On Sat, Apr 22, 2017 at 11:23:47AM +0200, Petter Reinholdtsen wrote: > Hi. I'm tryingo to create a profile for Minecraft, and hoped the > --tracelog feature would help me. But it seem to not log anything to > syslog when access is blocked. > [...] > > I expected some message in syslog explaining that the HEAD command tried > to use the network even if it is disabled, but there is nothing. Is > there some way to get firejail to report all the files and network > resources used by a program, to have an idea how to form the profile > required by the program?
It sounds like you are looking for the --trace command. It is logging open, access and connect system calls called by the sandboxed application. An example is listed in the firejail(1) manpage. It indicates the results of the syscalls at the end of the line, for example: 4:wget:connect 5 10.0.0.1 port 53:-1 This would mean wget tried to connect to 10.0.0.1 on port 53 (DNS), but was unsuccessful (-1). Kind regards, Reiner
signature.asc
Description: Digital signature
