github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #3954] ssh: cannot access ssh-agent when doing a proxyjump #2475

New issue
Open
opened 2026-05-05 09:09:36 -06:00 by gitea-mirror · 4 comments
gitea-mirror commented 2026-05-05 09:09:36 -06:00
Owner
Copy link

Originally created by @Lesstat on GitHub (Feb 7, 2021).
Original GitHub issue: https://github.com/netblue30/firejail/issues/3954

Bug and expected behavior
If I try to connect to a host via ssh for which proxyjump is configured in the .ssh/config file, my configured ssh-agent is not used and I get asked for a password every time. After entering the password for the ssh-key, I get connected fine. I use a custom ssh-agent socket location as in #3884 and the fix suggested in that issues helps for hosts without configured proxyjump.

I expect the ssh-agent to be used even for a proxyjump host.

No profile and disabling firejail

  • What changed calling firejail --noprofile /path/to/program in a terminal?
    When running firejail --noprofile ssh host:
    The password is asked twice.
  • What changed calling the program by path (check which <program> or firejail --list while the sandbox is running)?
    When running /usr/bin/ssh host:
    I am logged in without needing to type a password

Reproduce
Steps to reproduce the behavior:

  1. With ssh-agent running and listening on a non-default socket location…
  2. Install Firejail
  3. Run sudo firecfg
  4. ssh-add your key if it's not already loaded
  5. In a bash terminal, try to ssh to a host that has proxyjump set up

Environment

  • Linux distribution and version (ie output of lsb_release -a, screenfetch or cat /etc/os-release)
    • Archlinux
  • Firejail version (output of firejail --version) exclusive or used git commit (git rev-parse HEAD)
    • firejail version 0.9.64.2

Compile time support:
- AppArmor support is enabled
- AppImage support is enabled
- chroot support is enabled
- D-BUS proxy support is enabled
- file and directory whitelisting support is enabled
- file transfer support is enabled
- firetunnel support is enabled
- networking support is enabled
- overlayfs support is enabled
- private-home support is enabled
- SELinux support is disabled
- user namespace support is enabled
- X11 sandboxing support is enabled

Additional context
I use the gpg-agent as ssh-agent on a non default location. The gpg-agent does not run inside firejail. Both the host and the proxyjump can be accessed with the same ssh key.

Checklist

  • The profile (and redirect profile if exists) hasn't already been fixed upstream.
  • The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
  • I have performed a short search for similar issues (to avoid opening a duplicate).
  • If it is a AppImage, --profile=PROFILENAME is used to set the right profile.
  • Used LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 PROGRAM to get english error-messages.
  • I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.
debug output 
OUTPUT OF `firejail --debug PROGRAM`

Reading profile /home/flo/.config/firejail/ssh.profile
Autoselecting /bin/zsh as shell
Building quoted command line: 'ssh' 'host' 
Command name #ssh#
Found ssh.profile profile in /home/flo/.config/firejail directory
DISPLAY=:0 parsed as 0
Debug 456: new_name #/run/user/1000/gnupg/d.95o9fuqk3thgmykj8g9w9aio/S.gpg-agent.ssh#, whitelist
Debug 456: new_name #/run/user/1000/gnupg/S.gpg-agent.ssh#, whitelist
Found disable-common.inc profile in /etc/firejail directory
Found disable-exec.inc profile in /etc/firejail directory
Found disable-passwdmgr.inc profile in /etc/firejail directory
Found disable-programs.inc profile in /etc/firejail directory
Found whitelist-usr-share-common.inc profile in /etc/firejail directory
Found whitelist-runuser-common.inc profile in /etc/firejail directory
Enabling IPC namespace
Using the local network stack
Initializing child process
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp directory
Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file
Build protocol filter: unix,inet,inet6
sbox run: /run/firejail/lib/fseccomp protocol build unix,inet,inet6 /run/firejail/mnt/seccomp/seccomp.protocol 
Mounting /proc filesystem representing the PID namespace
Basic read-only filesystem:
Mounting read-only /etc
602 558 8:2 /etc /etc ro,relatime master:1 - ext4 /dev/sda2 rw
mountid=602 fsname=/etc dir=/etc fstype=ext4
Mounting noexec /etc
603 602 8:2 /etc /etc ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/sda2 rw
mountid=603 fsname=/etc dir=/etc fstype=ext4
Mounting read-only /var
604 558 8:2 /var /var ro,relatime master:1 - ext4 /dev/sda2 rw
mountid=604 fsname=/var dir=/var fstype=ext4
Mounting noexec /var
605 604 8:2 /var /var ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/sda2 rw
mountid=605 fsname=/var dir=/var fstype=ext4
Mounting read-only /usr
606 558 8:2 /usr /usr ro,relatime master:1 - ext4 /dev/sda2 rw
mountid=606 fsname=/usr dir=/usr fstype=ext4
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Cleaning /run/user directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /home/flo/.config/firejail
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/profile
Disable /run/firejail/x11
Disable /run/firejail/appimage
Mounting tmpfs on /dev
mounting /run/firejail/mnt/dev/hidraw0 file
mounting /run/firejail/mnt/dev/hidraw1 file
mounting /run/firejail/mnt/dev/hidraw2 file
mounting /run/firejail/mnt/dev/hidraw3 file
mounting /run/firejail/mnt/dev/usb directory
Process /dev/shm directory
Creating empty /run/firejail/mnt/dbus directory
Creating empty /run/firejail/mnt/dbus/user file
blacklist /run/user/1000/bus
Creating empty /run/firejail/mnt/dbus/system file
blacklist /run/dbus/system_bus_socket
blacklist /run/firejail/dbus
Mounting read-only /proc/sys
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/sched_debug
Disable /proc/timer_list
Disable /proc/kcore
Disable /proc/kallsyms
Disable /usr/lib/modules (requested /lib/modules)
Disable /boot
Disable /proc/kmsg
Replaced whitelist path: whitelist /run/user/1000/gnupg/d.95o9fuqk3thgmykj8g9w9aio/S.gpg-agent.ssh
Removed whitelist/nowhitelist path: whitelist ${RUNUSER}/gnupg/S.gpg-agent.ssh
	expanded: /run/user/1000/gnupg/S.gpg-agent.ssh
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/run/user/1000/keyring/ssh#, whitelist
Removed whitelist/nowhitelist path: whitelist ${RUNUSER}/keyring/ssh
	expanded: /run/user/1000/keyring/ssh
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/alsa#, whitelist
Debug 456: new_name #/usr/share/applications#, whitelist
Debug 456: new_name #/usr/share/ca-certificates#, whitelist
Debug 456: new_name #/usr/share/crypto-policies#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/crypto-policies
	expanded: /usr/share/crypto-policies
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/cursors#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/cursors
	expanded: /usr/share/cursors
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/dconf#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/dconf
	expanded: /usr/share/dconf
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/distro-info#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/distro-info
	expanded: /usr/share/distro-info
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/drirc.d#, whitelist
Debug 456: new_name #/usr/share/enchant#, whitelist
Debug 456: new_name #/usr/share/enchant-2#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/enchant-2
	expanded: /usr/share/enchant-2
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/file#, whitelist
Debug 456: new_name #/usr/share/fontconfig#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/fontconfig
	expanded: /usr/share/fontconfig
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/fonts#, whitelist
Debug 456: new_name #/usr/share/fonts-config#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/fonts-config
	expanded: /usr/share/fonts-config
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/gir-1.0#, whitelist
Debug 456: new_name #/usr/share/gjs-1.0#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/gjs-1.0
	expanded: /usr/share/gjs-1.0
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/glib-2.0#, whitelist
Debug 456: new_name #/usr/share/glvnd#, whitelist
Debug 456: new_name #/usr/share/gtk-2.0#, whitelist
Debug 456: new_name #/usr/share/gtk-3.0#, whitelist
Debug 456: new_name #/usr/share/gtk-engines#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/gtk-engines
	expanded: /usr/share/gtk-engines
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/gtksourceview-3.0#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/gtksourceview-3.0
	expanded: /usr/share/gtksourceview-3.0
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/gtksourceview-4#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/gtksourceview-4
	expanded: /usr/share/gtksourceview-4
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/hunspell#, whitelist
Debug 456: new_name #/usr/share/hwdata#, whitelist
Debug 456: new_name #/usr/share/icons#, whitelist
Debug 456: new_name #/usr/share/icu#, whitelist
Debug 456: new_name #/usr/share/knotifications5#, whitelist
Debug 456: new_name #/usr/share/kservices5#, whitelist
Debug 456: new_name #/usr/share/Kvantum#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/Kvantum
	expanded: /usr/share/Kvantum
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/kxmlgui5#, whitelist
Debug 456: new_name #/usr/share/libdrm#, whitelist
Debug 456: new_name #/usr/share/libthai#, whitelist
Debug 456: new_name #/usr/share/locale#, whitelist
Debug 456: new_name #/usr/share/mime#, whitelist
Debug 456: new_name #/usr/share/misc#, whitelist
Debug 456: new_name #/usr/share/Modules#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/Modules
	expanded: /usr/share/Modules
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/myspell#, whitelist
Debug 456: new_name #/usr/share/p11-kit#, whitelist
Debug 456: new_name #/usr/share/perl#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/perl
	expanded: /usr/share/perl
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/perl5#, whitelist
Debug 456: new_name #/usr/share/pixmaps#, whitelist
Debug 456: new_name #/usr/share/pki#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/pki
	expanded: /usr/share/pki
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/plasma#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/plasma
	expanded: /usr/share/plasma
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/publicsuffix#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/publicsuffix
	expanded: /usr/share/publicsuffix
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/qt#, whitelist
Debug 456: new_name #/usr/share/qt4#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/qt4
	expanded: /usr/share/qt4
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/qt5#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/qt5
	expanded: /usr/share/qt5
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/qt5ct#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/qt5ct
	expanded: /usr/share/qt5ct
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/sounds#, whitelist
Debug 456: new_name #/usr/share/tcl8.6#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/tcl8.6
	expanded: /usr/share/tcl8.6
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/tcltk#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/tcltk
	expanded: /usr/share/tcltk
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/terminfo#, whitelist
Debug 456: new_name #/usr/share/texlive#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/texlive
	expanded: /usr/share/texlive
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/texmf#, whitelist
Debug 456: new_name #/usr/share/themes#, whitelist
Debug 456: new_name #/usr/share/thumbnail.so#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/thumbnail.so
	expanded: /usr/share/thumbnail.so
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/vulkan#, whitelist
Debug 456: new_name #/usr/share/X11#, whitelist
Debug 456: new_name #/usr/share/xml#, whitelist
Debug 456: new_name #/usr/share/zenity#, whitelist
Debug 456: new_name #/usr/share/zoneinfo#, whitelist
Debug 456: new_name #/run/user/1000/bus#, whitelist
Debug 456: new_name #/run/user/1000/dconf#, whitelist
Debug 456: new_name #/run/user/1000/gdm/Xauthority#, whitelist
Replaced whitelist path: whitelist /run/user/1000/bus
Replaced whitelist path: whitelist /run/user/1000/dconf
Removed whitelist/nowhitelist path: whitelist ${RUNUSER}/gdm/Xauthority
	expanded: /run/user/1000/gdm/Xauthority
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/run/user/1000/ICEauthority#, whitelist
Removed whitelist/nowhitelist path: whitelist ${RUNUSER}/ICEauthority
	expanded: /run/user/1000/ICEauthority
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/run/user/1000/.mutter-Xwaylandauth.*#, whitelist
Removed whitelist/nowhitelist path: whitelist ${RUNUSER}/.mutter-Xwaylandauth.*
	expanded: /run/user/1000/.mutter-Xwaylandauth.*
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/run/user/1000/pulse/native#, whitelist
Debug 456: new_name #/run/user/1000/wayland-0#, whitelist
Replaced whitelist path: whitelist /run/user/1000/pulse/native
Removed whitelist/nowhitelist path: whitelist ${RUNUSER}/wayland-0
	expanded: /run/user/1000/wayland-0
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/run/user/1000/wayland-1#, whitelist
Removed whitelist/nowhitelist path: whitelist ${RUNUSER}/wayland-1
	expanded: /run/user/1000/wayland-1
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/run/user/1000/xauth_*#, whitelist
Removed whitelist/nowhitelist path: whitelist ${RUNUSER}/xauth_*
	expanded: /run/user/1000/xauth_*
	real path: (null)
	realpath: No such file or directory
Mounting tmpfs on /usr/share directory
Mounting tmpfs on /run/user/1000 directory
Whitelisting /run/user/1000/gnupg/d.95o9fuqk3thgmykj8g9w9aio/S.gpg-agent.ssh
998 997 0:58 /gnupg/d.95o9fuqk3thgmykj8g9w9aio/S.gpg-agent.ssh /run/user/1000/gnupg/d.95o9fuqk3thgmykj8g9w9aio/S.gpg-agent.ssh rw,nosuid,nodev,relatime master:368 - tmpfs tmpfs rw,size=1632496k,nr_inodes=408124,mode=700,uid=1000,gid=1000,inode64
mountid=998 fsname=/gnupg/d.95o9fuqk3thgmykj8g9w9aio/S.gpg-agent.ssh dir=/run/user/1000/gnupg/d.95o9fuqk3thgmykj8g9w9aio/S.gpg-agent.ssh fstype=tmpfs
Whitelisting /usr/share/alsa
1000 588 8:2 /usr/share/alsa /usr/share/alsa ro,relatime master:1 - ext4 /dev/sda2 rw
mountid=1000 fsname=/usr/share/alsa dir=/usr/share/alsa fstype=ext4
Whitelisting /usr/share/applications
1001 588 8:2 /usr/share/applications /usr/share/applications ro,relatime master:1 - ext4 /dev/sda2 rw
mountid=1001 fsname=/usr/share/applications dir=/usr/share/applications fstype=ext4
Whitelisting /usr/share/ca-certificates
1002 588 8:2 /usr/share/ca-certificates /usr/share/ca-certificates ro,relatime master:1 - ext4 /dev/sda2 rw
mountid=1002 fsname=/usr/share/ca-certificates dir=/usr/share/ca-certificates fstype=ext4
Whitelisting /usr/share/drirc.d
1003 588 8:2 /usr/share/drirc.d /usr/share/drirc.d ro,relatime master:1 - ext4 /dev/sda2 rw
mountid=1003 fsname=/usr/share/drirc.d dir=/usr/share/drirc.d fstype=ext4
Whitelisting /usr/share/enchant
1004 588 8:2 /usr/share/enchant /usr/share/enchant ro,relatime master:1 - ext4 /dev/sda2 rw
mountid=1004 fsname=/usr/share/enchant dir=/usr/share/enchant fstype=ext4
Whitelisting /usr/share/file
1005 588 8:2 /usr/share/file /usr/share/file ro,relatime master:1 - ext4 /dev/sda2 rw
mountid=1005 fsname=/usr/share/file dir=/usr/share/file fstype=ext4
Whitelisting /usr/share/fonts
1007 588 8:2 /usr/share/fonts /usr/share/fonts ro,relatime master:1 - ext4 /dev/sda2 rw
mountid=1007 fsname=/usr/share/fonts dir=/usr/share/fonts fstype=ext4
Whitelisting /usr/share/gir-1.0
1008 588 8:2 /usr/share/gir-1.0 /usr/share/gir-1.0 ro,relatime master:1 - ext4 /dev/sda2 rw
mountid=1008 fsname=/usr/share/gir-1.0 dir=/usr/share/gir-1.0 fstype=ext4
Whitelisting /usr/share/glib-2.0
1009 588 8:2 /usr/share/glib-2.0 /usr/share/glib-2.0 ro,relatime master:1 - ext4 /dev/sda2 rw
mountid=1009 fsname=/usr/share/glib-2.0 dir=/usr/share/glib-2.0 fstype=ext4
Whitelisting /usr/share/glvnd
1010 588 8:2 /usr/share/glvnd /usr/share/glvnd ro,relatime master:1 - ext4 /dev/sda2 rw
mountid=1010 fsname=/usr/share/glvnd dir=/usr/share/glvnd fstype=ext4
Whitelisting /usr/share/gtk-2.0
1011 588 8:2 /usr/share/gtk-2.0 /usr/share/gtk-2.0 ro,relatime master:1 - ext4 /dev/sda2 rw
mountid=1011 fsname=/usr/share/gtk-2.0 dir=/usr/share/gtk-2.0 fstype=ext4
Whitelisting /usr/share/gtk-3.0
1012 588 8:2 /usr/share/gtk-3.0 /usr/share/gtk-3.0 ro,relatime master:1 - ext4 /dev/sda2 rw
mountid=1012 fsname=/usr/share/gtk-3.0 dir=/usr/share/gtk-3.0 fstype=ext4
Whitelisting /usr/share/hunspell
1013 588 8:2 /usr/share/hunspell /usr/share/hunspell ro,relatime master:1 - ext4 /dev/sda2 rw
mountid=1013 fsname=/usr/share/hunspell dir=/usr/share/hunspell fstype=ext4
Whitelisting /usr/share/hwdata
1014 588 8:2 /usr/share/hwdata /usr/share/hwdata ro,relatime master:1 - ext4 /dev/sda2 rw
mountid=1014 fsname=/usr/share/hwdata dir=/usr/share/hwdata fstype=ext4
Whitelisting /usr/share/icons
1015 588 8:2 /usr/share/icons /usr/share/icons ro,relatime master:1 - ext4 /dev/sda2 rw
mountid=1015 fsname=/usr/share/icons dir=/usr/share/icons fstype=ext4
Whitelisting /usr/share/icu
1016 588 8:2 /usr/share/icu /usr/share/icu ro,relatime master:1 - ext4 /dev/sda2 rw
mountid=1016 fsname=/usr/share/icu dir=/usr/share/icu fstype=ext4
Whitelisting /usr/share/knotifications5
1017 588 8:2 /usr/share/knotifications5 /usr/share/knotifications5 ro,relatime master:1 - ext4 /dev/sda2 rw
mountid=1017 fsname=/usr/share/knotifications5 dir=/usr/share/knotifications5 fstype=ext4
Whitelisting /usr/share/kservices5
1018 588 8:2 /usr/share/kservices5 /usr/share/kservices5 ro,relatime master:1 - ext4 /dev/sda2 rw
mountid=1018 fsname=/usr/share/kservices5 dir=/usr/share/kservices5 fstype=ext4
Whitelisting /usr/share/kxmlgui5
1019 588 8:2 /usr/share/kxmlgui5 /usr/share/kxmlgui5 ro,relatime master:1 - ext4 /dev/sda2 rw
mountid=1019 fsname=/usr/share/kxmlgui5 dir=/usr/share/kxmlgui5 fstype=ext4
Whitelisting /usr/share/libdrm
1020 588 8:2 /usr/share/libdrm /usr/share/libdrm ro,relatime master:1 - ext4 /dev/sda2 rw
mountid=1020 fsname=/usr/share/libdrm dir=/usr/share/libdrm fstype=ext4
Whitelisting /usr/share/libthai
1021 588 8:2 /usr/share/libthai /usr/share/libthai ro,relatime master:1 - ext4 /dev/sda2 rw
mountid=1021 fsname=/usr/share/libthai dir=/usr/share/libthai fstype=ext4
Whitelisting /usr/share/locale
1028 588 8:2 /usr/share/locale /usr/share/locale ro,relatime master:1 - ext4 /dev/sda2 rw
mountid=1028 fsname=/usr/share/locale dir=/usr/share/locale fstype=ext4
Whitelisting /usr/share/mime
1029 588 8:2 /usr/share/mime /usr/share/mime ro,relatime master:1 - ext4 /dev/sda2 rw
mountid=1029 fsname=/usr/share/mime dir=/usr/share/mime fstype=ext4
Whitelisting /usr/share/misc
1030 588 8:2 /usr/share/misc /usr/share/misc ro,relatime master:1 - ext4 /dev/sda2 rw
mountid=1030 fsname=/usr/share/misc dir=/usr/share/misc fstype=ext4
Whitelisting /usr/share/myspell
1083 588 8:2 /usr/share/myspell /usr/share/myspell ro,relatime master:1 - ext4 /dev/sda2 rw
mountid=1083 fsname=/usr/share/myspell dir=/usr/share/myspell fstype=ext4
Whitelisting /usr/share/p11-kit
1117 588 8:2 /usr/share/p11-kit /usr/share/p11-kit ro,relatime master:1 - ext4 /dev/sda2 rw
mountid=1117 fsname=/usr/share/p11-kit dir=/usr/share/p11-kit fstype=ext4
Whitelisting /usr/share/perl5
1121 588 8:2 /usr/share/perl5 /usr/share/perl5 ro,relatime master:1 - ext4 /dev/sda2 rw
mountid=1121 fsname=/usr/share/perl5 dir=/usr/share/perl5 fstype=ext4
Whitelisting /usr/share/pixmaps
1122 588 8:2 /usr/share/pixmaps /usr/share/pixmaps ro,relatime master:1 - ext4 /dev/sda2 rw
mountid=1122 fsname=/usr/share/pixmaps dir=/usr/share/pixmaps fstype=ext4
Whitelisting /usr/share/qt
1123 588 8:2 /usr/share/qt /usr/share/qt ro,relatime master:1 - ext4 /dev/sda2 rw
mountid=1123 fsname=/usr/share/qt dir=/usr/share/qt fstype=ext4
Whitelisting /usr/share/sounds
1124 588 8:2 /usr/share/sounds /usr/share/sounds ro,relatime master:1 - ext4 /dev/sda2 rw
mountid=1124 fsname=/usr/share/sounds dir=/usr/share/sounds fstype=ext4
Whitelisting /usr/share/terminfo
1125 588 8:2 /usr/share/terminfo /usr/share/terminfo ro,relatime master:1 - ext4 /dev/sda2 rw
mountid=1125 fsname=/usr/share/terminfo dir=/usr/share/terminfo fstype=ext4
Whitelisting /usr/share/texmf
1126 588 8:2 /usr/share/texmf /usr/share/texmf ro,relatime master:1 - ext4 /dev/sda2 rw
mountid=1126 fsname=/usr/share/texmf dir=/usr/share/texmf fstype=ext4
Whitelisting /usr/share/themes
1127 588 8:2 /usr/share/themes /usr/share/themes ro,relatime master:1 - ext4 /dev/sda2 rw
mountid=1127 fsname=/usr/share/themes dir=/usr/share/themes fstype=ext4
Whitelisting /usr/share/vulkan
1128 588 8:2 /usr/share/vulkan /usr/share/vulkan ro,relatime master:1 - ext4 /dev/sda2 rw
mountid=1128 fsname=/usr/share/vulkan dir=/usr/share/vulkan fstype=ext4
Whitelisting /usr/share/X11
1129 588 8:2 /usr/share/X11 /usr/share/X11 ro,relatime master:1 - ext4 /dev/sda2 rw
mountid=1129 fsname=/usr/share/X11 dir=/usr/share/X11 fstype=ext4
Whitelisting /usr/share/xml
1130 588 8:2 /usr/share/xml /usr/share/xml ro,relatime master:1 - ext4 /dev/sda2 rw
mountid=1130 fsname=/usr/share/xml dir=/usr/share/xml fstype=ext4
Whitelisting /usr/share/zenity
1131 588 8:2 /usr/share/zenity /usr/share/zenity ro,relatime master:1 - ext4 /dev/sda2 rw
mountid=1131 fsname=/usr/share/zenity dir=/usr/share/zenity fstype=ext4
Whitelisting /usr/share/zoneinfo
1132 588 8:2 /usr/share/zoneinfo /usr/share/zoneinfo ro,relatime master:1 - ext4 /dev/sda2 rw
mountid=1132 fsname=/usr/share/zoneinfo dir=/usr/share/zoneinfo fstype=ext4
Whitelisting /run/user/1000/bus
1133 997 0:24 /firejail/firejail.ro.file /run/user/1000/bus rw,nosuid,nodev,relatime master:14 - tmpfs run rw,mode=755,inode64
mountid=1133 fsname=/firejail/firejail.ro.file dir=/run/user/1000/bus fstype=tmpfs
Whitelisting /run/user/1000/dconf
1134 997 0:58 /dconf /run/user/1000/dconf rw,nosuid,nodev,relatime master:368 - tmpfs tmpfs rw,size=1632496k,nr_inodes=408124,mode=700,uid=1000,gid=1000,inode64
mountid=1134 fsname=/dconf dir=/run/user/1000/dconf fstype=tmpfs
Whitelisting /run/user/1000/pulse/native
1135 997 0:58 /pulse/native /run/user/1000/pulse/native rw,nosuid,nodev,relatime master:368 - tmpfs tmpfs rw,size=1632496k,nr_inodes=408124,mode=700,uid=1000,gid=1000,inode64
mountid=1135 fsname=/pulse/native dir=/run/user/1000/pulse/native fstype=tmpfs
Disable /home/flo/.bash_history
Disable /home/flo/.calc_history
Disable /home/flo/workspaces/config/dotfiles/i3/.config/i3 (requested /home/flo/.config/i3)
Disable /etc/xdg/autostart
Mounting read-only /home/flo/.Xauthority
1142 614 8:35 /flo/.Xauthority /home/flo/.Xauthority ro,relatime master:74 - ext4 /dev/sdc3 rw,data=ordered
mountid=1142 fsname=/flo/.Xauthority dir=/home/flo/.Xauthority fstype=ext4
Mounting read-only /home/flo/.cache/ksycoca5_de_3bfqV_5h66ra3Jc0EfFGvi3iH8A=
1143 614 8:35 /flo/.cache/ksycoca5_de_3bfqV_5h66ra3Jc0EfFGvi3iH8A= /home/flo/.cache/ksycoca5_de_3bfqV_5h66ra3Jc0EfFGvi3iH8A= ro,relatime master:74 - ext4 /dev/sdc3 rw,data=ordered
mountid=1143 fsname=/flo/.cache/ksycoca5_de_3bfqV_5h66ra3Jc0EfFGvi3iH8A= dir=/home/flo/.cache/ksycoca5_de_3bfqV_5h66ra3Jc0EfFGvi3iH8A= fstype=ext4
Disable /home/flo/.local/share/gvfs-metadata
Mounting read-only /home/flo/.config/dconf
1145 614 8:35 /flo/.config/dconf /home/flo/.config/dconf ro,relatime master:74 - ext4 /dev/sdc3 rw,data=ordered
mountid=1145 fsname=/flo/.config/dconf dir=/home/flo/.config/dconf fstype=ext4
Disable /home/flo/.config/systemd
Disable /home/flo/.local/share/systemd
Disable /var/lib/systemd
Disable /usr/bin/systemd-run
Disable /var/cache/pacman
Disable /var/lib/pacman
Disable /var/lib/upower
Disable /var/spool/mail (requested /var/mail)
Disable /var/opt
Disable /var/spool/mail
Disable /etc/cron.daily
Disable /etc/cron.monthly
Disable /etc/cron.weekly
Disable /etc/cron.hourly
Disable /etc/profile.d
Disable /etc/kernel
Disable /etc/apparmor.d
Disable /etc/apparmor
Disable /etc/modules-load.d
Disable /etc/logrotate.conf
Disable /etc/logrotate.d
Mounting read-only /home/flo/workspaces/config/dotfiles/zsh/.zshenv
1167 614 8:35 /flo/workspaces/config/dotfiles/zsh/.zshenv /home/flo/workspaces/config/dotfiles/zsh/.zshenv ro,relatime master:74 - ext4 /dev/sdc3 rw,data=ordered
mountid=1167 fsname=/flo/workspaces/config/dotfiles/zsh/.zshenv dir=/home/flo/workspaces/config/dotfiles/zsh/.zshenv fstype=ext4
Mounting read-only /home/flo/.local/lib
1168 614 8:35 /flo/.local/lib /home/flo/.local/lib ro,relatime master:74 - ext4 /dev/sdc3 rw,data=ordered
mountid=1168 fsname=/flo/.local/lib dir=/home/flo/.local/lib fstype=ext4
Mounting read-only /home/flo/workspaces/config/dotfiles/tmux/.tmux.conf
1169 614 8:35 /flo/workspaces/config/dotfiles/tmux/.tmux.conf /home/flo/workspaces/config/dotfiles/tmux/.tmux.conf ro,relatime master:74 - ext4 /dev/sdc3 rw,data=ordered
mountid=1169 fsname=/flo/workspaces/config/dotfiles/tmux/.tmux.conf dir=/home/flo/workspaces/config/dotfiles/tmux/.tmux.conf fstype=ext4
Mounting read-only /home/flo/bin
1170 614 8:35 /flo/bin /home/flo/bin ro,relatime master:74 - ext4 /dev/sdc3 rw,data=ordered
mountid=1170 fsname=/flo/bin dir=/home/flo/bin fstype=ext4
Mounting read-only /home/flo/.local/bin
1171 614 8:35 /flo/.local/bin /home/flo/.local/bin ro,relatime master:74 - ext4 /dev/sdc3 rw,data=ordered
mountid=1171 fsname=/flo/.local/bin dir=/home/flo/.local/bin fstype=ext4
Mounting read-only /home/flo/.config/menus
1172 614 8:35 /flo/.config/menus /home/flo/.config/menus ro,relatime master:74 - ext4 /dev/sdc3 rw,data=ordered
mountid=1172 fsname=/flo/.config/menus dir=/home/flo/.config/menus fstype=ext4
Mounting read-only /home/flo/.local/share/applications
1173 614 8:35 /flo/.local/share/applications /home/flo/.local/share/applications ro,relatime master:74 - ext4 /dev/sdc3 rw,data=ordered
mountid=1173 fsname=/flo/.local/share/applications dir=/home/flo/.local/share/applications fstype=ext4
Mounting read-only /home/flo/.config/mimeapps.list
1174 614 8:35 /flo/.config/mimeapps.list /home/flo/.config/mimeapps.list ro,relatime master:74 - ext4 /dev/sdc3 rw,data=ordered
mountid=1174 fsname=/flo/.config/mimeapps.list dir=/home/flo/.config/mimeapps.list fstype=ext4
Mounting read-only /home/flo/.config/user-dirs.dirs
1175 614 8:35 /flo/.config/user-dirs.dirs /home/flo/.config/user-dirs.dirs ro,relatime master:74 - ext4 /dev/sdc3 rw,data=ordered
mountid=1175 fsname=/flo/.config/user-dirs.dirs dir=/home/flo/.config/user-dirs.dirs fstype=ext4
Mounting read-only /home/flo/.config/user-dirs.locale
1176 614 8:35 /flo/.config/user-dirs.locale /home/flo/.config/user-dirs.locale ro,relatime master:74 - ext4 /dev/sdc3 rw,data=ordered
mountid=1176 fsname=/flo/.config/user-dirs.locale dir=/home/flo/.config/user-dirs.locale fstype=ext4
Mounting read-only /home/flo/.local/share/mime
1177 614 8:35 /flo/.local/share/mime /home/flo/.local/share/mime ro,relatime master:74 - ext4 /dev/sdc3 rw,data=ordered
mountid=1177 fsname=/flo/.local/share/mime dir=/home/flo/.local/share/mime fstype=ext4
Disable /home/flo/.gnupg
Disable /home/flo/.local/share/keyrings
Disable /home/flo/.netrc
Disable /home/flo/.pki
Disable /home/flo/.local/share/pki
Not blacklist /home/flo/.ssh
Disable /etc/group-
Disable /etc/gshadow
Disable /etc/gshadow-
Disable /etc/passwd-
Disable /etc/shadow
Disable /etc/shadow-
Not blacklist /etc/ssh
Disable /usr/local/sbin
Disable /usr/bin/chage
Disable /usr/bin/chfn
Disable /usr/bin/chsh
Disable /usr/bin/expiry
Disable /usr/bin/fusermount
Disable /usr/bin/gpasswd
Disable /usr/bin/ksu
Disable /usr/bin/mount
Not blacklist /home/flo/.local/share/cargo/bin/nc
Not blacklist /home/flo/bin/nc
Not blacklist /usr/local/bin/nc
Not blacklist /usr/local/sbin/nc
Not blacklist /usr/bin/nc
Not blacklist /home/flo/.config/emacs/bin/nc
Not blacklist /home/flo/.local/bin/nc
Not blacklist /home/flo/workspaces/go/bin/nc
Not blacklist /usr/lib/jvm/default/bin/nc
Not blacklist /usr/bin/site_perl/nc
Not blacklist /usr/bin/vendor_perl/nc
Not blacklist /usr/bin/core_perl/nc
Not blacklist /home/flo/.local/share/cargo/bin/ncat
Not blacklist /home/flo/bin/ncat
Not blacklist /usr/local/bin/ncat
Not blacklist /usr/local/sbin/ncat
Not blacklist /usr/bin/ncat
Not blacklist /home/flo/.config/emacs/bin/ncat
Not blacklist /home/flo/.local/bin/ncat
Not blacklist /home/flo/workspaces/go/bin/ncat
Not blacklist /usr/lib/jvm/default/bin/ncat
Not blacklist /usr/bin/site_perl/ncat
Not blacklist /usr/bin/vendor_perl/ncat
Not blacklist /usr/bin/core_perl/ncat
Disable /usr/bin/newgidmap
Disable /usr/bin/newgrp
Disable /usr/bin/newuidmap
Disable /usr/bin/pkexec
Disable /usr/bin/sg
Disable /usr/bin/strace
Disable /usr/bin/su
Disable /usr/bin/sudo
Disable /usr/bin/umount
Disable /usr/bin/unix_chkpwd
Disable /usr/bin/xev
Disable /usr/bin/xinput
Disable /tmp/tmux-1000
Disable /usr/bin/bwrap
Disable /proc/config.gz
Disable /usr/bin/dig
Disable /usr/bin/dnssec-verify
Disable /usr/bin/dnssec-importkey
Disable /usr/bin/dnssec-settime
Disable /usr/bin/dnssec-cds
Disable /usr/bin/dnssec-keygen
Disable /usr/bin/dnssec-dsfromkey
Disable /usr/bin/dnssec-keyfromlabel
Disable /usr/bin/dnssec-keymgr
Disable /usr/bin/dnssec-coverage
Disable /usr/bin/dnssec-checkds
Disable /usr/bin/dnssec-revoke
Disable /usr/bin/dnssec-signzone
Disable /usr/bin/drill
Disable /usr/bin/host
Disable /usr/bin/ldns-walk
Disable /usr/bin/ldns-key2ds
Disable /usr/bin/ldns-verify-zone
Disable /usr/bin/ldns-zsplit
Disable /usr/bin/ldns-compare-zones
Disable /usr/bin/ldns-notify
Disable /usr/bin/ldns-signzone
Disable /usr/bin/ldns-mx
Disable /usr/bin/ldns-update
Disable /usr/bin/ldns-read-zone
Disable /usr/bin/ldns-gen-zone
Disable /usr/bin/ldns-zcat
Disable /usr/bin/ldns-revoke
Disable /usr/bin/ldns-testns
Disable /usr/bin/ldns-chaos
Disable /usr/bin/ldns-keygen
Disable /usr/bin/ldns-keyfetcher
Disable /usr/bin/ldns-dpa
Disable /usr/bin/ldns-dane
Disable /usr/bin/ldns-resolver
Disable /usr/bin/ldns-nsec3-hash
Disable /usr/bin/ldns-test-edns
Disable /usr/bin/ldns-rrsig
Disable /usr/bin/ldns-version
Disable /usr/bin/ldns-config
Disable /usr/bin/ldnsd
Disable /usr/bin/nslookup
Disable /usr/bin/resolvectl
Mounting noexec /home/flo
1283 1256 0:24 /firejail/firejail.ro.dir /home/flo/.local/share/pki rw,nosuid,nodev,relatime master:14 - tmpfs run rw,mode=755,inode64
mountid=1283 fsname=/firejail/firejail.ro.dir dir=/home/flo/.local/share/pki fstype=tmpfs
Mounting noexec /home/flo/Games
1284 1257 8:36 / /home/flo/Games rw,nosuid,nodev,noexec,relatime master:76 - ext4 /dev/sdc4 rw,data=ordered
mountid=1284 fsname=/ dir=/home/flo/Games fstype=ext4
Mounting noexec /home/flo/.Xauthority
1285 1262 8:35 /flo/.Xauthority /home/flo/.Xauthority ro,nosuid,nodev,noexec,relatime master:74 - ext4 /dev/sdc3 rw,data=ordered
mountid=1285 fsname=/flo/.Xauthority dir=/home/flo/.Xauthority fstype=ext4
Mounting noexec /home/flo/.cache/ksycoca5_de_3bfqV_5h66ra3Jc0EfFGvi3iH8A=
1286 1263 8:35 /flo/.cache/ksycoca5_de_3bfqV_5h66ra3Jc0EfFGvi3iH8A= /home/flo/.cache/ksycoca5_de_3bfqV_5h66ra3Jc0EfFGvi3iH8A= ro,nosuid,nodev,noexec,relatime master:74 - ext4 /dev/sdc3 rw,data=ordered
mountid=1286 fsname=/flo/.cache/ksycoca5_de_3bfqV_5h66ra3Jc0EfFGvi3iH8A= dir=/home/flo/.cache/ksycoca5_de_3bfqV_5h66ra3Jc0EfFGvi3iH8A= fstype=ext4
Mounting noexec /home/flo/.config/dconf
1287 1265 8:35 /flo/.config/dconf /home/flo/.config/dconf ro,nosuid,nodev,noexec,relatime master:74 - ext4 /dev/sdc3 rw,data=ordered
mountid=1287 fsname=/flo/.config/dconf dir=/home/flo/.config/dconf fstype=ext4
Mounting noexec /home/flo/workspaces/config/dotfiles/zsh/.zshenv
1288 1268 8:35 /flo/workspaces/config/dotfiles/zsh/.zshenv /home/flo/workspaces/config/dotfiles/zsh/.zshenv ro,nosuid,nodev,noexec,relatime master:74 - ext4 /dev/sdc3 rw,data=ordered
mountid=1288 fsname=/flo/workspaces/config/dotfiles/zsh/.zshenv dir=/home/flo/workspaces/config/dotfiles/zsh/.zshenv fstype=ext4
Mounting noexec /home/flo/.local/lib
1289 1269 8:35 /flo/.local/lib /home/flo/.local/lib ro,nosuid,nodev,noexec,relatime master:74 - ext4 /dev/sdc3 rw,data=ordered
mountid=1289 fsname=/flo/.local/lib dir=/home/flo/.local/lib fstype=ext4
Mounting noexec /home/flo/workspaces/config/dotfiles/tmux/.tmux.conf
1290 1270 8:35 /flo/workspaces/config/dotfiles/tmux/.tmux.conf /home/flo/workspaces/config/dotfiles/tmux/.tmux.conf ro,nosuid,nodev,noexec,relatime master:74 - ext4 /dev/sdc3 rw,data=ordered
mountid=1290 fsname=/flo/workspaces/config/dotfiles/tmux/.tmux.conf dir=/home/flo/workspaces/config/dotfiles/tmux/.tmux.conf fstype=ext4
Mounting noexec /home/flo/bin
1291 1271 8:35 /flo/bin /home/flo/bin ro,nosuid,nodev,noexec,relatime master:74 - ext4 /dev/sdc3 rw,data=ordered
mountid=1291 fsname=/flo/bin dir=/home/flo/bin fstype=ext4
Mounting noexec /home/flo/.local/bin
1292 1272 8:35 /flo/.local/bin /home/flo/.local/bin ro,nosuid,nodev,noexec,relatime master:74 - ext4 /dev/sdc3 rw,data=ordered
mountid=1292 fsname=/flo/.local/bin dir=/home/flo/.local/bin fstype=ext4
Mounting noexec /home/flo/.config/menus
1293 1273 8:35 /flo/.config/menus /home/flo/.config/menus ro,nosuid,nodev,noexec,relatime master:74 - ext4 /dev/sdc3 rw,data=ordered
mountid=1293 fsname=/flo/.config/menus dir=/home/flo/.config/menus fstype=ext4
Mounting noexec /home/flo/.local/share/applications
1294 1274 8:35 /flo/.local/share/applications /home/flo/.local/share/applications ro,nosuid,nodev,noexec,relatime master:74 - ext4 /dev/sdc3 rw,data=ordered
mountid=1294 fsname=/flo/.local/share/applications dir=/home/flo/.local/share/applications fstype=ext4
Mounting noexec /home/flo/.config/mimeapps.list
1295 1275 8:35 /flo/.config/mimeapps.list /home/flo/.config/mimeapps.list ro,nosuid,nodev,noexec,relatime master:74 - ext4 /dev/sdc3 rw,data=ordered
mountid=1295 fsname=/flo/.config/mimeapps.list dir=/home/flo/.config/mimeapps.list fstype=ext4
Mounting noexec /home/flo/.config/user-dirs.dirs
1296 1276 8:35 /flo/.config/user-dirs.dirs /home/flo/.config/user-dirs.dirs ro,nosuid,nodev,noexec,relatime master:74 - ext4 /dev/sdc3 rw,data=ordered
mountid=1296 fsname=/flo/.config/user-dirs.dirs dir=/home/flo/.config/user-dirs.dirs fstype=ext4
Mounting noexec /home/flo/.config/user-dirs.locale
1297 1277 8:35 /flo/.config/user-dirs.locale /home/flo/.config/user-dirs.locale ro,nosuid,nodev,noexec,relatime master:74 - ext4 /dev/sdc3 rw,data=ordered
mountid=1297 fsname=/flo/.config/user-dirs.locale dir=/home/flo/.config/user-dirs.locale fstype=ext4
Mounting noexec /home/flo/.local/share/mime
1298 1278 8:35 /flo/.local/share/mime /home/flo/.local/share/mime ro,nosuid,nodev,noexec,relatime master:74 - ext4 /dev/sdc3 rw,data=ordered
mountid=1298 fsname=/flo/.local/share/mime dir=/home/flo/.local/share/mime fstype=ext4
Mounting noexec /run/user/1000
1303 1299 0:58 /pulse/native /run/user/1000/pulse/native rw,nosuid,nodev,relatime master:368 - tmpfs tmpfs rw,size=1632496k,nr_inodes=408124,mode=700,uid=1000,gid=1000,inode64
mountid=1303 fsname=/pulse/native dir=/run/user/1000/pulse/native fstype=tmpfs
Mounting noexec /run/user/1000/gnupg/d.95o9fuqk3thgmykj8g9w9aio/S.gpg-agent.ssh
1304 1300 0:58 /gnupg/d.95o9fuqk3thgmykj8g9w9aio/S.gpg-agent.ssh /run/user/1000/gnupg/d.95o9fuqk3thgmykj8g9w9aio/S.gpg-agent.ssh rw,nosuid,nodev,noexec,relatime master:368 - tmpfs tmpfs rw,size=1632496k,nr_inodes=408124,mode=700,uid=1000,gid=1000,inode64
mountid=1304 fsname=/gnupg/d.95o9fuqk3thgmykj8g9w9aio/S.gpg-agent.ssh dir=/run/user/1000/gnupg/d.95o9fuqk3thgmykj8g9w9aio/S.gpg-agent.ssh fstype=tmpfs
Mounting noexec /run/user/1000/dconf
1305 1302 0:58 /dconf /run/user/1000/dconf rw,nosuid,nodev,noexec,relatime master:368 - tmpfs tmpfs rw,size=1632496k,nr_inodes=408124,mode=700,uid=1000,gid=1000,inode64
mountid=1305 fsname=/dconf dir=/run/user/1000/dconf fstype=tmpfs
Mounting noexec /run/user/1000/pulse/native
1306 1303 0:58 /pulse/native /run/user/1000/pulse/native rw,nosuid,nodev,noexec,relatime master:368 - tmpfs tmpfs rw,size=1632496k,nr_inodes=408124,mode=700,uid=1000,gid=1000,inode64
mountid=1306 fsname=/pulse/native dir=/run/user/1000/pulse/native fstype=tmpfs
Mounting noexec /dev/shm
1307 638 0:97 /shm /dev/shm rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64
mountid=1307 fsname=/shm dir=/dev/shm fstype=tmpfs
Mounting noexec /tmp
1309 1308 0:24 /firejail/firejail.ro.dir /tmp/tmux-1000 rw,nosuid,nodev,relatime master:14 - tmpfs run rw,mode=755,inode64
mountid=1309 fsname=/firejail/firejail.ro.dir dir=/tmp/tmux-1000 fstype=tmpfs
Disable /home/flo/.config/Bitwarden
Disable /home/flo/.config/KeePass
Disable /home/flo/.config/keepassxc
Disable /home/flo/.local/share/KeePass
Disable /home/flo/.config/Bitwarden
Disable /home/flo/.config/GIMP
Disable /home/flo/.config/Signal
Disable /home/flo/.config/alacritty
Disable /home/flo/.config/chromium
Disable /home/flo/.config/discord
Disable /home/flo/.config/enchant
Disable /home/flo/.config/git
Disable /home/flo/.config/inkscape
Disable /home/flo/.config/libreoffice
Disable /home/flo/.config/lutris
Disable /home/flo/.config/mpd
Disable /home/flo/.config/mpv
Disable /home/flo/.config/nomacs
Disable /home/flo/.config/obs-studio
Disable /home/flo/.config/okularpartrc
Disable /home/flo/.config/okularrc
Disable /home/flo/.config/pavucontrol.ini
Disable /home/flo/.config/ranger
Disable /home/flo/.config/redshift.conf
Disable /home/flo/.config/torbrowser
Disable /home/flo/.config/transmission
Disable /home/flo/.config/vlc
Disable /home/flo/.config/youtube-dl
Disable /home/flo/.config/zathura
Disable /home/flo/.killingfloor
Disable /home/flo/.local/share/3909/PapersPlease
Disable /home/flo/Games/Steam (requested /home/flo/.local/share/Steam)
Disable /home/flo/.local/share/SuperHexagon
Disable /home/flo/.local/share/TelegramDesktop
Disable /home/flo/.local/share/Terraria
Disable /home/flo/.local/share/aspyr-media
Disable /home/flo/.local/share/cdprojektred
Disable /home/flo/.local/share/FasterThanLight
Disable /home/flo/.local/share/feral-interactive
Disable /home/flo/.local/share/IntoTheBreach
Disable /home/flo/.local/share/kxmlgui5/kleopatra
Disable /home/flo/.local/share/lutris
Disable /home/flo/.local/share/nomacs
Disable /home/flo/.local/share/okular
Disable /home/flo/.local/share/Paradox Interactive
Disable /home/flo/.local/share/torbrowser
DISPLAY=:0 parsed as 0
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 04 00 c000003e   jeq ARCH_64 0006 (false 0002)
 0002: 20 00 00 00000000   ld  data.syscall-number
 0003: 15 01 00 00000167   jeq unknown 0005 (false 0004)
 0004: 06 00 00 7fff0000   ret ALLOW
 0005: 05 00 00 00000006   jmp 000c
 0006: 20 00 00 00000004   ld  data.architecture
 0007: 15 01 00 c000003e   jeq ARCH_64 0009 (false 0008)
 0008: 06 00 00 7fff0000   ret ALLOW
 0009: 20 00 00 00000000   ld  data.syscall-number
 000a: 15 01 00 00000029   jeq socket 000c (false 000b)
 000b: 06 00 00 7fff0000   ret ALLOW
 000c: 20 00 00 00000010   ld  data.args[0]
 000d: 15 00 01 00000001   jeq 1 000e (false 000f)
 000e: 06 00 00 7fff0000   ret ALLOW
 000f: 15 00 01 00000002   jeq 2 0010 (false 0011)
 0010: 06 00 00 7fff0000   ret ALLOW
 0011: 15 00 01 0000000a   jeq a 0012 (false 0013)
 0012: 06 00 00 7fff0000   ret ALLOW
 0013: 06 00 00 0005005f   ret ERRNO(95)
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 40000003   jeq ARCH_32 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 15 00 01 00000015   jeq 15 0005 (false 0006)
 0005: 06 00 00 00000001   ret KILL
 0006: 15 00 01 00000034   jeq 34 0007 (false 0008)
 0007: 06 00 00 00000001   ret KILL
 0008: 15 00 01 0000001a   jeq 1a 0009 (false 000a)
 0009: 06 00 00 00000001   ret KILL
 000a: 15 00 01 0000011b   jeq 11b 000b (false 000c)
 000b: 06 00 00 00000001   ret KILL
 000c: 15 00 01 00000155   jeq 155 000d (false 000e)
 000d: 06 00 00 00000001   ret KILL
 000e: 15 00 01 00000156   jeq 156 000f (false 0010)
 000f: 06 00 00 00000001   ret KILL
 0010: 15 00 01 0000007f   jeq 7f 0011 (false 0012)
 0011: 06 00 00 00000001   ret KILL
 0012: 15 00 01 00000080   jeq 80 0013 (false 0014)
 0013: 06 00 00 00000001   ret KILL
 0014: 15 00 01 0000015e   jeq 15e 0015 (false 0016)
 0015: 06 00 00 00000001   ret KILL
 0016: 15 00 01 00000081   jeq 81 0017 (false 0018)
 0017: 06 00 00 00000001   ret KILL
 0018: 15 00 01 0000006e   jeq 6e 0019 (false 001a)
 0019: 06 00 00 00000001   ret KILL
 001a: 15 00 01 00000065   jeq 65 001b (false 001c)
 001b: 06 00 00 00000001   ret KILL
 001c: 15 00 01 00000121   jeq 121 001d (false 001e)
 001d: 06 00 00 00000001   ret KILL
 001e: 15 00 01 00000057   jeq 57 001f (false 0020)
 001f: 06 00 00 00000001   ret KILL
 0020: 15 00 01 00000073   jeq 73 0021 (false 0022)
 0021: 06 00 00 00000001   ret KILL
 0022: 15 00 01 00000067   jeq 67 0023 (false 0024)
 0023: 06 00 00 00000001   ret KILL
 0024: 15 00 01 0000015b   jeq 15b 0025 (false 0026)
 0025: 06 00 00 00000001   ret KILL
 0026: 15 00 01 0000015c   jeq 15c 0027 (false 0028)
 0027: 06 00 00 00000001   ret KILL
 0028: 15 00 01 00000087   jeq 87 0029 (false 002a)
 0029: 06 00 00 00000001   ret KILL
 002a: 15 00 01 00000095   jeq 95 002b (false 002c)
 002b: 06 00 00 00000001   ret KILL
 002c: 15 00 01 0000007c   jeq 7c 002d (false 002e)
 002d: 06 00 00 00000001   ret KILL
 002e: 15 00 01 00000157   jeq 157 002f (false 0030)
 002f: 06 00 00 00000001   ret KILL
 0030: 15 00 01 000000fd   jeq fd 0031 (false 0032)
 0031: 06 00 00 00000001   ret KILL
 0032: 15 00 01 00000150   jeq 150 0033 (false 0034)
 0033: 06 00 00 00000001   ret KILL
 0034: 15 00 01 00000152   jeq 152 0035 (false 0036)
 0035: 06 00 00 00000001   ret KILL
 0036: 15 00 01 0000015d   jeq 15d 0037 (false 0038)
 0037: 06 00 00 00000001   ret KILL
 0038: 15 00 01 0000011e   jeq 11e 0039 (false 003a)
 0039: 06 00 00 00000001   ret KILL
 003a: 15 00 01 0000011f   jeq 11f 003b (false 003c)
 003b: 06 00 00 00000001   ret KILL
 003c: 15 00 01 00000120   jeq 120 003d (false 003e)
 003d: 06 00 00 00000001   ret KILL
 003e: 15 00 01 00000056   jeq 56 003f (false 0040)
 003f: 06 00 00 00000001   ret KILL
 0040: 15 00 01 00000033   jeq 33 0041 (false 0042)
 0041: 06 00 00 00000001   ret KILL
 0042: 15 00 01 0000007b   jeq 7b 0043 (false 0044)
 0043: 06 00 00 00000001   ret KILL
 0044: 15 00 01 000000d9   jeq d9 0045 (false 0046)
 0045: 06 00 00 00000001   ret KILL
 0046: 15 00 01 000000f5   jeq f5 0047 (false 0048)
 0047: 06 00 00 00000001   ret KILL
 0048: 15 00 01 000000f6   jeq f6 0049 (false 004a)
 0049: 06 00 00 00000001   ret KILL
 004a: 15 00 01 000000f7   jeq f7 004b (false 004c)
 004b: 06 00 00 00000001   ret KILL
 004c: 15 00 01 000000f8   jeq f8 004d (false 004e)
 004d: 06 00 00 00000001   ret KILL
 004e: 15 00 01 000000f9   jeq f9 004f (false 0050)
 004f: 06 00 00 00000001   ret KILL
 0050: 15 00 01 00000101   jeq 101 0051 (false 0052)
 0051: 06 00 00 00000001   ret KILL
 0052: 15 00 01 00000112   jeq 112 0053 (false 0054)
 0053: 06 00 00 00000001   ret KILL
 0054: 15 00 01 00000114   jeq 114 0055 (false 0056)
 0055: 06 00 00 00000001   ret KILL
 0056: 15 00 01 00000126   jeq 126 0057 (false 0058)
 0057: 06 00 00 00000001   ret KILL
 0058: 15 00 01 0000013d   jeq 13d 0059 (false 005a)
 0059: 06 00 00 00000001   ret KILL
 005a: 15 00 01 0000013c   jeq 13c 005b (false 005c)
 005b: 06 00 00 00000001   ret KILL
 005c: 15 00 01 0000003d   jeq 3d 005d (false 005e)
 005d: 06 00 00 00000001   ret KILL
 005e: 15 00 01 00000058   jeq 58 005f (false 0060)
 005f: 06 00 00 00000001   ret KILL
 0060: 15 00 01 000000a9   jeq a9 0061 (false 0062)
 0061: 06 00 00 00000001   ret KILL
 0062: 15 00 01 00000082   jeq 82 0063 (false 0064)
 0063: 06 00 00 00000001   ret KILL
 0064: 06 00 00 7fff0000   ret ALLOW
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 35 01 00 40000000   jge X32_ABI 0006 (false 0005)
 0005: 35 01 00 00000000   jge read 0007 (false 0006)
 0006: 06 00 00 00050001   ret ERRNO(1)
 0007: 15 00 01 0000009f   jeq adjtimex 0008 (false 0009)
 0008: 06 00 00 00000001   ret KILL
 0009: 15 00 01 00000131   jeq clock_adjtime 000a (false 000b)
 000a: 06 00 00 00000001   ret KILL
 000b: 15 00 01 000000e3   jeq clock_settime 000c (false 000d)
 000c: 06 00 00 00000001   ret KILL
 000d: 15 00 01 000000a4   jeq settimeofday 000e (false 000f)
 000e: 06 00 00 00000001   ret KILL
 000f: 15 00 01 0000009a   jeq modify_ldt 0010 (false 0011)
 0010: 06 00 00 00000001   ret KILL
 0011: 15 00 01 000000d4   jeq lookup_dcookie 0012 (false 0013)
 0012: 06 00 00 00000001   ret KILL
 0013: 15 00 01 0000012a   jeq perf_event_open 0014 (false 0015)
 0014: 06 00 00 00000001   ret KILL
 0015: 15 00 01 00000137   jeq process_vm_writev 0016 (false 0017)
 0016: 06 00 00 00000001   ret KILL
 0017: 15 00 01 000000b0   jeq delete_module 0018 (false 0019)
 0018: 06 00 00 00000001   ret KILL
 0019: 15 00 01 00000139   jeq finit_module 001a (false 001b)
 001a: 06 00 00 00000001   ret KILL
 001b: 15 00 01 000000af   jeq init_module 001c (false 001d)
 001c: 06 00 00 00000001   ret KILL
 001d: 15 00 01 000000a1   jeq chroot 001e (false 001f)
 001e: 06 00 00 00000001   ret KILL
 001f: 15 00 01 000000a5   jeq mount 0020 (false 0021)
 0020: 06 00 00 00000001   ret KILL
 0021: 15 00 01 0000009b   jeq pivot_root 0022 (false 0023)
 0022: 06 00 00 00000001   ret KILL
 0023: 15 00 01 000000a6   jeq umount2 0024 (false 0025)
 0024: 06 00 00 00000001   ret KILL
 0025: 15 00 01 0000009c   jeq _sysctl 0026 (false 0027)
 0026: 06 00 00 00000001   ret KILL
 0027: 15 00 01 000000b7   jeq afs_syscall 0028 (false 0029)
 0028: 06 00 00 00000001   ret KILL
 0029: 15 00 01 000000ae   jeq create_module 002a (false 002b)
 002a: 06 00 00 00000001   ret KILL
 002b: 15 00 01 000000b1   jeq get_kernel_syms 002c (false 002d)
 002c: 06 00 00 00000001   ret KILL
 002d: 15 00 01 000000b5   jeq getpmsg 002e (false 002f)
 002e: 06 00 00 00000001   ret KILL
 002f: 15 00 01 000000b6   jeq putpmsg 0030 (false 0031)
 0030: 06 00 00 00000001   ret KILL
 0031: 15 00 01 000000b2   jeq query_module 0032 (false 0033)
 0032: 06 00 00 00000001   ret KILL
 0033: 15 00 01 000000b9   jeq security 0034 (false 0035)
 0034: 06 00 00 00000001   ret KILL
 0035: 15 00 01 0000008b   jeq sysfs 0036 (false 0037)
 0036: 06 00 00 00000001   ret KILL
 0037: 15 00 01 000000b8   jeq tuxcall 0038 (false 0039)
 0038: 06 00 00 00000001   ret KILL
 0039: 15 00 01 00000086   jeq uselib 003a (false 003b)
 003a: 06 00 00 00000001   ret KILL
 003b: 15 00 01 00000088   jeq ustat 003c (false 003d)
 003c: 06 00 00 00000001   ret KILL
 003d: 15 00 01 000000ec   jeq vserver 003e (false 003f)
 003e: 06 00 00 00000001   ret KILL
 003f: 15 00 01 000000ad   jeq ioperm 0040 (false 0041)
 0040: 06 00 00 00000001   ret KILL
 0041: 15 00 01 000000ac   jeq iopl 0042 (false 0043)
 0042: 06 00 00 00000001   ret KILL
 0043: 15 00 01 000000f6   jeq kexec_load 0044 (false 0045)
 0044: 06 00 00 00000001   ret KILL
 0045: 15 00 01 00000140   jeq kexec_file_load 0046 (false 0047)
 0046: 06 00 00 00000001   ret KILL
 0047: 15 00 01 000000a9   jeq reboot 0048 (false 0049)
 0048: 06 00 00 00000001   ret KILL
 0049: 15 00 01 000000a7   jeq swapon 004a (false 004b)
 004a: 06 00 00 00000001   ret KILL
 004b: 15 00 01 000000a8   jeq swapoff 004c (false 004d)
 004c: 06 00 00 00000001   ret KILL
 004d: 15 00 01 00000130   jeq open_by_handle_at 004e (false 004f)
 004e: 06 00 00 00000001   ret KILL
 004f: 15 00 01 0000012f   jeq name_to_handle_at 0050 (false 0051)
 0050: 06 00 00 00000001   ret KILL
 0051: 15 00 01 000000fb   jeq ioprio_set 0052 (false 0053)
 0052: 06 00 00 00000001   ret KILL
 0053: 15 00 01 00000067   jeq syslog 0054 (false 0055)
 0054: 06 00 00 00000001   ret KILL
 0055: 15 00 01 0000012c   jeq fanotify_init 0056 (false 0057)
 0056: 06 00 00 00000001   ret KILL
 0057: 15 00 01 00000138   jeq kcmp 0058 (false 0059)
 0058: 06 00 00 00000001   ret KILL
 0059: 15 00 01 000000f8   jeq add_key 005a (false 005b)
 005a: 06 00 00 00000001   ret KILL
 005b: 15 00 01 000000f9   jeq request_key 005c (false 005d)
 005c: 06 00 00 00000001   ret KILL
 005d: 15 00 01 000000ed   jeq mbind 005e (false 005f)
 005e: 06 00 00 00000001   ret KILL
 005f: 15 00 01 00000100   jeq migrate_pages 0060 (false 0061)
 0060: 06 00 00 00000001   ret KILL
 0061: 15 00 01 00000117   jeq move_pages 0062 (false 0063)
 0062: 06 00 00 00000001   ret KILL
 0063: 15 00 01 000000fa   jeq keyctl 0064 (false 0065)
 0064: 06 00 00 00000001   ret KILL
 0065: 15 00 01 000000ce   jeq io_setup 0066 (false 0067)
 0066: 06 00 00 00000001   ret KILL
 0067: 15 00 01 000000cf   jeq io_destroy 0068 (false 0069)
 0068: 06 00 00 00000001   ret KILL
 0069: 15 00 01 000000d0   jeq io_getevents 006a (false 006b)
 006a: 06 00 00 00000001   ret KILL
 006b: 15 00 01 000000d1   jeq io_submit 006c (false 006d)
 006c: 06 00 00 00000001   ret KILL
 006d: 15 00 01 000000d2   jeq io_cancel 006e (false 006f)
 006e: 06 00 00 00000001   ret KILL
 006f: 15 00 01 000000d8   jeq remap_file_pages 0070 (false 0071)
 0070: 06 00 00 00000001   ret KILL
 0071: 15 00 01 00000143   jeq userfaultfd 0072 (false 0073)
 0072: 06 00 00 00000001   ret KILL
 0073: 15 00 01 000000a3   jeq acct 0074 (false 0075)
 0074: 06 00 00 00000001   ret KILL
 0075: 15 00 01 00000141   jeq bpf 0076 (false 0077)
 0076: 06 00 00 00000001   ret KILL
 0077: 15 00 01 000000b4   jeq nfsservctl 0078 (false 0079)
 0078: 06 00 00 00000001   ret KILL
 0079: 15 00 01 000000ab   jeq setdomainname 007a (false 007b)
 007a: 06 00 00 00000001   ret KILL
 007b: 15 00 01 000000aa   jeq sethostname 007c (false 007d)
 007c: 06 00 00 00000001   ret KILL
 007d: 15 00 01 00000099   jeq vhangup 007e (false 007f)
 007e: 06 00 00 00000001   ret KILL
 007f: 15 00 01 00000065   jeq ptrace 0080 (false 0081)
 0080: 06 00 00 00000001   ret KILL
 0081: 15 00 01 00000087   jeq personality 0082 (false 0083)
 0082: 06 00 00 00000001   ret KILL
 0083: 15 00 01 00000136   jeq process_vm_readv 0084 (false 0085)
 0084: 06 00 00 00000001   ret KILL
 0085: 06 00 00 7fff0000   ret ALLOW
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 35 01 00 40000000   jge X32_ABI 0006 (false 0005)
 0005: 35 01 00 00000000   jge read 0007 (false 0006)
 0006: 06 00 00 00050001   ret ERRNO(1)
 0007: 15 00 05 00000009   jeq mmap 0008 (false 000d)
 0008: 20 00 00 00000020   ld  data.args[10]
 0009: 54 00 00 00000006   and 00000006
 000a: 15 00 01 00000006   jeq 6 000b (false 000c)
 000b: 06 00 00 00000001   ret KILL
 000c: 06 00 00 7fff0000   ret ALLOW
 000d: 15 00 05 0000000a   jeq a 000e (false 0013)
 000e: 20 00 00 00000020   ld  data.args[10]
 000f: 54 00 00 00000004   and 00000004
 0010: 15 00 01 00000004   jeq 4 0011 (false 0012)
 0011: 06 00 00 00000001   ret KILL
 0012: 06 00 00 7fff0000   ret ALLOW
 0013: 15 00 05 00000149   jeq 149 0014 (false 0019)
 0014: 20 00 00 00000020   ld  data.args[10]
 0015: 54 00 00 00000004   and 00000004
 0016: 15 00 01 00000004   jeq 4 0017 (false 0018)
 0017: 06 00 00 00000001   ret KILL
 0018: 06 00 00 7fff0000   ret ALLOW
 0019: 15 00 05 0000001e   jeq 1e 001a (false 001f)
 001a: 20 00 00 00000020   ld  data.args[10]
 001b: 54 00 00 00008000   and 00008000
 001c: 15 00 01 00008000   jeq 8000 001d (false 001e)
 001d: 06 00 00 00000001   ret KILL
 001e: 06 00 00 7fff0000   ret ALLOW
 001f: 15 00 01 0000013f   jeq 13f 0020 (false 0021)
 0020: 06 00 00 00000001   ret KILL
 0021: 06 00 00 7fff0000   ret ALLOW
 0022: 06 00 00 7fff0000   ret ALLOW
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 40000003   jeq ARCH_32 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 15 00 01 0000005a   jeq 5a 0005 (false 0006)
 0005: 06 00 00 00000001   ret KILL
 0006: 15 00 05 000000c0   jeq c0 0007 (false 000c)
 0007: 20 00 00 00000020   ld  data.args[10]
 0008: 54 00 00 00000006   and 00000006
 0009: 15 00 01 00000006   jeq 6 000a (false 000b)
 000a: 06 00 00 00000001   ret KILL
 000b: 06 00 00 7fff0000   ret ALLOW
 000c: 15 00 05 0000007d   jeq 7d 000d (false 0012)
 000d: 20 00 00 00000020   ld  data.args[10]
 000e: 54 00 00 00000004   and 00000004
 000f: 15 00 01 00000004   jeq 4 0010 (false 0011)
 0010: 06 00 00 00000001   ret KILL
 0011: 06 00 00 7fff0000   ret ALLOW
 0012: 15 00 05 0000017c   jeq 17c 0013 (false 0018)
 0013: 20 00 00 00000020   ld  data.args[10]
 0014: 54 00 00 00000004   and 00000004
 0015: 15 00 01 00000004   jeq 4 0016 (false 0017)
 0016: 06 00 00 00000001   ret KILL
 0017: 06 00 00 7fff0000   ret ALLOW
 0018: 15 00 05 0000018d   jeq 18d 0019 (false 001e)
 0019: 20 00 00 00000020   ld  data.args[10]
 001a: 54 00 00 00008000   and 00008000
 001b: 15 00 01 00008000   jeq 8000 001c (false 001d)
 001c: 06 00 00 00000001   ret KILL
 001d: 06 00 00 7fff0000   ret ALLOW
 001e: 15 00 01 00000164   jeq 164 001f (false 0020)
 001f: 06 00 00 00000001   ret KILL
 0020: 06 00 00 7fff0000   ret ALLOW
 0021: 06 00 00 7fff0000   ret ALLOW
Disable /home/flo/.local/share/vlc
Disable /home/flo/.local/share/vpltd
Disable /home/flo/.local/share/vulkan
Disable /home/flo/.local/share/zathura
Disable /home/flo/.mbwarband
Disable /home/flo/.mozilla
Disable /home/flo/.paradoxinteractive
Disable /home/flo/.purple
Disable /home/flo/.pylint.d
Disable /home/flo/.steam
Disable /home/flo/.surf
Disable /home/flo/.tor-browser
Not blacklist /tmp/ssh-*
Disable /home/flo/.cache/Zeal
Disable /home/flo/.cache/babl
Disable /home/flo/.cache/chromium
Disable /home/flo/.cache/fractal
Disable /home/flo/.cache/gegl-0.4
Disable /home/flo/.cache/gimp
Disable /home/flo/.cache/inkscape
Disable /home/flo/.cache/keepassxc
Disable /home/flo/.cache/lutris
Disable /home/flo/.cache/mozilla
Disable /home/flo/.cache/pip
Disable /home/flo/.cache/transmission
Disable /home/flo/.cache/winetricks
Disable /home/flo/.cache/youtube-dl
Mounting tmpfs on /home/flo/.cache, check owner: yes
1382 1256 0:103 / /home/flo/.cache rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,mode=755,uid=1000,gid=1000,inode64
mountid=1382 fsname=/ dir=/home/flo/.cache fstype=tmpfs
Disable /sys/fs
Disable /sys/module
disable pulseaudio
blacklist /home/flo/.config/pulse
blacklist /run/user/1000/pulse/native
blacklist /run/user/1000/pulse
Create the new ld.so.preload file
Mount the new ld.so.preload file
Current directory: /home/flo
Install protocol filter: unix,inet,inet6
configuring 20 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol
sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol 
configuring 101 seccomp entries in /run/firejail/mnt/seccomp/seccomp.32
sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.32 
Dual 32/64 bit seccomp filter configured
configuring 134 seccomp entries in /run/firejail/mnt/seccomp/seccomp
sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp 
seccomp filter configured
Install memory write&execute filter
configuring 35 seccomp entries in /run/firejail/mnt/seccomp/seccomp.mdwx
sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.mdwx 
configuring 34 seccomp entries in /run/firejail/mnt/seccomp/seccomp.mdwx.32
sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.mdwx.32 
Mounting read-only /run/firejail/mnt/seccomp
1389 599 0:88 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755,inode64
mountid=1389 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs
Seccomp directory:
ls /run/firejail/mnt/seccomp
drwxr-xr-x root     root             200 .
drwxr-xr-x root     root             360 ..
-rw-r--r-- flo      flo             1072 seccomp
-rw-r--r-- flo      flo              808 seccomp.32
-rw-r--r-- flo      flo              195 seccomp.list
-rw-r--r-- flo      flo              280 seccomp.mdwx
-rw-r--r-- flo      flo              272 seccomp.mdwx.32
-rw-r--r-- flo      flo                0 seccomp.postexec
-rw-r--r-- flo      flo                0 seccomp.postexec32
-rw-r--r-- flo      flo              160 seccomp.protocol
Active seccomp files:
cat /run/firejail/mnt/seccomp/seccomp.list
/run/firejail/mnt/seccomp/seccomp.protocol
/run/firejail/mnt/seccomp/seccomp.32
/run/firejail/mnt/seccomp/seccomp
/run/firejail/mnt/seccomp/seccomp.mdwx
/run/firejail/mnt/seccomp/seccomp.mdwx.32
Dropping all capabilities
NO_NEW_PRIVS set
Drop privileges: pid 1, uid 1000, gid 1000, nogroups 1
No supplementary groups

...... output of server snipped out ........

Connection to host closed.
Found disable-common.inc profile in /etc/firejail directory
Found disable-exec.inc profile in /etc/firejail directory
Found disable-passwdmgr.inc profile in /etc/firejail directory
Found disable-programs.inc profile in /etc/firejail directory
Found whitelist-usr-share-common.inc profile in /etc/firejail directory
Found whitelist-runuser-common.inc profile in /etc/firejail directory
Enabling IPC namespace
Using the local network stack
Originally created by @Lesstat on GitHub (Feb 7, 2021). Original GitHub issue: https://github.com/netblue30/firejail/issues/3954 **Bug and expected behavior** If I try to connect to a host via ssh for which proxyjump is configured in the `.ssh/config` file, my configured ssh-agent is not used and I get asked for a password every time. After entering the password for the ssh-key, I get connected fine. I use a custom ssh-agent socket location as in #3884 and the fix suggested in that issues helps for hosts without configured proxyjump. I expect the ssh-agent to be used even for a proxyjump host. **No profile and disabling firejail** - What changed calling `firejail --noprofile /path/to/program` in a terminal? When running `firejail --noprofile ssh host`: The password is asked twice. - What changed calling the program by path (check `which <program>` or `firejail --list` while the sandbox is running)? When running `/usr/bin/ssh host`: I am logged in without needing to type a password **Reproduce** Steps to reproduce the behavior: 1. With ssh-agent running and listening on a non-default socket location… 2. Install Firejail 3. Run sudo firecfg 4. ssh-add your key if it's not already loaded 5. In a bash terminal, try to ssh to a host that has proxyjump set up **Environment** - Linux distribution and version (ie output of `lsb_release -a`, `screenfetch` or `cat /etc/os-release`) - Archlinux - Firejail version (output of `firejail --version`) exclusive or used git commit (`git rev-parse HEAD`) - firejail version 0.9.64.2 Compile time support: - AppArmor support is enabled - AppImage support is enabled - chroot support is enabled - D-BUS proxy support is enabled - file and directory whitelisting support is enabled - file transfer support is enabled - firetunnel support is enabled - networking support is enabled - overlayfs support is enabled - private-home support is enabled - SELinux support is disabled - user namespace support is enabled - X11 sandboxing support is enabled **Additional context** I use the gpg-agent as ssh-agent on a non default location. The gpg-agent does not run inside firejail. Both the host and the proxyjump can be accessed with the same ssh key. **Checklist** - [ ] The profile (and redirect profile if exists) hasn't already been fixed [upstream](https://github.com/netblue30/firejail/tree/master/etc). - [X] The program has a profile. (If not, request one in `https://github.com/netblue30/firejail/issues/1139`) - [X] I have performed a short search for similar issues (to avoid opening a duplicate). - [ ] If it is a AppImage, `--profile=PROFILENAME` is used to set the right profile. - [X] Used `LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 PROGRAM` to get english error-messages. - [X] I'm aware of `browser-allow-drm yes`/`browser-disable-u2f no` in `firejail.config` to allow DRM/U2F in browsers. <details><summary> debug output </summary> ``` OUTPUT OF `firejail --debug PROGRAM` Reading profile /home/flo/.config/firejail/ssh.profile Autoselecting /bin/zsh as shell Building quoted command line: 'ssh' 'host' Command name #ssh# Found ssh.profile profile in /home/flo/.config/firejail directory DISPLAY=:0 parsed as 0 Debug 456: new_name #/run/user/1000/gnupg/d.95o9fuqk3thgmykj8g9w9aio/S.gpg-agent.ssh#, whitelist Debug 456: new_name #/run/user/1000/gnupg/S.gpg-agent.ssh#, whitelist Found disable-common.inc profile in /etc/firejail directory Found disable-exec.inc profile in /etc/firejail directory Found disable-passwdmgr.inc profile in /etc/firejail directory Found disable-programs.inc profile in /etc/firejail directory Found whitelist-usr-share-common.inc profile in /etc/firejail directory Found whitelist-runuser-common.inc profile in /etc/firejail directory Enabling IPC namespace Using the local network stack Initializing child process PID namespace installed Mounting tmpfs on /run/firejail/mnt directory Creating empty /run/firejail/mnt/seccomp directory Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file Build protocol filter: unix,inet,inet6 sbox run: /run/firejail/lib/fseccomp protocol build unix,inet,inet6 /run/firejail/mnt/seccomp/seccomp.protocol Mounting /proc filesystem representing the PID namespace Basic read-only filesystem: Mounting read-only /etc 602 558 8:2 /etc /etc ro,relatime master:1 - ext4 /dev/sda2 rw mountid=602 fsname=/etc dir=/etc fstype=ext4 Mounting noexec /etc 603 602 8:2 /etc /etc ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/sda2 rw mountid=603 fsname=/etc dir=/etc fstype=ext4 Mounting read-only /var 604 558 8:2 /var /var ro,relatime master:1 - ext4 /dev/sda2 rw mountid=604 fsname=/var dir=/var fstype=ext4 Mounting noexec /var 605 604 8:2 /var /var ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/sda2 rw mountid=605 fsname=/var dir=/var fstype=ext4 Mounting read-only /usr 606 558 8:2 /usr /usr ro,relatime master:1 - ext4 /dev/sda2 rw mountid=606 fsname=/usr dir=/usr fstype=ext4 Mounting tmpfs on /var/lock Mounting tmpfs on /var/tmp Mounting tmpfs on /var/log Create the new utmp file Mount the new utmp file Cleaning /home directory Cleaning /run/user directory Sanitizing /etc/passwd, UID_MIN 1000 Sanitizing /etc/group, GID_MIN 1000 Disable /home/flo/.config/firejail Disable /run/firejail/network Disable /run/firejail/bandwidth Disable /run/firejail/name Disable /run/firejail/profile Disable /run/firejail/x11 Disable /run/firejail/appimage Mounting tmpfs on /dev mounting /run/firejail/mnt/dev/hidraw0 file mounting /run/firejail/mnt/dev/hidraw1 file mounting /run/firejail/mnt/dev/hidraw2 file mounting /run/firejail/mnt/dev/hidraw3 file mounting /run/firejail/mnt/dev/usb directory Process /dev/shm directory Creating empty /run/firejail/mnt/dbus directory Creating empty /run/firejail/mnt/dbus/user file blacklist /run/user/1000/bus Creating empty /run/firejail/mnt/dbus/system file blacklist /run/dbus/system_bus_socket blacklist /run/firejail/dbus Mounting read-only /proc/sys Remounting /sys directory Disable /sys/firmware Disable /sys/hypervisor Disable /sys/power Disable /sys/kernel/debug Disable /sys/kernel/vmcoreinfo Disable /proc/sys/fs/binfmt_misc Disable /proc/sys/kernel/core_pattern Disable /proc/sys/kernel/modprobe Disable /proc/sysrq-trigger Disable /proc/sys/vm/panic_on_oom Disable /proc/irq Disable /proc/bus Disable /proc/sched_debug Disable /proc/timer_list Disable /proc/kcore Disable /proc/kallsyms Disable /usr/lib/modules (requested /lib/modules) Disable /boot Disable /proc/kmsg Replaced whitelist path: whitelist /run/user/1000/gnupg/d.95o9fuqk3thgmykj8g9w9aio/S.gpg-agent.ssh Removed whitelist/nowhitelist path: whitelist ${RUNUSER}/gnupg/S.gpg-agent.ssh expanded: /run/user/1000/gnupg/S.gpg-agent.ssh real path: (null) realpath: No such file or directory Debug 456: new_name #/run/user/1000/keyring/ssh#, whitelist Removed whitelist/nowhitelist path: whitelist ${RUNUSER}/keyring/ssh expanded: /run/user/1000/keyring/ssh real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/alsa#, whitelist Debug 456: new_name #/usr/share/applications#, whitelist Debug 456: new_name #/usr/share/ca-certificates#, whitelist Debug 456: new_name #/usr/share/crypto-policies#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/crypto-policies expanded: /usr/share/crypto-policies real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/cursors#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/cursors expanded: /usr/share/cursors real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/dconf#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/dconf expanded: /usr/share/dconf real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/distro-info#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/distro-info expanded: /usr/share/distro-info real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/drirc.d#, whitelist Debug 456: new_name #/usr/share/enchant#, whitelist Debug 456: new_name #/usr/share/enchant-2#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/enchant-2 expanded: /usr/share/enchant-2 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/file#, whitelist Debug 456: new_name #/usr/share/fontconfig#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/fontconfig expanded: /usr/share/fontconfig real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/fonts#, whitelist Debug 456: new_name #/usr/share/fonts-config#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/fonts-config expanded: /usr/share/fonts-config real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/gir-1.0#, whitelist Debug 456: new_name #/usr/share/gjs-1.0#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/gjs-1.0 expanded: /usr/share/gjs-1.0 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/glib-2.0#, whitelist Debug 456: new_name #/usr/share/glvnd#, whitelist Debug 456: new_name #/usr/share/gtk-2.0#, whitelist Debug 456: new_name #/usr/share/gtk-3.0#, whitelist Debug 456: new_name #/usr/share/gtk-engines#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/gtk-engines expanded: /usr/share/gtk-engines real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/gtksourceview-3.0#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/gtksourceview-3.0 expanded: /usr/share/gtksourceview-3.0 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/gtksourceview-4#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/gtksourceview-4 expanded: /usr/share/gtksourceview-4 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/hunspell#, whitelist Debug 456: new_name #/usr/share/hwdata#, whitelist Debug 456: new_name #/usr/share/icons#, whitelist Debug 456: new_name #/usr/share/icu#, whitelist Debug 456: new_name #/usr/share/knotifications5#, whitelist Debug 456: new_name #/usr/share/kservices5#, whitelist Debug 456: new_name #/usr/share/Kvantum#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/Kvantum expanded: /usr/share/Kvantum real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/kxmlgui5#, whitelist Debug 456: new_name #/usr/share/libdrm#, whitelist Debug 456: new_name #/usr/share/libthai#, whitelist Debug 456: new_name #/usr/share/locale#, whitelist Debug 456: new_name #/usr/share/mime#, whitelist Debug 456: new_name #/usr/share/misc#, whitelist Debug 456: new_name #/usr/share/Modules#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/Modules expanded: /usr/share/Modules real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/myspell#, whitelist Debug 456: new_name #/usr/share/p11-kit#, whitelist Debug 456: new_name #/usr/share/perl#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/perl expanded: /usr/share/perl real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/perl5#, whitelist Debug 456: new_name #/usr/share/pixmaps#, whitelist Debug 456: new_name #/usr/share/pki#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/pki expanded: /usr/share/pki real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/plasma#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/plasma expanded: /usr/share/plasma real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/publicsuffix#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/publicsuffix expanded: /usr/share/publicsuffix real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/qt#, whitelist Debug 456: new_name #/usr/share/qt4#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/qt4 expanded: /usr/share/qt4 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/qt5#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/qt5 expanded: /usr/share/qt5 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/qt5ct#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/qt5ct expanded: /usr/share/qt5ct real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/sounds#, whitelist Debug 456: new_name #/usr/share/tcl8.6#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/tcl8.6 expanded: /usr/share/tcl8.6 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/tcltk#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/tcltk expanded: /usr/share/tcltk real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/terminfo#, whitelist Debug 456: new_name #/usr/share/texlive#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/texlive expanded: /usr/share/texlive real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/texmf#, whitelist Debug 456: new_name #/usr/share/themes#, whitelist Debug 456: new_name #/usr/share/thumbnail.so#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/thumbnail.so expanded: /usr/share/thumbnail.so real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/vulkan#, whitelist Debug 456: new_name #/usr/share/X11#, whitelist Debug 456: new_name #/usr/share/xml#, whitelist Debug 456: new_name #/usr/share/zenity#, whitelist Debug 456: new_name #/usr/share/zoneinfo#, whitelist Debug 456: new_name #/run/user/1000/bus#, whitelist Debug 456: new_name #/run/user/1000/dconf#, whitelist Debug 456: new_name #/run/user/1000/gdm/Xauthority#, whitelist Replaced whitelist path: whitelist /run/user/1000/bus Replaced whitelist path: whitelist /run/user/1000/dconf Removed whitelist/nowhitelist path: whitelist ${RUNUSER}/gdm/Xauthority expanded: /run/user/1000/gdm/Xauthority real path: (null) realpath: No such file or directory Debug 456: new_name #/run/user/1000/ICEauthority#, whitelist Removed whitelist/nowhitelist path: whitelist ${RUNUSER}/ICEauthority expanded: /run/user/1000/ICEauthority real path: (null) realpath: No such file or directory Debug 456: new_name #/run/user/1000/.mutter-Xwaylandauth.*#, whitelist Removed whitelist/nowhitelist path: whitelist ${RUNUSER}/.mutter-Xwaylandauth.* expanded: /run/user/1000/.mutter-Xwaylandauth.* real path: (null) realpath: No such file or directory Debug 456: new_name #/run/user/1000/pulse/native#, whitelist Debug 456: new_name #/run/user/1000/wayland-0#, whitelist Replaced whitelist path: whitelist /run/user/1000/pulse/native Removed whitelist/nowhitelist path: whitelist ${RUNUSER}/wayland-0 expanded: /run/user/1000/wayland-0 real path: (null) realpath: No such file or directory Debug 456: new_name #/run/user/1000/wayland-1#, whitelist Removed whitelist/nowhitelist path: whitelist ${RUNUSER}/wayland-1 expanded: /run/user/1000/wayland-1 real path: (null) realpath: No such file or directory Debug 456: new_name #/run/user/1000/xauth_*#, whitelist Removed whitelist/nowhitelist path: whitelist ${RUNUSER}/xauth_* expanded: /run/user/1000/xauth_* real path: (null) realpath: No such file or directory Mounting tmpfs on /usr/share directory Mounting tmpfs on /run/user/1000 directory Whitelisting /run/user/1000/gnupg/d.95o9fuqk3thgmykj8g9w9aio/S.gpg-agent.ssh 998 997 0:58 /gnupg/d.95o9fuqk3thgmykj8g9w9aio/S.gpg-agent.ssh /run/user/1000/gnupg/d.95o9fuqk3thgmykj8g9w9aio/S.gpg-agent.ssh rw,nosuid,nodev,relatime master:368 - tmpfs tmpfs rw,size=1632496k,nr_inodes=408124,mode=700,uid=1000,gid=1000,inode64 mountid=998 fsname=/gnupg/d.95o9fuqk3thgmykj8g9w9aio/S.gpg-agent.ssh dir=/run/user/1000/gnupg/d.95o9fuqk3thgmykj8g9w9aio/S.gpg-agent.ssh fstype=tmpfs Whitelisting /usr/share/alsa 1000 588 8:2 /usr/share/alsa /usr/share/alsa ro,relatime master:1 - ext4 /dev/sda2 rw mountid=1000 fsname=/usr/share/alsa dir=/usr/share/alsa fstype=ext4 Whitelisting /usr/share/applications 1001 588 8:2 /usr/share/applications /usr/share/applications ro,relatime master:1 - ext4 /dev/sda2 rw mountid=1001 fsname=/usr/share/applications dir=/usr/share/applications fstype=ext4 Whitelisting /usr/share/ca-certificates 1002 588 8:2 /usr/share/ca-certificates /usr/share/ca-certificates ro,relatime master:1 - ext4 /dev/sda2 rw mountid=1002 fsname=/usr/share/ca-certificates dir=/usr/share/ca-certificates fstype=ext4 Whitelisting /usr/share/drirc.d 1003 588 8:2 /usr/share/drirc.d /usr/share/drirc.d ro,relatime master:1 - ext4 /dev/sda2 rw mountid=1003 fsname=/usr/share/drirc.d dir=/usr/share/drirc.d fstype=ext4 Whitelisting /usr/share/enchant 1004 588 8:2 /usr/share/enchant /usr/share/enchant ro,relatime master:1 - ext4 /dev/sda2 rw mountid=1004 fsname=/usr/share/enchant dir=/usr/share/enchant fstype=ext4 Whitelisting /usr/share/file 1005 588 8:2 /usr/share/file /usr/share/file ro,relatime master:1 - ext4 /dev/sda2 rw mountid=1005 fsname=/usr/share/file dir=/usr/share/file fstype=ext4 Whitelisting /usr/share/fonts 1007 588 8:2 /usr/share/fonts /usr/share/fonts ro,relatime master:1 - ext4 /dev/sda2 rw mountid=1007 fsname=/usr/share/fonts dir=/usr/share/fonts fstype=ext4 Whitelisting /usr/share/gir-1.0 1008 588 8:2 /usr/share/gir-1.0 /usr/share/gir-1.0 ro,relatime master:1 - ext4 /dev/sda2 rw mountid=1008 fsname=/usr/share/gir-1.0 dir=/usr/share/gir-1.0 fstype=ext4 Whitelisting /usr/share/glib-2.0 1009 588 8:2 /usr/share/glib-2.0 /usr/share/glib-2.0 ro,relatime master:1 - ext4 /dev/sda2 rw mountid=1009 fsname=/usr/share/glib-2.0 dir=/usr/share/glib-2.0 fstype=ext4 Whitelisting /usr/share/glvnd 1010 588 8:2 /usr/share/glvnd /usr/share/glvnd ro,relatime master:1 - ext4 /dev/sda2 rw mountid=1010 fsname=/usr/share/glvnd dir=/usr/share/glvnd fstype=ext4 Whitelisting /usr/share/gtk-2.0 1011 588 8:2 /usr/share/gtk-2.0 /usr/share/gtk-2.0 ro,relatime master:1 - ext4 /dev/sda2 rw mountid=1011 fsname=/usr/share/gtk-2.0 dir=/usr/share/gtk-2.0 fstype=ext4 Whitelisting /usr/share/gtk-3.0 1012 588 8:2 /usr/share/gtk-3.0 /usr/share/gtk-3.0 ro,relatime master:1 - ext4 /dev/sda2 rw mountid=1012 fsname=/usr/share/gtk-3.0 dir=/usr/share/gtk-3.0 fstype=ext4 Whitelisting /usr/share/hunspell 1013 588 8:2 /usr/share/hunspell /usr/share/hunspell ro,relatime master:1 - ext4 /dev/sda2 rw mountid=1013 fsname=/usr/share/hunspell dir=/usr/share/hunspell fstype=ext4 Whitelisting /usr/share/hwdata 1014 588 8:2 /usr/share/hwdata /usr/share/hwdata ro,relatime master:1 - ext4 /dev/sda2 rw mountid=1014 fsname=/usr/share/hwdata dir=/usr/share/hwdata fstype=ext4 Whitelisting /usr/share/icons 1015 588 8:2 /usr/share/icons /usr/share/icons ro,relatime master:1 - ext4 /dev/sda2 rw mountid=1015 fsname=/usr/share/icons dir=/usr/share/icons fstype=ext4 Whitelisting /usr/share/icu 1016 588 8:2 /usr/share/icu /usr/share/icu ro,relatime master:1 - ext4 /dev/sda2 rw mountid=1016 fsname=/usr/share/icu dir=/usr/share/icu fstype=ext4 Whitelisting /usr/share/knotifications5 1017 588 8:2 /usr/share/knotifications5 /usr/share/knotifications5 ro,relatime master:1 - ext4 /dev/sda2 rw mountid=1017 fsname=/usr/share/knotifications5 dir=/usr/share/knotifications5 fstype=ext4 Whitelisting /usr/share/kservices5 1018 588 8:2 /usr/share/kservices5 /usr/share/kservices5 ro,relatime master:1 - ext4 /dev/sda2 rw mountid=1018 fsname=/usr/share/kservices5 dir=/usr/share/kservices5 fstype=ext4 Whitelisting /usr/share/kxmlgui5 1019 588 8:2 /usr/share/kxmlgui5 /usr/share/kxmlgui5 ro,relatime master:1 - ext4 /dev/sda2 rw mountid=1019 fsname=/usr/share/kxmlgui5 dir=/usr/share/kxmlgui5 fstype=ext4 Whitelisting /usr/share/libdrm 1020 588 8:2 /usr/share/libdrm /usr/share/libdrm ro,relatime master:1 - ext4 /dev/sda2 rw mountid=1020 fsname=/usr/share/libdrm dir=/usr/share/libdrm fstype=ext4 Whitelisting /usr/share/libthai 1021 588 8:2 /usr/share/libthai /usr/share/libthai ro,relatime master:1 - ext4 /dev/sda2 rw mountid=1021 fsname=/usr/share/libthai dir=/usr/share/libthai fstype=ext4 Whitelisting /usr/share/locale 1028 588 8:2 /usr/share/locale /usr/share/locale ro,relatime master:1 - ext4 /dev/sda2 rw mountid=1028 fsname=/usr/share/locale dir=/usr/share/locale fstype=ext4 Whitelisting /usr/share/mime 1029 588 8:2 /usr/share/mime /usr/share/mime ro,relatime master:1 - ext4 /dev/sda2 rw mountid=1029 fsname=/usr/share/mime dir=/usr/share/mime fstype=ext4 Whitelisting /usr/share/misc 1030 588 8:2 /usr/share/misc /usr/share/misc ro,relatime master:1 - ext4 /dev/sda2 rw mountid=1030 fsname=/usr/share/misc dir=/usr/share/misc fstype=ext4 Whitelisting /usr/share/myspell 1083 588 8:2 /usr/share/myspell /usr/share/myspell ro,relatime master:1 - ext4 /dev/sda2 rw mountid=1083 fsname=/usr/share/myspell dir=/usr/share/myspell fstype=ext4 Whitelisting /usr/share/p11-kit 1117 588 8:2 /usr/share/p11-kit /usr/share/p11-kit ro,relatime master:1 - ext4 /dev/sda2 rw mountid=1117 fsname=/usr/share/p11-kit dir=/usr/share/p11-kit fstype=ext4 Whitelisting /usr/share/perl5 1121 588 8:2 /usr/share/perl5 /usr/share/perl5 ro,relatime master:1 - ext4 /dev/sda2 rw mountid=1121 fsname=/usr/share/perl5 dir=/usr/share/perl5 fstype=ext4 Whitelisting /usr/share/pixmaps 1122 588 8:2 /usr/share/pixmaps /usr/share/pixmaps ro,relatime master:1 - ext4 /dev/sda2 rw mountid=1122 fsname=/usr/share/pixmaps dir=/usr/share/pixmaps fstype=ext4 Whitelisting /usr/share/qt 1123 588 8:2 /usr/share/qt /usr/share/qt ro,relatime master:1 - ext4 /dev/sda2 rw mountid=1123 fsname=/usr/share/qt dir=/usr/share/qt fstype=ext4 Whitelisting /usr/share/sounds 1124 588 8:2 /usr/share/sounds /usr/share/sounds ro,relatime master:1 - ext4 /dev/sda2 rw mountid=1124 fsname=/usr/share/sounds dir=/usr/share/sounds fstype=ext4 Whitelisting /usr/share/terminfo 1125 588 8:2 /usr/share/terminfo /usr/share/terminfo ro,relatime master:1 - ext4 /dev/sda2 rw mountid=1125 fsname=/usr/share/terminfo dir=/usr/share/terminfo fstype=ext4 Whitelisting /usr/share/texmf 1126 588 8:2 /usr/share/texmf /usr/share/texmf ro,relatime master:1 - ext4 /dev/sda2 rw mountid=1126 fsname=/usr/share/texmf dir=/usr/share/texmf fstype=ext4 Whitelisting /usr/share/themes 1127 588 8:2 /usr/share/themes /usr/share/themes ro,relatime master:1 - ext4 /dev/sda2 rw mountid=1127 fsname=/usr/share/themes dir=/usr/share/themes fstype=ext4 Whitelisting /usr/share/vulkan 1128 588 8:2 /usr/share/vulkan /usr/share/vulkan ro,relatime master:1 - ext4 /dev/sda2 rw mountid=1128 fsname=/usr/share/vulkan dir=/usr/share/vulkan fstype=ext4 Whitelisting /usr/share/X11 1129 588 8:2 /usr/share/X11 /usr/share/X11 ro,relatime master:1 - ext4 /dev/sda2 rw mountid=1129 fsname=/usr/share/X11 dir=/usr/share/X11 fstype=ext4 Whitelisting /usr/share/xml 1130 588 8:2 /usr/share/xml /usr/share/xml ro,relatime master:1 - ext4 /dev/sda2 rw mountid=1130 fsname=/usr/share/xml dir=/usr/share/xml fstype=ext4 Whitelisting /usr/share/zenity 1131 588 8:2 /usr/share/zenity /usr/share/zenity ro,relatime master:1 - ext4 /dev/sda2 rw mountid=1131 fsname=/usr/share/zenity dir=/usr/share/zenity fstype=ext4 Whitelisting /usr/share/zoneinfo 1132 588 8:2 /usr/share/zoneinfo /usr/share/zoneinfo ro,relatime master:1 - ext4 /dev/sda2 rw mountid=1132 fsname=/usr/share/zoneinfo dir=/usr/share/zoneinfo fstype=ext4 Whitelisting /run/user/1000/bus 1133 997 0:24 /firejail/firejail.ro.file /run/user/1000/bus rw,nosuid,nodev,relatime master:14 - tmpfs run rw,mode=755,inode64 mountid=1133 fsname=/firejail/firejail.ro.file dir=/run/user/1000/bus fstype=tmpfs Whitelisting /run/user/1000/dconf 1134 997 0:58 /dconf /run/user/1000/dconf rw,nosuid,nodev,relatime master:368 - tmpfs tmpfs rw,size=1632496k,nr_inodes=408124,mode=700,uid=1000,gid=1000,inode64 mountid=1134 fsname=/dconf dir=/run/user/1000/dconf fstype=tmpfs Whitelisting /run/user/1000/pulse/native 1135 997 0:58 /pulse/native /run/user/1000/pulse/native rw,nosuid,nodev,relatime master:368 - tmpfs tmpfs rw,size=1632496k,nr_inodes=408124,mode=700,uid=1000,gid=1000,inode64 mountid=1135 fsname=/pulse/native dir=/run/user/1000/pulse/native fstype=tmpfs Disable /home/flo/.bash_history Disable /home/flo/.calc_history Disable /home/flo/workspaces/config/dotfiles/i3/.config/i3 (requested /home/flo/.config/i3) Disable /etc/xdg/autostart Mounting read-only /home/flo/.Xauthority 1142 614 8:35 /flo/.Xauthority /home/flo/.Xauthority ro,relatime master:74 - ext4 /dev/sdc3 rw,data=ordered mountid=1142 fsname=/flo/.Xauthority dir=/home/flo/.Xauthority fstype=ext4 Mounting read-only /home/flo/.cache/ksycoca5_de_3bfqV_5h66ra3Jc0EfFGvi3iH8A= 1143 614 8:35 /flo/.cache/ksycoca5_de_3bfqV_5h66ra3Jc0EfFGvi3iH8A= /home/flo/.cache/ksycoca5_de_3bfqV_5h66ra3Jc0EfFGvi3iH8A= ro,relatime master:74 - ext4 /dev/sdc3 rw,data=ordered mountid=1143 fsname=/flo/.cache/ksycoca5_de_3bfqV_5h66ra3Jc0EfFGvi3iH8A= dir=/home/flo/.cache/ksycoca5_de_3bfqV_5h66ra3Jc0EfFGvi3iH8A= fstype=ext4 Disable /home/flo/.local/share/gvfs-metadata Mounting read-only /home/flo/.config/dconf 1145 614 8:35 /flo/.config/dconf /home/flo/.config/dconf ro,relatime master:74 - ext4 /dev/sdc3 rw,data=ordered mountid=1145 fsname=/flo/.config/dconf dir=/home/flo/.config/dconf fstype=ext4 Disable /home/flo/.config/systemd Disable /home/flo/.local/share/systemd Disable /var/lib/systemd Disable /usr/bin/systemd-run Disable /var/cache/pacman Disable /var/lib/pacman Disable /var/lib/upower Disable /var/spool/mail (requested /var/mail) Disable /var/opt Disable /var/spool/mail Disable /etc/cron.daily Disable /etc/cron.monthly Disable /etc/cron.weekly Disable /etc/cron.hourly Disable /etc/profile.d Disable /etc/kernel Disable /etc/apparmor.d Disable /etc/apparmor Disable /etc/modules-load.d Disable /etc/logrotate.conf Disable /etc/logrotate.d Mounting read-only /home/flo/workspaces/config/dotfiles/zsh/.zshenv 1167 614 8:35 /flo/workspaces/config/dotfiles/zsh/.zshenv /home/flo/workspaces/config/dotfiles/zsh/.zshenv ro,relatime master:74 - ext4 /dev/sdc3 rw,data=ordered mountid=1167 fsname=/flo/workspaces/config/dotfiles/zsh/.zshenv dir=/home/flo/workspaces/config/dotfiles/zsh/.zshenv fstype=ext4 Mounting read-only /home/flo/.local/lib 1168 614 8:35 /flo/.local/lib /home/flo/.local/lib ro,relatime master:74 - ext4 /dev/sdc3 rw,data=ordered mountid=1168 fsname=/flo/.local/lib dir=/home/flo/.local/lib fstype=ext4 Mounting read-only /home/flo/workspaces/config/dotfiles/tmux/.tmux.conf 1169 614 8:35 /flo/workspaces/config/dotfiles/tmux/.tmux.conf /home/flo/workspaces/config/dotfiles/tmux/.tmux.conf ro,relatime master:74 - ext4 /dev/sdc3 rw,data=ordered mountid=1169 fsname=/flo/workspaces/config/dotfiles/tmux/.tmux.conf dir=/home/flo/workspaces/config/dotfiles/tmux/.tmux.conf fstype=ext4 Mounting read-only /home/flo/bin 1170 614 8:35 /flo/bin /home/flo/bin ro,relatime master:74 - ext4 /dev/sdc3 rw,data=ordered mountid=1170 fsname=/flo/bin dir=/home/flo/bin fstype=ext4 Mounting read-only /home/flo/.local/bin 1171 614 8:35 /flo/.local/bin /home/flo/.local/bin ro,relatime master:74 - ext4 /dev/sdc3 rw,data=ordered mountid=1171 fsname=/flo/.local/bin dir=/home/flo/.local/bin fstype=ext4 Mounting read-only /home/flo/.config/menus 1172 614 8:35 /flo/.config/menus /home/flo/.config/menus ro,relatime master:74 - ext4 /dev/sdc3 rw,data=ordered mountid=1172 fsname=/flo/.config/menus dir=/home/flo/.config/menus fstype=ext4 Mounting read-only /home/flo/.local/share/applications 1173 614 8:35 /flo/.local/share/applications /home/flo/.local/share/applications ro,relatime master:74 - ext4 /dev/sdc3 rw,data=ordered mountid=1173 fsname=/flo/.local/share/applications dir=/home/flo/.local/share/applications fstype=ext4 Mounting read-only /home/flo/.config/mimeapps.list 1174 614 8:35 /flo/.config/mimeapps.list /home/flo/.config/mimeapps.list ro,relatime master:74 - ext4 /dev/sdc3 rw,data=ordered mountid=1174 fsname=/flo/.config/mimeapps.list dir=/home/flo/.config/mimeapps.list fstype=ext4 Mounting read-only /home/flo/.config/user-dirs.dirs 1175 614 8:35 /flo/.config/user-dirs.dirs /home/flo/.config/user-dirs.dirs ro,relatime master:74 - ext4 /dev/sdc3 rw,data=ordered mountid=1175 fsname=/flo/.config/user-dirs.dirs dir=/home/flo/.config/user-dirs.dirs fstype=ext4 Mounting read-only /home/flo/.config/user-dirs.locale 1176 614 8:35 /flo/.config/user-dirs.locale /home/flo/.config/user-dirs.locale ro,relatime master:74 - ext4 /dev/sdc3 rw,data=ordered mountid=1176 fsname=/flo/.config/user-dirs.locale dir=/home/flo/.config/user-dirs.locale fstype=ext4 Mounting read-only /home/flo/.local/share/mime 1177 614 8:35 /flo/.local/share/mime /home/flo/.local/share/mime ro,relatime master:74 - ext4 /dev/sdc3 rw,data=ordered mountid=1177 fsname=/flo/.local/share/mime dir=/home/flo/.local/share/mime fstype=ext4 Disable /home/flo/.gnupg Disable /home/flo/.local/share/keyrings Disable /home/flo/.netrc Disable /home/flo/.pki Disable /home/flo/.local/share/pki Not blacklist /home/flo/.ssh Disable /etc/group- Disable /etc/gshadow Disable /etc/gshadow- Disable /etc/passwd- Disable /etc/shadow Disable /etc/shadow- Not blacklist /etc/ssh Disable /usr/local/sbin Disable /usr/bin/chage Disable /usr/bin/chfn Disable /usr/bin/chsh Disable /usr/bin/expiry Disable /usr/bin/fusermount Disable /usr/bin/gpasswd Disable /usr/bin/ksu Disable /usr/bin/mount Not blacklist /home/flo/.local/share/cargo/bin/nc Not blacklist /home/flo/bin/nc Not blacklist /usr/local/bin/nc Not blacklist /usr/local/sbin/nc Not blacklist /usr/bin/nc Not blacklist /home/flo/.config/emacs/bin/nc Not blacklist /home/flo/.local/bin/nc Not blacklist /home/flo/workspaces/go/bin/nc Not blacklist /usr/lib/jvm/default/bin/nc Not blacklist /usr/bin/site_perl/nc Not blacklist /usr/bin/vendor_perl/nc Not blacklist /usr/bin/core_perl/nc Not blacklist /home/flo/.local/share/cargo/bin/ncat Not blacklist /home/flo/bin/ncat Not blacklist /usr/local/bin/ncat Not blacklist /usr/local/sbin/ncat Not blacklist /usr/bin/ncat Not blacklist /home/flo/.config/emacs/bin/ncat Not blacklist /home/flo/.local/bin/ncat Not blacklist /home/flo/workspaces/go/bin/ncat Not blacklist /usr/lib/jvm/default/bin/ncat Not blacklist /usr/bin/site_perl/ncat Not blacklist /usr/bin/vendor_perl/ncat Not blacklist /usr/bin/core_perl/ncat Disable /usr/bin/newgidmap Disable /usr/bin/newgrp Disable /usr/bin/newuidmap Disable /usr/bin/pkexec Disable /usr/bin/sg Disable /usr/bin/strace Disable /usr/bin/su Disable /usr/bin/sudo Disable /usr/bin/umount Disable /usr/bin/unix_chkpwd Disable /usr/bin/xev Disable /usr/bin/xinput Disable /tmp/tmux-1000 Disable /usr/bin/bwrap Disable /proc/config.gz Disable /usr/bin/dig Disable /usr/bin/dnssec-verify Disable /usr/bin/dnssec-importkey Disable /usr/bin/dnssec-settime Disable /usr/bin/dnssec-cds Disable /usr/bin/dnssec-keygen Disable /usr/bin/dnssec-dsfromkey Disable /usr/bin/dnssec-keyfromlabel Disable /usr/bin/dnssec-keymgr Disable /usr/bin/dnssec-coverage Disable /usr/bin/dnssec-checkds Disable /usr/bin/dnssec-revoke Disable /usr/bin/dnssec-signzone Disable /usr/bin/drill Disable /usr/bin/host Disable /usr/bin/ldns-walk Disable /usr/bin/ldns-key2ds Disable /usr/bin/ldns-verify-zone Disable /usr/bin/ldns-zsplit Disable /usr/bin/ldns-compare-zones Disable /usr/bin/ldns-notify Disable /usr/bin/ldns-signzone Disable /usr/bin/ldns-mx Disable /usr/bin/ldns-update Disable /usr/bin/ldns-read-zone Disable /usr/bin/ldns-gen-zone Disable /usr/bin/ldns-zcat Disable /usr/bin/ldns-revoke Disable /usr/bin/ldns-testns Disable /usr/bin/ldns-chaos Disable /usr/bin/ldns-keygen Disable /usr/bin/ldns-keyfetcher Disable /usr/bin/ldns-dpa Disable /usr/bin/ldns-dane Disable /usr/bin/ldns-resolver Disable /usr/bin/ldns-nsec3-hash Disable /usr/bin/ldns-test-edns Disable /usr/bin/ldns-rrsig Disable /usr/bin/ldns-version Disable /usr/bin/ldns-config Disable /usr/bin/ldnsd Disable /usr/bin/nslookup Disable /usr/bin/resolvectl Mounting noexec /home/flo 1283 1256 0:24 /firejail/firejail.ro.dir /home/flo/.local/share/pki rw,nosuid,nodev,relatime master:14 - tmpfs run rw,mode=755,inode64 mountid=1283 fsname=/firejail/firejail.ro.dir dir=/home/flo/.local/share/pki fstype=tmpfs Mounting noexec /home/flo/Games 1284 1257 8:36 / /home/flo/Games rw,nosuid,nodev,noexec,relatime master:76 - ext4 /dev/sdc4 rw,data=ordered mountid=1284 fsname=/ dir=/home/flo/Games fstype=ext4 Mounting noexec /home/flo/.Xauthority 1285 1262 8:35 /flo/.Xauthority /home/flo/.Xauthority ro,nosuid,nodev,noexec,relatime master:74 - ext4 /dev/sdc3 rw,data=ordered mountid=1285 fsname=/flo/.Xauthority dir=/home/flo/.Xauthority fstype=ext4 Mounting noexec /home/flo/.cache/ksycoca5_de_3bfqV_5h66ra3Jc0EfFGvi3iH8A= 1286 1263 8:35 /flo/.cache/ksycoca5_de_3bfqV_5h66ra3Jc0EfFGvi3iH8A= /home/flo/.cache/ksycoca5_de_3bfqV_5h66ra3Jc0EfFGvi3iH8A= ro,nosuid,nodev,noexec,relatime master:74 - ext4 /dev/sdc3 rw,data=ordered mountid=1286 fsname=/flo/.cache/ksycoca5_de_3bfqV_5h66ra3Jc0EfFGvi3iH8A= dir=/home/flo/.cache/ksycoca5_de_3bfqV_5h66ra3Jc0EfFGvi3iH8A= fstype=ext4 Mounting noexec /home/flo/.config/dconf 1287 1265 8:35 /flo/.config/dconf /home/flo/.config/dconf ro,nosuid,nodev,noexec,relatime master:74 - ext4 /dev/sdc3 rw,data=ordered mountid=1287 fsname=/flo/.config/dconf dir=/home/flo/.config/dconf fstype=ext4 Mounting noexec /home/flo/workspaces/config/dotfiles/zsh/.zshenv 1288 1268 8:35 /flo/workspaces/config/dotfiles/zsh/.zshenv /home/flo/workspaces/config/dotfiles/zsh/.zshenv ro,nosuid,nodev,noexec,relatime master:74 - ext4 /dev/sdc3 rw,data=ordered mountid=1288 fsname=/flo/workspaces/config/dotfiles/zsh/.zshenv dir=/home/flo/workspaces/config/dotfiles/zsh/.zshenv fstype=ext4 Mounting noexec /home/flo/.local/lib 1289 1269 8:35 /flo/.local/lib /home/flo/.local/lib ro,nosuid,nodev,noexec,relatime master:74 - ext4 /dev/sdc3 rw,data=ordered mountid=1289 fsname=/flo/.local/lib dir=/home/flo/.local/lib fstype=ext4 Mounting noexec /home/flo/workspaces/config/dotfiles/tmux/.tmux.conf 1290 1270 8:35 /flo/workspaces/config/dotfiles/tmux/.tmux.conf /home/flo/workspaces/config/dotfiles/tmux/.tmux.conf ro,nosuid,nodev,noexec,relatime master:74 - ext4 /dev/sdc3 rw,data=ordered mountid=1290 fsname=/flo/workspaces/config/dotfiles/tmux/.tmux.conf dir=/home/flo/workspaces/config/dotfiles/tmux/.tmux.conf fstype=ext4 Mounting noexec /home/flo/bin 1291 1271 8:35 /flo/bin /home/flo/bin ro,nosuid,nodev,noexec,relatime master:74 - ext4 /dev/sdc3 rw,data=ordered mountid=1291 fsname=/flo/bin dir=/home/flo/bin fstype=ext4 Mounting noexec /home/flo/.local/bin 1292 1272 8:35 /flo/.local/bin /home/flo/.local/bin ro,nosuid,nodev,noexec,relatime master:74 - ext4 /dev/sdc3 rw,data=ordered mountid=1292 fsname=/flo/.local/bin dir=/home/flo/.local/bin fstype=ext4 Mounting noexec /home/flo/.config/menus 1293 1273 8:35 /flo/.config/menus /home/flo/.config/menus ro,nosuid,nodev,noexec,relatime master:74 - ext4 /dev/sdc3 rw,data=ordered mountid=1293 fsname=/flo/.config/menus dir=/home/flo/.config/menus fstype=ext4 Mounting noexec /home/flo/.local/share/applications 1294 1274 8:35 /flo/.local/share/applications /home/flo/.local/share/applications ro,nosuid,nodev,noexec,relatime master:74 - ext4 /dev/sdc3 rw,data=ordered mountid=1294 fsname=/flo/.local/share/applications dir=/home/flo/.local/share/applications fstype=ext4 Mounting noexec /home/flo/.config/mimeapps.list 1295 1275 8:35 /flo/.config/mimeapps.list /home/flo/.config/mimeapps.list ro,nosuid,nodev,noexec,relatime master:74 - ext4 /dev/sdc3 rw,data=ordered mountid=1295 fsname=/flo/.config/mimeapps.list dir=/home/flo/.config/mimeapps.list fstype=ext4 Mounting noexec /home/flo/.config/user-dirs.dirs 1296 1276 8:35 /flo/.config/user-dirs.dirs /home/flo/.config/user-dirs.dirs ro,nosuid,nodev,noexec,relatime master:74 - ext4 /dev/sdc3 rw,data=ordered mountid=1296 fsname=/flo/.config/user-dirs.dirs dir=/home/flo/.config/user-dirs.dirs fstype=ext4 Mounting noexec /home/flo/.config/user-dirs.locale 1297 1277 8:35 /flo/.config/user-dirs.locale /home/flo/.config/user-dirs.locale ro,nosuid,nodev,noexec,relatime master:74 - ext4 /dev/sdc3 rw,data=ordered mountid=1297 fsname=/flo/.config/user-dirs.locale dir=/home/flo/.config/user-dirs.locale fstype=ext4 Mounting noexec /home/flo/.local/share/mime 1298 1278 8:35 /flo/.local/share/mime /home/flo/.local/share/mime ro,nosuid,nodev,noexec,relatime master:74 - ext4 /dev/sdc3 rw,data=ordered mountid=1298 fsname=/flo/.local/share/mime dir=/home/flo/.local/share/mime fstype=ext4 Mounting noexec /run/user/1000 1303 1299 0:58 /pulse/native /run/user/1000/pulse/native rw,nosuid,nodev,relatime master:368 - tmpfs tmpfs rw,size=1632496k,nr_inodes=408124,mode=700,uid=1000,gid=1000,inode64 mountid=1303 fsname=/pulse/native dir=/run/user/1000/pulse/native fstype=tmpfs Mounting noexec /run/user/1000/gnupg/d.95o9fuqk3thgmykj8g9w9aio/S.gpg-agent.ssh 1304 1300 0:58 /gnupg/d.95o9fuqk3thgmykj8g9w9aio/S.gpg-agent.ssh /run/user/1000/gnupg/d.95o9fuqk3thgmykj8g9w9aio/S.gpg-agent.ssh rw,nosuid,nodev,noexec,relatime master:368 - tmpfs tmpfs rw,size=1632496k,nr_inodes=408124,mode=700,uid=1000,gid=1000,inode64 mountid=1304 fsname=/gnupg/d.95o9fuqk3thgmykj8g9w9aio/S.gpg-agent.ssh dir=/run/user/1000/gnupg/d.95o9fuqk3thgmykj8g9w9aio/S.gpg-agent.ssh fstype=tmpfs Mounting noexec /run/user/1000/dconf 1305 1302 0:58 /dconf /run/user/1000/dconf rw,nosuid,nodev,noexec,relatime master:368 - tmpfs tmpfs rw,size=1632496k,nr_inodes=408124,mode=700,uid=1000,gid=1000,inode64 mountid=1305 fsname=/dconf dir=/run/user/1000/dconf fstype=tmpfs Mounting noexec /run/user/1000/pulse/native 1306 1303 0:58 /pulse/native /run/user/1000/pulse/native rw,nosuid,nodev,noexec,relatime master:368 - tmpfs tmpfs rw,size=1632496k,nr_inodes=408124,mode=700,uid=1000,gid=1000,inode64 mountid=1306 fsname=/pulse/native dir=/run/user/1000/pulse/native fstype=tmpfs Mounting noexec /dev/shm 1307 638 0:97 /shm /dev/shm rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64 mountid=1307 fsname=/shm dir=/dev/shm fstype=tmpfs Mounting noexec /tmp 1309 1308 0:24 /firejail/firejail.ro.dir /tmp/tmux-1000 rw,nosuid,nodev,relatime master:14 - tmpfs run rw,mode=755,inode64 mountid=1309 fsname=/firejail/firejail.ro.dir dir=/tmp/tmux-1000 fstype=tmpfs Disable /home/flo/.config/Bitwarden Disable /home/flo/.config/KeePass Disable /home/flo/.config/keepassxc Disable /home/flo/.local/share/KeePass Disable /home/flo/.config/Bitwarden Disable /home/flo/.config/GIMP Disable /home/flo/.config/Signal Disable /home/flo/.config/alacritty Disable /home/flo/.config/chromium Disable /home/flo/.config/discord Disable /home/flo/.config/enchant Disable /home/flo/.config/git Disable /home/flo/.config/inkscape Disable /home/flo/.config/libreoffice Disable /home/flo/.config/lutris Disable /home/flo/.config/mpd Disable /home/flo/.config/mpv Disable /home/flo/.config/nomacs Disable /home/flo/.config/obs-studio Disable /home/flo/.config/okularpartrc Disable /home/flo/.config/okularrc Disable /home/flo/.config/pavucontrol.ini Disable /home/flo/.config/ranger Disable /home/flo/.config/redshift.conf Disable /home/flo/.config/torbrowser Disable /home/flo/.config/transmission Disable /home/flo/.config/vlc Disable /home/flo/.config/youtube-dl Disable /home/flo/.config/zathura Disable /home/flo/.killingfloor Disable /home/flo/.local/share/3909/PapersPlease Disable /home/flo/Games/Steam (requested /home/flo/.local/share/Steam) Disable /home/flo/.local/share/SuperHexagon Disable /home/flo/.local/share/TelegramDesktop Disable /home/flo/.local/share/Terraria Disable /home/flo/.local/share/aspyr-media Disable /home/flo/.local/share/cdprojektred Disable /home/flo/.local/share/FasterThanLight Disable /home/flo/.local/share/feral-interactive Disable /home/flo/.local/share/IntoTheBreach Disable /home/flo/.local/share/kxmlgui5/kleopatra Disable /home/flo/.local/share/lutris Disable /home/flo/.local/share/nomacs Disable /home/flo/.local/share/okular Disable /home/flo/.local/share/Paradox Interactive Disable /home/flo/.local/share/torbrowser DISPLAY=:0 parsed as 0 line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 04 00 c000003e jeq ARCH_64 0006 (false 0002) 0002: 20 00 00 00000000 ld data.syscall-number 0003: 15 01 00 00000167 jeq unknown 0005 (false 0004) 0004: 06 00 00 7fff0000 ret ALLOW 0005: 05 00 00 00000006 jmp 000c 0006: 20 00 00 00000004 ld data.architecture 0007: 15 01 00 c000003e jeq ARCH_64 0009 (false 0008) 0008: 06 00 00 7fff0000 ret ALLOW 0009: 20 00 00 00000000 ld data.syscall-number 000a: 15 01 00 00000029 jeq socket 000c (false 000b) 000b: 06 00 00 7fff0000 ret ALLOW 000c: 20 00 00 00000010 ld data.args[0] 000d: 15 00 01 00000001 jeq 1 000e (false 000f) 000e: 06 00 00 7fff0000 ret ALLOW 000f: 15 00 01 00000002 jeq 2 0010 (false 0011) 0010: 06 00 00 7fff0000 ret ALLOW 0011: 15 00 01 0000000a jeq a 0012 (false 0013) 0012: 06 00 00 7fff0000 ret ALLOW 0013: 06 00 00 0005005f ret ERRNO(95) line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 40000003 jeq ARCH_32 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 15 00 01 00000015 jeq 15 0005 (false 0006) 0005: 06 00 00 00000001 ret KILL 0006: 15 00 01 00000034 jeq 34 0007 (false 0008) 0007: 06 00 00 00000001 ret KILL 0008: 15 00 01 0000001a jeq 1a 0009 (false 000a) 0009: 06 00 00 00000001 ret KILL 000a: 15 00 01 0000011b jeq 11b 000b (false 000c) 000b: 06 00 00 00000001 ret KILL 000c: 15 00 01 00000155 jeq 155 000d (false 000e) 000d: 06 00 00 00000001 ret KILL 000e: 15 00 01 00000156 jeq 156 000f (false 0010) 000f: 06 00 00 00000001 ret KILL 0010: 15 00 01 0000007f jeq 7f 0011 (false 0012) 0011: 06 00 00 00000001 ret KILL 0012: 15 00 01 00000080 jeq 80 0013 (false 0014) 0013: 06 00 00 00000001 ret KILL 0014: 15 00 01 0000015e jeq 15e 0015 (false 0016) 0015: 06 00 00 00000001 ret KILL 0016: 15 00 01 00000081 jeq 81 0017 (false 0018) 0017: 06 00 00 00000001 ret KILL 0018: 15 00 01 0000006e jeq 6e 0019 (false 001a) 0019: 06 00 00 00000001 ret KILL 001a: 15 00 01 00000065 jeq 65 001b (false 001c) 001b: 06 00 00 00000001 ret KILL 001c: 15 00 01 00000121 jeq 121 001d (false 001e) 001d: 06 00 00 00000001 ret KILL 001e: 15 00 01 00000057 jeq 57 001f (false 0020) 001f: 06 00 00 00000001 ret KILL 0020: 15 00 01 00000073 jeq 73 0021 (false 0022) 0021: 06 00 00 00000001 ret KILL 0022: 15 00 01 00000067 jeq 67 0023 (false 0024) 0023: 06 00 00 00000001 ret KILL 0024: 15 00 01 0000015b jeq 15b 0025 (false 0026) 0025: 06 00 00 00000001 ret KILL 0026: 15 00 01 0000015c jeq 15c 0027 (false 0028) 0027: 06 00 00 00000001 ret KILL 0028: 15 00 01 00000087 jeq 87 0029 (false 002a) 0029: 06 00 00 00000001 ret KILL 002a: 15 00 01 00000095 jeq 95 002b (false 002c) 002b: 06 00 00 00000001 ret KILL 002c: 15 00 01 0000007c jeq 7c 002d (false 002e) 002d: 06 00 00 00000001 ret KILL 002e: 15 00 01 00000157 jeq 157 002f (false 0030) 002f: 06 00 00 00000001 ret KILL 0030: 15 00 01 000000fd jeq fd 0031 (false 0032) 0031: 06 00 00 00000001 ret KILL 0032: 15 00 01 00000150 jeq 150 0033 (false 0034) 0033: 06 00 00 00000001 ret KILL 0034: 15 00 01 00000152 jeq 152 0035 (false 0036) 0035: 06 00 00 00000001 ret KILL 0036: 15 00 01 0000015d jeq 15d 0037 (false 0038) 0037: 06 00 00 00000001 ret KILL 0038: 15 00 01 0000011e jeq 11e 0039 (false 003a) 0039: 06 00 00 00000001 ret KILL 003a: 15 00 01 0000011f jeq 11f 003b (false 003c) 003b: 06 00 00 00000001 ret KILL 003c: 15 00 01 00000120 jeq 120 003d (false 003e) 003d: 06 00 00 00000001 ret KILL 003e: 15 00 01 00000056 jeq 56 003f (false 0040) 003f: 06 00 00 00000001 ret KILL 0040: 15 00 01 00000033 jeq 33 0041 (false 0042) 0041: 06 00 00 00000001 ret KILL 0042: 15 00 01 0000007b jeq 7b 0043 (false 0044) 0043: 06 00 00 00000001 ret KILL 0044: 15 00 01 000000d9 jeq d9 0045 (false 0046) 0045: 06 00 00 00000001 ret KILL 0046: 15 00 01 000000f5 jeq f5 0047 (false 0048) 0047: 06 00 00 00000001 ret KILL 0048: 15 00 01 000000f6 jeq f6 0049 (false 004a) 0049: 06 00 00 00000001 ret KILL 004a: 15 00 01 000000f7 jeq f7 004b (false 004c) 004b: 06 00 00 00000001 ret KILL 004c: 15 00 01 000000f8 jeq f8 004d (false 004e) 004d: 06 00 00 00000001 ret KILL 004e: 15 00 01 000000f9 jeq f9 004f (false 0050) 004f: 06 00 00 00000001 ret KILL 0050: 15 00 01 00000101 jeq 101 0051 (false 0052) 0051: 06 00 00 00000001 ret KILL 0052: 15 00 01 00000112 jeq 112 0053 (false 0054) 0053: 06 00 00 00000001 ret KILL 0054: 15 00 01 00000114 jeq 114 0055 (false 0056) 0055: 06 00 00 00000001 ret KILL 0056: 15 00 01 00000126 jeq 126 0057 (false 0058) 0057: 06 00 00 00000001 ret KILL 0058: 15 00 01 0000013d jeq 13d 0059 (false 005a) 0059: 06 00 00 00000001 ret KILL 005a: 15 00 01 0000013c jeq 13c 005b (false 005c) 005b: 06 00 00 00000001 ret KILL 005c: 15 00 01 0000003d jeq 3d 005d (false 005e) 005d: 06 00 00 00000001 ret KILL 005e: 15 00 01 00000058 jeq 58 005f (false 0060) 005f: 06 00 00 00000001 ret KILL 0060: 15 00 01 000000a9 jeq a9 0061 (false 0062) 0061: 06 00 00 00000001 ret KILL 0062: 15 00 01 00000082 jeq 82 0063 (false 0064) 0063: 06 00 00 00000001 ret KILL 0064: 06 00 00 7fff0000 ret ALLOW line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005) 0005: 35 01 00 00000000 jge read 0007 (false 0006) 0006: 06 00 00 00050001 ret ERRNO(1) 0007: 15 00 01 0000009f jeq adjtimex 0008 (false 0009) 0008: 06 00 00 00000001 ret KILL 0009: 15 00 01 00000131 jeq clock_adjtime 000a (false 000b) 000a: 06 00 00 00000001 ret KILL 000b: 15 00 01 000000e3 jeq clock_settime 000c (false 000d) 000c: 06 00 00 00000001 ret KILL 000d: 15 00 01 000000a4 jeq settimeofday 000e (false 000f) 000e: 06 00 00 00000001 ret KILL 000f: 15 00 01 0000009a jeq modify_ldt 0010 (false 0011) 0010: 06 00 00 00000001 ret KILL 0011: 15 00 01 000000d4 jeq lookup_dcookie 0012 (false 0013) 0012: 06 00 00 00000001 ret KILL 0013: 15 00 01 0000012a jeq perf_event_open 0014 (false 0015) 0014: 06 00 00 00000001 ret KILL 0015: 15 00 01 00000137 jeq process_vm_writev 0016 (false 0017) 0016: 06 00 00 00000001 ret KILL 0017: 15 00 01 000000b0 jeq delete_module 0018 (false 0019) 0018: 06 00 00 00000001 ret KILL 0019: 15 00 01 00000139 jeq finit_module 001a (false 001b) 001a: 06 00 00 00000001 ret KILL 001b: 15 00 01 000000af jeq init_module 001c (false 001d) 001c: 06 00 00 00000001 ret KILL 001d: 15 00 01 000000a1 jeq chroot 001e (false 001f) 001e: 06 00 00 00000001 ret KILL 001f: 15 00 01 000000a5 jeq mount 0020 (false 0021) 0020: 06 00 00 00000001 ret KILL 0021: 15 00 01 0000009b jeq pivot_root 0022 (false 0023) 0022: 06 00 00 00000001 ret KILL 0023: 15 00 01 000000a6 jeq umount2 0024 (false 0025) 0024: 06 00 00 00000001 ret KILL 0025: 15 00 01 0000009c jeq _sysctl 0026 (false 0027) 0026: 06 00 00 00000001 ret KILL 0027: 15 00 01 000000b7 jeq afs_syscall 0028 (false 0029) 0028: 06 00 00 00000001 ret KILL 0029: 15 00 01 000000ae jeq create_module 002a (false 002b) 002a: 06 00 00 00000001 ret KILL 002b: 15 00 01 000000b1 jeq get_kernel_syms 002c (false 002d) 002c: 06 00 00 00000001 ret KILL 002d: 15 00 01 000000b5 jeq getpmsg 002e (false 002f) 002e: 06 00 00 00000001 ret KILL 002f: 15 00 01 000000b6 jeq putpmsg 0030 (false 0031) 0030: 06 00 00 00000001 ret KILL 0031: 15 00 01 000000b2 jeq query_module 0032 (false 0033) 0032: 06 00 00 00000001 ret KILL 0033: 15 00 01 000000b9 jeq security 0034 (false 0035) 0034: 06 00 00 00000001 ret KILL 0035: 15 00 01 0000008b jeq sysfs 0036 (false 0037) 0036: 06 00 00 00000001 ret KILL 0037: 15 00 01 000000b8 jeq tuxcall 0038 (false 0039) 0038: 06 00 00 00000001 ret KILL 0039: 15 00 01 00000086 jeq uselib 003a (false 003b) 003a: 06 00 00 00000001 ret KILL 003b: 15 00 01 00000088 jeq ustat 003c (false 003d) 003c: 06 00 00 00000001 ret KILL 003d: 15 00 01 000000ec jeq vserver 003e (false 003f) 003e: 06 00 00 00000001 ret KILL 003f: 15 00 01 000000ad jeq ioperm 0040 (false 0041) 0040: 06 00 00 00000001 ret KILL 0041: 15 00 01 000000ac jeq iopl 0042 (false 0043) 0042: 06 00 00 00000001 ret KILL 0043: 15 00 01 000000f6 jeq kexec_load 0044 (false 0045) 0044: 06 00 00 00000001 ret KILL 0045: 15 00 01 00000140 jeq kexec_file_load 0046 (false 0047) 0046: 06 00 00 00000001 ret KILL 0047: 15 00 01 000000a9 jeq reboot 0048 (false 0049) 0048: 06 00 00 00000001 ret KILL 0049: 15 00 01 000000a7 jeq swapon 004a (false 004b) 004a: 06 00 00 00000001 ret KILL 004b: 15 00 01 000000a8 jeq swapoff 004c (false 004d) 004c: 06 00 00 00000001 ret KILL 004d: 15 00 01 00000130 jeq open_by_handle_at 004e (false 004f) 004e: 06 00 00 00000001 ret KILL 004f: 15 00 01 0000012f jeq name_to_handle_at 0050 (false 0051) 0050: 06 00 00 00000001 ret KILL 0051: 15 00 01 000000fb jeq ioprio_set 0052 (false 0053) 0052: 06 00 00 00000001 ret KILL 0053: 15 00 01 00000067 jeq syslog 0054 (false 0055) 0054: 06 00 00 00000001 ret KILL 0055: 15 00 01 0000012c jeq fanotify_init 0056 (false 0057) 0056: 06 00 00 00000001 ret KILL 0057: 15 00 01 00000138 jeq kcmp 0058 (false 0059) 0058: 06 00 00 00000001 ret KILL 0059: 15 00 01 000000f8 jeq add_key 005a (false 005b) 005a: 06 00 00 00000001 ret KILL 005b: 15 00 01 000000f9 jeq request_key 005c (false 005d) 005c: 06 00 00 00000001 ret KILL 005d: 15 00 01 000000ed jeq mbind 005e (false 005f) 005e: 06 00 00 00000001 ret KILL 005f: 15 00 01 00000100 jeq migrate_pages 0060 (false 0061) 0060: 06 00 00 00000001 ret KILL 0061: 15 00 01 00000117 jeq move_pages 0062 (false 0063) 0062: 06 00 00 00000001 ret KILL 0063: 15 00 01 000000fa jeq keyctl 0064 (false 0065) 0064: 06 00 00 00000001 ret KILL 0065: 15 00 01 000000ce jeq io_setup 0066 (false 0067) 0066: 06 00 00 00000001 ret KILL 0067: 15 00 01 000000cf jeq io_destroy 0068 (false 0069) 0068: 06 00 00 00000001 ret KILL 0069: 15 00 01 000000d0 jeq io_getevents 006a (false 006b) 006a: 06 00 00 00000001 ret KILL 006b: 15 00 01 000000d1 jeq io_submit 006c (false 006d) 006c: 06 00 00 00000001 ret KILL 006d: 15 00 01 000000d2 jeq io_cancel 006e (false 006f) 006e: 06 00 00 00000001 ret KILL 006f: 15 00 01 000000d8 jeq remap_file_pages 0070 (false 0071) 0070: 06 00 00 00000001 ret KILL 0071: 15 00 01 00000143 jeq userfaultfd 0072 (false 0073) 0072: 06 00 00 00000001 ret KILL 0073: 15 00 01 000000a3 jeq acct 0074 (false 0075) 0074: 06 00 00 00000001 ret KILL 0075: 15 00 01 00000141 jeq bpf 0076 (false 0077) 0076: 06 00 00 00000001 ret KILL 0077: 15 00 01 000000b4 jeq nfsservctl 0078 (false 0079) 0078: 06 00 00 00000001 ret KILL 0079: 15 00 01 000000ab jeq setdomainname 007a (false 007b) 007a: 06 00 00 00000001 ret KILL 007b: 15 00 01 000000aa jeq sethostname 007c (false 007d) 007c: 06 00 00 00000001 ret KILL 007d: 15 00 01 00000099 jeq vhangup 007e (false 007f) 007e: 06 00 00 00000001 ret KILL 007f: 15 00 01 00000065 jeq ptrace 0080 (false 0081) 0080: 06 00 00 00000001 ret KILL 0081: 15 00 01 00000087 jeq personality 0082 (false 0083) 0082: 06 00 00 00000001 ret KILL 0083: 15 00 01 00000136 jeq process_vm_readv 0084 (false 0085) 0084: 06 00 00 00000001 ret KILL 0085: 06 00 00 7fff0000 ret ALLOW line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005) 0005: 35 01 00 00000000 jge read 0007 (false 0006) 0006: 06 00 00 00050001 ret ERRNO(1) 0007: 15 00 05 00000009 jeq mmap 0008 (false 000d) 0008: 20 00 00 00000020 ld data.args[10] 0009: 54 00 00 00000006 and 00000006 000a: 15 00 01 00000006 jeq 6 000b (false 000c) 000b: 06 00 00 00000001 ret KILL 000c: 06 00 00 7fff0000 ret ALLOW 000d: 15 00 05 0000000a jeq a 000e (false 0013) 000e: 20 00 00 00000020 ld data.args[10] 000f: 54 00 00 00000004 and 00000004 0010: 15 00 01 00000004 jeq 4 0011 (false 0012) 0011: 06 00 00 00000001 ret KILL 0012: 06 00 00 7fff0000 ret ALLOW 0013: 15 00 05 00000149 jeq 149 0014 (false 0019) 0014: 20 00 00 00000020 ld data.args[10] 0015: 54 00 00 00000004 and 00000004 0016: 15 00 01 00000004 jeq 4 0017 (false 0018) 0017: 06 00 00 00000001 ret KILL 0018: 06 00 00 7fff0000 ret ALLOW 0019: 15 00 05 0000001e jeq 1e 001a (false 001f) 001a: 20 00 00 00000020 ld data.args[10] 001b: 54 00 00 00008000 and 00008000 001c: 15 00 01 00008000 jeq 8000 001d (false 001e) 001d: 06 00 00 00000001 ret KILL 001e: 06 00 00 7fff0000 ret ALLOW 001f: 15 00 01 0000013f jeq 13f 0020 (false 0021) 0020: 06 00 00 00000001 ret KILL 0021: 06 00 00 7fff0000 ret ALLOW 0022: 06 00 00 7fff0000 ret ALLOW line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 40000003 jeq ARCH_32 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 15 00 01 0000005a jeq 5a 0005 (false 0006) 0005: 06 00 00 00000001 ret KILL 0006: 15 00 05 000000c0 jeq c0 0007 (false 000c) 0007: 20 00 00 00000020 ld data.args[10] 0008: 54 00 00 00000006 and 00000006 0009: 15 00 01 00000006 jeq 6 000a (false 000b) 000a: 06 00 00 00000001 ret KILL 000b: 06 00 00 7fff0000 ret ALLOW 000c: 15 00 05 0000007d jeq 7d 000d (false 0012) 000d: 20 00 00 00000020 ld data.args[10] 000e: 54 00 00 00000004 and 00000004 000f: 15 00 01 00000004 jeq 4 0010 (false 0011) 0010: 06 00 00 00000001 ret KILL 0011: 06 00 00 7fff0000 ret ALLOW 0012: 15 00 05 0000017c jeq 17c 0013 (false 0018) 0013: 20 00 00 00000020 ld data.args[10] 0014: 54 00 00 00000004 and 00000004 0015: 15 00 01 00000004 jeq 4 0016 (false 0017) 0016: 06 00 00 00000001 ret KILL 0017: 06 00 00 7fff0000 ret ALLOW 0018: 15 00 05 0000018d jeq 18d 0019 (false 001e) 0019: 20 00 00 00000020 ld data.args[10] 001a: 54 00 00 00008000 and 00008000 001b: 15 00 01 00008000 jeq 8000 001c (false 001d) 001c: 06 00 00 00000001 ret KILL 001d: 06 00 00 7fff0000 ret ALLOW 001e: 15 00 01 00000164 jeq 164 001f (false 0020) 001f: 06 00 00 00000001 ret KILL 0020: 06 00 00 7fff0000 ret ALLOW 0021: 06 00 00 7fff0000 ret ALLOW Disable /home/flo/.local/share/vlc Disable /home/flo/.local/share/vpltd Disable /home/flo/.local/share/vulkan Disable /home/flo/.local/share/zathura Disable /home/flo/.mbwarband Disable /home/flo/.mozilla Disable /home/flo/.paradoxinteractive Disable /home/flo/.purple Disable /home/flo/.pylint.d Disable /home/flo/.steam Disable /home/flo/.surf Disable /home/flo/.tor-browser Not blacklist /tmp/ssh-* Disable /home/flo/.cache/Zeal Disable /home/flo/.cache/babl Disable /home/flo/.cache/chromium Disable /home/flo/.cache/fractal Disable /home/flo/.cache/gegl-0.4 Disable /home/flo/.cache/gimp Disable /home/flo/.cache/inkscape Disable /home/flo/.cache/keepassxc Disable /home/flo/.cache/lutris Disable /home/flo/.cache/mozilla Disable /home/flo/.cache/pip Disable /home/flo/.cache/transmission Disable /home/flo/.cache/winetricks Disable /home/flo/.cache/youtube-dl Mounting tmpfs on /home/flo/.cache, check owner: yes 1382 1256 0:103 / /home/flo/.cache rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,mode=755,uid=1000,gid=1000,inode64 mountid=1382 fsname=/ dir=/home/flo/.cache fstype=tmpfs Disable /sys/fs Disable /sys/module disable pulseaudio blacklist /home/flo/.config/pulse blacklist /run/user/1000/pulse/native blacklist /run/user/1000/pulse Create the new ld.so.preload file Mount the new ld.so.preload file Current directory: /home/flo Install protocol filter: unix,inet,inet6 configuring 20 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol configuring 101 seccomp entries in /run/firejail/mnt/seccomp/seccomp.32 sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.32 Dual 32/64 bit seccomp filter configured configuring 134 seccomp entries in /run/firejail/mnt/seccomp/seccomp sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp seccomp filter configured Install memory write&execute filter configuring 35 seccomp entries in /run/firejail/mnt/seccomp/seccomp.mdwx sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.mdwx configuring 34 seccomp entries in /run/firejail/mnt/seccomp/seccomp.mdwx.32 sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.mdwx.32 Mounting read-only /run/firejail/mnt/seccomp 1389 599 0:88 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755,inode64 mountid=1389 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs Seccomp directory: ls /run/firejail/mnt/seccomp drwxr-xr-x root root 200 . drwxr-xr-x root root 360 .. -rw-r--r-- flo flo 1072 seccomp -rw-r--r-- flo flo 808 seccomp.32 -rw-r--r-- flo flo 195 seccomp.list -rw-r--r-- flo flo 280 seccomp.mdwx -rw-r--r-- flo flo 272 seccomp.mdwx.32 -rw-r--r-- flo flo 0 seccomp.postexec -rw-r--r-- flo flo 0 seccomp.postexec32 -rw-r--r-- flo flo 160 seccomp.protocol Active seccomp files: cat /run/firejail/mnt/seccomp/seccomp.list /run/firejail/mnt/seccomp/seccomp.protocol /run/firejail/mnt/seccomp/seccomp.32 /run/firejail/mnt/seccomp/seccomp /run/firejail/mnt/seccomp/seccomp.mdwx /run/firejail/mnt/seccomp/seccomp.mdwx.32 Dropping all capabilities NO_NEW_PRIVS set Drop privileges: pid 1, uid 1000, gid 1000, nogroups 1 No supplementary groups ...... output of server snipped out ........ Connection to host closed. Found disable-common.inc profile in /etc/firejail directory Found disable-exec.inc profile in /etc/firejail directory Found disable-passwdmgr.inc profile in /etc/firejail directory Found disable-programs.inc profile in /etc/firejail directory Found whitelist-usr-share-common.inc profile in /etc/firejail directory Found whitelist-runuser-common.inc profile in /etc/firejail directory Enabling IPC namespace Using the local network stack ``` </details>
gitea-mirror commented 2026-05-05 09:09:38 -06:00
Author
Owner
Copy link

@ghost commented on GitHub (Feb 7, 2021):

From your debug output:

Reading profile /home/flo/.config/firejail/ssh.profile
[...]

Please post that file here. As this is not a local override (ssh.local) but a complete replacement of our default /etc/firejail/ssh.profile it's rather hard to debug this without eyes on it. We just need to make sure your (self-made?) profile is not interfering and is working as expected.

<!-- gh-comment-id:774697705 --> @ghost commented on GitHub (Feb 7, 2021): From your debug output: Reading profile /home/flo/.config/firejail/ssh.profile [...] Please post that file here. As this is not a local override (ssh.local) but a complete replacement of our default /etc/firejail/ssh.profile it's rather hard to debug this without eyes on it. We just need to make sure your (self-made?) profile is not interfering and is working as expected.
gitea-mirror commented 2026-05-05 09:09:39 -06:00
Author
Owner
Copy link

@Lesstat commented on GitHub (Feb 7, 2021):

The contents of /home/flo/.config/firejail/ssh.profile are:

whitelist ${RUNUSER}/gnupg/d.95o9fuqk3thgmykj8g9w9aio/S.gpg-agent.ssh
include /etc/firejail/ssh.profile
<!-- gh-comment-id:774707175 --> @Lesstat commented on GitHub (Feb 7, 2021): The contents of `/home/flo/.config/firejail/ssh.profile` are: ``` whitelist ${RUNUSER}/gnupg/d.95o9fuqk3thgmykj8g9w9aio/S.gpg-agent.ssh include /etc/firejail/ssh.profile ```
gitea-mirror commented 2026-05-05 09:09:40 -06:00
Author
Owner
Copy link

@ghost commented on GitHub (Feb 7, 2021):

whitelist ${RUNUSER}/gnupg/d.95o9fuqk3thgmykj8g9w9aio/S.gpg-agent.ssh

Looks like a path that changes per invocation. We have globbing support in whitelist now, so it might be wise to use that instead of hardcoding it:

whitelist ${RUNUSER}/gnupg/*/S.gpg-agent.ssh
<!-- gh-comment-id:774729157 --> @ghost commented on GitHub (Feb 7, 2021): > whitelist ${RUNUSER}/gnupg/d.95o9fuqk3thgmykj8g9w9aio/S.gpg-agent.ssh Looks like a path that changes per invocation. We have `globbing` support in whitelist now, so it might be wise to use that instead of hardcoding it: ``` whitelist ${RUNUSER}/gnupg/*/S.gpg-agent.ssh ```
gitea-mirror commented 2026-05-05 09:09:41 -06:00
Author
Owner
Copy link

@Lesstat commented on GitHub (Feb 7, 2021):

Looks like a path that changes per invocation. We have globbing support in whitelist now, so it might be wise to use that instead of hardcoding it:

Thanks a lot for that tip! I fixed in my setup, which makes me happy because the profile is cleaner. Unfortunately, the problem remains the same after the fix

<!-- gh-comment-id:774731777 --> @Lesstat commented on GitHub (Feb 7, 2021): > Looks like a path that changes per invocation. We have globbing support in whitelist now, so it might be wise to use that instead of hardcoding it: Thanks a lot for that tip! I fixed in my setup, which makes me happy because the profile is cleaner. Unfortunately, the problem remains the same after the fix
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2475
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?