search

netblue30 / firejail

Linux namespaces and seccomp-bpf sandbox
https://firejail.wordpress.com
GNU General Public License v2.0
5.72k stars 561 forks source link

jdownloader profile doesn't work #3361

Closed Micha-Btz closed 4 years ago

Micha-Btz commented 4 years ago

Hey,

I don't now since when, the jdownloader profile doesn't work for me. I have tried to recover it, but without luck.

~/.config/firejail$ cat JDownloader2.profile 
# Firejail profile for JDownloader
# This file is overwritten after every install/update
# Persistent local customizations
include JDownloader2.local
include /etc/firejail/firefox.profile
# Persistent global definitions
 include globals.local

 noblacklist ${HOME}/.jd
 noblacklist ${HOME}/media/jd2
 noblacklist ${HOME}/.scripte/
 noblacklist ${HOME}/.install4j

 noblacklist /usr/lib/jvm/

 mkdir ${HOME}/media/jd2
 whitelist ${HOME}/media/jd2
 mkdir ${HOME}/.scripte/
 noblacklist ${HOME}/.scripte/

 noblacklist ${HOME}/.mozilla

 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc

 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc

 mkdir ${HOME}/.jd
 whitelist ${HOME}/.jd
 whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-var-common.inc
 include whitelist-usr-share-common.inc 

 caps.drop all
 netfilter
 no3d
 nodbus
 nodvd
 nogroups
 nonewprivs
 noroot
 nosound
 notv
 nou2f
 novideo
 protocol unix,inet,inet6
 seccomp
 #shell none
 tracelog

 disable-mnt
 private-cache
 private-dev
 private-tmp

I use some different paths, this are normally located in the .local file, but for test I have put it together. In the Jdownloader2 start script I have set INSTALL4J_JAVA_HOME_OVERRIDE=/usr/lib/jvm/java-11-openjdk-amd64/ which worked without firejail without problems.

Here is the debug output:

seccomp filter configured
 Mounting read-only /run/firejail/mnt/seccomp
 Dropping all capabilities
 noroot user namespace installed
 Dropping all capabilities
 NO_NEW_PRIVS set
 Drop privileges: pid 1, uid 1000, gid 1000, nogroups 1
 No supplementary groups
 AppArmor enabled
 starting application
 LD_PRELOAD=(null)
 execvp argument 0: ./JDownloader2
 Child process initialized in 200.99 ms
 Installing /run/firejail/mnt/seccomp/seccomp seccomp filter
 Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter
 Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter
 testing JVM in /home/mdomann/media/jd2/jre ...
 testing JVM in /home/mdomann/media/jd2/jre ...
 monitoring pid 13

 No suitable Java Virtual Machine could be found on your system.
 The version of the JVM must be at least 1.6 and at most 2.0.
 Please define INSTALL4J_JAVA_HOME to point to a suitable JVM.
 You can also try to delete the JVM cache file /home/mdomann/.install4j
 Sandbox monitor: waitpid 13 retval 13 status 21248

 Parent is shutting down, bye...

the complete output as file attatched. One thing is strange to me, from debug

Disable /usr/lib/jvm/java-11-openjdk-amd64/bin/java (requested /usr/bin/java) Disable /usr/lib/jvm/java-11-openjdk-amd64/bin/javac (requested /usr/bin/javac) Disable /etc/java

As java-allow is set in profil, why it is disabled? I don't understand it. If is start just a bash for test:

 ~/media/jd2$ firejail --profile=/home/mdomann/.config/firejail/JDownloader2.profile bash
 Reading profile /home/mdomann/.config/firejail/JDownloader2.profile
 Reading profile /etc/firejail/firefox.profile
 Reading profile /home/mdomann/.config/firejail/firefox.local
 Reading profile /etc/firejail/whitelist-usr-share-common.inc
 Reading profile /etc/firejail/firefox-common.profile
 Reading profile /etc/firejail/disable-common.inc
 Reading profile /etc/firejail/disable-devel.inc
 Reading profile /etc/firejail/disable-exec.inc
 Reading profile /etc/firejail/disable-interpreters.inc
 Reading profile /etc/firejail/disable-programs.inc
 Reading profile /etc/firejail/whitelist-common.inc
 Reading profile /etc/firejail/whitelist-var-common.inc
 Warning: networking feature is disabled in Firejail configuration file
 Reading profile /etc/firejail/allow-java.inc
 Reading profile /etc/firejail/disable-common.inc
 Reading profile /etc/firejail/disable-devel.inc
 Reading profile /etc/firejail/disable-exec.inc
 Reading profile /etc/firejail/disable-interpreters.inc
 Reading profile /etc/firejail/disable-passwdmgr.inc
 Reading profile /etc/firejail/disable-programs.inc
 Reading profile /etc/firejail/disable-xdg.inc
 Reading profile /etc/firejail/whitelist-common.inc
 Reading profile /etc/firejail/whitelist-var-common.inc
 Reading profile /etc/firejail/whitelist-usr-share-common.inc
 Warning: networking feature is disabled in Firejail configuration file
 Warning: two protocol lists are present, "unix,inet,inet6,netlink" will be installed
 Parent pid 88273, child pid 88274
 Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
 Blacklist violations are logged to syslog
 Post-exec seccomp protector enabled
 Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
 Child process initialized in 183.08 ms
 bash: /usr/share/bash-completion/bash_completion: Datei oder Verzeichnis nicht gefunden
 mdomann@sysiphus:~/media/jd2$ ls
  build.json   error.log      java                     JDownloader2Update                       JDownloader.jar      licenses      themes        'Uninstall JDownloader'
  captchas     extensions     jd                      'JDownloader 2 Update & Rescue.desktop'   jre                  license.txt   tmp            update
  cfg          fertsch        JDownloader2             JDownloader2Update.vmoptions             libs                 logs          tools          updateError.log
  Core.jar     firejail.log  'JDownloader 2.desktop'   JDownloader2.vmoptions                   license_german.txt   output.log    translations   UpdateOoutput.log
 mdomann@sysiphus:~/media/jd2$ ls -lha /usr/lib/j
 java-wrappers/ jni/           jvm/           
 mdomann@sysiphus:~/media/jd2$ ls -lha /usr/lib/j
 java-wrappers/ jni/           jvm/           
 mdomann@sysiphus:~/media/jd2$ ls -lha /usr/lib/jvm/
 default-java/                     .java-1.11.0-openjdk-amd64.jinfo  java-1.5.0-gcj-5-amd64/           openjdk-11/
 java-1.11.0-openjdk-amd64/        java-11-openjdk-amd64/            java-1.5.0-gcj-6-amd64/           
 mdomann@sysiphus:~/media/jd2$ ls -lha /usr/lib/jvm/java-11-openjdk-amd64/
 bin/     conf/    docs     include/ jmods/   legal/   lib/     man/     release  
 mdomann@sysiphus:~/media/jd2$ ls -lha /usr/lib/jvm/java-11-openjdk-amd64/bin/j
 jaotc       jarsigner   javac       javap       jconsole    jdeprscan   jfr         jimage      jjs         jmap        jps         jshell      jstat       
 jar         java        javadoc     jcmd        jdb         jdeps       jhsdb       jinfo       jlink       jmod        jrunscript  jstack      jstatd      
 mdomann@sysiphus:~/media/jd2$ ls -lha /usr/lib/jvm/java-11-openjdk-amd64/bin/ja
 jaotc      jar        jarsigner  java       javac      javadoc    javap      
 mdomann@sysiphus:~/media/jd2$ ls -lha /usr/lib/jvm/java-11-openjdk-amd64/bin/java
 -r-------- 1 nobody nogroup 0 Apr 16 11:49 /usr/lib/jvm/java-11-openjdk-amd64/bin/java
 mdomann@sysiphus:~/media/jd2$

the java binary has 0 byte size, strange. Any idea how to fix this, I'm out of idea.


 ~/media/jd2$ firejail --version
 firejail version 0.9.62

 Compile time support:
    - AppArmor support is enabled
    - AppImage support is enabled
    - chroot support is enabled
    - file and directory whitelisting support is enabled
    - file transfer support is enabled
    - firetunnel support is enabled
    - networking support is enabled
    - overlayfs support is enabled
    - private-home support is enabled
    - seccomp-bpf support is enabled
    - user namespace support is enabled
    - X11 sandboxing support is enabled

Thanks Micha

Debian sid.

Micha-Btz commented 4 years ago

firejail.txt

rusty-snake commented 4 years ago

allow-java.inc is loaded after disable-devel.inc because of the include /etc/firefox/firefox.profile.

Micha-Btz commented 4 years ago

you are right, I removed the firefox includes and checked if java is available via bash. It is. But it is not working.

seccomp filter configured
Mounting read-only /run/firejail/mnt/seccomp
Dropping all capabilities
noroot user namespace installed
Dropping all capabilities
NO_NEW_PRIVS set
Drop privileges: pid 1, uid 1000, gid 1000, nogroups 1
No supplementary groups
starting application
LD_PRELOAD=(null)
execvp argument 0: /bin/sh
execvp argument 1: JDownloader2
Child process initialized in 88.88 ms
Installing /run/firejail/mnt/seccomp/seccomp seccomp filter
Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter
Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter
testing JVM in /usr/lib/jvm/java-11-openjdk-amd64/ ...
monitoring pid 10

testing JVM in /usr ...
testing JVM in /usr/lib/jvm/default-java ...
testing JVM in /usr/lib/jvm/java-1.11.0-openjdk-amd64 ...
testing JVM in /usr/lib/jvm/java-11-openjdk-amd64 ...
No suitable Java Virtual Machine could be found on your system.
The version of the JVM must be at least 1.6 and at most 2.0.
Please define INSTALL4J_JAVA_HOME to point to a suitable JVM.
You can also try to delete the JVM cache file /home/mdomann/.install4j
Sandbox monitor: waitpid 10 retval 10 status 21248

Parent is shutting down, bye...

For some reason the jvm is not available. hm, another idea?

Micha firejail.txt

rusty-snake commented 4 years ago

No, I don't have an idea.

matu3ba commented 4 years ago

Could be related to #3360
@Micha-Btz Where is your JVM installed?

@rusty-snake You can also try to delete the JVM cache file /home/user/.install4j Is there a test command for profiles to see, if this file exists?

Micha-Btz commented 4 years ago

jvm is installed in the debian standard path

ls -lha /usr/lib/jvm/
insgesamt 12K
drwxr-xr-x 1 root root  288 Apr 17 11:53 .
drwxr-xr-x 1 root root  12K Apr 15 14:13 ..
drwxr-xr-x 1 root root   82 Apr 17 11:53 java-11-openjdk-amd64
drwxr-xr-x 1 root root   12 Mär 19  2018 java-1.5.0-gcj-5-amd64
drwxr-xr-x 1 root root   12 Mär 19  2018 java-1.5.0-gcj-6-amd64
drwxr-xr-x 1 root root   14 Apr 17 11:53 openjdk-11
lrwxrwxrwx 1 root root   25 Jul 17  2019 default-java -> java-1.11.0-openjdk-amd64
lrwxrwxrwx 1 root root   21 Okt  3  2018 java-1.11.0-openjdk-amd64 -> java-11-openjdk-amd64
-rw-r--r-- 1 root root 2,0K Apr 16 14:40 .java-1.11.0-openjdk-amd64.jinfo

I can see no difference to the jvm in firejail

firejail --debug --profile=/home/mdomann/.config/firejail/JDownloader.profile /bin/sh bash
Reading profile /home/mdomann/.config/firejail/JDownloader.profile
Found allow-java.inc profile in /etc/firejail directory
Reading profile /etc/firejail/allow-java.inc
Found disable-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-common.inc
Found disable-devel.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-devel.inc
Found disable-exec.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-exec.inc
Found disable-interpreters.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-interpreters.inc
Found disable-passwdmgr.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-passwdmgr.inc
Found disable-programs.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-programs.inc
Found disable-xdg.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-xdg.inc
Found whitelist-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-common.inc
Found whitelist-var-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-var-common.inc
Warning: networking feature is disabled in Firejail configuration file
Building quoted command line: '/bin/sh' 'bash' 
Command name #sh#
DISPLAY=:0.0 parsed as 0
Enabling IPC namespace
Using the local network stack
Parent pid 11710, child pid 11711
Initializing child process
Host network configured
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp directory
Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file
IBUS_ADDRESS=unix:abstract=/tmp/dbus-CYJC5voC,guid=a6451e14c78acb445f6f3ba95be30fb8
IBUS_DAEMON_PID=2522
Build protocol filter: unix,inet,inet6
sbox run: /run/firejail/lib/fseccomp protocol build unix,inet,inet6 /run/firejail/mnt/seccomp/seccomp.protocol (null) 
Dropping all capabilities
Drop privileges: pid 2, uid 1000, gid 1000, nogroups 1
No supplementary groups
Mounting /proc filesystem representing the PID namespace
Basic read-only filesystem:
Mounting read-only /etc
Mounting noexec /etc
Mounting read-only /var
Mounting noexec /var
Mounting read-only /bin
Mounting read-only /sbin
Mounting read-only /lib
Mounting read-only /lib64
Mounting read-only /lib32
Mounting read-only /libx32
Mounting read-only /usr
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Mounting tmpfs on /var/lib/dhcp
Mounting tmpfs on /var/lib/snmp
Mounting tmpfs on /var/lib/sudo
Mounting tmpfs on /var/cache/apache2
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Cleaning /run/user directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /home/mdomann/.config/firejail
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/profile
Disable /run/firejail/x11
Mounting tmpfs on /dev
Process /dev/shm directory
Mounting tmpfs on /home/mdomann/.cache
2224 2199 0:146 / /home/mdomann/.cache rw,nosuid,nodev,relatime - tmpfs tmpfs rw,mode=755,uid=1000,gid=1000
mountid=2224 fsname=/ dir=/home/mdomann/.cache fstype=tmpfs
Generate private-tmp whitelist commands
Mounting read-only /proc/sys
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/sched_debug
Disable /proc/timer_list
Disable /proc/kcore
Disable /proc/kallsyms
Disable /lib/modules
Disable /usr/lib/debug
Disable /boot
Disable /run/user/1000/gnupg
Disable /run/user/1000/systemd
Disable /proc/kmsg
Debug 423: new_name #/home/mdomann/media/jd2#, whitelist
Debug 531: fname #/home/mdomann/media/jd2#, cfg.homedir #/home/mdomann#
Replaced whitelist path: whitelist /home/mdomann/media/jd2
Debug 423: new_name #/home/mdomann/.XCompose#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.XCompose
    expanded: /home/mdomann/.XCompose
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.asoundrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.asoundrc
    expanded: /home/mdomann/.asoundrc
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.config/ibus#, whitelist
Debug 531: fname #/home/mdomann/.config/ibus#, cfg.homedir #/home/mdomann#
Replaced whitelist path: whitelist /home/mdomann/.config/ibus
Debug 423: new_name #/home/mdomann/.config/mimeapps.list#, whitelist
Debug 531: fname #/home/mdomann/.config/mimeapps.list#, cfg.homedir #/home/mdomann#
Replaced whitelist path: whitelist /home/mdomann/.config/mimeapps.list
Debug 423: new_name #/home/mdomann/.config/pkcs11#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/pkcs11
    expanded: /home/mdomann/.config/pkcs11
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.config/user-dirs.dirs#, whitelist
Debug 531: fname #/home/mdomann/.config/user-dirs.dirs#, cfg.homedir #/home/mdomann#
Replaced whitelist path: whitelist /home/mdomann/.config/user-dirs.dirs
Debug 423: new_name #/home/mdomann/.drirc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.drirc
    expanded: /home/mdomann/.drirc
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.icons#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.icons
    expanded: /home/mdomann/.icons
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.local/share/applications#, whitelist
Debug 531: fname #/home/mdomann/.local/share/applications#, cfg.homedir #/home/mdomann#
Replaced whitelist path: whitelist /home/mdomann/.local/share/applications
Debug 423: new_name #/home/mdomann/.local/share/icons#, whitelist
Debug 531: fname #/home/mdomann/.local/share/icons#, cfg.homedir #/home/mdomann#
Replaced whitelist path: whitelist /home/mdomann/.local/share/icons
Debug 423: new_name #/home/mdomann/.local/share/mime#, whitelist
Debug 531: fname #/home/mdomann/.local/share/mime#, cfg.homedir #/home/mdomann#
Replaced whitelist path: whitelist /home/mdomann/.local/share/mime
Debug 423: new_name #/home/mdomann/.mime.types#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.mime.types
    expanded: /home/mdomann/.mime.types
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.config/dconf#, whitelist
Debug 531: fname #/home/mdomann/.config/dconf#, cfg.homedir #/home/mdomann#
Replaced whitelist path: whitelist /home/mdomann/.config/dconf
Debug 423: new_name #/home/mdomann/.cache/fontconfig#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.cache/fontconfig
    expanded: /home/mdomann/.cache/fontconfig
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.config/fontconfig#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/fontconfig
    expanded: /home/mdomann/.config/fontconfig
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.fontconfig#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fontconfig
    expanded: /home/mdomann/.fontconfig
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.fonts#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts
    expanded: /home/mdomann/.fonts
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.fonts.conf#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf
    expanded: /home/mdomann/.fonts.conf
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.fonts.conf.d#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf.d
    expanded: /home/mdomann/.fonts.conf.d
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.fonts.d#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.d
    expanded: /home/mdomann/.fonts.d
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.local/share/fonts#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/fonts
    expanded: /home/mdomann/.local/share/fonts
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.pangorc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.pangorc
    expanded: /home/mdomann/.pangorc
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.config/gtk-2.0#, whitelist
Debug 531: fname #/home/mdomann/.config/gtk-2.0#, cfg.homedir #/home/mdomann#
Replaced whitelist path: whitelist /home/mdomann/.config/gtk-2.0
Debug 423: new_name #/home/mdomann/.config/gtk-3.0#, whitelist
Debug 531: fname #/home/mdomann/.config/gtk-3.0#, cfg.homedir #/home/mdomann#
Replaced whitelist path: whitelist /home/mdomann/.config/gtk-3.0
Debug 423: new_name #/home/mdomann/.config/gtkrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc
    expanded: /home/mdomann/.config/gtkrc
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.config/gtkrc-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc-2.0
    expanded: /home/mdomann/.config/gtkrc-2.0
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.gnome2#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2
    expanded: /home/mdomann/.gnome2
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.gnome2-private#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2-private
    expanded: /home/mdomann/.gnome2-private
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.gtk-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtk-2.0
    expanded: /home/mdomann/.gtk-2.0
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.gtkrc#, whitelist
Debug 531: fname #/home/mdomann/.gtkrc#, cfg.homedir #/home/mdomann#
Replaced whitelist path: whitelist /home/mdomann/.gtkrc
Debug 423: new_name #/home/mdomann/.gtkrc-2.0#, whitelist
Debug 531: fname #/home/mdomann/.gtkrc-2.0#, cfg.homedir #/home/mdomann#
Replaced whitelist path: whitelist /home/mdomann/.gtkrc-2.0
Debug 423: new_name #/home/mdomann/.kde/share/config/gtkrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc
    expanded: /home/mdomann/.kde/share/config/gtkrc
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.kde/share/config/gtkrc-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc-2.0
    expanded: /home/mdomann/.kde/share/config/gtkrc-2.0
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.kde4/share/config/gtkrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc
    expanded: /home/mdomann/.kde4/share/config/gtkrc
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.kde4/share/config/gtkrc-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc-2.0
    expanded: /home/mdomann/.kde4/share/config/gtkrc-2.0
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.local/share/themes#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/themes
    expanded: /home/mdomann/.local/share/themes
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.themes#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.themes
    expanded: /home/mdomann/.themes
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.cache/kioexec/krun#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.cache/kioexec/krun
    expanded: /home/mdomann/.cache/kioexec/krun
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.config/Kvantum#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/Kvantum
    expanded: /home/mdomann/.config/Kvantum
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.config/Trolltech.conf#, whitelist
Debug 531: fname #/home/mdomann/.config/Trolltech.conf#, cfg.homedir #/home/mdomann#
Replaced whitelist path: whitelist /home/mdomann/.config/Trolltech.conf
Debug 423: new_name #/home/mdomann/.config/kdeglobals#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kdeglobals
    expanded: /home/mdomann/.config/kdeglobals
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.config/kio_httprc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kio_httprc
    expanded: /home/mdomann/.config/kio_httprc
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.config/kioslaverc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kioslaverc
    expanded: /home/mdomann/.config/kioslaverc
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.config/ksslcablacklist#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/ksslcablacklist
    expanded: /home/mdomann/.config/ksslcablacklist
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.config/qt5ct#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/qt5ct
    expanded: /home/mdomann/.config/qt5ct
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.kde/share/config/kdeglobals#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kdeglobals
    expanded: /home/mdomann/.kde/share/config/kdeglobals
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.kde/share/config/kio_httprc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kio_httprc
    expanded: /home/mdomann/.kde/share/config/kio_httprc
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.kde/share/config/kioslaverc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kioslaverc
    expanded: /home/mdomann/.kde/share/config/kioslaverc
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.kde/share/config/ksslcablacklist#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/ksslcablacklist
    expanded: /home/mdomann/.kde/share/config/ksslcablacklist
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.kde/share/config/oxygenrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/oxygenrc
    expanded: /home/mdomann/.kde/share/config/oxygenrc
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.kde/share/icons#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/icons
    expanded: /home/mdomann/.kde/share/icons
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.kde4/share/config/kdeglobals#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kdeglobals
    expanded: /home/mdomann/.kde4/share/config/kdeglobals
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.kde4/share/config/kio_httprc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kio_httprc
    expanded: /home/mdomann/.kde4/share/config/kio_httprc
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.kde4/share/config/kioslaverc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kioslaverc
    expanded: /home/mdomann/.kde4/share/config/kioslaverc
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.kde4/share/config/ksslcablacklist#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/ksslcablacklist
    expanded: /home/mdomann/.kde4/share/config/ksslcablacklist
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.kde4/share/config/oxygenrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/oxygenrc
    expanded: /home/mdomann/.kde4/share/config/oxygenrc
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.kde4/share/icons#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/icons
    expanded: /home/mdomann/.kde4/share/icons
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.local/share/qt5ct#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/qt5ct
    expanded: /home/mdomann/.local/share/qt5ct
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/var/lib/dbus#, whitelist
Debug 423: new_name #/var/lib/menu-xdg#, whitelist
Debug 423: new_name #/var/cache/fontconfig#, whitelist
Debug 423: new_name #/var/tmp#, whitelist
Debug 423: new_name #/var/run#, whitelist
Replaced whitelist path: whitelist /run
Debug 423: new_name #/var/lock#, whitelist
Replaced whitelist path: whitelist /run/lock
Debug 423: new_name #/tmp/.X11-unix#, whitelist
Mounting tmpfs on /tmp directory
Mounting tmpfs on /var directory
Drop privileges: pid 3, uid 1000, gid 1000, nogroups 0
Supplementary groups: 29 
Mounting a new /home directory
Mounting a new /root directory
Create a new user directory
Drop privileges: pid 4, uid 1000, gid 1000, nogroups 0
Supplementary groups: 29 
Drop privileges: pid 5, uid 1000, gid 1000, nogroups 0
Supplementary groups: 29 
Whitelisting /home/mdomann/media/jd2
2246 2244 0:60 /homefs/mdomann/media/jd2 /home/mdomann/media/jd2 rw,nosuid,nodev,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=661,subvol=/homefs/mdomann/media/jd2
mountid=2246 fsname=/homefs/mdomann/media/jd2 dir=/home/mdomann/media/jd2 fstype=btrfs
Whitelisting /home/mdomann/.config/ibus
2247 2244 0:60 /homefs/mdomann/.config/ibus /home/mdomann/.config/ibus rw,nosuid,nodev,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs/mdomann/.config/ibus
mountid=2247 fsname=/homefs/mdomann/.config/ibus dir=/home/mdomann/.config/ibus fstype=btrfs
Whitelisting /home/mdomann/.config/mimeapps.list
2248 2244 0:60 /homefs/mdomann/.config/mimeapps.list /home/mdomann/.config/mimeapps.list rw,nosuid,nodev,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs/mdomann/.config/mimeapps.list
mountid=2248 fsname=/homefs/mdomann/.config/mimeapps.list dir=/home/mdomann/.config/mimeapps.list fstype=btrfs
Whitelisting /home/mdomann/.config/user-dirs.dirs
2249 2244 0:60 /homefs/mdomann/.config/user-dirs.dirs /home/mdomann/.config/user-dirs.dirs rw,nosuid,nodev,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs/mdomann/.config/user-dirs.dirs
mountid=2249 fsname=/homefs/mdomann/.config/user-dirs.dirs dir=/home/mdomann/.config/user-dirs.dirs fstype=btrfs
Whitelisting /home/mdomann/.local/share/applications
2250 2244 0:60 /homefs/mdomann/.local/share/applications /home/mdomann/.local/share/applications rw,nosuid,nodev,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs/mdomann/.local/share/applications
mountid=2250 fsname=/homefs/mdomann/.local/share/applications dir=/home/mdomann/.local/share/applications fstype=btrfs
Whitelisting /home/mdomann/.local/share/icons
2251 2244 0:60 /homefs/mdomann/.local/share/icons /home/mdomann/.local/share/icons rw,nosuid,nodev,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs/mdomann/.local/share/icons
mountid=2251 fsname=/homefs/mdomann/.local/share/icons dir=/home/mdomann/.local/share/icons fstype=btrfs
Whitelisting /home/mdomann/.local/share/mime
2252 2244 0:60 /homefs/mdomann/.local/share/mime /home/mdomann/.local/share/mime rw,nosuid,nodev,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs/mdomann/.local/share/mime
mountid=2252 fsname=/homefs/mdomann/.local/share/mime dir=/home/mdomann/.local/share/mime fstype=btrfs
Whitelisting /home/mdomann/.config/dconf
2253 2244 0:60 /homefs/mdomann/.config/dconf /home/mdomann/.config/dconf rw,nosuid,nodev,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs/mdomann/.config/dconf
mountid=2253 fsname=/homefs/mdomann/.config/dconf dir=/home/mdomann/.config/dconf fstype=btrfs
Whitelisting /home/mdomann/.config/gtk-2.0
2254 2244 0:60 /homefs/mdomann/.config/gtk-2.0 /home/mdomann/.config/gtk-2.0 rw,nosuid,nodev,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs/mdomann/.config/gtk-2.0
mountid=2254 fsname=/homefs/mdomann/.config/gtk-2.0 dir=/home/mdomann/.config/gtk-2.0 fstype=btrfs
Whitelisting /home/mdomann/.config/gtk-3.0
2255 2244 0:60 /homefs/mdomann/.config/gtk-3.0 /home/mdomann/.config/gtk-3.0 rw,nosuid,nodev,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs/mdomann/.config/gtk-3.0
mountid=2255 fsname=/homefs/mdomann/.config/gtk-3.0 dir=/home/mdomann/.config/gtk-3.0 fstype=btrfs
Whitelisting /home/mdomann/.gtkrc
2256 2244 0:60 /homefs/mdomann/.gtkrc /home/mdomann/.gtkrc rw,nosuid,nodev,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs/mdomann/.gtkrc
mountid=2256 fsname=/homefs/mdomann/.gtkrc dir=/home/mdomann/.gtkrc fstype=btrfs
Whitelisting /home/mdomann/.gtkrc-2.0
2257 2244 0:60 /homefs/mdomann/.gtkrc-2.0 /home/mdomann/.gtkrc-2.0 rw,nosuid,nodev,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs/mdomann/.gtkrc-2.0
mountid=2257 fsname=/homefs/mdomann/.gtkrc-2.0 dir=/home/mdomann/.gtkrc-2.0 fstype=btrfs
Whitelisting /home/mdomann/.config/Trolltech.conf
2258 2244 0:60 /homefs/mdomann/.config/Trolltech.conf /home/mdomann/.config/Trolltech.conf rw,nosuid,nodev,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs/mdomann/.config/Trolltech.conf
mountid=2258 fsname=/homefs/mdomann/.config/Trolltech.conf dir=/home/mdomann/.config/Trolltech.conf fstype=btrfs
Whitelisting /var/lib/dbus
2259 2239 0:23 /rootfs/var/lib/dbus /var/lib/dbus ro,nosuid,nodev,noexec,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs/var/lib/dbus
mountid=2259 fsname=/rootfs/var/lib/dbus dir=/var/lib/dbus fstype=btrfs
Whitelisting /var/lib/menu-xdg
2260 2239 0:23 /rootfs/var/lib/menu-xdg /var/lib/menu-xdg ro,nosuid,nodev,noexec,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs/var/lib/menu-xdg
mountid=2260 fsname=/rootfs/var/lib/menu-xdg dir=/var/lib/menu-xdg fstype=btrfs
Whitelisting /var/cache/fontconfig
2261 2239 0:23 /rootfs/var/cache/fontconfig /var/cache/fontconfig ro,nosuid,nodev,noexec,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs/var/cache/fontconfig
mountid=2261 fsname=/rootfs/var/cache/fontconfig dir=/var/cache/fontconfig fstype=btrfs
Whitelisting /var/tmp
2262 2239 0:134 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw
mountid=2262 fsname=/ dir=/var/tmp fstype=tmpfs
Created symbolic link /var/run -> /run
Created symbolic link /var/lock -> /run/lock
Whitelisting /tmp/.X11-unix
2263 2230 0:50 /.X11-unix /tmp/.X11-unix rw,relatime master:33 - tmpfs tmpfs rw,size=4194304k
mountid=2263 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Disable /etc/X11/Xsession.d
Disable /etc/xdg/autostart
Mounting read-only /home/mdomann/.Xauthority
2269 2244 0:151 /mdomann/.Xauthority /home/mdomann/.Xauthority ro,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755
mountid=2269 fsname=/mdomann/.Xauthority dir=/home/mdomann/.Xauthority fstype=tmpfs
Mounting read-only /home/mdomann/.config/dconf
2270 2253 0:60 /homefs/mdomann/.config/dconf /home/mdomann/.config/dconf ro,nosuid,nodev,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs/mdomann/.config/dconf
mountid=2270 fsname=/homefs/mdomann/.config/dconf dir=/home/mdomann/.config/dconf fstype=btrfs
Disable /run/acpid.socket (requested /var/run/acpid.socket)
Disable /run/rpcbind.sock (requested /var/run/rpcbind.sock)
Disable /etc/anacrontab
Disable /etc/cron.d
Disable /etc/cron.daily
Disable /etc/cron.hourly
Disable /etc/cron.monthly
Disable /etc/cron.weekly
Disable /etc/cron.deny
Disable /etc/crontab
Disable /etc/crontab.dpkg-dist
Disable /etc/profile.d
Disable /etc/rc2.d
Disable /etc/rc3.d
Disable /etc/rc4.d
Disable /etc/rc5.d
Disable /etc/rc0.d
Disable /etc/rc1.d
Disable /etc/rc6.d
Disable /etc/rcS.d
Disable /etc/kernel
Disable /etc/kernel-img.conf
Disable /etc/grub.d
Disable /etc/dkms
Disable /etc/apparmor.d
Disable /etc/apparmor
Disable /etc/selinux
Disable /etc/modules
Disable /etc/modules-load.d
Disable /etc/logrotate.d
Disable /etc/logrotate.conf
Disable /etc/adduser.conf
Mounting read-only /home/mdomann/.bashrc
2303 2244 0:151 /mdomann/.bashrc /home/mdomann/.bashrc ro,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755
mountid=2303 fsname=/mdomann/.bashrc dir=/home/mdomann/.bashrc fstype=tmpfs
Mounting read-only /home/mdomann/.local/share/applications
2304 2250 0:60 /homefs/mdomann/.local/share/applications /home/mdomann/.local/share/applications ro,nosuid,nodev,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs/mdomann/.local/share/applications
mountid=2304 fsname=/homefs/mdomann/.local/share/applications dir=/home/mdomann/.local/share/applications fstype=btrfs
Disable /etc/davfs2/secrets
Disable /etc/group-
Disable /etc/gshadow
Disable /etc/gshadow-
Disable /etc/passwd-
Disable /etc/shadow
Disable /etc/shadow-
Disable /etc/ssh
Disable /sbin
Disable /usr/local/sbin
Disable /usr/sbin
Disable /usr/bin/at
Disable /usr/bin/chage
Disable /usr/bin/chfn
Disable /usr/bin/chsh
Disable /usr/bin/crontab
Disable /usr/bin/expiry
Disable /bin/fusermount3 (requested /bin/fusermount)
Disable /usr/bin/gpasswd
Disable /bin/mount
Disable /bin/nc.traditional (requested /bin/nc)
Disable /usr/bin/newgrp
Disable /bin/ntfs-3g
Disable /usr/bin/pkexec
Disable /usr/bin/procmail
Disable /usr/bin/newgrp (requested /usr/bin/sg)
Disable /usr/bin/strace
Disable /bin/su
Disable /usr/bin/sudo
Disable /bin/umount
Disable /usr/bin/xev
Disable /usr/bin/xinput
Disable /usr/bin/xfce4-terminal
Disable /usr/bin/xfce4-terminal.wrapper
Disable /usr/share/flatpak
Disable /usr/bin/bwrap
Disable /usr/lib/llvm-7/bin/clang (requested /usr/bin/clang++-7)
Disable /usr/lib/llvm-7/bin/clang (requested /usr/bin/clang-7)
Disable /usr/lib/llvm-7/bin/clang (requested /usr/bin/clang-cpp-7)
Disable /usr/lib/llvm-9/bin/llvm-dwarfdump (requested /usr/bin/llvm-dwarfdump-9)
Disable /usr/lib/llvm-9/bin/llvm-dwp (requested /usr/bin/llvm-dwp-9)
Disable /usr/lib/llvm-9/bin/llvm-elfabi (requested /usr/bin/llvm-elfabi-9)
Disable /usr/lib/llvm-9/bin/llvm-exegesis (requested /usr/bin/llvm-exegesis-9)
Disable /usr/lib/llvm-9/bin/llvm-extract (requested /usr/bin/llvm-extract-9)
Disable /usr/lib/llvm-9/bin/llvm-jitlink (requested /usr/bin/llvm-jitlink-9)
Disable /usr/lib/llvm-9/bin/llvm-ar (requested /usr/bin/llvm-lib-9)
Disable /usr/lib/llvm-9/bin/llvm-link (requested /usr/bin/llvm-link-9)
Disable /usr/lib/llvm-9/bin/llvm-lipo (requested /usr/bin/llvm-lipo-9)
Disable /usr/lib/llvm-9/bin/llvm-lto (requested /usr/bin/llvm-lto-9)
Disable /usr/lib/llvm-9/bin/llvm-lto2 (requested /usr/bin/llvm-lto2-9)
Disable /usr/lib/llvm-9/bin/llvm-mc (requested /usr/bin/llvm-mc-9)
Disable /usr/lib/llvm-9/bin/llvm-mca (requested /usr/bin/llvm-mca-9)
Disable /usr/lib/llvm-9/bin/llvm-modextract (requested /usr/bin/llvm-modextract-9)
Disable /usr/lib/llvm-9/bin/llvm-mt (requested /usr/bin/llvm-mt-9)
Disable /usr/lib/llvm-9/bin/llvm-nm (requested /usr/bin/llvm-nm-9)
Disable /usr/lib/llvm-9/bin/llvm-objcopy (requested /usr/bin/llvm-objcopy-9)
Disable /usr/lib/llvm-9/bin/llvm-objdump (requested /usr/bin/llvm-objdump-9)
Disable /usr/lib/llvm-9/bin/llvm-opt-report (requested /usr/bin/llvm-opt-report-9)
Disable /usr/lib/llvm-9/bin/llvm-pdbutil (requested /usr/bin/llvm-pdbutil-9)
Disable /usr/lib/llvm-9/bin/llvm-profdata (requested /usr/bin/llvm-profdata-9)
Disable /usr/lib/llvm-9/bin/llvm-ar (requested /usr/bin/llvm-ranlib-9)
Disable /usr/lib/llvm-9/bin/llvm-rc (requested /usr/bin/llvm-rc-9)
Disable /usr/lib/llvm-9/bin/llvm-readobj (requested /usr/bin/llvm-readelf-9)
Disable /usr/lib/llvm-9/bin/llvm-readobj (requested /usr/bin/llvm-readobj-9)
Disable /usr/lib/llvm-9/bin/llvm-rtdyld (requested /usr/bin/llvm-rtdyld-9)
Disable /usr/lib/llvm-9/bin/llvm-size (requested /usr/bin/llvm-size-9)
Disable /usr/lib/llvm-9/bin/llvm-split (requested /usr/bin/llvm-split-9)
Disable /usr/lib/llvm-9/bin/llvm-stress (requested /usr/bin/llvm-stress-9)
Disable /usr/lib/llvm-9/bin/llvm-strings (requested /usr/bin/llvm-strings-9)
Disable /usr/lib/llvm-9/bin/llvm-objcopy (requested /usr/bin/llvm-strip-9)
Disable /usr/lib/llvm-9/bin/llvm-symbolizer (requested /usr/bin/llvm-symbolizer-9)
Disable /usr/lib/llvm-9/bin/llvm-tblgen (requested /usr/bin/llvm-tblgen-9)
Disable /usr/lib/llvm-9/bin/llvm-undname (requested /usr/bin/llvm-undname-9)
Disable /usr/lib/llvm-9/bin/llvm-xray (requested /usr/bin/llvm-xray-9)
Disable /usr/lib/llvm-7/bin/llvm-PerfectShuffle (requested /usr/bin/llvm-PerfectShuffle-7)
Disable /usr/lib/llvm-7/bin/llvm-ar (requested /usr/bin/llvm-ar-7)
Disable /usr/lib/llvm-7/bin/llvm-as (requested /usr/bin/llvm-as-7)
Disable /usr/lib/llvm-7/bin/llvm-bcanalyzer (requested /usr/bin/llvm-bcanalyzer-7)
Disable /usr/lib/llvm-7/bin/llvm-c-test (requested /usr/bin/llvm-c-test-7)
Disable /usr/lib/llvm-7/bin/llvm-cat (requested /usr/bin/llvm-cat-7)
Disable /usr/lib/llvm-7/bin/llvm-cfi-verify (requested /usr/bin/llvm-cfi-verify-7)
Disable /usr/lib/llvm-7/bin/llvm-config (requested /usr/bin/llvm-config-7)
Disable /usr/lib/llvm-7/bin/llvm-cov (requested /usr/bin/llvm-cov-7)
Disable /usr/lib/llvm-7/bin/llvm-cvtres (requested /usr/bin/llvm-cvtres-7)
Disable /usr/lib/llvm-7/bin/llvm-cxxdump (requested /usr/bin/llvm-cxxdump-7)
Disable /usr/lib/llvm-7/bin/llvm-cxxfilt (requested /usr/bin/llvm-cxxfilt-7)
Disable /usr/lib/llvm-7/bin/llvm-diff (requested /usr/bin/llvm-diff-7)
Disable /usr/lib/llvm-7/bin/llvm-dis (requested /usr/bin/llvm-dis-7)
Disable /usr/lib/llvm-7/bin/llvm-ar (requested /usr/bin/llvm-dlltool-7)
Disable /usr/lib/llvm-7/bin/llvm-dwarfdump (requested /usr/bin/llvm-dwarfdump-7)
Disable /usr/lib/llvm-7/bin/llvm-dwp (requested /usr/bin/llvm-dwp-7)
Disable /usr/lib/llvm-7/bin/llvm-exegesis (requested /usr/bin/llvm-exegesis-7)
Disable /usr/lib/llvm-7/bin/llvm-extract (requested /usr/bin/llvm-extract-7)
Disable /usr/lib/llvm-7/bin/llvm-ar (requested /usr/bin/llvm-lib-7)
Disable /usr/lib/llvm-7/bin/llvm-link (requested /usr/bin/llvm-link-7)
Disable /usr/lib/llvm-7/bin/llvm-lto (requested /usr/bin/llvm-lto-7)
Disable /usr/lib/llvm-7/bin/llvm-lto2 (requested /usr/bin/llvm-lto2-7)
Disable /usr/lib/llvm-7/bin/llvm-mc (requested /usr/bin/llvm-mc-7)
Disable /usr/lib/llvm-7/bin/llvm-mca (requested /usr/bin/llvm-mca-7)
Disable /usr/lib/llvm-7/bin/llvm-modextract (requested /usr/bin/llvm-modextract-7)
Disable /usr/lib/llvm-7/bin/llvm-mt (requested /usr/bin/llvm-mt-7)
Disable /usr/lib/llvm-7/bin/llvm-nm (requested /usr/bin/llvm-nm-7)
Disable /usr/lib/llvm-7/bin/llvm-objcopy (requested /usr/bin/llvm-objcopy-7)
Disable /usr/lib/llvm-7/bin/llvm-objdump (requested /usr/bin/llvm-objdump-7)
Disable /usr/lib/llvm-7/bin/llvm-opt-report (requested /usr/bin/llvm-opt-report-7)
Disable /usr/lib/llvm-7/bin/llvm-pdbutil (requested /usr/bin/llvm-pdbutil-7)
Disable /usr/lib/llvm-7/bin/llvm-profdata (requested /usr/bin/llvm-profdata-7)
Disable /usr/lib/llvm-7/bin/llvm-ar (requested /usr/bin/llvm-ranlib-7)
Disable /usr/lib/llvm-7/bin/llvm-rc (requested /usr/bin/llvm-rc-7)
Disable /usr/lib/llvm-7/bin/llvm-readobj (requested /usr/bin/llvm-readelf-7)
Disable /usr/lib/llvm-7/bin/llvm-readobj (requested /usr/bin/llvm-readobj-7)
Disable /usr/lib/llvm-7/bin/llvm-rtdyld (requested /usr/bin/llvm-rtdyld-7)
Disable /usr/lib/llvm-7/bin/llvm-size (requested /usr/bin/llvm-size-7)
Disable /usr/lib/llvm-7/bin/llvm-split (requested /usr/bin/llvm-split-7)
Disable /usr/lib/llvm-7/bin/llvm-stress (requested /usr/bin/llvm-stress-7)
Disable /usr/lib/llvm-7/bin/llvm-strings (requested /usr/bin/llvm-strings-7)
Disable /usr/lib/llvm-7/bin/llvm-objcopy (requested /usr/bin/llvm-strip-7)
Disable /usr/lib/llvm-7/bin/llvm-symbolizer (requested /usr/bin/llvm-symbolizer-7)
Disable /usr/lib/llvm-7/bin/llvm-tblgen (requested /usr/bin/llvm-tblgen-7)
Disable /usr/lib/llvm-7/bin/llvm-undname (requested /usr/bin/llvm-undname-7)
Disable /usr/lib/llvm-7/bin/llvm-xray (requested /usr/bin/llvm-xray-7)
Disable /usr/lib/llvm-9/bin/llvm-PerfectShuffle (requested /usr/bin/llvm-PerfectShuffle-9)
Disable /usr/lib/llvm-9/bin/llvm-symbolizer (requested /usr/bin/llvm-addr2line-9)
Disable /usr/lib/llvm-9/bin/llvm-ar (requested /usr/bin/llvm-ar-9)
Disable /usr/lib/llvm-9/bin/llvm-as (requested /usr/bin/llvm-as-9)
Disable /usr/lib/llvm-9/bin/llvm-bcanalyzer (requested /usr/bin/llvm-bcanalyzer-9)
Disable /usr/lib/llvm-9/bin/llvm-c-test (requested /usr/bin/llvm-c-test-9)
Disable /usr/lib/llvm-9/bin/llvm-cat (requested /usr/bin/llvm-cat-9)
Disable /usr/lib/llvm-9/bin/llvm-cfi-verify (requested /usr/bin/llvm-cfi-verify-9)
Disable /usr/lib/llvm-9/bin/llvm-config (requested /usr/bin/llvm-config-9)
Disable /usr/lib/llvm-9/bin/llvm-cov (requested /usr/bin/llvm-cov-9)
Disable /usr/lib/llvm-9/bin/llvm-cvtres (requested /usr/bin/llvm-cvtres-9)
Disable /usr/lib/llvm-9/bin/llvm-cxxdump (requested /usr/bin/llvm-cxxdump-9)
Disable /usr/lib/llvm-9/bin/llvm-cxxfilt (requested /usr/bin/llvm-cxxfilt-9)
Disable /usr/lib/llvm-9/bin/llvm-cxxmap (requested /usr/bin/llvm-cxxmap-9)
Disable /usr/lib/llvm-9/bin/llvm-diff (requested /usr/bin/llvm-diff-9)
Disable /usr/lib/llvm-9/bin/llvm-dis (requested /usr/bin/llvm-dis-9)
Disable /usr/lib/llvm-9/bin/llvm-ar (requested /usr/bin/llvm-dlltool-9)
Disable /usr/bin/x86_64-linux-gnu-as (requested /usr/bin/as)
Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /usr/bin/cc)
Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /usr/bin/c++)
Disable /usr/bin/x86_64-linux-gnu-c++filt (requested /usr/bin/c++filt)
Disable /usr/bin/c89-gcc (requested /usr/bin/c89)
Disable /usr/bin/c89-gcc
Disable /usr/bin/c99-gcc (requested /usr/bin/c99)
Disable /usr/bin/c99-gcc
Disable /usr/bin/cpp-5
Disable /usr/bin/x86_64-linux-gnu-cpp-6 (requested /usr/bin/cpp-6)
Disable /usr/bin/x86_64-linux-gnu-cpp-9 (requested /usr/bin/cpp)
Disable /usr/bin/x86_64-linux-gnu-cpp-7 (requested /usr/bin/cpp-7)
Disable /usr/bin/x86_64-linux-gnu-cpp-9 (requested /usr/bin/cpp-9)
Disable /usr/bin/g++-5
Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /usr/bin/g++)
Disable /usr/bin/x86_64-linux-gnu-g++-7 (requested /usr/bin/g++-7)
Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /usr/bin/g++-9)
Disable /usr/bin/gcc-5
Disable /usr/bin/gcc-ar-5
Disable /usr/bin/gcc-nm-5
Disable /usr/bin/gcc-ranlib-5
Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /usr/bin/gcc)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9 (requested /usr/bin/gcc-ar)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9 (requested /usr/bin/gcc-nm)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9 (requested /usr/bin/gcc-ranlib)
Disable /usr/bin/x86_64-linux-gnu-gcc-7 (requested /usr/bin/gcc-7)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-7 (requested /usr/bin/gcc-ar-7)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-7 (requested /usr/bin/gcc-nm-7)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-7 (requested /usr/bin/gcc-ranlib-7)
Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /usr/bin/gcc-9)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9 (requested /usr/bin/gcc-ar-9)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9 (requested /usr/bin/gcc-nm-9)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9 (requested /usr/bin/gcc-ranlib-9)
Disable /usr/bin/gdb
Disable /usr/bin/x86_64-linux-gnu-ld.bfd (requested /usr/bin/ld)
Disable /usr/bin/gcc-5 (requested /usr/bin/x86_64-linux-gnu-gcc-5)
Disable /usr/bin/gcc-ar-5 (requested /usr/bin/x86_64-linux-gnu-gcc-ar-5)
Disable /usr/bin/gcc-nm-5 (requested /usr/bin/x86_64-linux-gnu-gcc-nm-5)
Disable /usr/bin/gcc-ranlib-5 (requested /usr/bin/x86_64-linux-gnu-gcc-ranlib-5)
Disable /usr/bin/c89-gcc
Disable /usr/bin/c99-gcc
Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /usr/bin/x86_64-linux-gnu-gcc)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9 (requested /usr/bin/x86_64-linux-gnu-gcc-ar)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9 (requested /usr/bin/x86_64-linux-gnu-gcc-nm)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9 (requested /usr/bin/x86_64-linux-gnu-gcc-ranlib)
Disable /usr/bin/aarch64-linux-gnu-gcc-9 (requested /usr/bin/aarch64-linux-gnu-gcc)
Disable /usr/bin/aarch64-linux-gnu-gcc-ar-9 (requested /usr/bin/aarch64-linux-gnu-gcc-ar)
Disable /usr/bin/aarch64-linux-gnu-gcc-nm-9 (requested /usr/bin/aarch64-linux-gnu-gcc-nm)
Disable /usr/bin/aarch64-linux-gnu-gcc-ranlib-9 (requested /usr/bin/aarch64-linux-gnu-gcc-ranlib)
Disable /usr/bin/x86_64-linux-gnu-gcc-7
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-7
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-7
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-7
Disable /usr/bin/aarch64-linux-gnu-gcc-9
Disable /usr/bin/aarch64-linux-gnu-gcc-ar-9
Disable /usr/bin/aarch64-linux-gnu-gcc-nm-9
Disable /usr/bin/aarch64-linux-gnu-gcc-ranlib-9
Disable /usr/bin/x86_64-linux-gnu-gcc-9
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9
Disable /usr/bin/g++-5 (requested /usr/bin/x86_64-linux-gnu-g++-5)
Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /usr/bin/x86_64-linux-gnu-g++)
Disable /usr/bin/x86_64-linux-gnu-g++-7
Disable /usr/bin/x86_64-linux-gnu-g++-9
Disable /usr/bin/gcc-5 (requested /usr/bin/x86_64-linux-gnu-gcc-5)
Disable /usr/bin/gcc-ar-5 (requested /usr/bin/x86_64-linux-gnu-gcc-ar-5)
Disable /usr/bin/gcc-nm-5 (requested /usr/bin/x86_64-linux-gnu-gcc-nm-5)
Disable /usr/bin/gcc-ranlib-5 (requested /usr/bin/x86_64-linux-gnu-gcc-ranlib-5)
Disable /usr/bin/c89-gcc
Disable /usr/bin/c99-gcc
Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /usr/bin/x86_64-linux-gnu-gcc)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9 (requested /usr/bin/x86_64-linux-gnu-gcc-ar)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9 (requested /usr/bin/x86_64-linux-gnu-gcc-nm)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9 (requested /usr/bin/x86_64-linux-gnu-gcc-ranlib)
Disable /usr/bin/aarch64-linux-gnu-gcc-9 (requested /usr/bin/aarch64-linux-gnu-gcc)
Disable /usr/bin/aarch64-linux-gnu-gcc-ar-9 (requested /usr/bin/aarch64-linux-gnu-gcc-ar)
Disable /usr/bin/aarch64-linux-gnu-gcc-nm-9 (requested /usr/bin/aarch64-linux-gnu-gcc-nm)
Disable /usr/bin/aarch64-linux-gnu-gcc-ranlib-9 (requested /usr/bin/aarch64-linux-gnu-gcc-ranlib)
Disable /usr/bin/x86_64-linux-gnu-gcc-7
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-7
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-7
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-7
Disable /usr/bin/aarch64-linux-gnu-gcc-9
Disable /usr/bin/aarch64-linux-gnu-gcc-ar-9
Disable /usr/bin/aarch64-linux-gnu-gcc-nm-9
Disable /usr/bin/aarch64-linux-gnu-gcc-ranlib-9
Disable /usr/bin/x86_64-linux-gnu-gcc-9
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9
Disable /usr/bin/g++-5 (requested /usr/bin/x86_64-linux-gnu-g++-5)
Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /usr/bin/x86_64-linux-gnu-g++)
Disable /usr/bin/x86_64-linux-gnu-g++-7
Disable /usr/bin/x86_64-linux-gnu-g++-9
Disable /usr/include
Disable /usr/lib/go-1.14/bin/go (requested /usr/bin/go)
Disable /usr/lib/go-1.14/bin/gofmt (requested /usr/bin/gofmt)
Not blacklist /usr/local/bin/java
Not blacklist /usr/bin/java
Not blacklist /bin/java
Not blacklist /usr/local/games/java
Not blacklist /usr/games/java
Not blacklist /sbin/java
Not blacklist /usr/local/sbin/java
Not blacklist /home/mdomann/.scripte/java
Not blacklist /usr/sbin/java
Not blacklist /home/mdomann/.scripte/backup/java
Not blacklist /home/mdomann/.dotfiles/bin/java
Not blacklist /home/mdomann/.local/bin/java
Not blacklist /home/mdomann/handy/android_home_tools/android-sdk-linux/platform-tools/java
Not blacklist /home/mdomann/handy/android_home_tools/android-sdk-linux/tools/java
Not blacklist /home/mdomann/handy/android_home_tools/android-sdk-linux/tools/bin/java
Disable /usr/lib/jvm/java-11-openjdk-amd64/bin/javac (requested /usr/bin/javac)
Not blacklist /etc/java
Not blacklist /usr/lib/java
Not blacklist /usr/share/java
Disable /usr/bin/openssl
Disable /usr/lib/valgrind
Mounting noexec /home/mdomann/media/jd2
2544 2246 0:60 /homefs/mdomann/media/jd2 /home/mdomann/media/jd2 rw,nosuid,nodev,noexec,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=661,subvol=/homefs/mdomann/media/jd2
mountid=2544 fsname=/homefs/mdomann/media/jd2 dir=/home/mdomann/media/jd2 fstype=btrfs
Mounting noexec /home/mdomann/.config/ibus
2545 2247 0:60 /homefs/mdomann/.config/ibus /home/mdomann/.config/ibus rw,nosuid,nodev,noexec,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs/mdomann/.config/ibus
mountid=2545 fsname=/homefs/mdomann/.config/ibus dir=/home/mdomann/.config/ibus fstype=btrfs
Mounting noexec /home/mdomann/.config/mimeapps.list
2546 2248 0:60 /homefs/mdomann/.config/mimeapps.list /home/mdomann/.config/mimeapps.list rw,nosuid,nodev,noexec,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs/mdomann/.config/mimeapps.list
mountid=2546 fsname=/homefs/mdomann/.config/mimeapps.list dir=/home/mdomann/.config/mimeapps.list fstype=btrfs
Mounting noexec /home/mdomann/.config/user-dirs.dirs
2547 2249 0:60 /homefs/mdomann/.config/user-dirs.dirs /home/mdomann/.config/user-dirs.dirs rw,nosuid,nodev,noexec,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs/mdomann/.config/user-dirs.dirs
mountid=2547 fsname=/homefs/mdomann/.config/user-dirs.dirs dir=/home/mdomann/.config/user-dirs.dirs fstype=btrfs
Mounting noexec /home/mdomann/.local/share/applications
2548 2304 0:60 /homefs/mdomann/.local/share/applications /home/mdomann/.local/share/applications ro,nosuid,nodev,noexec,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs/mdomann/.local/share/applications
mountid=2548 fsname=/homefs/mdomann/.local/share/applications dir=/home/mdomann/.local/share/applications fstype=btrfs
Mounting noexec /home/mdomann/.local/share/icons
2549 2251 0:60 /homefs/mdomann/.local/share/icons /home/mdomann/.local/share/icons rw,nosuid,nodev,noexec,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs/mdomann/.local/share/icons
mountid=2549 fsname=/homefs/mdomann/.local/share/icons dir=/home/mdomann/.local/share/icons fstype=btrfs
Mounting noexec /home/mdomann/.local/share/mime
2550 2252 0:60 /homefs/mdomann/.local/share/mime /home/mdomann/.local/share/mime rw,nosuid,nodev,noexec,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs/mdomann/.local/share/mime
mountid=2550 fsname=/homefs/mdomann/.local/share/mime dir=/home/mdomann/.local/share/mime fstype=btrfs
Mounting noexec /home/mdomann/.config/dconf
2551 2270 0:60 /homefs/mdomann/.config/dconf /home/mdomann/.config/dconf ro,nosuid,nodev,noexec,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs/mdomann/.config/dconf
mountid=2551 fsname=/homefs/mdomann/.config/dconf dir=/home/mdomann/.config/dconf fstype=btrfs
Mounting noexec /home/mdomann/.config/gtk-2.0
2552 2254 0:60 /homefs/mdomann/.config/gtk-2.0 /home/mdomann/.config/gtk-2.0 rw,nosuid,nodev,noexec,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs/mdomann/.config/gtk-2.0
mountid=2552 fsname=/homefs/mdomann/.config/gtk-2.0 dir=/home/mdomann/.config/gtk-2.0 fstype=btrfs
Mounting noexec /home/mdomann/.config/gtk-3.0
2553 2255 0:60 /homefs/mdomann/.config/gtk-3.0 /home/mdomann/.config/gtk-3.0 rw,nosuid,nodev,noexec,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs/mdomann/.config/gtk-3.0
mountid=2553 fsname=/homefs/mdomann/.config/gtk-3.0 dir=/home/mdomann/.config/gtk-3.0 fstype=btrfs
Mounting noexec /home/mdomann/.gtkrc
2554 2256 0:60 /homefs/mdomann/.gtkrc /home/mdomann/.gtkrc rw,nosuid,nodev,noexec,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs/mdomann/.gtkrc
mountid=2554 fsname=/homefs/mdomann/.gtkrc dir=/home/mdomann/.gtkrc fstype=btrfs
Mounting noexec /home/mdomann/.gtkrc-2.0
2555 2257 0:60 /homefs/mdomann/.gtkrc-2.0 /home/mdomann/.gtkrc-2.0 rw,nosuid,nodev,noexec,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs/mdomann/.gtkrc-2.0
mountid=2555 fsname=/homefs/mdomann/.gtkrc-2.0 dir=/home/mdomann/.gtkrc-2.0 fstype=btrfs
Mounting noexec /home/mdomann/.config/Trolltech.conf
2556 2258 0:60 /homefs/mdomann/.config/Trolltech.conf /home/mdomann/.config/Trolltech.conf rw,nosuid,nodev,noexec,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs/mdomann/.config/Trolltech.conf
mountid=2556 fsname=/homefs/mdomann/.config/Trolltech.conf dir=/home/mdomann/.config/Trolltech.conf fstype=btrfs
Mounting noexec /run/user/1000
2559 2557 0:22 /firejail/firejail.ro.dir /run/user/1000/systemd rw,nosuid,nodev,noexec,relatime master:5 - tmpfs tmpfs rw,size=1632316k,mode=755
mountid=2559 fsname=/firejail/firejail.ro.dir dir=/run/user/1000/systemd fstype=tmpfs
Mounting noexec /dev/shm
2560 2220 0:144 /shm /dev/shm rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755
mountid=2560 fsname=/shm dir=/dev/shm fstype=tmpfs
Mounting noexec /tmp
2562 2561 0:50 /.X11-unix /tmp/.X11-unix rw,relatime master:33 - tmpfs tmpfs rw,size=4194304k
mountid=2562 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Mounting noexec /tmp/.X11-unix
2563 2562 0:50 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev,noexec,relatime master:33 - tmpfs tmpfs rw,size=4194304k
mountid=2563 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Mounting noexec /var
2568 2564 0:134 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw
mountid=2568 fsname=/ dir=/var/tmp fstype=tmpfs
Disable /usr/bin/lua50 (requested /usr/bin/lua)
Disable /usr/bin/luac50 (requested /usr/bin/luac)
Disable /usr/bin/lua-config50 (requested /usr/bin/lua-config)
Disable /usr/bin/lua50
Disable /usr/bin/luac50
Disable /usr/bin/lua-config50
Disable /usr/bin/luahbtex
Disable /usr/bin/luajithbtex
Disable /usr/bin/luajittex
Disable /usr/bin/luatex
Disable /usr/bin/luahbtex (requested /usr/bin/lualatex)
Disable /usr/bin/luahbtex (requested /usr/bin/lualatex-dev)
Disable /usr/share/texlive/texmf-dist/scripts/luaotfload/luaotfload-tool.lua (requested /usr/bin/luaotfload-tool)
Disable /usr/share/lua
Disable /usr/bin/cpansign
Disable /usr/bin/cpan5.28-x86_64-linux-gnu
Disable /usr/bin/cpanel_json_xs
Disable /usr/bin/dh-make-perl (requested /usr/bin/cpan2deb)
Disable /usr/bin/dh-make-perl (requested /usr/bin/cpan2dsc)
Disable /usr/bin/cpan5.30-i386-linux-gnu
Disable /usr/bin/cpan5.30-x86_64-linux-gnu
Disable /usr/bin/cpan
Disable /usr/bin/perl
Disable /usr/lib/perl5
Disable /usr/share/perl5
Disable /usr/share/perl
Disable /usr/share/perl-openssl-defaults
Disable /usr/bin/php7.4 (requested /usr/bin/php)
Disable /usr/bin/php7.4
Disable /usr/lib/php
Disable /usr/share/php
Disable /usr/share/php7.4-common
Disable /usr/share/php7.4-json
Disable /usr/share/php7.4-opcache
Disable /usr/share/php7.4-readline
Disable /usr/share/php7.4-curl
Disable /usr/share/php7.4-mbstring
Disable /usr/share/php7.4-xml
Disable /usr/bin/ruby2.7 (requested /usr/bin/ruby)
Disable /usr/lib/ruby
Disable /usr/bin/python2.7-pyrexc
Disable /usr/bin/x86_64-linux-gnu-python2.7-config (requested /usr/bin/python2-config)
Disable /usr/bin/python2.7 (requested /usr/bin/python2)
Disable /usr/bin/python2-futurize
Disable /usr/bin/python2-pasteurize
Disable /usr/bin/x86_64-linux-gnu-python2.7-config (requested /usr/bin/python2.7-config)
Disable /usr/bin/python2.7
Disable /usr/lib/python2.7
Disable /usr/lib/python2.6
Disable /usr/local/lib/python2.7
Disable /usr/bin/python3.5
Disable /usr/bin/python3.5m
Disable /usr/bin/python3.6
Disable /usr/bin/python3.6m
Disable /usr/bin/python3-unidiff
Disable /usr/bin/python3-qr
Disable /usr/bin/x86_64-linux-gnu-python3.8-config (requested /usr/bin/python3.8-config)
Disable /usr/bin/python3.8
Disable /usr/bin/x86_64-linux-gnu-python3.8-config (requested /usr/bin/python3-config)
Disable /usr/bin/python3.8 (requested /usr/bin/python3)
Disable /usr/lib/python3
Disable /usr/lib/python3.5
Disable /usr/lib/python3.6
Disable /usr/lib/python3.7
Disable /usr/lib/python3.8
Disable /usr/local/lib/python3.5
Disable /usr/local/lib/python3.6
Disable /usr/local/lib/python3.7
Disable /usr/local/lib/python3.8
Disable /usr/share/python3
Not blacklist /home/mdomann/.java
Mounting read-only /home/mdomann/.config/user-dirs.dirs
2685 2547 0:60 /homefs/mdomann/.config/user-dirs.dirs /home/mdomann/.config/user-dirs.dirs ro,nosuid,nodev,noexec,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs/mdomann/.config/user-dirs.dirs
mountid=2685 fsname=/homefs/mdomann/.config/user-dirs.dirs dir=/home/mdomann/.config/user-dirs.dirs fstype=btrfs
Mounting read-only /tmp/.X11-unix
2686 2563 0:50 /.X11-unix /tmp/.X11-unix ro,nosuid,nodev,noexec,relatime master:33 - tmpfs tmpfs rw,size=4194304k
mountid=2686 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Disable /sys/fs
Disable /sys/module
disable pulseaudio
blacklist /run/user/1000/pulse/native
blacklist /run/user/1000/pulse/native
Current directory: /home/mdomann/media/jd2
DISPLAY=:0.0 parsed as 0
Install protocol filter: unix,inet,inet6
configuring 14 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol (null) 
Dropping all capabilities
Drop privileges: pid 6, uid 1000, gid 1000, nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 15 01 00 00000029   jeq socket 0006 (false 0005)
 0005: 06 00 00 7fff0000   ret ALLOW
 0006: 20 00 00 00000010   ld  data.args[0]
 0007: 15 00 01 00000001   jeq 1 0008 (false 0009)
 0008: 06 00 00 7fff0000   ret ALLOW
 0009: 15 00 01 00000002   jeq 2 000a (false 000b)
 000a: 06 00 00 7fff0000   ret ALLOW
 000b: 15 00 01 0000000a   jeq a 000c (false 000d)
 000c: 06 00 00 7fff0000   ret ALLOW
 000d: 06 00 00 0005005f   ret ERRNO(95)
configuring 54 seccomp entries in /run/firejail/mnt/seccomp/seccomp.32
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.32 (null) 
Dropping all capabilities
Drop privileges: pid 7, uid 1000, gid 1000, nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 40000003   jeq ARCH_32 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 15 30 00 00000015   jeq 15 0035 (false 0005)
 0005: 15 2f 00 00000034   jeq 34 0035 (false 0006)
 0006: 15 2e 00 0000001a   jeq 1a 0035 (false 0007)
 0007: 15 2d 00 0000011b   jeq 11b 0035 (false 0008)
 0008: 15 2c 00 00000155   jeq 155 0035 (false 0009)
 0009: 15 2b 00 00000156   jeq 156 0035 (false 000a)
 000a: 15 2a 00 0000007f   jeq 7f 0035 (false 000b)
 000b: 15 29 00 00000080   jeq 80 0035 (false 000c)
 000c: 15 28 00 0000015e   jeq 15e 0035 (false 000d)
 000d: 15 27 00 00000081   jeq 81 0035 (false 000e)
 000e: 15 26 00 0000006e   jeq 6e 0035 (false 000f)
 000f: 15 25 00 00000065   jeq 65 0035 (false 0010)
 0010: 15 24 00 00000121   jeq 121 0035 (false 0011)
 0011: 15 23 00 00000057   jeq 57 0035 (false 0012)
 0012: 15 22 00 00000073   jeq 73 0035 (false 0013)
 0013: 15 21 00 00000067   jeq 67 0035 (false 0014)
 0014: 15 20 00 0000015b   jeq 15b 0035 (false 0015)
 0015: 15 1f 00 0000015c   jeq 15c 0035 (false 0016)
 0016: 15 1e 00 00000087   jeq 87 0035 (false 0017)
 0017: 15 1d 00 00000095   jeq 95 0035 (false 0018)
 0018: 15 1c 00 0000007c   jeq 7c 0035 (false 0019)
 0019: 15 1b 00 00000157   jeq 157 0035 (false 001a)
 001a: 15 1a 00 000000fd   jeq fd 0035 (false 001b)
 001b: 15 19 00 00000150   jeq 150 0035 (false 001c)
 001c: 15 18 00 00000152   jeq 152 0035 (false 001d)
 001d: 15 17 00 0000015d   jeq 15d 0035 (false 001e)
 001e: 15 16 00 0000011e   jeq 11e 0035 (false 001f)
 001f: 15 15 00 0000011f   jeq 11f 0035 (false 0020)
 0020: 15 14 00 00000120   jeq 120 0035 (false 0021)
 0021: 15 13 00 00000056   jeq 56 0035 (false 0022)
 0022: 15 12 00 00000033   jeq 33 0035 (false 0023)
 0023: 15 11 00 0000007b   jeq 7b 0035 (false 0024)
 0024: 15 10 00 000000d9   jeq d9 0035 (false 0025)
 0025: 15 0f 00 000000f5   jeq f5 0035 (false 0026)
 0026: 15 0e 00 000000f6   jeq f6 0035 (false 0027)
 0027: 15 0d 00 000000f7   jeq f7 0035 (false 0028)
 0028: 15 0c 00 000000f8   jeq f8 0035 (false 0029)
 0029: 15 0b 00 000000f9   jeq f9 0035 (false 002a)
 002a: 15 0a 00 00000101   jeq 101 0035 (false 002b)
 002b: 15 09 00 00000112   jeq 112 0035 (false 002c)
 002c: 15 08 00 00000114   jeq 114 0035 (false 002d)
 002d: 15 07 00 00000126   jeq 126 0035 (false 002e)
 002e: 15 06 00 0000013d   jeq 13d 0035 (false 002f)
 002f: 15 05 00 0000013c   jeq 13c 0035 (false 0030)
 0030: 15 04 00 0000003d   jeq 3d 0035 (false 0031)
 0031: 15 03 00 00000058   jeq 58 0035 (false 0032)
 0032: 15 02 00 000000a9   jeq a9 0035 (false 0033)
 0033: 15 01 00 00000082   jeq 82 0035 (false 0034)
 0034: 06 00 00 7fff0000   ret ALLOW
 0035: 06 00 00 00000000   ret KILL
Dual 32/64 bit seccomp filter configured
configuring 72 seccomp entries in /run/firejail/mnt/seccomp/seccomp
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp (null) 
Dropping all capabilities
Drop privileges: pid 8, uid 1000, gid 1000, nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 35 01 00 40000000   jge X32_ABI 0006 (false 0005)
 0005: 35 01 00 00000000   jge read 0007 (false 0006)
 0006: 06 00 00 00050001   ret ERRNO(1)
 0007: 15 3f 00 0000009f   jeq adjtimex 0047 (false 0008)
 0008: 15 3e 00 00000131   jeq clock_adjtime 0047 (false 0009)
 0009: 15 3d 00 000000e3   jeq clock_settime 0047 (false 000a)
 000a: 15 3c 00 000000a4   jeq settimeofday 0047 (false 000b)
 000b: 15 3b 00 0000009a   jeq modify_ldt 0047 (false 000c)
 000c: 15 3a 00 000000d4   jeq lookup_dcookie 0047 (false 000d)
 000d: 15 39 00 0000012a   jeq perf_event_open 0047 (false 000e)
 000e: 15 38 00 00000137   jeq process_vm_writev 0047 (false 000f)
 000f: 15 37 00 000000b0   jeq delete_module 0047 (false 0010)
 0010: 15 36 00 00000139   jeq finit_module 0047 (false 0011)
 0011: 15 35 00 000000af   jeq init_module 0047 (false 0012)
 0012: 15 34 00 0000009c   jeq _sysctl 0047 (false 0013)
 0013: 15 33 00 000000b7   jeq afs_syscall 0047 (false 0014)
 0014: 15 32 00 000000ae   jeq create_module 0047 (false 0015)
 0015: 15 31 00 000000b1   jeq get_kernel_syms 0047 (false 0016)
 0016: 15 30 00 000000b5   jeq getpmsg 0047 (false 0017)
 0017: 15 2f 00 000000b6   jeq putpmsg 0047 (false 0018)
 0018: 15 2e 00 000000b2   jeq query_module 0047 (false 0019)
 0019: 15 2d 00 000000b9   jeq security 0047 (false 001a)
 001a: 15 2c 00 0000008b   jeq sysfs 0047 (false 001b)
 001b: 15 2b 00 000000b8   jeq tuxcall 0047 (false 001c)
 001c: 15 2a 00 00000086   jeq uselib 0047 (false 001d)
 001d: 15 29 00 00000088   jeq ustat 0047 (false 001e)
 001e: 15 28 00 000000ec   jeq vserver 0047 (false 001f)
 001f: 15 27 00 000000ad   jeq ioperm 0047 (false 0020)
 0020: 15 26 00 000000ac   jeq iopl 0047 (false 0021)
 0021: 15 25 00 000000f6   jeq kexec_load 0047 (false 0022)
 0022: 15 24 00 00000140   jeq kexec_file_load 0047 (false 0023)
 0023: 15 23 00 000000a9   jeq reboot 0047 (false 0024)
 0024: 15 22 00 000000a7   jeq swapon 0047 (false 0025)
 0025: 15 21 00 000000a8   jeq swapoff 0047 (false 0026)
 0026: 15 20 00 00000130   jeq open_by_handle_at 0047 (false 0027)
 0027: 15 1f 00 0000012f   jeq name_to_handle_at 0047 (false 0028)
 0028: 15 1e 00 000000fb   jeq ioprio_set 0047 (false 0029)
 0029: 15 1d 00 00000067   jeq syslog 0047 (false 002a)
 002a: 15 1c 00 0000012c   jeq fanotify_init 0047 (false 002b)
 002b: 15 1b 00 00000138   jeq kcmp 0047 (false 002c)
 002c: 15 1a 00 000000f8   jeq add_key 0047 (false 002d)
 002d: 15 19 00 000000f9   jeq request_key 0047 (false 002e)
 002e: 15 18 00 000000ed   jeq mbind 0047 (false 002f)
 002f: 15 17 00 00000100   jeq migrate_pages 0047 (false 0030)
 0030: 15 16 00 00000117   jeq move_pages 0047 (false 0031)
 0031: 15 15 00 000000fa   jeq keyctl 0047 (false 0032)
 0032: 15 14 00 000000ce   jeq io_setup 0047 (false 0033)
 0033: 15 13 00 000000cf   jeq io_destroy 0047 (false 0034)
 0034: 15 12 00 000000d0   jeq io_getevents 0047 (false 0035)
 0035: 15 11 00 000000d1   jeq io_submit 0047 (false 0036)
 0036: 15 10 00 000000d2   jeq io_cancel 0047 (false 0037)
 0037: 15 0f 00 000000d8   jeq remap_file_pages 0047 (false 0038)
 0038: 15 0e 00 00000143   jeq userfaultfd 0047 (false 0039)
 0039: 15 0d 00 000000a3   jeq acct 0047 (false 003a)
 003a: 15 0c 00 00000141   jeq bpf 0047 (false 003b)
 003b: 15 0b 00 000000a1   jeq chroot 0047 (false 003c)
 003c: 15 0a 00 000000a5   jeq mount 0047 (false 003d)
 003d: 15 09 00 000000b4   jeq nfsservctl 0047 (false 003e)
 003e: 15 08 00 0000009b   jeq pivot_root 0047 (false 003f)
 003f: 15 07 00 000000ab   jeq setdomainname 0047 (false 0040)
 0040: 15 06 00 000000aa   jeq sethostname 0047 (false 0041)
 0041: 15 05 00 000000a6   jeq umount2 0047 (false 0042)
 0042: 15 04 00 00000099   jeq vhangup 0047 (false 0043)
 0043: 15 03 00 00000065   jeq ptrace 0047 (false 0044)
 0044: 15 02 00 00000087   jeq personality 0047 (false 0045)
 0045: 15 01 00 00000136   jeq process_vm_readv 0047 (false 0046)
 0046: 06 00 00 7fff0000   ret ALLOW
 0047: 06 00 01 00000000   ret KILL
seccomp filter configured
Mounting read-only /run/firejail/mnt/seccomp
Dropping all capabilities
noroot user namespace installed
Dropping all capabilities
NO_NEW_PRIVS set
Drop privileges: pid 1, uid 1000, gid 1000, nogroups 1
No supplementary groups
starting application
LD_PRELOAD=(null)
execvp argument 0: /bin/sh
execvp argument 1: bash
Child process initialized in 93.12 ms
Installing /run/firejail/mnt/seccomp/seccomp seccomp filter
Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter
Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter
/bin/sh: 0: Can't open bash
monitoring pid 9

Sandbox monitor: waitpid 9 retval 9 status 32512

Parent is shutting down, bye...
mdomann@sysiphus:~/media/jd2$ firejail --debug --profile=/home/mdomann/.config/firejail/JDownloader.profile bash
Reading profile /home/mdomann/.config/firejail/JDownloader.profile
Found allow-java.inc profile in /etc/firejail directory
Reading profile /etc/firejail/allow-java.inc
Found disable-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-common.inc
Found disable-devel.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-devel.inc
Found disable-exec.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-exec.inc
Found disable-interpreters.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-interpreters.inc
Found disable-passwdmgr.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-passwdmgr.inc
Found disable-programs.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-programs.inc
Found disable-xdg.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-xdg.inc
Found whitelist-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-common.inc
Found whitelist-var-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-var-common.inc
Warning: networking feature is disabled in Firejail configuration file
Building quoted command line: 'bash' 
Command name #bash#
DISPLAY=:0.0 parsed as 0
Enabling IPC namespace
Using the local network stack
Parent pid 11744, child pid 11745
Initializing child process
Host network configured
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp directory
Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file
IBUS_ADDRESS=unix:abstract=/tmp/dbus-CYJC5voC,guid=a6451e14c78acb445f6f3ba95be30fb8
IBUS_DAEMON_PID=2522
Build protocol filter: unix,inet,inet6
sbox run: /run/firejail/lib/fseccomp protocol build unix,inet,inet6 /run/firejail/mnt/seccomp/seccomp.protocol (null) 
Dropping all capabilities
Drop privileges: pid 2, uid 1000, gid 1000, nogroups 1
No supplementary groups
Mounting /proc filesystem representing the PID namespace
Basic read-only filesystem:
Mounting read-only /etc
Mounting noexec /etc
Mounting read-only /var
Mounting noexec /var
Mounting read-only /bin
Mounting read-only /sbin
Mounting read-only /lib
Mounting read-only /lib64
Mounting read-only /lib32
Mounting read-only /libx32
Mounting read-only /usr
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Mounting tmpfs on /var/lib/dhcp
Mounting tmpfs on /var/lib/snmp
Mounting tmpfs on /var/lib/sudo
Mounting tmpfs on /var/cache/apache2
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Cleaning /run/user directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /home/mdomann/.config/firejail
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/profile
Disable /run/firejail/x11
Mounting tmpfs on /dev
Process /dev/shm directory
Mounting tmpfs on /home/mdomann/.cache
2224 2199 0:146 / /home/mdomann/.cache rw,nosuid,nodev,relatime - tmpfs tmpfs rw,mode=755,uid=1000,gid=1000
mountid=2224 fsname=/ dir=/home/mdomann/.cache fstype=tmpfs
Generate private-tmp whitelist commands
Mounting read-only /proc/sys
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/sched_debug
Disable /proc/timer_list
Disable /proc/kcore
Disable /proc/kallsyms
Disable /lib/modules
Disable /usr/lib/debug
Disable /boot
Disable /run/user/1000/gnupg
Disable /run/user/1000/systemd
Disable /proc/kmsg
Debug 423: new_name #/home/mdomann/media/jd2#, whitelist
Debug 531: fname #/home/mdomann/media/jd2#, cfg.homedir #/home/mdomann#
Replaced whitelist path: whitelist /home/mdomann/media/jd2
Debug 423: new_name #/home/mdomann/.XCompose#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.XCompose
    expanded: /home/mdomann/.XCompose
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.asoundrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.asoundrc
    expanded: /home/mdomann/.asoundrc
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.config/ibus#, whitelist
Debug 531: fname #/home/mdomann/.config/ibus#, cfg.homedir #/home/mdomann#
Replaced whitelist path: whitelist /home/mdomann/.config/ibus
Debug 423: new_name #/home/mdomann/.config/mimeapps.list#, whitelist
Debug 531: fname #/home/mdomann/.config/mimeapps.list#, cfg.homedir #/home/mdomann#
Replaced whitelist path: whitelist /home/mdomann/.config/mimeapps.list
Debug 423: new_name #/home/mdomann/.config/pkcs11#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/pkcs11
    expanded: /home/mdomann/.config/pkcs11
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.config/user-dirs.dirs#, whitelist
Debug 531: fname #/home/mdomann/.config/user-dirs.dirs#, cfg.homedir #/home/mdomann#
Replaced whitelist path: whitelist /home/mdomann/.config/user-dirs.dirs
Debug 423: new_name #/home/mdomann/.drirc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.drirc
    expanded: /home/mdomann/.drirc
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.icons#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.icons
    expanded: /home/mdomann/.icons
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.local/share/applications#, whitelist
Debug 531: fname #/home/mdomann/.local/share/applications#, cfg.homedir #/home/mdomann#
Replaced whitelist path: whitelist /home/mdomann/.local/share/applications
Debug 423: new_name #/home/mdomann/.local/share/icons#, whitelist
Debug 531: fname #/home/mdomann/.local/share/icons#, cfg.homedir #/home/mdomann#
Replaced whitelist path: whitelist /home/mdomann/.local/share/icons
Debug 423: new_name #/home/mdomann/.local/share/mime#, whitelist
Debug 531: fname #/home/mdomann/.local/share/mime#, cfg.homedir #/home/mdomann#
Replaced whitelist path: whitelist /home/mdomann/.local/share/mime
Debug 423: new_name #/home/mdomann/.mime.types#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.mime.types
    expanded: /home/mdomann/.mime.types
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.config/dconf#, whitelist
Debug 531: fname #/home/mdomann/.config/dconf#, cfg.homedir #/home/mdomann#
Replaced whitelist path: whitelist /home/mdomann/.config/dconf
Debug 423: new_name #/home/mdomann/.cache/fontconfig#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.cache/fontconfig
    expanded: /home/mdomann/.cache/fontconfig
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.config/fontconfig#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/fontconfig
    expanded: /home/mdomann/.config/fontconfig
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.fontconfig#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fontconfig
    expanded: /home/mdomann/.fontconfig
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.fonts#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts
    expanded: /home/mdomann/.fonts
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.fonts.conf#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf
    expanded: /home/mdomann/.fonts.conf
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.fonts.conf.d#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf.d
    expanded: /home/mdomann/.fonts.conf.d
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.fonts.d#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.d
    expanded: /home/mdomann/.fonts.d
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.local/share/fonts#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/fonts
    expanded: /home/mdomann/.local/share/fonts
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.pangorc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.pangorc
    expanded: /home/mdomann/.pangorc
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.config/gtk-2.0#, whitelist
Debug 531: fname #/home/mdomann/.config/gtk-2.0#, cfg.homedir #/home/mdomann#
Replaced whitelist path: whitelist /home/mdomann/.config/gtk-2.0
Debug 423: new_name #/home/mdomann/.config/gtk-3.0#, whitelist
Debug 531: fname #/home/mdomann/.config/gtk-3.0#, cfg.homedir #/home/mdomann#
Replaced whitelist path: whitelist /home/mdomann/.config/gtk-3.0
Debug 423: new_name #/home/mdomann/.config/gtkrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc
    expanded: /home/mdomann/.config/gtkrc
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.config/gtkrc-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc-2.0
    expanded: /home/mdomann/.config/gtkrc-2.0
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.gnome2#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2
    expanded: /home/mdomann/.gnome2
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.gnome2-private#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2-private
    expanded: /home/mdomann/.gnome2-private
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.gtk-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtk-2.0
    expanded: /home/mdomann/.gtk-2.0
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.gtkrc#, whitelist
Debug 531: fname #/home/mdomann/.gtkrc#, cfg.homedir #/home/mdomann#
Replaced whitelist path: whitelist /home/mdomann/.gtkrc
Debug 423: new_name #/home/mdomann/.gtkrc-2.0#, whitelist
Debug 531: fname #/home/mdomann/.gtkrc-2.0#, cfg.homedir #/home/mdomann#
Replaced whitelist path: whitelist /home/mdomann/.gtkrc-2.0
Debug 423: new_name #/home/mdomann/.kde/share/config/gtkrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc
    expanded: /home/mdomann/.kde/share/config/gtkrc
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.kde/share/config/gtkrc-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc-2.0
    expanded: /home/mdomann/.kde/share/config/gtkrc-2.0
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.kde4/share/config/gtkrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc
    expanded: /home/mdomann/.kde4/share/config/gtkrc
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.kde4/share/config/gtkrc-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc-2.0
    expanded: /home/mdomann/.kde4/share/config/gtkrc-2.0
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.local/share/themes#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/themes
    expanded: /home/mdomann/.local/share/themes
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.themes#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.themes
    expanded: /home/mdomann/.themes
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.cache/kioexec/krun#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.cache/kioexec/krun
    expanded: /home/mdomann/.cache/kioexec/krun
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.config/Kvantum#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/Kvantum
    expanded: /home/mdomann/.config/Kvantum
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.config/Trolltech.conf#, whitelist
Debug 531: fname #/home/mdomann/.config/Trolltech.conf#, cfg.homedir #/home/mdomann#
Replaced whitelist path: whitelist /home/mdomann/.config/Trolltech.conf
Debug 423: new_name #/home/mdomann/.config/kdeglobals#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kdeglobals
    expanded: /home/mdomann/.config/kdeglobals
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.config/kio_httprc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kio_httprc
    expanded: /home/mdomann/.config/kio_httprc
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.config/kioslaverc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kioslaverc
    expanded: /home/mdomann/.config/kioslaverc
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.config/ksslcablacklist#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/ksslcablacklist
    expanded: /home/mdomann/.config/ksslcablacklist
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.config/qt5ct#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/qt5ct
    expanded: /home/mdomann/.config/qt5ct
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.kde/share/config/kdeglobals#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kdeglobals
    expanded: /home/mdomann/.kde/share/config/kdeglobals
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.kde/share/config/kio_httprc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kio_httprc
    expanded: /home/mdomann/.kde/share/config/kio_httprc
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.kde/share/config/kioslaverc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kioslaverc
    expanded: /home/mdomann/.kde/share/config/kioslaverc
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.kde/share/config/ksslcablacklist#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/ksslcablacklist
    expanded: /home/mdomann/.kde/share/config/ksslcablacklist
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.kde/share/config/oxygenrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/oxygenrc
    expanded: /home/mdomann/.kde/share/config/oxygenrc
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.kde/share/icons#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/icons
    expanded: /home/mdomann/.kde/share/icons
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.kde4/share/config/kdeglobals#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kdeglobals
    expanded: /home/mdomann/.kde4/share/config/kdeglobals
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.kde4/share/config/kio_httprc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kio_httprc
    expanded: /home/mdomann/.kde4/share/config/kio_httprc
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.kde4/share/config/kioslaverc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kioslaverc
    expanded: /home/mdomann/.kde4/share/config/kioslaverc
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.kde4/share/config/ksslcablacklist#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/ksslcablacklist
    expanded: /home/mdomann/.kde4/share/config/ksslcablacklist
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.kde4/share/config/oxygenrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/oxygenrc
    expanded: /home/mdomann/.kde4/share/config/oxygenrc
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.kde4/share/icons#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/icons
    expanded: /home/mdomann/.kde4/share/icons
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/home/mdomann/.local/share/qt5ct#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/qt5ct
    expanded: /home/mdomann/.local/share/qt5ct
    real path: (null)
    realpath: No such file or directory
Debug 423: new_name #/var/lib/dbus#, whitelist
Debug 423: new_name #/var/lib/menu-xdg#, whitelist
Debug 423: new_name #/var/cache/fontconfig#, whitelist
Debug 423: new_name #/var/tmp#, whitelist
Debug 423: new_name #/var/run#, whitelist
Replaced whitelist path: whitelist /run
Debug 423: new_name #/var/lock#, whitelist
Replaced whitelist path: whitelist /run/lock
Debug 423: new_name #/tmp/.X11-unix#, whitelist
Mounting tmpfs on /tmp directory
Mounting tmpfs on /var directory
Drop privileges: pid 3, uid 1000, gid 1000, nogroups 0
Supplementary groups: 29 
Mounting a new /home directory
Mounting a new /root directory
Create a new user directory
Drop privileges: pid 4, uid 1000, gid 1000, nogroups 0
Supplementary groups: 29 
Drop privileges: pid 5, uid 1000, gid 1000, nogroups 0
Supplementary groups: 29 
Whitelisting /home/mdomann/media/jd2
2246 2244 0:60 /homefs/mdomann/media/jd2 /home/mdomann/media/jd2 rw,nosuid,nodev,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=661,subvol=/homefs/mdomann/media/jd2
mountid=2246 fsname=/homefs/mdomann/media/jd2 dir=/home/mdomann/media/jd2 fstype=btrfs
Whitelisting /home/mdomann/.config/ibus
2247 2244 0:60 /homefs/mdomann/.config/ibus /home/mdomann/.config/ibus rw,nosuid,nodev,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs/mdomann/.config/ibus
mountid=2247 fsname=/homefs/mdomann/.config/ibus dir=/home/mdomann/.config/ibus fstype=btrfs
Whitelisting /home/mdomann/.config/mimeapps.list
2248 2244 0:60 /homefs/mdomann/.config/mimeapps.list /home/mdomann/.config/mimeapps.list rw,nosuid,nodev,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs/mdomann/.config/mimeapps.list
mountid=2248 fsname=/homefs/mdomann/.config/mimeapps.list dir=/home/mdomann/.config/mimeapps.list fstype=btrfs
Whitelisting /home/mdomann/.config/user-dirs.dirs
2249 2244 0:60 /homefs/mdomann/.config/user-dirs.dirs /home/mdomann/.config/user-dirs.dirs rw,nosuid,nodev,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs/mdomann/.config/user-dirs.dirs
mountid=2249 fsname=/homefs/mdomann/.config/user-dirs.dirs dir=/home/mdomann/.config/user-dirs.dirs fstype=btrfs
Whitelisting /home/mdomann/.local/share/applications
2250 2244 0:60 /homefs/mdomann/.local/share/applications /home/mdomann/.local/share/applications rw,nosuid,nodev,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs/mdomann/.local/share/applications
mountid=2250 fsname=/homefs/mdomann/.local/share/applications dir=/home/mdomann/.local/share/applications fstype=btrfs
Whitelisting /home/mdomann/.local/share/icons
2251 2244 0:60 /homefs/mdomann/.local/share/icons /home/mdomann/.local/share/icons rw,nosuid,nodev,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs/mdomann/.local/share/icons
mountid=2251 fsname=/homefs/mdomann/.local/share/icons dir=/home/mdomann/.local/share/icons fstype=btrfs
Whitelisting /home/mdomann/.local/share/mime
2252 2244 0:60 /homefs/mdomann/.local/share/mime /home/mdomann/.local/share/mime rw,nosuid,nodev,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs/mdomann/.local/share/mime
mountid=2252 fsname=/homefs/mdomann/.local/share/mime dir=/home/mdomann/.local/share/mime fstype=btrfs
Whitelisting /home/mdomann/.config/dconf
2253 2244 0:60 /homefs/mdomann/.config/dconf /home/mdomann/.config/dconf rw,nosuid,nodev,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs/mdomann/.config/dconf
mountid=2253 fsname=/homefs/mdomann/.config/dconf dir=/home/mdomann/.config/dconf fstype=btrfs
Whitelisting /home/mdomann/.config/gtk-2.0
2254 2244 0:60 /homefs/mdomann/.config/gtk-2.0 /home/mdomann/.config/gtk-2.0 rw,nosuid,nodev,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs/mdomann/.config/gtk-2.0
mountid=2254 fsname=/homefs/mdomann/.config/gtk-2.0 dir=/home/mdomann/.config/gtk-2.0 fstype=btrfs
Whitelisting /home/mdomann/.config/gtk-3.0
2255 2244 0:60 /homefs/mdomann/.config/gtk-3.0 /home/mdomann/.config/gtk-3.0 rw,nosuid,nodev,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs/mdomann/.config/gtk-3.0
mountid=2255 fsname=/homefs/mdomann/.config/gtk-3.0 dir=/home/mdomann/.config/gtk-3.0 fstype=btrfs
Whitelisting /home/mdomann/.gtkrc
2256 2244 0:60 /homefs/mdomann/.gtkrc /home/mdomann/.gtkrc rw,nosuid,nodev,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs/mdomann/.gtkrc
mountid=2256 fsname=/homefs/mdomann/.gtkrc dir=/home/mdomann/.gtkrc fstype=btrfs
Whitelisting /home/mdomann/.gtkrc-2.0
2257 2244 0:60 /homefs/mdomann/.gtkrc-2.0 /home/mdomann/.gtkrc-2.0 rw,nosuid,nodev,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs/mdomann/.gtkrc-2.0
mountid=2257 fsname=/homefs/mdomann/.gtkrc-2.0 dir=/home/mdomann/.gtkrc-2.0 fstype=btrfs
Whitelisting /home/mdomann/.config/Trolltech.conf
2258 2244 0:60 /homefs/mdomann/.config/Trolltech.conf /home/mdomann/.config/Trolltech.conf rw,nosuid,nodev,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs/mdomann/.config/Trolltech.conf
mountid=2258 fsname=/homefs/mdomann/.config/Trolltech.conf dir=/home/mdomann/.config/Trolltech.conf fstype=btrfs
Whitelisting /var/lib/dbus
2259 2239 0:23 /rootfs/var/lib/dbus /var/lib/dbus ro,nosuid,nodev,noexec,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs/var/lib/dbus
mountid=2259 fsname=/rootfs/var/lib/dbus dir=/var/lib/dbus fstype=btrfs
Whitelisting /var/lib/menu-xdg
2260 2239 0:23 /rootfs/var/lib/menu-xdg /var/lib/menu-xdg ro,nosuid,nodev,noexec,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs/var/lib/menu-xdg
mountid=2260 fsname=/rootfs/var/lib/menu-xdg dir=/var/lib/menu-xdg fstype=btrfs
Whitelisting /var/cache/fontconfig
2261 2239 0:23 /rootfs/var/cache/fontconfig /var/cache/fontconfig ro,nosuid,nodev,noexec,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs/var/cache/fontconfig
mountid=2261 fsname=/rootfs/var/cache/fontconfig dir=/var/cache/fontconfig fstype=btrfs
Whitelisting /var/tmp
2262 2239 0:134 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw
mountid=2262 fsname=/ dir=/var/tmp fstype=tmpfs
Created symbolic link /var/run -> /run
Created symbolic link /var/lock -> /run/lock
Whitelisting /tmp/.X11-unix
2263 2230 0:50 /.X11-unix /tmp/.X11-unix rw,relatime master:33 - tmpfs tmpfs rw,size=4194304k
mountid=2263 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Disable /etc/X11/Xsession.d
Disable /etc/xdg/autostart
Mounting read-only /home/mdomann/.Xauthority
2269 2244 0:151 /mdomann/.Xauthority /home/mdomann/.Xauthority ro,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755
mountid=2269 fsname=/mdomann/.Xauthority dir=/home/mdomann/.Xauthority fstype=tmpfs
Mounting read-only /home/mdomann/.config/dconf
2270 2253 0:60 /homefs/mdomann/.config/dconf /home/mdomann/.config/dconf ro,nosuid,nodev,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs/mdomann/.config/dconf
mountid=2270 fsname=/homefs/mdomann/.config/dconf dir=/home/mdomann/.config/dconf fstype=btrfs
Disable /run/acpid.socket (requested /var/run/acpid.socket)
Disable /run/rpcbind.sock (requested /var/run/rpcbind.sock)
Disable /etc/anacrontab
Disable /etc/cron.d
Disable /etc/cron.daily
Disable /etc/cron.hourly
Disable /etc/cron.monthly
Disable /etc/cron.weekly
Disable /etc/cron.deny
Disable /etc/crontab
Disable /etc/crontab.dpkg-dist
Disable /etc/profile.d
Disable /etc/rc2.d
Disable /etc/rc3.d
Disable /etc/rc4.d
Disable /etc/rc5.d
Disable /etc/rc0.d
Disable /etc/rc1.d
Disable /etc/rc6.d
Disable /etc/rcS.d
Disable /etc/kernel
Disable /etc/kernel-img.conf
Disable /etc/grub.d
Disable /etc/dkms
Disable /etc/apparmor.d
Disable /etc/apparmor
Disable /etc/selinux
Disable /etc/modules
Disable /etc/modules-load.d
Disable /etc/logrotate.d
Disable /etc/logrotate.conf
Disable /etc/adduser.conf
Mounting read-only /home/mdomann/.bashrc
2303 2244 0:151 /mdomann/.bashrc /home/mdomann/.bashrc ro,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755
mountid=2303 fsname=/mdomann/.bashrc dir=/home/mdomann/.bashrc fstype=tmpfs
Mounting read-only /home/mdomann/.local/share/applications
2304 2250 0:60 /homefs/mdomann/.local/share/applications /home/mdomann/.local/share/applications ro,nosuid,nodev,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs/mdomann/.local/share/applications
mountid=2304 fsname=/homefs/mdomann/.local/share/applications dir=/home/mdomann/.local/share/applications fstype=btrfs
Disable /etc/davfs2/secrets
Disable /etc/group-
Disable /etc/gshadow
Disable /etc/gshadow-
Disable /etc/passwd-
Disable /etc/shadow
Disable /etc/shadow-
Disable /etc/ssh
Disable /sbin
Disable /usr/local/sbin
Disable /usr/sbin
Disable /usr/bin/at
Disable /usr/bin/chage
Disable /usr/bin/chfn
Disable /usr/bin/chsh
Disable /usr/bin/crontab
Disable /usr/bin/expiry
Disable /bin/fusermount3 (requested /bin/fusermount)
Disable /usr/bin/gpasswd
Disable /bin/mount
Disable /bin/nc.traditional (requested /bin/nc)
Disable /usr/bin/newgrp
Disable /bin/ntfs-3g
Disable /usr/bin/pkexec
Disable /usr/bin/procmail
Disable /usr/bin/newgrp (requested /usr/bin/sg)
Disable /usr/bin/strace
Disable /bin/su
Disable /usr/bin/sudo
Disable /bin/umount
Disable /usr/bin/xev
Disable /usr/bin/xinput
Disable /usr/bin/xfce4-terminal
Disable /usr/bin/xfce4-terminal.wrapper
Disable /usr/share/flatpak
Disable /usr/bin/bwrap
Disable /usr/lib/llvm-7/bin/clang (requested /usr/bin/clang++-7)
Disable /usr/lib/llvm-7/bin/clang (requested /usr/bin/clang-7)
Disable /usr/lib/llvm-7/bin/clang (requested /usr/bin/clang-cpp-7)
Disable /usr/lib/llvm-9/bin/llvm-dwarfdump (requested /usr/bin/llvm-dwarfdump-9)
Disable /usr/lib/llvm-9/bin/llvm-dwp (requested /usr/bin/llvm-dwp-9)
Disable /usr/lib/llvm-9/bin/llvm-elfabi (requested /usr/bin/llvm-elfabi-9)
Disable /usr/lib/llvm-9/bin/llvm-exegesis (requested /usr/bin/llvm-exegesis-9)
Disable /usr/lib/llvm-9/bin/llvm-extract (requested /usr/bin/llvm-extract-9)
Disable /usr/lib/llvm-9/bin/llvm-jitlink (requested /usr/bin/llvm-jitlink-9)
Disable /usr/lib/llvm-9/bin/llvm-ar (requested /usr/bin/llvm-lib-9)
Disable /usr/lib/llvm-9/bin/llvm-link (requested /usr/bin/llvm-link-9)
Disable /usr/lib/llvm-9/bin/llvm-lipo (requested /usr/bin/llvm-lipo-9)
Disable /usr/lib/llvm-9/bin/llvm-lto (requested /usr/bin/llvm-lto-9)
Disable /usr/lib/llvm-9/bin/llvm-lto2 (requested /usr/bin/llvm-lto2-9)
Disable /usr/lib/llvm-9/bin/llvm-mc (requested /usr/bin/llvm-mc-9)
Disable /usr/lib/llvm-9/bin/llvm-mca (requested /usr/bin/llvm-mca-9)
Disable /usr/lib/llvm-9/bin/llvm-modextract (requested /usr/bin/llvm-modextract-9)
Disable /usr/lib/llvm-9/bin/llvm-mt (requested /usr/bin/llvm-mt-9)
Disable /usr/lib/llvm-9/bin/llvm-nm (requested /usr/bin/llvm-nm-9)
Disable /usr/lib/llvm-9/bin/llvm-objcopy (requested /usr/bin/llvm-objcopy-9)
Disable /usr/lib/llvm-9/bin/llvm-objdump (requested /usr/bin/llvm-objdump-9)
Disable /usr/lib/llvm-9/bin/llvm-opt-report (requested /usr/bin/llvm-opt-report-9)
Disable /usr/lib/llvm-9/bin/llvm-pdbutil (requested /usr/bin/llvm-pdbutil-9)
Disable /usr/lib/llvm-9/bin/llvm-profdata (requested /usr/bin/llvm-profdata-9)
Disable /usr/lib/llvm-9/bin/llvm-ar (requested /usr/bin/llvm-ranlib-9)
Disable /usr/lib/llvm-9/bin/llvm-rc (requested /usr/bin/llvm-rc-9)
Disable /usr/lib/llvm-9/bin/llvm-readobj (requested /usr/bin/llvm-readelf-9)
Disable /usr/lib/llvm-9/bin/llvm-readobj (requested /usr/bin/llvm-readobj-9)
Disable /usr/lib/llvm-9/bin/llvm-rtdyld (requested /usr/bin/llvm-rtdyld-9)
Disable /usr/lib/llvm-9/bin/llvm-size (requested /usr/bin/llvm-size-9)
Disable /usr/lib/llvm-9/bin/llvm-split (requested /usr/bin/llvm-split-9)
Disable /usr/lib/llvm-9/bin/llvm-stress (requested /usr/bin/llvm-stress-9)
Disable /usr/lib/llvm-9/bin/llvm-strings (requested /usr/bin/llvm-strings-9)
Disable /usr/lib/llvm-9/bin/llvm-objcopy (requested /usr/bin/llvm-strip-9)
Disable /usr/lib/llvm-9/bin/llvm-symbolizer (requested /usr/bin/llvm-symbolizer-9)
Disable /usr/lib/llvm-9/bin/llvm-tblgen (requested /usr/bin/llvm-tblgen-9)
Disable /usr/lib/llvm-9/bin/llvm-undname (requested /usr/bin/llvm-undname-9)
Disable /usr/lib/llvm-9/bin/llvm-xray (requested /usr/bin/llvm-xray-9)
Disable /usr/lib/llvm-7/bin/llvm-PerfectShuffle (requested /usr/bin/llvm-PerfectShuffle-7)
Disable /usr/lib/llvm-7/bin/llvm-ar (requested /usr/bin/llvm-ar-7)
Disable /usr/lib/llvm-7/bin/llvm-as (requested /usr/bin/llvm-as-7)
Disable /usr/lib/llvm-7/bin/llvm-bcanalyzer (requested /usr/bin/llvm-bcanalyzer-7)
Disable /usr/lib/llvm-7/bin/llvm-c-test (requested /usr/bin/llvm-c-test-7)
Disable /usr/lib/llvm-7/bin/llvm-cat (requested /usr/bin/llvm-cat-7)
Disable /usr/lib/llvm-7/bin/llvm-cfi-verify (requested /usr/bin/llvm-cfi-verify-7)
Disable /usr/lib/llvm-7/bin/llvm-config (requested /usr/bin/llvm-config-7)
Disable /usr/lib/llvm-7/bin/llvm-cov (requested /usr/bin/llvm-cov-7)
Disable /usr/lib/llvm-7/bin/llvm-cvtres (requested /usr/bin/llvm-cvtres-7)
Disable /usr/lib/llvm-7/bin/llvm-cxxdump (requested /usr/bin/llvm-cxxdump-7)
Disable /usr/lib/llvm-7/bin/llvm-cxxfilt (requested /usr/bin/llvm-cxxfilt-7)
Disable /usr/lib/llvm-7/bin/llvm-diff (requested /usr/bin/llvm-diff-7)
Disable /usr/lib/llvm-7/bin/llvm-dis (requested /usr/bin/llvm-dis-7)
Disable /usr/lib/llvm-7/bin/llvm-ar (requested /usr/bin/llvm-dlltool-7)
Disable /usr/lib/llvm-7/bin/llvm-dwarfdump (requested /usr/bin/llvm-dwarfdump-7)
Disable /usr/lib/llvm-7/bin/llvm-dwp (requested /usr/bin/llvm-dwp-7)
Disable /usr/lib/llvm-7/bin/llvm-exegesis (requested /usr/bin/llvm-exegesis-7)
Disable /usr/lib/llvm-7/bin/llvm-extract (requested /usr/bin/llvm-extract-7)
Disable /usr/lib/llvm-7/bin/llvm-ar (requested /usr/bin/llvm-lib-7)
Disable /usr/lib/llvm-7/bin/llvm-link (requested /usr/bin/llvm-link-7)
Disable /usr/lib/llvm-7/bin/llvm-lto (requested /usr/bin/llvm-lto-7)
Disable /usr/lib/llvm-7/bin/llvm-lto2 (requested /usr/bin/llvm-lto2-7)
Disable /usr/lib/llvm-7/bin/llvm-mc (requested /usr/bin/llvm-mc-7)
Disable /usr/lib/llvm-7/bin/llvm-mca (requested /usr/bin/llvm-mca-7)
Disable /usr/lib/llvm-7/bin/llvm-modextract (requested /usr/bin/llvm-modextract-7)
Disable /usr/lib/llvm-7/bin/llvm-mt (requested /usr/bin/llvm-mt-7)
Disable /usr/lib/llvm-7/bin/llvm-nm (requested /usr/bin/llvm-nm-7)
Disable /usr/lib/llvm-7/bin/llvm-objcopy (requested /usr/bin/llvm-objcopy-7)
Disable /usr/lib/llvm-7/bin/llvm-objdump (requested /usr/bin/llvm-objdump-7)
Disable /usr/lib/llvm-7/bin/llvm-opt-report (requested /usr/bin/llvm-opt-report-7)
Disable /usr/lib/llvm-7/bin/llvm-pdbutil (requested /usr/bin/llvm-pdbutil-7)
Disable /usr/lib/llvm-7/bin/llvm-profdata (requested /usr/bin/llvm-profdata-7)
Disable /usr/lib/llvm-7/bin/llvm-ar (requested /usr/bin/llvm-ranlib-7)
Disable /usr/lib/llvm-7/bin/llvm-rc (requested /usr/bin/llvm-rc-7)
Disable /usr/lib/llvm-7/bin/llvm-readobj (requested /usr/bin/llvm-readelf-7)
Disable /usr/lib/llvm-7/bin/llvm-readobj (requested /usr/bin/llvm-readobj-7)
Disable /usr/lib/llvm-7/bin/llvm-rtdyld (requested /usr/bin/llvm-rtdyld-7)
Disable /usr/lib/llvm-7/bin/llvm-size (requested /usr/bin/llvm-size-7)
Disable /usr/lib/llvm-7/bin/llvm-split (requested /usr/bin/llvm-split-7)
Disable /usr/lib/llvm-7/bin/llvm-stress (requested /usr/bin/llvm-stress-7)
Disable /usr/lib/llvm-7/bin/llvm-strings (requested /usr/bin/llvm-strings-7)
Disable /usr/lib/llvm-7/bin/llvm-objcopy (requested /usr/bin/llvm-strip-7)
Disable /usr/lib/llvm-7/bin/llvm-symbolizer (requested /usr/bin/llvm-symbolizer-7)
Disable /usr/lib/llvm-7/bin/llvm-tblgen (requested /usr/bin/llvm-tblgen-7)
Disable /usr/lib/llvm-7/bin/llvm-undname (requested /usr/bin/llvm-undname-7)
Disable /usr/lib/llvm-7/bin/llvm-xray (requested /usr/bin/llvm-xray-7)
Disable /usr/lib/llvm-9/bin/llvm-PerfectShuffle (requested /usr/bin/llvm-PerfectShuffle-9)
Disable /usr/lib/llvm-9/bin/llvm-symbolizer (requested /usr/bin/llvm-addr2line-9)
Disable /usr/lib/llvm-9/bin/llvm-ar (requested /usr/bin/llvm-ar-9)
Disable /usr/lib/llvm-9/bin/llvm-as (requested /usr/bin/llvm-as-9)
Disable /usr/lib/llvm-9/bin/llvm-bcanalyzer (requested /usr/bin/llvm-bcanalyzer-9)
Disable /usr/lib/llvm-9/bin/llvm-c-test (requested /usr/bin/llvm-c-test-9)
Disable /usr/lib/llvm-9/bin/llvm-cat (requested /usr/bin/llvm-cat-9)
Disable /usr/lib/llvm-9/bin/llvm-cfi-verify (requested /usr/bin/llvm-cfi-verify-9)
Disable /usr/lib/llvm-9/bin/llvm-config (requested /usr/bin/llvm-config-9)
Disable /usr/lib/llvm-9/bin/llvm-cov (requested /usr/bin/llvm-cov-9)
Disable /usr/lib/llvm-9/bin/llvm-cvtres (requested /usr/bin/llvm-cvtres-9)
Disable /usr/lib/llvm-9/bin/llvm-cxxdump (requested /usr/bin/llvm-cxxdump-9)
Disable /usr/lib/llvm-9/bin/llvm-cxxfilt (requested /usr/bin/llvm-cxxfilt-9)
Disable /usr/lib/llvm-9/bin/llvm-cxxmap (requested /usr/bin/llvm-cxxmap-9)
Disable /usr/lib/llvm-9/bin/llvm-diff (requested /usr/bin/llvm-diff-9)
Disable /usr/lib/llvm-9/bin/llvm-dis (requested /usr/bin/llvm-dis-9)
Disable /usr/lib/llvm-9/bin/llvm-ar (requested /usr/bin/llvm-dlltool-9)
Disable /usr/bin/x86_64-linux-gnu-as (requested /usr/bin/as)
Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /usr/bin/cc)
Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /usr/bin/c++)
Disable /usr/bin/x86_64-linux-gnu-c++filt (requested /usr/bin/c++filt)
Disable /usr/bin/c89-gcc (requested /usr/bin/c89)
Disable /usr/bin/c89-gcc
Disable /usr/bin/c99-gcc (requested /usr/bin/c99)
Disable /usr/bin/c99-gcc
Disable /usr/bin/cpp-5
Disable /usr/bin/x86_64-linux-gnu-cpp-6 (requested /usr/bin/cpp-6)
Disable /usr/bin/x86_64-linux-gnu-cpp-9 (requested /usr/bin/cpp)
Disable /usr/bin/x86_64-linux-gnu-cpp-7 (requested /usr/bin/cpp-7)
Disable /usr/bin/x86_64-linux-gnu-cpp-9 (requested /usr/bin/cpp-9)
Disable /usr/bin/g++-5
Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /usr/bin/g++)
Disable /usr/bin/x86_64-linux-gnu-g++-7 (requested /usr/bin/g++-7)
Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /usr/bin/g++-9)
Disable /usr/bin/gcc-5
Disable /usr/bin/gcc-ar-5
Disable /usr/bin/gcc-nm-5
Disable /usr/bin/gcc-ranlib-5
Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /usr/bin/gcc)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9 (requested /usr/bin/gcc-ar)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9 (requested /usr/bin/gcc-nm)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9 (requested /usr/bin/gcc-ranlib)
Disable /usr/bin/x86_64-linux-gnu-gcc-7 (requested /usr/bin/gcc-7)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-7 (requested /usr/bin/gcc-ar-7)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-7 (requested /usr/bin/gcc-nm-7)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-7 (requested /usr/bin/gcc-ranlib-7)
Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /usr/bin/gcc-9)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9 (requested /usr/bin/gcc-ar-9)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9 (requested /usr/bin/gcc-nm-9)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9 (requested /usr/bin/gcc-ranlib-9)
Disable /usr/bin/gdb
Disable /usr/bin/x86_64-linux-gnu-ld.bfd (requested /usr/bin/ld)
Disable /usr/bin/gcc-5 (requested /usr/bin/x86_64-linux-gnu-gcc-5)
Disable /usr/bin/gcc-ar-5 (requested /usr/bin/x86_64-linux-gnu-gcc-ar-5)
Disable /usr/bin/gcc-nm-5 (requested /usr/bin/x86_64-linux-gnu-gcc-nm-5)
Disable /usr/bin/gcc-ranlib-5 (requested /usr/bin/x86_64-linux-gnu-gcc-ranlib-5)
Disable /usr/bin/c89-gcc
Disable /usr/bin/c99-gcc
Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /usr/bin/x86_64-linux-gnu-gcc)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9 (requested /usr/bin/x86_64-linux-gnu-gcc-ar)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9 (requested /usr/bin/x86_64-linux-gnu-gcc-nm)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9 (requested /usr/bin/x86_64-linux-gnu-gcc-ranlib)
Disable /usr/bin/aarch64-linux-gnu-gcc-9 (requested /usr/bin/aarch64-linux-gnu-gcc)
Disable /usr/bin/aarch64-linux-gnu-gcc-ar-9 (requested /usr/bin/aarch64-linux-gnu-gcc-ar)
Disable /usr/bin/aarch64-linux-gnu-gcc-nm-9 (requested /usr/bin/aarch64-linux-gnu-gcc-nm)
Disable /usr/bin/aarch64-linux-gnu-gcc-ranlib-9 (requested /usr/bin/aarch64-linux-gnu-gcc-ranlib)
Disable /usr/bin/x86_64-linux-gnu-gcc-7
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-7
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-7
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-7
Disable /usr/bin/aarch64-linux-gnu-gcc-9
Disable /usr/bin/aarch64-linux-gnu-gcc-ar-9
Disable /usr/bin/aarch64-linux-gnu-gcc-nm-9
Disable /usr/bin/aarch64-linux-gnu-gcc-ranlib-9
Disable /usr/bin/x86_64-linux-gnu-gcc-9
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9
Disable /usr/bin/g++-5 (requested /usr/bin/x86_64-linux-gnu-g++-5)
Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /usr/bin/x86_64-linux-gnu-g++)
Disable /usr/bin/x86_64-linux-gnu-g++-7
Disable /usr/bin/x86_64-linux-gnu-g++-9
Disable /usr/bin/gcc-5 (requested /usr/bin/x86_64-linux-gnu-gcc-5)
Disable /usr/bin/gcc-ar-5 (requested /usr/bin/x86_64-linux-gnu-gcc-ar-5)
Disable /usr/bin/gcc-nm-5 (requested /usr/bin/x86_64-linux-gnu-gcc-nm-5)
Disable /usr/bin/gcc-ranlib-5 (requested /usr/bin/x86_64-linux-gnu-gcc-ranlib-5)
Disable /usr/bin/c89-gcc
Disable /usr/bin/c99-gcc
Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /usr/bin/x86_64-linux-gnu-gcc)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9 (requested /usr/bin/x86_64-linux-gnu-gcc-ar)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9 (requested /usr/bin/x86_64-linux-gnu-gcc-nm)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9 (requested /usr/bin/x86_64-linux-gnu-gcc-ranlib)
Disable /usr/bin/aarch64-linux-gnu-gcc-9 (requested /usr/bin/aarch64-linux-gnu-gcc)
Disable /usr/bin/aarch64-linux-gnu-gcc-ar-9 (requested /usr/bin/aarch64-linux-gnu-gcc-ar)
Disable /usr/bin/aarch64-linux-gnu-gcc-nm-9 (requested /usr/bin/aarch64-linux-gnu-gcc-nm)
Disable /usr/bin/aarch64-linux-gnu-gcc-ranlib-9 (requested /usr/bin/aarch64-linux-gnu-gcc-ranlib)
Disable /usr/bin/x86_64-linux-gnu-gcc-7
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-7
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-7
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-7
Disable /usr/bin/aarch64-linux-gnu-gcc-9
Disable /usr/bin/aarch64-linux-gnu-gcc-ar-9
Disable /usr/bin/aarch64-linux-gnu-gcc-nm-9
Disable /usr/bin/aarch64-linux-gnu-gcc-ranlib-9
Disable /usr/bin/x86_64-linux-gnu-gcc-9
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9
Disable /usr/bin/g++-5 (requested /usr/bin/x86_64-linux-gnu-g++-5)
Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /usr/bin/x86_64-linux-gnu-g++)
Disable /usr/bin/x86_64-linux-gnu-g++-7
Disable /usr/bin/x86_64-linux-gnu-g++-9
Disable /usr/include
Disable /usr/lib/go-1.14/bin/go (requested /usr/bin/go)
Disable /usr/lib/go-1.14/bin/gofmt (requested /usr/bin/gofmt)
Not blacklist /usr/local/bin/java
Not blacklist /usr/bin/java
Not blacklist /bin/java
Not blacklist /usr/local/games/java
Not blacklist /usr/games/java
Not blacklist /sbin/java
Not blacklist /usr/local/sbin/java
Not blacklist /home/mdomann/.scripte/java
Not blacklist /usr/sbin/java
Not blacklist /home/mdomann/.scripte/backup/java
Not blacklist /home/mdomann/.dotfiles/bin/java
Not blacklist /home/mdomann/.local/bin/java
Not blacklist /home/mdomann/handy/android_home_tools/android-sdk-linux/platform-tools/java
Not blacklist /home/mdomann/handy/android_home_tools/android-sdk-linux/tools/java
Not blacklist /home/mdomann/handy/android_home_tools/android-sdk-linux/tools/bin/java
Disable /usr/lib/jvm/java-11-openjdk-amd64/bin/javac (requested /usr/bin/javac)
Not blacklist /etc/java
Not blacklist /usr/lib/java
Not blacklist /usr/share/java
Disable /usr/bin/openssl
Disable /usr/lib/valgrind
Mounting noexec /home/mdomann/media/jd2
2544 2246 0:60 /homefs/mdomann/media/jd2 /home/mdomann/media/jd2 rw,nosuid,nodev,noexec,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=661,subvol=/homefs/mdomann/media/jd2
mountid=2544 fsname=/homefs/mdomann/media/jd2 dir=/home/mdomann/media/jd2 fstype=btrfs
Mounting noexec /home/mdomann/.config/ibus
2545 2247 0:60 /homefs/mdomann/.config/ibus /home/mdomann/.config/ibus rw,nosuid,nodev,noexec,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs/mdomann/.config/ibus
mountid=2545 fsname=/homefs/mdomann/.config/ibus dir=/home/mdomann/.config/ibus fstype=btrfs
Mounting noexec /home/mdomann/.config/mimeapps.list
2546 2248 0:60 /homefs/mdomann/.config/mimeapps.list /home/mdomann/.config/mimeapps.list rw,nosuid,nodev,noexec,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs/mdomann/.config/mimeapps.list
mountid=2546 fsname=/homefs/mdomann/.config/mimeapps.list dir=/home/mdomann/.config/mimeapps.list fstype=btrfs
Mounting noexec /home/mdomann/.config/user-dirs.dirs
2547 2249 0:60 /homefs/mdomann/.config/user-dirs.dirs /home/mdomann/.config/user-dirs.dirs rw,nosuid,nodev,noexec,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs/mdomann/.config/user-dirs.dirs
mountid=2547 fsname=/homefs/mdomann/.config/user-dirs.dirs dir=/home/mdomann/.config/user-dirs.dirs fstype=btrfs
Mounting noexec /home/mdomann/.local/share/applications
2548 2304 0:60 /homefs/mdomann/.local/share/applications /home/mdomann/.local/share/applications ro,nosuid,nodev,noexec,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs/mdomann/.local/share/applications
mountid=2548 fsname=/homefs/mdomann/.local/share/applications dir=/home/mdomann/.local/share/applications fstype=btrfs
Mounting noexec /home/mdomann/.local/share/icons
2549 2251 0:60 /homefs/mdomann/.local/share/icons /home/mdomann/.local/share/icons rw,nosuid,nodev,noexec,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs/mdomann/.local/share/icons
mountid=2549 fsname=/homefs/mdomann/.local/share/icons dir=/home/mdomann/.local/share/icons fstype=btrfs
Mounting noexec /home/mdomann/.local/share/mime
2550 2252 0:60 /homefs/mdomann/.local/share/mime /home/mdomann/.local/share/mime rw,nosuid,nodev,noexec,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs/mdomann/.local/share/mime
mountid=2550 fsname=/homefs/mdomann/.local/share/mime dir=/home/mdomann/.local/share/mime fstype=btrfs
Mounting noexec /home/mdomann/.config/dconf
2551 2270 0:60 /homefs/mdomann/.config/dconf /home/mdomann/.config/dconf ro,nosuid,nodev,noexec,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs/mdomann/.config/dconf
mountid=2551 fsname=/homefs/mdomann/.config/dconf dir=/home/mdomann/.config/dconf fstype=btrfs
Mounting noexec /home/mdomann/.config/gtk-2.0
2552 2254 0:60 /homefs/mdomann/.config/gtk-2.0 /home/mdomann/.config/gtk-2.0 rw,nosuid,nodev,noexec,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs/mdomann/.config/gtk-2.0
mountid=2552 fsname=/homefs/mdomann/.config/gtk-2.0 dir=/home/mdomann/.config/gtk-2.0 fstype=btrfs
Mounting noexec /home/mdomann/.config/gtk-3.0
2553 2255 0:60 /homefs/mdomann/.config/gtk-3.0 /home/mdomann/.config/gtk-3.0 rw,nosuid,nodev,noexec,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs/mdomann/.config/gtk-3.0
mountid=2553 fsname=/homefs/mdomann/.config/gtk-3.0 dir=/home/mdomann/.config/gtk-3.0 fstype=btrfs
Mounting noexec /home/mdomann/.gtkrc
2554 2256 0:60 /homefs/mdomann/.gtkrc /home/mdomann/.gtkrc rw,nosuid,nodev,noexec,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs/mdomann/.gtkrc
mountid=2554 fsname=/homefs/mdomann/.gtkrc dir=/home/mdomann/.gtkrc fstype=btrfs
Mounting noexec /home/mdomann/.gtkrc-2.0
2555 2257 0:60 /homefs/mdomann/.gtkrc-2.0 /home/mdomann/.gtkrc-2.0 rw,nosuid,nodev,noexec,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs/mdomann/.gtkrc-2.0
mountid=2555 fsname=/homefs/mdomann/.gtkrc-2.0 dir=/home/mdomann/.gtkrc-2.0 fstype=btrfs
Mounting noexec /home/mdomann/.config/Trolltech.conf
2556 2258 0:60 /homefs/mdomann/.config/Trolltech.conf /home/mdomann/.config/Trolltech.conf rw,nosuid,nodev,noexec,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs/mdomann/.config/Trolltech.conf
mountid=2556 fsname=/homefs/mdomann/.config/Trolltech.conf dir=/home/mdomann/.config/Trolltech.conf fstype=btrfs
Mounting noexec /run/user/1000
2559 2557 0:22 /firejail/firejail.ro.dir /run/user/1000/systemd rw,nosuid,nodev,noexec,relatime master:5 - tmpfs tmpfs rw,size=1632316k,mode=755
mountid=2559 fsname=/firejail/firejail.ro.dir dir=/run/user/1000/systemd fstype=tmpfs
Mounting noexec /dev/shm
2560 2220 0:144 /shm /dev/shm rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755
mountid=2560 fsname=/shm dir=/dev/shm fstype=tmpfs
Mounting noexec /tmp
2562 2561 0:50 /.X11-unix /tmp/.X11-unix rw,relatime master:33 - tmpfs tmpfs rw,size=4194304k
mountid=2562 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Mounting noexec /tmp/.X11-unix
2563 2562 0:50 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev,noexec,relatime master:33 - tmpfs tmpfs rw,size=4194304k
mountid=2563 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Mounting noexec /var
2568 2564 0:134 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw
mountid=2568 fsname=/ dir=/var/tmp fstype=tmpfs
Disable /usr/bin/lua50 (requested /usr/bin/lua)
Disable /usr/bin/luac50 (requested /usr/bin/luac)
Disable /usr/bin/lua-config50 (requested /usr/bin/lua-config)
Disable /usr/bin/lua50
Disable /usr/bin/luac50
Disable /usr/bin/lua-config50
Disable /usr/bin/luahbtex
Disable /usr/bin/luajithbtex
Disable /usr/bin/luajittex
Disable /usr/bin/luatex
Disable /usr/bin/luahbtex (requested /usr/bin/lualatex)
Disable /usr/bin/luahbtex (requested /usr/bin/lualatex-dev)
Disable /usr/share/texlive/texmf-dist/scripts/luaotfload/luaotfload-tool.lua (requested /usr/bin/luaotfload-tool)
Disable /usr/share/lua
Disable /usr/bin/cpansign
Disable /usr/bin/cpan5.28-x86_64-linux-gnu
Disable /usr/bin/cpanel_json_xs
Disable /usr/bin/dh-make-perl (requested /usr/bin/cpan2deb)
Disable /usr/bin/dh-make-perl (requested /usr/bin/cpan2dsc)
Disable /usr/bin/cpan5.30-i386-linux-gnu
Disable /usr/bin/cpan5.30-x86_64-linux-gnu
Disable /usr/bin/cpan
Disable /usr/bin/perl
Disable /usr/lib/perl5
Disable /usr/share/perl5
Disable /usr/share/perl
Disable /usr/share/perl-openssl-defaults
Disable /usr/bin/php7.4 (requested /usr/bin/php)
Disable /usr/bin/php7.4
Disable /usr/lib/php
Disable /usr/share/php
Disable /usr/share/php7.4-common
Disable /usr/share/php7.4-json
Disable /usr/share/php7.4-opcache
Disable /usr/share/php7.4-readline
Disable /usr/share/php7.4-curl
Disable /usr/share/php7.4-mbstring
Disable /usr/share/php7.4-xml
Disable /usr/bin/ruby2.7 (requested /usr/bin/ruby)
Disable /usr/lib/ruby
Disable /usr/bin/python2.7-pyrexc
Disable /usr/bin/x86_64-linux-gnu-python2.7-config (requested /usr/bin/python2-config)
Disable /usr/bin/python2.7 (requested /usr/bin/python2)
Disable /usr/bin/python2-futurize
Disable /usr/bin/python2-pasteurize
Disable /usr/bin/x86_64-linux-gnu-python2.7-config (requested /usr/bin/python2.7-config)
Disable /usr/bin/python2.7
Disable /usr/lib/python2.7
Disable /usr/lib/python2.6
Disable /usr/local/lib/python2.7
Disable /usr/bin/python3.5
Disable /usr/bin/python3.5m
Disable /usr/bin/python3.6
Disable /usr/bin/python3.6m
Disable /usr/bin/python3-unidiff
Disable /usr/bin/python3-qr
Disable /usr/bin/x86_64-linux-gnu-python3.8-config (requested /usr/bin/python3.8-config)
Disable /usr/bin/python3.8
Disable /usr/bin/x86_64-linux-gnu-python3.8-config (requested /usr/bin/python3-config)
Disable /usr/bin/python3.8 (requested /usr/bin/python3)
Disable /usr/lib/python3
Disable /usr/lib/python3.5
Disable /usr/lib/python3.6
Disable /usr/lib/python3.7
Disable /usr/lib/python3.8
Disable /usr/local/lib/python3.5
Disable /usr/local/lib/python3.6
Disable /usr/local/lib/python3.7
Disable /usr/local/lib/python3.8
Disable /usr/share/python3
Not blacklist /home/mdomann/.java
Mounting read-only /home/mdomann/.config/user-dirs.dirs
2685 2547 0:60 /homefs/mdomann/.config/user-dirs.dirs /home/mdomann/.config/user-dirs.dirs ro,nosuid,nodev,noexec,relatime master:448 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs/mdomann/.config/user-dirs.dirs
mountid=2685 fsname=/homefs/mdomann/.config/user-dirs.dirs dir=/home/mdomann/.config/user-dirs.dirs fstype=btrfs
Mounting read-only /tmp/.X11-unix
2686 2563 0:50 /.X11-unix /tmp/.X11-unix ro,nosuid,nodev,noexec,relatime master:33 - tmpfs tmpfs rw,size=4194304k
mountid=2686 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Disable /sys/fs
Disable /sys/module
disable pulseaudio
blacklist /run/user/1000/pulse/native
blacklist /run/user/1000/pulse/native
Current directory: /home/mdomann/media/jd2
DISPLAY=:0.0 parsed as 0
Install protocol filter: unix,inet,inet6
configuring 14 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol (null) 
Dropping all capabilities
Drop privileges: pid 6, uid 1000, gid 1000, nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 15 01 00 00000029   jeq socket 0006 (false 0005)
 0005: 06 00 00 7fff0000   ret ALLOW
 0006: 20 00 00 00000010   ld  data.args[0]
 0007: 15 00 01 00000001   jeq 1 0008 (false 0009)
 0008: 06 00 00 7fff0000   ret ALLOW
 0009: 15 00 01 00000002   jeq 2 000a (false 000b)
 000a: 06 00 00 7fff0000   ret ALLOW
 000b: 15 00 01 0000000a   jeq a 000c (false 000d)
 000c: 06 00 00 7fff0000   ret ALLOW
 000d: 06 00 00 0005005f   ret ERRNO(95)
configuring 54 seccomp entries in /run/firejail/mnt/seccomp/seccomp.32
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.32 (null) 
Dropping all capabilities
Drop privileges: pid 7, uid 1000, gid 1000, nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 40000003   jeq ARCH_32 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 15 30 00 00000015   jeq 15 0035 (false 0005)
 0005: 15 2f 00 00000034   jeq 34 0035 (false 0006)
 0006: 15 2e 00 0000001a   jeq 1a 0035 (false 0007)
 0007: 15 2d 00 0000011b   jeq 11b 0035 (false 0008)
 0008: 15 2c 00 00000155   jeq 155 0035 (false 0009)
 0009: 15 2b 00 00000156   jeq 156 0035 (false 000a)
 000a: 15 2a 00 0000007f   jeq 7f 0035 (false 000b)
 000b: 15 29 00 00000080   jeq 80 0035 (false 000c)
 000c: 15 28 00 0000015e   jeq 15e 0035 (false 000d)
 000d: 15 27 00 00000081   jeq 81 0035 (false 000e)
 000e: 15 26 00 0000006e   jeq 6e 0035 (false 000f)
 000f: 15 25 00 00000065   jeq 65 0035 (false 0010)
 0010: 15 24 00 00000121   jeq 121 0035 (false 0011)
 0011: 15 23 00 00000057   jeq 57 0035 (false 0012)
 0012: 15 22 00 00000073   jeq 73 0035 (false 0013)
 0013: 15 21 00 00000067   jeq 67 0035 (false 0014)
 0014: 15 20 00 0000015b   jeq 15b 0035 (false 0015)
 0015: 15 1f 00 0000015c   jeq 15c 0035 (false 0016)
 0016: 15 1e 00 00000087   jeq 87 0035 (false 0017)
 0017: 15 1d 00 00000095   jeq 95 0035 (false 0018)
 0018: 15 1c 00 0000007c   jeq 7c 0035 (false 0019)
 0019: 15 1b 00 00000157   jeq 157 0035 (false 001a)
 001a: 15 1a 00 000000fd   jeq fd 0035 (false 001b)
 001b: 15 19 00 00000150   jeq 150 0035 (false 001c)
 001c: 15 18 00 00000152   jeq 152 0035 (false 001d)
 001d: 15 17 00 0000015d   jeq 15d 0035 (false 001e)
 001e: 15 16 00 0000011e   jeq 11e 0035 (false 001f)
 001f: 15 15 00 0000011f   jeq 11f 0035 (false 0020)
 0020: 15 14 00 00000120   jeq 120 0035 (false 0021)
 0021: 15 13 00 00000056   jeq 56 0035 (false 0022)
 0022: 15 12 00 00000033   jeq 33 0035 (false 0023)
 0023: 15 11 00 0000007b   jeq 7b 0035 (false 0024)
 0024: 15 10 00 000000d9   jeq d9 0035 (false 0025)
 0025: 15 0f 00 000000f5   jeq f5 0035 (false 0026)
 0026: 15 0e 00 000000f6   jeq f6 0035 (false 0027)
 0027: 15 0d 00 000000f7   jeq f7 0035 (false 0028)
 0028: 15 0c 00 000000f8   jeq f8 0035 (false 0029)
 0029: 15 0b 00 000000f9   jeq f9 0035 (false 002a)
 002a: 15 0a 00 00000101   jeq 101 0035 (false 002b)
 002b: 15 09 00 00000112   jeq 112 0035 (false 002c)
 002c: 15 08 00 00000114   jeq 114 0035 (false 002d)
 002d: 15 07 00 00000126   jeq 126 0035 (false 002e)
 002e: 15 06 00 0000013d   jeq 13d 0035 (false 002f)
 002f: 15 05 00 0000013c   jeq 13c 0035 (false 0030)
 0030: 15 04 00 0000003d   jeq 3d 0035 (false 0031)
 0031: 15 03 00 00000058   jeq 58 0035 (false 0032)
 0032: 15 02 00 000000a9   jeq a9 0035 (false 0033)
 0033: 15 01 00 00000082   jeq 82 0035 (false 0034)
 0034: 06 00 00 7fff0000   ret ALLOW
 0035: 06 00 00 00000000   ret KILL
Dual 32/64 bit seccomp filter configured
configuring 72 seccomp entries in /run/firejail/mnt/seccomp/seccomp
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp (null) 
Dropping all capabilities
Drop privileges: pid 8, uid 1000, gid 1000, nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 35 01 00 40000000   jge X32_ABI 0006 (false 0005)
 0005: 35 01 00 00000000   jge read 0007 (false 0006)
 0006: 06 00 00 00050001   ret ERRNO(1)
 0007: 15 3f 00 0000009f   jeq adjtimex 0047 (false 0008)
 0008: 15 3e 00 00000131   jeq clock_adjtime 0047 (false 0009)
 0009: 15 3d 00 000000e3   jeq clock_settime 0047 (false 000a)
 000a: 15 3c 00 000000a4   jeq settimeofday 0047 (false 000b)
 000b: 15 3b 00 0000009a   jeq modify_ldt 0047 (false 000c)
 000c: 15 3a 00 000000d4   jeq lookup_dcookie 0047 (false 000d)
 000d: 15 39 00 0000012a   jeq perf_event_open 0047 (false 000e)
 000e: 15 38 00 00000137   jeq process_vm_writev 0047 (false 000f)
 000f: 15 37 00 000000b0   jeq delete_module 0047 (false 0010)
 0010: 15 36 00 00000139   jeq finit_module 0047 (false 0011)
 0011: 15 35 00 000000af   jeq init_module 0047 (false 0012)
 0012: 15 34 00 0000009c   jeq _sysctl 0047 (false 0013)
 0013: 15 33 00 000000b7   jeq afs_syscall 0047 (false 0014)
 0014: 15 32 00 000000ae   jeq create_module 0047 (false 0015)
 0015: 15 31 00 000000b1   jeq get_kernel_syms 0047 (false 0016)
 0016: 15 30 00 000000b5   jeq getpmsg 0047 (false 0017)
 0017: 15 2f 00 000000b6   jeq putpmsg 0047 (false 0018)
 0018: 15 2e 00 000000b2   jeq query_module 0047 (false 0019)
 0019: 15 2d 00 000000b9   jeq security 0047 (false 001a)
 001a: 15 2c 00 0000008b   jeq sysfs 0047 (false 001b)
 001b: 15 2b 00 000000b8   jeq tuxcall 0047 (false 001c)
 001c: 15 2a 00 00000086   jeq uselib 0047 (false 001d)
 001d: 15 29 00 00000088   jeq ustat 0047 (false 001e)
 001e: 15 28 00 000000ec   jeq vserver 0047 (false 001f)
 001f: 15 27 00 000000ad   jeq ioperm 0047 (false 0020)
 0020: 15 26 00 000000ac   jeq iopl 0047 (false 0021)
 0021: 15 25 00 000000f6   jeq kexec_load 0047 (false 0022)
 0022: 15 24 00 00000140   jeq kexec_file_load 0047 (false 0023)
 0023: 15 23 00 000000a9   jeq reboot 0047 (false 0024)
 0024: 15 22 00 000000a7   jeq swapon 0047 (false 0025)
 0025: 15 21 00 000000a8   jeq swapoff 0047 (false 0026)
 0026: 15 20 00 00000130   jeq open_by_handle_at 0047 (false 0027)
 0027: 15 1f 00 0000012f   jeq name_to_handle_at 0047 (false 0028)
 0028: 15 1e 00 000000fb   jeq ioprio_set 0047 (false 0029)
 0029: 15 1d 00 00000067   jeq syslog 0047 (false 002a)
 002a: 15 1c 00 0000012c   jeq fanotify_init 0047 (false 002b)
 002b: 15 1b 00 00000138   jeq kcmp 0047 (false 002c)
 002c: 15 1a 00 000000f8   jeq add_key 0047 (false 002d)
 002d: 15 19 00 000000f9   jeq request_key 0047 (false 002e)
 002e: 15 18 00 000000ed   jeq mbind 0047 (false 002f)
 002f: 15 17 00 00000100   jeq migrate_pages 0047 (false 0030)
 0030: 15 16 00 00000117   jeq move_pages 0047 (false 0031)
 0031: 15 15 00 000000fa   jeq keyctl 0047 (false 0032)
 0032: 15 14 00 000000ce   jeq io_setup 0047 (false 0033)
 0033: 15 13 00 000000cf   jeq io_destroy 0047 (false 0034)
 0034: 15 12 00 000000d0   jeq io_getevents 0047 (false 0035)
 0035: 15 11 00 000000d1   jeq io_submit 0047 (false 0036)
 0036: 15 10 00 000000d2   jeq io_cancel 0047 (false 0037)
 0037: 15 0f 00 000000d8   jeq remap_file_pages 0047 (false 0038)
 0038: 15 0e 00 00000143   jeq userfaultfd 0047 (false 0039)
 0039: 15 0d 00 000000a3   jeq acct 0047 (false 003a)
 003a: 15 0c 00 00000141   jeq bpf 0047 (false 003b)
 003b: 15 0b 00 000000a1   jeq chroot 0047 (false 003c)
 003c: 15 0a 00 000000a5   jeq mount 0047 (false 003d)
 003d: 15 09 00 000000b4   jeq nfsservctl 0047 (false 003e)
 003e: 15 08 00 0000009b   jeq pivot_root 0047 (false 003f)
 003f: 15 07 00 000000ab   jeq setdomainname 0047 (false 0040)
 0040: 15 06 00 000000aa   jeq sethostname 0047 (false 0041)
 0041: 15 05 00 000000a6   jeq umount2 0047 (false 0042)
 0042: 15 04 00 00000099   jeq vhangup 0047 (false 0043)
 0043: 15 03 00 00000065   jeq ptrace 0047 (false 0044)
 0044: 15 02 00 00000087   jeq personality 0047 (false 0045)
 0045: 15 01 00 00000136   jeq process_vm_readv 0047 (false 0046)
 0046: 06 00 00 7fff0000   ret ALLOW
 0047: 06 00 01 00000000   ret KILL
seccomp filter configured
Mounting read-only /run/firejail/mnt/seccomp
Dropping all capabilities
noroot user namespace installed
Dropping all capabilities
NO_NEW_PRIVS set
Drop privileges: pid 1, uid 1000, gid 1000, nogroups 1
No supplementary groups
starting application
LD_PRELOAD=(null)
execvp argument 0: bash
Child process initialized in 79.81 ms
Searching $PATH for bash
trying #/usr/local/bin/bash#
trying #/usr/bin/bash#
trying #/bin/bash#
Installing /run/firejail/mnt/seccomp/seccomp seccomp filter
Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter
Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter
monitoring pid 9

mdomann@sysiphus:~/media/jd2$ ls -lha /usr/lib/jvm/
insgesamt 12K
drwxr-xr-x 1 nobody nogroup  288 Apr 17 11:53 .
drwxr-xr-x 1 nobody nogroup  12K Apr 15 14:13 ..
lrwxrwxrwx 1 nobody nogroup   25 Jul 17  2019 default-java -> java-1.11.0-openjdk-amd64
lrwxrwxrwx 1 nobody nogroup   21 Okt  3  2018 java-1.11.0-openjdk-amd64 -> java-11-openjdk-amd64
-rw-r--r-- 1 nobody nogroup 2,0K Apr 16 14:40 .java-1.11.0-openjdk-amd64.jinfo
drwxr-xr-x 1 nobody nogroup   82 Apr 17 11:53 java-11-openjdk-amd64
drwxr-xr-x 1 nobody nogroup   12 Mär 19  2018 java-1.5.0-gcj-5-amd64
drwxr-xr-x 1 nobody nogroup   12 Mär 19  2018 java-1.5.0-gcj-6-amd64
drwxr-xr-x 1 nobody nogroup   14 Apr 17 11:53 openjdk-11
mdomann@sysiphus:~/media/jd2

I have also tested every single option in the profile through commenting out, no success.

rusty-snake commented 4 years ago

I have also tested every single option in the profile through commenting out, no success.

Sometimes it is more then one options. As long as firejail --noprofile jdownloader works the issue is with the profile.

Micha-Btz commented 4 years ago

Ah, ok. I have tested with noprofile and it worked. I have found the problem, it is disable-exec.inc. Debians default includes:

/etc/firejail$ cat disable-exec.inc
# This file is overwritten during software install.
# Persistent customizations should go in a .local file.
include disable-exec.local

noexec ${HOME}
noexec ${RUNUSER}
noexec /dev/shm
noexec /tmp
# /var is noexec by default for unprivileged users
# except there is a writable-var option, so just in case:
noexec /var

The problem is #noexec ${HOME}, can I seperately disable this flag in the profile or must I disable the complete disable-exec.inc?

Also makes ipc-namespace in the profile the gui extremly slow, what is this for? The manpage tells me Enable IPC namespace, but for what is that needed?

rusty-snake commented 4 years ago

can I seperately disable this flag in the profile

just add ignore noexec ${HOME} like in other profiles.

Also makes ipc-namespace in the profile the gui extremly slow, what is this for? The manpage tells me Enable IPC namespace, but for what is that needed?

Linux knows differnet namspaces (network, mount, ... see man namespaces). firejail, docker, bubblewrap, systemd-nspawn and so on use namespaces to separate things. In firejail a sandbox has always a own PID-namespace, all other are opt-in by options like net, hostname, noroot, .... ipc-namespace makes to sandbox has its own ipc (=System V inter-process-communication) namespace. ipc-namespace works fine for CLI-programs and wayland, but break some X11 features.

Micha-Btz commented 4 years ago

Ok, thanks a lot. For those with a similar problem, the working profile:

~/.config/firejail$ cat JDownloader.profile 

~/.config/firejail$ cat JDownloader.profile
# Firejail profile for JDownloader
# This file is overwritten after every install/update
# Persistent local customizations
#include JDownloader.local
# Persistent global definitions
#include globals.local

noblacklist ${HOME}/media/jd2
mkdir ${HOME}/media/jd2
whitelist ${HOME}/media/jd2

ignore noexec ${HOME}

# Allow java (blacklisted by disable-devel.inc)
include allow-java.inc

include disable-common.inc
include disable-devel.inc
include disable-exec.inc
include disable-interpreters.inc
include disable-passwdmgr.inc
include disable-programs.inc
include disable-xdg.inc

#whitelist ${DOWNLOADS}
include whitelist-common.inc
include whitelist-var-common.inc

caps.drop all
#ipc-namespace
netfilter
no3d
nodvd
nogroups
nonewprivs
noroot
nosound
notv
nou2f
novideo
protocol unix,inet,inet6
seccomp
shell none

private-cache
private-dev
private-tmp
QGB commented 3 years ago

su qgb bash # sh: "0: Can't open bash"

rusty-snake commented 3 years ago

@QGB a bit more context is helpfull. What did you tried? Which distro and firejail version do you use? ...