[GH-ISSUE #3668] Some gui applications do not accept keyboard input if host X11 DISPLAY env variable is not 0 #2308

New issue

Open

opened 2026-05-05 08:59:51 -06:00 by gitea-mirror · 0 comments

gitea-mirror commented

2026-05-05 08:59:51 -06:00

Owner

Originally created by @Stephen-Seo on GitHub (Oct 14, 2020).
Original GitHub issue: https://github.com/netblue30/firejail/issues/3668

Bug and expected behavior
If the current host X11 session is not display 0 (when the "DISPLAY" env variable is not set to ":0"), some gui applications that are running within firejail do not accept keyboard input. If X11 is running with DISPLAY id 0, then things work as expected.

No profile and disabling firejail

What changed calling firejail --noprofile /path/to/program in a terminal?
Nothing changes for the same applications, they still do not accept keyboard input.
What changed calling the program by path (check which <program> or firejail --list while the sandbox is running)?
Running the program without firejail works as expected.

Reproduce
Steps to reproduce the behavior:

Start host X11 without using DISPLAY id 0 startx -- :1
Start a gui application with firejail firejail chromium or firejail firefox
or firejail vivaldi-stable
Attempt to type in the gui application

Environment

Linux distribution and version (ie output of lsb_release -a, screenfetch or cat /etc/os-release)
ArchLinux x86_64
Firejail version (output of firejail --version) exclusive or used git commit (git rev-parse HEAD)
firejail version 0.9.62.4

Additional context
Some other gui applications accept keyboard input (such as alacritty, xterm,
kitty, kid3-qt, gimp, audacity), and some do not (such as gnucash, vivaldi,
firefox, chromium) when the DISPLAY env is not 0.

Checklist

The upstream profile (and redirect profile if exists) have no changes fixing it.
The program has a profile. (If not, request one in # 1139)
Programs needed for interaction are listed in the profile.
A short search for duplicates was performed.
If it is a AppImage, --profile=PROFILENAME is used to set the right profile.

debug output

Reading profile /etc/firejail/chromium.profile
Autoselecting /bin/bash as shell
Building quoted command line: 'chromium' 
Command name #chromium#
Found chromium.profile profile in /etc/firejail directory
Reading profile /etc/firejail/globals.local
Found globals.local profile in /etc/firejail directory
Reading profile /etc/firejail/chromium-common.profile
Found chromium-common.profile profile in /etc/firejail directory
Reading profile /etc/firejail/disable-common.inc
conditional BROWSER_ALLOW_DRM, ignore noexec ${HOME}
Found disable-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-devel.inc
Found disable-devel.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-exec.inc
Found disable-exec.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-interpreters.inc
Found disable-interpreters.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-programs.inc
Found disable-programs.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-common.inc
Found whitelist-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-var-common.inc
Found whitelist-var-common.inc profile in /etc/firejail directory
DISPLAY=:1 parsed as 1
Parent pid 13390, child pid 13391
conditional BROWSER_DISABLE_U2F, nou2f
conditional BROWSER_DISABLE_U2F, private-dev
Using the local network stack
Debug 423: new_name #/home/stephen/.cache/chromium#, whitelist
Debug 531: fname #/home/stephen/.cache/chromium#, cfg.homedir #/home/stephen#
Debug 423: new_name #/home/stephen/.config/chromium#, whitelist
Debug 531: fname #/home/stephen/.config/chromium#, cfg.homedir #/home/stephen#
Debug 423: new_name #/home/stephen/.config/chromium-flags.conf#, whitelist
conditional BROWSER_DISABLE_U2F, nou2f
conditional BROWSER_DISABLE_U2F, private-dev
Using the local network stack
Initializing child process
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp directory
Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file
IBUS_ADDRESS=unix:abstract=/tmp/dbus-26AG5xmu,guid=e8ebd0291d798ba8daf7614d5c199c13
IBUS_DAEMON_PID=1420
IBUS_ADDRESS=unix:abstract=/home/stephen/.cache/ibus/dbus-GPT5U7MK,guid=1652ac20c16e0c690a71ef9b5f86611c
IBUS_DAEMON_PID=4887
Mounting /proc filesystem representing the PID namespace
Basic read-only filesystem:
Mounting read-only /etc
Mounting noexec /etc
Mounting read-only /var
Mounting noexec /var
Mounting read-only /bin
Mounting read-only /lib
Mounting read-only /usr
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Mounting tmpfs on /var/lib/dhcp
Mounting tmpfs on /var/lib/nginx
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Cleaning /run/user directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /home/stephen/.config/firejail
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/profile
Disable /run/firejail/x11
Mounting tmpfs on /dev
mounting /run/firejail/mnt/dev/snd directory
mounting /run/firejail/mnt/dev/dri directory
mounting /run/firejail/mnt/dev/nvidia0 file
mounting /run/firejail/mnt/dev/nvidiactl file
mounting /run/firejail/mnt/dev/nvidia-modeset file
mounting /run/firejail/mnt/dev/video0 file
mounting /run/firejail/mnt/dev/video1 file
Process /dev/shm directory
Mounting read-only /proc/sys
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/power
Disable /sys/kernel/debug
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/sched_debug
Disable /proc/timer_list
Disable /proc/kallsyms
Disable /usr/lib/modules/5.8.14-arch1-1/build (requested /usr/src/linux)
Disable /usr/lib/modules (requested /lib/modules)
Disable /boot
Disable /run/user/1000/gnupg
Disable /run/user/1000/systemd
Disable /proc/kmsg
Replaced whitelist path: whitelist /home/stephen/.cache/chromium
Replaced whitelist path: whitelist /home/stephen/.config/chromium
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/chromium-flags.conf
	expanded: /home/stephen/.config/chromium-flags.conf
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/stephen/Downloads#, whitelist
Debug 531: fname #/home/stephen/Downloads#, cfg.homedir #/home/stephen#
Debug 423: new_name #/home/stephen/.pki#, whitelist
Debug 531: fname #/home/stephen/.pki#, cfg.homedir #/home/stephen#
Debug 423: new_name #/home/stephen/.local/share/pki#, whitelist
Debug 531: fname #/home/stephen/.local/share/pki#, cfg.homedir #/home/stephen#
Debug 423: new_name #/home/stephen/.XCompose#, whitelist
Directory ${DOWNLOADS} resolved as Downloads
Replaced whitelist path: whitelist /home/stephen/Downloads
Replaced whitelist path: whitelist /home/stephen/.pki
Replaced whitelist path: whitelist /home/stephen/.local/share/pki
Removed whitelist/nowhitelist path: whitelist ${HOME}/.XCompose
	expanded: /home/stephen/.XCompose
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/stephen/.asoundrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.asoundrc
	expanded: /home/stephen/.asoundrc
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/stephen/.config/ibus#, whitelist
Debug 531: fname #/home/stephen/.config/ibus#, cfg.homedir #/home/stephen#
Debug 423: new_name #/home/stephen/.config/mimeapps.list#, whitelist
Debug 531: fname #/home/stephen/.config/mimeapps.list#, cfg.homedir #/home/stephen#
Debug 423: new_name #/home/stephen/.config/pkcs11#, whitelist
Replaced whitelist path: whitelist /home/stephen/.config/ibus
Replaced whitelist path: whitelist /home/stephen/.config/mimeapps.list
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/pkcs11
	expanded: /home/stephen/.config/pkcs11
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/stephen/.config/user-dirs.dirs#, whitelist
Debug 531: fname #/home/stephen/.config/user-dirs.dirs#, cfg.homedir #/home/stephen#
Debug 423: new_name #/home/stephen/.drirc#, whitelist
Replaced whitelist path: whitelist /home/stephen/.config/user-dirs.dirs
Removed whitelist/nowhitelist path: whitelist ${HOME}/.drirc
	expanded: /home/stephen/.drirc
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/stephen/.icons#, whitelist
Debug 531: fname #/home/stephen/.icons#, cfg.homedir #/home/stephen#
Debug 423: new_name #/home/stephen/.local/share/applications#, whitelist
Debug 531: fname #/home/stephen/.local/share/applications#, cfg.homedir #/home/stephen#
Debug 423: new_name #/home/stephen/.local/share/icons#, whitelist
Debug 531: fname #/home/stephen/.local/share/icons#, cfg.homedir #/home/stephen#
Debug 423: new_name #/home/stephen/.local/share/mime#, whitelist
Debug 531: fname #/home/stephen/.local/share/mime#, cfg.homedir #/home/stephen#
Debug 423: new_name #/home/stephen/.mime.types#, whitelist
Replaced whitelist path: whitelist /home/stephen/.icons
Replaced whitelist path: whitelist /home/stephen/.local/share/applications
Replaced whitelist path: whitelist /home/stephen/.local/share/icons
Replaced whitelist path: whitelist /home/stephen/.local/share/mime
Removed whitelist/nowhitelist path: whitelist ${HOME}/.mime.types
	expanded: /home/stephen/.mime.types
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/stephen/.config/dconf#, whitelist
Debug 531: fname #/home/stephen/.config/dconf#, cfg.homedir #/home/stephen#
Debug 423: new_name #/home/stephen/.cache/fontconfig#, whitelist
Debug 531: fname #/home/stephen/.cache/fontconfig#, cfg.homedir #/home/stephen#
Debug 423: new_name #/home/stephen/.config/fontconfig#, whitelist
Replaced whitelist path: whitelist /home/stephen/.config/dconf
Replaced whitelist path: whitelist /home/stephen/.cache/fontconfig
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/fontconfig
	expanded: /home/stephen/.config/fontconfig
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/stephen/.fontconfig#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fontconfig
	expanded: /home/stephen/.fontconfig
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/stephen/.fonts#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts
	expanded: /home/stephen/.fonts
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/stephen/.fonts.conf#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf
	expanded: /home/stephen/.fonts.conf
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/stephen/.fonts.conf.d#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf.d
	expanded: /home/stephen/.fonts.conf.d
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/stephen/.fonts.d#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.d
	expanded: /home/stephen/.fonts.d
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/stephen/.local/share/fonts#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/fonts
	expanded: /home/stephen/.local/share/fonts
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/stephen/.pangorc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.pangorc
	expanded: /home/stephen/.pangorc
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/stephen/.config/gtk-2.0#, whitelist
Debug 531: fname #/home/stephen/.config/gtk-2.0#, cfg.homedir #/home/stephen#
Debug 423: new_name #/home/stephen/.config/gtk-3.0#, whitelist
Debug 531: fname #/home/stephen/.config/gtk-3.0#, cfg.homedir #/home/stephen#
Debug 423: new_name #/home/stephen/.config/gtkrc#, whitelist
Replaced whitelist path: whitelist /home/stephen/.config/gtk-2.0
Replaced whitelist path: whitelist /home/stephen/.config/gtk-3.0
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc
	expanded: /home/stephen/.config/gtkrc
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/stephen/.config/gtkrc-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc-2.0
	expanded: /home/stephen/.config/gtkrc-2.0
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/stephen/.gnome2#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2
	expanded: /home/stephen/.gnome2
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/stephen/.gnome2-private#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2-private
	expanded: /home/stephen/.gnome2-private
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/stephen/.gtk-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtk-2.0
	expanded: /home/stephen/.gtk-2.0
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/stephen/.gtkrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtkrc
	expanded: /home/stephen/.gtkrc
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/stephen/.gtkrc-2.0#, whitelist
Debug 531: fname #/home/stephen/.gtkrc-2.0#, cfg.homedir #/home/stephen#
Debug 423: new_name #/home/stephen/.kde/share/config/gtkrc#, whitelist
Replaced whitelist path: whitelist /home/stephen/.gtkrc-2.0
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc
	expanded: /home/stephen/.kde/share/config/gtkrc
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/stephen/.kde/share/config/gtkrc-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc-2.0
	expanded: /home/stephen/.kde/share/config/gtkrc-2.0
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/stephen/.kde4/share/config/gtkrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc
	expanded: /home/stephen/.kde4/share/config/gtkrc
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/stephen/.kde4/share/config/gtkrc-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc-2.0
	expanded: /home/stephen/.kde4/share/config/gtkrc-2.0
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/stephen/.local/share/themes#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/themes
	expanded: /home/stephen/.local/share/themes
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/stephen/.themes#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.themes
	expanded: /home/stephen/.themes
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/stephen/.cache/kioexec/krun#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.cache/kioexec/krun
	expanded: /home/stephen/.cache/kioexec/krun
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/stephen/.config/Kvantum#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/Kvantum
	expanded: /home/stephen/.config/Kvantum
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/stephen/.config/Trolltech.conf#, whitelist
Debug 531: fname #/home/stephen/.config/Trolltech.conf#, cfg.homedir #/home/stephen#
Debug 423: new_name #/home/stephen/.config/kdeglobals#, whitelist
Debug 531: fname #/home/stephen/.config/kdeglobals#, cfg.homedir #/home/stephen#
Debug 423: new_name #/home/stephen/.config/kio_httprc#, whitelist
Replaced whitelist path: whitelist /home/stephen/.config/Trolltech.conf
Replaced whitelist path: whitelist /home/stephen/.config/kdeglobals
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kio_httprc
	expanded: /home/stephen/.config/kio_httprc
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/stephen/.config/kioslaverc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kioslaverc
	expanded: /home/stephen/.config/kioslaverc
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/stephen/.config/ksslcablacklist#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/ksslcablacklist
	expanded: /home/stephen/.config/ksslcablacklist
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/stephen/.config/qt5ct#, whitelist
Debug 531: fname #/home/stephen/.config/qt5ct#, cfg.homedir #/home/stephen#
Debug 423: new_name #/home/stephen/.kde/share/config/kdeglobals#, whitelist
Replaced whitelist path: whitelist /home/stephen/.config/qt5ct
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kdeglobals
	expanded: /home/stephen/.kde/share/config/kdeglobals
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/stephen/.kde/share/config/kio_httprc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kio_httprc
	expanded: /home/stephen/.kde/share/config/kio_httprc
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/stephen/.kde/share/config/kioslaverc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kioslaverc
	expanded: /home/stephen/.kde/share/config/kioslaverc
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/stephen/.kde/share/config/ksslcablacklist#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/ksslcablacklist
	expanded: /home/stephen/.kde/share/config/ksslcablacklist
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/stephen/.kde/share/config/oxygenrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/oxygenrc
	expanded: /home/stephen/.kde/share/config/oxygenrc
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/stephen/.kde/share/icons#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/icons
	expanded: /home/stephen/.kde/share/icons
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/stephen/.kde4/share/config/kdeglobals#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kdeglobals
	expanded: /home/stephen/.kde4/share/config/kdeglobals
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/stephen/.kde4/share/config/kio_httprc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kio_httprc
	expanded: /home/stephen/.kde4/share/config/kio_httprc
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/stephen/.kde4/share/config/kioslaverc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kioslaverc
	expanded: /home/stephen/.kde4/share/config/kioslaverc
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/stephen/.kde4/share/config/ksslcablacklist#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/ksslcablacklist
	expanded: /home/stephen/.kde4/share/config/ksslcablacklist
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/stephen/.kde4/share/config/oxygenrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/oxygenrc
	expanded: /home/stephen/.kde4/share/config/oxygenrc
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/stephen/.kde4/share/icons#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/icons
	expanded: /home/stephen/.kde4/share/icons
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/home/stephen/.local/share/qt5ct#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/qt5ct
	expanded: /home/stephen/.local/share/qt5ct
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/var/lib/dbus#, whitelist
Debug 423: new_name #/var/lib/menu-xdg#, whitelist
Removed whitelist/nowhitelist path: whitelist /var/lib/menu-xdg
	expanded: /var/lib/menu-xdg
	real path: (null)
	realpath: No such file or directory
Debug 423: new_name #/var/cache/fontconfig#, whitelist
Debug 423: new_name #/var/tmp#, whitelist
Debug 423: new_name #/var/run#, whitelist
Debug 423: new_name #/var/lock#, whitelist
Replaced whitelist path: whitelist /run
Replaced whitelist path: whitelist /run/lock
Mounting tmpfs on /var directory
Mounting a new /home directory
Mounting a new /root directory
Create a new user directory
Whitelisting /home/stephen/.cache/chromium
912 910 0:23 /home/stephen/.cache/chromium /home/stephen/.cache/chromium rw,relatime master:71 - btrfs /dev/mapper/ecRoot rw,space_cache,subvolid=259,subvol=/home
mountid=912 fsname=/home/stephen/.cache/chromium dir=/home/stephen/.cache/chromium fstype=btrfs
Whitelisting /home/stephen/.config/chromium
913 910 0:23 /home/stephen/.config/chromium /home/stephen/.config/chromium rw,relatime master:71 - btrfs /dev/mapper/ecRoot rw,space_cache,subvolid=259,subvol=/home
mountid=913 fsname=/home/stephen/.config/chromium dir=/home/stephen/.config/chromium fstype=btrfs
Whitelisting /home/stephen/Downloads
914 910 0:23 /home/stephen/Downloads /home/stephen/Downloads rw,relatime master:71 - btrfs /dev/mapper/ecRoot rw,space_cache,subvolid=259,subvol=/home
mountid=914 fsname=/home/stephen/Downloads dir=/home/stephen/Downloads fstype=btrfs
Whitelisting /home/stephen/.pki
915 910 0:23 /home/stephen/.pki /home/stephen/.pki rw,relatime master:71 - btrfs /dev/mapper/ecRoot rw,space_cache,subvolid=259,subvol=/home
mountid=915 fsname=/home/stephen/.pki dir=/home/stephen/.pki fstype=btrfs
Whitelisting /home/stephen/.local/share/pki
916 910 0:23 /home/stephen/.local/share/pki /home/stephen/.local/share/pki rw,relatime master:71 - btrfs /dev/mapper/ecRoot rw,space_cache,subvolid=259,subvol=/home
mountid=916 fsname=/home/stephen/.local/share/pki dir=/home/stephen/.local/share/pki fstype=btrfs
Whitelisting /home/stephen/.config/ibus
917 910 0:23 /home/stephen/.config/ibus /home/stephen/.config/ibus rw,relatime master:71 - btrfs /dev/mapper/ecRoot rw,space_cache,subvolid=259,subvol=/home
mountid=917 fsname=/home/stephen/.config/ibus dir=/home/stephen/.config/ibus fstype=btrfs
Whitelisting /home/stephen/.config/mimeapps.list
918 910 0:23 /home/stephen/.config/mimeapps.list /home/stephen/.config/mimeapps.list rw,relatime master:71 - btrfs /dev/mapper/ecRoot rw,space_cache,subvolid=259,subvol=/home
mountid=918 fsname=/home/stephen/.config/mimeapps.list dir=/home/stephen/.config/mimeapps.list fstype=btrfs
Whitelisting /home/stephen/.config/user-dirs.dirs
919 910 0:23 /home/stephen/.config/user-dirs.dirs /home/stephen/.config/user-dirs.dirs rw,relatime master:71 - btrfs /dev/mapper/ecRoot rw,space_cache,subvolid=259,subvol=/home
mountid=919 fsname=/home/stephen/.config/user-dirs.dirs dir=/home/stephen/.config/user-dirs.dirs fstype=btrfs
Whitelisting /home/stephen/.icons
920 910 0:23 /home/stephen/.icons /home/stephen/.icons rw,relatime master:71 - btrfs /dev/mapper/ecRoot rw,space_cache,subvolid=259,subvol=/home
mountid=920 fsname=/home/stephen/.icons dir=/home/stephen/.icons fstype=btrfs
Whitelisting /home/stephen/.local/share/applications
921 910 0:23 /home/stephen/.local/share/applications /home/stephen/.local/share/applications rw,relatime master:71 - btrfs /dev/mapper/ecRoot rw,space_cache,subvolid=259,subvol=/home
mountid=921 fsname=/home/stephen/.local/share/applications dir=/home/stephen/.local/share/applications fstype=btrfs
Whitelisting /home/stephen/.local/share/icons
922 910 0:23 /home/stephen/.local/share/icons /home/stephen/.local/share/icons rw,relatime master:71 - btrfs /dev/mapper/ecRoot rw,space_cache,subvolid=259,subvol=/home
mountid=922 fsname=/home/stephen/.local/share/icons dir=/home/stephen/.local/share/icons fstype=btrfs
Whitelisting /home/stephen/.local/share/mime
923 910 0:23 /home/stephen/.local/share/mime /home/stephen/.local/share/mime rw,relatime master:71 - btrfs /dev/mapper/ecRoot rw,space_cache,subvolid=259,subvol=/home
mountid=923 fsname=/home/stephen/.local/share/mime dir=/home/stephen/.local/share/mime fstype=btrfs
Whitelisting /home/stephen/.config/dconf
924 910 0:23 /home/stephen/.config/dconf /home/stephen/.config/dconf rw,relatime master:71 - btrfs /dev/mapper/ecRoot rw,space_cache,subvolid=259,subvol=/home
mountid=924 fsname=/home/stephen/.config/dconf dir=/home/stephen/.config/dconf fstype=btrfs
Whitelisting /home/stephen/.cache/fontconfig
925 910 0:23 /home/stephen/.cache/fontconfig /home/stephen/.cache/fontconfig rw,relatime master:71 - btrfs /dev/mapper/ecRoot rw,space_cache,subvolid=259,subvol=/home
mountid=925 fsname=/home/stephen/.cache/fontconfig dir=/home/stephen/.cache/fontconfig fstype=btrfs
Whitelisting /home/stephen/.config/gtk-2.0
926 910 0:23 /home/stephen/.config/gtk-2.0 /home/stephen/.config/gtk-2.0 rw,relatime master:71 - btrfs /dev/mapper/ecRoot rw,space_cache,subvolid=259,subvol=/home
mountid=926 fsname=/home/stephen/.config/gtk-2.0 dir=/home/stephen/.config/gtk-2.0 fstype=btrfs
Whitelisting /home/stephen/.config/gtk-3.0
927 910 0:23 /home/stephen/.config/gtk-3.0 /home/stephen/.config/gtk-3.0 rw,relatime master:71 - btrfs /dev/mapper/ecRoot rw,space_cache,subvolid=259,subvol=/home
mountid=927 fsname=/home/stephen/.config/gtk-3.0 dir=/home/stephen/.config/gtk-3.0 fstype=btrfs
Whitelisting /home/stephen/.gtkrc-2.0
928 910 0:23 /home/stephen/.gtkrc-2.0 /home/stephen/.gtkrc-2.0 rw,relatime master:71 - btrfs /dev/mapper/ecRoot rw,space_cache,subvolid=259,subvol=/home
mountid=928 fsname=/home/stephen/.gtkrc-2.0 dir=/home/stephen/.gtkrc-2.0 fstype=btrfs
Whitelisting /home/stephen/.config/Trolltech.conf
929 910 0:23 /home/stephen/.config/Trolltech.conf /home/stephen/.config/Trolltech.conf rw,relatime master:71 - btrfs /dev/mapper/ecRoot rw,space_cache,subvolid=259,subvol=/home
mountid=929 fsname=/home/stephen/.config/Trolltech.conf dir=/home/stephen/.config/Trolltech.conf fstype=btrfs
Whitelisting /home/stephen/.config/kdeglobals
930 910 0:23 /home/stephen/.config/kdeglobals /home/stephen/.config/kdeglobals rw,relatime master:71 - btrfs /dev/mapper/ecRoot rw,space_cache,subvolid=259,subvol=/home
mountid=930 fsname=/home/stephen/.config/kdeglobals dir=/home/stephen/.config/kdeglobals fstype=btrfs
Whitelisting /home/stephen/.config/qt5ct
931 910 0:23 /home/stephen/.config/qt5ct /home/stephen/.config/qt5ct rw,relatime master:71 - btrfs /dev/mapper/ecRoot rw,space_cache,subvolid=259,subvol=/home
mountid=931 fsname=/home/stephen/.config/qt5ct dir=/home/stephen/.config/qt5ct fstype=btrfs
Whitelisting /var/lib/dbus
932 907 0:23 /root/var/lib/dbus /var/lib/dbus ro,nosuid,nodev,noexec,relatime master:1 - btrfs /dev/mapper/ecRoot rw,space_cache,subvolid=256,subvol=/root
mountid=932 fsname=/root/var/lib/dbus dir=/var/lib/dbus fstype=btrfs
Whitelisting /var/cache/fontconfig
933 907 0:23 /root/var/cache/fontconfig /var/cache/fontconfig ro,nosuid,nodev,noexec,relatime master:1 - btrfs /dev/mapper/ecRoot rw,space_cache,subvolid=256,subvol=/root
mountid=933 fsname=/root/var/cache/fontconfig dir=/var/cache/fontconfig fstype=btrfs
Whitelisting /var/tmp
934 907 0:66 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw
mountid=934 fsname=/ dir=/var/tmp fstype=tmpfs
Created symbolic link /var/run -> /run
Created symbolic link /var/lock -> /run/lock
Disable /mnt
Disable /etc/X11/Xsession.d
Disable /etc/xdg/autostart
Mounting read-only /home/stephen/.Xauthority
940 910 0:77 /stephen/.Xauthority /home/stephen/.Xauthority ro,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755
mountid=940 fsname=/stephen/.Xauthority dir=/home/stephen/.Xauthority fstype=tmpfs
Mounting read-only /home/stephen/.config/kdeglobals
941 930 0:23 /home/stephen/.config/kdeglobals /home/stephen/.config/kdeglobals ro,relatime master:71 - btrfs /dev/mapper/ecRoot rw,space_cache,subvolid=259,subvol=/home
mountid=941 fsname=/home/stephen/.config/kdeglobals dir=/home/stephen/.config/kdeglobals fstype=btrfs
Mounting read-only /home/stephen/.config/dconf
942 924 0:23 /home/stephen/.config/dconf /home/stephen/.config/dconf ro,relatime master:71 - btrfs /dev/mapper/ecRoot rw,space_cache,subvolid=259,subvol=/home
mountid=942 fsname=/home/stephen/.config/dconf dir=/home/stephen/.config/dconf fstype=btrfs
Disable /etc/profile.d
Disable /etc/kernel
Disable /etc/grub.d
Disable /etc/dkms
Disable /etc/apparmor.d
Disable /etc/apparmor
Disable /etc/modules-load.d
Disable /etc/logrotate.d
Disable /etc/logrotate.conf
Mounting read-only /home/stepheWarning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
n/.bashrc
952 910 0:77 /stephen/.bashrc /home/stephen/.bashrc ro,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755
mountid=952 fsname=/stephen/.bashrc dir=/home/stephen/.bashrc fstype=tmpfs
Mounting read-only /home/stephen/.local/share/applications
953 921 0:23 /home/stephen/.local/share/applications /home/stephen/.local/share/applications ro,relatime master:71 - btrfs /dev/mapper/ecRoot rw,space_cache,subvolid=259,subvol=/home
mountid=953 fsname=/home/stephen/.local/share/applications dir=/home/stephen/.local/share/applications fstype=btrfs
Not blacklist /home/stephen/.pki
Not blacklist /home/stephen/.local/share/pki
Disable /etc/group-
Disable /etc/gshadow
Disable /etc/gshadow-
Disable /etc/passwd-
Disable /etc/shadow
Disable /etc/shadow-
Disable /etc/ssh
Disable /usr/local/sbin
Disable /usr/bin/chage
Disable /usr/bin/chfn
Disable /usr/bin/chsh
Disable /usr/bin/expiry
Disable /usr/bin/fusermount
Disable /usr/bin/gpasswd
Disable /usr/bin/ksu
Disable /usr/bin/mount
Disable /usr/bin/nc
Disable /usr/bin/newgidmap
Disable /usr/bin/newgrp
Disable /usr/bin/newuidmap
Disable /usr/bin/ntfs-3g
Disable /usr/bin/pkexec
Disable /usr/bin/sg
Disable /usr/bin/su
Disable /usr/bin/sudo
Disable /usr/bin/umount
Disable /usr/bin/unix_chkpwd
Disable /usr/bin/xinput
Disable /tmp/tmux-1000
Disable /usr/bin/urxvtc
Disable /usr/bin/xfce4-terminal
Disable /usr/bin/bwrap
Disable /proc/config.gz
Disable /usr/bin/clang-10 (requested /usr/bin/clang)
Disable /usr/bin/clang-10 (requested /usr/bin/clang++)
Disable /usr/bin/clang-10
Disable /usr/bin/clang-apply-replacements
Disable /usr/bin/clang-change-namespace
Disable /usr/bin/clang-check
Disable /usr/bin/clang-10 (requested /usr/bin/clang-cl)
Disable /usr/bin/clang-10 (requested /usr/bin/clang-cpp)
Disable /usr/bin/clang-doc
Disable /usr/bin/clang-extdef-mapping
Disable /usr/bin/clang-format
Disable /usr/bin/clang-import-test
Disable /usr/bin/clang-include-fixer
Disable /usr/bin/clang-move
Disable /usr/bin/clang-offload-bundler
Disable /usr/bin/clang-offload-wrapper
Disable /usr/bin/clang-query
Disable /usr/bin/clang-refactor
Disable /usr/bin/clang-rename
Disable /usr/bin/clang-reorder-fields
Disable /usr/bin/clang-scan-deps
Disable /usr/bin/clang-tidy
Disable /usr/bin/clangd
Disable /usr/bin/lldb
Disable /usr/bin/lldb-argdumper
Disable /usr/bin/lldb-instr
Disable /usr/bin/lldb-server
Disable /usr/bin/lldb-vscode
Disable /usr/bin/llvm-PerfectShuffle
Disable /usr/bin/llvm-symbolizer (requested /usr/bin/llvm-addr2line)
Disable /usr/bin/llvm-ar
Disable /usr/bin/llvm-as
Disable /usr/bin/llvm-bcanalyzer
Disable /usr/bin/llvm-c-test
Disable /usr/bin/llvm-cat
Disable /usr/bin/llvm-cfi-verify
Disable /usr/bin/llvm-config
Disable /usr/bin/llvm-cov
Disable /usr/bin/llvm-cvtres
Disable /usr/bin/llvm-cxxdump
Disable /usr/bin/llvm-cxxfilt
Disable /usr/bin/llvm-cxxmap
Disable /usr/bin/llvm-diff
Disable /usr/bin/llvm-dis
Disable /usr/bin/llvm-ar (requested /usr/bin/llvm-dlltool)
Disable /usr/bin/llvm-dwarfdump
Disable /usr/bin/llvm-dwp
Disable /usr/bin/llvm-elfabi
Disable /usr/bin/llvm-exegesis
Disable /usr/bin/llvm-extract
Disable /usr/bin/llvm-ifs
Disable /usr/bin/llvm-objcopy (requested /usr/bin/llvm-install-name-tool)
Disable /usr/bin/llvm-jitlink
Disable /usr/bin/llvm-ar (requested /usr/bin/llvm-lib)
Disable /usr/bin/llvm-link
Disable /usr/bin/llvm-lipo
Disable /usr/bin/llvm-lto
Disable /usr/bin/llvm-lto2
Disable /usr/bin/llvm-mc
Disable /usr/bin/llvm-mca
Disable /usr/bin/llvm-modextract
Disable /usr/bin/llvm-mt
Disable /usr/bin/llvm-nm
Disable /usr/bin/llvm-objcopy
Disable /usr/bin/llvm-objdump
Disable /usr/bin/llvm-opt-report
Disable /usr/bin/llvm-pdbutil
Disable /usr/bin/llvm-profdata
Disable /usr/bin/llvm-ar (requested /usr/bin/llvm-ranlib)
Disable /usr/bin/llvm-rc
Disable /usr/bin/llvm-readobj (requested /usr/bin/llvm-readelf)
Disable /usr/bin/llvm-readobj
Disable /usr/bin/llvm-reduce
Disable /usr/bin/llvm-rtdyld
Disable /usr/bin/llvm-size
Disable /usr/bin/llvm-split
Disable /usr/bin/llvm-stress
Disable /usr/bin/llvm-strings
Disable /usr/bin/llvm-objcopy (requested /usr/bin/llvm-strip)
Disable /usr/bin/llvm-symbolizer
Disable /usr/bin/llvm-tblgen
Disable /usr/bin/llvm-undname
Disable /usr/bin/llvm-xray
Disable /usr/bin/as
Disable /usr/bin/gcc (requested /usr/bin/cc)
Disable /usr/bin/c++filt
Disable /usr/bin/c++
Disable /usr/bin/c89
Disable /usr/bin/c99
Disable /usr/bin/cpp2html
Disable /usr/bin/cpp
Disable /usr/bin/g++
Disable /usr/bin/g++ (requested /opt/cuda/bin/g++)
Disable /usr/bin/gcc
Disable /usr/bin/gcc-ar
Disable /usr/bin/gcc-nm
Disable /usr/bin/gcc-ranlib
Disable /usr/bin/gcc (requested /opt/cuda/bin/gcc)
Disable /usr/bin/gdb
Disable /usr/bin/ld
Disable /usr/bin/i686-w64-mingw32-gcc
Disable /usr/bin/i686-w64-mingw32-gcc-10.2.0
Disable /usr/bin/i686-w64-mingw32-gcc-ar
Disable /usr/bin/i686-w64-mingw32-gcc-nm
Disable /usr/bin/i686-w64-mingw32-gcc-ranlib
Disable /usr/bin/x86_64-w64-mingw32-gcc
Disable /usr/bin/x86_64-w64-mingw32-gcc-10.2.0
Disable /usr/bin/x86_64-w64-mingw32-gcc-ar
Disable /usr/bin/x86_64-w64-mingw32-gcc-nm
Disable /usr/bin/x86_64-w64-mingw32-gcc-ranlib
Disable /usr/bin/x86_64-pc-linux-gnu-gcc
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-10.2.0
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-ar
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-nm
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-ranlib
Disable /usr/bin/i686-w64-mingw32-g++
Disable /usr/bin/x86_64-w64-mingw32-g++
Disable /usr/bin/x86_64-pc-linux-gnu-g++
Disable /usr/bin/i686-w64-mingw32-gcc
Disable /usr/bin/i686-w64-mingw32-gcc-10.2.0
Disable /usr/bin/i686-w64-mingw32-gcc-ar
Disable /usr/bin/i686-w64-mingw32-gcc-nm
Disable /usr/bin/i686-w64-mingw32-gcc-ranlib
Disable /usr/bin/x86_64-w64-mingw32-gcc
Disable /usr/bin/x86_64-w64-mingw32-gcc-10.2.0
Disable /usr/bin/x86_64-w64-mingw32-gcc-ar
Disable /usr/bin/x86_64-w64-mingw32-gcc-nm
Disable /usr/bin/x86_64-w64-mingw32-gcc-ranlib
Disable /usr/bin/x86_64-pc-linux-gnu-gcc
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-10.2.0
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-ar
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-nm
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-ranlib
Disable /usr/bin/i686-w64-mingw32-g++
Disable /usr/bin/x86_64-w64-mingw32-g++
Disable /usr/bin/x86_64-pc-linux-gnu-g++
Disable /usr/include
Disable /usr/lib/jvm/java-14-openjdk/bin/java (requested /usr/bin/java)
Disable /usr/lib/jvm/java-14-openjdk/bin/java (requested /usr/lib/jvm/default/bin/java)
Disable /usr/lib/jvm/java-14-openjdk/bin/javac (requested /usr/bin/javac)
Disable /usr/lib/jvm/java-14-openjdk/bin/javac (requested /usr/lib/jvm/default/bin/javac)
Disable /usr/share/java
Disable /usr/bin/openssl
Disable /usr/bin/openssl-1.0
Disable /usr/bin/rustup (requested /usr/bin/rust-gdb)
Disable /usr/bin/rustup (requested /usr/bin/rust-lldb)
Disable /usr/bin/rustup (requested /usr/bin/rustc)
Disable /usr/bin/valgrind
Disable /usr/bin/valgrind-di-server
Disable /usr/bin/valgrind-listener
Disable /usr/lib/valgrind
Mounting noexec /run/user/1000
1226 1223 0:22 /firejail/firejail.ro.dir /run/user/1000/systemd rw,nosuid,nodev,relatime master:13 - tmpfs run rw,mode=755
mountid=1226 fsname=/firejail/firejail.ro.dir dir=/run/user/1000/systemd fstype=tmpfs
Mounting noexec /dev/shm
1227 890 0:74 /shm /dev/shm rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755
mountid=1227 fsname=/shm dir=/dev/shm fstype=tmpfs
Mounting noexec /tmp
1229 1228 0:22 /firejail/firejail.ro.dir /tmp/tmux-1000 rw,nosuid,nodev,relatime master:13 - tmpfs run rw,mode=755
mountid=1229 fsname=/firejail/firejail.ro.dir dir=/tmp/tmux-1000 fstype=tmpfs
Mounting noexec /var
1233 1230 0:66 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw
mountid=1233 fsname=/ dir=/var/tmp fstype=tmpfs
Disable /usr/bin/lua5.2
Disable /usr/bin/luac5.2
Disable /usr/bin/luajit-2.0.5 (requested /usr/bin/luajit)
Disable /usr/bin/luajit-2.0.5
Disable /usr/share/texmf-dist/scripts/luaotfload/luaotfload-tool.lua (requested /usr/bin/luaotfload-tool)
Disable /usr/share/texmf-dist/scripts/context/stubs/unix/luatools (requested /usr/bin/luatools)
Disable /usr/bin/lua
Disable /usr/bin/lua (requested /usr/bin/lua5.4)
Disable /usr/bin/luac
Disable /usr/bin/luac (requested /usr/bin/luac5.4)
Disable /usr/bin/lua5.3
Disable /usr/bin/luac5.3
Disable /usDISPLAY=:1 parsed as 1
Masking all X11 sockets except /tmp/.X11-unix/X1
Warning: Cannot confine the application using AppArmor.
Maybe firejail-default AppArmor profile is not loaded into the kernel.
As root, run "aa-enforce firejail-default" to load it.
r/bin/luahbtex
Disable /usr/bin/luajithbtex
Disable /usr/bin/luajittex
Disable /usr/bin/luahbtex (requested /usr/bin/lualatex)
Disable /usr/bin/luatex
Disable /usr/bin/luarocks
Disable /usr/bin/luarocks-admin
Disable /usr/lib/lua
Disable /usr/share/lua
Disable /usr/bin/node
Disable /usr/bin/core_perl/cpan
Disable /usr/bin/core_perl
Disable /usr/bin/perl
Disable /usr/bin/site_perl
Disable /usr/bin/vendor_perl
Disable /usr/lib/perl5
Disable /usr/share/perl5
Disable /usr/share/perl-image-exiftool
Disable /usr/bin/ruby
Disable /usr/lib/ruby
Disable /usr/bin/python2.7 (requested /usr/bin/python2)
Disable /usr/bin/python2.7-config (requested /usr/bin/python2-config)
Disable /usr/bin/python2.7
Disable /usr/bin/python2.7-config
Disable /usr/lib/python2.7
Disable /usr/bin/python3.8 (requested /usr/bin/python3)
Disable /usr/bin/python3.8-config (requested /usr/bin/python3-config)
Disable /usr/bin/python3.8
Disable /usr/bin/python3.8-config
Disable /usr/lib/python3.8
Not blacklist /home/stephen/.config/chromium
Not blacklist /home/stephen/.config/chromium-flags.conf
Not blacklist /home/stephen/.cache/chromium
Mounting read-only /home/stephen/.config/user-dirs.dirs
1276 919 0:23 /home/stephen/.config/user-dirs.dirs /home/stephen/.config/user-dirs.dirs ro,relatime master:71 - btrfs /dev/mapper/ecRoot rw,space_cache,subvolid=259,subvol=/home
mountid=1276 fsname=/home/stephen/.config/user-dirs.dirs dir=/home/stephen/.config/user-dirs.dirs fstype=btrfs
Disable /sys/fs
Disable /sys/module
Disable /mnt
Disable /run/mount
Disable /run/media
Mounting noexec /run/firejail/mnt/pulse
Creating empty /home/stephen/.config/pulse directory
Mounting /run/firejail/mnt/pulse on /home/stephen/.config/pulse
1283 910 0:63 /pulse /home/stephen/.config/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755
mountid=1283 fsname=/pulse dir=/home/stephen/.config/pulse fstype=tmpfs
Current directory: /home/stephen
Mounting read-only /run/firejail/mnt/seccomp
Set caps filter 240000
Drop privileges: pid 1, uid 1000, gid 1000, nogroups 1
No supplementary groups
]0;firejail chromium Child process initialized in 86.87 ms
starting application
LD_PRELOAD=(null)
execvp argument 0: chromium

(chromium:6): IBUS-WARNING **: 11:40:48.211: Unable to connect to ibus: Could not connect: Connection refused

Parent is shutting down, bye...

EDIT: I forgot to mention this does occur in the case where there are multiple Linux X11 sessions on the same computer. The first will have DISPLAY set to ":0", and the latter session will have a different id. It is in this situation where this problem can occur.

Originally created by @Stephen-Seo on GitHub (Oct 14, 2020). Original GitHub issue: https://github.com/netblue30/firejail/issues/3668 **Bug and expected behavior** If the current host X11 session is not display 0 (when the "DISPLAY" env variable is not set to ":0"), some gui applications that are running within firejail do not accept keyboard input. If X11 is running with DISPLAY id 0, then things work as expected. **No profile and disabling firejail** - What changed calling `firejail --noprofile /path/to/program` in a terminal? Nothing changes for the same applications, they still do not accept keyboard input. - What changed calling the program by path (check `which <program>` or `firejail --list` while the sandbox is running)? Running the program without firejail works as expected. **Reproduce** Steps to reproduce the behavior: 1. Start host X11 without using DISPLAY id 0 `startx -- :1` 2. Start a gui application with firejail `firejail chromium` or `firejail firefox` or `firejail vivaldi-stable` 3. Attempt to type in the gui application **Environment** - Linux distribution and version (ie output of `lsb_release -a`, `screenfetch` or `cat /etc/os-release`) ArchLinux x86_64 - Firejail version (output of `firejail --version`) exclusive or used git commit (`git rev-parse HEAD`) firejail version 0.9.62.4 **Additional context** Some other gui applications accept keyboard input (such as alacritty, xterm, kitty, kid3-qt, gimp, audacity), and some do not (such as gnucash, vivaldi, firefox, chromium) when the DISPLAY env is not 0. **Checklist** - [x] The upstream profile (and redirect profile if exists) have no changes fixing it. - [x] The program has a profile. (If not, request one in [# 1139](https://github.com/netblue30/firejail/issues/1139)) - [x] Programs needed for interaction are listed in the profile. - [x] A short search for duplicates was performed. - [x] If it is a AppImage, `--profile=PROFILENAME` is used to set the right profile. <details><summary> debug output </summary> ``` Reading profile /etc/firejail/chromium.profile Autoselecting /bin/bash as shell Building quoted command line: 'chromium' Command name #chromium# Found chromium.profile profile in /etc/firejail directory Reading profile /etc/firejail/globals.local Found globals.local profile in /etc/firejail directory Reading profile /etc/firejail/chromium-common.profile Found chromium-common.profile profile in /etc/firejail directory Reading profile /etc/firejail/disable-common.inc conditional BROWSER_ALLOW_DRM, ignore noexec ${HOME} Found disable-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-devel.inc Found disable-devel.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-exec.inc Found disable-exec.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-interpreters.inc Found disable-interpreters.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-programs.inc Found disable-programs.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-common.inc Found whitelist-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-var-common.inc Found whitelist-var-common.inc profile in /etc/firejail directory DISPLAY=:1 parsed as 1 Parent pid 13390, child pid 13391 conditional BROWSER_DISABLE_U2F, nou2f conditional BROWSER_DISABLE_U2F, private-dev Using the local network stack Debug 423: new_name #/home/stephen/.cache/chromium#, whitelist Debug 531: fname #/home/stephen/.cache/chromium#, cfg.homedir #/home/stephen# Debug 423: new_name #/home/stephen/.config/chromium#, whitelist Debug 531: fname #/home/stephen/.config/chromium#, cfg.homedir #/home/stephen# Debug 423: new_name #/home/stephen/.config/chromium-flags.conf#, whitelist conditional BROWSER_DISABLE_U2F, nou2f conditional BROWSER_DISABLE_U2F, private-dev Using the local network stack Initializing child process PID namespace installed Mounting tmpfs on /run/firejail/mnt directory Creating empty /run/firejail/mnt/seccomp directory Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file IBUS_ADDRESS=unix:abstract=/tmp/dbus-26AG5xmu,guid=e8ebd0291d798ba8daf7614d5c199c13 IBUS_DAEMON_PID=1420 IBUS_ADDRESS=unix:abstract=/home/stephen/.cache/ibus/dbus-GPT5U7MK,guid=1652ac20c16e0c690a71ef9b5f86611c IBUS_DAEMON_PID=4887 Mounting /proc filesystem representing the PID namespace Basic read-only filesystem: Mounting read-only /etc Mounting noexec /etc Mounting read-only /var Mounting noexec /var Mounting read-only /bin Mounting read-only /lib Mounting read-only /usr Mounting tmpfs on /var/lock Mounting tmpfs on /var/tmp Mounting tmpfs on /var/log Mounting tmpfs on /var/lib/dhcp Mounting tmpfs on /var/lib/nginx Create the new utmp file Mount the new utmp file Cleaning /home directory Cleaning /run/user directory Sanitizing /etc/passwd, UID_MIN 1000 Sanitizing /etc/group, GID_MIN 1000 Disable /home/stephen/.config/firejail Disable /run/firejail/network Disable /run/firejail/bandwidth Disable /run/firejail/name Disable /run/firejail/profile Disable /run/firejail/x11 Mounting tmpfs on /dev mounting /run/firejail/mnt/dev/snd directory mounting /run/firejail/mnt/dev/dri directory mounting /run/firejail/mnt/dev/nvidia0 file mounting /run/firejail/mnt/dev/nvidiactl file mounting /run/firejail/mnt/dev/nvidia-modeset file mounting /run/firejail/mnt/dev/video0 file mounting /run/firejail/mnt/dev/video1 file Process /dev/shm directory Mounting read-only /proc/sys Remounting /sys directory Disable /sys/firmware Disable /sys/hypervisor Disable /sys/power Disable /sys/kernel/debug Disable /proc/sys/fs/binfmt_misc Disable /proc/sys/kernel/core_pattern Disable /proc/sys/kernel/modprobe Disable /proc/sysrq-trigger Disable /proc/sys/vm/panic_on_oom Disable /proc/irq Disable /proc/bus Disable /proc/sched_debug Disable /proc/timer_list Disable /proc/kallsyms Disable /usr/lib/modules/5.8.14-arch1-1/build (requested /usr/src/linux) Disable /usr/lib/modules (requested /lib/modules) Disable /boot Disable /run/user/1000/gnupg Disable /run/user/1000/systemd Disable /proc/kmsg Replaced whitelist path: whitelist /home/stephen/.cache/chromium Replaced whitelist path: whitelist /home/stephen/.config/chromium Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/chromium-flags.conf expanded: /home/stephen/.config/chromium-flags.conf real path: (null) realpath: No such file or directory Debug 423: new_name #/home/stephen/Downloads#, whitelist Debug 531: fname #/home/stephen/Downloads#, cfg.homedir #/home/stephen# Debug 423: new_name #/home/stephen/.pki#, whitelist Debug 531: fname #/home/stephen/.pki#, cfg.homedir #/home/stephen# Debug 423: new_name #/home/stephen/.local/share/pki#, whitelist Debug 531: fname #/home/stephen/.local/share/pki#, cfg.homedir #/home/stephen# Debug 423: new_name #/home/stephen/.XCompose#, whitelist Directory ${DOWNLOADS} resolved as Downloads Replaced whitelist path: whitelist /home/stephen/Downloads Replaced whitelist path: whitelist /home/stephen/.pki Replaced whitelist path: whitelist /home/stephen/.local/share/pki Removed whitelist/nowhitelist path: whitelist ${HOME}/.XCompose expanded: /home/stephen/.XCompose real path: (null) realpath: No such file or directory Debug 423: new_name #/home/stephen/.asoundrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.asoundrc expanded: /home/stephen/.asoundrc real path: (null) realpath: No such file or directory Debug 423: new_name #/home/stephen/.config/ibus#, whitelist Debug 531: fname #/home/stephen/.config/ibus#, cfg.homedir #/home/stephen# Debug 423: new_name #/home/stephen/.config/mimeapps.list#, whitelist Debug 531: fname #/home/stephen/.config/mimeapps.list#, cfg.homedir #/home/stephen# Debug 423: new_name #/home/stephen/.config/pkcs11#, whitelist Replaced whitelist path: whitelist /home/stephen/.config/ibus Replaced whitelist path: whitelist /home/stephen/.config/mimeapps.list Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/pkcs11 expanded: /home/stephen/.config/pkcs11 real path: (null) realpath: No such file or directory Debug 423: new_name #/home/stephen/.config/user-dirs.dirs#, whitelist Debug 531: fname #/home/stephen/.config/user-dirs.dirs#, cfg.homedir #/home/stephen# Debug 423: new_name #/home/stephen/.drirc#, whitelist Replaced whitelist path: whitelist /home/stephen/.config/user-dirs.dirs Removed whitelist/nowhitelist path: whitelist ${HOME}/.drirc expanded: /home/stephen/.drirc real path: (null) realpath: No such file or directory Debug 423: new_name #/home/stephen/.icons#, whitelist Debug 531: fname #/home/stephen/.icons#, cfg.homedir #/home/stephen# Debug 423: new_name #/home/stephen/.local/share/applications#, whitelist Debug 531: fname #/home/stephen/.local/share/applications#, cfg.homedir #/home/stephen# Debug 423: new_name #/home/stephen/.local/share/icons#, whitelist Debug 531: fname #/home/stephen/.local/share/icons#, cfg.homedir #/home/stephen# Debug 423: new_name #/home/stephen/.local/share/mime#, whitelist Debug 531: fname #/home/stephen/.local/share/mime#, cfg.homedir #/home/stephen# Debug 423: new_name #/home/stephen/.mime.types#, whitelist Replaced whitelist path: whitelist /home/stephen/.icons Replaced whitelist path: whitelist /home/stephen/.local/share/applications Replaced whitelist path: whitelist /home/stephen/.local/share/icons Replaced whitelist path: whitelist /home/stephen/.local/share/mime Removed whitelist/nowhitelist path: whitelist ${HOME}/.mime.types expanded: /home/stephen/.mime.types real path: (null) realpath: No such file or directory Debug 423: new_name #/home/stephen/.config/dconf#, whitelist Debug 531: fname #/home/stephen/.config/dconf#, cfg.homedir #/home/stephen# Debug 423: new_name #/home/stephen/.cache/fontconfig#, whitelist Debug 531: fname #/home/stephen/.cache/fontconfig#, cfg.homedir #/home/stephen# Debug 423: new_name #/home/stephen/.config/fontconfig#, whitelist Replaced whitelist path: whitelist /home/stephen/.config/dconf Replaced whitelist path: whitelist /home/stephen/.cache/fontconfig Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/fontconfig expanded: /home/stephen/.config/fontconfig real path: (null) realpath: No such file or directory Debug 423: new_name #/home/stephen/.fontconfig#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fontconfig expanded: /home/stephen/.fontconfig real path: (null) realpath: No such file or directory Debug 423: new_name #/home/stephen/.fonts#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts expanded: /home/stephen/.fonts real path: (null) realpath: No such file or directory Debug 423: new_name #/home/stephen/.fonts.conf#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf expanded: /home/stephen/.fonts.conf real path: (null) realpath: No such file or directory Debug 423: new_name #/home/stephen/.fonts.conf.d#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf.d expanded: /home/stephen/.fonts.conf.d real path: (null) realpath: No such file or directory Debug 423: new_name #/home/stephen/.fonts.d#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.d expanded: /home/stephen/.fonts.d real path: (null) realpath: No such file or directory Debug 423: new_name #/home/stephen/.local/share/fonts#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/fonts expanded: /home/stephen/.local/share/fonts real path: (null) realpath: No such file or directory Debug 423: new_name #/home/stephen/.pangorc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.pangorc expanded: /home/stephen/.pangorc real path: (null) realpath: No such file or directory Debug 423: new_name #/home/stephen/.config/gtk-2.0#, whitelist Debug 531: fname #/home/stephen/.config/gtk-2.0#, cfg.homedir #/home/stephen# Debug 423: new_name #/home/stephen/.config/gtk-3.0#, whitelist Debug 531: fname #/home/stephen/.config/gtk-3.0#, cfg.homedir #/home/stephen# Debug 423: new_name #/home/stephen/.config/gtkrc#, whitelist Replaced whitelist path: whitelist /home/stephen/.config/gtk-2.0 Replaced whitelist path: whitelist /home/stephen/.config/gtk-3.0 Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc expanded: /home/stephen/.config/gtkrc real path: (null) realpath: No such file or directory Debug 423: new_name #/home/stephen/.config/gtkrc-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc-2.0 expanded: /home/stephen/.config/gtkrc-2.0 real path: (null) realpath: No such file or directory Debug 423: new_name #/home/stephen/.gnome2#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2 expanded: /home/stephen/.gnome2 real path: (null) realpath: No such file or directory Debug 423: new_name #/home/stephen/.gnome2-private#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2-private expanded: /home/stephen/.gnome2-private real path: (null) realpath: No such file or directory Debug 423: new_name #/home/stephen/.gtk-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtk-2.0 expanded: /home/stephen/.gtk-2.0 real path: (null) realpath: No such file or directory Debug 423: new_name #/home/stephen/.gtkrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtkrc expanded: /home/stephen/.gtkrc real path: (null) realpath: No such file or directory Debug 423: new_name #/home/stephen/.gtkrc-2.0#, whitelist Debug 531: fname #/home/stephen/.gtkrc-2.0#, cfg.homedir #/home/stephen# Debug 423: new_name #/home/stephen/.kde/share/config/gtkrc#, whitelist Replaced whitelist path: whitelist /home/stephen/.gtkrc-2.0 Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc expanded: /home/stephen/.kde/share/config/gtkrc real path: (null) realpath: No such file or directory Debug 423: new_name #/home/stephen/.kde/share/config/gtkrc-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc-2.0 expanded: /home/stephen/.kde/share/config/gtkrc-2.0 real path: (null) realpath: No such file or directory Debug 423: new_name #/home/stephen/.kde4/share/config/gtkrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc expanded: /home/stephen/.kde4/share/config/gtkrc real path: (null) realpath: No such file or directory Debug 423: new_name #/home/stephen/.kde4/share/config/gtkrc-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc-2.0 expanded: /home/stephen/.kde4/share/config/gtkrc-2.0 real path: (null) realpath: No such file or directory Debug 423: new_name #/home/stephen/.local/share/themes#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/themes expanded: /home/stephen/.local/share/themes real path: (null) realpath: No such file or directory Debug 423: new_name #/home/stephen/.themes#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.themes expanded: /home/stephen/.themes real path: (null) realpath: No such file or directory Debug 423: new_name #/home/stephen/.cache/kioexec/krun#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.cache/kioexec/krun expanded: /home/stephen/.cache/kioexec/krun real path: (null) realpath: No such file or directory Debug 423: new_name #/home/stephen/.config/Kvantum#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/Kvantum expanded: /home/stephen/.config/Kvantum real path: (null) realpath: No such file or directory Debug 423: new_name #/home/stephen/.config/Trolltech.conf#, whitelist Debug 531: fname #/home/stephen/.config/Trolltech.conf#, cfg.homedir #/home/stephen# Debug 423: new_name #/home/stephen/.config/kdeglobals#, whitelist Debug 531: fname #/home/stephen/.config/kdeglobals#, cfg.homedir #/home/stephen# Debug 423: new_name #/home/stephen/.config/kio_httprc#, whitelist Replaced whitelist path: whitelist /home/stephen/.config/Trolltech.conf Replaced whitelist path: whitelist /home/stephen/.config/kdeglobals Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kio_httprc expanded: /home/stephen/.config/kio_httprc real path: (null) realpath: No such file or directory Debug 423: new_name #/home/stephen/.config/kioslaverc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kioslaverc expanded: /home/stephen/.config/kioslaverc real path: (null) realpath: No such file or directory Debug 423: new_name #/home/stephen/.config/ksslcablacklist#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/ksslcablacklist expanded: /home/stephen/.config/ksslcablacklist real path: (null) realpath: No such file or directory Debug 423: new_name #/home/stephen/.config/qt5ct#, whitelist Debug 531: fname #/home/stephen/.config/qt5ct#, cfg.homedir #/home/stephen# Debug 423: new_name #/home/stephen/.kde/share/config/kdeglobals#, whitelist Replaced whitelist path: whitelist /home/stephen/.config/qt5ct Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kdeglobals expanded: /home/stephen/.kde/share/config/kdeglobals real path: (null) realpath: No such file or directory Debug 423: new_name #/home/stephen/.kde/share/config/kio_httprc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kio_httprc expanded: /home/stephen/.kde/share/config/kio_httprc real path: (null) realpath: No such file or directory Debug 423: new_name #/home/stephen/.kde/share/config/kioslaverc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kioslaverc expanded: /home/stephen/.kde/share/config/kioslaverc real path: (null) realpath: No such file or directory Debug 423: new_name #/home/stephen/.kde/share/config/ksslcablacklist#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/ksslcablacklist expanded: /home/stephen/.kde/share/config/ksslcablacklist real path: (null) realpath: No such file or directory Debug 423: new_name #/home/stephen/.kde/share/config/oxygenrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/oxygenrc expanded: /home/stephen/.kde/share/config/oxygenrc real path: (null) realpath: No such file or directory Debug 423: new_name #/home/stephen/.kde/share/icons#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/icons expanded: /home/stephen/.kde/share/icons real path: (null) realpath: No such file or directory Debug 423: new_name #/home/stephen/.kde4/share/config/kdeglobals#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kdeglobals expanded: /home/stephen/.kde4/share/config/kdeglobals real path: (null) realpath: No such file or directory Debug 423: new_name #/home/stephen/.kde4/share/config/kio_httprc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kio_httprc expanded: /home/stephen/.kde4/share/config/kio_httprc real path: (null) realpath: No such file or directory Debug 423: new_name #/home/stephen/.kde4/share/config/kioslaverc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kioslaverc expanded: /home/stephen/.kde4/share/config/kioslaverc real path: (null) realpath: No such file or directory Debug 423: new_name #/home/stephen/.kde4/share/config/ksslcablacklist#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/ksslcablacklist expanded: /home/stephen/.kde4/share/config/ksslcablacklist real path: (null) realpath: No such file or directory Debug 423: new_name #/home/stephen/.kde4/share/config/oxygenrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/oxygenrc expanded: /home/stephen/.kde4/share/config/oxygenrc real path: (null) realpath: No such file or directory Debug 423: new_name #/home/stephen/.kde4/share/icons#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/icons expanded: /home/stephen/.kde4/share/icons real path: (null) realpath: No such file or directory Debug 423: new_name #/home/stephen/.local/share/qt5ct#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/qt5ct expanded: /home/stephen/.local/share/qt5ct real path: (null) realpath: No such file or directory Debug 423: new_name #/var/lib/dbus#, whitelist Debug 423: new_name #/var/lib/menu-xdg#, whitelist Removed whitelist/nowhitelist path: whitelist /var/lib/menu-xdg expanded: /var/lib/menu-xdg real path: (null) realpath: No such file or directory Debug 423: new_name #/var/cache/fontconfig#, whitelist Debug 423: new_name #/var/tmp#, whitelist Debug 423: new_name #/var/run#, whitelist Debug 423: new_name #/var/lock#, whitelist Replaced whitelist path: whitelist /run Replaced whitelist path: whitelist /run/lock Mounting tmpfs on /var directory Mounting a new /home directory Mounting a new /root directory Create a new user directory Whitelisting /home/stephen/.cache/chromium 912 910 0:23 /home/stephen/.cache/chromium /home/stephen/.cache/chromium rw,relatime master:71 - btrfs /dev/mapper/ecRoot rw,space_cache,subvolid=259,subvol=/home mountid=912 fsname=/home/stephen/.cache/chromium dir=/home/stephen/.cache/chromium fstype=btrfs Whitelisting /home/stephen/.config/chromium 913 910 0:23 /home/stephen/.config/chromium /home/stephen/.config/chromium rw,relatime master:71 - btrfs /dev/mapper/ecRoot rw,space_cache,subvolid=259,subvol=/home mountid=913 fsname=/home/stephen/.config/chromium dir=/home/stephen/.config/chromium fstype=btrfs Whitelisting /home/stephen/Downloads 914 910 0:23 /home/stephen/Downloads /home/stephen/Downloads rw,relatime master:71 - btrfs /dev/mapper/ecRoot rw,space_cache,subvolid=259,subvol=/home mountid=914 fsname=/home/stephen/Downloads dir=/home/stephen/Downloads fstype=btrfs Whitelisting /home/stephen/.pki 915 910 0:23 /home/stephen/.pki /home/stephen/.pki rw,relatime master:71 - btrfs /dev/mapper/ecRoot rw,space_cache,subvolid=259,subvol=/home mountid=915 fsname=/home/stephen/.pki dir=/home/stephen/.pki fstype=btrfs Whitelisting /home/stephen/.local/share/pki 916 910 0:23 /home/stephen/.local/share/pki /home/stephen/.local/share/pki rw,relatime master:71 - btrfs /dev/mapper/ecRoot rw,space_cache,subvolid=259,subvol=/home mountid=916 fsname=/home/stephen/.local/share/pki dir=/home/stephen/.local/share/pki fstype=btrfs Whitelisting /home/stephen/.config/ibus 917 910 0:23 /home/stephen/.config/ibus /home/stephen/.config/ibus rw,relatime master:71 - btrfs /dev/mapper/ecRoot rw,space_cache,subvolid=259,subvol=/home mountid=917 fsname=/home/stephen/.config/ibus dir=/home/stephen/.config/ibus fstype=btrfs Whitelisting /home/stephen/.config/mimeapps.list 918 910 0:23 /home/stephen/.config/mimeapps.list /home/stephen/.config/mimeapps.list rw,relatime master:71 - btrfs /dev/mapper/ecRoot rw,space_cache,subvolid=259,subvol=/home mountid=918 fsname=/home/stephen/.config/mimeapps.list dir=/home/stephen/.config/mimeapps.list fstype=btrfs Whitelisting /home/stephen/.config/user-dirs.dirs 919 910 0:23 /home/stephen/.config/user-dirs.dirs /home/stephen/.config/user-dirs.dirs rw,relatime master:71 - btrfs /dev/mapper/ecRoot rw,space_cache,subvolid=259,subvol=/home mountid=919 fsname=/home/stephen/.config/user-dirs.dirs dir=/home/stephen/.config/user-dirs.dirs fstype=btrfs Whitelisting /home/stephen/.icons 920 910 0:23 /home/stephen/.icons /home/stephen/.icons rw,relatime master:71 - btrfs /dev/mapper/ecRoot rw,space_cache,subvolid=259,subvol=/home mountid=920 fsname=/home/stephen/.icons dir=/home/stephen/.icons fstype=btrfs Whitelisting /home/stephen/.local/share/applications 921 910 0:23 /home/stephen/.local/share/applications /home/stephen/.local/share/applications rw,relatime master:71 - btrfs /dev/mapper/ecRoot rw,space_cache,subvolid=259,subvol=/home mountid=921 fsname=/home/stephen/.local/share/applications dir=/home/stephen/.local/share/applications fstype=btrfs Whitelisting /home/stephen/.local/share/icons 922 910 0:23 /home/stephen/.local/share/icons /home/stephen/.local/share/icons rw,relatime master:71 - btrfs /dev/mapper/ecRoot rw,space_cache,subvolid=259,subvol=/home mountid=922 fsname=/home/stephen/.local/share/icons dir=/home/stephen/.local/share/icons fstype=btrfs Whitelisting /home/stephen/.local/share/mime 923 910 0:23 /home/stephen/.local/share/mime /home/stephen/.local/share/mime rw,relatime master:71 - btrfs /dev/mapper/ecRoot rw,space_cache,subvolid=259,subvol=/home mountid=923 fsname=/home/stephen/.local/share/mime dir=/home/stephen/.local/share/mime fstype=btrfs Whitelisting /home/stephen/.config/dconf 924 910 0:23 /home/stephen/.config/dconf /home/stephen/.config/dconf rw,relatime master:71 - btrfs /dev/mapper/ecRoot rw,space_cache,subvolid=259,subvol=/home mountid=924 fsname=/home/stephen/.config/dconf dir=/home/stephen/.config/dconf fstype=btrfs Whitelisting /home/stephen/.cache/fontconfig 925 910 0:23 /home/stephen/.cache/fontconfig /home/stephen/.cache/fontconfig rw,relatime master:71 - btrfs /dev/mapper/ecRoot rw,space_cache,subvolid=259,subvol=/home mountid=925 fsname=/home/stephen/.cache/fontconfig dir=/home/stephen/.cache/fontconfig fstype=btrfs Whitelisting /home/stephen/.config/gtk-2.0 926 910 0:23 /home/stephen/.config/gtk-2.0 /home/stephen/.config/gtk-2.0 rw,relatime master:71 - btrfs /dev/mapper/ecRoot rw,space_cache,subvolid=259,subvol=/home mountid=926 fsname=/home/stephen/.config/gtk-2.0 dir=/home/stephen/.config/gtk-2.0 fstype=btrfs Whitelisting /home/stephen/.config/gtk-3.0 927 910 0:23 /home/stephen/.config/gtk-3.0 /home/stephen/.config/gtk-3.0 rw,relatime master:71 - btrfs /dev/mapper/ecRoot rw,space_cache,subvolid=259,subvol=/home mountid=927 fsname=/home/stephen/.config/gtk-3.0 dir=/home/stephen/.config/gtk-3.0 fstype=btrfs Whitelisting /home/stephen/.gtkrc-2.0 928 910 0:23 /home/stephen/.gtkrc-2.0 /home/stephen/.gtkrc-2.0 rw,relatime master:71 - btrfs /dev/mapper/ecRoot rw,space_cache,subvolid=259,subvol=/home mountid=928 fsname=/home/stephen/.gtkrc-2.0 dir=/home/stephen/.gtkrc-2.0 fstype=btrfs Whitelisting /home/stephen/.config/Trolltech.conf 929 910 0:23 /home/stephen/.config/Trolltech.conf /home/stephen/.config/Trolltech.conf rw,relatime master:71 - btrfs /dev/mapper/ecRoot rw,space_cache,subvolid=259,subvol=/home mountid=929 fsname=/home/stephen/.config/Trolltech.conf dir=/home/stephen/.config/Trolltech.conf fstype=btrfs Whitelisting /home/stephen/.config/kdeglobals 930 910 0:23 /home/stephen/.config/kdeglobals /home/stephen/.config/kdeglobals rw,relatime master:71 - btrfs /dev/mapper/ecRoot rw,space_cache,subvolid=259,subvol=/home mountid=930 fsname=/home/stephen/.config/kdeglobals dir=/home/stephen/.config/kdeglobals fstype=btrfs Whitelisting /home/stephen/.config/qt5ct 931 910 0:23 /home/stephen/.config/qt5ct /home/stephen/.config/qt5ct rw,relatime master:71 - btrfs /dev/mapper/ecRoot rw,space_cache,subvolid=259,subvol=/home mountid=931 fsname=/home/stephen/.config/qt5ct dir=/home/stephen/.config/qt5ct fstype=btrfs Whitelisting /var/lib/dbus 932 907 0:23 /root/var/lib/dbus /var/lib/dbus ro,nosuid,nodev,noexec,relatime master:1 - btrfs /dev/mapper/ecRoot rw,space_cache,subvolid=256,subvol=/root mountid=932 fsname=/root/var/lib/dbus dir=/var/lib/dbus fstype=btrfs Whitelisting /var/cache/fontconfig 933 907 0:23 /root/var/cache/fontconfig /var/cache/fontconfig ro,nosuid,nodev,noexec,relatime master:1 - btrfs /dev/mapper/ecRoot rw,space_cache,subvolid=256,subvol=/root mountid=933 fsname=/root/var/cache/fontconfig dir=/var/cache/fontconfig fstype=btrfs Whitelisting /var/tmp 934 907 0:66 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw mountid=934 fsname=/ dir=/var/tmp fstype=tmpfs Created symbolic link /var/run -> /run Created symbolic link /var/lock -> /run/lock Disable /mnt Disable /etc/X11/Xsession.d Disable /etc/xdg/autostart Mounting read-only /home/stephen/.Xauthority 940 910 0:77 /stephen/.Xauthority /home/stephen/.Xauthority ro,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755 mountid=940 fsname=/stephen/.Xauthority dir=/home/stephen/.Xauthority fstype=tmpfs Mounting read-only /home/stephen/.config/kdeglobals 941 930 0:23 /home/stephen/.config/kdeglobals /home/stephen/.config/kdeglobals ro,relatime master:71 - btrfs /dev/mapper/ecRoot rw,space_cache,subvolid=259,subvol=/home mountid=941 fsname=/home/stephen/.config/kdeglobals dir=/home/stephen/.config/kdeglobals fstype=btrfs Mounting read-only /home/stephen/.config/dconf 942 924 0:23 /home/stephen/.config/dconf /home/stephen/.config/dconf ro,relatime master:71 - btrfs /dev/mapper/ecRoot rw,space_cache,subvolid=259,subvol=/home mountid=942 fsname=/home/stephen/.config/dconf dir=/home/stephen/.config/dconf fstype=btrfs Disable /etc/profile.d Disable /etc/kernel Disable /etc/grub.d Disable /etc/dkms Disable /etc/apparmor.d Disable /etc/apparmor Disable /etc/modules-load.d Disable /etc/logrotate.d Disable /etc/logrotate.conf Mounting read-only /home/stepheWarning: /sbin directory link was not blacklisted Warning: /usr/sbin directory link was not blacklisted n/.bashrc 952 910 0:77 /stephen/.bashrc /home/stephen/.bashrc ro,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755 mountid=952 fsname=/stephen/.bashrc dir=/home/stephen/.bashrc fstype=tmpfs Mounting read-only /home/stephen/.local/share/applications 953 921 0:23 /home/stephen/.local/share/applications /home/stephen/.local/share/applications ro,relatime master:71 - btrfs /dev/mapper/ecRoot rw,space_cache,subvolid=259,subvol=/home mountid=953 fsname=/home/stephen/.local/share/applications dir=/home/stephen/.local/share/applications fstype=btrfs Not blacklist /home/stephen/.pki Not blacklist /home/stephen/.local/share/pki Disable /etc/group- Disable /etc/gshadow Disable /etc/gshadow- Disable /etc/passwd- Disable /etc/shadow Disable /etc/shadow- Disable /etc/ssh Disable /usr/local/sbin Disable /usr/bin/chage Disable /usr/bin/chfn Disable /usr/bin/chsh Disable /usr/bin/expiry Disable /usr/bin/fusermount Disable /usr/bin/gpasswd Disable /usr/bin/ksu Disable /usr/bin/mount Disable /usr/bin/nc Disable /usr/bin/newgidmap Disable /usr/bin/newgrp Disable /usr/bin/newuidmap Disable /usr/bin/ntfs-3g Disable /usr/bin/pkexec Disable /usr/bin/sg Disable /usr/bin/su Disable /usr/bin/sudo Disable /usr/bin/umount Disable /usr/bin/unix_chkpwd Disable /usr/bin/xinput Disable /tmp/tmux-1000 Disable /usr/bin/urxvtc Disable /usr/bin/xfce4-terminal Disable /usr/bin/bwrap Disable /proc/config.gz Disable /usr/bin/clang-10 (requested /usr/bin/clang) Disable /usr/bin/clang-10 (requested /usr/bin/clang++) Disable /usr/bin/clang-10 Disable /usr/bin/clang-apply-replacements Disable /usr/bin/clang-change-namespace Disable /usr/bin/clang-check Disable /usr/bin/clang-10 (requested /usr/bin/clang-cl) Disable /usr/bin/clang-10 (requested /usr/bin/clang-cpp) Disable /usr/bin/clang-doc Disable /usr/bin/clang-extdef-mapping Disable /usr/bin/clang-format Disable /usr/bin/clang-import-test Disable /usr/bin/clang-include-fixer Disable /usr/bin/clang-move Disable /usr/bin/clang-offload-bundler Disable /usr/bin/clang-offload-wrapper Disable /usr/bin/clang-query Disable /usr/bin/clang-refactor Disable /usr/bin/clang-rename Disable /usr/bin/clang-reorder-fields Disable /usr/bin/clang-scan-deps Disable /usr/bin/clang-tidy Disable /usr/bin/clangd Disable /usr/bin/lldb Disable /usr/bin/lldb-argdumper Disable /usr/bin/lldb-instr Disable /usr/bin/lldb-server Disable /usr/bin/lldb-vscode Disable /usr/bin/llvm-PerfectShuffle Disable /usr/bin/llvm-symbolizer (requested /usr/bin/llvm-addr2line) Disable /usr/bin/llvm-ar Disable /usr/bin/llvm-as Disable /usr/bin/llvm-bcanalyzer Disable /usr/bin/llvm-c-test Disable /usr/bin/llvm-cat Disable /usr/bin/llvm-cfi-verify Disable /usr/bin/llvm-config Disable /usr/bin/llvm-cov Disable /usr/bin/llvm-cvtres Disable /usr/bin/llvm-cxxdump Disable /usr/bin/llvm-cxxfilt Disable /usr/bin/llvm-cxxmap Disable /usr/bin/llvm-diff Disable /usr/bin/llvm-dis Disable /usr/bin/llvm-ar (requested /usr/bin/llvm-dlltool) Disable /usr/bin/llvm-dwarfdump Disable /usr/bin/llvm-dwp Disable /usr/bin/llvm-elfabi Disable /usr/bin/llvm-exegesis Disable /usr/bin/llvm-extract Disable /usr/bin/llvm-ifs Disable /usr/bin/llvm-objcopy (requested /usr/bin/llvm-install-name-tool) Disable /usr/bin/llvm-jitlink Disable /usr/bin/llvm-ar (requested /usr/bin/llvm-lib) Disable /usr/bin/llvm-link Disable /usr/bin/llvm-lipo Disable /usr/bin/llvm-lto Disable /usr/bin/llvm-lto2 Disable /usr/bin/llvm-mc Disable /usr/bin/llvm-mca Disable /usr/bin/llvm-modextract Disable /usr/bin/llvm-mt Disable /usr/bin/llvm-nm Disable /usr/bin/llvm-objcopy Disable /usr/bin/llvm-objdump Disable /usr/bin/llvm-opt-report Disable /usr/bin/llvm-pdbutil Disable /usr/bin/llvm-profdata Disable /usr/bin/llvm-ar (requested /usr/bin/llvm-ranlib) Disable /usr/bin/llvm-rc Disable /usr/bin/llvm-readobj (requested /usr/bin/llvm-readelf) Disable /usr/bin/llvm-readobj Disable /usr/bin/llvm-reduce Disable /usr/bin/llvm-rtdyld Disable /usr/bin/llvm-size Disable /usr/bin/llvm-split Disable /usr/bin/llvm-stress Disable /usr/bin/llvm-strings Disable /usr/bin/llvm-objcopy (requested /usr/bin/llvm-strip) Disable /usr/bin/llvm-symbolizer Disable /usr/bin/llvm-tblgen Disable /usr/bin/llvm-undname Disable /usr/bin/llvm-xray Disable /usr/bin/as Disable /usr/bin/gcc (requested /usr/bin/cc) Disable /usr/bin/c++filt Disable /usr/bin/c++ Disable /usr/bin/c89 Disable /usr/bin/c99 Disable /usr/bin/cpp2html Disable /usr/bin/cpp Disable /usr/bin/g++ Disable /usr/bin/g++ (requested /opt/cuda/bin/g++) Disable /usr/bin/gcc Disable /usr/bin/gcc-ar Disable /usr/bin/gcc-nm Disable /usr/bin/gcc-ranlib Disable /usr/bin/gcc (requested /opt/cuda/bin/gcc) Disable /usr/bin/gdb Disable /usr/bin/ld Disable /usr/bin/i686-w64-mingw32-gcc Disable /usr/bin/i686-w64-mingw32-gcc-10.2.0 Disable /usr/bin/i686-w64-mingw32-gcc-ar Disable /usr/bin/i686-w64-mingw32-gcc-nm Disable /usr/bin/i686-w64-mingw32-gcc-ranlib Disable /usr/bin/x86_64-w64-mingw32-gcc Disable /usr/bin/x86_64-w64-mingw32-gcc-10.2.0 Disable /usr/bin/x86_64-w64-mingw32-gcc-ar Disable /usr/bin/x86_64-w64-mingw32-gcc-nm Disable /usr/bin/x86_64-w64-mingw32-gcc-ranlib Disable /usr/bin/x86_64-pc-linux-gnu-gcc Disable /usr/bin/x86_64-pc-linux-gnu-gcc-10.2.0 Disable /usr/bin/x86_64-pc-linux-gnu-gcc-ar Disable /usr/bin/x86_64-pc-linux-gnu-gcc-nm Disable /usr/bin/x86_64-pc-linux-gnu-gcc-ranlib Disable /usr/bin/i686-w64-mingw32-g++ Disable /usr/bin/x86_64-w64-mingw32-g++ Disable /usr/bin/x86_64-pc-linux-gnu-g++ Disable /usr/bin/i686-w64-mingw32-gcc Disable /usr/bin/i686-w64-mingw32-gcc-10.2.0 Disable /usr/bin/i686-w64-mingw32-gcc-ar Disable /usr/bin/i686-w64-mingw32-gcc-nm Disable /usr/bin/i686-w64-mingw32-gcc-ranlib Disable /usr/bin/x86_64-w64-mingw32-gcc Disable /usr/bin/x86_64-w64-mingw32-gcc-10.2.0 Disable /usr/bin/x86_64-w64-mingw32-gcc-ar Disable /usr/bin/x86_64-w64-mingw32-gcc-nm Disable /usr/bin/x86_64-w64-mingw32-gcc-ranlib Disable /usr/bin/x86_64-pc-linux-gnu-gcc Disable /usr/bin/x86_64-pc-linux-gnu-gcc-10.2.0 Disable /usr/bin/x86_64-pc-linux-gnu-gcc-ar Disable /usr/bin/x86_64-pc-linux-gnu-gcc-nm Disable /usr/bin/x86_64-pc-linux-gnu-gcc-ranlib Disable /usr/bin/i686-w64-mingw32-g++ Disable /usr/bin/x86_64-w64-mingw32-g++ Disable /usr/bin/x86_64-pc-linux-gnu-g++ Disable /usr/include Disable /usr/lib/jvm/java-14-openjdk/bin/java (requested /usr/bin/java) Disable /usr/lib/jvm/java-14-openjdk/bin/java (requested /usr/lib/jvm/default/bin/java) Disable /usr/lib/jvm/java-14-openjdk/bin/javac (requested /usr/bin/javac) Disable /usr/lib/jvm/java-14-openjdk/bin/javac (requested /usr/lib/jvm/default/bin/javac) Disable /usr/share/java Disable /usr/bin/openssl Disable /usr/bin/openssl-1.0 Disable /usr/bin/rustup (requested /usr/bin/rust-gdb) Disable /usr/bin/rustup (requested /usr/bin/rust-lldb) Disable /usr/bin/rustup (requested /usr/bin/rustc) Disable /usr/bin/valgrind Disable /usr/bin/valgrind-di-server Disable /usr/bin/valgrind-listener Disable /usr/lib/valgrind Mounting noexec /run/user/1000 1226 1223 0:22 /firejail/firejail.ro.dir /run/user/1000/systemd rw,nosuid,nodev,relatime master:13 - tmpfs run rw,mode=755 mountid=1226 fsname=/firejail/firejail.ro.dir dir=/run/user/1000/systemd fstype=tmpfs Mounting noexec /dev/shm 1227 890 0:74 /shm /dev/shm rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755 mountid=1227 fsname=/shm dir=/dev/shm fstype=tmpfs Mounting noexec /tmp 1229 1228 0:22 /firejail/firejail.ro.dir /tmp/tmux-1000 rw,nosuid,nodev,relatime master:13 - tmpfs run rw,mode=755 mountid=1229 fsname=/firejail/firejail.ro.dir dir=/tmp/tmux-1000 fstype=tmpfs Mounting noexec /var 1233 1230 0:66 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw mountid=1233 fsname=/ dir=/var/tmp fstype=tmpfs Disable /usr/bin/lua5.2 Disable /usr/bin/luac5.2 Disable /usr/bin/luajit-2.0.5 (requested /usr/bin/luajit) Disable /usr/bin/luajit-2.0.5 Disable /usr/share/texmf-dist/scripts/luaotfload/luaotfload-tool.lua (requested /usr/bin/luaotfload-tool) Disable /usr/share/texmf-dist/scripts/context/stubs/unix/luatools (requested /usr/bin/luatools) Disable /usr/bin/lua Disable /usr/bin/lua (requested /usr/bin/lua5.4) Disable /usr/bin/luac Disable /usr/bin/luac (requested /usr/bin/luac5.4) Disable /usr/bin/lua5.3 Disable /usr/bin/luac5.3 Disable /usDISPLAY=:1 parsed as 1 Masking all X11 sockets except /tmp/.X11-unix/X1 Warning: Cannot confine the application using AppArmor. Maybe firejail-default AppArmor profile is not loaded into the kernel. As root, run "aa-enforce firejail-default" to load it. r/bin/luahbtex Disable /usr/bin/luajithbtex Disable /usr/bin/luajittex Disable /usr/bin/luahbtex (requested /usr/bin/lualatex) Disable /usr/bin/luatex Disable /usr/bin/luarocks Disable /usr/bin/luarocks-admin Disable /usr/lib/lua Disable /usr/share/lua Disable /usr/bin/node Disable /usr/bin/core_perl/cpan Disable /usr/bin/core_perl Disable /usr/bin/perl Disable /usr/bin/site_perl Disable /usr/bin/vendor_perl Disable /usr/lib/perl5 Disable /usr/share/perl5 Disable /usr/share/perl-image-exiftool Disable /usr/bin/ruby Disable /usr/lib/ruby Disable /usr/bin/python2.7 (requested /usr/bin/python2) Disable /usr/bin/python2.7-config (requested /usr/bin/python2-config) Disable /usr/bin/python2.7 Disable /usr/bin/python2.7-config Disable /usr/lib/python2.7 Disable /usr/bin/python3.8 (requested /usr/bin/python3) Disable /usr/bin/python3.8-config (requested /usr/bin/python3-config) Disable /usr/bin/python3.8 Disable /usr/bin/python3.8-config Disable /usr/lib/python3.8 Not blacklist /home/stephen/.config/chromium Not blacklist /home/stephen/.config/chromium-flags.conf Not blacklist /home/stephen/.cache/chromium Mounting read-only /home/stephen/.config/user-dirs.dirs 1276 919 0:23 /home/stephen/.config/user-dirs.dirs /home/stephen/.config/user-dirs.dirs ro,relatime master:71 - btrfs /dev/mapper/ecRoot rw,space_cache,subvolid=259,subvol=/home mountid=1276 fsname=/home/stephen/.config/user-dirs.dirs dir=/home/stephen/.config/user-dirs.dirs fstype=btrfs Disable /sys/fs Disable /sys/module Disable /mnt Disable /run/mount Disable /run/media Mounting noexec /run/firejail/mnt/pulse Creating empty /home/stephen/.config/pulse directory Mounting /run/firejail/mnt/pulse on /home/stephen/.config/pulse 1283 910 0:63 /pulse /home/stephen/.config/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755 mountid=1283 fsname=/pulse dir=/home/stephen/.config/pulse fstype=tmpfs Current directory: /home/stephen Mounting read-only /run/firejail/mnt/seccomp Set caps filter 240000 Drop privileges: pid 1, uid 1000, gid 1000, nogroups 1 No supplementary groups ]0;firejail chromium Child process initialized in 86.87 ms starting application LD_PRELOAD=(null) execvp argument 0: chromium (chromium:6): IBUS-WARNING **: 11:40:48.211: Unable to connect to ibus: Could not connect: Connection refused Parent is shutting down, bye... ``` </details> EDIT: I forgot to mention this does occur in the case where there are multiple Linux X11 sessions on the same computer. The first will have DISPLAY set to ":0", and the latter session will have a different id. It is in this situation where this problem can occur.