--netlock does not work (Error: no valid sandbox)

[distinctjuggle]

Description

Attempting to pass --netlock doesn't seem to be recognized by firejail - there is no terminal indication of it being present (as was demonstrated in the demo video for netlock's release), and I am able to access other networks that have not been connected to well after the default 1 minute timeout.

I also seem to get the following output in any command that I run which contains --netlock: Error: no valid sandbox

It seemingly makes no difference as to which command is run, or if I include the --net option as specified as required for --netlock

It should also be noted that the error appears with a delay. For example, running nano will cause the error to appear inside of the text editor. Running htop will cause the error to appear as new lines as the bottom of the screen. Running a command/program which has a longer startup will show up as a normal line of logs in a terminal.

Steps to Reproduce

firejail --net=eth0 --netlock --noprofile *any command* firejail --netlock --noprofile *any command* firejail --netlock *any command*

All of the above will still output the same error, and netlock's specific logs are not present anywhere

Expected behavior

I expected netlock to function

Actual behavior

Netlock did not function

Behavior without a profile

Profile has no bearing

Additional context

I'm just trying to limit a program to local network traffic only. This seemed like the easiest way that I could find, since I can control what this device tries to connect to within the first minute or so.

Environment

• Arch Linux repo package - repo version 0.9.70-2
• Firejail version 0.9.70

Checklist

• [] The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it).
• [x] I can reproduce the issue without custom modifications (e.g. globals.local).
• [x] The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
• [x] The profile (and redirect profile if exists) hasn't already been fixed upstream.
• [x] I have performed a short search for similar issues (to avoid opening a duplicate).
  • [] I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.
• [] I used --profile=PROFILENAME to set the right profile. (Only relevant for AppImages)

Log

Output of LC_ALL=C firejail /path/to/program

Nothing from firejail, unless I pass the --netlock option with or without --net=eth0 (then I get: `Error: no valid sandbox`)

Output of LC_ALL=C firejail --debug /path/to/program

No errors other than the previously mentioned `Error: no valid sandbox` when passing --netlock. I ran both firejail with no options, as well as with the options which cause the problem. Note that since `echo` is a short command, the relevant error shows up after the command has finished: ``` $ LC_ALL=C firejail --debug --net=eth0 --netlock --noprofile echo "2" Autoselecting /bin/bash as shell Building quoted command line: 'echo' '2' Command name #echo# get interface eth0 configuration MTU of eth0 is 1500. macvlan parent device eth0 at 192.168.0.35/24 DISPLAY=:0 parsed as 0 Parent pid 16706, child pid 16707 Initializing child process sbox run: /usr/lib/firejail/fnet create macvlan eth0-16706 eth0 16707 Set caps filter 3000 Host network configured PID namespace installed Mounting tmpfs on /run/firejail/mnt directory Creating empty /run/firejail/mnt/seccomp directory Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file sbox run: /run/firejail/lib/fnet ifup lo Set caps filter 3000 sbox run: /run/firejail/lib/fnet ifup eth0-16706 Set caps filter 3000 ARP-scan eth0-16706, 192.168.0.35/24 IP address range from 192.168.0.1 to 192.168.0.255 Trying 192.168.0.22 ... Configuring 192.168.0.22 address on interface eth0-16706 sbox run: /run/firejail/lib/fnet config interface eth0-16706 3232235542 4294967040 1500 Set caps filter 3000 Announce 192.168.0.22 ... Network namespace enabled sbox run: /run/firejail/lib/fnet printif Set caps filter 3000 Interface MAC IP Mask Status lo 127.0.0.1 255.0.0.0 UP eth0-16706 mac 192.168.0.22 255.255.255.0 UP Default gateway 192.168.0.1 Mounting /proc filesystem representing the PID namespace Basic read-only filesystem: Mounting read-only /etc 563 409 8:2 /etc /etc ro,relatime master:1 - ext4 /dev/sda2 rw mountid=563 fsname=/etc dir=/etc fstype=ext4 Mounting noexec /etc 564 563 8:2 /etc /etc ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/sda2 rw mountid=564 fsname=/etc dir=/etc fstype=ext4 Mounting read-only /var 565 409 8:2 /var /var ro,relatime master:1 - ext4 /dev/sda2 rw mountid=565 fsname=/var dir=/var fstype=ext4 Mounting noexec /var 566 565 8:2 /var /var ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/sda2 rw mountid=566 fsname=/var dir=/var fstype=ext4 Mounting read-only /usr 567 409 8:2 /usr /usr ro,relatime master:1 - ext4 /dev/sda2 rw mountid=567 fsname=/usr dir=/usr fstype=ext4 Mounting tmpfs on /var/lock Mounting tmpfs on /var/tmp Mounting tmpfs on /var/log Mounting tmpfs on /var/lib/dhcp Mounting tmpfs on /var/cache/lighttpd Create the new utmp file Mount the new utmp file Cleaning /home directory Cleaning /run/user directory Sanitizing /etc/passwd, UID_MIN 1000 Sanitizing /etc/group, GID_MIN 1000 Disable /home/user/.config/firejail Disable /run/firejail/sandbox Disable /run/firejail/network Disable /run/firejail/bandwidth Disable /run/firejail/name Disable /run/firejail/profile Disable /run/firejail/x11 blacklist /run/firejail/dbus Mounting read-only /proc/sys Remounting /sys directory Disable /sys/firmware Disable /sys/hypervisor Disable /sys/power Disable /sys/kernel/debug Disable /sys/kernel/vmcoreinfo Disable /proc/sys/fs/binfmt_misc Disable /proc/sys/kernel/core_pattern Disable /proc/sys/kernel/modprobe Disable /proc/sysrq-trigger Disable /proc/sys/vm/panic_on_oom Disable /proc/irq Disable /proc/bus Disable /proc/timer_list Disable /proc/kcore Disable /proc/kallsyms Disable /usr/lib/modules/5.18.16-arch1-1/build (requested /usr/src/linux) Disable /usr/lib/modules (requested /lib/modules) Disable /usr/lib/debug Disable /boot Disable /dev/port Disable /run/user/1000/gnupg Disable /run/user/1000/systemd Disable /dev/kmsg Disable /proc/kmsg Disable /sys/fs Disable /sys/module rebuilding /etc directory Creating empty /run/firejail/mnt/dns-etc/UPower directory Creating empty /run/firejail/mnt/dns-etc/ftester directory Creating empty /run/firejail/mnt/dns-etc/mkinitcpio.d directory Creating empty /run/firejail/mnt/dns-etc/sudo.conf file Creating empty /run/firejail/mnt/dns-etc/mail.rc file Creating empty /run/firejail/mnt/dns-etc/fang.conf file Creating empty /run/firejail/mnt/dns-etc/my.cnf file Creating empty /run/firejail/mnt/dns-etc/sane.d directory Creating empty /run/firejail/mnt/dns-etc/resolv.conf file Creating empty /run/firejail/mnt/dns-etc/lsb-release file Creating empty /run/firejail/mnt/dns-etc/daxctl.conf.d directory Creating empty /run/firejail/mnt/dns-etc/conf.d directory Creating empty /run/firejail/mnt/dns-etc/sqlmap.conf file Creating empty /run/firejail/mnt/dns-etc/dhcpd6.conf file Creating empty /run/firejail/mnt/dns-etc/gss directory Creating empty /run/firejail/mnt/dns-etc/btscanner directory Creating empty /run/firejail/mnt/dns-etc/openpmix directory Creating empty /run/firejail/mnt/dns-etc/modprobe.d directory Creating empty /run/firejail/mnt/dns-etc/reaver directory Creating empty /run/firejail/mnt/dns-etc/alsa directory Creating empty /run/firejail/mnt/dns-etc/bind.keys file Creating empty /run/firejail/mnt/dns-etc/moloch directory Creating empty /run/firejail/mnt/dns-etc/man_db.conf file Creating empty /run/firejail/mnt/dns-etc/snort directory Creating empty /run/firejail/mnt/dns-etc/sniffjoke directory Creating empty /run/firejail/mnt/dns-etc/sslsplit directory Creating empty /run/firejail/mnt/dns-etc/lynx.cfg file Creating empty /run/firejail/mnt/dns-etc/openldap directory Creating empty /run/firejail/mnt/dns-etc/e2scrub.conf file Creating empty /run/firejail/mnt/dns-etc/profile file Creating empty /run/firejail/mnt/dns-etc/passwd- file Creating empty /run/firejail/mnt/dns-etc/netctl directory Creating empty /run/firejail/mnt/dns-etc/xprobe2 directory Creating empty /run/firejail/mnt/dns-etc/cron.monthly directory Creating empty /run/firejail/mnt/dns-etc/nscd.conf file Creating empty /run/firejail/mnt/dns-etc/fstab file Creating empty /run/firejail/mnt/dns-etc/fl0p directory Creating empty /run/firejail/mnt/dns-etc/tpm2-tss directory Creating empty /run/firejail/mnt/dns-etc/rsyncd.conf file Creating empty /run/firejail/mnt/dns-etc/gssapi_mech.conf file Creating empty /run/firejail/mnt/dns-etc/krb5.conf file Creating empty /run/firejail/mnt/dns-etc/ssh directory Creating empty /run/firejail/mnt/dns-etc/airoscript-ng directory Creating empty /run/firejail/mnt/dns-etc/skel directory Creating empty /run/firejail/mnt/dns-etc/mtools.conf file Creating empty /run/firejail/mnt/dns-etc/passwd.pacnew file Creating empty /run/firejail/mnt/dns-etc/arpon.sarpi file Creating empty /run/firejail/mnt/dns-etc/login.defs file Creating empty /run/firejail/mnt/dns-etc/default directory Creating empty /run/firejail/mnt/dns-etc/dnsmasq.conf file Creating empty /run/firejail/mnt/dns-etc/gshadow- file Creating empty /run/firejail/mnt/dns-etc/zmap directory Creating empty /run/firejail/mnt/dns-etc/php directory Creating empty /run/firejail/mnt/dns-etc/lighttpd directory Creating empty /run/firejail/mnt/dns-etc/bash_completion.d directory Creating empty /run/firejail/mnt/dns-etc/pipewire directory Creating empty /run/firejail/mnt/dns-etc/makepkg.conf file Creating empty /run/firejail/mnt/dns-etc/gnuradio directory Creating empty /run/firejail/mnt/dns-etc/libva.conf file Creating empty /run/firejail/mnt/dns-etc/sslh.cfg file Creating empty /run/firejail/mnt/dns-etc/libsmbios directory Creating empty /run/firejail/mnt/dns-etc/initcpio directory Creating empty /run/firejail/mnt/dns-etc/mdadm.conf file Creating empty /run/firejail/mnt/dns-etc/prometheus directory Creating empty /run/firejail/mnt/dns-etc/apache2 directory Creating empty /run/firejail/mnt/dns-etc/healthd.conf file Creating empty /run/firejail/mnt/dns-etc/siegerc file Creating empty /run/firejail/mnt/dns-etc/drirc.pacnew file Creating empty /run/firejail/mnt/dns-etc/openmpi directory Creating empty /run/firejail/mnt/dns-etc/GeoIP.conf file Creating empty /run/firejail/mnt/dns-etc/unbound directory Creating empty /run/firejail/mnt/dns-etc/environment file Creating empty /run/firejail/mnt/dns-etc/inetsim directory Creating empty /run/firejail/mnt/dns-etc/nfs.conf file Creating empty /run/firejail/mnt/dns-etc/postfix directory Creating empty /run/firejail/mnt/dns-etc/ndctl directory Creating empty /run/firejail/mnt/dns-etc/dnsrecon directory Creating empty /run/firejail/mnt/dns-etc/hostapd-wpe directory Creating empty /run/firejail/mnt/dns-etc/junkie directory Creating empty /run/firejail/mnt/dns-etc/fuse.conf file Creating empty /run/firejail/mnt/dns-etc/grub.d directory Creating empty /run/firejail/mnt/dns-etc/gtk-2.0 directory Creating empty /run/firejail/mnt/dns-etc/ld.so.cache file Creating empty /run/firejail/mnt/dns-etc/pam.d directory Creating empty /run/firejail/mnt/dns-etc/mplayer directory Creating empty /run/firejail/mnt/dns-etc/speech-dispatcher directory Creating empty /run/firejail/mnt/dns-etc/vnstat.conf file Creating empty /run/firejail/mnt/dns-etc/dhcpcd.secret file Creating empty /run/firejail/mnt/dns-etc/sudoers file Creating empty /run/firejail/mnt/dns-etc/machinae.yml file Creating empty /run/firejail/mnt/dns-etc/dhcpcd.duid file Creating empty /run/firejail/mnt/dns-etc/nsswitch.conf file Creating empty /run/firejail/mnt/dns-etc/named.conf file Creating empty /run/firejail/mnt/dns-etc/3proxy directory Creating empty /run/firejail/mnt/dns-etc/logrotate.conf file Creating empty /run/firejail/mnt/dns-etc/.updated file Creating empty /run/firejail/mnt/dns-etc/group file Creating empty /run/firejail/mnt/dns-etc/crypttab file Creating empty /run/firejail/mnt/dns-etc/unicornscan directory Creating empty /run/firejail/mnt/dns-etc/rc_keymaps directory Creating empty /run/firejail/mnt/dns-etc/signond.conf file Creating empty /run/firejail/mnt/dns-etc/NetworkManager directory Creating empty /run/firejail/mnt/dns-etc/securetty file Creating empty /run/firejail/mnt/dns-etc/bindresvport.blacklist file Creating empty /run/firejail/mnt/dns-etc/hostname file Creating empty /run/firejail/mnt/dns-etc/locale.gen.pacnew file Creating empty /run/firejail/mnt/dns-etc/mana-toolkit directory Creating empty /run/firejail/mnt/dns-etc/services file Creating empty /run/firejail/mnt/dns-etc/rc_maps.cfg file Creating empty /run/firejail/mnt/dns-etc/java-openjdk directory Creating empty /run/firejail/mnt/dns-etc/tigervnc directory Creating empty /run/firejail/mnt/dns-etc/swanctl directory Creating empty /run/firejail/mnt/dns-etc/netconfig file Creating empty /run/firejail/mnt/dns-etc/kernel directory Creating empty /run/firejail/mnt/dns-etc/freetds directory Creating empty /run/firejail/mnt/dns-etc/ipsec.conf file Creating empty /run/firejail/mnt/dns-etc/guymager directory Creating empty /run/firejail/mnt/dns-etc/cifs-utils directory Creating empty /run/firejail/mnt/dns-etc/host.conf file Creating empty /run/firejail/mnt/dns-etc/mono directory Creating empty /run/firejail/mnt/dns-etc/shadow.pacnew file Creating empty /run/firejail/mnt/dns-etc/cron.deny file Creating empty /run/firejail/mnt/dns-etc/gconf directory Creating empty /run/firejail/mnt/dns-etc/libvirt directory Creating empty /run/firejail/mnt/dns-etc/bitcoin directory Creating empty /run/firejail/mnt/dns-etc/rpc file Creating empty /run/firejail/mnt/dns-etc/mercurial directory Creating empty /run/firejail/mnt/dns-etc/opt directory Creating empty /run/firejail/mnt/dns-etc/proxychains.conf file Creating empty /run/firejail/mnt/dns-etc/yasat directory Creating empty /run/firejail/mnt/dns-etc/polkit-1 directory Creating empty /run/firejail/mnt/dns-etc/pacman.conf.pacnew file Creating empty /run/firejail/mnt/dns-etc/odbcinst.ini file Creating empty /run/firejail/mnt/dns-etc/xinetd.d directory Creating empty /run/firejail/mnt/dns-etc/udev directory Creating empty /run/firejail/mnt/dns-etc/texmf directory Creating empty /run/firejail/mnt/dns-etc/tor directory Creating empty /run/firejail/mnt/dns-etc/vpnc directory Creating empty /run/firejail/mnt/dns-etc/screenrc file Creating empty /run/firejail/mnt/dns-etc/sasl2 directory Creating empty /run/firejail/mnt/dns-etc/hosts.pacnew file Creating empty /run/firejail/mnt/dns-etc/sensors.d directory Creating empty /run/firejail/mnt/dns-etc/arpalert directory Creating empty /run/firejail/mnt/dns-etc/hyperion directory Creating empty /run/firejail/mnt/dns-etc/ethertypes file Creating empty /run/firejail/mnt/dns-etc/dhcp_fingerprints.conf file Creating empty /run/firejail/mnt/dns-etc/locale.gen file Creating empty /run/firejail/mnt/dns-etc/ODBCDataSources directory Creating empty /run/firejail/mnt/dns-etc/ld.so.conf.d directory Creating empty /run/firejail/mnt/dns-etc/urlview directory Creating empty /run/firejail/mnt/dns-etc/libinput directory Creating empty /run/firejail/mnt/dns-etc/libnl directory Creating empty /run/firejail/mnt/dns-etc/netsniff-ng directory Creating empty /run/firejail/mnt/dns-etc/tinyproxy directory Creating empty /run/firejail/mnt/dns-etc/asound.conf.backup file Creating empty /run/firejail/mnt/dns-etc/iproute2 directory Creating empty /run/firejail/mnt/dns-etc/raddb.default directory Creating empty /run/firejail/mnt/dns-etc/ssl directory Creating empty /run/firejail/mnt/dns-etc/appstream.conf file Creating empty /run/firejail/mnt/dns-etc/jack directory Creating empty /run/firejail/mnt/dns-etc/drirc.pacsave file Creating empty /run/firejail/mnt/dns-etc/cron.weekly directory Creating empty /run/firejail/mnt/dns-etc/ts.conf file Creating empty /run/firejail/mnt/dns-etc/.pwd.lock file Creating empty /run/firejail/mnt/dns-etc/kismet directory Creating empty /run/firejail/mnt/dns-etc/ld.so.preload file Creating empty /run/firejail/mnt/dns-etc/brltty.conf file Creating empty /run/firejail/mnt/dns-etc/avahi directory Creating empty /run/firejail/mnt/dns-etc/cron.daily directory Creating empty /run/firejail/mnt/dns-etc/keyutils directory Creating empty /run/firejail/mnt/dns-etc/hostapd directory Creating empty /run/firejail/mnt/dns-etc/cvechecker.conf file Creating empty /run/firejail/mnt/dns-etc/refind.d directory Creating empty /run/firejail/mnt/dns-etc/machine-id file Creating empty /run/firejail/mnt/dns-etc/wgetrc file Creating empty /run/firejail/mnt/dns-etc/rhashrc file Creating empty /run/firejail/mnt/dns-etc/sddm.conf file Creating empty /run/firejail/mnt/dns-etc/dnsmasq.conf.backup file Creating empty /run/firejail/mnt/dns-etc/malmon directory Creating empty /run/firejail/mnt/dns-etc/bash.bashrc file Creating empty /run/firejail/mnt/dns-etc/cpufreq-bench.conf file Creating empty /run/firejail/mnt/dns-etc/wireguard directory Creating empty /run/firejail/mnt/dns-etc/haka directory Creating empty /run/firejail/mnt/dns-etc/resolv.conf.pacnew file Creating empty /run/firejail/mnt/dns-etc/security directory Creating empty /run/firejail/mnt/dns-etc/bluedivingNG.conf file Creating empty /run/firejail/mnt/dns-etc/sysctl.d directory Creating empty /run/firejail/mnt/dns-etc/mime.types file Creating empty /run/firejail/mnt/dns-etc/tcpxtract.conf file Creating empty /run/firejail/mnt/dns-etc/tmpfiles.d directory Creating empty /run/firejail/mnt/dns-etc/lynis directory Creating empty /run/firejail/mnt/dns-etc/papersize file Creating empty /run/firejail/mnt/dns-etc/my.cnf.d directory Creating empty /run/firejail/mnt/dns-etc/X11 directory Creating empty /run/firejail/mnt/dns-etc/hosts file Creating empty /run/firejail/mnt/dns-etc/lynx.lss file Creating empty /run/firejail/mnt/dns-etc/mpv directory Creating empty /run/firejail/mnt/dns-etc/libblockdev directory Creating empty /run/firejail/mnt/dns-etc/logrotate.d directory Creating empty /run/firejail/mnt/dns-etc/java-7-openjdk directory Creating empty /run/firejail/mnt/dns-etc/slsh.rc file Creating empty /run/firejail/mnt/dns-etc/ksysguarddrc file Creating empty /run/firejail/mnt/dns-etc/libao.conf file Creating empty /run/firejail/mnt/dns-etc/resolvconf.conf file Creating empty /run/firejail/mnt/dns-etc/sagan.yaml file Creating empty /run/firejail/mnt/dns-etc/sddm.conf.pacnew file Creating empty /run/firejail/mnt/dns-etc/nikto.conf file Creating empty /run/firejail/mnt/dns-etc/libaudit.conf file Creating empty /run/firejail/mnt/dns-etc/create_ap.conf file Creating empty /run/firejail/mnt/dns-etc/wirouterkeyrec directory Creating empty /run/firejail/mnt/dns-etc/ImageMagick-7 directory Creating empty /run/firejail/mnt/dns-etc/gssproxy directory Creating empty /run/firejail/mnt/dns-etc/brlapi.key file Creating empty /run/firejail/mnt/dns-etc/rc.d directory Creating empty /run/firejail/mnt/dns-etc/dhcpd.conf file Creating empty /run/firejail/mnt/dns-etc/modules-load.d directory Creating empty /run/firejail/mnt/dns-etc/nfsmount.conf file Creating empty /run/firejail/mnt/dns-etc/dhcpcd.conf file Creating empty /run/firejail/mnt/dns-etc/nginx directory Creating empty /run/firejail/mnt/dns-etc/sudoers.d directory Creating empty /run/firejail/mnt/dns-etc/group- file Creating empty /run/firejail/mnt/dns-etc/clamav directory Creating empty /run/firejail/mnt/dns-etc/PackageKit directory Creating empty /run/firejail/mnt/dns-etc/qemu directory Creating empty /run/firejail/mnt/dns-etc/foremost.conf file Creating empty /run/firejail/mnt/dns-etc/httpd directory Creating empty /run/firejail/mnt/dns-etc/debuginfod directory Creating empty /run/firejail/mnt/dns-etc/asound.conf.workingwithpulse file Creating empty /run/firejail/mnt/dns-etc/profile.d directory Creating empty /run/firejail/mnt/dns-etc/udisks2 directory Creating empty /run/firejail/mnt/dns-etc/strongswan.d directory Creating empty /run/firejail/mnt/dns-etc/fstab.pacnew file Creating empty /run/firejail/mnt/dns-etc/OpenCL directory Creating empty /run/firejail/mnt/dns-etc/yaf.conf file Creating empty /run/firejail/mnt/dns-etc/gimp directory Creating empty /run/firejail/mnt/dns-etc/multitun.conf file Creating empty /run/firejail/mnt/dns-etc/sudo_logsrvd.conf file Creating empty /run/firejail/mnt/dns-etc/systemd directory Creating empty /run/firejail/mnt/dns-etc/rabbitmq directory Creating empty /run/firejail/mnt/dns-etc/ipv6toolkit directory Creating empty /run/firejail/mnt/dns-etc/john directory Creating empty /run/firejail/mnt/dns-etc/arch-release file Creating empty /run/firejail/mnt/dns-etc/elasticsearch directory Creating empty /run/firejail/mnt/dns-etc/lvm directory Creating empty /run/firejail/mnt/dns-etc/firejail directory Creating empty /run/firejail/mnt/dns-etc/rkhunter.conf file Creating empty /run/firejail/mnt/dns-etc/pacman.conf file Creating empty /run/firejail/mnt/dns-etc/apparmor.d directory Creating empty /run/firejail/mnt/dns-etc/couchdb directory Creating empty /run/firejail/mnt/dns-etc/raddb directory Creating empty /run/firejail/mnt/dns-etc/gtk-3.0 directory Creating empty /run/firejail/mnt/dns-etc/vdpau_wrapper.cfg file Creating empty /run/firejail/mnt/dns-etc/ndctl.conf.d directory Creating empty /run/firejail/mnt/dns-etc/mkinitcpio.conf file Creating empty /run/firejail/mnt/dns-etc/sudoers.pacnew file Creating empty /run/firejail/mnt/dns-etc/pcmcia directory Creating empty /run/firejail/mnt/dns-etc/sensors3.conf file Creating empty /run/firejail/mnt/dns-etc/chromium directory Creating empty /run/firejail/mnt/dns-etc/mailcap file Creating empty /run/firejail/mnt/dns-etc/poison directory Creating empty /run/firejail/mnt/dns-etc/pinentry directory Creating empty /run/firejail/mnt/dns-etc/freeipmi directory Creating empty /run/firejail/mnt/dns-etc/libpaper.d directory Creating empty /run/firejail/mnt/dns-etc/ettercap directory Creating empty /run/firejail/mnt/dns-etc/request-key.conf file Creating empty /run/firejail/mnt/dns-etc/ca-certificates directory Creating empty /run/firejail/mnt/dns-etc/wpa_supplicant directory Creating empty /run/firejail/mnt/dns-etc/ld.so.conf file Creating empty /run/firejail/mnt/dns-etc/ModemManager directory Creating empty /run/firejail/mnt/dns-etc/cron.d directory Creating empty /run/firejail/mnt/dns-etc/xml directory Creating empty /run/firejail/mnt/dns-etc/malheur.cfg file Creating empty /run/firejail/mnt/dns-etc/vde2 directory Creating empty /run/firejail/mnt/dns-etc/yafDPIRules.conf file Creating empty /run/firejail/mnt/dns-etc/audit directory Creating empty /run/firejail/mnt/dns-etc/grokevt directory Creating empty /run/firejail/mnt/dns-etc/nipper.conf file Creating empty /run/firejail/mnt/dns-etc/locale.conf file Creating empty /run/firejail/mnt/dns-etc/btoui file Creating empty /run/firejail/mnt/dns-etc/samba directory Creating empty /run/firejail/mnt/dns-etc/gdb directory Creating empty /run/firejail/mnt/dns-etc/idmapd.conf file Creating empty /run/firejail/mnt/dns-etc/sddm.conf.pacsave file Creating empty /run/firejail/mnt/dns-etc/apparmor directory Creating empty /run/firejail/mnt/dns-etc/gshadow file Creating empty /run/firejail/mnt/dns-etc/fwupd directory Creating empty /run/firejail/mnt/dns-etc/Nextcloud directory Creating empty /run/firejail/mnt/dns-etc/pacman.d directory Creating empty /run/firejail/mnt/dns-etc/p0f directory Creating empty /run/firejail/mnt/dns-etc/init.d directory Creating empty /run/firejail/mnt/dns-etc/xattr.conf file Creating empty /run/firejail/mnt/dns-etc/nanorc file Creating empty /run/firejail/mnt/dns-etc/passwd file Creating empty /run/firejail/mnt/dns-etc/multipath directory Creating empty /run/firejail/mnt/dns-etc/gvm directory Creating empty /run/firejail/mnt/dns-etc/cron.hourly directory Creating empty /run/firejail/mnt/dns-etc/shells.pacnew file Creating empty /run/firejail/mnt/dns-etc/voipong directory Creating empty /run/firejail/mnt/dns-etc/exabgp.conf file Creating empty /run/firejail/mnt/dns-etc/lirc directory Creating empty /run/firejail/mnt/dns-etc/ipsec.d directory Creating empty /run/firejail/mnt/dns-etc/vimrc file Creating empty /run/firejail/mnt/dns-etc/exports file Creating empty /run/firejail/mnt/dns-etc/exports.d directory Creating empty /run/firejail/mnt/dns-etc/pulse directory Creating empty /run/firejail/mnt/dns-etc/strongswan.conf file Creating empty /run/firejail/mnt/dns-etc/inputrc file Creating empty /run/firejail/mnt/dns-etc/iptables directory Creating empty /run/firejail/mnt/dns-etc/group.pacnew file Creating empty /run/firejail/mnt/dns-etc/libreoffice directory Creating empty /run/firejail/mnt/dns-etc/gai.conf file Creating empty /run/firejail/mnt/dns-etc/dconf directory Creating empty /run/firejail/mnt/dns-etc/ifplugd directory Creating empty /run/firejail/mnt/dns-etc/ppp directory Creating empty /run/firejail/mnt/dns-etc/xdg directory Creating empty /run/firejail/mnt/dns-etc/odbc.ini file Creating empty /run/firejail/mnt/dns-etc/portspoof directory Creating empty /run/firejail/mnt/dns-etc/mke2fs.conf file Creating empty /run/firejail/mnt/dns-etc/pkcs11 directory Creating empty /run/firejail/mnt/dns-etc/smartd.conf file Creating empty /run/firejail/mnt/dns-etc/protocols file Creating empty /run/firejail/mnt/dns-etc/request-key.d directory Creating empty /run/firejail/mnt/dns-etc/binfmt.d directory Creating empty /run/firejail/mnt/dns-etc/openvpn directory Creating empty /run/firejail/mnt/dns-etc/ipsec.secrets file Creating empty /run/firejail/mnt/dns-etc/pki directory Creating empty /run/firejail/mnt/dns-etc/resolv.conf.bak file Creating empty /run/firejail/mnt/dns-etc/x3270 directory Creating empty /run/firejail/mnt/dns-etc/java11-openjdk directory Creating empty /run/firejail/mnt/dns-etc/suricata directory Creating empty /run/firejail/mnt/dns-etc/depmod.d directory Creating empty /run/firejail/mnt/dns-etc/bash.bash_logout file Creating empty /run/firejail/mnt/dns-etc/zsh directory Creating empty /run/firejail/mnt/dns-etc/stunnel directory Creating empty /run/firejail/mnt/dns-etc/bluetooth directory Creating empty /run/firejail/mnt/dns-etc/shadow- file Creating empty /run/firejail/mnt/dns-etc/java-8-openjdk directory Creating empty /run/firejail/mnt/dns-etc/fonts directory Creating empty /run/firejail/mnt/dns-etc/fakechroot directory Creating empty /run/firejail/mnt/dns-etc/proxydriver.d directory Creating empty /run/firejail/mnt/dns-etc/scalpel directory Creating empty /run/firejail/mnt/dns-etc/hcraft.modes file Creating empty /run/firejail/mnt/dns-etc/yafApplabelRules.conf file Creating empty /run/firejail/mnt/dns-etc/trusted-key.key file Creating empty /run/firejail/mnt/dns-etc/gshadow.pacnew file Creating empty /run/firejail/mnt/dns-etc/shells file Creating empty /run/firejail/mnt/dns-etc/sshuttle directory Creating empty /run/firejail/mnt/dns-etc/prads directory Creating empty /run/firejail/mnt/dns-etc/issue file Creating empty /run/firejail/mnt/dns-etc/searchsploit_rc file Creating empty /run/firejail/mnt/dns-etc/wifi-honey directory Creating empty /run/firejail/mnt/dns-etc/anacrontab file Creating empty /run/firejail/mnt/dns-etc/syncplay directory Creating empty /run/firejail/mnt/dns-etc/nfc directory Creating empty /run/firejail/mnt/dns-etc/urls.txt file Creating empty /run/firejail/mnt/dns-etc/shadow file Creating empty /run/firejail/mnt/dns-etc/mongodb.conf file Mount-bind /run/firejail/mnt/dns-etc on top of /etc Current directory: /home/user DISPLAY=:0 parsed as 0 Mounting read-only /run/firejail/mnt/seccomp 1325 560 0:88 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755,inode64 mountid=1325 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs Seccomp directory: ls /run/firejail/mnt/seccomp drwxr-xr-x root root 120 . drwxr-xr-x root root 180 .. -rw-r--r-- user user 568 seccomp -rw-r--r-- user user 432 seccomp.32 -rw-r--r-- user user 0 seccomp.postexec -rw-r--r-- user user 0 seccomp.postexec32 No active seccomp files Drop privileges: pid 1, uid 1000, gid 1000, force_nogroups 0 Closing non-standard file descriptors Starting application LD_PRELOAD=(null) Running 'echo' '2' command through /bin/bash execvp argument 0: /bin/bash execvp argument 1: -c execvp argument 2: 'echo' '2' Child process initialized in 1100.33 ms 2 monitoring pid 6 Sandbox monitor: waitpid 6 retval 6 status 0 Parent is shutting down, bye... $ Error: no valid sandbox $ LC_ALL=C firejail --debug --net=eth0 --noprofile echo "2" Autoselecting /bin/bash as shell Building quoted command line: 'echo' '2' Command name #echo# get interface eth0 configuration MTU of eth0 is 1500. macvlan parent device eth0 at 192.168.0.35/24 DISPLAY=:0 parsed as 0 Initializing child process Parent pid 17079, child pid 17080 sbox run: /usr/lib/firejail/fnet create macvlan eth0-17079 eth0 17080 Set caps filter 3000 Host network configured PID namespace installed Mounting tmpfs on /run/firejail/mnt directory Creating empty /run/firejail/mnt/seccomp directory Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file sbox run: /run/firejail/lib/fnet ifup lo Set caps filter 3000 sbox run: /run/firejail/lib/fnet ifup eth0-17079 Set caps filter 3000 ARP-scan eth0-17079, 192.168.0.35/24 IP address range from 192.168.0.1 to 192.168.0.255 Trying 192.168.0.250 ... Configuring 192.168.0.250 address on interface eth0-17079 sbox run: /run/firejail/lib/fnet config interface eth0-17079 3232235770 4294967040 1500 Set caps filter 3000 Announce 192.168.0.250 ... Network namespace enabled sbox run: /run/firejail/lib/fnet printif Set caps filter 3000 Interface MAC IP Mask Status lo 127.0.0.1 255.0.0.0 UP eth0-17079 mac 192.168.0.250 255.255.255.0 UP Default gateway 192.168.0.1 Mounting /proc filesystem representing the PID namespace Basic read-only filesystem: Mounting read-only /etc 563 409 8:2 /etc /etc ro,relatime master:1 - ext4 /dev/sda2 rw mountid=563 fsname=/etc dir=/etc fstype=ext4 Mounting noexec /etc 564 563 8:2 /etc /etc ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/sda2 rw mountid=564 fsname=/etc dir=/etc fstype=ext4 Mounting read-only /var 565 409 8:2 /var /var ro,relatime master:1 - ext4 /dev/sda2 rw mountid=565 fsname=/var dir=/var fstype=ext4 Mounting noexec /var 566 565 8:2 /var /var ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/sda2 rw mountid=566 fsname=/var dir=/var fstype=ext4 Mounting read-only /usr 567 409 8:2 /usr /usr ro,relatime master:1 - ext4 /dev/sda2 rw mountid=567 fsname=/usr dir=/usr fstype=ext4 Mounting tmpfs on /var/lock Mounting tmpfs on /var/tmp Mounting tmpfs on /var/log Mounting tmpfs on /var/lib/dhcp Mounting tmpfs on /var/cache/lighttpd Create the new utmp file Mount the new utmp file Cleaning /home directory Cleaning /run/user directory Sanitizing /etc/passwd, UID_MIN 1000 Sanitizing /etc/group, GID_MIN 1000 Disable /home/user/.config/firejail Disable /run/firejail/sandbox Disable /run/firejail/network Disable /run/firejail/bandwidth Disable /run/firejail/name Disable /run/firejail/profile Disable /run/firejail/x11 blacklist /run/firejail/dbus Mounting read-only /proc/sys Remounting /sys directory Disable /sys/firmware Disable /sys/hypervisor Disable /sys/power Disable /sys/kernel/debug Disable /sys/kernel/vmcoreinfo Disable /proc/sys/fs/binfmt_misc Disable /proc/sys/kernel/core_pattern Disable /proc/sys/kernel/modprobe Disable /proc/sysrq-trigger Disable /proc/sys/vm/panic_on_oom Disable /proc/irq Disable /proc/bus Disable /proc/timer_list Disable /proc/kcore Disable /proc/kallsyms Disable /usr/lib/modules/5.18.16-arch1-1/build (requested /usr/src/linux) Disable /usr/lib/modules (requested /lib/modules) Disable /usr/lib/debug Disable /boot Disable /dev/port Disable /run/user/1000/gnupg Disable /run/user/1000/systemd Disable /dev/kmsg Disable /proc/kmsg Disable /sys/fs Disable /sys/module rebuilding /etc directory Creating empty /run/firejail/mnt/dns-etc/UPower directory Creating empty /run/firejail/mnt/dns-etc/ftester directory Creating empty /run/firejail/mnt/dns-etc/mkinitcpio.d directory Creating empty /run/firejail/mnt/dns-etc/sudo.conf file Creating empty /run/firejail/mnt/dns-etc/mail.rc file Creating empty /run/firejail/mnt/dns-etc/fang.conf file Creating empty /run/firejail/mnt/dns-etc/my.cnf file Creating empty /run/firejail/mnt/dns-etc/sane.d directory Creating empty /run/firejail/mnt/dns-etc/resolv.conf file Creating empty /run/firejail/mnt/dns-etc/lsb-release file Creating empty /run/firejail/mnt/dns-etc/daxctl.conf.d directory Creating empty /run/firejail/mnt/dns-etc/conf.d directory Creating empty /run/firejail/mnt/dns-etc/sqlmap.conf file Creating empty /run/firejail/mnt/dns-etc/dhcpd6.conf file Creating empty /run/firejail/mnt/dns-etc/gss directory Creating empty /run/firejail/mnt/dns-etc/btscanner directory Creating empty /run/firejail/mnt/dns-etc/openpmix directory Creating empty /run/firejail/mnt/dns-etc/modprobe.d directory Creating empty /run/firejail/mnt/dns-etc/reaver directory Creating empty /run/firejail/mnt/dns-etc/alsa directory Creating empty /run/firejail/mnt/dns-etc/bind.keys file Creating empty /run/firejail/mnt/dns-etc/moloch directory Creating empty /run/firejail/mnt/dns-etc/man_db.conf file Creating empty /run/firejail/mnt/dns-etc/snort directory Creating empty /run/firejail/mnt/dns-etc/sniffjoke directory Creating empty /run/firejail/mnt/dns-etc/sslsplit directory Creating empty /run/firejail/mnt/dns-etc/lynx.cfg file Creating empty /run/firejail/mnt/dns-etc/openldap directory Creating empty /run/firejail/mnt/dns-etc/e2scrub.conf file Creating empty /run/firejail/mnt/dns-etc/profile file Creating empty /run/firejail/mnt/dns-etc/passwd- file Creating empty /run/firejail/mnt/dns-etc/netctl directory Creating empty /run/firejail/mnt/dns-etc/xprobe2 directory Creating empty /run/firejail/mnt/dns-etc/cron.monthly directory Creating empty /run/firejail/mnt/dns-etc/nscd.conf file Creating empty /run/firejail/mnt/dns-etc/fstab file Creating empty /run/firejail/mnt/dns-etc/fl0p directory Creating empty /run/firejail/mnt/dns-etc/tpm2-tss directory Creating empty /run/firejail/mnt/dns-etc/rsyncd.conf file Creating empty /run/firejail/mnt/dns-etc/gssapi_mech.conf file Creating empty /run/firejail/mnt/dns-etc/krb5.conf file Creating empty /run/firejail/mnt/dns-etc/ssh directory Creating empty /run/firejail/mnt/dns-etc/airoscript-ng directory Creating empty /run/firejail/mnt/dns-etc/skel directory Creating empty /run/firejail/mnt/dns-etc/mtools.conf file Creating empty /run/firejail/mnt/dns-etc/passwd.pacnew file Creating empty /run/firejail/mnt/dns-etc/arpon.sarpi file Creating empty /run/firejail/mnt/dns-etc/login.defs file Creating empty /run/firejail/mnt/dns-etc/default directory Creating empty /run/firejail/mnt/dns-etc/dnsmasq.conf file Creating empty /run/firejail/mnt/dns-etc/gshadow- file Creating empty /run/firejail/mnt/dns-etc/zmap directory Creating empty /run/firejail/mnt/dns-etc/php directory Creating empty /run/firejail/mnt/dns-etc/lighttpd directory Creating empty /run/firejail/mnt/dns-etc/bash_completion.d directory Creating empty /run/firejail/mnt/dns-etc/pipewire directory Creating empty /run/firejail/mnt/dns-etc/makepkg.conf file Creating empty /run/firejail/mnt/dns-etc/gnuradio directory Creating empty /run/firejail/mnt/dns-etc/libva.conf file Creating empty /run/firejail/mnt/dns-etc/sslh.cfg file Creating empty /run/firejail/mnt/dns-etc/libsmbios directory Creating empty /run/firejail/mnt/dns-etc/initcpio directory Creating empty /run/firejail/mnt/dns-etc/mdadm.conf file Creating empty /run/firejail/mnt/dns-etc/prometheus directory Creating empty /run/firejail/mnt/dns-etc/apache2 directory Creating empty /run/firejail/mnt/dns-etc/healthd.conf file Creating empty /run/firejail/mnt/dns-etc/siegerc file Creating empty /run/firejail/mnt/dns-etc/drirc.pacnew file Creating empty /run/firejail/mnt/dns-etc/openmpi directory Creating empty /run/firejail/mnt/dns-etc/GeoIP.conf file Creating empty /run/firejail/mnt/dns-etc/unbound directory Creating empty /run/firejail/mnt/dns-etc/environment file Creating empty /run/firejail/mnt/dns-etc/inetsim directory Creating empty /run/firejail/mnt/dns-etc/nfs.conf file Creating empty /run/firejail/mnt/dns-etc/postfix directory Creating empty /run/firejail/mnt/dns-etc/ndctl directory Creating empty /run/firejail/mnt/dns-etc/dnsrecon directory Creating empty /run/firejail/mnt/dns-etc/hostapd-wpe directory Creating empty /run/firejail/mnt/dns-etc/junkie directory Creating empty /run/firejail/mnt/dns-etc/fuse.conf file Creating empty /run/firejail/mnt/dns-etc/grub.d directory Creating empty /run/firejail/mnt/dns-etc/gtk-2.0 directory Creating empty /run/firejail/mnt/dns-etc/ld.so.cache file Creating empty /run/firejail/mnt/dns-etc/pam.d directory Creating empty /run/firejail/mnt/dns-etc/mplayer directory Creating empty /run/firejail/mnt/dns-etc/speech-dispatcher directory Creating empty /run/firejail/mnt/dns-etc/vnstat.conf file Creating empty /run/firejail/mnt/dns-etc/dhcpcd.secret file Creating empty /run/firejail/mnt/dns-etc/sudoers file Creating empty /run/firejail/mnt/dns-etc/machinae.yml file Creating empty /run/firejail/mnt/dns-etc/dhcpcd.duid file Creating empty /run/firejail/mnt/dns-etc/nsswitch.conf file Creating empty /run/firejail/mnt/dns-etc/named.conf file Creating empty /run/firejail/mnt/dns-etc/3proxy directory Creating empty /run/firejail/mnt/dns-etc/logrotate.conf file Creating empty /run/firejail/mnt/dns-etc/.updated file Creating empty /run/firejail/mnt/dns-etc/group file Creating empty /run/firejail/mnt/dns-etc/crypttab file Creating empty /run/firejail/mnt/dns-etc/unicornscan directory Creating empty /run/firejail/mnt/dns-etc/rc_keymaps directory Creating empty /run/firejail/mnt/dns-etc/signond.conf file Creating empty /run/firejail/mnt/dns-etc/NetworkManager directory Creating empty /run/firejail/mnt/dns-etc/securetty file Creating empty /run/firejail/mnt/dns-etc/bindresvport.blacklist file Creating empty /run/firejail/mnt/dns-etc/hostname file Creating empty /run/firejail/mnt/dns-etc/locale.gen.pacnew file Creating empty /run/firejail/mnt/dns-etc/mana-toolkit directory Creating empty /run/firejail/mnt/dns-etc/services file Creating empty /run/firejail/mnt/dns-etc/rc_maps.cfg file Creating empty /run/firejail/mnt/dns-etc/java-openjdk directory Creating empty /run/firejail/mnt/dns-etc/tigervnc directory Creating empty /run/firejail/mnt/dns-etc/swanctl directory Creating empty /run/firejail/mnt/dns-etc/netconfig file Creating empty /run/firejail/mnt/dns-etc/kernel directory Creating empty /run/firejail/mnt/dns-etc/freetds directory Creating empty /run/firejail/mnt/dns-etc/ipsec.conf file Creating empty /run/firejail/mnt/dns-etc/guymager directory Creating empty /run/firejail/mnt/dns-etc/cifs-utils directory Creating empty /run/firejail/mnt/dns-etc/host.conf file Creating empty /run/firejail/mnt/dns-etc/mono directory Creating empty /run/firejail/mnt/dns-etc/shadow.pacnew file Creating empty /run/firejail/mnt/dns-etc/cron.deny file Creating empty /run/firejail/mnt/dns-etc/gconf directory Creating empty /run/firejail/mnt/dns-etc/libvirt directory Creating empty /run/firejail/mnt/dns-etc/bitcoin directory Creating empty /run/firejail/mnt/dns-etc/rpc file Creating empty /run/firejail/mnt/dns-etc/mercurial directory Creating empty /run/firejail/mnt/dns-etc/opt directory Creating empty /run/firejail/mnt/dns-etc/proxychains.conf file Creating empty /run/firejail/mnt/dns-etc/yasat directory Creating empty /run/firejail/mnt/dns-etc/polkit-1 directory Creating empty /run/firejail/mnt/dns-etc/pacman.conf.pacnew file Creating empty /run/firejail/mnt/dns-etc/odbcinst.ini file Creating empty /run/firejail/mnt/dns-etc/xinetd.d directory Creating empty /run/firejail/mnt/dns-etc/udev directory Creating empty /run/firejail/mnt/dns-etc/texmf directory Creating empty /run/firejail/mnt/dns-etc/tor directory Creating empty /run/firejail/mnt/dns-etc/vpnc directory Creating empty /run/firejail/mnt/dns-etc/screenrc file Creating empty /run/firejail/mnt/dns-etc/sasl2 directory Creating empty /run/firejail/mnt/dns-etc/hosts.pacnew file Creating empty /run/firejail/mnt/dns-etc/sensors.d directory Creating empty /run/firejail/mnt/dns-etc/arpalert directory Creating empty /run/firejail/mnt/dns-etc/hyperion directory Creating empty /run/firejail/mnt/dns-etc/ethertypes file Creating empty /run/firejail/mnt/dns-etc/dhcp_fingerprints.conf file Creating empty /run/firejail/mnt/dns-etc/locale.gen file Creating empty /run/firejail/mnt/dns-etc/ODBCDataSources directory Creating empty /run/firejail/mnt/dns-etc/ld.so.conf.d directory Creating empty /run/firejail/mnt/dns-etc/urlview directory Creating empty /run/firejail/mnt/dns-etc/libinput directory Creating empty /run/firejail/mnt/dns-etc/libnl directory Creating empty /run/firejail/mnt/dns-etc/netsniff-ng directory Creating empty /run/firejail/mnt/dns-etc/tinyproxy directory Creating empty /run/firejail/mnt/dns-etc/asound.conf.backup file Creating empty /run/firejail/mnt/dns-etc/iproute2 directory Creating empty /run/firejail/mnt/dns-etc/raddb.default directory Creating empty /run/firejail/mnt/dns-etc/ssl directory Creating empty /run/firejail/mnt/dns-etc/appstream.conf file Creating empty /run/firejail/mnt/dns-etc/jack directory Creating empty /run/firejail/mnt/dns-etc/drirc.pacsave file Creating empty /run/firejail/mnt/dns-etc/cron.weekly directory Creating empty /run/firejail/mnt/dns-etc/ts.conf file Creating empty /run/firejail/mnt/dns-etc/.pwd.lock file Creating empty /run/firejail/mnt/dns-etc/kismet directory Creating empty /run/firejail/mnt/dns-etc/ld.so.preload file Creating empty /run/firejail/mnt/dns-etc/brltty.conf file Creating empty /run/firejail/mnt/dns-etc/avahi directory Creating empty /run/firejail/mnt/dns-etc/cron.daily directory Creating empty /run/firejail/mnt/dns-etc/keyutils directory Creating empty /run/firejail/mnt/dns-etc/hostapd directory Creating empty /run/firejail/mnt/dns-etc/cvechecker.conf file Creating empty /run/firejail/mnt/dns-etc/refind.d directory Creating empty /run/firejail/mnt/dns-etc/machine-id file Creating empty /run/firejail/mnt/dns-etc/wgetrc file Creating empty /run/firejail/mnt/dns-etc/rhashrc file Creating empty /run/firejail/mnt/dns-etc/sddm.conf file Creating empty /run/firejail/mnt/dns-etc/dnsmasq.conf.backup file Creating empty /run/firejail/mnt/dns-etc/malmon directory Creating empty /run/firejail/mnt/dns-etc/bash.bashrc file Creating empty /run/firejail/mnt/dns-etc/cpufreq-bench.conf file Creating empty /run/firejail/mnt/dns-etc/wireguard directory Creating empty /run/firejail/mnt/dns-etc/haka directory Creating empty /run/firejail/mnt/dns-etc/resolv.conf.pacnew file Creating empty /run/firejail/mnt/dns-etc/security directory Creating empty /run/firejail/mnt/dns-etc/bluedivingNG.conf file Creating empty /run/firejail/mnt/dns-etc/sysctl.d directory Creating empty /run/firejail/mnt/dns-etc/mime.types file Creating empty /run/firejail/mnt/dns-etc/tcpxtract.conf file Creating empty /run/firejail/mnt/dns-etc/tmpfiles.d directory Creating empty /run/firejail/mnt/dns-etc/lynis directory Creating empty /run/firejail/mnt/dns-etc/papersize file Creating empty /run/firejail/mnt/dns-etc/my.cnf.d directory Creating empty /run/firejail/mnt/dns-etc/X11 directory Creating empty /run/firejail/mnt/dns-etc/hosts file Creating empty /run/firejail/mnt/dns-etc/lynx.lss file Creating empty /run/firejail/mnt/dns-etc/mpv directory Creating empty /run/firejail/mnt/dns-etc/libblockdev directory Creating empty /run/firejail/mnt/dns-etc/logrotate.d directory Creating empty /run/firejail/mnt/dns-etc/java-7-openjdk directory Creating empty /run/firejail/mnt/dns-etc/slsh.rc file Creating empty /run/firejail/mnt/dns-etc/ksysguarddrc file Creating empty /run/firejail/mnt/dns-etc/libao.conf file Creating empty /run/firejail/mnt/dns-etc/resolvconf.conf file Creating empty /run/firejail/mnt/dns-etc/sagan.yaml file Creating empty /run/firejail/mnt/dns-etc/sddm.conf.pacnew file Creating empty /run/firejail/mnt/dns-etc/nikto.conf file Creating empty /run/firejail/mnt/dns-etc/libaudit.conf file Creating empty /run/firejail/mnt/dns-etc/create_ap.conf file Creating empty /run/firejail/mnt/dns-etc/wirouterkeyrec directory Creating empty /run/firejail/mnt/dns-etc/ImageMagick-7 directory Creating empty /run/firejail/mnt/dns-etc/gssproxy directory Creating empty /run/firejail/mnt/dns-etc/brlapi.key file Creating empty /run/firejail/mnt/dns-etc/rc.d directory Creating empty /run/firejail/mnt/dns-etc/dhcpd.conf file Creating empty /run/firejail/mnt/dns-etc/modules-load.d directory Creating empty /run/firejail/mnt/dns-etc/nfsmount.conf file Creating empty /run/firejail/mnt/dns-etc/dhcpcd.conf file Creating empty /run/firejail/mnt/dns-etc/nginx directory Creating empty /run/firejail/mnt/dns-etc/sudoers.d directory Creating empty /run/firejail/mnt/dns-etc/group- file Creating empty /run/firejail/mnt/dns-etc/clamav directory Creating empty /run/firejail/mnt/dns-etc/PackageKit directory Creating empty /run/firejail/mnt/dns-etc/qemu directory Creating empty /run/firejail/mnt/dns-etc/foremost.conf file Creating empty /run/firejail/mnt/dns-etc/httpd directory Creating empty /run/firejail/mnt/dns-etc/debuginfod directory Creating empty /run/firejail/mnt/dns-etc/asound.conf.workingwithpulse file Creating empty /run/firejail/mnt/dns-etc/profile.d directory Creating empty /run/firejail/mnt/dns-etc/udisks2 directory Creating empty /run/firejail/mnt/dns-etc/strongswan.d directory Creating empty /run/firejail/mnt/dns-etc/fstab.pacnew file Creating empty /run/firejail/mnt/dns-etc/OpenCL directory Creating empty /run/firejail/mnt/dns-etc/yaf.conf file Creating empty /run/firejail/mnt/dns-etc/gimp directory Creating empty /run/firejail/mnt/dns-etc/multitun.conf file Creating empty /run/firejail/mnt/dns-etc/sudo_logsrvd.conf file Creating empty /run/firejail/mnt/dns-etc/systemd directory Creating empty /run/firejail/mnt/dns-etc/rabbitmq directory Creating empty /run/firejail/mnt/dns-etc/ipv6toolkit directory Creating empty /run/firejail/mnt/dns-etc/john directory Creating empty /run/firejail/mnt/dns-etc/arch-release file Creating empty /run/firejail/mnt/dns-etc/elasticsearch directory Creating empty /run/firejail/mnt/dns-etc/lvm directory Creating empty /run/firejail/mnt/dns-etc/firejail directory Creating empty /run/firejail/mnt/dns-etc/rkhunter.conf file Creating empty /run/firejail/mnt/dns-etc/pacman.conf file Creating empty /run/firejail/mnt/dns-etc/apparmor.d directory Creating empty /run/firejail/mnt/dns-etc/couchdb directory Creating empty /run/firejail/mnt/dns-etc/raddb directory Creating empty /run/firejail/mnt/dns-etc/gtk-3.0 directory Creating empty /run/firejail/mnt/dns-etc/vdpau_wrapper.cfg file Creating empty /run/firejail/mnt/dns-etc/ndctl.conf.d directory Creating empty /run/firejail/mnt/dns-etc/mkinitcpio.conf file Creating empty /run/firejail/mnt/dns-etc/sudoers.pacnew file Creating empty /run/firejail/mnt/dns-etc/pcmcia directory Creating empty /run/firejail/mnt/dns-etc/sensors3.conf file Creating empty /run/firejail/mnt/dns-etc/chromium directory Creating empty /run/firejail/mnt/dns-etc/mailcap file Creating empty /run/firejail/mnt/dns-etc/poison directory Creating empty /run/firejail/mnt/dns-etc/pinentry directory Creating empty /run/firejail/mnt/dns-etc/freeipmi directory Creating empty /run/firejail/mnt/dns-etc/libpaper.d directory Creating empty /run/firejail/mnt/dns-etc/ettercap directory Creating empty /run/firejail/mnt/dns-etc/request-key.conf file Creating empty /run/firejail/mnt/dns-etc/ca-certificates directory Creating empty /run/firejail/mnt/dns-etc/wpa_supplicant directory Creating empty /run/firejail/mnt/dns-etc/ld.so.conf file Creating empty /run/firejail/mnt/dns-etc/ModemManager directory Creating empty /run/firejail/mnt/dns-etc/cron.d directory Creating empty /run/firejail/mnt/dns-etc/xml directory Creating empty /run/firejail/mnt/dns-etc/malheur.cfg file Creating empty /run/firejail/mnt/dns-etc/vde2 directory Creating empty /run/firejail/mnt/dns-etc/yafDPIRules.conf file Creating empty /run/firejail/mnt/dns-etc/audit directory Creating empty /run/firejail/mnt/dns-etc/grokevt directory Creating empty /run/firejail/mnt/dns-etc/nipper.conf file Creating empty /run/firejail/mnt/dns-etc/locale.conf file Creating empty /run/firejail/mnt/dns-etc/btoui file Creating empty /run/firejail/mnt/dns-etc/samba directory Creating empty /run/firejail/mnt/dns-etc/gdb directory Creating empty /run/firejail/mnt/dns-etc/idmapd.conf file Creating empty /run/firejail/mnt/dns-etc/sddm.conf.pacsave file Creating empty /run/firejail/mnt/dns-etc/apparmor directory Creating empty /run/firejail/mnt/dns-etc/gshadow file Creating empty /run/firejail/mnt/dns-etc/fwupd directory Creating empty /run/firejail/mnt/dns-etc/Nextcloud directory Creating empty /run/firejail/mnt/dns-etc/pacman.d directory Creating empty /run/firejail/mnt/dns-etc/p0f directory Creating empty /run/firejail/mnt/dns-etc/init.d directory Creating empty /run/firejail/mnt/dns-etc/xattr.conf file Creating empty /run/firejail/mnt/dns-etc/nanorc file Creating empty /run/firejail/mnt/dns-etc/passwd file Creating empty /run/firejail/mnt/dns-etc/multipath directory Creating empty /run/firejail/mnt/dns-etc/gvm directory Creating empty /run/firejail/mnt/dns-etc/cron.hourly directory Creating empty /run/firejail/mnt/dns-etc/shells.pacnew file Creating empty /run/firejail/mnt/dns-etc/voipong directory Creating empty /run/firejail/mnt/dns-etc/exabgp.conf file Creating empty /run/firejail/mnt/dns-etc/lirc directory Creating empty /run/firejail/mnt/dns-etc/ipsec.d directory Creating empty /run/firejail/mnt/dns-etc/vimrc file Creating empty /run/firejail/mnt/dns-etc/exports file Creating empty /run/firejail/mnt/dns-etc/exports.d directory Creating empty /run/firejail/mnt/dns-etc/pulse directory Creating empty /run/firejail/mnt/dns-etc/strongswan.conf file Creating empty /run/firejail/mnt/dns-etc/inputrc file Creating empty /run/firejail/mnt/dns-etc/iptables directory Creating empty /run/firejail/mnt/dns-etc/group.pacnew file Creating empty /run/firejail/mnt/dns-etc/libreoffice directory Creating empty /run/firejail/mnt/dns-etc/gai.conf file Creating empty /run/firejail/mnt/dns-etc/dconf directory Creating empty /run/firejail/mnt/dns-etc/ifplugd directory Creating empty /run/firejail/mnt/dns-etc/ppp directory Creating empty /run/firejail/mnt/dns-etc/xdg directory Creating empty /run/firejail/mnt/dns-etc/odbc.ini file Creating empty /run/firejail/mnt/dns-etc/portspoof directory Creating empty /run/firejail/mnt/dns-etc/mke2fs.conf file Creating empty /run/firejail/mnt/dns-etc/pkcs11 directory Creating empty /run/firejail/mnt/dns-etc/smartd.conf file Creating empty /run/firejail/mnt/dns-etc/protocols file Creating empty /run/firejail/mnt/dns-etc/request-key.d directory Creating empty /run/firejail/mnt/dns-etc/binfmt.d directory Creating empty /run/firejail/mnt/dns-etc/openvpn directory Creating empty /run/firejail/mnt/dns-etc/ipsec.secrets file Creating empty /run/firejail/mnt/dns-etc/pki directory Creating empty /run/firejail/mnt/dns-etc/resolv.conf.bak file Creating empty /run/firejail/mnt/dns-etc/x3270 directory Creating empty /run/firejail/mnt/dns-etc/java11-openjdk directory Creating empty /run/firejail/mnt/dns-etc/suricata directory Creating empty /run/firejail/mnt/dns-etc/depmod.d directory Creating empty /run/firejail/mnt/dns-etc/bash.bash_logout file Creating empty /run/firejail/mnt/dns-etc/zsh directory Creating empty /run/firejail/mnt/dns-etc/stunnel directory Creating empty /run/firejail/mnt/dns-etc/bluetooth directory Creating empty /run/firejail/mnt/dns-etc/shadow- file Creating empty /run/firejail/mnt/dns-etc/java-8-openjdk directory Creating empty /run/firejail/mnt/dns-etc/fonts directory Creating empty /run/firejail/mnt/dns-etc/fakechroot directory Creating empty /run/firejail/mnt/dns-etc/proxydriver.d directory Creating empty /run/firejail/mnt/dns-etc/scalpel directory Creating empty /run/firejail/mnt/dns-etc/hcraft.modes file Creating empty /run/firejail/mnt/dns-etc/yafApplabelRules.conf file Creating empty /run/firejail/mnt/dns-etc/trusted-key.key file Creating empty /run/firejail/mnt/dns-etc/gshadow.pacnew file Creating empty /run/firejail/mnt/dns-etc/shells file Creating empty /run/firejail/mnt/dns-etc/sshuttle directory Creating empty /run/firejail/mnt/dns-etc/prads directory Creating empty /run/firejail/mnt/dns-etc/issue file Creating empty /run/firejail/mnt/dns-etc/searchsploit_rc file Creating empty /run/firejail/mnt/dns-etc/wifi-honey directory Creating empty /run/firejail/mnt/dns-etc/anacrontab file Creating empty /run/firejail/mnt/dns-etc/syncplay directory Creating empty /run/firejail/mnt/dns-etc/nfc directory Creating empty /run/firejail/mnt/dns-etc/urls.txt file Creating empty /run/firejail/mnt/dns-etc/shadow file Creating empty /run/firejail/mnt/dns-etc/mongodb.conf file Mount-bind /run/firejail/mnt/dns-etc on top of /etc Current directory: /home/user DISPLAY=:0 parsed as 0 Mounting read-only /run/firejail/mnt/seccomp 1325 560 0:88 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755,inode64 mountid=1325 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs Seccomp directory: ls /run/firejail/mnt/seccomp drwxr-xr-x root root 120 . drwxr-xr-x root root 180 .. -rw-r--r-- user user 568 seccomp -rw-r--r-- user user 432 seccomp.32 -rw-r--r-- user user 0 seccomp.postexec -rw-r--r-- user user 0 seccomp.postexec32 No active seccomp files Drop privileges: pid 1, uid 1000, gid 1000, force_nogroups 0 Closing non-standard file descriptors Starting application LD_PRELOAD=(null) Running 'echo' '2' command through /bin/bash execvp argument 0: /bin/bash execvp argument 1: -c execvp argument 2: 'echo' '2' Child process initialized in 1124.36 ms 2 monitoring pid 6 Sandbox monitor: waitpid 6 retval 6 status 0 Parent is shutting down, bye... $ ```

Edit: Attempting to use any netfilter options also results in an error: Error: invalid network filter file *filename*

I've tried the default template configs as well as one that I made myself, none seem to work. Debug doesn't add any additional information or context.

[netblue30]

Thanks for the bug, something went wrong in the last release. Fixed on mainline!

[kmk3]

@netblue30 on Sep 26:

Fixed on mainline!

In that case, can this be closed?

I cannot reproduce the error with the following command:

firejail --net=eth0 --netlock --noprofile /bin/sh -c 'sleep 70'

[netblue30]

closing!