arg: --filter
xdg-dbus-proxy arg: --talk=org.freedesktop.secrets
xdg-dbus-proxy arg: --talk=org.freedesktop.Notifications
starting xdg-dbus-proxy
sbox exec: /usr/bin/xdg-dbus-proxy --fd=4 --args=5 
Dropping all capabilities
Drop privileges: pid 157619, uid 1001, gid 1007, force_nogroups 1
No supplementary groups
xdg-dbus-proxy initialized
Using the local network stack
Parent pid 157618, child pid 157622
Initializing child process
Host network configured
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp directory
Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file
IBUS_ADDRESS=
IBUS_DAEMON_PID=
Build protocol filter: unix,inet,inet6
sbox run: /run/firejail/lib/fseccomp protocol build unix,inet,inet6 /run/firejail/mnt/seccomp/seccomp.protocol 
Dropping all capabilities
Drop privileges: pid 2, uid 1001, gid 1007, force_nogroups 1
No supplementary groups
Drop privileges: pid 3, uid 1001, gid 1007, force_nogroups 0
nogroups command not ignored
No supplementary groups
Mounting /proc filesystem representing the PID namespace
Basic read-only filesystem:
Mounting read-only /etc
1277 149 259:2 /etc /etc ro,noatime master:1 - ext4 /dev/nvme0n1p2 rw,discard,stripe=256
mountid=1277 fsname=/etc dir=/etc fstype=ext4
Mounting noexec /etc
1278 1277 259:2 /etc /etc ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/nvme0n1p2 rw,discard,stripe=256
mountid=1278 fsname=/etc dir=/etc fstype=ext4
Mounting read-only /var
1279 149 259:2 /var /var ro,noatime master:1 - ext4 /dev/nvme0n1p2 rw,discard,stripe=256
mountid=1279 fsname=/var dir=/var fstype=ext4
Mounting noexec /var
1280 1279 259:2 /var /var ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/nvme0n1p2 rw,discard,stripe=256
mountid=1280 fsname=/var dir=/var fstype=ext4
Mounting read-only /usr
1281 149 259:2 /usr /usr ro,noatime master:1 - ext4 /dev/nvme0n1p2 rw,discard,stripe=256
mountid=1281 fsname=/usr dir=/usr fstype=ext4
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Cleaning /run/user directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /home/<user>/.config/firejail
Disable /run/firejail/sandbox
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/profile
Disable /run/firejail/x11
Mounting tmpfs on /dev
mounting /run/firejail/mnt/dev/snd directory
mounting /run/firejail/mnt/dev/dri directory
mounting /run/firejail/mnt/dev/kfd file
mounting /run/firejail/mnt/dev/hidraw0 file
mounting /run/firejail/mnt/dev/hidraw1 file
mounting /run/firejail/mnt/dev/hidraw2 file
mounting /run/firejail/mnt/dev/hidraw3 file
mounting /run/firejail/mnt/dev/usb directory
Process /dev/shm directory
Copying files in the new bin directory
Checking /usr/local/bin/nheko
Checking /usr/bin/nheko
sbox run: /run/firejail/lib/fcopy /usr/bin/nheko /run/firejail/mnt/bin 
Mount-bind /run/firejail/mnt/bin on top of /usr/local/bin
Mount-bind /run/firejail/mnt/bin on top of /usr/bin
Mount-bind /run/firejail/mnt/bin on top of /bin
Mount-bind /run/firejail/mnt/bin on top of /usr/games
Mount-bind /run/firejail/mnt/bin on top of /usr/local/games
Mount-bind /run/firejail/mnt/bin on top of /usr/local/sbin
Mount-bind /run/firejail/mnt/bin on top of /usr/sbin
Mount-bind /run/firejail/mnt/bin on top of /sbin
1 program installed in 20.86 ms
Generate private-tmp whitelist commands
Creating empty /run/firejail/mnt/dbus directory
Creating empty /run/firejail/mnt/dbus/user file
blacklist /run/user/1001/bus
Creating empty /run/firejail/mnt/dbus/system file
blacklist /run/dbus/system_bus_socket
blacklist /run/firejail/dbus
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Creating a new /etc/hostname file
Creating empty /run/firejail/mnt/hostname file
Creating a new /etc/hosts file
Loading user hosts file
Mounting read-only /proc/sys
Remounting /sys directory
Disable /sys/firmware
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/timer_list
Disable /proc/kcore
Disable /proc/kallsyms
Disable /usr/lib/modules (requested /lib/modules)
Disable /usr/lib/debug
Disable /boot
Disable /run/user/1001/gnupg
Disable /run/user/1001/systemd
Disable /proc/kmsg
Copying files in the new /etc directory:
Copying /etc/alternatives to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/alternatives /run/firejail/mnt/etc/alternatives 
Warning fcopy: cannot create symbolic link /etc/alternatives/luac
Warning fcopy: cannot create symbolic link /etc/alternatives/gs
Warning fcopy: cannot create symbolic link /etc/alternatives/ssh-askpass
Warning fcopy: cannot create symbolic link /etc/alternatives/ssh_askpass
Warning fcopy: cannot create symbolic link /etc/alternatives/bssh_askpass
Warning fcopy: cannot create symbolic link /etc/alternatives/lua
Warning fcopy: cannot create symbolic link /etc/alternatives/bssh-askpass
Warning fcopy: cannot create symbolic link /etc/alternatives/ebtables
Warning fcopy: cannot create symbolic link /etc/alternatives/yacc
Warning fcopy: cannot create symbolic link /etc/alternatives/brave-browser
Copying /etc/fonts to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/fonts /run/firejail/mnt/etc/fonts 
Warning: file /etc/gcrypt not found.
Copying /etc/group to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/group /run/firejail/mnt/etc 
Copying /etc/ld.so.cache to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/ld.so.cache /run/firejail/mnt/etc 
Copying /etc/ld.so.conf to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/ld.so.conf /run/firejail/mnt/etc 
Copying /etc/ld.so.conf.d to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/ld.so.conf.d /run/firejail/mnt/etc/ld.so.conf.d 
Copying /etc/ld.so.preload to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/ld.so.preload /run/firejail/mnt/etc 
Warning: file /etc/locale not found.
Warning: file /etc/locale.alias not found.
Copying /etc/locale.conf to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/locale.conf /run/firejail/mnt/etc 
Copying /etc/localtime to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/localtime /run/firejail/mnt/etc 
Error: invalid file type, /etc/login.defs.
Error: proc 157618 cannot sync with peer: unexpected EOF
Peer 157622 unexpectedly exited with status 1

Originally created by @ZeroAbility on GitHub (Jul 5, 2025). Original GitHub issue: https://github.com/netblue30/firejail/issues/6798 <!-- See the following links for help with formatting: https://guides.github.com/features/mastering-markdown/ https://docs.github.com/en/github/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax --> ### Description nheko does not open when using a profile. ### Steps to Reproduce _Steps to reproduce the behavior_ 1. Run in bash `LC_ALL=C firejail /path/to/program` (`LC_ALL=C` to get a consistent output in English that can be understood by everybody) 2. Click on '....' 3. Scroll down to '....' 4. See error `ERROR` ### Expected behavior nheko opens successfully. ### Actual behavior nheko does not open ### Behavior without a profile nheko opens: ### Additional context `strace`: <details> <summary>strace</summary> <p> ``` $ strace /usr/bin/nheko 2>&1 | grep open | grep etc openat(AT_FDCWD, "/etc/ld.so.preload", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/etc/gcrypt/hwf.deny", O_RDONLY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/xdg/QtProject/qtlogging.ini", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 8 openat(AT_FDCWD, "/etc/xdg/kdeglobals", O_RDONLY|O_CLOEXEC) = 8 openat(AT_FDCWD, "/etc/xdg/kcminputrc", O_RDONLY|O_CLOEXEC) = 8 openat(AT_FDCWD, "/etc/os-release", O_RDONLY|O_CLOEXEC) = 8 openat(AT_FDCWD, "/etc/localtime", O_RDONLY|O_CLOEXEC) = 8 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 8 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 8 openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 12 openat(AT_FDCWD, "/etc/xdg/kwinrc", O_RDONLY|O_CLOEXEC) = 12 openat(AT_FDCWD, "/etc/xdg/kwinrc", O_RDONLY|O_CLOEXEC) = 12 openat(AT_FDCWD, "/etc/xdg/kwinrc", O_RDONLY|O_CLOEXEC) = 12 openat(AT_FDCWD, "/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 12 openat(AT_FDCWD, "/etc/passwd", O_RDONLY|O_CLOEXEC) = 12 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 20 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 20 openat(AT_FDCWD, "/etc/gnutls/config", O_RDONLY|O_CLOEXEC) = 20 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 20 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 20 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 20 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 20 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 20 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 20 openat(AT_FDCWD, "/etc/vdpau_wrapper.cfg", O_RDONLY) = 21 openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/libva.conf", O_RDONLY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/libva.conf", O_RDONLY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/libva.conf", O_RDONLY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/libva.conf", O_RDONLY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 20 openat(AT_FDCWD, "/etc/xdg/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20 openat(AT_FDCWD, "/etc/xdg/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20 openat(AT_FDCWD, "/etc/xdg/vulkan/explicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/vulkan/explicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20 openat(AT_FDCWD, "/etc/xdg/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20 openat(AT_FDCWD, "/etc/xdg/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20 openat(AT_FDCWD, "/etc/xdg/vulkan/explicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/vulkan/explicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20 openat(AT_FDCWD, "/etc/xdg/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20 openat(AT_FDCWD, "/etc/xdg/vulkan/icd.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/vulkan/icd.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20 openat(AT_FDCWD, "/etc/xdg/vulkan/icd.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/vulkan/icd.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20 openat(AT_FDCWD, "/etc/xdg/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20 openat(AT_FDCWD, "/etc/xdg/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20 openat(AT_FDCWD, "/etc/xdg/vulkan/icd.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/vulkan/icd.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20 openat(AT_FDCWD, "/etc/xdg/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20 openat(AT_FDCWD, "/etc/xdg/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20 openat(AT_FDCWD, "/etc/xdg/vulkan/explicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/vulkan/explicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20 openat(AT_FDCWD, "/etc/xdg/vulkan/icd.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/vulkan/icd.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 20 openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/pulse/client.conf", O_RDONLY|O_CLOEXEC) = 22 openat(AT_FDCWD, "/etc/pulse/client.conf.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/fonts/fonts.conf", O_RDONLY|O_CLOEXEC) = 25 openat(AT_FDCWD, "/etc/fonts/conf.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 25 openat(AT_FDCWD, "/etc/fonts/conf.d/25-no-bitmap-fedora.conf", O_RDONLY|O_CLOEXEC) = 26 openat(AT_FDCWD, "/etc/fonts/conf.d/30-mdv-urwfonts.conf", O_RDONLY|O_CLOEXEC) = 26 access("/etc/fonts/conf.d/60-open-sans.conf", R_OK) = 0 access("/etc/fonts/conf.d/60-open-sans.conf", R_OK) = 0 readlink("/etc/fonts/conf.d/60-open-sans.conf", "../../../usr/share/fontconfig/co"..., 4095) = 58 openat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-bookman.conf", O_RDONLY|O_CLOEXEC) = 26 openat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-c059.conf", O_RDONLY|O_CLOEXEC) = 26 openat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-d050000l.conf", O_RDONLY|O_CLOEXEC) = 26 openat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-fallback-backwards.conf", O_RDONLY|O_CLOEXEC) = 26 openat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-fallback-generics.conf", O_RDONLY|O_CLOEXEC) = 26 openat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-fallback-specifics.conf", O_RDONLY|O_CLOEXEC) = 26 openat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-gothic.conf", O_RDONLY|O_CLOEXEC) = 26 openat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-nimbus-mono-ps.conf", O_RDONLY|O_CLOEXEC) = 26 openat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-nimbus-roman.conf", O_RDONLY|O_CLOEXEC) = 26 openat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-nimbus-sans.conf", O_RDONLY|O_CLOEXEC) = 26 openat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-p052.conf", O_RDONLY|O_CLOEXEC) = 26 openat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-standard-symbols-ps.conf", O_RDONLY|O_CLOEXEC) = 26 openat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-z003.conf", O_RDONLY|O_CLOEXEC) = 26 openat(AT_FDCWD, "/etc/fonts/conf.d/65-lang-pl.conf", O_RDONLY|O_CLOEXEC) = 26 openat(AT_FDCWD, "/etc/fonts/conf.d/90-noto-emoji.conf", O_RDONLY|O_CLOEXEC) = 26 openat(AT_FDCWD, "/etc/fonts/conf.d/99-konsole.conf", O_RDONLY|O_CLOEXEC) = 26 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 25 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 25 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 25 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 25 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 25 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 25 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 25 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 25 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 25 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 25 openat(AT_FDCWD, "/etc/passwd", O_RDONLY|O_CLOEXEC) = 25 openat(AT_FDCWD, "/etc/pki/tls/openssl.cnf", O_RDONLY) = 26 ``` </p> </details> ### Environment - Name/version/arch of the Linux kernel (`uname -srm`): Linux 6.15.4-desktop-2omv2590 x86_64 - Name/version of the Linux distribution (e.g. "Ubuntu 20.04" or "Arch Linux"): OpenMandriva Lx Cooker - Name/version of the relevant program(s)/package(s) (e.g. "firefox 134.0-1, mesa 1:24.3.3-2"): nheko.x86_64 0.12.0-4 cooker-x86_64 - Version of Firejail (`firejail --version`): 0.9.74 - If you use a development version of firejail, also the commit from which it was compiled (`git rev-parse HEAD`): n/a ### Checklist <!-- Note: Items are checked with an "x", like so: - [x] This is a checked item. --> - [X] The issues is caused by firejail (i.e. running the program by path (e.g. `/usr/bin/vlc`) "fixes" it). - [X] I can reproduce the issue without custom modifications (e.g. globals.local). - [X] The program has a profile. (If not, request one in `https://github.com/netblue30/firejail/issues/1139`) - [X] The profile (and redirect profile if exists) hasn't already been fixed [upstream](https://github.com/netblue30/firejail/tree/master/etc). - [X] I have performed a short search for similar issues (to avoid opening a duplicate). - [ ] I'm aware of `browser-allow-drm yes`/`browser-disable-u2f no` in `firejail.config` to allow DRM/U2F in browsers. - [ ] I used `--profile=PROFILENAME` to set the right profile. (Only relevant for AppImages) ### Log <details> <summary>Output of <code>LC_ALL=C firejail /path/to/program</code></summary> <p> ``` $ LC_ALL=C firejail /usr/bin/nheko Error: cannot read UID_MIN and/or GID_MIN from /etc/login.defs, using 1000 by default Reading profile /home/<user>/.config/firejail/nheko.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-shell.inc Reading profile /etc/firejail/disable-xdg.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-runuser-common.inc Reading profile /etc/firejail/whitelist-usr-share-common.inc Reading profile /etc/firejail/whitelist-var-common.inc firejail version 0.9.74 Parent pid 157389, child pid 157394 1 program installed in 21.88 ms Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Warning fcopy: cannot create symbolic link /etc/alternatives/luac Warning fcopy: cannot create symbolic link /etc/alternatives/gs Warning fcopy: cannot create symbolic link /etc/alternatives/ssh-askpass Warning fcopy: cannot create symbolic link /etc/alternatives/ssh_askpass Warning fcopy: cannot create symbolic link /etc/alternatives/bssh_askpass Warning fcopy: cannot create symbolic link /etc/alternatives/lua Warning fcopy: cannot create symbolic link /etc/alternatives/bssh-askpass Warning fcopy: cannot create symbolic link /etc/alternatives/ebtables Warning fcopy: cannot create symbolic link /etc/alternatives/yacc Warning fcopy: cannot create symbolic link /etc/alternatives/brave-browser Error: invalid file type, /etc/login.defs. Error: proc 157389 cannot sync with peer: unexpected EOF Peer 157394 unexpectedly exited with status 1 ``` </p> </details> <details> <summary>Output of <code>LC_ALL=C firejail --debug /path/to/program</code></summary> <p> ``` $ LC_ALL=C firejail --debug /usr/bin/nheko Error: cannot read UID_MIN and/or GID_MIN from /etc/login.defs, using 1000 by default Looking for kernel processes Found kthreadd process, we are not running in a sandbox pid=157618: locking /run/firejail/firejail-run.lock ... pid=157618: locked /run/firejail/firejail-run.lock pid=157618: unlocking /run/firejail/firejail-run.lock ... pid=157618: unlocked /run/firejail/firejail-run.lock Building quoted command line: '/usr/bin/nheko' Command name #nheko# Found nheko.profile profile in /home/<user>/.config/firejail directory Reading profile /home/<user>/.config/firejail/nheko.profile Cannot access .local file nheko.local: No such file or directory, skipping... Cannot access .local file globals.local: No such file or directory, skipping... Found disable-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-common.inc Cannot access .local file disable-common.local: No such file or directory, skipping... Found disable-devel.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-devel.inc Cannot access .local file disable-devel.local: No such file or directory, skipping... Found disable-exec.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-exec.inc Cannot access .local file disable-exec.local: No such file or directory, skipping... Found disable-interpreters.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-interpreters.inc Cannot access .local file disable-interpreters.local: No such file or directory, skipping... Found disable-programs.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-programs.inc Cannot access .local file disable-programs.local: No such file or directory, skipping... Found disable-shell.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-shell.inc Cannot access .local file disable-shell.local: No such file or directory, skipping... Found disable-xdg.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-xdg.inc Cannot access .local file disable-xdg.local: No such file or directory, skipping... Found whitelist-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-common.inc Cannot access .local file whitelist-common.local: No such file or directory, skipping... Found whitelist-runuser-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-runuser-common.inc Cannot access .local file whitelist-runuser-common.local: No such file or directory, skipping... Found whitelist-usr-share-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-usr-share-common.inc Cannot access .local file whitelist-usr-share-common.local: No such file or directory, skipping... Found whitelist-var-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-var-common.inc Cannot access .local file whitelist-var-common.local: No such file or directory, skipping... [profile] combined protocol list: "unix,inet,inet6" firejail version 0.9.74 pid=157618: locking /run/firejail/firejail-run.lock ... pid=157618: locked /run/firejail/firejail-run.lock DISPLAY=:0 parsed as 0 pid=157618: unlocking /run/firejail/firejail-run.lock ... pid=157618: unlocked /run/firejail/firejail-run.lock xdg-dbus-proxy arg: unix:path=/run/user/1001/bus xdg-dbus-proxy arg: /run/firejail/dbus/1001/157618-user xdg-dbus-proxy arg: --filter xdg-dbus-proxy arg: --talk=org.freedesktop.secrets xdg-dbus-proxy arg: --talk=org.freedesktop.Notifications starting xdg-dbus-proxy sbox exec: /usr/bin/xdg-dbus-proxy --fd=4 --args=5 Dropping all capabilities Drop privileges: pid 157619, uid 1001, gid 1007, force_nogroups 1 No supplementary groups xdg-dbus-proxy initialized Using the local network stack Parent pid 157618, child pid 157622 Initializing child process Host network configured PID namespace installed Mounting tmpfs on /run/firejail/mnt directory Creating empty /run/firejail/mnt/seccomp directory Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file IBUS_ADDRESS= IBUS_DAEMON_PID= Build protocol filter: unix,inet,inet6 sbox run: /run/firejail/lib/fseccomp protocol build unix,inet,inet6 /run/firejail/mnt/seccomp/seccomp.protocol Dropping all capabilities Drop privileges: pid 2, uid 1001, gid 1007, force_nogroups 1 No supplementary groups Drop privileges: pid 3, uid 1001, gid 1007, force_nogroups 0 nogroups command not ignored No supplementary groups Mounting /proc filesystem representing the PID namespace Basic read-only filesystem: Mounting read-only /etc 1277 149 259:2 /etc /etc ro,noatime master:1 - ext4 /dev/nvme0n1p2 rw,discard,stripe=256 mountid=1277 fsname=/etc dir=/etc fstype=ext4 Mounting noexec /etc 1278 1277 259:2 /etc /etc ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/nvme0n1p2 rw,discard,stripe=256 mountid=1278 fsname=/etc dir=/etc fstype=ext4 Mounting read-only /var 1279 149 259:2 /var /var ro,noatime master:1 - ext4 /dev/nvme0n1p2 rw,discard,stripe=256 mountid=1279 fsname=/var dir=/var fstype=ext4 Mounting noexec /var 1280 1279 259:2 /var /var ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/nvme0n1p2 rw,discard,stripe=256 mountid=1280 fsname=/var dir=/var fstype=ext4 Mounting read-only /usr 1281 149 259:2 /usr /usr ro,noatime master:1 - ext4 /dev/nvme0n1p2 rw,discard,stripe=256 mountid=1281 fsname=/usr dir=/usr fstype=ext4 Mounting tmpfs on /var/lock Mounting tmpfs on /var/tmp Mounting tmpfs on /var/log Create the new utmp file Mount the new utmp file Cleaning /home directory Cleaning /run/user directory Sanitizing /etc/passwd, UID_MIN 1000 Sanitizing /etc/group, GID_MIN 1000 Disable /home/<user>/.config/firejail Disable /run/firejail/sandbox Disable /run/firejail/network Disable /run/firejail/bandwidth Disable /run/firejail/name Disable /run/firejail/profile Disable /run/firejail/x11 Mounting tmpfs on /dev mounting /run/firejail/mnt/dev/snd directory mounting /run/firejail/mnt/dev/dri directory mounting /run/firejail/mnt/dev/kfd file mounting /run/firejail/mnt/dev/hidraw0 file mounting /run/firejail/mnt/dev/hidraw1 file mounting /run/firejail/mnt/dev/hidraw2 file mounting /run/firejail/mnt/dev/hidraw3 file mounting /run/firejail/mnt/dev/usb directory Process /dev/shm directory Copying files in the new bin directory Checking /usr/local/bin/nheko Checking /usr/bin/nheko sbox run: /run/firejail/lib/fcopy /usr/bin/nheko /run/firejail/mnt/bin Mount-bind /run/firejail/mnt/bin on top of /usr/local/bin Mount-bind /run/firejail/mnt/bin on top of /usr/bin Mount-bind /run/firejail/mnt/bin on top of /bin Mount-bind /run/firejail/mnt/bin on top of /usr/games Mount-bind /run/firejail/mnt/bin on top of /usr/local/games Mount-bind /run/firejail/mnt/bin on top of /usr/local/sbin Mount-bind /run/firejail/mnt/bin on top of /usr/sbin Mount-bind /run/firejail/mnt/bin on top of /sbin 1 program installed in 20.86 ms Generate private-tmp whitelist commands Creating empty /run/firejail/mnt/dbus directory Creating empty /run/firejail/mnt/dbus/user file blacklist /run/user/1001/bus Creating empty /run/firejail/mnt/dbus/system file blacklist /run/dbus/system_bus_socket blacklist /run/firejail/dbus Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Creating a new /etc/hostname file Creating empty /run/firejail/mnt/hostname file Creating a new /etc/hosts file Loading user hosts file Mounting read-only /proc/sys Remounting /sys directory Disable /sys/firmware Disable /sys/power Disable /sys/kernel/debug Disable /sys/kernel/vmcoreinfo Disable /proc/sys/fs/binfmt_misc Disable /proc/sys/kernel/core_pattern Disable /proc/sys/kernel/modprobe Disable /proc/sysrq-trigger Disable /proc/sys/vm/panic_on_oom Disable /proc/irq Disable /proc/bus Disable /proc/timer_list Disable /proc/kcore Disable /proc/kallsyms Disable /usr/lib/modules (requested /lib/modules) Disable /usr/lib/debug Disable /boot Disable /run/user/1001/gnupg Disable /run/user/1001/systemd Disable /proc/kmsg Copying files in the new /etc directory: Copying /etc/alternatives to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/alternatives /run/firejail/mnt/etc/alternatives Warning fcopy: cannot create symbolic link /etc/alternatives/luac Warning fcopy: cannot create symbolic link /etc/alternatives/gs Warning fcopy: cannot create symbolic link /etc/alternatives/ssh-askpass Warning fcopy: cannot create symbolic link /etc/alternatives/ssh_askpass Warning fcopy: cannot create symbolic link /etc/alternatives/bssh_askpass Warning fcopy: cannot create symbolic link /etc/alternatives/lua Warning fcopy: cannot create symbolic link /etc/alternatives/bssh-askpass Warning fcopy: cannot create symbolic link /etc/alternatives/ebtables Warning fcopy: cannot create symbolic link /etc/alternatives/yacc Warning fcopy: cannot create symbolic link /etc/alternatives/brave-browser Copying /etc/fonts to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/fonts /run/firejail/mnt/etc/fonts Warning: file /etc/gcrypt not found. Copying /etc/group to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/group /run/firejail/mnt/etc Copying /etc/ld.so.cache to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/ld.so.cache /run/firejail/mnt/etc Copying /etc/ld.so.conf to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/ld.so.conf /run/firejail/mnt/etc Copying /etc/ld.so.conf.d to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/ld.so.conf.d /run/firejail/mnt/etc/ld.so.conf.d Copying /etc/ld.so.preload to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/ld.so.preload /run/firejail/mnt/etc Warning: file /etc/locale not found. Warning: file /etc/locale.alias not found. Copying /etc/locale.conf to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/locale.conf /run/firejail/mnt/etc Copying /etc/localtime to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/localtime /run/firejail/mnt/etc Error: invalid file type, /etc/login.defs. Error: proc 157618 cannot sync with peer: unexpected EOF Peer 157622 unexpectedly exited with status 1 ``` </p> </details>
gitea-mirror commented 2026-05-05 09:57:06 -06:00
Author
Owner
Copy link

@kmk3 commented on GitHub (Jul 5, 2025):

$ LC_ALL=C firejail /usr/bin/nheko
Error: cannot read UID_MIN and/or GID_MIN from /etc/login.defs, using 1000 by default
Reading profile /home/<user>/.config/firejail/nheko.profile

What happens when using /etc/firejail/nheko.profile?

[...]
Warning fcopy: cannot create symbolic link /etc/alternatives/luac
Warning fcopy: cannot create symbolic link /etc/alternatives/gs
Warning fcopy: cannot create symbolic link /etc/alternatives/ssh-askpass
Warning fcopy: cannot create symbolic link /etc/alternatives/ssh_askpass
Warning fcopy: cannot create symbolic link /etc/alternatives/bssh_askpass
Warning fcopy: cannot create symbolic link /etc/alternatives/lua
Warning fcopy: cannot create symbolic link /etc/alternatives/bssh-askpass
Warning fcopy: cannot create symbolic link /etc/alternatives/ebtables
Warning fcopy: cannot create symbolic link /etc/alternatives/yacc
Warning fcopy: cannot create symbolic link /etc/alternatives/brave-browser
Error: invalid file type, /etc/login.defs.
Error: proc 157389 cannot sync with peer: unexpected EOF
Peer 157394 unexpectedly exited with status 1

What is the output of the following?

ls -al /etc/alternatives "$(realpath /etc/alternatives)"
ls -al /etc/login.defs "$(realpath /etc/login.defs)"
<!-- gh-comment-id:3039467700 --> @kmk3 commented on GitHub (Jul 5, 2025): > ``` > $ LC_ALL=C firejail /usr/bin/nheko > Error: cannot read UID_MIN and/or GID_MIN from /etc/login.defs, using 1000 by default > Reading profile /home/<user>/.config/firejail/nheko.profile > ``` What happens when using /etc/firejail/nheko.profile? > ``` > [...] > Warning fcopy: cannot create symbolic link /etc/alternatives/luac > Warning fcopy: cannot create symbolic link /etc/alternatives/gs > Warning fcopy: cannot create symbolic link /etc/alternatives/ssh-askpass > Warning fcopy: cannot create symbolic link /etc/alternatives/ssh_askpass > Warning fcopy: cannot create symbolic link /etc/alternatives/bssh_askpass > Warning fcopy: cannot create symbolic link /etc/alternatives/lua > Warning fcopy: cannot create symbolic link /etc/alternatives/bssh-askpass > Warning fcopy: cannot create symbolic link /etc/alternatives/ebtables > Warning fcopy: cannot create symbolic link /etc/alternatives/yacc > Warning fcopy: cannot create symbolic link /etc/alternatives/brave-browser > Error: invalid file type, /etc/login.defs. > Error: proc 157389 cannot sync with peer: unexpected EOF > Peer 157394 unexpectedly exited with status 1 > ``` What is the output of the following? ```sh ls -al /etc/alternatives "$(realpath /etc/alternatives)" ls -al /etc/login.defs "$(realpath /etc/login.defs)" ```
gitea-mirror commented 2026-05-05 09:57:07 -06:00
Author
Owner
Copy link

@ZeroAbility commented on GitHub (Jul 5, 2025):

What happens when using /etc/firejail/nheko.profile?

I believe this negates it (from --debug):

Disable /home/<user>/.config/firejail

But it does the same thing. It's a copy of the /etc/ profile plus this change:

private-etc @tls-ca,@network,@sound,@x11,host.conf,mime.types,os-release

For consistency's sake:

LC_ALL=C firejail --profile=/etc/firejail/nheko.profile --debug /usr/bin/nheko

Error: cannot read UID_MIN and/or GID_MIN from /etc/login.defs, using 1000 by default
Looking for kernel processes
Found kthreadd process, we are not running in a sandbox
pid=157996: locking /run/firejail/firejail-run.lock ...
pid=157996: locked /run/firejail/firejail-run.lock
pid=157996: unlocking /run/firejail/firejail-run.lock ...
pid=157996: unlocked /run/firejail/firejail-run.lock
Reading profile /etc/firejail/nheko.profile
Cannot access .local file nheko.local: No such file or directory, skipping...
Cannot access .local file globals.local: No such file or directory, skipping...
Found disable-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-common.inc
Cannot access .local file disable-common.local: No such file or directory, skipping...
Found disable-devel.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-devel.inc
Cannot access .local file disable-devel.local: No such file or directory, skipping...
Found disable-exec.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-exec.inc
Cannot access .local file disable-exec.local: No such file or directory, skipping...
Found disable-interpreters.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-interpreters.inc
Cannot access .local file disable-interpreters.local: No such file or directory, skipping...
Found disable-programs.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-programs.inc
Cannot access .local file disable-programs.local: No such file or directory, skipping...
Found disable-shell.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-shell.inc
Cannot access .local file disable-shell.local: No such file or directory, skipping...
Found disable-xdg.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-xdg.inc
Cannot access .local file disable-xdg.local: No such file or directory, skipping...
Found whitelist-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-common.inc
Cannot access .local file whitelist-common.local: No such file or directory, skipping...
Found whitelist-runuser-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-runuser-common.inc
Cannot access .local file whitelist-runuser-common.local: No such file or directory, skipping...
Found whitelist-usr-share-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Cannot access .local file whitelist-usr-share-common.local: No such file or directory, skipping...
Found whitelist-var-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-var-common.inc
Cannot access .local file whitelist-var-common.local: No such file or directory, skipping...
[profile] combined protocol list: "unix,inet,inet6"
Building quoted command line: '/usr/bin/nhek' 
Command name #nhek#
firejail version 0.9.74

pid=157996: locking /run/firejail/firejail-run.lock ...
pid=157996: locked /run/firejail/firejail-run.lock
DISPLAY=:0 parsed as 0
pid=157996: unlocking /run/firejail/firejail-run.lock ...
pid=157996: unlocked /run/firejail/firejail-run.lock
xdg-dbus-proxy arg: unix:path=/run/user/1001/bus
xdg-dbus-proxy arg: /run/firejail/dbus/1001/157996-user
xdg-dbus-proxy arg: --filter
xdg-dbus-proxy arg: --talk=org.freedesktop.secrets
starting xdg-dbus-proxy
sbox exec: /usr/bin/xdg-dbus-proxy --fd=4 --args=5 
Dropping all capabilities
Drop privileges: pid 157997, uid 1001, gid 1007, force_nogroups 1
No supplementary groups
xdg-dbus-proxy initialized
Using the local network stack
Parent pid 157996, child pid 158000
Initializing child process
Host network configured
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp directory
Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file
IBUS_ADDRESS=
IBUS_DAEMON_PID=
Build protocol filter: unix,inet,inet6
sbox run: /run/firejail/lib/fseccomp protocol build unix,inet,inet6 /run/firejail/mnt/seccomp/seccomp.protocol 
Dropping all capabilities
Drop privileges: pid 2, uid 1001, gid 1007, force_nogroups 1
No supplementary groups
Drop privileges: pid 3, uid 1001, gid 1007, force_nogroups 0
nogroups command not ignored
No supplementary groups
Mounting /proc filesystem representing the PID namespace
Basic read-only filesystem:
Mounting read-only /etc
1277 149 259:2 /etc /etc ro,noatime master:1 - ext4 /dev/nvme0n1p2 rw,discard,stripe=256
mountid=1277 fsname=/etc dir=/etc fstype=ext4
Mounting noexec /etc
1278 1277 259:2 /etc /etc ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/nvme0n1p2 rw,discard,stripe=256
mountid=1278 fsname=/etc dir=/etc fstype=ext4
Mounting read-only /var
1279 149 259:2 /var /var ro,noatime master:1 - ext4 /dev/nvme0n1p2 rw,discard,stripe=256
mountid=1279 fsname=/var dir=/var fstype=ext4
Mounting noexec /var
1280 1279 259:2 /var /var ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/nvme0n1p2 rw,discard,stripe=256
mountid=1280 fsname=/var dir=/var fstype=ext4
Mounting read-only /usr
1281 149 259:2 /usr /usr ro,noatime master:1 - ext4 /dev/nvme0n1p2 rw,discard,stripe=256
mountid=1281 fsname=/usr dir=/usr fstype=ext4
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Cleaning /run/user directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /home/<user>/.config/firejail
Disable /run/firejail/sandbox
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/profile
Disable /run/firejail/x11
Mounting tmpfs on /dev
mounting /run/firejail/mnt/dev/snd directory
mounting /run/firejail/mnt/dev/dri directory
mounting /run/firejail/mnt/dev/kfd file
mounting /run/firejail/mnt/dev/hidraw0 file
mounting /run/firejail/mnt/dev/hidraw1 file
mounting /run/firejail/mnt/dev/hidraw2 file
mounting /run/firejail/mnt/dev/hidraw3 file
mounting /run/firejail/mnt/dev/usb directory
Process /dev/shm directory
Copying files in the new bin directory
Checking /usr/local/bin/nheko
Checking /usr/bin/nheko
sbox run: /run/firejail/lib/fcopy /usr/bin/nheko /run/firejail/mnt/bin 
Mount-bind /run/firejail/mnt/bin on top of /usr/local/bin
Mount-bind /run/firejail/mnt/bin on top of /usr/bin
Mount-bind /run/firejail/mnt/bin on top of /bin
Mount-bind /run/firejail/mnt/bin on top of /usr/games
Mount-bind /run/firejail/mnt/bin on top of /usr/local/games
Mount-bind /run/firejail/mnt/bin on top of /usr/local/sbin
Mount-bind /run/firejail/mnt/bin on top of /usr/sbin
Mount-bind /run/firejail/mnt/bin on top of /sbin
1 program installed in 22.12 ms
Generate private-tmp whitelist commands
Creating empty /run/firejail/mnt/dbus directory
Creating empty /run/firejail/mnt/dbus/user file
blacklist /run/user/1001/bus
Creating empty /run/firejail/mnt/dbus/system file
blacklist /run/dbus/system_bus_socket
blacklist /run/firejail/dbus
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Creating a new /etc/hostname file
Creating empty /run/firejail/mnt/hostname file
Creating a new /etc/hosts file
Loading user hosts file
Mounting read-only /proc/sys
Remounting /sys directory
Disable /sys/firmware
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/timer_list
Disable /proc/kcore
Disable /proc/kallsyms
Disable /usr/lib/modules (requested /lib/modules)
Disable /usr/lib/debug
Disable /boot
Disable /run/user/1001/gnupg
Disable /run/user/1001/systemd
Disable /proc/kmsg
Copying files in the new /etc directory:
Copying /etc/alternatives to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/alternatives /run/firejail/mnt/etc/alternatives 
Warning fcopy: cannot create symbolic link /etc/alternatives/luac
Warning fcopy: cannot create symbolic link /etc/alternatives/gs
Warning fcopy: cannot create symbolic link /etc/alternatives/ssh-askpass
Warning fcopy: cannot create symbolic link /etc/alternatives/ssh_askpass
Warning fcopy: cannot create symbolic link /etc/alternatives/bssh_askpass
Warning fcopy: cannot create symbolic link /etc/alternatives/lua
Warning fcopy: cannot create symbolic link /etc/alternatives/bssh-askpass
Warning fcopy: cannot create symbolic link /etc/alternatives/ebtables
Warning fcopy: cannot create symbolic link /etc/alternatives/yacc
Warning fcopy: cannot create symbolic link /etc/alternatives/brave-browser
Copying /etc/fonts to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/fonts /run/firejail/mnt/etc/fonts 
Warning: file /etc/gcrypt not found.
Copying /etc/group to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/group /run/firejail/mnt/etc 
Copying /etc/ld.so.cache to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/ld.so.cache /run/firejail/mnt/etc 
Copying /etc/ld.so.conf to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/ld.so.conf /run/firejail/mnt/etc 
Copying /etc/ld.so.conf.d to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/ld.so.conf.d /run/firejail/mnt/etc/ld.so.conf.d 
Copying /etc/ld.so.preload to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/ld.so.preload /run/firejail/mnt/etc 
Warning: file /etc/locale not found.
Warning: file /etc/locale.alias not found.
Copying /etc/locale.conf to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/locale.conf /run/firejail/mnt/etc 
Copying /etc/localtime to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/localtime /run/firejail/mnt/etc 
Error: invalid file type, /etc/login.defs.
Error: proc 157996 cannot sync with peer: unexpected EOF
Peer 158000 unexpectedly exited with status 1

ls -al /etc/alternatives "$(realpath /etc/alternatives)"

/etc/alternatives:
total 16
drwxr-xr-x   2 root root  4096 Jun 22 19:25 .
drwxr-xr-x 144 root root 12288 Jul  4 17:47 ..
lrwxrwxrwx   1 root root    29 Jul 20  2023 brave-browser -> /usr/bin/brave-browser-stable
lrwxrwxrwx   1 root root    28 Apr 16  2024 bssh-askpass -> /usr/bin/plasma6-ksshaskpass
lrwxrwxrwx   1 root root    20 Apr 10  2024 bssh_askpass -> /usr/bin/ksshaskpass
lrwxrwxrwx   1 root root    24 Jun 19 22:08 ebtables -> /usr/bin/ebtables-legacy
lrwxrwxrwx   1 root root    30 Jul  6  2023 grub.vendor -> /etc/default/grub.OpenMandriva
lrwxrwxrwx   1 root root    12 Jul  6  2023 gs -> /usr/bin/gsc
lrwxrwxrwx   1 root root    15 Jan  8 13:47 lua -> /usr/bin/lua5.4
lrwxrwxrwx   1 root root    16 Jan  8 13:47 luac -> /usr/bin/luac5.4
lrwxrwxrwx   1 root root    25 Jul  6  2023 soundprofile -> /etc/sound/profiles/pulse
lrwxrwxrwx   1 root root    20 Jun 19 22:08 ssh-askpass -> /usr/bin/ksshaskpass
lrwxrwxrwx   1 root root    20 Apr 10  2024 ssh_askpass -> /usr/bin/ksshaskpass
lrwxrwxrwx   1 root root    14 Feb 29  2024 yacc -> /usr/bin/byacc

/etc/alternatives:
total 16
drwxr-xr-x   2 root root  4096 Jun 22 19:25 .
drwxr-xr-x 144 root root 12288 Jul  4 17:47 ..
lrwxrwxrwx   1 root root    29 Jul 20  2023 brave-browser -> /usr/bin/brave-browser-stable
lrwxrwxrwx   1 root root    28 Apr 16  2024 bssh-askpass -> /usr/bin/plasma6-ksshaskpass
lrwxrwxrwx   1 root root    20 Apr 10  2024 bssh_askpass -> /usr/bin/ksshaskpass
lrwxrwxrwx   1 root root    24 Jun 19 22:08 ebtables -> /usr/bin/ebtables-legacy
lrwxrwxrwx   1 root root    30 Jul  6  2023 grub.vendor -> /etc/default/grub.OpenMandriva
lrwxrwxrwx   1 root root    12 Jul  6  2023 gs -> /usr/bin/gsc
lrwxrwxrwx   1 root root    15 Jan  8 13:47 lua -> /usr/bin/lua5.4
lrwxrwxrwx   1 root root    16 Jan  8 13:47 luac -> /usr/bin/luac5.4
lrwxrwxrwx   1 root root    25 Jul  6  2023 soundprofile -> /etc/sound/profiles/pulse
lrwxrwxrwx   1 root root    20 Jun 19 22:08 ssh-askpass -> /usr/bin/ksshaskpass
lrwxrwxrwx   1 root root    20 Apr 10  2024 ssh_askpass -> /usr/bin/ksshaskpass
lrwxrwxrwx   1 root root    14 Feb 29  2024 yacc -> /usr/bin/byacc

ls -al /etc/login.defs "$(realpath /etc/login.defs)"

-rw-r----- 1 root shadow 8786 Jun 25 09:54 /etc/login.defs
-rw-r----- 1 root shadow 8786 Jun 25 09:54 /etc/login.defs
<!-- gh-comment-id:3039508730 --> @ZeroAbility commented on GitHub (Jul 5, 2025): >What happens when using /etc/firejail/nheko.profile? I believe this negates it (from `--debug`): `Disable /home/<user>/.config/firejail` But it does the same thing. It's a copy of the `/etc/` profile plus this change: `private-etc @tls-ca,@network,@sound,@x11,host.conf,mime.types,os-release` For consistency's sake: `LC_ALL=C firejail --profile=/etc/firejail/nheko.profile --debug /usr/bin/nheko` <details> ``` Error: cannot read UID_MIN and/or GID_MIN from /etc/login.defs, using 1000 by default Looking for kernel processes Found kthreadd process, we are not running in a sandbox pid=157996: locking /run/firejail/firejail-run.lock ... pid=157996: locked /run/firejail/firejail-run.lock pid=157996: unlocking /run/firejail/firejail-run.lock ... pid=157996: unlocked /run/firejail/firejail-run.lock Reading profile /etc/firejail/nheko.profile Cannot access .local file nheko.local: No such file or directory, skipping... Cannot access .local file globals.local: No such file or directory, skipping... Found disable-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-common.inc Cannot access .local file disable-common.local: No such file or directory, skipping... Found disable-devel.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-devel.inc Cannot access .local file disable-devel.local: No such file or directory, skipping... Found disable-exec.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-exec.inc Cannot access .local file disable-exec.local: No such file or directory, skipping... Found disable-interpreters.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-interpreters.inc Cannot access .local file disable-interpreters.local: No such file or directory, skipping... Found disable-programs.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-programs.inc Cannot access .local file disable-programs.local: No such file or directory, skipping... Found disable-shell.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-shell.inc Cannot access .local file disable-shell.local: No such file or directory, skipping... Found disable-xdg.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-xdg.inc Cannot access .local file disable-xdg.local: No such file or directory, skipping... Found whitelist-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-common.inc Cannot access .local file whitelist-common.local: No such file or directory, skipping... Found whitelist-runuser-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-runuser-common.inc Cannot access .local file whitelist-runuser-common.local: No such file or directory, skipping... Found whitelist-usr-share-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-usr-share-common.inc Cannot access .local file whitelist-usr-share-common.local: No such file or directory, skipping... Found whitelist-var-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-var-common.inc Cannot access .local file whitelist-var-common.local: No such file or directory, skipping... [profile] combined protocol list: "unix,inet,inet6" Building quoted command line: '/usr/bin/nhek' Command name #nhek# firejail version 0.9.74 pid=157996: locking /run/firejail/firejail-run.lock ... pid=157996: locked /run/firejail/firejail-run.lock DISPLAY=:0 parsed as 0 pid=157996: unlocking /run/firejail/firejail-run.lock ... pid=157996: unlocked /run/firejail/firejail-run.lock xdg-dbus-proxy arg: unix:path=/run/user/1001/bus xdg-dbus-proxy arg: /run/firejail/dbus/1001/157996-user xdg-dbus-proxy arg: --filter xdg-dbus-proxy arg: --talk=org.freedesktop.secrets starting xdg-dbus-proxy sbox exec: /usr/bin/xdg-dbus-proxy --fd=4 --args=5 Dropping all capabilities Drop privileges: pid 157997, uid 1001, gid 1007, force_nogroups 1 No supplementary groups xdg-dbus-proxy initialized Using the local network stack Parent pid 157996, child pid 158000 Initializing child process Host network configured PID namespace installed Mounting tmpfs on /run/firejail/mnt directory Creating empty /run/firejail/mnt/seccomp directory Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file IBUS_ADDRESS= IBUS_DAEMON_PID= Build protocol filter: unix,inet,inet6 sbox run: /run/firejail/lib/fseccomp protocol build unix,inet,inet6 /run/firejail/mnt/seccomp/seccomp.protocol Dropping all capabilities Drop privileges: pid 2, uid 1001, gid 1007, force_nogroups 1 No supplementary groups Drop privileges: pid 3, uid 1001, gid 1007, force_nogroups 0 nogroups command not ignored No supplementary groups Mounting /proc filesystem representing the PID namespace Basic read-only filesystem: Mounting read-only /etc 1277 149 259:2 /etc /etc ro,noatime master:1 - ext4 /dev/nvme0n1p2 rw,discard,stripe=256 mountid=1277 fsname=/etc dir=/etc fstype=ext4 Mounting noexec /etc 1278 1277 259:2 /etc /etc ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/nvme0n1p2 rw,discard,stripe=256 mountid=1278 fsname=/etc dir=/etc fstype=ext4 Mounting read-only /var 1279 149 259:2 /var /var ro,noatime master:1 - ext4 /dev/nvme0n1p2 rw,discard,stripe=256 mountid=1279 fsname=/var dir=/var fstype=ext4 Mounting noexec /var 1280 1279 259:2 /var /var ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/nvme0n1p2 rw,discard,stripe=256 mountid=1280 fsname=/var dir=/var fstype=ext4 Mounting read-only /usr 1281 149 259:2 /usr /usr ro,noatime master:1 - ext4 /dev/nvme0n1p2 rw,discard,stripe=256 mountid=1281 fsname=/usr dir=/usr fstype=ext4 Mounting tmpfs on /var/lock Mounting tmpfs on /var/tmp Mounting tmpfs on /var/log Create the new utmp file Mount the new utmp file Cleaning /home directory Cleaning /run/user directory Sanitizing /etc/passwd, UID_MIN 1000 Sanitizing /etc/group, GID_MIN 1000 Disable /home/<user>/.config/firejail Disable /run/firejail/sandbox Disable /run/firejail/network Disable /run/firejail/bandwidth Disable /run/firejail/name Disable /run/firejail/profile Disable /run/firejail/x11 Mounting tmpfs on /dev mounting /run/firejail/mnt/dev/snd directory mounting /run/firejail/mnt/dev/dri directory mounting /run/firejail/mnt/dev/kfd file mounting /run/firejail/mnt/dev/hidraw0 file mounting /run/firejail/mnt/dev/hidraw1 file mounting /run/firejail/mnt/dev/hidraw2 file mounting /run/firejail/mnt/dev/hidraw3 file mounting /run/firejail/mnt/dev/usb directory Process /dev/shm directory Copying files in the new bin directory Checking /usr/local/bin/nheko Checking /usr/bin/nheko sbox run: /run/firejail/lib/fcopy /usr/bin/nheko /run/firejail/mnt/bin Mount-bind /run/firejail/mnt/bin on top of /usr/local/bin Mount-bind /run/firejail/mnt/bin on top of /usr/bin Mount-bind /run/firejail/mnt/bin on top of /bin Mount-bind /run/firejail/mnt/bin on top of /usr/games Mount-bind /run/firejail/mnt/bin on top of /usr/local/games Mount-bind /run/firejail/mnt/bin on top of /usr/local/sbin Mount-bind /run/firejail/mnt/bin on top of /usr/sbin Mount-bind /run/firejail/mnt/bin on top of /sbin 1 program installed in 22.12 ms Generate private-tmp whitelist commands Creating empty /run/firejail/mnt/dbus directory Creating empty /run/firejail/mnt/dbus/user file blacklist /run/user/1001/bus Creating empty /run/firejail/mnt/dbus/system file blacklist /run/dbus/system_bus_socket blacklist /run/firejail/dbus Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Creating a new /etc/hostname file Creating empty /run/firejail/mnt/hostname file Creating a new /etc/hosts file Loading user hosts file Mounting read-only /proc/sys Remounting /sys directory Disable /sys/firmware Disable /sys/power Disable /sys/kernel/debug Disable /sys/kernel/vmcoreinfo Disable /proc/sys/fs/binfmt_misc Disable /proc/sys/kernel/core_pattern Disable /proc/sys/kernel/modprobe Disable /proc/sysrq-trigger Disable /proc/sys/vm/panic_on_oom Disable /proc/irq Disable /proc/bus Disable /proc/timer_list Disable /proc/kcore Disable /proc/kallsyms Disable /usr/lib/modules (requested /lib/modules) Disable /usr/lib/debug Disable /boot Disable /run/user/1001/gnupg Disable /run/user/1001/systemd Disable /proc/kmsg Copying files in the new /etc directory: Copying /etc/alternatives to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/alternatives /run/firejail/mnt/etc/alternatives Warning fcopy: cannot create symbolic link /etc/alternatives/luac Warning fcopy: cannot create symbolic link /etc/alternatives/gs Warning fcopy: cannot create symbolic link /etc/alternatives/ssh-askpass Warning fcopy: cannot create symbolic link /etc/alternatives/ssh_askpass Warning fcopy: cannot create symbolic link /etc/alternatives/bssh_askpass Warning fcopy: cannot create symbolic link /etc/alternatives/lua Warning fcopy: cannot create symbolic link /etc/alternatives/bssh-askpass Warning fcopy: cannot create symbolic link /etc/alternatives/ebtables Warning fcopy: cannot create symbolic link /etc/alternatives/yacc Warning fcopy: cannot create symbolic link /etc/alternatives/brave-browser Copying /etc/fonts to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/fonts /run/firejail/mnt/etc/fonts Warning: file /etc/gcrypt not found. Copying /etc/group to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/group /run/firejail/mnt/etc Copying /etc/ld.so.cache to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/ld.so.cache /run/firejail/mnt/etc Copying /etc/ld.so.conf to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/ld.so.conf /run/firejail/mnt/etc Copying /etc/ld.so.conf.d to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/ld.so.conf.d /run/firejail/mnt/etc/ld.so.conf.d Copying /etc/ld.so.preload to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/ld.so.preload /run/firejail/mnt/etc Warning: file /etc/locale not found. Warning: file /etc/locale.alias not found. Copying /etc/locale.conf to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/locale.conf /run/firejail/mnt/etc Copying /etc/localtime to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/localtime /run/firejail/mnt/etc Error: invalid file type, /etc/login.defs. Error: proc 157996 cannot sync with peer: unexpected EOF Peer 158000 unexpectedly exited with status 1 ``` </details> >`ls -al /etc/alternatives "$(realpath /etc/alternatives)"` ``` /etc/alternatives: total 16 drwxr-xr-x 2 root root 4096 Jun 22 19:25 . drwxr-xr-x 144 root root 12288 Jul 4 17:47 .. lrwxrwxrwx 1 root root 29 Jul 20 2023 brave-browser -> /usr/bin/brave-browser-stable lrwxrwxrwx 1 root root 28 Apr 16 2024 bssh-askpass -> /usr/bin/plasma6-ksshaskpass lrwxrwxrwx 1 root root 20 Apr 10 2024 bssh_askpass -> /usr/bin/ksshaskpass lrwxrwxrwx 1 root root 24 Jun 19 22:08 ebtables -> /usr/bin/ebtables-legacy lrwxrwxrwx 1 root root 30 Jul 6 2023 grub.vendor -> /etc/default/grub.OpenMandriva lrwxrwxrwx 1 root root 12 Jul 6 2023 gs -> /usr/bin/gsc lrwxrwxrwx 1 root root 15 Jan 8 13:47 lua -> /usr/bin/lua5.4 lrwxrwxrwx 1 root root 16 Jan 8 13:47 luac -> /usr/bin/luac5.4 lrwxrwxrwx 1 root root 25 Jul 6 2023 soundprofile -> /etc/sound/profiles/pulse lrwxrwxrwx 1 root root 20 Jun 19 22:08 ssh-askpass -> /usr/bin/ksshaskpass lrwxrwxrwx 1 root root 20 Apr 10 2024 ssh_askpass -> /usr/bin/ksshaskpass lrwxrwxrwx 1 root root 14 Feb 29 2024 yacc -> /usr/bin/byacc /etc/alternatives: total 16 drwxr-xr-x 2 root root 4096 Jun 22 19:25 . drwxr-xr-x 144 root root 12288 Jul 4 17:47 .. lrwxrwxrwx 1 root root 29 Jul 20 2023 brave-browser -> /usr/bin/brave-browser-stable lrwxrwxrwx 1 root root 28 Apr 16 2024 bssh-askpass -> /usr/bin/plasma6-ksshaskpass lrwxrwxrwx 1 root root 20 Apr 10 2024 bssh_askpass -> /usr/bin/ksshaskpass lrwxrwxrwx 1 root root 24 Jun 19 22:08 ebtables -> /usr/bin/ebtables-legacy lrwxrwxrwx 1 root root 30 Jul 6 2023 grub.vendor -> /etc/default/grub.OpenMandriva lrwxrwxrwx 1 root root 12 Jul 6 2023 gs -> /usr/bin/gsc lrwxrwxrwx 1 root root 15 Jan 8 13:47 lua -> /usr/bin/lua5.4 lrwxrwxrwx 1 root root 16 Jan 8 13:47 luac -> /usr/bin/luac5.4 lrwxrwxrwx 1 root root 25 Jul 6 2023 soundprofile -> /etc/sound/profiles/pulse lrwxrwxrwx 1 root root 20 Jun 19 22:08 ssh-askpass -> /usr/bin/ksshaskpass lrwxrwxrwx 1 root root 20 Apr 10 2024 ssh_askpass -> /usr/bin/ksshaskpass lrwxrwxrwx 1 root root 14 Feb 29 2024 yacc -> /usr/bin/byacc ``` >`ls -al /etc/login.defs "$(realpath /etc/login.defs)"` ``` -rw-r----- 1 root shadow 8786 Jun 25 09:54 /etc/login.defs -rw-r----- 1 root shadow 8786 Jun 25 09:54 /etc/login.defs ```
gitea-mirror commented 2026-05-05 09:57:08 -06:00
Author
Owner
Copy link

@ZeroAbility commented on GitHub (Jul 5, 2025):

The login.defs error comes up on a lot of things (like ssh) that work. nheko worked in the previous version. I simply updated the version number in our package spec and now it does not.

<!-- gh-comment-id:3039534084 --> @ZeroAbility commented on GitHub (Jul 5, 2025): The `login.defs` error comes up on a lot of things (like `ssh`) that work. nheko worked in the previous version. I simply updated the version number in our package spec and now it does not.
gitea-mirror commented 2026-05-05 09:57:09 -06:00
Author
Owner
Copy link

@ZeroAbility commented on GitHub (Jul 5, 2025):

More diagnosis:

This will run, but trying to run after closing it will produce the same error:

firejail --build=~/.config/firejail/nheko.profile /usr/bin/nheko

Error: cannot read UID_MIN and/or GID_MIN from /etc/login.defs, using 1000 by default
Error: cannot read UID_MIN and/or GID_MIN from /etc/login.defs, using 1000 by default
[2025-07-05 14:32:02.286] [ui] [info] Restoring window size 1066x600
[2025-07-05 14:32:02.295] [ui] [info] WebRTC: initialised GStreamer 1.26.3
[2025-07-05 14:32:02.318] [qml] [info] Using Qt multimedia with FFmpeg version 7.1.1 nonfree and unredistributable (:0, )
[2025-07-05 14:32:02.368] [ui] [error] Missing GStreamer elements: audioconvert audioresample autoaudiosink decodebin opusenc rtpopuspay volume webrtcbin nicesrc nicesink glsinkbin glupload qml6glsink rtpvp8pay videoconvert videoscale videorate 
[2025-07-05 14:32:02.375] [ui] [info] jdenticon plugin not found.
[2025-07-05 14:32:02.817] [ui] [info] starting nheko 0.12.0
[2025-07-05 14:32:02.829] [ui] [info] Unity service available: true

The only thing that absolutely will work in any profile is to comment out private-etc.

<!-- gh-comment-id:3039580152 --> @ZeroAbility commented on GitHub (Jul 5, 2025): More diagnosis: This will run, but trying to run after closing it will produce the same error: `firejail --build=~/.config/firejail/nheko.profile /usr/bin/nheko` <details> ``` Error: cannot read UID_MIN and/or GID_MIN from /etc/login.defs, using 1000 by default Error: cannot read UID_MIN and/or GID_MIN from /etc/login.defs, using 1000 by default [2025-07-05 14:32:02.286] [ui] [info] Restoring window size 1066x600 [2025-07-05 14:32:02.295] [ui] [info] WebRTC: initialised GStreamer 1.26.3 [2025-07-05 14:32:02.318] [qml] [info] Using Qt multimedia with FFmpeg version 7.1.1 nonfree and unredistributable (:0, ) [2025-07-05 14:32:02.368] [ui] [error] Missing GStreamer elements: audioconvert audioresample autoaudiosink decodebin opusenc rtpopuspay volume webrtcbin nicesrc nicesink glsinkbin glupload qml6glsink rtpvp8pay videoconvert videoscale videorate [2025-07-05 14:32:02.375] [ui] [info] jdenticon plugin not found. [2025-07-05 14:32:02.817] [ui] [info] starting nheko 0.12.0 [2025-07-05 14:32:02.829] [ui] [info] Unity service available: true ``` </details> The only thing that absolutely will work in any profile is to comment out `private-etc`.
gitea-mirror commented 2026-05-05 09:57:11 -06:00
Author
Owner
Copy link

@kmk3 commented on GitHub (Jul 5, 2025):

firejail --build=~/.config/firejail/nheko.profile /usr/bin/nheko

I'd suggest placing the generated profile somewhere else to avoid accidentally
using it; see:

Error: invalid file type, /etc/login.defs.

The message seems to be from this code:
https://github.com/netblue30/firejail/blob/9bc9b8af4e727adbcb3e923e5e8f4faa7f8443cc/src/firejail/fs_etc.c#L245-L267

It doesn't look like it should fail given your /etc/login.defs output.

Also, it seems like "invalid file type" is also printed for when the file
cannot be accessed, so the error messages could be improved.

-rw-r----- 1 root shadow 8786 Jun 25 09:54 /etc/login.defs
-rw-r----- 1 root shadow 8786 Jun 25 09:54 /etc/login.defs

Since it's owned by root:shadow instead of the usual root:root, the issue
might be related to groups.

Does it work with the following in ~/.config/firejail/nheko.local?

ignore nogroups
ignore noroot

If not, you can try commenting nheko.profile until you find which lines are
causing problems and then post them in here.

The only thing that absolutely will work in any profile is to comment out
private-etc.

So does commenting it entirely fix the problem?

You can try using --trace=trace.txt to see what else it accesses in /etc.

Example:

firejail --trace=trace.txt /usr/bin/nheko

Likely relates to:

<!-- gh-comment-id:3039681631 --> @kmk3 commented on GitHub (Jul 5, 2025): > ``` > firejail --build=~/.config/firejail/nheko.profile /usr/bin/nheko > ``` I'd suggest placing the generated profile somewhere else to avoid accidentally using it; see: * #6653 > ``` > Error: invalid file type, /etc/login.defs. > ``` The message seems to be from this code: <https://github.com/netblue30/firejail/blob/9bc9b8af4e727adbcb3e923e5e8f4faa7f8443cc/src/firejail/fs_etc.c#L245-L267> It doesn't look like it should fail given your /etc/login.defs output. Also, it seems like "invalid file type" is also printed for when the file cannot be accessed, so the error messages could be improved. > ``` > -rw-r----- 1 root shadow 8786 Jun 25 09:54 /etc/login.defs > -rw-r----- 1 root shadow 8786 Jun 25 09:54 /etc/login.defs > ``` Since it's owned by `root:shadow` instead of the usual `root:root`, the issue might be related to groups. Does it work with the following in ~/.config/firejail/nheko.local? ``` ignore nogroups ignore noroot ``` If not, you can try commenting nheko.profile until you find which lines are causing problems and then post them in here. > The only thing that absolutely will work in any profile is to comment out > `private-etc`. So does commenting it entirely fix the problem? You can try using `--trace=trace.txt` to see what else it accesses in /etc. Example: ``` firejail --trace=trace.txt /usr/bin/nheko ``` Likely relates to: * #6400
gitea-mirror commented 2026-05-05 09:57:11 -06:00
Author
Owner
Copy link

@ZeroAbility commented on GitHub (Jul 5, 2025):

I'd suggest placing the generated profile somewhere else to avoid accidentally
using it

I created a directory specifically to isolate from that location just now and used the same path for the --profile= option and it gets the same error.

Does it work with the following in ~/.config/firejail/nheko.local?

ignore nogroups
ignore noroot

No.

So does commenting it entirely fix the problem?

Yes.

You can try using --trace=trace.txt to see what else it accesses in /etc.

Example:

firejail --trace=trace.txt /usr/bin/nheko

I get a blank file. I included the strace of the standard binary in the "Additional context" section above.

<!-- gh-comment-id:3039747657 --> @ZeroAbility commented on GitHub (Jul 5, 2025): >I'd suggest placing the generated profile somewhere else to avoid accidentally using it I created a directory specifically to isolate from that location just now and used the same path for the `--profile=` option and it gets the same error. >Does it work with the following in ~/.config/firejail/nheko.local? > >``` >ignore nogroups >ignore noroot >``` No. >So does commenting it entirely fix the problem? Yes. >You can try using --trace=trace.txt to see what else it accesses in /etc. > >Example: >``` >firejail --trace=trace.txt /usr/bin/nheko >``` I get a blank file. I included the `strace` of the standard binary in the "Additional context" section above.
gitea-mirror commented 2026-05-05 09:57:12 -06:00
Author
Owner
Copy link

@kmk3 commented on GitHub (Jul 5, 2025):

Does it work with the following in ~/.config/firejail/nheko.local?

ignore nogroups
ignore noroot

No.

So does commenting it entirely fix the problem?

Yes.

private-etc @tls-ca,@network,@sound,@x11,host.conf,mime.types,os-release

Does that private-etc line entirely fix the problem?

If not, what does it change?

You can try using --trace=trace.txt to see what else it accesses in /etc.
Example:

firejail --trace=trace.txt /usr/bin/nheko

I get a blank file.

Strange, what is the output when --debug is also used?

Examples:

firejail --debug --trace=trace_true.txt /bin/true
firejail --debug --trace=trace_nheko.txt /usr/bin/nheko

libtrace is known to not compile using musl:

What is the name/version of the C compiler and libc used to compile firejail?

I included the strace of the standard binary in the "Additional context"
section above.

$ strace /usr/bin/nheko 2>&1 | grep open | grep etc

I see, thanks.

It might be useful to also try --trace=%file to ensure that all calls
involving filenames are included.

Example:

strace --trace=%file /usr/bin/nheko 2>&1 | grep etc
<!-- gh-comment-id:3039793210 --> @kmk3 commented on GitHub (Jul 5, 2025): > > Does it work with the following in ~/.config/firejail/nheko.local? > > > > ``` > > ignore nogroups > > ignore noroot > > ``` > > No. > > > So does commenting it entirely fix the problem? > > Yes. > `private-etc @tls-ca,@network,@sound,@x11,host.conf,mime.types,os-release` Does that `private-etc` line entirely fix the problem? If not, what does it change? > > You can try using --trace=trace.txt to see what else it accesses in /etc. > > Example: > > > > ``` > > firejail --trace=trace.txt /usr/bin/nheko > > ``` > > I get a blank file. Strange, what is the output when `--debug` is also used? Examples: ``` firejail --debug --trace=trace_true.txt /bin/true firejail --debug --trace=trace_nheko.txt /usr/bin/nheko ``` libtrace is known to not compile using musl: * #6610 What is the name/version of the C compiler and libc used to compile firejail? > I included the `strace` of the standard binary in the "Additional context" > section above. > ``` > $ strace /usr/bin/nheko 2>&1 | grep open | grep etc > ``` I see, thanks. It might be useful to also try `--trace=%file` to ensure that all calls involving filenames are included. Example: ``` strace --trace=%file /usr/bin/nheko 2>&1 | grep etc ```
gitea-mirror commented 2026-05-05 09:57:12 -06:00
Author
Owner
Copy link

@ZeroAbility commented on GitHub (Jul 5, 2025):

Does that private-etc line entirely fix the problem?

No, it was purely a diagnosis step based on the include file. It isn't clear in the file if those are part of the private-etc or not.

Strange, what is the output when --debug is also used?

The file is also blank. Not sure if it's related to this:

firejail --tracelog /usr/bin/nheko
Error: cannot read UID_MIN and/or GID_MIN from /etc/login.defs, using 1000 by default
Error: tracelog feature is disabled in Firejail configuration file /etc/firejail/firejail.config

What is the name/version of the C compiler and libc used to compile firejail?

  • clang.x86_64 - 20.1.7
  • libc6.x86_64 - 6:2.41
<!-- gh-comment-id:3039805214 --> @ZeroAbility commented on GitHub (Jul 5, 2025): >Does that private-etc line entirely fix the problem? No, it was purely a diagnosis step based on the include file. It isn't clear in the file if those are part of the `private-etc` or not. >Strange, what is the output when --debug is also used? The file is also blank. Not sure if it's related to this: ``` firejail --tracelog /usr/bin/nheko Error: cannot read UID_MIN and/or GID_MIN from /etc/login.defs, using 1000 by default Error: tracelog feature is disabled in Firejail configuration file /etc/firejail/firejail.config ``` >What is the name/version of the C compiler and libc used to compile firejail? * clang.x86_64 - 20.1.7 * libc6.x86_64 - 6:2.41
gitea-mirror commented 2026-05-05 09:57:13 -06:00
Author
Owner
Copy link

@ZeroAbility commented on GitHub (Jul 5, 2025):

strace --trace=%file /usr/bin/nheko 2>&1 | grep etc

access("/etc/ld.so.preload", R_OK)      = 0
openat(AT_FDCWD, "/etc/ld.so.preload", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
access("/etc/gcrypt/fips_enabled", F_OK) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/gcrypt/hwf.deny", O_RDONLY) = -1 ENOENT (No such file or directory)
access("/etc/xdg/nheko/nheko.conf", F_OK) = -1 ENOENT (No such file or directory)
statx(AT_FDCWD, "/etc/xdg/nheko/nheko.conf", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17bb50) = -1 ENOENT (No such file or directory)
statx(AT_FDCWD, "/etc/xdg/nheko/nheko.conf", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17baf0) = -1 ENOENT (No such file or directory)
access("/etc/xdg/nheko.conf", F_OK)     = -1 ENOENT (No such file or directory)
statx(AT_FDCWD, "/etc/xdg/nheko.conf", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17bb50) = -1 ENOENT (No such file or directory)
statx(AT_FDCWD, "/etc/xdg/nheko.conf", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17baf0) = -1 ENOENT (No such file or directory)
statx(AT_FDCWD, "/etc/xdg/QtProject/qtlogging.ini", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=22, ...}) = 0
openat(AT_FDCWD, "/etc/xdg/QtProject/qtlogging.ini", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 8
access("/etc/kde5rc", R_OK)             = -1 ENOENT (No such file or directory)
statx(AT_FDCWD, "/etc/xdg/kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=5851, ...}) = 0
statx(AT_FDCWD, "/etc/xdg/system.kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17b570) = -1 ENOENT (No such file or directory)
statx(AT_FDCWD, "/etc/xdg/kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=5851, ...}) = 0
access("/etc/xdg/kdeglobals", F_OK)     = 0
readlink("/etc", 0x7ffcee17a230, 1023)  = -1 EINVAL (Invalid argument)
readlink("/etc/xdg", 0x7ffcee17a230, 1023) = -1 EINVAL (Invalid argument)
readlink("/etc/xdg/kdeglobals", 0x7ffcee17a230, 1023) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "/etc/xdg/kdeglobals", O_RDONLY|O_CLOEXEC) = 8
statx(AT_FDCWD, "/etc/xdg/nhekorc", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17b5f0) = -1 ENOENT (No such file or directory)
statx(AT_FDCWD, "/etc/xdg/nhekorc", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17b1d0) = -1 ENOENT (No such file or directory)
statx(AT_FDCWD, "/etc/xdg/kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=5851, ...}) = 0
statx(AT_FDCWD, "/etc/xdg/system.kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17b310) = -1 ENOENT (No such file or directory)
statx(AT_FDCWD, "/etc/xdg/kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=5851, ...}) = 0
statx(AT_FDCWD, "/etc/xdg/kcminputrc", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=75, ...}) = 0
readlink("/etc", 0x7ffcee17a050, 1023)  = -1 EINVAL (Invalid argument)
readlink("/etc/xdg", 0x7ffcee17a050, 1023) = -1 EINVAL (Invalid argument)
readlink("/etc/xdg/kcminputrc", 0x7ffcee17a050, 1023) = -1 EINVAL (Invalid argument)
access("/etc/xdg/kcminputrc", F_OK)     = 0
readlink("/etc", 0x7ffcee179fd0, 1023)  = -1 EINVAL (Invalid argument)
readlink("/etc/xdg", 0x7ffcee179fd0, 1023) = -1 EINVAL (Invalid argument)
readlink("/etc/xdg/kcminputrc", 0x7ffcee179fd0, 1023) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "/etc/xdg/kcminputrc", O_RDONLY|O_CLOEXEC) = 8
openat(AT_FDCWD, "/etc/os-release", O_RDONLY|O_CLOEXEC) = 8
openat(AT_FDCWD, "/etc/localtime", O_RDONLY|O_CLOEXEC) = 8
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=3552, ...}, 0) = 0
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=3552, ...}, 0) = 0
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=3552, ...}, 0) = 0
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 8
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 8
openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 12
statx(AT_FDCWD, "/etc/xdg/kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=5851, ...}) = 0
statx(AT_FDCWD, "/etc/xdg/system.kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17b8b0) = -1 ENOENT (No such file or directory)
statx(AT_FDCWD, "/etc/xdg/kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=5851, ...}) = 0
statx(AT_FDCWD, "/etc/xdg/breezerc", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17b930) = -1 ENOENT (No such file or directory)
statx(AT_FDCWD, "/etc/xdg/kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=5851, ...}) = 0
statx(AT_FDCWD, "/etc/xdg/system.kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17ba70) = -1 ENOENT (No such file or directory)
statx(AT_FDCWD, "/etc/xdg/kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=5851, ...}) = 0
statx(AT_FDCWD, "/etc/xdg/kwinrc", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=1616, ...}) = 0
readlink("/etc", 0x7ffcee17a7b0, 1023)  = -1 EINVAL (Invalid argument)
readlink("/etc/xdg", 0x7ffcee17a7b0, 1023) = -1 EINVAL (Invalid argument)
readlink("/etc/xdg/kwinrc", 0x7ffcee17a7b0, 1023) = -1 EINVAL (Invalid argument)
access("/etc/xdg/kwinrc", F_OK)         = 0
readlink("/etc", 0x7ffcee17a730, 1023)  = -1 EINVAL (Invalid argument)
readlink("/etc/xdg", 0x7ffcee17a730, 1023) = -1 EINVAL (Invalid argument)
readlink("/etc/xdg/kwinrc", 0x7ffcee17a730, 1023) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "/etc/xdg/kwinrc", O_RDONLY|O_CLOEXEC) = 12
statx(AT_FDCWD, "/etc/xdg/kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=5851, ...}) = 0
statx(AT_FDCWD, "/etc/xdg/system.kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17b8f0) = -1 ENOENT (No such file or directory)
statx(AT_FDCWD, "/etc/xdg/kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=5851, ...}) = 0
statx(AT_FDCWD, "/etc/xdg/breezerc", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17b970) = -1 ENOENT (No such file or directory)
statx(AT_FDCWD, "/etc/xdg/kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=5851, ...}) = 0
statx(AT_FDCWD, "/etc/xdg/system.kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17b8f0) = -1 ENOENT (No such file or directory)
statx(AT_FDCWD, "/etc/xdg/kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=5851, ...}) = 0
statx(AT_FDCWD, "/etc/xdg/kwinrc", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=1616, ...}) = 0
readlink("/etc", 0x7ffcee17a630, 1023)  = -1 EINVAL (Invalid argument)
readlink("/etc/xdg", 0x7ffcee17a630, 1023) = -1 EINVAL (Invalid argument)
readlink("/etc/xdg/kwinrc", 0x7ffcee17a630, 1023) = -1 EINVAL (Invalid argument)
access("/etc/xdg/kwinrc", F_OK)         = 0
readlink("/etc", 0x7ffcee17a5b0, 1023)  = -1 EINVAL (Invalid argument)
readlink("/etc/xdg", 0x7ffcee17a5b0, 1023) = -1 EINVAL (Invalid argument)
readlink("/etc/xdg/kwinrc", 0x7ffcee17a5b0, 1023) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "/etc/xdg/kwinrc", O_RDONLY|O_CLOEXEC) = 12
statx(AT_FDCWD, "/etc/xdg/kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=5851, ...}) = 0
statx(AT_FDCWD, "/etc/xdg/system.kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17b8d0) = -1 ENOENT (No such file or directory)
statx(AT_FDCWD, "/etc/xdg/kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=5851, ...}) = 0
statx(AT_FDCWD, "/etc/xdg/breezerc", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17b950) = -1 ENOENT (No such file or directory)
access("/etc/xdg/nheko/nheko.conf", F_OK) = -1 ENOENT (No such file or directory)
statx(AT_FDCWD, "/etc/xdg/nheko/nheko.conf", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17bae0) = -1 ENOENT (No such file or directory)
statx(AT_FDCWD, "/etc/xdg/nheko/nheko.conf", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17ba80) = -1 ENOENT (No such file or directory)
access("/etc/xdg/nheko.conf", F_OK)     = -1 ENOENT (No such file or directory)
statx(AT_FDCWD, "/etc/xdg/nheko.conf", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17bae0) = -1 ENOENT (No such file or directory)
statx(AT_FDCWD, "/etc/xdg/nheko.conf", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17ba80) = -1 ENOENT (No such file or directory)
statx(AT_FDCWD, "/etc/xdg/kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=5851, ...}) = 0
statx(AT_FDCWD, "/etc/xdg/system.kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17b6c0) = -1 ENOENT (No such file or directory)
statx(AT_FDCWD, "/etc/xdg/kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=5851, ...}) = 0
statx(AT_FDCWD, "/etc/xdg/breezerc", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17b740) = -1 ENOENT (No such file or directory)
statx(AT_FDCWD, "/etc/xdg/kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=5851, ...}) = 0
statx(AT_FDCWD, "/etc/xdg/system.kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17b4b0) = -1 ENOENT (No such file or directory)
statx(AT_FDCWD, "/etc/xdg/kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=5851, ...}) = 0
statx(AT_FDCWD, "/etc/xdg/breezerc", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17b530) = -1 ENOENT (No such file or directory)
statx(AT_FDCWD, "/etc/xdg/kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=5851, ...}) = 0
statx(AT_FDCWD, "/etc/xdg/system.kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17b4b0) = -1 ENOENT (No such file or directory)
statx(AT_FDCWD, "/etc/xdg/kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=5851, ...}) = 0
statx(AT_FDCWD, "/etc/xdg/kwinrc", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=1616, ...}) = 0
readlink("/etc", 0x7ffcee17a1f0, 1023)  = -1 EINVAL (Invalid argument)
readlink("/etc/xdg", 0x7ffcee17a1f0, 1023) = -1 EINVAL (Invalid argument)
readlink("/etc/xdg/kwinrc", 0x7ffcee17a1f0, 1023) = -1 EINVAL (Invalid argument)
access("/etc/xdg/kwinrc", F_OK)         = 0
readlink("/etc", 0x7ffcee17a170, 1023)  = -1 EINVAL (Invalid argument)
readlink("/etc/xdg", 0x7ffcee17a170, 1023) = -1 EINVAL (Invalid argument)
readlink("/etc/xdg/kwinrc", 0x7ffcee17a170, 1023) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "/etc/xdg/kwinrc", O_RDONLY|O_CLOEXEC) = 12
statx(AT_FDCWD, "/etc/xdg/kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=5851, ...}) = 0
statx(AT_FDCWD, "/etc/xdg/system.kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17b490) = -1 ENOENT (No such file or directory)
statx(AT_FDCWD, "/etc/xdg/kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=5851, ...}) = 0
statx(AT_FDCWD, "/etc/xdg/breezerc", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17b510) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/etc/nsswitch.conf", {st_mode=S_IFREG|0644, st_size=2359, ...}, 0) = 0
openat(AT_FDCWD, "/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 12
openat(AT_FDCWD, "/etc/passwd", O_RDONLY|O_CLOEXEC) = 12
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=3552, ...}, 0) = 0
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=3552, ...}, 0) = 0
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 20
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 20
newfstatat(AT_FDCWD, "/etc/gnutls/config", {st_mode=S_IFREG|0644, st_size=55, ...}, 0) = 0
openat(AT_FDCWD, "/etc/gnutls/config", O_RDONLY|O_CLOEXEC) = 20
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 20
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 20
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 20
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 20
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 20
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 20
openat(AT_FDCWD, "/etc/vdpau_wrapper.cfg", O_RDONLY) = 21
openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/libva.conf", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/libva.conf", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/libva.conf", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/libva.conf", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 20
access("/etc/vulkan/loader_settings.d/vk_loader_settings.json", F_OK) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/xdg/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20
access("/etc/vulkan/implicit_layer.d/..", F_OK) = 0
access("/etc/vulkan/implicit_layer.d/.", F_OK) = 0
openat(AT_FDCWD, "/etc/xdg/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20
access("/etc/vulkan/implicit_layer.d/..", F_OK) = 0
access("/etc/vulkan/implicit_layer.d/.", F_OK) = 0
openat(AT_FDCWD, "/etc/xdg/vulkan/explicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/vulkan/explicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20
access("/etc/vulkan/explicit_layer.d/..", F_OK) = 0
access("/etc/vulkan/explicit_layer.d/.", F_OK) = 0
access("/etc/vulkan/loader_settings.d/vk_loader_settings.json", F_OK) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/xdg/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20
access("/etc/vulkan/implicit_layer.d/..", F_OK) = 0
access("/etc/vulkan/implicit_layer.d/.", F_OK) = 0
openat(AT_FDCWD, "/etc/xdg/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20
access("/etc/vulkan/implicit_layer.d/..", F_OK) = 0
access("/etc/vulkan/implicit_layer.d/.", F_OK) = 0
openat(AT_FDCWD, "/etc/xdg/vulkan/explicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/vulkan/explicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20
access("/etc/vulkan/explicit_layer.d/..", F_OK) = 0
access("/etc/vulkan/explicit_layer.d/.", F_OK) = 0
access("/etc/vulkan/loader_settings.d/vk_loader_settings.json", F_OK) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/xdg/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20
access("/etc/vulkan/implicit_layer.d/..", F_OK) = 0
access("/etc/vulkan/implicit_layer.d/.", F_OK) = 0
openat(AT_FDCWD, "/etc/xdg/vulkan/icd.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/vulkan/icd.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20
access("/etc/vulkan/icd.d/..", F_OK)    = 0
access("/etc/vulkan/icd.d/.", F_OK)     = 0
openat(AT_FDCWD, "/etc/xdg/vulkan/icd.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/vulkan/icd.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20
access("/etc/vulkan/icd.d/..", F_OK)    = 0
access("/etc/vulkan/icd.d/.", F_OK)     = 0
openat(AT_FDCWD, "/etc/xdg/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20
access("/etc/vulkan/implicit_layer.d/..", F_OK) = 0
access("/etc/vulkan/implicit_layer.d/.", F_OK) = 0
access("/etc/vulkan/loader_settings.d/vk_loader_settings.json", F_OK) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/xdg/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20
access("/etc/vulkan/implicit_layer.d/..", F_OK) = 0
access("/etc/vulkan/implicit_layer.d/.", F_OK) = 0
openat(AT_FDCWD, "/etc/xdg/vulkan/icd.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/vulkan/icd.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20
access("/etc/vulkan/icd.d/..", F_OK)    = 0
access("/etc/vulkan/icd.d/.", F_OK)     = 0
openat(AT_FDCWD, "/etc/xdg/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20
access("/etc/vulkan/implicit_layer.d/..", F_OK) = 0
access("/etc/vulkan/implicit_layer.d/.", F_OK) = 0
access("/etc/vulkan/loader_settings.d/vk_loader_settings.json", F_OK) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/xdg/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20
access("/etc/vulkan/implicit_layer.d/..", F_OK) = 0
access("/etc/vulkan/implicit_layer.d/.", F_OK) = 0
openat(AT_FDCWD, "/etc/xdg/vulkan/explicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/vulkan/explicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20
access("/etc/vulkan/explicit_layer.d/..", F_OK) = 0
access("/etc/vulkan/explicit_layer.d/.", F_OK) = 0
openat(AT_FDCWD, "/etc/xdg/vulkan/icd.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/vulkan/icd.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20
access("/etc/vulkan/icd.d/..", F_OK)    = 0
access("/etc/vulkan/icd.d/.", F_OK)     = 0
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 20
openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/pulse/client.conf", O_RDONLY|O_CLOEXEC) = 22
openat(AT_FDCWD, "/etc/pulse/client.conf.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=3552, ...}, 0) = 0
getcwd("/home/nreist", 4096)            = 13
access("/etc/fonts/fonts.conf", R_OK)   = 0
access("/etc/fonts/fonts.conf", R_OK)   = 0
readlink("/etc/fonts/fonts.conf", 0x7ffcee171730, 4095) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "/etc/fonts/fonts.conf", {st_mode=S_IFREG|0644, st_size=2853, ...}, 0) = 0
openat(AT_FDCWD, "/etc/fonts/fonts.conf", O_RDONLY|O_CLOEXEC) = 25
access("/etc/fonts/conf.d", R_OK)       = 0
access("/etc/fonts/conf.d", R_OK)       = 0
readlink("/etc/fonts/conf.d", 0x7ffcee16bf10, 4095) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "/etc/fonts/conf.d", {st_mode=S_IFDIR|0755, st_size=4096, ...}, 0) = 0
openat(AT_FDCWD, "/etc/fonts/conf.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 25
access("/etc/fonts/conf.d/10-antialias.conf", R_OK) = 0
access("/etc/fonts/conf.d/10-antialias.conf", R_OK) = 0
readlink("/etc/fonts/conf.d/10-antialias.conf", "../../../usr/share/fontconfig/co"..., 4095) = 58
access("/etc/fonts/conf.d/10-hinting-slight.conf", R_OK) = 0
access("/etc/fonts/conf.d/10-hinting-slight.conf", R_OK) = 0
readlink("/etc/fonts/conf.d/10-hinting-slight.conf", "../../../usr/share/fontconfig/co"..., 4095) = 63
access("/etc/fonts/conf.d/10-hinting.conf", R_OK) = 0
access("/etc/fonts/conf.d/10-hinting.conf", R_OK) = 0
readlink("/etc/fonts/conf.d/10-hinting.conf", "../../../usr/share/fontconfig/co"..., 4095) = 56
access("/etc/fonts/conf.d/10-scale-bitmap-fonts.conf", R_OK) = 0
access("/etc/fonts/conf.d/10-scale-bitmap-fonts.conf", R_OK) = 0
readlink("/etc/fonts/conf.d/10-scale-bitmap-fonts.conf", "../../../usr/share/fontconfig/co"..., 4095) = 67
access("/etc/fonts/conf.d/10-sub-pixel-none.conf", R_OK) = 0
access("/etc/fonts/conf.d/10-sub-pixel-none.conf", R_OK) = 0
readlink("/etc/fonts/conf.d/10-sub-pixel-none.conf", "../../../usr/share/fontconfig/co"..., 4095) = 63
access("/etc/fonts/conf.d/10-yes-antialias.conf", R_OK) = 0
access("/etc/fonts/conf.d/10-yes-antialias.conf", R_OK) = 0
readlink("/etc/fonts/conf.d/10-yes-antialias.conf", "../../../usr/share/fontconfig/co"..., 4095) = 62
access("/etc/fonts/conf.d/11-lcdfilter-default.conf", R_OK) = 0
access("/etc/fonts/conf.d/11-lcdfilter-default.conf", R_OK) = 0
readlink("/etc/fonts/conf.d/11-lcdfilter-default.conf", "../../../usr/share/fontconfig/co"..., 4095) = 66
access("/etc/fonts/conf.d/20-unhint-small-vera.conf", R_OK) = 0
access("/etc/fonts/conf.d/20-unhint-small-vera.conf", R_OK) = 0
readlink("/etc/fonts/conf.d/20-unhint-small-vera.conf", "../../../usr/share/fontconfig/co"..., 4095) = 66
access("/etc/fonts/conf.d/25-no-bitmap-fedora.conf", R_OK) = 0
access("/etc/fonts/conf.d/25-no-bitmap-fedora.conf", R_OK) = 0
readlink("/etc/fonts/conf.d/25-no-bitmap-fedora.conf", 0x7ffcee167d50, 4095) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "/etc/fonts/conf.d/25-no-bitmap-fedora.conf", {st_mode=S_IFREG|0644, st_size=1160, ...}, 0) = 0
openat(AT_FDCWD, "/etc/fonts/conf.d/25-no-bitmap-fedora.conf", O_RDONLY|O_CLOEXEC) = 26
access("/etc/fonts/conf.d/25-unhint-nonlatin.conf", R_OK) = 0
access("/etc/fonts/conf.d/25-unhint-nonlatin.conf", R_OK) = 0
readlink("/etc/fonts/conf.d/25-unhint-nonlatin.conf", "../../../usr/share/fontconfig/co"..., 4095) = 64
access("/etc/fonts/conf.d/30-0-google-crosextra-caladea-fontconfig.conf", R_OK) = 0
access("/etc/fonts/conf.d/30-0-google-crosextra-caladea-fontconfig.conf", R_OK) = 0
readlink("/etc/fonts/conf.d/30-0-google-crosextra-caladea-fontconfig.conf", "../../../usr/share/fontconfig/co"..., 4095) = 86
access("/etc/fonts/conf.d/30-0-google-crosextra-carlito-fontconfig.conf", R_OK) = 0
access("/etc/fonts/conf.d/30-0-google-crosextra-carlito-fontconfig.conf", R_OK) = 0
readlink("/etc/fonts/conf.d/30-0-google-crosextra-carlito-fontconfig.conf", "../../../usr/share/fontconfig/co"..., 4095) = 86
access("/etc/fonts/conf.d/30-mdv-urwfonts.conf", R_OK) = 0
access("/etc/fonts/conf.d/30-mdv-urwfonts.conf", R_OK) = 0
readlink("/etc/fonts/conf.d/30-mdv-urwfonts.conf", 0x7ffcee167d50, 4095) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "/etc/fonts/conf.d/30-mdv-urwfonts.conf", {st_mode=S_IFREG|0644, st_size=2473, ...}, 0) = 0
openat(AT_FDCWD, "/etc/fonts/conf.d/30-mdv-urwfonts.conf", O_RDONLY|O_CLOEXEC) = 26
access("/etc/fonts/conf.d/30-metric-aliases.conf", R_OK) = 0
access("/etc/fonts/conf.d/30-metric-aliases.conf", R_OK) = 0
readlink("/etc/fonts/conf.d/30-metric-aliases.conf", "../../../usr/share/fontconfig/co"..., 4095) = 63
access("/etc/fonts/conf.d/31-cantarell.conf", R_OK) = 0
access("/etc/fonts/conf.d/31-cantarell.conf", R_OK) = 0
readlink("/etc/fonts/conf.d/31-cantarell.conf", "../../../usr/share/fontconfig/co"..., 4095) = 58
access("/etc/fonts/conf.d/40-nonlatin.conf", R_OK) = 0
access("/etc/fonts/conf.d/40-nonlatin.conf", R_OK) = 0
readlink("/etc/fonts/conf.d/40-nonlatin.conf", "../../../usr/share/fontconfig/co"..., 4095) = 57
access("/etc/fonts/conf.d/45-generic.conf", R_OK) = 0
access("/etc/fonts/conf.d/45-generic.conf", R_OK) = 0
readlink("/etc/fonts/conf.d/45-generic.conf", "../../../usr/share/fontconfig/co"..., 4095) = 56
access("/etc/fonts/conf.d/45-latin.conf", R_OK) = 0
access("/etc/fonts/conf.d/45-latin.conf", R_OK) = 0
readlink("/etc/fonts/conf.d/45-latin.conf", "../../../usr/share/fontconfig/co"..., 4095) = 54
access("/etc/fonts/conf.d/48-spacing.conf", R_OK) = 0
access("/etc/fonts/conf.d/48-spacing.conf", R_OK) = 0
readlink("/etc/fonts/conf.d/48-spacing.conf", "../../../usr/share/fontconfig/co"..., 4095) = 56
access("/etc/fonts/conf.d/49-sansserif.conf", R_OK) = 0
access("/etc/fonts/conf.d/49-sansserif.conf", R_OK) = 0
readlink("/etc/fonts/conf.d/49-sansserif.conf", "../../../usr/share/fontconfig/co"..., 4095) = 58
access("/etc/fonts/conf.d/50-user.conf", R_OK) = 0
access("/etc/fonts/conf.d/50-user.conf", R_OK) = 0
readlink("/etc/fonts/conf.d/50-user.conf", "../../../usr/share/fontconfig/co"..., 4095) = 53
access("/etc/fonts/conf.d/51-local.conf", R_OK) = 0
access("/etc/fonts/conf.d/51-local.conf", R_OK) = 0
readlink("/etc/fonts/conf.d/51-local.conf", "../../../usr/share/fontconfig/co"..., 4095) = 54
access("/etc/fonts/local.conf", R_OK)   = -1 ENOENT (No such file or directory)
access("/etc/fonts/local.conf", R_OK)   = -1 ENOENT (No such file or directory)
access("/etc/fonts/conf.d/60-generic.conf", R_OK) = 0
access("/etc/fonts/conf.d/60-generic.conf", R_OK) = 0
readlink("/etc/fonts/conf.d/60-generic.conf", "../../../usr/share/fontconfig/co"..., 4095) = 56
access("/etc/fonts/conf.d/60-latin.conf", R_OK) = 0
access("/etc/fonts/conf.d/60-latin.conf", R_OK) = 0
readlink("/etc/fonts/conf.d/60-latin.conf", "../../../usr/share/fontconfig/co"..., 4095) = 54
access("/etc/fonts/conf.d/60-open-sans.conf", R_OK) = 0
access("/etc/fonts/conf.d/60-open-sans.conf", R_OK) = 0
readlink("/etc/fonts/conf.d/60-open-sans.conf", "../../../usr/share/fontconfig/co"..., 4095) = 58
access("/etc/fonts/conf.d/61-adobe-source-code-pro.conf", R_OK) = 0
access("/etc/fonts/conf.d/61-adobe-source-code-pro.conf", R_OK) = 0
readlink("/etc/fonts/conf.d/61-adobe-source-code-pro.conf", "../../../usr/share/fontconfig/co"..., 4095) = 70
access("/etc/fonts/conf.d/61-urw-bookman.conf", R_OK) = 0
access("/etc/fonts/conf.d/61-urw-bookman.conf", R_OK) = 0
readlink("/etc/fonts/conf.d/61-urw-bookman.conf", 0x7ffcee167d50, 4095) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-bookman.conf", {st_mode=S_IFREG|0644, st_size=1021, ...}, 0) = 0
openat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-bookman.conf", O_RDONLY|O_CLOEXEC) = 26
access("/etc/fonts/conf.d/61-urw-c059.conf", R_OK) = 0
access("/etc/fonts/conf.d/61-urw-c059.conf", R_OK) = 0
readlink("/etc/fonts/conf.d/61-urw-c059.conf", 0x7ffcee167d50, 4095) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-c059.conf", {st_mode=S_IFREG|0644, st_size=1124, ...}, 0) = 0
openat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-c059.conf", O_RDONLY|O_CLOEXEC) = 26
access("/etc/fonts/conf.d/61-urw-d050000l.conf", R_OK) = 0
access("/etc/fonts/conf.d/61-urw-d050000l.conf", R_OK) = 0
readlink("/etc/fonts/conf.d/61-urw-d050000l.conf", 0x7ffcee167d50, 4095) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-d050000l.conf", {st_mode=S_IFREG|0644, st_size=732, ...}, 0) = 0
openat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-d050000l.conf", O_RDONLY|O_CLOEXEC) = 26
access("/etc/fonts/conf.d/61-urw-fallback-backwards.conf", R_OK) = 0
access("/etc/fonts/conf.d/61-urw-fallback-backwards.conf", R_OK) = 0
readlink("/etc/fonts/conf.d/61-urw-fallback-backwards.conf", 0x7ffcee167d50, 4095) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-fallback-backwards.conf", {st_mode=S_IFREG|0644, st_size=3257, ...}, 0) = 0
openat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-fallback-backwards.conf", O_RDONLY|O_CLOEXEC) = 26
access("/etc/fonts/conf.d/61-urw-fallback-generics.conf", R_OK) = 0
access("/etc/fonts/conf.d/61-urw-fallback-generics.conf", R_OK) = 0
readlink("/etc/fonts/conf.d/61-urw-fallback-generics.conf", 0x7ffcee167d50, 4095) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-fallback-generics.conf", {st_mode=S_IFREG|0644, st_size=2727, ...}, 0) = 0
openat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-fallback-generics.conf", O_RDONLY|O_CLOEXEC) = 26
access("/etc/fonts/conf.d/61-urw-fallback-specifics.conf", R_OK) = 0
access("/etc/fonts/conf.d/61-urw-fallback-specifics.conf", R_OK) = 0
readlink("/etc/fonts/conf.d/61-urw-fallback-specifics.conf", 0x7ffcee167d50, 4095) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-fallback-specifics.conf", {st_mode=S_IFREG|0644, st_size=3777, ...}, 0) = 0
openat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-fallback-specifics.conf", O_RDONLY|O_CLOEXEC) = 26
access("/etc/fonts/conf.d/61-urw-gothic.conf", R_OK) = 0
access("/etc/fonts/conf.d/61-urw-gothic.conf", R_OK) = 0
readlink("/etc/fonts/conf.d/61-urw-gothic.conf", 0x7ffcee167d50, 4095) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-gothic.conf", {st_mode=S_IFREG|0644, st_size=913, ...}, 0) = 0
openat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-gothic.conf", O_RDONLY|O_CLOEXEC) = 26
access("/etc/fonts/conf.d/61-urw-nimbus-mono-ps.conf", R_OK) = 0
access("/etc/fonts/conf.d/61-urw-nimbus-mono-ps.conf", R_OK) = 0
readlink("/etc/fonts/conf.d/61-urw-nimbus-mono-ps.conf", 0x7ffcee167d50, 4095) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-nimbus-mono-ps.conf", {st_mode=S_IFREG|0644, st_size=899, ...}, 0) = 0
openat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-nimbus-mono-ps.conf", O_RDONLY|O_CLOEXEC) = 26
access("/etc/fonts/conf.d/61-urw-nimbus-roman.conf", R_OK) = 0
access("/etc/fonts/conf.d/61-urw-nimbus-roman.conf", R_OK) = 0
readlink("/etc/fonts/conf.d/61-urw-nimbus-roman.conf", 0x7ffcee167d50, 4095) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-nimbus-roman.conf", {st_mode=S_IFREG|0644, st_size=877, ...}, 0) = 0
openat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-nimbus-roman.conf", O_RDONLY|O_CLOEXEC) = 26
access("/etc/fonts/conf.d/61-urw-nimbus-sans.conf", R_OK) = 0
access("/etc/fonts/conf.d/61-urw-nimbus-sans.conf", R_OK) = 0
readlink("/etc/fonts/conf.d/61-urw-nimbus-sans.conf", 0x7ffcee167d50, 4095) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-nimbus-sans.conf", {st_mode=S_IFREG|0644, st_size=1572, ...}, 0) = 0
openat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-nimbus-sans.conf", O_RDONLY|O_CLOEXEC) = 26
access("/etc/fonts/conf.d/61-urw-p052.conf", R_OK) = 0
access("/etc/fonts/conf.d/61-urw-p052.conf", R_OK) = 0
readlink("/etc/fonts/conf.d/61-urw-p052.conf", 0x7ffcee167d50, 4095) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-p052.conf", {st_mode=S_IFREG|0644, st_size=975, ...}, 0) = 0
openat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-p052.conf", O_RDONLY|O_CLOEXEC) = 26
access("/etc/fonts/conf.d/61-urw-standard-symbols-ps.conf", R_OK) = 0
access("/etc/fonts/conf.d/61-urw-standard-symbols-ps.conf", R_OK) = 0
readlink("/etc/fonts/conf.d/61-urw-standard-symbols-ps.conf", 0x7ffcee167d50, 4095) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-standard-symbols-ps.conf", {st_mode=S_IFREG|0644, st_size=1061, ...}, 0) = 0
openat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-standard-symbols-ps.conf", O_RDONLY|O_CLOEXEC) = 26
access("/etc/fonts/conf.d/61-urw-z003.conf", R_OK) = 0
access("/etc/fonts/conf.d/61-urw-z003.conf", R_OK) = 0
readlink("/etc/fonts/conf.d/61-urw-z003.conf", 0x7ffcee167d50, 4095) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-z003.conf", {st_mode=S_IFREG|0644, st_size=865, ...}, 0) = 0
openat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-z003.conf", O_RDONLY|O_CLOEXEC) = 26
access("/etc/fonts/conf.d/62-google-crosextra-caladea-fontconfig.conf", R_OK) = 0
access("/etc/fonts/conf.d/62-google-crosextra-caladea-fontconfig.conf", R_OK) = 0
readlink("/etc/fonts/conf.d/62-google-crosextra-caladea-fontconfig.conf", "../../../usr/share/fontconfig/co"..., 4095) = 84
access("/etc/fonts/conf.d/62-google-crosextra-carlito-fontconfig.conf", R_OK) = 0
access("/etc/fonts/conf.d/62-google-crosextra-carlito-fontconfig.conf", R_OK) = 0
readlink("/etc/fonts/conf.d/62-google-crosextra-carlito-fontconfig.conf", "../../../usr/share/fontconfig/co"..., 4095) = 84
access("/etc/fonts/conf.d/65-fonts-persian.conf", R_OK) = 0
access("/etc/fonts/conf.d/65-fonts-persian.conf", R_OK) = 0
readlink("/etc/fonts/conf.d/65-fonts-persian.conf", "../../../usr/share/fontconfig/co"..., 4095) = 62
access("/etc/fonts/conf.d/65-lang-pl.conf", R_OK) = 0
access("/etc/fonts/conf.d/65-lang-pl.conf", R_OK) = 0
readlink("/etc/fonts/conf.d/65-lang-pl.conf", 0x7ffcee167d50, 4095) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "/etc/fonts/conf.d/65-lang-pl.conf", {st_mode=S_IFREG|0644, st_size=804, ...}, 0) = 0
openat(AT_FDCWD, "/etc/fonts/conf.d/65-lang-pl.conf", O_RDONLY|O_CLOEXEC) = 26
access("/etc/fonts/conf.d/65-nonlatin.conf", R_OK) = 0
access("/etc/fonts/conf.d/65-nonlatin.conf", R_OK) = 0
readlink("/etc/fonts/conf.d/65-nonlatin.conf", "../../../usr/share/fontconfig/co"..., 4095) = 57
access("/etc/fonts/conf.d/69-unifont.conf", R_OK) = 0
access("/etc/fonts/conf.d/69-unifont.conf", R_OK) = 0
readlink("/etc/fonts/conf.d/69-unifont.conf", "../../../usr/share/fontconfig/co"..., 4095) = 56
access("/etc/fonts/conf.d/80-delicious.conf", R_OK) = 0
access("/etc/fonts/conf.d/80-delicious.conf", R_OK) = 0
readlink("/etc/fonts/conf.d/80-delicious.conf", "../../../usr/share/fontconfig/co"..., 4095) = 58
access("/etc/fonts/conf.d/90-noto-emoji.conf", R_OK) = 0
access("/etc/fonts/conf.d/90-noto-emoji.conf", R_OK) = 0
readlink("/etc/fonts/conf.d/90-noto-emoji.conf", 0x7ffcee167d50, 4095) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "/etc/fonts/conf.d/90-noto-emoji.conf", {st_mode=S_IFREG|0644, st_size=1054, ...}, 0) = 0
openat(AT_FDCWD, "/etc/fonts/conf.d/90-noto-emoji.conf", O_RDONLY|O_CLOEXEC) = 26
access("/etc/fonts/conf.d/90-synthetic.conf", R_OK) = 0
access("/etc/fonts/conf.d/90-synthetic.conf", R_OK) = 0
readlink("/etc/fonts/conf.d/90-synthetic.conf", "../../../usr/share/fontconfig/co"..., 4095) = 58
access("/etc/fonts/conf.d/99-konsole.conf", R_OK) = 0
access("/etc/fonts/conf.d/99-konsole.conf", R_OK) = 0
readlink("/etc/fonts/conf.d/99-konsole.conf", 0x7ffcee167d50, 4095) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "/etc/fonts/conf.d/99-konsole.conf", {st_mode=S_IFREG|0644, st_size=189, ...}, 0) = 0
openat(AT_FDCWD, "/etc/fonts/conf.d/99-konsole.conf", O_RDONLY|O_CLOEXEC) = 26
access("/etc/fonts/conf.d", R_OK)       = 0
statx(AT_FDCWD, "/etc/xdg/kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=5851, ...}) = 0
statx(AT_FDCWD, "/etc/xdg/system.kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee178690) = -1 ENOENT (No such file or directory)
statx(AT_FDCWD, "/etc/xdg/kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=5851, ...}) = 0
statx(AT_FDCWD, "/etc/xdg/plasmarc", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee178710) = -1 ENOENT (No such file or directory)
getcwd("/home/nreist", 4096)            = 13
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 25
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 25
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 25
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 25
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 25
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 25
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 25
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 25
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 25
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 25
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=3552, ...}, 0) = 0
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=3552, ...}, 0) = 0
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=3552, ...}, 0) = 0
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=3552, ...}, 0) = 0
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=3552, ...}, 0) = 0
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=3552, ...}, 0) = 0
getcwd("/home/nreist", 4096)            = 13
getcwd("/home/nreist", 4096)            = 13
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=3552, ...}, 0) = 0
newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=3552, ...}, 0) = 0
newfstatat(AT_FDCWD, "/etc/nsswitch.conf", {st_mode=S_IFREG|0644, st_size=2359, ...}, 0) = 0
openat(AT_FDCWD, "/etc/passwd", O_RDONLY|O_CLOEXEC) = 25
openat(AT_FDCWD, "/etc/pki/tls/openssl.cnf", O_RDONLY) = 26
access("/etc/xdg/nheko/nheko.conf", F_OK) = -1 ENOENT (No such file or directory)
statx(AT_FDCWD, "/etc/xdg/nheko/nheko.conf", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17bc10) = -1 ENOENT (No such file or directory)
statx(AT_FDCWD, "/etc/xdg/nheko/nheko.conf", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17bbb0) = -1 ENOENT (No such file or directory)
access("/etc/xdg/nheko.conf", F_OK)     = -1 ENOENT (No such file or directory)
statx(AT_FDCWD, "/etc/xdg/nheko.conf", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17bc10) = -1 ENOENT (No such file or directory)
statx(AT_FDCWD, "/etc/xdg/nheko.conf", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17bbb0) = -1 ENOENT (No such file or directory)
<!-- gh-comment-id:3039806818 --> @ZeroAbility commented on GitHub (Jul 5, 2025): >`strace --trace=%file /usr/bin/nheko 2>&1 | grep etc` <details> ``` access("/etc/ld.so.preload", R_OK) = 0 openat(AT_FDCWD, "/etc/ld.so.preload", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 access("/etc/gcrypt/fips_enabled", F_OK) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/gcrypt/hwf.deny", O_RDONLY) = -1 ENOENT (No such file or directory) access("/etc/xdg/nheko/nheko.conf", F_OK) = -1 ENOENT (No such file or directory) statx(AT_FDCWD, "/etc/xdg/nheko/nheko.conf", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17bb50) = -1 ENOENT (No such file or directory) statx(AT_FDCWD, "/etc/xdg/nheko/nheko.conf", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17baf0) = -1 ENOENT (No such file or directory) access("/etc/xdg/nheko.conf", F_OK) = -1 ENOENT (No such file or directory) statx(AT_FDCWD, "/etc/xdg/nheko.conf", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17bb50) = -1 ENOENT (No such file or directory) statx(AT_FDCWD, "/etc/xdg/nheko.conf", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17baf0) = -1 ENOENT (No such file or directory) statx(AT_FDCWD, "/etc/xdg/QtProject/qtlogging.ini", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=22, ...}) = 0 openat(AT_FDCWD, "/etc/xdg/QtProject/qtlogging.ini", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 8 access("/etc/kde5rc", R_OK) = -1 ENOENT (No such file or directory) statx(AT_FDCWD, "/etc/xdg/kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=5851, ...}) = 0 statx(AT_FDCWD, "/etc/xdg/system.kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17b570) = -1 ENOENT (No such file or directory) statx(AT_FDCWD, "/etc/xdg/kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=5851, ...}) = 0 access("/etc/xdg/kdeglobals", F_OK) = 0 readlink("/etc", 0x7ffcee17a230, 1023) = -1 EINVAL (Invalid argument) readlink("/etc/xdg", 0x7ffcee17a230, 1023) = -1 EINVAL (Invalid argument) readlink("/etc/xdg/kdeglobals", 0x7ffcee17a230, 1023) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "/etc/xdg/kdeglobals", O_RDONLY|O_CLOEXEC) = 8 statx(AT_FDCWD, "/etc/xdg/nhekorc", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17b5f0) = -1 ENOENT (No such file or directory) statx(AT_FDCWD, "/etc/xdg/nhekorc", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17b1d0) = -1 ENOENT (No such file or directory) statx(AT_FDCWD, "/etc/xdg/kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=5851, ...}) = 0 statx(AT_FDCWD, "/etc/xdg/system.kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17b310) = -1 ENOENT (No such file or directory) statx(AT_FDCWD, "/etc/xdg/kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=5851, ...}) = 0 statx(AT_FDCWD, "/etc/xdg/kcminputrc", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=75, ...}) = 0 readlink("/etc", 0x7ffcee17a050, 1023) = -1 EINVAL (Invalid argument) readlink("/etc/xdg", 0x7ffcee17a050, 1023) = -1 EINVAL (Invalid argument) readlink("/etc/xdg/kcminputrc", 0x7ffcee17a050, 1023) = -1 EINVAL (Invalid argument) access("/etc/xdg/kcminputrc", F_OK) = 0 readlink("/etc", 0x7ffcee179fd0, 1023) = -1 EINVAL (Invalid argument) readlink("/etc/xdg", 0x7ffcee179fd0, 1023) = -1 EINVAL (Invalid argument) readlink("/etc/xdg/kcminputrc", 0x7ffcee179fd0, 1023) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "/etc/xdg/kcminputrc", O_RDONLY|O_CLOEXEC) = 8 openat(AT_FDCWD, "/etc/os-release", O_RDONLY|O_CLOEXEC) = 8 openat(AT_FDCWD, "/etc/localtime", O_RDONLY|O_CLOEXEC) = 8 newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=3552, ...}, 0) = 0 newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=3552, ...}, 0) = 0 newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=3552, ...}, 0) = 0 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 8 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 8 openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 12 statx(AT_FDCWD, "/etc/xdg/kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=5851, ...}) = 0 statx(AT_FDCWD, "/etc/xdg/system.kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17b8b0) = -1 ENOENT (No such file or directory) statx(AT_FDCWD, "/etc/xdg/kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=5851, ...}) = 0 statx(AT_FDCWD, "/etc/xdg/breezerc", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17b930) = -1 ENOENT (No such file or directory) statx(AT_FDCWD, "/etc/xdg/kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=5851, ...}) = 0 statx(AT_FDCWD, "/etc/xdg/system.kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17ba70) = -1 ENOENT (No such file or directory) statx(AT_FDCWD, "/etc/xdg/kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=5851, ...}) = 0 statx(AT_FDCWD, "/etc/xdg/kwinrc", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=1616, ...}) = 0 readlink("/etc", 0x7ffcee17a7b0, 1023) = -1 EINVAL (Invalid argument) readlink("/etc/xdg", 0x7ffcee17a7b0, 1023) = -1 EINVAL (Invalid argument) readlink("/etc/xdg/kwinrc", 0x7ffcee17a7b0, 1023) = -1 EINVAL (Invalid argument) access("/etc/xdg/kwinrc", F_OK) = 0 readlink("/etc", 0x7ffcee17a730, 1023) = -1 EINVAL (Invalid argument) readlink("/etc/xdg", 0x7ffcee17a730, 1023) = -1 EINVAL (Invalid argument) readlink("/etc/xdg/kwinrc", 0x7ffcee17a730, 1023) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "/etc/xdg/kwinrc", O_RDONLY|O_CLOEXEC) = 12 statx(AT_FDCWD, "/etc/xdg/kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=5851, ...}) = 0 statx(AT_FDCWD, "/etc/xdg/system.kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17b8f0) = -1 ENOENT (No such file or directory) statx(AT_FDCWD, "/etc/xdg/kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=5851, ...}) = 0 statx(AT_FDCWD, "/etc/xdg/breezerc", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17b970) = -1 ENOENT (No such file or directory) statx(AT_FDCWD, "/etc/xdg/kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=5851, ...}) = 0 statx(AT_FDCWD, "/etc/xdg/system.kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17b8f0) = -1 ENOENT (No such file or directory) statx(AT_FDCWD, "/etc/xdg/kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=5851, ...}) = 0 statx(AT_FDCWD, "/etc/xdg/kwinrc", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=1616, ...}) = 0 readlink("/etc", 0x7ffcee17a630, 1023) = -1 EINVAL (Invalid argument) readlink("/etc/xdg", 0x7ffcee17a630, 1023) = -1 EINVAL (Invalid argument) readlink("/etc/xdg/kwinrc", 0x7ffcee17a630, 1023) = -1 EINVAL (Invalid argument) access("/etc/xdg/kwinrc", F_OK) = 0 readlink("/etc", 0x7ffcee17a5b0, 1023) = -1 EINVAL (Invalid argument) readlink("/etc/xdg", 0x7ffcee17a5b0, 1023) = -1 EINVAL (Invalid argument) readlink("/etc/xdg/kwinrc", 0x7ffcee17a5b0, 1023) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "/etc/xdg/kwinrc", O_RDONLY|O_CLOEXEC) = 12 statx(AT_FDCWD, "/etc/xdg/kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=5851, ...}) = 0 statx(AT_FDCWD, "/etc/xdg/system.kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17b8d0) = -1 ENOENT (No such file or directory) statx(AT_FDCWD, "/etc/xdg/kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=5851, ...}) = 0 statx(AT_FDCWD, "/etc/xdg/breezerc", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17b950) = -1 ENOENT (No such file or directory) access("/etc/xdg/nheko/nheko.conf", F_OK) = -1 ENOENT (No such file or directory) statx(AT_FDCWD, "/etc/xdg/nheko/nheko.conf", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17bae0) = -1 ENOENT (No such file or directory) statx(AT_FDCWD, "/etc/xdg/nheko/nheko.conf", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17ba80) = -1 ENOENT (No such file or directory) access("/etc/xdg/nheko.conf", F_OK) = -1 ENOENT (No such file or directory) statx(AT_FDCWD, "/etc/xdg/nheko.conf", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17bae0) = -1 ENOENT (No such file or directory) statx(AT_FDCWD, "/etc/xdg/nheko.conf", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17ba80) = -1 ENOENT (No such file or directory) statx(AT_FDCWD, "/etc/xdg/kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=5851, ...}) = 0 statx(AT_FDCWD, "/etc/xdg/system.kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17b6c0) = -1 ENOENT (No such file or directory) statx(AT_FDCWD, "/etc/xdg/kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=5851, ...}) = 0 statx(AT_FDCWD, "/etc/xdg/breezerc", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17b740) = -1 ENOENT (No such file or directory) statx(AT_FDCWD, "/etc/xdg/kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=5851, ...}) = 0 statx(AT_FDCWD, "/etc/xdg/system.kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17b4b0) = -1 ENOENT (No such file or directory) statx(AT_FDCWD, "/etc/xdg/kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=5851, ...}) = 0 statx(AT_FDCWD, "/etc/xdg/breezerc", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17b530) = -1 ENOENT (No such file or directory) statx(AT_FDCWD, "/etc/xdg/kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=5851, ...}) = 0 statx(AT_FDCWD, "/etc/xdg/system.kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17b4b0) = -1 ENOENT (No such file or directory) statx(AT_FDCWD, "/etc/xdg/kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=5851, ...}) = 0 statx(AT_FDCWD, "/etc/xdg/kwinrc", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=1616, ...}) = 0 readlink("/etc", 0x7ffcee17a1f0, 1023) = -1 EINVAL (Invalid argument) readlink("/etc/xdg", 0x7ffcee17a1f0, 1023) = -1 EINVAL (Invalid argument) readlink("/etc/xdg/kwinrc", 0x7ffcee17a1f0, 1023) = -1 EINVAL (Invalid argument) access("/etc/xdg/kwinrc", F_OK) = 0 readlink("/etc", 0x7ffcee17a170, 1023) = -1 EINVAL (Invalid argument) readlink("/etc/xdg", 0x7ffcee17a170, 1023) = -1 EINVAL (Invalid argument) readlink("/etc/xdg/kwinrc", 0x7ffcee17a170, 1023) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "/etc/xdg/kwinrc", O_RDONLY|O_CLOEXEC) = 12 statx(AT_FDCWD, "/etc/xdg/kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=5851, ...}) = 0 statx(AT_FDCWD, "/etc/xdg/system.kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17b490) = -1 ENOENT (No such file or directory) statx(AT_FDCWD, "/etc/xdg/kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=5851, ...}) = 0 statx(AT_FDCWD, "/etc/xdg/breezerc", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17b510) = -1 ENOENT (No such file or directory) newfstatat(AT_FDCWD, "/etc/nsswitch.conf", {st_mode=S_IFREG|0644, st_size=2359, ...}, 0) = 0 openat(AT_FDCWD, "/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 12 openat(AT_FDCWD, "/etc/passwd", O_RDONLY|O_CLOEXEC) = 12 newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=3552, ...}, 0) = 0 newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=3552, ...}, 0) = 0 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 20 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 20 newfstatat(AT_FDCWD, "/etc/gnutls/config", {st_mode=S_IFREG|0644, st_size=55, ...}, 0) = 0 openat(AT_FDCWD, "/etc/gnutls/config", O_RDONLY|O_CLOEXEC) = 20 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 20 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 20 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 20 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 20 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 20 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 20 openat(AT_FDCWD, "/etc/vdpau_wrapper.cfg", O_RDONLY) = 21 openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/libva.conf", O_RDONLY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/libva.conf", O_RDONLY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/libva.conf", O_RDONLY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/libva.conf", O_RDONLY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 20 access("/etc/vulkan/loader_settings.d/vk_loader_settings.json", F_OK) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/xdg/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20 access("/etc/vulkan/implicit_layer.d/..", F_OK) = 0 access("/etc/vulkan/implicit_layer.d/.", F_OK) = 0 openat(AT_FDCWD, "/etc/xdg/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20 access("/etc/vulkan/implicit_layer.d/..", F_OK) = 0 access("/etc/vulkan/implicit_layer.d/.", F_OK) = 0 openat(AT_FDCWD, "/etc/xdg/vulkan/explicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/vulkan/explicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20 access("/etc/vulkan/explicit_layer.d/..", F_OK) = 0 access("/etc/vulkan/explicit_layer.d/.", F_OK) = 0 access("/etc/vulkan/loader_settings.d/vk_loader_settings.json", F_OK) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/xdg/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20 access("/etc/vulkan/implicit_layer.d/..", F_OK) = 0 access("/etc/vulkan/implicit_layer.d/.", F_OK) = 0 openat(AT_FDCWD, "/etc/xdg/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20 access("/etc/vulkan/implicit_layer.d/..", F_OK) = 0 access("/etc/vulkan/implicit_layer.d/.", F_OK) = 0 openat(AT_FDCWD, "/etc/xdg/vulkan/explicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/vulkan/explicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20 access("/etc/vulkan/explicit_layer.d/..", F_OK) = 0 access("/etc/vulkan/explicit_layer.d/.", F_OK) = 0 access("/etc/vulkan/loader_settings.d/vk_loader_settings.json", F_OK) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/xdg/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20 access("/etc/vulkan/implicit_layer.d/..", F_OK) = 0 access("/etc/vulkan/implicit_layer.d/.", F_OK) = 0 openat(AT_FDCWD, "/etc/xdg/vulkan/icd.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/vulkan/icd.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20 access("/etc/vulkan/icd.d/..", F_OK) = 0 access("/etc/vulkan/icd.d/.", F_OK) = 0 openat(AT_FDCWD, "/etc/xdg/vulkan/icd.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/vulkan/icd.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20 access("/etc/vulkan/icd.d/..", F_OK) = 0 access("/etc/vulkan/icd.d/.", F_OK) = 0 openat(AT_FDCWD, "/etc/xdg/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20 access("/etc/vulkan/implicit_layer.d/..", F_OK) = 0 access("/etc/vulkan/implicit_layer.d/.", F_OK) = 0 access("/etc/vulkan/loader_settings.d/vk_loader_settings.json", F_OK) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/xdg/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20 access("/etc/vulkan/implicit_layer.d/..", F_OK) = 0 access("/etc/vulkan/implicit_layer.d/.", F_OK) = 0 openat(AT_FDCWD, "/etc/xdg/vulkan/icd.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/vulkan/icd.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20 access("/etc/vulkan/icd.d/..", F_OK) = 0 access("/etc/vulkan/icd.d/.", F_OK) = 0 openat(AT_FDCWD, "/etc/xdg/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20 access("/etc/vulkan/implicit_layer.d/..", F_OK) = 0 access("/etc/vulkan/implicit_layer.d/.", F_OK) = 0 access("/etc/vulkan/loader_settings.d/vk_loader_settings.json", F_OK) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/xdg/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/vulkan/implicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20 access("/etc/vulkan/implicit_layer.d/..", F_OK) = 0 access("/etc/vulkan/implicit_layer.d/.", F_OK) = 0 openat(AT_FDCWD, "/etc/xdg/vulkan/explicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/vulkan/explicit_layer.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20 access("/etc/vulkan/explicit_layer.d/..", F_OK) = 0 access("/etc/vulkan/explicit_layer.d/.", F_OK) = 0 openat(AT_FDCWD, "/etc/xdg/vulkan/icd.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/vulkan/icd.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 20 access("/etc/vulkan/icd.d/..", F_OK) = 0 access("/etc/vulkan/icd.d/.", F_OK) = 0 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 20 openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/drirc", O_RDONLY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/pulse/client.conf", O_RDONLY|O_CLOEXEC) = 22 openat(AT_FDCWD, "/etc/pulse/client.conf.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory) newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=3552, ...}, 0) = 0 getcwd("/home/nreist", 4096) = 13 access("/etc/fonts/fonts.conf", R_OK) = 0 access("/etc/fonts/fonts.conf", R_OK) = 0 readlink("/etc/fonts/fonts.conf", 0x7ffcee171730, 4095) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "/etc/fonts/fonts.conf", {st_mode=S_IFREG|0644, st_size=2853, ...}, 0) = 0 openat(AT_FDCWD, "/etc/fonts/fonts.conf", O_RDONLY|O_CLOEXEC) = 25 access("/etc/fonts/conf.d", R_OK) = 0 access("/etc/fonts/conf.d", R_OK) = 0 readlink("/etc/fonts/conf.d", 0x7ffcee16bf10, 4095) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "/etc/fonts/conf.d", {st_mode=S_IFDIR|0755, st_size=4096, ...}, 0) = 0 openat(AT_FDCWD, "/etc/fonts/conf.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 25 access("/etc/fonts/conf.d/10-antialias.conf", R_OK) = 0 access("/etc/fonts/conf.d/10-antialias.conf", R_OK) = 0 readlink("/etc/fonts/conf.d/10-antialias.conf", "../../../usr/share/fontconfig/co"..., 4095) = 58 access("/etc/fonts/conf.d/10-hinting-slight.conf", R_OK) = 0 access("/etc/fonts/conf.d/10-hinting-slight.conf", R_OK) = 0 readlink("/etc/fonts/conf.d/10-hinting-slight.conf", "../../../usr/share/fontconfig/co"..., 4095) = 63 access("/etc/fonts/conf.d/10-hinting.conf", R_OK) = 0 access("/etc/fonts/conf.d/10-hinting.conf", R_OK) = 0 readlink("/etc/fonts/conf.d/10-hinting.conf", "../../../usr/share/fontconfig/co"..., 4095) = 56 access("/etc/fonts/conf.d/10-scale-bitmap-fonts.conf", R_OK) = 0 access("/etc/fonts/conf.d/10-scale-bitmap-fonts.conf", R_OK) = 0 readlink("/etc/fonts/conf.d/10-scale-bitmap-fonts.conf", "../../../usr/share/fontconfig/co"..., 4095) = 67 access("/etc/fonts/conf.d/10-sub-pixel-none.conf", R_OK) = 0 access("/etc/fonts/conf.d/10-sub-pixel-none.conf", R_OK) = 0 readlink("/etc/fonts/conf.d/10-sub-pixel-none.conf", "../../../usr/share/fontconfig/co"..., 4095) = 63 access("/etc/fonts/conf.d/10-yes-antialias.conf", R_OK) = 0 access("/etc/fonts/conf.d/10-yes-antialias.conf", R_OK) = 0 readlink("/etc/fonts/conf.d/10-yes-antialias.conf", "../../../usr/share/fontconfig/co"..., 4095) = 62 access("/etc/fonts/conf.d/11-lcdfilter-default.conf", R_OK) = 0 access("/etc/fonts/conf.d/11-lcdfilter-default.conf", R_OK) = 0 readlink("/etc/fonts/conf.d/11-lcdfilter-default.conf", "../../../usr/share/fontconfig/co"..., 4095) = 66 access("/etc/fonts/conf.d/20-unhint-small-vera.conf", R_OK) = 0 access("/etc/fonts/conf.d/20-unhint-small-vera.conf", R_OK) = 0 readlink("/etc/fonts/conf.d/20-unhint-small-vera.conf", "../../../usr/share/fontconfig/co"..., 4095) = 66 access("/etc/fonts/conf.d/25-no-bitmap-fedora.conf", R_OK) = 0 access("/etc/fonts/conf.d/25-no-bitmap-fedora.conf", R_OK) = 0 readlink("/etc/fonts/conf.d/25-no-bitmap-fedora.conf", 0x7ffcee167d50, 4095) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "/etc/fonts/conf.d/25-no-bitmap-fedora.conf", {st_mode=S_IFREG|0644, st_size=1160, ...}, 0) = 0 openat(AT_FDCWD, "/etc/fonts/conf.d/25-no-bitmap-fedora.conf", O_RDONLY|O_CLOEXEC) = 26 access("/etc/fonts/conf.d/25-unhint-nonlatin.conf", R_OK) = 0 access("/etc/fonts/conf.d/25-unhint-nonlatin.conf", R_OK) = 0 readlink("/etc/fonts/conf.d/25-unhint-nonlatin.conf", "../../../usr/share/fontconfig/co"..., 4095) = 64 access("/etc/fonts/conf.d/30-0-google-crosextra-caladea-fontconfig.conf", R_OK) = 0 access("/etc/fonts/conf.d/30-0-google-crosextra-caladea-fontconfig.conf", R_OK) = 0 readlink("/etc/fonts/conf.d/30-0-google-crosextra-caladea-fontconfig.conf", "../../../usr/share/fontconfig/co"..., 4095) = 86 access("/etc/fonts/conf.d/30-0-google-crosextra-carlito-fontconfig.conf", R_OK) = 0 access("/etc/fonts/conf.d/30-0-google-crosextra-carlito-fontconfig.conf", R_OK) = 0 readlink("/etc/fonts/conf.d/30-0-google-crosextra-carlito-fontconfig.conf", "../../../usr/share/fontconfig/co"..., 4095) = 86 access("/etc/fonts/conf.d/30-mdv-urwfonts.conf", R_OK) = 0 access("/etc/fonts/conf.d/30-mdv-urwfonts.conf", R_OK) = 0 readlink("/etc/fonts/conf.d/30-mdv-urwfonts.conf", 0x7ffcee167d50, 4095) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "/etc/fonts/conf.d/30-mdv-urwfonts.conf", {st_mode=S_IFREG|0644, st_size=2473, ...}, 0) = 0 openat(AT_FDCWD, "/etc/fonts/conf.d/30-mdv-urwfonts.conf", O_RDONLY|O_CLOEXEC) = 26 access("/etc/fonts/conf.d/30-metric-aliases.conf", R_OK) = 0 access("/etc/fonts/conf.d/30-metric-aliases.conf", R_OK) = 0 readlink("/etc/fonts/conf.d/30-metric-aliases.conf", "../../../usr/share/fontconfig/co"..., 4095) = 63 access("/etc/fonts/conf.d/31-cantarell.conf", R_OK) = 0 access("/etc/fonts/conf.d/31-cantarell.conf", R_OK) = 0 readlink("/etc/fonts/conf.d/31-cantarell.conf", "../../../usr/share/fontconfig/co"..., 4095) = 58 access("/etc/fonts/conf.d/40-nonlatin.conf", R_OK) = 0 access("/etc/fonts/conf.d/40-nonlatin.conf", R_OK) = 0 readlink("/etc/fonts/conf.d/40-nonlatin.conf", "../../../usr/share/fontconfig/co"..., 4095) = 57 access("/etc/fonts/conf.d/45-generic.conf", R_OK) = 0 access("/etc/fonts/conf.d/45-generic.conf", R_OK) = 0 readlink("/etc/fonts/conf.d/45-generic.conf", "../../../usr/share/fontconfig/co"..., 4095) = 56 access("/etc/fonts/conf.d/45-latin.conf", R_OK) = 0 access("/etc/fonts/conf.d/45-latin.conf", R_OK) = 0 readlink("/etc/fonts/conf.d/45-latin.conf", "../../../usr/share/fontconfig/co"..., 4095) = 54 access("/etc/fonts/conf.d/48-spacing.conf", R_OK) = 0 access("/etc/fonts/conf.d/48-spacing.conf", R_OK) = 0 readlink("/etc/fonts/conf.d/48-spacing.conf", "../../../usr/share/fontconfig/co"..., 4095) = 56 access("/etc/fonts/conf.d/49-sansserif.conf", R_OK) = 0 access("/etc/fonts/conf.d/49-sansserif.conf", R_OK) = 0 readlink("/etc/fonts/conf.d/49-sansserif.conf", "../../../usr/share/fontconfig/co"..., 4095) = 58 access("/etc/fonts/conf.d/50-user.conf", R_OK) = 0 access("/etc/fonts/conf.d/50-user.conf", R_OK) = 0 readlink("/etc/fonts/conf.d/50-user.conf", "../../../usr/share/fontconfig/co"..., 4095) = 53 access("/etc/fonts/conf.d/51-local.conf", R_OK) = 0 access("/etc/fonts/conf.d/51-local.conf", R_OK) = 0 readlink("/etc/fonts/conf.d/51-local.conf", "../../../usr/share/fontconfig/co"..., 4095) = 54 access("/etc/fonts/local.conf", R_OK) = -1 ENOENT (No such file or directory) access("/etc/fonts/local.conf", R_OK) = -1 ENOENT (No such file or directory) access("/etc/fonts/conf.d/60-generic.conf", R_OK) = 0 access("/etc/fonts/conf.d/60-generic.conf", R_OK) = 0 readlink("/etc/fonts/conf.d/60-generic.conf", "../../../usr/share/fontconfig/co"..., 4095) = 56 access("/etc/fonts/conf.d/60-latin.conf", R_OK) = 0 access("/etc/fonts/conf.d/60-latin.conf", R_OK) = 0 readlink("/etc/fonts/conf.d/60-latin.conf", "../../../usr/share/fontconfig/co"..., 4095) = 54 access("/etc/fonts/conf.d/60-open-sans.conf", R_OK) = 0 access("/etc/fonts/conf.d/60-open-sans.conf", R_OK) = 0 readlink("/etc/fonts/conf.d/60-open-sans.conf", "../../../usr/share/fontconfig/co"..., 4095) = 58 access("/etc/fonts/conf.d/61-adobe-source-code-pro.conf", R_OK) = 0 access("/etc/fonts/conf.d/61-adobe-source-code-pro.conf", R_OK) = 0 readlink("/etc/fonts/conf.d/61-adobe-source-code-pro.conf", "../../../usr/share/fontconfig/co"..., 4095) = 70 access("/etc/fonts/conf.d/61-urw-bookman.conf", R_OK) = 0 access("/etc/fonts/conf.d/61-urw-bookman.conf", R_OK) = 0 readlink("/etc/fonts/conf.d/61-urw-bookman.conf", 0x7ffcee167d50, 4095) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-bookman.conf", {st_mode=S_IFREG|0644, st_size=1021, ...}, 0) = 0 openat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-bookman.conf", O_RDONLY|O_CLOEXEC) = 26 access("/etc/fonts/conf.d/61-urw-c059.conf", R_OK) = 0 access("/etc/fonts/conf.d/61-urw-c059.conf", R_OK) = 0 readlink("/etc/fonts/conf.d/61-urw-c059.conf", 0x7ffcee167d50, 4095) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-c059.conf", {st_mode=S_IFREG|0644, st_size=1124, ...}, 0) = 0 openat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-c059.conf", O_RDONLY|O_CLOEXEC) = 26 access("/etc/fonts/conf.d/61-urw-d050000l.conf", R_OK) = 0 access("/etc/fonts/conf.d/61-urw-d050000l.conf", R_OK) = 0 readlink("/etc/fonts/conf.d/61-urw-d050000l.conf", 0x7ffcee167d50, 4095) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-d050000l.conf", {st_mode=S_IFREG|0644, st_size=732, ...}, 0) = 0 openat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-d050000l.conf", O_RDONLY|O_CLOEXEC) = 26 access("/etc/fonts/conf.d/61-urw-fallback-backwards.conf", R_OK) = 0 access("/etc/fonts/conf.d/61-urw-fallback-backwards.conf", R_OK) = 0 readlink("/etc/fonts/conf.d/61-urw-fallback-backwards.conf", 0x7ffcee167d50, 4095) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-fallback-backwards.conf", {st_mode=S_IFREG|0644, st_size=3257, ...}, 0) = 0 openat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-fallback-backwards.conf", O_RDONLY|O_CLOEXEC) = 26 access("/etc/fonts/conf.d/61-urw-fallback-generics.conf", R_OK) = 0 access("/etc/fonts/conf.d/61-urw-fallback-generics.conf", R_OK) = 0 readlink("/etc/fonts/conf.d/61-urw-fallback-generics.conf", 0x7ffcee167d50, 4095) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-fallback-generics.conf", {st_mode=S_IFREG|0644, st_size=2727, ...}, 0) = 0 openat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-fallback-generics.conf", O_RDONLY|O_CLOEXEC) = 26 access("/etc/fonts/conf.d/61-urw-fallback-specifics.conf", R_OK) = 0 access("/etc/fonts/conf.d/61-urw-fallback-specifics.conf", R_OK) = 0 readlink("/etc/fonts/conf.d/61-urw-fallback-specifics.conf", 0x7ffcee167d50, 4095) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-fallback-specifics.conf", {st_mode=S_IFREG|0644, st_size=3777, ...}, 0) = 0 openat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-fallback-specifics.conf", O_RDONLY|O_CLOEXEC) = 26 access("/etc/fonts/conf.d/61-urw-gothic.conf", R_OK) = 0 access("/etc/fonts/conf.d/61-urw-gothic.conf", R_OK) = 0 readlink("/etc/fonts/conf.d/61-urw-gothic.conf", 0x7ffcee167d50, 4095) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-gothic.conf", {st_mode=S_IFREG|0644, st_size=913, ...}, 0) = 0 openat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-gothic.conf", O_RDONLY|O_CLOEXEC) = 26 access("/etc/fonts/conf.d/61-urw-nimbus-mono-ps.conf", R_OK) = 0 access("/etc/fonts/conf.d/61-urw-nimbus-mono-ps.conf", R_OK) = 0 readlink("/etc/fonts/conf.d/61-urw-nimbus-mono-ps.conf", 0x7ffcee167d50, 4095) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-nimbus-mono-ps.conf", {st_mode=S_IFREG|0644, st_size=899, ...}, 0) = 0 openat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-nimbus-mono-ps.conf", O_RDONLY|O_CLOEXEC) = 26 access("/etc/fonts/conf.d/61-urw-nimbus-roman.conf", R_OK) = 0 access("/etc/fonts/conf.d/61-urw-nimbus-roman.conf", R_OK) = 0 readlink("/etc/fonts/conf.d/61-urw-nimbus-roman.conf", 0x7ffcee167d50, 4095) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-nimbus-roman.conf", {st_mode=S_IFREG|0644, st_size=877, ...}, 0) = 0 openat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-nimbus-roman.conf", O_RDONLY|O_CLOEXEC) = 26 access("/etc/fonts/conf.d/61-urw-nimbus-sans.conf", R_OK) = 0 access("/etc/fonts/conf.d/61-urw-nimbus-sans.conf", R_OK) = 0 readlink("/etc/fonts/conf.d/61-urw-nimbus-sans.conf", 0x7ffcee167d50, 4095) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-nimbus-sans.conf", {st_mode=S_IFREG|0644, st_size=1572, ...}, 0) = 0 openat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-nimbus-sans.conf", O_RDONLY|O_CLOEXEC) = 26 access("/etc/fonts/conf.d/61-urw-p052.conf", R_OK) = 0 access("/etc/fonts/conf.d/61-urw-p052.conf", R_OK) = 0 readlink("/etc/fonts/conf.d/61-urw-p052.conf", 0x7ffcee167d50, 4095) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-p052.conf", {st_mode=S_IFREG|0644, st_size=975, ...}, 0) = 0 openat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-p052.conf", O_RDONLY|O_CLOEXEC) = 26 access("/etc/fonts/conf.d/61-urw-standard-symbols-ps.conf", R_OK) = 0 access("/etc/fonts/conf.d/61-urw-standard-symbols-ps.conf", R_OK) = 0 readlink("/etc/fonts/conf.d/61-urw-standard-symbols-ps.conf", 0x7ffcee167d50, 4095) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-standard-symbols-ps.conf", {st_mode=S_IFREG|0644, st_size=1061, ...}, 0) = 0 openat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-standard-symbols-ps.conf", O_RDONLY|O_CLOEXEC) = 26 access("/etc/fonts/conf.d/61-urw-z003.conf", R_OK) = 0 access("/etc/fonts/conf.d/61-urw-z003.conf", R_OK) = 0 readlink("/etc/fonts/conf.d/61-urw-z003.conf", 0x7ffcee167d50, 4095) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-z003.conf", {st_mode=S_IFREG|0644, st_size=865, ...}, 0) = 0 openat(AT_FDCWD, "/etc/fonts/conf.d/61-urw-z003.conf", O_RDONLY|O_CLOEXEC) = 26 access("/etc/fonts/conf.d/62-google-crosextra-caladea-fontconfig.conf", R_OK) = 0 access("/etc/fonts/conf.d/62-google-crosextra-caladea-fontconfig.conf", R_OK) = 0 readlink("/etc/fonts/conf.d/62-google-crosextra-caladea-fontconfig.conf", "../../../usr/share/fontconfig/co"..., 4095) = 84 access("/etc/fonts/conf.d/62-google-crosextra-carlito-fontconfig.conf", R_OK) = 0 access("/etc/fonts/conf.d/62-google-crosextra-carlito-fontconfig.conf", R_OK) = 0 readlink("/etc/fonts/conf.d/62-google-crosextra-carlito-fontconfig.conf", "../../../usr/share/fontconfig/co"..., 4095) = 84 access("/etc/fonts/conf.d/65-fonts-persian.conf", R_OK) = 0 access("/etc/fonts/conf.d/65-fonts-persian.conf", R_OK) = 0 readlink("/etc/fonts/conf.d/65-fonts-persian.conf", "../../../usr/share/fontconfig/co"..., 4095) = 62 access("/etc/fonts/conf.d/65-lang-pl.conf", R_OK) = 0 access("/etc/fonts/conf.d/65-lang-pl.conf", R_OK) = 0 readlink("/etc/fonts/conf.d/65-lang-pl.conf", 0x7ffcee167d50, 4095) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "/etc/fonts/conf.d/65-lang-pl.conf", {st_mode=S_IFREG|0644, st_size=804, ...}, 0) = 0 openat(AT_FDCWD, "/etc/fonts/conf.d/65-lang-pl.conf", O_RDONLY|O_CLOEXEC) = 26 access("/etc/fonts/conf.d/65-nonlatin.conf", R_OK) = 0 access("/etc/fonts/conf.d/65-nonlatin.conf", R_OK) = 0 readlink("/etc/fonts/conf.d/65-nonlatin.conf", "../../../usr/share/fontconfig/co"..., 4095) = 57 access("/etc/fonts/conf.d/69-unifont.conf", R_OK) = 0 access("/etc/fonts/conf.d/69-unifont.conf", R_OK) = 0 readlink("/etc/fonts/conf.d/69-unifont.conf", "../../../usr/share/fontconfig/co"..., 4095) = 56 access("/etc/fonts/conf.d/80-delicious.conf", R_OK) = 0 access("/etc/fonts/conf.d/80-delicious.conf", R_OK) = 0 readlink("/etc/fonts/conf.d/80-delicious.conf", "../../../usr/share/fontconfig/co"..., 4095) = 58 access("/etc/fonts/conf.d/90-noto-emoji.conf", R_OK) = 0 access("/etc/fonts/conf.d/90-noto-emoji.conf", R_OK) = 0 readlink("/etc/fonts/conf.d/90-noto-emoji.conf", 0x7ffcee167d50, 4095) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "/etc/fonts/conf.d/90-noto-emoji.conf", {st_mode=S_IFREG|0644, st_size=1054, ...}, 0) = 0 openat(AT_FDCWD, "/etc/fonts/conf.d/90-noto-emoji.conf", O_RDONLY|O_CLOEXEC) = 26 access("/etc/fonts/conf.d/90-synthetic.conf", R_OK) = 0 access("/etc/fonts/conf.d/90-synthetic.conf", R_OK) = 0 readlink("/etc/fonts/conf.d/90-synthetic.conf", "../../../usr/share/fontconfig/co"..., 4095) = 58 access("/etc/fonts/conf.d/99-konsole.conf", R_OK) = 0 access("/etc/fonts/conf.d/99-konsole.conf", R_OK) = 0 readlink("/etc/fonts/conf.d/99-konsole.conf", 0x7ffcee167d50, 4095) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "/etc/fonts/conf.d/99-konsole.conf", {st_mode=S_IFREG|0644, st_size=189, ...}, 0) = 0 openat(AT_FDCWD, "/etc/fonts/conf.d/99-konsole.conf", O_RDONLY|O_CLOEXEC) = 26 access("/etc/fonts/conf.d", R_OK) = 0 statx(AT_FDCWD, "/etc/xdg/kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=5851, ...}) = 0 statx(AT_FDCWD, "/etc/xdg/system.kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee178690) = -1 ENOENT (No such file or directory) statx(AT_FDCWD, "/etc/xdg/kdeglobals", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=5851, ...}) = 0 statx(AT_FDCWD, "/etc/xdg/plasmarc", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee178710) = -1 ENOENT (No such file or directory) getcwd("/home/nreist", 4096) = 13 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 25 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 25 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 25 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 25 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 25 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 25 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 25 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 25 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 25 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 25 newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=3552, ...}, 0) = 0 newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=3552, ...}, 0) = 0 newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=3552, ...}, 0) = 0 newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=3552, ...}, 0) = 0 newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=3552, ...}, 0) = 0 newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=3552, ...}, 0) = 0 getcwd("/home/nreist", 4096) = 13 getcwd("/home/nreist", 4096) = 13 newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=3552, ...}, 0) = 0 newfstatat(AT_FDCWD, "/etc/localtime", {st_mode=S_IFREG|0644, st_size=3552, ...}, 0) = 0 newfstatat(AT_FDCWD, "/etc/nsswitch.conf", {st_mode=S_IFREG|0644, st_size=2359, ...}, 0) = 0 openat(AT_FDCWD, "/etc/passwd", O_RDONLY|O_CLOEXEC) = 25 openat(AT_FDCWD, "/etc/pki/tls/openssl.cnf", O_RDONLY) = 26 access("/etc/xdg/nheko/nheko.conf", F_OK) = -1 ENOENT (No such file or directory) statx(AT_FDCWD, "/etc/xdg/nheko/nheko.conf", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17bc10) = -1 ENOENT (No such file or directory) statx(AT_FDCWD, "/etc/xdg/nheko/nheko.conf", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17bbb0) = -1 ENOENT (No such file or directory) access("/etc/xdg/nheko.conf", F_OK) = -1 ENOENT (No such file or directory) statx(AT_FDCWD, "/etc/xdg/nheko.conf", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17bc10) = -1 ENOENT (No such file or directory) statx(AT_FDCWD, "/etc/xdg/nheko.conf", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, 0x7ffcee17bbb0) = -1 ENOENT (No such file or directory) ``` </details>
gitea-mirror commented 2026-05-05 09:57:13 -06:00
Author
Owner
Copy link

@kmk3 commented on GitHub (Jul 5, 2025):

Does that private-etc line entirely fix the problem?

No, it was purely a diagnosis step based on the include file. It isn't clear
in the file if those are part of the private-etc or not.

Strange, what is the output when --debug is also used?

The file is also blank.

But what is in the normal program output (stdout/stderr)?

Not sure if it's related to this:

firejail --tracelog /usr/bin/nheko
Error: cannot read UID_MIN and/or GID_MIN from /etc/login.defs, using 1000 by default
Error: tracelog feature is disabled in Firejail configuration file /etc/firejail/firejail.config

What happens if you enable it in the config and re-run?

Is there anything in the syslog?

What is the name/version of the C compiler and libc used to compile firejail?

  • clang.x86_64 - 20.1.7
  • libc6.x86_64 - 6:2.41

Just to make sure, is libc6 glibc?

The libtrace code is rather brittle, so it might also be broken on clang.

strace --trace=%file /usr/bin/nheko 2>&1 | grep etc
[...]

I see some other files that are not in private-etc.

$ cat strace2.txt | sed -En 's/.*"([^"]*)".*/\1/p' | sort -u | grep -v /etc/fonts/
[...]
/etc/libva.conf
/etc/os-release
/etc/vdpau_wrapper.cfg
[...]
/etc/xdg/QtProject/qtlogging.ini
/etc/xdg/breezerc
/etc/xdg/kcminputrc
/etc/xdg/kdeglobals
/etc/xdg/kwinrc
/etc/xdg/nheko.conf
/etc/xdg/nheko/nheko.conf
/etc/xdg/nhekorc
/etc/xdg/plasmarc
/etc/xdg/system.kdeglobals
/etc/xdg/vulkan/explicit_layer.d
/etc/xdg/vulkan/icd.d
/etc/xdg/vulkan/implicit_layer.d

So the following should be more complete (files in xdg should already be
included by @x11):

private-etc @tls-ca,@network,@sound,@x11,host.conf,libva.conf,mime.types,os-release,vdpau_wrapper.cfg

Back to the original problem:

Error: cannot read UID_MIN and/or GID_MIN from /etc/login.defs, using 1000 by default
[...]
Error: invalid file type, /etc/login.defs.

Are UID_MIN and GID_MIN set in /etc/login.defs?

Does it work if you temporarily do the following?

sudo chown root:root /etc/login.defs
sudo chmod 644 /etc/login.defs

To restore it later:

sudo chown root:shadow /etc/login.defs
sudo chmod 640 /etc/login.defs
<!-- gh-comment-id:3039870657 --> @kmk3 commented on GitHub (Jul 5, 2025): > > Does that private-etc line entirely fix the problem? > > No, it was purely a diagnosis step based on the include file. It isn't clear > in the file if those are part of the `private-etc` or not. > > > Strange, what is the output when --debug is also used? > > The file is also blank. But what is in the normal program output (stdout/stderr)? > Not sure if it's related to this: > > ``` > firejail --tracelog /usr/bin/nheko > Error: cannot read UID_MIN and/or GID_MIN from /etc/login.defs, using 1000 by default > Error: tracelog feature is disabled in Firejail configuration file /etc/firejail/firejail.config > ``` What happens if you enable it in the config and re-run? Is there anything in the syslog? > > What is the name/version of the C compiler and libc used to compile firejail? > > * clang.x86_64 - 20.1.7 > * libc6.x86_64 - 6:2.41 Just to make sure, is `libc6` glibc? The libtrace code is rather brittle, so it might also be broken on clang. > ``` > strace --trace=%file /usr/bin/nheko 2>&1 | grep etc > [...] > ``` I see some other files that are not in `private-etc`. ``` $ cat strace2.txt | sed -En 's/.*"([^"]*)".*/\1/p' | sort -u | grep -v /etc/fonts/ [...] /etc/libva.conf /etc/os-release /etc/vdpau_wrapper.cfg [...] /etc/xdg/QtProject/qtlogging.ini /etc/xdg/breezerc /etc/xdg/kcminputrc /etc/xdg/kdeglobals /etc/xdg/kwinrc /etc/xdg/nheko.conf /etc/xdg/nheko/nheko.conf /etc/xdg/nhekorc /etc/xdg/plasmarc /etc/xdg/system.kdeglobals /etc/xdg/vulkan/explicit_layer.d /etc/xdg/vulkan/icd.d /etc/xdg/vulkan/implicit_layer.d ``` So the following should be more complete (files in `xdg` should already be included by `@x11`): ``` private-etc @tls-ca,@network,@sound,@x11,host.conf,libva.conf,mime.types,os-release,vdpau_wrapper.cfg ``` --- Back to the original problem: > ``` > Error: cannot read UID_MIN and/or GID_MIN from /etc/login.defs, using 1000 by default > [...] > Error: invalid file type, /etc/login.defs. > ``` Are `UID_MIN` and `GID_MIN` set in /etc/login.defs? Does it work if you temporarily do the following? ``` sudo chown root:root /etc/login.defs sudo chmod 644 /etc/login.defs ``` To restore it later: ``` sudo chown root:shadow /etc/login.defs sudo chmod 640 /etc/login.defs ```
gitea-mirror commented 2026-05-05 09:57:14 -06:00
Author
Owner
Copy link

@kmk3 commented on GitHub (Jul 5, 2025):

This might be unrelated:

Are you sure that ./configure is still executed with this change?

It's very important that ./configure is called so that config.mk is generated
with the proper values.

Otherwise a lot of things will likely be missing.

What is the output of firejail --version?

<!-- gh-comment-id:3039937190 --> @kmk3 commented on GitHub (Jul 5, 2025): This might be unrelated: Are you sure that `./configure` is still executed with this change? * <https://github.com/OpenMandrivaAssociation/firejail/pull/3/files#diff-b69138d6a781343f782c90ee9289b4524bffe0dad8791807187d529666f1958fL17-L20> It's very important that `./configure` is called so that config.mk is generated with the proper values. Otherwise a lot of things will likely be missing. What is the output of `firejail --version`?
gitea-mirror commented 2026-05-05 09:57:14 -06:00
Author
Owner
Copy link

@ZeroAbility commented on GitHub (Jul 5, 2025):

firejail --debug --trace=trace_true.txt /bin/true

trace_true.txt contents:

9:true:exec /usr/bin/coreutils:0

firejail --debug --trace=trace_nheko.txt /usr/bin/nheko

trace_nheko.txt contents:

null

firejail --debug --trace=trace_nheko.txt /usr/bin/nheko                        
Error: cannot read UID_MIN and/or GID_MIN from /etc/login.defs, using 1000 by default
Looking for kernel processes
Found kthreadd process, we are not running in a sandbox
pid=164736: locking /run/firejail/firejail-run.lock ...
pid=164736: locked /run/firejail/firejail-run.lock
pid=164736: unlocking /run/firejail/firejail-run.lock ...
pid=164736: unlocked /run/firejail/firejail-run.lock
Building quoted command line: '/usr/bin/nheko' 
Command name #nheko#
Found nheko.profile profile in /etc/firejail directory
Reading profile /etc/firejail/nheko.profile
Cannot access .local file nheko.local: No such file or directory, skipping...
Cannot access .local file globals.local: No such file or directory, skipping...
Found disable-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-common.inc
Cannot access .local file disable-common.local: No such file or directory, skipping...
Found disable-devel.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-devel.inc
Cannot access .local file disable-devel.local: No such file or directory, skipping...
Found disable-exec.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-exec.inc
Cannot access .local file disable-exec.local: No such file or directory, skipping...
Found disable-interpreters.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-interpreters.inc
Cannot access .local file disable-interpreters.local: No such file or directory, skipping...
Found disable-programs.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-programs.inc
Cannot access .local file disable-programs.local: No such file or directory, skipping...
Found disable-shell.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-shell.inc
Cannot access .local file disable-shell.local: No such file or directory, skipping...
Found disable-xdg.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-xdg.inc
Cannot access .local file disable-xdg.local: No such file or directory, skipping...
Found whitelist-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-common.inc
Cannot access .local file whitelist-common.local: No such file or directory, skipping...
Found whitelist-runuser-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-runuser-common.inc
Cannot access .local file whitelist-runuser-common.local: No such file or directory, skipping...
Found whitelist-usr-share-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Cannot access .local file whitelist-usr-share-common.local: No such file or directory, skipping...
Found whitelist-var-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-var-common.inc
Cannot access .local file whitelist-var-common.local: No such file or directory, skipping...
[profile] combined protocol list: "unix,inet,inet6"
firejail version 0.9.74

pid=164736: locking /run/firejail/firejail-run.lock ...
pid=164736: locked /run/firejail/firejail-run.lock
DISPLAY=:0 parsed as 0
pid=164736: unlocking /run/firejail/firejail-run.lock ...
pid=164736: unlocked /run/firejail/firejail-run.lock
xdg-dbus-proxy arg: unix:path=/run/user/1001/bus
xdg-dbus-proxy arg: /run/firejail/dbus/1001/164736-user
xdg-dbus-proxy arg: --filter
xdg-dbus-proxy arg: --talk=org.freedesktop.secrets
starting xdg-dbus-proxy
sbox exec: /usr/bin/xdg-dbus-proxy --fd=4 --args=5 
Dropping all capabilities
Drop privileges: pid 164738, uid 1001, gid 1007, force_nogroups 1
No supplementary groups
xdg-dbus-proxy initialized
Using the local network stack
Initializing child process
Parent pid 164736, child pid 164741
Host network configured
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating an empty trace log file: trace_nheko.txt
Bind mount trace_nheko.txt to /run/firejail/mnt/trace
Mounting noexec /run/firejail/mnt/trace
426 425 259:2 /home/nreist/trace_nheko.txt /run/firejail/mnt/trace rw,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/nvme0n1p2 rw,discard,stripe=256
mountid=426 fsname=/home/nreist/trace_nheko.txt dir=/run/firejail/mnt/trace fstype=ext4
Creating empty /run/firejail/mnt/seccomp directory
Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file
IBUS_ADDRESS=
IBUS_DAEMON_PID=
Build protocol filter: unix,inet,inet6
sbox run: /run/firejail/lib/fseccomp protocol build unix,inet,inet6 /run/firejail/mnt/seccomp/seccomp.protocol 
Dropping all capabilities
Drop privileges: pid 2, uid 1001, gid 1007, force_nogroups 1
No supplementary groups
Drop privileges: pid 3, uid 1001, gid 1007, force_nogroups 0
nogroups command not ignored
No supplementary groups
Mounting /proc filesystem representing the PID namespace
Basic read-only filesystem:
Mounting read-only /etc
1278 149 259:2 /etc /etc ro,noatime master:1 - ext4 /dev/nvme0n1p2 rw,discard,stripe=256
mountid=1278 fsname=/etc dir=/etc fstype=ext4
Mounting noexec /etc
1279 1278 259:2 /etc /etc ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/nvme0n1p2 rw,discard,stripe=256
mountid=1279 fsname=/etc dir=/etc fstype=ext4
Mounting read-only /var
1280 149 259:2 /var /var ro,noatime master:1 - ext4 /dev/nvme0n1p2 rw,discard,stripe=256
mountid=1280 fsname=/var dir=/var fstype=ext4
Mounting noexec /var
1281 1280 259:2 /var /var ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/nvme0n1p2 rw,discard,stripe=256
mountid=1281 fsname=/var dir=/var fstype=ext4
Mounting read-only /usr
1282 149 259:2 /usr /usr ro,noatime master:1 - ext4 /dev/nvme0n1p2 rw,discard,stripe=256
mountid=1282 fsname=/usr dir=/usr fstype=ext4
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Cleaning /run/user directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /home/<user>/.config/firejail
Disable /run/firejail/sandbox
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/profile
Disable /run/firejail/x11
Mounting tmpfs on /dev
mounting /run/firejail/mnt/dev/snd directory
mounting /run/firejail/mnt/dev/dri directory
mounting /run/firejail/mnt/dev/kfd file
mounting /run/firejail/mnt/dev/hidraw0 file
mounting /run/firejail/mnt/dev/hidraw1 file
mounting /run/firejail/mnt/dev/hidraw2 file
mounting /run/firejail/mnt/dev/hidraw3 file
mounting /run/firejail/mnt/dev/usb directory
Process /dev/shm directory
Copying files in the new bin directory
Checking /usr/local/bin/nheko
Checking /usr/bin/nheko
sbox run: /run/firejail/lib/fcopy /usr/bin/nheko /run/firejail/mnt/bin 
Mount-bind /run/firejail/mnt/bin on top of /usr/local/bin
Mount-bind /run/firejail/mnt/bin on top of /usr/bin
Mount-bind /run/firejail/mnt/bin on top of /bin
Mount-bind /run/firejail/mnt/bin on top of /usr/games
Mount-bind /run/firejail/mnt/bin on top of /usr/local/games
Mount-bind /run/firejail/mnt/bin on top of /usr/local/sbin
Mount-bind /run/firejail/mnt/bin on top of /usr/sbin
Mount-bind /run/firejail/mnt/bin on top of /sbin
1 program installed in 21.69 ms
Generate private-tmp whitelist commands
Creating empty /run/firejail/mnt/dbus directory
Creating empty /run/firejail/mnt/dbus/user file
blacklist /run/user/1001/bus
Creating empty /run/firejail/mnt/dbus/system file
blacklist /run/dbus/system_bus_socket
blacklist /run/firejail/dbus
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Creating a new /etc/hostname file
Creating empty /run/firejail/mnt/hostname file
Creating a new /etc/hosts file
Loading user hosts file
Mounting read-only /proc/sys
Remounting /sys directory
Disable /sys/firmware
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/timer_list
Disable /proc/kcore
Disable /proc/kallsyms
Disable /usr/lib/modules (requested /lib/modules)
Disable /usr/lib/debug
Disable /boot
Disable /run/user/1001/gnupg
Disable /run/user/1001/systemd
Disable /proc/kmsg
Copying files in the new /etc directory:
Copying /etc/alternatives to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/alternatives /run/firejail/mnt/etc/alternatives 
Warning fcopy: cannot create symbolic link /etc/alternatives/luac
Warning fcopy: cannot create symbolic link /etc/alternatives/gs
Warning fcopy: cannot create symbolic link /etc/alternatives/ssh-askpass
Warning fcopy: cannot create symbolic link /etc/alternatives/ssh_askpass
Warning fcopy: cannot create symbolic link /etc/alternatives/bssh_askpass
Warning fcopy: cannot create symbolic link /etc/alternatives/lua
Warning fcopy: cannot create symbolic link /etc/alternatives/bssh-askpass
Warning fcopy: cannot create symbolic link /etc/alternatives/ebtables
Warning fcopy: cannot create symbolic link /etc/alternatives/yacc
Warning fcopy: cannot create symbolic link /etc/alternatives/brave-browser
Copying /etc/fonts to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/fonts /run/firejail/mnt/etc/fonts 
Warning: file /etc/gcrypt not found.
Copying /etc/group to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/group /run/firejail/mnt/etc 
Copying /etc/ld.so.cache to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/ld.so.cache /run/firejail/mnt/etc 
Copying /etc/ld.so.conf to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/ld.so.conf /run/firejail/mnt/etc 
Copying /etc/ld.so.conf.d to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/ld.so.conf.d /run/firejail/mnt/etc/ld.so.conf.d 
Copying /etc/ld.so.preload to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/ld.so.preload /run/firejail/mnt/etc 
Warning: file /etc/locale not found.
Warning: file /etc/locale.alias not found.
Copying /etc/locale.conf to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/locale.conf /run/firejail/mnt/etc 
Copying /etc/localtime to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/localtime /run/firejail/mnt/etc 
Error: invalid file type, /etc/login.defs.
Error: proc 164736 cannot sync with peer: unexpected EOF
Peer 164741 unexpectedly exited with status 1

It appears trace is working, but not for nheko.

Just to make sure, is libc6 glibc?

Yes.

So the following should be more complete (files in xdg should already be
included by @x11)

I tried to modify it in some way that included this and the others I saw in the original strace and it didn't make a difference.

This might be unrelated:

Are you sure that ./configure is still executed with this change?

https://github.com/OpenMandrivaAssociation/firejail/pull/3/files#diff-b69138d6a781343f782c90ee9289b4524bffe0dad8791807187d529666f1958fL17-L20
It's very important that ./configure is called so that config.mk is generated
with the proper values.

Otherwise a lot of things will likely be missing.

autoreconf -fi should fire off ./configure and is seen in the build log here:

https://file-store.openmandriva.org/api/v1/file_stores/80e0d8c79ea295f90857519a6f1a0fb64da4f6e0.log?show=true

Calling ./configure again can lead to unintended side effects.

"Version of Firejail (firejail --version): 0.9.74"

I would think this issue would extend to other sandboxed applications but it doesn't. I'm using Brave among other applications without issue. Now that I say that, Steam is also broken. I will try another build of firejail with just configure and see if there are any changes.

<!-- gh-comment-id:3040155837 --> @ZeroAbility commented on GitHub (Jul 5, 2025): >firejail --debug --trace=trace_true.txt /bin/true `trace_true.txt` contents: ``` 9:true:exec /usr/bin/coreutils:0 ``` >firejail --debug --trace=trace_nheko.txt /usr/bin/nheko `trace_nheko.txt` contents: `null` <details> ``` firejail --debug --trace=trace_nheko.txt /usr/bin/nheko Error: cannot read UID_MIN and/or GID_MIN from /etc/login.defs, using 1000 by default Looking for kernel processes Found kthreadd process, we are not running in a sandbox pid=164736: locking /run/firejail/firejail-run.lock ... pid=164736: locked /run/firejail/firejail-run.lock pid=164736: unlocking /run/firejail/firejail-run.lock ... pid=164736: unlocked /run/firejail/firejail-run.lock Building quoted command line: '/usr/bin/nheko' Command name #nheko# Found nheko.profile profile in /etc/firejail directory Reading profile /etc/firejail/nheko.profile Cannot access .local file nheko.local: No such file or directory, skipping... Cannot access .local file globals.local: No such file or directory, skipping... Found disable-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-common.inc Cannot access .local file disable-common.local: No such file or directory, skipping... Found disable-devel.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-devel.inc Cannot access .local file disable-devel.local: No such file or directory, skipping... Found disable-exec.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-exec.inc Cannot access .local file disable-exec.local: No such file or directory, skipping... Found disable-interpreters.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-interpreters.inc Cannot access .local file disable-interpreters.local: No such file or directory, skipping... Found disable-programs.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-programs.inc Cannot access .local file disable-programs.local: No such file or directory, skipping... Found disable-shell.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-shell.inc Cannot access .local file disable-shell.local: No such file or directory, skipping... Found disable-xdg.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-xdg.inc Cannot access .local file disable-xdg.local: No such file or directory, skipping... Found whitelist-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-common.inc Cannot access .local file whitelist-common.local: No such file or directory, skipping... Found whitelist-runuser-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-runuser-common.inc Cannot access .local file whitelist-runuser-common.local: No such file or directory, skipping... Found whitelist-usr-share-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-usr-share-common.inc Cannot access .local file whitelist-usr-share-common.local: No such file or directory, skipping... Found whitelist-var-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-var-common.inc Cannot access .local file whitelist-var-common.local: No such file or directory, skipping... [profile] combined protocol list: "unix,inet,inet6" firejail version 0.9.74 pid=164736: locking /run/firejail/firejail-run.lock ... pid=164736: locked /run/firejail/firejail-run.lock DISPLAY=:0 parsed as 0 pid=164736: unlocking /run/firejail/firejail-run.lock ... pid=164736: unlocked /run/firejail/firejail-run.lock xdg-dbus-proxy arg: unix:path=/run/user/1001/bus xdg-dbus-proxy arg: /run/firejail/dbus/1001/164736-user xdg-dbus-proxy arg: --filter xdg-dbus-proxy arg: --talk=org.freedesktop.secrets starting xdg-dbus-proxy sbox exec: /usr/bin/xdg-dbus-proxy --fd=4 --args=5 Dropping all capabilities Drop privileges: pid 164738, uid 1001, gid 1007, force_nogroups 1 No supplementary groups xdg-dbus-proxy initialized Using the local network stack Initializing child process Parent pid 164736, child pid 164741 Host network configured PID namespace installed Mounting tmpfs on /run/firejail/mnt directory Creating an empty trace log file: trace_nheko.txt Bind mount trace_nheko.txt to /run/firejail/mnt/trace Mounting noexec /run/firejail/mnt/trace 426 425 259:2 /home/nreist/trace_nheko.txt /run/firejail/mnt/trace rw,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/nvme0n1p2 rw,discard,stripe=256 mountid=426 fsname=/home/nreist/trace_nheko.txt dir=/run/firejail/mnt/trace fstype=ext4 Creating empty /run/firejail/mnt/seccomp directory Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file IBUS_ADDRESS= IBUS_DAEMON_PID= Build protocol filter: unix,inet,inet6 sbox run: /run/firejail/lib/fseccomp protocol build unix,inet,inet6 /run/firejail/mnt/seccomp/seccomp.protocol Dropping all capabilities Drop privileges: pid 2, uid 1001, gid 1007, force_nogroups 1 No supplementary groups Drop privileges: pid 3, uid 1001, gid 1007, force_nogroups 0 nogroups command not ignored No supplementary groups Mounting /proc filesystem representing the PID namespace Basic read-only filesystem: Mounting read-only /etc 1278 149 259:2 /etc /etc ro,noatime master:1 - ext4 /dev/nvme0n1p2 rw,discard,stripe=256 mountid=1278 fsname=/etc dir=/etc fstype=ext4 Mounting noexec /etc 1279 1278 259:2 /etc /etc ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/nvme0n1p2 rw,discard,stripe=256 mountid=1279 fsname=/etc dir=/etc fstype=ext4 Mounting read-only /var 1280 149 259:2 /var /var ro,noatime master:1 - ext4 /dev/nvme0n1p2 rw,discard,stripe=256 mountid=1280 fsname=/var dir=/var fstype=ext4 Mounting noexec /var 1281 1280 259:2 /var /var ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/nvme0n1p2 rw,discard,stripe=256 mountid=1281 fsname=/var dir=/var fstype=ext4 Mounting read-only /usr 1282 149 259:2 /usr /usr ro,noatime master:1 - ext4 /dev/nvme0n1p2 rw,discard,stripe=256 mountid=1282 fsname=/usr dir=/usr fstype=ext4 Mounting tmpfs on /var/lock Mounting tmpfs on /var/tmp Mounting tmpfs on /var/log Create the new utmp file Mount the new utmp file Cleaning /home directory Cleaning /run/user directory Sanitizing /etc/passwd, UID_MIN 1000 Sanitizing /etc/group, GID_MIN 1000 Disable /home/<user>/.config/firejail Disable /run/firejail/sandbox Disable /run/firejail/network Disable /run/firejail/bandwidth Disable /run/firejail/name Disable /run/firejail/profile Disable /run/firejail/x11 Mounting tmpfs on /dev mounting /run/firejail/mnt/dev/snd directory mounting /run/firejail/mnt/dev/dri directory mounting /run/firejail/mnt/dev/kfd file mounting /run/firejail/mnt/dev/hidraw0 file mounting /run/firejail/mnt/dev/hidraw1 file mounting /run/firejail/mnt/dev/hidraw2 file mounting /run/firejail/mnt/dev/hidraw3 file mounting /run/firejail/mnt/dev/usb directory Process /dev/shm directory Copying files in the new bin directory Checking /usr/local/bin/nheko Checking /usr/bin/nheko sbox run: /run/firejail/lib/fcopy /usr/bin/nheko /run/firejail/mnt/bin Mount-bind /run/firejail/mnt/bin on top of /usr/local/bin Mount-bind /run/firejail/mnt/bin on top of /usr/bin Mount-bind /run/firejail/mnt/bin on top of /bin Mount-bind /run/firejail/mnt/bin on top of /usr/games Mount-bind /run/firejail/mnt/bin on top of /usr/local/games Mount-bind /run/firejail/mnt/bin on top of /usr/local/sbin Mount-bind /run/firejail/mnt/bin on top of /usr/sbin Mount-bind /run/firejail/mnt/bin on top of /sbin 1 program installed in 21.69 ms Generate private-tmp whitelist commands Creating empty /run/firejail/mnt/dbus directory Creating empty /run/firejail/mnt/dbus/user file blacklist /run/user/1001/bus Creating empty /run/firejail/mnt/dbus/system file blacklist /run/dbus/system_bus_socket blacklist /run/firejail/dbus Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Creating a new /etc/hostname file Creating empty /run/firejail/mnt/hostname file Creating a new /etc/hosts file Loading user hosts file Mounting read-only /proc/sys Remounting /sys directory Disable /sys/firmware Disable /sys/power Disable /sys/kernel/debug Disable /sys/kernel/vmcoreinfo Disable /proc/sys/fs/binfmt_misc Disable /proc/sys/kernel/core_pattern Disable /proc/sys/kernel/modprobe Disable /proc/sysrq-trigger Disable /proc/sys/vm/panic_on_oom Disable /proc/irq Disable /proc/bus Disable /proc/timer_list Disable /proc/kcore Disable /proc/kallsyms Disable /usr/lib/modules (requested /lib/modules) Disable /usr/lib/debug Disable /boot Disable /run/user/1001/gnupg Disable /run/user/1001/systemd Disable /proc/kmsg Copying files in the new /etc directory: Copying /etc/alternatives to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/alternatives /run/firejail/mnt/etc/alternatives Warning fcopy: cannot create symbolic link /etc/alternatives/luac Warning fcopy: cannot create symbolic link /etc/alternatives/gs Warning fcopy: cannot create symbolic link /etc/alternatives/ssh-askpass Warning fcopy: cannot create symbolic link /etc/alternatives/ssh_askpass Warning fcopy: cannot create symbolic link /etc/alternatives/bssh_askpass Warning fcopy: cannot create symbolic link /etc/alternatives/lua Warning fcopy: cannot create symbolic link /etc/alternatives/bssh-askpass Warning fcopy: cannot create symbolic link /etc/alternatives/ebtables Warning fcopy: cannot create symbolic link /etc/alternatives/yacc Warning fcopy: cannot create symbolic link /etc/alternatives/brave-browser Copying /etc/fonts to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/fonts /run/firejail/mnt/etc/fonts Warning: file /etc/gcrypt not found. Copying /etc/group to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/group /run/firejail/mnt/etc Copying /etc/ld.so.cache to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/ld.so.cache /run/firejail/mnt/etc Copying /etc/ld.so.conf to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/ld.so.conf /run/firejail/mnt/etc Copying /etc/ld.so.conf.d to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/ld.so.conf.d /run/firejail/mnt/etc/ld.so.conf.d Copying /etc/ld.so.preload to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/ld.so.preload /run/firejail/mnt/etc Warning: file /etc/locale not found. Warning: file /etc/locale.alias not found. Copying /etc/locale.conf to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/locale.conf /run/firejail/mnt/etc Copying /etc/localtime to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/localtime /run/firejail/mnt/etc Error: invalid file type, /etc/login.defs. Error: proc 164736 cannot sync with peer: unexpected EOF Peer 164741 unexpectedly exited with status 1 ``` </details> It appears trace is working, but not for nheko. >Just to make sure, is libc6 glibc? Yes. >So the following should be more complete (files in xdg should already be included by @x11) I tried to modify it in some way that included this and the others I saw in the original `strace` and it didn't make a difference. >This might be unrelated: > >Are you sure that ./configure is still executed with this change? > >https://github.com/OpenMandrivaAssociation/firejail/pull/3/files#diff-b69138d6a781343f782c90ee9289b4524bffe0dad8791807187d529666f1958fL17-L20 >It's very important that ./configure is called so that config.mk is generated >with the proper values. > >Otherwise a lot of things will likely be missing. `autoreconf -fi` should fire off `./configure` and is seen in the build log here: https://file-store.openmandriva.org/api/v1/file_stores/80e0d8c79ea295f90857519a6f1a0fb64da4f6e0.log?show=true Calling `./configure` again can lead to unintended side effects. "Version of Firejail (firejail --version): 0.9.74" I would think this issue would extend to other sandboxed applications but it doesn't. I'm using Brave among other applications without issue. Now that I say that, Steam is also broken. I will try another build of firejail with just `configure` and see if there are any changes.
gitea-mirror commented 2026-05-05 09:57:14 -06:00
Author
Owner
Copy link

@ZeroAbility commented on GitHub (Jul 5, 2025):

./configure was already revised 2 days ago:
41eaf9d566

<!-- gh-comment-id:3040191926 --> @ZeroAbility commented on GitHub (Jul 5, 2025): `./configure` was already revised 2 days ago: https://github.com/OpenMandrivaAssociation/firejail/commit/41eaf9d566b2879dd42294b78055df4435868fc5
gitea-mirror commented 2026-05-05 09:57:15 -06:00
Author
Owner
Copy link

@ZeroAbility commented on GitHub (Jul 5, 2025):

Are UID_MIN and GID_MIN set in /etc/login.defs?

Yes they are.

Does it work if you temporarily do the following?

sudo chown root:root /etc/login.defs
sudo chmod 644 /etc/login.defs

Yes it does.

<!-- gh-comment-id:3040249829 --> @ZeroAbility commented on GitHub (Jul 5, 2025): >Are UID_MIN and GID_MIN set in /etc/login.defs? Yes they are. >Does it work if you temporarily do the following? > >sudo chown root:root /etc/login.defs >sudo chmod 644 /etc/login.defs Yes it does.
gitea-mirror commented 2026-05-05 09:57:15 -06:00
Author
Owner
Copy link

@ZeroAbility commented on GitHub (Jul 5, 2025):

sudo chmod 644 /etc/login.defs

It seems this is sufficient enough to allow nheko to start.

<!-- gh-comment-id:3040272690 --> @ZeroAbility commented on GitHub (Jul 5, 2025): >sudo chmod 644 /etc/login.defs It seems this is sufficient enough to allow nheko to start.
gitea-mirror commented 2026-05-05 09:57:16 -06:00
Author
Owner
Copy link

@kmk3 commented on GitHub (Jul 5, 2025):

So the following should be more complete (files in xdg should already be
included by @X11)

I tried to modify it in some way that included this and the others I saw in
the original strace and it didn't make a difference.

This might be unrelated:
Are you sure that ./configure is still executed with this change?
https://github.com/OpenMandrivaAssociation/firejail/pull/3/files#diff-b69138d6a781343f782c90ee9289b4524bffe0dad8791807187d529666f1958fL17-L20
It's very important that ./configure is called so that config.mk is generated
with the proper values.
Otherwise a lot of things will likely be missing.

autoreconf -fi should fire off ./configure and is seen in the build log
here:

https://file-store.openmandriva.org/api/v1/file_stores/80e0d8c79ea295f90857519a6f1a0fb64da4f6e0.log?show=true

By default it should only generate (but not run) ./configure (and related
files), unless -m is used:

$ rm -f config.mk
$ ls config.mk
ls: cannot access 'config.mk': No such file or directory
$ autoreconf -fi
$ ls config.mk
ls: cannot access 'config.mk': No such file or directory
$ ./configure >/dev/null
$ ls config.mk
config.mk

From autoreconf(1):

DESCRIPTION
       Run 'autoconf' and, when needed, 'aclocal', 'autoheader', 'automake',
       'autopoint' (formerly 'gettextize'), 'libtoolize', 'intltoolize', and
       'gtkdocize' to regenerate the GNU Build System files in specified
       DIRECTORIES and their subdirectories (defaulting to '.').

       By default, it only remakes those files that are older than their
       sources.  If you install new versions of the GNU Build System, you can
       make 'autoreconf' remake all of the files by giving it the '--force'
       option.

[...]
       -m, --make
              when applicable, re-run ./configure && make

Calling ./configure again can lead to unintended side effects.

I agree that ideally it would only be executed once, but in general, all
./configure does is generate the files in AC_CONFIG_FILES (which is
config.mk/config.sh in this project) and also print a few things.

What would be an example of an unintended side effect?

./configure was already revised 2 days ago:
OpenMandrivaAssociation/firejail@41eaf9d

I see, good catch.

I think it would be a good idea to keep both:

%prep
%autosetup -p1
autoreconf -fi
%configure

The autoconf version of the distribution might be more up-to-date and it would
help prevent things like the xz backdoor (see #6316).

"Version of Firejail (firejail --version): 0.9.74"

Can you provide the full output to see which features are enabled by default on
OpenMandriva?

I would think this issue would extend to other sandboxed applications but it
doesn't. I'm using Brave among other applications without issue. Now that I
say that, Steam is also broken. I will try another build of firejail with
just configure and see if there are any changes.

sudo chmod 644 /etc/login.defs

It seems this is sufficient enough to allow nheko to start.

So I suppose that the issue is: private-etc currently has a hard dependency
on /etc/login.defs, which is not world-readable (and thus not readable by
firejail) on OpenMandriva.

This is likely because the private-etc refactor (#6400) added login.defs to the
default group for private-etc.

If so, as a workaround you can either keep /etc/login.defs with file mode 644
or add the following to /etc/firejail/globals.local (or
~/.config/firejail/globals.local):

ignore private-etc

What is the output of the following?

firejail --noprofile --private-etc /bin/true
<!-- gh-comment-id:3040349733 --> @kmk3 commented on GitHub (Jul 5, 2025): > > So the following should be more complete (files in xdg should already be > > included by [@X11](https://github.com/X11)) > > I tried to modify it in some way that included this and the others I saw in > the original `strace` and it didn't make a difference. > > > This might be unrelated: > > Are you sure that ./configure is still executed with this change? > > https://github.com/OpenMandrivaAssociation/firejail/pull/3/files#diff-b69138d6a781343f782c90ee9289b4524bffe0dad8791807187d529666f1958fL17-L20 > > It's very important that ./configure is called so that config.mk is generated > > with the proper values. > > Otherwise a lot of things will likely be missing. > > `autoreconf -fi` should fire off `./configure` and is seen in the build log > here: > > https://file-store.openmandriva.org/api/v1/file_stores/80e0d8c79ea295f90857519a6f1a0fb64da4f6e0.log?show=true By default it should only generate (but not run) `./configure` (and related files), unless `-m` is used: ```console $ rm -f config.mk $ ls config.mk ls: cannot access 'config.mk': No such file or directory $ autoreconf -fi $ ls config.mk ls: cannot access 'config.mk': No such file or directory $ ./configure >/dev/null $ ls config.mk config.mk ``` From `autoreconf(1)`: ``` DESCRIPTION Run 'autoconf' and, when needed, 'aclocal', 'autoheader', 'automake', 'autopoint' (formerly 'gettextize'), 'libtoolize', 'intltoolize', and 'gtkdocize' to regenerate the GNU Build System files in specified DIRECTORIES and their subdirectories (defaulting to '.'). By default, it only remakes those files that are older than their sources. If you install new versions of the GNU Build System, you can make 'autoreconf' remake all of the files by giving it the '--force' option. [...] -m, --make when applicable, re-run ./configure && make ``` > Calling `./configure` again can lead to unintended side effects. I agree that ideally it would only be executed once, but in general, all `./configure` does is generate the files in `AC_CONFIG_FILES` (which is config.mk/config.sh in this project) and also print a few things. What would be an example of an unintended side effect? > `./configure` was already revised 2 days ago: > [OpenMandrivaAssociation/firejail@41eaf9d](https://github.com/OpenMandrivaAssociation/firejail/commit/41eaf9d566b2879dd42294b78055df4435868fc5) I see, good catch. I think it would be a good idea to keep both: ``` %prep %autosetup -p1 autoreconf -fi %configure ``` The autoconf version of the distribution might be more up-to-date and it would help prevent things like the xz backdoor (see #6316). --- > "Version of Firejail (firejail --version): 0.9.74" Can you provide the full output to see which features are enabled by default on OpenMandriva? > I would think this issue would extend to other sandboxed applications but it > doesn't. I'm using Brave among other applications without issue. Now that I > say that, Steam is also broken. I will try another build of firejail with > just `configure` and see if there are any changes. > > sudo chmod 644 /etc/login.defs > > It seems this is sufficient enough to allow nheko to start. So I suppose that the issue is: `private-etc` currently has a hard dependency on /etc/login.defs, which is not world-readable (and thus not readable by firejail) on OpenMandriva. This is likely because the private-etc refactor (#6400) added login.defs to the default group for `private-etc`. If so, as a workaround you can either keep /etc/login.defs with file mode 644 or add the following to /etc/firejail/globals.local (or ~/.config/firejail/globals.local): ``` ignore private-etc ``` What is the output of the following? ```sh firejail --noprofile --private-etc /bin/true ```
gitea-mirror commented 2026-05-05 09:57:16 -06:00
Author
Owner
Copy link

@ZeroAbility commented on GitHub (Jul 5, 2025):

The autoconf version of the distribution might be more up-to-date and it would
help prevent things like the xz backdoor (see https://github.com/netblue30/firejail/discussions/6316).

We weren't affected by that, but we mitigated it anyway.

Here is the full version output:

firejail --version
firejail version 0.9.74

Compile time support:
        - always force nonewprivs support is disabled
        - AppArmor support is disabled
        - AppImage support is enabled
        - chroot support is enabled
        - D-BUS proxy support is enabled
        - file transfer support is enabled
        - IDS support is disabled
        - Landlock support is enabled
        - networking support is enabled
        - output logging is enabled
        - overlayfs support is disabled
        - private-home support is enabled
        - private-lib support is disabled
        - private-cache and tmpfs as user enabled
        - sandbox check is enabled
        - SELinux support is disabled
        - user namespace support is enabled
        - X11 sandboxing support is enabled

So I suppose that the issue is: private-etc currently has a hard dependency
on /etc/login.defs, which is not world-readable (and thus not readable by
firejail) on OpenMandriva.

I am certain that is a security mitigation. Rocky has owners and permissions set as you had me set them.

What is the output of the following?

firejail --noprofile --private-etc /bin/true

firejail --noprofile --private-etc /bin/true
firejail version 0.9.74

Parent pid 178296, child pid 178297
Warning fcopy: cannot create symbolic link /etc/alternatives/bssh-askpass
Private /etc installed in 34.74 ms
Private /usr/etc installed in 0.09 ms
Base filesystem installed in 0.06 ms
Child process initialized in 41.07 ms

Parent is shutting down, bye...
<!-- gh-comment-id:3040456580 --> @ZeroAbility commented on GitHub (Jul 5, 2025): >The autoconf version of the distribution might be more up-to-date and it would help prevent things like the xz backdoor (see https://github.com/netblue30/firejail/discussions/6316). We weren't affected by that, but we mitigated it anyway. Here is the full version output: ``` firejail --version firejail version 0.9.74 Compile time support: - always force nonewprivs support is disabled - AppArmor support is disabled - AppImage support is enabled - chroot support is enabled - D-BUS proxy support is enabled - file transfer support is enabled - IDS support is disabled - Landlock support is enabled - networking support is enabled - output logging is enabled - overlayfs support is disabled - private-home support is enabled - private-lib support is disabled - private-cache and tmpfs as user enabled - sandbox check is enabled - SELinux support is disabled - user namespace support is enabled - X11 sandboxing support is enabled ``` >So I suppose that the issue is: private-etc currently has a hard dependency on /etc/login.defs, which is not world-readable (and thus not readable by firejail) on OpenMandriva. I am certain that is a security mitigation. Rocky has owners and permissions set as you had me set them. >What is the output of the following? > > >``` >firejail --noprofile --private-etc /bin/true >``` ``` firejail --noprofile --private-etc /bin/true firejail version 0.9.74 Parent pid 178296, child pid 178297 Warning fcopy: cannot create symbolic link /etc/alternatives/bssh-askpass Private /etc installed in 34.74 ms Private /usr/etc installed in 0.09 ms Base filesystem installed in 0.06 ms Child process initialized in 41.07 ms Parent is shutting down, bye... ```
gitea-mirror commented 2026-05-05 09:57:16 -06:00
Author
Owner
Copy link

@ZeroAbility commented on GitHub (Jul 5, 2025):

I think it would be a good idea to keep both:

%prep
%autosetup -p1
autoreconf -fi
%configure

Ideally, we will want to get to a point where we can use declarative builds. I will address that in another issue, if needed. We will discuss internally if adding the autoreconf -fi back into the spec is a good path forward since it doesn't seem to need it.

<!-- gh-comment-id:3040457600 --> @ZeroAbility commented on GitHub (Jul 5, 2025): >I think it would be a good idea to keep both: > >``` >%prep >%autosetup -p1 >autoreconf -fi >%configure >``` Ideally, we will want to get to a point where we can use declarative builds. I will address that in another issue, if needed. We will discuss internally if adding the `autoreconf -fi` back into the spec is a good path forward since it doesn't seem to need it.
gitea-mirror commented 2026-05-05 09:57:17 -06:00
Author
Owner
Copy link

@ZeroAbility commented on GitHub (Jul 10, 2025):

To come back to this:

Does it work if you temporarily do the following?

sudo chown root:root /etc/login.defs
sudo chmod 644 /etc/login.defs

I think we would like to keep the permissions as they are, since it could expose things that should not be readable outside the system. Several profiles are referencing the file as part of private-etc which would mean several .local overrides or a potential fix upstream.

@kmk3 what are your thoughts?

<!-- gh-comment-id:3056844944 --> @ZeroAbility commented on GitHub (Jul 10, 2025): To come back to this: >Does it work if you temporarily do the following? > >``` >sudo chown root:root /etc/login.defs >sudo chmod 644 /etc/login.defs >``` I think we would like to keep the permissions as they are, since it could expose things that should not be readable outside the system. Several profiles are referencing the file as part of `private-etc` which would mean several `.local` overrides or a potential fix upstream. @kmk3 what are your thoughts?
gitea-mirror commented 2026-05-05 09:57:17 -06:00
Author
Owner
Copy link

@ZeroAbility commented on GitHub (Jul 16, 2025):

If so, as a workaround you can either keep /etc/login.defs with file mode 644
or add the following to /etc/firejail/globals.local (or
~/.config/firejail/globals.local):

ignore private-etc

This did not work, unfortunately. I did add it to nheko.local and that seems to have worked.

<!-- gh-comment-id:3081791434 --> @ZeroAbility commented on GitHub (Jul 16, 2025): >If so, as a workaround you can either keep /etc/login.defs with file mode 644 or add the following to /etc/firejail/globals.local (or ~/.config/firejail/globals.local): > >``` >ignore private-etc >``` This did not work, unfortunately. I did add it to `nheko.local` and that seems to have worked.
gitea-mirror commented 2026-05-05 09:57:18 -06:00
Author
Owner
Copy link

@kmk3 commented on GitHub (Jul 19, 2025):

So I suppose that the issue is: private-etc currently has a hard dependency
on /etc/login.defs, which is not world-readable (and thus not readable by
firejail) on OpenMandriva.

I am certain that is a security mitigation. Rocky has owners and permissions
set as you had me set them.

What is the output of the following?

firejail --noprofile --private-etc /bin/true

firejail --noprofile --private-etc /bin/true
firejail version 0.9.74

Parent pid 178296, child pid 178297
Warning fcopy: cannot create symbolic link /etc/alternatives/bssh-askpass
Private /etc installed in 34.74 ms
Private /usr/etc installed in 0.09 ms
Base filesystem installed in 0.06 ms
Child process initialized in 41.07 ms

Parent is shutting down, bye...

Strange that it worked.

In that case, I'm not sure what combination is required to cause the issue.

Could you try commenting nheko.profile until you get only the lines that are
needed to reproduce this?

If so, as a workaround you can either keep /etc/login.defs with file mode 644
or add the following to /etc/firejail/globals.local (or
~/.config/firejail/globals.local):

ignore private-etc

This did not work, unfortunately. I did add it to nheko.local and that
seems to have worked.

It should work at least for /etc/firejail/globals.local when using the upstream
nheko.profile.

If you're using a custom profile, make sure to include globals.local in it as
well.

Does it work if you temporarily do the following?

sudo chown root:root /etc/login.defs
sudo chmod 644 /etc/login.defs

I think we would like to keep the permissions as they are, since it could
expose things that should not be readable outside the system.

What do you mean by "outside the system"?

Outside of system accounts?

Several profiles are referencing the file as part of private-etc which
would mean several .local overrides or a potential fix upstream.

what are your thoughts?

Maybe access failure for private-etc could be turned from an error into a
warning.

In the mean time, since access to that file is currently needed for
private-etc, how about adding the user(s) that run firejail into the shadow
group since that is the group that owns login.defs?

Misc: Some profiles mention login.defs and #2877, so it might be related:

<!-- gh-comment-id:3091903541 --> @kmk3 commented on GitHub (Jul 19, 2025): > > So I suppose that the issue is: private-etc currently has a hard dependency > > on /etc/login.defs, which is not world-readable (and thus not readable by > > firejail) on OpenMandriva. > > I am certain that is a security mitigation. Rocky has owners and permissions > set as you had me set them. > > > What is the output of the following? > > > > ``` > > firejail --noprofile --private-etc /bin/true > > ``` > > ``` > firejail --noprofile --private-etc /bin/true > firejail version 0.9.74 > > Parent pid 178296, child pid 178297 > Warning fcopy: cannot create symbolic link /etc/alternatives/bssh-askpass > Private /etc installed in 34.74 ms > Private /usr/etc installed in 0.09 ms > Base filesystem installed in 0.06 ms > Child process initialized in 41.07 ms > > Parent is shutting down, bye... > ``` Strange that it worked. In that case, I'm not sure what combination is required to cause the issue. Could you try commenting nheko.profile until you get only the lines that are needed to reproduce this? > > If so, as a workaround you can either keep /etc/login.defs with file mode 644 > > or add the following to /etc/firejail/globals.local (or > > ~/.config/firejail/globals.local): > > ``` > > ignore private-etc > > ``` > > This did not work, unfortunately. I did add it to `nheko.local` and that > seems to have worked. It should work at least for /etc/firejail/globals.local when using the upstream nheko.profile. If you're using a custom profile, make sure to include globals.local in it as well. > > Does it work if you temporarily do the following? > > > > ``` > > sudo chown root:root /etc/login.defs > > sudo chmod 644 /etc/login.defs > > ``` > > I think we would like to keep the permissions as they are, since it could > expose things that should not be readable outside the system. What do you mean by "outside the system"? Outside of system accounts? > Several profiles are referencing the file as part of `private-etc` which > would mean several `.local` overrides or a potential fix upstream. > > what are your thoughts? Maybe access failure for `private-etc` could be turned from an error into a warning. In the mean time, since access to that file is currently needed for `private-etc`, how about adding the user(s) that run firejail into the shadow group since that is the group that owns login.defs? Misc: Some profiles mention login.defs and #2877, so it might be related: * #2877
gitea-mirror commented 2026-05-05 09:57:18 -06:00
Author
Owner
Copy link

@ZeroAbility commented on GitHub (Jul 19, 2025):

What do you mean by "outside the system"?

Outside of system accounts?

The other permission is all users on the system. They wouldn't really have a need to read /etc/login.defs. From my understanding, other is only slightly more secure than the filesystem permission type "Everyone" on Windows.

In the mean time, since access to that file is currently needed for
private-etc, how about adding the user(s) that run firejail into the shadow
group since that is the group that owns login.defs?

This isn't really recommended, either. There shouldn't be any users with membership in that group. If I'm following the logic, it's to pass down read only defs to the users, but those that would not have to log in (i.e. a guest account) would still be able to read the contents of files with the o=rxx permission set. That should be handled elsewhere and there may be things in the file you don't even want authenticated users to read. It could also be a simple misunderstanding on my part, so forgive me if it is.

If you're using a custom profile, make sure to include globals.local in it as
well.

I will try this again. Is there a way to just exclude /etc/login.defs from private-etc?

<!-- gh-comment-id:3092563288 --> @ZeroAbility commented on GitHub (Jul 19, 2025): >What do you mean by "outside the system"? > >Outside of system accounts? The `other` permission is all users on the system. They wouldn't really have a need to read `/etc/login.defs`. From my understanding, `other` is only slightly more secure than the filesystem permission type "Everyone" on Windows. >In the mean time, since access to that file is currently needed for private-etc, how about adding the user(s) that run firejail into the shadow group since that is the group that owns login.defs? This isn't really recommended, either. There shouldn't be any users with membership in that group. If I'm following the logic, it's to pass down read only defs to the users, but those that would not have to log in (i.e. a guest account) would still be able to read the contents of files with the `o=rxx` permission set. That should be handled elsewhere and there may be things in the file you don't even want authenticated users to read. It could also be a simple misunderstanding on my part, so forgive me if it is. >If you're using a custom profile, make sure to include globals.local in it as well. I will try this again. Is there a way to just exclude `/etc/login.defs` from `private-etc`?
gitea-mirror commented 2026-05-05 09:57:19 -06:00
Author
Owner
Copy link

@kmk3 commented on GitHub (Jul 20, 2025):

What do you mean by "outside the system"? Outside of system accounts?

The other permission is all users on the system. They wouldn't really have
a need to read /etc/login.defs. From my understanding, other is only
slightly more secure than the filesystem permission type "Everyone" on
Windows.

In the mean time, since access to that file is currently needed for
private-etc, how about adding the user(s) that run firejail into the shadow
group since that is the group that owns login.defs?

This isn't really recommended, either. There shouldn't be any users with
membership in that group. If I'm following the logic, it's to pass down read
only defs to the users, but those that would not have to log in (i.e. a guest
account) would still be able to read the contents of files with the o=rxx
permission set.

I'm not sure why you mention other and o=rxx, but there is no need to
change the file permissions, only to add the relevant user to the shadow
group.

That is, only root and users in the shadow group (presumably only a shadow
system user and the user running firejail) would be able to read the file.

That should be handled elsewhere and there may be things in the file you
don't even want authenticated users to read. It could also be a simple
misunderstanding on my part, so forgive me if it is.

IIRC firejail can use information in that file to keep only system users/groups
and supplementary groups in the sandbox while excluding normal users/groups.

It's unfortunate that something as basic as variables for UID_MIN /
UID_MAX, etc are stored in the same file as configuration for login attempts
and type of encryption.

Though those details do not seem all that sensitive to me, at least on a
desktop system and for a user that is allowed to run firejail.

See also:

If you're using a custom profile, make sure to include globals.local in it
as well.

I will try this again. Is there a way to just exclude /etc/login.defs from
private-etc?

Currently no.

But feel free to open a feature request.

<!-- gh-comment-id:3093470936 --> @kmk3 commented on GitHub (Jul 20, 2025): > > What do you mean by "outside the system"? Outside of system accounts? > > The `other` permission is all users on the system. They wouldn't really have > a need to read `/etc/login.defs`. From my understanding, `other` is only > slightly more secure than the filesystem permission type "Everyone" on > Windows. > > > In the mean time, since access to that file is currently needed for > > private-etc, how about adding the user(s) that run firejail into the shadow > > group since that is the group that owns login.defs? > > This isn't really recommended, either. There shouldn't be any users with > membership in that group. If I'm following the logic, it's to pass down read > only defs to the users, but those that would not have to log in (i.e. a guest > account) would still be able to read the contents of files with the `o=rxx` > permission set. I'm not sure why you mention `other` and `o=rxx`, but there is no need to change the file permissions, only to add the relevant user to the `shadow` group. That is, only root and users in the `shadow` group (presumably only a `shadow` system user and the user running firejail) would be able to read the file. > That should be handled elsewhere and there may be things in the file you > don't even want authenticated users to read. It could also be a simple > misunderstanding on my part, so forgive me if it is. IIRC firejail can use information in that file to keep only system users/groups and supplementary groups in the sandbox while excluding normal users/groups. It's unfortunate that something as basic as variables for `UID_MIN` / `UID_MAX`, etc are stored in the same file as configuration for login attempts and type of encryption. Though those details do not seem all that sensitive to me, at least on a desktop system and for a user that is allowed to run firejail. See also: * #5290 > > If you're using a custom profile, make sure to include globals.local in it > > as well. > > I will try this again. Is there a way to just exclude `/etc/login.defs` from > `private-etc`? Currently no. But feel free to open a feature request.
gitea-mirror commented 2026-05-05 09:57:19 -06:00
Author
Owner
Copy link

@ZeroAbility commented on GitHub (Jul 20, 2025):

Perhaps a firejail group would be a good idea. I have no clue if that was mentioned or not. I will try to read the PR you linked when my schedule opens up.

But feel free to open a feature request.

I will consider this, as well.

<!-- gh-comment-id:3094705036 --> @ZeroAbility commented on GitHub (Jul 20, 2025): Perhaps a `firejail` group would be a good idea. I have no clue if that was mentioned or not. I will try to read the PR you linked when my schedule opens up. >But feel free to open a feature request. I will consider this, as well.
gitea-mirror commented 2026-05-05 09:57:19 -06:00
Author
Owner
Copy link

@kmk3 commented on GitHub (Jul 22, 2025):

Perhaps a firejail group would be a good idea. I have no clue if that was
mentioned or not.

Creating a firejail group is possible and is documented in
firejail-users(5):

ALTERNATIVE SOLUTION
       An alternative way of restricting user access to firejail executable is
       to create a special firejail user group and allow only users in this
       group to run the sandbox:

            # addgroup --system firejail
            # chown root:firejail /usr/bin/firejail
            # chmod 4750 /usr/bin/firejail

Though that is intended just for the SUID executable.

I'd imagine that changing group ownership on system files could lead to issues
if for example there are package management hooks or system maintenance
cronjobs that by default operate under system users/groups rather than root
(see also esysusers).

That is, it could probably work but it would likely not be my first suggestion
to users.

<!-- gh-comment-id:3101135551 --> @kmk3 commented on GitHub (Jul 22, 2025): > Perhaps a `firejail` group would be a good idea. I have no clue if that was > mentioned or not. Creating a `firejail` group is possible and is documented in `firejail-users(5)`: ``` ALTERNATIVE SOLUTION An alternative way of restricting user access to firejail executable is to create a special firejail user group and allow only users in this group to run the sandbox: # addgroup --system firejail # chown root:firejail /usr/bin/firejail # chmod 4750 /usr/bin/firejail ``` Though that is intended just for the SUID executable. I'd imagine that changing group ownership on system files could lead to issues if for example there are package management hooks or system maintenance cronjobs that by default operate under system users/groups rather than root (see also esysusers). That is, it could probably work but it would likely not be my first suggestion to users.
gitea-mirror commented 2026-05-05 09:57:20 -06:00
Author
Owner
Copy link

@davidebeatrici commented on GitHub (Mar 7, 2026):

I propose to add a configuration setting that allows to set uid_min and gid_min explicitly.

<!-- gh-comment-id:4017495699 --> @davidebeatrici commented on GitHub (Mar 7, 2026): I propose to add a configuration setting that allows to set `uid_min` and `gid_min` explicitly.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#3377
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?