firejail always creates an empty .zshrc

[blastrock]

Description

Firejail always create an empty .zshrc file in the sandboxed home, even if the file is whitelisted.

Steps to Reproduce

Steps to reproduce the behavior

1. Create a simple profile with just whitelist-ro ~/.config (or any other file/dir)
2. Run LC_ALL=C firejail --profile=prof ls -la
3. See that there is a 0-bytes .zshrc file there

Alternative:

1. Create a simple profile with just whitelist-ro ~/.zshrc
2. Run LC_ALL=C firejail --profile=prof ls -la
3. See that there is a 0-bytes .zshrc file there, instead of the one we whitelisted

Expected behavior

If the profile does not mention .zshrc, the file shouldn't exist. Moreover, if we whitelist .zshrc, the host file should be mounted, not an empty one (and this is my main issue).

Actual behavior

Whatever I do, an empty .zshrc file is created.

Additional context

Running with --debug does not output anything about that .zshrc in the first case. And it writes that it binds it as requested in the second case.

Environment

• Linux distribution and version: debian unstable
• Firejail version 0.9.70

Checklist

• [x] The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it).
• [x] I can reproduce the issue without custom modifications (e.g. globals.local).
• [ ] The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
• [ ] The profile (and redirect profile if exists) hasn't already been fixed upstream.
• [x] I have performed a short search for similar issues (to avoid opening a duplicate).
  • [ ] I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.
• [x] I used --profile=PROFILENAME to set the right profile. (Only relevant for AppImages)

Log

Output of LC_ALL=C firejail --profile=prof --debug ls -la

``` Autoselecting /bin/zsh as shell Building quoted command line: 'ls' '-la' Command name #ls# DISPLAY=:0 parsed as 0 Using the local network stack Parent pid 520750, child pid 520751 Initializing child process Host network configured PID namespace installed Mounting tmpfs on /run/firejail/mnt directory Creating empty /run/firejail/mnt/seccomp directory Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file IBUS_ADDRESS=unix:abstract=/tmp/dbus-HdlH0Sh5,guid=e1b3738b0f47ce3ab89253445213a085 IBUS_DAEMON_PID=2083 IBUS_ADDRESS=unix:abstract=/home/blastrock/.cache/ibus/dbus-eSpYGjkn,guid=e4a6f0b639dd52c38e38ffc662a5a4d8 IBUS_DAEMON_PID=79613 IBUS_ADDRESS=unix:abstract=/tmp/dbus-KgjYF3MI,guid=edec96d106196db19e17db5f53fe16cd IBUS_DAEMON_PID=1746 Mounting /proc filesystem representing the PID namespace Basic read-only filesystem: Mounting read-only /etc 1071 1034 259:2 /etc /etc ro,relatime master:1 - ext4 /dev/nvme0n1p2 rw,discard,errors=remount-ro mountid=1071 fsname=/etc dir=/etc fstype=ext4 Mounting noexec /etc 1072 1071 259:2 /etc /etc ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/nvme0n1p2 rw,discard,errors=remount-ro mountid=1072 fsname=/etc dir=/etc fstype=ext4 Mounting read-only /var 1073 1034 259:2 /var /var ro,relatime master:1 - ext4 /dev/nvme0n1p2 rw,discard,errors=remount-ro mountid=1073 fsname=/var dir=/var fstype=ext4 Mounting noexec /var 1074 1073 259:2 /var /var ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/nvme0n1p2 rw,discard,errors=remount-ro mountid=1074 fsname=/var dir=/var fstype=ext4 Mounting read-only /usr 1075 1034 259:2 /usr /usr ro,relatime master:1 - ext4 /dev/nvme0n1p2 rw,discard,errors=remount-ro mountid=1075 fsname=/usr dir=/usr fstype=ext4 Mounting read-only /bin 1076 1034 259:2 /bin /bin ro,relatime master:1 - ext4 /dev/nvme0n1p2 rw,discard,errors=remount-ro mountid=1076 fsname=/bin dir=/bin fstype=ext4 Mounting read-only /sbin 1077 1034 259:2 /sbin /sbin ro,relatime master:1 - ext4 /dev/nvme0n1p2 rw,discard,errors=remount-ro mountid=1077 fsname=/sbin dir=/sbin fstype=ext4 Mounting read-only /lib 1078 1034 259:2 /lib /lib ro,relatime master:1 - ext4 /dev/nvme0n1p2 rw,discard,errors=remount-ro mountid=1078 fsname=/lib dir=/lib fstype=ext4 Mounting read-only /lib64 1079 1034 259:2 /lib64 /lib64 ro,relatime master:1 - ext4 /dev/nvme0n1p2 rw,discard,errors=remount-ro mountid=1079 fsname=/lib64 dir=/lib64 fstype=ext4 Mounting read-only /lib32 1080 1034 259:2 /lib32 /lib32 ro,relatime master:1 - ext4 /dev/nvme0n1p2 rw,discard,errors=remount-ro mountid=1080 fsname=/lib32 dir=/lib32 fstype=ext4 Mounting read-only /libx32 1081 1034 259:2 /libx32 /libx32 ro,relatime master:1 - ext4 /dev/nvme0n1p2 rw,discard,errors=remount-ro mountid=1081 fsname=/libx32 dir=/libx32 fstype=ext4 Mounting tmpfs on /var/lock Mounting tmpfs on /var/tmp Mounting tmpfs on /var/log Mounting tmpfs on /var/lib/dhcp Mounting tmpfs on /var/lib/snmp Mounting tmpfs on /var/lib/sudo Create the new utmp file Mount the new utmp file Cleaning /home directory Cleaning /run/user directory Sanitizing /etc/passwd, UID_MIN 1000 Sanitizing /etc/group, GID_MIN 1000 Disable /run/firejail/sandbox Disable /run/firejail/network Disable /run/firejail/bandwidth Disable /run/firejail/name Disable /run/firejail/profile Disable /run/firejail/x11 blacklist /run/firejail/dbus Mounting read-only /proc/sys Remounting /sys directory Disable /sys/firmware Disable /sys/hypervisor Disable /sys/power Disable /sys/kernel/debug Disable /sys/kernel/vmcoreinfo Disable /proc/sys/fs/binfmt_misc Disable /proc/sys/kernel/core_pattern Disable /proc/sys/kernel/modprobe Disable /proc/sysrq-trigger Disable /proc/sys/vm/panic_on_oom Disable /proc/irq Disable /proc/bus Disable /proc/timer_list Disable /proc/kcore Disable /proc/kallsyms Disable /lib/modules Disable /usr/lib/debug Disable /boot Disable /dev/port Disable /run/user/1000/gnupg Disable /run/user/1000/systemd Disable /dev/kmsg Disable /proc/kmsg Debug 588: whitelist ~/.config Debug 609: expanded: /home/blastrock/.config Debug 620: new_name: /home/blastrock/.config Debug 630: dir: /home/blastrock Adding whitelist top level directory /home/blastrock Drop privileges: pid 2, uid 1000, gid 1000, force_nogroups 0 Mounting a new /root directory Mounting a new /home directory Create a new user directory Drop privileges: pid 3, uid 1000, gid 1000, force_nogroups 0 Drop privileges: pid 4, uid 1000, gid 1000, force_nogroups 0 Whitelisting /home/blastrock/.config 1125 1124 259:3 /blastrock/.config /home/blastrock/.config rw,relatime master:49 - ext4 /dev/nvme0n1p3 rw,discard mountid=1125 fsname=/blastrock/.config dir=/home/blastrock/.config fstype=ext4 Mounting read-only /home/blastrock/.config 1126 1125 259:3 /blastrock/.config /home/blastrock/.config ro,relatime master:49 - ext4 /dev/nvme0n1p3 rw,discard mountid=1126 fsname=/blastrock/.config dir=/home/blastrock/.config fstype=ext4 Disable /sys/fs Disable /sys/module Mounting noexec /run/firejail/mnt/pulse 1129 1068 0:76 /pulse /run/firejail/mnt/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64 mountid=1129 fsname=/pulse dir=/run/firejail/mnt/pulse fstype=tmpfs Mounting read-only /run/firejail/mnt/pulse 1130 1129 0:76 /pulse /run/firejail/mnt/pulse ro,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64 mountid=1130 fsname=/pulse dir=/run/firejail/mnt/pulse fstype=tmpfs Mounting /run/firejail/mnt/pulse on /home/blastrock/.config/pulse 1131 1126 0:76 /pulse /home/blastrock/.config/pulse ro,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64 mountid=1131 fsname=/pulse dir=/home/blastrock/.config/pulse fstype=tmpfs rebuilding /etc directory Creating empty /run/firejail/mnt/dns-etc/bash.bashrc file Creating empty /run/firejail/mnt/dns-etc/rsyslog.d directory Creating empty /run/firejail/mnt/dns-etc/dbus-1 directory Creating empty /run/firejail/mnt/dns-etc/rsyslog.conf file Creating empty /run/firejail/mnt/dns-etc/at-spi2 directory Creating empty /run/firejail/mnt/dns-etc/mail.rc file Creating empty /run/firejail/mnt/dns-etc/lightdm directory Creating empty /run/firejail/mnt/dns-etc/java-11-openjdk directory Creating empty /run/firejail/mnt/dns-etc/magic.mime file Creating empty /run/firejail/mnt/dns-etc/nfs.conf file Creating empty /run/firejail/mnt/dns-etc/openvpn directory Creating empty /run/firejail/mnt/dns-etc/request-key.conf file Creating empty /run/firejail/mnt/dns-etc/java-6-sun directory Creating empty /run/firejail/mnt/dns-etc/cifs-utils directory Creating empty /run/firejail/mnt/dns-etc/subversion directory Creating empty /run/firejail/mnt/dns-etc/NetworkManager directory Creating empty /run/firejail/mnt/dns-etc/subuid- file Creating empty /run/firejail/mnt/dns-etc/groovy directory Creating empty /run/firejail/mnt/dns-etc/udisks2 directory Creating empty /run/firejail/mnt/dns-etc/ranger directory Creating empty /run/firejail/mnt/dns-etc/cups directory Creating empty /run/firejail/mnt/dns-etc/sv directory Creating empty /run/firejail/mnt/dns-etc/gnucash directory Creating empty /run/firejail/mnt/dns-etc/GNUstep directory Creating empty /run/firejail/mnt/dns-etc/emacs directory Creating empty /run/firejail/mnt/dns-etc/hotplug directory Creating empty /run/firejail/mnt/dns-etc/sysctl.d directory Creating empty /run/firejail/mnt/dns-etc/i3 directory Creating empty /run/firejail/mnt/dns-etc/purple directory Creating empty /run/firejail/mnt/dns-etc/php directory Creating empty /run/firejail/mnt/dns-etc/rc4.d directory Creating empty /run/firejail/mnt/dns-etc/sudo_logsrvd.conf file Creating empty /run/firejail/mnt/dns-etc/VisualBoyAdvance.cfg file Creating empty /run/firejail/mnt/dns-etc/usb_modeswitch.d directory Creating empty /run/firejail/mnt/dns-etc/john directory Creating empty /run/firejail/mnt/dns-etc/kernel directory Creating empty /run/firejail/mnt/dns-etc/libblockdev directory Creating empty /run/firejail/mnt/dns-etc/pki directory Creating empty /run/firejail/mnt/dns-etc/issue file Creating empty /run/firejail/mnt/dns-etc/thunderbird directory Creating empty /run/firejail/mnt/dns-etc/sudoers file Creating empty /run/firejail/mnt/dns-etc/redis directory Creating empty /run/firejail/mnt/dns-etc/nftables.conf file Creating empty /run/firejail/mnt/dns-etc/papersize file Creating empty /run/firejail/mnt/dns-etc/ucf.conf file Creating empty /run/firejail/mnt/dns-etc/php5 directory Creating empty /run/firejail/mnt/dns-etc/rc5.d directory Creating empty /run/firejail/mnt/dns-etc/sddm directory Creating empty /run/firejail/mnt/dns-etc/insserv.conf.d directory Creating empty /run/firejail/mnt/dns-etc/iproute2 directory Creating empty /run/firejail/mnt/dns-etc/reportbug.conf file Creating empty /run/firejail/mnt/dns-etc/issue.net file Creating empty /run/firejail/mnt/dns-etc/mono directory Creating empty /run/firejail/mnt/dns-etc/ODBCDataSources directory Creating empty /run/firejail/mnt/dns-etc/timidity directory Creating empty /run/firejail/mnt/dns-etc/alternatives directory Creating empty /run/firejail/mnt/dns-etc/environment file Creating empty /run/firejail/mnt/dns-etc/skel directory Creating empty /run/firejail/mnt/dns-etc/rcS.d directory Creating empty /run/firejail/mnt/dns-etc/inxi.conf file Creating empty /run/firejail/mnt/dns-etc/docker directory Creating empty /run/firejail/mnt/dns-etc/fstab file Creating empty /run/firejail/mnt/dns-etc/vulkan directory Creating empty /run/firejail/mnt/dns-etc/kernel-img.conf file Creating empty /run/firejail/mnt/dns-etc/rearj.cfg file Creating empty /run/firejail/mnt/dns-etc/init.d directory Creating empty /run/firejail/mnt/dns-etc/protocols file Creating empty /run/firejail/mnt/dns-etc/rygel.conf file Creating empty /run/firejail/mnt/dns-etc/profile.d directory Creating empty /run/firejail/mnt/dns-etc/gconf directory Creating empty /run/firejail/mnt/dns-etc/manpath.config file Creating empty /run/firejail/mnt/dns-etc/chatscripts directory Creating empty /run/firejail/mnt/dns-etc/zsh directory Creating empty /run/firejail/mnt/dns-etc/acpi directory Creating empty /run/firejail/mnt/dns-etc/shadow.org file Creating empty /run/firejail/mnt/dns-etc/mpd.conf file Creating empty /run/firejail/mnt/dns-etc/services file Creating empty /run/firejail/mnt/dns-etc/libaudit.conf file Creating empty /run/firejail/mnt/dns-etc/subuid file Creating empty /run/firejail/mnt/dns-etc/bluetooth directory Creating empty /run/firejail/mnt/dns-etc/python3.9 directory Creating empty /run/firejail/mnt/dns-etc/rc1.d directory Creating empty /run/firejail/mnt/dns-etc/chromium.d directory Creating empty /run/firejail/mnt/dns-etc/rc3.d directory Creating empty /run/firejail/mnt/dns-etc/rc6.d directory Creating empty /run/firejail/mnt/dns-etc/wgetrc file Creating empty /run/firejail/mnt/dns-etc/motd file Creating empty /run/firejail/mnt/dns-etc/systemd directory Creating empty /run/firejail/mnt/dns-etc/icedtea-web directory Creating empty /run/firejail/mnt/dns-etc/pam.d directory Creating empty /run/firejail/mnt/dns-etc/mke2fs.conf file Creating empty /run/firejail/mnt/dns-etc/crontab file Creating empty /run/firejail/mnt/dns-etc/devscripts.conf file Creating empty /run/firejail/mnt/dns-etc/UPower directory Creating empty /run/firejail/mnt/dns-etc/smartd.conf file Creating empty /run/firejail/mnt/dns-etc/polkit-1 directory Creating empty /run/firejail/mnt/dns-etc/ipp-usb directory Creating empty /run/firejail/mnt/dns-etc/qemu-ifdown file Creating empty /run/firejail/mnt/dns-etc/lftp.conf file Creating empty /run/firejail/mnt/dns-etc/gshadow- file Creating empty /run/firejail/mnt/dns-etc/sestatus.conf file Creating empty /run/firejail/mnt/dns-etc/rpc file Creating empty /run/firejail/mnt/dns-etc/apt directory Creating empty /run/firejail/mnt/dns-etc/sddm.conf file Creating empty /run/firejail/mnt/dns-etc/wildmidi directory Creating empty /run/firejail/mnt/dns-etc/runit directory Creating empty /run/firejail/mnt/dns-etc/dput.cf file Creating empty /run/firejail/mnt/dns-etc/sensors.d directory Creating empty /run/firejail/mnt/dns-etc/hostname file Creating empty /run/firejail/mnt/dns-etc/python3.10 directory Creating empty /run/firejail/mnt/dns-etc/environment.d directory Creating empty /run/firejail/mnt/dns-etc/opensc directory Creating empty /run/firejail/mnt/dns-etc/i3status.conf file Creating empty /run/firejail/mnt/dns-etc/ownCloud directory Creating empty /run/firejail/mnt/dns-etc/cracklib directory Creating empty /run/firejail/mnt/dns-etc/cron.monthly directory Creating empty /run/firejail/mnt/dns-etc/passwd file Creating empty /run/firejail/mnt/dns-etc/postgresql-common directory Creating empty /run/firejail/mnt/dns-etc/containerd directory Creating empty /run/firejail/mnt/dns-etc/timezone file Creating empty /run/firejail/mnt/dns-etc/tigrc file Creating empty /run/firejail/mnt/dns-etc/catdocrc file Creating empty /run/firejail/mnt/dns-etc/adjtime file Creating empty /run/firejail/mnt/dns-etc/ssh directory Creating empty /run/firejail/mnt/dns-etc/ca-certificates directory Creating empty /run/firejail/mnt/dns-etc/bindresvport.blacklist file Creating empty /run/firejail/mnt/dns-etc/cron.daily directory Creating empty /run/firejail/mnt/dns-etc/insserv directory Creating empty /run/firejail/mnt/dns-etc/sgml directory Creating empty /run/firejail/mnt/dns-etc/ca-certificates.conf file Creating empty /run/firejail/mnt/dns-etc/passwd- file Creating empty /run/firejail/mnt/dns-etc/ssl directory Creating empty /run/firejail/mnt/dns-etc/matplotlibrc file Creating empty /run/firejail/mnt/dns-etc/keybase directory Creating empty /run/firejail/mnt/dns-etc/debian_version file Creating empty /run/firejail/mnt/dns-etc/network directory Creating empty /run/firejail/mnt/dns-etc/default directory Creating empty /run/firejail/mnt/dns-etc/gdb directory Creating empty /run/firejail/mnt/dns-etc/discover.conf.d directory Creating empty /run/firejail/mnt/dns-etc/maven directory Creating empty /run/firejail/mnt/dns-etc/blkid.tab.old file Creating empty /run/firejail/mnt/dns-etc/updatedb.conf file Creating empty /run/firejail/mnt/dns-etc/irssi.conf file Creating empty /run/firejail/mnt/dns-etc/w3m directory Creating empty /run/firejail/mnt/dns-etc/firebird directory Creating empty /run/firejail/mnt/dns-etc/rc0.d directory Creating empty /run/firejail/mnt/dns-etc/inputrc file Creating empty /run/firejail/mnt/dns-etc/PackageKit directory Creating empty /run/firejail/mnt/dns-etc/blkid.tab file Creating empty /run/firejail/mnt/dns-etc/adduser.conf file Creating empty /run/firejail/mnt/dns-etc/sound directory Creating empty /run/firejail/mnt/dns-etc/machine-id file Creating empty /run/firejail/mnt/dns-etc/lighttpd directory Creating empty /run/firejail/mnt/dns-etc/vim directory Creating empty /run/firejail/mnt/dns-etc/signon-ui directory Creating empty /run/firejail/mnt/dns-etc/inittab file Creating empty /run/firejail/mnt/dns-etc/profile file Creating empty /run/firejail/mnt/dns-etc/mdadm directory Creating empty /run/firejail/mnt/dns-etc/udev directory Creating empty /run/firejail/mnt/dns-etc/pm directory Creating empty /run/firejail/mnt/dns-etc/reader.conf.d directory Creating empty /run/firejail/mnt/dns-etc/smartmontools directory Creating empty /run/firejail/mnt/dns-etc/staff-group-for-usr-local file Creating empty /run/firejail/mnt/dns-etc/glvnd directory Creating empty /run/firejail/mnt/dns-etc/logrotate.d directory Creating empty /run/firejail/mnt/dns-etc/fish directory Creating empty /run/firejail/mnt/dns-etc/bootchartd.conf file Creating empty /run/firejail/mnt/dns-etc/asciidoc directory Creating empty /run/firejail/mnt/dns-etc/sudo.conf file Creating empty /run/firejail/mnt/dns-etc/shadow- file Creating empty /run/firejail/mnt/dns-etc/mailcap.order file Creating empty /run/firejail/mnt/dns-etc/gai.conf file Creating empty /run/firejail/mnt/dns-etc/pmount.allow file Creating empty /run/firejail/mnt/dns-etc/ModemManager directory Creating empty /run/firejail/mnt/dns-etc/cron.d directory Creating empty /run/firejail/mnt/dns-etc/aliases file Creating empty /run/firejail/mnt/dns-etc/login.defs file Creating empty /run/firejail/mnt/dns-etc/mailname file Creating empty /run/firejail/mnt/dns-etc/cowpoke.conf file Creating empty /run/firejail/mnt/dns-etc/deluser.conf file Creating empty /run/firejail/mnt/dns-etc/netscsid.conf file Creating empty /run/firejail/mnt/dns-etc/gimp directory Creating empty /run/firejail/mnt/dns-etc/insserv.conf file Creating empty /run/firejail/mnt/dns-etc/subgid- file Creating empty /run/firejail/mnt/dns-etc/group.org file Creating empty /run/firejail/mnt/dns-etc/fuse.conf file Creating empty /run/firejail/mnt/dns-etc/hosts file Creating empty /run/firejail/mnt/dns-etc/abcde.conf file Creating empty /run/firejail/mnt/dns-etc/hosts.deny file Creating empty /run/firejail/mnt/dns-etc/retroarch.cfg file Creating empty /run/firejail/mnt/dns-etc/ctdb directory Creating empty /run/firejail/mnt/dns-etc/perl directory Creating empty /run/firejail/mnt/dns-etc/minbif directory Creating empty /run/firejail/mnt/dns-etc/wireshark directory Creating empty /run/firejail/mnt/dns-etc/foremost.conf file Creating empty /run/firejail/mnt/dns-etc/appstream.conf file Creating empty /run/firejail/mnt/dns-etc/clutter-imcontext directory Creating empty /run/firejail/mnt/dns-etc/modules file Creating empty /run/firejail/mnt/dns-etc/sysstat directory Creating empty /run/firejail/mnt/dns-etc/gtk-2.0 directory Creating empty /run/firejail/mnt/dns-etc/gshadow file Creating empty /run/firejail/mnt/dns-etc/lynx directory Creating empty /run/firejail/mnt/dns-etc/tmpfiles.d directory Creating empty /run/firejail/mnt/dns-etc/dhcp directory Creating empty /run/firejail/mnt/dns-etc/discover-modprobe.conf file Creating empty /run/firejail/mnt/dns-etc/exports file Creating empty /run/firejail/mnt/dns-etc/logcheck directory Creating empty /run/firejail/mnt/dns-etc/rsnapshot.conf file Creating empty /run/firejail/mnt/dns-etc/dconf directory Creating empty /run/firejail/mnt/dns-etc/binfmt.d directory Creating empty /run/firejail/mnt/dns-etc/usb_modeswitch.conf file Creating empty /run/firejail/mnt/dns-etc/libreoffice directory Creating empty /run/firejail/mnt/dns-etc/terminfo directory Creating empty /run/firejail/mnt/dns-etc/chromium directory Creating empty /run/firejail/mnt/dns-etc/xpdf directory Creating empty /run/firejail/mnt/dns-etc/sensors3.conf file Creating empty /run/firejail/mnt/dns-etc/grub.d directory Creating empty /run/firejail/mnt/dns-etc/init directory Creating empty /run/firejail/mnt/dns-etc/vdpau_wrapper.cfg file Creating empty /run/firejail/mnt/dns-etc/geoclue directory Creating empty /run/firejail/mnt/dns-etc/netconfig file Creating empty /run/firejail/mnt/dns-etc/apm directory Creating empty /run/firejail/mnt/dns-etc/java-12-openjdk directory Creating empty /run/firejail/mnt/dns-etc/ifplugd directory Creating empty /run/firejail/mnt/dns-etc/xml directory Creating empty /run/firejail/mnt/dns-etc/popularity-contest.conf file Creating empty /run/firejail/mnt/dns-etc/e2scrub.conf file Creating empty /run/firejail/mnt/dns-etc/fwupd directory Creating empty /run/firejail/mnt/dns-etc/email-addresses file Creating empty /run/firejail/mnt/dns-etc/bash_completion.d directory Creating empty /run/firejail/mnt/dns-etc/ufw directory Creating empty /run/firejail/mnt/dns-etc/modprobe.d directory Creating empty /run/firejail/mnt/dns-etc/apache2 directory Creating empty /run/firejail/mnt/dns-etc/snmp directory Creating empty /run/firejail/mnt/dns-etc/updatedb.conf.dpkg-old file Creating empty /run/firejail/mnt/dns-etc/nanorc file Creating empty /run/firejail/mnt/dns-etc/pulse directory Creating empty /run/firejail/mnt/dns-etc/sddm.conf.d directory Creating empty /run/firejail/mnt/dns-etc/java-10-openjdk directory Creating empty /run/firejail/mnt/dns-etc/signond.conf file Creating empty /run/firejail/mnt/dns-etc/ca-certificates.conf.dpkg-old file Creating empty /run/firejail/mnt/dns-etc/.java directory Creating empty /run/firejail/mnt/dns-etc/apport directory Creating empty /run/firejail/mnt/dns-etc/cni directory Creating empty /run/firejail/mnt/dns-etc/sane.d directory Creating empty /run/firejail/mnt/dns-etc/Muttrc file Creating empty /run/firejail/mnt/dns-etc/ofono directory Creating empty /run/firejail/mnt/dns-etc/mysql directory Creating empty /run/firejail/mnt/dns-etc/dictionaries-common directory Creating empty /run/firejail/mnt/dns-etc/resolvconf directory Creating empty /run/firejail/mnt/dns-etc/xattr.conf file Creating empty /run/firejail/mnt/dns-etc/idmapd.conf file Creating empty /run/firejail/mnt/dns-etc/texmf directory Creating empty /run/firejail/mnt/dns-etc/request-key.d directory Creating empty /run/firejail/mnt/dns-etc/firefox directory Creating empty /run/firejail/mnt/dns-etc/nsswitch.conf file Creating empty /run/firejail/mnt/dns-etc/odbc.ini file Creating empty /run/firejail/mnt/dns-etc/modules-load.d directory Creating empty /run/firejail/mnt/dns-etc/magic file Creating empty /run/firejail/mnt/dns-etc/qemu-ifup file Creating empty /run/firejail/mnt/dns-etc/fancontrol file Creating empty /run/firejail/mnt/dns-etc/sysctl.conf.dpkg-dist file Creating empty /run/firejail/mnt/dns-etc/calendar directory Creating empty /run/firejail/mnt/dns-etc/mailcap file Creating empty /run/firejail/mnt/dns-etc/samba directory Creating empty /run/firejail/mnt/dns-etc/plymouth directory Creating empty /run/firejail/mnt/dns-etc/bash_completion file Creating empty /run/firejail/mnt/dns-etc/openni2 directory Creating empty /run/firejail/mnt/dns-etc/fonts directory Creating empty /run/firejail/mnt/dns-etc/debconf.conf file Creating empty /run/firejail/mnt/dns-etc/shadow file Creating empty /run/firejail/mnt/dns-etc/ld.so.conf file Creating empty /run/firejail/mnt/dns-etc/ld.so.preload file Creating empty /run/firejail/mnt/dns-etc/ld.so.conf.d directory Creating empty /run/firejail/mnt/dns-etc/update-motd.d directory Creating empty /run/firejail/mnt/dns-etc/security directory Creating empty /run/firejail/mnt/dns-etc/i3blocks.conf file Creating empty /run/firejail/mnt/dns-etc/python3 directory Creating empty /run/firejail/mnt/dns-etc/subgid file Creating empty /run/firejail/mnt/dns-etc/ethertypes file Creating empty /run/firejail/mnt/dns-etc/cron.weekly directory Creating empty /run/firejail/mnt/dns-etc/sudoers.dpkg-old file Creating empty /run/firejail/mnt/dns-etc/screenrc file Creating empty /run/firejail/mnt/dns-etc/gtk-3.0 directory Creating empty /run/firejail/mnt/dns-etc/cupshelpers directory Creating empty /run/firejail/mnt/dns-etc/mtools.conf file Creating empty /run/firejail/mnt/dns-etc/.pwd.lock file Creating empty /run/firejail/mnt/dns-etc/dkms directory Creating empty /run/firejail/mnt/dns-etc/opt directory Creating empty /run/firejail/mnt/dns-etc/passwd.org file Creating empty /run/firejail/mnt/dns-etc/apparmor directory Creating empty /run/firejail/mnt/dns-etc/bochs-init directory Creating empty /run/firejail/mnt/dns-etc/mercurial directory Creating empty /run/firejail/mnt/dns-etc/java directory Creating empty /run/firejail/mnt/dns-etc/networks file Creating empty /run/firejail/mnt/dns-etc/xdg directory Creating empty /run/firejail/mnt/dns-etc/group- file Creating empty /run/firejail/mnt/dns-etc/locale.gen file Creating empty /run/firejail/mnt/dns-etc/gss directory Creating empty /run/firejail/mnt/dns-etc/mime.types file Creating empty /run/firejail/mnt/dns-etc/exim4 directory Creating empty /run/firejail/mnt/dns-etc/Muttrc.d directory Creating empty /run/firejail/mnt/dns-etc/ghostscript directory Creating empty /run/firejail/mnt/dns-etc/X11 directory Creating empty /run/firejail/mnt/dns-etc/libpaper.d directory Creating empty /run/firejail/mnt/dns-etc/avahi directory Creating empty /run/firejail/mnt/dns-etc/groff directory Creating empty /run/firejail/mnt/dns-etc/postgresql directory Creating empty /run/firejail/mnt/dns-etc/ImageMagick-6 directory Creating empty /run/firejail/mnt/dns-etc/tor directory Creating empty /run/firejail/mnt/dns-etc/openmpi directory Creating empty /run/firejail/mnt/dns-etc/sudoers.d directory Creating empty /run/firejail/mnt/dns-etc/console-setup directory Creating empty /run/firejail/mnt/dns-etc/dpkg directory Creating empty /run/firejail/mnt/dns-etc/smi.conf file Creating empty /run/firejail/mnt/dns-etc/bonobo-activation directory Creating empty /run/firejail/mnt/dns-etc/ld.so.cache file Creating empty /run/firejail/mnt/dns-etc/initramfs-tools directory Creating empty /run/firejail/mnt/dns-etc/alsa directory Creating empty /run/firejail/mnt/dns-etc/anthy directory Creating empty /run/firejail/mnt/dns-etc/libibverbs.d directory Creating empty /run/firejail/mnt/dns-etc/rdnssd directory Creating empty /run/firejail/mnt/dns-etc/nvidia directory Creating empty /run/firejail/mnt/dns-etc/gnome-vfs-2.0 directory Creating empty /run/firejail/mnt/dns-etc/OpenCL directory Creating empty /run/firejail/mnt/dns-etc/firejail directory Creating empty /run/firejail/mnt/dns-etc/locale.alias file Creating empty /run/firejail/mnt/dns-etc/libccid_Info.plist file Creating empty /run/firejail/mnt/dns-etc/hosts.allow file Creating empty /run/firejail/mnt/dns-etc/Crack directory Creating empty /run/firejail/mnt/dns-etc/wpa_supplicant directory Creating empty /run/firejail/mnt/dns-etc/lvm directory Creating empty /run/firejail/mnt/dns-etc/gnome-vfs-mime-magic file Creating empty /run/firejail/mnt/dns-etc/selinux directory Creating empty /run/firejail/mnt/dns-etc/logrotate.conf file Creating empty /run/firejail/mnt/dns-etc/java-8-openjdk directory Creating empty /run/firejail/mnt/dns-etc/gftp directory Creating empty /run/firejail/mnt/dns-etc/mpv directory Creating empty /run/firejail/mnt/dns-etc/wireguard directory Creating empty /run/firejail/mnt/dns-etc/wodim.conf file Creating empty /run/firejail/mnt/dns-etc/apparmor.d directory Creating empty /run/firejail/mnt/dns-etc/host.conf file Creating empty /run/firejail/mnt/dns-etc/python2.7 directory Creating empty /run/firejail/mnt/dns-etc/rc.local file Creating empty /run/firejail/mnt/dns-etc/owncloud-client directory Creating empty /run/firejail/mnt/dns-etc/fop.conf.d directory Creating empty /run/firejail/mnt/dns-etc/xpra directory Creating empty /run/firejail/mnt/dns-etc/pam.conf file Creating empty /run/firejail/mnt/dns-etc/libao.conf file Creating empty /run/firejail/mnt/dns-etc/ltrace.conf file Creating empty /run/firejail/mnt/dns-etc/cron.hourly directory Creating empty /run/firejail/mnt/dns-etc/quilt.quiltrc file Creating empty /run/firejail/mnt/dns-etc/libnl-3 directory Creating empty /run/firejail/mnt/dns-etc/odbcinst.ini file Creating empty /run/firejail/mnt/dns-etc/lcovrc file Creating empty /run/firejail/mnt/dns-etc/shells file Creating empty /run/firejail/mnt/dns-etc/pipewire directory Creating empty /run/firejail/mnt/dns-etc/rc2.d directory Creating empty /run/firejail/mnt/dns-etc/needrestart directory Creating empty /run/firejail/mnt/dns-etc/ldap directory Creating empty /run/firejail/mnt/dns-etc/openal directory Creating empty /run/firejail/mnt/dns-etc/at.deny file Creating empty /run/firejail/mnt/dns-etc/ppp directory Creating empty /run/firejail/mnt/dns-etc/group file Creating empty /run/firejail/mnt/dns-etc/hdparm.conf file Creating empty /run/firejail/mnt/dns-etc/esound directory Creating empty /run/firejail/mnt/dns-etc/sysctl.conf file Mount-bind /run/firejail/mnt/dns-etc on top of /etc Current directory: /home/blastrock DISPLAY=:0 parsed as 0 Mounting read-only /run/firejail/mnt/seccomp 1868 1068 0:76 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755,inode64 mountid=1868 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs Seccomp directory: ls /run/firejail/mnt/seccomp drwxr-xr-x root root 120 . drwxr-xr-x root root 200 .. -rw-r--r-- blastroc blastroc 568 seccomp -rw-r--r-- blastroc blastroc 432 seccomp.32 -rw-r--r-- blastroc blastroc 0 seccomp.postexec -rw-r--r-- blastroc blastroc 0 seccomp.postexec32 No active seccomp files Drop privileges: pid 1, uid 1000, gid 1000, force_nogroups 0 Closing non-standard file descriptors Starting application LD_PRELOAD=(null) Running 'ls' '-la' command through /bin/zsh execvp argument 0: /bin/zsh execvp argument 1: -c execvp argument 2: 'ls' '-la' Child process initialized in 23.93 ms total 20 drwx------ 3 blastrock blastrock 120 Jun 12 17:23 . drwxr-xr-x 3 root root 60 Jun 12 17:23 .. -rw------- 1 blastrock blastrock 313 Jun 12 17:23 .Xauthority drwxr-xr-x 189 blastrock users 12288 Jun 12 16:14 .config -rw-r--r-- 1 blastrock blastrock 26 Jun 12 17:23 .inputrc -rw-r--r-- 1 blastrock blastrock 0 Jun 12 17:23 .zshrc monitoring pid 5 Sandbox monitor: waitpid 5 retval 5 status 0 Parent is shutting down, bye... ```

[rusty-snake]

Maybe related: #1127

What changes using shell none?

[blastrock]

It does work as expected with --shell=none! No .zshrc is created, and if I whitelist it, it's not overwritten.

I think this is still a bug, but the workaround helps, thanks :)

[rusty-snake]

FTR: IMHO we should just make shell none the default (#3434).

[rusty-snake]

shell none becomes default (#5196).