mirror of
https://github.com/netblue30/firejail.git
synced 2026-05-15 14:16:14 -06:00
[GH-ISSUE #3030] Dia not working #1902
Labels
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: github-starred/firejail#1902
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @matu3ba on GitHub (Nov 7, 2019).
Original GitHub issue: https://github.com/netblue30/firejail/issues/3030
Reading profile /usr/local/etc/firejail/dia.profile
Reading profile /usr/local/etc/firejail/disable-common.inc
Reading profile /usr/local/etc/firejail/disable-devel.inc
Reading profile /usr/local/etc/firejail/disable-exec.inc
Reading profile /usr/local/etc/firejail/disable-interpreters.inc
Reading profile /usr/local/etc/firejail/disable-passwdmgr.inc
Reading profile /usr/local/etc/firejail/disable-programs.inc
Reading profile /usr/local/etc/firejail/disable-xdg.inc
Parent pid 13747, child pid 13748
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Child process initialized in 326.87 ms
Could not find platform independent libraries
Could not find platform dependent libraries <exec_prefix>
Consider setting $PYTHONHOME to [:<exec_prefix>]
ImportError: No module named site
Parent is shutting down, bye...
@matu3ba commented on GitHub (Nov 7, 2019):
firejail --audit --debug
Autoselecting /bin/bash as shell
Building quoted command line: 'dia'
Command name #dia#
Found dia.profile profile in /usr/local/etc/firejail directory
Reading profile /usr/local/etc/firejail/dia.profile
Found disable-common.inc profile in /usr/local/etc/firejail directory
Reading profile /usr/local/etc/firejail/disable-common.inc
Found disable-devel.inc profile in /usr/local/etc/firejail directory
Reading profile /usr/local/etc/firejail/disable-devel.inc
Found disable-exec.inc profile in /usr/local/etc/firejail directory
Reading profile /usr/local/etc/firejail/disable-exec.inc
Found disable-interpreters.inc profile in /usr/local/etc/firejail directory
Reading profile /usr/local/etc/firejail/disable-interpreters.inc
Found disable-passwdmgr.inc profile in /usr/local/etc/firejail directory
Reading profile /usr/local/etc/firejail/disable-passwdmgr.inc
Found disable-programs.inc profile in /usr/local/etc/firejail directory
Reading profile /usr/local/etc/firejail/disable-programs.inc
Found disable-xdg.inc profile in /usr/local/etc/firejail directory
Reading profile /usr/local/etc/firejail/disable-xdg.inc
DISPLAY=:0.0 parsed as 0
Parent pid 13631, child pid 13632
Initializing child process
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp directory
Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file
sbox run: /run/firejail/lib/fnet ifup lo (null)
Set caps filter 3000
Network namespace enabled, only loopback interface available
Build protocol filter: unix
sbox run: /run/firejail/lib/fseccomp protocol build unix /run/firejail/mnt/seccomp/seccomp.protocol (null)
Dropping all capabilities
Drop privileges: pid 3, uid 1000, gid 1000, nogroups 1
No supplementary groups
Mounting /proc filesystem representing the PID namespace
Basic read-only filesystem:
Mounting read-only /etc
Mounting noexec /etc
Mounting read-only /var
Mounting noexec /var
Mounting read-only /bin
Mounting read-only /lib
Mounting read-only /usr
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Cleaning /run/user directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/profile
Disable /run/firejail/x11
Mounting tmpfs on /dev
Process /dev/shm directory
Mounting tmpfs on /home/misterspoon/.cache
1557 1532 0:101 / /home/misterspoon/.cache rw,nosuid,nodev,noatime - tmpfs tmpfs rw,mode=700,uid=1000,gid=1000
mountid=1557 fsname=/ dir=/home/misterspoon/.cache fstype=tmpfs
blacklist /run/user/1000/bus
blacklist /home/misterspoon/.dbus
blacklist /run/dbus/system_bus_socket
Mounting read-only /proc/sys
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/config.gz
Disable /proc/sched_debug
Disable /proc/timer_list
Disable /proc/kcore
Disable /proc/kallsyms
Disable /usr/lib/modules (requested /lib/modules)
Disable /boot
Disable /run/user/1000/gnupg
Disable /run/user/1000/systemd
Disable /proc/kmsg
Debug 423: new_name #/tmp/.X11-unix#, whitelist
Mounting tmpfs on /tmp directory
Whitelisting /tmp/.X11-unix
1566 1565 0:43 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev master:29 - tmpfs tmpfs rw
mountid=1566 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Directory ${DOCUMENTS} resolved as Dokumente
Disable /home/misterspoon/.local/share/Trash
Disable /home/misterspoon/.python_history
Disable /home/misterspoon/.tig_history
Disable /home/misterspoon/.bash_history
Disable /home/misterspoon/.python_history
Disable /home/misterspoon/.config/autostart
Disable /home/misterspoon/.xinitrc
Disable /etc/xdg/autostart
Mounting read-only /home/misterspoon/.Xauthority
1576 1532 254:0 /home/misterspoon/.Xauthority /home/misterspoon/.Xauthority ro,noatime master:1 - ext4 /dev/mapper/luks-8e3e746a-db13-4a1a-81c7-6fcd34fc4ff6 rw
mountid=1576 fsname=/home/misterspoon/.Xauthority dir=/home/misterspoon/.Xauthority fstype=ext4
Mounting read-only /home/misterspoon/.config/dconf
1577 1532 254:0 /home/misterspoon/.config/dconf /home/misterspoon/.config/dconf ro,noatime master:1 - ext4 /dev/mapper/luks-8e3e746a-db13-4a1a-81c7-6fcd34fc4ff6 rw
mountid=1577 fsname=/home/misterspoon/.config/dconf dir=/home/misterspoon/.config/dconf fstype=ext4
Disable /var/lib/systemd
Disable /var/cache/pacman
Disable /var/lib/pacman
Disable /var/lib/upower
Disable /var/spool/mail (requested /var/mail)
Disable /var/opt
Disable /var/spool/anacron
Disable /var/spool/cron
Disable /var/spool/mail
Disable /etc/anacrontab
Disable /etc/cron.weekly
Disable /etc/cron.deny
Disable /etc/cron.daily
Disable /etc/cron.monthly
Disable /etc/cron.d
Disable /etc/cron.hourly
Disable /etc/profile.d
Disable /etc/kernel
Disable /etc/grub.d
Disable /etc/apparmor.d
Disable /etc/modules-load.d
Disable /etc/logrotate.conf
Disable /etc/logrotate.d
Mounting read-only /home/misterspoon/.bash_logout
1601 1532 254:0 /home/misterspoon/.bash_logout /home/misterspoon/.bash_logout ro,noatime master:1 - ext4 /dev/mapper/luks-8e3e746a-db13-4a1a-81c7-6fcd34fc4ff6 rw
mountid=1601 fsname=/home/misterspoon/.bash_logout dir=/home/misterspoon/.bash_logout fstype=ext4
Mounting read-only /home/misterspoon/.bash_profile
1602 1532 254:0 /home/misterspoon/.bash_profile /home/misterspoon/.bash_profile ro,noatime master:1 - ext4 /dev/mapper/luks-8e3e746a-db13-4a1a-81c7-6fcd34fc4ff6 rw
mountid=1602 fsname=/home/misterspoon/.bash_profile dir=/home/misterspoon/.bash_profile fstype=ext4
Mounting read-only /home/misterspoon/.bashrc
1603 1532 254:0 /home/misterspoon/.bashrc /home/misterspoon/.bashrc ro,noatime master:1 - ext4 /dev/mapper/luks-8e3e746a-db13-4a1a-81c7-6fcd34fc4ff6 rw
mountid=1603 fsname=/home/misterspoon/.bashrc dir=/home/misterspoon/.bashrc fstype=ext4
Mounting read-only /home/misterspoon/.profile
1604 1532 254:0 /home/misterspoon/.profile /home/misterspoon/.profile ro,noatime master:1 - ext4 /dev/mapper/luks-8e3e746a-db13-4a1a-81c7-6fcd34fc4ff6 rw
mountid=1604 fsname=/home/misterspoon/.profile dir=/home/misterspoon/.profile fstype=ext4
Mounting read-only /home/misterspoon/.cargo/env
1605 1532 254:0 /home/misterspoon/.cargo/env /home/misterspoon/.cargo/env ro,noatime master:1 - ext4 /dev/mapper/luks-8e3e746a-db13-4a1a-81c7-6fcd34fc4ff6 rw
mountid=1605 fsname=/home/misterspoon/.cargo/env dir=/home/misterspoon/.cargo/env fstype=ext4
Mounting read-only /home/misterspoon/.tmux/.tmux.conf
1606 1532 254:0 /home/misterspoon/.tmux/.tmux.conf /home/misterspoon/.tmux/.tmux.conf ro,noatime master:1 - ext4 /dev/mapper/luks-8e3e746a-db13-4a1a-81c7-6fcd34fc4ff6 rw
mountid=1606 fsname=/home/misterspoon/.tmux/.tmux.conf dir=/home/misterspoon/.tmux/.tmux.conf fstype=ext4
Mounting read-only /home/misterspoon/.local/bin
1607 1532 254:0 /home/misterspoon/.local/bin /home/misterspoon/.local/bin ro,noatime master:1 - ext4 /dev/mapper/luks-8e3e746a-db13-4a1a-81c7-6fcd34fc4ff6 rw
mountid=1607 fsname=/home/misterspoon/.local/bin dir=/home/misterspoon/.local/bin fstype=ext4
Mounting read-only /home/misterspoon/.cargo/bin
1608 1532 254:0 /home/misterspoon/.cargo/bin /home/misterspoon/.cargo/bin ro,noatime master:1 - ext4 /dev/mapper/luks-8e3e746a-db13-4a1a-81c7-6fcd34fc4ff6 rw
mountid=1608 fsname=/home/misterspoon/.cargo/bin dir=/home/misterspoon/.cargo/bin fstype=ext4
Mounting read-only /home/misterspoon/.local/share/applications
1609 1532 254:0 /home/misterspoon/.local/share/applications /home/misterspoon/.local/share/applications ro,noatime master:1 - ext4 /dev/mapper/luks-8e3e746a-db13-4a1a-81c7-6fcd34fc4ff6 rw
mountid=1609 fsname=/home/misterspoon/.local/share/applications dir=/home/misterspoon/.local/share/applications fstype=ext4
Disable /home/misterspoon/.gnupg
Disable /home/misterspoon/.local/share/keyrings
Disable /home/misterspoon/.pki
Disable /home/misterspoon/.local/share/pki
Disable /home/misterspoon/.ssh
Disable /etc/group-
Disable /etc/gshadow
Disable /etc/gshadow-
Disable /etc/passwd-
Disable /etc/shadow
Disable /etc/shadow-
Disable /etc/ssh
Warning: /sbin directory link was not blacklisted
Disable /usr/local/sbin
Warning: /usr/sbin directory link was not blacklisted
Disable /usr/bin/chage
Disable /usr/bin/chage (requested /bin/chage)
Disable /usr/bin/chfn
Disable /usr/bin/chfn (requested /bin/chfn)
Disable /usr/bin/chsh
Disable /usr/bin/chsh (requested /bin/chsh)
Disable /usr/bin/crontab
Disable /usr/bin/crontab (requested /bin/crontab)
Disable /usr/bin/expiry
Disable /usr/bin/expiry (requested /bin/expiry)
Disable /usr/bin/fusermount
Disable /usr/bin/fusermount (requested /bin/fusermount)
Disable /usr/bin/gpasswd
Disable /usr/bin/gpasswd (requested /bin/gpasswd)
Disable /usr/bin/ksu
Disable /usr/bin/ksu (requested /bin/ksu)
Disable /usr/bin/mount
Disable /usr/bin/mount (requested /bin/mount)
Disable /usr/bin/mount.ecryptfs_private
Disable /usr/bin/mount.ecryptfs_private (requested /bin/mount.ecryptfs_private)
Disable /usr/bin/nc
Disable /usr/bin/nc (requested /bin/nc)
Disable /usr/bin/newgidmap
Disable /usr/bin/newgidmap (requested /bin/newgidmap)
Disable /usr/bin/newgrp
Disable /usr/bin/newgrp (requested /bin/newgrp)
Disable /usr/bin/newuidmap
Disable /usr/bin/newuidmap (requested /bin/newuidmap)
Disable /usr/bin/ntfs-3g
Disable /usr/bin/ntfs-3g (requested /bin/ntfs-3g)
Disable /usr/bin/pkexec
Disable /usr/bin/pkexec (requested /bin/pkexec)
Disable /usr/bin/sg
Disable /usr/bin/sg (requested /bin/sg)
Disable /usr/bin/su
Disable /usr/bin/su (requested /bin/su)
Disable /usr/bin/sudo
Disable /usr/bin/sudo (requested /bin/sudo)
Disable /usr/bin/umount
Disable /usr/bin/umount (requested /bin/umount)
Disable /usr/bin/unix_chkpwd
Disable /usr/bin/unix_chkpwd (requested /bin/unix_chkpwd)
Disable /usr/bin/xfce4-terminal
Disable /usr/bin/xfce4-terminal (requested /bin/xfce4-terminal)
Disable /home/misterspoon/.local/share/flatpak
Disable /usr/share/flatpak
Disable /var/lib/flatpak
Disable /usr/bin/bwrap
Disable /usr/bin/bwrap (requested /bin/bwrap)
Disable /home/misterspoon/Mail
Disable /usr/bin/clang-extdef-mapping
Disable /usr/bin/clang-tidy
Disable /usr/bin/clang-9
Disable /usr/bin/clang-reorder-fields
Disable /usr/bin/clang-9 (requested /usr/bin/clang-cl)
Disable /usr/bin/clang-format
Disable /usr/bin/clang-offload-bundler
Disable /usr/bin/clang-rename
Disable /usr/bin/clang-scan-deps
Disable /usr/bin/clang-query
Disable /usr/bin/clang-doc
Disable /usr/bin/clang-refactor
Disable /usr/bin/clang-change-namespace
Disable /usr/bin/clang-include-fixer
Disable /usr/bin/clang-check
Disable /usr/bin/clang-9 (requested /usr/bin/clang-cpp)
Disable /usr/bin/clangd
Disable /usr/bin/clang-9 (requested /usr/bin/clang)
Disable /usr/bin/clang-9 (requested /usr/bin/clang++)
Disable /usr/bin/clang-apply-replacements
Disable /usr/bin/clang-import-test
Disable /usr/bin/clang-extdef-mapping (requested /bin/clang-extdef-mapping)
Disable /usr/bin/clang-tidy (requested /bin/clang-tidy)
Disable /usr/bin/clang-9 (requested /bin/clang-9)
Disable /usr/bin/clang-reorder-fields (requested /bin/clang-reorder-fields)
Disable /usr/bin/clang-9 (requested /bin/clang-cl)
Disable /usr/bin/clang-format (requested /bin/clang-format)
Disable /usr/bin/clang-offload-bundler (requested /bin/clang-offload-bundler)
Disable /usr/bin/clang-rename (requested /bin/clang-rename)
Disable /usr/bin/clang-scan-deps (requested /bin/clang-scan-deps)
Disable /usr/bin/clang-query (requested /bin/clang-query)
Disable /usr/bin/clang-doc (requested /bin/clang-doc)
Disable /usr/bin/clang-refactor (requested /bin/clang-refactor)
Disable /usr/bin/clang-change-namespace (requested /bin/clang-change-namespace)
Disable /usr/bin/clang-include-fixer (requested /bin/clang-include-fixer)
Disable /usr/bin/clang-check (requested /bin/clang-check)
Disable /usr/bin/clang-9 (requested /bin/clang-cpp)
Disable /usr/bin/clangd (requested /bin/clangd)
Disable /usr/bin/clang-9 (requested /bin/clang)
Disable /usr/bin/clang-9 (requested /bin/clang++)
Disable /usr/bin/clang-apply-replacements (requested /bin/clang-apply-replacements)
Disable /usr/bin/clang-import-test (requested /bin/clang-import-test)
Disable /usr/bin/llvm-lipo
Disable /usr/bin/llvm-elfabi
Disable /usr/bin/llvm-cxxfilt
Disable /usr/bin/llvm-size
Disable /usr/bin/llvm-dwarfdump
Disable /usr/bin/llvm-mc
Disable /usr/bin/llvm-profdata
Disable /usr/bin/llvm-mt
Disable /usr/bin/llvm-pdbutil
Disable /usr/bin/llvm-split
Disable /usr/bin/llvm-diff
Disable /usr/bin/llvm-xray
Disable /usr/bin/llvm-ar
Disable /usr/bin/llvm-extract
Disable /usr/bin/llvm-bcanalyzer
Disable /usr/bin/llvm-cat
Disable /usr/bin/llvm-PerfectShuffle
Disable /usr/bin/llvm-dwp
Disable /usr/bin/llvm-tblgen
Disable /usr/bin/llvm-cxxmap
Disable /usr/bin/llvm-exegesis
Disable /usr/bin/llvm-as
Disable /usr/bin/llvm-cvtres
Disable /usr/bin/llvm-objdump
Disable /usr/bin/llvm-rc
Disable /usr/bin/llvm-symbolizer
Disable /usr/bin/llvm-objcopy
Disable /usr/bin/llvm-cov
Disable /usr/bin/llvm-config
Disable /usr/bin/llvm-c-test
Disable /usr/bin/llvm-ar (requested /usr/bin/llvm-ranlib)
Disable /usr/bin/llvm-cxxdump
Disable /usr/bin/llvm-opt-report
Disable /usr/bin/llvm-dis
Disable /usr/bin/llvm-cfi-verify
Disable /usr/bin/llvm-readobj
Disable /usr/bin/llvm-link
Disable /usr/bin/llvm-jitlink
Disable /usr/bin/llvm-mca
Disable /usr/bin/llvm-modextract
Disable /usr/bin/llvm-lto2
Disable /usr/bin/llvm-nm
Disable /usr/bin/llvm-stress
Disable /usr/bin/llvm-undname
Disable /usr/bin/llvm-rtdyld
Disable /usr/bin/llvm-readobj (requested /usr/bin/llvm-readelf)
Disable /usr/bin/llvm-lto
Disable /usr/bin/llvm-ar (requested /usr/bin/llvm-lib)
Disable /usr/bin/llvm-objcopy (requested /usr/bin/llvm-strip)
Disable /usr/bin/llvm-strings
Disable /usr/bin/llvm-symbolizer (requested /usr/bin/llvm-addr2line)
Disable /usr/bin/llvm-ar (requested /usr/bin/llvm-dlltool)
Disable /usr/bin/llvm-lipo (requested /bin/llvm-lipo)
Disable /usr/bin/llvm-elfabi (requested /bin/llvm-elfabi)
Disable /usr/bin/llvm-cxxfilt (requested /bin/llvm-cxxfilt)
Disable /usr/bin/llvm-size (requested /bin/llvm-size)
Disable /usr/bin/llvm-dwarfdump (requested /bin/llvm-dwarfdump)
Disable /usr/bin/llvm-mc (requested /bin/llvm-mc)
Disable /usr/bin/llvm-profdata (requested /bin/llvm-profdata)
Disable /usr/bin/llvm-mt (requested /bin/llvm-mt)
Disable /usr/bin/llvm-pdbutil (requested /bin/llvm-pdbutil)
Disable /usr/bin/llvm-split (requested /bin/llvm-split)
Disable /usr/bin/llvm-diff (requested /bin/llvm-diff)
Disable /usr/bin/llvm-xray (requested /bin/llvm-xray)
Disable /usr/bin/llvm-ar (requested /bin/llvm-ar)
Disable /usr/bin/llvm-extract (requested /bin/llvm-extract)
Disable /usr/bin/llvm-bcanalyzer (requested /bin/llvm-bcanalyzer)
Disable /usr/bin/llvm-cat (requested /bin/llvm-cat)
Disable /usr/bin/llvm-PerfectShuffle (requested /bin/llvm-PerfectShuffle)
Disable /usr/bin/llvm-dwp (requested /bin/llvm-dwp)
Disable /usr/bin/llvm-tblgen (requested /bin/llvm-tblgen)
Disable /usr/bin/llvm-cxxmap (requested /bin/llvm-cxxmap)
Disable /usr/bin/llvm-exegesis (requested /bin/llvm-exegesis)
Disable /usr/bin/llvm-as (requested /bin/llvm-as)
Disable /usr/bin/llvm-cvtres (requested /bin/llvm-cvtres)
Disable /usr/bin/llvm-objdump (requested /bin/llvm-objdump)
Disable /usr/bin/llvm-rc (requested /bin/llvm-rc)
Disable /usr/bin/llvm-symbolizer (requested /bin/llvm-symbolizer)
Disable /usr/bin/llvm-objcopy (requested /bin/llvm-objcopy)
Disable /usr/bin/llvm-cov (requested /bin/llvm-cov)
Disable /usr/bin/llvm-config (requested /bin/llvm-config)
Disable /usr/bin/llvm-c-test (requested /bin/llvm-c-test)
Disable /usr/bin/llvm-ar (requested /bin/llvm-ranlib)
Disable /usr/bin/llvm-cxxdump (requested /bin/llvm-cxxdump)
Disable /usr/bin/llvm-opt-report (requested /bin/llvm-opt-report)
Disable /usr/bin/llvm-dis (requested /bin/llvm-dis)
Disable /usr/bin/llvm-cfi-verify (requested /bin/llvm-cfi-verify)
Disable /usr/bin/llvm-readobj (requested /bin/llvm-readobj)
Disable /usr/bin/llvm-link (requested /bin/llvm-link)
Disable /usr/bin/llvm-jitlink (requested /bin/llvm-jitlink)
Disable /usr/bin/llvm-mca (requested /bin/llvm-mca)
Disable /usr/bin/llvm-modextract (requested /bin/llvm-modextract)
Disable /usr/bin/llvm-lto2 (requested /bin/llvm-lto2)
Disable /usr/bin/llvm-nm (requested /bin/llvm-nm)
Disable /usr/bin/llvm-stress (requested /bin/llvm-stress)
Disable /usr/bin/llvm-undname (requested /bin/llvm-undname)
Disable /usr/bin/llvm-rtdyld (requested /bin/llvm-rtdyld)
Disable /usr/bin/llvm-readobj (requested /bin/llvm-readelf)
Disable /usr/bin/llvm-lto (requested /bin/llvm-lto)
Disable /usr/bin/llvm-ar (requested /bin/llvm-lib)
Disable /usr/bin/llvm-objcopy (requested /bin/llvm-strip)
Disable /usr/bin/llvm-strings (requested /bin/llvm-strings)
Disable /usr/bin/llvm-symbolizer (requested /bin/llvm-addr2line)
Disable /usr/bin/llvm-ar (requested /bin/llvm-dlltool)
Disable /usr/bin/as
Disable /usr/bin/as (requested /bin/as)
Disable /usr/bin/gcc (requested /usr/bin/cc)
Disable /usr/bin/gcc (requested /bin/cc)
Disable /usr/bin/c++filt
Disable /usr/bin/c++
Disable /usr/bin/c++filt (requested /bin/c++filt)
Disable /usr/bin/c++ (requested /bin/c++)
Disable /usr/bin/c89
Disable /usr/bin/c89 (requested /bin/c89)
Disable /usr/bin/c99
Disable /usr/bin/c99 (requested /bin/c99)
Disable /usr/bin/cpp
Disable /usr/bin/cpp2html
Disable /usr/bin/cpp (requested /bin/cpp)
Disable /usr/bin/cpp2html (requested /bin/cpp2html)
Disable /usr/bin/g++
Disable /usr/bin/g++ (requested /bin/g++)
Disable /usr/bin/gcc-ar
Disable /usr/bin/gcc-ranlib
Disable /usr/bin/gcc
Disable /usr/bin/gcc-nm
Disable /usr/bin/gcc-ar (requested /bin/gcc-ar)
Disable /usr/bin/gcc-ranlib (requested /bin/gcc-ranlib)
Disable /usr/bin/gcc (requested /bin/gcc)
Disable /usr/bin/gcc-nm (requested /bin/gcc-nm)
Disable /usr/bin/ld
Disable /usr/bin/ld (requested /bin/ld)
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-9.2.0
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-ranlib
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-nm
Disable /usr/bin/x86_64-pc-linux-gnu-gcc
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-ar
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-9.2.0 (requested /bin/x86_64-pc-linux-gnu-gcc-9.2.0)
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-ranlib (requested /bin/x86_64-pc-linux-gnu-gcc-ranlib)
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-nm (requested /bin/x86_64-pc-linux-gnu-gcc-nm)
Disable /usr/bin/x86_64-pc-linux-gnu-gcc (requested /bin/x86_64-pc-linux-gnu-gcc)
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-ar (requested /bin/x86_64-pc-linux-gnu-gcc-ar)
Disable /usr/bin/x86_64-pc-linux-gnu-g++
Disable /usr/bin/x86_64-pc-linux-gnu-g++ (requested /bin/x86_64-pc-linux-gnu-g++)
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-9.2.0
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-ranlib
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-nm
Disable /usr/bin/x86_64-pc-linux-gnu-gcc
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-ar
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-9.2.0 (requested /bin/x86_64-pc-linux-gnu-gcc-9.2.0)
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-ranlib (requested /bin/x86_64-pc-linux-gnu-gcc-ranlib)
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-nm (requested /bin/x86_64-pc-linux-gnu-gcc-nm)
Disable /usr/bin/x86_64-pc-linux-gnu-gcc (requested /bin/x86_64-pc-linux-gnu-gcc)
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-ar (requested /bin/x86_64-pc-linux-gnu-gcc-ar)
Disable /usr/bin/x86_64-pc-linux-gnu-g++
Disable /usr/bin/x86_64-pc-linux-gnu-g++ (requested /bin/x86_64-pc-linux-gnu-g++)
Disable /usr/include
Disable /usr/lib/jvm/java-8-openjdk/jre/bin/java (requested /usr/bin/java)
Disable /usr/lib/jvm/java-8-openjdk/jre/bin/java (requested /bin/java)
Disable /usr/lib/jvm/java-8-openjdk/jre/bin/java (requested /usr/lib/jvm/default/bin/java)
Disable /usr/lib/jvm/java-8-openjdk/bin/javac (requested /usr/bin/javac)
Disable /usr/lib/jvm/java-8-openjdk/bin/javac (requested /bin/javac)
Disable /usr/lib/jvm/java-8-openjdk/bin/javac (requested /usr/lib/jvm/default/bin/javac)
Disable /usr/share/java
Disable /usr/bin/openssl
Disable /usr/bin/openssl (requested /bin/openssl)
Disable /usr/bin/openssl-1.0
Disable /usr/bin/openssl-1.0 (requested /bin/openssl-1.0)
Disable /home/misterspoon/.cargo/bin/rust-gdb
Disable /home/misterspoon/.cargo/bin/rust-lldb
Disable /home/misterspoon/.cargo/bin/rustc
Mounting noexec /home/misterspoon
1915 1886 0:21 /firejail/firejail.ro.dir /home/misterspoon/Mail rw,nosuid,nodev,relatime master:14 - tmpfs run rw,mode=755
mountid=1915 fsname=/firejail/firejail.ro.dir dir=/home/misterspoon/Mail fstype=tmpfs
Mounting noexec /home/misterspoon/.cache
1916 1887 0:101 / /home/misterspoon/.cache rw,nosuid,nodev,noexec,noatime - tmpfs tmpfs rw,mode=700,uid=1000,gid=1000
mountid=1916 fsname=/ dir=/home/misterspoon/.cache fstype=tmpfs
Mounting noexec /home/misterspoon/.Xauthority
1917 1895 254:0 /home/misterspoon/.Xauthority /home/misterspoon/.Xauthority ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/mapper/luks-8e3e746a-db13-4a1a-81c7-6fcd34fc4ff6 rw
mountid=1917 fsname=/home/misterspoon/.Xauthority dir=/home/misterspoon/.Xauthority fstype=ext4
Mounting noexec /home/misterspoon/.config/dconf
1918 1896 254:0 /home/misterspoon/.config/dconf /home/misterspoon/.config/dconf ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/mapper/luks-8e3e746a-db13-4a1a-81c7-6fcd34fc4ff6 rw
mountid=1918 fsname=/home/misterspoon/.config/dconf dir=/home/misterspoon/.config/dconf fstype=ext4
Mounting noexec /home/misterspoon/.bash_logout
1919 1897 254:0 /home/misterspoon/.bash_logout /home/misterspoon/.bash_logout ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/mapper/luks-8e3e746a-db13-4a1a-81c7-6fcd34fc4ff6 rw
mountid=1919 fsname=/home/misterspoon/.bash_logout dir=/home/misterspoon/.bash_logout fstype=ext4
Mounting noexec /home/misterspoon/.bash_profile
1920 1898 254:0 /home/misterspoon/.bash_profile /home/misterspoon/.bash_profile ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/mapper/luks-8e3e746a-db13-4a1a-81c7-6fcd34fc4ff6 rw
mountid=1920 fsname=/home/misterspoon/.bash_profile dir=/home/misterspoon/.bash_profile fstype=ext4
Mounting noexec /home/misterspoon/.bashrc
1921 1899 254:0 /home/misterspoon/.bashrc /home/misterspoon/.bashrc ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/mapper/luks-8e3e746a-db13-4a1a-81c7-6fcd34fc4ff6 rw
mountid=1921 fsname=/home/misterspoon/.bashrc dir=/home/misterspoon/.bashrc fstype=ext4
Mounting noexec /home/misterspoon/.profile
1922 1900 254:0 /home/misterspoon/.profile /home/misterspoon/.profile ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/mapper/luks-8e3e746a-db13-4a1a-81c7-6fcd34fc4ff6 rw
mountid=1922 fsname=/home/misterspoon/.profile dir=/home/misterspoon/.profile fstype=ext4
Mounting noexec /home/misterspoon/.cargo/env
1923 1901 254:0 /home/misterspoon/.cargo/env /home/misterspoon/.cargo/env ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/mapper/luks-8e3e746a-db13-4a1a-81c7-6fcd34fc4ff6 rw
mountid=1923 fsname=/home/misterspoon/.cargo/env dir=/home/misterspoon/.cargo/env fstype=ext4
Mounting noexec /home/misterspoon/.tmux/.tmux.conf
1924 1902 254:0 /home/misterspoon/.tmux/.tmux.conf /home/misterspoon/.tmux/.tmux.conf ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/mapper/luks-8e3e746a-db13-4a1a-81c7-6fcd34fc4ff6 rw
mountid=1924 fsname=/home/misterspoon/.tmux/.tmux.conf dir=/home/misterspoon/.tmux/.tmux.conf fstype=ext4
Mounting noexec /home/misterspoon/.local/bin
1925 1903 254:0 /home/misterspoon/.local/bin /home/misterspoon/.local/bin ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/mapper/luks-8e3e746a-db13-4a1a-81c7-6fcd34fc4ff6 rw
mountid=1925 fsname=/home/misterspoon/.local/bin dir=/home/misterspoon/.local/bin fstype=ext4
Mounting noexec /home/misterspoon/.cargo/bin
1929 1926 0:21 /firejail/firejail.ro.file /home/misterspoon/.cargo/bin/rustc rw,nosuid,nodev,relatime master:14 - tmpfs run rw,mode=755
mountid=1929 fsname=/firejail/firejail.ro.file dir=/home/misterspoon/.cargo/bin/rustc fstype=tmpfs
Mounting noexec /home/misterspoon/.local/share/applications
1930 1908 254:0 /home/misterspoon/.local/share/applications /home/misterspoon/.local/share/applications ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/mapper/luks-8e3e746a-db13-4a1a-81c7-6fcd34fc4ff6 rw
mountid=1930 fsname=/home/misterspoon/.local/share/applications dir=/home/misterspoon/.local/share/applications fstype=ext4
Mounting noexec /run/user/1000
1935 1931 0:21 /firejail/firejail.ro.dir /run/user/1000/systemd rw,nosuid,nodev,relatime master:14 - tmpfs run rw,mode=755
mountid=1935 fsname=/firejail/firejail.ro.dir dir=/run/user/1000/systemd fstype=tmpfs
Mounting noexec /dev/shm
1936 1553 0:99 /shm /dev/shm rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755
mountid=1936 fsname=/shm dir=/dev/shm fstype=tmpfs
Mounting noexec /tmp
1938 1937 0:43 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev master:29 - tmpfs tmpfs rw
mountid=1938 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Mounting noexec /tmp/.X11-unix
1939 1938 0:43 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev,noexec master:29 - tmpfs tmpfs rw
mountid=1939 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Disable /usr/bin/luac
Disable /usr/bin/lua5.2
Disable /usr/bin/lua (requested /usr/bin/lua5.3)
Disable /usr/share/texmf-dist/scripts/luaotfload/luaotfload-tool.lua (requested /usr/bin/luaotfload-tool)
Disable /usr/bin/luajittex
Disable /usr/bin/luatex (requested /usr/bin/lualatex)
Disable /usr/bin/luac (requested /usr/bin/luac5.3)
Disable /usr/bin/lua
Disable /usr/share/texmf-dist/scripts/lua2dox/lua2dox_filter (requested /usr/bin/lua2dox_filter)
Disable /usr/bin/luajit-2.0.5
Disable /usr/share/texmf-dist/scripts/context/stubs/unix/luatools (requested /usr/bin/luatools)
Disable /usr/bin/luac5.2
Disable /usr/bin/luatex
Disable /usr/bin/luajit-2.0.5 (requested /usr/bin/luajit)
Disable /usr/bin/luac (requested /bin/luac)
Disable /usr/bin/lua5.2 (requested /bin/lua5.2)
Disable /usr/bin/lua (requested /bin/lua5.3)
Disable /usr/share/texmf-dist/scripts/luaotfload/luaotfload-tool.lua (requested /bin/luaotfload-tool)
Disable /usr/bin/luajittex (requested /bin/luajittex)
Disable /usr/bin/luatex (requested /bin/lualatex)
Disable /usr/bin/luac (requested /bin/luac5.3)
Disable /usr/bin/lua (requested /bin/lua)
Disable /usr/share/texmf-dist/scripts/lua2dox/lua2dox_filter (requested /bin/lua2dox_filter)
Disable /usr/bin/luajit-2.0.5 (requested /bin/luajit-2.0.5)
Disable /usr/share/texmf-dist/scripts/context/stubs/unix/luatools (requested /bin/luatools)
Disable /usr/bin/luac5.2 (requested /bin/luac5.2)
Disable /usr/bin/luatex (requested /bin/luatex)
Disable /usr/bin/luajit-2.0.5 (requested /bin/luajit)
Disable /usr/lib/lua
Disable /usr/share/lua
Disable /usr/bin/core_perl/cpan
Disable /usr/bin/core_perl
Disable /usr/bin/core_perl (requested /bin/core_perl)
Disable /usr/bin/perl
Disable /usr/bin/perl (requested /bin/perl)
Disable /usr/bin/site_perl
Disable /usr/bin/site_perl (requested /bin/site_perl)
Disable /usr/bin/vendor_perl
Disable /usr/bin/vendor_perl (requested /bin/vendor_perl)
Disable /usr/lib/perl5
Disable /usr/share/perl
Disable /usr/share/perl5
Disable /usr/lib/ruby
Disable /usr/bin/python2.7
Disable /usr/bin/python2.7 (requested /usr/bin/python2)
Disable /usr/bin/python2.7-config (requested /usr/bin/python2-config)
Disable /usr/bin/python2.7-config
Disable /usr/bin/python2.7 (requested /bin/python2.7)
Disable /usr/bin/python2.7 (requested /bin/python2)
Disable /usr/bin/python2.7-config (requested /bin/python2-config)
Disable /usr/bin/python2.7-config (requested /bin/python2.7-config)
Disable /usr/lib/python2.7
Disable /usr/bin/python3.7m
Disable /usr/bin/python3.7m-config (requested /usr/bin/python3-config)
Disable /usr/bin/python3.7 (requested /usr/bin/python3)
Disable /usr/bin/python3.7m-config (requested /usr/bin/python3.7-config)
Disable /usr/bin/python3.7m-config
Disable /usr/bin/python3.7
Disable /usr/bin/python3.7m (requested /bin/python3.7m)
Disable /usr/bin/python3.7m-config (requested /bin/python3-config)
Disable /usr/bin/python3.7 (requested /bin/python3)
Disable /usr/bin/python3.7m-config (requested /bin/python3.7-config)
Disable /usr/bin/python3.7m-config (requested /bin/python3.7m-config)
Disable /usr/bin/python3.7 (requested /bin/python3.7)
Disable /usr/lib/python3.7
Disable /home/misterspoon/.cargo/registry
Disable /home/misterspoon/.config/FreeCAD
Disable /home/misterspoon/.config/GIMP
Disable /home/misterspoon/.config/Mousepad
Disable /home/misterspoon/.config/Thunar
Disable /home/misterspoon/.config/audacious
Disable /home/misterspoon/.config/falkon
Disable /home/misterspoon/.config/galculator
Disable /home/misterspoon/.config/inkscape
Disable /home/misterspoon/.config/kdenliverc
Disable /home/misterspoon/.config/libreoffice
Disable /home/misterspoon/.config/mpv
Disable /home/misterspoon/.config/okularrc
Disable /home/misterspoon/.config/qpdfview
Disable /home/misterspoon/.config/viewnior
Disable /home/misterspoon/.config/vlc
Disable /home/misterspoon/.config/xfce4/xfce4-notes.gtkrc
Disable /home/misterspoon/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml
Disable /home/misterspoon/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml
Not blacklist /home/misterspoon/.dia
Disable /home/misterspoon/.gitconfig
Disable /home/misterspoon/.java
Disable /home/misterspoon/.local/share/kdenlive
Disable /home/misterspoon/.local/share/notes
Disable /home/misterspoon/.local/share/okular
Disable /home/misterspoon/.local/share/qpdfview
Disable /home/misterspoon/.local/share/vlc
Disable /home/misterspoon/.mozilla
Disable /home/misterspoon/.thunderbird
Disable /home/misterspoon/.wget-hsts
Directory ${DOCUMENTS} resolved as Dokumente
Not blacklist /home/misterspoon/Dokumente
Directory ${MUSIC} resolved as Musik
Disable /home/misterspoon/Musik
Directory ${PICTURES} resolved as Bilder
Disable /home/misterspoon/Bilder
Directory ${VIDEOS} resolved as Videos
Disable /home/misterspoon/Videos
Mounting read-only /tmp/.X11-unix
2037 1939 0:43 /.X11-unix /tmp/.X11-unix ro,nosuid,nodev,noexec master:29 - tmpfs tmpfs rw
mountid=2037 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Disable /sys/fs
Disable /sys/module
Disable /mnt
Disable /run/mount
Disable /run/media
disable pulseaudio
blacklist /home/misterspoon/.config/pulse
blacklist /run/user/1000/pulse/native
blacklist /run/user/1000/pulse/native
blacklist /dev/snd
blacklist /dev/dri
blacklist /dev/nvidia0
blacklist /dev/nvidia1
blacklist /dev/nvidia2
blacklist /dev/nvidia3
blacklist /dev/nvidia4
blacklist /dev/nvidia5
blacklist /dev/nvidia6
blacklist /dev/nvidia7
blacklist /dev/nvidia8
blacklist /dev/nvidia9
blacklist /dev/nvidiactl
blacklist /dev/nvidia-modeset
blacklist /dev/nvidia-uvm
blacklist /dev/dvb
blacklist /dev/sr0
blacklist /dev/hidraw0
blacklist /dev/hidraw1
blacklist /dev/hidraw2
blacklist /dev/hidraw3
blacklist /dev/hidraw4
blacklist /dev/hidraw5
blacklist /dev/hidraw6
blacklist /dev/hidraw7
blacklist /dev/hidraw8
blacklist /dev/hidraw9
blacklist /dev/usb
blacklist /dev/video0
blacklist /dev/video1
blacklist /dev/video2
blacklist /dev/video3
blacklist /dev/video4
blacklist /dev/video5
blacklist /dev/video6
blacklist /dev/video7
blacklist /dev/video8
blacklist /dev/video9
Current directory: /home/misterspoon/syncmyl2p/ws19/Control and Perception in Networked and Automated Vehicles (LU) [12.12001]
DISPLAY=:0.0 parsed as 0
Install protocol filter: unix
configuring 10 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol
sbox run: /usr/local/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol (null)
Dropping all capabilities
Drop privileges: pid 4, uid 1000, gid 1000, nogroups 1
No supplementary groups
line OP JT JF K
=================================
0000: 20 00 00 00000004 ld data.architecture
0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002)
0002: 06 00 00 7fff0000 ret ALLOW
0003: 20 00 00 00000000 ld data.syscall-number
0004: 15 01 00 00000029 jeq socket 0006 (false 0005)
0005: 06 00 00 7fff0000 ret ALLOW
0006: 20 00 00 00000010 ld data.args[0]
0007: 15 00 01 00000001 jeq 1 0008 (false 0009)
0008: 06 00 00 7fff0000 ret ALLOW
0009: 06 00 00 0005005f ret ERRNO(95)
configuring 54 seccomp entries in /run/firejail/mnt/seccomp/seccomp.32
sbox run: /usr/local/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.32 (null)
Dropping all capabilities
Drop privileges: pid 5, uid 1000, gid 1000, nogroups 1
No supplementary groups
line OP JT JF K
=================================
0000: 20 00 00 00000004 ld data.architecture
0001: 15 01 00 40000003 jeq ARCH_32 0003 (false 0002)
0002: 06 00 00 7fff0000 ret ALLOW
0003: 20 00 00 00000000 ld data.syscall-number
0004: 15 30 00 00000015 jeq 15 0035 (false 0005)
0005: 15 2f 00 00000034 jeq 34 0035 (false 0006)
0006: 15 2e 00 0000001a jeq 1a 0035 (false 0007)
0007: 15 2d 00 0000011b jeq 11b 0035 (false 0008)
0008: 15 2c 00 00000155 jeq 155 0035 (false 0009)
0009: 15 2b 00 00000156 jeq 156 0035 (false 000a)
000a: 15 2a 00 0000007f jeq 7f 0035 (false 000b)
000b: 15 29 00 00000080 jeq 80 0035 (false 000c)
000c: 15 28 00 0000015e jeq 15e 0035 (false 000d)
000d: 15 27 00 00000081 jeq 81 0035 (false 000e)
000e: 15 26 00 0000006e jeq 6e 0035 (false 000f)
000f: 15 25 00 00000065 jeq 65 0035 (false 0010)
0010: 15 24 00 00000121 jeq 121 0035 (false 0011)
0011: 15 23 00 00000057 jeq 57 0035 (false 0012)
0012: 15 22 00 00000073 jeq 73 0035 (false 0013)
0013: 15 21 00 00000067 jeq 67 0035 (false 0014)
0014: 15 20 00 0000015b jeq 15b 0035 (false 0015)
0015: 15 1f 00 0000015c jeq 15c 0035 (false 0016)
0016: 15 1e 00 00000087 jeq 87 0035 (false 0017)
0017: 15 1d 00 00000095 jeq 95 0035 (false 0018)
0018: 15 1c 00 0000007c jeq 7c 0035 (false 0019)
0019: 15 1b 00 00000157 jeq 157 0035 (false 001a)
001a: 15 1a 00 000000fd jeq fd 0035 (false 001b)
001b: 15 19 00 00000150 jeq 150 0035 (false 001c)
001c: 15 18 00 00000152 jeq 152 0035 (false 001d)
001d: 15 17 00 0000015d jeq 15d 0035 (false 001e)
001e: 15 16 00 0000011e jeq 11e 0035 (false 001f)
001f: 15 15 00 0000011f jeq 11f 0035 (false 0020)
0020: 15 14 00 00000120 jeq 120 0035 (false 0021)
0021: 15 13 00 00000056 jeq 56 0035 (false 0022)
0022: 15 12 00 00000033 jeq 33 0035 (false 0023)
0023: 15 11 00 0000007b jeq 7b 0035 (false 0024)
0024: 15 10 00 000000d9 jeq d9 0035 (false 0025)
0025: 15 0f 00 000000f5 jeq f5 0035 (false 0026)
0026: 15 0e 00 000000f6 jeq f6 0035 (false 0027)
0027: 15 0d 00 000000f7 jeq f7 0035 (false 0028)
0028: 15 0c 00 000000f8 jeq f8 0035 (false 0029)
0029: 15 0b 00 000000f9 jeq f9 0035 (false 002a)
002a: 15 0a 00 00000101 jeq 101 0035 (false 002b)
002b: 15 09 00 00000112 jeq 112 0035 (false 002c)
002c: 15 08 00 00000114 jeq 114 0035 (false 002d)
002d: 15 07 00 00000126 jeq 126 0035 (false 002e)
002e: 15 06 00 0000013d jeq 13d 0035 (false 002f)
002f: 15 05 00 0000013c jeq 13c 0035 (false 0030)
0030: 15 04 00 0000003d jeq 3d 0035 (false 0031)
0031: 15 03 00 00000058 jeq 58 0035 (false 0032)
0032: 15 02 00 000000a9 jeq a9 0035 (false 0033)
0033: 15 01 00 00000082 jeq 82 0035 (false 0034)
0034: 06 00 00 7fff0000 ret ALLOW
0035: 06 00 00 00000000 ret KILL
Dual 32/64 bit seccomp filter configured
configuring 72 seccomp entries in /run/firejail/mnt/seccomp/seccomp
sbox run: /usr/local/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp (null)
Dropping all capabilities
Drop privileges: pid 6, uid 1000, gid 1000, nogroups 1
No supplementary groups
line OP JT JF K
=================================
0000: 20 00 00 00000004 ld data.architecture
0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002)
0002: 06 00 00 7fff0000 ret ALLOW
0003: 20 00 00 00000000 ld data.syscall-number
0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005)
0005: 35 01 00 00000000 jge read 0007 (false 0006)
0006: 06 00 00 00050001 ret ERRNO(1)
0007: 15 3f 00 0000009f jeq adjtimex 0047 (false 0008)
0008: 15 3e 00 00000131 jeq clock_adjtime 0047 (false 0009)
0009: 15 3d 00 000000e3 jeq clock_settime 0047 (false 000a)
000a: 15 3c 00 000000a4 jeq settimeofday 0047 (false 000b)
000b: 15 3b 00 0000009a jeq modify_ldt 0047 (false 000c)
000c: 15 3a 00 000000d4 jeq lookup_dcookie 0047 (false 000d)
000d: 15 39 00 0000012a jeq perf_event_open 0047 (false 000e)
000e: 15 38 00 00000137 jeq process_vm_writev 0047 (false 000f)
000f: 15 37 00 000000b0 jeq delete_module 0047 (false 0010)
0010: 15 36 00 00000139 jeq finit_module 0047 (false 0011)
0011: 15 35 00 000000af jeq init_module 0047 (false 0012)
0012: 15 34 00 0000009c jeq _sysctl 0047 (false 0013)
0013: 15 33 00 000000b7 jeq afs_syscall 0047 (false 0014)
0014: 15 32 00 000000ae jeq create_module 0047 (false 0015)
0015: 15 31 00 000000b1 jeq get_kernel_syms 0047 (false 0016)
0016: 15 30 00 000000b5 jeq getpmsg 0047 (false 0017)
0017: 15 2f 00 000000b6 jeq putpmsg 0047 (false 0018)
0018: 15 2e 00 000000b2 jeq query_module 0047 (false 0019)
0019: 15 2d 00 000000b9 jeq security 0047 (false 001a)
001a: 15 2c 00 0000008b jeq sysfs 0047 (false 001b)
001b: 15 2b 00 000000b8 jeq tuxcall 0047 (false 001c)
001c: 15 2a 00 00000086 jeq uselib 0047 (false 001d)
001d: 15 29 00 00000088 jeq ustat 0047 (false 001e)
001e: 15 28 00 000000ec jeq vserver 0047 (false 001f)
001f: 15 27 00 000000ad jeq ioperm 0047 (false 0020)
0020: 15 26 00 000000ac jeq iopl 0047 (false 0021)
0021: 15 25 00 000000f6 jeq kexec_load 0047 (false 0022)
0022: 15 24 00 00000140 jeq kexec_file_load 0047 (false 0023)
0023: 15 23 00 000000a9 jeq reboot 0047 (false 0024)
0024: 15 22 00 000000a7 jeq swapon 0047 (false 0025)
0025: 15 21 00 000000a8 jeq swapoff 0047 (false 0026)
0026: 15 20 00 00000130 jeq open_by_handle_at 0047 (false 0027)
0027: 15 1f 00 0000012f jeq name_to_handle_at 0047 (false 0028)
0028: 15 1e 00 000000fb jeq ioprio_set 0047 (false 0029)
0029: 15 1d 00 00000067 jeq syslog 0047 (false 002a)
002a: 15 1c 00 0000012c jeq fanotify_init 0047 (false 002b)
002b: 15 1b 00 00000138 jeq kcmp 0047 (false 002c)
002c: 15 1a 00 000000f8 jeq add_key 0047 (false 002d)
002d: 15 19 00 000000f9 jeq request_key 0047 (false 002e)
002e: 15 18 00 000000ed jeq mbind 0047 (false 002f)
002f: 15 17 00 00000100 jeq migrate_pages 0047 (false 0030)
0030: 15 16 00 00000117 jeq move_pages 0047 (false 0031)
0031: 15 15 00 000000fa jeq keyctl 0047 (false 0032)
0032: 15 14 00 000000ce jeq io_setup 0047 (false 0033)
0033: 15 13 00 000000cf jeq io_destroy 0047 (false 0034)
0034: 15 12 00 000000d0 jeq io_getevents 0047 (false 0035)
0035: 15 11 00 000000d1 jeq io_submit 0047 (false 0036)
0036: 15 10 00 000000d2 jeq io_cancel 0047 (false 0037)
0037: 15 0f 00 000000d8 jeq remap_file_pages 0047 (false 0038)
0038: 15 0e 00 00000143 jeq userfaultfd 0047 (false 0039)
0039: 15 0d 00 000000a3 jeq acct 0047 (false 003a)
003a: 15 0c 00 00000141 jeq bpf 0047 (false 003b)
003b: 15 0b 00 000000a1 jeq chroot 0047 (false 003c)
003c: 15 0a 00 000000a5 jeq mount 0047 (false 003d)
003d: 15 09 00 000000b4 jeq nfsservctl 0047 (false 003e)
003e: 15 08 00 0000009b jeq pivot_root 0047 (false 003f)
003f: 15 07 00 000000ab jeq setdomainname 0047 (false 0040)
0040: 15 06 00 000000aa jeq sethostname 0047 (false 0041)
0041: 15 05 00 000000a6 jeq umount2 0047 (false 0042)
0042: 15 04 00 00000099 jeq vhangup 0047 (false 0043)
0043: 15 03 00 00000065 jeq ptrace 0047 (false 0044)
0044: 15 02 00 00000087 jeq personality 0047 (false 0045)
0045: 15 01 00 00000136 jeq process_vm_readv 0047 (false 0046)
0046: 06 00 00 7fff0000 ret ALLOW
0047: 06 00 01 00000000 ret KILL
seccomp filter configured
Mounting read-only /run/firejail/mnt/seccomp
Dropping all capabilities
noroot user namespace installed
Dropping all capabilities
NO_NEW_PRIVS set
Drop privileges: pid 1, uid 1000, gid 1000, nogroups 1
No supplementary groups
starting application
LD_PRELOAD=(null)
Installing /run/firejail/mnt/seccomp/seccomp seccomp filter
Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter
Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter
---------------- Firejail Audit: the GOOD, the BAD and the UGLY ----------------
INFO: starting /usr/local/lib/firejail/faudit.
GOOD: process 7 is running in a PID namespace.
INFO: container/sandbox firejail.
GOOD: seccomp BPF enabled.
checking syscalls: mount... monitoring pid 7
umount2... ptrace... swapon... swapoff... init_module... delete_module... chroot... pivot_root... iopl... ioperm...
GOOD: all capabilities are disabled.
GOOD: I cannot access files in /home/misterspoon/.ssh directory.
GOOD: I cannot access files in /home/misterspoon/.gnupg directory.
GOOD: I cannot access files in /home/misterspoon/.mozilla directory.
GOOD: I cannot access files in /home/misterspoon/.config/chromium directory.
GOOD: I cannot access files in /home/misterspoon/.icedove directory.
GOOD: I cannot access files in /home/misterspoon/.thunderbird directory.
GOOD: SSH server not available on localhost.
GOOD: HTTP server not available on localhost.
GOOD: I cannot connect to netlink socket. Network utilities such as iproute2 will not work in the sandbox.
GOOD: cannot connect to D-Bus socket /run/user/1000/bus
MAYBE: X11 socket /tmp/.X11-unix/X0 is available
INFO: files visible in /dev directory: ptmx, pts, tty, urandom, random, full, null, zero, shm, log,
GOOD: Access to /dev directory is restricted.
Sandbox monitor: waitpid 7 retval 7 status 0
Parent is shutting down, bye...
@rusty-snake commented on GitHub (Nov 8, 2019):
#3032