github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #2862] Tor exited during startup. #1788

New issue
Closed
opened 2026-05-05 08:27:22 -06:00 by gitea-mirror · 13 comments
gitea-mirror commented 2026-05-05 08:27:22 -06:00
Owner
Copy link

Originally created by @ghost on GitHub (Jul 17, 2019).
Original GitHub issue: https://github.com/netblue30/firejail/issues/2862

The Tor Browser 8.5.4 fails to launch when used with the current torbrowser-launcher.profile (at the time of this writting).

> firejail --version
firejail version 0.9.60

Compile time support:
        - AppArmor support is enabled
        - AppImage support is enabled
        - chroot support is enabled
        - file and directory whitelisting support is enabled
        - file transfer support is enabled
        - networking support is enabled
        - overlayfs support is enabled
        - private-home support is enabled
        - seccomp-bpf support is enabled
        - user namespace support is enabled
        - X11 sandboxing support is enabled

>

> firejail --debug torbrowser-launcher
Reading profile torbrowser-launcher.profile
Reading profile allow-python2.inc
Reading profile allow-python3.inc
Reading profile /etc/firejail/disable-common.inc
Found disable-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-devel.inc
Found disable-devel.inc profile in /etc/firejail directory
Reading profile /home/user/.config/firejail/disable-exec.inc
Found disable-exec.inc profile in /home/user/.config/firejail directory
Reading profile /etc/firejail/disable-interpreters.inc
Found disable-interpreters.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-passwdmgr.inc
Found disable-passwdmgr.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-programs.inc
Found disable-programs.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-xdg.inc
Found disable-xdg.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-common.inc
Found whitelist-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-var-common.inc
Found whitelist-var-common.inc profile in /etc/firejail directory
Warning: networking feature is disabled in Firejail configuration file
DISPLAY=:0 parsed as 0
Parent pid 22968, child pid 22970
Building quoted command line: 'torbrowser-launcher' 
Command name #torbrowser-launcher#
Using the local network stack
Warning fcopy: skipping /etc/alternatives/fakeroot.sv.1.gz, cannot find inode
Warning fcopy: skipping /etc/alternatives/faked.sv.1.gz, cannot find inode
Warning: file /etc/asound.conf not found.
Warning: skipping asound.conf for private /etc
Warning: file /etc/crypto-policies not found.
Warning: skipping crypto-policies for private /etc
Private /etc installed in 41.44 ms
Building quoted command line: 'torbrowser-launcher' 
Command name #torbrowser-launcher#
Using the local network stack
Initializing child process
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp directory
Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file
Build protocol filter: unix,inet,inet6
sbox run: /run/firejail/lib/fseccomp protocol build unix,inet,inet6 /run/firejail/mnt/seccomp/seccomp.protocol (null) 
Basic read-only filesystem:
Mounting read-only /etc
Mounting noexec /etc
Mounting read-only /var
Mounting noexec /var
Mounting read-only /bin
Mounting read-only /sbin
Mounting read-only /lib
Mounting read-only /lib64
Mounting read-only /lib32
Mounting read-only /usr
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Mounting tmpfs on /var/lib/dhcp
Mounting tmpfs on /var/lib/nginx
Mounting tmpfs on /var/lib/snmp
Mounting tmpfs on /var/lib/sudo
Mounting tmpfs on /var/cache/apache2
Mounting tmpfs on /var/cache/lighttpd
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Cleaning /run/user directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /home/user/.config/firejail
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/x11
Mounting tmpfs on /dev
mounting /run/firejail/mnt/dev/snd directory
mounting /run/firejail/mnt/dev/dri directory
Process /dev/shm directory
Copying files in the new /etc directory:
copying /etc/alsa to private /etc
Creating empty /run/firejail/mnt/etc/alsa directory
sbox run: /run/firejail/lib/fcopy /etc/alsa /run/firejail/mnt/etc/alsa (null) 
copying /etc/alternatives to private /etc
Creating empty /run/firejail/mnt/etc/alternatives directory
sbox run: /run/firejail/lib/fcopy /etc/alternatives /run/firejail/mnt/etc/alternatives (null) 
copying /etc/ca-certificates to private /etc
Creating empty /run/firejail/mnt/etc/ca-certificates directory
sbox run: /run/firejail/lib/fcopy /etc/ca-certificates /run/firejail/mnt/etc/ca-certificates (null) 
copying /etc/fonts to private /etc
Creating empty /run/firejail/mnt/etc/fonts directory
sbox run: /run/firejail/lib/fcopy /etc/fonts /run/firejail/mnt/etc/fonts (null) 
copying /etc/hostname to private /etc
sbox run: /run/firejail/lib/fcopy /etc/hostname /run/firejail/mnt/etc (null) 
copying /etc/hosts to private /etc
sbox run: /run/firejail/lib/fcopy /etc/hosts /run/firejail/mnt/etc (null) 
copying /etc/ld.so.cache to private /etc
sbox run: /run/firejail/lib/fcopy /etc/ld.so.cache /run/firejail/mnt/etc (null) 
copying /etc/machine-id to private /etc
sbox run: /run/firejail/lib/fcopy /etc/machine-id /run/firejail/mnt/etc (null) 
copying /etc/pki to private /etc
Creating empty /run/firejail/mnt/etc/pki directory
sbox run: /run/firejail/lib/fcopy /etc/pki /run/firejail/mnt/etc/pki (null) 
copying /etc/pulse to private /etc
Creating empty /run/firejail/mnt/etc/pulse directory
sbox run: /run/firejail/lib/fcopy /etc/pulse /run/firejail/mnt/etc/pulse (null) 
copying /etc/resolv.conf to private /etc
sbox run: /run/firejail/lib/fcopy /etc/resolv.conf /run/firejail/mnt/etc (null) 
copying /etc/ssl to private /etc
Creating empty /run/firejail/mnt/etc/ssl directory
sbox run: /run/firejail/lib/fcopy /etc/ssl /run/firejail/mnt/etc/ssl (null) 
Mount-bind /run/firejail/mnt/etc on top of /etc
Creating an empty /etc/ld.so.preload file
Copying files in the new bin directory
Checking /usr/local/bin/bash
Checking /usr/bin/bash
Checking /bin/bash
sbox run: /run/firejail/lib/fcopy /bin/bash /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/cp
Checking /usr/bin/cp
Checking /bin/cp
sbox run: /run/firejail/lib/fcopy /bin/cp /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/dirname
Checking /usr/bin/dirname
sbox run: /run/firejail/lib/fcopy /usr/bin/dirname /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/env
Checking /usr/bin/env
sbox run: /run/firejail/lib/fcopy /usr/bin/env /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/expr
Checking /usr/bin/expr
sbox run: /run/firejail/lib/fcopy /usr/bin/expr /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/file
Checking /usr/bin/file
sbox run: /run/firejail/lib/fcopy /usr/bin/file /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/getconf
Checking /usr/bin/getconf
sbox run: /run/firejail/lib/fcopy /usr/bin/getconf /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/gpg
Checking /usr/bin/gpg
sbox run: /run/firejail/lib/fcopy /usr/bin/gpg /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/grep
Checking /usr/bin/grep
Checking /bin/grep
sbox run: /run/firejail/lib/fcopy /bin/grep /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/id
Checking /usr/bin/id
sbox run: /run/firejail/lib/fcopy /usr/bin/id /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/ln
Checking /usr/bin/ln
Checking /bin/ln
sbox run: /run/firejail/lib/fcopy /bin/ln /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/mkdir
Checking /usr/bin/mkdir
Checking /bin/mkdir
sbox run: /run/firejail/lib/fcopy /bin/mkdir /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python-argcomplete-check-easy-install-script /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python-argcomplete-tcsh /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python2-pbr /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python2-wsdump /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python3-jsonschema /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python3-tor-prompt /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python3-wsdump /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python3.6 /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python3.6m /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/pythonect /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python2-futurize /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python2-pasteurize /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python2-qr /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python3-futurize /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python3-pasteurize /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python3-qr /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/x86_64-linux-gnu-python2.7-config /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python-config /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/x86_64-linux-gnu-python2.7-config /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python2-config /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python2.7 /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python2 /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python2.7 /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/x86_64-linux-gnu-python2.7-config /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python2.7-config /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcoWarning: file tor-browser-en not found
67 programs installed in 138.01 ms
py /usr/bin/python2.7 /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/x86_64-linux-gnu-python3.7m-config /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python3.7-config /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/x86_64-linux-gnu-python3.7m-config /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python3.7m-config /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python3.7 /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python3.7m /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/x86_64-linux-gnu-python3.7m-config /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python3-config /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/x86_64-linux-gnu-python3.7m-config /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python3m-config /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python3.7 /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python3 /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python3.7m /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python3m /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/faraday /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python-faraday /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/readlink
Checking /usr/bin/readlink
Checking /bin/readlink
sbox run: /run/firejail/lib/fcopy /bin/readlink /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/rm
Checking /usr/bin/rm
Checking /bin/rm
sbox run: /run/firejail/lib/fcopy /bin/rm /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/sed
Checking /usr/bin/sed
Checking /bin/sed
sbox run: /run/firejail/lib/fcopy /bin/sed /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/sh
Checking /usr/bin/sh
Checking /bin/sh
sbox run: /run/firejail/lib/fcopy /bin/dash /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /bin/sh /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/tail
Checking /usr/bin/tail
sbox run: /run/firejail/lib/fcopy /usr/bin/tail /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/tar
Checking /usr/bin/tar
Checking /bin/tar
sbox run: /run/firejail/lib/fcopy /bin/tar /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/tclsh
Checking /usr/bin/tclsh
sbox run: /run/firejail/lib/fcopy /usr/bin/tclsh8.6 /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/tclsh /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/test
Checking /usr/bin/test
sbox run: /run/firejail/lib/fcopy /usr/bin/test /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/tor-browser-en
Checking /usr/bin/tor-browser-en
Checking /bin/tor-browser-en
Checking /usr/games/tor-browser-en
Checking /usr/local/games/tor-browser-en
Checking /usr/local/sbin/tor-browser-en
Checking /usr/sbin/tor-browser-en
Checking /sbin/tor-browser-en
Checking /usr/local/bin/torbrowser-launcher
firejail exec symlink detected
Checking /usr/bin/torbrowser-launcher
sbox run: /run/firejail/lib/fcopy /usr/bin/torbrowser-launcher /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/xz
Checking /usr/bin/xz
sbox run: /run/firejail/lib/fcopy /usr/bin/xz /run/firejail/mnt/bin (null) 
Mount-bind /run/firejail/mnt/bin on top of /usr/local/bin
Mount-bind /run/firejail/mnt/bin on top of /usr/bin
Mount-bind /run/firejail/mnt/bin on top of /bin
Mount-bind /run/firejail/mnt/bin on top of /usr/games
Mount-bind /run/firejail/mnt/bin on top of /usr/local/games
Mount-bind /run/firejail/mnt/bin on top of /usr/local/sbin
Mount-bind /run/firejail/mnt/bin on top of /usr/sbin
Mount-bind /run/firejail/mnt/bin on top of /sbin
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Debug 409: new_name #/home/user/Downloads#, whitelist
Debug 517: fname #/home/user/Downloads#, cfg.homedir #/home/user#
Debug 409: new_name #/home/user/.config/torbrowser#, whitelist
Debug 517: fname #/home/user/.config/torbrowser#, cfg.homedir #/home/user#
Debug 409: new_name #/home/user/.local/share/torbrowser#, whitelist
Debug 517: fname #/home/user/.local/share/torbrowser#, cfg.homedir #/home/user#
Debug 409: new_name #/home/user/.XCompose#, whitelist
blacklist /run/user/1000/bus
blacklist /home/user/.dbus
blacklist /run/dbus/system_bus_socket
Remounting /proc and /proc/sys filesystems
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/sched_debug
Disable /proc/timer_list
Disable /proc/kcore
Disable /proc/kallsyms
Disable /lib/modules
Disable /usr/lib/debug
Disable /boot
Disable /run/user/1000/gnupg
Disable /run/user/1000/systemd
Disable /proc/kmsg
Directory ${DOWNLOADS} resolved as Downloads
Replaced whitelist path: whitelist /home/user/Downloads
Replaced whitelist path: whitelist /home/user/.config/torbrowser
Replaced whitelist path: whitelist /home/user/.local/share/torbrowser
Removed whitelist/nowhitelist path: whitelist ${HOME}/.XCompose
	expanded: /home/user/.XCompose
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.asoundrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.asoundrc
	expanded: /home/user/.asoundrc
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.config/ibus#, whitelist
Debug 517: fname #/home/user/.config/ibus#, cfg.homedir #/home/user#
Debug 409: new_name #/home/user/.config/mimeapps.list#, whitelist
Debug 517: fname #/home/user/.config/mimeapps.list#, cfg.homedir #/home/user#
Debug 409: new_name #/home/user/.config/pkcs11#, whitelist
Replaced whitelist path: whitelist /home/user/.config/ibus
Replaced whitelist path: whitelist /home/user/.config/mimeapps.list
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/pkcs11
	expanded: /home/user/.config/pkcs11
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.config/user-dirs.dirs#, whitelist
Debug 517: fname #/home/user/.config/user-dirs.dirs#, cfg.homedir #/home/user#
Debug 409: new_name #/home/user/.drirc#, whitelist
Replaced whitelist path: whitelist /home/user/.config/user-dirs.dirs
Removed whitelist/nowhitelist path: whitelist ${HOME}/.drirc
	expanded: /home/user/.drirc
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.icons#, whitelist
Debug 517: fname #/home/user/.icons#, cfg.homedir #/home/user#
Debug 409: new_name #/home/user/.local/share/applications#, whitelist
Debug 517: fname #/home/user/.local/share/applications#, cfg.homedir #/home/user#
Debug 409: new_name #/home/user/.local/share/icons#, whitelist
Replaced whitelist path: whitelist /home/user/.icons
Replaced whitelist path: whitelist /home/user/.local/share/applications
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/icons
	expanded: /home/user/.local/share/icons
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.local/share/mime#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/mime
	expanded: /home/user/.local/share/mime
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.mime.types#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.mime.types
	expanded: /home/user/.mime.types
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.config/dconf#, whitelist
Debug 517: fname #/home/user/.config/dconf#, cfg.homedir #/home/user#
Debug 409: new_name #/home/user/.cache/fontconfig#, whitelist
Debug 517: fname #/home/user/.cache/fontconfig#, cfg.homedir #/home/user#
Debug 409: new_name #/home/user/.config/fontconfig#, whitelist
Replaced whitelist path: whitelist /home/user/.config/dconf
Replaced whitelist path: whitelist /home/user/.cache/fontconfig
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/fontconfig
	expanded: /home/user/.config/fontconfig
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.fontconfig#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fontconfig
	expanded: /home/user/.fontconfig
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.fonts#, whitelist
Debug 517: fname #/home/user/.fonts#, cfg.homedir #/home/user#
Debug 409: new_name #/home/user/.fonts.conf#, whitelist
Replaced whitelist path: whitelist /home/user/.fonts
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf
	expanded: /home/user/.fonts.conf
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.fonts.conf.d#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf.d
	expanded: /home/user/.fonts.conf.d
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.fonts.d#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.d
	expanded: /home/user/.fonts.d
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.local/share/fonts#, whitelist
Debug 517: fname #/home/user/.local/share/fonts#, cfg.homedir #/home/user#
Debug 409: new_name #/home/user/.pangorc#, whitelist
Replaced whitelist path: whitelist /home/user/.local/share/fonts
Removed whitelist/nowhitelist path: whitelist ${HOME}/.pangorc
	expanded: /home/user/.pangorc
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.config/gtk-2.0#, whitelist
Debug 517: fname #/home/user/.config/gtk-2.0#, cfg.homedir #/home/user#
Debug 409: new_name #/home/user/.config/gtk-3.0#, whitelist
Debug 517: fname #/home/user/.config/gtk-3.0#, cfg.homedir #/home/user#
Debug 409: new_name #/home/user/.config/gtkrc#, whitelist
Replaced whitelist path: whitelist /home/user/.config/gtk-2.0
Replaced whitelist path: whitelist /home/user/.config/gtk-3.0
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc
	expanded: /home/user/.config/gtkrc
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.config/gtkrc-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc-2.0
	expanded: /home/user/.config/gtkrc-2.0
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.gnome2#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2
	expanded: /home/user/.gnome2
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.gnome2-private#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2-private
	expanded: /home/user/.gnome2-private
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.gtk-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtk-2.0
	expanded: /home/user/.gtk-2.0
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.gtkrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtkrc
	expanded: /home/user/.gtkrc
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.gtkrc-2.0#, whitelist
Debug 517: fname #/home/user/.gtkrc-2.0#, cfg.homedir #/home/user#
Debug 409: new_name #/home/user/.kde/share/config/gtkrc#, whitelist
Replaced whitelist path: whitelist /home/user/.gtkrc-2.0
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc
	expanded: /home/user/.kde/share/config/gtkrc
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.kde/share/config/gtkrc-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc-2.0
	expanded: /home/user/.kde/share/config/gtkrc-2.0
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.kde4/share/config/gtkrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc
	expanded: /home/user/.kde4/share/config/gtkrc
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.kde4/share/config/gtkrc-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc-2.0
	expanded: /home/user/.kde4/share/config/gtkrc-2.0
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.local/share/themes#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/themes
	expanded: /home/user/.local/share/themes
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.themes#, whitelist
Debug 517: fname #/home/user/.themes#, cfg.homedir #/home/user#
Debug 409: new_name #/home/user/.cache/kioexec/krun#, whitelist
Replaced whitelist path: whitelist /home/user/.themes
Removed whitelist/nowhitelist path: whitelist ${HOME}/.cache/kioexec/krun
	expanded: /home/user/.cache/kioexec/krun
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.config/Kvantum#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/Kvantum
	expanded: /home/user/.config/Kvantum
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.config/Trolltech.conf#, whitelist
Debug 517: fname #/home/user/.config/Trolltech.conf#, cfg.homedir #/home/user#
Debug 409: new_name #/home/user/.config/kdeglobals#, whitelist
Debug 517: fname #/home/user/.config/kdeglobals#, cfg.homedir #/home/user#
Debug 409: new_name #/home/user/.config/kio_httprc#, whitelist
Replaced whitelist path: whitelist /home/user/.config/Trolltech.conf
Replaced whitelist path: whitelist /home/user/.config/kdeglobals
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kio_httprc
	expanded: /home/user/.config/kio_httprc
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.config/kioslaverc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kioslaverc
	expanded: /home/user/.config/kioslaverc
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.config/ksslcablacklist#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/ksslcablacklist
	expanded: /home/user/.config/ksslcablacklist
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.config/qt5ct#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/qt5ct
	expanded: /home/user/.config/qt5ct
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.kde/share/config/kdeglobals#, whitelist
Debug 517: fname #/home/user/.kde/share/config/kdeglobals#, cfg.homedir #/home/user#
Debug 409: new_name #/home/user/.kde/share/config/kio_httprc#, whitelist
Replaced whitelist path: whitelist /home/user/.kde/share/config/kdeglobals
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kio_httprc
	expanded: /home/user/.kde/share/config/kio_httprc
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.kde/share/config/kioslaverc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kioslaverc
	expanded: /home/user/.kde/share/config/kioslaverc
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.kde/share/config/ksslcablacklist#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/ksslcablacklist
	expanded: /home/user/.kde/share/config/ksslcablacklist
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.kde/share/config/oxygenrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/oxygenrc
	expanded: /home/user/.kde/share/config/oxygenrc
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.kde/share/icons#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/icons
	expanded: /home/user/.kde/share/icons
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.kde4/share/config/kdeglobals#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kdeglobals
	expanded: /home/user/.kde4/share/config/kdeglobals
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.kde4/share/config/kio_httprc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kio_httprc
	expanded: /home/user/.kde4/share/config/kio_httprc
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.kde4/share/config/kioslaverc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kioslaverc
	expanded: /home/user/.kde4/share/config/kioslaverc
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.kde4/share/config/ksslcablacklist#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/ksslcablacklist
	expanded: /home/user/.kde4/share/config/ksslcablacklist
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.kde4/share/config/oxygenrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/oxygenrc
	expanded: /home/user/.kde4/share/config/oxygenrc
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.kde4/share/icons#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/icons
	expanded: /home/user/.kde4/share/icons
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.local/share/qt5ct#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/qt5ct
	expanded: /home/user/.local/share/qt5ct
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/var/lib/dbus#, whitelist
Debug 409: new_name #/var/lib/menu-xdg#, whitelist
Debug 409: new_name #/var/cache/fontconfig#, whitelist
Debug 409: new_name #/var/tmp#, whitelist
Debug 409: new_name #/var/run#, whitelist
Debug 409: new_name #/var/lock#, whitelist
Debug 409: new_name #/tmp/.X11-unix#, whitelist
Debug 409: new_name #/tmp/pulse-PKdhtXMmr18n#, whitelist
Warning: cleaning all supplementary groups
Warning: cleaning all supplementary groups
Replaced whitelist path: whitelist /run
Replaced whitelist path: whitelist /run/lock
Mounting a new /home directory
Mounting a new /root directory
Create a new user directory
Mounting tmpfs on /tmp directory
Mounting tmpfs on /var directory
Whitelisting /home/user/Downloads
1939 1924 0:24 /home/user/Downloads /home/user/Downloads rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/Downloads
mountid=1939 fsname=/home/user/Downloads dir=/home/user/Downloads fstype=btrfs
Whitelisting /home/user/.config/torbrowser
1940 1924 0:24 /home/user/.config/torbrowser /home/user/.config/torbrowser rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.config/torbrowser
mountid=1940 fsname=/home/user/.config/torbrowser dir=/home/user/.config/torbrowser fstype=btrfs
Whitelisting /home/user/.local/share/torbrowser
1941 1924 0:24 /home/user/.local/share/torbrowser /home/user/.local/share/torbrowser rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.local/share/torbrowser
mountid=1941 fsname=/home/user/.local/share/torbrowser dir=/home/user/.local/share/torbrowser fstype=btrfs
Whitelisting /home/user/.config/ibus
1942 1924 0:24 /home/user/.config/ibus /home/user/.config/ibus rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.config/ibus
mountid=1942 fsname=/home/user/.config/ibus dir=/home/user/.config/ibus fstype=btrfs
Whitelisting /home/user/.config/mimeapps.list
1943 1924 0:24 /home/user/.config/mimeapps.list /home/user/.config/mimeapps.list rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.config/mimeapps.list
mountid=1943 fsname=/home/user/.config/mimeapps.list dir=/home/user/.config/mimeapps.list fstype=btrfs
Whitelisting /home/user/.config/user-dirs.dirs
1944 1924 0:24 /home/user/.config/user-dirs.dirs /home/user/.config/user-dirs.dirs rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.config/user-dirs.dirs
mountid=1944 fsname=/home/user/.config/user-dirs.dirs dir=/home/user/.config/user-dirs.dirs fstype=btrfs
Whitelisting /home/user/.icons
1945 1924 0:24 /home/user/.icons /home/user/.icons rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.icons
mountid=1945 fsname=/home/user/.icons dir=/home/user/.icons fstype=btrfs
Whitelisting /home/user/.local/share/applications
1946 1924 0:24 /home/user/.local/share/applications /home/user/.local/share/applications rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.local/share/applications
mountid=1946 fsname=/home/user/.local/share/applications dir=/home/user/.local/share/applications fstype=btrfs
Whitelisting /home/user/.config/dconf
1947 1924 0:24 /home/user/.config/dconf /home/user/.config/dconf rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.config/dconf
mountid=1947 fsname=/home/user/.config/dconf dir=/home/user/.config/dconf fstype=btrfs
Whitelisting /home/user/.cache/fontconfig
1948 1924 0:24 /home/user/.cache/fontconfig /home/user/.cache/fontconfig rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.cache/fontconfig
mountid=1948 fsname=/home/user/.cache/fontconfig dir=/home/user/.cache/fontconfig fstype=btrfs
Whitelisting /home/user/.fonts
1949 1924 0:24 /home/user/.fonts /home/user/.fonts rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.fonts
mountid=1949 fsname=/home/user/.fonts dir=/home/user/.fonts fstype=btrfs
Whitelisting /home/user/.local/share/fonts
1950 1924 0:24 /home/user/.local/share/fonts /home/user/.local/share/fonts rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.local/share/fonts
mountid=1950 fsname=/home/user/.local/share/fonts dir=/home/user/.local/share/fonts fstype=btrfs
Whitelisting /home/user/.config/gtk-2.0
1951 1924 0:24 /home/user/.config/gtk-2.0 /home/user/.config/gtk-2.0 rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.config/gtk-2.0
mountid=1951 fsname=/home/user/.config/gtk-2.0 dir=/home/user/.config/gtk-2.0 fstype=btrfs
Whitelisting /home/user/.config/gtk-3.0
1952 1924 0:24 /home/user/.config/gtk-3.0 /home/user/.config/gtk-3.0 rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.config/gtk-3.0
mountid=1952 fsname=/home/user/.config/gtk-3.0 dir=/home/user/.config/gtk-3.0 fstype=btrfs
Whitelisting /home/user/.gtkrc-2.0
1953 1924 0:24 /home/user/.gtkrc-2.0 /home/user/.gtkrc-2.0 rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.gtkrc-2.0
mountid=1953 fsname=/home/user/.gtkrc-2.0 dir=/home/user/.gtkrc-2.0 fstype=btrfs
Whitelisting /home/user/.themes
1954 1924 0:24 /home/user/.themes /home/user/.themes rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.themes
mountid=1954 fsname=/home/user/.themes dir=/home/user/.themes fstype=btrfs
Whitelisting /home/user/.config/Trolltech.conf
1955 1924 0:24 /home/user/.config/Trolltech.conf /home/user/.config/Trolltech.conf rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.config/Trolltech.conf
mountid=1955 fsname=/home/user/.config/Trolltech.conf dir=/home/user/.config/Trolltech.conf fstype=btrfs
Whitelisting /home/user/.config/kdeglobals
1956 1924 0:24 /home/user/.config/kdeglobals /home/user/.config/kdeglobals rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.config/kdeglobals
mountid=1956 fsname=/home/user/.config/kdeglobals dir=/home/user/.config/kdeglobals fstype=btrfs
Whitelisting /home/user/.kde/share/config/kdeglobals
1957 1924 0:24 /home/user/.kde/share/config/kdeglobals /home/user/.kde/share/config/kdeglobals rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.kde/share/config/kdeglobals
mountid=1957 fsname=/home/user/.kde/share/config/kdeglobals dir=/home/user/.kde/share/config/kdeglobals fstype=btrfs
Whitelisting /var/lib/dbus
1958 1938 0:24 /var/lib/dbus /var/lib/dbus ro,nosuid,nodev,noexec,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/var/lib/dbus
mountid=1958 fsname=/var/lib/dbus dir=/var/lib/dbus fstype=btrfs
Whitelisting /var/lib/menu-xdg
1959 1938 0:24 /var/lib/menu-xdg /var/lib/menu-xdg ro,nosuid,nodev,noexec,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/var/lib/menu-xdg
mountid=1959 fsname=/var/lib/menu-xdg dir=/var/lib/menu-xdg fstype=btrfs
Whitelisting /var/cache/fontconfig
1960 1938 0:24 /var/cache/fontconfig /var/cache/fontconfig ro,nosuid,nodev,noexec,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/var/cache/fontconfig
mountid=1960 fsname=/var/cache/fontconfig dir=/var/cache/fontconfig fstype=btrfs
Whitelisting /var/tmp
1961 1938 0:60 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw
mountid=1961 fsname=/ dir=/var/tmp fstype=tmpfs
Created symbolic link /var/run -> /run
Created symbolic link /var/lock -> /run/lock
Whitelisting /tmp/.X11-unix
1962 1927 0:24 /tmp/.X11-unix /tmp/.X11-unix rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/tmp/.X11-unix
mountid=1962 fsname=/tmp/.X11-unix dir=/tmp/.X11-unix fstype=btrfs
Whitelisting /tmp/pulse-PKdhtXMmr18n
1963 1927 0:24 /tmp/pulse-PKdhtXMmr18n /tmp/pulse-PKdhtXMmr18n rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/tmp/pulse-PKdhtXMmr18n
mountid=1963 fsname=/tmp/pulse-PKdhtXMmr18n dir=/tmp/pulse-PKdhtXMmr18n fstype=btrfs
Mounting read-only /home/user/.Xauthority
Mounting read-only /home/user/.config/kdeglobals
Mounting read-only /home/user/.kde/share/config/kdeglobals
Disable /run/docker.sock (requested /var/run/docker.sock)
Mounting read-only /home/user/.local/share/applications
Disable /sbin
Disable /usr/local/sbin
Disable /usr/sbin
Disable /usr/share/flatpak
Disable /usr/include
Disable /usr/share/java
Disable /usr/lib/valgrind
Mounting noexec /run/user/1000
Mounting noexec /dev/shm
Mounting noexec /tmp
Mounting noexec /tmp/.X11-unix
Mounting noexec /tmp/pulse-PKdhtXMmr18n
Disable /usr/share/lua
Disable /usr/lib/perl6
Disable /usr/share/perl
Disable /usr/share/perl-openssl-defaults
Disable /usr/share/perl5
Disable /usr/lib/php
Disable /usr/share/php7.3-common
Disable /usr/share/php7.3-json
Disable /usr/share/php7.3-mysql
Disable /usr/share/php7.3-opcache
Disable /usr/share/php7.3-pgsql
Disable /usr/share/php7.3-readline
Disable /usr/share/php7.3-sqlite3
Disable /usr/lib/ruby
Not blacklist /home/user/.local/bin/python2*
Not blacklist /snap/bin/python2*
Not blacklist /usr/local/sbin/python2*
Not blacklist /usr/sbin/python2*
Not blacklist /sbin/python2*
Not blacklist /usr/local/bin/python2.7-config
Not blacklist /usr/local/bin/python2
Not blacklist /usr/local/bin/python2.7
Not blacklist /usr/local/bin/python2-config
Not blacklist /usr/local/bin/python2-qr
Not blacklist /usr/local/bin/python2-pasteurize
Not blacklist /usr/local/bin/python2-futurize
Not blacklist /usr/local/bin/python2-wsdump
Not blacklist /usr/local/bin/python2-pbr
Not blacklist /usr/bin/python2.7-config
Not blacklist /usr/bin/python2
Not blacklist /usr/bin/python2.7
Not blacklist /usr/bin/python2-config
Not blacklist /usr/bin/python2-qr
Not blacklist /usr/bin/python2-pasteurize
Not blacklist /usr/bin/python2-futurize
Not blacklist /usr/bin/python2-wsdump
Not blacklist /usr/bin/python2-pbr
Not blacklist /bin/python2.7-config
Not blacklist /bin/python2
Not blacklist /bin/python2.7
Not blacklist /bin/python2-config
Not blacklist /bin/python2-qr
Not blacklist /bin/python2-pasteurize
Not blacklist /bin/python2-futurize
Not blacklist /bin/python2-wsdump
Not blacklist /bin/python2-pbr
Not blacklist /usr/local/games/python2.7-config
Not blacklist /usr/local/games/python2
Not blacklist /usr/local/games/python2.7
Not blacklist /usr/local/games/python2-config
Not blacklist /usr/local/games/python2-qr
Not blacklist /usr/local/games/python2-pasteurize
Not blacklist /usr/local/games/python2-futurize
Not blacklist /usr/local/games/python2-wsdump
Not blacklist /usr/local/games/python2-pbr
Not blacklist /usr/games/python2.7-config
Not blacklist /usr/games/python2
Not blacklist /usr/games/python2.7
Not blacklist /usr/games/python2-config
Not blacklist /usr/games/python2-qr
Not blacklist /usr/games/python2-pasteurize
Not blacklist /usr/games/python2-futurize
Not blacklist /usr/games/python2-wsdump
Not blacklist /usr/games/python2-pbr
Not blacklist /usr/include/python2*
Not blacklist /usr/lib/python2.6
Not blacklist /usr/lib/python2.7
Not blacklist /usr/local/lib/python2.7
Not blacklist /usr/share/python2*
Not blacklist /home/user/.local/bin/python3*
Not blacklist /snap/bin/python3*
Not blacklist /usr/local/sbin/python3*
Not blacklist /usr/sbin/python3*
Not blacklist /sbin/python3*
Not blacklist /usr/local/bin/python3m
Not blacklist /usr/local/bin/python3
Not blacklist /usr/local/bin/python3m-config
Not blacklist /usr/local/bin/python3-config
Not blacklist /usr/local/bin/python3.7m
Not blacklist /usr/local/bin/python3.7
Not blacklist /usr/local/bin/python3.7m-config
Not blacklist /usr/local/bin/python3.7-config
Not blacklist /usr/local/bin/python3-qr
Not blacklist /usr/local/bin/python3-pasteurize
Not blacklist /usr/local/bin/python3-futurize
Not blacklist /usr/local/bin/python3.6m
Not blacklist /usr/local/bin/python3.6
Not blacklist /usr/local/bin/python3-wsdump
Not blacklist /usr/local/bin/python3-tor-prompt
Not blacklist /usr/local/bin/python3-jsonschema
Not blacklist /usr/bin/python3m
Not blacklist /usr/bin/python3
Not blacklist /usr/bin/python3m-config
Not blacklist /usr/bin/python3-config
Not blacklist /usr/bin/python3.7m
Not blacklist /usr/bin/python3.7
Not blacklist /usr/bin/python3.7m-config
Not blacklist /usr/bin/python3.7-config
Not blacklist /usr/bin/python3-qr
Not blacWarning: cleaning all supplementary groups
Post-exec seccomp protector enabled
klist /usr/bin/python3-pasteurize
Not blacklist /usr/bin/python3-futurize
Not blacklist /usr/bin/python3.6m
Not blacklist /usr/bin/python3.6
Not blacklist /usr/bin/python3-wsdump
Not blacklist /usr/bin/python3-tor-prompt
Not blacklist /usr/bin/python3-jsonschema
Not blacklist /bin/python3m
Not blacklist /bin/python3
Not blacklist /bin/python3m-config
Not blacklist /bin/python3-config
Not blacklist /bin/python3.7m
Not blacklist /bin/python3.7
Not blacklist /bin/python3.7m-config
Not blacklist /bin/python3.7-config
Not blacklist /bin/python3-qr
Not blacklist /bin/python3-pasteurize
Not blacklist /bin/python3-futurize
Not blacklist /bin/python3.6m
Not blacklist /bin/python3.6
Not blacklist /bin/python3-wsdump
Not blacklist /bin/python3-tor-prompt
Not blacklist /bin/python3-jsonschema
Not blacklist /usr/local/games/python3m
Not blacklist /usr/local/games/python3
Not blacklist /usr/local/games/python3m-config
Not blacklist /usr/local/games/python3-config
Not blacklist /usr/local/games/python3.7m
Not blacklist /usr/local/games/python3.7
Not blacklist /usr/local/games/python3.7m-config
Not blacklist /usr/local/games/python3.7-config
Not blacklist /usr/local/games/python3-qr
Not blacklist /usr/local/games/python3-pasteurize
Not blacklist /usr/local/games/python3-futurize
Not blacklist /usr/local/games/python3.6m
Not blacklist /usr/local/games/python3.6
Not blacklist /usr/local/games/python3-wsdump
Not blacklist /usr/local/games/python3-tor-prompt
Not blacklist /usr/local/games/python3-jsonschema
Not blacklist /usr/games/python3m
Not blacklist /usr/games/python3
Not blacklist /usr/games/python3m-config
Not blacklist /usr/games/python3-config
Not blacklist /usr/games/python3.7m
Not blacklist /usr/games/python3.7
Not blacklist /usr/games/python3.7m-config
Not blacklist /usr/games/python3.7-config
Not blacklist /usr/games/python3-qr
Not blacklist /usr/games/python3-pasteurize
Not blacklist /usr/games/python3-futurize
Not blacklist /usr/games/python3.6m
Not blacklist /usr/games/python3.6
Not blacklist /usr/games/python3-wsdump
Not blacklist /usr/games/python3-tor-prompt
Not blacklist /usr/games/python3-jsonschema
Not blacklist /usr/include/python3*
Not blacklist /usr/lib/python3
Not blacklist /usr/lib/python3.6
Not blacklist /usr/lib/python3.7
Not blacklist /usr/local/lib/python3.6
Not blacklist /usr/local/lib/python3.7
Not blacklist /usr/share/python3
Not blacklist /usr/share/python3-plotly
Not blacklist /home/user/.config/torbrowser
Not blacklist /home/user/.local/share/torbrowser
Mounting read-only /home/user/.config/user-dirs.dirs
Mounting read-only /tmp/.X11-unix
Disable /sys/fs
Disable /sys/module
Disable /mnt
Disable /media
Disable /run/mount
Mounting noexec /run/firejail/mnt/pulse
Creating empty /home/user/.config/pulse directory
2013 1924 0:58 /pulse /home/user/.config/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755
mountid=2013 fsname=/pulse dir=/home/user/.config/pulse fstype=tmpfs
blacklist /dev/dvb
blacklist /dev/sr0
blacklist /dev/hidraw0
blacklist /dev/hidraw1
blacklist /dev/hidraw2
blacklist /dev/hidraw3
blacklist /dev/hidraw4
blacklist /dev/hidraw5
blacklist /dev/hidraw6
blacklist /dev/hidraw7
blacklist /dev/hidraw8
blacklist /dev/hidraw9
blacklist /dev/usb
blacklist /dev/video0
blacklist /dev/video1
blacklist /dev/video2
blacklist /dev/video3
blacklist /dev/video4
blacklist /dev/video5
blacklist /dev/video6
blacklist /dev/video7
blacklist /dev/video8
blacklist /dev/video9
Create the new ld.so.preload file
DISPLAY=:0 parsed as 0
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 15 01 00 00000029   jeq socket 0006 (false 0005)
 0005: 06 00 00 7fff0000   ret ALLOW
 0006: 20 00 00 00000010   ld  data.args[0]
 0007: 15 00 01 00000001   jeq 1 0008 (false 0009)
 0008: 06 00 00 7fff0000   ret ALLOW
 0009: 15 00 01 00000002   jeq 2 000a (false 000b)
 000a: 06 00 00 7fff0000   ret ALLOW
 000b: 15 00 01 0000000a   jeq a 000c (false 000d)
 000c: 06 00 00 7fff0000   ret ALLOW
 000d: 06 00 00 0005005f   ret ERRNO(95)
Seccomp list in: @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice, check list: @default-keep, prelist: adjtimex,clock_adjtime,clock_settime,settimeofday,modify_ldt,lookup_dcookie,perf_event_open,process_vm_writev,delete_module,finit_module,init_module,_sysctl,afs_syscall,create_module,get_kernel_syms,getpmsg,putpmsg,query_module,security,sysfs,tuxcall,uselib,ustat,vserver,ioperm,iopl,kexec_load,kexec_file_load,reboot,set_mempolicy,migrate_pages,move_pages,mbind,swapon,swapoff,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount2,userfaultfd,vhangup,vmsplice,
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 35 01 00 40000000   jge X32_ABI 0006 (false 0005)
 0005: 35 01 00 00000000   jge read 0007 (false 0006)
 0006: 06 00 00 00050001   ret ERRNO(1)
 0007: 15 40 00 0000009f   jeq adjtimex 0048 (false 0008)
 0008: 15 3f 00 00000131   jeq clock_adjtime 0048 (false 0009)
 0009: 15 3e 00 000000e3   jeq clock_settime 0048 (false 000a)
 000a: 15 3d 00 000000a4   jeq settimeofday 0048 (false 000b)
 000b: 15 3c 00 0000009a   jeq modify_ldt 0048 (false 000c)
 000c: 15 3b 00 000000d4   jeq lookup_dcookie 0048 (false 000d)
 000d: 15 3a 00 0000012a   jeq perf_event_open 0048 (false 000e)
 000e: 15 39 00 00000137   jeq process_vm_writev 0048 (false 000f)
 000f: 15 38 00 000000b0   jeq delete_module 0048 (false 0010)
 0010: 15 37 00 00000139   jeq finit_module 0048 (false 0011)
 0011: 15 36 00 000000af   jeq init_module 0048 (false 0012)
 0012: 15 35 00 0000009c   jeq _sysctl 0048 (false 0013)
 0013: 15 34 00 000000b7   jeq afs_syscall 0048 (false 0014)
 0014: 15 33 00 000000ae   jeq create_module 0048 (false 0015)
 0015: 15 32 00 000000b1   jeq get_kernel_syms 0048 (false 0016)
 0016: 15 31 00 000000b5   jeq getpmsg 0048 (false 0017)
 0017: 15 30 00 000000b6   jeq putpmsg 0048 (false 0018)
 0018: 15 2f 00 000000b2   jeq query_module 0048 (false 0019)
 0019: 15 2e 00 000000b9   jeq security 0048 (false 001a)
 001a: 15 2d 00 0000008b   jeq sysfs 0048 (false 001b)
 001b: 15 2c 00 000000b8   jeq tuxcall 0048 (false 001c)
 001c: 15 2b 00 00000086   jeq uselib 0048 (false 001d)
 001d: 15 2a 00 00000088   jeq ustat 0048 (false 001e)
 001e: 15 29 00 000000ec   jeq vserver 0048 (false 001f)
 001f: 15 28 00 000000ad   jeq ioperm 0048 (false 0020)
 0020: 15 27 00 000000ac   jeq iopl 0048 (false 0021)
 0021: 15 26 00 000000f6   jeq kexec_load 0048 (false 0022)
 0022: 15 25 00 00000140   jeq kexec_file_load 0048 (false 0023)
 0023: 15 24 00 000000a9   jeq reboot 0048 (false 0024)
 0024: 15 23 00 000000ee   jeq set_mempolicy 0048 (false 0025)
 0025: 15 22 00 00000100   jeq migrate_pages 0048 (false 0026)
 0026: 15 21 00 00000117   jeq move_pages 0048 (false 0027)
 0027: 15 20 00 000000ed   jeq mbind 0048 (false 0028)
 0028: 15 1f 00 000000a7   jeq swapon 0048 (false 0029)
 0029: 15 1e 00 000000a8   jeq swapoff 0048 (false 002a)
 002a: 15 1d 00 000000a3   jeq acct 0048 (false 002b)
 002b: 15 1c 00 000000f8   jeq add_key 0048 (false 002c)
 002c: 15 1b 00 00000141   jeq bpf 0048 (false 002d)
 002d: 15 1a 00 0000012c   jeq fanotify_init 0048 (false 002e)
 002e: 15 19 00 000000d2   jeq io_cancel 0048 (false 002f)
 002f: 15 18 00 000000cf   jeq io_destroy 0048 (false 0030)
 0030: 15 17 00 000000d0   jeq io_getevents 0048 (false 0031)
 0031: 15 16 00 000000ce   jeq io_setup 0048 (false 0032)
 0032: 15 15 00 000000d1   jeq io_submit 0048 (false 0033)
 0033: 15 14 00 000000fb   jeq ioprio_set 0048 (false 0034)
 0034: 15 13 00 00000138   jeq kcmp 0048 (false 0035)
 0035: 15 12 00 000000fa   jeq keyctl 0048 (false 0036)
 0036: 15 11 00 000000a5   jeq mount 0048 (false 0037)
 0037: 15 10 00 0000012f   jeq name_to_handle_at 0048 (false 0038)
 0038: 15 0f 00 000000b4   jeq nfsservctl 0048 (false 0039)
 0039: 15 0e 00 00000130   jeq open_by_handle_at 0048 (false 003a)
 003a: 15 0d 00 00000087   jeq personality 0048 (false 003b)
 003b: 15 0c 00 0000009b   jeq pivot_root 0048 (false 003c)
 003c: 15 0b 00 00000136   jeq process_vm_readv 0048 (false 003d)
 003d: 15 0a 00 00000065   jeq ptrace 0048 (false 003e)
 003e: 15 09 00 000000d8   jeq remap_file_pages 0048 (false 003f)
 003f: 15 08 00 000000f9   jeq request_key 0048 (false 0040)
 0040: 15 07 00 000000ab   jeq setdomainname 0048 (false 0041)
 0041: 15 06 00 000000aa   jeq sethostname 0048 (false 0042)
 0042: 15 05 00 00000067   jeq syslog 0048 (false 0043)
 0043: 15 04 00 000000a6   jeq umount2 0048 (false 0044)
 0044: 15 03 00 00000143   jeq userfaultfd 0048 (false 0045)
 0045: 15 02 00 00000099   jeq vhangup 0048 (false 0046)
 0046: 15 01 00 00000116   jeq vmsplice 0048 (false 0047)
 0047: 06 00 00 7fff0000   ret ALLOW
 0048: 06 00 00 00000000   ret KILL
Mount the new ld.so.preload file
Current directory: /home/user
Install protocol filter: unix,inet,inet6
configuring 14 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol (null) 
Build drop seccomp filter
sbox run: /run/firejail/lib/fseccomp drop /run/firejail/mnt/seccomp/seccomp /run/firejail/mnt/seccomp/seccomp.postexec @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice (null) 
sbox run: /run/firejail/lib/fsec-optimize /run/firejail/mnt/seccomp/seccomp (null) 
configuring 73 seccomp entries in /run/firejail/mnt/seccomp/seccomp
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp (null) 
seccomp filter configured
Mounting read-only /run/firejail/mnt/seccomp
Dropping all capabilities
noroot user namespace installed
Dropping all capabilities
NO_NEW_PRIVS set
Drop privileges: pid 1, uid 1000, gid 1000, nogroups 1
No supplementary groups
]0;firejail torbrowser-launcher Child process initialized in 243.09 ms
starting application
LD_PRELOAD=(null)
execvp argument 0: torbrowser-launcher
Gtk-Message: 21:25:09.387: Failed to load module "canberra-gtk-module"
Gtk-Message: 21:25:09.394: Failed to load module "canberra-gtk-module"
Qt: Session management error: None of the authentication protocols specified are supported
Launching './Browser/start-tor-browser --detach'...
Tor Browser Launcher
By Micah Lee, licensed under MIT
version 0.3.1
https://github.com/micahflee/torbrowser-launcher
Launching Tor Browser.
Running /home/user/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/start-tor-browser.desktop

Parent is shutting down, bye...
>
Originally created by @ghost on GitHub (Jul 17, 2019). Original GitHub issue: https://github.com/netblue30/firejail/issues/2862 The Tor Browser 8.5.4 [fails to launch](https://github.com/micahflee/torbrowser-launcher/issues/403) when used with the current [torbrowser-launcher.profile](https://github.com/netblue30/firejail/blob/master/etc/torbrowser-launcher.profile) (at the time of this writting). ``` > firejail --version firejail version 0.9.60 Compile time support: - AppArmor support is enabled - AppImage support is enabled - chroot support is enabled - file and directory whitelisting support is enabled - file transfer support is enabled - networking support is enabled - overlayfs support is enabled - private-home support is enabled - seccomp-bpf support is enabled - user namespace support is enabled - X11 sandboxing support is enabled > ``` ``` > firejail --debug torbrowser-launcher Reading profile torbrowser-launcher.profile Reading profile allow-python2.inc Reading profile allow-python3.inc Reading profile /etc/firejail/disable-common.inc Found disable-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-devel.inc Found disable-devel.inc profile in /etc/firejail directory Reading profile /home/user/.config/firejail/disable-exec.inc Found disable-exec.inc profile in /home/user/.config/firejail directory Reading profile /etc/firejail/disable-interpreters.inc Found disable-interpreters.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-passwdmgr.inc Found disable-passwdmgr.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-programs.inc Found disable-programs.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-xdg.inc Found disable-xdg.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-common.inc Found whitelist-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-var-common.inc Found whitelist-var-common.inc profile in /etc/firejail directory Warning: networking feature is disabled in Firejail configuration file DISPLAY=:0 parsed as 0 Parent pid 22968, child pid 22970 Building quoted command line: 'torbrowser-launcher' Command name #torbrowser-launcher# Using the local network stack Warning fcopy: skipping /etc/alternatives/fakeroot.sv.1.gz, cannot find inode Warning fcopy: skipping /etc/alternatives/faked.sv.1.gz, cannot find inode Warning: file /etc/asound.conf not found. Warning: skipping asound.conf for private /etc Warning: file /etc/crypto-policies not found. Warning: skipping crypto-policies for private /etc Private /etc installed in 41.44 ms Building quoted command line: 'torbrowser-launcher' Command name #torbrowser-launcher# Using the local network stack Initializing child process PID namespace installed Mounting tmpfs on /run/firejail/mnt directory Creating empty /run/firejail/mnt/seccomp directory Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file Build protocol filter: unix,inet,inet6 sbox run: /run/firejail/lib/fseccomp protocol build unix,inet,inet6 /run/firejail/mnt/seccomp/seccomp.protocol (null) Basic read-only filesystem: Mounting read-only /etc Mounting noexec /etc Mounting read-only /var Mounting noexec /var Mounting read-only /bin Mounting read-only /sbin Mounting read-only /lib Mounting read-only /lib64 Mounting read-only /lib32 Mounting read-only /usr Mounting tmpfs on /var/lock Mounting tmpfs on /var/tmp Mounting tmpfs on /var/log Mounting tmpfs on /var/lib/dhcp Mounting tmpfs on /var/lib/nginx Mounting tmpfs on /var/lib/snmp Mounting tmpfs on /var/lib/sudo Mounting tmpfs on /var/cache/apache2 Mounting tmpfs on /var/cache/lighttpd Create the new utmp file Mount the new utmp file Cleaning /home directory Cleaning /run/user directory Sanitizing /etc/passwd, UID_MIN 1000 Sanitizing /etc/group, GID_MIN 1000 Disable /home/user/.config/firejail Disable /run/firejail/network Disable /run/firejail/bandwidth Disable /run/firejail/name Disable /run/firejail/x11 Mounting tmpfs on /dev mounting /run/firejail/mnt/dev/snd directory mounting /run/firejail/mnt/dev/dri directory Process /dev/shm directory Copying files in the new /etc directory: copying /etc/alsa to private /etc Creating empty /run/firejail/mnt/etc/alsa directory sbox run: /run/firejail/lib/fcopy /etc/alsa /run/firejail/mnt/etc/alsa (null) copying /etc/alternatives to private /etc Creating empty /run/firejail/mnt/etc/alternatives directory sbox run: /run/firejail/lib/fcopy /etc/alternatives /run/firejail/mnt/etc/alternatives (null) copying /etc/ca-certificates to private /etc Creating empty /run/firejail/mnt/etc/ca-certificates directory sbox run: /run/firejail/lib/fcopy /etc/ca-certificates /run/firejail/mnt/etc/ca-certificates (null) copying /etc/fonts to private /etc Creating empty /run/firejail/mnt/etc/fonts directory sbox run: /run/firejail/lib/fcopy /etc/fonts /run/firejail/mnt/etc/fonts (null) copying /etc/hostname to private /etc sbox run: /run/firejail/lib/fcopy /etc/hostname /run/firejail/mnt/etc (null) copying /etc/hosts to private /etc sbox run: /run/firejail/lib/fcopy /etc/hosts /run/firejail/mnt/etc (null) copying /etc/ld.so.cache to private /etc sbox run: /run/firejail/lib/fcopy /etc/ld.so.cache /run/firejail/mnt/etc (null) copying /etc/machine-id to private /etc sbox run: /run/firejail/lib/fcopy /etc/machine-id /run/firejail/mnt/etc (null) copying /etc/pki to private /etc Creating empty /run/firejail/mnt/etc/pki directory sbox run: /run/firejail/lib/fcopy /etc/pki /run/firejail/mnt/etc/pki (null) copying /etc/pulse to private /etc Creating empty /run/firejail/mnt/etc/pulse directory sbox run: /run/firejail/lib/fcopy /etc/pulse /run/firejail/mnt/etc/pulse (null) copying /etc/resolv.conf to private /etc sbox run: /run/firejail/lib/fcopy /etc/resolv.conf /run/firejail/mnt/etc (null) copying /etc/ssl to private /etc Creating empty /run/firejail/mnt/etc/ssl directory sbox run: /run/firejail/lib/fcopy /etc/ssl /run/firejail/mnt/etc/ssl (null) Mount-bind /run/firejail/mnt/etc on top of /etc Creating an empty /etc/ld.so.preload file Copying files in the new bin directory Checking /usr/local/bin/bash Checking /usr/bin/bash Checking /bin/bash sbox run: /run/firejail/lib/fcopy /bin/bash /run/firejail/mnt/bin (null) Checking /usr/local/bin/cp Checking /usr/bin/cp Checking /bin/cp sbox run: /run/firejail/lib/fcopy /bin/cp /run/firejail/mnt/bin (null) Checking /usr/local/bin/dirname Checking /usr/bin/dirname sbox run: /run/firejail/lib/fcopy /usr/bin/dirname /run/firejail/mnt/bin (null) Checking /usr/local/bin/env Checking /usr/bin/env sbox run: /run/firejail/lib/fcopy /usr/bin/env /run/firejail/mnt/bin (null) Checking /usr/local/bin/expr Checking /usr/bin/expr sbox run: /run/firejail/lib/fcopy /usr/bin/expr /run/firejail/mnt/bin (null) Checking /usr/local/bin/file Checking /usr/bin/file sbox run: /run/firejail/lib/fcopy /usr/bin/file /run/firejail/mnt/bin (null) Checking /usr/local/bin/getconf Checking /usr/bin/getconf sbox run: /run/firejail/lib/fcopy /usr/bin/getconf /run/firejail/mnt/bin (null) Checking /usr/local/bin/gpg Checking /usr/bin/gpg sbox run: /run/firejail/lib/fcopy /usr/bin/gpg /run/firejail/mnt/bin (null) Checking /usr/local/bin/grep Checking /usr/bin/grep Checking /bin/grep sbox run: /run/firejail/lib/fcopy /bin/grep /run/firejail/mnt/bin (null) Checking /usr/local/bin/id Checking /usr/bin/id sbox run: /run/firejail/lib/fcopy /usr/bin/id /run/firejail/mnt/bin (null) Checking /usr/local/bin/ln Checking /usr/bin/ln Checking /bin/ln sbox run: /run/firejail/lib/fcopy /bin/ln /run/firejail/mnt/bin (null) Checking /usr/local/bin/mkdir Checking /usr/bin/mkdir Checking /bin/mkdir sbox run: /run/firejail/lib/fcopy /bin/mkdir /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python-argcomplete-check-easy-install-script /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python-argcomplete-tcsh /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python2-pbr /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python2-wsdump /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python3-jsonschema /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python3-tor-prompt /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python3-wsdump /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python3.6 /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python3.6m /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/pythonect /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python2-futurize /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python2-pasteurize /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python2-qr /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python3-futurize /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python3-pasteurize /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python3-qr /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/x86_64-linux-gnu-python2.7-config /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python-config /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/x86_64-linux-gnu-python2.7-config /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python2-config /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python2.7 /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python2 /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python2.7 /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/x86_64-linux-gnu-python2.7-config /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python2.7-config /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcoWarning: file tor-browser-en not found 67 programs installed in 138.01 ms py /usr/bin/python2.7 /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/x86_64-linux-gnu-python3.7m-config /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python3.7-config /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/x86_64-linux-gnu-python3.7m-config /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python3.7m-config /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python3.7 /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python3.7m /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/x86_64-linux-gnu-python3.7m-config /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python3-config /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/x86_64-linux-gnu-python3.7m-config /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python3m-config /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python3.7 /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python3 /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python3.7m /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python3m /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/faraday /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python-faraday /run/firejail/mnt/bin (null) Checking /usr/local/bin/readlink Checking /usr/bin/readlink Checking /bin/readlink sbox run: /run/firejail/lib/fcopy /bin/readlink /run/firejail/mnt/bin (null) Checking /usr/local/bin/rm Checking /usr/bin/rm Checking /bin/rm sbox run: /run/firejail/lib/fcopy /bin/rm /run/firejail/mnt/bin (null) Checking /usr/local/bin/sed Checking /usr/bin/sed Checking /bin/sed sbox run: /run/firejail/lib/fcopy /bin/sed /run/firejail/mnt/bin (null) Checking /usr/local/bin/sh Checking /usr/bin/sh Checking /bin/sh sbox run: /run/firejail/lib/fcopy /bin/dash /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /bin/sh /run/firejail/mnt/bin (null) Checking /usr/local/bin/tail Checking /usr/bin/tail sbox run: /run/firejail/lib/fcopy /usr/bin/tail /run/firejail/mnt/bin (null) Checking /usr/local/bin/tar Checking /usr/bin/tar Checking /bin/tar sbox run: /run/firejail/lib/fcopy /bin/tar /run/firejail/mnt/bin (null) Checking /usr/local/bin/tclsh Checking /usr/bin/tclsh sbox run: /run/firejail/lib/fcopy /usr/bin/tclsh8.6 /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/tclsh /run/firejail/mnt/bin (null) Checking /usr/local/bin/test Checking /usr/bin/test sbox run: /run/firejail/lib/fcopy /usr/bin/test /run/firejail/mnt/bin (null) Checking /usr/local/bin/tor-browser-en Checking /usr/bin/tor-browser-en Checking /bin/tor-browser-en Checking /usr/games/tor-browser-en Checking /usr/local/games/tor-browser-en Checking /usr/local/sbin/tor-browser-en Checking /usr/sbin/tor-browser-en Checking /sbin/tor-browser-en Checking /usr/local/bin/torbrowser-launcher firejail exec symlink detected Checking /usr/bin/torbrowser-launcher sbox run: /run/firejail/lib/fcopy /usr/bin/torbrowser-launcher /run/firejail/mnt/bin (null) Checking /usr/local/bin/xz Checking /usr/bin/xz sbox run: /run/firejail/lib/fcopy /usr/bin/xz /run/firejail/mnt/bin (null) Mount-bind /run/firejail/mnt/bin on top of /usr/local/bin Mount-bind /run/firejail/mnt/bin on top of /usr/bin Mount-bind /run/firejail/mnt/bin on top of /bin Mount-bind /run/firejail/mnt/bin on top of /usr/games Mount-bind /run/firejail/mnt/bin on top of /usr/local/games Mount-bind /run/firejail/mnt/bin on top of /usr/local/sbin Mount-bind /run/firejail/mnt/bin on top of /usr/sbin Mount-bind /run/firejail/mnt/bin on top of /sbin Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Debug 409: new_name #/home/user/Downloads#, whitelist Debug 517: fname #/home/user/Downloads#, cfg.homedir #/home/user# Debug 409: new_name #/home/user/.config/torbrowser#, whitelist Debug 517: fname #/home/user/.config/torbrowser#, cfg.homedir #/home/user# Debug 409: new_name #/home/user/.local/share/torbrowser#, whitelist Debug 517: fname #/home/user/.local/share/torbrowser#, cfg.homedir #/home/user# Debug 409: new_name #/home/user/.XCompose#, whitelist blacklist /run/user/1000/bus blacklist /home/user/.dbus blacklist /run/dbus/system_bus_socket Remounting /proc and /proc/sys filesystems Remounting /sys directory Disable /sys/firmware Disable /sys/hypervisor Disable /sys/power Disable /sys/kernel/debug Disable /sys/kernel/vmcoreinfo Disable /proc/sys/fs/binfmt_misc Disable /proc/sys/kernel/core_pattern Disable /proc/sys/kernel/modprobe Disable /proc/sysrq-trigger Disable /proc/sys/vm/panic_on_oom Disable /proc/irq Disable /proc/bus Disable /proc/sched_debug Disable /proc/timer_list Disable /proc/kcore Disable /proc/kallsyms Disable /lib/modules Disable /usr/lib/debug Disable /boot Disable /run/user/1000/gnupg Disable /run/user/1000/systemd Disable /proc/kmsg Directory ${DOWNLOADS} resolved as Downloads Replaced whitelist path: whitelist /home/user/Downloads Replaced whitelist path: whitelist /home/user/.config/torbrowser Replaced whitelist path: whitelist /home/user/.local/share/torbrowser Removed whitelist/nowhitelist path: whitelist ${HOME}/.XCompose expanded: /home/user/.XCompose real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.asoundrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.asoundrc expanded: /home/user/.asoundrc real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.config/ibus#, whitelist Debug 517: fname #/home/user/.config/ibus#, cfg.homedir #/home/user# Debug 409: new_name #/home/user/.config/mimeapps.list#, whitelist Debug 517: fname #/home/user/.config/mimeapps.list#, cfg.homedir #/home/user# Debug 409: new_name #/home/user/.config/pkcs11#, whitelist Replaced whitelist path: whitelist /home/user/.config/ibus Replaced whitelist path: whitelist /home/user/.config/mimeapps.list Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/pkcs11 expanded: /home/user/.config/pkcs11 real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.config/user-dirs.dirs#, whitelist Debug 517: fname #/home/user/.config/user-dirs.dirs#, cfg.homedir #/home/user# Debug 409: new_name #/home/user/.drirc#, whitelist Replaced whitelist path: whitelist /home/user/.config/user-dirs.dirs Removed whitelist/nowhitelist path: whitelist ${HOME}/.drirc expanded: /home/user/.drirc real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.icons#, whitelist Debug 517: fname #/home/user/.icons#, cfg.homedir #/home/user# Debug 409: new_name #/home/user/.local/share/applications#, whitelist Debug 517: fname #/home/user/.local/share/applications#, cfg.homedir #/home/user# Debug 409: new_name #/home/user/.local/share/icons#, whitelist Replaced whitelist path: whitelist /home/user/.icons Replaced whitelist path: whitelist /home/user/.local/share/applications Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/icons expanded: /home/user/.local/share/icons real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.local/share/mime#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/mime expanded: /home/user/.local/share/mime real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.mime.types#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.mime.types expanded: /home/user/.mime.types real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.config/dconf#, whitelist Debug 517: fname #/home/user/.config/dconf#, cfg.homedir #/home/user# Debug 409: new_name #/home/user/.cache/fontconfig#, whitelist Debug 517: fname #/home/user/.cache/fontconfig#, cfg.homedir #/home/user# Debug 409: new_name #/home/user/.config/fontconfig#, whitelist Replaced whitelist path: whitelist /home/user/.config/dconf Replaced whitelist path: whitelist /home/user/.cache/fontconfig Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/fontconfig expanded: /home/user/.config/fontconfig real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.fontconfig#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fontconfig expanded: /home/user/.fontconfig real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.fonts#, whitelist Debug 517: fname #/home/user/.fonts#, cfg.homedir #/home/user# Debug 409: new_name #/home/user/.fonts.conf#, whitelist Replaced whitelist path: whitelist /home/user/.fonts Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf expanded: /home/user/.fonts.conf real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.fonts.conf.d#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf.d expanded: /home/user/.fonts.conf.d real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.fonts.d#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.d expanded: /home/user/.fonts.d real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.local/share/fonts#, whitelist Debug 517: fname #/home/user/.local/share/fonts#, cfg.homedir #/home/user# Debug 409: new_name #/home/user/.pangorc#, whitelist Replaced whitelist path: whitelist /home/user/.local/share/fonts Removed whitelist/nowhitelist path: whitelist ${HOME}/.pangorc expanded: /home/user/.pangorc real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.config/gtk-2.0#, whitelist Debug 517: fname #/home/user/.config/gtk-2.0#, cfg.homedir #/home/user# Debug 409: new_name #/home/user/.config/gtk-3.0#, whitelist Debug 517: fname #/home/user/.config/gtk-3.0#, cfg.homedir #/home/user# Debug 409: new_name #/home/user/.config/gtkrc#, whitelist Replaced whitelist path: whitelist /home/user/.config/gtk-2.0 Replaced whitelist path: whitelist /home/user/.config/gtk-3.0 Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc expanded: /home/user/.config/gtkrc real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.config/gtkrc-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc-2.0 expanded: /home/user/.config/gtkrc-2.0 real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.gnome2#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2 expanded: /home/user/.gnome2 real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.gnome2-private#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2-private expanded: /home/user/.gnome2-private real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.gtk-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtk-2.0 expanded: /home/user/.gtk-2.0 real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.gtkrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtkrc expanded: /home/user/.gtkrc real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.gtkrc-2.0#, whitelist Debug 517: fname #/home/user/.gtkrc-2.0#, cfg.homedir #/home/user# Debug 409: new_name #/home/user/.kde/share/config/gtkrc#, whitelist Replaced whitelist path: whitelist /home/user/.gtkrc-2.0 Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc expanded: /home/user/.kde/share/config/gtkrc real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.kde/share/config/gtkrc-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc-2.0 expanded: /home/user/.kde/share/config/gtkrc-2.0 real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.kde4/share/config/gtkrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc expanded: /home/user/.kde4/share/config/gtkrc real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.kde4/share/config/gtkrc-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc-2.0 expanded: /home/user/.kde4/share/config/gtkrc-2.0 real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.local/share/themes#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/themes expanded: /home/user/.local/share/themes real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.themes#, whitelist Debug 517: fname #/home/user/.themes#, cfg.homedir #/home/user# Debug 409: new_name #/home/user/.cache/kioexec/krun#, whitelist Replaced whitelist path: whitelist /home/user/.themes Removed whitelist/nowhitelist path: whitelist ${HOME}/.cache/kioexec/krun expanded: /home/user/.cache/kioexec/krun real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.config/Kvantum#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/Kvantum expanded: /home/user/.config/Kvantum real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.config/Trolltech.conf#, whitelist Debug 517: fname #/home/user/.config/Trolltech.conf#, cfg.homedir #/home/user# Debug 409: new_name #/home/user/.config/kdeglobals#, whitelist Debug 517: fname #/home/user/.config/kdeglobals#, cfg.homedir #/home/user# Debug 409: new_name #/home/user/.config/kio_httprc#, whitelist Replaced whitelist path: whitelist /home/user/.config/Trolltech.conf Replaced whitelist path: whitelist /home/user/.config/kdeglobals Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kio_httprc expanded: /home/user/.config/kio_httprc real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.config/kioslaverc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kioslaverc expanded: /home/user/.config/kioslaverc real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.config/ksslcablacklist#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/ksslcablacklist expanded: /home/user/.config/ksslcablacklist real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.config/qt5ct#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/qt5ct expanded: /home/user/.config/qt5ct real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.kde/share/config/kdeglobals#, whitelist Debug 517: fname #/home/user/.kde/share/config/kdeglobals#, cfg.homedir #/home/user# Debug 409: new_name #/home/user/.kde/share/config/kio_httprc#, whitelist Replaced whitelist path: whitelist /home/user/.kde/share/config/kdeglobals Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kio_httprc expanded: /home/user/.kde/share/config/kio_httprc real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.kde/share/config/kioslaverc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kioslaverc expanded: /home/user/.kde/share/config/kioslaverc real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.kde/share/config/ksslcablacklist#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/ksslcablacklist expanded: /home/user/.kde/share/config/ksslcablacklist real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.kde/share/config/oxygenrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/oxygenrc expanded: /home/user/.kde/share/config/oxygenrc real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.kde/share/icons#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/icons expanded: /home/user/.kde/share/icons real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.kde4/share/config/kdeglobals#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kdeglobals expanded: /home/user/.kde4/share/config/kdeglobals real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.kde4/share/config/kio_httprc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kio_httprc expanded: /home/user/.kde4/share/config/kio_httprc real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.kde4/share/config/kioslaverc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kioslaverc expanded: /home/user/.kde4/share/config/kioslaverc real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.kde4/share/config/ksslcablacklist#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/ksslcablacklist expanded: /home/user/.kde4/share/config/ksslcablacklist real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.kde4/share/config/oxygenrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/oxygenrc expanded: /home/user/.kde4/share/config/oxygenrc real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.kde4/share/icons#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/icons expanded: /home/user/.kde4/share/icons real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.local/share/qt5ct#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/qt5ct expanded: /home/user/.local/share/qt5ct real path: (null) realpath: No such file or directory Debug 409: new_name #/var/lib/dbus#, whitelist Debug 409: new_name #/var/lib/menu-xdg#, whitelist Debug 409: new_name #/var/cache/fontconfig#, whitelist Debug 409: new_name #/var/tmp#, whitelist Debug 409: new_name #/var/run#, whitelist Debug 409: new_name #/var/lock#, whitelist Debug 409: new_name #/tmp/.X11-unix#, whitelist Debug 409: new_name #/tmp/pulse-PKdhtXMmr18n#, whitelist Warning: cleaning all supplementary groups Warning: cleaning all supplementary groups Replaced whitelist path: whitelist /run Replaced whitelist path: whitelist /run/lock Mounting a new /home directory Mounting a new /root directory Create a new user directory Mounting tmpfs on /tmp directory Mounting tmpfs on /var directory Whitelisting /home/user/Downloads 1939 1924 0:24 /home/user/Downloads /home/user/Downloads rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/Downloads mountid=1939 fsname=/home/user/Downloads dir=/home/user/Downloads fstype=btrfs Whitelisting /home/user/.config/torbrowser 1940 1924 0:24 /home/user/.config/torbrowser /home/user/.config/torbrowser rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.config/torbrowser mountid=1940 fsname=/home/user/.config/torbrowser dir=/home/user/.config/torbrowser fstype=btrfs Whitelisting /home/user/.local/share/torbrowser 1941 1924 0:24 /home/user/.local/share/torbrowser /home/user/.local/share/torbrowser rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.local/share/torbrowser mountid=1941 fsname=/home/user/.local/share/torbrowser dir=/home/user/.local/share/torbrowser fstype=btrfs Whitelisting /home/user/.config/ibus 1942 1924 0:24 /home/user/.config/ibus /home/user/.config/ibus rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.config/ibus mountid=1942 fsname=/home/user/.config/ibus dir=/home/user/.config/ibus fstype=btrfs Whitelisting /home/user/.config/mimeapps.list 1943 1924 0:24 /home/user/.config/mimeapps.list /home/user/.config/mimeapps.list rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.config/mimeapps.list mountid=1943 fsname=/home/user/.config/mimeapps.list dir=/home/user/.config/mimeapps.list fstype=btrfs Whitelisting /home/user/.config/user-dirs.dirs 1944 1924 0:24 /home/user/.config/user-dirs.dirs /home/user/.config/user-dirs.dirs rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.config/user-dirs.dirs mountid=1944 fsname=/home/user/.config/user-dirs.dirs dir=/home/user/.config/user-dirs.dirs fstype=btrfs Whitelisting /home/user/.icons 1945 1924 0:24 /home/user/.icons /home/user/.icons rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.icons mountid=1945 fsname=/home/user/.icons dir=/home/user/.icons fstype=btrfs Whitelisting /home/user/.local/share/applications 1946 1924 0:24 /home/user/.local/share/applications /home/user/.local/share/applications rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.local/share/applications mountid=1946 fsname=/home/user/.local/share/applications dir=/home/user/.local/share/applications fstype=btrfs Whitelisting /home/user/.config/dconf 1947 1924 0:24 /home/user/.config/dconf /home/user/.config/dconf rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.config/dconf mountid=1947 fsname=/home/user/.config/dconf dir=/home/user/.config/dconf fstype=btrfs Whitelisting /home/user/.cache/fontconfig 1948 1924 0:24 /home/user/.cache/fontconfig /home/user/.cache/fontconfig rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.cache/fontconfig mountid=1948 fsname=/home/user/.cache/fontconfig dir=/home/user/.cache/fontconfig fstype=btrfs Whitelisting /home/user/.fonts 1949 1924 0:24 /home/user/.fonts /home/user/.fonts rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.fonts mountid=1949 fsname=/home/user/.fonts dir=/home/user/.fonts fstype=btrfs Whitelisting /home/user/.local/share/fonts 1950 1924 0:24 /home/user/.local/share/fonts /home/user/.local/share/fonts rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.local/share/fonts mountid=1950 fsname=/home/user/.local/share/fonts dir=/home/user/.local/share/fonts fstype=btrfs Whitelisting /home/user/.config/gtk-2.0 1951 1924 0:24 /home/user/.config/gtk-2.0 /home/user/.config/gtk-2.0 rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.config/gtk-2.0 mountid=1951 fsname=/home/user/.config/gtk-2.0 dir=/home/user/.config/gtk-2.0 fstype=btrfs Whitelisting /home/user/.config/gtk-3.0 1952 1924 0:24 /home/user/.config/gtk-3.0 /home/user/.config/gtk-3.0 rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.config/gtk-3.0 mountid=1952 fsname=/home/user/.config/gtk-3.0 dir=/home/user/.config/gtk-3.0 fstype=btrfs Whitelisting /home/user/.gtkrc-2.0 1953 1924 0:24 /home/user/.gtkrc-2.0 /home/user/.gtkrc-2.0 rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.gtkrc-2.0 mountid=1953 fsname=/home/user/.gtkrc-2.0 dir=/home/user/.gtkrc-2.0 fstype=btrfs Whitelisting /home/user/.themes 1954 1924 0:24 /home/user/.themes /home/user/.themes rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.themes mountid=1954 fsname=/home/user/.themes dir=/home/user/.themes fstype=btrfs Whitelisting /home/user/.config/Trolltech.conf 1955 1924 0:24 /home/user/.config/Trolltech.conf /home/user/.config/Trolltech.conf rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.config/Trolltech.conf mountid=1955 fsname=/home/user/.config/Trolltech.conf dir=/home/user/.config/Trolltech.conf fstype=btrfs Whitelisting /home/user/.config/kdeglobals 1956 1924 0:24 /home/user/.config/kdeglobals /home/user/.config/kdeglobals rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.config/kdeglobals mountid=1956 fsname=/home/user/.config/kdeglobals dir=/home/user/.config/kdeglobals fstype=btrfs Whitelisting /home/user/.kde/share/config/kdeglobals 1957 1924 0:24 /home/user/.kde/share/config/kdeglobals /home/user/.kde/share/config/kdeglobals rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.kde/share/config/kdeglobals mountid=1957 fsname=/home/user/.kde/share/config/kdeglobals dir=/home/user/.kde/share/config/kdeglobals fstype=btrfs Whitelisting /var/lib/dbus 1958 1938 0:24 /var/lib/dbus /var/lib/dbus ro,nosuid,nodev,noexec,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/var/lib/dbus mountid=1958 fsname=/var/lib/dbus dir=/var/lib/dbus fstype=btrfs Whitelisting /var/lib/menu-xdg 1959 1938 0:24 /var/lib/menu-xdg /var/lib/menu-xdg ro,nosuid,nodev,noexec,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/var/lib/menu-xdg mountid=1959 fsname=/var/lib/menu-xdg dir=/var/lib/menu-xdg fstype=btrfs Whitelisting /var/cache/fontconfig 1960 1938 0:24 /var/cache/fontconfig /var/cache/fontconfig ro,nosuid,nodev,noexec,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/var/cache/fontconfig mountid=1960 fsname=/var/cache/fontconfig dir=/var/cache/fontconfig fstype=btrfs Whitelisting /var/tmp 1961 1938 0:60 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw mountid=1961 fsname=/ dir=/var/tmp fstype=tmpfs Created symbolic link /var/run -> /run Created symbolic link /var/lock -> /run/lock Whitelisting /tmp/.X11-unix 1962 1927 0:24 /tmp/.X11-unix /tmp/.X11-unix rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/tmp/.X11-unix mountid=1962 fsname=/tmp/.X11-unix dir=/tmp/.X11-unix fstype=btrfs Whitelisting /tmp/pulse-PKdhtXMmr18n 1963 1927 0:24 /tmp/pulse-PKdhtXMmr18n /tmp/pulse-PKdhtXMmr18n rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/tmp/pulse-PKdhtXMmr18n mountid=1963 fsname=/tmp/pulse-PKdhtXMmr18n dir=/tmp/pulse-PKdhtXMmr18n fstype=btrfs Mounting read-only /home/user/.Xauthority Mounting read-only /home/user/.config/kdeglobals Mounting read-only /home/user/.kde/share/config/kdeglobals Disable /run/docker.sock (requested /var/run/docker.sock) Mounting read-only /home/user/.local/share/applications Disable /sbin Disable /usr/local/sbin Disable /usr/sbin Disable /usr/share/flatpak Disable /usr/include Disable /usr/share/java Disable /usr/lib/valgrind Mounting noexec /run/user/1000 Mounting noexec /dev/shm Mounting noexec /tmp Mounting noexec /tmp/.X11-unix Mounting noexec /tmp/pulse-PKdhtXMmr18n Disable /usr/share/lua Disable /usr/lib/perl6 Disable /usr/share/perl Disable /usr/share/perl-openssl-defaults Disable /usr/share/perl5 Disable /usr/lib/php Disable /usr/share/php7.3-common Disable /usr/share/php7.3-json Disable /usr/share/php7.3-mysql Disable /usr/share/php7.3-opcache Disable /usr/share/php7.3-pgsql Disable /usr/share/php7.3-readline Disable /usr/share/php7.3-sqlite3 Disable /usr/lib/ruby Not blacklist /home/user/.local/bin/python2* Not blacklist /snap/bin/python2* Not blacklist /usr/local/sbin/python2* Not blacklist /usr/sbin/python2* Not blacklist /sbin/python2* Not blacklist /usr/local/bin/python2.7-config Not blacklist /usr/local/bin/python2 Not blacklist /usr/local/bin/python2.7 Not blacklist /usr/local/bin/python2-config Not blacklist /usr/local/bin/python2-qr Not blacklist /usr/local/bin/python2-pasteurize Not blacklist /usr/local/bin/python2-futurize Not blacklist /usr/local/bin/python2-wsdump Not blacklist /usr/local/bin/python2-pbr Not blacklist /usr/bin/python2.7-config Not blacklist /usr/bin/python2 Not blacklist /usr/bin/python2.7 Not blacklist /usr/bin/python2-config Not blacklist /usr/bin/python2-qr Not blacklist /usr/bin/python2-pasteurize Not blacklist /usr/bin/python2-futurize Not blacklist /usr/bin/python2-wsdump Not blacklist /usr/bin/python2-pbr Not blacklist /bin/python2.7-config Not blacklist /bin/python2 Not blacklist /bin/python2.7 Not blacklist /bin/python2-config Not blacklist /bin/python2-qr Not blacklist /bin/python2-pasteurize Not blacklist /bin/python2-futurize Not blacklist /bin/python2-wsdump Not blacklist /bin/python2-pbr Not blacklist /usr/local/games/python2.7-config Not blacklist /usr/local/games/python2 Not blacklist /usr/local/games/python2.7 Not blacklist /usr/local/games/python2-config Not blacklist /usr/local/games/python2-qr Not blacklist /usr/local/games/python2-pasteurize Not blacklist /usr/local/games/python2-futurize Not blacklist /usr/local/games/python2-wsdump Not blacklist /usr/local/games/python2-pbr Not blacklist /usr/games/python2.7-config Not blacklist /usr/games/python2 Not blacklist /usr/games/python2.7 Not blacklist /usr/games/python2-config Not blacklist /usr/games/python2-qr Not blacklist /usr/games/python2-pasteurize Not blacklist /usr/games/python2-futurize Not blacklist /usr/games/python2-wsdump Not blacklist /usr/games/python2-pbr Not blacklist /usr/include/python2* Not blacklist /usr/lib/python2.6 Not blacklist /usr/lib/python2.7 Not blacklist /usr/local/lib/python2.7 Not blacklist /usr/share/python2* Not blacklist /home/user/.local/bin/python3* Not blacklist /snap/bin/python3* Not blacklist /usr/local/sbin/python3* Not blacklist /usr/sbin/python3* Not blacklist /sbin/python3* Not blacklist /usr/local/bin/python3m Not blacklist /usr/local/bin/python3 Not blacklist /usr/local/bin/python3m-config Not blacklist /usr/local/bin/python3-config Not blacklist /usr/local/bin/python3.7m Not blacklist /usr/local/bin/python3.7 Not blacklist /usr/local/bin/python3.7m-config Not blacklist /usr/local/bin/python3.7-config Not blacklist /usr/local/bin/python3-qr Not blacklist /usr/local/bin/python3-pasteurize Not blacklist /usr/local/bin/python3-futurize Not blacklist /usr/local/bin/python3.6m Not blacklist /usr/local/bin/python3.6 Not blacklist /usr/local/bin/python3-wsdump Not blacklist /usr/local/bin/python3-tor-prompt Not blacklist /usr/local/bin/python3-jsonschema Not blacklist /usr/bin/python3m Not blacklist /usr/bin/python3 Not blacklist /usr/bin/python3m-config Not blacklist /usr/bin/python3-config Not blacklist /usr/bin/python3.7m Not blacklist /usr/bin/python3.7 Not blacklist /usr/bin/python3.7m-config Not blacklist /usr/bin/python3.7-config Not blacklist /usr/bin/python3-qr Not blacWarning: cleaning all supplementary groups Post-exec seccomp protector enabled klist /usr/bin/python3-pasteurize Not blacklist /usr/bin/python3-futurize Not blacklist /usr/bin/python3.6m Not blacklist /usr/bin/python3.6 Not blacklist /usr/bin/python3-wsdump Not blacklist /usr/bin/python3-tor-prompt Not blacklist /usr/bin/python3-jsonschema Not blacklist /bin/python3m Not blacklist /bin/python3 Not blacklist /bin/python3m-config Not blacklist /bin/python3-config Not blacklist /bin/python3.7m Not blacklist /bin/python3.7 Not blacklist /bin/python3.7m-config Not blacklist /bin/python3.7-config Not blacklist /bin/python3-qr Not blacklist /bin/python3-pasteurize Not blacklist /bin/python3-futurize Not blacklist /bin/python3.6m Not blacklist /bin/python3.6 Not blacklist /bin/python3-wsdump Not blacklist /bin/python3-tor-prompt Not blacklist /bin/python3-jsonschema Not blacklist /usr/local/games/python3m Not blacklist /usr/local/games/python3 Not blacklist /usr/local/games/python3m-config Not blacklist /usr/local/games/python3-config Not blacklist /usr/local/games/python3.7m Not blacklist /usr/local/games/python3.7 Not blacklist /usr/local/games/python3.7m-config Not blacklist /usr/local/games/python3.7-config Not blacklist /usr/local/games/python3-qr Not blacklist /usr/local/games/python3-pasteurize Not blacklist /usr/local/games/python3-futurize Not blacklist /usr/local/games/python3.6m Not blacklist /usr/local/games/python3.6 Not blacklist /usr/local/games/python3-wsdump Not blacklist /usr/local/games/python3-tor-prompt Not blacklist /usr/local/games/python3-jsonschema Not blacklist /usr/games/python3m Not blacklist /usr/games/python3 Not blacklist /usr/games/python3m-config Not blacklist /usr/games/python3-config Not blacklist /usr/games/python3.7m Not blacklist /usr/games/python3.7 Not blacklist /usr/games/python3.7m-config Not blacklist /usr/games/python3.7-config Not blacklist /usr/games/python3-qr Not blacklist /usr/games/python3-pasteurize Not blacklist /usr/games/python3-futurize Not blacklist /usr/games/python3.6m Not blacklist /usr/games/python3.6 Not blacklist /usr/games/python3-wsdump Not blacklist /usr/games/python3-tor-prompt Not blacklist /usr/games/python3-jsonschema Not blacklist /usr/include/python3* Not blacklist /usr/lib/python3 Not blacklist /usr/lib/python3.6 Not blacklist /usr/lib/python3.7 Not blacklist /usr/local/lib/python3.6 Not blacklist /usr/local/lib/python3.7 Not blacklist /usr/share/python3 Not blacklist /usr/share/python3-plotly Not blacklist /home/user/.config/torbrowser Not blacklist /home/user/.local/share/torbrowser Mounting read-only /home/user/.config/user-dirs.dirs Mounting read-only /tmp/.X11-unix Disable /sys/fs Disable /sys/module Disable /mnt Disable /media Disable /run/mount Mounting noexec /run/firejail/mnt/pulse Creating empty /home/user/.config/pulse directory 2013 1924 0:58 /pulse /home/user/.config/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755 mountid=2013 fsname=/pulse dir=/home/user/.config/pulse fstype=tmpfs blacklist /dev/dvb blacklist /dev/sr0 blacklist /dev/hidraw0 blacklist /dev/hidraw1 blacklist /dev/hidraw2 blacklist /dev/hidraw3 blacklist /dev/hidraw4 blacklist /dev/hidraw5 blacklist /dev/hidraw6 blacklist /dev/hidraw7 blacklist /dev/hidraw8 blacklist /dev/hidraw9 blacklist /dev/usb blacklist /dev/video0 blacklist /dev/video1 blacklist /dev/video2 blacklist /dev/video3 blacklist /dev/video4 blacklist /dev/video5 blacklist /dev/video6 blacklist /dev/video7 blacklist /dev/video8 blacklist /dev/video9 Create the new ld.so.preload file DISPLAY=:0 parsed as 0 line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 15 01 00 00000029 jeq socket 0006 (false 0005) 0005: 06 00 00 7fff0000 ret ALLOW 0006: 20 00 00 00000010 ld data.args[0] 0007: 15 00 01 00000001 jeq 1 0008 (false 0009) 0008: 06 00 00 7fff0000 ret ALLOW 0009: 15 00 01 00000002 jeq 2 000a (false 000b) 000a: 06 00 00 7fff0000 ret ALLOW 000b: 15 00 01 0000000a jeq a 000c (false 000d) 000c: 06 00 00 7fff0000 ret ALLOW 000d: 06 00 00 0005005f ret ERRNO(95) Seccomp list in: @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice, check list: @default-keep, prelist: adjtimex,clock_adjtime,clock_settime,settimeofday,modify_ldt,lookup_dcookie,perf_event_open,process_vm_writev,delete_module,finit_module,init_module,_sysctl,afs_syscall,create_module,get_kernel_syms,getpmsg,putpmsg,query_module,security,sysfs,tuxcall,uselib,ustat,vserver,ioperm,iopl,kexec_load,kexec_file_load,reboot,set_mempolicy,migrate_pages,move_pages,mbind,swapon,swapoff,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount2,userfaultfd,vhangup,vmsplice, line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005) 0005: 35 01 00 00000000 jge read 0007 (false 0006) 0006: 06 00 00 00050001 ret ERRNO(1) 0007: 15 40 00 0000009f jeq adjtimex 0048 (false 0008) 0008: 15 3f 00 00000131 jeq clock_adjtime 0048 (false 0009) 0009: 15 3e 00 000000e3 jeq clock_settime 0048 (false 000a) 000a: 15 3d 00 000000a4 jeq settimeofday 0048 (false 000b) 000b: 15 3c 00 0000009a jeq modify_ldt 0048 (false 000c) 000c: 15 3b 00 000000d4 jeq lookup_dcookie 0048 (false 000d) 000d: 15 3a 00 0000012a jeq perf_event_open 0048 (false 000e) 000e: 15 39 00 00000137 jeq process_vm_writev 0048 (false 000f) 000f: 15 38 00 000000b0 jeq delete_module 0048 (false 0010) 0010: 15 37 00 00000139 jeq finit_module 0048 (false 0011) 0011: 15 36 00 000000af jeq init_module 0048 (false 0012) 0012: 15 35 00 0000009c jeq _sysctl 0048 (false 0013) 0013: 15 34 00 000000b7 jeq afs_syscall 0048 (false 0014) 0014: 15 33 00 000000ae jeq create_module 0048 (false 0015) 0015: 15 32 00 000000b1 jeq get_kernel_syms 0048 (false 0016) 0016: 15 31 00 000000b5 jeq getpmsg 0048 (false 0017) 0017: 15 30 00 000000b6 jeq putpmsg 0048 (false 0018) 0018: 15 2f 00 000000b2 jeq query_module 0048 (false 0019) 0019: 15 2e 00 000000b9 jeq security 0048 (false 001a) 001a: 15 2d 00 0000008b jeq sysfs 0048 (false 001b) 001b: 15 2c 00 000000b8 jeq tuxcall 0048 (false 001c) 001c: 15 2b 00 00000086 jeq uselib 0048 (false 001d) 001d: 15 2a 00 00000088 jeq ustat 0048 (false 001e) 001e: 15 29 00 000000ec jeq vserver 0048 (false 001f) 001f: 15 28 00 000000ad jeq ioperm 0048 (false 0020) 0020: 15 27 00 000000ac jeq iopl 0048 (false 0021) 0021: 15 26 00 000000f6 jeq kexec_load 0048 (false 0022) 0022: 15 25 00 00000140 jeq kexec_file_load 0048 (false 0023) 0023: 15 24 00 000000a9 jeq reboot 0048 (false 0024) 0024: 15 23 00 000000ee jeq set_mempolicy 0048 (false 0025) 0025: 15 22 00 00000100 jeq migrate_pages 0048 (false 0026) 0026: 15 21 00 00000117 jeq move_pages 0048 (false 0027) 0027: 15 20 00 000000ed jeq mbind 0048 (false 0028) 0028: 15 1f 00 000000a7 jeq swapon 0048 (false 0029) 0029: 15 1e 00 000000a8 jeq swapoff 0048 (false 002a) 002a: 15 1d 00 000000a3 jeq acct 0048 (false 002b) 002b: 15 1c 00 000000f8 jeq add_key 0048 (false 002c) 002c: 15 1b 00 00000141 jeq bpf 0048 (false 002d) 002d: 15 1a 00 0000012c jeq fanotify_init 0048 (false 002e) 002e: 15 19 00 000000d2 jeq io_cancel 0048 (false 002f) 002f: 15 18 00 000000cf jeq io_destroy 0048 (false 0030) 0030: 15 17 00 000000d0 jeq io_getevents 0048 (false 0031) 0031: 15 16 00 000000ce jeq io_setup 0048 (false 0032) 0032: 15 15 00 000000d1 jeq io_submit 0048 (false 0033) 0033: 15 14 00 000000fb jeq ioprio_set 0048 (false 0034) 0034: 15 13 00 00000138 jeq kcmp 0048 (false 0035) 0035: 15 12 00 000000fa jeq keyctl 0048 (false 0036) 0036: 15 11 00 000000a5 jeq mount 0048 (false 0037) 0037: 15 10 00 0000012f jeq name_to_handle_at 0048 (false 0038) 0038: 15 0f 00 000000b4 jeq nfsservctl 0048 (false 0039) 0039: 15 0e 00 00000130 jeq open_by_handle_at 0048 (false 003a) 003a: 15 0d 00 00000087 jeq personality 0048 (false 003b) 003b: 15 0c 00 0000009b jeq pivot_root 0048 (false 003c) 003c: 15 0b 00 00000136 jeq process_vm_readv 0048 (false 003d) 003d: 15 0a 00 00000065 jeq ptrace 0048 (false 003e) 003e: 15 09 00 000000d8 jeq remap_file_pages 0048 (false 003f) 003f: 15 08 00 000000f9 jeq request_key 0048 (false 0040) 0040: 15 07 00 000000ab jeq setdomainname 0048 (false 0041) 0041: 15 06 00 000000aa jeq sethostname 0048 (false 0042) 0042: 15 05 00 00000067 jeq syslog 0048 (false 0043) 0043: 15 04 00 000000a6 jeq umount2 0048 (false 0044) 0044: 15 03 00 00000143 jeq userfaultfd 0048 (false 0045) 0045: 15 02 00 00000099 jeq vhangup 0048 (false 0046) 0046: 15 01 00 00000116 jeq vmsplice 0048 (false 0047) 0047: 06 00 00 7fff0000 ret ALLOW 0048: 06 00 00 00000000 ret KILL Mount the new ld.so.preload file Current directory: /home/user Install protocol filter: unix,inet,inet6 configuring 14 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol (null) Build drop seccomp filter sbox run: /run/firejail/lib/fseccomp drop /run/firejail/mnt/seccomp/seccomp /run/firejail/mnt/seccomp/seccomp.postexec @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice (null) sbox run: /run/firejail/lib/fsec-optimize /run/firejail/mnt/seccomp/seccomp (null) configuring 73 seccomp entries in /run/firejail/mnt/seccomp/seccomp sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp (null) seccomp filter configured Mounting read-only /run/firejail/mnt/seccomp Dropping all capabilities noroot user namespace installed Dropping all capabilities NO_NEW_PRIVS set Drop privileges: pid 1, uid 1000, gid 1000, nogroups 1 No supplementary groups ]0;firejail torbrowser-launcher Child process initialized in 243.09 ms starting application LD_PRELOAD=(null) execvp argument 0: torbrowser-launcher Gtk-Message: 21:25:09.387: Failed to load module "canberra-gtk-module" Gtk-Message: 21:25:09.394: Failed to load module "canberra-gtk-module" Qt: Session management error: None of the authentication protocols specified are supported Launching './Browser/start-tor-browser --detach'... Tor Browser Launcher By Micah Lee, licensed under MIT version 0.3.1 https://github.com/micahflee/torbrowser-launcher Launching Tor Browser. Running /home/user/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/start-tor-browser.desktop Parent is shutting down, bye... > ```
gitea-mirror 2026-05-05 08:27:22 -06:00
gitea-mirror commented 2026-05-05 08:27:25 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Jul 18, 2019):

mkdir -p ${HOME}/.config/firejail
cat > ~/.config/firejail/allow-python2.inc << EOF
noblacklist ${PATH}/python2*
noblacklist /usr/include/python2*
noblacklist /usr/lib/python2*
noblacklist /usr/local/lib/python2*
noblacklist /usr/share/python2*
EOF
cat > ~/.config/firejail/allow-python3.inc << EOF
noblacklist ${PATH}/python3*
noblacklist /usr/include/python3*
noblacklist /usr/lib/python3*
noblacklist /usr/local/lib/python3*
noblacklist /usr/share/python3*
EOF
<!-- gh-comment-id:512719192 --> @rusty-snake commented on GitHub (Jul 18, 2019): ```bash mkdir -p ${HOME}/.config/firejail cat > ~/.config/firejail/allow-python2.inc << EOF noblacklist ${PATH}/python2* noblacklist /usr/include/python2* noblacklist /usr/lib/python2* noblacklist /usr/local/lib/python2* noblacklist /usr/share/python2* EOF cat > ~/.config/firejail/allow-python3.inc << EOF noblacklist ${PATH}/python3* noblacklist /usr/include/python3* noblacklist /usr/lib/python3* noblacklist /usr/local/lib/python3* noblacklist /usr/share/python3* EOF ```
gitea-mirror commented 2026-05-05 08:27:26 -06:00
Author
Owner
Copy link

@ghost commented on GitHub (Jul 18, 2019):

Sorry, I didn't understand what you meant by that response.

<!-- gh-comment-id:512803548 --> @ghost commented on GitHub (Jul 18, 2019): Sorry, I didn't understand what you meant by that response.
gitea-mirror commented 2026-05-05 08:27:28 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Jul 18, 2019):

I tryed to reproduce under Fedora with firejail 0.9.61, but I can't. But you write that you are using the torbrowser-launcher profile from master with firejail 0.9.60 and I see in your debug log that you don't allow python (Reading profile allow-python2.inc, Reading profile allow-python3.inc but not Found ... profile in ...) and you get Gtk-Message: 21:25:09.394: Failed to load module "canberra-gtk-module" not sure if this is related.
Try adding the following to torbrowser-launcher.local or execute my last post (will create allow-python2.inc and allow-python3.inc).

noblacklist ${PATH}/python2*
noblacklist /usr/include/python2*
noblacklist /usr/lib/python2*
noblacklist /usr/local/lib/python2*
noblacklist /usr/share/python2*
noblacklist ${PATH}/python3*
noblacklist /usr/include/python3*
noblacklist /usr/lib/python3*
noblacklist /usr/local/lib/python3*
noblacklist /usr/share/python3*
<!-- gh-comment-id:512814169 --> @rusty-snake commented on GitHub (Jul 18, 2019): I tryed to reproduce under Fedora with firejail 0.9.61, but I can't. But you write that you are using the torbrowser-launcher profile from master with firejail 0.9.60 and I see in your debug log that you don't allow python (`Reading profile allow-python2.inc`, `Reading profile allow-python3.inc` but not `Found ... profile in ...`) and you get `Gtk-Message: 21:25:09.394: Failed to load module "canberra-gtk-module"` not sure if this is related. Try adding the following to `torbrowser-launcher.local` or execute my last post (will create `allow-python2.inc` and `allow-python3.inc`). ``` noblacklist ${PATH}/python2* noblacklist /usr/include/python2* noblacklist /usr/lib/python2* noblacklist /usr/local/lib/python2* noblacklist /usr/share/python2* noblacklist ${PATH}/python3* noblacklist /usr/include/python3* noblacklist /usr/lib/python3* noblacklist /usr/local/lib/python3* noblacklist /usr/share/python3* ```
gitea-mirror commented 2026-05-05 08:27:28 -06:00
Author
Owner
Copy link

@ghost commented on GitHub (Jul 18, 2019):

I see. I've added the allow-python profiles from this repository, and ran it again. I got the same result. Here's the log nevertheless:

Reading profile torbrowser-launcher.profile
Reading profile /home/user/.config/firejail/allow-python2.inc
Found allow-python2.inc profile in /home/user/.config/firejail directory
Reading profile /home/user/.config/firejail/allow-python3.inc
Found allow-python3.inc profile in /home/user/.config/firejail directory
Reading profile /etc/firejail/disable-common.inc
Found disable-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-devel.inc
Found disable-devel.inc profile in /etc/firejail directory
Reading profile /home/user/.config/firejail/disable-exec.inc
Found disable-exec.inc profile in /home/user/.config/firejail directory
Reading profile /etc/firejail/disable-interpreters.inc
Found disable-interpreters.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-passwdmgr.inc
Found disable-passwdmgr.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-programs.inc
Found disable-programs.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-xdg.inc
Found disable-xdg.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-common.inc
Found whitelist-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-var-common.inc
Found whitelist-var-common.inc profile in /etc/firejail directory
Warning: networking feature is disabled in Firejail configuration file
DISPLAY=:0 parsed as 0
Parent pid 15823, child pid 15825
Building quoted command line: 'torbrowser-launcher' 
Command name #torbrowser-launcher#
Using the local network stack
Warning fcopy: skipping /etc/alternatives/fakeroot.sv.1.gz, cannot find inode
Warning fcopy: skipping /etc/alternatives/faked.sv.1.gz, cannot find inode
Warning: file /etc/asound.conf not found.
Warning: skipping asound.conf for private /etc
Warning: file /etc/crypto-policies not found.
Warning: skipping crypto-policies for private /etc
Private /etc installed in 37.51 ms
Building quoted command line: 'torbrowser-launcher' 
Command name #torbrowser-launcher#
Using the local network stack
Initializing child process
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp directory
Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file
Build protocol filter: unix,inet,inet6
sbox run: /run/firejail/lib/fseccomp protocol build unix,inet,inet6 /run/firejail/mnt/seccomp/seccomp.protocol (null) 
Basic read-only filesystem:
Mounting read-only /etc
Mounting noexec /etc
Mounting read-only /var
Mounting noexec /var
Mounting read-only /bin
Mounting read-only /sbin
Mounting read-only /lib
Mounting read-only /lib64
Mounting read-only /lib32
Mounting read-only /usr
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Mounting tmpfs on /var/lib/dhcp
Mounting tmpfs on /var/lib/nginx
Mounting tmpfs on /var/lib/snmp
Mounting tmpfs on /var/lib/sudo
Mounting tmpfs on /var/cache/apache2
Mounting tmpfs on /var/cache/lighttpd
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Cleaning /run/user directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /home/user/.config/firejail
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/x11
Mounting tmpfs on /dev
mounting /run/firejail/mnt/dev/snd directory
mounting /run/firejail/mnt/dev/dri directory
Process /dev/shm directory
Copying files in the new /etc directory:
copying /etc/alsa to private /etc
Creating empty /run/firejail/mnt/etc/alsa directory
sbox run: /run/firejail/lib/fcopy /etc/alsa /run/firejail/mnt/etc/alsa (null) 
copying /etc/alternatives to private /etc
Creating empty /run/firejail/mnt/etc/alternatives directory
sbox run: /run/firejail/lib/fcopy /etc/alternatives /run/firejail/mnt/etc/alternatives (null) 
copying /etc/ca-certificates to private /etc
Creating empty /run/firejail/mnt/etc/ca-certificates directory
sbox run: /run/firejail/lib/fcopy /etc/ca-certificates /run/firejail/mnt/etc/ca-certificates (null) 
copying /etc/fonts to private /etc
Creating empty /run/firejail/mnt/etc/fonts directory
sbox run: /run/firejail/lib/fcopy /etc/fonts /run/firejail/mnt/etc/fonts (null) 
copying /etc/hostname to private /etc
sbox run: /run/firejail/lib/fcopy /etc/hostname /run/firejail/mnt/etc (null) 
copying /etc/hosts to private /etc
sbox run: /run/firejail/lib/fcopy /etc/hosts /run/firejail/mnt/etc (null) 
copying /etc/ld.so.cache to private /etc
sbox run: /run/firejail/lib/fcopy /etc/ld.so.cache /run/firejail/mnt/etc (null) 
copying /etc/machine-id to private /etc
sbox run: /run/firejail/lib/fcopy /etc/machine-id /run/firejail/mnt/etc (null) 
copying /etc/pki to private /etc
Creating empty /run/firejail/mnt/etc/pki directory
sbox run: /run/firejail/lib/fcopy /etc/pki /run/firejail/mnt/etc/pki (null) 
copying /etc/pulse to private /etc
Creating empty /run/firejail/mnt/etc/pulse directory
sbox run: /run/firejail/lib/fcopy /etc/pulse /run/firejail/mnt/etc/pulse (null) 
copying /etc/resolv.conf to private /etc
sbox run: /run/firejail/lib/fcopy /etc/resolv.conf /run/firejail/mnt/etc (null) 
copying /etc/ssl to private /etc
Creating empty /run/firejail/mnt/etc/ssl directory
sbox run: /run/firejail/lib/fcopy /etc/ssl /run/firejail/mnt/etc/ssl (null) 
Mount-bind /run/firejail/mnt/etc on top of /etc
Creating an empty /etc/ld.so.preload file
Copying files in the new bin directory
Checking /usr/local/bin/bash
Checking /usr/bin/bash
Checking /bin/bash
sbox run: /run/firejail/lib/fcopy /bin/bash /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/cp
Checking /usr/bin/cp
Checking /bin/cp
sbox run: /run/firejail/lib/fcopy /bin/cp /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/dirname
Checking /usr/bin/dirname
sbox run: /run/firejail/lib/fcopy /usr/bin/dirname /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/env
Checking /usr/bin/env
sbox run: /run/firejail/lib/fcopy /usr/bin/env /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/expr
Checking /usr/bin/expr
sbox run: /run/firejail/lib/fcopy /usr/bin/expr /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/file
Checking /usr/bin/file
sbox run: /run/firejail/lib/fcopy /usr/bin/file /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/getconf
Checking /usr/bin/getconf
sbox run: /run/firejail/lib/fcopy /usr/bin/getconf /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/gpg
Checking /usr/bin/gpg
sbox run: /run/firejail/lib/fcopy /usr/bin/gpg /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/grep
Checking /usr/bin/grep
Checking /bin/grep
sbox run: /run/firejail/lib/fcopy /bin/grep /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/id
Checking /usr/bin/id
sbox run: /run/firejail/lib/fcopy /usr/bin/id /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/ln
Checking /usr/bin/ln
Checking /bin/ln
sbox run: /run/firejail/lib/fcopy /bin/ln /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/mkdir
Checking /usr/bin/mkdir
Checking /bin/mkdir
sbox run: /run/firejail/lib/fcopy /bin/mkdir /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python-argcomplete-check-easy-install-script /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python-argcomplete-tcsh /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python2-pbr /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python2-wsdump /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python3-jsonschema /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python3-tor-prompt /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python3-wsdump /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python3.6 /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python3.6m /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/pythonect /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python2-futurize /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python2-pasteurize /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python2-qr /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python3-futurize /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python3-pasteurize /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python3-qr /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/x86_64-linux-gnu-python2.7-config /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python-config /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/x86_64-linux-gnu-python2.7-config /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python2-config /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python2.7 /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python2 /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python2.7 /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/x86_64-linux-gnu-python2.7-config /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python2.7-config /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcoWarning: file tor-browser-en not found
67 programs installed in 142.44 ms
py /usr/bin/python2.7 /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/x86_64-linux-gnu-python3.7m-config /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python3.7-config /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/x86_64-linux-gnu-python3.7m-config /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python3.7m-config /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python3.7 /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python3.7m /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/x86_64-linux-gnu-python3.7m-config /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python3-config /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/x86_64-linux-gnu-python3.7m-config /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python3m-config /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python3.7 /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python3 /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python3.7m /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python3m /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/faraday /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/python-faraday /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/readlink
Checking /usr/bin/readlink
Checking /bin/readlink
sbox run: /run/firejail/lib/fcopy /bin/readlink /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/rm
Checking /usr/bin/rm
Checking /bin/rm
sbox run: /run/firejail/lib/fcopy /bin/rm /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/sed
Checking /usr/bin/sed
Checking /bin/sed
sbox run: /run/firejail/lib/fcopy /bin/sed /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/sh
Checking /usr/bin/sh
Checking /bin/sh
sbox run: /run/firejail/lib/fcopy /bin/dash /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /bin/sh /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/tail
Checking /usr/bin/tail
sbox run: /run/firejail/lib/fcopy /usr/bin/tail /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/tar
Checking /usr/bin/tar
Checking /bin/tar
sbox run: /run/firejail/lib/fcopy /bin/tar /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/tclsh
Checking /usr/bin/tclsh
sbox run: /run/firejail/lib/fcopy /usr/bin/tclsh8.6 /run/firejail/mnt/bin (null) 
sbox run: /run/firejail/lib/fcopy /usr/bin/tclsh /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/test
Checking /usr/bin/test
sbox run: /run/firejail/lib/fcopy /usr/bin/test /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/tor-browser-en
Checking /usr/bin/tor-browser-en
Checking /bin/tor-browser-en
Checking /usr/games/tor-browser-en
Checking /usr/local/games/tor-browser-en
Checking /usr/local/sbin/tor-browser-en
Checking /usr/sbin/tor-browser-en
Checking /sbin/tor-browser-en
Checking /usr/local/bin/torbrowser-launcher
firejail exec symlink detected
Checking /usr/bin/torbrowser-launcher
sbox run: /run/firejail/lib/fcopy /usr/bin/torbrowser-launcher /run/firejail/mnt/bin (null) 
Checking /usr/local/bin/xz
Checking /usr/bin/xz
sbox run: /run/firejail/lib/fcopy /usr/bin/xz /run/firejail/mnt/bin (null) 
Mount-bind /run/firejail/mnt/bin on top of /usr/local/bin
Mount-bind /run/firejail/mnt/bin on top of /usr/bin
Mount-bind /run/firejail/mnt/bin on top of /bin
Mount-bind /run/firejail/mnt/bin on top of /usr/games
Mount-bind /run/firejail/mnt/bin on top of /usr/local/games
Mount-bind /run/firejail/mnt/bin on top of /usr/local/sbin
Mount-bind /run/firejail/mnt/bin on top of /usr/sbin
Mount-bind /run/firejail/mnt/bin on top of /sbin
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Debug 409: new_name #/home/user/Downloads#, whitelist
Debug 517: fname #/home/user/Downloads#, cfg.homedir #/home/user#
Debug 409: new_name #/home/user/.config/torbrowser#, whitelist
Debug 517: fname #/home/user/.config/torbrowser#, cfg.homedir #/home/user#
Debug 409: new_name #/home/user/.local/share/torbrowser#, whitelist
Debug 517: fname #/home/user/.local/share/torbrowser#, cfg.homedir #/home/user#
Debug 409: new_name #/home/user/.XCompose#, whitelist
blacklist /run/user/1000/bus
blacklist /home/user/.dbus
blacklist /run/dbus/system_bus_socket
Remounting /proc and /proc/sys filesystems
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/sched_debug
Disable /proc/timer_list
Disable /proc/kcore
Disable /proc/kallsyms
Disable /lib/modules
Disable /usr/lib/debug
Disable /boot
Disable /run/user/1000/gnupg
Disable /run/user/1000/systemd
Disable /proc/kmsg
Directory ${DOWNLOADS} resolved as Downloads
Replaced whitelist path: whitelist /home/user/Downloads
Replaced whitelist path: whitelist /home/user/.config/torbrowser
Replaced whitelist path: whitelist /home/user/.local/share/torbrowser
Removed whitelist/nowhitelist path: whitelist ${HOME}/.XCompose
	expanded: /home/user/.XCompose
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.asoundrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.asoundrc
	expanded: /home/user/.asoundrc
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.config/ibus#, whitelist
Debug 517: fname #/home/user/.config/ibus#, cfg.homedir #/home/user#
Debug 409: new_name #/home/user/.config/mimeapps.list#, whitelist
Debug 517: fname #/home/user/.config/mimeapps.list#, cfg.homedir #/home/user#
Debug 409: new_name #/home/user/.config/pkcs11#, whitelist
Replaced whitelist path: whitelist /home/user/.config/ibus
Replaced whitelist path: whitelist /home/user/.config/mimeapps.list
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/pkcs11
	expanded: /home/user/.config/pkcs11
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.config/user-dirs.dirs#, whitelist
Debug 517: fname #/home/user/.config/user-dirs.dirs#, cfg.homedir #/home/user#
Debug 409: new_name #/home/user/.drirc#, whitelist
Replaced whitelist path: whitelist /home/user/.config/user-dirs.dirs
Removed whitelist/nowhitelist path: whitelist ${HOME}/.drirc
	expanded: /home/user/.drirc
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.icons#, whitelist
Debug 517: fname #/home/user/.icons#, cfg.homedir #/home/user#
Debug 409: new_name #/home/user/.local/share/applications#, whitelist
Debug 517: fname #/home/user/.local/share/applications#, cfg.homedir #/home/user#
Debug 409: new_name #/home/user/.local/share/icons#, whitelist
Replaced whitelist path: whitelist /home/user/.icons
Replaced whitelist path: whitelist /home/user/.local/share/applications
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/icons
	expanded: /home/user/.local/share/icons
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.local/share/mime#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/mime
	expanded: /home/user/.local/share/mime
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.mime.types#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.mime.types
	expanded: /home/user/.mime.types
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.config/dconf#, whitelist
Debug 517: fname #/home/user/.config/dconf#, cfg.homedir #/home/user#
Debug 409: new_name #/home/user/.cache/fontconfig#, whitelist
Debug 517: fname #/home/user/.cache/fontconfig#, cfg.homedir #/home/user#
Debug 409: new_name #/home/user/.config/fontconfig#, whitelist
Replaced whitelist path: whitelist /home/user/.config/dconf
Replaced whitelist path: whitelist /home/user/.cache/fontconfig
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/fontconfig
	expanded: /home/user/.config/fontconfig
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.fontconfig#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fontconfig
	expanded: /home/user/.fontconfig
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.fonts#, whitelist
Debug 517: fname #/home/user/.fonts#, cfg.homedir #/home/user#
Debug 409: new_name #/home/user/.fonts.conf#, whitelist
Replaced whitelist path: whitelist /home/user/.fonts
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf
	expanded: /home/user/.fonts.conf
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.fonts.conf.d#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf.d
	expanded: /home/user/.fonts.conf.d
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.fonts.d#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.d
	expanded: /home/user/.fonts.d
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.local/share/fonts#, whitelist
Debug 517: fname #/home/user/.local/share/fonts#, cfg.homedir #/home/user#
Debug 409: new_name #/home/user/.pangorc#, whitelist
Replaced whitelist path: whitelist /home/user/.local/share/fonts
Removed whitelist/nowhitelist path: whitelist ${HOME}/.pangorc
	expanded: /home/user/.pangorc
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.config/gtk-2.0#, whitelist
Debug 517: fname #/home/user/.config/gtk-2.0#, cfg.homedir #/home/user#
Debug 409: new_name #/home/user/.config/gtk-3.0#, whitelist
Debug 517: fname #/home/user/.config/gtk-3.0#, cfg.homedir #/home/user#
Debug 409: new_name #/home/user/.config/gtkrc#, whitelist
Replaced whitelist path: whitelist /home/user/.config/gtk-2.0
Replaced whitelist path: whitelist /home/user/.config/gtk-3.0
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc
	expanded: /home/user/.config/gtkrc
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.config/gtkrc-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc-2.0
	expanded: /home/user/.config/gtkrc-2.0
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.gnome2#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2
	expanded: /home/user/.gnome2
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.gnome2-private#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2-private
	expanded: /home/user/.gnome2-private
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.gtk-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtk-2.0
	expanded: /home/user/.gtk-2.0
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.gtkrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtkrc
	expanded: /home/user/.gtkrc
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.gtkrc-2.0#, whitelist
Debug 517: fname #/home/user/.gtkrc-2.0#, cfg.homedir #/home/user#
Debug 409: new_name #/home/user/.kde/share/config/gtkrc#, whitelist
Replaced whitelist path: whitelist /home/user/.gtkrc-2.0
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc
	expanded: /home/user/.kde/share/config/gtkrc
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.kde/share/config/gtkrc-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc-2.0
	expanded: /home/user/.kde/share/config/gtkrc-2.0
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.kde4/share/config/gtkrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc
	expanded: /home/user/.kde4/share/config/gtkrc
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.kde4/share/config/gtkrc-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc-2.0
	expanded: /home/user/.kde4/share/config/gtkrc-2.0
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.local/share/themes#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/themes
	expanded: /home/user/.local/share/themes
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.themes#, whitelist
Debug 517: fname #/home/user/.themes#, cfg.homedir #/home/user#
Debug 409: new_name #/home/user/.cache/kioexec/krun#, whitelist
Replaced whitelist path: whitelist /home/user/.themes
Removed whitelist/nowhitelist path: whitelist ${HOME}/.cache/kioexec/krun
	expanded: /home/user/.cache/kioexec/krun
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.config/Kvantum#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/Kvantum
	expanded: /home/user/.config/Kvantum
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.config/Trolltech.conf#, whitelist
Debug 517: fname #/home/user/.config/Trolltech.conf#, cfg.homedir #/home/user#
Debug 409: new_name #/home/user/.config/kdeglobals#, whitelist
Debug 517: fname #/home/user/.config/kdeglobals#, cfg.homedir #/home/user#
Debug 409: new_name #/home/user/.config/kio_httprc#, whitelist
Replaced whitelist path: whitelist /home/user/.config/Trolltech.conf
Replaced whitelist path: whitelist /home/user/.config/kdeglobals
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kio_httprc
	expanded: /home/user/.config/kio_httprc
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.config/kioslaverc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kioslaverc
	expanded: /home/user/.config/kioslaverc
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.config/ksslcablacklist#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/ksslcablacklist
	expanded: /home/user/.config/ksslcablacklist
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.config/qt5ct#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/qt5ct
	expanded: /home/user/.config/qt5ct
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.kde/share/config/kdeglobals#, whitelist
Debug 517: fname #/home/user/.kde/share/config/kdeglobals#, cfg.homedir #/home/user#
Debug 409: new_name #/home/user/.kde/share/config/kio_httprc#, whitelist
Replaced whitelist path: whitelist /home/user/.kde/share/config/kdeglobals
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kio_httprc
	expanded: /home/user/.kde/share/config/kio_httprc
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.kde/share/config/kioslaverc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kioslaverc
	expanded: /home/user/.kde/share/config/kioslaverc
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.kde/share/config/ksslcablacklist#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/ksslcablacklist
	expanded: /home/user/.kde/share/config/ksslcablacklist
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.kde/share/config/oxygenrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/oxygenrc
	expanded: /home/user/.kde/share/config/oxygenrc
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.kde/share/icons#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/icons
	expanded: /home/user/.kde/share/icons
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.kde4/share/config/kdeglobals#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kdeglobals
	expanded: /home/user/.kde4/share/config/kdeglobals
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.kde4/share/config/kio_httprc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kio_httprc
	expanded: /home/user/.kde4/share/config/kio_httprc
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.kde4/share/config/kioslaverc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kioslaverc
	expanded: /home/user/.kde4/share/config/kioslaverc
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.kde4/share/config/ksslcablacklist#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/ksslcablacklist
	expanded: /home/user/.kde4/share/config/ksslcablacklist
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.kde4/share/config/oxygenrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/oxygenrc
	expanded: /home/user/.kde4/share/config/oxygenrc
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.kde4/share/icons#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/icons
	expanded: /home/user/.kde4/share/icons
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.local/share/qt5ct#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/qt5ct
	expanded: /home/user/.local/share/qt5ct
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/var/lib/dbus#, whitelist
Debug 409: new_name #/var/lib/menu-xdg#, whitelist
Debug 409: new_name #/var/cache/fontconfig#, whitelist
Debug 409: new_name #/var/tmp#, whitelist
Debug 409: new_name #/var/run#, whitelist
Debug 409: new_name #/var/lock#, whitelist
Debug 409: new_name #/tmp/.X11-unix#, whitelist
Debug 409: new_name #/tmp/pulse-PKdhtXMmr18n#, whitelist
Warning: cleaning all supplementary groups
Warning: cleaning all supplementary groups
Replaced whitelist path: whitelist /run
Replaced whitelist path: whitelist /run/lock
Mounting a new /home directory
Mounting a new /root directory
Create a new user directory
Mounting tmpfs on /tmp directory
Mounting tmpfs on /var directory
Whitelisting /home/user/Downloads
2606 2591 0:24 /home/user/Downloads /home/user/Downloads rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/Downloads
mountid=2606 fsname=/home/user/Downloads dir=/home/user/Downloads fstype=btrfs
Whitelisting /home/user/.config/torbrowser
2607 2591 0:24 /home/user/.config/torbrowser /home/user/.config/torbrowser rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.config/torbrowser
mountid=2607 fsname=/home/user/.config/torbrowser dir=/home/user/.config/torbrowser fstype=btrfs
Whitelisting /home/user/.local/share/torbrowser
2608 2591 0:24 /home/user/.local/share/torbrowser /home/user/.local/share/torbrowser rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.local/share/torbrowser
mountid=2608 fsname=/home/user/.local/share/torbrowser dir=/home/user/.local/share/torbrowser fstype=btrfs
Whitelisting /home/user/.config/ibus
2609 2591 0:24 /home/user/.config/ibus /home/user/.config/ibus rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.config/ibus
mountid=2609 fsname=/home/user/.config/ibus dir=/home/user/.config/ibus fstype=btrfs
Whitelisting /home/user/.config/mimeapps.list
2610 2591 0:24 /home/user/.config/mimeapps.list /home/user/.config/mimeapps.list rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.config/mimeapps.list
mountid=2610 fsname=/home/user/.config/mimeapps.list dir=/home/user/.config/mimeapps.list fstype=btrfs
Whitelisting /home/user/.config/user-dirs.dirs
2611 2591 0:24 /home/user/.config/user-dirs.dirs /home/user/.config/user-dirs.dirs rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.config/user-dirs.dirs
mountid=2611 fsname=/home/user/.config/user-dirs.dirs dir=/home/user/.config/user-dirs.dirs fstype=btrfs
Whitelisting /home/user/.icons
2612 2591 0:24 /home/user/.icons /home/user/.icons rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.icons
mountid=2612 fsname=/home/user/.icons dir=/home/user/.icons fstype=btrfs
Whitelisting /home/user/.local/share/applications
2613 2591 0:24 /home/user/.local/share/applications /home/user/.local/share/applications rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.local/share/applications
mountid=2613 fsname=/home/user/.local/share/applications dir=/home/user/.local/share/applications fstype=btrfs
Whitelisting /home/user/.config/dconf
2614 2591 0:24 /home/user/.config/dconf /home/user/.config/dconf rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.config/dconf
mountid=2614 fsname=/home/user/.config/dconf dir=/home/user/.config/dconf fstype=btrfs
Whitelisting /home/user/.cache/fontconfig
2615 2591 0:24 /home/user/.cache/fontconfig /home/user/.cache/fontconfig rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.cache/fontconfig
mountid=2615 fsname=/home/user/.cache/fontconfig dir=/home/user/.cache/fontconfig fstype=btrfs
Whitelisting /home/user/.fonts
2616 2591 0:24 /home/user/.fonts /home/user/.fonts rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.fonts
mountid=2616 fsname=/home/user/.fonts dir=/home/user/.fonts fstype=btrfs
Whitelisting /home/user/.local/share/fonts
2617 2591 0:24 /home/user/.local/share/fonts /home/user/.local/share/fonts rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.local/share/fonts
mountid=2617 fsname=/home/user/.local/share/fonts dir=/home/user/.local/share/fonts fstype=btrfs
Whitelisting /home/user/.config/gtk-2.0
2618 2591 0:24 /home/user/.config/gtk-2.0 /home/user/.config/gtk-2.0 rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.config/gtk-2.0
mountid=2618 fsname=/home/user/.config/gtk-2.0 dir=/home/user/.config/gtk-2.0 fstype=btrfs
Whitelisting /home/user/.config/gtk-3.0
2619 2591 0:24 /home/user/.config/gtk-3.0 /home/user/.config/gtk-3.0 rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.config/gtk-3.0
mountid=2619 fsname=/home/user/.config/gtk-3.0 dir=/home/user/.config/gtk-3.0 fstype=btrfs
Whitelisting /home/user/.gtkrc-2.0
2620 2591 0:24 /home/user/.gtkrc-2.0 /home/user/.gtkrc-2.0 rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.gtkrc-2.0
mountid=2620 fsname=/home/user/.gtkrc-2.0 dir=/home/user/.gtkrc-2.0 fstype=btrfs
Whitelisting /home/user/.themes
2621 2591 0:24 /home/user/.themes /home/user/.themes rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.themes
mountid=2621 fsname=/home/user/.themes dir=/home/user/.themes fstype=btrfs
Whitelisting /home/user/.config/Trolltech.conf
2622 2591 0:24 /home/user/.config/Trolltech.conf /home/user/.config/Trolltech.conf rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.config/Trolltech.conf
mountid=2622 fsname=/home/user/.config/Trolltech.conf dir=/home/user/.config/Trolltech.conf fstype=btrfs
Whitelisting /home/user/.config/kdeglobals
2623 2591 0:24 /home/user/.config/kdeglobals /home/user/.config/kdeglobals rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.config/kdeglobals
mountid=2623 fsname=/home/user/.config/kdeglobals dir=/home/user/.config/kdeglobals fstype=btrfs
Whitelisting /home/user/.kde/share/config/kdeglobals
2624 2591 0:24 /home/user/.kde/share/config/kdeglobals /home/user/.kde/share/config/kdeglobals rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.kde/share/config/kdeglobals
mountid=2624 fsname=/home/user/.kde/share/config/kdeglobals dir=/home/user/.kde/share/config/kdeglobals fstype=btrfs
Whitelisting /var/lib/dbus
2625 2605 0:24 /var/lib/dbus /var/lib/dbus ro,nosuid,nodev,noexec,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/var/lib/dbus
mountid=2625 fsname=/var/lib/dbus dir=/var/lib/dbus fstype=btrfs
Whitelisting /var/lib/menu-xdg
2626 2605 0:24 /var/lib/menu-xdg /var/lib/menu-xdg ro,nosuid,nodev,noexec,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/var/lib/menu-xdg
mountid=2626 fsname=/var/lib/menu-xdg dir=/var/lib/menu-xdg fstype=btrfs
Whitelisting /var/cache/fontconfig
2627 2605 0:24 /var/cache/fontconfig /var/cache/fontconfig ro,nosuid,nodev,noexec,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/var/cache/fontconfig
mountid=2627 fsname=/var/cache/fontconfig dir=/var/cache/fontconfig fstype=btrfs
Whitelisting /var/tmp
2628 2605 0:125 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw
mountid=2628 fsname=/ dir=/var/tmp fstype=tmpfs
Created symbolic link /var/run -> /run
Created symbolic link /var/lock -> /run/lock
Whitelisting /tmp/.X11-unix
2629 2594 0:24 /tmp/.X11-unix /tmp/.X11-unix rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/tmp/.X11-unix
mountid=2629 fsname=/tmp/.X11-unix dir=/tmp/.X11-unix fstype=btrfs
Whitelisting /tmp/pulse-PKdhtXMmr18n
2630 2594 0:24 /tmp/pulse-PKdhtXMmr18n /tmp/pulse-PKdhtXMmr18n rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/tmp/pulse-PKdhtXMmr18n
mountid=2630 fsname=/tmp/pulse-PKdhtXMmr18n dir=/tmp/pulse-PKdhtXMmr18n fstype=btrfs
Mounting read-only /home/user/.Xauthority
Mounting read-only /home/user/.config/kdeglobals
Mounting read-only /home/user/.kde/share/config/kdeglobals
Disable /run/docker.sock (requested /var/run/docker.sock)
Mounting read-only /home/user/.local/share/applications
Disable /sbin
Disable /usr/local/sbin
Disable /usr/sbin
Disable /usr/share/flatpak
Disable /usr/include
Disable /usr/share/java
Disable /usr/lib/valgrind
Mounting noexec /run/user/1000
Mounting noexec /dev/shm
Mounting noexec /tmp
Mounting noexec /tmp/.X11-unix
Mounting noexec /tmp/pulse-PKdhtXMmr18n
Disable /usr/share/lua
Disable /usr/lib/perl6
Disable /usr/share/perl
Disable /usr/share/perl-openssl-defaults
Disable /usr/share/perl5
Disable /usr/lib/php
Disable /usr/share/php7.3-common
Disable /usr/share/php7.3-json
Disable /usr/share/php7.3-mysql
Disable /usr/share/php7.3-opcache
Disable /usr/share/php7.3-pgsql
Disable /usr/share/php7.3-readline
Disable /usr/share/php7.3-sqlite3
Disable /usr/lib/ruby
Not blacklist /home/user/.local/bin/python2*
Not blacklist /snap/bin/python2*
Not blacklist /usr/local/sbin/python2*
Not blacklist /usr/sbin/python2*
Not blacklist /sbin/python2*
Not blacklist /usr/local/bin/python2.7-config
Not blacklist /usr/local/bin/python2
Not blacklist /usr/local/bin/python2.7
Not blacklist /usr/local/bin/python2-config
Not blacklist /usr/local/bin/python2-qr
Not blacklist /usr/local/bin/python2-pasteurize
Not blacklist /usr/local/bin/python2-futurize
Not blacklist /usr/local/bin/python2-wsdump
Not blacklist /usr/local/bin/python2-pbr
Not blacklist /usr/bin/python2.7-config
Not blacklist /usr/bin/python2
Not blacklist /usr/bin/python2.7
Not blacklist /usr/bin/python2-config
Not blacklist /usr/bin/python2-qr
Not blacklist /usr/bin/python2-pasteurize
Not blacklist /usr/bin/python2-futurize
Not blacklist /usr/bin/python2-wsdump
Not blacklist /usr/bin/python2-pbr
Not blacklist /bin/python2.7-config
Not blacklist /bin/python2
Not blacklist /bin/python2.7
Not blacklist /bin/python2-config
Not blacklist /bin/python2-qr
Not blacklist /bin/python2-pasteurize
Not blacklist /bin/python2-futurize
Not blacklist /bin/python2-wsdump
Not blacklist /bin/python2-pbr
Not blacklist /usr/local/games/python2.7-config
Not blacklist /usr/local/games/python2
Not blacklist /usr/local/games/python2.7
Not blacklist /usr/local/games/python2-config
Not blacklist /usr/local/games/python2-qr
Not blacklist /usr/local/games/python2-pasteurize
Not blacklist /usr/local/games/python2-futurize
Not blacklist /usr/local/games/python2-wsdump
Not blacklist /usr/local/games/python2-pbr
Not blacklist /usr/games/python2.7-config
Not blacklist /usr/games/python2
Not blacklist /usr/games/python2.7
Not blacklist /usr/games/python2-config
Not blacklist /usr/games/python2-qr
Not blacklist /usr/games/python2-pasteurize
Not blacklist /usr/games/python2-futurize
Not blacklist /usr/games/python2-wsdump
Not blacklist /usr/games/python2-pbr
Not blacklist /usr/include/python2*
Not blacklist /usr/lib/python2.6
Not blacklist /usr/lib/python2.7
Not blacklist /usr/local/lib/python2.7
Not blacklist /usr/share/python2*
Not blacklist /home/user/.local/bin/python3*
Not blacklist /snap/bin/python3*
Not blacklist /usr/local/sbin/python3*
Not blacklist /usr/sbin/python3*
Not blacklist /sbin/python3*
Not blacklist /usr/local/bin/python3m
Not blacklist /usr/local/bin/python3
Not blacklist /usr/local/bin/python3m-config
Not blacklist /usr/local/bin/python3-config
Not blacklist /usr/local/bin/python3.7m
Not blacklist /usr/local/bin/python3.7
Not blacklist /usr/local/bin/python3.7m-config
Not blacklist /usr/local/bin/python3.7-config
Not blacklist /usr/local/bin/python3-qr
Not blacklist /usr/local/bin/python3-pasteurize
Not blacklist /usr/local/bin/python3-futurize
Not blacklist /usr/local/bin/python3.6m
Not blacklist /usr/local/bin/python3.6
Not blacklist /usr/local/bin/python3-wsdump
Not blacklist /usr/local/bin/python3-tor-prompt
Not blacklist /usr/local/bin/python3-jsonschema
Not blacklist /usr/bin/python3m
Not blacklist /usr/bin/python3
Not blacklist /usr/bin/python3m-config
Not blacklist /usr/bin/python3-config
Not blacklist /usr/bin/python3.7m
Not blacklist /usr/bin/python3.7
Not blacklist /usr/bin/python3.7m-config
Not blacklist /usr/bin/python3.7-config
Not blacklist /usr/bin/python3-qr
Not blaWarning: cleaning all supplementary groups
Post-exec seccomp protector enabled
cklist /usr/bin/python3-pasteurize
Not blacklist /usr/bin/python3-futurize
Not blacklist /usr/bin/python3.6m
Not blacklist /usr/bin/python3.6
Not blacklist /usr/bin/python3-wsdump
Not blacklist /usr/bin/python3-tor-prompt
Not blacklist /usr/bin/python3-jsonschema
Not blacklist /bin/python3m
Not blacklist /bin/python3
Not blacklist /bin/python3m-config
Not blacklist /bin/python3-config
Not blacklist /bin/python3.7m
Not blacklist /bin/python3.7
Not blacklist /bin/python3.7m-config
Not blacklist /bin/python3.7-config
Not blacklist /bin/python3-qr
Not blacklist /bin/python3-pasteurize
Not blacklist /bin/python3-futurize
Not blacklist /bin/python3.6m
Not blacklist /bin/python3.6
Not blacklist /bin/python3-wsdump
Not blacklist /bin/python3-tor-prompt
Not blacklist /bin/python3-jsonschema
Not blacklist /usr/local/games/python3m
Not blacklist /usr/local/games/python3
Not blacklist /usr/local/games/python3m-config
Not blacklist /usr/local/games/python3-config
Not blacklist /usr/local/games/python3.7m
Not blacklist /usr/local/games/python3.7
Not blacklist /usr/local/games/python3.7m-config
Not blacklist /usr/local/games/python3.7-config
Not blacklist /usr/local/games/python3-qr
Not blacklist /usr/local/games/python3-pasteurize
Not blacklist /usr/local/games/python3-futurize
Not blacklist /usr/local/games/python3.6m
Not blacklist /usr/local/games/python3.6
Not blacklist /usr/local/games/python3-wsdump
Not blacklist /usr/local/games/python3-tor-prompt
Not blacklist /usr/local/games/python3-jsonschema
Not blacklist /usr/games/python3m
Not blacklist /usr/games/python3
Not blacklist /usr/games/python3m-config
Not blacklist /usr/games/python3-config
Not blacklist /usr/games/python3.7m
Not blacklist /usr/games/python3.7
Not blacklist /usr/games/python3.7m-config
Not blacklist /usr/games/python3.7-config
Not blacklist /usr/games/python3-qr
Not blacklist /usr/games/python3-pasteurize
Not blacklist /usr/games/python3-futurize
Not blacklist /usr/games/python3.6m
Not blacklist /usr/games/python3.6
Not blacklist /usr/games/python3-wsdump
Not blacklist /usr/games/python3-tor-prompt
Not blacklist /usr/games/python3-jsonschema
Not blacklist /usr/include/python3*
Not blacklist /usr/lib/python3
Not blacklist /usr/lib/python3.6
Not blacklist /usr/lib/python3.7
Not blacklist /usr/local/lib/python3.6
Not blacklist /usr/local/lib/python3.7
Not blacklist /usr/share/python3
Not blacklist /usr/share/python3-plotly
Not blacklist /home/user/.config/torbrowser
Not blacklist /home/user/.local/share/torbrowser
Mounting read-only /home/user/.config/user-dirs.dirs
Mounting read-only /tmp/.X11-unix
Disable /sys/fs
Disable /sys/module
Disable /mnt
Disable /media
Disable /run/mount
Mounting noexec /run/firejail/mnt/pulse
Creating empty /home/user/.config/pulse directory
2680 2591 0:123 /pulse /home/user/.config/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755
mountid=2680 fsname=/pulse dir=/home/user/.config/pulse fstype=tmpfs
blacklist /dev/dvb
blacklist /dev/sr0
blacklist /dev/hidraw0
blacklist /dev/hidraw1
blacklist /dev/hidraw2
blacklist /dev/hidraw3
blacklist /dev/hidraw4
blacklist /dev/hidraw5
blacklist /dev/hidraw6
blacklist /dev/hidraw7
blacklist /dev/hidraw8
blacklist /dev/hidraw9
blacklist /dev/usb
blacklist /dev/video0
blacklist /dev/video1
blacklist /dev/video2
blacklist /dev/video3
blacklist /dev/video4
blacklist /dev/video5
blacklist /dev/video6
blacklist /dev/video7
blacklist /dev/video8
blacklist /dev/video9
Create the new ld.so.preload file
DISPLAY=:0 parsed as 0
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 15 01 00 00000029   jeq socket 0006 (false 0005)
 0005: 06 00 00 7fff0000   ret ALLOW
 0006: 20 00 00 00000010   ld  data.args[0]
 0007: 15 00 01 00000001   jeq 1 0008 (false 0009)
 0008: 06 00 00 7fff0000   ret ALLOW
 0009: 15 00 01 00000002   jeq 2 000a (false 000b)
 000a: 06 00 00 7fff0000   ret ALLOW
 000b: 15 00 01 0000000a   jeq a 000c (false 000d)
 000c: 06 00 00 7fff0000   ret ALLOW
 000d: 06 00 00 0005005f   ret ERRNO(95)
Seccomp list in: @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice, check list: @default-keep, prelist: adjtimex,clock_adjtime,clock_settime,settimeofday,modify_ldt,lookup_dcookie,perf_event_open,process_vm_writev,delete_module,finit_module,init_module,_sysctl,afs_syscall,create_module,get_kernel_syms,getpmsg,putpmsg,query_module,security,sysfs,tuxcall,uselib,ustat,vserver,ioperm,iopl,kexec_load,kexec_file_load,reboot,set_mempolicy,migrate_pages,move_pages,mbind,swapon,swapoff,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount2,userfaultfd,vhangup,vmsplice,
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 35 01 00 40000000   jge X32_ABI 0006 (false 0005)
 0005: 35 01 00 00000000   jge read 0007 (false 0006)
 0006: 06 00 00 00050001   ret ERRNO(1)
 0007: 15 40 00 0000009f   jeq adjtimex 0048 (false 0008)
 0008: 15 3f 00 00000131   jeq clock_adjtime 0048 (false 0009)
 0009: 15 3e 00 000000e3   jeq clock_settime 0048 (false 000a)
 000a: 15 3d 00 000000a4   jeq settimeofday 0048 (false 000b)
 000b: 15 3c 00 0000009a   jeq modify_ldt 0048 (false 000c)
 000c: 15 3b 00 000000d4   jeq lookup_dcookie 0048 (false 000d)
 000d: 15 3a 00 0000012a   jeq perf_event_open 0048 (false 000e)
 000e: 15 39 00 00000137   jeq process_vm_writev 0048 (false 000f)
 000f: 15 38 00 000000b0   jeq delete_module 0048 (false 0010)
 0010: 15 37 00 00000139   jeq finit_module 0048 (false 0011)
 0011: 15 36 00 000000af   jeq init_module 0048 (false 0012)
 0012: 15 35 00 0000009c   jeq _sysctl 0048 (false 0013)
 0013: 15 34 00 000000b7   jeq afs_syscall 0048 (false 0014)
 0014: 15 33 00 000000ae   jeq create_module 0048 (false 0015)
 0015: 15 32 00 000000b1   jeq get_kernel_syms 0048 (false 0016)
 0016: 15 31 00 000000b5   jeq getpmsg 0048 (false 0017)
 0017: 15 30 00 000000b6   jeq putpmsg 0048 (false 0018)
 0018: 15 2f 00 000000b2   jeq query_module 0048 (false 0019)
 0019: 15 2e 00 000000b9   jeq security 0048 (false 001a)
 001a: 15 2d 00 0000008b   jeq sysfs 0048 (false 001b)
 001b: 15 2c 00 000000b8   jeq tuxcall 0048 (false 001c)
 001c: 15 2b 00 00000086   jeq uselib 0048 (false 001d)
 001d: 15 2a 00 00000088   jeq ustat 0048 (false 001e)
 001e: 15 29 00 000000ec   jeq vserver 0048 (false 001f)
 001f: 15 28 00 000000ad   jeq ioperm 0048 (false 0020)
 0020: 15 27 00 000000ac   jeq iopl 0048 (false 0021)
 0021: 15 26 00 000000f6   jeq kexec_load 0048 (false 0022)
 0022: 15 25 00 00000140   jeq kexec_file_load 0048 (false 0023)
 0023: 15 24 00 000000a9   jeq reboot 0048 (false 0024)
 0024: 15 23 00 000000ee   jeq set_mempolicy 0048 (false 0025)
 0025: 15 22 00 00000100   jeq migrate_pages 0048 (false 0026)
 0026: 15 21 00 00000117   jeq move_pages 0048 (false 0027)
 0027: 15 20 00 000000ed   jeq mbind 0048 (false 0028)
 0028: 15 1f 00 000000a7   jeq swapon 0048 (false 0029)
 0029: 15 1e 00 000000a8   jeq swapoff 0048 (false 002a)
 002a: 15 1d 00 000000a3   jeq acct 0048 (false 002b)
 002b: 15 1c 00 000000f8   jeq add_key 0048 (false 002c)
 002c: 15 1b 00 00000141   jeq bpf 0048 (false 002d)
 002d: 15 1a 00 0000012c   jeq fanotify_init 0048 (false 002e)
 002e: 15 19 00 000000d2   jeq io_cancel 0048 (false 002f)
 002f: 15 18 00 000000cf   jeq io_destroy 0048 (false 0030)
 0030: 15 17 00 000000d0   jeq io_getevents 0048 (false 0031)
 0031: 15 16 00 000000ce   jeq io_setup 0048 (false 0032)
 0032: 15 15 00 000000d1   jeq io_submit 0048 (false 0033)
 0033: 15 14 00 000000fb   jeq ioprio_set 0048 (false 0034)
 0034: 15 13 00 00000138   jeq kcmp 0048 (false 0035)
 0035: 15 12 00 000000fa   jeq keyctl 0048 (false 0036)
 0036: 15 11 00 000000a5   jeq mount 0048 (false 0037)
 0037: 15 10 00 0000012f   jeq name_to_handle_at 0048 (false 0038)
 0038: 15 0f 00 000000b4   jeq nfsservctl 0048 (false 0039)
 0039: 15 0e 00 00000130   jeq open_by_handle_at 0048 (false 003a)
 003a: 15 0d 00 00000087   jeq personality 0048 (false 003b)
 003b: 15 0c 00 0000009b   jeq pivot_root 0048 (false 003c)
 003c: 15 0b 00 00000136   jeq process_vm_readv 0048 (false 003d)
 003d: 15 0a 00 00000065   jeq ptrace 0048 (false 003e)
 003e: 15 09 00 000000d8   jeq remap_file_pages 0048 (false 003f)
 003f: 15 08 00 000000f9   jeq request_key 0048 (false 0040)
 0040: 15 07 00 000000ab   jeq setdomainname 0048 (false 0041)
 0041: 15 06 00 000000aa   jeq sethostname 0048 (false 0042)
 0042: 15 05 00 00000067   jeq syslog 0048 (false 0043)
 0043: 15 04 00 000000a6   jeq umount2 0048 (false 0044)
 0044: 15 03 00 00000143   jeq userfaultfd 0048 (false 0045)
 0045: 15 02 00 00000099   jeq vhangup 0048 (false 0046)
 0046: 15 01 00 00000116   jeq vmsplice 0048 (false 0047)
 0047: 06 00 00 7fff0000   ret ALLOW
 0048: 06 00 00 00000000   ret KILL
Mount the new ld.so.preload file
Current directory: /home/user
Install protocol filter: unix,inet,inet6
configuring 14 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol (null) 
Build drop seccomp filter
sbox run: /run/firejail/lib/fseccomp drop /run/firejail/mnt/seccomp/seccomp /run/firejail/mnt/seccomp/seccomp.postexec @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice (null) 
sbox run: /run/firejail/lib/fsec-optimize /run/firejail/mnt/seccomp/seccomp (null) 
configuring 73 seccomp entries in /run/firejail/mnt/seccomp/seccomp
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp (null) 
seccomp filter configured
Mounting read-only /run/firejail/mnt/seccomp
Dropping all capabilities
noroot user namespace installed
Dropping all capabilities
NO_NEW_PRIVS set
Drop privileges: pid 1, uid 1000, gid 1000, nogroups 1
No supplementary groups
]0;firejail torbrowser-launcher Child process initialized in 240.61 ms
starting application
LD_PRELOAD=(null)
execvp argument 0: torbrowser-launcher
Gtk-Message: 13:29:44.439: Failed to load module "canberra-gtk-module"
Gtk-Message: 13:29:44.445: Failed to load module "canberra-gtk-module"
Qt: Session management error: None of the authentication protocols specified are supported
Launching './Browser/start-tor-browser --detach'...
Tor Browser Launcher
By Micah Lee, licensed under MIT
version 0.3.1
https://github.com/micahflee/torbrowser-launcher
Launching Tor Browser.
Running /home/user/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/start-tor-browser.desktop

Parent is shutting down, bye...
<!-- gh-comment-id:512819073 --> @ghost commented on GitHub (Jul 18, 2019): I see. I've added the allow-python profiles from this repository, and ran it again. I got the same result. Here's the log nevertheless: ``` Reading profile torbrowser-launcher.profile Reading profile /home/user/.config/firejail/allow-python2.inc Found allow-python2.inc profile in /home/user/.config/firejail directory Reading profile /home/user/.config/firejail/allow-python3.inc Found allow-python3.inc profile in /home/user/.config/firejail directory Reading profile /etc/firejail/disable-common.inc Found disable-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-devel.inc Found disable-devel.inc profile in /etc/firejail directory Reading profile /home/user/.config/firejail/disable-exec.inc Found disable-exec.inc profile in /home/user/.config/firejail directory Reading profile /etc/firejail/disable-interpreters.inc Found disable-interpreters.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-passwdmgr.inc Found disable-passwdmgr.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-programs.inc Found disable-programs.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-xdg.inc Found disable-xdg.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-common.inc Found whitelist-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-var-common.inc Found whitelist-var-common.inc profile in /etc/firejail directory Warning: networking feature is disabled in Firejail configuration file DISPLAY=:0 parsed as 0 Parent pid 15823, child pid 15825 Building quoted command line: 'torbrowser-launcher' Command name #torbrowser-launcher# Using the local network stack Warning fcopy: skipping /etc/alternatives/fakeroot.sv.1.gz, cannot find inode Warning fcopy: skipping /etc/alternatives/faked.sv.1.gz, cannot find inode Warning: file /etc/asound.conf not found. Warning: skipping asound.conf for private /etc Warning: file /etc/crypto-policies not found. Warning: skipping crypto-policies for private /etc Private /etc installed in 37.51 ms Building quoted command line: 'torbrowser-launcher' Command name #torbrowser-launcher# Using the local network stack Initializing child process PID namespace installed Mounting tmpfs on /run/firejail/mnt directory Creating empty /run/firejail/mnt/seccomp directory Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file Build protocol filter: unix,inet,inet6 sbox run: /run/firejail/lib/fseccomp protocol build unix,inet,inet6 /run/firejail/mnt/seccomp/seccomp.protocol (null) Basic read-only filesystem: Mounting read-only /etc Mounting noexec /etc Mounting read-only /var Mounting noexec /var Mounting read-only /bin Mounting read-only /sbin Mounting read-only /lib Mounting read-only /lib64 Mounting read-only /lib32 Mounting read-only /usr Mounting tmpfs on /var/lock Mounting tmpfs on /var/tmp Mounting tmpfs on /var/log Mounting tmpfs on /var/lib/dhcp Mounting tmpfs on /var/lib/nginx Mounting tmpfs on /var/lib/snmp Mounting tmpfs on /var/lib/sudo Mounting tmpfs on /var/cache/apache2 Mounting tmpfs on /var/cache/lighttpd Create the new utmp file Mount the new utmp file Cleaning /home directory Cleaning /run/user directory Sanitizing /etc/passwd, UID_MIN 1000 Sanitizing /etc/group, GID_MIN 1000 Disable /home/user/.config/firejail Disable /run/firejail/network Disable /run/firejail/bandwidth Disable /run/firejail/name Disable /run/firejail/x11 Mounting tmpfs on /dev mounting /run/firejail/mnt/dev/snd directory mounting /run/firejail/mnt/dev/dri directory Process /dev/shm directory Copying files in the new /etc directory: copying /etc/alsa to private /etc Creating empty /run/firejail/mnt/etc/alsa directory sbox run: /run/firejail/lib/fcopy /etc/alsa /run/firejail/mnt/etc/alsa (null) copying /etc/alternatives to private /etc Creating empty /run/firejail/mnt/etc/alternatives directory sbox run: /run/firejail/lib/fcopy /etc/alternatives /run/firejail/mnt/etc/alternatives (null) copying /etc/ca-certificates to private /etc Creating empty /run/firejail/mnt/etc/ca-certificates directory sbox run: /run/firejail/lib/fcopy /etc/ca-certificates /run/firejail/mnt/etc/ca-certificates (null) copying /etc/fonts to private /etc Creating empty /run/firejail/mnt/etc/fonts directory sbox run: /run/firejail/lib/fcopy /etc/fonts /run/firejail/mnt/etc/fonts (null) copying /etc/hostname to private /etc sbox run: /run/firejail/lib/fcopy /etc/hostname /run/firejail/mnt/etc (null) copying /etc/hosts to private /etc sbox run: /run/firejail/lib/fcopy /etc/hosts /run/firejail/mnt/etc (null) copying /etc/ld.so.cache to private /etc sbox run: /run/firejail/lib/fcopy /etc/ld.so.cache /run/firejail/mnt/etc (null) copying /etc/machine-id to private /etc sbox run: /run/firejail/lib/fcopy /etc/machine-id /run/firejail/mnt/etc (null) copying /etc/pki to private /etc Creating empty /run/firejail/mnt/etc/pki directory sbox run: /run/firejail/lib/fcopy /etc/pki /run/firejail/mnt/etc/pki (null) copying /etc/pulse to private /etc Creating empty /run/firejail/mnt/etc/pulse directory sbox run: /run/firejail/lib/fcopy /etc/pulse /run/firejail/mnt/etc/pulse (null) copying /etc/resolv.conf to private /etc sbox run: /run/firejail/lib/fcopy /etc/resolv.conf /run/firejail/mnt/etc (null) copying /etc/ssl to private /etc Creating empty /run/firejail/mnt/etc/ssl directory sbox run: /run/firejail/lib/fcopy /etc/ssl /run/firejail/mnt/etc/ssl (null) Mount-bind /run/firejail/mnt/etc on top of /etc Creating an empty /etc/ld.so.preload file Copying files in the new bin directory Checking /usr/local/bin/bash Checking /usr/bin/bash Checking /bin/bash sbox run: /run/firejail/lib/fcopy /bin/bash /run/firejail/mnt/bin (null) Checking /usr/local/bin/cp Checking /usr/bin/cp Checking /bin/cp sbox run: /run/firejail/lib/fcopy /bin/cp /run/firejail/mnt/bin (null) Checking /usr/local/bin/dirname Checking /usr/bin/dirname sbox run: /run/firejail/lib/fcopy /usr/bin/dirname /run/firejail/mnt/bin (null) Checking /usr/local/bin/env Checking /usr/bin/env sbox run: /run/firejail/lib/fcopy /usr/bin/env /run/firejail/mnt/bin (null) Checking /usr/local/bin/expr Checking /usr/bin/expr sbox run: /run/firejail/lib/fcopy /usr/bin/expr /run/firejail/mnt/bin (null) Checking /usr/local/bin/file Checking /usr/bin/file sbox run: /run/firejail/lib/fcopy /usr/bin/file /run/firejail/mnt/bin (null) Checking /usr/local/bin/getconf Checking /usr/bin/getconf sbox run: /run/firejail/lib/fcopy /usr/bin/getconf /run/firejail/mnt/bin (null) Checking /usr/local/bin/gpg Checking /usr/bin/gpg sbox run: /run/firejail/lib/fcopy /usr/bin/gpg /run/firejail/mnt/bin (null) Checking /usr/local/bin/grep Checking /usr/bin/grep Checking /bin/grep sbox run: /run/firejail/lib/fcopy /bin/grep /run/firejail/mnt/bin (null) Checking /usr/local/bin/id Checking /usr/bin/id sbox run: /run/firejail/lib/fcopy /usr/bin/id /run/firejail/mnt/bin (null) Checking /usr/local/bin/ln Checking /usr/bin/ln Checking /bin/ln sbox run: /run/firejail/lib/fcopy /bin/ln /run/firejail/mnt/bin (null) Checking /usr/local/bin/mkdir Checking /usr/bin/mkdir Checking /bin/mkdir sbox run: /run/firejail/lib/fcopy /bin/mkdir /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python-argcomplete-check-easy-install-script /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python-argcomplete-tcsh /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python2-pbr /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python2-wsdump /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python3-jsonschema /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python3-tor-prompt /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python3-wsdump /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python3.6 /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python3.6m /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/pythonect /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python2-futurize /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python2-pasteurize /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python2-qr /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python3-futurize /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python3-pasteurize /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python3-qr /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/x86_64-linux-gnu-python2.7-config /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python-config /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/x86_64-linux-gnu-python2.7-config /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python2-config /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python2.7 /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python2 /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python2.7 /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/x86_64-linux-gnu-python2.7-config /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python2.7-config /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcoWarning: file tor-browser-en not found 67 programs installed in 142.44 ms py /usr/bin/python2.7 /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/x86_64-linux-gnu-python3.7m-config /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python3.7-config /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/x86_64-linux-gnu-python3.7m-config /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python3.7m-config /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python3.7 /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python3.7m /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/x86_64-linux-gnu-python3.7m-config /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python3-config /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/x86_64-linux-gnu-python3.7m-config /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python3m-config /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python3.7 /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python3 /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python3.7m /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python3m /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/faraday /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python-faraday /run/firejail/mnt/bin (null) Checking /usr/local/bin/readlink Checking /usr/bin/readlink Checking /bin/readlink sbox run: /run/firejail/lib/fcopy /bin/readlink /run/firejail/mnt/bin (null) Checking /usr/local/bin/rm Checking /usr/bin/rm Checking /bin/rm sbox run: /run/firejail/lib/fcopy /bin/rm /run/firejail/mnt/bin (null) Checking /usr/local/bin/sed Checking /usr/bin/sed Checking /bin/sed sbox run: /run/firejail/lib/fcopy /bin/sed /run/firejail/mnt/bin (null) Checking /usr/local/bin/sh Checking /usr/bin/sh Checking /bin/sh sbox run: /run/firejail/lib/fcopy /bin/dash /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /bin/sh /run/firejail/mnt/bin (null) Checking /usr/local/bin/tail Checking /usr/bin/tail sbox run: /run/firejail/lib/fcopy /usr/bin/tail /run/firejail/mnt/bin (null) Checking /usr/local/bin/tar Checking /usr/bin/tar Checking /bin/tar sbox run: /run/firejail/lib/fcopy /bin/tar /run/firejail/mnt/bin (null) Checking /usr/local/bin/tclsh Checking /usr/bin/tclsh sbox run: /run/firejail/lib/fcopy /usr/bin/tclsh8.6 /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/tclsh /run/firejail/mnt/bin (null) Checking /usr/local/bin/test Checking /usr/bin/test sbox run: /run/firejail/lib/fcopy /usr/bin/test /run/firejail/mnt/bin (null) Checking /usr/local/bin/tor-browser-en Checking /usr/bin/tor-browser-en Checking /bin/tor-browser-en Checking /usr/games/tor-browser-en Checking /usr/local/games/tor-browser-en Checking /usr/local/sbin/tor-browser-en Checking /usr/sbin/tor-browser-en Checking /sbin/tor-browser-en Checking /usr/local/bin/torbrowser-launcher firejail exec symlink detected Checking /usr/bin/torbrowser-launcher sbox run: /run/firejail/lib/fcopy /usr/bin/torbrowser-launcher /run/firejail/mnt/bin (null) Checking /usr/local/bin/xz Checking /usr/bin/xz sbox run: /run/firejail/lib/fcopy /usr/bin/xz /run/firejail/mnt/bin (null) Mount-bind /run/firejail/mnt/bin on top of /usr/local/bin Mount-bind /run/firejail/mnt/bin on top of /usr/bin Mount-bind /run/firejail/mnt/bin on top of /bin Mount-bind /run/firejail/mnt/bin on top of /usr/games Mount-bind /run/firejail/mnt/bin on top of /usr/local/games Mount-bind /run/firejail/mnt/bin on top of /usr/local/sbin Mount-bind /run/firejail/mnt/bin on top of /usr/sbin Mount-bind /run/firejail/mnt/bin on top of /sbin Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Debug 409: new_name #/home/user/Downloads#, whitelist Debug 517: fname #/home/user/Downloads#, cfg.homedir #/home/user# Debug 409: new_name #/home/user/.config/torbrowser#, whitelist Debug 517: fname #/home/user/.config/torbrowser#, cfg.homedir #/home/user# Debug 409: new_name #/home/user/.local/share/torbrowser#, whitelist Debug 517: fname #/home/user/.local/share/torbrowser#, cfg.homedir #/home/user# Debug 409: new_name #/home/user/.XCompose#, whitelist blacklist /run/user/1000/bus blacklist /home/user/.dbus blacklist /run/dbus/system_bus_socket Remounting /proc and /proc/sys filesystems Remounting /sys directory Disable /sys/firmware Disable /sys/hypervisor Disable /sys/power Disable /sys/kernel/debug Disable /sys/kernel/vmcoreinfo Disable /proc/sys/fs/binfmt_misc Disable /proc/sys/kernel/core_pattern Disable /proc/sys/kernel/modprobe Disable /proc/sysrq-trigger Disable /proc/sys/vm/panic_on_oom Disable /proc/irq Disable /proc/bus Disable /proc/sched_debug Disable /proc/timer_list Disable /proc/kcore Disable /proc/kallsyms Disable /lib/modules Disable /usr/lib/debug Disable /boot Disable /run/user/1000/gnupg Disable /run/user/1000/systemd Disable /proc/kmsg Directory ${DOWNLOADS} resolved as Downloads Replaced whitelist path: whitelist /home/user/Downloads Replaced whitelist path: whitelist /home/user/.config/torbrowser Replaced whitelist path: whitelist /home/user/.local/share/torbrowser Removed whitelist/nowhitelist path: whitelist ${HOME}/.XCompose expanded: /home/user/.XCompose real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.asoundrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.asoundrc expanded: /home/user/.asoundrc real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.config/ibus#, whitelist Debug 517: fname #/home/user/.config/ibus#, cfg.homedir #/home/user# Debug 409: new_name #/home/user/.config/mimeapps.list#, whitelist Debug 517: fname #/home/user/.config/mimeapps.list#, cfg.homedir #/home/user# Debug 409: new_name #/home/user/.config/pkcs11#, whitelist Replaced whitelist path: whitelist /home/user/.config/ibus Replaced whitelist path: whitelist /home/user/.config/mimeapps.list Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/pkcs11 expanded: /home/user/.config/pkcs11 real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.config/user-dirs.dirs#, whitelist Debug 517: fname #/home/user/.config/user-dirs.dirs#, cfg.homedir #/home/user# Debug 409: new_name #/home/user/.drirc#, whitelist Replaced whitelist path: whitelist /home/user/.config/user-dirs.dirs Removed whitelist/nowhitelist path: whitelist ${HOME}/.drirc expanded: /home/user/.drirc real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.icons#, whitelist Debug 517: fname #/home/user/.icons#, cfg.homedir #/home/user# Debug 409: new_name #/home/user/.local/share/applications#, whitelist Debug 517: fname #/home/user/.local/share/applications#, cfg.homedir #/home/user# Debug 409: new_name #/home/user/.local/share/icons#, whitelist Replaced whitelist path: whitelist /home/user/.icons Replaced whitelist path: whitelist /home/user/.local/share/applications Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/icons expanded: /home/user/.local/share/icons real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.local/share/mime#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/mime expanded: /home/user/.local/share/mime real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.mime.types#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.mime.types expanded: /home/user/.mime.types real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.config/dconf#, whitelist Debug 517: fname #/home/user/.config/dconf#, cfg.homedir #/home/user# Debug 409: new_name #/home/user/.cache/fontconfig#, whitelist Debug 517: fname #/home/user/.cache/fontconfig#, cfg.homedir #/home/user# Debug 409: new_name #/home/user/.config/fontconfig#, whitelist Replaced whitelist path: whitelist /home/user/.config/dconf Replaced whitelist path: whitelist /home/user/.cache/fontconfig Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/fontconfig expanded: /home/user/.config/fontconfig real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.fontconfig#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fontconfig expanded: /home/user/.fontconfig real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.fonts#, whitelist Debug 517: fname #/home/user/.fonts#, cfg.homedir #/home/user# Debug 409: new_name #/home/user/.fonts.conf#, whitelist Replaced whitelist path: whitelist /home/user/.fonts Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf expanded: /home/user/.fonts.conf real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.fonts.conf.d#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf.d expanded: /home/user/.fonts.conf.d real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.fonts.d#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.d expanded: /home/user/.fonts.d real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.local/share/fonts#, whitelist Debug 517: fname #/home/user/.local/share/fonts#, cfg.homedir #/home/user# Debug 409: new_name #/home/user/.pangorc#, whitelist Replaced whitelist path: whitelist /home/user/.local/share/fonts Removed whitelist/nowhitelist path: whitelist ${HOME}/.pangorc expanded: /home/user/.pangorc real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.config/gtk-2.0#, whitelist Debug 517: fname #/home/user/.config/gtk-2.0#, cfg.homedir #/home/user# Debug 409: new_name #/home/user/.config/gtk-3.0#, whitelist Debug 517: fname #/home/user/.config/gtk-3.0#, cfg.homedir #/home/user# Debug 409: new_name #/home/user/.config/gtkrc#, whitelist Replaced whitelist path: whitelist /home/user/.config/gtk-2.0 Replaced whitelist path: whitelist /home/user/.config/gtk-3.0 Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc expanded: /home/user/.config/gtkrc real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.config/gtkrc-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc-2.0 expanded: /home/user/.config/gtkrc-2.0 real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.gnome2#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2 expanded: /home/user/.gnome2 real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.gnome2-private#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2-private expanded: /home/user/.gnome2-private real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.gtk-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtk-2.0 expanded: /home/user/.gtk-2.0 real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.gtkrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtkrc expanded: /home/user/.gtkrc real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.gtkrc-2.0#, whitelist Debug 517: fname #/home/user/.gtkrc-2.0#, cfg.homedir #/home/user# Debug 409: new_name #/home/user/.kde/share/config/gtkrc#, whitelist Replaced whitelist path: whitelist /home/user/.gtkrc-2.0 Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc expanded: /home/user/.kde/share/config/gtkrc real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.kde/share/config/gtkrc-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc-2.0 expanded: /home/user/.kde/share/config/gtkrc-2.0 real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.kde4/share/config/gtkrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc expanded: /home/user/.kde4/share/config/gtkrc real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.kde4/share/config/gtkrc-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc-2.0 expanded: /home/user/.kde4/share/config/gtkrc-2.0 real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.local/share/themes#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/themes expanded: /home/user/.local/share/themes real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.themes#, whitelist Debug 517: fname #/home/user/.themes#, cfg.homedir #/home/user# Debug 409: new_name #/home/user/.cache/kioexec/krun#, whitelist Replaced whitelist path: whitelist /home/user/.themes Removed whitelist/nowhitelist path: whitelist ${HOME}/.cache/kioexec/krun expanded: /home/user/.cache/kioexec/krun real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.config/Kvantum#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/Kvantum expanded: /home/user/.config/Kvantum real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.config/Trolltech.conf#, whitelist Debug 517: fname #/home/user/.config/Trolltech.conf#, cfg.homedir #/home/user# Debug 409: new_name #/home/user/.config/kdeglobals#, whitelist Debug 517: fname #/home/user/.config/kdeglobals#, cfg.homedir #/home/user# Debug 409: new_name #/home/user/.config/kio_httprc#, whitelist Replaced whitelist path: whitelist /home/user/.config/Trolltech.conf Replaced whitelist path: whitelist /home/user/.config/kdeglobals Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kio_httprc expanded: /home/user/.config/kio_httprc real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.config/kioslaverc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kioslaverc expanded: /home/user/.config/kioslaverc real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.config/ksslcablacklist#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/ksslcablacklist expanded: /home/user/.config/ksslcablacklist real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.config/qt5ct#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/qt5ct expanded: /home/user/.config/qt5ct real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.kde/share/config/kdeglobals#, whitelist Debug 517: fname #/home/user/.kde/share/config/kdeglobals#, cfg.homedir #/home/user# Debug 409: new_name #/home/user/.kde/share/config/kio_httprc#, whitelist Replaced whitelist path: whitelist /home/user/.kde/share/config/kdeglobals Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kio_httprc expanded: /home/user/.kde/share/config/kio_httprc real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.kde/share/config/kioslaverc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kioslaverc expanded: /home/user/.kde/share/config/kioslaverc real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.kde/share/config/ksslcablacklist#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/ksslcablacklist expanded: /home/user/.kde/share/config/ksslcablacklist real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.kde/share/config/oxygenrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/oxygenrc expanded: /home/user/.kde/share/config/oxygenrc real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.kde/share/icons#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/icons expanded: /home/user/.kde/share/icons real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.kde4/share/config/kdeglobals#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kdeglobals expanded: /home/user/.kde4/share/config/kdeglobals real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.kde4/share/config/kio_httprc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kio_httprc expanded: /home/user/.kde4/share/config/kio_httprc real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.kde4/share/config/kioslaverc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kioslaverc expanded: /home/user/.kde4/share/config/kioslaverc real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.kde4/share/config/ksslcablacklist#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/ksslcablacklist expanded: /home/user/.kde4/share/config/ksslcablacklist real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.kde4/share/config/oxygenrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/oxygenrc expanded: /home/user/.kde4/share/config/oxygenrc real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.kde4/share/icons#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/icons expanded: /home/user/.kde4/share/icons real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.local/share/qt5ct#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/qt5ct expanded: /home/user/.local/share/qt5ct real path: (null) realpath: No such file or directory Debug 409: new_name #/var/lib/dbus#, whitelist Debug 409: new_name #/var/lib/menu-xdg#, whitelist Debug 409: new_name #/var/cache/fontconfig#, whitelist Debug 409: new_name #/var/tmp#, whitelist Debug 409: new_name #/var/run#, whitelist Debug 409: new_name #/var/lock#, whitelist Debug 409: new_name #/tmp/.X11-unix#, whitelist Debug 409: new_name #/tmp/pulse-PKdhtXMmr18n#, whitelist Warning: cleaning all supplementary groups Warning: cleaning all supplementary groups Replaced whitelist path: whitelist /run Replaced whitelist path: whitelist /run/lock Mounting a new /home directory Mounting a new /root directory Create a new user directory Mounting tmpfs on /tmp directory Mounting tmpfs on /var directory Whitelisting /home/user/Downloads 2606 2591 0:24 /home/user/Downloads /home/user/Downloads rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/Downloads mountid=2606 fsname=/home/user/Downloads dir=/home/user/Downloads fstype=btrfs Whitelisting /home/user/.config/torbrowser 2607 2591 0:24 /home/user/.config/torbrowser /home/user/.config/torbrowser rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.config/torbrowser mountid=2607 fsname=/home/user/.config/torbrowser dir=/home/user/.config/torbrowser fstype=btrfs Whitelisting /home/user/.local/share/torbrowser 2608 2591 0:24 /home/user/.local/share/torbrowser /home/user/.local/share/torbrowser rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.local/share/torbrowser mountid=2608 fsname=/home/user/.local/share/torbrowser dir=/home/user/.local/share/torbrowser fstype=btrfs Whitelisting /home/user/.config/ibus 2609 2591 0:24 /home/user/.config/ibus /home/user/.config/ibus rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.config/ibus mountid=2609 fsname=/home/user/.config/ibus dir=/home/user/.config/ibus fstype=btrfs Whitelisting /home/user/.config/mimeapps.list 2610 2591 0:24 /home/user/.config/mimeapps.list /home/user/.config/mimeapps.list rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.config/mimeapps.list mountid=2610 fsname=/home/user/.config/mimeapps.list dir=/home/user/.config/mimeapps.list fstype=btrfs Whitelisting /home/user/.config/user-dirs.dirs 2611 2591 0:24 /home/user/.config/user-dirs.dirs /home/user/.config/user-dirs.dirs rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.config/user-dirs.dirs mountid=2611 fsname=/home/user/.config/user-dirs.dirs dir=/home/user/.config/user-dirs.dirs fstype=btrfs Whitelisting /home/user/.icons 2612 2591 0:24 /home/user/.icons /home/user/.icons rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.icons mountid=2612 fsname=/home/user/.icons dir=/home/user/.icons fstype=btrfs Whitelisting /home/user/.local/share/applications 2613 2591 0:24 /home/user/.local/share/applications /home/user/.local/share/applications rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.local/share/applications mountid=2613 fsname=/home/user/.local/share/applications dir=/home/user/.local/share/applications fstype=btrfs Whitelisting /home/user/.config/dconf 2614 2591 0:24 /home/user/.config/dconf /home/user/.config/dconf rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.config/dconf mountid=2614 fsname=/home/user/.config/dconf dir=/home/user/.config/dconf fstype=btrfs Whitelisting /home/user/.cache/fontconfig 2615 2591 0:24 /home/user/.cache/fontconfig /home/user/.cache/fontconfig rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.cache/fontconfig mountid=2615 fsname=/home/user/.cache/fontconfig dir=/home/user/.cache/fontconfig fstype=btrfs Whitelisting /home/user/.fonts 2616 2591 0:24 /home/user/.fonts /home/user/.fonts rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.fonts mountid=2616 fsname=/home/user/.fonts dir=/home/user/.fonts fstype=btrfs Whitelisting /home/user/.local/share/fonts 2617 2591 0:24 /home/user/.local/share/fonts /home/user/.local/share/fonts rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.local/share/fonts mountid=2617 fsname=/home/user/.local/share/fonts dir=/home/user/.local/share/fonts fstype=btrfs Whitelisting /home/user/.config/gtk-2.0 2618 2591 0:24 /home/user/.config/gtk-2.0 /home/user/.config/gtk-2.0 rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.config/gtk-2.0 mountid=2618 fsname=/home/user/.config/gtk-2.0 dir=/home/user/.config/gtk-2.0 fstype=btrfs Whitelisting /home/user/.config/gtk-3.0 2619 2591 0:24 /home/user/.config/gtk-3.0 /home/user/.config/gtk-3.0 rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.config/gtk-3.0 mountid=2619 fsname=/home/user/.config/gtk-3.0 dir=/home/user/.config/gtk-3.0 fstype=btrfs Whitelisting /home/user/.gtkrc-2.0 2620 2591 0:24 /home/user/.gtkrc-2.0 /home/user/.gtkrc-2.0 rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.gtkrc-2.0 mountid=2620 fsname=/home/user/.gtkrc-2.0 dir=/home/user/.gtkrc-2.0 fstype=btrfs Whitelisting /home/user/.themes 2621 2591 0:24 /home/user/.themes /home/user/.themes rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.themes mountid=2621 fsname=/home/user/.themes dir=/home/user/.themes fstype=btrfs Whitelisting /home/user/.config/Trolltech.conf 2622 2591 0:24 /home/user/.config/Trolltech.conf /home/user/.config/Trolltech.conf rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.config/Trolltech.conf mountid=2622 fsname=/home/user/.config/Trolltech.conf dir=/home/user/.config/Trolltech.conf fstype=btrfs Whitelisting /home/user/.config/kdeglobals 2623 2591 0:24 /home/user/.config/kdeglobals /home/user/.config/kdeglobals rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.config/kdeglobals mountid=2623 fsname=/home/user/.config/kdeglobals dir=/home/user/.config/kdeglobals fstype=btrfs Whitelisting /home/user/.kde/share/config/kdeglobals 2624 2591 0:24 /home/user/.kde/share/config/kdeglobals /home/user/.kde/share/config/kdeglobals rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/home/user/.kde/share/config/kdeglobals mountid=2624 fsname=/home/user/.kde/share/config/kdeglobals dir=/home/user/.kde/share/config/kdeglobals fstype=btrfs Whitelisting /var/lib/dbus 2625 2605 0:24 /var/lib/dbus /var/lib/dbus ro,nosuid,nodev,noexec,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/var/lib/dbus mountid=2625 fsname=/var/lib/dbus dir=/var/lib/dbus fstype=btrfs Whitelisting /var/lib/menu-xdg 2626 2605 0:24 /var/lib/menu-xdg /var/lib/menu-xdg ro,nosuid,nodev,noexec,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/var/lib/menu-xdg mountid=2626 fsname=/var/lib/menu-xdg dir=/var/lib/menu-xdg fstype=btrfs Whitelisting /var/cache/fontconfig 2627 2605 0:24 /var/cache/fontconfig /var/cache/fontconfig ro,nosuid,nodev,noexec,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/var/cache/fontconfig mountid=2627 fsname=/var/cache/fontconfig dir=/var/cache/fontconfig fstype=btrfs Whitelisting /var/tmp 2628 2605 0:125 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw mountid=2628 fsname=/ dir=/var/tmp fstype=tmpfs Created symbolic link /var/run -> /run Created symbolic link /var/lock -> /run/lock Whitelisting /tmp/.X11-unix 2629 2594 0:24 /tmp/.X11-unix /tmp/.X11-unix rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/tmp/.X11-unix mountid=2629 fsname=/tmp/.X11-unix dir=/tmp/.X11-unix fstype=btrfs Whitelisting /tmp/pulse-PKdhtXMmr18n 2630 2594 0:24 /tmp/pulse-PKdhtXMmr18n /tmp/pulse-PKdhtXMmr18n rw,relatime master:1 - btrfs /dev/mapper/parrot--vg-root rw,space_cache,subvolid=5,subvol=/tmp/pulse-PKdhtXMmr18n mountid=2630 fsname=/tmp/pulse-PKdhtXMmr18n dir=/tmp/pulse-PKdhtXMmr18n fstype=btrfs Mounting read-only /home/user/.Xauthority Mounting read-only /home/user/.config/kdeglobals Mounting read-only /home/user/.kde/share/config/kdeglobals Disable /run/docker.sock (requested /var/run/docker.sock) Mounting read-only /home/user/.local/share/applications Disable /sbin Disable /usr/local/sbin Disable /usr/sbin Disable /usr/share/flatpak Disable /usr/include Disable /usr/share/java Disable /usr/lib/valgrind Mounting noexec /run/user/1000 Mounting noexec /dev/shm Mounting noexec /tmp Mounting noexec /tmp/.X11-unix Mounting noexec /tmp/pulse-PKdhtXMmr18n Disable /usr/share/lua Disable /usr/lib/perl6 Disable /usr/share/perl Disable /usr/share/perl-openssl-defaults Disable /usr/share/perl5 Disable /usr/lib/php Disable /usr/share/php7.3-common Disable /usr/share/php7.3-json Disable /usr/share/php7.3-mysql Disable /usr/share/php7.3-opcache Disable /usr/share/php7.3-pgsql Disable /usr/share/php7.3-readline Disable /usr/share/php7.3-sqlite3 Disable /usr/lib/ruby Not blacklist /home/user/.local/bin/python2* Not blacklist /snap/bin/python2* Not blacklist /usr/local/sbin/python2* Not blacklist /usr/sbin/python2* Not blacklist /sbin/python2* Not blacklist /usr/local/bin/python2.7-config Not blacklist /usr/local/bin/python2 Not blacklist /usr/local/bin/python2.7 Not blacklist /usr/local/bin/python2-config Not blacklist /usr/local/bin/python2-qr Not blacklist /usr/local/bin/python2-pasteurize Not blacklist /usr/local/bin/python2-futurize Not blacklist /usr/local/bin/python2-wsdump Not blacklist /usr/local/bin/python2-pbr Not blacklist /usr/bin/python2.7-config Not blacklist /usr/bin/python2 Not blacklist /usr/bin/python2.7 Not blacklist /usr/bin/python2-config Not blacklist /usr/bin/python2-qr Not blacklist /usr/bin/python2-pasteurize Not blacklist /usr/bin/python2-futurize Not blacklist /usr/bin/python2-wsdump Not blacklist /usr/bin/python2-pbr Not blacklist /bin/python2.7-config Not blacklist /bin/python2 Not blacklist /bin/python2.7 Not blacklist /bin/python2-config Not blacklist /bin/python2-qr Not blacklist /bin/python2-pasteurize Not blacklist /bin/python2-futurize Not blacklist /bin/python2-wsdump Not blacklist /bin/python2-pbr Not blacklist /usr/local/games/python2.7-config Not blacklist /usr/local/games/python2 Not blacklist /usr/local/games/python2.7 Not blacklist /usr/local/games/python2-config Not blacklist /usr/local/games/python2-qr Not blacklist /usr/local/games/python2-pasteurize Not blacklist /usr/local/games/python2-futurize Not blacklist /usr/local/games/python2-wsdump Not blacklist /usr/local/games/python2-pbr Not blacklist /usr/games/python2.7-config Not blacklist /usr/games/python2 Not blacklist /usr/games/python2.7 Not blacklist /usr/games/python2-config Not blacklist /usr/games/python2-qr Not blacklist /usr/games/python2-pasteurize Not blacklist /usr/games/python2-futurize Not blacklist /usr/games/python2-wsdump Not blacklist /usr/games/python2-pbr Not blacklist /usr/include/python2* Not blacklist /usr/lib/python2.6 Not blacklist /usr/lib/python2.7 Not blacklist /usr/local/lib/python2.7 Not blacklist /usr/share/python2* Not blacklist /home/user/.local/bin/python3* Not blacklist /snap/bin/python3* Not blacklist /usr/local/sbin/python3* Not blacklist /usr/sbin/python3* Not blacklist /sbin/python3* Not blacklist /usr/local/bin/python3m Not blacklist /usr/local/bin/python3 Not blacklist /usr/local/bin/python3m-config Not blacklist /usr/local/bin/python3-config Not blacklist /usr/local/bin/python3.7m Not blacklist /usr/local/bin/python3.7 Not blacklist /usr/local/bin/python3.7m-config Not blacklist /usr/local/bin/python3.7-config Not blacklist /usr/local/bin/python3-qr Not blacklist /usr/local/bin/python3-pasteurize Not blacklist /usr/local/bin/python3-futurize Not blacklist /usr/local/bin/python3.6m Not blacklist /usr/local/bin/python3.6 Not blacklist /usr/local/bin/python3-wsdump Not blacklist /usr/local/bin/python3-tor-prompt Not blacklist /usr/local/bin/python3-jsonschema Not blacklist /usr/bin/python3m Not blacklist /usr/bin/python3 Not blacklist /usr/bin/python3m-config Not blacklist /usr/bin/python3-config Not blacklist /usr/bin/python3.7m Not blacklist /usr/bin/python3.7 Not blacklist /usr/bin/python3.7m-config Not blacklist /usr/bin/python3.7-config Not blacklist /usr/bin/python3-qr Not blaWarning: cleaning all supplementary groups Post-exec seccomp protector enabled cklist /usr/bin/python3-pasteurize Not blacklist /usr/bin/python3-futurize Not blacklist /usr/bin/python3.6m Not blacklist /usr/bin/python3.6 Not blacklist /usr/bin/python3-wsdump Not blacklist /usr/bin/python3-tor-prompt Not blacklist /usr/bin/python3-jsonschema Not blacklist /bin/python3m Not blacklist /bin/python3 Not blacklist /bin/python3m-config Not blacklist /bin/python3-config Not blacklist /bin/python3.7m Not blacklist /bin/python3.7 Not blacklist /bin/python3.7m-config Not blacklist /bin/python3.7-config Not blacklist /bin/python3-qr Not blacklist /bin/python3-pasteurize Not blacklist /bin/python3-futurize Not blacklist /bin/python3.6m Not blacklist /bin/python3.6 Not blacklist /bin/python3-wsdump Not blacklist /bin/python3-tor-prompt Not blacklist /bin/python3-jsonschema Not blacklist /usr/local/games/python3m Not blacklist /usr/local/games/python3 Not blacklist /usr/local/games/python3m-config Not blacklist /usr/local/games/python3-config Not blacklist /usr/local/games/python3.7m Not blacklist /usr/local/games/python3.7 Not blacklist /usr/local/games/python3.7m-config Not blacklist /usr/local/games/python3.7-config Not blacklist /usr/local/games/python3-qr Not blacklist /usr/local/games/python3-pasteurize Not blacklist /usr/local/games/python3-futurize Not blacklist /usr/local/games/python3.6m Not blacklist /usr/local/games/python3.6 Not blacklist /usr/local/games/python3-wsdump Not blacklist /usr/local/games/python3-tor-prompt Not blacklist /usr/local/games/python3-jsonschema Not blacklist /usr/games/python3m Not blacklist /usr/games/python3 Not blacklist /usr/games/python3m-config Not blacklist /usr/games/python3-config Not blacklist /usr/games/python3.7m Not blacklist /usr/games/python3.7 Not blacklist /usr/games/python3.7m-config Not blacklist /usr/games/python3.7-config Not blacklist /usr/games/python3-qr Not blacklist /usr/games/python3-pasteurize Not blacklist /usr/games/python3-futurize Not blacklist /usr/games/python3.6m Not blacklist /usr/games/python3.6 Not blacklist /usr/games/python3-wsdump Not blacklist /usr/games/python3-tor-prompt Not blacklist /usr/games/python3-jsonschema Not blacklist /usr/include/python3* Not blacklist /usr/lib/python3 Not blacklist /usr/lib/python3.6 Not blacklist /usr/lib/python3.7 Not blacklist /usr/local/lib/python3.6 Not blacklist /usr/local/lib/python3.7 Not blacklist /usr/share/python3 Not blacklist /usr/share/python3-plotly Not blacklist /home/user/.config/torbrowser Not blacklist /home/user/.local/share/torbrowser Mounting read-only /home/user/.config/user-dirs.dirs Mounting read-only /tmp/.X11-unix Disable /sys/fs Disable /sys/module Disable /mnt Disable /media Disable /run/mount Mounting noexec /run/firejail/mnt/pulse Creating empty /home/user/.config/pulse directory 2680 2591 0:123 /pulse /home/user/.config/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755 mountid=2680 fsname=/pulse dir=/home/user/.config/pulse fstype=tmpfs blacklist /dev/dvb blacklist /dev/sr0 blacklist /dev/hidraw0 blacklist /dev/hidraw1 blacklist /dev/hidraw2 blacklist /dev/hidraw3 blacklist /dev/hidraw4 blacklist /dev/hidraw5 blacklist /dev/hidraw6 blacklist /dev/hidraw7 blacklist /dev/hidraw8 blacklist /dev/hidraw9 blacklist /dev/usb blacklist /dev/video0 blacklist /dev/video1 blacklist /dev/video2 blacklist /dev/video3 blacklist /dev/video4 blacklist /dev/video5 blacklist /dev/video6 blacklist /dev/video7 blacklist /dev/video8 blacklist /dev/video9 Create the new ld.so.preload file DISPLAY=:0 parsed as 0 line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 15 01 00 00000029 jeq socket 0006 (false 0005) 0005: 06 00 00 7fff0000 ret ALLOW 0006: 20 00 00 00000010 ld data.args[0] 0007: 15 00 01 00000001 jeq 1 0008 (false 0009) 0008: 06 00 00 7fff0000 ret ALLOW 0009: 15 00 01 00000002 jeq 2 000a (false 000b) 000a: 06 00 00 7fff0000 ret ALLOW 000b: 15 00 01 0000000a jeq a 000c (false 000d) 000c: 06 00 00 7fff0000 ret ALLOW 000d: 06 00 00 0005005f ret ERRNO(95) Seccomp list in: @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice, check list: @default-keep, prelist: adjtimex,clock_adjtime,clock_settime,settimeofday,modify_ldt,lookup_dcookie,perf_event_open,process_vm_writev,delete_module,finit_module,init_module,_sysctl,afs_syscall,create_module,get_kernel_syms,getpmsg,putpmsg,query_module,security,sysfs,tuxcall,uselib,ustat,vserver,ioperm,iopl,kexec_load,kexec_file_load,reboot,set_mempolicy,migrate_pages,move_pages,mbind,swapon,swapoff,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount2,userfaultfd,vhangup,vmsplice, line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005) 0005: 35 01 00 00000000 jge read 0007 (false 0006) 0006: 06 00 00 00050001 ret ERRNO(1) 0007: 15 40 00 0000009f jeq adjtimex 0048 (false 0008) 0008: 15 3f 00 00000131 jeq clock_adjtime 0048 (false 0009) 0009: 15 3e 00 000000e3 jeq clock_settime 0048 (false 000a) 000a: 15 3d 00 000000a4 jeq settimeofday 0048 (false 000b) 000b: 15 3c 00 0000009a jeq modify_ldt 0048 (false 000c) 000c: 15 3b 00 000000d4 jeq lookup_dcookie 0048 (false 000d) 000d: 15 3a 00 0000012a jeq perf_event_open 0048 (false 000e) 000e: 15 39 00 00000137 jeq process_vm_writev 0048 (false 000f) 000f: 15 38 00 000000b0 jeq delete_module 0048 (false 0010) 0010: 15 37 00 00000139 jeq finit_module 0048 (false 0011) 0011: 15 36 00 000000af jeq init_module 0048 (false 0012) 0012: 15 35 00 0000009c jeq _sysctl 0048 (false 0013) 0013: 15 34 00 000000b7 jeq afs_syscall 0048 (false 0014) 0014: 15 33 00 000000ae jeq create_module 0048 (false 0015) 0015: 15 32 00 000000b1 jeq get_kernel_syms 0048 (false 0016) 0016: 15 31 00 000000b5 jeq getpmsg 0048 (false 0017) 0017: 15 30 00 000000b6 jeq putpmsg 0048 (false 0018) 0018: 15 2f 00 000000b2 jeq query_module 0048 (false 0019) 0019: 15 2e 00 000000b9 jeq security 0048 (false 001a) 001a: 15 2d 00 0000008b jeq sysfs 0048 (false 001b) 001b: 15 2c 00 000000b8 jeq tuxcall 0048 (false 001c) 001c: 15 2b 00 00000086 jeq uselib 0048 (false 001d) 001d: 15 2a 00 00000088 jeq ustat 0048 (false 001e) 001e: 15 29 00 000000ec jeq vserver 0048 (false 001f) 001f: 15 28 00 000000ad jeq ioperm 0048 (false 0020) 0020: 15 27 00 000000ac jeq iopl 0048 (false 0021) 0021: 15 26 00 000000f6 jeq kexec_load 0048 (false 0022) 0022: 15 25 00 00000140 jeq kexec_file_load 0048 (false 0023) 0023: 15 24 00 000000a9 jeq reboot 0048 (false 0024) 0024: 15 23 00 000000ee jeq set_mempolicy 0048 (false 0025) 0025: 15 22 00 00000100 jeq migrate_pages 0048 (false 0026) 0026: 15 21 00 00000117 jeq move_pages 0048 (false 0027) 0027: 15 20 00 000000ed jeq mbind 0048 (false 0028) 0028: 15 1f 00 000000a7 jeq swapon 0048 (false 0029) 0029: 15 1e 00 000000a8 jeq swapoff 0048 (false 002a) 002a: 15 1d 00 000000a3 jeq acct 0048 (false 002b) 002b: 15 1c 00 000000f8 jeq add_key 0048 (false 002c) 002c: 15 1b 00 00000141 jeq bpf 0048 (false 002d) 002d: 15 1a 00 0000012c jeq fanotify_init 0048 (false 002e) 002e: 15 19 00 000000d2 jeq io_cancel 0048 (false 002f) 002f: 15 18 00 000000cf jeq io_destroy 0048 (false 0030) 0030: 15 17 00 000000d0 jeq io_getevents 0048 (false 0031) 0031: 15 16 00 000000ce jeq io_setup 0048 (false 0032) 0032: 15 15 00 000000d1 jeq io_submit 0048 (false 0033) 0033: 15 14 00 000000fb jeq ioprio_set 0048 (false 0034) 0034: 15 13 00 00000138 jeq kcmp 0048 (false 0035) 0035: 15 12 00 000000fa jeq keyctl 0048 (false 0036) 0036: 15 11 00 000000a5 jeq mount 0048 (false 0037) 0037: 15 10 00 0000012f jeq name_to_handle_at 0048 (false 0038) 0038: 15 0f 00 000000b4 jeq nfsservctl 0048 (false 0039) 0039: 15 0e 00 00000130 jeq open_by_handle_at 0048 (false 003a) 003a: 15 0d 00 00000087 jeq personality 0048 (false 003b) 003b: 15 0c 00 0000009b jeq pivot_root 0048 (false 003c) 003c: 15 0b 00 00000136 jeq process_vm_readv 0048 (false 003d) 003d: 15 0a 00 00000065 jeq ptrace 0048 (false 003e) 003e: 15 09 00 000000d8 jeq remap_file_pages 0048 (false 003f) 003f: 15 08 00 000000f9 jeq request_key 0048 (false 0040) 0040: 15 07 00 000000ab jeq setdomainname 0048 (false 0041) 0041: 15 06 00 000000aa jeq sethostname 0048 (false 0042) 0042: 15 05 00 00000067 jeq syslog 0048 (false 0043) 0043: 15 04 00 000000a6 jeq umount2 0048 (false 0044) 0044: 15 03 00 00000143 jeq userfaultfd 0048 (false 0045) 0045: 15 02 00 00000099 jeq vhangup 0048 (false 0046) 0046: 15 01 00 00000116 jeq vmsplice 0048 (false 0047) 0047: 06 00 00 7fff0000 ret ALLOW 0048: 06 00 00 00000000 ret KILL Mount the new ld.so.preload file Current directory: /home/user Install protocol filter: unix,inet,inet6 configuring 14 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol (null) Build drop seccomp filter sbox run: /run/firejail/lib/fseccomp drop /run/firejail/mnt/seccomp/seccomp /run/firejail/mnt/seccomp/seccomp.postexec @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice (null) sbox run: /run/firejail/lib/fsec-optimize /run/firejail/mnt/seccomp/seccomp (null) configuring 73 seccomp entries in /run/firejail/mnt/seccomp/seccomp sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp (null) seccomp filter configured Mounting read-only /run/firejail/mnt/seccomp Dropping all capabilities noroot user namespace installed Dropping all capabilities NO_NEW_PRIVS set Drop privileges: pid 1, uid 1000, gid 1000, nogroups 1 No supplementary groups ]0;firejail torbrowser-launcher Child process initialized in 240.61 ms starting application LD_PRELOAD=(null) execvp argument 0: torbrowser-launcher Gtk-Message: 13:29:44.439: Failed to load module "canberra-gtk-module" Gtk-Message: 13:29:44.445: Failed to load module "canberra-gtk-module" Qt: Session management error: None of the authentication protocols specified are supported Launching './Browser/start-tor-browser --detach'... Tor Browser Launcher By Micah Lee, licensed under MIT version 0.3.1 https://github.com/micahflee/torbrowser-launcher Launching Tor Browser. Running /home/user/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/start-tor-browser.desktop Parent is shutting down, bye... ```
gitea-mirror commented 2026-05-05 08:27:29 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Jul 18, 2019):

works firejail --noprofile torbrowser-launcher?

BTW:

<details>
<summary>firejail --debug torbrowser-launcher</summary>

` ` `
DEBUG LOG
` ` `

</details>
firejail --debug torbrowser-launcher 
DEBUG LOG
<!-- gh-comment-id:512821819 --> @rusty-snake commented on GitHub (Jul 18, 2019): works `firejail --noprofile torbrowser-launcher`? *** BTW: ```html <details> <summary>firejail --debug torbrowser-launcher</summary> ` ` ` DEBUG LOG ` ` ` </details> ``` <details> <summary>firejail --debug torbrowser-launcher</summary> ``` DEBUG LOG ``` </details>
gitea-mirror commented 2026-05-05 08:27:30 -06:00
Author
Owner
Copy link

@ghost commented on GitHub (Jul 18, 2019):

It works. By the way, I fixed the Gtk-Message: 21:25:09.394: Failed to load module "canberra-gtk-module" warning. I just had to install libcanberra-gtk-module.

<!-- gh-comment-id:512823056 --> @ghost commented on GitHub (Jul 18, 2019): It works. By the way, I fixed the `Gtk-Message: 21:25:09.394: Failed to load module "canberra-gtk-module"` warning. I just had to install `libcanberra-gtk-module`.
gitea-mirror commented 2026-05-05 08:27:31 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Jul 18, 2019):

firejail --profile=torbrowser-launcher $HOME/.local/share/torbrowser/tbb/x86_64/tor-browser_de/Browser/start-tor-browser --detach

<!-- gh-comment-id:512824182 --> @rusty-snake commented on GitHub (Jul 18, 2019): `firejail --profile=torbrowser-launcher $HOME/.local/share/torbrowser/tbb/x86_64/tor-browser_de/Browser/start-tor-browser --detach`
gitea-mirror commented 2026-05-05 08:27:31 -06:00
Author
Owner
Copy link

@ghost commented on GitHub (Jul 18, 2019):

Same result. By the way, that line Warning: networking feature is disabled in Firejail configuration file in the debug log, is it to be expected?

> firejail --profile=torbrowser-launcher.profile $HOME/.local/share/torbrowser/tbb/x86_64/tor-browser_en
-US/Browser/start-tor-browser --detach
Reading profile torbrowser-launcher.profile
Reading profile /home/user/.config/firejail/allow-python2.inc                                          
Reading profile /home/user/.config/firejail/allow-python3.inc                                          
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /home/user/.config/firejail/disable-exec.inc                                           
Reading profile /etc/firejail/disable-interpreters.inc                                                 
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc                                                 
Warning: networking feature is disabled in Firejail configuration file                                 
Parent pid 32767, child pid 300
Warning fcopy: skipping /etc/alternatives/fakeroot.sv.1.gz, cannot find inode                          
Warning fcopy: skipping /etc/alternatives/faked.sv.1.gz, cannot find inode                             
Warning: skipping asound.conf for private /etc
Warning: skipping crypto-policies for private /etc
Private /etc installed in 40.10 ms
67 programs installed in 156.33 ms
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Warning: cleaning all supplementary groups
Warning: cleaning all supplementary groups
Warning: cleaning all supplementary groups
Post-exec seccomp protector enabled
Seccomp list in: @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice, check list: @default-keep, prelist: adjtimex,clock_adjtime,clock_settime,settimeofday,modify_ldt,lookup_dcookie,perf_event_open,process_vm_writev,delete_module,finit_module,init_module,_sysctl,afs_syscall,create_module,get_kernel_syms,getpmsg,putpmsg,query_module,security,sysfs,tuxcall,uselib,ustat,vserver,ioperm,iopl,kexec_load,kexec_file_load,reboot,set_mempolicy,migrate_pages,move_pages,mbind,swapon,swapoff,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount2,userfaultfd,vhangup,vmsplice, 
Child process initialized in 262.21 ms

Parent is shutting down, bye...
>
<!-- gh-comment-id:512833397 --> @ghost commented on GitHub (Jul 18, 2019): Same result. By the way, that line `Warning: networking feature is disabled in Firejail configuration file` in the debug log, is it to be expected? ``` > firejail --profile=torbrowser-launcher.profile $HOME/.local/share/torbrowser/tbb/x86_64/tor-browser_en -US/Browser/start-tor-browser --detach Reading profile torbrowser-launcher.profile Reading profile /home/user/.config/firejail/allow-python2.inc Reading profile /home/user/.config/firejail/allow-python3.inc Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /home/user/.config/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-passwdmgr.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-xdg.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Warning: networking feature is disabled in Firejail configuration file Parent pid 32767, child pid 300 Warning fcopy: skipping /etc/alternatives/fakeroot.sv.1.gz, cannot find inode Warning fcopy: skipping /etc/alternatives/faked.sv.1.gz, cannot find inode Warning: skipping asound.conf for private /etc Warning: skipping crypto-policies for private /etc Private /etc installed in 40.10 ms 67 programs installed in 156.33 ms Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Warning: cleaning all supplementary groups Warning: cleaning all supplementary groups Warning: cleaning all supplementary groups Post-exec seccomp protector enabled Seccomp list in: @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice, check list: @default-keep, prelist: adjtimex,clock_adjtime,clock_settime,settimeofday,modify_ldt,lookup_dcookie,perf_event_open,process_vm_writev,delete_module,finit_module,init_module,_sysctl,afs_syscall,create_module,get_kernel_syms,getpmsg,putpmsg,query_module,security,sysfs,tuxcall,uselib,ustat,vserver,ioperm,iopl,kexec_load,kexec_file_load,reboot,set_mempolicy,migrate_pages,move_pages,mbind,swapon,swapoff,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount2,userfaultfd,vhangup,vmsplice, Child process initialized in 262.21 ms Parent is shutting down, bye... > ```
gitea-mirror commented 2026-05-05 08:27:32 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Jul 18, 2019):

Warning: networking feature is disabled in Firejail configuration file in the debug log, is it to be expected?

If you disabled it in /etc/firejail/firejail.config.

What is in ~/.config/firejail/disable-exec.inc?
Distro?

<!-- gh-comment-id:512836567 --> @rusty-snake commented on GitHub (Jul 18, 2019): > `Warning: networking feature is disabled in Firejail configuration file` in the debug log, is it to be expected? If you disabled it in `/etc/firejail/firejail.config`. What is in `~/.config/firejail/disable-exec.inc`? Distro?
gitea-mirror commented 2026-05-05 08:27:33 -06:00
Author
Owner
Copy link

@ghost commented on GitHub (Jul 18, 2019):

Distro:

Linux parrot 5.1.0-parrot1-3t-amd64 #1 SMP Parrot 5.1.3-1parrot1.3t (2019-05-20) x86_64 GNU/Linux

The contents of ~/.config/firejail/disable-exec.inc:

# This file is overwritten during software install.
# Persistent customizations should go in a .local file.
include disable-exec.local

noexec ${HOME}
noexec ${RUNUSER}
noexec /dev/shm
noexec /tmp
# /var/tmp is noexec by default
# just in case there is a keep-var-tmp option:
noexec /var/tmp

The contents of /etc/firejail/firejail.config (I don't remember ever touching it):

# This is Firejail system-wide configuration file.  The file contains
# keyword-argument pairs, one per line. Most features are enabled by default.
# Use 'yes' or 'no' as configuration values.

# Enable AppArmor functionality, default enabled.
# apparmor yes

# Number of ARP probes sent when assigning an IP address for --net option,
# default 2. This is a partial implementation of RFC 5227. A 0.5 seconds
# timeout is implemented for each probe. Increase this number to 4 if your
# local layer 2 network uses RSTP (IEEE 802.1w). Permitted values are
# between 1 and 30.
# arp-probes 2

# Enable or disable bind support, default enabled.
# bind yes

# Allow (DRM) execution in browsers, default disabled.
# browser-allow-drm no

# Disable U2F in browsers, default enabled.
# browser-disable-u2f yes

# Enable or disable cgroup support, default enabled.
cgroup no

# Enable or disable chroot support, default enabled.
# chroot yes

# Enable or disable dbus handling by --nodbus flag, default enabled.
# dbus yes

# Disable /mnt, /media, /run/mount and /run/media access. By default access
# to these directories is enabled. Unlike --disable-mnt profile option this
# cannot be overridden by --noblacklist or --ignore.
# disable-mnt no

# Enable or disable file transfer support, default enabled.
# file-transfer yes

# Enable Firejail green prompt in terminal, default disabled
# firejail-prompt no

# Follow symlink as user. While using --whitelist feature,
# symlinks pointing outside home directory are followed only
# if both the link and the real file are owned by the user.
# Enabled by default
# follow-symlink-as-user yes

# Force use of nonewprivs.  This mitigates the possibility of
# a user abusing firejail's features to trick a privileged (suid
# or file capabilities) process into loading code or configuration
# that is partially under their control.  Default disabled.
# force-nonewprivs no

# Allow sandbox joining as a regular user, default enabled.
# root user can always join sandboxes.
# join yes

# Enable or disable sandbox name change, default enabled.
# name-change yes

# Enable or disable networking features, default enabled.
# network yes

# Enable or disable overlayfs features, default enabled.
# overlayfs yes

# Remove /usr/local directories from private-bin list, default disabled.
# private-bin-no-local no

# Enable or disable private-home feature, default enabled
# private-home yes

# Enable or disable private-cache feature, default enabled
# private-cache yes

# Enable or disable private-lib feature, default enabled
# private-lib yes

# Enable --quiet as default every time the sandbox is started. Default disabled.
# quiet-by-default no

# Enable or disable restricted network support, default disabled. If enabled,
# networking features should also be enabled (network yes).
# Restricted networking grants access to --interface, --net=ethXXX and
# --netfilter only to root user. Regular users are only allowed --net=none.
restricted-network yes

# Change default netfilter configuration. When using --netfilter option without
# a file argument, the default filter is hardcoded (see man 1 firejail). This
# configuration entry allows the user to change the default by specifying
# a file containing the filter configuration. The filter file format is the
# format of  iptables-save  and iptable-restore commands. Example:
# netfilter-default /etc/iptables.iptables.rules

# Enable or disable seccomp support, default enabled.
# seccomp yes

# Enable or disable user namespace support, default enabled.
# userns yes

# Enable or disable whitelisting support, default enabled.
# whitelist yes

# Enable or disable X11 sandboxing support, default enabled.
# x11 yes

# Screen size for --x11=xephyr, default 800x600. Run /usr/bin/xrandr for
# a full list of resolutions available on your specific setup.
# xephyr-screen 640x480
# xephyr-screen 800x600
# xephyr-screen 1024x768
# xephyr-screen 1280x1024

# Firejail window title in Xephyr, default enabled.
# xephyr-window-title yes

# Xephyr command extra parameters. None by default; these are examples.
# xephyr-extra-params -keybd ephyr,,,xkbmodel=evdev
# xephyr-extra-params -grayscale

# Xpra server command extra parameters. None by default; this is an example.
# xpra-extra-params --dpi 96

# Enable this option if you have a version of Xpra that supports --attach switch
# for start command, default disabled.
# xpra-attach no

# Screen size for --x11=xvfb, default 800x600x24.  The third dimension is
# color depth; use 24 unless you know exactly what you're doing.
# xvfb-screen 640x480x24
# xvfb-screen 800x600x24
# xvfb-screen 1024x768x24
# xvfb-screen 1280x1024x24

# Xvfb command extra parameters.  None by default; this is an example.
# xvfb-extra-params -pixdepths 8 24 32
<!-- gh-comment-id:512839269 --> @ghost commented on GitHub (Jul 18, 2019): Distro: ``` Linux parrot 5.1.0-parrot1-3t-amd64 #1 SMP Parrot 5.1.3-1parrot1.3t (2019-05-20) x86_64 GNU/Linux ``` The contents of `~/.config/firejail/disable-exec.inc`: ``` # This file is overwritten during software install. # Persistent customizations should go in a .local file. include disable-exec.local noexec ${HOME} noexec ${RUNUSER} noexec /dev/shm noexec /tmp # /var/tmp is noexec by default # just in case there is a keep-var-tmp option: noexec /var/tmp ``` The contents of `/etc/firejail/firejail.config` (I don't remember ever touching it): ``` # This is Firejail system-wide configuration file. The file contains # keyword-argument pairs, one per line. Most features are enabled by default. # Use 'yes' or 'no' as configuration values. # Enable AppArmor functionality, default enabled. # apparmor yes # Number of ARP probes sent when assigning an IP address for --net option, # default 2. This is a partial implementation of RFC 5227. A 0.5 seconds # timeout is implemented for each probe. Increase this number to 4 if your # local layer 2 network uses RSTP (IEEE 802.1w). Permitted values are # between 1 and 30. # arp-probes 2 # Enable or disable bind support, default enabled. # bind yes # Allow (DRM) execution in browsers, default disabled. # browser-allow-drm no # Disable U2F in browsers, default enabled. # browser-disable-u2f yes # Enable or disable cgroup support, default enabled. cgroup no # Enable or disable chroot support, default enabled. # chroot yes # Enable or disable dbus handling by --nodbus flag, default enabled. # dbus yes # Disable /mnt, /media, /run/mount and /run/media access. By default access # to these directories is enabled. Unlike --disable-mnt profile option this # cannot be overridden by --noblacklist or --ignore. # disable-mnt no # Enable or disable file transfer support, default enabled. # file-transfer yes # Enable Firejail green prompt in terminal, default disabled # firejail-prompt no # Follow symlink as user. While using --whitelist feature, # symlinks pointing outside home directory are followed only # if both the link and the real file are owned by the user. # Enabled by default # follow-symlink-as-user yes # Force use of nonewprivs. This mitigates the possibility of # a user abusing firejail's features to trick a privileged (suid # or file capabilities) process into loading code or configuration # that is partially under their control. Default disabled. # force-nonewprivs no # Allow sandbox joining as a regular user, default enabled. # root user can always join sandboxes. # join yes # Enable or disable sandbox name change, default enabled. # name-change yes # Enable or disable networking features, default enabled. # network yes # Enable or disable overlayfs features, default enabled. # overlayfs yes # Remove /usr/local directories from private-bin list, default disabled. # private-bin-no-local no # Enable or disable private-home feature, default enabled # private-home yes # Enable or disable private-cache feature, default enabled # private-cache yes # Enable or disable private-lib feature, default enabled # private-lib yes # Enable --quiet as default every time the sandbox is started. Default disabled. # quiet-by-default no # Enable or disable restricted network support, default disabled. If enabled, # networking features should also be enabled (network yes). # Restricted networking grants access to --interface, --net=ethXXX and # --netfilter only to root user. Regular users are only allowed --net=none. restricted-network yes # Change default netfilter configuration. When using --netfilter option without # a file argument, the default filter is hardcoded (see man 1 firejail). This # configuration entry allows the user to change the default by specifying # a file containing the filter configuration. The filter file format is the # format of iptables-save and iptable-restore commands. Example: # netfilter-default /etc/iptables.iptables.rules # Enable or disable seccomp support, default enabled. # seccomp yes # Enable or disable user namespace support, default enabled. # userns yes # Enable or disable whitelisting support, default enabled. # whitelist yes # Enable or disable X11 sandboxing support, default enabled. # x11 yes # Screen size for --x11=xephyr, default 800x600. Run /usr/bin/xrandr for # a full list of resolutions available on your specific setup. # xephyr-screen 640x480 # xephyr-screen 800x600 # xephyr-screen 1024x768 # xephyr-screen 1280x1024 # Firejail window title in Xephyr, default enabled. # xephyr-window-title yes # Xephyr command extra parameters. None by default; these are examples. # xephyr-extra-params -keybd ephyr,,,xkbmodel=evdev # xephyr-extra-params -grayscale # Xpra server command extra parameters. None by default; this is an example. # xpra-extra-params --dpi 96 # Enable this option if you have a version of Xpra that supports --attach switch # for start command, default disabled. # xpra-attach no # Screen size for --x11=xvfb, default 800x600x24. The third dimension is # color depth; use 24 unless you know exactly what you're doing. # xvfb-screen 640x480x24 # xvfb-screen 800x600x24 # xvfb-screen 1024x768x24 # xvfb-screen 1280x1024x24 # Xvfb command extra parameters. None by default; this is an example. # xvfb-extra-params -pixdepths 8 24 32 ```
gitea-mirror commented 2026-05-05 08:27:34 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Jul 18, 2019):

I don't remember ever touching it

Maybe by your distro package.

Can you try commenting everything in tb-launcher.profile and uncomment line for line and try afterr every uncomment if it works.

<!-- gh-comment-id:512850641 --> @rusty-snake commented on GitHub (Jul 18, 2019): > I don't remember ever touching it Maybe by your distro package. Can you try commenting everything in tb-launcher.profile and uncomment line for line and try afterr every uncomment if it works.
gitea-mirror commented 2026-05-05 08:27:35 -06:00
Author
Owner
Copy link

@ghost commented on GitHub (Jul 18, 2019):

Ok, I will, and then I'll edit this message with my findings.

<!-- gh-comment-id:512879446 --> @ghost commented on GitHub (Jul 18, 2019): Ok, I will, and then I'll edit this message with my findings.
gitea-mirror commented 2026-05-05 08:27:35 -06:00
Author
Owner
Copy link

@ghost commented on GitHub (Jul 29, 2019):

Well, with a recent system update, the Tor Browser resumed functioning normally. So I'll be closing this issue. Thanks!

<!-- gh-comment-id:516063056 --> @ghost commented on GitHub (Jul 29, 2019): Well, with a recent system update, the Tor Browser resumed functioning normally. So I'll be closing this issue. Thanks!
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#1788
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?