[GH-ISSUE #2136] Firejail 0.9.56 + TorBrowserBundle 8.0.2 Doesnt start inside Whonix #1448

New issue

Closed

opened 2026-05-05 08:06:36 -06:00 by gitea-mirror · 10 comments

gitea-mirror commented 2026-05-05 08:06:36 -06:00

Owner

Copy link

Originally created by @Nurmagoz on GitHub (Oct 4, 2018).
Original GitHub issue: https://github.com/netblue30/firejail/issues/2136

Hi there,

i was trying to run firejail version 0.9.56 with Tor Browser inside Whonix Anonymous OS , but it will not run at all. wonder if someone can drop the light on the issue here:

user@host:~$ firejail --debug torbrowser 
Autoselecting /bin/bash as shell
Building quoted command line: 'torbrowser' 
Command name #torbrowser#
Attempting to find default.profile...
Found default profile in /etc/firejail directory
Reading profile /etc/firejail/default.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc

** Note: you can use --noprofile to disable default.profile **

DISPLAY=:0 parsed as 0
Using the local network stack
Parent pid 7580, child pid 7581
Initializing child process
Host network configured
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp.protocol file                                                                                                                
Creating empty /run/firejail/mnt/seccomp.postexec file                                                                                                                
Build protocol filter: unix,inet,inet6                                                                                                                                
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fseccomp protocol build unix,inet,inet6 /run/firejail/mnt/seccomp.protocol (null)                                        
Dropping all capabilities                                                                                                                                             
Drop privileges: pid 2, uid 1000, gid 1000, nogroups 1                                                                                                                
No supplementary groups
Mounting read-only /bin, /sbin, /lib, /lib32, /lib64, /usr, /etc, /var
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Mounting tmpfs on /var/lib/dhcp
Mounting tmpfs on /var/lib/sudo
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/x11
Remounting /proc and /proc/sys filesystems
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/config.gz
Disable /proc/sched_debug
Disable /proc/timer_list
Disable /proc/kallsyms
Disable /lib/modules
Disable /boot
Disable /dev/port
Disable /run/user/1000/gnupg
Disable /run/user/1000/systemd
Disable /dev/kmsg
Disable /proc/kmsg
Disable /home/user/.bash_history
Disable /etc/X11/Xsession.d
Disable /etc/xdg/autostart
Disable /home/user/.config/kscreenlockerrc
Mounting read-only /home/user/.cache/ksycoca5_en_DUcAY8MHK9CqUalxnSyf45tD93g=
Mounting read-only /home/user/.config/knotifyrc
Mounting read-only /home/user/.config/kdeglobals
Mounting read-only /home/user/.config/kio_httprc
Mounting read-only /home/user/.local/share/konsole
Disable /run/user/1000/kdeinit5__0
Disable /var/lib/systemd
Disable /var/cache/apt
Disable /var/lib/apt
Disable /var/mail
Disable /var/opt
Disable /var/spool/cron
Disable /var/mail (requested /var/spool/mail)
Disable /etc/cron.hourly
Disable /etc/cron.monthly
Disable /etc/cron.weekly
Disable /etc/cron.d
Disable /etc/cron.daily
Disable /etc/crontab
Disable /etc/profile.d
Disable /etc/rc.local
Disable /etc/rc1.d
Disable /etc/rc0.d
Disable /etc/rcS.d
Disable /etc/rc5.d
Disable /etc/rc4.d
Disable /etc/rc2.d
Disable /etc/rc3.d
Disable /etc/rc6.d
Disable /etc/kernel
Disable /etc/apparmor.d
Disable /etc/apparmor
Disable /etc/selinux
Disable /etc/modules
Disable /etc/modules-load.d
Disable /etc/logrotate.conf
Disable /etc/logrotate.d
Disable /etc/adduser.conf
Mounting read-only /home/user/.bash_logout
Mounting read-only /home/user/.bashrc.whonix
Mounting read-only /home/user/.profile
Mounting read-only /home/user/.nano
Disable /home/user/.local/share/Trash
Disable /home/user/.gnupg
Disable /home/user/.pki
Disable /etc/group-
Disable /etc/gshadow
Disable /etc/gshadow-
Disable /etc/passwd-
Disable /etc/shadow
Disable /etc/shadow-
Disable /sbin
Disable /usr/local/sbin
Disable /usr/sbin
Disable /usr/bin/chage
Disable /usr/bin/chfn
Disable /usr/bin/chsh
Disable /usr/bin/crontab
Disable /usr/bin/expiry
Disable /bin/fusermount
Disable /usr/bin/gpasswd
Disable /bin/mount
Disable /usr/bin/newgrp
Disable /bin/ntfs-3g
Disable /usr/bin/pkexec
Disable /usr/bin/newgrp (requested /usr/bin/sg)
Disable /usr/bin/strace
Disable /bin/su
Disable /usr/bin/sudo
Disable /bin/umount
Disable /usr/bin/xev
Mounting noexec /tmp/.X11-unix
Disable /home/user/.config/KeePass
Disable /home/user/.config/keepassx
Disable /home/user/.config/baloofilerc
Disable /home/user/.config/dolphinrc
Disable /home/user/.config/emaildefaults
Disable /home/user/.config/enchant
Disable /home/user/.config/hexchat
Disable /home/user/.config/katepartrc
Disable /home/user/.config/katevirc
Disable /home/user/.config/kwriterc
Disable /home/user/.config/org.kde.gwenviewrc
Disable /home/user/.config/torbrowser
Disable /home/user/.config/vlc
Disable /home/user/.local/share/baloo
Disable /home/user/.local/share/dolphin
Disable /home/user/.local/share/kwrite
Disable /home/user/.local/share/meld
Disable /home/user/.local/share/org.kde.gwenview
Disable /home/user/.local/share/torbrowser
Disable /home/user/.local/share/vlc
Disable /home/user/.mozilla
Disable /home/user/.thunderbird
Disable /home/user/.cache/mozilla
Disable /home/user/.cache/thunderbird
Disable /sys/fs
Disable /sys/module
1154 1034 0:91 /pulse /home/user/.config/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755
fsname=/pulse dir=/home/user/.config/pulse fstype=tmpfs
Current directory: /home/user
DISPLAY=:0 parsed as 0
Dropping all capabilities
Install protocol filter: unix,inet,inet6
configuring 14 seccomp entries in /run/firejail/mnt/seccomp.protocol
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp.protocol (null) 
Dropping all capabilities
Drop privileges: pid 3, uid 1000, gid 1000, nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 15 01 00 00000029   jeq socket 0006 (false 0005)
 0005: 06 00 00 7fff0000   ret ALLOW
 0006: 20 00 00 00000010   ld  data.args[0]
 0007: 15 00 01 00000001   jeq 1 0008 (false 0009)
 0008: 06 00 00 7fff0000   ret ALLOW
 0009: 15 00 01 00000002   jeq 2 000a (false 000b)
 000a: 06 00 00 7fff0000   ret ALLOW
 000b: 15 00 01 0000000a   jeq a 000c (false 000d)
 000c: 06 00 00 7fff0000   ret ALLOW
 000d: 06 00 00 0005005f   ret ERRNO(95)
configuring 54 seccomp entries in /run/firejail/mnt/seccomp.32
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp.32 (null) 
Dropping all capabilities
Drop privileges: pid 4, uid 1000, gid 1000, nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 40000003   jeq ARCH_32 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 15 30 00 00000015   jeq 15 0035 (false 0005)
 0005: 15 2f 00 00000034   jeq 34 0035 (false 0006)
 0006: 15 2e 00 0000001a   jeq 1a 0035 (false 0007)
 0007: 15 2d 00 0000011b   jeq 11b 0035 (false 0008)
 0008: 15 2c 00 00000155   jeq 155 0035 (false 0009)
 0009: 15 2b 00 00000156   jeq 156 0035 (false 000a)
 000a: 15 2a 00 0000007f   jeq 7f 0035 (false 000b)
 000b: 15 29 00 00000080   jeq 80 0035 (false 000c)
 000c: 15 28 00 0000015e   jeq 15e 0035 (false 000d)
 000d: 15 27 00 00000081   jeq 81 0035 (false 000e)
 000e: 15 26 00 0000006e   jeq 6e 0035 (false 000f)
 000f: 15 25 00 00000065   jeq 65 0035 (false 0010)
 0010: 15 24 00 00000121   jeq 121 0035 (false 0011)
 0011: 15 23 00 00000057   jeq 57 0035 (false 0012)
 0012: 15 22 00 00000073   jeq 73 0035 (false 0013)
 0013: 15 21 00 00000067   jeq 67 0035 (false 0014)
 0014: 15 20 00 0000015b   jeq 15b 0035 (false 0015)
 0015: 15 1f 00 0000015c   jeq 15c 0035 (false 0016)
 0016: 15 1e 00 00000087   jeq 87 0035 (false 0017)
 0017: 15 1d 00 00000095   jeq 95 0035 (false 0018)
 0018: 15 1c 00 0000007c   jeq 7c 0035 (false 0019)
 0019: 15 1b 00 00000157   jeq 157 0035 (false 001a)
 001a: 15 1a 00 000000fd   jeq fd 0035 (false 001b)
 001b: 15 19 00 00000150   jeq 150 0035 (false 001c)
 001c: 15 18 00 00000152   jeq 152 0035 (false 001d)
 001d: 15 17 00 0000015d   jeq 15d 0035 (false 001e)
 001e: 15 16 00 0000011e   jeq 11e 0035 (false 001f)
 001f: 15 15 00 0000011f   jeq 11f 0035 (false 0020)
 0020: 15 14 00 00000120   jeq 120 0035 (false 0021)
 0021: 15 13 00 00000056   jeq 56 0035 (false 0022)
 0022: 15 12 00 00000033   jeq 33 0035 (false 0023)
 0023: 15 11 00 0000007b   jeq 7b 0035 (false 0024)
 0024: 15 10 00 000000d9   jeq d9 0035 (false 0025)
 0025: 15 0f 00 000000f5   jeq f5 0035 (false 0026)
 0026: 15 0e 00 000000f6   jeq f6 0035 (false 0027)
 0027: 15 0d 00 000000f7   jeq f7 0035 (false 0028)
 0028: 15 0c 00 000000f8   jeq f8 0035 (false 0029)
 0029: 15 0b 00 000000f9   jeq f9 0035 (false 002a)
 002a: 15 0a 00 00000101   jeq 101 0035 (false 002b)
 002b: 15 09 00 00000112   jeq 112 0035 (false 002c)
 002c: 15 08 00 00000114   jeq 114 0035 (false 002d)
 002d: 15 07 00 00000126   jeq 126 0035 (false 002e)
 002e: 15 06 00 0000013d   jeq 13d 0035 (false 002f)
 002f: 15 05 00 0000013c   jeq 13c 0035 (false 0030)
 0030: 15 04 00 0000003d   jeq 3d 0035 (false 0031)
 0031: 15 03 00 00000058   jeq 58 0035 (false 0032)
 0032: 15 02 00 000000a9   jeq a9 0035 (false 0033)
 0033: 15 01 00 00000082   jeq 82 0035 (false 0034)
 0034: 06 00 00 7fff0000   ret ALLOW
 0035: 06 00 00 00000000   ret KILL
Dual 32/64 bit seccomp filter configured
configuring 74 seccomp entries in /run/firejail/mnt/seccomp
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp (null) 
Dropping all capabilities
Drop privileges: pid 5, uid 1000, gid 1000, nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 35 01 00 40000000   jge X32_ABI 0006 (false 0005)
 0005: 35 01 00 00000000   jge read 0007 (false 0006)
 0006: 06 00 00 00050001   ret ERRNO(1)
 0007: 15 41 00 0000009a   jeq modify_ldt 0049 (false 0008)
 0008: 15 40 00 000000d4   jeq lookup_dcookie 0049 (false 0009)
 0009: 15 3f 00 0000012a   jeq perf_event_open 0049 (false 000a)
 000a: 15 3e 00 00000137   jeq process_vm_writev 0049 (false 000b)
 000b: 15 3d 00 0000009c   jeq _sysctl 0049 (false 000c)
 000c: 15 3c 00 000000b7   jeq afs_syscall 0049 (false 000d)
 000d: 15 3b 00 000000ae   jeq create_module 0049 (false 000e)
 000e: 15 3a 00 000000b1   jeq get_kernel_syms 0049 (false 000f)
 000f: 15 39 00 000000b5   jeq getpmsg 0049 (false 0010)
 0010: 15 38 00 000000b6   jeq putpmsg 0049 (false 0011)
 0011: 15 37 00 000000b2   jeq query_module 0049 (false 0012)
 0012: 15 36 00 000000b9   jeq security 0049 (false 0013)
 0013: 15 35 00 0000008b   jeq sysfs 0049 (false 0014)
 0014: 15 34 00 000000b8   jeq tuxcall 0049 (false 0015)
 0015: 15 33 00 00000086   jeq uselib 0049 (false 0016)
 0016: 15 32 00 00000088   jeq ustat 0049 (false 0017)
 0017: 15 31 00 000000ec   jeq vserver 0049 (false 0018)
 0018: 15 30 00 0000009f   jeq adjtimex 0049 (false 0019)
 0019: 15 2f 00 00000131   jeq clock_adjtime 0049 (false 001a)
 001a: 15 2e 00 000000e3   jeq clock_settime 0049 (false 001b)
 001b: 15 2d 00 000000a4   jeq settimeofday 0049 (false 001c)
 001c: 15 2c 00 000000b0   jeq delete_module 0049 (false 001d)
 001d: 15 2b 00 00000139   jeq finit_module 0049 (false 001e)
 001e: 15 2a 00 000000af   jeq init_module 0049 (false 001f)
 001f: 15 29 00 000000ad   jeq ioperm 0049 (false 0020)
 0020: 15 28 00 000000ac   jeq iopl 0049 (false 0021)
 0021: 15 27 00 000000f6   jeq kexec_load 0049 (false 0022)
 0022: 15 26 00 00000140   jeq kexec_file_load 0049 (false 0023)
 0023: 15 25 00 000000a9   jeq reboot 0049 (false 0024)
 0024: 15 24 00 000000a7   jeq swapon 0049 (false 0025)
 0025: 15 23 00 000000a8   jeq swapoff 0049 (false 0026)
 0026: 15 22 00 000000a3   jeq acct 0049 (false 0027)
 0027: 15 21 00 00000141   jeq bpf 0049 (false 0028)
 0028: 15 20 00 000000a1   jeq chroot 0049 (false 0029)
 0029: 15 1f 00 000000a5   jeq mount 0049 (false 002a)
 002a: 15 1e 00 000000b4   jeq nfsservctl 0049 (false 002b)
 002b: 15 1d 00 0000009b   jeq pivot_root 0049 (false 002c)
 002c: 15 1c 00 000000ab   jeq setdomainname 0049 (false 002d)
 002d: 15 1b 00 000000aa   jeq sethostname 0049 (false 002e)
 002e: 15 1a 00 000000a6   jeq umount2 0049 (false 002f)
 002f: 15 19 00 00000099   jeq vhangup 0049 (false 0030)
 0030: 15 18 00 000000ee   jeq set_mempolicy 0049 (false 0031)
 0031: 15 17 00 00000100   jeq migrate_pages 0049 (false 0032)
 0032: 15 16 00 00000117   jeq move_pages 0049 (false 0033)
 0033: 15 15 00 000000ed   jeq mbind 0049 (false 0034)
 0034: 15 14 00 00000130   jeq open_by_handle_at 0049 (false 0035)
 0035: 15 13 00 0000012f   jeq name_to_handle_at 0049 (false 0036)
 0036: 15 12 00 000000fb   jeq ioprio_set 0049 (false 0037)
 0037: 15 11 00 00000067   jeq syslog 0049 (false 0038)
 0038: 15 10 00 0000012c   jeq fanotify_init 0049 (false 0039)
 0039: 15 0f 00 00000138   jeq kcmp 0049 (false 003a)
 003a: 15 0e 00 000000f8   jeq add_key 0049 (false 003b)
 003b: 15 0d 00 000000f9   jeq request_key 0049 (false 003c)
 003c: 15 0c 00 000000fa   jeq keyctl 0049 (false 003d)
 003d: 15 0b 00 000000ce   jeq io_setup 0049 (false 003e)
 003e: 15 0a 00 000000cf   jeq io_destroy 0049 (false 003f)
 003f: 15 09 00 000000d0   jeq io_getevents 0049 (false 0040)
 0040: 15 08 00 000000d1   jeq io_submit 0049 (false 0041)
 0041: 15 07 00 000000d2   jeq io_cancel 0049 (false 0042)
 0042: 15 06 00 000000d8   jeq remap_file_pages 0049 (false 0043)
 0043: 15 05 00 00000116   jeq vmsplice 0049 (false 0044)
 0044: 15 04 00 00000143   jeq userfaultfd 0049 (false 0045)
 0045: 15 03 00 00000065   jeq ptrace 0049 (false 0046)
 0046: 15 02 00 00000087   jeq personality 0049 (false 0047)
 0047: 15 01 00 00000136   jeq process_vm_readv 0049 (false 0048)
 0048: 06 00 00 7fff0000   ret ALLOW
 0049: 06 00 01 00000000   ret KILL
seccomp filter configured
noroot user namespace installed
Dropping all capabilities
NO_NEW_PRIVS set
Drop privileges: pid 1, uid 1000, gid 1000, nogroups 0
Supplementary groups: 29 
starting application
LD_PRELOAD=(null)
Running 'torbrowser'  command through /bin/bash
execvp argument 0: /bin/bash
execvp argument 1: -c
execvp argument 2: 'torbrowser' 
Child process initialized in 35.20 ms
Installing /run/firejail/mnt/seccomp seccomp filter
Installing /run/firejail/mnt/seccomp.32 seccomp filter
Installing /run/firejail/mnt/seccomp.protocol seccomp filter
monitoring pid 6

Sandbox monitor: waitpid 6 retval 6 status 0
Sandbox monitor: monitoring 40
monitoring pid 40

Sandbox monitor: waitpid 40 retval 40 status 0

Parent is shutting down, bye...
user@host:~$ 

Thanks!

Originally created by @Nurmagoz on GitHub (Oct 4, 2018). Original GitHub issue: https://github.com/netblue30/firejail/issues/2136 Hi there, i was trying to run firejail version 0.9.56 with Tor Browser inside Whonix Anonymous OS , but it will not run at all. wonder if someone can drop the light on the issue here: ``` user@host:~$ firejail --debug torbrowser Autoselecting /bin/bash as shell Building quoted command line: 'torbrowser' Command name #torbrowser# Attempting to find default.profile... Found default profile in /etc/firejail directory Reading profile /etc/firejail/default.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-passwdmgr.inc Reading profile /etc/firejail/disable-programs.inc ** Note: you can use --noprofile to disable default.profile ** DISPLAY=:0 parsed as 0 Using the local network stack Parent pid 7580, child pid 7581 Initializing child process Host network configured PID namespace installed Mounting tmpfs on /run/firejail/mnt directory Creating empty /run/firejail/mnt/seccomp.protocol file Creating empty /run/firejail/mnt/seccomp.postexec file Build protocol filter: unix,inet,inet6 sbox run: /usr/lib/x86_64-linux-gnu/firejail/fseccomp protocol build unix,inet,inet6 /run/firejail/mnt/seccomp.protocol (null) Dropping all capabilities Drop privileges: pid 2, uid 1000, gid 1000, nogroups 1 No supplementary groups Mounting read-only /bin, /sbin, /lib, /lib32, /lib64, /usr, /etc, /var Mounting tmpfs on /var/lock Mounting tmpfs on /var/tmp Mounting tmpfs on /var/log Mounting tmpfs on /var/lib/dhcp Mounting tmpfs on /var/lib/sudo Create the new utmp file Mount the new utmp file Cleaning /home directory Sanitizing /etc/passwd, UID_MIN 1000 Sanitizing /etc/group, GID_MIN 1000 Disable /run/firejail/network Disable /run/firejail/bandwidth Disable /run/firejail/name Disable /run/firejail/x11 Remounting /proc and /proc/sys filesystems Remounting /sys directory Disable /sys/firmware Disable /sys/hypervisor Disable /sys/power Disable /sys/kernel/debug Disable /sys/kernel/vmcoreinfo Disable /proc/sys/fs/binfmt_misc Disable /proc/sys/kernel/core_pattern Disable /proc/sys/kernel/modprobe Disable /proc/sysrq-trigger Disable /proc/sys/vm/panic_on_oom Disable /proc/irq Disable /proc/bus Disable /proc/config.gz Disable /proc/sched_debug Disable /proc/timer_list Disable /proc/kallsyms Disable /lib/modules Disable /boot Disable /dev/port Disable /run/user/1000/gnupg Disable /run/user/1000/systemd Disable /dev/kmsg Disable /proc/kmsg Disable /home/user/.bash_history Disable /etc/X11/Xsession.d Disable /etc/xdg/autostart Disable /home/user/.config/kscreenlockerrc Mounting read-only /home/user/.cache/ksycoca5_en_DUcAY8MHK9CqUalxnSyf45tD93g= Mounting read-only /home/user/.config/knotifyrc Mounting read-only /home/user/.config/kdeglobals Mounting read-only /home/user/.config/kio_httprc Mounting read-only /home/user/.local/share/konsole Disable /run/user/1000/kdeinit5__0 Disable /var/lib/systemd Disable /var/cache/apt Disable /var/lib/apt Disable /var/mail Disable /var/opt Disable /var/spool/cron Disable /var/mail (requested /var/spool/mail) Disable /etc/cron.hourly Disable /etc/cron.monthly Disable /etc/cron.weekly Disable /etc/cron.d Disable /etc/cron.daily Disable /etc/crontab Disable /etc/profile.d Disable /etc/rc.local Disable /etc/rc1.d Disable /etc/rc0.d Disable /etc/rcS.d Disable /etc/rc5.d Disable /etc/rc4.d Disable /etc/rc2.d Disable /etc/rc3.d Disable /etc/rc6.d Disable /etc/kernel Disable /etc/apparmor.d Disable /etc/apparmor Disable /etc/selinux Disable /etc/modules Disable /etc/modules-load.d Disable /etc/logrotate.conf Disable /etc/logrotate.d Disable /etc/adduser.conf Mounting read-only /home/user/.bash_logout Mounting read-only /home/user/.bashrc.whonix Mounting read-only /home/user/.profile Mounting read-only /home/user/.nano Disable /home/user/.local/share/Trash Disable /home/user/.gnupg Disable /home/user/.pki Disable /etc/group- Disable /etc/gshadow Disable /etc/gshadow- Disable /etc/passwd- Disable /etc/shadow Disable /etc/shadow- Disable /sbin Disable /usr/local/sbin Disable /usr/sbin Disable /usr/bin/chage Disable /usr/bin/chfn Disable /usr/bin/chsh Disable /usr/bin/crontab Disable /usr/bin/expiry Disable /bin/fusermount Disable /usr/bin/gpasswd Disable /bin/mount Disable /usr/bin/newgrp Disable /bin/ntfs-3g Disable /usr/bin/pkexec Disable /usr/bin/newgrp (requested /usr/bin/sg) Disable /usr/bin/strace Disable /bin/su Disable /usr/bin/sudo Disable /bin/umount Disable /usr/bin/xev Mounting noexec /tmp/.X11-unix Disable /home/user/.config/KeePass Disable /home/user/.config/keepassx Disable /home/user/.config/baloofilerc Disable /home/user/.config/dolphinrc Disable /home/user/.config/emaildefaults Disable /home/user/.config/enchant Disable /home/user/.config/hexchat Disable /home/user/.config/katepartrc Disable /home/user/.config/katevirc Disable /home/user/.config/kwriterc Disable /home/user/.config/org.kde.gwenviewrc Disable /home/user/.config/torbrowser Disable /home/user/.config/vlc Disable /home/user/.local/share/baloo Disable /home/user/.local/share/dolphin Disable /home/user/.local/share/kwrite Disable /home/user/.local/share/meld Disable /home/user/.local/share/org.kde.gwenview Disable /home/user/.local/share/torbrowser Disable /home/user/.local/share/vlc Disable /home/user/.mozilla Disable /home/user/.thunderbird Disable /home/user/.cache/mozilla Disable /home/user/.cache/thunderbird Disable /sys/fs Disable /sys/module 1154 1034 0:91 /pulse /home/user/.config/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755 fsname=/pulse dir=/home/user/.config/pulse fstype=tmpfs Current directory: /home/user DISPLAY=:0 parsed as 0 Dropping all capabilities Install protocol filter: unix,inet,inet6 configuring 14 seccomp entries in /run/firejail/mnt/seccomp.protocol sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp.protocol (null) Dropping all capabilities Drop privileges: pid 3, uid 1000, gid 1000, nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 15 01 00 00000029 jeq socket 0006 (false 0005) 0005: 06 00 00 7fff0000 ret ALLOW 0006: 20 00 00 00000010 ld data.args[0] 0007: 15 00 01 00000001 jeq 1 0008 (false 0009) 0008: 06 00 00 7fff0000 ret ALLOW 0009: 15 00 01 00000002 jeq 2 000a (false 000b) 000a: 06 00 00 7fff0000 ret ALLOW 000b: 15 00 01 0000000a jeq a 000c (false 000d) 000c: 06 00 00 7fff0000 ret ALLOW 000d: 06 00 00 0005005f ret ERRNO(95) configuring 54 seccomp entries in /run/firejail/mnt/seccomp.32 sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp.32 (null) Dropping all capabilities Drop privileges: pid 4, uid 1000, gid 1000, nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 40000003 jeq ARCH_32 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 15 30 00 00000015 jeq 15 0035 (false 0005) 0005: 15 2f 00 00000034 jeq 34 0035 (false 0006) 0006: 15 2e 00 0000001a jeq 1a 0035 (false 0007) 0007: 15 2d 00 0000011b jeq 11b 0035 (false 0008) 0008: 15 2c 00 00000155 jeq 155 0035 (false 0009) 0009: 15 2b 00 00000156 jeq 156 0035 (false 000a) 000a: 15 2a 00 0000007f jeq 7f 0035 (false 000b) 000b: 15 29 00 00000080 jeq 80 0035 (false 000c) 000c: 15 28 00 0000015e jeq 15e 0035 (false 000d) 000d: 15 27 00 00000081 jeq 81 0035 (false 000e) 000e: 15 26 00 0000006e jeq 6e 0035 (false 000f) 000f: 15 25 00 00000065 jeq 65 0035 (false 0010) 0010: 15 24 00 00000121 jeq 121 0035 (false 0011) 0011: 15 23 00 00000057 jeq 57 0035 (false 0012) 0012: 15 22 00 00000073 jeq 73 0035 (false 0013) 0013: 15 21 00 00000067 jeq 67 0035 (false 0014) 0014: 15 20 00 0000015b jeq 15b 0035 (false 0015) 0015: 15 1f 00 0000015c jeq 15c 0035 (false 0016) 0016: 15 1e 00 00000087 jeq 87 0035 (false 0017) 0017: 15 1d 00 00000095 jeq 95 0035 (false 0018) 0018: 15 1c 00 0000007c jeq 7c 0035 (false 0019) 0019: 15 1b 00 00000157 jeq 157 0035 (false 001a) 001a: 15 1a 00 000000fd jeq fd 0035 (false 001b) 001b: 15 19 00 00000150 jeq 150 0035 (false 001c) 001c: 15 18 00 00000152 jeq 152 0035 (false 001d) 001d: 15 17 00 0000015d jeq 15d 0035 (false 001e) 001e: 15 16 00 0000011e jeq 11e 0035 (false 001f) 001f: 15 15 00 0000011f jeq 11f 0035 (false 0020) 0020: 15 14 00 00000120 jeq 120 0035 (false 0021) 0021: 15 13 00 00000056 jeq 56 0035 (false 0022) 0022: 15 12 00 00000033 jeq 33 0035 (false 0023) 0023: 15 11 00 0000007b jeq 7b 0035 (false 0024) 0024: 15 10 00 000000d9 jeq d9 0035 (false 0025) 0025: 15 0f 00 000000f5 jeq f5 0035 (false 0026) 0026: 15 0e 00 000000f6 jeq f6 0035 (false 0027) 0027: 15 0d 00 000000f7 jeq f7 0035 (false 0028) 0028: 15 0c 00 000000f8 jeq f8 0035 (false 0029) 0029: 15 0b 00 000000f9 jeq f9 0035 (false 002a) 002a: 15 0a 00 00000101 jeq 101 0035 (false 002b) 002b: 15 09 00 00000112 jeq 112 0035 (false 002c) 002c: 15 08 00 00000114 jeq 114 0035 (false 002d) 002d: 15 07 00 00000126 jeq 126 0035 (false 002e) 002e: 15 06 00 0000013d jeq 13d 0035 (false 002f) 002f: 15 05 00 0000013c jeq 13c 0035 (false 0030) 0030: 15 04 00 0000003d jeq 3d 0035 (false 0031) 0031: 15 03 00 00000058 jeq 58 0035 (false 0032) 0032: 15 02 00 000000a9 jeq a9 0035 (false 0033) 0033: 15 01 00 00000082 jeq 82 0035 (false 0034) 0034: 06 00 00 7fff0000 ret ALLOW 0035: 06 00 00 00000000 ret KILL Dual 32/64 bit seccomp filter configured configuring 74 seccomp entries in /run/firejail/mnt/seccomp sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp (null) Dropping all capabilities Drop privileges: pid 5, uid 1000, gid 1000, nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005) 0005: 35 01 00 00000000 jge read 0007 (false 0006) 0006: 06 00 00 00050001 ret ERRNO(1) 0007: 15 41 00 0000009a jeq modify_ldt 0049 (false 0008) 0008: 15 40 00 000000d4 jeq lookup_dcookie 0049 (false 0009) 0009: 15 3f 00 0000012a jeq perf_event_open 0049 (false 000a) 000a: 15 3e 00 00000137 jeq process_vm_writev 0049 (false 000b) 000b: 15 3d 00 0000009c jeq _sysctl 0049 (false 000c) 000c: 15 3c 00 000000b7 jeq afs_syscall 0049 (false 000d) 000d: 15 3b 00 000000ae jeq create_module 0049 (false 000e) 000e: 15 3a 00 000000b1 jeq get_kernel_syms 0049 (false 000f) 000f: 15 39 00 000000b5 jeq getpmsg 0049 (false 0010) 0010: 15 38 00 000000b6 jeq putpmsg 0049 (false 0011) 0011: 15 37 00 000000b2 jeq query_module 0049 (false 0012) 0012: 15 36 00 000000b9 jeq security 0049 (false 0013) 0013: 15 35 00 0000008b jeq sysfs 0049 (false 0014) 0014: 15 34 00 000000b8 jeq tuxcall 0049 (false 0015) 0015: 15 33 00 00000086 jeq uselib 0049 (false 0016) 0016: 15 32 00 00000088 jeq ustat 0049 (false 0017) 0017: 15 31 00 000000ec jeq vserver 0049 (false 0018) 0018: 15 30 00 0000009f jeq adjtimex 0049 (false 0019) 0019: 15 2f 00 00000131 jeq clock_adjtime 0049 (false 001a) 001a: 15 2e 00 000000e3 jeq clock_settime 0049 (false 001b) 001b: 15 2d 00 000000a4 jeq settimeofday 0049 (false 001c) 001c: 15 2c 00 000000b0 jeq delete_module 0049 (false 001d) 001d: 15 2b 00 00000139 jeq finit_module 0049 (false 001e) 001e: 15 2a 00 000000af jeq init_module 0049 (false 001f) 001f: 15 29 00 000000ad jeq ioperm 0049 (false 0020) 0020: 15 28 00 000000ac jeq iopl 0049 (false 0021) 0021: 15 27 00 000000f6 jeq kexec_load 0049 (false 0022) 0022: 15 26 00 00000140 jeq kexec_file_load 0049 (false 0023) 0023: 15 25 00 000000a9 jeq reboot 0049 (false 0024) 0024: 15 24 00 000000a7 jeq swapon 0049 (false 0025) 0025: 15 23 00 000000a8 jeq swapoff 0049 (false 0026) 0026: 15 22 00 000000a3 jeq acct 0049 (false 0027) 0027: 15 21 00 00000141 jeq bpf 0049 (false 0028) 0028: 15 20 00 000000a1 jeq chroot 0049 (false 0029) 0029: 15 1f 00 000000a5 jeq mount 0049 (false 002a) 002a: 15 1e 00 000000b4 jeq nfsservctl 0049 (false 002b) 002b: 15 1d 00 0000009b jeq pivot_root 0049 (false 002c) 002c: 15 1c 00 000000ab jeq setdomainname 0049 (false 002d) 002d: 15 1b 00 000000aa jeq sethostname 0049 (false 002e) 002e: 15 1a 00 000000a6 jeq umount2 0049 (false 002f) 002f: 15 19 00 00000099 jeq vhangup 0049 (false 0030) 0030: 15 18 00 000000ee jeq set_mempolicy 0049 (false 0031) 0031: 15 17 00 00000100 jeq migrate_pages 0049 (false 0032) 0032: 15 16 00 00000117 jeq move_pages 0049 (false 0033) 0033: 15 15 00 000000ed jeq mbind 0049 (false 0034) 0034: 15 14 00 00000130 jeq open_by_handle_at 0049 (false 0035) 0035: 15 13 00 0000012f jeq name_to_handle_at 0049 (false 0036) 0036: 15 12 00 000000fb jeq ioprio_set 0049 (false 0037) 0037: 15 11 00 00000067 jeq syslog 0049 (false 0038) 0038: 15 10 00 0000012c jeq fanotify_init 0049 (false 0039) 0039: 15 0f 00 00000138 jeq kcmp 0049 (false 003a) 003a: 15 0e 00 000000f8 jeq add_key 0049 (false 003b) 003b: 15 0d 00 000000f9 jeq request_key 0049 (false 003c) 003c: 15 0c 00 000000fa jeq keyctl 0049 (false 003d) 003d: 15 0b 00 000000ce jeq io_setup 0049 (false 003e) 003e: 15 0a 00 000000cf jeq io_destroy 0049 (false 003f) 003f: 15 09 00 000000d0 jeq io_getevents 0049 (false 0040) 0040: 15 08 00 000000d1 jeq io_submit 0049 (false 0041) 0041: 15 07 00 000000d2 jeq io_cancel 0049 (false 0042) 0042: 15 06 00 000000d8 jeq remap_file_pages 0049 (false 0043) 0043: 15 05 00 00000116 jeq vmsplice 0049 (false 0044) 0044: 15 04 00 00000143 jeq userfaultfd 0049 (false 0045) 0045: 15 03 00 00000065 jeq ptrace 0049 (false 0046) 0046: 15 02 00 00000087 jeq personality 0049 (false 0047) 0047: 15 01 00 00000136 jeq process_vm_readv 0049 (false 0048) 0048: 06 00 00 7fff0000 ret ALLOW 0049: 06 00 01 00000000 ret KILL seccomp filter configured noroot user namespace installed Dropping all capabilities NO_NEW_PRIVS set Drop privileges: pid 1, uid 1000, gid 1000, nogroups 0 Supplementary groups: 29 starting application LD_PRELOAD=(null) Running 'torbrowser' command through /bin/bash execvp argument 0: /bin/bash execvp argument 1: -c execvp argument 2: 'torbrowser' Child process initialized in 35.20 ms Installing /run/firejail/mnt/seccomp seccomp filter Installing /run/firejail/mnt/seccomp.32 seccomp filter Installing /run/firejail/mnt/seccomp.protocol seccomp filter monitoring pid 6 Sandbox monitor: waitpid 6 retval 6 status 0 Sandbox monitor: monitoring 40 monitoring pid 40 Sandbox monitor: waitpid 40 retval 40 status 0 Parent is shutting down, bye... user@host:~$ ``` Thanks!

gitea-mirror closed this issue 2026-05-05 08:06:37 -06:00

gitea-mirror commented 2026-05-05 08:06:39 -06:00

Author

Owner

Copy link

@SkewedZeppelin commented on GitHub (Oct 4, 2018):

try
firejail --profile=/etc/firejail/torbrowser-launcher.profile torbrowser

<!-- gh-comment-id:427102550 --> @SkewedZeppelin commented on GitHub (Oct 4, 2018): try `firejail --profile=/etc/firejail/torbrowser-launcher.profile torbrowser`

gitea-mirror commented 2026-05-05 08:06:39 -06:00

Author

Owner

Copy link

@Nurmagoz commented on GitHub (Oct 4, 2018):

try
firejail --profile=/etc/firejail/torbrowser-launcher.profile torbrowser

the output is:

user@host:~$  firejail --profile=/etc/firejail/torbrowser-launcher.profile torbrowser
Reading profile /etc/firejail/torbrowser-launcher.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 9440, child pid 9441
Warning: skipping pki for private /etc
Warning: skipping crypto-policies for private /etc
Warning: skipping alsa for private /etc
Warning: skipping asound.conf for private /etc
Private /etc installed in 48.12 ms
34 programs installed in 55.45 ms
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Warning: cleaning all supplementary groups
Post-exec seccomp protector enabled
Seccomp list in: @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice, check list: @default-keep, prelist: adjtimex,clock_adjtime,clock_settime,settimeofday,modify_ldt,lookup_dcookie,perf_event_open,process_vm_writev,delete_module,finit_module,init_module,_sysctl,afs_syscall,create_module,get_kernel_syms,getpmsg,putpmsg,query_module,security,sysfs,tuxcall,uselib,ustat,vserver,ioperm,iopl,kexec_load,kexec_file_load,reboot,set_mempolicy,migrate_pages,move_pages,mbind,swapon,swapoff,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount2,userfaultfd,vhangup,vmsplice,                    
Child process initialized in 132.93 ms
Error: no suitable torbrowser executable found

Parent is shutting down, bye...
user@host:~$ 

well i even tried the same version of FireJail with plain Debian + TBB 8.0.2 and also didnt work:

user@debian:~$ firejail --debug torbrowser-launcher 
Autoselecting /bin/bash as shell
Building quoted command line: 'torbrowser-launcher' 
Command name #torbrowser-launcher#
Found torbrowser-launcher profile in /etc/firejail directory
Reading profile /etc/firejail/torbrowser-launcher.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
DISPLAY=:0 parsed as 0
Using the local network stack
Parent pid 3001, child pid 3002
Initializing child process
Host network configured
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp.postexec file
Build protocol filter: unix,inet,inet6
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fseccomp protocol build unix,inet,inet6 /run/firejail/mnt/seccomp.protocol (null) 
Dropping all capabilities
Drop privileges: pid 2, uid 1000, gid 1000, nogroups 1
No supplementary groups
Mounting read-only /bin, /sbin, /lib, /lib32, /lib64, /usr, /etc, /var
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Mounting tmpfs on /var/lib/dhcp
Mounting tmpfs on /var/lib/sudo
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/x11
Mounting tmpfs on /dev
mounting /run/firejail/mnt/dev/snd directory
Process /dev/shm directory
Copying files in the new /etc directory:
copying /etc/fonts to private /etc
Creating empty /run/firejail/mnt/etc/fonts directory
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /etc/fonts /run/firejail/mnt/etc/fonts (null) 
Warning: file /etc/hostname not found.
Warning: skipping hostname for private /etc
copying /etc/hosts to private /etc
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /etc/hosts /run/firejail/mnt/etc (null) 
copying /etc/resolv.conf to private /etc
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /etc/resolv.conf /run/firejail/mnt/etc (null) 
Warning: file /etc/pki not found.
Warning: skipping pki for private /etc
copying /etc/ssl to private /etc
Creating empty /run/firejail/mnt/etc/ssl directory
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /etc/ssl /run/firejail/mnt/etc/ssl (null) 
copying /etc/ca-certificates to private /etc
Creating empty /run/firejail/mnt/etc/ca-certificates directory
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /etc/ca-certificates /run/firejail/mnt/etc/ca-certificates (null) 
Warning: file /etc/crypto-policies not found.
Warning: skipping crypto-policies for private /etc
Warning: file /etc/alsa not found.
Warning: skipping alsa for private /etc
Warning: file /etc/asound.conf not found.
Warning: skipping asound.conf for private /etc
copying /etc/pulse to private /etc
Creating empty /run/firejail/mnt/etc/pulse directory
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /etc/pulse /run/firejail/mnt/etc/pulse (null) 
copying /etc/machine-id to private /etc
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /etc/machine-id /run/firejail/mnt/etc (null) 
copying /etc/ld.so.cache to private /etc
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /etc/ld.so.cache /run/firejail/mnt/etc (null) 
Mount-bind /run/firejail/mnt/etc on top of /etc
Private /etc installed in 15.43 ms
Creating an empty /etc/ld.so.preload file
Copying files in the new bin directory
Checking /usr/local/bin/bash
Checking /usr/bin/bash
Checking /bin/bash
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /bin/bash /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/cp
Checking /usr/bin/cp
Checking /bin/cp
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /bin/cp /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/dirname
Checking /usr/bin/dirname
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /usr/bin/dirname /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/env
Checking /usr/bin/env
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /usr/bin/env /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/expr
Checking /usr/bin/expr
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /usr/bin/expr /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/file
Checking /usr/bin/file
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /usr/bin/file /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/getconf
Checking /usr/bin/getconf
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /usr/bin/getconf /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/gpg
Checking /usr/bin/gpg
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /usr/bin/gpg /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/grep
Checking /usr/bin/grep
Checking /bin/grep
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /bin/grep /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/id
Checking /usr/bin/id
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /usr/bin/id /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/ln
Checking /usr/bin/ln
Checking /bin/ln
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /bin/ln /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/mkdir
Checking /usr/bin/mkdir
Checking /bin/mkdir
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /bin/mkdir /run/firejail/mnt/bin (null) 
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /usr/bin/python3.5 /run/firejail/mnt/bin (null) 
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /usr/bin/python3.5 /run/firejail/mnt/bin (null) 
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /usr/bin/python3 /run/firejail/mnt/bin (null) 
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /usr/bin/python3.5m /run/firejail/mnt/bin (null) 
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /usr/bin/python3.5m /run/firejail/mnt/bin (null) 
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /usr/bin/python3m /run/firejail/mnt/bin (null) 
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /usr/bin/python2.7 /run/firejail/mnt/bin (null) 
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /usr/bin/python /run/firejail/mnt/bin (null) 
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /usr/bin/python2.7 /run/firejail/mnt/bin (null) 
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /usr/bin/python2.7 /run/firejail/mnt/bin (null) 
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /usr/bin/python2 /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/readlink
Checking /usr/bin/readlink
Checking /bin/readlink
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /bin/readlink /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/rm
Checking /usr/bin/rm
Checking /bin/rm
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /bin/rm /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/sed
Checking /usr/bin/sed
Checking /bin/sed
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /bin/sed /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/sh
Checking /usr/bin/sh
Checking /bin/sh
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /bin/dash /run/firejail/mnt/bin (null) 
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /bin/sh /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/tail
Checking /usr/bin/tail
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /usr/bin/tail /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/tclsh
Checking /usr/bin/tclsh
Checking /bin/tclsh
Checking /usr/games/tclsh
Checking /usr/local/games/tclsh
Checking /usr/local/sbin/tclsh
Checking /usr/sbin/tclsh
Checking /sbin/tclsh
Warning: file tclsh not found
Checking /usr/local/bin/test
Checking /usr/bin/test
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /usr/bin/test /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/tor-browser-en
Checking /usr/bin/tor-browser-en
Checking /bin/tor-browser-en
Checking /usr/games/tor-browser-en
Checking /usr/local/games/tor-browser-en
Checking /usr/local/sbin/tor-browser-en
Checking /usr/sbin/tor-browser-en
Checking /sbin/tor-browser-en
Warning: file tor-browser-en not found
Checking /usr/local/bin/torbrowser-launcher
Checking /usr/bin/torbrowser-launcher
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /usr/bin/torbrowser-launcher /run/firejail/mnt/bin (null) 
Mount-bind /run/firejail/mnt/bin on top of /usr/local/bin
Mount-bind /run/firejail/mnt/bin on top of /usr/bin
Mount-bind /run/firejail/mnt/bin on top of /bin
Mount-bind /run/firejail/mnt/bin on top of /usr/games
Mount-bind /run/firejail/mnt/bin on top of /usr/local/games
Mount-bind /run/firejail/mnt/bin on top of /usr/local/sbin
Mount-bind /run/firejail/mnt/bin on top of /usr/sbin
Mount-bind /run/firejail/mnt/bin on top of /sbin
31 programs installed in 41.73 ms
Remounting /proc and /proc/sys filesystems
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/config.gz
Disable /proc/sched_debug
Disable /proc/timer_list
Disable /proc/kallsyms
Disable /lib/modules
Disable /usr/lib/debug
Disable /boot
Disable /run/user/1000/gnupg
Disable /run/user/1000/systemd
Disable /proc/kmsg
Disable /mnt
Disable /media
Disable /run/mount
Debug 424: new_name #/home/user/.config/torbrowser#, whitelist
Debug 525: fname #/home/user/.config/torbrowser#, cfg.homedir #/home/user#
Replaced whitelist path: whitelist /home/user/.config/torbrowser
Debug 424: new_name #/home/user/.local/share/torbrowser#, whitelist
Debug 525: fname #/home/user/.local/share/torbrowser#, cfg.homedir #/home/user#
Replaced whitelist path: whitelist /home/user/.local/share/torbrowser
Debug 424: new_name #/home/user/.XCompose#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.XCompose
	expanded: /home/user/.XCompose
	real path: (null)
	realpath: No such file or directory
Debug 424: new_name #/home/user/.asoundrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.asoundrc
	expanded: /home/user/.asoundrc
	real path: (null)
	realpath: No such file or directory
Debug 424: new_name #/home/user/.config/ibus#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/ibus
	expanded: /home/user/.config/ibus
	real path: (null)
	realpath: No such file or directory
Debug 424: new_name #/home/user/.config/mimeapps.list#, whitelist
Debug 525: fname #/home/user/.config/mimeapps.list#, cfg.homedir #/home/user#
Replaced whitelist path: whitelist /home/user/.config/mimeapps.list
Debug 424: new_name #/home/user/.config/pkcs11#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/pkcs11
	expanded: /home/user/.config/pkcs11
	real path: (null)
	realpath: No such file or directory
Debug 424: new_name #/home/user/.config/user-dirs.dirs#, whitelist
Debug 525: fname #/home/user/.config/user-dirs.dirs#, cfg.homedir #/home/user#
Replaced whitelist path: whitelist /home/user/.config/user-dirs.dirs
Debug 424: new_name #/home/user/.drirc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.drirc
	expanded: /home/user/.drirc
	real path: (null)
	realpath: No such file or directory
Debug 424: new_name #/home/user/.icons#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.icons
	expanded: /home/user/.icons
	real path: (null)
	realpath: No such file or directory
Debug 424: new_name #/home/user/.local/share/applications#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/applications
	expanded: /home/user/.local/share/applications
	real path: (null)
	realpath: No such file or directory
Debug 424: new_name #/home/user/.local/share/icons#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/icons
	expanded: /home/user/.local/share/icons
	real path: (null)
	realpath: No such file or directory
Debug 424: new_name #/home/user/.local/share/mime#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/mime
	expanded: /home/user/.local/share/mime
	real path: (null)
	realpath: No such file or directory
Debug 424: new_name #/home/user/.mime.types#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.mime.types
	expanded: /home/user/.mime.types
	real path: (null)
	realpath: No such file or directory
Debug 424: new_name #/home/user/.cache/fontconfig#, whitelist
Debug 525: fname #/home/user/.cache/fontconfig#, cfg.homedir #/home/user#
Replaced whitelist path: whitelist /home/user/.cache/fontconfig
Debug 424: new_name #/home/user/.config/fontconfig#, whitelist
Debug 525: fname #/home/user/.config/fontconfig#, cfg.homedir #/home/user#
Replaced whitelist path: whitelist /home/user/.config/fontconfig
Debug 424: new_name #/home/user/.fontconfig#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fontconfig
	expanded: /home/user/.fontconfig
	real path: (null)
	realpath: No such file or directory
Debug 424: new_name #/home/user/.fonts#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts
	expanded: /home/user/.fonts
	real path: (null)
	realpath: No such file or directory
Debug 424: new_name #/home/user/.fonts.conf#, whitelist
Debug 525: fname #/home/user/.config/fontconfig/fonts.conf#, cfg.homedir #/home/user#
Replaced whitelist path: whitelist /home/user/.config/fontconfig/fonts.conf
Debug 424: new_name #/home/user/.fonts.conf.d#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf.d
	expanded: /home/user/.fonts.conf.d
	real path: (null)
	realpath: No such file or directory
Debug 424: new_name #/home/user/.fonts.d#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.d
	expanded: /home/user/.fonts.d
	real path: (null)
	realpath: No such file or directory
Debug 424: new_name #/home/user/.local/share/fonts#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/fonts
	expanded: /home/user/.local/share/fonts
	real path: (null)
	realpath: No such file or directory
Debug 424: new_name #/home/user/.pangorc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.pangorc
	expanded: /home/user/.pangorc
	real path: (null)
	realpath: No such file or directory
Debug 424: new_name #/home/user/.config/gtk-2.0#, whitelist
Debug 525: fname #/home/user/.config/gtk-2.0#, cfg.homedir #/home/user#
Replaced whitelist path: whitelist /home/user/.config/gtk-2.0
Debug 424: new_name #/home/user/.config/gtk-3.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtk-3.0
	expanded: /home/user/.config/gtk-3.0
	real path: (null)
	realpath: No such file or directory
Debug 424: new_name #/home/user/.config/gtkrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc
	expanded: /home/user/.config/gtkrc
	real path: (null)
	realpath: No such file or directory
Debug 424: new_name #/home/user/.config/gtkrc-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc-2.0
	expanded: /home/user/.config/gtkrc-2.0
	real path: (null)
	realpath: No such file or directory
Debug 424: new_name #/home/user/.gnome2#, whitelist
Debug 525: fname #/home/user/.gnome2#, cfg.homedir #/home/user#
Replaced whitelist path: whitelist /home/user/.gnome2
Debug 424: new_name #/home/user/.gnome2-private#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2-private
	expanded: /home/user/.gnome2-private
	real path: (null)
	realpath: No such file or directory
Debug 424: new_name #/home/user/.gtk-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtk-2.0
	expanded: /home/user/.gtk-2.0
	real path: (null)
	realpath: No such file or directory
Debug 424: new_name #/home/user/.gtkrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtkrc
	expanded: /home/user/.gtkrc
	real path: (null)
	realpath: No such file or directory
Debug 424: new_name #/home/user/.gtkrc-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtkrc-2.0
	expanded: /home/user/.gtkrc-2.0
	real path: (null)
	realpath: No such file or directory
Debug 424: new_name #/home/user/.kde/share/config/gtkrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc
	expanded: /home/user/.kde/share/config/gtkrc
	real path: (null)
	realpath: No such file or directory
Debug 424: new_name #/home/user/.kde/share/config/gtkrc-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc-2.0
	expanded: /home/user/.kde/share/config/gtkrc-2.0
	real path: (null)
	realpath: No such file or directory
Debug 424: new_name #/home/user/.kde4/share/config/gtkrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc
	expanded: /home/user/.kde4/share/config/gtkrc
	real path: (null)
	realpath: No such file or directory
Debug 424: new_name #/home/user/.kde4/share/config/gtkrc-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc-2.0
	expanded: /home/user/.kde4/share/config/gtkrc-2.0
	real path: (null)
	realpath: No such file or directory
Debug 424: new_name #/home/user/.local/share/themes#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/themes
	expanded: /home/user/.local/share/themes
	real path: (null)
	realpath: No such file or directory
Debug 424: new_name #/home/user/.themes#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.themes
	expanded: /home/user/.themes
	real path: (null)
	realpath: No such file or directory
Debug 424: new_name #/home/user/.config/dconf#, whitelist
Debug 525: fname #/home/user/.config/dconf#, cfg.homedir #/home/user#
Replaced whitelist path: whitelist /home/user/.config/dconf
Debug 424: new_name #/home/user/.config/Kvantum#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/Kvantum
	expanded: /home/user/.config/Kvantum
	real path: (null)
	realpath: No such file or directory
Debug 424: new_name #/home/user/.config/Trolltech.conf#, whitelist
Debug 525: fname #/home/user/.config/Trolltech.conf#, cfg.homedir #/home/user#
Replaced whitelist path: whitelist /home/user/.config/Trolltech.conf
Debug 424: new_name #/home/user/.config/kdeglobals#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kdeglobals
	expanded: /home/user/.config/kdeglobals
	real path: (null)
	realpath: No such file or directory
Debug 424: new_name #/home/user/.config/kio_httprc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kio_httprc
	expanded: /home/user/.config/kio_httprc
	real path: (null)
	realpath: No such file or directory
Debug 424: new_name #/home/user/.config/kioslaverc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kioslaverc
	expanded: /home/user/.config/kioslaverc
	real path: (null)
	realpath: No such file or directory
Debug 424: new_name #/home/user/.config/ksslcablacklist#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/ksslcablacklist
	expanded: /home/user/.config/ksslcablacklist
	real path: (null)
	realpath: No such file or directory
Debug 424: new_name #/home/user/.config/qt5ct#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/qt5ct
	expanded: /home/user/.config/qt5ct
	real path: (null)
	realpath: No such file or directory
Debug 424: new_name #/home/user/.kde/share/config/kdeglobals#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kdeglobals
	expanded: /home/user/.kde/share/config/kdeglobals
	real path: (null)
	realpath: No such file or directory
Debug 424: new_name #/home/user/.kde/share/config/kio_httprc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kio_httprc
	expanded: /home/user/.kde/share/config/kio_httprc
	real path: (null)
	realpath: No such file or directory
Debug 424: new_name #/home/user/.kde/share/config/kioslaverc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kioslaverc
	expanded: /home/user/.kde/share/config/kioslaverc
	real path: (null)
	realpath: No such file or directory
Debug 424: new_name #/home/user/.kde/share/config/ksslcablacklist#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/ksslcablacklist
	expanded: /home/user/.kde/share/config/ksslcablacklist
	real path: (null)
	realpath: No such file or directory
Debug 424: new_name #/home/user/.kde/share/config/oxygenrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/oxygenrc
	expanded: /home/user/.kde/share/config/oxygenrc
	real path: (null)
	realpath: No such file or directory
Debug 424: new_name #/home/user/.kde/share/icons#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/icons
	expanded: /home/user/.kde/share/icons
	real path: (null)
	realpath: No such file or directory
Debug 424: new_name #/home/user/.kde4/share/config/kdeglobals#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kdeglobals
	expanded: /home/user/.kde4/share/config/kdeglobals
	real path: (null)
	realpath: No such file or directory
Debug 424: new_name #/home/user/.kde4/share/config/kio_httprc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kio_httprc
	expanded: /home/user/.kde4/share/config/kio_httprc
	real path: (null)
	realpath: No such file or directory
Debug 424: new_name #/home/user/.kde4/share/config/kioslaverc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kioslaverc
	expanded: /home/user/.kde4/share/config/kioslaverc
	real path: (null)
	realpath: No such file or directory
Debug 424: new_name #/home/user/.kde4/share/config/ksslcablacklist#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/ksslcablacklist
	expanded: /home/user/.kde4/share/config/ksslcablacklist
	real path: (null)
	realpath: No such file or directory
Debug 424: new_name #/home/user/.kde4/share/config/oxygenrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/oxygenrc
	expanded: /home/user/.kde4/share/config/oxygenrc
	real path: (null)
	realpath: No such file or directory
Debug 424: new_name #/home/user/.kde4/share/icons#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/icons
	expanded: /home/user/.kde4/share/icons
	real path: (null)
	realpath: No such file or directory
Debug 424: new_name #/home/user/.local/share/qt5ct#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/qt5ct
	expanded: /home/user/.local/share/qt5ct
	real path: (null)
	realpath: No such file or directory
Debug 424: new_name #/home/user/.cache/kioexec/krun#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.cache/kioexec/krun
	expanded: /home/user/.cache/kioexec/krun
	real path: (null)
	realpath: No such file or directory
Debug 424: new_name #/var/lib/dbus#, whitelist
Debug 424: new_name #/var/lib/menu-xdg#, whitelist
Removed whitelist/nowhitelist path: whitelist /var/lib/menu-xdg
	expanded: /var/lib/menu-xdg
	real path: (null)
	realpath: No such file or directory
Debug 424: new_name #/var/cache/fontconfig#, whitelist
Debug 424: new_name #/var/tmp#, whitelist
Debug 424: new_name #/var/run#, whitelist
Replaced whitelist path: whitelist /run
Debug 424: new_name #/var/lock#, whitelist
Replaced whitelist path: whitelist /run/lock
Debug 424: new_name #/tmp/.X11-unix#, whitelist
Mounting a new /home directory
Mounting a new /root directory
Create a new user directory
Mounting tmpfs on /tmp directory
Mounting tmpfs on /var directory
Whitelisting /home/user/.config/torbrowser
592 581 202:16 /home/user/.config/torbrowser /home/user/.config/torbrowser rw,relatime master:30 - ext4 /dev/xvdb rw,discard,data=ordered
fsname=/home/user/.config/torbrowser dir=/home/user/.config/torbrowser fstype=ext4
Whitelisting /home/user/.local/share/torbrowser
593 581 202:16 /home/user/.local/share/torbrowser /home/user/.local/share/torbrowser rw,relatime master:30 - ext4 /dev/xvdb rw,discard,data=ordered
fsname=/home/user/.local/share/torbrowser dir=/home/user/.local/share/torbrowser fstype=ext4
Whitelisting /home/user/.config/mimeapps.list
594 581 202:16 /home/user/.config/mimeapps.list /home/user/.config/mimeapps.list rw,relatime master:30 - ext4 /dev/xvdb rw,discard,data=ordered
fsname=/home/user/.config/mimeapps.list dir=/home/user/.config/mimeapps.list fstype=ext4
Whitelisting /home/user/.config/user-dirs.dirs
595 581 202:16 /home/user/.config/user-dirs.dirs /home/user/.config/user-dirs.dirs rw,relatime master:30 - ext4 /dev/xvdb rw,discard,data=ordered
fsname=/home/user/.config/user-dirs.dirs dir=/home/user/.config/user-dirs.dirs fstype=ext4
Whitelisting /home/user/.cache/fontconfig
596 581 202:16 /home/user/.cache/fontconfig /home/user/.cache/fontconfig rw,relatime master:30 - ext4 /dev/xvdb rw,discard,data=ordered
fsname=/home/user/.cache/fontconfig dir=/home/user/.cache/fontconfig fstype=ext4
Whitelisting /home/user/.config/fontconfig
597 581 202:16 /home/user/.config/fontconfig /home/user/.config/fontconfig rw,relatime master:30 - ext4 /dev/xvdb rw,discard,data=ordered
fsname=/home/user/.config/fontconfig dir=/home/user/.config/fontconfig fstype=ext4
Whitelisting /home/user/.config/fontconfig/fonts.conf
Created symbolic link /home/user/.fonts.conf -> /home/user/.config/fontconfig/fonts.conf
Whitelisting /home/user/.config/gtk-2.0
598 581 202:16 /home/user/.config/gtk-2.0 /home/user/.config/gtk-2.0 rw,relatime master:30 - ext4 /dev/xvdb rw,discard,data=ordered
fsname=/home/user/.config/gtk-2.0 dir=/home/user/.config/gtk-2.0 fstype=ext4
Whitelisting /home/user/.gnome2
599 581 202:16 /home/user/.gnome2 /home/user/.gnome2 rw,relatime master:30 - ext4 /dev/xvdb rw,discard,data=ordered
fsname=/home/user/.gnome2 dir=/home/user/.gnome2 fstype=ext4
Whitelisting /home/user/.config/dconf
600 581 202:16 /home/user/.config/dconf /home/user/.config/dconf rw,relatime master:30 - ext4 /dev/xvdb rw,discard,data=ordered
fsname=/home/user/.config/dconf dir=/home/user/.config/dconf fstype=ext4
Whitelisting /home/user/.config/Trolltech.conf
601 581 202:16 /home/user/.config/Trolltech.conf /home/user/.config/Trolltech.conf rw,relatime master:30 - ext4 /dev/xvdb rw,discard,data=ordered
fsname=/home/user/.config/Trolltech.conf dir=/home/user/.config/Trolltech.conf fstype=ext4
Whitelisting /var/lib/dbus
602 591 202:3 /var/lib/dbus /var/lib/dbus ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/xvda3 rw,discard,data=ordered
fsname=/var/lib/dbus dir=/var/lib/dbus fstype=ext4
Whitelisting /var/cache/fontconfig
603 591 202:3 /var/cache/fontconfig /var/cache/fontconfig ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/xvda3 rw,discard,data=ordered
fsname=/var/cache/fontconfig dir=/var/cache/fontconfig fstype=ext4
Whitelisting /var/tmp
604 591 0:67 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw
fsname=/ dir=/var/tmp fstype=tmpfs
Created symbolic link /var/run -> /run
Whitelisting /run/lock
605 533 0:66 / /run/lock rw,nosuid,nodev,noexec - tmpfs tmpfs rw
fsname=/ dir=/run/lock fstype=tmpfs
Created symbolic link /var/lock -> /run/lock
Whitelisting /tmp/.X11-unix
606 584 202:3 /tmp/.X11-unix /tmp/.X11-unix rw,noatime master:1 - ext4 /dev/xvda3 rw,discard,data=ordered
fsname=/tmp/.X11-unix dir=/tmp/.X11-unix fstype=ext4
Disable /run/minissdpd.sock (requested /var/run/minissdpd.sock)
Disable /sbin
Disable /usr/local/sbin
Disable /usr/sbin
Mounting noexec /tmp/.X11-unix
Disable /usr/include
Disable /usr/lib/valgrind
Disable /usr/share/java
Disable /usr/lib/perl5
Disable /usr/share/perl-openssl-defaults
Disable /usr/share/perl5
Disable /usr/share/perl
Not blacklist /usr/local/bin/python2
Not blacklist /usr/local/bin/python2.7
Not blacklist /usr/bin/python2
Not blacklist /usr/bin/python2.7
Not blacklist /bin/python2
Not blacklist /bin/python2.7
Not blacklist /usr/local/games/python2
Not blacklist /usr/local/games/python2.7
Not blacklist /usr/games/python2
Not blacklist /usr/games/python2.7
Not blacklist /usr/lib/python2.7
Disable /usr/local/lib/python2.7
Not blacklist /usr/local/bin/python3m
Not blacklist /usr/local/bin/python3.5m
Not blacklist /usr/local/bin/python3
Not blacklist /usr/local/bin/python3.5
Not blacklist /usr/bin/python3m
Not blacklist /usr/bin/python3.5m
Not blacklist /usr/bin/python3
Not blacklist /usr/bin/python3.5
Not blacklist /bin/python3m
Not blacklist /bin/python3.5m
Not blacklist /bin/python3
Not blacklist /bin/python3.5
Not blacklist /usr/local/games/python3m
Not blacklist /usr/local/games/python3.5m
Not blacklist /usr/local/games/python3
Not blacklist /usr/local/games/python3.5
Not blacklist /usr/games/python3m
Not blacklist /usr/games/python3.5m
Not blacklist /usr/games/python3
Not blacklist /usr/games/python3.5
Not blacklist /usr/lib/python3.5
Not blacklist /usr/lib/python3
Disable /usr/local/lib/python3.5
Disable /usr/share/python3
Not blacklist /home/user/.config/torbrowser
Not blacklist /home/user/.local/share/torbrowser
Mounting read-only /home/user/.config/user-dirs.dirs
Mounting noexec /tmp
Disable /sys/fs
Disable /sys/module
Drop privileges: pid 42, uid 1000, gid 1000, nogroups 0
Warning: cleaning all supplementary groups
631 581 0:65 /pulse /home/user/.config/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755
fsname=/pulse dir=/home/user/.config/pulse fstype=tmpfs
blacklist /dev/dvb
blacklist /dev/sr0
blacklist /dev/video0
blacklist /dev/video1
blacklist /dev/video2
blacklist /dev/video3
blacklist /dev/video4
blacklist /dev/video5
blacklist /dev/video6
blacklist /dev/video7
blacklist /dev/video8
blacklist /dev/video9
Create the new ld.so.preload file
Blacklist violations are logged to syslog
Mount the new ld.so.preload file
Current directory: /home/user
DISPLAY=:0 parsed as 0
Dropping all capabilities
Install protocol filter: unix,inet,inet6
configuring 14 seccomp entries in /run/firejail/mnt/seccomp.protocol
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp.protocol (null) 
Dropping all capabilities
Drop privileges: pid 43, uid 1000, gid 1000, nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 15 01 00 00000029   jeq socket 0006 (false 0005)
 0005: 06 00 00 7fff0000   ret ALLOW
 0006: 20 00 00 00000010   ld  data.args[0]
 0007: 15 00 01 00000001   jeq 1 0008 (false 0009)
 0008: 06 00 00 7fff0000   ret ALLOW
 0009: 15 00 01 00000002   jeq 2 000a (false 000b)
 000a: 06 00 00 7fff0000   ret ALLOW
 000b: 15 00 01 0000000a   jeq a 000c (false 000d)
 000c: 06 00 00 7fff0000   ret ALLOW
 000d: 06 00 00 0005005f   ret ERRNO(95)
configuring 54 seccomp entries in /run/firejail/mnt/seccomp.32
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp.32 (null) 
Dropping all capabilities
Drop privileges: pid 44, uid 1000, gid 1000, nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 40000003   jeq ARCH_32 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 15 30 00 00000015   jeq 15 0035 (false 0005)
 0005: 15 2f 00 00000034   jeq 34 0035 (false 0006)
 0006: 15 2e 00 0000001a   jeq 1a 0035 (false 0007)
 0007: 15 2d 00 0000011b   jeq 11b 0035 (false 0008)
 0008: 15 2c 00 00000155   jeq 155 0035 (false 0009)
 0009: 15 2b 00 00000156   jeq 156 0035 (false 000a)
 000a: 15 2a 00 0000007f   jeq 7f 0035 (false 000b)
 000b: 15 29 00 00000080   jeq 80 0035 (false 000c)
 000c: 15 28 00 0000015e   jeq 15e 0035 (false 000d)
 000d: 15 27 00 00000081   jeq 81 0035 (false 000e)
 000e: 15 26 00 0000006e   jeq 6e 0035 (false 000f)
 000f: 15 25 00 00000065   jeq 65 0035 (false 0010)
 0010: 15 24 00 00000121   jeq 121 0035 (false 0011)
 0011: 15 23 00 00000057   jeq 57 0035 (false 0012)
 0012: 15 22 00 00000073   jeq 73 0035 (false 0013)
 0013: 15 21 00 00000067   jeq 67 0035 (false 0014)
 0014: 15 20 00 0000015b   jeq 15b 0035 (false 0015)
 0015: 15 1f 00 0000015c   jeq 15c 0035 (false 0016)
 0016: 15 1e 00 00000087   jeq 87 0035 (false 0017)
 0017: 15 1d 00 00000095   jeq 95 0035 (false 0018)
 0018: 15 1c 00 0000007c   jeq 7c 0035 (false 0019)
 0019: 15 1b 00 00000157   jeq 157 0035 (false 001a)
 001a: 15 1a 00 000000fd   jeq fd 0035 (false 001b)
 001b: 15 19 00 00000150   jeq 150 0035 (false 001c)
 001c: 15 18 00 00000152   jeq 152 0035 (false 001d)
 001d: 15 17 00 0000015d   jeq 15d 0035 (false 001e)
 001e: 15 16 00 0000011e   jeq 11e 0035 (false 001f)
 001f: 15 15 00 0000011f   jeq 11f 0035 (false 0020)
 0020: 15 14 00 00000120   jeq 120 0035 (false 0021)
 0021: 15 13 00 00000056   jeq 56 0035 (false 0022)
 0022: 15 12 00 00000033   jeq 33 0035 (false 0023)
 0023: 15 11 00 0000007b   jeq 7b 0035 (false 0024)
 0024: 15 10 00 000000d9   jeq d9 0035 (false 0025)
 0025: 15 0f 00 000000f5   jeq f5 0035 (false 0026)
 0026: 15 0e 00 000000f6   jeq f6 0035 (false 0027)
 0027: 15 0d 00 000000f7   jeq f7 0035 (false 0028)
 0028: 15 0c 00 000000f8   jeq f8 0035 (false 0029)
 0029: 15 0b 00 000000f9   jeq f9 0035 (false 002a)
 002a: 15 0a 00 00000101   jeq 101 0035 (false 002b)
 002b: 15 09 00 00000112   jeq 112 0035 (false 002c)
 002c: 15 08 00 00000114   jeq 114 0035 (false 002d)
 002d: 15 07 00 00000126   jeq 126 0035 (false 002e)
 002e: 15 06 00 0000013d   jeq 13d 0035 (false 002f)
 002f: 15 05 00 0000013c   jeq 13c 0035 (false 0030)
 0030: 15 04 00 0000003d   jeq 3d 0035 (false 0031)
 0031: 15 03 00 00000058   jeq 58 0035 (false 0032)
 0032: 15 02 00 000000a9   jeq a9 0035 (false 0033)
 0033: 15 01 00 00000082   jeq 82 0035 (false 0034)
 0034: 06 00 00 7fff0000   ret ALLOW
 0035: 06 00 00 00000000   ret KILL
Dual 32/64 bit seccomp filter configured
configuring 74 seccomp entries in /run/firejail/mnt/seccomp
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp (null) 
Dropping all capabilities
Drop privileges: pid 45, uid 1000, gid 1000, nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 35 01 00 40000000   jge X32_ABI 0006 (false 0005)
 0005: 35 01 00 00000000   jge read 0007 (false 0006)
 0006: 06 00 00 00050001   ret ERRNO(1)
 0007: 15 41 00 0000009a   jeq modify_ldt 0049 (false 0008)
 0008: 15 40 00 000000d4   jeq lookup_dcookie 0049 (false 0009)
 0009: 15 3f 00 0000012a   jeq perf_event_open 0049 (false 000a)
 000a: 15 3e 00 00000137   jeq process_vm_writev 0049 (false 000b)
 000b: 15 3d 00 0000009c   jeq _sysctl 0049 (false 000c)
 000c: 15 3c 00 000000b7   jeq afs_syscall 0049 (false 000d)
 000d: 15 3b 00 000000ae   jeq create_module 0049 (false 000e)
 000e: 15 3a 00 000000b1   jeq get_kernel_syms 0049 (false 000f)
 000f: 15 39 00 000000b5   jeq getpmsg 0049 (false 0010)
 0010: 15 38 00 000000b6   jeq putpmsg 0049 (false 0011)
 0011: 15 37 00 000000b2   jeq query_module 0049 (false 0012)
 0012: 15 36 00 000000b9   jeq security 0049 (false 0013)
 0013: 15 35 00 0000008b   jeq sysfs 0049 (false 0014)
 0014: 15 34 00 000000b8   jeq tuxcall 0049 (false 0015)
 0015: 15 33 00 00000086   jeq uselib 0049 (false 0016)
 0016: 15 32 00 00000088   jeq ustat 0049 (false 0017)
 0017: 15 31 00 000000ec   jeq vserver 0049 (false 0018)
 0018: 15 30 00 0000009f   jeq adjtimex 0049 (false 0019)
 0019: 15 2f 00 00000131   jeq clock_adjtime 0049 (false 001a)
 001a: 15 2e 00 000000e3   jeq clock_settime 0049 (false 001b)
 001b: 15 2d 00 000000a4   jeq settimeofday 0049 (false 001c)
 001c: 15 2c 00 000000b0   jeq delete_module 0049 (false 001d)
 001d: 15 2b 00 00000139   jeq finit_module 0049 (false 001e)
 001e: 15 2a 00 000000af   jeq init_module 0049 (false 001f)
 001f: 15 29 00 000000ad   jeq ioperm 0049 (false 0020)
 0020: 15 28 00 000000ac   jeq iopl 0049 (false 0021)
 0021: 15 27 00 000000f6   jeq kexec_load 0049 (false 0022)
 0022: 15 26 00 00000140   jeq kexec_file_load 0049 (false 0023)
 0023: 15 25 00 000000a9   jeq reboot 0049 (false 0024)
 0024: 15 24 00 000000a7   jeq swapon 0049 (false 0025)
 0025: 15 23 00 000000a8   jeq swapoff 0049 (false 0026)
 0026: 15 22 00 000000a3   jeq acct 0049 (false 0027)
 0027: 15 21 00 00000141   jeq bpf 0049 (false 0028)
 0028: 15 20 00 000000a1   jeq chroot 0049 (false 0029)
 0029: 15 1f 00 000000a5   jeq mount 0049 (false 002a)
 002a: 15 1e 00 000000b4   jeq nfsservctl 0049 (false 002b)
 002b: 15 1d 00 0000009b   jeq pivot_root 0049 (false 002c)
 002c: 15 1c 00 000000ab   jeq setdomainname 0049 (false 002d)
 002d: 15 1b 00 000000aa   jeq sethostname 0049 (false 002e)
 002e: 15 1a 00 000000a6   jeq umount2 0049 (false 002f)
 002f: 15 19 00 00000099   jeq vhangup 0049 (false 0030)
 0030: 15 18 00 000000ee   jeq set_mempolicy 0049 (false 0031)
 0031: 15 17 00 00000100   jeq migrate_pages 0049 (false 0032)
 0032: 15 16 00 00000117   jeq move_pages 0049 (false 0033)
 0033: 15 15 00 000000ed   jeq mbind 0049 (false 0034)
 0034: 15 14 00 00000130   jeq open_by_handle_at 0049 (false 0035)
 0035: 15 13 00 0000012f   jeq name_to_handle_at 0049 (false 0036)
 0036: 15 12 00 000000fb   jeq ioprio_set 0049 (false 0037)
 0037: 15 11 00 00000067   jeq syslog 0049 (false 0038)
 0038: 15 10 00 0000012c   jeq fanotify_init 0049 (false 0039)
 0039: 15 0f 00 00000138   jeq kcmp 0049 (false 003a)
 003a: 15 0e 00 000000f8   jeq add_key 0049 (false 003b)
 003b: 15 0d 00 000000f9   jeq request_key 0049 (false 003c)
 003c: 15 0c 00 000000fa   jeq keyctl 0049 (false 003d)
 003d: 15 0b 00 000000ce   jeq io_setup 0049 (false 003e)
 003e: 15 0a 00 000000cf   jeq io_destroy 0049 (false 003f)
 003f: 15 09 00 000000d0   jeq io_getevents 0049 (false 0040)
 0040: 15 08 00 000000d1   jeq io_submit 0049 (false 0041)
 0041: 15 07 00 000000d2   jeq io_cancel 0049 (false 0042)
 0042: 15 06 00 000000d8   jeq remap_file_pages 0049 (false 0043)
 0043: 15 05 00 00000116   jeq vmsplice 0049 (false 0044)
 0044: 15 04 00 00000087   jeq personality 0049 (false 0045)
 0045: 15 03 00 00000143   jeq userfaultfd 0049 (false 0046)
 0046: 15 02 00 00000065   jeq ptrace 0049 (false 0047)
 0047: 15 01 00 00000136   jeq process_vm_readv 0049 (false 0048)
 0048: 06 00 00 7fff0000   ret ALLOW
 0049: 06 00 01 00000000   ret KILL
seccomp filter configured
noroot user namespace installed
Dropping all capabilities
NO_NEW_PRIVS set
Drop privileges: pid 1, uid 1000, gid 1000, nogroups 1
No supplementary groups
starting application
LD_PRELOAD=(null)
execvp argument 0: torbrowser-launcher
Child process initialized in 98.46 ms
Searching $PATH for torbrowser-launcher
trying #/usr/local/bin/torbrowser-launcher#
Installing /run/firejail/mnt/seccomp seccomp filter
Installing /run/firejail/mnt/seccomp.32 seccomp filter
Installing /run/firejail/mnt/seccomp.protocol seccomp filter
monitoring pid 46

Tor Browser Launcher
By Micah Lee, licensed under MIT
version 0.2.9
https://github.com/micahflee/torbrowser-launcher
Refreshing local keyring...
Launching './Browser/start-tor-browser --detach'...
Sandbox monitor: waitpid 46 retval 46 status 0
Sandbox monitor: monitoring 72
monitoring pid 72

Sandbox monitor: waitpid 72 retval 72 status 0

Parent is shutting down, bye...
user@debian:~$ 

<!-- gh-comment-id:427108437 --> @Nurmagoz commented on GitHub (Oct 4, 2018): > try > firejail --profile=/etc/firejail/torbrowser-launcher.profile torbrowser the output is: ``` user@host:~$ firejail --profile=/etc/firejail/torbrowser-launcher.profile torbrowser Reading profile /etc/firejail/torbrowser-launcher.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-passwdmgr.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Parent pid 9440, child pid 9441 Warning: skipping pki for private /etc Warning: skipping crypto-policies for private /etc Warning: skipping alsa for private /etc Warning: skipping asound.conf for private /etc Private /etc installed in 48.12 ms 34 programs installed in 55.45 ms Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Warning: cleaning all supplementary groups Post-exec seccomp protector enabled Seccomp list in: @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice, check list: @default-keep, prelist: adjtimex,clock_adjtime,clock_settime,settimeofday,modify_ldt,lookup_dcookie,perf_event_open,process_vm_writev,delete_module,finit_module,init_module,_sysctl,afs_syscall,create_module,get_kernel_syms,getpmsg,putpmsg,query_module,security,sysfs,tuxcall,uselib,ustat,vserver,ioperm,iopl,kexec_load,kexec_file_load,reboot,set_mempolicy,migrate_pages,move_pages,mbind,swapon,swapoff,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount2,userfaultfd,vhangup,vmsplice, Child process initialized in 132.93 ms Error: no suitable torbrowser executable found Parent is shutting down, bye... user@host:~$ ``` well i even tried the same version of FireJail with plain Debian + TBB 8.0.2 and also didnt work: ``` user@debian:~$ firejail --debug torbrowser-launcher Autoselecting /bin/bash as shell Building quoted command line: 'torbrowser-launcher' Command name #torbrowser-launcher# Found torbrowser-launcher profile in /etc/firejail directory Reading profile /etc/firejail/torbrowser-launcher.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-passwdmgr.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-var-common.inc DISPLAY=:0 parsed as 0 Using the local network stack Parent pid 3001, child pid 3002 Initializing child process Host network configured PID namespace installed Mounting tmpfs on /run/firejail/mnt directory Creating empty /run/firejail/mnt/seccomp.protocol file Creating empty /run/firejail/mnt/seccomp.postexec file Build protocol filter: unix,inet,inet6 sbox run: /usr/lib/x86_64-linux-gnu/firejail/fseccomp protocol build unix,inet,inet6 /run/firejail/mnt/seccomp.protocol (null) Dropping all capabilities Drop privileges: pid 2, uid 1000, gid 1000, nogroups 1 No supplementary groups Mounting read-only /bin, /sbin, /lib, /lib32, /lib64, /usr, /etc, /var Mounting tmpfs on /var/lock Mounting tmpfs on /var/tmp Mounting tmpfs on /var/log Mounting tmpfs on /var/lib/dhcp Mounting tmpfs on /var/lib/sudo Create the new utmp file Mount the new utmp file Cleaning /home directory Sanitizing /etc/passwd, UID_MIN 1000 Sanitizing /etc/group, GID_MIN 1000 Disable /run/firejail/network Disable /run/firejail/bandwidth Disable /run/firejail/name Disable /run/firejail/x11 Mounting tmpfs on /dev mounting /run/firejail/mnt/dev/snd directory Process /dev/shm directory Copying files in the new /etc directory: copying /etc/fonts to private /etc Creating empty /run/firejail/mnt/etc/fonts directory sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /etc/fonts /run/firejail/mnt/etc/fonts (null) Warning: file /etc/hostname not found. Warning: skipping hostname for private /etc copying /etc/hosts to private /etc sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /etc/hosts /run/firejail/mnt/etc (null) copying /etc/resolv.conf to private /etc sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /etc/resolv.conf /run/firejail/mnt/etc (null) Warning: file /etc/pki not found. Warning: skipping pki for private /etc copying /etc/ssl to private /etc Creating empty /run/firejail/mnt/etc/ssl directory sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /etc/ssl /run/firejail/mnt/etc/ssl (null) copying /etc/ca-certificates to private /etc Creating empty /run/firejail/mnt/etc/ca-certificates directory sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /etc/ca-certificates /run/firejail/mnt/etc/ca-certificates (null) Warning: file /etc/crypto-policies not found. Warning: skipping crypto-policies for private /etc Warning: file /etc/alsa not found. Warning: skipping alsa for private /etc Warning: file /etc/asound.conf not found. Warning: skipping asound.conf for private /etc copying /etc/pulse to private /etc Creating empty /run/firejail/mnt/etc/pulse directory sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /etc/pulse /run/firejail/mnt/etc/pulse (null) copying /etc/machine-id to private /etc sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /etc/machine-id /run/firejail/mnt/etc (null) copying /etc/ld.so.cache to private /etc sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /etc/ld.so.cache /run/firejail/mnt/etc (null) Mount-bind /run/firejail/mnt/etc on top of /etc Private /etc installed in 15.43 ms Creating an empty /etc/ld.so.preload file Copying files in the new bin directory Checking /usr/local/bin/bash Checking /usr/bin/bash Checking /bin/bash sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /bin/bash /run/firejail/mnt/bin (null) Checking /usr/local/bin/cp Checking /usr/bin/cp Checking /bin/cp sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /bin/cp /run/firejail/mnt/bin (null) Checking /usr/local/bin/dirname Checking /usr/bin/dirname sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /usr/bin/dirname /run/firejail/mnt/bin (null) Checking /usr/local/bin/env Checking /usr/bin/env sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /usr/bin/env /run/firejail/mnt/bin (null) Checking /usr/local/bin/expr Checking /usr/bin/expr sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /usr/bin/expr /run/firejail/mnt/bin (null) Checking /usr/local/bin/file Checking /usr/bin/file sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /usr/bin/file /run/firejail/mnt/bin (null) Checking /usr/local/bin/getconf Checking /usr/bin/getconf sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /usr/bin/getconf /run/firejail/mnt/bin (null) Checking /usr/local/bin/gpg Checking /usr/bin/gpg sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /usr/bin/gpg /run/firejail/mnt/bin (null) Checking /usr/local/bin/grep Checking /usr/bin/grep Checking /bin/grep sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /bin/grep /run/firejail/mnt/bin (null) Checking /usr/local/bin/id Checking /usr/bin/id sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /usr/bin/id /run/firejail/mnt/bin (null) Checking /usr/local/bin/ln Checking /usr/bin/ln Checking /bin/ln sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /bin/ln /run/firejail/mnt/bin (null) Checking /usr/local/bin/mkdir Checking /usr/bin/mkdir Checking /bin/mkdir sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /bin/mkdir /run/firejail/mnt/bin (null) sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /usr/bin/python3.5 /run/firejail/mnt/bin (null) sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /usr/bin/python3.5 /run/firejail/mnt/bin (null) sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /usr/bin/python3 /run/firejail/mnt/bin (null) sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /usr/bin/python3.5m /run/firejail/mnt/bin (null) sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /usr/bin/python3.5m /run/firejail/mnt/bin (null) sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /usr/bin/python3m /run/firejail/mnt/bin (null) sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /usr/bin/python2.7 /run/firejail/mnt/bin (null) sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /usr/bin/python /run/firejail/mnt/bin (null) sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /usr/bin/python2.7 /run/firejail/mnt/bin (null) sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /usr/bin/python2.7 /run/firejail/mnt/bin (null) sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /usr/bin/python2 /run/firejail/mnt/bin (null) Checking /usr/local/bin/readlink Checking /usr/bin/readlink Checking /bin/readlink sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /bin/readlink /run/firejail/mnt/bin (null) Checking /usr/local/bin/rm Checking /usr/bin/rm Checking /bin/rm sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /bin/rm /run/firejail/mnt/bin (null) Checking /usr/local/bin/sed Checking /usr/bin/sed Checking /bin/sed sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /bin/sed /run/firejail/mnt/bin (null) Checking /usr/local/bin/sh Checking /usr/bin/sh Checking /bin/sh sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /bin/dash /run/firejail/mnt/bin (null) sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /bin/sh /run/firejail/mnt/bin (null) Checking /usr/local/bin/tail Checking /usr/bin/tail sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /usr/bin/tail /run/firejail/mnt/bin (null) Checking /usr/local/bin/tclsh Checking /usr/bin/tclsh Checking /bin/tclsh Checking /usr/games/tclsh Checking /usr/local/games/tclsh Checking /usr/local/sbin/tclsh Checking /usr/sbin/tclsh Checking /sbin/tclsh Warning: file tclsh not found Checking /usr/local/bin/test Checking /usr/bin/test sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /usr/bin/test /run/firejail/mnt/bin (null) Checking /usr/local/bin/tor-browser-en Checking /usr/bin/tor-browser-en Checking /bin/tor-browser-en Checking /usr/games/tor-browser-en Checking /usr/local/games/tor-browser-en Checking /usr/local/sbin/tor-browser-en Checking /usr/sbin/tor-browser-en Checking /sbin/tor-browser-en Warning: file tor-browser-en not found Checking /usr/local/bin/torbrowser-launcher Checking /usr/bin/torbrowser-launcher sbox run: /usr/lib/x86_64-linux-gnu/firejail/fcopy /usr/bin/torbrowser-launcher /run/firejail/mnt/bin (null) Mount-bind /run/firejail/mnt/bin on top of /usr/local/bin Mount-bind /run/firejail/mnt/bin on top of /usr/bin Mount-bind /run/firejail/mnt/bin on top of /bin Mount-bind /run/firejail/mnt/bin on top of /usr/games Mount-bind /run/firejail/mnt/bin on top of /usr/local/games Mount-bind /run/firejail/mnt/bin on top of /usr/local/sbin Mount-bind /run/firejail/mnt/bin on top of /usr/sbin Mount-bind /run/firejail/mnt/bin on top of /sbin 31 programs installed in 41.73 ms Remounting /proc and /proc/sys filesystems Remounting /sys directory Disable /sys/firmware Disable /sys/hypervisor Disable /sys/power Disable /sys/kernel/debug Disable /sys/kernel/vmcoreinfo Disable /proc/sys/fs/binfmt_misc Disable /proc/sys/kernel/core_pattern Disable /proc/sys/kernel/modprobe Disable /proc/sysrq-trigger Disable /proc/sys/vm/panic_on_oom Disable /proc/irq Disable /proc/bus Disable /proc/config.gz Disable /proc/sched_debug Disable /proc/timer_list Disable /proc/kallsyms Disable /lib/modules Disable /usr/lib/debug Disable /boot Disable /run/user/1000/gnupg Disable /run/user/1000/systemd Disable /proc/kmsg Disable /mnt Disable /media Disable /run/mount Debug 424: new_name #/home/user/.config/torbrowser#, whitelist Debug 525: fname #/home/user/.config/torbrowser#, cfg.homedir #/home/user# Replaced whitelist path: whitelist /home/user/.config/torbrowser Debug 424: new_name #/home/user/.local/share/torbrowser#, whitelist Debug 525: fname #/home/user/.local/share/torbrowser#, cfg.homedir #/home/user# Replaced whitelist path: whitelist /home/user/.local/share/torbrowser Debug 424: new_name #/home/user/.XCompose#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.XCompose expanded: /home/user/.XCompose real path: (null) realpath: No such file or directory Debug 424: new_name #/home/user/.asoundrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.asoundrc expanded: /home/user/.asoundrc real path: (null) realpath: No such file or directory Debug 424: new_name #/home/user/.config/ibus#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/ibus expanded: /home/user/.config/ibus real path: (null) realpath: No such file or directory Debug 424: new_name #/home/user/.config/mimeapps.list#, whitelist Debug 525: fname #/home/user/.config/mimeapps.list#, cfg.homedir #/home/user# Replaced whitelist path: whitelist /home/user/.config/mimeapps.list Debug 424: new_name #/home/user/.config/pkcs11#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/pkcs11 expanded: /home/user/.config/pkcs11 real path: (null) realpath: No such file or directory Debug 424: new_name #/home/user/.config/user-dirs.dirs#, whitelist Debug 525: fname #/home/user/.config/user-dirs.dirs#, cfg.homedir #/home/user# Replaced whitelist path: whitelist /home/user/.config/user-dirs.dirs Debug 424: new_name #/home/user/.drirc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.drirc expanded: /home/user/.drirc real path: (null) realpath: No such file or directory Debug 424: new_name #/home/user/.icons#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.icons expanded: /home/user/.icons real path: (null) realpath: No such file or directory Debug 424: new_name #/home/user/.local/share/applications#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/applications expanded: /home/user/.local/share/applications real path: (null) realpath: No such file or directory Debug 424: new_name #/home/user/.local/share/icons#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/icons expanded: /home/user/.local/share/icons real path: (null) realpath: No such file or directory Debug 424: new_name #/home/user/.local/share/mime#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/mime expanded: /home/user/.local/share/mime real path: (null) realpath: No such file or directory Debug 424: new_name #/home/user/.mime.types#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.mime.types expanded: /home/user/.mime.types real path: (null) realpath: No such file or directory Debug 424: new_name #/home/user/.cache/fontconfig#, whitelist Debug 525: fname #/home/user/.cache/fontconfig#, cfg.homedir #/home/user# Replaced whitelist path: whitelist /home/user/.cache/fontconfig Debug 424: new_name #/home/user/.config/fontconfig#, whitelist Debug 525: fname #/home/user/.config/fontconfig#, cfg.homedir #/home/user# Replaced whitelist path: whitelist /home/user/.config/fontconfig Debug 424: new_name #/home/user/.fontconfig#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fontconfig expanded: /home/user/.fontconfig real path: (null) realpath: No such file or directory Debug 424: new_name #/home/user/.fonts#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts expanded: /home/user/.fonts real path: (null) realpath: No such file or directory Debug 424: new_name #/home/user/.fonts.conf#, whitelist Debug 525: fname #/home/user/.config/fontconfig/fonts.conf#, cfg.homedir #/home/user# Replaced whitelist path: whitelist /home/user/.config/fontconfig/fonts.conf Debug 424: new_name #/home/user/.fonts.conf.d#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf.d expanded: /home/user/.fonts.conf.d real path: (null) realpath: No such file or directory Debug 424: new_name #/home/user/.fonts.d#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.d expanded: /home/user/.fonts.d real path: (null) realpath: No such file or directory Debug 424: new_name #/home/user/.local/share/fonts#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/fonts expanded: /home/user/.local/share/fonts real path: (null) realpath: No such file or directory Debug 424: new_name #/home/user/.pangorc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.pangorc expanded: /home/user/.pangorc real path: (null) realpath: No such file or directory Debug 424: new_name #/home/user/.config/gtk-2.0#, whitelist Debug 525: fname #/home/user/.config/gtk-2.0#, cfg.homedir #/home/user# Replaced whitelist path: whitelist /home/user/.config/gtk-2.0 Debug 424: new_name #/home/user/.config/gtk-3.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtk-3.0 expanded: /home/user/.config/gtk-3.0 real path: (null) realpath: No such file or directory Debug 424: new_name #/home/user/.config/gtkrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc expanded: /home/user/.config/gtkrc real path: (null) realpath: No such file or directory Debug 424: new_name #/home/user/.config/gtkrc-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc-2.0 expanded: /home/user/.config/gtkrc-2.0 real path: (null) realpath: No such file or directory Debug 424: new_name #/home/user/.gnome2#, whitelist Debug 525: fname #/home/user/.gnome2#, cfg.homedir #/home/user# Replaced whitelist path: whitelist /home/user/.gnome2 Debug 424: new_name #/home/user/.gnome2-private#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2-private expanded: /home/user/.gnome2-private real path: (null) realpath: No such file or directory Debug 424: new_name #/home/user/.gtk-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtk-2.0 expanded: /home/user/.gtk-2.0 real path: (null) realpath: No such file or directory Debug 424: new_name #/home/user/.gtkrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtkrc expanded: /home/user/.gtkrc real path: (null) realpath: No such file or directory Debug 424: new_name #/home/user/.gtkrc-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtkrc-2.0 expanded: /home/user/.gtkrc-2.0 real path: (null) realpath: No such file or directory Debug 424: new_name #/home/user/.kde/share/config/gtkrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc expanded: /home/user/.kde/share/config/gtkrc real path: (null) realpath: No such file or directory Debug 424: new_name #/home/user/.kde/share/config/gtkrc-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc-2.0 expanded: /home/user/.kde/share/config/gtkrc-2.0 real path: (null) realpath: No such file or directory Debug 424: new_name #/home/user/.kde4/share/config/gtkrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc expanded: /home/user/.kde4/share/config/gtkrc real path: (null) realpath: No such file or directory Debug 424: new_name #/home/user/.kde4/share/config/gtkrc-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc-2.0 expanded: /home/user/.kde4/share/config/gtkrc-2.0 real path: (null) realpath: No such file or directory Debug 424: new_name #/home/user/.local/share/themes#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/themes expanded: /home/user/.local/share/themes real path: (null) realpath: No such file or directory Debug 424: new_name #/home/user/.themes#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.themes expanded: /home/user/.themes real path: (null) realpath: No such file or directory Debug 424: new_name #/home/user/.config/dconf#, whitelist Debug 525: fname #/home/user/.config/dconf#, cfg.homedir #/home/user# Replaced whitelist path: whitelist /home/user/.config/dconf Debug 424: new_name #/home/user/.config/Kvantum#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/Kvantum expanded: /home/user/.config/Kvantum real path: (null) realpath: No such file or directory Debug 424: new_name #/home/user/.config/Trolltech.conf#, whitelist Debug 525: fname #/home/user/.config/Trolltech.conf#, cfg.homedir #/home/user# Replaced whitelist path: whitelist /home/user/.config/Trolltech.conf Debug 424: new_name #/home/user/.config/kdeglobals#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kdeglobals expanded: /home/user/.config/kdeglobals real path: (null) realpath: No such file or directory Debug 424: new_name #/home/user/.config/kio_httprc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kio_httprc expanded: /home/user/.config/kio_httprc real path: (null) realpath: No such file or directory Debug 424: new_name #/home/user/.config/kioslaverc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kioslaverc expanded: /home/user/.config/kioslaverc real path: (null) realpath: No such file or directory Debug 424: new_name #/home/user/.config/ksslcablacklist#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/ksslcablacklist expanded: /home/user/.config/ksslcablacklist real path: (null) realpath: No such file or directory Debug 424: new_name #/home/user/.config/qt5ct#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/qt5ct expanded: /home/user/.config/qt5ct real path: (null) realpath: No such file or directory Debug 424: new_name #/home/user/.kde/share/config/kdeglobals#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kdeglobals expanded: /home/user/.kde/share/config/kdeglobals real path: (null) realpath: No such file or directory Debug 424: new_name #/home/user/.kde/share/config/kio_httprc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kio_httprc expanded: /home/user/.kde/share/config/kio_httprc real path: (null) realpath: No such file or directory Debug 424: new_name #/home/user/.kde/share/config/kioslaverc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kioslaverc expanded: /home/user/.kde/share/config/kioslaverc real path: (null) realpath: No such file or directory Debug 424: new_name #/home/user/.kde/share/config/ksslcablacklist#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/ksslcablacklist expanded: /home/user/.kde/share/config/ksslcablacklist real path: (null) realpath: No such file or directory Debug 424: new_name #/home/user/.kde/share/config/oxygenrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/oxygenrc expanded: /home/user/.kde/share/config/oxygenrc real path: (null) realpath: No such file or directory Debug 424: new_name #/home/user/.kde/share/icons#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/icons expanded: /home/user/.kde/share/icons real path: (null) realpath: No such file or directory Debug 424: new_name #/home/user/.kde4/share/config/kdeglobals#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kdeglobals expanded: /home/user/.kde4/share/config/kdeglobals real path: (null) realpath: No such file or directory Debug 424: new_name #/home/user/.kde4/share/config/kio_httprc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kio_httprc expanded: /home/user/.kde4/share/config/kio_httprc real path: (null) realpath: No such file or directory Debug 424: new_name #/home/user/.kde4/share/config/kioslaverc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kioslaverc expanded: /home/user/.kde4/share/config/kioslaverc real path: (null) realpath: No such file or directory Debug 424: new_name #/home/user/.kde4/share/config/ksslcablacklist#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/ksslcablacklist expanded: /home/user/.kde4/share/config/ksslcablacklist real path: (null) realpath: No such file or directory Debug 424: new_name #/home/user/.kde4/share/config/oxygenrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/oxygenrc expanded: /home/user/.kde4/share/config/oxygenrc real path: (null) realpath: No such file or directory Debug 424: new_name #/home/user/.kde4/share/icons#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/icons expanded: /home/user/.kde4/share/icons real path: (null) realpath: No such file or directory Debug 424: new_name #/home/user/.local/share/qt5ct#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/qt5ct expanded: /home/user/.local/share/qt5ct real path: (null) realpath: No such file or directory Debug 424: new_name #/home/user/.cache/kioexec/krun#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.cache/kioexec/krun expanded: /home/user/.cache/kioexec/krun real path: (null) realpath: No such file or directory Debug 424: new_name #/var/lib/dbus#, whitelist Debug 424: new_name #/var/lib/menu-xdg#, whitelist Removed whitelist/nowhitelist path: whitelist /var/lib/menu-xdg expanded: /var/lib/menu-xdg real path: (null) realpath: No such file or directory Debug 424: new_name #/var/cache/fontconfig#, whitelist Debug 424: new_name #/var/tmp#, whitelist Debug 424: new_name #/var/run#, whitelist Replaced whitelist path: whitelist /run Debug 424: new_name #/var/lock#, whitelist Replaced whitelist path: whitelist /run/lock Debug 424: new_name #/tmp/.X11-unix#, whitelist Mounting a new /home directory Mounting a new /root directory Create a new user directory Mounting tmpfs on /tmp directory Mounting tmpfs on /var directory Whitelisting /home/user/.config/torbrowser 592 581 202:16 /home/user/.config/torbrowser /home/user/.config/torbrowser rw,relatime master:30 - ext4 /dev/xvdb rw,discard,data=ordered fsname=/home/user/.config/torbrowser dir=/home/user/.config/torbrowser fstype=ext4 Whitelisting /home/user/.local/share/torbrowser 593 581 202:16 /home/user/.local/share/torbrowser /home/user/.local/share/torbrowser rw,relatime master:30 - ext4 /dev/xvdb rw,discard,data=ordered fsname=/home/user/.local/share/torbrowser dir=/home/user/.local/share/torbrowser fstype=ext4 Whitelisting /home/user/.config/mimeapps.list 594 581 202:16 /home/user/.config/mimeapps.list /home/user/.config/mimeapps.list rw,relatime master:30 - ext4 /dev/xvdb rw,discard,data=ordered fsname=/home/user/.config/mimeapps.list dir=/home/user/.config/mimeapps.list fstype=ext4 Whitelisting /home/user/.config/user-dirs.dirs 595 581 202:16 /home/user/.config/user-dirs.dirs /home/user/.config/user-dirs.dirs rw,relatime master:30 - ext4 /dev/xvdb rw,discard,data=ordered fsname=/home/user/.config/user-dirs.dirs dir=/home/user/.config/user-dirs.dirs fstype=ext4 Whitelisting /home/user/.cache/fontconfig 596 581 202:16 /home/user/.cache/fontconfig /home/user/.cache/fontconfig rw,relatime master:30 - ext4 /dev/xvdb rw,discard,data=ordered fsname=/home/user/.cache/fontconfig dir=/home/user/.cache/fontconfig fstype=ext4 Whitelisting /home/user/.config/fontconfig 597 581 202:16 /home/user/.config/fontconfig /home/user/.config/fontconfig rw,relatime master:30 - ext4 /dev/xvdb rw,discard,data=ordered fsname=/home/user/.config/fontconfig dir=/home/user/.config/fontconfig fstype=ext4 Whitelisting /home/user/.config/fontconfig/fonts.conf Created symbolic link /home/user/.fonts.conf -> /home/user/.config/fontconfig/fonts.conf Whitelisting /home/user/.config/gtk-2.0 598 581 202:16 /home/user/.config/gtk-2.0 /home/user/.config/gtk-2.0 rw,relatime master:30 - ext4 /dev/xvdb rw,discard,data=ordered fsname=/home/user/.config/gtk-2.0 dir=/home/user/.config/gtk-2.0 fstype=ext4 Whitelisting /home/user/.gnome2 599 581 202:16 /home/user/.gnome2 /home/user/.gnome2 rw,relatime master:30 - ext4 /dev/xvdb rw,discard,data=ordered fsname=/home/user/.gnome2 dir=/home/user/.gnome2 fstype=ext4 Whitelisting /home/user/.config/dconf 600 581 202:16 /home/user/.config/dconf /home/user/.config/dconf rw,relatime master:30 - ext4 /dev/xvdb rw,discard,data=ordered fsname=/home/user/.config/dconf dir=/home/user/.config/dconf fstype=ext4 Whitelisting /home/user/.config/Trolltech.conf 601 581 202:16 /home/user/.config/Trolltech.conf /home/user/.config/Trolltech.conf rw,relatime master:30 - ext4 /dev/xvdb rw,discard,data=ordered fsname=/home/user/.config/Trolltech.conf dir=/home/user/.config/Trolltech.conf fstype=ext4 Whitelisting /var/lib/dbus 602 591 202:3 /var/lib/dbus /var/lib/dbus ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/xvda3 rw,discard,data=ordered fsname=/var/lib/dbus dir=/var/lib/dbus fstype=ext4 Whitelisting /var/cache/fontconfig 603 591 202:3 /var/cache/fontconfig /var/cache/fontconfig ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/xvda3 rw,discard,data=ordered fsname=/var/cache/fontconfig dir=/var/cache/fontconfig fstype=ext4 Whitelisting /var/tmp 604 591 0:67 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw fsname=/ dir=/var/tmp fstype=tmpfs Created symbolic link /var/run -> /run Whitelisting /run/lock 605 533 0:66 / /run/lock rw,nosuid,nodev,noexec - tmpfs tmpfs rw fsname=/ dir=/run/lock fstype=tmpfs Created symbolic link /var/lock -> /run/lock Whitelisting /tmp/.X11-unix 606 584 202:3 /tmp/.X11-unix /tmp/.X11-unix rw,noatime master:1 - ext4 /dev/xvda3 rw,discard,data=ordered fsname=/tmp/.X11-unix dir=/tmp/.X11-unix fstype=ext4 Disable /run/minissdpd.sock (requested /var/run/minissdpd.sock) Disable /sbin Disable /usr/local/sbin Disable /usr/sbin Mounting noexec /tmp/.X11-unix Disable /usr/include Disable /usr/lib/valgrind Disable /usr/share/java Disable /usr/lib/perl5 Disable /usr/share/perl-openssl-defaults Disable /usr/share/perl5 Disable /usr/share/perl Not blacklist /usr/local/bin/python2 Not blacklist /usr/local/bin/python2.7 Not blacklist /usr/bin/python2 Not blacklist /usr/bin/python2.7 Not blacklist /bin/python2 Not blacklist /bin/python2.7 Not blacklist /usr/local/games/python2 Not blacklist /usr/local/games/python2.7 Not blacklist /usr/games/python2 Not blacklist /usr/games/python2.7 Not blacklist /usr/lib/python2.7 Disable /usr/local/lib/python2.7 Not blacklist /usr/local/bin/python3m Not blacklist /usr/local/bin/python3.5m Not blacklist /usr/local/bin/python3 Not blacklist /usr/local/bin/python3.5 Not blacklist /usr/bin/python3m Not blacklist /usr/bin/python3.5m Not blacklist /usr/bin/python3 Not blacklist /usr/bin/python3.5 Not blacklist /bin/python3m Not blacklist /bin/python3.5m Not blacklist /bin/python3 Not blacklist /bin/python3.5 Not blacklist /usr/local/games/python3m Not blacklist /usr/local/games/python3.5m Not blacklist /usr/local/games/python3 Not blacklist /usr/local/games/python3.5 Not blacklist /usr/games/python3m Not blacklist /usr/games/python3.5m Not blacklist /usr/games/python3 Not blacklist /usr/games/python3.5 Not blacklist /usr/lib/python3.5 Not blacklist /usr/lib/python3 Disable /usr/local/lib/python3.5 Disable /usr/share/python3 Not blacklist /home/user/.config/torbrowser Not blacklist /home/user/.local/share/torbrowser Mounting read-only /home/user/.config/user-dirs.dirs Mounting noexec /tmp Disable /sys/fs Disable /sys/module Drop privileges: pid 42, uid 1000, gid 1000, nogroups 0 Warning: cleaning all supplementary groups 631 581 0:65 /pulse /home/user/.config/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755 fsname=/pulse dir=/home/user/.config/pulse fstype=tmpfs blacklist /dev/dvb blacklist /dev/sr0 blacklist /dev/video0 blacklist /dev/video1 blacklist /dev/video2 blacklist /dev/video3 blacklist /dev/video4 blacklist /dev/video5 blacklist /dev/video6 blacklist /dev/video7 blacklist /dev/video8 blacklist /dev/video9 Create the new ld.so.preload file Blacklist violations are logged to syslog Mount the new ld.so.preload file Current directory: /home/user DISPLAY=:0 parsed as 0 Dropping all capabilities Install protocol filter: unix,inet,inet6 configuring 14 seccomp entries in /run/firejail/mnt/seccomp.protocol sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp.protocol (null) Dropping all capabilities Drop privileges: pid 43, uid 1000, gid 1000, nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 15 01 00 00000029 jeq socket 0006 (false 0005) 0005: 06 00 00 7fff0000 ret ALLOW 0006: 20 00 00 00000010 ld data.args[0] 0007: 15 00 01 00000001 jeq 1 0008 (false 0009) 0008: 06 00 00 7fff0000 ret ALLOW 0009: 15 00 01 00000002 jeq 2 000a (false 000b) 000a: 06 00 00 7fff0000 ret ALLOW 000b: 15 00 01 0000000a jeq a 000c (false 000d) 000c: 06 00 00 7fff0000 ret ALLOW 000d: 06 00 00 0005005f ret ERRNO(95) configuring 54 seccomp entries in /run/firejail/mnt/seccomp.32 sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp.32 (null) Dropping all capabilities Drop privileges: pid 44, uid 1000, gid 1000, nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 40000003 jeq ARCH_32 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 15 30 00 00000015 jeq 15 0035 (false 0005) 0005: 15 2f 00 00000034 jeq 34 0035 (false 0006) 0006: 15 2e 00 0000001a jeq 1a 0035 (false 0007) 0007: 15 2d 00 0000011b jeq 11b 0035 (false 0008) 0008: 15 2c 00 00000155 jeq 155 0035 (false 0009) 0009: 15 2b 00 00000156 jeq 156 0035 (false 000a) 000a: 15 2a 00 0000007f jeq 7f 0035 (false 000b) 000b: 15 29 00 00000080 jeq 80 0035 (false 000c) 000c: 15 28 00 0000015e jeq 15e 0035 (false 000d) 000d: 15 27 00 00000081 jeq 81 0035 (false 000e) 000e: 15 26 00 0000006e jeq 6e 0035 (false 000f) 000f: 15 25 00 00000065 jeq 65 0035 (false 0010) 0010: 15 24 00 00000121 jeq 121 0035 (false 0011) 0011: 15 23 00 00000057 jeq 57 0035 (false 0012) 0012: 15 22 00 00000073 jeq 73 0035 (false 0013) 0013: 15 21 00 00000067 jeq 67 0035 (false 0014) 0014: 15 20 00 0000015b jeq 15b 0035 (false 0015) 0015: 15 1f 00 0000015c jeq 15c 0035 (false 0016) 0016: 15 1e 00 00000087 jeq 87 0035 (false 0017) 0017: 15 1d 00 00000095 jeq 95 0035 (false 0018) 0018: 15 1c 00 0000007c jeq 7c 0035 (false 0019) 0019: 15 1b 00 00000157 jeq 157 0035 (false 001a) 001a: 15 1a 00 000000fd jeq fd 0035 (false 001b) 001b: 15 19 00 00000150 jeq 150 0035 (false 001c) 001c: 15 18 00 00000152 jeq 152 0035 (false 001d) 001d: 15 17 00 0000015d jeq 15d 0035 (false 001e) 001e: 15 16 00 0000011e jeq 11e 0035 (false 001f) 001f: 15 15 00 0000011f jeq 11f 0035 (false 0020) 0020: 15 14 00 00000120 jeq 120 0035 (false 0021) 0021: 15 13 00 00000056 jeq 56 0035 (false 0022) 0022: 15 12 00 00000033 jeq 33 0035 (false 0023) 0023: 15 11 00 0000007b jeq 7b 0035 (false 0024) 0024: 15 10 00 000000d9 jeq d9 0035 (false 0025) 0025: 15 0f 00 000000f5 jeq f5 0035 (false 0026) 0026: 15 0e 00 000000f6 jeq f6 0035 (false 0027) 0027: 15 0d 00 000000f7 jeq f7 0035 (false 0028) 0028: 15 0c 00 000000f8 jeq f8 0035 (false 0029) 0029: 15 0b 00 000000f9 jeq f9 0035 (false 002a) 002a: 15 0a 00 00000101 jeq 101 0035 (false 002b) 002b: 15 09 00 00000112 jeq 112 0035 (false 002c) 002c: 15 08 00 00000114 jeq 114 0035 (false 002d) 002d: 15 07 00 00000126 jeq 126 0035 (false 002e) 002e: 15 06 00 0000013d jeq 13d 0035 (false 002f) 002f: 15 05 00 0000013c jeq 13c 0035 (false 0030) 0030: 15 04 00 0000003d jeq 3d 0035 (false 0031) 0031: 15 03 00 00000058 jeq 58 0035 (false 0032) 0032: 15 02 00 000000a9 jeq a9 0035 (false 0033) 0033: 15 01 00 00000082 jeq 82 0035 (false 0034) 0034: 06 00 00 7fff0000 ret ALLOW 0035: 06 00 00 00000000 ret KILL Dual 32/64 bit seccomp filter configured configuring 74 seccomp entries in /run/firejail/mnt/seccomp sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp (null) Dropping all capabilities Drop privileges: pid 45, uid 1000, gid 1000, nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005) 0005: 35 01 00 00000000 jge read 0007 (false 0006) 0006: 06 00 00 00050001 ret ERRNO(1) 0007: 15 41 00 0000009a jeq modify_ldt 0049 (false 0008) 0008: 15 40 00 000000d4 jeq lookup_dcookie 0049 (false 0009) 0009: 15 3f 00 0000012a jeq perf_event_open 0049 (false 000a) 000a: 15 3e 00 00000137 jeq process_vm_writev 0049 (false 000b) 000b: 15 3d 00 0000009c jeq _sysctl 0049 (false 000c) 000c: 15 3c 00 000000b7 jeq afs_syscall 0049 (false 000d) 000d: 15 3b 00 000000ae jeq create_module 0049 (false 000e) 000e: 15 3a 00 000000b1 jeq get_kernel_syms 0049 (false 000f) 000f: 15 39 00 000000b5 jeq getpmsg 0049 (false 0010) 0010: 15 38 00 000000b6 jeq putpmsg 0049 (false 0011) 0011: 15 37 00 000000b2 jeq query_module 0049 (false 0012) 0012: 15 36 00 000000b9 jeq security 0049 (false 0013) 0013: 15 35 00 0000008b jeq sysfs 0049 (false 0014) 0014: 15 34 00 000000b8 jeq tuxcall 0049 (false 0015) 0015: 15 33 00 00000086 jeq uselib 0049 (false 0016) 0016: 15 32 00 00000088 jeq ustat 0049 (false 0017) 0017: 15 31 00 000000ec jeq vserver 0049 (false 0018) 0018: 15 30 00 0000009f jeq adjtimex 0049 (false 0019) 0019: 15 2f 00 00000131 jeq clock_adjtime 0049 (false 001a) 001a: 15 2e 00 000000e3 jeq clock_settime 0049 (false 001b) 001b: 15 2d 00 000000a4 jeq settimeofday 0049 (false 001c) 001c: 15 2c 00 000000b0 jeq delete_module 0049 (false 001d) 001d: 15 2b 00 00000139 jeq finit_module 0049 (false 001e) 001e: 15 2a 00 000000af jeq init_module 0049 (false 001f) 001f: 15 29 00 000000ad jeq ioperm 0049 (false 0020) 0020: 15 28 00 000000ac jeq iopl 0049 (false 0021) 0021: 15 27 00 000000f6 jeq kexec_load 0049 (false 0022) 0022: 15 26 00 00000140 jeq kexec_file_load 0049 (false 0023) 0023: 15 25 00 000000a9 jeq reboot 0049 (false 0024) 0024: 15 24 00 000000a7 jeq swapon 0049 (false 0025) 0025: 15 23 00 000000a8 jeq swapoff 0049 (false 0026) 0026: 15 22 00 000000a3 jeq acct 0049 (false 0027) 0027: 15 21 00 00000141 jeq bpf 0049 (false 0028) 0028: 15 20 00 000000a1 jeq chroot 0049 (false 0029) 0029: 15 1f 00 000000a5 jeq mount 0049 (false 002a) 002a: 15 1e 00 000000b4 jeq nfsservctl 0049 (false 002b) 002b: 15 1d 00 0000009b jeq pivot_root 0049 (false 002c) 002c: 15 1c 00 000000ab jeq setdomainname 0049 (false 002d) 002d: 15 1b 00 000000aa jeq sethostname 0049 (false 002e) 002e: 15 1a 00 000000a6 jeq umount2 0049 (false 002f) 002f: 15 19 00 00000099 jeq vhangup 0049 (false 0030) 0030: 15 18 00 000000ee jeq set_mempolicy 0049 (false 0031) 0031: 15 17 00 00000100 jeq migrate_pages 0049 (false 0032) 0032: 15 16 00 00000117 jeq move_pages 0049 (false 0033) 0033: 15 15 00 000000ed jeq mbind 0049 (false 0034) 0034: 15 14 00 00000130 jeq open_by_handle_at 0049 (false 0035) 0035: 15 13 00 0000012f jeq name_to_handle_at 0049 (false 0036) 0036: 15 12 00 000000fb jeq ioprio_set 0049 (false 0037) 0037: 15 11 00 00000067 jeq syslog 0049 (false 0038) 0038: 15 10 00 0000012c jeq fanotify_init 0049 (false 0039) 0039: 15 0f 00 00000138 jeq kcmp 0049 (false 003a) 003a: 15 0e 00 000000f8 jeq add_key 0049 (false 003b) 003b: 15 0d 00 000000f9 jeq request_key 0049 (false 003c) 003c: 15 0c 00 000000fa jeq keyctl 0049 (false 003d) 003d: 15 0b 00 000000ce jeq io_setup 0049 (false 003e) 003e: 15 0a 00 000000cf jeq io_destroy 0049 (false 003f) 003f: 15 09 00 000000d0 jeq io_getevents 0049 (false 0040) 0040: 15 08 00 000000d1 jeq io_submit 0049 (false 0041) 0041: 15 07 00 000000d2 jeq io_cancel 0049 (false 0042) 0042: 15 06 00 000000d8 jeq remap_file_pages 0049 (false 0043) 0043: 15 05 00 00000116 jeq vmsplice 0049 (false 0044) 0044: 15 04 00 00000087 jeq personality 0049 (false 0045) 0045: 15 03 00 00000143 jeq userfaultfd 0049 (false 0046) 0046: 15 02 00 00000065 jeq ptrace 0049 (false 0047) 0047: 15 01 00 00000136 jeq process_vm_readv 0049 (false 0048) 0048: 06 00 00 7fff0000 ret ALLOW 0049: 06 00 01 00000000 ret KILL seccomp filter configured noroot user namespace installed Dropping all capabilities NO_NEW_PRIVS set Drop privileges: pid 1, uid 1000, gid 1000, nogroups 1 No supplementary groups starting application LD_PRELOAD=(null) execvp argument 0: torbrowser-launcher Child process initialized in 98.46 ms Searching $PATH for torbrowser-launcher trying #/usr/local/bin/torbrowser-launcher# Installing /run/firejail/mnt/seccomp seccomp filter Installing /run/firejail/mnt/seccomp.32 seccomp filter Installing /run/firejail/mnt/seccomp.protocol seccomp filter monitoring pid 46 Tor Browser Launcher By Micah Lee, licensed under MIT version 0.2.9 https://github.com/micahflee/torbrowser-launcher Refreshing local keyring... Launching './Browser/start-tor-browser --detach'... Sandbox monitor: waitpid 46 retval 46 status 0 Sandbox monitor: monitoring 72 monitoring pid 72 Sandbox monitor: waitpid 72 retval 72 status 0 Parent is shutting down, bye... user@debian:~$ ```

gitea-mirror commented 2026-05-05 08:06:40 -06:00

Author

Owner

Copy link

@reinerh commented on GitHub (Oct 4, 2018):

Please try one of the tor-browser-* profiles.

$ ls /etc/firejail/tor-browser-*
/etc/firejail/tor-browser-ar.profile     /etc/firejail/tor-browser-fa.profile  /etc/firejail/tor-browser-pl.profile
/etc/firejail/tor-browser-en.profile     /etc/firejail/tor-browser-fr.profile  /etc/firejail/tor-browser-pt-br.profile
/etc/firejail/tor-browser-en-us.profile  /etc/firejail/tor-browser-it.profile  /etc/firejail/tor-browser-ru.profile
/etc/firejail/tor-browser-es-es.profile  /etc/firejail/tor-browser-ja.profile  /etc/firejail/tor-browser-vi.profile
/etc/firejail/tor-browser-es.profile     /etc/firejail/tor-browser-ko.profile  /etc/firejail/tor-browser-zh-cn.profile

<!-- gh-comment-id:427194944 --> @reinerh commented on GitHub (Oct 4, 2018): Please try one of the `tor-browser-*` profiles. ``` $ ls /etc/firejail/tor-browser-* /etc/firejail/tor-browser-ar.profile /etc/firejail/tor-browser-fa.profile /etc/firejail/tor-browser-pl.profile /etc/firejail/tor-browser-en.profile /etc/firejail/tor-browser-fr.profile /etc/firejail/tor-browser-pt-br.profile /etc/firejail/tor-browser-en-us.profile /etc/firejail/tor-browser-it.profile /etc/firejail/tor-browser-ru.profile /etc/firejail/tor-browser-es-es.profile /etc/firejail/tor-browser-ja.profile /etc/firejail/tor-browser-vi.profile /etc/firejail/tor-browser-es.profile /etc/firejail/tor-browser-ko.profile /etc/firejail/tor-browser-zh-cn.profile ```

gitea-mirror commented 2026-05-05 08:06:42 -06:00

Author

Owner

Copy link

@reinerh commented on GitHub (Oct 4, 2018):

And if that also doesn't work, please try the firefox profile (as torbrowser is a forked firefox).

<!-- gh-comment-id:427195090 --> @reinerh commented on GitHub (Oct 4, 2018): And if that also doesn't work, please try the firefox profile (as torbrowser is a forked firefox).

gitea-mirror commented 2026-05-05 08:06:43 -06:00

Author

Owner

Copy link

@veloute commented on GitHub (Oct 5, 2018):

make sure you followed the install process for torbrowser-launcher properly: https://github.com/micahflee/torbrowser-launcher/blob/develop/BUILD.md

<!-- gh-comment-id:427216588 --> @veloute commented on GitHub (Oct 5, 2018): make sure you followed the install process for torbrowser-launcher properly: https://github.com/micahflee/torbrowser-launcher/blob/develop/BUILD.md

gitea-mirror commented 2026-05-05 08:06:44 -06:00

Author

Owner

Copy link

@Nurmagoz commented on GitHub (Oct 5, 2018):

Please try one of the tor-browser-* profiles.

nothing work

And if that also doesn't work, please try the firefox profile (as torbrowser is a forked firefox).

yeah but there r much more than just a firefox...

make sure you followed the install process for torbrowser-launcher properly: https://github.com/micahflee/torbrowser-launcher/blob/develop/BUILD.md

i didnt said i cant install or build torbrowser-launcher , but with firejail its not launching.

(also using that method is not secure , but installing it from debian repo is the safest way)

<!-- gh-comment-id:427391773 --> @Nurmagoz commented on GitHub (Oct 5, 2018): > Please try one of the tor-browser-* profiles. nothing work > And if that also doesn't work, please try the firefox profile (as torbrowser is a forked firefox). yeah but there r much more than just a firefox... > make sure you followed the install process for torbrowser-launcher properly: https://github.com/micahflee/torbrowser-launcher/blob/develop/BUILD.md i didnt said i cant install or build torbrowser-launcher , but with firejail its not launching. (also using that method is not secure , but installing it from debian repo is the safest way)

gitea-mirror commented 2026-05-05 08:06:45 -06:00

Author

Owner

Copy link

@Nurmagoz commented on GitHub (Oct 21, 2018):

Update , firejail worked inside debian after the last update , but its not inside Whonix (hope someone can tell me what is the error):

user@host:~$ firejail --debug torbrowser
Autoselecting /bin/bash as shell
Building quoted command line: 'torbrowser' 
Command name #torbrowser#
Attempting to find default.profile...                                                                                                                                 
Found default profile in /etc/firejail directory                                                                                                                      
Reading profile /etc/firejail/default.profile                                                                                                                         
Reading profile /etc/firejail/disable-common.inc                                                                                                                      
Reading profile /etc/firejail/disable-passwdmgr.inc                                                                                                                   
Reading profile /etc/firejail/disable-programs.inc                                                                                                                    

** Note: you can use --noprofile to disable default.profile **

DISPLAY=:0 parsed as 0
Using the local network stack
Parent pid 10690, child pid 10691
Host network configured
Initializing child process
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp.postexec file
Build protocol filter: unix,inet,inet6
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fseccomp protocol build unix,inet,inet6 /run/firejail/mnt/seccomp.protocol (null) 
Dropping all capabilities
Drop privileges: pid 2, uid 1000, gid 1000, nogroups 1
No supplementary groups
Mounting read-only /bin, /sbin, /lib, /lib32, /lib64, /usr, /etc, /var
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Mounting tmpfs on /var/lib/dhcp
Mounting tmpfs on /var/lib/sudo
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/x11
Remounting /proc and /proc/sys filesystems
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/config.gz
Disable /proc/sched_debug
Disable /proc/timer_list
Disable /proc/kallsyms
Disable /lib/modules
Disable /boot
Disable /dev/port
Disable /run/user/1000/gnupg
Disable /run/user/1000/systemd
Disable /dev/kmsg
Disable /proc/kmsg
Disable /home/user/.bash_history
Disable /etc/X11/Xsession.d
Disable /etc/xdg/autostart
Mounting read-only /home/user/.cache/ksycoca5_en_DUcAY8MHK9CqUalxnSyf45tD93g=
Mounting read-only /home/user/.local/share/konsole
Disable /run/user/1000/kdeinit5__0
Disable /var/lib/systemd
Disable /var/cache/apt
Disable /var/lib/apt
Disable /var/mail
Disable /var/opt
Disable /var/spool/cron
Disable /var/mail (requested /var/spool/mail)
Disable /etc/cron.hourly
Disable /etc/cron.monthly
Disable /etc/cron.weekly
Disable /etc/cron.d
Disable /etc/cron.daily
Disable /etc/crontab
Disable /etc/profile.d
Disable /etc/rc.local
Disable /etc/rc1.d
Disable /etc/rc0.d
Disable /etc/rcS.d
Disable /etc/rc5.d
Disable /etc/rc4.d
Disable /etc/rc2.d
Disable /etc/rc3.d
Disable /etc/rc6.d
Disable /etc/kernel
Disable /etc/apparmor.d
Disable /etc/apparmor
Disable /etc/selinux
Disable /etc/modules
Disable /etc/modules-load.d
Disable /etc/logrotate.conf
Disable /etc/logrotate.d
Disable /etc/adduser.conf
Mounting read-only /home/user/.bash_logout
Mounting read-only /home/user/.bashrc.whonix
Mounting read-only /home/user/.profile
Disable /home/user/.local/share/Trash
Disable /home/user/.gnupg
Disable /home/user/.pki
Disable /etc/group-
Disable /etc/gshadow
Disable /etc/gshadow-
Disable /etc/passwd-
Disable /etc/shadow
Disable /etc/shadow-
Disable /sbin
Disable /usr/local/sbin
Disable /usr/sbin
Disable /usr/bin/chage
Disable /usr/bin/chfn
Disable /usr/bin/chsh
Disable /usr/bin/crontab
Disable /usr/bin/expiry
Disable /bin/fusermount
Disable /usr/bin/gpasswd
Disable /bin/mount
Disable /usr/bin/newgrp
Disable /bin/ntfs-3g
Disable /usr/bin/pkexec
Disable /usr/bin/newgrp (requested /usr/bin/sg)
Disable /usr/bin/strace
Disable /bin/su
Disable /usr/bin/sudo
Disable /bin/umount
Disable /usr/bin/xev
Mounting noexec /tmp/.X11-unix
Disable /home/user/.config/baloofilerc
Disable /home/user/.config/dolphinrc
Disable /home/user/.config/hexchat
Disable /home/user/.config/katepartrc
Disable /home/user/.config/katevirc
Disable /home/user/.config/kwriterc
Disable /home/user/.config/org.kde.gwenviewrc
Disable /home/user/.config/torbrowser
Disable /home/user/.config/vlc
Disable /home/user/.local/share/baloo
Disable /home/user/.local/share/dolphin
Disable /home/user/.local/share/kwrite
Disable /home/user/.local/share/org.kde.gwenview
Disable /home/user/.local/share/torbrowser
Disable /home/user/.mozilla
Disable /home/user/.thunderbird
Disable /home/user/.cache/mozilla
Disable /home/user/.cache/thunderbird
Disable /sys/fs
Disable /sys/module
1131 1022 0:93 /pulse /home/user/.config/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755
fsname=/pulse dir=/home/user/.config/pulse fstype=tmpfs
Current directory: /home/user
DISPLAY=:0 parsed as 0
Dropping all capabilities
Install protocol filter: unix,inet,inet6
configuring 14 seccomp entries in /run/firejail/mnt/seccomp.protocol
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp.protocol (null) 
Dropping all capabilities
Drop privileges: pid 3, uid 1000, gid 1000, nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 15 01 00 00000029   jeq socket 0006 (false 0005)
 0005: 06 00 00 7fff0000   ret ALLOW
 0006: 20 00 00 00000010   ld  data.args[0]
 0007: 15 00 01 00000001   jeq 1 0008 (false 0009)
 0008: 06 00 00 7fff0000   ret ALLOW
 0009: 15 00 01 00000002   jeq 2 000a (false 000b)
 000a: 06 00 00 7fff0000   ret ALLOW
 000b: 15 00 01 0000000a   jeq a 000c (false 000d)
 000c: 06 00 00 7fff0000   ret ALLOW
 000d: 06 00 00 0005005f   ret ERRNO(95)
configuring 54 seccomp entries in /run/firejail/mnt/seccomp.32
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp.32 (null) 
Dropping all capabilities
Drop privileges: pid 4, uid 1000, gid 1000, nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 40000003   jeq ARCH_32 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 15 30 00 00000015   jeq 15 0035 (false 0005)
 0005: 15 2f 00 00000034   jeq 34 0035 (false 0006)
 0006: 15 2e 00 0000001a   jeq 1a 0035 (false 0007)
 0007: 15 2d 00 0000011b   jeq 11b 0035 (false 0008)
 0008: 15 2c 00 00000155   jeq 155 0035 (false 0009)
 0009: 15 2b 00 00000156   jeq 156 0035 (false 000a)
 000a: 15 2a 00 0000007f   jeq 7f 0035 (false 000b)
 000b: 15 29 00 00000080   jeq 80 0035 (false 000c)
 000c: 15 28 00 0000015e   jeq 15e 0035 (false 000d)
 000d: 15 27 00 00000081   jeq 81 0035 (false 000e)
 000e: 15 26 00 0000006e   jeq 6e 0035 (false 000f)
 000f: 15 25 00 00000065   jeq 65 0035 (false 0010)
 0010: 15 24 00 00000121   jeq 121 0035 (false 0011)
 0011: 15 23 00 00000057   jeq 57 0035 (false 0012)
 0012: 15 22 00 00000073   jeq 73 0035 (false 0013)
 0013: 15 21 00 00000067   jeq 67 0035 (false 0014)
 0014: 15 20 00 0000015b   jeq 15b 0035 (false 0015)
 0015: 15 1f 00 0000015c   jeq 15c 0035 (false 0016)
 0016: 15 1e 00 00000087   jeq 87 0035 (false 0017)
 0017: 15 1d 00 00000095   jeq 95 0035 (false 0018)
 0018: 15 1c 00 0000007c   jeq 7c 0035 (false 0019)
 0019: 15 1b 00 00000157   jeq 157 0035 (false 001a)
 001a: 15 1a 00 000000fd   jeq fd 0035 (false 001b)
 001b: 15 19 00 00000150   jeq 150 0035 (false 001c)
 001c: 15 18 00 00000152   jeq 152 0035 (false 001d)
 001d: 15 17 00 0000015d   jeq 15d 0035 (false 001e)
 001e: 15 16 00 0000011e   jeq 11e 0035 (false 001f)
 001f: 15 15 00 0000011f   jeq 11f 0035 (false 0020)
 0020: 15 14 00 00000120   jeq 120 0035 (false 0021)
 0021: 15 13 00 00000056   jeq 56 0035 (false 0022)
 0022: 15 12 00 00000033   jeq 33 0035 (false 0023)
 0023: 15 11 00 0000007b   jeq 7b 0035 (false 0024)
 0024: 15 10 00 000000d9   jeq d9 0035 (false 0025)
 0025: 15 0f 00 000000f5   jeq f5 0035 (false 0026)
 0026: 15 0e 00 000000f6   jeq f6 0035 (false 0027)
 0027: 15 0d 00 000000f7   jeq f7 0035 (false 0028)
 0028: 15 0c 00 000000f8   jeq f8 0035 (false 0029)
 0029: 15 0b 00 000000f9   jeq f9 0035 (false 002a)
 002a: 15 0a 00 00000101   jeq 101 0035 (false 002b)
 002b: 15 09 00 00000112   jeq 112 0035 (false 002c)
 002c: 15 08 00 00000114   jeq 114 0035 (false 002d)
 002d: 15 07 00 00000126   jeq 126 0035 (false 002e)
 002e: 15 06 00 0000013d   jeq 13d 0035 (false 002f)
 002f: 15 05 00 0000013c   jeq 13c 0035 (false 0030)
 0030: 15 04 00 0000003d   jeq 3d 0035 (false 0031)
 0031: 15 03 00 00000058   jeq 58 0035 (false 0032)
 0032: 15 02 00 000000a9   jeq a9 0035 (false 0033)
 0033: 15 01 00 00000082   jeq 82 0035 (false 0034)
 0034: 06 00 00 7fff0000   ret ALLOW
 0035: 06 00 00 00000000   ret KILL
Dual 32/64 bit seccomp filter configured
configuring 74 seccomp entries in /run/firejail/mnt/seccomp
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp (null) 
Dropping all capabilities
Drop privileges: pid 5, uid 1000, gid 1000, nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 35 01 00 40000000   jge X32_ABI 0006 (false 0005)
 0005: 35 01 00 00000000   jge read 0007 (false 0006)
 0006: 06 00 00 00050001   ret ERRNO(1)
 0007: 15 41 00 0000009a   jeq modify_ldt 0049 (false 0008)
 0008: 15 40 00 000000d4   jeq lookup_dcookie 0049 (false 0009)
 0009: 15 3f 00 0000012a   jeq perf_event_open 0049 (false 000a)
 000a: 15 3e 00 00000137   jeq process_vm_writev 0049 (false 000b)
 000b: 15 3d 00 0000009c   jeq _sysctl 0049 (false 000c)
 000c: 15 3c 00 000000b7   jeq afs_syscall 0049 (false 000d)
 000d: 15 3b 00 000000ae   jeq create_module 0049 (false 000e)
 000e: 15 3a 00 000000b1   jeq get_kernel_syms 0049 (false 000f)
 000f: 15 39 00 000000b5   jeq getpmsg 0049 (false 0010)
 0010: 15 38 00 000000b6   jeq putpmsg 0049 (false 0011)
 0011: 15 37 00 000000b2   jeq query_module 0049 (false 0012)
 0012: 15 36 00 000000b9   jeq security 0049 (false 0013)
 0013: 15 35 00 0000008b   jeq sysfs 0049 (false 0014)
 0014: 15 34 00 000000b8   jeq tuxcall 0049 (false 0015)
 0015: 15 33 00 00000086   jeq uselib 0049 (false 0016)
 0016: 15 32 00 00000088   jeq ustat 0049 (false 0017)
 0017: 15 31 00 000000ec   jeq vserver 0049 (false 0018)
 0018: 15 30 00 0000009f   jeq adjtimex 0049 (false 0019)
 0019: 15 2f 00 00000131   jeq clock_adjtime 0049 (false 001a)
 001a: 15 2e 00 000000e3   jeq clock_settime 0049 (false 001b)
 001b: 15 2d 00 000000a4   jeq settimeofday 0049 (false 001c)
 001c: 15 2c 00 000000b0   jeq delete_module 0049 (false 001d)
 001d: 15 2b 00 00000139   jeq finit_module 0049 (false 001e)
 001e: 15 2a 00 000000af   jeq init_module 0049 (false 001f)
 001f: 15 29 00 000000ad   jeq ioperm 0049 (false 0020)
 0020: 15 28 00 000000ac   jeq iopl 0049 (false 0021)
 0021: 15 27 00 000000f6   jeq kexec_load 0049 (false 0022)
 0022: 15 26 00 00000140   jeq kexec_file_load 0049 (false 0023)
 0023: 15 25 00 000000a9   jeq reboot 0049 (false 0024)
 0024: 15 24 00 000000a7   jeq swapon 0049 (false 0025)
 0025: 15 23 00 000000a8   jeq swapoff 0049 (false 0026)
 0026: 15 22 00 000000a3   jeq acct 0049 (false 0027)
 0027: 15 21 00 00000141   jeq bpf 0049 (false 0028)
 0028: 15 20 00 000000a1   jeq chroot 0049 (false 0029)
 0029: 15 1f 00 000000a5   jeq mount 0049 (false 002a)
 002a: 15 1e 00 000000b4   jeq nfsservctl 0049 (false 002b)
 002b: 15 1d 00 0000009b   jeq pivot_root 0049 (false 002c)
 002c: 15 1c 00 000000ab   jeq setdomainname 0049 (false 002d)
 002d: 15 1b 00 000000aa   jeq sethostname 0049 (false 002e)
 002e: 15 1a 00 000000a6   jeq umount2 0049 (false 002f)
 002f: 15 19 00 00000099   jeq vhangup 0049 (false 0030)
 0030: 15 18 00 000000ee   jeq set_mempolicy 0049 (false 0031)
 0031: 15 17 00 00000100   jeq migrate_pages 0049 (false 0032)
 0032: 15 16 00 00000117   jeq move_pages 0049 (false 0033)
 0033: 15 15 00 000000ed   jeq mbind 0049 (false 0034)
 0034: 15 14 00 00000130   jeq open_by_handle_at 0049 (false 0035)
 0035: 15 13 00 0000012f   jeq name_to_handle_at 0049 (false 0036)
 0036: 15 12 00 000000fb   jeq ioprio_set 0049 (false 0037)
 0037: 15 11 00 00000067   jeq syslog 0049 (false 0038)
 0038: 15 10 00 0000012c   jeq fanotify_init 0049 (false 0039)
 0039: 15 0f 00 00000138   jeq kcmp 0049 (false 003a)
 003a: 15 0e 00 000000f8   jeq add_key 0049 (false 003b)
 003b: 15 0d 00 000000f9   jeq request_key 0049 (false 003c)
 003c: 15 0c 00 000000fa   jeq keyctl 0049 (false 003d)
 003d: 15 0b 00 000000ce   jeq io_setup 0049 (false 003e)
 003e: 15 0a 00 000000cf   jeq io_destroy 0049 (false 003f)
 003f: 15 09 00 000000d0   jeq io_getevents 0049 (false 0040)
 0040: 15 08 00 000000d1   jeq io_submit 0049 (false 0041)
 0041: 15 07 00 000000d2   jeq io_cancel 0049 (false 0042)
 0042: 15 06 00 000000d8   jeq remap_file_pages 0049 (false 0043)
 0043: 15 05 00 00000116   jeq vmsplice 0049 (false 0044)
 0044: 15 04 00 00000143   jeq userfaultfd 0049 (false 0045)
 0045: 15 03 00 00000065   jeq ptrace 0049 (false 0046)
 0046: 15 02 00 00000087   jeq personality 0049 (false 0047)
 0047: 15 01 00 00000136   jeq process_vm_readv 0049 (false 0048)
 0048: 06 00 00 7fff0000   ret ALLOW
 0049: 06 00 01 00000000   ret KILL
seccomp filter configured
noroot user namespace installed
Dropping all capabilities
NO_NEW_PRIVS set
Drop privileges: pid 1, uid 1000, gid 1000, nogroups 0
Supplementary groups: 29 
starting application
LD_PRELOAD=(null)
Running 'torbrowser'  command through /bin/bash
execvp argument 0: /bin/bash
execvp argument 1: -c
execvp argument 2: 'torbrowser' 
Child process initialized in 45.66 ms
Installing /run/firejail/mnt/seccomp seccomp filter
Installing /run/firejail/mnt/seccomp.32 seccomp filter
Installing /run/firejail/mnt/seccomp.protocol seccomp filter
monitoring pid 6

Sandbox monitor: waitpid 6 retval 6 status 0
Sandbox monitor: monitoring 42
monitoring pid 42

Sandbox monitor: waitpid 42 retval 42 status 0

Parent is shutting down, bye...
user@host:~$ 

<!-- gh-comment-id:431702696 --> @Nurmagoz commented on GitHub (Oct 21, 2018): Update , firejail worked inside debian after the last update , but its not inside Whonix (hope someone can tell me what is the error): ``` user@host:~$ firejail --debug torbrowser Autoselecting /bin/bash as shell Building quoted command line: 'torbrowser' Command name #torbrowser# Attempting to find default.profile... Found default profile in /etc/firejail directory Reading profile /etc/firejail/default.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-passwdmgr.inc Reading profile /etc/firejail/disable-programs.inc ** Note: you can use --noprofile to disable default.profile ** DISPLAY=:0 parsed as 0 Using the local network stack Parent pid 10690, child pid 10691 Host network configured Initializing child process PID namespace installed Mounting tmpfs on /run/firejail/mnt directory Creating empty /run/firejail/mnt/seccomp.protocol file Creating empty /run/firejail/mnt/seccomp.postexec file Build protocol filter: unix,inet,inet6 sbox run: /usr/lib/x86_64-linux-gnu/firejail/fseccomp protocol build unix,inet,inet6 /run/firejail/mnt/seccomp.protocol (null) Dropping all capabilities Drop privileges: pid 2, uid 1000, gid 1000, nogroups 1 No supplementary groups Mounting read-only /bin, /sbin, /lib, /lib32, /lib64, /usr, /etc, /var Mounting tmpfs on /var/lock Mounting tmpfs on /var/tmp Mounting tmpfs on /var/log Mounting tmpfs on /var/lib/dhcp Mounting tmpfs on /var/lib/sudo Create the new utmp file Mount the new utmp file Cleaning /home directory Sanitizing /etc/passwd, UID_MIN 1000 Sanitizing /etc/group, GID_MIN 1000 Disable /run/firejail/network Disable /run/firejail/bandwidth Disable /run/firejail/name Disable /run/firejail/x11 Remounting /proc and /proc/sys filesystems Remounting /sys directory Disable /sys/firmware Disable /sys/hypervisor Disable /sys/power Disable /sys/kernel/debug Disable /sys/kernel/vmcoreinfo Disable /proc/sys/fs/binfmt_misc Disable /proc/sys/kernel/core_pattern Disable /proc/sys/kernel/modprobe Disable /proc/sysrq-trigger Disable /proc/sys/vm/panic_on_oom Disable /proc/irq Disable /proc/bus Disable /proc/config.gz Disable /proc/sched_debug Disable /proc/timer_list Disable /proc/kallsyms Disable /lib/modules Disable /boot Disable /dev/port Disable /run/user/1000/gnupg Disable /run/user/1000/systemd Disable /dev/kmsg Disable /proc/kmsg Disable /home/user/.bash_history Disable /etc/X11/Xsession.d Disable /etc/xdg/autostart Mounting read-only /home/user/.cache/ksycoca5_en_DUcAY8MHK9CqUalxnSyf45tD93g= Mounting read-only /home/user/.local/share/konsole Disable /run/user/1000/kdeinit5__0 Disable /var/lib/systemd Disable /var/cache/apt Disable /var/lib/apt Disable /var/mail Disable /var/opt Disable /var/spool/cron Disable /var/mail (requested /var/spool/mail) Disable /etc/cron.hourly Disable /etc/cron.monthly Disable /etc/cron.weekly Disable /etc/cron.d Disable /etc/cron.daily Disable /etc/crontab Disable /etc/profile.d Disable /etc/rc.local Disable /etc/rc1.d Disable /etc/rc0.d Disable /etc/rcS.d Disable /etc/rc5.d Disable /etc/rc4.d Disable /etc/rc2.d Disable /etc/rc3.d Disable /etc/rc6.d Disable /etc/kernel Disable /etc/apparmor.d Disable /etc/apparmor Disable /etc/selinux Disable /etc/modules Disable /etc/modules-load.d Disable /etc/logrotate.conf Disable /etc/logrotate.d Disable /etc/adduser.conf Mounting read-only /home/user/.bash_logout Mounting read-only /home/user/.bashrc.whonix Mounting read-only /home/user/.profile Disable /home/user/.local/share/Trash Disable /home/user/.gnupg Disable /home/user/.pki Disable /etc/group- Disable /etc/gshadow Disable /etc/gshadow- Disable /etc/passwd- Disable /etc/shadow Disable /etc/shadow- Disable /sbin Disable /usr/local/sbin Disable /usr/sbin Disable /usr/bin/chage Disable /usr/bin/chfn Disable /usr/bin/chsh Disable /usr/bin/crontab Disable /usr/bin/expiry Disable /bin/fusermount Disable /usr/bin/gpasswd Disable /bin/mount Disable /usr/bin/newgrp Disable /bin/ntfs-3g Disable /usr/bin/pkexec Disable /usr/bin/newgrp (requested /usr/bin/sg) Disable /usr/bin/strace Disable /bin/su Disable /usr/bin/sudo Disable /bin/umount Disable /usr/bin/xev Mounting noexec /tmp/.X11-unix Disable /home/user/.config/baloofilerc Disable /home/user/.config/dolphinrc Disable /home/user/.config/hexchat Disable /home/user/.config/katepartrc Disable /home/user/.config/katevirc Disable /home/user/.config/kwriterc Disable /home/user/.config/org.kde.gwenviewrc Disable /home/user/.config/torbrowser Disable /home/user/.config/vlc Disable /home/user/.local/share/baloo Disable /home/user/.local/share/dolphin Disable /home/user/.local/share/kwrite Disable /home/user/.local/share/org.kde.gwenview Disable /home/user/.local/share/torbrowser Disable /home/user/.mozilla Disable /home/user/.thunderbird Disable /home/user/.cache/mozilla Disable /home/user/.cache/thunderbird Disable /sys/fs Disable /sys/module 1131 1022 0:93 /pulse /home/user/.config/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755 fsname=/pulse dir=/home/user/.config/pulse fstype=tmpfs Current directory: /home/user DISPLAY=:0 parsed as 0 Dropping all capabilities Install protocol filter: unix,inet,inet6 configuring 14 seccomp entries in /run/firejail/mnt/seccomp.protocol sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp.protocol (null) Dropping all capabilities Drop privileges: pid 3, uid 1000, gid 1000, nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 15 01 00 00000029 jeq socket 0006 (false 0005) 0005: 06 00 00 7fff0000 ret ALLOW 0006: 20 00 00 00000010 ld data.args[0] 0007: 15 00 01 00000001 jeq 1 0008 (false 0009) 0008: 06 00 00 7fff0000 ret ALLOW 0009: 15 00 01 00000002 jeq 2 000a (false 000b) 000a: 06 00 00 7fff0000 ret ALLOW 000b: 15 00 01 0000000a jeq a 000c (false 000d) 000c: 06 00 00 7fff0000 ret ALLOW 000d: 06 00 00 0005005f ret ERRNO(95) configuring 54 seccomp entries in /run/firejail/mnt/seccomp.32 sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp.32 (null) Dropping all capabilities Drop privileges: pid 4, uid 1000, gid 1000, nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 40000003 jeq ARCH_32 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 15 30 00 00000015 jeq 15 0035 (false 0005) 0005: 15 2f 00 00000034 jeq 34 0035 (false 0006) 0006: 15 2e 00 0000001a jeq 1a 0035 (false 0007) 0007: 15 2d 00 0000011b jeq 11b 0035 (false 0008) 0008: 15 2c 00 00000155 jeq 155 0035 (false 0009) 0009: 15 2b 00 00000156 jeq 156 0035 (false 000a) 000a: 15 2a 00 0000007f jeq 7f 0035 (false 000b) 000b: 15 29 00 00000080 jeq 80 0035 (false 000c) 000c: 15 28 00 0000015e jeq 15e 0035 (false 000d) 000d: 15 27 00 00000081 jeq 81 0035 (false 000e) 000e: 15 26 00 0000006e jeq 6e 0035 (false 000f) 000f: 15 25 00 00000065 jeq 65 0035 (false 0010) 0010: 15 24 00 00000121 jeq 121 0035 (false 0011) 0011: 15 23 00 00000057 jeq 57 0035 (false 0012) 0012: 15 22 00 00000073 jeq 73 0035 (false 0013) 0013: 15 21 00 00000067 jeq 67 0035 (false 0014) 0014: 15 20 00 0000015b jeq 15b 0035 (false 0015) 0015: 15 1f 00 0000015c jeq 15c 0035 (false 0016) 0016: 15 1e 00 00000087 jeq 87 0035 (false 0017) 0017: 15 1d 00 00000095 jeq 95 0035 (false 0018) 0018: 15 1c 00 0000007c jeq 7c 0035 (false 0019) 0019: 15 1b 00 00000157 jeq 157 0035 (false 001a) 001a: 15 1a 00 000000fd jeq fd 0035 (false 001b) 001b: 15 19 00 00000150 jeq 150 0035 (false 001c) 001c: 15 18 00 00000152 jeq 152 0035 (false 001d) 001d: 15 17 00 0000015d jeq 15d 0035 (false 001e) 001e: 15 16 00 0000011e jeq 11e 0035 (false 001f) 001f: 15 15 00 0000011f jeq 11f 0035 (false 0020) 0020: 15 14 00 00000120 jeq 120 0035 (false 0021) 0021: 15 13 00 00000056 jeq 56 0035 (false 0022) 0022: 15 12 00 00000033 jeq 33 0035 (false 0023) 0023: 15 11 00 0000007b jeq 7b 0035 (false 0024) 0024: 15 10 00 000000d9 jeq d9 0035 (false 0025) 0025: 15 0f 00 000000f5 jeq f5 0035 (false 0026) 0026: 15 0e 00 000000f6 jeq f6 0035 (false 0027) 0027: 15 0d 00 000000f7 jeq f7 0035 (false 0028) 0028: 15 0c 00 000000f8 jeq f8 0035 (false 0029) 0029: 15 0b 00 000000f9 jeq f9 0035 (false 002a) 002a: 15 0a 00 00000101 jeq 101 0035 (false 002b) 002b: 15 09 00 00000112 jeq 112 0035 (false 002c) 002c: 15 08 00 00000114 jeq 114 0035 (false 002d) 002d: 15 07 00 00000126 jeq 126 0035 (false 002e) 002e: 15 06 00 0000013d jeq 13d 0035 (false 002f) 002f: 15 05 00 0000013c jeq 13c 0035 (false 0030) 0030: 15 04 00 0000003d jeq 3d 0035 (false 0031) 0031: 15 03 00 00000058 jeq 58 0035 (false 0032) 0032: 15 02 00 000000a9 jeq a9 0035 (false 0033) 0033: 15 01 00 00000082 jeq 82 0035 (false 0034) 0034: 06 00 00 7fff0000 ret ALLOW 0035: 06 00 00 00000000 ret KILL Dual 32/64 bit seccomp filter configured configuring 74 seccomp entries in /run/firejail/mnt/seccomp sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp (null) Dropping all capabilities Drop privileges: pid 5, uid 1000, gid 1000, nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005) 0005: 35 01 00 00000000 jge read 0007 (false 0006) 0006: 06 00 00 00050001 ret ERRNO(1) 0007: 15 41 00 0000009a jeq modify_ldt 0049 (false 0008) 0008: 15 40 00 000000d4 jeq lookup_dcookie 0049 (false 0009) 0009: 15 3f 00 0000012a jeq perf_event_open 0049 (false 000a) 000a: 15 3e 00 00000137 jeq process_vm_writev 0049 (false 000b) 000b: 15 3d 00 0000009c jeq _sysctl 0049 (false 000c) 000c: 15 3c 00 000000b7 jeq afs_syscall 0049 (false 000d) 000d: 15 3b 00 000000ae jeq create_module 0049 (false 000e) 000e: 15 3a 00 000000b1 jeq get_kernel_syms 0049 (false 000f) 000f: 15 39 00 000000b5 jeq getpmsg 0049 (false 0010) 0010: 15 38 00 000000b6 jeq putpmsg 0049 (false 0011) 0011: 15 37 00 000000b2 jeq query_module 0049 (false 0012) 0012: 15 36 00 000000b9 jeq security 0049 (false 0013) 0013: 15 35 00 0000008b jeq sysfs 0049 (false 0014) 0014: 15 34 00 000000b8 jeq tuxcall 0049 (false 0015) 0015: 15 33 00 00000086 jeq uselib 0049 (false 0016) 0016: 15 32 00 00000088 jeq ustat 0049 (false 0017) 0017: 15 31 00 000000ec jeq vserver 0049 (false 0018) 0018: 15 30 00 0000009f jeq adjtimex 0049 (false 0019) 0019: 15 2f 00 00000131 jeq clock_adjtime 0049 (false 001a) 001a: 15 2e 00 000000e3 jeq clock_settime 0049 (false 001b) 001b: 15 2d 00 000000a4 jeq settimeofday 0049 (false 001c) 001c: 15 2c 00 000000b0 jeq delete_module 0049 (false 001d) 001d: 15 2b 00 00000139 jeq finit_module 0049 (false 001e) 001e: 15 2a 00 000000af jeq init_module 0049 (false 001f) 001f: 15 29 00 000000ad jeq ioperm 0049 (false 0020) 0020: 15 28 00 000000ac jeq iopl 0049 (false 0021) 0021: 15 27 00 000000f6 jeq kexec_load 0049 (false 0022) 0022: 15 26 00 00000140 jeq kexec_file_load 0049 (false 0023) 0023: 15 25 00 000000a9 jeq reboot 0049 (false 0024) 0024: 15 24 00 000000a7 jeq swapon 0049 (false 0025) 0025: 15 23 00 000000a8 jeq swapoff 0049 (false 0026) 0026: 15 22 00 000000a3 jeq acct 0049 (false 0027) 0027: 15 21 00 00000141 jeq bpf 0049 (false 0028) 0028: 15 20 00 000000a1 jeq chroot 0049 (false 0029) 0029: 15 1f 00 000000a5 jeq mount 0049 (false 002a) 002a: 15 1e 00 000000b4 jeq nfsservctl 0049 (false 002b) 002b: 15 1d 00 0000009b jeq pivot_root 0049 (false 002c) 002c: 15 1c 00 000000ab jeq setdomainname 0049 (false 002d) 002d: 15 1b 00 000000aa jeq sethostname 0049 (false 002e) 002e: 15 1a 00 000000a6 jeq umount2 0049 (false 002f) 002f: 15 19 00 00000099 jeq vhangup 0049 (false 0030) 0030: 15 18 00 000000ee jeq set_mempolicy 0049 (false 0031) 0031: 15 17 00 00000100 jeq migrate_pages 0049 (false 0032) 0032: 15 16 00 00000117 jeq move_pages 0049 (false 0033) 0033: 15 15 00 000000ed jeq mbind 0049 (false 0034) 0034: 15 14 00 00000130 jeq open_by_handle_at 0049 (false 0035) 0035: 15 13 00 0000012f jeq name_to_handle_at 0049 (false 0036) 0036: 15 12 00 000000fb jeq ioprio_set 0049 (false 0037) 0037: 15 11 00 00000067 jeq syslog 0049 (false 0038) 0038: 15 10 00 0000012c jeq fanotify_init 0049 (false 0039) 0039: 15 0f 00 00000138 jeq kcmp 0049 (false 003a) 003a: 15 0e 00 000000f8 jeq add_key 0049 (false 003b) 003b: 15 0d 00 000000f9 jeq request_key 0049 (false 003c) 003c: 15 0c 00 000000fa jeq keyctl 0049 (false 003d) 003d: 15 0b 00 000000ce jeq io_setup 0049 (false 003e) 003e: 15 0a 00 000000cf jeq io_destroy 0049 (false 003f) 003f: 15 09 00 000000d0 jeq io_getevents 0049 (false 0040) 0040: 15 08 00 000000d1 jeq io_submit 0049 (false 0041) 0041: 15 07 00 000000d2 jeq io_cancel 0049 (false 0042) 0042: 15 06 00 000000d8 jeq remap_file_pages 0049 (false 0043) 0043: 15 05 00 00000116 jeq vmsplice 0049 (false 0044) 0044: 15 04 00 00000143 jeq userfaultfd 0049 (false 0045) 0045: 15 03 00 00000065 jeq ptrace 0049 (false 0046) 0046: 15 02 00 00000087 jeq personality 0049 (false 0047) 0047: 15 01 00 00000136 jeq process_vm_readv 0049 (false 0048) 0048: 06 00 00 7fff0000 ret ALLOW 0049: 06 00 01 00000000 ret KILL seccomp filter configured noroot user namespace installed Dropping all capabilities NO_NEW_PRIVS set Drop privileges: pid 1, uid 1000, gid 1000, nogroups 0 Supplementary groups: 29 starting application LD_PRELOAD=(null) Running 'torbrowser' command through /bin/bash execvp argument 0: /bin/bash execvp argument 1: -c execvp argument 2: 'torbrowser' Child process initialized in 45.66 ms Installing /run/firejail/mnt/seccomp seccomp filter Installing /run/firejail/mnt/seccomp.32 seccomp filter Installing /run/firejail/mnt/seccomp.protocol seccomp filter monitoring pid 6 Sandbox monitor: waitpid 6 retval 6 status 0 Sandbox monitor: monitoring 42 monitoring pid 42 Sandbox monitor: waitpid 42 retval 42 status 0 Parent is shutting down, bye... user@host:~$ ```

gitea-mirror commented 2026-05-05 08:06:46 -06:00

Author

Owner

Copy link

@crass commented on GitHub (Oct 25, 2018):

Your command firejail --debug torbrowser is loading the default profile because there is no profile named torbrowser. Try explicitly using the torbrowser-launcher profile. If that doesn't work try the firefox.profile. Perhaps you can create a torbrowser profile and do a pull request.

<!-- gh-comment-id:432897073 --> @crass commented on GitHub (Oct 25, 2018): Your command `firejail --debug torbrowser` is loading the default profile because there is no profile named `torbrowser`. Try explicitly using the `torbrowser-launcher` profile. If that doesn't work try the `firefox.profile`. Perhaps you can create a `torbrowser` profile and do a pull request.

gitea-mirror commented 2026-05-05 08:06:47 -06:00

Author

Owner

Copy link

@rusty-snake commented on GitHub (May 14, 2019):

@TNTBOMBOM still an issue?

<!-- gh-comment-id:492355009 --> @rusty-snake commented on GitHub (May 14, 2019): @TNTBOMBOM still an issue?

gitea-mirror commented 2026-05-05 08:06:48 -06:00

Author

Owner

Copy link

@Nurmagoz commented on GitHub (May 15, 2019):

@TNTBOMBOM still an issue?

Yes but with Debian Buster by installing firejail-profiles (0.9.58.2-1)

https://packages.debian.org/buster/firejail-profiles

Since it wont be pushed to stretch , so the solution only in buster versions.

feel free to close ticket

<!-- gh-comment-id:492612088 --> @Nurmagoz commented on GitHub (May 15, 2019): > @TNTBOMBOM still an issue? Yes but with Debian Buster by installing firejail-profiles (0.9.58.2-1) https://packages.debian.org/buster/firejail-profiles Since it wont be pushed to stretch , so the solution only in buster versions. feel free to close ticket

gitea-mirror referenced this issue 2026-05-05 10:11:20 -06:00

[PR #1448] [MERGED] Match RPM license tag with license set in COPYING #3971

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

serialize_remounts_v2

landlock_v4

landlock

release-0.9.64

release-0.9.62

gitlab_ci

LTSbase

fred_ctests

docs

0.9.80

0.9.80-rc1

0.9.78

0.9.76

0.9.76-rc4

0.9.76-rc3

0.9.76-rc2

0.9.76-rc1

0.9.74

landlock-split

0.9.72

0.9.72rc1

0.9.70

0.9.68

0.9.68rc1

0.9.66

0.9.66rc1

0.9.64.4

0.9.64.2

0.9.64

0.9.64rc1

0.9.62.4

0.9.62.2

0.9.62

0.9.56.2-LTS

0.9.60

0.9.60-rc1

0.9.58.2

0.9.58

0.9.58-rc1

0.9.56-LTS-release

0.9.56-LTS

0.9.56

0.9.56-rc1

0.9.54

0.9.54-rc2

0.9.54-rc1

0.9.52

0.9.38.12

0.9.50

0.9.50-rc1

0.9.48

0.9.46

0.9.46-rc1

0.9.44.10

0.9.44.8

0.9.44.6

0.9.38.10

0.9.44.4

0.9.38.8

0.9.44.2

0.9.44

0.9.44-rc1

0.9.38.4

0.9.42

0.9.42-rc2

0.9.38.2

0.9.42-rc1

disable-globalcfg

0.9.40

0.9.40-rc1

0.9.38

0.9.38-rc1

0.9.36

0.9.36-rc1

0.9.34

0.9.34-rc1

0.9.32

0.9.32-rc1

0.9.30

0.9.30-rc1

Labels

Clear labels   

LTS merge

  

LTS merge

  

bug

  

bug

  

converted-to-discussion

  

doc-todo

  

documentation

  

duplicate

  

enhancement

  

file-transfer

  

firecfg

  

firejail-in-firejail

  

firetools

  

graphics

  

help wanted

  

information_old

  

installation

  

invalid

  

modif

  

moved

  

needinfo

  

networking

  

notabug

  

notourbug

  

old-version

  

overlayfs

  

packaging

  

profile-request

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question_old

  

removal

  

runtime-permissions

  

sandbox-ipc

  

security

  

stale

  

wiki

  

wiki

  

wontfix

  

wordpress

  

workaround

No labels

LTS merge

LTS merge

bug

bug

converted-to-discussion

doc-todo

documentation

duplicate

enhancement

file-transfer

firecfg

firejail-in-firejail

firetools

graphics

help wanted

information_old

installation

invalid

modif

moved

needinfo

networking

notabug

notourbug

old-version

overlayfs

packaging

profile-request

pull-request

question

question_old

removal

runtime-permissions

sandbox-ipc

security

stale

wiki

wiki

wontfix

wordpress

workaround

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#1448

No description provided.