[Reiner Herrmann] > It sounds like you are looking for the --trace command.
It does, doesn't it. But while I had indeed missed the applicability of the --trace argument, I was hoping for something that could report everything that was blocked, not everything that was used. There is a lot of noice is the --trace output, for example about files in /usr/ being read. I hoped to start with a fairly restricted setup and log everything that was blocked, create a profile to open access to the blocked stuff that should be opened. Is there a way to do this? Or perhaps there is a way to take the output from --trace and create a draft profile? Also, is there a way to restrict a firejail client to look up only some DNS names? For Minecraft, it is fairly well known which subdomain will be looked up, and it would be useful to set a restiction there in case the Java code was compromized when automatically downloaded by the launcher. Btw, it might be a good idea to add the --trace usage to the EXAMPLES section in the firejail(1) manual page. If it had been there, I might have used it instead of creating this BTS report. :) -- Happy hacking Petter Reinholdtsen
