github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #3693] Kate - Read/Write problems in /home/ (ignores overrides?) #2327

New issue
Closed
opened 2026-05-05 09:00:57 -06:00 by gitea-mirror · 5 comments
gitea-mirror commented 2026-05-05 09:00:57 -06:00
Owner
Copy link

Originally created by @Utini2000 on GitHub (Oct 24, 2020).
Original GitHub issue: https://github.com/netblue30/firejail/issues/3693

Bug and expected behavior
Kate can't write into .zshrc or access most of the files/folders in /.config/
I also made a file /home/username/.config/firejail/kate.local:
noblacklist ${HOME}/.config noblacklist ${HOME}/.config/ noblacklist ${HOME}/.zshrc

No profile and disabling firejail

  • What changed calling firejail --noprofile /path/to/program in a terminal?
    Then everything works just fine
  • What changed calling the program by path (check which <program> or firejail --list while the sandbox is running)?
    /usr/local/bin/kate

Reproduce
Steps to reproduce the behavior:

  1. sudo firecfg
  2. Srun kate
  3. Try to write into .zshrc or open /.config/mpv/

Environment

  • Arch Linux - x86_64 Linux 5.8.16.a-1-hardened
  • firejail version 0.9.64

Additional context
Basically I want to have kate to run under all the standard rules from /etc/firejail/kate.profile while adding 2-3 rules by myself that override the stock profile (e.g. allowing to edit anything in /home/user/.config/)

Checklist

  • [ x ] The upstream profile (and redirect profile if exists) have no changes fixing it.
  • [ x ] The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
  • [ x ] Programs needed for interaction are listed in the profile.
  • [ x ] A short search for duplicates was performed.
  • [ x ] If it is a AppImage, --profile=PROFILENAME is used to set the right profile.
debug output 
Autoselecting /bin/zsh as shell
Building quoted command line: 'kate' 
Command name #kate#
Found kate.profile profile in /etc/firejail directory
Reading profile /etc/firejail/kate.profile
Found kate.local profile in /home/username_replaced/.config/firejail directory
Reading profile /home/username_replaced/.config/firejail/kate.local
Found disable-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-common.inc
Found disable-exec.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-exec.inc
Found disable-passwdmgr.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-passwdmgr.inc
Found disable-programs.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-programs.inc
Found whitelist-var-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-var-common.inc
DISPLAY=:0 parsed as 0
Using the local network stack
Parent pid 67581, child pid 67582
Initializing child process
Host network configured
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp directory
Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file
Build protocol filter: unix
sbox run: /run/firejail/lib/fseccomp protocol build unix /run/firejail/mnt/seccomp/seccomp.protocol 
Dropping all capabilities
Drop privileges: pid 2, uid 1000, gid 985, nogroups 1
No supplementary groups
Mounting /proc filesystem representing the PID namespace
Basic read-only filesystem:
Mounting read-only /etc
2705 1164 254:1 /etc /etc ro,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw
mountid=2705 fsname=/etc dir=/etc fstype=ext4
Mounting noexec /etc
2706 2705 254:1 /etc /etc ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw
mountid=2706 fsname=/etc dir=/etc fstype=ext4
Mounting read-only /var
2707 1164 254:1 /var /var ro,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw
mountid=2707 fsname=/var dir=/var fstype=ext4
Mounting noexec /var
2708 2707 254:1 /var /var ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw
mountid=2708 fsname=/var dir=/var fstype=ext4
Mounting read-only /usr
2709 1164 254:1 /usr /usr ro,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw
mountid=2709 fsname=/usr dir=/usr fstype=ext4
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Cleaning /run/user directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /home/username_replaced/.config/firejail
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/profile
Disable /run/firejail/x11
Mounting tmpfs on /dev
mounting /run/firejail/mnt/dev/dri directory
Process /dev/shm directory
Generate private-tmp whitelist commands
blacklist /run/firejail/dbus
Mounting read-only /proc/sys
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/power
Disable /sys/kernel/debug
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/sched_debug
Disable /proc/timer_list
Disable /proc/kallsyms
Disable /usr/lib/modules/5.9.1-arch1-1/build (requested /usr/src/linux)
Disable /usr/lib/modules (requested /lib/modules)
Disable /boot
Disable /run/user/1000/gnupg
Disable /run/user/1000/systemd
Disable /proc/kmsg
Debug 456: new_name #/var/lib/ca-certificates#, whitelist
Removed whitelist/nowhitelist path: whitelist /var/lib/ca-certificates
        expanded: /var/lib/ca-certificates
        real path: (null)
        realpath: No such file or directory
Debug 456: new_name #/var/lib/dbus#, whitelist
Debug 456: new_name #/var/lib/menu-xdg#, whitelist
Removed whitelist/nowhitelist path: whitelist /var/lib/menu-xdg
        expanded: /var/lib/menu-xdg
        real path: (null)
        realpath: No such file or directory
Debug 456: new_name #/var/lib/uim#, whitelist
Removed whitelist/nowhitelist path: whitelist /var/lib/uim
        expanded: /var/lib/uim
        real path: (null)
        realpath: No such file or directory
Debug 456: new_name #/var/cache/fontconfig#, whitelist
Debug 456: new_name #/var/tmp#, whitelist
Debug 456: new_name #/var/run#, whitelist
Replaced whitelist path: whitelist /run
Debug 456: new_name #/var/lock#, whitelist
Replaced whitelist path: whitelist /run/lock
Debug 456: new_name #/tmp/.X11-unix#, whitelist
Mounting tmpfs on /tmp directory
Mounting tmpfs on /var directory
Whitelisting /var/lib/dbus
2750 2749 254:1 /var/lib/dbus /var/lib/dbus ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw
mountid=2750 fsname=/var/lib/dbus dir=/var/lib/dbus fstype=ext4
Whitelisting /var/cache/fontconfig
2751 2749 254:1 /var/cache/fontconfig /var/cache/fontconfig ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw
mountid=2751 fsname=/var/cache/fontconfig dir=/var/cache/fontconfig fstype=ext4
Whitelisting /var/tmp
2752 2749 0:136 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw
mountid=2752 fsname=/ dir=/var/tmp fstype=tmpfs
Created symbolic link /var/run -> /run
Created symbolic link /var/lock -> /run/lock
Whitelisting /tmp/.X11-unix
2753 2693 0:47 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev master:31 - tmpfs tmpfs rw,size=16145976k,nr_inodes=409600
mountid=2753 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Disable /home/username_replaced/.local/share/Trash
Disable /home/username_replaced/.bash_history
Disable /home/username_replaced/.zsh_history
Disable /home/username_replaced/.histfile
Disable /home/username_replaced/.local/share/klipper
Disable /home/username_replaced/.config/autostart
Disable /home/username_replaced/.config/autostart-scripts
Disable /home/username_replaced/.config/plasma-workspace
Disable /home/username_replaced/.config/startupconfig
Disable /home/username_replaced/.config/startupconfigkeys
Disable /home/username_replaced/.xinitrc
Disable /home/username_replaced/.xprofile
Disable /etc/X11/Xsession.d
Disable /etc/xdg/autostart
Mounting read-only /home/username_replaced/.Xauthority
2770 2716 254:1 /home/username_replaced/.Xauthority /home/username_replaced/.Xauthority ro,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw
mountid=2770 fsname=/home/username_replaced/.Xauthority dir=/home/username_replaced/.Xauthority fstype=ext4
Disable /home/username_replaced/.config/khotkeysrc
Disable /home/username_replaced/.config/krunnerrc
Disable /home/username_replaced/.config/kscreenlockerrc
Disable /home/username_replaced/.config/kwalletrc
Disable /home/username_replaced/.config/kwinrc
Disable /home/username_replaced/.config/kwinrulesrc
Disable /home/username_replaced/.config/plasma-org.kde.plasma.desktop-appletsrc
Disable /home/username_replaced/.config/plasmashellrc
Disable /home/username_replaced/.local/share/kglobalaccel
Mounting read-only /home/username_replaced/.cache/ksycoca5_en_tV1a5zszZ0x3oFFJAB9SUeSPnDs=
2780 2716 254:1 /home/username_replaced/.cache/ksycoca5_en_tV1a5zszZ0x3oFFJAB9SUeSPnDs= /home/username_replaced/.cache/ksycoca5_en_tV1a5zszZ0x3oFFJAB9SUeSPnDs= ro,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw
mountid=2780 fsname=/home/username_replaced/.cache/ksycoca5_en_tV1a5zszZ0x3oFFJAB9SUeSPnDs= dir=/home/username_replaced/.cache/ksycoca5_en_tV1a5zszZ0x3oFFJAB9SUeSPnDs= fstype=ext4
Mounting read-only /home/username_replaced/.cache/ksycoca5_en-AT_mGdAOnAFisCWihcBi_AAXuqsM6g=
2781 2716 254:1 /home/username_replaced/.cache/ksycoca5_en-AT_mGdAOnAFisCWihcBi_AAXuqsM6g= /home/username_replaced/.cache/ksycoca5_en-AT_mGdAOnAFisCWihcBi_AAXuqsM6g= ro,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw
mountid=2781 fsname=/home/username_replaced/.cache/ksycoca5_en-AT_mGdAOnAFisCWihcBi_AAXuqsM6g= dir=/home/username_replaced/.cache/ksycoca5_en-AT_mGdAOnAFisCWihcBi_AAXuqsM6g= fstype=ext4
Mounting read-only /home/username_replaced/.cache/ksycoca5_en_mGdAOnAFisCWihcBi_AAXuqsM6g=
2782 2716 254:1 /home/username_replaced/.cache/ksycoca5_en_mGdAOnAFisCWihcBi_AAXuqsM6g= /home/username_replaced/.cache/ksycoca5_en_mGdAOnAFisCWihcBi_AAXuqsM6g= ro,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw
mountid=2782 fsname=/home/username_replaced/.cache/ksycoca5_en_mGdAOnAFisCWihcBi_AAXuqsM6g= dir=/home/username_replaced/.cache/ksycoca5_en_mGdAOnAFisCWihcBi_AAXuqsM6g= fstype=ext4
Mounting read-only /home/username_replaced/.config/kcm_touchpad.notifyrc
2783 2716 254:1 /home/username_replaced/.config/kcm_touchpad.notifyrc /home/username_replaced/.config/kcm_touchpad.notifyrc ro,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw
mountid=2783 fsname=/home/username_replaced/.config/kcm_touchpad.notifyrc dir=/home/username_replaced/.config/kcm_touchpad.notifyrc fstype=ext4
Mounting read-only /home/username_replaced/.config/plasmanotifyrc
2784 2716 254:1 /home/username_replaced/.config/plasmanotifyrc /home/username_replaced/.config/plasmanotifyrc ro,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw
mountid=2784 fsname=/home/username_replaced/.config/plasmanotifyrc dir=/home/username_replaced/.config/plasmanotifyrc fstype=ext4
Mounting read-only /home/username_replaced/.config/kdeglobals
2785 2716 254:1 /home/username_replaced/.config/kdeglobals /home/username_replaced/.config/kdeglobals ro,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw
mountid=2785 fsname=/home/username_replaced/.config/kdeglobals dir=/home/username_replaced/.config/kdeglobals fstype=ext4
Mounting read-only /home/username_replaced/.config/kio_httprc
2786 2716 254:1 /home/username_replaced/.config/kio_httprc /home/username_replaced/.config/kio_httprc ro,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw
mountid=2786 fsname=/home/username_replaced/.config/kio_httprc dir=/home/username_replaced/.config/kio_httprc fstype=ext4
Mounting read-only /home/username_replaced/.config/kiorc
2787 2716 254:1 /home/username_replaced/.config/kiorc /home/username_replaced/.config/kiorc ro,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw
mountid=2787 fsname=/home/username_replaced/.config/kiorc dir=/home/username_replaced/.config/kiorc fstype=ext4
Mounting read-only /home/username_replaced/.kde4/share/config/kdeglobals
2788 2716 254:1 /home/username_replaced/.kde4/share/config/kdeglobals /home/username_replaced/.kde4/share/config/kdeglobals ro,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw
mountid=2788 fsname=/home/username_replaced/.kde4/share/config/kdeglobals dir=/home/username_replaced/.kde4/share/config/kdeglobals fstype=ext4
Mounting read-only /home/username_replaced/.local/share/konsole
2789 2716 254:1 /home/username_replaced/.local/share/konsole /home/username_replaced/.local/share/konsole ro,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw
mountid=2789 fsname=/home/username_replaced/.local/share/konsole dir=/home/username_replaced/.local/share/konsole fstype=ext4
Disable /run/user/1000/klauncherflujTc.1.slave-socket
Disable /run/user/1000/kdeinit5__0
Mounting read-only /home/username_replaced/.config/dconf
2792 2716 254:1 /home/username_replaced/.config/dconf /home/username_replaced/.config/dconf ro,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw
mountid=2792 fsname=/home/username_replaced/.config/dconf dir=/home/username_replaced/.config/dconf fstype=ext4
Disable /home/username_replaced/.config/systemd
Disable /usr/bin/systemd-run
Disable /run/user/1000/systemd
Disable /home/username_replaced/.config/VirtualBox
Disable /home/username_replaced/VirtualBox VMs
Disable /home/username_replaced/.cache/libvirt
Disable /home/username_replaced/.config/libvirt
Disable /usr/bin/veracrypt
Disable /usr/share/applications/veracrypt.desktop
Disable /usr/share/pixmaps/veracrypt.xpm
Disable /etc/profile.d
Disable /etc/kernel
Disable /etc/grub.d
Disable /etc/dkms
Disable /etc/apparmor
Disable /etc/apparmor.d
Disable /etc/modules-load.d
Disable /etc/logrotate.d
Disable /etc/logrotate.conf
Mounting read-only /home/username_replaced/.bash_logout
2812 2716 254:1 /home/username_replaced/.bash_logout /home/username_replaced/.bash_logout ro,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw
mountid=2812 fsname=/home/username_replaced/.bash_logout dir=/home/username_replaced/.bash_logout fstype=ext4
Mounting read-only /home/username_replaced/.bash_profile
2813 2716 254:1 /home/username_replaced/.bash_profile /home/username_replaced/.bash_profile ro,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw
mountid=2813 fsname=/home/username_replaced/.bash_profile dir=/home/username_replaced/.bash_profile fstype=ext4
Mounting read-only /home/username_replaced/.bashrc
2814 2716 254:1 /home/username_replaced/.bashrc /home/username_replaced/.bashrc ro,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw
mountid=2814 fsname=/home/username_replaced/.bashrc dir=/home/username_replaced/.bashrc fstype=ext4
Mounting read-only /home/username_replaced/.zshrc
2815 2716 254:1 /home/username_replaced/.zshrc /home/username_replaced/.zshrc ro,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw
mountid=2815 fsname=/home/username_replaced/.zshrc dir=/home/username_replaced/.zshrc fstype=ext4
Mounting read-only /home/username_replaced/bin
2816 2716 254:1 /home/username_replaced/bin /home/username_replaced/bin ro,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw
mountid=2816 fsname=/home/username_replaced/bin dir=/home/username_replaced/bin fstype=ext4
Mounting read-only /home/username_replaced/.config/menus
2817 2716 254:1 /home/username_replaced/.config/menus /home/username_replaced/.config/menus ro,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw
mountid=2817 fsname=/home/username_replaced/.config/menus dir=/home/username_replaced/.config/menus fstype=ext4
Mounting read-only /home/username_replaced/.local/share/applications
2818 2716 254:1 /home/username_replaced/.local/share/applications /home/username_replaced/.local/share/applications ro,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw
mountid=2818 fsname=/home/username_replaced/.local/share/applications dir=/home/username_replaced/.local/share/applications fstype=ext4
Mounting read-only /home/username_replaced/.config/mimeapps.list
2819 2716 254:1 /home/username_replaced/.config/mimeapps.list /home/username_replaced/.config/mimeapps.list ro,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw
mountid=2819 fsname=/home/username_replaced/.config/mimeapps.list dir=/home/username_replaced/.config/mimeapps.list fstype=ext4
Mounting read-only /home/username_replaced/.config/user-dirs.dirs
2820 2716 254:1 /home/username_replaced/.config/user-dirs.dirs /home/username_replaced/.config/user-dirs.dirs ro,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw
mountid=2820 fsname=/home/username_replaced/.config/user-dirs.dirs dir=/home/username_replaced/.config/user-dirs.dirs fstype=ext4
Mounting read-only /home/username_replaced/.config/user-dirs.locale
2821 2716 254:1 /home/username_replaced/.config/user-dirs.locale /home/username_replaced/.config/user-dirs.locale ro,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw
mountid=2821 fsname=/home/username_replaced/.config/user-dirs.locale dir=/home/username_replaced/.config/user-dirs.locale fstype=ext4
Mounting read-only /home/username_replaced/.local/share/mime
2822 2716 254:1 /home/username_replaced/.local/share/mime /home/username_replaced/.local/share/mime ro,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw
mountid=2822 fsname=/home/username_replaced/.local/share/mime dir=/home/username_replaced/.local/share/mime fstype=ext4
Disable /home/username_replaced/.gnupg
Disable /home/username_replaced/.local/share/keyrings
Disable /home/username_replaced/.local/share/kwalletd
Disable /home/username_replaced/.netrc
Disable /home/username_replaced/.pki
Disable /home/username_replaced/.local/share/pki
Disable /home/username_replaced/.ssh
Disable /etc/group-
Disable /etc/gshadow
Disable /etc/gshadow-
Disable /etc/passwd-
Disable /etc/shadow
Disable /etc/shadow-
Disable /etc/ssh
Warning: /sbin directory link was not blacklisted
Disable /usr/local/sbin
Warning: /usr/sbin directory link was not blacklisted
Disable /usr/bin/chage
Disable /usr/bin/chfn
Disable /usr/bin/chsh
Disable /usr/bin/expiry
Disable /usr/bin/fusermount
Disable /usr/bin/gpasswd
Disable /usr/bin/ksu
Disable /usr/bin/mount
Disable /usr/bin/netcat (requested /usr/bin/nc)
Disable /usr/bin/newgidmap
Disable /usr/bin/newgrp
Disable /usr/bin/newuidmap
Disable /usr/bin/ntfs-3g
Disable /usr/bin/pkexec
Disable /usr/bin/sg
Disable /usr/bin/su
Disable /usr/bin/sudo
Disable /usr/bin/umount
Disable /usr/bin/unix_chkpwd
Disable /usr/bin/xev
Disable /usr/bin/xinput
Disable /usr/bin/bwrap
Disable /proc/config.gz
Disable /usr/bin/dig
Disable /usr/bin/nslookup
Disable /usr/bin/host
Disable /usr/bin/resolvectl
Mounting noexec /run/user/1000
2871 2865 0:23 /firejail/firejail.ro.file /run/user/1000/kdeinit5__0 rw,nosuid,nodev,relatime master:14 - tmpfs run rw,mode=755
mountid=2871 fsname=/firejail/firejail.ro.file dir=/run/user/1000/kdeinit5__0 fstype=tmpfs
Warning: not remounting /run/user/1000/gvfs
Mounting noexec /dev/shm
2872 2738 0:142 /shm /dev/shm rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755
mountid=2872 fsname=/shm dir=/dev/shm fstype=tmpfs
Mounting noexec /tmp
2874 2873 0:47 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev master:31 - tmpfs tmpfs rw,size=16145976k,nr_inodes=409600
mountid=2874 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Mounting noexec /tmp/.X11-unix
2875 2874 0:47 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev,noexec master:31 - tmpfs tmpfs rw,size=16145976k,nr_inodes=409600
mountid=2875 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Mounting noexec /var
2879 2876 0:136 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw
mountid=2879 fsname=/ dir=/var/tmp fstype=tmpfs
Disable /home/username_replaced/.config/keepassxc
Disable /home/username_replaced/.PlayOnLinux
Disable /home/username_replaced/.android
Disable /home/username_replaced/.config/GIMP
Disable /home/username_replaced/.config/Thunar
Disable /home/username_replaced/.config/VirtualBox
Disable /home/username_replaced/.config/akonadi
Disable /home/username_replaced/.config/akregatorrc
Disable /home/username_replaced/.config/baloofilerc
Disable /home/username_replaced/.config/blender
Disable /home/username_replaced/.config/cantata
Disable /home/username_replaced/.config/catfish
Disable /home/username_replaced/.config/discord
Disable /home/username_replaced/.config/dolphinrc
Disable /home/username_replaced/.config/emaildefaults
Disable /home/username_replaced/.config/emailidentities
Disable /home/username_replaced/.config/enchant
Disable /home/username_replaced/.config/gconf
Disable /home/username_replaced/.config/hexchat
Not blacklist /home/username_replaced/.config/katemetainfos
Not blacklist /home/username_replaced/.config/katepartrc
Not blacklist /home/username_replaced/.config/katerc
Not blacklist /home/username_replaced/.config/kateschemarc
Not blacklist /home/username_replaced/.config/katesyntaxhighlightingrc
Not blacklist /home/username_replaced/.config/katevirc
Disable /home/username_replaced/.config/kdenliverc
Disable /home/username_replaced/.config/kfindrc
Disable /home/username_replaced/.config/klipperrc
Disable /home/username_replaced/.config/kmail2rc
Disable /home/username_replaced/.config/kmailsearchindexingrc
Disable /home/username_replaced/.config/libreoffice
Disable /home/username_replaced/.config/mpd
Disable /home/username_replaced/.config/mpv
Disable /home/username_replaced/.config/obs-studio
Disable /home/username_replaced/.config/okularpartrc
Disable /home/username_replaced/.config/okularrc
Disable /home/username_replaced/.config/pavucontrol.ini
Disable /home/username_replaced/.config/qBittorrent
Disable /home/username_replaced/.config/qBittorrentrc
Disable /home/username_replaced/.config/skypeforlinux
Disable /home/username_replaced/.config/smplayer
Disable /home/username_replaced/.config/viewnior
Disable /home/username_replaced/.config/vlc
Disable /home/username_replaced/.config/youtube-dl
Disable /home/username_replaced/.local/share/Steam
Disable /home/username_replaced/.local/share/TelegramDesktop
Disable /home/username_replaced/.local/share/akonadi
Disable /home/username_replaced/.local/share/baloo
Disable /home/username_replaced/.local/share/cantata
Disable /home/username_replaced/.local/share/data/qBittorrent
Disable /home/username_replaced/.local/share/dolphin
Not blacklist /home/username_replaced/.local/share/kate
Disable /home/username_replaced/.local/share/kdenlive
Disable /home/username_replaced/.local/share/kmail2
Disable /home/username_replaced/.local/share/kxmlgui5/dolphin
Disable /home/username_replaced/.local/share/kxmlgui5/filelight
Disable /home/username_replaced/.local/share/kxmlgui5/partitionmanager
Disable /home/username_replaced/.local/share/kxmlgui5/kmail
Disable /home/username_replaced/.local/share/kxmlgui5/konsole
Disable /home/username_replaced/.local/share/kxmlgui5/kmenuedit
Disable /home/username_replaced/.local/share/meld
Disable /home/username_replaced/.local/share/okular
Disable /home/username_replaced/.local/share/plasma_notes
Disable /home/username_replaced/.local/share/vlc
Disable /home/username_replaced/.local/share/vulkan
Disable /home/username_replaced/.mozilla
Disable /home/username_replaced/.nanorc
Disable /home/username_replaced/.nv
Disable /home/username_replaced/.purple
Disable /home/username_replaced/.ssr
Disable /home/username_replaced/.steam
Disable /home/username_replaced/.thunderbird
Disable /home/username_replaced/.wget-hsts
Disable /home/username_replaced/.wine
Disable /home/username_replaced/.cache/cantata
Disable /home/username_replaced/.cache/keepassxc
Disable /home/username_replaced/.cache/kinfocenter
Disable /home/username_replaced/.cache/kscreenlocker_greet
Disable /home/username_replaced/.cache/ksmserver-logout-greeter
Disable /home/username_replaced/.cache/ksplashqml
Disable /home/username_replaced/.cache/kwin
Disable /home/username_replaced/.cache/mozilla
Disable /home/username_replaced/.cache/plasmashell
Disable /home/username_replaced/.cache/systemsettings
Disable /home/username_replaced/.cache/vlc
Mounting read-only /tmp/.X11-unix
2958 2875 0:47 /.X11-unix /tmp/.X11-unix ro,nosuid,nodev,noexec master:31 - tmpfs tmpfs rw,size=16145976k,nr_inodes=409600
mountid=2958 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Disable /sys/fs
Disable /sys/module
disable pulseaudio
blacklist /home/username_replaced/.config/pulse
blacklist /run/user/1000/pulse/native
blacklist /run/user/1000/pulse
Create the new ld.so.preload file
Blacklist violations are logged to syslog
Mount the new ld.so.preload file
Current directory: /home/username_replaced
DISPLAY=:0 parsed as 0
Install protocol filter: unix
configuring 16 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol
sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol 
Dropping all capabilities
Drop privileges: pid 3, uid 1000, gid 985, nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 04 00 c000003e   jeq ARCH_64 0006 (false 0002)
 0002: 20 00 00 00000000   ld  data.syscall-number
 0003: 15 01 00 00000167   jeq unknown 0005 (false 0004)
 0004: 06 00 00 7fff0000   ret ALLOW
 0005: 05 00 00 00000006   jmp 000c
 0006: 20 00 00 00000004   ld  data.architecture
 0007: 15 01 00 c000003e   jeq ARCH_64 0009 (false 0008)
 0008: 06 00 00 7fff0000   ret ALLOW
 0009: 20 00 00 00000000   ld  data.syscall-number
 000a: 15 01 00 00000029   jeq socket 000c (false 000b)
 000b: 06 00 00 7fff0000   ret ALLOW
 000c: 20 00 00 00000010   ld  data.args[0]
 000d: 15 00 01 00000001   jeq 1 000e (false 000f)
 000e: 06 00 00 7fff0000   ret ALLOW
 000f: 06 00 00 0005005f   ret ERRNO(95)
configuring 101 seccomp entries in /run/firejail/mnt/seccomp/seccomp.32
sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.32 
Dropping all capabilities
Drop privileges: pid 4, uid 1000, gid 985, nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 40000003   jeq ARCH_32 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 15 00 01 00000015   jeq 15 0005 (false 0006)
 0005: 06 00 00 00000001   ret KILL
 0006: 15 00 01 00000034   jeq 34 0007 (false 0008)
 0007: 06 00 00 00000001   ret KILL
 0008: 15 00 01 0000001a   jeq 1a 0009 (false 000a)
 0009: 06 00 00 00000001   ret KILL
 000a: 15 00 01 0000011b   jeq 11b 000b (false 000c)
 000b: 06 00 00 00000001   ret KILL
 000c: 15 00 01 00000155   jeq 155 000d (false 000e)
 000d: 06 00 00 00000001   ret KILL
 000e: 15 00 01 00000156   jeq 156 000f (false 0010)
 000f: 06 00 00 00000001   ret KILL
 0010: 15 00 01 0000007f   jeq 7f 0011 (false 0012)
 0011: 06 00 00 00000001   ret KILL
 0012: 15 00 01 00000080   jeq 80 0013 (false 0014)
 0013: 06 00 00 00000001   ret KILL
 0014: 15 00 01 0000015e   jeq 15e 0015 (false 0016)
 0015: 06 00 00 00000001   ret KILL
 0016: 15 00 01 00000081   jeq 81 0017 (false 0018)
 0017: 06 00 00 00000001   ret KILL
 0018: 15 00 01 0000006e   jeq 6e 0019 (false 001a)
 0019: 06 00 00 00000001   ret KILL
 001a: 15 00 01 00000065   jeq 65 001b (false 001c)
 001b: 06 00 00 00000001   ret KILL
 001c: 15 00 01 00000121   jeq 121 001d (false 001e)
 001d: 06 00 00 00000001   ret KILL
 001e: 15 00 01 00000057   jeq 57 001f (false 0020)
 001f: 06 00 00 00000001   ret KILL
 0020: 15 00 01 00000073   jeq 73 0021 (false 0022)
 0021: 06 00 00 00000001   ret KILL
 0022: 15 00 01 00000067   jeq 67 0023 (false 0024)
 0023: 06 00 00 00000001   ret KILL
 0024: 15 00 01 0000015b   jeq 15b 0025 (false 0026)
 0025: 06 00 00 00000001   ret KILL
 0026: 15 00 01 0000015c   jeq 15c 0027 (false 0028)
 0027: 06 00 00 00000001   ret KILL
 0028: 15 00 01 00000087   jeq 87 0029 (false 002a)
 0029: 06 00 00 00000001   ret KILL
 002a: 15 00 01 00000095   jeq 95 002b (false 002c)
 002b: 06 00 00 00000001   ret KILL
 002c: 15 00 01 0000007c   jeq 7c 002d (false 002e)
 002d: 06 00 00 00000001   ret KILL
 002e: 15 00 01 00000157   jeq 157 002f (false 0030)
 002f: 06 00 00 00000001   ret KILL
 0030: 15 00 01 000000fd   jeq fd 0031 (false 0032)
 0031: 06 00 00 00000001   ret KILL
 0032: 15 00 01 00000150   jeq 150 0033 (false 0034)
 0033: 06 00 00 00000001   ret KILL
 0034: 15 00 01 00000152   jeq 152 0035 (false 0036)
 0035: 06 00 00 00000001   ret KILL
 0036: 15 00 01 0000015d   jeq 15d 0037 (false 0038)
 0037: 06 00 00 00000001   ret KILL
 0038: 15 00 01 0000011e   jeq 11e 0039 (false 003a)
 0039: 06 00 00 00000001   ret KILL
 003a: 15 00 01 0000011f   jeq 11f 003b (false 003c)
 003b: 06 00 00 00000001   ret KILL
 003c: 15 00 01 00000120   jeq 120 003d (false 003e)
 003d: 06 00 00 00000001   ret KILL
 003e: 15 00 01 00000056   jeq 56 003f (false 0040)
 003f: 06 00 00 00000001   ret KILL
 0040: 15 00 01 00000033   jeq 33 0041 (false 0042)
 0041: 06 00 00 00000001   ret KILL
 0042: 15 00 01 0000007b   jeq 7b 0043 (false 0044)
 0043: 06 00 00 00000001   ret KILL
 0044: 15 00 01 000000d9   jeq d9 0045 (false 0046)
 0045: 06 00 00 00000001   ret KILL
 0046: 15 00 01 000000f5   jeq f5 0047 (false 0048)
 0047: 06 00 00 00000001   ret KILL
 0048: 15 00 01 000000f6   jeq f6 0049 (false 004a)
 0049: 06 00 00 00000001   ret KILL
 004a: 15 00 01 000000f7   jeq f7 004b (false 004c)
 004b: 06 00 00 00000001   ret KILL
 004c: 15 00 01 000000f8   jeq f8 004d (false 004e)
 004d: 06 00 00 00000001   ret KILL
 004e: 15 00 01 000000f9   jeq f9 004f (false 0050)
 004f: 06 00 00 00000001   ret KILL
 0050: 15 00 01 00000101   jeq 101 0051 (false 0052)
 0051: 06 00 00 00000001   ret KILL
 0052: 15 00 01 00000112   jeq 112 0053 (false 0054)
 0053: 06 00 00 00000001   ret KILL
 0054: 15 00 01 00000114   jeq 114 0055 (false 0056)
 0055: 06 00 00 00000001   ret KILL
 0056: 15 00 01 00000126   jeq 126 0057 (false 0058)
 0057: 06 00 00 00000001   ret KILL
 0058: 15 00 01 0000013d   jeq 13d 0059 (false 005a)
 0059: 06 00 00 00000001   ret KILL
 005a: 15 00 01 0000013c   jeq 13c 005b (false 005c)
 005b: 06 00 00 00000001   ret KILL
 005c: 15 00 01 0000003d   jeq 3d 005d (false 005e)
 005d: 06 00 00 00000001   ret KILL
 005e: 15 00 01 00000058   jeq 58 005f (false 0060)
 005f: 06 00 00 00000001   ret KILL
 0060: 15 00 01 000000a9   jeq a9 0061 (false 0062)
 0061: 06 00 00 00000001   ret KILL
 0062: 15 00 01 00000082   jeq 82 0063 (false 0064)
 0063: 06 00 00 00000001   ret KILL
 0064: 06 00 00 7fff0000   ret ALLOW
Dual 32/64 bit seccomp filter configured
configuring 134 seccomp entries in /run/firejail/mnt/seccomp/seccomp
sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp 
Dropping all capabilities
Drop privileges: pid 5, uid 1000, gid 985, nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 35 01 00 40000000   jge X32_ABI 0006 (false 0005)
 0005: 35 01 00 00000000   jge read 0007 (false 0006)
 0006: 06 00 00 00050001   ret ERRNO(1)
 0007: 15 00 01 0000009f   jeq adjtimex 0008 (false 0009)
 0008: 06 00 00 00000001   ret KILL
 0009: 15 00 01 00000131   jeq clock_adjtime 000a (false 000b)
 000a: 06 00 00 00000001   ret KILL
 000b: 15 00 01 000000e3   jeq clock_settime 000c (false 000d)
 000c: 06 00 00 00000001   ret KILL
 000d: 15 00 01 000000a4   jeq settimeofday 000e (false 000f)
 000e: 06 00 00 00000001   ret KILL
 000f: 15 00 01 0000009a   jeq modify_ldt 0010 (false 0011)
 0010: 06 00 00 00000001   ret KILL
 0011: 15 00 01 000000d4   jeq lookup_dcookie 0012 (false 0013)
 0012: 06 00 00 00000001   ret KILL
 0013: 15 00 01 0000012a   jeq perf_event_open 0014 (false 0015)
 0014: 06 00 00 00000001   ret KILL
 0015: 15 00 01 00000137   jeq process_vm_writev 0016 (false 0017)
 0016: 06 00 00 00000001   ret KILL
 0017: 15 00 01 000000b0   jeq delete_module 0018 (false 0019)
 0018: 06 00 00 00000001   ret KILL
 0019: 15 00 01 00000139   jeq finit_module 001a (false 001b)
 001a: 06 00 00 00000001   ret KILL
 001b: 15 00 01 000000af   jeq init_module 001c (false 001d)
 001c: 06 00 00 00000001   ret KILL
 001d: 15 00 01 000000a1   jeq chroot 001e (false 001f)
 001e: 06 00 00 00000001   ret KILL
 001f: 15 00 01 000000a5   jeq mount 0020 (false 0021)
 0020: 06 00 00 00000001   ret KILL
 0021: 15 00 01 0000009b   jeq pivot_root 0022 (false 0023)
 0022: 06 00 00 00000001   ret KILL
 0023: 15 00 01 000000a6   jeq umount2 0024 (false 0025)
 0024: 06 00 00 00000001   ret KILL
 0025: 15 00 01 0000009c   jeq _sysctl 0026 (false 0027)
 0026: 06 00 00 00000001   ret KILL
 0027: 15 00 01 000000b7   jeq afs_syscall 0028 (false 0029)
 0028: 06 00 00 00000001   ret KILL
 0029: 15 00 01 000000ae   jeq create_module 002a (false 002b)
 002a: 06 00 00 00000001   ret KILL
 002b: 15 00 01 000000b1   jeq get_kernel_syms 002c (false 002d)
 002c: 06 00 00 00000001   ret KILL
 002d: 15 00 01 000000b5   jeq getpmsg 002e (false 002f)
 002e: 06 00 00 00000001   ret KILL
 002f: 15 00 01 000000b6   jeq putpmsg 0030 (false 0031)
 0030: 06 00 00 00000001   ret KILL
 0031: 15 00 01 000000b2   jeq query_module 0032 (false 0033)
 0032: 06 00 00 00000001   ret KILL
 0033: 15 00 01 000000b9   jeq security 0034 (false 0035)
 0034: 06 00 00 00000001   ret KILL
 0035: 15 00 01 0000008b   jeq sysfs 0036 (false 0037)
 0036: 06 00 00 00000001   ret KILL
 0037: 15 00 01 000000b8   jeq tuxcall 0038 (false 0039)
 0038: 06 00 00 00000001   ret KILL
 0039: 15 00 01 00000086   jeq uselib 003a (false 003b)
 003a: 06 00 00 00000001   ret KILL
 003b: 15 00 01 00000088   jeq ustat 003c (false 003d)
 003c: 06 00 00 00000001   ret KILL
 003d: 15 00 01 000000ec   jeq vserver 003e (false 003f)
 003e: 06 00 00 00000001   ret KILL
 003f: 15 00 01 000000ad   jeq ioperm 0040 (false 0041)
 0040: 06 00 00 00000001   ret KILL
 0041: 15 00 01 000000ac   jeq iopl 0042 (false 0043)
 0042: 06 00 00 00000001   ret KILL
 0043: 15 00 01 000000f6   jeq kexec_load 0044 (false 0045)
 0044: 06 00 00 00000001   ret KILL
 0045: 15 00 01 00000140   jeq kexec_file_load 0046 (false 0047)
 0046: 06 00 00 00000001   ret KILL
 0047: 15 00 01 000000a9   jeq reboot 0048 (false 0049)
 0048: 06 00 00 00000001   ret KILL
 0049: 15 00 01 000000a7   jeq swapon 004a (false 004b)
 004a: 06 00 00 00000001   ret KILL
 004b: 15 00 01 000000a8   jeq swapoff 004c (false 004d)
 004c: 06 00 00 00000001   ret KILL
 004d: 15 00 01 00000130   jeq open_by_handle_at 004e (false 004f)
 004e: 06 00 00 00000001   ret KILL
 004f: 15 00 01 0000012f   jeq name_to_handle_at 0050 (false 0051)
 0050: 06 00 00 00000001   ret KILL
 0051: 15 00 01 000000fb   jeq ioprio_set 0052 (false 0053)
 0052: 06 00 00 00000001   ret KILL
 0053: 15 00 01 00000067   jeq syslog 0054 (false 0055)
 0054: 06 00 00 00000001   ret KILL
 0055: 15 00 01 0000012c   jeq fanotify_init 0056 (false 0057)
 0056: 06 00 00 00000001   ret KILL
 0057: 15 00 01 00000138   jeq kcmp 0058 (false 0059)
 0058: 06 00 00 00000001   ret KILL
 0059: 15 00 01 000000f8   jeq add_key 005a (false 005b)
 005a: 06 00 00 00000001   ret KILL
 005b: 15 00 01 000000f9   jeq request_key 005c (false 005d)
 005c: 06 00 00 00000001   ret KILL
 005d: 15 00 01 000000ed   jeq mbind 005e (false 005f)
 005e: 06 00 00 00000001   ret KILL
 005f: 15 00 01 00000100   jeq migrate_pages 0060 (false 0061)
 0060: 06 00 00 00000001   ret KILL
 0061: 15 00 01 00000117   jeq move_pages 0062 (false 0063)
 0062: 06 00 00 00000001   ret KILL
 0063: 15 00 01 000000fa   jeq keyctl 0064 (false 0065)
 0064: 06 00 00 00000001   ret KILL
 0065: 15 00 01 000000ce   jeq io_setup 0066 (false 0067)
 0066: 06 00 00 00000001   ret KILL
 0067: 15 00 01 000000cf   jeq io_destroy 0068 (false 0069)
 0068: 06 00 00 00000001   ret KILL
 0069: 15 00 01 000000d0   jeq io_getevents 006a (false 006b)
 006a: 06 00 00 00000001   ret KILL
 006b: 15 00 01 000000d1   jeq io_submit 006c (false 006d)
 006c: 06 00 00 00000001   ret KILL
 006d: 15 00 01 000000d2   jeq io_cancel 006e (false 006f)
 006e: 06 00 00 00000001   ret KILL
 006f: 15 00 01 000000d8   jeq remap_file_pages 0070 (false 0071)
 0070: 06 00 00 00000001   ret KILL
 0071: 15 00 01 00000143   jeq userfaultfd 0072 (false 0073)
 0072: 06 00 00 00000001   ret KILL
 0073: 15 00 01 000000a3   jeq acct 0074 (false 0075)
 0074: 06 00 00 00000001   ret KILL
 0075: 15 00 01 00000141   jeq bpf 0076 (false 0077)
 0076: 06 00 00 00000001   ret KILL
 0077: 15 00 01 000000b4   jeq nfsservctl 0078 (false 0079)
 0078: 06 00 00 00000001   ret KILL
 0079: 15 00 01 000000ab   jeq setdomainname 007a (false 007b)
 007a: 06 00 00 00000001   ret KILL
 007b: 15 00 01 000000aa   jeq sethostname 007c (false 007d)
 007c: 06 00 00 00000001   ret KILL
 007d: 15 00 01 00000099   jeq vhangup 007e (false 007f)
 007e: 06 00 00 00000001   ret KILL
 007f: 15 00 01 00000065   jeq ptrace 0080 (false 0081)
 0080: 06 00 00 00000001   ret KILL
 0081: 15 00 01 00000087   jeq personality 0082 (false 0083)
 0082: 06 00 00 00000001   ret KILL
 0083: 15 00 01 00000136   jeq process_vm_readv 0084 (false 0085)
 0084: 06 00 00 00000001   ret KILL
 0085: 06 00 00 7fff0000   ret ALLOW
seccomp filter configured
Mounting read-only /run/firejail/mnt/seccomp
2965 2702 0:133 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755
mountid=2965 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs
Seccomp directory:
ls /run/firejail/mnt/seccomp
drwxr-xr-x root     root             160 .
drwxr-xr-x root     root             340 ..
-rw-r--r-- username_replaced   users           1072 seccomp
-rw-r--r-- username_replaced   users            808 seccomp.32
-rw-r--r-- username_replaced   users            114 seccomp.list
-rw-r--r-- username_replaced   users              0 seccomp.postexec
-rw-r--r-- username_replaced   users              0 seccomp.postexec32
-rw-r--r-- username_replaced   users            128 seccomp.protocol
Active seccomp files:
cat /run/firejail/mnt/seccomp/seccomp.list
/run/firejail/mnt/seccomp/seccomp.protocol
/run/firejail/mnt/seccomp/seccomp.32
/run/firejail/mnt/seccomp/seccomp
Dropping all capabilities
noroot user namespace installed
Dropping all capabilities
NO_NEW_PRIVS set
Drop privileges: pid 1, uid 1000, gid 985, nogroups 1
No supplementary groups
starting application
LD_PRELOAD=(null)
execvp argument 0: kate
Child process initialized in 54.62 ms
Searching $PATH for kate
trying #/usr/local/sbin/kate#
trying #/usr/local/bin/kate#
Installing /run/firejail/mnt/seccomp/seccomp seccomp filter
Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter
Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter
Warning: an existing sandbox was detected. /usr/bin/kate will run without any additional sandboxing features
monitoring pid 6

UdevQt: unable to create udev monitor connection
kf.kio.slaves.tags: tag fetch failed: "Failed to open the database"
kf.kio.slaves.tags: "tags:/" list() invalid url
kf.kio.core: We got some errors while running testparm "Weak crypto is allowed\nERROR: lock directory /var/cache/samba does not exist\n\nERROR: state directory /var/lib/samba does not exist\n\nERROR: cache directory /var/cache/samba does not exist"
kf.kio.core: We got some errors while running 'net usershare info'
kf.kio.core: "ERROR: Could not determine network interfaces, you must use a interfaces config line\n"
kf.kio.core: "Could not enter folder tags:/."
Qt: Session management error: networkIdsList argument is NULL
kf.notifications: Audio notification requested, but sound file from notifyrc file was not found, aborting audio notification
kf.notifications: Audio notification requested, but sound file from notifyrc file was not found, aborting audio notification
Sandbox monitor: waitpid 6 retval 6 status 0

Parent is shutting down, bye...
Originally created by @Utini2000 on GitHub (Oct 24, 2020). Original GitHub issue: https://github.com/netblue30/firejail/issues/3693 **Bug and expected behavior** Kate can't write into .zshrc or access most of the files/folders in /.config/ I also made a file /home/username/.config/firejail/kate.local: ` noblacklist ${HOME}/.config noblacklist ${HOME}/.config/ noblacklist ${HOME}/.zshrc ` **No profile and disabling firejail** - What changed calling `firejail --noprofile /path/to/program` in a terminal? Then everything works just fine - What changed calling the program by path (check `which <program>` or `firejail --list` while the sandbox is running)? /usr/local/bin/kate **Reproduce** Steps to reproduce the behavior: 1. sudo firecfg 2. Srun kate 3. Try to write into .zshrc or open /.config/mpv/ **Environment** - Arch Linux - x86_64 Linux 5.8.16.a-1-hardened - firejail version 0.9.64 **Additional context** Basically I want to have kate to run under all the standard rules from /etc/firejail/kate.profile while adding 2-3 rules by myself that override the stock profile (e.g. allowing to edit anything in /home/user/.config/) **Checklist** - [ x ] The upstream profile (and redirect profile if exists) have no changes fixing it. - [ x ] The program has a profile. (If not, request one in `https://github.com/netblue30/firejail/issues/1139`) - [ x ] Programs needed for interaction are listed in the profile. - [ x ] A short search for duplicates was performed. - [ x ] If it is a AppImage, `--profile=PROFILENAME` is used to set the right profile. <details><summary> debug output </summary> ``` Autoselecting /bin/zsh as shell Building quoted command line: 'kate' Command name #kate# Found kate.profile profile in /etc/firejail directory Reading profile /etc/firejail/kate.profile Found kate.local profile in /home/username_replaced/.config/firejail directory Reading profile /home/username_replaced/.config/firejail/kate.local Found disable-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-common.inc Found disable-exec.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-exec.inc Found disable-passwdmgr.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-passwdmgr.inc Found disable-programs.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-programs.inc Found whitelist-var-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-var-common.inc DISPLAY=:0 parsed as 0 Using the local network stack Parent pid 67581, child pid 67582 Initializing child process Host network configured PID namespace installed Mounting tmpfs on /run/firejail/mnt directory Creating empty /run/firejail/mnt/seccomp directory Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file Build protocol filter: unix sbox run: /run/firejail/lib/fseccomp protocol build unix /run/firejail/mnt/seccomp/seccomp.protocol Dropping all capabilities Drop privileges: pid 2, uid 1000, gid 985, nogroups 1 No supplementary groups Mounting /proc filesystem representing the PID namespace Basic read-only filesystem: Mounting read-only /etc 2705 1164 254:1 /etc /etc ro,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw mountid=2705 fsname=/etc dir=/etc fstype=ext4 Mounting noexec /etc 2706 2705 254:1 /etc /etc ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw mountid=2706 fsname=/etc dir=/etc fstype=ext4 Mounting read-only /var 2707 1164 254:1 /var /var ro,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw mountid=2707 fsname=/var dir=/var fstype=ext4 Mounting noexec /var 2708 2707 254:1 /var /var ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw mountid=2708 fsname=/var dir=/var fstype=ext4 Mounting read-only /usr 2709 1164 254:1 /usr /usr ro,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw mountid=2709 fsname=/usr dir=/usr fstype=ext4 Mounting tmpfs on /var/lock Mounting tmpfs on /var/tmp Mounting tmpfs on /var/log Create the new utmp file Mount the new utmp file Cleaning /home directory Cleaning /run/user directory Sanitizing /etc/passwd, UID_MIN 1000 Sanitizing /etc/group, GID_MIN 1000 Disable /home/username_replaced/.config/firejail Disable /run/firejail/network Disable /run/firejail/bandwidth Disable /run/firejail/name Disable /run/firejail/profile Disable /run/firejail/x11 Mounting tmpfs on /dev mounting /run/firejail/mnt/dev/dri directory Process /dev/shm directory Generate private-tmp whitelist commands blacklist /run/firejail/dbus Mounting read-only /proc/sys Remounting /sys directory Disable /sys/firmware Disable /sys/hypervisor Disable /sys/power Disable /sys/kernel/debug Disable /proc/sys/fs/binfmt_misc Disable /proc/sys/kernel/core_pattern Disable /proc/sys/kernel/modprobe Disable /proc/sysrq-trigger Disable /proc/sys/vm/panic_on_oom Disable /proc/irq Disable /proc/bus Disable /proc/sched_debug Disable /proc/timer_list Disable /proc/kallsyms Disable /usr/lib/modules/5.9.1-arch1-1/build (requested /usr/src/linux) Disable /usr/lib/modules (requested /lib/modules) Disable /boot Disable /run/user/1000/gnupg Disable /run/user/1000/systemd Disable /proc/kmsg Debug 456: new_name #/var/lib/ca-certificates#, whitelist Removed whitelist/nowhitelist path: whitelist /var/lib/ca-certificates expanded: /var/lib/ca-certificates real path: (null) realpath: No such file or directory Debug 456: new_name #/var/lib/dbus#, whitelist Debug 456: new_name #/var/lib/menu-xdg#, whitelist Removed whitelist/nowhitelist path: whitelist /var/lib/menu-xdg expanded: /var/lib/menu-xdg real path: (null) realpath: No such file or directory Debug 456: new_name #/var/lib/uim#, whitelist Removed whitelist/nowhitelist path: whitelist /var/lib/uim expanded: /var/lib/uim real path: (null) realpath: No such file or directory Debug 456: new_name #/var/cache/fontconfig#, whitelist Debug 456: new_name #/var/tmp#, whitelist Debug 456: new_name #/var/run#, whitelist Replaced whitelist path: whitelist /run Debug 456: new_name #/var/lock#, whitelist Replaced whitelist path: whitelist /run/lock Debug 456: new_name #/tmp/.X11-unix#, whitelist Mounting tmpfs on /tmp directory Mounting tmpfs on /var directory Whitelisting /var/lib/dbus 2750 2749 254:1 /var/lib/dbus /var/lib/dbus ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw mountid=2750 fsname=/var/lib/dbus dir=/var/lib/dbus fstype=ext4 Whitelisting /var/cache/fontconfig 2751 2749 254:1 /var/cache/fontconfig /var/cache/fontconfig ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw mountid=2751 fsname=/var/cache/fontconfig dir=/var/cache/fontconfig fstype=ext4 Whitelisting /var/tmp 2752 2749 0:136 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw mountid=2752 fsname=/ dir=/var/tmp fstype=tmpfs Created symbolic link /var/run -> /run Created symbolic link /var/lock -> /run/lock Whitelisting /tmp/.X11-unix 2753 2693 0:47 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev master:31 - tmpfs tmpfs rw,size=16145976k,nr_inodes=409600 mountid=2753 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Disable /home/username_replaced/.local/share/Trash Disable /home/username_replaced/.bash_history Disable /home/username_replaced/.zsh_history Disable /home/username_replaced/.histfile Disable /home/username_replaced/.local/share/klipper Disable /home/username_replaced/.config/autostart Disable /home/username_replaced/.config/autostart-scripts Disable /home/username_replaced/.config/plasma-workspace Disable /home/username_replaced/.config/startupconfig Disable /home/username_replaced/.config/startupconfigkeys Disable /home/username_replaced/.xinitrc Disable /home/username_replaced/.xprofile Disable /etc/X11/Xsession.d Disable /etc/xdg/autostart Mounting read-only /home/username_replaced/.Xauthority 2770 2716 254:1 /home/username_replaced/.Xauthority /home/username_replaced/.Xauthority ro,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw mountid=2770 fsname=/home/username_replaced/.Xauthority dir=/home/username_replaced/.Xauthority fstype=ext4 Disable /home/username_replaced/.config/khotkeysrc Disable /home/username_replaced/.config/krunnerrc Disable /home/username_replaced/.config/kscreenlockerrc Disable /home/username_replaced/.config/kwalletrc Disable /home/username_replaced/.config/kwinrc Disable /home/username_replaced/.config/kwinrulesrc Disable /home/username_replaced/.config/plasma-org.kde.plasma.desktop-appletsrc Disable /home/username_replaced/.config/plasmashellrc Disable /home/username_replaced/.local/share/kglobalaccel Mounting read-only /home/username_replaced/.cache/ksycoca5_en_tV1a5zszZ0x3oFFJAB9SUeSPnDs= 2780 2716 254:1 /home/username_replaced/.cache/ksycoca5_en_tV1a5zszZ0x3oFFJAB9SUeSPnDs= /home/username_replaced/.cache/ksycoca5_en_tV1a5zszZ0x3oFFJAB9SUeSPnDs= ro,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw mountid=2780 fsname=/home/username_replaced/.cache/ksycoca5_en_tV1a5zszZ0x3oFFJAB9SUeSPnDs= dir=/home/username_replaced/.cache/ksycoca5_en_tV1a5zszZ0x3oFFJAB9SUeSPnDs= fstype=ext4 Mounting read-only /home/username_replaced/.cache/ksycoca5_en-AT_mGdAOnAFisCWihcBi_AAXuqsM6g= 2781 2716 254:1 /home/username_replaced/.cache/ksycoca5_en-AT_mGdAOnAFisCWihcBi_AAXuqsM6g= /home/username_replaced/.cache/ksycoca5_en-AT_mGdAOnAFisCWihcBi_AAXuqsM6g= ro,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw mountid=2781 fsname=/home/username_replaced/.cache/ksycoca5_en-AT_mGdAOnAFisCWihcBi_AAXuqsM6g= dir=/home/username_replaced/.cache/ksycoca5_en-AT_mGdAOnAFisCWihcBi_AAXuqsM6g= fstype=ext4 Mounting read-only /home/username_replaced/.cache/ksycoca5_en_mGdAOnAFisCWihcBi_AAXuqsM6g= 2782 2716 254:1 /home/username_replaced/.cache/ksycoca5_en_mGdAOnAFisCWihcBi_AAXuqsM6g= /home/username_replaced/.cache/ksycoca5_en_mGdAOnAFisCWihcBi_AAXuqsM6g= ro,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw mountid=2782 fsname=/home/username_replaced/.cache/ksycoca5_en_mGdAOnAFisCWihcBi_AAXuqsM6g= dir=/home/username_replaced/.cache/ksycoca5_en_mGdAOnAFisCWihcBi_AAXuqsM6g= fstype=ext4 Mounting read-only /home/username_replaced/.config/kcm_touchpad.notifyrc 2783 2716 254:1 /home/username_replaced/.config/kcm_touchpad.notifyrc /home/username_replaced/.config/kcm_touchpad.notifyrc ro,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw mountid=2783 fsname=/home/username_replaced/.config/kcm_touchpad.notifyrc dir=/home/username_replaced/.config/kcm_touchpad.notifyrc fstype=ext4 Mounting read-only /home/username_replaced/.config/plasmanotifyrc 2784 2716 254:1 /home/username_replaced/.config/plasmanotifyrc /home/username_replaced/.config/plasmanotifyrc ro,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw mountid=2784 fsname=/home/username_replaced/.config/plasmanotifyrc dir=/home/username_replaced/.config/plasmanotifyrc fstype=ext4 Mounting read-only /home/username_replaced/.config/kdeglobals 2785 2716 254:1 /home/username_replaced/.config/kdeglobals /home/username_replaced/.config/kdeglobals ro,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw mountid=2785 fsname=/home/username_replaced/.config/kdeglobals dir=/home/username_replaced/.config/kdeglobals fstype=ext4 Mounting read-only /home/username_replaced/.config/kio_httprc 2786 2716 254:1 /home/username_replaced/.config/kio_httprc /home/username_replaced/.config/kio_httprc ro,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw mountid=2786 fsname=/home/username_replaced/.config/kio_httprc dir=/home/username_replaced/.config/kio_httprc fstype=ext4 Mounting read-only /home/username_replaced/.config/kiorc 2787 2716 254:1 /home/username_replaced/.config/kiorc /home/username_replaced/.config/kiorc ro,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw mountid=2787 fsname=/home/username_replaced/.config/kiorc dir=/home/username_replaced/.config/kiorc fstype=ext4 Mounting read-only /home/username_replaced/.kde4/share/config/kdeglobals 2788 2716 254:1 /home/username_replaced/.kde4/share/config/kdeglobals /home/username_replaced/.kde4/share/config/kdeglobals ro,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw mountid=2788 fsname=/home/username_replaced/.kde4/share/config/kdeglobals dir=/home/username_replaced/.kde4/share/config/kdeglobals fstype=ext4 Mounting read-only /home/username_replaced/.local/share/konsole 2789 2716 254:1 /home/username_replaced/.local/share/konsole /home/username_replaced/.local/share/konsole ro,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw mountid=2789 fsname=/home/username_replaced/.local/share/konsole dir=/home/username_replaced/.local/share/konsole fstype=ext4 Disable /run/user/1000/klauncherflujTc.1.slave-socket Disable /run/user/1000/kdeinit5__0 Mounting read-only /home/username_replaced/.config/dconf 2792 2716 254:1 /home/username_replaced/.config/dconf /home/username_replaced/.config/dconf ro,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw mountid=2792 fsname=/home/username_replaced/.config/dconf dir=/home/username_replaced/.config/dconf fstype=ext4 Disable /home/username_replaced/.config/systemd Disable /usr/bin/systemd-run Disable /run/user/1000/systemd Disable /home/username_replaced/.config/VirtualBox Disable /home/username_replaced/VirtualBox VMs Disable /home/username_replaced/.cache/libvirt Disable /home/username_replaced/.config/libvirt Disable /usr/bin/veracrypt Disable /usr/share/applications/veracrypt.desktop Disable /usr/share/pixmaps/veracrypt.xpm Disable /etc/profile.d Disable /etc/kernel Disable /etc/grub.d Disable /etc/dkms Disable /etc/apparmor Disable /etc/apparmor.d Disable /etc/modules-load.d Disable /etc/logrotate.d Disable /etc/logrotate.conf Mounting read-only /home/username_replaced/.bash_logout 2812 2716 254:1 /home/username_replaced/.bash_logout /home/username_replaced/.bash_logout ro,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw mountid=2812 fsname=/home/username_replaced/.bash_logout dir=/home/username_replaced/.bash_logout fstype=ext4 Mounting read-only /home/username_replaced/.bash_profile 2813 2716 254:1 /home/username_replaced/.bash_profile /home/username_replaced/.bash_profile ro,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw mountid=2813 fsname=/home/username_replaced/.bash_profile dir=/home/username_replaced/.bash_profile fstype=ext4 Mounting read-only /home/username_replaced/.bashrc 2814 2716 254:1 /home/username_replaced/.bashrc /home/username_replaced/.bashrc ro,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw mountid=2814 fsname=/home/username_replaced/.bashrc dir=/home/username_replaced/.bashrc fstype=ext4 Mounting read-only /home/username_replaced/.zshrc 2815 2716 254:1 /home/username_replaced/.zshrc /home/username_replaced/.zshrc ro,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw mountid=2815 fsname=/home/username_replaced/.zshrc dir=/home/username_replaced/.zshrc fstype=ext4 Mounting read-only /home/username_replaced/bin 2816 2716 254:1 /home/username_replaced/bin /home/username_replaced/bin ro,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw mountid=2816 fsname=/home/username_replaced/bin dir=/home/username_replaced/bin fstype=ext4 Mounting read-only /home/username_replaced/.config/menus 2817 2716 254:1 /home/username_replaced/.config/menus /home/username_replaced/.config/menus ro,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw mountid=2817 fsname=/home/username_replaced/.config/menus dir=/home/username_replaced/.config/menus fstype=ext4 Mounting read-only /home/username_replaced/.local/share/applications 2818 2716 254:1 /home/username_replaced/.local/share/applications /home/username_replaced/.local/share/applications ro,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw mountid=2818 fsname=/home/username_replaced/.local/share/applications dir=/home/username_replaced/.local/share/applications fstype=ext4 Mounting read-only /home/username_replaced/.config/mimeapps.list 2819 2716 254:1 /home/username_replaced/.config/mimeapps.list /home/username_replaced/.config/mimeapps.list ro,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw mountid=2819 fsname=/home/username_replaced/.config/mimeapps.list dir=/home/username_replaced/.config/mimeapps.list fstype=ext4 Mounting read-only /home/username_replaced/.config/user-dirs.dirs 2820 2716 254:1 /home/username_replaced/.config/user-dirs.dirs /home/username_replaced/.config/user-dirs.dirs ro,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw mountid=2820 fsname=/home/username_replaced/.config/user-dirs.dirs dir=/home/username_replaced/.config/user-dirs.dirs fstype=ext4 Mounting read-only /home/username_replaced/.config/user-dirs.locale 2821 2716 254:1 /home/username_replaced/.config/user-dirs.locale /home/username_replaced/.config/user-dirs.locale ro,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw mountid=2821 fsname=/home/username_replaced/.config/user-dirs.locale dir=/home/username_replaced/.config/user-dirs.locale fstype=ext4 Mounting read-only /home/username_replaced/.local/share/mime 2822 2716 254:1 /home/username_replaced/.local/share/mime /home/username_replaced/.local/share/mime ro,relatime master:1 - ext4 /dev/mapper/MyVolumeGroups-root rw mountid=2822 fsname=/home/username_replaced/.local/share/mime dir=/home/username_replaced/.local/share/mime fstype=ext4 Disable /home/username_replaced/.gnupg Disable /home/username_replaced/.local/share/keyrings Disable /home/username_replaced/.local/share/kwalletd Disable /home/username_replaced/.netrc Disable /home/username_replaced/.pki Disable /home/username_replaced/.local/share/pki Disable /home/username_replaced/.ssh Disable /etc/group- Disable /etc/gshadow Disable /etc/gshadow- Disable /etc/passwd- Disable /etc/shadow Disable /etc/shadow- Disable /etc/ssh Warning: /sbin directory link was not blacklisted Disable /usr/local/sbin Warning: /usr/sbin directory link was not blacklisted Disable /usr/bin/chage Disable /usr/bin/chfn Disable /usr/bin/chsh Disable /usr/bin/expiry Disable /usr/bin/fusermount Disable /usr/bin/gpasswd Disable /usr/bin/ksu Disable /usr/bin/mount Disable /usr/bin/netcat (requested /usr/bin/nc) Disable /usr/bin/newgidmap Disable /usr/bin/newgrp Disable /usr/bin/newuidmap Disable /usr/bin/ntfs-3g Disable /usr/bin/pkexec Disable /usr/bin/sg Disable /usr/bin/su Disable /usr/bin/sudo Disable /usr/bin/umount Disable /usr/bin/unix_chkpwd Disable /usr/bin/xev Disable /usr/bin/xinput Disable /usr/bin/bwrap Disable /proc/config.gz Disable /usr/bin/dig Disable /usr/bin/nslookup Disable /usr/bin/host Disable /usr/bin/resolvectl Mounting noexec /run/user/1000 2871 2865 0:23 /firejail/firejail.ro.file /run/user/1000/kdeinit5__0 rw,nosuid,nodev,relatime master:14 - tmpfs run rw,mode=755 mountid=2871 fsname=/firejail/firejail.ro.file dir=/run/user/1000/kdeinit5__0 fstype=tmpfs Warning: not remounting /run/user/1000/gvfs Mounting noexec /dev/shm 2872 2738 0:142 /shm /dev/shm rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755 mountid=2872 fsname=/shm dir=/dev/shm fstype=tmpfs Mounting noexec /tmp 2874 2873 0:47 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev master:31 - tmpfs tmpfs rw,size=16145976k,nr_inodes=409600 mountid=2874 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Mounting noexec /tmp/.X11-unix 2875 2874 0:47 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev,noexec master:31 - tmpfs tmpfs rw,size=16145976k,nr_inodes=409600 mountid=2875 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Mounting noexec /var 2879 2876 0:136 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw mountid=2879 fsname=/ dir=/var/tmp fstype=tmpfs Disable /home/username_replaced/.config/keepassxc Disable /home/username_replaced/.PlayOnLinux Disable /home/username_replaced/.android Disable /home/username_replaced/.config/GIMP Disable /home/username_replaced/.config/Thunar Disable /home/username_replaced/.config/VirtualBox Disable /home/username_replaced/.config/akonadi Disable /home/username_replaced/.config/akregatorrc Disable /home/username_replaced/.config/baloofilerc Disable /home/username_replaced/.config/blender Disable /home/username_replaced/.config/cantata Disable /home/username_replaced/.config/catfish Disable /home/username_replaced/.config/discord Disable /home/username_replaced/.config/dolphinrc Disable /home/username_replaced/.config/emaildefaults Disable /home/username_replaced/.config/emailidentities Disable /home/username_replaced/.config/enchant Disable /home/username_replaced/.config/gconf Disable /home/username_replaced/.config/hexchat Not blacklist /home/username_replaced/.config/katemetainfos Not blacklist /home/username_replaced/.config/katepartrc Not blacklist /home/username_replaced/.config/katerc Not blacklist /home/username_replaced/.config/kateschemarc Not blacklist /home/username_replaced/.config/katesyntaxhighlightingrc Not blacklist /home/username_replaced/.config/katevirc Disable /home/username_replaced/.config/kdenliverc Disable /home/username_replaced/.config/kfindrc Disable /home/username_replaced/.config/klipperrc Disable /home/username_replaced/.config/kmail2rc Disable /home/username_replaced/.config/kmailsearchindexingrc Disable /home/username_replaced/.config/libreoffice Disable /home/username_replaced/.config/mpd Disable /home/username_replaced/.config/mpv Disable /home/username_replaced/.config/obs-studio Disable /home/username_replaced/.config/okularpartrc Disable /home/username_replaced/.config/okularrc Disable /home/username_replaced/.config/pavucontrol.ini Disable /home/username_replaced/.config/qBittorrent Disable /home/username_replaced/.config/qBittorrentrc Disable /home/username_replaced/.config/skypeforlinux Disable /home/username_replaced/.config/smplayer Disable /home/username_replaced/.config/viewnior Disable /home/username_replaced/.config/vlc Disable /home/username_replaced/.config/youtube-dl Disable /home/username_replaced/.local/share/Steam Disable /home/username_replaced/.local/share/TelegramDesktop Disable /home/username_replaced/.local/share/akonadi Disable /home/username_replaced/.local/share/baloo Disable /home/username_replaced/.local/share/cantata Disable /home/username_replaced/.local/share/data/qBittorrent Disable /home/username_replaced/.local/share/dolphin Not blacklist /home/username_replaced/.local/share/kate Disable /home/username_replaced/.local/share/kdenlive Disable /home/username_replaced/.local/share/kmail2 Disable /home/username_replaced/.local/share/kxmlgui5/dolphin Disable /home/username_replaced/.local/share/kxmlgui5/filelight Disable /home/username_replaced/.local/share/kxmlgui5/partitionmanager Disable /home/username_replaced/.local/share/kxmlgui5/kmail Disable /home/username_replaced/.local/share/kxmlgui5/konsole Disable /home/username_replaced/.local/share/kxmlgui5/kmenuedit Disable /home/username_replaced/.local/share/meld Disable /home/username_replaced/.local/share/okular Disable /home/username_replaced/.local/share/plasma_notes Disable /home/username_replaced/.local/share/vlc Disable /home/username_replaced/.local/share/vulkan Disable /home/username_replaced/.mozilla Disable /home/username_replaced/.nanorc Disable /home/username_replaced/.nv Disable /home/username_replaced/.purple Disable /home/username_replaced/.ssr Disable /home/username_replaced/.steam Disable /home/username_replaced/.thunderbird Disable /home/username_replaced/.wget-hsts Disable /home/username_replaced/.wine Disable /home/username_replaced/.cache/cantata Disable /home/username_replaced/.cache/keepassxc Disable /home/username_replaced/.cache/kinfocenter Disable /home/username_replaced/.cache/kscreenlocker_greet Disable /home/username_replaced/.cache/ksmserver-logout-greeter Disable /home/username_replaced/.cache/ksplashqml Disable /home/username_replaced/.cache/kwin Disable /home/username_replaced/.cache/mozilla Disable /home/username_replaced/.cache/plasmashell Disable /home/username_replaced/.cache/systemsettings Disable /home/username_replaced/.cache/vlc Mounting read-only /tmp/.X11-unix 2958 2875 0:47 /.X11-unix /tmp/.X11-unix ro,nosuid,nodev,noexec master:31 - tmpfs tmpfs rw,size=16145976k,nr_inodes=409600 mountid=2958 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Disable /sys/fs Disable /sys/module disable pulseaudio blacklist /home/username_replaced/.config/pulse blacklist /run/user/1000/pulse/native blacklist /run/user/1000/pulse Create the new ld.so.preload file Blacklist violations are logged to syslog Mount the new ld.so.preload file Current directory: /home/username_replaced DISPLAY=:0 parsed as 0 Install protocol filter: unix configuring 16 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol Dropping all capabilities Drop privileges: pid 3, uid 1000, gid 985, nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 04 00 c000003e jeq ARCH_64 0006 (false 0002) 0002: 20 00 00 00000000 ld data.syscall-number 0003: 15 01 00 00000167 jeq unknown 0005 (false 0004) 0004: 06 00 00 7fff0000 ret ALLOW 0005: 05 00 00 00000006 jmp 000c 0006: 20 00 00 00000004 ld data.architecture 0007: 15 01 00 c000003e jeq ARCH_64 0009 (false 0008) 0008: 06 00 00 7fff0000 ret ALLOW 0009: 20 00 00 00000000 ld data.syscall-number 000a: 15 01 00 00000029 jeq socket 000c (false 000b) 000b: 06 00 00 7fff0000 ret ALLOW 000c: 20 00 00 00000010 ld data.args[0] 000d: 15 00 01 00000001 jeq 1 000e (false 000f) 000e: 06 00 00 7fff0000 ret ALLOW 000f: 06 00 00 0005005f ret ERRNO(95) configuring 101 seccomp entries in /run/firejail/mnt/seccomp/seccomp.32 sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.32 Dropping all capabilities Drop privileges: pid 4, uid 1000, gid 985, nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 40000003 jeq ARCH_32 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 15 00 01 00000015 jeq 15 0005 (false 0006) 0005: 06 00 00 00000001 ret KILL 0006: 15 00 01 00000034 jeq 34 0007 (false 0008) 0007: 06 00 00 00000001 ret KILL 0008: 15 00 01 0000001a jeq 1a 0009 (false 000a) 0009: 06 00 00 00000001 ret KILL 000a: 15 00 01 0000011b jeq 11b 000b (false 000c) 000b: 06 00 00 00000001 ret KILL 000c: 15 00 01 00000155 jeq 155 000d (false 000e) 000d: 06 00 00 00000001 ret KILL 000e: 15 00 01 00000156 jeq 156 000f (false 0010) 000f: 06 00 00 00000001 ret KILL 0010: 15 00 01 0000007f jeq 7f 0011 (false 0012) 0011: 06 00 00 00000001 ret KILL 0012: 15 00 01 00000080 jeq 80 0013 (false 0014) 0013: 06 00 00 00000001 ret KILL 0014: 15 00 01 0000015e jeq 15e 0015 (false 0016) 0015: 06 00 00 00000001 ret KILL 0016: 15 00 01 00000081 jeq 81 0017 (false 0018) 0017: 06 00 00 00000001 ret KILL 0018: 15 00 01 0000006e jeq 6e 0019 (false 001a) 0019: 06 00 00 00000001 ret KILL 001a: 15 00 01 00000065 jeq 65 001b (false 001c) 001b: 06 00 00 00000001 ret KILL 001c: 15 00 01 00000121 jeq 121 001d (false 001e) 001d: 06 00 00 00000001 ret KILL 001e: 15 00 01 00000057 jeq 57 001f (false 0020) 001f: 06 00 00 00000001 ret KILL 0020: 15 00 01 00000073 jeq 73 0021 (false 0022) 0021: 06 00 00 00000001 ret KILL 0022: 15 00 01 00000067 jeq 67 0023 (false 0024) 0023: 06 00 00 00000001 ret KILL 0024: 15 00 01 0000015b jeq 15b 0025 (false 0026) 0025: 06 00 00 00000001 ret KILL 0026: 15 00 01 0000015c jeq 15c 0027 (false 0028) 0027: 06 00 00 00000001 ret KILL 0028: 15 00 01 00000087 jeq 87 0029 (false 002a) 0029: 06 00 00 00000001 ret KILL 002a: 15 00 01 00000095 jeq 95 002b (false 002c) 002b: 06 00 00 00000001 ret KILL 002c: 15 00 01 0000007c jeq 7c 002d (false 002e) 002d: 06 00 00 00000001 ret KILL 002e: 15 00 01 00000157 jeq 157 002f (false 0030) 002f: 06 00 00 00000001 ret KILL 0030: 15 00 01 000000fd jeq fd 0031 (false 0032) 0031: 06 00 00 00000001 ret KILL 0032: 15 00 01 00000150 jeq 150 0033 (false 0034) 0033: 06 00 00 00000001 ret KILL 0034: 15 00 01 00000152 jeq 152 0035 (false 0036) 0035: 06 00 00 00000001 ret KILL 0036: 15 00 01 0000015d jeq 15d 0037 (false 0038) 0037: 06 00 00 00000001 ret KILL 0038: 15 00 01 0000011e jeq 11e 0039 (false 003a) 0039: 06 00 00 00000001 ret KILL 003a: 15 00 01 0000011f jeq 11f 003b (false 003c) 003b: 06 00 00 00000001 ret KILL 003c: 15 00 01 00000120 jeq 120 003d (false 003e) 003d: 06 00 00 00000001 ret KILL 003e: 15 00 01 00000056 jeq 56 003f (false 0040) 003f: 06 00 00 00000001 ret KILL 0040: 15 00 01 00000033 jeq 33 0041 (false 0042) 0041: 06 00 00 00000001 ret KILL 0042: 15 00 01 0000007b jeq 7b 0043 (false 0044) 0043: 06 00 00 00000001 ret KILL 0044: 15 00 01 000000d9 jeq d9 0045 (false 0046) 0045: 06 00 00 00000001 ret KILL 0046: 15 00 01 000000f5 jeq f5 0047 (false 0048) 0047: 06 00 00 00000001 ret KILL 0048: 15 00 01 000000f6 jeq f6 0049 (false 004a) 0049: 06 00 00 00000001 ret KILL 004a: 15 00 01 000000f7 jeq f7 004b (false 004c) 004b: 06 00 00 00000001 ret KILL 004c: 15 00 01 000000f8 jeq f8 004d (false 004e) 004d: 06 00 00 00000001 ret KILL 004e: 15 00 01 000000f9 jeq f9 004f (false 0050) 004f: 06 00 00 00000001 ret KILL 0050: 15 00 01 00000101 jeq 101 0051 (false 0052) 0051: 06 00 00 00000001 ret KILL 0052: 15 00 01 00000112 jeq 112 0053 (false 0054) 0053: 06 00 00 00000001 ret KILL 0054: 15 00 01 00000114 jeq 114 0055 (false 0056) 0055: 06 00 00 00000001 ret KILL 0056: 15 00 01 00000126 jeq 126 0057 (false 0058) 0057: 06 00 00 00000001 ret KILL 0058: 15 00 01 0000013d jeq 13d 0059 (false 005a) 0059: 06 00 00 00000001 ret KILL 005a: 15 00 01 0000013c jeq 13c 005b (false 005c) 005b: 06 00 00 00000001 ret KILL 005c: 15 00 01 0000003d jeq 3d 005d (false 005e) 005d: 06 00 00 00000001 ret KILL 005e: 15 00 01 00000058 jeq 58 005f (false 0060) 005f: 06 00 00 00000001 ret KILL 0060: 15 00 01 000000a9 jeq a9 0061 (false 0062) 0061: 06 00 00 00000001 ret KILL 0062: 15 00 01 00000082 jeq 82 0063 (false 0064) 0063: 06 00 00 00000001 ret KILL 0064: 06 00 00 7fff0000 ret ALLOW Dual 32/64 bit seccomp filter configured configuring 134 seccomp entries in /run/firejail/mnt/seccomp/seccomp sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp Dropping all capabilities Drop privileges: pid 5, uid 1000, gid 985, nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005) 0005: 35 01 00 00000000 jge read 0007 (false 0006) 0006: 06 00 00 00050001 ret ERRNO(1) 0007: 15 00 01 0000009f jeq adjtimex 0008 (false 0009) 0008: 06 00 00 00000001 ret KILL 0009: 15 00 01 00000131 jeq clock_adjtime 000a (false 000b) 000a: 06 00 00 00000001 ret KILL 000b: 15 00 01 000000e3 jeq clock_settime 000c (false 000d) 000c: 06 00 00 00000001 ret KILL 000d: 15 00 01 000000a4 jeq settimeofday 000e (false 000f) 000e: 06 00 00 00000001 ret KILL 000f: 15 00 01 0000009a jeq modify_ldt 0010 (false 0011) 0010: 06 00 00 00000001 ret KILL 0011: 15 00 01 000000d4 jeq lookup_dcookie 0012 (false 0013) 0012: 06 00 00 00000001 ret KILL 0013: 15 00 01 0000012a jeq perf_event_open 0014 (false 0015) 0014: 06 00 00 00000001 ret KILL 0015: 15 00 01 00000137 jeq process_vm_writev 0016 (false 0017) 0016: 06 00 00 00000001 ret KILL 0017: 15 00 01 000000b0 jeq delete_module 0018 (false 0019) 0018: 06 00 00 00000001 ret KILL 0019: 15 00 01 00000139 jeq finit_module 001a (false 001b) 001a: 06 00 00 00000001 ret KILL 001b: 15 00 01 000000af jeq init_module 001c (false 001d) 001c: 06 00 00 00000001 ret KILL 001d: 15 00 01 000000a1 jeq chroot 001e (false 001f) 001e: 06 00 00 00000001 ret KILL 001f: 15 00 01 000000a5 jeq mount 0020 (false 0021) 0020: 06 00 00 00000001 ret KILL 0021: 15 00 01 0000009b jeq pivot_root 0022 (false 0023) 0022: 06 00 00 00000001 ret KILL 0023: 15 00 01 000000a6 jeq umount2 0024 (false 0025) 0024: 06 00 00 00000001 ret KILL 0025: 15 00 01 0000009c jeq _sysctl 0026 (false 0027) 0026: 06 00 00 00000001 ret KILL 0027: 15 00 01 000000b7 jeq afs_syscall 0028 (false 0029) 0028: 06 00 00 00000001 ret KILL 0029: 15 00 01 000000ae jeq create_module 002a (false 002b) 002a: 06 00 00 00000001 ret KILL 002b: 15 00 01 000000b1 jeq get_kernel_syms 002c (false 002d) 002c: 06 00 00 00000001 ret KILL 002d: 15 00 01 000000b5 jeq getpmsg 002e (false 002f) 002e: 06 00 00 00000001 ret KILL 002f: 15 00 01 000000b6 jeq putpmsg 0030 (false 0031) 0030: 06 00 00 00000001 ret KILL 0031: 15 00 01 000000b2 jeq query_module 0032 (false 0033) 0032: 06 00 00 00000001 ret KILL 0033: 15 00 01 000000b9 jeq security 0034 (false 0035) 0034: 06 00 00 00000001 ret KILL 0035: 15 00 01 0000008b jeq sysfs 0036 (false 0037) 0036: 06 00 00 00000001 ret KILL 0037: 15 00 01 000000b8 jeq tuxcall 0038 (false 0039) 0038: 06 00 00 00000001 ret KILL 0039: 15 00 01 00000086 jeq uselib 003a (false 003b) 003a: 06 00 00 00000001 ret KILL 003b: 15 00 01 00000088 jeq ustat 003c (false 003d) 003c: 06 00 00 00000001 ret KILL 003d: 15 00 01 000000ec jeq vserver 003e (false 003f) 003e: 06 00 00 00000001 ret KILL 003f: 15 00 01 000000ad jeq ioperm 0040 (false 0041) 0040: 06 00 00 00000001 ret KILL 0041: 15 00 01 000000ac jeq iopl 0042 (false 0043) 0042: 06 00 00 00000001 ret KILL 0043: 15 00 01 000000f6 jeq kexec_load 0044 (false 0045) 0044: 06 00 00 00000001 ret KILL 0045: 15 00 01 00000140 jeq kexec_file_load 0046 (false 0047) 0046: 06 00 00 00000001 ret KILL 0047: 15 00 01 000000a9 jeq reboot 0048 (false 0049) 0048: 06 00 00 00000001 ret KILL 0049: 15 00 01 000000a7 jeq swapon 004a (false 004b) 004a: 06 00 00 00000001 ret KILL 004b: 15 00 01 000000a8 jeq swapoff 004c (false 004d) 004c: 06 00 00 00000001 ret KILL 004d: 15 00 01 00000130 jeq open_by_handle_at 004e (false 004f) 004e: 06 00 00 00000001 ret KILL 004f: 15 00 01 0000012f jeq name_to_handle_at 0050 (false 0051) 0050: 06 00 00 00000001 ret KILL 0051: 15 00 01 000000fb jeq ioprio_set 0052 (false 0053) 0052: 06 00 00 00000001 ret KILL 0053: 15 00 01 00000067 jeq syslog 0054 (false 0055) 0054: 06 00 00 00000001 ret KILL 0055: 15 00 01 0000012c jeq fanotify_init 0056 (false 0057) 0056: 06 00 00 00000001 ret KILL 0057: 15 00 01 00000138 jeq kcmp 0058 (false 0059) 0058: 06 00 00 00000001 ret KILL 0059: 15 00 01 000000f8 jeq add_key 005a (false 005b) 005a: 06 00 00 00000001 ret KILL 005b: 15 00 01 000000f9 jeq request_key 005c (false 005d) 005c: 06 00 00 00000001 ret KILL 005d: 15 00 01 000000ed jeq mbind 005e (false 005f) 005e: 06 00 00 00000001 ret KILL 005f: 15 00 01 00000100 jeq migrate_pages 0060 (false 0061) 0060: 06 00 00 00000001 ret KILL 0061: 15 00 01 00000117 jeq move_pages 0062 (false 0063) 0062: 06 00 00 00000001 ret KILL 0063: 15 00 01 000000fa jeq keyctl 0064 (false 0065) 0064: 06 00 00 00000001 ret KILL 0065: 15 00 01 000000ce jeq io_setup 0066 (false 0067) 0066: 06 00 00 00000001 ret KILL 0067: 15 00 01 000000cf jeq io_destroy 0068 (false 0069) 0068: 06 00 00 00000001 ret KILL 0069: 15 00 01 000000d0 jeq io_getevents 006a (false 006b) 006a: 06 00 00 00000001 ret KILL 006b: 15 00 01 000000d1 jeq io_submit 006c (false 006d) 006c: 06 00 00 00000001 ret KILL 006d: 15 00 01 000000d2 jeq io_cancel 006e (false 006f) 006e: 06 00 00 00000001 ret KILL 006f: 15 00 01 000000d8 jeq remap_file_pages 0070 (false 0071) 0070: 06 00 00 00000001 ret KILL 0071: 15 00 01 00000143 jeq userfaultfd 0072 (false 0073) 0072: 06 00 00 00000001 ret KILL 0073: 15 00 01 000000a3 jeq acct 0074 (false 0075) 0074: 06 00 00 00000001 ret KILL 0075: 15 00 01 00000141 jeq bpf 0076 (false 0077) 0076: 06 00 00 00000001 ret KILL 0077: 15 00 01 000000b4 jeq nfsservctl 0078 (false 0079) 0078: 06 00 00 00000001 ret KILL 0079: 15 00 01 000000ab jeq setdomainname 007a (false 007b) 007a: 06 00 00 00000001 ret KILL 007b: 15 00 01 000000aa jeq sethostname 007c (false 007d) 007c: 06 00 00 00000001 ret KILL 007d: 15 00 01 00000099 jeq vhangup 007e (false 007f) 007e: 06 00 00 00000001 ret KILL 007f: 15 00 01 00000065 jeq ptrace 0080 (false 0081) 0080: 06 00 00 00000001 ret KILL 0081: 15 00 01 00000087 jeq personality 0082 (false 0083) 0082: 06 00 00 00000001 ret KILL 0083: 15 00 01 00000136 jeq process_vm_readv 0084 (false 0085) 0084: 06 00 00 00000001 ret KILL 0085: 06 00 00 7fff0000 ret ALLOW seccomp filter configured Mounting read-only /run/firejail/mnt/seccomp 2965 2702 0:133 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755 mountid=2965 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs Seccomp directory: ls /run/firejail/mnt/seccomp drwxr-xr-x root root 160 . drwxr-xr-x root root 340 .. -rw-r--r-- username_replaced users 1072 seccomp -rw-r--r-- username_replaced users 808 seccomp.32 -rw-r--r-- username_replaced users 114 seccomp.list -rw-r--r-- username_replaced users 0 seccomp.postexec -rw-r--r-- username_replaced users 0 seccomp.postexec32 -rw-r--r-- username_replaced users 128 seccomp.protocol Active seccomp files: cat /run/firejail/mnt/seccomp/seccomp.list /run/firejail/mnt/seccomp/seccomp.protocol /run/firejail/mnt/seccomp/seccomp.32 /run/firejail/mnt/seccomp/seccomp Dropping all capabilities noroot user namespace installed Dropping all capabilities NO_NEW_PRIVS set Drop privileges: pid 1, uid 1000, gid 985, nogroups 1 No supplementary groups starting application LD_PRELOAD=(null) execvp argument 0: kate Child process initialized in 54.62 ms Searching $PATH for kate trying #/usr/local/sbin/kate# trying #/usr/local/bin/kate# Installing /run/firejail/mnt/seccomp/seccomp seccomp filter Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter Warning: an existing sandbox was detected. /usr/bin/kate will run without any additional sandboxing features monitoring pid 6 UdevQt: unable to create udev monitor connection kf.kio.slaves.tags: tag fetch failed: "Failed to open the database" kf.kio.slaves.tags: "tags:/" list() invalid url kf.kio.core: We got some errors while running testparm "Weak crypto is allowed\nERROR: lock directory /var/cache/samba does not exist\n\nERROR: state directory /var/lib/samba does not exist\n\nERROR: cache directory /var/cache/samba does not exist" kf.kio.core: We got some errors while running 'net usershare info' kf.kio.core: "ERROR: Could not determine network interfaces, you must use a interfaces config line\n" kf.kio.core: "Could not enter folder tags:/." Qt: Session management error: networkIdsList argument is NULL kf.notifications: Audio notification requested, but sound file from notifyrc file was not found, aborting audio notification kf.notifications: Audio notification requested, but sound file from notifyrc file was not found, aborting audio notification Sandbox monitor: waitpid 6 retval 6 status 0 Parent is shutting down, bye... ``` </details>
gitea-mirror 2026-05-05 09:00:57 -06:00
gitea-mirror commented 2026-05-05 09:01:01 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Oct 24, 2020):

Basically I want to have kate to run under all the standard rules from /etc/firejail/kate.profile while adding 2-3 rules by myself that override the stock profile (e.g. allowing to edit anything in /home/user/.config/)

It is not possible to add a noblacklist ${HOME}/.config. noblacklist must match the blacklist path.

You can (1) add a noblacklist ${HOME}/… for all the things you need or (2) ignore include disable-programs.inc (or comment it). If you want to edit .zshrc you need to do the same for disable-common.inc. The blacklist for $HOME/.config/firejail is hardcoded and can not be overriden.

<!-- gh-comment-id:716047947 --> @rusty-snake commented on GitHub (Oct 24, 2020): > Basically I want to have kate to run under all the standard rules from /etc/firejail/kate.profile while adding 2-3 rules by myself that override the stock profile (e.g. allowing to edit anything in /home/user/.config/) It is not possible to add a `noblacklist ${HOME}/.config`. `noblacklist` must match the `blacklist` path. You can (1) add a `noblacklist ${HOME}/…` for all the things you need or (2) `ignore include disable-programs.inc` (or comment it). If you want to edit .zshrc you need to do the same for `disable-common.inc`. The blacklist for `$HOME/.config/firejail` is hardcoded and can not be overriden.
gitea-mirror commented 2026-05-05 09:01:01 -06:00
Author
Owner
Copy link

@Utini2000 commented on GitHub (Oct 24, 2020):

Thank you a lot @rusty-snake

putting "ignore include disable-programs.inc" into my "/.config/firejail/kate.local" worked fine.
How ever, I would rather no do the same with the whole "disable-common.inc" just to enable .zshrc editing.
Is there really no other way to enable only .zshrc but keep the rest of "disable-common.inc" in place?

<!-- gh-comment-id:716059087 --> @Utini2000 commented on GitHub (Oct 24, 2020): Thank you a lot @rusty-snake putting "ignore include disable-programs.inc" into my "/.config/firejail/kate.local" worked fine. How ever, I would rather no do the same with the whole "disable-common.inc" just to enable .zshrc editing. Is there really no other way to enable only .zshrc but keep the rest of "disable-common.inc" in place?
gitea-mirror commented 2026-05-05 09:01:02 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Oct 24, 2020):

Is there really no other way to enable only .zshrc but keep the rest of "disable-common.inc" in place?

You can always add a noblacklist ${HOME}/some/blacklisted/path. I pointed you to ignore because you would need to add noblacklist ${HOME}/.config/kritarc, noblacklist ${HOME}/.config/konversationrc, noblacklist ${HOME}/.config/kritarc and so on for all every blacklist. That's more selective, but not usable when allowing maybe paths. .zshrc (and .bashrc) are not blacklisted because programs may need to read it (if they start a shell), but they are made read-only. TL;TR: Just add read-write ${HOME}/.zshrc.

Maybe you need aldo ignore read-only ${HOME}/.zshrc because the read-only is processed later.

<!-- gh-comment-id:716065232 --> @rusty-snake commented on GitHub (Oct 24, 2020): > Is there really no other way to enable only .zshrc but keep the rest of "disable-common.inc" in place? You can always add a `noblacklist ${HOME}/some/blacklisted/path`. I pointed you to `ignore` because you would need to add `noblacklist ${HOME}/.config/kritarc`, `noblacklist ${HOME}/.config/konversationrc`, `noblacklist ${HOME}/.config/kritarc` and so on for all every blacklist. That's more selective, but not usable when allowing maybe paths. `.zshrc` (and `.bashrc`) are not blacklisted because programs may need to read it (if they start a shell), but they are made read-only. **TL;TR:** Just add `read-write ${HOME}/.zshrc`. Maybe you need aldo `ignore read-only ${HOME}/.zshrc` because the read-only is processed later.
gitea-mirror commented 2026-05-05 09:01:02 -06:00
Author
Owner
Copy link

@Utini2000 commented on GitHub (Oct 25, 2020):

Thank you so much... that also fixed my .zshrc problem.
The solution seems so simple but I really tried several hours and days to fix it on my own :S

<!-- gh-comment-id:716106705 --> @Utini2000 commented on GitHub (Oct 25, 2020): Thank you so much... that also fixed my .zshrc problem. The solution seems so simple but I really tried several hours and days to fix it on my own :S
gitea-mirror commented 2026-05-05 09:01:03 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Nov 9, 2020):

I'm closing here due to inactivity, please fell free to request to reopen if you have more questions.

<!-- gh-comment-id:724223335 --> @rusty-snake commented on GitHub (Nov 9, 2020): I'm closing here due to inactivity, please fell free to request to reopen if you have more questions.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2327
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?