[GH-ISSUE #3796] firefox: YubiKey WebAuthn does not work #2396

New issue

Closed

opened 2026-05-05 09:04:22 -06:00 by gitea-mirror · 14 comments

gitea-mirror commented 2026-05-05 09:04:22 -06:00

Owner

Copy link

Originally created by @OrfeasLitos on GitHub (Dec 7, 2020).
Original GitHub issue: https://github.com/netblue30/firejail/issues/3796

Write clear, concise and in textual form.

Bug and expected behavior

• Describe the bug.
  Firefox has no access to the YubiKey
• What did you expect to happen?
  Firefox should accept input from and send output to the YubiKey

No profile and disabling firejail

• What changed calling firejail --noprofile /path/to/program in a terminal?
  No change
• What changed calling the program by path (check which <program> or firejail --list while the sandbox is running)?
  No change

Reproduce
Steps to reproduce the behavior:

1. Run in bash firejail firefox-developer-edition
2. visit https://demo.yubico.com/webauthn-technical/registration
3. Click on 'NEXT'
4. Click on 'Proceed'
5. Follow on-screen instructions (i.e. Insert and tap YubiKey)

Environment

• Linux distribution and version (ie output of lsb_release -a, screenfetch or cat /etc/os-release)
  Arch Linux, x86_64 Linux 5.9.11-arch2-1
• Firejail version (output of firejail --version) exclusive or used git commit (git rev-parse HEAD)
  firejail version 0.9.64

Additional context
I've tried ignore private-dev as per #1381 to no avail

Checklist

• The upstream profile (and redirect profile if exists) have no changes fixing it.
• The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
• Programs needed for interaction are listed in the profile.
  probably not applicable
• A short search for duplicates was performed.
• If it is a AppImage, --profile=PROFILENAME is used to set the right profile.
• Used LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 PROGRAM to get english error-messages.

debug output

Autoselecting /bin/zsh as shell
Building quoted command line: 'firefox-developer-edition' 
Command name #firefox-developer-edition#
Found firefox-developer-edition.profile profile in /etc/firejail directory
Reading profile /etc/firejail/firefox-developer-edition.profile
Found firefox.profile profile in /etc/firejail directory
Reading profile /etc/firejail/firefox.profile
Found firefox.local profile in /home/[REDACTED]/.config/firejail directory
Found whitelist-usr-share-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Found firefox-common.profile profile in /etc/firejail directory
Reading profile /etc/firejail/firefox-common.profile
Found disable-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-common.inc
Found disable-devel.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-devel.inc
Found disable-exec.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-exec.inc
Found disable-interpreters.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-interpreters.inc
Found disable-programs.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-programs.inc
Found whitelist-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-common.inc
Found whitelist-var-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-var-common.inc
conditional BROWSER_DISABLE_U2F, nou2f
conditional BROWSER_DISABLE_U2F, private-dev
Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
DISPLAY=:0 parsed as 0
Warning: /usr/bin/xdg-dbus-proxy was not found, downgrading dbus-user policy to allow.
To enable DBus filtering, install the xdg-dbus-proxy program.
Ignoring "dbus-user.own org.mozilla.firefox.*" and 1 other dbus-user filter rule.
Using the local network stack
Parent pid 3090, child pid 3091
Initializing child process
Host network configured
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp directory
Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file
Build protocol filter: unix,inet,inet6,netlink
sbox run: /run/firejail/lib/fseccomp protocol build unix,inet,inet6,netlink /run/firejail/mnt/seccomp/seccomp.protocol 
Dropping all capabilities
Drop privileges: pid 2, uid 1000, gid 1000, nogroups 1
No supplementary groups
Mounting /proc filesystem representing the PID namespace
Basic read-only filesystem:
Mounting read-only /etc
448 405 254:3 /etc /etc ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix
mountid=448 fsname=/etc dir=/etc fstype=f2fs
Mounting noexec /etc
449 448 254:3 /etc /etc ro,nosuid,nodev,noexec,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix
mountid=449 fsname=/etc dir=/etc fstype=f2fs
Mounting read-only /var
450 442 0:50 / /var ro,relatime master:72 - btrfs /dev/mapper/cryptvar rw,space_cache,subvolid=5,subvol=/
mountid=450 fsname=/ dir=/var fstype=btrfs
Mounting noexec /var
451 450 0:50 / /var ro,nosuid,nodev,noexec,relatime master:72 - btrfs /dev/mapper/cryptvar rw,space_cache,subvolid=5,subvol=/
mountid=451 fsname=/ dir=/var fstype=btrfs
Mounting read-only /usr
452 405 254:3 /usr /usr ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix
mountid=452 fsname=/usr dir=/usr fstype=f2fs
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Cleaning /run/user directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /home/[REDACTED]/.config/firejail
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/profile
Disable /run/firejail/x11
Mounting tmpfs on /dev
mounting /run/firejail/mnt/dev/snd directory
mounting /run/firejail/mnt/dev/dri directory
mounting /run/firejail/mnt/dev/video0 file
mounting /run/firejail/mnt/dev/video1 file
Process /dev/shm directory
Generate private-tmp whitelist commands
Creating empty /run/firejail/mnt/dbus directory
Creating empty /run/firejail/mnt/dbus/system file
blacklist /run/dbus/system_bus_socket
blacklist /run/firejail/dbus
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Mounting read-only /proc/sys
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/sched_debug
Disable /proc/timer_list
Disable /proc/kcore
Disable /proc/kallsyms
Disable /usr/lib/modules (requested /lib/modules)
Disable /boot
Disable /run/user/1000/gnupg
Disable /run/user/1000/systemd
Disable /proc/kmsg
Debug 456: new_name #/home/[REDACTED]/.cache/mozilla/firefox#, whitelist
Debug 571: fname #/home/[REDACTED]/.cache/mozilla/firefox#, cfg.homedir #/home/[REDACTED]#
Replaced whitelist path: whitelist /home/[REDACTED]/.cache/mozilla/firefox
Debug 456: new_name #/home/[REDACTED]/.mozilla#, whitelist
Debug 571: fname #/home/[REDACTED]/.mozilla#, cfg.homedir #/home/[REDACTED]#
Replaced whitelist path: whitelist /home/[REDACTED]/.mozilla
Debug 456: new_name #/usr/share/doc#, whitelist
Debug 456: new_name #/usr/share/firefox#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/firefox
	expanded: /usr/share/firefox
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/gtk-doc/html#, whitelist
Debug 456: new_name #/usr/share/mozilla#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/mozilla
	expanded: /usr/share/mozilla
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/webext#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/webext
	expanded: /usr/share/webext
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/alsa#, whitelist
Debug 456: new_name #/usr/share/applications#, whitelist
Debug 456: new_name #/usr/share/ca-certificates#, whitelist
Debug 456: new_name #/usr/share/crypto-policies#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/crypto-policies
	expanded: /usr/share/crypto-policies
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/cursors#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/cursors
	expanded: /usr/share/cursors
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/dconf#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/dconf
	expanded: /usr/share/dconf
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/distro-info#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/distro-info
	expanded: /usr/share/distro-info
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/drirc.d#, whitelist
Debug 456: new_name #/usr/share/enchant#, whitelist
Debug 456: new_name #/usr/share/enchant-2#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/enchant-2
	expanded: /usr/share/enchant-2
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/file#, whitelist
Debug 456: new_name #/usr/share/fontconfig#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/fontconfig
	expanded: /usr/share/fontconfig
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/fonts#, whitelist
Debug 456: new_name #/usr/share/gir-1.0#, whitelist
Debug 456: new_name #/usr/share/gjs-1.0#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/gjs-1.0
	expanded: /usr/share/gjs-1.0
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/glib-2.0#, whitelist
Debug 456: new_name #/usr/share/glvnd#, whitelist
Debug 456: new_name #/usr/share/gtk-2.0#, whitelist
Debug 456: new_name #/usr/share/gtk-3.0#, whitelist
Debug 456: new_name #/usr/share/gtk-engines#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/gtk-engines
	expanded: /usr/share/gtk-engines
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/gtksourceview-3.0#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/gtksourceview-3.0
	expanded: /usr/share/gtksourceview-3.0
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/gtksourceview-4#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/gtksourceview-4
	expanded: /usr/share/gtksourceview-4
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/hunspell#, whitelist
Debug 456: new_name #/usr/share/hwdata#, whitelist
Debug 456: new_name #/usr/share/icons#, whitelist
Debug 456: new_name #/usr/share/icu#, whitelist
Debug 456: new_name #/usr/share/knotifications5#, whitelist
Debug 456: new_name #/usr/share/kservices5#, whitelist
Debug 456: new_name #/usr/share/Kvantum#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/Kvantum
	expanded: /usr/share/Kvantum
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/kxmlgui5#, whitelist
Debug 456: new_name #/usr/share/libdrm#, whitelist
Debug 456: new_name #/usr/share/libthai#, whitelist
Debug 456: new_name #/usr/share/locale#, whitelist
Debug 456: new_name #/usr/share/mime#, whitelist
Debug 456: new_name #/usr/share/misc#, whitelist
Debug 456: new_name #/usr/share/Modules#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/Modules
	expanded: /usr/share/Modules
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/myspell#, whitelist
Debug 456: new_name #/usr/share/p11-kit#, whitelist
Debug 456: new_name #/usr/share/perl#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/perl
	expanded: /usr/share/perl
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/perl5#, whitelist
Debug 456: new_name #/usr/share/pixmaps#, whitelist
Debug 456: new_name #/usr/share/pki#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/pki
	expanded: /usr/share/pki
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/plasma#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/plasma
	expanded: /usr/share/plasma
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/publicsuffix#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/publicsuffix
	expanded: /usr/share/publicsuffix
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/qt#, whitelist
Debug 456: new_name #/usr/share/qt4#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/qt4
	expanded: /usr/share/qt4
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/qt5#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/qt5
	expanded: /usr/share/qt5
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/qt5ct#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/qt5ct
	expanded: /usr/share/qt5ct
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/sounds#, whitelist
Debug 456: new_name #/usr/share/tcl8.6#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/tcl8.6
	expanded: /usr/share/tcl8.6
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/tcltk#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/tcltk
	expanded: /usr/share/tcltk
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/terminfo#, whitelist
Debug 456: new_name #/usr/share/texlive#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/texlive
	expanded: /usr/share/texlive
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/texmf#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/texmf
	expanded: /usr/share/texmf
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/themes#, whitelist
Debug 456: new_name #/usr/share/thumbnail.so#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/thumbnail.so
	expanded: /usr/share/thumbnail.so
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/X11#, whitelist
Debug 456: new_name #/usr/share/xml#, whitelist
Debug 456: new_name #/usr/share/zoneinfo#, whitelist
Directory ${DOWNLOADS} resolved as Downloads
Debug 456: new_name #/home/[REDACTED]/Downloads#, whitelist
Debug 571: fname #/home/[REDACTED]/Downloads#, cfg.homedir #/home/[REDACTED]#
Replaced whitelist path: whitelist /home/[REDACTED]/Downloads
Debug 456: new_name #/home/[REDACTED]/.pki#, whitelist
Debug 571: fname #/home/[REDACTED]/.pki#, cfg.homedir #/home/[REDACTED]#
Replaced whitelist path: whitelist /home/[REDACTED]/.pki
Debug 456: new_name #/home/[REDACTED]/.local/share/pki#, whitelist
Debug 571: fname #/home/[REDACTED]/.local/share/pki#, cfg.homedir #/home/[REDACTED]#
Replaced whitelist path: whitelist /home/[REDACTED]/.local/share/pki
Debug 456: new_name #/home/[REDACTED]/.XCompose#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.XCompose
	expanded: /home/[REDACTED]/.XCompose
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/[REDACTED]/.asoundrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.asoundrc
	expanded: /home/[REDACTED]/.asoundrc
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/[REDACTED]/.config/ibus#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/ibus
	expanded: /home/[REDACTED]/.config/ibus
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/[REDACTED]/.config/mimeapps.list#, whitelist
Debug 571: fname #/home/[REDACTED]/.config/mimeapps.list#, cfg.homedir #/home/[REDACTED]#
Replaced whitelist path: whitelist /home/[REDACTED]/.config/mimeapps.list
Debug 456: new_name #/home/[REDACTED]/.config/pkcs11#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/pkcs11
	expanded: /home/[REDACTED]/.config/pkcs11
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/[REDACTED]/.config/user-dirs.dirs#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/user-dirs.dirs
	expanded: /home/[REDACTED]/.config/user-dirs.dirs
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/[REDACTED]/.config/user-dirs.locale#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/user-dirs.locale
	expanded: /home/[REDACTED]/.config/user-dirs.locale
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/[REDACTED]/.drirc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.drirc
	expanded: /home/[REDACTED]/.drirc
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/[REDACTED]/.icons#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.icons
	expanded: /home/[REDACTED]/.icons
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/[REDACTED]/.local/share/applications#, whitelist
Debug 571: fname #/home/[REDACTED]/.local/share/applications#, cfg.homedir #/home/[REDACTED]#
Replaced whitelist path: whitelist /home/[REDACTED]/.local/share/applications
Debug 456: new_name #/home/[REDACTED]/.local/share/icons#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/icons
	expanded: /home/[REDACTED]/.local/share/icons
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/[REDACTED]/.local/share/mime#, whitelist
Debug 571: fname #/home/[REDACTED]/.local/share/mime#, cfg.homedir #/home/[REDACTED]#
Replaced whitelist path: whitelist /home/[REDACTED]/.local/share/mime
Debug 456: new_name #/home/[REDACTED]/.mime.types#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.mime.types
	expanded: /home/[REDACTED]/.mime.types
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/[REDACTED]/.uim.d#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.uim.d
	expanded: /home/[REDACTED]/.uim.d
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/[REDACTED]/.config/dconf#, whitelist
Debug 571: fname #/home/[REDACTED]/.config/dconf#, cfg.homedir #/home/[REDACTED]#
Replaced whitelist path: whitelist /home/[REDACTED]/.config/dconf
Debug 456: new_name #/home/[REDACTED]/.cache/fontconfig#, whitelist
Debug 571: fname #/home/[REDACTED]/.cache/fontconfig#, cfg.homedir #/home/[REDACTED]#
Replaced whitelist path: whitelist /home/[REDACTED]/.cache/fontconfig
Debug 456: new_name #/home/[REDACTED]/.config/fontconfig#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/fontconfig
	expanded: /home/[REDACTED]/.config/fontconfig
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/[REDACTED]/.fontconfig#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fontconfig
	expanded: /home/[REDACTED]/.fontconfig
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/[REDACTED]/.fonts#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts
	expanded: /home/[REDACTED]/.fonts
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/[REDACTED]/.fonts.conf#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf
	expanded: /home/[REDACTED]/.fonts.conf
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/[REDACTED]/.fonts.conf.d#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf.d
	expanded: /home/[REDACTED]/.fonts.conf.d
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/[REDACTED]/.fonts.d#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.d
	expanded: /home/[REDACTED]/.fonts.d
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/[REDACTED]/.local/share/fonts#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/fonts
	expanded: /home/[REDACTED]/.local/share/fonts
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/[REDACTED]/.pangorc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.pangorc
	expanded: /home/[REDACTED]/.pangorc
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/[REDACTED]/.config/gtk-2.0#, whitelist
Debug 571: fname #/home/[REDACTED]/.config/gtk-2.0#, cfg.homedir #/home/[REDACTED]#
Replaced whitelist path: whitelist /home/[REDACTED]/.config/gtk-2.0
Debug 456: new_name #/home/[REDACTED]/.config/gtk-3.0#, whitelist
Debug 571: fname #/home/[REDACTED]/.config/gtk-3.0#, cfg.homedir #/home/[REDACTED]#
Replaced whitelist path: whitelist /home/[REDACTED]/.config/gtk-3.0
Debug 456: new_name #/home/[REDACTED]/.config/gtk-4.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtk-4.0
	expanded: /home/[REDACTED]/.config/gtk-4.0
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/[REDACTED]/.config/gtkrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc
	expanded: /home/[REDACTED]/.config/gtkrc
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/[REDACTED]/.config/gtkrc-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc-2.0
	expanded: /home/[REDACTED]/.config/gtkrc-2.0
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/[REDACTED]/.gnome2#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2
	expanded: /home/[REDACTED]/.gnome2
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/[REDACTED]/.gnome2-private#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2-private
	expanded: /home/[REDACTED]/.gnome2-private
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/[REDACTED]/.gtk-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtk-2.0
	expanded: /home/[REDACTED]/.gtk-2.0
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/[REDACTED]/.gtkrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtkrc
	expanded: /home/[REDACTED]/.gtkrc
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/[REDACTED]/.gtkrc-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtkrc-2.0
	expanded: /home/[REDACTED]/.gtkrc-2.0
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/[REDACTED]/.kde/share/config/gtkrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc
	expanded: /home/[REDACTED]/.kde/share/config/gtkrc
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/[REDACTED]/.kde/share/config/gtkrc-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc-2.0
	expanded: /home/[REDACTED]/.kde/share/config/gtkrc-2.0
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/[REDACTED]/.kde4/share/config/gtkrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc
	expanded: /home/[REDACTED]/.kde4/share/config/gtkrc
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/[REDACTED]/.kde4/share/config/gtkrc-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc-2.0
	expanded: /home/[REDACTED]/.kde4/share/config/gtkrc-2.0
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/[REDACTED]/.local/share/themes#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/themes
	expanded: /home/[REDACTED]/.local/share/themes
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/[REDACTED]/.themes#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.themes
	expanded: /home/[REDACTED]/.themes
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/[REDACTED]/.cache/kioexec/krun#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.cache/kioexec/krun
	expanded: /home/[REDACTED]/.cache/kioexec/krun
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/[REDACTED]/.config/Kvantum#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/Kvantum
	expanded: /home/[REDACTED]/.config/Kvantum
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/[REDACTED]/.config/Trolltech.conf#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/Trolltech.conf
	expanded: /home/[REDACTED]/.config/Trolltech.conf
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/[REDACTED]/.config/kdeglobals#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kdeglobals
	expanded: /home/[REDACTED]/.config/kdeglobals
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/[REDACTED]/.config/kio_httprc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kio_httprc
	expanded: /home/[REDACTED]/.config/kio_httprc
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/[REDACTED]/.config/kioslaverc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kioslaverc
	expanded: /home/[REDACTED]/.config/kioslaverc
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/[REDACTED]/.config/ksslcablacklist#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/ksslcablacklist
	expanded: /home/[REDACTED]/.config/ksslcablacklist
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/[REDACTED]/.config/qt5ct#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/qt5ct
	expanded: /home/[REDACTED]/.config/qt5ct
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/[REDACTED]/.kde/share/config/kdeglobals#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kdeglobals
	expanded: /home/[REDACTED]/.kde/share/config/kdeglobals
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/[REDACTED]/.kde/share/config/kio_httprc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kio_httprc
	expanded: /home/[REDACTED]/.kde/share/config/kio_httprc
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/[REDACTED]/.kde/share/config/kioslaverc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kioslaverc
	expanded: /home/[REDACTED]/.kde/share/config/kioslaverc
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/[REDACTED]/.kde/share/config/ksslcablacklist#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/ksslcablacklist
	expanded: /home/[REDACTED]/.kde/share/config/ksslcablacklist
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/[REDACTED]/.kde/share/config/oxygenrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/oxygenrc
	expanded: /home/[REDACTED]/.kde/share/config/oxygenrc
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/[REDACTED]/.kde/share/icons#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/icons
	expanded: /home/[REDACTED]/.kde/share/icons
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/[REDACTED]/.kde4/share/config/kdeglobals#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kdeglobals
	expanded: /home/[REDACTED]/.kde4/share/config/kdeglobals
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/[REDACTED]/.kde4/share/config/kio_httprc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kio_httprc
	expanded: /home/[REDACTED]/.kde4/share/config/kio_httprc
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/[REDACTED]/.kde4/share/config/kioslaverc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kioslaverc
	expanded: /home/[REDACTED]/.kde4/share/config/kioslaverc
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/[REDACTED]/.kde4/share/config/ksslcablacklist#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/ksslcablacklist
	expanded: /home/[REDACTED]/.kde4/share/config/ksslcablacklist
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/[REDACTED]/.kde4/share/config/oxygenrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/oxygenrc
	expanded: /home/[REDACTED]/.kde4/share/config/oxygenrc
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/[REDACTED]/.kde4/share/icons#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/icons
	expanded: /home/[REDACTED]/.kde4/share/icons
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/[REDACTED]/.local/share/qt5ct#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/qt5ct
	expanded: /home/[REDACTED]/.local/share/qt5ct
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/var/lib/ca-certificates#, whitelist
Removed whitelist/nowhitelist path: whitelist /var/lib/ca-certificates
	expanded: /var/lib/ca-certificates
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/var/lib/dbus#, whitelist
Debug 456: new_name #/var/lib/menu-xdg#, whitelist
Removed whitelist/nowhitelist path: whitelist /var/lib/menu-xdg
	expanded: /var/lib/menu-xdg
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/var/lib/uim#, whitelist
Removed whitelist/nowhitelist path: whitelist /var/lib/uim
	expanded: /var/lib/uim
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/var/cache/fontconfig#, whitelist
Debug 456: new_name #/var/tmp#, whitelist
Debug 456: new_name #/var/run#, whitelist
Replaced whitelist path: whitelist /run
Debug 456: new_name #/var/lock#, whitelist
Replaced whitelist path: whitelist /run/lock
Debug 456: new_name #/tmp/.X11-unix#, whitelist
Mounting tmpfs on /tmp directory
Mounting tmpfs on /var directory
Mounting tmpfs on /usr/share directory
Mounting a new /root directory
Mounting a new /home directory
Create a new user directory
Drop privileges: pid 3, uid 1000, gid 1000, nogroups 0
Supplementary groups: 986 
Whitelisting /home/[REDACTED]/.cache/mozilla/firefox
1997 680 0:49 /[REDACTED]/.cache/mozilla/firefox /home/[REDACTED]/.cache/mozilla/firefox rw,relatime master:74 - btrfs /dev/mapper/crypthome rw,space_cache,subvolid=5,subvol=/
mountid=1997 fsname=/[REDACTED]/.cache/mozilla/firefox dir=/home/[REDACTED]/.cache/mozilla/firefox fstype=btrfs
Whitelisting /home/[REDACTED]/.mozilla
1998 680 0:49 /[REDACTED]/.mozilla /home/[REDACTED]/.mozilla rw,relatime master:74 - btrfs /dev/mapper/crypthome rw,space_cache,subvolid=5,subvol=/
mountid=1998 fsname=/[REDACTED]/.mozilla dir=/home/[REDACTED]/.mozilla fstype=btrfs
Whitelisting /usr/share/doc
1999 628 254:3 /usr/share/doc /usr/share/doc ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix
mountid=1999 fsname=/usr/share/doc dir=/usr/share/doc fstype=f2fs
Whitelisting /usr/share/gtk-doc/html
2000 628 254:3 /usr/share/gtk-doc/html /usr/share/gtk-doc/html ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix
mountid=2000 fsname=/usr/share/gtk-doc/html dir=/usr/share/gtk-doc/html fstype=f2fs
Whitelisting /usr/share/alsa
2001 628 254:3 /usr/share/alsa /usr/share/alsa ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix
mountid=2001 fsname=/usr/share/alsa dir=/usr/share/alsa fstype=f2fs
Whitelisting /usr/share/applications
2002 628 254:3 /usr/share/applications /usr/share/applications ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix
mountid=2002 fsname=/usr/share/applications dir=/usr/share/applications fstype=f2fs
Whitelisting /usr/share/ca-certificates
2003 628 254:3 /usr/share/ca-certificates /usr/share/ca-certificates ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix
mountid=2003 fsname=/usr/share/ca-certificates dir=/usr/share/ca-certificates fstype=f2fs
Whitelisting /usr/share/drirc.d
2004 628 254:3 /usr/share/drirc.d /usr/share/drirc.d ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix
mountid=2004 fsname=/usr/share/drirc.d dir=/usr/share/drirc.d fstype=f2fs
Whitelisting /usr/share/enchant
2005 628 254:3 /usr/share/enchant /usr/share/enchant ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix
mountid=2005 fsname=/usr/share/enchant dir=/usr/share/enchant fstype=f2fs
Whitelisting /usr/share/file
2006 628 254:3 /usr/share/file /usr/share/file ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix
mountid=2006 fsname=/usr/share/file dir=/usr/share/file fstype=f2fs
Whitelisting /usr/share/fonts
2007 628 254:3 /usr/share/fonts /usr/share/fonts ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix
mountid=2007 fsname=/usr/share/fonts dir=/usr/share/fonts fstype=f2fs
Whitelisting /usr/share/gir-1.0
2008 628 254:3 /usr/share/gir-1.0 /usr/share/gir-1.0 ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix
mountid=2008 fsname=/usr/share/gir-1.0 dir=/usr/share/gir-1.0 fstype=f2fs
Whitelisting /usr/share/glib-2.0
2009 628 254:3 /usr/share/glib-2.0 /usr/share/glib-2.0 ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix
mountid=2009 fsname=/usr/share/glib-2.0 dir=/usr/share/glib-2.0 fstype=f2fs
Whitelisting /usr/share/glvnd
2010 628 254:3 /usr/share/glvnd /usr/share/glvnd ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix
mountid=2010 fsname=/usr/share/glvnd dir=/usr/share/glvnd fstype=f2fs
Whitelisting /usr/share/gtk-2.0
2011 628 254:3 /usr/share/gtk-2.0 /usr/share/gtk-2.0 ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix
mountid=2011 fsname=/usr/share/gtk-2.0 dir=/usr/share/gtk-2.0 fstype=f2fs
Whitelisting /usr/share/gtk-3.0
2012 628 254:3 /usr/share/gtk-3.0 /usr/share/gtk-3.0 ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix
mountid=2012 fsname=/usr/share/gtk-3.0 dir=/usr/share/gtk-3.0 fstype=f2fs
Whitelisting /usr/share/hunspell
2013 628 254:3 /usr/share/hunspell /usr/share/hunspell ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix
mountid=2013 fsname=/usr/share/hunspell dir=/usr/share/hunspell fstype=f2fs
Whitelisting /usr/share/hwdata
2014 628 254:3 /usr/share/hwdata /usr/share/hwdata ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix
mountid=2014 fsname=/usr/share/hwdata dir=/usr/share/hwdata fstype=f2fs
Whitelisting /usr/share/icons
2015 628 254:3 /usr/share/icons /usr/share/icons ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix
mountid=2015 fsname=/usr/share/icons dir=/usr/share/icons fstype=f2fs
Whitelisting /usr/share/icu
2016 628 254:3 /usr/share/icu /usr/share/icu ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix
mountid=2016 fsname=/usr/share/icu dir=/usr/share/icu fstype=f2fs
Whitelisting /usr/share/knotifications5
2017 628 254:3 /usr/share/knotifications5 /usr/share/knotifications5 ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix
mountid=2017 fsname=/usr/share/knotifications5 dir=/usr/share/knotifications5 fstype=f2fs
Whitelisting /usr/share/kservices5
2018 628 254:3 /usr/share/kservices5 /usr/share/kservices5 ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix
mountid=2018 fsname=/usr/share/kservices5 dir=/usr/share/kservices5 fstype=f2fs
Whitelisting /usr/share/kxmlgui5
2019 628 254:3 /usr/share/kxmlgui5 /usr/share/kxmlgui5 ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix
mountid=2019 fsname=/usr/share/kxmlgui5 dir=/usr/share/kxmlgui5 fstype=f2fs
Whitelisting /usr/share/libdrm
2020 628 254:3 /usr/share/libdrm /usr/share/libdrm ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix
mountid=2020 fsname=/usr/share/libdrm dir=/usr/share/libdrm fstype=f2fs
Whitelisting /usr/share/libthai
2021 628 254:3 /usr/share/libthai /usr/share/libthai ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix
mountid=2021 fsname=/usr/share/libthai dir=/usr/share/libthai fstype=f2fs
Whitelisting /usr/share/locale
2022 628 254:3 /usr/share/locale /usr/share/locale ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix
mountid=2022 fsname=/usr/share/locale dir=/usr/share/locale fstype=f2fs
Whitelisting /usr/share/mime
2023 628 254:3 /usr/share/mime /usr/share/mime ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix
mountid=2023 fsname=/usr/share/mime dir=/usr/share/mime fstype=f2fs
Whitelisting /usr/share/misc
2024 628 254:3 /usr/share/misc /usr/share/misc ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix
mountid=2024 fsname=/usr/share/misc dir=/usr/share/misc fstype=f2fs
Whitelisting /usr/share/myspell
2025 628 254:3 /usr/share/myspell /usr/share/myspell ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix
mountid=2025 fsname=/usr/share/myspell dir=/usr/share/myspell fstype=f2fs
Whitelisting /usr/share/p11-kit
2026 628 254:3 /usr/share/p11-kit /usr/share/p11-kit ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix
mountid=2026 fsname=/usr/share/p11-kit dir=/usr/share/p11-kit fstype=f2fs
Whitelisting /usr/share/perl5
2027 628 254:3 /usr/share/perl5 /usr/share/perl5 ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix
mountid=2027 fsname=/usr/share/perl5 dir=/usr/share/perl5 fstype=f2fs
Whitelisting /usr/share/pixmaps
2028 628 254:3 /usr/share/pixmaps /usr/share/pixmaps ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix
mountid=2028 fsname=/usr/share/pixmaps dir=/usr/share/pixmaps fstype=f2fs
Whitelisting /usr/share/qt
2029 628 254:3 /usr/share/qt /usr/share/qt ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix
mountid=2029 fsname=/usr/share/qt dir=/usr/share/qt fstype=f2fs
Whitelisting /usr/share/sounds
2030 628 254:3 /usr/share/sounds /usr/share/sounds ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix
mountid=2030 fsname=/usr/share/sounds dir=/usr/share/sounds fstype=f2fs
Whitelisting /usr/share/terminfo
2031 628 254:3 /usr/share/terminfo /usr/share/terminfo ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix
mountid=2031 fsname=/usr/share/terminfo dir=/usr/share/terminfo fstype=f2fs
Whitelisting /usr/share/themes
2032 628 254:3 /usr/share/themes /usr/share/themes ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix
mountid=2032 fsname=/usr/share/themes dir=/usr/share/themes fstype=f2fs
Whitelisting /usr/share/X11
2033 628 254:3 /usr/share/X11 /usr/share/X11 ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix
mountid=2033 fsname=/usr/share/X11 dir=/usr/share/X11 fstype=f2fs
Whitelisting /usr/share/xml
2034 628 254:3 /usr/share/xml /usr/share/xml ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix
mountid=2034 fsname=/usr/share/xml dir=/usr/share/xml fstype=f2fs
Whitelisting /usr/share/zoneinfo
2035 628 254:3 /usr/share/zoneinfo /usr/share/zoneinfo ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix
mountid=2035 fsname=/usr/share/zoneinfo dir=/usr/share/zoneinfo fstype=f2fs
Whitelisting /home/[REDACTED]/Downloads
2036 680 0:49 /[REDACTED]/Downloads /home/[REDACTED]/Downloads rw,relatime master:74 - btrfs /dev/mapper/crypthome rw,space_cache,subvolid=5,subvol=/
mountid=2036 fsname=/[REDACTED]/Downloads dir=/home/[REDACTED]/Downloads fstype=btrfs
Whitelisting /home/[REDACTED]/.pki
2037 680 0:49 /[REDACTED]/.pki /home/[REDACTED]/.pki rw,relatime master:74 - btrfs /dev/mapper/crypthome rw,space_cache,subvolid=5,subvol=/
mountid=2037 fsname=/[REDACTED]/.pki dir=/home/[REDACTED]/.pki fstype=btrfs
Whitelisting /home/[REDACTED]/.local/share/pki
2038 680 0:49 /[REDACTED]/.local/share/pki /home/[REDACTED]/.local/share/pki rw,relatime master:74 - btrfs /dev/mapper/crypthome rw,space_cache,subvolid=5,subvol=/
mountid=2038 fsname=/[REDACTED]/.local/share/pki dir=/home/[REDACTED]/.local/share/pki fstype=btrfs
Whitelisting /home/[REDACTED]/.config/mimeapps.list
2039 680 0:49 /[REDACTED]/.config/mimeapps.list /home/[REDACTED]/.config/mimeapps.list rw,relatime master:74 - btrfs /dev/mapper/crypthome rw,space_cache,subvolid=5,subvol=/
mountid=2039 fsname=/[REDACTED]/.config/mimeapps.list dir=/home/[REDACTED]/.config/mimeapps.list fstype=btrfs
Whitelisting /home/[REDACTED]/.local/share/applications
2040 680 0:49 /[REDACTED]/.local/share/applications /home/[REDACTED]/.local/share/applications rw,relatime master:74 - btrfs /dev/mapper/crypthome rw,space_cache,subvolid=5,subvol=/
mountid=2040 fsname=/[REDACTED]/.local/share/applications dir=/home/[REDACTED]/.local/share/applications fstype=btrfs
Whitelisting /home/[REDACTED]/.local/share/mime
2041 680 0:49 /[REDACTED]/.local/share/mime /home/[REDACTED]/.local/share/mime rw,relatime master:74 - btrfs /dev/mapper/crypthome rw,space_cache,subvolid=5,subvol=/
mountid=2041 fsname=/[REDACTED]/.local/share/mime dir=/home/[REDACTED]/.local/share/mime fstype=btrfs
Whitelisting /home/[REDACTED]/.config/dconf
2042 680 0:49 /[REDACTED]/.config/dconf /home/[REDACTED]/.config/dconf rw,relatime master:74 - btrfs /dev/mapper/crypthome rw,space_cache,subvolid=5,subvol=/
mountid=2042 fsname=/[REDACTED]/.config/dconf dir=/home/[REDACTED]/.config/dconf fstype=btrfs
Whitelisting /home/[REDACTED]/.cache/fontconfig
2043 680 0:49 /[REDACTED]/.cache/fontconfig /home/[REDACTED]/.cache/fontconfig rw,relatime master:74 - btrfs /dev/mapper/crypthome rw,space_cache,subvolid=5,subvol=/
mountid=2043 fsname=/[REDACTED]/.cache/fontconfig dir=/home/[REDACTED]/.cache/fontconfig fstype=btrfs
Whitelisting /home/[REDACTED]/.config/gtk-2.0
2044 680 0:49 /[REDACTED]/.config/gtk-2.0 /home/[REDACTED]/.config/gtk-2.0 rw,relatime master:74 - btrfs /dev/mapper/crypthome rw,space_cache,subvolid=5,subvol=/
mountid=2044 fsname=/[REDACTED]/.config/gtk-2.0 dir=/home/[REDACTED]/.config/gtk-2.0 fstype=btrfs
Whitelisting /home/[REDACTED]/.config/gtk-3.0
2045 680 0:49 /[REDACTED]/.config/gtk-3.0 /home/[REDACTED]/.config/gtk-3.0 rw,relatime master:74 - btrfs /dev/mapper/crypthome rw,space_cache,subvolid=5,subvol=/
mountid=2045 fsname=/[REDACTED]/.config/gtk-3.0 dir=/home/[REDACTED]/.config/gtk-3.0 fstype=btrfs
Whitelisting /var/lib/dbus
2046 508 0:50 /lib/dbus /var/lib/dbus ro,nosuid,nodev,noexec,relatime master:72 - btrfs /dev/mapper/cryptvar rw,space_cache,subvolid=5,subvol=/
mountid=2046 fsname=/lib/dbus dir=/var/lib/dbus fstype=btrfs
Whitelisting /var/cache/fontconfig
2047 508 0:50 /cache/fontconfig /var/cache/fontconfig ro,nosuid,nodev,noexec,relatime master:72 - btrfs /dev/mapper/cryptvar rw,space_cache,subvolid=5,subvol=/
mountid=2047 fsname=/cache/fontconfig dir=/var/cache/fontconfig fstype=btrfs
Whitelisting /var/tmp
2048 508 0:167 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw,inode64
mountid=2048 fsname=/ dir=/var/tmp fstype=tmpfs
Created symbolic link /var/run -> /run
Created symbolic link /var/lock -> /run/lock
Whitelisting /tmp/.X11-unix
2049 493 0:46 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev master:33 - tmpfs tmpfs rw,nr_inodes=409600,inode64
mountid=2049 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Disable /etc/xdg/autostart
Mounting read-only /home/[REDACTED]/.config/dconf
2055 2042 0:49 /[REDACTED]/.config/dconf /home/[REDACTED]/.config/dconf ro,relatime master:74 - btrfs /dev/mapper/crypthome rw,space_cache,subvolid=5,subvol=/
mountid=2055 fsname=/[REDACTED]/.config/dconf dir=/home/[REDACTED]/.config/dconf fstype=btrfs
Disable /usr/bin/systemd-run
Disable /run/user/1000/systemd
Disable /etc/profile.d
Disable /etc/kernel
Disable /etc/grub.d
Disable /etc/apparmor
Disable /etc/apparmor.d
Disable /etc/modules-load.d
Disable /etc/logrotate.conf
Disable /etc/logrotate.d
Mounting read-only /home/[REDACTED]/.bashrc
2066 680 0:179 /[REDACTED]/.bashrc /home/[REDACTED]/.bashrc ro,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64
mountid=2066 fsname=/[REDACTED]/.bashrc dir=/home/[REDACTED]/.bashrc fstype=tmpfs
Mounting read-only /home/[REDACTED]/.local/share/applications
2067 2040 0:49 /[REDACTED]/.local/share/applications /home/[REDACTED]/.local/share/applications ro,relatime master:74 - btrfs /dev/mapper/crypthome rw,space_cache,subvolid=5,subvol=/
mountid=2067 fsname=/[REDACTED]/.local/share/applications dir=/home/[REDACTED]/.local/share/applications fstype=btrfs
Mounting read-only /home/[REDACTED]/.config/mimeapps.list
2068 2039 0:49 /[REDACTED]/.config/mimeapps.list /home/[REDACTED]/.config/mimeapps.list ro,relatime master:74 - btrfs /dev/mapper/crypthome rw,space_cache,subvolid=5,subvol=/
mountid=2068 fsname=/[REDACTED]/.config/mimeapps.list dir=/home/[REDACTED]/.config/mimeapps.list fstype=btrfs
Mounting read-only /home/[REDACTED]/.local/share/mime
2069 2041 0:49 /[REDACTED]/.local/share/mime /home/[REDACTED]/.local/share/mime ro,relatime master:74 - btrfs /dev/mapper/crypthome rw,space_cache,subvolid=5,subvol=/
mountid=2069 fsname=/[REDACTED]/.local/share/mime dir=/home/[REDACTED]/.local/share/mime fstype=btrfs
Not blacklist /home/[REDACTED]/.pki
Not blacklist /home/[REDACTED]/.local/share/pki
Disable /etc/group-
Disable /etc/gshadow
Disable /etc/gshadow-
Disable /etc/passwd-
Disable /etc/shadow
Disable /etc/shadow-
Disable /etc/ssh
Warning: /sbin directory link was not blacklisted
Disable /usr/local/sbin
Warning: /usr/sbin directory link was not blacklisted
Disable /usr/bin/chage
Disable /usr/bin/chfn
Disable /usr/bin/chsh
Disable /usr/bin/expiry
Disable /usr/bin/fusermount
Disable /usr/bin/gpasswd
Disable /usr/bin/ksu
Disable /usr/bin/mount
Disable /usr/bin/nc
Disable /usr/bin/newgidmap
Disable /usr/bin/newgrp
Disable /usr/bin/newuidmap
Disable /usr/bin/ntfs-3g
Disable /usr/bin/pkexec
Disable /usr/bin/sg
Disable /usr/bin/su
Disable /usr/bin/sudo
Disable /usr/bin/umount
Disable /usr/bin/unix_chkpwd
Disable /usr/lib/virtualbox
Disable /usr/lib/virtualbox (requested /usr/lib64/virtualbox)
Disable /usr/bin/bwrap
Disable /proc/config.gz
Disable /usr/bin/resolvectl
Disable /run/user/1000/wayland-0.lock
Disable /usr/bin/as
Disable /usr/bin/gcc (requested /usr/bin/cc)
Disable /usr/bin/c++filt
Disable /usr/bin/c++
Disable /usr/bin/c89
Disable /usr/bin/c99
Disable /usr/bin/cpp
Disable /usr/bin/g++
Disable /usr/bin/gcc-nm
Disable /usr/bin/gcc-ar
Disable /usr/bin/gcc
Disable /usr/bin/gcc-ranlib
Disable /usr/bin/ld
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-ar
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-ranlib
Disable /usr/bin/x86_64-pc-linux-gnu-gcc
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-nm
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-10.2.0
Disable /usr/bin/x86_64-pc-linux-gnu-g++
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-ar
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-ranlib
Disable /usr/bin/x86_64-pc-linux-gnu-gcc
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-nm
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-10.2.0
Disable /usr/bin/x86_64-pc-linux-gnu-g++
Disable /usr/lib/jvm/java-14-openjdk/bin/java (requested /usr/bin/java)
Disable /usr/lib/jvm/java-14-openjdk/bin/java (requested /usr/lib/jvm/default/bin/java)
Disable /usr/lib/jvm/java-14-openjdk/bin/javac (requested /usr/lib/jvm/default/bin/javac)
Disable /usr/bin/openssl
Disable /usr/bin/openssl-1.0
Disable /usr/bin/rust-gdb
Disable /usr/bin/rust-lldb
Disable /usr/bin/rustc
Disable /usr/src
Disable /usr/local/src
Disable /usr/include
Disable /usr/local/include
Mounting noexec /home/[REDACTED]/.cache/mozilla/firefox
2140 1997 0:49 /[REDACTED]/.cache/mozilla/firefox /home/[REDACTED]/.cache/mozilla/firefox rw,nosuid,nodev,noexec,relatime master:74 - btrfs /dev/mapper/crypthome rw,space_cache,subvolid=5,subvol=/
mountid=2140 fsname=/[REDACTED]/.cache/mozilla/firefox dir=/home/[REDACTED]/.cache/mozilla/firefox fstype=btrfs
Mounting noexec /home/[REDACTED]/.mozilla
2141 1998 0:49 /[REDACTED]/.mozilla /home/[REDACTED]/.mozilla rw,nosuid,nodev,noexec,relatime master:74 - btrfs /dev/mapper/crypthome rw,space_cache,subvolid=5,subvol=/
mountid=2141 fsname=/[REDACTED]/.mozilla dir=/home/[REDACTED]/.mozilla fstype=btrfs
Mounting noexec /home/[REDACTED]/Downloads
2142 2036 0:49 /[REDACTED]/Downloads /home/[REDACTED]/Downloads rw,nosuid,nodev,noexec,relatime master:74 - btrfs /dev/mapper/crypthome rw,space_cache,subvolid=5,subvol=/
mountid=2142 fsname=/[REDACTED]/Downloads dir=/home/[REDACTED]/Downloads fstype=btrfs
Mounting noexec /home/[REDACTED]/.pki
2143 2037 0:49 /[REDACTED]/.pki /home/[REDACTED]/.pki rw,nosuid,nodev,noexec,relatime master:74 - btrfs /dev/mapper/crypthome rw,space_cache,subvolid=5,subvol=/
mountid=2143 fsname=/[REDACTED]/.pki dir=/home/[REDACTED]/.pki fstype=btrfs
Mounting noexec /home/[REDACTED]/.local/share/pki
2144 2038 0:49 /[REDACTED]/.local/share/pki /home/[REDACTED]/.local/share/pki rw,nosuid,nodev,noexec,relatime master:74 - btrfs /dev/mapper/crypthome rw,space_cache,subvolid=5,subvol=/
mountid=2144 fsname=/[REDACTED]/.local/share/pki dir=/home/[REDACTED]/.local/share/pki fstype=btrfs
Mounting noexec /home/[REDACTED]/.config/mimeapps.list
2145 2068 0:49 /[REDACTED]/.config/mimeapps.list /home/[REDACTED]/.config/mimeapps.list ro,nosuid,nodev,noexec,relatime master:74 - btrfs /dev/mapper/crypthome rw,space_cache,subvolid=5,subvol=/
mountid=2145 fsname=/[REDACTED]/.config/mimeapps.list dir=/home/[REDACTED]/.config/mimeapps.list fstype=btrfs
Mounting noexec /home/[REDACTED]/.local/share/applications
2146 2067 0:49 /[REDACTED]/.local/share/applications /home/[REDACTED]/.local/share/applications ro,nosuid,nodev,noexec,relatime master:74 - btrfs /dev/mapper/crypthome rw,space_cache,subvolid=5,subvol=/
mountid=2146 fsname=/[REDACTED]/.local/share/applications dir=/home/[REDACTED]/.local/share/applications fstype=btrfs
Mounting noexec /home/[REDACTED]/.local/share/mime
2147 2069 0:49 /[REDACTED]/.local/share/mime /home/[REDACTED]/.local/share/mime ro,nosuid,nodev,noexec,relatime master:74 - btrfs /dev/mapper/crypthome rw,space_cache,subvolid=5,subvol=/
mountid=2147 fsname=/[REDACTED]/.local/share/mime dir=/home/[REDACTED]/.local/share/mime fstype=btrfs
Mounting noexec /home/[REDACTED]/.config/dconf
2148 2055 0:49 /[REDACTED]/.config/dconf /home/[REDACTED]/.config/dconf ro,nosuid,nodev,noexec,relatime master:74 - btrfs /dev/mapper/crypthome rw,space_cache,subvolid=5,subvol=/
mountid=2148 fsname=/[REDACTED]/.config/dconf dir=/home/[REDACTED]/.config/dconf fstype=btrfs
Mounting noexec /home/[REDACTED]/.cache/fontconfig
2149 2043 0:49 /[REDACTED]/.cache/fontconfig /home/[REDACTED]/.cache/fontconfig rw,nosuid,nodev,noexec,relatime master:74 - btrfs /dev/mapper/crypthome rw,space_cache,subvolid=5,subvol=/
mountid=2149 fsname=/[REDACTED]/.cache/fontconfig dir=/home/[REDACTED]/.cache/fontconfig fstype=btrfs
Mounting noexec /home/[REDACTED]/.config/gtk-2.0
2150 2044 0:49 /[REDACTED]/.config/gtk-2.0 /home/[REDACTED]/.config/gtk-2.0 rw,nosuid,nodev,noexec,relatime master:74 - btrfs /dev/mapper/crypthome rw,space_cache,subvolid=5,subvol=/
mountid=2150 fsname=/[REDACTED]/.config/gtk-2.0 dir=/home/[REDACTED]/.config/gtk-2.0 fstype=btrfs
Mounting noexec /home/[REDACTED]/.config/gtk-3.0
2151 2045 0:49 /[REDACTED]/.config/gtk-3.0 /home/[REDACTED]/.config/gtk-3.0 rw,nosuid,nodev,noexec,relatime master:74 - btrfs /dev/mapper/crypthome rw,space_cache,subvolid=5,subvol=/
mountid=2151 fsname=/[REDACTED]/.config/gtk-3.0 dir=/home/[REDACTED]/.config/gtk-3.0 fstype=btrfs
Mounting noexec /run/user/1000
2156 2152 0:25 /firejail/firejail.ro.file /run/user/1000/wayland-0.lock rw,nosuid,nodev master:24 - tmpfs tmpfs rw,size=1190016k,nr_inodes=819200,mode=755,inode64
mountid=2156 fsname=/firejail/firejail.ro.file dir=/run/user/1000/wayland-0.lock fstype=tmpfs
Mounting noexec /dev/shm
2157 481 0:173 /shm /dev/shm rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64
mountid=2157 fsname=/shm dir=/dev/shm fstype=tmpfs
Mounting noexec /tmp
2159 2158 0:46 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev master:33 - tmpfs tmpfs rw,nr_inodes=409600,inode64
mountid=2159 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Mounting noexec /tmp/.X11-unix
2160 2159 0:46 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev,noexec master:33 - tmpfs tmpfs rw,nr_inodes=409600,inode64
mountid=2160 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Mounting noexec /var
2164 2161 0:167 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw,inode64
mountid=2164 fsname=/ dir=/var/tmp fstype=tmpfs
Disable /usr/bin/lua
Disable /usr/bin/luahbtex
Disable /usr/bin/luahbtex (requested /usr/bin/lualatex)
Disable /usr/bin/luatex
Disable /usr/bin/luajithbtex
Disable /usr/bin/luajittex
Disable /usr/bin/luac
Disable /usr/bin/luajit-2.0.5 (requested /usr/bin/luajit)
Disable /usr/bin/luajit-2.0.5
Disable /usr/bin/lua5.2
Disable /usr/bin/lua (requested /usr/bin/lua5.4)
Disable /usr/bin/luac5.2
Disable /usr/bin/luac (requested /usr/bin/luac5.4)
Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib/liblua5.2.so.5.2)
Disable /usr/lib/libluajit-5.1.so.2.0.5 (requested /usr/lib/libluajit-5.1.so.2)
Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib/liblua.so.5.2.4)
Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib/liblua5.2.so)
Disable /usr/lib/liblua5.2.so.5.2.4
Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib/liblua.so.5.2)
Disable /usr/lib/liblua.so.5.4.1 (requested /usr/lib/liblua.so)
Disable /usr/lib/libluajit-5.1.so.2.0.5
Disable /usr/lib/liblua.so.5.4.1 (requested /usr/lib/liblua.so.5.4)
Disable /usr/lib/liblua.so.5.4.1
Disable /usr/lib/liblua.so.5.4.1 (requested /usr/lib/liblua5.4.so)
Disable /usr/lib/libluajit-5.1.so.2.0.5 (requested /usr/lib/libluajit-5.1.so)
Disable /usr/lib/lua
Disable /usr/lib/libmozjs-78.so (requested /usr/lib64/libmozjs-78.so)
Disable /usr/bin/node
Disable /usr/bin/core_perl/cpan
Disable /usr/bin/core_perl
Disable /usr/bin/perl
Disable /usr/bin/site_perl
Disable /usr/bin/vendor_perl
Disable /usr/lib/perl5
Disable /usr/share/perl5
Disable /usr/bin/ruby
Disable /usr/lib/ruby
Disable /usr/bin/python2.7-config
Disable /usr/bin/python2.7-config (requested /usr/bin/python2-config)
Disable /usr/bin/python2.7 (requested /usr/bin/python2)
Disable /usr/bin/python2.7
Disable /usr/lib/python2.7
Disable /usr/bin/python3.9 (requested /usr/bin/python3)
Disable /usr/bin/python3.9
Disable /usr/bin/python3.9-config (requested /usr/bin/python3-config)
Disable /usr/bin/python3.9-config
Disable /usr/lib/python3.6
Disable /usr/lib/python3.7
Disable /usr/lib/python3.9
Disable /usr/lib/python3.6 (requested /usr/lib64/python3.6)
Disable /usr/lib/python3.7 (requested /usr/lib64/python3.7)
Disable /usr/lib/python3.9 (requested /usr/lib64/python3.9)
Not blacklist /home/[REDACTED]/.mozilla
Not blacklist /home/[REDACTED]/.cache/mozilla
Mounting read-only /tmp/.X11-unix
2217 2160 0:46 /.X11-unix /tmp/.X11-unix ro,nosuid,nodev,noexec master:33 - tmpfs tmpfs rw,nr_inodes=409600,inode64
mountid=2217 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Disable /sys/fs
Disable /sys/module
Disable /mnt
Disable /run/mount
Disable /run/media
Mounting noexec /run/firejail/mnt/pulse
2223 445 0:163 /pulse /run/firejail/mnt/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64
mountid=2223 fsname=/pulse dir=/run/firejail/mnt/pulse fstype=tmpfs
Creating empty /home/[REDACTED]/.config/pulse directory
Drop privileges: pid 4, uid 1000, gid 1000, nogroups 0
Supplementary groups: 986 
Mounting /run/firejail/mnt/pulse on /home/[REDACTED]/.config/pulse
2224 680 0:163 /pulse /home/[REDACTED]/.config/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64
mountid=2224 fsname=/pulse dir=/home/[REDACTED]/.config/pulse fstype=tmpfs
Current directory: /home/[REDACTED]
DISPLAY=:0 parsed as 0
Install protocol filter: unix,inet,inet6,netlink
configuring 22 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol
sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol 
Dropping all capabilities
Drop privileges: pid 5, uid 1000, gid 1000, nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 04 00 c000003e   jeq ARCH_64 0006 (false 0002)
 0002: 20 00 00 00000000   ld  data.syscall-number
 0003: 15 01 00 00000167   jeq unknown 0005 (false 0004)
 0004: 06 00 00 7fff0000   ret ALLOW
 0005: 05 00 00 00000006   jmp 000c
 0006: 20 00 00 00000004   ld  data.architecture
 0007: 15 01 00 c000003e   jeq ARCH_64 0009 (false 0008)
 0008: 06 00 00 7fff0000   ret ALLOW
 0009: 20 00 00 00000000   ld  data.syscall-number
 000a: 15 01 00 00000029   jeq socket 000c (false 000b)
 000b: 06 00 00 7fff0000   ret ALLOW
 000c: 20 00 00 00000010   ld  data.args[0]
 000d: 15 00 01 00000001   jeq 1 000e (false 000f)
 000e: 06 00 00 7fff0000   ret ALLOW
 000f: 15 00 01 00000002   jeq 2 0010 (false 0011)
 0010: 06 00 00 7fff0000   ret ALLOW
 0011: 15 00 01 0000000a   jeq a 0012 (false 0013)
 0012: 06 00 00 7fff0000   ret ALLOW
 0013: 15 00 01 00000010   jeq 10 0014 (false 0015)
 0014: 06 00 00 7fff0000   ret ALLOW
 0015: 06 00 00 0005005f   ret ERRNO(95)
configuring 101 seccomp entries in /run/firejail/mnt/seccomp/seccomp.32
sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.32 
Dropping all capabilities
Drop privileges: pid 6, uid 1000, gid 1000, nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 40000003   jeq ARCH_32 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 15 00 01 00000015   jeq 15 0005 (false 0006)
 0005: 06 00 00 00000001   ret KILL
 0006: 15 00 01 00000034   jeq 34 0007 (false 0008)
 0007: 06 00 00 00000001   ret KILL
 0008: 15 00 01 0000001a   jeq 1a 0009 (false 000a)
 0009: 06 00 00 00000001   ret KILL
 000a: 15 00 01 0000011b   jeq 11b 000b (false 000c)
 000b: 06 00 00 00000001   ret KILL
 000c: 15 00 01 00000155   jeq 155 000d (false 000e)
 000d: 06 00 00 00000001   ret KILL
 000e: 15 00 01 00000156   jeq 156 000f (false 0010)
 000f: 06 00 00 00000001   ret KILL
 0010: 15 00 01 0000007f   jeq 7f 0011 (false 0012)
 0011: 06 00 00 00000001   ret KILL
 0012: 15 00 01 00000080   jeq 80 0013 (false 0014)
 0013: 06 00 00 00000001   ret KILL
 0014: 15 00 01 0000015e   jeq 15e 0015 (false 0016)
 0015: 06 00 00 00000001   ret KILL
 0016: 15 00 01 00000081   jeq 81 0017 (false 0018)
 0017: 06 00 00 00000001   ret KILL
 0018: 15 00 01 0000006e   jeq 6e 0019 (false 001a)
 0019: 06 00 00 00000001   ret KILL
 001a: 15 00 01 00000065   jeq 65 001b (false 001c)
 001b: 06 00 00 00000001   ret KILL
 001c: 15 00 01 00000121   jeq 121 001d (false 001e)
 001d: 06 00 00 00000001   ret KILL
 001e: 15 00 01 00000057   jeq 57 001f (false 0020)
 001f: 06 00 00 00000001   ret KILL
 0020: 15 00 01 00000073   jeq 73 0021 (false 0022)
 0021: 06 00 00 00000001   ret KILL
 0022: 15 00 01 00000067   jeq 67 0023 (false 0024)
 0023: 06 00 00 00000001   ret KILL
 0024: 15 00 01 0000015b   jeq 15b 0025 (false 0026)
 0025: 06 00 00 00000001   ret KILL
 0026: 15 00 01 0000015c   jeq 15c 0027 (false 0028)
 0027: 06 00 00 00000001   ret KILL
 0028: 15 00 01 00000087   jeq 87 0029 (false 002a)
 0029: 06 00 00 00000001   ret KILL
 002a: 15 00 01 00000095   jeq 95 002b (false 002c)
 002b: 06 00 00 00000001   ret KILL
 002c: 15 00 01 0000007c   jeq 7c 002d (false 002e)
 002d: 06 00 00 00000001   ret KILL
 002e: 15 00 01 00000157   jeq 157 002f (false 0030)
 002f: 06 00 00 00000001   ret KILL
 0030: 15 00 01 000000fd   jeq fd 0031 (false 0032)
 0031: 06 00 00 00000001   ret KILL
 0032: 15 00 01 00000150   jeq 150 0033 (false 0034)
 0033: 06 00 00 00000001   ret KILL
 0034: 15 00 01 00000152   jeq 152 0035 (false 0036)
 0035: 06 00 00 00000001   ret KILL
 0036: 15 00 01 0000015d   jeq 15d 0037 (false 0038)
 0037: 06 00 00 00000001   ret KILL
 0038: 15 00 01 0000011e   jeq 11e 0039 (false 003a)
 0039: 06 00 00 00000001   ret KILL
 003a: 15 00 01 0000011f   jeq 11f 003b (false 003c)
 003b: 06 00 00 00000001   ret KILL
 003c: 15 00 01 00000120   jeq 120 003d (false 003e)
 003d: 06 00 00 00000001   ret KILL
 003e: 15 00 01 00000056   jeq 56 003f (false 0040)
 003f: 06 00 00 00000001   ret KILL
 0040: 15 00 01 00000033   jeq 33 0041 (false 0042)
 0041: 06 00 00 00000001   ret KILL
 0042: 15 00 01 0000007b   jeq 7b 0043 (false 0044)
 0043: 06 00 00 00000001   ret KILL
 0044: 15 00 01 000000d9   jeq d9 0045 (false 0046)
 0045: 06 00 00 00000001   ret KILL
 0046: 15 00 01 000000f5   jeq f5 0047 (false 0048)
 0047: 06 00 00 00000001   ret KILL
 0048: 15 00 01 000000f6   jeq f6 0049 (false 004a)
 0049: 06 00 00 00000001   ret KILL
 004a: 15 00 01 000000f7   jeq f7 004b (false 004c)
 004b: 06 00 00 00000001   ret KILL
 004c: 15 00 01 000000f8   jeq f8 004d (false 004e)
 004d: 06 00 00 00000001   ret KILL
 004e: 15 00 01 000000f9   jeq f9 004f (false 0050)
 004f: 06 00 00 00000001   ret KILL
 0050: 15 00 01 00000101   jeq 101 0051 (false 0052)
 0051: 06 00 00 00000001   ret KILL
 0052: 15 00 01 00000112   jeq 112 0053 (false 0054)
 0053: 06 00 00 00000001   ret KILL
 0054: 15 00 01 00000114   jeq 114 0055 (false 0056)
 0055: 06 00 00 00000001   ret KILL
 0056: 15 00 01 00000126   jeq 126 0057 (false 0058)
 0057: 06 00 00 00000001   ret KILL
 0058: 15 00 01 0000013d   jeq 13d 0059 (false 005a)
 0059: 06 00 00 00000001   ret KILL
 005a: 15 00 01 0000013c   jeq 13c 005b (false 005c)
 005b: 06 00 00 00000001   ret KILL
 005c: 15 00 01 0000003d   jeq 3d 005d (false 005e)
 005d: 06 00 00 00000001   ret KILL
 005e: 15 00 01 00000058   jeq 58 005f (false 0060)
 005f: 06 00 00 00000001   ret KILL
 0060: 15 00 01 000000a9   jeq a9 0061 (false 0062)
 0061: 06 00 00 00000001   ret KILL
 0062: 15 00 01 00000082   jeq 82 0063 (false 0064)
 0063: 06 00 00 00000001   ret KILL
 0064: 06 00 00 7fff0000   ret ALLOW
Dual 32/64 bit seccomp filter configured
Build default+drop seccomp filter
sbox run: /run/firejail/lib/fseccomp default drop /run/firejail/mnt/seccomp/seccomp /run/firejail/mnt/seccomp/seccomp.postexec !chroot 
Dropping all capabilities
Drop privileges: pid 7, uid 1000, gid 1000, nogroups 1
No supplementary groups
Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
sbox run: /run/firejail/lib/fsec-optimize /run/firejail/mnt/seccomp/seccomp 
Dropping all capabilities
Drop privileges: pid 8, uid 1000, gid 1000, nogroups 1
No supplementary groups
configuring 136 seccomp entries in /run/firejail/mnt/seccomp/seccomp
sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp 
Dropping all capabilities
Drop privileges: pid 9, uid 1000, gid 1000, nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 35 01 00 40000000   jge X32_ABI 0006 (false 0005)
 0005: 35 01 00 00000000   jge read 0007 (false 0006)
 0006: 06 00 00 00050001   ret ERRNO(1)
 0007: 15 00 01 000000a1   jeq chroot 0008 (false 0009)
 0008: 06 00 00 7fff0000   ret ALLOW
 0009: 15 00 01 0000009f   jeq adjtimex 000a (false 000b)
 000a: 06 00 00 00050001   ret ERRNO(1)
 000b: 15 00 01 00000131   jeq clock_adjtime 000c (false 000d)
 000c: 06 00 00 00050001   ret ERRNO(1)
 000d: 15 00 01 000000e3   jeq clock_settime 000e (false 000f)
 000e: 06 00 00 00050001   ret ERRNO(1)
 000f: 15 00 01 000000a4   jeq settimeofday 0010 (false 0011)
 0010: 06 00 00 00050001   ret ERRNO(1)
 0011: 15 00 01 0000009a   jeq modify_ldt 0012 (false 0013)
 0012: 06 00 00 00050001   ret ERRNO(1)
 0013: 15 00 01 000000d4   jeq lookup_dcookie 0014 (false 0015)
 0014: 06 00 00 00050001   ret ERRNO(1)
 0015: 15 00 01 0000012a   jeq perf_event_open 0016 (false 0017)
 0016: 06 00 00 00050001   ret ERRNO(1)
 0017: 15 00 01 00000137   jeq process_vm_writev 0018 (false 0019)
 0018: 06 00 00 00050001   ret ERRNO(1)
 0019: 15 00 01 000000b0   jeq delete_module 001a (false 001b)
 001a: 06 00 00 00050001   ret ERRNO(1)
 001b: 15 00 01 00000139   jeq finit_module 001c (false 001d)
 001c: 06 00 00 00050001   ret ERRNO(1)
 001d: 15 00 01 000000af   jeq init_module 001e (false 001f)
 001e: 06 00 00 00050001   ret ERRNO(1)
 001f: 15 00 01 000000a1   jeq chroot 0020 (false 0021)
 0020: 06 00 00 00050001   ret ERRNO(1)
 0021: 15 00 01 000000a5   jeq mount 0022 (false 0023)
 0022: 06 00 00 00050001   ret ERRNO(1)
 0023: 15 00 01 0000009b   jeq pivot_root 0024 (false 0025)
 0024: 06 00 00 00050001   ret ERRNO(1)
 0025: 15 00 01 000000a6   jeq umount2 0026 (false 0027)
 0026: 06 00 00 00050001   ret ERRNO(1)
 0027: 15 00 01 0000009c   jeq _sysctl 0028 (false 0029)
 0028: 06 00 00 00050001   ret ERRNO(1)
 0029: 15 00 01 000000b7   jeq afs_syscall 002a (false 002b)
 002a: 06 00 00 00050001   ret ERRNO(1)
 002b: 15 00 01 000000ae   jeq create_module 002c (false 002d)
 002c: 06 00 00 00050001   ret ERRNO(1)
 002d: 15 00 01 000000b1   jeq get_kernel_syms 002e (false 002f)
 002e: 06 00 00 00050001   ret ERRNO(1)
 002f: 15 00 01 000000b5   jeq getpmsg 0030 (false 0031)
 0030: 06 00 00 00050001   ret ERRNO(1)
 0031: 15 00 01 000000b6   jeq putpmsg 0032 (false 0033)
 0032: 06 00 00 00050001   ret ERRNO(1)
 0033: 15 00 01 000000b2   jeq query_module 0034 (false 0035)
 0034: 06 00 00 00050001   ret ERRNO(1)
 0035: 15 00 01 000000b9   jeq security 0036 (false 0037)
 0036: 06 00 00 00050001   ret ERRNO(1)
 0037: 15 00 01 0000008b   jeq sysfs 0038 (false 0039)
 0038: 06 00 00 00050001   ret ERRNO(1)
 0039: 15 00 01 000000b8   jeq tuxcall 003a (false 003b)
 003a: 06 00 00 00050001   ret ERRNO(1)
 003b: 15 00 01 00000086   jeq uselib 003c (false 003d)
 003c: 06 00 00 00050001   ret ERRNO(1)
 003d: 15 00 01 00000088   jeq ustat 003e (false 003f)
 003e: 06 00 00 00050001   ret ERRNO(1)
 003f: 15 00 01 000000ec   jeq vserver 0040 (false 0041)
 0040: 06 00 00 00050001   ret ERRNO(1)
 0041: 15 00 01 000000ad   jeq ioperm 0042 (false 0043)
 0042: 06 00 00 00050001   ret ERRNO(1)
 0043: 15 00 01 000000ac   jeq iopl 0044 (false 0045)
 0044: 06 00 00 00050001   ret ERRNO(1)
 0045: 15 00 01 000000f6   jeq kexec_load 0046 (false 0047)
 0046: 06 00 00 00050001   ret ERRNO(1)
 0047: 15 00 01 00000140   jeq kexec_file_load 0048 (false 0049)
 0048: 06 00 00 00050001   ret ERRNO(1)
 0049: 15 00 01 000000a9   jeq reboot 004a (false 004b)
 004a: 06 00 00 00050001   ret ERRNO(1)
 004b: 15 00 01 000000a7   jeq swapon 004c (false 004d)
 004c: 06 00 00 00050001   ret ERRNO(1)
 004d: 15 00 01 000000a8   jeq swapoff 004e (false 004f)
 004e: 06 00 00 00050001   ret ERRNO(1)
 004f: 15 00 01 00000130   jeq open_by_handle_at 0050 (false 0051)
 0050: 06 00 00 00050001   ret ERRNO(1)
 0051: 15 00 01 0000012f   jeq name_to_handle_at 0052 (false 0053)
 0052: 06 00 00 00050001   ret ERRNO(1)
 0053: 15 00 01 000000fb   jeq ioprio_set 0054 (false 0055)
 0054: 06 00 00 00050001   ret ERRNO(1)
 0055: 15 00 01 00000067   jeq syslog 0056 (false 0057)
 0056: 06 00 00 00050001   ret ERRNO(1)
 0057: 15 00 01 0000012c   jeq fanotify_init 0058 (false 0059)
 0058: 06 00 00 00050001   ret ERRNO(1)
 0059: 15 00 01 00000138   jeq kcmp 005a (false 005b)
 005a: 06 00 00 00050001   ret ERRNO(1)
 005b: 15 00 01 000000f8   jeq add_key 005c (false 005d)
 005c: 06 00 00 00050001   ret ERRNO(1)
 005d: 15 00 01 000000f9   jeq request_key 005e (false 005f)
 005e: 06 00 00 00050001   ret ERRNO(1)
 005f: 15 00 01 000000ed   jeq mbind 0060 (false 0061)
 0060: 06 00 00 00050001   ret ERRNO(1)
 0061: 15 00 01 00000100   jeq migrate_pages 0062 (false 0063)
 0062: 06 00 00 00050001   ret ERRNO(1)
 0063: 15 00 01 00000117   jeq move_pages 0064 (false 0065)
 0064: 06 00 00 00050001   ret ERRNO(1)
 0065: 15 00 01 000000fa   jeq keyctl 0066 (false 0067)
 0066: 06 00 00 00050001   ret ERRNO(1)
 0067: 15 00 01 000000ce   jeq io_setup 0068 (false 0069)
 0068: 06 00 00 00050001   ret ERRNO(1)
 0069: 15 00 01 000000cf   jeq io_destroy 006a (false 006b)
 006a: 06 00 00 00050001   ret ERRNO(1)
 006b: 15 00 01 000000d0   jeq io_getevents 006c (false 006d)
 006c: 06 00 00 00050001   ret ERRNO(1)
 006d: 15 00 01 000000d1   jeq io_submit 006e (false 006f)
 006e: 06 00 00 00050001   ret ERRNO(1)
 006f: 15 00 01 000000d2   jeq io_cancel 0070 (false 0071)
 0070: 06 00 00 00050001   ret ERRNO(1)
 0071: 15 00 01 000000d8   jeq remap_file_pages 0072 (false 0073)
 0072: 06 00 00 00050001   ret ERRNO(1)
 0073: 15 00 01 00000143   jeq userfaultfd 0074 (false 0075)
 0074: 06 00 00 00050001   ret ERRNO(1)
 0075: 15 00 01 000000a3   jeq acct 0076 (false 0077)
 0076: 06 00 00 00050001   ret ERRNO(1)
 0077: 15 00 01 00000141   jeq bpf 0078 (false 0079)
 0078: 06 00 00 00050001   ret ERRNO(1)
 0079: 15 00 01 000000b4   jeq nfsservctl 007a (false 007b)
 007a: 06 00 00 00050001   ret ERRNO(1)
 007b: 15 00 01 000000ab   jeq setdomainname 007c (false 007d)
 007c: 06 00 00 00050001   ret ERRNO(1)
 007d: 15 00 01 000000aa   jeq sethostname 007e (false 007f)
 007e: 06 00 00 00050001   ret ERRNO(1)
 007f: 15 00 01 00000099   jeq vhangup 0080 (false 0081)
 0080: 06 00 00 00050001   ret ERRNO(1)
 0081: 15 00 01 00000065   jeq ptrace 0082 (false 0083)
 0082: 06 00 00 00050001   ret ERRNO(1)
 0083: 15 00 01 00000087   jeq personality 0084 (false 0085)
 0084: 06 00 00 00050001   ret ERRNO(1)
 0085: 15 00 01 00000136   jeq process_vm_readv 0086 (false 0087)
 0086: 06 00 00 00050001   ret ERRNO(1)
 0087: 06 00 00 7fff0000   ret ALLOW
seccomp filter configured
Mounting read-only /run/firejail/mnt/seccomp
2226 445 0:163 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755,inode64
mountid=2226 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs
Seccomp directory:
ls /run/firejail/mnt/seccomp
drwxr-xr-x root     root             160 .
drwxr-xr-x root     root             400 ..
-rw-r--r-- [REDACTED]   [REDACTED]          1088 seccomp
-rw-r--r-- [REDACTED]   [REDACTED]           808 seccomp.32
-rw-r--r-- [REDACTED]   [REDACTED]           114 seccomp.list
-rw-r--r-- [REDACTED]   [REDACTED]             0 seccomp.postexec
-rw-r--r-- [REDACTED]   [REDACTED]             0 seccomp.postexec32
-rw-r--r-- [REDACTED]   [REDACTED]           176 seccomp.protocol
Active seccomp files:
cat /run/firejail/mnt/seccomp/seccomp.list
/run/firejail/mnt/seccomp/seccomp.protocol
/run/firejail/mnt/seccomp/seccomp.32
/run/firejail/mnt/seccomp/seccomp
Dropping all capabilities
noroot user namespace installed
Dropping all capabilities
NO_NEW_PRIVS set
Drop privileges: pid 1, uid 1000, gid 1000, nogroups 1
No supplementary groups
Warning: Cannot confine the application using AppArmor.
Maybe firejail-default AppArmor profile is not loaded into the kernel.
As root, run "aa-enforce firejail-default" to load it.
starting application
LD_PRELOAD=(null)
execvp argument 0: firefox-developer-edition
Child process initialized in 122.84 ms
Searching $PATH for firefox-developer-edition
trying #/home/[REDACTED]/.opam/easycrypt/bin/firefox-developer-edition#
trying #/home/[REDACTED]/.opam/easycrypt/bin/firefox-developer-edition#
trying #/home/[REDACTED]/.opam/easycrypt/bin/firefox-developer-edition#
trying #/usr/local/sbin/firefox-developer-edition#
trying #/usr/local/bin/firefox-developer-edition#
Installing /run/firejail/mnt/seccomp/seccomp seccomp filter
Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter
Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter
Warning: an existing sandbox was detected. /usr/bin/firefox-developer-edition will run without any additional sandboxing features
monitoring pid 10

Sandbox monitor: waitpid 10 retval 10 status 0
Sandbox monitor: monitoring 13
monitoring pid 13

Sandbox monitor: waitpid 13 retval 13 status 0

Parent is shutting down, bye...

Originally created by @OrfeasLitos on GitHub (Dec 7, 2020). Original GitHub issue: https://github.com/netblue30/firejail/issues/3796 Write clear, concise and in textual form. **Bug and expected behavior** - Describe the bug. Firefox has no access to the YubiKey - What did you expect to happen? Firefox should accept input from and send output to the YubiKey **No profile and disabling firejail** - What changed calling `firejail --noprofile /path/to/program` in a terminal? No change - What changed calling the program by path (check `which <program>` or `firejail --list` while the sandbox is running)? No change **Reproduce** Steps to reproduce the behavior: 1. Run in bash `firejail firefox-developer-edition` 2. visit https://demo.yubico.com/webauthn-technical/registration 3. Click on 'NEXT' 4. Click on 'Proceed' 5. Follow on-screen instructions (i.e. Insert and tap YubiKey) **Environment** - Linux distribution and version (ie output of `lsb_release -a`, `screenfetch` or `cat /etc/os-release`) Arch Linux, x86_64 Linux 5.9.11-arch2-1 - Firejail version (output of `firejail --version`) exclusive or used git commit (`git rev-parse HEAD`) firejail version 0.9.64 **Additional context** I've tried `ignore private-dev` as per #1381 to no avail **Checklist** - [x] The upstream profile (and redirect profile if exists) have no changes fixing it. - [x] The program has a profile. (If not, request one in `https://github.com/netblue30/firejail/issues/1139`) - [ ] Programs needed for interaction are listed in the profile. probably not applicable - [x] A short search for duplicates was performed. - [x] If it is a AppImage, `--profile=PROFILENAME` is used to set the right profile. - [x] Used `LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 PROGRAM` to get english error-messages. <details><summary> debug output </summary> ``` Autoselecting /bin/zsh as shell Building quoted command line: 'firefox-developer-edition' Command name #firefox-developer-edition# Found firefox-developer-edition.profile profile in /etc/firejail directory Reading profile /etc/firejail/firefox-developer-edition.profile Found firefox.profile profile in /etc/firejail directory Reading profile /etc/firejail/firefox.profile Found firefox.local profile in /home/[REDACTED]/.config/firejail directory Found whitelist-usr-share-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-usr-share-common.inc Found firefox-common.profile profile in /etc/firejail directory Reading profile /etc/firejail/firefox-common.profile Found disable-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-common.inc Found disable-devel.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-devel.inc Found disable-exec.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-exec.inc Found disable-interpreters.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-interpreters.inc Found disable-programs.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-programs.inc Found whitelist-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-common.inc Found whitelist-var-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-var-common.inc conditional BROWSER_DISABLE_U2F, nou2f conditional BROWSER_DISABLE_U2F, private-dev Seccomp list in: !chroot, check list: @default-keep, prelist: unknown, DISPLAY=:0 parsed as 0 Warning: /usr/bin/xdg-dbus-proxy was not found, downgrading dbus-user policy to allow. To enable DBus filtering, install the xdg-dbus-proxy program. Ignoring "dbus-user.own org.mozilla.firefox.*" and 1 other dbus-user filter rule. Using the local network stack Parent pid 3090, child pid 3091 Initializing child process Host network configured PID namespace installed Mounting tmpfs on /run/firejail/mnt directory Creating empty /run/firejail/mnt/seccomp directory Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file Build protocol filter: unix,inet,inet6,netlink sbox run: /run/firejail/lib/fseccomp protocol build unix,inet,inet6,netlink /run/firejail/mnt/seccomp/seccomp.protocol Dropping all capabilities Drop privileges: pid 2, uid 1000, gid 1000, nogroups 1 No supplementary groups Mounting /proc filesystem representing the PID namespace Basic read-only filesystem: Mounting read-only /etc 448 405 254:3 /etc /etc ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix mountid=448 fsname=/etc dir=/etc fstype=f2fs Mounting noexec /etc 449 448 254:3 /etc /etc ro,nosuid,nodev,noexec,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix mountid=449 fsname=/etc dir=/etc fstype=f2fs Mounting read-only /var 450 442 0:50 / /var ro,relatime master:72 - btrfs /dev/mapper/cryptvar rw,space_cache,subvolid=5,subvol=/ mountid=450 fsname=/ dir=/var fstype=btrfs Mounting noexec /var 451 450 0:50 / /var ro,nosuid,nodev,noexec,relatime master:72 - btrfs /dev/mapper/cryptvar rw,space_cache,subvolid=5,subvol=/ mountid=451 fsname=/ dir=/var fstype=btrfs Mounting read-only /usr 452 405 254:3 /usr /usr ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix mountid=452 fsname=/usr dir=/usr fstype=f2fs Mounting tmpfs on /var/lock Mounting tmpfs on /var/tmp Mounting tmpfs on /var/log Create the new utmp file Mount the new utmp file Cleaning /home directory Cleaning /run/user directory Sanitizing /etc/passwd, UID_MIN 1000 Sanitizing /etc/group, GID_MIN 1000 Disable /home/[REDACTED]/.config/firejail Disable /run/firejail/network Disable /run/firejail/bandwidth Disable /run/firejail/name Disable /run/firejail/profile Disable /run/firejail/x11 Mounting tmpfs on /dev mounting /run/firejail/mnt/dev/snd directory mounting /run/firejail/mnt/dev/dri directory mounting /run/firejail/mnt/dev/video0 file mounting /run/firejail/mnt/dev/video1 file Process /dev/shm directory Generate private-tmp whitelist commands Creating empty /run/firejail/mnt/dbus directory Creating empty /run/firejail/mnt/dbus/system file blacklist /run/dbus/system_bus_socket blacklist /run/firejail/dbus Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Mounting read-only /proc/sys Remounting /sys directory Disable /sys/firmware Disable /sys/hypervisor Disable /sys/power Disable /sys/kernel/debug Disable /sys/kernel/vmcoreinfo Disable /proc/sys/fs/binfmt_misc Disable /proc/sys/kernel/core_pattern Disable /proc/sys/kernel/modprobe Disable /proc/sysrq-trigger Disable /proc/sys/vm/panic_on_oom Disable /proc/irq Disable /proc/bus Disable /proc/sched_debug Disable /proc/timer_list Disable /proc/kcore Disable /proc/kallsyms Disable /usr/lib/modules (requested /lib/modules) Disable /boot Disable /run/user/1000/gnupg Disable /run/user/1000/systemd Disable /proc/kmsg Debug 456: new_name #/home/[REDACTED]/.cache/mozilla/firefox#, whitelist Debug 571: fname #/home/[REDACTED]/.cache/mozilla/firefox#, cfg.homedir #/home/[REDACTED]# Replaced whitelist path: whitelist /home/[REDACTED]/.cache/mozilla/firefox Debug 456: new_name #/home/[REDACTED]/.mozilla#, whitelist Debug 571: fname #/home/[REDACTED]/.mozilla#, cfg.homedir #/home/[REDACTED]# Replaced whitelist path: whitelist /home/[REDACTED]/.mozilla Debug 456: new_name #/usr/share/doc#, whitelist Debug 456: new_name #/usr/share/firefox#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/firefox expanded: /usr/share/firefox real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/gtk-doc/html#, whitelist Debug 456: new_name #/usr/share/mozilla#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/mozilla expanded: /usr/share/mozilla real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/webext#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/webext expanded: /usr/share/webext real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/alsa#, whitelist Debug 456: new_name #/usr/share/applications#, whitelist Debug 456: new_name #/usr/share/ca-certificates#, whitelist Debug 456: new_name #/usr/share/crypto-policies#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/crypto-policies expanded: /usr/share/crypto-policies real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/cursors#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/cursors expanded: /usr/share/cursors real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/dconf#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/dconf expanded: /usr/share/dconf real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/distro-info#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/distro-info expanded: /usr/share/distro-info real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/drirc.d#, whitelist Debug 456: new_name #/usr/share/enchant#, whitelist Debug 456: new_name #/usr/share/enchant-2#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/enchant-2 expanded: /usr/share/enchant-2 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/file#, whitelist Debug 456: new_name #/usr/share/fontconfig#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/fontconfig expanded: /usr/share/fontconfig real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/fonts#, whitelist Debug 456: new_name #/usr/share/gir-1.0#, whitelist Debug 456: new_name #/usr/share/gjs-1.0#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/gjs-1.0 expanded: /usr/share/gjs-1.0 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/glib-2.0#, whitelist Debug 456: new_name #/usr/share/glvnd#, whitelist Debug 456: new_name #/usr/share/gtk-2.0#, whitelist Debug 456: new_name #/usr/share/gtk-3.0#, whitelist Debug 456: new_name #/usr/share/gtk-engines#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/gtk-engines expanded: /usr/share/gtk-engines real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/gtksourceview-3.0#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/gtksourceview-3.0 expanded: /usr/share/gtksourceview-3.0 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/gtksourceview-4#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/gtksourceview-4 expanded: /usr/share/gtksourceview-4 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/hunspell#, whitelist Debug 456: new_name #/usr/share/hwdata#, whitelist Debug 456: new_name #/usr/share/icons#, whitelist Debug 456: new_name #/usr/share/icu#, whitelist Debug 456: new_name #/usr/share/knotifications5#, whitelist Debug 456: new_name #/usr/share/kservices5#, whitelist Debug 456: new_name #/usr/share/Kvantum#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/Kvantum expanded: /usr/share/Kvantum real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/kxmlgui5#, whitelist Debug 456: new_name #/usr/share/libdrm#, whitelist Debug 456: new_name #/usr/share/libthai#, whitelist Debug 456: new_name #/usr/share/locale#, whitelist Debug 456: new_name #/usr/share/mime#, whitelist Debug 456: new_name #/usr/share/misc#, whitelist Debug 456: new_name #/usr/share/Modules#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/Modules expanded: /usr/share/Modules real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/myspell#, whitelist Debug 456: new_name #/usr/share/p11-kit#, whitelist Debug 456: new_name #/usr/share/perl#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/perl expanded: /usr/share/perl real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/perl5#, whitelist Debug 456: new_name #/usr/share/pixmaps#, whitelist Debug 456: new_name #/usr/share/pki#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/pki expanded: /usr/share/pki real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/plasma#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/plasma expanded: /usr/share/plasma real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/publicsuffix#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/publicsuffix expanded: /usr/share/publicsuffix real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/qt#, whitelist Debug 456: new_name #/usr/share/qt4#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/qt4 expanded: /usr/share/qt4 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/qt5#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/qt5 expanded: /usr/share/qt5 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/qt5ct#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/qt5ct expanded: /usr/share/qt5ct real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/sounds#, whitelist Debug 456: new_name #/usr/share/tcl8.6#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/tcl8.6 expanded: /usr/share/tcl8.6 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/tcltk#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/tcltk expanded: /usr/share/tcltk real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/terminfo#, whitelist Debug 456: new_name #/usr/share/texlive#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/texlive expanded: /usr/share/texlive real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/texmf#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/texmf expanded: /usr/share/texmf real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/themes#, whitelist Debug 456: new_name #/usr/share/thumbnail.so#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/thumbnail.so expanded: /usr/share/thumbnail.so real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/X11#, whitelist Debug 456: new_name #/usr/share/xml#, whitelist Debug 456: new_name #/usr/share/zoneinfo#, whitelist Directory ${DOWNLOADS} resolved as Downloads Debug 456: new_name #/home/[REDACTED]/Downloads#, whitelist Debug 571: fname #/home/[REDACTED]/Downloads#, cfg.homedir #/home/[REDACTED]# Replaced whitelist path: whitelist /home/[REDACTED]/Downloads Debug 456: new_name #/home/[REDACTED]/.pki#, whitelist Debug 571: fname #/home/[REDACTED]/.pki#, cfg.homedir #/home/[REDACTED]# Replaced whitelist path: whitelist /home/[REDACTED]/.pki Debug 456: new_name #/home/[REDACTED]/.local/share/pki#, whitelist Debug 571: fname #/home/[REDACTED]/.local/share/pki#, cfg.homedir #/home/[REDACTED]# Replaced whitelist path: whitelist /home/[REDACTED]/.local/share/pki Debug 456: new_name #/home/[REDACTED]/.XCompose#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.XCompose expanded: /home/[REDACTED]/.XCompose real path: (null) realpath: No such file or directory Debug 456: new_name #/home/[REDACTED]/.asoundrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.asoundrc expanded: /home/[REDACTED]/.asoundrc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/[REDACTED]/.config/ibus#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/ibus expanded: /home/[REDACTED]/.config/ibus real path: (null) realpath: No such file or directory Debug 456: new_name #/home/[REDACTED]/.config/mimeapps.list#, whitelist Debug 571: fname #/home/[REDACTED]/.config/mimeapps.list#, cfg.homedir #/home/[REDACTED]# Replaced whitelist path: whitelist /home/[REDACTED]/.config/mimeapps.list Debug 456: new_name #/home/[REDACTED]/.config/pkcs11#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/pkcs11 expanded: /home/[REDACTED]/.config/pkcs11 real path: (null) realpath: No such file or directory Debug 456: new_name #/home/[REDACTED]/.config/user-dirs.dirs#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/user-dirs.dirs expanded: /home/[REDACTED]/.config/user-dirs.dirs real path: (null) realpath: No such file or directory Debug 456: new_name #/home/[REDACTED]/.config/user-dirs.locale#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/user-dirs.locale expanded: /home/[REDACTED]/.config/user-dirs.locale real path: (null) realpath: No such file or directory Debug 456: new_name #/home/[REDACTED]/.drirc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.drirc expanded: /home/[REDACTED]/.drirc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/[REDACTED]/.icons#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.icons expanded: /home/[REDACTED]/.icons real path: (null) realpath: No such file or directory Debug 456: new_name #/home/[REDACTED]/.local/share/applications#, whitelist Debug 571: fname #/home/[REDACTED]/.local/share/applications#, cfg.homedir #/home/[REDACTED]# Replaced whitelist path: whitelist /home/[REDACTED]/.local/share/applications Debug 456: new_name #/home/[REDACTED]/.local/share/icons#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/icons expanded: /home/[REDACTED]/.local/share/icons real path: (null) realpath: No such file or directory Debug 456: new_name #/home/[REDACTED]/.local/share/mime#, whitelist Debug 571: fname #/home/[REDACTED]/.local/share/mime#, cfg.homedir #/home/[REDACTED]# Replaced whitelist path: whitelist /home/[REDACTED]/.local/share/mime Debug 456: new_name #/home/[REDACTED]/.mime.types#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.mime.types expanded: /home/[REDACTED]/.mime.types real path: (null) realpath: No such file or directory Debug 456: new_name #/home/[REDACTED]/.uim.d#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.uim.d expanded: /home/[REDACTED]/.uim.d real path: (null) realpath: No such file or directory Debug 456: new_name #/home/[REDACTED]/.config/dconf#, whitelist Debug 571: fname #/home/[REDACTED]/.config/dconf#, cfg.homedir #/home/[REDACTED]# Replaced whitelist path: whitelist /home/[REDACTED]/.config/dconf Debug 456: new_name #/home/[REDACTED]/.cache/fontconfig#, whitelist Debug 571: fname #/home/[REDACTED]/.cache/fontconfig#, cfg.homedir #/home/[REDACTED]# Replaced whitelist path: whitelist /home/[REDACTED]/.cache/fontconfig Debug 456: new_name #/home/[REDACTED]/.config/fontconfig#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/fontconfig expanded: /home/[REDACTED]/.config/fontconfig real path: (null) realpath: No such file or directory Debug 456: new_name #/home/[REDACTED]/.fontconfig#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fontconfig expanded: /home/[REDACTED]/.fontconfig real path: (null) realpath: No such file or directory Debug 456: new_name #/home/[REDACTED]/.fonts#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts expanded: /home/[REDACTED]/.fonts real path: (null) realpath: No such file or directory Debug 456: new_name #/home/[REDACTED]/.fonts.conf#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf expanded: /home/[REDACTED]/.fonts.conf real path: (null) realpath: No such file or directory Debug 456: new_name #/home/[REDACTED]/.fonts.conf.d#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf.d expanded: /home/[REDACTED]/.fonts.conf.d real path: (null) realpath: No such file or directory Debug 456: new_name #/home/[REDACTED]/.fonts.d#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.d expanded: /home/[REDACTED]/.fonts.d real path: (null) realpath: No such file or directory Debug 456: new_name #/home/[REDACTED]/.local/share/fonts#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/fonts expanded: /home/[REDACTED]/.local/share/fonts real path: (null) realpath: No such file or directory Debug 456: new_name #/home/[REDACTED]/.pangorc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.pangorc expanded: /home/[REDACTED]/.pangorc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/[REDACTED]/.config/gtk-2.0#, whitelist Debug 571: fname #/home/[REDACTED]/.config/gtk-2.0#, cfg.homedir #/home/[REDACTED]# Replaced whitelist path: whitelist /home/[REDACTED]/.config/gtk-2.0 Debug 456: new_name #/home/[REDACTED]/.config/gtk-3.0#, whitelist Debug 571: fname #/home/[REDACTED]/.config/gtk-3.0#, cfg.homedir #/home/[REDACTED]# Replaced whitelist path: whitelist /home/[REDACTED]/.config/gtk-3.0 Debug 456: new_name #/home/[REDACTED]/.config/gtk-4.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtk-4.0 expanded: /home/[REDACTED]/.config/gtk-4.0 real path: (null) realpath: No such file or directory Debug 456: new_name #/home/[REDACTED]/.config/gtkrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc expanded: /home/[REDACTED]/.config/gtkrc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/[REDACTED]/.config/gtkrc-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc-2.0 expanded: /home/[REDACTED]/.config/gtkrc-2.0 real path: (null) realpath: No such file or directory Debug 456: new_name #/home/[REDACTED]/.gnome2#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2 expanded: /home/[REDACTED]/.gnome2 real path: (null) realpath: No such file or directory Debug 456: new_name #/home/[REDACTED]/.gnome2-private#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2-private expanded: /home/[REDACTED]/.gnome2-private real path: (null) realpath: No such file or directory Debug 456: new_name #/home/[REDACTED]/.gtk-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtk-2.0 expanded: /home/[REDACTED]/.gtk-2.0 real path: (null) realpath: No such file or directory Debug 456: new_name #/home/[REDACTED]/.gtkrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtkrc expanded: /home/[REDACTED]/.gtkrc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/[REDACTED]/.gtkrc-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtkrc-2.0 expanded: /home/[REDACTED]/.gtkrc-2.0 real path: (null) realpath: No such file or directory Debug 456: new_name #/home/[REDACTED]/.kde/share/config/gtkrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc expanded: /home/[REDACTED]/.kde/share/config/gtkrc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/[REDACTED]/.kde/share/config/gtkrc-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc-2.0 expanded: /home/[REDACTED]/.kde/share/config/gtkrc-2.0 real path: (null) realpath: No such file or directory Debug 456: new_name #/home/[REDACTED]/.kde4/share/config/gtkrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc expanded: /home/[REDACTED]/.kde4/share/config/gtkrc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/[REDACTED]/.kde4/share/config/gtkrc-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc-2.0 expanded: /home/[REDACTED]/.kde4/share/config/gtkrc-2.0 real path: (null) realpath: No such file or directory Debug 456: new_name #/home/[REDACTED]/.local/share/themes#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/themes expanded: /home/[REDACTED]/.local/share/themes real path: (null) realpath: No such file or directory Debug 456: new_name #/home/[REDACTED]/.themes#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.themes expanded: /home/[REDACTED]/.themes real path: (null) realpath: No such file or directory Debug 456: new_name #/home/[REDACTED]/.cache/kioexec/krun#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.cache/kioexec/krun expanded: /home/[REDACTED]/.cache/kioexec/krun real path: (null) realpath: No such file or directory Debug 456: new_name #/home/[REDACTED]/.config/Kvantum#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/Kvantum expanded: /home/[REDACTED]/.config/Kvantum real path: (null) realpath: No such file or directory Debug 456: new_name #/home/[REDACTED]/.config/Trolltech.conf#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/Trolltech.conf expanded: /home/[REDACTED]/.config/Trolltech.conf real path: (null) realpath: No such file or directory Debug 456: new_name #/home/[REDACTED]/.config/kdeglobals#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kdeglobals expanded: /home/[REDACTED]/.config/kdeglobals real path: (null) realpath: No such file or directory Debug 456: new_name #/home/[REDACTED]/.config/kio_httprc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kio_httprc expanded: /home/[REDACTED]/.config/kio_httprc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/[REDACTED]/.config/kioslaverc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kioslaverc expanded: /home/[REDACTED]/.config/kioslaverc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/[REDACTED]/.config/ksslcablacklist#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/ksslcablacklist expanded: /home/[REDACTED]/.config/ksslcablacklist real path: (null) realpath: No such file or directory Debug 456: new_name #/home/[REDACTED]/.config/qt5ct#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/qt5ct expanded: /home/[REDACTED]/.config/qt5ct real path: (null) realpath: No such file or directory Debug 456: new_name #/home/[REDACTED]/.kde/share/config/kdeglobals#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kdeglobals expanded: /home/[REDACTED]/.kde/share/config/kdeglobals real path: (null) realpath: No such file or directory Debug 456: new_name #/home/[REDACTED]/.kde/share/config/kio_httprc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kio_httprc expanded: /home/[REDACTED]/.kde/share/config/kio_httprc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/[REDACTED]/.kde/share/config/kioslaverc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kioslaverc expanded: /home/[REDACTED]/.kde/share/config/kioslaverc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/[REDACTED]/.kde/share/config/ksslcablacklist#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/ksslcablacklist expanded: /home/[REDACTED]/.kde/share/config/ksslcablacklist real path: (null) realpath: No such file or directory Debug 456: new_name #/home/[REDACTED]/.kde/share/config/oxygenrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/oxygenrc expanded: /home/[REDACTED]/.kde/share/config/oxygenrc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/[REDACTED]/.kde/share/icons#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/icons expanded: /home/[REDACTED]/.kde/share/icons real path: (null) realpath: No such file or directory Debug 456: new_name #/home/[REDACTED]/.kde4/share/config/kdeglobals#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kdeglobals expanded: /home/[REDACTED]/.kde4/share/config/kdeglobals real path: (null) realpath: No such file or directory Debug 456: new_name #/home/[REDACTED]/.kde4/share/config/kio_httprc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kio_httprc expanded: /home/[REDACTED]/.kde4/share/config/kio_httprc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/[REDACTED]/.kde4/share/config/kioslaverc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kioslaverc expanded: /home/[REDACTED]/.kde4/share/config/kioslaverc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/[REDACTED]/.kde4/share/config/ksslcablacklist#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/ksslcablacklist expanded: /home/[REDACTED]/.kde4/share/config/ksslcablacklist real path: (null) realpath: No such file or directory Debug 456: new_name #/home/[REDACTED]/.kde4/share/config/oxygenrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/oxygenrc expanded: /home/[REDACTED]/.kde4/share/config/oxygenrc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/[REDACTED]/.kde4/share/icons#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/icons expanded: /home/[REDACTED]/.kde4/share/icons real path: (null) realpath: No such file or directory Debug 456: new_name #/home/[REDACTED]/.local/share/qt5ct#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/qt5ct expanded: /home/[REDACTED]/.local/share/qt5ct real path: (null) realpath: No such file or directory Debug 456: new_name #/var/lib/ca-certificates#, whitelist Removed whitelist/nowhitelist path: whitelist /var/lib/ca-certificates expanded: /var/lib/ca-certificates real path: (null) realpath: No such file or directory Debug 456: new_name #/var/lib/dbus#, whitelist Debug 456: new_name #/var/lib/menu-xdg#, whitelist Removed whitelist/nowhitelist path: whitelist /var/lib/menu-xdg expanded: /var/lib/menu-xdg real path: (null) realpath: No such file or directory Debug 456: new_name #/var/lib/uim#, whitelist Removed whitelist/nowhitelist path: whitelist /var/lib/uim expanded: /var/lib/uim real path: (null) realpath: No such file or directory Debug 456: new_name #/var/cache/fontconfig#, whitelist Debug 456: new_name #/var/tmp#, whitelist Debug 456: new_name #/var/run#, whitelist Replaced whitelist path: whitelist /run Debug 456: new_name #/var/lock#, whitelist Replaced whitelist path: whitelist /run/lock Debug 456: new_name #/tmp/.X11-unix#, whitelist Mounting tmpfs on /tmp directory Mounting tmpfs on /var directory Mounting tmpfs on /usr/share directory Mounting a new /root directory Mounting a new /home directory Create a new user directory Drop privileges: pid 3, uid 1000, gid 1000, nogroups 0 Supplementary groups: 986 Whitelisting /home/[REDACTED]/.cache/mozilla/firefox 1997 680 0:49 /[REDACTED]/.cache/mozilla/firefox /home/[REDACTED]/.cache/mozilla/firefox rw,relatime master:74 - btrfs /dev/mapper/crypthome rw,space_cache,subvolid=5,subvol=/ mountid=1997 fsname=/[REDACTED]/.cache/mozilla/firefox dir=/home/[REDACTED]/.cache/mozilla/firefox fstype=btrfs Whitelisting /home/[REDACTED]/.mozilla 1998 680 0:49 /[REDACTED]/.mozilla /home/[REDACTED]/.mozilla rw,relatime master:74 - btrfs /dev/mapper/crypthome rw,space_cache,subvolid=5,subvol=/ mountid=1998 fsname=/[REDACTED]/.mozilla dir=/home/[REDACTED]/.mozilla fstype=btrfs Whitelisting /usr/share/doc 1999 628 254:3 /usr/share/doc /usr/share/doc ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix mountid=1999 fsname=/usr/share/doc dir=/usr/share/doc fstype=f2fs Whitelisting /usr/share/gtk-doc/html 2000 628 254:3 /usr/share/gtk-doc/html /usr/share/gtk-doc/html ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix mountid=2000 fsname=/usr/share/gtk-doc/html dir=/usr/share/gtk-doc/html fstype=f2fs Whitelisting /usr/share/alsa 2001 628 254:3 /usr/share/alsa /usr/share/alsa ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix mountid=2001 fsname=/usr/share/alsa dir=/usr/share/alsa fstype=f2fs Whitelisting /usr/share/applications 2002 628 254:3 /usr/share/applications /usr/share/applications ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix mountid=2002 fsname=/usr/share/applications dir=/usr/share/applications fstype=f2fs Whitelisting /usr/share/ca-certificates 2003 628 254:3 /usr/share/ca-certificates /usr/share/ca-certificates ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix mountid=2003 fsname=/usr/share/ca-certificates dir=/usr/share/ca-certificates fstype=f2fs Whitelisting /usr/share/drirc.d 2004 628 254:3 /usr/share/drirc.d /usr/share/drirc.d ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix mountid=2004 fsname=/usr/share/drirc.d dir=/usr/share/drirc.d fstype=f2fs Whitelisting /usr/share/enchant 2005 628 254:3 /usr/share/enchant /usr/share/enchant ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix mountid=2005 fsname=/usr/share/enchant dir=/usr/share/enchant fstype=f2fs Whitelisting /usr/share/file 2006 628 254:3 /usr/share/file /usr/share/file ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix mountid=2006 fsname=/usr/share/file dir=/usr/share/file fstype=f2fs Whitelisting /usr/share/fonts 2007 628 254:3 /usr/share/fonts /usr/share/fonts ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix mountid=2007 fsname=/usr/share/fonts dir=/usr/share/fonts fstype=f2fs Whitelisting /usr/share/gir-1.0 2008 628 254:3 /usr/share/gir-1.0 /usr/share/gir-1.0 ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix mountid=2008 fsname=/usr/share/gir-1.0 dir=/usr/share/gir-1.0 fstype=f2fs Whitelisting /usr/share/glib-2.0 2009 628 254:3 /usr/share/glib-2.0 /usr/share/glib-2.0 ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix mountid=2009 fsname=/usr/share/glib-2.0 dir=/usr/share/glib-2.0 fstype=f2fs Whitelisting /usr/share/glvnd 2010 628 254:3 /usr/share/glvnd /usr/share/glvnd ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix mountid=2010 fsname=/usr/share/glvnd dir=/usr/share/glvnd fstype=f2fs Whitelisting /usr/share/gtk-2.0 2011 628 254:3 /usr/share/gtk-2.0 /usr/share/gtk-2.0 ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix mountid=2011 fsname=/usr/share/gtk-2.0 dir=/usr/share/gtk-2.0 fstype=f2fs Whitelisting /usr/share/gtk-3.0 2012 628 254:3 /usr/share/gtk-3.0 /usr/share/gtk-3.0 ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix mountid=2012 fsname=/usr/share/gtk-3.0 dir=/usr/share/gtk-3.0 fstype=f2fs Whitelisting /usr/share/hunspell 2013 628 254:3 /usr/share/hunspell /usr/share/hunspell ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix mountid=2013 fsname=/usr/share/hunspell dir=/usr/share/hunspell fstype=f2fs Whitelisting /usr/share/hwdata 2014 628 254:3 /usr/share/hwdata /usr/share/hwdata ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix mountid=2014 fsname=/usr/share/hwdata dir=/usr/share/hwdata fstype=f2fs Whitelisting /usr/share/icons 2015 628 254:3 /usr/share/icons /usr/share/icons ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix mountid=2015 fsname=/usr/share/icons dir=/usr/share/icons fstype=f2fs Whitelisting /usr/share/icu 2016 628 254:3 /usr/share/icu /usr/share/icu ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix mountid=2016 fsname=/usr/share/icu dir=/usr/share/icu fstype=f2fs Whitelisting /usr/share/knotifications5 2017 628 254:3 /usr/share/knotifications5 /usr/share/knotifications5 ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix mountid=2017 fsname=/usr/share/knotifications5 dir=/usr/share/knotifications5 fstype=f2fs Whitelisting /usr/share/kservices5 2018 628 254:3 /usr/share/kservices5 /usr/share/kservices5 ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix mountid=2018 fsname=/usr/share/kservices5 dir=/usr/share/kservices5 fstype=f2fs Whitelisting /usr/share/kxmlgui5 2019 628 254:3 /usr/share/kxmlgui5 /usr/share/kxmlgui5 ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix mountid=2019 fsname=/usr/share/kxmlgui5 dir=/usr/share/kxmlgui5 fstype=f2fs Whitelisting /usr/share/libdrm 2020 628 254:3 /usr/share/libdrm /usr/share/libdrm ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix mountid=2020 fsname=/usr/share/libdrm dir=/usr/share/libdrm fstype=f2fs Whitelisting /usr/share/libthai 2021 628 254:3 /usr/share/libthai /usr/share/libthai ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix mountid=2021 fsname=/usr/share/libthai dir=/usr/share/libthai fstype=f2fs Whitelisting /usr/share/locale 2022 628 254:3 /usr/share/locale /usr/share/locale ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix mountid=2022 fsname=/usr/share/locale dir=/usr/share/locale fstype=f2fs Whitelisting /usr/share/mime 2023 628 254:3 /usr/share/mime /usr/share/mime ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix mountid=2023 fsname=/usr/share/mime dir=/usr/share/mime fstype=f2fs Whitelisting /usr/share/misc 2024 628 254:3 /usr/share/misc /usr/share/misc ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix mountid=2024 fsname=/usr/share/misc dir=/usr/share/misc fstype=f2fs Whitelisting /usr/share/myspell 2025 628 254:3 /usr/share/myspell /usr/share/myspell ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix mountid=2025 fsname=/usr/share/myspell dir=/usr/share/myspell fstype=f2fs Whitelisting /usr/share/p11-kit 2026 628 254:3 /usr/share/p11-kit /usr/share/p11-kit ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix mountid=2026 fsname=/usr/share/p11-kit dir=/usr/share/p11-kit fstype=f2fs Whitelisting /usr/share/perl5 2027 628 254:3 /usr/share/perl5 /usr/share/perl5 ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix mountid=2027 fsname=/usr/share/perl5 dir=/usr/share/perl5 fstype=f2fs Whitelisting /usr/share/pixmaps 2028 628 254:3 /usr/share/pixmaps /usr/share/pixmaps ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix mountid=2028 fsname=/usr/share/pixmaps dir=/usr/share/pixmaps fstype=f2fs Whitelisting /usr/share/qt 2029 628 254:3 /usr/share/qt /usr/share/qt ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix mountid=2029 fsname=/usr/share/qt dir=/usr/share/qt fstype=f2fs Whitelisting /usr/share/sounds 2030 628 254:3 /usr/share/sounds /usr/share/sounds ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix mountid=2030 fsname=/usr/share/sounds dir=/usr/share/sounds fstype=f2fs Whitelisting /usr/share/terminfo 2031 628 254:3 /usr/share/terminfo /usr/share/terminfo ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix mountid=2031 fsname=/usr/share/terminfo dir=/usr/share/terminfo fstype=f2fs Whitelisting /usr/share/themes 2032 628 254:3 /usr/share/themes /usr/share/themes ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix mountid=2032 fsname=/usr/share/themes dir=/usr/share/themes fstype=f2fs Whitelisting /usr/share/X11 2033 628 254:3 /usr/share/X11 /usr/share/X11 ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix mountid=2033 fsname=/usr/share/X11 dir=/usr/share/X11 fstype=f2fs Whitelisting /usr/share/xml 2034 628 254:3 /usr/share/xml /usr/share/xml ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix mountid=2034 fsname=/usr/share/xml dir=/usr/share/xml fstype=f2fs Whitelisting /usr/share/zoneinfo 2035 628 254:3 /usr/share/zoneinfo /usr/share/zoneinfo ro,relatime master:1 - f2fs /dev/mapper/cryptroot rw,lazytime,background_gc=on,discard,no_heap,user_xattr,inline_xattr,acl,inline_data,inline_dentry,flush_merge,extent_cache,mode=adaptive,active_logs=6,alloc_mode=default,fsync_mode=posix mountid=2035 fsname=/usr/share/zoneinfo dir=/usr/share/zoneinfo fstype=f2fs Whitelisting /home/[REDACTED]/Downloads 2036 680 0:49 /[REDACTED]/Downloads /home/[REDACTED]/Downloads rw,relatime master:74 - btrfs /dev/mapper/crypthome rw,space_cache,subvolid=5,subvol=/ mountid=2036 fsname=/[REDACTED]/Downloads dir=/home/[REDACTED]/Downloads fstype=btrfs Whitelisting /home/[REDACTED]/.pki 2037 680 0:49 /[REDACTED]/.pki /home/[REDACTED]/.pki rw,relatime master:74 - btrfs /dev/mapper/crypthome rw,space_cache,subvolid=5,subvol=/ mountid=2037 fsname=/[REDACTED]/.pki dir=/home/[REDACTED]/.pki fstype=btrfs Whitelisting /home/[REDACTED]/.local/share/pki 2038 680 0:49 /[REDACTED]/.local/share/pki /home/[REDACTED]/.local/share/pki rw,relatime master:74 - btrfs /dev/mapper/crypthome rw,space_cache,subvolid=5,subvol=/ mountid=2038 fsname=/[REDACTED]/.local/share/pki dir=/home/[REDACTED]/.local/share/pki fstype=btrfs Whitelisting /home/[REDACTED]/.config/mimeapps.list 2039 680 0:49 /[REDACTED]/.config/mimeapps.list /home/[REDACTED]/.config/mimeapps.list rw,relatime master:74 - btrfs /dev/mapper/crypthome rw,space_cache,subvolid=5,subvol=/ mountid=2039 fsname=/[REDACTED]/.config/mimeapps.list dir=/home/[REDACTED]/.config/mimeapps.list fstype=btrfs Whitelisting /home/[REDACTED]/.local/share/applications 2040 680 0:49 /[REDACTED]/.local/share/applications /home/[REDACTED]/.local/share/applications rw,relatime master:74 - btrfs /dev/mapper/crypthome rw,space_cache,subvolid=5,subvol=/ mountid=2040 fsname=/[REDACTED]/.local/share/applications dir=/home/[REDACTED]/.local/share/applications fstype=btrfs Whitelisting /home/[REDACTED]/.local/share/mime 2041 680 0:49 /[REDACTED]/.local/share/mime /home/[REDACTED]/.local/share/mime rw,relatime master:74 - btrfs /dev/mapper/crypthome rw,space_cache,subvolid=5,subvol=/ mountid=2041 fsname=/[REDACTED]/.local/share/mime dir=/home/[REDACTED]/.local/share/mime fstype=btrfs Whitelisting /home/[REDACTED]/.config/dconf 2042 680 0:49 /[REDACTED]/.config/dconf /home/[REDACTED]/.config/dconf rw,relatime master:74 - btrfs /dev/mapper/crypthome rw,space_cache,subvolid=5,subvol=/ mountid=2042 fsname=/[REDACTED]/.config/dconf dir=/home/[REDACTED]/.config/dconf fstype=btrfs Whitelisting /home/[REDACTED]/.cache/fontconfig 2043 680 0:49 /[REDACTED]/.cache/fontconfig /home/[REDACTED]/.cache/fontconfig rw,relatime master:74 - btrfs /dev/mapper/crypthome rw,space_cache,subvolid=5,subvol=/ mountid=2043 fsname=/[REDACTED]/.cache/fontconfig dir=/home/[REDACTED]/.cache/fontconfig fstype=btrfs Whitelisting /home/[REDACTED]/.config/gtk-2.0 2044 680 0:49 /[REDACTED]/.config/gtk-2.0 /home/[REDACTED]/.config/gtk-2.0 rw,relatime master:74 - btrfs /dev/mapper/crypthome rw,space_cache,subvolid=5,subvol=/ mountid=2044 fsname=/[REDACTED]/.config/gtk-2.0 dir=/home/[REDACTED]/.config/gtk-2.0 fstype=btrfs Whitelisting /home/[REDACTED]/.config/gtk-3.0 2045 680 0:49 /[REDACTED]/.config/gtk-3.0 /home/[REDACTED]/.config/gtk-3.0 rw,relatime master:74 - btrfs /dev/mapper/crypthome rw,space_cache,subvolid=5,subvol=/ mountid=2045 fsname=/[REDACTED]/.config/gtk-3.0 dir=/home/[REDACTED]/.config/gtk-3.0 fstype=btrfs Whitelisting /var/lib/dbus 2046 508 0:50 /lib/dbus /var/lib/dbus ro,nosuid,nodev,noexec,relatime master:72 - btrfs /dev/mapper/cryptvar rw,space_cache,subvolid=5,subvol=/ mountid=2046 fsname=/lib/dbus dir=/var/lib/dbus fstype=btrfs Whitelisting /var/cache/fontconfig 2047 508 0:50 /cache/fontconfig /var/cache/fontconfig ro,nosuid,nodev,noexec,relatime master:72 - btrfs /dev/mapper/cryptvar rw,space_cache,subvolid=5,subvol=/ mountid=2047 fsname=/cache/fontconfig dir=/var/cache/fontconfig fstype=btrfs Whitelisting /var/tmp 2048 508 0:167 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw,inode64 mountid=2048 fsname=/ dir=/var/tmp fstype=tmpfs Created symbolic link /var/run -> /run Created symbolic link /var/lock -> /run/lock Whitelisting /tmp/.X11-unix 2049 493 0:46 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev master:33 - tmpfs tmpfs rw,nr_inodes=409600,inode64 mountid=2049 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Disable /etc/xdg/autostart Mounting read-only /home/[REDACTED]/.config/dconf 2055 2042 0:49 /[REDACTED]/.config/dconf /home/[REDACTED]/.config/dconf ro,relatime master:74 - btrfs /dev/mapper/crypthome rw,space_cache,subvolid=5,subvol=/ mountid=2055 fsname=/[REDACTED]/.config/dconf dir=/home/[REDACTED]/.config/dconf fstype=btrfs Disable /usr/bin/systemd-run Disable /run/user/1000/systemd Disable /etc/profile.d Disable /etc/kernel Disable /etc/grub.d Disable /etc/apparmor Disable /etc/apparmor.d Disable /etc/modules-load.d Disable /etc/logrotate.conf Disable /etc/logrotate.d Mounting read-only /home/[REDACTED]/.bashrc 2066 680 0:179 /[REDACTED]/.bashrc /home/[REDACTED]/.bashrc ro,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64 mountid=2066 fsname=/[REDACTED]/.bashrc dir=/home/[REDACTED]/.bashrc fstype=tmpfs Mounting read-only /home/[REDACTED]/.local/share/applications 2067 2040 0:49 /[REDACTED]/.local/share/applications /home/[REDACTED]/.local/share/applications ro,relatime master:74 - btrfs /dev/mapper/crypthome rw,space_cache,subvolid=5,subvol=/ mountid=2067 fsname=/[REDACTED]/.local/share/applications dir=/home/[REDACTED]/.local/share/applications fstype=btrfs Mounting read-only /home/[REDACTED]/.config/mimeapps.list 2068 2039 0:49 /[REDACTED]/.config/mimeapps.list /home/[REDACTED]/.config/mimeapps.list ro,relatime master:74 - btrfs /dev/mapper/crypthome rw,space_cache,subvolid=5,subvol=/ mountid=2068 fsname=/[REDACTED]/.config/mimeapps.list dir=/home/[REDACTED]/.config/mimeapps.list fstype=btrfs Mounting read-only /home/[REDACTED]/.local/share/mime 2069 2041 0:49 /[REDACTED]/.local/share/mime /home/[REDACTED]/.local/share/mime ro,relatime master:74 - btrfs /dev/mapper/crypthome rw,space_cache,subvolid=5,subvol=/ mountid=2069 fsname=/[REDACTED]/.local/share/mime dir=/home/[REDACTED]/.local/share/mime fstype=btrfs Not blacklist /home/[REDACTED]/.pki Not blacklist /home/[REDACTED]/.local/share/pki Disable /etc/group- Disable /etc/gshadow Disable /etc/gshadow- Disable /etc/passwd- Disable /etc/shadow Disable /etc/shadow- Disable /etc/ssh Warning: /sbin directory link was not blacklisted Disable /usr/local/sbin Warning: /usr/sbin directory link was not blacklisted Disable /usr/bin/chage Disable /usr/bin/chfn Disable /usr/bin/chsh Disable /usr/bin/expiry Disable /usr/bin/fusermount Disable /usr/bin/gpasswd Disable /usr/bin/ksu Disable /usr/bin/mount Disable /usr/bin/nc Disable /usr/bin/newgidmap Disable /usr/bin/newgrp Disable /usr/bin/newuidmap Disable /usr/bin/ntfs-3g Disable /usr/bin/pkexec Disable /usr/bin/sg Disable /usr/bin/su Disable /usr/bin/sudo Disable /usr/bin/umount Disable /usr/bin/unix_chkpwd Disable /usr/lib/virtualbox Disable /usr/lib/virtualbox (requested /usr/lib64/virtualbox) Disable /usr/bin/bwrap Disable /proc/config.gz Disable /usr/bin/resolvectl Disable /run/user/1000/wayland-0.lock Disable /usr/bin/as Disable /usr/bin/gcc (requested /usr/bin/cc) Disable /usr/bin/c++filt Disable /usr/bin/c++ Disable /usr/bin/c89 Disable /usr/bin/c99 Disable /usr/bin/cpp Disable /usr/bin/g++ Disable /usr/bin/gcc-nm Disable /usr/bin/gcc-ar Disable /usr/bin/gcc Disable /usr/bin/gcc-ranlib Disable /usr/bin/ld Disable /usr/bin/x86_64-pc-linux-gnu-gcc-ar Disable /usr/bin/x86_64-pc-linux-gnu-gcc-ranlib Disable /usr/bin/x86_64-pc-linux-gnu-gcc Disable /usr/bin/x86_64-pc-linux-gnu-gcc-nm Disable /usr/bin/x86_64-pc-linux-gnu-gcc-10.2.0 Disable /usr/bin/x86_64-pc-linux-gnu-g++ Disable /usr/bin/x86_64-pc-linux-gnu-gcc-ar Disable /usr/bin/x86_64-pc-linux-gnu-gcc-ranlib Disable /usr/bin/x86_64-pc-linux-gnu-gcc Disable /usr/bin/x86_64-pc-linux-gnu-gcc-nm Disable /usr/bin/x86_64-pc-linux-gnu-gcc-10.2.0 Disable /usr/bin/x86_64-pc-linux-gnu-g++ Disable /usr/lib/jvm/java-14-openjdk/bin/java (requested /usr/bin/java) Disable /usr/lib/jvm/java-14-openjdk/bin/java (requested /usr/lib/jvm/default/bin/java) Disable /usr/lib/jvm/java-14-openjdk/bin/javac (requested /usr/lib/jvm/default/bin/javac) Disable /usr/bin/openssl Disable /usr/bin/openssl-1.0 Disable /usr/bin/rust-gdb Disable /usr/bin/rust-lldb Disable /usr/bin/rustc Disable /usr/src Disable /usr/local/src Disable /usr/include Disable /usr/local/include Mounting noexec /home/[REDACTED]/.cache/mozilla/firefox 2140 1997 0:49 /[REDACTED]/.cache/mozilla/firefox /home/[REDACTED]/.cache/mozilla/firefox rw,nosuid,nodev,noexec,relatime master:74 - btrfs /dev/mapper/crypthome rw,space_cache,subvolid=5,subvol=/ mountid=2140 fsname=/[REDACTED]/.cache/mozilla/firefox dir=/home/[REDACTED]/.cache/mozilla/firefox fstype=btrfs Mounting noexec /home/[REDACTED]/.mozilla 2141 1998 0:49 /[REDACTED]/.mozilla /home/[REDACTED]/.mozilla rw,nosuid,nodev,noexec,relatime master:74 - btrfs /dev/mapper/crypthome rw,space_cache,subvolid=5,subvol=/ mountid=2141 fsname=/[REDACTED]/.mozilla dir=/home/[REDACTED]/.mozilla fstype=btrfs Mounting noexec /home/[REDACTED]/Downloads 2142 2036 0:49 /[REDACTED]/Downloads /home/[REDACTED]/Downloads rw,nosuid,nodev,noexec,relatime master:74 - btrfs /dev/mapper/crypthome rw,space_cache,subvolid=5,subvol=/ mountid=2142 fsname=/[REDACTED]/Downloads dir=/home/[REDACTED]/Downloads fstype=btrfs Mounting noexec /home/[REDACTED]/.pki 2143 2037 0:49 /[REDACTED]/.pki /home/[REDACTED]/.pki rw,nosuid,nodev,noexec,relatime master:74 - btrfs /dev/mapper/crypthome rw,space_cache,subvolid=5,subvol=/ mountid=2143 fsname=/[REDACTED]/.pki dir=/home/[REDACTED]/.pki fstype=btrfs Mounting noexec /home/[REDACTED]/.local/share/pki 2144 2038 0:49 /[REDACTED]/.local/share/pki /home/[REDACTED]/.local/share/pki rw,nosuid,nodev,noexec,relatime master:74 - btrfs /dev/mapper/crypthome rw,space_cache,subvolid=5,subvol=/ mountid=2144 fsname=/[REDACTED]/.local/share/pki dir=/home/[REDACTED]/.local/share/pki fstype=btrfs Mounting noexec /home/[REDACTED]/.config/mimeapps.list 2145 2068 0:49 /[REDACTED]/.config/mimeapps.list /home/[REDACTED]/.config/mimeapps.list ro,nosuid,nodev,noexec,relatime master:74 - btrfs /dev/mapper/crypthome rw,space_cache,subvolid=5,subvol=/ mountid=2145 fsname=/[REDACTED]/.config/mimeapps.list dir=/home/[REDACTED]/.config/mimeapps.list fstype=btrfs Mounting noexec /home/[REDACTED]/.local/share/applications 2146 2067 0:49 /[REDACTED]/.local/share/applications /home/[REDACTED]/.local/share/applications ro,nosuid,nodev,noexec,relatime master:74 - btrfs /dev/mapper/crypthome rw,space_cache,subvolid=5,subvol=/ mountid=2146 fsname=/[REDACTED]/.local/share/applications dir=/home/[REDACTED]/.local/share/applications fstype=btrfs Mounting noexec /home/[REDACTED]/.local/share/mime 2147 2069 0:49 /[REDACTED]/.local/share/mime /home/[REDACTED]/.local/share/mime ro,nosuid,nodev,noexec,relatime master:74 - btrfs /dev/mapper/crypthome rw,space_cache,subvolid=5,subvol=/ mountid=2147 fsname=/[REDACTED]/.local/share/mime dir=/home/[REDACTED]/.local/share/mime fstype=btrfs Mounting noexec /home/[REDACTED]/.config/dconf 2148 2055 0:49 /[REDACTED]/.config/dconf /home/[REDACTED]/.config/dconf ro,nosuid,nodev,noexec,relatime master:74 - btrfs /dev/mapper/crypthome rw,space_cache,subvolid=5,subvol=/ mountid=2148 fsname=/[REDACTED]/.config/dconf dir=/home/[REDACTED]/.config/dconf fstype=btrfs Mounting noexec /home/[REDACTED]/.cache/fontconfig 2149 2043 0:49 /[REDACTED]/.cache/fontconfig /home/[REDACTED]/.cache/fontconfig rw,nosuid,nodev,noexec,relatime master:74 - btrfs /dev/mapper/crypthome rw,space_cache,subvolid=5,subvol=/ mountid=2149 fsname=/[REDACTED]/.cache/fontconfig dir=/home/[REDACTED]/.cache/fontconfig fstype=btrfs Mounting noexec /home/[REDACTED]/.config/gtk-2.0 2150 2044 0:49 /[REDACTED]/.config/gtk-2.0 /home/[REDACTED]/.config/gtk-2.0 rw,nosuid,nodev,noexec,relatime master:74 - btrfs /dev/mapper/crypthome rw,space_cache,subvolid=5,subvol=/ mountid=2150 fsname=/[REDACTED]/.config/gtk-2.0 dir=/home/[REDACTED]/.config/gtk-2.0 fstype=btrfs Mounting noexec /home/[REDACTED]/.config/gtk-3.0 2151 2045 0:49 /[REDACTED]/.config/gtk-3.0 /home/[REDACTED]/.config/gtk-3.0 rw,nosuid,nodev,noexec,relatime master:74 - btrfs /dev/mapper/crypthome rw,space_cache,subvolid=5,subvol=/ mountid=2151 fsname=/[REDACTED]/.config/gtk-3.0 dir=/home/[REDACTED]/.config/gtk-3.0 fstype=btrfs Mounting noexec /run/user/1000 2156 2152 0:25 /firejail/firejail.ro.file /run/user/1000/wayland-0.lock rw,nosuid,nodev master:24 - tmpfs tmpfs rw,size=1190016k,nr_inodes=819200,mode=755,inode64 mountid=2156 fsname=/firejail/firejail.ro.file dir=/run/user/1000/wayland-0.lock fstype=tmpfs Mounting noexec /dev/shm 2157 481 0:173 /shm /dev/shm rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64 mountid=2157 fsname=/shm dir=/dev/shm fstype=tmpfs Mounting noexec /tmp 2159 2158 0:46 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev master:33 - tmpfs tmpfs rw,nr_inodes=409600,inode64 mountid=2159 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Mounting noexec /tmp/.X11-unix 2160 2159 0:46 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev,noexec master:33 - tmpfs tmpfs rw,nr_inodes=409600,inode64 mountid=2160 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Mounting noexec /var 2164 2161 0:167 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw,inode64 mountid=2164 fsname=/ dir=/var/tmp fstype=tmpfs Disable /usr/bin/lua Disable /usr/bin/luahbtex Disable /usr/bin/luahbtex (requested /usr/bin/lualatex) Disable /usr/bin/luatex Disable /usr/bin/luajithbtex Disable /usr/bin/luajittex Disable /usr/bin/luac Disable /usr/bin/luajit-2.0.5 (requested /usr/bin/luajit) Disable /usr/bin/luajit-2.0.5 Disable /usr/bin/lua5.2 Disable /usr/bin/lua (requested /usr/bin/lua5.4) Disable /usr/bin/luac5.2 Disable /usr/bin/luac (requested /usr/bin/luac5.4) Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib/liblua5.2.so.5.2) Disable /usr/lib/libluajit-5.1.so.2.0.5 (requested /usr/lib/libluajit-5.1.so.2) Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib/liblua.so.5.2.4) Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib/liblua5.2.so) Disable /usr/lib/liblua5.2.so.5.2.4 Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib/liblua.so.5.2) Disable /usr/lib/liblua.so.5.4.1 (requested /usr/lib/liblua.so) Disable /usr/lib/libluajit-5.1.so.2.0.5 Disable /usr/lib/liblua.so.5.4.1 (requested /usr/lib/liblua.so.5.4) Disable /usr/lib/liblua.so.5.4.1 Disable /usr/lib/liblua.so.5.4.1 (requested /usr/lib/liblua5.4.so) Disable /usr/lib/libluajit-5.1.so.2.0.5 (requested /usr/lib/libluajit-5.1.so) Disable /usr/lib/lua Disable /usr/lib/libmozjs-78.so (requested /usr/lib64/libmozjs-78.so) Disable /usr/bin/node Disable /usr/bin/core_perl/cpan Disable /usr/bin/core_perl Disable /usr/bin/perl Disable /usr/bin/site_perl Disable /usr/bin/vendor_perl Disable /usr/lib/perl5 Disable /usr/share/perl5 Disable /usr/bin/ruby Disable /usr/lib/ruby Disable /usr/bin/python2.7-config Disable /usr/bin/python2.7-config (requested /usr/bin/python2-config) Disable /usr/bin/python2.7 (requested /usr/bin/python2) Disable /usr/bin/python2.7 Disable /usr/lib/python2.7 Disable /usr/bin/python3.9 (requested /usr/bin/python3) Disable /usr/bin/python3.9 Disable /usr/bin/python3.9-config (requested /usr/bin/python3-config) Disable /usr/bin/python3.9-config Disable /usr/lib/python3.6 Disable /usr/lib/python3.7 Disable /usr/lib/python3.9 Disable /usr/lib/python3.6 (requested /usr/lib64/python3.6) Disable /usr/lib/python3.7 (requested /usr/lib64/python3.7) Disable /usr/lib/python3.9 (requested /usr/lib64/python3.9) Not blacklist /home/[REDACTED]/.mozilla Not blacklist /home/[REDACTED]/.cache/mozilla Mounting read-only /tmp/.X11-unix 2217 2160 0:46 /.X11-unix /tmp/.X11-unix ro,nosuid,nodev,noexec master:33 - tmpfs tmpfs rw,nr_inodes=409600,inode64 mountid=2217 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Disable /sys/fs Disable /sys/module Disable /mnt Disable /run/mount Disable /run/media Mounting noexec /run/firejail/mnt/pulse 2223 445 0:163 /pulse /run/firejail/mnt/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64 mountid=2223 fsname=/pulse dir=/run/firejail/mnt/pulse fstype=tmpfs Creating empty /home/[REDACTED]/.config/pulse directory Drop privileges: pid 4, uid 1000, gid 1000, nogroups 0 Supplementary groups: 986 Mounting /run/firejail/mnt/pulse on /home/[REDACTED]/.config/pulse 2224 680 0:163 /pulse /home/[REDACTED]/.config/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64 mountid=2224 fsname=/pulse dir=/home/[REDACTED]/.config/pulse fstype=tmpfs Current directory: /home/[REDACTED] DISPLAY=:0 parsed as 0 Install protocol filter: unix,inet,inet6,netlink configuring 22 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol Dropping all capabilities Drop privileges: pid 5, uid 1000, gid 1000, nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 04 00 c000003e jeq ARCH_64 0006 (false 0002) 0002: 20 00 00 00000000 ld data.syscall-number 0003: 15 01 00 00000167 jeq unknown 0005 (false 0004) 0004: 06 00 00 7fff0000 ret ALLOW 0005: 05 00 00 00000006 jmp 000c 0006: 20 00 00 00000004 ld data.architecture 0007: 15 01 00 c000003e jeq ARCH_64 0009 (false 0008) 0008: 06 00 00 7fff0000 ret ALLOW 0009: 20 00 00 00000000 ld data.syscall-number 000a: 15 01 00 00000029 jeq socket 000c (false 000b) 000b: 06 00 00 7fff0000 ret ALLOW 000c: 20 00 00 00000010 ld data.args[0] 000d: 15 00 01 00000001 jeq 1 000e (false 000f) 000e: 06 00 00 7fff0000 ret ALLOW 000f: 15 00 01 00000002 jeq 2 0010 (false 0011) 0010: 06 00 00 7fff0000 ret ALLOW 0011: 15 00 01 0000000a jeq a 0012 (false 0013) 0012: 06 00 00 7fff0000 ret ALLOW 0013: 15 00 01 00000010 jeq 10 0014 (false 0015) 0014: 06 00 00 7fff0000 ret ALLOW 0015: 06 00 00 0005005f ret ERRNO(95) configuring 101 seccomp entries in /run/firejail/mnt/seccomp/seccomp.32 sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.32 Dropping all capabilities Drop privileges: pid 6, uid 1000, gid 1000, nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 40000003 jeq ARCH_32 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 15 00 01 00000015 jeq 15 0005 (false 0006) 0005: 06 00 00 00000001 ret KILL 0006: 15 00 01 00000034 jeq 34 0007 (false 0008) 0007: 06 00 00 00000001 ret KILL 0008: 15 00 01 0000001a jeq 1a 0009 (false 000a) 0009: 06 00 00 00000001 ret KILL 000a: 15 00 01 0000011b jeq 11b 000b (false 000c) 000b: 06 00 00 00000001 ret KILL 000c: 15 00 01 00000155 jeq 155 000d (false 000e) 000d: 06 00 00 00000001 ret KILL 000e: 15 00 01 00000156 jeq 156 000f (false 0010) 000f: 06 00 00 00000001 ret KILL 0010: 15 00 01 0000007f jeq 7f 0011 (false 0012) 0011: 06 00 00 00000001 ret KILL 0012: 15 00 01 00000080 jeq 80 0013 (false 0014) 0013: 06 00 00 00000001 ret KILL 0014: 15 00 01 0000015e jeq 15e 0015 (false 0016) 0015: 06 00 00 00000001 ret KILL 0016: 15 00 01 00000081 jeq 81 0017 (false 0018) 0017: 06 00 00 00000001 ret KILL 0018: 15 00 01 0000006e jeq 6e 0019 (false 001a) 0019: 06 00 00 00000001 ret KILL 001a: 15 00 01 00000065 jeq 65 001b (false 001c) 001b: 06 00 00 00000001 ret KILL 001c: 15 00 01 00000121 jeq 121 001d (false 001e) 001d: 06 00 00 00000001 ret KILL 001e: 15 00 01 00000057 jeq 57 001f (false 0020) 001f: 06 00 00 00000001 ret KILL 0020: 15 00 01 00000073 jeq 73 0021 (false 0022) 0021: 06 00 00 00000001 ret KILL 0022: 15 00 01 00000067 jeq 67 0023 (false 0024) 0023: 06 00 00 00000001 ret KILL 0024: 15 00 01 0000015b jeq 15b 0025 (false 0026) 0025: 06 00 00 00000001 ret KILL 0026: 15 00 01 0000015c jeq 15c 0027 (false 0028) 0027: 06 00 00 00000001 ret KILL 0028: 15 00 01 00000087 jeq 87 0029 (false 002a) 0029: 06 00 00 00000001 ret KILL 002a: 15 00 01 00000095 jeq 95 002b (false 002c) 002b: 06 00 00 00000001 ret KILL 002c: 15 00 01 0000007c jeq 7c 002d (false 002e) 002d: 06 00 00 00000001 ret KILL 002e: 15 00 01 00000157 jeq 157 002f (false 0030) 002f: 06 00 00 00000001 ret KILL 0030: 15 00 01 000000fd jeq fd 0031 (false 0032) 0031: 06 00 00 00000001 ret KILL 0032: 15 00 01 00000150 jeq 150 0033 (false 0034) 0033: 06 00 00 00000001 ret KILL 0034: 15 00 01 00000152 jeq 152 0035 (false 0036) 0035: 06 00 00 00000001 ret KILL 0036: 15 00 01 0000015d jeq 15d 0037 (false 0038) 0037: 06 00 00 00000001 ret KILL 0038: 15 00 01 0000011e jeq 11e 0039 (false 003a) 0039: 06 00 00 00000001 ret KILL 003a: 15 00 01 0000011f jeq 11f 003b (false 003c) 003b: 06 00 00 00000001 ret KILL 003c: 15 00 01 00000120 jeq 120 003d (false 003e) 003d: 06 00 00 00000001 ret KILL 003e: 15 00 01 00000056 jeq 56 003f (false 0040) 003f: 06 00 00 00000001 ret KILL 0040: 15 00 01 00000033 jeq 33 0041 (false 0042) 0041: 06 00 00 00000001 ret KILL 0042: 15 00 01 0000007b jeq 7b 0043 (false 0044) 0043: 06 00 00 00000001 ret KILL 0044: 15 00 01 000000d9 jeq d9 0045 (false 0046) 0045: 06 00 00 00000001 ret KILL 0046: 15 00 01 000000f5 jeq f5 0047 (false 0048) 0047: 06 00 00 00000001 ret KILL 0048: 15 00 01 000000f6 jeq f6 0049 (false 004a) 0049: 06 00 00 00000001 ret KILL 004a: 15 00 01 000000f7 jeq f7 004b (false 004c) 004b: 06 00 00 00000001 ret KILL 004c: 15 00 01 000000f8 jeq f8 004d (false 004e) 004d: 06 00 00 00000001 ret KILL 004e: 15 00 01 000000f9 jeq f9 004f (false 0050) 004f: 06 00 00 00000001 ret KILL 0050: 15 00 01 00000101 jeq 101 0051 (false 0052) 0051: 06 00 00 00000001 ret KILL 0052: 15 00 01 00000112 jeq 112 0053 (false 0054) 0053: 06 00 00 00000001 ret KILL 0054: 15 00 01 00000114 jeq 114 0055 (false 0056) 0055: 06 00 00 00000001 ret KILL 0056: 15 00 01 00000126 jeq 126 0057 (false 0058) 0057: 06 00 00 00000001 ret KILL 0058: 15 00 01 0000013d jeq 13d 0059 (false 005a) 0059: 06 00 00 00000001 ret KILL 005a: 15 00 01 0000013c jeq 13c 005b (false 005c) 005b: 06 00 00 00000001 ret KILL 005c: 15 00 01 0000003d jeq 3d 005d (false 005e) 005d: 06 00 00 00000001 ret KILL 005e: 15 00 01 00000058 jeq 58 005f (false 0060) 005f: 06 00 00 00000001 ret KILL 0060: 15 00 01 000000a9 jeq a9 0061 (false 0062) 0061: 06 00 00 00000001 ret KILL 0062: 15 00 01 00000082 jeq 82 0063 (false 0064) 0063: 06 00 00 00000001 ret KILL 0064: 06 00 00 7fff0000 ret ALLOW Dual 32/64 bit seccomp filter configured Build default+drop seccomp filter sbox run: /run/firejail/lib/fseccomp default drop /run/firejail/mnt/seccomp/seccomp /run/firejail/mnt/seccomp/seccomp.postexec !chroot Dropping all capabilities Drop privileges: pid 7, uid 1000, gid 1000, nogroups 1 No supplementary groups Seccomp list in: !chroot, check list: @default-keep, prelist: unknown, sbox run: /run/firejail/lib/fsec-optimize /run/firejail/mnt/seccomp/seccomp Dropping all capabilities Drop privileges: pid 8, uid 1000, gid 1000, nogroups 1 No supplementary groups configuring 136 seccomp entries in /run/firejail/mnt/seccomp/seccomp sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp Dropping all capabilities Drop privileges: pid 9, uid 1000, gid 1000, nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005) 0005: 35 01 00 00000000 jge read 0007 (false 0006) 0006: 06 00 00 00050001 ret ERRNO(1) 0007: 15 00 01 000000a1 jeq chroot 0008 (false 0009) 0008: 06 00 00 7fff0000 ret ALLOW 0009: 15 00 01 0000009f jeq adjtimex 000a (false 000b) 000a: 06 00 00 00050001 ret ERRNO(1) 000b: 15 00 01 00000131 jeq clock_adjtime 000c (false 000d) 000c: 06 00 00 00050001 ret ERRNO(1) 000d: 15 00 01 000000e3 jeq clock_settime 000e (false 000f) 000e: 06 00 00 00050001 ret ERRNO(1) 000f: 15 00 01 000000a4 jeq settimeofday 0010 (false 0011) 0010: 06 00 00 00050001 ret ERRNO(1) 0011: 15 00 01 0000009a jeq modify_ldt 0012 (false 0013) 0012: 06 00 00 00050001 ret ERRNO(1) 0013: 15 00 01 000000d4 jeq lookup_dcookie 0014 (false 0015) 0014: 06 00 00 00050001 ret ERRNO(1) 0015: 15 00 01 0000012a jeq perf_event_open 0016 (false 0017) 0016: 06 00 00 00050001 ret ERRNO(1) 0017: 15 00 01 00000137 jeq process_vm_writev 0018 (false 0019) 0018: 06 00 00 00050001 ret ERRNO(1) 0019: 15 00 01 000000b0 jeq delete_module 001a (false 001b) 001a: 06 00 00 00050001 ret ERRNO(1) 001b: 15 00 01 00000139 jeq finit_module 001c (false 001d) 001c: 06 00 00 00050001 ret ERRNO(1) 001d: 15 00 01 000000af jeq init_module 001e (false 001f) 001e: 06 00 00 00050001 ret ERRNO(1) 001f: 15 00 01 000000a1 jeq chroot 0020 (false 0021) 0020: 06 00 00 00050001 ret ERRNO(1) 0021: 15 00 01 000000a5 jeq mount 0022 (false 0023) 0022: 06 00 00 00050001 ret ERRNO(1) 0023: 15 00 01 0000009b jeq pivot_root 0024 (false 0025) 0024: 06 00 00 00050001 ret ERRNO(1) 0025: 15 00 01 000000a6 jeq umount2 0026 (false 0027) 0026: 06 00 00 00050001 ret ERRNO(1) 0027: 15 00 01 0000009c jeq _sysctl 0028 (false 0029) 0028: 06 00 00 00050001 ret ERRNO(1) 0029: 15 00 01 000000b7 jeq afs_syscall 002a (false 002b) 002a: 06 00 00 00050001 ret ERRNO(1) 002b: 15 00 01 000000ae jeq create_module 002c (false 002d) 002c: 06 00 00 00050001 ret ERRNO(1) 002d: 15 00 01 000000b1 jeq get_kernel_syms 002e (false 002f) 002e: 06 00 00 00050001 ret ERRNO(1) 002f: 15 00 01 000000b5 jeq getpmsg 0030 (false 0031) 0030: 06 00 00 00050001 ret ERRNO(1) 0031: 15 00 01 000000b6 jeq putpmsg 0032 (false 0033) 0032: 06 00 00 00050001 ret ERRNO(1) 0033: 15 00 01 000000b2 jeq query_module 0034 (false 0035) 0034: 06 00 00 00050001 ret ERRNO(1) 0035: 15 00 01 000000b9 jeq security 0036 (false 0037) 0036: 06 00 00 00050001 ret ERRNO(1) 0037: 15 00 01 0000008b jeq sysfs 0038 (false 0039) 0038: 06 00 00 00050001 ret ERRNO(1) 0039: 15 00 01 000000b8 jeq tuxcall 003a (false 003b) 003a: 06 00 00 00050001 ret ERRNO(1) 003b: 15 00 01 00000086 jeq uselib 003c (false 003d) 003c: 06 00 00 00050001 ret ERRNO(1) 003d: 15 00 01 00000088 jeq ustat 003e (false 003f) 003e: 06 00 00 00050001 ret ERRNO(1) 003f: 15 00 01 000000ec jeq vserver 0040 (false 0041) 0040: 06 00 00 00050001 ret ERRNO(1) 0041: 15 00 01 000000ad jeq ioperm 0042 (false 0043) 0042: 06 00 00 00050001 ret ERRNO(1) 0043: 15 00 01 000000ac jeq iopl 0044 (false 0045) 0044: 06 00 00 00050001 ret ERRNO(1) 0045: 15 00 01 000000f6 jeq kexec_load 0046 (false 0047) 0046: 06 00 00 00050001 ret ERRNO(1) 0047: 15 00 01 00000140 jeq kexec_file_load 0048 (false 0049) 0048: 06 00 00 00050001 ret ERRNO(1) 0049: 15 00 01 000000a9 jeq reboot 004a (false 004b) 004a: 06 00 00 00050001 ret ERRNO(1) 004b: 15 00 01 000000a7 jeq swapon 004c (false 004d) 004c: 06 00 00 00050001 ret ERRNO(1) 004d: 15 00 01 000000a8 jeq swapoff 004e (false 004f) 004e: 06 00 00 00050001 ret ERRNO(1) 004f: 15 00 01 00000130 jeq open_by_handle_at 0050 (false 0051) 0050: 06 00 00 00050001 ret ERRNO(1) 0051: 15 00 01 0000012f jeq name_to_handle_at 0052 (false 0053) 0052: 06 00 00 00050001 ret ERRNO(1) 0053: 15 00 01 000000fb jeq ioprio_set 0054 (false 0055) 0054: 06 00 00 00050001 ret ERRNO(1) 0055: 15 00 01 00000067 jeq syslog 0056 (false 0057) 0056: 06 00 00 00050001 ret ERRNO(1) 0057: 15 00 01 0000012c jeq fanotify_init 0058 (false 0059) 0058: 06 00 00 00050001 ret ERRNO(1) 0059: 15 00 01 00000138 jeq kcmp 005a (false 005b) 005a: 06 00 00 00050001 ret ERRNO(1) 005b: 15 00 01 000000f8 jeq add_key 005c (false 005d) 005c: 06 00 00 00050001 ret ERRNO(1) 005d: 15 00 01 000000f9 jeq request_key 005e (false 005f) 005e: 06 00 00 00050001 ret ERRNO(1) 005f: 15 00 01 000000ed jeq mbind 0060 (false 0061) 0060: 06 00 00 00050001 ret ERRNO(1) 0061: 15 00 01 00000100 jeq migrate_pages 0062 (false 0063) 0062: 06 00 00 00050001 ret ERRNO(1) 0063: 15 00 01 00000117 jeq move_pages 0064 (false 0065) 0064: 06 00 00 00050001 ret ERRNO(1) 0065: 15 00 01 000000fa jeq keyctl 0066 (false 0067) 0066: 06 00 00 00050001 ret ERRNO(1) 0067: 15 00 01 000000ce jeq io_setup 0068 (false 0069) 0068: 06 00 00 00050001 ret ERRNO(1) 0069: 15 00 01 000000cf jeq io_destroy 006a (false 006b) 006a: 06 00 00 00050001 ret ERRNO(1) 006b: 15 00 01 000000d0 jeq io_getevents 006c (false 006d) 006c: 06 00 00 00050001 ret ERRNO(1) 006d: 15 00 01 000000d1 jeq io_submit 006e (false 006f) 006e: 06 00 00 00050001 ret ERRNO(1) 006f: 15 00 01 000000d2 jeq io_cancel 0070 (false 0071) 0070: 06 00 00 00050001 ret ERRNO(1) 0071: 15 00 01 000000d8 jeq remap_file_pages 0072 (false 0073) 0072: 06 00 00 00050001 ret ERRNO(1) 0073: 15 00 01 00000143 jeq userfaultfd 0074 (false 0075) 0074: 06 00 00 00050001 ret ERRNO(1) 0075: 15 00 01 000000a3 jeq acct 0076 (false 0077) 0076: 06 00 00 00050001 ret ERRNO(1) 0077: 15 00 01 00000141 jeq bpf 0078 (false 0079) 0078: 06 00 00 00050001 ret ERRNO(1) 0079: 15 00 01 000000b4 jeq nfsservctl 007a (false 007b) 007a: 06 00 00 00050001 ret ERRNO(1) 007b: 15 00 01 000000ab jeq setdomainname 007c (false 007d) 007c: 06 00 00 00050001 ret ERRNO(1) 007d: 15 00 01 000000aa jeq sethostname 007e (false 007f) 007e: 06 00 00 00050001 ret ERRNO(1) 007f: 15 00 01 00000099 jeq vhangup 0080 (false 0081) 0080: 06 00 00 00050001 ret ERRNO(1) 0081: 15 00 01 00000065 jeq ptrace 0082 (false 0083) 0082: 06 00 00 00050001 ret ERRNO(1) 0083: 15 00 01 00000087 jeq personality 0084 (false 0085) 0084: 06 00 00 00050001 ret ERRNO(1) 0085: 15 00 01 00000136 jeq process_vm_readv 0086 (false 0087) 0086: 06 00 00 00050001 ret ERRNO(1) 0087: 06 00 00 7fff0000 ret ALLOW seccomp filter configured Mounting read-only /run/firejail/mnt/seccomp 2226 445 0:163 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755,inode64 mountid=2226 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs Seccomp directory: ls /run/firejail/mnt/seccomp drwxr-xr-x root root 160 . drwxr-xr-x root root 400 .. -rw-r--r-- [REDACTED] [REDACTED] 1088 seccomp -rw-r--r-- [REDACTED] [REDACTED] 808 seccomp.32 -rw-r--r-- [REDACTED] [REDACTED] 114 seccomp.list -rw-r--r-- [REDACTED] [REDACTED] 0 seccomp.postexec -rw-r--r-- [REDACTED] [REDACTED] 0 seccomp.postexec32 -rw-r--r-- [REDACTED] [REDACTED] 176 seccomp.protocol Active seccomp files: cat /run/firejail/mnt/seccomp/seccomp.list /run/firejail/mnt/seccomp/seccomp.protocol /run/firejail/mnt/seccomp/seccomp.32 /run/firejail/mnt/seccomp/seccomp Dropping all capabilities noroot user namespace installed Dropping all capabilities NO_NEW_PRIVS set Drop privileges: pid 1, uid 1000, gid 1000, nogroups 1 No supplementary groups Warning: Cannot confine the application using AppArmor. Maybe firejail-default AppArmor profile is not loaded into the kernel. As root, run "aa-enforce firejail-default" to load it. starting application LD_PRELOAD=(null) execvp argument 0: firefox-developer-edition Child process initialized in 122.84 ms Searching $PATH for firefox-developer-edition trying #/home/[REDACTED]/.opam/easycrypt/bin/firefox-developer-edition# trying #/home/[REDACTED]/.opam/easycrypt/bin/firefox-developer-edition# trying #/home/[REDACTED]/.opam/easycrypt/bin/firefox-developer-edition# trying #/usr/local/sbin/firefox-developer-edition# trying #/usr/local/bin/firefox-developer-edition# Installing /run/firejail/mnt/seccomp/seccomp seccomp filter Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter Warning: an existing sandbox was detected. /usr/bin/firefox-developer-edition will run without any additional sandboxing features monitoring pid 10 Sandbox monitor: waitpid 10 retval 10 status 0 Sandbox monitor: monitoring 13 monitoring pid 13 Sandbox monitor: waitpid 13 retval 13 status 0 Parent is shutting down, bye... ``` </details>

gitea-mirror 2026-05-05 09:04:22 -06:00

• closed this issue
• added the
  question_old
  label

gitea-mirror commented 2026-05-05 09:04:25 -06:00

Author

Owner

Copy link

@SkewedZeppelin commented on GitHub (Dec 7, 2020):

You need to:
sudo sed -i 's/# browser-disable-u2f yes/browser-disable-u2f no/' /etc/firejail/firejail.config;

<!-- gh-comment-id:740245996 --> @SkewedZeppelin commented on GitHub (Dec 7, 2020): You need to: sudo sed -i 's/# browser-disable-u2f yes/browser-disable-u2f no/' /etc/firejail/firejail.config;

gitea-mirror commented 2026-05-05 09:04:26 -06:00

Author

Owner

Copy link

@rusty-snake commented on GitHub (Dec 8, 2020):

Should be answered.

<!-- gh-comment-id:740498539 --> @rusty-snake commented on GitHub (Dec 8, 2020): Should be answered.

gitea-mirror commented 2026-05-05 09:04:27 -06:00

Author

Owner

Copy link

@OrfeasLitos commented on GitHub (Dec 8, 2020):

This solution didn't work for me. (I also tried restarting my machine after the change). Note that I want to use WebAuthn, not u2f. Can you please open this issue again?

<!-- gh-comment-id:740525316 --> @OrfeasLitos commented on GitHub (Dec 8, 2020): This solution didn't work for me. (I also tried restarting my machine after the change). Note that I want to use [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn), not [u2f](https://en.wikipedia.org/wiki/Universal_2nd_Factor). Can you please open this issue again?

gitea-mirror commented 2026-05-05 09:04:28 -06:00

Author

Owner

Copy link

@rusty-snake commented on GitHub (Dec 8, 2020):

Note that I want to use WebAuthn, not u2f.

nou2f/browser-disable-u2f refers to the hardware (e.g. YubiKey) and not the protocol (e.g. u2f, FIDO, FIDO2, ...)

No profile and disabling firejail

• What changed calling firejail --noprofile /path/to/program in a terminal?
  No change

• What changed calling the program by path (check which <program> or firejail --list while the sandbox is running)?
  No change

It happens w/o firejail. Then it's not a firejail issue in 99% of the cases.

<!-- gh-comment-id:740532695 --> @rusty-snake commented on GitHub (Dec 8, 2020): > Note that I want to use WebAuthn, not u2f. `nou2f`/`browser-disable-u2f` refers to the hardware (e.g. YubiKey) and not the protocol (e.g. u2f, FIDO, FIDO2, ...) > **No profile and disabling firejail** > > * What changed calling `firejail --noprofile /path/to/program` in a terminal? > No change > > * What changed calling the program by path (check `which <program>` or `firejail --list` while the sandbox is running)? > No change It happens w/o firejail. Then it's _not_ a firejail issue in 99% of the cases.

gitea-mirror commented 2026-05-05 09:04:30 -06:00

Author

Owner

Copy link

@OrfeasLitos commented on GitHub (Dec 8, 2020):

I've tried the following steps and the YubiKey worked fine:

1. sudo firecfg --clean
2. reboot
3. start firefox

It stopped working again when I did sudo firecfg and rebooted. So it looks like a firejail issue.

<!-- gh-comment-id:740548528 --> @OrfeasLitos commented on GitHub (Dec 8, 2020): I've tried the following steps and the YubiKey worked fine: 1. `sudo firecfg --clean` 1. `reboot` 1. start firefox It stopped working again when I did `sudo firecfg` and rebooted. So it looks like a firejail issue.

gitea-mirror commented 2026-05-05 09:04:32 -06:00

Author

Owner

Copy link

@OrfeasLitos commented on GitHub (Dec 8, 2020):

Now that I try it again, I guess that firejail --noprofile /usr/local/bin/firefox-developer-edition did not do the intended thing (disable the sandbox), as it gave me the following warning:

Warning: an existing sandbox was detected. /usr/bin/firefox-developer-edition will run without any additional sandboxing features

It looks like it used the existing sandbox instead of turning it off.

EDIT: It definitely uses the sandbox, as Firefox doesn't have access to the filesystem.

<!-- gh-comment-id:740549505 --> @OrfeasLitos commented on GitHub (Dec 8, 2020): Now that I try it again, I guess that `firejail --noprofile /usr/local/bin/firefox-developer-edition` did not do the intended thing (disable the sandbox), as it gave me the following warning: ``` Warning: an existing sandbox was detected. /usr/bin/firefox-developer-edition will run without any additional sandboxing features ``` It looks like it used the existing sandbox instead of turning it off. EDIT: It definitely uses the sandbox, as Firefox doesn't have access to the filesystem.

gitea-mirror commented 2026-05-05 09:04:33 -06:00

Author

Owner

Copy link

@rusty-snake commented on GitHub (Dec 8, 2020):

Where was said that --noprofile disables the sandbox? It runs w/o profile.

firejail --noprofile /usr/local/bin/firefox-developer-edition

I guess that's the path to firejail (via symlink) and not to firefox? If you use firejail --noprofile /usr/bin/firefox-developer-edition, the message should be gone.

EDIT: It definitely uses the sandbox, as Firefox doesn't have access to the filesystem.

It should have access to the filesystem when using --noprofile (expections /proc, /sys, ~/.config/firejail).

I've tried the following steps and the YubiKey worked fine:

sudo firecfg --clean
reboot
start firefox

It stopped working again when I did sudo firecfg and rebooted. So it looks like a firejail issue.

Which sandboxes are running/started when you test this? (use sudo firemon)

<!-- gh-comment-id:740557032 --> @rusty-snake commented on GitHub (Dec 8, 2020): Where was said that `--noprofile` disables the sandbox? It runs w/o profile. > firejail --noprofile /usr/local/bin/firefox-developer-edition I guess that's the path to firejail (via symlink) and not to firefox? If you use `firejail --noprofile /usr/bin/firefox-developer-edition`, the message should be gone. > EDIT: It definitely uses the sandbox, as Firefox doesn't have access to the filesystem. It should have access to the filesystem when using --noprofile (expections /proc, /sys, ~/.config/firejail). > I've tried the following steps and the YubiKey worked fine: > > sudo firecfg --clean > reboot > start firefox > > It stopped working again when I did sudo firecfg and rebooted. So it looks like a firejail issue. Which sandboxes are running/started when you test this? (use `sudo firemon`)

gitea-mirror commented 2026-05-05 09:04:33 -06:00

Author

Owner

Copy link

@OrfeasLitos commented on GitHub (Dec 8, 2020):

I guess that's the path to firejail (via symlink) and not to firefox? If you use firejail --noprofile /usr/bin/firefox-developer-edition, the message should be gone.

That's correct, with firejail --noprofile /usr/bin/firefox-developer-edition the warning is gone. And /usr/local/bin/firefox-developer-edition is a symlink to firejail:

$ ls -l /usr/local/bin | grep firefox-developer-edition
lrwxrwxrwx 1 root root  17 Dec  8 11:36 firefox-developer-edition -> /usr/bin/firejail

It should have access to the filesystem when using --noprofile (expections /proc, /sys, ~/.config/firejail).

Unfortunately no filesystem access with firejail --noprofile /usr/bin/firefox-developer-edition. And /usr/bin/firefox-developer-edition is not a symlink to firejail:

$ ls -l /usr/bin | grep firefox-developer-edition
lrwxrwxrwx 1 root root            34 Nov 14 10:46 firefox -> /usr/bin/firefox-developer-edition
-rwxr-xr-x 1 root root            63 Dec  4 14:22 firefox-developer-edition

I have no firefox.local configuration in ~/.config/firejail if that's relevant.

Which sandboxes are running/started when you test this? (use sudo firemon)

before sudo firecfg --clean

878:[REDACTED]::/usr/bin/firejail /usr/bin/udiskie
  879:[REDACTED]::/usr/bin/firejail /usr/bin/udiskie
    1009:[REDACTED]::/usr/bin/python /usr/bin/udiskie
1776:[REDACTED]::/usr/bin/firejail /usr/bin/firefox-developer-edition
  1777:[REDACTED]::/usr/bin/firejail /usr/bin/firefox-developer-edition
    1784:[REDACTED]::/usr/lib/firefox-developer-edition/firefox
      1836:[REDACTED]::/usr/lib/firefox-developer-edition/firefox -contentproc -childID 1 -isForBrowser -prefsLen 1 -prefMapSize 236451 -parentBuildID 20201204095108 -appdir /usr/lib/firefox-developer-edition/browser 7 true tab
      1873:[REDACTED]::/usr/lib/firefox-developer-edition/firefox -contentproc -childID 2 -isForBrowser -prefsLen 174 -prefMapSize 236451 -parentBuildID 20201204095108 -appdir /usr/lib/firefox-developer-edition/browser 7 true tab
      1877:[REDACTED]::/usr/lib/firefox-developer-edition/firefox -contentproc -childID 3 -isForBrowser -prefsLen 174 -prefMapSize 236451 -parentBuildID 20201204095108 -appdir /usr/lib/firefox-developer-edition/browser 7 true tab
      1969:[REDACTED]::/usr/lib/firefox-developer-edition/firefox -contentproc -childID 4 -isForBrowser -prefsLen 6702 -prefMapSize 236451 -parentBuildID 20201204095108 -appdir /usr/lib/firefox-developer-edition/browser 7 true tab
      2525:[REDACTED]::/usr/lib/firefox-developer-edition/firefox -contentproc -childID 12 -isForBrowser -prefsLen 7547 -prefMapSize 236451 -parentBuildID 20201204095108 -appdir /usr/lib/firefox-developer-edition/browser 7 true tab
      2611:[REDACTED]::/usr/lib/firefox-developer-edition/firefox -contentproc -childID 13 -isForBrowser -prefsLen 7547 -prefMapSize 236451 -parentBuildID 20201204095108 -appdir /usr/lib/firefox-developer-edition/browser 7 true tab
      2859:[REDACTED]::/usr/bin/keepassxc-proxy /home/[REDACTED]/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json keepassxc-browser@keepassxc.org
      3044:[REDACTED]::/usr/lib/firefox-developer-edition/firefox -contentproc -parentBuildID 20201204095108 -prefsLen 7547 -prefMapSize 236451 -appdir /usr/lib/firefox-developer-edition/browser 7 true rdd
      3214:[REDACTED]::/usr/lib/firefox-developer-edition/firefox -contentproc -childID 15 -isForBrowser -prefsLen 7562 -prefMapSize 236451 -parentBuildID 20201204095108 -appdir /usr/lib/firefox-developer-edition/browser 7 true tab

After running sudo firecfg --clean, nothing new was printed by sudo firemon.

After rebooting, I started firemon and then did sudo firecfg. Still firemon prints nothing.

I then started firefox (with a simple firefox-developer-edition) and got this from firemon

11:37:02 exec 1339 (root) NEW SANDBOX: /usr/bin/firejail /usr/bin/firefox-developer-edition 
11:37:02 fork 1339 (root) /usr/bin/firejail /usr/bin/firefox-developer-edition 
	child 1340 /usr/bin/firejail /usr/bin/firefox-developer-edition 
11:37:02 fork 1339 (root) /usr/bin/firejail /usr/bin/firefox-developer-edition 
	child 1341 /usr/bin/firejail /usr/bin/firefox-developer-edition 
11:37:02 exit 1341 ([REDACTED])
11:37:02 fork 1340 ([REDACTED]) /usr/bin/firejail /usr/bin/firefox-developer-edition 
	child 1342 /usr/bin/firejail /usr/bin/firefox-developer-edition 
11:37:02 gid (1000:1000) 1342 ([REDACTED]) /usr/bin/firejail /usr/bin/firefox-developer-edition 
11:37:02 uid (1000:1000) 1342 ([REDACTED]) /usr/bin/firejail /usr/bin/firefox-developer-edition 
11:37:02 exec 1342 ([REDACTED]) /run/firejail/lib/fseccomp protocol build unix,inet,inet6,netlink /run/firejail/mnt/seccomp/seccomp.protocol 
11:37:02 exit 1342 ([REDACTED])
11:37:02 fork 1340 ([REDACTED]) /usr/bin/firejail /usr/bin/firefox-developer-edition 
	child 1343 /usr/bin/firejail /usr/bin/firefox-developer-edition 
11:37:02 gid (1000:1000) 1343 ([REDACTED])
11:37:02 uid (1000:1000) 1343 ([REDACTED])
11:37:02 exit 1343 ([REDACTED])
11:37:02 fork 1340 ([REDACTED]) /usr/bin/firejail /usr/bin/firefox-developer-edition 
	child 1344 /usr/bin/firejail /usr/bin/firefox-developer-edition 
11:37:02 gid (1000:1000) 1344 ([REDACTED])
11:37:02 uid (1000:1000) 1344 ([REDACTED])
11:37:02 exit 1344 ([REDACTED])
11:37:02 fork 1340 ([REDACTED]) /usr/bin/firejail /usr/bin/firefox-developer-edition 
	child 1345 /usr/bin/firejail /usr/bin/firefox-developer-edition 
11:37:02 gid (1000:1000) 1345 ([REDACTED])
11:37:02 uid (1000:1000) 1345 ([REDACTED])
11:37:02 exec 1345 ([REDACTED]) /run/firejail/lib/fseccomp default drop /run/firejail/mnt/seccomp/seccomp /run/firejail/mnt/seccomp/seccomp.postexec !chroot 
11:37:02 exit 1345 ([REDACTED])
11:37:02 fork 1340 ([REDACTED]) /usr/bin/firejail /usr/bin/firefox-developer-edition 
	child 1346 /usr/bin/firejail /usr/bin/firefox-developer-edition 
11:37:02 gid (1000:1000) 1346 ([REDACTED]) /usr/bin/firejail /usr/bin/firefox-developer-edition 
11:37:02 uid (1000:1000) 1346 ([REDACTED]) /usr/bin/firejail /usr/bin/firefox-developer-edition 
11:37:02 exec 1346 ([REDACTED]) /run/firejail/lib/fsec-optimize /run/firejail/mnt/seccomp/seccomp 
11:37:02 exit 1346 ([REDACTED])
11:37:02 fork 1340 ([REDACTED]) /usr/bin/firejail /usr/bin/firefox-developer-edition 
	child 1347 /usr/bin/firejail /usr/bin/firefox-developer-edition 
11:37:02 exec 1347 ([REDACTED]) /bin/sh /usr/bin/firefox-developer-edition 
11:37:02 exec 1347 ([REDACTED]) /usr/lib/firefox-developer-edition/firefox 
11:37:02 fork 1347 ([REDACTED]) /usr/lib/firefox-developer-edition/firefox 
	child 1349
11:37:02 exit 1349 ([REDACTED])
11:37:03 fork 1347 ([REDACTED]) /usr/lib/firefox-developer-edition/firefox 
	child 1350 /usr/lib/firefox-developer-edition/firefox 
11:37:03 exit 1350 ([REDACTED])
11:37:04 fork 1347 ([REDACTED]) /usr/lib/firefox-developer-edition/firefox 
	child 1398 /usr/lib/firefox-developer-edition/firefox 
11:37:04 fork 1398 ([REDACTED]) /usr/lib/firefox-developer-edition/firefox 
	child 1399 /usr/lib/firefox-developer-edition/firefox 
11:37:04 exec 1398 ([REDACTED]) /usr/lib/firefox-developer-edition/firefox -contentproc -childID 1 -isForBrowser -prefsLen 1 -prefMapSize 236317 -parentBuildID 20201204095108 -appdir /usr/lib/firefox-developer-edition/browser 7 true tab 
11:37:04 exit 1399 ([REDACTED])
11:37:05 fork 1347 ([REDACTED]) /usr/lib/firefox-developer-edition/firefox 
	child 1427 /usr/lib/firefox-developer-edition/firefox 
11:37:05 fork 1427 ([REDACTED]) /usr/lib/firefox-developer-edition/firefox 
	child 1428 /usr/lib/firefox-developer-edition/firefox 
11:37:05 exec 1427 ([REDACTED]) /usr/lib/firefox-developer-edition/firefox -contentproc -childID 2 -isForBrowser -prefsLen 41 -prefMapSize 236317 -parentBuildID 20201204095108 -appdir /usr/lib/firefox-developer-edition/browser 7 true tab 
11:37:05 exit 1428 ([REDACTED])
11:37:06 fork 1347 ([REDACTED]) /usr/lib/firefox-developer-edition/firefox 
	child 1461 /usr/lib/firefox-developer-edition/firefox 
11:37:06 fork 1461 ([REDACTED]) /usr/lib/firefox-developer-edition/firefox 
	child 1462 /usr/lib/firefox-developer-edition/firefox 
11:37:06 exec 1461 ([REDACTED]) /usr/lib/firefox-developer-edition/firefox -contentproc -childID 3 -isForBrowser -prefsLen 241 -prefMapSize 236317 -parentBuildID 20201204095108 -appdir /usr/lib/firefox-developer-edition/browser 7 true tab 
11:37:07 exit 1462 ([REDACTED])
11:37:07 fork 1347 ([REDACTED]) /usr/lib/firefox-developer-edition/firefox 
	child 1563 /usr/lib/firefox-developer-edition/firefox 
11:37:07 fork 1563 ([REDACTED]) /usr/lib/firefox-developer-edition/firefox 
	child 1564 /usr/lib/firefox-developer-edition/firefox 
11:37:07 exec 1563 ([REDACTED]) /usr/lib/firefox-developer-edition/firefox -contentproc -childID 4 -isForBrowser -prefsLen 6650 -prefMapSize 236317 -parentBuildID 20201204095108 -appdir /usr/lib/firefox-developer-edition/browser 7 true tab 
11:37:07 exit 1564 ([REDACTED])
11:37:09 fork 1347 ([REDACTED]) /usr/lib/firefox-developer-edition/firefox 
	child 1618 /usr/lib/firefox-developer-edition/firefox 
11:37:09 fork 1618 ([REDACTED]) /usr/lib/firefox-developer-edition/firefox 
	child 1619 /usr/lib/firefox-developer-edition/firefox 
11:37:09 exec 1618 ([REDACTED]) /usr/lib/firefox-developer-edition/firefox -contentproc -childID 5 -isForBrowser -prefsLen 7377 -prefMapSize 236317 -parentBuildID 20201204095108 -appdir /usr/lib/firefox-developer-edition/browser 7 true tab 
11:37:08 exit 1619 ([REDACTED])

Hope this helps.

---

EDIT by @rusty-snake: fix markdown inside html (requires blank lines)

<!-- gh-comment-id:740576012 --> @OrfeasLitos commented on GitHub (Dec 8, 2020): > I guess that's the path to firejail (via symlink) and not to firefox? If you use `firejail --noprofile /usr/bin/firefox-developer-edition`, the message should be gone. That's correct, with `firejail --noprofile /usr/bin/firefox-developer-edition` the warning is gone. And `/usr/local/bin/firefox-developer-edition` is a symlink to firejail: ``` $ ls -l /usr/local/bin | grep firefox-developer-edition lrwxrwxrwx 1 root root 17 Dec 8 11:36 firefox-developer-edition -> /usr/bin/firejail ``` > It should have access to the filesystem when using --noprofile (expections /proc, /sys, ~/.config/firejail). Unfortunately no filesystem access with `firejail --noprofile /usr/bin/firefox-developer-edition`. And `/usr/bin/firefox-developer-edition` is _not_ a symlink to firejail: ``` $ ls -l /usr/bin | grep firefox-developer-edition lrwxrwxrwx 1 root root 34 Nov 14 10:46 firefox -> /usr/bin/firefox-developer-edition -rwxr-xr-x 1 root root 63 Dec 4 14:22 firefox-developer-edition ``` I have no `firefox.local` configuration in `~/.config/firejail` if that's relevant. > Which sandboxes are running/started when you test this? (use `sudo firemon`) <details><summary>before <kbd>sudo firecfg --clean</kbd></summary> ``` 878:[REDACTED]::/usr/bin/firejail /usr/bin/udiskie 879:[REDACTED]::/usr/bin/firejail /usr/bin/udiskie 1009:[REDACTED]::/usr/bin/python /usr/bin/udiskie 1776:[REDACTED]::/usr/bin/firejail /usr/bin/firefox-developer-edition 1777:[REDACTED]::/usr/bin/firejail /usr/bin/firefox-developer-edition 1784:[REDACTED]::/usr/lib/firefox-developer-edition/firefox 1836:[REDACTED]::/usr/lib/firefox-developer-edition/firefox -contentproc -childID 1 -isForBrowser -prefsLen 1 -prefMapSize 236451 -parentBuildID 20201204095108 -appdir /usr/lib/firefox-developer-edition/browser 7 true tab 1873:[REDACTED]::/usr/lib/firefox-developer-edition/firefox -contentproc -childID 2 -isForBrowser -prefsLen 174 -prefMapSize 236451 -parentBuildID 20201204095108 -appdir /usr/lib/firefox-developer-edition/browser 7 true tab 1877:[REDACTED]::/usr/lib/firefox-developer-edition/firefox -contentproc -childID 3 -isForBrowser -prefsLen 174 -prefMapSize 236451 -parentBuildID 20201204095108 -appdir /usr/lib/firefox-developer-edition/browser 7 true tab 1969:[REDACTED]::/usr/lib/firefox-developer-edition/firefox -contentproc -childID 4 -isForBrowser -prefsLen 6702 -prefMapSize 236451 -parentBuildID 20201204095108 -appdir /usr/lib/firefox-developer-edition/browser 7 true tab 2525:[REDACTED]::/usr/lib/firefox-developer-edition/firefox -contentproc -childID 12 -isForBrowser -prefsLen 7547 -prefMapSize 236451 -parentBuildID 20201204095108 -appdir /usr/lib/firefox-developer-edition/browser 7 true tab 2611:[REDACTED]::/usr/lib/firefox-developer-edition/firefox -contentproc -childID 13 -isForBrowser -prefsLen 7547 -prefMapSize 236451 -parentBuildID 20201204095108 -appdir /usr/lib/firefox-developer-edition/browser 7 true tab 2859:[REDACTED]::/usr/bin/keepassxc-proxy /home/[REDACTED]/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json keepassxc-browser@keepassxc.org 3044:[REDACTED]::/usr/lib/firefox-developer-edition/firefox -contentproc -parentBuildID 20201204095108 -prefsLen 7547 -prefMapSize 236451 -appdir /usr/lib/firefox-developer-edition/browser 7 true rdd 3214:[REDACTED]::/usr/lib/firefox-developer-edition/firefox -contentproc -childID 15 -isForBrowser -prefsLen 7562 -prefMapSize 236451 -parentBuildID 20201204095108 -appdir /usr/lib/firefox-developer-edition/browser 7 true tab ``` </details> After running `sudo firecfg --clean`, nothing new was printed by `sudo firemon`. After rebooting, I started `firemon` and then did `sudo firecfg`. Still `firemon` prints nothing. <details><summary>I then started firefox (with a simple <kbd>firefox-developer-edition</kbd>) and got this from <kbd>firemon</kbd></summary> ``` 11:37:02 exec 1339 (root) NEW SANDBOX: /usr/bin/firejail /usr/bin/firefox-developer-edition 11:37:02 fork 1339 (root) /usr/bin/firejail /usr/bin/firefox-developer-edition child 1340 /usr/bin/firejail /usr/bin/firefox-developer-edition 11:37:02 fork 1339 (root) /usr/bin/firejail /usr/bin/firefox-developer-edition child 1341 /usr/bin/firejail /usr/bin/firefox-developer-edition 11:37:02 exit 1341 ([REDACTED]) 11:37:02 fork 1340 ([REDACTED]) /usr/bin/firejail /usr/bin/firefox-developer-edition child 1342 /usr/bin/firejail /usr/bin/firefox-developer-edition 11:37:02 gid (1000:1000) 1342 ([REDACTED]) /usr/bin/firejail /usr/bin/firefox-developer-edition 11:37:02 uid (1000:1000) 1342 ([REDACTED]) /usr/bin/firejail /usr/bin/firefox-developer-edition 11:37:02 exec 1342 ([REDACTED]) /run/firejail/lib/fseccomp protocol build unix,inet,inet6,netlink /run/firejail/mnt/seccomp/seccomp.protocol 11:37:02 exit 1342 ([REDACTED]) 11:37:02 fork 1340 ([REDACTED]) /usr/bin/firejail /usr/bin/firefox-developer-edition child 1343 /usr/bin/firejail /usr/bin/firefox-developer-edition 11:37:02 gid (1000:1000) 1343 ([REDACTED]) 11:37:02 uid (1000:1000) 1343 ([REDACTED]) 11:37:02 exit 1343 ([REDACTED]) 11:37:02 fork 1340 ([REDACTED]) /usr/bin/firejail /usr/bin/firefox-developer-edition child 1344 /usr/bin/firejail /usr/bin/firefox-developer-edition 11:37:02 gid (1000:1000) 1344 ([REDACTED]) 11:37:02 uid (1000:1000) 1344 ([REDACTED]) 11:37:02 exit 1344 ([REDACTED]) 11:37:02 fork 1340 ([REDACTED]) /usr/bin/firejail /usr/bin/firefox-developer-edition child 1345 /usr/bin/firejail /usr/bin/firefox-developer-edition 11:37:02 gid (1000:1000) 1345 ([REDACTED]) 11:37:02 uid (1000:1000) 1345 ([REDACTED]) 11:37:02 exec 1345 ([REDACTED]) /run/firejail/lib/fseccomp default drop /run/firejail/mnt/seccomp/seccomp /run/firejail/mnt/seccomp/seccomp.postexec !chroot 11:37:02 exit 1345 ([REDACTED]) 11:37:02 fork 1340 ([REDACTED]) /usr/bin/firejail /usr/bin/firefox-developer-edition child 1346 /usr/bin/firejail /usr/bin/firefox-developer-edition 11:37:02 gid (1000:1000) 1346 ([REDACTED]) /usr/bin/firejail /usr/bin/firefox-developer-edition 11:37:02 uid (1000:1000) 1346 ([REDACTED]) /usr/bin/firejail /usr/bin/firefox-developer-edition 11:37:02 exec 1346 ([REDACTED]) /run/firejail/lib/fsec-optimize /run/firejail/mnt/seccomp/seccomp 11:37:02 exit 1346 ([REDACTED]) 11:37:02 fork 1340 ([REDACTED]) /usr/bin/firejail /usr/bin/firefox-developer-edition child 1347 /usr/bin/firejail /usr/bin/firefox-developer-edition 11:37:02 exec 1347 ([REDACTED]) /bin/sh /usr/bin/firefox-developer-edition 11:37:02 exec 1347 ([REDACTED]) /usr/lib/firefox-developer-edition/firefox 11:37:02 fork 1347 ([REDACTED]) /usr/lib/firefox-developer-edition/firefox child 1349 11:37:02 exit 1349 ([REDACTED]) 11:37:03 fork 1347 ([REDACTED]) /usr/lib/firefox-developer-edition/firefox child 1350 /usr/lib/firefox-developer-edition/firefox 11:37:03 exit 1350 ([REDACTED]) 11:37:04 fork 1347 ([REDACTED]) /usr/lib/firefox-developer-edition/firefox child 1398 /usr/lib/firefox-developer-edition/firefox 11:37:04 fork 1398 ([REDACTED]) /usr/lib/firefox-developer-edition/firefox child 1399 /usr/lib/firefox-developer-edition/firefox 11:37:04 exec 1398 ([REDACTED]) /usr/lib/firefox-developer-edition/firefox -contentproc -childID 1 -isForBrowser -prefsLen 1 -prefMapSize 236317 -parentBuildID 20201204095108 -appdir /usr/lib/firefox-developer-edition/browser 7 true tab 11:37:04 exit 1399 ([REDACTED]) 11:37:05 fork 1347 ([REDACTED]) /usr/lib/firefox-developer-edition/firefox child 1427 /usr/lib/firefox-developer-edition/firefox 11:37:05 fork 1427 ([REDACTED]) /usr/lib/firefox-developer-edition/firefox child 1428 /usr/lib/firefox-developer-edition/firefox 11:37:05 exec 1427 ([REDACTED]) /usr/lib/firefox-developer-edition/firefox -contentproc -childID 2 -isForBrowser -prefsLen 41 -prefMapSize 236317 -parentBuildID 20201204095108 -appdir /usr/lib/firefox-developer-edition/browser 7 true tab 11:37:05 exit 1428 ([REDACTED]) 11:37:06 fork 1347 ([REDACTED]) /usr/lib/firefox-developer-edition/firefox child 1461 /usr/lib/firefox-developer-edition/firefox 11:37:06 fork 1461 ([REDACTED]) /usr/lib/firefox-developer-edition/firefox child 1462 /usr/lib/firefox-developer-edition/firefox 11:37:06 exec 1461 ([REDACTED]) /usr/lib/firefox-developer-edition/firefox -contentproc -childID 3 -isForBrowser -prefsLen 241 -prefMapSize 236317 -parentBuildID 20201204095108 -appdir /usr/lib/firefox-developer-edition/browser 7 true tab 11:37:07 exit 1462 ([REDACTED]) 11:37:07 fork 1347 ([REDACTED]) /usr/lib/firefox-developer-edition/firefox child 1563 /usr/lib/firefox-developer-edition/firefox 11:37:07 fork 1563 ([REDACTED]) /usr/lib/firefox-developer-edition/firefox child 1564 /usr/lib/firefox-developer-edition/firefox 11:37:07 exec 1563 ([REDACTED]) /usr/lib/firefox-developer-edition/firefox -contentproc -childID 4 -isForBrowser -prefsLen 6650 -prefMapSize 236317 -parentBuildID 20201204095108 -appdir /usr/lib/firefox-developer-edition/browser 7 true tab 11:37:07 exit 1564 ([REDACTED]) 11:37:09 fork 1347 ([REDACTED]) /usr/lib/firefox-developer-edition/firefox child 1618 /usr/lib/firefox-developer-edition/firefox 11:37:09 fork 1618 ([REDACTED]) /usr/lib/firefox-developer-edition/firefox child 1619 /usr/lib/firefox-developer-edition/firefox 11:37:09 exec 1618 ([REDACTED]) /usr/lib/firefox-developer-edition/firefox -contentproc -childID 5 -isForBrowser -prefsLen 7377 -prefMapSize 236317 -parentBuildID 20201204095108 -appdir /usr/lib/firefox-developer-edition/browser 7 true tab 11:37:08 exit 1619 ([REDACTED]) ``` </details> Hope this helps. ----- EDIT by @rusty-snake: fix markdown inside html (requires blank lines)

gitea-mirror commented 2026-05-05 09:04:34 -06:00

Author

Owner

Copy link

@OrfeasLitos commented on GitHub (Dec 18, 2020):

Was the issue reproducible at your end? Any other information that could help?

<!-- gh-comment-id:748019645 --> @OrfeasLitos commented on GitHub (Dec 18, 2020): Was the issue reproducible at your end? Any other information that could help?

gitea-mirror commented 2026-05-05 09:04:35 -06:00

Author

Owner

Copy link

@rusty-snake commented on GitHub (Dec 18, 2020):

I've no u2f HW, so I can only speculate. And if --noprofile runs with filesystem restrictions in $HOME, then there's something completely wrong. Because there are no other sandboxes involved, I'm out of ideas.

I have no firefox.local configuration in ~/.config/firejail if that's relevant.

What's in it?

<!-- gh-comment-id:748074016 --> @rusty-snake commented on GitHub (Dec 18, 2020): I've no u2f HW, so I can only speculate. And if `--noprofile` runs with filesystem restrictions in $HOME, then there's something completely wrong. Because there are no other sandboxes involved, I'm out of ideas. > I have no firefox.local configuration in ~/.config/firejail if that's relevant. What's in it?

gitea-mirror commented 2026-05-05 09:04:36 -06:00

Author

Owner

Copy link

@OrfeasLitos commented on GitHub (Dec 18, 2020):

➜  ~ ls .config/firejail
vlc.local
➜  ~ cat .config/firejail/vlc.local 
whitelist ${HOME}/radio

That's a list of internet radio stations :) But I guess this isn't relevant.

<!-- gh-comment-id:748076628 --> @OrfeasLitos commented on GitHub (Dec 18, 2020): ``` ➜ ~ ls .config/firejail vlc.local ➜ ~ cat .config/firejail/vlc.local whitelist ${HOME}/radio ``` That's a list of internet radio stations :) But I guess this isn't relevant.

gitea-mirror commented 2026-05-05 09:04:37 -06:00

Author

Owner

Copy link

@OrfeasLitos commented on GitHub (Dec 18, 2020):

One more thing that may be of interest is that I have installed firejail-handler-http.

<!-- gh-comment-id:748078445 --> @OrfeasLitos commented on GitHub (Dec 18, 2020): One more thing that may be of interest is that I have installed [firejail-handler-http](https://aur.archlinux.org/packages/firejail-handler-http/).

gitea-mirror commented 2026-05-05 09:04:38 -06:00

Author

Owner

Copy link

@ghost commented on GitHub (Dec 18, 2020):

One more thing that may be of interest is that I have installed firejail-handler-http.

I don't think firejail-handler-http interferes with anything related to U2F, at least it shouldn't. Perhaps you can disable it temporarily while focussing/testing/debugging the U2F issue. On a side-note, I noticed you mention using firefox-developer-edition here in this thread. It might be a good idea to check your firejail-handler-settings-http.inc and ensure it points to /usr/bin/firefox-developer-edition instead of the default /usr/bin/firefox.

<!-- gh-comment-id:748337096 --> @ghost commented on GitHub (Dec 18, 2020): > One more thing that may be of interest is that I have installed [firejail-handler-http](https://aur.archlinux.org/packages/firejail-handler-http/). I don't think firejail-handler-http interferes with anything related to U2F, at least it shouldn't. Perhaps you can disable it temporarily while focussing/testing/debugging the U2F issue. On a side-note, I noticed you mention using firefox-developer-edition here in this thread. It might be a good idea to check your firejail-handler-settings-http.inc and ensure it points to /usr/bin/firefox-developer-edition instead of the [default](https://github.com/glitsj16/firejail-handler-http/blob/master/firejail-handler-settings-http.inc#L14) /usr/bin/firefox.

gitea-mirror commented 2026-05-05 09:04:38 -06:00

Author

Owner

Copy link

@OrfeasLitos commented on GitHub (Jan 23, 2021):

Closing because the problem went away. Thanks!

<!-- gh-comment-id:766176159 --> @OrfeasLitos commented on GitHub (Jan 23, 2021): Closing because the problem went away. Thanks!

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

serialize_remounts_v2

landlock_v4

landlock

release-0.9.64

release-0.9.62

gitlab_ci

LTSbase

fred_ctests

docs

0.9.80

0.9.80-rc1

0.9.78

0.9.76

0.9.76-rc4

0.9.76-rc3

0.9.76-rc2

0.9.76-rc1

0.9.74

landlock-split

0.9.72

0.9.72rc1

0.9.70

0.9.68

0.9.68rc1

0.9.66

0.9.66rc1

0.9.64.4

0.9.64.2

0.9.64

0.9.64rc1

0.9.62.4

0.9.62.2

0.9.62

0.9.56.2-LTS

0.9.60

0.9.60-rc1

0.9.58.2

0.9.58

0.9.58-rc1

0.9.56-LTS-release

0.9.56-LTS

0.9.56

0.9.56-rc1

0.9.54

0.9.54-rc2

0.9.54-rc1

0.9.52

0.9.38.12

0.9.50

0.9.50-rc1

0.9.48

0.9.46

0.9.46-rc1

0.9.44.10

0.9.44.8

0.9.44.6

0.9.38.10

0.9.44.4

0.9.38.8

0.9.44.2

0.9.44

0.9.44-rc1

0.9.38.4

0.9.42

0.9.42-rc2

0.9.38.2

0.9.42-rc1

disable-globalcfg

0.9.40

0.9.40-rc1

0.9.38

0.9.38-rc1

0.9.36

0.9.36-rc1

0.9.34

0.9.34-rc1

0.9.32

0.9.32-rc1

0.9.30

0.9.30-rc1

Labels

Clear labels   

LTS merge

  

LTS merge

  

bug

  

bug

  

converted-to-discussion

  

doc-todo

  

documentation

  

duplicate

  

enhancement

  

file-transfer

  

firecfg

  

firejail-in-firejail

  

firetools

  

graphics

  

help wanted

  

information_old

  

installation

  

invalid

  

modif

  

moved

  

needinfo

  

networking

  

notabug

  

notourbug

  

old-version

  

overlayfs

  

packaging

  

profile-request

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question_old

  

removal

  

runtime-permissions

  

sandbox-ipc

  

security

  

stale

  

wiki

  

wiki

  

wontfix

  

wordpress

  

workaround

No labels

LTS merge

LTS merge

bug

bug

converted-to-discussion

doc-todo

documentation

duplicate

enhancement

file-transfer

firecfg

firejail-in-firejail

firetools

graphics

help wanted

information_old

installation

invalid

modif

moved

needinfo

networking

notabug

notourbug

old-version

overlayfs

packaging

profile-request

pull-request

question

question_old

removal

runtime-permissions

sandbox-ipc

security

stale

wiki

wiki

wontfix

wordpress

workaround

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2396

No description provided.