keepassxc: cannot communicate with ungoogled-chromium

[rakshazi]

Hello, i'm using ungoogled-chromium and keepassxc with browser integration. After enabling firejail, browser integration no longer works.

Bug and expected behavior Chrome extension "KeepassXC Browser" can't connect to keepassxc.

Expected behaviour: extension should be able to work

No profile and disabling firejail

firejail --noprofile /usr/bin/keepassxc

works

Reproduce Steps to reproduce the behavior:

1. Run in bash firejail keepassxc
2. See error in browser extension

Environment

LSB Version:    n/a
Distributor ID: ManjaroLinux
Description:    Manjaro Linux
Release:    20.2.1
Codename:   Nibia

firejail version 0.9.64

Compile time support:
    - AppArmor support is enabled
    - AppImage support is enabled
    - chroot support is enabled
    - D-BUS proxy support is enabled
    - file and directory whitelisting support is enabled
    - file transfer support is enabled
    - firetunnel support is enabled
    - networking support is enabled
    - overlayfs support is enabled
    - private-home support is enabled
    - SELinux support is disabled
    - user namespace support is enabled
    - X11 sandboxing support is enabled

Additional context N/A

Checklist

• [X] The profile (and redirect profile if exists) hasn't already been fixed upstream.
• [X] The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
• [X] I have performed a short search for similar issues (to avoid opening a duplicate). and didn't found the way to fix it
• [ ] If it is a AppImage, --profile=PROFILENAME is used to set the right profile.
• [X] Used LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 PROGRAM to get english error-messages.
• [ ] I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.

debug output

``` Autoselecting /bin/bash as shell Building quoted command line: '/bin/keepassxc' Command name #keepassxc# Found keepassxc.profile profile in /etc/firejail directory Reading profile /etc/firejail/keepassxc.profile Found disable-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-common.inc Found disable-devel.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-devel.inc Found disable-exec.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-exec.inc Found disable-interpreters.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-interpreters.inc Found disable-passwdmgr.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-passwdmgr.inc Found disable-programs.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-programs.inc Found disable-shell.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-shell.inc Found disable-xdg.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-xdg.inc Found whitelist-usr-share-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-usr-share-common.inc Found whitelist-var-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-var-common.inc DISPLAY=:0.0 parsed as 0 xdg-dbus-proxy arg: unix:path=/run/user/1000/bus xdg-dbus-proxy arg: /run/firejail/dbus/1000/17263-user xdg-dbus-proxy arg: --filter xdg-dbus-proxy arg: --talk=com.canonical.Unity.Session xdg-dbus-proxy arg: --talk=org.freedesktop.ScreenSaver xdg-dbus-proxy arg: --talk=org.freedesktop.login1.Manager xdg-dbus-proxy arg: --talk=org.freedesktop.login1.Session xdg-dbus-proxy arg: --talk=org.gnome.ScreenSaver xdg-dbus-proxy arg: --talk=org.gnome.SessionManager xdg-dbus-proxy arg: --talk=org.gnome.SessionManager.Presence starting xdg-dbus-proxy sbox exec: /usr/bin/xdg-dbus-proxy --fd=8 --args=9 Dropping all capabilities Drop privileges: pid 17264, uid 1000, gid 1001, nogroups 1 No supplementary groups xdg-dbus-proxy initialized Parent pid 17263, child pid 17266 Initializing child process PID namespace installed Mounting tmpfs on /run/firejail/mnt directory Creating empty /run/firejail/mnt/seccomp directory Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file sbox run: /run/firejail/lib/fnet ifup lo Set caps filter 3000 Network namespace enabled, only loopback interface available Build protocol filter: unix,netlink sbox run: /run/firejail/lib/fseccomp protocol build unix,netlink /run/firejail/mnt/seccomp/seccomp.protocol Dropping all capabilities Drop privileges: pid 3, uid 1000, gid 1001, nogroups 1 No supplementary groups Mounting /proc filesystem representing the PID namespace Basic read-only filesystem: Mounting read-only /etc 1582 1541 254:0 /etc /etc ro,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1582 fsname=/etc dir=/etc fstype=ext4 Mounting noexec /etc 1583 1582 254:0 /etc /etc ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1583 fsname=/etc dir=/etc fstype=ext4 Mounting read-only /var 1584 1541 254:0 /var /var ro,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1584 fsname=/var dir=/var fstype=ext4 Mounting noexec /var 1585 1584 254:0 /var /var ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1585 fsname=/var dir=/var fstype=ext4 Mounting read-only /usr 1586 1541 254:0 /usr /usr ro,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1586 fsname=/usr dir=/usr fstype=ext4 Mounting tmpfs on /var/lock Mounting tmpfs on /var/tmp Mounting tmpfs on /var/log Create the new utmp file Mount the new utmp file Generating a new machine-id installing a new /etc/machine-id Cleaning /home directory Cleaning /run/user directory Sanitizing /etc/passwd, UID_MIN 1000 Sanitizing /etc/group, GID_MIN 1000 Disable /run/firejail/network Disable /run/firejail/bandwidth Disable /run/firejail/name Disable /run/firejail/profile Disable /run/firejail/x11 Mounting tmpfs on /dev Process /dev/shm directory Copying files in the new bin directory Checking /usr/local/bin/keepassxc firejail exec symlink detected Checking /usr/bin/keepassxc sbox run: /run/firejail/lib/fcopy /usr/bin/keepassxc /run/firejail/mnt/bin Checking /usr/local/bin/keepassxc-cli firejail exec symlink detected Checking /usr/bin/keepassxc-cli sbox run: /run/firejail/lib/fcopy /usr/bin/keepassxc-cli /run/firejail/mnt/bin Checking /usr/local/bin/keepassxc-proxy firejail exec symlink detected Checking /usr/bin/keepassxc-proxy sbox run: /run/firejail/lib/fcopy /usr/bin/keepassxc-proxy /run/firejail/mnt/bin Mount-bind /run/firejail/mnt/bin on top of /usr/local/bin Mount-bind /run/firejail/mnt/bin on top of /usr/bin Mount-bind /run/firejail/mnt/bin on top of /bin Mount-bind /run/firejail/mnt/bin on top of /usr/local/games Mount-bind /run/firejail/mnt/bin on top of /usr/local/sbin Mount-bind /run/firejail/mnt/bin on top of /usr/sbin Mount-bind /run/firejail/mnt/bin on top of /sbin 3 programs installed in 15.14 ms Generate private-tmp whitelist commands Creating empty /run/firejail/mnt/dbus directory Creating empty /run/firejail/mnt/dbus/user file blacklist /run/user/1000/bus Creating empty /run/firejail/mnt/dbus/system file blacklist /run/dbus/system_bus_socket blacklist /run/firejail/dbus Mounting read-only /proc/sys Remounting /sys directory Disable /sys/firmware Disable /sys/hypervisor Disable /sys/power Disable /sys/kernel/debug Disable /sys/kernel/vmcoreinfo Disable /proc/sys/fs/binfmt_misc Disable /proc/sys/kernel/core_pattern Disable /proc/sys/kernel/modprobe Disable /proc/sysrq-trigger Disable /proc/sys/vm/panic_on_oom Disable /proc/irq Disable /proc/bus Disable /proc/sched_debug Disable /proc/timer_list Disable /proc/kcore Disable /proc/kallsyms Disable /usr/lib/modules (requested /lib/modules) Disable /boot Disable /run/user/1000/gnupg Disable /run/user/1000/systemd Disable /proc/kmsg Copying files in the new /etc directory: Warning: file /etc/alternatives not found. Warning: skipping alternatives for private /etc copying /etc/fonts to private /etc Creating empty /run/firejail/mnt/etc/fonts directory sbox run: /run/firejail/lib/fcopy /etc/fonts /run/firejail/mnt/etc/fonts copying /etc/ld.so.cache to private /etc sbox run: /run/firejail/lib/fcopy /etc/ld.so.cache /run/firejail/mnt/etc copying /etc/machine-id to private /etc sbox run: /run/firejail/lib/fcopy /etc/machine-id /run/firejail/mnt/etc Mount-bind /run/firejail/mnt/etc on top of /etc Private /etc installed in 3.21 ms Copying files in the new /usr/etc directory: Warning: file /usr/etc/alternatives not found. Warning: skipping alternatives for private /usr/etc Warning: file /usr/etc/fonts not found. Warning: skipping fonts for private /usr/etc Warning: file /usr/etc/ld.so.cache not found. Warning: skipping ld.so.cache for private /usr/etc Warning: file /usr/etc/machine-id not found. Warning: skipping machine-id for private /usr/etc Mount-bind /run/firejail/mnt/usretc on top of /usr/etc Private /usr/etc installed in 0.09 ms Creating an empty /etc/ld.so.preload file Debug 456: new_name #/usr/share/keepassxc#, whitelist Debug 456: new_name #/usr/share/alsa#, whitelist Debug 456: new_name #/usr/share/applications#, whitelist Debug 456: new_name #/usr/share/ca-certificates#, whitelist Debug 456: new_name #/usr/share/crypto-policies#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/crypto-policies expanded: /usr/share/crypto-policies real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/cursors#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/cursors expanded: /usr/share/cursors real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/dconf#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/dconf expanded: /usr/share/dconf real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/distro-info#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/distro-info expanded: /usr/share/distro-info real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/drirc.d#, whitelist Debug 456: new_name #/usr/share/enchant#, whitelist Debug 456: new_name #/usr/share/enchant-2#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/enchant-2 expanded: /usr/share/enchant-2 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/file#, whitelist Debug 456: new_name #/usr/share/fontconfig#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/fontconfig expanded: /usr/share/fontconfig real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/fonts#, whitelist Debug 456: new_name #/usr/share/gir-1.0#, whitelist Debug 456: new_name #/usr/share/gjs-1.0#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/gjs-1.0 expanded: /usr/share/gjs-1.0 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/glib-2.0#, whitelist Debug 456: new_name #/usr/share/glvnd#, whitelist Debug 456: new_name #/usr/share/gtk-2.0#, whitelist Debug 456: new_name #/usr/share/gtk-3.0#, whitelist Debug 456: new_name #/usr/share/gtk-engines#, whitelist Debug 456: new_name #/usr/share/gtksourceview-3.0#, whitelist Debug 456: new_name #/usr/share/gtksourceview-4#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/gtksourceview-4 expanded: /usr/share/gtksourceview-4 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/hunspell#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/hunspell expanded: /usr/share/hunspell real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/hwdata#, whitelist Debug 456: new_name #/usr/share/icons#, whitelist Debug 456: new_name #/usr/share/icu#, whitelist Debug 456: new_name #/usr/share/knotifications5#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/knotifications5 expanded: /usr/share/knotifications5 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/kservices5#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/kservices5 expanded: /usr/share/kservices5 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/Kvantum#, whitelist Debug 456: new_name #/usr/share/kxmlgui5#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/kxmlgui5 expanded: /usr/share/kxmlgui5 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/libdrm#, whitelist Debug 456: new_name #/usr/share/libthai#, whitelist Debug 456: new_name #/usr/share/locale#, whitelist Debug 456: new_name #/usr/share/mime#, whitelist Debug 456: new_name #/usr/share/misc#, whitelist Debug 456: new_name #/usr/share/Modules#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/Modules expanded: /usr/share/Modules real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/myspell#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/myspell expanded: /usr/share/myspell real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/p11-kit#, whitelist Debug 456: new_name #/usr/share/perl#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/perl expanded: /usr/share/perl real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/perl5#, whitelist Debug 456: new_name #/usr/share/pixmaps#, whitelist Debug 456: new_name #/usr/share/pki#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/pki expanded: /usr/share/pki real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/plasma#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/plasma expanded: /usr/share/plasma real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/publicsuffix#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/publicsuffix expanded: /usr/share/publicsuffix real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/qt#, whitelist Debug 456: new_name #/usr/share/qt4#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/qt4 expanded: /usr/share/qt4 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/qt5#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/qt5 expanded: /usr/share/qt5 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/qt5ct#, whitelist Debug 456: new_name #/usr/share/sounds#, whitelist Debug 456: new_name #/usr/share/tcl8.6#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/tcl8.6 expanded: /usr/share/tcl8.6 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/tcltk#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/tcltk expanded: /usr/share/tcltk real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/terminfo#, whitelist Debug 456: new_name #/usr/share/texlive#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/texlive expanded: /usr/share/texlive real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/texmf#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/texmf expanded: /usr/share/texmf real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/themes#, whitelist Debug 456: new_name #/usr/share/thumbnail.so#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/thumbnail.so expanded: /usr/share/thumbnail.so real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/X11#, whitelist Debug 456: new_name #/usr/share/xml#, whitelist Debug 456: new_name #/usr/share/zoneinfo#, whitelist Debug 456: new_name #/var/lib/ca-certificates#, whitelist Removed whitelist/nowhitelist path: whitelist /var/lib/ca-certificates expanded: /var/lib/ca-certificates real path: (null) realpath: No such file or directory Debug 456: new_name #/var/lib/dbus#, whitelist Debug 456: new_name #/var/lib/menu-xdg#, whitelist Removed whitelist/nowhitelist path: whitelist /var/lib/menu-xdg expanded: /var/lib/menu-xdg real path: (null) realpath: No such file or directory Debug 456: new_name #/var/lib/uim#, whitelist Removed whitelist/nowhitelist path: whitelist /var/lib/uim expanded: /var/lib/uim real path: (null) realpath: No such file or directory Debug 456: new_name #/var/cache/fontconfig#, whitelist Debug 456: new_name #/var/tmp#, whitelist Debug 456: new_name #/var/run#, whitelist Replaced whitelist path: whitelist /run Debug 456: new_name #/var/lock#, whitelist Replaced whitelist path: whitelist /run/lock Debug 456: new_name #/tmp/.X11-unix#, whitelist Mounting tmpfs on /tmp directory Mounting tmpfs on /var directory Mounting tmpfs on /usr/share directory Whitelisting /usr/share/keepassxc 1646 1645 254:0 /usr/share/keepassxc /usr/share/keepassxc ro,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1646 fsname=/usr/share/keepassxc dir=/usr/share/keepassxc fstype=ext4 Whitelisting /usr/share/alsa 1647 1645 254:0 /usr/share/alsa /usr/share/alsa ro,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1647 fsname=/usr/share/alsa dir=/usr/share/alsa fstype=ext4 Whitelisting /usr/share/applications 1648 1645 254:0 /usr/share/applications /usr/share/applications ro,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1648 fsname=/usr/share/applications dir=/usr/share/applications fstype=ext4 Whitelisting /usr/share/ca-certificates 1649 1645 254:0 /usr/share/ca-certificates /usr/share/ca-certificates ro,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1649 fsname=/usr/share/ca-certificates dir=/usr/share/ca-certificates fstype=ext4 Whitelisting /usr/share/drirc.d 1650 1645 254:0 /usr/share/drirc.d /usr/share/drirc.d ro,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1650 fsname=/usr/share/drirc.d dir=/usr/share/drirc.d fstype=ext4 Whitelisting /usr/share/enchant 1651 1645 254:0 /usr/share/enchant /usr/share/enchant ro,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1651 fsname=/usr/share/enchant dir=/usr/share/enchant fstype=ext4 Whitelisting /usr/share/file 1652 1645 254:0 /usr/share/file /usr/share/file ro,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1652 fsname=/usr/share/file dir=/usr/share/file fstype=ext4 Whitelisting /usr/share/fonts 1653 1645 254:0 /usr/share/fonts /usr/share/fonts ro,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1653 fsname=/usr/share/fonts dir=/usr/share/fonts fstype=ext4 Whitelisting /usr/share/gir-1.0 1654 1645 254:0 /usr/share/gir-1.0 /usr/share/gir-1.0 ro,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1654 fsname=/usr/share/gir-1.0 dir=/usr/share/gir-1.0 fstype=ext4 Whitelisting /usr/share/glib-2.0 1655 1645 254:0 /usr/share/glib-2.0 /usr/share/glib-2.0 ro,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1655 fsname=/usr/share/glib-2.0 dir=/usr/share/glib-2.0 fstype=ext4 Whitelisting /usr/share/glvnd 1656 1645 254:0 /usr/share/glvnd /usr/share/glvnd ro,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1656 fsname=/usr/share/glvnd dir=/usr/share/glvnd fstype=ext4 Whitelisting /usr/share/gtk-2.0 1657 1645 254:0 /usr/share/gtk-2.0 /usr/share/gtk-2.0 ro,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1657 fsname=/usr/share/gtk-2.0 dir=/usr/share/gtk-2.0 fstype=ext4 Whitelisting /usr/share/gtk-3.0 1658 1645 254:0 /usr/share/gtk-3.0 /usr/share/gtk-3.0 ro,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1658 fsname=/usr/share/gtk-3.0 dir=/usr/share/gtk-3.0 fstype=ext4 Whitelisting /usr/share/gtk-engines 1659 1645 254:0 /usr/share/gtk-engines /usr/share/gtk-engines ro,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1659 fsname=/usr/share/gtk-engines dir=/usr/share/gtk-engines fstype=ext4 Whitelisting /usr/share/gtksourceview-3.0 1660 1645 254:0 /usr/share/gtksourceview-3.0 /usr/share/gtksourceview-3.0 ro,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1660 fsname=/usr/share/gtksourceview-3.0 dir=/usr/share/gtksourceview-3.0 fstype=ext4 Whitelisting /usr/share/hwdata 1661 1645 254:0 /usr/share/hwdata /usr/share/hwdata ro,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1661 fsname=/usr/share/hwdata dir=/usr/share/hwdata fstype=ext4 Whitelisting /usr/share/icons 1662 1645 254:0 /usr/share/icons /usr/share/icons ro,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1662 fsname=/usr/share/icons dir=/usr/share/icons fstype=ext4 Whitelisting /usr/share/icu 1663 1645 254:0 /usr/share/icu /usr/share/icu ro,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1663 fsname=/usr/share/icu dir=/usr/share/icu fstype=ext4 Whitelisting /usr/share/Kvantum 1664 1645 254:0 /usr/share/Kvantum /usr/share/Kvantum ro,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1664 fsname=/usr/share/Kvantum dir=/usr/share/Kvantum fstype=ext4 Whitelisting /usr/share/libdrm 1665 1645 254:0 /usr/share/libdrm /usr/share/libdrm ro,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1665 fsname=/usr/share/libdrm dir=/usr/share/libdrm fstype=ext4 Whitelisting /usr/share/libthai 1666 1645 254:0 /usr/share/libthai /usr/share/libthai ro,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1666 fsname=/usr/share/libthai dir=/usr/share/libthai fstype=ext4 Whitelisting /usr/share/locale 1667 1645 254:0 /usr/share/locale /usr/share/locale ro,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1667 fsname=/usr/share/locale dir=/usr/share/locale fstype=ext4 Whitelisting /usr/share/mime 1668 1645 254:0 /usr/share/mime /usr/share/mime ro,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1668 fsname=/usr/share/mime dir=/usr/share/mime fstype=ext4 Whitelisting /usr/share/misc 1669 1645 254:0 /usr/share/misc /usr/share/misc ro,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1669 fsname=/usr/share/misc dir=/usr/share/misc fstype=ext4 Whitelisting /usr/share/p11-kit 1670 1645 254:0 /usr/share/p11-kit /usr/share/p11-kit ro,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1670 fsname=/usr/share/p11-kit dir=/usr/share/p11-kit fstype=ext4 Whitelisting /usr/share/perl5 1671 1645 254:0 /usr/share/perl5 /usr/share/perl5 ro,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1671 fsname=/usr/share/perl5 dir=/usr/share/perl5 fstype=ext4 Whitelisting /usr/share/pixmaps 1672 1645 254:0 /usr/share/pixmaps /usr/share/pixmaps ro,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1672 fsname=/usr/share/pixmaps dir=/usr/share/pixmaps fstype=ext4 Whitelisting /usr/share/qt 1673 1645 254:0 /usr/share/qt /usr/share/qt ro,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1673 fsname=/usr/share/qt dir=/usr/share/qt fstype=ext4 Whitelisting /usr/share/qt5ct 1674 1645 254:0 /usr/share/qt5ct /usr/share/qt5ct ro,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1674 fsname=/usr/share/qt5ct dir=/usr/share/qt5ct fstype=ext4 Whitelisting /usr/share/sounds 1675 1645 254:0 /usr/share/sounds /usr/share/sounds ro,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1675 fsname=/usr/share/sounds dir=/usr/share/sounds fstype=ext4 Whitelisting /usr/share/terminfo 1676 1645 254:0 /usr/share/terminfo /usr/share/terminfo ro,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1676 fsname=/usr/share/terminfo dir=/usr/share/terminfo fstype=ext4 Whitelisting /usr/share/themes 1677 1645 254:0 /usr/share/themes /usr/share/themes ro,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1677 fsname=/usr/share/themes dir=/usr/share/themes fstype=ext4 Whitelisting /usr/share/X11 1678 1645 254:0 /usr/share/X11 /usr/share/X11 ro,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1678 fsname=/usr/share/X11 dir=/usr/share/X11 fstype=ext4 Whitelisting /usr/share/xml 1679 1645 254:0 /usr/share/xml /usr/share/xml ro,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1679 fsname=/usr/share/xml dir=/usr/share/xml fstype=ext4 Whitelisting /usr/share/zoneinfo 1680 1645 254:0 /usr/share/zoneinfo /usr/share/zoneinfo ro,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1680 fsname=/usr/share/zoneinfo dir=/usr/share/zoneinfo fstype=ext4 Whitelisting /var/lib/dbus 1681 1643 254:0 /var/lib/dbus /var/lib/dbus ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1681 fsname=/var/lib/dbus dir=/var/lib/dbus fstype=ext4 Whitelisting /var/cache/fontconfig 1682 1643 254:0 /var/cache/fontconfig /var/cache/fontconfig ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1682 fsname=/var/cache/fontconfig dir=/var/cache/fontconfig fstype=ext4 Whitelisting /var/tmp 1683 1643 0:93 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw,inode64 mountid=1683 fsname=/ dir=/var/tmp fstype=tmpfs Created symbolic link /var/run -> /run Created symbolic link /var/lock -> /run/lock Whitelisting /tmp/.X11-unix 1684 1639 0:46 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev master:31 - tmpfs tmpfs rw,nr_inodes=409600,inode64 mountid=1684 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Directory ${DOCUMENTS} resolved as Documents Disable /home/rakshazi/.bash_history Disable /home/rakshazi/.tig_history Disable /home/rakshazi/.sqlite_history Disable /home/rakshazi/.lesshst Disable /home/rakshazi/.config/autostart Disable /home/rakshazi/.xinitrc Mounting read-only /home/rakshazi/.Xauthority 1694 1595 254:0 /home/rakshazi/.Xauthority /home/rakshazi/.Xauthority ro,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1694 fsname=/home/rakshazi/.Xauthority dir=/home/rakshazi/.Xauthority fstype=ext4 Mounting read-only /home/rakshazi/.config/dconf 1695 1595 254:0 /home/rakshazi/.config/dconf /home/rakshazi/.config/dconf ro,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1695 fsname=/home/rakshazi/.config/dconf dir=/home/rakshazi/.config/dconf fstype=ext4 Disable /home/rakshazi/.config/systemd Disable /run/user/1000/systemd Disable /run/docker.sock (requested /var/run/docker.sock) Mounting read-only /home/rakshazi/.bash_logout 1699 1595 254:0 /home/rakshazi/.bash_logout /home/rakshazi/.bash_logout ro,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1699 fsname=/home/rakshazi/.bash_logout dir=/home/rakshazi/.bash_logout fstype=ext4 Mounting read-only /home/rakshazi/.bash_profile 1700 1595 254:0 /home/rakshazi/.bash_profile /home/rakshazi/.bash_profile ro,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1700 fsname=/home/rakshazi/.bash_profile dir=/home/rakshazi/.bash_profile fstype=ext4 Mounting read-only /home/rakshazi/.bashrc 1701 1595 254:0 /home/rakshazi/.bashrc /home/rakshazi/.bashrc ro,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1701 fsname=/home/rakshazi/.bashrc dir=/home/rakshazi/.bashrc fstype=ext4 Mounting read-only /home/rakshazi/.profile 1702 1595 254:0 /home/rakshazi/.profile /home/rakshazi/.profile ro,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1702 fsname=/home/rakshazi/.profile dir=/home/rakshazi/.profile fstype=ext4 Mounting read-only /home/rakshazi/.gem 1703 1595 254:0 /home/rakshazi/.gem /home/rakshazi/.gem ro,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1703 fsname=/home/rakshazi/.gem dir=/home/rakshazi/.gem fstype=ext4 Mounting read-only /home/rakshazi/.cloud/bin 1704 1595 254:0 /home/rakshazi/.cloud/bin /home/rakshazi/.cloud/bin ro,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1704 fsname=/home/rakshazi/.cloud/bin dir=/home/rakshazi/.cloud/bin fstype=ext4 Mounting read-only /home/rakshazi/.config/menus 1705 1595 254:0 /home/rakshazi/.config/menus /home/rakshazi/.config/menus ro,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1705 fsname=/home/rakshazi/.config/menus dir=/home/rakshazi/.config/menus fstype=ext4 Mounting read-only /home/rakshazi/.gnome/apps 1706 1595 254:0 /home/rakshazi/.gnome/apps /home/rakshazi/.gnome/apps ro,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1706 fsname=/home/rakshazi/.gnome/apps dir=/home/rakshazi/.gnome/apps fstype=ext4 Mounting read-only /home/rakshazi/.local/share/applications 1707 1595 254:0 /home/rakshazi/.local/share/applications /home/rakshazi/.local/share/applications ro,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1707 fsname=/home/rakshazi/.local/share/applications dir=/home/rakshazi/.local/share/applications fstype=ext4 Mounting read-only /home/rakshazi/.config/mimeapps.list 1708 1595 254:0 /home/rakshazi/.config/mimeapps.list /home/rakshazi/.config/mimeapps.list ro,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1708 fsname=/home/rakshazi/.config/mimeapps.list dir=/home/rakshazi/.config/mimeapps.list fstype=ext4 Mounting read-only /home/rakshazi/.config/user-dirs.dirs 1709 1595 254:0 /home/rakshazi/.config/user-dirs.dirs /home/rakshazi/.config/user-dirs.dirs ro,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1709 fsname=/home/rakshazi/.config/user-dirs.dirs dir=/home/rakshazi/.config/user-dirs.dirs fstype=ext4 Mounting read-only /home/rakshazi/.config/user-dirs.locale 1710 1595 254:0 /home/rakshazi/.config/user-dirs.locale /home/rakshazi/.config/user-dirs.locale ro,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1710 fsname=/home/rakshazi/.config/user-dirs.locale dir=/home/rakshazi/.config/user-dirs.locale fstype=ext4 Not blacklist /home/rakshazi/*.kdb Not blacklist /home/rakshazi/*.kdbx Disable /home/rakshazi/.private/.gnupg (requested /home/rakshazi/.gnupg) Disable /home/rakshazi/.local/share/keyrings Disable /home/rakshazi/.pki Disable /home/rakshazi/.local/share/pki Disable /home/rakshazi/.private/.ssh (requested /home/rakshazi/.ssh) Disable /home/rakshazi/.aws Warning: /sbin directory link was not blacklisted Disable /usr/local/sbin Warning: /usr/sbin directory link was not blacklisted Disable /home/rakshazi/.cache/flatpak Disable /home/rakshazi/.local/share/flatpak/.changed Disable /home/rakshazi/.local/share/flatpak/db Disable /home/rakshazi/.local/share/flatpak/repo Disable /home/rakshazi/.var Disable /run/user/1000/app Debug: no access to file /run/user/1000/doc, forcing mount Disable /run/user/1000/doc Disable /run/user/1000/.dbus-proxy Disable /run/user/1000/.flatpak Disable /run/user/1000/.flatpak-helper Disable /proc/config.gz Disable /run/user/1000/pipewire-0.lock Disable /usr/lib/jvm/java-8-openjdk/jre/bin/java (requested /usr/lib/jvm/default/bin/java) Disable /usr/lib/jvm/java-8-openjdk/bin/javac (requested /usr/lib/jvm/default/bin/javac) Disable /usr/src Disable /usr/local/src Disable /usr/include Disable /usr/local/include Mounting noexec /home/rakshazi 1768 1736 0:24 /firejail/firejail.ro.dir /home/rakshazi/.var rw,nosuid,nodev,relatime master:14 - tmpfs run rw,mode=755,inode64 mountid=1768 fsname=/firejail/firejail.ro.dir dir=/home/rakshazi/.var fstype=tmpfs Mounting noexec /home/rakshazi/.Xauthority 1769 1743 254:0 /home/rakshazi/.Xauthority /home/rakshazi/.Xauthority ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1769 fsname=/home/rakshazi/.Xauthority dir=/home/rakshazi/.Xauthority fstype=ext4 Mounting noexec /home/rakshazi/.config/dconf 1770 1744 254:0 /home/rakshazi/.config/dconf /home/rakshazi/.config/dconf ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1770 fsname=/home/rakshazi/.config/dconf dir=/home/rakshazi/.config/dconf fstype=ext4 Mounting noexec /home/rakshazi/.bash_logout 1771 1746 254:0 /home/rakshazi/.bash_logout /home/rakshazi/.bash_logout ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1771 fsname=/home/rakshazi/.bash_logout dir=/home/rakshazi/.bash_logout fstype=ext4 Mounting noexec /home/rakshazi/.bash_profile 1772 1747 254:0 /home/rakshazi/.bash_profile /home/rakshazi/.bash_profile ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1772 fsname=/home/rakshazi/.bash_profile dir=/home/rakshazi/.bash_profile fstype=ext4 Mounting noexec /home/rakshazi/.bashrc 1773 1748 254:0 /home/rakshazi/.bashrc /home/rakshazi/.bashrc ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1773 fsname=/home/rakshazi/.bashrc dir=/home/rakshazi/.bashrc fstype=ext4 Mounting noexec /home/rakshazi/.profile 1774 1749 254:0 /home/rakshazi/.profile /home/rakshazi/.profile ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1774 fsname=/home/rakshazi/.profile dir=/home/rakshazi/.profile fstype=ext4 Mounting noexec /home/rakshazi/.gem 1775 1750 254:0 /home/rakshazi/.gem /home/rakshazi/.gem ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1775 fsname=/home/rakshazi/.gem dir=/home/rakshazi/.gem fstype=ext4 Mounting noexec /home/rakshazi/.cloud/bin 1776 1751 254:0 /home/rakshazi/.cloud/bin /home/rakshazi/.cloud/bin ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1776 fsname=/home/rakshazi/.cloud/bin dir=/home/rakshazi/.cloud/bin fstype=ext4 Mounting noexec /home/rakshazi/.config/menus 1777 1752 254:0 /home/rakshazi/.config/menus /home/rakshazi/.config/menus ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1777 fsname=/home/rakshazi/.config/menus dir=/home/rakshazi/.config/menus fstype=ext4 Mounting noexec /home/rakshazi/.gnome/apps 1778 1753 254:0 /home/rakshazi/.gnome/apps /home/rakshazi/.gnome/apps ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1778 fsname=/home/rakshazi/.gnome/apps dir=/home/rakshazi/.gnome/apps fstype=ext4 Mounting noexec /home/rakshazi/.local/share/applications 1779 1754 254:0 /home/rakshazi/.local/share/applications /home/rakshazi/.local/share/applications ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1779 fsname=/home/rakshazi/.local/share/applications dir=/home/rakshazi/.local/share/applications fstype=ext4 Mounting noexec /home/rakshazi/.config/mimeapps.list 1780 1755 254:0 /home/rakshazi/.config/mimeapps.list /home/rakshazi/.config/mimeapps.list ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1780 fsname=/home/rakshazi/.config/mimeapps.list dir=/home/rakshazi/.config/mimeapps.list fstype=ext4 Mounting noexec /home/rakshazi/.config/user-dirs.dirs 1781 1756 254:0 /home/rakshazi/.config/user-dirs.dirs /home/rakshazi/.config/user-dirs.dirs ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1781 fsname=/home/rakshazi/.config/user-dirs.dirs dir=/home/rakshazi/.config/user-dirs.dirs fstype=ext4 Mounting noexec /home/rakshazi/.config/user-dirs.locale 1782 1757 254:0 /home/rakshazi/.config/user-dirs.locale /home/rakshazi/.config/user-dirs.locale ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/mapper/luks-23063ef1-0dfa-487d-9f8f-6d1e465bfc14 rw mountid=1782 fsname=/home/rakshazi/.config/user-dirs.locale dir=/home/rakshazi/.config/user-dirs.locale fstype=ext4 Mounting noexec /run/user/1000 1795 1783 0:24 /firejail/firejail.ro.file /run/user/1000/pipewire-0.lock rw,nosuid,nodev,relatime master:14 - tmpfs run rw,mode=755,inode64 mountid=1795 fsname=/firejail/firejail.ro.file dir=/run/user/1000/pipewire-0.lock fstype=tmpfs Warning: not remounting /run/user/1000/gvfs Mounting noexec /run/user/1000/doc 1796 1786 0:24 /firejail/firejail.ro.dir /run/user/1000/doc rw,nosuid,nodev,noexec,relatime master:14 - tmpfs run rw,mode=755,inode64 mountid=1796 fsname=/firejail/firejail.ro.dir dir=/run/user/1000/doc fstype=tmpfs Mounting noexec /dev/shm 1797 1618 0:99 /shm /dev/shm rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64 mountid=1797 fsname=/shm dir=/dev/shm fstype=tmpfs Mounting noexec /tmp 1799 1798 0:46 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev master:31 - tmpfs tmpfs rw,nr_inodes=409600,inode64 mountid=1799 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Mounting noexec /tmp/.X11-unix 1800 1799 0:46 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev,noexec master:31 - tmpfs tmpfs rw,nr_inodes=409600,inode64 mountid=1800 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Mounting noexec /var 1804 1801 0:93 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw,inode64 mountid=1804 fsname=/ dir=/var/tmp fstype=tmpfs Disable /usr/lib/libluajit-5.1.so.2.0.5 (requested /usr/lib/libluajit-5.1.so) Disable /usr/lib/libluajit-5.1.so.2.0.5 (requested /usr/lib/libluajit-5.1.so.2) Disable /usr/lib/libluajit-5.1.so.2.0.5 Disable /usr/lib/lua Disable /usr/lib/libmozjs-78.so (requested /usr/lib64/libmozjs-78.so) Disable /usr/lib/libmozjs-68.so (requested /usr/lib64/libmozjs-68.so) Disable /usr/lib/perl5 Disable /usr/share/perl5 Disable /home/rakshazi/.cloud/bin/phpdoc (requested /home/rakshazi/bin/phpdoc) Disable /home/rakshazi/.cloud/bin/php-cs-fixer (requested /home/rakshazi/bin/php-cs-fixer) Disable /home/rakshazi/.cloud/bin/phpunit (requested /home/rakshazi/bin/phpunit) Disable /usr/lib/php Disable /usr/lib/ruby Disable /usr/lib/python2.7 Disable /usr/lib/python3.9 Disable /usr/lib/python3.8 Disable /usr/lib/python3.9 (requested /usr/lib64/python3.9) Disable /usr/lib/python3.8 (requested /usr/lib64/python3.8) Not blacklist /home/rakshazi/.config/keepassxc Not blacklist /home/rakshazi/.keepassxc Disable /home/rakshazi/.cargo/.package-cache Disable /home/rakshazi/.config/BraveSoftware Disable /home/rakshazi/.config/GIMP Disable /home/rakshazi/.config/Mousepad Disable /home/rakshazi/.config/Thunar Disable /home/rakshazi/.config/backintime Disable /home/rakshazi/.config/chromium Disable /home/rakshazi/.config/falkon Disable /home/rakshazi/.config/google-chrome Disable /home/rakshazi/.config/pavucontrol.ini Disable /home/rakshazi/.config/viewnior Disable /home/rakshazi/.config/vivaldi Disable /home/rakshazi/.config/vlc Disable /home/rakshazi/.config/xfce4/xfce4-notes.gtkrc Disable /home/rakshazi/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml Disable /home/rakshazi/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml Disable /home/rakshazi/.config/xfce4-dict Disable /home/rakshazi/.dillo Disable /home/rakshazi/.fltk Disable /home/rakshazi/.cloud/.gitconfig (requested /home/rakshazi/.gitconfig) Disable /home/rakshazi/.local/share/backintime Disable /home/rakshazi/.local/share/notes Not blacklist /home/rakshazi/.mozilla Disable /home/rakshazi/.subversion Disable /home/rakshazi/.tor-browser Disable /home/rakshazi/.w3m Disable /home/rakshazi/.wget-hsts Disable /home/rakshazi/.zoom Disable /home/rakshazi/.cache/babl Disable /home/rakshazi/.cache/chromium Disable /home/rakshazi/.cache/gegl-0.4 Disable /home/rakshazi/.cache/gimp Not blacklist /home/rakshazi/.cache/keepassxc Disable /home/rakshazi/.cache/mozilla Directory ${DOCUMENTS} resolved as Documents Not blacklist /home/rakshazi/Documents Directory ${MUSIC} resolved as Music Disable /home/rakshazi/Music Directory ${PICTURES} resolved as Pictures Disable /home/rakshazi/.cloud/Media (requested /home/rakshazi/Pictures) Directory ${VIDEOS} resolved as Videos Disable /home/rakshazi/Videos Mounting read-only /tmp/.X11-unix 1858 1800 0:46 /.X11-unix /tmp/.X11-unix ro,nosuid,nodev,noexec master:31 - tmpfs tmpfs rw,nr_inodes=409600,inode64 mountid=1858 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Disable /sys/fs Disable /sys/module disable pulseaudio blacklist /home/rakshazi/.config/pulse blacklist /run/user/1000/pulse/native blacklist /run/user/1000/pulse Create the new ld.so.preload file Blacklist violations are logged to syslog Mount the new ld.so.preload file Current directory: /home/rakshazi DISPLAY=:0.0 parsed as 0 Install protocol filter: unix,netlink configuring 18 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol Dropping all capabilities Drop privileges: pid 10, uid 1000, gid 1001, nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 04 00 c000003e jeq ARCH_64 0006 (false 0002) 0002: 20 00 00 00000000 ld data.syscall-number 0003: 15 01 00 00000167 jeq unknown 0005 (false 0004) 0004: 06 00 00 7fff0000 ret ALLOW 0005: 05 00 00 00000006 jmp 000c 0006: 20 00 00 00000004 ld data.architecture 0007: 15 01 00 c000003e jeq ARCH_64 0009 (false 0008) 0008: 06 00 00 7fff0000 ret ALLOW 0009: 20 00 00 00000000 ld data.syscall-number 000a: 15 01 00 00000029 jeq socket 000c (false 000b) 000b: 06 00 00 7fff0000 ret ALLOW 000c: 20 00 00 00000010 ld data.args[0] 000d: 15 00 01 00000001 jeq 1 000e (false 000f) 000e: 06 00 00 7fff0000 ret ALLOW 000f: 15 00 01 00000010 jeq 10 0010 (false 0011) 0010: 06 00 00 7fff0000 ret ALLOW 0011: 06 00 00 0005005f ret ERRNO(95) configuring 101 seccomp entries in /run/firejail/mnt/seccomp/seccomp.32 sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.32 Dropping all capabilities Drop privileges: pid 11, uid 1000, gid 1001, nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 40000003 jeq ARCH_32 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 15 00 01 00000015 jeq 15 0005 (false 0006) 0005: 06 00 00 00000001 ret KILL 0006: 15 00 01 00000034 jeq 34 0007 (false 0008) 0007: 06 00 00 00000001 ret KILL 0008: 15 00 01 0000001a jeq 1a 0009 (false 000a) 0009: 06 00 00 00000001 ret KILL 000a: 15 00 01 0000011b jeq 11b 000b (false 000c) 000b: 06 00 00 00000001 ret KILL 000c: 15 00 01 00000155 jeq 155 000d (false 000e) 000d: 06 00 00 00000001 ret KILL 000e: 15 00 01 00000156 jeq 156 000f (false 0010) 000f: 06 00 00 00000001 ret KILL 0010: 15 00 01 0000007f jeq 7f 0011 (false 0012) 0011: 06 00 00 00000001 ret KILL 0012: 15 00 01 00000080 jeq 80 0013 (false 0014) 0013: 06 00 00 00000001 ret KILL 0014: 15 00 01 0000015e jeq 15e 0015 (false 0016) 0015: 06 00 00 00000001 ret KILL 0016: 15 00 01 00000081 jeq 81 0017 (false 0018) 0017: 06 00 00 00000001 ret KILL 0018: 15 00 01 0000006e jeq 6e 0019 (false 001a) 0019: 06 00 00 00000001 ret KILL 001a: 15 00 01 00000065 jeq 65 001b (false 001c) 001b: 06 00 00 00000001 ret KILL 001c: 15 00 01 00000121 jeq 121 001d (false 001e) 001d: 06 00 00 00000001 ret KILL 001e: 15 00 01 00000057 jeq 57 001f (false 0020) 001f: 06 00 00 00000001 ret KILL 0020: 15 00 01 00000073 jeq 73 0021 (false 0022) 0021: 06 00 00 00000001 ret KILL 0022: 15 00 01 00000067 jeq 67 0023 (false 0024) 0023: 06 00 00 00000001 ret KILL 0024: 15 00 01 0000015b jeq 15b 0025 (false 0026) 0025: 06 00 00 00000001 ret KILL 0026: 15 00 01 0000015c jeq 15c 0027 (false 0028) 0027: 06 00 00 00000001 ret KILL 0028: 15 00 01 00000087 jeq 87 0029 (false 002a) 0029: 06 00 00 00000001 ret KILL 002a: 15 00 01 00000095 jeq 95 002b (false 002c) 002b: 06 00 00 00000001 ret KILL 002c: 15 00 01 0000007c jeq 7c 002d (false 002e) 002d: 06 00 00 00000001 ret KILL 002e: 15 00 01 00000157 jeq 157 002f (false 0030) 002f: 06 00 00 00000001 ret KILL 0030: 15 00 01 000000fd jeq fd 0031 (false 0032) 0031: 06 00 00 00000001 ret KILL 0032: 15 00 01 00000150 jeq 150 0033 (false 0034) 0033: 06 00 00 00000001 ret KILL 0034: 15 00 01 00000152 jeq 152 0035 (false 0036) 0035: 06 00 00 00000001 ret KILL 0036: 15 00 01 0000015d jeq 15d 0037 (false 0038) 0037: 06 00 00 00000001 ret KILL 0038: 15 00 01 0000011e jeq 11e 0039 (false 003a) 0039: 06 00 00 00000001 ret KILL 003a: 15 00 01 0000011f jeq 11f 003b (false 003c) 003b: 06 00 00 00000001 ret KILL 003c: 15 00 01 00000120 jeq 120 003d (false 003e) 003d: 06 00 00 00000001 ret KILL 003e: 15 00 01 00000056 jeq 56 003f (false 0040) 003f: 06 00 00 00000001 ret KILL 0040: 15 00 01 00000033 jeq 33 0041 (false 0042) 0041: 06 00 00 00000001 ret KILL 0042: 15 00 01 0000007b jeq 7b 0043 (false 0044) 0043: 06 00 00 00000001 ret KILL 0044: 15 00 01 000000d9 jeq d9 0045 (false 0046) 0045: 06 00 00 00000001 ret KILL 0046: 15 00 01 000000f5 jeq f5 0047 (false 0048) 0047: 06 00 00 00000001 ret KILL 0048: 15 00 01 000000f6 jeq f6 0049 (false 004a) 0049: 06 00 00 00000001 ret KILL 004a: 15 00 01 000000f7 jeq f7 004b (false 004c) 004b: 06 00 00 00000001 ret KILL 004c: 15 00 01 000000f8 jeq f8 004d (false 004e) 004d: 06 00 00 00000001 ret KILL 004e: 15 00 01 000000f9 jeq f9 004f (false 0050) 004f: 06 00 00 00000001 ret KILL 0050: 15 00 01 00000101 jeq 101 0051 (false 0052) 0051: 06 00 00 00000001 ret KILL 0052: 15 00 01 00000112 jeq 112 0053 (false 0054) 0053: 06 00 00 00000001 ret KILL 0054: 15 00 01 00000114 jeq 114 0055 (false 0056) 0055: 06 00 00 00000001 ret KILL 0056: 15 00 01 00000126 jeq 126 0057 (false 0058) 0057: 06 00 00 00000001 ret KILL 0058: 15 00 01 0000013d jeq 13d 0059 (false 005a) 0059: 06 00 00 00000001 ret KILL 005a: 15 00 01 0000013c jeq 13c 005b (false 005c) 005b: 06 00 00 00000001 ret KILL 005c: 15 00 01 0000003d jeq 3d 005d (false 005e) 005d: 06 00 00 00000001 ret KILL 005e: 15 00 01 00000058 jeq 58 005f (false 0060) 005f: 06 00 00 00000001 ret KILL 0060: 15 00 01 000000a9 jeq a9 0061 (false 0062) 0061: 06 00 00 00000001 ret KILL 0062: 15 00 01 00000082 jeq 82 0063 (false 0064) 0063: 06 00 00 00000001 ret KILL 0064: 06 00 00 7fff0000 ret ALLOW Dual 32/64 bit seccomp filter configured configuring 134 seccomp entries in /run/firejail/mnt/seccomp/seccomp sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp Dropping all capabilities Drop privileges: pid 12, uid 1000, gid 1001, nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005) 0005: 35 01 00 00000000 jge read 0007 (false 0006) 0006: 06 00 00 00050001 ret ERRNO(1) 0007: 15 00 01 0000009f jeq adjtimex 0008 (false 0009) 0008: 06 00 00 00000001 ret KILL 0009: 15 00 01 00000131 jeq clock_adjtime 000a (false 000b) 000a: 06 00 00 00000001 ret KILL 000b: 15 00 01 000000e3 jeq clock_settime 000c (false 000d) 000c: 06 00 00 00000001 ret KILL 000d: 15 00 01 000000a4 jeq settimeofday 000e (false 000f) 000e: 06 00 00 00000001 ret KILL 000f: 15 00 01 0000009a jeq modify_ldt 0010 (false 0011) 0010: 06 00 00 00000001 ret KILL 0011: 15 00 01 000000d4 jeq lookup_dcookie 0012 (false 0013) 0012: 06 00 00 00000001 ret KILL 0013: 15 00 01 0000012a jeq perf_event_open 0014 (false 0015) 0014: 06 00 00 00000001 ret KILL 0015: 15 00 01 00000137 jeq process_vm_writev 0016 (false 0017) 0016: 06 00 00 00000001 ret KILL 0017: 15 00 01 000000b0 jeq delete_module 0018 (false 0019) 0018: 06 00 00 00000001 ret KILL 0019: 15 00 01 00000139 jeq finit_module 001a (false 001b) 001a: 06 00 00 00000001 ret KILL 001b: 15 00 01 000000af jeq init_module 001c (false 001d) 001c: 06 00 00 00000001 ret KILL 001d: 15 00 01 000000a1 jeq chroot 001e (false 001f) 001e: 06 00 00 00000001 ret KILL 001f: 15 00 01 000000a5 jeq mount 0020 (false 0021) 0020: 06 00 00 00000001 ret KILL 0021: 15 00 01 0000009b jeq pivot_root 0022 (false 0023) 0022: 06 00 00 00000001 ret KILL 0023: 15 00 01 000000a6 jeq umount2 0024 (false 0025) 0024: 06 00 00 00000001 ret KILL 0025: 15 00 01 0000009c jeq _sysctl 0026 (false 0027) 0026: 06 00 00 00000001 ret KILL 0027: 15 00 01 000000b7 jeq afs_syscall 0028 (false 0029) 0028: 06 00 00 00000001 ret KILL 0029: 15 00 01 000000ae jeq create_module 002a (false 002b) 002a: 06 00 00 00000001 ret KILL 002b: 15 00 01 000000b1 jeq get_kernel_syms 002c (false 002d) 002c: 06 00 00 00000001 ret KILL 002d: 15 00 01 000000b5 jeq getpmsg 002e (false 002f) 002e: 06 00 00 00000001 ret KILL 002f: 15 00 01 000000b6 jeq putpmsg 0030 (false 0031) 0030: 06 00 00 00000001 ret KILL 0031: 15 00 01 000000b2 jeq query_module 0032 (false 0033) 0032: 06 00 00 00000001 ret KILL 0033: 15 00 01 000000b9 jeq security 0034 (false 0035) 0034: 06 00 00 00000001 ret KILL 0035: 15 00 01 0000008b jeq sysfs 0036 (false 0037) 0036: 06 00 00 00000001 ret KILL 0037: 15 00 01 000000b8 jeq tuxcall 0038 (false 0039) 0038: 06 00 00 00000001 ret KILL 0039: 15 00 01 00000086 jeq uselib 003a (false 003b) 003a: 06 00 00 00000001 ret KILL 003b: 15 00 01 00000088 jeq ustat 003c (false 003d) 003c: 06 00 00 00000001 ret KILL 003d: 15 00 01 000000ec jeq vserver 003e (false 003f) 003e: 06 00 00 00000001 ret KILL 003f: 15 00 01 000000ad jeq ioperm 0040 (false 0041) 0040: 06 00 00 00000001 ret KILL 0041: 15 00 01 000000ac jeq iopl 0042 (false 0043) 0042: 06 00 00 00000001 ret KILL 0043: 15 00 01 000000f6 jeq kexec_load 0044 (false 0045) 0044: 06 00 00 00000001 ret KILL 0045: 15 00 01 00000140 jeq kexec_file_load 0046 (false 0047) 0046: 06 00 00 00000001 ret KILL 0047: 15 00 01 000000a9 jeq reboot 0048 (false 0049) 0048: 06 00 00 00000001 ret KILL 0049: 15 00 01 000000a7 jeq swapon 004a (false 004b) 004a: 06 00 00 00000001 ret KILL 004b: 15 00 01 000000a8 jeq swapoff 004c (false 004d) 004c: 06 00 00 00000001 ret KILL 004d: 15 00 01 00000130 jeq open_by_handle_at 004e (false 004f) 004e: 06 00 00 00000001 ret KILL 004f: 15 00 01 0000012f jeq name_to_handle_at 0050 (false 0051) 0050: 06 00 00 00000001 ret KILL 0051: 15 00 01 000000fb jeq ioprio_set 0052 (false 0053) 0052: 06 00 00 00000001 ret KILL 0053: 15 00 01 00000067 jeq syslog 0054 (false 0055) 0054: 06 00 00 00000001 ret KILL 0055: 15 00 01 0000012c jeq fanotify_init 0056 (false 0057) 0056: 06 00 00 00000001 ret KILL 0057: 15 00 01 00000138 jeq kcmp 0058 (false 0059) 0058: 06 00 00 00000001 ret KILL 0059: 15 00 01 000000f8 jeq add_key 005a (false 005b) 005a: 06 00 00 00000001 ret KILL 005b: 15 00 01 000000f9 jeq request_key 005c (false 005d) 005c: 06 00 00 00000001 ret KILL 005d: 15 00 01 000000ed jeq mbind 005e (false 005f) 005e: 06 00 00 00000001 ret KILL 005f: 15 00 01 00000100 jeq migrate_pages 0060 (false 0061) 0060: 06 00 00 00000001 ret KILL 0061: 15 00 01 00000117 jeq move_pages 0062 (false 0063) 0062: 06 00 00 00000001 ret KILL 0063: 15 00 01 000000fa jeq keyctl 0064 (false 0065) 0064: 06 00 00 00000001 ret KILL 0065: 15 00 01 000000ce jeq io_setup 0066 (false 0067) 0066: 06 00 00 00000001 ret KILL 0067: 15 00 01 000000cf jeq io_destroy 0068 (false 0069) 0068: 06 00 00 00000001 ret KILL 0069: 15 00 01 000000d0 jeq io_getevents 006a (false 006b) 006a: 06 00 00 00000001 ret KILL 006b: 15 00 01 000000d1 jeq io_submit 006c (false 006d) 006c: 06 00 00 00000001 ret KILL 006d: 15 00 01 000000d2 jeq io_cancel 006e (false 006f) 006e: 06 00 00 00000001 ret KILL 006f: 15 00 01 000000d8 jeq remap_file_pages 0070 (false 0071) 0070: 06 00 00 00000001 ret KILL 0071: 15 00 01 00000143 jeq userfaultfd 0072 (false 0073) 0072: 06 00 00 00000001 ret KILL 0073: 15 00 01 000000a3 jeq acct 0074 (false 0075) 0074: 06 00 00 00000001 ret KILL 0075: 15 00 01 00000141 jeq bpf 0076 (false 0077) 0076: 06 00 00 00000001 ret KILL 0077: 15 00 01 000000b4 jeq nfsservctl 0078 (false 0079) 0078: 06 00 00 00000001 ret KILL 0079: 15 00 01 000000ab jeq setdomainname 007a (false 007b) 007a: 06 00 00 00000001 ret KILL 007b: 15 00 01 000000aa jeq sethostname 007c (false 007d) 007c: 06 00 00 00000001 ret KILL 007d: 15 00 01 00000099 jeq vhangup 007e (false 007f) 007e: 06 00 00 00000001 ret KILL 007f: 15 00 01 00000065 jeq ptrace 0080 (false 0081) 0080: 06 00 00 00000001 ret KILL 0081: 15 00 01 00000087 jeq personality 0082 (false 0083) 0082: 06 00 00 00000001 ret KILL 0083: 15 00 01 00000136 jeq process_vm_readv 0084 (false 0085) 0084: 06 00 00 00000001 ret KILL 0085: 06 00 00 7fff0000 ret ALLOW seccomp filter configured Mounting read-only /run/firejail/mnt/seccomp 1865 1579 0:90 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755,inode64 mountid=1865 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs Seccomp directory: ls /run/firejail/mnt/seccomp drwxr-xr-x root root 160 . drwxr-xr-x root root 460 .. -rw-r--r-- 1000 1001 1072 seccomp -rw-r--r-- 1000 1001 808 seccomp.32 -rw-r--r-- 1000 1001 114 seccomp.list -rw-r--r-- 1000 1001 0 seccomp.postexec -rw-r--r-- 1000 1001 0 seccomp.postexec32 -rw-r--r-- 1000 1001 144 seccomp.protocol Active seccomp files: cat /run/firejail/mnt/seccomp/seccomp.list /run/firejail/mnt/seccomp/seccomp.protocol /run/firejail/mnt/seccomp/seccomp.32 /run/firejail/mnt/seccomp/seccomp Dropping all capabilities noroot user namespace installed Dropping all capabilities NO_NEW_PRIVS set Drop privileges: pid 1, uid 1000, gid 1001, nogroups 1 No supplementary groups starting application LD_PRELOAD=(null) execvp argument 0: /bin/keepassxc Child process initialized in 122.51 ms Installing /run/firejail/mnt/seccomp/seccomp seccomp filter Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter monitoring pid 13 Qt: Session management error: Could not open network socket libGL error: MESA-LOADER: failed to retrieve device information libGL error: Version 4 or later of flush extension not found libGL error: failed to load driver: i915 libGL error: failed to open /dev/dri/card0: No such file or directory libGL error: failed to load driver: i965 libpng warning: iCCP: known incorrect sRGB profile libpng warning: iCCP: known incorrect sRGB profile ```

[rusty-snake]

Try to noblacklist ${HOME}/.config/chromium.

[rakshazi]

thank you, @rusty-snake ! added it to .local profile and now it works