Bonsoir
Ma Question :
Comment lancer torbrowser dans firejail autrement que avec le parametre --noprofile?
Je présume qu'un accès nécéssaire a Tor est désabilité ou blacklisté dans firejail/default.profile mais lequel?
Avant de poster ici j'ai fait de nombreuses recherche et RTFM de firejail.
Je n'ai pas compris l'intéret a utiliser firejail --noprofile puisque ce paramètre rend inutile les configurations stockée dans /etc/firejail/default.profile.
Des rapports de bugs plutot anciens (2017-2018) sur des disfonctionnement de Tor avec FireJail ne m'ont pas permis de trouver la solution et ne décrivaient pas le meme problème.
Avant Propos :
A_ actuellement
firejail --noprofile ./Browser/start-tor-browser.desktop fonctionne correctement
B_
firejail firefox ou autre programme fonctionne correctement
donc avec le profil par défaut comme minimum
C_ connexion internet en wifi fonctionnelle lors des tentatives de lancer tor avec firejail
D_ Le vpn est désactivé
E_ apparmor est activé et ne gene pas le lancement des autres programmes dans firejail
F_ mon Lubuntu18.04 est a jour et je ne souhaite pas passer sous 20.04 pour l instant
G_ dmesg renvoie le meme message d'information a chaque lancement de Tor que ce soit avec ou sans firejail :
audit: type=1326 audit(1610240032.977:36): auid=4294967295 uid=1000 gid=1000 ses=4294967295 pid=9996 comm=4368726F6F742048656C706572 exe="/home/acer/.local/share/tor-browser/Browser/firefox.real" sig=31 arch=c000003e syscall=161 compat=0 ip=0x7f151dbd1fb7 code=0x0
1 Premiere Installation de torbrowser-launcher depuis synaptic : Après quelques manipulations (clé de sécurité...)
A_ depuis le menu du bureau :
clik sur icone torbrowser-launcher : ok -- la fenetre de tor s'ouvre sur la page d'acceuil et fonctionne
B_ depuis la console :
torbrowser-launcher : ok -- la fenetre de tor s'ouvre sur la page d'acceuil et fonctionne
C_ depuis la console :
firejail torbrowser-launcher : xx -- la fenetre de tor s'ouvre avec les 3 header du haut (1"le navigateur tor - + x" ; 2"onglet (a propos de tor) +" ; 3 " bouton de navigation ; barre de recherche ; bouton securité ; bouton nouvelle identité ; menu burger" --> boutons et onglets fonctionnels la fenetre n'est pas figée) -- Rien ne s'affiche dans la fenetre : ni la page d 'acceuil, ni message d'erreur : juste rien
-->suppression complete de torbrowser-launcher depuis synaptic + 2 ou 3 autres dossiers a la main
2 Deuxieme installation en téléchargeant depuis
https://www.torproject.org/fr/download/ puis a nouveau quelques manips :
__decompression dans ~/.locale/share/tor-browser__
A_ depuis la console dans le bon repertoire :
./Browser/start-tor-browser.desktop : ok -- la fenetre de tor s'ouvre sur la page d'acceuil et fonctionne
B_ depuis la console dans le bon repertoire :
firejail ./Browser/start-tor-browser.desktop : xx -- idem 1 C fenetre s'ouvre : juste rien
C_ depuis la console dans le bon repertoire :
firejail sh -c '"$(dirname "$*")"/Browser/start-tor-browser --detach || ([ ! -x "$(dirname "$*")"/Browser/start-tor-browser ] && "$(dirname "$*")"/start-tor-browser --detach)' dummy %k : xx -- idem 1 C fenetre s'ouvre : juste rien
3 Retours de Commandes :
firejail --debug --noprofile ./Browser/start-tor-browser.desktop = torbrowser fonctionne 🙁
firejail --debug --noprofile ./Browser/start-tor-browser.desktop
Autoselecting /bin/bash as shell
Building quoted command line: './Browser/start-tor-browser.desktop'
Command name #start-tor-browser.desktop#
DISPLAY=:0 parsed as 0
Using the local network stack
Parent pid 10808, child pid 10809
Initializing child process
Host network configured
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp.postexec file
Mounting read-only /bin, /sbin, /lib, /lib32, /lib64, /usr, /etc, /var
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Mounting tmpfs on /var/lib/dhcp
Mounting tmpfs on /var/lib/snmp
Mounting tmpfs on /var/lib/sudo
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/x11
Remounting /proc and /proc/sys filesystems
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/module
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /sys/kernel/uevent_helper
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/kernel/hotplug
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/sched_debug
Disable /proc/timer_list
Disable /proc/kcore
Disable /proc/kallsyms
Disable /lib/modules
Disable /usr/lib/debug
Disable /boot
Disable /dev/port
Disable /run/user/1000/gnupg
Disable /run/user/1000/systemd
Disable /dev/kmsg
Disable /proc/kmsg
Disable /sys/fs
Current directory: /home/acer/.local/share/tor-browser
DISPLAY=:0 parsed as 0
Seccomp files:
-rw-r--r-- 1 acer acer 1104 janv. 10 02:46 /run/firejail/mnt/seccomp
-rw-r--r-- 1 acer acer 808 janv. 10 02:46 /run/firejail/mnt/seccomp.32
-rw-r--r-- 1 acer acer 824 janv. 10 02:46 /run/firejail/mnt/seccomp.64
-rw-r--r-- 1 acer acer 0 janv. 10 02:46 /run/firejail/mnt/seccomp.postexec
-rw-r--r-- 1 acer acer 0 janv. 10 02:46 /run/firejail/mnt/seccomp.protocol
Username acer, groups 1000, 4, 24, 27, 30, 46, 116, 122, 124, 129, 999,
starting application
LD_PRELOAD=(null)
Running './Browser/start-tor-browser.desktop' command through /bin/bash
execvp argument 0: /bin/bash
execvp argument 1: -c
execvp argument 2: './Browser/start-tor-browser.desktop'
Child process initialized in 31.77 ms
Launching './Browser/start-tor-browser --detach'...
monitoring pid 4
Sandbox monitor: waitpid 4 retval 4 status 0
Sandbox monitor: monitoring 22
monitoring pid 22
Sandbox monitor: waitpid 22 retval 22 status 0
firejail --debug ./Browser/start-tor-browser.desktop = torbrowser ne fonctionne pas :mad:
firejail --debug ./Browser/start-tor-browser.desktop
Autoselecting /bin/bash as shell
Building quoted command line: './Browser/start-tor-browser.desktop'
Command name #start-tor-browser.desktop#
Attempting to find default.profile...
Found default profile in /etc/firejail directory
Reading profile /etc/firejail/default.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
** Note: you can use --noprofile to disable default.profile **
DISPLAY=:0 parsed as 0
Using the local network stack
Parent pid 10658, child pid 10659
Initializing child process
Host network configured
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp.postexec file
Build protocol filter: unix,inet,inet6
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fseccomp protocol build unix,inet,inet6 /run/firejail/mnt/seccomp.protocol (null)
sbox file descriptors:
total 0
lrwx------ 1 acer acer 64 Jan 10 02:43 0 -> /dev/null
lrwx------ 1 acer acer 64 Jan 10 02:43 1 -> /dev/pts/1
lrwx------ 1 acer acer 64 Jan 10 02:43 2 -> /dev/pts/1
lr-x------ 1 acer acer 64 Jan 10 02:43 3 -> /proc/10663/fd
Dropping all capabilities
Username acer, no supplementary groups
Mounting read-only /bin, /sbin, /lib, /lib32, /lib64, /usr, /etc, /var
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Mounting tmpfs on /var/lib/dhcp
Mounting tmpfs on /var/lib/snmp
Mounting tmpfs on /var/lib/sudo
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/x11
Remounting /proc and /proc/sys filesystems
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/module
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /sys/kernel/uevent_helper
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/kernel/hotplug
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/sched_debug
Disable /proc/timer_list
Disable /proc/kcore
Disable /proc/kallsyms
Disable /lib/modules
Disable /usr/lib/debug
Disable /boot
Disable /dev/port
Disable /run/user/1000/gnupg
Disable /run/user/1000/systemd
Disable /dev/kmsg
Disable /proc/kmsg
Disable /home/acer/.python_history
Disable /home/acer/.bash_history
Disable /home/acer/.adobe
Disable /home/acer/.macromedia
Disable /home/acer/.config/openbox
Disable /etc/X11/Xsession.d
Disable /etc/xdg/autostart
Disable /var/lib/systemd
Disable /home/acer/.config/VirtualBox
Disable /home/acer/VirtualBox VMs
Disable /var/cache/apt
Disable /var/lib/apt
Disable /var/lib/dkms
Disable /var/lib/upower
Disable /var/mail
Disable /var/opt
Disable /run/acpid.socket (requested /var/run/acpid.socket)
Disable /run/docker.sock (requested /var/run/docker.sock)
Disable /var/spool/anacron
Disable /var/spool/cron
Disable /var/mail (requested /var/spool/mail)
Disable /etc/anacrontab
Disable /etc/cron.weekly
Disable /etc/cron.d
Disable /etc/crontab
Disable /etc/cron.daily
Disable /etc/cron.hourly
Disable /etc/cron.monthly
Disable /etc/profile.d
Disable /etc/rc1.d
Disable /etc/rc3.d
Disable /etc/rc5.d
Disable /etc/rc6.d
Disable /etc/rc0.d
Disable /etc/rc4.d
Disable /etc/rcS.d
Disable /etc/rc2.d
Disable /etc/kerneloops.conf
Disable /etc/kernel-img.conf
Disable /etc/kernel
Disable /etc/grub.d
Disable /etc/dkms
Disable /etc/apparmor.d
Disable /etc/apparmor
Disable /etc/selinux
Disable /etc/modules
Disable /etc/modules-load.d
Disable /etc/logrotate.conf
Disable /etc/logrotate.d
Disable /etc/adduser.conf
Mounting read-only /home/acer/.bash_logout
Mounting read-only /home/acer/.bashrc
Mounting read-only /home/acer/.profile
Mounting read-only /home/acer/.xscreensaver
Disable /home/acer/.local/share/Trash
Mounting read-only /home/acer/.local/share/applications
Disable /home/acer/.cert
Disable /home/acer/.gnupg
Disable /home/acer/.local/share/keyrings
Disable /home/acer/.pki
Disable /etc/group-
Disable /etc/gshadow
Disable /etc/gshadow-
Disable /etc/passwd-
Disable /etc/shadow
Disable /etc/shadow-
Disable /etc/ssh
Disable /sbin
Disable /usr/local/sbin
Disable /usr/sbin
Disable /usr/bin/chage
Disable /usr/bin/chfn
Disable /usr/bin/chsh
Disable /usr/bin/crontab
Disable /usr/bin/expiry
Disable /bin/fusermount
Disable /usr/bin/gpasswd
Disable /bin/mount
Disable /bin/nc.openbsd (requested /bin/nc)
Disable /usr/bin/newgrp
Disable /bin/ntfs-3g
Disable /usr/bin/pkexec
Disable /usr/bin/newgrp (requested /usr/bin/sg)
Disable /usr/bin/strace
Disable /bin/su
Disable /usr/bin/sudo
Disable /bin/umount
Disable /usr/bin/xev
Disable /usr/lib/virtualbox
Disable /usr/bin/lxterminal
Mounting noexec /tmp/.X11-unix
Disable /home/acer/.android
Disable /home/acer/.audacity-data
Disable /home/acer/.config/VirtualBox
Disable /home/acer/.config/audacious
Disable /home/acer/.config/blender
Disable /home/acer/.config/enchant
Disable /home/acer/.config/evince
Disable /home/acer/.config/galculator
Disable /home/acer/.config/gpicview
Disable /home/acer/.config/inkscape
Disable /home/acer/.config/leafpad
Disable /home/acer/.config/libreoffice
Disable /home/acer/.config/pcmanfm
Disable /home/acer/.config/remmina
Disable /home/acer/.config/transmission
Disable /home/acer/.config/vlc
Disable /home/acer/.config/wireshark
Disable /home/acer/.config/xfburn
Disable /home/acer/.java
Disable /home/acer/.local/share/remmina
Disable /home/acer/.local/share/vlc
Disable /home/acer/.minetest
Disable /home/acer/.mozilla
Disable /home/acer/.openshot_qt
Disable /home/acer/.synfig
Disable /home/acer/.thunderbird
Disable /tmp/ssh-3uKOxMl2QJdW
Disable /tmp/ssh-yWeGNUU1Vaae
Disable /home/acer/.cache/mozilla
Disable /home/acer/.cache/thunderbird
Disable /home/acer/.cache/torbrowser
Disable /home/acer/.cache/transmission
Disable /sys/fs
Current directory: /home/acer/.local/share/tor-browser
DISPLAY=:0 parsed as 0
Dropping all capabilities
Install protocol filter: unix,inet,inet6
configuring 14 seccomp entries in /run/firejail/mnt/seccomp.protocol
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fseccomp print /run/firejail/mnt/seccomp.protocol (null)
sbox file descriptors:
total 0
lrwx------ 1 acer acer 64 Jan 10 02:43 0 -> /dev/null
lrwx------ 1 acer acer 64 Jan 10 02:43 1 -> /dev/pts/1
lrwx------ 1 acer acer 64 Jan 10 02:43 2 -> /dev/pts/1
lr-x------ 1 acer acer 64 Jan 10 02:43 3 -> /proc/7/fd
Dropping all capabilities
Username acer, no supplementary groups
SECCOMP Filter
VALIDATE_ARCHITECTURE_64
EXAMINE_SYSCALL
WHITELIST 41 socket
UNKNOWN ENTRY 20!
WHITELIST 1 write
WHITELIST 2 open
WHITELIST 10 mprotect
RETURN_ERRNO 95 EOPNOTSUPP
configuring 101 seccomp entries in /run/firejail/mnt/seccomp.32
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fseccomp print /run/firejail/mnt/seccomp.32 (null)
sbox file descriptors:
total 0
lrwx------ 1 acer acer 64 Jan 10 02:43 0 -> /dev/null
lrwx------ 1 acer acer 64 Jan 10 02:43 1 -> /dev/pts/1
lrwx------ 1 acer acer 64 Jan 10 02:43 2 -> /dev/pts/1
lr-x------ 1 acer acer 64 Jan 10 02:43 3 -> /proc/10/fd
Dropping all capabilities
Username acer, no supplementary groups
SECCOMP Filter
VALIDATE_ARCHITECTURE_32
EXAMINE_SYSCALL
BLACKLIST 21 access
BLACKLIST 52 getpeername
BLACKLIST 26 msync
BLACKLIST 283 timerfd_create
BLACKLIST 341 unknown
BLACKLIST 342 unknown
BLACKLIST 127 rt_sigpending
BLACKLIST 128 rt_sigtimedwait
BLACKLIST 350 unknown
BLACKLIST 129 rt_sigqueueinfo
BLACKLIST 110 getppid
BLACKLIST 101 ptrace
BLACKLIST 289 signalfd4
BLACKLIST 87 unlink
BLACKLIST 115 getgroups
BLACKLIST 103 syslog
BLACKLIST 347 unknown
BLACKLIST 348 unknown
BLACKLIST 135 personality
BLACKLIST 149 mlock
BLACKLIST 124 getsid
BLACKLIST 343 unknown
BLACKLIST 253 inotify_init
BLACKLIST 336 unknown
BLACKLIST 338 unknown
BLACKLIST 349 unknown
BLACKLIST 286 timerfd_settime
BLACKLIST 287 timerfd_gettime
BLACKLIST 288 accept4
BLACKLIST 86 link
BLACKLIST 51 getsockname
BLACKLIST 123 setfsgid
BLACKLIST 217 getdents64
BLACKLIST 245 mq_getsetattr
BLACKLIST 246 kexec_load
BLACKLIST 247 waitid
BLACKLIST 248 add_key
BLACKLIST 249 request_key
BLACKLIST 257 openat
BLACKLIST 274 get_robust_list
BLACKLIST 276 tee
BLACKLIST 294 inotify_init1
BLACKLIST 317 seccomp
BLACKLIST 316 renameat2
BLACKLIST 61 wait4
BLACKLIST 88 symlink
BLACKLIST 169 reboot
BLACKLIST 130 rt_sigsuspend
RETURN_ALLOW
Dual 32/64 bit seccomp filter configured
configuring 138 seccomp entries in /run/firejail/mnt/seccomp
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fseccomp print /run/firejail/mnt/seccomp (null)
sbox file descriptors:
total 0
lrwx------ 1 acer acer 64 Jan 10 02:43 0 -> /dev/null
lrwx------ 1 acer acer 64 Jan 10 02:43 1 -> /dev/pts/1
lrwx------ 1 acer acer 64 Jan 10 02:43 2 -> /dev/pts/1
lr-x------ 1 acer acer 64 Jan 10 02:43 3 -> /proc/13/fd
Dropping all capabilities
Username acer, no supplementary groups
SECCOMP Filter
VALIDATE_ARCHITECTURE
EXAMINE_SYSCALL
HANDLE_X32
BLACKLIST 154 modify_ldt
BLACKLIST 212 lookup_dcookie
BLACKLIST 298 perf_event_open
BLACKLIST 311 process_vm_writev
BLACKLIST 156 _sysctl
BLACKLIST 183 afs_syscall
BLACKLIST 174 create_module
BLACKLIST 177 get_kernel_syms
BLACKLIST 181 getpmsg
BLACKLIST 182 putpmsg
BLACKLIST 178 query_module
BLACKLIST 185 security
BLACKLIST 139 sysfs
BLACKLIST 184 tuxcall
BLACKLIST 134 uselib
BLACKLIST 136 ustat
BLACKLIST 236 vserver
BLACKLIST 159 adjtimex
BLACKLIST 305 clock_adjtime
BLACKLIST 227 clock_settime
BLACKLIST 164 settimeofday
BLACKLIST 176 delete_module
BLACKLIST 313 finit_module
BLACKLIST 175 init_module
BLACKLIST 173 ioperm
BLACKLIST 172 iopl
BLACKLIST 246 kexec_load
BLACKLIST 320 kexec_file_load
BLACKLIST 169 reboot
BLACKLIST 167 swapon
BLACKLIST 168 swapoff
BLACKLIST 163 acct
BLACKLIST 321 bpf
BLACKLIST 161 chroot
BLACKLIST 165 mount
BLACKLIST 180 nfsservctl
BLACKLIST 155 pivot_root
BLACKLIST 171 setdomainname
BLACKLIST 170 sethostname
BLACKLIST 166 umount2
BLACKLIST 153 vhangup
BLACKLIST 238 set_mempolicy
BLACKLIST 256 migrate_pages
BLACKLIST 279 move_pages
BLACKLIST 237 mbind
BLACKLIST 304 open_by_handle_at
BLACKLIST 303 name_to_handle_at
BLACKLIST 251 ioprio_set
BLACKLIST 103 syslog
BLACKLIST 300 fanotify_init
BLACKLIST 312 kcmp
BLACKLIST 248 add_key
BLACKLIST 249 request_key
BLACKLIST 250 keyctl
BLACKLIST 206 io_setup
BLACKLIST 207 io_destroy
BLACKLIST 208 io_getevents
BLACKLIST 209 io_submit
BLACKLIST 210 io_cancel
BLACKLIST 216 remap_file_pages
BLACKLIST 278 vmsplice
BLACKLIST 135 personality
BLACKLIST 323 userfaultfd
BLACKLIST 101 ptrace
BLACKLIST 310 process_vm_readv
RETURN_ALLOW
seccomp filter configured
Seccomp files:
-rw-r--r-- 1 acer acer 1104 janv. 10 02:43 /run/firejail/mnt/seccomp
-rw-r--r-- 1 acer acer 808 janv. 10 02:43 /run/firejail/mnt/seccomp.32
-rw-r--r-- 1 acer acer 824 janv. 10 02:43 /run/firejail/mnt/seccomp.64
-rw-r--r-- 1 acer acer 0 janv. 10 02:43 /run/firejail/mnt/seccomp.postexec
-rw-r--r-- 1 acer acer 112 janv. 10 02:43 /run/firejail/mnt/seccomp.protocol
noroot user namespace installed
Dropping all capabilities
NO_NEW_PRIVS set
starting application
LD_PRELOAD=(null)
Running './Browser/start-tor-browser.desktop' command through /bin/bash
execvp argument 0: /bin/bash
execvp argument 1: -c
execvp argument 2: './Browser/start-tor-browser.desktop'
Child process initialized in 102.65 ms
Installing /run/firejail/mnt/seccomp seccomp filter
Installing /run/firejail/mnt/seccomp.32 seccomp filter
Installing /run/firejail/mnt/seccomp.protocol seccomp filter
Launching './Browser/start-tor-browser --detach'...
monitoring pid 16
Sandbox monitor: waitpid 16 retval 16 status 0
Sandbox monitor: monitoring 34
monitoring pid 34
Sandbox monitor: waitpid 34 retval 34 status 0
firejail --version :/
firejail --version
firejail version 0.9.52
Compile time support:
- AppArmor support is enabled
- AppImage support is enabled
- bind support is enabled
- chroot support is enabled
- file and directory whitelisting support is enabled
- file transfer support is enabled
- git install support is disabled
- networking support is enabled
- overlayfs support is enabled
- private-home support is enabled
- seccomp-bpf support is enabled
- user namespace support is enabled
- X11 sandboxing support is enabled
sudo aa-status :/
sudo aa-status
apparmor module is loaded.
20 profiles are loaded.
20 profiles are in enforce mode.
/sbin/dhclient
/usr/bin/evince
/usr/bin/evince-previewer
/usr/bin/evince-previewer//sanitized_helper
/usr/bin/evince-thumbnailer
/usr/bin/evince//sanitized_helper
/usr/bin/man
/usr/lib/NetworkManager/nm-dhcp-client.action
/usr/lib/NetworkManager/nm-dhcp-helper
/usr/lib/connman/scripts/dhclient-script
/usr/lib/cups/backend/cups-pdf
/usr/lib/lightdm/lightdm-guest-session
/usr/lib/lightdm/lightdm-guest-session//chromium
/usr/sbin/cupsd
/usr/sbin/cupsd//third_party
/usr/sbin/tcpdump
docker-default
firejail-default
man_filter
man_groff
0 profiles are in complain mode.
6 processes have profiles defined.
6 processes are in enforce mode.
/sbin/dhclient (5521)
/usr/bin/man (9270)
/usr/bin/man (9280)
/usr/bin/man (11162)
/usr/bin/man (11172)
/usr/sbin/cupsd (8383)
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
dmesg | grep -i "firejail|tor-browser" :o
dmesg | grep -i "firejail\|tor-browser"
[ 25.296358] audit: type=1400 audit(1610217459.476:2): apparmor="STATUS" operation="profile_load" profile="unconfined" name="firejail-default" pid=418 comm="apparmor_parser"
[11449.123080] audit: type=1326 audit(1610228883.299:22): auid=4294967295 uid=1000 gid=1000 ses=4294967295 pid=5487 comm=4368726F6F742048656C706572 exe="/home/acer/.local/share/tor-browser/Browser/firefox.real" sig=31 arch=c000003e syscall=161 compat=0 ip=0x7f24ab3cafb7 code=0x0
[11521.859163] audit: type=1326 audit(1610228956.034:23): auid=4294967295 uid=1000 gid=1000 ses=4294967295 pid=5874 comm=4368726F6F742048656C706572 exe="/home/acer/.local/share/tor-browser/Browser/firefox.real" sig=31 arch=c000003e syscall=161 compat=0 ip=0x7f14c2ceefb7 code=0x0
[11522.705977] audit: type=1326 audit(1610228956.882:24): auid=4294967295 uid=1000 gid=1000 ses=4294967295 pid=5897 comm=4368726F6F742048656C706572 exe="/home/acer/.local/share/tor-browser/Browser/firefox.real" sig=31 arch=c000003e syscall=161 compat=0 ip=0x7f14c2ceefb7 code=0x0
[12045.950039] audit: type=1326 audit(1610229480.128:25): auid=4294967295 uid=1000 gid=1000 ses=4294967295 pid=6349 comm=4368726F6F742048656C706572 exe="/home/acer/.local/share/tor-browser/Browser/firefox.real" sig=31 arch=c000003e syscall=161 compat=0 ip=0x7febcb5c0fb7 code=0x0
[12046.899824] audit: type=1326 audit(1610229481.076:26): auid=4294967295 uid=1000 gid=1000 ses=4294967295 pid=6380 comm=4368726F6F742048656C706572 exe="/home/acer/.local/share/tor-browser/Browser/firefox.real" sig=31 arch=c000003e syscall=161 compat=0 ip=0x7febcb5c0fb7 code=0x0
[12441.146441] audit: type=1326 audit(1610229875.323:27): auid=4294967295 uid=1000 gid=1000 ses=4294967295 pid=6546 comm=4368726F6F742048656C706572 exe="/home/acer/.local/share/tor-browser/Browser/firefox.real" sig=31 arch=c000003e syscall=161 compat=0 ip=0x7f9ff9a2bfb7 code=0x0
[12442.143107] audit: type=1326 audit(1610229876.319:28): auid=4294967295 uid=1000 gid=1000 ses=4294967295 pid=6578 comm=4368726F6F742048656C706572 exe="/home/acer/.local/share/tor-browser/Browser/firefox.real" sig=31 arch=c000003e syscall=161 compat=0 ip=0x7f9ff9a2bfb7 code=0x0
[16500.129464] audit: type=1326 audit(1610233934.308:29): auid=4294967295 uid=1000 gid=1000 ses=4294967295 pid=8569 comm=4368726F6F742048656C706572 exe="/home/acer/.local/share/tor-browser/Browser/firefox.real" sig=31 arch=c000003e syscall=161 compat=0 ip=0x7f31abef6fb7 code=0x0
[16501.112193] audit: type=1326 audit(1610233935.292:30): auid=4294967295 uid=1000 gid=1000 ses=4294967295 pid=8598 comm=4368726F6F742048656C706572 exe="/home/acer/.local/share/tor-browser/Browser/firefox.real" sig=31 arch=c000003e syscall=161 compat=0 ip=0x7f31abef6fb7 code=0x0
[17405.313576] audit: type=1326 audit(1610234839.493:31): auid=4294967295 uid=1000 gid=1000 ses=4294967295 pid=8998 comm=4368726F6F742048656C706572 exe="/home/acer/.local/share/tor-browser/Browser/firefox.real" sig=31 arch=c000003e syscall=161 compat=0 ip=0x7ff1adae0fb7 code=0x0
[17406.215197] audit: type=1326 audit(1610234840.393:32): auid=4294967295 uid=1000 gid=1000 ses=4294967295 pid=9027 comm=4368726F6F742048656C706572 exe="/home/acer/.local/share/tor-browser/Browser/firefox.real" sig=31 arch=c000003e syscall=161 compat=0 ip=0x7ff1adae0fb7 code=0x0
[17835.141072] audit: type=1326 audit(1610235269.317:33): auid=4294967295 uid=1000 gid=1000 ses=4294967295 pid=9196 comm=4368726F6F742048656C706572 exe="/home/acer/.local/share/tor-browser/Browser/firefox.real" sig=31 arch=c000003e syscall=161 compat=0 ip=0x7f70161a8fb7 code=0x0
[17836.092349] audit: type=1326 audit(1610235270.269:34): auid=4294967295 uid=1000 gid=1000 ses=4294967295 pid=9226 comm=4368726F6F742048656C706572 exe="/home/acer/.local/share/tor-browser/Browser/firefox.real" sig=31 arch=c000003e syscall=161 compat=0 ip=0x7f70161a8fb7 code=0x0
[22597.882139] audit: type=1326 audit(1610240032.061:35): auid=4294967295 uid=1000 gid=1000 ses=4294967295 pid=9963 comm=4368726F6F742048656C706572 exe="/home/acer/.local/share/tor-browser/Browser/firefox.real" sig=31 arch=c000003e syscall=161 compat=0 ip=0x7f151dbd1fb7 code=0x0
[22598.796340] audit: type=1326 audit(1610240032.977:36): auid=4294967295 uid=1000 gid=1000 ses=4294967295 pid=9996 comm=4368726F6F742048656C706572 exe="/home/acer/.local/share/tor-browser/Browser/firefox.real" sig=31 arch=c000003e syscall=161 compat=0 ip=0x7f151dbd1fb7 code=0x0
[23706.349373] audit: type=1326 audit(1610241140.526:37): auid=4294967295 uid=1000 gid=1000 ses=4294967295 pid=10149 comm=4368726F6F742048656C706572 exe="/home/acer/.local/share/tor-browser/Browser/firefox.real" sig=31 arch=c000003e syscall=161 compat=0 ip=0x7f08cf42efb7 code=0x0
[23707.251544] audit: type=1326 audit(1610241141.426:38): auid=4294967295 uid=1000 gid=1000 ses=4294967295 pid=10178 comm=4368726F6F742048656C706572 exe="/home/acer/.local/share/tor-browser/Browser/firefox.real" sig=31 arch=c000003e syscall=161 compat=0 ip=0x7f08cf42efb7 code=0x0
[23974.299581] audit: type=1400 audit(1610241408.475:39): apparmor="DENIED" operation="exec" profile="firejail-default" name="/home/acer/.local/share/tor-browser/Browser/start-tor-browser.desktop" pid=10215 comm="bash" requested_mask="x" denied_mask="x" fsuid=1000 ouid=1000
[24007.942733] audit: type=1400 audit(1610241442.120:40): apparmor="DENIED" operation="exec" profile="firejail-default" name="/home/acer/.local/share/tor-browser/Browser/start-tor-browser" pid=10225 comm="sh" requested_mask="x" denied_mask="x" fsuid=1000 ouid=1000
[25605.612038] audit: type=1326 audit(1610243039.787:41): auid=4294967295 uid=1000 gid=1000 ses=4294967295 pid=10750 comm=4368726F6F742048656C706572 exe="/home/acer/.local/share/tor-browser/Browser/firefox.real" sig=31 arch=c000003e syscall=161 compat=0 ip=0x7fba05e5ffb7 code=0x0
[25606.556863] audit: type=1326 audit(1610243040.736:42): auid=4294967295 uid=1000 gid=1000 ses=4294967295 pid=10779 comm=4368726F6F742048656C706572 exe="/home/acer/.local/share/tor-browser/Browser/firefox.real" sig=31 arch=c000003e syscall=161 compat=0 ip=0x7fba05e5ffb7 code=0x0
inxi -SM :rolleyes:
inxi -SM
System: Host: aspire Kernel: 4.15.0-130-generic x86_64 bits: 64
Desktop: LXDE (Openbox 3.6.1) Distro: Ubuntu 18.04.5 LTS
Machine: Device: other-vm? System: Acer product: Aspire 4810T v: V1.30 serial: N/A
Mobo: Acer model: Aspire 4810T serial: N/A
BIOS: INSYDE v: V1.30 date: 09/29/2009