mirror of
https://github.com/netblue30/firejail.git
synced 2026-05-15 14:16:14 -06:00
[GH-ISSUE #3786] rhythmbox profile does not support viewing/loading files from cdrom #2388
Labels
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: github-starred/firejail#2388
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @millerthegorilla on GitHub (Dec 3, 2020).
Original GitHub issue: https://github.com/netblue30/firejail/issues/3786
Write clear, concise and in textual form.
rhythmbox profile does not support viewing/loading files from cdrom
ie /dev/sr0 is blacklisted
Bug and expected behavior
Describe the bug.
should be able to open /dev/sr0 when using rhythmbox
What did you expect to happen?
open rhythmbox, and load files from cdrom into playlist
No profile and disabling firejail
What changed calling
firejail --noprofile /path/to/programin a terminal?am able to view cdrom file.
What changed calling the program by path (check
which <program>orfirejail --listwhile the sandbox is running)?unable to see cdrom
Reproduce
Steps to reproduce the behavior:
firejail rhythmbox(fedora 33 workstation up to date)ERRORn/aExpected Behaviour is that Rhythmbox should be able to see the cd drive. I am guessing it might be a caps issue.
Environment
Linux distribution and version (ie output of
lsb_release -a,screenfetchorcat /etc/os-release)cat /etc/os-release
NAME=Fedora
VERSION="33 (Workstation Edition)"
ID=fedora
VERSION_ID=33
VERSION_CODENAME=""
PLATFORM_ID="platform:f33"
PRETTY_NAME="Fedora 33 (Workstation Edition)"
ANSI_COLOR="0;38;2;60;110;180"
LOGO=fedora-logo-icon
CPE_NAME="cpe:/o:fedoraproject:fedora:33"
HOME_URL="https://fedoraproject.org/"
DOCUMENTATION_URL="https://docs.fedoraproject.org/en-US/fedora/f33/system-administrators-guide/"
SUPPORT_URL="https://fedoraproject.org/wiki/Communicating_and_getting_help"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Fedora"
REDHAT_BUGZILLA_PRODUCT_VERSION=33
REDHAT_SUPPORT_PRODUCT="Fedora"
REDHAT_SUPPORT_PRODUCT_VERSION=33
PRIVACY_POLICY_URL="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
VARIANT="Workstation Edition"
VARIANT_ID=workstation
Firejail version (output of
firejail --version) exclusive or used git commit (git rev-parse HEAD)firejail version 0.9.64
Compile time support:
- AppArmor support is disabled
- AppImage support is enabled
- chroot support is enabled
- D-BUS proxy support is enabled
- file and directory whitelisting support is enabled
- file transfer support is enabled
- firetunnel support is enabled
- networking support is enabled
- overlayfs support is enabled
- private-home support is enabled
- SELinux support is enabled
- user namespace support is enabled
- X11 sandboxing support is enabled
Additional context
Other context about the problem like related errors to understand the problem.
I tried creating the following in /etc/firejail/rhythmbox.local
whitelist /dev/sr0
Checklist
https://github.com/netblue30/firejail/issues/1139)--profile=PROFILENAMEis used to set the right profile.LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 PROGRAMto get english error-messages.debug output
......>
XXsanitizedXX is standard user with no sudo,wheel etc.
Reading profile /etc/firejail/default.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
** Note: you can use --noprofile to disable default.profile **
Parent pid 9208, child pid 9209
Warning: cleaning all supplementary groups
Child process initialized in 98.38 ms
/bin/bash: /usr/binrhythmbox: No such file or directory
Parent is shutting down, bye...
[XXsanitizedXX@localhost ~]$ firejail /usr/bin/rhythmbox
Reading profile /etc/firejail/rhythmbox.profile
Reading profile /etc/firejail/rhythmbox.local
Reading profile /etc/firejail/allow-python2.inc
Reading profile /etc/firejail/allow-python3.inc
Reading profile /etc/firejail/allow-lua.inc
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-shell.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-runuser-common.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 9217, child pid 9220
2 programs installed in 36.52 ms
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Blacklist violations are logged to syslog
Child process initialized in 233.70 ms
(rhythmbox:5): dbind-WARNING **: 15:27:04.973: AT-SPI: Error retrieving accessibility bus address: org.freedesktop.DBus.Error.ServiceUnknown: org.freedesktop.DBus.Error.ServiceUnknown
Parent is shutting down, bye...
[XXsanitizedXX@localhost ~]$ firejail --debug rhythmbox
Autoselecting /bin/bash as shell
Building quoted command line: 'rhythmbox'
Command name #rhythmbox#
Found rhythmbox.profile profile in /etc/firejail directory
Reading profile /etc/firejail/rhythmbox.profile
Found rhythmbox.local profile in /etc/firejail directory
Reading profile /etc/firejail/rhythmbox.local
Found allow-python2.inc profile in /etc/firejail directory
Reading profile /etc/firejail/allow-python2.inc
Found allow-python3.inc profile in /etc/firejail directory
Reading profile /etc/firejail/allow-python3.inc
Found allow-lua.inc profile in /etc/firejail directory
Reading profile /etc/firejail/allow-lua.inc
Found disable-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-common.inc
Found disable-devel.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-devel.inc
Found disable-exec.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-exec.inc
Found disable-interpreters.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-interpreters.inc
Found disable-passwdmgr.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-passwdmgr.inc
Found disable-programs.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-programs.inc
Found disable-shell.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-shell.inc
Found disable-xdg.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-xdg.inc
Found whitelist-runuser-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-runuser-common.inc
Found whitelist-usr-share-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Found whitelist-var-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-var-common.inc
DISPLAY=:0 parsed as 0
xdg-dbus-proxy arg: unix:path=/run/user/1003/bus
xdg-dbus-proxy arg: /run/firejail/dbus/1003/9265-user
xdg-dbus-proxy arg: --filter
xdg-dbus-proxy arg: --own=org.gnome.Rhythmbox3
xdg-dbus-proxy arg: --own=org.mpris.MediaPlayer2.rhythmbox
xdg-dbus-proxy arg: --own=org.gnome.UPnP.MediaServer2.Rhythmbox
xdg-dbus-proxy arg: --talk=ca.desrt.dconf
xdg-dbus-proxy arg: --talk=org.freedesktop.Notifications
xdg-dbus-proxy arg: --talk=org.gnome.SettingsDaemon.MediaKeys
xdg-dbus-proxy arg: unix:path=/run/dbus/system_bus_socket
xdg-dbus-proxy arg: /run/firejail/dbus/1003/9265-system
xdg-dbus-proxy arg: --filter
xdg-dbus-proxy arg: --talk=org.freedesktop.Avahi
starting xdg-dbus-proxy
sbox exec: /usr/bin/xdg-dbus-proxy --fd=9 --args=10
Dropping all capabilities
Drop privileges: pid 9266, uid 1003, gid 1004, nogroups 1
No supplementary groups
xdg-dbus-proxy initialized
Using the local network stack
Parent pid 9265, child pid 9268
Initializing child process
Host network configured
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp directory
Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file
Build protocol filter: unix,inet,inet6,netlink
sbox run: /run/firejail/lib/fseccomp protocol build unix,inet,inet6,netlink /run/firejail/mnt/seccomp/seccomp.protocol
Dropping all capabilities
Drop privileges: pid 2, uid 1003, gid 1004, nogroups 1
No supplementary groups
Mounting /proc filesystem representing the PID namespace
Basic read-only filesystem:
Mounting read-only /etc
1353 822 0:33 /root/etc /etc ro,relatime master:1 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=256,subvol=/root
mountid=1353 fsname=/root/etc dir=/etc fstype=btrfs
Mounting noexec /etc
1354 1353 0:33 /root/etc /etc ro,nosuid,nodev,noexec,relatime master:1 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=256,subvol=/root
mountid=1354 fsname=/root/etc dir=/etc fstype=btrfs
Mounting read-only /var
1357 1355 0:43 / /var/lib/nfs/rpc_pipefs rw,relatime master:124 - rpc_pipefs sunrpc rw
mountid=1357 fsname=/ dir=/var/lib/nfs/rpc_pipefs fstype=rpc_pipefs
Mounting read-only /var/lib/nfs/rpc_pipefs
1358 1357 0:43 / /var/lib/nfs/rpc_pipefs ro,relatime master:124 - rpc_pipefs sunrpc rw
mountid=1358 fsname=/ dir=/var/lib/nfs/rpc_pipefs fstype=rpc_pipefs
Mounting noexec /var
1362 1361 0:43 / /var/lib/nfs/rpc_pipefs ro,relatime master:124 - rpc_pipefs sunrpc rw
mountid=1362 fsname=/ dir=/var/lib/nfs/rpc_pipefs fstype=rpc_pipefs
Mounting noexec /var/lib/snapd/snap/core/10185
1363 1360 7:0 / /var/lib/snapd/snap/core/10185 ro,nosuid,nodev,noexec,relatime master:45 - squashfs /dev/loop0 ro,context=system_u:object_r:snappy_snap_t:s0
mountid=1363 fsname=/ dir=/var/lib/snapd/snap/core/10185 fstype=squashfs
Mounting noexec /var/lib/nfs/rpc_pipefs
1364 1362 0:43 / /var/lib/nfs/rpc_pipefs ro,nosuid,nodev,noexec,relatime master:124 - rpc_pipefs sunrpc rw
mountid=1364 fsname=/ dir=/var/lib/nfs/rpc_pipefs fstype=rpc_pipefs
Mounting read-only /usr
1365 822 0:33 /root/usr /usr ro,relatime master:1 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=256,subvol=/root
mountid=1365 fsname=/root/usr dir=/usr fstype=btrfs
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Relabeling /home as /home (system_u:object_r:home_root_t:s0)
Cleaning /run/user directory
Relabeling /run/user as /run/user (system_u:object_r:user_tmp_t:s0)
Relabeling /run/user/1003 as /run/user/1003 (system_u:object_r:user_tmp_t:s0)
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/profile
Disable /run/firejail/x11
Mounting tmpfs on /dev
mounting /run/firejail/mnt/dev/snd directory
mounting /run/firejail/mnt/dev/dri directory
mounting /run/firejail/mnt/dev/sr0 file
Process /dev/shm directory
Relabeling /dev/shm as /dev/shm (system_u:object_r:tmpfs_t:s0)
Relabeling /dev/pts as /dev/pts (system_u:object_r:devpts_t:s0)
Relabeling /dev/ptmx as /dev/ptmx (system_u:object_r:device_t:s0)
Copying files in the new bin directory
Checking /usr/local/bin/rhythmbox
firejail exec symlink detected
Checking /usr/bin/rhythmbox
sbox run: /run/firejail/lib/fcopy /usr/bin/rhythmbox /run/firejail/mnt/bin
Relabeling /run/firejail/mnt/bin/rhythmbox as /usr/bin/rhythmbox (system_u:object_r:bin_t:s0)
Checking /usr/local/bin/rhythmbox-client
firejail exec symlink detected
Checking /usr/bin/rhythmbox-client
sbox run: /run/firejail/lib/fcopy /usr/bin/rhythmbox-client /run/firejail/mnt/bin
Relabeling /run/firejail/mnt/bin/rhythmbox-client as /usr/bin/rhythmbox-client (system_u:object_r:bin_t:s0)
Mount-bind /run/firejail/mnt/bin on top of /usr/local/bin
Mount-bind /run/firejail/mnt/bin on top of /usr/bin
Mount-bind /run/firejail/mnt/bin on top of /bin
Mount-bind /run/firejail/mnt/bin on top of /usr/games
Mount-bind /run/firejail/mnt/bin on top of /usr/local/games
Mount-bind /run/firejail/mnt/bin on top of /usr/local/sbin
Mount-bind /run/firejail/mnt/bin on top of /usr/sbin
Mount-bind /run/firejail/mnt/bin on top of /sbin
Relabeling /run/firejail/mnt/bin as /bin (system_u:object_r:bin_t:s0)
2 programs installed in 41.61 ms
Generate private-tmp whitelist commands
Creating empty /run/firejail/mnt/dbus directory
Creating empty /run/firejail/mnt/dbus/user file
blacklist /run/user/1003/bus
Creating empty /run/firejail/mnt/dbus/system file
blacklist /run/dbus/system_bus_socket
blacklist /run/firejail/dbus
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Mounting read-only /proc/sys
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/sched_debug
Disable /proc/timer_list
Disable /proc/kcore
Disable /proc/kallsyms
Disable /usr/lib/modules (requested /lib/modules)
Disable /usr/lib/debug
Disable /boot
Disable /run/user/1003/gnupg
Disable /run/user/1003/systemd
Disable /proc/kmsg
Debug 456: new_name #/dev/sr0#, whitelist
Debug 456: new_name #/usr/share/rhythmbox#, whitelist
Debug 456: new_name #/usr/share/lua#, whitelist
Debug 456: new_name #/usr/share/libquvi-scripts#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/libquvi-scripts
expanded: /usr/share/libquvi-scripts
real path: (null)
realpath: No such file or directory
Debug 456: new_name #/usr/share/tracker#, whitelist
Debug 456: new_name #/run/user/1003/bus#, whitelist
Replaced whitelist path: whitelist /run/user/1003/bus
Debug 456: new_name #/run/user/1003/dconf#, whitelist
Replaced whitelist path: whitelist /run/user/1003/dconf
Debug 456: new_name #/run/user/1003/gdm/Xauthority#, whitelist
Removed whitelist/nowhitelist path: whitelist ${RUNUSER}/gdm/Xauthority
expanded: /run/user/1003/gdm/Xauthority
real path: (null)
realpath: No such file or directory
Debug 456: new_name #/run/user/1003/ICEauthority#, whitelist
Replaced whitelist path: whitelist /run/user/1003/ICEauthority
Debug 456: new_name #/run/user/1003/.mutter-Xwaylandauth.#, whitelist
Adding new profile command: whitelist /run/user/1003/.mutter-Xwaylandauth.5ZQVU0
Removed whitelist/nowhitelist path: whitelist ${RUNUSER}/.mutter-Xwaylandauth.
expanded: /run/user/1003/.mutter-Xwaylandauth.*
real path: (null)
realpath: No such file or directory
Debug 456: new_name #/run/user/1003/pulse/native#, whitelist
Replaced whitelist path: whitelist /run/user/1003/pulse/native
Debug 456: new_name #/run/user/1003/wayland-0#, whitelist
Replaced whitelist path: whitelist /run/user/1003/wayland-0
Debug 456: new_name #/usr/share/alsa#, whitelist
Debug 456: new_name #/usr/share/applications#, whitelist
Debug 456: new_name #/usr/share/ca-certificates#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/ca-certificates
expanded: /usr/share/ca-certificates
real path: (null)
realpath: No such file or directory
Debug 456: new_name #/usr/share/crypto-policies#, whitelist
Debug 456: new_name #/usr/share/cursors#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/cursors
expanded: /usr/share/cursors
real path: (null)
realpath: No such file or directory
Debug 456: new_name #/usr/share/dconf#, whitelist
Debug 456: new_name #/usr/share/distro-info#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/distro-info
expanded: /usr/share/distro-info
real path: (null)
realpath: No such file or directory
Debug 456: new_name #/usr/share/drirc.d#, whitelist
Debug 456: new_name #/usr/share/enchant#, whitelist
Debug 456: new_name #/usr/share/enchant-2#, whitelist
Debug 456: new_name #/usr/share/file#, whitelist
Debug 456: new_name #/usr/share/fontconfig#, whitelist
Debug 456: new_name #/usr/share/fonts#, whitelist
Debug 456: new_name #/usr/share/gir-1.0#, whitelist
Debug 456: new_name #/usr/share/gjs-1.0#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/gjs-1.0
expanded: /usr/share/gjs-1.0
real path: (null)
realpath: No such file or directory
Debug 456: new_name #/usr/share/glib-2.0#, whitelist
Debug 456: new_name #/usr/share/glvnd#, whitelist
Debug 456: new_name #/usr/share/gtk-2.0#, whitelist
Debug 456: new_name #/usr/share/gtk-3.0#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/gtk-3.0
expanded: /usr/share/gtk-3.0
real path: (null)
realpath: No such file or directory
Debug 456: new_name #/usr/share/gtk-engines#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/gtk-engines
expanded: /usr/share/gtk-engines
real path: (null)
realpath: No such file or directory
Debug 456: new_name #/usr/share/gtksourceview-3.0#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/gtksourceview-3.0
expanded: /usr/share/gtksourceview-3.0
real path: (null)
realpath: No such file or directory
Debug 456: new_name #/usr/share/gtksourceview-4#, whitelist
Debug 456: new_name #/usr/share/hunspell#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/hunspell
expanded: /usr/share/hunspell
real path: (null)
realpath: No such file or directory
Debug 456: new_name #/usr/share/hwdata#, whitelist
Debug 456: new_name #/usr/share/icons#, whitelist
Debug 456: new_name #/usr/share/icu#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/icu
expanded: /usr/share/icu
real path: (null)
realpath: No such file or directory
Debug 456: new_name #/usr/share/knotifications5#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/knotifications5
expanded: /usr/share/knotifications5
real path: (null)
realpath: No such file or directory
Debug 456: new_name #/usr/share/kservices5#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/kservices5
expanded: /usr/share/kservices5
real path: (null)
realpath: No such file or directory
Debug 456: new_name #/usr/share/Kvantum#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/Kvantum
expanded: /usr/share/Kvantum
real path: (null)
realpath: No such file or directory
Debug 456: new_name #/usr/share/kxmlgui5#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/kxmlgui5
expanded: /usr/share/kxmlgui5
real path: (null)
realpath: No such file or directory
Debug 456: new_name #/usr/share/libdrm#, whitelist
Debug 456: new_name #/usr/share/libthai#, whitelist
Debug 456: new_name #/usr/share/locale#, whitelist
Debug 456: new_name #/usr/share/mime#, whitelist
Debug 456: new_name #/usr/share/misc#, whitelist
Debug 456: new_name #/usr/share/Modules#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/Modules
expanded: /usr/share/Modules
real path: (null)
realpath: No such file or directory
Debug 456: new_name #/usr/share/myspell#, whitelist
Debug 456: new_name #/usr/share/p11-kit#, whitelist
Debug 456: new_name #/usr/share/perl#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/perl
expanded: /usr/share/perl
real path: (null)
realpath: No such file or directory
Debug 456: new_name #/usr/share/perl5#, whitelist
Debug 456: new_name #/usr/share/pixmaps#, whitelist
Debug 456: new_name #/usr/share/pki#, whitelist
Debug 456: new_name #/usr/share/plasma#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/plasma
expanded: /usr/share/plasma
real path: (null)
realpath: No such file or directory
Debug 456: new_name #/usr/share/publicsuffix#, whitelist
Debug 456: new_name #/usr/share/qt#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/qt
expanded: /usr/share/qt
real path: (null)
realpath: No such file or directory
Debug 456: new_name #/usr/share/qt4#, whitelist
Debug 456: new_name #/usr/share/qt5#, whitelist
Debug 456: new_name #/usr/share/qt5ct#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/qt5ct
expanded: /usr/share/qt5ct
real path: (null)
realpath: No such file or directory
Debug 456: new_name #/usr/share/sounds#, whitelist
Debug 456: new_name #/usr/share/tcl8.6#, whitelist
Debug 456: new_name #/usr/share/tcltk#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/tcltk
expanded: /usr/share/tcltk
real path: (null)
realpath: No such file or directory
Debug 456: new_name #/usr/share/terminfo#, whitelist
Debug 456: new_name #/usr/share/texlive#, whitelist
Debug 456: new_name #/usr/share/texmf#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/texmf
expanded: /usr/share/texmf
real path: (null)
realpath: No such file or directory
Debug 456: new_name #/usr/share/themes#, whitelist
Debug 456: new_name #/usr/share/thumbnail.so#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/thumbnail.so
expanded: /usr/share/thumbnail.so
real path: (null)
realpath: No such file or directory
Debug 456: new_name #/usr/share/X11#, whitelist
Debug 456: new_name #/usr/share/xml#, whitelist
Debug 456: new_name #/usr/share/zoneinfo#, whitelist
Debug 456: new_name #/var/lib/ca-certificates#, whitelist
Removed whitelist/nowhitelist path: whitelist /var/lib/ca-certificates
expanded: /var/lib/ca-certificates
real path: (null)
realpath: No such file or directory
Debug 456: new_name #/var/lib/dbus#, whitelist
Debug 456: new_name #/var/lib/menu-xdg#, whitelist
Removed whitelist/nowhitelist path: whitelist /var/lib/menu-xdg
expanded: /var/lib/menu-xdg
real path: (null)
realpath: No such file or directory
Debug 456: new_name #/var/lib/uim#, whitelist
Removed whitelist/nowhitelist path: whitelist /var/lib/uim
expanded: /var/lib/uim
real path: (null)
realpath: No such file or directory
Debug 456: new_name #/var/cache/fontconfig#, whitelist
Debug 456: new_name #/var/tmp#, whitelist
Debug 456: new_name #/var/run#, whitelist
Replaced whitelist path: whitelist /run
Debug 456: new_name #/var/lock#, whitelist
Replaced whitelist path: whitelist /run/lock
Debug 456: new_name #/tmp/.X11-unix#, whitelist
Debug 456: new_name #/run/user/1003/.mutter-Xwaylandauth.5ZQVU0#, whitelist
Mounting tmpfs on /tmp directory
Relabeling /tmp as /tmp (system_u:object_r:tmp_t:s0)
Mounting tmpfs on /var directory
Relabeling /var as /var (system_u:object_r:var_t:s0)
Mounting tmpfs on /dev directory
Relabeling /dev as /dev (system_u:object_r:device_t:s0)
Mounting tmpfs on /usr/share directory
Relabeling /usr/share as /usr/share (system_u:object_r:usr_t:s0)
Mounting tmpfs on /run/user/1003 directory
Relabeling /run/user/1003 as /run/user/1003 (system_u:object_r:user_tmp_t:s0)
Whitelisting /dev/sr0
2158 2149 0:5 /sr0 /dev/sr0 rw,nosuid,noexec master:11 - devtmpfs devtmpfs rw,seclabel,size=3991872k,nr_inodes=997968,mode=755,inode64
mountid=2158 fsname=/sr0 dir=/dev/sr0 fstype=devtmpfs
Whitelisting /usr/share/rhythmbox
2159 2151 0:33 /root/usr/share/rhythmbox /usr/share/rhythmbox ro,relatime master:1 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=256,subvol=/root
mountid=2159 fsname=/root/usr/share/rhythmbox dir=/usr/share/rhythmbox fstype=btrfs
Whitelisting /usr/share/lua
2160 2151 0:33 /root/usr/share/lua /usr/share/lua ro,relatime master:1 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=256,subvol=/root
mountid=2160 fsname=/root/usr/share/lua dir=/usr/share/lua fstype=btrfs
Whitelisting /usr/share/tracker
2161 2151 0:33 /root/usr/share/tracker /usr/share/tracker ro,relatime master:1 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=256,subvol=/root
mountid=2161 fsname=/root/usr/share/tracker dir=/usr/share/tracker fstype=btrfs
Whitelisting /run/user/1003/bus
2162 2157 0:25 /firejail/firejail.ro.file /run/user/1003/bus rw,nosuid,nodev master:14 - tmpfs tmpfs rw,seclabel,size=1605156k,nr_inodes=819200,mode=755,inode64
mountid=2162 fsname=/firejail/firejail.ro.file dir=/run/user/1003/bus fstype=tmpfs
Whitelisting /run/user/1003/dconf
2163 2157 0:48 /dconf /run/user/1003/dconf rw,nosuid,nodev,relatime master:489 - tmpfs tmpfs rw,seclabel,size=802576k,nr_inodes=200644,mode=700,uid=1003,gid=1004,inode64
mountid=2163 fsname=/dconf dir=/run/user/1003/dconf fstype=tmpfs
Whitelisting /run/user/1003/ICEauthority
2164 2157 0:48 /ICEauthority /run/user/1003/ICEauthority rw,nosuid,nodev,relatime master:489 - tmpfs tmpfs rw,seclabel,size=802576k,nr_inodes=200644,mode=700,uid=1003,gid=1004,inode64
mountid=2164 fsname=/ICEauthority dir=/run/user/1003/ICEauthority fstype=tmpfs
Whitelisting /run/user/1003/pulse/native
2165 2157 0:48 /pulse/native /run/user/1003/pulse/native rw,nosuid,nodev,relatime master:489 - tmpfs tmpfs rw,seclabel,size=802576k,nr_inodes=200644,mode=700,uid=1003,gid=1004,inode64
mountid=2165 fsname=/pulse/native dir=/run/user/1003/pulse/native fstype=tmpfs
Whitelisting /run/user/1003/wayland-0
2166 2157 0:48 /wayland-0 /run/user/1003/wayland-0 rw,nosuid,nodev,relatime master:489 - tmpfs tmpfs rw,seclabel,size=802576k,nr_inodes=200644,mode=700,uid=1003,gid=1004,inode64
mountid=2166 fsname=/wayland-0 dir=/run/user/1003/wayland-0 fstype=tmpfs
Whitelisting /usr/share/alsa
2167 2151 0:33 /root/usr/share/alsa /usr/share/alsa ro,relatime master:1 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=256,subvol=/root
mountid=2167 fsname=/root/usr/share/alsa dir=/usr/share/alsa fstype=btrfs
Whitelisting /usr/share/applications
2168 2151 0:33 /root/usr/share/applications /usr/share/applications ro,relatime master:1 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=256,subvol=/root
mountid=2168 fsname=/root/usr/share/applications dir=/usr/share/applications fstype=btrfs
Whitelisting /usr/share/crypto-policies
2169 2151 0:33 /root/usr/share/crypto-policies /usr/share/crypto-policies ro,relatime master:1 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=256,subvol=/root
mountid=2169 fsname=/root/usr/share/crypto-policies dir=/usr/share/crypto-policies fstype=btrfs
Whitelisting /usr/share/dconf
2170 2151 0:33 /root/usr/share/dconf /usr/share/dconf ro,relatime master:1 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=256,subvol=/root
mountid=2170 fsname=/root/usr/share/dconf dir=/usr/share/dconf fstype=btrfs
Whitelisting /usr/share/drirc.d
2171 2151 0:33 /root/usr/share/drirc.d /usr/share/drirc.d ro,relatime master:1 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=256,subvol=/root
mountid=2171 fsname=/root/usr/share/drirc.d dir=/usr/share/drirc.d fstype=btrfs
Whitelisting /usr/share/enchant
2172 2151 0:33 /root/usr/share/enchant /usr/share/enchant ro,relatime master:1 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=256,subvol=/root
mountid=2172 fsname=/root/usr/share/enchant dir=/usr/share/enchant fstype=btrfs
Whitelisting /usr/share/enchant-2
2173 2151 0:33 /root/usr/share/enchant-2 /usr/share/enchant-2 ro,relatime master:1 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=256,subvol=/root
mountid=2173 fsname=/root/usr/share/enchant-2 dir=/usr/share/enchant-2 fstype=btrfs
Whitelisting /usr/share/file
2174 2151 0:33 /root/usr/share/file /usr/share/file ro,relatime master:1 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=256,subvol=/root
mountid=2174 fsname=/root/usr/share/file dir=/usr/share/file fstype=btrfs
Whitelisting /usr/share/fontconfig
2175 2151 0:33 /root/usr/share/fontconfig /usr/share/fontconfig ro,relatime master:1 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=256,subvol=/root
mountid=2175 fsname=/root/usr/share/fontconfig dir=/usr/share/fontconfig fstype=btrfs
Whitelisting /usr/share/fonts
2176 2151 0:33 /root/usr/share/fonts /usr/share/fonts ro,relatime master:1 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=256,subvol=/root
mountid=2176 fsname=/root/usr/share/fonts dir=/usr/share/fonts fstype=btrfs
Whitelisting /usr/share/gir-1.0
2177 2151 0:33 /root/usr/share/gir-1.0 /usr/share/gir-1.0 ro,relatime master:1 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=256,subvol=/root
mountid=2177 fsname=/root/usr/share/gir-1.0 dir=/usr/share/gir-1.0 fstype=btrfs
Whitelisting /usr/share/glib-2.0
2178 2151 0:33 /root/usr/share/glib-2.0 /usr/share/glib-2.0 ro,relatime master:1 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=256,subvol=/root
mountid=2178 fsname=/root/usr/share/glib-2.0 dir=/usr/share/glib-2.0 fstype=btrfs
Whitelisting /usr/share/glvnd
2179 2151 0:33 /root/usr/share/glvnd /usr/share/glvnd ro,relatime master:1 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=256,subvol=/root
mountid=2179 fsname=/root/usr/share/glvnd dir=/usr/share/glvnd fstype=btrfs
Whitelisting /usr/share/gtk-2.0
2180 2151 0:33 /root/usr/share/gtk-2.0 /usr/share/gtk-2.0 ro,relatime master:1 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=256,subvol=/root
mountid=2180 fsname=/root/usr/share/gtk-2.0 dir=/usr/share/gtk-2.0 fstype=btrfs
Whitelisting /usr/share/gtksourceview-4
2181 2151 0:33 /root/usr/share/gtksourceview-4 /usr/share/gtksourceview-4 ro,relatime master:1 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=256,subvol=/root
mountid=2181 fsname=/root/usr/share/gtksourceview-4 dir=/usr/share/gtksourceview-4 fstype=btrfs
Whitelisting /usr/share/hwdata
2182 2151 0:33 /root/usr/share/hwdata /usr/share/hwdata ro,relatime master:1 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=256,subvol=/root
mountid=2182 fsname=/root/usr/share/hwdata dir=/usr/share/hwdata fstype=btrfs
Whitelisting /usr/share/icons
2183 2151 0:33 /root/usr/share/icons /usr/share/icons ro,relatime master:1 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=256,subvol=/root
mountid=2183 fsname=/root/usr/share/icons dir=/usr/share/icons fstype=btrfs
Whitelisting /usr/share/libdrm
2184 2151 0:33 /root/usr/share/libdrm /usr/share/libdrm ro,relatime master:1 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=256,subvol=/root
mountid=2184 fsname=/root/usr/share/libdrm dir=/usr/share/libdrm fstype=btrfs
Whitelisting /usr/share/libthai
2185 2151 0:33 /root/usr/share/libthai /usr/share/libthai ro,relatime master:1 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=256,subvol=/root
mountid=2185 fsname=/root/usr/share/libthai dir=/usr/share/libthai fstype=btrfs
Whitelisting /usr/share/locale
2186 2151 0:33 /root/usr/share/locale /usr/share/locale ro,relatime master:1 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=256,subvol=/root
mountid=2186 fsname=/root/usr/share/locale dir=/usr/share/locale fstype=btrfs
Whitelisting /usr/share/mime
2187 2151 0:33 /root/usr/share/mime /usr/share/mime ro,relatime master:1 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=256,subvol=/root
mountid=2187 fsname=/root/usr/share/mime dir=/usr/share/mime fstype=btrfs
Whitelisting /usr/share/misc
2188 2151 0:33 /root/usr/share/misc /usr/share/misc ro,relatime master:1 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=256,subvol=/root
mountid=2188 fsname=/root/usr/share/misc dir=/usr/share/misc fstype=btrfs
Whitelisting /usr/share/myspell
2189 2151 0:33 /root/usr/share/myspell /usr/share/myspell ro,relatime master:1 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=256,subvol=/root
mountid=2189 fsname=/root/usr/share/myspell dir=/usr/share/myspell fstype=btrfs
Whitelisting /usr/share/p11-kit
2190 2151 0:33 /root/usr/share/p11-kit /usr/share/p11-kit ro,relatime master:1 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=256,subvol=/root
mountid=2190 fsname=/root/usr/share/p11-kit dir=/usr/share/p11-kit fstype=btrfs
Whitelisting /usr/share/perl5
2191 2151 0:33 /root/usr/share/perl5 /usr/share/perl5 ro,relatime master:1 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=256,subvol=/root
mountid=2191 fsname=/root/usr/share/perl5 dir=/usr/share/perl5 fstype=btrfs
Whitelisting /usr/share/pixmaps
2192 2151 0:33 /root/usr/share/pixmaps /usr/share/pixmaps ro,relatime master:1 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=256,subvol=/root
mountid=2192 fsname=/root/usr/share/pixmaps dir=/usr/share/pixmaps fstype=btrfs
Whitelisting /usr/share/pki
2193 2151 0:33 /root/usr/share/pki /usr/share/pki ro,relatime master:1 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=256,subvol=/root
mountid=2193 fsname=/root/usr/share/pki dir=/usr/share/pki fstype=btrfs
Whitelisting /usr/share/publicsuffix
2194 2151 0:33 /root/usr/share/publicsuffix /usr/share/publicsuffix ro,relatime master:1 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=256,subvol=/root
mountid=2194 fsname=/root/usr/share/publicsuffix dir=/usr/share/publicsuffix fstype=btrfs
Whitelisting /usr/share/qt4
2195 2151 0:33 /root/usr/share/qt4 /usr/share/qt4 ro,relatime master:1 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=256,subvol=/root
mountid=2195 fsname=/root/usr/share/qt4 dir=/usr/share/qt4 fstype=btrfs
Whitelisting /usr/share/qt5
2196 2151 0:33 /root/usr/share/qt5 /usr/share/qt5 ro,relatime master:1 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=256,subvol=/root
mountid=2196 fsname=/root/usr/share/qt5 dir=/usr/share/qt5 fstype=btrfs
Whitelisting /usr/share/sounds
2197 2151 0:33 /root/usr/share/sounds /usr/share/sounds ro,relatime master:1 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=256,subvol=/root
mountid=2197 fsname=/root/usr/share/sounds dir=/usr/share/sounds fstype=btrfs
Whitelisting /usr/share/tcl8.6
2198 2151 0:33 /root/usr/share/tcl8.6 /usr/share/tcl8.6 ro,relatime master:1 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=256,subvol=/root
mountid=2198 fsname=/root/usr/share/tcl8.6 dir=/usr/share/tcl8.6 fstype=btrfs
Whitelisting /usr/share/terminfo
2199 2151 0:33 /root/usr/share/terminfo /usr/share/terminfo ro,relatime master:1 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=256,subvol=/root
mountid=2199 fsname=/root/usr/share/terminfo dir=/usr/share/terminfo fstype=btrfs
Whitelisting /usr/share/texlive
2200 2151 0:33 /root/usr/share/texlive /usr/share/texlive ro,relatime master:1 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=256,subvol=/root
mountid=2200 fsname=/root/usr/share/texlive dir=/usr/share/texlive fstype=btrfs
Whitelisting /usr/share/themes
2201 2151 0:33 /root/usr/share/themes /usr/share/themes ro,relatime master:1 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=256,subvol=/root
mountid=2201 fsname=/root/usr/share/themes dir=/usr/share/themes fstype=btrfs
Whitelisting /usr/share/X11
2202 2151 0:33 /root/usr/share/X11 /usr/share/X11 ro,relatime master:1 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=256,subvol=/root
mountid=2202 fsname=/root/usr/share/X11 dir=/usr/share/X11 fstype=btrfs
Whitelisting /usr/share/xml
2203 2151 0:33 /root/usr/share/xml /usr/share/xml ro,relatime master:1 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=256,subvol=/root
mountid=2203 fsname=/root/usr/share/xml dir=/usr/share/xml fstype=btrfs
Whitelisting /usr/share/zoneinfo
2204 2151 0:33 /root/usr/share/zoneinfo /usr/share/zoneinfo ro,relatime master:1 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=256,subvol=/root
mountid=2204 fsname=/root/usr/share/zoneinfo dir=/usr/share/zoneinfo fstype=btrfs
Whitelisting /var/lib/dbus
2205 2142 0:33 /root/var/lib/dbus /var/lib/dbus ro,nosuid,nodev,noexec,relatime master:1 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=256,subvol=/root
mountid=2205 fsname=/root/var/lib/dbus dir=/var/lib/dbus fstype=btrfs
Whitelisting /var/cache/fontconfig
2206 2142 0:33 /root/var/cache/fontconfig /var/cache/fontconfig ro,nosuid,nodev,noexec,relatime master:1 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=256,subvol=/root
mountid=2206 fsname=/root/var/cache/fontconfig dir=/var/cache/fontconfig fstype=btrfs
Whitelisting /var/tmp
2207 2142 0:117 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw,seclabel,inode64
mountid=2207 fsname=/ dir=/var/tmp fstype=tmpfs
Created symbolic link /var/run -> /run
Created symbolic link /var/lock -> /run/lock
Whitelisting /tmp/.X11-unix
2208 2133 0:40 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev master:51 - tmpfs tmpfs rw,seclabel,size=4012884k,nr_inodes=409600,inode64
mountid=2208 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Whitelisting /run/user/1003/.mutter-Xwaylandauth.5ZQVU0
2209 2157 0:48 /.mutter-Xwaylandauth.5ZQVU0 /run/user/1003/.mutter-Xwaylandauth.5ZQVU0 rw,nosuid,nodev,relatime master:489 - tmpfs tmpfs rw,seclabel,size=802576k,nr_inodes=200644,mode=700,uid=1003,gid=1004,inode64
mountid=2209 fsname=/.mutter-Xwaylandauth.5ZQVU0 dir=/run/user/1003/.mutter-Xwaylandauth.5ZQVU0 fstype=tmpfs
Directory ${MUSIC} resolved as Music
Disable /home/XXsanitizedXX/.bash_history
Disable /etc/X11/Xsession.d
Disable /etc/xdg/autostart
Disable /home/XXsanitizedXX/.local/share/gnome-shell
Mounting read-only /home/XXsanitizedXX/.config/dconf
2219 1372 0:33 /home/XXsanitizedXX/.config/dconf /home/XXsanitizedXX/.config/dconf ro,relatime master:43 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=257,subvol=/home
mountid=2219 fsname=/home/XXsanitizedXX/.config/dconf dir=/home/XXsanitizedXX/.config/dconf fstype=btrfs
Disable /etc/rc.d/init.d (requested /etc/init.d/)
Disable /home/XXsanitizedXX/.config/gnome-boxes
Disable /etc/anacrontab
Disable /etc/cron.d
Disable /etc/cron.daily
Disable /etc/cron.hourly
Disable /etc/cron.monthly
Disable /etc/cron.weekly
Disable /etc/cron.deny
Disable /etc/crontab
Disable /etc/profile.d
Disable /etc/rc.d/rc0.d (requested /etc/rc0.d)
Disable /etc/rc.d/rc1.d (requested /etc/rc1.d)
Disable /etc/rc.d/rc2.d (requested /etc/rc2.d)
Disable /etc/rc.d/rc3.d (requested /etc/rc3.d)
Disable /etc/rc.d/rc4.d (requested /etc/rc4.d)
Disable /etc/rc.d/rc5.d (requested /etc/rc5.d)
Disable /etc/rc.d/rc6.d (requested /etc/rc6.d)
Disable /etc/kernel
Disable /etc/grub.d
Disable /etc/selinux
Disable /etc/modules-load.d
Disable /etc/logrotate.d
Disable /etc/logrotate.conf
Mounting read-only /home/XXsanitizedXX/.bash_logout
2244 1372 0:33 /home/XXsanitizedXX/.bash_logout /home/XXsanitizedXX/.bash_logout ro,relatime master:43 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=257,subvol=/home
mountid=2244 fsname=/home/XXsanitizedXX/.bash_logout dir=/home/XXsanitizedXX/.bash_logout fstype=btrfs
Mounting read-only /home/XXsanitizedXX/.bash_profile
2245 1372 0:33 /home/XXsanitizedXX/.bash_profile /home/XXsanitizedXX/.bash_profile ro,relatime master:43 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=257,subvol=/home
mountid=2245 fsname=/home/XXsanitizedXX/.bash_profile dir=/home/XXsanitizedXX/.bash_profile fstype=btrfs
Mounting read-only /home/XXsanitizedXX/.bashrc
2246 1372 0:33 /home/XXsanitizedXX/.bashrc /home/XXsanitizedXX/.bashrc ro,relatime master:43 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=257,subvol=/home
mountid=2246 fsname=/home/XXsanitizedXX/.bashrc dir=/home/XXsanitizedXX/.bashrc fstype=btrfs
Mounting read-only /home/XXsanitizedXX/.local/share/applications
2247 1372 0:33 /home/XXsanitizedXX/.local/share/applications /home/XXsanitizedXX/.local/share/applications ro,relatime master:43 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=257,subvol=/home
mountid=2247 fsname=/home/XXsanitizedXX/.local/share/applications dir=/home/XXsanitizedXX/.local/share/applications fstype=btrfs
Mounting read-only /home/XXsanitizedXX/.config/user-dirs.dirs
2248 1372 0:33 /home/XXsanitizedXX/.config/user-dirs.dirs /home/XXsanitizedXX/.config/user-dirs.dirs ro,relatime master:43 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=257,subvol=/home
mountid=2248 fsname=/home/XXsanitizedXX/.config/user-dirs.dirs dir=/home/XXsanitizedXX/.config/user-dirs.dirs fstype=btrfs
Mounting read-only /home/XXsanitizedXX/.config/user-dirs.locale
2249 1372 0:33 /home/XXsanitizedXX/.config/user-dirs.locale /home/XXsanitizedXX/.config/user-dirs.locale ro,relatime master:43 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=257,subvol=/home
mountid=2249 fsname=/home/XXsanitizedXX/.config/user-dirs.locale dir=/home/XXsanitizedXX/.config/user-dirs.locale fstype=btrfs
Disable /home/XXsanitizedXX/.gnupg
Disable /home/XXsanitizedXX/.local/share/keyrings
Disable /home/XXsanitizedXX/.pki
Disable /home/XXsanitizedXX/.local/share/pki
Disable /home/XXsanitizedXX/.ssh
Disable /etc/group-
Disable /etc/gshadow
Disable /etc/gshadow-
Disable /etc/passwd-
Disable /etc/shadow
Disable /etc/shadow-
Disable /etc/ssh
Disable /usr/sbin (requested /sbin)
Disable /usr/local/sbin
Disable /usr/sbin
Disable /home/XXsanitizedXX/.cache/flatpak
Disable /home/XXsanitizedXX/.local/share/flatpak/db
Disable /home/XXsanitizedXX/.local/share/flatpak/repo
Disable /home/XXsanitizedXX/.local/share/flatpak/.changed
Disable /etc/java
Disable /usr/lib/java
Disable /usr/src
Disable /usr/local/src
Not blacklist /usr/include
Disable /usr/local/include
Mounting noexec /home/XXsanitizedXX
2293 2274 0:25 /firejail/firejail.ro.file /home/XXsanitizedXX/.local/share/flatpak/.changed rw,nosuid,nodev master:14 - tmpfs tmpfs rw,seclabel,size=1605156k,nr_inodes=819200,mode=755,inode64
mountid=2293 fsname=/firejail/firejail.ro.file dir=/home/XXsanitizedXX/.local/share/flatpak/.changed fstype=tmpfs
Mounting noexec /home/XXsanitizedXX/.config/dconf
2294 2277 0:33 /home/XXsanitizedXX/.config/dconf /home/XXsanitizedXX/.config/dconf ro,nosuid,nodev,noexec,relatime master:43 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=257,subvol=/home
mountid=2294 fsname=/home/XXsanitizedXX/.config/dconf dir=/home/XXsanitizedXX/.config/dconf fstype=btrfs
Mounting noexec /home/XXsanitizedXX/.bash_logout
2295 2279 0:33 /home/XXsanitizedXX/.bash_logout /home/XXsanitizedXX/.bash_logout ro,nosuid,nodev,noexec,relatime master:43 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=257,subvol=/home
mountid=2295 fsname=/home/XXsanitizedXX/.bash_logout dir=/home/XXsanitizedXX/.bash_logout fstype=btrfs
Mounting noexec /home/XXsanitizedXX/.bash_profile
2296 2280 0:33 /home/XXsanitizedXX/.bash_profile /home/XXsanitizedXX/.bash_profile ro,nosuid,nodev,noexec,relatime master:43 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=257,subvol=/home
mountid=2296 fsname=/home/XXsanitizedXX/.bash_profile dir=/home/XXsanitizedXX/.bash_profile fstype=btrfs
Mounting noexec /home/XXsanitizedXX/.bashrc
2297 2281 0:33 /home/XXsanitizedXX/.bashrc /home/XXsanitizedXX/.bashrc ro,nosuid,nodev,noexec,relatime master:43 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=257,subvol=/home
mountid=2297 fsname=/home/XXsanitizedXX/.bashrc dir=/home/XXsanitizedXX/.bashrc fstype=btrfs
Mounting noexec /home/XXsanitizedXX/.local/share/applications
2298 2282 0:33 /home/XXsanitizedXX/.local/share/applications /home/XXsanitizedXX/.local/share/applications ro,nosuid,nodev,noexec,relatime master:43 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=257,subvol=/home
mountid=2298 fsname=/home/XXsanitizedXX/.local/share/applications dir=/home/XXsanitizedXX/.local/share/applications fstype=btrfs
Mounting noexec /home/XXsanitizedXX/.config/user-dirs.dirs
2299 2283 0:33 /home/XXsanitizedXX/.config/user-dirs.dirs /home/XXsanitizedXX/.config/user-dirs.dirs ro,nosuid,nodev,noexec,relatime master:43 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=257,subvol=/home
mountid=2299 fsname=/home/XXsanitizedXX/.config/user-dirs.dirs dir=/home/XXsanitizedXX/.config/user-dirs.dirs fstype=btrfs
Mounting noexec /home/XXsanitizedXX/.config/user-dirs.locale
2300 2284 0:33 /home/XXsanitizedXX/.config/user-dirs.locale /home/XXsanitizedXX/.config/user-dirs.locale ro,nosuid,nodev,noexec,relatime master:43 - btrfs /dev/sda3 rw,seclabel,ssd,space_cache,subvolid=257,subvol=/home
mountid=2300 fsname=/home/XXsanitizedXX/.config/user-dirs.locale dir=/home/XXsanitizedXX/.config/user-dirs.locale fstype=btrfs
Mounting noexec /run/user/1003
2307 2301 0:48 /.mutter-Xwaylandauth.5ZQVU0 /run/user/1003/.mutter-Xwaylandauth.5ZQVU0 rw,nosuid,nodev,relatime master:489 - tmpfs tmpfs rw,seclabel,size=802576k,nr_inodes=200644,mode=700,uid=1003,gid=1004,inode64
mountid=2307 fsname=/.mutter-Xwaylandauth.5ZQVU0 dir=/run/user/1003/.mutter-Xwaylandauth.5ZQVU0 fstype=tmpfs
Mounting noexec /run/user/1003/dconf
2308 2303 0:48 /dconf /run/user/1003/dconf rw,nosuid,nodev,noexec,relatime master:489 - tmpfs tmpfs rw,seclabel,size=802576k,nr_inodes=200644,mode=700,uid=1003,gid=1004,inode64
mountid=2308 fsname=/dconf dir=/run/user/1003/dconf fstype=tmpfs
Mounting noexec /run/user/1003/ICEauthority
2309 2304 0:48 /ICEauthority /run/user/1003/ICEauthority rw,nosuid,nodev,noexec,relatime master:489 - tmpfs tmpfs rw,seclabel,size=802576k,nr_inodes=200644,mode=700,uid=1003,gid=1004,inode64
mountid=2309 fsname=/ICEauthority dir=/run/user/1003/ICEauthority fstype=tmpfs
Mounting noexec /run/user/1003/pulse/native
2310 2305 0:48 /pulse/native /run/user/1003/pulse/native rw,nosuid,nodev,noexec,relatime master:489 - tmpfs tmpfs rw,seclabel,size=802576k,nr_inodes=200644,mode=700,uid=1003,gid=1004,inode64
mountid=2310 fsname=/pulse/native dir=/run/user/1003/pulse/native fstype=tmpfs
Mounting noexec /run/user/1003/wayland-0
2311 2306 0:48 /wayland-0 /run/user/1003/wayland-0 rw,nosuid,nodev,noexec,relatime master:489 - tmpfs tmpfs rw,seclabel,size=802576k,nr_inodes=200644,mode=700,uid=1003,gid=1004,inode64
mountid=2311 fsname=/wayland-0 dir=/run/user/1003/wayland-0 fstype=tmpfs
Mounting noexec /run/user/1003/.mutter-Xwaylandauth.5ZQVU0
2312 2307 0:48 /.mutter-Xwaylandauth.5ZQVU0 /run/user/1003/.mutter-Xwaylandauth.5ZQVU0 rw,nosuid,nodev,noexec,relatime master:489 - tmpfs tmpfs rw,seclabel,size=802576k,nr_inodes=200644,mode=700,uid=1003,gid=1004,inode64
mountid=2312 fsname=/.mutter-Xwaylandauth.5ZQVU0 dir=/run/user/1003/.mutter-Xwaylandauth.5ZQVU0 fstype=tmpfs
Mounting noexec /tmp
2314 2313 0:40 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev master:51 - tmpfs tmpfs rw,seclabel,size=4012884k,nr_inodes=409600,inode64
mountid=2314 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Mounting noexec /tmp/.X11-unix
2315 2314 0:40 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev,noexec master:51 - tmpfs tmpfs rw,seclabel,size=4012884k,nr_inodes=409600,inode64
mountid=2315 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Mounting noexec /var
2319 2316 0:117 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw,seclabel,inode64
mountid=2319 fsname=/ dir=/var/tmp fstype=tmpfs
Disable /usr/lib64/gjs
Disable /usr/lib64/libgjs.so.0.0.0 (requested /usr/lib64/libgjs.so.0)
Disable /usr/lib64/libgjs.so.0.0.0
Not blacklist /home/XXsanitizedXX/.local/bin/lua*
Not blacklist /home/XXsanitizedXX/bin/lua*
Not blacklist /usr/local/bin/lua*
Not blacklist /usr/local/sbin/lua*
Not blacklist /usr/bin/lua*
Not blacklist /usr/sbin/lua*
Not blacklist /var/lib/snapd/snap/bin/lua*
Not blacklist /usr/lib/liblua*
Not blacklist /usr/lib/lua
Not blacklist /usr/share/lua
Disable /usr/lib64/libmozjs-68.so.0.0.0 (requested /usr/lib64/libmozjs-68.so.0)
Disable /usr/lib64/libmozjs-68.so.0.0.0
Disable /usr/lib64/libmozjs-78.so.0.0.0 (requested /usr/lib64/libmozjs-78.so.0)
Disable /usr/lib64/libmozjs-78.so.0.0.0
Disable /usr/share/perl5
Not blacklist /home/XXsanitizedXX/.local/bin/python2*
Not blacklist /home/XXsanitizedXX/bin/python2*
Not blacklist /usr/local/bin/python2*
Not blacklist /usr/local/sbin/python2*
Not blacklist /usr/bin/python2*
Not blacklist /usr/sbin/python2*
Not blacklist /var/lib/snapd/snap/bin/python2*
Not blacklist /usr/include/python2*
Not blacklist /usr/lib/python2*
Not blacklist /usr/local/lib/python2*
Not blacklist /usr/share/python2*
Not blacklist /home/XXsanitizedXX/.local/bin/python3*
Not blacklist /home/XXsanitizedXX/bin/python3*
Not blacklist /usr/local/bin/python3*
Not blacklist /usr/local/sbin/python3*
Not blacklist /usr/bin/python3*
Not blacklist /usr/sbin/python3*
Not blacklist /var/lib/snapd/snap/bin/python3*
Not blacklist /usr/include/python3.9
Not blacklist /usr/lib/python3.9
Not blacklist /usr/lib64/python3.9
Not blacklist /usr/local/lib/python3*
Not blacklist /usr/share/python3*
Disable /home/XXsanitizedXX/.config/enchant
Disable /home/XXsanitizedXX/.config/evolution
Disable /home/XXsanitizedXX/.config/gconf
Disable /home/XXsanitizedXX/.config/gedit
Disable /home/XXsanitizedXX/.config/gnome-initial-setup-done
Disable /home/XXsanitizedXX/.config/gnome-session
Disable /home/XXsanitizedXX/.config/libreoffice
Disable /home/XXsanitizedXX/.config/nautilus
Disable /home/XXsanitizedXX/.local/share/evolution
Disable /home/XXsanitizedXX/.local/share/nautilus
Not blacklist /home/XXsanitizedXX/.local/share/rhythmbox
Disable /home/XXsanitizedXX/.mozilla
Disable /home/XXsanitizedXX/.cache/babl
Disable /home/XXsanitizedXX/.cache/evolution
Disable /home/XXsanitizedXX/.cache/gegl-0.4
Disable /home/XXsanitizedXX/.cache/gnome-software
Disable /home/XXsanitizedXX/.cache/libgweather
Disable /home/XXsanitizedXX/.cache/mozilla
Not blacklist /home/XXsanitizedXX/.cache/rhythmbox
Directory ${DOCUMENTS} resolved as Documents
Disable /home/XXsanitizedXX/Documents
Directory ${MUSIC} resolved as Music
Not blacklist /home/XXsanitizedXX/Music
Directory ${PICTURES} resolved as Pictures
Disable /home/XXsanitizedXX/Pictures
Directory ${VIDEOS} resolved as Videos
Disable /home/XXsanitizedXX/Videos
Mounting read-only /tmp/.X11-unix
2348 2315 0:40 /.X11-unix /tmp/.X11-unix ro,nosuid,nodev,noexec master:51 - tmpfs tmpfs rw,seclabel,size=4012884k,nr_inodes=409600,inode64
mountid=2348 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Disable /sys/fs
Disable /sys/module
Relabeling /run/firejail/mnt/pulse as /run/firejail/mnt/pulse (system_u:object_r:var_run_t:s0)
Mounting noexec /run/firejail/mnt/pulse
2351 1350 0:114 /pulse /run/firejail/mnt/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,seclabel,mode=755,inode64
mountid=2351 fsname=/pulse dir=/run/firejail/mnt/pulse fstype=tmpfs
Mounting /run/firejail/mnt/pulse on /home/XXsanitizedXX/.config/pulse
2352 2274 0:114 /pulse /home/XXsanitizedXX/.config/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,seclabel,mode=755,inode64
mountid=2352 fsname=/pulse dir=/home/XXsanitizedXX/.config/pulse fstype=tmpfs
Create the new ld.so.preload file
Blacklist violations are logged to syslog
Mount the new ld.so.preload file
Current directory: /home/XXsanitizedXX
DISPLAY=:0 parsed as 0
Install protocol filter: unix,inet,inet6,netlink
configuring 22 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol
sbox run: /usr/lib64/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol
Dropping all capabilities
Drop privileges: pid 5, uid 1003, gid 1004, nogroups 1
No supplementary groups
line OP JT JF K
0000: 20 00 00 00000004 ld data.architecture
0001: 15 04 00 c000003e jeq ARCH_64 0006 (false 0002)
0002: 20 00 00 00000000 ld data.syscall-number
0003: 15 01 00 00000167 jeq unknown 0005 (false 0004)
0004: 06 00 00 7fff0000 ret ALLOW
0005: 05 00 00 00000006 jmp 000c
0006: 20 00 00 00000004 ld data.architecture
0007: 15 01 00 c000003e jeq ARCH_64 0009 (false 0008)
0008: 06 00 00 7fff0000 ret ALLOW
0009: 20 00 00 00000000 ld data.syscall-number
000a: 15 01 00 00000029 jeq socket 000c (false 000b)
000b: 06 00 00 7fff0000 ret ALLOW
000c: 20 00 00 00000010 ld data.args[0]
000d: 15 00 01 00000001 jeq 1 000e (false 000f)
000e: 06 00 00 7fff0000 ret ALLOW
000f: 15 00 01 00000002 jeq 2 0010 (false 0011)
0010: 06 00 00 7fff0000 ret ALLOW
0011: 15 00 01 0000000a jeq a 0012 (false 0013)
0012: 06 00 00 7fff0000 ret ALLOW
0013: 15 00 01 00000010 jeq 10 0014 (false 0015)
0014: 06 00 00 7fff0000 ret ALLOW
0015: 06 00 00 0005005f ret ERRNO(95)
configuring 101 seccomp entries in /run/firejail/mnt/seccomp/seccomp.32
sbox run: /usr/lib64/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.32
Dropping all capabilities
Drop privileges: pid 6, uid 1003, gid 1004, nogroups 1
No supplementary groups
line OP JT JF K
0000: 20 00 00 00000004 ld data.architecture
0001: 15 01 00 40000003 jeq ARCH_32 0003 (false 0002)
0002: 06 00 00 7fff0000 ret ALLOW
0003: 20 00 00 00000000 ld data.syscall-number
0004: 15 00 01 00000015 jeq 15 0005 (false 0006)
0005: 06 00 00 00000001 ret KILL
0006: 15 00 01 00000034 jeq 34 0007 (false 0008)
0007: 06 00 00 00000001 ret KILL
0008: 15 00 01 0000001a jeq 1a 0009 (false 000a)
0009: 06 00 00 00000001 ret KILL
000a: 15 00 01 0000011b jeq 11b 000b (false 000c)
000b: 06 00 00 00000001 ret KILL
000c: 15 00 01 00000155 jeq 155 000d (false 000e)
000d: 06 00 00 00000001 ret KILL
000e: 15 00 01 00000156 jeq 156 000f (false 0010)
000f: 06 00 00 00000001 ret KILL
0010: 15 00 01 0000007f jeq 7f 0011 (false 0012)
0011: 06 00 00 00000001 ret KILL
0012: 15 00 01 00000080 jeq 80 0013 (false 0014)
0013: 06 00 00 00000001 ret KILL
0014: 15 00 01 0000015e jeq 15e 0015 (false 0016)
0015: 06 00 00 00000001 ret KILL
0016: 15 00 01 00000081 jeq 81 0017 (false 0018)
0017: 06 00 00 00000001 ret KILL
0018: 15 00 01 0000006e jeq 6e 0019 (false 001a)
0019: 06 00 00 00000001 ret KILL
001a: 15 00 01 00000065 jeq 65 001b (false 001c)
001b: 06 00 00 00000001 ret KILL
001c: 15 00 01 00000121 jeq 121 001d (false 001e)
001d: 06 00 00 00000001 ret KILL
001e: 15 00 01 00000057 jeq 57 001f (false 0020)
001f: 06 00 00 00000001 ret KILL
0020: 15 00 01 00000073 jeq 73 0021 (false 0022)
0021: 06 00 00 00000001 ret KILL
0022: 15 00 01 00000067 jeq 67 0023 (false 0024)
0023: 06 00 00 00000001 ret KILL
0024: 15 00 01 0000015b jeq 15b 0025 (false 0026)
0025: 06 00 00 00000001 ret KILL
0026: 15 00 01 0000015c jeq 15c 0027 (false 0028)
0027: 06 00 00 00000001 ret KILL
0028: 15 00 01 00000087 jeq 87 0029 (false 002a)
0029: 06 00 00 00000001 ret KILL
002a: 15 00 01 00000095 jeq 95 002b (false 002c)
002b: 06 00 00 00000001 ret KILL
002c: 15 00 01 0000007c jeq 7c 002d (false 002e)
002d: 06 00 00 00000001 ret KILL
002e: 15 00 01 00000157 jeq 157 002f (false 0030)
002f: 06 00 00 00000001 ret KILL
0030: 15 00 01 000000fd jeq fd 0031 (false 0032)
0031: 06 00 00 00000001 ret KILL
0032: 15 00 01 00000150 jeq 150 0033 (false 0034)
0033: 06 00 00 00000001 ret KILL
0034: 15 00 01 00000152 jeq 152 0035 (false 0036)
0035: 06 00 00 00000001 ret KILL
0036: 15 00 01 0000015d jeq 15d 0037 (false 0038)
0037: 06 00 00 00000001 ret KILL
0038: 15 00 01 0000011e jeq 11e 0039 (false 003a)
0039: 06 00 00 00000001 ret KILL
003a: 15 00 01 0000011f jeq 11f 003b (false 003c)
003b: 06 00 00 00000001 ret KILL
003c: 15 00 01 00000120 jeq 120 003d (false 003e)
003d: 06 00 00 00000001 ret KILL
003e: 15 00 01 00000056 jeq 56 003f (false 0040)
003f: 06 00 00 00000001 ret KILL
0040: 15 00 01 00000033 jeq 33 0041 (false 0042)
0041: 06 00 00 00000001 ret KILL
0042: 15 00 01 0000007b jeq 7b 0043 (false 0044)
0043: 06 00 00 00000001 ret KILL
0044: 15 00 01 000000d9 jeq d9 0045 (false 0046)
0045: 06 00 00 00000001 ret KILL
0046: 15 00 01 000000f5 jeq f5 0047 (false 0048)
0047: 06 00 00 00000001 ret KILL
0048: 15 00 01 000000f6 jeq f6 0049 (false 004a)
0049: 06 00 00 00000001 ret KILL
004a: 15 00 01 000000f7 jeq f7 004b (false 004c)
004b: 06 00 00 00000001 ret KILL
004c: 15 00 01 000000f8 jeq f8 004d (false 004e)
004d: 06 00 00 00000001 ret KILL
004e: 15 00 01 000000f9 jeq f9 004f (false 0050)
004f: 06 00 00 00000001 ret KILL
0050: 15 00 01 00000101 jeq 101 0051 (false 0052)
0051: 06 00 00 00000001 ret KILL
0052: 15 00 01 00000112 jeq 112 0053 (false 0054)
0053: 06 00 00 00000001 ret KILL
0054: 15 00 01 00000114 jeq 114 0055 (false 0056)
0055: 06 00 00 00000001 ret KILL
0056: 15 00 01 00000126 jeq 126 0057 (false 0058)
0057: 06 00 00 00000001 ret KILL
0058: 15 00 01 0000013d jeq 13d 0059 (false 005a)
0059: 06 00 00 00000001 ret KILL
005a: 15 00 01 0000013c jeq 13c 005b (false 005c)
005b: 06 00 00 00000001 ret KILL
005c: 15 00 01 0000003d jeq 3d 005d (false 005e)
005d: 06 00 00 00000001 ret KILL
005e: 15 00 01 00000058 jeq 58 005f (false 0060)
005f: 06 00 00 00000001 ret KILL
0060: 15 00 01 000000a9 jeq a9 0061 (false 0062)
0061: 06 00 00 00000001 ret KILL
0062: 15 00 01 00000082 jeq 82 0063 (false 0064)
0063: 06 00 00 00000001 ret KILL
0064: 06 00 00 7fff0000 ret ALLOW
Dual 32/64 bit seccomp filter configured
configuring 134 seccomp entries in /run/firejail/mnt/seccomp/seccomp
sbox run: /usr/lib64/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp
Dropping all capabilities
Drop privileges: pid 7, uid 1003, gid 1004, nogroups 1
No supplementary groups
line OP JT JF K
0000: 20 00 00 00000004 ld data.architecture
0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002)
0002: 06 00 00 7fff0000 ret ALLOW
0003: 20 00 00 00000000 ld data.syscall-number
0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005)
0005: 35 01 00 00000000 jge read 0007 (false 0006)
0006: 06 00 00 00050001 ret ERRNO(1)
0007: 15 00 01 0000009f jeq adjtimex 0008 (false 0009)
0008: 06 00 00 00000001 ret KILL
0009: 15 00 01 00000131 jeq clock_adjtime 000a (false 000b)
000a: 06 00 00 00000001 ret KILL
000b: 15 00 01 000000e3 jeq clock_settime 000c (false 000d)
000c: 06 00 00 00000001 ret KILL
000d: 15 00 01 000000a4 jeq settimeofday 000e (false 000f)
000e: 06 00 00 00000001 ret KILL
000f: 15 00 01 0000009a jeq modify_ldt 0010 (false 0011)
0010: 06 00 00 00000001 ret KILL
0011: 15 00 01 000000d4 jeq lookup_dcookie 0012 (false 0013)
0012: 06 00 00 00000001 ret KILL
0013: 15 00 01 0000012a jeq perf_event_open 0014 (false 0015)
0014: 06 00 00 00000001 ret KILL
0015: 15 00 01 00000137 jeq process_vm_writev 0016 (false 0017)
0016: 06 00 00 00000001 ret KILL
0017: 15 00 01 000000b0 jeq delete_module 0018 (false 0019)
0018: 06 00 00 00000001 ret KILL
0019: 15 00 01 00000139 jeq finit_module 001a (false 001b)
001a: 06 00 00 00000001 ret KILL
001b: 15 00 01 000000af jeq init_module 001c (false 001d)
001c: 06 00 00 00000001 ret KILL
001d: 15 00 01 000000a1 jeq chroot 001e (false 001f)
001e: 06 00 00 00000001 ret KILL
001f: 15 00 01 000000a5 jeq mount 0020 (false 0021)
0020: 06 00 00 00000001 ret KILL
0021: 15 00 01 0000009b jeq pivot_root 0022 (false 0023)
0022: 06 00 00 00000001 ret KILL
0023: 15 00 01 000000a6 jeq umount2 0024 (false 0025)
0024: 06 00 00 00000001 ret KILL
0025: 15 00 01 0000009c jeq _sysctl 0026 (false 0027)
0026: 06 00 00 00000001 ret KILL
0027: 15 00 01 000000b7 jeq afs_syscall 0028 (false 0029)
0028: 06 00 00 00000001 ret KILL
0029: 15 00 01 000000ae jeq create_module 002a (false 002b)
002a: 06 00 00 00000001 ret KILL
002b: 15 00 01 000000b1 jeq get_kernel_syms 002c (false 002d)
002c: 06 00 00 00000001 ret KILL
002d: 15 00 01 000000b5 jeq getpmsg 002e (false 002f)
002e: 06 00 00 00000001 ret KILL
002f: 15 00 01 000000b6 jeq putpmsg 0030 (false 0031)
0030: 06 00 00 00000001 ret KILL
0031: 15 00 01 000000b2 jeq query_module 0032 (false 0033)
0032: 06 00 00 00000001 ret KILL
0033: 15 00 01 000000b9 jeq security 0034 (false 0035)
0034: 06 00 00 00000001 ret KILL
0035: 15 00 01 0000008b jeq sysfs 0036 (false 0037)
0036: 06 00 00 00000001 ret KILL
0037: 15 00 01 000000b8 jeq tuxcall 0038 (false 0039)
0038: 06 00 00 00000001 ret KILL
0039: 15 00 01 00000086 jeq uselib 003a (false 003b)
003a: 06 00 00 00000001 ret KILL
003b: 15 00 01 00000088 jeq ustat 003c (false 003d)
003c: 06 00 00 00000001 ret KILL
003d: 15 00 01 000000ec jeq vserver 003e (false 003f)
003e: 06 00 00 00000001 ret KILL
003f: 15 00 01 000000ad jeq ioperm 0040 (false 0041)
0040: 06 00 00 00000001 ret KILL
0041: 15 00 01 000000ac jeq iopl 0042 (false 0043)
0042: 06 00 00 00000001 ret KILL
0043: 15 00 01 000000f6 jeq kexec_load 0044 (false 0045)
0044: 06 00 00 00000001 ret KILL
0045: 15 00 01 00000140 jeq kexec_file_load 0046 (false 0047)
0046: 06 00 00 00000001 ret KILL
0047: 15 00 01 000000a9 jeq reboot 0048 (false 0049)
0048: 06 00 00 00000001 ret KILL
0049: 15 00 01 000000a7 jeq swapon 004a (false 004b)
004a: 06 00 00 00000001 ret KILL
004b: 15 00 01 000000a8 jeq swapoff 004c (false 004d)
004c: 06 00 00 00000001 ret KILL
004d: 15 00 01 00000130 jeq open_by_handle_at 004e (false 004f)
004e: 06 00 00 00000001 ret KILL
004f: 15 00 01 0000012f jeq name_to_handle_at 0050 (false 0051)
0050: 06 00 00 00000001 ret KILL
0051: 15 00 01 000000fb jeq ioprio_set 0052 (false 0053)
0052: 06 00 00 00000001 ret KILL
0053: 15 00 01 00000067 jeq syslog 0054 (false 0055)
0054: 06 00 00 00000001 ret KILL
0055: 15 00 01 0000012c jeq fanotify_init 0056 (false 0057)
0056: 06 00 00 00000001 ret KILL
0057: 15 00 01 00000138 jeq kcmp 0058 (false 0059)
0058: 06 00 00 00000001 ret KILL
0059: 15 00 01 000000f8 jeq add_key 005a (false 005b)
005a: 06 00 00 00000001 ret KILL
005b: 15 00 01 000000f9 jeq request_key 005c (false 005d)
005c: 06 00 00 00000001 ret KILL
005d: 15 00 01 000000ed jeq mbind 005e (false 005f)
005e: 06 00 00 00000001 ret KILL
005f: 15 00 01 00000100 jeq migrate_pages 0060 (false 0061)
0060: 06 00 00 00000001 ret KILL
0061: 15 00 01 00000117 jeq move_pages 0062 (false 0063)
0062: 06 00 00 00000001 ret KILL
0063: 15 00 01 000000fa jeq keyctl 0064 (false 0065)
0064: 06 00 00 00000001 ret KILL
0065: 15 00 01 000000ce jeq io_setup 0066 (false 0067)
0066: 06 00 00 00000001 ret KILL
0067: 15 00 01 000000cf jeq io_destroy 0068 (false 0069)
0068: 06 00 00 00000001 ret KILL
0069: 15 00 01 000000d0 jeq io_getevents 006a (false 006b)
006a: 06 00 00 00000001 ret KILL
006b: 15 00 01 000000d1 jeq io_submit 006c (false 006d)
006c: 06 00 00 00000001 ret KILL
006d: 15 00 01 000000d2 jeq io_cancel 006e (false 006f)
006e: 06 00 00 00000001 ret KILL
006f: 15 00 01 000000d8 jeq remap_file_pages 0070 (false 0071)
0070: 06 00 00 00000001 ret KILL
0071: 15 00 01 00000143 jeq userfaultfd 0072 (false 0073)
0072: 06 00 00 00000001 ret KILL
0073: 15 00 01 000000a3 jeq acct 0074 (false 0075)
0074: 06 00 00 00000001 ret KILL
0075: 15 00 01 00000141 jeq bpf 0076 (false 0077)
0076: 06 00 00 00000001 ret KILL
0077: 15 00 01 000000b4 jeq nfsservctl 0078 (false 0079)
0078: 06 00 00 00000001 ret KILL
0079: 15 00 01 000000ab jeq setdomainname 007a (false 007b)
007a: 06 00 00 00000001 ret KILL
007b: 15 00 01 000000aa jeq sethostname 007c (false 007d)
007c: 06 00 00 00000001 ret KILL
007d: 15 00 01 00000099 jeq vhangup 007e (false 007f)
007e: 06 00 00 00000001 ret KILL
007f: 15 00 01 00000065 jeq ptrace 0080 (false 0081)
0080: 06 00 00 00000001 ret KILL
0081: 15 00 01 00000087 jeq personality 0082 (false 0083)
0082: 06 00 00 00000001 ret KILL
0083: 15 00 01 00000136 jeq process_vm_readv 0084 (false 0085)
0084: 06 00 00 00000001 ret KILL
0085: 06 00 00 7fff0000 ret ALLOW
seccomp filter configured
Mounting read-only /run/firejail/mnt/seccomp
2355 1350 0:114 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,seclabel,mode=755,inode64
mountid=2355 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs
Seccomp directory:
ls /run/firejail/mnt/seccomp
drwxr-xr-x root root 160 .
drwxr-xr-x root root 460 ..
-rw-r--r-- XXsanitizedXX XXsanitizedXX 1072 seccomp
-rw-r--r-- XXsanitizedXX XXsanitizedXX 808 seccomp.32
-rw-r--r-- XXsanitizedXX XXsanitizedXX 114 seccomp.list
-rw-r--r-- XXsanitizedXX XXsanitizedXX 0 seccomp.postexec
-rw-r--r-- XXsanitizedXX XXsanitizedXX 0 seccomp.postexec32
-rw-r--r-- XXsanitizedXX XXsanitizedXX 176 seccomp.protocol
Active seccomp files:
cat /run/firejail/mnt/seccomp/seccomp.list
/run/firejail/mnt/seccomp/seccomp.protocol
/run/firejail/mnt/seccomp/seccomp.32
/run/firejail/mnt/seccomp/seccomp
Dropping all capabilities
noroot user namespace installed
Dropping all capabilities
NO_NEW_PRIVS set
Drop privileges: pid 1, uid 1003, gid 1004, nogroups 1
No supplementary groups
starting application
LD_PRELOAD=(null)
execvp argument 0: rhythmbox
Child process initialized in 235.58 ms
Searching $PATH for rhythmbox
trying #/home/XXsanitizedXX/.local/bin/rhythmbox#
trying #/home/XXsanitizedXX/bin/rhythmbox#
trying #/usr/local/bin/rhythmbox#
Installing /run/firejail/mnt/seccomp/seccomp seccomp filter
Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter
Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter
monitoring pid 8
(rhythmbox:8): dbind-WARNING **: 15:28:27.596: AT-SPI: Error retrieving accessibility bus address: org.freedesktop.DBus.Error.ServiceUnknown: org.freedesktop.DBus.Error.ServiceUnknown
@rusty-snake commented on GitHub (Dec 3, 2020):
If I run rhythmbox w/o firejail (
/usr/bin/rhythmbox) I can't import/dev/sr0or/dev/cdrom, looks like it has no support to open device-files.Update: However, Audio-CD is supported through GVFS:
dbus-user.talk org.gtk.vfs.*.