Hello there. Yesterday I used this script to harden my Linux Mint system. Today, when I wanted to boot up my laptop and log in, I got an error that filled the entire screen reading
I'm new to Linux and I have absolutely no clue what to do. I tried running the verify_fortress.sh and PERM_diagnostic.sh, but they didn't give any clue as to how to fix this issue.
Because of this, my zen browser and fsearch apps don't open anymore and they aren't even listed anymore, but still installed.
I would highly appreciate it if someone could help me resolve this problem.
ULTRA-DIAGNOSTIC REPORT
======================
Date: Sun Jun 7 03:33:48 PM CEST 2026
=== ROOT CHECK ===
✓ Running as root
=== BASIC COMMAND TEST ===
Testing if basic commands work...
✓ ls works
✓ cat works
✓ bash works
=== LIBSTDC++ SPECIFIC CHECK ===
Found: /usr/lib/i386-linux-gnu/libstdc++.so.6
lrwxrwxrwx 1 root root 19 Dec 18 22:36 /usr/lib/i386-linux-gnu/libstdc++.so.6 -> libstdc++.so.6.0.33
File: /usr/lib/i386-linux-gnu/libstdc++.so.6 -> libstdc++.so.6.0.33
Size: 19 Blocks: 0 IO Block: 4096 symbolic link
Device: 259,2 Inode: 18498023 Links: 1
Access: (0777/lrwxrwxrwx) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2026-06-06 17:44:46.956506820 +0200
Modify: 2025-12-18 22:36:50.000000000 +0100
Change: 2026-06-06 17:44:34.621426749 +0200
Birth: 2026-06-06 17:44:34.620426743 +0200
Can I read it as current user?
✓ YES - Readable
Parent directory permissions:
drwxr-xr-x 19 root root 20480 Jun 6 17:44 /usr/lib/i386-linux-gnu
=== ALL LIBRARY DIRECTORY PERMISSIONS ===
Directory: /lib
lrwxrwxrwx 1 root root 7 Jun 6 16:31 /lib -> usr/lib
Perms: 777 Owner: root:root
✓ Accessible (read+exec)
Directory: /lib64
lrwxrwxrwx 1 root root 9 Jun 6 16:31 /lib64 -> usr/lib64
Perms: 777 Owner: root:root
✓ Accessible (read+exec)
Directory: /usr/lib
drwxr-xr-x 116 root root 4096 Jun 6 22:51 /usr/lib
Perms: 755 Owner: root:root
✓ Accessible (read+exec)
Directory: /usr/lib64
drwxr-xr-x 2 root root 4096 Jun 6 16:57 /usr/lib64
Perms: 755 Owner: root:root
✓ Accessible (read+exec)
Directory: /lib/x86_64-linux-gnu
drwxr-xr-x 118 root root 118784 Jun 7 15:11 /lib/x86_64-linux-gnu
Perms: 755 Owner: root:root
✓ Accessible (read+exec)
Directory: /usr/lib/x86_64-linux-gnu
drwxr-xr-x 118 root root 118784 Jun 7 15:11 /usr/lib/x86_64-linux-gnu
Perms: 755 Owner: root:root
✓ Accessible (read+exec)
=== ALL MOUNT POINTS ===
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
udev on /dev type devtmpfs (rw,nosuid,relatime,size=15929188k,nr_inodes=3982297,mode=755,inode64)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
tmpfs on /run type tmpfs (rw,nosuid,nodev,noexec,relatime,size=3195028k,mode=755,inode64)
efivarfs on /sys/firmware/efi/efivars type efivarfs (rw,nosuid,nodev,noexec,relatime)
/dev/nvme0n1p2 on / type ext4 (rw,relatime,errors=remount-ro)
securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev,inode64)
tmpfs on /run/lock type tmpfs (rw,nosuid,nodev,noexec,relatime,size=5120k,inode64)
cgroup2 on /sys/fs/cgroup type cgroup2 (rw,nosuid,nodev,noexec,relatime,nsdelegate,memory_recursiveprot)
none on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)
bpf on /sys/fs/bpf type bpf (rw,nosuid,nodev,noexec,relatime,mode=700)
systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=32,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=11323)
debugfs on /sys/kernel/debug type debugfs (rw,nosuid,nodev,noexec,relatime)
mqueue on /dev/mqueue type mqueue (rw,nosuid,nodev,noexec,relatime)
tracefs on /sys/kernel/tracing type tracefs (rw,nosuid,nodev,noexec,relatime)
hugetlbfs on /dev/hugepages type hugetlbfs (rw,nosuid,nodev,relatime,pagesize=2M)
configfs on /sys/kernel/config type configfs (rw,nosuid,nodev,noexec,relatime)
fusectl on /sys/fs/fuse/connections type fusectl (rw,nosuid,nodev,noexec,relatime)
tmpfs on /run/shm type tmpfs (rw,nosuid,nodev,relatime,inode64)
/dev/nvme0n1p1 on /boot/efi type vfat (rw,relatime,fmask=0077,dmask=0077,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro)
binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,nosuid,nodev,noexec,relatime)
tmpfs on /run/user/1000 type tmpfs (rw,nosuid,nodev,relatime,size=3195024k,nr_inodes=798756,mode=700,uid=1000,gid=1000,inode64)
gvfsd-fuse on /run/user/1000/gvfs type fuse.gvfsd-fuse (rw,nosuid,nodev,relatime,user_id=1000,group_id=1000)
portal on /run/user/1000/doc type fuse.portal (rw,nosuid,nodev,relatime,user_id=1000,group_id=1000)
=== MOUNTS WITH NOEXEC ===
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
tmpfs on /run type tmpfs (rw,nosuid,nodev,noexec,relatime,size=3195028k,mode=755,inode64)
efivarfs on /sys/firmware/efi/efivars type efivarfs (rw,nosuid,nodev,noexec,relatime)
securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
tmpfs on /run/lock type tmpfs (rw,nosuid,nodev,noexec,relatime,size=5120k,inode64)
cgroup2 on /sys/fs/cgroup type cgroup2 (rw,nosuid,nodev,noexec,relatime,nsdelegate,memory_recursiveprot)
none on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)
bpf on /sys/fs/bpf type bpf (rw,nosuid,nodev,noexec,relatime,mode=700)
debugfs on /sys/kernel/debug type debugfs (rw,nosuid,nodev,noexec,relatime)
mqueue on /dev/mqueue type mqueue (rw,nosuid,nodev,noexec,relatime)
tracefs on /sys/kernel/tracing type tracefs (rw,nosuid,nodev,noexec,relatime)
configfs on /sys/kernel/config type configfs (rw,nosuid,nodev,noexec,relatime)
fusectl on /sys/fs/fuse/connections type fusectl (rw,nosuid,nodev,noexec,relatime)
binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,nosuid,nodev,noexec,relatime)
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
tmpfs on /run type tmpfs (rw,nosuid,nodev,noexec,relatime,size=3195028k,mode=755,inode64)
efivarfs on /sys/firmware/efi/efivars type efivarfs (rw,nosuid,nodev,noexec,relatime)
securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
tmpfs on /run/lock type tmpfs (rw,nosuid,nodev,noexec,relatime,size=5120k,inode64)
cgroup2 on /sys/fs/cgroup type cgroup2 (rw,nosuid,nodev,noexec,relatime,nsdelegate,memory_recursiveprot)
none on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)
bpf on /sys/fs/bpf type bpf (rw,nosuid,nodev,noexec,relatime,mode=700)
debugfs on /sys/kernel/debug type debugfs (rw,nosuid,nodev,noexec,relatime)
mqueue on /dev/mqueue type mqueue (rw,nosuid,nodev,noexec,relatime)
tracefs on /sys/kernel/tracing type tracefs (rw,nosuid,nodev,noexec,relatime)
configfs on /sys/kernel/config type configfs (rw,nosuid,nodev,noexec,relatime)
fusectl on /sys/fs/fuse/connections type fusectl (rw,nosuid,nodev,noexec,relatime)
binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,nosuid,nodev,noexec,relatime)
=== /etc/fstab CONTENTS ===
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point> <type> <options> <dump> <pass>
# / was on /dev/nvme0n1p2 during installation
UUID=9ff4146a-bf17-4289-92a8-bd3527fe43a0 / ext4 errors=remount-ro 0 1
# /boot/efi was on /dev/nvme0n1p1 during installation
UUID=8C29-7780 /boot/efi vfat umask=0077 0 1
/swapfile none swap sw 0 0
tmpfs /dev/shm tmpfs defaults,nodev,nosuid 0 0
tmpfs /run/shm tmpfs defaults,nodev,nosuid 0 0
=== LDCONFIG CHECK ===
Checking if libstdc++ is in ldconfig cache...
libstdc++.so.6 (libc6,x86-64) => /lib/x86_64-linux-gnu/libstdc++.so.6
libstdc++.so.6 (libc6) => /lib/i386-linux-gnu/libstdc++.so.6
libstdc++.so.6 (libc6,x86-64) => /lib/x86_64-linux-gnu/libstdc++.so.6
libstdc++.so.6 (libc6) => /lib/i386-linux-gnu/libstdc++.so.6
=== DIRECT LIBRARY LOAD TEST ===
Attempting to directly access library file...
✓ Can read library file directly
=== APPARMOR STATUS ===
apparmor module is loaded.
150 profiles are loaded.
150 profiles are in enforce mode.
/usr/bin/irssi
/usr/bin/man
/usr/bin/pidgin
/usr/bin/pidgin//sanitized_helper
/usr/bin/totem
/usr/bin/totem-audio-preview
/usr/bin/totem-video-thumbnailer
/usr/bin/totem//sanitized_helper
/usr/lib/NetworkManager/nm-dhcp-client.action
/usr/lib/NetworkManager/nm-dhcp-helper
/usr/lib/connman/scripts/dhclient-script
/usr/lib/cups/backend/cups-pdf
/usr/lib/lightdm/lightdm-guest-session
/usr/lib/lightdm/lightdm-guest-session//chromium
/usr/sbin/cups-browsed
/usr/sbin/cupsd
/usr/sbin/cupsd//third_party
/{,usr/}sbin/dhclient
1password
Discord
MongoDB Compass
QtWebEngineProcess
apt-cacher-ng
avahi-daemon
balena-etcher
brave
buildah
cam
ch-checkns
ch-run
chrome
crun
devhelp
dnsmasq
dnsmasq//libvirt_leaseshelper
element-desktop
epiphany
evolution
firefox
flatpak
foliate
geary
github-desktop
goldendict
identd
ipa_verify
kchmviewer
keybase
klogd
lc-compliance
libcamerify
libreoffice-oosplash
libreoffice-senddoc
libreoffice-soffice
libreoffice-soffice//gpg
libreoffice-xpdfimport
linux-sandbox
loupe
lsb_release
lxc-attach
lxc-create
lxc-destroy
lxc-execute
lxc-stop
lxc-unshare
lxc-usernsexec
man_filter
man_groff
mdnsd
mint-chromium
mmdebstrap
msedge
nmbd
notepadqq
nscd
nvidia_modprobe
nvidia_modprobe//kmod
obsidian
opam
opera
pageedit
php-fpm
ping
plasmashell
plasmashell//QtWebEngineProcess
podman
polypane
privacybrowser
qcam
qmapshack
qutebrowser
rootlesskit
rpm
rssguard
rsyslogd
runc
samba-bgqd
samba-dcerpcd
samba-rpcd
samba-rpcd-classic
samba-rpcd-spoolss
sbuild
sbuild-abort
sbuild-adduser
sbuild-apt
sbuild-checkpackages
sbuild-clean
sbuild-createchroot
sbuild-destroychroot
sbuild-distupgrade
sbuild-hold
sbuild-shell
sbuild-unhold
sbuild-update
sbuild-upgrade
scide
signal-desktop
slack
slirp4netns
smbd
smbldap-useradd
smbldap-useradd///etc/init.d/nscd
steam
stress-ng
surfshark
syslog-ng
syslogd
systemd-coredump
tcpdump
thunderbird
toybox
traceroute
transmission-cli
transmission-daemon
transmission-gtk
transmission-qt
trinity
tup
tuxedo-control-center
unix-chkpwd
unprivileged_userns
userbindmount
uwsgi-core
vdens
virtiofsd
vivaldi-bin
vpnns
vscode
wike
wpcom
0 profiles are in complain mode.
0 profiles are in prompt mode.
0 profiles are in kill mode.
0 profiles are in unconfined mode.
5 processes have profiles defined.
5 processes are in enforce mode.
/usr/sbin/cups-browsed (1535)
/usr/sbin/cupsd (1322)
/usr/sbin/avahi-daemon (943) avahi-daemon
/usr/sbin/avahi-daemon (1011) avahi-daemon
/usr/sbin/rsyslogd (1121) rsyslogd
0 processes are in complain mode.
0 processes are in prompt mode.
0 processes are in kill mode.
0 processes are unconfined but have a profile defined.
0 processes are in mixed mode.
=== RECENT APPARMOR DENIALS ===
=== SELINUX CHECK ===
SELinux not installed
=== ACL CHECK ===
Checking ACLs on library directories...
ACLs for /lib:
getfacl: Removing leading '/' from absolute path names
# file: lib
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
ACLs for /usr/lib:
getfacl: Removing leading '/' from absolute path names
# file: usr/lib
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
=== NAMESPACE CHECK ===
Current namespaces:
total 0
lrwxrwxrwx 1 root root 0 Jun 7 15:33 cgroup -> cgroup:[4026531835]
lrwxrwxrwx 1 root root 0 Jun 7 15:33 ipc -> ipc:[4026531839]
lrwxrwxrwx 1 root root 0 Jun 7 15:33 mnt -> mnt:[4026531832]
lrwxrwxrwx 1 root root 0 Jun 7 15:33 net -> net:[4026531833]
lrwxrwxrwx 1 root root 0 Jun 7 15:33 pid -> pid:[4026531836]
lrwxrwxrwx 1 root root 0 Jun 7 15:33 pid_for_children -> pid:[4026531836]
lrwxrwxrwx 1 root root 0 Jun 7 15:33 time -> time:[4026531834]
lrwxrwxrwx 1 root root 0 Jun 7 15:33 time_for_children -> time:[4026531834]
lrwxrwxrwx 1 root root 0 Jun 7 15:33 user -> user:[4026531837]
lrwxrwxrwx 1 root root 0 Jun 7 15:33 uts -> uts:[4026531838]
=== LDD ON FIREFOX ===
firefox-esr not found
=== FIREFOX EXECUTION TEST ===
=== STRACE FIREFOX (if available) ===
strace not available or firefox not found
=== RECENT PERMISSION DENIED ERRORS ===
Jun 07 15:27:57 devbe-Lafite-Pro-15-AMD systemd[1393]: flatpak: error while loading shared libraries: libappstream.so.5: cannot open shared object file: Permission denied
Jun 07 15:28:04 devbe-Lafite-Pro-15-AMD systemd[1594]: flatpak: error while loading shared libraries: libappstream.so.5: cannot open shared object file: Permission denied
Jun 07 15:28:05 devbe-Lafite-Pro-15-AMD irqbalance[953]: Cannot change IRQ 77 affinity: Permission denied
Jun 07 15:28:05 devbe-Lafite-Pro-15-AMD irqbalance[953]: Cannot change IRQ 75 affinity: Permission denied
=== FORTRESS BACKUPS ===
No FORTRESS backups found
=== SUMMARY ===
This diagnostic report has been saved to: /tmp/ultra_diagnostic_20260607_153348.log
Please share this ENTIRE output.
Also saved to /root/ for safety
DIAGNOSTIC COMPLETE!
Log saved to: /tmp/ultra_diagnostic_20260607_153348.log
Please share ALL the output above, especially:
1. Library directory permissions
2. Mount output (any noexec?)
3. ldd output for firefox
4. strace output (if available)
Hello there. Yesterday I used this script to harden my Linux Mint system. Today, when I wanted to boot up my laptop and log in, I got an error that filled the entire screen reading
I'm new to Linux and I have absolutely no clue what to do. I tried running the verify_fortress.sh and PERM_diagnostic.sh, but they didn't give any clue as to how to fix this issue.
Because of this, my zen browser and fsearch apps don't open anymore and they aren't even listed anymore, but still installed.
I would highly appreciate it if someone could help me resolve this problem.
PERM_diagnostic.sh output: