github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #3052] electron-mail won't work with firejail unless I specify --no-profile #1915

New issue

Closed

opened 2026-05-05 08:35:07 -06:00 by gitea-mirror · 7 comments

gitea-mirror commented

2026-05-05 08:35:07 -06:00

Owner

Originally created by @MystesofEternity on GitHub (Nov 23, 2019).
Original GitHub issue: https://github.com/netblue30/firejail/issues/3052

https://github.com/vladimiry/ElectronMail/releases

Doesn't work: firejail electron-mail including variants of adding --seccomp and --netfilter
Works: firejail --noprofile --netfilter=/etc/firejail/nolocal.net electron-mail Doesn't work when --seccomp is added

I need some help knowing which variables are causing it to not run as running the commands in the terminal doesn't give me any logs to find out the problem.

What I also tried is copying /etc/firejail/electron.profile to become /etc/firejail/electron-mail.profile but no luck. Though, maybe I can start from electron.profile and it'll work by just removing some stuff?

Would really appreciate any help!

Originally created by @MystesofEternity on GitHub (Nov 23, 2019). Original GitHub issue: https://github.com/netblue30/firejail/issues/3052 `https://github.com/vladimiry/ElectronMail/releases` Doesn't work: `firejail electron-mail` including variants of adding --seccomp and --netfilter Works: `firejail --noprofile --netfilter=/etc/firejail/nolocal.net electron-mail` Doesn't work when --seccomp is added I need some help knowing which variables are causing it to not run as running the commands in the terminal doesn't give me any logs to find out the problem. What I also tried is copying /etc/firejail/electron.profile to become /etc/firejail/electron-mail.profile but no luck. Though, maybe I can start from electron.profile and it'll work by just removing some stuff? Would really appreciate any help!

gitea-mirror closed this issue

2026-05-05 08:35:08 -06:00

gitea-mirror commented

2026-05-05 08:35:10 -06:00

Author

Owner

@ghost commented on GitHub (Nov 23, 2019):

I've put together a testing profile for electron-mail. Can you create ${HOME}/.config/firejail/electron-mail.profile with the below content and post your findings here please? If we can get this to work properly I'll add it to git master as a new profile with firecfg support etcetera. But let's see what this does for you first.

# Firejail profile for electron-mail
# Description: Unofficial desktop app for several E2E encrypted email providers
# This file is overwritten after every install/update
# Persistent local customizations
include electron-mail.local
# Persistent global definitions
include globals.local

noblacklist ${HOME}/.config/electron-mail

whitelist ${DOWNLOADS}

include disable-common.inc
include disable-devel.inc
include disable-exec.inc
include disable-interpreters.inc
include disable-passwdmgr.inc
include disable-programs.inc
include disable-xdg.inc

mkdir ${HOME}/.config/electron-mail
whitelist ${HOME}/.config/electron-mail

include whitelist-common.inc
include whitelist-usr-share-common.inc
include whitelist-var-common.inc

apparmor
caps.drop all
netfilter
no3d
# nodbus - breaks tray functionality
nodvd
nogroups
nonewprivs
noroot
notv
nou2f
novideo
protocol unix,inet,inet6,netlink
seccomp !chroot
shell none
# tracelog - breaks on Arch

# disable-mnt
private-bin electron-mail
private-cache
private-dev
private-etc alternatives,fonts
private-opt ElectronMail
private-tmp

# memory-deny-write-execute - breaks on Arch

On my Arch machine it works, although I don't have a protonmail account and didn't bother to create one. Also, to tighten the profile I made it a whitelist one and included private-dev. The latter will output some harmless error messages, don't mind these for now. Here's my output:

$ firejail electron-mail
(node:8) ExperimentalWarning: The fs.promises API is experimental
(node:8) ExperimentalWarning: The fs.promises API is experimental
libGL error: MESA-LOADER: failed to retrieve device information
MESA-LOADER: failed to retrieve device information
MESA-LOADER: failed to retrieve device information

@ghost commented on GitHub (Nov 23, 2019): I've put together a testing profile for electron-mail. Can you create ${HOME}/.config/firejail/electron-mail.profile with the below content and post your findings here please? If we can get this to work properly I'll add it to git master as a new profile with firecfg support etcetera. But let's see what this does for you first. ``` # Firejail profile for electron-mail # Description: Unofficial desktop app for several E2E encrypted email providers # This file is overwritten after every install/update # Persistent local customizations include electron-mail.local # Persistent global definitions include globals.local noblacklist ${HOME}/.config/electron-mail whitelist ${DOWNLOADS} include disable-common.inc include disable-devel.inc include disable-exec.inc include disable-interpreters.inc include disable-passwdmgr.inc include disable-programs.inc include disable-xdg.inc mkdir ${HOME}/.config/electron-mail whitelist ${HOME}/.config/electron-mail include whitelist-common.inc include whitelist-usr-share-common.inc include whitelist-var-common.inc apparmor caps.drop all netfilter no3d # nodbus - breaks tray functionality nodvd nogroups nonewprivs noroot notv nou2f novideo protocol unix,inet,inet6,netlink seccomp !chroot shell none # tracelog - breaks on Arch # disable-mnt private-bin electron-mail private-cache private-dev private-etc alternatives,fonts private-opt ElectronMail private-tmp # memory-deny-write-execute - breaks on Arch ``` On my Arch machine it works, although I don't have a protonmail account and didn't bother to create one. Also, to tighten the profile I made it a whitelist one and included private-dev. The latter will output some harmless error messages, don't mind these for now. Here's my output: ``` $ firejail electron-mail (node:8) ExperimentalWarning: The fs.promises API is experimental (node:8) ExperimentalWarning: The fs.promises API is experimental libGL error: MESA-LOADER: failed to retrieve device information MESA-LOADER: failed to retrieve device information MESA-LOADER: failed to retrieve device information ```

gitea-mirror commented

2026-05-05 08:35:11 -06:00

Author

Owner

@MystesofEternity commented on GitHub (Nov 23, 2019):

Hey there, thanks for giving me something to test with!
So here's what happened:

Reading profile /home/user/.config/firejail/electron-mail.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-common.inc
Error: cannot access profile file: whitelist-usr-share-common.inc

I checked my /etc/firejail directory and indeed, whitelist-usr-share-common.inc doesn't exist
I am using firejail-0.9.68-1 and I am running fedora 30
Could you give me the contents of your whitelist-usr-share-common.inc? I'll create it and see how it goes

A thing to note though:
I commented apparmor because I am using fedora and there is no apparmor there RIP

@MystesofEternity commented on GitHub (Nov 23, 2019): Hey there, thanks for giving me something to test with! So here's what happened: ``` Reading profile /home/user/.config/firejail/electron-mail.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-passwdmgr.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-xdg.inc Reading profile /etc/firejail/whitelist-common.inc Error: cannot access profile file: whitelist-usr-share-common.inc ``` I checked my /etc/firejail directory and indeed, whitelist-usr-share-common.inc doesn't exist I am using firejail-0.9.68-1 and I am running fedora 30 Could you give me the contents of your `whitelist-usr-share-common.inc`? I'll create it and see how it goes A thing to note though: I commented apparmor because I am using fedora and there is no apparmor there RIP

gitea-mirror commented

2026-05-05 08:35:12 -06:00

Author

Owner

@ghost commented on GitHub (Nov 23, 2019):

Could you give me the contents of your whitelist-usr-share-common.inc? I'll create it and see how it goes

That won't work, as whitelist-usr-share-common.inc functionality isn't available in your firejail version. Just comment that line, like you did with the apparmor option.

I need some help knowing which variables are causing it to not run as running the commands in the terminal doesn't give me any logs to find out the problem.

You can add the debug option, like so: firejail --debug electron-mail.

@ghost commented on GitHub (Nov 23, 2019): > Could you give me the contents of your whitelist-usr-share-common.inc? I'll create it and see how it goes That won't work, as whitelist-usr-share-common.inc functionality isn't available in your firejail version. Just comment that line, like you did with the apparmor option. > I need some help knowing which variables are causing it to not run as running the commands in the terminal doesn't give me any logs to find out the problem. You can add the debug option, like so: `firejail --debug electron-mail`.

gitea-mirror commented

2026-05-05 08:35:12 -06:00

Author

Owner

@MystesofEternity commented on GitHub (Nov 23, 2019):

Thanks for the heads' up! I commented it out as you said and I am also making use of the --debug option.

So here is another problem:

firejail --debug --netfilter=/etc/firejail/nolocal.net electron-mail
Autoselecting /bin/bash as shell
Building quoted command line: 'electron-mail' 
Command name #electron-mail#
Found electron-mail.profile profile in /home/user/.config/firejail directory
Reading profile /home/user/.config/firejail/electron-mail.profile
Found disable-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-common.inc
Found disable-devel.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-devel.inc
Found disable-exec.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-exec.inc
Found disable-interpreters.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-interpreters.inc
Found disable-passwdmgr.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-passwdmgr.inc
Found disable-programs.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-programs.inc
Found disable-xdg.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-xdg.inc
Found whitelist-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-common.inc
Found whitelist-var-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-var-common.inc
Error: invalid syscall list

But it worked after I commented out seccomp !chroot
Sadly, adding in --seccomp doesn't seem to work and here's the log:

firejail --seccomp --netfilter=/etc/firejail/nolocal.net --debug electron-mail
Autoselecting /bin/bash as shell
Building quoted command line: 'electron-mail' 
Command name #electron-mail#
Found electron-mail.profile profile in /home/user/.config/firejail directory
Reading profile /home/user/.config/firejail/electron-mail.profile
Found disable-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-common.inc
Found disable-devel.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-devel.inc
Found disable-exec.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-exec.inc
Found disable-interpreters.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-interpreters.inc
Found disable-passwdmgr.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-passwdmgr.inc
Found disable-programs.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-programs.inc
Found disable-xdg.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-xdg.inc
Found whitelist-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-common.inc
Found whitelist-var-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-var-common.inc
DISPLAY=:0 parsed as 0
Using the local network stack
Parent pid 7131, child pid 7132
Initializing child process
Host network configured
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp directory
Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file
Build protocol filter: unix,inet,inet6,netlink
sbox run: /run/firejail/lib/fseccomp protocol build unix,inet,inet6,netlink /run/firejail/mnt/seccomp/seccomp.protocol (null) 
Dropping all capabilities
Drop privileges: pid 2, uid 1000, gid 1000, nogroups 1
No supplementary groups
Basic read-only filesystem:
Mounting read-only /etc
Mounting noexec /etc
Mounting read-only /var
Mounting noexec /var
Mounting read-only /bin
Mounting read-only /sbin
Mounting read-only /lib
Mounting read-only /lib64
Mounting read-only /usr
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Cleaning /run/user directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /home/user/.config/firejail
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/x11
Mounting tmpfs on /dev
mounting /run/firejail/mnt/dev/snd directory
Process /dev/shm directory
Copying files in the new /etc directory:
copying /etc/alternatives to private /etc
Creating empty /run/firejail/mnt/etc/alternatives directory
sbox run: /run/firejail/lib/fcopy /etc/alternatives /run/firejail/mnt/etc/alternatives (null) 
copying /etc/fonts to private /etc
Creating empty /run/firejail/mnt/etc/fonts directory
sbox run: /run/firejail/lib/fcopy /etc/fonts /run/firejail/mnt/etc/fonts (null) 
Mount-bind /run/firejail/mnt/etc on top of /etc
Private /etc installed in 2.76 ms
Copying files in the new /opt directory:
copying /opt/ElectronMail to private /opt
Creating empty /run/firejail/mnt/opt/ElectronMail directory
sbox run: /run/firejail/lib/fcopy /opt/ElectronMail /run/firejail/mnt/opt/ElectronMail (null) 
Mount-bind /run/firejail/mnt/opt on top of /opt
Private /opt installed in 601.59 ms
Copying files in the new bin directory
Checking /usr/local/bin/electron-mail
Checking /usr/bin/electron-mail
file /opt/ElectronMail/electron-mail not found
sbox run: /run/firejail/lib/fcopy /usr/bin/electron-mail /run/firejail/mnt/bin (null) 
Mount-bind /run/firejail/mnt/bin on top of /usr/local/bin
Mount-bind /run/firejail/mnt/bin on top of /usr/bin
Mount-bind /run/firejail/mnt/bin on top of /bin
Mount-bind /run/firejail/mnt/bin on top of /usr/games
Mount-bind /run/firejail/mnt/bin on top of /usr/local/games
Mount-bind /run/firejail/mnt/bin on top of /usr/local/sbin
Mount-bind /run/firejail/mnt/bin on top of /usr/sbin
Mount-bind /run/firejail/mnt/bin on top of /sbin
1 program installed in 1.16 ms
Mounting tmpfs on /home/user/.cache
889 851 0:103 / /home/user/.cache rw,nosuid,nodev,relatime - tmpfs tmpfs rw,mode=755,uid=1000,gid=1000
mountid=889 fsname=/ dir=/home/user/.cache fstype=tmpfs
Remounting /proc and /proc/sys filesystems
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/config.gz
Disable /proc/sched_debug
Disable /proc/timer_list
Disable /proc/kallsyms
Disable /usr/lib/modules (requested /lib/modules)
Disable /usr/lib/debug
Disable /boot
Disable /run/user/1000/gnupg
Disable /run/user/1000/systemd
Disable /proc/kmsg
Directory ${DOWNLOADS} resolved as Downloads
Debug 409: new_name #/home/user/Downloads#, whitelist
Debug 517: fname #/home/user/Downloads#, cfg.homedir #/home/user#
Replaced whitelist path: whitelist /home/user/Downloads
Debug 409: new_name #/home/user/.config/electron-mail#, whitelist
Debug 517: fname #/home/user/.config/electron-mail#, cfg.homedir #/home/user#
Replaced whitelist path: whitelist /home/user/.config/electron-mail
Debug 409: new_name #/home/user/.XCompose#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.XCompose
	expanded: /home/user/.XCompose
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.asoundrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.asoundrc
	expanded: /home/user/.asoundrc
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.config/ibus#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/ibus
	expanded: /home/user/.config/ibus
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.config/mimeapps.list#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/mimeapps.list
	expanded: /home/user/.config/mimeapps.list
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.config/pkcs11#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/pkcs11
	expanded: /home/user/.config/pkcs11
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.config/user-dirs.dirs#, whitelist
Debug 517: fname #/home/user/.config/user-dirs.dirs#, cfg.homedir #/home/user#
Replaced whitelist path: whitelist /home/user/.config/user-dirs.dirs
Debug 409: new_name #/home/user/.drirc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.drirc
	expanded: /home/user/.drirc
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.icons#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.icons
	expanded: /home/user/.icons
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.local/share/applications#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/applications
	expanded: /home/user/.local/share/applications
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.local/share/icons#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/icons
	expanded: /home/user/.local/share/icons
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.local/share/mime#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/mime
	expanded: /home/user/.local/share/mime
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.mime.types#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.mime.types
	expanded: /home/user/.mime.types
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.config/dconf#, whitelist
Debug 517: fname #/home/user/.config/dconf#, cfg.homedir #/home/user#
Replaced whitelist path: whitelist /home/user/.config/dconf
Debug 409: new_name #/home/user/.cache/fontconfig#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.cache/fontconfig
	expanded: /home/user/.cache/fontconfig
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.config/fontconfig#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/fontconfig
	expanded: /home/user/.config/fontconfig
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.fontconfig#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fontconfig
	expanded: /home/user/.fontconfig
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.fonts#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts
	expanded: /home/user/.fonts
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.fonts.conf#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf
	expanded: /home/user/.fonts.conf
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.fonts.conf.d#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf.d
	expanded: /home/user/.fonts.conf.d
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.fonts.d#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.d
	expanded: /home/user/.fonts.d
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.local/share/fonts#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/fonts
	expanded: /home/user/.local/share/fonts
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.pangorc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.pangorc
	expanded: /home/user/.pangorc
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.config/gtk-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtk-2.0
	expanded: /home/user/.config/gtk-2.0
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.config/gtk-3.0#, whitelist
Debug 517: fname #/home/user/.config/gtk-3.0#, cfg.homedir #/home/user#
Replaced whitelist path: whitelist /home/user/.config/gtk-3.0
Debug 409: new_name #/home/user/.config/gtkrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc
	expanded: /home/user/.config/gtkrc
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.config/gtkrc-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc-2.0
	expanded: /home/user/.config/gtkrc-2.0
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.gnome2#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2
	expanded: /home/user/.gnome2
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.gnome2-private#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2-private
	expanded: /home/user/.gnome2-private
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.gtk-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtk-2.0
	expanded: /home/user/.gtk-2.0
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.gtkrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtkrc
	expanded: /home/user/.gtkrc
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.gtkrc-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtkrc-2.0
	expanded: /home/user/.gtkrc-2.0
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.kde/share/config/gtkrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc
	expanded: /home/user/.kde/share/config/gtkrc
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.kde/share/config/gtkrc-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc-2.0
	expanded: /home/user/.kde/share/config/gtkrc-2.0
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.kde4/share/config/gtkrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc
	expanded: /home/user/.kde4/share/config/gtkrc
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.kde4/share/config/gtkrc-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc-2.0
	expanded: /home/user/.kde4/share/config/gtkrc-2.0
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.local/share/themes#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/themes
	expanded: /home/user/.local/share/themes
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.themes#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.themes
	expanded: /home/user/.themes
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.cache/kioexec/krun#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.cache/kioexec/krun
	expanded: /home/user/.cache/kioexec/krun
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.config/Kvantum#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/Kvantum
	expanded: /home/user/.config/Kvantum
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.config/Trolltech.conf#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/Trolltech.conf
	expanded: /home/user/.config/Trolltech.conf
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.config/kdeglobals#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kdeglobals
	expanded: /home/user/.config/kdeglobals
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.config/kio_httprc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kio_httprc
	expanded: /home/user/.config/kio_httprc
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.config/kioslaverc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kioslaverc
	expanded: /home/user/.config/kioslaverc
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.config/ksslcablacklist#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/ksslcablacklist
	expanded: /home/user/.config/ksslcablacklist
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.config/qt5ct#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/qt5ct
	expanded: /home/user/.config/qt5ct
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.kde/share/config/kdeglobals#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kdeglobals
	expanded: /home/user/.kde/share/config/kdeglobals
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.kde/share/config/kio_httprc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kio_httprc
	expanded: /home/user/.kde/share/config/kio_httprc
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.kde/share/config/kioslaverc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kioslaverc
	expanded: /home/user/.kde/share/config/kioslaverc
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.kde/share/config/ksslcablacklist#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/ksslcablacklist
	expanded: /home/user/.kde/share/config/ksslcablacklist
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.kde/share/config/oxygenrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/oxygenrc
	expanded: /home/user/.kde/share/config/oxygenrc
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.kde/share/icons#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/icons
	expanded: /home/user/.kde/share/icons
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.kde4/share/config/kdeglobals#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kdeglobals
	expanded: /home/user/.kde4/share/config/kdeglobals
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.kde4/share/config/kio_httprc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kio_httprc
	expanded: /home/user/.kde4/share/config/kio_httprc
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.kde4/share/config/kioslaverc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kioslaverc
	expanded: /home/user/.kde4/share/config/kioslaverc
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.kde4/share/config/ksslcablacklist#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/ksslcablacklist
	expanded: /home/user/.kde4/share/config/ksslcablacklist
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.kde4/share/config/oxygenrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/oxygenrc
	expanded: /home/user/.kde4/share/config/oxygenrc
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.kde4/share/icons#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/icons
	expanded: /home/user/.kde4/share/icons
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/home/user/.local/share/qt5ct#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/qt5ct
	expanded: /home/user/.local/share/qt5ct
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/var/lib/dbus#, whitelist
Removed whitelist/nowhitelist path: whitelist /var/lib/dbus
	expanded: /var/lib/dbus
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/var/lib/menu-xdg#, whitelist
Removed whitelist/nowhitelist path: whitelist /var/lib/menu-xdg
	expanded: /var/lib/menu-xdg
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/var/cache/fontconfig#, whitelist
Removed whitelist/nowhitelist path: whitelist /var/cache/fontconfig
	expanded: /var/cache/fontconfig
	real path: (null)
	realpath: No such file or directory
Debug 409: new_name #/var/tmp#, whitelist
Debug 409: new_name #/var/run#, whitelist
Replaced whitelist path: whitelist /run
Debug 409: new_name #/var/lock#, whitelist
Replaced whitelist path: whitelist /run/lock
Debug 409: new_name #/tmp/.X11-unix#, whitelist
Mounting a new /home directory
Mounting a new /root directory
Create a new user directory
Mounting tmpfs on /tmp directory
Mounting tmpfs on /var directory
Whitelisting /home/user/Downloads
907 899 202:16 /home/user/Downloads /home/user/Downloads rw,relatime master:61 - ext4 /dev/xvdb rw,discard
mountid=907 fsname=/home/user/Downloads dir=/home/user/Downloads fstype=ext4
Whitelisting /home/user/.config/electron-mail
908 899 202:16 /home/user/.config/electron-mail /home/user/.config/electron-mail rw,relatime master:61 - ext4 /dev/xvdb rw,discard
mountid=908 fsname=/home/user/.config/electron-mail dir=/home/user/.config/electron-mail fstype=ext4
Whitelisting /home/user/.config/user-dirs.dirs
909 899 202:16 /home/user/.config/user-dirs.dirs /home/user/.config/user-dirs.dirs rw,relatime master:61 - ext4 /dev/xvdb rw,discard
mountid=909 fsname=/home/user/.config/user-dirs.dirs dir=/home/user/.config/user-dirs.dirs fstype=ext4
Whitelisting /home/user/.config/dconf
910 899 202:16 /home/user/.config/dconf /home/user/.config/dconf rw,relatime master:61 - ext4 /dev/xvdb rw,discard
mountid=910 fsname=/home/user/.config/dconf dir=/home/user/.config/dconf fstype=ext4
Whitelisting /home/user/.config/gtk-3.0
911 899 202:16 /home/user/.config/gtk-3.0 /home/user/.config/gtk-3.0 rw,relatime master:61 - ext4 /dev/xvdb rw,discard
mountid=911 fsname=/home/user/.config/gtk-3.0 dir=/home/user/.config/gtk-3.0 fstype=ext4
Whitelisting /var/tmp
912 906 0:95 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw
mountid=912 fsname=/ dir=/var/tmp fstype=tmpfs
Created symbolic link /var/run -> /run
Created symbolic link /var/lock -> /run/lock
Whitelisting /tmp/.X11-unix
913 902 0:44 /.X11-unix /tmp/.X11-unix rw master:63 - tmpfs tmpfs rw,size=1048576k,nr_inodes=427345
mountid=913 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Disable /usr/sbin (requested /sbin)
Disable /usr/local/sbin
Disable /usr/sbin
Disable /usr/include
Mounting noexec /home/user/Downloads
Mounting noexec /home/user/.config/electron-mail
Mounting noexec /home/user/.config/user-dirs.dirs
Mounting noexec /home/user/.config/dconf
Mounting noexec /home/user/.config/gtk-3.0
Mounting noexec /run/user/1000
Mounting noexec /dev/shm
Mounting noexec /tmp
Mounting noexec /tmp/.X11-unix
Mounting noexec /var
Disable /usr/share/lua
Disable /usr/share/perl5
Disable /usr/lib/python2.7
Disable /usr/lib/python3.7
Mounting read-only /home/user/.config/user-dirs.dirs
Mounting read-only /tmp/.X11-unix
Disable /sys/fs
Disable /sys/module
/etc/pulse/client.conf not found
blacklist /dev/dri
blacklist /dev/nvidia0
blacklist /dev/nvidia1
blacklist /dev/nvidia2
blacklist /dev/nvidia3
blacklist /dev/nvidia4
blacklist /dev/nvidia5
blacklist /dev/nvidia6
blacklist /dev/nvidia7
blacklist /dev/nvidia8
blacklist /dev/nvidia9
blacklist /dev/nvidiactl
blacklist /dev/nvidia-modeset
blacklist /dev/nvidia-uvm
blacklist /dev/dvb
blacklist /dev/sr0
blacklist /dev/hidraw0
blacklist /dev/hidraw1
blacklist /dev/hidraw2
blacklist /dev/hidraw3
blacklist /dev/hidraw4
blacklist /dev/hidraw5
blacklist /dev/hidraw6
blacklist /dev/hidraw7
blacklist /dev/hidraw8
blacklist /dev/hidraw9
blacklist /dev/usb
blacklist /dev/video0
blacklist /dev/video1
blacklist /dev/video2
blacklist /dev/video3
blacklist /dev/video4
blacklist /dev/video5
blacklist /dev/video6
blacklist /dev/video7
blacklist /dev/video8
blacklist /dev/video9
Current directory: /home/user
DISPLAY=:0 parsed as 0
Install protocol filter: unix,inet,inet6,netlink
configuring 16 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol
sbox run: /usr/lib64/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol (null) 
Dropping all capabilities
Drop privileges: pid 7, uid 1000, gid 1000, nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 15 01 00 00000029   jeq socket 0006 (false 0005)
 0005: 06 00 00 7fff0000   ret ALLOW
 0006: 20 00 00 00000010   ld  data.args[0]
 0007: 15 00 01 00000001   jeq 1 0008 (false 0009)
 0008: 06 00 00 7fff0000   ret ALLOW
 0009: 15 00 01 00000002   jeq 2 000a (false 000b)
 000a: 06 00 00 7fff0000   ret ALLOW
 000b: 15 00 01 0000000a   jeq a 000c (false 000d)
 000c: 06 00 00 7fff0000   ret ALLOW
 000d: 15 00 01 00000010   jeq 10 000e (false 000f)
 000e: 06 00 00 7fff0000   ret ALLOW
 000f: 06 00 00 0005005f   ret ERRNO(95)
configuring 54 seccomp entries in /run/firejail/mnt/seccomp/seccomp.32
sbox run: /usr/lib64/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.32 (null) 
Dropping all capabilities
Drop privileges: pid 8, uid 1000, gid 1000, nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 40000003   jeq ARCH_32 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 15 30 00 00000015   jeq 15 0035 (false 0005)
 0005: 15 2f 00 00000034   jeq 34 0035 (false 0006)
 0006: 15 2e 00 0000001a   jeq 1a 0035 (false 0007)
 0007: 15 2d 00 0000011b   jeq 11b 0035 (false 0008)
 0008: 15 2c 00 00000155   jeq 155 0035 (false 0009)
 0009: 15 2b 00 00000156   jeq 156 0035 (false 000a)
 000a: 15 2a 00 0000007f   jeq 7f 0035 (false 000b)
 000b: 15 29 00 00000080   jeq 80 0035 (false 000c)
 000c: 15 28 00 0000015e   jeq 15e 0035 (false 000d)
 000d: 15 27 00 00000081   jeq 81 0035 (false 000e)
 000e: 15 26 00 0000006e   jeq 6e 0035 (false 000f)
 000f: 15 25 00 00000065   jeq 65 0035 (false 0010)
 0010: 15 24 00 00000121   jeq 121 0035 (false 0011)
 0011: 15 23 00 00000057   jeq 57 0035 (false 0012)
 0012: 15 22 00 00000073   jeq 73 0035 (false 0013)
 0013: 15 21 00 00000067   jeq 67 0035 (false 0014)
 0014: 15 20 00 0000015b   jeq 15b 0035 (false 0015)
 0015: 15 1f 00 0000015c   jeq 15c 0035 (false 0016)
 0016: 15 1e 00 00000087   jeq 87 0035 (false 0017)
 0017: 15 1d 00 00000095   jeq 95 0035 (false 0018)
 0018: 15 1c 00 0000007c   jeq 7c 0035 (false 0019)
 0019: 15 1b 00 00000157   jeq 157 0035 (false 001a)
 001a: 15 1a 00 000000fd   jeq fd 0035 (false 001b)
 001b: 15 19 00 00000150   jeq 150 0035 (false 001c)
 001c: 15 18 00 00000152   jeq 152 0035 (false 001d)
 001d: 15 17 00 0000015d   jeq 15d 0035 (false 001e)
 001e: 15 16 00 0000011e   jeq 11e 0035 (false 001f)
 001f: 15 15 00 0000011f   jeq 11f 0035 (false 0020)
 0020: 15 14 00 00000120   jeq 120 0035 (false 0021)
 0021: 15 13 00 00000056   jeq 56 0035 (false 0022)
 0022: 15 12 00 00000033   jeq 33 0035 (false 0023)
 0023: 15 11 00 0000007b   jeq 7b 0035 (false 0024)
 0024: 15 10 00 000000d9   jeq d9 0035 (false 0025)
 0025: 15 0f 00 000000f5   jeq f5 0035 (false 0026)
 0026: 15 0e 00 000000f6   jeq f6 0035 (false 0027)
 0027: 15 0d 00 000000f7   jeq f7 0035 (false 0028)
 0028: 15 0c 00 000000f8   jeq f8 0035 (false 0029)
 0029: 15 0b 00 000000f9   jeq f9 0035 (false 002a)
 002a: 15 0a 00 00000101   jeq 101 0035 (false 002b)
 002b: 15 09 00 00000112   jeq 112 0035 (false 002c)
 002c: 15 08 00 00000114   jeq 114 0035 (false 002d)
 002d: 15 07 00 00000126   jeq 126 0035 (false 002e)
 002e: 15 06 00 0000013d   jeq 13d 0035 (false 002f)
 002f: 15 05 00 0000013c   jeq 13c 0035 (false 0030)
 0030: 15 04 00 0000003d   jeq 3d 0035 (false 0031)
 0031: 15 03 00 00000058   jeq 58 0035 (false 0032)
 0032: 15 02 00 000000a9   jeq a9 0035 (false 0033)
 0033: 15 01 00 00000082   jeq 82 0035 (false 0034)
 0034: 06 00 00 7fff0000   ret ALLOW
 0035: 06 00 00 00000000   ret KILL
Dual 32/64 bit seccomp filter configured
configuring 73 seccomp entries in /run/firejail/mnt/seccomp/seccomp
sbox run: /usr/lib64/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp (null) 
Dropping all capabilities
Drop privileges: pid 9, uid 1000, gid 1000, nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 35 01 00 40000000   jge X32_ABI 0006 (false 0005)
 0005: 35 01 00 00000000   jge read 0007 (false 0006)
 0006: 06 00 00 00050001   ret ERRNO(1)
 0007: 15 40 00 0000009a   jeq modify_ldt 0048 (false 0008)
 0008: 15 3f 00 000000d4   jeq lookup_dcookie 0048 (false 0009)
 0009: 15 3e 00 0000012a   jeq perf_event_open 0048 (false 000a)
 000a: 15 3d 00 00000137   jeq process_vm_writev 0048 (false 000b)
 000b: 15 3c 00 0000009c   jeq _sysctl 0048 (false 000c)
 000c: 15 3b 00 000000b7   jeq afs_syscall 0048 (false 000d)
 000d: 15 3a 00 000000ae   jeq create_module 0048 (false 000e)
 000e: 15 39 00 000000b1   jeq get_kernel_syms 0048 (false 000f)
 000f: 15 38 00 000000b5   jeq getpmsg 0048 (false 0010)
 0010: 15 37 00 000000b6   jeq putpmsg 0048 (false 0011)
 0011: 15 36 00 000000b2   jeq query_module 0048 (false 0012)
 0012: 15 35 00 000000b9   jeq security 0048 (false 0013)
 0013: 15 34 00 0000008b   jeq sysfs 0048 (false 0014)
 0014: 15 33 00 000000b8   jeq tuxcall 0048 (false 0015)
 0015: 15 32 00 00000086   jeq uselib 0048 (false 0016)
 0016: 15 31 00 00000088   jeq ustat 0048 (false 0017)
 0017: 15 30 00 000000ec   jeq vserver 0048 (false 0018)
 0018: 15 2f 00 0000009f   jeq adjtimex 0048 (false 0019)
 0019: 15 2e 00 00000131   jeq clock_adjtime 0048 (false 001a)
 001a: 15 2d 00 000000e3   jeq clock_settime 0048 (false 001b)
 001b: 15 2c 00 000000a4   jeq settimeofday 0048 (false 001c)
 001c: 15 2b 00 000000b0   jeq delete_module 0048 (false 001d)
 001d: 15 2a 00 00000139   jeq finit_module 0048 (false 001e)
 001e: 15 29 00 000000af   jeq init_module 0048 (false 001f)
 001f: 15 28 00 000000ad   jeq ioperm 0048 (false 0020)
 0020: 15 27 00 000000ac   jeq iopl 0048 (false 0021)
 0021: 15 26 00 000000f6   jeq kexec_load 0048 (false 0022)
 0022: 15 25 00 00000140   jeq kexec_file_load 0048 (false 0023)
 0023: 15 24 00 000000a9   jeq reboot 0048 (false 0024)
 0024: 15 23 00 000000a7   jeq swapon 0048 (false 0025)
 0025: 15 22 00 000000a8   jeq swapoff 0048 (false 0026)
 0026: 15 21 00 000000a3   jeq acct 0048 (false 0027)
 0027: 15 20 00 000000a1   jeq chroot 0048 (false 0028)
 0028: 15 1f 00 000000a5   jeq mount 0048 (false 0029)
 0029: 15 1e 00 000000b4   jeq nfsservctl 0048 (false 002a)
 002a: 15 1d 00 0000009b   jeq pivot_root 0048 (false 002b)
 002b: 15 1c 00 000000ab   jeq setdomainname 0048 (false 002c)
 002c: 15 1b 00 000000aa   jeq sethostname 0048 (false 002d)
 002d: 15 1a 00 000000a6   jeq umount2 0048 (false 002e)
 002e: 15 19 00 00000099   jeq vhangup 0048 (false 002f)
 002f: 15 18 00 000000ee   jeq set_mempolicy 0048 (false 0030)
 0030: 15 17 00 00000100   jeq migrate_pages 0048 (false 0031)
 0031: 15 16 00 00000117   jeq move_pages 0048 (false 0032)
 0032: 15 15 00 000000ed   jeq mbind 0048 (false 0033)
 0033: 15 14 00 00000130   jeq open_by_handle_at 0048 (false 0034)
 0034: 15 13 00 0000012f   jeq name_to_handle_at 0048 (false 0035)
 0035: 15 12 00 000000fb   jeq ioprio_set 0048 (false 0036)
 0036: 15 11 00 00000067   jeq syslog 0048 (false 0037)
 0037: 15 10 00 0000012c   jeq fanotify_init 0048 (false 0038)
 0038: 15 0f 00 00000138   jeq kcmp 0048 (false 0039)
 0039: 15 0e 00 000000f8   jeq add_key 0048 (false 003a)
 003a: 15 0d 00 000000f9   jeq request_key 0048 (false 003b)
 003b: 15 0c 00 000000fa   jeq keyctl 0048 (false 003c)
 003c: 15 0b 00 000000ce   jeq io_setup 0048 (false 003d)
 003d: 15 0a 00 000000cf   jeq io_destroy 0048 (false 003e)
 003e: 15 09 00 000000d0   jeq io_getevents 0048 (false 003f)
 003f: 15 08 00 000000d1   jeq io_submit 0048 (false 0040)
 0040: 15 07 00 000000d2   jeq io_cancel 0048 (false 0041)
 0041: 15 06 00 000000d8   jeq remap_file_pages 0048 (false 0042)
 0042: 15 05 00 00000116   jeq vmsplice 0048 (false 0043)
 0043: 15 04 00 00000143   jeq userfaultfd 0048 (false 0044)
 0044: 15 03 00 00000065   jeq ptrace 0048 (false 0045)
 0045: 15 02 00 00000087   jeq personality 0048 (false 0046)
 0046: 15 01 00 00000136   jeq process_vm_readv 0048 (false 0047)
 0047: 06 00 00 7fff0000   ret ALLOW
 0048: 06 00 00 00000000   ret KILL
seccomp filter configured
Mounting read-only /run/firejail/mnt/seccomp
Dropping all capabilities
NO_NEW_PRIVS set
Drop privileges: pid 1, uid 1000, gid 1000, nogroups 1
No supplementary groups
starting application
LD_PRELOAD=(null)
execvp argument 0: electron-mail
Child process initialized in 657.69 ms
Searching $PATH for electron-mail
trying #/home/user/.local/bin/electron-mail#
trying #/home/user/bin/electron-mail#
trying #/usr/local/sbin/electron-mail#
trying #/usr/local/bin/electron-mail#
Installing /run/firejail/mnt/seccomp/seccomp seccomp filter
Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter
Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter
monitoring pid 10

Sandbox monitor: waitpid 10 retval 10 status 133
Sandbox monitor: monitoring 13
monitoring pid 13

Sandbox monitor: waitpid 13 retval 13 status 31

Parent is shutting down, bye...

@MystesofEternity commented on GitHub (Nov 23, 2019): Thanks for the heads' up! I commented it out as you said and I am also making use of the --debug option. So here is another problem: ``` firejail --debug --netfilter=/etc/firejail/nolocal.net electron-mail Autoselecting /bin/bash as shell Building quoted command line: 'electron-mail' Command name #electron-mail# Found electron-mail.profile profile in /home/user/.config/firejail directory Reading profile /home/user/.config/firejail/electron-mail.profile Found disable-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-common.inc Found disable-devel.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-devel.inc Found disable-exec.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-exec.inc Found disable-interpreters.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-interpreters.inc Found disable-passwdmgr.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-passwdmgr.inc Found disable-programs.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-programs.inc Found disable-xdg.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-xdg.inc Found whitelist-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-common.inc Found whitelist-var-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-var-common.inc Error: invalid syscall list ``` But it worked after I commented out `seccomp !chroot` Sadly, adding in --seccomp doesn't seem to work and here's the log: ``` firejail --seccomp --netfilter=/etc/firejail/nolocal.net --debug electron-mail Autoselecting /bin/bash as shell Building quoted command line: 'electron-mail' Command name #electron-mail# Found electron-mail.profile profile in /home/user/.config/firejail directory Reading profile /home/user/.config/firejail/electron-mail.profile Found disable-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-common.inc Found disable-devel.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-devel.inc Found disable-exec.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-exec.inc Found disable-interpreters.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-interpreters.inc Found disable-passwdmgr.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-passwdmgr.inc Found disable-programs.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-programs.inc Found disable-xdg.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-xdg.inc Found whitelist-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-common.inc Found whitelist-var-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-var-common.inc DISPLAY=:0 parsed as 0 Using the local network stack Parent pid 7131, child pid 7132 Initializing child process Host network configured PID namespace installed Mounting tmpfs on /run/firejail/mnt directory Creating empty /run/firejail/mnt/seccomp directory Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file Build protocol filter: unix,inet,inet6,netlink sbox run: /run/firejail/lib/fseccomp protocol build unix,inet,inet6,netlink /run/firejail/mnt/seccomp/seccomp.protocol (null) Dropping all capabilities Drop privileges: pid 2, uid 1000, gid 1000, nogroups 1 No supplementary groups Basic read-only filesystem: Mounting read-only /etc Mounting noexec /etc Mounting read-only /var Mounting noexec /var Mounting read-only /bin Mounting read-only /sbin Mounting read-only /lib Mounting read-only /lib64 Mounting read-only /usr Mounting tmpfs on /var/lock Mounting tmpfs on /var/tmp Mounting tmpfs on /var/log Create the new utmp file Mount the new utmp file Cleaning /home directory Cleaning /run/user directory Sanitizing /etc/passwd, UID_MIN 1000 Sanitizing /etc/group, GID_MIN 1000 Disable /home/user/.config/firejail Disable /run/firejail/network Disable /run/firejail/bandwidth Disable /run/firejail/name Disable /run/firejail/x11 Mounting tmpfs on /dev mounting /run/firejail/mnt/dev/snd directory Process /dev/shm directory Copying files in the new /etc directory: copying /etc/alternatives to private /etc Creating empty /run/firejail/mnt/etc/alternatives directory sbox run: /run/firejail/lib/fcopy /etc/alternatives /run/firejail/mnt/etc/alternatives (null) copying /etc/fonts to private /etc Creating empty /run/firejail/mnt/etc/fonts directory sbox run: /run/firejail/lib/fcopy /etc/fonts /run/firejail/mnt/etc/fonts (null) Mount-bind /run/firejail/mnt/etc on top of /etc Private /etc installed in 2.76 ms Copying files in the new /opt directory: copying /opt/ElectronMail to private /opt Creating empty /run/firejail/mnt/opt/ElectronMail directory sbox run: /run/firejail/lib/fcopy /opt/ElectronMail /run/firejail/mnt/opt/ElectronMail (null) Mount-bind /run/firejail/mnt/opt on top of /opt Private /opt installed in 601.59 ms Copying files in the new bin directory Checking /usr/local/bin/electron-mail Checking /usr/bin/electron-mail file /opt/ElectronMail/electron-mail not found sbox run: /run/firejail/lib/fcopy /usr/bin/electron-mail /run/firejail/mnt/bin (null) Mount-bind /run/firejail/mnt/bin on top of /usr/local/bin Mount-bind /run/firejail/mnt/bin on top of /usr/bin Mount-bind /run/firejail/mnt/bin on top of /bin Mount-bind /run/firejail/mnt/bin on top of /usr/games Mount-bind /run/firejail/mnt/bin on top of /usr/local/games Mount-bind /run/firejail/mnt/bin on top of /usr/local/sbin Mount-bind /run/firejail/mnt/bin on top of /usr/sbin Mount-bind /run/firejail/mnt/bin on top of /sbin 1 program installed in 1.16 ms Mounting tmpfs on /home/user/.cache 889 851 0:103 / /home/user/.cache rw,nosuid,nodev,relatime - tmpfs tmpfs rw,mode=755,uid=1000,gid=1000 mountid=889 fsname=/ dir=/home/user/.cache fstype=tmpfs Remounting /proc and /proc/sys filesystems Remounting /sys directory Disable /sys/firmware Disable /sys/hypervisor Disable /sys/power Disable /sys/kernel/debug Disable /sys/kernel/vmcoreinfo Disable /proc/sys/fs/binfmt_misc Disable /proc/sys/kernel/core_pattern Disable /proc/sys/kernel/modprobe Disable /proc/sysrq-trigger Disable /proc/sys/vm/panic_on_oom Disable /proc/irq Disable /proc/bus Disable /proc/config.gz Disable /proc/sched_debug Disable /proc/timer_list Disable /proc/kallsyms Disable /usr/lib/modules (requested /lib/modules) Disable /usr/lib/debug Disable /boot Disable /run/user/1000/gnupg Disable /run/user/1000/systemd Disable /proc/kmsg Directory ${DOWNLOADS} resolved as Downloads Debug 409: new_name #/home/user/Downloads#, whitelist Debug 517: fname #/home/user/Downloads#, cfg.homedir #/home/user# Replaced whitelist path: whitelist /home/user/Downloads Debug 409: new_name #/home/user/.config/electron-mail#, whitelist Debug 517: fname #/home/user/.config/electron-mail#, cfg.homedir #/home/user# Replaced whitelist path: whitelist /home/user/.config/electron-mail Debug 409: new_name #/home/user/.XCompose#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.XCompose expanded: /home/user/.XCompose real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.asoundrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.asoundrc expanded: /home/user/.asoundrc real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.config/ibus#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/ibus expanded: /home/user/.config/ibus real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.config/mimeapps.list#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/mimeapps.list expanded: /home/user/.config/mimeapps.list real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.config/pkcs11#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/pkcs11 expanded: /home/user/.config/pkcs11 real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.config/user-dirs.dirs#, whitelist Debug 517: fname #/home/user/.config/user-dirs.dirs#, cfg.homedir #/home/user# Replaced whitelist path: whitelist /home/user/.config/user-dirs.dirs Debug 409: new_name #/home/user/.drirc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.drirc expanded: /home/user/.drirc real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.icons#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.icons expanded: /home/user/.icons real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.local/share/applications#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/applications expanded: /home/user/.local/share/applications real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.local/share/icons#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/icons expanded: /home/user/.local/share/icons real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.local/share/mime#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/mime expanded: /home/user/.local/share/mime real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.mime.types#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.mime.types expanded: /home/user/.mime.types real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.config/dconf#, whitelist Debug 517: fname #/home/user/.config/dconf#, cfg.homedir #/home/user# Replaced whitelist path: whitelist /home/user/.config/dconf Debug 409: new_name #/home/user/.cache/fontconfig#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.cache/fontconfig expanded: /home/user/.cache/fontconfig real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.config/fontconfig#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/fontconfig expanded: /home/user/.config/fontconfig real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.fontconfig#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fontconfig expanded: /home/user/.fontconfig real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.fonts#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts expanded: /home/user/.fonts real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.fonts.conf#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf expanded: /home/user/.fonts.conf real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.fonts.conf.d#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf.d expanded: /home/user/.fonts.conf.d real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.fonts.d#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.d expanded: /home/user/.fonts.d real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.local/share/fonts#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/fonts expanded: /home/user/.local/share/fonts real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.pangorc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.pangorc expanded: /home/user/.pangorc real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.config/gtk-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtk-2.0 expanded: /home/user/.config/gtk-2.0 real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.config/gtk-3.0#, whitelist Debug 517: fname #/home/user/.config/gtk-3.0#, cfg.homedir #/home/user# Replaced whitelist path: whitelist /home/user/.config/gtk-3.0 Debug 409: new_name #/home/user/.config/gtkrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc expanded: /home/user/.config/gtkrc real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.config/gtkrc-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc-2.0 expanded: /home/user/.config/gtkrc-2.0 real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.gnome2#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2 expanded: /home/user/.gnome2 real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.gnome2-private#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2-private expanded: /home/user/.gnome2-private real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.gtk-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtk-2.0 expanded: /home/user/.gtk-2.0 real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.gtkrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtkrc expanded: /home/user/.gtkrc real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.gtkrc-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtkrc-2.0 expanded: /home/user/.gtkrc-2.0 real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.kde/share/config/gtkrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc expanded: /home/user/.kde/share/config/gtkrc real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.kde/share/config/gtkrc-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc-2.0 expanded: /home/user/.kde/share/config/gtkrc-2.0 real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.kde4/share/config/gtkrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc expanded: /home/user/.kde4/share/config/gtkrc real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.kde4/share/config/gtkrc-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc-2.0 expanded: /home/user/.kde4/share/config/gtkrc-2.0 real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.local/share/themes#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/themes expanded: /home/user/.local/share/themes real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.themes#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.themes expanded: /home/user/.themes real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.cache/kioexec/krun#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.cache/kioexec/krun expanded: /home/user/.cache/kioexec/krun real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.config/Kvantum#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/Kvantum expanded: /home/user/.config/Kvantum real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.config/Trolltech.conf#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/Trolltech.conf expanded: /home/user/.config/Trolltech.conf real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.config/kdeglobals#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kdeglobals expanded: /home/user/.config/kdeglobals real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.config/kio_httprc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kio_httprc expanded: /home/user/.config/kio_httprc real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.config/kioslaverc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kioslaverc expanded: /home/user/.config/kioslaverc real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.config/ksslcablacklist#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/ksslcablacklist expanded: /home/user/.config/ksslcablacklist real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.config/qt5ct#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/qt5ct expanded: /home/user/.config/qt5ct real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.kde/share/config/kdeglobals#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kdeglobals expanded: /home/user/.kde/share/config/kdeglobals real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.kde/share/config/kio_httprc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kio_httprc expanded: /home/user/.kde/share/config/kio_httprc real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.kde/share/config/kioslaverc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kioslaverc expanded: /home/user/.kde/share/config/kioslaverc real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.kde/share/config/ksslcablacklist#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/ksslcablacklist expanded: /home/user/.kde/share/config/ksslcablacklist real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.kde/share/config/oxygenrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/oxygenrc expanded: /home/user/.kde/share/config/oxygenrc real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.kde/share/icons#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/icons expanded: /home/user/.kde/share/icons real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.kde4/share/config/kdeglobals#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kdeglobals expanded: /home/user/.kde4/share/config/kdeglobals real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.kde4/share/config/kio_httprc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kio_httprc expanded: /home/user/.kde4/share/config/kio_httprc real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.kde4/share/config/kioslaverc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kioslaverc expanded: /home/user/.kde4/share/config/kioslaverc real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.kde4/share/config/ksslcablacklist#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/ksslcablacklist expanded: /home/user/.kde4/share/config/ksslcablacklist real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.kde4/share/config/oxygenrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/oxygenrc expanded: /home/user/.kde4/share/config/oxygenrc real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.kde4/share/icons#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/icons expanded: /home/user/.kde4/share/icons real path: (null) realpath: No such file or directory Debug 409: new_name #/home/user/.local/share/qt5ct#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/qt5ct expanded: /home/user/.local/share/qt5ct real path: (null) realpath: No such file or directory Debug 409: new_name #/var/lib/dbus#, whitelist Removed whitelist/nowhitelist path: whitelist /var/lib/dbus expanded: /var/lib/dbus real path: (null) realpath: No such file or directory Debug 409: new_name #/var/lib/menu-xdg#, whitelist Removed whitelist/nowhitelist path: whitelist /var/lib/menu-xdg expanded: /var/lib/menu-xdg real path: (null) realpath: No such file or directory Debug 409: new_name #/var/cache/fontconfig#, whitelist Removed whitelist/nowhitelist path: whitelist /var/cache/fontconfig expanded: /var/cache/fontconfig real path: (null) realpath: No such file or directory Debug 409: new_name #/var/tmp#, whitelist Debug 409: new_name #/var/run#, whitelist Replaced whitelist path: whitelist /run Debug 409: new_name #/var/lock#, whitelist Replaced whitelist path: whitelist /run/lock Debug 409: new_name #/tmp/.X11-unix#, whitelist Mounting a new /home directory Mounting a new /root directory Create a new user directory Mounting tmpfs on /tmp directory Mounting tmpfs on /var directory Whitelisting /home/user/Downloads 907 899 202:16 /home/user/Downloads /home/user/Downloads rw,relatime master:61 - ext4 /dev/xvdb rw,discard mountid=907 fsname=/home/user/Downloads dir=/home/user/Downloads fstype=ext4 Whitelisting /home/user/.config/electron-mail 908 899 202:16 /home/user/.config/electron-mail /home/user/.config/electron-mail rw,relatime master:61 - ext4 /dev/xvdb rw,discard mountid=908 fsname=/home/user/.config/electron-mail dir=/home/user/.config/electron-mail fstype=ext4 Whitelisting /home/user/.config/user-dirs.dirs 909 899 202:16 /home/user/.config/user-dirs.dirs /home/user/.config/user-dirs.dirs rw,relatime master:61 - ext4 /dev/xvdb rw,discard mountid=909 fsname=/home/user/.config/user-dirs.dirs dir=/home/user/.config/user-dirs.dirs fstype=ext4 Whitelisting /home/user/.config/dconf 910 899 202:16 /home/user/.config/dconf /home/user/.config/dconf rw,relatime master:61 - ext4 /dev/xvdb rw,discard mountid=910 fsname=/home/user/.config/dconf dir=/home/user/.config/dconf fstype=ext4 Whitelisting /home/user/.config/gtk-3.0 911 899 202:16 /home/user/.config/gtk-3.0 /home/user/.config/gtk-3.0 rw,relatime master:61 - ext4 /dev/xvdb rw,discard mountid=911 fsname=/home/user/.config/gtk-3.0 dir=/home/user/.config/gtk-3.0 fstype=ext4 Whitelisting /var/tmp 912 906 0:95 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw mountid=912 fsname=/ dir=/var/tmp fstype=tmpfs Created symbolic link /var/run -> /run Created symbolic link /var/lock -> /run/lock Whitelisting /tmp/.X11-unix 913 902 0:44 /.X11-unix /tmp/.X11-unix rw master:63 - tmpfs tmpfs rw,size=1048576k,nr_inodes=427345 mountid=913 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Disable /usr/sbin (requested /sbin) Disable /usr/local/sbin Disable /usr/sbin Disable /usr/include Mounting noexec /home/user/Downloads Mounting noexec /home/user/.config/electron-mail Mounting noexec /home/user/.config/user-dirs.dirs Mounting noexec /home/user/.config/dconf Mounting noexec /home/user/.config/gtk-3.0 Mounting noexec /run/user/1000 Mounting noexec /dev/shm Mounting noexec /tmp Mounting noexec /tmp/.X11-unix Mounting noexec /var Disable /usr/share/lua Disable /usr/share/perl5 Disable /usr/lib/python2.7 Disable /usr/lib/python3.7 Mounting read-only /home/user/.config/user-dirs.dirs Mounting read-only /tmp/.X11-unix Disable /sys/fs Disable /sys/module /etc/pulse/client.conf not found blacklist /dev/dri blacklist /dev/nvidia0 blacklist /dev/nvidia1 blacklist /dev/nvidia2 blacklist /dev/nvidia3 blacklist /dev/nvidia4 blacklist /dev/nvidia5 blacklist /dev/nvidia6 blacklist /dev/nvidia7 blacklist /dev/nvidia8 blacklist /dev/nvidia9 blacklist /dev/nvidiactl blacklist /dev/nvidia-modeset blacklist /dev/nvidia-uvm blacklist /dev/dvb blacklist /dev/sr0 blacklist /dev/hidraw0 blacklist /dev/hidraw1 blacklist /dev/hidraw2 blacklist /dev/hidraw3 blacklist /dev/hidraw4 blacklist /dev/hidraw5 blacklist /dev/hidraw6 blacklist /dev/hidraw7 blacklist /dev/hidraw8 blacklist /dev/hidraw9 blacklist /dev/usb blacklist /dev/video0 blacklist /dev/video1 blacklist /dev/video2 blacklist /dev/video3 blacklist /dev/video4 blacklist /dev/video5 blacklist /dev/video6 blacklist /dev/video7 blacklist /dev/video8 blacklist /dev/video9 Current directory: /home/user DISPLAY=:0 parsed as 0 Install protocol filter: unix,inet,inet6,netlink configuring 16 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol sbox run: /usr/lib64/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol (null) Dropping all capabilities Drop privileges: pid 7, uid 1000, gid 1000, nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 15 01 00 00000029 jeq socket 0006 (false 0005) 0005: 06 00 00 7fff0000 ret ALLOW 0006: 20 00 00 00000010 ld data.args[0] 0007: 15 00 01 00000001 jeq 1 0008 (false 0009) 0008: 06 00 00 7fff0000 ret ALLOW 0009: 15 00 01 00000002 jeq 2 000a (false 000b) 000a: 06 00 00 7fff0000 ret ALLOW 000b: 15 00 01 0000000a jeq a 000c (false 000d) 000c: 06 00 00 7fff0000 ret ALLOW 000d: 15 00 01 00000010 jeq 10 000e (false 000f) 000e: 06 00 00 7fff0000 ret ALLOW 000f: 06 00 00 0005005f ret ERRNO(95) configuring 54 seccomp entries in /run/firejail/mnt/seccomp/seccomp.32 sbox run: /usr/lib64/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.32 (null) Dropping all capabilities Drop privileges: pid 8, uid 1000, gid 1000, nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 40000003 jeq ARCH_32 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 15 30 00 00000015 jeq 15 0035 (false 0005) 0005: 15 2f 00 00000034 jeq 34 0035 (false 0006) 0006: 15 2e 00 0000001a jeq 1a 0035 (false 0007) 0007: 15 2d 00 0000011b jeq 11b 0035 (false 0008) 0008: 15 2c 00 00000155 jeq 155 0035 (false 0009) 0009: 15 2b 00 00000156 jeq 156 0035 (false 000a) 000a: 15 2a 00 0000007f jeq 7f 0035 (false 000b) 000b: 15 29 00 00000080 jeq 80 0035 (false 000c) 000c: 15 28 00 0000015e jeq 15e 0035 (false 000d) 000d: 15 27 00 00000081 jeq 81 0035 (false 000e) 000e: 15 26 00 0000006e jeq 6e 0035 (false 000f) 000f: 15 25 00 00000065 jeq 65 0035 (false 0010) 0010: 15 24 00 00000121 jeq 121 0035 (false 0011) 0011: 15 23 00 00000057 jeq 57 0035 (false 0012) 0012: 15 22 00 00000073 jeq 73 0035 (false 0013) 0013: 15 21 00 00000067 jeq 67 0035 (false 0014) 0014: 15 20 00 0000015b jeq 15b 0035 (false 0015) 0015: 15 1f 00 0000015c jeq 15c 0035 (false 0016) 0016: 15 1e 00 00000087 jeq 87 0035 (false 0017) 0017: 15 1d 00 00000095 jeq 95 0035 (false 0018) 0018: 15 1c 00 0000007c jeq 7c 0035 (false 0019) 0019: 15 1b 00 00000157 jeq 157 0035 (false 001a) 001a: 15 1a 00 000000fd jeq fd 0035 (false 001b) 001b: 15 19 00 00000150 jeq 150 0035 (false 001c) 001c: 15 18 00 00000152 jeq 152 0035 (false 001d) 001d: 15 17 00 0000015d jeq 15d 0035 (false 001e) 001e: 15 16 00 0000011e jeq 11e 0035 (false 001f) 001f: 15 15 00 0000011f jeq 11f 0035 (false 0020) 0020: 15 14 00 00000120 jeq 120 0035 (false 0021) 0021: 15 13 00 00000056 jeq 56 0035 (false 0022) 0022: 15 12 00 00000033 jeq 33 0035 (false 0023) 0023: 15 11 00 0000007b jeq 7b 0035 (false 0024) 0024: 15 10 00 000000d9 jeq d9 0035 (false 0025) 0025: 15 0f 00 000000f5 jeq f5 0035 (false 0026) 0026: 15 0e 00 000000f6 jeq f6 0035 (false 0027) 0027: 15 0d 00 000000f7 jeq f7 0035 (false 0028) 0028: 15 0c 00 000000f8 jeq f8 0035 (false 0029) 0029: 15 0b 00 000000f9 jeq f9 0035 (false 002a) 002a: 15 0a 00 00000101 jeq 101 0035 (false 002b) 002b: 15 09 00 00000112 jeq 112 0035 (false 002c) 002c: 15 08 00 00000114 jeq 114 0035 (false 002d) 002d: 15 07 00 00000126 jeq 126 0035 (false 002e) 002e: 15 06 00 0000013d jeq 13d 0035 (false 002f) 002f: 15 05 00 0000013c jeq 13c 0035 (false 0030) 0030: 15 04 00 0000003d jeq 3d 0035 (false 0031) 0031: 15 03 00 00000058 jeq 58 0035 (false 0032) 0032: 15 02 00 000000a9 jeq a9 0035 (false 0033) 0033: 15 01 00 00000082 jeq 82 0035 (false 0034) 0034: 06 00 00 7fff0000 ret ALLOW 0035: 06 00 00 00000000 ret KILL Dual 32/64 bit seccomp filter configured configuring 73 seccomp entries in /run/firejail/mnt/seccomp/seccomp sbox run: /usr/lib64/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp (null) Dropping all capabilities Drop privileges: pid 9, uid 1000, gid 1000, nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005) 0005: 35 01 00 00000000 jge read 0007 (false 0006) 0006: 06 00 00 00050001 ret ERRNO(1) 0007: 15 40 00 0000009a jeq modify_ldt 0048 (false 0008) 0008: 15 3f 00 000000d4 jeq lookup_dcookie 0048 (false 0009) 0009: 15 3e 00 0000012a jeq perf_event_open 0048 (false 000a) 000a: 15 3d 00 00000137 jeq process_vm_writev 0048 (false 000b) 000b: 15 3c 00 0000009c jeq _sysctl 0048 (false 000c) 000c: 15 3b 00 000000b7 jeq afs_syscall 0048 (false 000d) 000d: 15 3a 00 000000ae jeq create_module 0048 (false 000e) 000e: 15 39 00 000000b1 jeq get_kernel_syms 0048 (false 000f) 000f: 15 38 00 000000b5 jeq getpmsg 0048 (false 0010) 0010: 15 37 00 000000b6 jeq putpmsg 0048 (false 0011) 0011: 15 36 00 000000b2 jeq query_module 0048 (false 0012) 0012: 15 35 00 000000b9 jeq security 0048 (false 0013) 0013: 15 34 00 0000008b jeq sysfs 0048 (false 0014) 0014: 15 33 00 000000b8 jeq tuxcall 0048 (false 0015) 0015: 15 32 00 00000086 jeq uselib 0048 (false 0016) 0016: 15 31 00 00000088 jeq ustat 0048 (false 0017) 0017: 15 30 00 000000ec jeq vserver 0048 (false 0018) 0018: 15 2f 00 0000009f jeq adjtimex 0048 (false 0019) 0019: 15 2e 00 00000131 jeq clock_adjtime 0048 (false 001a) 001a: 15 2d 00 000000e3 jeq clock_settime 0048 (false 001b) 001b: 15 2c 00 000000a4 jeq settimeofday 0048 (false 001c) 001c: 15 2b 00 000000b0 jeq delete_module 0048 (false 001d) 001d: 15 2a 00 00000139 jeq finit_module 0048 (false 001e) 001e: 15 29 00 000000af jeq init_module 0048 (false 001f) 001f: 15 28 00 000000ad jeq ioperm 0048 (false 0020) 0020: 15 27 00 000000ac jeq iopl 0048 (false 0021) 0021: 15 26 00 000000f6 jeq kexec_load 0048 (false 0022) 0022: 15 25 00 00000140 jeq kexec_file_load 0048 (false 0023) 0023: 15 24 00 000000a9 jeq reboot 0048 (false 0024) 0024: 15 23 00 000000a7 jeq swapon 0048 (false 0025) 0025: 15 22 00 000000a8 jeq swapoff 0048 (false 0026) 0026: 15 21 00 000000a3 jeq acct 0048 (false 0027) 0027: 15 20 00 000000a1 jeq chroot 0048 (false 0028) 0028: 15 1f 00 000000a5 jeq mount 0048 (false 0029) 0029: 15 1e 00 000000b4 jeq nfsservctl 0048 (false 002a) 002a: 15 1d 00 0000009b jeq pivot_root 0048 (false 002b) 002b: 15 1c 00 000000ab jeq setdomainname 0048 (false 002c) 002c: 15 1b 00 000000aa jeq sethostname 0048 (false 002d) 002d: 15 1a 00 000000a6 jeq umount2 0048 (false 002e) 002e: 15 19 00 00000099 jeq vhangup 0048 (false 002f) 002f: 15 18 00 000000ee jeq set_mempolicy 0048 (false 0030) 0030: 15 17 00 00000100 jeq migrate_pages 0048 (false 0031) 0031: 15 16 00 00000117 jeq move_pages 0048 (false 0032) 0032: 15 15 00 000000ed jeq mbind 0048 (false 0033) 0033: 15 14 00 00000130 jeq open_by_handle_at 0048 (false 0034) 0034: 15 13 00 0000012f jeq name_to_handle_at 0048 (false 0035) 0035: 15 12 00 000000fb jeq ioprio_set 0048 (false 0036) 0036: 15 11 00 00000067 jeq syslog 0048 (false 0037) 0037: 15 10 00 0000012c jeq fanotify_init 0048 (false 0038) 0038: 15 0f 00 00000138 jeq kcmp 0048 (false 0039) 0039: 15 0e 00 000000f8 jeq add_key 0048 (false 003a) 003a: 15 0d 00 000000f9 jeq request_key 0048 (false 003b) 003b: 15 0c 00 000000fa jeq keyctl 0048 (false 003c) 003c: 15 0b 00 000000ce jeq io_setup 0048 (false 003d) 003d: 15 0a 00 000000cf jeq io_destroy 0048 (false 003e) 003e: 15 09 00 000000d0 jeq io_getevents 0048 (false 003f) 003f: 15 08 00 000000d1 jeq io_submit 0048 (false 0040) 0040: 15 07 00 000000d2 jeq io_cancel 0048 (false 0041) 0041: 15 06 00 000000d8 jeq remap_file_pages 0048 (false 0042) 0042: 15 05 00 00000116 jeq vmsplice 0048 (false 0043) 0043: 15 04 00 00000143 jeq userfaultfd 0048 (false 0044) 0044: 15 03 00 00000065 jeq ptrace 0048 (false 0045) 0045: 15 02 00 00000087 jeq personality 0048 (false 0046) 0046: 15 01 00 00000136 jeq process_vm_readv 0048 (false 0047) 0047: 06 00 00 7fff0000 ret ALLOW 0048: 06 00 00 00000000 ret KILL seccomp filter configured Mounting read-only /run/firejail/mnt/seccomp Dropping all capabilities NO_NEW_PRIVS set Drop privileges: pid 1, uid 1000, gid 1000, nogroups 1 No supplementary groups starting application LD_PRELOAD=(null) execvp argument 0: electron-mail Child process initialized in 657.69 ms Searching $PATH for electron-mail trying #/home/user/.local/bin/electron-mail# trying #/home/user/bin/electron-mail# trying #/usr/local/sbin/electron-mail# trying #/usr/local/bin/electron-mail# Installing /run/firejail/mnt/seccomp/seccomp seccomp filter Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter monitoring pid 10 Sandbox monitor: waitpid 10 retval 10 status 133 Sandbox monitor: monitoring 13 monitoring pid 13 Sandbox monitor: waitpid 13 retval 13 status 31 Parent is shutting down, bye... ```

gitea-mirror commented

2026-05-05 08:35:13 -06:00

Author

Owner

@rusty-snake commented on GitHub (Nov 23, 2019):

Can you try adding seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice instead of seccomp !chroot.

@rusty-snake commented on GitHub (Nov 23, 2019): Can you try adding `seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice` instead of `seccomp !chroot`.

gitea-mirror commented

2026-05-05 08:35:14 -06:00

Author

Owner

@MystesofEternity commented on GitHub (Nov 23, 2019):

Wow! It just worked!
That was amazing! :D
If you need any more tweaking/testing for me to do, please tell me

@MystesofEternity commented on GitHub (Nov 23, 2019): Wow! It just worked! That was amazing! :D If you need any more tweaking/testing for me to do, please tell me

gitea-mirror commented

2026-05-05 08:35:15 -06:00

Author

Owner

@ghost commented on GitHub (Nov 23, 2019):

@MystesofEternity Creating the electron-mail.profile automatically closed this issue. Feel free to re-open whenever you notice something missing or otherwise not working. Also, when your OS updates firejail, make sure to remove your ~/.config/firejail/electron-mail.profile file, as it will clash with the one in /etc/firejail. Thanks for reporting this here!

@ghost commented on GitHub (Nov 23, 2019): @MystesofEternity Creating the electron-mail.profile automatically closed this issue. Feel free to re-open whenever you notice something missing or otherwise not working. Also, when your OS updates firejail, make sure to remove your ~/.config/firejail/electron-mail.profile file, as it will clash with the one in /etc/firejail. Thanks for reporting this here!

gitea-mirror referenced this issue

2026-05-05 10:14:13 -06:00

[PR #1915] [MERGED] Add nvm to list of disabled interpreters #4126

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#1915

No description provided.

Rows
Columns