github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #3609] firefox: program does not open (seccomp) #2265

New issue
Closed
opened 2026-05-05 08:57:29 -06:00 by gitea-mirror · 15 comments
gitea-mirror commented 2026-05-05 08:57:29 -06:00
Owner
Copy link

Originally created by @ghost on GitHub (Aug 28, 2020).
Original GitHub issue: https://github.com/netblue30/firejail/issues/3609

Write clear, concise and in textual form.

Bug and expected behavior
Firefox version 80.0 hangs on start due to seccomp, the issue wasn't there before.

  • What did you expect to happen?
    Firefox should launch normally.

No profile or disabling firejail

  • What changed calling `firejail --noprofile /usr/lib/firefox/firefox in a shell?
    Firefox works fine.
  • What changed calling the program by path=without firejail (check whereis PROGRAM, firejail --list, stat $programpath)?
    Firefox works fine.

Reproduce
Steps to reproduce the behavior:

  1. Run in bash firejail /usr/lib/firefox/firefox
  2. Firefox will freeze, no window, nothing.
  3. Run in bash firejail --ignore=seccomp /usr/lib/firefox/firefox
  4. Firefox launches normally.

Environment

  • Linux distribution and version (ie output of lsb_release -a)
    Arch linux
  • Firejail version (output of firejail --version) exclusive or used git commit (git rev-parse HEAD)
    firejail version 0.9.62.4
  • What other programs interact with the affected program for the functionality?
    N/A
  • Are these listed in the profile?
    N/A

Additional context
Other context about the problem like related errors to understand the problem.

Checklist

  • The upstream profile (and redirect profile if exists) have no changes fixing it.
  • The upstream profile exists (find / -name 'firejail' 2>/dev/null/fd firejail to locate profiles ie in /usr/local/etc/firejail/PROGRAM.profile)
  • Programs needed for interaction are listed.
  • Error was checked in search engine and on issue list without success.
    When using --ignore=seccomp option firefox launches normally
debug output 
Autoselecting /bin/bash as shell
Building quoted command line: '/usr/lib/firefox/firefox' 
Command name #firefox#
Found firefox.profile profile in /etc/firejail directory
Reading profile /etc/firejail/firefox.profile
Found whitelist-usr-share-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Found firefox-common.profile profile in /etc/firejail directory
Reading profile /etc/firejail/firefox-common.profile
conditional BROWSER_ALLOW_DRM, ignore noexec ${HOME}
Found disable-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-common.inc
Found disable-devel.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-devel.inc
Found disable-exec.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-exec.inc
Found disable-interpreters.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-interpreters.inc
Found disable-programs.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-programs.inc
Found whitelist-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-common.inc
Found whitelist-var-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-var-common.inc
conditional BROWSER_DISABLE_U2F, nou2f
conditional BROWSER_DISABLE_U2F, private-dev
DISPLAY=:0 parsed as 0
Using the local network stack
Parent pid 4866, child pid 4867
Initializing child process
Host network configured
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp directory
Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file
Build protocol filter: unix,inet,inet6,netlink
sbox run: /run/firejail/lib/fseccomp protocol build unix,inet,inet6,netlink /run/firejail/mnt/seccomp/seccomp.protocol (null) 
Dropping all capabilities
Drop privileges: pid 2, uid 1000, gid 1000, nogroups 1
No supplementary groups
Mounting /proc filesystem representing the PID namespace
Basic read-only filesystem:
Mounting read-only /etc
Mounting noexec /etc
Mounting read-only /var
Mounting noexec /var
Mounting read-only /bin
Mounting read-only /lib
Mounting read-only /usr
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Cleaning /run/user directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/profile
Disable /run/firejail/x11
Mounting tmpfs on /dev
mounting /run/firejail/mnt/dev/snd directory
mounting /run/firejail/mnt/dev/dri directory
mounting /run/firejail/mnt/dev/video0 file
mounting /run/firejail/mnt/dev/video1 file
Process /dev/shm directory
Generate private-tmp whitelist commands
blacklist /run/user/1000/bus
blacklist /run/dbus/system_bus_socket
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Mounting read-only /proc/sys
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/power
Disable /sys/kernel/debug
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/sched_debug
Disable /proc/timer_list
Disable /proc/kallsyms
Disable /usr/lib/modules/5.8.4-arch1-1/build (requested /usr/src/linux)
Disable /usr/lib/modules (requested /lib/modules)
Disable /boot
Disable /run/user/1000/gnupg
Disable /run/user/1000/systemd
Disable /proc/kmsg
Debug 423: new_name #/home/saurabh/.cache/mozilla/firefox#, whitelist
Debug 531: fname #/home/saurabh/.cache/mozilla/firefox#, cfg.homedir #/home/saurabh#
Replaced whitelist path: whitelist /home/saurabh/.cache/mozilla/firefox
Debug 423: new_name #/home/saurabh/.mozilla#, whitelist
Debug 531: fname #/home/saurabh/.mozilla#, cfg.homedir #/home/saurabh#
Replaced whitelist path: whitelist /home/saurabh/.mozilla
Debug 423: new_name #/usr/share/doc#, whitelist
Debug 423: new_name #/usr/share/firefox#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/firefox
	expanded: /usr/share/firefox
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/usr/share/gtk-doc/html#, whitelist
Debug 423: new_name #/usr/share/mozilla#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/mozilla
	expanded: /usr/share/mozilla
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/usr/share/webext#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/webext
	expanded: /usr/share/webext
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/usr/share/alsa#, whitelist
Debug 423: new_name #/usr/share/applications#, whitelist
Debug 423: new_name #/usr/share/ca-certificates#, whitelist
Debug 423: new_name #/usr/share/crypto-policies#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/crypto-policies
	expanded: /usr/share/crypto-policies
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/usr/share/cursors#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/cursors
	expanded: /usr/share/cursors
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/usr/share/dconf#, whitelist
Debug 423: new_name #/usr/share/distro-info#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/distro-info
	expanded: /usr/share/distro-info
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/usr/share/drirc.d#, whitelist
Debug 423: new_name #/usr/share/enchant#, whitelist
Debug 423: new_name #/usr/share/enchant-2#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/enchant-2
	expanded: /usr/share/enchant-2
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/usr/share/fontconfig#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/fontconfig
	expanded: /usr/share/fontconfig
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/usr/share/fonts#, whitelist
Debug 423: new_name #/usr/share/gir-1.0#, whitelist
Debug 423: new_name #/usr/share/gjs-1.0#, whitelist
Debug 423: new_name #/usr/share/glib-2.0#, whitelist
Debug 423: new_name #/usr/share/glvnd#, whitelist
Debug 423: new_name #/usr/share/gtk-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/gtk-2.0
	expanded: /usr/share/gtk-2.0
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/usr/share/gtk-3.0#, whitelist
Debug 423: new_name #/usr/share/gtksourceview-3.0#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/gtksourceview-3.0
	expanded: /usr/share/gtksourceview-3.0
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/usr/share/gtksourceview-4#, whitelist
Debug 423: new_name #/usr/share/hunspell#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/hunspell
	expanded: /usr/share/hunspell
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/usr/share/hwdata#, whitelist
Debug 423: new_name #/usr/share/icons#, whitelist
Debug 423: new_name #/usr/share/knotifications5#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/knotifications5
	expanded: /usr/share/knotifications5
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/usr/share/icu#, whitelist
Debug 423: new_name #/usr/share/kservices5#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/kservices5
	expanded: /usr/share/kservices5
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/usr/share/Kvantum#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/Kvantum
	expanded: /usr/share/Kvantum
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/usr/share/kxmlgui5#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/kxmlgui5
	expanded: /usr/share/kxmlgui5
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/usr/share/libdrm#, whitelist
Debug 423: new_name #/usr/share/libthai#, whitelist
Debug 423: new_name #/usr/share/locale#, whitelist
Debug 423: new_name #/usr/share/mime#, whitelist
Debug 423: new_name #/usr/share/misc#, whitelist
Debug 423: new_name #/usr/share/Modules#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/Modules
	expanded: /usr/share/Modules
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/usr/share/myspell#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/myspell
	expanded: /usr/share/myspell
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/usr/share/p11-kit#, whitelist
Debug 423: new_name #/usr/share/pixmaps#, whitelist
Debug 423: new_name #/usr/share/pki#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/pki
	expanded: /usr/share/pki
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/usr/share/plasma#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/plasma
	expanded: /usr/share/plasma
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/usr/share/publicsuffix#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/publicsuffix
	expanded: /usr/share/publicsuffix
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/usr/share/qt#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/qt
	expanded: /usr/share/qt
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/usr/share/qt4#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/qt4
	expanded: /usr/share/qt4
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/usr/share/qt5#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/qt5
	expanded: /usr/share/qt5
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/usr/share/sounds#, whitelist
Debug 423: new_name #/usr/share/tcl8.6#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/tcl8.6
	expanded: /usr/share/tcl8.6
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/usr/share/terminfo#, whitelist
Debug 423: new_name #/usr/share/themes#, whitelist
Debug 423: new_name #/usr/share/thumbnail.so#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/thumbnail.so
	expanded: /usr/share/thumbnail.so
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/usr/share/X11#, whitelist
Debug 423: new_name #/usr/share/xml#, whitelist
Debug 423: new_name #/usr/share/zoneinfo#, whitelist
Directory ${DOWNLOADS} resolved as Downloads
Debug 423: new_name #/home/saurabh/Downloads#, whitelist
Debug 531: fname #/home/saurabh/Downloads#, cfg.homedir #/home/saurabh#
Replaced whitelist path: whitelist /home/saurabh/Downloads
Debug 423: new_name #/home/saurabh/.pki#, whitelist
Debug 531: fname #/home/saurabh/.pki#, cfg.homedir #/home/saurabh#
Replaced whitelist path: whitelist /home/saurabh/.pki
Debug 423: new_name #/home/saurabh/.local/share/pki#, whitelist
Debug 531: fname #/home/saurabh/.local/share/pki#, cfg.homedir #/home/saurabh#
Replaced whitelist path: whitelist /home/saurabh/.local/share/pki
Debug 423: new_name #/home/saurabh/.XCompose#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.XCompose
	expanded: /home/saurabh/.XCompose
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/saurabh/.asoundrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.asoundrc
	expanded: /home/saurabh/.asoundrc
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/saurabh/.config/ibus#, whitelist
Debug 531: fname #/home/saurabh/.config/ibus#, cfg.homedir #/home/saurabh#
Replaced whitelist path: whitelist /home/saurabh/.config/ibus
Debug 423: new_name #/home/saurabh/.config/mimeapps.list#, whitelist
Debug 531: fname #/home/saurabh/.config/mimeapps.list#, cfg.homedir #/home/saurabh#
Replaced whitelist path: whitelist /home/saurabh/.config/mimeapps.list
Debug 423: new_name #/home/saurabh/.config/pkcs11#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/pkcs11
	expanded: /home/saurabh/.config/pkcs11
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/saurabh/.config/user-dirs.dirs#, whitelist
Debug 531: fname #/home/saurabh/.config/user-dirs.dirs#, cfg.homedir #/home/saurabh#
Replaced whitelist path: whitelist /home/saurabh/.config/user-dirs.dirs
Debug 423: new_name #/home/saurabh/.drirc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.drirc
	expanded: /home/saurabh/.drirc
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/saurabh/.icons#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.icons
	expanded: /home/saurabh/.icons
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/saurabh/.local/share/applications#, whitelist
Debug 531: fname #/home/saurabh/.local/share/applications#, cfg.homedir #/home/saurabh#
Replaced whitelist path: whitelist /home/saurabh/.local/share/applications
Debug 423: new_name #/home/saurabh/.local/share/icons#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/icons
	expanded: /home/saurabh/.local/share/icons
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/saurabh/.local/share/mime#, whitelist
Debug 531: fname #/home/saurabh/.local/share/mime#, cfg.homedir #/home/saurabh#
Replaced whitelist path: whitelist /home/saurabh/.local/share/mime
Debug 423: new_name #/home/saurabh/.mime.types#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.mime.types
	expanded: /home/saurabh/.mime.types
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/saurabh/.config/dconf#, whitelist
Debug 531: fname #/home/saurabh/.config/dconf#, cfg.homedir #/home/saurabh#
Replaced whitelist path: whitelist /home/saurabh/.config/dconf
Debug 423: new_name #/home/saurabh/.cache/fontconfig#, whitelist
Debug 531: fname #/home/saurabh/.cache/fontconfig#, cfg.homedir #/home/saurabh#
Replaced whitelist path: whitelist /home/saurabh/.cache/fontconfig
Debug 423: new_name #/home/saurabh/.config/fontconfig#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/fontconfig
	expanded: /home/saurabh/.config/fontconfig
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/saurabh/.fontconfig#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fontconfig
	expanded: /home/saurabh/.fontconfig
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/saurabh/.fonts#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts
	expanded: /home/saurabh/.fonts
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/saurabh/.fonts.conf#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf
	expanded: /home/saurabh/.fonts.conf
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/saurabh/.fonts.conf.d#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf.d
	expanded: /home/saurabh/.fonts.conf.d
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/saurabh/.fonts.d#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.d
	expanded: /home/saurabh/.fonts.d
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/saurabh/.local/share/fonts#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/fonts
	expanded: /home/saurabh/.local/share/fonts
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/saurabh/.pangorc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.pangorc
	expanded: /home/saurabh/.pangorc
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/saurabh/.config/gtk-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtk-2.0
	expanded: /home/saurabh/.config/gtk-2.0
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/saurabh/.config/gtk-3.0#, whitelist
Debug 531: fname #/home/saurabh/.config/gtk-3.0#, cfg.homedir #/home/saurabh#
Replaced whitelist path: whitelist /home/saurabh/.config/gtk-3.0
Debug 423: new_name #/home/saurabh/.config/gtkrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc
	expanded: /home/saurabh/.config/gtkrc
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/saurabh/.config/gtkrc-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc-2.0
	expanded: /home/saurabh/.config/gtkrc-2.0
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/saurabh/.gnome2#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2
	expanded: /home/saurabh/.gnome2
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/saurabh/.gnome2-private#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2-private
	expanded: /home/saurabh/.gnome2-private
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/saurabh/.gtk-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtk-2.0
	expanded: /home/saurabh/.gtk-2.0
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/saurabh/.gtkrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtkrc
	expanded: /home/saurabh/.gtkrc
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/saurabh/.gtkrc-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtkrc-2.0
	expanded: /home/saurabh/.gtkrc-2.0
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/saurabh/.kde/share/config/gtkrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc
	expanded: /home/saurabh/.kde/share/config/gtkrc
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/saurabh/.kde/share/config/gtkrc-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc-2.0
	expanded: /home/saurabh/.kde/share/config/gtkrc-2.0
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/saurabh/.kde4/share/config/gtkrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc
	expanded: /home/saurabh/.kde4/share/config/gtkrc
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/saurabh/.kde4/share/config/gtkrc-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc-2.0
	expanded: /home/saurabh/.kde4/share/config/gtkrc-2.0
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/saurabh/.local/share/themes#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/themes
	expanded: /home/saurabh/.local/share/themes
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/saurabh/.themes#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.themes
	expanded: /home/saurabh/.themes
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/saurabh/.cache/kioexec/krun#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.cache/kioexec/krun
	expanded: /home/saurabh/.cache/kioexec/krun
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/saurabh/.config/Kvantum#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/Kvantum
	expanded: /home/saurabh/.config/Kvantum
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/saurabh/.config/Trolltech.conf#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/Trolltech.conf
	expanded: /home/saurabh/.config/Trolltech.conf
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/saurabh/.config/kdeglobals#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kdeglobals
	expanded: /home/saurabh/.config/kdeglobals
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/saurabh/.config/kio_httprc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kio_httprc
	expanded: /home/saurabh/.config/kio_httprc
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/saurabh/.config/kioslaverc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kioslaverc
	expanded: /home/saurabh/.config/kioslaverc
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/saurabh/.config/ksslcablacklist#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/ksslcablacklist
	expanded: /home/saurabh/.config/ksslcablacklist
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/saurabh/.config/qt5ct#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/qt5ct
	expanded: /home/saurabh/.config/qt5ct
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/saurabh/.kde/share/config/kdeglobals#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kdeglobals
	expanded: /home/saurabh/.kde/share/config/kdeglobals
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/saurabh/.kde/share/config/kio_httprc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kio_httprc
	expanded: /home/saurabh/.kde/share/config/kio_httprc
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/saurabh/.kde/share/config/kioslaverc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kioslaverc
	expanded: /home/saurabh/.kde/share/config/kioslaverc
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/saurabh/.kde/share/config/ksslcablacklist#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/ksslcablacklist
	expanded: /home/saurabh/.kde/share/config/ksslcablacklist
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/saurabh/.kde/share/config/oxygenrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/oxygenrc
	expanded: /home/saurabh/.kde/share/config/oxygenrc
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/saurabh/.kde/share/icons#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/icons
	expanded: /home/saurabh/.kde/share/icons
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/saurabh/.kde4/share/config/kdeglobals#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kdeglobals
	expanded: /home/saurabh/.kde4/share/config/kdeglobals
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/saurabh/.kde4/share/config/kio_httprc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kio_httprc
	expanded: /home/saurabh/.kde4/share/config/kio_httprc
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/saurabh/.kde4/share/config/kioslaverc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kioslaverc
	expanded: /home/saurabh/.kde4/share/config/kioslaverc
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/saurabh/.kde4/share/config/ksslcablacklist#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/ksslcablacklist
	expanded: /home/saurabh/.kde4/share/config/ksslcablacklist
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/saurabh/.kde4/share/config/oxygenrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/oxygenrc
	expanded: /home/saurabh/.kde4/share/config/oxygenrc
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/saurabh/.kde4/share/icons#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/icons
	expanded: /home/saurabh/.kde4/share/icons
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/saurabh/.local/share/qt5ct#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/qt5ct
	expanded: /home/saurabh/.local/share/qt5ct
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/var/lib/dbus#, whitelist
Debug 423: new_name #/var/lib/menu-xdg#, whitelist
Removed whitelist/nowhitelist path: whitelist /var/lib/menu-xdg
	expanded: /var/lib/menu-xdg
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/var/cache/fontconfig#, whitelist
Debug 423: new_name #/var/tmp#, whitelist
Debug 423: new_name #/var/run#, whitelist
Replaced whitelist path: whitelist /run
Debug 423: new_name #/var/lock#, whitelist
Replaced whitelist path: whitelist /run/lock
Debug 423: new_name #/tmp/.X11-unix#, whitelist
Mounting tmpfs on /tmp directory
Mounting tmpfs on /var directory
Mounting tmpfs on /usr/share directory
Mounting a new /home directory
Mounting a new /root directory
Create a new user directory
Drop privileges: pid 3, uid 1000, gid 1000, nogroups 0
Warning: cleaning all supplementary groups
Whitelisting /home/saurabh/.cache/mozilla/firefox
550 548 254:0 /home/saurabh/.cache/mozilla/firefox /home/saurabh/.cache/mozilla/firefox rw,relatime master:1 - ext4 /dev/mapper/cryptroot rw
mountid=550 fsname=/home/saurabh/.cache/mozilla/firefox dir=/home/saurabh/.cache/mozilla/firefox fstype=ext4
Whitelisting /home/saurabh/.mozilla
551 548 254:0 /home/saurabh/.mozilla /home/saurabh/.mozilla rw,relatime master:1 - ext4 /dev/mapper/cryptroot rw
mountid=551 fsname=/home/saurabh/.mozilla dir=/home/saurabh/.mozilla fstype=ext4
Whitelisting /usr/share/doc
552 546 254:0 /usr/share/doc /usr/share/doc ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw
mountid=552 fsname=/usr/share/doc dir=/usr/share/doc fstype=ext4
Whitelisting /usr/share/gtk-doc/html
553 546 254:0 /usr/share/gtk-doc/html /usr/share/gtk-doc/html ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw
mountid=553 fsname=/usr/share/gtk-doc/html dir=/usr/share/gtk-doc/html fstype=ext4
Whitelisting /usr/share/alsa
554 546 254:0 /usr/share/alsa /usr/share/alsa ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw
mountid=554 fsname=/usr/share/alsa dir=/usr/share/alsa fstype=ext4
Whitelisting /usr/share/applications
555 546 254:0 /usr/share/applications /usr/share/applications ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw
mountid=555 fsname=/usr/share/applications dir=/usr/share/applications fstype=ext4
Whitelisting /usr/share/ca-certificates
556 546 254:0 /usr/share/ca-certificates /usr/share/ca-certificates ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw
mountid=556 fsname=/usr/share/ca-certificates dir=/usr/share/ca-certificates fstype=ext4
Whitelisting /usr/share/dconf
557 546 254:0 /usr/share/dconf /usr/share/dconf ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw
mountid=557 fsname=/usr/share/dconf dir=/usr/share/dconf fstype=ext4
Whitelisting /usr/share/drirc.d
558 546 254:0 /usr/share/drirc.d /usr/share/drirc.d ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw
mountid=558 fsname=/usr/share/drirc.d dir=/usr/share/drirc.d fstype=ext4
Whitelisting /usr/share/enchant
559 546 254:0 /usr/share/enchant /usr/share/enchant ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw
mountid=559 fsname=/usr/share/enchant dir=/usr/share/enchant fstype=ext4
Whitelisting /usr/share/fonts
560 546 254:0 /usr/share/fonts /usr/share/fonts ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw
mountid=560 fsname=/usr/share/fonts dir=/usr/share/fonts fstype=ext4
Whitelisting /usr/share/gir-1.0
561 546 254:0 /usr/share/gir-1.0 /usr/share/gir-1.0 ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw
mountid=561 fsname=/usr/share/gir-1.0 dir=/usr/share/gir-1.0 fstype=ext4
Whitelisting /usr/share/gjs-1.0
562 546 254:0 /usr/share/gjs-1.0 /usr/share/gjs-1.0 ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw
mountid=562 fsname=/usr/share/gjs-1.0 dir=/usr/share/gjs-1.0 fstype=ext4
Whitelisting /usr/share/glib-2.0
564 546 254:0 /usr/share/glib-2.0 /usr/share/glib-2.0 ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw
mountid=564 fsname=/usr/share/glib-2.0 dir=/usr/share/glib-2.0 fstype=ext4
Whitelisting /usr/share/glvnd
565 546 254:0 /usr/share/glvnd /usr/share/glvnd ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw
mountid=565 fsname=/usr/share/glvnd dir=/usr/share/glvnd fstype=ext4
Whitelisting /usr/share/gtk-3.0
566 546 254:0 /usr/share/gtk-3.0 /usr/share/gtk-3.0 ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw
mountid=566 fsname=/usr/share/gtk-3.0 dir=/usr/share/gtk-3.0 fstype=ext4
Whitelisting /usr/share/gtksourceview-4
567 546 254:0 /usr/share/gtksourceview-4 /usr/share/gtksourceview-4 ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw
mountid=567 fsname=/usr/share/gtksourceview-4 dir=/usr/share/gtksourceview-4 fstype=ext4
Whitelisting /usr/share/hwdata
568 546 254:0 /usr/share/hwdata /usr/share/hwdata ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw
mountid=568 fsname=/usr/share/hwdata dir=/usr/share/hwdata fstype=ext4
Whitelisting /usr/share/icons
569 546 254:0 /usr/share/icons /usr/share/icons ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw
mountid=569 fsname=/usr/share/icons dir=/usr/share/icons fstype=ext4
Whitelisting /usr/share/icu
808 546 254:0 /usr/share/icu /usr/share/icu ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw
mountid=808 fsname=/usr/share/icu dir=/usr/share/icu fstype=ext4
Whitelisting /usr/share/libdrm
809 546 254:0 /usr/share/libdrm /usr/share/libdrm ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw
mountid=809 fsname=/usr/share/libdrm dir=/usr/share/libdrm fstype=ext4
Whitelisting /usr/share/libthai
810 546 254:0 /usr/share/libthai /usr/share/libthai ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw
mountid=810 fsname=/usr/share/libthai dir=/usr/share/libthai fstype=ext4
Whitelisting /usr/share/locale
811 546 254:0 /usr/share/locale /usr/share/locale ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw
mountid=811 fsname=/usr/share/locale dir=/usr/share/locale fstype=ext4
Whitelisting /usr/share/mime
812 546 254:0 /usr/share/mime /usr/share/mime ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw
mountid=812 fsname=/usr/share/mime dir=/usr/share/mime fstype=ext4
Whitelisting /usr/share/misc
813 546 254:0 /usr/share/misc /usr/share/misc ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw
mountid=813 fsname=/usr/share/misc dir=/usr/share/misc fstype=ext4
Whitelisting /usr/share/p11-kit
814 546 254:0 /usr/share/p11-kit /usr/share/p11-kit ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw
mountid=814 fsname=/usr/share/p11-kit dir=/usr/share/p11-kit fstype=ext4
Whitelisting /usr/share/pixmaps
815 546 254:0 /usr/share/pixmaps /usr/share/pixmaps ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw
mountid=815 fsname=/usr/share/pixmaps dir=/usr/share/pixmaps fstype=ext4
Whitelisting /usr/share/sounds
816 546 254:0 /usr/share/sounds /usr/share/sounds ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw
mountid=816 fsname=/usr/share/sounds dir=/usr/share/sounds fstype=ext4
Whitelisting /usr/share/terminfo
817 546 254:0 /usr/share/terminfo /usr/share/terminfo ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw
mountid=817 fsname=/usr/share/terminfo dir=/usr/share/terminfo fstype=ext4
Whitelisting /usr/share/themes
818 546 254:0 /usr/share/themes /usr/share/themes ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw
mountid=818 fsname=/usr/share/themes dir=/usr/share/themes fstype=ext4
Whitelisting /usr/share/X11
819 546 254:0 /usr/share/X11 /usr/share/X11 ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw
mountid=819 fsname=/usr/share/X11 dir=/usr/share/X11 fstype=ext4
Whitelisting /usr/share/xml
820 546 254:0 /usr/share/xml /usr/share/xml ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw
mountid=820 fsname=/usr/share/xml dir=/usr/share/xml fstype=ext4
Whitelisting /usr/share/zoneinfo
821 546 254:0 /usr/share/zoneinfo /usr/share/zoneinfo ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw
mountid=821 fsname=/usr/share/zoneinfo dir=/usr/share/zoneinfo fstype=ext4
Whitelisting /home/saurabh/Downloads
822 548 254:0 /home/saurabh/Downloads /home/saurabh/Downloads rw,relatime master:1 - ext4 /dev/mapper/cryptroot rw
mountid=822 fsname=/home/saurabh/Downloads dir=/home/saurabh/Downloads fstype=ext4
Whitelisting /home/saurabh/.pki
823 548 254:0 /home/saurabh/.pki /home/saurabh/.pki rw,relatime master:1 - ext4 /dev/mapper/cryptroot rw
mountid=823 fsname=/home/saurabh/.pki dir=/home/saurabh/.pki fstype=ext4
Whitelisting /home/saurabh/.local/share/pki
824 548 254:0 /home/saurabh/.local/share/pki /home/saurabh/.local/share/pki rw,relatime master:1 - ext4 /dev/mapper/cryptroot rw
mountid=824 fsname=/home/saurabh/.local/share/pki dir=/home/saurabh/.local/share/pki fstype=ext4
Whitelisting /home/saurabh/.config/ibus
825 548 254:0 /home/saurabh/.config/ibus /home/saurabh/.config/ibus rw,relatime master:1 - ext4 /dev/mapper/cryptroot rw
mountid=825 fsname=/home/saurabh/.config/ibus dir=/home/saurabh/.config/ibus fstype=ext4
Whitelisting /home/saurabh/.config/mimeapps.list
826 548 254:0 /home/saurabh/.config/mimeapps.list /home/saurabh/.config/mimeapps.list rw,relatime master:1 - ext4 /dev/mapper/cryptroot rw
mountid=826 fsname=/home/saurabh/.config/mimeapps.list dir=/home/saurabh/.config/mimeapps.list fstype=ext4
Whitelisting /home/saurabh/.config/user-dirs.dirs
827 548 254:0 /home/saurabh/.config/user-dirs.dirs /home/saurabh/.config/user-dirs.dirs rw,relatime master:1 - ext4 /dev/mapper/cryptroot rw
mountid=827 fsname=/home/saurabh/.config/user-dirs.dirs dir=/home/saurabh/.config/user-dirs.dirs fstype=ext4
Whitelisting /home/saurabh/.local/share/applications
828 548 254:0 /home/saurabh/.local/share/applications /home/saurabh/.local/share/applications rw,relatime master:1 - ext4 /dev/mapper/cryptroot rw
mountid=828 fsname=/home/saurabh/.local/share/applications dir=/home/saurabh/.local/share/applications fstype=ext4
Whitelisting /home/saurabh/.local/share/mime
829 548 254:0 /home/saurabh/.local/share/mime /home/saurabh/.local/share/mime rw,relatime master:1 - ext4 /dev/mapper/cryptroot rw
mountid=829 fsname=/home/saurabh/.local/share/mime dir=/home/saurabh/.local/share/mime fstype=ext4
Whitelisting /home/saurabh/.config/dconf
830 548 254:0 /home/saurabh/.config/dconf /home/saurabh/.config/dconf rw,relatime master:1 - ext4 /dev/mapper/cryptroot rw
mountid=830 fsname=/home/saurabh/.config/dconf dir=/home/saurabh/.config/dconf fstype=ext4
Whitelisting /home/saurabh/.cache/fontconfig
831 548 254:0 /home/saurabh/.cache/fontconfig /home/saurabh/.cache/fontconfig rw,relatime master:1 - ext4 /dev/mapper/cryptroot rw
mountid=831 fsname=/home/saurabh/.cache/fontconfig dir=/home/saurabh/.cache/fontconfig fstype=ext4
Whitelisting /home/saurabh/.config/gtk-3.0
832 548 254:0 /home/saurabh/.config/gtk-3.0 /home/saurabh/.config/gtk-3.0 rw,relatime master:1 - ext4 /dev/mapper/cryptroot rw
mountid=832 fsname=/home/saurabh/.config/gtk-3.0 dir=/home/saurabh/.config/gtk-3.0 fstype=ext4
Whitelisting /var/lib/dbus
833 544 254:0 /var/lib/dbus /var/lib/dbus ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/cryptroot rw
mountid=833 fsname=/var/lib/dbus dir=/var/lib/dbus fstype=ext4
Whitelisting /var/cache/fontconfig
834 544 254:0 /var/cache/fontconfig /var/cache/fontconfig ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/cryptroot rw
mountid=834 fsname=/var/cache/fontconfig dir=/var/cache/fontconfig fstype=ext4
Whitelisting /var/tmp
835 544 0:72 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw
mountid=835 fsname=/ dir=/var/tmp fstype=tmpfs
Created symbolic link /var/run -> /run
Created symbolic link /var/lock -> /run/lock
Whitelisting /tmp/.X11-unix
836 484 0:46 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev master:65 - tmpfs tmpfs rw,size=3874792k,nr_inodes=409600
mountid=836 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Disable /etc/X11/Xsession.d
Disable /etc/xdg/autostart
Mounting read-only /home/saurabh/.config/dconf
843 830 254:0 /home/saurabh/.config/dconf /home/saurabh/.config/dconf ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw
mountid=843 fsname=/home/saurabh/.config/dconf dir=/home/saurabh/.config/dconf fstype=ext4
Disable /etc/profile.d
Disable /etc/kernel
Disable /etc/grub.d
Disable /etc/dkms
Disable /etc/apparmor.d
Disable /etc/apparmor
Disable /etc/modules-load.d
Disable /etc/logrotate.d
Mounting read-only /home/saurabh/.bashrc
852 548 0:83 /saurabh/.bashrc /home/saurabh/.bashrc ro,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755
mountid=852 fsname=/saurabh/.bashrc dir=/home/saurabh/.bashrc fstype=tmpfs
Mounting read-only /home/saurabh/.local/share/applications
853 828 254:0 /home/saurabh/.local/share/applications /home/saurabh/.local/share/applications ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw
mountid=853 fsname=/home/saurabh/.local/share/applications dir=/home/saurabh/.local/share/applications fstype=ext4
Not blacklist /home/saurabh/.pki
Not blacklist /home/saurabh/.local/share/pki
Disable /etc/group-
Disable /etc/gshadow
Disable /etc/gshadow-
Disable /etc/passwd-
Disable /etc/shadow
Disable /etc/shadow-
Disable /etc/ssh
Warning: /sbin directory link was not blacklisted
Disable /usr/local/sbin
Warning: /usr/sbin directory link was not blacklisted
Disable /usr/bin/chage
Disable /usr/bin/chfn
Disable /usr/bin/chsh
Disable /usr/bin/expiry
Disable /usr/bin/fusermount
Disable /usr/bin/gpasswd
Disable /usr/bin/ksu
Disable /usr/bin/mount
Disable /usr/bin/newgidmap
Disable /usr/bin/newgrp
Disable /usr/bin/newuidmap
Disable /usr/bin/ntfs-3g
Disable /usr/bin/pkexec
Disable /usr/bin/sg
Disable /usr/bin/su
Disable /usr/bin/sudo
Disable /usr/bin/umount
Disable /usr/bin/unix_chkpwd
Disable /usr/bin/gnome-terminal
Disable /usr/bin/bwrap
Disable /proc/config.gz
Disable /usr/bin/as
Disable /usr/bin/gcc (requested /usr/bin/cc)
Disable /usr/bin/c++
Disable /usr/bin/c++filt
Disable /usr/bin/c89
Disable /usr/bin/c99
Disable /usr/bin/cpp
Disable /usr/bin/g++
Disable /usr/bin/gcc-nm
Disable /usr/bin/gcc-ar
Disable /usr/bin/gcc
Disable /usr/bin/gcc-ranlib
Disable /usr/bin/ld
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-10.2.0
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-nm
Disable /usr/bin/x86_64-pc-linux-gnu-gcc
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-ar
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-ranlib
Disable /usr/bin/x86_64-pc-linux-gnu-g++
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-10.2.0
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-nm
Disable /usr/bin/x86_64-pc-linux-gnu-gcc
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-ar
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-ranlib
Disable /usr/bin/x86_64-pc-linux-gnu-g++
Disable /usr/include
Disable /usr/bin/openssl
Mounting noexec /run/user/1000
1028 1024 0:24 /firejail/firejail.ro.dir /run/user/1000/systemd rw,nosuid,nodev,relatime master:14 - tmpfs run rw,mode=755
mountid=1028 fsname=/firejail/firejail.ro.dir dir=/run/user/1000/systemd fstype=tmpfs
Mounting noexec /dev/shm
1029 530 0:78 /shm /dev/shm rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755
mountid=1029 fsname=/shm dir=/dev/shm fstype=tmpfs
Mounting noexec /tmp
1031 1030 0:46 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev master:65 - tmpfs tmpfs rw,size=3874792k,nr_inodes=409600
mountid=1031 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Mounting noexec /tmp/.X11-unix
1032 1031 0:46 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev,noexec master:65 - tmpfs tmpfs rw,size=3874792k,nr_inodes=409600
mountid=1032 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Mounting noexec /var
1036 1033 0:72 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw
mountid=1036 fsname=/ dir=/var/tmp fstype=tmpfs
Disable /usr/bin/lua (requested /usr/bin/lua5.4)
Disable /usr/bin/luac
Disable /usr/bin/luajit-2.0.5 (requested /usr/bin/luajit)
Disable /usr/bin/luac5.2
Disable /usr/bin/luajit-2.0.5
Disable /usr/bin/luac (requested /usr/bin/luac5.4)
Disable /usr/bin/lua5.2
Disable /usr/bin/lua
Disable /usr/lib/lua
Disable /usr/bin/core_perl/cpan
Disable /usr/bin/core_perl
Disable /usr/bin/perl
Disable /usr/bin/site_perl
Disable /usr/bin/vendor_perl
Disable /usr/lib/perl5
Disable /usr/lib/ruby
Disable /usr/lib/python2.7
Disable /usr/bin/python3.8 (requested /usr/bin/python3)
Disable /usr/bin/python3.8
Disable /usr/bin/python3.8-config (requested /usr/bin/python3-config)
Disable /usr/bin/python3.8-config
Disable /usr/lib/python3.8
Not blacklist /home/saurabh/.mozilla
Not blacklist /home/saurabh/.cache/mozilla
Mounting read-only /home/saurabh/.config/user-dirs.dirs
1059 827 254:0 /home/saurabh/.config/user-dirs.dirs /home/saurabh/.config/user-dirs.dirs ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw
mountid=1059 fsname=/home/saurabh/.config/user-dirs.dirs dir=/home/saurabh/.config/user-dirs.dirs fstype=ext4
Mounting read-only /tmp/.X11-unix
1060 1032 0:46 /.X11-unix /tmp/.X11-unix ro,nosuid,nodev,noexec master:65 - tmpfs tmpfs rw,size=3874792k,nr_inodes=409600
mountid=1060 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Disable /sys/fs
Disable /sys/module
Disable /mnt
Disable /run/mount
Disable /run/media
Mounting noexec /run/firejail/mnt/pulse
Creating empty /home/saurabh/.config/pulse directory
Drop privileges: pid 4, uid 1000, gid 1000, nogroups 0
Warning: cleaning all supplementary groups
Mounting /run/firejail/mnt/pulse on /home/saurabh/.config/pulse
1067 548 0:54 /pulse /home/saurabh/.config/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755
mountid=1067 fsname=/pulse dir=/home/saurabh/.config/pulse fstype=tmpfs
Create the new ld.so.preload file
Post-exec seccomp protector enabled
Mount the new ld.so.preload file
Current directory: /home/saurabh
DISPLAY=:0 parsed as 0
Install protocol filter: unix,inet,inet6,netlink
configuring 16 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol
sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol (null) 
Dropping all capabilities
Drop privileges: pid 5, uid 1000, gid 1000, nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 15 01 00 00000029   jeq socket 0006 (false 0005)
 0005: 06 00 00 7fff0000   ret ALLOW
 0006: 20 00 00 00000010   ld  data.args[0]
 0007: 15 00 01 00000001   jeq 1 0008 (false 0009)
 0008: 06 00 00 7fff0000   ret ALLOW
 0009: 15 00 01 00000002   jeq 2 000a (false 000b)
 000a: 06 00 00 7fff0000   ret ALLOW
 000b: 15 00 01 0000000a   jeq a 000c (false 000d)
 000c: 06 00 00 7fff0000   ret ALLOW
 000d: 15 00 01 00000010   jeq 10 000e (false 000f)
 000e: 06 00 00 7fff0000   ret ALLOW
 000f: 06 00 00 0005005f   ret ERRNO(95)
configuring 54 seccomp entries in /run/firejail/mnt/seccomp/seccomp.32
sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.32 (null) 
Dropping all capabilities
Drop privileges: pid 6, uid 1000, gid 1000, nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 40000003   jeq ARCH_32 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 15 30 00 00000015   jeq 15 0035 (false 0005)
 0005: 15 2f 00 00000034   jeq 34 0035 (false 0006)
 0006: 15 2e 00 0000001a   jeq 1a 0035 (false 0007)
 0007: 15 2d 00 0000011b   jeq 11b 0035 (false 0008)
 0008: 15 2c 00 00000155   jeq 155 0035 (false 0009)
 0009: 15 2b 00 00000156   jeq 156 0035 (false 000a)
 000a: 15 2a 00 0000007f   jeq 7f 0035 (false 000b)
 000b: 15 29 00 00000080   jeq 80 0035 (false 000c)
 000c: 15 28 00 0000015e   jeq 15e 0035 (false 000d)
 000d: 15 27 00 00000081   jeq 81 0035 (false 000e)
 000e: 15 26 00 0000006e   jeq 6e 0035 (false 000f)
 000f: 15 25 00 00000065   jeq 65 0035 (false 0010)
 0010: 15 24 00 00000121   jeq 121 0035 (false 0011)
 0011: 15 23 00 00000057   jeq 57 0035 (false 0012)
 0012: 15 22 00 00000073   jeq 73 0035 (false 0013)
 0013: 15 21 00 00000067   jeq 67 0035 (false 0014)
 0014: 15 20 00 0000015b   jeq 15b 0035 (false 0015)
 0015: 15 1f 00 0000015c   jeq 15c 0035 (false 0016)
 0016: 15 1e 00 00000087   jeq 87 0035 (false 0017)
 0017: 15 1d 00 00000095   jeq 95 0035 (false 0018)
 0018: 15 1c 00 0000007c   jeq 7c 0035 (false 0019)
 0019: 15 1b 00 00000157   jeq 157 0035 (false 001a)
 001a: 15 1a 00 000000fd   jeq fd 0035 (false 001b)
 001b: 15 19 00 00000150   jeq 150 0035 (false 001c)
 001c: 15 18 00 00000152   jeq 152 0035 (false 001d)
 001d: 15 17 00 0000015d   jeq 15d 0035 (false 001e)
 001e: 15 16 00 0000011e   jeq 11e 0035 (false 001f)
 001f: 15 15 00 0000011f   jeq 11f 0035 (false 0020)
 0020: 15 14 00 00000120   jeq 120 0035 (false 0021)
 0021: 15 13 00 00000056   jeq 56 0035 (false 0022)
 0022: 15 12 00 00000033   jeq 33 0035 (false 0023)
 0023: 15 11 00 0000007b   jeq 7b 0035 (false 0024)
 0024: 15 10 00 000000d9   jeq d9 0035 (false 0025)
 0025: 15 0f 00 000000f5   jeq f5 0035 (false 0026)
 0026: 15 0e 00 000000f6   jeq f6 0035 (false 0027)
 0027: 15 0d 00 000000f7   jeq f7 0035 (false 0028)
 0028: 15 0c 00 000000f8   jeq f8 0035 (false 0029)
 0029: 15 0b 00 000000f9   jeq f9 0035 (false 002a)
 002a: 15 0a 00 00000101   jeq 101 0035 (false 002b)
 002b: 15 09 00 00000112   jeq 112 0035 (false 002c)
 002c: 15 08 00 00000114   jeq 114 0035 (false 002d)
 002d: 15 07 00 00000126   jeq 126 0035 (false 002e)
 002e: 15 06 00 0000013d   jeq 13d 0035 (false 002f)
 002f: 15 05 00 0000013c   jeq 13c 0035 (false 0030)
 0030: 15 04 00 0000003d   jeq 3d 0035 (false 0031)
 0031: 15 03 00 00000058   jeq 58 0035 (false 0032)
 0032: 15 02 00 000000a9   jeq a9 0035 (false 0033)
 0033: 15 01 00 00000082   jeq 82 0035 (false 0034)
 0034: 06 00 00 7fff0000   ret ALLOW
 0035: 06 00 00 00000000   ret KILL
Dual 32/64 bit seccomp filter configured
Build default+drop seccomp filter
sbox run: /run/firejail/lib/fseccomp default drop /run/firejail/mnt/seccomp/seccomp /run/firejail/mnt/seccomp/seccomp.postexec !chroot (null) 
Dropping all capabilities
Drop privileges: pid 7, uid 1000, gid 1000, nogroups 1
No supplementary groups
Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
sbox run: /run/firejail/lib/fsec-optimize /run/firejail/mnt/seccomp/seccomp (null) 
Dropping all capabilities
Drop privileges: pid 8, uid 1000, gid 1000, nogroups 1
No supplementary groups
configuring 74 seccomp entries in /run/firejail/mnt/seccomp/seccomp
sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp (null) 
Dropping all capabilities
Drop privileges: pid 9, uid 1000, gid 1000, nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 35 01 00 40000000   jge X32_ABI 0006 (false 0005)
 0005: 35 01 00 00000000   jge read 0007 (false 0006)
 0006: 06 00 00 00050001   ret ERRNO(1)
 0007: 15 00 01 000000a1   jeq chroot 0008 (false 0009)
 0008: 06 00 00 7fff0000   ret ALLOW
 0009: 15 3f 00 0000009f   jeq adjtimex 0049 (false 000a)
 000a: 15 3e 00 00000131   jeq clock_adjtime 0049 (false 000b)
 000b: 15 3d 00 000000e3   jeq clock_settime 0049 (false 000c)
 000c: 15 3c 00 000000a4   jeq settimeofday 0049 (false 000d)
 000d: 15 3b 00 0000009a   jeq modify_ldt 0049 (false 000e)
 000e: 15 3a 00 000000d4   jeq lookup_dcookie 0049 (false 000f)
 000f: 15 39 00 0000012a   jeq perf_event_open 0049 (false 0010)
 0010: 15 38 00 00000137   jeq process_vm_writev 0049 (false 0011)
 0011: 15 37 00 000000b0   jeq delete_module 0049 (false 0012)
 0012: 15 36 00 00000139   jeq finit_module 0049 (false 0013)
 0013: 15 35 00 000000af   jeq init_module 0049 (false 0014)
 0014: 15 34 00 0000009c   jeq _sysctl 0049 (false 0015)
 0015: 15 33 00 000000b7   jeq afs_syscall 0049 (false 0016)
 0016: 15 32 00 000000ae   jeq create_module 0049 (false 0017)
 0017: 15 31 00 000000b1   jeq get_kernel_syms 0049 (false 0018)
 0018: 15 30 00 000000b5   jeq getpmsg 0049 (false 0019)
 0019: 15 2f 00 000000b6   jeq putpmsg 0049 (false 001a)
 001a: 15 2e 00 000000b2   jeq query_module 0049 (false 001b)
 001b: 15 2d 00 000000b9   jeq security 0049 (false 001c)
 001c: 15 2c 00 0000008b   jeq sysfs 0049 (false 001d)
 001d: 15 2b 00 000000b8   jeq tuxcall 0049 (false 001e)
 001e: 15 2a 00 00000086   jeq uselib 0049 (false 001f)
 001f: 15 29 00 00000088   jeq ustat 0049 (false 0020)
 0020: 15 28 00 000000ec   jeq vserver 0049 (false 0021)
 0021: 15 27 00 000000ad   jeq ioperm 0049 (false 0022)
 0022: 15 26 00 000000ac   jeq iopl 0049 (false 0023)
 0023: 15 25 00 000000f6   jeq kexec_load 0049 (false 0024)
 0024: 15 24 00 00000140   jeq kexec_file_load 0049 (false 0025)
 0025: 15 23 00 000000a9   jeq reboot 0049 (false 0026)
 0026: 15 22 00 000000a7   jeq swapon 0049 (false 0027)
 0027: 15 21 00 000000a8   jeq swapoff 0049 (false 0028)
 0028: 15 20 00 00000130   jeq open_by_handle_at 0049 (false 0029)
 0029: 15 1f 00 0000012f   jeq name_to_handle_at 0049 (false 002a)
 002a: 15 1e 00 000000fb   jeq ioprio_set 0049 (false 002b)
 002b: 15 1d 00 00000067   jeq syslog 0049 (false 002c)
 002c: 15 1c 00 0000012c   jeq fanotify_init 0049 (false 002d)
 002d: 15 1b 00 00000138   jeq kcmp 0049 (false 002e)
 002e: 15 1a 00 000000f8   jeq add_key 0049 (false 002f)
 002f: 15 19 00 000000f9   jeq request_key 0049 (false 0030)
 0030: 15 18 00 000000ed   jeq mbind 0049 (false 0031)
 0031: 15 17 00 00000100   jeq migrate_pages 0049 (false 0032)
 0032: 15 16 00 00000117   jeq move_pages 0049 (false 0033)
 0033: 15 15 00 000000fa   jeq keyctl 0049 (false 0034)
 0034: 15 14 00 000000ce   jeq io_setup 0049 (false 0035)
 0035: 15 13 00 000000cf   jeq io_destroy 0049 (false 0036)
 0036: 15 12 00 000000d0   jeq io_getevents 0049 (false 0037)
 0037: 15 11 00 000000d1   jeq io_submit 0049 (false 0038)
 0038: 15 10 00 000000d2   jeq io_cancel 0049 (false 0039)
 0039: 15 0f 00 000000d8   jeq remap_file_pages 0049 (false 003a)
 003a: 15 0e 00 00000143   jeq userfaultfd 0049 (false 003b)
 003b: 15 0d 00 000000a3   jeq acct 0049 (false 003c)
 003c: 15 0c 00 00000141   jeq bpf 0049 (false 003d)
 003d: 15 0b 00 000000a1   jeq chroot 0049 (false 003e)
 003e: 15 0a 00 000000a5   jeq mount 0049 (false 003f)
 003f: 15 09 00 000000b4   jeq nfsservctl 0049 (false 0040)
 0040: 15 08 00 0000009b   jeq pivot_root 0049 (false 0041)
 0041: 15 07 00 000000ab   jeq setdomainname 0049 (false 0042)
 0042: 15 06 00 000000aa   jeq sethostname 0049 (false 0043)
 0043: 15 05 00 000000a6   jeq umount2 0049 (false 0044)
 0044: 15 04 00 00000099   jeq vhangup 0049 (false 0045)
 0045: 15 03 00 00000065   jeq ptrace 0049 (false 0046)
 0046: 15 02 00 00000087   jeq personality 0049 (false 0047)
 0047: 15 01 00 00000136   jeq process_vm_readv 0049 (false 0048)
 0048: 06 00 00 7fff0000   ret ALLOW
 0049: 06 00 01 00000000   ret KILL
seccomp filter configured
Mounting read-only /run/firejail/mnt/seccomp
Dropping all capabilities
noroot user namespace installed
Dropping all capabilities
NO_NEW_PRIVS set
Drop privileges: pid 1, uid 1000, gid 1000, nogroups 1
No supplementary groups
AppArmor enabled
starting application
LD_PRELOAD=(null)
execvp argument 0: /usr/lib/firefox/firefox
Child process initialized in 152.72 ms
Installing /run/firejail/mnt/seccomp/seccomp seccomp filter
Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter
Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter
monitoring pid 10
Originally created by @ghost on GitHub (Aug 28, 2020). Original GitHub issue: https://github.com/netblue30/firejail/issues/3609 Write clear, concise and in textual form. **Bug and expected behavior** Firefox version 80.0 hangs on start due to seccomp, the issue wasn't there before. - What did you expect to happen? Firefox should launch normally. **No profile or disabling firejail** - What changed calling `firejail --noprofile /usr/lib/firefox/firefox in a shell? Firefox works fine. - What changed calling the program *by path*=without firejail (check `whereis PROGRAM`, `firejail --list`, `stat $programpath`)? Firefox works fine. **Reproduce** Steps to reproduce the behavior: 1. Run in bash `firejail /usr/lib/firefox/firefox` 2. Firefox will freeze, no window, nothing. 3. Run in bash `firejail --ignore=seccomp /usr/lib/firefox/firefox` 4. Firefox launches normally. **Environment** - Linux distribution and version (ie output of `lsb_release -a`) Arch linux - Firejail version (output of `firejail --version`) exclusive or used git commit (`git rev-parse HEAD`) firejail version 0.9.62.4 - What other programs interact with the affected program for the functionality? N/A - Are these listed in the profile? N/A **Additional context** Other context about the problem like related errors to understand the problem. **Checklist** - [x] The upstream profile (and redirect profile if exists) have no changes fixing it. - [x] The upstream profile exists (`find / -name 'firejail' 2>/dev/null`/`fd firejail` to locate profiles ie in `/usr/local/etc/firejail/PROGRAM.profile`) - [x] Programs needed for interaction are listed. - [ ] Error was checked in search engine and on issue list without success. When using `--ignore=seccomp` option firefox launches normally <details><summary> debug output </summary> ``` Autoselecting /bin/bash as shell Building quoted command line: '/usr/lib/firefox/firefox' Command name #firefox# Found firefox.profile profile in /etc/firejail directory Reading profile /etc/firejail/firefox.profile Found whitelist-usr-share-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-usr-share-common.inc Found firefox-common.profile profile in /etc/firejail directory Reading profile /etc/firejail/firefox-common.profile conditional BROWSER_ALLOW_DRM, ignore noexec ${HOME} Found disable-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-common.inc Found disable-devel.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-devel.inc Found disable-exec.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-exec.inc Found disable-interpreters.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-interpreters.inc Found disable-programs.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-programs.inc Found whitelist-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-common.inc Found whitelist-var-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-var-common.inc conditional BROWSER_DISABLE_U2F, nou2f conditional BROWSER_DISABLE_U2F, private-dev DISPLAY=:0 parsed as 0 Using the local network stack Parent pid 4866, child pid 4867 Initializing child process Host network configured PID namespace installed Mounting tmpfs on /run/firejail/mnt directory Creating empty /run/firejail/mnt/seccomp directory Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file Build protocol filter: unix,inet,inet6,netlink sbox run: /run/firejail/lib/fseccomp protocol build unix,inet,inet6,netlink /run/firejail/mnt/seccomp/seccomp.protocol (null) Dropping all capabilities Drop privileges: pid 2, uid 1000, gid 1000, nogroups 1 No supplementary groups Mounting /proc filesystem representing the PID namespace Basic read-only filesystem: Mounting read-only /etc Mounting noexec /etc Mounting read-only /var Mounting noexec /var Mounting read-only /bin Mounting read-only /lib Mounting read-only /usr Mounting tmpfs on /var/lock Mounting tmpfs on /var/tmp Mounting tmpfs on /var/log Create the new utmp file Mount the new utmp file Cleaning /home directory Cleaning /run/user directory Sanitizing /etc/passwd, UID_MIN 1000 Sanitizing /etc/group, GID_MIN 1000 Disable /run/firejail/network Disable /run/firejail/bandwidth Disable /run/firejail/name Disable /run/firejail/profile Disable /run/firejail/x11 Mounting tmpfs on /dev mounting /run/firejail/mnt/dev/snd directory mounting /run/firejail/mnt/dev/dri directory mounting /run/firejail/mnt/dev/video0 file mounting /run/firejail/mnt/dev/video1 file Process /dev/shm directory Generate private-tmp whitelist commands blacklist /run/user/1000/bus blacklist /run/dbus/system_bus_socket Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Mounting read-only /proc/sys Remounting /sys directory Disable /sys/firmware Disable /sys/hypervisor Disable /sys/power Disable /sys/kernel/debug Disable /proc/sys/fs/binfmt_misc Disable /proc/sys/kernel/core_pattern Disable /proc/sys/kernel/modprobe Disable /proc/sysrq-trigger Disable /proc/sys/vm/panic_on_oom Disable /proc/irq Disable /proc/bus Disable /proc/sched_debug Disable /proc/timer_list Disable /proc/kallsyms Disable /usr/lib/modules/5.8.4-arch1-1/build (requested /usr/src/linux) Disable /usr/lib/modules (requested /lib/modules) Disable /boot Disable /run/user/1000/gnupg Disable /run/user/1000/systemd Disable /proc/kmsg Debug 423: new_name #/home/saurabh/.cache/mozilla/firefox#, whitelist Debug 531: fname #/home/saurabh/.cache/mozilla/firefox#, cfg.homedir #/home/saurabh# Replaced whitelist path: whitelist /home/saurabh/.cache/mozilla/firefox Debug 423: new_name #/home/saurabh/.mozilla#, whitelist Debug 531: fname #/home/saurabh/.mozilla#, cfg.homedir #/home/saurabh# Replaced whitelist path: whitelist /home/saurabh/.mozilla Debug 423: new_name #/usr/share/doc#, whitelist Debug 423: new_name #/usr/share/firefox#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/firefox expanded: /usr/share/firefox real path: (null) realpath: No such file or directory Debug 423: new_name #/usr/share/gtk-doc/html#, whitelist Debug 423: new_name #/usr/share/mozilla#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/mozilla expanded: /usr/share/mozilla real path: (null) realpath: No such file or directory Debug 423: new_name #/usr/share/webext#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/webext expanded: /usr/share/webext real path: (null) realpath: No such file or directory Debug 423: new_name #/usr/share/alsa#, whitelist Debug 423: new_name #/usr/share/applications#, whitelist Debug 423: new_name #/usr/share/ca-certificates#, whitelist Debug 423: new_name #/usr/share/crypto-policies#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/crypto-policies expanded: /usr/share/crypto-policies real path: (null) realpath: No such file or directory Debug 423: new_name #/usr/share/cursors#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/cursors expanded: /usr/share/cursors real path: (null) realpath: No such file or directory Debug 423: new_name #/usr/share/dconf#, whitelist Debug 423: new_name #/usr/share/distro-info#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/distro-info expanded: /usr/share/distro-info real path: (null) realpath: No such file or directory Debug 423: new_name #/usr/share/drirc.d#, whitelist Debug 423: new_name #/usr/share/enchant#, whitelist Debug 423: new_name #/usr/share/enchant-2#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/enchant-2 expanded: /usr/share/enchant-2 real path: (null) realpath: No such file or directory Debug 423: new_name #/usr/share/fontconfig#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/fontconfig expanded: /usr/share/fontconfig real path: (null) realpath: No such file or directory Debug 423: new_name #/usr/share/fonts#, whitelist Debug 423: new_name #/usr/share/gir-1.0#, whitelist Debug 423: new_name #/usr/share/gjs-1.0#, whitelist Debug 423: new_name #/usr/share/glib-2.0#, whitelist Debug 423: new_name #/usr/share/glvnd#, whitelist Debug 423: new_name #/usr/share/gtk-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/gtk-2.0 expanded: /usr/share/gtk-2.0 real path: (null) realpath: No such file or directory Debug 423: new_name #/usr/share/gtk-3.0#, whitelist Debug 423: new_name #/usr/share/gtksourceview-3.0#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/gtksourceview-3.0 expanded: /usr/share/gtksourceview-3.0 real path: (null) realpath: No such file or directory Debug 423: new_name #/usr/share/gtksourceview-4#, whitelist Debug 423: new_name #/usr/share/hunspell#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/hunspell expanded: /usr/share/hunspell real path: (null) realpath: No such file or directory Debug 423: new_name #/usr/share/hwdata#, whitelist Debug 423: new_name #/usr/share/icons#, whitelist Debug 423: new_name #/usr/share/knotifications5#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/knotifications5 expanded: /usr/share/knotifications5 real path: (null) realpath: No such file or directory Debug 423: new_name #/usr/share/icu#, whitelist Debug 423: new_name #/usr/share/kservices5#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/kservices5 expanded: /usr/share/kservices5 real path: (null) realpath: No such file or directory Debug 423: new_name #/usr/share/Kvantum#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/Kvantum expanded: /usr/share/Kvantum real path: (null) realpath: No such file or directory Debug 423: new_name #/usr/share/kxmlgui5#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/kxmlgui5 expanded: /usr/share/kxmlgui5 real path: (null) realpath: No such file or directory Debug 423: new_name #/usr/share/libdrm#, whitelist Debug 423: new_name #/usr/share/libthai#, whitelist Debug 423: new_name #/usr/share/locale#, whitelist Debug 423: new_name #/usr/share/mime#, whitelist Debug 423: new_name #/usr/share/misc#, whitelist Debug 423: new_name #/usr/share/Modules#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/Modules expanded: /usr/share/Modules real path: (null) realpath: No such file or directory Debug 423: new_name #/usr/share/myspell#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/myspell expanded: /usr/share/myspell real path: (null) realpath: No such file or directory Debug 423: new_name #/usr/share/p11-kit#, whitelist Debug 423: new_name #/usr/share/pixmaps#, whitelist Debug 423: new_name #/usr/share/pki#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/pki expanded: /usr/share/pki real path: (null) realpath: No such file or directory Debug 423: new_name #/usr/share/plasma#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/plasma expanded: /usr/share/plasma real path: (null) realpath: No such file or directory Debug 423: new_name #/usr/share/publicsuffix#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/publicsuffix expanded: /usr/share/publicsuffix real path: (null) realpath: No such file or directory Debug 423: new_name #/usr/share/qt#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/qt expanded: /usr/share/qt real path: (null) realpath: No such file or directory Debug 423: new_name #/usr/share/qt4#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/qt4 expanded: /usr/share/qt4 real path: (null) realpath: No such file or directory Debug 423: new_name #/usr/share/qt5#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/qt5 expanded: /usr/share/qt5 real path: (null) realpath: No such file or directory Debug 423: new_name #/usr/share/sounds#, whitelist Debug 423: new_name #/usr/share/tcl8.6#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/tcl8.6 expanded: /usr/share/tcl8.6 real path: (null) realpath: No such file or directory Debug 423: new_name #/usr/share/terminfo#, whitelist Debug 423: new_name #/usr/share/themes#, whitelist Debug 423: new_name #/usr/share/thumbnail.so#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/thumbnail.so expanded: /usr/share/thumbnail.so real path: (null) realpath: No such file or directory Debug 423: new_name #/usr/share/X11#, whitelist Debug 423: new_name #/usr/share/xml#, whitelist Debug 423: new_name #/usr/share/zoneinfo#, whitelist Directory ${DOWNLOADS} resolved as Downloads Debug 423: new_name #/home/saurabh/Downloads#, whitelist Debug 531: fname #/home/saurabh/Downloads#, cfg.homedir #/home/saurabh# Replaced whitelist path: whitelist /home/saurabh/Downloads Debug 423: new_name #/home/saurabh/.pki#, whitelist Debug 531: fname #/home/saurabh/.pki#, cfg.homedir #/home/saurabh# Replaced whitelist path: whitelist /home/saurabh/.pki Debug 423: new_name #/home/saurabh/.local/share/pki#, whitelist Debug 531: fname #/home/saurabh/.local/share/pki#, cfg.homedir #/home/saurabh# Replaced whitelist path: whitelist /home/saurabh/.local/share/pki Debug 423: new_name #/home/saurabh/.XCompose#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.XCompose expanded: /home/saurabh/.XCompose real path: (null) realpath: No such file or directory Debug 423: new_name #/home/saurabh/.asoundrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.asoundrc expanded: /home/saurabh/.asoundrc real path: (null) realpath: No such file or directory Debug 423: new_name #/home/saurabh/.config/ibus#, whitelist Debug 531: fname #/home/saurabh/.config/ibus#, cfg.homedir #/home/saurabh# Replaced whitelist path: whitelist /home/saurabh/.config/ibus Debug 423: new_name #/home/saurabh/.config/mimeapps.list#, whitelist Debug 531: fname #/home/saurabh/.config/mimeapps.list#, cfg.homedir #/home/saurabh# Replaced whitelist path: whitelist /home/saurabh/.config/mimeapps.list Debug 423: new_name #/home/saurabh/.config/pkcs11#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/pkcs11 expanded: /home/saurabh/.config/pkcs11 real path: (null) realpath: No such file or directory Debug 423: new_name #/home/saurabh/.config/user-dirs.dirs#, whitelist Debug 531: fname #/home/saurabh/.config/user-dirs.dirs#, cfg.homedir #/home/saurabh# Replaced whitelist path: whitelist /home/saurabh/.config/user-dirs.dirs Debug 423: new_name #/home/saurabh/.drirc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.drirc expanded: /home/saurabh/.drirc real path: (null) realpath: No such file or directory Debug 423: new_name #/home/saurabh/.icons#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.icons expanded: /home/saurabh/.icons real path: (null) realpath: No such file or directory Debug 423: new_name #/home/saurabh/.local/share/applications#, whitelist Debug 531: fname #/home/saurabh/.local/share/applications#, cfg.homedir #/home/saurabh# Replaced whitelist path: whitelist /home/saurabh/.local/share/applications Debug 423: new_name #/home/saurabh/.local/share/icons#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/icons expanded: /home/saurabh/.local/share/icons real path: (null) realpath: No such file or directory Debug 423: new_name #/home/saurabh/.local/share/mime#, whitelist Debug 531: fname #/home/saurabh/.local/share/mime#, cfg.homedir #/home/saurabh# Replaced whitelist path: whitelist /home/saurabh/.local/share/mime Debug 423: new_name #/home/saurabh/.mime.types#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.mime.types expanded: /home/saurabh/.mime.types real path: (null) realpath: No such file or directory Debug 423: new_name #/home/saurabh/.config/dconf#, whitelist Debug 531: fname #/home/saurabh/.config/dconf#, cfg.homedir #/home/saurabh# Replaced whitelist path: whitelist /home/saurabh/.config/dconf Debug 423: new_name #/home/saurabh/.cache/fontconfig#, whitelist Debug 531: fname #/home/saurabh/.cache/fontconfig#, cfg.homedir #/home/saurabh# Replaced whitelist path: whitelist /home/saurabh/.cache/fontconfig Debug 423: new_name #/home/saurabh/.config/fontconfig#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/fontconfig expanded: /home/saurabh/.config/fontconfig real path: (null) realpath: No such file or directory Debug 423: new_name #/home/saurabh/.fontconfig#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fontconfig expanded: /home/saurabh/.fontconfig real path: (null) realpath: No such file or directory Debug 423: new_name #/home/saurabh/.fonts#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts expanded: /home/saurabh/.fonts real path: (null) realpath: No such file or directory Debug 423: new_name #/home/saurabh/.fonts.conf#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf expanded: /home/saurabh/.fonts.conf real path: (null) realpath: No such file or directory Debug 423: new_name #/home/saurabh/.fonts.conf.d#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf.d expanded: /home/saurabh/.fonts.conf.d real path: (null) realpath: No such file or directory Debug 423: new_name #/home/saurabh/.fonts.d#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.d expanded: /home/saurabh/.fonts.d real path: (null) realpath: No such file or directory Debug 423: new_name #/home/saurabh/.local/share/fonts#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/fonts expanded: /home/saurabh/.local/share/fonts real path: (null) realpath: No such file or directory Debug 423: new_name #/home/saurabh/.pangorc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.pangorc expanded: /home/saurabh/.pangorc real path: (null) realpath: No such file or directory Debug 423: new_name #/home/saurabh/.config/gtk-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtk-2.0 expanded: /home/saurabh/.config/gtk-2.0 real path: (null) realpath: No such file or directory Debug 423: new_name #/home/saurabh/.config/gtk-3.0#, whitelist Debug 531: fname #/home/saurabh/.config/gtk-3.0#, cfg.homedir #/home/saurabh# Replaced whitelist path: whitelist /home/saurabh/.config/gtk-3.0 Debug 423: new_name #/home/saurabh/.config/gtkrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc expanded: /home/saurabh/.config/gtkrc real path: (null) realpath: No such file or directory Debug 423: new_name #/home/saurabh/.config/gtkrc-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc-2.0 expanded: /home/saurabh/.config/gtkrc-2.0 real path: (null) realpath: No such file or directory Debug 423: new_name #/home/saurabh/.gnome2#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2 expanded: /home/saurabh/.gnome2 real path: (null) realpath: No such file or directory Debug 423: new_name #/home/saurabh/.gnome2-private#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2-private expanded: /home/saurabh/.gnome2-private real path: (null) realpath: No such file or directory Debug 423: new_name #/home/saurabh/.gtk-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtk-2.0 expanded: /home/saurabh/.gtk-2.0 real path: (null) realpath: No such file or directory Debug 423: new_name #/home/saurabh/.gtkrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtkrc expanded: /home/saurabh/.gtkrc real path: (null) realpath: No such file or directory Debug 423: new_name #/home/saurabh/.gtkrc-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtkrc-2.0 expanded: /home/saurabh/.gtkrc-2.0 real path: (null) realpath: No such file or directory Debug 423: new_name #/home/saurabh/.kde/share/config/gtkrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc expanded: /home/saurabh/.kde/share/config/gtkrc real path: (null) realpath: No such file or directory Debug 423: new_name #/home/saurabh/.kde/share/config/gtkrc-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc-2.0 expanded: /home/saurabh/.kde/share/config/gtkrc-2.0 real path: (null) realpath: No such file or directory Debug 423: new_name #/home/saurabh/.kde4/share/config/gtkrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc expanded: /home/saurabh/.kde4/share/config/gtkrc real path: (null) realpath: No such file or directory Debug 423: new_name #/home/saurabh/.kde4/share/config/gtkrc-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc-2.0 expanded: /home/saurabh/.kde4/share/config/gtkrc-2.0 real path: (null) realpath: No such file or directory Debug 423: new_name #/home/saurabh/.local/share/themes#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/themes expanded: /home/saurabh/.local/share/themes real path: (null) realpath: No such file or directory Debug 423: new_name #/home/saurabh/.themes#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.themes expanded: /home/saurabh/.themes real path: (null) realpath: No such file or directory Debug 423: new_name #/home/saurabh/.cache/kioexec/krun#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.cache/kioexec/krun expanded: /home/saurabh/.cache/kioexec/krun real path: (null) realpath: No such file or directory Debug 423: new_name #/home/saurabh/.config/Kvantum#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/Kvantum expanded: /home/saurabh/.config/Kvantum real path: (null) realpath: No such file or directory Debug 423: new_name #/home/saurabh/.config/Trolltech.conf#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/Trolltech.conf expanded: /home/saurabh/.config/Trolltech.conf real path: (null) realpath: No such file or directory Debug 423: new_name #/home/saurabh/.config/kdeglobals#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kdeglobals expanded: /home/saurabh/.config/kdeglobals real path: (null) realpath: No such file or directory Debug 423: new_name #/home/saurabh/.config/kio_httprc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kio_httprc expanded: /home/saurabh/.config/kio_httprc real path: (null) realpath: No such file or directory Debug 423: new_name #/home/saurabh/.config/kioslaverc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kioslaverc expanded: /home/saurabh/.config/kioslaverc real path: (null) realpath: No such file or directory Debug 423: new_name #/home/saurabh/.config/ksslcablacklist#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/ksslcablacklist expanded: /home/saurabh/.config/ksslcablacklist real path: (null) realpath: No such file or directory Debug 423: new_name #/home/saurabh/.config/qt5ct#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/qt5ct expanded: /home/saurabh/.config/qt5ct real path: (null) realpath: No such file or directory Debug 423: new_name #/home/saurabh/.kde/share/config/kdeglobals#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kdeglobals expanded: /home/saurabh/.kde/share/config/kdeglobals real path: (null) realpath: No such file or directory Debug 423: new_name #/home/saurabh/.kde/share/config/kio_httprc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kio_httprc expanded: /home/saurabh/.kde/share/config/kio_httprc real path: (null) realpath: No such file or directory Debug 423: new_name #/home/saurabh/.kde/share/config/kioslaverc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kioslaverc expanded: /home/saurabh/.kde/share/config/kioslaverc real path: (null) realpath: No such file or directory Debug 423: new_name #/home/saurabh/.kde/share/config/ksslcablacklist#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/ksslcablacklist expanded: /home/saurabh/.kde/share/config/ksslcablacklist real path: (null) realpath: No such file or directory Debug 423: new_name #/home/saurabh/.kde/share/config/oxygenrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/oxygenrc expanded: /home/saurabh/.kde/share/config/oxygenrc real path: (null) realpath: No such file or directory Debug 423: new_name #/home/saurabh/.kde/share/icons#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/icons expanded: /home/saurabh/.kde/share/icons real path: (null) realpath: No such file or directory Debug 423: new_name #/home/saurabh/.kde4/share/config/kdeglobals#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kdeglobals expanded: /home/saurabh/.kde4/share/config/kdeglobals real path: (null) realpath: No such file or directory Debug 423: new_name #/home/saurabh/.kde4/share/config/kio_httprc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kio_httprc expanded: /home/saurabh/.kde4/share/config/kio_httprc real path: (null) realpath: No such file or directory Debug 423: new_name #/home/saurabh/.kde4/share/config/kioslaverc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kioslaverc expanded: /home/saurabh/.kde4/share/config/kioslaverc real path: (null) realpath: No such file or directory Debug 423: new_name #/home/saurabh/.kde4/share/config/ksslcablacklist#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/ksslcablacklist expanded: /home/saurabh/.kde4/share/config/ksslcablacklist real path: (null) realpath: No such file or directory Debug 423: new_name #/home/saurabh/.kde4/share/config/oxygenrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/oxygenrc expanded: /home/saurabh/.kde4/share/config/oxygenrc real path: (null) realpath: No such file or directory Debug 423: new_name #/home/saurabh/.kde4/share/icons#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/icons expanded: /home/saurabh/.kde4/share/icons real path: (null) realpath: No such file or directory Debug 423: new_name #/home/saurabh/.local/share/qt5ct#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/qt5ct expanded: /home/saurabh/.local/share/qt5ct real path: (null) realpath: No such file or directory Debug 423: new_name #/var/lib/dbus#, whitelist Debug 423: new_name #/var/lib/menu-xdg#, whitelist Removed whitelist/nowhitelist path: whitelist /var/lib/menu-xdg expanded: /var/lib/menu-xdg real path: (null) realpath: No such file or directory Debug 423: new_name #/var/cache/fontconfig#, whitelist Debug 423: new_name #/var/tmp#, whitelist Debug 423: new_name #/var/run#, whitelist Replaced whitelist path: whitelist /run Debug 423: new_name #/var/lock#, whitelist Replaced whitelist path: whitelist /run/lock Debug 423: new_name #/tmp/.X11-unix#, whitelist Mounting tmpfs on /tmp directory Mounting tmpfs on /var directory Mounting tmpfs on /usr/share directory Mounting a new /home directory Mounting a new /root directory Create a new user directory Drop privileges: pid 3, uid 1000, gid 1000, nogroups 0 Warning: cleaning all supplementary groups Whitelisting /home/saurabh/.cache/mozilla/firefox 550 548 254:0 /home/saurabh/.cache/mozilla/firefox /home/saurabh/.cache/mozilla/firefox rw,relatime master:1 - ext4 /dev/mapper/cryptroot rw mountid=550 fsname=/home/saurabh/.cache/mozilla/firefox dir=/home/saurabh/.cache/mozilla/firefox fstype=ext4 Whitelisting /home/saurabh/.mozilla 551 548 254:0 /home/saurabh/.mozilla /home/saurabh/.mozilla rw,relatime master:1 - ext4 /dev/mapper/cryptroot rw mountid=551 fsname=/home/saurabh/.mozilla dir=/home/saurabh/.mozilla fstype=ext4 Whitelisting /usr/share/doc 552 546 254:0 /usr/share/doc /usr/share/doc ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw mountid=552 fsname=/usr/share/doc dir=/usr/share/doc fstype=ext4 Whitelisting /usr/share/gtk-doc/html 553 546 254:0 /usr/share/gtk-doc/html /usr/share/gtk-doc/html ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw mountid=553 fsname=/usr/share/gtk-doc/html dir=/usr/share/gtk-doc/html fstype=ext4 Whitelisting /usr/share/alsa 554 546 254:0 /usr/share/alsa /usr/share/alsa ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw mountid=554 fsname=/usr/share/alsa dir=/usr/share/alsa fstype=ext4 Whitelisting /usr/share/applications 555 546 254:0 /usr/share/applications /usr/share/applications ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw mountid=555 fsname=/usr/share/applications dir=/usr/share/applications fstype=ext4 Whitelisting /usr/share/ca-certificates 556 546 254:0 /usr/share/ca-certificates /usr/share/ca-certificates ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw mountid=556 fsname=/usr/share/ca-certificates dir=/usr/share/ca-certificates fstype=ext4 Whitelisting /usr/share/dconf 557 546 254:0 /usr/share/dconf /usr/share/dconf ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw mountid=557 fsname=/usr/share/dconf dir=/usr/share/dconf fstype=ext4 Whitelisting /usr/share/drirc.d 558 546 254:0 /usr/share/drirc.d /usr/share/drirc.d ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw mountid=558 fsname=/usr/share/drirc.d dir=/usr/share/drirc.d fstype=ext4 Whitelisting /usr/share/enchant 559 546 254:0 /usr/share/enchant /usr/share/enchant ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw mountid=559 fsname=/usr/share/enchant dir=/usr/share/enchant fstype=ext4 Whitelisting /usr/share/fonts 560 546 254:0 /usr/share/fonts /usr/share/fonts ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw mountid=560 fsname=/usr/share/fonts dir=/usr/share/fonts fstype=ext4 Whitelisting /usr/share/gir-1.0 561 546 254:0 /usr/share/gir-1.0 /usr/share/gir-1.0 ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw mountid=561 fsname=/usr/share/gir-1.0 dir=/usr/share/gir-1.0 fstype=ext4 Whitelisting /usr/share/gjs-1.0 562 546 254:0 /usr/share/gjs-1.0 /usr/share/gjs-1.0 ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw mountid=562 fsname=/usr/share/gjs-1.0 dir=/usr/share/gjs-1.0 fstype=ext4 Whitelisting /usr/share/glib-2.0 564 546 254:0 /usr/share/glib-2.0 /usr/share/glib-2.0 ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw mountid=564 fsname=/usr/share/glib-2.0 dir=/usr/share/glib-2.0 fstype=ext4 Whitelisting /usr/share/glvnd 565 546 254:0 /usr/share/glvnd /usr/share/glvnd ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw mountid=565 fsname=/usr/share/glvnd dir=/usr/share/glvnd fstype=ext4 Whitelisting /usr/share/gtk-3.0 566 546 254:0 /usr/share/gtk-3.0 /usr/share/gtk-3.0 ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw mountid=566 fsname=/usr/share/gtk-3.0 dir=/usr/share/gtk-3.0 fstype=ext4 Whitelisting /usr/share/gtksourceview-4 567 546 254:0 /usr/share/gtksourceview-4 /usr/share/gtksourceview-4 ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw mountid=567 fsname=/usr/share/gtksourceview-4 dir=/usr/share/gtksourceview-4 fstype=ext4 Whitelisting /usr/share/hwdata 568 546 254:0 /usr/share/hwdata /usr/share/hwdata ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw mountid=568 fsname=/usr/share/hwdata dir=/usr/share/hwdata fstype=ext4 Whitelisting /usr/share/icons 569 546 254:0 /usr/share/icons /usr/share/icons ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw mountid=569 fsname=/usr/share/icons dir=/usr/share/icons fstype=ext4 Whitelisting /usr/share/icu 808 546 254:0 /usr/share/icu /usr/share/icu ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw mountid=808 fsname=/usr/share/icu dir=/usr/share/icu fstype=ext4 Whitelisting /usr/share/libdrm 809 546 254:0 /usr/share/libdrm /usr/share/libdrm ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw mountid=809 fsname=/usr/share/libdrm dir=/usr/share/libdrm fstype=ext4 Whitelisting /usr/share/libthai 810 546 254:0 /usr/share/libthai /usr/share/libthai ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw mountid=810 fsname=/usr/share/libthai dir=/usr/share/libthai fstype=ext4 Whitelisting /usr/share/locale 811 546 254:0 /usr/share/locale /usr/share/locale ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw mountid=811 fsname=/usr/share/locale dir=/usr/share/locale fstype=ext4 Whitelisting /usr/share/mime 812 546 254:0 /usr/share/mime /usr/share/mime ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw mountid=812 fsname=/usr/share/mime dir=/usr/share/mime fstype=ext4 Whitelisting /usr/share/misc 813 546 254:0 /usr/share/misc /usr/share/misc ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw mountid=813 fsname=/usr/share/misc dir=/usr/share/misc fstype=ext4 Whitelisting /usr/share/p11-kit 814 546 254:0 /usr/share/p11-kit /usr/share/p11-kit ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw mountid=814 fsname=/usr/share/p11-kit dir=/usr/share/p11-kit fstype=ext4 Whitelisting /usr/share/pixmaps 815 546 254:0 /usr/share/pixmaps /usr/share/pixmaps ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw mountid=815 fsname=/usr/share/pixmaps dir=/usr/share/pixmaps fstype=ext4 Whitelisting /usr/share/sounds 816 546 254:0 /usr/share/sounds /usr/share/sounds ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw mountid=816 fsname=/usr/share/sounds dir=/usr/share/sounds fstype=ext4 Whitelisting /usr/share/terminfo 817 546 254:0 /usr/share/terminfo /usr/share/terminfo ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw mountid=817 fsname=/usr/share/terminfo dir=/usr/share/terminfo fstype=ext4 Whitelisting /usr/share/themes 818 546 254:0 /usr/share/themes /usr/share/themes ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw mountid=818 fsname=/usr/share/themes dir=/usr/share/themes fstype=ext4 Whitelisting /usr/share/X11 819 546 254:0 /usr/share/X11 /usr/share/X11 ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw mountid=819 fsname=/usr/share/X11 dir=/usr/share/X11 fstype=ext4 Whitelisting /usr/share/xml 820 546 254:0 /usr/share/xml /usr/share/xml ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw mountid=820 fsname=/usr/share/xml dir=/usr/share/xml fstype=ext4 Whitelisting /usr/share/zoneinfo 821 546 254:0 /usr/share/zoneinfo /usr/share/zoneinfo ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw mountid=821 fsname=/usr/share/zoneinfo dir=/usr/share/zoneinfo fstype=ext4 Whitelisting /home/saurabh/Downloads 822 548 254:0 /home/saurabh/Downloads /home/saurabh/Downloads rw,relatime master:1 - ext4 /dev/mapper/cryptroot rw mountid=822 fsname=/home/saurabh/Downloads dir=/home/saurabh/Downloads fstype=ext4 Whitelisting /home/saurabh/.pki 823 548 254:0 /home/saurabh/.pki /home/saurabh/.pki rw,relatime master:1 - ext4 /dev/mapper/cryptroot rw mountid=823 fsname=/home/saurabh/.pki dir=/home/saurabh/.pki fstype=ext4 Whitelisting /home/saurabh/.local/share/pki 824 548 254:0 /home/saurabh/.local/share/pki /home/saurabh/.local/share/pki rw,relatime master:1 - ext4 /dev/mapper/cryptroot rw mountid=824 fsname=/home/saurabh/.local/share/pki dir=/home/saurabh/.local/share/pki fstype=ext4 Whitelisting /home/saurabh/.config/ibus 825 548 254:0 /home/saurabh/.config/ibus /home/saurabh/.config/ibus rw,relatime master:1 - ext4 /dev/mapper/cryptroot rw mountid=825 fsname=/home/saurabh/.config/ibus dir=/home/saurabh/.config/ibus fstype=ext4 Whitelisting /home/saurabh/.config/mimeapps.list 826 548 254:0 /home/saurabh/.config/mimeapps.list /home/saurabh/.config/mimeapps.list rw,relatime master:1 - ext4 /dev/mapper/cryptroot rw mountid=826 fsname=/home/saurabh/.config/mimeapps.list dir=/home/saurabh/.config/mimeapps.list fstype=ext4 Whitelisting /home/saurabh/.config/user-dirs.dirs 827 548 254:0 /home/saurabh/.config/user-dirs.dirs /home/saurabh/.config/user-dirs.dirs rw,relatime master:1 - ext4 /dev/mapper/cryptroot rw mountid=827 fsname=/home/saurabh/.config/user-dirs.dirs dir=/home/saurabh/.config/user-dirs.dirs fstype=ext4 Whitelisting /home/saurabh/.local/share/applications 828 548 254:0 /home/saurabh/.local/share/applications /home/saurabh/.local/share/applications rw,relatime master:1 - ext4 /dev/mapper/cryptroot rw mountid=828 fsname=/home/saurabh/.local/share/applications dir=/home/saurabh/.local/share/applications fstype=ext4 Whitelisting /home/saurabh/.local/share/mime 829 548 254:0 /home/saurabh/.local/share/mime /home/saurabh/.local/share/mime rw,relatime master:1 - ext4 /dev/mapper/cryptroot rw mountid=829 fsname=/home/saurabh/.local/share/mime dir=/home/saurabh/.local/share/mime fstype=ext4 Whitelisting /home/saurabh/.config/dconf 830 548 254:0 /home/saurabh/.config/dconf /home/saurabh/.config/dconf rw,relatime master:1 - ext4 /dev/mapper/cryptroot rw mountid=830 fsname=/home/saurabh/.config/dconf dir=/home/saurabh/.config/dconf fstype=ext4 Whitelisting /home/saurabh/.cache/fontconfig 831 548 254:0 /home/saurabh/.cache/fontconfig /home/saurabh/.cache/fontconfig rw,relatime master:1 - ext4 /dev/mapper/cryptroot rw mountid=831 fsname=/home/saurabh/.cache/fontconfig dir=/home/saurabh/.cache/fontconfig fstype=ext4 Whitelisting /home/saurabh/.config/gtk-3.0 832 548 254:0 /home/saurabh/.config/gtk-3.0 /home/saurabh/.config/gtk-3.0 rw,relatime master:1 - ext4 /dev/mapper/cryptroot rw mountid=832 fsname=/home/saurabh/.config/gtk-3.0 dir=/home/saurabh/.config/gtk-3.0 fstype=ext4 Whitelisting /var/lib/dbus 833 544 254:0 /var/lib/dbus /var/lib/dbus ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/cryptroot rw mountid=833 fsname=/var/lib/dbus dir=/var/lib/dbus fstype=ext4 Whitelisting /var/cache/fontconfig 834 544 254:0 /var/cache/fontconfig /var/cache/fontconfig ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/cryptroot rw mountid=834 fsname=/var/cache/fontconfig dir=/var/cache/fontconfig fstype=ext4 Whitelisting /var/tmp 835 544 0:72 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw mountid=835 fsname=/ dir=/var/tmp fstype=tmpfs Created symbolic link /var/run -> /run Created symbolic link /var/lock -> /run/lock Whitelisting /tmp/.X11-unix 836 484 0:46 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev master:65 - tmpfs tmpfs rw,size=3874792k,nr_inodes=409600 mountid=836 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Disable /etc/X11/Xsession.d Disable /etc/xdg/autostart Mounting read-only /home/saurabh/.config/dconf 843 830 254:0 /home/saurabh/.config/dconf /home/saurabh/.config/dconf ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw mountid=843 fsname=/home/saurabh/.config/dconf dir=/home/saurabh/.config/dconf fstype=ext4 Disable /etc/profile.d Disable /etc/kernel Disable /etc/grub.d Disable /etc/dkms Disable /etc/apparmor.d Disable /etc/apparmor Disable /etc/modules-load.d Disable /etc/logrotate.d Mounting read-only /home/saurabh/.bashrc 852 548 0:83 /saurabh/.bashrc /home/saurabh/.bashrc ro,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755 mountid=852 fsname=/saurabh/.bashrc dir=/home/saurabh/.bashrc fstype=tmpfs Mounting read-only /home/saurabh/.local/share/applications 853 828 254:0 /home/saurabh/.local/share/applications /home/saurabh/.local/share/applications ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw mountid=853 fsname=/home/saurabh/.local/share/applications dir=/home/saurabh/.local/share/applications fstype=ext4 Not blacklist /home/saurabh/.pki Not blacklist /home/saurabh/.local/share/pki Disable /etc/group- Disable /etc/gshadow Disable /etc/gshadow- Disable /etc/passwd- Disable /etc/shadow Disable /etc/shadow- Disable /etc/ssh Warning: /sbin directory link was not blacklisted Disable /usr/local/sbin Warning: /usr/sbin directory link was not blacklisted Disable /usr/bin/chage Disable /usr/bin/chfn Disable /usr/bin/chsh Disable /usr/bin/expiry Disable /usr/bin/fusermount Disable /usr/bin/gpasswd Disable /usr/bin/ksu Disable /usr/bin/mount Disable /usr/bin/newgidmap Disable /usr/bin/newgrp Disable /usr/bin/newuidmap Disable /usr/bin/ntfs-3g Disable /usr/bin/pkexec Disable /usr/bin/sg Disable /usr/bin/su Disable /usr/bin/sudo Disable /usr/bin/umount Disable /usr/bin/unix_chkpwd Disable /usr/bin/gnome-terminal Disable /usr/bin/bwrap Disable /proc/config.gz Disable /usr/bin/as Disable /usr/bin/gcc (requested /usr/bin/cc) Disable /usr/bin/c++ Disable /usr/bin/c++filt Disable /usr/bin/c89 Disable /usr/bin/c99 Disable /usr/bin/cpp Disable /usr/bin/g++ Disable /usr/bin/gcc-nm Disable /usr/bin/gcc-ar Disable /usr/bin/gcc Disable /usr/bin/gcc-ranlib Disable /usr/bin/ld Disable /usr/bin/x86_64-pc-linux-gnu-gcc-10.2.0 Disable /usr/bin/x86_64-pc-linux-gnu-gcc-nm Disable /usr/bin/x86_64-pc-linux-gnu-gcc Disable /usr/bin/x86_64-pc-linux-gnu-gcc-ar Disable /usr/bin/x86_64-pc-linux-gnu-gcc-ranlib Disable /usr/bin/x86_64-pc-linux-gnu-g++ Disable /usr/bin/x86_64-pc-linux-gnu-gcc-10.2.0 Disable /usr/bin/x86_64-pc-linux-gnu-gcc-nm Disable /usr/bin/x86_64-pc-linux-gnu-gcc Disable /usr/bin/x86_64-pc-linux-gnu-gcc-ar Disable /usr/bin/x86_64-pc-linux-gnu-gcc-ranlib Disable /usr/bin/x86_64-pc-linux-gnu-g++ Disable /usr/include Disable /usr/bin/openssl Mounting noexec /run/user/1000 1028 1024 0:24 /firejail/firejail.ro.dir /run/user/1000/systemd rw,nosuid,nodev,relatime master:14 - tmpfs run rw,mode=755 mountid=1028 fsname=/firejail/firejail.ro.dir dir=/run/user/1000/systemd fstype=tmpfs Mounting noexec /dev/shm 1029 530 0:78 /shm /dev/shm rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755 mountid=1029 fsname=/shm dir=/dev/shm fstype=tmpfs Mounting noexec /tmp 1031 1030 0:46 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev master:65 - tmpfs tmpfs rw,size=3874792k,nr_inodes=409600 mountid=1031 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Mounting noexec /tmp/.X11-unix 1032 1031 0:46 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev,noexec master:65 - tmpfs tmpfs rw,size=3874792k,nr_inodes=409600 mountid=1032 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Mounting noexec /var 1036 1033 0:72 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw mountid=1036 fsname=/ dir=/var/tmp fstype=tmpfs Disable /usr/bin/lua (requested /usr/bin/lua5.4) Disable /usr/bin/luac Disable /usr/bin/luajit-2.0.5 (requested /usr/bin/luajit) Disable /usr/bin/luac5.2 Disable /usr/bin/luajit-2.0.5 Disable /usr/bin/luac (requested /usr/bin/luac5.4) Disable /usr/bin/lua5.2 Disable /usr/bin/lua Disable /usr/lib/lua Disable /usr/bin/core_perl/cpan Disable /usr/bin/core_perl Disable /usr/bin/perl Disable /usr/bin/site_perl Disable /usr/bin/vendor_perl Disable /usr/lib/perl5 Disable /usr/lib/ruby Disable /usr/lib/python2.7 Disable /usr/bin/python3.8 (requested /usr/bin/python3) Disable /usr/bin/python3.8 Disable /usr/bin/python3.8-config (requested /usr/bin/python3-config) Disable /usr/bin/python3.8-config Disable /usr/lib/python3.8 Not blacklist /home/saurabh/.mozilla Not blacklist /home/saurabh/.cache/mozilla Mounting read-only /home/saurabh/.config/user-dirs.dirs 1059 827 254:0 /home/saurabh/.config/user-dirs.dirs /home/saurabh/.config/user-dirs.dirs ro,relatime master:1 - ext4 /dev/mapper/cryptroot rw mountid=1059 fsname=/home/saurabh/.config/user-dirs.dirs dir=/home/saurabh/.config/user-dirs.dirs fstype=ext4 Mounting read-only /tmp/.X11-unix 1060 1032 0:46 /.X11-unix /tmp/.X11-unix ro,nosuid,nodev,noexec master:65 - tmpfs tmpfs rw,size=3874792k,nr_inodes=409600 mountid=1060 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Disable /sys/fs Disable /sys/module Disable /mnt Disable /run/mount Disable /run/media Mounting noexec /run/firejail/mnt/pulse Creating empty /home/saurabh/.config/pulse directory Drop privileges: pid 4, uid 1000, gid 1000, nogroups 0 Warning: cleaning all supplementary groups Mounting /run/firejail/mnt/pulse on /home/saurabh/.config/pulse 1067 548 0:54 /pulse /home/saurabh/.config/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755 mountid=1067 fsname=/pulse dir=/home/saurabh/.config/pulse fstype=tmpfs Create the new ld.so.preload file Post-exec seccomp protector enabled Mount the new ld.so.preload file Current directory: /home/saurabh DISPLAY=:0 parsed as 0 Install protocol filter: unix,inet,inet6,netlink configuring 16 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol (null) Dropping all capabilities Drop privileges: pid 5, uid 1000, gid 1000, nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 15 01 00 00000029 jeq socket 0006 (false 0005) 0005: 06 00 00 7fff0000 ret ALLOW 0006: 20 00 00 00000010 ld data.args[0] 0007: 15 00 01 00000001 jeq 1 0008 (false 0009) 0008: 06 00 00 7fff0000 ret ALLOW 0009: 15 00 01 00000002 jeq 2 000a (false 000b) 000a: 06 00 00 7fff0000 ret ALLOW 000b: 15 00 01 0000000a jeq a 000c (false 000d) 000c: 06 00 00 7fff0000 ret ALLOW 000d: 15 00 01 00000010 jeq 10 000e (false 000f) 000e: 06 00 00 7fff0000 ret ALLOW 000f: 06 00 00 0005005f ret ERRNO(95) configuring 54 seccomp entries in /run/firejail/mnt/seccomp/seccomp.32 sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.32 (null) Dropping all capabilities Drop privileges: pid 6, uid 1000, gid 1000, nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 40000003 jeq ARCH_32 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 15 30 00 00000015 jeq 15 0035 (false 0005) 0005: 15 2f 00 00000034 jeq 34 0035 (false 0006) 0006: 15 2e 00 0000001a jeq 1a 0035 (false 0007) 0007: 15 2d 00 0000011b jeq 11b 0035 (false 0008) 0008: 15 2c 00 00000155 jeq 155 0035 (false 0009) 0009: 15 2b 00 00000156 jeq 156 0035 (false 000a) 000a: 15 2a 00 0000007f jeq 7f 0035 (false 000b) 000b: 15 29 00 00000080 jeq 80 0035 (false 000c) 000c: 15 28 00 0000015e jeq 15e 0035 (false 000d) 000d: 15 27 00 00000081 jeq 81 0035 (false 000e) 000e: 15 26 00 0000006e jeq 6e 0035 (false 000f) 000f: 15 25 00 00000065 jeq 65 0035 (false 0010) 0010: 15 24 00 00000121 jeq 121 0035 (false 0011) 0011: 15 23 00 00000057 jeq 57 0035 (false 0012) 0012: 15 22 00 00000073 jeq 73 0035 (false 0013) 0013: 15 21 00 00000067 jeq 67 0035 (false 0014) 0014: 15 20 00 0000015b jeq 15b 0035 (false 0015) 0015: 15 1f 00 0000015c jeq 15c 0035 (false 0016) 0016: 15 1e 00 00000087 jeq 87 0035 (false 0017) 0017: 15 1d 00 00000095 jeq 95 0035 (false 0018) 0018: 15 1c 00 0000007c jeq 7c 0035 (false 0019) 0019: 15 1b 00 00000157 jeq 157 0035 (false 001a) 001a: 15 1a 00 000000fd jeq fd 0035 (false 001b) 001b: 15 19 00 00000150 jeq 150 0035 (false 001c) 001c: 15 18 00 00000152 jeq 152 0035 (false 001d) 001d: 15 17 00 0000015d jeq 15d 0035 (false 001e) 001e: 15 16 00 0000011e jeq 11e 0035 (false 001f) 001f: 15 15 00 0000011f jeq 11f 0035 (false 0020) 0020: 15 14 00 00000120 jeq 120 0035 (false 0021) 0021: 15 13 00 00000056 jeq 56 0035 (false 0022) 0022: 15 12 00 00000033 jeq 33 0035 (false 0023) 0023: 15 11 00 0000007b jeq 7b 0035 (false 0024) 0024: 15 10 00 000000d9 jeq d9 0035 (false 0025) 0025: 15 0f 00 000000f5 jeq f5 0035 (false 0026) 0026: 15 0e 00 000000f6 jeq f6 0035 (false 0027) 0027: 15 0d 00 000000f7 jeq f7 0035 (false 0028) 0028: 15 0c 00 000000f8 jeq f8 0035 (false 0029) 0029: 15 0b 00 000000f9 jeq f9 0035 (false 002a) 002a: 15 0a 00 00000101 jeq 101 0035 (false 002b) 002b: 15 09 00 00000112 jeq 112 0035 (false 002c) 002c: 15 08 00 00000114 jeq 114 0035 (false 002d) 002d: 15 07 00 00000126 jeq 126 0035 (false 002e) 002e: 15 06 00 0000013d jeq 13d 0035 (false 002f) 002f: 15 05 00 0000013c jeq 13c 0035 (false 0030) 0030: 15 04 00 0000003d jeq 3d 0035 (false 0031) 0031: 15 03 00 00000058 jeq 58 0035 (false 0032) 0032: 15 02 00 000000a9 jeq a9 0035 (false 0033) 0033: 15 01 00 00000082 jeq 82 0035 (false 0034) 0034: 06 00 00 7fff0000 ret ALLOW 0035: 06 00 00 00000000 ret KILL Dual 32/64 bit seccomp filter configured Build default+drop seccomp filter sbox run: /run/firejail/lib/fseccomp default drop /run/firejail/mnt/seccomp/seccomp /run/firejail/mnt/seccomp/seccomp.postexec !chroot (null) Dropping all capabilities Drop privileges: pid 7, uid 1000, gid 1000, nogroups 1 No supplementary groups Seccomp list in: !chroot, check list: @default-keep, prelist: unknown, sbox run: /run/firejail/lib/fsec-optimize /run/firejail/mnt/seccomp/seccomp (null) Dropping all capabilities Drop privileges: pid 8, uid 1000, gid 1000, nogroups 1 No supplementary groups configuring 74 seccomp entries in /run/firejail/mnt/seccomp/seccomp sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp (null) Dropping all capabilities Drop privileges: pid 9, uid 1000, gid 1000, nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005) 0005: 35 01 00 00000000 jge read 0007 (false 0006) 0006: 06 00 00 00050001 ret ERRNO(1) 0007: 15 00 01 000000a1 jeq chroot 0008 (false 0009) 0008: 06 00 00 7fff0000 ret ALLOW 0009: 15 3f 00 0000009f jeq adjtimex 0049 (false 000a) 000a: 15 3e 00 00000131 jeq clock_adjtime 0049 (false 000b) 000b: 15 3d 00 000000e3 jeq clock_settime 0049 (false 000c) 000c: 15 3c 00 000000a4 jeq settimeofday 0049 (false 000d) 000d: 15 3b 00 0000009a jeq modify_ldt 0049 (false 000e) 000e: 15 3a 00 000000d4 jeq lookup_dcookie 0049 (false 000f) 000f: 15 39 00 0000012a jeq perf_event_open 0049 (false 0010) 0010: 15 38 00 00000137 jeq process_vm_writev 0049 (false 0011) 0011: 15 37 00 000000b0 jeq delete_module 0049 (false 0012) 0012: 15 36 00 00000139 jeq finit_module 0049 (false 0013) 0013: 15 35 00 000000af jeq init_module 0049 (false 0014) 0014: 15 34 00 0000009c jeq _sysctl 0049 (false 0015) 0015: 15 33 00 000000b7 jeq afs_syscall 0049 (false 0016) 0016: 15 32 00 000000ae jeq create_module 0049 (false 0017) 0017: 15 31 00 000000b1 jeq get_kernel_syms 0049 (false 0018) 0018: 15 30 00 000000b5 jeq getpmsg 0049 (false 0019) 0019: 15 2f 00 000000b6 jeq putpmsg 0049 (false 001a) 001a: 15 2e 00 000000b2 jeq query_module 0049 (false 001b) 001b: 15 2d 00 000000b9 jeq security 0049 (false 001c) 001c: 15 2c 00 0000008b jeq sysfs 0049 (false 001d) 001d: 15 2b 00 000000b8 jeq tuxcall 0049 (false 001e) 001e: 15 2a 00 00000086 jeq uselib 0049 (false 001f) 001f: 15 29 00 00000088 jeq ustat 0049 (false 0020) 0020: 15 28 00 000000ec jeq vserver 0049 (false 0021) 0021: 15 27 00 000000ad jeq ioperm 0049 (false 0022) 0022: 15 26 00 000000ac jeq iopl 0049 (false 0023) 0023: 15 25 00 000000f6 jeq kexec_load 0049 (false 0024) 0024: 15 24 00 00000140 jeq kexec_file_load 0049 (false 0025) 0025: 15 23 00 000000a9 jeq reboot 0049 (false 0026) 0026: 15 22 00 000000a7 jeq swapon 0049 (false 0027) 0027: 15 21 00 000000a8 jeq swapoff 0049 (false 0028) 0028: 15 20 00 00000130 jeq open_by_handle_at 0049 (false 0029) 0029: 15 1f 00 0000012f jeq name_to_handle_at 0049 (false 002a) 002a: 15 1e 00 000000fb jeq ioprio_set 0049 (false 002b) 002b: 15 1d 00 00000067 jeq syslog 0049 (false 002c) 002c: 15 1c 00 0000012c jeq fanotify_init 0049 (false 002d) 002d: 15 1b 00 00000138 jeq kcmp 0049 (false 002e) 002e: 15 1a 00 000000f8 jeq add_key 0049 (false 002f) 002f: 15 19 00 000000f9 jeq request_key 0049 (false 0030) 0030: 15 18 00 000000ed jeq mbind 0049 (false 0031) 0031: 15 17 00 00000100 jeq migrate_pages 0049 (false 0032) 0032: 15 16 00 00000117 jeq move_pages 0049 (false 0033) 0033: 15 15 00 000000fa jeq keyctl 0049 (false 0034) 0034: 15 14 00 000000ce jeq io_setup 0049 (false 0035) 0035: 15 13 00 000000cf jeq io_destroy 0049 (false 0036) 0036: 15 12 00 000000d0 jeq io_getevents 0049 (false 0037) 0037: 15 11 00 000000d1 jeq io_submit 0049 (false 0038) 0038: 15 10 00 000000d2 jeq io_cancel 0049 (false 0039) 0039: 15 0f 00 000000d8 jeq remap_file_pages 0049 (false 003a) 003a: 15 0e 00 00000143 jeq userfaultfd 0049 (false 003b) 003b: 15 0d 00 000000a3 jeq acct 0049 (false 003c) 003c: 15 0c 00 00000141 jeq bpf 0049 (false 003d) 003d: 15 0b 00 000000a1 jeq chroot 0049 (false 003e) 003e: 15 0a 00 000000a5 jeq mount 0049 (false 003f) 003f: 15 09 00 000000b4 jeq nfsservctl 0049 (false 0040) 0040: 15 08 00 0000009b jeq pivot_root 0049 (false 0041) 0041: 15 07 00 000000ab jeq setdomainname 0049 (false 0042) 0042: 15 06 00 000000aa jeq sethostname 0049 (false 0043) 0043: 15 05 00 000000a6 jeq umount2 0049 (false 0044) 0044: 15 04 00 00000099 jeq vhangup 0049 (false 0045) 0045: 15 03 00 00000065 jeq ptrace 0049 (false 0046) 0046: 15 02 00 00000087 jeq personality 0049 (false 0047) 0047: 15 01 00 00000136 jeq process_vm_readv 0049 (false 0048) 0048: 06 00 00 7fff0000 ret ALLOW 0049: 06 00 01 00000000 ret KILL seccomp filter configured Mounting read-only /run/firejail/mnt/seccomp Dropping all capabilities noroot user namespace installed Dropping all capabilities NO_NEW_PRIVS set Drop privileges: pid 1, uid 1000, gid 1000, nogroups 1 No supplementary groups AppArmor enabled starting application LD_PRELOAD=(null) execvp argument 0: /usr/lib/firefox/firefox Child process initialized in 152.72 ms Installing /run/firejail/mnt/seccomp/seccomp seccomp filter Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter monitoring pid 10 ``` </details>
gitea-mirror 2026-05-05 08:57:29 -06:00
  • closed this issue
  • added the
    duplicate
         label
gitea-mirror commented 2026-05-05 08:57:32 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Aug 28, 2020):

Which syscall is blocked?
journalctl --grep syscall --reverse

audit[PID]: SECCOMP ... exe="...firefox..." ... syscall=<SYSCALL> ...
<!-- gh-comment-id:682904122 --> @rusty-snake commented on GitHub (Aug 28, 2020): Which syscall is blocked? `journalctl --grep syscall --reverse` ``` audit[PID]: SECCOMP ... exe="...firefox..." ... syscall=<SYSCALL> ... ```
gitea-mirror commented 2026-05-05 08:57:33 -06:00
Author
Owner
Copy link

@bbhtt commented on GitHub (Aug 29, 2020):

Are you using hardened kernel on Arch? If so the new x11 gpu acceleration needs kcmp+compile time support... I don't have any hang, I'm on Arch 5.8.5.arch1-1

<!-- gh-comment-id:683222871 --> @bbhtt commented on GitHub (Aug 29, 2020): Are you using hardened kernel on Arch? If so the new x11 gpu acceleration needs kcmp+compile time support... I don't have any hang, I'm on Arch 5.8.5.arch1-1
gitea-mirror commented 2026-05-05 08:57:34 -06:00
Author
Owner
Copy link

@toazd commented on GitHub (Sep 1, 2020):

I may be having the same issue on Arch 5.8.5. No windows show for firefox and there are no console errors to indicate a problem. Adding --ignore=seccomp to the firejail parameters causes firefox to open fine but I don't know the consequences of using that parameter.

Most recent block from journalctl --grep syscall --reverse after running firejail --apparmor --debug firefox a few times:

Sep 01 13:11:18 phoenix kernel: audit: type=1326 audit(1598980278.947:359): auid=1000 uid=1000 gid=1000 ses=2 subj==firejail-default (enforce) pid=17449 comm="GLXVsyncThread" exe="/usr/lib/firefox/firefox" sig=31 arch=c000003e syscall=312 compat=0 ip=0x7fdea45a9d5d code=0x0
Sep 01 13:11:18 phoenix audit[17449]: SECCOMP auid=1000 uid=1000 gid=1000 ses=2 subj==firejail-default (enforce) pid=17449 comm="GLXVsyncThread" exe="/usr/lib/firefox/firefox" sig=31 arch=c000003e syscall=312 compat=0 ip=0x7fdea45a9d5d code=0x0
Sep 01 13:10:43 phoenix kernel: audit: type=1326 audit(1598980243.974:358): auid=1000 uid=1000 gid=1000 ses=2 subj==firejail-default (enforce) pid=17339 comm="GLXVsyncThread" exe="/usr/lib/firefox/firefox" sig=31 arch=c000003e syscall=312 compat=0 ip=0x7f7798c8fd5d code=0x0
Sep 01 13:10:43 phoenix audit[17339]: SECCOMP auid=1000 uid=1000 gid=1000 ses=2 subj==firejail-default (enforce) pid=17339 comm="GLXVsyncThread" exe="/usr/lib/firefox/firefox" sig=31 arch=c000003e syscall=312 compat=0 ip=0x7f7798c8fd5d code=0x0
Sep 01 13:05:17 phoenix kernel: audit: type=1326 audit(1598979917.084:331): auid=1000 uid=1000 gid=1000 ses=2 subj==firejail-default (enforce) pid=15731 comm="GLXVsyncThread" exe="/usr/lib/firefox/firefox" sig=31 arch=c000003e syscall=312 compat=0 ip=0x7f7cae6c1d5d code=0x0
Sep 01 13:05:17 phoenix audit[15731]: SECCOMP auid=1000 uid=1000 gid=1000 ses=2 subj==firejail-default (enforce) pid=15731 comm="GLXVsyncThread" exe="/usr/lib/firefox/firefox" sig=31 arch=c000003e syscall=312 compat=0 ip=0x7f7cae6c1d5d code=0x0
Sep 01 13:01:44 phoenix kernel: audit: type=1326 audit(1598979704.242:314): auid=1000 uid=1000 gid=1000 ses=2 subj==firejail-default (enforce) pid=14734 comm="GLXVsyncThread" exe="/usr/lib/firefox/firefox" sig=31 arch=c000003e syscall=312 compat=0 ip=0x7fcb510b7d5d code=0x0
Sep 01 13:01:44 phoenix audit[14734]: SECCOMP auid=1000 uid=1000 gid=1000 ses=2 subj==firejail-default (enforce) pid=14734 comm="GLXVsyncThread" exe="/usr/lib/firefox/firefox" sig=31 arch=c000003e syscall=312 compat=0 ip=0x7fcb510b7d5d code=0x0
Sep 01 13:01:32 phoenix kernel: audit: type=1326 audit(1598979692.092:313): auid=1000 uid=1000 gid=1000 ses=2 subj==firejail-default (enforce) pid=14627 comm="GLXVsyncThread" exe="/usr/lib/firefox/firefox" sig=31 arch=c000003e syscall=312 compat=0 ip=0x7f6966408d5d code=0x0
Sep 01 13:01:32 phoenix audit[14627]: SECCOMP auid=1000 uid=1000 gid=1000 ses=2 subj==firejail-default (enforce) pid=14627 comm="GLXVsyncThread" exe="/usr/lib/firefox/firefox" sig=31 arch=c000003e syscall=312 compat=0 ip=0x7f6966408d5d code=0x0

Hopefully that helps @rusty-snake ?

<!-- gh-comment-id:685018916 --> @toazd commented on GitHub (Sep 1, 2020): I may be having the same issue on Arch 5.8.5. No windows show for firefox and there are no console errors to indicate a problem. Adding `--ignore=seccomp` to the `firejail` parameters causes firefox to open fine but I don't know the consequences of using that parameter. Most recent block from `journalctl --grep syscall --reverse` after running `firejail --apparmor --debug firefox` a few times: ``` Sep 01 13:11:18 phoenix kernel: audit: type=1326 audit(1598980278.947:359): auid=1000 uid=1000 gid=1000 ses=2 subj==firejail-default (enforce) pid=17449 comm="GLXVsyncThread" exe="/usr/lib/firefox/firefox" sig=31 arch=c000003e syscall=312 compat=0 ip=0x7fdea45a9d5d code=0x0 Sep 01 13:11:18 phoenix audit[17449]: SECCOMP auid=1000 uid=1000 gid=1000 ses=2 subj==firejail-default (enforce) pid=17449 comm="GLXVsyncThread" exe="/usr/lib/firefox/firefox" sig=31 arch=c000003e syscall=312 compat=0 ip=0x7fdea45a9d5d code=0x0 Sep 01 13:10:43 phoenix kernel: audit: type=1326 audit(1598980243.974:358): auid=1000 uid=1000 gid=1000 ses=2 subj==firejail-default (enforce) pid=17339 comm="GLXVsyncThread" exe="/usr/lib/firefox/firefox" sig=31 arch=c000003e syscall=312 compat=0 ip=0x7f7798c8fd5d code=0x0 Sep 01 13:10:43 phoenix audit[17339]: SECCOMP auid=1000 uid=1000 gid=1000 ses=2 subj==firejail-default (enforce) pid=17339 comm="GLXVsyncThread" exe="/usr/lib/firefox/firefox" sig=31 arch=c000003e syscall=312 compat=0 ip=0x7f7798c8fd5d code=0x0 Sep 01 13:05:17 phoenix kernel: audit: type=1326 audit(1598979917.084:331): auid=1000 uid=1000 gid=1000 ses=2 subj==firejail-default (enforce) pid=15731 comm="GLXVsyncThread" exe="/usr/lib/firefox/firefox" sig=31 arch=c000003e syscall=312 compat=0 ip=0x7f7cae6c1d5d code=0x0 Sep 01 13:05:17 phoenix audit[15731]: SECCOMP auid=1000 uid=1000 gid=1000 ses=2 subj==firejail-default (enforce) pid=15731 comm="GLXVsyncThread" exe="/usr/lib/firefox/firefox" sig=31 arch=c000003e syscall=312 compat=0 ip=0x7f7cae6c1d5d code=0x0 Sep 01 13:01:44 phoenix kernel: audit: type=1326 audit(1598979704.242:314): auid=1000 uid=1000 gid=1000 ses=2 subj==firejail-default (enforce) pid=14734 comm="GLXVsyncThread" exe="/usr/lib/firefox/firefox" sig=31 arch=c000003e syscall=312 compat=0 ip=0x7fcb510b7d5d code=0x0 Sep 01 13:01:44 phoenix audit[14734]: SECCOMP auid=1000 uid=1000 gid=1000 ses=2 subj==firejail-default (enforce) pid=14734 comm="GLXVsyncThread" exe="/usr/lib/firefox/firefox" sig=31 arch=c000003e syscall=312 compat=0 ip=0x7fcb510b7d5d code=0x0 Sep 01 13:01:32 phoenix kernel: audit: type=1326 audit(1598979692.092:313): auid=1000 uid=1000 gid=1000 ses=2 subj==firejail-default (enforce) pid=14627 comm="GLXVsyncThread" exe="/usr/lib/firefox/firefox" sig=31 arch=c000003e syscall=312 compat=0 ip=0x7f6966408d5d code=0x0 Sep 01 13:01:32 phoenix audit[14627]: SECCOMP auid=1000 uid=1000 gid=1000 ses=2 subj==firejail-default (enforce) pid=14627 comm="GLXVsyncThread" exe="/usr/lib/firefox/firefox" sig=31 arch=c000003e syscall=312 compat=0 ip=0x7f6966408d5d code=0x0 ``` Hopefully that helps @rusty-snake ?
gitea-mirror commented 2026-05-05 08:57:35 -06:00
Author
Owner
Copy link

@bbhtt commented on GitHub (Sep 1, 2020):

seccomp !chroot ---> seccomp !chroot,!kcmpin firefox-common.profile, when firefox enables x11 acceleration by default in >80, the profile needs to be changed See 3219

<!-- gh-comment-id:685027287 --> @bbhtt commented on GitHub (Sep 1, 2020): `seccomp !chroot` ---> `seccomp !chroot,!kcmp`in firefox-common.profile, <s>when firefox enables x11 acceleration by default in >80, the profile needs to be changed</s> See 3219
gitea-mirror commented 2026-05-05 08:57:35 -06:00
Author
Owner
Copy link

@toazd commented on GitHub (Sep 1, 2020):

Changing line 49 in /etc/firejail/firefox-common.profile from seccomp !chroot to seccomp !chroot,!kcmp causes firefox to launch as expected and it appears to be working fine (using firejail --apparmor firefox).

Thank you very much @kortewegdevries 👍

<!-- gh-comment-id:685037429 --> @toazd commented on GitHub (Sep 1, 2020): Changing line 49 in `/etc/firejail/firefox-common.profile` from `seccomp !chroot` to `seccomp !chroot,!kcmp` causes firefox to launch as expected and it _appears_ to be working fine (using `firejail --apparmor firefox`). Thank you very much @kortewegdevries 👍
gitea-mirror commented 2026-05-05 08:57:36 -06:00
Author
Owner
Copy link

@bbhtt commented on GitHub (Sep 2, 2020):

@tozad , just curious what gpu driver/card are you using on Arch? I changed the about:config and used env MOZ_X11_EGL firefox %u, and I don't have any hang other than a few flashy graphical glitches. Now on firefox 80.0.1-1, same kernel, profiles that come with the aur package of firejail-git:

# firefox

Reading profile /etc/firejail/firefox.profile
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/firefox-common.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
Parent pid 4797, child pid 4801
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Warning: not remounting /run/user/1000/gvfs
Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
Child process initialized in 286.40 ms
amdgpu: os_same_file_description couldn't determine if two DRM fds reference the same file description.
If they do, bad things may happen!

My journalctl is empty.

<!-- gh-comment-id:685398675 --> @bbhtt commented on GitHub (Sep 2, 2020): @tozad , just curious what gpu driver/card are you using on Arch? I changed the about:config and used `env MOZ_X11_EGL firefox %u`, and I don't have any hang other than a few flashy graphical glitches. Now on firefox 80.0.1-1, same kernel, profiles that come with the aur package of firejail-git: ``` # firefox Reading profile /etc/firejail/firefox.profile Reading profile /etc/firejail/whitelist-usr-share-common.inc Reading profile /etc/firejail/firefox-common.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Seccomp list in: !chroot, check list: @default-keep, prelist: unknown, Parent pid 4797, child pid 4801 Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Warning: /sbin directory link was not blacklisted Warning: /usr/sbin directory link was not blacklisted Warning: not remounting /run/user/1000/gvfs Seccomp list in: !chroot, check list: @default-keep, prelist: unknown, Child process initialized in 286.40 ms amdgpu: os_same_file_description couldn't determine if two DRM fds reference the same file description. If they do, bad things may happen! ``` My journalctl is empty.
gitea-mirror commented 2026-05-05 08:57:36 -06:00
Author
Owner
Copy link

@ghost commented on GitHub (Sep 2, 2020):

Are you using hardened kernel on Arch? If so the new x11 gpu acceleration needs kcmp+compile time support... I don't have any hang, I'm on Arch 5.8.5.arch1-1

Yeah hardened kernel. I'm using wayland btw.

<!-- gh-comment-id:685428461 --> @ghost commented on GitHub (Sep 2, 2020): > Are you using hardened kernel on Arch? If so the new x11 gpu acceleration needs kcmp+compile time support... I don't have any hang, I'm on Arch 5.8.5.arch1-1 Yeah hardened kernel. I'm using wayland btw.
gitea-mirror commented 2026-05-05 08:57:37 -06:00
Author
Owner
Copy link

@bbhtt commented on GitHub (Sep 2, 2020):

Can you do the same? Open a terminal: journalctl --follow; open another firejail firefox; assuming it freezes post the last blue line from journalctl --follow.

<!-- gh-comment-id:685431212 --> @bbhtt commented on GitHub (Sep 2, 2020): Can you do the same? Open a terminal: `journalctl --follow`; open another `firejail firefox`; assuming it freezes post the last blue line from `journalctl --follow`.
gitea-mirror commented 2026-05-05 08:57:38 -06:00
Author
Owner
Copy link

@ghost commented on GitHub (Sep 2, 2020):

Can you do the same? Open a terminal: journalctl --follow; open another firejail firefox; assuming it freezes post the last blue line from journalctl --follow.

Sep 02 13:42:22 archers audit[9394]: SECCOMP auid=1000 uid=1000 gid=1000 ses=1 pid=9394 comm="MainThread" exe="/usr/lib/firefox/firefox" sig=31 arch=c000003e syscall=312 compat=0 ip=0x65f4ebf34d5d code=0x0

<!-- gh-comment-id:685433574 --> @ghost commented on GitHub (Sep 2, 2020): > Can you do the same? Open a terminal: `journalctl --follow`; open another `firejail firefox`; assuming it freezes post the last blue line from `journalctl --follow`. `Sep 02 13:42:22 archers audit[9394]: SECCOMP auid=1000 uid=1000 gid=1000 ses=1 pid=9394 comm="MainThread" exe="/usr/lib/firefox/firefox" sig=31 arch=c000003e syscall=312 compat=0 ip=0x65f4ebf34d5d code=0x0`
gitea-mirror commented 2026-05-05 08:57:38 -06:00
Author
Owner
Copy link

@bbhtt commented on GitHub (Sep 2, 2020):

Same fix for you. I guess:

seccomp !chroot ---> seccomp !chroot,!kcmpin firefox-common.profile.

<!-- gh-comment-id:685435211 --> @bbhtt commented on GitHub (Sep 2, 2020): Same fix for you. I guess: > `seccomp !chroot` ---> `seccomp !chroot,!kcmp`in firefox-common.profile.
gitea-mirror commented 2026-05-05 08:57:39 -06:00
Author
Owner
Copy link

@toazd commented on GitHub (Sep 2, 2020):

@kortewegdevries
I am using the kernel amdgpu and a 5700XT. Firejail is version 0.9.62.4-1 from the community repository.

I reset my firefox preferences (removed prefs.js) and reverted the seccomp !chroot,!kcmp change in /etc/firejail/firefox-common.local (moved there from firefox-common.profile yesterday). Firefox started up fine with no other changes:

$ firefox
Reading profile /etc/firejail/firefox.profile
Reading profile /etc/firejail/globals.local
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/firefox-common.profile
Reading profile /etc/firejail/firefox-common-addons.inc
Reading profile /etc/firejail/allow-python3.inc
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 1829, child pid 1830
Warning: cleaning all supplementary groups
Warning: cleaning all supplementary groups
Warning: cleaning all supplementary groups
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Warning: cleaning all supplementary groups
Post-exec seccomp protector enabled
Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
Child process initialized in 84.29 ms

I reset the preferences because I realized after inspecting about:config that I had only partially finished the steps to enable VA-API . I must have gotten interrupted during the process. Either way, I had both media.ffmpeg.vaapi.enabled and media.ffvpx.enabled set to true and I wasn't using MOZ_X11_EGL=1. So, I decided to reset just to make sure nothing else would mess with the following tests.

I then set media.ffmpeg.vaapi.enabled to true and media.ffvpx.enabled to false. I then put MOZ_LOG="PlatformDecoderModule:5" and MOZ_X11_EGL=1 into /etc/environment and restarted. Firefox starts up fine and plays videos but VA-API is not used:

$ firefox 
Reading profile /etc/firejail/firefox.profile
Reading profile /etc/firejail/globals.local
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/firefox-common.profile
Reading profile /etc/firejail/firefox-common-addons.inc
Reading profile /etc/firejail/allow-python3.inc
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 1852, child pid 1853
Warning: cleaning all supplementary groups
Warning: cleaning all supplementary groups
Warning: cleaning all supplementary groups
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Warning: cleaning all supplementary groups
Post-exec seccomp protector enabled
Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
Child process initialized in 91.18 ms
[Child 307: Main Thread]: D/PlatformDecoderModule Sandbox decoder rejects requested type
...
Full output: https://pastebin.com/64e65pRY
...
[Child 307: MediaController #1]: D/PlatformDecoderModule Sandbox decoder rejects requested type
[Child 307: MediaController #1]: D/PlatformDecoderModule DMA-Buf/VA-API can't be used, WebRender/DMA-Buf is disabled
[Child 307: MediaController #1]: D/PlatformDecoderModule Sandbox decoder supports requested type
[Child 307: MediaPDecoder #3]: D/PlatformDecoderModule Initialising FFmpeg decoder.

I have libva-mesa-driver-20.1.6-1 already installed and this is the output from va-info (just confirming that VA-API is supported):

$ vainfo
vainfo: VA-API version: 1.8 (libva 2.8.0)
vainfo: Driver version: Mesa Gallium driver 20.1.6 for AMD Radeon RX 5700 XT (NAVI10, DRM 3.38.0, 5.8.5-toazd1, LLVM 10.0.1)
vainfo: Supported profile and entrypoints
VAProfileMPEG2Simple            : VAEntrypointVLD
VAProfileMPEG2Main              : VAEntrypointVLD
VAProfileVC1Simple              : VAEntrypointVLD
VAProfileVC1Main                : VAEntrypointVLD
VAProfileVC1Advanced            : VAEntrypointVLD
VAProfileH264ConstrainedBaseline: VAEntrypointVLD
VAProfileH264ConstrainedBaseline: VAEntrypointEncSlice
VAProfileH264Main               : VAEntrypointVLD
VAProfileH264Main               : VAEntrypointEncSlice
VAProfileH264High               : VAEntrypointVLD
VAProfileH264High               : VAEntrypointEncSlice
VAProfileHEVCMain               : VAEntrypointVLD
VAProfileHEVCMain               : VAEntrypointEncSlice
VAProfileHEVCMain10             : VAEntrypointVLD
VAProfileHEVCMain10             : VAEntrypointEncSlice
VAProfileJPEGBaseline           : VAEntrypointVLD
VAProfileVP9Profile0            : VAEntrypointVLD
VAProfileVP9Profile2            : VAEntrypointVLD
VAProfileNone                   : VAEntrypointVideoProc

Attempting to start firefox with the OpenGL compositor (layers.acceleration.force-enabled set to true) or the WebRender compositor (gfx.webrender.all set to true and $ MOZ_WEBRENDER=1 firefox) both fail to even open a window unless
seccomp !chroot,!kcmp is set in /etc/firejail/firefox-common.profile (/etc/firejail/firefox-common.local wouldn't work so I guess I was using the wrong file name).

With only WebRender enabled (success):

...
[Child 191: MediaPDecoder #2]: D/PlatformDecoderModule Initialising VA-API FFmpeg decoder
...
[AVHWDeviceContext @ 0x7f846812a180] VAAPI driver: Mesa Gallium driver 20.1.6 for AMD Radeon RX 5700 XT (NAVI10, DRM 3.38.0, 5.8.5-toazd1, LLVM 10.0.1).
...
[Child 191: MediaPDecoder #2]: D/PlatformDecoderModule VA-API FFmpeg init successful
...
[vp9 @ 0x7f8467960800] Considering format 0x3231564e -> nv12.
[vp9 @ 0x7f8467960800] Picked nv12 (0x3231564e) as best match for yuv420p.
[vp9 @ 0x7f8467960800] Decode context initialised: 0x13/0x14.
[vp9 @ 0x7f8467960800] Param buffer (type 0, 92 bytes) is 0x15.
[vp9 @ 0x7f8467960800] Slice 0 param buffer (316 bytes) is 0x16.
[vp9 @ 0x7f8467960800] Slice 0 data buffer (95776 bytes) is 0x17.
[vp9 @ 0x7f8467960800] Decode to surface 0x12.
[Child 191: MediaPDecoder #1]: D/PlatformDecoderModule DMABUF/VA-API Got one frame output with pts=0dts=0 duration=17000 opaque=-9223372036854775808
...

With only OpenGL compositor enabled (failed):

...
[Child 319: MediaController #1]: D/PlatformDecoderModule DMA-Buf/VA-API can't be used, WebRender/DMA-Buf is disabled
...

So, now I just need to figure out which file name to use for persistent changes instead of /etc/firejail/firefox-common.local. My first guess is /etc/firejail/firefox.local but I am not sure.

<!-- gh-comment-id:685762626 --> @toazd commented on GitHub (Sep 2, 2020): @kortewegdevries I am using the kernel amdgpu and a 5700XT. Firejail is version 0.9.62.4-1 from the community repository. I reset my firefox preferences (removed prefs.js) and reverted the `seccomp !chroot,!kcmp` change in `/etc/firejail/firefox-common.local` (moved there from `firefox-common.profile` yesterday). Firefox started up fine with no other changes: ``` $ firefox Reading profile /etc/firejail/firefox.profile Reading profile /etc/firejail/globals.local Reading profile /etc/firejail/whitelist-usr-share-common.inc Reading profile /etc/firejail/firefox-common.profile Reading profile /etc/firejail/firefox-common-addons.inc Reading profile /etc/firejail/allow-python3.inc Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Parent pid 1829, child pid 1830 Warning: cleaning all supplementary groups Warning: cleaning all supplementary groups Warning: cleaning all supplementary groups Warning: /sbin directory link was not blacklisted Warning: /usr/sbin directory link was not blacklisted Warning: cleaning all supplementary groups Post-exec seccomp protector enabled Seccomp list in: !chroot, check list: @default-keep, prelist: unknown, Child process initialized in 84.29 ms ``` I reset the preferences because I realized after inspecting about:config that I had only partially finished the steps to [enable VA-API ](https://wiki.archlinux.org/index.php/Firefox#Hardware_video_acceleration). I must have gotten interrupted during the process. Either way, I had both `media.ffmpeg.vaapi.enabled` and `media.ffvpx.enabled` set to `true` and I wasn't using `MOZ_X11_EGL=1`. So, I decided to reset just to make sure nothing else would mess with the following tests. I then set `media.ffmpeg.vaapi.enabled` to `true` and `media.ffvpx.enabled` to `false`. I then put `MOZ_LOG="PlatformDecoderModule:5"` and `MOZ_X11_EGL=1` into `/etc/environment` and restarted. Firefox starts up fine and plays videos but VA-API is not used: ``` $ firefox Reading profile /etc/firejail/firefox.profile Reading profile /etc/firejail/globals.local Reading profile /etc/firejail/whitelist-usr-share-common.inc Reading profile /etc/firejail/firefox-common.profile Reading profile /etc/firejail/firefox-common-addons.inc Reading profile /etc/firejail/allow-python3.inc Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Parent pid 1852, child pid 1853 Warning: cleaning all supplementary groups Warning: cleaning all supplementary groups Warning: cleaning all supplementary groups Warning: /sbin directory link was not blacklisted Warning: /usr/sbin directory link was not blacklisted Warning: cleaning all supplementary groups Post-exec seccomp protector enabled Seccomp list in: !chroot, check list: @default-keep, prelist: unknown, Child process initialized in 91.18 ms [Child 307: Main Thread]: D/PlatformDecoderModule Sandbox decoder rejects requested type ... Full output: https://pastebin.com/64e65pRY ... [Child 307: MediaController #1]: D/PlatformDecoderModule Sandbox decoder rejects requested type [Child 307: MediaController #1]: D/PlatformDecoderModule DMA-Buf/VA-API can't be used, WebRender/DMA-Buf is disabled [Child 307: MediaController #1]: D/PlatformDecoderModule Sandbox decoder supports requested type [Child 307: MediaPDecoder #3]: D/PlatformDecoderModule Initialising FFmpeg decoder. ``` I have libva-mesa-driver-20.1.6-1 already installed and this is the output from va-info (just confirming that VA-API is supported): ``` $ vainfo vainfo: VA-API version: 1.8 (libva 2.8.0) vainfo: Driver version: Mesa Gallium driver 20.1.6 for AMD Radeon RX 5700 XT (NAVI10, DRM 3.38.0, 5.8.5-toazd1, LLVM 10.0.1) vainfo: Supported profile and entrypoints VAProfileMPEG2Simple : VAEntrypointVLD VAProfileMPEG2Main : VAEntrypointVLD VAProfileVC1Simple : VAEntrypointVLD VAProfileVC1Main : VAEntrypointVLD VAProfileVC1Advanced : VAEntrypointVLD VAProfileH264ConstrainedBaseline: VAEntrypointVLD VAProfileH264ConstrainedBaseline: VAEntrypointEncSlice VAProfileH264Main : VAEntrypointVLD VAProfileH264Main : VAEntrypointEncSlice VAProfileH264High : VAEntrypointVLD VAProfileH264High : VAEntrypointEncSlice VAProfileHEVCMain : VAEntrypointVLD VAProfileHEVCMain : VAEntrypointEncSlice VAProfileHEVCMain10 : VAEntrypointVLD VAProfileHEVCMain10 : VAEntrypointEncSlice VAProfileJPEGBaseline : VAEntrypointVLD VAProfileVP9Profile0 : VAEntrypointVLD VAProfileVP9Profile2 : VAEntrypointVLD VAProfileNone : VAEntrypointVideoProc ``` Attempting to start firefox with the OpenGL compositor (`layers.acceleration.force-enabled` set to `true`) or the WebRender compositor (`gfx.webrender.all` set to `true` and `$ MOZ_WEBRENDER=1 firefox`) both fail to even open a window unless `seccomp !chroot,!kcmp` is set in `/etc/firejail/firefox-common.profile` (`/etc/firejail/firefox-common.local` wouldn't work so I guess I was using the wrong file name). With only WebRender enabled (success): ``` ... [Child 191: MediaPDecoder #2]: D/PlatformDecoderModule Initialising VA-API FFmpeg decoder ... [AVHWDeviceContext @ 0x7f846812a180] VAAPI driver: Mesa Gallium driver 20.1.6 for AMD Radeon RX 5700 XT (NAVI10, DRM 3.38.0, 5.8.5-toazd1, LLVM 10.0.1). ... [Child 191: MediaPDecoder #2]: D/PlatformDecoderModule VA-API FFmpeg init successful ... [vp9 @ 0x7f8467960800] Considering format 0x3231564e -> nv12. [vp9 @ 0x7f8467960800] Picked nv12 (0x3231564e) as best match for yuv420p. [vp9 @ 0x7f8467960800] Decode context initialised: 0x13/0x14. [vp9 @ 0x7f8467960800] Param buffer (type 0, 92 bytes) is 0x15. [vp9 @ 0x7f8467960800] Slice 0 param buffer (316 bytes) is 0x16. [vp9 @ 0x7f8467960800] Slice 0 data buffer (95776 bytes) is 0x17. [vp9 @ 0x7f8467960800] Decode to surface 0x12. [Child 191: MediaPDecoder #1]: D/PlatformDecoderModule DMABUF/VA-API Got one frame output with pts=0dts=0 duration=17000 opaque=-9223372036854775808 ... ``` With only OpenGL compositor enabled (failed): ``` ... [Child 319: MediaController #1]: D/PlatformDecoderModule DMA-Buf/VA-API can't be used, WebRender/DMA-Buf is disabled ... ``` So, now I just need to figure out which file name to use for persistent changes instead of `/etc/firejail/firefox-common.local`. My first guess is `/etc/firejail/firefox.local` but I am not sure.
gitea-mirror commented 2026-05-05 08:57:39 -06:00
Author
Owner
Copy link

@bbhtt commented on GitHub (Sep 2, 2020):

Thanks, I guess I'm the exception here, I also use same drivers+webgl (usually have it disabled but I turned on for testing) on Arch but weird, it doesn't hang for me.

<!-- gh-comment-id:685798165 --> @bbhtt commented on GitHub (Sep 2, 2020): Thanks, I guess I'm the exception here, I also use same drivers+webgl (usually have it disabled but I turned on for testing) on Arch but weird, it doesn't hang for me.
gitea-mirror commented 2026-05-05 08:57:39 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Sep 2, 2020):

This is #3219.

<!-- gh-comment-id:685810449 --> @rusty-snake commented on GitHub (Sep 2, 2020): This is #3219.
gitea-mirror commented 2026-05-05 08:57:40 -06:00
Author
Owner
Copy link

@bbhtt commented on GitHub (Sep 3, 2020):

This is #3219.

PR 3301 works? Somehow I'm not affected by this on Ubuntu (mesa from oibaf ppa) or on Arch mesa 20.1.6-1, I have a R7 or R5 card. Only time I saw that behavior was for miniutube on Arch only but not on Ubuntu. The arch package has the fix while I think Ubuntu package does not.

<!-- gh-comment-id:686252214 --> @bbhtt commented on GitHub (Sep 3, 2020): > This is #3219. PR 3301 works? Somehow I'm not affected by this on Ubuntu (mesa from oibaf ppa) or on Arch mesa 20.1.6-1, I have a R7 or R5 card. Only time I saw that behavior was for miniutube on Arch only but not on Ubuntu. The arch package has the fix while I think Ubuntu package does not.
gitea-mirror commented 2026-05-05 08:57:40 -06:00
Author
Owner
Copy link

@ghost commented on GitHub (Sep 4, 2020):

I can confirm that this happens only with amdgpu mesa driver. Some older version of firefox (maybe 78 or 79) did work fine without seccomp=!kcmp as I was didn't need to modify firefox profile before.
Closing this one as the same issue already exists #3219

<!-- gh-comment-id:686872777 --> @ghost commented on GitHub (Sep 4, 2020): I can confirm that this happens only with amdgpu mesa driver. Some older version of firefox (maybe 78 or 79) did work fine without `seccomp=!kcmp` as I was didn't need to modify firefox profile before. Closing this one as the same issue already exists #3219
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2265
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?