Unable to start Firefox v84.0.1 on Debian 10 (Buster)

[x10an14]

Bug and expected behavior

[2020-12-31 13:19:52] 0 x10an14@x10-desktop:~
-> $ firejail firefox 
Reading profile /etc/firejail/firefox.profile
Reading profile /etc/firejail/firefox-common.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Warning: networking feature is disabled in Firejail configuration file
Parent pid 7979, child pid 7980
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Post-exec seccomp protector enabled
Seccomp list in: @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice, check list: @default-keep, prelist: adjtimex,clock_adjtime,clock_settime,settimeofday,modify_ldt,lookup_dcookie,perf_event_open,process_vm_writev,delete_module,finit_module,init_module,_sysctl,afs_syscall,create_module,get_kernel_syms,getpmsg,putpmsg,query_module,security,sysfs,tuxcall,uselib,ustat,vserver,ioperm,iopl,kexec_load,kexec_file_load,reboot,set_mempolicy,migrate_pages,move_pages,mbind,swapon,swapoff,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount2,userfaultfd,vhangup,vmsplice,
Child process initialized in 188.29 ms
Error: no suitable firefox executable found

Parent is shutting down, bye...
[2020-12-31 13:20:17] 1 x10an14@x10-desktop:~
-> $ 

What did you expect to happen?

Firefox to start

No profile and disabling firejail

• What changed calling firejail --noprofile /path/to/program in a terminal?

  • firefox could start:

  [2020-12-31 13:21:33] 0 x10an14@x10-desktop:~
  -> $ firejail --noprofile firefox 
  Parent pid 8275, child pid 8276
  Child process initialized in 33.72 ms
  # Firefox window opened up

  • What changed calling the program by path (check which <program> or firejail --list while the sandbox is running)?

  [2020-12-31 13:21:33] 0 x10an14@x10-desktop:~
  -> $ firejail --noprofile firefox 
  Parent pid 8275, child pid 8276
  Child process initialized in 33.72 ms
  
  ###!!! [Parent][RunMessage] Error: Channel closing: too late to send/recv, messages will be lost
  
  ###!!! [Parent][RunMessage] Error: Channel closing: too late to send/recv, messages will be lost
  
  ###!!! [Parent][RunMessage] Error: Channel closing: too late to send/recv, messages will be lost
  
  ###!!! [Parent][RunMessage] Error: Channel closing: too late to send/recv, messages will be lost
  
  ^C
  Parent received signal 2, shutting down the child process...
  
  Child received signal 2, shutting down the sandbox...
  
  Parent is shutting down, bye...
  [2020-12-31 13:32:35] 2 x10an14@x10-desktop:~
  -> $ firejail --noprofile /opt/firefox/firefox 
  Parent pid 11373, child pid 11374
  Child process initialized in 32.13 ms
  # Firefox window opened up

Reproduce

Steps to reproduce the behavior:

firejail firefox or firejail /opt/firefox/firefox

Environment

• Linux distribution and version (ie output of lsb_release -a, screenfetch or cat /etc/os-release)

  [2020-12-31 13:24:21] 0 x10an14@x10-desktop:~
  -> $ which firefox 
  /usr/bin/firefox
  [2020-12-31 13:24:26] 0 x10an14@x10-desktop:~
  -> $ firejail --list
  8275:x10an14::firejail --noprofile firefox 
  [2020-12-31 13:24:33] 0 x10an14@x10-desktop:~
  -> $ ps auxZ | grep '[f]irefox'
  pts/0 S+ 13:21 0:00 firejail --noprofile firefox
  unconfined x10an14 8276 0.0 0.0 3976 1928 pts/0 S+ 13:21 0:00 firejail --noprofile firefox
  unconfined x10an14 8278 19.7 3.4 4369328 1136980 pts/0 Sl+ 13:21 0:50 firefox
  unconfined x10an14 8410 1.8 0.8 2982748 290616 pts/0 Sl+ 13:21 0:04 /mnt/2tbRAID10/opt/firefox-v80.0.1/firefox-bin -contentproc -childID 1 -isForBrowser -prefsLen 1 -prefMapSize 242168 -parentBuildID 20201221152838 -appdir /mnt/2tbRAID10/opt/firefox-v80.0.1/browser 2 true tab
  unconfined x10an14 8462 3.8 1.0 2834452 336024 pts/0 Sl+ 13:21 0:09 /mnt/2tbRAID10/opt/firefox-v80.0.1/firefox-bin -contentproc -childID 2 -isForBrowser -prefsLen 244 -prefMapSize 242168 -parentBuildID 20201221152838 -appdir /mnt/2tbRAID10/opt/firefox-v80.0.1/browser 2 true tab
  unconfined x10an14 8514 1.3 0.8 2740232 289176 pts/0 Sl+ 13:21 0:03 /mnt/2tbRAID10/opt/firefox-v80.0.1/firefox-bin -contentproc -childID 3 -isForBrowser -prefsLen 907 -prefMapSize 242168 -parentBuildID 20201221152838 -appdir /mnt/2tbRAID10/opt/firefox-v80.0.1/browser 2 true tab
  unconfined x10an14 8533 0.3 0.4 2482472 133472 pts/0 Sl+ 13:21 0:00 /mnt/2tbRAID10/opt/firefox-v80.0.1/firefox-bin -contentproc -childID 4 -isForBrowser -prefsLen 907 -prefMapSize 242168 -parentBuildID 20201221152838 -appdir /mnt/2tbRAID10/opt/firefox-v80.0.1/browser 2 true tab
  unconfined x10an14 8558 13.5 2.3 10071028 766364 pts/0 Sl+ 13:21 0:34 /mnt/2tbRAID10/opt/firefox-v80.0.1/firefox-bin -contentproc -childID 5 -isForBrowser -prefsLen 907 -prefMapSize 242168 -parentBuildID 20201221152838 -appdir /mnt/2tbRAID10/opt/firefox-v80.0.1/browser 2 true tab
  unconfined x10an14 8583 4.2 1.0 2800312 344880 pts/0 Sl+ 13:21 0:10 /mnt/2tbRAID10/opt/firefox-v80.0.1/firefox-bin -contentproc -childID 6 -isForBrowser -prefsLen 907 -prefMapSize 242168 -parentBuildID 20201221152838 -appdir /mnt/2tbRAID10/opt/firefox-v80.0.1/browser 2 true tab
  unconfined x10an14 8603 1.3 0.6 2757624 218212 pts/0 Sl+ 13:21 0:03 /mnt/2tbRAID10/opt/firefox-v80.0.1/firefox-bin -contentproc -childID 7 -isForBrowser -prefsLen 907 -prefMapSize 242168 -parentBuildID 20201221152838 -appdir /mnt/2tbRAID10/opt/firefox-v80.0.1/browser 2 true tab
  unconfined x10an14 8628 1.6 0.6 2713612 222428 pts/0 Sl+ 13:21 0:04 /mnt/2tbRAID10/opt/firefox-v80.0.1/firefox-bin -contentproc -childID 8 -isForBrowser -prefsLen 907 -prefMapSize 242168 -parentBuildID 20201221152838 -appdir /mnt/2tbRAID10/opt/firefox-v80.0.1/browser 2 true tab
  unconfined x10an14 8653 2.5 0.8 2738180 273304 pts/0 Sl+ 13:21 0:06 /mnt/2tbRAID10/opt/firefox-v80.0.1/firefox-bin -contentproc -childID 9 -isForBrowser -prefsLen 907 -prefMapSize 242168 -parentBuildID 20201221152838 -appdir /mnt/2tbRAID10/opt/firefox-v80.0.1/browser 2 true tab
  unconfined x10an14 8967 0.4 0.5 2639376 193180 pts/0 Sl+ 13:21 0:01 /mnt/2tbRAID10/opt/firefox-v80.0.1/firefox-bin -contentproc -childID 10 -isForBrowser -prefsLen 7465 -prefMapSize 242168 -parentBuildID 20201221152838 -appdir /mnt/2tbRAID10/opt/firefox-v80.0.1/browser 2 true tab
  [2020-12-31 13:25:53] 0 x10an14@x10-desktop:~
  -> $ ls -Flasch $(which firefox)
  0 lrwxrwxrwx 1 root root 20 Dec 31 12:54 /usr/bin/firefox -> /opt/firefox/firefox*
  [2020-12-31 13:26:04] 0 x10an14@x10-desktop:~
  -> $ screenfetch 
         _,met$$$$$gg.           x10an14@x10-desktop
      ,g$$$$$$$$$$$$$$$P.        OS: Debian 10 buster
    ,g$$P""       """Y$$.".      Kernel: x86_64 Linux 4.19.0-13-amd64
   ,$$P'              `$$$.      Uptime: 3h 31m
  ',$$P       ,ggs.     `$$b:    Packages: 3898
  `d$$'     ,$P"'   .    $$$     Shell: bash 5.0.3
   $$P      d$'     ,    $$P     Resolution: 6560x2560
   $$:      $$.   -    ,d$$'     WM: i3
   $$\;      Y$b._   _,d$P'      CPU: AMD Ryzen 5 2600 Six-Core @ 12x 3.749GHz [36.0°C]
   Y$$.    `.`"Y$$$$P"'          GPU: GeForce GTX 1080
   `$$b      "-.__               RAM: 4635MiB / 32161MiB
    `Y$$                        
     `Y$$.                      
       `$$b.                    
         `Y$$b.                 
            `"Y$b._             
                `""""           
  
  [2020-12-31 13:34:32] 0 x10an14@x10-desktop:~
  -> $ 

• Firejail version (output of firejail --version) exclusive or used git commit (git rev-parse HEAD)

  [2020-12-31 13:26:04] 0 x10an14@x10-desktop:~
  -> $ firejail --version
  firejail version 0.9.58.2
  
  Compile time support:
    - AppArmor support is enabled
    - AppImage support is enabled
    - chroot support is enabled
    - file and directory whitelisting support is enabled
    - file transfer support is enabled
    - networking support is enabled
    - overlayfs support is enabled
    - private-home support is enabled
    - seccomp-bpf support is enabled
    - user namespace support is enabled
    - X11 sandboxing support is enabled
  
  [2020-12-31 13:28:06] 0 x10an14@x10-desktop:~
  -> $ 

Additional context

Other context about the problem like related errors to understand the problem.

Checklist

• [x] The upstream profile (and redirect profile if exists) have no changes fixing it.
• [x] The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
• [x] A short search for duplicates was performed.
• [x] If it is a AppImage, --profile=PROFILENAME is used to set the right profile.
• [x] Used LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 PROGRAM to get english error-messages.
• [ ] I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.

debug output

``` [2020-12-31 13:34:32] 0 x10an14@x10-desktop:~ -> $ firejail --debug firefox Autoselecting /bin/bash as shell Building quoted command line: 'firefox' Command name #firefox# Found firefox.profile profile in /etc/firejail directory Reading profile /etc/firejail/firefox.profile Found firefox-common.profile profile in /etc/firejail directory Reading profile /etc/firejail/firefox-common.profile Found disable-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-common.inc Found disable-devel.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-devel.inc Found disable-interpreters.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-interpreters.inc Found disable-programs.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-programs.inc Found whitelist-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-common.inc Found whitelist-var-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-var-common.inc Warning: networking feature is disabled in Firejail configuration file conditional BROWSER_DISABLE_U2F, nou2f DISPLAY=:0 parsed as 0 Using the local network stack Parent pid 12868, child pid 12869 Initializing child process Host network configured PID namespace installed Mounting tmpfs on /run/firejail/mnt directory Creating empty /run/firejail/mnt/seccomp directory Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file IBUS_ADDRESS=unix:abstract=/tmp/dbus-xgD4t6tj,guid=bb16cef9fa1c97e51f67c76f5fed9413 IBUS_DAEMON_PID=2104 Build protocol filter: unix,inet,inet6,netlink sbox run: /run/firejail/lib/fseccomp protocol build unix,inet,inet6,netlink /run/firejail/mnt/seccomp/seccomp.protocol (null) Dropping all capabilities Drop privileges: pid 2, uid 1000, gid 1000, nogroups 1 No supplementary groups Basic read-only filesystem: Mounting read-only /etc Mounting noexec /etc Mounting read-only /var Mounting noexec /var Mounting read-only /bin Mounting read-only /sbin Mounting read-only /lib Mounting read-only /lib64 Mounting read-only /lib32 Mounting read-only /libx32 Mounting read-only /usr Mounting tmpfs on /var/lock Mounting tmpfs on /var/tmp Mounting tmpfs on /var/log Mounting tmpfs on /var/lib/dhcp Mounting tmpfs on /var/lib/snmp Mounting tmpfs on /var/lib/sudo Create the new utmp file Mount the new utmp file Cleaning /home directory Cleaning /run/user directory Sanitizing /etc/passwd, UID_MIN 1000 Sanitizing /etc/group, GID_MIN 1000 Disable /run/firejail/network Disable /run/firejail/bandwidth Disable /run/firejail/name Disable /run/firejail/x11 Mounting tmpfs on /dev mounting /run/firejail/mnt/dev/snd directory mounting /run/firejail/mnt/dev/dri directory mounting /run/firejail/mnt/dev/nvidia0 file mounting /run/firejail/mnt/dev/nvidiactl file mounting /run/firejail/mnt/dev/nvidia-modeset file Process /dev/shm directory blacklist /run/user/1000/bus Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Remounting /proc and /proc/sys filesystems Remounting /sys directory Disable /sys/firmware Disable /sys/hypervisor Disable /sys/power Disable /sys/kernel/debug Disable /sys/kernel/vmcoreinfo Disable /proc/sys/fs/binfmt_misc Disable /proc/sys/kernel/core_pattern Disable /proc/sys/kernel/modprobe Disable /proc/sysrq-trigger Disable /proc/sys/vm/panic_on_oom Disable /proc/irq Disable /proc/bus Disable /proc/sched_debug Disable /proc/timer_list Disable /proc/kcore Disable /proc/kallsyms Disable /usr/lib/modules (requested /lib/modules) Disable /usr/lib/debug Disable /boot Disable /run/user/1000/gnupg Disable /run/user/1000/systemd Disable /proc/kmsg Debug 398: new_name #/home/x10an14/.cache/mozilla/firefox#, whitelist Debug 504: fname #/home/x10an14/.cache/mozilla/firefox#, cfg.homedir #/home/x10an14# Replaced whitelist path: whitelist /home/x10an14/.cache/mozilla/firefox Debug 398: new_name #/home/x10an14/.mozilla#, whitelist Debug 504: fname #/home/x10an14/.mozilla#, cfg.homedir #/home/x10an14# Replaced whitelist path: whitelist /home/x10an14/.mozilla Directory ${DOWNLOADS} resolved as Downloads Debug 398: new_name #/home/x10an14/Downloads#, whitelist Debug 504: fname #/home/x10an14/Downloads#, cfg.homedir #/home/x10an14# Replaced whitelist path: whitelist /home/x10an14/Downloads Debug 398: new_name #/home/x10an14/.pki#, whitelist Debug 504: fname #/home/x10an14/.pki#, cfg.homedir #/home/x10an14# Replaced whitelist path: whitelist /home/x10an14/.pki Debug 398: new_name #/home/x10an14/.local/share/pki#, whitelist Debug 504: fname #/home/x10an14/.local/share/pki#, cfg.homedir #/home/x10an14# Replaced whitelist path: whitelist /home/x10an14/.local/share/pki Debug 398: new_name #/home/x10an14/.XCompose#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.XCompose expanded: /home/x10an14/.XCompose real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.asoundrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.asoundrc expanded: /home/x10an14/.asoundrc real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.config/ibus#, whitelist Debug 504: fname #/home/x10an14/.config/ibus#, cfg.homedir #/home/x10an14# Replaced whitelist path: whitelist /home/x10an14/.config/ibus Debug 398: new_name #/home/x10an14/.config/mimeapps.list#, whitelist Debug 504: fname #/home/x10an14/.config/mimeapps.list#, cfg.homedir #/home/x10an14# Replaced whitelist path: whitelist /home/x10an14/.config/mimeapps.list Debug 398: new_name #/home/x10an14/.config/pkcs11#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/pkcs11 expanded: /home/x10an14/.config/pkcs11 real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.config/user-dirs.dirs#, whitelist Debug 504: fname #/home/x10an14/.config/user-dirs.dirs#, cfg.homedir #/home/x10an14# Replaced whitelist path: whitelist /home/x10an14/.config/user-dirs.dirs Debug 398: new_name #/home/x10an14/.drirc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.drirc expanded: /home/x10an14/.drirc real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.icons#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.icons expanded: /home/x10an14/.icons real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.local/share/applications#, whitelist Debug 504: fname #/home/x10an14/.local/share/applications#, cfg.homedir #/home/x10an14# Replaced whitelist path: whitelist /home/x10an14/.local/share/applications Debug 398: new_name #/home/x10an14/.local/share/icons#, whitelist Debug 504: fname #/home/x10an14/.local/share/icons#, cfg.homedir #/home/x10an14# Replaced whitelist path: whitelist /home/x10an14/.local/share/icons Debug 398: new_name #/home/x10an14/.local/share/mime#, whitelist Debug 504: fname #/home/x10an14/.local/share/mime#, cfg.homedir #/home/x10an14# Replaced whitelist path: whitelist /home/x10an14/.local/share/mime Debug 398: new_name #/home/x10an14/.mime.types#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.mime.types expanded: /home/x10an14/.mime.types real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.config/dconf#, whitelist Debug 504: fname #/home/x10an14/.config/dconf#, cfg.homedir #/home/x10an14# Replaced whitelist path: whitelist /home/x10an14/.config/dconf Debug 398: new_name #/home/x10an14/.cache/fontconfig#, whitelist Debug 504: fname #/home/x10an14/.cache/fontconfig#, cfg.homedir #/home/x10an14# Replaced whitelist path: whitelist /home/x10an14/.cache/fontconfig Debug 398: new_name #/home/x10an14/.config/fontconfig#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/fontconfig expanded: /home/x10an14/.config/fontconfig real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.fontconfig#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fontconfig expanded: /home/x10an14/.fontconfig real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.fonts#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts expanded: /home/x10an14/.fonts real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.fonts.conf#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf expanded: /home/x10an14/.fonts.conf real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.fonts.conf.d#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf.d expanded: /home/x10an14/.fonts.conf.d real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.fonts.d#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.d expanded: /home/x10an14/.fonts.d real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.local/share/fonts#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/fonts expanded: /home/x10an14/.local/share/fonts real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.pangorc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.pangorc expanded: /home/x10an14/.pangorc real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.config/gtk-2.0#, whitelist Debug 504: fname #/home/x10an14/.config/gtk-2.0#, cfg.homedir #/home/x10an14# Replaced whitelist path: whitelist /home/x10an14/.config/gtk-2.0 Debug 398: new_name #/home/x10an14/.config/gtk-3.0#, whitelist Debug 504: fname #/home/x10an14/.config/gtk-3.0#, cfg.homedir #/home/x10an14# Replaced whitelist path: whitelist /home/x10an14/.config/gtk-3.0 Debug 398: new_name #/home/x10an14/.config/gtkrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc expanded: /home/x10an14/.config/gtkrc real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.config/gtkrc-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc-2.0 expanded: /home/x10an14/.config/gtkrc-2.0 real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.gnome2#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2 expanded: /home/x10an14/.gnome2 real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.gnome2-private#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2-private expanded: /home/x10an14/.gnome2-private real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.gtk-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtk-2.0 expanded: /home/x10an14/.gtk-2.0 real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.gtkrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtkrc expanded: /home/x10an14/.gtkrc real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.gtkrc-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtkrc-2.0 expanded: /home/x10an14/.gtkrc-2.0 real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.kde/share/config/gtkrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc expanded: /home/x10an14/.kde/share/config/gtkrc real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.kde/share/config/gtkrc-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc-2.0 expanded: /home/x10an14/.kde/share/config/gtkrc-2.0 real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.kde4/share/config/gtkrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc expanded: /home/x10an14/.kde4/share/config/gtkrc real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.kde4/share/config/gtkrc-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc-2.0 expanded: /home/x10an14/.kde4/share/config/gtkrc-2.0 real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.local/share/themes#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/themes expanded: /home/x10an14/.local/share/themes real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.themes#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.themes expanded: /home/x10an14/.themes real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.cache/kioexec/krun#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.cache/kioexec/krun expanded: /home/x10an14/.cache/kioexec/krun real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.config/Kvantum#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/Kvantum expanded: /home/x10an14/.config/Kvantum real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.config/Trolltech.conf#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/Trolltech.conf expanded: /home/x10an14/.config/Trolltech.conf real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.config/kdeglobals#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kdeglobals expanded: /home/x10an14/.config/kdeglobals real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.config/kio_httprc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kio_httprc expanded: /home/x10an14/.config/kio_httprc real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.config/kioslaverc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kioslaverc expanded: /home/x10an14/.config/kioslaverc real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.config/ksslcablacklist#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/ksslcablacklist expanded: /home/x10an14/.config/ksslcablacklist real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.config/qt5ct#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/qt5ct expanded: /home/x10an14/.config/qt5ct real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.kde/share/config/kdeglobals#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kdeglobals expanded: /home/x10an14/.kde/share/config/kdeglobals real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.kde/share/config/kio_httprc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kio_httprc expanded: /home/x10an14/.kde/share/config/kio_httprc real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.kde/share/config/kioslaverc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kioslaverc expanded: /home/x10an14/.kde/share/config/kioslaverc real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.kde/share/config/ksslcablacklist#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/ksslcablacklist expanded: /home/x10an14/.kde/share/config/ksslcablacklist real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.kde/share/config/oxygenrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/oxygenrc expanded: /home/x10an14/.kde/share/config/oxygenrc real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.kde/share/icons#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/icons expanded: /home/x10an14/.kde/share/icons real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.kde4/share/config/kdeglobals#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kdeglobals expanded: /home/x10an14/.kde4/share/config/kdeglobals real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.kde4/share/config/kio_httprc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kio_httprc expanded: /home/x10an14/.kde4/share/config/kio_httprc real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.kde4/share/config/kioslaverc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kioslaverc expanded: /home/x10an14/.kde4/share/config/kioslaverc real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.kde4/share/config/ksslcablacklist#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/ksslcablacklist expanded: /home/x10an14/.kde4/share/config/ksslcablacklist real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.kde4/share/config/oxygenrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/oxygenrc expanded: /home/x10an14/.kde4/share/config/oxygenrc real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.kde4/share/icons#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/icons expanded: /home/x10an14/.kde4/share/icons real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.local/share/qt5ct#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/qt5ct expanded: /home/x10an14/.local/share/qt5ct real path: (null) realpath: No such file or directory Debug 398: new_name #/var/lib/dbus#, whitelist Debug 398: new_name #/var/lib/menu-xdg#, whitelist Removed whitelist/nowhitelist path: whitelist /var/lib/menu-xdg expanded: /var/lib/menu-xdg real path: (null) realpath: No such file or directory Debug 398: new_name #/var/cache/fontconfig#, whitelist Debug 398: new_name #/var/tmp#, whitelist Debug 398: new_name #/var/run#, whitelist Replaced whitelist path: whitelist /run Debug 398: new_name #/var/lock#, whitelist Replaced whitelist path: whitelist /run/lock Debug 398: new_name #/tmp/.X11-unix#, whitelist Debug 398: new_name #/tmp/pulse-PKdhtXMmr18n#, whitelist Drop privileges: pid 3, uid 1000, gid 1000, nogroups 0 Supplementary groups: 29 44 Mounting a new /home directory Mounting a new /root directory Create a new user directory Drop privileges: pid 4, uid 1000, gid 1000, nogroups 0 Supplementary groups: 29 44 Drop privileges: pid 5, uid 1000, gid 1000, nogroups 0 Supplementary groups: 29 44 Mounting tmpfs on /tmp directory Mounting tmpfs on /var directory Whitelisting /home/x10an14/.cache/mozilla/firefox 811 679 253:5 /x10an14/.cache/mozilla/firefox /home/x10an14/.cache/mozilla/firefox rw,relatime master:65 - ext4 /dev/mapper/x10--desktop--vg-home rw mountid=811 fsname=/x10an14/.cache/mozilla/firefox dir=/home/x10an14/.cache/mozilla/firefox fstype=ext4 Whitelisting /home/x10an14/.mozilla 812 679 253:5 /x10an14/.mozilla /home/x10an14/.mozilla rw,relatime master:65 - ext4 /dev/mapper/x10--desktop--vg-home rw mountid=812 fsname=/x10an14/.mozilla dir=/home/x10an14/.mozilla fstype=ext4 Whitelisting /home/x10an14/Downloads 813 679 253:5 /x10an14/Downloads /home/x10an14/Downloads rw,relatime master:65 - ext4 /dev/mapper/x10--desktop--vg-home rw mountid=813 fsname=/x10an14/Downloads dir=/home/x10an14/Downloads fstype=ext4 Whitelisting /home/x10an14/.pki 814 679 253:5 /x10an14/.pki /home/x10an14/.pki rw,relatime master:65 - ext4 /dev/mapper/x10--desktop--vg-home rw mountid=814 fsname=/x10an14/.pki dir=/home/x10an14/.pki fstype=ext4 Whitelisting /home/x10an14/.local/share/pki 815 679 253:5 /x10an14/.local/share/pki /home/x10an14/.local/share/pki rw,relatime master:65 - ext4 /dev/mapper/x10--desktop--vg-home rw mountid=815 fsname=/x10an14/.local/share/pki dir=/home/x10an14/.local/share/pki fstype=ext4 Whitelisting /home/x10an14/.config/ibus 816 679 253:5 /x10an14/.config/ibus /home/x10an14/.config/ibus rw,relatime master:65 - ext4 /dev/mapper/x10--desktop--vg-home rw mountid=816 fsname=/x10an14/.config/ibus dir=/home/x10an14/.config/ibus fstype=ext4 Whitelisting /home/x10an14/.config/mimeapps.list 817 679 253:5 /x10an14/.config/mimeapps.list /home/x10an14/.config/mimeapps.list rw,relatime master:65 - ext4 /dev/mapper/x10--desktop--vg-home rw mountid=817 fsname=/x10an14/.config/mimeapps.list dir=/home/x10an14/.config/mimeapps.list fstype=ext4 Whitelisting /home/x10an14/.config/user-dirs.dirs 828 679 253:5 /x10an14/.config/user-dirs.dirs /home/x10an14/.config/user-dirs.dirs rw,relatime master:65 - ext4 /dev/mapper/x10--desktop--vg-home rw mountid=828 fsname=/x10an14/.config/user-dirs.dirs dir=/home/x10an14/.config/user-dirs.dirs fstype=ext4 Whitelisting /home/x10an14/.local/share/applications 847 679 253:5 /x10an14/.local/share/applications /home/x10an14/.local/share/applications rw,relatime master:65 - ext4 /dev/mapper/x10--desktop--vg-home rw mountid=847 fsname=/x10an14/.local/share/applications dir=/home/x10an14/.local/share/applications fstype=ext4 Whitelisting /home/x10an14/.local/share/icons 871 679 253:5 /x10an14/.local/share/icons /home/x10an14/.local/share/icons rw,relatime master:65 - ext4 /dev/mapper/x10--desktop--vg-home rw mountid=871 fsname=/x10an14/.local/share/icons dir=/home/x10an14/.local/share/icons fstype=ext4 Whitelisting /home/x10an14/.local/share/mime 872 679 253:5 /x10an14/.local/share/mime /home/x10an14/.local/share/mime rw,relatime master:65 - ext4 /dev/mapper/x10--desktop--vg-home rw mountid=872 fsname=/x10an14/.local/share/mime dir=/home/x10an14/.local/share/mime fstype=ext4 Whitelisting /home/x10an14/.config/dconf 873 679 253:5 /x10an14/.config/dconf /home/x10an14/.config/dconf rw,relatime master:65 - ext4 /dev/mapper/x10--desktop--vg-home rw mountid=873 fsname=/x10an14/.config/dconf dir=/home/x10an14/.config/dconf fstype=ext4 Whitelisting /home/x10an14/.cache/fontconfig 874 679 253:5 /x10an14/.cache/fontconfig /home/x10an14/.cache/fontconfig rw,relatime master:65 - ext4 /dev/mapper/x10--desktop--vg-home rw mountid=874 fsname=/x10an14/.cache/fontconfig dir=/home/x10an14/.cache/fontconfig fstype=ext4 Whitelisting /home/x10an14/.config/gtk-2.0 875 679 253:5 /x10an14/.config/gtk-2.0 /home/x10an14/.config/gtk-2.0 rw,relatime master:65 - ext4 /dev/mapper/x10--desktop--vg-home rw mountid=875 fsname=/x10an14/.config/gtk-2.0 dir=/home/x10an14/.config/gtk-2.0 fstype=ext4 Whitelisting /home/x10an14/.config/gtk-3.0 876 679 253:5 /x10an14/.config/gtk-3.0 /home/x10an14/.config/gtk-3.0 rw,relatime master:65 - ext4 /dev/mapper/x10--desktop--vg-home rw mountid=876 fsname=/x10an14/.config/gtk-3.0 dir=/home/x10an14/.config/gtk-3.0 fstype=ext4 Whitelisting /var/lib/dbus 877 809 253:2 /lib/dbus /var/lib/dbus ro,nosuid,nodev,noexec,relatime master:63 - ext4 /dev/mapper/x10--desktop--vg-var rw mountid=877 fsname=/lib/dbus dir=/var/lib/dbus fstype=ext4 Whitelisting /var/cache/fontconfig 878 809 253:2 /cache/fontconfig /var/cache/fontconfig ro,nosuid,nodev,noexec,relatime master:63 - ext4 /dev/mapper/x10--desktop--vg-var rw mountid=878 fsname=/cache/fontconfig dir=/var/cache/fontconfig fstype=ext4 Whitelisting /var/tmp 879 809 0:71 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw mountid=879 fsname=/ dir=/var/tmp fstype=tmpfs Created symbolic link /var/run -> /run Created symbolic link /var/lock -> /run/lock Whitelisting /tmp/.X11-unix 880 745 253:4 /.X11-unix /tmp/.X11-unix rw,relatime master:61 - ext4 /dev/mapper/x10--desktop--vg-tmp rw mountid=880 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=ext4 Whitelisting /tmp/pulse-PKdhtXMmr18n 881 745 253:4 /pulse-PKdhtXMmr18n /tmp/pulse-PKdhtXMmr18n rw,relatime master:61 - ext4 /dev/mapper/x10--desktop--vg-tmp rw mountid=881 fsname=/pulse-PKdhtXMmr18n dir=/tmp/pulse-PKdhtXMmr18n fstype=ext4 Disable /etc/X11/Xsession.d Disable /etc/xdg/autostart Mounting read-only /home/x10an14/.Xauthority Disable /run/docker.sock (requested /var/run/docker.sock) Disable /etc/anacrontab Disable /etc/cron.allow Disable /etc/cron.d Disable /etc/cron.hourly Disable /etc/cron.monthly Disable /etc/cron.daily Disable /etc/crontab Disable /etc/cron.weekly Disable /etc/profile.d Disable /etc/rc0.d Disable /etc/rc2.d Disable /etc/rc4.d Disable /etc/rc3.d Disable /etc/rcS.d Disable /etc/rc1.d Disable /etc/rc6.d Disable /etc/rc5.d Disable /etc/kernel Disable /etc/grub.d Disable /etc/dkms Disable /etc/apparmor.d Disable /etc/apparmor Disable /etc/selinux Disable /etc/modules Disable /etc/modules-load.d Disable /etc/logrotate.conf Disable /etc/logrotate.d Disable /etc/adduser.conf Mounting read-only /home/x10an14/.bashrc Mounting read-only /home/x10an14/.local/share/applications Not blacklist /home/x10an14/.pki Not blacklist /home/x10an14/.local/share/pki Disable /etc/group- Disable /etc/gshadow Disable /etc/gshadow- Disable /etc/passwd- Disable /etc/shadow Disable /etc/shadow- Disable /etc/ssh Disable /usr/sbin (requested /sbin) Disable /usr/local/sbin Disable /usr/sbin Disable /usr/bin/chage Disable /usr/bin/chage (requested /bin/chage) Disable /usr/bin/chfn Disable /usr/bin/chfn (requested /bin/chfn) Disable /usr/bin/chsh Disable /usr/bin/chsh (requested /bin/chsh) Disable /usr/bin/crontab Disable /usr/bin/crontab (requested /bin/crontab) Disable /usr/bin/expiry Disable /usr/bin/expiry (requested /bin/expiry) Disable /usr/bin/fusermount Disable /usr/bin/fusermount (requested /bin/fusermount) Disable /usr/bin/gpasswd Disable /usr/bin/gpasswd (requested /bin/gpasswd) Disable /usr/bin/mount Disable /usr/bin/mount (requested /bin/mount) Disable /usr/bin/nc.openbsd (requested /usr/bin/nc) Disable /usr/bin/nc.openbsd (requested /bin/nc) Disable /usr/bin/newgrp Disable /usr/bin/newgrp (requested /bin/newgrp) Disable /usr/bin/ntfs-3g Disable /usr/bin/ntfs-3g (requested /bin/ntfs-3g) Disable /usr/bin/pkexec Disable /usr/bin/pkexec (requested /bin/pkexec) Disable /usr/bin/newgrp (requested /usr/bin/sg) Disable /usr/bin/newgrp (requested /bin/sg) Disable /usr/bin/strace Disable /usr/bin/strace (requested /bin/strace) Disable /usr/bin/su Disable /usr/bin/su (requested /bin/su) Disable /usr/bin/sudo Disable /usr/bin/sudo (requested /bin/sudo) Disable /usr/bin/umount Disable /usr/bin/umount (requested /bin/umount) Disable /usr/bin/xev Disable /usr/bin/xev (requested /bin/xev) Disable /usr/bin/gnome-terminal Disable /usr/bin/gnome-terminal (requested /bin/gnome-terminal) Disable /usr/bin/gnome-terminal.wrapper Disable /usr/bin/gnome-terminal.wrapper (requested /bin/gnome-terminal.wrapper) Disable /usr/share/flatpak Disable /usr/bin/bwrap Disable /usr/bin/bwrap (requested /bin/bwrap) Disable /usr/bin/x86_64-linux-gnu-as (requested /usr/bin/as) Disable /usr/bin/x86_64-linux-gnu-as (requested /bin/as) Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /usr/bin/cc) Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /bin/cc) Disable /usr/bin/x86_64-linux-gnu-c++filt (requested /usr/bin/c++filt) Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /usr/bin/c++) Disable /usr/bin/x86_64-linux-gnu-c++filt (requested /bin/c++filt) Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /bin/c++) Disable /usr/bin/c89-gcc Disable /usr/bin/c89-gcc (requested /usr/bin/c89) Disable /usr/bin/c89-gcc (requested /bin/c89-gcc) Disable /usr/bin/c89-gcc (requested /bin/c89) Disable /usr/bin/c99-gcc (requested /usr/bin/c99) Disable /usr/bin/c99-gcc Disable /usr/bin/c99-gcc (requested /bin/c99) Disable /usr/bin/c99-gcc (requested /bin/c99-gcc) Disable /usr/bin/x86_64-linux-gnu-cpp-8 (requested /usr/bin/cpp) Disable /usr/bin/x86_64-linux-gnu-cpp-8 (requested /usr/bin/cpp-8) Disable /usr/bin/x86_64-linux-gnu-cpp-8 (requested /bin/cpp) Disable /usr/bin/x86_64-linux-gnu-cpp-8 (requested /bin/cpp-8) Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /usr/bin/g++) Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /usr/bin/g++-8) Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /bin/g++) Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /bin/g++-8) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 (requested /usr/bin/gcc-ar-8) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 (requested /usr/bin/gcc-nm-8) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 (requested /usr/bin/gcc-nm) Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /usr/bin/gcc) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 (requested /usr/bin/gcc-ranlib-8) Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /usr/bin/gcc-8) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 (requested /usr/bin/gcc-ranlib) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 (requested /usr/bin/gcc-ar) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 (requested /bin/gcc-ar-8) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 (requested /bin/gcc-nm-8) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 (requested /bin/gcc-nm) Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /bin/gcc) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 (requested /bin/gcc-ranlib-8) Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /bin/gcc-8) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 (requested /bin/gcc-ranlib) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 (requested /bin/gcc-ar) Disable /usr/bin/gdb Disable /usr/bin/gdb (requested /bin/gdb) Disable /usr/bin/x86_64-linux-gnu-ld.bfd (requested /usr/bin/ld) Disable /usr/bin/x86_64-linux-gnu-ld.bfd (requested /bin/ld) Disable /usr/bin/avr-gcc-nm Disable /usr/bin/arm-none-eabi-gcc Disable /usr/bin/arm-none-eabi-gcc-ranlib Disable /usr/bin/c89-gcc Disable /usr/bin/x86_64-linux-gnu-gcc-8 Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 (requested /usr/bin/x86_64-linux-gnu-gcc-nm) Disable /usr/bin/arm-none-eabi-gcc-nm Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 (requested /usr/bin/x86_64-linux-gnu-gcc-ranlib) Disable /usr/bin/avr-gcc-5.4.0 Disable /usr/bin/avr-gcc Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 Disable /usr/bin/avr-gcc-ar Disable /usr/bin/arm-none-eabi-gcc-7.3.1 Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 (requested /usr/bin/x86_64-linux-gnu-gcc-ar) Disable /usr/bin/arm-none-eabi-gcc-ar Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /usr/bin/x86_64-linux-gnu-gcc) Disable /usr/bin/c99-gcc Disable /usr/bin/avr-gcc-ranlib Disable /usr/bin/avr-gcc-nm (requested /bin/avr-gcc-nm) Disable /usr/bin/arm-none-eabi-gcc (requested /bin/arm-none-eabi-gcc) Disable /usr/bin/arm-none-eabi-gcc-ranlib (requested /bin/arm-none-eabi-gcc-ranlib) Disable /usr/bin/c89-gcc (requested /bin/c89-gcc) Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /bin/x86_64-linux-gnu-gcc-8) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 (requested /bin/x86_64-linux-gnu-gcc-nm) Disable /usr/bin/arm-none-eabi-gcc-nm (requested /bin/arm-none-eabi-gcc-nm) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 (requested /bin/x86_64-linux-gnu-gcc-ranlib) Disable /usr/bin/avr-gcc-5.4.0 (requested /bin/avr-gcc-5.4.0) Disable /usr/bin/avr-gcc (requested /bin/avr-gcc) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 (requested /bin/x86_64-linux-gnu-gcc-nm-8) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 (requested /bin/x86_64-linux-gnu-gcc-ar-8) Disable /usr/bin/avr-gcc-ar (requested /bin/avr-gcc-ar) Disable /usr/bin/arm-none-eabi-gcc-7.3.1 (requested /bin/arm-none-eabi-gcc-7.3.1) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 (requested /bin/x86_64-linux-gnu-gcc-ar) Disable /usr/bin/arm-none-eabi-gcc-ar (requested /bin/arm-none-eabi-gcc-ar) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 (requested /bin/x86_64-linux-gnu-gcc-ranlib-8) Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /bin/x86_64-linux-gnu-gcc) Disable /usr/bin/c99-gcc (requested /bin/c99-gcc) Disable /usr/bin/avr-gcc-ranlib (requested /bin/avr-gcc-ranlib) Disable /usr/bin/x86_64-linux-gnu-g++-8 Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /usr/bin/x86_64-linux-gnu-g++) Disable /usr/bin/avr-g++ Disable /usr/bin/arm-none-eabi-g++ Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /bin/x86_64-linux-gnu-g++-8) Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /bin/x86_64-linux-gnu-g++) Disable /usr/bin/avr-g++ (requested /bin/avr-g++) Disable /usr/bin/arm-none-eabi-g++ (requested /bin/arm-none-eabi-g++) Disable /usr/bin/avr-gcc-nm Disable /usr/bin/arm-none-eabi-gcc Disable /usr/bin/arm-none-eabi-gcc-ranlib Disable /usr/bin/c89-gcc Disable /usr/bin/x86_64-linux-gnu-gcc-8 Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 (requested /usr/bin/x86_64-linux-gnu-gcc-nm) Disable /usr/bin/arm-none-eabi-gcc-nm Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 (requested /usr/bin/x86_64-linux-gnu-gcc-ranlib) Disable /usr/bin/avr-gcc-5.4.0 Disable /usr/bin/avr-gcc Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 Disable /usr/bin/avr-gcc-ar Disable /usr/bin/arm-none-eabi-gcc-7.3.1 Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 (requested /usr/bin/x86_64-linux-gnu-gcc-ar) Disable /usr/bin/arm-none-eabi-gcc-ar Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /usr/bin/x86_64-linux-gnu-gcc) Disable /usr/bin/c99-gcc Disable /usr/bin/avr-gcc-ranlib Disable /usr/bin/avr-gcc-nm (requested /bin/avr-gcc-nm) Disable /usr/bin/arm-none-eabi-gcc (requested /bin/arm-none-eabi-gcc) Disable /usr/bin/arm-none-eabi-gcc-ranlib (requested /bin/arm-none-eabi-gcc-ranlib) Disable /usr/bin/c89-gcc (requested /bin/c89-gcc) Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /bin/x86_64-linux-gnu-gcc-8) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 (requested /bin/x86_64-linux-gnu-gcc-nm) Disable /usr/bin/arm-none-eabi-gcc-nm (requested /bin/arm-none-eabi-gcc-nm) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 (requested /bin/x86_64-linux-gnu-gcc-ranlib) Disable /usr/bin/avr-gcc-5.4.0 (requested /bin/avr-gcc-5.4.0) Disable /usr/bin/avr-gcc (requested /bin/avr-gcc) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 (requested /bin/x86_64-linux-gnu-gcc-nm-8) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 (requested /bin/x86_64-linux-gnu-gcc-ar-8) Disable /usr/bin/avr-gcc-ar (requested /bin/avr-gcc-ar) Disable /usr/bin/arm-none-eabi-gcc-7.3.1 (requested /bin/arm-none-eabi-gcc-7.3.1) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 (requested /bin/x86_64-linux-gnu-gcc-ar) Disable /usr/bin/arm-none-eabi-gcc-ar (requested /bin/arm-none-eabi-gcc-ar) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 (requested /bin/x86_64-linux-gnu-gcc-ranlib-8) Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /bin/x86_64-linux-gnu-gcc) Disable /usr/bin/c99-gcc (requested /bin/c99-gcc) Disable /usr/bin/avr-gcc-ranlib (requested /bin/avr-gcc-ranlib) Disable /usr/bin/x86_64-linux-gnu-g++-8 Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /usr/bin/x86_64-linux-gnu-g++) Disable /usr/bin/avr-g++ Disable /usr/bin/arm-none-eabi-g++ Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /bin/x86_64-linux-gnu-g++-8) Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /bin/x86_64-linux-gnu-g++) Disable /usr/bin/avr-g++ (requested /bin/avr-g++) Disable /usr/bin/arm-none-eabi-g++ (requested /bin/arm-none-eabi-g++) Disable /usr/include Disable /usr/local/go/bin/go Disable /usr/local/go/bin/gofmt Disable /usr/share/java Disable /usr/bin/openssl Disable /usr/bin/openssl (requested /bin/openssl) Disable /usr/lib/valgrind Disable /usr/share/texlive/texmf-dist/scripts/luaotfload/luaotfload-tool.lua (requested /usr/bin/luaotfload-tool) Disable /usr/bin/luatex53 Disable /usr/bin/luatex (requested /usr/bin/lualatex) Disable /usr/bin/luatex Disable /usr/share/texlive/texmf-dist/scripts/lua2dox/lua2dox_filter (requested /usr/bin/lua2dox_filter) Disable /usr/bin/luajittex Disable /usr/bin/luatools Disable /usr/share/texlive/texmf-dist/scripts/luaotfload/luaotfload-tool.lua (requested /bin/luaotfload-tool) Disable /usr/bin/luatex53 (requested /bin/luatex53) Disable /usr/bin/luatex (requested /bin/lualatex) Disable /usr/bin/luatex (requested /bin/luatex) Disable /usr/share/texlive/texmf-dist/scripts/lua2dox/lua2dox_filter (requested /bin/lua2dox_filter) Disable /usr/bin/luajittex (requested /bin/luajittex) Disable /usr/bin/luatools (requested /bin/luatools) Disable /usr/share/lua Disable /usr/bin/node Disable /usr/bin/node (requested /bin/node) Disable /usr/bin/cpan5.28-x86_64-linux-gnu Disable /usr/bin/cpan5.28-i386-linux-gnu Disable /usr/bin/cpan Disable /usr/bin/cpan5.28-x86_64-linux-gnu (requested /bin/cpan5.28-x86_64-linux-gnu) Disable /usr/bin/cpan5.28-i386-linux-gnu (requested /bin/cpan5.28-i386-linux-gnu) Disable /usr/bin/cpan (requested /bin/cpan) Disable /usr/bin/perl Disable /usr/bin/perl (requested /bin/perl) Disable /usr/share/perl Disable /usr/share/perl-openssl-defaults Disable /usr/share/perl5 Disable /usr/bin/ruby2.5 (requested /usr/bin/ruby) Disable /usr/bin/ruby2.5 (requested /bin/ruby) Disable /usr/lib/ruby Disable /usr/bin/python2-pasteurize Disable /usr/bin/python2.7 Disable /usr/bin/python2.7 (requested /usr/bin/python2) Disable /usr/bin/python2-futurize Disable /usr/bin/python2-pasteurize (requested /bin/python2-pasteurize) Disable /usr/bin/python2.7 (requested /bin/python2.7) Disable /usr/bin/python2.7 (requested /bin/python2) Disable /usr/bin/python2-futurize (requested /bin/python2-futurize) Disable /usr/lib/python2.6 Disable /usr/lib/python2.7 Disable /usr/local/lib/python2.7 Disable /usr/bin/x86_64-linux-gnu-python3.7m-config (requested /usr/bin/python3.7-config) Disable /usr/bin/python3.7m (requested /usr/bin/python3m) Disable /usr/bin/python3.7m Disable /usr/bin/x86_64-linux-gnu-python3.7m-config (requested /usr/bin/python3-config) Disable /usr/bin/x86_64-linux-gnu-python3.7m-config (requested /usr/bin/python3m-config) Disable /usr/bin/x86_64-linux-gnu-python3.7m-config (requested /usr/bin/python3.7m-config) Disable /usr/bin/python3.7 Disable /usr/bin/python3.7 (requested /usr/bin/python3) Disable /usr/bin/x86_64-linux-gnu-python3.7m-config (requested /bin/python3.7-config) Disable /usr/bin/python3.7m (requested /bin/python3m) Disable /usr/bin/python3.7m (requested /bin/python3.7m) Disable /usr/bin/x86_64-linux-gnu-python3.7m-config (requested /bin/python3-config) Disable /usr/bin/x86_64-linux-gnu-python3.7m-config (requested /bin/python3m-config) Disable /usr/bin/x86_64-linux-gnu-python3.7m-config (requested /bin/python3.7m-config) Disable /usr/bin/python3.7 (requested /bin/python3.7) Disable /usr/bin/python3.7 (requested /bin/python3) Disable /usr/lib/python3.7 Disable /usr/lib/python3 Disable /usr/local/lib/python3.7 Disable /usr/share/python3 Not blacklist /home/x10an14/.mozilla Not blacklist /home/x10an14/.cache/mozilla Mounting read-only /home/x10an14/.config/user-dirs.dirs Mounting noexec /tmp Mounting noexec /tmp/.X11-unix Mounting noexec /tmp/pulse-PKdhtXMmr18n Disable /sys/fs Disable /sys/module Disable /mnt Disable /media Disable /run/mount Mounting noexec /run/firejail/mnt/pulse Creating empty /home/x10an14/.config/pulse directory Drop privileges: pid 6, uid 1000, gid 1000, nogroups 0 Supplementary groups: 29 44 1514 679 0:48 /pulse /home/x10an14/.config/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755 mountid=1514 fsname=/pulse dir=/home/x10an14/.config/pulse fstype=tmpfs blacklist /dev/dvb blacklist /dev/sr0 blacklist /dev/hidraw0 blacklist /dev/hidraw1 blacklist /dev/hidraw2 blacklist /dev/hidraw3 blacklist /dev/hidraw4 blacklist /dev/hidraw5 blacklist /dev/hidraw6 blacklist /dev/hidraw7 blacklist /dev/hidraw8 blacklist /dev/hidraw9 blacklist /dev/usb Create the new ld.so.preload file Post-exec seccomp protector enabled Mount the new ld.so.preload file Current directory: /home/x10an14 DISPLAY=:0 parsed as 0 Install protocol filter: unix,inet,inet6,netlink configuring 16 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol (null) Dropping all capabilities Drop privileges: pid 7, uid 1000, gid 1000, nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 15 01 00 00000029 jeq socket 0006 (false 0005) 0005: 06 00 00 7fff0000 ret ALLOW 0006: 20 00 00 00000010 ld data.args[0] 0007: 15 00 01 00000001 jeq 1 0008 (false 0009) 0008: 06 00 00 7fff0000 ret ALLOW 0009: 15 00 01 00000002 jeq 2 000a (false 000b) 000a: 06 00 00 7fff0000 ret ALLOW 000b: 15 00 01 0000000a jeq a 000c (false 000d) 000c: 06 00 00 7fff0000 ret ALLOW 000d: 15 00 01 00000010 jeq 10 000e (false 000f) 000e: 06 00 00 7fff0000 ret ALLOW 000f: 06 00 00 0005005f ret ERRNO(95) Build drop seccomp filter sbox run: /run/firejail/lib/fseccomp drop /run/firejail/mnt/seccomp/seccomp /run/firejail/mnt/seccomp/seccomp.postexec @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice (null) Dropping all capabilities Drop privileges: pid 8, uid 1000, gid 1000, nogroups 1 No supplementary groups Seccomp list in: @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice, check list: @default-keep, prelist: adjtimex,clock_adjtime,clock_settime,settimeofday,modify_ldt,lookup_dcookie,perf_event_open,process_vm_writev,delete_module,finit_module,init_module,_sysctl,afs_syscall,create_module,get_kernel_syms,getpmsg,putpmsg,query_module,security,sysfs,tuxcall,uselib,ustat,vserver,ioperm,iopl,kexec_load,kexec_file_load,reboot,set_mempolicy,migrate_pages,move_pages,mbind,swapon,swapoff,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount2,userfaultfd,vhangup,vmsplice, sbox run: /run/firejail/lib/fsec-optimize /run/firejail/mnt/seccomp/seccomp (null) Dropping all capabilities Drop privileges: pid 9, uid 1000, gid 1000, nogroups 1 No supplementary groups configuring 73 seccomp entries in /run/firejail/mnt/seccomp/seccomp sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp (null) Dropping all capabilities Drop privileges: pid 10, uid 1000, gid 1000, nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005) 0005: 35 01 00 00000000 jge read 0007 (false 0006) 0006: 06 00 00 00050001 ret ERRNO(1) 0007: 15 40 00 0000009f jeq adjtimex 0048 (false 0008) 0008: 15 3f 00 00000131 jeq clock_adjtime 0048 (false 0009) 0009: 15 3e 00 000000e3 jeq clock_settime 0048 (false 000a) 000a: 15 3d 00 000000a4 jeq settimeofday 0048 (false 000b) 000b: 15 3c 00 0000009a jeq modify_ldt 0048 (false 000c) 000c: 15 3b 00 000000d4 jeq lookup_dcookie 0048 (false 000d) 000d: 15 3a 00 0000012a jeq perf_event_open 0048 (false 000e) 000e: 15 39 00 00000137 jeq process_vm_writev 0048 (false 000f) 000f: 15 38 00 000000b0 jeq delete_module 0048 (false 0010) 0010: 15 37 00 00000139 jeq finit_module 0048 (false 0011) 0011: 15 36 00 000000af jeq init_module 0048 (false 0012) 0012: 15 35 00 0000009c jeq _sysctl 0048 (false 0013) 0013: 15 34 00 000000b7 jeq afs_syscall 0048 (false 0014) 0014: 15 33 00 000000ae jeq create_module 0048 (false 0015) 0015: 15 32 00 000000b1 jeq get_kernel_syms 0048 (false 0016) 0016: 15 31 00 000000b5 jeq getpmsg 0048 (false 0017) 0017: 15 30 00 000000b6 jeq putpmsg 0048 (false 0018) 0018: 15 2f 00 000000b2 jeq query_module 0048 (false 0019) 0019: 15 2e 00 000000b9 jeq security 0048 (false 001a) 001a: 15 2d 00 0000008b jeq sysfs 0048 (false 001b) 001b: 15 2c 00 000000b8 jeq tuxcall 0048 (false 001c) 001c: 15 2b 00 00000086 jeq uselib 0048 (false 001d) 001d: 15 2a 00 00000088 jeq ustat 0048 (false 001e) 001e: 15 29 00 000000ec jeq vserver 0048 (false 001f) 001f: 15 28 00 000000ad jeq ioperm 0048 (false 0020) 0020: 15 27 00 000000ac jeq iopl 0048 (false 0021) 0021: 15 26 00 000000f6 jeq kexec_load 0048 (false 0022) 0022: 15 25 00 00000140 jeq kexec_file_load 0048 (false 0023) 0023: 15 24 00 000000a9 jeq reboot 0048 (false 0024) 0024: 15 23 00 000000ee jeq set_mempolicy 0048 (false 0025) 0025: 15 22 00 00000100 jeq migrate_pages 0048 (false 0026) 0026: 15 21 00 00000117 jeq move_pages 0048 (false 0027) 0027: 15 20 00 000000ed jeq mbind 0048 (false 0028) 0028: 15 1f 00 000000a7 jeq swapon 0048 (false 0029) 0029: 15 1e 00 000000a8 jeq swapoff 0048 (false 002a) 002a: 15 1d 00 000000a3 jeq acct 0048 (false 002b) 002b: 15 1c 00 000000f8 jeq add_key 0048 (false 002c) 002c: 15 1b 00 00000141 jeq bpf 0048 (false 002d) 002d: 15 1a 00 0000012c jeq fanotify_init 0048 (false 002e) 002e: 15 19 00 000000d2 jeq io_cancel 0048 (false 002f) 002f: 15 18 00 000000cf jeq io_destroy 0048 (false 0030) 0030: 15 17 00 000000d0 jeq io_getevents 0048 (false 0031) 0031: 15 16 00 000000ce jeq io_setup 0048 (false 0032) 0032: 15 15 00 000000d1 jeq io_submit 0048 (false 0033) 0033: 15 14 00 000000fb jeq ioprio_set 0048 (false 0034) 0034: 15 13 00 00000138 jeq kcmp 0048 (false 0035) 0035: 15 12 00 000000fa jeq keyctl 0048 (false 0036) 0036: 15 11 00 000000a5 jeq mount 0048 (false 0037) 0037: 15 10 00 0000012f jeq name_to_handle_at 0048 (false 0038) 0038: 15 0f 00 000000b4 jeq nfsservctl 0048 (false 0039) 0039: 15 0e 00 00000130 jeq open_by_handle_at 0048 (false 003a) 003a: 15 0d 00 00000087 jeq personality 0048 (false 003b) 003b: 15 0c 00 0000009b jeq pivot_root 0048 (false 003c) 003c: 15 0b 00 00000136 jeq process_vm_readv 0048 (false 003d) 003d: 15 0a 00 00000065 jeq ptrace 0048 (false 003e) 003e: 15 09 00 000000d8 jeq remap_file_pages 0048 (false 003f) 003f: 15 08 00 000000f9 jeq request_key 0048 (false 0040) 0040: 15 07 00 000000ab jeq setdomainname 0048 (false 0041) 0041: 15 06 00 000000aa jeq sethostname 0048 (false 0042) 0042: 15 05 00 00000067 jeq syslog 0048 (false 0043) 0043: 15 04 00 000000a6 jeq umount2 0048 (false 0044) 0044: 15 03 00 00000143 jeq userfaultfd 0048 (false 0045) 0045: 15 02 00 00000099 jeq vhangup 0048 (false 0046) 0046: 15 01 00 00000116 jeq vmsplice 0048 (false 0047) 0047: 06 00 00 7fff0000 ret ALLOW 0048: 06 00 00 00000000 ret KILL seccomp filter configured Mounting read-only /run/firejail/mnt/seccomp Dropping all capabilities noroot user namespace installed Dropping all capabilities NO_NEW_PRIVS set Drop privileges: pid 1, uid 1000, gid 1000, nogroups 1 No supplementary groups AppArmor enabled starting application LD_PRELOAD=(null) execvp argument 0: firefox Child process initialized in 175.54 ms Searching $PATH for firefox trying #/home/x10an14/.sdkman/candidates/maven/current/bin/firefox# trying #/home/x10an14/.sdkman/candidates/java/current/bin/firefox# trying #/usr/lib/google-cloud-sdk/bin/firefox# trying #/home/x10an14/Documents/github/pyenv/shims/firefox# trying #/home/x10an14/Documents/github/pyenv/bin/firefox# trying #/home/x10an14/.volta//bin/firefox# trying #/home/x10an14/.cargo/bin/firefox# trying #/home/x10an14/.cargo/bin/firefox# trying #/home/x10an14/.dotnet/tools/firefox# trying #/home/x10an14/.kubectx/firefox# trying #/home/x10an14/.local/bin/firefox# trying #/usr/local/bin/firefox# trying #/usr/bin/firefox# trying #/bin/firefox# trying #/usr/local/games/firefox# trying #/usr/games/firefox# trying #/usr/local/go/bin/firefox# trying #/home/x10an14/go/bin/firefox# trying #/usr/sbin/firefox# Installing /run/firejail/mnt/seccomp/seccomp seccomp filter Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter Error: no suitable firefox executable found monitoring pid 11 Sandbox monitor: waitpid 11 retval 11 status 256 Parent is shutting down, bye... [2020-12-31 13:35:44] 1 x10an14@x10-desktop:~ -> $ ```

[rusty-snake]

Does firejail --ignore=disable-mnt firefox work?

[x10an14]

Does firejail --ignore=disable-mnt firefox work?

[2020-12-31 14:38:03] 1 x10an14@x10-desktop:~
-> $ firejail --ignore=disable-mnt firefox 
Reading profile /etc/firejail/firefox.profile
Reading profile /etc/firejail/firefox-common.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Warning: networking feature is disabled in Firejail configuration file
Parent pid 23477, child pid 23478
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Post-exec seccomp protector enabled
Seccomp list in: @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice, check list: @default-keep, prelist: adjtimex,clock_adjtime,clock_settime,settimeofday,modify_ldt,lookup_dcookie,perf_event_open,process_vm_writev,delete_module,finit_module,init_module,_sysctl,afs_syscall,create_module,get_kernel_syms,getpmsg,putpmsg,query_module,security,sysfs,tuxcall,uselib,ustat,vserver,ioperm,iopl,kexec_load,kexec_file_load,reboot,set_mempolicy,migrate_pages,move_pages,mbind,swapon,swapoff,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount2,userfaultfd,vhangup,vmsplice,
Child process initialized in 195.10 ms
Exec failed with error: Permission denied

Parent is shutting down, bye...
[2020-12-31 14:38:53] 255 x10an14@x10-desktop:~
-> $ 

Nope... =( But changed the error message though. It is correct that /opt resides on a different mountpoint than /{,home/}, though.

[rusty-snake]

It is correct that /opt resides on a different mountpoint than /{,home/}, though.

The problem isn't that is has an other partition/mount, the problem is that is seems to be mounted at /mnt which is blacklisted by disable-mnt. If your setup allows you to mount it somewhere else, you can keep ´disable-mnt`.

Exec failed with error: Permission denied

Maybe AA makes it noexec. Try firejail --ignore=disable-mnt --ignore=apparmor firefox.

[Micha-Btz]

I have this too and I think the problem is, that it is only a link in ~ ✦ ❯ ls -lha /usr/bin/firefox lrwxrwxrwx 1 root root 22 18. Dez 02:09 /usr/bin/firefox -> ../lib/firefox/firefox

mdomann in sysiphus in ~ ✦ ❯ firejail --ignore=disable-mnt --ignore=apparmor firefox
Reading profile /etc/firejail/firefox.profile
Reading profile /home/mdomann/.config/firejail/firefox.local
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/firefox-common.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Warning: networking feature is disabled in Firejail configuration file
Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
Parent pid 37947, child pid 37950
1 program installed in 0.73 ms
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
Child process initialized in 66.83 ms
Error: no suitable firefox executable found

Parent is shutting down, bye...

firejail --profile=/etc/firejail/firefox.profile /usr/lib/firefox/firefox works

[thiswillbeyourgithub]

I don't know if my issue is related to this here but I had similar issues that got solved by finding all the firefox executable and figuring out which one was not owned by root.

I think I had one in /usr/bin/firefox and one in /usr/local/bin/firefox

I have no idea how that happenned but suddenly in the last week I had issues with firejail because of this. I have no idea what happenned so I installed the latest firejail version then checked out all the executables of firefox by hand.

Useful commands are type -a firefox and locate firefox | grep bin

[Micha-Btz]

/usr/local/bin/firefox is a link to the firejail binary created by the install. So that firefox should always run in firejail.

[x10an14]

Maybe AA makes it noexec. Try firejail --ignore=disable-mnt --ignore=apparmor firefox.

@rusty-snake was on-point, the --ignore=apparmor lets my Firefox start. Is there some way of getting better error reports from firejail (as opposed to have to manually test/remove/add flags) to figure out exactly what stops the app from running?

But since it's apparmor (which is not activated for some reason when running without firejail) I guess that means we can close this issue =)

(Any hints/tips to properly debug apparmor would be much appreciated)!

[rusty-snake]

(Any hints/tips to properly debug apparmor would be much appreciated)!

@Vincent43 knows what to add to firejail-local in order to allow exec from /mnt.

PS: You can also create a firefox.local with ignore disable-mnt and ignore apparmor.

[x10an14]

PS: You can also create a firefox.local with ignore disable-mnt and ignore apparmor.

Is this firejail or apparmor specific?

[rusty-snake]

firejail

Example: mkdir ~/.config/firejail && echo "ignore apparmor" >> ~/.config/firejail/firefox.local && echo "ignore disable-mnt" >> ~/.config/firejail/firefox.local

[Vincent43]

You can add /mnt/** ix, line to /etc/apparmor.d/local/firejail-default then restart apparmor or reboot system.

For debugging apparmor stuff (not only for firejail) you may inspect journalctl, i.e. journalctl --grep=DENIED

[Micha-Btz]

@rusty-snake please reopen. the solution above doesn't work for me. Since programs like keepass try to load firefox and get stuck with no executable found.

debug output

``` mdomann in sysiphus in ~ ✦ ❯ firejail --ignore=disable-mnt --ignore=apparmor --debug --profile=/etc/firejail/firefox.profile firefox Reading profile /etc/firejail/firefox.profile Found firefox.local profile in /home/mdomann/.config/firejail directory Reading profile /home/mdomann/.config/firejail/firefox.local Found whitelist-usr-share-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-usr-share-common.inc Found firefox-common.profile profile in /etc/firejail directory Reading profile /etc/firejail/firefox-common.profile Found disable-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-common.inc Found disable-devel.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-devel.inc Found disable-exec.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-exec.inc Found disable-interpreters.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-interpreters.inc Found disable-programs.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-programs.inc Found whitelist-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-common.inc Found whitelist-runuser-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-runuser-common.inc Found whitelist-var-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-var-common.inc Warning: networking feature is disabled in Firejail configuration file conditional BROWSER_DISABLE_U2F, nou2f conditional BROWSER_DISABLE_U2F, private-dev Building quoted command line: 'firefox' Command name #firefox# Seccomp list in: !chroot, check list: @default-keep, prelist: unknown, DISPLAY=:0.0 parsed as 0 xdg-dbus-proxy arg: unix:path=/run/user/1000/bus xdg-dbus-proxy arg: /run/firejail/dbus/1000/39679-user xdg-dbus-proxy arg: --filter xdg-dbus-proxy arg: --own=org.mozilla.Firefox.* xdg-dbus-proxy arg: --own=org.mozilla.firefox.* xdg-dbus-proxy arg: --own=org.mpris.MediaPlayer2.firefox.* starting xdg-dbus-proxy sbox exec: /usr/bin/xdg-dbus-proxy --fd=8 --args=9 Dropping all capabilities Drop privileges: pid 39680, uid 1000, gid 1000, nogroups 1 No supplementary groups xdg-dbus-proxy initialized Using the local network stack Parent pid 39679, child pid 39682 Initializing child process Host network configured PID namespace installed Mounting tmpfs on /run/firejail/mnt directory Creating empty /run/firejail/mnt/seccomp directory Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file IBUS_ADDRESS=unix:abstract=/tmp/dbus-CYJC5voC,guid=a6451e14c78acb445f6f3ba95be30fb8 IBUS_DAEMON_PID=2522 Build protocol filter: unix,inet,inet6,netlink sbox run: /run/firejail/lib/fseccomp protocol build unix,inet,inet6,netlink /run/firejail/mnt/seccomp/seccomp.protocol Dropping all capabilities Drop privileges: pid 2, uid 1000, gid 1000, nogroups 1 No supplementary groups Mounting /proc filesystem representing the PID namespace Basic read-only filesystem: Mounting read-only /etc 1374 1183 0:24 /rootfs/etc /etc ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=284,subvol=/rootfs/etc mountid=1374 fsname=/rootfs/etc dir=/etc fstype=btrfs Mounting noexec /etc 1375 1374 0:24 /rootfs/etc /etc ro,nosuid,nodev,noexec,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=284,subvol=/rootfs/etc mountid=1375 fsname=/rootfs/etc dir=/etc fstype=btrfs Mounting read-only /var 1377 1376 0:41 / /var/tmp rw,relatime master:24 - tmpfs tmpfs rw,size=524288k mountid=1377 fsname=/ dir=/var/tmp fstype=tmpfs Mounting read-only /var/tmp 1378 1377 0:41 / /var/tmp ro,relatime master:24 - tmpfs tmpfs rw,size=524288k mountid=1378 fsname=/ dir=/var/tmp fstype=tmpfs Mounting noexec /var 1381 1380 0:41 / /var/tmp ro,relatime master:24 - tmpfs tmpfs rw,size=524288k mountid=1381 fsname=/ dir=/var/tmp fstype=tmpfs Mounting noexec /var/tmp 1382 1381 0:41 / /var/tmp ro,nosuid,nodev,noexec,relatime master:24 - tmpfs tmpfs rw,size=524288k mountid=1382 fsname=/ dir=/var/tmp fstype=tmpfs Mounting read-only /usr 1383 1183 0:24 /rootfs/usr /usr ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1383 fsname=/rootfs/usr dir=/usr fstype=btrfs Mounting read-only /bin 1384 1183 0:24 /rootfs/bin /bin ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1384 fsname=/rootfs/bin dir=/bin fstype=btrfs Mounting read-only /sbin 1385 1183 0:24 /rootfs/sbin /sbin ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1385 fsname=/rootfs/sbin dir=/sbin fstype=btrfs Mounting read-only /lib 1386 1183 0:24 /rootfs/lib /lib ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1386 fsname=/rootfs/lib dir=/lib fstype=btrfs Mounting read-only /lib64 1387 1183 0:24 /rootfs/lib64 /lib64 ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1387 fsname=/rootfs/lib64 dir=/lib64 fstype=btrfs Mounting read-only /lib32 1388 1183 0:24 /rootfs/lib32 /lib32 ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1388 fsname=/rootfs/lib32 dir=/lib32 fstype=btrfs Mounting read-only /libx32 1389 1183 0:24 /rootfs/libx32 /libx32 ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1389 fsname=/rootfs/libx32 dir=/libx32 fstype=btrfs Mounting tmpfs on /var/lock Mounting tmpfs on /var/tmp Mounting tmpfs on /var/log Mounting tmpfs on /var/lib/dhcp Mounting tmpfs on /var/lib/snmp Mounting tmpfs on /var/lib/sudo Mounting tmpfs on /var/cache/apache2 Create the new utmp file Mount the new utmp file Cleaning /home directory Cleaning /run/user directory Sanitizing /etc/passwd, UID_MIN 1000 Sanitizing /etc/group, GID_MIN 1000 Disable /home/mdomann/.config/firejail Disable /run/firejail/network Disable /run/firejail/bandwidth Disable /run/firejail/name Disable /run/firejail/profile Disable /run/firejail/x11 Mounting tmpfs on /dev mounting /run/firejail/mnt/dev/snd directory mounting /run/firejail/mnt/dev/dri directory Process /dev/shm directory Copying files in the new bin directory Checking /usr/local/bin/keepassxc-proxy Checking /usr/bin/keepassxc-proxy sbox run: /run/firejail/lib/fcopy /usr/bin/keepassxc-proxy /run/firejail/mnt/bin Mount-bind /run/firejail/mnt/bin on top of /usr/local/bin Mount-bind /run/firejail/mnt/bin on top of /usr/bin Mount-bind /run/firejail/mnt/bin on top of /bin Mount-bind /run/firejail/mnt/bin on top of /usr/games Mount-bind /run/firejail/mnt/bin on top of /usr/local/games Mount-bind /run/firejail/mnt/bin on top of /usr/local/sbin Mount-bind /run/firejail/mnt/bin on top of /usr/sbin Mount-bind /run/firejail/mnt/bin on top of /sbin 1 program installed in 0.85 ms Generate private-tmp whitelist commands Creating empty /run/firejail/mnt/dbus directory Creating empty /run/firejail/mnt/dbus/user file blacklist /run/user/1000/bus blacklist /home/mdomann/.dbus Creating empty /run/firejail/mnt/dbus/system file blacklist /run/dbus/system_bus_socket blacklist /run/firejail/dbus Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Mounting read-only /proc/sys Remounting /sys directory Disable /sys/firmware Disable /sys/hypervisor Disable /sys/power Disable /sys/kernel/debug Disable /sys/kernel/vmcoreinfo Disable /proc/sys/fs/binfmt_misc Disable /proc/sys/kernel/core_pattern Disable /proc/sys/kernel/modprobe Disable /proc/sysrq-trigger Disable /proc/sys/vm/panic_on_oom Disable /proc/irq Disable /proc/bus Disable /proc/sched_debug Disable /proc/timer_list Disable /proc/kcore Disable /proc/kallsyms Disable /lib/modules Disable /usr/lib/debug Disable /boot Disable /run/user/1000/gnupg Disable /run/user/1000/systemd Disable /proc/kmsg Debug 456: new_name #/home/mdomann/dateien/Publii#, whitelist Debug 571: fname #/home/mdomann/dateien/Publii#, cfg.homedir #/home/mdomann# Replaced whitelist path: whitelist /home/mdomann/dateien/Publii Debug 456: new_name #/home/mdomann/dateien/Publii#, whitelist Debug 571: fname #/home/mdomann/dateien/Publii#, cfg.homedir #/home/mdomann# Replaced whitelist path: whitelist /home/mdomann/dateien/Publii Debug 456: new_name #/home/mdomann/source/dotfiles/firefox#, whitelist Debug 571: fname #/home/mdomann/source/dotfiles/firefox#, cfg.homedir #/home/mdomann# Replaced whitelist path: whitelist /home/mdomann/source/dotfiles/firefox Debug 456: new_name #/home/mdomann/.cache/mozilla/firefox#, whitelist Debug 571: fname #/home/mdomann/.cache/mozilla/firefox#, cfg.homedir #/home/mdomann# Replaced whitelist path: whitelist /home/mdomann/.cache/mozilla/firefox Debug 456: new_name #/home/mdomann/.mozilla#, whitelist Debug 571: fname #/home/mdomann/.mozilla#, cfg.homedir #/home/mdomann# Replaced whitelist path: whitelist /home/mdomann/.mozilla Debug 456: new_name #/usr/share/doc#, whitelist Debug 456: new_name #/usr/share/firefox#, whitelist Debug 456: new_name #/usr/share/gnome-shell/search-providers/firefox-search-provider.ini#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/gnome-shell/search-providers/firefox-search-provider.ini expanded: /usr/share/gnome-shell/search-providers/firefox-search-provider.ini real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/gtk-doc/html#, whitelist Debug 456: new_name #/usr/share/mozilla#, whitelist Debug 456: new_name #/usr/share/webext#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/webext expanded: /usr/share/webext real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/alsa#, whitelist Debug 456: new_name #/usr/share/applications#, whitelist Debug 456: new_name #/usr/share/ca-certificates#, whitelist Debug 456: new_name #/usr/share/crypto-policies#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/crypto-policies expanded: /usr/share/crypto-policies real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/cursors#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/cursors expanded: /usr/share/cursors real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/dconf#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/dconf expanded: /usr/share/dconf real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/distro-info#, whitelist Debug 456: new_name #/usr/share/drirc.d#, whitelist Debug 456: new_name #/usr/share/enchant#, whitelist Debug 456: new_name #/usr/share/enchant-2#, whitelist Debug 456: new_name #/usr/share/file#, whitelist Debug 456: new_name #/usr/share/fontconfig#, whitelist Debug 456: new_name #/usr/share/fonts#, whitelist Debug 456: new_name #/usr/share/gir-1.0#, whitelist Debug 456: new_name #/usr/share/gjs-1.0#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/gjs-1.0 expanded: /usr/share/gjs-1.0 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/glib-2.0#, whitelist Debug 456: new_name #/usr/share/glvnd#, whitelist Debug 456: new_name #/usr/share/gtk-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/gtk-2.0 expanded: /usr/share/gtk-2.0 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/gtk-3.0#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/gtk-3.0 expanded: /usr/share/gtk-3.0 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/gtk-engines#, whitelist Debug 456: new_name #/usr/share/gtksourceview-3.0#, whitelist Debug 456: new_name #/usr/share/gtksourceview-4#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/gtksourceview-4 expanded: /usr/share/gtksourceview-4 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/hunspell#, whitelist Debug 456: new_name #/usr/share/hwdata#, whitelist Debug 456: new_name #/usr/share/icons#, whitelist Debug 456: new_name #/usr/share/icu#, whitelist Debug 456: new_name #/usr/share/knotifications5#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/knotifications5 expanded: /usr/share/knotifications5 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/kservices5#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/kservices5 expanded: /usr/share/kservices5 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/Kvantum#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/Kvantum expanded: /usr/share/Kvantum real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/kxmlgui5#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/kxmlgui5 expanded: /usr/share/kxmlgui5 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/libdrm#, whitelist Debug 456: new_name #/usr/share/libthai#, whitelist Debug 456: new_name #/usr/share/locale#, whitelist Debug 456: new_name #/usr/share/mime#, whitelist Debug 456: new_name #/usr/share/misc#, whitelist Debug 456: new_name #/usr/share/Modules#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/Modules expanded: /usr/share/Modules real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/myspell#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/myspell expanded: /usr/share/myspell real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/p11-kit#, whitelist Debug 456: new_name #/usr/share/perl#, whitelist Debug 456: new_name #/usr/share/perl5#, whitelist Debug 456: new_name #/usr/share/pixmaps#, whitelist Debug 456: new_name #/usr/share/pki#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/pki expanded: /usr/share/pki real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/plasma#, whitelist Debug 456: new_name #/usr/share/publicsuffix#, whitelist Debug 456: new_name #/usr/share/qt#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/qt expanded: /usr/share/qt real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/qt4#, whitelist Debug 456: new_name #/usr/share/qt5#, whitelist Debug 456: new_name #/usr/share/qt5ct#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/qt5ct expanded: /usr/share/qt5ct real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/sounds#, whitelist Debug 456: new_name #/usr/share/tcl8.6#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/tcl8.6 expanded: /usr/share/tcl8.6 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/tcltk#, whitelist Debug 456: new_name #/usr/share/terminfo#, whitelist Debug 456: new_name #/usr/share/texlive#, whitelist Debug 456: new_name #/usr/share/texmf#, whitelist Debug 456: new_name #/usr/share/themes#, whitelist Debug 456: new_name #/usr/share/thumbnail.so#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/thumbnail.so expanded: /usr/share/thumbnail.so real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/X11#, whitelist Debug 456: new_name #/usr/share/xml#, whitelist Debug 456: new_name #/usr/share/zoneinfo#, whitelist Directory ${DOWNLOADS} resolved as source/downloads/ Debug 456: new_name #/home/mdomann/source/downloads#, whitelist Debug 571: fname #/home/mdomann/source/downloads#, cfg.homedir #/home/mdomann# Replaced whitelist path: whitelist /home/mdomann/source/downloads Debug 456: new_name #/home/mdomann/.pki#, whitelist Debug 571: fname #/home/mdomann/.pki#, cfg.homedir #/home/mdomann# Replaced whitelist path: whitelist /home/mdomann/.pki Debug 456: new_name #/home/mdomann/.local/share/pki#, whitelist Debug 571: fname #/home/mdomann/.local/share/pki#, cfg.homedir #/home/mdomann# Replaced whitelist path: whitelist /home/mdomann/.local/share/pki Debug 456: new_name #/home/mdomann/.XCompose#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.XCompose expanded: /home/mdomann/.XCompose real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.asoundrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.asoundrc expanded: /home/mdomann/.asoundrc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.config/ibus#, whitelist Debug 571: fname #/home/mdomann/.config/ibus#, cfg.homedir #/home/mdomann# Replaced whitelist path: whitelist /home/mdomann/.config/ibus Debug 456: new_name #/home/mdomann/.config/mimeapps.list#, whitelist Debug 571: fname #/home/mdomann/.config/mimeapps.list#, cfg.homedir #/home/mdomann# Replaced whitelist path: whitelist /home/mdomann/.config/mimeapps.list Debug 456: new_name #/home/mdomann/.config/pkcs11#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/pkcs11 expanded: /home/mdomann/.config/pkcs11 real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.config/user-dirs.dirs#, whitelist Debug 571: fname #/home/mdomann/.config/user-dirs.dirs#, cfg.homedir #/home/mdomann# Replaced whitelist path: whitelist /home/mdomann/.config/user-dirs.dirs Debug 456: new_name #/home/mdomann/.config/user-dirs.locale#, whitelist Debug 571: fname #/home/mdomann/.config/user-dirs.locale#, cfg.homedir #/home/mdomann# Replaced whitelist path: whitelist /home/mdomann/.config/user-dirs.locale Debug 456: new_name #/home/mdomann/.drirc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.drirc expanded: /home/mdomann/.drirc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.icons#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.icons expanded: /home/mdomann/.icons real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.local/share/applications#, whitelist Debug 571: fname #/home/mdomann/.local/share/applications#, cfg.homedir #/home/mdomann# Replaced whitelist path: whitelist /home/mdomann/.local/share/applications Debug 456: new_name #/home/mdomann/.local/share/icons#, whitelist Debug 571: fname #/home/mdomann/.local/share/icons#, cfg.homedir #/home/mdomann# Replaced whitelist path: whitelist /home/mdomann/.local/share/icons Debug 456: new_name #/home/mdomann/.local/share/mime#, whitelist Debug 571: fname #/home/mdomann/.local/share/mime#, cfg.homedir #/home/mdomann# Replaced whitelist path: whitelist /home/mdomann/.local/share/mime Debug 456: new_name #/home/mdomann/.mime.types#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.mime.types expanded: /home/mdomann/.mime.types real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.uim.d#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.uim.d expanded: /home/mdomann/.uim.d real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.config/dconf#, whitelist Debug 571: fname #/home/mdomann/.config/dconf#, cfg.homedir #/home/mdomann# Replaced whitelist path: whitelist /home/mdomann/.config/dconf Debug 456: new_name #/home/mdomann/.cache/fontconfig#, whitelist Debug 571: fname #/home/mdomann/.cache/fontconfig#, cfg.homedir #/home/mdomann# Replaced whitelist path: whitelist /home/mdomann/.cache/fontconfig Debug 456: new_name #/home/mdomann/.config/fontconfig#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/fontconfig expanded: /home/mdomann/.config/fontconfig real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.fontconfig#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fontconfig expanded: /home/mdomann/.fontconfig real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.fonts#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts expanded: /home/mdomann/.fonts real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.fonts.conf#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf expanded: /home/mdomann/.fonts.conf real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.fonts.conf.d#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf.d expanded: /home/mdomann/.fonts.conf.d real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.fonts.d#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.d expanded: /home/mdomann/.fonts.d real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.local/share/fonts#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/fonts expanded: /home/mdomann/.local/share/fonts real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.pangorc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.pangorc expanded: /home/mdomann/.pangorc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.config/gtk-2.0#, whitelist Debug 571: fname #/home/mdomann/.config/gtk-2.0#, cfg.homedir #/home/mdomann# Replaced whitelist path: whitelist /home/mdomann/.config/gtk-2.0 Debug 456: new_name #/home/mdomann/.config/gtk-3.0#, whitelist Debug 571: fname #/home/mdomann/.config/gtk-3.0#, cfg.homedir #/home/mdomann# Replaced whitelist path: whitelist /home/mdomann/.config/gtk-3.0 Debug 456: new_name #/home/mdomann/.config/gtk-4.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtk-4.0 expanded: /home/mdomann/.config/gtk-4.0 real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.config/gtkrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc expanded: /home/mdomann/.config/gtkrc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.config/gtkrc-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc-2.0 expanded: /home/mdomann/.config/gtkrc-2.0 real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.gnome2#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2 expanded: /home/mdomann/.gnome2 real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.gnome2-private#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2-private expanded: /home/mdomann/.gnome2-private real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.gtk-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtk-2.0 expanded: /home/mdomann/.gtk-2.0 real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.gtkrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtkrc expanded: /home/mdomann/.gtkrc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.gtkrc-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtkrc-2.0 expanded: /home/mdomann/.gtkrc-2.0 real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.kde/share/config/gtkrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc expanded: /home/mdomann/.kde/share/config/gtkrc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.kde/share/config/gtkrc-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc-2.0 expanded: /home/mdomann/.kde/share/config/gtkrc-2.0 real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.kde4/share/config/gtkrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc expanded: /home/mdomann/.kde4/share/config/gtkrc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.kde4/share/config/gtkrc-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc-2.0 expanded: /home/mdomann/.kde4/share/config/gtkrc-2.0 real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.local/share/themes#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/themes expanded: /home/mdomann/.local/share/themes real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.themes#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.themes expanded: /home/mdomann/.themes real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.cache/kioexec/krun#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.cache/kioexec/krun expanded: /home/mdomann/.cache/kioexec/krun real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.config/Kvantum#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/Kvantum expanded: /home/mdomann/.config/Kvantum real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.config/Trolltech.conf#, whitelist Debug 571: fname #/home/mdomann/.config/Trolltech.conf#, cfg.homedir #/home/mdomann# Replaced whitelist path: whitelist /home/mdomann/.config/Trolltech.conf Debug 456: new_name #/home/mdomann/.config/kdeglobals#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kdeglobals expanded: /home/mdomann/.config/kdeglobals real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.config/kio_httprc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kio_httprc expanded: /home/mdomann/.config/kio_httprc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.config/kioslaverc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kioslaverc expanded: /home/mdomann/.config/kioslaverc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.config/ksslcablacklist#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/ksslcablacklist expanded: /home/mdomann/.config/ksslcablacklist real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.config/qt5ct#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/qt5ct expanded: /home/mdomann/.config/qt5ct real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.kde/share/config/kdeglobals#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kdeglobals expanded: /home/mdomann/.kde/share/config/kdeglobals real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.kde/share/config/kio_httprc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kio_httprc expanded: /home/mdomann/.kde/share/config/kio_httprc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.kde/share/config/kioslaverc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kioslaverc expanded: /home/mdomann/.kde/share/config/kioslaverc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.kde/share/config/ksslcablacklist#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/ksslcablacklist expanded: /home/mdomann/.kde/share/config/ksslcablacklist real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.kde/share/config/oxygenrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/oxygenrc expanded: /home/mdomann/.kde/share/config/oxygenrc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.kde/share/icons#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/icons expanded: /home/mdomann/.kde/share/icons real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.kde4/share/config/kdeglobals#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kdeglobals expanded: /home/mdomann/.kde4/share/config/kdeglobals real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.kde4/share/config/kio_httprc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kio_httprc expanded: /home/mdomann/.kde4/share/config/kio_httprc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.kde4/share/config/kioslaverc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kioslaverc expanded: /home/mdomann/.kde4/share/config/kioslaverc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.kde4/share/config/ksslcablacklist#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/ksslcablacklist expanded: /home/mdomann/.kde4/share/config/ksslcablacklist real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.kde4/share/config/oxygenrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/oxygenrc expanded: /home/mdomann/.kde4/share/config/oxygenrc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.kde4/share/icons#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/icons expanded: /home/mdomann/.kde4/share/icons real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.local/share/qt5ct#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/qt5ct expanded: /home/mdomann/.local/share/qt5ct real path: (null) realpath: No such file or directory Debug 456: new_name #/run/user/1000/bus#, whitelist Replaced whitelist path: whitelist /run/user/1000/bus Debug 456: new_name #/run/user/1000/dconf#, whitelist Replaced whitelist path: whitelist /run/user/1000/dconf Debug 456: new_name #/run/user/1000/gdm/Xauthority#, whitelist Removed whitelist/nowhitelist path: whitelist ${RUNUSER}/gdm/Xauthority expanded: /run/user/1000/gdm/Xauthority real path: (null) realpath: No such file or directory Debug 456: new_name #/run/user/1000/ICEauthority#, whitelist Replaced whitelist path: whitelist /run/user/1000/ICEauthority Debug 456: new_name #/run/user/1000/.mutter-Xwaylandauth.*#, whitelist Removed whitelist/nowhitelist path: whitelist ${RUNUSER}/.mutter-Xwaylandauth.* expanded: /run/user/1000/.mutter-Xwaylandauth.* real path: (null) realpath: No such file or directory Debug 456: new_name #/run/user/1000/pulse/native#, whitelist Replaced whitelist path: whitelist /run/user/1000/pulse/native Debug 456: new_name #/run/user/1000/wayland-0#, whitelist Removed whitelist/nowhitelist path: whitelist ${RUNUSER}/wayland-0 expanded: /run/user/1000/wayland-0 real path: (null) realpath: No such file or directory Debug 456: new_name #/var/lib/ca-certificates#, whitelist Removed whitelist/nowhitelist path: whitelist /var/lib/ca-certificates expanded: /var/lib/ca-certificates real path: (null) realpath: No such file or directory Debug 456: new_name #/var/lib/dbus#, whitelist Debug 456: new_name #/var/lib/menu-xdg#, whitelist Debug 456: new_name #/var/lib/uim#, whitelist Removed whitelist/nowhitelist path: whitelist /var/lib/uim expanded: /var/lib/uim real path: (null) realpath: No such file or directory Debug 456: new_name #/var/cache/fontconfig#, whitelist Debug 456: new_name #/var/tmp#, whitelist Debug 456: new_name #/var/run#, whitelist Replaced whitelist path: whitelist /run Debug 456: new_name #/var/lock#, whitelist Replaced whitelist path: whitelist /run/lock Debug 456: new_name #/tmp/.X11-unix#, whitelist Mounting tmpfs on /tmp directory Mounting tmpfs on /var directory Mounting tmpfs on /usr/share directory Mounting tmpfs on /run/user/1000 directory Drop privileges: pid 4, uid 1000, gid 1000, nogroups 0 Supplementary groups: 29 Mounting a new /root directory Mounting a new /home directory Create a new user directory Drop privileges: pid 5, uid 1000, gid 1000, nogroups 0 Supplementary groups: 29 Drop privileges: pid 6, uid 1000, gid 1000, nogroups 0 Supplementary groups: 29 Whitelisting /home/mdomann/dateien/Publii 1482 1481 0:51 /homefs/mdomann/dateien/Publii /home/mdomann/dateien/Publii rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1482 fsname=/homefs/mdomann/dateien/Publii dir=/home/mdomann/dateien/Publii fstype=btrfs Whitelisting /home/mdomann/dateien/Publii 1483 1482 0:51 /homefs/mdomann/dateien/Publii /home/mdomann/dateien/Publii rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1483 fsname=/homefs/mdomann/dateien/Publii dir=/home/mdomann/dateien/Publii fstype=btrfs Whitelisting /home/mdomann/source/dotfiles/firefox 1484 1481 0:51 /homefs/mdomann/source/dotfiles/firefox /home/mdomann/source/dotfiles/firefox rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=1838,subvol=/homefs/mdomann/source mountid=1484 fsname=/homefs/mdomann/source/dotfiles/firefox dir=/home/mdomann/source/dotfiles/firefox fstype=btrfs Whitelisting /home/mdomann/.cache/mozilla/firefox 1485 1481 0:51 /homefs/mdomann/.cache/mozilla/firefox /home/mdomann/.cache/mozilla/firefox rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=1837,subvol=/homefs/mdomann/.cache mountid=1485 fsname=/homefs/mdomann/.cache/mozilla/firefox dir=/home/mdomann/.cache/mozilla/firefox fstype=btrfs Whitelisting /home/mdomann/.mozilla 1486 1481 0:51 /homefs/mdomann/.mozilla /home/mdomann/.mozilla rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1486 fsname=/homefs/mdomann/.mozilla dir=/home/mdomann/.mozilla fstype=btrfs Whitelisting /usr/share/doc 1487 1470 0:24 /rootfs/usr/share/doc /usr/share/doc ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1487 fsname=/rootfs/usr/share/doc dir=/usr/share/doc fstype=btrfs Whitelisting /usr/share/firefox 1488 1470 0:24 /rootfs/usr/share/firefox /usr/share/firefox ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1488 fsname=/rootfs/usr/share/firefox dir=/usr/share/firefox fstype=btrfs Whitelisting /usr/share/gtk-doc/html 1489 1470 0:24 /rootfs/usr/share/gtk-doc/html /usr/share/gtk-doc/html ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1489 fsname=/rootfs/usr/share/gtk-doc/html dir=/usr/share/gtk-doc/html fstype=btrfs Whitelisting /usr/share/mozilla 1490 1470 0:24 /rootfs/usr/share/mozilla /usr/share/mozilla ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1490 fsname=/rootfs/usr/share/mozilla dir=/usr/share/mozilla fstype=btrfs Whitelisting /usr/share/alsa 1491 1470 0:24 /rootfs/usr/share/alsa /usr/share/alsa ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1491 fsname=/rootfs/usr/share/alsa dir=/usr/share/alsa fstype=btrfs Whitelisting /usr/share/applications 1492 1470 0:24 /rootfs/usr/share/applications /usr/share/applications ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1492 fsname=/rootfs/usr/share/applications dir=/usr/share/applications fstype=btrfs Whitelisting /usr/share/ca-certificates 1493 1470 0:24 /rootfs/usr/share/ca-certificates /usr/share/ca-certificates ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1493 fsname=/rootfs/usr/share/ca-certificates dir=/usr/share/ca-certificates fstype=btrfs Whitelisting /usr/share/distro-info 1494 1470 0:24 /rootfs/usr/share/distro-info /usr/share/distro-info ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1494 fsname=/rootfs/usr/share/distro-info dir=/usr/share/distro-info fstype=btrfs Whitelisting /usr/share/drirc.d 1495 1470 0:24 /rootfs/usr/share/drirc.d /usr/share/drirc.d ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1495 fsname=/rootfs/usr/share/drirc.d dir=/usr/share/drirc.d fstype=btrfs Whitelisting /usr/share/enchant 1496 1470 0:24 /rootfs/usr/share/enchant /usr/share/enchant ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1496 fsname=/rootfs/usr/share/enchant dir=/usr/share/enchant fstype=btrfs Whitelisting /usr/share/enchant-2 1497 1470 0:24 /rootfs/usr/share/enchant-2 /usr/share/enchant-2 ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1497 fsname=/rootfs/usr/share/enchant-2 dir=/usr/share/enchant-2 fstype=btrfs Whitelisting /usr/share/file 1498 1470 0:24 /rootfs/usr/share/file /usr/share/file ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1498 fsname=/rootfs/usr/share/file dir=/usr/share/file fstype=btrfs Whitelisting /usr/share/fontconfig 1499 1470 0:24 /rootfs/usr/share/fontconfig /usr/share/fontconfig ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1499 fsname=/rootfs/usr/share/fontconfig dir=/usr/share/fontconfig fstype=btrfs Whitelisting /usr/share/fonts 1500 1470 0:24 /rootfs/usr/share/fonts /usr/share/fonts ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1500 fsname=/rootfs/usr/share/fonts dir=/usr/share/fonts fstype=btrfs Whitelisting /usr/share/gir-1.0 1501 1470 0:24 /rootfs/usr/share/gir-1.0 /usr/share/gir-1.0 ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1501 fsname=/rootfs/usr/share/gir-1.0 dir=/usr/share/gir-1.0 fstype=btrfs Whitelisting /usr/share/glib-2.0 1502 1470 0:24 /rootfs/usr/share/glib-2.0 /usr/share/glib-2.0 ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1502 fsname=/rootfs/usr/share/glib-2.0 dir=/usr/share/glib-2.0 fstype=btrfs Whitelisting /usr/share/glvnd 1503 1470 0:24 /rootfs/usr/share/glvnd /usr/share/glvnd ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1503 fsname=/rootfs/usr/share/glvnd dir=/usr/share/glvnd fstype=btrfs Whitelisting /usr/share/gtk-engines 1504 1470 0:24 /rootfs/usr/share/gtk-engines /usr/share/gtk-engines ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1504 fsname=/rootfs/usr/share/gtk-engines dir=/usr/share/gtk-engines fstype=btrfs Whitelisting /usr/share/gtksourceview-3.0 1505 1470 0:24 /rootfs/usr/share/gtksourceview-3.0 /usr/share/gtksourceview-3.0 ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1505 fsname=/rootfs/usr/share/gtksourceview-3.0 dir=/usr/share/gtksourceview-3.0 fstype=btrfs Whitelisting /usr/share/hunspell 1506 1470 0:24 /rootfs/usr/share/hunspell /usr/share/hunspell ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1506 fsname=/rootfs/usr/share/hunspell dir=/usr/share/hunspell fstype=btrfs Whitelisting /usr/share/hwdata 1507 1470 0:24 /rootfs/usr/share/hwdata /usr/share/hwdata ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1507 fsname=/rootfs/usr/share/hwdata dir=/usr/share/hwdata fstype=btrfs Whitelisting /usr/share/icons 1508 1470 0:24 /rootfs/usr/share/icons /usr/share/icons ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1508 fsname=/rootfs/usr/share/icons dir=/usr/share/icons fstype=btrfs Whitelisting /usr/share/icu 1509 1470 0:24 /rootfs/usr/share/icu /usr/share/icu ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1509 fsname=/rootfs/usr/share/icu dir=/usr/share/icu fstype=btrfs Whitelisting /usr/share/libdrm 1510 1470 0:24 /rootfs/usr/share/libdrm /usr/share/libdrm ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1510 fsname=/rootfs/usr/share/libdrm dir=/usr/share/libdrm fstype=btrfs Whitelisting /usr/share/libthai 1511 1470 0:24 /rootfs/usr/share/libthai /usr/share/libthai ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1511 fsname=/rootfs/usr/share/libthai dir=/usr/share/libthai fstype=btrfs Whitelisting /usr/share/locale 1512 1470 0:24 /rootfs/usr/share/locale /usr/share/locale ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1512 fsname=/rootfs/usr/share/locale dir=/usr/share/locale fstype=btrfs Whitelisting /usr/share/mime 1513 1470 0:24 /rootfs/usr/share/mime /usr/share/mime ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1513 fsname=/rootfs/usr/share/mime dir=/usr/share/mime fstype=btrfs Whitelisting /usr/share/misc 1514 1470 0:24 /rootfs/usr/share/misc /usr/share/misc ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1514 fsname=/rootfs/usr/share/misc dir=/usr/share/misc fstype=btrfs Whitelisting /usr/share/p11-kit 1515 1470 0:24 /rootfs/usr/share/p11-kit /usr/share/p11-kit ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1515 fsname=/rootfs/usr/share/p11-kit dir=/usr/share/p11-kit fstype=btrfs Whitelisting /usr/share/perl 1516 1470 0:24 /rootfs/usr/share/perl /usr/share/perl ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1516 fsname=/rootfs/usr/share/perl dir=/usr/share/perl fstype=btrfs Whitelisting /usr/share/perl5 1517 1470 0:24 /rootfs/usr/share/perl5 /usr/share/perl5 ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1517 fsname=/rootfs/usr/share/perl5 dir=/usr/share/perl5 fstype=btrfs Whitelisting /usr/share/pixmaps 1518 1470 0:24 /rootfs/usr/share/pixmaps /usr/share/pixmaps ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1518 fsname=/rootfs/usr/share/pixmaps dir=/usr/share/pixmaps fstype=btrfs Whitelisting /usr/share/plasma 1519 1470 0:24 /rootfs/usr/share/plasma /usr/share/plasma ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1519 fsname=/rootfs/usr/share/plasma dir=/usr/share/plasma fstype=btrfs Whitelisting /usr/share/publicsuffix 1520 1470 0:24 /rootfs/usr/share/publicsuffix /usr/share/publicsuffix ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1520 fsname=/rootfs/usr/share/publicsuffix dir=/usr/share/publicsuffix fstype=btrfs Whitelisting /usr/share/qt4 1521 1470 0:24 /rootfs/usr/share/qt4 /usr/share/qt4 ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1521 fsname=/rootfs/usr/share/qt4 dir=/usr/share/qt4 fstype=btrfs Whitelisting /usr/share/qt5 1522 1470 0:24 /rootfs/usr/share/qt5 /usr/share/qt5 ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1522 fsname=/rootfs/usr/share/qt5 dir=/usr/share/qt5 fstype=btrfs Whitelisting /usr/share/sounds 1523 1470 0:24 /rootfs/usr/share/sounds /usr/share/sounds ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1523 fsname=/rootfs/usr/share/sounds dir=/usr/share/sounds fstype=btrfs Whitelisting /usr/share/tcltk 1524 1470 0:24 /rootfs/usr/share/tcltk /usr/share/tcltk ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1524 fsname=/rootfs/usr/share/tcltk dir=/usr/share/tcltk fstype=btrfs Whitelisting /usr/share/terminfo 1525 1470 0:24 /rootfs/usr/share/terminfo /usr/share/terminfo ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1525 fsname=/rootfs/usr/share/terminfo dir=/usr/share/terminfo fstype=btrfs Whitelisting /usr/share/texlive 1526 1470 0:24 /rootfs/usr/share/texlive /usr/share/texlive ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1526 fsname=/rootfs/usr/share/texlive dir=/usr/share/texlive fstype=btrfs Whitelisting /usr/share/texmf 1527 1470 0:24 /rootfs/usr/share/texmf /usr/share/texmf ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1527 fsname=/rootfs/usr/share/texmf dir=/usr/share/texmf fstype=btrfs Whitelisting /usr/share/themes 1528 1470 0:24 /rootfs/usr/share/themes /usr/share/themes ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1528 fsname=/rootfs/usr/share/themes dir=/usr/share/themes fstype=btrfs Whitelisting /usr/share/X11 1529 1470 0:24 /rootfs/usr/share/X11 /usr/share/X11 ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1529 fsname=/rootfs/usr/share/X11 dir=/usr/share/X11 fstype=btrfs Whitelisting /usr/share/xml 1530 1470 0:24 /rootfs/usr/share/xml /usr/share/xml ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1530 fsname=/rootfs/usr/share/xml dir=/usr/share/xml fstype=btrfs Whitelisting /usr/share/zoneinfo 1531 1470 0:24 /rootfs/usr/share/zoneinfo /usr/share/zoneinfo ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1531 fsname=/rootfs/usr/share/zoneinfo dir=/usr/share/zoneinfo fstype=btrfs Whitelisting /home/mdomann/source/downloads 1532 1481 0:51 /homefs/mdomann/source/downloads /home/mdomann/source/downloads rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=1838,subvol=/homefs/mdomann/source mountid=1532 fsname=/homefs/mdomann/source/downloads dir=/home/mdomann/source/downloads fstype=btrfs Whitelisting /home/mdomann/.pki 1533 1481 0:51 /homefs/mdomann/.pki /home/mdomann/.pki rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1533 fsname=/homefs/mdomann/.pki dir=/home/mdomann/.pki fstype=btrfs Whitelisting /home/mdomann/.local/share/pki 1534 1481 0:51 /homefs/mdomann/.local/share/pki /home/mdomann/.local/share/pki rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1534 fsname=/homefs/mdomann/.local/share/pki dir=/home/mdomann/.local/share/pki fstype=btrfs Whitelisting /home/mdomann/.config/ibus 1535 1481 0:51 /homefs/mdomann/.config/ibus /home/mdomann/.config/ibus rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1535 fsname=/homefs/mdomann/.config/ibus dir=/home/mdomann/.config/ibus fstype=btrfs Whitelisting /home/mdomann/.config/mimeapps.list 1536 1481 0:51 /homefs/mdomann/.config/mimeapps.list /home/mdomann/.config/mimeapps.list rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1536 fsname=/homefs/mdomann/.config/mimeapps.list dir=/home/mdomann/.config/mimeapps.list fstype=btrfs Whitelisting /home/mdomann/.config/user-dirs.dirs 1537 1481 0:51 /homefs/mdomann/.config/user-dirs.dirs /home/mdomann/.config/user-dirs.dirs rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1537 fsname=/homefs/mdomann/.config/user-dirs.dirs dir=/home/mdomann/.config/user-dirs.dirs fstype=btrfs Whitelisting /home/mdomann/.config/user-dirs.locale 1538 1481 0:51 /homefs/mdomann/.config/user-dirs.locale /home/mdomann/.config/user-dirs.locale rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1538 fsname=/homefs/mdomann/.config/user-dirs.locale dir=/home/mdomann/.config/user-dirs.locale fstype=btrfs Whitelisting /home/mdomann/.local/share/applications 1539 1481 0:51 /homefs/mdomann/.local/share/applications /home/mdomann/.local/share/applications rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1539 fsname=/homefs/mdomann/.local/share/applications dir=/home/mdomann/.local/share/applications fstype=btrfs Whitelisting /home/mdomann/.local/share/icons 1540 1481 0:51 /homefs/mdomann/.local/share/icons /home/mdomann/.local/share/icons rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1540 fsname=/homefs/mdomann/.local/share/icons dir=/home/mdomann/.local/share/icons fstype=btrfs Whitelisting /home/mdomann/.local/share/mime 1541 1481 0:51 /homefs/mdomann/.local/share/mime /home/mdomann/.local/share/mime rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1541 fsname=/homefs/mdomann/.local/share/mime dir=/home/mdomann/.local/share/mime fstype=btrfs Whitelisting /home/mdomann/.config/dconf 1542 1481 0:51 /homefs/mdomann/.config/dconf /home/mdomann/.config/dconf rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1542 fsname=/homefs/mdomann/.config/dconf dir=/home/mdomann/.config/dconf fstype=btrfs Whitelisting /home/mdomann/.cache/fontconfig 1543 1481 0:51 /homefs/mdomann/.cache/fontconfig /home/mdomann/.cache/fontconfig rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=1837,subvol=/homefs/mdomann/.cache mountid=1543 fsname=/homefs/mdomann/.cache/fontconfig dir=/home/mdomann/.cache/fontconfig fstype=btrfs Whitelisting /home/mdomann/.config/gtk-2.0 1544 1481 0:51 /homefs/mdomann/.config/gtk-2.0 /home/mdomann/.config/gtk-2.0 rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1544 fsname=/homefs/mdomann/.config/gtk-2.0 dir=/home/mdomann/.config/gtk-2.0 fstype=btrfs Whitelisting /home/mdomann/.config/gtk-3.0 1545 1481 0:51 /homefs/mdomann/.config/gtk-3.0 /home/mdomann/.config/gtk-3.0 rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1545 fsname=/homefs/mdomann/.config/gtk-3.0 dir=/home/mdomann/.config/gtk-3.0 fstype=btrfs Whitelisting /home/mdomann/.config/Trolltech.conf 1546 1481 0:51 /homefs/mdomann/.config/Trolltech.conf /home/mdomann/.config/Trolltech.conf rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1546 fsname=/homefs/mdomann/.config/Trolltech.conf dir=/home/mdomann/.config/Trolltech.conf fstype=btrfs Whitelisting /run/user/1000/bus 1547 1475 0:23 /firejail/firejail.ro.file /run/user/1000/bus rw,nosuid,nodev,noexec,relatime master:5 - tmpfs tmpfs rw,size=1631612k,mode=755 mountid=1547 fsname=/firejail/firejail.ro.file dir=/run/user/1000/bus fstype=tmpfs Whitelisting /run/user/1000/dconf 1548 1475 0:61 /dconf /run/user/1000/dconf rw,nosuid,nodev,relatime master:281 - tmpfs tmpfs rw,size=1631608k,nr_inodes=407902,mode=700,uid=1000,gid=1000 mountid=1548 fsname=/dconf dir=/run/user/1000/dconf fstype=tmpfs Whitelisting /run/user/1000/ICEauthority 1549 1475 0:61 /ICEauthority /run/user/1000/ICEauthority rw,nosuid,nodev,relatime master:281 - tmpfs tmpfs rw,size=1631608k,nr_inodes=407902,mode=700,uid=1000,gid=1000 mountid=1549 fsname=/ICEauthority dir=/run/user/1000/ICEauthority fstype=tmpfs Whitelisting /run/user/1000/pulse/native 1550 1475 0:61 /pulse/native /run/user/1000/pulse/native rw,nosuid,nodev,relatime master:281 - tmpfs tmpfs rw,size=1631608k,nr_inodes=407902,mode=700,uid=1000,gid=1000 mountid=1550 fsname=/pulse/native dir=/run/user/1000/pulse/native fstype=tmpfs Whitelisting /var/lib/dbus 1551 1468 0:24 /rootfs/var/lib/dbus /var/lib/dbus ro,nosuid,nodev,noexec,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1551 fsname=/rootfs/var/lib/dbus dir=/var/lib/dbus fstype=btrfs Whitelisting /var/lib/menu-xdg 1552 1468 0:24 /rootfs/var/lib/menu-xdg /var/lib/menu-xdg ro,nosuid,nodev,noexec,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1552 fsname=/rootfs/var/lib/menu-xdg dir=/var/lib/menu-xdg fstype=btrfs Whitelisting /var/cache/fontconfig 1553 1468 0:24 /rootfs/var/cache/fontconfig /var/cache/fontconfig ro,nosuid,nodev,noexec,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1553 fsname=/rootfs/var/cache/fontconfig dir=/var/cache/fontconfig fstype=btrfs Whitelisting /var/tmp 1554 1468 0:96 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw mountid=1554 fsname=/ dir=/var/tmp fstype=tmpfs Created symbolic link /var/run -/run Created symbolic link /var/lock -/run/lock Whitelisting /tmp/.X11-unix 1555 1457 0:40 /.X11-unix /tmp/.X11-unix rw,relatime master:23 - tmpfs tmpfs rw,size=4194304k mountid=1555 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Disable /etc/X11/Xsession.d Disable /etc/xdg/autostart Mounting read-only /home/mdomann/.Xauthority 1563 1481 0:113 /mdomann/.Xauthority /home/mdomann/.Xauthority ro,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755 mountid=1563 fsname=/mdomann/.Xauthority dir=/home/mdomann/.Xauthority fstype=tmpfs Mounting read-only /home/mdomann/.config/dconf 1564 1542 0:51 /homefs/mdomann/.config/dconf /home/mdomann/.config/dconf ro,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1564 fsname=/homefs/mdomann/.config/dconf dir=/home/mdomann/.config/dconf fstype=btrfs Disable /etc/init.d (requested /etc/init.d/) Disable /run/acpid.socket (requested /var/run/acpid.socket) Disable /run/rpcbind.sock (requested /var/run/rpcbind.sock) Disable /etc/anacrontab Disable /etc/cron.d Disable /etc/cron.daily Disable /etc/cron.hourly Disable /etc/cron.monthly Disable /etc/cron.weekly Disable /etc/cron.deny Disable /etc/crontab Disable /etc/crontab.dpkg-dist Disable /etc/profile.d Disable /etc/rc.local Disable /etc/rc2.d Disable /etc/rc3.d Disable /etc/rc4.d Disable /etc/rc5.d Disable /etc/rc0.d Disable /etc/rc1.d Disable /etc/rc6.d Disable /etc/rcS.d Disable /etc/kernel Disable /etc/kernel-img.conf Disable /etc/grub.d Disable /etc/dkms Disable /etc/apparmor.d Disable /etc/apparmor Disable /etc/selinux Disable /etc/modules Disable /etc/modules-load.d Disable /etc/logrotate.d Disable /etc/logrotate.conf Disable /etc/adduser.conf Mounting read-only /home/mdomann/.bashrc 1599 1481 0:113 /mdomann/.bashrc /home/mdomann/.bashrc ro,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755 mountid=1599 fsname=/mdomann/.bashrc dir=/home/mdomann/.bashrc fstype=tmpfs Mounting read-only /home/mdomann/.local/share/applications 1600 1539 0:51 /homefs/mdomann/.local/share/applications /home/mdomann/.local/share/applications ro,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1600 fsname=/homefs/mdomann/.local/share/applications dir=/home/mdomann/.local/share/applications fstype=btrfs Mounting read-only /home/mdomann/.config/mimeapps.list 1601 1536 0:51 /homefs/mdomann/.config/mimeapps.list /home/mdomann/.config/mimeapps.list ro,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1601 fsname=/homefs/mdomann/.config/mimeapps.list dir=/home/mdomann/.config/mimeapps.list fstype=btrfs Mounting read-only /home/mdomann/.config/user-dirs.dirs 1602 1537 0:51 /homefs/mdomann/.config/user-dirs.dirs /home/mdomann/.config/user-dirs.dirs ro,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1602 fsname=/homefs/mdomann/.config/user-dirs.dirs dir=/home/mdomann/.config/user-dirs.dirs fstype=btrfs Mounting read-only /home/mdomann/.config/user-dirs.locale 1603 1538 0:51 /homefs/mdomann/.config/user-dirs.locale /home/mdomann/.config/user-dirs.locale ro,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1603 fsname=/homefs/mdomann/.config/user-dirs.locale dir=/home/mdomann/.config/user-dirs.locale fstype=btrfs Mounting read-only /home/mdomann/.local/share/mime 1604 1541 0:51 /homefs/mdomann/.local/share/mime /home/mdomann/.local/share/mime ro,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1604 fsname=/homefs/mdomann/.local/share/mime dir=/home/mdomann/.local/share/mime fstype=btrfs Not blacklist /home/mdomann/.pki Not blacklist /home/mdomann/.local/share/pki Disable /etc/davfs2/secrets Disable /etc/group- Disable /etc/gshadow Disable /etc/gshadow- Disable /etc/passwd- Disable /etc/shadow Disable /etc/shadow- Disable /etc/ssh Disable /sbin Disable /usr/local/sbin Disable /usr/sbin Disable /etc/java Disable /usr/lib/valgrind Disable /usr/src Disable /usr/local/src Disable /usr/include Disable /usr/local/include Mounting noexec /home/mdomann/dateien/Publii 1622 1483 0:51 /homefs/mdomann/dateien/Publii /home/mdomann/dateien/Publii rw,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1622 fsname=/homefs/mdomann/dateien/Publii dir=/home/mdomann/dateien/Publii fstype=btrfs Mounting noexec /home/mdomann/source/dotfiles/firefox 1623 1484 0:51 /homefs/mdomann/source/dotfiles/firefox /home/mdomann/source/dotfiles/firefox rw,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=1838,subvol=/homefs/mdomann/source mountid=1623 fsname=/homefs/mdomann/source/dotfiles/firefox dir=/home/mdomann/source/dotfiles/firefox fstype=btrfs Mounting noexec /home/mdomann/.cache/mozilla/firefox 1624 1485 0:51 /homefs/mdomann/.cache/mozilla/firefox /home/mdomann/.cache/mozilla/firefox rw,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=1837,subvol=/homefs/mdomann/.cache mountid=1624 fsname=/homefs/mdomann/.cache/mozilla/firefox dir=/home/mdomann/.cache/mozilla/firefox fstype=btrfs Mounting noexec /home/mdomann/.mozilla 1625 1486 0:51 /homefs/mdomann/.mozilla /home/mdomann/.mozilla rw,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1625 fsname=/homefs/mdomann/.mozilla dir=/home/mdomann/.mozilla fstype=btrfs Mounting noexec /home/mdomann/source/downloads 1626 1532 0:51 /homefs/mdomann/source/downloads /home/mdomann/source/downloads rw,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=1838,subvol=/homefs/mdomann/source mountid=1626 fsname=/homefs/mdomann/source/downloads dir=/home/mdomann/source/downloads fstype=btrfs Mounting noexec /home/mdomann/.pki 1627 1533 0:51 /homefs/mdomann/.pki /home/mdomann/.pki rw,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1627 fsname=/homefs/mdomann/.pki dir=/home/mdomann/.pki fstype=btrfs Mounting noexec /home/mdomann/.local/share/pki 1628 1534 0:51 /homefs/mdomann/.local/share/pki /home/mdomann/.local/share/pki rw,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1628 fsname=/homefs/mdomann/.local/share/pki dir=/home/mdomann/.local/share/pki fstype=btrfs Mounting noexec /home/mdomann/.config/ibus 1629 1535 0:51 /homefs/mdomann/.config/ibus /home/mdomann/.config/ibus rw,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1629 fsname=/homefs/mdomann/.config/ibus dir=/home/mdomann/.config/ibus fstype=btrfs Mounting noexec /home/mdomann/.config/mimeapps.list 1630 1601 0:51 /homefs/mdomann/.config/mimeapps.list /home/mdomann/.config/mimeapps.list ro,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1630 fsname=/homefs/mdomann/.config/mimeapps.list dir=/home/mdomann/.config/mimeapps.list fstype=btrfs Mounting noexec /home/mdomann/.config/user-dirs.dirs 1631 1602 0:51 /homefs/mdomann/.config/user-dirs.dirs /home/mdomann/.config/user-dirs.dirs ro,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1631 fsname=/homefs/mdomann/.config/user-dirs.dirs dir=/home/mdomann/.config/user-dirs.dirs fstype=btrfs Mounting noexec /home/mdomann/.config/user-dirs.locale 1632 1603 0:51 /homefs/mdomann/.config/user-dirs.locale /home/mdomann/.config/user-dirs.locale ro,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1632 fsname=/homefs/mdomann/.config/user-dirs.locale dir=/home/mdomann/.config/user-dirs.locale fstype=btrfs Mounting noexec /home/mdomann/.local/share/applications 1633 1600 0:51 /homefs/mdomann/.local/share/applications /home/mdomann/.local/share/applications ro,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1633 fsname=/homefs/mdomann/.local/share/applications dir=/home/mdomann/.local/share/applications fstype=btrfs Mounting noexec /home/mdomann/.local/share/icons 1634 1540 0:51 /homefs/mdomann/.local/share/icons /home/mdomann/.local/share/icons rw,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1634 fsname=/homefs/mdomann/.local/share/icons dir=/home/mdomann/.local/share/icons fstype=btrfs Mounting noexec /home/mdomann/.local/share/mime 1635 1604 0:51 /homefs/mdomann/.local/share/mime /home/mdomann/.local/share/mime ro,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1635 fsname=/homefs/mdomann/.local/share/mime dir=/home/mdomann/.local/share/mime fstype=btrfs Mounting noexec /home/mdomann/.config/dconf 1636 1564 0:51 /homefs/mdomann/.config/dconf /home/mdomann/.config/dconf ro,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1636 fsname=/homefs/mdomann/.config/dconf dir=/home/mdomann/.config/dconf fstype=btrfs Mounting noexec /home/mdomann/.cache/fontconfig 1637 1543 0:51 /homefs/mdomann/.cache/fontconfig /home/mdomann/.cache/fontconfig rw,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=1837,subvol=/homefs/mdomann/.cache mountid=1637 fsname=/homefs/mdomann/.cache/fontconfig dir=/home/mdomann/.cache/fontconfig fstype=btrfs Mounting noexec /home/mdomann/.config/gtk-2.0 1638 1544 0:51 /homefs/mdomann/.config/gtk-2.0 /home/mdomann/.config/gtk-2.0 rw,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1638 fsname=/homefs/mdomann/.config/gtk-2.0 dir=/home/mdomann/.config/gtk-2.0 fstype=btrfs Mounting noexec /home/mdomann/.config/gtk-3.0 1639 1545 0:51 /homefs/mdomann/.config/gtk-3.0 /home/mdomann/.config/gtk-3.0 rw,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1639 fsname=/homefs/mdomann/.config/gtk-3.0 dir=/home/mdomann/.config/gtk-3.0 fstype=btrfs Mounting noexec /home/mdomann/.config/Trolltech.conf 1640 1546 0:51 /homefs/mdomann/.config/Trolltech.conf /home/mdomann/.config/Trolltech.conf rw,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1640 fsname=/homefs/mdomann/.config/Trolltech.conf dir=/home/mdomann/.config/Trolltech.conf fstype=btrfs Mounting noexec /run/user/1000 1645 1641 0:61 /pulse/native /run/user/1000/pulse/native rw,nosuid,nodev,relatime master:281 - tmpfs tmpfs rw,size=1631608k,nr_inodes=407902,mode=700,uid=1000,gid=1000 mountid=1645 fsname=/pulse/native dir=/run/user/1000/pulse/native fstype=tmpfs Mounting noexec /run/user/1000/dconf 1646 1643 0:61 /dconf /run/user/1000/dconf rw,nosuid,nodev,noexec,relatime master:281 - tmpfs tmpfs rw,size=1631608k,nr_inodes=407902,mode=700,uid=1000,gid=1000 mountid=1646 fsname=/dconf dir=/run/user/1000/dconf fstype=tmpfs Mounting noexec /run/user/1000/ICEauthority 1647 1644 0:61 /ICEauthority /run/user/1000/ICEauthority rw,nosuid,nodev,noexec,relatime master:281 - tmpfs tmpfs rw,size=1631608k,nr_inodes=407902,mode=700,uid=1000,gid=1000 mountid=1647 fsname=/ICEauthority dir=/run/user/1000/ICEauthority fstype=tmpfs Mounting noexec /run/user/1000/pulse/native 1648 1645 0:61 /pulse/native /run/user/1000/pulse/native rw,nosuid,nodev,noexec,relatime master:281 - tmpfs tmpfs rw,size=1631608k,nr_inodes=407902,mode=700,uid=1000,gid=1000 mountid=1648 fsname=/pulse/native dir=/run/user/1000/pulse/native fstype=tmpfs Mounting noexec /dev/shm 1649 1422 0:106 /shm /dev/shm rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755 mountid=1649 fsname=/shm dir=/dev/shm fstype=tmpfs Mounting noexec /tmp 1651 1650 0:40 /.X11-unix /tmp/.X11-unix rw,relatime master:23 - tmpfs tmpfs rw,size=4194304k mountid=1651 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Mounting noexec /tmp/.X11-unix 1652 1651 0:40 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev,noexec,relatime master:23 - tmpfs tmpfs rw,size=4194304k mountid=1652 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Mounting noexec /var 1657 1653 0:96 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw mountid=1657 fsname=/ dir=/var/tmp fstype=tmpfs Disable /usr/lib/liblualib50.a Disable /usr/lib/liblualib50.so.5.0 (requested /usr/lib/liblualib50.so) Disable /usr/lib/liblualib50.so.5.0 Disable /usr/lib/liblualib50.so.5.0 (requested /usr/lib/liblualib50.so.5) Disable /usr/lib/liblua50.a Disable /usr/lib/liblua50.so.5.0 (requested /usr/lib/liblua50.so) Disable /usr/lib/liblua50.so.5.0 Disable /usr/lib/liblua50.so.5.0 (requested /usr/lib/liblua50.so.5) Disable /usr/share/perl5 Disable /usr/share/perl Disable /usr/lib/php Disable /usr/lib/ruby Disable /usr/lib/python2.7 Disable /usr/local/lib/python2.7 Disable /usr/lib/python3 Disable /usr/lib/python3.5 Disable /usr/lib/python3.6 Disable /usr/lib/python3.7 Disable /usr/lib/python3.9 Disable /usr/local/lib/python3.5 Disable /usr/local/lib/python3.6 Disable /usr/local/lib/python3.7 Disable /usr/local/lib/python3.9 Not blacklist /home/mdomann/.mozilla Not blacklist /home/mdomann/.cache/mozilla Mounting read-only /tmp/.X11-unix 1681 1652 0:40 /.X11-unix /tmp/.X11-unix ro,nosuid,nodev,noexec,relatime master:23 - tmpfs tmpfs rw,size=4194304k mountid=1681 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Disable /sys/fs Disable /sys/module /etc/pulse/client.conf not found Current directory: /home/mdomann DISPLAY=:0.0 parsed as 0 Install protocol filter: unix,inet,inet6,netlink configuring 22 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol Dropping all capabilities Drop privileges: pid 7, uid 1000, gid 1000, nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 04 00 c000003e jeq ARCH_64 0006 (false 0002) 0002: 20 00 00 00000000 ld data.syscall-number 0003: 15 01 00 00000167 jeq unknown 0005 (false 0004) 0004: 06 00 00 7fff0000 ret ALLOW 0005: 05 00 00 00000006 jmp 000c 0006: 20 00 00 00000004 ld data.architecture 0007: 15 01 00 c000003e jeq ARCH_64 0009 (false 0008) 0008: 06 00 00 7fff0000 ret ALLOW 0009: 20 00 00 00000000 ld data.syscall-number 000a: 15 01 00 00000029 jeq socket 000c (false 000b) 000b: 06 00 00 7fff0000 ret ALLOW 000c: 20 00 00 00000010 ld data.args[0] 000d: 15 00 01 00000001 jeq 1 000e (false 000f) 000e: 06 00 00 7fff0000 ret ALLOW 000f: 15 00 01 00000002 jeq 2 0010 (false 0011) 0010: 06 00 00 7fff0000 ret ALLOW 0011: 15 00 01 0000000a jeq a 0012 (false 0013) 0012: 06 00 00 7fff0000 ret ALLOW 0013: 15 00 01 00000010 jeq 10 0014 (false 0015) 0014: 06 00 00 7fff0000 ret ALLOW 0015: 06 00 00 0005005f ret ERRNO(95) configuring 101 seccomp entries in /run/firejail/mnt/seccomp/seccomp.32 sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.32 Dropping all capabilities Drop privileges: pid 8, uid 1000, gid 1000, nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 40000003 jeq ARCH_32 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 15 00 01 00000015 jeq 15 0005 (false 0006) 0005: 06 00 00 00000001 ret KILL 0006: 15 00 01 00000034 jeq 34 0007 (false 0008) 0007: 06 00 00 00000001 ret KILL 0008: 15 00 01 0000001a jeq 1a 0009 (false 000a) 0009: 06 00 00 00000001 ret KILL 000a: 15 00 01 0000011b jeq 11b 000b (false 000c) 000b: 06 00 00 00000001 ret KILL 000c: 15 00 01 00000155 jeq 155 000d (false 000e) 000d: 06 00 00 00000001 ret KILL 000e: 15 00 01 00000156 jeq 156 000f (false 0010) 000f: 06 00 00 00000001 ret KILL 0010: 15 00 01 0000007f jeq 7f 0011 (false 0012) 0011: 06 00 00 00000001 ret KILL 0012: 15 00 01 00000080 jeq 80 0013 (false 0014) 0013: 06 00 00 00000001 ret KILL 0014: 15 00 01 0000015e jeq 15e 0015 (false 0016) 0015: 06 00 00 00000001 ret KILL 0016: 15 00 01 00000081 jeq 81 0017 (false 0018) 0017: 06 00 00 00000001 ret KILL 0018: 15 00 01 0000006e jeq 6e 0019 (false 001a) 0019: 06 00 00 00000001 ret KILL 001a: 15 00 01 00000065 jeq 65 001b (false 001c) 001b: 06 00 00 00000001 ret KILL 001c: 15 00 01 00000121 jeq 121 001d (false 001e) 001d: 06 00 00 00000001 ret KILL 001e: 15 00 01 00000057 jeq 57 001f (false 0020) 001f: 06 00 00 00000001 ret KILL 0020: 15 00 01 00000073 jeq 73 0021 (false 0022) 0021: 06 00 00 00000001 ret KILL 0022: 15 00 01 00000067 jeq 67 0023 (false 0024) 0023: 06 00 00 00000001 ret KILL 0024: 15 00 01 0000015b jeq 15b 0025 (false 0026) 0025: 06 00 00 00000001 ret KILL 0026: 15 00 01 0000015c jeq 15c 0027 (false 0028) 0027: 06 00 00 00000001 ret KILL 0028: 15 00 01 00000087 jeq 87 0029 (false 002a) 0029: 06 00 00 00000001 ret KILL 002a: 15 00 01 00000095 jeq 95 002b (false 002c) 002b: 06 00 00 00000001 ret KILL 002c: 15 00 01 0000007c jeq 7c 002d (false 002e) 002d: 06 00 00 00000001 ret KILL 002e: 15 00 01 00000157 jeq 157 002f (false 0030) 002f: 06 00 00 00000001 ret KILL 0030: 15 00 01 000000fd jeq fd 0031 (false 0032) 0031: 06 00 00 00000001 ret KILL 0032: 15 00 01 00000150 jeq 150 0033 (false 0034) 0033: 06 00 00 00000001 ret KILL 0034: 15 00 01 00000152 jeq 152 0035 (false 0036) 0035: 06 00 00 00000001 ret KILL 0036: 15 00 01 0000015d jeq 15d 0037 (false 0038) 0037: 06 00 00 00000001 ret KILL 0038: 15 00 01 0000011e jeq 11e 0039 (false 003a) 0039: 06 00 00 00000001 ret KILL 003a: 15 00 01 0000011f jeq 11f 003b (false 003c) 003b: 06 00 00 00000001 ret KILL 003c: 15 00 01 00000120 jeq 120 003d (false 003e) 003d: 06 00 00 00000001 ret KILL 003e: 15 00 01 00000056 jeq 56 003f (false 0040) 003f: 06 00 00 00000001 ret KILL 0040: 15 00 01 00000033 jeq 33 0041 (false 0042) 0041: 06 00 00 00000001 ret KILL 0042: 15 00 01 0000007b jeq 7b 0043 (false 0044) 0043: 06 00 00 00000001 ret KILL 0044: 15 00 01 000000d9 jeq d9 0045 (false 0046) 0045: 06 00 00 00000001 ret KILL 0046: 15 00 01 000000f5 jeq f5 0047 (false 0048) 0047: 06 00 00 00000001 ret KILL 0048: 15 00 01 000000f6 jeq f6 0049 (false 004a) 0049: 06 00 00 00000001 ret KILL 004a: 15 00 01 000000f7 jeq f7 004b (false 004c) 004b: 06 00 00 00000001 ret KILL 004c: 15 00 01 000000f8 jeq f8 004d (false 004e) 004d: 06 00 00 00000001 ret KILL 004e: 15 00 01 000000f9 jeq f9 004f (false 0050) 004f: 06 00 00 00000001 ret KILL 0050: 15 00 01 00000101 jeq 101 0051 (false 0052) 0051: 06 00 00 00000001 ret KILL 0052: 15 00 01 00000112 jeq 112 0053 (false 0054) 0053: 06 00 00 00000001 ret KILL 0054: 15 00 01 00000114 jeq 114 0055 (false 0056) 0055: 06 00 00 00000001 ret KILL 0056: 15 00 01 00000126 jeq 126 0057 (false 0058) 0057: 06 00 00 00000001 ret KILL 0058: 15 00 01 0000013d jeq 13d 0059 (false 005a) 0059: 06 00 00 00000001 ret KILL 005a: 15 00 01 0000013c jeq 13c 005b (false 005c) 005b: 06 00 00 00000001 ret KILL 005c: 15 00 01 0000003d jeq 3d 005d (false 005e) 005d: 06 00 00 00000001 ret KILL 005e: 15 00 01 00000058 jeq 58 005f (false 0060) 005f: 06 00 00 00000001 ret KILL 0060: 15 00 01 000000a9 jeq a9 0061 (false 0062) 0061: 06 00 00 00000001 ret KILL 0062: 15 00 01 00000082 jeq 82 0063 (false 0064) 0063: 06 00 00 00000001 ret KILL 0064: 06 00 00 7fff0000 ret ALLOW Dual 32/64 bit seccomp filter configured Build default+drop seccomp filter sbox run: /run/firejail/lib/fseccomp default drop /run/firejail/mnt/seccomp/seccomp /run/firejail/mnt/seccomp/seccomp.postexec !chroot Dropping all capabilities Drop privileges: pid 9, uid 1000, gid 1000, nogroups 1 No supplementary groups Seccomp list in: !chroot, check list: @default-keep, prelist: unknown, sbox run: /run/firejail/lib/fsec-optimize /run/firejail/mnt/seccomp/seccomp Dropping all capabilities Drop privileges: pid 10, uid 1000, gid 1000, nogroups 1 No supplementary groups configuring 136 seccomp entries in /run/firejail/mnt/seccomp/seccomp sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp Dropping all capabilities Drop privileges: pid 11, uid 1000, gid 1000, nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005) 0005: 35 01 00 00000000 jge read 0007 (false 0006) 0006: 06 00 00 00050001 ret ERRNO(1) 0007: 15 00 01 000000a1 jeq chroot 0008 (false 0009) 0008: 06 00 00 7fff0000 ret ALLOW 0009: 15 00 01 0000009f jeq adjtimex 000a (false 000b) 000a: 06 00 00 00050001 ret ERRNO(1) 000b: 15 00 01 00000131 jeq clock_adjtime 000c (false 000d) 000c: 06 00 00 00050001 ret ERRNO(1) 000d: 15 00 01 000000e3 jeq clock_settime 000e (false 000f) 000e: 06 00 00 00050001 ret ERRNO(1) 000f: 15 00 01 000000a4 jeq settimeofday 0010 (false 0011) 0010: 06 00 00 00050001 ret ERRNO(1) 0011: 15 00 01 0000009a jeq modify_ldt 0012 (false 0013) 0012: 06 00 00 00050001 ret ERRNO(1) 0013: 15 00 01 000000d4 jeq lookup_dcookie 0014 (false 0015) 0014: 06 00 00 00050001 ret ERRNO(1) 0015: 15 00 01 0000012a jeq perf_event_open 0016 (false 0017) 0016: 06 00 00 00050001 ret ERRNO(1) 0017: 15 00 01 00000137 jeq process_vm_writev 0018 (false 0019) 0018: 06 00 00 00050001 ret ERRNO(1) 0019: 15 00 01 000000b0 jeq delete_module 001a (false 001b) 001a: 06 00 00 00050001 ret ERRNO(1) 001b: 15 00 01 00000139 jeq finit_module 001c (false 001d) 001c: 06 00 00 00050001 ret ERRNO(1) 001d: 15 00 01 000000af jeq init_module 001e (false 001f) 001e: 06 00 00 00050001 ret ERRNO(1) 001f: 15 00 01 000000a1 jeq chroot 0020 (false 0021) 0020: 06 00 00 00050001 ret ERRNO(1) 0021: 15 00 01 000000a5 jeq mount 0022 (false 0023) 0022: 06 00 00 00050001 ret ERRNO(1) 0023: 15 00 01 0000009b jeq pivot_root 0024 (false 0025) 0024: 06 00 00 00050001 ret ERRNO(1) 0025: 15 00 01 000000a6 jeq umount2 0026 (false 0027) 0026: 06 00 00 00050001 ret ERRNO(1) 0027: 15 00 01 0000009c jeq _sysctl 0028 (false 0029) 0028: 06 00 00 00050001 ret ERRNO(1) 0029: 15 00 01 000000b7 jeq afs_syscall 002a (false 002b) 002a: 06 00 00 00050001 ret ERRNO(1) 002b: 15 00 01 000000ae jeq create_module 002c (false 002d) 002c: 06 00 00 00050001 ret ERRNO(1) 002d: 15 00 01 000000b1 jeq get_kernel_syms 002e (false 002f) 002e: 06 00 00 00050001 ret ERRNO(1) 002f: 15 00 01 000000b5 jeq getpmsg 0030 (false 0031) 0030: 06 00 00 00050001 ret ERRNO(1) 0031: 15 00 01 000000b6 jeq putpmsg 0032 (false 0033) 0032: 06 00 00 00050001 ret ERRNO(1) 0033: 15 00 01 000000b2 jeq query_module 0034 (false 0035) 0034: 06 00 00 00050001 ret ERRNO(1) 0035: 15 00 01 000000b9 jeq security 0036 (false 0037) 0036: 06 00 00 00050001 ret ERRNO(1) 0037: 15 00 01 0000008b jeq sysfs 0038 (false 0039) 0038: 06 00 00 00050001 ret ERRNO(1) 0039: 15 00 01 000000b8 jeq tuxcall 003a (false 003b) 003a: 06 00 00 00050001 ret ERRNO(1) 003b: 15 00 01 00000086 jeq uselib 003c (false 003d) 003c: 06 00 00 00050001 ret ERRNO(1) 003d: 15 00 01 00000088 jeq ustat 003e (false 003f) 003e: 06 00 00 00050001 ret ERRNO(1) 003f: 15 00 01 000000ec jeq vserver 0040 (false 0041) 0040: 06 00 00 00050001 ret ERRNO(1) 0041: 15 00 01 000000ad jeq ioperm 0042 (false 0043) 0042: 06 00 00 00050001 ret ERRNO(1) 0043: 15 00 01 000000ac jeq iopl 0044 (false 0045) 0044: 06 00 00 00050001 ret ERRNO(1) 0045: 15 00 01 000000f6 jeq kexec_load 0046 (false 0047) 0046: 06 00 00 00050001 ret ERRNO(1) 0047: 15 00 01 00000140 jeq kexec_file_load 0048 (false 0049) 0048: 06 00 00 00050001 ret ERRNO(1) 0049: 15 00 01 000000a9 jeq reboot 004a (false 004b) 004a: 06 00 00 00050001 ret ERRNO(1) 004b: 15 00 01 000000a7 jeq swapon 004c (false 004d) 004c: 06 00 00 00050001 ret ERRNO(1) 004d: 15 00 01 000000a8 jeq swapoff 004e (false 004f) 004e: 06 00 00 00050001 ret ERRNO(1) 004f: 15 00 01 00000130 jeq open_by_handle_at 0050 (false 0051) 0050: 06 00 00 00050001 ret ERRNO(1) 0051: 15 00 01 0000012f jeq name_to_handle_at 0052 (false 0053) 0052: 06 00 00 00050001 ret ERRNO(1) 0053: 15 00 01 000000fb jeq ioprio_set 0054 (false 0055) 0054: 06 00 00 00050001 ret ERRNO(1) 0055: 15 00 01 00000067 jeq syslog 0056 (false 0057) 0056: 06 00 00 00050001 ret ERRNO(1) 0057: 15 00 01 0000012c jeq fanotify_init 0058 (false 0059) 0058: 06 00 00 00050001 ret ERRNO(1) 0059: 15 00 01 00000138 jeq kcmp 005a (false 005b) 005a: 06 00 00 00050001 ret ERRNO(1) 005b: 15 00 01 000000f8 jeq add_key 005c (false 005d) 005c: 06 00 00 00050001 ret ERRNO(1) 005d: 15 00 01 000000f9 jeq request_key 005e (false 005f) 005e: 06 00 00 00050001 ret ERRNO(1) 005f: 15 00 01 000000ed jeq mbind 0060 (false 0061) 0060: 06 00 00 00050001 ret ERRNO(1) 0061: 15 00 01 00000100 jeq migrate_pages 0062 (false 0063) 0062: 06 00 00 00050001 ret ERRNO(1) 0063: 15 00 01 00000117 jeq move_pages 0064 (false 0065) 0064: 06 00 00 00050001 ret ERRNO(1) 0065: 15 00 01 000000fa jeq keyctl 0066 (false 0067) 0066: 06 00 00 00050001 ret ERRNO(1) 0067: 15 00 01 000000ce jeq io_setup 0068 (false 0069) 0068: 06 00 00 00050001 ret ERRNO(1) 0069: 15 00 01 000000cf jeq io_destroy 006a (false 006b) 006a: 06 00 00 00050001 ret ERRNO(1) 006b: 15 00 01 000000d0 jeq io_getevents 006c (false 006d) 006c: 06 00 00 00050001 ret ERRNO(1) 006d: 15 00 01 000000d1 jeq io_submit 006e (false 006f) 006e: 06 00 00 00050001 ret ERRNO(1) 006f: 15 00 01 000000d2 jeq io_cancel 0070 (false 0071) 0070: 06 00 00 00050001 ret ERRNO(1) 0071: 15 00 01 000000d8 jeq remap_file_pages 0072 (false 0073) 0072: 06 00 00 00050001 ret ERRNO(1) 0073: 15 00 01 00000143 jeq userfaultfd 0074 (false 0075) 0074: 06 00 00 00050001 ret ERRNO(1) 0075: 15 00 01 000000a3 jeq acct 0076 (false 0077) 0076: 06 00 00 00050001 ret ERRNO(1) 0077: 15 00 01 00000141 jeq bpf 0078 (false 0079) 0078: 06 00 00 00050001 ret ERRNO(1) 0079: 15 00 01 000000b4 jeq nfsservctl 007a (false 007b) 007a: 06 00 00 00050001 ret ERRNO(1) 007b: 15 00 01 000000ab jeq setdomainname 007c (false 007d) 007c: 06 00 00 00050001 ret ERRNO(1) 007d: 15 00 01 000000aa jeq sethostname 007e (false 007f) 007e: 06 00 00 00050001 ret ERRNO(1) 007f: 15 00 01 00000099 jeq vhangup 0080 (false 0081) 0080: 06 00 00 00050001 ret ERRNO(1) 0081: 15 00 01 00000065 jeq ptrace 0082 (false 0083) 0082: 06 00 00 00050001 ret ERRNO(1) 0083: 15 00 01 00000087 jeq personality 0084 (false 0085) 0084: 06 00 00 00050001 ret ERRNO(1) 0085: 15 00 01 00000136 jeq process_vm_readv 0086 (false 0087) 0086: 06 00 00 00050001 ret ERRNO(1) 0087: 06 00 00 7fff0000 ret ALLOW seccomp filter configured Mounting read-only /run/firejail/mnt/seccomp 1775 1371 0:93 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755 mountid=1775 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs Seccomp directory: ls /run/firejail/mnt/seccomp drwxr-xr-x root root 160 . drwxr-xr-x root root 420 .. -rw-r--r-- mdomann mdomann 1088 seccomp -rw-r--r-- mdomann mdomann 808 seccomp.32 -rw-r--r-- mdomann mdomann 114 seccomp.list -rw-r--r-- mdomann mdomann 0 seccomp.postexec -rw-r--r-- mdomann mdomann 0 seccomp.postexec32 -rw-r--r-- mdomann mdomann 176 seccomp.protocol Active seccomp files: cat /run/firejail/mnt/seccomp/seccomp.list /run/firejail/mnt/seccomp/seccomp.protocol /run/firejail/mnt/seccomp/seccomp.32 /run/firejail/mnt/seccomp/seccomp Dropping all capabilities noroot user namespace installed Dropping all capabilities NO_NEW_PRIVS set Drop privileges: pid 1, uid 1000, gid 1000, nogroups 1 No supplementary groups starting application LD_PRELOAD=(null) execvp argument 0: firefox Child process initialized in 79.72 ms Searching $PATH for firefox trying #/home/mdomann/.cargo/bin/firefox# trying #/usr/local/bin/firefox# trying #/usr/bin/firefox# trying #/bin/firefox# trying #/usr/local/games/firefox# trying #/usr/games/firefox# trying #/sbin/firefox# trying #/usr/local/sbin/firefox# trying #/home/mdomann/.scripte/firefox# trying #/usr/sbin/firefox# trying #/home/mdomann/.scripte/backup/firefox# trying #/home/mdomann/.dotfiles/bin//firefox# trying #/home/mdomann/.local/bin/firefox# trying #/home/mdomann/handy/android_home_tools/android-sdk-linux/platform-tools//firefox# trying #/home/mdomann/handy/android_home_tools/android-sdk-linux/tools//firefox# trying #/home/mdomann/.scripte/backup/firefox# trying #/home/mdomann/handy/android_home_tools/android-sdk-linux/tools/bin/firefox# trying #/home/mdomann/source/go/bin/firefox# Error: no suitable firefox executable found monitoring pid 12 Sandbox monitor: waitpid 12 retval 12 status 256 Parent is shutting down, bye... ```

firefox or no other binary will be startet. firefox works with noprifile. I have firejail version 0.9.64 from debian unstable. I try to resolv this on my own:

1. commentig out firefox-comon.profile doesn't work
2. testing by commenting out all includes and oter option in firefox-common.profile doesn't work to. I think I need some advice.

---

EDIT by @rusty-snake: code-block and details tags for debug output.

[rusty-snake]

Reading profile /home/mdomann/.config/firejail/firefox.local

What's in it? Has you uncommented private-etc or private-bin? If it still fails, add the following at the very top of firefox.profile and try again.

ignore whitelist /usr/share
ignore whitelist ${HOME}
ignore dbus-user filter
ignore include firefox-common.profile

If it works now remove one and try again to find which it is.

[Micha-Btz]

Ahrg. it's my fault. I have added private-bin keepassxc-proxy to my firefox.local, which breaks the setup. I definitely need to create a roadmap for such test for me. Can be closed. Thanks a lot.