github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #4039] patch: program fails to run on Artix Linux #2514

New issue
Open
opened 2026-05-05 09:11:45 -06:00 by gitea-mirror · 8 comments
gitea-mirror commented 2026-05-05 09:11:45 -06:00
Owner
Copy link

Originally created by @ZachIndigo on GitHub (Mar 3, 2021).
Original GitHub issue: https://github.com/netblue30/firejail/issues/4039

Write clear, concise and in textual form.

Bug and expected behavior

  • Describe the bug.

Patch always fails to run, complains about missing libdl.so.2 library (which is installed and in /usr/lib).

  • What did you expect to happen?

I expected the patch command to work properly.

No profile and disabling firejail

  • What changed calling firejail --noprofile /path/to/program in a terminal?

Patch works properly, no complaint about missing library.

  • What changed calling the program by path (check which <program> or firejail --list while the sandbox is running)?

Patch works correctly, no complaint about missing library.

Reproduce
Steps to reproduce the behavior:

  1. Run in bash firejail patch
  2. See error /usr/sbin/patch: error while loading shared libraries: libdl.so.2: cannot open shared object file: No such file or directory

Environment

  • Linux distribution and version (ie output of lsb_release -a, screenfetch or cat /etc/os-release)

Artix Linux (fork of Arch), up-to-date

  • Firejail version (output of firejail --version) exclusive or used git commit (git rev-parse HEAD)

Firejail version 0.9.64.4

Additional context
Other context about the problem like related errors to understand the problem.

Patch will also start to work if I comment out the 'private-lib' line in the config.

Checklist

  • The profile (and redirect profile if exists) hasn't already been fixed upstream.

Trying the master-branch patch.profile does not fix the issue either.

  • The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)

I am using the upstream patch.profile

  • I have performed a short search for similar issues (to avoid opening a duplicate).
  • If it is a AppImage, --profile=PROFILENAME is used to set the right profile.

It is not an appimage.

  • Used LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 PROGRAM to get english error-messages.

  • I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.

debug output 
OUTPUT OF `firejail --debug PROGRAM`

DISPLAY=:0 parsed as 0
Autoselecting /bin/zsh as shell
Building quoted command line: 'patch' '-p1' 
Command name #patch#
Found patch.profile profile in /etc/firejail directory
Found patch.local profile in /etc/firejail directory
Found disable-common.inc profile in /etc/firejail directory
Found disable-devel.inc profile in /etc/firejail directory
Found disable-exec.inc profile in /etc/firejail directory
Found disable-interpreters.inc profile in /etc/firejail directory
Found disable-passwdmgr.inc profile in /etc/firejail directory
Found disable-shell.inc profile in /etc/firejail directory
Found disable-xdg.inc profile in /etc/firejail directory
Found whitelist-usr-share-common.inc profile in /etc/firejail directory
Found whitelist-var-common.inc profile in /etc/firejail directory
Enabling IPC namespace
Initializing child process
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp directory
Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file
sbox run: /run/firejail/lib/fnet ifup lo 
Network namespace enabled, only loopback interface available
Build protocol filter: unix
sbox run: /run/firejail/lib/fseccomp protocol build unix /run/firejail/mnt/seccomp/seccomp.protocol 
Mounting /proc filesystem representing the PID namespace
Basic read-only filesystem:
Mounting read-only /etc
94 59 254:0 /etc /etc ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=94 fsname=/etc dir=/etc fstype=ext4
Mounting noexec /etc
95 94 254:0 /etc /etc ro,nosuid,nodev,noexec,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=95 fsname=/etc dir=/etc fstype=ext4
Mounting read-only /var
96 59 254:0 /var /var ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=96 fsname=/var dir=/var fstype=ext4
Mounting noexec /var
97 96 254:0 /var /var ro,nosuid,nodev,noexec,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=97 fsname=/var dir=/var fstype=ext4
Mounting read-only /usr
98 59 254:0 /usr /usr ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=98 fsname=/usr dir=/usr fstype=ext4
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Cleaning /run/user directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /home/zachir/.config/firejail
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/profile
Disable /run/firejail/x11
Disable /run/firejail/appimage
Mounting tmpfs on /dev
Process /dev/shm directory
Copying files in the new bin directory
Checking /usr/local/bin/patch
firejail exec symlink detected
Checking /usr/bin/patch
sbox run: /run/firejail/lib/fcopy /usr/bin/patch /run/firejail/mnt/bin 
Checking /usr/local/bin/red
Checking /usr/bin/red
Checking /bin/red
Checking /usr/games/red
Checking /usr/local/games/red
Checking /usr/local/sbin/red
Checking /usr/sbin/red
Checking /sbin/red
Mount-bind /run/firejail/mnt/bin on top of /usr/local/bin
Mount-bind /run/firejail/mnt/bin on top of /usr/bin
Mount-bind /run/firejail/mnt/bin on top of /bin
Mount-bind /run/firejail/mnt/bin on top of /usr/local/games
Mount-bind /run/firejail/mnt/bin on top of /usr/local/sbin
Mount-bind /run/firejail/mnt/bin on top of /usr/sbin
Mount-bind /run/firejail/mnt/bin on top of /sbin
Starting private-lib processing: program patch, shell none
Installing standard C library
    copying /lib64/libapparmor.so.1 to private /run/firejail/mnt/lib
sbox run: /run/firejail/lib/fcopy --follow-link /lib64/libapparmor.so.1 /run/firejail/mnt/lib 
    copying /lib64/libc.so.6 to private /run/firejail/mnt/lib
sbox run: /run/firejail/lib/fcopy --follow-link /lib64/libc.so.6 /run/firejail/mnt/lib 
    copying /lib64/libnsl.so.2 to private /run/firejail/mnt/lib
sbox run: /run/firejail/lib/fcopy --follow-link /lib64/libnsl.so.2 /run/firejail/mnt/lib 
    copying /lib64/libnsl.so.2.0.1 to private /run/firejail/mnt/lib
sbox run: /run/firejail/lib/fcopy --fDebug 456: new_name #/usr/share/alsa#, whitelist
Debug 456: new_name #/usr/share/applications#, whitelist
Debug 456: new_name #/usr/share/ca-certificates#, whitelist
Debug 456: new_name #/usr/share/crypto-policies#, whitelist
ollow-link /lib64/libnsl.so.2.0.1 /run/firejail/mnt/lib 
    copying /lib64/libapparmor.so.1.8.0 to private /run/firejail/mnt/lib
sbox run: /run/firejail/lib/fcopy --follow-link /lib64/libapparmor.so.1.8.0 /run/firejail/mnt/lib 
    copying /lib64/libpcre2-8.so.0.10.1 to private /run/firejail/mnt/lib
sbox run: /run/firejail/lib/fcopy --follow-link /lib64/libpcre2-8.so.0.10.1 /run/firejail/mnt/lib 
    copying /lib64/libmemusage.so to private /run/firejail/mnt/lib
sbox run: /run/firejail/lib/fcopy --follow-link /lib64/libmemusage.so /run/firejail/mnt/lib 
    copying /lib64/libcrypt.so.2.0.0 to private /run/firejail/mnt/lib
sbox run: /run/firejail/lib/fcopy --follow-link /lib64/libcrypt.so.2.0.0 /run/firejail/mnt/lib 
    copying /lib64/libpcre2-8.so.0 to private /run/firejail/mnt/lib
sbox run: /run/firejail/lib/fcopy --follow-link /lib64/libpcre2-8.so.0 /run/firejail/mnt/lib 
    copying /lib64/libthread_db.so.1 to private /run/firejail/mnt/lib
sbox run: /run/firejail/lib/fcopy --follow-link /lib64/libthread_db.so.1 /run/firejail/mnt/lib 
    copying /lib64/ld-linux-x86-64.so.2 to private /run/firejail/mnt/lib
sbox run: /run/firejail/lib/fcopy --follow-link /lib64/ld-linux-x86-64.so.2 /run/firejail/mnt/lib 
    copying /lib64/libcrypt.so.2 to private /run/firejail/mnt/lib
sbox run: /run/firejail/lib/fcopy --follow-link /lib64/libcrypt.so.2 /run/firejail/mnt/lib 
    copying /lib64/libpthread.so.0 to private /run/firejail/mnt/lib
sbox run: /run/firejail/lib/fcopy --follow-link /lib64/libpthread.so.0 /run/firejail/mnt/lib 
    fslib_copy_dir /usr/lib/locale
Installing Firejail libraries
    fslib_install_list  /usr/bin/firejail
    fslib_install_list  /usr/lib/firejail
    fslib_copy_dir /usr/lib/firejail
Installing sandboxed program libraries
Searching $PATH for patch
trying #/home/zachir/.local/scripts/patch#
trying #/home/zachir/.local/share/cargo/bin/patch#
trying #/home/zachir/.local/share/go/bin/patch#
trying #/home/zachir/.local/bin/patch#
trying #/opt/REAPER/patch#
trying #/usr/local/sbin/patch#
    fslib_install_list  /usr/local/sbin/patch
    fslib_copy_libs /usr/local/sbin/patch
Creating empty /run/firejail/mnt/libfiles file
    running fldd /usr/local/sbin/patch
sbox run: /run/firejail/lib/fldd /usr/local/sbin/patch /run/firejail/mnt/libfiles 
    copying /lib64/libattr.so.1 to private /run/firejail/mnt/lib
sbox run: /run/firejail/lib/fcopy --follow-link /lib64/libattr.so.1 /run/firejail/mnt/lib 
Processing private-lib files
    fslib_install_list  libdl.so.*,libfakeroot
    fslib_copy_dir /usr/lib/libfakeroot
    fslib_copy_dir /lib/libfakeroot
    fslib_copy_dir /lib64/libfakeroot
    fslib_copy_dir /usr/lib/libfakeroot
Processing private-bin files
    fslib_install_list  patch,/usr/bin/patch
    fslib_copy_libs /usr/bin/patch
Creating empty /run/firejail/mnt/libfiles file
    running fldd /usr/bin/patch
sbox run: /run/firejail/lib/fldd /usr/bin/patch /run/firejail/mnt/libfiles 
Installing system libraries
Mount-bind /run/firejail/mnt/lib on top of /lib /lib64 /usr/lib
Creating empty /run/firejail/mnt/dbus directory
Creating empty /run/firejail/mnt/dbus/user file
blacklist /run/dbus/system_bus_socket
blacklist /home/zachir/.dbus
Creating empty /run/firejail/mnt/dbus/system file
blacklist /run/dbus/system_bus_socket
blacklist /run/firejail/dbus
Mounting read-only /proc/sys
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/sched_debug
Disable /proc/timer_list
Disable /proc/kcore
Disable /proc/kallsyms
Disable /boot
Disable /run/user/1000/gnupg
Disable /run/user/1000/systemd
Disable /proc/kmsg
Removed whitelist/nowhitelist path: whitelist /usr/share/crypto-policies
	expanded: /usr/share/crypto-policies
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/cursors#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/cursors
	expanded: /usr/share/cursors
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/dconf#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/dconf
	expanded: /usr/share/dconf
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/distro-info#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/distro-info
	expanded: /usr/share/distro-info
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/drirc.d#, whitelist
Debug 456: new_name #/usr/share/enchant#, whitelist
Debug 456: new_name #/usr/share/enchant-2#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/enchant-2
	expanded: /usr/share/enchant-2
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/file#, whitelist
Debug 456: new_name #/usr/share/fontconfig#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/fontconfig
	expanded: /usr/share/fontconfig
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/fonts#, whitelist
Debug 456: new_name #/usr/share/fonts-config#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/fonts-config
	expanded: /usr/share/fonts-config
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/gir-1.0#, whitelist
Debug 456: new_name #/usr/share/gjs-1.0#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/gjs-1.0
	expanded: /usr/share/gjs-1.0
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/glib-2.0#, whitelist
Debug 456: new_name #/usr/share/glvnd#, whitelist
Debug 456: new_name #/usr/share/gtk-2.0#, whitelist
Debug 456: new_name #/usr/share/gtk-3.0#, whitelist
Debug 456: new_name #/usr/share/gtk-engines#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/gtk-engines
	expanded: /usr/share/gtk-engines
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/gtksourceview-3.0#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/gtksourceview-3.0
	expanded: /usr/share/gtksourceview-3.0
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/gtksourceview-4#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/gtksourceview-4
	expanded: /usr/share/gtksourceview-4
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/hunspell#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/hunspell
	expanded: /usr/share/hunspell
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/hwdata#, whitelist
Debug 456: new_name #/usr/share/icons#, whitelist
Debug 456: new_name #/usr/share/icu#, whitelist
Debug 456: new_name #/usr/share/knotifications5#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/knotifications5
	expanded: /usr/share/knotifications5
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/kservices5#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/kservices5
	expanded: /usr/share/kservices5
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/Kvantum#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/Kvantum
	expanded: /usr/share/Kvantum
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/kxmlgui5#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/kxmlgui5
	expanded: /usr/share/kxmlgui5
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/libdrm#, whitelist
Debug 456: new_name #/usr/share/libthai#, whitelist
Debug 456: new_name #/usr/share/locale#, whitelist
Debug 456: new_name #/usr/share/mime#, whitelist
Debug 456: new_name #/usr/share/misc#, whitelist
Debug 456: new_name #/usr/share/Modules#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/Modules
	expanded: /usr/share/Modules
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/myspell#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/myspell
	expanded: /usr/share/myspell
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/p11-kit#, whitelist
Debug 456: new_name #/usr/share/perl#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/perl
	expanded: /usr/share/perl
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/perl5#, whitelist
Debug 456: new_name #/usr/share/pixmaps#, whitelist
Debug 456: new_name #/usr/share/pki#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/pki
	expanded: /usr/share/pki
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/plasma#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/plasma
	expanded: /usr/share/plasma
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/publicsuffix#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/publicsuffix
	expanded: /usr/share/publicsuffix
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/qt#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/qt
	expanded: /usr/share/qt
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/qt4#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/qt4
	expanded: /usr/share/qt4
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/qt5#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/qt5
	expanded: /usr/share/qt5
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/qt5ct#, whitelist
Debug 456: new_name #/usr/share/sounds#, whitelist
Debug 456: new_name #/usr/share/tcl8.6#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/tcl8.6
	expanded: /usr/share/tcl8.6
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/tcltk#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/tcltk
	expanded: /usr/share/tcltk
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/terminfo#, whitelist
Debug 456: new_name #/usr/share/texlive#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/texlive
	expanded: /usr/share/texlive
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/texmf#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/texmf
	expanded: /usr/share/texmf
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/themes#, whitelist
Debug 456: new_name #/usr/share/thumbnail.so#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/thumbnail.so
	expanded: /usr/share/thumbnail.so
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/usr/share/vulkan#, whitelist
Debug 456: new_name #/usr/share/X11#, whitelist
Debug 456: new_name #/usr/share/xml#, whitelist
Debug 456: new_name #/usr/share/zenity#, whitelist
Debug 456: new_name #/usr/share/zoneinfo#, whitelist
Debug 456: new_name #/var/lib/ca-certificates#, whitelist
Removed whitelist/nowhitelist path: whitelist /var/lib/ca-certificates
	expanded: /var/lib/ca-certificates
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/var/lib/dbus#, whitelist
Removed whitelist/nowhitelist path: whitelist /var/lib/dbus
	expanded: /var/lib/dbus
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/var/lib/menu-xdg#, whitelist
Removed whitelist/nowhitelist path: whitelist /var/lib/menu-xdg
	expanded: /var/lib/menu-xdg
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/var/lib/uim#, whitelist
Removed whitelist/nowhitelist path: whitelist /var/lib/uim
	expanded: /var/lib/uim
	real path: (null)
	realpath: No such file or directory
Debug 456: new_name #/var/cache/fontconfig#, whitelist
Debug 456: new_name #/var/tmp#, whitelist
Debug 456: new_name #/var/run#, whitelist
Debug 456: new_name #/var/lock#, whitelist
Replaced whitelist path: whitelist /run
Replaced whitelist path: whitelist /run/lock
Mounting tmpfs on /var directory
Mounting tmpfs on /usr/share directory
Whitelisting /usr/share/alsa
161 160 254:0 /usr/share/alsa /usr/share/alsa ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=161 fsname=/usr/share/alsa dir=/usr/share/alsa fstype=ext4
Whitelisting /usr/share/applications
162 160 254:0 /usr/share/applications /usr/share/applications ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=162 fsname=/usr/share/applications dir=/usr/share/applications fstype=ext4
Whitelisting /usr/share/ca-certificates
163 160 254:0 /usr/share/ca-certificates /usr/share/ca-certificates ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=163 fsname=/usr/share/ca-certificates dir=/usr/share/ca-certificates fstype=ext4
Whitelisting /usr/share/drirc.d
164 160 254:0 /usr/share/drirc.d /usr/share/drirc.d ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=164 fsname=/usr/share/drirc.d dir=/usr/share/drirc.d fstype=ext4
Whitelisting /usr/share/enchant
165 160 254:0 /usr/share/enchant /usr/share/enchant ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=165 fsname=/usr/share/enchant dir=/usr/share/enchant fstype=ext4
Whitelisting /usr/share/file
166 160 254:0 /usr/share/file /usr/share/file ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=166 fsname=/usr/share/file dir=/usr/share/file fstype=ext4
Whitelisting /usr/share/fonts
167 160 254:0 /usr/share/fonts /usr/share/fonts ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=167 fsname=/usr/share/fonts dir=/usr/share/fonts fstype=ext4
Whitelisting /usr/share/gir-1.0
168 160 254:0 /usr/share/gir-1.0 /usr/share/gir-1.0 ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=168 fsname=/usr/share/gir-1.0 dir=/usr/share/gir-1.0 fstype=ext4
Whitelisting /usr/share/glib-2.0
169 160 254:0 /usr/share/glib-2.0 /usr/share/glib-2.0 ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=169 fsname=/usr/share/glib-2.0 dir=/usr/share/glib-2.0 fstype=ext4
Whitelisting /usr/share/glvnd
170 160 254:0 /usr/share/glvnd /usr/share/glvnd ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=170 fsname=/usr/share/glvnd dir=/usr/share/glvnd fstype=ext4
Whitelisting /usr/share/gtk-2.0
171 160 254:0 /usr/share/gtk-2.0 /usr/share/gtk-2.0 ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=171 fsname=/usr/share/gtk-2.0 dir=/usr/share/gtk-2.0 fstype=ext4
Whitelisting /usr/share/gtk-3.0
172 160 254:0 /usr/share/gtk-3.0 /usr/share/gtk-3.0 ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=172 fsname=/usr/share/gtk-3.0 dir=/usr/share/gtk-3.0 fstype=ext4
Whitelisting /usr/share/hwdata
173 160 254:0 /usr/share/hwdata /usr/share/hwdata ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=173 fsname=/usr/share/hwdata dir=/usr/share/hwdata fstype=ext4
Whitelisting /usr/share/icons
174 160 254:0 /usr/share/icons /usr/share/icons ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=174 fsname=/usr/share/icons dir=/usr/share/icons fstype=ext4
Whitelisting /usr/share/icu
175 160 254:0 /usr/share/icu /usr/share/icu ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=175 fsname=/usr/share/icu dir=/usr/share/icu fstype=ext4
Whitelisting /usr/share/libdrm
176 160 254:0 /usr/share/libdrm /usr/share/libdrm ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=176 fsname=/usr/share/libdrm dir=/usr/share/libdrm fstype=ext4
Whitelisting /usr/share/libthai
177 160 254:0 /usr/share/libthai /usr/share/libthai ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=177 fsname=/usr/share/libthai dir=/usr/share/libthai fstype=ext4
Whitelisting /usr/share/locale
178 160 254:0 /usr/share/locale /usr/share/locale ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=178 fsname=/usr/share/locale dir=/usr/share/locale fstype=ext4
Whitelisting /usr/share/mime
179 160 254:0 /usr/share/mime /usr/share/mime ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=179 fsname=/usr/share/mime dir=/usr/share/mime fstype=ext4
Whitelisting /usr/share/misc
180 160 254:0 /usr/share/misc /usr/share/misc ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=180 fsname=/usr/share/misc dir=/usr/share/misc fstype=ext4
Whitelisting /usr/share/p11-kit
181 160 254:0 /usr/share/p11-kit /usr/share/p11-kit ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=181 fsname=/usr/share/p11-kit dir=/usr/share/p11-kit fstype=ext4
Whitelisting /usr/share/perl5
182 160 254:0 /usr/share/perl5 /usr/share/perl5 ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=182 fsname=/usr/share/perl5 dir=/usr/share/perl5 fstype=ext4
Whitelisting /usr/share/pixmaps
183 160 254:0 /usr/share/pixmaps /usr/share/pixmaps ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=183 fsname=/usr/share/pixmaps dir=/usr/share/pixmaps fstype=ext4
Whitelisting /usr/share/qt5ct
184 160 254:0 /usr/share/qt5ct /usr/share/qt5ct ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=184 fsname=/usr/share/qt5ct dir=/usr/share/qt5ct fstype=ext4
Whitelisting /usr/share/sounds
185 160 254:0 /usr/share/sounds /usr/share/sounds ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=185 fsname=/usr/share/sounds dir=/usr/share/sounds fstype=ext4
Whitelisting /usr/share/terminfo
186 160 254:0 /usr/share/terminfo /usr/share/terminfo ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=186 fsname=/usr/share/terminfo dir=/usr/share/terminfo fstype=ext4
Whitelisting /usr/share/themes
187 160 254:0 /usr/share/themes /usr/share/themes ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=187 fsname=/usr/share/themes dir=/usr/share/themes fstype=ext4
Whitelisting /usr/share/vulkan
188 160 254:0 /usr/share/vulkan /usr/share/vulkan ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=188 fsname=/usr/share/vulkan dir=/usr/share/vulkan fstype=ext4
Whitelisting /usr/share/X11
189 160 254:0 /usr/share/X11 /usr/share/X11 ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=189 fsname=/usr/share/X11 dir=/usr/share/X11 fstype=ext4
Whitelisting /usr/share/xml
190 160 254:0 /usr/share/xml /usr/share/xml ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=190 fsname=/usr/share/xml dir=/usr/share/xml fstype=ext4
Whitelisting /usr/share/zenity
191 160 254:0 /usr/share/zenity /usr/share/zenity ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=191 fsname=/usr/share/zenity dir=/usr/share/zenity fstype=ext4
Whitelisting /usr/share/zoneinfo
192 160 254:0 /usr/share/zoneinfo /usr/share/zoneinfo ro,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=192 fsname=/usr/share/zoneinfo dir=/usr/share/zoneinfo fstype=ext4
Whitelisting /var/cache/fontconfig
193 158 254:0 /var/cache/fontconfig /var/cache/fontconfig ro,nosuid,nodev,noexec,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=193 fsname=/var/cache/fontconfig dir=/var/cache/fontconfig fstype=ext4
Whitelisting /var/tmp
194 158 0:54 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw,inode64
mountid=194 fsname=/ dir=/var/tmp fstype=tmpfs
Created symbolic link /var/run -> /run
Created symbolic link /var/lock -> /run/lock
Disable /run/user/1000
Directory ${DOCUMENTS} resolved as Documents
Disable /home/zachir/.local/share/Trash
Disable /home/zachir/.bash_history
Disable /home/zachir/.python_history
Disable /home/zachir/.python_history
Disable /home/zachir/.viminfo
Disable /home/zachir/.config/autostart
Disable /home/zachir/.config/awesome
Disable /home/zachir/.xinitrc
Disable /home/zachir/.xprofile
Disable /home/zachir/.xserverrc
Disable /home/zachir/.xsession
Disable /home/zachir/.xsessionrc
Disable /etc/xdg/autostart
Mounting read-only /home/zachir/.Xauthority
211 105 0:46 /zachir/.Xauthority /home/zachir/.Xauthority ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=211 fsname=/zachir/.Xauthority dir=/home/zachir/.Xauthority fstype=btrfs
Mounting read-only /home/zachir/.config/kdeglobals
212 105 0:46 /zachir/.config/kdeglobals /home/zachir/.config/kdeglobals ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=212 fsname=/zachir/.config/kdeglobals dir=/home/zachir/.config/kdeglobals fstype=btrfs
Disable /home/zachir/.local/share/gvfs-metadata
Mounting read-only /home/zachir/.config/dconf
214 105 0:46 /zachir/.config/dconf /home/zachir/.config/dconf ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=214 fsname=/zachir/.config/dconf dir=/home/zachir/.config/dconf fstype=btrfs
Disable /home/zachir/.config/systemd
Disable /etc/init.d (requested /etc/init.d/)
Disable /home/zachir/.config/VirtualBox
Disable /etc/anacrontab
Disable /etc/cron.daily
Disable /etc/cron.weekly
Disable /etc/cron.hourly
Disable /etc/cron.monthly
Disable /etc/cron.deny
Disable /etc/cron.d
Disable /etc/profile.d
Disable /etc/rc.local
Disable /etc/grub.d
Disable /etc/apparmor.d
Disable /etc/apparmor
Disable /etc/logrotate.conf
Disable /etc/logrotate.d
Mounting read-only /home/zachir/.profile
232 105 0:46 /zachir/.profile /home/zachir/.profile ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=232 fsname=/zachir/.profile dir=/home/zachir/.profile fstype=btrfs
Mounting read-only /home/zachir/.config/zsh/.zshenv
233 105 0:46 /zachir/.config/zsh/.zshenv /home/zachir/.config/zsh/.zshenv ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=233 fsname=/zachir/.config/zsh/.zshenv dir=/home/zachir/.config/zsh/.zshenv fstype=btrfs
Mounting read-only /home/zachir/.ssh/authorized_keys
234 105 0:46 /zachir/.ssh/authorized_keys /home/zachir/.ssh/authorized_keys ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=234 fsname=/zachir/.ssh/authorized_keys dir=/home/zachir/.ssh/authorized_keys fstype=btrfs
Mounting read-only /home/zachir/.local/lib
235 105 0:46 /zachir/.local/lib /home/zachir/.local/lib ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=235 fsname=/zachir/.local/lib dir=/home/zachir/.local/lib fstype=btrfs
Mounting read-only /home/zachir/.viminfo
236 202 0:24 /firejail/firejail.ro.file /home/zachir/.viminfo ro,nosuid,nodev,relatime - tmpfs run rw,mode=755,inode64
mountid=236 fsname=/firejail/firejail.ro.file dir=/home/zachir/.viminfo fstype=tmpfs
Mounting read-only /home/zachir/.xmonad
237 105 0:46 /zachir/.xmonad /home/zachir/.xmonad ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=237 fsname=/zachir/.xmonad dir=/home/zachir/.xmonad fstype=btrfs
Mounting read-only /home/zachir/.xscreensaver
238 105 0:46 /zachir/.xscreensaver /home/zachir/.xscreensaver ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=238 fsname=/zachir/.xscreensaver dir=/home/zachir/.xscreensaver fstype=btrfs
Mounting read-only /home/zachir/.yarnrc
239 105 0:46 /zachir/.yarnrc /home/zachir/.yarnrc ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=239 fsname=/zachir/.yarnrc dir=/home/zachir/.yarnrc fstype=btrfs
Mounting read-only /home/zachir/.gem
240 105 0:46 /zachir/.gem /home/zachir/.gem ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=240 fsname=/zachir/.gem dir=/home/zachir/.gem fstype=btrfs
Mounting read-only /home/zachir/.local/bin
241 105 0:46 /zachir/.local/bin /home/zachir/.local/bin ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=241 fsname=/zachir/.local/bin dir=/home/zachir/.local/bin fstype=btrfs
Mounting read-only /home/zachir/.config/menus
242 105 0:46 /zachir/.config/menus /home/zachir/.config/menus ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=242 fsname=/zachir/.config/menus dir=/home/zachir/.config/menus fstype=btrfs
Mounting read-only /home/zachir/.local/share/applications
243 105 0:46 /zachir/.local/share/applications /home/zachir/.local/share/applications ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=243 fsname=/zachir/.local/share/applications dir=/home/zachir/.local/share/applications fstype=btrfs
Mounting read-only /home/zachir/.config/mimeapps.list
244 105 0:46 /zachir/.config/mimeapps.list /home/zachir/.config/mimeapps.list ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=244 fsname=/zachir/.config/mimeapps.list dir=/home/zachir/.config/mimeapps.list fstype=btrfs
Mounting read-only /home/zachir/.config/user-dirs.dirs
245 105 0:46 /zachir/.config/user-dirs.dirs /home/zachir/.config/user-dirs.dirs ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=245 fsname=/zachir/.config/user-dirs.dirs dir=/home/zachir/.config/user-dirs.dirs fstype=btrfs
Mounting read-only /home/zachir/.config/user-dirs.locale
246 105 0:46 /zachir/.config/user-dirs.locale /home/zachir/.config/user-dirs.locale ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=246 fsname=/zachir/.config/user-dirs.locale dir=/home/zachir/.config/user-dirs.locale fstype=btrfs
Mounting read-only /home/zachir/.local/share/mime
247 105 0:46 /zachir/.local/share/mime /home/zachir/.local/share/mime ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=247 fsname=/zachir/.local/share/mime dir=/home/zachir/.local/share/mime fstype=btrfs
Disable /home/zachir/.cert
Disable /home/zachir/.gnupg
Disable /home/zachir/.local/share/keyrings
Disable /home/zachir/.pki
Disable /home/zachir/.local/share/pki
Disable /home/zachir/.ssh
Disable /etc/group-
Disable /etc/gshadow
Disable /etc/gshadow-
Disable /etc/passwd-
Disable /etc/shadow
Disable /etc/shadow-
Disable /etc/ssh
Disable /usr/local/sbin
Disable /home/zachir/.cache/flatpak
Disable /home/zachir/.local/share/flatpak/repo
Disable /home/zachir/.local/share/flatpak/.changed
Disable /home/zachir/.local/share/flatpak/db
Disable /proc/config.gz
Disable /home/zachir/.rustup
Disable /usr/src
Disable /usr/local/src
Disable /usr/include
Disable /usr/local/include
Mounting noexec /home/zachir
319 272 0:24 /firejail/firejail.ro.dir /home/zachir/.rustup rw,nosuid,nodev,relatime - tmpfs run rw,mode=755,inode64
mountid=319 fsname=/firejail/firejail.ro.dir dir=/home/zachir/.rustup fstype=tmpfs
Mounting noexec /home/zachir/.Xauthority
320 288 0:46 /zachir/.Xauthority /home/zachir/.Xauthority ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=320 fsname=/zachir/.Xauthority dir=/home/zachir/.Xauthority fstype=btrfs
Mounting noexec /home/zachir/.config/kdeglobals
321 289 0:46 /zachir/.config/kdeglobals /home/zachir/.config/kdeglobals ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=321 fsname=/zachir/.config/kdeglobals dir=/home/zachir/.config/kdeglobals fstype=btrfs
Mounting noexec /home/zachir/.config/dconf
322 291 0:46 /zachir/.config/dconf /home/zachir/.config/dconf ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=322 fsname=/zachir/.config/dconf dir=/home/zachir/.config/dconf fstype=btrfs
Mounting noexec /home/zachir/.profile
323 294 0:46 /zachir/.profile /home/zachir/.profile ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=323 fsname=/zachir/.profile dir=/home/zachir/.profile fstype=btrfs
Mounting noexec /home/zachir/.config/zsh/.zshenv
324 295 0:46 /zachir/.config/zsh/.zshenv /home/zachir/.config/zsh/.zshenv ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=324 fsname=/zachir/.config/zsh/.zshenv dir=/home/zachir/.config/zsh/.zshenv fstype=btrfs
Mounting noexec /home/zachir/.local/lib
325 297 0:46 /zachir/.local/lib /home/zachir/.local/lib ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=325 fsname=/zachir/.local/lib dir=/home/zachir/.local/lib fstype=btrfs
Mounting noexec /home/zachir/.xmonad
326 298 0:46 /zachir/.xmonad /home/zachir/.xmonad ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=326 fsname=/zachir/.xmonad dir=/home/zachir/.xmonad fstype=btrfs
Mounting noexec /home/zachir/.xscreensaver
327 299 0:46 /zachir/.xscreensaver /home/zachir/.xscreensaver ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=327 fsname=/zachir/.xscreensaver dir=/DISPLAY=:0 parsed as 0
home/zachir/.xscreensaver fstype=btrfs
Mounting noexec /home/zachir/.yarnrc
328 300 0:46 /zachir/.yarnrc /home/zachir/.yarnrc ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=328 fsname=/zachir/.yarnrc dir=/home/zachir/.yarnrc fstype=btrfs
Mounting noexec /home/zachir/.gem
329 301 0:46 /zachir/.gem /home/zachir/.gem ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=329 fsname=/zachir/.gem dir=/home/zachir/.gem fstype=btrfs
Mounting noexec /home/zachir/.local/bin
330 302 0:46 /zachir/.local/bin /home/zachir/.local/bin ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=330 fsname=/zachir/.local/bin dir=/home/zachir/.local/bin fstype=btrfs
Mounting noexec /home/zachir/.config/menus
331 303 0:46 /zachir/.config/menus /home/zachir/.config/menus ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=331 fsname=/zachir/.config/menus dir=/home/zachir/.config/menus fstype=btrfs
Mounting noexec /home/zachir/.local/share/applications
332 304 0:46 /zachir/.local/share/applications /home/zachir/.local/share/applications ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=332 fsname=/zachir/.local/share/applications dir=/home/zachir/.local/share/applications fstype=btrfs
Mounting noexec /home/zachir/.config/mimeapps.list
333 305 0:46 /zachir/.config/mimeapps.list /home/zachir/.config/mimeapps.list ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=333 fsname=/zachir/.config/mimeapps.list dir=/home/zachir/.config/mimeapps.list fstype=btrfs
Mounting noexec /home/zachir/.config/user-dirs.dirs
334 306 0:46 /zachir/.config/user-dirs.dirs /home/zachir/.config/user-dirs.dirs ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=334 fsname=/zachir/.config/user-dirs.dirs dir=/home/zachir/.config/user-dirs.dirs fstype=btrfs
Mounting noexec /home/zachir/.config/user-dirs.locale
335 307 0:46 /zachir/.config/user-dirs.locale /home/zachir/.config/user-dirs.locale ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=335 fsname=/zachir/.config/user-dirs.locale dir=/home/zachir/.config/user-dirs.locale fstype=btrfs
Mounting noexec /home/zachir/.local/share/mime
336 308 0:46 /zachir/.local/share/mime /home/zachir/.local/share/mime ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/
mountid=336 fsname=/zachir/.local/share/mime dir=/home/zachir/.local/share/mime fstype=btrfs
Mounting noexec /dev/shm
337 123 0:60 /shm /dev/shm rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64
mountid=337 fsname=/shm dir=/dev/shm fstype=tmpfs
Mounting noexec /tmp
338 59 254:0 /tmp /tmp rw,nosuid,nodev,noexec,relatime - ext4 /dev/mapper/cryptlvm rw
mountid=338 fsname=/tmp dir=/tmp fstype=ext4
Mounting noexec /var
341 339 0:54 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw,inode64
mountid=341 fsname=/ dir=/var/tmp fstype=tmpfs
Disable /home/zachir/.nvm
Disable /usr/share/perl5
Disable /home/zachir/.config/keepassxc
Directory ${DOCUMENTS} resolved as Documents
Not blacklist /home/zachir/Documents
Directory ${MUSIC} resolved as Music
Disable /home/zachir/Music
Directory ${PICTURES} resolved as Pictures
Disable /home/zachir/Pictures
Directory ${VIDEOS} resolved as Videos
Disable /home/zachir/Videos
Disable /tmp/.X11-unix
Disable /home/zachir/.Xauthority
Disable /home/zachir/.Xauthority
Disable /sys/fs
Disable /sys/module
disable pulseaudio
blacklist /home/zachir/.config/pulse
Create the new ld.so.preload file
Mount the new ld.so.preload file
Current directory: /home/zachir/suckless/dwm
Install protocol filter: unix
configuring 16 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol
sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol/usr/lib/firejail/fsec-print: error while loading shared libraries: libdl.so.2: cannot open shared object file: No such file or directory
Error: failed to run /usr/lib/firejail/fsec-print
 
Error: proc 781 cannot sync with peer: unexpected EOF
Peer 783 unexpectedly exited with status 1
Autoselecting /bin/zsh as shell
Building quoted command line: 'patch' '-p1' 
Command name #patch#
Found patch.profile profile in /etc/firejail directory
Found patch.local profile in /etc/firejail directory
Found disable-common.inc profile in /etc/firejail directory
Found disable-devel.inc profile in /etc/firejail directory
Found disable-exec.inc profile in /etc/firejail directory
Found disable-interpreters.inc profile in /etc/firejail directory
Found disable-passwdmgr.inc profile in /etc/firejail directory
Found disable-shell.inc profile in /etc/firejail directory
Found disable-xdg.inc profile in /etc/firejail directory
Found whitelist-usr-share-common.inc profile in /etc/firejail directory
Found whitelist-var-common.inc profile in /etc/firejail directory
Enabling IPC namespace
Originally created by @ZachIndigo on GitHub (Mar 3, 2021). Original GitHub issue: https://github.com/netblue30/firejail/issues/4039 Write clear, concise and in textual form. **Bug and expected behavior** - Describe the bug. Patch always fails to run, complains about missing libdl.so.2 library (which is installed and in /usr/lib). - What did you expect to happen? I expected the patch command to work properly. **No profile and disabling firejail** - What changed calling `firejail --noprofile /path/to/program` in a terminal? Patch works properly, no complaint about missing library. - What changed calling the program by path (check `which <program>` or `firejail --list` while the sandbox is running)? Patch works correctly, no complaint about missing library. **Reproduce** Steps to reproduce the behavior: 1. Run in bash `firejail patch` 2. See error `/usr/sbin/patch: error while loading shared libraries: libdl.so.2: cannot open shared object file: No such file or directory` **Environment** - Linux distribution and version (ie output of `lsb_release -a`, `screenfetch` or `cat /etc/os-release`) Artix Linux (fork of Arch), up-to-date - Firejail version (output of `firejail --version`) exclusive or used git commit (`git rev-parse HEAD`) Firejail version 0.9.64.4 **Additional context** Other context about the problem like related errors to understand the problem. Patch will also start to work if I comment out the 'private-lib' line in the config. **Checklist** - [X] The profile (and redirect profile if exists) hasn't already been fixed [upstream](https://github.com/netblue30/firejail/tree/master/etc). Trying the master-branch patch.profile does not fix the issue either. - [X] The program has a profile. (If not, request one in `https://github.com/netblue30/firejail/issues/1139`) I am using the upstream patch.profile - [X] I have performed a short search for similar issues (to avoid opening a duplicate). - [ ] If it is a AppImage, `--profile=PROFILENAME` is used to set the right profile. It is not an appimage. - [X] Used `LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 PROGRAM` to get english error-messages. - [X] I'm aware of `browser-allow-drm yes`/`browser-disable-u2f no` in `firejail.config` to allow DRM/U2F in browsers. <details><summary> debug output </summary> ``` OUTPUT OF `firejail --debug PROGRAM` DISPLAY=:0 parsed as 0 Autoselecting /bin/zsh as shell Building quoted command line: 'patch' '-p1' Command name #patch# Found patch.profile profile in /etc/firejail directory Found patch.local profile in /etc/firejail directory Found disable-common.inc profile in /etc/firejail directory Found disable-devel.inc profile in /etc/firejail directory Found disable-exec.inc profile in /etc/firejail directory Found disable-interpreters.inc profile in /etc/firejail directory Found disable-passwdmgr.inc profile in /etc/firejail directory Found disable-shell.inc profile in /etc/firejail directory Found disable-xdg.inc profile in /etc/firejail directory Found whitelist-usr-share-common.inc profile in /etc/firejail directory Found whitelist-var-common.inc profile in /etc/firejail directory Enabling IPC namespace Initializing child process PID namespace installed Mounting tmpfs on /run/firejail/mnt directory Creating empty /run/firejail/mnt/seccomp directory Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file sbox run: /run/firejail/lib/fnet ifup lo Network namespace enabled, only loopback interface available Build protocol filter: unix sbox run: /run/firejail/lib/fseccomp protocol build unix /run/firejail/mnt/seccomp/seccomp.protocol Mounting /proc filesystem representing the PID namespace Basic read-only filesystem: Mounting read-only /etc 94 59 254:0 /etc /etc ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=94 fsname=/etc dir=/etc fstype=ext4 Mounting noexec /etc 95 94 254:0 /etc /etc ro,nosuid,nodev,noexec,relatime - ext4 /dev/mapper/cryptlvm rw mountid=95 fsname=/etc dir=/etc fstype=ext4 Mounting read-only /var 96 59 254:0 /var /var ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=96 fsname=/var dir=/var fstype=ext4 Mounting noexec /var 97 96 254:0 /var /var ro,nosuid,nodev,noexec,relatime - ext4 /dev/mapper/cryptlvm rw mountid=97 fsname=/var dir=/var fstype=ext4 Mounting read-only /usr 98 59 254:0 /usr /usr ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=98 fsname=/usr dir=/usr fstype=ext4 Mounting tmpfs on /var/lock Mounting tmpfs on /var/tmp Mounting tmpfs on /var/log Create the new utmp file Mount the new utmp file Cleaning /home directory Cleaning /run/user directory Sanitizing /etc/passwd, UID_MIN 1000 Sanitizing /etc/group, GID_MIN 1000 Disable /home/zachir/.config/firejail Disable /run/firejail/network Disable /run/firejail/bandwidth Disable /run/firejail/name Disable /run/firejail/profile Disable /run/firejail/x11 Disable /run/firejail/appimage Mounting tmpfs on /dev Process /dev/shm directory Copying files in the new bin directory Checking /usr/local/bin/patch firejail exec symlink detected Checking /usr/bin/patch sbox run: /run/firejail/lib/fcopy /usr/bin/patch /run/firejail/mnt/bin Checking /usr/local/bin/red Checking /usr/bin/red Checking /bin/red Checking /usr/games/red Checking /usr/local/games/red Checking /usr/local/sbin/red Checking /usr/sbin/red Checking /sbin/red Mount-bind /run/firejail/mnt/bin on top of /usr/local/bin Mount-bind /run/firejail/mnt/bin on top of /usr/bin Mount-bind /run/firejail/mnt/bin on top of /bin Mount-bind /run/firejail/mnt/bin on top of /usr/local/games Mount-bind /run/firejail/mnt/bin on top of /usr/local/sbin Mount-bind /run/firejail/mnt/bin on top of /usr/sbin Mount-bind /run/firejail/mnt/bin on top of /sbin Starting private-lib processing: program patch, shell none Installing standard C library copying /lib64/libapparmor.so.1 to private /run/firejail/mnt/lib sbox run: /run/firejail/lib/fcopy --follow-link /lib64/libapparmor.so.1 /run/firejail/mnt/lib copying /lib64/libc.so.6 to private /run/firejail/mnt/lib sbox run: /run/firejail/lib/fcopy --follow-link /lib64/libc.so.6 /run/firejail/mnt/lib copying /lib64/libnsl.so.2 to private /run/firejail/mnt/lib sbox run: /run/firejail/lib/fcopy --follow-link /lib64/libnsl.so.2 /run/firejail/mnt/lib copying /lib64/libnsl.so.2.0.1 to private /run/firejail/mnt/lib sbox run: /run/firejail/lib/fcopy --fDebug 456: new_name #/usr/share/alsa#, whitelist Debug 456: new_name #/usr/share/applications#, whitelist Debug 456: new_name #/usr/share/ca-certificates#, whitelist Debug 456: new_name #/usr/share/crypto-policies#, whitelist ollow-link /lib64/libnsl.so.2.0.1 /run/firejail/mnt/lib copying /lib64/libapparmor.so.1.8.0 to private /run/firejail/mnt/lib sbox run: /run/firejail/lib/fcopy --follow-link /lib64/libapparmor.so.1.8.0 /run/firejail/mnt/lib copying /lib64/libpcre2-8.so.0.10.1 to private /run/firejail/mnt/lib sbox run: /run/firejail/lib/fcopy --follow-link /lib64/libpcre2-8.so.0.10.1 /run/firejail/mnt/lib copying /lib64/libmemusage.so to private /run/firejail/mnt/lib sbox run: /run/firejail/lib/fcopy --follow-link /lib64/libmemusage.so /run/firejail/mnt/lib copying /lib64/libcrypt.so.2.0.0 to private /run/firejail/mnt/lib sbox run: /run/firejail/lib/fcopy --follow-link /lib64/libcrypt.so.2.0.0 /run/firejail/mnt/lib copying /lib64/libpcre2-8.so.0 to private /run/firejail/mnt/lib sbox run: /run/firejail/lib/fcopy --follow-link /lib64/libpcre2-8.so.0 /run/firejail/mnt/lib copying /lib64/libthread_db.so.1 to private /run/firejail/mnt/lib sbox run: /run/firejail/lib/fcopy --follow-link /lib64/libthread_db.so.1 /run/firejail/mnt/lib copying /lib64/ld-linux-x86-64.so.2 to private /run/firejail/mnt/lib sbox run: /run/firejail/lib/fcopy --follow-link /lib64/ld-linux-x86-64.so.2 /run/firejail/mnt/lib copying /lib64/libcrypt.so.2 to private /run/firejail/mnt/lib sbox run: /run/firejail/lib/fcopy --follow-link /lib64/libcrypt.so.2 /run/firejail/mnt/lib copying /lib64/libpthread.so.0 to private /run/firejail/mnt/lib sbox run: /run/firejail/lib/fcopy --follow-link /lib64/libpthread.so.0 /run/firejail/mnt/lib fslib_copy_dir /usr/lib/locale Installing Firejail libraries fslib_install_list /usr/bin/firejail fslib_install_list /usr/lib/firejail fslib_copy_dir /usr/lib/firejail Installing sandboxed program libraries Searching $PATH for patch trying #/home/zachir/.local/scripts/patch# trying #/home/zachir/.local/share/cargo/bin/patch# trying #/home/zachir/.local/share/go/bin/patch# trying #/home/zachir/.local/bin/patch# trying #/opt/REAPER/patch# trying #/usr/local/sbin/patch# fslib_install_list /usr/local/sbin/patch fslib_copy_libs /usr/local/sbin/patch Creating empty /run/firejail/mnt/libfiles file running fldd /usr/local/sbin/patch sbox run: /run/firejail/lib/fldd /usr/local/sbin/patch /run/firejail/mnt/libfiles copying /lib64/libattr.so.1 to private /run/firejail/mnt/lib sbox run: /run/firejail/lib/fcopy --follow-link /lib64/libattr.so.1 /run/firejail/mnt/lib Processing private-lib files fslib_install_list libdl.so.*,libfakeroot fslib_copy_dir /usr/lib/libfakeroot fslib_copy_dir /lib/libfakeroot fslib_copy_dir /lib64/libfakeroot fslib_copy_dir /usr/lib/libfakeroot Processing private-bin files fslib_install_list patch,/usr/bin/patch fslib_copy_libs /usr/bin/patch Creating empty /run/firejail/mnt/libfiles file running fldd /usr/bin/patch sbox run: /run/firejail/lib/fldd /usr/bin/patch /run/firejail/mnt/libfiles Installing system libraries Mount-bind /run/firejail/mnt/lib on top of /lib /lib64 /usr/lib Creating empty /run/firejail/mnt/dbus directory Creating empty /run/firejail/mnt/dbus/user file blacklist /run/dbus/system_bus_socket blacklist /home/zachir/.dbus Creating empty /run/firejail/mnt/dbus/system file blacklist /run/dbus/system_bus_socket blacklist /run/firejail/dbus Mounting read-only /proc/sys Remounting /sys directory Disable /sys/firmware Disable /sys/hypervisor Disable /sys/power Disable /sys/kernel/debug Disable /sys/kernel/vmcoreinfo Disable /proc/sys/fs/binfmt_misc Disable /proc/sys/kernel/core_pattern Disable /proc/sys/kernel/modprobe Disable /proc/sysrq-trigger Disable /proc/sys/vm/panic_on_oom Disable /proc/irq Disable /proc/bus Disable /proc/sched_debug Disable /proc/timer_list Disable /proc/kcore Disable /proc/kallsyms Disable /boot Disable /run/user/1000/gnupg Disable /run/user/1000/systemd Disable /proc/kmsg Removed whitelist/nowhitelist path: whitelist /usr/share/crypto-policies expanded: /usr/share/crypto-policies real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/cursors#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/cursors expanded: /usr/share/cursors real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/dconf#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/dconf expanded: /usr/share/dconf real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/distro-info#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/distro-info expanded: /usr/share/distro-info real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/drirc.d#, whitelist Debug 456: new_name #/usr/share/enchant#, whitelist Debug 456: new_name #/usr/share/enchant-2#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/enchant-2 expanded: /usr/share/enchant-2 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/file#, whitelist Debug 456: new_name #/usr/share/fontconfig#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/fontconfig expanded: /usr/share/fontconfig real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/fonts#, whitelist Debug 456: new_name #/usr/share/fonts-config#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/fonts-config expanded: /usr/share/fonts-config real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/gir-1.0#, whitelist Debug 456: new_name #/usr/share/gjs-1.0#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/gjs-1.0 expanded: /usr/share/gjs-1.0 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/glib-2.0#, whitelist Debug 456: new_name #/usr/share/glvnd#, whitelist Debug 456: new_name #/usr/share/gtk-2.0#, whitelist Debug 456: new_name #/usr/share/gtk-3.0#, whitelist Debug 456: new_name #/usr/share/gtk-engines#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/gtk-engines expanded: /usr/share/gtk-engines real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/gtksourceview-3.0#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/gtksourceview-3.0 expanded: /usr/share/gtksourceview-3.0 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/gtksourceview-4#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/gtksourceview-4 expanded: /usr/share/gtksourceview-4 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/hunspell#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/hunspell expanded: /usr/share/hunspell real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/hwdata#, whitelist Debug 456: new_name #/usr/share/icons#, whitelist Debug 456: new_name #/usr/share/icu#, whitelist Debug 456: new_name #/usr/share/knotifications5#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/knotifications5 expanded: /usr/share/knotifications5 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/kservices5#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/kservices5 expanded: /usr/share/kservices5 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/Kvantum#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/Kvantum expanded: /usr/share/Kvantum real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/kxmlgui5#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/kxmlgui5 expanded: /usr/share/kxmlgui5 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/libdrm#, whitelist Debug 456: new_name #/usr/share/libthai#, whitelist Debug 456: new_name #/usr/share/locale#, whitelist Debug 456: new_name #/usr/share/mime#, whitelist Debug 456: new_name #/usr/share/misc#, whitelist Debug 456: new_name #/usr/share/Modules#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/Modules expanded: /usr/share/Modules real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/myspell#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/myspell expanded: /usr/share/myspell real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/p11-kit#, whitelist Debug 456: new_name #/usr/share/perl#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/perl expanded: /usr/share/perl real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/perl5#, whitelist Debug 456: new_name #/usr/share/pixmaps#, whitelist Debug 456: new_name #/usr/share/pki#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/pki expanded: /usr/share/pki real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/plasma#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/plasma expanded: /usr/share/plasma real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/publicsuffix#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/publicsuffix expanded: /usr/share/publicsuffix real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/qt#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/qt expanded: /usr/share/qt real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/qt4#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/qt4 expanded: /usr/share/qt4 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/qt5#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/qt5 expanded: /usr/share/qt5 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/qt5ct#, whitelist Debug 456: new_name #/usr/share/sounds#, whitelist Debug 456: new_name #/usr/share/tcl8.6#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/tcl8.6 expanded: /usr/share/tcl8.6 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/tcltk#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/tcltk expanded: /usr/share/tcltk real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/terminfo#, whitelist Debug 456: new_name #/usr/share/texlive#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/texlive expanded: /usr/share/texlive real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/texmf#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/texmf expanded: /usr/share/texmf real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/themes#, whitelist Debug 456: new_name #/usr/share/thumbnail.so#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/thumbnail.so expanded: /usr/share/thumbnail.so real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/vulkan#, whitelist Debug 456: new_name #/usr/share/X11#, whitelist Debug 456: new_name #/usr/share/xml#, whitelist Debug 456: new_name #/usr/share/zenity#, whitelist Debug 456: new_name #/usr/share/zoneinfo#, whitelist Debug 456: new_name #/var/lib/ca-certificates#, whitelist Removed whitelist/nowhitelist path: whitelist /var/lib/ca-certificates expanded: /var/lib/ca-certificates real path: (null) realpath: No such file or directory Debug 456: new_name #/var/lib/dbus#, whitelist Removed whitelist/nowhitelist path: whitelist /var/lib/dbus expanded: /var/lib/dbus real path: (null) realpath: No such file or directory Debug 456: new_name #/var/lib/menu-xdg#, whitelist Removed whitelist/nowhitelist path: whitelist /var/lib/menu-xdg expanded: /var/lib/menu-xdg real path: (null) realpath: No such file or directory Debug 456: new_name #/var/lib/uim#, whitelist Removed whitelist/nowhitelist path: whitelist /var/lib/uim expanded: /var/lib/uim real path: (null) realpath: No such file or directory Debug 456: new_name #/var/cache/fontconfig#, whitelist Debug 456: new_name #/var/tmp#, whitelist Debug 456: new_name #/var/run#, whitelist Debug 456: new_name #/var/lock#, whitelist Replaced whitelist path: whitelist /run Replaced whitelist path: whitelist /run/lock Mounting tmpfs on /var directory Mounting tmpfs on /usr/share directory Whitelisting /usr/share/alsa 161 160 254:0 /usr/share/alsa /usr/share/alsa ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=161 fsname=/usr/share/alsa dir=/usr/share/alsa fstype=ext4 Whitelisting /usr/share/applications 162 160 254:0 /usr/share/applications /usr/share/applications ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=162 fsname=/usr/share/applications dir=/usr/share/applications fstype=ext4 Whitelisting /usr/share/ca-certificates 163 160 254:0 /usr/share/ca-certificates /usr/share/ca-certificates ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=163 fsname=/usr/share/ca-certificates dir=/usr/share/ca-certificates fstype=ext4 Whitelisting /usr/share/drirc.d 164 160 254:0 /usr/share/drirc.d /usr/share/drirc.d ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=164 fsname=/usr/share/drirc.d dir=/usr/share/drirc.d fstype=ext4 Whitelisting /usr/share/enchant 165 160 254:0 /usr/share/enchant /usr/share/enchant ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=165 fsname=/usr/share/enchant dir=/usr/share/enchant fstype=ext4 Whitelisting /usr/share/file 166 160 254:0 /usr/share/file /usr/share/file ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=166 fsname=/usr/share/file dir=/usr/share/file fstype=ext4 Whitelisting /usr/share/fonts 167 160 254:0 /usr/share/fonts /usr/share/fonts ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=167 fsname=/usr/share/fonts dir=/usr/share/fonts fstype=ext4 Whitelisting /usr/share/gir-1.0 168 160 254:0 /usr/share/gir-1.0 /usr/share/gir-1.0 ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=168 fsname=/usr/share/gir-1.0 dir=/usr/share/gir-1.0 fstype=ext4 Whitelisting /usr/share/glib-2.0 169 160 254:0 /usr/share/glib-2.0 /usr/share/glib-2.0 ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=169 fsname=/usr/share/glib-2.0 dir=/usr/share/glib-2.0 fstype=ext4 Whitelisting /usr/share/glvnd 170 160 254:0 /usr/share/glvnd /usr/share/glvnd ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=170 fsname=/usr/share/glvnd dir=/usr/share/glvnd fstype=ext4 Whitelisting /usr/share/gtk-2.0 171 160 254:0 /usr/share/gtk-2.0 /usr/share/gtk-2.0 ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=171 fsname=/usr/share/gtk-2.0 dir=/usr/share/gtk-2.0 fstype=ext4 Whitelisting /usr/share/gtk-3.0 172 160 254:0 /usr/share/gtk-3.0 /usr/share/gtk-3.0 ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=172 fsname=/usr/share/gtk-3.0 dir=/usr/share/gtk-3.0 fstype=ext4 Whitelisting /usr/share/hwdata 173 160 254:0 /usr/share/hwdata /usr/share/hwdata ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=173 fsname=/usr/share/hwdata dir=/usr/share/hwdata fstype=ext4 Whitelisting /usr/share/icons 174 160 254:0 /usr/share/icons /usr/share/icons ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=174 fsname=/usr/share/icons dir=/usr/share/icons fstype=ext4 Whitelisting /usr/share/icu 175 160 254:0 /usr/share/icu /usr/share/icu ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=175 fsname=/usr/share/icu dir=/usr/share/icu fstype=ext4 Whitelisting /usr/share/libdrm 176 160 254:0 /usr/share/libdrm /usr/share/libdrm ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=176 fsname=/usr/share/libdrm dir=/usr/share/libdrm fstype=ext4 Whitelisting /usr/share/libthai 177 160 254:0 /usr/share/libthai /usr/share/libthai ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=177 fsname=/usr/share/libthai dir=/usr/share/libthai fstype=ext4 Whitelisting /usr/share/locale 178 160 254:0 /usr/share/locale /usr/share/locale ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=178 fsname=/usr/share/locale dir=/usr/share/locale fstype=ext4 Whitelisting /usr/share/mime 179 160 254:0 /usr/share/mime /usr/share/mime ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=179 fsname=/usr/share/mime dir=/usr/share/mime fstype=ext4 Whitelisting /usr/share/misc 180 160 254:0 /usr/share/misc /usr/share/misc ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=180 fsname=/usr/share/misc dir=/usr/share/misc fstype=ext4 Whitelisting /usr/share/p11-kit 181 160 254:0 /usr/share/p11-kit /usr/share/p11-kit ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=181 fsname=/usr/share/p11-kit dir=/usr/share/p11-kit fstype=ext4 Whitelisting /usr/share/perl5 182 160 254:0 /usr/share/perl5 /usr/share/perl5 ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=182 fsname=/usr/share/perl5 dir=/usr/share/perl5 fstype=ext4 Whitelisting /usr/share/pixmaps 183 160 254:0 /usr/share/pixmaps /usr/share/pixmaps ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=183 fsname=/usr/share/pixmaps dir=/usr/share/pixmaps fstype=ext4 Whitelisting /usr/share/qt5ct 184 160 254:0 /usr/share/qt5ct /usr/share/qt5ct ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=184 fsname=/usr/share/qt5ct dir=/usr/share/qt5ct fstype=ext4 Whitelisting /usr/share/sounds 185 160 254:0 /usr/share/sounds /usr/share/sounds ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=185 fsname=/usr/share/sounds dir=/usr/share/sounds fstype=ext4 Whitelisting /usr/share/terminfo 186 160 254:0 /usr/share/terminfo /usr/share/terminfo ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=186 fsname=/usr/share/terminfo dir=/usr/share/terminfo fstype=ext4 Whitelisting /usr/share/themes 187 160 254:0 /usr/share/themes /usr/share/themes ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=187 fsname=/usr/share/themes dir=/usr/share/themes fstype=ext4 Whitelisting /usr/share/vulkan 188 160 254:0 /usr/share/vulkan /usr/share/vulkan ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=188 fsname=/usr/share/vulkan dir=/usr/share/vulkan fstype=ext4 Whitelisting /usr/share/X11 189 160 254:0 /usr/share/X11 /usr/share/X11 ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=189 fsname=/usr/share/X11 dir=/usr/share/X11 fstype=ext4 Whitelisting /usr/share/xml 190 160 254:0 /usr/share/xml /usr/share/xml ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=190 fsname=/usr/share/xml dir=/usr/share/xml fstype=ext4 Whitelisting /usr/share/zenity 191 160 254:0 /usr/share/zenity /usr/share/zenity ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=191 fsname=/usr/share/zenity dir=/usr/share/zenity fstype=ext4 Whitelisting /usr/share/zoneinfo 192 160 254:0 /usr/share/zoneinfo /usr/share/zoneinfo ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=192 fsname=/usr/share/zoneinfo dir=/usr/share/zoneinfo fstype=ext4 Whitelisting /var/cache/fontconfig 193 158 254:0 /var/cache/fontconfig /var/cache/fontconfig ro,nosuid,nodev,noexec,relatime - ext4 /dev/mapper/cryptlvm rw mountid=193 fsname=/var/cache/fontconfig dir=/var/cache/fontconfig fstype=ext4 Whitelisting /var/tmp 194 158 0:54 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw,inode64 mountid=194 fsname=/ dir=/var/tmp fstype=tmpfs Created symbolic link /var/run -> /run Created symbolic link /var/lock -> /run/lock Disable /run/user/1000 Directory ${DOCUMENTS} resolved as Documents Disable /home/zachir/.local/share/Trash Disable /home/zachir/.bash_history Disable /home/zachir/.python_history Disable /home/zachir/.python_history Disable /home/zachir/.viminfo Disable /home/zachir/.config/autostart Disable /home/zachir/.config/awesome Disable /home/zachir/.xinitrc Disable /home/zachir/.xprofile Disable /home/zachir/.xserverrc Disable /home/zachir/.xsession Disable /home/zachir/.xsessionrc Disable /etc/xdg/autostart Mounting read-only /home/zachir/.Xauthority 211 105 0:46 /zachir/.Xauthority /home/zachir/.Xauthority ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=211 fsname=/zachir/.Xauthority dir=/home/zachir/.Xauthority fstype=btrfs Mounting read-only /home/zachir/.config/kdeglobals 212 105 0:46 /zachir/.config/kdeglobals /home/zachir/.config/kdeglobals ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=212 fsname=/zachir/.config/kdeglobals dir=/home/zachir/.config/kdeglobals fstype=btrfs Disable /home/zachir/.local/share/gvfs-metadata Mounting read-only /home/zachir/.config/dconf 214 105 0:46 /zachir/.config/dconf /home/zachir/.config/dconf ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=214 fsname=/zachir/.config/dconf dir=/home/zachir/.config/dconf fstype=btrfs Disable /home/zachir/.config/systemd Disable /etc/init.d (requested /etc/init.d/) Disable /home/zachir/.config/VirtualBox Disable /etc/anacrontab Disable /etc/cron.daily Disable /etc/cron.weekly Disable /etc/cron.hourly Disable /etc/cron.monthly Disable /etc/cron.deny Disable /etc/cron.d Disable /etc/profile.d Disable /etc/rc.local Disable /etc/grub.d Disable /etc/apparmor.d Disable /etc/apparmor Disable /etc/logrotate.conf Disable /etc/logrotate.d Mounting read-only /home/zachir/.profile 232 105 0:46 /zachir/.profile /home/zachir/.profile ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=232 fsname=/zachir/.profile dir=/home/zachir/.profile fstype=btrfs Mounting read-only /home/zachir/.config/zsh/.zshenv 233 105 0:46 /zachir/.config/zsh/.zshenv /home/zachir/.config/zsh/.zshenv ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=233 fsname=/zachir/.config/zsh/.zshenv dir=/home/zachir/.config/zsh/.zshenv fstype=btrfs Mounting read-only /home/zachir/.ssh/authorized_keys 234 105 0:46 /zachir/.ssh/authorized_keys /home/zachir/.ssh/authorized_keys ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=234 fsname=/zachir/.ssh/authorized_keys dir=/home/zachir/.ssh/authorized_keys fstype=btrfs Mounting read-only /home/zachir/.local/lib 235 105 0:46 /zachir/.local/lib /home/zachir/.local/lib ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=235 fsname=/zachir/.local/lib dir=/home/zachir/.local/lib fstype=btrfs Mounting read-only /home/zachir/.viminfo 236 202 0:24 /firejail/firejail.ro.file /home/zachir/.viminfo ro,nosuid,nodev,relatime - tmpfs run rw,mode=755,inode64 mountid=236 fsname=/firejail/firejail.ro.file dir=/home/zachir/.viminfo fstype=tmpfs Mounting read-only /home/zachir/.xmonad 237 105 0:46 /zachir/.xmonad /home/zachir/.xmonad ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=237 fsname=/zachir/.xmonad dir=/home/zachir/.xmonad fstype=btrfs Mounting read-only /home/zachir/.xscreensaver 238 105 0:46 /zachir/.xscreensaver /home/zachir/.xscreensaver ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=238 fsname=/zachir/.xscreensaver dir=/home/zachir/.xscreensaver fstype=btrfs Mounting read-only /home/zachir/.yarnrc 239 105 0:46 /zachir/.yarnrc /home/zachir/.yarnrc ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=239 fsname=/zachir/.yarnrc dir=/home/zachir/.yarnrc fstype=btrfs Mounting read-only /home/zachir/.gem 240 105 0:46 /zachir/.gem /home/zachir/.gem ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=240 fsname=/zachir/.gem dir=/home/zachir/.gem fstype=btrfs Mounting read-only /home/zachir/.local/bin 241 105 0:46 /zachir/.local/bin /home/zachir/.local/bin ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=241 fsname=/zachir/.local/bin dir=/home/zachir/.local/bin fstype=btrfs Mounting read-only /home/zachir/.config/menus 242 105 0:46 /zachir/.config/menus /home/zachir/.config/menus ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=242 fsname=/zachir/.config/menus dir=/home/zachir/.config/menus fstype=btrfs Mounting read-only /home/zachir/.local/share/applications 243 105 0:46 /zachir/.local/share/applications /home/zachir/.local/share/applications ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=243 fsname=/zachir/.local/share/applications dir=/home/zachir/.local/share/applications fstype=btrfs Mounting read-only /home/zachir/.config/mimeapps.list 244 105 0:46 /zachir/.config/mimeapps.list /home/zachir/.config/mimeapps.list ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=244 fsname=/zachir/.config/mimeapps.list dir=/home/zachir/.config/mimeapps.list fstype=btrfs Mounting read-only /home/zachir/.config/user-dirs.dirs 245 105 0:46 /zachir/.config/user-dirs.dirs /home/zachir/.config/user-dirs.dirs ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=245 fsname=/zachir/.config/user-dirs.dirs dir=/home/zachir/.config/user-dirs.dirs fstype=btrfs Mounting read-only /home/zachir/.config/user-dirs.locale 246 105 0:46 /zachir/.config/user-dirs.locale /home/zachir/.config/user-dirs.locale ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=246 fsname=/zachir/.config/user-dirs.locale dir=/home/zachir/.config/user-dirs.locale fstype=btrfs Mounting read-only /home/zachir/.local/share/mime 247 105 0:46 /zachir/.local/share/mime /home/zachir/.local/share/mime ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=247 fsname=/zachir/.local/share/mime dir=/home/zachir/.local/share/mime fstype=btrfs Disable /home/zachir/.cert Disable /home/zachir/.gnupg Disable /home/zachir/.local/share/keyrings Disable /home/zachir/.pki Disable /home/zachir/.local/share/pki Disable /home/zachir/.ssh Disable /etc/group- Disable /etc/gshadow Disable /etc/gshadow- Disable /etc/passwd- Disable /etc/shadow Disable /etc/shadow- Disable /etc/ssh Disable /usr/local/sbin Disable /home/zachir/.cache/flatpak Disable /home/zachir/.local/share/flatpak/repo Disable /home/zachir/.local/share/flatpak/.changed Disable /home/zachir/.local/share/flatpak/db Disable /proc/config.gz Disable /home/zachir/.rustup Disable /usr/src Disable /usr/local/src Disable /usr/include Disable /usr/local/include Mounting noexec /home/zachir 319 272 0:24 /firejail/firejail.ro.dir /home/zachir/.rustup rw,nosuid,nodev,relatime - tmpfs run rw,mode=755,inode64 mountid=319 fsname=/firejail/firejail.ro.dir dir=/home/zachir/.rustup fstype=tmpfs Mounting noexec /home/zachir/.Xauthority 320 288 0:46 /zachir/.Xauthority /home/zachir/.Xauthority ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=320 fsname=/zachir/.Xauthority dir=/home/zachir/.Xauthority fstype=btrfs Mounting noexec /home/zachir/.config/kdeglobals 321 289 0:46 /zachir/.config/kdeglobals /home/zachir/.config/kdeglobals ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=321 fsname=/zachir/.config/kdeglobals dir=/home/zachir/.config/kdeglobals fstype=btrfs Mounting noexec /home/zachir/.config/dconf 322 291 0:46 /zachir/.config/dconf /home/zachir/.config/dconf ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=322 fsname=/zachir/.config/dconf dir=/home/zachir/.config/dconf fstype=btrfs Mounting noexec /home/zachir/.profile 323 294 0:46 /zachir/.profile /home/zachir/.profile ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=323 fsname=/zachir/.profile dir=/home/zachir/.profile fstype=btrfs Mounting noexec /home/zachir/.config/zsh/.zshenv 324 295 0:46 /zachir/.config/zsh/.zshenv /home/zachir/.config/zsh/.zshenv ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=324 fsname=/zachir/.config/zsh/.zshenv dir=/home/zachir/.config/zsh/.zshenv fstype=btrfs Mounting noexec /home/zachir/.local/lib 325 297 0:46 /zachir/.local/lib /home/zachir/.local/lib ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=325 fsname=/zachir/.local/lib dir=/home/zachir/.local/lib fstype=btrfs Mounting noexec /home/zachir/.xmonad 326 298 0:46 /zachir/.xmonad /home/zachir/.xmonad ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=326 fsname=/zachir/.xmonad dir=/home/zachir/.xmonad fstype=btrfs Mounting noexec /home/zachir/.xscreensaver 327 299 0:46 /zachir/.xscreensaver /home/zachir/.xscreensaver ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=327 fsname=/zachir/.xscreensaver dir=/DISPLAY=:0 parsed as 0 home/zachir/.xscreensaver fstype=btrfs Mounting noexec /home/zachir/.yarnrc 328 300 0:46 /zachir/.yarnrc /home/zachir/.yarnrc ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=328 fsname=/zachir/.yarnrc dir=/home/zachir/.yarnrc fstype=btrfs Mounting noexec /home/zachir/.gem 329 301 0:46 /zachir/.gem /home/zachir/.gem ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=329 fsname=/zachir/.gem dir=/home/zachir/.gem fstype=btrfs Mounting noexec /home/zachir/.local/bin 330 302 0:46 /zachir/.local/bin /home/zachir/.local/bin ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=330 fsname=/zachir/.local/bin dir=/home/zachir/.local/bin fstype=btrfs Mounting noexec /home/zachir/.config/menus 331 303 0:46 /zachir/.config/menus /home/zachir/.config/menus ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=331 fsname=/zachir/.config/menus dir=/home/zachir/.config/menus fstype=btrfs Mounting noexec /home/zachir/.local/share/applications 332 304 0:46 /zachir/.local/share/applications /home/zachir/.local/share/applications ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=332 fsname=/zachir/.local/share/applications dir=/home/zachir/.local/share/applications fstype=btrfs Mounting noexec /home/zachir/.config/mimeapps.list 333 305 0:46 /zachir/.config/mimeapps.list /home/zachir/.config/mimeapps.list ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=333 fsname=/zachir/.config/mimeapps.list dir=/home/zachir/.config/mimeapps.list fstype=btrfs Mounting noexec /home/zachir/.config/user-dirs.dirs 334 306 0:46 /zachir/.config/user-dirs.dirs /home/zachir/.config/user-dirs.dirs ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=334 fsname=/zachir/.config/user-dirs.dirs dir=/home/zachir/.config/user-dirs.dirs fstype=btrfs Mounting noexec /home/zachir/.config/user-dirs.locale 335 307 0:46 /zachir/.config/user-dirs.locale /home/zachir/.config/user-dirs.locale ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=335 fsname=/zachir/.config/user-dirs.locale dir=/home/zachir/.config/user-dirs.locale fstype=btrfs Mounting noexec /home/zachir/.local/share/mime 336 308 0:46 /zachir/.local/share/mime /home/zachir/.local/share/mime ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=336 fsname=/zachir/.local/share/mime dir=/home/zachir/.local/share/mime fstype=btrfs Mounting noexec /dev/shm 337 123 0:60 /shm /dev/shm rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64 mountid=337 fsname=/shm dir=/dev/shm fstype=tmpfs Mounting noexec /tmp 338 59 254:0 /tmp /tmp rw,nosuid,nodev,noexec,relatime - ext4 /dev/mapper/cryptlvm rw mountid=338 fsname=/tmp dir=/tmp fstype=ext4 Mounting noexec /var 341 339 0:54 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw,inode64 mountid=341 fsname=/ dir=/var/tmp fstype=tmpfs Disable /home/zachir/.nvm Disable /usr/share/perl5 Disable /home/zachir/.config/keepassxc Directory ${DOCUMENTS} resolved as Documents Not blacklist /home/zachir/Documents Directory ${MUSIC} resolved as Music Disable /home/zachir/Music Directory ${PICTURES} resolved as Pictures Disable /home/zachir/Pictures Directory ${VIDEOS} resolved as Videos Disable /home/zachir/Videos Disable /tmp/.X11-unix Disable /home/zachir/.Xauthority Disable /home/zachir/.Xauthority Disable /sys/fs Disable /sys/module disable pulseaudio blacklist /home/zachir/.config/pulse Create the new ld.so.preload file Mount the new ld.so.preload file Current directory: /home/zachir/suckless/dwm Install protocol filter: unix configuring 16 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol/usr/lib/firejail/fsec-print: error while loading shared libraries: libdl.so.2: cannot open shared object file: No such file or directory Error: failed to run /usr/lib/firejail/fsec-print Error: proc 781 cannot sync with peer: unexpected EOF Peer 783 unexpectedly exited with status 1 Autoselecting /bin/zsh as shell Building quoted command line: 'patch' '-p1' Command name #patch# Found patch.profile profile in /etc/firejail directory Found patch.local profile in /etc/firejail directory Found disable-common.inc profile in /etc/firejail directory Found disable-devel.inc profile in /etc/firejail directory Found disable-exec.inc profile in /etc/firejail directory Found disable-interpreters.inc profile in /etc/firejail directory Found disable-passwdmgr.inc profile in /etc/firejail directory Found disable-shell.inc profile in /etc/firejail directory Found disable-xdg.inc profile in /etc/firejail directory Found whitelist-usr-share-common.inc profile in /etc/firejail directory Found whitelist-var-common.inc profile in /etc/firejail directory Enabling IPC namespace ``` </details>
gitea-mirror commented 2026-05-05 09:11:47 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Mar 3, 2021):

What shows ls -l /usr/lib*/libdl*?

<!-- gh-comment-id:790072759 --> @rusty-snake commented on GitHub (Mar 3, 2021): What shows `ls -l /usr/lib*/libdl*`?
gitea-mirror commented 2026-05-05 09:11:48 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Mar 3, 2021):

Found patch.local profile in /etc/firejail directory

What's in it?

<!-- gh-comment-id:790074449 --> @rusty-snake commented on GitHub (Mar 3, 2021): > Found patch.local profile in /etc/firejail directory What's in it?
gitea-mirror commented 2026-05-05 09:11:48 -06:00
Author
Owner
Copy link

@kmk3 commented on GitHub (Mar 3, 2021):

Reproduce

Steps to reproduce the behavior:

  1. Run in bash firejail patch

  2. See error /usr/sbin/patch: error while loading shared libraries: libdl.so.2: cannot open shared object file: No such file or directory

Same error with a relatively recent firejail-git version, also on Artix.

  • The profile (and redirect profile if exists) hasn't already been fixed
    upstream.

It has been fixed by #4000 on master:

https://github.com/zupatisc/firejail/blob/38a5cb1440e000545d7d5802da43170d55f6560b/etc/profile-m-z/patch.profile#L46

So put the following on patch.local:

private-lib libdl.so.*,libfakeroot
ignore private-lib

Or, alternatively, use firejail-git from the AUR until the next release.

<!-- gh-comment-id:790157950 --> @kmk3 commented on GitHub (Mar 3, 2021): > **Reproduce** > > Steps to reproduce the behavior: > > 1. Run in bash `firejail patch` > > 2. See error `/usr/sbin/patch: error while loading shared libraries: libdl.so.2: cannot open shared object file: No such file or directory` Same error with a relatively recent firejail-git version, also on Artix. > - [X] The profile (and redirect profile if exists) hasn't already been fixed > [upstream](https://github.com/netblue30/firejail/tree/master/etc). It has been fixed by #4000 on master: <https://github.com/zupatisc/firejail/blob/38a5cb1440e000545d7d5802da43170d55f6560b/etc/profile-m-z/patch.profile#L46> So put the following on patch.local: ```firejail private-lib libdl.so.*,libfakeroot ignore private-lib ``` Or, alternatively, use firejail-git from the AUR until the next release.
gitea-mirror commented 2026-05-05 09:11:50 -06:00
Author
Owner
Copy link

@ZachIndigo commented on GitHub (Mar 4, 2021):

$ ls -l /usr/lib*/libdl*
-rwxr-xr-x 1 dhcpcd dhcpcd 18K Feb 13 17:02 /usr/lib32/libdl-2.33.so
-rw-r--r-- 1 dhcpcd dhcpcd 14K Feb 13 17:02 /usr/lib32/libdl.a
lrwxrwxrwx 1 root   root    10 Feb 13 17:02 /usr/lib32/libdl.so -> libdl.so.2
lrwxrwxrwx 1 root   root    13 Feb 13 17:02 /usr/lib32/libdl.so.2 -> libdl-2.33.so
-rwxr-xr-x 1 dhcpcd dhcpcd 23K Feb 13 17:02 /usr/lib64/libdl-2.33.so
-rw-r--r-- 1 dhcpcd dhcpcd 15K Feb 13 17:02 /usr/lib64/libdl.a
lrwxrwxrwx 1 root   root    10 Feb 13 17:02 /usr/lib64/libdl.so -> libdl.so.2
lrwxrwxrwx 1 root   root    13 Feb 13 17:02 /usr/lib64/libdl.so.2 -> libdl-2.33.so
-rwxr-xr-x 1 dhcpcd dhcpcd 23K Feb 13 17:02 /usr/lib/libdl-2.33.so
-rw-r--r-- 1 dhcpcd dhcpcd 15K Feb 13 17:02 /usr/lib/libdl.a
lrwxrwxrwx 1 root   root    10 Feb 13 17:02 /usr/lib/libdl.so -> libdl.so.2
lrwxrwxrwx 1 root   root    13 Feb 13 17:02 /usr/lib/libdl.so.2 -> libdl-2.33.so

Also, adding in 'ignore private-lib' worked, which is weird, because I copied the Master branch patch.profile into my etc directory and it didn't work. But it is working now, so thanks.

Edit: Fixed code block formatting.

<!-- gh-comment-id:790695672 --> @ZachIndigo commented on GitHub (Mar 4, 2021): ```console $ ls -l /usr/lib*/libdl* -rwxr-xr-x 1 dhcpcd dhcpcd 18K Feb 13 17:02 /usr/lib32/libdl-2.33.so -rw-r--r-- 1 dhcpcd dhcpcd 14K Feb 13 17:02 /usr/lib32/libdl.a lrwxrwxrwx 1 root root 10 Feb 13 17:02 /usr/lib32/libdl.so -> libdl.so.2 lrwxrwxrwx 1 root root 13 Feb 13 17:02 /usr/lib32/libdl.so.2 -> libdl-2.33.so -rwxr-xr-x 1 dhcpcd dhcpcd 23K Feb 13 17:02 /usr/lib64/libdl-2.33.so -rw-r--r-- 1 dhcpcd dhcpcd 15K Feb 13 17:02 /usr/lib64/libdl.a lrwxrwxrwx 1 root root 10 Feb 13 17:02 /usr/lib64/libdl.so -> libdl.so.2 lrwxrwxrwx 1 root root 13 Feb 13 17:02 /usr/lib64/libdl.so.2 -> libdl-2.33.so -rwxr-xr-x 1 dhcpcd dhcpcd 23K Feb 13 17:02 /usr/lib/libdl-2.33.so -rw-r--r-- 1 dhcpcd dhcpcd 15K Feb 13 17:02 /usr/lib/libdl.a lrwxrwxrwx 1 root root 10 Feb 13 17:02 /usr/lib/libdl.so -> libdl.so.2 lrwxrwxrwx 1 root root 13 Feb 13 17:02 /usr/lib/libdl.so.2 -> libdl-2.33.so ``` Also, adding in 'ignore private-lib' worked, which is weird, because I copied the Master branch patch.profile into my etc directory and it didn't work. But it is working now, so thanks. --- Edit: Fixed code block formatting.
gitea-mirror commented 2026-05-05 09:11:50 -06:00
Author
Owner
Copy link

@kmk3 commented on GitHub (Mar 4, 2021):

Also, adding in 'ignore private-lib' worked, which is weird, because I copied
the Master branch patch.profile into my etc directory and it didn't work. But
it is working now, so thanks.

Apologies; I wanted to reply quickly and ended up speaking assuming too much
and without properly testing my suggestions. #4000 by itself does not really
fix it on Artix and the problem still happens on the current master.

It fails even with the following on patch.local:

private-lib libd*,libfakeroot
ignore private-lib

So it's also likely not due to the file names (though it could be a globbing
issue).

$ ls -l /usr/lib*/libdl*
-rwxr-xr-x 1 dhcpcd dhcpcd 18K Feb 13 17:02 /usr/lib32/libdl-2.33.so
-rw-r--r-- 1 dhcpcd dhcpcd 14K Feb 13 17:02 /usr/lib32/libdl.a
lrwxrwxrwx 1 root   root    10 Feb 13 17:02 /usr/lib32/libdl.so -> libdl.so.2
lrwxrwxrwx 1 root   root    13 Feb 13 17:02 /usr/lib32/libdl.so.2 -> libdl-2.33.so
-rwxr-xr-x 1 dhcpcd dhcpcd 23K Feb 13 17:02 /usr/lib64/libdl-2.33.so
-rw-r--r-- 1 dhcpcd dhcpcd 15K Feb 13 17:02 /usr/lib64/libdl.a
lrwxrwxrwx 1 root   root    10 Feb 13 17:02 /usr/lib64/libdl.so -> libdl.so.2
lrwxrwxrwx 1 root   root    13 Feb 13 17:02 /usr/lib64/libdl.so.2 -> libdl-2.33.so
-rwxr-xr-x 1 dhcpcd dhcpcd 23K Feb 13 17:02 /usr/lib/libdl-2.33.so
-rw-r--r-- 1 dhcpcd dhcpcd 15K Feb 13 17:02 /usr/lib/libdl.a
lrwxrwxrwx 1 root   root    10 Feb 13 17:02 /usr/lib/libdl.so -> libdl.so.2
lrwxrwxrwx 1 root   root    13 Feb 13 17:02 /usr/lib/libdl.so.2 -> libdl-2.33.so

I have the same output and it does not seem quite right. Why are these
libraries owned by dhcpcd when it is not the provider of any of them?

$ pacman -Qo /usr/lib*/libdl* | sort
/usr/lib/libdl-2.33.so is owned by glibc 2.33-4
/usr/lib/libdl-2.33.so is owned by glibc 2.33-4
/usr/lib/libdl.a is owned by glibc 2.33-4
/usr/lib/libdl.a is owned by glibc 2.33-4
/usr/lib/libdl.so is owned by glibc 2.33-4
/usr/lib/libdl.so is owned by glibc 2.33-4
/usr/lib/libdl.so.2 is owned by glibc 2.33-4
/usr/lib/libdl.so.2 is owned by glibc 2.33-4
/usr/lib32/libdl-2.33.so is owned by lib32-glibc 2.33-4
/usr/lib32/libdl.a is owned by lib32-glibc 2.33-4
/usr/lib32/libdl.so is owned by lib32-glibc 2.33-4
/usr/lib32/libdl.so.2 is owned by lib32-glibc 2.33-4

dhcpcd does not even provide any libraries outside of its own directory:

$ pacman -Q dhcpcd
dhcpcd 9.4.0-1
$ pacman -Qlq dhcpcd
/etc/
/etc/dhcpcd.conf
/usr/
/usr/bin/
/usr/bin/dhcpcd
/usr/lib/
/usr/lib/dhcpcd/
/usr/lib/dhcpcd/dev/
/usr/lib/dhcpcd/dev/udev.so
/usr/lib/dhcpcd/dhcpcd-hooks/
/usr/lib/dhcpcd/dhcpcd-hooks/01-test
/usr/lib/dhcpcd/dhcpcd-hooks/20-resolv.conf
/usr/lib/dhcpcd/dhcpcd-hooks/30-hostname
/usr/lib/dhcpcd/dhcpcd-run-hooks
/usr/lib/sysusers.d/
/usr/lib/sysusers.d/dhcpcd.conf
/usr/lib/tmpfiles.d/
/usr/lib/tmpfiles.d/dhcpcd.conf
/usr/share/
/usr/share/dhcpcd/
/usr/share/dhcpcd/hooks/
/usr/share/dhcpcd/hooks/10-wpa_supplicant
/usr/share/dhcpcd/hooks/15-timezone
/usr/share/dhcpcd/hooks/29-lookup-hostname
/usr/share/licenses/
/usr/share/licenses/dhcpcd/
/usr/share/licenses/dhcpcd/LICENSE
/usr/share/man/
/usr/share/man/man5/
/usr/share/man/man5/dhcpcd.conf.5.gz
/usr/share/man/man8/
/usr/share/man/man8/dhcpcd-run-hooks.8.gz
/usr/share/man/man8/dhcpcd.8.gz
/var/
/var/lib/
/var/lib/dhcpcd

I think that the problem might be packaging-related. Will check later.

<!-- gh-comment-id:790805307 --> @kmk3 commented on GitHub (Mar 4, 2021): > Also, adding in 'ignore private-lib' worked, which is weird, because I copied > the Master branch patch.profile into my etc directory and it didn't work. But > it is working now, so thanks. Apologies; I wanted to reply quickly and ended up speaking assuming too much and without properly testing my suggestions. #4000 by itself does not really fix it on Artix and the problem still happens on the current master. It fails even with the following on patch.local: ```console private-lib libd*,libfakeroot ignore private-lib ``` So it's also likely not due to the file names (though it could be a globbing issue). > ``` > $ ls -l /usr/lib*/libdl* > -rwxr-xr-x 1 dhcpcd dhcpcd 18K Feb 13 17:02 /usr/lib32/libdl-2.33.so > -rw-r--r-- 1 dhcpcd dhcpcd 14K Feb 13 17:02 /usr/lib32/libdl.a > lrwxrwxrwx 1 root root 10 Feb 13 17:02 /usr/lib32/libdl.so -> libdl.so.2 > lrwxrwxrwx 1 root root 13 Feb 13 17:02 /usr/lib32/libdl.so.2 -> libdl-2.33.so > -rwxr-xr-x 1 dhcpcd dhcpcd 23K Feb 13 17:02 /usr/lib64/libdl-2.33.so > -rw-r--r-- 1 dhcpcd dhcpcd 15K Feb 13 17:02 /usr/lib64/libdl.a > lrwxrwxrwx 1 root root 10 Feb 13 17:02 /usr/lib64/libdl.so -> libdl.so.2 > lrwxrwxrwx 1 root root 13 Feb 13 17:02 /usr/lib64/libdl.so.2 -> libdl-2.33.so > -rwxr-xr-x 1 dhcpcd dhcpcd 23K Feb 13 17:02 /usr/lib/libdl-2.33.so > -rw-r--r-- 1 dhcpcd dhcpcd 15K Feb 13 17:02 /usr/lib/libdl.a > lrwxrwxrwx 1 root root 10 Feb 13 17:02 /usr/lib/libdl.so -> libdl.so.2 > lrwxrwxrwx 1 root root 13 Feb 13 17:02 /usr/lib/libdl.so.2 -> libdl-2.33.so > ``` I have the same output and it does not seem quite right. Why are these libraries owned by dhcpcd when it is not the provider of any of them? ```console $ pacman -Qo /usr/lib*/libdl* | sort /usr/lib/libdl-2.33.so is owned by glibc 2.33-4 /usr/lib/libdl-2.33.so is owned by glibc 2.33-4 /usr/lib/libdl.a is owned by glibc 2.33-4 /usr/lib/libdl.a is owned by glibc 2.33-4 /usr/lib/libdl.so is owned by glibc 2.33-4 /usr/lib/libdl.so is owned by glibc 2.33-4 /usr/lib/libdl.so.2 is owned by glibc 2.33-4 /usr/lib/libdl.so.2 is owned by glibc 2.33-4 /usr/lib32/libdl-2.33.so is owned by lib32-glibc 2.33-4 /usr/lib32/libdl.a is owned by lib32-glibc 2.33-4 /usr/lib32/libdl.so is owned by lib32-glibc 2.33-4 /usr/lib32/libdl.so.2 is owned by lib32-glibc 2.33-4 ``` dhcpcd does not even provide any libraries outside of its own directory: ```console $ pacman -Q dhcpcd dhcpcd 9.4.0-1 $ pacman -Qlq dhcpcd /etc/ /etc/dhcpcd.conf /usr/ /usr/bin/ /usr/bin/dhcpcd /usr/lib/ /usr/lib/dhcpcd/ /usr/lib/dhcpcd/dev/ /usr/lib/dhcpcd/dev/udev.so /usr/lib/dhcpcd/dhcpcd-hooks/ /usr/lib/dhcpcd/dhcpcd-hooks/01-test /usr/lib/dhcpcd/dhcpcd-hooks/20-resolv.conf /usr/lib/dhcpcd/dhcpcd-hooks/30-hostname /usr/lib/dhcpcd/dhcpcd-run-hooks /usr/lib/sysusers.d/ /usr/lib/sysusers.d/dhcpcd.conf /usr/lib/tmpfiles.d/ /usr/lib/tmpfiles.d/dhcpcd.conf /usr/share/ /usr/share/dhcpcd/ /usr/share/dhcpcd/hooks/ /usr/share/dhcpcd/hooks/10-wpa_supplicant /usr/share/dhcpcd/hooks/15-timezone /usr/share/dhcpcd/hooks/29-lookup-hostname /usr/share/licenses/ /usr/share/licenses/dhcpcd/ /usr/share/licenses/dhcpcd/LICENSE /usr/share/man/ /usr/share/man/man5/ /usr/share/man/man5/dhcpcd.conf.5.gz /usr/share/man/man8/ /usr/share/man/man8/dhcpcd-run-hooks.8.gz /usr/share/man/man8/dhcpcd.8.gz /var/ /var/lib/ /var/lib/dhcpcd ``` I think that the problem might be packaging-related. Will check later.
gitea-mirror commented 2026-05-05 09:11:51 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (May 12, 2021):

Will check later.

@kmk3 ping

I think that the problem might be packaging-related.

Could it be #3236?

<!-- gh-comment-id:840011584 --> @rusty-snake commented on GitHub (May 12, 2021): > Will check later. @kmk3 ping ----- > I think that the problem might be packaging-related. Could it be #3236?
gitea-mirror commented 2026-05-05 09:11:51 -06:00
Author
Owner
Copy link

@kmk3 commented on GitHub (May 14, 2021):

Will check later.

@kmk3 ping

Sorry for the delay, but I still have some patches that I want to send
beforehand (some are even from months ago). If anybody wants to take this in
the meantime feel free to do so.

Currently I just run unlink /usr/local/bin/patch after running firecfg.

Would be nice if firecfg supported a /etc/firejail/firecfg_ignore.config
counterpart to /usr/lib/firejail/firecfg.config, to skip problematic
profiles.

I think that the problem might be packaging-related.

To be clear, I meant issues with the dhcpcd package.

By the way, I stopped using dhcpcd, as it would happily and knowingly let the
clock drift over an hour without syncing. And there is no way to force it to
sync.

Could it be #3236?

Seems plausible; thanks for the link.

<!-- gh-comment-id:841423711 --> @kmk3 commented on GitHub (May 14, 2021): > > Will check later. > > @kmk3 ping Sorry for the delay, but I still have some patches that I want to send beforehand (some are even from months ago). If anybody wants to take this in the meantime feel free to do so. Currently I just run `unlink /usr/local/bin/patch` after running `firecfg`. Would be nice if firecfg supported a `/etc/firejail/firecfg_ignore.config` counterpart to `/usr/lib/firejail/firecfg.config`, to skip problematic profiles. > > I think that the problem might be packaging-related. To be clear, I meant issues with the dhcpcd package. By the way, I stopped using dhcpcd, as it would happily and knowingly let the clock drift over an _hour_ without syncing. And there is no way to force it to sync. > Could it be #3236? Seems plausible; thanks for the link.
gitea-mirror commented 2026-05-05 09:11:52 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (May 14, 2021):

Would be nice if firecfg supported a /etc/firejail/firecfg_ignore.config
counterpart to /usr/lib/firejail/firecfg.config, to skip problematic
profiles.

And here's an other link for you: #2097 😃

<!-- gh-comment-id:841426164 --> @rusty-snake commented on GitHub (May 14, 2021): > Would be nice if firecfg supported a /etc/firejail/firecfg_ignore.config counterpart to /usr/lib/firejail/firecfg.config, to skip problematic profiles. And here's an other link for you: #2097 :smiley:
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2514
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?