Zoom fails to save chat logs when executing under firejail

[VorpalBlade]

Write clear, concise and in textual form.

Bug and expected behavior

• Describe the bug. Saving chat logs in zoom (from the "..." menu in the chat of a meeting doesn't work. Zoom lacks permission to save the file. The default (only?) location is ~/Documents/Zoom for this.

• What did you expect to happen? Zoom should be allowed access to save chat logs, sent files etc.

The fix is simple, add the following to zoom.local (or better yet, to the standard profile so other users can benefit from it):

mkdir ${HOME}/Documents/Zoom
whitelist ${HOME}/Documents/Zoom

No profile and disabling firejail

• What changed calling firejail --noprofile /path/to/program in a terminal? It works when using --noprofile.
• What changed calling the program by path (check which <program> or firejail --list while the sandbox is running)? I don't understand this question.

Reproduce Steps to reproduce the behavior:

1. Run in bash firejail zoom
2. Join/create a meeting
3. Write something in chat
4. Click on the three dots menu, and select to save the chat.
5. Zoom claims it saved the chat log, but the file was not actually saved.

Environment

• Linux distribution and version (ie output of lsb_release -a, screenfetch or cat /etc/os-release)

  $ lsb_release -a
  No LSB modules are available.
  Distributor ID: Ubuntu
  Description:    Ubuntu 20.04.2 LTS
  Release:    20.04
  Codename:   focal

• Firejail version (output of firejail --version) exclusive or used git commit (git rev-parse HEAD) Installed from Ubuntu packages:

  
  firejail --version
  firejail version 0.9.62

Compile time support:

• AppArmor support is enabled
• AppImage support is enabled
• chroot support is enabled
• file and directory whitelisting support is enabled
• file transfer support is enabled
• firetunnel support is enabled
• networking support is enabled
• overlayfs support is enabled
• private-home support is enabled
• seccomp-bpf support is enabled
• user namespace support is enabled
• X11 sandboxing support is enabled

Additional context Other context about the problem like related errors to understand the problem.

Checklist

• [X] The profile (and redirect profile if exists) hasn't already been fixed upstream.
• [X] The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
• [X] I have performed a short search for similar issues (to avoid opening a duplicate).
• [X] If it is a AppImage, --profile=PROFILENAME is used to set the right profile. Not an AppImage.
• [X] Used LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 PROGRAM to get english error-messages. No error messages, so irrelevant.
• [X] I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers. Not relevant for Zoom.

debug output

``` $ firejail --debug /usr/bin/zoom Autoselecting /bin/bash as shell Building quoted command line: '/usr/bin/zoom' Command name #zoom# Found zoom.profile profile in /etc/firejail directory Reading profile /etc/firejail/zoom.profile Found disable-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-common.inc Found disable-devel.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-devel.inc Found disable-interpreters.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-interpreters.inc Found disable-programs.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-programs.inc Found whitelist-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-common.inc Warning: networking feature is disabled in Firejail configuration file DISPLAY=:1 parsed as 1 Using the local network stack Parent pid 495314, child pid 495315 Initializing child process Host network configured PID namespace installed Mounting tmpfs on /run/firejail/mnt directory Creating empty /run/firejail/mnt/seccomp directory Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file IBUS_ADDRESS=unix:abstract=/home/myusernamehere/.cache/ibus/dbus-4fUqFTGW,guid=8f9e88cc697d49a473490759601bcaa1 IBUS_DAEMON_PID=27731 Build protocol filter: unix,inet,inet6 sbox run: /run/firejail/lib/fseccomp protocol build unix,inet,inet6 /run/firejail/mnt/seccomp/seccomp.protocol (null) Dropping all capabilities Drop privileges: pid 2, uid 1000, gid 1000, nogroups 1 No supplementary groups Mounting /proc filesystem representing the PID namespace Basic read-only filesystem: Mounting read-only /etc Mounting noexec /etc Mounting read-only /var Mounting noexec /var Mounting read-only /bin Mounting read-only /sbin Mounting read-only /lib Mounting read-only /lib64 Mounting read-only /lib32 Mounting read-only /libx32 Mounting read-only /usr Mounting tmpfs on /var/lock Mounting tmpfs on /var/tmp Mounting tmpfs on /var/log Mounting tmpfs on /var/lib/dhcp Mounting tmpfs on /var/lib/snmp Mounting tmpfs on /var/lib/sudo Create the new utmp file Mount the new utmp file Cleaning /home directory Cleaning /run/user directory Sanitizing /etc/passwd, UID_MIN 1000 Sanitizing /etc/group, GID_MIN 1000 Disable /run/firejail/network Disable /run/firejail/bandwidth Disable /run/firejail/name Disable /run/firejail/profile Disable /run/firejail/x11 Generate private-tmp whitelist commands Mounting read-only /proc/sys Remounting /sys directory Disable /sys/firmware Disable /sys/hypervisor Disable /sys/power Disable /sys/kernel/debug Disable /sys/kernel/vmcoreinfo Disable /sys/kernel/uevent_helper Disable /proc/sys/fs/binfmt_misc Disable /proc/sys/kernel/core_pattern Disable /proc/sys/kernel/modprobe Disable /proc/sysrq-trigger Disable /proc/sys/kernel/hotplug Disable /proc/sys/vm/panic_on_oom Disable /proc/irq Disable /proc/bus Disable /proc/sched_debug Disable /proc/timer_list Disable /proc/kcore Disable /proc/kallsyms Disable /usr/lib/modules (requested /lib/modules) Disable /usr/lib/debug Disable /boot Disable /dev/port Disable /run/user/1000/gnupg Disable /run/user/1000/systemd Disable /dev/kmsg Disable /proc/kmsg Debug 423: new_name #/home/myusernamehere/.cache/zoom#, whitelist Debug 531: fname #/home/myusernamehere/.cache/zoom#, cfg.homedir #/home/myusernamehere# Replaced whitelist path: whitelist /home/myusernamehere/.cache/zoom Debug 423: new_name #/home/myusernamehere/.config/zoomus.conf#, whitelist Debug 531: fname #/home/myusernamehere/.config/zoomus.conf#, cfg.homedir #/home/myusernamehere# Replaced whitelist path: whitelist /home/myusernamehere/.config/zoomus.conf Debug 423: new_name #/home/myusernamehere/.zoom#, whitelist Debug 531: fname #/home/myusernamehere/.zoom#, cfg.homedir #/home/myusernamehere# Replaced whitelist path: whitelist /home/myusernamehere/.zoom Debug 423: new_name #/home/myusernamehere/.XCompose#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.XCompose expanded: /home/myusernamehere/.XCompose real path: (null) realpath: No such file or directory Debug 423: new_name #/home/myusernamehere/.asoundrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.asoundrc expanded: /home/myusernamehere/.asoundrc real path: (null) realpath: No such file or directory Debug 423: new_name #/home/myusernamehere/.config/ibus#, whitelist Debug 531: fname #/home/myusernamehere/.config/ibus#, cfg.homedir #/home/myusernamehere# Replaced whitelist path: whitelist /home/myusernamehere/.config/ibus Debug 423: new_name #/home/myusernamehere/.config/mimeapps.list#, whitelist Debug 531: fname #/home/myusernamehere/.config/mimeapps.list#, cfg.homedir #/home/myusernamehere# Replaced whitelist path: whitelist /home/myusernamehere/.config/mimeapps.list Debug 423: new_name #/home/myusernamehere/.config/pkcs11#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/pkcs11 expanded: /home/myusernamehere/.config/pkcs11 real path: (null) realpath: No such file or directory Debug 423: new_name #/home/myusernamehere/.config/user-dirs.dirs#, whitelist Debug 531: fname #/home/myusernamehere/.config/user-dirs.dirs#, cfg.homedir #/home/myusernamehere# Replaced whitelist path: whitelist /home/myusernamehere/.config/user-dirs.dirs Debug 423: new_name #/home/myusernamehere/.drirc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.drirc expanded: /home/myusernamehere/.drirc real path: (null) realpath: No such file or directory Debug 423: new_name #/home/myusernamehere/.icons#, whitelist Debug 531: fname #/home/myusernamehere/.icons#, cfg.homedir #/home/myusernamehere# Replaced whitelist path: whitelist /home/myusernamehere/.icons Debug 423: new_name #/home/myusernamehere/.local/share/applications#, whitelist Debug 531: fname #/home/myusernamehere/.local/share/applications#, cfg.homedir #/home/myusernamehere# Replaced whitelist path: whitelist /home/myusernamehere/.local/share/applications Debug 423: new_name #/home/myusernamehere/.local/share/icons#, whitelist Debug 531: fname #/home/myusernamehere/.local/share/icons#, cfg.homedir #/home/myusernamehere# Replaced whitelist path: whitelist /home/myusernamehere/.local/share/icons Debug 423: new_name #/home/myusernamehere/.local/share/mime#, whitelist Debug 531: fname #/home/myusernamehere/.local/share/mime#, cfg.homedir #/home/myusernamehere# Replaced whitelist path: whitelist /home/myusernamehere/.local/share/mime Debug 423: new_name #/home/myusernamehere/.mime.types#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.mime.types expanded: /home/myusernamehere/.mime.types real path: (null) realpath: No such file or directory Debug 423: new_name #/home/myusernamehere/.config/dconf#, whitelist Debug 531: fname #/home/myusernamehere/.config/dconf#, cfg.homedir #/home/myusernamehere# Replaced whitelist path: whitelist /home/myusernamehere/.config/dconf Debug 423: new_name #/home/myusernamehere/.cache/fontconfig#, whitelist Debug 531: fname #/home/myusernamehere/.cache/fontconfig#, cfg.homedir #/home/myusernamehere# Replaced whitelist path: whitelist /home/myusernamehere/.cache/fontconfig Debug 423: new_name #/home/myusernamehere/.config/fontconfig#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/fontconfig expanded: /home/myusernamehere/.config/fontconfig real path: (null) realpath: No such file or directory Debug 423: new_name #/home/myusernamehere/.fontconfig#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fontconfig expanded: /home/myusernamehere/.fontconfig real path: (null) realpath: No such file or directory Debug 423: new_name #/home/myusernamehere/.fonts#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts expanded: /home/myusernamehere/.fonts real path: (null) realpath: No such file or directory Debug 423: new_name #/home/myusernamehere/.fonts.conf#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf expanded: /home/myusernamehere/.fonts.conf real path: (null) realpath: No such file or directory Debug 423: new_name #/home/myusernamehere/.fonts.conf.d#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf.d expanded: /home/myusernamehere/.fonts.conf.d real path: (null) realpath: No such file or directory Debug 423: new_name #/home/myusernamehere/.fonts.d#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.d expanded: /home/myusernamehere/.fonts.d real path: (null) realpath: No such file or directory Debug 423: new_name #/home/myusernamehere/.local/share/fonts#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/fonts expanded: /home/myusernamehere/.local/share/fonts real path: (null) realpath: No such file or directory Debug 423: new_name #/home/myusernamehere/.pangorc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.pangorc expanded: /home/myusernamehere/.pangorc real path: (null) realpath: No such file or directory Debug 423: new_name #/home/myusernamehere/.config/gtk-2.0#, whitelist Debug 531: fname #/home/myusernamehere/.config/gtk-2.0#, cfg.homedir #/home/myusernamehere# Replaced whitelist path: whitelist /home/myusernamehere/.config/gtk-2.0 Debug 423: new_name #/home/myusernamehere/.config/gtk-3.0#, whitelist Debug 531: fname #/home/myusernamehere/.config/gtk-3.0#, cfg.homedir #/home/myusernamehere# Replaced whitelist path: whitelist /home/myusernamehere/.config/gtk-3.0 Debug 423: new_name #/home/myusernamehere/.config/gtkrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc expanded: /home/myusernamehere/.config/gtkrc real path: (null) realpath: No such file or directory Debug 423: new_name #/home/myusernamehere/.config/gtkrc-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc-2.0 expanded: /home/myusernamehere/.config/gtkrc-2.0 real path: (null) realpath: No such file or directory Debug 423: new_name #/home/myusernamehere/.gnome2#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2 expanded: /home/myusernamehere/.gnome2 real path: (null) realpath: No such file or directory Debug 423: new_name #/home/myusernamehere/.gnome2-private#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2-private expanded: /home/myusernamehere/.gnome2-private real path: (null) realpath: No such file or directory Debug 423: new_name #/home/myusernamehere/.gtk-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtk-2.0 expanded: /home/myusernamehere/.gtk-2.0 real path: (null) realpath: No such file or directory Debug 423: new_name #/home/myusernamehere/.gtkrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtkrc expanded: /home/myusernamehere/.gtkrc real path: (null) realpath: No such file or directory Debug 423: new_name #/home/myusernamehere/.gtkrc-2.0#, whitelist Debug 531: fname #/home/myusernamehere/.gtkrc-2.0#, cfg.homedir #/home/myusernamehere# Replaced whitelist path: whitelist /home/myusernamehere/.gtkrc-2.0 Debug 423: new_name #/home/myusernamehere/.kde/share/config/gtkrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc expanded: /home/myusernamehere/.kde/share/config/gtkrc real path: (null) realpath: No such file or directory Debug 423: new_name #/home/myusernamehere/.kde/share/config/gtkrc-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc-2.0 expanded: /home/myusernamehere/.kde/share/config/gtkrc-2.0 real path: (null) realpath: No such file or directory Debug 423: new_name #/home/myusernamehere/.kde4/share/config/gtkrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc expanded: /home/myusernamehere/.kde4/share/config/gtkrc real path: (null) realpath: No such file or directory Debug 423: new_name #/home/myusernamehere/.kde4/share/config/gtkrc-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc-2.0 expanded: /home/myusernamehere/.kde4/share/config/gtkrc-2.0 real path: (null) realpath: No such file or directory Debug 423: new_name #/home/myusernamehere/.local/share/themes#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/themes expanded: /home/myusernamehere/.local/share/themes real path: (null) realpath: No such file or directory Debug 423: new_name #/home/myusernamehere/.themes#, whitelist Debug 531: fname #/home/myusernamehere/.themes#, cfg.homedir #/home/myusernamehere# Replaced whitelist path: whitelist /home/myusernamehere/.themes Debug 423: new_name #/home/myusernamehere/.cache/kioexec/krun#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.cache/kioexec/krun expanded: /home/myusernamehere/.cache/kioexec/krun real path: (null) realpath: No such file or directory Debug 423: new_name #/home/myusernamehere/.config/Kvantum#, whitelist Debug 531: fname #/home/myusernamehere/.config/Kvantum#, cfg.homedir #/home/myusernamehere# Replaced whitelist path: whitelist /home/myusernamehere/.config/Kvantum Debug 423: new_name #/home/myusernamehere/.config/Trolltech.conf#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/Trolltech.conf expanded: /home/myusernamehere/.config/Trolltech.conf real path: (null) realpath: No such file or directory Debug 423: new_name #/home/myusernamehere/.config/kdeglobals#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kdeglobals expanded: /home/myusernamehere/.config/kdeglobals real path: (null) realpath: No such file or directory Debug 423: new_name #/home/myusernamehere/.config/kio_httprc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kio_httprc expanded: /home/myusernamehere/.config/kio_httprc real path: (null) realpath: No such file or directory Debug 423: new_name #/home/myusernamehere/.config/kioslaverc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kioslaverc expanded: /home/myusernamehere/.config/kioslaverc real path: (null) realpath: No such file or directory Debug 423: new_name #/home/myusernamehere/.config/ksslcablacklist#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/ksslcablacklist expanded: /home/myusernamehere/.config/ksslcablacklist real path: (null) realpath: No such file or directory Debug 423: new_name #/home/myusernamehere/.config/qt5ct#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/qt5ct expanded: /home/myusernamehere/.config/qt5ct real path: (null) realpath: No such file or directory Debug 423: new_name #/home/myusernamehere/.kde/share/config/kdeglobals#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kdeglobals expanded: /home/myusernamehere/.kde/share/config/kdeglobals real path: (null) realpath: No such file or directory Debug 423: new_name #/home/myusernamehere/.kde/share/config/kio_httprc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kio_httprc expanded: /home/myusernamehere/.kde/share/config/kio_httprc real path: (null) realpath: No such file or directory Debug 423: new_name #/home/myusernamehere/.kde/share/config/kioslaverc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kioslaverc expanded: /home/myusernamehere/.kde/share/config/kioslaverc real path: (null) realpath: No such file or directory Debug 423: new_name #/home/myusernamehere/.kde/share/config/ksslcablacklist#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/ksslcablacklist expanded: /home/myusernamehere/.kde/share/config/ksslcablacklist real path: (null) realpath: No such file or directory Debug 423: new_name #/home/myusernamehere/.kde/share/config/oxygenrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/oxygenrc expanded: /home/myusernamehere/.kde/share/config/oxygenrc real path: (null) realpath: No such file or directory Debug 423: new_name #/home/myusernamehere/.kde/share/icons#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/icons expanded: /home/myusernamehere/.kde/share/icons real path: (null) realpath: No such file or directory Debug 423: new_name #/home/myusernamehere/.kde4/share/config/kdeglobals#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kdeglobals expanded: /home/myusernamehere/.kde4/share/config/kdeglobals real path: (null) realpath: No such file or directory Debug 423: new_name #/home/myusernamehere/.kde4/share/config/kio_httprc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kio_httprc expanded: /home/myusernamehere/.kde4/share/config/kio_httprc real path: (null) realpath: No such file or directory Debug 423: new_name #/home/myusernamehere/.kde4/share/config/kioslaverc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kioslaverc expanded: /home/myusernamehere/.kde4/share/config/kioslaverc real path: (null) realpath: No such file or directory Debug 423: new_name #/home/myusernamehere/.kde4/share/config/ksslcablacklist#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/ksslcablacklist expanded: /home/myusernamehere/.kde4/share/config/ksslcablacklist real path: (null) realpath: No such file or directory Debug 423: new_name #/home/myusernamehere/.kde4/share/config/oxygenrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/oxygenrc expanded: /home/myusernamehere/.kde4/share/config/oxygenrc real path: (null) realpath: No such file or directory Debug 423: new_name #/home/myusernamehere/.kde4/share/icons#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/icons expanded: /home/myusernamehere/.kde4/share/icons real path: (null) realpath: No such file or directory Debug 423: new_name #/home/myusernamehere/.local/share/qt5ct#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/qt5ct expanded: /home/myusernamehere/.local/share/qt5ct real path: (null) realpath: No such file or directory Debug 423: new_name #/tmp/.X11-unix#, whitelist Debug 423: new_name #/tmp/pulse-PKdhtXMmr18n#, whitelist Mounting tmpfs on /tmp directory Mounting a new /home directory Mounting a new /root directory Create a new user directory Drop privileges: pid 3, uid 1000, gid 1000, nogroups 0 Warning: cleaning all supplementary groups Whitelisting /home/myusernamehere/.cache/zoom 4948 4946 253:3 /myusernamehere/.cache/zoom /home/myusernamehere/.cache/zoom rw,relatime master:85 - ext4 /dev/mapper/vg-home rw mountid=4948 fsname=/myusernamehere/.cache/zoom dir=/home/myusernamehere/.cache/zoom fstype=ext4 Whitelisting /home/myusernamehere/.config/zoomus.conf 4949 4946 253:3 /myusernamehere/.config/zoomus.conf /home/myusernamehere/.config/zoomus.conf rw,relatime master:85 - ext4 /dev/mapper/vg-home rw mountid=4949 fsname=/myusernamehere/.config/zoomus.conf dir=/home/myusernamehere/.config/zoomus.conf fstype=ext4 Whitelisting /home/myusernamehere/.zoom 4950 4946 253:3 /myusernamehere/.zoom /home/myusernamehere/.zoom rw,relatime master:85 - ext4 /dev/mapper/vg-home rw mountid=4950 fsname=/myusernamehere/.zoom dir=/home/myusernamehere/.zoom fstype=ext4 Whitelisting /home/myusernamehere/.config/ibus 4951 4946 253:3 /myusernamehere/.config/ibus /home/myusernamehere/.config/ibus rw,relatime master:85 - ext4 /dev/mapper/vg-home rw mountid=4951 fsname=/myusernamehere/.config/ibus dir=/home/myusernamehere/.config/ibus fstype=ext4 Whitelisting /home/myusernamehere/.config/mimeapps.list 5023 4946 253:3 /myusernamehere/.config/mimeapps.list /home/myusernamehere/.config/mimeapps.list rw,relatime master:85 - ext4 /dev/mapper/vg-home rw mountid=5023 fsname=/myusernamehere/.config/mimeapps.list dir=/home/myusernamehere/.config/mimeapps.list fstype=ext4 Whitelisting /home/myusernamehere/.config/user-dirs.dirs 5085 4946 253:3 /myusernamehere/.config/user-dirs.dirs /home/myusernamehere/.config/user-dirs.dirs rw,relatime master:85 - ext4 /dev/mapper/vg-home rw mountid=5085 fsname=/myusernamehere/.config/user-dirs.dirs dir=/home/myusernamehere/.config/user-dirs.dirs fstype=ext4 Whitelisting /home/myusernamehere/.icons 5086 4946 253:3 /myusernamehere/.icons /home/myusernamehere/.icons rw,relatime master:85 - ext4 /dev/mapper/vg-home rw mountid=5086 fsname=/myusernamehere/.icons dir=/home/myusernamehere/.icons fstype=ext4 Whitelisting /home/myusernamehere/.local/share/applications 5087 4946 253:3 /myusernamehere/.local/share/applications /home/myusernamehere/.local/share/applications rw,relatime master:85 - ext4 /dev/mapper/vg-home rw mountid=5087 fsname=/myusernamehere/.local/share/applications dir=/home/myusernamehere/.local/share/applications fstype=ext4 Whitelisting /home/myusernamehere/.local/share/icons 5088 4946 253:3 /myusernamehere/.local/share/icons /home/myusernamehere/.local/share/icons rw,relatime master:85 - ext4 /dev/mapper/vg-home rw mountid=5088 fsname=/myusernamehere/.local/share/icons dir=/home/myusernamehere/.local/share/icons fstype=ext4 Whitelisting /home/myusernamehere/.local/share/mime 5089 4946 253:3 /myusernamehere/.local/share/mime /home/myusernamehere/.local/share/mime rw,relatime master:85 - ext4 /dev/mapper/vg-home rw mountid=5089 fsname=/myusernamehere/.local/share/mime dir=/home/myusernamehere/.local/share/mime fstype=ext4 Whitelisting /home/myusernamehere/.config/dconf 5090 4946 253:3 /myusernamehere/.config/dconf /home/myusernamehere/.config/dconf rw,relatime master:85 - ext4 /dev/mapper/vg-home rw mountid=5090 fsname=/myusernamehere/.config/dconf dir=/home/myusernamehere/.config/dconf fstype=ext4 Whitelisting /home/myusernamehere/.cache/fontconfig 5091 4946 253:3 /myusernamehere/.cache/fontconfig /home/myusernamehere/.cache/fontconfig rw,relatime master:85 - ext4 /dev/mapper/vg-home rw mountid=5091 fsname=/myusernamehere/.cache/fontconfig dir=/home/myusernamehere/.cache/fontconfig fstype=ext4 Whitelisting /home/myusernamehere/.config/gtk-2.0 5092 4946 253:3 /myusernamehere/.config/gtk-2.0 /home/myusernamehere/.config/gtk-2.0 rw,relatime master:85 - ext4 /dev/mapper/vg-home rw mountid=5092 fsname=/myusernamehere/.config/gtk-2.0 dir=/home/myusernamehere/.config/gtk-2.0 fstype=ext4 Whitelisting /home/myusernamehere/.config/gtk-3.0 5093 4946 253:3 /myusernamehere/.config/gtk-3.0 /home/myusernamehere/.config/gtk-3.0 rw,relatime master:85 - ext4 /dev/mapper/vg-home rw mountid=5093 fsname=/myusernamehere/.config/gtk-3.0 dir=/home/myusernamehere/.config/gtk-3.0 fstype=ext4 Whitelisting /home/myusernamehere/.gtkrc-2.0 5094 4946 253:3 /myusernamehere/.gtkrc-2.0 /home/myusernamehere/.gtkrc-2.0 rw,relatime master:85 - ext4 /dev/mapper/vg-home rw mountid=5094 fsname=/myusernamehere/.gtkrc-2.0 dir=/home/myusernamehere/.gtkrc-2.0 fstype=ext4 Whitelisting /home/myusernamehere/.themes 5095 4946 253:3 /myusernamehere/.themes /home/myusernamehere/.themes rw,relatime master:85 - ext4 /dev/mapper/vg-home rw mountid=5095 fsname=/myusernamehere/.themes dir=/home/myusernamehere/.themes fstype=ext4 Whitelisting /home/myusernamehere/.config/Kvantum 5096 4946 253:3 /myusernamehere/.config/Kvantum /home/myusernamehere/.config/Kvantum rw,relatime master:85 - ext4 /dev/mapper/vg-home rw mountid=5096 fsname=/myusernamehere/.config/Kvantum dir=/home/myusernamehere/.config/Kvantum fstype=ext4 Whitelisting /tmp/.X11-unix 5097 4944 253:2 /tmp/.X11-unix /tmp/.X11-unix rw,relatime master:1 - ext4 /dev/mapper/vg-root rw,errors=remount-ro mountid=5097 fsname=/tmp/.X11-unix dir=/tmp/.X11-unix fstype=ext4 Whitelisting /tmp/pulse-PKdhtXMmr18n 5098 4944 253:2 /tmp/pulse-PKdhtXMmr18n /tmp/pulse-PKdhtXMmr18n rw,relatime master:1 - ext4 /dev/mapper/vg-root rw,errors=remount-ro mountid=5098 fsname=/tmp/pulse-PKdhtXMmr18n dir=/tmp/pulse-PKdhtXMmr18n fstype=ext4 Disable /etc/X11/Xsession.d Disable /etc/xdg/autostart Mounting read-only /home/myusernamehere/.config/dconf 5103 5090 253:3 /myusernamehere/.config/dconf /home/myusernamehere/.config/dconf ro,relatime master:85 - ext4 /dev/mapper/vg-home rw mountid=5103 fsname=/myusernamehere/.config/dconf dir=/home/myusernamehere/.config/dconf fstype=ext4 Disable /var/lib/systemd Disable /var/cache/apt Disable /var/lib/apt Disable /var/lib/dkms Disable /var/lib/upower Disable /var/mail Disable /var/opt Disable /run/acpid.socket (requested /var/run/acpid.socket) Disable /var/spool/anacron Disable /var/spool/cron Disable /var/mail (requested /var/spool/mail) Disable /etc/anacrontab Disable /etc/cron.monthly Disable /etc/crontab Disable /etc/cron.weekly Disable /etc/cron.hourly Disable /etc/cron.d Disable /etc/cron.daily Disable /etc/profile.d Disable /etc/rc2.d Disable /etc/rc6.d Disable /etc/rc0.d Disable /etc/rc1.d Disable /etc/rcS.d Disable /etc/rc4.d Disable /etc/rc5.d Disable /etc/rc3.d Disable /etc/kerneloops.conf Disable /etc/kernel-img.conf Disable /etc/kernel Disable /etc/grub.d Disable /etc/dkms Disable /etc/apparmor Disable /etc/apparmor.d Disable /etc/selinux Disable /etc/modules Disable /etc/modules-load.d Disable /etc/logrotate.d Disable /etc/logrotate.conf Disable /etc/adduser.conf Mounting read-only /home/myusernamehere/.bashrc 5144 4946 0:153 /myusernamehere/.bashrc /home/myusernamehere/.bashrc ro,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755 mountid=5144 fsname=/myusernamehere/.bashrc dir=/home/myusernamehere/.bashrc fstype=tmpfs Mounting read-only /home/myusernamehere/.local/share/applications 5145 5087 253:3 /myusernamehere/.local/share/applications /home/myusernamehere/.local/share/applications ro,relatime master:85 - ext4 /dev/mapper/vg-home rw mountid=5145 fsname=/myusernamehere/.local/share/applications dir=/home/myusernamehere/.local/share/applications fstype=ext4 Disable /etc/group- Disable /etc/gshadow Disable /etc/gshadow- Disable /etc/passwd- Disable /etc/shadow Disable /etc/shadow- Disable /etc/ssh Disable /usr/sbin (requested /sbin) Disable /usr/local/sbin Disable /usr/sbin Disable /usr/bin/chage Disable /usr/bin/chage (requested /bin/chage) Disable /usr/bin/chfn Disable /usr/bin/chfn (requested /bin/chfn) Disable /usr/bin/chsh Disable /usr/bin/chsh (requested /bin/chsh) Disable /usr/bin/crontab Disable /usr/bin/crontab (requested /bin/crontab) Disable /usr/bin/evtest Disable /usr/bin/evtest (requested /bin/evtest) Disable /usr/bin/expiry Disable /usr/bin/expiry (requested /bin/expiry) Disable /usr/bin/fusermount Disable /usr/bin/fusermount (requested /bin/fusermount) Disable /usr/bin/gpasswd Disable /usr/bin/gpasswd (requested /bin/gpasswd) Disable /usr/bin/mount Disable /usr/bin/mount (requested /bin/mount) Disable /usr/bin/nc.openbsd (requested /usr/bin/nc) Disable /usr/bin/nc.openbsd (requested /bin/nc) Disable /usr/bin/newgrp Disable /usr/bin/newgrp (requested /bin/newgrp) Disable /usr/bin/ntfs-3g Disable /usr/bin/ntfs-3g (requested /bin/ntfs-3g) Disable /usr/bin/pkexec Disable /usr/bin/pkexec (requested /bin/pkexec) Disable /usr/bin/newgrp (requested /usr/bin/sg) Disable /usr/bin/newgrp (requested /bin/sg) Disable /usr/bin/strace Disable /usr/bin/strace (requested /bin/strace) Disable /usr/bin/su Disable /usr/bin/su (requested /bin/su) Disable /usr/bin/sudo Disable /usr/bin/sudo (requested /bin/sudo) Disable /usr/bin/umount Disable /usr/bin/umount (requested /bin/umount) Disable /usr/bin/xev Disable /usr/bin/xev (requested /bin/xev) Disable /usr/bin/xinput Disable /usr/bin/xinput (requested /bin/xinput) Disable /usr/bin/gnome-terminal Disable /usr/bin/gnome-terminal (requested /bin/gnome-terminal) Disable /usr/bin/gnome-terminal.wrapper Disable /usr/bin/gnome-terminal.wrapper (requested /bin/gnome-terminal.wrapper) Disable /usr/share/flatpak Disable /var/lib/flatpak Disable /usr/bin/bwrap Disable /usr/bin/bwrap (requested /bin/bwrap) Disable /usr/lib/llvm-11/bin/clang-refactor (requested /usr/bin/clang-refactor-11) Disable /usr/lib/llvm-11/bin/clang-include-fixer (requested /usr/bin/clang-include-fixer-11) Disable /usr/lib/llvm-11/bin/clang-doc (requested /usr/bin/clang-doc-11) Disable /usr/lib/llvm-11/bin/clang (requested /usr/bin/clang-cl-11) Disable /usr/lib/llvm-11/bin/clang-apply-replacements (requested /usr/bin/clang-apply-replacements-11) Disable /usr/lib/llvm-11/bin/clang-scan-deps (requested /usr/bin/clang-scan-deps-11) Disable /usr/lib/llvm-11/bin/clang-rename (requested /usr/bin/clang-rename-11) Disable /usr/lib/llvm-11/bin/clang-reorder-fields (requested /usr/bin/clang-reorder-fields-11) Disable /usr/lib/llvm-11/bin/clang-format (requested /usr/bin/clang-format-11) Disable /usr/lib/llvm-11/bin/clang-move (requested /usr/bin/clang-move-11) Disable /usr/lib/llvm-11/bin/clang-tidy (requested /usr/bin/clang-tidy-11) Disable /usr/bin/clang-format-diff-11 Disable /usr/lib/llvm-11/bin/clang (requested /usr/bin/clang++-11) Disable /usr/lib/llvm-11/bin/clang (requested /usr/bin/clang-11) Disable /usr/lib/llvm-11/bin/clang (requested /usr/bin/clang-cpp-11) Disable /usr/lib/llvm-11/bin/clang-offload-bundler (requested /usr/bin/clang-offload-bundler-11) Disable /usr/lib/llvm-11/share/clang/clang-tidy-diff.py (requested /usr/bin/clang-tidy-diff-11.py) Disable /usr/lib/llvm-11/bin/clang-query (requested /usr/bin/clang-query-11) Disable /usr/lib/llvm-11/bin/clang-check (requested /usr/bin/clang-check-11) Disable /usr/lib/llvm-11/bin/clang-extdef-mapping (requested /usr/bin/clang-extdef-mapping-11) Disable /usr/lib/llvm-11/bin/clang-change-namespace (requested /usr/bin/clang-change-namespace-11) Disable /usr/lib/llvm-11/bin/clang-offload-wrapper (requested /usr/bin/clang-offload-wrapper-11) Disable /usr/lib/llvm-11/bin/clang-refactor (requested /bin/clang-refactor-11) Disable /usr/lib/llvm-11/bin/clang-include-fixer (requested /bin/clang-include-fixer-11) Disable /usr/lib/llvm-11/bin/clang-doc (requested /bin/clang-doc-11) Disable /usr/lib/llvm-11/bin/clang (requested /bin/clang-cl-11) Disable /usr/lib/llvm-11/bin/clang-apply-replacements (requested /bin/clang-apply-replacements-11) Disable /usr/lib/llvm-11/bin/clang-scan-deps (requested /bin/clang-scan-deps-11) Disable /usr/lib/llvm-11/bin/clang-rename (requested /bin/clang-rename-11) Disable /usr/lib/llvm-11/bin/clang-reorder-fields (requested /bin/clang-reorder-fields-11) Disable /usr/lib/llvm-11/bin/clang-format (requested /bin/clang-format-11) Disable /usr/lib/llvm-11/bin/clang-move (requested /bin/clang-move-11) Disable /usr/lib/llvm-11/bin/clang-tidy (requested /bin/clang-tidy-11) Disable /usr/bin/clang-format-diff-11 (requested /bin/clang-format-diff-11) Disable /usr/lib/llvm-11/bin/clang (requested /bin/clang++-11) Disable /usr/lib/llvm-11/bin/clang (requested /bin/clang-11) Disable /usr/lib/llvm-11/bin/clang (requested /bin/clang-cpp-11) Disable /usr/lib/llvm-11/bin/clang-offload-bundler (requested /bin/clang-offload-bundler-11) Disable /usr/lib/llvm-11/share/clang/clang-tidy-diff.py (requested /bin/clang-tidy-diff-11.py) Disable /usr/lib/llvm-11/bin/clang-query (requested /bin/clang-query-11) Disable /usr/lib/llvm-11/bin/clang-check (requested /bin/clang-check-11) Disable /usr/lib/llvm-11/bin/clang-extdef-mapping (requested /bin/clang-extdef-mapping-11) Disable /usr/lib/llvm-11/bin/clang-change-namespace (requested /bin/clang-change-namespace-11) Disable /usr/lib/llvm-11/bin/clang-offload-wrapper (requested /bin/clang-offload-wrapper-11) Disable /usr/lib/llvm-11/bin/lldb (requested /usr/bin/lldb-11) Disable /usr/lib/llvm-11/bin/lldb-argdumper (requested /usr/bin/lldb-argdumper-11) Disable /usr/lib/llvm-11/bin/lldb-server (requested /usr/bin/lldb-server-11) Disable /usr/lib/llvm-11/bin/lldb-vscode (requested /usr/bin/lldb-vscode-11) Disable /usr/lib/llvm-11/bin/lldb-instr (requested /usr/bin/lldb-instr-11) Disable /usr/lib/llvm-11/bin/lldb (requested /bin/lldb-11) Disable /usr/lib/llvm-11/bin/lldb-argdumper (requested /bin/lldb-argdumper-11) Disable /usr/lib/llvm-11/bin/lldb-server (requested /bin/lldb-server-11) Disable /usr/lib/llvm-11/bin/lldb-vscode (requested /bin/lldb-vscode-11) Disable /usr/lib/llvm-11/bin/lldb-instr (requested /bin/lldb-instr-11) Disable /usr/lib/llvm-11/bin/llvm-ar (requested /usr/bin/llvm-ranlib-11) Disable /usr/lib/llvm-11/bin/llvm-rtdyld (requested /usr/bin/llvm-rtdyld-11) Disable /usr/lib/llvm-11/bin/llvm-size (requested /usr/bin/llvm-size-11) Disable /usr/lib/llvm-11/bin/llvm-xray (requested /usr/bin/llvm-xray-11) Disable /usr/lib/llvm-11/bin/llvm-ml (requested /usr/bin/llvm-ml-11) Disable /usr/lib/llvm-11/bin/llvm-cxxdump (requested /usr/bin/llvm-cxxdump-11) Disable /usr/lib/llvm-11/bin/llvm-dis (requested /usr/bin/llvm-dis-11) Disable /usr/lib/llvm-11/bin/llvm-ar (requested /usr/bin/llvm-lib-11) Disable /usr/lib/llvm-11/bin/llvm-extract (requested /usr/bin/llvm-extract-11) Disable /usr/lib/llvm-11/bin/llvm-cxxfilt (requested /usr/bin/llvm-cxxfilt-11) Disable /usr/lib/llvm-11/bin/llvm-pdbutil (requested /usr/bin/llvm-pdbutil-11) Disable /usr/lib/llvm-11/bin/llvm-strings (requested /usr/bin/llvm-strings-11) Disable /usr/lib/llvm-11/bin/llvm-split (requested /usr/bin/llvm-split-11) Disable /usr/lib/llvm-11/bin/llvm-gsymutil (requested /usr/bin/llvm-gsymutil-11) Disable /usr/lib/llvm-11/bin/llvm-exegesis (requested /usr/bin/llvm-exegesis-11) Disable /usr/lib/llvm-11/bin/llvm-ar (requested /usr/bin/llvm-ar-11) Disable /usr/lib/llvm-11/bin/llvm-modextract (requested /usr/bin/llvm-modextract-11) Disable /usr/lib/llvm-11/bin/llvm-rc (requested /usr/bin/llvm-rc-11) Disable /usr/lib/llvm-11/bin/llvm-symbolizer (requested /usr/bin/llvm-addr2line-11) Disable /usr/lib/llvm-11/bin/llvm-ar (requested /usr/bin/llvm-dlltool-11) Disable /usr/lib/llvm-11/bin/llvm-mca (requested /usr/bin/llvm-mca-11) Disable /usr/lib/llvm-11/bin/llvm-bcanalyzer (requested /usr/bin/llvm-bcanalyzer-11) Disable /usr/lib/llvm-11/bin/llvm-cvtres (requested /usr/bin/llvm-cvtres-11) Disable /usr/lib/llvm-11/bin/llvm-c-test (requested /usr/bin/llvm-c-test-11) Disable /usr/lib/llvm-11/bin/llvm-dwarfdump (requested /usr/bin/llvm-dwarfdump-11) Disable /usr/lib/llvm-11/bin/llvm-objcopy (requested /usr/bin/llvm-install-name-tool-11) Disable /usr/lib/llvm-11/bin/llvm-symbolizer (requested /usr/bin/llvm-symbolizer-11) Disable /usr/lib/llvm-11/bin/llvm-reduce (requested /usr/bin/llvm-reduce-11) Disable /usr/lib/llvm-11/bin/llvm-dwp (requested /usr/bin/llvm-dwp-11) Disable /usr/lib/llvm-11/bin/llvm-elfabi (requested /usr/bin/llvm-elfabi-11) Disable /usr/lib/llvm-11/bin/llvm-cfi-verify (requested /usr/bin/llvm-cfi-verify-11) Disable /usr/lib/llvm-11/bin/llvm-tblgen (requested /usr/bin/llvm-tblgen-11) Disable /usr/lib/llvm-11/bin/llvm-jitlink (requested /usr/bin/llvm-jitlink-11) Disable /usr/lib/llvm-11/bin/llvm-cov (requested /usr/bin/llvm-cov-11) Disable /usr/lib/llvm-11/bin/llvm-as (requested /usr/bin/llvm-as-11) Disable /usr/lib/llvm-11/bin/llvm-ifs (requested /usr/bin/llvm-ifs-11) Disable /usr/lib/llvm-11/bin/llvm-config (requested /usr/bin/llvm-config-11) Disable /usr/lib/llvm-11/bin/llvm-nm (requested /usr/bin/llvm-nm-11) Disable /usr/lib/llvm-11/bin/llvm-objcopy (requested /usr/bin/llvm-strip-11) Disable /usr/lib/llvm-11/bin/llvm-lto2 (requested /usr/bin/llvm-lto2-11) Disable /usr/lib/llvm-11/bin/llvm-link (requested /usr/bin/llvm-link-11) Disable /usr/lib/llvm-11/bin/llvm-objcopy (requested /usr/bin/llvm-objcopy-11) Disable /usr/lib/llvm-11/bin/llvm-mc (requested /usr/bin/llvm-mc-11) Disable /usr/lib/llvm-11/bin/llvm-cxxmap (requested /usr/bin/llvm-cxxmap-11) Disable /usr/lib/llvm-11/bin/llvm-opt-report (requested /usr/bin/llvm-opt-report-11) Disable /usr/lib/llvm-11/bin/llvm-readobj (requested /usr/bin/llvm-readobj-11) Disable /usr/lib/llvm-11/bin/llvm-readobj (requested /usr/bin/llvm-readelf-11) Disable /usr/lib/llvm-11/bin/llvm-stress (requested /usr/bin/llvm-stress-11) Disable /usr/lib/llvm-11/bin/llvm-diff (requested /usr/bin/llvm-diff-11) Disable /usr/lib/llvm-11/bin/llvm-undname (requested /usr/bin/llvm-undname-11) Disable /usr/lib/llvm-11/bin/llvm-objdump (requested /usr/bin/llvm-objdump-11) Disable /usr/lib/llvm-11/bin/llvm-mt (requested /usr/bin/llvm-mt-11) Disable /usr/lib/llvm-11/bin/llvm-lto (requested /usr/bin/llvm-lto-11) Disable /usr/lib/llvm-11/bin/llvm-lipo (requested /usr/bin/llvm-lipo-11) Disable /usr/lib/llvm-11/bin/llvm-cat (requested /usr/bin/llvm-cat-11) Disable /usr/lib/llvm-11/bin/llvm-profdata (requested /usr/bin/llvm-profdata-11) Disable /usr/lib/llvm-11/bin/llvm-PerfectShuffle (requested /usr/bin/llvm-PerfectShuffle-11) Disable /usr/lib/llvm-11/bin/llvm-ar (requested /bin/llvm-ranlib-11) Disable /usr/lib/llvm-11/bin/llvm-rtdyld (requested /bin/llvm-rtdyld-11) Disable /usr/lib/llvm-11/bin/llvm-size (requested /bin/llvm-size-11) Disable /usr/lib/llvm-11/bin/llvm-xray (requested /bin/llvm-xray-11) Disable /usr/lib/llvm-11/bin/llvm-ml (requested /bin/llvm-ml-11) Disable /usr/lib/llvm-11/bin/llvm-cxxdump (requested /bin/llvm-cxxdump-11) Disable /usr/lib/llvm-11/bin/llvm-dis (requested /bin/llvm-dis-11) Disable /usr/lib/llvm-11/bin/llvm-ar (requested /bin/llvm-lib-11) Disable /usr/lib/llvm-11/bin/llvm-extract (requested /bin/llvm-extract-11) Disable /usr/lib/llvm-11/bin/llvm-cxxfilt (requested /bin/llvm-cxxfilt-11) Disable /usr/lib/llvm-11/bin/llvm-pdbutil (requested /bin/llvm-pdbutil-11) Disable /usr/lib/llvm-11/bin/llvm-strings (requested /bin/llvm-strings-11) Disable /usr/lib/llvm-11/bin/llvm-split (requested /bin/llvm-split-11) Disable /usr/lib/llvm-11/bin/llvm-gsymutil (requested /bin/llvm-gsymutil-11) Disable /usr/lib/llvm-11/bin/llvm-exegesis (requested /bin/llvm-exegesis-11) Disable /usr/lib/llvm-11/bin/llvm-ar (requested /bin/llvm-ar-11) Disable /usr/lib/llvm-11/bin/llvm-modextract (requested /bin/llvm-modextract-11) Disable /usr/lib/llvm-11/bin/llvm-rc (requested /bin/llvm-rc-11) Disable /usr/lib/llvm-11/bin/llvm-symbolizer (requested /bin/llvm-addr2line-11) Disable /usr/lib/llvm-11/bin/llvm-ar (requested /bin/llvm-dlltool-11) Disable /usr/lib/llvm-11/bin/llvm-mca (requested /bin/llvm-mca-11) Disable /usr/lib/llvm-11/bin/llvm-bcanalyzer (requested /bin/llvm-bcanalyzer-11) Disable /usr/lib/llvm-11/bin/llvm-cvtres (requested /bin/llvm-cvtres-11) Disable /usr/lib/llvm-11/bin/llvm-c-test (requested /bin/llvm-c-test-11) Disable /usr/lib/llvm-11/bin/llvm-dwarfdump (requested /bin/llvm-dwarfdump-11) Disable /usr/lib/llvm-11/bin/llvm-objcopy (requested /bin/llvm-install-name-tool-11) Disable /usr/lib/llvm-11/bin/llvm-symbolizer (requested /bin/llvm-symbolizer-11) Disable /usr/lib/llvm-11/bin/llvm-reduce (requested /bin/llvm-reduce-11) Disable /usr/lib/llvm-11/bin/llvm-dwp (requested /bin/llvm-dwp-11) Disable /usr/lib/llvm-11/bin/llvm-elfabi (requested /bin/llvm-elfabi-11) Disable /usr/lib/llvm-11/bin/llvm-cfi-verify (requested /bin/llvm-cfi-verify-11) Disable /usr/lib/llvm-11/bin/llvm-tblgen (requested /bin/llvm-tblgen-11) Disable /usr/lib/llvm-11/bin/llvm-jitlink (requested /bin/llvm-jitlink-11) Disable /usr/lib/llvm-11/bin/llvm-cov (requested /bin/llvm-cov-11) Disable /usr/lib/llvm-11/bin/llvm-as (requested /bin/llvm-as-11) Disable /usr/lib/llvm-11/bin/llvm-ifs (requested /bin/llvm-ifs-11) Disable /usr/lib/llvm-11/bin/llvm-config (requested /bin/llvm-config-11) Disable /usr/lib/llvm-11/bin/llvm-nm (requested /bin/llvm-nm-11) Disable /usr/lib/llvm-11/bin/llvm-objcopy (requested /bin/llvm-strip-11) Disable /usr/lib/llvm-11/bin/llvm-lto2 (requested /bin/llvm-lto2-11) Disable /usr/lib/llvm-11/bin/llvm-link (requested /bin/llvm-link-11) Disable /usr/lib/llvm-11/bin/llvm-objcopy (requested /bin/llvm-objcopy-11) Disable /usr/lib/llvm-11/bin/llvm-mc (requested /bin/llvm-mc-11) Disable /usr/lib/llvm-11/bin/llvm-cxxmap (requested /bin/llvm-cxxmap-11) Disable /usr/lib/llvm-11/bin/llvm-opt-report (requested /bin/llvm-opt-report-11) Disable /usr/lib/llvm-11/bin/llvm-readobj (requested /bin/llvm-readobj-11) Disable /usr/lib/llvm-11/bin/llvm-readobj (requested /bin/llvm-readelf-11) Disable /usr/lib/llvm-11/bin/llvm-stress (requested /bin/llvm-stress-11) Disable /usr/lib/llvm-11/bin/llvm-diff (requested /bin/llvm-diff-11) Disable /usr/lib/llvm-11/bin/llvm-undname (requested /bin/llvm-undname-11) Disable /usr/lib/llvm-11/bin/llvm-objdump (requested /bin/llvm-objdump-11) Disable /usr/lib/llvm-11/bin/llvm-mt (requested /bin/llvm-mt-11) Disable /usr/lib/llvm-11/bin/llvm-lto (requested /bin/llvm-lto-11) Disable /usr/lib/llvm-11/bin/llvm-lipo (requested /bin/llvm-lipo-11) Disable /usr/lib/llvm-11/bin/llvm-cat (requested /bin/llvm-cat-11) Disable /usr/lib/llvm-11/bin/llvm-profdata (requested /bin/llvm-profdata-11) Disable /usr/lib/llvm-11/bin/llvm-PerfectShuffle (requested /bin/llvm-PerfectShuffle-11) Disable /usr/bin/x86_64-linux-gnu-as (requested /usr/bin/as) Disable /usr/bin/x86_64-linux-gnu-as (requested /bin/as) Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /usr/bin/cc) Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /bin/cc) Disable /usr/bin/x86_64-linux-gnu-c++filt (requested /usr/bin/c++filt) Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /usr/bin/c++) Disable /usr/bin/x86_64-linux-gnu-c++filt (requested /bin/c++filt) Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /bin/c++) Disable /usr/bin/c89-gcc (requested /usr/bin/c89) Disable /usr/bin/c89-gcc Disable /usr/bin/c89-gcc (requested /bin/c89) Disable /usr/bin/c89-gcc (requested /bin/c89-gcc) Disable /usr/bin/c99-gcc Disable /usr/bin/c99-gcc (requested /usr/bin/c99) Disable /usr/bin/c99-gcc (requested /bin/c99-gcc) Disable /usr/bin/c99-gcc (requested /bin/c99) Disable /usr/bin/x86_64-linux-gnu-cpp-10 (requested /usr/bin/cpp-10) Disable /usr/bin/x86_64-linux-gnu-cpp-9 (requested /usr/bin/cpp-9) Disable /usr/bin/x86_64-linux-gnu-cpp-8 (requested /usr/bin/cpp-8) Disable /usr/bin/x86_64-linux-gnu-cpp-9 (requested /usr/bin/cpp) Disable /usr/bin/x86_64-linux-gnu-cpp-10 (requested /bin/cpp-10) Disable /usr/bin/x86_64-linux-gnu-cpp-9 (requested /bin/cpp-9) Disable /usr/bin/x86_64-linux-gnu-cpp-8 (requested /bin/cpp-8) Disable /usr/bin/x86_64-linux-gnu-cpp-9 (requested /bin/cpp) Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /usr/bin/g++-9) Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /usr/bin/g++-8) Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /usr/bin/g++) Disable /usr/bin/x86_64-linux-gnu-g++-10 (requested /usr/bin/g++-10) Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /bin/g++-9) Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /bin/g++-8) Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /bin/g++) Disable /usr/bin/x86_64-linux-gnu-g++-10 (requested /bin/g++-10) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9 (requested /usr/bin/gcc-ar) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-10 (requested /usr/bin/gcc-ar-10) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 (requested /usr/bin/gcc-ar-8) Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /usr/bin/gcc) Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /usr/bin/gcc-8) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9 (requested /usr/bin/gcc-nm) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-10 (requested /usr/bin/gcc-nm-10) Disable /usr/bin/x86_64-linux-gnu-gcc-10 (requested /usr/bin/gcc-10) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 (requested /usr/bin/gcc-nm-8) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 (requested /usr/bin/gcc-ranlib-8) Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /usr/bin/gcc-9) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9 (requested /usr/bin/gcc-ranlib) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-10 (requested /usr/bin/gcc-ranlib-10) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9 (requested /usr/bin/gcc-ranlib-9) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9 (requested /usr/bin/gcc-ar-9) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9 (requested /usr/bin/gcc-nm-9) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9 (requested /bin/gcc-ar) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-10 (requested /bin/gcc-ar-10) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 (requested /bin/gcc-ar-8) Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /bin/gcc) Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /bin/gcc-8) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9 (requested /bin/gcc-nm) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-10 (requested /bin/gcc-nm-10) Disable /usr/bin/x86_64-linux-gnu-gcc-10 (requested /bin/gcc-10) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 (requested /bin/gcc-nm-8) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 (requested /bin/gcc-ranlib-8) Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /bin/gcc-9) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9 (requested /bin/gcc-ranlib) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-10 (requested /bin/gcc-ranlib-10) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9 (requested /bin/gcc-ranlib-9) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9 (requested /bin/gcc-ar-9) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9 (requested /bin/gcc-nm-9) Disable /usr/bin/gdb Disable /usr/bin/gdb (requested /bin/gdb) Disable /usr/bin/x86_64-linux-gnu-ld.bfd (requested /usr/bin/ld) Disable /usr/bin/x86_64-linux-gnu-ld.bfd (requested /bin/ld) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9 (requested /usr/bin/x86_64-linux-gnu-gcc-nm) Disable /usr/bin/c99-gcc Disable /usr/bin/x86_64-linux-gnu-gcc-10 Disable /usr/bin/x86_64-linux-gnu-gcc-nm-10 Disable /usr/bin/x86_64-linux-gnu-gcc-ar-10 Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 Disable /usr/bin/x86_64-linux-gnu-gcc-9 Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /usr/bin/x86_64-linux-gnu-gcc) Disable /usr/bin/x86_64-linux-gnu-gcc-8 Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 Disable /usr/bin/c89-gcc Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9 Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9 Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9 Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9 (requested /usr/bin/x86_64-linux-gnu-gcc-ranlib) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9 (requested /usr/bin/x86_64-linux-gnu-gcc-ar) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-10 Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9 (requested /bin/x86_64-linux-gnu-gcc-nm) Disable /usr/bin/c99-gcc (requested /bin/c99-gcc) Disable /usr/bin/x86_64-linux-gnu-gcc-10 (requested /bin/x86_64-linux-gnu-gcc-10) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-10 (requested /bin/x86_64-linux-gnu-gcc-nm-10) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-10 (requested /bin/x86_64-linux-gnu-gcc-ar-10) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 (requested /bin/x86_64-linux-gnu-gcc-nm-8) Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /bin/x86_64-linux-gnu-gcc-9) Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /bin/x86_64-linux-gnu-gcc) Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /bin/x86_64-linux-gnu-gcc-8) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 (requested /bin/x86_64-linux-gnu-gcc-ranlib-8) Disable /usr/bin/c89-gcc (requested /bin/c89-gcc) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9 (requested /bin/x86_64-linux-gnu-gcc-nm-9) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 (requested /bin/x86_64-linux-gnu-gcc-ar-8) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9 (requested /bin/x86_64-linux-gnu-gcc-ranlib-9) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9 (requested /bin/x86_64-linux-gnu-gcc-ar-9) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9 (requested /bin/x86_64-linux-gnu-gcc-ranlib) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9 (requested /bin/x86_64-linux-gnu-gcc-ar) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-10 (requested /bin/x86_64-linux-gnu-gcc-ranlib-10) Disable /usr/bin/x86_64-linux-gnu-g++-8 Disable /usr/bin/x86_64-linux-gnu-g++-10 Disable /usr/bin/x86_64-linux-gnu-g++-9 Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /usr/bin/x86_64-linux-gnu-g++) Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /bin/x86_64-linux-gnu-g++-8) Disable /usr/bin/x86_64-linux-gnu-g++-10 (requested /bin/x86_64-linux-gnu-g++-10) Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /bin/x86_64-linux-gnu-g++-9) Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /bin/x86_64-linux-gnu-g++) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9 (requested /usr/bin/x86_64-linux-gnu-gcc-nm) Disable /usr/bin/c99-gcc Disable /usr/bin/x86_64-linux-gnu-gcc-10 Disable /usr/bin/x86_64-linux-gnu-gcc-nm-10 Disable /usr/bin/x86_64-linux-gnu-gcc-ar-10 Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 Disable /usr/bin/x86_64-linux-gnu-gcc-9 Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /usr/bin/x86_64-linux-gnu-gcc) Disable /usr/bin/x86_64-linux-gnu-gcc-8 Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 Disable /usr/bin/c89-gcc Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9 Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9 Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9 Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9 (requested /usr/bin/x86_64-linux-gnu-gcc-ranlib) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9 (requested /usr/bin/x86_64-linux-gnu-gcc-ar) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-10 Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9 (requested /bin/x86_64-linux-gnu-gcc-nm) Disable /usr/bin/c99-gcc (requested /bin/c99-gcc) Disable /usr/bin/x86_64-linux-gnu-gcc-10 (requested /bin/x86_64-linux-gnu-gcc-10) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-10 (requested /bin/x86_64-linux-gnu-gcc-nm-10) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-10 (requested /bin/x86_64-linux-gnu-gcc-ar-10) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 (requested /bin/x86_64-linux-gnu-gcc-nm-8) Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /bin/x86_64-linux-gnu-gcc-9) Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /bin/x86_64-linux-gnu-gcc) Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /bin/x86_64-linux-gnu-gcc-8) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 (requested /bin/x86_64-linux-gnu-gcc-ranlib-8) Disable /usr/bin/c89-gcc (requested /bin/c89-gcc) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9 (requested /bin/x86_64-linux-gnu-gcc-nm-9) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 (requested /bin/x86_64-linux-gnu-gcc-ar-8) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9 (requested /bin/x86_64-linux-gnu-gcc-ranlib-9) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9 (requested /bin/x86_64-linux-gnu-gcc-ar-9) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9 (requested /bin/x86_64-linux-gnu-gcc-ranlib) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9 (requested /bin/x86_64-linux-gnu-gcc-ar) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-10 (requested /bin/x86_64-linux-gnu-gcc-ranlib-10) Disable /usr/bin/x86_64-linux-gnu-g++-8 Disable /usr/bin/x86_64-linux-gnu-g++-10 Disable /usr/bin/x86_64-linux-gnu-g++-9 Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /usr/bin/x86_64-linux-gnu-g++) Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /bin/x86_64-linux-gnu-g++-8) Disable /usr/bin/x86_64-linux-gnu-g++-10 (requested /bin/x86_64-linux-gnu-g++-10) Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /bin/x86_64-linux-gnu-g++-9) Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /bin/x86_64-linux-gnu-g++) Disable /usr/include Disable /usr/lib/jvm/java-11-openjdk-amd64/bin/java (requested /usr/bin/java) Disable /usr/lib/jvm/java-11-openjdk-amd64/bin/java (requested /bin/java) Disable /usr/share/java Disable /usr/bin/openssl Disable /usr/bin/openssl (requested /bin/openssl) Disable /usr/lib/valgrind Disable /usr/bin/luajittex Disable /usr/share/texlive/texmf-dist/scripts/lua2dox/lua2dox_filter (requested /usr/bin/lua2dox_filter) Disable /usr/share/texlive/texmf-dist/scripts/luaotfload/luaotfload-tool.lua (requested /usr/bin/luaotfload-tool) Disable /usr/bin/luatex (requested /usr/bin/lualatex-dev) Disable /usr/bin/luatex (requested /usr/bin/lualatex) Disable /usr/bin/luatex Disable /usr/bin/luajittex (requested /bin/luajittex) Disable /usr/share/texlive/texmf-dist/scripts/lua2dox/lua2dox_filter (requested /bin/lua2dox_filter) Disable /usr/share/texlive/texmf-dist/scripts/luaotfload/luaotfload-tool.lua (requested /bin/luaotfload-tool) Disable /usr/bin/luatex (requested /bin/lualatex-dev) Disable /usr/bin/luatex (requested /bin/lualatex) Disable /usr/bin/luatex (requested /bin/luatex) Disable /usr/share/lua Disable /usr/bin/cpan5.30-x86_64-linux-gnu Disable /usr/bin/cpan5.30-i386-linux-gnu Disable /usr/bin/cpan Disable /usr/bin/cpan5.30-x86_64-linux-gnu (requested /bin/cpan5.30-x86_64-linux-gnu) Disable /usr/bin/cpan5.30-i386-linux-gnu (requested /bin/cpan5.30-i386-linux-gnu) Disable /usr/bin/cpan (requested /bin/cpan) Disable /usr/bin/perl Disable /usr/bin/perl (requested /bin/perl) Disable /usr/share/perl Disable /usr/share/perl5 Disable /usr/share/perl-openssl-defaults Disable /usr/bin/ruby2.7 (requested /usr/bin/ruby) Disable /usr/bin/ruby2.7 (requested /bin/ruby) Disable /usr/lib/ruby Disable /usr/bin/python2.7 (requested /usr/bin/python2) Disable /usr/bin/x86_64-linux-gnu-python2.7-config (requested /usr/bin/python2-config) Disable /usr/bin/python2.7 Disable /usr/bin/x86_64-linux-gnu-python2.7-config (requested /usr/bin/python2.7-config) Disable /usr/bin/python2.7 (requested /bin/python2) Disable /usr/bin/x86_64-linux-gnu-python2.7-config (requested /bin/python2-config) Disable /usr/bin/python2.7 (requested /bin/python2.7) Disable /usr/bin/x86_64-linux-gnu-python2.7-config (requested /bin/python2.7-config) Disable /usr/lib/python2.7 Disable /usr/local/lib/python2.7 Disable /usr/bin/x86_64-linux-gnu-python3.8-config (requested /usr/bin/python3.8-config) Disable /usr/bin/x86_64-linux-gnu-python3.8-config (requested /usr/bin/python3-config) Disable /usr/bin/python3.8 Disable /usr/bin/python3.8 (requested /usr/bin/python3) Disable /usr/bin/python3-futurize Disable /usr/bin/python3-pasteurize Disable /usr/bin/x86_64-linux-gnu-python3.8-config (requested /bin/python3.8-config) Disable /usr/bin/x86_64-linux-gnu-python3.8-config (requested /bin/python3-config) Disable /usr/bin/python3.8 (requested /bin/python3.8) Disable /usr/bin/python3.8 (requested /bin/python3) Disable /usr/bin/python3-futurize (requested /bin/python3-futurize) Disable /usr/bin/python3-pasteurize (requested /bin/python3-pasteurize) Disable /usr/lib/python3.8 Disable /usr/lib/python3.9 Disable /usr/lib/python3 Disable /usr/local/lib/python3.8 Disable /usr/share/python3 Not blacklist /home/myusernamehere/.config/zoomus.conf Not blacklist /home/myusernamehere/.zoom Mounting read-only /home/myusernamehere/.config/user-dirs.dirs 5702 5085 253:3 /myusernamehere/.config/user-dirs.dirs /home/myusernamehere/.config/user-dirs.dirs ro,relatime master:85 - ext4 /dev/mapper/vg-home rw mountid=5702 fsname=/myusernamehere/.config/user-dirs.dirs dir=/home/myusernamehere/.config/user-dirs.dirs fstype=ext4 Mounting read-only /tmp/.X11-unix 5703 5097 253:2 /tmp/.X11-unix /tmp/.X11-unix ro,relatime master:1 - ext4 /dev/mapper/vg-root rw,errors=remount-ro mountid=5703 fsname=/tmp/.X11-unix dir=/tmp/.X11-unix fstype=ext4 Disable /sys/fs Disable /sys/module Mounting noexec /run/firejail/mnt/pulse Creating empty /home/myusernamehere/.config/pulse directory Drop privileges: pid 4, uid 1000, gid 1000, nogroups 0 Warning: cleaning all supplementary groups Mounting /run/firejail/mnt/pulse on /home/myusernamehere/.config/pulse 5707 4946 0:139 /pulse /home/myusernamehere/.config/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755 mountid=5707 fsname=/pulse dir=/home/myusernamehere/.config/pulse fstype=tmpfs Current directory: /home/myusernamehere/.local/share/applications DISPLAY=:1 parsed as 1 Masking all X11 sockets except /tmp/.X11-unix/X1 Install protocol filter: unix,inet,inet6 configuring 14 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol (null) Dropping all capabilities Drop privileges: pid 5, uid 1000, gid 1000, nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 15 01 00 00000029 jeq socket 0006 (false 0005) 0005: 06 00 00 7fff0000 ret ALLOW 0006: 20 00 00 00000010 ld data.args[0] 0007: 15 00 01 00000001 jeq 1 0008 (false 0009) 0008: 06 00 00 7fff0000 ret ALLOW 0009: 15 00 01 00000002 jeq 2 000a (false 000b) 000a: 06 00 00 7fff0000 ret ALLOW 000b: 15 00 01 0000000a jeq a 000c (false 000d) 000c: 06 00 00 7fff0000 ret ALLOW 000d: 06 00 00 0005005f ret ERRNO(95) configuring 54 seccomp entries in /run/firejail/mnt/seccomp/seccomp.32 sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.32 (null) Dropping all capabilities Drop privileges: pid 6, uid 1000, gid 1000, nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 40000003 jeq ARCH_32 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 15 30 00 00000015 jeq 15 0035 (false 0005) 0005: 15 2f 00 00000034 jeq 34 0035 (false 0006) 0006: 15 2e 00 0000001a jeq 1a 0035 (false 0007) 0007: 15 2d 00 0000011b jeq 11b 0035 (false 0008) 0008: 15 2c 00 00000155 jeq 155 0035 (false 0009) 0009: 15 2b 00 00000156 jeq 156 0035 (false 000a) 000a: 15 2a 00 0000007f jeq 7f 0035 (false 000b) 000b: 15 29 00 00000080 jeq 80 0035 (false 000c) 000c: 15 28 00 0000015e jeq 15e 0035 (false 000d) 000d: 15 27 00 00000081 jeq 81 0035 (false 000e) 000e: 15 26 00 0000006e jeq 6e 0035 (false 000f) 000f: 15 25 00 00000065 jeq 65 0035 (false 0010) 0010: 15 24 00 00000121 jeq 121 0035 (false 0011) 0011: 15 23 00 00000057 jeq 57 0035 (false 0012) 0012: 15 22 00 00000073 jeq 73 0035 (false 0013) 0013: 15 21 00 00000067 jeq 67 0035 (false 0014) 0014: 15 20 00 0000015b jeq 15b 0035 (false 0015) 0015: 15 1f 00 0000015c jeq 15c 0035 (false 0016) 0016: 15 1e 00 00000087 jeq 87 0035 (false 0017) 0017: 15 1d 00 00000095 jeq 95 0035 (false 0018) 0018: 15 1c 00 0000007c jeq 7c 0035 (false 0019) 0019: 15 1b 00 00000157 jeq 157 0035 (false 001a) 001a: 15 1a 00 000000fd jeq fd 0035 (false 001b) 001b: 15 19 00 00000150 jeq 150 0035 (false 001c) 001c: 15 18 00 00000152 jeq 152 0035 (false 001d) 001d: 15 17 00 0000015d jeq 15d 0035 (false 001e) 001e: 15 16 00 0000011e jeq 11e 0035 (false 001f) 001f: 15 15 00 0000011f jeq 11f 0035 (false 0020) 0020: 15 14 00 00000120 jeq 120 0035 (false 0021) 0021: 15 13 00 00000056 jeq 56 0035 (false 0022) 0022: 15 12 00 00000033 jeq 33 0035 (false 0023) 0023: 15 11 00 0000007b jeq 7b 0035 (false 0024) 0024: 15 10 00 000000d9 jeq d9 0035 (false 0025) 0025: 15 0f 00 000000f5 jeq f5 0035 (false 0026) 0026: 15 0e 00 000000f6 jeq f6 0035 (false 0027) 0027: 15 0d 00 000000f7 jeq f7 0035 (false 0028) 0028: 15 0c 00 000000f8 jeq f8 0035 (false 0029) 0029: 15 0b 00 000000f9 jeq f9 0035 (false 002a) 002a: 15 0a 00 00000101 jeq 101 0035 (false 002b) 002b: 15 09 00 00000112 jeq 112 0035 (false 002c) 002c: 15 08 00 00000114 jeq 114 0035 (false 002d) 002d: 15 07 00 00000126 jeq 126 0035 (false 002e) 002e: 15 06 00 0000013d jeq 13d 0035 (false 002f) 002f: 15 05 00 0000013c jeq 13c 0035 (false 0030) 0030: 15 04 00 0000003d jeq 3d 0035 (false 0031) 0031: 15 03 00 00000058 jeq 58 0035 (false 0032) 0032: 15 02 00 000000a9 jeq a9 0035 (false 0033) 0033: 15 01 00 00000082 jeq 82 0035 (false 0034) 0034: 06 00 00 7fff0000 ret ALLOW 0035: 06 00 00 00000000 ret KILL Dual 32/64 bit seccomp filter configured configuring 72 seccomp entries in /run/firejail/mnt/seccomp/seccomp sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp (null) Dropping all capabilities Drop privileges: pid 7, uid 1000, gid 1000, nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005) 0005: 35 01 00 00000000 jge read 0007 (false 0006) 0006: 06 00 00 00050001 ret ERRNO(1) 0007: 15 3f 00 0000009f jeq adjtimex 0047 (false 0008) 0008: 15 3e 00 00000131 jeq clock_adjtime 0047 (false 0009) 0009: 15 3d 00 000000e3 jeq clock_settime 0047 (false 000a) 000a: 15 3c 00 000000a4 jeq settimeofday 0047 (false 000b) 000b: 15 3b 00 0000009a jeq modify_ldt 0047 (false 000c) 000c: 15 3a 00 000000d4 jeq lookup_dcookie 0047 (false 000d) 000d: 15 39 00 0000012a jeq perf_event_open 0047 (false 000e) 000e: 15 38 00 00000137 jeq process_vm_writev 0047 (false 000f) 000f: 15 37 00 000000b0 jeq delete_module 0047 (false 0010) 0010: 15 36 00 00000139 jeq finit_module 0047 (false 0011) 0011: 15 35 00 000000af jeq init_module 0047 (false 0012) 0012: 15 34 00 0000009c jeq _sysctl 0047 (false 0013) 0013: 15 33 00 000000b7 jeq afs_syscall 0047 (false 0014) 0014: 15 32 00 000000ae jeq create_module 0047 (false 0015) 0015: 15 31 00 000000b1 jeq get_kernel_syms 0047 (false 0016) 0016: 15 30 00 000000b5 jeq getpmsg 0047 (false 0017) 0017: 15 2f 00 000000b6 jeq putpmsg 0047 (false 0018) 0018: 15 2e 00 000000b2 jeq query_module 0047 (false 0019) 0019: 15 2d 00 000000b9 jeq security 0047 (false 001a) 001a: 15 2c 00 0000008b jeq sysfs 0047 (false 001b) 001b: 15 2b 00 000000b8 jeq tuxcall 0047 (false 001c) 001c: 15 2a 00 00000086 jeq uselib 0047 (false 001d) 001d: 15 29 00 00000088 jeq ustat 0047 (false 001e) 001e: 15 28 00 000000ec jeq vserver 0047 (false 001f) 001f: 15 27 00 000000ad jeq ioperm 0047 (false 0020) 0020: 15 26 00 000000ac jeq iopl 0047 (false 0021) 0021: 15 25 00 000000f6 jeq kexec_load 0047 (false 0022) 0022: 15 24 00 00000140 jeq kexec_file_load 0047 (false 0023) 0023: 15 23 00 000000a9 jeq reboot 0047 (false 0024) 0024: 15 22 00 000000a7 jeq swapon 0047 (false 0025) 0025: 15 21 00 000000a8 jeq swapoff 0047 (false 0026) 0026: 15 20 00 00000130 jeq open_by_handle_at 0047 (false 0027) 0027: 15 1f 00 0000012f jeq name_to_handle_at 0047 (false 0028) 0028: 15 1e 00 000000fb jeq ioprio_set 0047 (false 0029) 0029: 15 1d 00 00000067 jeq syslog 0047 (false 002a) 002a: 15 1c 00 0000012c jeq fanotify_init 0047 (false 002b) 002b: 15 1b 00 00000138 jeq kcmp 0047 (false 002c) 002c: 15 1a 00 000000f8 jeq add_key 0047 (false 002d) 002d: 15 19 00 000000f9 jeq request_key 0047 (false 002e) 002e: 15 18 00 000000ed jeq mbind 0047 (false 002f) 002f: 15 17 00 00000100 jeq migrate_pages 0047 (false 0030) 0030: 15 16 00 00000117 jeq move_pages 0047 (false 0031) 0031: 15 15 00 000000fa jeq keyctl 0047 (false 0032) 0032: 15 14 00 000000ce jeq io_setup 0047 (false 0033) 0033: 15 13 00 000000cf jeq io_destroy 0047 (false 0034) 0034: 15 12 00 000000d0 jeq io_getevents 0047 (false 0035) 0035: 15 11 00 000000d1 jeq io_submit 0047 (false 0036) 0036: 15 10 00 000000d2 jeq io_cancel 0047 (false 0037) 0037: 15 0f 00 000000d8 jeq remap_file_pages 0047 (false 0038) 0038: 15 0e 00 00000143 jeq userfaultfd 0047 (false 0039) 0039: 15 0d 00 000000a3 jeq acct 0047 (false 003a) 003a: 15 0c 00 00000141 jeq bpf 0047 (false 003b) 003b: 15 0b 00 000000a1 jeq chroot 0047 (false 003c) 003c: 15 0a 00 000000a5 jeq mount 0047 (false 003d) 003d: 15 09 00 000000b4 jeq nfsservctl 0047 (false 003e) 003e: 15 08 00 0000009b jeq pivot_root 0047 (false 003f) 003f: 15 07 00 000000ab jeq setdomainname 0047 (false 0040) 0040: 15 06 00 000000aa jeq sethostname 0047 (false 0041) 0041: 15 05 00 000000a6 jeq umount2 0047 (false 0042) 0042: 15 04 00 00000099 jeq vhangup 0047 (false 0043) 0043: 15 03 00 00000065 jeq ptrace 0047 (false 0044) 0044: 15 02 00 00000087 jeq personality 0047 (false 0045) 0045: 15 01 00 00000136 jeq process_vm_readv 0047 (false 0046) 0046: 06 00 00 7fff0000 ret ALLOW 0047: 06 00 01 00000000 ret KILL seccomp filter configured Mounting read-only /run/firejail/mnt/seccomp Dropping all capabilities noroot user namespace installed Dropping all capabilities NO_NEW_PRIVS set Drop privileges: pid 1, uid 1000, gid 1000, nogroups 0 Warning: cleaning all supplementary groups starting application LD_PRELOAD=(null) Running '/usr/bin/zoom' command through /bin/bash execvp argument 0: /bin/bash execvp argument 1: -c execvp argument 2: '/usr/bin/zoom' Child process initialized in 63.56 ms Installing /run/firejail/mnt/seccomp/seccomp seccomp filter Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter monitoring pid 8 Sandbox monitor: waitpid 8 retval 8 status 0 Parent is shutting down, bye... ```

[VorpalBlade]

Looking at it further, ${DOCUMENTS} should probably be used instead.

[rusty-snake]

The fix is simple, add the following to zoom.local (or better yet, to the standard profile so other users can benefit from it):

mkdir ${HOME}/Documents/Zoom
whitelist ${HOME}/Documents/Zoom

The problem is that "Documents" can also be "Dokumente", "Dokumenty", "Dokumentuak", "文档", "Документы", ... so whitelist ${DOCUMENTS} must be used instead [As you already discovered]. This has the drawback that ${DOCUMENTS}/Zoom is treated literally, so zoom has full access to ~/Documents.

What changed calling the program by path (check which or firejail --list while the sandbox is running)? I don't understand this question.

/usr/bin/zoom (or where ever it is installed), but doesn't matter here. In general it does not matter if --noprofile works.

We should reword this, there more issues with don't/miss understand of this.

firejail version 0.9.62

You should update, this version is vulnerable to CVE-2021-26910.

[VorpalBlade]

firejail version 0.9.62

You should update, this version is vulnerable to CVE-2021-26910.

Are you sure that Ubuntu hasn't backported a fix? If so, someone should probably tell them, as this is the version (0.9.62-3) in Ubuntu 20.04 which is LTS...

[rusty-snake]

Are you sure that Ubuntu hasn't backported a fix?

Go to the changelog of the ubu package: https://packages.ubuntu.com/focal/firejail -> https://changelogs.ubuntu.com/changelogs/pool/universe/f/firejail/firejail_0.9.62-3/changelog

and see

firejail (0.9.62-3) unstable; urgency=medium

  * Import upstream profile fixes:
    - firefox (Closes: #948558)
    - transmission-daemon (Closes: #948993)
  * Import another test fix and skip faudit test inside containers.

 -- Reiner Herrmann <reiner@reiner-h.de>  Mon, 20 Jan 2020 19:53:34 +0100

as latest change. Compare this to https://github.com/netblue30/firejail/releases/tag/0.9.64.4: 17. Feb 2021.

You simply test if firejail --overlayfs-named=foobar --noprofile bash works. If it works, you're vulnerable.

If so, someone should probably tell them

https://seclists.org/oss-sec/2021/q1/121

[VorpalBlade]

I filed a bug report with Ubuntu about this (https://bugs.launchpad.net/ubuntu/+source/firejail/+bug/1916767 but it is apparently private since I marked it as a security issue. Since the issue is disclosed that is silly but I don't see how to "unprivate" it)

[VorpalBlade]

Oh and https://firejail.wordpress.com/download-2/cve-status/ should probably be updated to include this CVE. I don't see it on there.

[rusty-snake]

Arch, Debian, Fedora, openSUSE had fixed (update/bakcport) this fast (<24h AFAICT) but Alpine, Manjaro, Ubuntu and therefore Mint are still shipping vulnerable versions. You see, if you want security the must important point is to choose the right distro.

---

Oh and https://firejail.wordpress.com/download-2/cve-status/ should probably be updated to include this CVE. I don't see it on there.

@netblue30

[kmk3]

@VorpalBlade commented 14 hours ago:

Looking at it further, ${DOCUMENTS} should probably be used instead.

@rusty-snake commented 14 hours ago:

The fix is simple, add the following to zoom.local (or better yet, to the standard profile so other users can benefit from it):

mkdir ${HOME}/Documents/Zoom
whitelist ${HOME}/Documents/Zoom

The problem is that "Documents" can also be "Dokumente", "Dokumenty", "Dokumentuak", "文档", "Документы", ... so whitelist ${DOCUMENTS} must be used instead [As you already discovered]. This has the drawback that ${DOCUMENTS}/Zoom is treated literally, so zoom has full access to ~/Documents.

For reference, this problem is related to #2359.