Firejail: ktorrent 5.1.0 doesn't run with firejail 0.9.52
ktorrent --version
ktorrent 5.1.0
firejail --version
firejail version 0.9.52
Compile time support:
- AppArmor support is disabled
- AppImage support is enabled
- bind support is enabled
- chroot support is enabled
- file and directory whitelisting support is enabled
- file transfer support is enabled
- git install support is disabled
- networking support is enabled
- overlayfs support is enabled
- private-home support is enabled
- seccomp-bpf support is enabled
- user namespace support is enabled
- X11 sandboxing support is enabled
Artix distro: https://artixlinux.org/
firejail --debug ktorrent
Autoselecting /bin/bash as shell
Building quoted command line: 'ktorrent'
Command name #ktorrent#
Found ktorrent profile in /etc/firejail directory
Reading profile /etc/firejail/ktorrent.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Username test, groups 1002,
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
DISPLAY=:0 parsed as 0
Using the local network stack
Parent pid 23083, child pid 23085
Initializing child process
Host network configured
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp.postexec file
Build protocol filter: unix,inet,inet6
sbox run: /usr/lib/firejail/fseccomp protocol build unix,inet,inet6 /run/firejail/mnt/seccomp.protocol (null)
sbox file descriptors:
total 0
lrwx------ 1 test test 64 Jan 10 21:19 0 -> /dev/null
lrwx------ 1 test test 64 Jan 10 21:19 1 -> /dev/pts/5
lrwx------ 1 test test 64 Jan 10 21:19 2 -> /dev/pts/5
lrwx------ 1 test test 64 Jan 10 21:19 20 -> 'socket:[1279746]'
lrwx------ 1 test test 64 Jan 10 21:19 26 -> 'socket:[1279757]'
lr-x------ 1 test test 64 Jan 10 21:19 3 -> /proc/23088/fd
Dropping all capabilities
Username test, no supplementary groups
Mounting read-only /bin, /sbin, /lib, /lib32, /lib64, /usr, /etc, /var
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Create the new utmp file
Mount the new utmp file
Generating a new machine-id
installing a new /etc/machine-id
Cleaning /home directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/x11
Mounting tmpfs on /dev
Create /dev/shm directory
Copying files in the new bin directory
Checking /usr/local/bin/ktorrent
Checking /usr/bin/ktorrent
sbox run: /usr/lib/firejail/fcopy /usr/bin/ktorrent /run/firejail/mnt/bin (null)
sbox file descriptors:
total 0
lrwx------ 1 test test 64 Jan 10 21:19 0 -> /dev/null
lrwx------ 1 test test 64 Jan 10 21:19 1 -> /dev/pts/5
lrwx------ 1 test test 64 Jan 10 21:19 2 -> /dev/pts/5
lrwx------ 1 test test 64 Jan 10 21:19 20 -> 'socket:[1279746]'
lrwx------ 1 test test 64 Jan 10 21:19 26 -> 'socket:[1279757]'
lr-x------ 1 test test 64 Jan 10 21:19 3 -> /proc/23090/fd
Checking /usr/local/bin/kbuildsycoca4
Checking /usr/bin/kbuildsycoca4
Checking /bin/kbuildsycoca4
Checking /usr/games/kbuildsycoca4
Checking /usr/local/games/kbuildsycoca4
Checking /usr/local/sbin/kbuildsycoca4
Checking /usr/sbin/kbuildsycoca4
Checking /sbin/kbuildsycoca4
Warning: file kbuildsycoca4 not found
Checking /usr/local/bin/kdeinit4
Checking /usr/bin/kdeinit4
Checking /bin/kdeinit4
Checking /usr/games/kdeinit4
Checking /usr/local/games/kdeinit4
Checking /usr/local/sbin/kdeinit4
Checking /usr/sbin/kdeinit4
Checking /sbin/kdeinit4
Warning: file kdeinit4 not found
Mount-bind /run/firejail/mnt/bin on top of /usr/local/bin
Mount-bind /run/firejail/mnt/bin on top of /usr/bin
Mount-bind /run/firejail/mnt/bin on top of /bin
Mount-bind /run/firejail/mnt/bin on top of /usr/local/games
Mount-bind /run/firejail/mnt/bin on top of /usr/local/sbin
Mount-bind /run/firejail/mnt/bin on top of /usr/sbin
Mount-bind /run/firejail/mnt/bin on top of /sbin
Remounting /proc and /proc/sys filesystems
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/module
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/config.gz
Disable /proc/sched_debug
Disable /proc/timer_list
Disable /proc/kallsyms
Disable /usr/lib/modules (requested /lib/modules)
Disable /boot
Disable /run/user/1002/gnupg
Disable /run/user/1002/systemd
Disable /proc/kmsg
Downloads directory resolved as "/home/test/Downloads"
Debug 393: new_name #/home/test/Downloads#, whitelist
Debug 480: fname #/home/test/Downloads#, cfg.homedir #/home/test#
Replaced whitelist path: whitelist /home/test/Downloads
Debug 393: new_name #/home/test/.config/ktorrentrc#, whitelist
Debug 480: fname #/home/test/.config/ktorrentrc#, cfg.homedir #/home/test#
Replaced whitelist path: whitelist /home/test/.config/ktorrentrc
Debug 393: new_name #/home/test/.kde/share/apps/ktorrent#, whitelist
Debug 480: fname #/home/test/.kde/share/apps/ktorrent#, cfg.homedir #/home/test#
Replaced whitelist path: whitelist /home/test/.kde/share/apps/ktorrent
Debug 393: new_name #/home/test/.kde/share/config/ktorrentrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/ktorrentrc
expanded: /home/test/.kde/share/config/ktorrentrc
real path: (null)
realpath: No such file or directory
Debug 393: new_name #/home/test/.kde4/share/apps/ktorrent#, whitelist
Debug 480: fname #/home/test/.kde4/share/apps/ktorrent#, cfg.homedir #/home/test#
Replaced whitelist path: whitelist /home/test/.kde4/share/apps/ktorrent
Debug 393: new_name #/home/test/.kde4/share/config/ktorrentrc#, whitelist
Debug 480: fname #/home/test/.kde4/share/config/ktorrentrc#, cfg.homedir #/home/test#
Replaced whitelist path: whitelist /home/test/.kde4/share/config/ktorrentrc
Debug 393: new_name #/home/test/.local/share/ktorrent#, whitelist
Debug 480: fname #/home/test/.local/share/ktorrent#, cfg.homedir #/home/test#
Replaced whitelist path: whitelist /home/test/.local/share/ktorrent
Debug 393: new_name #/home/test/.XCompose#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.XCompose
expanded: /home/test/.XCompose
real path: (null)
realpath: No such file or directory
Debug 393: new_name #/home/test/.asoundrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.asoundrc
expanded: /home/test/.asoundrc
real path: (null)
realpath: No such file or directory
Debug 393: new_name #/home/test/.config/ibus#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/ibus
expanded: /home/test/.config/ibus
real path: (null)
realpath: No such file or directory
Debug 393: new_name #/home/test/.config/mimeapps.list#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/mimeapps.list
expanded: /home/test/.config/mimeapps.list
real path: (null)
realpath: No such file or directory
Debug 393: new_name #/home/test/.config/pkcs11#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/pkcs11
expanded: /home/test/.config/pkcs11
real path: (null)
realpath: No such file or directory
Debug 393: new_name #/home/test/.config/user-dirs.dirs#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/user-dirs.dirs
expanded: /home/test/.config/user-dirs.dirs
real path: (null)
realpath: No such file or directory
Debug 393: new_name #/home/test/.drirc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.drirc
expanded: /home/test/.drirc
real path: (null)
realpath: No such file or directory
Debug 393: new_name #/home/test/.icons#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.icons
expanded: /home/test/.icons
real path: (null)
realpath: No such file or directory
Debug 393: new_name #/home/test/.local/share/applications#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/applications
expanded: /home/test/.local/share/applications
real path: (null)
realpath: No such file or directory
Debug 393: new_name #/home/test/.local/share/icons#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/icons
expanded: /home/test/.local/share/icons
real path: (null)
realpath: No such file or directory
Debug 393: new_name #/home/test/.local/share/mime#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/mime
expanded: /home/test/.local/share/mime
real path: (null)
realpath: No such file or directory
Debug 393: new_name #/home/test/.mime.types#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.mime.types
expanded: /home/test/.mime.types
real path: (null)
realpath: No such file or directory
Debug 393: new_name #/home/test/.cache/fontconfig#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.cache/fontconfig
expanded: /home/test/.cache/fontconfig
real path: (null)
realpath: No such file or directory
Debug 393: new_name #/home/test/.config/fontconfig#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/fontconfig
expanded: /home/test/.config/fontconfig
real path: (null)
realpath: No such file or directory
Debug 393: new_name #/home/test/.fontconfig#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fontconfig
expanded: /home/test/.fontconfig
real path: (null)
realpath: No such file or directory
Debug 393: new_name #/home/test/.fonts#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts
expanded: /home/test/.fonts
real path: (null)
realpath: No such file or directory
Debug 393: new_name #/home/test/.fonts.conf#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf
expanded: /home/test/.fonts.conf
real path: (null)
realpath: No such file or directory
Debug 393: new_name #/home/test/.fonts.conf.d#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf.d
expanded: /home/test/.fonts.conf.d
real path: (null)
realpath: No such file or directory
Debug 393: new_name #/home/test/.fonts.d#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.d
expanded: /home/test/.fonts.d
real path: (null)
realpath: No such file or directory
Debug 393: new_name #/home/test/.local/share/fonts#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/fonts
expanded: /home/test/.local/share/fonts
real path: (null)
realpath: No such file or directory
Debug 393: new_name #/home/test/.pangorc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.pangorc
expanded: /home/test/.pangorc
real path: (null)
realpath: No such file or directory
Debug 393: new_name #/home/test/.config/gtk-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtk-2.0
expanded: /home/test/.config/gtk-2.0
real path: (null)
realpath: No such file or directory
Debug 393: new_name #/home/test/.config/gtk-3.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtk-3.0
expanded: /home/test/.config/gtk-3.0
real path: (null)
realpath: No such file or directory
Debug 393: new_name #/home/test/.config/gtkrc#, whitelist
Debug 480: fname #/home/test/.config/gtkrc#, cfg.homedir #/home/test#
Replaced whitelist path: whitelist /home/test/.config/gtkrc
Debug 393: new_name #/home/test/.config/gtkrc-2.0#, whitelist
Debug 480: fname #/home/test/.config/gtkrc-2.0#, cfg.homedir #/home/test#
Replaced whitelist path: whitelist /home/test/.config/gtkrc-2.0
Debug 393: new_name #/home/test/.gnome2#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2
expanded: /home/test/.gnome2
real path: (null)
realpath: No such file or directory
Debug 393: new_name #/home/test/.gnome2-private#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2-private
expanded: /home/test/.gnome2-private
real path: (null)
realpath: No such file or directory
Debug 393: new_name #/home/test/.gtk-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtk-2.0
expanded: /home/test/.gtk-2.0
real path: (null)
realpath: No such file or directory
Debug 393: new_name #/home/test/.gtkrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtkrc
expanded: /home/test/.gtkrc
real path: (null)
realpath: No such file or directory
Debug 393: new_name #/home/test/.gtkrc-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtkrc-2.0
expanded: /home/test/.gtkrc-2.0
real path: (null)
realpath: No such file or directory
Debug 393: new_name #/home/test/.kde/share/config/gtkrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc
expanded: /home/test/.kde/share/config/gtkrc
real path: (null)
realpath: No such file or directory
Debug 393: new_name #/home/test/.kde/share/config/gtkrc-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc-2.0
expanded: /home/test/.kde/share/config/gtkrc-2.0
real path: (null)
realpath: No such file or directory
Debug 393: new_name #/home/test/.kde4/share/config/gtkrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc
expanded: /home/test/.kde4/share/config/gtkrc
real path: (null)
realpath: No such file or directory
Debug 393: new_name #/home/test/.kde4/share/config/gtkrc-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc-2.0
expanded: /home/test/.kde4/share/config/gtkrc-2.0
real path: (null)
realpath: No such file or directory
Debug 393: new_name #/home/test/.local/share/themes#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/themes
expanded: /home/test/.local/share/themes
real path: (null)
realpath: No such file or directory
Debug 393: new_name #/home/test/.themes#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.themes
expanded: /home/test/.themes
real path: (null)
realpath: No such file or directory
Debug 393: new_name #/home/test/.config/dconf#, whitelist
Debug 480: fname #/home/test/.config/dconf#, cfg.homedir #/home/test#
Replaced whitelist path: whitelist /home/test/.config/dconf
Debug 393: new_name #/home/test/.config/Trolltech.conf#, whitelist
Debug 480: fname #/home/test/.config/Trolltech.conf#, cfg.homedir #/home/test#
Replaced whitelist path: whitelist /home/test/.config/Trolltech.conf
Debug 393: new_name #/home/test/.config/kdeglobals#, whitelist
Debug 480: fname #/home/test/.config/kdeglobals#, cfg.homedir #/home/test#
Replaced whitelist path: whitelist /home/test/.config/kdeglobals
Debug 393: new_name #/home/test/.config/kioslaverc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kioslaverc
expanded: /home/test/.config/kioslaverc
real path: (null)
realpath: No such file or directory
Debug 393: new_name #/home/test/.config/qt5ct#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/qt5ct
expanded: /home/test/.config/qt5ct
real path: (null)
realpath: No such file or directory
Debug 393: new_name #/home/test/.kde/share/config/kdeglobals#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kdeglobals
expanded: /home/test/.kde/share/config/kdeglobals
real path: (null)
realpath: No such file or directory
Debug 393: new_name #/home/test/.kde/share/config/kioslaverc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kioslaverc
expanded: /home/test/.kde/share/config/kioslaverc
real path: (null)
realpath: No such file or directory
Debug 393: new_name #/home/test/.kde/share/config/oxygenrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/oxygenrc
expanded: /home/test/.kde/share/config/oxygenrc
real path: (null)
realpath: No such file or directory
Debug 393: new_name #/home/test/.kde/share/icons#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/icons
expanded: /home/test/.kde/share/icons
real path: (null)
realpath: No such file or directory
Debug 393: new_name #/home/test/.kde4/share/config/kdeglobals#, whitelist
Debug 480: fname #/home/test/.kde4/share/config/kdeglobals#, cfg.homedir #/home/test#
Replaced whitelist path: whitelist /home/test/.kde4/share/config/kdeglobals
Debug 393: new_name #/home/test/.kde4/share/config/kioslaverc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kioslaverc
expanded: /home/test/.kde4/share/config/kioslaverc
real path: (null)
realpath: No such file or directory
Debug 393: new_name #/home/test/.kde4/share/config/oxygenrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/oxygenrc
expanded: /home/test/.kde4/share/config/oxygenrc
real path: (null)
realpath: No such file or directory
Debug 393: new_name #/home/test/.kde4/share/icons#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/icons
expanded: /home/test/.kde4/share/icons
real path: (null)
realpath: No such file or directory
Debug 393: new_name #/var/lib/dbus#, whitelist
Debug 393: new_name #/var/lib/menu-xdg#, whitelist
Removed whitelist/nowhitelist path: whitelist /var/lib/menu-xdg
expanded: /var/lib/menu-xdg
real path: (null)
realpath: No such file or directory
Debug 393: new_name #/var/cache/fontconfig#, whitelist
Debug 393: new_name #/var/tmp#, whitelist
Debug 393: new_name #/var/run#, whitelist
Replaced whitelist path: whitelist /run
Debug 393: new_name #/var/lock#, whitelist
Replaced whitelist path: whitelist /run/lock
Debug 393: new_name #/tmp/.X11-unix#, whitelist
Username test, groups 1002,
Mounting a new /home directory
Mounting a new /root directory
Create a new user directory
Username test, groups 1002,
Username test, groups 1002,
Mounting tmpfs on /tmp directory
Mounting tmpfs on /var directory
Whitelisting /home/test/Downloads
Whitelisting /home/test/.config/ktorrentrc
Whitelisting /home/test/.kde/share/apps/ktorrent
Whitelisting /home/test/.kde4/share/apps/ktorrent
Whitelisting /home/test/.kde4/share/config/ktorrentrc
Whitelisting /home/test/.local/share/ktorrent
Whitelisting /home/test/.config/gtkrc
Whitelisting /home/test/.config/gtkrc-2.0
Whitelisting /home/test/.config/dconf
Whitelisting /home/test/.config/Trolltech.conf
Whitelisting /home/test/.config/kdeglobals
Whitelisting /home/test/.kde4/share/config/kdeglobals
Whitelisting /var/lib/dbus
Whitelisting /var/cache/fontconfig
Whitelisting /var/tmp
Created symbolic link /var/run -> /run
Created symbolic link /var/lock -> /run/lock
Whitelisting /tmp/.X11-unix
Disable /etc/xdg/autostart
Mounting read-only /home/test/.config/kdeglobals
Mounting read-only /home/test/.kde4/share/config/kdeglobals
Disable /run/user/1002/kdeinit5__0
Disable /run/user/1000/kdeinit5__2
Disable /run/acpid.socket (requested /var/run/acpid.socket)
Disable /etc/profile.d
Disable /etc/grub.d
Disable /etc/dkms
Disable /etc/logrotate.conf
Disable /etc/logrotate.d
Mounting read-only /home/test/.bashrc
Disable /etc/group-
Disable /etc/gshadow
Disable /etc/gshadow-
Disable /etc/passwd-
Disable /etc/shadow
Disable /etc/shadow-
Disable /etc/ssh
Warning: /sbin directory link was not blacklisted
Disable /usr/local/sbin
Warning: /usr/sbin directory link was not blacklisted
Disable /usr/lib/virtualbox
Disable /usr/lib/virtualbox (requested /usr/lib64/virtualbox)
Mounting noexec /tmp/.X11-unix
Disable /usr/include
Disable /usr/lib/perl5
Disable /usr/share/perl5
Not blacklist /home/test/.config/ktorrentrc
Not blacklist /home/test/.kde/share/apps/ktorrent
Not blacklist /home/test/.kde/share/config/ktorrentrc
Not blacklist /home/test/.kde4/share/apps/ktorrent
Not blacklist /home/test/.kde4/share/config/ktorrentrc
Not blacklist /home/test/.local/share/ktorrent
Username test, groups 1002,
Mounting noexec /home/test
Mounting noexec /tmp
Disable /sys/fs
disable pulseaudio
disable /dev/snd
disable /dev/dri
disable /dev/nvidia0
disable /dev/nvidia1
disable /dev/nvidia2
disable /dev/nvidia3
disable /dev/nvidia4
disable /dev/nvidia5
disable /dev/nvidia6
disable /dev/nvidia7
disable /dev/nvidia8
disable /dev/nvidia9
disable /dev/nvidiactl
disable /dev/nvidia-modeset
disable /dev/nvidia-uvm
disable /dev/dvb
disable /dev/sr0
disable /dev/video0
disable /dev/video1
disable /dev/video2
disable /dev/video3
disable /dev/video4
disable /dev/video5
disable /dev/video6
disable /dev/video7
disable /dev/video8
disable /dev/video9
Current directory: /home/test
DISPLAY=:0 parsed as 0
Dropping all capabilities
Install protocol filter: unix,inet,inet6
configuring 14 seccomp entries in /run/firejail/mnt/seccomp.protocol
sbox run: /usr/lib/firejail/fseccomp print /run/firejail/mnt/seccomp.protocol (null)
sbox file descriptors:
Dropping all capabilities
Username test, no supplementary groups
SECCOMP Filter
VALIDATE_ARCHITECTURE_64
EXAMINE_SYSCALL
WHITELIST 41 socket
UNKNOWN ENTRY 20!
WHITELIST 1 write
WHITELIST 2 open
WHITELIST 10 mprotect
RETURN_ERRNO 95 EOPNOTSUPP
configuring 101 seccomp entries in /run/firejail/mnt/seccomp.32
sbox run: /usr/lib/firejail/fseccomp print /run/firejail/mnt/seccomp.32 (null)
sbox file descriptors:
Dropping all capabilities
Username test, no supplementary groups
SECCOMP Filter
VALIDATE_ARCHITECTURE_32
EXAMINE_SYSCALL
BLACKLIST 21 access
BLACKLIST 52 getpeername
BLACKLIST 26 msync
BLACKLIST 283 timerfd_create
BLACKLIST 341 unknown
BLACKLIST 342 unknown
BLACKLIST 127 rt_sigpending
BLACKLIST 128 rt_sigtimedwait
BLACKLIST 350 unknown
BLACKLIST 129 rt_sigqueueinfo
BLACKLIST 110 getppid
BLACKLIST 101 ptrace
BLACKLIST 289 signalfd4
BLACKLIST 87 unlink
BLACKLIST 115 getgroups
BLACKLIST 103 syslog
BLACKLIST 347 unknown
BLACKLIST 348 unknown
BLACKLIST 135 personality
BLACKLIST 149 mlock
BLACKLIST 124 getsid
BLACKLIST 343 unknown
BLACKLIST 253 inotify_init
BLACKLIST 336 unknown
BLACKLIST 338 unknown
BLACKLIST 349 unknown
BLACKLIST 286 timerfd_settime
BLACKLIST 287 timerfd_gettime
BLACKLIST 288 accept4
BLACKLIST 86 link
BLACKLIST 51 getsockname
BLACKLIST 123 setfsgid
BLACKLIST 217 getdents64
BLACKLIST 245 mq_getsetattr
BLACKLIST 246 kexec_load
BLACKLIST 247 waitid
BLACKLIST 248 add_key
BLACKLIST 249 request_key
BLACKLIST 257 openat
BLACKLIST 274 get_robust_list
BLACKLIST 276 tee
BLACKLIST 294 inotify_init1
BLACKLIST 317 seccomp
BLACKLIST 316 renameat2
BLACKLIST 61 wait4
BLACKLIST 88 symlink
BLACKLIST 169 reboot
BLACKLIST 130 rt_sigsuspend
RETURN_ALLOW
Dual 32/64 bit seccomp filter configured
configuring 138 seccomp entries in /run/firejail/mnt/seccomp
sbox run: /usr/lib/firejail/fseccomp print /run/firejail/mnt/seccomp (null)
sbox file descriptors:
Dropping all capabilities
Username test, no supplementary groups
SECCOMP Filter
VALIDATE_ARCHITECTURE
EXAMINE_SYSCALL
HANDLE_X32
BLACKLIST 154 modify_ldt
BLACKLIST 212 lookup_dcookie
BLACKLIST 298 perf_event_open
BLACKLIST 311 process_vm_writev
BLACKLIST 156 _sysctl
BLACKLIST 183 afs_syscall
BLACKLIST 174 create_module
BLACKLIST 177 get_kernel_syms
BLACKLIST 181 getpmsg
BLACKLIST 182 putpmsg
BLACKLIST 178 query_module
BLACKLIST 185 security
BLACKLIST 139 sysfs
BLACKLIST 184 tuxcall
BLACKLIST 134 uselib
BLACKLIST 136 ustat
BLACKLIST 236 vserver
BLACKLIST 159 adjtimex
BLACKLIST 305 clock_adjtime
BLACKLIST 227 clock_settime
BLACKLIST 164 settimeofday
BLACKLIST 176 delete_module
BLACKLIST 313 finit_module
BLACKLIST 175 init_module
BLACKLIST 173 ioperm
BLACKLIST 172 iopl
BLACKLIST 246 kexec_load
BLACKLIST 320 kexec_file_load
BLACKLIST 169 reboot
BLACKLIST 167 swapon
BLACKLIST 168 swapoff
BLACKLIST 163 acct
BLACKLIST 321 bpf
BLACKLIST 161 chroot
BLACKLIST 165 mount
BLACKLIST 180 nfsservctl
BLACKLIST 155 pivot_root
BLACKLIST 171 setdomainname
BLACKLIST 170 sethostname
BLACKLIST 166 umount2
BLACKLIST 153 vhangup
BLACKLIST 238 set_mempolicy
BLACKLIST 256 migrate_pages
BLACKLIST 279 move_pages
BLACKLIST 237 mbind
BLACKLIST 304 open_by_handle_at
BLACKLIST 303 name_to_handle_at
BLACKLIST 251 ioprio_set
BLACKLIST 103 syslog
BLACKLIST 300 fanotify_init
BLACKLIST 312 kcmp
BLACKLIST 248 add_key
BLACKLIST 249 request_key
BLACKLIST 250 keyctl
BLACKLIST 206 io_setup
BLACKLIST 207 io_destroy
BLACKLIST 208 io_getevents
BLACKLIST 209 io_submit
BLACKLIST 210 io_cancel
BLACKLIST 216 remap_file_pages
BLACKLIST 278 vmsplice
BLACKLIST 135 personality
BLACKLIST 323 userfaultfd
BLACKLIST 101 ptrace
BLACKLIST 310 process_vm_readv
RETURN_ALLOW
seccomp filter configured
Seccomp files:
noroot user namespace installed
Dropping all capabilities
NO_NEW_PRIVS set
starting application
LD_PRELOAD=(null)
execvp argument 0: ktorrent
Child process initialized in 74.21 ms
Searching $PATH for ktorrent
trying #/usr/local/sbin/ktorrent#
trying #/usr/local/bin/ktorrent#
Installing /run/firejail/mnt/seccomp seccomp filter
Installing /run/firejail/mnt/seccomp.32 seccomp filter
Installing /run/firejail/mnt/seccomp.protocol seccomp filter
monitoring pid 17
"Session bus not found\nTo circumvent this problem try the following command (with Linux and bash)\nexport $(dbus-launch)"
Sandbox monitor: waitpid 17 retval 17 status 256
Parent is shutting down, bye...
paolomi
All 17 comments
Do you also see it with firejail --whitelist=~/.dbus/session-bus ktorrent?
What is the output of echo $DBUS_SESSION_BUS_ADDRESS?
smitsohu
on 11 Jan 2018
$DBUS_SESSION_BUS_ADDRESS is empty and ktorrent doesn't run with the option --whitelist=~/.dbus/session-bus
paolomi
on 11 Jan 2018
Can you please run pgrep -a -U $USER dbus-daemon in order to see if there is a session bus? Firejail tends to assume that a session bus is already present.
smitsohu
on 11 Jan 2018
ok, it returns:
4707 /usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session
paolomi
on 11 Jan 2018
Interesting. But ktorrent does start properly without Firejail? Does it work with: firejail --noprofile ktorrent?
smitsohu
on 11 Jan 2018
ktorrent runs properly without Firejail
WOW! Now ktorrent runs properly with firejail --noprofile ktorrent
Many Thanks! :-)
should I have to close this bug?
paolomi
on 12 Jan 2018
No, since this means there is a problem with the profile! :grinning: This is the fun part :wink:
chiraag-nataraj
on 12 Jan 2018
Okular doesn't work with firejail either:
mprotect failed in ExecutableAllocator::makeExecutable: Access denied
*** stack smashing detected ***: <unknown> terminated
System: latest manjaro with kde.
ghost
on 13 Jan 2018
Oh, this must be the same QT bug. Try the solution here.
chiraag-nataraj
on 13 Jan 2018
Thanks! :-) okular now run with "env QML_DISABLE_DISK_CACHE=1"
but ktorrent still needs --noprofile otherwise it doesn't run
paolomi
on 13 Jan 2018
Hmm, okay. Yeah, the ktorrent thing is unrelated to the bug you had with okular. Can you try commenting out everything and slowly uncommenting things until it breaks? Unfortunately, I don't use ktorrent, otherwise I'd try it on this end.
chiraag-nataraj
on 13 Jan 2018
I've commented out the line:
private-bin ktorrent,kbuildsycoca4,kdeinit4
Now the graphical interface runs, but ktorrent can't connect to the net. This is the log:
Sat Jan 13 20:00:31 2018: Doing tracker request to url (via KIO): http://linuxtracker.org:2710/00000000000000000000000000000000/announce?peer_id=-KT50DV-fKCnFwq3boPQ&port=6881&uploaded=0&downloaded=0&left=2067005440&compact=1&numwant=200&key=1639836521&event=started&info_hash=%96%ABA%B0%8B%B8e%D8?%2B?U%AC%88j%03J%C0
Sat Jan 13 20:00:31 2018: Failed to suppress sleeping
kdeinit5: Aborting. bind() failed: Address already in use
Could not bind to socket '/run/user/1002/kdeinit5__0'
trying to load "/usr/lib/qt/plugins/kf5/kio/http.so" from "/usr/lib/qt/plugins/kf5/kio/http.so"
Sat Jan 13 20:00:31 2018: Error : The file or folder does not exist.
Sat Jan 13 20:00:31 2018: Selected tracker http://linuxtracker.org:2710/00000000000000000000000000000000/announce (tier = 1)
Sat Jan 13 20:00:31 2018: Qt Warning: Couldn't write "/home/test/.config/ktorrentrc" . Disk full?
Warning: Couldn't write "/home/test/.config/ktorrentrc" . Disk full?
Sat Jan 13 20:00:41 2018: Piece cache: memory in use 576.00 KiB, memory freed 0 B
Sat Jan 13 20:00:51 2018: Piece cache: memory in use 576.00 KiB, memory freed 0 B
Sat Jan 13 20:01:01 2018: Piece cache: memory in use 576.00 KiB, memory freed 0 B
Sat Jan 13 20:01:01 2018: Doing tracker request to url (via KIO): http://linuxtracker.org:2710/00000000000000000000000000000000/announce?pe
er_id=-KT50DV-fKCnFwq3boPQ&port=6881&uploaded=0&downloaded=0&left=2067005440&compact=1&numwant=200&key=1639836521&event=started&info_hash=%96%ABA%B0%8B%B8e%D8?%2B?U%AC%88j%03J%C0
Sat Jan 13 20:01:01 2018: Error : The file or folder does not exist.
Sat Jan 13 20:01:01 2018: Selected tracker http://linuxtracker.org:2710/00000000000000000000000000000000/announce (tier = 1)
Sat Jan 13 20:01:11 2018: Piece cache: memory in use 576.00 KiB, memory freed 0 B
paolomi
on 13 Jan 2018
@paolomi Thanks for your help in debugging this! What probably works, as a temporary solution, is commenting the whole whitelisting block in /etc/firejail/ktorrent.profile, like so:
# whitelist ${DOWNLOADS}
# whitelist ${HOME}/.config/ktorrentrc
# whitelist ${HOME}/.kde/share/apps/ktorrent
# whitelist ${HOME}/.kde/share/config/ktorrentrc
# whitelist ${HOME}/.kde4/share/apps/ktorrent
# whitelist ${HOME}/.kde4/share/config/ktorrentrc
# whitelist ${HOME}/.local/share/ktorrent
# include /etc/firejail/whitelist-common.inc
# include /etc/firejail/whitelist-var-common.inc
But before doing this, could you please give firejail --whitelist=~/.cache ktorrent a try?
smitsohu
on 13 Jan 2018
I've tried "firejail --whitelist=~/.cache ktorrent" but it doesn't work
Commenting out your whole whitelisting block (and line "private-bin ktorrent,kbuildsycoca4,kdeinit4"), now ktorrent runs correctly!! Many thanks! :-)
paolomi
on 14 Jan 2018
Doing QML_DISABLE_DISK_CACHE=1 and QTWEBENGINE_DISABLE_SANDBOX=1 by default (hardcoded).
commit: https://github.com/netblue30/firejail/commit/1e7045b55cc1e189dba6d9ed21c05c90663f3736
@paolomi remove "env QML_DISABLE_DISK_CACHE=1" from your profile and try the latest version from git - we set it by default now, since it affects several Qt programs. Let me know if you still see the problem.
netblue30
on 18 Jan 2018
@netblue30
it works, no issues found.
paolomi
on 23 Jan 2018
Thanks @paolomi
netblue30
on 3 Feb 2018
Related issues
Vincent43
路
3Comments
bryce-lynch
路
4Comments
ghost
路
3Comments
SkewedZeppelin
路
3Comments
francoism90
路
4Comments
Most helpful comment
@netblue30
it works, no issues found.