I'm trying to filter traffic with iptables for specific applications by their effective owner id (--gid-owner). For this purpose I've created a group
$ sudo addgroup net-user
, set this group on an executable file
$ sudo chown :net-user /opt/Signal/signal-desktop
and set sgid bit
$ sudo chmod g+s /opt/Signal/signal-desktop
Now the app is not able to load a library:
$ signal-desktop
signal-desktop: error while loading shared libraries: libffmpeg.so: cannot open shared object file: No such file or directory
Another app is not able to reach d-bus
$ dolphin
QStandardPaths: wrong ownership on runtime directory /run/user/1001, 1001 instead of 1000
No protocol specified
qt.qpa.screen: QXcbConnection: Could not connect to display :0
Could not connect to any X display.
What am I doing wrong?
