[GH-ISSUE #3419] Does "seccomp.drop=all" works #2146

New issue

Closed

opened 2026-05-05 08:49:19 -06:00 by gitea-mirror · 4 comments

gitea-mirror commented 2026-05-05 08:49:19 -06:00

Owner

Copy link

Originally created by @cabonamigo on GitHub (May 15, 2020).
Original GitHub issue: https://github.com/netblue30/firejail/issues/3419

The current profile for firefox 76.0.1 on a upgraded to 20,04 ubuntu, does not work, so I am using this "seccomp.drop=all" as an option to firejail on cli.

Is it ok to use it like that till I can debug further the firejail/firefox profile?

When I start a shell script with some options the profile does not work (it used to) but removing all the options , also doesn't work, so I used a one liner with firejail and firefox like this:

firejail --apparmor --noprofile --nodbus --nonewprivs --noroot --no3d --caps.drop=all --seccomp.drop=all --ipc-namespace --x11-xorg /usr/lib/firefox/firefox

Still debugging it...

Originally created by @cabonamigo on GitHub (May 15, 2020). Original GitHub issue: https://github.com/netblue30/firejail/issues/3419 The current profile for firefox 76.0.1 on a upgraded to 20,04 ubuntu, does not work, so I am using this "seccomp.drop=all" as an option to firejail on cli. Is it ok to use it like that till I can debug further the firejail/firefox profile? When I start a shell script with some options the profile does not work (it used to) but removing all the options , also doesn't work, so I used a one liner with firejail and firefox like this: firejail --apparmor --noprofile --nodbus --nonewprivs --noroot --no3d --caps.drop=all --seccomp.drop=all --ipc-namespace --x11-xorg /usr/lib/firefox/firefox Still debugging it...

gitea-mirror closed this issue 2026-05-05 08:49:19 -06:00

gitea-mirror commented 2026-05-05 08:49:21 -06:00

Author

Owner

Copy link

@cabonamigo commented on GitHub (May 15, 2020):

It doesn't work as I expected.

--seccomp.drop=all :
firejail --seccomp.print=firefox
Switching to pid 1007834, the first child process inside the sandbox
FILE: /proc/1007834/root/run/firejail/mnt/seccomp/seccomp
line OP JT JF K

0000: 20 00 00 00000004 ld data.architecture
0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002)
0002: 06 00 00 7fff0000 ret ALLOW
0003: 20 00 00 00000000 ld data.syscall-number
0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005)
0005: 35 01 00 00000000 jge read 0007 (false 0006)
0006: 06 00 00 00050001 ret ERRNO(1)
0007: 06 00 00 7fff0000 ret ALLOW

--seccomp :
firejail --seccomp.print=firefox
Switching to pid 1008345, the first child process inside the sandbox
FILE: /proc/1008345/root/run/firejail/mnt/seccomp/seccomp.32
line OP JT JF K

0000: 20 00 00 00000004 ld data.architecture
0001: 15 01 00 40000003 jeq ARCH_32 0003 (false 0002)
0002: 06 00 00 7fff0000 ret ALLOW
0003: 20 00 00 00000000 ld data.syscall-number
0004: 15 30 00 00000015 jeq 15 0035 (false 0005)
0005: 15 2f 00 00000034 jeq 34 0035 (false 0006)
0006: 15 2e 00 0000001a jeq 1a 0035 (false 0007)
0007: 15 2d 00 0000011b jeq 11b 0035 (false 0008)
0008: 15 2c 00 00000155 jeq 155 0035 (false 0009)
0009: 15 2b 00 00000156 jeq 156 0035 (false 000a)
000a: 15 2a 00 0000007f jeq 7f 0035 (false 000b)
000b: 15 29 00 00000080 jeq 80 0035 (false 000c)
000c: 15 28 00 0000015e jeq 15e 0035 (false 000d)
000d: 15 27 00 00000081 jeq 81 0035 (false 000e)
000e: 15 26 00 0000006e jeq 6e 0035 (false 000f)
000f: 15 25 00 00000065 jeq 65 0035 (false 0010)
0010: 15 24 00 00000121 jeq 121 0035 (false 0011)
0011: 15 23 00 00000057 jeq 57 0035 (false 0012)
0012: 15 22 00 00000073 jeq 73 0035 (false 0013)
0013: 15 21 00 00000067 jeq 67 0035 (false 0014)
0014: 15 20 00 0000015b jeq 15b 0035 (false 0015)
0015: 15 1f 00 0000015c jeq 15c 0035 (false 0016)
0016: 15 1e 00 00000087 jeq 87 0035 (false 0017)
0017: 15 1d 00 00000095 jeq 95 0035 (false 0018)
0018: 15 1c 00 0000007c jeq 7c 0035 (false 0019)
0019: 15 1b 00 00000157 jeq 157 0035 (false 001a)
001a: 15 1a 00 000000fd jeq fd 0035 (false 001b)
001b: 15 19 00 00000150 jeq 150 0035 (false 001c)
001c: 15 18 00 00000152 jeq 152 0035 (false 001d)
001d: 15 17 00 0000015d jeq 15d 0035 (false 001e)
001e: 15 16 00 0000011e jeq 11e 0035 (false 001f)
001f: 15 15 00 0000011f jeq 11f 0035 (false 0020)
0020: 15 14 00 00000120 jeq 120 0035 (false 0021)
0021: 15 13 00 00000056 jeq 56 0035 (false 0022)
0022: 15 12 00 00000033 jeq 33 0035 (false 0023)
0023: 15 11 00 0000007b jeq 7b 0035 (false 0024)
0024: 15 10 00 000000d9 jeq d9 0035 (false 0025)
0025: 15 0f 00 000000f5 jeq f5 0035 (false 0026)
0026: 15 0e 00 000000f6 jeq f6 0035 (false 0027)
0027: 15 0d 00 000000f7 jeq f7 0035 (false 0028)
0028: 15 0c 00 000000f8 jeq f8 0035 (false 0029)
0029: 15 0b 00 000000f9 jeq f9 0035 (false 002a)
002a: 15 0a 00 00000101 jeq 101 0035 (false 002b)
002b: 15 09 00 00000112 jeq 112 0035 (false 002c)
002c: 15 08 00 00000114 jeq 114 0035 (false 002d)
002d: 15 07 00 00000126 jeq 126 0035 (false 002e)
002e: 15 06 00 0000013d jeq 13d 0035 (false 002f)
002f: 15 05 00 0000013c jeq 13c 0035 (false 0030)
0030: 15 04 00 0000003d jeq 3d 0035 (false 0031)
0031: 15 03 00 00000058 jeq 58 0035 (false 0032)
0032: 15 02 00 000000a9 jeq a9 0035 (false 0033)
0033: 15 01 00 00000082 jeq 82 0035 (false 0034)
0034: 06 00 00 7fff0000 ret ALLOW
0035: 06 00 00 00000000 ret KILL

FILE: /proc/1008345/root/run/firejail/mnt/seccomp/seccomp
line OP JT JF K

0000: 20 00 00 00000004 ld data.architecture
0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002)
0002: 06 00 00 7fff0000 ret ALLOW
0003: 20 00 00 00000000 ld data.syscall-number
0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005)
0005: 35 01 00 00000000 jge read 0007 (false 0006)
0006: 06 00 00 00050001 ret ERRNO(1)
0007: 15 3f 00 0000009f jeq adjtimex 0047 (false 0008)
0008: 15 3e 00 00000131 jeq clock_adjtime 0047 (false 0009)
0009: 15 3d 00 000000e3 jeq clock_settime 0047 (false 000a)
000a: 15 3c 00 000000a4 jeq settimeofday 0047 (false 000b)
000b: 15 3b 00 0000009a jeq modify_ldt 0047 (false 000c)
000c: 15 3a 00 000000d4 jeq lookup_dcookie 0047 (false 000d)
000d: 15 39 00 0000012a jeq perf_event_open 0047 (false 000e)
000e: 15 38 00 00000137 jeq process_vm_writev 0047 (false 000f)
000f: 15 37 00 000000b0 jeq delete_module 0047 (false 0010)
0010: 15 36 00 00000139 jeq finit_module 0047 (false 0011)
0011: 15 35 00 000000af jeq init_module 0047 (false 0012)
0012: 15 34 00 0000009c jeq _sysctl 0047 (false 0013)
0013: 15 33 00 000000b7 jeq afs_syscall 0047 (false 0014)
0014: 15 32 00 000000ae jeq create_module 0047 (false 0015)
0015: 15 31 00 000000b1 jeq get_kernel_syms 0047 (false 0016)
0016: 15 30 00 000000b5 jeq getpmsg 0047 (false 0017)
0017: 15 2f 00 000000b6 jeq putpmsg 0047 (false 0018)
0018: 15 2e 00 000000b2 jeq query_module 0047 (false 0019)
0019: 15 2d 00 000000b9 jeq security 0047 (false 001a)
001a: 15 2c 00 0000008b jeq sysfs 0047 (false 001b)
001b: 15 2b 00 000000b8 jeq tuxcall 0047 (false 001c)
001c: 15 2a 00 00000086 jeq uselib 0047 (false 001d)
001d: 15 29 00 00000088 jeq ustat 0047 (false 001e)
001e: 15 28 00 000000ec jeq vserver 0047 (false 001f)
001f: 15 27 00 000000ad jeq ioperm 0047 (false 0020)
0020: 15 26 00 000000ac jeq iopl 0047 (false 0021)
0021: 15 25 00 000000f6 jeq kexec_load 0047 (false 0022)
0022: 15 24 00 00000140 jeq kexec_file_load 0047 (false 0023)
0023: 15 23 00 000000a9 jeq reboot 0047 (false 0024)
0024: 15 22 00 000000a7 jeq swapon 0047 (false 0025)
0025: 15 21 00 000000a8 jeq swapoff 0047 (false 0026)
0026: 15 20 00 00000130 jeq open_by_handle_at 0047 (false 0027)
0027: 15 1f 00 0000012f jeq name_to_handle_at 0047 (false 0028)
0028: 15 1e 00 000000fb jeq ioprio_set 0047 (false 0029)
0029: 15 1d 00 00000067 jeq syslog 0047 (false 002a)
002a: 15 1c 00 0000012c jeq fanotify_init 0047 (false 002b)
002b: 15 1b 00 00000138 jeq kcmp 0047 (false 002c)
002c: 15 1a 00 000000f8 jeq add_key 0047 (false 002d)
002d: 15 19 00 000000f9 jeq request_key 0047 (false 002e)
002e: 15 18 00 000000ed jeq mbind 0047 (false 002f)
002f: 15 17 00 00000100 jeq migrate_pages 0047 (false 0030)
0030: 15 16 00 00000117 jeq move_pages 0047 (false 0031)
0031: 15 15 00 000000fa jeq keyctl 0047 (false 0032)
0032: 15 14 00 000000ce jeq io_setup 0047 (false 0033)
0033: 15 13 00 000000cf jeq io_destroy 0047 (false 0034)
0034: 15 12 00 000000d0 jeq io_getevents 0047 (false 0035)
0035: 15 11 00 000000d1 jeq io_submit 0047 (false 0036)
0036: 15 10 00 000000d2 jeq io_cancel 0047 (false 0037)
0037: 15 0f 00 000000d8 jeq remap_file_pages 0047 (false 0038)
0038: 15 0e 00 00000143 jeq userfaultfd 0047 (false 0039)
0039: 15 0d 00 000000a3 jeq acct 0047 (false 003a)
003a: 15 0c 00 00000141 jeq bpf 0047 (false 003b)
003b: 15 0b 00 000000a1 jeq chroot 0047 (false 003c)
003c: 15 0a 00 000000a5 jeq mount 0047 (false 003d)
003d: 15 09 00 000000b4 jeq nfsservctl 0047 (false 003e)
003e: 15 08 00 0000009b jeq pivot_root 0047 (false 003f)
003f: 15 07 00 000000ab jeq setdomainname 0047 (false 0040)
0040: 15 06 00 000000aa jeq sethostname 0047 (false 0041)
0041: 15 05 00 000000a6 jeq umount2 0047 (false 0042)
0042: 15 04 00 00000099 jeq vhangup 0047 (false 0043)
0043: 15 03 00 00000065 jeq ptrace 0047 (false 0044)
0044: 15 02 00 00000087 jeq personality 0047 (false 0045)
0045: 15 01 00 00000136 jeq process_vm_readv 0047 (false 0046)
0046: 06 00 00 7fff0000 ret ALLOW
0047: 06 00 01 00000000 ret KILL

<!-- gh-comment-id:629421844 --> @cabonamigo commented on GitHub (May 15, 2020): It doesn't work as I expected. --seccomp.drop=all : firejail --seccomp.print=firefox Switching to pid 1007834, the first child process inside the sandbox FILE: /proc/1007834/root/run/firejail/mnt/seccomp/seccomp line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005) 0005: 35 01 00 00000000 jge read 0007 (false 0006) 0006: 06 00 00 00050001 ret ERRNO(1) 0007: 06 00 00 7fff0000 ret ALLOW --seccomp : firejail --seccomp.print=firefox Switching to pid 1008345, the first child process inside the sandbox FILE: /proc/1008345/root/run/firejail/mnt/seccomp/seccomp.32 line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 40000003 jeq ARCH_32 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 15 30 00 00000015 jeq 15 0035 (false 0005) 0005: 15 2f 00 00000034 jeq 34 0035 (false 0006) 0006: 15 2e 00 0000001a jeq 1a 0035 (false 0007) 0007: 15 2d 00 0000011b jeq 11b 0035 (false 0008) 0008: 15 2c 00 00000155 jeq 155 0035 (false 0009) 0009: 15 2b 00 00000156 jeq 156 0035 (false 000a) 000a: 15 2a 00 0000007f jeq 7f 0035 (false 000b) 000b: 15 29 00 00000080 jeq 80 0035 (false 000c) 000c: 15 28 00 0000015e jeq 15e 0035 (false 000d) 000d: 15 27 00 00000081 jeq 81 0035 (false 000e) 000e: 15 26 00 0000006e jeq 6e 0035 (false 000f) 000f: 15 25 00 00000065 jeq 65 0035 (false 0010) 0010: 15 24 00 00000121 jeq 121 0035 (false 0011) 0011: 15 23 00 00000057 jeq 57 0035 (false 0012) 0012: 15 22 00 00000073 jeq 73 0035 (false 0013) 0013: 15 21 00 00000067 jeq 67 0035 (false 0014) 0014: 15 20 00 0000015b jeq 15b 0035 (false 0015) 0015: 15 1f 00 0000015c jeq 15c 0035 (false 0016) 0016: 15 1e 00 00000087 jeq 87 0035 (false 0017) 0017: 15 1d 00 00000095 jeq 95 0035 (false 0018) 0018: 15 1c 00 0000007c jeq 7c 0035 (false 0019) 0019: 15 1b 00 00000157 jeq 157 0035 (false 001a) 001a: 15 1a 00 000000fd jeq fd 0035 (false 001b) 001b: 15 19 00 00000150 jeq 150 0035 (false 001c) 001c: 15 18 00 00000152 jeq 152 0035 (false 001d) 001d: 15 17 00 0000015d jeq 15d 0035 (false 001e) 001e: 15 16 00 0000011e jeq 11e 0035 (false 001f) 001f: 15 15 00 0000011f jeq 11f 0035 (false 0020) 0020: 15 14 00 00000120 jeq 120 0035 (false 0021) 0021: 15 13 00 00000056 jeq 56 0035 (false 0022) 0022: 15 12 00 00000033 jeq 33 0035 (false 0023) 0023: 15 11 00 0000007b jeq 7b 0035 (false 0024) 0024: 15 10 00 000000d9 jeq d9 0035 (false 0025) 0025: 15 0f 00 000000f5 jeq f5 0035 (false 0026) 0026: 15 0e 00 000000f6 jeq f6 0035 (false 0027) 0027: 15 0d 00 000000f7 jeq f7 0035 (false 0028) 0028: 15 0c 00 000000f8 jeq f8 0035 (false 0029) 0029: 15 0b 00 000000f9 jeq f9 0035 (false 002a) 002a: 15 0a 00 00000101 jeq 101 0035 (false 002b) 002b: 15 09 00 00000112 jeq 112 0035 (false 002c) 002c: 15 08 00 00000114 jeq 114 0035 (false 002d) 002d: 15 07 00 00000126 jeq 126 0035 (false 002e) 002e: 15 06 00 0000013d jeq 13d 0035 (false 002f) 002f: 15 05 00 0000013c jeq 13c 0035 (false 0030) 0030: 15 04 00 0000003d jeq 3d 0035 (false 0031) 0031: 15 03 00 00000058 jeq 58 0035 (false 0032) 0032: 15 02 00 000000a9 jeq a9 0035 (false 0033) 0033: 15 01 00 00000082 jeq 82 0035 (false 0034) 0034: 06 00 00 7fff0000 ret ALLOW 0035: 06 00 00 00000000 ret KILL FILE: /proc/1008345/root/run/firejail/mnt/seccomp/seccomp line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005) 0005: 35 01 00 00000000 jge read 0007 (false 0006) 0006: 06 00 00 00050001 ret ERRNO(1) 0007: 15 3f 00 0000009f jeq adjtimex 0047 (false 0008) 0008: 15 3e 00 00000131 jeq clock_adjtime 0047 (false 0009) 0009: 15 3d 00 000000e3 jeq clock_settime 0047 (false 000a) 000a: 15 3c 00 000000a4 jeq settimeofday 0047 (false 000b) 000b: 15 3b 00 0000009a jeq modify_ldt 0047 (false 000c) 000c: 15 3a 00 000000d4 jeq lookup_dcookie 0047 (false 000d) 000d: 15 39 00 0000012a jeq perf_event_open 0047 (false 000e) 000e: 15 38 00 00000137 jeq process_vm_writev 0047 (false 000f) 000f: 15 37 00 000000b0 jeq delete_module 0047 (false 0010) 0010: 15 36 00 00000139 jeq finit_module 0047 (false 0011) 0011: 15 35 00 000000af jeq init_module 0047 (false 0012) 0012: 15 34 00 0000009c jeq _sysctl 0047 (false 0013) 0013: 15 33 00 000000b7 jeq afs_syscall 0047 (false 0014) 0014: 15 32 00 000000ae jeq create_module 0047 (false 0015) 0015: 15 31 00 000000b1 jeq get_kernel_syms 0047 (false 0016) 0016: 15 30 00 000000b5 jeq getpmsg 0047 (false 0017) 0017: 15 2f 00 000000b6 jeq putpmsg 0047 (false 0018) 0018: 15 2e 00 000000b2 jeq query_module 0047 (false 0019) 0019: 15 2d 00 000000b9 jeq security 0047 (false 001a) 001a: 15 2c 00 0000008b jeq sysfs 0047 (false 001b) 001b: 15 2b 00 000000b8 jeq tuxcall 0047 (false 001c) 001c: 15 2a 00 00000086 jeq uselib 0047 (false 001d) 001d: 15 29 00 00000088 jeq ustat 0047 (false 001e) 001e: 15 28 00 000000ec jeq vserver 0047 (false 001f) 001f: 15 27 00 000000ad jeq ioperm 0047 (false 0020) 0020: 15 26 00 000000ac jeq iopl 0047 (false 0021) 0021: 15 25 00 000000f6 jeq kexec_load 0047 (false 0022) 0022: 15 24 00 00000140 jeq kexec_file_load 0047 (false 0023) 0023: 15 23 00 000000a9 jeq reboot 0047 (false 0024) 0024: 15 22 00 000000a7 jeq swapon 0047 (false 0025) 0025: 15 21 00 000000a8 jeq swapoff 0047 (false 0026) 0026: 15 20 00 00000130 jeq open_by_handle_at 0047 (false 0027) 0027: 15 1f 00 0000012f jeq name_to_handle_at 0047 (false 0028) 0028: 15 1e 00 000000fb jeq ioprio_set 0047 (false 0029) 0029: 15 1d 00 00000067 jeq syslog 0047 (false 002a) 002a: 15 1c 00 0000012c jeq fanotify_init 0047 (false 002b) 002b: 15 1b 00 00000138 jeq kcmp 0047 (false 002c) 002c: 15 1a 00 000000f8 jeq add_key 0047 (false 002d) 002d: 15 19 00 000000f9 jeq request_key 0047 (false 002e) 002e: 15 18 00 000000ed jeq mbind 0047 (false 002f) 002f: 15 17 00 00000100 jeq migrate_pages 0047 (false 0030) 0030: 15 16 00 00000117 jeq move_pages 0047 (false 0031) 0031: 15 15 00 000000fa jeq keyctl 0047 (false 0032) 0032: 15 14 00 000000ce jeq io_setup 0047 (false 0033) 0033: 15 13 00 000000cf jeq io_destroy 0047 (false 0034) 0034: 15 12 00 000000d0 jeq io_getevents 0047 (false 0035) 0035: 15 11 00 000000d1 jeq io_submit 0047 (false 0036) 0036: 15 10 00 000000d2 jeq io_cancel 0047 (false 0037) 0037: 15 0f 00 000000d8 jeq remap_file_pages 0047 (false 0038) 0038: 15 0e 00 00000143 jeq userfaultfd 0047 (false 0039) 0039: 15 0d 00 000000a3 jeq acct 0047 (false 003a) 003a: 15 0c 00 00000141 jeq bpf 0047 (false 003b) 003b: 15 0b 00 000000a1 jeq chroot 0047 (false 003c) 003c: 15 0a 00 000000a5 jeq mount 0047 (false 003d) 003d: 15 09 00 000000b4 jeq nfsservctl 0047 (false 003e) 003e: 15 08 00 0000009b jeq pivot_root 0047 (false 003f) 003f: 15 07 00 000000ab jeq setdomainname 0047 (false 0040) 0040: 15 06 00 000000aa jeq sethostname 0047 (false 0041) 0041: 15 05 00 000000a6 jeq umount2 0047 (false 0042) 0042: 15 04 00 00000099 jeq vhangup 0047 (false 0043) 0043: 15 03 00 00000065 jeq ptrace 0047 (false 0044) 0044: 15 02 00 00000087 jeq personality 0047 (false 0045) 0045: 15 01 00 00000136 jeq process_vm_readv 0047 (false 0046) 0046: 06 00 00 7fff0000 ret ALLOW 0047: 06 00 01 00000000 ret KILL

gitea-mirror commented 2026-05-05 08:49:22 -06:00

Author

Owner

Copy link

@SkewedZeppelin commented on GitHub (May 15, 2020):

It is impossible to have a program run without being able to make syscalls.

-----Original Message-----
From: cabonamigo notifications@github.com
Reply-To: netblue30/firejail reply@reply.github.com
To: netblue30/firejail firejail@noreply.github.com
Cc: Subscribed subscribed@noreply.github.com
Subject: Re: [netblue30/firejail] Does "seccomp.drop=all" works (#3419)
Date: Fri, 15 May 2020 11:51:30 -0700

It doesn't work as I expected.

--seccomp.drop=all 👍
firejail --seccomp.print=firefox
Switching to pid 1007834, the first child process inside the sandbox
FILE: /proc/1007834/root/run/firejail/mnt/seccomp/seccomp
line OP JT JF K

0000: 20 00 00 00000004 ld data.architecture
0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002)
0002: 06 00 00 7fff0000 ret ALLOW
0003: 20 00 00 00000000 ld data.syscall-number
0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005)
0005: 35 01 00 00000000 jge read 0007 (false 0006)
0006: 06 00 00 00050001 ret ERRNO(1)
0007: 06 00 00 7fff0000 ret ALLOW

--seccomp :
firejail --seccomp.print=firefox
Switching to pid 1008345, the first child process inside the sandbox
FILE: /proc/1008345/root/run/firejail/mnt/seccomp/seccomp.32
line OP JT JF K

0000: 20 00 00 00000004 ld data.architecture
0001: 15 01 00 40000003 jeq ARCH_32 0003 (false 0002)
0002: 06 00 00 7fff0000 ret ALLOW
0003: 20 00 00 00000000 ld data.syscall-number
0004: 15 30 00 00000015 jeq 15 0035 (false 0005)
0005: 15 2f 00 00000034 jeq 34 0035 (false 0006)
0006: 15 2e 00 0000001a jeq 1a 0035 (false 0007)
0007: 15 2d 00 0000011b jeq 11b 0035 (false 0008)
0008: 15 2c 00 00000155 jeq 155 0035 (false 0009)
0009: 15 2b 00 00000156 jeq 156 0035 (false 000a)
000a: 15 2a 00 0000007f jeq 7f 0035 (false 000b)
000b: 15 29 00 00000080 jeq 80 0035 (false 000c)
000c: 15 28 00 0000015e jeq 15e 0035 (false 000d)
000d: 15 27 00 00000081 jeq 81 0035 (false 000e)
000e: 15 26 00 0000006e jeq 6e 0035 (false 000f)
000f: 15 25 00 00000065 jeq 65 0035 (false 0010)
0010: 15 24 00 00000121 jeq 121 0035 (false 0011)
0011: 15 23 00 00000057 jeq 57 0035 (false 0012)
0012: 15 22 00 00000073 jeq 73 0035 (false 0013)
0013: 15 21 00 00000067 jeq 67 0035 (false 0014)
0014: 15 20 00 0000015b jeq 15b 0035 (false 0015)
0015: 15 1f 00 0000015c jeq 15c 0035 (false 0016)
0016: 15 1e 00 00000087 jeq 87 0035 (false 0017)
0017: 15 1d 00 00000095 jeq 95 0035 (false 0018)
0018: 15 1c 00 0000007c jeq 7c 0035 (false 0019)
0019: 15 1b 00 00000157 jeq 157 0035 (false 001a)
001a: 15 1a 00 000000fd jeq fd 0035 (false 001b)
001b: 15 19 00 00000150 jeq 150 0035 (false 001c)
001c: 15 18 00 00000152 jeq 152 0035 (false 001d)
001d: 15 17 00 0000015d jeq 15d 0035 (false 001e)
001e: 15 16 00 0000011e jeq 11e 0035 (false 001f)
001f: 15 15 00 0000011f jeq 11f 0035 (false 0020)
0020: 15 14 00 00000120 jeq 120 0035 (false 0021)
0021: 15 13 00 00000056 jeq 56 0035 (false 0022)
0022: 15 12 00 00000033 jeq 33 0035 (false 0023)
0023: 15 11 00 0000007b jeq 7b 0035 (false 0024)
0024: 15 10 00 000000d9 jeq d9 0035 (false 0025)
0025: 15 0f 00 000000f5 jeq f5 0035 (false 0026)
0026: 15 0e 00 000000f6 jeq f6 0035 (false 0027)
0027: 15 0d 00 000000f7 jeq f7 0035 (false 0028)
0028: 15 0c 00 000000f8 jeq f8 0035 (false 0029)
0029: 15 0b 00 000000f9 jeq f9 0035 (false 002a)
002a: 15 0a 00 00000101 jeq 101 0035 (false 002b)
002b: 15 09 00 00000112 jeq 112 0035 (false 002c)
002c: 15 08 00 00000114 jeq 114 0035 (false 002d)
002d: 15 07 00 00000126 jeq 126 0035 (false 002e)
002e: 15 06 00 0000013d jeq 13d 0035 (false 002f)
002f: 15 05 00 0000013c jeq 13c 0035 (false 0030)
0030: 15 04 00 0000003d jeq 3d 0035 (false 0031)
0031: 15 03 00 00000058 jeq 58 0035 (false 0032)
0032: 15 02 00 000000a9 jeq a9 0035 (false 0033)
0033: 15 01 00 00000082 jeq 82 0035 (false 0034)
0034: 06 00 00 7fff0000 ret ALLOW
0035: 06 00 00 00000000 ret KILL

FILE: /proc/1008345/root/run/firejail/mnt/seccomp/seccomp
line OP JT JF K

0000: 20 00 00 00000004 ld data.architecture
0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002)
0002: 06 00 00 7fff0000 ret ALLOW
0003: 20 00 00 00000000 ld data.syscall-number
0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005)
0005: 35 01 00 00000000 jge read 0007 (false 0006)
0006: 06 00 00 00050001 ret ERRNO(1)
0007: 15 3f 00 0000009f jeq adjtimex 0047 (false 0008)
0008: 15 3e 00 00000131 jeq clock_adjtime 0047 (false 0009)
0009: 15 3d 00 000000e3 jeq clock_settime 0047 (false 000a)
000a: 15 3c 00 000000a4 jeq settimeofday 0047 (false 000b)
000b: 15 3b 00 0000009a jeq modify_ldt 0047 (false 000c)
000c: 15 3a 00 000000d4 jeq lookup_dcookie 0047 (false 000d)
000d: 15 39 00 0000012a jeq perf_event_open 0047 (false 000e)
000e: 15 38 00 00000137 jeq process_vm_writev 0047 (false 000f)
000f: 15 37 00 000000b0 jeq delete_module 0047 (false 0010)
0010: 15 36 00 00000139 jeq finit_module 0047 (false 0011)
0011: 15 35 00 000000af jeq init_module 0047 (false 0012)
0012: 15 34 00 0000009c jeq _sysctl 0047 (false 0013)
0013: 15 33 00 000000b7 jeq afs_syscall 0047 (false 0014)
0014: 15 32 00 000000ae jeq create_module 0047 (false 0015)
0015: 15 31 00 000000b1 jeq get_kernel_syms 0047 (false 0016)
0016: 15 30 00 000000b5 jeq getpmsg 0047 (false 0017)
0017: 15 2f 00 000000b6 jeq putpmsg 0047 (false 0018)
0018: 15 2e 00 000000b2 jeq query_module 0047 (false 0019)
0019: 15 2d 00 000000b9 jeq security 0047 (false 001a)
001a: 15 2c 00 0000008b jeq sysfs 0047 (false 001b)
001b: 15 2b 00 000000b8 jeq tuxcall 0047 (false 001c)
001c: 15 2a 00 00000086 jeq uselib 0047 (false 001d)
001d: 15 29 00 00000088 jeq ustat 0047 (false 001e)
001e: 15 28 00 000000ec jeq vserver 0047 (false 001f)
001f: 15 27 00 000000ad jeq ioperm 0047 (false 0020)
0020: 15 26 00 000000ac jeq iopl 0047 (false 0021)
0021: 15 25 00 000000f6 jeq kexec_load 0047 (false 0022)
0022: 15 24 00 00000140 jeq kexec_file_load 0047 (false 0023)
0023: 15 23 00 000000a9 jeq reboot 0047 (false 0024)
0024: 15 22 00 000000a7 jeq swapon 0047 (false 0025)
0025: 15 21 00 000000a8 jeq swapoff 0047 (false 0026)
0026: 15 20 00 00000130 jeq open_by_handle_at 0047 (false 0027)
0027: 15 1f 00 0000012f jeq name_to_handle_at 0047 (false 0028)
0028: 15 1e 00 000000fb jeq ioprio_set 0047 (false 0029)
0029: 15 1d 00 00000067 jeq syslog 0047 (false 002a)
002a: 15 1c 00 0000012c jeq fanotify_init 0047 (false 002b)
002b: 15 1b 00 00000138 jeq kcmp 0047 (false 002c)
002c: 15 1a 00 000000f8 jeq add_key 0047 (false 002d)
002d: 15 19 00 000000f9 jeq request_key 0047 (false 002e)
002e: 15 18 00 000000ed jeq mbind 0047 (false 002f)
002f: 15 17 00 00000100 jeq migrate_pages 0047 (false 0030)
0030: 15 16 00 00000117 jeq move_pages 0047 (false 0031)
0031: 15 15 00 000000fa jeq keyctl 0047 (false 0032)
0032: 15 14 00 000000ce jeq io_setup 0047 (false 0033)
0033: 15 13 00 000000cf jeq io_destroy 0047 (false 0034)
0034: 15 12 00 000000d0 jeq io_getevents 0047 (false 0035)
0035: 15 11 00 000000d1 jeq io_submit 0047 (false 0036)
0036: 15 10 00 000000d2 jeq io_cancel 0047 (false 0037)
0037: 15 0f 00 000000d8 jeq remap_file_pages 0047 (false 0038)
0038: 15 0e 00 00000143 jeq userfaultfd 0047 (false 0039)
0039: 15 0d 00 000000a3 jeq acct 0047 (false 003a)
003a: 15 0c 00 00000141 jeq bpf 0047 (false 003b)
003b: 15 0b 00 000000a1 jeq chroot 0047 (false 003c)
003c: 15 0a 00 000000a5 jeq mount 0047 (false 003d)
003d: 15 09 00 000000b4 jeq nfsservctl 0047 (false 003e)
003e: 15 08 00 0000009b jeq pivot_root 0047 (false 003f)
003f: 15 07 00 000000ab jeq setdomainname 0047 (false 0040)
0040: 15 06 00 000000aa jeq sethostname 0047 (false 0041)
0041: 15 05 00 000000a6 jeq umount2 0047 (false 0042)
0042: 15 04 00 00000099 jeq vhangup 0047 (false 0043)
0043: 15 03 00 00000065 jeq ptrace 0047 (false 0044)
0044: 15 02 00 00000087 jeq personality 0047 (false 0045)
0045: 15 01 00 00000136 jeq process_vm_readv 0047 (false 0046)
0046: 06 00 00 7fff0000 ret ALLOW
0047: 06 00 01 00000000 ret KILL

<!-- gh-comment-id:629430498 --> @SkewedZeppelin commented on GitHub (May 15, 2020): It is impossible to have a program run without being able to make syscalls. -----Original Message----- From: cabonamigo <notifications@github.com> Reply-To: netblue30/firejail <reply@reply.github.com> To: netblue30/firejail <firejail@noreply.github.com> Cc: Subscribed <subscribed@noreply.github.com> Subject: Re: [netblue30/firejail] Does "seccomp.drop=all" works (#3419) Date: Fri, 15 May 2020 11:51:30 -0700 It doesn't work as I expected. --seccomp.drop=all :+1: firejail --seccomp.print=firefox Switching to pid 1007834, the first child process inside the sandbox FILE: /proc/1007834/root/run/firejail/mnt/seccomp/seccomp line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005) 0005: 35 01 00 00000000 jge read 0007 (false 0006) 0006: 06 00 00 00050001 ret ERRNO(1) 0007: 06 00 00 7fff0000 ret ALLOW --seccomp : firejail --seccomp.print=firefox Switching to pid 1008345, the first child process inside the sandbox FILE: /proc/1008345/root/run/firejail/mnt/seccomp/seccomp.32 line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 40000003 jeq ARCH_32 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 15 30 00 00000015 jeq 15 0035 (false 0005) 0005: 15 2f 00 00000034 jeq 34 0035 (false 0006) 0006: 15 2e 00 0000001a jeq 1a 0035 (false 0007) 0007: 15 2d 00 0000011b jeq 11b 0035 (false 0008) 0008: 15 2c 00 00000155 jeq 155 0035 (false 0009) 0009: 15 2b 00 00000156 jeq 156 0035 (false 000a) 000a: 15 2a 00 0000007f jeq 7f 0035 (false 000b) 000b: 15 29 00 00000080 jeq 80 0035 (false 000c) 000c: 15 28 00 0000015e jeq 15e 0035 (false 000d) 000d: 15 27 00 00000081 jeq 81 0035 (false 000e) 000e: 15 26 00 0000006e jeq 6e 0035 (false 000f) 000f: 15 25 00 00000065 jeq 65 0035 (false 0010) 0010: 15 24 00 00000121 jeq 121 0035 (false 0011) 0011: 15 23 00 00000057 jeq 57 0035 (false 0012) 0012: 15 22 00 00000073 jeq 73 0035 (false 0013) 0013: 15 21 00 00000067 jeq 67 0035 (false 0014) 0014: 15 20 00 0000015b jeq 15b 0035 (false 0015) 0015: 15 1f 00 0000015c jeq 15c 0035 (false 0016) 0016: 15 1e 00 00000087 jeq 87 0035 (false 0017) 0017: 15 1d 00 00000095 jeq 95 0035 (false 0018) 0018: 15 1c 00 0000007c jeq 7c 0035 (false 0019) 0019: 15 1b 00 00000157 jeq 157 0035 (false 001a) 001a: 15 1a 00 000000fd jeq fd 0035 (false 001b) 001b: 15 19 00 00000150 jeq 150 0035 (false 001c) 001c: 15 18 00 00000152 jeq 152 0035 (false 001d) 001d: 15 17 00 0000015d jeq 15d 0035 (false 001e) 001e: 15 16 00 0000011e jeq 11e 0035 (false 001f) 001f: 15 15 00 0000011f jeq 11f 0035 (false 0020) 0020: 15 14 00 00000120 jeq 120 0035 (false 0021) 0021: 15 13 00 00000056 jeq 56 0035 (false 0022) 0022: 15 12 00 00000033 jeq 33 0035 (false 0023) 0023: 15 11 00 0000007b jeq 7b 0035 (false 0024) 0024: 15 10 00 000000d9 jeq d9 0035 (false 0025) 0025: 15 0f 00 000000f5 jeq f5 0035 (false 0026) 0026: 15 0e 00 000000f6 jeq f6 0035 (false 0027) 0027: 15 0d 00 000000f7 jeq f7 0035 (false 0028) 0028: 15 0c 00 000000f8 jeq f8 0035 (false 0029) 0029: 15 0b 00 000000f9 jeq f9 0035 (false 002a) 002a: 15 0a 00 00000101 jeq 101 0035 (false 002b) 002b: 15 09 00 00000112 jeq 112 0035 (false 002c) 002c: 15 08 00 00000114 jeq 114 0035 (false 002d) 002d: 15 07 00 00000126 jeq 126 0035 (false 002e) 002e: 15 06 00 0000013d jeq 13d 0035 (false 002f) 002f: 15 05 00 0000013c jeq 13c 0035 (false 0030) 0030: 15 04 00 0000003d jeq 3d 0035 (false 0031) 0031: 15 03 00 00000058 jeq 58 0035 (false 0032) 0032: 15 02 00 000000a9 jeq a9 0035 (false 0033) 0033: 15 01 00 00000082 jeq 82 0035 (false 0034) 0034: 06 00 00 7fff0000 ret ALLOW 0035: 06 00 00 00000000 ret KILL FILE: /proc/1008345/root/run/firejail/mnt/seccomp/seccomp line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005) 0005: 35 01 00 00000000 jge read 0007 (false 0006) 0006: 06 00 00 00050001 ret ERRNO(1) 0007: 15 3f 00 0000009f jeq adjtimex 0047 (false 0008) 0008: 15 3e 00 00000131 jeq clock_adjtime 0047 (false 0009) 0009: 15 3d 00 000000e3 jeq clock_settime 0047 (false 000a) 000a: 15 3c 00 000000a4 jeq settimeofday 0047 (false 000b) 000b: 15 3b 00 0000009a jeq modify_ldt 0047 (false 000c) 000c: 15 3a 00 000000d4 jeq lookup_dcookie 0047 (false 000d) 000d: 15 39 00 0000012a jeq perf_event_open 0047 (false 000e) 000e: 15 38 00 00000137 jeq process_vm_writev 0047 (false 000f) 000f: 15 37 00 000000b0 jeq delete_module 0047 (false 0010) 0010: 15 36 00 00000139 jeq finit_module 0047 (false 0011) 0011: 15 35 00 000000af jeq init_module 0047 (false 0012) 0012: 15 34 00 0000009c jeq _sysctl 0047 (false 0013) 0013: 15 33 00 000000b7 jeq afs_syscall 0047 (false 0014) 0014: 15 32 00 000000ae jeq create_module 0047 (false 0015) 0015: 15 31 00 000000b1 jeq get_kernel_syms 0047 (false 0016) 0016: 15 30 00 000000b5 jeq getpmsg 0047 (false 0017) 0017: 15 2f 00 000000b6 jeq putpmsg 0047 (false 0018) 0018: 15 2e 00 000000b2 jeq query_module 0047 (false 0019) 0019: 15 2d 00 000000b9 jeq security 0047 (false 001a) 001a: 15 2c 00 0000008b jeq sysfs 0047 (false 001b) 001b: 15 2b 00 000000b8 jeq tuxcall 0047 (false 001c) 001c: 15 2a 00 00000086 jeq uselib 0047 (false 001d) 001d: 15 29 00 00000088 jeq ustat 0047 (false 001e) 001e: 15 28 00 000000ec jeq vserver 0047 (false 001f) 001f: 15 27 00 000000ad jeq ioperm 0047 (false 0020) 0020: 15 26 00 000000ac jeq iopl 0047 (false 0021) 0021: 15 25 00 000000f6 jeq kexec_load 0047 (false 0022) 0022: 15 24 00 00000140 jeq kexec_file_load 0047 (false 0023) 0023: 15 23 00 000000a9 jeq reboot 0047 (false 0024) 0024: 15 22 00 000000a7 jeq swapon 0047 (false 0025) 0025: 15 21 00 000000a8 jeq swapoff 0047 (false 0026) 0026: 15 20 00 00000130 jeq open_by_handle_at 0047 (false 0027) 0027: 15 1f 00 0000012f jeq name_to_handle_at 0047 (false 0028) 0028: 15 1e 00 000000fb jeq ioprio_set 0047 (false 0029) 0029: 15 1d 00 00000067 jeq syslog 0047 (false 002a) 002a: 15 1c 00 0000012c jeq fanotify_init 0047 (false 002b) 002b: 15 1b 00 00000138 jeq kcmp 0047 (false 002c) 002c: 15 1a 00 000000f8 jeq add_key 0047 (false 002d) 002d: 15 19 00 000000f9 jeq request_key 0047 (false 002e) 002e: 15 18 00 000000ed jeq mbind 0047 (false 002f) 002f: 15 17 00 00000100 jeq migrate_pages 0047 (false 0030) 0030: 15 16 00 00000117 jeq move_pages 0047 (false 0031) 0031: 15 15 00 000000fa jeq keyctl 0047 (false 0032) 0032: 15 14 00 000000ce jeq io_setup 0047 (false 0033) 0033: 15 13 00 000000cf jeq io_destroy 0047 (false 0034) 0034: 15 12 00 000000d0 jeq io_getevents 0047 (false 0035) 0035: 15 11 00 000000d1 jeq io_submit 0047 (false 0036) 0036: 15 10 00 000000d2 jeq io_cancel 0047 (false 0037) 0037: 15 0f 00 000000d8 jeq remap_file_pages 0047 (false 0038) 0038: 15 0e 00 00000143 jeq userfaultfd 0047 (false 0039) 0039: 15 0d 00 000000a3 jeq acct 0047 (false 003a) 003a: 15 0c 00 00000141 jeq bpf 0047 (false 003b) 003b: 15 0b 00 000000a1 jeq chroot 0047 (false 003c) 003c: 15 0a 00 000000a5 jeq mount 0047 (false 003d) 003d: 15 09 00 000000b4 jeq nfsservctl 0047 (false 003e) 003e: 15 08 00 0000009b jeq pivot_root 0047 (false 003f) 003f: 15 07 00 000000ab jeq setdomainname 0047 (false 0040) 0040: 15 06 00 000000aa jeq sethostname 0047 (false 0041) 0041: 15 05 00 000000a6 jeq umount2 0047 (false 0042) 0042: 15 04 00 00000099 jeq vhangup 0047 (false 0043) 0043: 15 03 00 00000065 jeq ptrace 0047 (false 0044) 0044: 15 02 00 00000087 jeq personality 0047 (false 0045) 0045: 15 01 00 00000136 jeq process_vm_readv 0047 (false 0046) 0046: 06 00 00 7fff0000 ret ALLOW 0047: 06 00 01 00000000 ret KILL

gitea-mirror commented 2026-05-05 08:49:24 -06:00

Author

Owner

Copy link

@ghost commented on GitHub (May 15, 2020):

@cabonamigo It would be interesting to know what happened with the firefox profile on Ubuntu 20.04. Feel free to reopen if you need assistance.

<!-- gh-comment-id:629437772 --> @ghost commented on GitHub (May 15, 2020): @cabonamigo It would be interesting to know what happened with the firefox profile on Ubuntu 20.04. Feel free to reopen if you need assistance.

gitea-mirror commented 2026-05-05 08:49:25 -06:00

Author

Owner

Copy link

@rusty-snake commented on GitHub (May 18, 2020):

https://github.com/netblue30/firejail/issues/3299

<!-- gh-comment-id:630015947 --> @rusty-snake commented on GitHub (May 18, 2020): https://github.com/netblue30/firejail/issues/3299

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

serialize_remounts_v2

landlock_v4

landlock

release-0.9.64

release-0.9.62

gitlab_ci

LTSbase

fred_ctests

docs

0.9.80

0.9.80-rc1

0.9.78

0.9.76

0.9.76-rc4

0.9.76-rc3

0.9.76-rc2

0.9.76-rc1

0.9.74

landlock-split

0.9.72

0.9.72rc1

0.9.70

0.9.68

0.9.68rc1

0.9.66

0.9.66rc1

0.9.64.4

0.9.64.2

0.9.64

0.9.64rc1

0.9.62.4

0.9.62.2

0.9.62

0.9.56.2-LTS

0.9.60

0.9.60-rc1

0.9.58.2

0.9.58

0.9.58-rc1

0.9.56-LTS-release

0.9.56-LTS

0.9.56

0.9.56-rc1

0.9.54

0.9.54-rc2

0.9.54-rc1

0.9.52

0.9.38.12

0.9.50

0.9.50-rc1

0.9.48

0.9.46

0.9.46-rc1

0.9.44.10

0.9.44.8

0.9.44.6

0.9.38.10

0.9.44.4

0.9.38.8

0.9.44.2

0.9.44

0.9.44-rc1

0.9.38.4

0.9.42

0.9.42-rc2

0.9.38.2

0.9.42-rc1

disable-globalcfg

0.9.40

0.9.40-rc1

0.9.38

0.9.38-rc1

0.9.36

0.9.36-rc1

0.9.34

0.9.34-rc1

0.9.32

0.9.32-rc1

0.9.30

0.9.30-rc1

Labels

Clear labels   

LTS merge

  

LTS merge

  

bug

  

bug

  

converted-to-discussion

  

doc-todo

  

documentation

  

duplicate

  

enhancement

  

file-transfer

  

firecfg

  

firejail-in-firejail

  

firetools

  

graphics

  

help wanted

  

information_old

  

installation

  

invalid

  

modif

  

moved

  

needinfo

  

networking

  

notabug

  

notourbug

  

old-version

  

overlayfs

  

packaging

  

profile-request

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question_old

  

removal

  

runtime-permissions

  

sandbox-ipc

  

security

  

stale

  

wiki

  

wiki

  

wontfix

  

wordpress

  

workaround

No labels

LTS merge

LTS merge

bug

bug

converted-to-discussion

doc-todo

documentation

duplicate

enhancement

file-transfer

firecfg

firejail-in-firejail

firetools

graphics

help wanted

information_old

installation

invalid

modif

moved

needinfo

networking

notabug

notourbug

old-version

overlayfs

packaging

profile-request

pull-request

question

question_old

removal

runtime-permissions

sandbox-ipc

security

stale

wiki

wiki

wontfix

wordpress

workaround

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2146

No description provided.