github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #3858] Unable to start Firefox v84.0.1 on Debian 10 (Buster) #2430

New issue
Closed
opened 2026-05-05 09:06:12 -06:00 by gitea-mirror · 14 comments
gitea-mirror commented 2026-05-05 09:06:12 -06:00
Owner
Copy link

Originally created by @x10an14 on GitHub (Dec 31, 2020).
Original GitHub issue: https://github.com/netblue30/firejail/issues/3858

Bug and expected behavior

[2020-12-31 13:19:52] 0 x10an14@x10-desktop:~
-> $ firejail firefox 
Reading profile /etc/firejail/firefox.profile
Reading profile /etc/firejail/firefox-common.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Warning: networking feature is disabled in Firejail configuration file
Parent pid 7979, child pid 7980
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Post-exec seccomp protector enabled
Seccomp list in: @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice, check list: @default-keep, prelist: adjtimex,clock_adjtime,clock_settime,settimeofday,modify_ldt,lookup_dcookie,perf_event_open,process_vm_writev,delete_module,finit_module,init_module,_sysctl,afs_syscall,create_module,get_kernel_syms,getpmsg,putpmsg,query_module,security,sysfs,tuxcall,uselib,ustat,vserver,ioperm,iopl,kexec_load,kexec_file_load,reboot,set_mempolicy,migrate_pages,move_pages,mbind,swapon,swapoff,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount2,userfaultfd,vhangup,vmsplice,
Child process initialized in 188.29 ms
Error: no suitable firefox executable found

Parent is shutting down, bye...
[2020-12-31 13:20:17] 1 x10an14@x10-desktop:~
-> $

What did you expect to happen?

Firefox to start

No profile and disabling firejail

  • What changed calling firejail --noprofile /path/to/program in a terminal?

    • firefox could start:

      [2020-12-31 13:21:33] 0 x10an14@x10-desktop:~
-> $ firejail --noprofile firefox 
Parent pid 8275, child pid 8276
Child process initialized in 33.72 ms
# Firefox window opened up

    • What changed calling the program by path (check which <program> or firejail --list while the sandbox is running)?

      [2020-12-31 13:21:33] 0 x10an14@x10-desktop:~
-> $ firejail --noprofile firefox 
Parent pid 8275, child pid 8276
Child process initialized in 33.72 ms

###!!! [Parent][RunMessage] Error: Channel closing: too late to send/recv, messages will be lost


###!!! [Parent][RunMessage] Error: Channel closing: too late to send/recv, messages will be lost


###!!! [Parent][RunMessage] Error: Channel closing: too late to send/recv, messages will be lost


###!!! [Parent][RunMessage] Error: Channel closing: too late to send/recv, messages will be lost

^C
Parent received signal 2, shutting down the child process...

Child received signal 2, shutting down the sandbox...

Parent is shutting down, bye...
[2020-12-31 13:32:35] 2 x10an14@x10-desktop:~
-> $ firejail --noprofile /opt/firefox/firefox 
Parent pid 11373, child pid 11374
Child process initialized in 32.13 ms
# Firefox window opened up

Reproduce

Steps to reproduce the behavior:

firejail firefox or firejail /opt/firefox/firefox

Environment

  • Linux distribution and version (ie output of lsb_release -a, screenfetch or cat /etc/os-release)

    [2020-12-31 13:24:21] 0 x10an14@x10-desktop:~
-> $ which firefox 
/usr/bin/firefox
[2020-12-31 13:24:26] 0 x10an14@x10-desktop:~
-> $ firejail --list
8275:x10an14::firejail --noprofile firefox 
[2020-12-31 13:24:33] 0 x10an14@x10-desktop:~
-> $ ps auxZ | grep '[f]irefox'
pts/0 S+ 13:21 0:00 firejail --noprofile firefox
unconfined x10an14 8276 0.0 0.0 3976 1928 pts/0 S+ 13:21 0:00 firejail --noprofile firefox
unconfined x10an14 8278 19.7 3.4 4369328 1136980 pts/0 Sl+ 13:21 0:50 firefox
unconfined x10an14 8410 1.8 0.8 2982748 290616 pts/0 Sl+ 13:21 0:04 /mnt/2tbRAID10/opt/firefox-v80.0.1/firefox-bin -contentproc -childID 1 -isForBrowser -prefsLen 1 -prefMapSize 242168 -parentBuildID 20201221152838 -appdir /mnt/2tbRAID10/opt/firefox-v80.0.1/browser 2 true tab
unconfined x10an14 8462 3.8 1.0 2834452 336024 pts/0 Sl+ 13:21 0:09 /mnt/2tbRAID10/opt/firefox-v80.0.1/firefox-bin -contentproc -childID 2 -isForBrowser -prefsLen 244 -prefMapSize 242168 -parentBuildID 20201221152838 -appdir /mnt/2tbRAID10/opt/firefox-v80.0.1/browser 2 true tab
unconfined x10an14 8514 1.3 0.8 2740232 289176 pts/0 Sl+ 13:21 0:03 /mnt/2tbRAID10/opt/firefox-v80.0.1/firefox-bin -contentproc -childID 3 -isForBrowser -prefsLen 907 -prefMapSize 242168 -parentBuildID 20201221152838 -appdir /mnt/2tbRAID10/opt/firefox-v80.0.1/browser 2 true tab
unconfined x10an14 8533 0.3 0.4 2482472 133472 pts/0 Sl+ 13:21 0:00 /mnt/2tbRAID10/opt/firefox-v80.0.1/firefox-bin -contentproc -childID 4 -isForBrowser -prefsLen 907 -prefMapSize 242168 -parentBuildID 20201221152838 -appdir /mnt/2tbRAID10/opt/firefox-v80.0.1/browser 2 true tab
unconfined x10an14 8558 13.5 2.3 10071028 766364 pts/0 Sl+ 13:21 0:34 /mnt/2tbRAID10/opt/firefox-v80.0.1/firefox-bin -contentproc -childID 5 -isForBrowser -prefsLen 907 -prefMapSize 242168 -parentBuildID 20201221152838 -appdir /mnt/2tbRAID10/opt/firefox-v80.0.1/browser 2 true tab
unconfined x10an14 8583 4.2 1.0 2800312 344880 pts/0 Sl+ 13:21 0:10 /mnt/2tbRAID10/opt/firefox-v80.0.1/firefox-bin -contentproc -childID 6 -isForBrowser -prefsLen 907 -prefMapSize 242168 -parentBuildID 20201221152838 -appdir /mnt/2tbRAID10/opt/firefox-v80.0.1/browser 2 true tab
unconfined x10an14 8603 1.3 0.6 2757624 218212 pts/0 Sl+ 13:21 0:03 /mnt/2tbRAID10/opt/firefox-v80.0.1/firefox-bin -contentproc -childID 7 -isForBrowser -prefsLen 907 -prefMapSize 242168 -parentBuildID 20201221152838 -appdir /mnt/2tbRAID10/opt/firefox-v80.0.1/browser 2 true tab
unconfined x10an14 8628 1.6 0.6 2713612 222428 pts/0 Sl+ 13:21 0:04 /mnt/2tbRAID10/opt/firefox-v80.0.1/firefox-bin -contentproc -childID 8 -isForBrowser -prefsLen 907 -prefMapSize 242168 -parentBuildID 20201221152838 -appdir /mnt/2tbRAID10/opt/firefox-v80.0.1/browser 2 true tab
unconfined x10an14 8653 2.5 0.8 2738180 273304 pts/0 Sl+ 13:21 0:06 /mnt/2tbRAID10/opt/firefox-v80.0.1/firefox-bin -contentproc -childID 9 -isForBrowser -prefsLen 907 -prefMapSize 242168 -parentBuildID 20201221152838 -appdir /mnt/2tbRAID10/opt/firefox-v80.0.1/browser 2 true tab
unconfined x10an14 8967 0.4 0.5 2639376 193180 pts/0 Sl+ 13:21 0:01 /mnt/2tbRAID10/opt/firefox-v80.0.1/firefox-bin -contentproc -childID 10 -isForBrowser -prefsLen 7465 -prefMapSize 242168 -parentBuildID 20201221152838 -appdir /mnt/2tbRAID10/opt/firefox-v80.0.1/browser 2 true tab
[2020-12-31 13:25:53] 0 x10an14@x10-desktop:~
-> $ ls -Flasch $(which firefox)
0 lrwxrwxrwx 1 root root 20 Dec 31 12:54 /usr/bin/firefox -> /opt/firefox/firefox*
[2020-12-31 13:26:04] 0 x10an14@x10-desktop:~
-> $ screenfetch 
         _,met$$$$$gg.           x10an14@x10-desktop
      ,g$$$$$$$$$$$$$$$P.        OS: Debian 10 buster
    ,g$$P""       """Y$$.".      Kernel: x86_64 Linux 4.19.0-13-amd64
   ,$$P'              `$$$.      Uptime: 3h 31m
  ',$$P       ,ggs.     `$$b:    Packages: 3898
  `d$$'     ,$P"'   .    $$$     Shell: bash 5.0.3
   $$P      d$'     ,    $$P     Resolution: 6560x2560
   $$:      $$.   -    ,d$$'     WM: i3
   $$\;      Y$b._   _,d$P'      CPU: AMD Ryzen 5 2600 Six-Core @ 12x 3.749GHz [36.0°C]
   Y$$.    `.`"Y$$$$P"'          GPU: GeForce GTX 1080
   `$$b      "-.__               RAM: 4635MiB / 32161MiB
    `Y$$                        
     `Y$$.                      
       `$$b.                    
         `Y$$b.                 
            `"Y$b._             
                `""""           

[2020-12-31 13:34:32] 0 x10an14@x10-desktop:~
-> $

  • Firejail version (output of firejail --version) exclusive or used git commit (git rev-parse HEAD)

    [2020-12-31 13:26:04] 0 x10an14@x10-desktop:~
-> $ firejail --version
firejail version 0.9.58.2

Compile time support:
    - AppArmor support is enabled
    - AppImage support is enabled
    - chroot support is enabled
    - file and directory whitelisting support is enabled
    - file transfer support is enabled
    - networking support is enabled
    - overlayfs support is enabled
    - private-home support is enabled
    - seccomp-bpf support is enabled
    - user namespace support is enabled
    - X11 sandboxing support is enabled

[2020-12-31 13:28:06] 0 x10an14@x10-desktop:~
-> $

Additional context

Other context about the problem like related errors to understand the problem.

Checklist

  • The upstream profile (and redirect profile if exists) have no changes fixing it.
  • The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
  • A short search for duplicates was performed.
  • If it is a AppImage, --profile=PROFILENAME is used to set the right profile.
  • Used LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 PROGRAM to get english error-messages.
  • I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.
debug output 
[2020-12-31 13:34:32] 0 x10an14@x10-desktop:~
-> $ firejail --debug firefox 
Autoselecting /bin/bash as shell
Building quoted command line: 'firefox' 
Command name #firefox#
Found firefox.profile profile in /etc/firejail directory
Reading profile /etc/firejail/firefox.profile
Found firefox-common.profile profile in /etc/firejail directory
Reading profile /etc/firejail/firefox-common.profile
Found disable-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-common.inc
Found disable-devel.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-devel.inc
Found disable-interpreters.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-interpreters.inc
Found disable-programs.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-programs.inc
Found whitelist-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-common.inc
Found whitelist-var-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-var-common.inc
Warning: networking feature is disabled in Firejail configuration file
conditional BROWSER_DISABLE_U2F, nou2f
DISPLAY=:0 parsed as 0
Using the local network stack
Parent pid 12868, child pid 12869
Initializing child process
Host network configured
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp directory
Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file
IBUS_ADDRESS=unix:abstract=/tmp/dbus-xgD4t6tj,guid=bb16cef9fa1c97e51f67c76f5fed9413
IBUS_DAEMON_PID=2104
Build protocol filter: unix,inet,inet6,netlink
sbox run: /run/firejail/lib/fseccomp protocol build unix,inet,inet6,netlink /run/firejail/mnt/seccomp/seccomp.protocol (null) 
Dropping all capabilities
Drop privileges: pid 2, uid 1000, gid 1000, nogroups 1
No supplementary groups
Basic read-only filesystem:
Mounting read-only /etc
Mounting noexec /etc
Mounting read-only /var
Mounting noexec /var
Mounting read-only /bin
Mounting read-only /sbin
Mounting read-only /lib
Mounting read-only /lib64
Mounting read-only /lib32
Mounting read-only /libx32
Mounting read-only /usr
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Mounting tmpfs on /var/lib/dhcp
Mounting tmpfs on /var/lib/snmp
Mounting tmpfs on /var/lib/sudo
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Cleaning /run/user directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/x11
Mounting tmpfs on /dev
mounting /run/firejail/mnt/dev/snd directory
mounting /run/firejail/mnt/dev/dri directory
mounting /run/firejail/mnt/dev/nvidia0 file
mounting /run/firejail/mnt/dev/nvidiactl file
mounting /run/firejail/mnt/dev/nvidia-modeset file
Process /dev/shm directory
blacklist /run/user/1000/bus
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Remounting /proc and /proc/sys filesystems
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/sched_debug
Disable /proc/timer_list
Disable /proc/kcore
Disable /proc/kallsyms
Disable /usr/lib/modules (requested /lib/modules)
Disable /usr/lib/debug
Disable /boot
Disable /run/user/1000/gnupg
Disable /run/user/1000/systemd
Disable /proc/kmsg
Debug 398: new_name #/home/x10an14/.cache/mozilla/firefox#, whitelist
Debug 504: fname #/home/x10an14/.cache/mozilla/firefox#, cfg.homedir #/home/x10an14#
Replaced whitelist path: whitelist /home/x10an14/.cache/mozilla/firefox
Debug 398: new_name #/home/x10an14/.mozilla#, whitelist
Debug 504: fname #/home/x10an14/.mozilla#, cfg.homedir #/home/x10an14#
Replaced whitelist path: whitelist /home/x10an14/.mozilla
Directory ${DOWNLOADS} resolved as Downloads
Debug 398: new_name #/home/x10an14/Downloads#, whitelist
Debug 504: fname #/home/x10an14/Downloads#, cfg.homedir #/home/x10an14#
Replaced whitelist path: whitelist /home/x10an14/Downloads
Debug 398: new_name #/home/x10an14/.pki#, whitelist
Debug 504: fname #/home/x10an14/.pki#, cfg.homedir #/home/x10an14#
Replaced whitelist path: whitelist /home/x10an14/.pki
Debug 398: new_name #/home/x10an14/.local/share/pki#, whitelist
Debug 504: fname #/home/x10an14/.local/share/pki#, cfg.homedir #/home/x10an14#
Replaced whitelist path: whitelist /home/x10an14/.local/share/pki
Debug 398: new_name #/home/x10an14/.XCompose#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.XCompose
	expanded: /home/x10an14/.XCompose
	real path: (null)
	realpath: No such file or directory
Debug 398: new_name #/home/x10an14/.asoundrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.asoundrc
	expanded: /home/x10an14/.asoundrc
	real path: (null)
	realpath: No such file or directory
Debug 398: new_name #/home/x10an14/.config/ibus#, whitelist
Debug 504: fname #/home/x10an14/.config/ibus#, cfg.homedir #/home/x10an14#
Replaced whitelist path: whitelist /home/x10an14/.config/ibus
Debug 398: new_name #/home/x10an14/.config/mimeapps.list#, whitelist
Debug 504: fname #/home/x10an14/.config/mimeapps.list#, cfg.homedir #/home/x10an14#
Replaced whitelist path: whitelist /home/x10an14/.config/mimeapps.list
Debug 398: new_name #/home/x10an14/.config/pkcs11#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/pkcs11
	expanded: /home/x10an14/.config/pkcs11
	real path: (null)
	realpath: No such file or directory
Debug 398: new_name #/home/x10an14/.config/user-dirs.dirs#, whitelist
Debug 504: fname #/home/x10an14/.config/user-dirs.dirs#, cfg.homedir #/home/x10an14#
Replaced whitelist path: whitelist /home/x10an14/.config/user-dirs.dirs
Debug 398: new_name #/home/x10an14/.drirc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.drirc
	expanded: /home/x10an14/.drirc
	real path: (null)
	realpath: No such file or directory
Debug 398: new_name #/home/x10an14/.icons#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.icons
	expanded: /home/x10an14/.icons
	real path: (null)
	realpath: No such file or directory
Debug 398: new_name #/home/x10an14/.local/share/applications#, whitelist
Debug 504: fname #/home/x10an14/.local/share/applications#, cfg.homedir #/home/x10an14#
Replaced whitelist path: whitelist /home/x10an14/.local/share/applications
Debug 398: new_name #/home/x10an14/.local/share/icons#, whitelist
Debug 504: fname #/home/x10an14/.local/share/icons#, cfg.homedir #/home/x10an14#
Replaced whitelist path: whitelist /home/x10an14/.local/share/icons
Debug 398: new_name #/home/x10an14/.local/share/mime#, whitelist
Debug 504: fname #/home/x10an14/.local/share/mime#, cfg.homedir #/home/x10an14#
Replaced whitelist path: whitelist /home/x10an14/.local/share/mime
Debug 398: new_name #/home/x10an14/.mime.types#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.mime.types
	expanded: /home/x10an14/.mime.types
	real path: (null)
	realpath: No such file or directory
Debug 398: new_name #/home/x10an14/.config/dconf#, whitelist
Debug 504: fname #/home/x10an14/.config/dconf#, cfg.homedir #/home/x10an14#
Replaced whitelist path: whitelist /home/x10an14/.config/dconf
Debug 398: new_name #/home/x10an14/.cache/fontconfig#, whitelist
Debug 504: fname #/home/x10an14/.cache/fontconfig#, cfg.homedir #/home/x10an14#
Replaced whitelist path: whitelist /home/x10an14/.cache/fontconfig
Debug 398: new_name #/home/x10an14/.config/fontconfig#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/fontconfig
	expanded: /home/x10an14/.config/fontconfig
	real path: (null)
	realpath: No such file or directory
Debug 398: new_name #/home/x10an14/.fontconfig#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fontconfig
	expanded: /home/x10an14/.fontconfig
	real path: (null)
	realpath: No such file or directory
Debug 398: new_name #/home/x10an14/.fonts#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts
	expanded: /home/x10an14/.fonts
	real path: (null)
	realpath: No such file or directory
Debug 398: new_name #/home/x10an14/.fonts.conf#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf
	expanded: /home/x10an14/.fonts.conf
	real path: (null)
	realpath: No such file or directory
Debug 398: new_name #/home/x10an14/.fonts.conf.d#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf.d
	expanded: /home/x10an14/.fonts.conf.d
	real path: (null)
	realpath: No such file or directory
Debug 398: new_name #/home/x10an14/.fonts.d#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.d
	expanded: /home/x10an14/.fonts.d
	real path: (null)
	realpath: No such file or directory
Debug 398: new_name #/home/x10an14/.local/share/fonts#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/fonts
	expanded: /home/x10an14/.local/share/fonts
	real path: (null)
	realpath: No such file or directory
Debug 398: new_name #/home/x10an14/.pangorc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.pangorc
	expanded: /home/x10an14/.pangorc
	real path: (null)
	realpath: No such file or directory
Debug 398: new_name #/home/x10an14/.config/gtk-2.0#, whitelist
Debug 504: fname #/home/x10an14/.config/gtk-2.0#, cfg.homedir #/home/x10an14#
Replaced whitelist path: whitelist /home/x10an14/.config/gtk-2.0
Debug 398: new_name #/home/x10an14/.config/gtk-3.0#, whitelist
Debug 504: fname #/home/x10an14/.config/gtk-3.0#, cfg.homedir #/home/x10an14#
Replaced whitelist path: whitelist /home/x10an14/.config/gtk-3.0
Debug 398: new_name #/home/x10an14/.config/gtkrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc
	expanded: /home/x10an14/.config/gtkrc
	real path: (null)
	realpath: No such file or directory
Debug 398: new_name #/home/x10an14/.config/gtkrc-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc-2.0
	expanded: /home/x10an14/.config/gtkrc-2.0
	real path: (null)
	realpath: No such file or directory
Debug 398: new_name #/home/x10an14/.gnome2#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2
	expanded: /home/x10an14/.gnome2
	real path: (null)
	realpath: No such file or directory
Debug 398: new_name #/home/x10an14/.gnome2-private#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2-private
	expanded: /home/x10an14/.gnome2-private
	real path: (null)
	realpath: No such file or directory
Debug 398: new_name #/home/x10an14/.gtk-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtk-2.0
	expanded: /home/x10an14/.gtk-2.0
	real path: (null)
	realpath: No such file or directory
Debug 398: new_name #/home/x10an14/.gtkrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtkrc
	expanded: /home/x10an14/.gtkrc
	real path: (null)
	realpath: No such file or directory
Debug 398: new_name #/home/x10an14/.gtkrc-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtkrc-2.0
	expanded: /home/x10an14/.gtkrc-2.0
	real path: (null)
	realpath: No such file or directory
Debug 398: new_name #/home/x10an14/.kde/share/config/gtkrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc
	expanded: /home/x10an14/.kde/share/config/gtkrc
	real path: (null)
	realpath: No such file or directory
Debug 398: new_name #/home/x10an14/.kde/share/config/gtkrc-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc-2.0
	expanded: /home/x10an14/.kde/share/config/gtkrc-2.0
	real path: (null)
	realpath: No such file or directory
Debug 398: new_name #/home/x10an14/.kde4/share/config/gtkrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc
	expanded: /home/x10an14/.kde4/share/config/gtkrc
	real path: (null)
	realpath: No such file or directory
Debug 398: new_name #/home/x10an14/.kde4/share/config/gtkrc-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc-2.0
	expanded: /home/x10an14/.kde4/share/config/gtkrc-2.0
	real path: (null)
	realpath: No such file or directory
Debug 398: new_name #/home/x10an14/.local/share/themes#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/themes
	expanded: /home/x10an14/.local/share/themes
	real path: (null)
	realpath: No such file or directory
Debug 398: new_name #/home/x10an14/.themes#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.themes
	expanded: /home/x10an14/.themes
	real path: (null)
	realpath: No such file or directory
Debug 398: new_name #/home/x10an14/.cache/kioexec/krun#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.cache/kioexec/krun
	expanded: /home/x10an14/.cache/kioexec/krun
	real path: (null)
	realpath: No such file or directory
Debug 398: new_name #/home/x10an14/.config/Kvantum#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/Kvantum
	expanded: /home/x10an14/.config/Kvantum
	real path: (null)
	realpath: No such file or directory
Debug 398: new_name #/home/x10an14/.config/Trolltech.conf#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/Trolltech.conf
	expanded: /home/x10an14/.config/Trolltech.conf
	real path: (null)
	realpath: No such file or directory
Debug 398: new_name #/home/x10an14/.config/kdeglobals#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kdeglobals
	expanded: /home/x10an14/.config/kdeglobals
	real path: (null)
	realpath: No such file or directory
Debug 398: new_name #/home/x10an14/.config/kio_httprc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kio_httprc
	expanded: /home/x10an14/.config/kio_httprc
	real path: (null)
	realpath: No such file or directory
Debug 398: new_name #/home/x10an14/.config/kioslaverc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kioslaverc
	expanded: /home/x10an14/.config/kioslaverc
	real path: (null)
	realpath: No such file or directory
Debug 398: new_name #/home/x10an14/.config/ksslcablacklist#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/ksslcablacklist
	expanded: /home/x10an14/.config/ksslcablacklist
	real path: (null)
	realpath: No such file or directory
Debug 398: new_name #/home/x10an14/.config/qt5ct#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/qt5ct
	expanded: /home/x10an14/.config/qt5ct
	real path: (null)
	realpath: No such file or directory
Debug 398: new_name #/home/x10an14/.kde/share/config/kdeglobals#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kdeglobals
	expanded: /home/x10an14/.kde/share/config/kdeglobals
	real path: (null)
	realpath: No such file or directory
Debug 398: new_name #/home/x10an14/.kde/share/config/kio_httprc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kio_httprc
	expanded: /home/x10an14/.kde/share/config/kio_httprc
	real path: (null)
	realpath: No such file or directory
Debug 398: new_name #/home/x10an14/.kde/share/config/kioslaverc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kioslaverc
	expanded: /home/x10an14/.kde/share/config/kioslaverc
	real path: (null)
	realpath: No such file or directory
Debug 398: new_name #/home/x10an14/.kde/share/config/ksslcablacklist#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/ksslcablacklist
	expanded: /home/x10an14/.kde/share/config/ksslcablacklist
	real path: (null)
	realpath: No such file or directory
Debug 398: new_name #/home/x10an14/.kde/share/config/oxygenrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/oxygenrc
	expanded: /home/x10an14/.kde/share/config/oxygenrc
	real path: (null)
	realpath: No such file or directory
Debug 398: new_name #/home/x10an14/.kde/share/icons#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/icons
	expanded: /home/x10an14/.kde/share/icons
	real path: (null)
	realpath: No such file or directory
Debug 398: new_name #/home/x10an14/.kde4/share/config/kdeglobals#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kdeglobals
	expanded: /home/x10an14/.kde4/share/config/kdeglobals
	real path: (null)
	realpath: No such file or directory
Debug 398: new_name #/home/x10an14/.kde4/share/config/kio_httprc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kio_httprc
	expanded: /home/x10an14/.kde4/share/config/kio_httprc
	real path: (null)
	realpath: No such file or directory
Debug 398: new_name #/home/x10an14/.kde4/share/config/kioslaverc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kioslaverc
	expanded: /home/x10an14/.kde4/share/config/kioslaverc
	real path: (null)
	realpath: No such file or directory
Debug 398: new_name #/home/x10an14/.kde4/share/config/ksslcablacklist#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/ksslcablacklist
	expanded: /home/x10an14/.kde4/share/config/ksslcablacklist
	real path: (null)
	realpath: No such file or directory
Debug 398: new_name #/home/x10an14/.kde4/share/config/oxygenrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/oxygenrc
	expanded: /home/x10an14/.kde4/share/config/oxygenrc
	real path: (null)
	realpath: No such file or directory
Debug 398: new_name #/home/x10an14/.kde4/share/icons#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/icons
	expanded: /home/x10an14/.kde4/share/icons
	real path: (null)
	realpath: No such file or directory
Debug 398: new_name #/home/x10an14/.local/share/qt5ct#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/qt5ct
	expanded: /home/x10an14/.local/share/qt5ct
	real path: (null)
	realpath: No such file or directory
Debug 398: new_name #/var/lib/dbus#, whitelist
Debug 398: new_name #/var/lib/menu-xdg#, whitelist
Removed whitelist/nowhitelist path: whitelist /var/lib/menu-xdg
	expanded: /var/lib/menu-xdg
	real path: (null)
	realpath: No such file or directory
Debug 398: new_name #/var/cache/fontconfig#, whitelist
Debug 398: new_name #/var/tmp#, whitelist
Debug 398: new_name #/var/run#, whitelist
Replaced whitelist path: whitelist /run
Debug 398: new_name #/var/lock#, whitelist
Replaced whitelist path: whitelist /run/lock
Debug 398: new_name #/tmp/.X11-unix#, whitelist
Debug 398: new_name #/tmp/pulse-PKdhtXMmr18n#, whitelist
Drop privileges: pid 3, uid 1000, gid 1000, nogroups 0
Supplementary groups: 29 44 
Mounting a new /home directory
Mounting a new /root directory
Create a new user directory
Drop privileges: pid 4, uid 1000, gid 1000, nogroups 0
Supplementary groups: 29 44 
Drop privileges: pid 5, uid 1000, gid 1000, nogroups 0
Supplementary groups: 29 44 
Mounting tmpfs on /tmp directory
Mounting tmpfs on /var directory
Whitelisting /home/x10an14/.cache/mozilla/firefox
811 679 253:5 /x10an14/.cache/mozilla/firefox /home/x10an14/.cache/mozilla/firefox rw,relatime master:65 - ext4 /dev/mapper/x10--desktop--vg-home rw
mountid=811 fsname=/x10an14/.cache/mozilla/firefox dir=/home/x10an14/.cache/mozilla/firefox fstype=ext4
Whitelisting /home/x10an14/.mozilla
812 679 253:5 /x10an14/.mozilla /home/x10an14/.mozilla rw,relatime master:65 - ext4 /dev/mapper/x10--desktop--vg-home rw
mountid=812 fsname=/x10an14/.mozilla dir=/home/x10an14/.mozilla fstype=ext4
Whitelisting /home/x10an14/Downloads
813 679 253:5 /x10an14/Downloads /home/x10an14/Downloads rw,relatime master:65 - ext4 /dev/mapper/x10--desktop--vg-home rw
mountid=813 fsname=/x10an14/Downloads dir=/home/x10an14/Downloads fstype=ext4
Whitelisting /home/x10an14/.pki
814 679 253:5 /x10an14/.pki /home/x10an14/.pki rw,relatime master:65 - ext4 /dev/mapper/x10--desktop--vg-home rw
mountid=814 fsname=/x10an14/.pki dir=/home/x10an14/.pki fstype=ext4
Whitelisting /home/x10an14/.local/share/pki
815 679 253:5 /x10an14/.local/share/pki /home/x10an14/.local/share/pki rw,relatime master:65 - ext4 /dev/mapper/x10--desktop--vg-home rw
mountid=815 fsname=/x10an14/.local/share/pki dir=/home/x10an14/.local/share/pki fstype=ext4
Whitelisting /home/x10an14/.config/ibus
816 679 253:5 /x10an14/.config/ibus /home/x10an14/.config/ibus rw,relatime master:65 - ext4 /dev/mapper/x10--desktop--vg-home rw
mountid=816 fsname=/x10an14/.config/ibus dir=/home/x10an14/.config/ibus fstype=ext4
Whitelisting /home/x10an14/.config/mimeapps.list
817 679 253:5 /x10an14/.config/mimeapps.list /home/x10an14/.config/mimeapps.list rw,relatime master:65 - ext4 /dev/mapper/x10--desktop--vg-home rw
mountid=817 fsname=/x10an14/.config/mimeapps.list dir=/home/x10an14/.config/mimeapps.list fstype=ext4
Whitelisting /home/x10an14/.config/user-dirs.dirs
828 679 253:5 /x10an14/.config/user-dirs.dirs /home/x10an14/.config/user-dirs.dirs rw,relatime master:65 - ext4 /dev/mapper/x10--desktop--vg-home rw
mountid=828 fsname=/x10an14/.config/user-dirs.dirs dir=/home/x10an14/.config/user-dirs.dirs fstype=ext4
Whitelisting /home/x10an14/.local/share/applications
847 679 253:5 /x10an14/.local/share/applications /home/x10an14/.local/share/applications rw,relatime master:65 - ext4 /dev/mapper/x10--desktop--vg-home rw
mountid=847 fsname=/x10an14/.local/share/applications dir=/home/x10an14/.local/share/applications fstype=ext4
Whitelisting /home/x10an14/.local/share/icons
871 679 253:5 /x10an14/.local/share/icons /home/x10an14/.local/share/icons rw,relatime master:65 - ext4 /dev/mapper/x10--desktop--vg-home rw
mountid=871 fsname=/x10an14/.local/share/icons dir=/home/x10an14/.local/share/icons fstype=ext4
Whitelisting /home/x10an14/.local/share/mime
872 679 253:5 /x10an14/.local/share/mime /home/x10an14/.local/share/mime rw,relatime master:65 - ext4 /dev/mapper/x10--desktop--vg-home rw
mountid=872 fsname=/x10an14/.local/share/mime dir=/home/x10an14/.local/share/mime fstype=ext4
Whitelisting /home/x10an14/.config/dconf
873 679 253:5 /x10an14/.config/dconf /home/x10an14/.config/dconf rw,relatime master:65 - ext4 /dev/mapper/x10--desktop--vg-home rw
mountid=873 fsname=/x10an14/.config/dconf dir=/home/x10an14/.config/dconf fstype=ext4
Whitelisting /home/x10an14/.cache/fontconfig
874 679 253:5 /x10an14/.cache/fontconfig /home/x10an14/.cache/fontconfig rw,relatime master:65 - ext4 /dev/mapper/x10--desktop--vg-home rw
mountid=874 fsname=/x10an14/.cache/fontconfig dir=/home/x10an14/.cache/fontconfig fstype=ext4
Whitelisting /home/x10an14/.config/gtk-2.0
875 679 253:5 /x10an14/.config/gtk-2.0 /home/x10an14/.config/gtk-2.0 rw,relatime master:65 - ext4 /dev/mapper/x10--desktop--vg-home rw
mountid=875 fsname=/x10an14/.config/gtk-2.0 dir=/home/x10an14/.config/gtk-2.0 fstype=ext4
Whitelisting /home/x10an14/.config/gtk-3.0
876 679 253:5 /x10an14/.config/gtk-3.0 /home/x10an14/.config/gtk-3.0 rw,relatime master:65 - ext4 /dev/mapper/x10--desktop--vg-home rw
mountid=876 fsname=/x10an14/.config/gtk-3.0 dir=/home/x10an14/.config/gtk-3.0 fstype=ext4
Whitelisting /var/lib/dbus
877 809 253:2 /lib/dbus /var/lib/dbus ro,nosuid,nodev,noexec,relatime master:63 - ext4 /dev/mapper/x10--desktop--vg-var rw
mountid=877 fsname=/lib/dbus dir=/var/lib/dbus fstype=ext4
Whitelisting /var/cache/fontconfig
878 809 253:2 /cache/fontconfig /var/cache/fontconfig ro,nosuid,nodev,noexec,relatime master:63 - ext4 /dev/mapper/x10--desktop--vg-var rw
mountid=878 fsname=/cache/fontconfig dir=/var/cache/fontconfig fstype=ext4
Whitelisting /var/tmp
879 809 0:71 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw
mountid=879 fsname=/ dir=/var/tmp fstype=tmpfs
Created symbolic link /var/run -> /run
Created symbolic link /var/lock -> /run/lock
Whitelisting /tmp/.X11-unix
880 745 253:4 /.X11-unix /tmp/.X11-unix rw,relatime master:61 - ext4 /dev/mapper/x10--desktop--vg-tmp rw
mountid=880 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=ext4
Whitelisting /tmp/pulse-PKdhtXMmr18n
881 745 253:4 /pulse-PKdhtXMmr18n /tmp/pulse-PKdhtXMmr18n rw,relatime master:61 - ext4 /dev/mapper/x10--desktop--vg-tmp rw
mountid=881 fsname=/pulse-PKdhtXMmr18n dir=/tmp/pulse-PKdhtXMmr18n fstype=ext4
Disable /etc/X11/Xsession.d
Disable /etc/xdg/autostart
Mounting read-only /home/x10an14/.Xauthority
Disable /run/docker.sock (requested /var/run/docker.sock)
Disable /etc/anacrontab
Disable /etc/cron.allow
Disable /etc/cron.d
Disable /etc/cron.hourly
Disable /etc/cron.monthly
Disable /etc/cron.daily
Disable /etc/crontab
Disable /etc/cron.weekly
Disable /etc/profile.d
Disable /etc/rc0.d
Disable /etc/rc2.d
Disable /etc/rc4.d
Disable /etc/rc3.d
Disable /etc/rcS.d
Disable /etc/rc1.d
Disable /etc/rc6.d
Disable /etc/rc5.d
Disable /etc/kernel
Disable /etc/grub.d
Disable /etc/dkms
Disable /etc/apparmor.d
Disable /etc/apparmor
Disable /etc/selinux
Disable /etc/modules
Disable /etc/modules-load.d
Disable /etc/logrotate.conf
Disable /etc/logrotate.d
Disable /etc/adduser.conf
Mounting read-only /home/x10an14/.bashrc
Mounting read-only /home/x10an14/.local/share/applications
Not blacklist /home/x10an14/.pki
Not blacklist /home/x10an14/.local/share/pki
Disable /etc/group-
Disable /etc/gshadow
Disable /etc/gshadow-
Disable /etc/passwd-
Disable /etc/shadow
Disable /etc/shadow-
Disable /etc/ssh
Disable /usr/sbin (requested /sbin)
Disable /usr/local/sbin
Disable /usr/sbin
Disable /usr/bin/chage
Disable /usr/bin/chage (requested /bin/chage)
Disable /usr/bin/chfn
Disable /usr/bin/chfn (requested /bin/chfn)
Disable /usr/bin/chsh
Disable /usr/bin/chsh (requested /bin/chsh)
Disable /usr/bin/crontab
Disable /usr/bin/crontab (requested /bin/crontab)
Disable /usr/bin/expiry
Disable /usr/bin/expiry (requested /bin/expiry)
Disable /usr/bin/fusermount
Disable /usr/bin/fusermount (requested /bin/fusermount)
Disable /usr/bin/gpasswd
Disable /usr/bin/gpasswd (requested /bin/gpasswd)
Disable /usr/bin/mount
Disable /usr/bin/mount (requested /bin/mount)
Disable /usr/bin/nc.openbsd (requested /usr/bin/nc)
Disable /usr/bin/nc.openbsd (requested /bin/nc)
Disable /usr/bin/newgrp
Disable /usr/bin/newgrp (requested /bin/newgrp)
Disable /usr/bin/ntfs-3g
Disable /usr/bin/ntfs-3g (requested /bin/ntfs-3g)
Disable /usr/bin/pkexec
Disable /usr/bin/pkexec (requested /bin/pkexec)
Disable /usr/bin/newgrp (requested /usr/bin/sg)
Disable /usr/bin/newgrp (requested /bin/sg)
Disable /usr/bin/strace
Disable /usr/bin/strace (requested /bin/strace)
Disable /usr/bin/su
Disable /usr/bin/su (requested /bin/su)
Disable /usr/bin/sudo
Disable /usr/bin/sudo (requested /bin/sudo)
Disable /usr/bin/umount
Disable /usr/bin/umount (requested /bin/umount)
Disable /usr/bin/xev
Disable /usr/bin/xev (requested /bin/xev)
Disable /usr/bin/gnome-terminal
Disable /usr/bin/gnome-terminal (requested /bin/gnome-terminal)
Disable /usr/bin/gnome-terminal.wrapper
Disable /usr/bin/gnome-terminal.wrapper (requested /bin/gnome-terminal.wrapper)
Disable /usr/share/flatpak
Disable /usr/bin/bwrap
Disable /usr/bin/bwrap (requested /bin/bwrap)
Disable /usr/bin/x86_64-linux-gnu-as (requested /usr/bin/as)
Disable /usr/bin/x86_64-linux-gnu-as (requested /bin/as)
Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /usr/bin/cc)
Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /bin/cc)
Disable /usr/bin/x86_64-linux-gnu-c++filt (requested /usr/bin/c++filt)
Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /usr/bin/c++)
Disable /usr/bin/x86_64-linux-gnu-c++filt (requested /bin/c++filt)
Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /bin/c++)
Disable /usr/bin/c89-gcc
Disable /usr/bin/c89-gcc (requested /usr/bin/c89)
Disable /usr/bin/c89-gcc (requested /bin/c89-gcc)
Disable /usr/bin/c89-gcc (requested /bin/c89)
Disable /usr/bin/c99-gcc (requested /usr/bin/c99)
Disable /usr/bin/c99-gcc
Disable /usr/bin/c99-gcc (requested /bin/c99)
Disable /usr/bin/c99-gcc (requested /bin/c99-gcc)
Disable /usr/bin/x86_64-linux-gnu-cpp-8 (requested /usr/bin/cpp)
Disable /usr/bin/x86_64-linux-gnu-cpp-8 (requested /usr/bin/cpp-8)
Disable /usr/bin/x86_64-linux-gnu-cpp-8 (requested /bin/cpp)
Disable /usr/bin/x86_64-linux-gnu-cpp-8 (requested /bin/cpp-8)
Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /usr/bin/g++)
Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /usr/bin/g++-8)
Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /bin/g++)
Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /bin/g++-8)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 (requested /usr/bin/gcc-ar-8)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 (requested /usr/bin/gcc-nm-8)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 (requested /usr/bin/gcc-nm)
Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /usr/bin/gcc)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 (requested /usr/bin/gcc-ranlib-8)
Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /usr/bin/gcc-8)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 (requested /usr/bin/gcc-ranlib)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 (requested /usr/bin/gcc-ar)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 (requested /bin/gcc-ar-8)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 (requested /bin/gcc-nm-8)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 (requested /bin/gcc-nm)
Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /bin/gcc)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 (requested /bin/gcc-ranlib-8)
Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /bin/gcc-8)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 (requested /bin/gcc-ranlib)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 (requested /bin/gcc-ar)
Disable /usr/bin/gdb
Disable /usr/bin/gdb (requested /bin/gdb)
Disable /usr/bin/x86_64-linux-gnu-ld.bfd (requested /usr/bin/ld)
Disable /usr/bin/x86_64-linux-gnu-ld.bfd (requested /bin/ld)
Disable /usr/bin/avr-gcc-nm
Disable /usr/bin/arm-none-eabi-gcc
Disable /usr/bin/arm-none-eabi-gcc-ranlib
Disable /usr/bin/c89-gcc
Disable /usr/bin/x86_64-linux-gnu-gcc-8
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 (requested /usr/bin/x86_64-linux-gnu-gcc-nm)
Disable /usr/bin/arm-none-eabi-gcc-nm
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 (requested /usr/bin/x86_64-linux-gnu-gcc-ranlib)
Disable /usr/bin/avr-gcc-5.4.0
Disable /usr/bin/avr-gcc
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8
Disable /usr/bin/avr-gcc-ar
Disable /usr/bin/arm-none-eabi-gcc-7.3.1
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 (requested /usr/bin/x86_64-linux-gnu-gcc-ar)
Disable /usr/bin/arm-none-eabi-gcc-ar
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8
Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /usr/bin/x86_64-linux-gnu-gcc)
Disable /usr/bin/c99-gcc
Disable /usr/bin/avr-gcc-ranlib
Disable /usr/bin/avr-gcc-nm (requested /bin/avr-gcc-nm)
Disable /usr/bin/arm-none-eabi-gcc (requested /bin/arm-none-eabi-gcc)
Disable /usr/bin/arm-none-eabi-gcc-ranlib (requested /bin/arm-none-eabi-gcc-ranlib)
Disable /usr/bin/c89-gcc (requested /bin/c89-gcc)
Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /bin/x86_64-linux-gnu-gcc-8)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 (requested /bin/x86_64-linux-gnu-gcc-nm)
Disable /usr/bin/arm-none-eabi-gcc-nm (requested /bin/arm-none-eabi-gcc-nm)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 (requested /bin/x86_64-linux-gnu-gcc-ranlib)
Disable /usr/bin/avr-gcc-5.4.0 (requested /bin/avr-gcc-5.4.0)
Disable /usr/bin/avr-gcc (requested /bin/avr-gcc)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 (requested /bin/x86_64-linux-gnu-gcc-nm-8)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 (requested /bin/x86_64-linux-gnu-gcc-ar-8)
Disable /usr/bin/avr-gcc-ar (requested /bin/avr-gcc-ar)
Disable /usr/bin/arm-none-eabi-gcc-7.3.1 (requested /bin/arm-none-eabi-gcc-7.3.1)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 (requested /bin/x86_64-linux-gnu-gcc-ar)
Disable /usr/bin/arm-none-eabi-gcc-ar (requested /bin/arm-none-eabi-gcc-ar)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 (requested /bin/x86_64-linux-gnu-gcc-ranlib-8)
Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /bin/x86_64-linux-gnu-gcc)
Disable /usr/bin/c99-gcc (requested /bin/c99-gcc)
Disable /usr/bin/avr-gcc-ranlib (requested /bin/avr-gcc-ranlib)
Disable /usr/bin/x86_64-linux-gnu-g++-8
Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /usr/bin/x86_64-linux-gnu-g++)
Disable /usr/bin/avr-g++
Disable /usr/bin/arm-none-eabi-g++
Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /bin/x86_64-linux-gnu-g++-8)
Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /bin/x86_64-linux-gnu-g++)
Disable /usr/bin/avr-g++ (requested /bin/avr-g++)
Disable /usr/bin/arm-none-eabi-g++ (requested /bin/arm-none-eabi-g++)
Disable /usr/bin/avr-gcc-nm
Disable /usr/bin/arm-none-eabi-gcc
Disable /usr/bin/arm-none-eabi-gcc-ranlib
Disable /usr/bin/c89-gcc
Disable /usr/bin/x86_64-linux-gnu-gcc-8
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 (requested /usr/bin/x86_64-linux-gnu-gcc-nm)
Disable /usr/bin/arm-none-eabi-gcc-nm
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 (requested /usr/bin/x86_64-linux-gnu-gcc-ranlib)
Disable /usr/bin/avr-gcc-5.4.0
Disable /usr/bin/avr-gcc
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8
Disable /usr/bin/avr-gcc-ar
Disable /usr/bin/arm-none-eabi-gcc-7.3.1
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 (requested /usr/bin/x86_64-linux-gnu-gcc-ar)
Disable /usr/bin/arm-none-eabi-gcc-ar
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8
Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /usr/bin/x86_64-linux-gnu-gcc)
Disable /usr/bin/c99-gcc
Disable /usr/bin/avr-gcc-ranlib
Disable /usr/bin/avr-gcc-nm (requested /bin/avr-gcc-nm)
Disable /usr/bin/arm-none-eabi-gcc (requested /bin/arm-none-eabi-gcc)
Disable /usr/bin/arm-none-eabi-gcc-ranlib (requested /bin/arm-none-eabi-gcc-ranlib)
Disable /usr/bin/c89-gcc (requested /bin/c89-gcc)
Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /bin/x86_64-linux-gnu-gcc-8)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 (requested /bin/x86_64-linux-gnu-gcc-nm)
Disable /usr/bin/arm-none-eabi-gcc-nm (requested /bin/arm-none-eabi-gcc-nm)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 (requested /bin/x86_64-linux-gnu-gcc-ranlib)
Disable /usr/bin/avr-gcc-5.4.0 (requested /bin/avr-gcc-5.4.0)
Disable /usr/bin/avr-gcc (requested /bin/avr-gcc)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 (requested /bin/x86_64-linux-gnu-gcc-nm-8)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 (requested /bin/x86_64-linux-gnu-gcc-ar-8)
Disable /usr/bin/avr-gcc-ar (requested /bin/avr-gcc-ar)
Disable /usr/bin/arm-none-eabi-gcc-7.3.1 (requested /bin/arm-none-eabi-gcc-7.3.1)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 (requested /bin/x86_64-linux-gnu-gcc-ar)
Disable /usr/bin/arm-none-eabi-gcc-ar (requested /bin/arm-none-eabi-gcc-ar)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 (requested /bin/x86_64-linux-gnu-gcc-ranlib-8)
Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /bin/x86_64-linux-gnu-gcc)
Disable /usr/bin/c99-gcc (requested /bin/c99-gcc)
Disable /usr/bin/avr-gcc-ranlib (requested /bin/avr-gcc-ranlib)
Disable /usr/bin/x86_64-linux-gnu-g++-8
Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /usr/bin/x86_64-linux-gnu-g++)
Disable /usr/bin/avr-g++
Disable /usr/bin/arm-none-eabi-g++
Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /bin/x86_64-linux-gnu-g++-8)
Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /bin/x86_64-linux-gnu-g++)
Disable /usr/bin/avr-g++ (requested /bin/avr-g++)
Disable /usr/bin/arm-none-eabi-g++ (requested /bin/arm-none-eabi-g++)
Disable /usr/include
Disable /usr/local/go/bin/go
Disable /usr/local/go/bin/gofmt
Disable /usr/share/java
Disable /usr/bin/openssl
Disable /usr/bin/openssl (requested /bin/openssl)
Disable /usr/lib/valgrind
Disable /usr/share/texlive/texmf-dist/scripts/luaotfload/luaotfload-tool.lua (requested /usr/bin/luaotfload-tool)
Disable /usr/bin/luatex53
Disable /usr/bin/luatex (requested /usr/bin/lualatex)
Disable /usr/bin/luatex
Disable /usr/share/texlive/texmf-dist/scripts/lua2dox/lua2dox_filter (requested /usr/bin/lua2dox_filter)
Disable /usr/bin/luajittex
Disable /usr/bin/luatools
Disable /usr/share/texlive/texmf-dist/scripts/luaotfload/luaotfload-tool.lua (requested /bin/luaotfload-tool)
Disable /usr/bin/luatex53 (requested /bin/luatex53)
Disable /usr/bin/luatex (requested /bin/lualatex)
Disable /usr/bin/luatex (requested /bin/luatex)
Disable /usr/share/texlive/texmf-dist/scripts/lua2dox/lua2dox_filter (requested /bin/lua2dox_filter)
Disable /usr/bin/luajittex (requested /bin/luajittex)
Disable /usr/bin/luatools (requested /bin/luatools)
Disable /usr/share/lua
Disable /usr/bin/node
Disable /usr/bin/node (requested /bin/node)
Disable /usr/bin/cpan5.28-x86_64-linux-gnu
Disable /usr/bin/cpan5.28-i386-linux-gnu
Disable /usr/bin/cpan
Disable /usr/bin/cpan5.28-x86_64-linux-gnu (requested /bin/cpan5.28-x86_64-linux-gnu)
Disable /usr/bin/cpan5.28-i386-linux-gnu (requested /bin/cpan5.28-i386-linux-gnu)
Disable /usr/bin/cpan (requested /bin/cpan)
Disable /usr/bin/perl
Disable /usr/bin/perl (requested /bin/perl)
Disable /usr/share/perl
Disable /usr/share/perl-openssl-defaults
Disable /usr/share/perl5
Disable /usr/bin/ruby2.5 (requested /usr/bin/ruby)
Disable /usr/bin/ruby2.5 (requested /bin/ruby)
Disable /usr/lib/ruby
Disable /usr/bin/python2-pasteurize
Disable /usr/bin/python2.7
Disable /usr/bin/python2.7 (requested /usr/bin/python2)
Disable /usr/bin/python2-futurize
Disable /usr/bin/python2-pasteurize (requested /bin/python2-pasteurize)
Disable /usr/bin/python2.7 (requested /bin/python2.7)
Disable /usr/bin/python2.7 (requested /bin/python2)
Disable /usr/bin/python2-futurize (requested /bin/python2-futurize)
Disable /usr/lib/python2.6
Disable /usr/lib/python2.7
Disable /usr/local/lib/python2.7
Disable /usr/bin/x86_64-linux-gnu-python3.7m-config (requested /usr/bin/python3.7-config)
Disable /usr/bin/python3.7m (requested /usr/bin/python3m)
Disable /usr/bin/python3.7m
Disable /usr/bin/x86_64-linux-gnu-python3.7m-config (requested /usr/bin/python3-config)
Disable /usr/bin/x86_64-linux-gnu-python3.7m-config (requested /usr/bin/python3m-config)
Disable /usr/bin/x86_64-linux-gnu-python3.7m-config (requested /usr/bin/python3.7m-config)
Disable /usr/bin/python3.7
Disable /usr/bin/python3.7 (requested /usr/bin/python3)
Disable /usr/bin/x86_64-linux-gnu-python3.7m-config (requested /bin/python3.7-config)
Disable /usr/bin/python3.7m (requested /bin/python3m)
Disable /usr/bin/python3.7m (requested /bin/python3.7m)
Disable /usr/bin/x86_64-linux-gnu-python3.7m-config (requested /bin/python3-config)
Disable /usr/bin/x86_64-linux-gnu-python3.7m-config (requested /bin/python3m-config)
Disable /usr/bin/x86_64-linux-gnu-python3.7m-config (requested /bin/python3.7m-config)
Disable /usr/bin/python3.7 (requested /bin/python3.7)
Disable /usr/bin/python3.7 (requested /bin/python3)
Disable /usr/lib/python3.7
Disable /usr/lib/python3
Disable /usr/local/lib/python3.7
Disable /usr/share/python3
Not blacklist /home/x10an14/.mozilla
Not blacklist /home/x10an14/.cache/mozilla
Mounting read-only /home/x10an14/.config/user-dirs.dirs
Mounting noexec /tmp
Mounting noexec /tmp/.X11-unix
Mounting noexec /tmp/pulse-PKdhtXMmr18n
Disable /sys/fs
Disable /sys/module
Disable /mnt
Disable /media
Disable /run/mount
Mounting noexec /run/firejail/mnt/pulse
Creating empty /home/x10an14/.config/pulse directory
Drop privileges: pid 6, uid 1000, gid 1000, nogroups 0
Supplementary groups: 29 44 
1514 679 0:48 /pulse /home/x10an14/.config/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755
mountid=1514 fsname=/pulse dir=/home/x10an14/.config/pulse fstype=tmpfs
blacklist /dev/dvb
blacklist /dev/sr0
blacklist /dev/hidraw0
blacklist /dev/hidraw1
blacklist /dev/hidraw2
blacklist /dev/hidraw3
blacklist /dev/hidraw4
blacklist /dev/hidraw5
blacklist /dev/hidraw6
blacklist /dev/hidraw7
blacklist /dev/hidraw8
blacklist /dev/hidraw9
blacklist /dev/usb
Create the new ld.so.preload file
Post-exec seccomp protector enabled
Mount the new ld.so.preload file
Current directory: /home/x10an14
DISPLAY=:0 parsed as 0
Install protocol filter: unix,inet,inet6,netlink
configuring 16 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol (null) 
Dropping all capabilities
Drop privileges: pid 7, uid 1000, gid 1000, nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 15 01 00 00000029   jeq socket 0006 (false 0005)
 0005: 06 00 00 7fff0000   ret ALLOW
 0006: 20 00 00 00000010   ld  data.args[0]
 0007: 15 00 01 00000001   jeq 1 0008 (false 0009)
 0008: 06 00 00 7fff0000   ret ALLOW
 0009: 15 00 01 00000002   jeq 2 000a (false 000b)
 000a: 06 00 00 7fff0000   ret ALLOW
 000b: 15 00 01 0000000a   jeq a 000c (false 000d)
 000c: 06 00 00 7fff0000   ret ALLOW
 000d: 15 00 01 00000010   jeq 10 000e (false 000f)
 000e: 06 00 00 7fff0000   ret ALLOW
 000f: 06 00 00 0005005f   ret ERRNO(95)
Build drop seccomp filter
sbox run: /run/firejail/lib/fseccomp drop /run/firejail/mnt/seccomp/seccomp /run/firejail/mnt/seccomp/seccomp.postexec @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice (null) 
Dropping all capabilities
Drop privileges: pid 8, uid 1000, gid 1000, nogroups 1
No supplementary groups
Seccomp list in: @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice, check list: @default-keep, prelist: adjtimex,clock_adjtime,clock_settime,settimeofday,modify_ldt,lookup_dcookie,perf_event_open,process_vm_writev,delete_module,finit_module,init_module,_sysctl,afs_syscall,create_module,get_kernel_syms,getpmsg,putpmsg,query_module,security,sysfs,tuxcall,uselib,ustat,vserver,ioperm,iopl,kexec_load,kexec_file_load,reboot,set_mempolicy,migrate_pages,move_pages,mbind,swapon,swapoff,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount2,userfaultfd,vhangup,vmsplice,
sbox run: /run/firejail/lib/fsec-optimize /run/firejail/mnt/seccomp/seccomp (null) 
Dropping all capabilities
Drop privileges: pid 9, uid 1000, gid 1000, nogroups 1
No supplementary groups
configuring 73 seccomp entries in /run/firejail/mnt/seccomp/seccomp
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp (null) 
Dropping all capabilities
Drop privileges: pid 10, uid 1000, gid 1000, nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 35 01 00 40000000   jge X32_ABI 0006 (false 0005)
 0005: 35 01 00 00000000   jge read 0007 (false 0006)
 0006: 06 00 00 00050001   ret ERRNO(1)
 0007: 15 40 00 0000009f   jeq adjtimex 0048 (false 0008)
 0008: 15 3f 00 00000131   jeq clock_adjtime 0048 (false 0009)
 0009: 15 3e 00 000000e3   jeq clock_settime 0048 (false 000a)
 000a: 15 3d 00 000000a4   jeq settimeofday 0048 (false 000b)
 000b: 15 3c 00 0000009a   jeq modify_ldt 0048 (false 000c)
 000c: 15 3b 00 000000d4   jeq lookup_dcookie 0048 (false 000d)
 000d: 15 3a 00 0000012a   jeq perf_event_open 0048 (false 000e)
 000e: 15 39 00 00000137   jeq process_vm_writev 0048 (false 000f)
 000f: 15 38 00 000000b0   jeq delete_module 0048 (false 0010)
 0010: 15 37 00 00000139   jeq finit_module 0048 (false 0011)
 0011: 15 36 00 000000af   jeq init_module 0048 (false 0012)
 0012: 15 35 00 0000009c   jeq _sysctl 0048 (false 0013)
 0013: 15 34 00 000000b7   jeq afs_syscall 0048 (false 0014)
 0014: 15 33 00 000000ae   jeq create_module 0048 (false 0015)
 0015: 15 32 00 000000b1   jeq get_kernel_syms 0048 (false 0016)
 0016: 15 31 00 000000b5   jeq getpmsg 0048 (false 0017)
 0017: 15 30 00 000000b6   jeq putpmsg 0048 (false 0018)
 0018: 15 2f 00 000000b2   jeq query_module 0048 (false 0019)
 0019: 15 2e 00 000000b9   jeq security 0048 (false 001a)
 001a: 15 2d 00 0000008b   jeq sysfs 0048 (false 001b)
 001b: 15 2c 00 000000b8   jeq tuxcall 0048 (false 001c)
 001c: 15 2b 00 00000086   jeq uselib 0048 (false 001d)
 001d: 15 2a 00 00000088   jeq ustat 0048 (false 001e)
 001e: 15 29 00 000000ec   jeq vserver 0048 (false 001f)
 001f: 15 28 00 000000ad   jeq ioperm 0048 (false 0020)
 0020: 15 27 00 000000ac   jeq iopl 0048 (false 0021)
 0021: 15 26 00 000000f6   jeq kexec_load 0048 (false 0022)
 0022: 15 25 00 00000140   jeq kexec_file_load 0048 (false 0023)
 0023: 15 24 00 000000a9   jeq reboot 0048 (false 0024)
 0024: 15 23 00 000000ee   jeq set_mempolicy 0048 (false 0025)
 0025: 15 22 00 00000100   jeq migrate_pages 0048 (false 0026)
 0026: 15 21 00 00000117   jeq move_pages 0048 (false 0027)
 0027: 15 20 00 000000ed   jeq mbind 0048 (false 0028)
 0028: 15 1f 00 000000a7   jeq swapon 0048 (false 0029)
 0029: 15 1e 00 000000a8   jeq swapoff 0048 (false 002a)
 002a: 15 1d 00 000000a3   jeq acct 0048 (false 002b)
 002b: 15 1c 00 000000f8   jeq add_key 0048 (false 002c)
 002c: 15 1b 00 00000141   jeq bpf 0048 (false 002d)
 002d: 15 1a 00 0000012c   jeq fanotify_init 0048 (false 002e)
 002e: 15 19 00 000000d2   jeq io_cancel 0048 (false 002f)
 002f: 15 18 00 000000cf   jeq io_destroy 0048 (false 0030)
 0030: 15 17 00 000000d0   jeq io_getevents 0048 (false 0031)
 0031: 15 16 00 000000ce   jeq io_setup 0048 (false 0032)
 0032: 15 15 00 000000d1   jeq io_submit 0048 (false 0033)
 0033: 15 14 00 000000fb   jeq ioprio_set 0048 (false 0034)
 0034: 15 13 00 00000138   jeq kcmp 0048 (false 0035)
 0035: 15 12 00 000000fa   jeq keyctl 0048 (false 0036)
 0036: 15 11 00 000000a5   jeq mount 0048 (false 0037)
 0037: 15 10 00 0000012f   jeq name_to_handle_at 0048 (false 0038)
 0038: 15 0f 00 000000b4   jeq nfsservctl 0048 (false 0039)
 0039: 15 0e 00 00000130   jeq open_by_handle_at 0048 (false 003a)
 003a: 15 0d 00 00000087   jeq personality 0048 (false 003b)
 003b: 15 0c 00 0000009b   jeq pivot_root 0048 (false 003c)
 003c: 15 0b 00 00000136   jeq process_vm_readv 0048 (false 003d)
 003d: 15 0a 00 00000065   jeq ptrace 0048 (false 003e)
 003e: 15 09 00 000000d8   jeq remap_file_pages 0048 (false 003f)
 003f: 15 08 00 000000f9   jeq request_key 0048 (false 0040)
 0040: 15 07 00 000000ab   jeq setdomainname 0048 (false 0041)
 0041: 15 06 00 000000aa   jeq sethostname 0048 (false 0042)
 0042: 15 05 00 00000067   jeq syslog 0048 (false 0043)
 0043: 15 04 00 000000a6   jeq umount2 0048 (false 0044)
 0044: 15 03 00 00000143   jeq userfaultfd 0048 (false 0045)
 0045: 15 02 00 00000099   jeq vhangup 0048 (false 0046)
 0046: 15 01 00 00000116   jeq vmsplice 0048 (false 0047)
 0047: 06 00 00 7fff0000   ret ALLOW
 0048: 06 00 00 00000000   ret KILL
seccomp filter configured
Mounting read-only /run/firejail/mnt/seccomp
Dropping all capabilities
noroot user namespace installed
Dropping all capabilities
NO_NEW_PRIVS set
Drop privileges: pid 1, uid 1000, gid 1000, nogroups 1
No supplementary groups
AppArmor enabled
starting application
LD_PRELOAD=(null)
execvp argument 0: firefox
Child process initialized in 175.54 ms
Searching $PATH for firefox
trying #/home/x10an14/.sdkman/candidates/maven/current/bin/firefox#
trying #/home/x10an14/.sdkman/candidates/java/current/bin/firefox#
trying #/usr/lib/google-cloud-sdk/bin/firefox#
trying #/home/x10an14/Documents/github/pyenv/shims/firefox#
trying #/home/x10an14/Documents/github/pyenv/bin/firefox#
trying #/home/x10an14/.volta//bin/firefox#
trying #/home/x10an14/.cargo/bin/firefox#
trying #/home/x10an14/.cargo/bin/firefox#
trying #/home/x10an14/.dotnet/tools/firefox#
trying #/home/x10an14/.kubectx/firefox#
trying #/home/x10an14/.local/bin/firefox#
trying #/usr/local/bin/firefox#
trying #/usr/bin/firefox#
trying #/bin/firefox#
trying #/usr/local/games/firefox#
trying #/usr/games/firefox#
trying #/usr/local/go/bin/firefox#
trying #/home/x10an14/go/bin/firefox#
trying #/usr/sbin/firefox#
Installing /run/firejail/mnt/seccomp/seccomp seccomp filter
Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter
Error: no suitable firefox executable found
monitoring pid 11

Sandbox monitor: waitpid 11 retval 11 status 256

Parent is shutting down, bye...
[2020-12-31 13:35:44] 1 x10an14@x10-desktop:~
-> $
Originally created by @x10an14 on GitHub (Dec 31, 2020). Original GitHub issue: https://github.com/netblue30/firejail/issues/3858 # Bug and expected behavior ``` [2020-12-31 13:19:52] 0 x10an14@x10-desktop:~ -> $ firejail firefox Reading profile /etc/firejail/firefox.profile Reading profile /etc/firejail/firefox-common.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Warning: networking feature is disabled in Firejail configuration file Parent pid 7979, child pid 7980 Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Post-exec seccomp protector enabled Seccomp list in: @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice, check list: @default-keep, prelist: adjtimex,clock_adjtime,clock_settime,settimeofday,modify_ldt,lookup_dcookie,perf_event_open,process_vm_writev,delete_module,finit_module,init_module,_sysctl,afs_syscall,create_module,get_kernel_syms,getpmsg,putpmsg,query_module,security,sysfs,tuxcall,uselib,ustat,vserver,ioperm,iopl,kexec_load,kexec_file_load,reboot,set_mempolicy,migrate_pages,move_pages,mbind,swapon,swapoff,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount2,userfaultfd,vhangup,vmsplice, Child process initialized in 188.29 ms Error: no suitable firefox executable found Parent is shutting down, bye... [2020-12-31 13:20:17] 1 x10an14@x10-desktop:~ -> $ ``` ## What did you expect to happen? Firefox to start ## No profile and disabling firejail - What changed calling `firejail --noprofile /path/to/program` in a terminal? - `firefox` could start: ``` [2020-12-31 13:21:33] 0 x10an14@x10-desktop:~ -> $ firejail --noprofile firefox Parent pid 8275, child pid 8276 Child process initialized in 33.72 ms # Firefox window opened up ``` - What changed calling the program by path (check `which <program>` or `firejail --list` while the sandbox is running)? ``` [2020-12-31 13:21:33] 0 x10an14@x10-desktop:~ -> $ firejail --noprofile firefox Parent pid 8275, child pid 8276 Child process initialized in 33.72 ms ###!!! [Parent][RunMessage] Error: Channel closing: too late to send/recv, messages will be lost ###!!! [Parent][RunMessage] Error: Channel closing: too late to send/recv, messages will be lost ###!!! [Parent][RunMessage] Error: Channel closing: too late to send/recv, messages will be lost ###!!! [Parent][RunMessage] Error: Channel closing: too late to send/recv, messages will be lost ^C Parent received signal 2, shutting down the child process... Child received signal 2, shutting down the sandbox... Parent is shutting down, bye... [2020-12-31 13:32:35] 2 x10an14@x10-desktop:~ -> $ firejail --noprofile /opt/firefox/firefox Parent pid 11373, child pid 11374 Child process initialized in 32.13 ms # Firefox window opened up ``` ## Reproduce Steps to reproduce the behavior: `firejail firefox` or `firejail /opt/firefox/firefox` ## Environment - Linux distribution and version (ie output of `lsb_release -a`, `screenfetch` or `cat /etc/os-release`) ``` [2020-12-31 13:24:21] 0 x10an14@x10-desktop:~ -> $ which firefox /usr/bin/firefox [2020-12-31 13:24:26] 0 x10an14@x10-desktop:~ -> $ firejail --list 8275:x10an14::firejail --noprofile firefox [2020-12-31 13:24:33] 0 x10an14@x10-desktop:~ -> $ ps auxZ | grep '[f]irefox' pts/0 S+ 13:21 0:00 firejail --noprofile firefox unconfined x10an14 8276 0.0 0.0 3976 1928 pts/0 S+ 13:21 0:00 firejail --noprofile firefox unconfined x10an14 8278 19.7 3.4 4369328 1136980 pts/0 Sl+ 13:21 0:50 firefox unconfined x10an14 8410 1.8 0.8 2982748 290616 pts/0 Sl+ 13:21 0:04 /mnt/2tbRAID10/opt/firefox-v80.0.1/firefox-bin -contentproc -childID 1 -isForBrowser -prefsLen 1 -prefMapSize 242168 -parentBuildID 20201221152838 -appdir /mnt/2tbRAID10/opt/firefox-v80.0.1/browser 2 true tab unconfined x10an14 8462 3.8 1.0 2834452 336024 pts/0 Sl+ 13:21 0:09 /mnt/2tbRAID10/opt/firefox-v80.0.1/firefox-bin -contentproc -childID 2 -isForBrowser -prefsLen 244 -prefMapSize 242168 -parentBuildID 20201221152838 -appdir /mnt/2tbRAID10/opt/firefox-v80.0.1/browser 2 true tab unconfined x10an14 8514 1.3 0.8 2740232 289176 pts/0 Sl+ 13:21 0:03 /mnt/2tbRAID10/opt/firefox-v80.0.1/firefox-bin -contentproc -childID 3 -isForBrowser -prefsLen 907 -prefMapSize 242168 -parentBuildID 20201221152838 -appdir /mnt/2tbRAID10/opt/firefox-v80.0.1/browser 2 true tab unconfined x10an14 8533 0.3 0.4 2482472 133472 pts/0 Sl+ 13:21 0:00 /mnt/2tbRAID10/opt/firefox-v80.0.1/firefox-bin -contentproc -childID 4 -isForBrowser -prefsLen 907 -prefMapSize 242168 -parentBuildID 20201221152838 -appdir /mnt/2tbRAID10/opt/firefox-v80.0.1/browser 2 true tab unconfined x10an14 8558 13.5 2.3 10071028 766364 pts/0 Sl+ 13:21 0:34 /mnt/2tbRAID10/opt/firefox-v80.0.1/firefox-bin -contentproc -childID 5 -isForBrowser -prefsLen 907 -prefMapSize 242168 -parentBuildID 20201221152838 -appdir /mnt/2tbRAID10/opt/firefox-v80.0.1/browser 2 true tab unconfined x10an14 8583 4.2 1.0 2800312 344880 pts/0 Sl+ 13:21 0:10 /mnt/2tbRAID10/opt/firefox-v80.0.1/firefox-bin -contentproc -childID 6 -isForBrowser -prefsLen 907 -prefMapSize 242168 -parentBuildID 20201221152838 -appdir /mnt/2tbRAID10/opt/firefox-v80.0.1/browser 2 true tab unconfined x10an14 8603 1.3 0.6 2757624 218212 pts/0 Sl+ 13:21 0:03 /mnt/2tbRAID10/opt/firefox-v80.0.1/firefox-bin -contentproc -childID 7 -isForBrowser -prefsLen 907 -prefMapSize 242168 -parentBuildID 20201221152838 -appdir /mnt/2tbRAID10/opt/firefox-v80.0.1/browser 2 true tab unconfined x10an14 8628 1.6 0.6 2713612 222428 pts/0 Sl+ 13:21 0:04 /mnt/2tbRAID10/opt/firefox-v80.0.1/firefox-bin -contentproc -childID 8 -isForBrowser -prefsLen 907 -prefMapSize 242168 -parentBuildID 20201221152838 -appdir /mnt/2tbRAID10/opt/firefox-v80.0.1/browser 2 true tab unconfined x10an14 8653 2.5 0.8 2738180 273304 pts/0 Sl+ 13:21 0:06 /mnt/2tbRAID10/opt/firefox-v80.0.1/firefox-bin -contentproc -childID 9 -isForBrowser -prefsLen 907 -prefMapSize 242168 -parentBuildID 20201221152838 -appdir /mnt/2tbRAID10/opt/firefox-v80.0.1/browser 2 true tab unconfined x10an14 8967 0.4 0.5 2639376 193180 pts/0 Sl+ 13:21 0:01 /mnt/2tbRAID10/opt/firefox-v80.0.1/firefox-bin -contentproc -childID 10 -isForBrowser -prefsLen 7465 -prefMapSize 242168 -parentBuildID 20201221152838 -appdir /mnt/2tbRAID10/opt/firefox-v80.0.1/browser 2 true tab [2020-12-31 13:25:53] 0 x10an14@x10-desktop:~ -> $ ls -Flasch $(which firefox) 0 lrwxrwxrwx 1 root root 20 Dec 31 12:54 /usr/bin/firefox -> /opt/firefox/firefox* [2020-12-31 13:26:04] 0 x10an14@x10-desktop:~ -> $ screenfetch _,met$$$$$gg. x10an14@x10-desktop ,g$$$$$$$$$$$$$$$P. OS: Debian 10 buster ,g$$P"" """Y$$.". Kernel: x86_64 Linux 4.19.0-13-amd64 ,$$P' `$$$. Uptime: 3h 31m ',$$P ,ggs. `$$b: Packages: 3898 `d$$' ,$P"' . $$$ Shell: bash 5.0.3 $$P d$' , $$P Resolution: 6560x2560 $$: $$. - ,d$$' WM: i3 $$\; Y$b._ _,d$P' CPU: AMD Ryzen 5 2600 Six-Core @ 12x 3.749GHz [36.0°C] Y$$. `.`"Y$$$$P"' GPU: GeForce GTX 1080 `$$b "-.__ RAM: 4635MiB / 32161MiB `Y$$ `Y$$. `$$b. `Y$$b. `"Y$b._ `"""" [2020-12-31 13:34:32] 0 x10an14@x10-desktop:~ -> $ ``` - Firejail version (output of `firejail --version`) exclusive or used git commit (`git rev-parse HEAD`) ``` [2020-12-31 13:26:04] 0 x10an14@x10-desktop:~ -> $ firejail --version firejail version 0.9.58.2 Compile time support: - AppArmor support is enabled - AppImage support is enabled - chroot support is enabled - file and directory whitelisting support is enabled - file transfer support is enabled - networking support is enabled - overlayfs support is enabled - private-home support is enabled - seccomp-bpf support is enabled - user namespace support is enabled - X11 sandboxing support is enabled [2020-12-31 13:28:06] 0 x10an14@x10-desktop:~ -> $ ``` ## Additional context Other context about the problem like related errors to understand the problem. **Checklist** - [x] The upstream profile (and redirect profile if exists) have no changes fixing it. - [x] The program has a profile. (If not, request one in `https://github.com/netblue30/firejail/issues/1139`) - [x] A short search for duplicates was performed. - [x] If it is a AppImage, `--profile=PROFILENAME` is used to set the right profile. - [x] Used `LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 PROGRAM` to get english error-messages. - [ ] I'm aware of `browser-allow-drm yes`/`browser-disable-u2f no` in `firejail.config` to allow DRM/U2F in browsers. <details><summary> debug output </summary> ``` [2020-12-31 13:34:32] 0 x10an14@x10-desktop:~ -> $ firejail --debug firefox Autoselecting /bin/bash as shell Building quoted command line: 'firefox' Command name #firefox# Found firefox.profile profile in /etc/firejail directory Reading profile /etc/firejail/firefox.profile Found firefox-common.profile profile in /etc/firejail directory Reading profile /etc/firejail/firefox-common.profile Found disable-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-common.inc Found disable-devel.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-devel.inc Found disable-interpreters.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-interpreters.inc Found disable-programs.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-programs.inc Found whitelist-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-common.inc Found whitelist-var-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-var-common.inc Warning: networking feature is disabled in Firejail configuration file conditional BROWSER_DISABLE_U2F, nou2f DISPLAY=:0 parsed as 0 Using the local network stack Parent pid 12868, child pid 12869 Initializing child process Host network configured PID namespace installed Mounting tmpfs on /run/firejail/mnt directory Creating empty /run/firejail/mnt/seccomp directory Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file IBUS_ADDRESS=unix:abstract=/tmp/dbus-xgD4t6tj,guid=bb16cef9fa1c97e51f67c76f5fed9413 IBUS_DAEMON_PID=2104 Build protocol filter: unix,inet,inet6,netlink sbox run: /run/firejail/lib/fseccomp protocol build unix,inet,inet6,netlink /run/firejail/mnt/seccomp/seccomp.protocol (null) Dropping all capabilities Drop privileges: pid 2, uid 1000, gid 1000, nogroups 1 No supplementary groups Basic read-only filesystem: Mounting read-only /etc Mounting noexec /etc Mounting read-only /var Mounting noexec /var Mounting read-only /bin Mounting read-only /sbin Mounting read-only /lib Mounting read-only /lib64 Mounting read-only /lib32 Mounting read-only /libx32 Mounting read-only /usr Mounting tmpfs on /var/lock Mounting tmpfs on /var/tmp Mounting tmpfs on /var/log Mounting tmpfs on /var/lib/dhcp Mounting tmpfs on /var/lib/snmp Mounting tmpfs on /var/lib/sudo Create the new utmp file Mount the new utmp file Cleaning /home directory Cleaning /run/user directory Sanitizing /etc/passwd, UID_MIN 1000 Sanitizing /etc/group, GID_MIN 1000 Disable /run/firejail/network Disable /run/firejail/bandwidth Disable /run/firejail/name Disable /run/firejail/x11 Mounting tmpfs on /dev mounting /run/firejail/mnt/dev/snd directory mounting /run/firejail/mnt/dev/dri directory mounting /run/firejail/mnt/dev/nvidia0 file mounting /run/firejail/mnt/dev/nvidiactl file mounting /run/firejail/mnt/dev/nvidia-modeset file Process /dev/shm directory blacklist /run/user/1000/bus Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Remounting /proc and /proc/sys filesystems Remounting /sys directory Disable /sys/firmware Disable /sys/hypervisor Disable /sys/power Disable /sys/kernel/debug Disable /sys/kernel/vmcoreinfo Disable /proc/sys/fs/binfmt_misc Disable /proc/sys/kernel/core_pattern Disable /proc/sys/kernel/modprobe Disable /proc/sysrq-trigger Disable /proc/sys/vm/panic_on_oom Disable /proc/irq Disable /proc/bus Disable /proc/sched_debug Disable /proc/timer_list Disable /proc/kcore Disable /proc/kallsyms Disable /usr/lib/modules (requested /lib/modules) Disable /usr/lib/debug Disable /boot Disable /run/user/1000/gnupg Disable /run/user/1000/systemd Disable /proc/kmsg Debug 398: new_name #/home/x10an14/.cache/mozilla/firefox#, whitelist Debug 504: fname #/home/x10an14/.cache/mozilla/firefox#, cfg.homedir #/home/x10an14# Replaced whitelist path: whitelist /home/x10an14/.cache/mozilla/firefox Debug 398: new_name #/home/x10an14/.mozilla#, whitelist Debug 504: fname #/home/x10an14/.mozilla#, cfg.homedir #/home/x10an14# Replaced whitelist path: whitelist /home/x10an14/.mozilla Directory ${DOWNLOADS} resolved as Downloads Debug 398: new_name #/home/x10an14/Downloads#, whitelist Debug 504: fname #/home/x10an14/Downloads#, cfg.homedir #/home/x10an14# Replaced whitelist path: whitelist /home/x10an14/Downloads Debug 398: new_name #/home/x10an14/.pki#, whitelist Debug 504: fname #/home/x10an14/.pki#, cfg.homedir #/home/x10an14# Replaced whitelist path: whitelist /home/x10an14/.pki Debug 398: new_name #/home/x10an14/.local/share/pki#, whitelist Debug 504: fname #/home/x10an14/.local/share/pki#, cfg.homedir #/home/x10an14# Replaced whitelist path: whitelist /home/x10an14/.local/share/pki Debug 398: new_name #/home/x10an14/.XCompose#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.XCompose expanded: /home/x10an14/.XCompose real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.asoundrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.asoundrc expanded: /home/x10an14/.asoundrc real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.config/ibus#, whitelist Debug 504: fname #/home/x10an14/.config/ibus#, cfg.homedir #/home/x10an14# Replaced whitelist path: whitelist /home/x10an14/.config/ibus Debug 398: new_name #/home/x10an14/.config/mimeapps.list#, whitelist Debug 504: fname #/home/x10an14/.config/mimeapps.list#, cfg.homedir #/home/x10an14# Replaced whitelist path: whitelist /home/x10an14/.config/mimeapps.list Debug 398: new_name #/home/x10an14/.config/pkcs11#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/pkcs11 expanded: /home/x10an14/.config/pkcs11 real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.config/user-dirs.dirs#, whitelist Debug 504: fname #/home/x10an14/.config/user-dirs.dirs#, cfg.homedir #/home/x10an14# Replaced whitelist path: whitelist /home/x10an14/.config/user-dirs.dirs Debug 398: new_name #/home/x10an14/.drirc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.drirc expanded: /home/x10an14/.drirc real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.icons#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.icons expanded: /home/x10an14/.icons real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.local/share/applications#, whitelist Debug 504: fname #/home/x10an14/.local/share/applications#, cfg.homedir #/home/x10an14# Replaced whitelist path: whitelist /home/x10an14/.local/share/applications Debug 398: new_name #/home/x10an14/.local/share/icons#, whitelist Debug 504: fname #/home/x10an14/.local/share/icons#, cfg.homedir #/home/x10an14# Replaced whitelist path: whitelist /home/x10an14/.local/share/icons Debug 398: new_name #/home/x10an14/.local/share/mime#, whitelist Debug 504: fname #/home/x10an14/.local/share/mime#, cfg.homedir #/home/x10an14# Replaced whitelist path: whitelist /home/x10an14/.local/share/mime Debug 398: new_name #/home/x10an14/.mime.types#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.mime.types expanded: /home/x10an14/.mime.types real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.config/dconf#, whitelist Debug 504: fname #/home/x10an14/.config/dconf#, cfg.homedir #/home/x10an14# Replaced whitelist path: whitelist /home/x10an14/.config/dconf Debug 398: new_name #/home/x10an14/.cache/fontconfig#, whitelist Debug 504: fname #/home/x10an14/.cache/fontconfig#, cfg.homedir #/home/x10an14# Replaced whitelist path: whitelist /home/x10an14/.cache/fontconfig Debug 398: new_name #/home/x10an14/.config/fontconfig#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/fontconfig expanded: /home/x10an14/.config/fontconfig real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.fontconfig#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fontconfig expanded: /home/x10an14/.fontconfig real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.fonts#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts expanded: /home/x10an14/.fonts real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.fonts.conf#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf expanded: /home/x10an14/.fonts.conf real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.fonts.conf.d#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf.d expanded: /home/x10an14/.fonts.conf.d real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.fonts.d#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.d expanded: /home/x10an14/.fonts.d real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.local/share/fonts#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/fonts expanded: /home/x10an14/.local/share/fonts real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.pangorc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.pangorc expanded: /home/x10an14/.pangorc real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.config/gtk-2.0#, whitelist Debug 504: fname #/home/x10an14/.config/gtk-2.0#, cfg.homedir #/home/x10an14# Replaced whitelist path: whitelist /home/x10an14/.config/gtk-2.0 Debug 398: new_name #/home/x10an14/.config/gtk-3.0#, whitelist Debug 504: fname #/home/x10an14/.config/gtk-3.0#, cfg.homedir #/home/x10an14# Replaced whitelist path: whitelist /home/x10an14/.config/gtk-3.0 Debug 398: new_name #/home/x10an14/.config/gtkrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc expanded: /home/x10an14/.config/gtkrc real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.config/gtkrc-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc-2.0 expanded: /home/x10an14/.config/gtkrc-2.0 real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.gnome2#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2 expanded: /home/x10an14/.gnome2 real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.gnome2-private#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2-private expanded: /home/x10an14/.gnome2-private real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.gtk-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtk-2.0 expanded: /home/x10an14/.gtk-2.0 real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.gtkrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtkrc expanded: /home/x10an14/.gtkrc real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.gtkrc-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtkrc-2.0 expanded: /home/x10an14/.gtkrc-2.0 real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.kde/share/config/gtkrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc expanded: /home/x10an14/.kde/share/config/gtkrc real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.kde/share/config/gtkrc-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc-2.0 expanded: /home/x10an14/.kde/share/config/gtkrc-2.0 real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.kde4/share/config/gtkrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc expanded: /home/x10an14/.kde4/share/config/gtkrc real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.kde4/share/config/gtkrc-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc-2.0 expanded: /home/x10an14/.kde4/share/config/gtkrc-2.0 real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.local/share/themes#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/themes expanded: /home/x10an14/.local/share/themes real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.themes#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.themes expanded: /home/x10an14/.themes real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.cache/kioexec/krun#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.cache/kioexec/krun expanded: /home/x10an14/.cache/kioexec/krun real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.config/Kvantum#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/Kvantum expanded: /home/x10an14/.config/Kvantum real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.config/Trolltech.conf#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/Trolltech.conf expanded: /home/x10an14/.config/Trolltech.conf real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.config/kdeglobals#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kdeglobals expanded: /home/x10an14/.config/kdeglobals real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.config/kio_httprc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kio_httprc expanded: /home/x10an14/.config/kio_httprc real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.config/kioslaverc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kioslaverc expanded: /home/x10an14/.config/kioslaverc real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.config/ksslcablacklist#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/ksslcablacklist expanded: /home/x10an14/.config/ksslcablacklist real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.config/qt5ct#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/qt5ct expanded: /home/x10an14/.config/qt5ct real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.kde/share/config/kdeglobals#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kdeglobals expanded: /home/x10an14/.kde/share/config/kdeglobals real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.kde/share/config/kio_httprc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kio_httprc expanded: /home/x10an14/.kde/share/config/kio_httprc real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.kde/share/config/kioslaverc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kioslaverc expanded: /home/x10an14/.kde/share/config/kioslaverc real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.kde/share/config/ksslcablacklist#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/ksslcablacklist expanded: /home/x10an14/.kde/share/config/ksslcablacklist real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.kde/share/config/oxygenrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/oxygenrc expanded: /home/x10an14/.kde/share/config/oxygenrc real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.kde/share/icons#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/icons expanded: /home/x10an14/.kde/share/icons real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.kde4/share/config/kdeglobals#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kdeglobals expanded: /home/x10an14/.kde4/share/config/kdeglobals real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.kde4/share/config/kio_httprc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kio_httprc expanded: /home/x10an14/.kde4/share/config/kio_httprc real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.kde4/share/config/kioslaverc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kioslaverc expanded: /home/x10an14/.kde4/share/config/kioslaverc real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.kde4/share/config/ksslcablacklist#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/ksslcablacklist expanded: /home/x10an14/.kde4/share/config/ksslcablacklist real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.kde4/share/config/oxygenrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/oxygenrc expanded: /home/x10an14/.kde4/share/config/oxygenrc real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.kde4/share/icons#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/icons expanded: /home/x10an14/.kde4/share/icons real path: (null) realpath: No such file or directory Debug 398: new_name #/home/x10an14/.local/share/qt5ct#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/qt5ct expanded: /home/x10an14/.local/share/qt5ct real path: (null) realpath: No such file or directory Debug 398: new_name #/var/lib/dbus#, whitelist Debug 398: new_name #/var/lib/menu-xdg#, whitelist Removed whitelist/nowhitelist path: whitelist /var/lib/menu-xdg expanded: /var/lib/menu-xdg real path: (null) realpath: No such file or directory Debug 398: new_name #/var/cache/fontconfig#, whitelist Debug 398: new_name #/var/tmp#, whitelist Debug 398: new_name #/var/run#, whitelist Replaced whitelist path: whitelist /run Debug 398: new_name #/var/lock#, whitelist Replaced whitelist path: whitelist /run/lock Debug 398: new_name #/tmp/.X11-unix#, whitelist Debug 398: new_name #/tmp/pulse-PKdhtXMmr18n#, whitelist Drop privileges: pid 3, uid 1000, gid 1000, nogroups 0 Supplementary groups: 29 44 Mounting a new /home directory Mounting a new /root directory Create a new user directory Drop privileges: pid 4, uid 1000, gid 1000, nogroups 0 Supplementary groups: 29 44 Drop privileges: pid 5, uid 1000, gid 1000, nogroups 0 Supplementary groups: 29 44 Mounting tmpfs on /tmp directory Mounting tmpfs on /var directory Whitelisting /home/x10an14/.cache/mozilla/firefox 811 679 253:5 /x10an14/.cache/mozilla/firefox /home/x10an14/.cache/mozilla/firefox rw,relatime master:65 - ext4 /dev/mapper/x10--desktop--vg-home rw mountid=811 fsname=/x10an14/.cache/mozilla/firefox dir=/home/x10an14/.cache/mozilla/firefox fstype=ext4 Whitelisting /home/x10an14/.mozilla 812 679 253:5 /x10an14/.mozilla /home/x10an14/.mozilla rw,relatime master:65 - ext4 /dev/mapper/x10--desktop--vg-home rw mountid=812 fsname=/x10an14/.mozilla dir=/home/x10an14/.mozilla fstype=ext4 Whitelisting /home/x10an14/Downloads 813 679 253:5 /x10an14/Downloads /home/x10an14/Downloads rw,relatime master:65 - ext4 /dev/mapper/x10--desktop--vg-home rw mountid=813 fsname=/x10an14/Downloads dir=/home/x10an14/Downloads fstype=ext4 Whitelisting /home/x10an14/.pki 814 679 253:5 /x10an14/.pki /home/x10an14/.pki rw,relatime master:65 - ext4 /dev/mapper/x10--desktop--vg-home rw mountid=814 fsname=/x10an14/.pki dir=/home/x10an14/.pki fstype=ext4 Whitelisting /home/x10an14/.local/share/pki 815 679 253:5 /x10an14/.local/share/pki /home/x10an14/.local/share/pki rw,relatime master:65 - ext4 /dev/mapper/x10--desktop--vg-home rw mountid=815 fsname=/x10an14/.local/share/pki dir=/home/x10an14/.local/share/pki fstype=ext4 Whitelisting /home/x10an14/.config/ibus 816 679 253:5 /x10an14/.config/ibus /home/x10an14/.config/ibus rw,relatime master:65 - ext4 /dev/mapper/x10--desktop--vg-home rw mountid=816 fsname=/x10an14/.config/ibus dir=/home/x10an14/.config/ibus fstype=ext4 Whitelisting /home/x10an14/.config/mimeapps.list 817 679 253:5 /x10an14/.config/mimeapps.list /home/x10an14/.config/mimeapps.list rw,relatime master:65 - ext4 /dev/mapper/x10--desktop--vg-home rw mountid=817 fsname=/x10an14/.config/mimeapps.list dir=/home/x10an14/.config/mimeapps.list fstype=ext4 Whitelisting /home/x10an14/.config/user-dirs.dirs 828 679 253:5 /x10an14/.config/user-dirs.dirs /home/x10an14/.config/user-dirs.dirs rw,relatime master:65 - ext4 /dev/mapper/x10--desktop--vg-home rw mountid=828 fsname=/x10an14/.config/user-dirs.dirs dir=/home/x10an14/.config/user-dirs.dirs fstype=ext4 Whitelisting /home/x10an14/.local/share/applications 847 679 253:5 /x10an14/.local/share/applications /home/x10an14/.local/share/applications rw,relatime master:65 - ext4 /dev/mapper/x10--desktop--vg-home rw mountid=847 fsname=/x10an14/.local/share/applications dir=/home/x10an14/.local/share/applications fstype=ext4 Whitelisting /home/x10an14/.local/share/icons 871 679 253:5 /x10an14/.local/share/icons /home/x10an14/.local/share/icons rw,relatime master:65 - ext4 /dev/mapper/x10--desktop--vg-home rw mountid=871 fsname=/x10an14/.local/share/icons dir=/home/x10an14/.local/share/icons fstype=ext4 Whitelisting /home/x10an14/.local/share/mime 872 679 253:5 /x10an14/.local/share/mime /home/x10an14/.local/share/mime rw,relatime master:65 - ext4 /dev/mapper/x10--desktop--vg-home rw mountid=872 fsname=/x10an14/.local/share/mime dir=/home/x10an14/.local/share/mime fstype=ext4 Whitelisting /home/x10an14/.config/dconf 873 679 253:5 /x10an14/.config/dconf /home/x10an14/.config/dconf rw,relatime master:65 - ext4 /dev/mapper/x10--desktop--vg-home rw mountid=873 fsname=/x10an14/.config/dconf dir=/home/x10an14/.config/dconf fstype=ext4 Whitelisting /home/x10an14/.cache/fontconfig 874 679 253:5 /x10an14/.cache/fontconfig /home/x10an14/.cache/fontconfig rw,relatime master:65 - ext4 /dev/mapper/x10--desktop--vg-home rw mountid=874 fsname=/x10an14/.cache/fontconfig dir=/home/x10an14/.cache/fontconfig fstype=ext4 Whitelisting /home/x10an14/.config/gtk-2.0 875 679 253:5 /x10an14/.config/gtk-2.0 /home/x10an14/.config/gtk-2.0 rw,relatime master:65 - ext4 /dev/mapper/x10--desktop--vg-home rw mountid=875 fsname=/x10an14/.config/gtk-2.0 dir=/home/x10an14/.config/gtk-2.0 fstype=ext4 Whitelisting /home/x10an14/.config/gtk-3.0 876 679 253:5 /x10an14/.config/gtk-3.0 /home/x10an14/.config/gtk-3.0 rw,relatime master:65 - ext4 /dev/mapper/x10--desktop--vg-home rw mountid=876 fsname=/x10an14/.config/gtk-3.0 dir=/home/x10an14/.config/gtk-3.0 fstype=ext4 Whitelisting /var/lib/dbus 877 809 253:2 /lib/dbus /var/lib/dbus ro,nosuid,nodev,noexec,relatime master:63 - ext4 /dev/mapper/x10--desktop--vg-var rw mountid=877 fsname=/lib/dbus dir=/var/lib/dbus fstype=ext4 Whitelisting /var/cache/fontconfig 878 809 253:2 /cache/fontconfig /var/cache/fontconfig ro,nosuid,nodev,noexec,relatime master:63 - ext4 /dev/mapper/x10--desktop--vg-var rw mountid=878 fsname=/cache/fontconfig dir=/var/cache/fontconfig fstype=ext4 Whitelisting /var/tmp 879 809 0:71 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw mountid=879 fsname=/ dir=/var/tmp fstype=tmpfs Created symbolic link /var/run -> /run Created symbolic link /var/lock -> /run/lock Whitelisting /tmp/.X11-unix 880 745 253:4 /.X11-unix /tmp/.X11-unix rw,relatime master:61 - ext4 /dev/mapper/x10--desktop--vg-tmp rw mountid=880 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=ext4 Whitelisting /tmp/pulse-PKdhtXMmr18n 881 745 253:4 /pulse-PKdhtXMmr18n /tmp/pulse-PKdhtXMmr18n rw,relatime master:61 - ext4 /dev/mapper/x10--desktop--vg-tmp rw mountid=881 fsname=/pulse-PKdhtXMmr18n dir=/tmp/pulse-PKdhtXMmr18n fstype=ext4 Disable /etc/X11/Xsession.d Disable /etc/xdg/autostart Mounting read-only /home/x10an14/.Xauthority Disable /run/docker.sock (requested /var/run/docker.sock) Disable /etc/anacrontab Disable /etc/cron.allow Disable /etc/cron.d Disable /etc/cron.hourly Disable /etc/cron.monthly Disable /etc/cron.daily Disable /etc/crontab Disable /etc/cron.weekly Disable /etc/profile.d Disable /etc/rc0.d Disable /etc/rc2.d Disable /etc/rc4.d Disable /etc/rc3.d Disable /etc/rcS.d Disable /etc/rc1.d Disable /etc/rc6.d Disable /etc/rc5.d Disable /etc/kernel Disable /etc/grub.d Disable /etc/dkms Disable /etc/apparmor.d Disable /etc/apparmor Disable /etc/selinux Disable /etc/modules Disable /etc/modules-load.d Disable /etc/logrotate.conf Disable /etc/logrotate.d Disable /etc/adduser.conf Mounting read-only /home/x10an14/.bashrc Mounting read-only /home/x10an14/.local/share/applications Not blacklist /home/x10an14/.pki Not blacklist /home/x10an14/.local/share/pki Disable /etc/group- Disable /etc/gshadow Disable /etc/gshadow- Disable /etc/passwd- Disable /etc/shadow Disable /etc/shadow- Disable /etc/ssh Disable /usr/sbin (requested /sbin) Disable /usr/local/sbin Disable /usr/sbin Disable /usr/bin/chage Disable /usr/bin/chage (requested /bin/chage) Disable /usr/bin/chfn Disable /usr/bin/chfn (requested /bin/chfn) Disable /usr/bin/chsh Disable /usr/bin/chsh (requested /bin/chsh) Disable /usr/bin/crontab Disable /usr/bin/crontab (requested /bin/crontab) Disable /usr/bin/expiry Disable /usr/bin/expiry (requested /bin/expiry) Disable /usr/bin/fusermount Disable /usr/bin/fusermount (requested /bin/fusermount) Disable /usr/bin/gpasswd Disable /usr/bin/gpasswd (requested /bin/gpasswd) Disable /usr/bin/mount Disable /usr/bin/mount (requested /bin/mount) Disable /usr/bin/nc.openbsd (requested /usr/bin/nc) Disable /usr/bin/nc.openbsd (requested /bin/nc) Disable /usr/bin/newgrp Disable /usr/bin/newgrp (requested /bin/newgrp) Disable /usr/bin/ntfs-3g Disable /usr/bin/ntfs-3g (requested /bin/ntfs-3g) Disable /usr/bin/pkexec Disable /usr/bin/pkexec (requested /bin/pkexec) Disable /usr/bin/newgrp (requested /usr/bin/sg) Disable /usr/bin/newgrp (requested /bin/sg) Disable /usr/bin/strace Disable /usr/bin/strace (requested /bin/strace) Disable /usr/bin/su Disable /usr/bin/su (requested /bin/su) Disable /usr/bin/sudo Disable /usr/bin/sudo (requested /bin/sudo) Disable /usr/bin/umount Disable /usr/bin/umount (requested /bin/umount) Disable /usr/bin/xev Disable /usr/bin/xev (requested /bin/xev) Disable /usr/bin/gnome-terminal Disable /usr/bin/gnome-terminal (requested /bin/gnome-terminal) Disable /usr/bin/gnome-terminal.wrapper Disable /usr/bin/gnome-terminal.wrapper (requested /bin/gnome-terminal.wrapper) Disable /usr/share/flatpak Disable /usr/bin/bwrap Disable /usr/bin/bwrap (requested /bin/bwrap) Disable /usr/bin/x86_64-linux-gnu-as (requested /usr/bin/as) Disable /usr/bin/x86_64-linux-gnu-as (requested /bin/as) Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /usr/bin/cc) Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /bin/cc) Disable /usr/bin/x86_64-linux-gnu-c++filt (requested /usr/bin/c++filt) Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /usr/bin/c++) Disable /usr/bin/x86_64-linux-gnu-c++filt (requested /bin/c++filt) Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /bin/c++) Disable /usr/bin/c89-gcc Disable /usr/bin/c89-gcc (requested /usr/bin/c89) Disable /usr/bin/c89-gcc (requested /bin/c89-gcc) Disable /usr/bin/c89-gcc (requested /bin/c89) Disable /usr/bin/c99-gcc (requested /usr/bin/c99) Disable /usr/bin/c99-gcc Disable /usr/bin/c99-gcc (requested /bin/c99) Disable /usr/bin/c99-gcc (requested /bin/c99-gcc) Disable /usr/bin/x86_64-linux-gnu-cpp-8 (requested /usr/bin/cpp) Disable /usr/bin/x86_64-linux-gnu-cpp-8 (requested /usr/bin/cpp-8) Disable /usr/bin/x86_64-linux-gnu-cpp-8 (requested /bin/cpp) Disable /usr/bin/x86_64-linux-gnu-cpp-8 (requested /bin/cpp-8) Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /usr/bin/g++) Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /usr/bin/g++-8) Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /bin/g++) Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /bin/g++-8) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 (requested /usr/bin/gcc-ar-8) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 (requested /usr/bin/gcc-nm-8) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 (requested /usr/bin/gcc-nm) Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /usr/bin/gcc) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 (requested /usr/bin/gcc-ranlib-8) Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /usr/bin/gcc-8) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 (requested /usr/bin/gcc-ranlib) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 (requested /usr/bin/gcc-ar) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 (requested /bin/gcc-ar-8) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 (requested /bin/gcc-nm-8) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 (requested /bin/gcc-nm) Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /bin/gcc) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 (requested /bin/gcc-ranlib-8) Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /bin/gcc-8) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 (requested /bin/gcc-ranlib) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 (requested /bin/gcc-ar) Disable /usr/bin/gdb Disable /usr/bin/gdb (requested /bin/gdb) Disable /usr/bin/x86_64-linux-gnu-ld.bfd (requested /usr/bin/ld) Disable /usr/bin/x86_64-linux-gnu-ld.bfd (requested /bin/ld) Disable /usr/bin/avr-gcc-nm Disable /usr/bin/arm-none-eabi-gcc Disable /usr/bin/arm-none-eabi-gcc-ranlib Disable /usr/bin/c89-gcc Disable /usr/bin/x86_64-linux-gnu-gcc-8 Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 (requested /usr/bin/x86_64-linux-gnu-gcc-nm) Disable /usr/bin/arm-none-eabi-gcc-nm Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 (requested /usr/bin/x86_64-linux-gnu-gcc-ranlib) Disable /usr/bin/avr-gcc-5.4.0 Disable /usr/bin/avr-gcc Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 Disable /usr/bin/avr-gcc-ar Disable /usr/bin/arm-none-eabi-gcc-7.3.1 Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 (requested /usr/bin/x86_64-linux-gnu-gcc-ar) Disable /usr/bin/arm-none-eabi-gcc-ar Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /usr/bin/x86_64-linux-gnu-gcc) Disable /usr/bin/c99-gcc Disable /usr/bin/avr-gcc-ranlib Disable /usr/bin/avr-gcc-nm (requested /bin/avr-gcc-nm) Disable /usr/bin/arm-none-eabi-gcc (requested /bin/arm-none-eabi-gcc) Disable /usr/bin/arm-none-eabi-gcc-ranlib (requested /bin/arm-none-eabi-gcc-ranlib) Disable /usr/bin/c89-gcc (requested /bin/c89-gcc) Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /bin/x86_64-linux-gnu-gcc-8) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 (requested /bin/x86_64-linux-gnu-gcc-nm) Disable /usr/bin/arm-none-eabi-gcc-nm (requested /bin/arm-none-eabi-gcc-nm) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 (requested /bin/x86_64-linux-gnu-gcc-ranlib) Disable /usr/bin/avr-gcc-5.4.0 (requested /bin/avr-gcc-5.4.0) Disable /usr/bin/avr-gcc (requested /bin/avr-gcc) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 (requested /bin/x86_64-linux-gnu-gcc-nm-8) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 (requested /bin/x86_64-linux-gnu-gcc-ar-8) Disable /usr/bin/avr-gcc-ar (requested /bin/avr-gcc-ar) Disable /usr/bin/arm-none-eabi-gcc-7.3.1 (requested /bin/arm-none-eabi-gcc-7.3.1) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 (requested /bin/x86_64-linux-gnu-gcc-ar) Disable /usr/bin/arm-none-eabi-gcc-ar (requested /bin/arm-none-eabi-gcc-ar) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 (requested /bin/x86_64-linux-gnu-gcc-ranlib-8) Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /bin/x86_64-linux-gnu-gcc) Disable /usr/bin/c99-gcc (requested /bin/c99-gcc) Disable /usr/bin/avr-gcc-ranlib (requested /bin/avr-gcc-ranlib) Disable /usr/bin/x86_64-linux-gnu-g++-8 Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /usr/bin/x86_64-linux-gnu-g++) Disable /usr/bin/avr-g++ Disable /usr/bin/arm-none-eabi-g++ Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /bin/x86_64-linux-gnu-g++-8) Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /bin/x86_64-linux-gnu-g++) Disable /usr/bin/avr-g++ (requested /bin/avr-g++) Disable /usr/bin/arm-none-eabi-g++ (requested /bin/arm-none-eabi-g++) Disable /usr/bin/avr-gcc-nm Disable /usr/bin/arm-none-eabi-gcc Disable /usr/bin/arm-none-eabi-gcc-ranlib Disable /usr/bin/c89-gcc Disable /usr/bin/x86_64-linux-gnu-gcc-8 Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 (requested /usr/bin/x86_64-linux-gnu-gcc-nm) Disable /usr/bin/arm-none-eabi-gcc-nm Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 (requested /usr/bin/x86_64-linux-gnu-gcc-ranlib) Disable /usr/bin/avr-gcc-5.4.0 Disable /usr/bin/avr-gcc Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 Disable /usr/bin/avr-gcc-ar Disable /usr/bin/arm-none-eabi-gcc-7.3.1 Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 (requested /usr/bin/x86_64-linux-gnu-gcc-ar) Disable /usr/bin/arm-none-eabi-gcc-ar Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /usr/bin/x86_64-linux-gnu-gcc) Disable /usr/bin/c99-gcc Disable /usr/bin/avr-gcc-ranlib Disable /usr/bin/avr-gcc-nm (requested /bin/avr-gcc-nm) Disable /usr/bin/arm-none-eabi-gcc (requested /bin/arm-none-eabi-gcc) Disable /usr/bin/arm-none-eabi-gcc-ranlib (requested /bin/arm-none-eabi-gcc-ranlib) Disable /usr/bin/c89-gcc (requested /bin/c89-gcc) Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /bin/x86_64-linux-gnu-gcc-8) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 (requested /bin/x86_64-linux-gnu-gcc-nm) Disable /usr/bin/arm-none-eabi-gcc-nm (requested /bin/arm-none-eabi-gcc-nm) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 (requested /bin/x86_64-linux-gnu-gcc-ranlib) Disable /usr/bin/avr-gcc-5.4.0 (requested /bin/avr-gcc-5.4.0) Disable /usr/bin/avr-gcc (requested /bin/avr-gcc) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-8 (requested /bin/x86_64-linux-gnu-gcc-nm-8) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 (requested /bin/x86_64-linux-gnu-gcc-ar-8) Disable /usr/bin/avr-gcc-ar (requested /bin/avr-gcc-ar) Disable /usr/bin/arm-none-eabi-gcc-7.3.1 (requested /bin/arm-none-eabi-gcc-7.3.1) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-8 (requested /bin/x86_64-linux-gnu-gcc-ar) Disable /usr/bin/arm-none-eabi-gcc-ar (requested /bin/arm-none-eabi-gcc-ar) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-8 (requested /bin/x86_64-linux-gnu-gcc-ranlib-8) Disable /usr/bin/x86_64-linux-gnu-gcc-8 (requested /bin/x86_64-linux-gnu-gcc) Disable /usr/bin/c99-gcc (requested /bin/c99-gcc) Disable /usr/bin/avr-gcc-ranlib (requested /bin/avr-gcc-ranlib) Disable /usr/bin/x86_64-linux-gnu-g++-8 Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /usr/bin/x86_64-linux-gnu-g++) Disable /usr/bin/avr-g++ Disable /usr/bin/arm-none-eabi-g++ Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /bin/x86_64-linux-gnu-g++-8) Disable /usr/bin/x86_64-linux-gnu-g++-8 (requested /bin/x86_64-linux-gnu-g++) Disable /usr/bin/avr-g++ (requested /bin/avr-g++) Disable /usr/bin/arm-none-eabi-g++ (requested /bin/arm-none-eabi-g++) Disable /usr/include Disable /usr/local/go/bin/go Disable /usr/local/go/bin/gofmt Disable /usr/share/java Disable /usr/bin/openssl Disable /usr/bin/openssl (requested /bin/openssl) Disable /usr/lib/valgrind Disable /usr/share/texlive/texmf-dist/scripts/luaotfload/luaotfload-tool.lua (requested /usr/bin/luaotfload-tool) Disable /usr/bin/luatex53 Disable /usr/bin/luatex (requested /usr/bin/lualatex) Disable /usr/bin/luatex Disable /usr/share/texlive/texmf-dist/scripts/lua2dox/lua2dox_filter (requested /usr/bin/lua2dox_filter) Disable /usr/bin/luajittex Disable /usr/bin/luatools Disable /usr/share/texlive/texmf-dist/scripts/luaotfload/luaotfload-tool.lua (requested /bin/luaotfload-tool) Disable /usr/bin/luatex53 (requested /bin/luatex53) Disable /usr/bin/luatex (requested /bin/lualatex) Disable /usr/bin/luatex (requested /bin/luatex) Disable /usr/share/texlive/texmf-dist/scripts/lua2dox/lua2dox_filter (requested /bin/lua2dox_filter) Disable /usr/bin/luajittex (requested /bin/luajittex) Disable /usr/bin/luatools (requested /bin/luatools) Disable /usr/share/lua Disable /usr/bin/node Disable /usr/bin/node (requested /bin/node) Disable /usr/bin/cpan5.28-x86_64-linux-gnu Disable /usr/bin/cpan5.28-i386-linux-gnu Disable /usr/bin/cpan Disable /usr/bin/cpan5.28-x86_64-linux-gnu (requested /bin/cpan5.28-x86_64-linux-gnu) Disable /usr/bin/cpan5.28-i386-linux-gnu (requested /bin/cpan5.28-i386-linux-gnu) Disable /usr/bin/cpan (requested /bin/cpan) Disable /usr/bin/perl Disable /usr/bin/perl (requested /bin/perl) Disable /usr/share/perl Disable /usr/share/perl-openssl-defaults Disable /usr/share/perl5 Disable /usr/bin/ruby2.5 (requested /usr/bin/ruby) Disable /usr/bin/ruby2.5 (requested /bin/ruby) Disable /usr/lib/ruby Disable /usr/bin/python2-pasteurize Disable /usr/bin/python2.7 Disable /usr/bin/python2.7 (requested /usr/bin/python2) Disable /usr/bin/python2-futurize Disable /usr/bin/python2-pasteurize (requested /bin/python2-pasteurize) Disable /usr/bin/python2.7 (requested /bin/python2.7) Disable /usr/bin/python2.7 (requested /bin/python2) Disable /usr/bin/python2-futurize (requested /bin/python2-futurize) Disable /usr/lib/python2.6 Disable /usr/lib/python2.7 Disable /usr/local/lib/python2.7 Disable /usr/bin/x86_64-linux-gnu-python3.7m-config (requested /usr/bin/python3.7-config) Disable /usr/bin/python3.7m (requested /usr/bin/python3m) Disable /usr/bin/python3.7m Disable /usr/bin/x86_64-linux-gnu-python3.7m-config (requested /usr/bin/python3-config) Disable /usr/bin/x86_64-linux-gnu-python3.7m-config (requested /usr/bin/python3m-config) Disable /usr/bin/x86_64-linux-gnu-python3.7m-config (requested /usr/bin/python3.7m-config) Disable /usr/bin/python3.7 Disable /usr/bin/python3.7 (requested /usr/bin/python3) Disable /usr/bin/x86_64-linux-gnu-python3.7m-config (requested /bin/python3.7-config) Disable /usr/bin/python3.7m (requested /bin/python3m) Disable /usr/bin/python3.7m (requested /bin/python3.7m) Disable /usr/bin/x86_64-linux-gnu-python3.7m-config (requested /bin/python3-config) Disable /usr/bin/x86_64-linux-gnu-python3.7m-config (requested /bin/python3m-config) Disable /usr/bin/x86_64-linux-gnu-python3.7m-config (requested /bin/python3.7m-config) Disable /usr/bin/python3.7 (requested /bin/python3.7) Disable /usr/bin/python3.7 (requested /bin/python3) Disable /usr/lib/python3.7 Disable /usr/lib/python3 Disable /usr/local/lib/python3.7 Disable /usr/share/python3 Not blacklist /home/x10an14/.mozilla Not blacklist /home/x10an14/.cache/mozilla Mounting read-only /home/x10an14/.config/user-dirs.dirs Mounting noexec /tmp Mounting noexec /tmp/.X11-unix Mounting noexec /tmp/pulse-PKdhtXMmr18n Disable /sys/fs Disable /sys/module Disable /mnt Disable /media Disable /run/mount Mounting noexec /run/firejail/mnt/pulse Creating empty /home/x10an14/.config/pulse directory Drop privileges: pid 6, uid 1000, gid 1000, nogroups 0 Supplementary groups: 29 44 1514 679 0:48 /pulse /home/x10an14/.config/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755 mountid=1514 fsname=/pulse dir=/home/x10an14/.config/pulse fstype=tmpfs blacklist /dev/dvb blacklist /dev/sr0 blacklist /dev/hidraw0 blacklist /dev/hidraw1 blacklist /dev/hidraw2 blacklist /dev/hidraw3 blacklist /dev/hidraw4 blacklist /dev/hidraw5 blacklist /dev/hidraw6 blacklist /dev/hidraw7 blacklist /dev/hidraw8 blacklist /dev/hidraw9 blacklist /dev/usb Create the new ld.so.preload file Post-exec seccomp protector enabled Mount the new ld.so.preload file Current directory: /home/x10an14 DISPLAY=:0 parsed as 0 Install protocol filter: unix,inet,inet6,netlink configuring 16 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol (null) Dropping all capabilities Drop privileges: pid 7, uid 1000, gid 1000, nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 15 01 00 00000029 jeq socket 0006 (false 0005) 0005: 06 00 00 7fff0000 ret ALLOW 0006: 20 00 00 00000010 ld data.args[0] 0007: 15 00 01 00000001 jeq 1 0008 (false 0009) 0008: 06 00 00 7fff0000 ret ALLOW 0009: 15 00 01 00000002 jeq 2 000a (false 000b) 000a: 06 00 00 7fff0000 ret ALLOW 000b: 15 00 01 0000000a jeq a 000c (false 000d) 000c: 06 00 00 7fff0000 ret ALLOW 000d: 15 00 01 00000010 jeq 10 000e (false 000f) 000e: 06 00 00 7fff0000 ret ALLOW 000f: 06 00 00 0005005f ret ERRNO(95) Build drop seccomp filter sbox run: /run/firejail/lib/fseccomp drop /run/firejail/mnt/seccomp/seccomp /run/firejail/mnt/seccomp/seccomp.postexec @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice (null) Dropping all capabilities Drop privileges: pid 8, uid 1000, gid 1000, nogroups 1 No supplementary groups Seccomp list in: @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice, check list: @default-keep, prelist: adjtimex,clock_adjtime,clock_settime,settimeofday,modify_ldt,lookup_dcookie,perf_event_open,process_vm_writev,delete_module,finit_module,init_module,_sysctl,afs_syscall,create_module,get_kernel_syms,getpmsg,putpmsg,query_module,security,sysfs,tuxcall,uselib,ustat,vserver,ioperm,iopl,kexec_load,kexec_file_load,reboot,set_mempolicy,migrate_pages,move_pages,mbind,swapon,swapoff,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount2,userfaultfd,vhangup,vmsplice, sbox run: /run/firejail/lib/fsec-optimize /run/firejail/mnt/seccomp/seccomp (null) Dropping all capabilities Drop privileges: pid 9, uid 1000, gid 1000, nogroups 1 No supplementary groups configuring 73 seccomp entries in /run/firejail/mnt/seccomp/seccomp sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp (null) Dropping all capabilities Drop privileges: pid 10, uid 1000, gid 1000, nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005) 0005: 35 01 00 00000000 jge read 0007 (false 0006) 0006: 06 00 00 00050001 ret ERRNO(1) 0007: 15 40 00 0000009f jeq adjtimex 0048 (false 0008) 0008: 15 3f 00 00000131 jeq clock_adjtime 0048 (false 0009) 0009: 15 3e 00 000000e3 jeq clock_settime 0048 (false 000a) 000a: 15 3d 00 000000a4 jeq settimeofday 0048 (false 000b) 000b: 15 3c 00 0000009a jeq modify_ldt 0048 (false 000c) 000c: 15 3b 00 000000d4 jeq lookup_dcookie 0048 (false 000d) 000d: 15 3a 00 0000012a jeq perf_event_open 0048 (false 000e) 000e: 15 39 00 00000137 jeq process_vm_writev 0048 (false 000f) 000f: 15 38 00 000000b0 jeq delete_module 0048 (false 0010) 0010: 15 37 00 00000139 jeq finit_module 0048 (false 0011) 0011: 15 36 00 000000af jeq init_module 0048 (false 0012) 0012: 15 35 00 0000009c jeq _sysctl 0048 (false 0013) 0013: 15 34 00 000000b7 jeq afs_syscall 0048 (false 0014) 0014: 15 33 00 000000ae jeq create_module 0048 (false 0015) 0015: 15 32 00 000000b1 jeq get_kernel_syms 0048 (false 0016) 0016: 15 31 00 000000b5 jeq getpmsg 0048 (false 0017) 0017: 15 30 00 000000b6 jeq putpmsg 0048 (false 0018) 0018: 15 2f 00 000000b2 jeq query_module 0048 (false 0019) 0019: 15 2e 00 000000b9 jeq security 0048 (false 001a) 001a: 15 2d 00 0000008b jeq sysfs 0048 (false 001b) 001b: 15 2c 00 000000b8 jeq tuxcall 0048 (false 001c) 001c: 15 2b 00 00000086 jeq uselib 0048 (false 001d) 001d: 15 2a 00 00000088 jeq ustat 0048 (false 001e) 001e: 15 29 00 000000ec jeq vserver 0048 (false 001f) 001f: 15 28 00 000000ad jeq ioperm 0048 (false 0020) 0020: 15 27 00 000000ac jeq iopl 0048 (false 0021) 0021: 15 26 00 000000f6 jeq kexec_load 0048 (false 0022) 0022: 15 25 00 00000140 jeq kexec_file_load 0048 (false 0023) 0023: 15 24 00 000000a9 jeq reboot 0048 (false 0024) 0024: 15 23 00 000000ee jeq set_mempolicy 0048 (false 0025) 0025: 15 22 00 00000100 jeq migrate_pages 0048 (false 0026) 0026: 15 21 00 00000117 jeq move_pages 0048 (false 0027) 0027: 15 20 00 000000ed jeq mbind 0048 (false 0028) 0028: 15 1f 00 000000a7 jeq swapon 0048 (false 0029) 0029: 15 1e 00 000000a8 jeq swapoff 0048 (false 002a) 002a: 15 1d 00 000000a3 jeq acct 0048 (false 002b) 002b: 15 1c 00 000000f8 jeq add_key 0048 (false 002c) 002c: 15 1b 00 00000141 jeq bpf 0048 (false 002d) 002d: 15 1a 00 0000012c jeq fanotify_init 0048 (false 002e) 002e: 15 19 00 000000d2 jeq io_cancel 0048 (false 002f) 002f: 15 18 00 000000cf jeq io_destroy 0048 (false 0030) 0030: 15 17 00 000000d0 jeq io_getevents 0048 (false 0031) 0031: 15 16 00 000000ce jeq io_setup 0048 (false 0032) 0032: 15 15 00 000000d1 jeq io_submit 0048 (false 0033) 0033: 15 14 00 000000fb jeq ioprio_set 0048 (false 0034) 0034: 15 13 00 00000138 jeq kcmp 0048 (false 0035) 0035: 15 12 00 000000fa jeq keyctl 0048 (false 0036) 0036: 15 11 00 000000a5 jeq mount 0048 (false 0037) 0037: 15 10 00 0000012f jeq name_to_handle_at 0048 (false 0038) 0038: 15 0f 00 000000b4 jeq nfsservctl 0048 (false 0039) 0039: 15 0e 00 00000130 jeq open_by_handle_at 0048 (false 003a) 003a: 15 0d 00 00000087 jeq personality 0048 (false 003b) 003b: 15 0c 00 0000009b jeq pivot_root 0048 (false 003c) 003c: 15 0b 00 00000136 jeq process_vm_readv 0048 (false 003d) 003d: 15 0a 00 00000065 jeq ptrace 0048 (false 003e) 003e: 15 09 00 000000d8 jeq remap_file_pages 0048 (false 003f) 003f: 15 08 00 000000f9 jeq request_key 0048 (false 0040) 0040: 15 07 00 000000ab jeq setdomainname 0048 (false 0041) 0041: 15 06 00 000000aa jeq sethostname 0048 (false 0042) 0042: 15 05 00 00000067 jeq syslog 0048 (false 0043) 0043: 15 04 00 000000a6 jeq umount2 0048 (false 0044) 0044: 15 03 00 00000143 jeq userfaultfd 0048 (false 0045) 0045: 15 02 00 00000099 jeq vhangup 0048 (false 0046) 0046: 15 01 00 00000116 jeq vmsplice 0048 (false 0047) 0047: 06 00 00 7fff0000 ret ALLOW 0048: 06 00 00 00000000 ret KILL seccomp filter configured Mounting read-only /run/firejail/mnt/seccomp Dropping all capabilities noroot user namespace installed Dropping all capabilities NO_NEW_PRIVS set Drop privileges: pid 1, uid 1000, gid 1000, nogroups 1 No supplementary groups AppArmor enabled starting application LD_PRELOAD=(null) execvp argument 0: firefox Child process initialized in 175.54 ms Searching $PATH for firefox trying #/home/x10an14/.sdkman/candidates/maven/current/bin/firefox# trying #/home/x10an14/.sdkman/candidates/java/current/bin/firefox# trying #/usr/lib/google-cloud-sdk/bin/firefox# trying #/home/x10an14/Documents/github/pyenv/shims/firefox# trying #/home/x10an14/Documents/github/pyenv/bin/firefox# trying #/home/x10an14/.volta//bin/firefox# trying #/home/x10an14/.cargo/bin/firefox# trying #/home/x10an14/.cargo/bin/firefox# trying #/home/x10an14/.dotnet/tools/firefox# trying #/home/x10an14/.kubectx/firefox# trying #/home/x10an14/.local/bin/firefox# trying #/usr/local/bin/firefox# trying #/usr/bin/firefox# trying #/bin/firefox# trying #/usr/local/games/firefox# trying #/usr/games/firefox# trying #/usr/local/go/bin/firefox# trying #/home/x10an14/go/bin/firefox# trying #/usr/sbin/firefox# Installing /run/firejail/mnt/seccomp/seccomp seccomp filter Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter Error: no suitable firefox executable found monitoring pid 11 Sandbox monitor: waitpid 11 retval 11 status 256 Parent is shutting down, bye... [2020-12-31 13:35:44] 1 x10an14@x10-desktop:~ -> $ ``` </details>
gitea-mirror commented 2026-05-05 09:06:15 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Dec 31, 2020):

Does firejail --ignore=disable-mnt firefox work?

<!-- gh-comment-id:752951874 --> @rusty-snake commented on GitHub (Dec 31, 2020): Does `firejail --ignore=disable-mnt firefox` work?
gitea-mirror commented 2026-05-05 09:06:16 -06:00
Author
Owner
Copy link

@x10an14 commented on GitHub (Dec 31, 2020):

Does firejail --ignore=disable-mnt firefox work?

[2020-12-31 14:38:03] 1 x10an14@x10-desktop:~
-> $ firejail --ignore=disable-mnt firefox 
Reading profile /etc/firejail/firefox.profile
Reading profile /etc/firejail/firefox-common.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Warning: networking feature is disabled in Firejail configuration file
Parent pid 23477, child pid 23478
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Post-exec seccomp protector enabled
Seccomp list in: @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice, check list: @default-keep, prelist: adjtimex,clock_adjtime,clock_settime,settimeofday,modify_ldt,lookup_dcookie,perf_event_open,process_vm_writev,delete_module,finit_module,init_module,_sysctl,afs_syscall,create_module,get_kernel_syms,getpmsg,putpmsg,query_module,security,sysfs,tuxcall,uselib,ustat,vserver,ioperm,iopl,kexec_load,kexec_file_load,reboot,set_mempolicy,migrate_pages,move_pages,mbind,swapon,swapoff,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount2,userfaultfd,vhangup,vmsplice,
Child process initialized in 195.10 ms
Exec failed with error: Permission denied

Parent is shutting down, bye...
[2020-12-31 14:38:53] 255 x10an14@x10-desktop:~
-> $

Nope... =( But changed the error message though.
It is correct that /opt resides on a different mountpoint than /{,home/}, though.

<!-- gh-comment-id:752961640 --> @x10an14 commented on GitHub (Dec 31, 2020): > Does `firejail --ignore=disable-mnt firefox` work? ``` [2020-12-31 14:38:03] 1 x10an14@x10-desktop:~ -> $ firejail --ignore=disable-mnt firefox Reading profile /etc/firejail/firefox.profile Reading profile /etc/firejail/firefox-common.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Warning: networking feature is disabled in Firejail configuration file Parent pid 23477, child pid 23478 Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Post-exec seccomp protector enabled Seccomp list in: @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice, check list: @default-keep, prelist: adjtimex,clock_adjtime,clock_settime,settimeofday,modify_ldt,lookup_dcookie,perf_event_open,process_vm_writev,delete_module,finit_module,init_module,_sysctl,afs_syscall,create_module,get_kernel_syms,getpmsg,putpmsg,query_module,security,sysfs,tuxcall,uselib,ustat,vserver,ioperm,iopl,kexec_load,kexec_file_load,reboot,set_mempolicy,migrate_pages,move_pages,mbind,swapon,swapoff,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount2,userfaultfd,vhangup,vmsplice, Child process initialized in 195.10 ms Exec failed with error: Permission denied Parent is shutting down, bye... [2020-12-31 14:38:53] 255 x10an14@x10-desktop:~ -> $ ``` Nope... =( But changed the error message though. It is correct that `/opt` resides on a different mountpoint than `/{,home/}`, though.
gitea-mirror commented 2026-05-05 09:06:17 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Dec 31, 2020):

It is correct that /opt resides on a different mountpoint than /{,home/}, though.

The problem isn't that is has an other partition/mount, the problem is that is seems to be mounted at /mnt which is blacklisted by disable-mnt. If your setup allows you to mount it somewhere else, you can keep ´disable-mnt`.

Exec failed with error: Permission denied

Maybe AA makes it noexec. Try firejail --ignore=disable-mnt --ignore=apparmor firefox.

<!-- gh-comment-id:752990354 --> @rusty-snake commented on GitHub (Dec 31, 2020): > It is correct that `/opt` resides on a different mountpoint than `/{,home/}`, though. The problem isn't that is has an other partition/mount, the problem is that is seems to be mounted at `/mnt` which is blacklisted by `disable-mnt`. If your setup allows you to mount it somewhere else, you can keep ´disable-mnt`. > Exec failed with error: Permission denied Maybe AA makes it `noexec`. Try `firejail --ignore=disable-mnt --ignore=apparmor firefox`.
gitea-mirror commented 2026-05-05 09:06:18 -06:00
Author
Owner
Copy link

@Micha-Btz commented on GitHub (Jan 6, 2021):

I have this too and I think the problem is, that it is only a link
in ~ ✦ ❯ ls -lha /usr/bin/firefox
lrwxrwxrwx 1 root root 22 18. Dez 02:09 /usr/bin/firefox -> ../lib/firefox/firefox

mdomann in sysiphus in ~ ✦ ❯ firejail --ignore=disable-mnt --ignore=apparmor firefox
Reading profile /etc/firejail/firefox.profile
Reading profile /home/mdomann/.config/firejail/firefox.local
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/firefox-common.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Warning: networking feature is disabled in Firejail configuration file
Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
Parent pid 37947, child pid 37950
1 program installed in 0.73 ms
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
Child process initialized in 66.83 ms
Error: no suitable firefox executable found

Parent is shutting down, bye...

firejail --profile=/etc/firejail/firefox.profile /usr/lib/firefox/firefox
works

<!-- gh-comment-id:755647772 --> @Micha-Btz commented on GitHub (Jan 6, 2021): I have this too and I think the problem is, that it is only a link in ~ ✦ ❯ ls -lha /usr/bin/firefox lrwxrwxrwx 1 root root 22 18. Dez 02:09 /usr/bin/firefox -> ../lib/firefox/firefox ``` mdomann in sysiphus in ~ ✦ ❯ firejail --ignore=disable-mnt --ignore=apparmor firefox Reading profile /etc/firejail/firefox.profile Reading profile /home/mdomann/.config/firejail/firefox.local Reading profile /etc/firejail/whitelist-usr-share-common.inc Reading profile /etc/firejail/firefox-common.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Warning: networking feature is disabled in Firejail configuration file Seccomp list in: !chroot, check list: @default-keep, prelist: unknown, Parent pid 37947, child pid 37950 1 program installed in 0.73 ms Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Seccomp list in: !chroot, check list: @default-keep, prelist: unknown, Child process initialized in 66.83 ms Error: no suitable firefox executable found Parent is shutting down, bye... ``` firejail --profile=/etc/firejail/firefox.profile /usr/lib/firefox/firefox works
gitea-mirror commented 2026-05-05 09:06:20 -06:00
Author
Owner
Copy link

@thiswillbeyourgithub commented on GitHub (Jan 6, 2021):

I don't know if my issue is related to this here but I had similar issues that got solved by finding all the firefox executable and figuring out which one was not owned by root.

I think I had one in /usr/bin/firefox and one in /usr/local/bin/firefox

I have no idea how that happenned but suddenly in the last week I had issues with firejail because of this. I have no idea what happenned so I installed the latest firejail version then checked out all the executables of firefox by hand.

Useful commands are type -a firefox and locate firefox | grep bin

<!-- gh-comment-id:755722370 --> @thiswillbeyourgithub commented on GitHub (Jan 6, 2021): I don't know if my issue is related to this here but I had similar issues that got solved by finding all the firefox executable and figuring out which one was not owned by root. I think I had one in /usr/bin/firefox and one in /usr/local/bin/firefox I have no idea how that happenned but suddenly in the last week I had issues with firejail because of this. I have no idea what happenned so I installed the latest firejail version then checked out all the executables of firefox by hand. Useful commands are `type -a firefox` and `locate firefox | grep bin`
gitea-mirror commented 2026-05-05 09:06:21 -06:00
Author
Owner
Copy link

@Micha-Btz commented on GitHub (Jan 6, 2021):

/usr/local/bin/firefox is a link to the firejail binary created by the install. So that firefox should always run in firejail.

<!-- gh-comment-id:755740307 --> @Micha-Btz commented on GitHub (Jan 6, 2021): /usr/local/bin/firefox is a link to the firejail binary created by the install. So that firefox should always run in firejail.
gitea-mirror commented 2026-05-05 09:06:22 -06:00
Author
Owner
Copy link

@x10an14 commented on GitHub (Jan 7, 2021):

Maybe AA makes it noexec. Try firejail --ignore=disable-mnt --ignore=apparmor firefox.

@rusty-snake was on-point, the --ignore=apparmor lets my Firefox start.
Is there some way of getting better error reports from firejail (as opposed to have to manually test/remove/add flags) to figure out exactly what stops the app from running?

But since it's apparmor (which is not activated for some reason when running without firejail) I guess that means we can close this issue =)

(Any hints/tips to properly debug apparmor would be much appreciated)!

<!-- gh-comment-id:755953815 --> @x10an14 commented on GitHub (Jan 7, 2021): > Maybe AA makes it noexec. Try firejail --ignore=disable-mnt --ignore=apparmor firefox. @rusty-snake was on-point, the `--ignore=apparmor` lets my Firefox start. Is there some way of getting better error reports from firejail (as opposed to have to manually test/remove/add flags) to figure out exactly _what_ stops the app from running? But since it's apparmor (which is not activated for some reason when running without firejail) I guess that means we can close this issue =) (Any hints/tips to properly debug apparmor would be much appreciated)!
gitea-mirror commented 2026-05-05 09:06:22 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Jan 7, 2021):

(Any hints/tips to properly debug apparmor would be much appreciated)!

@Vincent43 knows what to add to firejail-local in order to allow exec from /mnt.

PS: You can also create a firefox.local with ignore disable-mnt and ignore apparmor.

<!-- gh-comment-id:755964219 --> @rusty-snake commented on GitHub (Jan 7, 2021): > (Any hints/tips to properly debug apparmor would be much appreciated)! @Vincent43 knows what to add to firejail-local in order to allow exec from /mnt. PS: You can also create a firefox.local with `ignore disable-mnt` and `ignore apparmor`.
gitea-mirror commented 2026-05-05 09:06:23 -06:00
Author
Owner
Copy link

@x10an14 commented on GitHub (Jan 7, 2021):

PS: You can also create a firefox.local with ignore disable-mnt and ignore apparmor.

Is this firejail or apparmor specific?

<!-- gh-comment-id:755985774 --> @x10an14 commented on GitHub (Jan 7, 2021): > PS: You can also create a firefox.local with ignore disable-mnt and ignore apparmor. Is this firejail or apparmor specific?
gitea-mirror commented 2026-05-05 09:06:24 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Jan 7, 2021):

firejail

Example: mkdir ~/.config/firejail && echo "ignore apparmor" >> ~/.config/firejail/firefox.local && echo "ignore disable-mnt" >> ~/.config/firejail/firefox.local

<!-- gh-comment-id:755989252 --> @rusty-snake commented on GitHub (Jan 7, 2021): firejail Example: `mkdir ~/.config/firejail && echo "ignore apparmor" >> ~/.config/firejail/firefox.local && echo "ignore disable-mnt" >> ~/.config/firejail/firefox.local`
gitea-mirror commented 2026-05-05 09:06:25 -06:00
Author
Owner
Copy link

@Vincent43 commented on GitHub (Jan 7, 2021):

You can add /mnt/** ix, line to /etc/apparmor.d/local/firejail-default then restart apparmor or reboot system.

For debugging apparmor stuff (not only for firejail) you may inspect journalctl, i.e. journalctl --grep=DENIED

<!-- gh-comment-id:756174896 --> @Vincent43 commented on GitHub (Jan 7, 2021): You can add `/mnt/** ix,` line to `/etc/apparmor.d/local/firejail-default` then restart apparmor or reboot system. For debugging apparmor stuff (not only for firejail) you may inspect `journalctl`, i.e. `journalctl --grep=DENIED`
gitea-mirror commented 2026-05-05 09:06:26 -06:00
Author
Owner
Copy link

@Micha-Btz commented on GitHub (Jan 12, 2021):

@rusty-snake please reopen.
the solution above doesn't work for me. Since programs like keepass try to load firefox and get stuck with no executable found.

debug output 
mdomann in sysiphus in ~ ✦ ❯ firejail --ignore=disable-mnt --ignore=apparmor --debug --profile=/etc/firejail/firefox.profile firefox
Reading profile /etc/firejail/firefox.profile
Found firefox.local profile in /home/mdomann/.config/firejail directory
Reading profile /home/mdomann/.config/firejail/firefox.local
Found whitelist-usr-share-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Found firefox-common.profile profile in /etc/firejail directory
Reading profile /etc/firejail/firefox-common.profile
Found disable-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-common.inc
Found disable-devel.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-devel.inc
Found disable-exec.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-exec.inc
Found disable-interpreters.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-interpreters.inc
Found disable-programs.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-programs.inc
Found whitelist-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-common.inc
Found whitelist-runuser-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-runuser-common.inc
Found whitelist-var-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-var-common.inc
Warning: networking feature is disabled in Firejail configuration file
conditional BROWSER_DISABLE_U2F, nou2f
conditional BROWSER_DISABLE_U2F, private-dev
Building quoted command line: 'firefox' 
Command name #firefox#
Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
DISPLAY=:0.0 parsed as 0
xdg-dbus-proxy arg: unix:path=/run/user/1000/bus
xdg-dbus-proxy arg: /run/firejail/dbus/1000/39679-user
xdg-dbus-proxy arg: --filter
xdg-dbus-proxy arg: --own=org.mozilla.Firefox.*
xdg-dbus-proxy arg: --own=org.mozilla.firefox.*
xdg-dbus-proxy arg: --own=org.mpris.MediaPlayer2.firefox.*
starting xdg-dbus-proxy
sbox exec: /usr/bin/xdg-dbus-proxy --fd=8 --args=9 
Dropping all capabilities
Drop privileges: pid 39680, uid 1000, gid 1000, nogroups 1
No supplementary groups
xdg-dbus-proxy initialized
Using the local network stack
Parent pid 39679, child pid 39682
Initializing child process
Host network configured
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp directory
Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file
IBUS_ADDRESS=unix:abstract=/tmp/dbus-CYJC5voC,guid=a6451e14c78acb445f6f3ba95be30fb8
IBUS_DAEMON_PID=2522
Build protocol filter: unix,inet,inet6,netlink
sbox run: /run/firejail/lib/fseccomp protocol build unix,inet,inet6,netlink /run/firejail/mnt/seccomp/seccomp.protocol 
Dropping all capabilities
Drop privileges: pid 2, uid 1000, gid 1000, nogroups 1
No supplementary groups
Mounting /proc filesystem representing the PID namespace
Basic read-only filesystem:
Mounting read-only /etc
1374 1183 0:24 /rootfs/etc /etc ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=284,subvol=/rootfs/etc
mountid=1374 fsname=/rootfs/etc dir=/etc fstype=btrfs
Mounting noexec /etc
1375 1374 0:24 /rootfs/etc /etc ro,nosuid,nodev,noexec,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=284,subvol=/rootfs/etc
mountid=1375 fsname=/rootfs/etc dir=/etc fstype=btrfs
Mounting read-only /var
1377 1376 0:41 / /var/tmp rw,relatime master:24 - tmpfs tmpfs rw,size=524288k
mountid=1377 fsname=/ dir=/var/tmp fstype=tmpfs
Mounting read-only /var/tmp
1378 1377 0:41 / /var/tmp ro,relatime master:24 - tmpfs tmpfs rw,size=524288k
mountid=1378 fsname=/ dir=/var/tmp fstype=tmpfs
Mounting noexec /var
1381 1380 0:41 / /var/tmp ro,relatime master:24 - tmpfs tmpfs rw,size=524288k
mountid=1381 fsname=/ dir=/var/tmp fstype=tmpfs
Mounting noexec /var/tmp
1382 1381 0:41 / /var/tmp ro,nosuid,nodev,noexec,relatime master:24 - tmpfs tmpfs rw,size=524288k
mountid=1382 fsname=/ dir=/var/tmp fstype=tmpfs
Mounting read-only /usr
1383 1183 0:24 /rootfs/usr /usr ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs
mountid=1383 fsname=/rootfs/usr dir=/usr fstype=btrfs
Mounting read-only /bin
1384 1183 0:24 /rootfs/bin /bin ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs
mountid=1384 fsname=/rootfs/bin dir=/bin fstype=btrfs
Mounting read-only /sbin
1385 1183 0:24 /rootfs/sbin /sbin ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs
mountid=1385 fsname=/rootfs/sbin dir=/sbin fstype=btrfs
Mounting read-only /lib
1386 1183 0:24 /rootfs/lib /lib ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs
mountid=1386 fsname=/rootfs/lib dir=/lib fstype=btrfs
Mounting read-only /lib64
1387 1183 0:24 /rootfs/lib64 /lib64 ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs
mountid=1387 fsname=/rootfs/lib64 dir=/lib64 fstype=btrfs
Mounting read-only /lib32
1388 1183 0:24 /rootfs/lib32 /lib32 ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs
mountid=1388 fsname=/rootfs/lib32 dir=/lib32 fstype=btrfs
Mounting read-only /libx32
1389 1183 0:24 /rootfs/libx32 /libx32 ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs
mountid=1389 fsname=/rootfs/libx32 dir=/libx32 fstype=btrfs
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Mounting tmpfs on /var/lib/dhcp
Mounting tmpfs on /var/lib/snmp
Mounting tmpfs on /var/lib/sudo
Mounting tmpfs on /var/cache/apache2
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Cleaning /run/user directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /home/mdomann/.config/firejail
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/profile
Disable /run/firejail/x11
Mounting tmpfs on /dev
mounting /run/firejail/mnt/dev/snd directory
mounting /run/firejail/mnt/dev/dri directory
Process /dev/shm directory
Copying files in the new bin directory
Checking /usr/local/bin/keepassxc-proxy
Checking /usr/bin/keepassxc-proxy
sbox run: /run/firejail/lib/fcopy /usr/bin/keepassxc-proxy /run/firejail/mnt/bin 
Mount-bind /run/firejail/mnt/bin on top of /usr/local/bin
Mount-bind /run/firejail/mnt/bin on top of /usr/bin
Mount-bind /run/firejail/mnt/bin on top of /bin
Mount-bind /run/firejail/mnt/bin on top of /usr/games
Mount-bind /run/firejail/mnt/bin on top of /usr/local/games
Mount-bind /run/firejail/mnt/bin on top of /usr/local/sbin
Mount-bind /run/firejail/mnt/bin on top of /usr/sbin
Mount-bind /run/firejail/mnt/bin on top of /sbin
1 program installed in 0.85 ms
Generate private-tmp whitelist commands
Creating empty /run/firejail/mnt/dbus directory
Creating empty /run/firejail/mnt/dbus/user file
blacklist /run/user/1000/bus
blacklist /home/mdomann/.dbus
Creating empty /run/firejail/mnt/dbus/system file
blacklist /run/dbus/system_bus_socket
blacklist /run/firejail/dbus
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Mounting read-only /proc/sys
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/sched_debug
Disable /proc/timer_list
Disable /proc/kcore
Disable /proc/kallsyms
Disable /lib/modules
Disable /usr/lib/debug
Disable /boot
Disable /run/user/1000/gnupg
Disable /run/user/1000/systemd
Disable /proc/kmsg
Debug 456: new_name #/home/mdomann/dateien/Publii#, whitelist
Debug 571: fname #/home/mdomann/dateien/Publii#, cfg.homedir #/home/mdomann#
Replaced whitelist path: whitelist /home/mdomann/dateien/Publii
Debug 456: new_name #/home/mdomann/dateien/Publii#, whitelist
Debug 571: fname #/home/mdomann/dateien/Publii#, cfg.homedir #/home/mdomann#
Replaced whitelist path: whitelist /home/mdomann/dateien/Publii
Debug 456: new_name #/home/mdomann/source/dotfiles/firefox#, whitelist
Debug 571: fname #/home/mdomann/source/dotfiles/firefox#, cfg.homedir #/home/mdomann#
Replaced whitelist path: whitelist /home/mdomann/source/dotfiles/firefox
Debug 456: new_name #/home/mdomann/.cache/mozilla/firefox#, whitelist
Debug 571: fname #/home/mdomann/.cache/mozilla/firefox#, cfg.homedir #/home/mdomann#
Replaced whitelist path: whitelist /home/mdomann/.cache/mozilla/firefox
Debug 456: new_name #/home/mdomann/.mozilla#, whitelist
Debug 571: fname #/home/mdomann/.mozilla#, cfg.homedir #/home/mdomann#
Replaced whitelist path: whitelist /home/mdomann/.mozilla
Debug 456: new_name #/usr/share/doc#, whitelist
Debug 456: new_name #/usr/share/firefox#, whitelist
Debug 456: new_name #/usr/share/gnome-shell/search-providers/firefox-search-provider.ini#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/gnome-shell/search-providers/firefox-search-provider.ini
	expanded: /usr/share/gnome-shell/search-providers/firefox-search-provider.ini
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/gtk-doc/html#, whitelist
Debug 456: new_name #/usr/share/mozilla#, whitelist
Debug 456: new_name #/usr/share/webext#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/webext
	expanded: /usr/share/webext
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/alsa#, whitelist
Debug 456: new_name #/usr/share/applications#, whitelist
Debug 456: new_name #/usr/share/ca-certificates#, whitelist
Debug 456: new_name #/usr/share/crypto-policies#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/crypto-policies
	expanded: /usr/share/crypto-policies
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/cursors#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/cursors
	expanded: /usr/share/cursors
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/dconf#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/dconf
	expanded: /usr/share/dconf
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/distro-info#, whitelist
Debug 456: new_name #/usr/share/drirc.d#, whitelist
Debug 456: new_name #/usr/share/enchant#, whitelist
Debug 456: new_name #/usr/share/enchant-2#, whitelist
Debug 456: new_name #/usr/share/file#, whitelist
Debug 456: new_name #/usr/share/fontconfig#, whitelist
Debug 456: new_name #/usr/share/fonts#, whitelist
Debug 456: new_name #/usr/share/gir-1.0#, whitelist
Debug 456: new_name #/usr/share/gjs-1.0#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/gjs-1.0
	expanded: /usr/share/gjs-1.0
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/glib-2.0#, whitelist
Debug 456: new_name #/usr/share/glvnd#, whitelist
Debug 456: new_name #/usr/share/gtk-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/gtk-2.0
	expanded: /usr/share/gtk-2.0
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/gtk-3.0#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/gtk-3.0
	expanded: /usr/share/gtk-3.0
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/gtk-engines#, whitelist
Debug 456: new_name #/usr/share/gtksourceview-3.0#, whitelist
Debug 456: new_name #/usr/share/gtksourceview-4#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/gtksourceview-4
	expanded: /usr/share/gtksourceview-4
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/hunspell#, whitelist
Debug 456: new_name #/usr/share/hwdata#, whitelist
Debug 456: new_name #/usr/share/icons#, whitelist
Debug 456: new_name #/usr/share/icu#, whitelist
Debug 456: new_name #/usr/share/knotifications5#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/knotifications5
	expanded: /usr/share/knotifications5
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/kservices5#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/kservices5
	expanded: /usr/share/kservices5
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/Kvantum#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/Kvantum
	expanded: /usr/share/Kvantum
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/kxmlgui5#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/kxmlgui5
	expanded: /usr/share/kxmlgui5
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/libdrm#, whitelist
Debug 456: new_name #/usr/share/libthai#, whitelist
Debug 456: new_name #/usr/share/locale#, whitelist
Debug 456: new_name #/usr/share/mime#, whitelist
Debug 456: new_name #/usr/share/misc#, whitelist
Debug 456: new_name #/usr/share/Modules#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/Modules
	expanded: /usr/share/Modules
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/myspell#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/myspell
	expanded: /usr/share/myspell
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/p11-kit#, whitelist
Debug 456: new_name #/usr/share/perl#, whitelist
Debug 456: new_name #/usr/share/perl5#, whitelist
Debug 456: new_name #/usr/share/pixmaps#, whitelist
Debug 456: new_name #/usr/share/pki#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/pki
	expanded: /usr/share/pki
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/plasma#, whitelist
Debug 456: new_name #/usr/share/publicsuffix#, whitelist
Debug 456: new_name #/usr/share/qt#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/qt
	expanded: /usr/share/qt
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/qt4#, whitelist
Debug 456: new_name #/usr/share/qt5#, whitelist
Debug 456: new_name #/usr/share/qt5ct#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/qt5ct
	expanded: /usr/share/qt5ct
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/sounds#, whitelist
Debug 456: new_name #/usr/share/tcl8.6#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/tcl8.6
	expanded: /usr/share/tcl8.6
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/tcltk#, whitelist
Debug 456: new_name #/usr/share/terminfo#, whitelist
Debug 456: new_name #/usr/share/texlive#, whitelist
Debug 456: new_name #/usr/share/texmf#, whitelist
Debug 456: new_name #/usr/share/themes#, whitelist
Debug 456: new_name #/usr/share/thumbnail.so#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/thumbnail.so
	expanded: /usr/share/thumbnail.so
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/X11#, whitelist
Debug 456: new_name #/usr/share/xml#, whitelist
Debug 456: new_name #/usr/share/zoneinfo#, whitelist
Directory ${DOWNLOADS} resolved as source/downloads/
Debug 456: new_name #/home/mdomann/source/downloads#, whitelist
Debug 571: fname #/home/mdomann/source/downloads#, cfg.homedir #/home/mdomann#
Replaced whitelist path: whitelist /home/mdomann/source/downloads
Debug 456: new_name #/home/mdomann/.pki#, whitelist
Debug 571: fname #/home/mdomann/.pki#, cfg.homedir #/home/mdomann#
Replaced whitelist path: whitelist /home/mdomann/.pki
Debug 456: new_name #/home/mdomann/.local/share/pki#, whitelist
Debug 571: fname #/home/mdomann/.local/share/pki#, cfg.homedir #/home/mdomann#
Replaced whitelist path: whitelist /home/mdomann/.local/share/pki
Debug 456: new_name #/home/mdomann/.XCompose#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.XCompose
	expanded: /home/mdomann/.XCompose
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/mdomann/.asoundrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.asoundrc
	expanded: /home/mdomann/.asoundrc
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/mdomann/.config/ibus#, whitelist
Debug 571: fname #/home/mdomann/.config/ibus#, cfg.homedir #/home/mdomann#
Replaced whitelist path: whitelist /home/mdomann/.config/ibus
Debug 456: new_name #/home/mdomann/.config/mimeapps.list#, whitelist
Debug 571: fname #/home/mdomann/.config/mimeapps.list#, cfg.homedir #/home/mdomann#
Replaced whitelist path: whitelist /home/mdomann/.config/mimeapps.list
Debug 456: new_name #/home/mdomann/.config/pkcs11#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/pkcs11
	expanded: /home/mdomann/.config/pkcs11
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/mdomann/.config/user-dirs.dirs#, whitelist
Debug 571: fname #/home/mdomann/.config/user-dirs.dirs#, cfg.homedir #/home/mdomann#
Replaced whitelist path: whitelist /home/mdomann/.config/user-dirs.dirs
Debug 456: new_name #/home/mdomann/.config/user-dirs.locale#, whitelist
Debug 571: fname #/home/mdomann/.config/user-dirs.locale#, cfg.homedir #/home/mdomann#
Replaced whitelist path: whitelist /home/mdomann/.config/user-dirs.locale
Debug 456: new_name #/home/mdomann/.drirc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.drirc
	expanded: /home/mdomann/.drirc
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/mdomann/.icons#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.icons
	expanded: /home/mdomann/.icons
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/mdomann/.local/share/applications#, whitelist
Debug 571: fname #/home/mdomann/.local/share/applications#, cfg.homedir #/home/mdomann#
Replaced whitelist path: whitelist /home/mdomann/.local/share/applications
Debug 456: new_name #/home/mdomann/.local/share/icons#, whitelist
Debug 571: fname #/home/mdomann/.local/share/icons#, cfg.homedir #/home/mdomann#
Replaced whitelist path: whitelist /home/mdomann/.local/share/icons
Debug 456: new_name #/home/mdomann/.local/share/mime#, whitelist
Debug 571: fname #/home/mdomann/.local/share/mime#, cfg.homedir #/home/mdomann#
Replaced whitelist path: whitelist /home/mdomann/.local/share/mime
Debug 456: new_name #/home/mdomann/.mime.types#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.mime.types
	expanded: /home/mdomann/.mime.types
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/mdomann/.uim.d#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.uim.d
	expanded: /home/mdomann/.uim.d
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/mdomann/.config/dconf#, whitelist
Debug 571: fname #/home/mdomann/.config/dconf#, cfg.homedir #/home/mdomann#
Replaced whitelist path: whitelist /home/mdomann/.config/dconf
Debug 456: new_name #/home/mdomann/.cache/fontconfig#, whitelist
Debug 571: fname #/home/mdomann/.cache/fontconfig#, cfg.homedir #/home/mdomann#
Replaced whitelist path: whitelist /home/mdomann/.cache/fontconfig
Debug 456: new_name #/home/mdomann/.config/fontconfig#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/fontconfig
	expanded: /home/mdomann/.config/fontconfig
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/mdomann/.fontconfig#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fontconfig
	expanded: /home/mdomann/.fontconfig
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/mdomann/.fonts#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts
	expanded: /home/mdomann/.fonts
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/mdomann/.fonts.conf#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf
	expanded: /home/mdomann/.fonts.conf
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/mdomann/.fonts.conf.d#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf.d
	expanded: /home/mdomann/.fonts.conf.d
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/mdomann/.fonts.d#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.d
	expanded: /home/mdomann/.fonts.d
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/mdomann/.local/share/fonts#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/fonts
	expanded: /home/mdomann/.local/share/fonts
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/mdomann/.pangorc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.pangorc
	expanded: /home/mdomann/.pangorc
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/mdomann/.config/gtk-2.0#, whitelist
Debug 571: fname #/home/mdomann/.config/gtk-2.0#, cfg.homedir #/home/mdomann#
Replaced whitelist path: whitelist /home/mdomann/.config/gtk-2.0
Debug 456: new_name #/home/mdomann/.config/gtk-3.0#, whitelist
Debug 571: fname #/home/mdomann/.config/gtk-3.0#, cfg.homedir #/home/mdomann#
Replaced whitelist path: whitelist /home/mdomann/.config/gtk-3.0
Debug 456: new_name #/home/mdomann/.config/gtk-4.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtk-4.0
	expanded: /home/mdomann/.config/gtk-4.0
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/mdomann/.config/gtkrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc
	expanded: /home/mdomann/.config/gtkrc
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/mdomann/.config/gtkrc-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc-2.0
	expanded: /home/mdomann/.config/gtkrc-2.0
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/mdomann/.gnome2#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2
	expanded: /home/mdomann/.gnome2
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/mdomann/.gnome2-private#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2-private
	expanded: /home/mdomann/.gnome2-private
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/mdomann/.gtk-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtk-2.0
	expanded: /home/mdomann/.gtk-2.0
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/mdomann/.gtkrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtkrc
	expanded: /home/mdomann/.gtkrc
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/mdomann/.gtkrc-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtkrc-2.0
	expanded: /home/mdomann/.gtkrc-2.0
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/mdomann/.kde/share/config/gtkrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc
	expanded: /home/mdomann/.kde/share/config/gtkrc
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/mdomann/.kde/share/config/gtkrc-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc-2.0
	expanded: /home/mdomann/.kde/share/config/gtkrc-2.0
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/mdomann/.kde4/share/config/gtkrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc
	expanded: /home/mdomann/.kde4/share/config/gtkrc
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/mdomann/.kde4/share/config/gtkrc-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc-2.0
	expanded: /home/mdomann/.kde4/share/config/gtkrc-2.0
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/mdomann/.local/share/themes#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/themes
	expanded: /home/mdomann/.local/share/themes
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/mdomann/.themes#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.themes
	expanded: /home/mdomann/.themes
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/mdomann/.cache/kioexec/krun#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.cache/kioexec/krun
	expanded: /home/mdomann/.cache/kioexec/krun
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/mdomann/.config/Kvantum#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/Kvantum
	expanded: /home/mdomann/.config/Kvantum
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/mdomann/.config/Trolltech.conf#, whitelist
Debug 571: fname #/home/mdomann/.config/Trolltech.conf#, cfg.homedir #/home/mdomann#
Replaced whitelist path: whitelist /home/mdomann/.config/Trolltech.conf
Debug 456: new_name #/home/mdomann/.config/kdeglobals#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kdeglobals
	expanded: /home/mdomann/.config/kdeglobals
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/mdomann/.config/kio_httprc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kio_httprc
	expanded: /home/mdomann/.config/kio_httprc
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/mdomann/.config/kioslaverc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kioslaverc
	expanded: /home/mdomann/.config/kioslaverc
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/mdomann/.config/ksslcablacklist#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/ksslcablacklist
	expanded: /home/mdomann/.config/ksslcablacklist
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/mdomann/.config/qt5ct#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/qt5ct
	expanded: /home/mdomann/.config/qt5ct
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/mdomann/.kde/share/config/kdeglobals#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kdeglobals
	expanded: /home/mdomann/.kde/share/config/kdeglobals
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/mdomann/.kde/share/config/kio_httprc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kio_httprc
	expanded: /home/mdomann/.kde/share/config/kio_httprc
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/mdomann/.kde/share/config/kioslaverc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kioslaverc
	expanded: /home/mdomann/.kde/share/config/kioslaverc
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/mdomann/.kde/share/config/ksslcablacklist#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/ksslcablacklist
	expanded: /home/mdomann/.kde/share/config/ksslcablacklist
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/mdomann/.kde/share/config/oxygenrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/oxygenrc
	expanded: /home/mdomann/.kde/share/config/oxygenrc
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/mdomann/.kde/share/icons#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/icons
	expanded: /home/mdomann/.kde/share/icons
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/mdomann/.kde4/share/config/kdeglobals#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kdeglobals
	expanded: /home/mdomann/.kde4/share/config/kdeglobals
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/mdomann/.kde4/share/config/kio_httprc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kio_httprc
	expanded: /home/mdomann/.kde4/share/config/kio_httprc
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/mdomann/.kde4/share/config/kioslaverc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kioslaverc
	expanded: /home/mdomann/.kde4/share/config/kioslaverc
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/mdomann/.kde4/share/config/ksslcablacklist#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/ksslcablacklist
	expanded: /home/mdomann/.kde4/share/config/ksslcablacklist
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/mdomann/.kde4/share/config/oxygenrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/oxygenrc
	expanded: /home/mdomann/.kde4/share/config/oxygenrc
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/mdomann/.kde4/share/icons#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/icons
	expanded: /home/mdomann/.kde4/share/icons
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/home/mdomann/.local/share/qt5ct#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/qt5ct
	expanded: /home/mdomann/.local/share/qt5ct
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/run/user/1000/bus#, whitelist
Replaced whitelist path: whitelist /run/user/1000/bus
Debug 456: new_name #/run/user/1000/dconf#, whitelist
Replaced whitelist path: whitelist /run/user/1000/dconf
Debug 456: new_name #/run/user/1000/gdm/Xauthority#, whitelist
Removed whitelist/nowhitelist path: whitelist ${RUNUSER}/gdm/Xauthority
	expanded: /run/user/1000/gdm/Xauthority
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/run/user/1000/ICEauthority#, whitelist
Replaced whitelist path: whitelist /run/user/1000/ICEauthority
Debug 456: new_name #/run/user/1000/.mutter-Xwaylandauth.*#, whitelist
Removed whitelist/nowhitelist path: whitelist ${RUNUSER}/.mutter-Xwaylandauth.*
	expanded: /run/user/1000/.mutter-Xwaylandauth.*
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/run/user/1000/pulse/native#, whitelist
Replaced whitelist path: whitelist /run/user/1000/pulse/native
Debug 456: new_name #/run/user/1000/wayland-0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${RUNUSER}/wayland-0
	expanded: /run/user/1000/wayland-0
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/var/lib/ca-certificates#, whitelist
Removed whitelist/nowhitelist path: whitelist /var/lib/ca-certificates
	expanded: /var/lib/ca-certificates
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/var/lib/dbus#, whitelist
Debug 456: new_name #/var/lib/menu-xdg#, whitelist
Debug 456: new_name #/var/lib/uim#, whitelist
Removed whitelist/nowhitelist path: whitelist /var/lib/uim
	expanded: /var/lib/uim
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/var/cache/fontconfig#, whitelist
Debug 456: new_name #/var/tmp#, whitelist
Debug 456: new_name #/var/run#, whitelist
Replaced whitelist path: whitelist /run
Debug 456: new_name #/var/lock#, whitelist
Replaced whitelist path: whitelist /run/lock
Debug 456: new_name #/tmp/.X11-unix#, whitelist
Mounting tmpfs on /tmp directory
Mounting tmpfs on /var directory
Mounting tmpfs on /usr/share directory
Mounting tmpfs on /run/user/1000 directory
Drop privileges: pid 4, uid 1000, gid 1000, nogroups 0
Supplementary groups: 29 
Mounting a new /root directory
Mounting a new /home directory
Create a new user directory
Drop privileges: pid 5, uid 1000, gid 1000, nogroups 0
Supplementary groups: 29 
Drop privileges: pid 6, uid 1000, gid 1000, nogroups 0
Supplementary groups: 29 
Whitelisting /home/mdomann/dateien/Publii
1482 1481 0:51 /homefs/mdomann/dateien/Publii /home/mdomann/dateien/Publii rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs
mountid=1482 fsname=/homefs/mdomann/dateien/Publii dir=/home/mdomann/dateien/Publii fstype=btrfs
Whitelisting /home/mdomann/dateien/Publii
1483 1482 0:51 /homefs/mdomann/dateien/Publii /home/mdomann/dateien/Publii rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs
mountid=1483 fsname=/homefs/mdomann/dateien/Publii dir=/home/mdomann/dateien/Publii fstype=btrfs
Whitelisting /home/mdomann/source/dotfiles/firefox
1484 1481 0:51 /homefs/mdomann/source/dotfiles/firefox /home/mdomann/source/dotfiles/firefox rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=1838,subvol=/homefs/mdomann/source
mountid=1484 fsname=/homefs/mdomann/source/dotfiles/firefox dir=/home/mdomann/source/dotfiles/firefox fstype=btrfs
Whitelisting /home/mdomann/.cache/mozilla/firefox
1485 1481 0:51 /homefs/mdomann/.cache/mozilla/firefox /home/mdomann/.cache/mozilla/firefox rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=1837,subvol=/homefs/mdomann/.cache
mountid=1485 fsname=/homefs/mdomann/.cache/mozilla/firefox dir=/home/mdomann/.cache/mozilla/firefox fstype=btrfs
Whitelisting /home/mdomann/.mozilla
1486 1481 0:51 /homefs/mdomann/.mozilla /home/mdomann/.mozilla rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs
mountid=1486 fsname=/homefs/mdomann/.mozilla dir=/home/mdomann/.mozilla fstype=btrfs
Whitelisting /usr/share/doc
1487 1470 0:24 /rootfs/usr/share/doc /usr/share/doc ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs
mountid=1487 fsname=/rootfs/usr/share/doc dir=/usr/share/doc fstype=btrfs
Whitelisting /usr/share/firefox
1488 1470 0:24 /rootfs/usr/share/firefox /usr/share/firefox ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs
mountid=1488 fsname=/rootfs/usr/share/firefox dir=/usr/share/firefox fstype=btrfs
Whitelisting /usr/share/gtk-doc/html
1489 1470 0:24 /rootfs/usr/share/gtk-doc/html /usr/share/gtk-doc/html ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs
mountid=1489 fsname=/rootfs/usr/share/gtk-doc/html dir=/usr/share/gtk-doc/html fstype=btrfs
Whitelisting /usr/share/mozilla
1490 1470 0:24 /rootfs/usr/share/mozilla /usr/share/mozilla ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs
mountid=1490 fsname=/rootfs/usr/share/mozilla dir=/usr/share/mozilla fstype=btrfs
Whitelisting /usr/share/alsa
1491 1470 0:24 /rootfs/usr/share/alsa /usr/share/alsa ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs
mountid=1491 fsname=/rootfs/usr/share/alsa dir=/usr/share/alsa fstype=btrfs
Whitelisting /usr/share/applications
1492 1470 0:24 /rootfs/usr/share/applications /usr/share/applications ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs
mountid=1492 fsname=/rootfs/usr/share/applications dir=/usr/share/applications fstype=btrfs
Whitelisting /usr/share/ca-certificates
1493 1470 0:24 /rootfs/usr/share/ca-certificates /usr/share/ca-certificates ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs
mountid=1493 fsname=/rootfs/usr/share/ca-certificates dir=/usr/share/ca-certificates fstype=btrfs
Whitelisting /usr/share/distro-info
1494 1470 0:24 /rootfs/usr/share/distro-info /usr/share/distro-info ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs
mountid=1494 fsname=/rootfs/usr/share/distro-info dir=/usr/share/distro-info fstype=btrfs
Whitelisting /usr/share/drirc.d
1495 1470 0:24 /rootfs/usr/share/drirc.d /usr/share/drirc.d ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs
mountid=1495 fsname=/rootfs/usr/share/drirc.d dir=/usr/share/drirc.d fstype=btrfs
Whitelisting /usr/share/enchant
1496 1470 0:24 /rootfs/usr/share/enchant /usr/share/enchant ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs
mountid=1496 fsname=/rootfs/usr/share/enchant dir=/usr/share/enchant fstype=btrfs
Whitelisting /usr/share/enchant-2
1497 1470 0:24 /rootfs/usr/share/enchant-2 /usr/share/enchant-2 ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs
mountid=1497 fsname=/rootfs/usr/share/enchant-2 dir=/usr/share/enchant-2 fstype=btrfs
Whitelisting /usr/share/file
1498 1470 0:24 /rootfs/usr/share/file /usr/share/file ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs
mountid=1498 fsname=/rootfs/usr/share/file dir=/usr/share/file fstype=btrfs
Whitelisting /usr/share/fontconfig
1499 1470 0:24 /rootfs/usr/share/fontconfig /usr/share/fontconfig ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs
mountid=1499 fsname=/rootfs/usr/share/fontconfig dir=/usr/share/fontconfig fstype=btrfs
Whitelisting /usr/share/fonts
1500 1470 0:24 /rootfs/usr/share/fonts /usr/share/fonts ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs
mountid=1500 fsname=/rootfs/usr/share/fonts dir=/usr/share/fonts fstype=btrfs
Whitelisting /usr/share/gir-1.0
1501 1470 0:24 /rootfs/usr/share/gir-1.0 /usr/share/gir-1.0 ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs
mountid=1501 fsname=/rootfs/usr/share/gir-1.0 dir=/usr/share/gir-1.0 fstype=btrfs
Whitelisting /usr/share/glib-2.0
1502 1470 0:24 /rootfs/usr/share/glib-2.0 /usr/share/glib-2.0 ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs
mountid=1502 fsname=/rootfs/usr/share/glib-2.0 dir=/usr/share/glib-2.0 fstype=btrfs
Whitelisting /usr/share/glvnd
1503 1470 0:24 /rootfs/usr/share/glvnd /usr/share/glvnd ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs
mountid=1503 fsname=/rootfs/usr/share/glvnd dir=/usr/share/glvnd fstype=btrfs
Whitelisting /usr/share/gtk-engines
1504 1470 0:24 /rootfs/usr/share/gtk-engines /usr/share/gtk-engines ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs
mountid=1504 fsname=/rootfs/usr/share/gtk-engines dir=/usr/share/gtk-engines fstype=btrfs
Whitelisting /usr/share/gtksourceview-3.0
1505 1470 0:24 /rootfs/usr/share/gtksourceview-3.0 /usr/share/gtksourceview-3.0 ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs
mountid=1505 fsname=/rootfs/usr/share/gtksourceview-3.0 dir=/usr/share/gtksourceview-3.0 fstype=btrfs
Whitelisting /usr/share/hunspell
1506 1470 0:24 /rootfs/usr/share/hunspell /usr/share/hunspell ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs
mountid=1506 fsname=/rootfs/usr/share/hunspell dir=/usr/share/hunspell fstype=btrfs
Whitelisting /usr/share/hwdata
1507 1470 0:24 /rootfs/usr/share/hwdata /usr/share/hwdata ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs
mountid=1507 fsname=/rootfs/usr/share/hwdata dir=/usr/share/hwdata fstype=btrfs
Whitelisting /usr/share/icons
1508 1470 0:24 /rootfs/usr/share/icons /usr/share/icons ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs
mountid=1508 fsname=/rootfs/usr/share/icons dir=/usr/share/icons fstype=btrfs
Whitelisting /usr/share/icu
1509 1470 0:24 /rootfs/usr/share/icu /usr/share/icu ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs
mountid=1509 fsname=/rootfs/usr/share/icu dir=/usr/share/icu fstype=btrfs
Whitelisting /usr/share/libdrm
1510 1470 0:24 /rootfs/usr/share/libdrm /usr/share/libdrm ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs
mountid=1510 fsname=/rootfs/usr/share/libdrm dir=/usr/share/libdrm fstype=btrfs
Whitelisting /usr/share/libthai
1511 1470 0:24 /rootfs/usr/share/libthai /usr/share/libthai ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs
mountid=1511 fsname=/rootfs/usr/share/libthai dir=/usr/share/libthai fstype=btrfs
Whitelisting /usr/share/locale
1512 1470 0:24 /rootfs/usr/share/locale /usr/share/locale ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs
mountid=1512 fsname=/rootfs/usr/share/locale dir=/usr/share/locale fstype=btrfs
Whitelisting /usr/share/mime
1513 1470 0:24 /rootfs/usr/share/mime /usr/share/mime ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs
mountid=1513 fsname=/rootfs/usr/share/mime dir=/usr/share/mime fstype=btrfs
Whitelisting /usr/share/misc
1514 1470 0:24 /rootfs/usr/share/misc /usr/share/misc ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs
mountid=1514 fsname=/rootfs/usr/share/misc dir=/usr/share/misc fstype=btrfs
Whitelisting /usr/share/p11-kit
1515 1470 0:24 /rootfs/usr/share/p11-kit /usr/share/p11-kit ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs
mountid=1515 fsname=/rootfs/usr/share/p11-kit dir=/usr/share/p11-kit fstype=btrfs
Whitelisting /usr/share/perl
1516 1470 0:24 /rootfs/usr/share/perl /usr/share/perl ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs
mountid=1516 fsname=/rootfs/usr/share/perl dir=/usr/share/perl fstype=btrfs
Whitelisting /usr/share/perl5
1517 1470 0:24 /rootfs/usr/share/perl5 /usr/share/perl5 ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs
mountid=1517 fsname=/rootfs/usr/share/perl5 dir=/usr/share/perl5 fstype=btrfs
Whitelisting /usr/share/pixmaps
1518 1470 0:24 /rootfs/usr/share/pixmaps /usr/share/pixmaps ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs
mountid=1518 fsname=/rootfs/usr/share/pixmaps dir=/usr/share/pixmaps fstype=btrfs
Whitelisting /usr/share/plasma
1519 1470 0:24 /rootfs/usr/share/plasma /usr/share/plasma ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs
mountid=1519 fsname=/rootfs/usr/share/plasma dir=/usr/share/plasma fstype=btrfs
Whitelisting /usr/share/publicsuffix
1520 1470 0:24 /rootfs/usr/share/publicsuffix /usr/share/publicsuffix ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs
mountid=1520 fsname=/rootfs/usr/share/publicsuffix dir=/usr/share/publicsuffix fstype=btrfs
Whitelisting /usr/share/qt4
1521 1470 0:24 /rootfs/usr/share/qt4 /usr/share/qt4 ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs
mountid=1521 fsname=/rootfs/usr/share/qt4 dir=/usr/share/qt4 fstype=btrfs
Whitelisting /usr/share/qt5
1522 1470 0:24 /rootfs/usr/share/qt5 /usr/share/qt5 ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs
mountid=1522 fsname=/rootfs/usr/share/qt5 dir=/usr/share/qt5 fstype=btrfs
Whitelisting /usr/share/sounds
1523 1470 0:24 /rootfs/usr/share/sounds /usr/share/sounds ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs
mountid=1523 fsname=/rootfs/usr/share/sounds dir=/usr/share/sounds fstype=btrfs
Whitelisting /usr/share/tcltk
1524 1470 0:24 /rootfs/usr/share/tcltk /usr/share/tcltk ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs
mountid=1524 fsname=/rootfs/usr/share/tcltk dir=/usr/share/tcltk fstype=btrfs
Whitelisting /usr/share/terminfo
1525 1470 0:24 /rootfs/usr/share/terminfo /usr/share/terminfo ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs
mountid=1525 fsname=/rootfs/usr/share/terminfo dir=/usr/share/terminfo fstype=btrfs
Whitelisting /usr/share/texlive
1526 1470 0:24 /rootfs/usr/share/texlive /usr/share/texlive ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs
mountid=1526 fsname=/rootfs/usr/share/texlive dir=/usr/share/texlive fstype=btrfs
Whitelisting /usr/share/texmf
1527 1470 0:24 /rootfs/usr/share/texmf /usr/share/texmf ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs
mountid=1527 fsname=/rootfs/usr/share/texmf dir=/usr/share/texmf fstype=btrfs
Whitelisting /usr/share/themes
1528 1470 0:24 /rootfs/usr/share/themes /usr/share/themes ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs
mountid=1528 fsname=/rootfs/usr/share/themes dir=/usr/share/themes fstype=btrfs
Whitelisting /usr/share/X11
1529 1470 0:24 /rootfs/usr/share/X11 /usr/share/X11 ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs
mountid=1529 fsname=/rootfs/usr/share/X11 dir=/usr/share/X11 fstype=btrfs
Whitelisting /usr/share/xml
1530 1470 0:24 /rootfs/usr/share/xml /usr/share/xml ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs
mountid=1530 fsname=/rootfs/usr/share/xml dir=/usr/share/xml fstype=btrfs
Whitelisting /usr/share/zoneinfo
1531 1470 0:24 /rootfs/usr/share/zoneinfo /usr/share/zoneinfo ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs
mountid=1531 fsname=/rootfs/usr/share/zoneinfo dir=/usr/share/zoneinfo fstype=btrfs
Whitelisting /home/mdomann/source/downloads
1532 1481 0:51 /homefs/mdomann/source/downloads /home/mdomann/source/downloads rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=1838,subvol=/homefs/mdomann/source
mountid=1532 fsname=/homefs/mdomann/source/downloads dir=/home/mdomann/source/downloads fstype=btrfs
Whitelisting /home/mdomann/.pki
1533 1481 0:51 /homefs/mdomann/.pki /home/mdomann/.pki rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs
mountid=1533 fsname=/homefs/mdomann/.pki dir=/home/mdomann/.pki fstype=btrfs
Whitelisting /home/mdomann/.local/share/pki
1534 1481 0:51 /homefs/mdomann/.local/share/pki /home/mdomann/.local/share/pki rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs
mountid=1534 fsname=/homefs/mdomann/.local/share/pki dir=/home/mdomann/.local/share/pki fstype=btrfs
Whitelisting /home/mdomann/.config/ibus
1535 1481 0:51 /homefs/mdomann/.config/ibus /home/mdomann/.config/ibus rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs
mountid=1535 fsname=/homefs/mdomann/.config/ibus dir=/home/mdomann/.config/ibus fstype=btrfs
Whitelisting /home/mdomann/.config/mimeapps.list
1536 1481 0:51 /homefs/mdomann/.config/mimeapps.list /home/mdomann/.config/mimeapps.list rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs
mountid=1536 fsname=/homefs/mdomann/.config/mimeapps.list dir=/home/mdomann/.config/mimeapps.list fstype=btrfs
Whitelisting /home/mdomann/.config/user-dirs.dirs
1537 1481 0:51 /homefs/mdomann/.config/user-dirs.dirs /home/mdomann/.config/user-dirs.dirs rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs
mountid=1537 fsname=/homefs/mdomann/.config/user-dirs.dirs dir=/home/mdomann/.config/user-dirs.dirs fstype=btrfs
Whitelisting /home/mdomann/.config/user-dirs.locale
1538 1481 0:51 /homefs/mdomann/.config/user-dirs.locale /home/mdomann/.config/user-dirs.locale rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs
mountid=1538 fsname=/homefs/mdomann/.config/user-dirs.locale dir=/home/mdomann/.config/user-dirs.locale fstype=btrfs
Whitelisting /home/mdomann/.local/share/applications
1539 1481 0:51 /homefs/mdomann/.local/share/applications /home/mdomann/.local/share/applications rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs
mountid=1539 fsname=/homefs/mdomann/.local/share/applications dir=/home/mdomann/.local/share/applications fstype=btrfs
Whitelisting /home/mdomann/.local/share/icons
1540 1481 0:51 /homefs/mdomann/.local/share/icons /home/mdomann/.local/share/icons rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs
mountid=1540 fsname=/homefs/mdomann/.local/share/icons dir=/home/mdomann/.local/share/icons fstype=btrfs
Whitelisting /home/mdomann/.local/share/mime
1541 1481 0:51 /homefs/mdomann/.local/share/mime /home/mdomann/.local/share/mime rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs
mountid=1541 fsname=/homefs/mdomann/.local/share/mime dir=/home/mdomann/.local/share/mime fstype=btrfs
Whitelisting /home/mdomann/.config/dconf
1542 1481 0:51 /homefs/mdomann/.config/dconf /home/mdomann/.config/dconf rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs
mountid=1542 fsname=/homefs/mdomann/.config/dconf dir=/home/mdomann/.config/dconf fstype=btrfs
Whitelisting /home/mdomann/.cache/fontconfig
1543 1481 0:51 /homefs/mdomann/.cache/fontconfig /home/mdomann/.cache/fontconfig rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=1837,subvol=/homefs/mdomann/.cache
mountid=1543 fsname=/homefs/mdomann/.cache/fontconfig dir=/home/mdomann/.cache/fontconfig fstype=btrfs
Whitelisting /home/mdomann/.config/gtk-2.0
1544 1481 0:51 /homefs/mdomann/.config/gtk-2.0 /home/mdomann/.config/gtk-2.0 rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs
mountid=1544 fsname=/homefs/mdomann/.config/gtk-2.0 dir=/home/mdomann/.config/gtk-2.0 fstype=btrfs
Whitelisting /home/mdomann/.config/gtk-3.0
1545 1481 0:51 /homefs/mdomann/.config/gtk-3.0 /home/mdomann/.config/gtk-3.0 rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs
mountid=1545 fsname=/homefs/mdomann/.config/gtk-3.0 dir=/home/mdomann/.config/gtk-3.0 fstype=btrfs
Whitelisting /home/mdomann/.config/Trolltech.conf
1546 1481 0:51 /homefs/mdomann/.config/Trolltech.conf /home/mdomann/.config/Trolltech.conf rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs
mountid=1546 fsname=/homefs/mdomann/.config/Trolltech.conf dir=/home/mdomann/.config/Trolltech.conf fstype=btrfs
Whitelisting /run/user/1000/bus
1547 1475 0:23 /firejail/firejail.ro.file /run/user/1000/bus rw,nosuid,nodev,noexec,relatime master:5 - tmpfs tmpfs rw,size=1631612k,mode=755
mountid=1547 fsname=/firejail/firejail.ro.file dir=/run/user/1000/bus fstype=tmpfs
Whitelisting /run/user/1000/dconf
1548 1475 0:61 /dconf /run/user/1000/dconf rw,nosuid,nodev,relatime master:281 - tmpfs tmpfs rw,size=1631608k,nr_inodes=407902,mode=700,uid=1000,gid=1000
mountid=1548 fsname=/dconf dir=/run/user/1000/dconf fstype=tmpfs
Whitelisting /run/user/1000/ICEauthority
1549 1475 0:61 /ICEauthority /run/user/1000/ICEauthority rw,nosuid,nodev,relatime master:281 - tmpfs tmpfs rw,size=1631608k,nr_inodes=407902,mode=700,uid=1000,gid=1000
mountid=1549 fsname=/ICEauthority dir=/run/user/1000/ICEauthority fstype=tmpfs
Whitelisting /run/user/1000/pulse/native
1550 1475 0:61 /pulse/native /run/user/1000/pulse/native rw,nosuid,nodev,relatime master:281 - tmpfs tmpfs rw,size=1631608k,nr_inodes=407902,mode=700,uid=1000,gid=1000
mountid=1550 fsname=/pulse/native dir=/run/user/1000/pulse/native fstype=tmpfs
Whitelisting /var/lib/dbus
1551 1468 0:24 /rootfs/var/lib/dbus /var/lib/dbus ro,nosuid,nodev,noexec,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs
mountid=1551 fsname=/rootfs/var/lib/dbus dir=/var/lib/dbus fstype=btrfs
Whitelisting /var/lib/menu-xdg
1552 1468 0:24 /rootfs/var/lib/menu-xdg /var/lib/menu-xdg ro,nosuid,nodev,noexec,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs
mountid=1552 fsname=/rootfs/var/lib/menu-xdg dir=/var/lib/menu-xdg fstype=btrfs
Whitelisting /var/cache/fontconfig
1553 1468 0:24 /rootfs/var/cache/fontconfig /var/cache/fontconfig ro,nosuid,nodev,noexec,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs
mountid=1553 fsname=/rootfs/var/cache/fontconfig dir=/var/cache/fontconfig fstype=btrfs
Whitelisting /var/tmp
1554 1468 0:96 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw
mountid=1554 fsname=/ dir=/var/tmp fstype=tmpfs
Created symbolic link /var/run -/run
Created symbolic link /var/lock -/run/lock
Whitelisting /tmp/.X11-unix
1555 1457 0:40 /.X11-unix /tmp/.X11-unix rw,relatime master:23 - tmpfs tmpfs rw,size=4194304k
mountid=1555 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Disable /etc/X11/Xsession.d
Disable /etc/xdg/autostart
Mounting read-only /home/mdomann/.Xauthority
1563 1481 0:113 /mdomann/.Xauthority /home/mdomann/.Xauthority ro,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755
mountid=1563 fsname=/mdomann/.Xauthority dir=/home/mdomann/.Xauthority fstype=tmpfs
Mounting read-only /home/mdomann/.config/dconf
1564 1542 0:51 /homefs/mdomann/.config/dconf /home/mdomann/.config/dconf ro,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs
mountid=1564 fsname=/homefs/mdomann/.config/dconf dir=/home/mdomann/.config/dconf fstype=btrfs
Disable /etc/init.d (requested /etc/init.d/)
Disable /run/acpid.socket (requested /var/run/acpid.socket)
Disable /run/rpcbind.sock (requested /var/run/rpcbind.sock)
Disable /etc/anacrontab
Disable /etc/cron.d
Disable /etc/cron.daily
Disable /etc/cron.hourly
Disable /etc/cron.monthly
Disable /etc/cron.weekly
Disable /etc/cron.deny
Disable /etc/crontab
Disable /etc/crontab.dpkg-dist
Disable /etc/profile.d
Disable /etc/rc.local
Disable /etc/rc2.d
Disable /etc/rc3.d
Disable /etc/rc4.d
Disable /etc/rc5.d
Disable /etc/rc0.d
Disable /etc/rc1.d
Disable /etc/rc6.d
Disable /etc/rcS.d
Disable /etc/kernel
Disable /etc/kernel-img.conf
Disable /etc/grub.d
Disable /etc/dkms
Disable /etc/apparmor.d
Disable /etc/apparmor
Disable /etc/selinux
Disable /etc/modules
Disable /etc/modules-load.d
Disable /etc/logrotate.d
Disable /etc/logrotate.conf
Disable /etc/adduser.conf
Mounting read-only /home/mdomann/.bashrc
1599 1481 0:113 /mdomann/.bashrc /home/mdomann/.bashrc ro,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755
mountid=1599 fsname=/mdomann/.bashrc dir=/home/mdomann/.bashrc fstype=tmpfs
Mounting read-only /home/mdomann/.local/share/applications
1600 1539 0:51 /homefs/mdomann/.local/share/applications /home/mdomann/.local/share/applications ro,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs
mountid=1600 fsname=/homefs/mdomann/.local/share/applications dir=/home/mdomann/.local/share/applications fstype=btrfs
Mounting read-only /home/mdomann/.config/mimeapps.list
1601 1536 0:51 /homefs/mdomann/.config/mimeapps.list /home/mdomann/.config/mimeapps.list ro,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs
mountid=1601 fsname=/homefs/mdomann/.config/mimeapps.list dir=/home/mdomann/.config/mimeapps.list fstype=btrfs
Mounting read-only /home/mdomann/.config/user-dirs.dirs
1602 1537 0:51 /homefs/mdomann/.config/user-dirs.dirs /home/mdomann/.config/user-dirs.dirs ro,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs
mountid=1602 fsname=/homefs/mdomann/.config/user-dirs.dirs dir=/home/mdomann/.config/user-dirs.dirs fstype=btrfs
Mounting read-only /home/mdomann/.config/user-dirs.locale
1603 1538 0:51 /homefs/mdomann/.config/user-dirs.locale /home/mdomann/.config/user-dirs.locale ro,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs
mountid=1603 fsname=/homefs/mdomann/.config/user-dirs.locale dir=/home/mdomann/.config/user-dirs.locale fstype=btrfs
Mounting read-only /home/mdomann/.local/share/mime
1604 1541 0:51 /homefs/mdomann/.local/share/mime /home/mdomann/.local/share/mime ro,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs
mountid=1604 fsname=/homefs/mdomann/.local/share/mime dir=/home/mdomann/.local/share/mime fstype=btrfs
Not blacklist /home/mdomann/.pki
Not blacklist /home/mdomann/.local/share/pki
Disable /etc/davfs2/secrets
Disable /etc/group-
Disable /etc/gshadow
Disable /etc/gshadow-
Disable /etc/passwd-
Disable /etc/shadow
Disable /etc/shadow-
Disable /etc/ssh
Disable /sbin
Disable /usr/local/sbin
Disable /usr/sbin
Disable /etc/java
Disable /usr/lib/valgrind
Disable /usr/src
Disable /usr/local/src
Disable /usr/include
Disable /usr/local/include
Mounting noexec /home/mdomann/dateien/Publii
1622 1483 0:51 /homefs/mdomann/dateien/Publii /home/mdomann/dateien/Publii rw,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs
mountid=1622 fsname=/homefs/mdomann/dateien/Publii dir=/home/mdomann/dateien/Publii fstype=btrfs
Mounting noexec /home/mdomann/source/dotfiles/firefox
1623 1484 0:51 /homefs/mdomann/source/dotfiles/firefox /home/mdomann/source/dotfiles/firefox rw,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=1838,subvol=/homefs/mdomann/source
mountid=1623 fsname=/homefs/mdomann/source/dotfiles/firefox dir=/home/mdomann/source/dotfiles/firefox fstype=btrfs
Mounting noexec /home/mdomann/.cache/mozilla/firefox
1624 1485 0:51 /homefs/mdomann/.cache/mozilla/firefox /home/mdomann/.cache/mozilla/firefox rw,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=1837,subvol=/homefs/mdomann/.cache
mountid=1624 fsname=/homefs/mdomann/.cache/mozilla/firefox dir=/home/mdomann/.cache/mozilla/firefox fstype=btrfs
Mounting noexec /home/mdomann/.mozilla
1625 1486 0:51 /homefs/mdomann/.mozilla /home/mdomann/.mozilla rw,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs
mountid=1625 fsname=/homefs/mdomann/.mozilla dir=/home/mdomann/.mozilla fstype=btrfs
Mounting noexec /home/mdomann/source/downloads
1626 1532 0:51 /homefs/mdomann/source/downloads /home/mdomann/source/downloads rw,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=1838,subvol=/homefs/mdomann/source
mountid=1626 fsname=/homefs/mdomann/source/downloads dir=/home/mdomann/source/downloads fstype=btrfs
Mounting noexec /home/mdomann/.pki
1627 1533 0:51 /homefs/mdomann/.pki /home/mdomann/.pki rw,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs
mountid=1627 fsname=/homefs/mdomann/.pki dir=/home/mdomann/.pki fstype=btrfs
Mounting noexec /home/mdomann/.local/share/pki
1628 1534 0:51 /homefs/mdomann/.local/share/pki /home/mdomann/.local/share/pki rw,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs
mountid=1628 fsname=/homefs/mdomann/.local/share/pki dir=/home/mdomann/.local/share/pki fstype=btrfs
Mounting noexec /home/mdomann/.config/ibus
1629 1535 0:51 /homefs/mdomann/.config/ibus /home/mdomann/.config/ibus rw,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs
mountid=1629 fsname=/homefs/mdomann/.config/ibus dir=/home/mdomann/.config/ibus fstype=btrfs
Mounting noexec /home/mdomann/.config/mimeapps.list
1630 1601 0:51 /homefs/mdomann/.config/mimeapps.list /home/mdomann/.config/mimeapps.list ro,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs
mountid=1630 fsname=/homefs/mdomann/.config/mimeapps.list dir=/home/mdomann/.config/mimeapps.list fstype=btrfs
Mounting noexec /home/mdomann/.config/user-dirs.dirs
1631 1602 0:51 /homefs/mdomann/.config/user-dirs.dirs /home/mdomann/.config/user-dirs.dirs ro,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs
mountid=1631 fsname=/homefs/mdomann/.config/user-dirs.dirs dir=/home/mdomann/.config/user-dirs.dirs fstype=btrfs
Mounting noexec /home/mdomann/.config/user-dirs.locale
1632 1603 0:51 /homefs/mdomann/.config/user-dirs.locale /home/mdomann/.config/user-dirs.locale ro,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs
mountid=1632 fsname=/homefs/mdomann/.config/user-dirs.locale dir=/home/mdomann/.config/user-dirs.locale fstype=btrfs
Mounting noexec /home/mdomann/.local/share/applications
1633 1600 0:51 /homefs/mdomann/.local/share/applications /home/mdomann/.local/share/applications ro,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs
mountid=1633 fsname=/homefs/mdomann/.local/share/applications dir=/home/mdomann/.local/share/applications fstype=btrfs
Mounting noexec /home/mdomann/.local/share/icons
1634 1540 0:51 /homefs/mdomann/.local/share/icons /home/mdomann/.local/share/icons rw,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs
mountid=1634 fsname=/homefs/mdomann/.local/share/icons dir=/home/mdomann/.local/share/icons fstype=btrfs
Mounting noexec /home/mdomann/.local/share/mime
1635 1604 0:51 /homefs/mdomann/.local/share/mime /home/mdomann/.local/share/mime ro,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs
mountid=1635 fsname=/homefs/mdomann/.local/share/mime dir=/home/mdomann/.local/share/mime fstype=btrfs
Mounting noexec /home/mdomann/.config/dconf
1636 1564 0:51 /homefs/mdomann/.config/dconf /home/mdomann/.config/dconf ro,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs
mountid=1636 fsname=/homefs/mdomann/.config/dconf dir=/home/mdomann/.config/dconf fstype=btrfs
Mounting noexec /home/mdomann/.cache/fontconfig
1637 1543 0:51 /homefs/mdomann/.cache/fontconfig /home/mdomann/.cache/fontconfig rw,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=1837,subvol=/homefs/mdomann/.cache
mountid=1637 fsname=/homefs/mdomann/.cache/fontconfig dir=/home/mdomann/.cache/fontconfig fstype=btrfs
Mounting noexec /home/mdomann/.config/gtk-2.0
1638 1544 0:51 /homefs/mdomann/.config/gtk-2.0 /home/mdomann/.config/gtk-2.0 rw,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs
mountid=1638 fsname=/homefs/mdomann/.config/gtk-2.0 dir=/home/mdomann/.config/gtk-2.0 fstype=btrfs
Mounting noexec /home/mdomann/.config/gtk-3.0
1639 1545 0:51 /homefs/mdomann/.config/gtk-3.0 /home/mdomann/.config/gtk-3.0 rw,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs
mountid=1639 fsname=/homefs/mdomann/.config/gtk-3.0 dir=/home/mdomann/.config/gtk-3.0 fstype=btrfs
Mounting noexec /home/mdomann/.config/Trolltech.conf
1640 1546 0:51 /homefs/mdomann/.config/Trolltech.conf /home/mdomann/.config/Trolltech.conf rw,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs
mountid=1640 fsname=/homefs/mdomann/.config/Trolltech.conf dir=/home/mdomann/.config/Trolltech.conf fstype=btrfs
Mounting noexec /run/user/1000
1645 1641 0:61 /pulse/native /run/user/1000/pulse/native rw,nosuid,nodev,relatime master:281 - tmpfs tmpfs rw,size=1631608k,nr_inodes=407902,mode=700,uid=1000,gid=1000
mountid=1645 fsname=/pulse/native dir=/run/user/1000/pulse/native fstype=tmpfs
Mounting noexec /run/user/1000/dconf
1646 1643 0:61 /dconf /run/user/1000/dconf rw,nosuid,nodev,noexec,relatime master:281 - tmpfs tmpfs rw,size=1631608k,nr_inodes=407902,mode=700,uid=1000,gid=1000
mountid=1646 fsname=/dconf dir=/run/user/1000/dconf fstype=tmpfs
Mounting noexec /run/user/1000/ICEauthority
1647 1644 0:61 /ICEauthority /run/user/1000/ICEauthority rw,nosuid,nodev,noexec,relatime master:281 - tmpfs tmpfs rw,size=1631608k,nr_inodes=407902,mode=700,uid=1000,gid=1000
mountid=1647 fsname=/ICEauthority dir=/run/user/1000/ICEauthority fstype=tmpfs
Mounting noexec /run/user/1000/pulse/native
1648 1645 0:61 /pulse/native /run/user/1000/pulse/native rw,nosuid,nodev,noexec,relatime master:281 - tmpfs tmpfs rw,size=1631608k,nr_inodes=407902,mode=700,uid=1000,gid=1000
mountid=1648 fsname=/pulse/native dir=/run/user/1000/pulse/native fstype=tmpfs
Mounting noexec /dev/shm
1649 1422 0:106 /shm /dev/shm rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755
mountid=1649 fsname=/shm dir=/dev/shm fstype=tmpfs
Mounting noexec /tmp
1651 1650 0:40 /.X11-unix /tmp/.X11-unix rw,relatime master:23 - tmpfs tmpfs rw,size=4194304k
mountid=1651 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Mounting noexec /tmp/.X11-unix
1652 1651 0:40 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev,noexec,relatime master:23 - tmpfs tmpfs rw,size=4194304k
mountid=1652 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Mounting noexec /var
1657 1653 0:96 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw
mountid=1657 fsname=/ dir=/var/tmp fstype=tmpfs
Disable /usr/lib/liblualib50.a
Disable /usr/lib/liblualib50.so.5.0 (requested /usr/lib/liblualib50.so)
Disable /usr/lib/liblualib50.so.5.0
Disable /usr/lib/liblualib50.so.5.0 (requested /usr/lib/liblualib50.so.5)
Disable /usr/lib/liblua50.a
Disable /usr/lib/liblua50.so.5.0 (requested /usr/lib/liblua50.so)
Disable /usr/lib/liblua50.so.5.0
Disable /usr/lib/liblua50.so.5.0 (requested /usr/lib/liblua50.so.5)
Disable /usr/share/perl5
Disable /usr/share/perl
Disable /usr/lib/php
Disable /usr/lib/ruby
Disable /usr/lib/python2.7
Disable /usr/local/lib/python2.7
Disable /usr/lib/python3
Disable /usr/lib/python3.5
Disable /usr/lib/python3.6
Disable /usr/lib/python3.7
Disable /usr/lib/python3.9
Disable /usr/local/lib/python3.5
Disable /usr/local/lib/python3.6
Disable /usr/local/lib/python3.7
Disable /usr/local/lib/python3.9
Not blacklist /home/mdomann/.mozilla
Not blacklist /home/mdomann/.cache/mozilla
Mounting read-only /tmp/.X11-unix
1681 1652 0:40 /.X11-unix /tmp/.X11-unix ro,nosuid,nodev,noexec,relatime master:23 - tmpfs tmpfs rw,size=4194304k
mountid=1681 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Disable /sys/fs
Disable /sys/module
/etc/pulse/client.conf not found
Current directory: /home/mdomann
DISPLAY=:0.0 parsed as 0
Install protocol filter: unix,inet,inet6,netlink
configuring 22 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol 
Dropping all capabilities
Drop privileges: pid 7, uid 1000, gid 1000, nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 04 00 c000003e   jeq ARCH_64 0006 (false 0002)
 0002: 20 00 00 00000000   ld  data.syscall-number
 0003: 15 01 00 00000167   jeq unknown 0005 (false 0004)
 0004: 06 00 00 7fff0000   ret ALLOW
 0005: 05 00 00 00000006   jmp 000c
 0006: 20 00 00 00000004   ld  data.architecture
 0007: 15 01 00 c000003e   jeq ARCH_64 0009 (false 0008)
 0008: 06 00 00 7fff0000   ret ALLOW
 0009: 20 00 00 00000000   ld  data.syscall-number
 000a: 15 01 00 00000029   jeq socket 000c (false 000b)
 000b: 06 00 00 7fff0000   ret ALLOW
 000c: 20 00 00 00000010   ld  data.args[0]
 000d: 15 00 01 00000001   jeq 1 000e (false 000f)
 000e: 06 00 00 7fff0000   ret ALLOW
 000f: 15 00 01 00000002   jeq 2 0010 (false 0011)
 0010: 06 00 00 7fff0000   ret ALLOW
 0011: 15 00 01 0000000a   jeq a 0012 (false 0013)
 0012: 06 00 00 7fff0000   ret ALLOW
 0013: 15 00 01 00000010   jeq 10 0014 (false 0015)
 0014: 06 00 00 7fff0000   ret ALLOW
 0015: 06 00 00 0005005f   ret ERRNO(95)
configuring 101 seccomp entries in /run/firejail/mnt/seccomp/seccomp.32
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.32 
Dropping all capabilities
Drop privileges: pid 8, uid 1000, gid 1000, nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 40000003   jeq ARCH_32 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 15 00 01 00000015   jeq 15 0005 (false 0006)
 0005: 06 00 00 00000001   ret KILL
 0006: 15 00 01 00000034   jeq 34 0007 (false 0008)
 0007: 06 00 00 00000001   ret KILL
 0008: 15 00 01 0000001a   jeq 1a 0009 (false 000a)
 0009: 06 00 00 00000001   ret KILL
 000a: 15 00 01 0000011b   jeq 11b 000b (false 000c)
 000b: 06 00 00 00000001   ret KILL
 000c: 15 00 01 00000155   jeq 155 000d (false 000e)
 000d: 06 00 00 00000001   ret KILL
 000e: 15 00 01 00000156   jeq 156 000f (false 0010)
 000f: 06 00 00 00000001   ret KILL
 0010: 15 00 01 0000007f   jeq 7f 0011 (false 0012)
 0011: 06 00 00 00000001   ret KILL
 0012: 15 00 01 00000080   jeq 80 0013 (false 0014)
 0013: 06 00 00 00000001   ret KILL
 0014: 15 00 01 0000015e   jeq 15e 0015 (false 0016)
 0015: 06 00 00 00000001   ret KILL
 0016: 15 00 01 00000081   jeq 81 0017 (false 0018)
 0017: 06 00 00 00000001   ret KILL
 0018: 15 00 01 0000006e   jeq 6e 0019 (false 001a)
 0019: 06 00 00 00000001   ret KILL
 001a: 15 00 01 00000065   jeq 65 001b (false 001c)
 001b: 06 00 00 00000001   ret KILL
 001c: 15 00 01 00000121   jeq 121 001d (false 001e)
 001d: 06 00 00 00000001   ret KILL
 001e: 15 00 01 00000057   jeq 57 001f (false 0020)
 001f: 06 00 00 00000001   ret KILL
 0020: 15 00 01 00000073   jeq 73 0021 (false 0022)
 0021: 06 00 00 00000001   ret KILL
 0022: 15 00 01 00000067   jeq 67 0023 (false 0024)
 0023: 06 00 00 00000001   ret KILL
 0024: 15 00 01 0000015b   jeq 15b 0025 (false 0026)
 0025: 06 00 00 00000001   ret KILL
 0026: 15 00 01 0000015c   jeq 15c 0027 (false 0028)
 0027: 06 00 00 00000001   ret KILL
 0028: 15 00 01 00000087   jeq 87 0029 (false 002a)
 0029: 06 00 00 00000001   ret KILL
 002a: 15 00 01 00000095   jeq 95 002b (false 002c)
 002b: 06 00 00 00000001   ret KILL
 002c: 15 00 01 0000007c   jeq 7c 002d (false 002e)
 002d: 06 00 00 00000001   ret KILL
 002e: 15 00 01 00000157   jeq 157 002f (false 0030)
 002f: 06 00 00 00000001   ret KILL
 0030: 15 00 01 000000fd   jeq fd 0031 (false 0032)
 0031: 06 00 00 00000001   ret KILL
 0032: 15 00 01 00000150   jeq 150 0033 (false 0034)
 0033: 06 00 00 00000001   ret KILL
 0034: 15 00 01 00000152   jeq 152 0035 (false 0036)
 0035: 06 00 00 00000001   ret KILL
 0036: 15 00 01 0000015d   jeq 15d 0037 (false 0038)
 0037: 06 00 00 00000001   ret KILL
 0038: 15 00 01 0000011e   jeq 11e 0039 (false 003a)
 0039: 06 00 00 00000001   ret KILL
 003a: 15 00 01 0000011f   jeq 11f 003b (false 003c)
 003b: 06 00 00 00000001   ret KILL
 003c: 15 00 01 00000120   jeq 120 003d (false 003e)
 003d: 06 00 00 00000001   ret KILL
 003e: 15 00 01 00000056   jeq 56 003f (false 0040)
 003f: 06 00 00 00000001   ret KILL
 0040: 15 00 01 00000033   jeq 33 0041 (false 0042)
 0041: 06 00 00 00000001   ret KILL
 0042: 15 00 01 0000007b   jeq 7b 0043 (false 0044)
 0043: 06 00 00 00000001   ret KILL
 0044: 15 00 01 000000d9   jeq d9 0045 (false 0046)
 0045: 06 00 00 00000001   ret KILL
 0046: 15 00 01 000000f5   jeq f5 0047 (false 0048)
 0047: 06 00 00 00000001   ret KILL
 0048: 15 00 01 000000f6   jeq f6 0049 (false 004a)
 0049: 06 00 00 00000001   ret KILL
 004a: 15 00 01 000000f7   jeq f7 004b (false 004c)
 004b: 06 00 00 00000001   ret KILL
 004c: 15 00 01 000000f8   jeq f8 004d (false 004e)
 004d: 06 00 00 00000001   ret KILL
 004e: 15 00 01 000000f9   jeq f9 004f (false 0050)
 004f: 06 00 00 00000001   ret KILL
 0050: 15 00 01 00000101   jeq 101 0051 (false 0052)
 0051: 06 00 00 00000001   ret KILL
 0052: 15 00 01 00000112   jeq 112 0053 (false 0054)
 0053: 06 00 00 00000001   ret KILL
 0054: 15 00 01 00000114   jeq 114 0055 (false 0056)
 0055: 06 00 00 00000001   ret KILL
 0056: 15 00 01 00000126   jeq 126 0057 (false 0058)
 0057: 06 00 00 00000001   ret KILL
 0058: 15 00 01 0000013d   jeq 13d 0059 (false 005a)
 0059: 06 00 00 00000001   ret KILL
 005a: 15 00 01 0000013c   jeq 13c 005b (false 005c)
 005b: 06 00 00 00000001   ret KILL
 005c: 15 00 01 0000003d   jeq 3d 005d (false 005e)
 005d: 06 00 00 00000001   ret KILL
 005e: 15 00 01 00000058   jeq 58 005f (false 0060)
 005f: 06 00 00 00000001   ret KILL
 0060: 15 00 01 000000a9   jeq a9 0061 (false 0062)
 0061: 06 00 00 00000001   ret KILL
 0062: 15 00 01 00000082   jeq 82 0063 (false 0064)
 0063: 06 00 00 00000001   ret KILL
 0064: 06 00 00 7fff0000   ret ALLOW
Dual 32/64 bit seccomp filter configured
Build default+drop seccomp filter
sbox run: /run/firejail/lib/fseccomp default drop /run/firejail/mnt/seccomp/seccomp /run/firejail/mnt/seccomp/seccomp.postexec !chroot 
Dropping all capabilities
Drop privileges: pid 9, uid 1000, gid 1000, nogroups 1
No supplementary groups
Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
sbox run: /run/firejail/lib/fsec-optimize /run/firejail/mnt/seccomp/seccomp 
Dropping all capabilities
Drop privileges: pid 10, uid 1000, gid 1000, nogroups 1
No supplementary groups
configuring 136 seccomp entries in /run/firejail/mnt/seccomp/seccomp
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp 
Dropping all capabilities
Drop privileges: pid 11, uid 1000, gid 1000, nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 35 01 00 40000000   jge X32_ABI 0006 (false 0005)
 0005: 35 01 00 00000000   jge read 0007 (false 0006)
 0006: 06 00 00 00050001   ret ERRNO(1)
 0007: 15 00 01 000000a1   jeq chroot 0008 (false 0009)
 0008: 06 00 00 7fff0000   ret ALLOW
 0009: 15 00 01 0000009f   jeq adjtimex 000a (false 000b)
 000a: 06 00 00 00050001   ret ERRNO(1)
 000b: 15 00 01 00000131   jeq clock_adjtime 000c (false 000d)
 000c: 06 00 00 00050001   ret ERRNO(1)
 000d: 15 00 01 000000e3   jeq clock_settime 000e (false 000f)
 000e: 06 00 00 00050001   ret ERRNO(1)
 000f: 15 00 01 000000a4   jeq settimeofday 0010 (false 0011)
 0010: 06 00 00 00050001   ret ERRNO(1)
 0011: 15 00 01 0000009a   jeq modify_ldt 0012 (false 0013)
 0012: 06 00 00 00050001   ret ERRNO(1)
 0013: 15 00 01 000000d4   jeq lookup_dcookie 0014 (false 0015)
 0014: 06 00 00 00050001   ret ERRNO(1)
 0015: 15 00 01 0000012a   jeq perf_event_open 0016 (false 0017)
 0016: 06 00 00 00050001   ret ERRNO(1)
 0017: 15 00 01 00000137   jeq process_vm_writev 0018 (false 0019)
 0018: 06 00 00 00050001   ret ERRNO(1)
 0019: 15 00 01 000000b0   jeq delete_module 001a (false 001b)
 001a: 06 00 00 00050001   ret ERRNO(1)
 001b: 15 00 01 00000139   jeq finit_module 001c (false 001d)
 001c: 06 00 00 00050001   ret ERRNO(1)
 001d: 15 00 01 000000af   jeq init_module 001e (false 001f)
 001e: 06 00 00 00050001   ret ERRNO(1)
 001f: 15 00 01 000000a1   jeq chroot 0020 (false 0021)
 0020: 06 00 00 00050001   ret ERRNO(1)
 0021: 15 00 01 000000a5   jeq mount 0022 (false 0023)
 0022: 06 00 00 00050001   ret ERRNO(1)
 0023: 15 00 01 0000009b   jeq pivot_root 0024 (false 0025)
 0024: 06 00 00 00050001   ret ERRNO(1)
 0025: 15 00 01 000000a6   jeq umount2 0026 (false 0027)
 0026: 06 00 00 00050001   ret ERRNO(1)
 0027: 15 00 01 0000009c   jeq _sysctl 0028 (false 0029)
 0028: 06 00 00 00050001   ret ERRNO(1)
 0029: 15 00 01 000000b7   jeq afs_syscall 002a (false 002b)
 002a: 06 00 00 00050001   ret ERRNO(1)
 002b: 15 00 01 000000ae   jeq create_module 002c (false 002d)
 002c: 06 00 00 00050001   ret ERRNO(1)
 002d: 15 00 01 000000b1   jeq get_kernel_syms 002e (false 002f)
 002e: 06 00 00 00050001   ret ERRNO(1)
 002f: 15 00 01 000000b5   jeq getpmsg 0030 (false 0031)
 0030: 06 00 00 00050001   ret ERRNO(1)
 0031: 15 00 01 000000b6   jeq putpmsg 0032 (false 0033)
 0032: 06 00 00 00050001   ret ERRNO(1)
 0033: 15 00 01 000000b2   jeq query_module 0034 (false 0035)
 0034: 06 00 00 00050001   ret ERRNO(1)
 0035: 15 00 01 000000b9   jeq security 0036 (false 0037)
 0036: 06 00 00 00050001   ret ERRNO(1)
 0037: 15 00 01 0000008b   jeq sysfs 0038 (false 0039)
 0038: 06 00 00 00050001   ret ERRNO(1)
 0039: 15 00 01 000000b8   jeq tuxcall 003a (false 003b)
 003a: 06 00 00 00050001   ret ERRNO(1)
 003b: 15 00 01 00000086   jeq uselib 003c (false 003d)
 003c: 06 00 00 00050001   ret ERRNO(1)
 003d: 15 00 01 00000088   jeq ustat 003e (false 003f)
 003e: 06 00 00 00050001   ret ERRNO(1)
 003f: 15 00 01 000000ec   jeq vserver 0040 (false 0041)
 0040: 06 00 00 00050001   ret ERRNO(1)
 0041: 15 00 01 000000ad   jeq ioperm 0042 (false 0043)
 0042: 06 00 00 00050001   ret ERRNO(1)
 0043: 15 00 01 000000ac   jeq iopl 0044 (false 0045)
 0044: 06 00 00 00050001   ret ERRNO(1)
 0045: 15 00 01 000000f6   jeq kexec_load 0046 (false 0047)
 0046: 06 00 00 00050001   ret ERRNO(1)
 0047: 15 00 01 00000140   jeq kexec_file_load 0048 (false 0049)
 0048: 06 00 00 00050001   ret ERRNO(1)
 0049: 15 00 01 000000a9   jeq reboot 004a (false 004b)
 004a: 06 00 00 00050001   ret ERRNO(1)
 004b: 15 00 01 000000a7   jeq swapon 004c (false 004d)
 004c: 06 00 00 00050001   ret ERRNO(1)
 004d: 15 00 01 000000a8   jeq swapoff 004e (false 004f)
 004e: 06 00 00 00050001   ret ERRNO(1)
 004f: 15 00 01 00000130   jeq open_by_handle_at 0050 (false 0051)
 0050: 06 00 00 00050001   ret ERRNO(1)
 0051: 15 00 01 0000012f   jeq name_to_handle_at 0052 (false 0053)
 0052: 06 00 00 00050001   ret ERRNO(1)
 0053: 15 00 01 000000fb   jeq ioprio_set 0054 (false 0055)
 0054: 06 00 00 00050001   ret ERRNO(1)
 0055: 15 00 01 00000067   jeq syslog 0056 (false 0057)
 0056: 06 00 00 00050001   ret ERRNO(1)
 0057: 15 00 01 0000012c   jeq fanotify_init 0058 (false 0059)
 0058: 06 00 00 00050001   ret ERRNO(1)
 0059: 15 00 01 00000138   jeq kcmp 005a (false 005b)
 005a: 06 00 00 00050001   ret ERRNO(1)
 005b: 15 00 01 000000f8   jeq add_key 005c (false 005d)
 005c: 06 00 00 00050001   ret ERRNO(1)
 005d: 15 00 01 000000f9   jeq request_key 005e (false 005f)
 005e: 06 00 00 00050001   ret ERRNO(1)
 005f: 15 00 01 000000ed   jeq mbind 0060 (false 0061)
 0060: 06 00 00 00050001   ret ERRNO(1)
 0061: 15 00 01 00000100   jeq migrate_pages 0062 (false 0063)
 0062: 06 00 00 00050001   ret ERRNO(1)
 0063: 15 00 01 00000117   jeq move_pages 0064 (false 0065)
 0064: 06 00 00 00050001   ret ERRNO(1)
 0065: 15 00 01 000000fa   jeq keyctl 0066 (false 0067)
 0066: 06 00 00 00050001   ret ERRNO(1)
 0067: 15 00 01 000000ce   jeq io_setup 0068 (false 0069)
 0068: 06 00 00 00050001   ret ERRNO(1)
 0069: 15 00 01 000000cf   jeq io_destroy 006a (false 006b)
 006a: 06 00 00 00050001   ret ERRNO(1)
 006b: 15 00 01 000000d0   jeq io_getevents 006c (false 006d)
 006c: 06 00 00 00050001   ret ERRNO(1)
 006d: 15 00 01 000000d1   jeq io_submit 006e (false 006f)
 006e: 06 00 00 00050001   ret ERRNO(1)
 006f: 15 00 01 000000d2   jeq io_cancel 0070 (false 0071)
 0070: 06 00 00 00050001   ret ERRNO(1)
 0071: 15 00 01 000000d8   jeq remap_file_pages 0072 (false 0073)
 0072: 06 00 00 00050001   ret ERRNO(1)
 0073: 15 00 01 00000143   jeq userfaultfd 0074 (false 0075)
 0074: 06 00 00 00050001   ret ERRNO(1)
 0075: 15 00 01 000000a3   jeq acct 0076 (false 0077)
 0076: 06 00 00 00050001   ret ERRNO(1)
 0077: 15 00 01 00000141   jeq bpf 0078 (false 0079)
 0078: 06 00 00 00050001   ret ERRNO(1)
 0079: 15 00 01 000000b4   jeq nfsservctl 007a (false 007b)
 007a: 06 00 00 00050001   ret ERRNO(1)
 007b: 15 00 01 000000ab   jeq setdomainname 007c (false 007d)
 007c: 06 00 00 00050001   ret ERRNO(1)
 007d: 15 00 01 000000aa   jeq sethostname 007e (false 007f)
 007e: 06 00 00 00050001   ret ERRNO(1)
 007f: 15 00 01 00000099   jeq vhangup 0080 (false 0081)
 0080: 06 00 00 00050001   ret ERRNO(1)
 0081: 15 00 01 00000065   jeq ptrace 0082 (false 0083)
 0082: 06 00 00 00050001   ret ERRNO(1)
 0083: 15 00 01 00000087   jeq personality 0084 (false 0085)
 0084: 06 00 00 00050001   ret ERRNO(1)
 0085: 15 00 01 00000136   jeq process_vm_readv 0086 (false 0087)
 0086: 06 00 00 00050001   ret ERRNO(1)
 0087: 06 00 00 7fff0000   ret ALLOW
seccomp filter configured
Mounting read-only /run/firejail/mnt/seccomp
1775 1371 0:93 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755
mountid=1775 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs
Seccomp directory:
ls /run/firejail/mnt/seccomp
drwxr-xr-x root     root             160 .
drwxr-xr-x root     root             420 ..
-rw-r--r-- mdomann  mdomann         1088 seccomp
-rw-r--r-- mdomann  mdomann          808 seccomp.32
-rw-r--r-- mdomann  mdomann          114 seccomp.list
-rw-r--r-- mdomann  mdomann            0 seccomp.postexec
-rw-r--r-- mdomann  mdomann            0 seccomp.postexec32
-rw-r--r-- mdomann  mdomann          176 seccomp.protocol
Active seccomp files:
cat /run/firejail/mnt/seccomp/seccomp.list
/run/firejail/mnt/seccomp/seccomp.protocol
/run/firejail/mnt/seccomp/seccomp.32
/run/firejail/mnt/seccomp/seccomp
Dropping all capabilities
noroot user namespace installed
Dropping all capabilities
NO_NEW_PRIVS set
Drop privileges: pid 1, uid 1000, gid 1000, nogroups 1
No supplementary groups
starting application
LD_PRELOAD=(null)
execvp argument 0: firefox
Child process initialized in 79.72 ms
Searching $PATH for firefox
trying #/home/mdomann/.cargo/bin/firefox#
trying #/usr/local/bin/firefox#
trying #/usr/bin/firefox#
trying #/bin/firefox#
trying #/usr/local/games/firefox#
trying #/usr/games/firefox#
trying #/sbin/firefox#
trying #/usr/local/sbin/firefox#
trying #/home/mdomann/.scripte/firefox#
trying #/usr/sbin/firefox#
trying #/home/mdomann/.scripte/backup/firefox#
trying #/home/mdomann/.dotfiles/bin//firefox#
trying #/home/mdomann/.local/bin/firefox#
trying #/home/mdomann/handy/android_home_tools/android-sdk-linux/platform-tools//firefox#
trying #/home/mdomann/handy/android_home_tools/android-sdk-linux/tools//firefox#
trying #/home/mdomann/.scripte/backup/firefox#
trying #/home/mdomann/handy/android_home_tools/android-sdk-linux/tools/bin/firefox#
trying #/home/mdomann/source/go/bin/firefox#
Error: no suitable firefox executable found
monitoring pid 12

Sandbox monitor: waitpid 12 retval 12 status 256

Parent is shutting down, bye...

firefox or no other binary will be startet. firefox works with noprifile.
I have firejail version 0.9.64 from debian unstable. I try to resolv this on my own:

  1. commentig out firefox-comon.profile doesn't work
  2. testing by commenting out all includes and oter option in firefox-common.profile doesn't work to.
    I think I need some advice.

EDIT by @rusty-snake: code-block and details tags for debug output.

<!-- gh-comment-id:758828065 --> @Micha-Btz commented on GitHub (Jan 12, 2021): @rusty-snake please reopen. the solution above doesn't work for me. Since programs like keepass try to load firefox and get stuck with no executable found. <details><summary>debug output</summary> ``` mdomann in sysiphus in ~ ✦ ❯ firejail --ignore=disable-mnt --ignore=apparmor --debug --profile=/etc/firejail/firefox.profile firefox Reading profile /etc/firejail/firefox.profile Found firefox.local profile in /home/mdomann/.config/firejail directory Reading profile /home/mdomann/.config/firejail/firefox.local Found whitelist-usr-share-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-usr-share-common.inc Found firefox-common.profile profile in /etc/firejail directory Reading profile /etc/firejail/firefox-common.profile Found disable-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-common.inc Found disable-devel.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-devel.inc Found disable-exec.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-exec.inc Found disable-interpreters.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-interpreters.inc Found disable-programs.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-programs.inc Found whitelist-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-common.inc Found whitelist-runuser-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-runuser-common.inc Found whitelist-var-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-var-common.inc Warning: networking feature is disabled in Firejail configuration file conditional BROWSER_DISABLE_U2F, nou2f conditional BROWSER_DISABLE_U2F, private-dev Building quoted command line: 'firefox' Command name #firefox# Seccomp list in: !chroot, check list: @default-keep, prelist: unknown, DISPLAY=:0.0 parsed as 0 xdg-dbus-proxy arg: unix:path=/run/user/1000/bus xdg-dbus-proxy arg: /run/firejail/dbus/1000/39679-user xdg-dbus-proxy arg: --filter xdg-dbus-proxy arg: --own=org.mozilla.Firefox.* xdg-dbus-proxy arg: --own=org.mozilla.firefox.* xdg-dbus-proxy arg: --own=org.mpris.MediaPlayer2.firefox.* starting xdg-dbus-proxy sbox exec: /usr/bin/xdg-dbus-proxy --fd=8 --args=9 Dropping all capabilities Drop privileges: pid 39680, uid 1000, gid 1000, nogroups 1 No supplementary groups xdg-dbus-proxy initialized Using the local network stack Parent pid 39679, child pid 39682 Initializing child process Host network configured PID namespace installed Mounting tmpfs on /run/firejail/mnt directory Creating empty /run/firejail/mnt/seccomp directory Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file IBUS_ADDRESS=unix:abstract=/tmp/dbus-CYJC5voC,guid=a6451e14c78acb445f6f3ba95be30fb8 IBUS_DAEMON_PID=2522 Build protocol filter: unix,inet,inet6,netlink sbox run: /run/firejail/lib/fseccomp protocol build unix,inet,inet6,netlink /run/firejail/mnt/seccomp/seccomp.protocol Dropping all capabilities Drop privileges: pid 2, uid 1000, gid 1000, nogroups 1 No supplementary groups Mounting /proc filesystem representing the PID namespace Basic read-only filesystem: Mounting read-only /etc 1374 1183 0:24 /rootfs/etc /etc ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=284,subvol=/rootfs/etc mountid=1374 fsname=/rootfs/etc dir=/etc fstype=btrfs Mounting noexec /etc 1375 1374 0:24 /rootfs/etc /etc ro,nosuid,nodev,noexec,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=284,subvol=/rootfs/etc mountid=1375 fsname=/rootfs/etc dir=/etc fstype=btrfs Mounting read-only /var 1377 1376 0:41 / /var/tmp rw,relatime master:24 - tmpfs tmpfs rw,size=524288k mountid=1377 fsname=/ dir=/var/tmp fstype=tmpfs Mounting read-only /var/tmp 1378 1377 0:41 / /var/tmp ro,relatime master:24 - tmpfs tmpfs rw,size=524288k mountid=1378 fsname=/ dir=/var/tmp fstype=tmpfs Mounting noexec /var 1381 1380 0:41 / /var/tmp ro,relatime master:24 - tmpfs tmpfs rw,size=524288k mountid=1381 fsname=/ dir=/var/tmp fstype=tmpfs Mounting noexec /var/tmp 1382 1381 0:41 / /var/tmp ro,nosuid,nodev,noexec,relatime master:24 - tmpfs tmpfs rw,size=524288k mountid=1382 fsname=/ dir=/var/tmp fstype=tmpfs Mounting read-only /usr 1383 1183 0:24 /rootfs/usr /usr ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1383 fsname=/rootfs/usr dir=/usr fstype=btrfs Mounting read-only /bin 1384 1183 0:24 /rootfs/bin /bin ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1384 fsname=/rootfs/bin dir=/bin fstype=btrfs Mounting read-only /sbin 1385 1183 0:24 /rootfs/sbin /sbin ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1385 fsname=/rootfs/sbin dir=/sbin fstype=btrfs Mounting read-only /lib 1386 1183 0:24 /rootfs/lib /lib ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1386 fsname=/rootfs/lib dir=/lib fstype=btrfs Mounting read-only /lib64 1387 1183 0:24 /rootfs/lib64 /lib64 ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1387 fsname=/rootfs/lib64 dir=/lib64 fstype=btrfs Mounting read-only /lib32 1388 1183 0:24 /rootfs/lib32 /lib32 ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1388 fsname=/rootfs/lib32 dir=/lib32 fstype=btrfs Mounting read-only /libx32 1389 1183 0:24 /rootfs/libx32 /libx32 ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1389 fsname=/rootfs/libx32 dir=/libx32 fstype=btrfs Mounting tmpfs on /var/lock Mounting tmpfs on /var/tmp Mounting tmpfs on /var/log Mounting tmpfs on /var/lib/dhcp Mounting tmpfs on /var/lib/snmp Mounting tmpfs on /var/lib/sudo Mounting tmpfs on /var/cache/apache2 Create the new utmp file Mount the new utmp file Cleaning /home directory Cleaning /run/user directory Sanitizing /etc/passwd, UID_MIN 1000 Sanitizing /etc/group, GID_MIN 1000 Disable /home/mdomann/.config/firejail Disable /run/firejail/network Disable /run/firejail/bandwidth Disable /run/firejail/name Disable /run/firejail/profile Disable /run/firejail/x11 Mounting tmpfs on /dev mounting /run/firejail/mnt/dev/snd directory mounting /run/firejail/mnt/dev/dri directory Process /dev/shm directory Copying files in the new bin directory Checking /usr/local/bin/keepassxc-proxy Checking /usr/bin/keepassxc-proxy sbox run: /run/firejail/lib/fcopy /usr/bin/keepassxc-proxy /run/firejail/mnt/bin Mount-bind /run/firejail/mnt/bin on top of /usr/local/bin Mount-bind /run/firejail/mnt/bin on top of /usr/bin Mount-bind /run/firejail/mnt/bin on top of /bin Mount-bind /run/firejail/mnt/bin on top of /usr/games Mount-bind /run/firejail/mnt/bin on top of /usr/local/games Mount-bind /run/firejail/mnt/bin on top of /usr/local/sbin Mount-bind /run/firejail/mnt/bin on top of /usr/sbin Mount-bind /run/firejail/mnt/bin on top of /sbin 1 program installed in 0.85 ms Generate private-tmp whitelist commands Creating empty /run/firejail/mnt/dbus directory Creating empty /run/firejail/mnt/dbus/user file blacklist /run/user/1000/bus blacklist /home/mdomann/.dbus Creating empty /run/firejail/mnt/dbus/system file blacklist /run/dbus/system_bus_socket blacklist /run/firejail/dbus Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Mounting read-only /proc/sys Remounting /sys directory Disable /sys/firmware Disable /sys/hypervisor Disable /sys/power Disable /sys/kernel/debug Disable /sys/kernel/vmcoreinfo Disable /proc/sys/fs/binfmt_misc Disable /proc/sys/kernel/core_pattern Disable /proc/sys/kernel/modprobe Disable /proc/sysrq-trigger Disable /proc/sys/vm/panic_on_oom Disable /proc/irq Disable /proc/bus Disable /proc/sched_debug Disable /proc/timer_list Disable /proc/kcore Disable /proc/kallsyms Disable /lib/modules Disable /usr/lib/debug Disable /boot Disable /run/user/1000/gnupg Disable /run/user/1000/systemd Disable /proc/kmsg Debug 456: new_name #/home/mdomann/dateien/Publii#, whitelist Debug 571: fname #/home/mdomann/dateien/Publii#, cfg.homedir #/home/mdomann# Replaced whitelist path: whitelist /home/mdomann/dateien/Publii Debug 456: new_name #/home/mdomann/dateien/Publii#, whitelist Debug 571: fname #/home/mdomann/dateien/Publii#, cfg.homedir #/home/mdomann# Replaced whitelist path: whitelist /home/mdomann/dateien/Publii Debug 456: new_name #/home/mdomann/source/dotfiles/firefox#, whitelist Debug 571: fname #/home/mdomann/source/dotfiles/firefox#, cfg.homedir #/home/mdomann# Replaced whitelist path: whitelist /home/mdomann/source/dotfiles/firefox Debug 456: new_name #/home/mdomann/.cache/mozilla/firefox#, whitelist Debug 571: fname #/home/mdomann/.cache/mozilla/firefox#, cfg.homedir #/home/mdomann# Replaced whitelist path: whitelist /home/mdomann/.cache/mozilla/firefox Debug 456: new_name #/home/mdomann/.mozilla#, whitelist Debug 571: fname #/home/mdomann/.mozilla#, cfg.homedir #/home/mdomann# Replaced whitelist path: whitelist /home/mdomann/.mozilla Debug 456: new_name #/usr/share/doc#, whitelist Debug 456: new_name #/usr/share/firefox#, whitelist Debug 456: new_name #/usr/share/gnome-shell/search-providers/firefox-search-provider.ini#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/gnome-shell/search-providers/firefox-search-provider.ini expanded: /usr/share/gnome-shell/search-providers/firefox-search-provider.ini real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/gtk-doc/html#, whitelist Debug 456: new_name #/usr/share/mozilla#, whitelist Debug 456: new_name #/usr/share/webext#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/webext expanded: /usr/share/webext real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/alsa#, whitelist Debug 456: new_name #/usr/share/applications#, whitelist Debug 456: new_name #/usr/share/ca-certificates#, whitelist Debug 456: new_name #/usr/share/crypto-policies#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/crypto-policies expanded: /usr/share/crypto-policies real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/cursors#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/cursors expanded: /usr/share/cursors real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/dconf#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/dconf expanded: /usr/share/dconf real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/distro-info#, whitelist Debug 456: new_name #/usr/share/drirc.d#, whitelist Debug 456: new_name #/usr/share/enchant#, whitelist Debug 456: new_name #/usr/share/enchant-2#, whitelist Debug 456: new_name #/usr/share/file#, whitelist Debug 456: new_name #/usr/share/fontconfig#, whitelist Debug 456: new_name #/usr/share/fonts#, whitelist Debug 456: new_name #/usr/share/gir-1.0#, whitelist Debug 456: new_name #/usr/share/gjs-1.0#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/gjs-1.0 expanded: /usr/share/gjs-1.0 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/glib-2.0#, whitelist Debug 456: new_name #/usr/share/glvnd#, whitelist Debug 456: new_name #/usr/share/gtk-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/gtk-2.0 expanded: /usr/share/gtk-2.0 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/gtk-3.0#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/gtk-3.0 expanded: /usr/share/gtk-3.0 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/gtk-engines#, whitelist Debug 456: new_name #/usr/share/gtksourceview-3.0#, whitelist Debug 456: new_name #/usr/share/gtksourceview-4#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/gtksourceview-4 expanded: /usr/share/gtksourceview-4 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/hunspell#, whitelist Debug 456: new_name #/usr/share/hwdata#, whitelist Debug 456: new_name #/usr/share/icons#, whitelist Debug 456: new_name #/usr/share/icu#, whitelist Debug 456: new_name #/usr/share/knotifications5#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/knotifications5 expanded: /usr/share/knotifications5 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/kservices5#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/kservices5 expanded: /usr/share/kservices5 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/Kvantum#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/Kvantum expanded: /usr/share/Kvantum real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/kxmlgui5#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/kxmlgui5 expanded: /usr/share/kxmlgui5 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/libdrm#, whitelist Debug 456: new_name #/usr/share/libthai#, whitelist Debug 456: new_name #/usr/share/locale#, whitelist Debug 456: new_name #/usr/share/mime#, whitelist Debug 456: new_name #/usr/share/misc#, whitelist Debug 456: new_name #/usr/share/Modules#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/Modules expanded: /usr/share/Modules real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/myspell#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/myspell expanded: /usr/share/myspell real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/p11-kit#, whitelist Debug 456: new_name #/usr/share/perl#, whitelist Debug 456: new_name #/usr/share/perl5#, whitelist Debug 456: new_name #/usr/share/pixmaps#, whitelist Debug 456: new_name #/usr/share/pki#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/pki expanded: /usr/share/pki real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/plasma#, whitelist Debug 456: new_name #/usr/share/publicsuffix#, whitelist Debug 456: new_name #/usr/share/qt#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/qt expanded: /usr/share/qt real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/qt4#, whitelist Debug 456: new_name #/usr/share/qt5#, whitelist Debug 456: new_name #/usr/share/qt5ct#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/qt5ct expanded: /usr/share/qt5ct real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/sounds#, whitelist Debug 456: new_name #/usr/share/tcl8.6#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/tcl8.6 expanded: /usr/share/tcl8.6 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/tcltk#, whitelist Debug 456: new_name #/usr/share/terminfo#, whitelist Debug 456: new_name #/usr/share/texlive#, whitelist Debug 456: new_name #/usr/share/texmf#, whitelist Debug 456: new_name #/usr/share/themes#, whitelist Debug 456: new_name #/usr/share/thumbnail.so#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/thumbnail.so expanded: /usr/share/thumbnail.so real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/X11#, whitelist Debug 456: new_name #/usr/share/xml#, whitelist Debug 456: new_name #/usr/share/zoneinfo#, whitelist Directory ${DOWNLOADS} resolved as source/downloads/ Debug 456: new_name #/home/mdomann/source/downloads#, whitelist Debug 571: fname #/home/mdomann/source/downloads#, cfg.homedir #/home/mdomann# Replaced whitelist path: whitelist /home/mdomann/source/downloads Debug 456: new_name #/home/mdomann/.pki#, whitelist Debug 571: fname #/home/mdomann/.pki#, cfg.homedir #/home/mdomann# Replaced whitelist path: whitelist /home/mdomann/.pki Debug 456: new_name #/home/mdomann/.local/share/pki#, whitelist Debug 571: fname #/home/mdomann/.local/share/pki#, cfg.homedir #/home/mdomann# Replaced whitelist path: whitelist /home/mdomann/.local/share/pki Debug 456: new_name #/home/mdomann/.XCompose#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.XCompose expanded: /home/mdomann/.XCompose real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.asoundrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.asoundrc expanded: /home/mdomann/.asoundrc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.config/ibus#, whitelist Debug 571: fname #/home/mdomann/.config/ibus#, cfg.homedir #/home/mdomann# Replaced whitelist path: whitelist /home/mdomann/.config/ibus Debug 456: new_name #/home/mdomann/.config/mimeapps.list#, whitelist Debug 571: fname #/home/mdomann/.config/mimeapps.list#, cfg.homedir #/home/mdomann# Replaced whitelist path: whitelist /home/mdomann/.config/mimeapps.list Debug 456: new_name #/home/mdomann/.config/pkcs11#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/pkcs11 expanded: /home/mdomann/.config/pkcs11 real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.config/user-dirs.dirs#, whitelist Debug 571: fname #/home/mdomann/.config/user-dirs.dirs#, cfg.homedir #/home/mdomann# Replaced whitelist path: whitelist /home/mdomann/.config/user-dirs.dirs Debug 456: new_name #/home/mdomann/.config/user-dirs.locale#, whitelist Debug 571: fname #/home/mdomann/.config/user-dirs.locale#, cfg.homedir #/home/mdomann# Replaced whitelist path: whitelist /home/mdomann/.config/user-dirs.locale Debug 456: new_name #/home/mdomann/.drirc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.drirc expanded: /home/mdomann/.drirc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.icons#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.icons expanded: /home/mdomann/.icons real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.local/share/applications#, whitelist Debug 571: fname #/home/mdomann/.local/share/applications#, cfg.homedir #/home/mdomann# Replaced whitelist path: whitelist /home/mdomann/.local/share/applications Debug 456: new_name #/home/mdomann/.local/share/icons#, whitelist Debug 571: fname #/home/mdomann/.local/share/icons#, cfg.homedir #/home/mdomann# Replaced whitelist path: whitelist /home/mdomann/.local/share/icons Debug 456: new_name #/home/mdomann/.local/share/mime#, whitelist Debug 571: fname #/home/mdomann/.local/share/mime#, cfg.homedir #/home/mdomann# Replaced whitelist path: whitelist /home/mdomann/.local/share/mime Debug 456: new_name #/home/mdomann/.mime.types#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.mime.types expanded: /home/mdomann/.mime.types real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.uim.d#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.uim.d expanded: /home/mdomann/.uim.d real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.config/dconf#, whitelist Debug 571: fname #/home/mdomann/.config/dconf#, cfg.homedir #/home/mdomann# Replaced whitelist path: whitelist /home/mdomann/.config/dconf Debug 456: new_name #/home/mdomann/.cache/fontconfig#, whitelist Debug 571: fname #/home/mdomann/.cache/fontconfig#, cfg.homedir #/home/mdomann# Replaced whitelist path: whitelist /home/mdomann/.cache/fontconfig Debug 456: new_name #/home/mdomann/.config/fontconfig#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/fontconfig expanded: /home/mdomann/.config/fontconfig real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.fontconfig#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fontconfig expanded: /home/mdomann/.fontconfig real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.fonts#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts expanded: /home/mdomann/.fonts real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.fonts.conf#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf expanded: /home/mdomann/.fonts.conf real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.fonts.conf.d#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf.d expanded: /home/mdomann/.fonts.conf.d real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.fonts.d#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.d expanded: /home/mdomann/.fonts.d real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.local/share/fonts#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/fonts expanded: /home/mdomann/.local/share/fonts real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.pangorc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.pangorc expanded: /home/mdomann/.pangorc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.config/gtk-2.0#, whitelist Debug 571: fname #/home/mdomann/.config/gtk-2.0#, cfg.homedir #/home/mdomann# Replaced whitelist path: whitelist /home/mdomann/.config/gtk-2.0 Debug 456: new_name #/home/mdomann/.config/gtk-3.0#, whitelist Debug 571: fname #/home/mdomann/.config/gtk-3.0#, cfg.homedir #/home/mdomann# Replaced whitelist path: whitelist /home/mdomann/.config/gtk-3.0 Debug 456: new_name #/home/mdomann/.config/gtk-4.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtk-4.0 expanded: /home/mdomann/.config/gtk-4.0 real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.config/gtkrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc expanded: /home/mdomann/.config/gtkrc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.config/gtkrc-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc-2.0 expanded: /home/mdomann/.config/gtkrc-2.0 real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.gnome2#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2 expanded: /home/mdomann/.gnome2 real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.gnome2-private#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2-private expanded: /home/mdomann/.gnome2-private real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.gtk-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtk-2.0 expanded: /home/mdomann/.gtk-2.0 real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.gtkrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtkrc expanded: /home/mdomann/.gtkrc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.gtkrc-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtkrc-2.0 expanded: /home/mdomann/.gtkrc-2.0 real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.kde/share/config/gtkrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc expanded: /home/mdomann/.kde/share/config/gtkrc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.kde/share/config/gtkrc-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc-2.0 expanded: /home/mdomann/.kde/share/config/gtkrc-2.0 real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.kde4/share/config/gtkrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc expanded: /home/mdomann/.kde4/share/config/gtkrc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.kde4/share/config/gtkrc-2.0#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc-2.0 expanded: /home/mdomann/.kde4/share/config/gtkrc-2.0 real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.local/share/themes#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/themes expanded: /home/mdomann/.local/share/themes real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.themes#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.themes expanded: /home/mdomann/.themes real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.cache/kioexec/krun#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.cache/kioexec/krun expanded: /home/mdomann/.cache/kioexec/krun real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.config/Kvantum#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/Kvantum expanded: /home/mdomann/.config/Kvantum real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.config/Trolltech.conf#, whitelist Debug 571: fname #/home/mdomann/.config/Trolltech.conf#, cfg.homedir #/home/mdomann# Replaced whitelist path: whitelist /home/mdomann/.config/Trolltech.conf Debug 456: new_name #/home/mdomann/.config/kdeglobals#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kdeglobals expanded: /home/mdomann/.config/kdeglobals real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.config/kio_httprc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kio_httprc expanded: /home/mdomann/.config/kio_httprc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.config/kioslaverc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kioslaverc expanded: /home/mdomann/.config/kioslaverc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.config/ksslcablacklist#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/ksslcablacklist expanded: /home/mdomann/.config/ksslcablacklist real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.config/qt5ct#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/qt5ct expanded: /home/mdomann/.config/qt5ct real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.kde/share/config/kdeglobals#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kdeglobals expanded: /home/mdomann/.kde/share/config/kdeglobals real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.kde/share/config/kio_httprc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kio_httprc expanded: /home/mdomann/.kde/share/config/kio_httprc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.kde/share/config/kioslaverc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kioslaverc expanded: /home/mdomann/.kde/share/config/kioslaverc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.kde/share/config/ksslcablacklist#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/ksslcablacklist expanded: /home/mdomann/.kde/share/config/ksslcablacklist real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.kde/share/config/oxygenrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/oxygenrc expanded: /home/mdomann/.kde/share/config/oxygenrc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.kde/share/icons#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/icons expanded: /home/mdomann/.kde/share/icons real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.kde4/share/config/kdeglobals#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kdeglobals expanded: /home/mdomann/.kde4/share/config/kdeglobals real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.kde4/share/config/kio_httprc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kio_httprc expanded: /home/mdomann/.kde4/share/config/kio_httprc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.kde4/share/config/kioslaverc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kioslaverc expanded: /home/mdomann/.kde4/share/config/kioslaverc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.kde4/share/config/ksslcablacklist#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/ksslcablacklist expanded: /home/mdomann/.kde4/share/config/ksslcablacklist real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.kde4/share/config/oxygenrc#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/oxygenrc expanded: /home/mdomann/.kde4/share/config/oxygenrc real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.kde4/share/icons#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/icons expanded: /home/mdomann/.kde4/share/icons real path: (null) realpath: No such file or directory Debug 456: new_name #/home/mdomann/.local/share/qt5ct#, whitelist Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/qt5ct expanded: /home/mdomann/.local/share/qt5ct real path: (null) realpath: No such file or directory Debug 456: new_name #/run/user/1000/bus#, whitelist Replaced whitelist path: whitelist /run/user/1000/bus Debug 456: new_name #/run/user/1000/dconf#, whitelist Replaced whitelist path: whitelist /run/user/1000/dconf Debug 456: new_name #/run/user/1000/gdm/Xauthority#, whitelist Removed whitelist/nowhitelist path: whitelist ${RUNUSER}/gdm/Xauthority expanded: /run/user/1000/gdm/Xauthority real path: (null) realpath: No such file or directory Debug 456: new_name #/run/user/1000/ICEauthority#, whitelist Replaced whitelist path: whitelist /run/user/1000/ICEauthority Debug 456: new_name #/run/user/1000/.mutter-Xwaylandauth.*#, whitelist Removed whitelist/nowhitelist path: whitelist ${RUNUSER}/.mutter-Xwaylandauth.* expanded: /run/user/1000/.mutter-Xwaylandauth.* real path: (null) realpath: No such file or directory Debug 456: new_name #/run/user/1000/pulse/native#, whitelist Replaced whitelist path: whitelist /run/user/1000/pulse/native Debug 456: new_name #/run/user/1000/wayland-0#, whitelist Removed whitelist/nowhitelist path: whitelist ${RUNUSER}/wayland-0 expanded: /run/user/1000/wayland-0 real path: (null) realpath: No such file or directory Debug 456: new_name #/var/lib/ca-certificates#, whitelist Removed whitelist/nowhitelist path: whitelist /var/lib/ca-certificates expanded: /var/lib/ca-certificates real path: (null) realpath: No such file or directory Debug 456: new_name #/var/lib/dbus#, whitelist Debug 456: new_name #/var/lib/menu-xdg#, whitelist Debug 456: new_name #/var/lib/uim#, whitelist Removed whitelist/nowhitelist path: whitelist /var/lib/uim expanded: /var/lib/uim real path: (null) realpath: No such file or directory Debug 456: new_name #/var/cache/fontconfig#, whitelist Debug 456: new_name #/var/tmp#, whitelist Debug 456: new_name #/var/run#, whitelist Replaced whitelist path: whitelist /run Debug 456: new_name #/var/lock#, whitelist Replaced whitelist path: whitelist /run/lock Debug 456: new_name #/tmp/.X11-unix#, whitelist Mounting tmpfs on /tmp directory Mounting tmpfs on /var directory Mounting tmpfs on /usr/share directory Mounting tmpfs on /run/user/1000 directory Drop privileges: pid 4, uid 1000, gid 1000, nogroups 0 Supplementary groups: 29 Mounting a new /root directory Mounting a new /home directory Create a new user directory Drop privileges: pid 5, uid 1000, gid 1000, nogroups 0 Supplementary groups: 29 Drop privileges: pid 6, uid 1000, gid 1000, nogroups 0 Supplementary groups: 29 Whitelisting /home/mdomann/dateien/Publii 1482 1481 0:51 /homefs/mdomann/dateien/Publii /home/mdomann/dateien/Publii rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1482 fsname=/homefs/mdomann/dateien/Publii dir=/home/mdomann/dateien/Publii fstype=btrfs Whitelisting /home/mdomann/dateien/Publii 1483 1482 0:51 /homefs/mdomann/dateien/Publii /home/mdomann/dateien/Publii rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1483 fsname=/homefs/mdomann/dateien/Publii dir=/home/mdomann/dateien/Publii fstype=btrfs Whitelisting /home/mdomann/source/dotfiles/firefox 1484 1481 0:51 /homefs/mdomann/source/dotfiles/firefox /home/mdomann/source/dotfiles/firefox rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=1838,subvol=/homefs/mdomann/source mountid=1484 fsname=/homefs/mdomann/source/dotfiles/firefox dir=/home/mdomann/source/dotfiles/firefox fstype=btrfs Whitelisting /home/mdomann/.cache/mozilla/firefox 1485 1481 0:51 /homefs/mdomann/.cache/mozilla/firefox /home/mdomann/.cache/mozilla/firefox rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=1837,subvol=/homefs/mdomann/.cache mountid=1485 fsname=/homefs/mdomann/.cache/mozilla/firefox dir=/home/mdomann/.cache/mozilla/firefox fstype=btrfs Whitelisting /home/mdomann/.mozilla 1486 1481 0:51 /homefs/mdomann/.mozilla /home/mdomann/.mozilla rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1486 fsname=/homefs/mdomann/.mozilla dir=/home/mdomann/.mozilla fstype=btrfs Whitelisting /usr/share/doc 1487 1470 0:24 /rootfs/usr/share/doc /usr/share/doc ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1487 fsname=/rootfs/usr/share/doc dir=/usr/share/doc fstype=btrfs Whitelisting /usr/share/firefox 1488 1470 0:24 /rootfs/usr/share/firefox /usr/share/firefox ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1488 fsname=/rootfs/usr/share/firefox dir=/usr/share/firefox fstype=btrfs Whitelisting /usr/share/gtk-doc/html 1489 1470 0:24 /rootfs/usr/share/gtk-doc/html /usr/share/gtk-doc/html ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1489 fsname=/rootfs/usr/share/gtk-doc/html dir=/usr/share/gtk-doc/html fstype=btrfs Whitelisting /usr/share/mozilla 1490 1470 0:24 /rootfs/usr/share/mozilla /usr/share/mozilla ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1490 fsname=/rootfs/usr/share/mozilla dir=/usr/share/mozilla fstype=btrfs Whitelisting /usr/share/alsa 1491 1470 0:24 /rootfs/usr/share/alsa /usr/share/alsa ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1491 fsname=/rootfs/usr/share/alsa dir=/usr/share/alsa fstype=btrfs Whitelisting /usr/share/applications 1492 1470 0:24 /rootfs/usr/share/applications /usr/share/applications ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1492 fsname=/rootfs/usr/share/applications dir=/usr/share/applications fstype=btrfs Whitelisting /usr/share/ca-certificates 1493 1470 0:24 /rootfs/usr/share/ca-certificates /usr/share/ca-certificates ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1493 fsname=/rootfs/usr/share/ca-certificates dir=/usr/share/ca-certificates fstype=btrfs Whitelisting /usr/share/distro-info 1494 1470 0:24 /rootfs/usr/share/distro-info /usr/share/distro-info ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1494 fsname=/rootfs/usr/share/distro-info dir=/usr/share/distro-info fstype=btrfs Whitelisting /usr/share/drirc.d 1495 1470 0:24 /rootfs/usr/share/drirc.d /usr/share/drirc.d ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1495 fsname=/rootfs/usr/share/drirc.d dir=/usr/share/drirc.d fstype=btrfs Whitelisting /usr/share/enchant 1496 1470 0:24 /rootfs/usr/share/enchant /usr/share/enchant ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1496 fsname=/rootfs/usr/share/enchant dir=/usr/share/enchant fstype=btrfs Whitelisting /usr/share/enchant-2 1497 1470 0:24 /rootfs/usr/share/enchant-2 /usr/share/enchant-2 ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1497 fsname=/rootfs/usr/share/enchant-2 dir=/usr/share/enchant-2 fstype=btrfs Whitelisting /usr/share/file 1498 1470 0:24 /rootfs/usr/share/file /usr/share/file ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1498 fsname=/rootfs/usr/share/file dir=/usr/share/file fstype=btrfs Whitelisting /usr/share/fontconfig 1499 1470 0:24 /rootfs/usr/share/fontconfig /usr/share/fontconfig ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1499 fsname=/rootfs/usr/share/fontconfig dir=/usr/share/fontconfig fstype=btrfs Whitelisting /usr/share/fonts 1500 1470 0:24 /rootfs/usr/share/fonts /usr/share/fonts ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1500 fsname=/rootfs/usr/share/fonts dir=/usr/share/fonts fstype=btrfs Whitelisting /usr/share/gir-1.0 1501 1470 0:24 /rootfs/usr/share/gir-1.0 /usr/share/gir-1.0 ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1501 fsname=/rootfs/usr/share/gir-1.0 dir=/usr/share/gir-1.0 fstype=btrfs Whitelisting /usr/share/glib-2.0 1502 1470 0:24 /rootfs/usr/share/glib-2.0 /usr/share/glib-2.0 ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1502 fsname=/rootfs/usr/share/glib-2.0 dir=/usr/share/glib-2.0 fstype=btrfs Whitelisting /usr/share/glvnd 1503 1470 0:24 /rootfs/usr/share/glvnd /usr/share/glvnd ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1503 fsname=/rootfs/usr/share/glvnd dir=/usr/share/glvnd fstype=btrfs Whitelisting /usr/share/gtk-engines 1504 1470 0:24 /rootfs/usr/share/gtk-engines /usr/share/gtk-engines ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1504 fsname=/rootfs/usr/share/gtk-engines dir=/usr/share/gtk-engines fstype=btrfs Whitelisting /usr/share/gtksourceview-3.0 1505 1470 0:24 /rootfs/usr/share/gtksourceview-3.0 /usr/share/gtksourceview-3.0 ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1505 fsname=/rootfs/usr/share/gtksourceview-3.0 dir=/usr/share/gtksourceview-3.0 fstype=btrfs Whitelisting /usr/share/hunspell 1506 1470 0:24 /rootfs/usr/share/hunspell /usr/share/hunspell ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1506 fsname=/rootfs/usr/share/hunspell dir=/usr/share/hunspell fstype=btrfs Whitelisting /usr/share/hwdata 1507 1470 0:24 /rootfs/usr/share/hwdata /usr/share/hwdata ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1507 fsname=/rootfs/usr/share/hwdata dir=/usr/share/hwdata fstype=btrfs Whitelisting /usr/share/icons 1508 1470 0:24 /rootfs/usr/share/icons /usr/share/icons ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1508 fsname=/rootfs/usr/share/icons dir=/usr/share/icons fstype=btrfs Whitelisting /usr/share/icu 1509 1470 0:24 /rootfs/usr/share/icu /usr/share/icu ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1509 fsname=/rootfs/usr/share/icu dir=/usr/share/icu fstype=btrfs Whitelisting /usr/share/libdrm 1510 1470 0:24 /rootfs/usr/share/libdrm /usr/share/libdrm ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1510 fsname=/rootfs/usr/share/libdrm dir=/usr/share/libdrm fstype=btrfs Whitelisting /usr/share/libthai 1511 1470 0:24 /rootfs/usr/share/libthai /usr/share/libthai ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1511 fsname=/rootfs/usr/share/libthai dir=/usr/share/libthai fstype=btrfs Whitelisting /usr/share/locale 1512 1470 0:24 /rootfs/usr/share/locale /usr/share/locale ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1512 fsname=/rootfs/usr/share/locale dir=/usr/share/locale fstype=btrfs Whitelisting /usr/share/mime 1513 1470 0:24 /rootfs/usr/share/mime /usr/share/mime ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1513 fsname=/rootfs/usr/share/mime dir=/usr/share/mime fstype=btrfs Whitelisting /usr/share/misc 1514 1470 0:24 /rootfs/usr/share/misc /usr/share/misc ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1514 fsname=/rootfs/usr/share/misc dir=/usr/share/misc fstype=btrfs Whitelisting /usr/share/p11-kit 1515 1470 0:24 /rootfs/usr/share/p11-kit /usr/share/p11-kit ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1515 fsname=/rootfs/usr/share/p11-kit dir=/usr/share/p11-kit fstype=btrfs Whitelisting /usr/share/perl 1516 1470 0:24 /rootfs/usr/share/perl /usr/share/perl ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1516 fsname=/rootfs/usr/share/perl dir=/usr/share/perl fstype=btrfs Whitelisting /usr/share/perl5 1517 1470 0:24 /rootfs/usr/share/perl5 /usr/share/perl5 ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1517 fsname=/rootfs/usr/share/perl5 dir=/usr/share/perl5 fstype=btrfs Whitelisting /usr/share/pixmaps 1518 1470 0:24 /rootfs/usr/share/pixmaps /usr/share/pixmaps ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1518 fsname=/rootfs/usr/share/pixmaps dir=/usr/share/pixmaps fstype=btrfs Whitelisting /usr/share/plasma 1519 1470 0:24 /rootfs/usr/share/plasma /usr/share/plasma ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1519 fsname=/rootfs/usr/share/plasma dir=/usr/share/plasma fstype=btrfs Whitelisting /usr/share/publicsuffix 1520 1470 0:24 /rootfs/usr/share/publicsuffix /usr/share/publicsuffix ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1520 fsname=/rootfs/usr/share/publicsuffix dir=/usr/share/publicsuffix fstype=btrfs Whitelisting /usr/share/qt4 1521 1470 0:24 /rootfs/usr/share/qt4 /usr/share/qt4 ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1521 fsname=/rootfs/usr/share/qt4 dir=/usr/share/qt4 fstype=btrfs Whitelisting /usr/share/qt5 1522 1470 0:24 /rootfs/usr/share/qt5 /usr/share/qt5 ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1522 fsname=/rootfs/usr/share/qt5 dir=/usr/share/qt5 fstype=btrfs Whitelisting /usr/share/sounds 1523 1470 0:24 /rootfs/usr/share/sounds /usr/share/sounds ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1523 fsname=/rootfs/usr/share/sounds dir=/usr/share/sounds fstype=btrfs Whitelisting /usr/share/tcltk 1524 1470 0:24 /rootfs/usr/share/tcltk /usr/share/tcltk ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1524 fsname=/rootfs/usr/share/tcltk dir=/usr/share/tcltk fstype=btrfs Whitelisting /usr/share/terminfo 1525 1470 0:24 /rootfs/usr/share/terminfo /usr/share/terminfo ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1525 fsname=/rootfs/usr/share/terminfo dir=/usr/share/terminfo fstype=btrfs Whitelisting /usr/share/texlive 1526 1470 0:24 /rootfs/usr/share/texlive /usr/share/texlive ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1526 fsname=/rootfs/usr/share/texlive dir=/usr/share/texlive fstype=btrfs Whitelisting /usr/share/texmf 1527 1470 0:24 /rootfs/usr/share/texmf /usr/share/texmf ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1527 fsname=/rootfs/usr/share/texmf dir=/usr/share/texmf fstype=btrfs Whitelisting /usr/share/themes 1528 1470 0:24 /rootfs/usr/share/themes /usr/share/themes ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1528 fsname=/rootfs/usr/share/themes dir=/usr/share/themes fstype=btrfs Whitelisting /usr/share/X11 1529 1470 0:24 /rootfs/usr/share/X11 /usr/share/X11 ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1529 fsname=/rootfs/usr/share/X11 dir=/usr/share/X11 fstype=btrfs Whitelisting /usr/share/xml 1530 1470 0:24 /rootfs/usr/share/xml /usr/share/xml ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1530 fsname=/rootfs/usr/share/xml dir=/usr/share/xml fstype=btrfs Whitelisting /usr/share/zoneinfo 1531 1470 0:24 /rootfs/usr/share/zoneinfo /usr/share/zoneinfo ro,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1531 fsname=/rootfs/usr/share/zoneinfo dir=/usr/share/zoneinfo fstype=btrfs Whitelisting /home/mdomann/source/downloads 1532 1481 0:51 /homefs/mdomann/source/downloads /home/mdomann/source/downloads rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=1838,subvol=/homefs/mdomann/source mountid=1532 fsname=/homefs/mdomann/source/downloads dir=/home/mdomann/source/downloads fstype=btrfs Whitelisting /home/mdomann/.pki 1533 1481 0:51 /homefs/mdomann/.pki /home/mdomann/.pki rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1533 fsname=/homefs/mdomann/.pki dir=/home/mdomann/.pki fstype=btrfs Whitelisting /home/mdomann/.local/share/pki 1534 1481 0:51 /homefs/mdomann/.local/share/pki /home/mdomann/.local/share/pki rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1534 fsname=/homefs/mdomann/.local/share/pki dir=/home/mdomann/.local/share/pki fstype=btrfs Whitelisting /home/mdomann/.config/ibus 1535 1481 0:51 /homefs/mdomann/.config/ibus /home/mdomann/.config/ibus rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1535 fsname=/homefs/mdomann/.config/ibus dir=/home/mdomann/.config/ibus fstype=btrfs Whitelisting /home/mdomann/.config/mimeapps.list 1536 1481 0:51 /homefs/mdomann/.config/mimeapps.list /home/mdomann/.config/mimeapps.list rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1536 fsname=/homefs/mdomann/.config/mimeapps.list dir=/home/mdomann/.config/mimeapps.list fstype=btrfs Whitelisting /home/mdomann/.config/user-dirs.dirs 1537 1481 0:51 /homefs/mdomann/.config/user-dirs.dirs /home/mdomann/.config/user-dirs.dirs rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1537 fsname=/homefs/mdomann/.config/user-dirs.dirs dir=/home/mdomann/.config/user-dirs.dirs fstype=btrfs Whitelisting /home/mdomann/.config/user-dirs.locale 1538 1481 0:51 /homefs/mdomann/.config/user-dirs.locale /home/mdomann/.config/user-dirs.locale rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1538 fsname=/homefs/mdomann/.config/user-dirs.locale dir=/home/mdomann/.config/user-dirs.locale fstype=btrfs Whitelisting /home/mdomann/.local/share/applications 1539 1481 0:51 /homefs/mdomann/.local/share/applications /home/mdomann/.local/share/applications rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1539 fsname=/homefs/mdomann/.local/share/applications dir=/home/mdomann/.local/share/applications fstype=btrfs Whitelisting /home/mdomann/.local/share/icons 1540 1481 0:51 /homefs/mdomann/.local/share/icons /home/mdomann/.local/share/icons rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1540 fsname=/homefs/mdomann/.local/share/icons dir=/home/mdomann/.local/share/icons fstype=btrfs Whitelisting /home/mdomann/.local/share/mime 1541 1481 0:51 /homefs/mdomann/.local/share/mime /home/mdomann/.local/share/mime rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1541 fsname=/homefs/mdomann/.local/share/mime dir=/home/mdomann/.local/share/mime fstype=btrfs Whitelisting /home/mdomann/.config/dconf 1542 1481 0:51 /homefs/mdomann/.config/dconf /home/mdomann/.config/dconf rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1542 fsname=/homefs/mdomann/.config/dconf dir=/home/mdomann/.config/dconf fstype=btrfs Whitelisting /home/mdomann/.cache/fontconfig 1543 1481 0:51 /homefs/mdomann/.cache/fontconfig /home/mdomann/.cache/fontconfig rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=1837,subvol=/homefs/mdomann/.cache mountid=1543 fsname=/homefs/mdomann/.cache/fontconfig dir=/home/mdomann/.cache/fontconfig fstype=btrfs Whitelisting /home/mdomann/.config/gtk-2.0 1544 1481 0:51 /homefs/mdomann/.config/gtk-2.0 /home/mdomann/.config/gtk-2.0 rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1544 fsname=/homefs/mdomann/.config/gtk-2.0 dir=/home/mdomann/.config/gtk-2.0 fstype=btrfs Whitelisting /home/mdomann/.config/gtk-3.0 1545 1481 0:51 /homefs/mdomann/.config/gtk-3.0 /home/mdomann/.config/gtk-3.0 rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1545 fsname=/homefs/mdomann/.config/gtk-3.0 dir=/home/mdomann/.config/gtk-3.0 fstype=btrfs Whitelisting /home/mdomann/.config/Trolltech.conf 1546 1481 0:51 /homefs/mdomann/.config/Trolltech.conf /home/mdomann/.config/Trolltech.conf rw,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1546 fsname=/homefs/mdomann/.config/Trolltech.conf dir=/home/mdomann/.config/Trolltech.conf fstype=btrfs Whitelisting /run/user/1000/bus 1547 1475 0:23 /firejail/firejail.ro.file /run/user/1000/bus rw,nosuid,nodev,noexec,relatime master:5 - tmpfs tmpfs rw,size=1631612k,mode=755 mountid=1547 fsname=/firejail/firejail.ro.file dir=/run/user/1000/bus fstype=tmpfs Whitelisting /run/user/1000/dconf 1548 1475 0:61 /dconf /run/user/1000/dconf rw,nosuid,nodev,relatime master:281 - tmpfs tmpfs rw,size=1631608k,nr_inodes=407902,mode=700,uid=1000,gid=1000 mountid=1548 fsname=/dconf dir=/run/user/1000/dconf fstype=tmpfs Whitelisting /run/user/1000/ICEauthority 1549 1475 0:61 /ICEauthority /run/user/1000/ICEauthority rw,nosuid,nodev,relatime master:281 - tmpfs tmpfs rw,size=1631608k,nr_inodes=407902,mode=700,uid=1000,gid=1000 mountid=1549 fsname=/ICEauthority dir=/run/user/1000/ICEauthority fstype=tmpfs Whitelisting /run/user/1000/pulse/native 1550 1475 0:61 /pulse/native /run/user/1000/pulse/native rw,nosuid,nodev,relatime master:281 - tmpfs tmpfs rw,size=1631608k,nr_inodes=407902,mode=700,uid=1000,gid=1000 mountid=1550 fsname=/pulse/native dir=/run/user/1000/pulse/native fstype=tmpfs Whitelisting /var/lib/dbus 1551 1468 0:24 /rootfs/var/lib/dbus /var/lib/dbus ro,nosuid,nodev,noexec,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1551 fsname=/rootfs/var/lib/dbus dir=/var/lib/dbus fstype=btrfs Whitelisting /var/lib/menu-xdg 1552 1468 0:24 /rootfs/var/lib/menu-xdg /var/lib/menu-xdg ro,nosuid,nodev,noexec,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1552 fsname=/rootfs/var/lib/menu-xdg dir=/var/lib/menu-xdg fstype=btrfs Whitelisting /var/cache/fontconfig 1553 1468 0:24 /rootfs/var/cache/fontconfig /var/cache/fontconfig ro,nosuid,nodev,noexec,relatime master:1 - btrfs /dev/sda2 rw,ssd,space_cache,subvolid=283,subvol=/rootfs mountid=1553 fsname=/rootfs/var/cache/fontconfig dir=/var/cache/fontconfig fstype=btrfs Whitelisting /var/tmp 1554 1468 0:96 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw mountid=1554 fsname=/ dir=/var/tmp fstype=tmpfs Created symbolic link /var/run -/run Created symbolic link /var/lock -/run/lock Whitelisting /tmp/.X11-unix 1555 1457 0:40 /.X11-unix /tmp/.X11-unix rw,relatime master:23 - tmpfs tmpfs rw,size=4194304k mountid=1555 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Disable /etc/X11/Xsession.d Disable /etc/xdg/autostart Mounting read-only /home/mdomann/.Xauthority 1563 1481 0:113 /mdomann/.Xauthority /home/mdomann/.Xauthority ro,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755 mountid=1563 fsname=/mdomann/.Xauthority dir=/home/mdomann/.Xauthority fstype=tmpfs Mounting read-only /home/mdomann/.config/dconf 1564 1542 0:51 /homefs/mdomann/.config/dconf /home/mdomann/.config/dconf ro,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1564 fsname=/homefs/mdomann/.config/dconf dir=/home/mdomann/.config/dconf fstype=btrfs Disable /etc/init.d (requested /etc/init.d/) Disable /run/acpid.socket (requested /var/run/acpid.socket) Disable /run/rpcbind.sock (requested /var/run/rpcbind.sock) Disable /etc/anacrontab Disable /etc/cron.d Disable /etc/cron.daily Disable /etc/cron.hourly Disable /etc/cron.monthly Disable /etc/cron.weekly Disable /etc/cron.deny Disable /etc/crontab Disable /etc/crontab.dpkg-dist Disable /etc/profile.d Disable /etc/rc.local Disable /etc/rc2.d Disable /etc/rc3.d Disable /etc/rc4.d Disable /etc/rc5.d Disable /etc/rc0.d Disable /etc/rc1.d Disable /etc/rc6.d Disable /etc/rcS.d Disable /etc/kernel Disable /etc/kernel-img.conf Disable /etc/grub.d Disable /etc/dkms Disable /etc/apparmor.d Disable /etc/apparmor Disable /etc/selinux Disable /etc/modules Disable /etc/modules-load.d Disable /etc/logrotate.d Disable /etc/logrotate.conf Disable /etc/adduser.conf Mounting read-only /home/mdomann/.bashrc 1599 1481 0:113 /mdomann/.bashrc /home/mdomann/.bashrc ro,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755 mountid=1599 fsname=/mdomann/.bashrc dir=/home/mdomann/.bashrc fstype=tmpfs Mounting read-only /home/mdomann/.local/share/applications 1600 1539 0:51 /homefs/mdomann/.local/share/applications /home/mdomann/.local/share/applications ro,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1600 fsname=/homefs/mdomann/.local/share/applications dir=/home/mdomann/.local/share/applications fstype=btrfs Mounting read-only /home/mdomann/.config/mimeapps.list 1601 1536 0:51 /homefs/mdomann/.config/mimeapps.list /home/mdomann/.config/mimeapps.list ro,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1601 fsname=/homefs/mdomann/.config/mimeapps.list dir=/home/mdomann/.config/mimeapps.list fstype=btrfs Mounting read-only /home/mdomann/.config/user-dirs.dirs 1602 1537 0:51 /homefs/mdomann/.config/user-dirs.dirs /home/mdomann/.config/user-dirs.dirs ro,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1602 fsname=/homefs/mdomann/.config/user-dirs.dirs dir=/home/mdomann/.config/user-dirs.dirs fstype=btrfs Mounting read-only /home/mdomann/.config/user-dirs.locale 1603 1538 0:51 /homefs/mdomann/.config/user-dirs.locale /home/mdomann/.config/user-dirs.locale ro,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1603 fsname=/homefs/mdomann/.config/user-dirs.locale dir=/home/mdomann/.config/user-dirs.locale fstype=btrfs Mounting read-only /home/mdomann/.local/share/mime 1604 1541 0:51 /homefs/mdomann/.local/share/mime /home/mdomann/.local/share/mime ro,nosuid,nodev,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1604 fsname=/homefs/mdomann/.local/share/mime dir=/home/mdomann/.local/share/mime fstype=btrfs Not blacklist /home/mdomann/.pki Not blacklist /home/mdomann/.local/share/pki Disable /etc/davfs2/secrets Disable /etc/group- Disable /etc/gshadow Disable /etc/gshadow- Disable /etc/passwd- Disable /etc/shadow Disable /etc/shadow- Disable /etc/ssh Disable /sbin Disable /usr/local/sbin Disable /usr/sbin Disable /etc/java Disable /usr/lib/valgrind Disable /usr/src Disable /usr/local/src Disable /usr/include Disable /usr/local/include Mounting noexec /home/mdomann/dateien/Publii 1622 1483 0:51 /homefs/mdomann/dateien/Publii /home/mdomann/dateien/Publii rw,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1622 fsname=/homefs/mdomann/dateien/Publii dir=/home/mdomann/dateien/Publii fstype=btrfs Mounting noexec /home/mdomann/source/dotfiles/firefox 1623 1484 0:51 /homefs/mdomann/source/dotfiles/firefox /home/mdomann/source/dotfiles/firefox rw,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=1838,subvol=/homefs/mdomann/source mountid=1623 fsname=/homefs/mdomann/source/dotfiles/firefox dir=/home/mdomann/source/dotfiles/firefox fstype=btrfs Mounting noexec /home/mdomann/.cache/mozilla/firefox 1624 1485 0:51 /homefs/mdomann/.cache/mozilla/firefox /home/mdomann/.cache/mozilla/firefox rw,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=1837,subvol=/homefs/mdomann/.cache mountid=1624 fsname=/homefs/mdomann/.cache/mozilla/firefox dir=/home/mdomann/.cache/mozilla/firefox fstype=btrfs Mounting noexec /home/mdomann/.mozilla 1625 1486 0:51 /homefs/mdomann/.mozilla /home/mdomann/.mozilla rw,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1625 fsname=/homefs/mdomann/.mozilla dir=/home/mdomann/.mozilla fstype=btrfs Mounting noexec /home/mdomann/source/downloads 1626 1532 0:51 /homefs/mdomann/source/downloads /home/mdomann/source/downloads rw,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=1838,subvol=/homefs/mdomann/source mountid=1626 fsname=/homefs/mdomann/source/downloads dir=/home/mdomann/source/downloads fstype=btrfs Mounting noexec /home/mdomann/.pki 1627 1533 0:51 /homefs/mdomann/.pki /home/mdomann/.pki rw,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1627 fsname=/homefs/mdomann/.pki dir=/home/mdomann/.pki fstype=btrfs Mounting noexec /home/mdomann/.local/share/pki 1628 1534 0:51 /homefs/mdomann/.local/share/pki /home/mdomann/.local/share/pki rw,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1628 fsname=/homefs/mdomann/.local/share/pki dir=/home/mdomann/.local/share/pki fstype=btrfs Mounting noexec /home/mdomann/.config/ibus 1629 1535 0:51 /homefs/mdomann/.config/ibus /home/mdomann/.config/ibus rw,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1629 fsname=/homefs/mdomann/.config/ibus dir=/home/mdomann/.config/ibus fstype=btrfs Mounting noexec /home/mdomann/.config/mimeapps.list 1630 1601 0:51 /homefs/mdomann/.config/mimeapps.list /home/mdomann/.config/mimeapps.list ro,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1630 fsname=/homefs/mdomann/.config/mimeapps.list dir=/home/mdomann/.config/mimeapps.list fstype=btrfs Mounting noexec /home/mdomann/.config/user-dirs.dirs 1631 1602 0:51 /homefs/mdomann/.config/user-dirs.dirs /home/mdomann/.config/user-dirs.dirs ro,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1631 fsname=/homefs/mdomann/.config/user-dirs.dirs dir=/home/mdomann/.config/user-dirs.dirs fstype=btrfs Mounting noexec /home/mdomann/.config/user-dirs.locale 1632 1603 0:51 /homefs/mdomann/.config/user-dirs.locale /home/mdomann/.config/user-dirs.locale ro,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1632 fsname=/homefs/mdomann/.config/user-dirs.locale dir=/home/mdomann/.config/user-dirs.locale fstype=btrfs Mounting noexec /home/mdomann/.local/share/applications 1633 1600 0:51 /homefs/mdomann/.local/share/applications /home/mdomann/.local/share/applications ro,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1633 fsname=/homefs/mdomann/.local/share/applications dir=/home/mdomann/.local/share/applications fstype=btrfs Mounting noexec /home/mdomann/.local/share/icons 1634 1540 0:51 /homefs/mdomann/.local/share/icons /home/mdomann/.local/share/icons rw,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1634 fsname=/homefs/mdomann/.local/share/icons dir=/home/mdomann/.local/share/icons fstype=btrfs Mounting noexec /home/mdomann/.local/share/mime 1635 1604 0:51 /homefs/mdomann/.local/share/mime /home/mdomann/.local/share/mime ro,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1635 fsname=/homefs/mdomann/.local/share/mime dir=/home/mdomann/.local/share/mime fstype=btrfs Mounting noexec /home/mdomann/.config/dconf 1636 1564 0:51 /homefs/mdomann/.config/dconf /home/mdomann/.config/dconf ro,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1636 fsname=/homefs/mdomann/.config/dconf dir=/home/mdomann/.config/dconf fstype=btrfs Mounting noexec /home/mdomann/.cache/fontconfig 1637 1543 0:51 /homefs/mdomann/.cache/fontconfig /home/mdomann/.cache/fontconfig rw,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=1837,subvol=/homefs/mdomann/.cache mountid=1637 fsname=/homefs/mdomann/.cache/fontconfig dir=/home/mdomann/.cache/fontconfig fstype=btrfs Mounting noexec /home/mdomann/.config/gtk-2.0 1638 1544 0:51 /homefs/mdomann/.config/gtk-2.0 /home/mdomann/.config/gtk-2.0 rw,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1638 fsname=/homefs/mdomann/.config/gtk-2.0 dir=/home/mdomann/.config/gtk-2.0 fstype=btrfs Mounting noexec /home/mdomann/.config/gtk-3.0 1639 1545 0:51 /homefs/mdomann/.config/gtk-3.0 /home/mdomann/.config/gtk-3.0 rw,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1639 fsname=/homefs/mdomann/.config/gtk-3.0 dir=/home/mdomann/.config/gtk-3.0 fstype=btrfs Mounting noexec /home/mdomann/.config/Trolltech.conf 1640 1546 0:51 /homefs/mdomann/.config/Trolltech.conf /home/mdomann/.config/Trolltech.conf rw,nosuid,nodev,noexec,relatime master:210 - btrfs /dev/mapper/_dev_nvme1n1p1 rw,ssd,space_cache,subvolid=656,subvol=/homefs mountid=1640 fsname=/homefs/mdomann/.config/Trolltech.conf dir=/home/mdomann/.config/Trolltech.conf fstype=btrfs Mounting noexec /run/user/1000 1645 1641 0:61 /pulse/native /run/user/1000/pulse/native rw,nosuid,nodev,relatime master:281 - tmpfs tmpfs rw,size=1631608k,nr_inodes=407902,mode=700,uid=1000,gid=1000 mountid=1645 fsname=/pulse/native dir=/run/user/1000/pulse/native fstype=tmpfs Mounting noexec /run/user/1000/dconf 1646 1643 0:61 /dconf /run/user/1000/dconf rw,nosuid,nodev,noexec,relatime master:281 - tmpfs tmpfs rw,size=1631608k,nr_inodes=407902,mode=700,uid=1000,gid=1000 mountid=1646 fsname=/dconf dir=/run/user/1000/dconf fstype=tmpfs Mounting noexec /run/user/1000/ICEauthority 1647 1644 0:61 /ICEauthority /run/user/1000/ICEauthority rw,nosuid,nodev,noexec,relatime master:281 - tmpfs tmpfs rw,size=1631608k,nr_inodes=407902,mode=700,uid=1000,gid=1000 mountid=1647 fsname=/ICEauthority dir=/run/user/1000/ICEauthority fstype=tmpfs Mounting noexec /run/user/1000/pulse/native 1648 1645 0:61 /pulse/native /run/user/1000/pulse/native rw,nosuid,nodev,noexec,relatime master:281 - tmpfs tmpfs rw,size=1631608k,nr_inodes=407902,mode=700,uid=1000,gid=1000 mountid=1648 fsname=/pulse/native dir=/run/user/1000/pulse/native fstype=tmpfs Mounting noexec /dev/shm 1649 1422 0:106 /shm /dev/shm rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755 mountid=1649 fsname=/shm dir=/dev/shm fstype=tmpfs Mounting noexec /tmp 1651 1650 0:40 /.X11-unix /tmp/.X11-unix rw,relatime master:23 - tmpfs tmpfs rw,size=4194304k mountid=1651 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Mounting noexec /tmp/.X11-unix 1652 1651 0:40 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev,noexec,relatime master:23 - tmpfs tmpfs rw,size=4194304k mountid=1652 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Mounting noexec /var 1657 1653 0:96 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw mountid=1657 fsname=/ dir=/var/tmp fstype=tmpfs Disable /usr/lib/liblualib50.a Disable /usr/lib/liblualib50.so.5.0 (requested /usr/lib/liblualib50.so) Disable /usr/lib/liblualib50.so.5.0 Disable /usr/lib/liblualib50.so.5.0 (requested /usr/lib/liblualib50.so.5) Disable /usr/lib/liblua50.a Disable /usr/lib/liblua50.so.5.0 (requested /usr/lib/liblua50.so) Disable /usr/lib/liblua50.so.5.0 Disable /usr/lib/liblua50.so.5.0 (requested /usr/lib/liblua50.so.5) Disable /usr/share/perl5 Disable /usr/share/perl Disable /usr/lib/php Disable /usr/lib/ruby Disable /usr/lib/python2.7 Disable /usr/local/lib/python2.7 Disable /usr/lib/python3 Disable /usr/lib/python3.5 Disable /usr/lib/python3.6 Disable /usr/lib/python3.7 Disable /usr/lib/python3.9 Disable /usr/local/lib/python3.5 Disable /usr/local/lib/python3.6 Disable /usr/local/lib/python3.7 Disable /usr/local/lib/python3.9 Not blacklist /home/mdomann/.mozilla Not blacklist /home/mdomann/.cache/mozilla Mounting read-only /tmp/.X11-unix 1681 1652 0:40 /.X11-unix /tmp/.X11-unix ro,nosuid,nodev,noexec,relatime master:23 - tmpfs tmpfs rw,size=4194304k mountid=1681 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Disable /sys/fs Disable /sys/module /etc/pulse/client.conf not found Current directory: /home/mdomann DISPLAY=:0.0 parsed as 0 Install protocol filter: unix,inet,inet6,netlink configuring 22 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol Dropping all capabilities Drop privileges: pid 7, uid 1000, gid 1000, nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 04 00 c000003e jeq ARCH_64 0006 (false 0002) 0002: 20 00 00 00000000 ld data.syscall-number 0003: 15 01 00 00000167 jeq unknown 0005 (false 0004) 0004: 06 00 00 7fff0000 ret ALLOW 0005: 05 00 00 00000006 jmp 000c 0006: 20 00 00 00000004 ld data.architecture 0007: 15 01 00 c000003e jeq ARCH_64 0009 (false 0008) 0008: 06 00 00 7fff0000 ret ALLOW 0009: 20 00 00 00000000 ld data.syscall-number 000a: 15 01 00 00000029 jeq socket 000c (false 000b) 000b: 06 00 00 7fff0000 ret ALLOW 000c: 20 00 00 00000010 ld data.args[0] 000d: 15 00 01 00000001 jeq 1 000e (false 000f) 000e: 06 00 00 7fff0000 ret ALLOW 000f: 15 00 01 00000002 jeq 2 0010 (false 0011) 0010: 06 00 00 7fff0000 ret ALLOW 0011: 15 00 01 0000000a jeq a 0012 (false 0013) 0012: 06 00 00 7fff0000 ret ALLOW 0013: 15 00 01 00000010 jeq 10 0014 (false 0015) 0014: 06 00 00 7fff0000 ret ALLOW 0015: 06 00 00 0005005f ret ERRNO(95) configuring 101 seccomp entries in /run/firejail/mnt/seccomp/seccomp.32 sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.32 Dropping all capabilities Drop privileges: pid 8, uid 1000, gid 1000, nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 40000003 jeq ARCH_32 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 15 00 01 00000015 jeq 15 0005 (false 0006) 0005: 06 00 00 00000001 ret KILL 0006: 15 00 01 00000034 jeq 34 0007 (false 0008) 0007: 06 00 00 00000001 ret KILL 0008: 15 00 01 0000001a jeq 1a 0009 (false 000a) 0009: 06 00 00 00000001 ret KILL 000a: 15 00 01 0000011b jeq 11b 000b (false 000c) 000b: 06 00 00 00000001 ret KILL 000c: 15 00 01 00000155 jeq 155 000d (false 000e) 000d: 06 00 00 00000001 ret KILL 000e: 15 00 01 00000156 jeq 156 000f (false 0010) 000f: 06 00 00 00000001 ret KILL 0010: 15 00 01 0000007f jeq 7f 0011 (false 0012) 0011: 06 00 00 00000001 ret KILL 0012: 15 00 01 00000080 jeq 80 0013 (false 0014) 0013: 06 00 00 00000001 ret KILL 0014: 15 00 01 0000015e jeq 15e 0015 (false 0016) 0015: 06 00 00 00000001 ret KILL 0016: 15 00 01 00000081 jeq 81 0017 (false 0018) 0017: 06 00 00 00000001 ret KILL 0018: 15 00 01 0000006e jeq 6e 0019 (false 001a) 0019: 06 00 00 00000001 ret KILL 001a: 15 00 01 00000065 jeq 65 001b (false 001c) 001b: 06 00 00 00000001 ret KILL 001c: 15 00 01 00000121 jeq 121 001d (false 001e) 001d: 06 00 00 00000001 ret KILL 001e: 15 00 01 00000057 jeq 57 001f (false 0020) 001f: 06 00 00 00000001 ret KILL 0020: 15 00 01 00000073 jeq 73 0021 (false 0022) 0021: 06 00 00 00000001 ret KILL 0022: 15 00 01 00000067 jeq 67 0023 (false 0024) 0023: 06 00 00 00000001 ret KILL 0024: 15 00 01 0000015b jeq 15b 0025 (false 0026) 0025: 06 00 00 00000001 ret KILL 0026: 15 00 01 0000015c jeq 15c 0027 (false 0028) 0027: 06 00 00 00000001 ret KILL 0028: 15 00 01 00000087 jeq 87 0029 (false 002a) 0029: 06 00 00 00000001 ret KILL 002a: 15 00 01 00000095 jeq 95 002b (false 002c) 002b: 06 00 00 00000001 ret KILL 002c: 15 00 01 0000007c jeq 7c 002d (false 002e) 002d: 06 00 00 00000001 ret KILL 002e: 15 00 01 00000157 jeq 157 002f (false 0030) 002f: 06 00 00 00000001 ret KILL 0030: 15 00 01 000000fd jeq fd 0031 (false 0032) 0031: 06 00 00 00000001 ret KILL 0032: 15 00 01 00000150 jeq 150 0033 (false 0034) 0033: 06 00 00 00000001 ret KILL 0034: 15 00 01 00000152 jeq 152 0035 (false 0036) 0035: 06 00 00 00000001 ret KILL 0036: 15 00 01 0000015d jeq 15d 0037 (false 0038) 0037: 06 00 00 00000001 ret KILL 0038: 15 00 01 0000011e jeq 11e 0039 (false 003a) 0039: 06 00 00 00000001 ret KILL 003a: 15 00 01 0000011f jeq 11f 003b (false 003c) 003b: 06 00 00 00000001 ret KILL 003c: 15 00 01 00000120 jeq 120 003d (false 003e) 003d: 06 00 00 00000001 ret KILL 003e: 15 00 01 00000056 jeq 56 003f (false 0040) 003f: 06 00 00 00000001 ret KILL 0040: 15 00 01 00000033 jeq 33 0041 (false 0042) 0041: 06 00 00 00000001 ret KILL 0042: 15 00 01 0000007b jeq 7b 0043 (false 0044) 0043: 06 00 00 00000001 ret KILL 0044: 15 00 01 000000d9 jeq d9 0045 (false 0046) 0045: 06 00 00 00000001 ret KILL 0046: 15 00 01 000000f5 jeq f5 0047 (false 0048) 0047: 06 00 00 00000001 ret KILL 0048: 15 00 01 000000f6 jeq f6 0049 (false 004a) 0049: 06 00 00 00000001 ret KILL 004a: 15 00 01 000000f7 jeq f7 004b (false 004c) 004b: 06 00 00 00000001 ret KILL 004c: 15 00 01 000000f8 jeq f8 004d (false 004e) 004d: 06 00 00 00000001 ret KILL 004e: 15 00 01 000000f9 jeq f9 004f (false 0050) 004f: 06 00 00 00000001 ret KILL 0050: 15 00 01 00000101 jeq 101 0051 (false 0052) 0051: 06 00 00 00000001 ret KILL 0052: 15 00 01 00000112 jeq 112 0053 (false 0054) 0053: 06 00 00 00000001 ret KILL 0054: 15 00 01 00000114 jeq 114 0055 (false 0056) 0055: 06 00 00 00000001 ret KILL 0056: 15 00 01 00000126 jeq 126 0057 (false 0058) 0057: 06 00 00 00000001 ret KILL 0058: 15 00 01 0000013d jeq 13d 0059 (false 005a) 0059: 06 00 00 00000001 ret KILL 005a: 15 00 01 0000013c jeq 13c 005b (false 005c) 005b: 06 00 00 00000001 ret KILL 005c: 15 00 01 0000003d jeq 3d 005d (false 005e) 005d: 06 00 00 00000001 ret KILL 005e: 15 00 01 00000058 jeq 58 005f (false 0060) 005f: 06 00 00 00000001 ret KILL 0060: 15 00 01 000000a9 jeq a9 0061 (false 0062) 0061: 06 00 00 00000001 ret KILL 0062: 15 00 01 00000082 jeq 82 0063 (false 0064) 0063: 06 00 00 00000001 ret KILL 0064: 06 00 00 7fff0000 ret ALLOW Dual 32/64 bit seccomp filter configured Build default+drop seccomp filter sbox run: /run/firejail/lib/fseccomp default drop /run/firejail/mnt/seccomp/seccomp /run/firejail/mnt/seccomp/seccomp.postexec !chroot Dropping all capabilities Drop privileges: pid 9, uid 1000, gid 1000, nogroups 1 No supplementary groups Seccomp list in: !chroot, check list: @default-keep, prelist: unknown, sbox run: /run/firejail/lib/fsec-optimize /run/firejail/mnt/seccomp/seccomp Dropping all capabilities Drop privileges: pid 10, uid 1000, gid 1000, nogroups 1 No supplementary groups configuring 136 seccomp entries in /run/firejail/mnt/seccomp/seccomp sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp Dropping all capabilities Drop privileges: pid 11, uid 1000, gid 1000, nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005) 0005: 35 01 00 00000000 jge read 0007 (false 0006) 0006: 06 00 00 00050001 ret ERRNO(1) 0007: 15 00 01 000000a1 jeq chroot 0008 (false 0009) 0008: 06 00 00 7fff0000 ret ALLOW 0009: 15 00 01 0000009f jeq adjtimex 000a (false 000b) 000a: 06 00 00 00050001 ret ERRNO(1) 000b: 15 00 01 00000131 jeq clock_adjtime 000c (false 000d) 000c: 06 00 00 00050001 ret ERRNO(1) 000d: 15 00 01 000000e3 jeq clock_settime 000e (false 000f) 000e: 06 00 00 00050001 ret ERRNO(1) 000f: 15 00 01 000000a4 jeq settimeofday 0010 (false 0011) 0010: 06 00 00 00050001 ret ERRNO(1) 0011: 15 00 01 0000009a jeq modify_ldt 0012 (false 0013) 0012: 06 00 00 00050001 ret ERRNO(1) 0013: 15 00 01 000000d4 jeq lookup_dcookie 0014 (false 0015) 0014: 06 00 00 00050001 ret ERRNO(1) 0015: 15 00 01 0000012a jeq perf_event_open 0016 (false 0017) 0016: 06 00 00 00050001 ret ERRNO(1) 0017: 15 00 01 00000137 jeq process_vm_writev 0018 (false 0019) 0018: 06 00 00 00050001 ret ERRNO(1) 0019: 15 00 01 000000b0 jeq delete_module 001a (false 001b) 001a: 06 00 00 00050001 ret ERRNO(1) 001b: 15 00 01 00000139 jeq finit_module 001c (false 001d) 001c: 06 00 00 00050001 ret ERRNO(1) 001d: 15 00 01 000000af jeq init_module 001e (false 001f) 001e: 06 00 00 00050001 ret ERRNO(1) 001f: 15 00 01 000000a1 jeq chroot 0020 (false 0021) 0020: 06 00 00 00050001 ret ERRNO(1) 0021: 15 00 01 000000a5 jeq mount 0022 (false 0023) 0022: 06 00 00 00050001 ret ERRNO(1) 0023: 15 00 01 0000009b jeq pivot_root 0024 (false 0025) 0024: 06 00 00 00050001 ret ERRNO(1) 0025: 15 00 01 000000a6 jeq umount2 0026 (false 0027) 0026: 06 00 00 00050001 ret ERRNO(1) 0027: 15 00 01 0000009c jeq _sysctl 0028 (false 0029) 0028: 06 00 00 00050001 ret ERRNO(1) 0029: 15 00 01 000000b7 jeq afs_syscall 002a (false 002b) 002a: 06 00 00 00050001 ret ERRNO(1) 002b: 15 00 01 000000ae jeq create_module 002c (false 002d) 002c: 06 00 00 00050001 ret ERRNO(1) 002d: 15 00 01 000000b1 jeq get_kernel_syms 002e (false 002f) 002e: 06 00 00 00050001 ret ERRNO(1) 002f: 15 00 01 000000b5 jeq getpmsg 0030 (false 0031) 0030: 06 00 00 00050001 ret ERRNO(1) 0031: 15 00 01 000000b6 jeq putpmsg 0032 (false 0033) 0032: 06 00 00 00050001 ret ERRNO(1) 0033: 15 00 01 000000b2 jeq query_module 0034 (false 0035) 0034: 06 00 00 00050001 ret ERRNO(1) 0035: 15 00 01 000000b9 jeq security 0036 (false 0037) 0036: 06 00 00 00050001 ret ERRNO(1) 0037: 15 00 01 0000008b jeq sysfs 0038 (false 0039) 0038: 06 00 00 00050001 ret ERRNO(1) 0039: 15 00 01 000000b8 jeq tuxcall 003a (false 003b) 003a: 06 00 00 00050001 ret ERRNO(1) 003b: 15 00 01 00000086 jeq uselib 003c (false 003d) 003c: 06 00 00 00050001 ret ERRNO(1) 003d: 15 00 01 00000088 jeq ustat 003e (false 003f) 003e: 06 00 00 00050001 ret ERRNO(1) 003f: 15 00 01 000000ec jeq vserver 0040 (false 0041) 0040: 06 00 00 00050001 ret ERRNO(1) 0041: 15 00 01 000000ad jeq ioperm 0042 (false 0043) 0042: 06 00 00 00050001 ret ERRNO(1) 0043: 15 00 01 000000ac jeq iopl 0044 (false 0045) 0044: 06 00 00 00050001 ret ERRNO(1) 0045: 15 00 01 000000f6 jeq kexec_load 0046 (false 0047) 0046: 06 00 00 00050001 ret ERRNO(1) 0047: 15 00 01 00000140 jeq kexec_file_load 0048 (false 0049) 0048: 06 00 00 00050001 ret ERRNO(1) 0049: 15 00 01 000000a9 jeq reboot 004a (false 004b) 004a: 06 00 00 00050001 ret ERRNO(1) 004b: 15 00 01 000000a7 jeq swapon 004c (false 004d) 004c: 06 00 00 00050001 ret ERRNO(1) 004d: 15 00 01 000000a8 jeq swapoff 004e (false 004f) 004e: 06 00 00 00050001 ret ERRNO(1) 004f: 15 00 01 00000130 jeq open_by_handle_at 0050 (false 0051) 0050: 06 00 00 00050001 ret ERRNO(1) 0051: 15 00 01 0000012f jeq name_to_handle_at 0052 (false 0053) 0052: 06 00 00 00050001 ret ERRNO(1) 0053: 15 00 01 000000fb jeq ioprio_set 0054 (false 0055) 0054: 06 00 00 00050001 ret ERRNO(1) 0055: 15 00 01 00000067 jeq syslog 0056 (false 0057) 0056: 06 00 00 00050001 ret ERRNO(1) 0057: 15 00 01 0000012c jeq fanotify_init 0058 (false 0059) 0058: 06 00 00 00050001 ret ERRNO(1) 0059: 15 00 01 00000138 jeq kcmp 005a (false 005b) 005a: 06 00 00 00050001 ret ERRNO(1) 005b: 15 00 01 000000f8 jeq add_key 005c (false 005d) 005c: 06 00 00 00050001 ret ERRNO(1) 005d: 15 00 01 000000f9 jeq request_key 005e (false 005f) 005e: 06 00 00 00050001 ret ERRNO(1) 005f: 15 00 01 000000ed jeq mbind 0060 (false 0061) 0060: 06 00 00 00050001 ret ERRNO(1) 0061: 15 00 01 00000100 jeq migrate_pages 0062 (false 0063) 0062: 06 00 00 00050001 ret ERRNO(1) 0063: 15 00 01 00000117 jeq move_pages 0064 (false 0065) 0064: 06 00 00 00050001 ret ERRNO(1) 0065: 15 00 01 000000fa jeq keyctl 0066 (false 0067) 0066: 06 00 00 00050001 ret ERRNO(1) 0067: 15 00 01 000000ce jeq io_setup 0068 (false 0069) 0068: 06 00 00 00050001 ret ERRNO(1) 0069: 15 00 01 000000cf jeq io_destroy 006a (false 006b) 006a: 06 00 00 00050001 ret ERRNO(1) 006b: 15 00 01 000000d0 jeq io_getevents 006c (false 006d) 006c: 06 00 00 00050001 ret ERRNO(1) 006d: 15 00 01 000000d1 jeq io_submit 006e (false 006f) 006e: 06 00 00 00050001 ret ERRNO(1) 006f: 15 00 01 000000d2 jeq io_cancel 0070 (false 0071) 0070: 06 00 00 00050001 ret ERRNO(1) 0071: 15 00 01 000000d8 jeq remap_file_pages 0072 (false 0073) 0072: 06 00 00 00050001 ret ERRNO(1) 0073: 15 00 01 00000143 jeq userfaultfd 0074 (false 0075) 0074: 06 00 00 00050001 ret ERRNO(1) 0075: 15 00 01 000000a3 jeq acct 0076 (false 0077) 0076: 06 00 00 00050001 ret ERRNO(1) 0077: 15 00 01 00000141 jeq bpf 0078 (false 0079) 0078: 06 00 00 00050001 ret ERRNO(1) 0079: 15 00 01 000000b4 jeq nfsservctl 007a (false 007b) 007a: 06 00 00 00050001 ret ERRNO(1) 007b: 15 00 01 000000ab jeq setdomainname 007c (false 007d) 007c: 06 00 00 00050001 ret ERRNO(1) 007d: 15 00 01 000000aa jeq sethostname 007e (false 007f) 007e: 06 00 00 00050001 ret ERRNO(1) 007f: 15 00 01 00000099 jeq vhangup 0080 (false 0081) 0080: 06 00 00 00050001 ret ERRNO(1) 0081: 15 00 01 00000065 jeq ptrace 0082 (false 0083) 0082: 06 00 00 00050001 ret ERRNO(1) 0083: 15 00 01 00000087 jeq personality 0084 (false 0085) 0084: 06 00 00 00050001 ret ERRNO(1) 0085: 15 00 01 00000136 jeq process_vm_readv 0086 (false 0087) 0086: 06 00 00 00050001 ret ERRNO(1) 0087: 06 00 00 7fff0000 ret ALLOW seccomp filter configured Mounting read-only /run/firejail/mnt/seccomp 1775 1371 0:93 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755 mountid=1775 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs Seccomp directory: ls /run/firejail/mnt/seccomp drwxr-xr-x root root 160 . drwxr-xr-x root root 420 .. -rw-r--r-- mdomann mdomann 1088 seccomp -rw-r--r-- mdomann mdomann 808 seccomp.32 -rw-r--r-- mdomann mdomann 114 seccomp.list -rw-r--r-- mdomann mdomann 0 seccomp.postexec -rw-r--r-- mdomann mdomann 0 seccomp.postexec32 -rw-r--r-- mdomann mdomann 176 seccomp.protocol Active seccomp files: cat /run/firejail/mnt/seccomp/seccomp.list /run/firejail/mnt/seccomp/seccomp.protocol /run/firejail/mnt/seccomp/seccomp.32 /run/firejail/mnt/seccomp/seccomp Dropping all capabilities noroot user namespace installed Dropping all capabilities NO_NEW_PRIVS set Drop privileges: pid 1, uid 1000, gid 1000, nogroups 1 No supplementary groups starting application LD_PRELOAD=(null) execvp argument 0: firefox Child process initialized in 79.72 ms Searching $PATH for firefox trying #/home/mdomann/.cargo/bin/firefox# trying #/usr/local/bin/firefox# trying #/usr/bin/firefox# trying #/bin/firefox# trying #/usr/local/games/firefox# trying #/usr/games/firefox# trying #/sbin/firefox# trying #/usr/local/sbin/firefox# trying #/home/mdomann/.scripte/firefox# trying #/usr/sbin/firefox# trying #/home/mdomann/.scripte/backup/firefox# trying #/home/mdomann/.dotfiles/bin//firefox# trying #/home/mdomann/.local/bin/firefox# trying #/home/mdomann/handy/android_home_tools/android-sdk-linux/platform-tools//firefox# trying #/home/mdomann/handy/android_home_tools/android-sdk-linux/tools//firefox# trying #/home/mdomann/.scripte/backup/firefox# trying #/home/mdomann/handy/android_home_tools/android-sdk-linux/tools/bin/firefox# trying #/home/mdomann/source/go/bin/firefox# Error: no suitable firefox executable found monitoring pid 12 Sandbox monitor: waitpid 12 retval 12 status 256 Parent is shutting down, bye... ``` </details> firefox or no other binary will be startet. firefox works with noprifile. I have firejail version 0.9.64 from debian unstable. I try to resolv this on my own: 1. commentig out firefox-comon.profile doesn't work 2. testing by commenting out all includes and oter option in firefox-common.profile doesn't work to. I think I need some advice. --- EDIT by @rusty-snake: code-block and details tags for debug output.
gitea-mirror commented 2026-05-05 09:06:26 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Jan 12, 2021):

Reading profile /home/mdomann/.config/firejail/firefox.local

What's in it? Has you uncommented private-etc or private-bin? If it still fails, add the following at the very top of firefox.profile and try again.

ignore whitelist /usr/share
ignore whitelist ${HOME}
ignore dbus-user filter
ignore include firefox-common.profile

If it works now remove one and try again to find which it is.

<!-- gh-comment-id:758843512 --> @rusty-snake commented on GitHub (Jan 12, 2021): > Reading profile /home/mdomann/.config/firejail/firefox.local What's in it? Has you uncommented `private-etc` or `private-bin`? If it still fails, add the following at the very top of firefox.profile and try again. ``` ignore whitelist /usr/share ignore whitelist ${HOME} ignore dbus-user filter ignore include firefox-common.profile ``` If it works now remove one and try again to find which it is.
gitea-mirror commented 2026-05-05 09:06:27 -06:00
Author
Owner
Copy link

@Micha-Btz commented on GitHub (Jan 12, 2021):

Ahrg. it's my fault. I have added private-bin keepassxc-proxy to my firefox.local, which breaks the setup.
I definitely need to create a roadmap for such test for me. Can be closed.
Thanks a lot.

<!-- gh-comment-id:758889473 --> @Micha-Btz commented on GitHub (Jan 12, 2021): Ahrg. it's my fault. I have added private-bin keepassxc-proxy to my firefox.local, which breaks the setup. I definitely need to create a roadmap for such test for me. Can be closed. Thanks a lot.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2430
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?