github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #3856] Jackbox games broken under firejail #2426

New issue

Closed

opened 2026-05-05 09:05:59 -06:00 by gitea-mirror · 10 comments

gitea-mirror commented

2026-05-05 09:05:59 -06:00

Owner

Originally created by @aidalgol on GitHub (Dec 31, 2020).
Original GitHub issue: https://github.com/netblue30/firejail/issues/3856

All of the Jackbox party packs via Steam run under firejail have major issues.

$ steam: the game runs without issue.
$ firejail steam: the game launches but does not get past the splash screen.
$ firejail --noprofile steam: the game runs, but the audio is just scratchy noise.
$ firejail --noprofile /usr/games/steam: the game runs ~~without issue~~, but the audio is just scratchy noise.
$ firejail /usr/games/steam: the game launches but does not get past the splash screen.

Environment

Debian 10 with kernel 5.9.0-0.bpo.2-amd64
Firejail 0.9.64, Debian package version 0.9.64-1~bpo10+1

Checklist

The upstream profile (and redirect profile if exists) have no changes fixing it.
The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
A short search for duplicates was performed.
If it is a AppImage, --profile=PROFILENAME is used to set the right profile.
Used LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 PROGRAM to get english error-messages.
Already using en_NZ.UTF-8.
I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.

debug output

Autoselecting /bin/bash as shell
Building quoted command line: 'steam' 
Command name #steam#
Found steam.profile profile in /etc/firejail directory
Found allow-java.inc profile in /etc/firejail directory
Found allow-python2.inc profile in /etc/firejail directory
Found allow-python3.inc profile in /etc/firejail directory
Found disable-common.inc profile in /etc/firejail directory
Found disable-devel.inc profile in /etc/firejail directory
Found disable-interpreters.inc profile in /etc/firejail directory
Found disable-passwdmgr.inc profile in /etc/firejail directory
Found disable-programs.inc profile in /etc/firejail directory
Found whitelist-common.inc profile in /etc/firejail directory
Found whitelist-var-common.inc profile in /etc/firejail directory
Seccomp list in: !ptrace, check list: @default-keep, prelist: unknown,
Using the local network stack
Seccomp list in: !ptrace, check list: @default-keep, prelist: unknown,
Using the local network stack
Initializing child process
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp directory
Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file
Build protocol filter: unix,inet,inet6,netlink
sbox run: /run/firejail/lib/fseccomp protocol build unix,inet,inet6,netlink /run/firejail/mnt/seccomp/seccomp.protocol 
Mounting /proc filesystem representing the PID namespace
Basic read-only filesystem:
Mounting read-only /etc
1883 1817 0:24 /etc /etc ro,relatime master:1 - zfs rpool/ROOT/debian rw,xattr,posixacl
mountid=1883 fsname=/etc dir=/etc fstype=zfs
Mounting noexec /etc
1884 1883 0:24 /etc /etc ro,nosuid,nodev,noexec,relatime master:1 - zfs rpool/ROOT/debian rw,xattr,posixacl
mountid=1884 fsname=/etc dir=/etc fstype=zfs
Mounting read-only /var
1890 1885 0:52 / /var/spool rw,relatime master:75 - zfs rpool/var/spool rw,xattr,posixacl
mountid=1890 fsname=/ dir=/var/spool fstype=zfs
Mounting read-only /var/lib/docker
1893 1891 0:136 / /var/lib/docker/containers/f8626e1450d0e838503d3a25e57b768fcc68dc2e61918bdc123d367845705b2d/mounts/shm rw,nosuid,nodev,noexec,relatime master:316 - tmpfs shm rw,size=65536k
mountid=1893 fsname=/ dir=/var/lib/docker/containers/f8626e1450d0e838503d3a25e57b768fcc68dc2e61918bdc123d367845705b2d/mounts/shm fstype=tmpfs
Mounting read-only /var/lib/docker/zfs/graph/b00ae0867909b6c1ad117e75d6df02c75e33f4d65b843ad0aab57651b1779e8e
1894 1892 0:135 / /var/lib/docker/zfs/graph/b00ae0867909b6c1ad117e75d6df02c75e33f4d65b843ad0aab57651b1779e8e ro,relatime master:310 - zfs rpool/var/lib/docker/b00ae0867909b6c1ad117e75d6df02c75e33f4d65b843ad0aab57651b1779e8e rw,xattr,posixacl
mountid=1894 fsname=/ dir=/var/lib/docker/zfs/graph/b00ae0867909b6c1ad117e75d6df02c75e33f4d65b843ad0aab57651b1779e8e fstype=zfs
Mounting read-only /var/lib/docker/containers/f8626e1450d0e838503d3a25e57b768fcc68dc2e61918bdc123d367845705b2d/mounts/shm
1895 1893 0:136 / /var/lib/docker/containers/f8626e1450d0e838503d3a25e57b768fcc68dc2e61918bdc123d367845705b2d/mounts/shm ro,nosuid,nodev,noexec,relatime master:316 - tmpfs shm rw,size=65536k
mountid=1895 fsname=/ dir=/var/lib/docker/containers/f8626e1450d0e838503d3a25e57b768fcc68dc2e61918bdc123d367845705b2d/mounts/shm fstype=tmpfs
Mounting read-only /var/log
1896 1889 0:53 / /var/log ro,relatime master:73 - zfs rpool/var/log rw,xattr,posixacl
mountid=1896 fsname=/ dir=/var/log fstype=zfs
Mounting read-only /var/spool
1897 1890 0:52 / /var/spool ro,relatime master:75 - zfs rpool/var/spool rw,xattr,posixacl
mountid=1897 fsname=/ dir=/var/spool fstype=zfs
Mounting noexec /var
1910 1909 0:52 / /var/spool ro,relatime master:75 - zfs rpool/var/spool rw,xattr,posixacl
mountid=1910 fsname=/ dir=/var/spool fstype=zfs
Mounting noexec /var/lib/docker
1915 1914 0:136 / /var/lib/docker/containers/f8626e1450d0e838503d3a25e57b768fcc68dc2e61918bdc123d367845705b2d/mounts/shm ro,nosuid,nodev,noexec,relatime master:316 - tmpfs shm rw,size=65536k
mountid=1915 fsname=/ dir=/var/lib/docker/containers/f8626e1450d0e838503d3a25e57b768fcc68dc2e61918bdc123d367845705b2d/mounts/shm fstype=tmpfs
Mounting noexec /var/lib/docker/zfs/graph/b00ae0867909b6c1ad117e75d6df02c75e33f4d65b843ad0aab57651b1779e8e
1916 1913 0:135 / /var/lib/docker/zfs/graph/b00ae0867909b6c1ad117e75d6df02c75e33f4d65b843ad0aab57651b1779e8e ro,nosuid,nodev,noexec,relatime master:310 - zfs rpool/var/lib/docker/b00ae0867909b6c1ad117e75d6df02c75e33f4d65b843ad0aab57651b1779e8e rw,xattr,posixacl
mountid=1916 fsname=/ dir=/var/lib/docker/zfs/graph/b00ae0867909b6c1ad117e75d6df02c75e33f4d65b843ad0aab57651b1779e8e fstype=zfs
Mounting noexec /var/log
1917 1908 0:53 / /var/log ro,nosuid,nodev,noexec,relatime master:73 - zfs rpool/var/log rw,xattr,posixacl
mountid=1917 fsname=/ dir=/var/log fstype=zfs
Mounting noexec /var/spool
1918 1910 0:52 / /var/spool ro,nosuid,nodev,noexec,relatime master:75 - zfs rpool/var/spool rw,xattr,posixacl
mountid=1918 fsname=/ dir=/var/spool fstype=zfs
Mounting read-only /usr
1920 1919 0:51 / /usr/local rw,relatime master:71 - zfs rpool/usr/local rw,xattr,posixacl
mountid=1920 fsname=/ dir=/usr/local fstype=zfs
Mounting read-only /usr/local
1921 1920 0:51 / /usr/local ro,relatime master:71 - zfs rpool/usr/local rw,xattr,posixacl
mountid=1921 fsname=/ dir=/usr/local fstype=zfs
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Mounting tmpfs on /var/lib/dhcp
Mounting tmpfs on /var/lib/snmp
Mounting tmpfs on /var/lib/sudo
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Cleaning /run/user directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /home/aidan/.config/firejail
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/profile
Disable /run/firejail/x11
Mounting tmpfs on /dev
mounting /run/firejail/mnt/dev/snd directory
mounting /run/firejail/mnt/dev/dri directory
mounting /run/firejail/mnt/dev/nvidia0 file
mounting /run/firejail/mnt/dev/nvidiactl file
mounting /run/firejail/mnt/dev/nvidia-modeset file
mounting /run/firejail/mnt/dev/nvidia-uvm file
Process /dev/shm directory
Generate private-tmp whitelist commands
blacklist /run/firejail/dbus
Mounting read-only /proc/sys
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/sched_debug
Disable /proc/timer_list
Disable /proc/kcore
Disable /proc/kallsyms
Disable /usr/lib/modules (requested /lib/modules)
Disable /usr/lib/debug
Disable /boot
Disable /run/user/1000/gnupg
Disable /run/user/1000/systemd
Disable /proc/kmsg
Copying files in the new /etc directory:
copying /etc/alternatives to private /etc
Creating empty /run/firejail/mnt/etc/alternatives directory
sbox run: /run/firejail/lib/fcopy /etc/alternatives /run/firejail/mnt/etc/alternatives 
copying /etc/asound.conf to private /etc
sbox run: /run/firejail/lib/fcopy /etc/asound.conf /run/firejail/mnt/etc 
copying /etc/ca-certificates to private /etc
Creating empty /run/firejail/mnt/etc/ca-certificates directory
sbox run: /run/firejail/lib/fcopy /etc/ca-certificates /run/firejail/mnt/etc/ca-certificates 
copying /etc/dbus-1 to private /etc
Creating empty /run/firejail/mnt/etc/dbus-1 directory
sbox run: /run/firejail/lib/fcopy /etc/dbus-1 /run/firejail/mnt/etc/dbus-1 
copying /etc/fonts to private /etc
Creating empty /run/firejail/mnt/etc/fonts directory
sbox run: /run/firejail/lib/fcopy /etc/fonts /run/firejail/mnt/etc/fonts 
copying /etc/group to private /etc
sbox run: /run/firejail/lib/fcopy /etc/group /run/firejail/mnt/etc 
copying /etc/gtk-2.0 to private /etc
Creating empty /run/firejail/mnt/etc/gtk-2.0 directory
sbox run: /run/firejail/lib/fcopy /etc/gtk-2.0 /run/firejail/mnt/etc/gtk-2.0 
copying /etc/gtk-3.0 to private /etc
Creating empty /run/firejail/mnt/etc/gtk-3.0 directory
sbox run: /run/firejail/lib/fcopy /etc/gtk-3.0 /run/firejail/mnt/etc/gtk-3.0 
copying /etc/host.conf to private /etc
sbox run: /run/firejail/lib/fcopy /etc/host.conf /run/firejail/mnt/etc 
copying /etc/hostname to private /etc
sbox run: /run/firejail/lib/fcopy /etc/hostname /run/firejail/mnt/etc 
copying /etc/hosts to private /etc
sbox run: /run/firejail/lib/fcopy /etc/hosts /run/firejail/mnt/etc 
copying /etc/ld.so.cache to private /etc
sbox run: /run/firejail/lib/fcopy /etc/ld.so.cache /run/firejail/mnt/etc 
copying /etc/ld.so.conf to private /etc
sbox run: /run/firejail/lib/fcopy /etc/ld.so.conf /run/firejail/mnt/etc 
copying /etc/ld.so.conf.d to private /etc
Creating empty /run/firejail/mnt/etc/ld.so.conf.d directory
sbox run: /run/firejail/lib/fcopy /etc/ld.so.conf.d /run/firejail/mnt/etc/ld.so.conf.d 
copying /etc/ld.so.preload to private /etc
sbox run: /run/firejail/lib/fcopy /etc/ld.so.preload /run/firejail/mnt/etc 
copying /etc/localtime to private /etc
sbox run: /run/firejail/lib/fcopy /etc/localtime /run/firejail/mnt/etc 
copying /etc/machine-id to private /etc
sbox run: /run/firejail/lib/fcopy /etc/machine-id /run/firejail/mnt/etc 
copying /etc/mime.types to private /etc
sbox run: /run/firejail/lib/fcopy /etc/mime.types /run/firejail/mnt/etc 
copying /etc/nvidia to private /etc
Creating empty /run/firejail/mnt/etc/nvidia directory
sbox run: /run/firejail/lib/fcopy /etc/nvidia /run/firejail/mnt/etc/nvidia 
copying /etc/os-release to private /etc
sbox run: /run/firejail/lib/fcopy /etc/os-release /run/firejail/mnt/etc 
copying /etc/passwd to private /etc
sbox run: /run/firejail/lib/fcopy /etc/passwd /run/firejail/mnt/etc 
copying /etc/pulse to private /etc
Creating empty /run/firejail/mnt/etc/pulse directory
sbox run: /run/firejail/lib/fcopy /etc/pulse /run/firejail/mnt/etc/pulse 
copying /etc/resolv.conf to private /etc
sbox run: /run/firejail/lib/fcopy /etc/resolv.conf /run/firejail/mnt/etc 
copying /etc/services to private /etc
sbox run: /run/firejail/lib/fcopy /etc/services /run/firejail/mnt/etc 
copying /etc/ssl to private /etc
Creating empty /run/firejail/mnt/etc/ssl directory
sbox run: /run/firejail/lib/fcopy /etc/ssl /run/firejail/mnt/etc/ssl 
Mount-bind /run/firejail/mnt/etc on top of /etc
Cannot find /usr/etc
Replaced whitelist path: whitelist /home/aidan/.config/unity3d
Replaced whitelist path: whitelist /home/aidan/.killingfloor
Replaced whitelist path: whitelist /home/aidan/.local/share/3909/PapersPlease
Replaced whitelist path: whitelist /home/aidan/.local/share/aspyr-media
Replaced whitelist path: whitelist /home/aidan/.local/share/cdprojektred
Replaced whitelist path: whitelist /home/aidan/.local/share/FasterThanLight
Replaced whitelist path: whitelist /home/aidan/.local/share/feral-interactive
Replaced whitelist path: whitelist /home/aidan/.local/share/IntoTheBreach
Replaced whitelist path: whitelist /home/aidan/.local/share/Paradox Interactive
Replaced whitelist path: whitelist /home/aidan/.local/share/Steam
Replaced whitelist path: whitelist /home/aidan/.local/share/SuperHexagon
Replaced whitelist path: whitelist /home/aidan/.local/share/Terraria
Replaced whitelist path: whitelist /home/aidan/.local/share/vpltd
Replaced whitelist path: whitelist /home/aidan/.local/share/vulkan
Replaced whitelist path: whitelist /home/aidan/.mbwarband
Replaced whitelist path: whitelist /home/aidan/.paradoxinteractive
Replaced whitelist path: whitelist /home/aidan/.steam
Removed whitelist/nowhitelist path: whitelist ${HOME}/.steampath
	expanded: /home/aidan/.steampath
	real path: (null)
	Replaced whitelist path: whitelist /home/aidan/.steam/steam.pid
Removed whitelist/nowhitelist path: whitelist ${HOME}/.XCompose
	expanded: /home/aidan/.XCompose
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.asoundrc
	expanded: /home/aidan/.asoundrc
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/ibus
	expanded: /home/aidan/.config/ibus
	real path: (null)
	Replaced whitelist path: whitelist /home/aidan/.config/mimeapps.list
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/pkcs11
	expanded: /home/aidan/.config/pkcs11
	real path: (null)
	Replaced whitelist path: whitelist /home/aidan/.config/user-dirs.dirs
Replaced whitelist path: whitelist /home/aidan/.config/user-dirs.locale
Removed whitelist/nowhitelist path: whitelist ${HOME}/.drirc
	expanded: /home/aidan/.drirc
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.icons
	expanded: /home/aidan/.icons
	real path: (null)
	Replaced whitelist path: whitelist /home/aidan/.local/share/applications
Replaced whitelist path: whitelist /home/aidan/.local/share/icons
Replaced whitelist path: whitelist /home/aidan/.local/share/mime
Removed whitelist/nowhitelist path: whitelist ${HOME}/.mime.types
	expanded: /home/aidan/.mime.types
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.uim.d
	expanded: /home/aidan/.uim.d
	real path: (null)
	Replaced whitelist path: whitelist /home/aidan/.config/dconf
Replaced whitelist path: whitelist /home/aidan/.cache/fontconfig
Replaced whitelist path: whitelist /home/aidan/.config/fontconfig
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fontconfig
	expanded: /home/aidan/.fontconfig
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts
	expanded: /home/aidan/.fonts
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf
	expanded: /home/aidan/.fonts.conf
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf.d
	expanded: /home/aidan/.fonts.conf.d
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.d
	expanded: /home/aidan/.fonts.d
	real path: (null)
	Replaced whitelist path: whitelist /home/aidan/.local/share/fonts
Removed whitelist/nowhitelist path: whitelist ${HOME}/.pangorc
	expanded: /home/aidan/.pangorc
	real path: (null)
	Replaced whitelist path: whitelist /home/aidan/.config/gtk-2.0
Replaced whitelist path: whitelist /home/aidan/.config/gtk-3.0
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtk-4.0
	expanded: /home/aidan/.config/gtk-4.0
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc
	expanded: /home/aidan/.config/gtkrc
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc-2.0
	expanded: /home/aidan/.config/gtkrc-2.0
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2
	expanded: /home/aidan/.gnome2
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2-private
	expanded: /home/aidan/.gnome2-private
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtk-2.0
	expanded: /home/aidan/.gtk-2.0
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtkrc
	expanded: /home/aidan/.gtkrc
	real path: (null)
	Replaced whitelist path: whitelist /home/aidan/src/dot-files/.gtkrc-2.0
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc
	expanded: /home/aidan/.kde/share/config/gtkrc
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc-2.0
	expanded: /home/aidan/.kde/share/config/gtkrc-2.0
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc
	expanded: /home/aidan/.kde4/share/config/gtkrc
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc-2.0
	expanded: /home/aidan/.kde4/share/config/gtkrc-2.0
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/themes
	expanded: /home/aidan/.local/share/themes
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.themes
	expanded: /home/aidan/.themes
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.cache/kioexec/krun
	expanded: /home/aidan/.cache/kioexec/krun
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/Kvantum
	expanded: /home/aidan/.config/Kvantum
	real path: (null)
	Replaced whitelist path: whitelist /home/aidan/.config/Trolltech.conf
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kdeglobals
	expanded: /home/aidan/.config/kdeglobals
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kio_httprc
	expanded: /home/aidan/.config/kio_httprc
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kioslaverc
	expanded: /home/aidan/.config/kioslaverc
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/ksslcablacklist
	expanded: /home/aidan/.config/ksslcablacklist
	real path: (null)
	Replaced whitelist path: whitelist /home/aidan/.config/qt5ct
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kdeglobals
	expanded: /home/aidan/.kde/share/config/kdeglobals
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kio_httprc
	expanded: /home/aidan/.kde/share/config/kio_httprc
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kioslaverc
	expanded: /home/aidan/.kde/share/config/kioslaverc
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/ksslcablacklist
	expanded: /home/aidan/.kde/share/config/ksslcablacklist
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/oxygenrc
	expanded: /home/aidan/.kde/share/config/oxygenrc
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/icons
	expanded: /home/aidan/.kde/share/icons
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kdeglobals
	expanded: /home/aidan/.kde4/share/config/kdeglobals
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kio_httprc
	expanded: /home/aidan/.kde4/share/config/kio_httprc
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kioslaverc
	expanded: /home/aidan/.kde4/share/config/kioslaverc
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/ksslcablacklist
	expanded: /home/aidan/.kde4/share/config/ksslcablacklist
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/oxygenrc
	expanded: /home/aidan/.kde4/share/config/oxygenrc
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/icons
	expanded: /home/aidan/.kde4/share/icons
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/qt5ct
	expanded: /home/aidan/.local/share/qt5ct
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist /var/lib/ca-certificates
	expanded: /var/lib/ca-certificates
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist /var/lib/menu-xdg
	expanded: /var/lib/menu-xdg
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist /var/lib/uim
	expanded: /var/lib/uim
	real path: (null)
	Replaced whitelist path: whitelist /run
Replaced whitelist path: whitelist /run/lock
Mounting tmpfs on /tmp directory
Mounting tmpfs on /var directory
Mounting a new /root directory
Mounting a new /home directory
Create a new user directory
Whitelisting /home/aidan/.config/unity3d
2114 2113 0:54 /.config/unity3d /home/aidan/.config/unity3d rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl
mountid=2114 fsname=/.config/unity3d dir=/home/aidan/.config/unity3d fstype=zfs
Whitelisting /home/aidan/.killingfloor
2115 2113 0:54 /.killingfloor /home/aidan/.killingfloor rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl
mountid=2115 fsname=/.killingfloor dir=/home/aidan/.killingfloor fstype=zfs
Whitelisting /home/aidan/.local/share/3909/PapersPlease
2116 2113 0:54 /.local/share/3909/PapersPlease /home/aidan/.local/share/3909/PapersPlease rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl
mountid=2116 fsname=/.local/share/3909/PapersPlease dir=/home/aidan/.local/share/3909/PapersPlease fstype=zfs
Whitelisting /home/aidan/.local/share/aspyr-media
2118 2113 0:54 /.local/share/aspyr-media /home/aidan/.local/share/aspyr-media rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl
mountid=2118 fsname=/.local/share/aspyr-media dir=/home/aidan/.local/share/aspyr-media fstype=zfs
Whitelisting /home/aidan/.local/share/cdprojektred
2119 2113 0:54 /.local/share/cdprojektred /home/aidan/.local/share/cdprojektred rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl
mountid=2119 fsname=/.local/share/cdprojektred dir=/home/aidan/.local/share/cdprojektred fstype=zfs
Whitelisting /home/aidan/.local/share/FasterThanLight
2120 2113 0:54 /.local/share/FasterThanLight /home/aidan/.local/share/FasterThanLight rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl
mountid=2120 fsname=/.local/share/FasterThanLight dir=/home/aidan/.local/share/FasterThanLight fstype=zfs
Whitelisting /home/aidan/.local/share/feral-interactive
2121 2113 0:54 /.local/share/feral-interactive /home/aidan/.local/share/feral-interactive rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl
mountid=2121 fsname=/.local/share/feral-interactive dir=/home/aidan/.local/share/feral-interactive fstype=zfs
Whitelisting /home/aidan/.local/share/IntoTheBreach
2122 2113 0:54 /.local/share/IntoTheBreach /home/aidan/.local/share/IntoTheBreach rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl
mountid=2122 fsname=/.local/share/IntoTheBreach dir=/home/aidan/.local/share/IntoTheBreach fstype=zfs
Whitelisting /home/aidan/.local/share/Paradox Interactive
2123 2113 0:54 /.local/share/Paradox\040Interactive /home/aidan/.local/share/Paradox\040Interactive rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl
mountid=2123 fsname=/.local/share/Paradox Interactive dir=/home/aidan/.local/share/Paradox Interactive fstype=zfs
Whitelisting /home/aidan/.local/share/Steam
2124 2113 0:54 /.local/share/Steam /home/aidan/.local/share/Steam rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl
mountid=2124 fsname=/.local/share/Steam dir=/home/aidan/.local/share/Steam fstype=zfs
Whitelisting /home/aidan/.local/share/SuperHexagon
2125 2113 0:54 /.local/share/SuperHexagon /home/aidan/.local/share/SuperHexagon rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl
mountid=2125 fsname=/.local/share/SuperHexagon dir=/home/aidan/.local/share/SuperHexagon fstype=zfs
Whitelisting /home/aidan/.local/share/Terraria
2126 2113 0:54 /.local/share/Terraria /home/aidan/.local/share/Terraria rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl
mountid=2126 fsname=/.local/share/Terraria dir=/home/aidan/.local/share/Terraria fstype=zfs
Whitelisting /home/aidan/.local/share/vpltd
2127 2113 0:54 /.local/share/vpltd /home/aidan/.local/share/vpltd rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl
mountid=2127 fsname=/.local/share/vpltd dir=/home/aidan/.local/share/vpltd fstype=zfs
Whitelisting /home/aidan/.local/share/vulkan
2128 2113 0:54 /.local/share/vulkan /home/aidan/.local/share/vulkan rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl
mountid=2128 fsname=/.local/share/vulkan dir=/home/aidan/.local/share/vulkan fstype=zfs
Whitelisting /home/aidan/.mbwarband
2129 2113 0:54 /.mbwarband /home/aidan/.mbwarband rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl
mountid=2129 fsname=/.mbwarband dir=/home/aidan/.mbwarband fstype=zfs
Whitelisting /home/aidan/.paradoxinteractive
2130 2113 0:54 /.paradoxinteractive /home/aidan/.paradoxinteractive rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl
mountid=2130 fsname=/.paradoxinteractive dir=/home/aidan/.paradoxinteractive fstype=zfs
Whitelisting /home/aidan/.steam
2131 2113 0:54 /.steam /home/aidan/.steam rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl
mountid=2131 fsname=/.steam dir=/home/aidan/.steam fstype=zfs
Whitelisting /home/aidan/.steam/steam.pid
Created symbolic link /home/aidan/.steampid -> /home/aidan/.steam/steam.pid
Whitelisting /home/aidan/.config/mimeapps.list
2132 2113 0:54 /.config/mimeapps.list /home/aidan/.config/mimeapps.list rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl
mountid=2132 fsname=/.config/mimeapps.list dir=/home/aidan/.config/mimeapps.list fstype=zfs
Whitelisting /home/aidan/.config/user-dirs.dirs
2133 2113 0:54 /.config/user-dirs.dirs /home/aidan/.config/user-dirs.dirs rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl
mountid=2133 fsname=/.config/user-dirs.dirs dir=/home/aidan/.config/user-dirs.dirs fstype=zfs
Whitelisting /home/aidan/.config/user-dirs.locale
2134 2113 0:54 /.config/user-dirs.locale /home/aidan/.config/user-dirs.locale rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl
mountid=2134 fsname=/.config/user-dirs.locale dir=/home/aidan/.config/user-dirs.locale fstype=zfs
Whitelisting /home/aidan/.local/share/applications
2135 2113 0:54 /.local/share/applications /home/aidan/.local/share/applications rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl
mountid=2135 fsname=/.local/share/applications dir=/home/aidan/.local/share/applications fstype=zfs
Whitelisting /home/aidan/.local/share/icons
2136 2113 0:54 /.local/share/icons /home/aidan/.local/share/icons rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl
mountid=2136 fsname=/.local/share/icons dir=/home/aidan/.local/share/icons fstype=zfs
Whitelisting /home/aidan/.local/share/mime
2137 2113 0:54 /.local/share/mime /home/aidan/.local/share/mime rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl
mountid=2137 fsname=/.local/share/mime dir=/home/aidan/.local/share/mime fstype=zfs
Whitelisting /home/aidan/.config/dconf
2138 2113 0:54 /.config/dconf /home/aidan/.config/dconf rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl
mountid=2138 fsname=/.config/dconf dir=/home/aidan/.config/dconf fstype=zfs
Whitelisting /home/aidan/.cache/fontconfig
2139 2113 0:54 /.cache/fontconfig /home/aidan/.cache/fontconfig rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl
mountid=2139 fsname=/.cache/fontconfig dir=/home/aidan/.cache/fontconfig fstype=zfs
Whitelisting /home/aidan/.config/fontconfig
2140 2113 0:54 /.config/fontconfig /home/aidan/.config/fontconfig rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl
mountid=2140 fsname=/.config/fontconfig dir=/home/aidan/.config/fontconfig fstype=zfs
Whitelisting /home/aidan/.local/share/fonts
2141 2113 0:54 /.local/share/fonts /home/aidan/.local/share/fonts rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl
mountid=2141 fsname=/.local/share/fonts dir=/home/aidan/.local/share/fonts fstype=zfs
Whitelisting /home/aidan/.config/gtk-2.0
2142 2113 0:54 /.config/gtk-2.0 /home/aidan/.config/gtk-2.0 rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl
mountid=2142 fsname=/.config/gtk-2.0 dir=/home/aidan/.config/gtk-2.0 fstype=zfs
Whitelisting /home/aidan/.config/gtk-3.0
2143 2113 0:54 /.config/gtk-3.0 /home/aidan/.config/gtk-3.0 rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl
mountid=2143 fsname=/.config/gtk-3.0 dir=/home/aidan/.config/gtk-3.0 fstype=zfs
Whitelisting /home/aidan/src/dot-files/.gtkrc-2.0
2144 2113 0:54 /src/dot-files/.gtkrc-2.0 /home/aidan/src/dot-files/.gtkrc-2.0 rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl
mountid=2144 fsname=/src/dot-files/.gtkrc-2.0 dir=/home/aidan/src/dot-files/.gtkrc-2.0 fstype=zfs
Created symbolic link /home/aidan/.gtkrc-2.0 -> /home/aidan/src/dot-files/.gtkrc-2.0
Whitelisting /home/aidan/.config/Trolltech.conf
2145 2113 0:54 /.config/Trolltech.conf /home/aidan/.config/Trolltech.conf rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl
mountid=2145 fsname=/.config/Trolltech.conf dir=/home/aidan/.config/Trolltech.conf fstype=zfs
Whitelisting /home/aidan/.config/qt5ct
2146 2113 0:54 /.config/qt5ct /home/aidan/.config/qt5ct rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl
mountid=2146 fsname=/.config/qt5ct dir=/home/aidan/.config/qt5ct fstype=zfs
Whitelisting /var/lib/dbus
2147 2107 0:24 /var/lib/dbus /var/lib/dbus ro,nosuid,nodev,noexec,relatime master:1 - zfs rpool/ROOT/debian rw,xattr,posixacl
mountid=2147 fsname=/var/lib/dbus dir=/var/lib/dbus fstype=zfs
Whitelisting /var/cache/fontconfig
2148 2107 0:24 /var/cache/fontconfig /var/cache/fontconfig ro,nosuid,nodev,noexec,relatime master:1 - zfs rpool/ROOT/debian rw,xattr,posixacl
mountid=2148 fsname=/var/cache/fontconfig dir=/var/cache/fontconfig fstype=zfs
Whitelisting /var/tmp
2149 2107 0:113 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw
mountid=2149 fsname=/ dir=/var/tmp fstype=tmpfs
Created symbolic link /var/run -> /run
Created symbolic link /var/lock -> /run/lock
Whitelisting /tmp/.X11-unix
2150 2080 0:43 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev master:27 - tmpfs tmpfs rw
mountid=2150 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Whitelisting /tmp/pulse-PKdhtXMmr18n
2151 2080 0:43 /pulse-PKdhtXMmr18n /tmp/pulse-PKdhtXMmr18n rw,nosuid,nodev master:27 - tmpfs tmpfs rw
mountid=2151 fsname=/pulse-PKdhtXMmr18n dir=/tmp/pulse-PKdhtXMmr18n fstype=tmpfs
Mounting read-only /home/aidan/.Xauthority
2155 2113 0:183 /aidan/.Xauthority /home/aidan/.Xauthority ro,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755
mountid=2155 fsname=/aidan/.Xauthority dir=/home/aidan/.Xauthority fstype=tmpfs
Mounting read-only /home/aidan/.config/dconf
2156 2138 0:54 /.config/dconf /home/aidan/.config/dconf ro,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl
mountid=2156 fsname=/.config/dconf dir=/home/aidan/.config/dconf fstype=zfs
Disable /usr/bin/systemd-run
Disable /usr/bin/systemd-run (requested /bin/systemd-run)
Disable /run/user/1000/systemd
Disable /run/docker.sock (requested /var/run/docker.sock)
Disable /run/rpcbind.sock (requested /var/run/rpcbind.sock)
Mounting read-only /home/aidan/.local/share/applications
2162 2135 0:54 /.local/share/applications /home/aidan/.local/share/applications ro,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl
mountid=2162 fsname=/.local/share/applications dir=/home/aidan/.local/share/applications fstype=zfs
Mounting read-only /home/aidan/.config/mimeapps.list
2163 2132 0:54 /.config/mimeapps.list /home/aidan/.config/mimeapps.list ro,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl
mountid=2163 fsname=/.config/mimeapps.list dir=/home/aidan/.config/mimeapps.list fstype=zfs
Mounting read-only /home/aidan/.config/user-dirs.dirs
2164 2133 0:54 /.config/user-dirs.dirs /home/aidan/.config/user-dirs.dirs ro,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl
mountid=2164 fsname=/.config/user-dirs.dirs dir=/home/aidan/.config/user-dirs.dirs fstype=zfs
Mounting read-only /home/aidan/.config/user-dirs.locale
2165 2134 0:54 /.config/user-dirs.locale /home/aidan/.config/user-dirs.locale ro,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl
mountid=2165 fsname=/.config/user-dirs.locale dir=/home/aidan/.config/user-dirs.locale fstype=zfs
Mounting read-only /home/aidan/.local/share/mime
2166 2137 0:54 /.local/share/mime /home/aidan/.local/share/mime ro,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl
mountid=2166 fsname=/.local/share/mime dir=/home/aidan/.local/share/mime fstype=zfs
Not blacklist /sbin
Disable /usr/local/sbin
Not blacklist /usr/sbin
Disable /usr/bin/at
Disable /usr/bin/at (requested /bin/at)
Disable /usr/bin/busybox
Disable /usr/bin/busybox (requested /bin/busybox)
Disable /usr/bin/chage
Disable /usr/bin/chage (requested /bin/chage)
Disable /usr/bin/chfn
Disable /usr/bin/chfn (requested /bin/chfn)
Disable /usr/bin/chsh
Disable /usr/bin/chsh (requested /bin/chsh)
Disable /usr/bin/crontab
Disable /usr/bin/crontab (requested /bin/crontab)
Disable /usr/bin/expiry
Disable /usr/bin/expiry (requested /bin/expiry)
Disable /usr/bin/fusermount
Disable /usr/bin/fusermount (requested /bin/fusermount)
Disable /usr/bin/gpasswd
Disable /usr/bin/gpasswd (requested /bin/gpasswd)
Disable /usr/bin/mount
Disable /usr/bin/mount (requested /bin/mount)
Disable /usr/bin/nc.openbsd (requested /usr/bin/nc)
Disable /usr/bin/nc.openbsd (requested /bin/nc)
Disable /usr/bin/newgrp
Disable /usr/bin/newgrp (requested /bin/newgrp)
Disable /usr/bin/ntfs-3g
Disable /usr/bin/ntfs-3g (requested /bin/ntfs-3g)
Disable /usr/bin/pkexec
Disable /usr/bin/pkexec (requested /bin/pkexec)
Disable /usr/bin/newgrp (requested /usr/bin/sg)
Disable /usr/bin/newgrp (requested /bin/sg)
Disable /usr/bin/strace
Disable /usr/bin/strace (requested /bin/strace)
Disable /usr/bin/su
Disable /usr/bin/su (requested /bin/su)
Disable /usr/bin/sudo
Disable /usr/bin/sudo (requested /bin/sudo)
Disable /usr/bin/umount
Disable /usr/bin/umount (requested /bin/umount)
Disable /usr/bin/xev
Disable /usr/bin/xev (requested /bin/xev)
Disable /usr/bin/xinput
Disable /usr/bin/xinput (requested /bin/xinput)
Disable /usr/bin/xfce4-terminal
Disable /usr/bin/xfce4-terminal (requested /bin/xfce4-terminal)
Disable /usr/bin/xfce4-terminal.wrapper
Disable /usr/bin/xfce4-terminal.wrapper (requested /bin/xfce4-terminal.wrapper)
Disable /run/user/1000/app
Debug: no access to file /run/user/1000/doc, forcing mount
Disable /run/user/1000/doc
Disable /run/user/1000/.dbus-proxy
Disable /run/user/1000/.flatpak
Disable /run/user/1000/.flatpak-helper
Disable /usr/share/flatpak
Disable /usr/bin/bwrap
Disable /usr/bin/bwrap (requested /bin/bwrap)
Disable /usr/bin/dig
Disable /usr/bin/dig (requested /bin/dig)
Disable /usr/bin/nslookup
Disable /usr/bin/nslookup (requested /bin/nslookup)
Disable /usr/bin/host
Disable /usr/bin/host (requested /bin/host)
Disable /usr/bin/resolvectl
Disable /usr/bin/resolvectl (requested /bin/resolvectl)
Disable /usr/lib/llvm-7/bin/clang (requested /usr/bin/clang++)
Disable /usr/lib/llvm-7/bin/clang (requested /usr/bin/clang-cpp-7)
Disable /usr/lib/llvm-7/bin/clang (requested /usr/bin/clang++-7)
Disable /usr/lib/llvm-7/bin/clang (requested /usr/bin/clang)
Disable /usr/lib/llvm-7/bin/clang (requested /usr/bin/clang-7)
Disable /usr/lib/llvm-7/bin/clang (requested /bin/clang++)
Disable /usr/lib/llvm-7/bin/clang (requested /bin/clang-cpp-7)
Disable /usr/lib/llvm-7/bin/clang (requested /bin/clang++-7)
Disable /usr/lib/llvm-7/bin/clang (requested /bin/clang)
Disable /usr/lib/llvm-7/bin/clang (requested /bin/clang-7)
Disable /usr/lib/llvm-7/bin/llvm-objcopy (requested /usr/bin/llvm-objcopy-7)
Disable /usr/lib/llvm-7/bin/llvm-cat (requested /usr/bin/llvm-cat-7)
Disable /usr/lib/llvm-7/bin/llvm-mc (requested /usr/bin/llvm-mc-7)
Disable /usr/lib/llvm-7/bin/llvm-opt-report (requested /usr/bin/llvm-opt-report-7)
Disable /usr/lib/llvm-7/bin/llvm-exegesis (requested /usr/bin/llvm-exegesis-7)
Disable /usr/lib/llvm-7/bin/llvm-bcanalyzer (requested /usr/bin/llvm-bcanalyzer-7)
Disable /usr/lib/llvm-7/bin/llvm-link (requested /usr/bin/llvm-link-7)
Disable /usr/lib/llvm-7/bin/llvm-cfi-verify (requested /usr/bin/llvm-cfi-verify-7)
Disable /usr/lib/llvm-7/bin/llvm-mca (requested /usr/bin/llvm-mca-7)
Disable /usr/lib/llvm-7/bin/llvm-size (requested /usr/bin/llvm-size-7)
Disable /usr/lib/llvm-7/bin/llvm-modextract (requested /usr/bin/llvm-modextract-7)
Disable /usr/lib/llvm-7/bin/llvm-diff (requested /usr/bin/llvm-diff-7)
Disable /usr/lib/llvm-7/bin/llvm-dis (requested /usr/bin/llvm-dis-7)
Disable /usr/lib/llvm-7/bin/llvm-stress (requested /usr/bin/llvm-stress-7)
Disable /usr/lib/llvm-7/bin/llvm-as (requested /usr/bin/llvm-as-7)
Disable /usr/lib/llvm-7/bin/llvm-ar (requested /usr/bin/llvm-ar-7)
Disable /usr/lib/llvm-7/bin/llvm-xray (requested /usr/bin/llvm-xray-7)
Disable /usr/lib/llvm-7/bin/llvm-objdump (requested /usr/bin/llvm-objdump-7)
Disable /usr/lib/llvm-7/bin/llvm-readobj (requested /usr/bin/llvm-readobj-7)
Disable /usr/lib/llvm-7/bin/llvm-strings (requested /usr/bin/llvm-strings-7)
Disable /usr/lib/llvm-7/bin/llvm-mt (requested /usr/bin/llvm-mt-7)
Disable /usr/lib/llvm-7/bin/llvm-pdbutil (requested /usr/bin/llvm-pdbutil-7)
Disable /usr/lib/llvm-7/bin/llvm-c-test (requested /usr/bin/llvm-c-test-7)
Disable /usr/lib/llvm-7/bin/llvm-split (requested /usr/bin/llvm-split-7)
Disable /usr/lib/llvm-7/bin/llvm-lto2 (requested /usr/bin/llvm-lto2-7)
Disable /usr/lib/llvm-7/bin/llvm-undname (requested /usr/bin/llvm-undname-7)
Disable /usr/lib/llvm-7/bin/llvm-rtdyld (requested /usr/bin/llvm-rtdyld-7)
Disable /usr/lib/llvm-7/bin/llvm-ar (requested /usr/bin/llvm-dlltool-7)
Disable /usr/lib/llvm-7/bin/llvm-lto (requested /usr/bin/llvm-lto-7)
Disable /usr/lib/llvm-7/bin/llvm-cxxfilt (requested /usr/bin/llvm-cxxfilt-7)
Disable /usr/lib/llvm-7/bin/llvm-cxxdump (requested /usr/bin/llvm-cxxdump-7)
Disable /usr/lib/llvm-7/bin/llvm-ar (requested /usr/bin/llvm-ranlib-7)
Disable /usr/lib/llvm-7/bin/llvm-readobj (requested /usr/bin/llvm-readelf-7)
Disable /usr/lib/llvm-7/bin/llvm-symbolizer (requested /usr/bin/llvm-symbolizer-7)
Disable /usr/lib/llvm-7/bin/llvm-profdata (requested /usr/bin/llvm-profdata-7)
Disable /usr/lib/llvm-7/bin/llvm-config (requested /usr/bin/llvm-config-7)
Disable /usr/lib/llvm-7/bin/llvm-PerfectShuffle (requested /usr/bin/llvm-PerfectShuffle-7)
Disable /usr/lib/llvm-7/bin/llvm-cvtres (requested /usr/bin/llvm-cvtres-7)
Disable /usr/lib/llvm-7/bin/llvm-objcopy (requested /usr/bin/llvm-strip-7)
Disable /usr/lib/llvm-7/bin/llvm-cov (requested /usr/bin/llvm-cov-7)
Disable /usr/lib/llvm-7/bin/llvm-dwarfdump (requested /usr/bin/llvm-dwarfdump-7)
Disable /usr/lib/llvm-7/bin/llvm-tblgen (requested /usr/bin/llvm-tblgen-7)
Disable /usr/lib/llvm-7/bin/llvm-nm (requested /usr/bin/llvm-nm-7)
Disable /usr/lib/llvm-7/bin/llvm-rc (requested /usr/bin/llvm-rc-7)
Disable /usr/lib/llvm-7/bin/llvm-dwp (requested /usr/bin/llvm-dwp-7)
Disable /usr/lib/llvm-7/bin/llvm-extract (requested /usr/bin/llvm-extract-7)
Disable /usr/lib/llvm-7/bin/llvm-ar (requested /usr/bin/llvm-lib-7)
Disable /usr/lib/llvm-7/bin/llvm-objcopy (requested /bin/llvm-objcopy-7)
Disable /usr/lib/llvm-7/bin/llvm-cat (requested /bin/llvm-cat-7)
Disable /usr/lib/llvm-7/bin/llvm-mc (requested /bin/llvm-mc-7)
Disable /usr/lib/llvm-7/bin/llvm-opt-report (requested /bin/llvm-opt-report-7)
Disable /usr/lib/llvm-7/bin/llvm-exegesis (requested /bin/llvm-exegesis-7)
Disable /usr/lib/llvm-7/bin/llvm-bcanalyzer (requested /bin/llvm-bcanalyzer-7)
Disable /usr/lib/llvm-7/bin/llvm-link (requested /bin/llvm-link-7)
Disable /usr/lib/llvm-7/bin/llvm-cfi-verify (requested /bin/llvm-cfi-verify-7)
Disable /usr/lib/llvm-7/bin/llvm-mca (requested /bin/llvm-mca-7)
Disable /usr/lib/llvm-7/bin/llvm-size (requested /bin/llvm-size-7)
Disable /usr/lib/llvm-7/bin/llvm-modextract (requested /bin/llvm-modextract-7)
Disable /usr/lib/llvm-7/bin/llvm-diff (requested /bin/llvm-diff-7)
Disable /usr/lib/llvm-7/bin/llvm-dis (requested /bin/llvm-dis-7)
Disable /usr/lib/llvm-7/bin/llvm-stress (requested /bin/llvm-stress-7)
Disable /usr/lib/llvm-7/bin/llvm-as (requested /bin/llvm-as-7)
Disable /usr/lib/llvm-7/bin/llvm-ar (requested /bin/llvm-ar-7)
Disable /usr/lib/llvm-7/bin/llvm-xray (requested /bin/llvm-xray-7)
Disable /usr/lib/llvm-7/bin/llvm-objdump (requested /bin/llvm-objdump-7)
Disable /usr/lib/llvm-7/bin/llvm-readobj (requested /bin/llvm-readobj-7)
Disable /usr/lib/llvm-7/bin/llvm-strings (requested /bin/llvm-strings-7)
Disable /usr/lib/llvm-7/bin/llvm-mt (requested /bin/llvm-mt-7)
Disable /usr/lib/llvm-7/bin/llvm-pdbutil (requested /bin/llvm-pdbutil-7)
Disable /usr/lib/llvm-7/bin/llvm-c-test (requested /bin/llvm-c-test-7)
Disable /usr/lib/llvm-7/bin/llvm-split (requested /bin/llvm-split-7)
Disable /usr/lib/llvm-7/bin/llvm-lto2 (requested /bin/llvm-lto2-7)
Disable /usr/lib/llvm-7/bin/llvm-undname (requested /bin/llvm-undname-7)
Disable /usr/lib/llvm-7/bin/llvm-rtdyld (requested /bin/llvm-rtdyld-7)
Disable /usr/lib/llvm-7/bin/llvm-ar (requested /bin/llvm-dlltool-7)
Disable /usr/lib/llvm-7/bin/llvm-lto (requested /bin/llvm-lto-7)
Disable /usr/lib/llvm-7/bin/llvm-cxxfilt (requested /bin/llvm-cxxfilt-7)
Disable /usr/lib/llvm-7/bin/llvm-cxxdump (requested /bin/llvm-cxxdump-7)
Disable /usr/lib/llvm-7/bin/llvm-ar (requested /bin/llvm-ranlib-7)
Disable /usr/lib/llvm-7/bin/llvm-readobj (requested /bin/llvm-readelf-7)
Disable /usr/lib/llvm-7/bin/llvm-symbolizer (requested /bin/llvm-symbolizer-7)
Disable /usr/lib/llvm-7/bin/llvm-profdata (requested /bin/llvm-profdata-7)
Disable /usr/lib/llvm-7/bin/llvm-config (requested /bin/llvm-config-7)
Disable /usr/lib/llvm-7/bin/llvm-PerfectShuffle (requested /bin/llvm-PerfectShuffle-7)
Disable /usr/lib/llvm-7/bin/llvm-cvtres (requested /bin/llvm-cvtres-7)
Disable /usr/lib/llvm-7/bin/llvm-objcopy (requested /bin/llvm-strip-7)
Disable /usr/lib/llvm-7/bin/llvm-cov (requested /bin/llvm-cov-7)
Disable /usr/lib/llvm-7/bin/llvm-dwarfdump (requested /bin/llvm-dwarfdump-7)
Disable /usr/lib/llvm-7/bin/llvm-tblgen (requested /bin/llvm-tblgen-7)
Disable /usr/lib/llvm-7/bin/llvm-nm (requested /bin/llvm-nm-7)
Disable /usr/lib/llvm-7/bin/llvm-rc (requested /bin/llvm-rc-7)
Disable /usr/lib/llvm-7/bin/llvm-dwp (requested /bin/llvm-dwp-7)
Disable /usr/lib/llvm-7/bin/llvm-extract (requested /bin/llvm-extract-7)
Disable /usr/lib/llvm-7/bin/llvm-ar (requested /bin/llvm-lib-7)
Disable /usr/bin/x86_64-linux-gnu-as (requested /usr/bin/as)
Disable /usr/bin/x86_64-linux-gnu-as (requested /bin/as)
Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /usr/bin/cc)
Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /bin/cc)
Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /usr/bin/c++)
Disable /usr/bin/x86_64-linux-gnu-c++filt (requested /usr/bin/c++filt)
Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /bin/c++)
Disable /usr/bin/x86_64-linux-gnu-c++filt (requested /bin/c++filt)
Disable /usr/bin/c89-gcc (requested /usr/bin/c89)
Disable /usr/bin/c89-gcc
Disable /usr/bin/c89-gcc (requested /bin/c89)
Disable /usr/bin/c89-gcc (requested /bin/c89-gcc)
Disable /usr/bin/c99-gcc (requested /usr/bin/c99)
Disable /usr/bin/c99-gcc
Disable /usr/bin/c99-gcc (requested /bin/c99)
Disable /usr/bin/c99-gcc (requested /bin/c99-gcc)
Disable /usr/bin/x86_64-linux-gnu-cpp-8 (requested /usr/bin/cpp-8)
Disable /usr/bin/x86_64-linux-gnu-cpp-8 (requested /usr/bin/cpp)
Disable /usr/bin/x86_64-linux-gnu-cpp-8 (requested /bin/cpp-8)
Disable /usr/bin/x86_64-linux-gnu-cpp-8 (requested /bin/cpp)
Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /usr/bin/g++-8)
Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /usr/bin/g++)
Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /bin/g++-8)
Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /bin/g++)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 (requested /usr/bin/gcc-ar-8)
Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /usr/bin/gcc-8)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 (requested /usr/bin/gcc-ar)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 (requested /usr/bin/gcc-ranlib-8)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 (requested /usr/bin/gcc-nm-8)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 (requested /usr/bin/gcc-ranlib)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 (requested /usr/bin/gcc-nm)
Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /usr/bin/gcc)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 (requested /bin/gcc-ar-8)
Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /bin/gcc-8)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 (requested /bin/gcc-ar)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 (requested /bin/gcc-ranlib-8)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 (requested /bin/gcc-nm-8)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 (requested /bin/gcc-ranlib)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 (requested /bin/gcc-nm)
Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /bin/gcc)
Disable /usr/bin/gdb
Disable /usr/bin/gdb (requested /bin/gdb)
Disable /usr/bin/x86_64-linux-gnu-ld.bfd (requested /usr/bin/ld)
Disable /usr/bin/x86_64-linux-gnu-ld.bfd (requested /bin/ld)
Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /usr/bin/x86_64-linux-gnu-gcc)
Disable /usr/bin/x86_64-linux-gnu-gcc-8
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 (requested /usr/bin/x86_64-linux-gnu-gcc-nm)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 (requested /usr/bin/x86_64-linux-gnu-gcc-ranlib)
Disable /usr/bin/c99-gcc
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8
Disable /usr/bin/c89-gcc
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 (requested /usr/bin/x86_64-linux-gnu-gcc-ar)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8
Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /bin/x86_64-linux-gnu-gcc)
Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /bin/x86_64-linux-gnu-gcc-8)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 (requested /bin/x86_64-linux-gnu-gcc-ar-8)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 (requested /bin/x86_64-linux-gnu-gcc-nm)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 (requested /bin/x86_64-linux-gnu-gcc-ranlib)
Disable /usr/bin/c99-gcc (requested /bin/c99-gcc)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 (requested /bin/x86_64-linux-gnu-gcc-ranlib-8)
Disable /usr/bin/c89-gcc (requested /bin/c89-gcc)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 (requested /bin/x86_64-linux-gnu-gcc-ar)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 (requested /bin/x86_64-linux-gnu-gcc-nm-8)
Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /usr/bin/x86_64-linux-gnu-g++)
Disable /usr/bin/x86_64-linux-gnu-g++-8
Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /bin/x86_64-linux-gnu-g++)
Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /bin/x86_64-linux-gnu-g++-8)
Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /usr/bin/x86_64-linux-gnu-gcc)
Disable /usr/bin/x86_64-linux-gnu-gcc-8
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 (requested /usr/bin/x86_64-linux-gnu-gcc-nm)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 (requested /usr/bin/x86_64-linux-gnu-gcc-ranlib)
Disable /usr/bin/c99-gcc
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8
Disable /usr/bin/c89-gcc
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 (requested /usr/bin/x86_64-linux-gnu-gcc-ar)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8
Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /bin/x86_64-linux-gnu-gcc)
Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /bin/x86_64-linux-gnu-gcc-8)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 (requested /bin/x86_64-linux-gnu-gcc-ar-8)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 (requested /bin/x86_64-linux-gnu-gcc-nm)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 (requested /bin/x86_64-linux-gnu-gcc-ranlib)
Disable /usr/bin/c99-gcc (requested /bin/c99-gcc)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 (requested /bin/x86_64-linux-gnu-gcc-ranlib-8)
Disable /usr/bin/c89-gcc (requested /bin/c89-gcc)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 (requested /bin/x86_64-linux-gnu-gcc-ar)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 (requested /bin/x86_64-linux-gnu-gcc-nm-8)
Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /usr/bin/x86_64-linux-gnu-g++)
Disable /usr/bin/x86_64-linux-gnu-g++-8
Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /bin/x86_64-linux-gnu-g++)
Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /bin/x86_64-linux-gnu-g++-8)
Not blacklist /home/aidan/bin/java
Not blacklist /home/aidan/.opam/system/bin/java
Not blacklist /home/aidan/.rbenv/shims/java
Not blacklist /home/aidan/.npm-global/bin/java
Not blacklist /home/aidan/.rbenv/bin/java
Not blacklist /usr/local/bin/java
Not blacklist /usr/bin/java
Not blacklist /bin/java
Not blacklist /usr/local/games/java
Not blacklist /usr/games/java
Not blacklist /etc/java
Not blacklist /usr/lib/java
Not blacklist /usr/share/java
Disable /usr/bin/openssl
Disable /usr/bin/openssl (requested /bin/openssl)
Disable /usr/bin/valgrind
Disable /usr/bin/valgrind-listener
Disable /usr/bin/valgrind.bin
Disable /usr/bin/valgrind-di-server
Disable /usr/bin/valgrind (requested /bin/valgrind)
Disable /usr/bin/valgrind-listener (requested /bin/valgrind-listener)
Disable /usr/bin/valgrind.bin (requested /bin/valgrind.bin)
Disable /usr/bin/valgrind-di-server (requested /bin/valgrind-di-server)
Disable /usr/lib/valgrind
Disable /usr/src
Disable /usr/local/src
Disable /usr/include
Disable /usr/local/include
Disable /usr/bin/luajittex
Disable /usr/bin/luatex
Disable /usr/bin/luajit
Disable /usr/bin/luatex53
Disable /usr/bin/luatex (requested /usr/bin/lualatex)
Disable /usr/bin/luajittex (requested /bin/luajittex)
Disable /usr/bin/luatex (requested /bin/luatex)
Disable /usr/bin/luajit (requested /bin/luajit)
Disable /usr/bin/luatex53 (requested /bin/luatex53)
Disable /usr/bin/luatex (requested /bin/lualatex)
Disable /usr/share/luajit-2.1.0-beta3
Disable /usr/share/lua
Disable /usr/bin/node
Disable /usr/bin/node (requested /bin/node)
Disable /usr/bin/cpan5.28-i386-linux-gnu
Disable /usr/bin/cpan5.28-x86_64-linux-gnu
Disable /usr/bin/cpan
Disable /usr/bin/cpan5.28-i386-linux-gnu (requested /bin/cpan5.28-i386-linux-gnu)
Disable /usr/bin/cpan5.28-x86_64-linux-gnu (requested /bin/cpan5.28-x86_64-linux-gnu)
Disable /usr/bin/cpan (requested /bin/cpan)
Disable /usr/bin/perl
Disable /usr/bin/perl (requested /bin/perl)
Disable /usr/share/perl-openssl-defaults
Disable /usr/share/perl5
Disable /usr/share/perl
Disable /usr/bin/ruby2.5 (requested /usr/bin/ruby)
Disable /usr/bin/ruby2.5 (requested /bin/ruby)
Disable /usr/lib/ruby
Not blacklist /home/aidan/bin/python2*
Not blacklist /home/aidan/.opam/system/bin/python2*
Not blacklist /home/aidan/.rbenv/shims/python2*
Not blacklist /home/aidan/.npm-global/bin/python2*
Not blacklist /home/aidan/.rbenv/bin/python2*
Not blacklist /usr/local/bin/python2*
Not blacklist /usr/bin/python2-futurize
Not blacklist /usr/bin/python2-pasteurize
Not blacklist /usr/bin/python2-config
Not blacklist /usr/bin/python2.7-config
Not blacklist /usr/bin/python2
Not blacklist /usr/bin/python2.7
Not blacklist /bin/python2-futurize
Not blacklist /bin/python2-pasteurize
Not blacklist /bin/python2-config
Not blacklist /bin/python2.7-config
Not blacklist /bin/python2
Not blacklist /bin/python2.7
Not blacklist /usr/local/games/python2*
Not blacklist /usr/games/python2*
Not blacklist /usr/include/python2*
Not blacklist /usr/lib/python2.6
Not blacklist /usr/lib/python2.7
Not blacklist /usr/local/lib/python2.7
Not blacklist /usr/share/python2*
Not blacklist /home/aidan/bin/python3*
Not blacklist /home/aidan/.opam/system/bin/python3*
Not blacklist /home/aidan/.rbenv/shims/python3*
Not blacklist /home/aidan/.npm-global/bin/python3*
Not blacklist /home/aidan/.rbenv/bin/python3*
Not blacklist /usr/local/bin/python3*
Not blacklist /usr/bin/python3-unidiff
Not blacklist /usr/bin/python3-tor-prompt
Not blacklist /usr/bin/python3.7m
Not blacklist /usr/bin/python3m-config
Not blacklist /usr/bin/python3m
Not blacklist /usr/bin/python3
Not blacklist /usr/bin/python3-config
Not blacklist /usr/bin/python3.7m-config
Not blacklist /usr/bin/python3-wsdump
Not blacklist /usr/bin/python3.7
Not blacklist /usr/bin/python3.7-config
Not blacklist /bin/python3-unidiff
Not blacklist /bin/python3-tor-prompt
Not blacklist /bin/python3.7m
Not blacklist /bin/python3m-config
Not blacklist /bin/python3m
Not blacklist /bin/python3
Not blacklist /bin/python3-config
Not blacklist /bin/python3.7m-config
Not blacklist /bin/python3-wsdump
Not blacklist /bin/python3.7
Not blacklist /bin/python3.7-config
Not blacklist /usr/local/games/python3*
Not blacklist /usr/games/python3*
Not blacklist /usr/include/python3*
Not blacklist /usr/lib/python3
Not blacklist /usr/lib/python3.7
Not blacklist /usr/lib64/python3*
Not blacklist /usr/local/lib/python3.7
Not blacklist /usr/share/python3
Not blacklist /home/aidan/.java
Not blacklist /home/aidan/.killingfloor
Not blacklist /home/aidan/.local/share/3909/PapersPlease
Not blacklist /home/aidan/.local/share/Steam
Not blacklist /home/aidan/.local/share/SuperHexagon
Not blacklist /home/aidan/.local/share/Terraria
N line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 04 00 c000003e   jeq ARCH_64 0006 (false 0002)
 0002: 20 00 00 00000000   ld  data.syscall-number
 0003: 15 01 00 00000167   jeq unknown 0005 (false 0004)
 0004: 06 00 00 7fff0000   ret ALLOW
 0005: 05 00 00 00000006   jmp 000c
 0006: 20 00 00 00000004   ld  data.architecture
 0007: 15 01 00 c000003e   jeq ARCH_64 0009 (false 0008)
 0008: 06 00 00 7fff0000   ret ALLOW
 0009: 20 00 00 00000000   ld  data.syscall-number
 000a: 15 01 00 00000029   jeq socket 000c (false 000b)
 000b: 06 00 00 7fff0000   ret ALLOW
 000c: 20 00 00 00000010   ld  data.args[0]
 000d: 15 00 01 00000001   jeq 1 000e (false 000f)
 000e: 06 00 00 7fff0000   ret ALLOW
 000f: 15 00 01 00000002   jeq 2 0010 (false 0011)
 0010: 06 00 00 7fff0000   ret ALLOW
 0011: 15 00 01 0000000a   jeq a 0012 (false 0013)
 0012: 06 00 00 7fff0000   ret ALLOW
 0013: 15 00 01 00000010   jeq 10 0014 (false 0015)
 0014: 06 00 00 7fff0000   ret ALLOW
 0015: 06 00 00 0005005f   ret ERRNO(95)
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 40000003   jeq ARCH_32 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 15 00 01 00000015   jeq 15 0005 (false 0006)
 0005: 06 00 00 00000001   ret KILL
 0006: 15 00 01 00000034   jeq 34 0007 (false 0008)
 0007: 06 00 00 00000001   ret KILL
 0008: 15 00 01 0000001a   jeq 1a 0009 (false 000a)
 0009: 06 00 00 00000001   ret KILL
 000a: 15 00 01 0000011b   jeq 11b 000b (false 000c)
 000b: 06 00 00 00000001   ret KILL
 000c: 15 00 01 00000155   jeq 155 000d (false 000e)
 000d: 06 00 00 00000001   ret KILL
 000e: 15 00 01 00000156   jeq 156 000f (false 0010)
 000f: 06 00 00 00000001   ret KILL
 0010: 15 00 01 0000007f   jeq 7f 0011 (false 0012)
 0011: 06 00 00 00000001   ret KILL
 0012: 15 00 01 00000080   jeq 80 0013 (false 0014)
 0013: 06 00 00 00000001   ret KILL
 0014: 15 00 01 0000015e   jeq 15e 0015 (false 0016)
 0015: 06 00 00 00000001   ret KILL
 0016: 15 00 01 00000081   jeq 81 0017 (false 0018)
 0017: 06 00 00 00000001   ret KILL
 0018: 15 00 01 0000006e   jeq 6e 0019 (false 001a)
 0019: 06 00 00 00000001   ret KILL
 001a: 15 00 01 00000065   jeq 65 001b (false 001c)
 001b: 06 00 00 00000001   ret KILL
 001c: 15 00 01 00000121   jeq 121 001d (false 001e)
 001d: 06 00 00 00000001   ret KILL
 001e: 15 00 01 00000057   jeq 57 001f (false 0020)
 001f: 06 00 00 00000001   ret KILL
 0020: 15 00 01 00000073   jeq 73 0021 (false 0022)
 0021: 06 00 00 00000001   ret KILL
 0022: 15 00 01 00000067   jeq 67 0023 (false 0024)
 0023: 06 00 00 00000001   ret KILL
 0024: 15 00 01 0000015b   jeq 15b 0025 (false 0026)
 0025: 06 00 00 00000001   ret KILL
 0026: 15 00 01 0000015c   jeq 15c 0027 (false 0028)
 0027: 06 00 00 00000001   ret KILL
 0028: 15 00 01 00000087   jeq 87 0029 (false 002a)
 0029: 06 00 00 00000001   ret KILL
 002a: 15 00 01 00000095   jeq 95 002b (false 002c)
 002b: 06 00 00 00000001   ret KILL
 002c: 15 00 01 0000007c   jeq 7c 002d (false 002e)
 002d: 06 00 00 00000001   ret KILL
 002e: 15 00 01 00000157   jeq 157 002f (false 0030)
 002f: 06 00 00 00000001   ret KILL
 0030: 15 00 01 000000fd   jeq fd 0031 (false 0032)
 0031: 06 00 00 00000001   ret KILL
 0032: 15 00 01 00000150   jeq 150 0033 (false 0034)
 0033: 06 00 00 00000001   ret KILL
 0034: 15 00 01 00000152   jeq 152 0035 (false 0036)
 0035: 06 00 00 00000001   ret KILL
 0036: 15 00 01 0000015d   jeq 15d 0037 (false 0038)
 0037: 06 00 00 00000001   ret KILL
 0038: 15 00 01 0000011e   jeq 11e 0039 (false 003a)
 0039: 06 00 00 00000001   ret KILL
 003a: 15 00 01 0000011f   jeq 11f 003b (false 003c)
 003b: 06 00 00 00000001   ret KILL
 003c: 15 00 01 00000120   jeq 120 003d (false 003e)
 003d: 06 00 00 00000001   ret KILL
 003e: 15 00 01 00000056   jeq 56 003f (false 0040)
 003f: 06 00 00 00000001   ret KILL
 0040: 15 00 01 00000033   jeq 33 0041 (false 0042)
 0041: 06 00 00 00000001   ret KILL
 0042: 15 00 01 0000007b   jeq 7b 0043 (false 0044)
 0043: 06 00 00 00000001   ret KILL
 0044: 15 00 01 000000d9   jeq d9 0045 (false 0046)
 0045: 06 00 00 00000001   ret KILL
 0046: 15 00 01 000000f5   jeq f5 0047 (false 0048)
 0047: 06 00 00 00000001   ret KILL
 0048: 15 00 01 000000f6   jeq f6 0049 (false 004a)
 0049: 06 00 00 00000001   ret KILL
 004a: 15 00 01 000000f7   jeq f7 004b (false 004c)
 004b: 06 00 00 00000001   ret KILL
 004c: 15 00 01 000000f8   jeq f8 004d (false 004e)
 004d: 06 00 00 00000001   ret KILL
 004e: 15 00 01 000000f9   jeq f9 004f (false 0050)
 004f: 06 00 00 00000001   ret KILL
 0050: 15 00 01 00000101   jeq 101 0051 (false 0052)
 0051: 06 00 00 00000001   ret KILL
 0052: 15 00 01 00000112   jeq 112 0053 (false 0054)
 0053: 06 00 00 00000001   ret KILL
 0054: 15 00 01 00000114   jeq 114 0055 (false 0056)
 0055: 06 00 00 00000001   ret KILL
 0056: 15 00 01 00000126   jeq 126 0057 (false 0058)
 0057: 06 00 00 00000001   ret KILL
 0058: 15 00 01 0000013d   jeq 13d 0059 (false 005a)
 0059: 06 00 00 00000001   ret KILL
 005a: 15 00 01 0000013c   jeq 13c 005b (false 005c)
 005b: 06 00 00 00000001   ret KILL
 005c: 15 00 01 0000003d   jeq 3d 005d (false 005e)
 005d: 06 00 00 00000001   ret KILL
 005e: 15 00 01 00000058   jeq 58 005f (false 0060)
 005f: 06 00 00 00000001   ret KILL
 0060: 15 00 01 000000a9   jeq a9 0061 (false 0062)
 0061: 06 00 00 00000001   ret KILL
 0062: 15 00 01 00000082   jeq 82 0063 (false 0064)
 0063: 06 00 00 00000001   ret KILL
 0064: 06 00 00 7fff0000   ret ALLOW
Seccomp list in: !ptrace, check list: @default-keep, prelist: unknown,
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 35 01 00 40000000   jge X32_ABI 0006 (false 0005)
 0005: 35 01 00 00000000   jge read 0007 (false 0006)
 0006: 06 00 00 00050001   ret ERRNO(1)
 0007: 15 00 01 00000065   jeq ptrace 0008 (false 0009)
 0008: 06 00 00 7fff0000   ret ALLOW
 0009: 15 00 01 0000009f   jeq adjtimex 000a (false 000b)
 000a: 06 00 00 00050001   ret ERRNO(1)
 000b: 15 00 01 00000131   jeq clock_adjtime 000c (false 000d)
 000c: 06 00 00 00050001   ret ERRNO(1)
 000d: 15 00 01 000000e3   jeq clock_settime 000e (false 000f)
 000e: 06 00 00 00050001   ret ERRNO(1)
 000f: 15 00 01 000000a4   jeq settimeofday 0010 (false 0011)
 0010: 06 00 00 00050001   ret ERRNO(1)
 0011: 15 00 01 0000009a   jeq modify_ldt 0012 (false 0013)
 0012: 06 00 00 00050001   ret ERRNO(1)
 0013: 15 00 01 000000d4   jeq lookup_dcookie 0014 (false 0015)
 0014: 06 00 00 00050001   ret ERRNO(1)
 0015: 15 00 01 0000012a   jeq perf_event_open 0016 (false 0017)
 0016: 06 00 00 00050001   ret ERRNO(1)
 0017: 15 00 01 00000137   jeq process_vm_writev 0018 (false 0019)
 0018: 06 00 00 00050001   ret ERRNO(1)
 0019: 15 00 01 000000b0   jeq delete_module 001a (false 001b)
 001a: 06 00 00 00050001   ret ERRNO(1)
 001b: 15 00 01 00000139   jeq finit_module 001c (false 001d)
 001c: 06 00 00 00050001   ret ERRNO(1)
 001d: 15 00 01 000000af   jeq init_module 001e (false 001f)
 001e: 06 00 00 00050001   ret ERRNO(1)
 001f: 15 00 01 000000a1   jeq chroot 0020 (false 0021)
 0020: 06 00 00 00050001   ret ERRNO(1)
 0021: 15 00 01 000000a5   jeq mount 0022 (false 0023)
 0022: 06 00 00 00050001   ret ERRNO(1)
 0023: 15 00 01 0000009b   jeq pivot_root 0024 (false 0025)
 0024: 06 00 00 00050001   ret ERRNO(1)
 0025: 15 00 01 000000a6   jeq umount2 0026 (false 0027)
 0026: 06 00 00 00050001   ret ERRNO(1)
 0027: 15 00 01 0000009c   jeq _sysctl 0028 (false 0029)
 0028: 06 00 00 00050001   ret ERRNO(1)
 0029: 15 00 01 000000b7   jeq afs_syscall 002a (false 002b)
 002a: 06 00 00 00050001   ret ERRNO(1)
 002b: 15 00 01 000000ae   jeq create_module 002c (false 002d)
 002c: 06 00 00 00050001   ret ERRNO(1)
 002d: 15 00 01 000000b1   jeq get_kernel_syms 002e (false 002f)
 002e: 06 00 00 00050001   ret ERRNO(1)
 002f: 15 00 01 000000b5   jeq getpmsg 0030 (false 0031)
 0030: 06 00 00 00050001   ret ERRNO(1)
 0031: 15 00 01 000000b6   jeq putpmsg 0032 (false 0033)
 0032: 06 00 00 00050001   ret ERRNO(1)
 0033: 15 00 01 000000b2   jeq query_module 0034 (false 0035)
 0034: 06 00 00 00050001   ret ERRNO(1)
 0035: 15 00 01 000000b9   jeq security 0036 (false 0037)
 0036: 06 00 00 00050001   ret ERRNO(1)
 0037: 15 00 01 0000008b   jeq sysfs 0038 (false 0039)
 0038: 06 00 00 00050001   ret ERRNO(1)
 0039: 15 00 01 000000b8   jeq tuxcall 003a (false 003b)
 003a: 06 00 00 00050001   ret ERRNO(1)
 003b: 15 00 01 00000086   jeq uselib 003c (false 003d)
 003c: 06 00 00 00050001   ret ERRNO(1)
 003d: 15 00 01 00000088   jeq ustat 003e (false 003f)
 003e: 06 00 00 00050001   ret ERRNO(1)
 003f: 15 00 01 000000ec   jeq vserver 0040 (false 0041)
 0040: 06 00 00 00050001   ret ERRNO(1)
 0041: 15 00 01 000000ad   jeq ioperm 0042 (false 0043)
 0042: 06 00 00 00050001   ret ERRNO(1)
 0043: 15 00 01 000000ac   jeq iopl 0044 (false 0045)
 0044: 06 00 00 00050001   ret ERRNO(1)
 0045: 15 00 01 000000f6   jeq kexec_load 0046 (false 0047)
 0046: 06 00 00 00050001   ret ERRNO(1)
 0047: 15 00 01 00000140   jeq kexec_file_load 0048 (false 0049)
 0048: 06 00 00 00050001   ret ERRNO(1)
 0049: 15 00 01 000000a9   jeq reboot 004a (false 004b)
 004a: 06 00 00 00050001   ret ERRNO(1)
 004b: 15 00 01 000000a7   jeq swapon 004c (false 004d)
 004c: 06 00 00 00050001   ret ERRNO(1)
 004d: 15 00 01 000000a8   jeq swapoff 004e (false 004f)
 004e: 06 00 00 00050001   ret ERRNO(1)
 004f: 15 00 01 00000130   jeq open_by_handle_at 0050 (false 0051)
 0050: 06 00 00 00050001   ret ERRNO(1)
 0051: 15 00 01 0000012f   jeq name_to_handle_at 0052 (false 0053)
 0052: 06 00 00 00050001   ret ERRNO(1)
 0053: 15 00 01 000000fb   jeq ioprio_set 0054 (false 0055)
 0054: 06 00 00 00050001   ret ERRNO(1)
 0055: 15 00 01 00000067   jeq syslog 0056 (false 0057)
 0056: 06 00 00 00050001   ret ERRNO(1)
 0057: 15 00 01 0000012c   jeq fanotify_init 0058 (false 0059)
 0058: 06 00 00 00050001   ret ERRNO(1)
 0059: 15 00 01 00000138   jeq kcmp 005a (false 005b)
 005a: 06 00 00 00050001   ret ERRNO(1)
 005b: 15 00 01 000000f8   jeq add_key 005c (false 005d)
 005c: 06 00 00 00050001   ret ERRNO(1)
 005d: 15 00 01 000000f9   jeq request_key 005e (false 005f)
 005e: 06 00 00 00050001   ret ERRNO(1)
 005f: 15 00 01 000000ed   jeq mbind 0060 (false 0061)
 0060: 06 00 00 00050001   ret ERRNO(1)
 0061: 15 00 01 00000100   jeq migrate_pages 0062 (false 0063)
 0062: 06 00 00 00050001   ret ERRNO(1)
 0063: 15 00 01 00000117   jeq move_pages 0064 (false 0065)
 0064: 06 00 00 00050001   ret ERRNO(1)
 0065: 15 00 01 000000fa   jeq keyctl 0066 (false 0067)
 0066: 06 00 00 00050001   ret ERRNO(1)
 0067: 15 00 01 000000ce   jeq io_setup 0068 (false 0069)
 0068: 06 00 00 00050001   ret ERRNO(1)
 0069: 15 00 01 000000cf   jeq io_destroy 006a (false 006b)
 006a: 06 00 00 00050001   ret ERRNO(1)
 006b: 15 00 01 000000d0   jeq io_getevents 006c (false 006d)
 006c: 06 00 00 00050001   ret ERRNO(1)
 006d: 15 00 01 000000d1   jeq io_submit 006e (false 006f)
 006e: 06 00 00 00050001   ret ERRNO(1)
 006f: 15 00 01 000000d2   jeq io_cancel 0070 (false 0071)
 0070: 06 00 00 00050001   ret ERRNO(1)
 0071: 15 00 01 000000d8   jeq remap_file_pages 0072 (false 0073)
 0072: 06 00 00 00050001   ret ERRNO(1)
 0073: 15 00 01 00000143   jeq userfaultfd 0074 (false 0075)
 0074: 06 00 00 00050001   ret ERRNO(1)
 0075: 15 00 01 000000a3   jeq acct 0076 (false 0077)
 0076: 06 00 00 00050001   ret ERRNO(1)
 0077: 15 00 01 00000141   jeq bpf 0078 (false 0079)
 0078: 06 00 00 00050001   ret ERRNO(1)
 0079: 15 00 01 000000b4   jeq nfsservctl 007a (false 007b)
 007a: 06 00 00 00050001   ret ERRNO(1)
 007b: 15 00 01 000000ab   jeq setdomainname 007c (false 007d)
 007c: 06 00 00 00050001   ret ERRNO(1)
 007d: 15 00 01 000000aa   jeq sethostname 007e (false 007f)
 007e: 06 00 00 00050001   ret ERRNO(1)
 007f: 15 00 01 00000099   jeq vhangup 0080 (false 0081)
 0080: 06 00 00 00050001   ret ERRNO(1)
 0081: 15 00 01 00000065   jeq ptrace 0082 (false 0083)
 0082: 06 00 00 00050001   ret ERRNO(1)
 0083: 15 00 01 00000087   jeq personality 0084 (false 0085)
 0084: 06 00 00 00050001   ret ERRNO(1)
 0085: 15 00 01 00000136   jeq process_vm_readv 0086 (false 0087)
 0086: 06 00 00 00050001   ret ERRNO(1)
 0087: 06 00 00 7fff0000   ret ALLOW
ot blacklist /home/aidan/.local/share/aspyr-media
Not blacklist /home/aidan/.local/share/cdprojektred
Not blacklist /home/aidan/.local/share/FasterThanLight
Not blacklist /home/aidan/.local/share/feral-interactive
Not blacklist /home/aidan/.local/share/IntoTheBreach
Not blacklist /home/aidan/.local/share/Paradox Interactive
Not blacklist /home/aidan/.local/share/vpltd
Not blacklist /home/aidan/.local/share/vulkan
Not blacklist /home/aidan/.mbwarband
Not blacklist /home/aidan/.paradoxinteractive
Not blacklist /home/aidan/.steam
Not blacklist /home/aidan/.steampath
Not blacklist /home/aidan/.steampid
Mounting read-only /tmp/.X11-unix
3719 2150 0:43 /.X11-unix /tmp/.X11-unix ro,nosuid,nodev master:27 - tmpfs tmpfs rw
mountid=3719 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Disable /sys/fs
Disable /sys/module
Mounting noexec /run/firejail/mnt/pulse
3722 1880 0:110 /pulse /run/firejail/mnt/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755
mountid=3722 fsname=/pulse dir=/run/firejail/mnt/pulse fstype=tmpfs
Creating empty /home/aidan/.config/pulse directory
Mounting /run/firejail/mnt/pulse on /home/aidan/.config/pulse
3723 2113 0:110 /pulse /home/aidan/.config/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755
mountid=3723 fsname=/pulse dir=/home/aidan/.config/pulse fstype=tmpfs
Current directory: /home/aidan
Install protocol filter: unix,inet,inet6,netlink
configuring 22 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol 
configuring 101 seccomp entries in /run/firejail/mnt/seccomp/seccomp.32
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.32 
Dual 32/64 bit seccomp filter configured
Build default+drop seccomp filter
sbox run: /run/firejail/lib/fseccomp default drop /run/firejail/mnt/seccomp/seccomp /run/firejail/mnt/seccomp/seccomp.postexec !ptrace 
sbox run: /run/firejail/lib/fsec-optimize /run/firejail/mnt/seccomp/seccomp 
configuring 136 seccomp entries in /run/firejail/mnt/seccomp/seccomp
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp 
seccomp filter configured
Mounting read-only /run/firejail/mnt/seccomp
3725 1880 0:110 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755
mountid=3725 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs
Seccomp directory:
ls /run/firejail/mnt/seccomp
drwxr-xr-x root     root             160 .
drwxr-xr-x root     root             380 ..
-rw-r--r-- aidan    aidan           1088 seccomp
-rw-r--r-- aidan    aidan            808 seccomp.32
-rw-r--r-- aidan    aidan            114 seccomp.list
-rw-r--r-- aidan    aidan              0 seccomp.postexec
-rw-r--r-- aidan    aidan              0 seccomp.postexec32
-rw-r--r-- aidan    aidan            176 seccomp.protocol
Active seccomp files:
cat /run/firejail/mnt/seccomp/seccomp.list
/run/firejail/mnt/seccomp/seccomp.protocol
/run/firejail/mnt/seccomp/seccomp.32
/run/firejail/mnt/seccomp/seccomp
Dropping all capabilities
noroot user namespace installed
Dropping all capabilities
NO_NEW_PRIVS set
Drop privileges: pid 1, uid 1000, gid 1000, nogroups 0
starting application
LD_PRELOAD=(null)
execvp argument 0: steam
Running Steam on debian 10 64-bit
STEAM_RUNTIME is enabled automatically
Pins up-to-date!
Steam client's requirements are satisfied
/home/aidan/.steam/debian-installation/ubuntu12_32/steam -nominidumps -nobreakpad
STEAM_RUNTIME_HEAVY: ./steam-runtime-heavy
Using OPTIONS="-cafile /etc/ssl/certs/ca-certificates.crt"
WARNING: setlocale('en_US.UTF-8') failed, using locale: 'C'. International characters may not work.
[2020-12-31 19:32:45] Startup - updater built Dec 20 2020 23:07:02
[2020-12-31 19:32:45] Loading cached metrics from disk (/home/aidan/.steam/debian-installation/package/steam_client_metrics.bin)
[2020-12-31 19:32:45] Using the following download hosts for Public, Realm steamglobal
[2020-12-31 19:32:45] 1. https://steamcdn-a.akamaihd.net, /client/, Realm 'steamglobal', weight was 100, source = 'update_hosts_cached.vdf'
[2020-12-31 19:32:45] Verifying installation...
[2020-12-31 19:32:45] Verification complete
[2020-12-31 19:33:37] Shutdown

Originally created by @aidalgol on GitHub (Dec 31, 2020). Original GitHub issue: https://github.com/netblue30/firejail/issues/3856 All of the [Jackbox party packs via Steam](https://store.steampowered.com/franchise/jackboxgames) run under firejail have major issues. - `$ steam`: the game runs without issue. - `$ firejail steam`: the game launches but does not get past the splash screen. - `$ firejail --noprofile steam`: the game runs, but the audio is just scratchy noise. - `$ firejail --noprofile /usr/games/steam`: the game runs ~~without issue~~, but the audio is just scratchy noise. - `$ firejail /usr/games/steam`: the game launches but does not get past the splash screen. **Environment** - Debian 10 with kernel 5.9.0-0.bpo.2-amd64 - Firejail 0.9.64, Debian package version 0.9.64-1~bpo10+1 **Checklist** - [x] The upstream profile (and redirect profile if exists) have no changes fixing it. - [x] The program has a profile. (If not, request one in `https://github.com/netblue30/firejail/issues/1139`) - [x] A short search for duplicates was performed. - [x] If it is a AppImage, `--profile=PROFILENAME` is used to set the right profile. - [ ] Used `LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 PROGRAM` to get english error-messages. Already using en_NZ.UTF-8. - [x] I'm aware of `browser-allow-drm yes`/`browser-disable-u2f no` in `firejail.config` to allow DRM/U2F in browsers. <details><summary> debug output </summary> ``` Autoselecting /bin/bash as shell Building quoted command line: 'steam' Command name #steam# Found steam.profile profile in /etc/firejail directory Found allow-java.inc profile in /etc/firejail directory Found allow-python2.inc profile in /etc/firejail directory Found allow-python3.inc profile in /etc/firejail directory Found disable-common.inc profile in /etc/firejail directory Found disable-devel.inc profile in /etc/firejail directory Found disable-interpreters.inc profile in /etc/firejail directory Found disable-passwdmgr.inc profile in /etc/firejail directory Found disable-programs.inc profile in /etc/firejail directory Found whitelist-common.inc profile in /etc/firejail directory Found whitelist-var-common.inc profile in /etc/firejail directory Seccomp list in: !ptrace, check list: @default-keep, prelist: unknown, Using the local network stack Seccomp list in: !ptrace, check list: @default-keep, prelist: unknown, Using the local network stack Initializing child process PID namespace installed Mounting tmpfs on /run/firejail/mnt directory Creating empty /run/firejail/mnt/seccomp directory Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file Build protocol filter: unix,inet,inet6,netlink sbox run: /run/firejail/lib/fseccomp protocol build unix,inet,inet6,netlink /run/firejail/mnt/seccomp/seccomp.protocol Mounting /proc filesystem representing the PID namespace Basic read-only filesystem: Mounting read-only /etc 1883 1817 0:24 /etc /etc ro,relatime master:1 - zfs rpool/ROOT/debian rw,xattr,posixacl mountid=1883 fsname=/etc dir=/etc fstype=zfs Mounting noexec /etc 1884 1883 0:24 /etc /etc ro,nosuid,nodev,noexec,relatime master:1 - zfs rpool/ROOT/debian rw,xattr,posixacl mountid=1884 fsname=/etc dir=/etc fstype=zfs Mounting read-only /var 1890 1885 0:52 / /var/spool rw,relatime master:75 - zfs rpool/var/spool rw,xattr,posixacl mountid=1890 fsname=/ dir=/var/spool fstype=zfs Mounting read-only /var/lib/docker 1893 1891 0:136 / /var/lib/docker/containers/f8626e1450d0e838503d3a25e57b768fcc68dc2e61918bdc123d367845705b2d/mounts/shm rw,nosuid,nodev,noexec,relatime master:316 - tmpfs shm rw,size=65536k mountid=1893 fsname=/ dir=/var/lib/docker/containers/f8626e1450d0e838503d3a25e57b768fcc68dc2e61918bdc123d367845705b2d/mounts/shm fstype=tmpfs Mounting read-only /var/lib/docker/zfs/graph/b00ae0867909b6c1ad117e75d6df02c75e33f4d65b843ad0aab57651b1779e8e 1894 1892 0:135 / /var/lib/docker/zfs/graph/b00ae0867909b6c1ad117e75d6df02c75e33f4d65b843ad0aab57651b1779e8e ro,relatime master:310 - zfs rpool/var/lib/docker/b00ae0867909b6c1ad117e75d6df02c75e33f4d65b843ad0aab57651b1779e8e rw,xattr,posixacl mountid=1894 fsname=/ dir=/var/lib/docker/zfs/graph/b00ae0867909b6c1ad117e75d6df02c75e33f4d65b843ad0aab57651b1779e8e fstype=zfs Mounting read-only /var/lib/docker/containers/f8626e1450d0e838503d3a25e57b768fcc68dc2e61918bdc123d367845705b2d/mounts/shm 1895 1893 0:136 / /var/lib/docker/containers/f8626e1450d0e838503d3a25e57b768fcc68dc2e61918bdc123d367845705b2d/mounts/shm ro,nosuid,nodev,noexec,relatime master:316 - tmpfs shm rw,size=65536k mountid=1895 fsname=/ dir=/var/lib/docker/containers/f8626e1450d0e838503d3a25e57b768fcc68dc2e61918bdc123d367845705b2d/mounts/shm fstype=tmpfs Mounting read-only /var/log 1896 1889 0:53 / /var/log ro,relatime master:73 - zfs rpool/var/log rw,xattr,posixacl mountid=1896 fsname=/ dir=/var/log fstype=zfs Mounting read-only /var/spool 1897 1890 0:52 / /var/spool ro,relatime master:75 - zfs rpool/var/spool rw,xattr,posixacl mountid=1897 fsname=/ dir=/var/spool fstype=zfs Mounting noexec /var 1910 1909 0:52 / /var/spool ro,relatime master:75 - zfs rpool/var/spool rw,xattr,posixacl mountid=1910 fsname=/ dir=/var/spool fstype=zfs Mounting noexec /var/lib/docker 1915 1914 0:136 / /var/lib/docker/containers/f8626e1450d0e838503d3a25e57b768fcc68dc2e61918bdc123d367845705b2d/mounts/shm ro,nosuid,nodev,noexec,relatime master:316 - tmpfs shm rw,size=65536k mountid=1915 fsname=/ dir=/var/lib/docker/containers/f8626e1450d0e838503d3a25e57b768fcc68dc2e61918bdc123d367845705b2d/mounts/shm fstype=tmpfs Mounting noexec /var/lib/docker/zfs/graph/b00ae0867909b6c1ad117e75d6df02c75e33f4d65b843ad0aab57651b1779e8e 1916 1913 0:135 / /var/lib/docker/zfs/graph/b00ae0867909b6c1ad117e75d6df02c75e33f4d65b843ad0aab57651b1779e8e ro,nosuid,nodev,noexec,relatime master:310 - zfs rpool/var/lib/docker/b00ae0867909b6c1ad117e75d6df02c75e33f4d65b843ad0aab57651b1779e8e rw,xattr,posixacl mountid=1916 fsname=/ dir=/var/lib/docker/zfs/graph/b00ae0867909b6c1ad117e75d6df02c75e33f4d65b843ad0aab57651b1779e8e fstype=zfs Mounting noexec /var/log 1917 1908 0:53 / /var/log ro,nosuid,nodev,noexec,relatime master:73 - zfs rpool/var/log rw,xattr,posixacl mountid=1917 fsname=/ dir=/var/log fstype=zfs Mounting noexec /var/spool 1918 1910 0:52 / /var/spool ro,nosuid,nodev,noexec,relatime master:75 - zfs rpool/var/spool rw,xattr,posixacl mountid=1918 fsname=/ dir=/var/spool fstype=zfs Mounting read-only /usr 1920 1919 0:51 / /usr/local rw,relatime master:71 - zfs rpool/usr/local rw,xattr,posixacl mountid=1920 fsname=/ dir=/usr/local fstype=zfs Mounting read-only /usr/local 1921 1920 0:51 / /usr/local ro,relatime master:71 - zfs rpool/usr/local rw,xattr,posixacl mountid=1921 fsname=/ dir=/usr/local fstype=zfs Mounting tmpfs on /var/lock Mounting tmpfs on /var/tmp Mounting tmpfs on /var/log Mounting tmpfs on /var/lib/dhcp Mounting tmpfs on /var/lib/snmp Mounting tmpfs on /var/lib/sudo Create the new utmp file Mount the new utmp file Cleaning /home directory Cleaning /run/user directory Sanitizing /etc/passwd, UID_MIN 1000 Sanitizing /etc/group, GID_MIN 1000 Disable /home/aidan/.config/firejail Disable /run/firejail/network Disable /run/firejail/bandwidth Disable /run/firejail/name Disable /run/firejail/profile Disable /run/firejail/x11 Mounting tmpfs on /dev mounting /run/firejail/mnt/dev/snd directory mounting /run/firejail/mnt/dev/dri directory mounting /run/firejail/mnt/dev/nvidia0 file mounting /run/firejail/mnt/dev/nvidiactl file mounting /run/firejail/mnt/dev/nvidia-modeset file mounting /run/firejail/mnt/dev/nvidia-uvm file Process /dev/shm directory Generate private-tmp whitelist commands blacklist /run/firejail/dbus Mounting read-only /proc/sys Remounting /sys directory Disable /sys/firmware Disable /sys/hypervisor Disable /sys/power Disable /sys/kernel/debug Disable /sys/kernel/vmcoreinfo Disable /proc/sys/fs/binfmt_misc Disable /proc/sys/kernel/core_pattern Disable /proc/sys/kernel/modprobe Disable /proc/sysrq-trigger Disable /proc/sys/vm/panic_on_oom Disable /proc/irq Disable /proc/bus Disable /proc/sched_debug Disable /proc/timer_list Disable /proc/kcore Disable /proc/kallsyms Disable /usr/lib/modules (requested /lib/modules) Disable /usr/lib/debug Disable /boot Disable /run/user/1000/gnupg Disable /run/user/1000/systemd Disable /proc/kmsg Copying files in the new /etc directory: copying /etc/alternatives to private /etc Creating empty /run/firejail/mnt/etc/alternatives directory sbox run: /run/firejail/lib/fcopy /etc/alternatives /run/firejail/mnt/etc/alternatives copying /etc/asound.conf to private /etc sbox run: /run/firejail/lib/fcopy /etc/asound.conf /run/firejail/mnt/etc copying /etc/ca-certificates to private /etc Creating empty /run/firejail/mnt/etc/ca-certificates directory sbox run: /run/firejail/lib/fcopy /etc/ca-certificates /run/firejail/mnt/etc/ca-certificates copying /etc/dbus-1 to private /etc Creating empty /run/firejail/mnt/etc/dbus-1 directory sbox run: /run/firejail/lib/fcopy /etc/dbus-1 /run/firejail/mnt/etc/dbus-1 copying /etc/fonts to private /etc Creating empty /run/firejail/mnt/etc/fonts directory sbox run: /run/firejail/lib/fcopy /etc/fonts /run/firejail/mnt/etc/fonts copying /etc/group to private /etc sbox run: /run/firejail/lib/fcopy /etc/group /run/firejail/mnt/etc copying /etc/gtk-2.0 to private /etc Creating empty /run/firejail/mnt/etc/gtk-2.0 directory sbox run: /run/firejail/lib/fcopy /etc/gtk-2.0 /run/firejail/mnt/etc/gtk-2.0 copying /etc/gtk-3.0 to private /etc Creating empty /run/firejail/mnt/etc/gtk-3.0 directory sbox run: /run/firejail/lib/fcopy /etc/gtk-3.0 /run/firejail/mnt/etc/gtk-3.0 copying /etc/host.conf to private /etc sbox run: /run/firejail/lib/fcopy /etc/host.conf /run/firejail/mnt/etc copying /etc/hostname to private /etc sbox run: /run/firejail/lib/fcopy /etc/hostname /run/firejail/mnt/etc copying /etc/hosts to private /etc sbox run: /run/firejail/lib/fcopy /etc/hosts /run/firejail/mnt/etc copying /etc/ld.so.cache to private /etc sbox run: /run/firejail/lib/fcopy /etc/ld.so.cache /run/firejail/mnt/etc copying /etc/ld.so.conf to private /etc sbox run: /run/firejail/lib/fcopy /etc/ld.so.conf /run/firejail/mnt/etc copying /etc/ld.so.conf.d to private /etc Creating empty /run/firejail/mnt/etc/ld.so.conf.d directory sbox run: /run/firejail/lib/fcopy /etc/ld.so.conf.d /run/firejail/mnt/etc/ld.so.conf.d copying /etc/ld.so.preload to private /etc sbox run: /run/firejail/lib/fcopy /etc/ld.so.preload /run/firejail/mnt/etc copying /etc/localtime to private /etc sbox run: /run/firejail/lib/fcopy /etc/localtime /run/firejail/mnt/etc copying /etc/machine-id to private /etc sbox run: /run/firejail/lib/fcopy /etc/machine-id /run/firejail/mnt/etc copying /etc/mime.types to private /etc sbox run: /run/firejail/lib/fcopy /etc/mime.types /run/firejail/mnt/etc copying /etc/nvidia to private /etc Creating empty /run/firejail/mnt/etc/nvidia directory sbox run: /run/firejail/lib/fcopy /etc/nvidia /run/firejail/mnt/etc/nvidia copying /etc/os-release to private /etc sbox run: /run/firejail/lib/fcopy /etc/os-release /run/firejail/mnt/etc copying /etc/passwd to private /etc sbox run: /run/firejail/lib/fcopy /etc/passwd /run/firejail/mnt/etc copying /etc/pulse to private /etc Creating empty /run/firejail/mnt/etc/pulse directory sbox run: /run/firejail/lib/fcopy /etc/pulse /run/firejail/mnt/etc/pulse copying /etc/resolv.conf to private /etc sbox run: /run/firejail/lib/fcopy /etc/resolv.conf /run/firejail/mnt/etc copying /etc/services to private /etc sbox run: /run/firejail/lib/fcopy /etc/services /run/firejail/mnt/etc copying /etc/ssl to private /etc Creating empty /run/firejail/mnt/etc/ssl directory sbox run: /run/firejail/lib/fcopy /etc/ssl /run/firejail/mnt/etc/ssl Mount-bind /run/firejail/mnt/etc on top of /etc Cannot find /usr/etc Replaced whitelist path: whitelist /home/aidan/.config/unity3d Replaced whitelist path: whitelist /home/aidan/.killingfloor Replaced whitelist path: whitelist /home/aidan/.local/share/3909/PapersPlease Replaced whitelist path: whitelist /home/aidan/.local/share/aspyr-media Replaced whitelist path: whitelist /home/aidan/.local/share/cdprojektred Replaced whitelist path: whitelist /home/aidan/.local/share/FasterThanLight Replaced whitelist path: whitelist /home/aidan/.local/share/feral-interactive Replaced whitelist path: whitelist /home/aidan/.local/share/IntoTheBreach Replaced whitelist path: whitelist /home/aidan/.local/share/Paradox Interactive Replaced whitelist path: whitelist /home/aidan/.local/share/Steam Replaced whitelist path: whitelist /home/aidan/.local/share/SuperHexagon Replaced whitelist path: whitelist /home/aidan/.local/share/Terraria Replaced whitelist path: whitelist /home/aidan/.local/share/vpltd Replaced whitelist path: whitelist /home/aidan/.local/share/vulkan Replaced whitelist path: whitelist /home/aidan/.mbwarband Replaced whitelist path: whitelist /home/aidan/.paradoxinteractive Replaced whitelist path: whitelist /home/aidan/.steam Removed whitelist/nowhitelist path: whitelist ${HOME}/.steampath expanded: /home/aidan/.steampath real path: (null) Replaced whitelist path: whitelist /home/aidan/.steam/steam.pid Removed whitelist/nowhitelist path: whitelist ${HOME}/.XCompose expanded: /home/aidan/.XCompose real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.asoundrc expanded: /home/aidan/.asoundrc real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/ibus expanded: /home/aidan/.config/ibus real path: (null) Replaced whitelist path: whitelist /home/aidan/.config/mimeapps.list Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/pkcs11 expanded: /home/aidan/.config/pkcs11 real path: (null) Replaced whitelist path: whitelist /home/aidan/.config/user-dirs.dirs Replaced whitelist path: whitelist /home/aidan/.config/user-dirs.locale Removed whitelist/nowhitelist path: whitelist ${HOME}/.drirc expanded: /home/aidan/.drirc real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.icons expanded: /home/aidan/.icons real path: (null) Replaced whitelist path: whitelist /home/aidan/.local/share/applications Replaced whitelist path: whitelist /home/aidan/.local/share/icons Replaced whitelist path: whitelist /home/aidan/.local/share/mime Removed whitelist/nowhitelist path: whitelist ${HOME}/.mime.types expanded: /home/aidan/.mime.types real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.uim.d expanded: /home/aidan/.uim.d real path: (null) Replaced whitelist path: whitelist /home/aidan/.config/dconf Replaced whitelist path: whitelist /home/aidan/.cache/fontconfig Replaced whitelist path: whitelist /home/aidan/.config/fontconfig Removed whitelist/nowhitelist path: whitelist ${HOME}/.fontconfig expanded: /home/aidan/.fontconfig real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts expanded: /home/aidan/.fonts real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf expanded: /home/aidan/.fonts.conf real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf.d expanded: /home/aidan/.fonts.conf.d real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.d expanded: /home/aidan/.fonts.d real path: (null) Replaced whitelist path: whitelist /home/aidan/.local/share/fonts Removed whitelist/nowhitelist path: whitelist ${HOME}/.pangorc expanded: /home/aidan/.pangorc real path: (null) Replaced whitelist path: whitelist /home/aidan/.config/gtk-2.0 Replaced whitelist path: whitelist /home/aidan/.config/gtk-3.0 Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtk-4.0 expanded: /home/aidan/.config/gtk-4.0 real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc expanded: /home/aidan/.config/gtkrc real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc-2.0 expanded: /home/aidan/.config/gtkrc-2.0 real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2 expanded: /home/aidan/.gnome2 real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2-private expanded: /home/aidan/.gnome2-private real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtk-2.0 expanded: /home/aidan/.gtk-2.0 real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtkrc expanded: /home/aidan/.gtkrc real path: (null) Replaced whitelist path: whitelist /home/aidan/src/dot-files/.gtkrc-2.0 Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc expanded: /home/aidan/.kde/share/config/gtkrc real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc-2.0 expanded: /home/aidan/.kde/share/config/gtkrc-2.0 real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc expanded: /home/aidan/.kde4/share/config/gtkrc real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc-2.0 expanded: /home/aidan/.kde4/share/config/gtkrc-2.0 real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/themes expanded: /home/aidan/.local/share/themes real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.themes expanded: /home/aidan/.themes real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.cache/kioexec/krun expanded: /home/aidan/.cache/kioexec/krun real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/Kvantum expanded: /home/aidan/.config/Kvantum real path: (null) Replaced whitelist path: whitelist /home/aidan/.config/Trolltech.conf Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kdeglobals expanded: /home/aidan/.config/kdeglobals real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kio_httprc expanded: /home/aidan/.config/kio_httprc real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kioslaverc expanded: /home/aidan/.config/kioslaverc real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/ksslcablacklist expanded: /home/aidan/.config/ksslcablacklist real path: (null) Replaced whitelist path: whitelist /home/aidan/.config/qt5ct Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kdeglobals expanded: /home/aidan/.kde/share/config/kdeglobals real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kio_httprc expanded: /home/aidan/.kde/share/config/kio_httprc real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kioslaverc expanded: /home/aidan/.kde/share/config/kioslaverc real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/ksslcablacklist expanded: /home/aidan/.kde/share/config/ksslcablacklist real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/oxygenrc expanded: /home/aidan/.kde/share/config/oxygenrc real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/icons expanded: /home/aidan/.kde/share/icons real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kdeglobals expanded: /home/aidan/.kde4/share/config/kdeglobals real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kio_httprc expanded: /home/aidan/.kde4/share/config/kio_httprc real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kioslaverc expanded: /home/aidan/.kde4/share/config/kioslaverc real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/ksslcablacklist expanded: /home/aidan/.kde4/share/config/ksslcablacklist real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/oxygenrc expanded: /home/aidan/.kde4/share/config/oxygenrc real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/icons expanded: /home/aidan/.kde4/share/icons real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/qt5ct expanded: /home/aidan/.local/share/qt5ct real path: (null) Removed whitelist/nowhitelist path: whitelist /var/lib/ca-certificates expanded: /var/lib/ca-certificates real path: (null) Removed whitelist/nowhitelist path: whitelist /var/lib/menu-xdg expanded: /var/lib/menu-xdg real path: (null) Removed whitelist/nowhitelist path: whitelist /var/lib/uim expanded: /var/lib/uim real path: (null) Replaced whitelist path: whitelist /run Replaced whitelist path: whitelist /run/lock Mounting tmpfs on /tmp directory Mounting tmpfs on /var directory Mounting a new /root directory Mounting a new /home directory Create a new user directory Whitelisting /home/aidan/.config/unity3d 2114 2113 0:54 /.config/unity3d /home/aidan/.config/unity3d rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl mountid=2114 fsname=/.config/unity3d dir=/home/aidan/.config/unity3d fstype=zfs Whitelisting /home/aidan/.killingfloor 2115 2113 0:54 /.killingfloor /home/aidan/.killingfloor rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl mountid=2115 fsname=/.killingfloor dir=/home/aidan/.killingfloor fstype=zfs Whitelisting /home/aidan/.local/share/3909/PapersPlease 2116 2113 0:54 /.local/share/3909/PapersPlease /home/aidan/.local/share/3909/PapersPlease rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl mountid=2116 fsname=/.local/share/3909/PapersPlease dir=/home/aidan/.local/share/3909/PapersPlease fstype=zfs Whitelisting /home/aidan/.local/share/aspyr-media 2118 2113 0:54 /.local/share/aspyr-media /home/aidan/.local/share/aspyr-media rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl mountid=2118 fsname=/.local/share/aspyr-media dir=/home/aidan/.local/share/aspyr-media fstype=zfs Whitelisting /home/aidan/.local/share/cdprojektred 2119 2113 0:54 /.local/share/cdprojektred /home/aidan/.local/share/cdprojektred rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl mountid=2119 fsname=/.local/share/cdprojektred dir=/home/aidan/.local/share/cdprojektred fstype=zfs Whitelisting /home/aidan/.local/share/FasterThanLight 2120 2113 0:54 /.local/share/FasterThanLight /home/aidan/.local/share/FasterThanLight rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl mountid=2120 fsname=/.local/share/FasterThanLight dir=/home/aidan/.local/share/FasterThanLight fstype=zfs Whitelisting /home/aidan/.local/share/feral-interactive 2121 2113 0:54 /.local/share/feral-interactive /home/aidan/.local/share/feral-interactive rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl mountid=2121 fsname=/.local/share/feral-interactive dir=/home/aidan/.local/share/feral-interactive fstype=zfs Whitelisting /home/aidan/.local/share/IntoTheBreach 2122 2113 0:54 /.local/share/IntoTheBreach /home/aidan/.local/share/IntoTheBreach rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl mountid=2122 fsname=/.local/share/IntoTheBreach dir=/home/aidan/.local/share/IntoTheBreach fstype=zfs Whitelisting /home/aidan/.local/share/Paradox Interactive 2123 2113 0:54 /.local/share/Paradox\040Interactive /home/aidan/.local/share/Paradox\040Interactive rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl mountid=2123 fsname=/.local/share/Paradox Interactive dir=/home/aidan/.local/share/Paradox Interactive fstype=zfs Whitelisting /home/aidan/.local/share/Steam 2124 2113 0:54 /.local/share/Steam /home/aidan/.local/share/Steam rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl mountid=2124 fsname=/.local/share/Steam dir=/home/aidan/.local/share/Steam fstype=zfs Whitelisting /home/aidan/.local/share/SuperHexagon 2125 2113 0:54 /.local/share/SuperHexagon /home/aidan/.local/share/SuperHexagon rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl mountid=2125 fsname=/.local/share/SuperHexagon dir=/home/aidan/.local/share/SuperHexagon fstype=zfs Whitelisting /home/aidan/.local/share/Terraria 2126 2113 0:54 /.local/share/Terraria /home/aidan/.local/share/Terraria rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl mountid=2126 fsname=/.local/share/Terraria dir=/home/aidan/.local/share/Terraria fstype=zfs Whitelisting /home/aidan/.local/share/vpltd 2127 2113 0:54 /.local/share/vpltd /home/aidan/.local/share/vpltd rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl mountid=2127 fsname=/.local/share/vpltd dir=/home/aidan/.local/share/vpltd fstype=zfs Whitelisting /home/aidan/.local/share/vulkan 2128 2113 0:54 /.local/share/vulkan /home/aidan/.local/share/vulkan rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl mountid=2128 fsname=/.local/share/vulkan dir=/home/aidan/.local/share/vulkan fstype=zfs Whitelisting /home/aidan/.mbwarband 2129 2113 0:54 /.mbwarband /home/aidan/.mbwarband rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl mountid=2129 fsname=/.mbwarband dir=/home/aidan/.mbwarband fstype=zfs Whitelisting /home/aidan/.paradoxinteractive 2130 2113 0:54 /.paradoxinteractive /home/aidan/.paradoxinteractive rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl mountid=2130 fsname=/.paradoxinteractive dir=/home/aidan/.paradoxinteractive fstype=zfs Whitelisting /home/aidan/.steam 2131 2113 0:54 /.steam /home/aidan/.steam rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl mountid=2131 fsname=/.steam dir=/home/aidan/.steam fstype=zfs Whitelisting /home/aidan/.steam/steam.pid Created symbolic link /home/aidan/.steampid -> /home/aidan/.steam/steam.pid Whitelisting /home/aidan/.config/mimeapps.list 2132 2113 0:54 /.config/mimeapps.list /home/aidan/.config/mimeapps.list rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl mountid=2132 fsname=/.config/mimeapps.list dir=/home/aidan/.config/mimeapps.list fstype=zfs Whitelisting /home/aidan/.config/user-dirs.dirs 2133 2113 0:54 /.config/user-dirs.dirs /home/aidan/.config/user-dirs.dirs rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl mountid=2133 fsname=/.config/user-dirs.dirs dir=/home/aidan/.config/user-dirs.dirs fstype=zfs Whitelisting /home/aidan/.config/user-dirs.locale 2134 2113 0:54 /.config/user-dirs.locale /home/aidan/.config/user-dirs.locale rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl mountid=2134 fsname=/.config/user-dirs.locale dir=/home/aidan/.config/user-dirs.locale fstype=zfs Whitelisting /home/aidan/.local/share/applications 2135 2113 0:54 /.local/share/applications /home/aidan/.local/share/applications rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl mountid=2135 fsname=/.local/share/applications dir=/home/aidan/.local/share/applications fstype=zfs Whitelisting /home/aidan/.local/share/icons 2136 2113 0:54 /.local/share/icons /home/aidan/.local/share/icons rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl mountid=2136 fsname=/.local/share/icons dir=/home/aidan/.local/share/icons fstype=zfs Whitelisting /home/aidan/.local/share/mime 2137 2113 0:54 /.local/share/mime /home/aidan/.local/share/mime rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl mountid=2137 fsname=/.local/share/mime dir=/home/aidan/.local/share/mime fstype=zfs Whitelisting /home/aidan/.config/dconf 2138 2113 0:54 /.config/dconf /home/aidan/.config/dconf rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl mountid=2138 fsname=/.config/dconf dir=/home/aidan/.config/dconf fstype=zfs Whitelisting /home/aidan/.cache/fontconfig 2139 2113 0:54 /.cache/fontconfig /home/aidan/.cache/fontconfig rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl mountid=2139 fsname=/.cache/fontconfig dir=/home/aidan/.cache/fontconfig fstype=zfs Whitelisting /home/aidan/.config/fontconfig 2140 2113 0:54 /.config/fontconfig /home/aidan/.config/fontconfig rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl mountid=2140 fsname=/.config/fontconfig dir=/home/aidan/.config/fontconfig fstype=zfs Whitelisting /home/aidan/.local/share/fonts 2141 2113 0:54 /.local/share/fonts /home/aidan/.local/share/fonts rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl mountid=2141 fsname=/.local/share/fonts dir=/home/aidan/.local/share/fonts fstype=zfs Whitelisting /home/aidan/.config/gtk-2.0 2142 2113 0:54 /.config/gtk-2.0 /home/aidan/.config/gtk-2.0 rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl mountid=2142 fsname=/.config/gtk-2.0 dir=/home/aidan/.config/gtk-2.0 fstype=zfs Whitelisting /home/aidan/.config/gtk-3.0 2143 2113 0:54 /.config/gtk-3.0 /home/aidan/.config/gtk-3.0 rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl mountid=2143 fsname=/.config/gtk-3.0 dir=/home/aidan/.config/gtk-3.0 fstype=zfs Whitelisting /home/aidan/src/dot-files/.gtkrc-2.0 2144 2113 0:54 /src/dot-files/.gtkrc-2.0 /home/aidan/src/dot-files/.gtkrc-2.0 rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl mountid=2144 fsname=/src/dot-files/.gtkrc-2.0 dir=/home/aidan/src/dot-files/.gtkrc-2.0 fstype=zfs Created symbolic link /home/aidan/.gtkrc-2.0 -> /home/aidan/src/dot-files/.gtkrc-2.0 Whitelisting /home/aidan/.config/Trolltech.conf 2145 2113 0:54 /.config/Trolltech.conf /home/aidan/.config/Trolltech.conf rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl mountid=2145 fsname=/.config/Trolltech.conf dir=/home/aidan/.config/Trolltech.conf fstype=zfs Whitelisting /home/aidan/.config/qt5ct 2146 2113 0:54 /.config/qt5ct /home/aidan/.config/qt5ct rw,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl mountid=2146 fsname=/.config/qt5ct dir=/home/aidan/.config/qt5ct fstype=zfs Whitelisting /var/lib/dbus 2147 2107 0:24 /var/lib/dbus /var/lib/dbus ro,nosuid,nodev,noexec,relatime master:1 - zfs rpool/ROOT/debian rw,xattr,posixacl mountid=2147 fsname=/var/lib/dbus dir=/var/lib/dbus fstype=zfs Whitelisting /var/cache/fontconfig 2148 2107 0:24 /var/cache/fontconfig /var/cache/fontconfig ro,nosuid,nodev,noexec,relatime master:1 - zfs rpool/ROOT/debian rw,xattr,posixacl mountid=2148 fsname=/var/cache/fontconfig dir=/var/cache/fontconfig fstype=zfs Whitelisting /var/tmp 2149 2107 0:113 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw mountid=2149 fsname=/ dir=/var/tmp fstype=tmpfs Created symbolic link /var/run -> /run Created symbolic link /var/lock -> /run/lock Whitelisting /tmp/.X11-unix 2150 2080 0:43 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev master:27 - tmpfs tmpfs rw mountid=2150 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Whitelisting /tmp/pulse-PKdhtXMmr18n 2151 2080 0:43 /pulse-PKdhtXMmr18n /tmp/pulse-PKdhtXMmr18n rw,nosuid,nodev master:27 - tmpfs tmpfs rw mountid=2151 fsname=/pulse-PKdhtXMmr18n dir=/tmp/pulse-PKdhtXMmr18n fstype=tmpfs Mounting read-only /home/aidan/.Xauthority 2155 2113 0:183 /aidan/.Xauthority /home/aidan/.Xauthority ro,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755 mountid=2155 fsname=/aidan/.Xauthority dir=/home/aidan/.Xauthority fstype=tmpfs Mounting read-only /home/aidan/.config/dconf 2156 2138 0:54 /.config/dconf /home/aidan/.config/dconf ro,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl mountid=2156 fsname=/.config/dconf dir=/home/aidan/.config/dconf fstype=zfs Disable /usr/bin/systemd-run Disable /usr/bin/systemd-run (requested /bin/systemd-run) Disable /run/user/1000/systemd Disable /run/docker.sock (requested /var/run/docker.sock) Disable /run/rpcbind.sock (requested /var/run/rpcbind.sock) Mounting read-only /home/aidan/.local/share/applications 2162 2135 0:54 /.local/share/applications /home/aidan/.local/share/applications ro,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl mountid=2162 fsname=/.local/share/applications dir=/home/aidan/.local/share/applications fstype=zfs Mounting read-only /home/aidan/.config/mimeapps.list 2163 2132 0:54 /.config/mimeapps.list /home/aidan/.config/mimeapps.list ro,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl mountid=2163 fsname=/.config/mimeapps.list dir=/home/aidan/.config/mimeapps.list fstype=zfs Mounting read-only /home/aidan/.config/user-dirs.dirs 2164 2133 0:54 /.config/user-dirs.dirs /home/aidan/.config/user-dirs.dirs ro,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl mountid=2164 fsname=/.config/user-dirs.dirs dir=/home/aidan/.config/user-dirs.dirs fstype=zfs Mounting read-only /home/aidan/.config/user-dirs.locale 2165 2134 0:54 /.config/user-dirs.locale /home/aidan/.config/user-dirs.locale ro,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl mountid=2165 fsname=/.config/user-dirs.locale dir=/home/aidan/.config/user-dirs.locale fstype=zfs Mounting read-only /home/aidan/.local/share/mime 2166 2137 0:54 /.local/share/mime /home/aidan/.local/share/mime ro,relatime master:77 - zfs rpool/home/aidan rw,xattr,posixacl mountid=2166 fsname=/.local/share/mime dir=/home/aidan/.local/share/mime fstype=zfs Not blacklist /sbin Disable /usr/local/sbin Not blacklist /usr/sbin Disable /usr/bin/at Disable /usr/bin/at (requested /bin/at) Disable /usr/bin/busybox Disable /usr/bin/busybox (requested /bin/busybox) Disable /usr/bin/chage Disable /usr/bin/chage (requested /bin/chage) Disable /usr/bin/chfn Disable /usr/bin/chfn (requested /bin/chfn) Disable /usr/bin/chsh Disable /usr/bin/chsh (requested /bin/chsh) Disable /usr/bin/crontab Disable /usr/bin/crontab (requested /bin/crontab) Disable /usr/bin/expiry Disable /usr/bin/expiry (requested /bin/expiry) Disable /usr/bin/fusermount Disable /usr/bin/fusermount (requested /bin/fusermount) Disable /usr/bin/gpasswd Disable /usr/bin/gpasswd (requested /bin/gpasswd) Disable /usr/bin/mount Disable /usr/bin/mount (requested /bin/mount) Disable /usr/bin/nc.openbsd (requested /usr/bin/nc) Disable /usr/bin/nc.openbsd (requested /bin/nc) Disable /usr/bin/newgrp Disable /usr/bin/newgrp (requested /bin/newgrp) Disable /usr/bin/ntfs-3g Disable /usr/bin/ntfs-3g (requested /bin/ntfs-3g) Disable /usr/bin/pkexec Disable /usr/bin/pkexec (requested /bin/pkexec) Disable /usr/bin/newgrp (requested /usr/bin/sg) Disable /usr/bin/newgrp (requested /bin/sg) Disable /usr/bin/strace Disable /usr/bin/strace (requested /bin/strace) Disable /usr/bin/su Disable /usr/bin/su (requested /bin/su) Disable /usr/bin/sudo Disable /usr/bin/sudo (requested /bin/sudo) Disable /usr/bin/umount Disable /usr/bin/umount (requested /bin/umount) Disable /usr/bin/xev Disable /usr/bin/xev (requested /bin/xev) Disable /usr/bin/xinput Disable /usr/bin/xinput (requested /bin/xinput) Disable /usr/bin/xfce4-terminal Disable /usr/bin/xfce4-terminal (requested /bin/xfce4-terminal) Disable /usr/bin/xfce4-terminal.wrapper Disable /usr/bin/xfce4-terminal.wrapper (requested /bin/xfce4-terminal.wrapper) Disable /run/user/1000/app Debug: no access to file /run/user/1000/doc, forcing mount Disable /run/user/1000/doc Disable /run/user/1000/.dbus-proxy Disable /run/user/1000/.flatpak Disable /run/user/1000/.flatpak-helper Disable /usr/share/flatpak Disable /usr/bin/bwrap Disable /usr/bin/bwrap (requested /bin/bwrap) Disable /usr/bin/dig Disable /usr/bin/dig (requested /bin/dig) Disable /usr/bin/nslookup Disable /usr/bin/nslookup (requested /bin/nslookup) Disable /usr/bin/host Disable /usr/bin/host (requested /bin/host) Disable /usr/bin/resolvectl Disable /usr/bin/resolvectl (requested /bin/resolvectl) Disable /usr/lib/llvm-7/bin/clang (requested /usr/bin/clang++) Disable /usr/lib/llvm-7/bin/clang (requested /usr/bin/clang-cpp-7) Disable /usr/lib/llvm-7/bin/clang (requested /usr/bin/clang++-7) Disable /usr/lib/llvm-7/bin/clang (requested /usr/bin/clang) Disable /usr/lib/llvm-7/bin/clang (requested /usr/bin/clang-7) Disable /usr/lib/llvm-7/bin/clang (requested /bin/clang++) Disable /usr/lib/llvm-7/bin/clang (requested /bin/clang-cpp-7) Disable /usr/lib/llvm-7/bin/clang (requested /bin/clang++-7) Disable /usr/lib/llvm-7/bin/clang (requested /bin/clang) Disable /usr/lib/llvm-7/bin/clang (requested /bin/clang-7) Disable /usr/lib/llvm-7/bin/llvm-objcopy (requested /usr/bin/llvm-objcopy-7) Disable /usr/lib/llvm-7/bin/llvm-cat (requested /usr/bin/llvm-cat-7) Disable /usr/lib/llvm-7/bin/llvm-mc (requested /usr/bin/llvm-mc-7) Disable /usr/lib/llvm-7/bin/llvm-opt-report (requested /usr/bin/llvm-opt-report-7) Disable /usr/lib/llvm-7/bin/llvm-exegesis (requested /usr/bin/llvm-exegesis-7) Disable /usr/lib/llvm-7/bin/llvm-bcanalyzer (requested /usr/bin/llvm-bcanalyzer-7) Disable /usr/lib/llvm-7/bin/llvm-link (requested /usr/bin/llvm-link-7) Disable /usr/lib/llvm-7/bin/llvm-cfi-verify (requested /usr/bin/llvm-cfi-verify-7) Disable /usr/lib/llvm-7/bin/llvm-mca (requested /usr/bin/llvm-mca-7) Disable /usr/lib/llvm-7/bin/llvm-size (requested /usr/bin/llvm-size-7) Disable /usr/lib/llvm-7/bin/llvm-modextract (requested /usr/bin/llvm-modextract-7) Disable /usr/lib/llvm-7/bin/llvm-diff (requested /usr/bin/llvm-diff-7) Disable /usr/lib/llvm-7/bin/llvm-dis (requested /usr/bin/llvm-dis-7) Disable /usr/lib/llvm-7/bin/llvm-stress (requested /usr/bin/llvm-stress-7) Disable /usr/lib/llvm-7/bin/llvm-as (requested /usr/bin/llvm-as-7) Disable /usr/lib/llvm-7/bin/llvm-ar (requested /usr/bin/llvm-ar-7) Disable /usr/lib/llvm-7/bin/llvm-xray (requested /usr/bin/llvm-xray-7) Disable /usr/lib/llvm-7/bin/llvm-objdump (requested /usr/bin/llvm-objdump-7) Disable /usr/lib/llvm-7/bin/llvm-readobj (requested /usr/bin/llvm-readobj-7) Disable /usr/lib/llvm-7/bin/llvm-strings (requested /usr/bin/llvm-strings-7) Disable /usr/lib/llvm-7/bin/llvm-mt (requested /usr/bin/llvm-mt-7) Disable /usr/lib/llvm-7/bin/llvm-pdbutil (requested /usr/bin/llvm-pdbutil-7) Disable /usr/lib/llvm-7/bin/llvm-c-test (requested /usr/bin/llvm-c-test-7) Disable /usr/lib/llvm-7/bin/llvm-split (requested /usr/bin/llvm-split-7) Disable /usr/lib/llvm-7/bin/llvm-lto2 (requested /usr/bin/llvm-lto2-7) Disable /usr/lib/llvm-7/bin/llvm-undname (requested /usr/bin/llvm-undname-7) Disable /usr/lib/llvm-7/bin/llvm-rtdyld (requested /usr/bin/llvm-rtdyld-7) Disable /usr/lib/llvm-7/bin/llvm-ar (requested /usr/bin/llvm-dlltool-7) Disable /usr/lib/llvm-7/bin/llvm-lto (requested /usr/bin/llvm-lto-7) Disable /usr/lib/llvm-7/bin/llvm-cxxfilt (requested /usr/bin/llvm-cxxfilt-7) Disable /usr/lib/llvm-7/bin/llvm-cxxdump (requested /usr/bin/llvm-cxxdump-7) Disable /usr/lib/llvm-7/bin/llvm-ar (requested /usr/bin/llvm-ranlib-7) Disable /usr/lib/llvm-7/bin/llvm-readobj (requested /usr/bin/llvm-readelf-7) Disable /usr/lib/llvm-7/bin/llvm-symbolizer (requested /usr/bin/llvm-symbolizer-7) Disable /usr/lib/llvm-7/bin/llvm-profdata (requested /usr/bin/llvm-profdata-7) Disable /usr/lib/llvm-7/bin/llvm-config (requested /usr/bin/llvm-config-7) Disable /usr/lib/llvm-7/bin/llvm-PerfectShuffle (requested /usr/bin/llvm-PerfectShuffle-7) Disable /usr/lib/llvm-7/bin/llvm-cvtres (requested /usr/bin/llvm-cvtres-7) Disable /usr/lib/llvm-7/bin/llvm-objcopy (requested /usr/bin/llvm-strip-7) Disable /usr/lib/llvm-7/bin/llvm-cov (requested /usr/bin/llvm-cov-7) Disable /usr/lib/llvm-7/bin/llvm-dwarfdump (requested /usr/bin/llvm-dwarfdump-7) Disable /usr/lib/llvm-7/bin/llvm-tblgen (requested /usr/bin/llvm-tblgen-7) Disable /usr/lib/llvm-7/bin/llvm-nm (requested /usr/bin/llvm-nm-7) Disable /usr/lib/llvm-7/bin/llvm-rc (requested /usr/bin/llvm-rc-7) Disable /usr/lib/llvm-7/bin/llvm-dwp (requested /usr/bin/llvm-dwp-7) Disable /usr/lib/llvm-7/bin/llvm-extract (requested /usr/bin/llvm-extract-7) Disable /usr/lib/llvm-7/bin/llvm-ar (requested /usr/bin/llvm-lib-7) Disable /usr/lib/llvm-7/bin/llvm-objcopy (requested /bin/llvm-objcopy-7) Disable /usr/lib/llvm-7/bin/llvm-cat (requested /bin/llvm-cat-7) Disable /usr/lib/llvm-7/bin/llvm-mc (requested /bin/llvm-mc-7) Disable /usr/lib/llvm-7/bin/llvm-opt-report (requested /bin/llvm-opt-report-7) Disable /usr/lib/llvm-7/bin/llvm-exegesis (requested /bin/llvm-exegesis-7) Disable /usr/lib/llvm-7/bin/llvm-bcanalyzer (requested /bin/llvm-bcanalyzer-7) Disable /usr/lib/llvm-7/bin/llvm-link (requested /bin/llvm-link-7) Disable /usr/lib/llvm-7/bin/llvm-cfi-verify (requested /bin/llvm-cfi-verify-7) Disable /usr/lib/llvm-7/bin/llvm-mca (requested /bin/llvm-mca-7) Disable /usr/lib/llvm-7/bin/llvm-size (requested /bin/llvm-size-7) Disable /usr/lib/llvm-7/bin/llvm-modextract (requested /bin/llvm-modextract-7) Disable /usr/lib/llvm-7/bin/llvm-diff (requested /bin/llvm-diff-7) Disable /usr/lib/llvm-7/bin/llvm-dis (requested /bin/llvm-dis-7) Disable /usr/lib/llvm-7/bin/llvm-stress (requested /bin/llvm-stress-7) Disable /usr/lib/llvm-7/bin/llvm-as (requested /bin/llvm-as-7) Disable /usr/lib/llvm-7/bin/llvm-ar (requested /bin/llvm-ar-7) Disable /usr/lib/llvm-7/bin/llvm-xray (requested /bin/llvm-xray-7) Disable /usr/lib/llvm-7/bin/llvm-objdump (requested /bin/llvm-objdump-7) Disable /usr/lib/llvm-7/bin/llvm-readobj (requested /bin/llvm-readobj-7) Disable /usr/lib/llvm-7/bin/llvm-strings (requested /bin/llvm-strings-7) Disable /usr/lib/llvm-7/bin/llvm-mt (requested /bin/llvm-mt-7) Disable /usr/lib/llvm-7/bin/llvm-pdbutil (requested /bin/llvm-pdbutil-7) Disable /usr/lib/llvm-7/bin/llvm-c-test (requested /bin/llvm-c-test-7) Disable /usr/lib/llvm-7/bin/llvm-split (requested /bin/llvm-split-7) Disable /usr/lib/llvm-7/bin/llvm-lto2 (requested /bin/llvm-lto2-7) Disable /usr/lib/llvm-7/bin/llvm-undname (requested /bin/llvm-undname-7) Disable /usr/lib/llvm-7/bin/llvm-rtdyld (requested /bin/llvm-rtdyld-7) Disable /usr/lib/llvm-7/bin/llvm-ar (requested /bin/llvm-dlltool-7) Disable /usr/lib/llvm-7/bin/llvm-lto (requested /bin/llvm-lto-7) Disable /usr/lib/llvm-7/bin/llvm-cxxfilt (requested /bin/llvm-cxxfilt-7) Disable /usr/lib/llvm-7/bin/llvm-cxxdump (requested /bin/llvm-cxxdump-7) Disable /usr/lib/llvm-7/bin/llvm-ar (requested /bin/llvm-ranlib-7) Disable /usr/lib/llvm-7/bin/llvm-readobj (requested /bin/llvm-readelf-7) Disable /usr/lib/llvm-7/bin/llvm-symbolizer (requested /bin/llvm-symbolizer-7) Disable /usr/lib/llvm-7/bin/llvm-profdata (requested /bin/llvm-profdata-7) Disable /usr/lib/llvm-7/bin/llvm-config (requested /bin/llvm-config-7) Disable /usr/lib/llvm-7/bin/llvm-PerfectShuffle (requested /bin/llvm-PerfectShuffle-7) Disable /usr/lib/llvm-7/bin/llvm-cvtres (requested /bin/llvm-cvtres-7) Disable /usr/lib/llvm-7/bin/llvm-objcopy (requested /bin/llvm-strip-7) Disable /usr/lib/llvm-7/bin/llvm-cov (requested /bin/llvm-cov-7) Disable /usr/lib/llvm-7/bin/llvm-dwarfdump (requested /bin/llvm-dwarfdump-7) Disable /usr/lib/llvm-7/bin/llvm-tblgen (requested /bin/llvm-tblgen-7) Disable /usr/lib/llvm-7/bin/llvm-nm (requested /bin/llvm-nm-7) Disable /usr/lib/llvm-7/bin/llvm-rc (requested /bin/llvm-rc-7) Disable /usr/lib/llvm-7/bin/llvm-dwp (requested /bin/llvm-dwp-7) Disable /usr/lib/llvm-7/bin/llvm-extract (requested /bin/llvm-extract-7) Disable /usr/lib/llvm-7/bin/llvm-ar (requested /bin/llvm-lib-7) Disable /usr/bin/x86_64-linux-gnu-as (requested /usr/bin/as) Disable /usr/bin/x86_64-linux-gnu-as (requested /bin/as) Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /usr/bin/cc) Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /bin/cc) Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /usr/bin/c++) Disable /usr/bin/x86_64-linux-gnu-c++filt (requested /usr/bin/c++filt) Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /bin/c++) Disable /usr/bin/x86_64-linux-gnu-c++filt (requested /bin/c++filt) Disable /usr/bin/c89-gcc (requested /usr/bin/c89) Disable /usr/bin/c89-gcc Disable /usr/bin/c89-gcc (requested /bin/c89) Disable /usr/bin/c89-gcc (requested /bin/c89-gcc) Disable /usr/bin/c99-gcc (requested /usr/bin/c99) Disable /usr/bin/c99-gcc Disable /usr/bin/c99-gcc (requested /bin/c99) Disable /usr/bin/c99-gcc (requested /bin/c99-gcc) Disable /usr/bin/x86_64-linux-gnu-cpp-8 (requested /usr/bin/cpp-8) Disable /usr/bin/x86_64-linux-gnu-cpp-8 (requested /usr/bin/cpp) Disable /usr/bin/x86_64-linux-gnu-cpp-8 (requested /bin/cpp-8) Disable /usr/bin/x86_64-linux-gnu-cpp-8 (requested /bin/cpp) Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /usr/bin/g++-8) Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /usr/bin/g++) Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /bin/g++-8) Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /bin/g++) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 (requested /usr/bin/gcc-ar-8) Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /usr/bin/gcc-8) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 (requested /usr/bin/gcc-ar) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 (requested /usr/bin/gcc-ranlib-8) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 (requested /usr/bin/gcc-nm-8) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 (requested /usr/bin/gcc-ranlib) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 (requested /usr/bin/gcc-nm) Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /usr/bin/gcc) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 (requested /bin/gcc-ar-8) Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /bin/gcc-8) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 (requested /bin/gcc-ar) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 (requested /bin/gcc-ranlib-8) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 (requested /bin/gcc-nm-8) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 (requested /bin/gcc-ranlib) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 (requested /bin/gcc-nm) Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /bin/gcc) Disable /usr/bin/gdb Disable /usr/bin/gdb (requested /bin/gdb) Disable /usr/bin/x86_64-linux-gnu-ld.bfd (requested /usr/bin/ld) Disable /usr/bin/x86_64-linux-gnu-ld.bfd (requested /bin/ld) Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /usr/bin/x86_64-linux-gnu-gcc) Disable /usr/bin/x86_64-linux-gnu-gcc-8 Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 (requested /usr/bin/x86_64-linux-gnu-gcc-nm) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 (requested /usr/bin/x86_64-linux-gnu-gcc-ranlib) Disable /usr/bin/c99-gcc Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 Disable /usr/bin/c89-gcc Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 (requested /usr/bin/x86_64-linux-gnu-gcc-ar) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /bin/x86_64-linux-gnu-gcc) Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /bin/x86_64-linux-gnu-gcc-8) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 (requested /bin/x86_64-linux-gnu-gcc-ar-8) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 (requested /bin/x86_64-linux-gnu-gcc-nm) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 (requested /bin/x86_64-linux-gnu-gcc-ranlib) Disable /usr/bin/c99-gcc (requested /bin/c99-gcc) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 (requested /bin/x86_64-linux-gnu-gcc-ranlib-8) Disable /usr/bin/c89-gcc (requested /bin/c89-gcc) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 (requested /bin/x86_64-linux-gnu-gcc-ar) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 (requested /bin/x86_64-linux-gnu-gcc-nm-8) Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /usr/bin/x86_64-linux-gnu-g++) Disable /usr/bin/x86_64-linux-gnu-g++-8 Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /bin/x86_64-linux-gnu-g++) Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /bin/x86_64-linux-gnu-g++-8) Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /usr/bin/x86_64-linux-gnu-gcc) Disable /usr/bin/x86_64-linux-gnu-gcc-8 Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 (requested /usr/bin/x86_64-linux-gnu-gcc-nm) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 (requested /usr/bin/x86_64-linux-gnu-gcc-ranlib) Disable /usr/bin/c99-gcc Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 Disable /usr/bin/c89-gcc Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 (requested /usr/bin/x86_64-linux-gnu-gcc-ar) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /bin/x86_64-linux-gnu-gcc) Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /bin/x86_64-linux-gnu-gcc-8) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 (requested /bin/x86_64-linux-gnu-gcc-ar-8) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 (requested /bin/x86_64-linux-gnu-gcc-nm) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 (requested /bin/x86_64-linux-gnu-gcc-ranlib) Disable /usr/bin/c99-gcc (requested /bin/c99-gcc) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 (requested /bin/x86_64-linux-gnu-gcc-ranlib-8) Disable /usr/bin/c89-gcc (requested /bin/c89-gcc) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 (requested /bin/x86_64-linux-gnu-gcc-ar) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 (requested /bin/x86_64-linux-gnu-gcc-nm-8) Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /usr/bin/x86_64-linux-gnu-g++) Disable /usr/bin/x86_64-linux-gnu-g++-8 Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /bin/x86_64-linux-gnu-g++) Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /bin/x86_64-linux-gnu-g++-8) Not blacklist /home/aidan/bin/java Not blacklist /home/aidan/.opam/system/bin/java Not blacklist /home/aidan/.rbenv/shims/java Not blacklist /home/aidan/.npm-global/bin/java Not blacklist /home/aidan/.rbenv/bin/java Not blacklist /usr/local/bin/java Not blacklist /usr/bin/java Not blacklist /bin/java Not blacklist /usr/local/games/java Not blacklist /usr/games/java Not blacklist /etc/java Not blacklist /usr/lib/java Not blacklist /usr/share/java Disable /usr/bin/openssl Disable /usr/bin/openssl (requested /bin/openssl) Disable /usr/bin/valgrind Disable /usr/bin/valgrind-listener Disable /usr/bin/valgrind.bin Disable /usr/bin/valgrind-di-server Disable /usr/bin/valgrind (requested /bin/valgrind) Disable /usr/bin/valgrind-listener (requested /bin/valgrind-listener) Disable /usr/bin/valgrind.bin (requested /bin/valgrind.bin) Disable /usr/bin/valgrind-di-server (requested /bin/valgrind-di-server) Disable /usr/lib/valgrind Disable /usr/src Disable /usr/local/src Disable /usr/include Disable /usr/local/include Disable /usr/bin/luajittex Disable /usr/bin/luatex Disable /usr/bin/luajit Disable /usr/bin/luatex53 Disable /usr/bin/luatex (requested /usr/bin/lualatex) Disable /usr/bin/luajittex (requested /bin/luajittex) Disable /usr/bin/luatex (requested /bin/luatex) Disable /usr/bin/luajit (requested /bin/luajit) Disable /usr/bin/luatex53 (requested /bin/luatex53) Disable /usr/bin/luatex (requested /bin/lualatex) Disable /usr/share/luajit-2.1.0-beta3 Disable /usr/share/lua Disable /usr/bin/node Disable /usr/bin/node (requested /bin/node) Disable /usr/bin/cpan5.28-i386-linux-gnu Disable /usr/bin/cpan5.28-x86_64-linux-gnu Disable /usr/bin/cpan Disable /usr/bin/cpan5.28-i386-linux-gnu (requested /bin/cpan5.28-i386-linux-gnu) Disable /usr/bin/cpan5.28-x86_64-linux-gnu (requested /bin/cpan5.28-x86_64-linux-gnu) Disable /usr/bin/cpan (requested /bin/cpan) Disable /usr/bin/perl Disable /usr/bin/perl (requested /bin/perl) Disable /usr/share/perl-openssl-defaults Disable /usr/share/perl5 Disable /usr/share/perl Disable /usr/bin/ruby2.5 (requested /usr/bin/ruby) Disable /usr/bin/ruby2.5 (requested /bin/ruby) Disable /usr/lib/ruby Not blacklist /home/aidan/bin/python2* Not blacklist /home/aidan/.opam/system/bin/python2* Not blacklist /home/aidan/.rbenv/shims/python2* Not blacklist /home/aidan/.npm-global/bin/python2* Not blacklist /home/aidan/.rbenv/bin/python2* Not blacklist /usr/local/bin/python2* Not blacklist /usr/bin/python2-futurize Not blacklist /usr/bin/python2-pasteurize Not blacklist /usr/bin/python2-config Not blacklist /usr/bin/python2.7-config Not blacklist /usr/bin/python2 Not blacklist /usr/bin/python2.7 Not blacklist /bin/python2-futurize Not blacklist /bin/python2-pasteurize Not blacklist /bin/python2-config Not blacklist /bin/python2.7-config Not blacklist /bin/python2 Not blacklist /bin/python2.7 Not blacklist /usr/local/games/python2* Not blacklist /usr/games/python2* Not blacklist /usr/include/python2* Not blacklist /usr/lib/python2.6 Not blacklist /usr/lib/python2.7 Not blacklist /usr/local/lib/python2.7 Not blacklist /usr/share/python2* Not blacklist /home/aidan/bin/python3* Not blacklist /home/aidan/.opam/system/bin/python3* Not blacklist /home/aidan/.rbenv/shims/python3* Not blacklist /home/aidan/.npm-global/bin/python3* Not blacklist /home/aidan/.rbenv/bin/python3* Not blacklist /usr/local/bin/python3* Not blacklist /usr/bin/python3-unidiff Not blacklist /usr/bin/python3-tor-prompt Not blacklist /usr/bin/python3.7m Not blacklist /usr/bin/python3m-config Not blacklist /usr/bin/python3m Not blacklist /usr/bin/python3 Not blacklist /usr/bin/python3-config Not blacklist /usr/bin/python3.7m-config Not blacklist /usr/bin/python3-wsdump Not blacklist /usr/bin/python3.7 Not blacklist /usr/bin/python3.7-config Not blacklist /bin/python3-unidiff Not blacklist /bin/python3-tor-prompt Not blacklist /bin/python3.7m Not blacklist /bin/python3m-config Not blacklist /bin/python3m Not blacklist /bin/python3 Not blacklist /bin/python3-config Not blacklist /bin/python3.7m-config Not blacklist /bin/python3-wsdump Not blacklist /bin/python3.7 Not blacklist /bin/python3.7-config Not blacklist /usr/local/games/python3* Not blacklist /usr/games/python3* Not blacklist /usr/include/python3* Not blacklist /usr/lib/python3 Not blacklist /usr/lib/python3.7 Not blacklist /usr/lib64/python3* Not blacklist /usr/local/lib/python3.7 Not blacklist /usr/share/python3 Not blacklist /home/aidan/.java Not blacklist /home/aidan/.killingfloor Not blacklist /home/aidan/.local/share/3909/PapersPlease Not blacklist /home/aidan/.local/share/Steam Not blacklist /home/aidan/.local/share/SuperHexagon Not blacklist /home/aidan/.local/share/Terraria N line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 04 00 c000003e jeq ARCH_64 0006 (false 0002) 0002: 20 00 00 00000000 ld data.syscall-number 0003: 15 01 00 00000167 jeq unknown 0005 (false 0004) 0004: 06 00 00 7fff0000 ret ALLOW 0005: 05 00 00 00000006 jmp 000c 0006: 20 00 00 00000004 ld data.architecture 0007: 15 01 00 c000003e jeq ARCH_64 0009 (false 0008) 0008: 06 00 00 7fff0000 ret ALLOW 0009: 20 00 00 00000000 ld data.syscall-number 000a: 15 01 00 00000029 jeq socket 000c (false 000b) 000b: 06 00 00 7fff0000 ret ALLOW 000c: 20 00 00 00000010 ld data.args[0] 000d: 15 00 01 00000001 jeq 1 000e (false 000f) 000e: 06 00 00 7fff0000 ret ALLOW 000f: 15 00 01 00000002 jeq 2 0010 (false 0011) 0010: 06 00 00 7fff0000 ret ALLOW 0011: 15 00 01 0000000a jeq a 0012 (false 0013) 0012: 06 00 00 7fff0000 ret ALLOW 0013: 15 00 01 00000010 jeq 10 0014 (false 0015) 0014: 06 00 00 7fff0000 ret ALLOW 0015: 06 00 00 0005005f ret ERRNO(95) line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 40000003 jeq ARCH_32 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 15 00 01 00000015 jeq 15 0005 (false 0006) 0005: 06 00 00 00000001 ret KILL 0006: 15 00 01 00000034 jeq 34 0007 (false 0008) 0007: 06 00 00 00000001 ret KILL 0008: 15 00 01 0000001a jeq 1a 0009 (false 000a) 0009: 06 00 00 00000001 ret KILL 000a: 15 00 01 0000011b jeq 11b 000b (false 000c) 000b: 06 00 00 00000001 ret KILL 000c: 15 00 01 00000155 jeq 155 000d (false 000e) 000d: 06 00 00 00000001 ret KILL 000e: 15 00 01 00000156 jeq 156 000f (false 0010) 000f: 06 00 00 00000001 ret KILL 0010: 15 00 01 0000007f jeq 7f 0011 (false 0012) 0011: 06 00 00 00000001 ret KILL 0012: 15 00 01 00000080 jeq 80 0013 (false 0014) 0013: 06 00 00 00000001 ret KILL 0014: 15 00 01 0000015e jeq 15e 0015 (false 0016) 0015: 06 00 00 00000001 ret KILL 0016: 15 00 01 00000081 jeq 81 0017 (false 0018) 0017: 06 00 00 00000001 ret KILL 0018: 15 00 01 0000006e jeq 6e 0019 (false 001a) 0019: 06 00 00 00000001 ret KILL 001a: 15 00 01 00000065 jeq 65 001b (false 001c) 001b: 06 00 00 00000001 ret KILL 001c: 15 00 01 00000121 jeq 121 001d (false 001e) 001d: 06 00 00 00000001 ret KILL 001e: 15 00 01 00000057 jeq 57 001f (false 0020) 001f: 06 00 00 00000001 ret KILL 0020: 15 00 01 00000073 jeq 73 0021 (false 0022) 0021: 06 00 00 00000001 ret KILL 0022: 15 00 01 00000067 jeq 67 0023 (false 0024) 0023: 06 00 00 00000001 ret KILL 0024: 15 00 01 0000015b jeq 15b 0025 (false 0026) 0025: 06 00 00 00000001 ret KILL 0026: 15 00 01 0000015c jeq 15c 0027 (false 0028) 0027: 06 00 00 00000001 ret KILL 0028: 15 00 01 00000087 jeq 87 0029 (false 002a) 0029: 06 00 00 00000001 ret KILL 002a: 15 00 01 00000095 jeq 95 002b (false 002c) 002b: 06 00 00 00000001 ret KILL 002c: 15 00 01 0000007c jeq 7c 002d (false 002e) 002d: 06 00 00 00000001 ret KILL 002e: 15 00 01 00000157 jeq 157 002f (false 0030) 002f: 06 00 00 00000001 ret KILL 0030: 15 00 01 000000fd jeq fd 0031 (false 0032) 0031: 06 00 00 00000001 ret KILL 0032: 15 00 01 00000150 jeq 150 0033 (false 0034) 0033: 06 00 00 00000001 ret KILL 0034: 15 00 01 00000152 jeq 152 0035 (false 0036) 0035: 06 00 00 00000001 ret KILL 0036: 15 00 01 0000015d jeq 15d 0037 (false 0038) 0037: 06 00 00 00000001 ret KILL 0038: 15 00 01 0000011e jeq 11e 0039 (false 003a) 0039: 06 00 00 00000001 ret KILL 003a: 15 00 01 0000011f jeq 11f 003b (false 003c) 003b: 06 00 00 00000001 ret KILL 003c: 15 00 01 00000120 jeq 120 003d (false 003e) 003d: 06 00 00 00000001 ret KILL 003e: 15 00 01 00000056 jeq 56 003f (false 0040) 003f: 06 00 00 00000001 ret KILL 0040: 15 00 01 00000033 jeq 33 0041 (false 0042) 0041: 06 00 00 00000001 ret KILL 0042: 15 00 01 0000007b jeq 7b 0043 (false 0044) 0043: 06 00 00 00000001 ret KILL 0044: 15 00 01 000000d9 jeq d9 0045 (false 0046) 0045: 06 00 00 00000001 ret KILL 0046: 15 00 01 000000f5 jeq f5 0047 (false 0048) 0047: 06 00 00 00000001 ret KILL 0048: 15 00 01 000000f6 jeq f6 0049 (false 004a) 0049: 06 00 00 00000001 ret KILL 004a: 15 00 01 000000f7 jeq f7 004b (false 004c) 004b: 06 00 00 00000001 ret KILL 004c: 15 00 01 000000f8 jeq f8 004d (false 004e) 004d: 06 00 00 00000001 ret KILL 004e: 15 00 01 000000f9 jeq f9 004f (false 0050) 004f: 06 00 00 00000001 ret KILL 0050: 15 00 01 00000101 jeq 101 0051 (false 0052) 0051: 06 00 00 00000001 ret KILL 0052: 15 00 01 00000112 jeq 112 0053 (false 0054) 0053: 06 00 00 00000001 ret KILL 0054: 15 00 01 00000114 jeq 114 0055 (false 0056) 0055: 06 00 00 00000001 ret KILL 0056: 15 00 01 00000126 jeq 126 0057 (false 0058) 0057: 06 00 00 00000001 ret KILL 0058: 15 00 01 0000013d jeq 13d 0059 (false 005a) 0059: 06 00 00 00000001 ret KILL 005a: 15 00 01 0000013c jeq 13c 005b (false 005c) 005b: 06 00 00 00000001 ret KILL 005c: 15 00 01 0000003d jeq 3d 005d (false 005e) 005d: 06 00 00 00000001 ret KILL 005e: 15 00 01 00000058 jeq 58 005f (false 0060) 005f: 06 00 00 00000001 ret KILL 0060: 15 00 01 000000a9 jeq a9 0061 (false 0062) 0061: 06 00 00 00000001 ret KILL 0062: 15 00 01 00000082 jeq 82 0063 (false 0064) 0063: 06 00 00 00000001 ret KILL 0064: 06 00 00 7fff0000 ret ALLOW Seccomp list in: !ptrace, check list: @default-keep, prelist: unknown, line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005) 0005: 35 01 00 00000000 jge read 0007 (false 0006) 0006: 06 00 00 00050001 ret ERRNO(1) 0007: 15 00 01 00000065 jeq ptrace 0008 (false 0009) 0008: 06 00 00 7fff0000 ret ALLOW 0009: 15 00 01 0000009f jeq adjtimex 000a (false 000b) 000a: 06 00 00 00050001 ret ERRNO(1) 000b: 15 00 01 00000131 jeq clock_adjtime 000c (false 000d) 000c: 06 00 00 00050001 ret ERRNO(1) 000d: 15 00 01 000000e3 jeq clock_settime 000e (false 000f) 000e: 06 00 00 00050001 ret ERRNO(1) 000f: 15 00 01 000000a4 jeq settimeofday 0010 (false 0011) 0010: 06 00 00 00050001 ret ERRNO(1) 0011: 15 00 01 0000009a jeq modify_ldt 0012 (false 0013) 0012: 06 00 00 00050001 ret ERRNO(1) 0013: 15 00 01 000000d4 jeq lookup_dcookie 0014 (false 0015) 0014: 06 00 00 00050001 ret ERRNO(1) 0015: 15 00 01 0000012a jeq perf_event_open 0016 (false 0017) 0016: 06 00 00 00050001 ret ERRNO(1) 0017: 15 00 01 00000137 jeq process_vm_writev 0018 (false 0019) 0018: 06 00 00 00050001 ret ERRNO(1) 0019: 15 00 01 000000b0 jeq delete_module 001a (false 001b) 001a: 06 00 00 00050001 ret ERRNO(1) 001b: 15 00 01 00000139 jeq finit_module 001c (false 001d) 001c: 06 00 00 00050001 ret ERRNO(1) 001d: 15 00 01 000000af jeq init_module 001e (false 001f) 001e: 06 00 00 00050001 ret ERRNO(1) 001f: 15 00 01 000000a1 jeq chroot 0020 (false 0021) 0020: 06 00 00 00050001 ret ERRNO(1) 0021: 15 00 01 000000a5 jeq mount 0022 (false 0023) 0022: 06 00 00 00050001 ret ERRNO(1) 0023: 15 00 01 0000009b jeq pivot_root 0024 (false 0025) 0024: 06 00 00 00050001 ret ERRNO(1) 0025: 15 00 01 000000a6 jeq umount2 0026 (false 0027) 0026: 06 00 00 00050001 ret ERRNO(1) 0027: 15 00 01 0000009c jeq _sysctl 0028 (false 0029) 0028: 06 00 00 00050001 ret ERRNO(1) 0029: 15 00 01 000000b7 jeq afs_syscall 002a (false 002b) 002a: 06 00 00 00050001 ret ERRNO(1) 002b: 15 00 01 000000ae jeq create_module 002c (false 002d) 002c: 06 00 00 00050001 ret ERRNO(1) 002d: 15 00 01 000000b1 jeq get_kernel_syms 002e (false 002f) 002e: 06 00 00 00050001 ret ERRNO(1) 002f: 15 00 01 000000b5 jeq getpmsg 0030 (false 0031) 0030: 06 00 00 00050001 ret ERRNO(1) 0031: 15 00 01 000000b6 jeq putpmsg 0032 (false 0033) 0032: 06 00 00 00050001 ret ERRNO(1) 0033: 15 00 01 000000b2 jeq query_module 0034 (false 0035) 0034: 06 00 00 00050001 ret ERRNO(1) 0035: 15 00 01 000000b9 jeq security 0036 (false 0037) 0036: 06 00 00 00050001 ret ERRNO(1) 0037: 15 00 01 0000008b jeq sysfs 0038 (false 0039) 0038: 06 00 00 00050001 ret ERRNO(1) 0039: 15 00 01 000000b8 jeq tuxcall 003a (false 003b) 003a: 06 00 00 00050001 ret ERRNO(1) 003b: 15 00 01 00000086 jeq uselib 003c (false 003d) 003c: 06 00 00 00050001 ret ERRNO(1) 003d: 15 00 01 00000088 jeq ustat 003e (false 003f) 003e: 06 00 00 00050001 ret ERRNO(1) 003f: 15 00 01 000000ec jeq vserver 0040 (false 0041) 0040: 06 00 00 00050001 ret ERRNO(1) 0041: 15 00 01 000000ad jeq ioperm 0042 (false 0043) 0042: 06 00 00 00050001 ret ERRNO(1) 0043: 15 00 01 000000ac jeq iopl 0044 (false 0045) 0044: 06 00 00 00050001 ret ERRNO(1) 0045: 15 00 01 000000f6 jeq kexec_load 0046 (false 0047) 0046: 06 00 00 00050001 ret ERRNO(1) 0047: 15 00 01 00000140 jeq kexec_file_load 0048 (false 0049) 0048: 06 00 00 00050001 ret ERRNO(1) 0049: 15 00 01 000000a9 jeq reboot 004a (false 004b) 004a: 06 00 00 00050001 ret ERRNO(1) 004b: 15 00 01 000000a7 jeq swapon 004c (false 004d) 004c: 06 00 00 00050001 ret ERRNO(1) 004d: 15 00 01 000000a8 jeq swapoff 004e (false 004f) 004e: 06 00 00 00050001 ret ERRNO(1) 004f: 15 00 01 00000130 jeq open_by_handle_at 0050 (false 0051) 0050: 06 00 00 00050001 ret ERRNO(1) 0051: 15 00 01 0000012f jeq name_to_handle_at 0052 (false 0053) 0052: 06 00 00 00050001 ret ERRNO(1) 0053: 15 00 01 000000fb jeq ioprio_set 0054 (false 0055) 0054: 06 00 00 00050001 ret ERRNO(1) 0055: 15 00 01 00000067 jeq syslog 0056 (false 0057) 0056: 06 00 00 00050001 ret ERRNO(1) 0057: 15 00 01 0000012c jeq fanotify_init 0058 (false 0059) 0058: 06 00 00 00050001 ret ERRNO(1) 0059: 15 00 01 00000138 jeq kcmp 005a (false 005b) 005a: 06 00 00 00050001 ret ERRNO(1) 005b: 15 00 01 000000f8 jeq add_key 005c (false 005d) 005c: 06 00 00 00050001 ret ERRNO(1) 005d: 15 00 01 000000f9 jeq request_key 005e (false 005f) 005e: 06 00 00 00050001 ret ERRNO(1) 005f: 15 00 01 000000ed jeq mbind 0060 (false 0061) 0060: 06 00 00 00050001 ret ERRNO(1) 0061: 15 00 01 00000100 jeq migrate_pages 0062 (false 0063) 0062: 06 00 00 00050001 ret ERRNO(1) 0063: 15 00 01 00000117 jeq move_pages 0064 (false 0065) 0064: 06 00 00 00050001 ret ERRNO(1) 0065: 15 00 01 000000fa jeq keyctl 0066 (false 0067) 0066: 06 00 00 00050001 ret ERRNO(1) 0067: 15 00 01 000000ce jeq io_setup 0068 (false 0069) 0068: 06 00 00 00050001 ret ERRNO(1) 0069: 15 00 01 000000cf jeq io_destroy 006a (false 006b) 006a: 06 00 00 00050001 ret ERRNO(1) 006b: 15 00 01 000000d0 jeq io_getevents 006c (false 006d) 006c: 06 00 00 00050001 ret ERRNO(1) 006d: 15 00 01 000000d1 jeq io_submit 006e (false 006f) 006e: 06 00 00 00050001 ret ERRNO(1) 006f: 15 00 01 000000d2 jeq io_cancel 0070 (false 0071) 0070: 06 00 00 00050001 ret ERRNO(1) 0071: 15 00 01 000000d8 jeq remap_file_pages 0072 (false 0073) 0072: 06 00 00 00050001 ret ERRNO(1) 0073: 15 00 01 00000143 jeq userfaultfd 0074 (false 0075) 0074: 06 00 00 00050001 ret ERRNO(1) 0075: 15 00 01 000000a3 jeq acct 0076 (false 0077) 0076: 06 00 00 00050001 ret ERRNO(1) 0077: 15 00 01 00000141 jeq bpf 0078 (false 0079) 0078: 06 00 00 00050001 ret ERRNO(1) 0079: 15 00 01 000000b4 jeq nfsservctl 007a (false 007b) 007a: 06 00 00 00050001 ret ERRNO(1) 007b: 15 00 01 000000ab jeq setdomainname 007c (false 007d) 007c: 06 00 00 00050001 ret ERRNO(1) 007d: 15 00 01 000000aa jeq sethostname 007e (false 007f) 007e: 06 00 00 00050001 ret ERRNO(1) 007f: 15 00 01 00000099 jeq vhangup 0080 (false 0081) 0080: 06 00 00 00050001 ret ERRNO(1) 0081: 15 00 01 00000065 jeq ptrace 0082 (false 0083) 0082: 06 00 00 00050001 ret ERRNO(1) 0083: 15 00 01 00000087 jeq personality 0084 (false 0085) 0084: 06 00 00 00050001 ret ERRNO(1) 0085: 15 00 01 00000136 jeq process_vm_readv 0086 (false 0087) 0086: 06 00 00 00050001 ret ERRNO(1) 0087: 06 00 00 7fff0000 ret ALLOW ot blacklist /home/aidan/.local/share/aspyr-media Not blacklist /home/aidan/.local/share/cdprojektred Not blacklist /home/aidan/.local/share/FasterThanLight Not blacklist /home/aidan/.local/share/feral-interactive Not blacklist /home/aidan/.local/share/IntoTheBreach Not blacklist /home/aidan/.local/share/Paradox Interactive Not blacklist /home/aidan/.local/share/vpltd Not blacklist /home/aidan/.local/share/vulkan Not blacklist /home/aidan/.mbwarband Not blacklist /home/aidan/.paradoxinteractive Not blacklist /home/aidan/.steam Not blacklist /home/aidan/.steampath Not blacklist /home/aidan/.steampid Mounting read-only /tmp/.X11-unix 3719 2150 0:43 /.X11-unix /tmp/.X11-unix ro,nosuid,nodev master:27 - tmpfs tmpfs rw mountid=3719 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Disable /sys/fs Disable /sys/module Mounting noexec /run/firejail/mnt/pulse 3722 1880 0:110 /pulse /run/firejail/mnt/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755 mountid=3722 fsname=/pulse dir=/run/firejail/mnt/pulse fstype=tmpfs Creating empty /home/aidan/.config/pulse directory Mounting /run/firejail/mnt/pulse on /home/aidan/.config/pulse 3723 2113 0:110 /pulse /home/aidan/.config/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755 mountid=3723 fsname=/pulse dir=/home/aidan/.config/pulse fstype=tmpfs Current directory: /home/aidan Install protocol filter: unix,inet,inet6,netlink configuring 22 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol configuring 101 seccomp entries in /run/firejail/mnt/seccomp/seccomp.32 sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.32 Dual 32/64 bit seccomp filter configured Build default+drop seccomp filter sbox run: /run/firejail/lib/fseccomp default drop /run/firejail/mnt/seccomp/seccomp /run/firejail/mnt/seccomp/seccomp.postexec !ptrace sbox run: /run/firejail/lib/fsec-optimize /run/firejail/mnt/seccomp/seccomp configuring 136 seccomp entries in /run/firejail/mnt/seccomp/seccomp sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp seccomp filter configured Mounting read-only /run/firejail/mnt/seccomp 3725 1880 0:110 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755 mountid=3725 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs Seccomp directory: ls /run/firejail/mnt/seccomp drwxr-xr-x root root 160 . drwxr-xr-x root root 380 .. -rw-r--r-- aidan aidan 1088 seccomp -rw-r--r-- aidan aidan 808 seccomp.32 -rw-r--r-- aidan aidan 114 seccomp.list -rw-r--r-- aidan aidan 0 seccomp.postexec -rw-r--r-- aidan aidan 0 seccomp.postexec32 -rw-r--r-- aidan aidan 176 seccomp.protocol Active seccomp files: cat /run/firejail/mnt/seccomp/seccomp.list /run/firejail/mnt/seccomp/seccomp.protocol /run/firejail/mnt/seccomp/seccomp.32 /run/firejail/mnt/seccomp/seccomp Dropping all capabilities noroot user namespace installed Dropping all capabilities NO_NEW_PRIVS set Drop privileges: pid 1, uid 1000, gid 1000, nogroups 0 starting application LD_PRELOAD=(null) execvp argument 0: steam Running Steam on debian 10 64-bit STEAM_RUNTIME is enabled automatically Pins up-to-date! Steam client's requirements are satisfied /home/aidan/.steam/debian-installation/ubuntu12_32/steam -nominidumps -nobreakpad STEAM_RUNTIME_HEAVY: ./steam-runtime-heavy Using OPTIONS="-cafile /etc/ssl/certs/ca-certificates.crt" WARNING: setlocale('en_US.UTF-8') failed, using locale: 'C'. International characters may not work. [2020-12-31 19:32:45] Startup - updater built Dec 20 2020 23:07:02 [2020-12-31 19:32:45] Loading cached metrics from disk (/home/aidan/.steam/debian-installation/package/steam_client_metrics.bin) [2020-12-31 19:32:45] Using the following download hosts for Public, Realm steamglobal [2020-12-31 19:32:45] 1. https://steamcdn-a.akamaihd.net, /client/, Realm 'steamglobal', weight was 100, source = 'update_hosts_cached.vdf' [2020-12-31 19:32:45] Verifying installation... [2020-12-31 19:32:45] Verification complete [2020-12-31 19:33:37] Shutdown ``` </details>

gitea-mirror closed this issue

2026-05-05 09:06:01 -06:00

gitea-mirror commented

2026-05-05 09:06:03 -06:00

Author

Owner

@rusty-snake commented on GitHub (Dec 31, 2020):

$ firejail --noprofile steam: the game runs, but the audio is just scratchy noise.
$ firejail --noprofile /usr/games/steam: the game runs without issue.

What does which -a steam show?

@rusty-snake commented on GitHub (Dec 31, 2020): >$ firejail --noprofile steam: the game runs, but the audio is just scratchy noise. >$ firejail --noprofile /usr/games/steam: the game runs without issue. What does `which -a steam` show?

gitea-mirror commented

2026-05-05 09:06:03 -06:00

Author

Owner

@aidalgol commented on GitHub (Dec 31, 2020):

$ firejail --noprofile steam: the game runs, but the audio is just scratchy noise.
$ firejail --noprofile /usr/games/steam: the game runs without issue.

What does which -a steam show?

$ which -a steam 
/usr/games/steam

@aidalgol commented on GitHub (Dec 31, 2020): > > $ firejail --noprofile steam: the game runs, but the audio is just scratchy noise. > > $ firejail --noprofile /usr/games/steam: the game runs without issue. > > What does `which -a steam` show? ``` $ which -a steam /usr/games/steam ```

gitea-mirror commented

2026-05-05 09:06:04 -06:00

Author

Owner

@rusty-snake commented on GitHub (Dec 31, 2020):

Is the differences between firejail --noprofile steam and firejail --noprofile /usr/games/steam reproducible?

@rusty-snake commented on GitHub (Dec 31, 2020): Is the differences between `firejail --noprofile steam` and `firejail --noprofile /usr/games/steam` reproducible?

gitea-mirror commented

2026-05-05 09:06:07 -06:00

Author

Owner

@aidalgol commented on GitHub (Dec 31, 2020):

It does not appear to be, as I just tried again and both had broken audio.

@aidalgol commented on GitHub (Dec 31, 2020): It does not appear to be, as I just tried again and both had broken audio.

gitea-mirror commented

2026-05-05 09:06:08 -06:00

Author

Owner

@rusty-snake commented on GitHub (Dec 31, 2020):

Ok, then we have two issues. We had already an other issues with noise/artefacts/... with firejail+steam, but I can nit find it. And the one that something in steam.profile breaks this game. If there is no error in the terminal/syslog, you need to comment steam.profile and then uncomment it line for line.

@rusty-snake commented on GitHub (Dec 31, 2020): Ok, then we have two issues. We had already an other issues with noise/artefacts/... with firejail+steam, but I can nit find it. And the one that something in steam.profile breaks this game. If there is no error in the terminal/syslog, you need to comment steam.profile and then uncomment it line for line.

gitea-mirror commented

2026-05-05 09:06:09 -06:00

Author

Owner

@aidalgol commented on GitHub (Jan 1, 2021):

I have narrowed the breakage of this game down to the private-etc line. I then ran steam under strace (with the -f flag to trace child processes) to see what under /etc/ was being accessed that wasn't already allowed in steam.profile, then added those filenames to the list after private-etc and reran steam under firejail, but the game still failed to get past the splash screen.

Is there a mechanism in firejail to see what is being denied? I don't see anything helpful in the firejail debug output.

@aidalgol commented on GitHub (Jan 1, 2021): I have narrowed the breakage of this game down to the `private-etc` line. I then ran steam under strace (with the `-f` flag to trace child processes) to see what under `/etc/` was being accessed that wasn't already allowed in `steam.profile`, then added those filenames to the list after `private-etc` and reran steam under firejail, but the game still failed to get past the splash screen. Is there a mechanism in firejail to see what is being denied? I don't see anything helpful in the firejail debug output.

gitea-mirror commented

2026-05-05 09:06:10 -06:00

Author

Owner

@rusty-snake commented on GitHub (Jan 1, 2021):

Is there a mechanism in firejail to see what is being denied?

tracelog. however here it doesn't help as private-etc does not "deny" (blacklisting), is does "not allow" (whitelisting).

I then ran steam under strace (with the -f flag to trace child processes) to see what under /etc/ was being accessed that wasn't already allowed in steam.profile

Easier: firejail --build steam | grep private-etc

Was any of those new files also in one of our private-etc groups? Maybe the splash crashes w/o X11?

a83e36dde3/etc/templates/profile.template (L174-L184)

the game still failed to get past the splash screen.

a83e36dde3/etc/profile-m-z/steam.profile (L114)

@rusty-snake commented on GitHub (Jan 1, 2021): > Is there a mechanism in firejail to see what is being denied? `tracelog`. however here it doesn't help as `private-etc` does not "deny" (blacklisting), is does "not allow" (whitelisting). > I then ran steam under strace (with the -f flag to trace child processes) to see what under /etc/ was being accessed that wasn't already allowed in steam.profile Easier: `firejail --build steam | grep private-etc` Was any of those new files also in one of our private-etc groups? Maybe the splash crashes w/o `X11`? https://github.com/netblue30/firejail/blob/a83e36dde31e7a84fe8aa7c181dfbcfb0a15122e/etc/templates/profile.template#L174-L184 > the game still failed to get past the splash screen. https://github.com/netblue30/firejail/blob/a83e36dde31e7a84fe8aa7c181dfbcfb0a15122e/etc/profile-m-z/steam.profile#L114

gitea-mirror commented

2026-05-05 09:06:10 -06:00

Author

Owner

@aidalgol commented on GitHub (Jan 3, 2021):

Easier: firejail --build steam | grep private-etc

Thanks, I didn't know about that option. Sadly, firejail --build seems to break the Steam's embedded Chromium, since it starts with the main frame all black, even if I run steam with the -no-cef-sandbox option, so I instead tried launching the game directly without going through the GUI by firejail --build steam, but I didn't get much in the terminal output.

$ firejail --build steam steam://rungameid/331670 
Running Steam on debian 10 64-bit
STEAM_RUNTIME is enabled automatically
Pins up-to-date!
Steam client's requirements are satisfied
/home/aidan/.steam/debian-installation/ubuntu12_32/steam -nominidumps -nobreakpad steam://rungameid/331670
WARNING: setlocale('en_US.UTF-8') failed, using locale: 'C'. International characters may not work.
[2021-01-03 16:54:50] Startup - updater built Dec 20 2020 23:07:02
[2021-01-03 16:54:51] Loading cached metrics from disk (/home/aidan/.steam/debian-installation/package/steam_client_metrics.bin)
[2021-01-03 16:54:51] Using the following download hosts for Public, Realm steamglobal
[2021-01-03 16:54:51] 1. https://steamcdn-a.akamaihd.net, /client/, Realm 'steamglobal', weight was 100, source = 'update_hosts_cached.vdf'
[2021-01-03 16:54:51] Verifying installation...
[2021-01-03 16:54:51] Verification complete
STEAM_RUNTIME_HEAVY: ./steam-runtime-heavy
Using OPTIONS="-cafile /etc/ssl/certs/ca-certificates.crt"
ERROR: ld.so: object '/home/aidan/.steam/debian-installation/ubuntu12_32/gameoverlayrenderer.so' from LD_PRELOAD cannot be preloaded (wrong ELF class: ELFCLASS32): ignored. Loaded 154 button mapping from the joystick database. Setting breakpad minidump AppID = 331670 Steam_SetMinidumpSteamID: Caching Steam ID: 76561198045182877 [API loaded no] ERROR: ld.so: object '/home/aidan/.steam/debian-installation/ubuntu12_32/gameoverlayrenderer.so' from LD_PRELOAD cannot be preloaded (wrong ELF class: ELFCLASS32): ignored. ERROR: ld.so: object '/home/aidan/.steam/debian-installation/ubuntu12_32/gameoverlayrenderer.so' from LD_PRELOAD cannot be preloaded (wrong ELF class: ELFCLASS32): ignored. Received stats and achievements from Steam

Was any of those new files also in one of our private-etc groups? Maybe the splash crashes w/o X11?

a83e36dde3/etc/templates/profile.template (L174-L184)

Only nsswitch.conf and gai.conf. The full list of filenames I added to the private-etc line are

selinux
utmp
xdg
vulkan
ld.so.nohwcap
timezone
TZ
nsswitch.conf
systemd
udev
gnutls
gai.conf

the game still failed to get past the splash screen.

a83e36dde3/etc/profile-m-z/steam.profile (L114)

Disabling private-etc has been my workaround (via the --ignore=private-etc CLI option), but I still thought I should raise this issue in the hopes of improving the firejail steam profile to allow whatever is necessary to get these games working while still being about as restrictive.

@aidalgol commented on GitHub (Jan 3, 2021): > Easier: `firejail --build steam | grep private-etc` Thanks, I didn't know about that option. Sadly, `firejail --build` seems to break the Steam's embedded Chromium, since it starts with the main frame all black, even if I run steam with the `-no-cef-sandbox` option, so I instead tried launching the game directly without going through the GUI by `firejail --build steam`, but I didn't get much in the terminal output. ``` $ firejail --build steam steam://rungameid/331670 Running Steam on debian 10 64-bit STEAM_RUNTIME is enabled automatically Pins up-to-date! Steam client's requirements are satisfied /home/aidan/.steam/debian-installation/ubuntu12_32/steam -nominidumps -nobreakpad steam://rungameid/331670 WARNING: setlocale('en_US.UTF-8') failed, using locale: 'C'. International characters may not work. [2021-01-03 16:54:50] Startup - updater built Dec 20 2020 23:07:02 [2021-01-03 16:54:51] Loading cached metrics from disk (/home/aidan/.steam/debian-installation/package/steam_client_metrics.bin) [2021-01-03 16:54:51] Using the following download hosts for Public, Realm steamglobal [2021-01-03 16:54:51] 1. https://steamcdn-a.akamaihd.net, /client/, Realm 'steamglobal', weight was 100, source = 'update_hosts_cached.vdf' [2021-01-03 16:54:51] Verifying installation... [2021-01-03 16:54:51] Verification complete STEAM_RUNTIME_HEAVY: ./steam-runtime-heavy Using OPTIONS="-cafile /etc/ssl/certs/ca-certificates.crt" ERROR: ld.so: object '/home/aidan/.steam/debian-installation/ubuntu12_32/gameoverlayrenderer.so' from LD_PRELOAD cannot be preloaded (wrong ELF class: ELFCLASS32): ignored. Loaded 154 button mapping from the joystick database. Setting breakpad minidump AppID = 331670 Steam_SetMinidumpSteamID: Caching Steam ID: 76561198045182877 [API loaded no] ERROR: ld.so: object '/home/aidan/.steam/debian-installation/ubuntu12_32/gameoverlayrenderer.so' from LD_PRELOAD cannot be preloaded (wrong ELF class: ELFCLASS32): ignored. ERROR: ld.so: object '/home/aidan/.steam/debian-installation/ubuntu12_32/gameoverlayrenderer.so' from LD_PRELOAD cannot be preloaded (wrong ELF class: ELFCLASS32): ignored. Received stats and achievements from Steam ``` > Was any of those new files also in one of our private-etc groups? Maybe the splash crashes w/o `X11`? > > https://github.com/netblue30/firejail/blob/a83e36dde31e7a84fe8aa7c181dfbcfb0a15122e/etc/templates/profile.template#L174-L184 Only `nsswitch.conf` and `gai.conf`. The full list of filenames I added to the `private-etc` line are - selinux - utmp - xdg - vulkan - ld.so.nohwcap - timezone - TZ - nsswitch.conf - systemd - udev - gnutls - gai.conf > > the game still failed to get past the splash screen. > > https://github.com/netblue30/firejail/blob/a83e36dde31e7a84fe8aa7c181dfbcfb0a15122e/etc/profile-m-z/steam.profile#L114 Disabling `private-etc` has been my workaround (via the `--ignore=private-etc` CLI option), but I still thought I should raise this issue in the hopes of improving the firejail steam profile to allow whatever is necessary to get these games working while still being about as restrictive.

gitea-mirror commented

2026-05-05 09:06:11 -06:00

Author

Owner

@rusty-snake commented on GitHub (Jan 3, 2021):

… Sadly, firejail --build seems to break the Steam's embedded Chromium, …

👍. --build uses --trace but chromium and firefox hate it.

but I didn't get much in the terminal output.

Only nsswitch.conf and gai.conf. The full list of filenames I added to the private-etc line are

Both not really help-full, you could try to use (a) the private-etc line in steam.profile with (b) your findings and (c) all our templates.

in the hopes of improving the firejail steam profile to allow whatever is necessary to get these games working while still being about as restrictive.

If you want, you can use a private-etc with all files in /etc. Use unalias ls && ls /etc | tr '\n' ',' to get such a list. You will first get some really nothing saying error messages from firejail on files like sudoers, remove all such files until steam starts. Now the game either still don't work, then this game is complete incompatible with private-etc. Or the game works fine, then you can start to remove files from private-etc until you find the minimal working one.

@rusty-snake commented on GitHub (Jan 3, 2021): > … Sadly, firejail --build seems to break the Steam's embedded Chromium, … :+1:. `--build` uses `--trace` but chromium and firefox hate it. > but I didn't get much in the terminal output. > Only nsswitch.conf and gai.conf. The full list of filenames I added to the private-etc line are Both not really help-full, you could try to use (a) the private-etc line in steam.profile with (b) your findings and (c) all our templates. > in the hopes of improving the firejail steam profile to allow whatever is necessary to get these games working while still being about as restrictive. If you want, you can use a `private-etc` with all files in `/etc`. Use `unalias ls && ls /etc | tr '\n' ','` to get such a list. You will first get some really nothing saying error messages from firejail on files like sudoers, remove all such files until steam starts. Now the game either still don't work, then this game is complete incompatible with `private-etc`. Or the game works fine, then you can start to remove files from `private-etc` until you find the minimal working one.

gitea-mirror commented

2026-05-05 09:06:11 -06:00

Author

Owner

@aidalgol commented on GitHub (Jan 10, 2021):

I finally got around to running the game with a private-etc line containing every file under /etc on my system, and I still get the same issue, so this game is just incompatible with private-etc.

@aidalgol commented on GitHub (Jan 10, 2021): I finally got around to running the game with a `private-etc` line containing every file under `/etc` on my system, and I still get the same issue, so this game is just incompatible with `private-etc`.

gitea-mirror referenced this issue

2026-05-05 10:17:35 -06:00

[PR #2426] [MERGED] Add font-manager profile #4303

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2426

No description provided.

Rows
Columns