github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #3684] Error: proc 52651 cannot sync with peer: unexpected EOF #2319

New issue
Open
opened 2026-05-05 09:00:33 -06:00 by gitea-mirror · 1 comment
gitea-mirror commented 2026-05-05 09:00:33 -06:00
Owner
Copy link

Originally created by @nicovs on GitHub (Oct 21, 2020).
Original GitHub issue: https://github.com/netblue30/firejail/issues/3684

Bug and expected behavior

  • When trying to deploy a website with Capistrano (over SSH) to a firejailed user on a server, we get the following errors in 1 out of 2 deploys... meaning: it sometimes works, sometimes we get this error
      33 mkdir -p /srv/domain.be/wwwroot/shared/files/MediaLibrary
      33 Access error: uid 1142, last mount name:/tmp/autoUcRmB3 dir:/tmp/autoeVtaBv type:ext4 - invalid read-only mount
      33 Error: proc 10903 cannot sync with peer: unexpected EOF
      33 Peer 10959 unexpectedly exited with status 1

or

      07 rm -rf /srv/domain.be/wwwroot/releases/20201021105308/src/Frontend/Files/Blog
      07 Access error: uid 1142, last mount name:/tmp/autog7Gqza dir:/tmp/autoWQoum0 type:ext4 - invalid read-write mount
      07 Error: proc 7634 cannot sync with peer: unexpected EOF
      07 Peer 7649 unexpectedly exited with status 1

or

      35 rm -rf /srv/domain.be/wwwroot/releases/20201021105643/src/Frontend/Files/MediaLibrary
      35 Access error: uid 1142, last mount name:/ dir:/srv/domain.be type:zfs - invalid whitelist mount
      35 Error: proc 66445 cannot sync with peer: unexpected EOF
      35 Peer 66446 unexpectedly exited with status 1

So it's seems like it's always doing this on different steps, as if the SSH connection drops or something.

Reproduce
The profile i'm using:

include /etc/firejail/ssh.local
include /etc/firejail/vim.profile
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-common.inc
include /etc/firejail/ssh.local

blacklist /data*
blacklist /etc/php/*/fpm
blacklist /tmp/.X11-unix
blacklist /tmp/sess_*
blacklist /usr/libexec/netdata*
blacklist /usr/local/sanoid*
blacklist /usr/local/src*
blacklist /usr/share/man
blacklist /var/lib/varnish
blacklist /var/run/acme
blacklist /var/run/apache2
blacklist /var/run/fail2ban
blacklist /var/run/haproxy*
blacklist /var/run/incrond*
blacklist /var/run/netdata
blacklist /var/run/newrelic
blacklist /var/run/php
blacklist /var/run/reboot-required*
blacklist /var/run/redis
blacklist /var/spool/postfix
blacklist /var/www

private-bin awk,basename,bash,cat,chmod,chown,clear,composer,cp,crontab,curl,cwebp,date,df,dig,dir,dircolors,dirname,drush,du,dwebp,echo,egrep,env,fgrep,find,getfacl,gif2webp,git,git-core,grep,groups,gunzip,gzip,head,host,img2webp,less,ln,ls,mesg,mkdir,mktemp,more,mv,mysql,mysql_backup,mysqldump,nano,nice,node,nodejs,npm,openssl,php,php?.?,python,python3,readlink,redis-cli,rm,rmdir,rsync,sed,setfacl,sh,sort,ssh,ssh-add,ssh-agent,ssh-keygen,tail,tar,tee,test,touch,tr,uname,uniq,unlink,unzip,varnishadm,vdir,vi,vim,vim.basic,vim.tiny,vwebp,wc,wget,which,whoami,wkhtmltopdf,wp,xargs,zcat,zip,zless
private-etc alternatives,crontab,fonts,group,hostname,localtime,nsswitch.conf,passwd,php,resolv.conf,services,ssl
private-dev
private-opt ls

# Miscellaneous options
quiet
caps.drop all
disable-mnt
netfilter
nodvd
nogroups
nonewprivs
noroot
nosound
notv
writable-run-user

login.users:
domain.be:--profile=/etc/firejail/shared_ssh_jail.profile --whitelist=/srv/domain.be --x11=none --rmenv=PROMPT_COMMAND --shell=/bin/bash -- /bin/bash --login

Environment

$ cat /etc/os-release
NAME="Ubuntu"
VERSION="18.04.5 LTS (Bionic Beaver)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 18.04.5 LTS"
VERSION_ID="18.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=bionic
UBUNTU_CODENAME=bionic

$ firejail --version
firejail version 0.9.62.4````

Additional context
testing firejail --debug of the profile (might of course be different because

$ firejail --debug --profile=/etc/firejail/shared_ssh_jail.profile --whitelist=/srv/domain.be --x11=none --rmenv=PROMPT_COMMAND --shell=/bin/bash -- /bin/bash --login
Reading profile /etc/firejail/shared_ssh_jail.profile
Reading profile /etc/firejail/ssh.local
Reading profile /etc/firejail/vim.profile
Found allow-common-devel.inc profile in /etc/firejail directory
Reading profile /etc/firejail/allow-common-devel.inc
Found disable-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-common.inc
Found disable-common.local profile in /etc/firejail directory
Reading profile /etc/firejail/disable-common.local
Found disable-passwdmgr.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-passwdmgr.inc
Found disable-programs.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-programs.inc
Warning: networking feature is disabled in Firejail configuration file
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-common.inc
Found disable-common.local profile in /etc/firejail directory
Reading profile /etc/firejail/disable-common.local
Reading profile /etc/firejail/ssh.local
Building quoted command line: '/bin/bash' '--login'
Command name #bash#
DISPLAY is not set
Using the local network stack
Initializing child process
Host network configured
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp directory
Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file
Build protocol filter: unix,inet,inet6
sbox run: /run/firejail/lib/fseccomp protocol build unix,inet,inet6 /run/firejail/mnt/seccomp/seccomp.protocol (null)
Dropping all capabilities
Drop privileges: pid 2, uid 1000, gid 1001, nogroups 1
No supplementary groups
Mounting /proc filesystem representing the PID namespace
Basic read-only filesystem:
Mounting read-only /etc
Mounting noexec /etc
Mounting read-only /var
Mounting noexec /var
Mounting read-only /bin
Mounting read-only /sbin
Mounting read-only /lib
Mounting read-only /lib64
Mounting read-only /lib32
Mounting read-only /usr
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Mounting tmpfs on /var/lib/dhcp
Mounting tmpfs on /var/lib/snmp
Mounting tmpfs on /var/lib/sudo
Mounting tmpfs on /var/cache/apache2
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Cleaning /run/user directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/profile
Disable /run/firejail/x11
Mounting tmpfs on /dev
mounting /run/firejail/mnt/dev/dri directory
Process /dev/shm directory
Copying files in the new /etc directory:
copying /etc/alternatives to private /etc
Creating empty /run/firejail/mnt/etc/alternatives directory
sbox run: /run/firejail/lib/fcopy /etc/alternatives /run/firejail/mnt/etc/alternatives (null)
copying /etc/crontab to private /etc
sbox run: /run/firejail/lib/fcopy /etc/crontab /run/firejail/mnt/etc (null)
copying /etc/fonts to private /etc
Creating empty /run/firejail/mnt/etc/fonts directory
sbox run: /run/firejail/lib/fcopy /etc/fonts /run/firejail/mnt/etc/fonts (null)
copying /etc/group to private /etc
sbox run: /run/firejail/lib/fcopy /etc/group /run/firejail/mnt/etc (null)
copying /etc/hostname to private /etc
sbox run: /run/firejail/lib/fcopy /etc/hostname /run/firejail/mnt/etc (null)
copying /etc/localtime to private /etc
sbox run: /run/firejail/lib/fcopy /etc/localtime /run/firejail/mnt/etc (null)
copying /etc/nsswitch.conf to private /etc
sbox run: /run/firejail/lib/fcopy /etc/nsswitch.conf /run/firejail/mnt/etc (null)
copying /etc/passwd to private /etc
sbox run: /run/firejail/lib/fcopy /etc/passwd /run/firejail/mnt/etc (null)
copying /etc/php to private /etc
Creating empty /run/firejail/mnt/etc/php directory
sbox run: /run/firejail/lib/fcopy /etc/php /run/firejail/mnt/etc/php (null)
copying /etc/resolv.conf to private /etc
sbox run: /run/firejail/lib/fcopy /etc/resolv.conf /run/firejail/mnt/etc (null)
copying /etc/services to private /etc
sbox run: /run/firejail/lib/fcopy /etc/services /run/firejail/mnt/etc (null)
copying /etc/ssl to private /etc
Creating empty /run/firejail/mnt/etc/ssl directory
sbox run: /run/firejail/lib/fcopy /etc/ssl /run/firejail/mnt/etc/ssl (null)
Mount-bind /run/firejail/mnt/etc on top of /etc
Copying files in the new /opt directory:
Mount-bind /run/firejail/mnt/opt on top of /opt
Copying files in the new bin directory
Checking /usr/local/bin/awk
Checking /usr/bin/awk
sbox run: /run/firejail/lib/fcopy /usr/bin/gawk /run/firejail/mnt/bin (null)
sbox run: /run/firejail/lib/fcopy /usr/bin/awk /run/firejail/mnt/bin (null)
Checking /usr/local/bin/basename
Checking /usr/bin/basename
sbox run: /run/firejail/lib/fcopy /usr/bin/basename /run/firejail/mnt/bin (null)
Checking /usr/local/bin/bash
Checking /usr/bin/bash
Checking /bin/bash
sbox run: /run/firejail/lib/fcopy /bin/bash /run/firejail/mnt/bin (null)
Checking /usr/local/bin/cat
Checking /usr/bin/cat
Checking /bin/cat
sbox run: /run/firejail/lib/fcopy /bin/cat /run/firejail/mnt/bin (null)
Checking /usr/local/bin/chmod
Checking /usr/bin/chmod
Checking /bin/chmod
sbox run: /run/firejail/lib/fcopy /bin/chmod /run/firejail/mnt/bin (null)
Checking /usr/local/bin/chown
Checking /usr/bin/chown
Checking /bin/chown
sbox run: /run/firejail/lib/fcopy /bin/chown /run/firejail/mnt/bin (null)
Checking /usr/local/bin/clear
Checking /usr/bin/clear
sbox run: /run/firejail/lib/fcopy /usr/bin/clear /run/firejail/mnt/bin (null)
Checking /usr/local/bin/composer
sbox run: /run/firejail/lib/fcopy /usr/local/bin/composer /run/firejail/mnt/bin (null)
Checking /usr/local/bin/cp
Checking /usr/bin/cp
Checking /bin/cp
sbox run: /run/firejail/lib/fcopy /bin/cp /run/firejail/mnt/bin (null)
Checking /usr/local/bin/crontab
Checking /usr/bin/crontab
sbox run: /run/firejail/lib/fcopy /usr/bin/crontab /run/firejail/mnt/bin (null)
Checking /usr/local/bin/curl
Checking /usr/bin/curl
sbox run: /run/firejail/lib/fcopy /usr/bin/curl /run/firejail/mnt/bin (null)
Checking /usr/local/bin/cwebp
Checking /usr/bin/cwebp
sbox run: /run/firejail/lib/fcopy /usr/bin/cwebp /run/firejail/mnt/bin (null)
Checking /usr/local/bin/date
Checking /usr/bin/date
Checking /bin/date
sbox run: /run/firejail/lib/fcopy /bin/date /run/firejail/mnt/bin (null)
Checking /usr/local/bin/df
Checking /usr/bin/df
Checking /bin/df
sbox run: /run/firejail/lib/fcopy /bin/df /run/firejail/mnt/bin (null)
Checking /usr/local/bin/dig
Checking /usr/bin/dig
sbox run: /run/firejail/lib/fcopy /usr/bin/dig /run/firejail/mnt/bin (null)
Checking /usr/local/bin/dir
Checking /usr/bin/dir
Checking /bin/dir
sbox run: /run/firejail/lib/fcopy /bin/dir /run/firejail/mnt/bin (null)
Checking /usr/local/bin/dircolors
Checking /usr/bin/dircolors
sbox run: /run/firejail/lib/fcopy /usr/bin/dircolors /run/firejail/mnt/bin (null)
Checking /usr/local/bin/dirname
Checking /usr/bin/dirname
sbox run: /run/firejail/lib/fcopy /usr/bin/dirname /run/firejail/mnt/bin (null)
Checking /usr/local/bin/drush
sbox run: /run/firejail/lib/fcopy /usr/local/bin/drush /run/firejail/mnt/bin (null)
Checking /usr/local/bin/du
Checking /usr/bin/du
sbox run: /run/firejail/lib/fcopy /usr/bin/du /run/firejail/mnt/bin (null)
Checking /usr/local/bin/dwebp
Checking /usr/bin/dwebp
sbox run: /run/firejail/lib/fcopy /usr/bin/dwebp /run/firejail/mnt/bin (null)
Checking /usr/local/bin/echo
Checking /usr/bin/echo
Checking /bin/echo
sbox run: /run/firejail/lib/fcopy /bin/echo /run/firejail/mnt/bin (null)
Checking /usr/local/bin/egrep
Checking /usr/bin/egrep
Checking /bin/egrep
sbox run: /run/firejail/lib/fcopy /bin/egrep /run/firejail/mnt/bin (null)
Checking /usr/local/bin/env
Checking /usr/bin/env
sbox run: /run/firejail/lib/fcopy /usr/bin/env /run/firejail/mnt/bin (null)
Checking /usr/local/bin/fgrep
Checking /usr/bin/fgrep
Checking /bin/fgrep
sbox run: /run/firejail/lib/fcopy /bin/fgrep /run/firejail/mnt/bin (null)
Checking /usr/local/bin/find
Checking /usr/bin/find
sbox run: /run/firejail/lib/fcopy /usr/bin/find /run/firejail/mnt/bin (null)
Checking /usr/local/bin/getfacl
Checking /usr/bin/getfacl
sbox run: /run/firejail/lib/fcopy /bin/getfacl /run/firejail/mnt/bin (null)
sbox run: /run/firejail/lib/fcopy /usr/bin/getfacl /run/firejail/mnt/bin (null)
Checking /usr/local/bin/gif2webp
Checking /usr/bin/gif2webp
sbox run: /run/firejail/lib/fcopy /usr/bin/gif2webp /run/firejail/mnt/bin (null)
Checking /usr/local/bin/git
Checking /usr/bin/git
sbox run: /run/firejail/lib/fcopy /usr/bin/git /run/firejail/mnt/bin (null)
Checking /usr/local/bin/git-core
Checking /usr/bin/git-core
Checking /bin/git-core
Checking /usr/games/git-core
Checking /usr/local/games/git-core
Checking /usr/local/sbin/git-core
Checking /usr/sbin/git-core
Checking /sbin/git-core
Checking /usr/local/bin/grep
Checking /usr/bin/grep
Checking /bin/grep
sbox run: /run/firejail/lib/fcopy /bin/grep /run/firejail/mnt/bin (null)
Checking /usr/local/bin/groups
Checking /usr/bin/groups
sbox run: /run/firejail/lib/fcopy /usr/bin/groups /run/firejail/mnt/bin (null)
Checking /usr/local/bin/gunzip
Checking /usr/bin/gunzip
Checking /bin/gunzip
sbox run: /run/firejail/lib/fcopy /bin/gunzip /run/firejail/mnt/bin (null)
Checking /usr/local/bin/gzip
Checking /usr/bin/gzip
Checking /bin/gzip
sbox run: /run/firejail/lib/fcopy /bin/gzip /run/firejail/mnt/bin (null)
Checking /usr/local/bin/head
Checking /usr/bin/head
sbox run: /run/firejail/lib/fcopy /usr/bin/head /run/firejail/mnt/bin (null)
Checking /usr/local/bin/host
Checking /usr/bin/host
sbox run: /run/firejail/lib/fcopy /usr/bin/host /run/firejail/mnt/bin (null)
Checking /usr/local/bin/img2webp
Checking /usr/bin/img2webp
sbox run: /run/firejail/lib/fcopy /usr/bin/img2webp /run/firejail/mnt/bin (null)
Checking /usr/local/bin/less
Checking /usr/bin/less
sbox run: /run/firejail/lib/fcopy /bin/less /run/firejail/mnt/bin (null)
sbox run: /run/firejail/lib/fcopy /usr/bin/less /run/firejail/mnt/bin (null)
Checking /usr/local/bin/ln
Checking /usr/bin/ln
Checking /bin/ln
sbox run: /run/firejail/lib/fcopy /bin/ln /run/firejail/mnt/bin (null)
Checking /usr/local/bin/ls
Checking /usr/bin/ls
Checking /bin/ls
sbox run: /run/firejail/lib/fcopy /bin/ls /run/firejail/mnt/bin (null)
Checking /usr/local/bin/mesg
Checking /usr/bin/mesg
sbox run: /run/firejail/lib/fcopy /usr/bin/mesg /run/firejail/mnt/bin (null)
Checking /usr/local/bin/mkdir
Checking /usr/bin/mkdir
Checking /bin/mkdir
sbox run: /run/firejail/lib/fcopy /bin/mkdir /run/firejail/mnt/bin (null)
Checking /usr/local/bin/mktemp
Checking /usr/bin/mktemp
Checking /bin/mktemp
sbox run: /run/firejail/lib/fcopy /bin/mktemp /run/firejail/mnt/bin (null)
Checking /usr/local/bin/more
Checking /usr/bin/more
Checking /bin/more
sbox run: /run/firejail/lib/fcopy /bin/more /run/firejail/mnt/bin (null)
Checking /usr/local/bin/mv
Checking /usr/bin/mv
Checking /bin/mv
sbox run: /run/firejail/lib/fcopy /bin/mv /run/firejail/mnt/bin (null)
Checking /usr/local/bin/mysql
Checking /usr/bin/mysql
sbox run: /run/firejail/lib/fcopy /usr/bin/mysql /run/firejail/mnt/bin (null)
Checking /usr/local/bin/mysql_backup
sbox run: /run/firejail/lib/fcopy /usr/local/bin/mysql_backup /run/firejail/mnt/bin (null)
Checking /usr/local/bin/mysqldump
Checking /usr/bin/mysqldump
sbox run: /run/firejail/lib/fcopy /usr/bin/mysqldump /run/firejail/mnt/bin (null)
Checking /usr/local/bin/nano
Checking /usr/bin/nano
Checking /bin/nano
sbox run: /run/firejail/lib/fcopy /bin/nano /run/firejail/mnt/bin (null)
Checking /usr/local/bin/nice
Checking /usr/bin/nice
sbox run: /run/firejail/lib/fcopy /usr/bin/nice /run/firejail/mnt/bin (null)
Checking /usr/local/bin/node
Checking /usr/bin/node
sbox run: /run/firejail/lib/fcopy /usr/bin/node /run/firejail/mnt/bin (null)
Checking /usr/local/bin/nodejs
Checking /usr/bin/nodejs
sbox run: /run/firejail/lib/fcopy /usr/bin/node /run/firejail/mnt/bin (null)
sbox run: /run/firejail/lib/fcopy /usr/bin/nodejs /run/firejail/mnt/bin (null)
Checking /usr/local/bin/npm
Checking /usr/bin/npm
file /usr/lib/node_modules/npm/bin/npm-cli.js not found
sbox run: /run/firejail/lib/fcopy /usr/bin/npm /run/firejail/mnt/bin (null)
Checking /usr/local/bin/openssl
Checking /usr/bin/openssl
sbox run: /run/firejail/lib/fcopy /usr/bin/openssl /run/firejail/mnt/bin (null)
Checking /usr/local/bin/php
Checking /usr/bin/php
sbox run: /run/firejail/lib/fcopy /usr/bin/php7.4 /run/firejail/mnt/bin (null)
sbox run: /run/firejail/lib/fcopy /usr/bin/php /run/firejail/mnt/bin (null)
sbox run: /run/firejail/lib/fcopy /usr/bin/php5.6 /run/firejail/mnt/bin (null)
sbox run: /run/firejail/lib/fcopy /usr/bin/php7.1 /run/firejail/mnt/bin (null)
sbox run: /run/firejail/lib/fcopy /usr/bin/php7.3 /run/firejail/mnt/bin (null)
sbox run: /run/firejail/lib/fcopy /usr/bin/php7.2 /run/firejail/mnt/bin (null)
sbox run: /run/firejail/lib/fcopy /usr/bin/php7.4 /run/firejail/mnt/bin (null)
sbox run: /run/firejail/lib/fcopy /usr/bin/php7.0 /run/firejail/mnt/bin (null)
Checking /usr/local/bin/python
Checking /usr/bin/python
sbox run: /run/firejail/lib/fcopy /usr/bin/python2.7 /run/firejail/mnt/bin (null)
sbox run: /run/firejail/lib/fcopy /usr/bin/python /run/firejail/mnt/bin (null)
Checking /usr/local/bin/python3
Checking /usr/bin/python3
sbox run: /run/firejail/lib/fcopy /usr/bin/python3.6 /run/firejail/mnt/bin (null)
sbox run: /run/firejail/lib/fcopy /usr/bin/python3 /run/firejail/mnt/bin (null)
Checking /usr/local/bin/readlink
Checking /usr/bin/readlink
Checking /bin/readlink
sbox run: /run/firejail/lib/fcopy /bin/readlink /run/firejail/mnt/bin (null)
Checking /usr/local/bin/redis-cli
Checking /usr/bin/redis-cli
sbox run: /run/firejail/lib/fcopy /usr/bin/redis-cli /run/firejail/mnt/bin (null)
Checking /usr/local/bin/rm
Checking /usr/bin/rm
Checking /bin/rm
sbox run: /run/firejail/lib/fcopy /bin/rm /run/firejail/mnt/bin (null)
Checking /usr/local/bin/rmdir
Checking /usr/bin/rmdir
Checking /bin/rmdir
sbox run: /run/firejail/lib/fcopy /bin/rmdir /run/firejail/mnt/bin (null)
Checking /usr/local/bin/rsync
Checking /usr/bin/rsync
sbox run: /run/firejail/lib/fcopy /usr/bin/rsync /run/firejail/mnt/bin (null)
Checking /usr/local/bin/sed
Checking /usr/bin/sed
Checking /bin/sed
sbox run: /run/firejail/lib/fcopy /bin/sed /run/firejail/mnt/bin (null)
Checking /usr/local/bin/setfacl
Checking /usr/bin/setfacl
sbox run: /run/firejail/lib/fcopy /bin/setfacl /run/firejail/mnt/bin (null)
sbox run: /run/firejail/lib/fcopy /usr/bin/setfacl /run/firejail/mnt/bin (null)
Checking /usr/local/bin/sh
Checking /usr/bin/sh
Checking /bin/sh
sbox run: /run/firejail/lib/fcopy /bin/dash /run/firejail/mnt/bin (null)
sbox run: /run/firejail/lib/fcopy /bin/sh /run/firejail/mnt/bin (null)
Checking /usr/local/bin/sort
Checking /usr/bin/sort
sbox run: /run/firejail/lib/fcopy /usr/bin/sort /run/firejail/mnt/bin (null)
Checking /usr/local/bin/ssh
Checking /usr/bin/ssh
sbox run: /run/firejail/lib/fcopy /usr/bin/ssh /run/firejail/mnt/bin (null)
Checking /usr/local/bin/ssh-add
Checking /usr/bin/ssh-add
sbox run: /run/firejail/lib/fcopy /usr/bin/ssh-add /run/firejail/mnt/bin (null)
Checking /usr/local/bin/ssh-agent
Checking /usr/bin/ssh-agent
sbox run: /run/firejail/lib/fcopy /usr/bin/ssh-agent /run/firejail/mnt/bin (null)
Checking /usr/local/bin/ssh-keygen
Checking /usr/bin/ssh-keygen
sbox run: /run/firejail/lib/fcopy /usr/bin/ssh-keygen /run/firejail/mnt/bin (null)
Checking /usr/local/bin/tail
Checking /usr/bin/tail
sbox run: /run/firejail/lib/fcopy /usr/bin/tail /run/firejail/mnt/bin (null)
Checking /usr/local/bin/tar
Checking /usr/bin/tar
Checking /bin/tar
sbox run: /run/firejail/lib/fcopy /bin/tar /run/firejail/mnt/bin (null)
Checking /usr/local/bin/tee
Checking /usr/bin/tee
sbox run: /run/firejail/lib/fcopy /usr/bin/tee /run/firejail/mnt/bin (null)
Checking /usr/local/bin/test
Checking /usr/bin/test
sbox run: /run/firejail/lib/fcopy /usr/bin/test /run/firejail/mnt/bin (null)
Checking /usr/local/bin/touch
Checking /usr/bin/touch
sbox run: /run/firejail/lib/fcopy /bin/touch /run/firejail/mnt/bin (null)
sbox run: /run/firejail/lib/fcopy /usr/bin/touch /run/firejail/mnt/bin (null)
Checking /usr/local/bin/tr
Checking /usr/bin/tr
sbox run: /run/firejail/lib/fcopy /usr/bin/tr /run/firejail/mnt/bin (null)
Checking /usr/local/bin/uname
Checking /usr/bin/uname
Checking /bin/uname
sbox run: /run/firejail/lib/fcopy /bin/uname /run/firejail/mnt/bin (null)
Checking /usr/local/bin/uniq
Checking /usr/bin/uniq
sbox run: /run/firejail/lib/fcopy /usr/bin/uniq /run/firejail/mnt/bin (null)
Checking /usr/local/bin/unlink
Checking /usr/bin/unlink
sbox run: /run/firejail/lib/fcopy /usr/bin/unlink /run/firejail/mnt/bin (null)
Checking /usr/local/bin/unzip
Checking /usr/bin/unzip
sbox run: /run/firejail/lib/fcopy /usr/bin/unzip /run/firejail/mnt/bin (null)
Checking /usr/local/bin/varnishadm
Checking /usr/bin/varnishadm
sbox run: /run/firejail/lib/fcopy /usr/bin/varnishadm /run/firejail/mnt/bin (null)
Checking /usr/local/bin/vdir
Checking /usr/bin/vdir
Checking /bin/vdir
sbox run: /run/firejail/lib/fcopy /bin/vdir /run/firejail/mnt/bin (null)
Checking /usr/local/bin/vi
Checking /usr/bin/vi
sbox run: /run/firejail/lib/fcopy /usr/bin/vim.basic /run/firejail/mnt/bin (null)
sbox run: /run/firejail/lib/fcopy /usr/bin/vi /run/firejail/mnt/bin (null)
Checking /usr/local/bin/vim
Checking /usr/bin/vim
sbox run: /run/firejail/lib/fcopy /usr/bin/vim.basic /run/firejail/mnt/bin (null)
sbox run: /run/firejail/lib/fcopy /usr/bin/vim /run/firejail/mnt/bin (null)
Checking /usr/local/bin/vim.basic
Checking /usr/bin/vim.basic
sbox run: /run/firejail/lib/fcopy /usr/bin/vim.basic /run/firejail/mnt/bin (null)
Checking /usr/local/bin/vim.tiny
Checking /usr/bin/vim.tiny
sbox run: /run/firejail/lib/fcopy /usr/bin/vim.tiny /run/firejail/mnt/bin (null)
Checking /usr/local/bin/vwebp
Checking /usr/bin/vwebp
sbox run: /run/firejail/lib/fcopy /usr/bin/vwebp /run/firejail/mnt/bin (null)
Checking /usr/local/bin/wc
Checking /usr/bin/wc
sbox run: /run/firejail/lib/fcopy /usr/bin/wc /run/firejail/mnt/bin (null)
Checking /usr/local/bin/wget
Checking /usr/bin/wget
sbox run: /run/firejail/lib/fcopy /usr/bin/wget /run/firejail/mnt/bin (null)
Checking /usr/local/bin/which
Checking /usr/bin/which
sbox run: /run/firejail/lib/fcopy /bin/which /run/firejail/mnt/bin (null)
sbox run: /run/firejail/lib/fcopy /usr/bin/which /run/firejail/mnt/bin (null)
Checking /usr/local/bin/whoami
Checking /usr/bin/whoami
sbox run: /run/firejail/lib/fcopy /usr/bin/whoami /run/firejail/mnt/bin (null)
Checking /usr/local/bin/wkhtmltopdf
sbox run: /run/firejail/lib/fcopy /usr/local/bin/wkhtmltopdf /run/firejail/mnt/bin (null)
Checking /usr/local/bin/wp
sbox run: /run/firejail/lib/fcopy /usr/local/bin/wp /run/firejail/mnt/bin (null)
Checking /usr/local/bin/xargs
Checking /usr/bin/xargs
sbox run: /run/firejail/lib/fcopy /usr/bin/xargs /run/firejail/mnt/bin (null)
Checking /usr/local/bin/zcat
Checking /usr/bin/zcat
Checking /bin/zcat
sbox run: /run/firejail/lib/fcopy /bin/zcat /run/firejail/mnt/bin (null)
Checking /usr/local/bin/zip
Checking /usr/bin/zip
Checking /bin/zip
Checking /usr/games/zip
Checking /usr/local/games/zip
Checking /usr/local/sbin/zip
Checking /usr/sbin/zip
Checking /sbin/zip
Checking /usr/local/bin/zless
Checking /usr/bin/zless
Checking /bin/zless
sbox run: /run/firejail/lib/fcopy /bin/zless /run/firejail/mnt/bin (null)
Mount-bind /run/firejail/mnt/bin on top of /usr/local/bin
Mount-bind /run/firejail/mnt/bin on top of /usr/bin
Mount-bind /run/firejail/mnt/bin on top of /bin
Mount-bind /run/firejail/mnt/bin on top of /usr/games
Mount-bind /run/firejail/mnt/bin on top of /usr/local/games
Mount-bind /run/firejail/mnt/bin on top of /usr/local/sbin
Mount-bind /run/firejail/mnt/bin on top of /usr/sbin
Mount-bind /run/firejail/mnt/bin on top of /sbin
Mounting read-only /proc/sys
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /sys/kernel/uevent_helper
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/kernel/hotplug
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/sched_debug
Disable /proc/timer_list
Disable /proc/kcore
Disable /proc/kallsyms
Disable /lib/modules
Disable /boot
Disable /proc/kmsg
Debug 423: new_name #/srv/domain.be#, whitelist
Mounting tmpfs on /srv directory
Whitelisting /srv/domain.be
7160 7159 0:295 / /srv/domain.be rw master:2632 - zfs data/vhosts/domain.be rw,xattr,noacl
mountid=7160 fsname=/ dir=/srv/domain.be fstype=zfs
Not blacklist /home/nicovs/.zsh_history
Not blacklist /home/nicovs/.python-history
Not blacklist /home/nicovs/.python_history
Not blacklist /home/nicovs/.pythonhist
Disable /home/nicovs/.lesshst
Not blacklist /home/nicovs/.viminfo
Disable /var/lib/systemd
Disable /var/cache/apt
Disable /var/lib/apt
Disable /var/lib/dkms
Disable /var/mail
Disable /var/opt
Disable /run/acpid.socket (requested /var/run/acpid.socket)
Disable /run/rpcbind.sock (requested /var/run/rpcbind.sock)
Not blacklist /var/spool/cron
Disable /var/mail (requested /var/spool/mail)
Disable /etc/crontab
Mounting read-only /home/nicovs/.bash_aliases
7173 6910 252:1 /home/nicovs/.bash_aliases /home/nicovs/.bash_aliases ro,relatime master:1 - ext4 /dev/vda1 rw,errors=remount-ro,stripe=4096
mountid=7173 fsname=/home/nicovs/.bash_aliases dir=/home/nicovs/.bash_aliases fstype=ext4
Mounting read-only /home/nicovs/.bash_logout
7174 6910 252:1 /home/nicovs/.bash_logout /home/nicovs/.bash_logout ro,relatime master:1 - ext4 /dev/vda1 rw,errors=remount-ro,stripe=4096
mountid=7174 fsname=/home/nicovs/.bash_logout dir=/home/nicovs/.bash_logout fstype=ext4
Mounting read-only /home/nicovs/.bashrc
7175 6910 252:1 /home/nicovs/.bashrc /home/nicovs/.bashrc ro,relatime master:1 - ext4 /dev/vda1 rw,errors=remount-ro,stripe=4096
mountid=7175 fsname=/home/nicovs/.bashrc dir=/home/nicovs/.bashrc fstype=ext4
Mounting read-only /home/nicovs/.profile
7176 6910 252:1 /home/nicovs/.profile /home/nicovs/.profile ro,relatime master:1 - ext4 /dev/vda1 rw,errors=remount-ro,stripe=4096
mountid=7176 fsname=/home/nicovs/.profile dir=/home/nicovs/.profile fstype=ext4
Mounting read-only /home/nicovs/.zshrc
7177 6910 252:1 /home/nicovs/.zshrc /home/nicovs/.zshrc ro,relatime master:1 - ext4 /dev/vda1 rw,errors=remount-ro,stripe=4096
mountid=7177 fsname=/home/nicovs/.zshrc dir=/home/nicovs/.zshrc fstype=ext4
Mounting read-only /home/nicovs/.ssh/authorized_keys
7178 6910 252:1 /home/nicovs/.ssh/authorized_keys /home/nicovs/.ssh/authorized_keys ro,relatime master:1 - ext4 /dev/vda1 rw,errors=remount-ro,stripe=4096
mountid=7178 fsname=/home/nicovs/.ssh/authorized_keys dir=/home/nicovs/.ssh/authorized_keys fstype=ext4
Mounting read-only /home/nicovs/.vim
7179 6910 252:1 /home/nicovs/.vim /home/nicovs/.vim ro,relatime master:1 - ext4 /dev/vda1 rw,errors=remount-ro,stripe=4096
mountid=7179 fsname=/home/nicovs/.vim dir=/home/nicovs/.vim fstype=ext4
Mounting read-only /home/nicovs/.viminfo
7180 6910 252:1 /home/nicovs/.viminfo /home/nicovs/.viminfo ro,relatime master:1 - ext4 /dev/vda1 rw,errors=remount-ro,stripe=4096
mountid=7180 fsname=/home/nicovs/.viminfo dir=/home/nicovs/.viminfo fstype=ext4
Mounting read-only /home/nicovs/.vimrc
7181 6910 252:1 /home/nicovs/.vimrc /home/nicovs/.vimrc ro,relatime master:1 - ext4 /dev/vda1 rw,errors=remount-ro,stripe=4096
mountid=7181 fsname=/home/nicovs/.vimrc dir=/home/nicovs/.vimrc fstype=ext4
Not blacklist /home/nicovs/.git-credentials
Disable /home/nicovs/.gnupg
Not blacklist /home/nicovs/.ssh
Not blacklist /etc/ssh
Disable /sbin
Disable /usr/local/sbin
Disable /usr/sbin
Not blacklist /usr/local/sbin/crontab
Not blacklist /usr/local/bin/crontab
Not blacklist /usr/sbin/crontab
Not blacklist /usr/bin/crontab
Not blacklist /sbin/crontab
Not blacklist /bin/crontab
Not blacklist /usr/games/crontab
Not blacklist /usr/local/games/crontab
Not blacklist /snap/bin/crontab
Not blacklist /home/nicovs/.cargo/registry
Not blacklist /home/nicovs/.cargo/config
Not blacklist /home/nicovs/.config/git
Not blacklist /home/nicovs/.gitconfig
Not blacklist /home/nicovs/.gradle
Not blacklist /home/nicovs/.java
Not blacklist /home/nicovs/.nanorc
Not blacklist /home/nicovs/.vim
Not blacklist /home/nicovs/.vimrc
Disable /home/nicovs/.wget-hsts
Not blacklist /tmp/ssh-b93vLnrJTd
Not blacklist /home/nicovs/.cargo/registry
Not blacklist /home/nicovs/.cargo/config
Not blacklist /home/nicovs/.config/git
Not blacklist /home/nicovs/.gitconfig
Not blacklist /home/nicovs/.gradle
Not blacklist /home/nicovs/.java
Not blacklist /home/nicovs/.nanorc
Not blacklist /home/nicovs/.vim
Not blacklist /home/nicovs/.vimrc
Disable /home/nicovs/.wget-hsts
Not blacklist /tmp/ssh-b93vLnrJTd
Mounting read-write /home/nicovs/.ssh/authorized_keys
7188 7178 252:1 /home/nicovs/.ssh/authorized_keys /home/nicovs/.ssh/authorized_keys rw,relatime master:1 - ext4 /dev/vda1 rw,errors=remount-ro,stripe=4096
mountid=7188 fsname=/home/nicovs/.ssh/authorized_keys dir=/home/nicovs/.ssh/authorized_keys fstype=ext4
Mounting read-write /home/nicovs/.vim
7189 7179 252:1 /home/nicovs/.vim /home/nicovs/.vim rw,relatime master:1 - ext4 /dev/vda1 rw,errors=remount-ro,stripe=4096
mountid=7189 fsname=/home/nicovs/.vim dir=/home/nicovs/.vim fstype=ext4
Mounting read-write /home/nicovs/.viminfo
7190 7180 252:1 /home/nicovs/.viminfo /home/nicovs/.viminfo rw,relatime master:1 - ext4 /dev/vda1 rw,errors=remount-ro,stripe=4096
mountid=7190 fsname=/home/nicovs/.viminfo dir=/home/nicovs/.viminfo fstype=ext4
Mounting read-write /home/nicovs/.vimrc
7191 7181 252:1 /home/nicovs/.vimrc /home/nicovs/.vimrc rw,relatime master:1 - ext4 /dev/vda1 rw,errors=remount-ro,stripe=4096
mountid=7191 fsname=/home/nicovs/.vimrc dir=/home/nicovs/.vimrc fstype=ext4
Not blacklist /home/nicovs/.zsh_history
Not blacklist /home/nicovs/.python-history
Not blacklist /home/nicovs/.python_history
Not blacklist /home/nicovs/.pythonhist
Disable /home/nicovs/.lesshst
Not blacklist /home/nicovs/.viminfo
Disable /var/lib/systemd
Disable /var/cache/apt
Disable /var/lib/apt
Disable /var/lib/dkms
Disable /var/mail
Disable /var/opt
Disable /run/acpid.socket (requested /var/run/acpid.socket)
Disable /run/rpcbind.sock (requested /var/run/rpcbind.sock)
Not blacklist /var/spool/cron
Disable /var/mail (requested /var/spool/mail)
Disable /etc/crontab
Mounting read-only /home/nicovs/.ssh/authorized_keys
7203 7188 252:1 /home/nicovs/.ssh/authorized_keys /home/nicovs/.ssh/authorized_keys ro,relatime master:1 - ext4 /dev/vda1 rw,errors=remount-ro,stripe=4096
mountid=7203 fsname=/home/nicovs/.ssh/authorized_keys dir=/home/nicovs/.ssh/authorized_keys fstype=ext4
Mounting read-only /home/nicovs/.vim
7204 7189 252:1 /home/nicovs/.vim /home/nicovs/.vim ro,relatime master:1 - ext4 /dev/vda1 rw,errors=remount-ro,stripe=4096
mountid=7204 fsname=/home/nicovs/.vim dir=/home/nicovs/.vim fstype=ext4
Mounting read-only /home/nicovs/.viminfo
7205 7190 252:1 /home/nicovs/.viminfo /home/nicovs/.viminfo ro,relatime master:1 - ext4 /dev/vda1 rw,errors=remount-ro,stripe=4096
mountid=7205 fsname=/home/nicovs/.viminfo dir=/home/nicovs/.viminfo fstype=ext4
Mounting read-only /home/nicovs/.vimrc
7206 7191 252:1 /home/nicovs/.vimrc /home/nicovs/.vimrc ro,relatime master:1 - ext4 /dev/vda1 rw,errors=remount-ro,stripe=4096
mountid=7206 fsname=/home/nicovs/.vimrc dir=/home/nicovs/.vimrc fstype=ext4
Not blacklist /home/nicovs/.git-credentials
Disable /home/nicovs/.gnupg
Not blacklist /home/nicovs/.ssh
Not blacklist /etc/ssh
Disable /sbin
Disable /usr/local/sbin
Disable /usr/sbin
Not blacklist /usr/local/sbin/crontab
Not blacklist /usr/local/bin/crontab
Not blacklist /usr/sbin/crontab
Not blacklist /usr/bin/crontab
Not blacklist /sbin/crontab
Not blacklist /bin/crontab
Not blacklist /usr/games/crontab
Not blacklist /usr/local/games/crontab
Not blacklist /snap/bin/crontab
Mounting read-write /home/nicovs/.bash_aliases
7211 7173 252:1 /home/nicovs/.bash_aliases /home/nicovs/.bash_aliases rw,relatime master:1 - ext4 /dev/vda1 rw,errors=remount-ro,stripe=4096
mountid=7211 fsname=/home/nicovs/.bash_aliases dir=/home/nicovs/.bash_aliases fstype=ext4
Mounting read-write /home/nicovs/.ssh/authorized_keys
7212 7203 252:1 /home/nicovs/.ssh/authorized_keys /home/nicovs/.ssh/authorized_keys rw,relatime master:1 - ext4 /dev/vda1 rw,errors=remount-ro,stripe=4096
mountid=7212 fsname=/home/nicovs/.ssh/authorized_keys dir=/home/nicovs/.ssh/authorized_keys fstype=ext4
Mounting read-write /home/nicovs/.vim
7213 7204 252:1 /home/nicovs/.vim /home/nicovs/.vim rw,relatime master:1 - ext4 /dev/vda1 rw,errors=remount-ro,stripe=4096
mountid=7213 fsname=/home/nicovs/.vim dir=/home/nicovs/.vim fstype=ext4
Mounting read-write /home/nicovs/.viminfo
7214 7205 252:1 /home/nicovs/.viminfo /home/nicovs/.viminfo rw,relatime master:1 - ext4 /dev/vda1 rw,errors=remount-ro,stripe=4096
mountid=7214 fsname=/home/nicovs/.viminfo dir=/home/nicovs/.viminfo fstype=ext4
Mounting read-write /home/nicovs/.vimrc
7215 7206 252:1 /home/nicovs/.vimrc /home/nicovs/.vimrc rw,relatime master:1 - ext4 /dev/vda1 rw,errors=remount-ro,stripe=4096
mountid=7215 fsname=/home/nicovs/.vimrc dir=/home/nicovs/.vimrc fstype=ext4
Disable /data
Disable /etc/php/7.2/fpm
Disable /etc/php/7.1/fpm
Disable /etc/php/7.0/fpm
Disable /etc/php/7.4/fpm
Disable /etc/php/7.3/fpm
Disable /etc/php/5.6/fpm
Disable /tmp/.X11-unix
Disable /usr/local/sanoid
Disable /usr/local/src
Disable /usr/share/man
Disable /var/lib/varnish
Disable /run/apache2 (requested /var/run/apache2)
Disable /run/fail2ban (requested /var/run/fail2ban)
Disable /run/haproxy.pid (requested /var/run/haproxy.pid)
Disable /run/haproxy (requested /var/run/haproxy)
Disable /run/php (requested /var/run/php)
Disable /run/redis (requested /var/run/redis)
Disable /var/spool/postfix
Disable /var/www
Disable /tmp/.X11-unix
Disable /sys/fs
Disable /sys/module
Disable /mnt
Disable /media
Disable /run/mount
disable pulseaudio
Current directory: /home/nicovs
DISPLAY is not set
Install protocol filter: unix,inet,inet6
configuring 14 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol (null)
Dropping all capabilities
Drop privileges: pid 129, uid 1000, gid 1001, nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 15 01 00 00000029   jeq socket 0006 (false 0005)
 0005: 06 00 00 7fff0000   ret ALLOW
 0006: 20 00 00 00000010   ld  data.args[0]
 0007: 15 00 01 00000001   jeq 1 0008 (false 0009)
 0008: 06 00 00 7fff0000   ret ALLOW
 0009: 15 00 01 00000002   jeq 2 000a (false 000b)
 000a: 06 00 00 7fff0000   ret ALLOW
 000b: 15 00 01 0000000a   jeq a 000c (false 000d)
 000c: 06 00 00 7fff0000   ret ALLOW
 000d: 06 00 00 0005005f   ret ERRNO(95)
configuring 54 seccomp entries in /run/firejail/mnt/seccomp/seccomp.32
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.32 (null)
Dropping all capabilities
Drop privileges: pid 130, uid 1000, gid 1001, nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 40000003   jeq ARCH_32 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 15 30 00 00000015   jeq 15 0035 (false 0005)
 0005: 15 2f 00 00000034   jeq 34 0035 (false 0006)
 0006: 15 2e 00 0000001a   jeq 1a 0035 (false 0007)
 0007: 15 2d 00 0000011b   jeq 11b 0035 (false 0008)
 0008: 15 2c 00 00000155   jeq 155 0035 (false 0009)
 0009: 15 2b 00 00000156   jeq 156 0035 (false 000a)
 000a: 15 2a 00 0000007f   jeq 7f 0035 (false 000b)
 000b: 15 29 00 00000080   jeq 80 0035 (false 000c)
 000c: 15 28 00 0000015e   jeq 15e 0035 (false 000d)
 000d: 15 27 00 00000081   jeq 81 0035 (false 000e)
 000e: 15 26 00 0000006e   jeq 6e 0035 (false 000f)
 000f: 15 25 00 00000065   jeq 65 0035 (false 0010)
 0010: 15 24 00 00000121   jeq 121 0035 (false 0011)
 0011: 15 23 00 00000057   jeq 57 0035 (false 0012)
 0012: 15 22 00 00000073   jeq 73 0035 (false 0013)
 0013: 15 21 00 00000067   jeq 67 0035 (false 0014)
 0014: 15 20 00 0000015b   jeq 15b 0035 (false 0015)
 0015: 15 1f 00 0000015c   jeq 15c 0035 (false 0016)
 0016: 15 1e 00 00000087   jeq 87 0035 (false 0017)
 0017: 15 1d 00 00000095   jeq 95 0035 (false 0018)
 0018: 15 1c 00 0000007c   jeq 7c 0035 (false 0019)
 0019: 15 1b 00 00000157   jeq 157 0035 (false 001a)
 001a: 15 1a 00 000000fd   jeq fd 0035 (false 001b)
 001b: 15 19 00 00000150   jeq 150 0035 (false 001c)
 001c: 15 18 00 00000152   jeq 152 0035 (false 001d)
 001d: 15 17 00 0000015d   jeq 15d 0035 (false 001e)
 001e: 15 16 00 0000011e   jeq 11e 0035 (false 001f)
 001f: 15 15 00 0000011f   jeq 11f 0035 (false 0020)
 0020: 15 14 00 00000120   jeq 120 0035 (false 0021)
 0021: 15 13 00 00000056   jeq 56 0035 (false 0022)
 0022: 15 12 00 00000033   jeq 33 0035 (false 0023)
 0023: 15 11 00 0000007b   jeq 7b 0035 (false 0024)
 0024: 15 10 00 000000d9   jeq d9 0035 (false 0025)
 0025: 15 0f 00 000000f5   jeq f5 0035 (false 0026)
 0026: 15 0e 00 000000f6   jeq f6 0035 (false 0027)
 0027: 15 0d 00 000000f7   jeq f7 0035 (false 0028)
 0028: 15 0c 00 000000f8   jeq f8 0035 (false 0029)
 0029: 15 0b 00 000000f9   jeq f9 0035 (false 002a)
 002a: 15 0a 00 00000101   jeq 101 0035 (false 002b)
 002b: 15 09 00 00000112   jeq 112 0035 (false 002c)
 002c: 15 08 00 00000114   jeq 114 0035 (false 002d)
 002d: 15 07 00 00000126   jeq 126 0035 (false 002e)
 002e: 15 06 00 0000013d   jeq 13d 0035 (false 002f)
 002f: 15 05 00 0000013c   jeq 13c 0035 (false 0030)
 0030: 15 04 00 0000003d   jeq 3d 0035 (false 0031)
 0031: 15 03 00 00000058   jeq 58 0035 (false 0032)
 0032: 15 02 00 000000a9   jeq a9 0035 (false 0033)
 0033: 15 01 00 00000082   jeq 82 0035 (false 0034)
 0034: 06 00 00 7fff0000   ret ALLOW
 0035: 06 00 00 00000000   ret KILL
Dual 32/64 bit seccomp filter configured
configuring 72 seccomp entries in /run/firejail/mnt/seccomp/seccomp
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp (null)
Dropping all capabilities
Drop privileges: pid 131, uid 1000, gid 1001, nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 35 01 00 40000000   jge X32_ABI 0006 (false 0005)
 0005: 35 01 00 00000000   jge read 0007 (false 0006)
 0006: 06 00 00 00050001   ret ERRNO(1)
 0007: 15 3f 00 0000009f   jeq adjtimex 0047 (false 0008)
 0008: 15 3e 00 00000131   jeq clock_adjtime 0047 (false 0009)
 0009: 15 3d 00 000000e3   jeq clock_settime 0047 (false 000a)
 000a: 15 3c 00 000000a4   jeq settimeofday 0047 (false 000b)
 000b: 15 3b 00 0000009a   jeq modify_ldt 0047 (false 000c)
 000c: 15 3a 00 000000d4   jeq lookup_dcookie 0047 (false 000d)
 000d: 15 39 00 0000012a   jeq perf_event_open 0047 (false 000e)
 000e: 15 38 00 00000137   jeq process_vm_writev 0047 (false 000f)
 000f: 15 37 00 000000b0   jeq delete_module 0047 (false 0010)
 0010: 15 36 00 00000139   jeq finit_module 0047 (false 0011)
 0011: 15 35 00 000000af   jeq init_module 0047 (false 0012)
 0012: 15 34 00 0000009c   jeq _sysctl 0047 (false 0013)
 0013: 15 33 00 000000b7   jeq afs_syscall 0047 (false 0014)
 0014: 15 32 00 000000ae   jeq create_module 0047 (false 0015)
 0015: 15 31 00 000000b1   jeq get_kernel_syms 0047 (false 0016)
 0016: 15 30 00 000000b5   jeq getpmsg 0047 (false 0017)
 0017: 15 2f 00 000000b6   jeq putpmsg 0047 (false 0018)
 0018: 15 2e 00 000000b2   jeq query_module 0047 (false 0019)
 0019: 15 2d 00 000000b9   jeq security 0047 (false 001a)
 001a: 15 2c 00 0000008b   jeq sysfs 0047 (false 001b)
 001b: 15 2b 00 000000b8   jeq tuxcall 0047 (false 001c)
 001c: 15 2a 00 00000086   jeq uselib 0047 (false 001d)
 001d: 15 29 00 00000088   jeq ustat 0047 (false 001e)
 001e: 15 28 00 000000ec   jeq vserver 0047 (false 001f)
 001f: 15 27 00 000000ad   jeq ioperm 0047 (false 0020)
 0020: 15 26 00 000000ac   jeq iopl 0047 (false 0021)
 0021: 15 25 00 000000f6   jeq kexec_load 0047 (false 0022)
 0022: 15 24 00 00000140   jeq kexec_file_load 0047 (false 0023)
 0023: 15 23 00 000000a9   jeq reboot 0047 (false 0024)
 0024: 15 22 00 000000a7   jeq swapon 0047 (false 0025)
 0025: 15 21 00 000000a8   jeq swapoff 0047 (false 0026)
 0026: 15 20 00 00000130   jeq open_by_handle_at 0047 (false 0027)
 0027: 15 1f 00 0000012f   jeq name_to_handle_at 0047 (false 0028)
 0028: 15 1e 00 000000fb   jeq ioprio_set 0047 (false 0029)
 0029: 15 1d 00 00000067   jeq syslog 0047 (false 002a)
 002a: 15 1c 00 0000012c   jeq fanotify_init 0047 (false 002b)
 002b: 15 1b 00 00000138   jeq kcmp 0047 (false 002c)
 002c: 15 1a 00 000000f8   jeq add_key 0047 (false 002d)
 002d: 15 19 00 000000f9   jeq request_key 0047 (false 002e)
 002e: 15 18 00 000000ed   jeq mbind 0047 (false 002f)
 002f: 15 17 00 00000100   jeq migrate_pages 0047 (false 0030)
 0030: 15 16 00 00000117   jeq move_pages 0047 (false 0031)
 0031: 15 15 00 000000fa   jeq keyctl 0047 (false 0032)
 0032: 15 14 00 000000ce   jeq io_setup 0047 (false 0033)
 0033: 15 13 00 000000cf   jeq io_destroy 0047 (false 0034)
 0034: 15 12 00 000000d0   jeq io_getevents 0047 (false 0035)
 0035: 15 11 00 000000d1   jeq io_submit 0047 (false 0036)
 0036: 15 10 00 000000d2   jeq io_cancel 0047 (false 0037)
 0037: 15 0f 00 000000d8   jeq remap_file_pages 0047 (false 0038)
 0038: 15 0e 00 00000143   jeq userfaultfd 0047 (false 0039)
 0039: 15 0d 00 000000a3   jeq acct 0047 (false 003a)
 003a: 15 0c 00 00000141   jeq bpf 0047 (false 003b)
 003b: 15 0b 00 000000a1   jeq chroot 0047 (false 003c)
 003c: 15 0a 00 000000a5   jeq mount 0047 (false 003d)
 003d: 15 09 00 000000b4   jeq nfsservctl 0047 (false 003e)
 003e: 15 08 00 0000009b   jeq pivot_root 0047 (false 003f)
 003f: 15 07 00 000000ab   jeq setdomainname 0047 (false 0040)
 0040: 15 06 00 000000aa   jeq sethostname 0047 (false 0041)
 0041: 15 05 00 000000a6   jeq umount2 0047 (false 0042)
 0042: 15 04 00 00000099   jeq vhangup 0047 (false 0043)
 0043: 15 03 00 00000065   jeq ptrace 0047 (false 0044)
 0044: 15 02 00 00000087   jeq personality 0047 (false 0045)
 0045: 15 01 00 00000136   jeq process_vm_readv 0047 (false 0046)
 0046: 06 00 00 7fff0000   ret ALLOW
 0047: 06 00 01 00000000   ret KILL
seccomp filter configured
Mounting read-only /run/firejail/mnt/seccomp
Dropping all capabilities
noroot user namespace installed
Dropping all capabilities
NO_NEW_PRIVS set
Drop privileges: pid 1, uid 1000, gid 1001, nogroups 1
No supplementary groups
starting application
LD_PRELOAD=(null)
Running '/bin/bash' '--login'  command through /bin/bash
execvp argument 0: /bin/bash
execvp argument 1: -c
execvp argument 2: --
execvp argument 3: '/bin/bash' '--login'
Installing /run/firejail/mnt/seccomp/seccomp seccomp filter
Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter
Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter
monitoring pid 132
Originally created by @nicovs on GitHub (Oct 21, 2020). Original GitHub issue: https://github.com/netblue30/firejail/issues/3684 **Bug and expected behavior** - When trying to deploy a website with Capistrano (over SSH) to a firejailed user on a server, we get the following errors in 1 out of 2 deploys... meaning: it sometimes works, sometimes we get this error ``` 33 mkdir -p /srv/domain.be/wwwroot/shared/files/MediaLibrary 33 Access error: uid 1142, last mount name:/tmp/autoUcRmB3 dir:/tmp/autoeVtaBv type:ext4 - invalid read-only mount 33 Error: proc 10903 cannot sync with peer: unexpected EOF 33 Peer 10959 unexpectedly exited with status 1 ``` or ``` 07 rm -rf /srv/domain.be/wwwroot/releases/20201021105308/src/Frontend/Files/Blog 07 Access error: uid 1142, last mount name:/tmp/autog7Gqza dir:/tmp/autoWQoum0 type:ext4 - invalid read-write mount 07 Error: proc 7634 cannot sync with peer: unexpected EOF 07 Peer 7649 unexpectedly exited with status 1 ``` or ``` 35 rm -rf /srv/domain.be/wwwroot/releases/20201021105643/src/Frontend/Files/MediaLibrary 35 Access error: uid 1142, last mount name:/ dir:/srv/domain.be type:zfs - invalid whitelist mount 35 Error: proc 66445 cannot sync with peer: unexpected EOF 35 Peer 66446 unexpectedly exited with status 1 ``` So it's seems like it's always doing this on different steps, as if the SSH connection drops or something. **Reproduce** The profile i'm using: ```$ cat /etc/firejail/shared_ssh_jail.profile include /etc/firejail/ssh.local include /etc/firejail/vim.profile include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-common.inc include /etc/firejail/ssh.local blacklist /data* blacklist /etc/php/*/fpm blacklist /tmp/.X11-unix blacklist /tmp/sess_* blacklist /usr/libexec/netdata* blacklist /usr/local/sanoid* blacklist /usr/local/src* blacklist /usr/share/man blacklist /var/lib/varnish blacklist /var/run/acme blacklist /var/run/apache2 blacklist /var/run/fail2ban blacklist /var/run/haproxy* blacklist /var/run/incrond* blacklist /var/run/netdata blacklist /var/run/newrelic blacklist /var/run/php blacklist /var/run/reboot-required* blacklist /var/run/redis blacklist /var/spool/postfix blacklist /var/www private-bin awk,basename,bash,cat,chmod,chown,clear,composer,cp,crontab,curl,cwebp,date,df,dig,dir,dircolors,dirname,drush,du,dwebp,echo,egrep,env,fgrep,find,getfacl,gif2webp,git,git-core,grep,groups,gunzip,gzip,head,host,img2webp,less,ln,ls,mesg,mkdir,mktemp,more,mv,mysql,mysql_backup,mysqldump,nano,nice,node,nodejs,npm,openssl,php,php?.?,python,python3,readlink,redis-cli,rm,rmdir,rsync,sed,setfacl,sh,sort,ssh,ssh-add,ssh-agent,ssh-keygen,tail,tar,tee,test,touch,tr,uname,uniq,unlink,unzip,varnishadm,vdir,vi,vim,vim.basic,vim.tiny,vwebp,wc,wget,which,whoami,wkhtmltopdf,wp,xargs,zcat,zip,zless private-etc alternatives,crontab,fonts,group,hostname,localtime,nsswitch.conf,passwd,php,resolv.conf,services,ssl private-dev private-opt ls # Miscellaneous options quiet caps.drop all disable-mnt netfilter nodvd nogroups nonewprivs noroot nosound notv writable-run-user ``` login.users: ```domain.be:--profile=/etc/firejail/shared_ssh_jail.profile --whitelist=/srv/domain.be --x11=none --rmenv=PROMPT_COMMAND --shell=/bin/bash -- /bin/bash --login``` **Environment** ```[01:22 PM]-[nicovs@cs-one-apache07]-[~] $ cat /etc/os-release NAME="Ubuntu" VERSION="18.04.5 LTS (Bionic Beaver)" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu 18.04.5 LTS" VERSION_ID="18.04" HOME_URL="https://www.ubuntu.com/" SUPPORT_URL="https://help.ubuntu.com/" BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" VERSION_CODENAME=bionic UBUNTU_CODENAME=bionic ``` $ firejail --version firejail version 0.9.62.4```` **Additional context** testing firejail --debug of the profile (might of course be different because ``` $ firejail --debug --profile=/etc/firejail/shared_ssh_jail.profile --whitelist=/srv/domain.be --x11=none --rmenv=PROMPT_COMMAND --shell=/bin/bash -- /bin/bash --login Reading profile /etc/firejail/shared_ssh_jail.profile Reading profile /etc/firejail/ssh.local Reading profile /etc/firejail/vim.profile Found allow-common-devel.inc profile in /etc/firejail directory Reading profile /etc/firejail/allow-common-devel.inc Found disable-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-common.inc Found disable-common.local profile in /etc/firejail directory Reading profile /etc/firejail/disable-common.local Found disable-passwdmgr.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-passwdmgr.inc Found disable-programs.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-programs.inc Warning: networking feature is disabled in Firejail configuration file Reading profile /etc/firejail/disable-passwdmgr.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-common.inc Found disable-common.local profile in /etc/firejail directory Reading profile /etc/firejail/disable-common.local Reading profile /etc/firejail/ssh.local Building quoted command line: '/bin/bash' '--login' Command name #bash# DISPLAY is not set Using the local network stack Initializing child process Host network configured PID namespace installed Mounting tmpfs on /run/firejail/mnt directory Creating empty /run/firejail/mnt/seccomp directory Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file Build protocol filter: unix,inet,inet6 sbox run: /run/firejail/lib/fseccomp protocol build unix,inet,inet6 /run/firejail/mnt/seccomp/seccomp.protocol (null) Dropping all capabilities Drop privileges: pid 2, uid 1000, gid 1001, nogroups 1 No supplementary groups Mounting /proc filesystem representing the PID namespace Basic read-only filesystem: Mounting read-only /etc Mounting noexec /etc Mounting read-only /var Mounting noexec /var Mounting read-only /bin Mounting read-only /sbin Mounting read-only /lib Mounting read-only /lib64 Mounting read-only /lib32 Mounting read-only /usr Mounting tmpfs on /var/lock Mounting tmpfs on /var/tmp Mounting tmpfs on /var/log Mounting tmpfs on /var/lib/dhcp Mounting tmpfs on /var/lib/snmp Mounting tmpfs on /var/lib/sudo Mounting tmpfs on /var/cache/apache2 Create the new utmp file Mount the new utmp file Cleaning /home directory Cleaning /run/user directory Sanitizing /etc/passwd, UID_MIN 1000 Sanitizing /etc/group, GID_MIN 1000 Disable /run/firejail/network Disable /run/firejail/bandwidth Disable /run/firejail/name Disable /run/firejail/profile Disable /run/firejail/x11 Mounting tmpfs on /dev mounting /run/firejail/mnt/dev/dri directory Process /dev/shm directory Copying files in the new /etc directory: copying /etc/alternatives to private /etc Creating empty /run/firejail/mnt/etc/alternatives directory sbox run: /run/firejail/lib/fcopy /etc/alternatives /run/firejail/mnt/etc/alternatives (null) copying /etc/crontab to private /etc sbox run: /run/firejail/lib/fcopy /etc/crontab /run/firejail/mnt/etc (null) copying /etc/fonts to private /etc Creating empty /run/firejail/mnt/etc/fonts directory sbox run: /run/firejail/lib/fcopy /etc/fonts /run/firejail/mnt/etc/fonts (null) copying /etc/group to private /etc sbox run: /run/firejail/lib/fcopy /etc/group /run/firejail/mnt/etc (null) copying /etc/hostname to private /etc sbox run: /run/firejail/lib/fcopy /etc/hostname /run/firejail/mnt/etc (null) copying /etc/localtime to private /etc sbox run: /run/firejail/lib/fcopy /etc/localtime /run/firejail/mnt/etc (null) copying /etc/nsswitch.conf to private /etc sbox run: /run/firejail/lib/fcopy /etc/nsswitch.conf /run/firejail/mnt/etc (null) copying /etc/passwd to private /etc sbox run: /run/firejail/lib/fcopy /etc/passwd /run/firejail/mnt/etc (null) copying /etc/php to private /etc Creating empty /run/firejail/mnt/etc/php directory sbox run: /run/firejail/lib/fcopy /etc/php /run/firejail/mnt/etc/php (null) copying /etc/resolv.conf to private /etc sbox run: /run/firejail/lib/fcopy /etc/resolv.conf /run/firejail/mnt/etc (null) copying /etc/services to private /etc sbox run: /run/firejail/lib/fcopy /etc/services /run/firejail/mnt/etc (null) copying /etc/ssl to private /etc Creating empty /run/firejail/mnt/etc/ssl directory sbox run: /run/firejail/lib/fcopy /etc/ssl /run/firejail/mnt/etc/ssl (null) Mount-bind /run/firejail/mnt/etc on top of /etc Copying files in the new /opt directory: Mount-bind /run/firejail/mnt/opt on top of /opt Copying files in the new bin directory Checking /usr/local/bin/awk Checking /usr/bin/awk sbox run: /run/firejail/lib/fcopy /usr/bin/gawk /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/awk /run/firejail/mnt/bin (null) Checking /usr/local/bin/basename Checking /usr/bin/basename sbox run: /run/firejail/lib/fcopy /usr/bin/basename /run/firejail/mnt/bin (null) Checking /usr/local/bin/bash Checking /usr/bin/bash Checking /bin/bash sbox run: /run/firejail/lib/fcopy /bin/bash /run/firejail/mnt/bin (null) Checking /usr/local/bin/cat Checking /usr/bin/cat Checking /bin/cat sbox run: /run/firejail/lib/fcopy /bin/cat /run/firejail/mnt/bin (null) Checking /usr/local/bin/chmod Checking /usr/bin/chmod Checking /bin/chmod sbox run: /run/firejail/lib/fcopy /bin/chmod /run/firejail/mnt/bin (null) Checking /usr/local/bin/chown Checking /usr/bin/chown Checking /bin/chown sbox run: /run/firejail/lib/fcopy /bin/chown /run/firejail/mnt/bin (null) Checking /usr/local/bin/clear Checking /usr/bin/clear sbox run: /run/firejail/lib/fcopy /usr/bin/clear /run/firejail/mnt/bin (null) Checking /usr/local/bin/composer sbox run: /run/firejail/lib/fcopy /usr/local/bin/composer /run/firejail/mnt/bin (null) Checking /usr/local/bin/cp Checking /usr/bin/cp Checking /bin/cp sbox run: /run/firejail/lib/fcopy /bin/cp /run/firejail/mnt/bin (null) Checking /usr/local/bin/crontab Checking /usr/bin/crontab sbox run: /run/firejail/lib/fcopy /usr/bin/crontab /run/firejail/mnt/bin (null) Checking /usr/local/bin/curl Checking /usr/bin/curl sbox run: /run/firejail/lib/fcopy /usr/bin/curl /run/firejail/mnt/bin (null) Checking /usr/local/bin/cwebp Checking /usr/bin/cwebp sbox run: /run/firejail/lib/fcopy /usr/bin/cwebp /run/firejail/mnt/bin (null) Checking /usr/local/bin/date Checking /usr/bin/date Checking /bin/date sbox run: /run/firejail/lib/fcopy /bin/date /run/firejail/mnt/bin (null) Checking /usr/local/bin/df Checking /usr/bin/df Checking /bin/df sbox run: /run/firejail/lib/fcopy /bin/df /run/firejail/mnt/bin (null) Checking /usr/local/bin/dig Checking /usr/bin/dig sbox run: /run/firejail/lib/fcopy /usr/bin/dig /run/firejail/mnt/bin (null) Checking /usr/local/bin/dir Checking /usr/bin/dir Checking /bin/dir sbox run: /run/firejail/lib/fcopy /bin/dir /run/firejail/mnt/bin (null) Checking /usr/local/bin/dircolors Checking /usr/bin/dircolors sbox run: /run/firejail/lib/fcopy /usr/bin/dircolors /run/firejail/mnt/bin (null) Checking /usr/local/bin/dirname Checking /usr/bin/dirname sbox run: /run/firejail/lib/fcopy /usr/bin/dirname /run/firejail/mnt/bin (null) Checking /usr/local/bin/drush sbox run: /run/firejail/lib/fcopy /usr/local/bin/drush /run/firejail/mnt/bin (null) Checking /usr/local/bin/du Checking /usr/bin/du sbox run: /run/firejail/lib/fcopy /usr/bin/du /run/firejail/mnt/bin (null) Checking /usr/local/bin/dwebp Checking /usr/bin/dwebp sbox run: /run/firejail/lib/fcopy /usr/bin/dwebp /run/firejail/mnt/bin (null) Checking /usr/local/bin/echo Checking /usr/bin/echo Checking /bin/echo sbox run: /run/firejail/lib/fcopy /bin/echo /run/firejail/mnt/bin (null) Checking /usr/local/bin/egrep Checking /usr/bin/egrep Checking /bin/egrep sbox run: /run/firejail/lib/fcopy /bin/egrep /run/firejail/mnt/bin (null) Checking /usr/local/bin/env Checking /usr/bin/env sbox run: /run/firejail/lib/fcopy /usr/bin/env /run/firejail/mnt/bin (null) Checking /usr/local/bin/fgrep Checking /usr/bin/fgrep Checking /bin/fgrep sbox run: /run/firejail/lib/fcopy /bin/fgrep /run/firejail/mnt/bin (null) Checking /usr/local/bin/find Checking /usr/bin/find sbox run: /run/firejail/lib/fcopy /usr/bin/find /run/firejail/mnt/bin (null) Checking /usr/local/bin/getfacl Checking /usr/bin/getfacl sbox run: /run/firejail/lib/fcopy /bin/getfacl /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/getfacl /run/firejail/mnt/bin (null) Checking /usr/local/bin/gif2webp Checking /usr/bin/gif2webp sbox run: /run/firejail/lib/fcopy /usr/bin/gif2webp /run/firejail/mnt/bin (null) Checking /usr/local/bin/git Checking /usr/bin/git sbox run: /run/firejail/lib/fcopy /usr/bin/git /run/firejail/mnt/bin (null) Checking /usr/local/bin/git-core Checking /usr/bin/git-core Checking /bin/git-core Checking /usr/games/git-core Checking /usr/local/games/git-core Checking /usr/local/sbin/git-core Checking /usr/sbin/git-core Checking /sbin/git-core Checking /usr/local/bin/grep Checking /usr/bin/grep Checking /bin/grep sbox run: /run/firejail/lib/fcopy /bin/grep /run/firejail/mnt/bin (null) Checking /usr/local/bin/groups Checking /usr/bin/groups sbox run: /run/firejail/lib/fcopy /usr/bin/groups /run/firejail/mnt/bin (null) Checking /usr/local/bin/gunzip Checking /usr/bin/gunzip Checking /bin/gunzip sbox run: /run/firejail/lib/fcopy /bin/gunzip /run/firejail/mnt/bin (null) Checking /usr/local/bin/gzip Checking /usr/bin/gzip Checking /bin/gzip sbox run: /run/firejail/lib/fcopy /bin/gzip /run/firejail/mnt/bin (null) Checking /usr/local/bin/head Checking /usr/bin/head sbox run: /run/firejail/lib/fcopy /usr/bin/head /run/firejail/mnt/bin (null) Checking /usr/local/bin/host Checking /usr/bin/host sbox run: /run/firejail/lib/fcopy /usr/bin/host /run/firejail/mnt/bin (null) Checking /usr/local/bin/img2webp Checking /usr/bin/img2webp sbox run: /run/firejail/lib/fcopy /usr/bin/img2webp /run/firejail/mnt/bin (null) Checking /usr/local/bin/less Checking /usr/bin/less sbox run: /run/firejail/lib/fcopy /bin/less /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/less /run/firejail/mnt/bin (null) Checking /usr/local/bin/ln Checking /usr/bin/ln Checking /bin/ln sbox run: /run/firejail/lib/fcopy /bin/ln /run/firejail/mnt/bin (null) Checking /usr/local/bin/ls Checking /usr/bin/ls Checking /bin/ls sbox run: /run/firejail/lib/fcopy /bin/ls /run/firejail/mnt/bin (null) Checking /usr/local/bin/mesg Checking /usr/bin/mesg sbox run: /run/firejail/lib/fcopy /usr/bin/mesg /run/firejail/mnt/bin (null) Checking /usr/local/bin/mkdir Checking /usr/bin/mkdir Checking /bin/mkdir sbox run: /run/firejail/lib/fcopy /bin/mkdir /run/firejail/mnt/bin (null) Checking /usr/local/bin/mktemp Checking /usr/bin/mktemp Checking /bin/mktemp sbox run: /run/firejail/lib/fcopy /bin/mktemp /run/firejail/mnt/bin (null) Checking /usr/local/bin/more Checking /usr/bin/more Checking /bin/more sbox run: /run/firejail/lib/fcopy /bin/more /run/firejail/mnt/bin (null) Checking /usr/local/bin/mv Checking /usr/bin/mv Checking /bin/mv sbox run: /run/firejail/lib/fcopy /bin/mv /run/firejail/mnt/bin (null) Checking /usr/local/bin/mysql Checking /usr/bin/mysql sbox run: /run/firejail/lib/fcopy /usr/bin/mysql /run/firejail/mnt/bin (null) Checking /usr/local/bin/mysql_backup sbox run: /run/firejail/lib/fcopy /usr/local/bin/mysql_backup /run/firejail/mnt/bin (null) Checking /usr/local/bin/mysqldump Checking /usr/bin/mysqldump sbox run: /run/firejail/lib/fcopy /usr/bin/mysqldump /run/firejail/mnt/bin (null) Checking /usr/local/bin/nano Checking /usr/bin/nano Checking /bin/nano sbox run: /run/firejail/lib/fcopy /bin/nano /run/firejail/mnt/bin (null) Checking /usr/local/bin/nice Checking /usr/bin/nice sbox run: /run/firejail/lib/fcopy /usr/bin/nice /run/firejail/mnt/bin (null) Checking /usr/local/bin/node Checking /usr/bin/node sbox run: /run/firejail/lib/fcopy /usr/bin/node /run/firejail/mnt/bin (null) Checking /usr/local/bin/nodejs Checking /usr/bin/nodejs sbox run: /run/firejail/lib/fcopy /usr/bin/node /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/nodejs /run/firejail/mnt/bin (null) Checking /usr/local/bin/npm Checking /usr/bin/npm file /usr/lib/node_modules/npm/bin/npm-cli.js not found sbox run: /run/firejail/lib/fcopy /usr/bin/npm /run/firejail/mnt/bin (null) Checking /usr/local/bin/openssl Checking /usr/bin/openssl sbox run: /run/firejail/lib/fcopy /usr/bin/openssl /run/firejail/mnt/bin (null) Checking /usr/local/bin/php Checking /usr/bin/php sbox run: /run/firejail/lib/fcopy /usr/bin/php7.4 /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/php /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/php5.6 /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/php7.1 /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/php7.3 /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/php7.2 /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/php7.4 /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/php7.0 /run/firejail/mnt/bin (null) Checking /usr/local/bin/python Checking /usr/bin/python sbox run: /run/firejail/lib/fcopy /usr/bin/python2.7 /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python /run/firejail/mnt/bin (null) Checking /usr/local/bin/python3 Checking /usr/bin/python3 sbox run: /run/firejail/lib/fcopy /usr/bin/python3.6 /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/python3 /run/firejail/mnt/bin (null) Checking /usr/local/bin/readlink Checking /usr/bin/readlink Checking /bin/readlink sbox run: /run/firejail/lib/fcopy /bin/readlink /run/firejail/mnt/bin (null) Checking /usr/local/bin/redis-cli Checking /usr/bin/redis-cli sbox run: /run/firejail/lib/fcopy /usr/bin/redis-cli /run/firejail/mnt/bin (null) Checking /usr/local/bin/rm Checking /usr/bin/rm Checking /bin/rm sbox run: /run/firejail/lib/fcopy /bin/rm /run/firejail/mnt/bin (null) Checking /usr/local/bin/rmdir Checking /usr/bin/rmdir Checking /bin/rmdir sbox run: /run/firejail/lib/fcopy /bin/rmdir /run/firejail/mnt/bin (null) Checking /usr/local/bin/rsync Checking /usr/bin/rsync sbox run: /run/firejail/lib/fcopy /usr/bin/rsync /run/firejail/mnt/bin (null) Checking /usr/local/bin/sed Checking /usr/bin/sed Checking /bin/sed sbox run: /run/firejail/lib/fcopy /bin/sed /run/firejail/mnt/bin (null) Checking /usr/local/bin/setfacl Checking /usr/bin/setfacl sbox run: /run/firejail/lib/fcopy /bin/setfacl /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/setfacl /run/firejail/mnt/bin (null) Checking /usr/local/bin/sh Checking /usr/bin/sh Checking /bin/sh sbox run: /run/firejail/lib/fcopy /bin/dash /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /bin/sh /run/firejail/mnt/bin (null) Checking /usr/local/bin/sort Checking /usr/bin/sort sbox run: /run/firejail/lib/fcopy /usr/bin/sort /run/firejail/mnt/bin (null) Checking /usr/local/bin/ssh Checking /usr/bin/ssh sbox run: /run/firejail/lib/fcopy /usr/bin/ssh /run/firejail/mnt/bin (null) Checking /usr/local/bin/ssh-add Checking /usr/bin/ssh-add sbox run: /run/firejail/lib/fcopy /usr/bin/ssh-add /run/firejail/mnt/bin (null) Checking /usr/local/bin/ssh-agent Checking /usr/bin/ssh-agent sbox run: /run/firejail/lib/fcopy /usr/bin/ssh-agent /run/firejail/mnt/bin (null) Checking /usr/local/bin/ssh-keygen Checking /usr/bin/ssh-keygen sbox run: /run/firejail/lib/fcopy /usr/bin/ssh-keygen /run/firejail/mnt/bin (null) Checking /usr/local/bin/tail Checking /usr/bin/tail sbox run: /run/firejail/lib/fcopy /usr/bin/tail /run/firejail/mnt/bin (null) Checking /usr/local/bin/tar Checking /usr/bin/tar Checking /bin/tar sbox run: /run/firejail/lib/fcopy /bin/tar /run/firejail/mnt/bin (null) Checking /usr/local/bin/tee Checking /usr/bin/tee sbox run: /run/firejail/lib/fcopy /usr/bin/tee /run/firejail/mnt/bin (null) Checking /usr/local/bin/test Checking /usr/bin/test sbox run: /run/firejail/lib/fcopy /usr/bin/test /run/firejail/mnt/bin (null) Checking /usr/local/bin/touch Checking /usr/bin/touch sbox run: /run/firejail/lib/fcopy /bin/touch /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/touch /run/firejail/mnt/bin (null) Checking /usr/local/bin/tr Checking /usr/bin/tr sbox run: /run/firejail/lib/fcopy /usr/bin/tr /run/firejail/mnt/bin (null) Checking /usr/local/bin/uname Checking /usr/bin/uname Checking /bin/uname sbox run: /run/firejail/lib/fcopy /bin/uname /run/firejail/mnt/bin (null) Checking /usr/local/bin/uniq Checking /usr/bin/uniq sbox run: /run/firejail/lib/fcopy /usr/bin/uniq /run/firejail/mnt/bin (null) Checking /usr/local/bin/unlink Checking /usr/bin/unlink sbox run: /run/firejail/lib/fcopy /usr/bin/unlink /run/firejail/mnt/bin (null) Checking /usr/local/bin/unzip Checking /usr/bin/unzip sbox run: /run/firejail/lib/fcopy /usr/bin/unzip /run/firejail/mnt/bin (null) Checking /usr/local/bin/varnishadm Checking /usr/bin/varnishadm sbox run: /run/firejail/lib/fcopy /usr/bin/varnishadm /run/firejail/mnt/bin (null) Checking /usr/local/bin/vdir Checking /usr/bin/vdir Checking /bin/vdir sbox run: /run/firejail/lib/fcopy /bin/vdir /run/firejail/mnt/bin (null) Checking /usr/local/bin/vi Checking /usr/bin/vi sbox run: /run/firejail/lib/fcopy /usr/bin/vim.basic /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/vi /run/firejail/mnt/bin (null) Checking /usr/local/bin/vim Checking /usr/bin/vim sbox run: /run/firejail/lib/fcopy /usr/bin/vim.basic /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/vim /run/firejail/mnt/bin (null) Checking /usr/local/bin/vim.basic Checking /usr/bin/vim.basic sbox run: /run/firejail/lib/fcopy /usr/bin/vim.basic /run/firejail/mnt/bin (null) Checking /usr/local/bin/vim.tiny Checking /usr/bin/vim.tiny sbox run: /run/firejail/lib/fcopy /usr/bin/vim.tiny /run/firejail/mnt/bin (null) Checking /usr/local/bin/vwebp Checking /usr/bin/vwebp sbox run: /run/firejail/lib/fcopy /usr/bin/vwebp /run/firejail/mnt/bin (null) Checking /usr/local/bin/wc Checking /usr/bin/wc sbox run: /run/firejail/lib/fcopy /usr/bin/wc /run/firejail/mnt/bin (null) Checking /usr/local/bin/wget Checking /usr/bin/wget sbox run: /run/firejail/lib/fcopy /usr/bin/wget /run/firejail/mnt/bin (null) Checking /usr/local/bin/which Checking /usr/bin/which sbox run: /run/firejail/lib/fcopy /bin/which /run/firejail/mnt/bin (null) sbox run: /run/firejail/lib/fcopy /usr/bin/which /run/firejail/mnt/bin (null) Checking /usr/local/bin/whoami Checking /usr/bin/whoami sbox run: /run/firejail/lib/fcopy /usr/bin/whoami /run/firejail/mnt/bin (null) Checking /usr/local/bin/wkhtmltopdf sbox run: /run/firejail/lib/fcopy /usr/local/bin/wkhtmltopdf /run/firejail/mnt/bin (null) Checking /usr/local/bin/wp sbox run: /run/firejail/lib/fcopy /usr/local/bin/wp /run/firejail/mnt/bin (null) Checking /usr/local/bin/xargs Checking /usr/bin/xargs sbox run: /run/firejail/lib/fcopy /usr/bin/xargs /run/firejail/mnt/bin (null) Checking /usr/local/bin/zcat Checking /usr/bin/zcat Checking /bin/zcat sbox run: /run/firejail/lib/fcopy /bin/zcat /run/firejail/mnt/bin (null) Checking /usr/local/bin/zip Checking /usr/bin/zip Checking /bin/zip Checking /usr/games/zip Checking /usr/local/games/zip Checking /usr/local/sbin/zip Checking /usr/sbin/zip Checking /sbin/zip Checking /usr/local/bin/zless Checking /usr/bin/zless Checking /bin/zless sbox run: /run/firejail/lib/fcopy /bin/zless /run/firejail/mnt/bin (null) Mount-bind /run/firejail/mnt/bin on top of /usr/local/bin Mount-bind /run/firejail/mnt/bin on top of /usr/bin Mount-bind /run/firejail/mnt/bin on top of /bin Mount-bind /run/firejail/mnt/bin on top of /usr/games Mount-bind /run/firejail/mnt/bin on top of /usr/local/games Mount-bind /run/firejail/mnt/bin on top of /usr/local/sbin Mount-bind /run/firejail/mnt/bin on top of /usr/sbin Mount-bind /run/firejail/mnt/bin on top of /sbin Mounting read-only /proc/sys Remounting /sys directory Disable /sys/firmware Disable /sys/hypervisor Disable /sys/power Disable /sys/kernel/debug Disable /sys/kernel/vmcoreinfo Disable /sys/kernel/uevent_helper Disable /proc/sys/fs/binfmt_misc Disable /proc/sys/kernel/core_pattern Disable /proc/sys/kernel/modprobe Disable /proc/sysrq-trigger Disable /proc/sys/kernel/hotplug Disable /proc/sys/vm/panic_on_oom Disable /proc/irq Disable /proc/bus Disable /proc/sched_debug Disable /proc/timer_list Disable /proc/kcore Disable /proc/kallsyms Disable /lib/modules Disable /boot Disable /proc/kmsg Debug 423: new_name #/srv/domain.be#, whitelist Mounting tmpfs on /srv directory Whitelisting /srv/domain.be 7160 7159 0:295 / /srv/domain.be rw master:2632 - zfs data/vhosts/domain.be rw,xattr,noacl mountid=7160 fsname=/ dir=/srv/domain.be fstype=zfs Not blacklist /home/nicovs/.zsh_history Not blacklist /home/nicovs/.python-history Not blacklist /home/nicovs/.python_history Not blacklist /home/nicovs/.pythonhist Disable /home/nicovs/.lesshst Not blacklist /home/nicovs/.viminfo Disable /var/lib/systemd Disable /var/cache/apt Disable /var/lib/apt Disable /var/lib/dkms Disable /var/mail Disable /var/opt Disable /run/acpid.socket (requested /var/run/acpid.socket) Disable /run/rpcbind.sock (requested /var/run/rpcbind.sock) Not blacklist /var/spool/cron Disable /var/mail (requested /var/spool/mail) Disable /etc/crontab Mounting read-only /home/nicovs/.bash_aliases 7173 6910 252:1 /home/nicovs/.bash_aliases /home/nicovs/.bash_aliases ro,relatime master:1 - ext4 /dev/vda1 rw,errors=remount-ro,stripe=4096 mountid=7173 fsname=/home/nicovs/.bash_aliases dir=/home/nicovs/.bash_aliases fstype=ext4 Mounting read-only /home/nicovs/.bash_logout 7174 6910 252:1 /home/nicovs/.bash_logout /home/nicovs/.bash_logout ro,relatime master:1 - ext4 /dev/vda1 rw,errors=remount-ro,stripe=4096 mountid=7174 fsname=/home/nicovs/.bash_logout dir=/home/nicovs/.bash_logout fstype=ext4 Mounting read-only /home/nicovs/.bashrc 7175 6910 252:1 /home/nicovs/.bashrc /home/nicovs/.bashrc ro,relatime master:1 - ext4 /dev/vda1 rw,errors=remount-ro,stripe=4096 mountid=7175 fsname=/home/nicovs/.bashrc dir=/home/nicovs/.bashrc fstype=ext4 Mounting read-only /home/nicovs/.profile 7176 6910 252:1 /home/nicovs/.profile /home/nicovs/.profile ro,relatime master:1 - ext4 /dev/vda1 rw,errors=remount-ro,stripe=4096 mountid=7176 fsname=/home/nicovs/.profile dir=/home/nicovs/.profile fstype=ext4 Mounting read-only /home/nicovs/.zshrc 7177 6910 252:1 /home/nicovs/.zshrc /home/nicovs/.zshrc ro,relatime master:1 - ext4 /dev/vda1 rw,errors=remount-ro,stripe=4096 mountid=7177 fsname=/home/nicovs/.zshrc dir=/home/nicovs/.zshrc fstype=ext4 Mounting read-only /home/nicovs/.ssh/authorized_keys 7178 6910 252:1 /home/nicovs/.ssh/authorized_keys /home/nicovs/.ssh/authorized_keys ro,relatime master:1 - ext4 /dev/vda1 rw,errors=remount-ro,stripe=4096 mountid=7178 fsname=/home/nicovs/.ssh/authorized_keys dir=/home/nicovs/.ssh/authorized_keys fstype=ext4 Mounting read-only /home/nicovs/.vim 7179 6910 252:1 /home/nicovs/.vim /home/nicovs/.vim ro,relatime master:1 - ext4 /dev/vda1 rw,errors=remount-ro,stripe=4096 mountid=7179 fsname=/home/nicovs/.vim dir=/home/nicovs/.vim fstype=ext4 Mounting read-only /home/nicovs/.viminfo 7180 6910 252:1 /home/nicovs/.viminfo /home/nicovs/.viminfo ro,relatime master:1 - ext4 /dev/vda1 rw,errors=remount-ro,stripe=4096 mountid=7180 fsname=/home/nicovs/.viminfo dir=/home/nicovs/.viminfo fstype=ext4 Mounting read-only /home/nicovs/.vimrc 7181 6910 252:1 /home/nicovs/.vimrc /home/nicovs/.vimrc ro,relatime master:1 - ext4 /dev/vda1 rw,errors=remount-ro,stripe=4096 mountid=7181 fsname=/home/nicovs/.vimrc dir=/home/nicovs/.vimrc fstype=ext4 Not blacklist /home/nicovs/.git-credentials Disable /home/nicovs/.gnupg Not blacklist /home/nicovs/.ssh Not blacklist /etc/ssh Disable /sbin Disable /usr/local/sbin Disable /usr/sbin Not blacklist /usr/local/sbin/crontab Not blacklist /usr/local/bin/crontab Not blacklist /usr/sbin/crontab Not blacklist /usr/bin/crontab Not blacklist /sbin/crontab Not blacklist /bin/crontab Not blacklist /usr/games/crontab Not blacklist /usr/local/games/crontab Not blacklist /snap/bin/crontab Not blacklist /home/nicovs/.cargo/registry Not blacklist /home/nicovs/.cargo/config Not blacklist /home/nicovs/.config/git Not blacklist /home/nicovs/.gitconfig Not blacklist /home/nicovs/.gradle Not blacklist /home/nicovs/.java Not blacklist /home/nicovs/.nanorc Not blacklist /home/nicovs/.vim Not blacklist /home/nicovs/.vimrc Disable /home/nicovs/.wget-hsts Not blacklist /tmp/ssh-b93vLnrJTd Not blacklist /home/nicovs/.cargo/registry Not blacklist /home/nicovs/.cargo/config Not blacklist /home/nicovs/.config/git Not blacklist /home/nicovs/.gitconfig Not blacklist /home/nicovs/.gradle Not blacklist /home/nicovs/.java Not blacklist /home/nicovs/.nanorc Not blacklist /home/nicovs/.vim Not blacklist /home/nicovs/.vimrc Disable /home/nicovs/.wget-hsts Not blacklist /tmp/ssh-b93vLnrJTd Mounting read-write /home/nicovs/.ssh/authorized_keys 7188 7178 252:1 /home/nicovs/.ssh/authorized_keys /home/nicovs/.ssh/authorized_keys rw,relatime master:1 - ext4 /dev/vda1 rw,errors=remount-ro,stripe=4096 mountid=7188 fsname=/home/nicovs/.ssh/authorized_keys dir=/home/nicovs/.ssh/authorized_keys fstype=ext4 Mounting read-write /home/nicovs/.vim 7189 7179 252:1 /home/nicovs/.vim /home/nicovs/.vim rw,relatime master:1 - ext4 /dev/vda1 rw,errors=remount-ro,stripe=4096 mountid=7189 fsname=/home/nicovs/.vim dir=/home/nicovs/.vim fstype=ext4 Mounting read-write /home/nicovs/.viminfo 7190 7180 252:1 /home/nicovs/.viminfo /home/nicovs/.viminfo rw,relatime master:1 - ext4 /dev/vda1 rw,errors=remount-ro,stripe=4096 mountid=7190 fsname=/home/nicovs/.viminfo dir=/home/nicovs/.viminfo fstype=ext4 Mounting read-write /home/nicovs/.vimrc 7191 7181 252:1 /home/nicovs/.vimrc /home/nicovs/.vimrc rw,relatime master:1 - ext4 /dev/vda1 rw,errors=remount-ro,stripe=4096 mountid=7191 fsname=/home/nicovs/.vimrc dir=/home/nicovs/.vimrc fstype=ext4 Not blacklist /home/nicovs/.zsh_history Not blacklist /home/nicovs/.python-history Not blacklist /home/nicovs/.python_history Not blacklist /home/nicovs/.pythonhist Disable /home/nicovs/.lesshst Not blacklist /home/nicovs/.viminfo Disable /var/lib/systemd Disable /var/cache/apt Disable /var/lib/apt Disable /var/lib/dkms Disable /var/mail Disable /var/opt Disable /run/acpid.socket (requested /var/run/acpid.socket) Disable /run/rpcbind.sock (requested /var/run/rpcbind.sock) Not blacklist /var/spool/cron Disable /var/mail (requested /var/spool/mail) Disable /etc/crontab Mounting read-only /home/nicovs/.ssh/authorized_keys 7203 7188 252:1 /home/nicovs/.ssh/authorized_keys /home/nicovs/.ssh/authorized_keys ro,relatime master:1 - ext4 /dev/vda1 rw,errors=remount-ro,stripe=4096 mountid=7203 fsname=/home/nicovs/.ssh/authorized_keys dir=/home/nicovs/.ssh/authorized_keys fstype=ext4 Mounting read-only /home/nicovs/.vim 7204 7189 252:1 /home/nicovs/.vim /home/nicovs/.vim ro,relatime master:1 - ext4 /dev/vda1 rw,errors=remount-ro,stripe=4096 mountid=7204 fsname=/home/nicovs/.vim dir=/home/nicovs/.vim fstype=ext4 Mounting read-only /home/nicovs/.viminfo 7205 7190 252:1 /home/nicovs/.viminfo /home/nicovs/.viminfo ro,relatime master:1 - ext4 /dev/vda1 rw,errors=remount-ro,stripe=4096 mountid=7205 fsname=/home/nicovs/.viminfo dir=/home/nicovs/.viminfo fstype=ext4 Mounting read-only /home/nicovs/.vimrc 7206 7191 252:1 /home/nicovs/.vimrc /home/nicovs/.vimrc ro,relatime master:1 - ext4 /dev/vda1 rw,errors=remount-ro,stripe=4096 mountid=7206 fsname=/home/nicovs/.vimrc dir=/home/nicovs/.vimrc fstype=ext4 Not blacklist /home/nicovs/.git-credentials Disable /home/nicovs/.gnupg Not blacklist /home/nicovs/.ssh Not blacklist /etc/ssh Disable /sbin Disable /usr/local/sbin Disable /usr/sbin Not blacklist /usr/local/sbin/crontab Not blacklist /usr/local/bin/crontab Not blacklist /usr/sbin/crontab Not blacklist /usr/bin/crontab Not blacklist /sbin/crontab Not blacklist /bin/crontab Not blacklist /usr/games/crontab Not blacklist /usr/local/games/crontab Not blacklist /snap/bin/crontab Mounting read-write /home/nicovs/.bash_aliases 7211 7173 252:1 /home/nicovs/.bash_aliases /home/nicovs/.bash_aliases rw,relatime master:1 - ext4 /dev/vda1 rw,errors=remount-ro,stripe=4096 mountid=7211 fsname=/home/nicovs/.bash_aliases dir=/home/nicovs/.bash_aliases fstype=ext4 Mounting read-write /home/nicovs/.ssh/authorized_keys 7212 7203 252:1 /home/nicovs/.ssh/authorized_keys /home/nicovs/.ssh/authorized_keys rw,relatime master:1 - ext4 /dev/vda1 rw,errors=remount-ro,stripe=4096 mountid=7212 fsname=/home/nicovs/.ssh/authorized_keys dir=/home/nicovs/.ssh/authorized_keys fstype=ext4 Mounting read-write /home/nicovs/.vim 7213 7204 252:1 /home/nicovs/.vim /home/nicovs/.vim rw,relatime master:1 - ext4 /dev/vda1 rw,errors=remount-ro,stripe=4096 mountid=7213 fsname=/home/nicovs/.vim dir=/home/nicovs/.vim fstype=ext4 Mounting read-write /home/nicovs/.viminfo 7214 7205 252:1 /home/nicovs/.viminfo /home/nicovs/.viminfo rw,relatime master:1 - ext4 /dev/vda1 rw,errors=remount-ro,stripe=4096 mountid=7214 fsname=/home/nicovs/.viminfo dir=/home/nicovs/.viminfo fstype=ext4 Mounting read-write /home/nicovs/.vimrc 7215 7206 252:1 /home/nicovs/.vimrc /home/nicovs/.vimrc rw,relatime master:1 - ext4 /dev/vda1 rw,errors=remount-ro,stripe=4096 mountid=7215 fsname=/home/nicovs/.vimrc dir=/home/nicovs/.vimrc fstype=ext4 Disable /data Disable /etc/php/7.2/fpm Disable /etc/php/7.1/fpm Disable /etc/php/7.0/fpm Disable /etc/php/7.4/fpm Disable /etc/php/7.3/fpm Disable /etc/php/5.6/fpm Disable /tmp/.X11-unix Disable /usr/local/sanoid Disable /usr/local/src Disable /usr/share/man Disable /var/lib/varnish Disable /run/apache2 (requested /var/run/apache2) Disable /run/fail2ban (requested /var/run/fail2ban) Disable /run/haproxy.pid (requested /var/run/haproxy.pid) Disable /run/haproxy (requested /var/run/haproxy) Disable /run/php (requested /var/run/php) Disable /run/redis (requested /var/run/redis) Disable /var/spool/postfix Disable /var/www Disable /tmp/.X11-unix Disable /sys/fs Disable /sys/module Disable /mnt Disable /media Disable /run/mount disable pulseaudio Current directory: /home/nicovs DISPLAY is not set Install protocol filter: unix,inet,inet6 configuring 14 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol (null) Dropping all capabilities Drop privileges: pid 129, uid 1000, gid 1001, nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 15 01 00 00000029 jeq socket 0006 (false 0005) 0005: 06 00 00 7fff0000 ret ALLOW 0006: 20 00 00 00000010 ld data.args[0] 0007: 15 00 01 00000001 jeq 1 0008 (false 0009) 0008: 06 00 00 7fff0000 ret ALLOW 0009: 15 00 01 00000002 jeq 2 000a (false 000b) 000a: 06 00 00 7fff0000 ret ALLOW 000b: 15 00 01 0000000a jeq a 000c (false 000d) 000c: 06 00 00 7fff0000 ret ALLOW 000d: 06 00 00 0005005f ret ERRNO(95) configuring 54 seccomp entries in /run/firejail/mnt/seccomp/seccomp.32 sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.32 (null) Dropping all capabilities Drop privileges: pid 130, uid 1000, gid 1001, nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 40000003 jeq ARCH_32 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 15 30 00 00000015 jeq 15 0035 (false 0005) 0005: 15 2f 00 00000034 jeq 34 0035 (false 0006) 0006: 15 2e 00 0000001a jeq 1a 0035 (false 0007) 0007: 15 2d 00 0000011b jeq 11b 0035 (false 0008) 0008: 15 2c 00 00000155 jeq 155 0035 (false 0009) 0009: 15 2b 00 00000156 jeq 156 0035 (false 000a) 000a: 15 2a 00 0000007f jeq 7f 0035 (false 000b) 000b: 15 29 00 00000080 jeq 80 0035 (false 000c) 000c: 15 28 00 0000015e jeq 15e 0035 (false 000d) 000d: 15 27 00 00000081 jeq 81 0035 (false 000e) 000e: 15 26 00 0000006e jeq 6e 0035 (false 000f) 000f: 15 25 00 00000065 jeq 65 0035 (false 0010) 0010: 15 24 00 00000121 jeq 121 0035 (false 0011) 0011: 15 23 00 00000057 jeq 57 0035 (false 0012) 0012: 15 22 00 00000073 jeq 73 0035 (false 0013) 0013: 15 21 00 00000067 jeq 67 0035 (false 0014) 0014: 15 20 00 0000015b jeq 15b 0035 (false 0015) 0015: 15 1f 00 0000015c jeq 15c 0035 (false 0016) 0016: 15 1e 00 00000087 jeq 87 0035 (false 0017) 0017: 15 1d 00 00000095 jeq 95 0035 (false 0018) 0018: 15 1c 00 0000007c jeq 7c 0035 (false 0019) 0019: 15 1b 00 00000157 jeq 157 0035 (false 001a) 001a: 15 1a 00 000000fd jeq fd 0035 (false 001b) 001b: 15 19 00 00000150 jeq 150 0035 (false 001c) 001c: 15 18 00 00000152 jeq 152 0035 (false 001d) 001d: 15 17 00 0000015d jeq 15d 0035 (false 001e) 001e: 15 16 00 0000011e jeq 11e 0035 (false 001f) 001f: 15 15 00 0000011f jeq 11f 0035 (false 0020) 0020: 15 14 00 00000120 jeq 120 0035 (false 0021) 0021: 15 13 00 00000056 jeq 56 0035 (false 0022) 0022: 15 12 00 00000033 jeq 33 0035 (false 0023) 0023: 15 11 00 0000007b jeq 7b 0035 (false 0024) 0024: 15 10 00 000000d9 jeq d9 0035 (false 0025) 0025: 15 0f 00 000000f5 jeq f5 0035 (false 0026) 0026: 15 0e 00 000000f6 jeq f6 0035 (false 0027) 0027: 15 0d 00 000000f7 jeq f7 0035 (false 0028) 0028: 15 0c 00 000000f8 jeq f8 0035 (false 0029) 0029: 15 0b 00 000000f9 jeq f9 0035 (false 002a) 002a: 15 0a 00 00000101 jeq 101 0035 (false 002b) 002b: 15 09 00 00000112 jeq 112 0035 (false 002c) 002c: 15 08 00 00000114 jeq 114 0035 (false 002d) 002d: 15 07 00 00000126 jeq 126 0035 (false 002e) 002e: 15 06 00 0000013d jeq 13d 0035 (false 002f) 002f: 15 05 00 0000013c jeq 13c 0035 (false 0030) 0030: 15 04 00 0000003d jeq 3d 0035 (false 0031) 0031: 15 03 00 00000058 jeq 58 0035 (false 0032) 0032: 15 02 00 000000a9 jeq a9 0035 (false 0033) 0033: 15 01 00 00000082 jeq 82 0035 (false 0034) 0034: 06 00 00 7fff0000 ret ALLOW 0035: 06 00 00 00000000 ret KILL Dual 32/64 bit seccomp filter configured configuring 72 seccomp entries in /run/firejail/mnt/seccomp/seccomp sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp (null) Dropping all capabilities Drop privileges: pid 131, uid 1000, gid 1001, nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005) 0005: 35 01 00 00000000 jge read 0007 (false 0006) 0006: 06 00 00 00050001 ret ERRNO(1) 0007: 15 3f 00 0000009f jeq adjtimex 0047 (false 0008) 0008: 15 3e 00 00000131 jeq clock_adjtime 0047 (false 0009) 0009: 15 3d 00 000000e3 jeq clock_settime 0047 (false 000a) 000a: 15 3c 00 000000a4 jeq settimeofday 0047 (false 000b) 000b: 15 3b 00 0000009a jeq modify_ldt 0047 (false 000c) 000c: 15 3a 00 000000d4 jeq lookup_dcookie 0047 (false 000d) 000d: 15 39 00 0000012a jeq perf_event_open 0047 (false 000e) 000e: 15 38 00 00000137 jeq process_vm_writev 0047 (false 000f) 000f: 15 37 00 000000b0 jeq delete_module 0047 (false 0010) 0010: 15 36 00 00000139 jeq finit_module 0047 (false 0011) 0011: 15 35 00 000000af jeq init_module 0047 (false 0012) 0012: 15 34 00 0000009c jeq _sysctl 0047 (false 0013) 0013: 15 33 00 000000b7 jeq afs_syscall 0047 (false 0014) 0014: 15 32 00 000000ae jeq create_module 0047 (false 0015) 0015: 15 31 00 000000b1 jeq get_kernel_syms 0047 (false 0016) 0016: 15 30 00 000000b5 jeq getpmsg 0047 (false 0017) 0017: 15 2f 00 000000b6 jeq putpmsg 0047 (false 0018) 0018: 15 2e 00 000000b2 jeq query_module 0047 (false 0019) 0019: 15 2d 00 000000b9 jeq security 0047 (false 001a) 001a: 15 2c 00 0000008b jeq sysfs 0047 (false 001b) 001b: 15 2b 00 000000b8 jeq tuxcall 0047 (false 001c) 001c: 15 2a 00 00000086 jeq uselib 0047 (false 001d) 001d: 15 29 00 00000088 jeq ustat 0047 (false 001e) 001e: 15 28 00 000000ec jeq vserver 0047 (false 001f) 001f: 15 27 00 000000ad jeq ioperm 0047 (false 0020) 0020: 15 26 00 000000ac jeq iopl 0047 (false 0021) 0021: 15 25 00 000000f6 jeq kexec_load 0047 (false 0022) 0022: 15 24 00 00000140 jeq kexec_file_load 0047 (false 0023) 0023: 15 23 00 000000a9 jeq reboot 0047 (false 0024) 0024: 15 22 00 000000a7 jeq swapon 0047 (false 0025) 0025: 15 21 00 000000a8 jeq swapoff 0047 (false 0026) 0026: 15 20 00 00000130 jeq open_by_handle_at 0047 (false 0027) 0027: 15 1f 00 0000012f jeq name_to_handle_at 0047 (false 0028) 0028: 15 1e 00 000000fb jeq ioprio_set 0047 (false 0029) 0029: 15 1d 00 00000067 jeq syslog 0047 (false 002a) 002a: 15 1c 00 0000012c jeq fanotify_init 0047 (false 002b) 002b: 15 1b 00 00000138 jeq kcmp 0047 (false 002c) 002c: 15 1a 00 000000f8 jeq add_key 0047 (false 002d) 002d: 15 19 00 000000f9 jeq request_key 0047 (false 002e) 002e: 15 18 00 000000ed jeq mbind 0047 (false 002f) 002f: 15 17 00 00000100 jeq migrate_pages 0047 (false 0030) 0030: 15 16 00 00000117 jeq move_pages 0047 (false 0031) 0031: 15 15 00 000000fa jeq keyctl 0047 (false 0032) 0032: 15 14 00 000000ce jeq io_setup 0047 (false 0033) 0033: 15 13 00 000000cf jeq io_destroy 0047 (false 0034) 0034: 15 12 00 000000d0 jeq io_getevents 0047 (false 0035) 0035: 15 11 00 000000d1 jeq io_submit 0047 (false 0036) 0036: 15 10 00 000000d2 jeq io_cancel 0047 (false 0037) 0037: 15 0f 00 000000d8 jeq remap_file_pages 0047 (false 0038) 0038: 15 0e 00 00000143 jeq userfaultfd 0047 (false 0039) 0039: 15 0d 00 000000a3 jeq acct 0047 (false 003a) 003a: 15 0c 00 00000141 jeq bpf 0047 (false 003b) 003b: 15 0b 00 000000a1 jeq chroot 0047 (false 003c) 003c: 15 0a 00 000000a5 jeq mount 0047 (false 003d) 003d: 15 09 00 000000b4 jeq nfsservctl 0047 (false 003e) 003e: 15 08 00 0000009b jeq pivot_root 0047 (false 003f) 003f: 15 07 00 000000ab jeq setdomainname 0047 (false 0040) 0040: 15 06 00 000000aa jeq sethostname 0047 (false 0041) 0041: 15 05 00 000000a6 jeq umount2 0047 (false 0042) 0042: 15 04 00 00000099 jeq vhangup 0047 (false 0043) 0043: 15 03 00 00000065 jeq ptrace 0047 (false 0044) 0044: 15 02 00 00000087 jeq personality 0047 (false 0045) 0045: 15 01 00 00000136 jeq process_vm_readv 0047 (false 0046) 0046: 06 00 00 7fff0000 ret ALLOW 0047: 06 00 01 00000000 ret KILL seccomp filter configured Mounting read-only /run/firejail/mnt/seccomp Dropping all capabilities noroot user namespace installed Dropping all capabilities NO_NEW_PRIVS set Drop privileges: pid 1, uid 1000, gid 1001, nogroups 1 No supplementary groups starting application LD_PRELOAD=(null) Running '/bin/bash' '--login' command through /bin/bash execvp argument 0: /bin/bash execvp argument 1: -c execvp argument 2: -- execvp argument 3: '/bin/bash' '--login' Installing /run/firejail/mnt/seccomp/seccomp seccomp filter Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter monitoring pid 132 ``` </details>
gitea-mirror commented 2026-05-05 09:00:36 -06:00
Author
Owner
Copy link

@fabienbarbero commented on GitHub (Apr 4, 2022):

Any news on this issue ??

I have the same problem on my project. When I execute multiple firejail simultaneously (multi thread) I have the EOF problem. And so, no problem when I execute a single instance.

<!-- gh-comment-id:1087678999 --> @fabienbarbero commented on GitHub (Apr 4, 2022): Any news on this issue ?? I have the same problem on my project. When I execute multiple firejail simultaneously (multi thread) I have the EOF problem. And so, no problem when I execute a single instance.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2319
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?