[GH-ISSUE #3723] Default minetest profile doesn't work #2346

New issue

Closed

opened 2026-05-05 09:01:54 -06:00 by gitea-mirror · 1 comment

gitea-mirror commented 2026-05-05 09:01:54 -06:00

Owner

Copy link

Originally created by @JohannesBarjak on GitHub (Nov 4, 2020).
Original GitHub issue: https://github.com/netblue30/firejail/issues/3723

Bug and expected behavior

• Minetest didn't open.

No profile and disabling firejail

• What changed calling firejail --noprofile /path/to/program in a terminal?
  Minetest worked as expected.
• What changed calling the program by path (check which <program> or firejail --list while the sandbox is running)?
  Nothing.

Reproduce
Steps to reproduce the behavior:

• Run in bash firejail minetest.

Environment

• Arch Linux x86_64 5.8.16.a-1-hardened.
• firejail 0.9.64.

Additional context
If you comment out include disable-interpreters.inc minetest works as expected.

debug output

Autoselecting /bin/zsh as shell
Building quoted command line: 'minetest' 
Command name #minetest#
Found minetest.profile profile in /home/johannes/.config/firejail directory
Reading profile /home/johannes/.config/firejail/minetest.profile
Found disable-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-common.inc
Found disable-devel.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-devel.inc
Found disable-exec.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-exec.inc
Found disable-interpreters.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-interpreters.inc
Found disable-passwdmgr.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-passwdmgr.inc
Found disable-programs.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-programs.inc
Found disable-shell.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-shell.inc
Found disable-xdg.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-xdg.inc
Found whitelist-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-common.inc
Found whitelist-runuser-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-runuser-common.inc
Found whitelist-usr-share-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Found whitelist-var-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-var-common.inc
DISPLAY=:0 parsed as 0
Enabling IPC namespace
Using the local network stack
Parent pid 356375, child pid 356376
Initializing child process
Host network configured
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp directory
Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file
Build protocol filter: unix,inet,inet6
sbox run: /run/firejail/lib/fseccomp protocol build unix,inet,inet6 /run/firejail/mnt/seccomp/seccomp.protocol 
Dropping all capabilities
Drop privileges: pid 2, uid 1000, gid 1000, nogroups 1
No supplementary groups
Mounting /proc filesystem representing the PID namespace
Basic read-only filesystem:
Mounting read-only /etc
1142 1099 0:26 /etc /etc ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1142 fsname=/etc dir=/etc fstype=btrfs
Mounting noexec /etc
1143 1142 0:26 /etc /etc ro,nosuid,nodev,noexec,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1143 fsname=/etc dir=/etc fstype=btrfs
Mounting read-only /var
1144 1099 0:26 /var /var ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1144 fsname=/var dir=/var fstype=btrfs
Mounting noexec /var
1145 1144 0:26 /var /var ro,nosuid,nodev,noexec,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1145 fsname=/var dir=/var fstype=btrfs
Mounting read-only /usr
1146 1099 0:26 /usr /usr ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1146 fsname=/usr dir=/usr fstype=btrfs
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Cleaning /run/user directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /home/johannes/.config/firejail
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/profile
Disable /run/firejail/x11
Mounting tmpfs on /dev
mounting /run/firejail/mnt/dev/snd directory
mounting /run/firejail/mnt/dev/dri directory
Process /dev/shm directory
Copying files in the new bin directory
Checking /usr/local/bin/minetest
firejail exec symlink detected
Checking /usr/bin/minetest
sbox run: /run/firejail/lib/fcopy /usr/bin/minetest /run/firejail/mnt/bin 
Mount-bind /run/firejail/mnt/bin on top of /usr/local/bin
Mount-bind /run/firejail/mnt/bin on top of /usr/bin
Mount-bind /run/firejail/mnt/bin on top of /bin
Mount-bind /run/firejail/mnt/bin on top of /usr/local/games
Mount-bind /run/firejail/mnt/bin on top of /usr/local/sbin
Mount-bind /run/firejail/mnt/bin on top of /usr/sbin
Mount-bind /run/firejail/mnt/bin on top of /sbin
1 program installed in 15.20 ms
Mounting tmpfs on /home/johannes/.cache
1191 1153 0:91 / /home/johannes/.cache rw,nosuid,nodev,noatime - tmpfs tmpfs rw,mode=700,uid=1000,gid=1000
mountid=1191 fsname=/ dir=/home/johannes/.cache fstype=tmpfs
Generate private-tmp whitelist commands
Creating empty /run/firejail/mnt/dbus directory
Creating empty /run/firejail/mnt/dbus/user file
blacklist /run/user/1000/bus
Creating empty /run/firejail/mnt/dbus/system file
blacklist /run/dbus/system_bus_socket
blacklist /run/firejail/dbus
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Mounting read-only /proc/sys
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/power
Disable /sys/kernel/debug
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/sched_debug
Disable /proc/timer_list
Disable /proc/kallsyms
Disable /usr/lib/modules/5.9.3-arch1-1/build (requested /usr/src/linux)
Disable /usr/lib/modules (requested /lib/modules)
Disable /boot
Disable /run/user/1000/gnupg
Disable /run/user/1000/systemd
Disable /proc/kmsg
Debug 456: new_name #/home/johannes/.cache/minetest#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.cache/minetest
	expanded: /home/johannes/.cache/minetest
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/johannes/.minetest#, whitelist
Debug 571: fname #/home/johannes/.minetest#, cfg.homedir #/home/johannes#
Replaced whitelist path: whitelist /home/johannes/.minetest
Debug 456: new_name #/usr/share/minetest#, whitelist
Debug 456: new_name #/home/johannes/.XCompose#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.XCompose
	expanded: /home/johannes/.XCompose
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/johannes/.asoundrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.asoundrc
	expanded: /home/johannes/.asoundrc
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/johannes/.config/ibus#, whitelist
Debug 571: fname #/home/johannes/.config/ibus#, cfg.homedir #/home/johannes#
Replaced whitelist path: whitelist /home/johannes/.config/ibus
Debug 456: new_name #/home/johannes/.config/mimeapps.list#, whitelist
Debug 571: fname #/home/johannes/.config/mimeapps.list#, cfg.homedir #/home/johannes#
Replaced whitelist path: whitelist /home/johannes/.config/mimeapps.list
Debug 456: new_name #/home/johannes/.config/pkcs11#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/pkcs11
	expanded: /home/johannes/.config/pkcs11
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/johannes/.config/user-dirs.dirs#, whitelist
Debug 571: fname #/home/johannes/.config/user-dirs.dirs#, cfg.homedir #/home/johannes#
Replaced whitelist path: whitelist /home/johannes/.config/user-dirs.dirs
Debug 456: new_name #/home/johannes/.config/user-dirs.locale#, whitelist
Debug 571: fname #/home/johannes/.config/user-dirs.locale#, cfg.homedir #/home/johannes#
Replaced whitelist path: whitelist /home/johannes/.config/user-dirs.locale
Debug 456: new_name #/home/johannes/.drirc#, whitelist
Debug 571: fname #/home/johannes/.drirc#, cfg.homedir #/home/johannes#
Replaced whitelist path: whitelist /home/johannes/.drirc
Debug 456: new_name #/home/johannes/.icons#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.icons
	expanded: /home/johannes/.icons
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/johannes/.local/share/applications#, whitelist
Debug 571: fname #/home/johannes/.local/share/applications#, cfg.homedir #/home/johannes#
Replaced whitelist path: whitelist /home/johannes/.local/share/applications
Debug 456: new_name #/home/johannes/.local/share/icons#, whitelist
Debug 571: fname #/home/johannes/.local/share/icons#, cfg.homedir #/home/johannes#
Replaced whitelist path: whitelist /home/johannes/.local/share/icons
Debug 456: new_name #/home/johannes/.local/share/mime#, whitelist
Debug 571: fname #/home/johannes/.local/share/mime#, cfg.homedir #/home/johannes#
Replaced whitelist path: whitelist /home/johannes/.local/share/mime
Debug 456: new_name #/home/johannes/.mime.types#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.mime.types
	expanded: /home/johannes/.mime.types
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/johannes/.uim.d#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.uim.d
	expanded: /home/johannes/.uim.d
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/johannes/.config/dconf#, whitelist
Debug 571: fname #/home/johannes/.config/dconf#, cfg.homedir #/home/johannes#
Replaced whitelist path: whitelist /home/johannes/.config/dconf
Debug 456: new_name #/home/johannes/.cache/fontconfig#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.cache/fontconfig
	expanded: /home/johannes/.cache/fontconfig
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/johannes/.config/fontconfig#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/fontconfig
	expanded: /home/johannes/.config/fontconfig
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/johannes/.fontconfig#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fontconfig
	expanded: /home/johannes/.fontconfig
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/johannes/.fonts#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts
	expanded: /home/johannes/.fonts
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/johannes/.fonts.conf#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf
	expanded: /home/johannes/.fonts.conf
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/johannes/.fonts.conf.d#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf.d
	expanded: /home/johannes/.fonts.conf.d
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/johannes/.fonts.d#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.d
	expanded: /home/johannes/.fonts.d
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/johannes/.local/share/fonts#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/fonts
	expanded: /home/johannes/.local/share/fonts
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/johannes/.pangorc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.pangorc
	expanded: /home/johannes/.pangorc
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/johannes/.config/gtk-2.0#, whitelist
Debug 571: fname #/home/johannes/.config/gtk-2.0#, cfg.homedir #/home/johannes#
Replaced whitelist path: whitelist /home/johannes/.config/gtk-2.0
Debug 456: new_name #/home/johannes/.config/gtk-3.0#, whitelist
Debug 571: fname #/home/johannes/.config/gtk-3.0#, cfg.homedir #/home/johannes#
Replaced whitelist path: whitelist /home/johannes/.config/gtk-3.0
Debug 456: new_name #/home/johannes/.config/gtk-4.0#, whitelist
Debug 571: fname #/home/johannes/.config/gtk-4.0#, cfg.homedir #/home/johannes#
Replaced whitelist path: whitelist /home/johannes/.config/gtk-4.0
Debug 456: new_name #/home/johannes/.config/gtkrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc
	expanded: /home/johannes/.config/gtkrc
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/johannes/.config/gtkrc-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc-2.0
	expanded: /home/johannes/.config/gtkrc-2.0
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/johannes/.gnome2#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2
	expanded: /home/johannes/.gnome2
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/johannes/.gnome2-private#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2-private
	expanded: /home/johannes/.gnome2-private
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/johannes/.gtk-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtk-2.0
	expanded: /home/johannes/.gtk-2.0
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/johannes/.gtkrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtkrc
	expanded: /home/johannes/.gtkrc
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/johannes/.gtkrc-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtkrc-2.0
	expanded: /home/johannes/.gtkrc-2.0
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/johannes/.kde/share/config/gtkrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc
	expanded: /home/johannes/.kde/share/config/gtkrc
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/johannes/.kde/share/config/gtkrc-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc-2.0
	expanded: /home/johannes/.kde/share/config/gtkrc-2.0
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/johannes/.kde4/share/config/gtkrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc
	expanded: /home/johannes/.kde4/share/config/gtkrc
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/johannes/.kde4/share/config/gtkrc-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc-2.0
	expanded: /home/johannes/.kde4/share/config/gtkrc-2.0
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/johannes/.local/share/themes#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/themes
	expanded: /home/johannes/.local/share/themes
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/johannes/.themes#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.themes
	expanded: /home/johannes/.themes
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/johannes/.cache/kioexec/krun#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.cache/kioexec/krun
	expanded: /home/johannes/.cache/kioexec/krun
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/johannes/.config/Kvantum#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/Kvantum
	expanded: /home/johannes/.config/Kvantum
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/johannes/.config/Trolltech.conf#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/Trolltech.conf
	expanded: /home/johannes/.config/Trolltech.conf
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/johannes/.config/kdeglobals#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kdeglobals
	expanded: /home/johannes/.config/kdeglobals
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/johannes/.config/kio_httprc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kio_httprc
	expanded: /home/johannes/.config/kio_httprc
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/johannes/.config/kioslaverc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kioslaverc
	expanded: /home/johannes/.config/kioslaverc
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/johannes/.config/ksslcablacklist#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/ksslcablacklist
	expanded: /home/johannes/.config/ksslcablacklist
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/johannes/.config/qt5ct#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/qt5ct
	expanded: /home/johannes/.config/qt5ct
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/johannes/.kde/share/config/kdeglobals#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kdeglobals
	expanded: /home/johannes/.kde/share/config/kdeglobals
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/johannes/.kde/share/config/kio_httprc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kio_httprc
	expanded: /home/johannes/.kde/share/config/kio_httprc
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/johannes/.kde/share/config/kioslaverc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kioslaverc
	expanded: /home/johannes/.kde/share/config/kioslaverc
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/johannes/.kde/share/config/ksslcablacklist#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/ksslcablacklist
	expanded: /home/johannes/.kde/share/config/ksslcablacklist
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/johannes/.kde/share/config/oxygenrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/oxygenrc
	expanded: /home/johannes/.kde/share/config/oxygenrc
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/johannes/.kde/share/icons#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/icons
	expanded: /home/johannes/.kde/share/icons
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/johannes/.kde4/share/config/kdeglobals#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kdeglobals
	expanded: /home/johannes/.kde4/share/config/kdeglobals
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/johannes/.kde4/share/config/kio_httprc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kio_httprc
	expanded: /home/johannes/.kde4/share/config/kio_httprc
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/johannes/.kde4/share/config/kioslaverc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kioslaverc
	expanded: /home/johannes/.kde4/share/config/kioslaverc
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/johannes/.kde4/share/config/ksslcablacklist#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/ksslcablacklist
	expanded: /home/johannes/.kde4/share/config/ksslcablacklist
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/johannes/.kde4/share/config/oxygenrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/oxygenrc
	expanded: /home/johannes/.kde4/share/config/oxygenrc
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/johannes/.kde4/share/icons#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/icons
	expanded: /home/johannes/.kde4/share/icons
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/johannes/.local/share/qt5ct#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/qt5ct
	expanded: /home/johannes/.local/share/qt5ct
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/run/user/1000/bus#, whitelist
Replaced whitelist path: whitelist /run/user/1000/bus
Debug 456: new_name #/run/user/1000/dconf#, whitelist
Replaced whitelist path: whitelist /run/user/1000/dconf
Debug 456: new_name #/run/user/1000/gdm/Xauthority#, whitelist
Removed whitelist/nowhitelist path: whitelist ${RUNUSER}/gdm/Xauthority
	expanded: /run/user/1000/gdm/Xauthority
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/run/user/1000/ICEauthority#, whitelist
Replaced whitelist path: whitelist /run/user/1000/ICEauthority
Debug 456: new_name #/run/user/1000/.mutter-Xwaylandauth.*#, whitelist
Adding new profile command: whitelist /run/user/1000/.mutter-Xwaylandauth.XUFYT0
Removed whitelist/nowhitelist path: whitelist ${RUNUSER}/.mutter-Xwaylandauth.*
	expanded: /run/user/1000/.mutter-Xwaylandauth.*
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/run/user/1000/pulse/native#, whitelist
Replaced whitelist path: whitelist /run/user/1000/pulse/native
Debug 456: new_name #/run/user/1000/wayland-0#, whitelist
Replaced whitelist path: whitelist /run/user/1000/wayland-0
Debug 456: new_name #/usr/share/alsa#, whitelist
Debug 456: new_name #/usr/share/applications#, whitelist
Debug 456: new_name #/usr/share/ca-certificates#, whitelist
Debug 456: new_name #/usr/share/crypto-policies#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/crypto-policies
	expanded: /usr/share/crypto-policies
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/cursors#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/cursors
	expanded: /usr/share/cursors
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/dconf#, whitelist
Debug 456: new_name #/usr/share/distro-info#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/distro-info
	expanded: /usr/share/distro-info
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/drirc.d#, whitelist
Debug 456: new_name #/usr/share/enchant#, whitelist
Debug 456: new_name #/usr/share/enchant-2#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/enchant-2
	expanded: /usr/share/enchant-2
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/file#, whitelist
Debug 456: new_name #/usr/share/fontconfig#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/fontconfig
	expanded: /usr/share/fontconfig
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/fonts#, whitelist
Debug 456: new_name #/usr/share/gir-1.0#, whitelist
Debug 456: new_name #/usr/share/gjs-1.0#, whitelist
Debug 456: new_name #/usr/share/glib-2.0#, whitelist
Debug 456: new_name #/usr/share/glvnd#, whitelist
Debug 456: new_name #/usr/share/gtk-2.0#, whitelist
Debug 456: new_name #/usr/share/gtk-3.0#, whitelist
Debug 456: new_name #/usr/share/gtk-engines#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/gtk-engines
	expanded: /usr/share/gtk-engines
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/gtksourceview-3.0#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/gtksourceview-3.0
	expanded: /usr/share/gtksourceview-3.0
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/gtksourceview-4#, whitelist
Debug 456: new_name #/usr/share/hunspell#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/hunspell
	expanded: /usr/share/hunspell
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/hwdata#, whitelist
Debug 456: new_name #/usr/share/icons#, whitelist
Debug 456: new_name #/usr/share/icu#, whitelist
Debug 456: new_name #/usr/share/knotifications5#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/knotifications5
	expanded: /usr/share/knotifications5
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/kservices5#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/kservices5
	expanded: /usr/share/kservices5
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/Kvantum#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/Kvantum
	expanded: /usr/share/Kvantum
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/kxmlgui5#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/kxmlgui5
	expanded: /usr/share/kxmlgui5
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/libdrm#, whitelist
Debug 456: new_name #/usr/share/libthai#, whitelist
Debug 456: new_name #/usr/share/locale#, whitelist
Debug 456: new_name #/usr/share/mime#, whitelist
Debug 456: new_name #/usr/share/misc#, whitelist
Debug 456: new_name #/usr/share/Modules#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/Modules
	expanded: /usr/share/Modules
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/myspell#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/myspell
	expanded: /usr/share/myspell
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/p11-kit#, whitelist
Debug 456: new_name #/usr/share/perl#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/perl
	expanded: /usr/share/perl
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/perl5#, whitelist
Debug 456: new_name #/usr/share/pixmaps#, whitelist
Debug 456: new_name #/usr/share/pki#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/pki
	expanded: /usr/share/pki
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/plasma#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/plasma
	expanded: /usr/share/plasma
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/publicsuffix#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/publicsuffix
	expanded: /usr/share/publicsuffix
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/qt#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/qt
	expanded: /usr/share/qt
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/qt4#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/qt4
	expanded: /usr/share/qt4
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/qt5#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/qt5
	expanded: /usr/share/qt5
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/qt5ct#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/qt5ct
	expanded: /usr/share/qt5ct
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/sounds#, whitelist
Debug 456: new_name #/usr/share/tcl8.6#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/tcl8.6
	expanded: /usr/share/tcl8.6
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/tcltk#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/tcltk
	expanded: /usr/share/tcltk
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/terminfo#, whitelist
Debug 456: new_name #/usr/share/texlive#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/texlive
	expanded: /usr/share/texlive
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/texmf#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/texmf
	expanded: /usr/share/texmf
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/themes#, whitelist
Debug 456: new_name #/usr/share/thumbnail.so#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/thumbnail.so
	expanded: /usr/share/thumbnail.so
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/X11#, whitelist
Debug 456: new_name #/usr/share/xml#, whitelist
Debug 456: new_name #/usr/share/zoneinfo#, whitelist
Debug 456: new_name #/var/lib/ca-certificates#, whitelist
Removed whitelist/nowhitelist path: whitelist /var/lib/ca-certificates
	expanded: /var/lib/ca-certificates
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/var/lib/dbus#, whitelist
Debug 456: new_name #/var/lib/menu-xdg#, whitelist
Removed whitelist/nowhitelist path: whitelist /var/lib/menu-xdg
	expanded: /var/lib/menu-xdg
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/var/lib/uim#, whitelist
Removed whitelist/nowhitelist path: whitelist /var/lib/uim
	expanded: /var/lib/uim
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/var/cache/fontconfig#, whitelist
Debug 456: new_name #/var/tmp#, whitelist
Debug 456: new_name #/var/run#, whitelist
Replaced whitelist path: whitelist /run
Debug 456: new_name #/var/lock#, whitelist
Replaced whitelist path: whitelist /run/lock
Debug 456: new_name #/tmp/.X11-unix#, whitelist
Debug 456: new_name #/run/user/1000/.mutter-Xwaylandauth.XUFYT0#, whitelist
Mounting tmpfs on /tmp directory
Mounting tmpfs on /var directory
Mounting tmpfs on /usr/share directory
Mounting tmpfs on /run/user/1000 directory
Mounting a new /root directory
Mounting a new /home directory
Create a new user directory
Drop privileges: pid 4, uid 1000, gid 1000, nogroups 0
Warning: cleaning all supplementary groups
Whitelisting /home/johannes/.minetest
1214 1213 0:26 /home/johannes/.minetest /home/johannes/.minetest rw,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1214 fsname=/home/johannes/.minetest dir=/home/johannes/.minetest fstype=btrfs
Whitelisting /usr/share/minetest
1215 1201 0:26 /usr/share/minetest /usr/share/minetest ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1215 fsname=/usr/share/minetest dir=/usr/share/minetest fstype=btrfs
Whitelisting /home/johannes/.config/ibus
1216 1213 0:26 /home/johannes/.config/ibus /home/johannes/.config/ibus rw,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1216 fsname=/home/johannes/.config/ibus dir=/home/johannes/.config/ibus fstype=btrfs
Whitelisting /home/johannes/.config/mimeapps.list
1217 1213 0:26 /home/johannes/.config/mimeapps.list /home/johannes/.config/mimeapps.list rw,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1217 fsname=/home/johannes/.config/mimeapps.list dir=/home/johannes/.config/mimeapps.list fstype=btrfs
Whitelisting /home/johannes/.config/user-dirs.dirs
1218 1213 0:26 /home/johannes/.config/user-dirs.dirs /home/johannes/.config/user-dirs.dirs rw,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1218 fsname=/home/johannes/.config/user-dirs.dirs dir=/home/johannes/.config/user-dirs.dirs fstype=btrfs
Whitelisting /home/johannes/.config/user-dirs.locale
1219 1213 0:26 /home/johannes/.config/user-dirs.locale /home/johannes/.config/user-dirs.locale rw,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1219 fsname=/home/johannes/.config/user-dirs.locale dir=/home/johannes/.config/user-dirs.locale fstype=btrfs
Whitelisting /home/johannes/.drirc
1220 1213 0:26 /home/johannes/.drirc /home/johannes/.drirc rw,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1220 fsname=/home/johannes/.drirc dir=/home/johannes/.drirc fstype=btrfs
Whitelisting /home/johannes/.local/share/applications
1221 1213 0:26 /home/johannes/.local/share/applications /home/johannes/.local/share/applications rw,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1221 fsname=/home/johannes/.local/share/applications dir=/home/johannes/.local/share/applications fstype=btrfs
Whitelisting /home/johannes/.local/share/icons
1222 1213 0:26 /home/johannes/.local/share/icons /home/johannes/.local/share/icons rw,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1222 fsname=/home/johannes/.local/share/icons dir=/home/johannes/.local/share/icons fstype=btrfs
Whitelisting /home/johannes/.local/share/mime
1223 1213 0:26 /home/johannes/.local/share/mime /home/johannes/.local/share/mime rw,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1223 fsname=/home/johannes/.local/share/mime dir=/home/johannes/.local/share/mime fstype=btrfs
Whitelisting /home/johannes/.config/dconf
1224 1213 0:26 /home/johannes/.config/dconf /home/johannes/.config/dconf rw,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1224 fsname=/home/johannes/.config/dconf dir=/home/johannes/.config/dconf fstype=btrfs
Whitelisting /home/johannes/.config/gtk-2.0
1225 1213 0:26 /home/johannes/.config/gtk-2.0 /home/johannes/.config/gtk-2.0 rw,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1225 fsname=/home/johannes/.config/gtk-2.0 dir=/home/johannes/.config/gtk-2.0 fstype=btrfs
Whitelisting /home/johannes/.config/gtk-3.0
1226 1213 0:26 /home/johannes/.config/gtk-3.0 /home/johannes/.config/gtk-3.0 rw,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1226 fsname=/home/johannes/.config/gtk-3.0 dir=/home/johannes/.config/gtk-3.0 fstype=btrfs
Whitelisting /home/johannes/.config/gtk-4.0
1227 1213 0:26 /home/johannes/.config/gtk-4.0 /home/johannes/.config/gtk-4.0 rw,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1227 fsname=/home/johannes/.config/gtk-4.0 dir=/home/johannes/.config/gtk-4.0 fstype=btrfs
Whitelisting /run/user/1000/bus
1228 1208 0:24 /firejail/firejail.ro.file /run/user/1000/bus rw,nosuid,nodev,relatime master:14 - tmpfs run rw,mode=755
mountid=1228 fsname=/firejail/firejail.ro.file dir=/run/user/1000/bus fstype=tmpfs
Whitelisting /run/user/1000/dconf
1229 1208 0:57 /dconf /run/user/1000/dconf rw,nosuid,nodev,relatime master:537 - tmpfs tmpfs rw,size=802804k,nr_inodes=200701,mode=700,uid=1000,gid=1000
mountid=1229 fsname=/dconf dir=/run/user/1000/dconf fstype=tmpfs
Whitelisting /run/user/1000/ICEauthority
1230 1208 0:57 /ICEauthority /run/user/1000/ICEauthority rw,nosuid,nodev,relatime master:537 - tmpfs tmpfs rw,size=802804k,nr_inodes=200701,mode=700,uid=1000,gid=1000
mountid=1230 fsname=/ICEauthority dir=/run/user/1000/ICEauthority fstype=tmpfs
Whitelisting /run/user/1000/pulse/native
1231 1208 0:57 /pulse/native /run/user/1000/pulse/native rw,nosuid,nodev,relatime master:537 - tmpfs tmpfs rw,size=802804k,nr_inodes=200701,mode=700,uid=1000,gid=1000
mountid=1231 fsname=/pulse/native dir=/run/user/1000/pulse/native fstype=tmpfs
Whitelisting /run/user/1000/wayland-0
1232 1208 0:57 /wayland-0 /run/user/1000/wayland-0 rw,nosuid,nodev,relatime master:537 - tmpfs tmpfs rw,size=802804k,nr_inodes=200701,mode=700,uid=1000,gid=1000
mountid=1232 fsname=/wayland-0 dir=/run/user/1000/wayland-0 fstype=tmpfs
Whitelisting /usr/share/alsa
1233 1201 0:26 /usr/share/alsa /usr/share/alsa ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1233 fsname=/usr/share/alsa dir=/usr/share/alsa fstype=btrfs
Whitelisting /usr/share/applications
1234 1201 0:26 /usr/share/applications /usr/share/applications ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1234 fsname=/usr/share/applications dir=/usr/share/applications fstype=btrfs
Whitelisting /usr/share/ca-certificates
1235 1201 0:26 /usr/share/ca-certificates /usr/share/ca-certificates ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1235 fsname=/usr/share/ca-certificates dir=/usr/share/ca-certificates fstype=btrfs
Whitelisting /usr/share/dconf
1236 1201 0:26 /usr/share/dconf /usr/share/dconf ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1236 fsname=/usr/share/dconf dir=/usr/share/dconf fstype=btrfs
Whitelisting /usr/share/drirc.d
1237 1201 0:26 /usr/share/drirc.d /usr/share/drirc.d ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1237 fsname=/usr/share/drirc.d dir=/usr/share/drirc.d fstype=btrfs
Whitelisting /usr/share/enchant
1238 1201 0:26 /usr/share/enchant /usr/share/enchant ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1238 fsname=/usr/share/enchant dir=/usr/share/enchant fstype=btrfs
Whitelisting /usr/share/file
1239 1201 0:26 /usr/share/file /usr/share/file ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1239 fsname=/usr/share/file dir=/usr/share/file fstype=btrfs
Whitelisting /usr/share/fonts
1240 1201 0:26 /usr/share/fonts /usr/share/fonts ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1240 fsname=/usr/share/fonts dir=/usr/share/fonts fstype=btrfs
Whitelisting /usr/share/gir-1.0
1241 1201 0:26 /usr/share/gir-1.0 /usr/share/gir-1.0 ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1241 fsname=/usr/share/gir-1.0 dir=/usr/share/gir-1.0 fstype=btrfs
Whitelisting /usr/share/gjs-1.0
1242 1201 0:26 /usr/share/gjs-1.0 /usr/share/gjs-1.0 ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1242 fsname=/usr/share/gjs-1.0 dir=/usr/share/gjs-1.0 fstype=btrfs
Whitelisting /usr/share/glib-2.0
1243 1201 0:26 /usr/share/glib-2.0 /usr/share/glib-2.0 ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1243 fsname=/usr/share/glib-2.0 dir=/usr/share/glib-2.0 fstype=btrfs
Whitelisting /usr/share/glvnd
1244 1201 0:26 /usr/share/glvnd /usr/share/glvnd ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1244 fsname=/usr/share/glvnd dir=/usr/share/glvnd fstype=btrfs
Whitelisting /usr/share/gtk-2.0
1245 1201 0:26 /usr/share/gtk-2.0 /usr/share/gtk-2.0 ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1245 fsname=/usr/share/gtk-2.0 dir=/usr/share/gtk-2.0 fstype=btrfs
Whitelisting /usr/share/gtk-3.0
1246 1201 0:26 /usr/share/gtk-3.0 /usr/share/gtk-3.0 ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1246 fsname=/usr/share/gtk-3.0 dir=/usr/share/gtk-3.0 fstype=btrfs
Whitelisting /usr/share/gtksourceview-4
1247 1201 0:26 /usr/share/gtksourceview-4 /usr/share/gtksourceview-4 ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1247 fsname=/usr/share/gtksourceview-4 dir=/usr/share/gtksourceview-4 fstype=btrfs
Whitelisting /usr/share/hwdata
1248 1201 0:26 /usr/share/hwdata /usr/share/hwdata ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1248 fsname=/usr/share/hwdata dir=/usr/share/hwdata fstype=btrfs
Whitelisting /usr/share/icons
1249 1201 0:26 /usr/share/icons /usr/share/icons ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1249 fsname=/usr/share/icons dir=/usr/share/icons fstype=btrfs
Whitelisting /usr/share/icu
1250 1201 0:26 /usr/share/icu /usr/share/icu ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1250 fsname=/usr/share/icu dir=/usr/share/icu fstype=btrfs
Whitelisting /usr/share/libdrm
1251 1201 0:26 /usr/share/libdrm /usr/share/libdrm ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1251 fsname=/usr/share/libdrm dir=/usr/share/libdrm fstype=btrfs
Whitelisting /usr/share/libthai
1252 1201 0:26 /usr/share/libthai /usr/share/libthai ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1252 fsname=/usr/share/libthai dir=/usr/share/libthai fstype=btrfs
Whitelisting /usr/share/locale
1253 1201 0:26 /usr/share/locale /usr/share/locale ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1253 fsname=/usr/share/locale dir=/usr/share/locale fstype=btrfs
Whitelisting /usr/share/mime
1254 1201 0:26 /usr/share/mime /usr/share/mime ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1254 fsname=/usr/share/mime dir=/usr/share/mime fstype=btrfs
Whitelisting /usr/share/misc
1255 1201 0:26 /usr/share/misc /usr/share/misc ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1255 fsname=/usr/share/misc dir=/usr/share/misc fstype=btrfs
Whitelisting /usr/share/p11-kit
1256 1201 0:26 /usr/share/p11-kit /usr/share/p11-kit ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1256 fsname=/usr/share/p11-kit dir=/usr/share/p11-kit fstype=btrfs
Whitelisting /usr/share/perl5
1257 1201 0:26 /usr/share/perl5 /usr/share/perl5 ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1257 fsname=/usr/share/perl5 dir=/usr/share/perl5 fstype=btrfs
Whitelisting /usr/share/pixmaps
1258 1201 0:26 /usr/share/pixmaps /usr/share/pixmaps ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1258 fsname=/usr/share/pixmaps dir=/usr/share/pixmaps fstype=btrfs
Whitelisting /usr/share/sounds
1259 1201 0:26 /usr/share/sounds /usr/share/sounds ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1259 fsname=/usr/share/sounds dir=/usr/share/sounds fstype=btrfs
Whitelisting /usr/share/terminfo
1260 1201 0:26 /usr/share/terminfo /usr/share/terminfo ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1260 fsname=/usr/share/terminfo dir=/usr/share/terminfo fstype=btrfs
Whitelisting /usr/share/themes
1261 1201 0:26 /usr/share/themes /usr/share/themes ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1261 fsname=/usr/share/themes dir=/usr/share/themes fstype=btrfs
Whitelisting /usr/share/X11
1262 1201 0:26 /usr/share/X11 /usr/share/X11 ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1262 fsname=/usr/share/X11 dir=/usr/share/X11 fstype=btrfs
Whitelisting /usr/share/xml
1263 1201 0:26 /usr/share/xml /usr/share/xml ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1263 fsname=/usr/share/xml dir=/usr/share/xml fstype=btrfs
Whitelisting /usr/share/zoneinfo
1264 1201 0:26 /usr/share/zoneinfo /usr/share/zoneinfo ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1264 fsname=/usr/share/zoneinfo dir=/usr/share/zoneinfo fstype=btrfs
Whitelisting /var/lib/dbus
1265 1199 0:26 /var/lib/dbus /var/lib/dbus ro,nosuid,nodev,noexec,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1265 fsname=/var/lib/dbus dir=/var/lib/dbus fstype=btrfs
Whitelisting /var/cache/fontconfig
1266 1199 0:26 /var/cache/fontconfig /var/cache/fontconfig ro,nosuid,nodev,noexec,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1266 fsname=/var/cache/fontconfig dir=/var/cache/fontconfig fstype=btrfs
Whitelisting /var/tmp
1267 1199 0:82 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw
mountid=1267 fsname=/ dir=/var/tmp fstype=tmpfs
Created symbolic link /var/run -> /run
Created symbolic link /var/lock -> /run/lock
Whitelisting /tmp/.X11-unix
1268 1130 0:51 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev master:67 - tmpfs tmpfs rw,nr_inodes=409600
mountid=1268 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Whitelisting /run/user/1000/.mutter-Xwaylandauth.XUFYT0
1269 1208 0:57 /.mutter-Xwaylandauth.XUFYT0 /run/user/1000/.mutter-Xwaylandauth.XUFYT0 rw,nosuid,nodev,relatime master:537 - tmpfs tmpfs rw,size=802804k,nr_inodes=200701,mode=700,uid=1000,gid=1000
mountid=1269 fsname=/.mutter-Xwaylandauth.XUFYT0 dir=/run/user/1000/.mutter-Xwaylandauth.XUFYT0 fstype=tmpfs
Disable /etc/X11/Xsession.d
Disable /etc/xdg/autostart
Mounting read-only /home/johannes/.config/dconf
1277 1224 0:26 /home/johannes/.config/dconf /home/johannes/.config/dconf ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1277 fsname=/home/johannes/.config/dconf dir=/home/johannes/.config/dconf fstype=btrfs
Disable /etc/profile.d
Disable /etc/kernel
Disable /etc/grub.d
Disable /etc/apparmor
Disable /etc/apparmor.d
Disable /etc/modules-load.d
Disable /etc/logrotate.d
Mounting read-only /home/johannes/.bashrc
1285 1213 0:97 /johannes/.bashrc /home/johannes/.bashrc ro,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755
mountid=1285 fsname=/johannes/.bashrc dir=/home/johannes/.bashrc fstype=tmpfs
Mounting read-only /home/johannes/.local/share/applications
1286 1221 0:26 /home/johannes/.local/share/applications /home/johannes/.local/share/applications ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1286 fsname=/home/johannes/.local/share/applications dir=/home/johannes/.local/share/applications fstype=btrfs
Mounting read-only /home/johannes/.config/mimeapps.list
1287 1217 0:26 /home/johannes/.config/mimeapps.list /home/johannes/.config/mimeapps.list ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1287 fsname=/home/johannes/.config/mimeapps.list dir=/home/johannes/.config/mimeapps.list fstype=btrfs
Mounting read-only /home/johannes/.config/user-dirs.dirs
1288 1218 0:26 /home/johannes/.config/user-dirs.dirs /home/johannes/.config/user-dirs.dirs ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1288 fsname=/home/johannes/.config/user-dirs.dirs dir=/home/johannes/.config/user-dirs.dirs fstype=btrfs
Mounting read-only /home/johannes/.config/user-dirs.locale
1289 1219 0:26 /home/johannes/.config/user-dirs.locale /home/johannes/.config/user-dirs.locale ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1289 fsname=/home/johannes/.config/user-dirs.locale dir=/home/johannes/.config/user-dirs.locale fstype=btrfs
Mounting read-only /home/johannes/.local/share/mime
1290 1223 0:26 /home/johannes/.local/share/mime /home/johannes/.local/share/mime ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1290 fsname=/home/johannes/.local/share/mime dir=/home/johannes/.local/share/mime fstype=btrfs
Disable /etc/group-
Disable /etc/gshadow
Disable /etc/gshadow-
Disable /etc/passwd-
Disable /etc/shadow
Disable /etc/shadow-
Disable /etc/ssh
Warning: /sbin directory link was not blacklisted
Disable /usr/local/sbin
Warning: /usr/sbin directory link was not blacklisted
Disable /proc/config.gz
Disable /usr/src
Disable /usr/local/src
Disable /usr/include
Disable /usr/local/include
Mounting noexec /home/johannes/.minetest
1304 1214 0:26 /home/johannes/.minetest /home/johannes/.minetest rw,nosuid,nodev,noexec,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1304 fsname=/home/johannes/.minetest dir=/home/johannes/.minetest fstype=btrfs
Mounting noexec /home/johannes/.config/ibus
1305 1216 0:26 /home/johannes/.config/ibus /home/johannes/.config/ibus rw,nosuid,nodev,noexec,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1305 fsname=/home/johannes/.config/ibus dir=/home/johannes/.config/ibus fstype=btrfs
Mounting noexec /home/johannes/.config/mimeapps.list
1306 1287 0:26 /home/johannes/.config/mimeapps.list /home/johannes/.config/mimeapps.list ro,nosuid,nodev,noexec,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1306 fsname=/home/johannes/.config/mimeapps.list dir=/home/johannes/.config/mimeapps.list fstype=btrfs
Mounting noexec /home/johannes/.config/user-dirs.dirs
1307 1288 0:26 /home/johannes/.config/user-dirs.dirs /home/johannes/.config/user-dirs.dirs ro,nosuid,nodev,noexec,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1307 fsname=/home/johannes/.config/user-dirs.dirs dir=/home/johannes/.config/user-dirs.dirs fstype=btrfs
Mounting noexec /home/johannes/.config/user-dirs.locale
1308 1289 0:26 /home/johannes/.config/user-dirs.locale /home/johannes/.config/user-dirs.locale ro,nosuid,nodev,noexec,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1308 fsname=/home/johannes/.config/user-dirs.locale dir=/home/johannes/.config/user-dirs.locale fstype=btrfs
Mounting noexec /home/johannes/.drirc
1309 1220 0:26 /home/johannes/.drirc /home/johannes/.drirc rw,nosuid,nodev,noexec,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1309 fsname=/home/johannes/.drirc dir=/home/johannes/.drirc fstype=btrfs
Mounting noexec /home/johannes/.local/share/applications
1310 1286 0:26 /home/johannes/.local/share/applications /home/johannes/.local/share/applications ro,nosuid,nodev,noexec,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1310 fsname=/home/johannes/.local/share/applications dir=/home/johannes/.local/share/applications fstype=btrfs
Mounting noexec /home/johannes/.local/share/icons
1311 1222 0:26 /home/johannes/.local/share/icons /home/johannes/.local/share/icons rw,nosuid,nodev,noexec,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1311 fsname=/home/johannes/.local/share/icons dir=/home/johannes/.local/share/icons fstype=btrfs
Mounting noexec /home/johannes/.local/share/mime
1312 1290 0:26 /home/johannes/.local/share/mime /home/johannes/.local/share/mime ro,nosuid,nodev,noexec,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1312 fsname=/home/johannes/.local/share/mime dir=/home/johannes/.local/share/mime fstype=btrfs
Mounting noexec /home/johannes/.config/dconf
1313 1277 0:26 /home/johannes/.config/dconf /home/johannes/.config/dconf ro,nosuid,nodev,noexec,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1313 fsname=/home/johannes/.config/dconf dir=/home/johannes/.config/dconf fstype=btrfs
Mounting noexec /home/johannes/.config/gtk-2.0
1314 1225 0:26 /home/johannes/.config/gtk-2.0 /home/johannes/.config/gtk-2.0 rw,nosuid,nodev,noexec,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1314 fsname=/home/johannes/.config/gtk-2.0 dir=/home/johannes/.config/gtk-2.0 fstype=btrfs
Mounting noexec /home/johannes/.config/gtk-3.0
1315 1226 0:26 /home/johannes/.config/gtk-3.0 /home/johannes/.config/gtk-3.0 rw,nosuid,nodev,noexec,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1315 fsname=/home/johannes/.config/gtk-3.0 dir=/home/johannes/.config/gtk-3.0 fstype=btrfs
Mounting noexec /home/johannes/.config/gtk-4.0
1316 1227 0:26 /home/johannes/.config/gtk-4.0 /home/johannes/.config/gtk-4.0 rw,nosuid,nodev,noexec,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/
mountid=1316 fsname=/home/johannes/.config/gtk-4.0 dir=/home/johannes/.config/gtk-4.0 fstype=btrfs
Mounting noexec /run/user/1000
1323 1317 0:57 /.mutter-Xwaylandauth.XUFYT0 /run/user/1000/.mutter-Xwaylandauth.XUFYT0 rw,nosuid,nodev,relatime master:537 - tmpfs tmpfs rw,size=802804k,nr_inodes=200701,mode=700,uid=1000,gid=1000
mountid=1323 fsname=/.mutter-Xwaylandauth.XUFYT0 dir=/run/user/1000/.mutter-Xwaylandauth.XUFYT0 fstype=tmpfs
Mounting noexec /run/user/1000/dconf
1324 1319 0:57 /dconf /run/user/1000/dconf rw,nosuid,nodev,noexec,relatime master:537 - tmpfs tmpfs rw,size=802804k,nr_inodes=200701,mode=700,uid=1000,gid=1000
mountid=1324 fsname=/dconf dir=/run/user/1000/dconf fstype=tmpfs
Mounting noexec /run/user/1000/ICEauthority
1325 1320 0:57 /ICEauthority /run/user/1000/ICEauthority rw,nosuid,nodev,noexec,relatime master:537 - tmpfs tmpfs rw,size=802804k,nr_inodes=200701,mode=700,uid=1000,gid=1000
mountid=1325 fsname=/ICEauthority dir=/run/user/1000/ICEauthority fstype=tmpfs
Mounting noexec /run/user/1000/pulse/native
1326 1321 0:57 /pulse/native /run/user/1000/pulse/native rw,nosuid,nodev,noexec,relatime master:537 - tmpfs tmpfs rw,size=802804k,nr_inodes=200701,mode=700,uid=1000,gid=1000
mountid=1326 fsname=/pulse/native dir=/run/user/1000/pulse/native fstype=tmpfs
Mounting noexec /run/user/1000/wayland-0
1327 1322 0:57 /wayland-0 /run/user/1000/wayland-0 rw,nosuid,nodev,noexec,relatime master:537 - tmpfs tmpfs rw,size=802804k,nr_inodes=200701,mode=700,uid=1000,gid=1000
mountid=1327 fsname=/wayland-0 dir=/run/user/1000/wayland-0 fstype=tmpfs
Mounting noexec /run/user/1000/.mutter-Xwaylandauth.XUFYT0
1328 1323 0:57 /.mutter-Xwaylandauth.XUFYT0 /run/user/1000/.mutter-Xwaylandauth.XUFYT0 rw,nosuid,nodev,noexec,relatime master:537 - tmpfs tmpfs rw,size=802804k,nr_inodes=200701,mode=700,uid=1000,gid=1000
mountid=1328 fsname=/.mutter-Xwaylandauth.XUFYT0 dir=/run/user/1000/.mutter-Xwaylandauth.XUFYT0 fstype=tmpfs
Mounting noexec /dev/shm
1329 1177 0:89 /shm /dev/shm rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755
mountid=1329 fsname=/shm dir=/dev/shm fstype=tmpfs
Mounting noexec /tmp
1331 1330 0:51 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev master:67 - tmpfs tmpfs rw,nr_inodes=409600
mountid=1331 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Mounting noexec /tmp/.X11-unix
1332 1331 0:51 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev,noexec master:67 - tmpfs tmpfs rw,nr_inodes=409600
mountid=1332 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Mounting noexec /var
1336 1333 0:82 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw
mountid=1336 fsname=/ dir=/var/tmp fstype=tmpfs
Disable /usr/lib/gjs
Disable /usr/lib/gjs (requested /usr/lib64/gjs)
Disable /usr/lib/libgjs.so.0.0.0 (requested /usr/lib/libgjs.so)
Disable /usr/lib/libgjs.so.0.0.0 (requested /usr/lib/libgjs.so.0)
Disable /usr/lib/libgjs.so.0.0.0
Disable /usr/lib/libgjs.so.0.0.0 (requested /usr/lib64/libgjs.so)
Disable /usr/lib/libgjs.so.0.0.0 (requested /usr/lib64/libgjs.so.0)
Disable /usr/lib/libgjs.so.0.0.0 (requested /usr/lib64/libgjs.so.0.0.0)
Disable /usr/lib/libluajit-5.1.so.2.0.5 (requested /usr/lib/libluajit-5.1.so)
Disable /usr/lib/libluajit-5.1.so.2.0.5 (requested /usr/lib/libluajit-5.1.so.2)
Disable /usr/lib/libluajit-5.1.so.2.0.5
Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib/liblua.so.5.2)
Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib/liblua.so.5.2.4)
Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib/liblua5.2.so)
Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib/liblua5.2.so.5.2)
Disable /usr/lib/liblua5.2.so.5.2.4
Disable /usr/lib/liblua.so.5.4.1 (requested /usr/lib/liblua.so)
Disable /usr/lib/liblua.so.5.4.1 (requested /usr/lib/liblua.so.5.4)
Disable /usr/lib/liblua.so.5.4.1
Disable /usr/lib/liblua.so.5.4.1 (requested /usr/lib/liblua5.4.so)
Disable /usr/lib/lua
Disable /usr/lib/libmozjs-78.so (requested /usr/lib64/libmozjs-78.so)
Disable /usr/lib/perl5
Disable /usr/share/perl5
Disable /usr/lib/ruby
Disable /usr/lib/python2.7
Disable /usr/lib/python3.8
Disable /usr/lib/python3.8 (requested /usr/lib64/python3.8)
Not blacklist /home/johannes/.minetest
Not blacklist /home/johannes/.cache/minetest
Drop privileges: pid 5, uid 1000, gid 1000, nogroups 0
Warning: cleaning all supplementary groups
Mounting read-only /tmp/.X11-unix
1365 1332 0:51 /.X11-unix /tmp/.X11-unix ro,nosuid,nodev,noexec master:67 - tmpfs tmpfs rw,nr_inodes=409600
mountid=1365 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Disable /sys/fs
Disable /sys/module
Disable /mnt
Disable /run/mount
Disable /run/media
Mounting noexec /run/firejail/mnt/pulse
1371 1139 0:79 /pulse /run/firejail/mnt/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755
mountid=1371 fsname=/pulse dir=/run/firejail/mnt/pulse fstype=tmpfs
Creating empty /home/johannes/.config/pulse directory
Drop privileges: pid 6, uid 1000, gid 1000, nogroups 0
Warning: cleaning all supplementary groups
Mounting /run/firejail/mnt/pulse on /home/johannes/.config/pulse
1372 1213 0:79 /pulse /home/johannes/.config/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755
mountid=1372 fsname=/pulse dir=/home/johannes/.config/pulse fstype=tmpfs
Create the new ld.so.preload file
Blacklist violations are logged to syslog
Mount the new ld.so.preload file
Current directory: /home/johannes
DISPLAY=:0 parsed as 0
Install protocol filter: unix,inet,inet6
configuring 20 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol
sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol 
Dropping all capabilities
Drop privileges: pid 7, uid 1000, gid 1000, nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 04 00 c000003e   jeq ARCH_64 0006 (false 0002)
 0002: 20 00 00 00000000   ld  data.syscall-number
 0003: 15 01 00 00000167   jeq unknown 0005 (false 0004)
 0004: 06 00 00 7fff0000   ret ALLOW
 0005: 05 00 00 00000006   jmp 000c
 0006: 20 00 00 00000004   ld  data.architecture
 0007: 15 01 00 c000003e   jeq ARCH_64 0009 (false 0008)
 0008: 06 00 00 7fff0000   ret ALLOW
 0009: 20 00 00 00000000   ld  data.syscall-number
 000a: 15 01 00 00000029   jeq socket 000c (false 000b)
 000b: 06 00 00 7fff0000   ret ALLOW
 000c: 20 00 00 00000010   ld  data.args[0]
 000d: 15 00 01 00000001   jeq 1 000e (false 000f)
 000e: 06 00 00 7fff0000   ret ALLOW
 000f: 15 00 01 00000002   jeq 2 0010 (false 0011)
 0010: 06 00 00 7fff0000   ret ALLOW
 0011: 15 00 01 0000000a   jeq a 0012 (false 0013)
 0012: 06 00 00 7fff0000   ret ALLOW
 0013: 06 00 00 0005005f   ret ERRNO(95)
configuring 101 seccomp entries in /run/firejail/mnt/seccomp/seccomp.32
sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.32 
Dropping all capabilities
Drop privileges: pid 8, uid 1000, gid 1000, nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 40000003   jeq ARCH_32 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 15 00 01 00000015   jeq 15 0005 (false 0006)
 0005: 06 00 00 00000001   ret KILL
 0006: 15 00 01 00000034   jeq 34 0007 (false 0008)
 0007: 06 00 00 00000001   ret KILL
 0008: 15 00 01 0000001a   jeq 1a 0009 (false 000a)
 0009: 06 00 00 00000001   ret KILL
 000a: 15 00 01 0000011b   jeq 11b 000b (false 000c)
 000b: 06 00 00 00000001   ret KILL
 000c: 15 00 01 00000155   jeq 155 000d (false 000e)
 000d: 06 00 00 00000001   ret KILL
 000e: 15 00 01 00000156   jeq 156 000f (false 0010)
 000f: 06 00 00 00000001   ret KILL
 0010: 15 00 01 0000007f   jeq 7f 0011 (false 0012)
 0011: 06 00 00 00000001   ret KILL
 0012: 15 00 01 00000080   jeq 80 0013 (false 0014)
 0013: 06 00 00 00000001   ret KILL
 0014: 15 00 01 0000015e   jeq 15e 0015 (false 0016)
 0015: 06 00 00 00000001   ret KILL
 0016: 15 00 01 00000081   jeq 81 0017 (false 0018)
 0017: 06 00 00 00000001   ret KILL
 0018: 15 00 01 0000006e   jeq 6e 0019 (false 001a)
 0019: 06 00 00 00000001   ret KILL
 001a: 15 00 01 00000065   jeq 65 001b (false 001c)
 001b: 06 00 00 00000001   ret KILL
 001c: 15 00 01 00000121   jeq 121 001d (false 001e)
 001d: 06 00 00 00000001   ret KILL
 001e: 15 00 01 00000057   jeq 57 001f (false 0020)
 001f: 06 00 00 00000001   ret KILL
 0020: 15 00 01 00000073   jeq 73 0021 (false 0022)
 0021: 06 00 00 00000001   ret KILL
 0022: 15 00 01 00000067   jeq 67 0023 (false 0024)
 0023: 06 00 00 00000001   ret KILL
 0024: 15 00 01 0000015b   jeq 15b 0025 (false 0026)
 0025: 06 00 00 00000001   ret KILL
 0026: 15 00 01 0000015c   jeq 15c 0027 (false 0028)
 0027: 06 00 00 00000001   ret KILL
 0028: 15 00 01 00000087   jeq 87 0029 (false 002a)
 0029: 06 00 00 00000001   ret KILL
 002a: 15 00 01 00000095   jeq 95 002b (false 002c)
 002b: 06 00 00 00000001   ret KILL
 002c: 15 00 01 0000007c   jeq 7c 002d (false 002e)
 002d: 06 00 00 00000001   ret KILL
 002e: 15 00 01 00000157   jeq 157 002f (false 0030)
 002f: 06 00 00 00000001   ret KILL
 0030: 15 00 01 000000fd   jeq fd 0031 (false 0032)
 0031: 06 00 00 00000001   ret KILL
 0032: 15 00 01 00000150   jeq 150 0033 (false 0034)
 0033: 06 00 00 00000001   ret KILL
 0034: 15 00 01 00000152   jeq 152 0035 (false 0036)
 0035: 06 00 00 00000001   ret KILL
 0036: 15 00 01 0000015d   jeq 15d 0037 (false 0038)
 0037: 06 00 00 00000001   ret KILL
 0038: 15 00 01 0000011e   jeq 11e 0039 (false 003a)
 0039: 06 00 00 00000001   ret KILL
 003a: 15 00 01 0000011f   jeq 11f 003b (false 003c)
 003b: 06 00 00 00000001   ret KILL
 003c: 15 00 01 00000120   jeq 120 003d (false 003e)
 003d: 06 00 00 00000001   ret KILL
 003e: 15 00 01 00000056   jeq 56 003f (false 0040)
 003f: 06 00 00 00000001   ret KILL
 0040: 15 00 01 00000033   jeq 33 0041 (false 0042)
 0041: 06 00 00 00000001   ret KILL
 0042: 15 00 01 0000007b   jeq 7b 0043 (false 0044)
 0043: 06 00 00 00000001   ret KILL
 0044: 15 00 01 000000d9   jeq d9 0045 (false 0046)
 0045: 06 00 00 00000001   ret KILL
 0046: 15 00 01 000000f5   jeq f5 0047 (false 0048)
 0047: 06 00 00 00000001   ret KILL
 0048: 15 00 01 000000f6   jeq f6 0049 (false 004a)
 0049: 06 00 00 00000001   ret KILL
 004a: 15 00 01 000000f7   jeq f7 004b (false 004c)
 004b: 06 00 00 00000001   ret KILL
 004c: 15 00 01 000000f8   jeq f8 004d (false 004e)
 004d: 06 00 00 00000001   ret KILL
 004e: 15 00 01 000000f9   jeq f9 004f (false 0050)
 004f: 06 00 00 00000001   ret KILL
 0050: 15 00 01 00000101   jeq 101 0051 (false 0052)
 0051: 06 00 00 00000001   ret KILL
 0052: 15 00 01 00000112   jeq 112 0053 (false 0054)
 0053: 06 00 00 00000001   ret KILL
 0054: 15 00 01 00000114   jeq 114 0055 (false 0056)
 0055: 06 00 00 00000001   ret KILL
 0056: 15 00 01 00000126   jeq 126 0057 (false 0058)
 0057: 06 00 00 00000001   ret KILL
 0058: 15 00 01 0000013d   jeq 13d 0059 (false 005a)
 0059: 06 00 00 00000001   ret KILL
 005a: 15 00 01 0000013c   jeq 13c 005b (false 005c)
 005b: 06 00 00 00000001   ret KILL
 005c: 15 00 01 0000003d   jeq 3d 005d (false 005e)
 005d: 06 00 00 00000001   ret KILL
 005e: 15 00 01 00000058   jeq 58 005f (false 0060)
 005f: 06 00 00 00000001   ret KILL
 0060: 15 00 01 000000a9   jeq a9 0061 (false 0062)
 0061: 06 00 00 00000001   ret KILL
 0062: 15 00 01 00000082   jeq 82 0063 (false 0064)
 0063: 06 00 00 00000001   ret KILL
 0064: 06 00 00 7fff0000   ret ALLOW
Dual 32/64 bit seccomp filter configured
configuring 134 seccomp entries in /run/firejail/mnt/seccomp/seccomp
sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp 
Dropping all capabilities
Drop privileges: pid 9, uid 1000, gid 1000, nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 35 01 00 40000000   jge X32_ABI 0006 (false 0005)
 0005: 35 01 00 00000000   jge read 0007 (false 0006)
 0006: 06 00 00 00050001   ret ERRNO(1)
 0007: 15 00 01 0000009f   jeq adjtimex 0008 (false 0009)
 0008: 06 00 00 00000001   ret KILL
 0009: 15 00 01 00000131   jeq clock_adjtime 000a (false 000b)
 000a: 06 00 00 00000001   ret KILL
 000b: 15 00 01 000000e3   jeq clock_settime 000c (false 000d)
 000c: 06 00 00 00000001   ret KILL
 000d: 15 00 01 000000a4   jeq settimeofday 000e (false 000f)
 000e: 06 00 00 00000001   ret KILL
 000f: 15 00 01 0000009a   jeq modify_ldt 0010 (false 0011)
 0010: 06 00 00 00000001   ret KILL
 0011: 15 00 01 000000d4   jeq lookup_dcookie 0012 (false 0013)
 0012: 06 00 00 00000001   ret KILL
 0013: 15 00 01 0000012a   jeq perf_event_open 0014 (false 0015)
 0014: 06 00 00 00000001   ret KILL
 0015: 15 00 01 00000137   jeq process_vm_writev 0016 (false 0017)
 0016: 06 00 00 00000001   ret KILL
 0017: 15 00 01 000000b0   jeq delete_module 0018 (false 0019)
 0018: 06 00 00 00000001   ret KILL
 0019: 15 00 01 00000139   jeq finit_module 001a (false 001b)
 001a: 06 00 00 00000001   ret KILL
 001b: 15 00 01 000000af   jeq init_module 001c (false 001d)
 001c: 06 00 00 00000001   ret KILL
 001d: 15 00 01 000000a1   jeq chroot 001e (false 001f)
 001e: 06 00 00 00000001   ret KILL
 001f: 15 00 01 000000a5   jeq mount 0020 (false 0021)
 0020: 06 00 00 00000001   ret KILL
 0021: 15 00 01 0000009b   jeq pivot_root 0022 (false 0023)
 0022: 06 00 00 00000001   ret KILL
 0023: 15 00 01 000000a6   jeq umount2 0024 (false 0025)
 0024: 06 00 00 00000001   ret KILL
 0025: 15 00 01 0000009c   jeq _sysctl 0026 (false 0027)
 0026: 06 00 00 00000001   ret KILL
 0027: 15 00 01 000000b7   jeq afs_syscall 0028 (false 0029)
 0028: 06 00 00 00000001   ret KILL
 0029: 15 00 01 000000ae   jeq create_module 002a (false 002b)
 002a: 06 00 00 00000001   ret KILL
 002b: 15 00 01 000000b1   jeq get_kernel_syms 002c (false 002d)
 002c: 06 00 00 00000001   ret KILL
 002d: 15 00 01 000000b5   jeq getpmsg 002e (false 002f)
 002e: 06 00 00 00000001   ret KILL
 002f: 15 00 01 000000b6   jeq putpmsg 0030 (false 0031)
 0030: 06 00 00 00000001   ret KILL
 0031: 15 00 01 000000b2   jeq query_module 0032 (false 0033)
 0032: 06 00 00 00000001   ret KILL
 0033: 15 00 01 000000b9   jeq security 0034 (false 0035)
 0034: 06 00 00 00000001   ret KILL
 0035: 15 00 01 0000008b   jeq sysfs 0036 (false 0037)
 0036: 06 00 00 00000001   ret KILL
 0037: 15 00 01 000000b8   jeq tuxcall 0038 (false 0039)
 0038: 06 00 00 00000001   ret KILL
 0039: 15 00 01 00000086   jeq uselib 003a (false 003b)
 003a: 06 00 00 00000001   ret KILL
 003b: 15 00 01 00000088   jeq ustat 003c (false 003d)
 003c: 06 00 00 00000001   ret KILL
 003d: 15 00 01 000000ec   jeq vserver 003e (false 003f)
 003e: 06 00 00 00000001   ret KILL
 003f: 15 00 01 000000ad   jeq ioperm 0040 (false 0041)
 0040: 06 00 00 00000001   ret KILL
 0041: 15 00 01 000000ac   jeq iopl 0042 (false 0043)
 0042: 06 00 00 00000001   ret KILL
 0043: 15 00 01 000000f6   jeq kexec_load 0044 (false 0045)
 0044: 06 00 00 00000001   ret KILL
 0045: 15 00 01 00000140   jeq kexec_file_load 0046 (false 0047)
 0046: 06 00 00 00000001   ret KILL
 0047: 15 00 01 000000a9   jeq reboot 0048 (false 0049)
 0048: 06 00 00 00000001   ret KILL
 0049: 15 00 01 000000a7   jeq swapon 004a (false 004b)
 004a: 06 00 00 00000001   ret KILL
 004b: 15 00 01 000000a8   jeq swapoff 004c (false 004d)
 004c: 06 00 00 00000001   ret KILL
 004d: 15 00 01 00000130   jeq open_by_handle_at 004e (false 004f)
 004e: 06 00 00 00000001   ret KILL
 004f: 15 00 01 0000012f   jeq name_to_handle_at 0050 (false 0051)
 0050: 06 00 00 00000001   ret KILL
 0051: 15 00 01 000000fb   jeq ioprio_set 0052 (false 0053)
 0052: 06 00 00 00000001   ret KILL
 0053: 15 00 01 00000067   jeq syslog 0054 (false 0055)
 0054: 06 00 00 00000001   ret KILL
 0055: 15 00 01 0000012c   jeq fanotify_init 0056 (false 0057)
 0056: 06 00 00 00000001   ret KILL
 0057: 15 00 01 00000138   jeq kcmp 0058 (false 0059)
 0058: 06 00 00 00000001   ret KILL
 0059: 15 00 01 000000f8   jeq add_key 005a (false 005b)
 005a: 06 00 00 00000001   ret KILL
 005b: 15 00 01 000000f9   jeq request_key 005c (false 005d)
 005c: 06 00 00 00000001   ret KILL
 005d: 15 00 01 000000ed   jeq mbind 005e (false 005f)
 005e: 06 00 00 00000001   ret KILL
 005f: 15 00 01 00000100   jeq migrate_pages 0060 (false 0061)
 0060: 06 00 00 00000001   ret KILL
 0061: 15 00 01 00000117   jeq move_pages 0062 (false 0063)
 0062: 06 00 00 00000001   ret KILL
 0063: 15 00 01 000000fa   jeq keyctl 0064 (false 0065)
 0064: 06 00 00 00000001   ret KILL
 0065: 15 00 01 000000ce   jeq io_setup 0066 (false 0067)
 0066: 06 00 00 00000001   ret KILL
 0067: 15 00 01 000000cf   jeq io_destroy 0068 (false 0069)
 0068: 06 00 00 00000001   ret KILL
 0069: 15 00 01 000000d0   jeq io_getevents 006a (false 006b)
 006a: 06 00 00 00000001   ret KILL
 006b: 15 00 01 000000d1   jeq io_submit 006c (false 006d)
 006c: 06 00 00 00000001   ret KILL
 006d: 15 00 01 000000d2   jeq io_cancel 006e (false 006f)
 006e: 06 00 00 00000001   ret KILL
 006f: 15 00 01 000000d8   jeq remap_file_pages 0070 (false 0071)
 0070: 06 00 00 00000001   ret KILL
 0071: 15 00 01 00000143   jeq userfaultfd 0072 (false 0073)
 0072: 06 00 00 00000001   ret KILL
 0073: 15 00 01 000000a3   jeq acct 0074 (false 0075)
 0074: 06 00 00 00000001   ret KILL
 0075: 15 00 01 00000141   jeq bpf 0076 (false 0077)
 0076: 06 00 00 00000001   ret KILL
 0077: 15 00 01 000000b4   jeq nfsservctl 0078 (false 0079)
 0078: 06 00 00 00000001   ret KILL
 0079: 15 00 01 000000ab   jeq setdomainname 007a (false 007b)
 007a: 06 00 00 00000001   ret KILL
 007b: 15 00 01 000000aa   jeq sethostname 007c (false 007d)
 007c: 06 00 00 00000001   ret KILL
 007d: 15 00 01 00000099   jeq vhangup 007e (false 007f)
 007e: 06 00 00 00000001   ret KILL
 007f: 15 00 01 00000065   jeq ptrace 0080 (false 0081)
 0080: 06 00 00 00000001   ret KILL
 0081: 15 00 01 00000087   jeq personality 0082 (false 0083)
 0082: 06 00 00 00000001   ret KILL
 0083: 15 00 01 00000136   jeq process_vm_readv 0084 (false 0085)
 0084: 06 00 00 00000001   ret KILL
 0085: 06 00 00 7fff0000   ret ALLOW
seccomp filter configured
Mounting read-only /run/firejail/mnt/seccomp
1375 1139 0:79 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755
mountid=1375 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs
Seccomp directory:
ls /run/firejail/mnt/seccomp
drwxr-xr-x root     root             160 .
drwxr-xr-x root     root             460 ..
-rw-r--r-- johannes johannes        1072 seccomp
-rw-r--r-- johannes johannes         808 seccomp.32
-rw-r--r-- johannes johannes         114 seccomp.list
-rw-r--r-- johannes johannes           0 seccomp.postexec
-rw-r--r-- johannes johannes           0 seccomp.postexec32
-rw-r--r-- johannes johannes         160 seccomp.protocol
Active seccomp files:
cat /run/firejail/mnt/seccomp/seccomp.list
/run/firejail/mnt/seccomp/seccomp.protocol
/run/firejail/mnt/seccomp/seccomp.32
/run/firejail/mnt/seccomp/seccomp
Dropping all capabilities
noroot user namespace installed
Dropping all capabilities
NO_NEW_PRIVS set
Drop privileges: pid 1, uid 1000, gid 1000, nogroups 1
No supplementary groups
starting application
LD_PRELOAD=(null)
execvp argument 0: minetest
Child process initialized in 90.40 ms
Searching $PATH for minetest
trying #/usr/local/bin/minetest#
Installing /run/firejail/mnt/seccomp/seccomp seccomp filter
Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter
Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter
minetest: error while loading shared libraries: libluajit-5.1.so.2: cannot open shared object file: Permission denied
monitoring pid 10

Sandbox monitor: waitpid 10 retval 10 status 32512

Parent is shutting down, bye...

Originally created by @JohannesBarjak on GitHub (Nov 4, 2020). Original GitHub issue: https://github.com/netblue30/firejail/issues/3723 **Bug and expected behavior** - Minetest didn't open. **No profile and disabling firejail** - What changed calling `firejail --noprofile /path/to/program` in a terminal? Minetest worked as expected. - What changed calling the program by path (check `which <program>` or `firejail --list` while the sandbox is running)? Nothing. **Reproduce** Steps to reproduce the behavior: - Run in bash `firejail minetest`. **Environment** - Arch Linux x86_64 `5.8.16.a-1-hardened`. - firejail 0.9.64. **Additional context** If you comment out `include disable-interpreters.inc` minetest works as expected. <details><summary> debug output </summary> ``` Autoselecting /bin/zsh as shell Building quoted command line: 'minetest' Command name #minetest# Found minetest.profile profile in /home/johannes/.config/firejail directory Reading profile /home/johannes/.config/firejail/minetest.profile Found disable-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-common.inc Found disable-devel.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-devel.inc Found disable-exec.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-exec.inc Found disable-interpreters.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-interpreters.inc Found disable-passwdmgr.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-passwdmgr.inc Found disable-programs.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-programs.inc Found disable-shell.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-shell.inc Found disable-xdg.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-xdg.inc Found whitelist-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-common.inc Found whitelist-runuser-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-runuser-common.inc Found whitelist-usr-share-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-usr-share-common.inc Found whitelist-var-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-var-common.inc DISPLAY=:0 parsed as 0 Enabling IPC namespace Using the local network stack Parent pid 356375, child pid 356376 Initializing child process Host network configured PID namespace installed Mounting tmpfs on /run/firejail/mnt directory Creating empty /run/firejail/mnt/seccomp directory Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file Build protocol filter: unix,inet,inet6 sbox run: /run/firejail/lib/fseccomp protocol build unix,inet,inet6 /run/firejail/mnt/seccomp/seccomp.protocol Dropping all capabilities Drop privileges: pid 2, uid 1000, gid 1000, nogroups 1 No supplementary groups Mounting /proc filesystem representing the PID namespace Basic read-only filesystem: Mounting read-only /etc 1142 1099 0:26 /etc /etc ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1142 fsname=/etc dir=/etc fstype=btrfs Mounting noexec /etc 1143 1142 0:26 /etc /etc ro,nosuid,nodev,noexec,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1143 fsname=/etc dir=/etc fstype=btrfs Mounting read-only /var 1144 1099 0:26 /var /var ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1144 fsname=/var dir=/var fstype=btrfs Mounting noexec /var 1145 1144 0:26 /var /var ro,nosuid,nodev,noexec,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1145 fsname=/var dir=/var fstype=btrfs Mounting read-only /usr 1146 1099 0:26 /usr /usr ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1146 fsname=/usr dir=/usr fstype=btrfs Mounting tmpfs on /var/lock Mounting tmpfs on /var/tmp Mounting tmpfs on /var/log Create the new utmp file Mount the new utmp file Cleaning /home directory Cleaning /run/user directory Sanitizing /etc/passwd, UID_MIN 1000 Sanitizing /etc/group, GID_MIN 1000 Disable /home/johannes/.config/firejail Disable /run/firejail/network Disable /run/firejail/bandwidth Disable /run/firejail/name Disable /run/firejail/profile Disable /run/firejail/x11 Mounting tmpfs on /dev mounting /run/firejail/mnt/dev/snd directory mounting /run/firejail/mnt/dev/dri directory Process /dev/shm directory Copying files in the new bin directory Checking /usr/local/bin/minetest firejail exec symlink detected Checking /usr/bin/minetest sbox run: /run/firejail/lib/fcopy /usr/bin/minetest /run/firejail/mnt/bin Mount-bind /run/firejail/mnt/bin on top of /usr/local/bin Mount-bind /run/firejail/mnt/bin on top of /usr/bin Mount-bind /run/firejail/mnt/bin on top of /bin Mount-bind /run/firejail/mnt/bin on top of /usr/local/games Mount-bind /run/firejail/mnt/bin on top of /usr/local/sbin Mount-bind /run/firejail/mnt/bin on top of /usr/sbin Mount-bind /run/firejail/mnt/bin on top of /sbin 1 program installed in 15.20 ms Mounting tmpfs on /home/johannes/.cache 1191 1153 0:91 / /home/johannes/.cache rw,nosuid,nodev,noatime - tmpfs tmpfs rw,mode=700,uid=1000,gid=1000 mountid=1191 fsname=/ dir=/home/johannes/.cache fstype=tmpfs Generate private-tmp whitelist commands Creating empty /run/firejail/mnt/dbus directory Creating empty /run/firejail/mnt/dbus/user file blacklist /run/user/1000/bus Creating empty /run/firejail/mnt/dbus/system file blacklist /run/dbus/system_bus_socket blacklist /run/firejail/dbus Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Mounting read-only /proc/sys Remounting /sys directory Disable /sys/firmware Disable /sys/hypervisor Disable /sys/power Disable /sys/kernel/debug Disable /proc/sys/fs/binfmt_misc Disable /proc/sys/kernel/core_pattern Disable /proc/sys/kernel/modprobe Disable /proc/sysrq-trigger Disable /proc/sys/vm/panic_on_oom Disable /proc/irq Disable /proc/bus Disable /proc/sched_debug Disable /proc/timer_list Disable /proc/kallsyms Disable /usr/lib/modules/5.9.3-arch1-1/build (requested /usr/src/linux) Disable /usr/lib/modules (requested /lib/modules) Disable /boot Disable /run/user/1000/gnupg Disable /run/user/1000/systemd Disable /proc/kmsg Debug 456: new_name #/home/johannes/.cache/minetest#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.cache/minetest expanded: /home/johannes/.cache/minetest real path: (null) realpath: No such file or directory Debug 456: new_name #/home/johannes/.minetest#, whitelist Debug 571: fname #/home/johannes/.minetest#, cfg.homedir #/home/johannes# Replaced whitelist path: whitelist /home/johannes/.minetest Debug 456: new_name #/usr/share/minetest#, whitelist Debug 456: new_name #/home/johannes/.XCompose#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.XCompose expanded: /home/johannes/.XCompose real path: (null) realpath: No such file or directory Debug 456: new_name #/home/johannes/.asoundrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.asoundrc expanded: /home/johannes/.asoundrc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/johannes/.config/ibus#, whitelist Debug 571: fname #/home/johannes/.config/ibus#, cfg.homedir #/home/johannes# Replaced whitelist path: whitelist /home/johannes/.config/ibus Debug 456: new_name #/home/johannes/.config/mimeapps.list#, whitelist Debug 571: fname #/home/johannes/.config/mimeapps.list#, cfg.homedir #/home/johannes# Replaced whitelist path: whitelist /home/johannes/.config/mimeapps.list Debug 456: new_name #/home/johannes/.config/pkcs11#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/pkcs11 expanded: /home/johannes/.config/pkcs11 real path: (null) realpath: No such file or directory Debug 456: new_name #/home/johannes/.config/user-dirs.dirs#, whitelist Debug 571: fname #/home/johannes/.config/user-dirs.dirs#, cfg.homedir #/home/johannes# Replaced whitelist path: whitelist /home/johannes/.config/user-dirs.dirs Debug 456: new_name #/home/johannes/.config/user-dirs.locale#, whitelist Debug 571: fname #/home/johannes/.config/user-dirs.locale#, cfg.homedir #/home/johannes# Replaced whitelist path: whitelist /home/johannes/.config/user-dirs.locale Debug 456: new_name #/home/johannes/.drirc#, whitelist Debug 571: fname #/home/johannes/.drirc#, cfg.homedir #/home/johannes# Replaced whitelist path: whitelist /home/johannes/.drirc Debug 456: new_name #/home/johannes/.icons#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.icons expanded: /home/johannes/.icons real path: (null) realpath: No such file or directory Debug 456: new_name #/home/johannes/.local/share/applications#, whitelist Debug 571: fname #/home/johannes/.local/share/applications#, cfg.homedir #/home/johannes# Replaced whitelist path: whitelist /home/johannes/.local/share/applications Debug 456: new_name #/home/johannes/.local/share/icons#, whitelist Debug 571: fname #/home/johannes/.local/share/icons#, cfg.homedir #/home/johannes# Replaced whitelist path: whitelist /home/johannes/.local/share/icons Debug 456: new_name #/home/johannes/.local/share/mime#, whitelist Debug 571: fname #/home/johannes/.local/share/mime#, cfg.homedir #/home/johannes# Replaced whitelist path: whitelist /home/johannes/.local/share/mime Debug 456: new_name #/home/johannes/.mime.types#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.mime.types expanded: /home/johannes/.mime.types real path: (null) realpath: No such file or directory Debug 456: new_name #/home/johannes/.uim.d#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.uim.d expanded: /home/johannes/.uim.d real path: (null) realpath: No such file or directory Debug 456: new_name #/home/johannes/.config/dconf#, whitelist Debug 571: fname #/home/johannes/.config/dconf#, cfg.homedir #/home/johannes# Replaced whitelist path: whitelist /home/johannes/.config/dconf Debug 456: new_name #/home/johannes/.cache/fontconfig#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.cache/fontconfig expanded: /home/johannes/.cache/fontconfig real path: (null) realpath: No such file or directory Debug 456: new_name #/home/johannes/.config/fontconfig#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/fontconfig expanded: /home/johannes/.config/fontconfig real path: (null) realpath: No such file or directory Debug 456: new_name #/home/johannes/.fontconfig#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fontconfig expanded: /home/johannes/.fontconfig real path: (null) realpath: No such file or directory Debug 456: new_name #/home/johannes/.fonts#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts expanded: /home/johannes/.fonts real path: (null) realpath: No such file or directory Debug 456: new_name #/home/johannes/.fonts.conf#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf expanded: /home/johannes/.fonts.conf real path: (null) realpath: No such file or directory Debug 456: new_name #/home/johannes/.fonts.conf.d#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf.d expanded: /home/johannes/.fonts.conf.d real path: (null) realpath: No such file or directory Debug 456: new_name #/home/johannes/.fonts.d#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.d expanded: /home/johannes/.fonts.d real path: (null) realpath: No such file or directory Debug 456: new_name #/home/johannes/.local/share/fonts#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/fonts expanded: /home/johannes/.local/share/fonts real path: (null) realpath: No such file or directory Debug 456: new_name #/home/johannes/.pangorc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.pangorc expanded: /home/johannes/.pangorc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/johannes/.config/gtk-2.0#, whitelist Debug 571: fname #/home/johannes/.config/gtk-2.0#, cfg.homedir #/home/johannes# Replaced whitelist path: whitelist /home/johannes/.config/gtk-2.0 Debug 456: new_name #/home/johannes/.config/gtk-3.0#, whitelist Debug 571: fname #/home/johannes/.config/gtk-3.0#, cfg.homedir #/home/johannes# Replaced whitelist path: whitelist /home/johannes/.config/gtk-3.0 Debug 456: new_name #/home/johannes/.config/gtk-4.0#, whitelist Debug 571: fname #/home/johannes/.config/gtk-4.0#, cfg.homedir #/home/johannes# Replaced whitelist path: whitelist /home/johannes/.config/gtk-4.0 Debug 456: new_name #/home/johannes/.config/gtkrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc expanded: /home/johannes/.config/gtkrc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/johannes/.config/gtkrc-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc-2.0 expanded: /home/johannes/.config/gtkrc-2.0 real path: (null) realpath: No such file or directory Debug 456: new_name #/home/johannes/.gnome2#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2 expanded: /home/johannes/.gnome2 real path: (null) realpath: No such file or directory Debug 456: new_name #/home/johannes/.gnome2-private#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2-private expanded: /home/johannes/.gnome2-private real path: (null) realpath: No such file or directory Debug 456: new_name #/home/johannes/.gtk-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtk-2.0 expanded: /home/johannes/.gtk-2.0 real path: (null) realpath: No such file or directory Debug 456: new_name #/home/johannes/.gtkrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtkrc expanded: /home/johannes/.gtkrc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/johannes/.gtkrc-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtkrc-2.0 expanded: /home/johannes/.gtkrc-2.0 real path: (null) realpath: No such file or directory Debug 456: new_name #/home/johannes/.kde/share/config/gtkrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc expanded: /home/johannes/.kde/share/config/gtkrc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/johannes/.kde/share/config/gtkrc-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc-2.0 expanded: /home/johannes/.kde/share/config/gtkrc-2.0 real path: (null) realpath: No such file or directory Debug 456: new_name #/home/johannes/.kde4/share/config/gtkrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc expanded: /home/johannes/.kde4/share/config/gtkrc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/johannes/.kde4/share/config/gtkrc-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc-2.0 expanded: /home/johannes/.kde4/share/config/gtkrc-2.0 real path: (null) realpath: No such file or directory Debug 456: new_name #/home/johannes/.local/share/themes#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/themes expanded: /home/johannes/.local/share/themes real path: (null) realpath: No such file or directory Debug 456: new_name #/home/johannes/.themes#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.themes expanded: /home/johannes/.themes real path: (null) realpath: No such file or directory Debug 456: new_name #/home/johannes/.cache/kioexec/krun#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.cache/kioexec/krun expanded: /home/johannes/.cache/kioexec/krun real path: (null) realpath: No such file or directory Debug 456: new_name #/home/johannes/.config/Kvantum#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/Kvantum expanded: /home/johannes/.config/Kvantum real path: (null) realpath: No such file or directory Debug 456: new_name #/home/johannes/.config/Trolltech.conf#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/Trolltech.conf expanded: /home/johannes/.config/Trolltech.conf real path: (null) realpath: No such file or directory Debug 456: new_name #/home/johannes/.config/kdeglobals#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kdeglobals expanded: /home/johannes/.config/kdeglobals real path: (null) realpath: No such file or directory Debug 456: new_name #/home/johannes/.config/kio_httprc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kio_httprc expanded: /home/johannes/.config/kio_httprc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/johannes/.config/kioslaverc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kioslaverc expanded: /home/johannes/.config/kioslaverc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/johannes/.config/ksslcablacklist#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/ksslcablacklist expanded: /home/johannes/.config/ksslcablacklist real path: (null) realpath: No such file or directory Debug 456: new_name #/home/johannes/.config/qt5ct#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/qt5ct expanded: /home/johannes/.config/qt5ct real path: (null) realpath: No such file or directory Debug 456: new_name #/home/johannes/.kde/share/config/kdeglobals#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kdeglobals expanded: /home/johannes/.kde/share/config/kdeglobals real path: (null) realpath: No such file or directory Debug 456: new_name #/home/johannes/.kde/share/config/kio_httprc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kio_httprc expanded: /home/johannes/.kde/share/config/kio_httprc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/johannes/.kde/share/config/kioslaverc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kioslaverc expanded: /home/johannes/.kde/share/config/kioslaverc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/johannes/.kde/share/config/ksslcablacklist#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/ksslcablacklist expanded: /home/johannes/.kde/share/config/ksslcablacklist real path: (null) realpath: No such file or directory Debug 456: new_name #/home/johannes/.kde/share/config/oxygenrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/oxygenrc expanded: /home/johannes/.kde/share/config/oxygenrc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/johannes/.kde/share/icons#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/icons expanded: /home/johannes/.kde/share/icons real path: (null) realpath: No such file or directory Debug 456: new_name #/home/johannes/.kde4/share/config/kdeglobals#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kdeglobals expanded: /home/johannes/.kde4/share/config/kdeglobals real path: (null) realpath: No such file or directory Debug 456: new_name #/home/johannes/.kde4/share/config/kio_httprc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kio_httprc expanded: /home/johannes/.kde4/share/config/kio_httprc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/johannes/.kde4/share/config/kioslaverc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kioslaverc expanded: /home/johannes/.kde4/share/config/kioslaverc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/johannes/.kde4/share/config/ksslcablacklist#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/ksslcablacklist expanded: /home/johannes/.kde4/share/config/ksslcablacklist real path: (null) realpath: No such file or directory Debug 456: new_name #/home/johannes/.kde4/share/config/oxygenrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/oxygenrc expanded: /home/johannes/.kde4/share/config/oxygenrc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/johannes/.kde4/share/icons#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/icons expanded: /home/johannes/.kde4/share/icons real path: (null) realpath: No such file or directory Debug 456: new_name #/home/johannes/.local/share/qt5ct#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/qt5ct expanded: /home/johannes/.local/share/qt5ct real path: (null) realpath: No such file or directory Debug 456: new_name #/run/user/1000/bus#, whitelist Replaced whitelist path: whitelist /run/user/1000/bus Debug 456: new_name #/run/user/1000/dconf#, whitelist Replaced whitelist path: whitelist /run/user/1000/dconf Debug 456: new_name #/run/user/1000/gdm/Xauthority#, whitelist Removed whitelist/nowhitelist path: whitelist ${RUNUSER}/gdm/Xauthority expanded: /run/user/1000/gdm/Xauthority real path: (null) realpath: No such file or directory Debug 456: new_name #/run/user/1000/ICEauthority#, whitelist Replaced whitelist path: whitelist /run/user/1000/ICEauthority Debug 456: new_name #/run/user/1000/.mutter-Xwaylandauth.*#, whitelist Adding new profile command: whitelist /run/user/1000/.mutter-Xwaylandauth.XUFYT0 Removed whitelist/nowhitelist path: whitelist ${RUNUSER}/.mutter-Xwaylandauth.* expanded: /run/user/1000/.mutter-Xwaylandauth.* real path: (null) realpath: No such file or directory Debug 456: new_name #/run/user/1000/pulse/native#, whitelist Replaced whitelist path: whitelist /run/user/1000/pulse/native Debug 456: new_name #/run/user/1000/wayland-0#, whitelist Replaced whitelist path: whitelist /run/user/1000/wayland-0 Debug 456: new_name #/usr/share/alsa#, whitelist Debug 456: new_name #/usr/share/applications#, whitelist Debug 456: new_name #/usr/share/ca-certificates#, whitelist Debug 456: new_name #/usr/share/crypto-policies#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/crypto-policies expanded: /usr/share/crypto-policies real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/cursors#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/cursors expanded: /usr/share/cursors real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/dconf#, whitelist Debug 456: new_name #/usr/share/distro-info#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/distro-info expanded: /usr/share/distro-info real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/drirc.d#, whitelist Debug 456: new_name #/usr/share/enchant#, whitelist Debug 456: new_name #/usr/share/enchant-2#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/enchant-2 expanded: /usr/share/enchant-2 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/file#, whitelist Debug 456: new_name #/usr/share/fontconfig#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/fontconfig expanded: /usr/share/fontconfig real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/fonts#, whitelist Debug 456: new_name #/usr/share/gir-1.0#, whitelist Debug 456: new_name #/usr/share/gjs-1.0#, whitelist Debug 456: new_name #/usr/share/glib-2.0#, whitelist Debug 456: new_name #/usr/share/glvnd#, whitelist Debug 456: new_name #/usr/share/gtk-2.0#, whitelist Debug 456: new_name #/usr/share/gtk-3.0#, whitelist Debug 456: new_name #/usr/share/gtk-engines#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/gtk-engines expanded: /usr/share/gtk-engines real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/gtksourceview-3.0#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/gtksourceview-3.0 expanded: /usr/share/gtksourceview-3.0 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/gtksourceview-4#, whitelist Debug 456: new_name #/usr/share/hunspell#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/hunspell expanded: /usr/share/hunspell real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/hwdata#, whitelist Debug 456: new_name #/usr/share/icons#, whitelist Debug 456: new_name #/usr/share/icu#, whitelist Debug 456: new_name #/usr/share/knotifications5#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/knotifications5 expanded: /usr/share/knotifications5 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/kservices5#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/kservices5 expanded: /usr/share/kservices5 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/Kvantum#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/Kvantum expanded: /usr/share/Kvantum real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/kxmlgui5#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/kxmlgui5 expanded: /usr/share/kxmlgui5 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/libdrm#, whitelist Debug 456: new_name #/usr/share/libthai#, whitelist Debug 456: new_name #/usr/share/locale#, whitelist Debug 456: new_name #/usr/share/mime#, whitelist Debug 456: new_name #/usr/share/misc#, whitelist Debug 456: new_name #/usr/share/Modules#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/Modules expanded: /usr/share/Modules real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/myspell#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/myspell expanded: /usr/share/myspell real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/p11-kit#, whitelist Debug 456: new_name #/usr/share/perl#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/perl expanded: /usr/share/perl real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/perl5#, whitelist Debug 456: new_name #/usr/share/pixmaps#, whitelist Debug 456: new_name #/usr/share/pki#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/pki expanded: /usr/share/pki real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/plasma#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/plasma expanded: /usr/share/plasma real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/publicsuffix#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/publicsuffix expanded: /usr/share/publicsuffix real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/qt#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/qt expanded: /usr/share/qt real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/qt4#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/qt4 expanded: /usr/share/qt4 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/qt5#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/qt5 expanded: /usr/share/qt5 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/qt5ct#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/qt5ct expanded: /usr/share/qt5ct real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/sounds#, whitelist Debug 456: new_name #/usr/share/tcl8.6#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/tcl8.6 expanded: /usr/share/tcl8.6 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/tcltk#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/tcltk expanded: /usr/share/tcltk real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/terminfo#, whitelist Debug 456: new_name #/usr/share/texlive#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/texlive expanded: /usr/share/texlive real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/texmf#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/texmf expanded: /usr/share/texmf real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/themes#, whitelist Debug 456: new_name #/usr/share/thumbnail.so#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/thumbnail.so expanded: /usr/share/thumbnail.so real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/X11#, whitelist Debug 456: new_name #/usr/share/xml#, whitelist Debug 456: new_name #/usr/share/zoneinfo#, whitelist Debug 456: new_name #/var/lib/ca-certificates#, whitelist Removed whitelist/nowhitelist path: whitelist /var/lib/ca-certificates expanded: /var/lib/ca-certificates real path: (null) realpath: No such file or directory Debug 456: new_name #/var/lib/dbus#, whitelist Debug 456: new_name #/var/lib/menu-xdg#, whitelist Removed whitelist/nowhitelist path: whitelist /var/lib/menu-xdg expanded: /var/lib/menu-xdg real path: (null) realpath: No such file or directory Debug 456: new_name #/var/lib/uim#, whitelist Removed whitelist/nowhitelist path: whitelist /var/lib/uim expanded: /var/lib/uim real path: (null) realpath: No such file or directory Debug 456: new_name #/var/cache/fontconfig#, whitelist Debug 456: new_name #/var/tmp#, whitelist Debug 456: new_name #/var/run#, whitelist Replaced whitelist path: whitelist /run Debug 456: new_name #/var/lock#, whitelist Replaced whitelist path: whitelist /run/lock Debug 456: new_name #/tmp/.X11-unix#, whitelist Debug 456: new_name #/run/user/1000/.mutter-Xwaylandauth.XUFYT0#, whitelist Mounting tmpfs on /tmp directory Mounting tmpfs on /var directory Mounting tmpfs on /usr/share directory Mounting tmpfs on /run/user/1000 directory Mounting a new /root directory Mounting a new /home directory Create a new user directory Drop privileges: pid 4, uid 1000, gid 1000, nogroups 0 Warning: cleaning all supplementary groups Whitelisting /home/johannes/.minetest 1214 1213 0:26 /home/johannes/.minetest /home/johannes/.minetest rw,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1214 fsname=/home/johannes/.minetest dir=/home/johannes/.minetest fstype=btrfs Whitelisting /usr/share/minetest 1215 1201 0:26 /usr/share/minetest /usr/share/minetest ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1215 fsname=/usr/share/minetest dir=/usr/share/minetest fstype=btrfs Whitelisting /home/johannes/.config/ibus 1216 1213 0:26 /home/johannes/.config/ibus /home/johannes/.config/ibus rw,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1216 fsname=/home/johannes/.config/ibus dir=/home/johannes/.config/ibus fstype=btrfs Whitelisting /home/johannes/.config/mimeapps.list 1217 1213 0:26 /home/johannes/.config/mimeapps.list /home/johannes/.config/mimeapps.list rw,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1217 fsname=/home/johannes/.config/mimeapps.list dir=/home/johannes/.config/mimeapps.list fstype=btrfs Whitelisting /home/johannes/.config/user-dirs.dirs 1218 1213 0:26 /home/johannes/.config/user-dirs.dirs /home/johannes/.config/user-dirs.dirs rw,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1218 fsname=/home/johannes/.config/user-dirs.dirs dir=/home/johannes/.config/user-dirs.dirs fstype=btrfs Whitelisting /home/johannes/.config/user-dirs.locale 1219 1213 0:26 /home/johannes/.config/user-dirs.locale /home/johannes/.config/user-dirs.locale rw,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1219 fsname=/home/johannes/.config/user-dirs.locale dir=/home/johannes/.config/user-dirs.locale fstype=btrfs Whitelisting /home/johannes/.drirc 1220 1213 0:26 /home/johannes/.drirc /home/johannes/.drirc rw,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1220 fsname=/home/johannes/.drirc dir=/home/johannes/.drirc fstype=btrfs Whitelisting /home/johannes/.local/share/applications 1221 1213 0:26 /home/johannes/.local/share/applications /home/johannes/.local/share/applications rw,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1221 fsname=/home/johannes/.local/share/applications dir=/home/johannes/.local/share/applications fstype=btrfs Whitelisting /home/johannes/.local/share/icons 1222 1213 0:26 /home/johannes/.local/share/icons /home/johannes/.local/share/icons rw,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1222 fsname=/home/johannes/.local/share/icons dir=/home/johannes/.local/share/icons fstype=btrfs Whitelisting /home/johannes/.local/share/mime 1223 1213 0:26 /home/johannes/.local/share/mime /home/johannes/.local/share/mime rw,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1223 fsname=/home/johannes/.local/share/mime dir=/home/johannes/.local/share/mime fstype=btrfs Whitelisting /home/johannes/.config/dconf 1224 1213 0:26 /home/johannes/.config/dconf /home/johannes/.config/dconf rw,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1224 fsname=/home/johannes/.config/dconf dir=/home/johannes/.config/dconf fstype=btrfs Whitelisting /home/johannes/.config/gtk-2.0 1225 1213 0:26 /home/johannes/.config/gtk-2.0 /home/johannes/.config/gtk-2.0 rw,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1225 fsname=/home/johannes/.config/gtk-2.0 dir=/home/johannes/.config/gtk-2.0 fstype=btrfs Whitelisting /home/johannes/.config/gtk-3.0 1226 1213 0:26 /home/johannes/.config/gtk-3.0 /home/johannes/.config/gtk-3.0 rw,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1226 fsname=/home/johannes/.config/gtk-3.0 dir=/home/johannes/.config/gtk-3.0 fstype=btrfs Whitelisting /home/johannes/.config/gtk-4.0 1227 1213 0:26 /home/johannes/.config/gtk-4.0 /home/johannes/.config/gtk-4.0 rw,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1227 fsname=/home/johannes/.config/gtk-4.0 dir=/home/johannes/.config/gtk-4.0 fstype=btrfs Whitelisting /run/user/1000/bus 1228 1208 0:24 /firejail/firejail.ro.file /run/user/1000/bus rw,nosuid,nodev,relatime master:14 - tmpfs run rw,mode=755 mountid=1228 fsname=/firejail/firejail.ro.file dir=/run/user/1000/bus fstype=tmpfs Whitelisting /run/user/1000/dconf 1229 1208 0:57 /dconf /run/user/1000/dconf rw,nosuid,nodev,relatime master:537 - tmpfs tmpfs rw,size=802804k,nr_inodes=200701,mode=700,uid=1000,gid=1000 mountid=1229 fsname=/dconf dir=/run/user/1000/dconf fstype=tmpfs Whitelisting /run/user/1000/ICEauthority 1230 1208 0:57 /ICEauthority /run/user/1000/ICEauthority rw,nosuid,nodev,relatime master:537 - tmpfs tmpfs rw,size=802804k,nr_inodes=200701,mode=700,uid=1000,gid=1000 mountid=1230 fsname=/ICEauthority dir=/run/user/1000/ICEauthority fstype=tmpfs Whitelisting /run/user/1000/pulse/native 1231 1208 0:57 /pulse/native /run/user/1000/pulse/native rw,nosuid,nodev,relatime master:537 - tmpfs tmpfs rw,size=802804k,nr_inodes=200701,mode=700,uid=1000,gid=1000 mountid=1231 fsname=/pulse/native dir=/run/user/1000/pulse/native fstype=tmpfs Whitelisting /run/user/1000/wayland-0 1232 1208 0:57 /wayland-0 /run/user/1000/wayland-0 rw,nosuid,nodev,relatime master:537 - tmpfs tmpfs rw,size=802804k,nr_inodes=200701,mode=700,uid=1000,gid=1000 mountid=1232 fsname=/wayland-0 dir=/run/user/1000/wayland-0 fstype=tmpfs Whitelisting /usr/share/alsa 1233 1201 0:26 /usr/share/alsa /usr/share/alsa ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1233 fsname=/usr/share/alsa dir=/usr/share/alsa fstype=btrfs Whitelisting /usr/share/applications 1234 1201 0:26 /usr/share/applications /usr/share/applications ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1234 fsname=/usr/share/applications dir=/usr/share/applications fstype=btrfs Whitelisting /usr/share/ca-certificates 1235 1201 0:26 /usr/share/ca-certificates /usr/share/ca-certificates ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1235 fsname=/usr/share/ca-certificates dir=/usr/share/ca-certificates fstype=btrfs Whitelisting /usr/share/dconf 1236 1201 0:26 /usr/share/dconf /usr/share/dconf ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1236 fsname=/usr/share/dconf dir=/usr/share/dconf fstype=btrfs Whitelisting /usr/share/drirc.d 1237 1201 0:26 /usr/share/drirc.d /usr/share/drirc.d ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1237 fsname=/usr/share/drirc.d dir=/usr/share/drirc.d fstype=btrfs Whitelisting /usr/share/enchant 1238 1201 0:26 /usr/share/enchant /usr/share/enchant ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1238 fsname=/usr/share/enchant dir=/usr/share/enchant fstype=btrfs Whitelisting /usr/share/file 1239 1201 0:26 /usr/share/file /usr/share/file ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1239 fsname=/usr/share/file dir=/usr/share/file fstype=btrfs Whitelisting /usr/share/fonts 1240 1201 0:26 /usr/share/fonts /usr/share/fonts ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1240 fsname=/usr/share/fonts dir=/usr/share/fonts fstype=btrfs Whitelisting /usr/share/gir-1.0 1241 1201 0:26 /usr/share/gir-1.0 /usr/share/gir-1.0 ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1241 fsname=/usr/share/gir-1.0 dir=/usr/share/gir-1.0 fstype=btrfs Whitelisting /usr/share/gjs-1.0 1242 1201 0:26 /usr/share/gjs-1.0 /usr/share/gjs-1.0 ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1242 fsname=/usr/share/gjs-1.0 dir=/usr/share/gjs-1.0 fstype=btrfs Whitelisting /usr/share/glib-2.0 1243 1201 0:26 /usr/share/glib-2.0 /usr/share/glib-2.0 ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1243 fsname=/usr/share/glib-2.0 dir=/usr/share/glib-2.0 fstype=btrfs Whitelisting /usr/share/glvnd 1244 1201 0:26 /usr/share/glvnd /usr/share/glvnd ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1244 fsname=/usr/share/glvnd dir=/usr/share/glvnd fstype=btrfs Whitelisting /usr/share/gtk-2.0 1245 1201 0:26 /usr/share/gtk-2.0 /usr/share/gtk-2.0 ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1245 fsname=/usr/share/gtk-2.0 dir=/usr/share/gtk-2.0 fstype=btrfs Whitelisting /usr/share/gtk-3.0 1246 1201 0:26 /usr/share/gtk-3.0 /usr/share/gtk-3.0 ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1246 fsname=/usr/share/gtk-3.0 dir=/usr/share/gtk-3.0 fstype=btrfs Whitelisting /usr/share/gtksourceview-4 1247 1201 0:26 /usr/share/gtksourceview-4 /usr/share/gtksourceview-4 ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1247 fsname=/usr/share/gtksourceview-4 dir=/usr/share/gtksourceview-4 fstype=btrfs Whitelisting /usr/share/hwdata 1248 1201 0:26 /usr/share/hwdata /usr/share/hwdata ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1248 fsname=/usr/share/hwdata dir=/usr/share/hwdata fstype=btrfs Whitelisting /usr/share/icons 1249 1201 0:26 /usr/share/icons /usr/share/icons ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1249 fsname=/usr/share/icons dir=/usr/share/icons fstype=btrfs Whitelisting /usr/share/icu 1250 1201 0:26 /usr/share/icu /usr/share/icu ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1250 fsname=/usr/share/icu dir=/usr/share/icu fstype=btrfs Whitelisting /usr/share/libdrm 1251 1201 0:26 /usr/share/libdrm /usr/share/libdrm ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1251 fsname=/usr/share/libdrm dir=/usr/share/libdrm fstype=btrfs Whitelisting /usr/share/libthai 1252 1201 0:26 /usr/share/libthai /usr/share/libthai ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1252 fsname=/usr/share/libthai dir=/usr/share/libthai fstype=btrfs Whitelisting /usr/share/locale 1253 1201 0:26 /usr/share/locale /usr/share/locale ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1253 fsname=/usr/share/locale dir=/usr/share/locale fstype=btrfs Whitelisting /usr/share/mime 1254 1201 0:26 /usr/share/mime /usr/share/mime ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1254 fsname=/usr/share/mime dir=/usr/share/mime fstype=btrfs Whitelisting /usr/share/misc 1255 1201 0:26 /usr/share/misc /usr/share/misc ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1255 fsname=/usr/share/misc dir=/usr/share/misc fstype=btrfs Whitelisting /usr/share/p11-kit 1256 1201 0:26 /usr/share/p11-kit /usr/share/p11-kit ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1256 fsname=/usr/share/p11-kit dir=/usr/share/p11-kit fstype=btrfs Whitelisting /usr/share/perl5 1257 1201 0:26 /usr/share/perl5 /usr/share/perl5 ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1257 fsname=/usr/share/perl5 dir=/usr/share/perl5 fstype=btrfs Whitelisting /usr/share/pixmaps 1258 1201 0:26 /usr/share/pixmaps /usr/share/pixmaps ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1258 fsname=/usr/share/pixmaps dir=/usr/share/pixmaps fstype=btrfs Whitelisting /usr/share/sounds 1259 1201 0:26 /usr/share/sounds /usr/share/sounds ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1259 fsname=/usr/share/sounds dir=/usr/share/sounds fstype=btrfs Whitelisting /usr/share/terminfo 1260 1201 0:26 /usr/share/terminfo /usr/share/terminfo ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1260 fsname=/usr/share/terminfo dir=/usr/share/terminfo fstype=btrfs Whitelisting /usr/share/themes 1261 1201 0:26 /usr/share/themes /usr/share/themes ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1261 fsname=/usr/share/themes dir=/usr/share/themes fstype=btrfs Whitelisting /usr/share/X11 1262 1201 0:26 /usr/share/X11 /usr/share/X11 ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1262 fsname=/usr/share/X11 dir=/usr/share/X11 fstype=btrfs Whitelisting /usr/share/xml 1263 1201 0:26 /usr/share/xml /usr/share/xml ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1263 fsname=/usr/share/xml dir=/usr/share/xml fstype=btrfs Whitelisting /usr/share/zoneinfo 1264 1201 0:26 /usr/share/zoneinfo /usr/share/zoneinfo ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1264 fsname=/usr/share/zoneinfo dir=/usr/share/zoneinfo fstype=btrfs Whitelisting /var/lib/dbus 1265 1199 0:26 /var/lib/dbus /var/lib/dbus ro,nosuid,nodev,noexec,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1265 fsname=/var/lib/dbus dir=/var/lib/dbus fstype=btrfs Whitelisting /var/cache/fontconfig 1266 1199 0:26 /var/cache/fontconfig /var/cache/fontconfig ro,nosuid,nodev,noexec,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1266 fsname=/var/cache/fontconfig dir=/var/cache/fontconfig fstype=btrfs Whitelisting /var/tmp 1267 1199 0:82 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw mountid=1267 fsname=/ dir=/var/tmp fstype=tmpfs Created symbolic link /var/run -> /run Created symbolic link /var/lock -> /run/lock Whitelisting /tmp/.X11-unix 1268 1130 0:51 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev master:67 - tmpfs tmpfs rw,nr_inodes=409600 mountid=1268 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Whitelisting /run/user/1000/.mutter-Xwaylandauth.XUFYT0 1269 1208 0:57 /.mutter-Xwaylandauth.XUFYT0 /run/user/1000/.mutter-Xwaylandauth.XUFYT0 rw,nosuid,nodev,relatime master:537 - tmpfs tmpfs rw,size=802804k,nr_inodes=200701,mode=700,uid=1000,gid=1000 mountid=1269 fsname=/.mutter-Xwaylandauth.XUFYT0 dir=/run/user/1000/.mutter-Xwaylandauth.XUFYT0 fstype=tmpfs Disable /etc/X11/Xsession.d Disable /etc/xdg/autostart Mounting read-only /home/johannes/.config/dconf 1277 1224 0:26 /home/johannes/.config/dconf /home/johannes/.config/dconf ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1277 fsname=/home/johannes/.config/dconf dir=/home/johannes/.config/dconf fstype=btrfs Disable /etc/profile.d Disable /etc/kernel Disable /etc/grub.d Disable /etc/apparmor Disable /etc/apparmor.d Disable /etc/modules-load.d Disable /etc/logrotate.d Mounting read-only /home/johannes/.bashrc 1285 1213 0:97 /johannes/.bashrc /home/johannes/.bashrc ro,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755 mountid=1285 fsname=/johannes/.bashrc dir=/home/johannes/.bashrc fstype=tmpfs Mounting read-only /home/johannes/.local/share/applications 1286 1221 0:26 /home/johannes/.local/share/applications /home/johannes/.local/share/applications ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1286 fsname=/home/johannes/.local/share/applications dir=/home/johannes/.local/share/applications fstype=btrfs Mounting read-only /home/johannes/.config/mimeapps.list 1287 1217 0:26 /home/johannes/.config/mimeapps.list /home/johannes/.config/mimeapps.list ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1287 fsname=/home/johannes/.config/mimeapps.list dir=/home/johannes/.config/mimeapps.list fstype=btrfs Mounting read-only /home/johannes/.config/user-dirs.dirs 1288 1218 0:26 /home/johannes/.config/user-dirs.dirs /home/johannes/.config/user-dirs.dirs ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1288 fsname=/home/johannes/.config/user-dirs.dirs dir=/home/johannes/.config/user-dirs.dirs fstype=btrfs Mounting read-only /home/johannes/.config/user-dirs.locale 1289 1219 0:26 /home/johannes/.config/user-dirs.locale /home/johannes/.config/user-dirs.locale ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1289 fsname=/home/johannes/.config/user-dirs.locale dir=/home/johannes/.config/user-dirs.locale fstype=btrfs Mounting read-only /home/johannes/.local/share/mime 1290 1223 0:26 /home/johannes/.local/share/mime /home/johannes/.local/share/mime ro,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1290 fsname=/home/johannes/.local/share/mime dir=/home/johannes/.local/share/mime fstype=btrfs Disable /etc/group- Disable /etc/gshadow Disable /etc/gshadow- Disable /etc/passwd- Disable /etc/shadow Disable /etc/shadow- Disable /etc/ssh Warning: /sbin directory link was not blacklisted Disable /usr/local/sbin Warning: /usr/sbin directory link was not blacklisted Disable /proc/config.gz Disable /usr/src Disable /usr/local/src Disable /usr/include Disable /usr/local/include Mounting noexec /home/johannes/.minetest 1304 1214 0:26 /home/johannes/.minetest /home/johannes/.minetest rw,nosuid,nodev,noexec,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1304 fsname=/home/johannes/.minetest dir=/home/johannes/.minetest fstype=btrfs Mounting noexec /home/johannes/.config/ibus 1305 1216 0:26 /home/johannes/.config/ibus /home/johannes/.config/ibus rw,nosuid,nodev,noexec,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1305 fsname=/home/johannes/.config/ibus dir=/home/johannes/.config/ibus fstype=btrfs Mounting noexec /home/johannes/.config/mimeapps.list 1306 1287 0:26 /home/johannes/.config/mimeapps.list /home/johannes/.config/mimeapps.list ro,nosuid,nodev,noexec,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1306 fsname=/home/johannes/.config/mimeapps.list dir=/home/johannes/.config/mimeapps.list fstype=btrfs Mounting noexec /home/johannes/.config/user-dirs.dirs 1307 1288 0:26 /home/johannes/.config/user-dirs.dirs /home/johannes/.config/user-dirs.dirs ro,nosuid,nodev,noexec,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1307 fsname=/home/johannes/.config/user-dirs.dirs dir=/home/johannes/.config/user-dirs.dirs fstype=btrfs Mounting noexec /home/johannes/.config/user-dirs.locale 1308 1289 0:26 /home/johannes/.config/user-dirs.locale /home/johannes/.config/user-dirs.locale ro,nosuid,nodev,noexec,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1308 fsname=/home/johannes/.config/user-dirs.locale dir=/home/johannes/.config/user-dirs.locale fstype=btrfs Mounting noexec /home/johannes/.drirc 1309 1220 0:26 /home/johannes/.drirc /home/johannes/.drirc rw,nosuid,nodev,noexec,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1309 fsname=/home/johannes/.drirc dir=/home/johannes/.drirc fstype=btrfs Mounting noexec /home/johannes/.local/share/applications 1310 1286 0:26 /home/johannes/.local/share/applications /home/johannes/.local/share/applications ro,nosuid,nodev,noexec,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1310 fsname=/home/johannes/.local/share/applications dir=/home/johannes/.local/share/applications fstype=btrfs Mounting noexec /home/johannes/.local/share/icons 1311 1222 0:26 /home/johannes/.local/share/icons /home/johannes/.local/share/icons rw,nosuid,nodev,noexec,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1311 fsname=/home/johannes/.local/share/icons dir=/home/johannes/.local/share/icons fstype=btrfs Mounting noexec /home/johannes/.local/share/mime 1312 1290 0:26 /home/johannes/.local/share/mime /home/johannes/.local/share/mime ro,nosuid,nodev,noexec,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1312 fsname=/home/johannes/.local/share/mime dir=/home/johannes/.local/share/mime fstype=btrfs Mounting noexec /home/johannes/.config/dconf 1313 1277 0:26 /home/johannes/.config/dconf /home/johannes/.config/dconf ro,nosuid,nodev,noexec,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1313 fsname=/home/johannes/.config/dconf dir=/home/johannes/.config/dconf fstype=btrfs Mounting noexec /home/johannes/.config/gtk-2.0 1314 1225 0:26 /home/johannes/.config/gtk-2.0 /home/johannes/.config/gtk-2.0 rw,nosuid,nodev,noexec,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1314 fsname=/home/johannes/.config/gtk-2.0 dir=/home/johannes/.config/gtk-2.0 fstype=btrfs Mounting noexec /home/johannes/.config/gtk-3.0 1315 1226 0:26 /home/johannes/.config/gtk-3.0 /home/johannes/.config/gtk-3.0 rw,nosuid,nodev,noexec,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1315 fsname=/home/johannes/.config/gtk-3.0 dir=/home/johannes/.config/gtk-3.0 fstype=btrfs Mounting noexec /home/johannes/.config/gtk-4.0 1316 1227 0:26 /home/johannes/.config/gtk-4.0 /home/johannes/.config/gtk-4.0 rw,nosuid,nodev,noexec,noatime master:1 - btrfs /dev/sda3 rw,compress-force=zstd:3,space_cache,autodefrag,subvolid=5,subvol=/ mountid=1316 fsname=/home/johannes/.config/gtk-4.0 dir=/home/johannes/.config/gtk-4.0 fstype=btrfs Mounting noexec /run/user/1000 1323 1317 0:57 /.mutter-Xwaylandauth.XUFYT0 /run/user/1000/.mutter-Xwaylandauth.XUFYT0 rw,nosuid,nodev,relatime master:537 - tmpfs tmpfs rw,size=802804k,nr_inodes=200701,mode=700,uid=1000,gid=1000 mountid=1323 fsname=/.mutter-Xwaylandauth.XUFYT0 dir=/run/user/1000/.mutter-Xwaylandauth.XUFYT0 fstype=tmpfs Mounting noexec /run/user/1000/dconf 1324 1319 0:57 /dconf /run/user/1000/dconf rw,nosuid,nodev,noexec,relatime master:537 - tmpfs tmpfs rw,size=802804k,nr_inodes=200701,mode=700,uid=1000,gid=1000 mountid=1324 fsname=/dconf dir=/run/user/1000/dconf fstype=tmpfs Mounting noexec /run/user/1000/ICEauthority 1325 1320 0:57 /ICEauthority /run/user/1000/ICEauthority rw,nosuid,nodev,noexec,relatime master:537 - tmpfs tmpfs rw,size=802804k,nr_inodes=200701,mode=700,uid=1000,gid=1000 mountid=1325 fsname=/ICEauthority dir=/run/user/1000/ICEauthority fstype=tmpfs Mounting noexec /run/user/1000/pulse/native 1326 1321 0:57 /pulse/native /run/user/1000/pulse/native rw,nosuid,nodev,noexec,relatime master:537 - tmpfs tmpfs rw,size=802804k,nr_inodes=200701,mode=700,uid=1000,gid=1000 mountid=1326 fsname=/pulse/native dir=/run/user/1000/pulse/native fstype=tmpfs Mounting noexec /run/user/1000/wayland-0 1327 1322 0:57 /wayland-0 /run/user/1000/wayland-0 rw,nosuid,nodev,noexec,relatime master:537 - tmpfs tmpfs rw,size=802804k,nr_inodes=200701,mode=700,uid=1000,gid=1000 mountid=1327 fsname=/wayland-0 dir=/run/user/1000/wayland-0 fstype=tmpfs Mounting noexec /run/user/1000/.mutter-Xwaylandauth.XUFYT0 1328 1323 0:57 /.mutter-Xwaylandauth.XUFYT0 /run/user/1000/.mutter-Xwaylandauth.XUFYT0 rw,nosuid,nodev,noexec,relatime master:537 - tmpfs tmpfs rw,size=802804k,nr_inodes=200701,mode=700,uid=1000,gid=1000 mountid=1328 fsname=/.mutter-Xwaylandauth.XUFYT0 dir=/run/user/1000/.mutter-Xwaylandauth.XUFYT0 fstype=tmpfs Mounting noexec /dev/shm 1329 1177 0:89 /shm /dev/shm rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755 mountid=1329 fsname=/shm dir=/dev/shm fstype=tmpfs Mounting noexec /tmp 1331 1330 0:51 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev master:67 - tmpfs tmpfs rw,nr_inodes=409600 mountid=1331 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Mounting noexec /tmp/.X11-unix 1332 1331 0:51 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev,noexec master:67 - tmpfs tmpfs rw,nr_inodes=409600 mountid=1332 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Mounting noexec /var 1336 1333 0:82 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw mountid=1336 fsname=/ dir=/var/tmp fstype=tmpfs Disable /usr/lib/gjs Disable /usr/lib/gjs (requested /usr/lib64/gjs) Disable /usr/lib/libgjs.so.0.0.0 (requested /usr/lib/libgjs.so) Disable /usr/lib/libgjs.so.0.0.0 (requested /usr/lib/libgjs.so.0) Disable /usr/lib/libgjs.so.0.0.0 Disable /usr/lib/libgjs.so.0.0.0 (requested /usr/lib64/libgjs.so) Disable /usr/lib/libgjs.so.0.0.0 (requested /usr/lib64/libgjs.so.0) Disable /usr/lib/libgjs.so.0.0.0 (requested /usr/lib64/libgjs.so.0.0.0) Disable /usr/lib/libluajit-5.1.so.2.0.5 (requested /usr/lib/libluajit-5.1.so) Disable /usr/lib/libluajit-5.1.so.2.0.5 (requested /usr/lib/libluajit-5.1.so.2) Disable /usr/lib/libluajit-5.1.so.2.0.5 Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib/liblua.so.5.2) Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib/liblua.so.5.2.4) Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib/liblua5.2.so) Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib/liblua5.2.so.5.2) Disable /usr/lib/liblua5.2.so.5.2.4 Disable /usr/lib/liblua.so.5.4.1 (requested /usr/lib/liblua.so) Disable /usr/lib/liblua.so.5.4.1 (requested /usr/lib/liblua.so.5.4) Disable /usr/lib/liblua.so.5.4.1 Disable /usr/lib/liblua.so.5.4.1 (requested /usr/lib/liblua5.4.so) Disable /usr/lib/lua Disable /usr/lib/libmozjs-78.so (requested /usr/lib64/libmozjs-78.so) Disable /usr/lib/perl5 Disable /usr/share/perl5 Disable /usr/lib/ruby Disable /usr/lib/python2.7 Disable /usr/lib/python3.8 Disable /usr/lib/python3.8 (requested /usr/lib64/python3.8) Not blacklist /home/johannes/.minetest Not blacklist /home/johannes/.cache/minetest Drop privileges: pid 5, uid 1000, gid 1000, nogroups 0 Warning: cleaning all supplementary groups Mounting read-only /tmp/.X11-unix 1365 1332 0:51 /.X11-unix /tmp/.X11-unix ro,nosuid,nodev,noexec master:67 - tmpfs tmpfs rw,nr_inodes=409600 mountid=1365 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Disable /sys/fs Disable /sys/module Disable /mnt Disable /run/mount Disable /run/media Mounting noexec /run/firejail/mnt/pulse 1371 1139 0:79 /pulse /run/firejail/mnt/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755 mountid=1371 fsname=/pulse dir=/run/firejail/mnt/pulse fstype=tmpfs Creating empty /home/johannes/.config/pulse directory Drop privileges: pid 6, uid 1000, gid 1000, nogroups 0 Warning: cleaning all supplementary groups Mounting /run/firejail/mnt/pulse on /home/johannes/.config/pulse 1372 1213 0:79 /pulse /home/johannes/.config/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755 mountid=1372 fsname=/pulse dir=/home/johannes/.config/pulse fstype=tmpfs Create the new ld.so.preload file Blacklist violations are logged to syslog Mount the new ld.so.preload file Current directory: /home/johannes DISPLAY=:0 parsed as 0 Install protocol filter: unix,inet,inet6 configuring 20 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol Dropping all capabilities Drop privileges: pid 7, uid 1000, gid 1000, nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 04 00 c000003e jeq ARCH_64 0006 (false 0002) 0002: 20 00 00 00000000 ld data.syscall-number 0003: 15 01 00 00000167 jeq unknown 0005 (false 0004) 0004: 06 00 00 7fff0000 ret ALLOW 0005: 05 00 00 00000006 jmp 000c 0006: 20 00 00 00000004 ld data.architecture 0007: 15 01 00 c000003e jeq ARCH_64 0009 (false 0008) 0008: 06 00 00 7fff0000 ret ALLOW 0009: 20 00 00 00000000 ld data.syscall-number 000a: 15 01 00 00000029 jeq socket 000c (false 000b) 000b: 06 00 00 7fff0000 ret ALLOW 000c: 20 00 00 00000010 ld data.args[0] 000d: 15 00 01 00000001 jeq 1 000e (false 000f) 000e: 06 00 00 7fff0000 ret ALLOW 000f: 15 00 01 00000002 jeq 2 0010 (false 0011) 0010: 06 00 00 7fff0000 ret ALLOW 0011: 15 00 01 0000000a jeq a 0012 (false 0013) 0012: 06 00 00 7fff0000 ret ALLOW 0013: 06 00 00 0005005f ret ERRNO(95) configuring 101 seccomp entries in /run/firejail/mnt/seccomp/seccomp.32 sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.32 Dropping all capabilities Drop privileges: pid 8, uid 1000, gid 1000, nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 40000003 jeq ARCH_32 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 15 00 01 00000015 jeq 15 0005 (false 0006) 0005: 06 00 00 00000001 ret KILL 0006: 15 00 01 00000034 jeq 34 0007 (false 0008) 0007: 06 00 00 00000001 ret KILL 0008: 15 00 01 0000001a jeq 1a 0009 (false 000a) 0009: 06 00 00 00000001 ret KILL 000a: 15 00 01 0000011b jeq 11b 000b (false 000c) 000b: 06 00 00 00000001 ret KILL 000c: 15 00 01 00000155 jeq 155 000d (false 000e) 000d: 06 00 00 00000001 ret KILL 000e: 15 00 01 00000156 jeq 156 000f (false 0010) 000f: 06 00 00 00000001 ret KILL 0010: 15 00 01 0000007f jeq 7f 0011 (false 0012) 0011: 06 00 00 00000001 ret KILL 0012: 15 00 01 00000080 jeq 80 0013 (false 0014) 0013: 06 00 00 00000001 ret KILL 0014: 15 00 01 0000015e jeq 15e 0015 (false 0016) 0015: 06 00 00 00000001 ret KILL 0016: 15 00 01 00000081 jeq 81 0017 (false 0018) 0017: 06 00 00 00000001 ret KILL 0018: 15 00 01 0000006e jeq 6e 0019 (false 001a) 0019: 06 00 00 00000001 ret KILL 001a: 15 00 01 00000065 jeq 65 001b (false 001c) 001b: 06 00 00 00000001 ret KILL 001c: 15 00 01 00000121 jeq 121 001d (false 001e) 001d: 06 00 00 00000001 ret KILL 001e: 15 00 01 00000057 jeq 57 001f (false 0020) 001f: 06 00 00 00000001 ret KILL 0020: 15 00 01 00000073 jeq 73 0021 (false 0022) 0021: 06 00 00 00000001 ret KILL 0022: 15 00 01 00000067 jeq 67 0023 (false 0024) 0023: 06 00 00 00000001 ret KILL 0024: 15 00 01 0000015b jeq 15b 0025 (false 0026) 0025: 06 00 00 00000001 ret KILL 0026: 15 00 01 0000015c jeq 15c 0027 (false 0028) 0027: 06 00 00 00000001 ret KILL 0028: 15 00 01 00000087 jeq 87 0029 (false 002a) 0029: 06 00 00 00000001 ret KILL 002a: 15 00 01 00000095 jeq 95 002b (false 002c) 002b: 06 00 00 00000001 ret KILL 002c: 15 00 01 0000007c jeq 7c 002d (false 002e) 002d: 06 00 00 00000001 ret KILL 002e: 15 00 01 00000157 jeq 157 002f (false 0030) 002f: 06 00 00 00000001 ret KILL 0030: 15 00 01 000000fd jeq fd 0031 (false 0032) 0031: 06 00 00 00000001 ret KILL 0032: 15 00 01 00000150 jeq 150 0033 (false 0034) 0033: 06 00 00 00000001 ret KILL 0034: 15 00 01 00000152 jeq 152 0035 (false 0036) 0035: 06 00 00 00000001 ret KILL 0036: 15 00 01 0000015d jeq 15d 0037 (false 0038) 0037: 06 00 00 00000001 ret KILL 0038: 15 00 01 0000011e jeq 11e 0039 (false 003a) 0039: 06 00 00 00000001 ret KILL 003a: 15 00 01 0000011f jeq 11f 003b (false 003c) 003b: 06 00 00 00000001 ret KILL 003c: 15 00 01 00000120 jeq 120 003d (false 003e) 003d: 06 00 00 00000001 ret KILL 003e: 15 00 01 00000056 jeq 56 003f (false 0040) 003f: 06 00 00 00000001 ret KILL 0040: 15 00 01 00000033 jeq 33 0041 (false 0042) 0041: 06 00 00 00000001 ret KILL 0042: 15 00 01 0000007b jeq 7b 0043 (false 0044) 0043: 06 00 00 00000001 ret KILL 0044: 15 00 01 000000d9 jeq d9 0045 (false 0046) 0045: 06 00 00 00000001 ret KILL 0046: 15 00 01 000000f5 jeq f5 0047 (false 0048) 0047: 06 00 00 00000001 ret KILL 0048: 15 00 01 000000f6 jeq f6 0049 (false 004a) 0049: 06 00 00 00000001 ret KILL 004a: 15 00 01 000000f7 jeq f7 004b (false 004c) 004b: 06 00 00 00000001 ret KILL 004c: 15 00 01 000000f8 jeq f8 004d (false 004e) 004d: 06 00 00 00000001 ret KILL 004e: 15 00 01 000000f9 jeq f9 004f (false 0050) 004f: 06 00 00 00000001 ret KILL 0050: 15 00 01 00000101 jeq 101 0051 (false 0052) 0051: 06 00 00 00000001 ret KILL 0052: 15 00 01 00000112 jeq 112 0053 (false 0054) 0053: 06 00 00 00000001 ret KILL 0054: 15 00 01 00000114 jeq 114 0055 (false 0056) 0055: 06 00 00 00000001 ret KILL 0056: 15 00 01 00000126 jeq 126 0057 (false 0058) 0057: 06 00 00 00000001 ret KILL 0058: 15 00 01 0000013d jeq 13d 0059 (false 005a) 0059: 06 00 00 00000001 ret KILL 005a: 15 00 01 0000013c jeq 13c 005b (false 005c) 005b: 06 00 00 00000001 ret KILL 005c: 15 00 01 0000003d jeq 3d 005d (false 005e) 005d: 06 00 00 00000001 ret KILL 005e: 15 00 01 00000058 jeq 58 005f (false 0060) 005f: 06 00 00 00000001 ret KILL 0060: 15 00 01 000000a9 jeq a9 0061 (false 0062) 0061: 06 00 00 00000001 ret KILL 0062: 15 00 01 00000082 jeq 82 0063 (false 0064) 0063: 06 00 00 00000001 ret KILL 0064: 06 00 00 7fff0000 ret ALLOW Dual 32/64 bit seccomp filter configured configuring 134 seccomp entries in /run/firejail/mnt/seccomp/seccomp sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp Dropping all capabilities Drop privileges: pid 9, uid 1000, gid 1000, nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005) 0005: 35 01 00 00000000 jge read 0007 (false 0006) 0006: 06 00 00 00050001 ret ERRNO(1) 0007: 15 00 01 0000009f jeq adjtimex 0008 (false 0009) 0008: 06 00 00 00000001 ret KILL 0009: 15 00 01 00000131 jeq clock_adjtime 000a (false 000b) 000a: 06 00 00 00000001 ret KILL 000b: 15 00 01 000000e3 jeq clock_settime 000c (false 000d) 000c: 06 00 00 00000001 ret KILL 000d: 15 00 01 000000a4 jeq settimeofday 000e (false 000f) 000e: 06 00 00 00000001 ret KILL 000f: 15 00 01 0000009a jeq modify_ldt 0010 (false 0011) 0010: 06 00 00 00000001 ret KILL 0011: 15 00 01 000000d4 jeq lookup_dcookie 0012 (false 0013) 0012: 06 00 00 00000001 ret KILL 0013: 15 00 01 0000012a jeq perf_event_open 0014 (false 0015) 0014: 06 00 00 00000001 ret KILL 0015: 15 00 01 00000137 jeq process_vm_writev 0016 (false 0017) 0016: 06 00 00 00000001 ret KILL 0017: 15 00 01 000000b0 jeq delete_module 0018 (false 0019) 0018: 06 00 00 00000001 ret KILL 0019: 15 00 01 00000139 jeq finit_module 001a (false 001b) 001a: 06 00 00 00000001 ret KILL 001b: 15 00 01 000000af jeq init_module 001c (false 001d) 001c: 06 00 00 00000001 ret KILL 001d: 15 00 01 000000a1 jeq chroot 001e (false 001f) 001e: 06 00 00 00000001 ret KILL 001f: 15 00 01 000000a5 jeq mount 0020 (false 0021) 0020: 06 00 00 00000001 ret KILL 0021: 15 00 01 0000009b jeq pivot_root 0022 (false 0023) 0022: 06 00 00 00000001 ret KILL 0023: 15 00 01 000000a6 jeq umount2 0024 (false 0025) 0024: 06 00 00 00000001 ret KILL 0025: 15 00 01 0000009c jeq _sysctl 0026 (false 0027) 0026: 06 00 00 00000001 ret KILL 0027: 15 00 01 000000b7 jeq afs_syscall 0028 (false 0029) 0028: 06 00 00 00000001 ret KILL 0029: 15 00 01 000000ae jeq create_module 002a (false 002b) 002a: 06 00 00 00000001 ret KILL 002b: 15 00 01 000000b1 jeq get_kernel_syms 002c (false 002d) 002c: 06 00 00 00000001 ret KILL 002d: 15 00 01 000000b5 jeq getpmsg 002e (false 002f) 002e: 06 00 00 00000001 ret KILL 002f: 15 00 01 000000b6 jeq putpmsg 0030 (false 0031) 0030: 06 00 00 00000001 ret KILL 0031: 15 00 01 000000b2 jeq query_module 0032 (false 0033) 0032: 06 00 00 00000001 ret KILL 0033: 15 00 01 000000b9 jeq security 0034 (false 0035) 0034: 06 00 00 00000001 ret KILL 0035: 15 00 01 0000008b jeq sysfs 0036 (false 0037) 0036: 06 00 00 00000001 ret KILL 0037: 15 00 01 000000b8 jeq tuxcall 0038 (false 0039) 0038: 06 00 00 00000001 ret KILL 0039: 15 00 01 00000086 jeq uselib 003a (false 003b) 003a: 06 00 00 00000001 ret KILL 003b: 15 00 01 00000088 jeq ustat 003c (false 003d) 003c: 06 00 00 00000001 ret KILL 003d: 15 00 01 000000ec jeq vserver 003e (false 003f) 003e: 06 00 00 00000001 ret KILL 003f: 15 00 01 000000ad jeq ioperm 0040 (false 0041) 0040: 06 00 00 00000001 ret KILL 0041: 15 00 01 000000ac jeq iopl 0042 (false 0043) 0042: 06 00 00 00000001 ret KILL 0043: 15 00 01 000000f6 jeq kexec_load 0044 (false 0045) 0044: 06 00 00 00000001 ret KILL 0045: 15 00 01 00000140 jeq kexec_file_load 0046 (false 0047) 0046: 06 00 00 00000001 ret KILL 0047: 15 00 01 000000a9 jeq reboot 0048 (false 0049) 0048: 06 00 00 00000001 ret KILL 0049: 15 00 01 000000a7 jeq swapon 004a (false 004b) 004a: 06 00 00 00000001 ret KILL 004b: 15 00 01 000000a8 jeq swapoff 004c (false 004d) 004c: 06 00 00 00000001 ret KILL 004d: 15 00 01 00000130 jeq open_by_handle_at 004e (false 004f) 004e: 06 00 00 00000001 ret KILL 004f: 15 00 01 0000012f jeq name_to_handle_at 0050 (false 0051) 0050: 06 00 00 00000001 ret KILL 0051: 15 00 01 000000fb jeq ioprio_set 0052 (false 0053) 0052: 06 00 00 00000001 ret KILL 0053: 15 00 01 00000067 jeq syslog 0054 (false 0055) 0054: 06 00 00 00000001 ret KILL 0055: 15 00 01 0000012c jeq fanotify_init 0056 (false 0057) 0056: 06 00 00 00000001 ret KILL 0057: 15 00 01 00000138 jeq kcmp 0058 (false 0059) 0058: 06 00 00 00000001 ret KILL 0059: 15 00 01 000000f8 jeq add_key 005a (false 005b) 005a: 06 00 00 00000001 ret KILL 005b: 15 00 01 000000f9 jeq request_key 005c (false 005d) 005c: 06 00 00 00000001 ret KILL 005d: 15 00 01 000000ed jeq mbind 005e (false 005f) 005e: 06 00 00 00000001 ret KILL 005f: 15 00 01 00000100 jeq migrate_pages 0060 (false 0061) 0060: 06 00 00 00000001 ret KILL 0061: 15 00 01 00000117 jeq move_pages 0062 (false 0063) 0062: 06 00 00 00000001 ret KILL 0063: 15 00 01 000000fa jeq keyctl 0064 (false 0065) 0064: 06 00 00 00000001 ret KILL 0065: 15 00 01 000000ce jeq io_setup 0066 (false 0067) 0066: 06 00 00 00000001 ret KILL 0067: 15 00 01 000000cf jeq io_destroy 0068 (false 0069) 0068: 06 00 00 00000001 ret KILL 0069: 15 00 01 000000d0 jeq io_getevents 006a (false 006b) 006a: 06 00 00 00000001 ret KILL 006b: 15 00 01 000000d1 jeq io_submit 006c (false 006d) 006c: 06 00 00 00000001 ret KILL 006d: 15 00 01 000000d2 jeq io_cancel 006e (false 006f) 006e: 06 00 00 00000001 ret KILL 006f: 15 00 01 000000d8 jeq remap_file_pages 0070 (false 0071) 0070: 06 00 00 00000001 ret KILL 0071: 15 00 01 00000143 jeq userfaultfd 0072 (false 0073) 0072: 06 00 00 00000001 ret KILL 0073: 15 00 01 000000a3 jeq acct 0074 (false 0075) 0074: 06 00 00 00000001 ret KILL 0075: 15 00 01 00000141 jeq bpf 0076 (false 0077) 0076: 06 00 00 00000001 ret KILL 0077: 15 00 01 000000b4 jeq nfsservctl 0078 (false 0079) 0078: 06 00 00 00000001 ret KILL 0079: 15 00 01 000000ab jeq setdomainname 007a (false 007b) 007a: 06 00 00 00000001 ret KILL 007b: 15 00 01 000000aa jeq sethostname 007c (false 007d) 007c: 06 00 00 00000001 ret KILL 007d: 15 00 01 00000099 jeq vhangup 007e (false 007f) 007e: 06 00 00 00000001 ret KILL 007f: 15 00 01 00000065 jeq ptrace 0080 (false 0081) 0080: 06 00 00 00000001 ret KILL 0081: 15 00 01 00000087 jeq personality 0082 (false 0083) 0082: 06 00 00 00000001 ret KILL 0083: 15 00 01 00000136 jeq process_vm_readv 0084 (false 0085) 0084: 06 00 00 00000001 ret KILL 0085: 06 00 00 7fff0000 ret ALLOW seccomp filter configured Mounting read-only /run/firejail/mnt/seccomp 1375 1139 0:79 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755 mountid=1375 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs Seccomp directory: ls /run/firejail/mnt/seccomp drwxr-xr-x root root 160 . drwxr-xr-x root root 460 .. -rw-r--r-- johannes johannes 1072 seccomp -rw-r--r-- johannes johannes 808 seccomp.32 -rw-r--r-- johannes johannes 114 seccomp.list -rw-r--r-- johannes johannes 0 seccomp.postexec -rw-r--r-- johannes johannes 0 seccomp.postexec32 -rw-r--r-- johannes johannes 160 seccomp.protocol Active seccomp files: cat /run/firejail/mnt/seccomp/seccomp.list /run/firejail/mnt/seccomp/seccomp.protocol /run/firejail/mnt/seccomp/seccomp.32 /run/firejail/mnt/seccomp/seccomp Dropping all capabilities noroot user namespace installed Dropping all capabilities NO_NEW_PRIVS set Drop privileges: pid 1, uid 1000, gid 1000, nogroups 1 No supplementary groups starting application LD_PRELOAD=(null) execvp argument 0: minetest Child process initialized in 90.40 ms Searching $PATH for minetest trying #/usr/local/bin/minetest# Installing /run/firejail/mnt/seccomp/seccomp seccomp filter Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter minetest: error while loading shared libraries: libluajit-5.1.so.2: cannot open shared object file: Permission denied monitoring pid 10 Sandbox monitor: waitpid 10 retval 10 status 32512 Parent is shutting down, bye... ``` </details>

gitea-mirror closed this issue 2026-05-05 09:01:54 -06:00

gitea-mirror commented 2026-05-05 09:01:56 -06:00

Author

Owner

Copy link

@ghost commented on GitHub (Nov 4, 2020):

@h4x0r-droid Thank you for reporting this issue and providing clues on how to fix this.

If you comment out include disable-interpreters.inc minetest works as expected.

That's is helpful. I've checked the Arch Linux package and it turns out that minetest depends on luajit, which is one of the interpreters blacklisted in disable-interpreters.inc. There's another clue near the end of your debug output:

[...]
minetest: error while loading shared libraries: libluajit-5.1.so.2: cannot open shared object file: Permission denied

So, instead of completely avoiding the inclusion of disable-interpreters.inc, we have a set of allow-*.inc files exactly for this purpose. Can you test the profile with these additional lines to allow Lua related files:

# Allow lua (blacklisted by disable-interpreters.inc)
include allow-lua.inc

<!-- gh-comment-id:721488369 --> @ghost commented on GitHub (Nov 4, 2020): @h4x0r-droid Thank you for reporting this issue and providing clues on how to fix this. > If you comment out include disable-interpreters.inc minetest works as expected. That's is helpful. I've checked the Arch Linux [package](https://www.archlinux.org/packages/community/x86_64/minetest/files/) and it turns out that minetest depends on `luajit`, which is one of the interpreters blacklisted in disable-interpreters.inc. There's another clue near the end of your debug output: ``` [...] minetest: error while loading shared libraries: libluajit-5.1.so.2: cannot open shared object file: Permission denied ``` So, instead of completely avoiding the inclusion of disable-interpreters.inc, we have a set of allow-*.inc files exactly for this purpose. Can you test the profile with these additional lines to allow Lua related files: ``` # Allow lua (blacklisted by disable-interpreters.inc) include allow-lua.inc ```

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

serialize_remounts_v2

landlock_v4

landlock

release-0.9.64

release-0.9.62

gitlab_ci

LTSbase

fred_ctests

docs

0.9.80

0.9.80-rc1

0.9.78

0.9.76

0.9.76-rc4

0.9.76-rc3

0.9.76-rc2

0.9.76-rc1

0.9.74

landlock-split

0.9.72

0.9.72rc1

0.9.70

0.9.68

0.9.68rc1

0.9.66

0.9.66rc1

0.9.64.4

0.9.64.2

0.9.64

0.9.64rc1

0.9.62.4

0.9.62.2

0.9.62

0.9.56.2-LTS

0.9.60

0.9.60-rc1

0.9.58.2

0.9.58

0.9.58-rc1

0.9.56-LTS-release

0.9.56-LTS

0.9.56

0.9.56-rc1

0.9.54

0.9.54-rc2

0.9.54-rc1

0.9.52

0.9.38.12

0.9.50

0.9.50-rc1

0.9.48

0.9.46

0.9.46-rc1

0.9.44.10

0.9.44.8

0.9.44.6

0.9.38.10

0.9.44.4

0.9.38.8

0.9.44.2

0.9.44

0.9.44-rc1

0.9.38.4

0.9.42

0.9.42-rc2

0.9.38.2

0.9.42-rc1

disable-globalcfg

0.9.40

0.9.40-rc1

0.9.38

0.9.38-rc1

0.9.36

0.9.36-rc1

0.9.34

0.9.34-rc1

0.9.32

0.9.32-rc1

0.9.30

0.9.30-rc1

Labels

Clear labels   

LTS merge

  

LTS merge

  

bug

  

bug

  

converted-to-discussion

  

doc-todo

  

documentation

  

duplicate

  

enhancement

  

file-transfer

  

firecfg

  

firejail-in-firejail

  

firetools

  

graphics

  

help wanted

  

information_old

  

installation

  

invalid

  

modif

  

moved

  

needinfo

  

networking

  

notabug

  

notourbug

  

old-version

  

overlayfs

  

packaging

  

profile-request

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question_old

  

removal

  

runtime-permissions

  

sandbox-ipc

  

security

  

stale

  

wiki

  

wiki

  

wontfix

  

wordpress

  

workaround

No labels

LTS merge

LTS merge

bug

bug

converted-to-discussion

doc-todo

documentation

duplicate

enhancement

file-transfer

firecfg

firejail-in-firejail

firetools

graphics

help wanted

information_old

installation

invalid

modif

moved

needinfo

networking

notabug

notourbug

old-version

overlayfs

packaging

profile-request

pull-request

question

question_old

removal

runtime-permissions

sandbox-ipc

security

stale

wiki

wiki

wontfix

wordpress

workaround

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2346

No description provided.