github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #4241] wireshark: Error: You do not have permission to capture on device #2592

New issue
Closed
opened 2026-05-05 09:15:45 -06:00 by gitea-mirror · 25 comments
gitea-mirror commented 2026-05-05 09:15:45 -06:00
Owner
Copy link

Originally created by @aminvakil on GitHub (May 4, 2021).
Original GitHub issue: https://github.com/netblue30/firejail/issues/4241

Bug and expected behavior
Cannot monitor traffic using wireshark

  • What did you expect to happen?
    Monitor traffic

No profile and disabling firejail

  • What changed calling firejail --noprofile /path/to/program in a terminal?
    It works without profile.
  • What changed calling the program by path (e.g. /usr/bin/vlc)?
    It works this way too.

Reproduce
Steps to reproduce the behavior:

  1. Run in bash firejail PROGRAM
  2. See error ERROR
  3. Click on '....'
  4. Scroll down to '....'
Reading profile /etc/firejail/wireshark.profile
Reading profile /etc/firejail/allow-lua.inc
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 2634, child pid 2635
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Blacklist violations are logged to syslog
Child process initialized in 274.90 ms
Warning: an existing sandbox was detected. /usr/bin/wireshark will run without any additional sandboxing features
libGL error: MESA-LOADER: failed to retrieve device information
libGL error: Version 4 or later of flush extension not found
libGL error: failed to load driver: i915
libGL error: failed to open /dev/dri/card0: No such file or directory
libGL error: failed to load driver: iris

Environment

$ lsb_release -a
LSB Version:    1.4
Distributor ID: Arch
Description:    Arch Linux
Release:        rolling
Codename:       n/a
  • Firejail version (output of firejail --version) exclusive or used git commit (git rev-parse HEAD)
firejail version 0.9.64.4

Compile time support:
        - AppArmor support is enabled
        - AppImage support is enabled
        - chroot support is enabled
        - D-BUS proxy support is enabled
        - file and directory whitelisting support is enabled
        - file transfer support is enabled
        - firetunnel support is enabled
        - networking support is enabled
        - overlayfs support is disabled
        - private-home support is enabled
        - private-cache and tmpfs as user enabled
        - SELinux support is disabled
        - user namespace support is enabled
        - X11 sandboxing support is enabled

Checklist

  • The profile (and redirect profile if exists) hasn't already been fixed upstream.
  • The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
  • I have performed a short search for similar issues (to avoid opening a duplicate).
  • If it is a AppImage, --profile=PROFILENAME is used to set the right profile.
  • Used LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 PROGRAM to get english error-messages.
  • I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.
  • This is not a question. Questions should be asked in https://github.com/netblue30/firejail/discussions.
$ firejail --debug /usr/bin/wireshark 
OUTPUT OF `firejail --debug PROGRAM`
$ firejail --debug wireshark 
Autoselecting /bin/bash as shell
Building quoted command line: 'wireshark' 
Command name #wireshark#
Found wireshark.profile profile in /etc/firejail directory
Reading profile /etc/firejail/wireshark.profile
Found allow-lua.inc profile in /etc/firejail directory
Reading profile /etc/firejail/allow-lua.inc
Found disable-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-common.inc
Found disable-devel.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-devel.inc
Found disable-exec.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-exec.inc
Found disable-interpreters.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-interpreters.inc
Found disable-passwdmgr.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-passwdmgr.inc
Found disable-programs.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-programs.inc
Found disable-xdg.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-xdg.inc
Found whitelist-usr-share-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Found whitelist-var-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-var-common.inc
DISPLAY=:0 parsed as 0
Using the local network stack
Parent pid 3022, child pid 3023
Initializing child process
Host network configured
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp directory
Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file
Mounting /proc filesystem representing the PID namespace
Basic read-only filesystem:
Mounting read-only /etc
2039 2011 254:1 /etc /etc ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2039 fsname=/etc dir=/etc fstype=ext4
Mounting noexec /etc
2040 2039 254:1 /etc /etc ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2040 fsname=/etc dir=/etc fstype=ext4
Mounting read-only /var
2041 2011 254:1 /var /var ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2041 fsname=/var dir=/var fstype=ext4
Mounting noexec /var
2042 2041 254:1 /var /var ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2042 fsname=/var dir=/var fstype=ext4
Mounting read-only /usr
2043 2011 254:1 /usr /usr ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2043 fsname=/usr dir=/usr fstype=ext4
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Mounting tmpfs on /var/lib/nginx
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Cleaning /run/user directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/profile
Disable /run/firejail/x11
Disable /run/firejail/appimage
Mounting tmpfs on /dev
Process /dev/shm directory
Generate private-tmp whitelist commands
blacklist /run/firejail/dbus
Mounting read-only /proc/sys
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/power
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/sched_debug
Disable /proc/timer_list
Disable /proc/kallsyms
Disable /usr/lib/modules (requested /lib/modules)
Disable /boot
Disable /run/user/1000/gnupg
Disable /run/user/1000/systemd
Disable /proc/kmsg
Debug 456: new_name #/usr/share/wireshark#, whitelist
Debug 456: new_name #/usr/share/alsa#, whitelist
Debug 456: new_name #/usr/share/applications#, whitelist
Debug 456: new_name #/usr/share/ca-certificates#, whitelist
Debug 456: new_name #/usr/share/crypto-policies#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/crypto-policies
        expanded: /usr/share/crypto-policies
        real path: (null)
        realpath: No such file or directory
Debug 456: new_name #/usr/share/cursors#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/cursors
        expanded: /usr/share/cursors
        real path: (null)
        realpath: No such file or directory
Debug 456: new_name #/usr/share/dconf#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/dconf
        expanded: /usr/share/dconf
        real path: (null)
        realpath: No such file or directory
Debug 456: new_name #/usr/share/distro-info#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/distro-info
        expanded: /usr/share/distro-info
        real path: (null)
        realpath: No such file or directory
Debug 456: new_name #/usr/share/drirc.d#, whitelist
Debug 456: new_name #/usr/share/enchant#, whitelist
Debug 456: new_name #/usr/share/enchant-2#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/enchant-2
        expanded: /usr/share/enchant-2
        real path: (null)
        realpath: No such file or directory
Debug 456: new_name #/usr/share/file#, whitelist
Debug 456: new_name #/usr/share/fontconfig#, whitelist
Debug 456: new_name #/usr/share/fonts#, whitelist
Debug 456: new_name #/usr/share/fonts-config#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/fonts-config
        expanded: /usr/share/fonts-config
        real path: (null)
        realpath: No such file or directory
Debug 456: new_name #/usr/share/gir-1.0#, whitelist
Debug 456: new_name #/usr/share/gjs-1.0#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/gjs-1.0
        expanded: /usr/share/gjs-1.0
        real path: (null)
        realpath: No such file or directory
Debug 456: new_name #/usr/share/glib-2.0#, whitelist
Debug 456: new_name #/usr/share/glvnd#, whitelist
Debug 456: new_name #/usr/share/gtk-2.0#, whitelist
Debug 456: new_name #/usr/share/gtk-3.0#, whitelist
Debug 456: new_name #/usr/share/gtk-engines#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/gtk-engines
        expanded: /usr/share/gtk-engines
        real path: (null)
        realpath: No such file or directory
Debug 456: new_name #/usr/share/gtksourceview-3.0#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/gtksourceview-3.0
        expanded: /usr/share/gtksourceview-3.0
        real path: (null)
        realpath: No such file or directory
Debug 456: new_name #/usr/share/gtksourceview-4#, whitelist
Debug 456: new_name #/usr/share/hunspell#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/hunspell
        expanded: /usr/share/hunspell
        real path: (null)
        realpath: No such file or directory
Debug 456: new_name #/usr/share/hwdata#, whitelist
Debug 456: new_name #/usr/share/icons#, whitelist
Debug 456: new_name #/usr/share/icu#, whitelist
Debug 456: new_name #/usr/share/knotifications5#, whitelist
Debug 456: new_name #/usr/share/kservices5#, whitelist
Debug 456: new_name #/usr/share/Kvantum#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/Kvantum
        expanded: /usr/share/Kvantum
        real path: (null)
        realpath: No such file or directory
Debug 456: new_name #/usr/share/kxmlgui5#, whitelist
Debug 456: new_name #/usr/share/libdrm#, whitelist
Debug 456: new_name #/usr/share/libthai#, whitelist
Debug 456: new_name #/usr/share/locale#, whitelist
Debug 456: new_name #/usr/share/mime#, whitelist
Debug 456: new_name #/usr/share/misc#, whitelist
Debug 456: new_name #/usr/share/Modules#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/Modules
        expanded: /usr/share/Modules
        real path: (null)
        realpath: No such file or directory
Debug 456: new_name #/usr/share/myspell#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/myspell
        expanded: /usr/share/myspell
        real path: (null)
        realpath: No such file or directory
Debug 456: new_name #/usr/share/p11-kit#, whitelist
Debug 456: new_name #/usr/share/perl#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/perl
        expanded: /usr/share/perl
        real path: (null)
        realpath: No such file or directory
Debug 456: new_name #/usr/share/perl5#, whitelist
Debug 456: new_name #/usr/share/pixmaps#, whitelist
Debug 456: new_name #/usr/share/pki#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/pki
        expanded: /usr/share/pki
        real path: (null)
        realpath: No such file or directory
Debug 456: new_name #/usr/share/plasma#, whitelist
Debug 456: new_name #/usr/share/publicsuffix#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/publicsuffix
        expanded: /usr/share/publicsuffix
        real path: (null)
        realpath: No such file or directory
Debug 456: new_name #/usr/share/qt#, whitelist
Debug 456: new_name #/usr/share/qt4#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/qt4
        expanded: /usr/share/qt4
        real path: (null)
        realpath: No such file or directory
Debug 456: new_name #/usr/share/qt5#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/qt5
        expanded: /usr/share/qt5
        real path: (null)
        realpath: No such file or directory
Debug 456: new_name #/usr/share/qt5ct#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/qt5ct
        expanded: /usr/share/qt5ct
        real path: (null)
        realpath: No such file or directory
Debug 456: new_name #/usr/share/sounds#, whitelist
Debug 456: new_name #/usr/share/tcl8.6#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/tcl8.6
        expanded: /usr/share/tcl8.6
        real path: (null)
        realpath: No such file or directory
Debug 456: new_name #/usr/share/tcltk#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/tcltk
        expanded: /usr/share/tcltk
        real path: (null)
        realpath: No such file or directory
Debug 456: new_name #/usr/share/terminfo#, whitelist
Debug 456: new_name #/usr/share/texlive#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/texlive
        expanded: /usr/share/texlive
        real path: (null)
        realpath: No such file or directory
Debug 456: new_name #/usr/share/texmf#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/texmf
        expanded: /usr/share/texmf
        real path: (null)
        realpath: No such file or directory
Debug 456: new_name #/usr/share/themes#, whitelist
Debug 456: new_name #/usr/share/thumbnail.so#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/thumbnail.so
        expanded: /usr/share/thumbnail.so
        real path: (null)
        realpath: No such file or directory
Debug 456: new_name #/usr/share/vulkan#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/vulkan
        expanded: /usr/share/vulkan
        real path: (null)
        realpath: No such file or directory
Debug 456: new_name #/usr/share/X11#, whitelist
Debug 456: new_name #/usr/share/xml#, whitelist
Debug 456: new_name #/usr/share/zenity#, whitelist
Removed whitelist/nowhitelist path: whitelist /usr/share/zenity
        expanded: /usr/share/zenity
        real path: (null)
        realpath: No such file or directory
Debug 456: new_name #/usr/share/zoneinfo#, whitelist
Debug 456: new_name #/var/lib/ca-certificates#, whitelist
Removed whitelist/nowhitelist path: whitelist /var/lib/ca-certificates
        expanded: /var/lib/ca-certificates
        real path: (null)
        realpath: No such file or directory
Debug 456: new_name #/var/lib/dbus#, whitelist
Debug 456: new_name #/var/lib/menu-xdg#, whitelist
Removed whitelist/nowhitelist path: whitelist /var/lib/menu-xdg
        expanded: /var/lib/menu-xdg
        real path: (null)
        realpath: No such file or directory
Debug 456: new_name #/var/lib/uim#, whitelist
Removed whitelist/nowhitelist path: whitelist /var/lib/uim
        expanded: /var/lib/uim
        real path: (null)
        realpath: No such file or directory
Debug 456: new_name #/var/cache/fontconfig#, whitelist
Debug 456: new_name #/var/tmp#, whitelist
Debug 456: new_name #/var/run#, whitelist
Replaced whitelist path: whitelist /run
Debug 456: new_name #/var/lock#, whitelist
Replaced whitelist path: whitelist /run/lock
Debug 456: new_name #/tmp/xauth-1000-_0#, whitelist
Debug 456: new_name #/tmp/.X11-unix#, whitelist
Mounting tmpfs on /tmp directory
Mounting tmpfs on /var directory
Mounting tmpfs on /usr/share directory
Whitelisting /usr/share/wireshark
2097 2096 254:1 /usr/share/wireshark /usr/share/wireshark ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2097 fsname=/usr/share/wireshark dir=/usr/share/wireshark fstype=ext4
Whitelisting /usr/share/alsa
2098 2096 254:1 /usr/share/alsa /usr/share/alsa ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2098 fsname=/usr/share/alsa dir=/usr/share/alsa fstype=ext4
Whitelisting /usr/share/applications
2099 2096 254:1 /usr/share/applications /usr/share/applications ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2099 fsname=/usr/share/applications dir=/usr/share/applications fstype=ext4
Whitelisting /usr/share/ca-certificates
2100 2096 254:1 /usr/share/ca-certificates /usr/share/ca-certificates ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2100 fsname=/usr/share/ca-certificates dir=/usr/share/ca-certificates fstype=ext4
Whitelisting /usr/share/drirc.d
2101 2096 254:1 /usr/share/drirc.d /usr/share/drirc.d ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2101 fsname=/usr/share/drirc.d dir=/usr/share/drirc.d fstype=ext4
Whitelisting /usr/share/enchant
2102 2096 254:1 /usr/share/enchant /usr/share/enchant ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2102 fsname=/usr/share/enchant dir=/usr/share/enchant fstype=ext4
Whitelisting /usr/share/file
2103 2096 254:1 /usr/share/file /usr/share/file ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2103 fsname=/usr/share/file dir=/usr/share/file fstype=ext4
Whitelisting /usr/share/fontconfig
2104 2096 254:1 /usr/share/fontconfig /usr/share/fontconfig ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2104 fsname=/usr/share/fontconfig dir=/usr/share/fontconfig fstype=ext4
Whitelisting /usr/share/fonts
2105 2096 254:1 /usr/share/fonts /usr/share/fonts ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2105 fsname=/usr/share/fonts dir=/usr/share/fonts fstype=ext4
Whitelisting /usr/share/gir-1.0
2106 2096 254:1 /usr/share/gir-1.0 /usr/share/gir-1.0 ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2106 fsname=/usr/share/gir-1.0 dir=/usr/share/gir-1.0 fstype=ext4
Whitelisting /usr/share/glib-2.0
2107 2096 254:1 /usr/share/glib-2.0 /usr/share/glib-2.0 ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2107 fsname=/usr/share/glib-2.0 dir=/usr/share/glib-2.0 fstype=ext4
Whitelisting /usr/share/glvnd
2108 2096 254:1 /usr/share/glvnd /usr/share/glvnd ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2108 fsname=/usr/share/glvnd dir=/usr/share/glvnd fstype=ext4
Whitelisting /usr/share/gtk-2.0
2109 2096 254:1 /usr/share/gtk-2.0 /usr/share/gtk-2.0 ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2109 fsname=/usr/share/gtk-2.0 dir=/usr/share/gtk-2.0 fstype=ext4
Whitelisting /usr/share/gtk-3.0
2110 2096 254:1 /usr/share/gtk-3.0 /usr/share/gtk-3.0 ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2110 fsname=/usr/share/gtk-3.0 dir=/usr/share/gtk-3.0 fstype=ext4
Whitelisting /usr/share/gtksourceview-4
2111 2096 254:1 /usr/share/gtksourceview-4 /usr/share/gtksourceview-4 ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2111 fsname=/usr/share/gtksourceview-4 dir=/usr/share/gtksourceview-4 fstype=ext4
Whitelisting /usr/share/hwdata
2112 2096 254:1 /usr/share/hwdata /usr/share/hwdata ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2112 fsname=/usr/share/hwdata dir=/usr/share/hwdata fstype=ext4
Whitelisting /usr/share/icons
2113 2096 254:1 /usr/share/icons /usr/share/icons ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2113 fsname=/usr/share/icons dir=/usr/share/icons fstype=ext4
Whitelisting /usr/share/icu
2114 2096 254:1 /usr/share/icu /usr/share/icu ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2114 fsname=/usr/share/icu dir=/usr/share/icu fstype=ext4
Whitelisting /usr/share/knotifications5
2115 2096 254:1 /usr/share/knotifications5 /usr/share/knotifications5 ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2115 fsname=/usr/share/knotifications5 dir=/usr/share/knotifications5 fstype=ext4
Whitelisting /usr/share/kservices5
2116 2096 254:1 /usr/share/kservices5 /usr/share/kservices5 ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2116 fsname=/usr/share/kservices5 dir=/usr/share/kservices5 fstype=ext4
Whitelisting /usr/share/kxmlgui5
2117 2096 254:1 /usr/share/kxmlgui5 /usr/share/kxmlgui5 ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2117 fsname=/usr/share/kxmlgui5 dir=/usr/share/kxmlgui5 fstype=ext4
Whitelisting /usr/share/libdrm
2118 2096 254:1 /usr/share/libdrm /usr/share/libdrm ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2118 fsname=/usr/share/libdrm dir=/usr/share/libdrm fstype=ext4
Whitelisting /usr/share/libthai
2119 2096 254:1 /usr/share/libthai /usr/share/libthai ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2119 fsname=/usr/share/libthai dir=/usr/share/libthai fstype=ext4
Whitelisting /usr/share/locale
2120 2096 254:1 /usr/share/locale /usr/share/locale ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2120 fsname=/usr/share/locale dir=/usr/share/locale fstype=ext4
Whitelisting /usr/share/mime
2121 2096 254:1 /usr/share/mime /usr/share/mime ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2121 fsname=/usr/share/mime dir=/usr/share/mime fstype=ext4
Whitelisting /usr/share/misc
2122 2096 254:1 /usr/share/misc /usr/share/misc ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2122 fsname=/usr/share/misc dir=/usr/share/misc fstype=ext4
Whitelisting /usr/share/p11-kit
2123 2096 254:1 /usr/share/p11-kit /usr/share/p11-kit ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2123 fsname=/usr/share/p11-kit dir=/usr/share/p11-kit fstype=ext4
Whitelisting /usr/share/perl5
2124 2096 254:1 /usr/share/perl5 /usr/share/perl5 ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2124 fsname=/usr/share/perl5 dir=/usr/share/perl5 fstype=ext4
Whitelisting /usr/share/pixmaps
2125 2096 254:1 /usr/share/pixmaps /usr/share/pixmaps ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2125 fsname=/usr/share/pixmaps dir=/usr/share/pixmaps fstype=ext4
Whitelisting /usr/share/plasma
2126 2096 254:1 /usr/share/plasma /usr/share/plasma ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2126 fsname=/usr/share/plasma dir=/usr/share/plasma fstype=ext4
Whitelisting /usr/share/qt
2127 2096 254:1 /usr/share/qt /usr/share/qt ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2127 fsname=/usr/share/qt dir=/usr/share/qt fstype=ext4
Whitelisting /usr/share/sounds
2128 2096 254:1 /usr/share/sounds /usr/share/sounds ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2128 fsname=/usr/share/sounds dir=/usr/share/sounds fstype=ext4
Whitelisting /usr/share/terminfo
2129 2096 254:1 /usr/share/terminfo /usr/share/terminfo ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2129 fsname=/usr/share/terminfo dir=/usr/share/terminfo fstype=ext4
Whitelisting /usr/share/themes
2130 2096 254:1 /usr/share/themes /usr/share/themes ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2130 fsname=/usr/share/themes dir=/usr/share/themes fstype=ext4
Whitelisting /usr/share/X11
2131 2096 254:1 /usr/share/X11 /usr/share/X11 ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2131 fsname=/usr/share/X11 dir=/usr/share/X11 fstype=ext4
Whitelisting /usr/share/xml
2132 2096 254:1 /usr/share/xml /usr/share/xml ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2132 fsname=/usr/share/xml dir=/usr/share/xml fstype=ext4
Whitelisting /usr/share/zoneinfo
2133 2096 254:1 /usr/share/zoneinfo /usr/share/zoneinfo ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2133 fsname=/usr/share/zoneinfo dir=/usr/share/zoneinfo fstype=ext4
Whitelisting /var/lib/dbus
2134 2094 254:1 /var/lib/dbus /var/lib/dbus ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2134 fsname=/var/lib/dbus dir=/var/lib/dbus fstype=ext4
Whitelisting /var/cache/fontconfig
2135 2094 254:1 /var/cache/fontconfig /var/cache/fontconfig ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2135 fsname=/var/cache/fontconfig dir=/var/cache/fontconfig fstype=ext4
Whitelisting /var/tmp
2136 2094 0:124 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw,inode64
mountid=2136 fsname=/ dir=/var/tmp fstype=tmpfs
Created symbolic link /var/run -> /run
Created symbolic link /var/lock -> /run/lock
Whitelisting /tmp/xauth-1000-_0
2137 2089 0:31 /xauth-1000-_0 /tmp/xauth-1000-_0 rw,nosuid,nodev master:17 - tmpfs tmpfs rw,size=6069168k,nr_inodes=409600,inode64
mountid=2137 fsname=/xauth-1000-_0 dir=/tmp/xauth-1000-_0 fstype=tmpfs
Whitelisting /tmp/.X11-unix
2138 2089 0:31 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev master:17 - tmpfs tmpfs rw,size=6069168k,nr_inodes=409600,inode64
mountid=2138 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Directory ${DOCUMENTS} resolved as Documents
Disable /home/username/.local/share/Trash
Disable /home/username/.gdbmtool_history
Disable /home/username/.python_history
Disable /home/username/.bash_history
Disable /home/username/.local/share/klipper
Disable /home/username/.python_history
Disable /home/username/.lesshst
Disable /home/username/.viminfo
Disable /home/username/.config/autostart
Disable /home/username/.config/autostart-scripts
Disable /home/username/.config/plasma-workspace
Disable /etc/X11/Xsession.d
Disable /etc/xdg/autostart
Mounting read-only /home/username/.Xauthority
2155 2051 254:1 /home/username/.Xauthority /home/username/.Xauthority ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2155 fsname=/home/username/.Xauthority dir=/home/username/.Xauthority fstype=ext4
Disable /home/username/.config/khotkeysrc
Disable /home/username/.config/krunnerrc
Disable /home/username/.config/kscreenlockerrc
Disable /home/username/.config/kwalletrc
Disable /home/username/.config/kwinrc
Disable /home/username/.config/kwinrulesrc
Disable /home/username/.config/plasma-org.kde.plasma.desktop-appletsrc
Disable /home/username/.config/plasmashellrc
Disable /home/username/.local/share/plasma
Mounting read-only /home/username/.cache/ksycoca5_en_T_yqs0BOg4f+K+B+PCJWyiC6V5U=
2165 2051 254:1 /home/username/.cache/ksycoca5_en_T_yqs0BOg4f+K+B+PCJWyiC6V5U= /home/username/.cache/ksycoca5_en_T_yqs0BOg4f+K+B+PCJWyiC6V5U= ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2165 fsname=/home/username/.cache/ksycoca5_en_T_yqs0BOg4f+K+B+PCJWyiC6V5U= dir=/home/username/.cache/ksycoca5_en_T_yqs0BOg4f+K+B+PCJWyiC6V5U= fstype=ext4
Mounting read-only /home/username/.config/plasmanotifyrc
2166 2051 254:1 /home/username/.config/plasmanotifyrc /home/username/.config/plasmanotifyrc ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2166 fsname=/home/username/.config/plasmanotifyrc dir=/home/username/.config/plasmanotifyrc fstype=ext4
Mounting read-only /home/username/.config/kdeglobals
2167 2051 254:1 /home/username/.config/kdeglobals /home/username/.config/kdeglobals ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2167 fsname=/home/username/.config/kdeglobals dir=/home/username/.config/kdeglobals fstype=ext4
Mounting read-only /home/username/.config/kiorc
2168 2051 254:1 /home/username/.config/kiorc /home/username/.config/kiorc ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2168 fsname=/home/username/.config/kiorc dir=/home/username/.config/kiorc fstype=ext4
Mounting read-only /home/username/.kde4/share/config/kdeglobals
2169 2051 254:1 /home/username/.kde4/share/config/kdeglobals /home/username/.kde4/share/config/kdeglobals ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2169 fsname=/home/username/.kde4/share/config/kdeglobals dir=/home/username/.kde4/share/config/kdeglobals fstype=ext4
Mounting read-only /home/username/.local/share/konsole
2170 2051 254:1 /home/username/.local/share/konsole /home/username/.local/share/konsole ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2170 fsname=/home/username/.local/share/konsole dir=/home/username/.local/share/konsole fstype=ext4
Disable /run/user/1000/klauncheruPQuxY.1.slave-socket
Disable /run/user/1000/kdeinit5__0
Mounting read-only /home/username/.config/dconf
2173 2051 254:1 /home/username/.config/dconf /home/username/.config/dconf ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2173 fsname=/home/username/.config/dconf dir=/home/username/.config/dconf fstype=ext4
Disable /usr/bin/systemd-run
Disable /run/user/1000/systemd
Disable /etc/profile.d
Disable /etc/kernel
Disable /etc/grub.d
Disable /etc/apparmor
Disable /etc/apparmor.d
Disable /etc/modules-load.d
Disable /etc/logrotate.d
Mounting read-only /home/username/.bash_logout
2183 2051 254:1 /home/username/.bash_logout /home/username/.bash_logout ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2183 fsname=/home/username/.bash_logout dir=/home/username/.bash_logout fstype=ext4
Mounting read-only /home/username/.bash_profile
2184 2051 254:1 /home/username/.bash_profile /home/username/.bash_profile ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2184 fsname=/home/username/.bash_profile dir=/home/username/.bash_profile fstype=ext4
Mounting read-only /home/username/.bashrc
2185 2051 254:1 /home/username/.bashrc /home/username/.bashrc ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2185 fsname=/home/username/.bashrc dir=/home/username/.bashrc fstype=ext4
Mounting read-only /home/username/.vim
2186 2051 254:1 /home/username/.vim /home/username/.vim ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2186 fsname=/home/username/.vim dir=/home/username/.vim fstype=ext4
Mounting read-only /home/username/.viminfo
2187 2149 0:24 /firejail/firejail.ro.file /home/username/.viminfo ro,nosuid,nodev master:11 - tmpfs tmpfs rw,size=2427668k,nr_inodes=819200,mode=755,inode64
mountid=2187 fsname=/firejail/firejail.ro.file dir=/home/username/.viminfo fstype=tmpfs
Mounting read-only /home/username/.yarnrc
2188 2051 254:1 /home/username/.yarnrc /home/username/.yarnrc ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2188 fsname=/home/username/.yarnrc dir=/home/username/.yarnrc fstype=ext4
Mounting read-only /home/username/.config/menus
2189 2051 254:1 /home/username/.config/menus /home/username/.config/menus ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2189 fsname=/home/username/.config/menus dir=/home/username/.config/menus fstype=ext4
Mounting read-only /home/username/.local/share/applications
2190 2051 254:1 /home/username/.local/share/applications /home/username/.local/share/applications ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2190 fsname=/home/username/.local/share/applications dir=/home/username/.local/share/applications fstype=ext4
Mounting read-only /home/username/.config/mimeapps.list
2191 2051 254:1 /home/username/.config/mimeapps.list /home/username/.config/mimeapps.list ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2191 fsname=/home/username/.config/mimeapps.list dir=/home/username/.config/mimeapps.list fstype=ext4
Mounting read-only /home/username/.local/share/mime
2192 2051 254:1 /home/username/.local/share/mime /home/username/.local/share/mime ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2192 fsname=/home/username/.local/share/mime dir=/home/username/.local/share/mime fstype=ext4
Disable /home/username/.gnupg
Disable /home/username/.local/share/kwalletd
Disable /home/username/.netrc
Disable /home/username/.pki
Disable /home/username/.local/share/pki
Disable /home/username/.ssh
Disable /etc/group-
Disable /etc/gshadow
Disable /etc/gshadow-
Disable /etc/passwd-
Disable /etc/shadow
Disable /etc/shadow-
Disable /etc/ssh
Warning: /sbin directory link was not blacklisted
Disable /usr/local/sbin
Warning: /usr/sbin directory link was not blacklisted
Disable /usr/bin/chage
Disable /usr/bin/chfn
Disable /usr/bin/chsh
Disable /usr/bin/expiry
Disable /usr/bin/fusermount
Disable /usr/bin/gpasswd
Disable /usr/bin/ksu
Disable /usr/bin/mount
Disable /usr/bin/ncat
Disable /usr/bin/newgidmap
Disable /usr/bin/newgrp
Disable /usr/bin/newuidmap
Disable /usr/bin/ntfs-3g
Disable /usr/bin/pkexec
Disable /usr/bin/sg
Disable /usr/bin/su
Disable /usr/bin/sudo
Disable /usr/bin/umount
Disable /usr/bin/unix_chkpwd
Disable /usr/bin/bwrap
Disable /proc/config.gz
Disable /usr/bin/dig
Disable /usr/bin/dnssec-settime
Disable /usr/bin/dnssec-keygen
Disable /usr/bin/dnssec-coverage
Disable /usr/bin/dnssec-signzone
Disable /usr/bin/dnssec-checkds
Disable /usr/bin/dnssec-dsfromkey
Disable /usr/bin/dnssec-revoke
Disable /usr/bin/dnssec-keymgr
Disable /usr/bin/dnssec-importkey
Disable /usr/bin/dnssec-keyfromlabel
Disable /usr/bin/dnssec-verify
Disable /usr/bin/dnssec-cds
Disable /usr/bin/drill
Disable /usr/bin/host
Disable /usr/bin/ldns-config
Disable /usr/bin/ldns-revoke
Disable /usr/bin/ldns-dpa
Disable /usr/bin/ldns-nsec3-hash
Disable /usr/bin/ldns-test-edns
Disable /usr/bin/ldns-walk
Disable /usr/bin/ldns-zsplit
Disable /usr/bin/ldns-key2ds
Disable /usr/bin/ldns-version
Disable /usr/bin/ldns-read-zone
Disable /usr/bin/ldns-verify-zone
Disable /usr/bin/ldns-zcat
Disable /usr/bin/ldns-compare-zones
Disable /usr/bin/ldns-notify
Disable /usr/bin/ldns-update
Disable /usr/bin/ldns-chaos
Disable /usr/bin/ldns-keyfetcher
Disable /usr/bin/ldns-gen-zone
Disable /usr/bin/ldns-testns
Disable /usr/bin/ldns-dane
Disable /usr/bin/ldns-mx
Disable /usr/bin/ldns-keygen
Disable /usr/bin/ldns-resolver
Disable /usr/bin/ldns-signzone
Disable /usr/bin/ldns-rrsig
Disable /usr/bin/ldnsd
Disable /usr/bin/nslookup
Disable /usr/bin/resolvectl
Disable /usr/bin/as
Disable /usr/bin/gcc (requested /usr/bin/cc)
Disable /usr/bin/c++
Disable /usr/bin/c++filt
Disable /usr/bin/c89
Disable /usr/bin/c99
Disable /usr/bin/cpp
Disable /usr/bin/g++
Disable /usr/bin/gcc-ar
Disable /usr/bin/gcc-nm
Disable /usr/bin/gcc
Disable /usr/bin/gcc-ranlib
Disable /usr/bin/ld
Disable /usr/bin/x86_64-pc-linux-gnu-gcc
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-ar
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-nm
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-ranlib
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-10.2.0
Disable /usr/bin/x86_64-pc-linux-gnu-g++
Disable /usr/bin/x86_64-pc-linux-gnu-gcc
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-ar
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-nm
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-ranlib
Disable /usr/bin/x86_64-pc-linux-gnu-gcc-10.2.0
Disable /usr/bin/x86_64-pc-linux-gnu-g++
Disable /usr/lib/jvm/java-8-jre/jre/bin/java (requested /usr/bin/java)
Disable /usr/lib/jvm/java-8-jre/jre/bin/java (requested /usr/lib/jvm/default/bin/java)
Disable /usr/bin/openssl
Disable /usr/src
Disable /usr/local/src
Not blacklist /usr/include
Disable /usr/local/include
Mounting noexec /home/username
2346 2302 0:24 /firejail/firejail.ro.dir /home/username/.ssh rw,nosuid,nodev master:11 - tmpfs tmpfs rw,size=2427668k,nr_inodes=819200,mode=755,inode64
mountid=2346 fsname=/firejail/firejail.ro.dir dir=/home/username/.ssh fstype=tmpfs
Mounting noexec /home/username/.Xauthority
2347 2315 254:1 /home/username/.Xauthority /home/username/.Xauthority ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2347 fsname=/home/username/.Xauthority dir=/home/username/.Xauthority fstype=ext4
Mounting noexec /home/username/.cache/ksycoca5_en_T_yqs0BOg4f+K+B+PCJWyiC6V5U=
2348 2325 254:1 /home/username/.cache/ksycoca5_en_T_yqs0BOg4f+K+B+PCJWyiC6V5U= /home/username/.cache/ksycoca5_en_T_yqs0BOg4f+K+B+PCJWyiC6V5U= ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2348 fsname=/home/username/.cache/ksycoca5_en_T_yqs0BOg4f+K+B+PCJWyiC6V5U= dir=/home/username/.cache/ksycoca5_en_T_yqs0BOg4f+K+B+PCJWyiC6V5U= fstype=ext4
Mounting noexec /home/username/.config/plasmanotifyrc
2349 2326 254:1 /home/username/.config/plasmanotifyrc /home/username/.config/plasmanotifyrc ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2349 fsname=/home/username/.config/plasmanotifyrc dir=/home/username/.config/plasmanotifyrc fstype=ext4
Mounting noexec /home/username/.config/kdeglobals
2350 2327 254:1 /home/username/.config/kdeglobals /home/username/.config/kdeglobals ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2350 fsname=/home/username/.config/kdeglobals dir=/home/username/.config/kdeglobals fstype=ext4
Mounting noexec /home/username/.config/kiorc
2351 2328 254:1 /home/username/.config/kiorc /home/username/.config/kiorc ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2351 fsname=/home/username/.config/kiorc dir=/home/username/.config/kiorc fstype=ext4
Mounting noexec /home/username/.kde4/share/config/kdeglobals
2352 2329 254:1 /home/username/.kde4/share/config/kdeglobals /home/username/.kde4/share/config/kdeglobals ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2352 fsname=/home/username/.kde4/share/config/kdeglobals dir=/home/username/.kde4/share/config/kdeglobals fstype=ext4
Mounting noexec /home/username/.local/share/konsole
2353 2330 254:1 /home/username/.local/share/konsole /home/username/.local/share/konsole ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2353 fsname=/home/username/.local/share/konsole dir=/home/username/.local/share/konsole fstype=ext4
Mounting noexec /home/username/.config/dconf
2354 2331 254:1 /home/username/.config/dconf /home/username/.config/dconf ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2354 fsname=/home/username/.config/dconf dir=/home/username/.config/dconf fstype=ext4
Mounting noexec /home/username/.bash_logout
2355 2332 254:1 /home/username/.bash_logout /home/username/.bash_logout ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2355 fsname=/home/username/.bash_logout dir=/home/username/.bash_logout fstype=ext4
Mounting noexec /home/username/.bash_profile
2356 2333 254:1 /home/username/.bash_profile /home/username/.bash_profile ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2356 fsname=/home/username/.bash_profile dir=/home/username/.bash_profile fstype=ext4
Mounting noexec /home/username/.bashrc
2357 2334 254:1 /home/username/.bashrc /home/username/.bashrc ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2357 fsname=/home/username/.bashrc dir=/home/username/.bashrc fstype=ext4
Mounting noexec /home/username/.vim
2358 2335 254:1 /home/username/.vim /home/username/.vim ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2358 fsname=/home/username/.vim dir=/home/username/.vim fstype=ext4
Mounting noexec /home/username/.yarnrc
2359 2336 254:1 /home/username/.yarnrc /home/username/.yarnrc ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2359 fsname=/home/username/.yarnrc dir=/home/username/.yarnrc fstype=ext4
Mounting noexec /home/username/.config/menus
2360 2337 254:1 /home/username/.config/menus /home/username/.config/menus ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2360 fsname=/home/username/.config/menus dir=/home/username/.config/menus fstype=ext4
Mounting noexec /home/username/.local/share/applications
2361 2338 254:1 /home/username/.local/share/applications /home/username/.local/share/applications ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2361 fsname=/home/username/.local/share/applications dir=/home/username/.local/share/applications fstype=ext4
Mounting noexec /home/username/.config/mimeapps.list
2362 2339 254:1 /home/username/.config/mimeapps.list /home/username/.config/mimeapps.list ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2362 fsname=/home/username/.config/mimeapps.list dir=/home/username/.config/mimeapps.list fstype=ext4
Mounting noexec /home/username/.local/share/mime
2363 2340 254:1 /home/username/.local/share/mime /home/username/.local/share/mime ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/archlap-root rw
mountid=2363 fsname=/home/username/.local/share/mime dir=/home/username/.local/share/mime fstype=ext4
Mounting noexec /run/user/1000
2369 2364 0:24 /firejail/firejail.ro.file /run/user/1000/kdeinit5__0 rw,nosuid,nodev master:11 - tmpfs tmpfs rw,size=2427668k,nr_inodes=819200,mode=755,inode64
mountid=2369 fsname=/firejail/firejail.ro.file dir=/run/user/1000/kdeinit5__0 fstype=tmpfs
Mounting noexec /dev/shm
2370 2071 0:131 /shm /dev/shm rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64
mountid=2370 fsname=/shm dir=/dev/shm fstype=tmpfs
Mounting noexec /tmp
2373 2371 0:31 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev master:17 - tmpfs tmpfs rw,size=6069168k,nr_inodes=409600,inode64
mountid=2373 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Mounting noexec /tmp/xauth-1000-_0
2374 2372 0:31 /xauth-1000-_0 /tmp/xauth-1000-_0 rw,nosuid,nodev,noexec master:17 - tmpfs tmpfs rw,size=6069168k,nr_inodes=409600,inode64
mountid=2374 fsname=/xauth-1000-_0 dir=/tmp/xauth-1000-_0 fstype=tmpfs
Mounting noexec /tmp/.X11-unix
2375 2373 0:31 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev,noexec master:17 - tmpfs tmpfs rw,size=6069168k,nr_inodes=409600,inode64
mountid=2375 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Mounting noexec /var
2379 2376 0:124 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw,inode64
mountid=2379 fsname=/ dir=/var/tmp fstype=tmpfs
Not blacklist /home/username/.local/bin/lua*
Not blacklist /home/username/bin/lua*
Not blacklist /usr/local/sbin/lua*
Not blacklist /usr/local/bin/lua*
Not blacklist /usr/bin/lua5.2
Not blacklist /usr/bin/luac5.2
Not blacklist /usr/bin/luac5.3
Not blacklist /usr/bin/lua5.3
Not blacklist /usr/lib/jvm/default/bin/lua*
Not blacklist /usr/bin/site_perl/lua*
Not blacklist /usr/bin/vendor_perl/lua*
Not blacklist /usr/bin/core_perl/lua*
Disable /usr/include/lua5.2
Disable /usr/include/lua5.3
Not blacklist /usr/lib/liblua.so.5.3.6
Not blacklist /usr/lib/liblua5.2.so.5.2
Not blacklist /usr/lib/liblua5.2.so.5.2.4
Not blacklist /usr/lib/liblua5.3.so
Not blacklist /usr/lib/liblua.so.5.2.4
Not blacklist /usr/lib/liblua5.3.so.5.3
Not blacklist /usr/lib/liblua5.2.so
Not blacklist /usr/lib/liblua5.3.so.5.3.6
Not blacklist /usr/lib/liblua.so.5.3
Not blacklist /usr/lib/liblua.so.5.2
Not blacklist /usr/lib/lua
Not blacklist /usr/lib64/liblua.so.5.3.6
Not blacklist /usr/lib64/liblua5.2.so.5.2
Not blacklist /usr/lib64/liblua5.2.so.5.2.4
Not blacklist /usr/lib64/liblua5.3.so
Not blacklist /usr/lib64/liblua.so.5.2.4
Not blacklist /usr/lib64/liblua5.3.so.5.3
Not blacklist /usr/lib64/liblua5.2.so
Not blacklist /usr/lib64/liblua5.3.so.5.3.6
Not blacklist /usr/lib64/liblua.so.5.3
Not blacklist /usr/lib64/liblua.so.5.2
Not blacklist /usr/lib64/lua
Not blacklist /usr/share/lua*
Disable /usr/lib/libmozjs-78.so (requested /usr/lib64/libmozjs-78.so)
Disable /usr/bin/core_perl/cpan
Disable /usr/bin/core_perl
Disable /usr/bin/perl
Disable /usr/bin/site_perl
Disable /usr/bin/vendor_perl
Disable /usr/lib/perl5
Disable /usr/lib/perl5 (requested /usr/lib64/perl5)
Disable /usr/share/perl5
Disable /usr/lib/ruby
Disable /usr/lib/python2.7
Disable /usr/bin/python3.9
Disable /usr/bin/python3.9-config (requested /usr/bin/python3-config)
Disable /usr/bin/python3.9 (requested /usr/bin/python3)
Disable /usr/bin/python3.9-config
Disable /usr/include/python3.9
Disable /usr/lib/python3.9
Disable /usr/lib/python3.9 (requested /usr/lib64/python3.9)
Disable /home/username/.password-store
Disable /home/username/.anydesk
Disable /home/username/.audacity-data
Disable /home/username/.config/GIMP
Disable /home/username/.config/Mumble
Disable /home/username/.config/Rocket.Chat
Disable /home/username/.config/Signal
Disable /home/username/.config/akregatorrc
Disable /home/username/.config/arkrc
Disable /home/username/.config/baloofilerc
Disable /home/username/.config/chromium
Disable /home/username/.config/dolphinrc
Disable /home/username/.config/emaildefaults
Disable /home/username/.config/filezilla
Disable /home/username/.config/gconf
Disable /home/username/.config/google-chrome
Disable /home/username/.config/gwenviewrc
Disable /home/username/.config/katemetainfos
Disable /home/username/.config/katerc
Disable /home/username/.config/kateschemarc
Disable /home/username/.config/katevirc
Disable /home/username/.config/kdeconnect
Disable /home/username/.config/klipperrc
Disable /home/username/.config/libreoffice
Disable /home/username/.config/mpv
Disable /home/username/.config/okularpartrc
Disable /home/username/.config/okularrc
Disable /home/username/.config/spectaclerc
Disable /home/username/.config/strawberry
Disable /home/username/.config/torbrowser
Disable /home/username/.config/vlc
Not blacklist /home/username/.config/wireshark
Disable /home/username/.config/youtube-dl
Disable /home/username/.gitconfig
Disable /home/username/.java
Disable /home/username/.local/share/Mumble
Disable /home/username/.local/share/TelegramDesktop
Disable /home/username/.local/share/baloo
Disable /home/username/.local/share/data/Mumble
Disable /home/username/.local/share/dolphin
Disable /home/username/.local/share/gwenview
Disable /home/username/.local/share/kate
Disable /home/username/.local/share/kxmlgui5/konsole
Disable /home/username/.local/share/kxmlgui5/dolphin
Disable /home/username/.local/share/kxmlgui5/ark
Disable /home/username/.local/share/kxmlgui5/kcalc
Disable /home/username/.local/share/okular
Disable /home/username/.local/share/strawberry
Disable /home/username/.local/share/torbrowser
Disable /home/username/.local/share/vlc
Disable /home/username/.mozilla
Disable /home/username/.npm
Disable /home/username/.pylint.d
Disable /home/username/.thunderbird
Disable /home/username/.tor-browser
Disable /home/username/.vim
Disable /home/username/.wine
Not blacklist /home/username/.wireshark
Disable /home/username/.yarn
Disable /home/username/.yarnrc
Disable /home/username/.cache/babl
Disable /home/username/.cache/chromium
Disable /home/username/.cache/discover
Disable /home/username/.cache/gegl-0.4
Disable /home/username/.cache/gimp
Disable /home/username/.cache/google-chrome
Disable /home/username/.cache/kcmshell5
Disable /home/username/.cache/kinfocenter
Disable /home/username/.cache/krunner
Disable /home/username/.cache/kscreenlocker_greet
Disable /home/username/.cache/ksmserver-logout-greeter
Disable /home/username/.cache/ksplashqml
Disable /home/username/.cache/kwin
Disable /home/username/.cache/mozilla
Disable /home/username/.cache/pip
Disable /home/username/.cache/plasmashell
Disable /home/username/.cache/strawberry
Disable /home/username/.cache/systemsettings
Disable /home/username/.cache/thunderbird
Disable /home/username/.cache/vlc
Directory ${DOCUMENTS} resolved as Documents
Not blacklist /home/username/Documents
Directory ${MUSIC} resolved as Music
Disable /home/username/Music
Directory ${PICTURES} resolved as Pictures
Disable /home/username/Pictures
Directory ${VIDEOS} resolved as Videos
Disable /home/username/Videos
Mounting read-only /tmp/.X11-unix
2481 2375 0:31 /.X11-unix /tmp/.X11-unix ro,nosuid,nodev,noexec master:17 - tmpfs tmpfs rw,size=6069168k,nr_inodes=409600,inode64
mountid=2481 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Disable /sys/fs
Disable /sys/module
disable pulseaudio
blacklist /home/username/.config/pulse
blacklist /run/user/1000/pulse/native
blacklist /run/user/1000/pulse
Create the new ld.so.preload file
Blacklist violations are logged to syslog
Mount the new ld.so.preload file
Current directory: /home/username
DISPLAY=:0 parsed as 0
configuring 101 seccomp entries in /run/firejail/mnt/seccomp/seccomp.32
sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.32 
Dropping all capabilities
Drop privileges: pid 2, uid 1000, gid 1000, nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 40000003   jeq ARCH_32 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 15 00 01 00000015   jeq 15 0005 (false 0006)
 0005: 06 00 00 00000001   ret KILL
 0006: 15 00 01 00000034   jeq 34 0007 (false 0008)
 0007: 06 00 00 00000001   ret KILL
 0008: 15 00 01 0000001a   jeq 1a 0009 (false 000a)
 0009: 06 00 00 00000001   ret KILL
 000a: 15 00 01 0000011b   jeq 11b 000b (false 000c)
 000b: 06 00 00 00000001   ret KILL
 000c: 15 00 01 00000155   jeq 155 000d (false 000e)
 000d: 06 00 00 00000001   ret KILL
 000e: 15 00 01 00000156   jeq 156 000f (false 0010)
 000f: 06 00 00 00000001   ret KILL
 0010: 15 00 01 0000007f   jeq 7f 0011 (false 0012)
 0011: 06 00 00 00000001   ret KILL
 0012: 15 00 01 00000080   jeq 80 0013 (false 0014)
 0013: 06 00 00 00000001   ret KILL
 0014: 15 00 01 0000015e   jeq 15e 0015 (false 0016)
 0015: 06 00 00 00000001   ret KILL
 0016: 15 00 01 00000081   jeq 81 0017 (false 0018)
 0017: 06 00 00 00000001   ret KILL
 0018: 15 00 01 0000006e   jeq 6e 0019 (false 001a)
 0019: 06 00 00 00000001   ret KILL
 001a: 15 00 01 00000065   jeq 65 001b (false 001c)
 001b: 06 00 00 00000001   ret KILL
 001c: 15 00 01 00000121   jeq 121 001d (false 001e)
 001d: 06 00 00 00000001   ret KILL
 001e: 15 00 01 00000057   jeq 57 001f (false 0020)
 001f: 06 00 00 00000001   ret KILL
 0020: 15 00 01 00000073   jeq 73 0021 (false 0022)
 0021: 06 00 00 00000001   ret KILL
 0022: 15 00 01 00000067   jeq 67 0023 (false 0024)
 0023: 06 00 00 00000001   ret KILL
 0024: 15 00 01 0000015b   jeq 15b 0025 (false 0026)
 0025: 06 00 00 00000001   ret KILL
 0026: 15 00 01 0000015c   jeq 15c 0027 (false 0028)
 0027: 06 00 00 00000001   ret KILL
 0028: 15 00 01 00000087   jeq 87 0029 (false 002a)
 0029: 06 00 00 00000001   ret KILL
 002a: 15 00 01 00000095   jeq 95 002b (false 002c)
 002b: 06 00 00 00000001   ret KILL
 002c: 15 00 01 0000007c   jeq 7c 002d (false 002e)
 002d: 06 00 00 00000001   ret KILL
 002e: 15 00 01 00000157   jeq 157 002f (false 0030)
 002f: 06 00 00 00000001   ret KILL
 0030: 15 00 01 000000fd   jeq fd 0031 (false 0032)
 0031: 06 00 00 00000001   ret KILL
 0032: 15 00 01 00000150   jeq 150 0033 (false 0034)
 0033: 06 00 00 00000001   ret KILL
 0034: 15 00 01 00000152   jeq 152 0035 (false 0036)
 0035: 06 00 00 00000001   ret KILL
 0036: 15 00 01 0000015d   jeq 15d 0037 (false 0038)
 0037: 06 00 00 00000001   ret KILL
 0038: 15 00 01 0000011e   jeq 11e 0039 (false 003a)
 0039: 06 00 00 00000001   ret KILL
 003a: 15 00 01 0000011f   jeq 11f 003b (false 003c)
 003b: 06 00 00 00000001   ret KILL
 003c: 15 00 01 00000120   jeq 120 003d (false 003e)
 003d: 06 00 00 00000001   ret KILL
 003e: 15 00 01 00000056   jeq 56 003f (false 0040)
 003f: 06 00 00 00000001   ret KILL
 0040: 15 00 01 00000033   jeq 33 0041 (false 0042)
 0041: 06 00 00 00000001   ret KILL
 0042: 15 00 01 0000007b   jeq 7b 0043 (false 0044)
 0043: 06 00 00 00000001   ret KILL
 0044: 15 00 01 000000d9   jeq d9 0045 (false 0046)
 0045: 06 00 00 00000001   ret KILL
 0046: 15 00 01 000000f5   jeq f5 0047 (false 0048)
 0047: 06 00 00 00000001   ret KILL
 0048: 15 00 01 000000f6   jeq f6 0049 (false 004a)
 0049: 06 00 00 00000001   ret KILL
 004a: 15 00 01 000000f7   jeq f7 004b (false 004c)
 004b: 06 00 00 00000001   ret KILL
 004c: 15 00 01 000000f8   jeq f8 004d (false 004e)
 004d: 06 00 00 00000001   ret KILL
 004e: 15 00 01 000000f9   jeq f9 004f (false 0050)
 004f: 06 00 00 00000001   ret KILL
 0050: 15 00 01 00000101   jeq 101 0051 (false 0052)
 0051: 06 00 00 00000001   ret KILL
 0052: 15 00 01 00000112   jeq 112 0053 (false 0054)
 0053: 06 00 00 00000001   ret KILL
 0054: 15 00 01 00000114   jeq 114 0055 (false 0056)
 0055: 06 00 00 00000001   ret KILL
 0056: 15 00 01 00000126   jeq 126 0057 (false 0058)
 0057: 06 00 00 00000001   ret KILL
 0058: 15 00 01 0000013d   jeq 13d 0059 (false 005a)
 0059: 06 00 00 00000001   ret KILL
 005a: 15 00 01 0000013c   jeq 13c 005b (false 005c)
 005b: 06 00 00 00000001   ret KILL
 005c: 15 00 01 0000003d   jeq 3d 005d (false 005e)
 005d: 06 00 00 00000001   ret KILL
 005e: 15 00 01 00000058   jeq 58 005f (false 0060)
 005f: 06 00 00 00000001   ret KILL
 0060: 15 00 01 000000a9   jeq a9 0061 (false 0062)
 0061: 06 00 00 00000001   ret KILL
 0062: 15 00 01 00000082   jeq 82 0063 (false 0064)
 0063: 06 00 00 00000001   ret KILL
 0064: 06 00 00 7fff0000   ret ALLOW
Dual 32/64 bit seccomp filter configured
configuring 134 seccomp entries in /run/firejail/mnt/seccomp/seccomp
sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp 
Dropping all capabilities
Drop privileges: pid 3, uid 1000, gid 1000, nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 35 01 00 40000000   jge X32_ABI 0006 (false 0005)
 0005: 35 01 00 00000000   jge read 0007 (false 0006)
 0006: 06 00 00 00050001   ret ERRNO(1)
 0007: 15 00 01 0000009f   jeq adjtimex 0008 (false 0009)
 0008: 06 00 00 00000001   ret KILL
 0009: 15 00 01 00000131   jeq clock_adjtime 000a (false 000b)
 000a: 06 00 00 00000001   ret KILL
 000b: 15 00 01 000000e3   jeq clock_settime 000c (false 000d)
 000c: 06 00 00 00000001   ret KILL
 000d: 15 00 01 000000a4   jeq settimeofday 000e (false 000f)
 000e: 06 00 00 00000001   ret KILL
 000f: 15 00 01 0000009a   jeq modify_ldt 0010 (false 0011)
 0010: 06 00 00 00000001   ret KILL
 0011: 15 00 01 000000d4   jeq lookup_dcookie 0012 (false 0013)
 0012: 06 00 00 00000001   ret KILL
 0013: 15 00 01 0000012a   jeq perf_event_open 0014 (false 0015)
 0014: 06 00 00 00000001   ret KILL
 0015: 15 00 01 00000137   jeq process_vm_writev 0016 (false 0017)
 0016: 06 00 00 00000001   ret KILL
 0017: 15 00 01 000000b0   jeq delete_module 0018 (false 0019)
 0018: 06 00 00 00000001   ret KILL
 0019: 15 00 01 00000139   jeq finit_module 001a (false 001b)
 001a: 06 00 00 00000001   ret KILL
 001b: 15 00 01 000000af   jeq init_module 001c (false 001d)
 001c: 06 00 00 00000001   ret KILL
 001d: 15 00 01 000000a1   jeq chroot 001e (false 001f)
 001e: 06 00 00 00000001   ret KILL
 001f: 15 00 01 000000a5   jeq mount 0020 (false 0021)
 0020: 06 00 00 00000001   ret KILL
 0021: 15 00 01 0000009b   jeq pivot_root 0022 (false 0023)
 0022: 06 00 00 00000001   ret KILL
 0023: 15 00 01 000000a6   jeq umount2 0024 (false 0025)
 0024: 06 00 00 00000001   ret KILL
 0025: 15 00 01 0000009c   jeq _sysctl 0026 (false 0027)
 0026: 06 00 00 00000001   ret KILL
 0027: 15 00 01 000000b7   jeq afs_syscall 0028 (false 0029)
 0028: 06 00 00 00000001   ret KILL
 0029: 15 00 01 000000ae   jeq create_module 002a (false 002b)
 002a: 06 00 00 00000001   ret KILL
 002b: 15 00 01 000000b1   jeq get_kernel_syms 002c (false 002d)
 002c: 06 00 00 00000001   ret KILL
 002d: 15 00 01 000000b5   jeq getpmsg 002e (false 002f)
 002e: 06 00 00 00000001   ret KILL
 002f: 15 00 01 000000b6   jeq putpmsg 0030 (false 0031)
 0030: 06 00 00 00000001   ret KILL
 0031: 15 00 01 000000b2   jeq query_module 0032 (false 0033)
 0032: 06 00 00 00000001   ret KILL
 0033: 15 00 01 000000b9   jeq security 0034 (false 0035)
 0034: 06 00 00 00000001   ret KILL
 0035: 15 00 01 0000008b   jeq sysfs 0036 (false 0037)
 0036: 06 00 00 00000001   ret KILL
 0037: 15 00 01 000000b8   jeq tuxcall 0038 (false 0039)
 0038: 06 00 00 00000001   ret KILL
 0039: 15 00 01 00000086   jeq uselib 003a (false 003b)
 003a: 06 00 00 00000001   ret KILL
 003b: 15 00 01 00000088   jeq ustat 003c (false 003d)
 003c: 06 00 00 00000001   ret KILL
 003d: 15 00 01 000000ec   jeq vserver 003e (false 003f)
 003e: 06 00 00 00000001   ret KILL
 003f: 15 00 01 000000ad   jeq ioperm 0040 (false 0041)
 0040: 06 00 00 00000001   ret KILL
 0041: 15 00 01 000000ac   jeq iopl 0042 (false 0043)
 0042: 06 00 00 00000001   ret KILL
 0043: 15 00 01 000000f6   jeq kexec_load 0044 (false 0045)
 0044: 06 00 00 00000001   ret KILL
 0045: 15 00 01 00000140   jeq kexec_file_load 0046 (false 0047)
 0046: 06 00 00 00000001   ret KILL
 0047: 15 00 01 000000a9   jeq reboot 0048 (false 0049)
 0048: 06 00 00 00000001   ret KILL
 0049: 15 00 01 000000a7   jeq swapon 004a (false 004b)
 004a: 06 00 00 00000001   ret KILL
 004b: 15 00 01 000000a8   jeq swapoff 004c (false 004d)
 004c: 06 00 00 00000001   ret KILL
 004d: 15 00 01 00000130   jeq open_by_handle_at 004e (false 004f)
 004e: 06 00 00 00000001   ret KILL
 004f: 15 00 01 0000012f   jeq name_to_handle_at 0050 (false 0051)
 0050: 06 00 00 00000001   ret KILL
 0051: 15 00 01 000000fb   jeq ioprio_set 0052 (false 0053)
 0052: 06 00 00 00000001   ret KILL
 0053: 15 00 01 00000067   jeq syslog 0054 (false 0055)
 0054: 06 00 00 00000001   ret KILL
 0055: 15 00 01 0000012c   jeq fanotify_init 0056 (false 0057)
 0056: 06 00 00 00000001   ret KILL
 0057: 15 00 01 00000138   jeq kcmp 0058 (false 0059)
 0058: 06 00 00 00000001   ret KILL
 0059: 15 00 01 000000f8   jeq add_key 005a (false 005b)
 005a: 06 00 00 00000001   ret KILL
 005b: 15 00 01 000000f9   jeq request_key 005c (false 005d)
 005c: 06 00 00 00000001   ret KILL
 005d: 15 00 01 000000ed   jeq mbind 005e (false 005f)
 005e: 06 00 00 00000001   ret KILL
 005f: 15 00 01 00000100   jeq migrate_pages 0060 (false 0061)
 0060: 06 00 00 00000001   ret KILL
 0061: 15 00 01 00000117   jeq move_pages 0062 (false 0063)
 0062: 06 00 00 00000001   ret KILL
 0063: 15 00 01 000000fa   jeq keyctl 0064 (false 0065)
 0064: 06 00 00 00000001   ret KILL
 0065: 15 00 01 000000ce   jeq io_setup 0066 (false 0067)
 0066: 06 00 00 00000001   ret KILL
 0067: 15 00 01 000000cf   jeq io_destroy 0068 (false 0069)
 0068: 06 00 00 00000001   ret KILL
 0069: 15 00 01 000000d0   jeq io_getevents 006a (false 006b)
 006a: 06 00 00 00000001   ret KILL
 006b: 15 00 01 000000d1   jeq io_submit 006c (false 006d)
 006c: 06 00 00 00000001   ret KILL
 006d: 15 00 01 000000d2   jeq io_cancel 006e (false 006f)
 006e: 06 00 00 00000001   ret KILL
 006f: 15 00 01 000000d8   jeq remap_file_pages 0070 (false 0071)
 0070: 06 00 00 00000001   ret KILL
 0071: 15 00 01 00000143   jeq userfaultfd 0072 (false 0073)
 0072: 06 00 00 00000001   ret KILL
 0073: 15 00 01 000000a3   jeq acct 0074 (false 0075)
 0074: 06 00 00 00000001   ret KILL
 0075: 15 00 01 00000141   jeq bpf 0076 (false 0077)
 0076: 06 00 00 00000001   ret KILL
 0077: 15 00 01 000000b4   jeq nfsservctl 0078 (false 0079)
 0078: 06 00 00 00000001   ret KILL
 0079: 15 00 01 000000ab   jeq setdomainname 007a (false 007b)
 007a: 06 00 00 00000001   ret KILL
 007b: 15 00 01 000000aa   jeq sethostname 007c (false 007d)
 007c: 06 00 00 00000001   ret KILL
 007d: 15 00 01 00000099   jeq vhangup 007e (false 007f)
 007e: 06 00 00 00000001   ret KILL
 007f: 15 00 01 00000065   jeq ptrace 0080 (false 0081)
 0080: 06 00 00 00000001   ret KILL
 0081: 15 00 01 00000087   jeq personality 0082 (false 0083)
 0082: 06 00 00 00000001   ret KILL
 0083: 15 00 01 00000136   jeq process_vm_readv 0084 (false 0085)
 0084: 06 00 00 00000001   ret KILL
 0085: 06 00 00 7fff0000   ret ALLOW
seccomp filter configured
Mounting read-only /run/firejail/mnt/seccomp
2488 2036 0:121 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755,inode64
mountid=2488 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs
Seccomp directory:
ls /run/firejail/mnt/seccomp
drwxr-xr-x root     root             140 .
drwxr-xr-x root     root             320 ..
-rw-r--r-- username     username            1072 seccomp
-rw-r--r-- username     username             808 seccomp.32
-rw-r--r-- username     username              71 seccomp.list
-rw-r--r-- username     username               0 seccomp.postexec
-rw-r--r-- username     username               0 seccomp.postexec32
Active seccomp files:
cat /run/firejail/mnt/seccomp/seccomp.list
/run/firejail/mnt/seccomp/seccomp.32
/run/firejail/mnt/seccomp/seccomp
Set caps filter 3002
Drop privileges: pid 1, uid 1000, gid 1000, nogroups 0
AppArmor enabled
Starting application
LD_PRELOAD=(null)
execvp argument 0: wireshark
Child process initialized in 310.09 ms
Searching $PATH for wireshark
trying #/home/username/.local/bin/wireshark#
trying #/home/username/bin/wireshark#
trying #/home/username/.local/bin/wireshark#
trying #/home/username/bin/wireshark#
trying #/usr/local/sbin/wireshark#
trying #/usr/local/bin/wireshark#
Installing /run/firejail/mnt/seccomp/seccomp seccomp filter
Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter
Warning: an existing sandbox was detected. /usr/bin/wireshark will run without any additional sandboxing features
monitoring pid 4

libGL error: MESA-LOADER: failed to retrieve device information
libGL error: Version 4 or later of flush extension not found
libGL error: failed to load driver: i915
libGL error: failed to open /dev/dri/card0: No such file or directory
libGL error: failed to load driver: iris
Originally created by @aminvakil on GitHub (May 4, 2021). Original GitHub issue: https://github.com/netblue30/firejail/issues/4241 **Bug and expected behavior** Cannot monitor traffic using wireshark - What did you expect to happen? Monitor traffic **No profile and disabling firejail** - What changed calling `firejail --noprofile /path/to/program` in a terminal? It works without profile. - What changed calling the program by path (e.g. `/usr/bin/vlc`)? It works this way too. **Reproduce** Steps to reproduce the behavior: 1. Run in bash `firejail PROGRAM` 2. See error `ERROR` 3. Click on '....' 4. Scroll down to '....' ``` Reading profile /etc/firejail/wireshark.profile Reading profile /etc/firejail/allow-lua.inc Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-passwdmgr.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-xdg.inc Reading profile /etc/firejail/whitelist-usr-share-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Parent pid 2634, child pid 2635 Warning: /sbin directory link was not blacklisted Warning: /usr/sbin directory link was not blacklisted Blacklist violations are logged to syslog Child process initialized in 274.90 ms Warning: an existing sandbox was detected. /usr/bin/wireshark will run without any additional sandboxing features libGL error: MESA-LOADER: failed to retrieve device information libGL error: Version 4 or later of flush extension not found libGL error: failed to load driver: i915 libGL error: failed to open /dev/dri/card0: No such file or directory libGL error: failed to load driver: iris ``` **Environment** ``` $ lsb_release -a LSB Version: 1.4 Distributor ID: Arch Description: Arch Linux Release: rolling Codename: n/a ``` - Firejail version (output of `firejail --version`) exclusive or used git commit (`git rev-parse HEAD`) ``` firejail version 0.9.64.4 Compile time support: - AppArmor support is enabled - AppImage support is enabled - chroot support is enabled - D-BUS proxy support is enabled - file and directory whitelisting support is enabled - file transfer support is enabled - firetunnel support is enabled - networking support is enabled - overlayfs support is disabled - private-home support is enabled - private-cache and tmpfs as user enabled - SELinux support is disabled - user namespace support is enabled - X11 sandboxing support is enabled ``` **Checklist** - [x] The profile (and redirect profile if exists) hasn't already been fixed [upstream](https://github.com/netblue30/firejail/tree/master/etc). - [x] The program has a profile. (If not, request one in `https://github.com/netblue30/firejail/issues/1139`) - [x] I have performed a short search for similar issues (to avoid opening a duplicate). - [ ] If it is a AppImage, `--profile=PROFILENAME` is used to set the right profile. - [x] Used `LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 PROGRAM` to get english error-messages. - [x] I'm aware of `browser-allow-drm yes`/`browser-disable-u2f no` in `firejail.config` to allow DRM/U2F in browsers. - [x] This is not a question. Questions should be asked in https://github.com/netblue30/firejail/discussions. <details> <summary> $ firejail --debug /usr/bin/wireshark </summary> ``` OUTPUT OF `firejail --debug PROGRAM` $ firejail --debug wireshark Autoselecting /bin/bash as shell Building quoted command line: 'wireshark' Command name #wireshark# Found wireshark.profile profile in /etc/firejail directory Reading profile /etc/firejail/wireshark.profile Found allow-lua.inc profile in /etc/firejail directory Reading profile /etc/firejail/allow-lua.inc Found disable-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-common.inc Found disable-devel.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-devel.inc Found disable-exec.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-exec.inc Found disable-interpreters.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-interpreters.inc Found disable-passwdmgr.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-passwdmgr.inc Found disable-programs.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-programs.inc Found disable-xdg.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-xdg.inc Found whitelist-usr-share-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-usr-share-common.inc Found whitelist-var-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-var-common.inc DISPLAY=:0 parsed as 0 Using the local network stack Parent pid 3022, child pid 3023 Initializing child process Host network configured PID namespace installed Mounting tmpfs on /run/firejail/mnt directory Creating empty /run/firejail/mnt/seccomp directory Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file Mounting /proc filesystem representing the PID namespace Basic read-only filesystem: Mounting read-only /etc 2039 2011 254:1 /etc /etc ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2039 fsname=/etc dir=/etc fstype=ext4 Mounting noexec /etc 2040 2039 254:1 /etc /etc ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2040 fsname=/etc dir=/etc fstype=ext4 Mounting read-only /var 2041 2011 254:1 /var /var ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2041 fsname=/var dir=/var fstype=ext4 Mounting noexec /var 2042 2041 254:1 /var /var ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2042 fsname=/var dir=/var fstype=ext4 Mounting read-only /usr 2043 2011 254:1 /usr /usr ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2043 fsname=/usr dir=/usr fstype=ext4 Mounting tmpfs on /var/lock Mounting tmpfs on /var/tmp Mounting tmpfs on /var/log Mounting tmpfs on /var/lib/nginx Create the new utmp file Mount the new utmp file Cleaning /home directory Cleaning /run/user directory Sanitizing /etc/passwd, UID_MIN 1000 Sanitizing /etc/group, GID_MIN 1000 Disable /run/firejail/network Disable /run/firejail/bandwidth Disable /run/firejail/name Disable /run/firejail/profile Disable /run/firejail/x11 Disable /run/firejail/appimage Mounting tmpfs on /dev Process /dev/shm directory Generate private-tmp whitelist commands blacklist /run/firejail/dbus Mounting read-only /proc/sys Remounting /sys directory Disable /sys/firmware Disable /sys/hypervisor Disable /sys/power Disable /proc/sys/fs/binfmt_misc Disable /proc/sys/kernel/core_pattern Disable /proc/sys/kernel/modprobe Disable /proc/sysrq-trigger Disable /proc/sys/vm/panic_on_oom Disable /proc/irq Disable /proc/bus Disable /proc/sched_debug Disable /proc/timer_list Disable /proc/kallsyms Disable /usr/lib/modules (requested /lib/modules) Disable /boot Disable /run/user/1000/gnupg Disable /run/user/1000/systemd Disable /proc/kmsg Debug 456: new_name #/usr/share/wireshark#, whitelist Debug 456: new_name #/usr/share/alsa#, whitelist Debug 456: new_name #/usr/share/applications#, whitelist Debug 456: new_name #/usr/share/ca-certificates#, whitelist Debug 456: new_name #/usr/share/crypto-policies#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/crypto-policies expanded: /usr/share/crypto-policies real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/cursors#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/cursors expanded: /usr/share/cursors real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/dconf#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/dconf expanded: /usr/share/dconf real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/distro-info#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/distro-info expanded: /usr/share/distro-info real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/drirc.d#, whitelist Debug 456: new_name #/usr/share/enchant#, whitelist Debug 456: new_name #/usr/share/enchant-2#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/enchant-2 expanded: /usr/share/enchant-2 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/file#, whitelist Debug 456: new_name #/usr/share/fontconfig#, whitelist Debug 456: new_name #/usr/share/fonts#, whitelist Debug 456: new_name #/usr/share/fonts-config#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/fonts-config expanded: /usr/share/fonts-config real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/gir-1.0#, whitelist Debug 456: new_name #/usr/share/gjs-1.0#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/gjs-1.0 expanded: /usr/share/gjs-1.0 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/glib-2.0#, whitelist Debug 456: new_name #/usr/share/glvnd#, whitelist Debug 456: new_name #/usr/share/gtk-2.0#, whitelist Debug 456: new_name #/usr/share/gtk-3.0#, whitelist Debug 456: new_name #/usr/share/gtk-engines#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/gtk-engines expanded: /usr/share/gtk-engines real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/gtksourceview-3.0#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/gtksourceview-3.0 expanded: /usr/share/gtksourceview-3.0 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/gtksourceview-4#, whitelist Debug 456: new_name #/usr/share/hunspell#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/hunspell expanded: /usr/share/hunspell real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/hwdata#, whitelist Debug 456: new_name #/usr/share/icons#, whitelist Debug 456: new_name #/usr/share/icu#, whitelist Debug 456: new_name #/usr/share/knotifications5#, whitelist Debug 456: new_name #/usr/share/kservices5#, whitelist Debug 456: new_name #/usr/share/Kvantum#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/Kvantum expanded: /usr/share/Kvantum real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/kxmlgui5#, whitelist Debug 456: new_name #/usr/share/libdrm#, whitelist Debug 456: new_name #/usr/share/libthai#, whitelist Debug 456: new_name #/usr/share/locale#, whitelist Debug 456: new_name #/usr/share/mime#, whitelist Debug 456: new_name #/usr/share/misc#, whitelist Debug 456: new_name #/usr/share/Modules#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/Modules expanded: /usr/share/Modules real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/myspell#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/myspell expanded: /usr/share/myspell real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/p11-kit#, whitelist Debug 456: new_name #/usr/share/perl#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/perl expanded: /usr/share/perl real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/perl5#, whitelist Debug 456: new_name #/usr/share/pixmaps#, whitelist Debug 456: new_name #/usr/share/pki#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/pki expanded: /usr/share/pki real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/plasma#, whitelist Debug 456: new_name #/usr/share/publicsuffix#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/publicsuffix expanded: /usr/share/publicsuffix real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/qt#, whitelist Debug 456: new_name #/usr/share/qt4#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/qt4 expanded: /usr/share/qt4 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/qt5#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/qt5 expanded: /usr/share/qt5 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/qt5ct#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/qt5ct expanded: /usr/share/qt5ct real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/sounds#, whitelist Debug 456: new_name #/usr/share/tcl8.6#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/tcl8.6 expanded: /usr/share/tcl8.6 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/tcltk#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/tcltk expanded: /usr/share/tcltk real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/terminfo#, whitelist Debug 456: new_name #/usr/share/texlive#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/texlive expanded: /usr/share/texlive real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/texmf#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/texmf expanded: /usr/share/texmf real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/themes#, whitelist Debug 456: new_name #/usr/share/thumbnail.so#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/thumbnail.so expanded: /usr/share/thumbnail.so real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/vulkan#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/vulkan expanded: /usr/share/vulkan real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/X11#, whitelist Debug 456: new_name #/usr/share/xml#, whitelist Debug 456: new_name #/usr/share/zenity#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/zenity expanded: /usr/share/zenity real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/zoneinfo#, whitelist Debug 456: new_name #/var/lib/ca-certificates#, whitelist Removed whitelist/nowhitelist path: whitelist /var/lib/ca-certificates expanded: /var/lib/ca-certificates real path: (null) realpath: No such file or directory Debug 456: new_name #/var/lib/dbus#, whitelist Debug 456: new_name #/var/lib/menu-xdg#, whitelist Removed whitelist/nowhitelist path: whitelist /var/lib/menu-xdg expanded: /var/lib/menu-xdg real path: (null) realpath: No such file or directory Debug 456: new_name #/var/lib/uim#, whitelist Removed whitelist/nowhitelist path: whitelist /var/lib/uim expanded: /var/lib/uim real path: (null) realpath: No such file or directory Debug 456: new_name #/var/cache/fontconfig#, whitelist Debug 456: new_name #/var/tmp#, whitelist Debug 456: new_name #/var/run#, whitelist Replaced whitelist path: whitelist /run Debug 456: new_name #/var/lock#, whitelist Replaced whitelist path: whitelist /run/lock Debug 456: new_name #/tmp/xauth-1000-_0#, whitelist Debug 456: new_name #/tmp/.X11-unix#, whitelist Mounting tmpfs on /tmp directory Mounting tmpfs on /var directory Mounting tmpfs on /usr/share directory Whitelisting /usr/share/wireshark 2097 2096 254:1 /usr/share/wireshark /usr/share/wireshark ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2097 fsname=/usr/share/wireshark dir=/usr/share/wireshark fstype=ext4 Whitelisting /usr/share/alsa 2098 2096 254:1 /usr/share/alsa /usr/share/alsa ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2098 fsname=/usr/share/alsa dir=/usr/share/alsa fstype=ext4 Whitelisting /usr/share/applications 2099 2096 254:1 /usr/share/applications /usr/share/applications ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2099 fsname=/usr/share/applications dir=/usr/share/applications fstype=ext4 Whitelisting /usr/share/ca-certificates 2100 2096 254:1 /usr/share/ca-certificates /usr/share/ca-certificates ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2100 fsname=/usr/share/ca-certificates dir=/usr/share/ca-certificates fstype=ext4 Whitelisting /usr/share/drirc.d 2101 2096 254:1 /usr/share/drirc.d /usr/share/drirc.d ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2101 fsname=/usr/share/drirc.d dir=/usr/share/drirc.d fstype=ext4 Whitelisting /usr/share/enchant 2102 2096 254:1 /usr/share/enchant /usr/share/enchant ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2102 fsname=/usr/share/enchant dir=/usr/share/enchant fstype=ext4 Whitelisting /usr/share/file 2103 2096 254:1 /usr/share/file /usr/share/file ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2103 fsname=/usr/share/file dir=/usr/share/file fstype=ext4 Whitelisting /usr/share/fontconfig 2104 2096 254:1 /usr/share/fontconfig /usr/share/fontconfig ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2104 fsname=/usr/share/fontconfig dir=/usr/share/fontconfig fstype=ext4 Whitelisting /usr/share/fonts 2105 2096 254:1 /usr/share/fonts /usr/share/fonts ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2105 fsname=/usr/share/fonts dir=/usr/share/fonts fstype=ext4 Whitelisting /usr/share/gir-1.0 2106 2096 254:1 /usr/share/gir-1.0 /usr/share/gir-1.0 ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2106 fsname=/usr/share/gir-1.0 dir=/usr/share/gir-1.0 fstype=ext4 Whitelisting /usr/share/glib-2.0 2107 2096 254:1 /usr/share/glib-2.0 /usr/share/glib-2.0 ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2107 fsname=/usr/share/glib-2.0 dir=/usr/share/glib-2.0 fstype=ext4 Whitelisting /usr/share/glvnd 2108 2096 254:1 /usr/share/glvnd /usr/share/glvnd ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2108 fsname=/usr/share/glvnd dir=/usr/share/glvnd fstype=ext4 Whitelisting /usr/share/gtk-2.0 2109 2096 254:1 /usr/share/gtk-2.0 /usr/share/gtk-2.0 ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2109 fsname=/usr/share/gtk-2.0 dir=/usr/share/gtk-2.0 fstype=ext4 Whitelisting /usr/share/gtk-3.0 2110 2096 254:1 /usr/share/gtk-3.0 /usr/share/gtk-3.0 ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2110 fsname=/usr/share/gtk-3.0 dir=/usr/share/gtk-3.0 fstype=ext4 Whitelisting /usr/share/gtksourceview-4 2111 2096 254:1 /usr/share/gtksourceview-4 /usr/share/gtksourceview-4 ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2111 fsname=/usr/share/gtksourceview-4 dir=/usr/share/gtksourceview-4 fstype=ext4 Whitelisting /usr/share/hwdata 2112 2096 254:1 /usr/share/hwdata /usr/share/hwdata ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2112 fsname=/usr/share/hwdata dir=/usr/share/hwdata fstype=ext4 Whitelisting /usr/share/icons 2113 2096 254:1 /usr/share/icons /usr/share/icons ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2113 fsname=/usr/share/icons dir=/usr/share/icons fstype=ext4 Whitelisting /usr/share/icu 2114 2096 254:1 /usr/share/icu /usr/share/icu ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2114 fsname=/usr/share/icu dir=/usr/share/icu fstype=ext4 Whitelisting /usr/share/knotifications5 2115 2096 254:1 /usr/share/knotifications5 /usr/share/knotifications5 ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2115 fsname=/usr/share/knotifications5 dir=/usr/share/knotifications5 fstype=ext4 Whitelisting /usr/share/kservices5 2116 2096 254:1 /usr/share/kservices5 /usr/share/kservices5 ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2116 fsname=/usr/share/kservices5 dir=/usr/share/kservices5 fstype=ext4 Whitelisting /usr/share/kxmlgui5 2117 2096 254:1 /usr/share/kxmlgui5 /usr/share/kxmlgui5 ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2117 fsname=/usr/share/kxmlgui5 dir=/usr/share/kxmlgui5 fstype=ext4 Whitelisting /usr/share/libdrm 2118 2096 254:1 /usr/share/libdrm /usr/share/libdrm ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2118 fsname=/usr/share/libdrm dir=/usr/share/libdrm fstype=ext4 Whitelisting /usr/share/libthai 2119 2096 254:1 /usr/share/libthai /usr/share/libthai ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2119 fsname=/usr/share/libthai dir=/usr/share/libthai fstype=ext4 Whitelisting /usr/share/locale 2120 2096 254:1 /usr/share/locale /usr/share/locale ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2120 fsname=/usr/share/locale dir=/usr/share/locale fstype=ext4 Whitelisting /usr/share/mime 2121 2096 254:1 /usr/share/mime /usr/share/mime ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2121 fsname=/usr/share/mime dir=/usr/share/mime fstype=ext4 Whitelisting /usr/share/misc 2122 2096 254:1 /usr/share/misc /usr/share/misc ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2122 fsname=/usr/share/misc dir=/usr/share/misc fstype=ext4 Whitelisting /usr/share/p11-kit 2123 2096 254:1 /usr/share/p11-kit /usr/share/p11-kit ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2123 fsname=/usr/share/p11-kit dir=/usr/share/p11-kit fstype=ext4 Whitelisting /usr/share/perl5 2124 2096 254:1 /usr/share/perl5 /usr/share/perl5 ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2124 fsname=/usr/share/perl5 dir=/usr/share/perl5 fstype=ext4 Whitelisting /usr/share/pixmaps 2125 2096 254:1 /usr/share/pixmaps /usr/share/pixmaps ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2125 fsname=/usr/share/pixmaps dir=/usr/share/pixmaps fstype=ext4 Whitelisting /usr/share/plasma 2126 2096 254:1 /usr/share/plasma /usr/share/plasma ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2126 fsname=/usr/share/plasma dir=/usr/share/plasma fstype=ext4 Whitelisting /usr/share/qt 2127 2096 254:1 /usr/share/qt /usr/share/qt ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2127 fsname=/usr/share/qt dir=/usr/share/qt fstype=ext4 Whitelisting /usr/share/sounds 2128 2096 254:1 /usr/share/sounds /usr/share/sounds ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2128 fsname=/usr/share/sounds dir=/usr/share/sounds fstype=ext4 Whitelisting /usr/share/terminfo 2129 2096 254:1 /usr/share/terminfo /usr/share/terminfo ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2129 fsname=/usr/share/terminfo dir=/usr/share/terminfo fstype=ext4 Whitelisting /usr/share/themes 2130 2096 254:1 /usr/share/themes /usr/share/themes ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2130 fsname=/usr/share/themes dir=/usr/share/themes fstype=ext4 Whitelisting /usr/share/X11 2131 2096 254:1 /usr/share/X11 /usr/share/X11 ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2131 fsname=/usr/share/X11 dir=/usr/share/X11 fstype=ext4 Whitelisting /usr/share/xml 2132 2096 254:1 /usr/share/xml /usr/share/xml ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2132 fsname=/usr/share/xml dir=/usr/share/xml fstype=ext4 Whitelisting /usr/share/zoneinfo 2133 2096 254:1 /usr/share/zoneinfo /usr/share/zoneinfo ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2133 fsname=/usr/share/zoneinfo dir=/usr/share/zoneinfo fstype=ext4 Whitelisting /var/lib/dbus 2134 2094 254:1 /var/lib/dbus /var/lib/dbus ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2134 fsname=/var/lib/dbus dir=/var/lib/dbus fstype=ext4 Whitelisting /var/cache/fontconfig 2135 2094 254:1 /var/cache/fontconfig /var/cache/fontconfig ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2135 fsname=/var/cache/fontconfig dir=/var/cache/fontconfig fstype=ext4 Whitelisting /var/tmp 2136 2094 0:124 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw,inode64 mountid=2136 fsname=/ dir=/var/tmp fstype=tmpfs Created symbolic link /var/run -> /run Created symbolic link /var/lock -> /run/lock Whitelisting /tmp/xauth-1000-_0 2137 2089 0:31 /xauth-1000-_0 /tmp/xauth-1000-_0 rw,nosuid,nodev master:17 - tmpfs tmpfs rw,size=6069168k,nr_inodes=409600,inode64 mountid=2137 fsname=/xauth-1000-_0 dir=/tmp/xauth-1000-_0 fstype=tmpfs Whitelisting /tmp/.X11-unix 2138 2089 0:31 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev master:17 - tmpfs tmpfs rw,size=6069168k,nr_inodes=409600,inode64 mountid=2138 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Directory ${DOCUMENTS} resolved as Documents Disable /home/username/.local/share/Trash Disable /home/username/.gdbmtool_history Disable /home/username/.python_history Disable /home/username/.bash_history Disable /home/username/.local/share/klipper Disable /home/username/.python_history Disable /home/username/.lesshst Disable /home/username/.viminfo Disable /home/username/.config/autostart Disable /home/username/.config/autostart-scripts Disable /home/username/.config/plasma-workspace Disable /etc/X11/Xsession.d Disable /etc/xdg/autostart Mounting read-only /home/username/.Xauthority 2155 2051 254:1 /home/username/.Xauthority /home/username/.Xauthority ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2155 fsname=/home/username/.Xauthority dir=/home/username/.Xauthority fstype=ext4 Disable /home/username/.config/khotkeysrc Disable /home/username/.config/krunnerrc Disable /home/username/.config/kscreenlockerrc Disable /home/username/.config/kwalletrc Disable /home/username/.config/kwinrc Disable /home/username/.config/kwinrulesrc Disable /home/username/.config/plasma-org.kde.plasma.desktop-appletsrc Disable /home/username/.config/plasmashellrc Disable /home/username/.local/share/plasma Mounting read-only /home/username/.cache/ksycoca5_en_T_yqs0BOg4f+K+B+PCJWyiC6V5U= 2165 2051 254:1 /home/username/.cache/ksycoca5_en_T_yqs0BOg4f+K+B+PCJWyiC6V5U= /home/username/.cache/ksycoca5_en_T_yqs0BOg4f+K+B+PCJWyiC6V5U= ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2165 fsname=/home/username/.cache/ksycoca5_en_T_yqs0BOg4f+K+B+PCJWyiC6V5U= dir=/home/username/.cache/ksycoca5_en_T_yqs0BOg4f+K+B+PCJWyiC6V5U= fstype=ext4 Mounting read-only /home/username/.config/plasmanotifyrc 2166 2051 254:1 /home/username/.config/plasmanotifyrc /home/username/.config/plasmanotifyrc ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2166 fsname=/home/username/.config/plasmanotifyrc dir=/home/username/.config/plasmanotifyrc fstype=ext4 Mounting read-only /home/username/.config/kdeglobals 2167 2051 254:1 /home/username/.config/kdeglobals /home/username/.config/kdeglobals ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2167 fsname=/home/username/.config/kdeglobals dir=/home/username/.config/kdeglobals fstype=ext4 Mounting read-only /home/username/.config/kiorc 2168 2051 254:1 /home/username/.config/kiorc /home/username/.config/kiorc ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2168 fsname=/home/username/.config/kiorc dir=/home/username/.config/kiorc fstype=ext4 Mounting read-only /home/username/.kde4/share/config/kdeglobals 2169 2051 254:1 /home/username/.kde4/share/config/kdeglobals /home/username/.kde4/share/config/kdeglobals ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2169 fsname=/home/username/.kde4/share/config/kdeglobals dir=/home/username/.kde4/share/config/kdeglobals fstype=ext4 Mounting read-only /home/username/.local/share/konsole 2170 2051 254:1 /home/username/.local/share/konsole /home/username/.local/share/konsole ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2170 fsname=/home/username/.local/share/konsole dir=/home/username/.local/share/konsole fstype=ext4 Disable /run/user/1000/klauncheruPQuxY.1.slave-socket Disable /run/user/1000/kdeinit5__0 Mounting read-only /home/username/.config/dconf 2173 2051 254:1 /home/username/.config/dconf /home/username/.config/dconf ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2173 fsname=/home/username/.config/dconf dir=/home/username/.config/dconf fstype=ext4 Disable /usr/bin/systemd-run Disable /run/user/1000/systemd Disable /etc/profile.d Disable /etc/kernel Disable /etc/grub.d Disable /etc/apparmor Disable /etc/apparmor.d Disable /etc/modules-load.d Disable /etc/logrotate.d Mounting read-only /home/username/.bash_logout 2183 2051 254:1 /home/username/.bash_logout /home/username/.bash_logout ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2183 fsname=/home/username/.bash_logout dir=/home/username/.bash_logout fstype=ext4 Mounting read-only /home/username/.bash_profile 2184 2051 254:1 /home/username/.bash_profile /home/username/.bash_profile ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2184 fsname=/home/username/.bash_profile dir=/home/username/.bash_profile fstype=ext4 Mounting read-only /home/username/.bashrc 2185 2051 254:1 /home/username/.bashrc /home/username/.bashrc ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2185 fsname=/home/username/.bashrc dir=/home/username/.bashrc fstype=ext4 Mounting read-only /home/username/.vim 2186 2051 254:1 /home/username/.vim /home/username/.vim ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2186 fsname=/home/username/.vim dir=/home/username/.vim fstype=ext4 Mounting read-only /home/username/.viminfo 2187 2149 0:24 /firejail/firejail.ro.file /home/username/.viminfo ro,nosuid,nodev master:11 - tmpfs tmpfs rw,size=2427668k,nr_inodes=819200,mode=755,inode64 mountid=2187 fsname=/firejail/firejail.ro.file dir=/home/username/.viminfo fstype=tmpfs Mounting read-only /home/username/.yarnrc 2188 2051 254:1 /home/username/.yarnrc /home/username/.yarnrc ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2188 fsname=/home/username/.yarnrc dir=/home/username/.yarnrc fstype=ext4 Mounting read-only /home/username/.config/menus 2189 2051 254:1 /home/username/.config/menus /home/username/.config/menus ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2189 fsname=/home/username/.config/menus dir=/home/username/.config/menus fstype=ext4 Mounting read-only /home/username/.local/share/applications 2190 2051 254:1 /home/username/.local/share/applications /home/username/.local/share/applications ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2190 fsname=/home/username/.local/share/applications dir=/home/username/.local/share/applications fstype=ext4 Mounting read-only /home/username/.config/mimeapps.list 2191 2051 254:1 /home/username/.config/mimeapps.list /home/username/.config/mimeapps.list ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2191 fsname=/home/username/.config/mimeapps.list dir=/home/username/.config/mimeapps.list fstype=ext4 Mounting read-only /home/username/.local/share/mime 2192 2051 254:1 /home/username/.local/share/mime /home/username/.local/share/mime ro,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2192 fsname=/home/username/.local/share/mime dir=/home/username/.local/share/mime fstype=ext4 Disable /home/username/.gnupg Disable /home/username/.local/share/kwalletd Disable /home/username/.netrc Disable /home/username/.pki Disable /home/username/.local/share/pki Disable /home/username/.ssh Disable /etc/group- Disable /etc/gshadow Disable /etc/gshadow- Disable /etc/passwd- Disable /etc/shadow Disable /etc/shadow- Disable /etc/ssh Warning: /sbin directory link was not blacklisted Disable /usr/local/sbin Warning: /usr/sbin directory link was not blacklisted Disable /usr/bin/chage Disable /usr/bin/chfn Disable /usr/bin/chsh Disable /usr/bin/expiry Disable /usr/bin/fusermount Disable /usr/bin/gpasswd Disable /usr/bin/ksu Disable /usr/bin/mount Disable /usr/bin/ncat Disable /usr/bin/newgidmap Disable /usr/bin/newgrp Disable /usr/bin/newuidmap Disable /usr/bin/ntfs-3g Disable /usr/bin/pkexec Disable /usr/bin/sg Disable /usr/bin/su Disable /usr/bin/sudo Disable /usr/bin/umount Disable /usr/bin/unix_chkpwd Disable /usr/bin/bwrap Disable /proc/config.gz Disable /usr/bin/dig Disable /usr/bin/dnssec-settime Disable /usr/bin/dnssec-keygen Disable /usr/bin/dnssec-coverage Disable /usr/bin/dnssec-signzone Disable /usr/bin/dnssec-checkds Disable /usr/bin/dnssec-dsfromkey Disable /usr/bin/dnssec-revoke Disable /usr/bin/dnssec-keymgr Disable /usr/bin/dnssec-importkey Disable /usr/bin/dnssec-keyfromlabel Disable /usr/bin/dnssec-verify Disable /usr/bin/dnssec-cds Disable /usr/bin/drill Disable /usr/bin/host Disable /usr/bin/ldns-config Disable /usr/bin/ldns-revoke Disable /usr/bin/ldns-dpa Disable /usr/bin/ldns-nsec3-hash Disable /usr/bin/ldns-test-edns Disable /usr/bin/ldns-walk Disable /usr/bin/ldns-zsplit Disable /usr/bin/ldns-key2ds Disable /usr/bin/ldns-version Disable /usr/bin/ldns-read-zone Disable /usr/bin/ldns-verify-zone Disable /usr/bin/ldns-zcat Disable /usr/bin/ldns-compare-zones Disable /usr/bin/ldns-notify Disable /usr/bin/ldns-update Disable /usr/bin/ldns-chaos Disable /usr/bin/ldns-keyfetcher Disable /usr/bin/ldns-gen-zone Disable /usr/bin/ldns-testns Disable /usr/bin/ldns-dane Disable /usr/bin/ldns-mx Disable /usr/bin/ldns-keygen Disable /usr/bin/ldns-resolver Disable /usr/bin/ldns-signzone Disable /usr/bin/ldns-rrsig Disable /usr/bin/ldnsd Disable /usr/bin/nslookup Disable /usr/bin/resolvectl Disable /usr/bin/as Disable /usr/bin/gcc (requested /usr/bin/cc) Disable /usr/bin/c++ Disable /usr/bin/c++filt Disable /usr/bin/c89 Disable /usr/bin/c99 Disable /usr/bin/cpp Disable /usr/bin/g++ Disable /usr/bin/gcc-ar Disable /usr/bin/gcc-nm Disable /usr/bin/gcc Disable /usr/bin/gcc-ranlib Disable /usr/bin/ld Disable /usr/bin/x86_64-pc-linux-gnu-gcc Disable /usr/bin/x86_64-pc-linux-gnu-gcc-ar Disable /usr/bin/x86_64-pc-linux-gnu-gcc-nm Disable /usr/bin/x86_64-pc-linux-gnu-gcc-ranlib Disable /usr/bin/x86_64-pc-linux-gnu-gcc-10.2.0 Disable /usr/bin/x86_64-pc-linux-gnu-g++ Disable /usr/bin/x86_64-pc-linux-gnu-gcc Disable /usr/bin/x86_64-pc-linux-gnu-gcc-ar Disable /usr/bin/x86_64-pc-linux-gnu-gcc-nm Disable /usr/bin/x86_64-pc-linux-gnu-gcc-ranlib Disable /usr/bin/x86_64-pc-linux-gnu-gcc-10.2.0 Disable /usr/bin/x86_64-pc-linux-gnu-g++ Disable /usr/lib/jvm/java-8-jre/jre/bin/java (requested /usr/bin/java) Disable /usr/lib/jvm/java-8-jre/jre/bin/java (requested /usr/lib/jvm/default/bin/java) Disable /usr/bin/openssl Disable /usr/src Disable /usr/local/src Not blacklist /usr/include Disable /usr/local/include Mounting noexec /home/username 2346 2302 0:24 /firejail/firejail.ro.dir /home/username/.ssh rw,nosuid,nodev master:11 - tmpfs tmpfs rw,size=2427668k,nr_inodes=819200,mode=755,inode64 mountid=2346 fsname=/firejail/firejail.ro.dir dir=/home/username/.ssh fstype=tmpfs Mounting noexec /home/username/.Xauthority 2347 2315 254:1 /home/username/.Xauthority /home/username/.Xauthority ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2347 fsname=/home/username/.Xauthority dir=/home/username/.Xauthority fstype=ext4 Mounting noexec /home/username/.cache/ksycoca5_en_T_yqs0BOg4f+K+B+PCJWyiC6V5U= 2348 2325 254:1 /home/username/.cache/ksycoca5_en_T_yqs0BOg4f+K+B+PCJWyiC6V5U= /home/username/.cache/ksycoca5_en_T_yqs0BOg4f+K+B+PCJWyiC6V5U= ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2348 fsname=/home/username/.cache/ksycoca5_en_T_yqs0BOg4f+K+B+PCJWyiC6V5U= dir=/home/username/.cache/ksycoca5_en_T_yqs0BOg4f+K+B+PCJWyiC6V5U= fstype=ext4 Mounting noexec /home/username/.config/plasmanotifyrc 2349 2326 254:1 /home/username/.config/plasmanotifyrc /home/username/.config/plasmanotifyrc ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2349 fsname=/home/username/.config/plasmanotifyrc dir=/home/username/.config/plasmanotifyrc fstype=ext4 Mounting noexec /home/username/.config/kdeglobals 2350 2327 254:1 /home/username/.config/kdeglobals /home/username/.config/kdeglobals ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2350 fsname=/home/username/.config/kdeglobals dir=/home/username/.config/kdeglobals fstype=ext4 Mounting noexec /home/username/.config/kiorc 2351 2328 254:1 /home/username/.config/kiorc /home/username/.config/kiorc ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2351 fsname=/home/username/.config/kiorc dir=/home/username/.config/kiorc fstype=ext4 Mounting noexec /home/username/.kde4/share/config/kdeglobals 2352 2329 254:1 /home/username/.kde4/share/config/kdeglobals /home/username/.kde4/share/config/kdeglobals ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2352 fsname=/home/username/.kde4/share/config/kdeglobals dir=/home/username/.kde4/share/config/kdeglobals fstype=ext4 Mounting noexec /home/username/.local/share/konsole 2353 2330 254:1 /home/username/.local/share/konsole /home/username/.local/share/konsole ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2353 fsname=/home/username/.local/share/konsole dir=/home/username/.local/share/konsole fstype=ext4 Mounting noexec /home/username/.config/dconf 2354 2331 254:1 /home/username/.config/dconf /home/username/.config/dconf ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2354 fsname=/home/username/.config/dconf dir=/home/username/.config/dconf fstype=ext4 Mounting noexec /home/username/.bash_logout 2355 2332 254:1 /home/username/.bash_logout /home/username/.bash_logout ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2355 fsname=/home/username/.bash_logout dir=/home/username/.bash_logout fstype=ext4 Mounting noexec /home/username/.bash_profile 2356 2333 254:1 /home/username/.bash_profile /home/username/.bash_profile ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2356 fsname=/home/username/.bash_profile dir=/home/username/.bash_profile fstype=ext4 Mounting noexec /home/username/.bashrc 2357 2334 254:1 /home/username/.bashrc /home/username/.bashrc ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2357 fsname=/home/username/.bashrc dir=/home/username/.bashrc fstype=ext4 Mounting noexec /home/username/.vim 2358 2335 254:1 /home/username/.vim /home/username/.vim ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2358 fsname=/home/username/.vim dir=/home/username/.vim fstype=ext4 Mounting noexec /home/username/.yarnrc 2359 2336 254:1 /home/username/.yarnrc /home/username/.yarnrc ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2359 fsname=/home/username/.yarnrc dir=/home/username/.yarnrc fstype=ext4 Mounting noexec /home/username/.config/menus 2360 2337 254:1 /home/username/.config/menus /home/username/.config/menus ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2360 fsname=/home/username/.config/menus dir=/home/username/.config/menus fstype=ext4 Mounting noexec /home/username/.local/share/applications 2361 2338 254:1 /home/username/.local/share/applications /home/username/.local/share/applications ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2361 fsname=/home/username/.local/share/applications dir=/home/username/.local/share/applications fstype=ext4 Mounting noexec /home/username/.config/mimeapps.list 2362 2339 254:1 /home/username/.config/mimeapps.list /home/username/.config/mimeapps.list ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2362 fsname=/home/username/.config/mimeapps.list dir=/home/username/.config/mimeapps.list fstype=ext4 Mounting noexec /home/username/.local/share/mime 2363 2340 254:1 /home/username/.local/share/mime /home/username/.local/share/mime ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/archlap-root rw mountid=2363 fsname=/home/username/.local/share/mime dir=/home/username/.local/share/mime fstype=ext4 Mounting noexec /run/user/1000 2369 2364 0:24 /firejail/firejail.ro.file /run/user/1000/kdeinit5__0 rw,nosuid,nodev master:11 - tmpfs tmpfs rw,size=2427668k,nr_inodes=819200,mode=755,inode64 mountid=2369 fsname=/firejail/firejail.ro.file dir=/run/user/1000/kdeinit5__0 fstype=tmpfs Mounting noexec /dev/shm 2370 2071 0:131 /shm /dev/shm rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64 mountid=2370 fsname=/shm dir=/dev/shm fstype=tmpfs Mounting noexec /tmp 2373 2371 0:31 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev master:17 - tmpfs tmpfs rw,size=6069168k,nr_inodes=409600,inode64 mountid=2373 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Mounting noexec /tmp/xauth-1000-_0 2374 2372 0:31 /xauth-1000-_0 /tmp/xauth-1000-_0 rw,nosuid,nodev,noexec master:17 - tmpfs tmpfs rw,size=6069168k,nr_inodes=409600,inode64 mountid=2374 fsname=/xauth-1000-_0 dir=/tmp/xauth-1000-_0 fstype=tmpfs Mounting noexec /tmp/.X11-unix 2375 2373 0:31 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev,noexec master:17 - tmpfs tmpfs rw,size=6069168k,nr_inodes=409600,inode64 mountid=2375 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Mounting noexec /var 2379 2376 0:124 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw,inode64 mountid=2379 fsname=/ dir=/var/tmp fstype=tmpfs Not blacklist /home/username/.local/bin/lua* Not blacklist /home/username/bin/lua* Not blacklist /usr/local/sbin/lua* Not blacklist /usr/local/bin/lua* Not blacklist /usr/bin/lua5.2 Not blacklist /usr/bin/luac5.2 Not blacklist /usr/bin/luac5.3 Not blacklist /usr/bin/lua5.3 Not blacklist /usr/lib/jvm/default/bin/lua* Not blacklist /usr/bin/site_perl/lua* Not blacklist /usr/bin/vendor_perl/lua* Not blacklist /usr/bin/core_perl/lua* Disable /usr/include/lua5.2 Disable /usr/include/lua5.3 Not blacklist /usr/lib/liblua.so.5.3.6 Not blacklist /usr/lib/liblua5.2.so.5.2 Not blacklist /usr/lib/liblua5.2.so.5.2.4 Not blacklist /usr/lib/liblua5.3.so Not blacklist /usr/lib/liblua.so.5.2.4 Not blacklist /usr/lib/liblua5.3.so.5.3 Not blacklist /usr/lib/liblua5.2.so Not blacklist /usr/lib/liblua5.3.so.5.3.6 Not blacklist /usr/lib/liblua.so.5.3 Not blacklist /usr/lib/liblua.so.5.2 Not blacklist /usr/lib/lua Not blacklist /usr/lib64/liblua.so.5.3.6 Not blacklist /usr/lib64/liblua5.2.so.5.2 Not blacklist /usr/lib64/liblua5.2.so.5.2.4 Not blacklist /usr/lib64/liblua5.3.so Not blacklist /usr/lib64/liblua.so.5.2.4 Not blacklist /usr/lib64/liblua5.3.so.5.3 Not blacklist /usr/lib64/liblua5.2.so Not blacklist /usr/lib64/liblua5.3.so.5.3.6 Not blacklist /usr/lib64/liblua.so.5.3 Not blacklist /usr/lib64/liblua.so.5.2 Not blacklist /usr/lib64/lua Not blacklist /usr/share/lua* Disable /usr/lib/libmozjs-78.so (requested /usr/lib64/libmozjs-78.so) Disable /usr/bin/core_perl/cpan Disable /usr/bin/core_perl Disable /usr/bin/perl Disable /usr/bin/site_perl Disable /usr/bin/vendor_perl Disable /usr/lib/perl5 Disable /usr/lib/perl5 (requested /usr/lib64/perl5) Disable /usr/share/perl5 Disable /usr/lib/ruby Disable /usr/lib/python2.7 Disable /usr/bin/python3.9 Disable /usr/bin/python3.9-config (requested /usr/bin/python3-config) Disable /usr/bin/python3.9 (requested /usr/bin/python3) Disable /usr/bin/python3.9-config Disable /usr/include/python3.9 Disable /usr/lib/python3.9 Disable /usr/lib/python3.9 (requested /usr/lib64/python3.9) Disable /home/username/.password-store Disable /home/username/.anydesk Disable /home/username/.audacity-data Disable /home/username/.config/GIMP Disable /home/username/.config/Mumble Disable /home/username/.config/Rocket.Chat Disable /home/username/.config/Signal Disable /home/username/.config/akregatorrc Disable /home/username/.config/arkrc Disable /home/username/.config/baloofilerc Disable /home/username/.config/chromium Disable /home/username/.config/dolphinrc Disable /home/username/.config/emaildefaults Disable /home/username/.config/filezilla Disable /home/username/.config/gconf Disable /home/username/.config/google-chrome Disable /home/username/.config/gwenviewrc Disable /home/username/.config/katemetainfos Disable /home/username/.config/katerc Disable /home/username/.config/kateschemarc Disable /home/username/.config/katevirc Disable /home/username/.config/kdeconnect Disable /home/username/.config/klipperrc Disable /home/username/.config/libreoffice Disable /home/username/.config/mpv Disable /home/username/.config/okularpartrc Disable /home/username/.config/okularrc Disable /home/username/.config/spectaclerc Disable /home/username/.config/strawberry Disable /home/username/.config/torbrowser Disable /home/username/.config/vlc Not blacklist /home/username/.config/wireshark Disable /home/username/.config/youtube-dl Disable /home/username/.gitconfig Disable /home/username/.java Disable /home/username/.local/share/Mumble Disable /home/username/.local/share/TelegramDesktop Disable /home/username/.local/share/baloo Disable /home/username/.local/share/data/Mumble Disable /home/username/.local/share/dolphin Disable /home/username/.local/share/gwenview Disable /home/username/.local/share/kate Disable /home/username/.local/share/kxmlgui5/konsole Disable /home/username/.local/share/kxmlgui5/dolphin Disable /home/username/.local/share/kxmlgui5/ark Disable /home/username/.local/share/kxmlgui5/kcalc Disable /home/username/.local/share/okular Disable /home/username/.local/share/strawberry Disable /home/username/.local/share/torbrowser Disable /home/username/.local/share/vlc Disable /home/username/.mozilla Disable /home/username/.npm Disable /home/username/.pylint.d Disable /home/username/.thunderbird Disable /home/username/.tor-browser Disable /home/username/.vim Disable /home/username/.wine Not blacklist /home/username/.wireshark Disable /home/username/.yarn Disable /home/username/.yarnrc Disable /home/username/.cache/babl Disable /home/username/.cache/chromium Disable /home/username/.cache/discover Disable /home/username/.cache/gegl-0.4 Disable /home/username/.cache/gimp Disable /home/username/.cache/google-chrome Disable /home/username/.cache/kcmshell5 Disable /home/username/.cache/kinfocenter Disable /home/username/.cache/krunner Disable /home/username/.cache/kscreenlocker_greet Disable /home/username/.cache/ksmserver-logout-greeter Disable /home/username/.cache/ksplashqml Disable /home/username/.cache/kwin Disable /home/username/.cache/mozilla Disable /home/username/.cache/pip Disable /home/username/.cache/plasmashell Disable /home/username/.cache/strawberry Disable /home/username/.cache/systemsettings Disable /home/username/.cache/thunderbird Disable /home/username/.cache/vlc Directory ${DOCUMENTS} resolved as Documents Not blacklist /home/username/Documents Directory ${MUSIC} resolved as Music Disable /home/username/Music Directory ${PICTURES} resolved as Pictures Disable /home/username/Pictures Directory ${VIDEOS} resolved as Videos Disable /home/username/Videos Mounting read-only /tmp/.X11-unix 2481 2375 0:31 /.X11-unix /tmp/.X11-unix ro,nosuid,nodev,noexec master:17 - tmpfs tmpfs rw,size=6069168k,nr_inodes=409600,inode64 mountid=2481 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Disable /sys/fs Disable /sys/module disable pulseaudio blacklist /home/username/.config/pulse blacklist /run/user/1000/pulse/native blacklist /run/user/1000/pulse Create the new ld.so.preload file Blacklist violations are logged to syslog Mount the new ld.so.preload file Current directory: /home/username DISPLAY=:0 parsed as 0 configuring 101 seccomp entries in /run/firejail/mnt/seccomp/seccomp.32 sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.32 Dropping all capabilities Drop privileges: pid 2, uid 1000, gid 1000, nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 40000003 jeq ARCH_32 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 15 00 01 00000015 jeq 15 0005 (false 0006) 0005: 06 00 00 00000001 ret KILL 0006: 15 00 01 00000034 jeq 34 0007 (false 0008) 0007: 06 00 00 00000001 ret KILL 0008: 15 00 01 0000001a jeq 1a 0009 (false 000a) 0009: 06 00 00 00000001 ret KILL 000a: 15 00 01 0000011b jeq 11b 000b (false 000c) 000b: 06 00 00 00000001 ret KILL 000c: 15 00 01 00000155 jeq 155 000d (false 000e) 000d: 06 00 00 00000001 ret KILL 000e: 15 00 01 00000156 jeq 156 000f (false 0010) 000f: 06 00 00 00000001 ret KILL 0010: 15 00 01 0000007f jeq 7f 0011 (false 0012) 0011: 06 00 00 00000001 ret KILL 0012: 15 00 01 00000080 jeq 80 0013 (false 0014) 0013: 06 00 00 00000001 ret KILL 0014: 15 00 01 0000015e jeq 15e 0015 (false 0016) 0015: 06 00 00 00000001 ret KILL 0016: 15 00 01 00000081 jeq 81 0017 (false 0018) 0017: 06 00 00 00000001 ret KILL 0018: 15 00 01 0000006e jeq 6e 0019 (false 001a) 0019: 06 00 00 00000001 ret KILL 001a: 15 00 01 00000065 jeq 65 001b (false 001c) 001b: 06 00 00 00000001 ret KILL 001c: 15 00 01 00000121 jeq 121 001d (false 001e) 001d: 06 00 00 00000001 ret KILL 001e: 15 00 01 00000057 jeq 57 001f (false 0020) 001f: 06 00 00 00000001 ret KILL 0020: 15 00 01 00000073 jeq 73 0021 (false 0022) 0021: 06 00 00 00000001 ret KILL 0022: 15 00 01 00000067 jeq 67 0023 (false 0024) 0023: 06 00 00 00000001 ret KILL 0024: 15 00 01 0000015b jeq 15b 0025 (false 0026) 0025: 06 00 00 00000001 ret KILL 0026: 15 00 01 0000015c jeq 15c 0027 (false 0028) 0027: 06 00 00 00000001 ret KILL 0028: 15 00 01 00000087 jeq 87 0029 (false 002a) 0029: 06 00 00 00000001 ret KILL 002a: 15 00 01 00000095 jeq 95 002b (false 002c) 002b: 06 00 00 00000001 ret KILL 002c: 15 00 01 0000007c jeq 7c 002d (false 002e) 002d: 06 00 00 00000001 ret KILL 002e: 15 00 01 00000157 jeq 157 002f (false 0030) 002f: 06 00 00 00000001 ret KILL 0030: 15 00 01 000000fd jeq fd 0031 (false 0032) 0031: 06 00 00 00000001 ret KILL 0032: 15 00 01 00000150 jeq 150 0033 (false 0034) 0033: 06 00 00 00000001 ret KILL 0034: 15 00 01 00000152 jeq 152 0035 (false 0036) 0035: 06 00 00 00000001 ret KILL 0036: 15 00 01 0000015d jeq 15d 0037 (false 0038) 0037: 06 00 00 00000001 ret KILL 0038: 15 00 01 0000011e jeq 11e 0039 (false 003a) 0039: 06 00 00 00000001 ret KILL 003a: 15 00 01 0000011f jeq 11f 003b (false 003c) 003b: 06 00 00 00000001 ret KILL 003c: 15 00 01 00000120 jeq 120 003d (false 003e) 003d: 06 00 00 00000001 ret KILL 003e: 15 00 01 00000056 jeq 56 003f (false 0040) 003f: 06 00 00 00000001 ret KILL 0040: 15 00 01 00000033 jeq 33 0041 (false 0042) 0041: 06 00 00 00000001 ret KILL 0042: 15 00 01 0000007b jeq 7b 0043 (false 0044) 0043: 06 00 00 00000001 ret KILL 0044: 15 00 01 000000d9 jeq d9 0045 (false 0046) 0045: 06 00 00 00000001 ret KILL 0046: 15 00 01 000000f5 jeq f5 0047 (false 0048) 0047: 06 00 00 00000001 ret KILL 0048: 15 00 01 000000f6 jeq f6 0049 (false 004a) 0049: 06 00 00 00000001 ret KILL 004a: 15 00 01 000000f7 jeq f7 004b (false 004c) 004b: 06 00 00 00000001 ret KILL 004c: 15 00 01 000000f8 jeq f8 004d (false 004e) 004d: 06 00 00 00000001 ret KILL 004e: 15 00 01 000000f9 jeq f9 004f (false 0050) 004f: 06 00 00 00000001 ret KILL 0050: 15 00 01 00000101 jeq 101 0051 (false 0052) 0051: 06 00 00 00000001 ret KILL 0052: 15 00 01 00000112 jeq 112 0053 (false 0054) 0053: 06 00 00 00000001 ret KILL 0054: 15 00 01 00000114 jeq 114 0055 (false 0056) 0055: 06 00 00 00000001 ret KILL 0056: 15 00 01 00000126 jeq 126 0057 (false 0058) 0057: 06 00 00 00000001 ret KILL 0058: 15 00 01 0000013d jeq 13d 0059 (false 005a) 0059: 06 00 00 00000001 ret KILL 005a: 15 00 01 0000013c jeq 13c 005b (false 005c) 005b: 06 00 00 00000001 ret KILL 005c: 15 00 01 0000003d jeq 3d 005d (false 005e) 005d: 06 00 00 00000001 ret KILL 005e: 15 00 01 00000058 jeq 58 005f (false 0060) 005f: 06 00 00 00000001 ret KILL 0060: 15 00 01 000000a9 jeq a9 0061 (false 0062) 0061: 06 00 00 00000001 ret KILL 0062: 15 00 01 00000082 jeq 82 0063 (false 0064) 0063: 06 00 00 00000001 ret KILL 0064: 06 00 00 7fff0000 ret ALLOW Dual 32/64 bit seccomp filter configured configuring 134 seccomp entries in /run/firejail/mnt/seccomp/seccomp sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp Dropping all capabilities Drop privileges: pid 3, uid 1000, gid 1000, nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005) 0005: 35 01 00 00000000 jge read 0007 (false 0006) 0006: 06 00 00 00050001 ret ERRNO(1) 0007: 15 00 01 0000009f jeq adjtimex 0008 (false 0009) 0008: 06 00 00 00000001 ret KILL 0009: 15 00 01 00000131 jeq clock_adjtime 000a (false 000b) 000a: 06 00 00 00000001 ret KILL 000b: 15 00 01 000000e3 jeq clock_settime 000c (false 000d) 000c: 06 00 00 00000001 ret KILL 000d: 15 00 01 000000a4 jeq settimeofday 000e (false 000f) 000e: 06 00 00 00000001 ret KILL 000f: 15 00 01 0000009a jeq modify_ldt 0010 (false 0011) 0010: 06 00 00 00000001 ret KILL 0011: 15 00 01 000000d4 jeq lookup_dcookie 0012 (false 0013) 0012: 06 00 00 00000001 ret KILL 0013: 15 00 01 0000012a jeq perf_event_open 0014 (false 0015) 0014: 06 00 00 00000001 ret KILL 0015: 15 00 01 00000137 jeq process_vm_writev 0016 (false 0017) 0016: 06 00 00 00000001 ret KILL 0017: 15 00 01 000000b0 jeq delete_module 0018 (false 0019) 0018: 06 00 00 00000001 ret KILL 0019: 15 00 01 00000139 jeq finit_module 001a (false 001b) 001a: 06 00 00 00000001 ret KILL 001b: 15 00 01 000000af jeq init_module 001c (false 001d) 001c: 06 00 00 00000001 ret KILL 001d: 15 00 01 000000a1 jeq chroot 001e (false 001f) 001e: 06 00 00 00000001 ret KILL 001f: 15 00 01 000000a5 jeq mount 0020 (false 0021) 0020: 06 00 00 00000001 ret KILL 0021: 15 00 01 0000009b jeq pivot_root 0022 (false 0023) 0022: 06 00 00 00000001 ret KILL 0023: 15 00 01 000000a6 jeq umount2 0024 (false 0025) 0024: 06 00 00 00000001 ret KILL 0025: 15 00 01 0000009c jeq _sysctl 0026 (false 0027) 0026: 06 00 00 00000001 ret KILL 0027: 15 00 01 000000b7 jeq afs_syscall 0028 (false 0029) 0028: 06 00 00 00000001 ret KILL 0029: 15 00 01 000000ae jeq create_module 002a (false 002b) 002a: 06 00 00 00000001 ret KILL 002b: 15 00 01 000000b1 jeq get_kernel_syms 002c (false 002d) 002c: 06 00 00 00000001 ret KILL 002d: 15 00 01 000000b5 jeq getpmsg 002e (false 002f) 002e: 06 00 00 00000001 ret KILL 002f: 15 00 01 000000b6 jeq putpmsg 0030 (false 0031) 0030: 06 00 00 00000001 ret KILL 0031: 15 00 01 000000b2 jeq query_module 0032 (false 0033) 0032: 06 00 00 00000001 ret KILL 0033: 15 00 01 000000b9 jeq security 0034 (false 0035) 0034: 06 00 00 00000001 ret KILL 0035: 15 00 01 0000008b jeq sysfs 0036 (false 0037) 0036: 06 00 00 00000001 ret KILL 0037: 15 00 01 000000b8 jeq tuxcall 0038 (false 0039) 0038: 06 00 00 00000001 ret KILL 0039: 15 00 01 00000086 jeq uselib 003a (false 003b) 003a: 06 00 00 00000001 ret KILL 003b: 15 00 01 00000088 jeq ustat 003c (false 003d) 003c: 06 00 00 00000001 ret KILL 003d: 15 00 01 000000ec jeq vserver 003e (false 003f) 003e: 06 00 00 00000001 ret KILL 003f: 15 00 01 000000ad jeq ioperm 0040 (false 0041) 0040: 06 00 00 00000001 ret KILL 0041: 15 00 01 000000ac jeq iopl 0042 (false 0043) 0042: 06 00 00 00000001 ret KILL 0043: 15 00 01 000000f6 jeq kexec_load 0044 (false 0045) 0044: 06 00 00 00000001 ret KILL 0045: 15 00 01 00000140 jeq kexec_file_load 0046 (false 0047) 0046: 06 00 00 00000001 ret KILL 0047: 15 00 01 000000a9 jeq reboot 0048 (false 0049) 0048: 06 00 00 00000001 ret KILL 0049: 15 00 01 000000a7 jeq swapon 004a (false 004b) 004a: 06 00 00 00000001 ret KILL 004b: 15 00 01 000000a8 jeq swapoff 004c (false 004d) 004c: 06 00 00 00000001 ret KILL 004d: 15 00 01 00000130 jeq open_by_handle_at 004e (false 004f) 004e: 06 00 00 00000001 ret KILL 004f: 15 00 01 0000012f jeq name_to_handle_at 0050 (false 0051) 0050: 06 00 00 00000001 ret KILL 0051: 15 00 01 000000fb jeq ioprio_set 0052 (false 0053) 0052: 06 00 00 00000001 ret KILL 0053: 15 00 01 00000067 jeq syslog 0054 (false 0055) 0054: 06 00 00 00000001 ret KILL 0055: 15 00 01 0000012c jeq fanotify_init 0056 (false 0057) 0056: 06 00 00 00000001 ret KILL 0057: 15 00 01 00000138 jeq kcmp 0058 (false 0059) 0058: 06 00 00 00000001 ret KILL 0059: 15 00 01 000000f8 jeq add_key 005a (false 005b) 005a: 06 00 00 00000001 ret KILL 005b: 15 00 01 000000f9 jeq request_key 005c (false 005d) 005c: 06 00 00 00000001 ret KILL 005d: 15 00 01 000000ed jeq mbind 005e (false 005f) 005e: 06 00 00 00000001 ret KILL 005f: 15 00 01 00000100 jeq migrate_pages 0060 (false 0061) 0060: 06 00 00 00000001 ret KILL 0061: 15 00 01 00000117 jeq move_pages 0062 (false 0063) 0062: 06 00 00 00000001 ret KILL 0063: 15 00 01 000000fa jeq keyctl 0064 (false 0065) 0064: 06 00 00 00000001 ret KILL 0065: 15 00 01 000000ce jeq io_setup 0066 (false 0067) 0066: 06 00 00 00000001 ret KILL 0067: 15 00 01 000000cf jeq io_destroy 0068 (false 0069) 0068: 06 00 00 00000001 ret KILL 0069: 15 00 01 000000d0 jeq io_getevents 006a (false 006b) 006a: 06 00 00 00000001 ret KILL 006b: 15 00 01 000000d1 jeq io_submit 006c (false 006d) 006c: 06 00 00 00000001 ret KILL 006d: 15 00 01 000000d2 jeq io_cancel 006e (false 006f) 006e: 06 00 00 00000001 ret KILL 006f: 15 00 01 000000d8 jeq remap_file_pages 0070 (false 0071) 0070: 06 00 00 00000001 ret KILL 0071: 15 00 01 00000143 jeq userfaultfd 0072 (false 0073) 0072: 06 00 00 00000001 ret KILL 0073: 15 00 01 000000a3 jeq acct 0074 (false 0075) 0074: 06 00 00 00000001 ret KILL 0075: 15 00 01 00000141 jeq bpf 0076 (false 0077) 0076: 06 00 00 00000001 ret KILL 0077: 15 00 01 000000b4 jeq nfsservctl 0078 (false 0079) 0078: 06 00 00 00000001 ret KILL 0079: 15 00 01 000000ab jeq setdomainname 007a (false 007b) 007a: 06 00 00 00000001 ret KILL 007b: 15 00 01 000000aa jeq sethostname 007c (false 007d) 007c: 06 00 00 00000001 ret KILL 007d: 15 00 01 00000099 jeq vhangup 007e (false 007f) 007e: 06 00 00 00000001 ret KILL 007f: 15 00 01 00000065 jeq ptrace 0080 (false 0081) 0080: 06 00 00 00000001 ret KILL 0081: 15 00 01 00000087 jeq personality 0082 (false 0083) 0082: 06 00 00 00000001 ret KILL 0083: 15 00 01 00000136 jeq process_vm_readv 0084 (false 0085) 0084: 06 00 00 00000001 ret KILL 0085: 06 00 00 7fff0000 ret ALLOW seccomp filter configured Mounting read-only /run/firejail/mnt/seccomp 2488 2036 0:121 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755,inode64 mountid=2488 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs Seccomp directory: ls /run/firejail/mnt/seccomp drwxr-xr-x root root 140 . drwxr-xr-x root root 320 .. -rw-r--r-- username username 1072 seccomp -rw-r--r-- username username 808 seccomp.32 -rw-r--r-- username username 71 seccomp.list -rw-r--r-- username username 0 seccomp.postexec -rw-r--r-- username username 0 seccomp.postexec32 Active seccomp files: cat /run/firejail/mnt/seccomp/seccomp.list /run/firejail/mnt/seccomp/seccomp.32 /run/firejail/mnt/seccomp/seccomp Set caps filter 3002 Drop privileges: pid 1, uid 1000, gid 1000, nogroups 0 AppArmor enabled Starting application LD_PRELOAD=(null) execvp argument 0: wireshark Child process initialized in 310.09 ms Searching $PATH for wireshark trying #/home/username/.local/bin/wireshark# trying #/home/username/bin/wireshark# trying #/home/username/.local/bin/wireshark# trying #/home/username/bin/wireshark# trying #/usr/local/sbin/wireshark# trying #/usr/local/bin/wireshark# Installing /run/firejail/mnt/seccomp/seccomp seccomp filter Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter Warning: an existing sandbox was detected. /usr/bin/wireshark will run without any additional sandboxing features monitoring pid 4 libGL error: MESA-LOADER: failed to retrieve device information libGL error: Version 4 or later of flush extension not found libGL error: failed to load driver: i915 libGL error: failed to open /dev/dri/card0: No such file or directory libGL error: failed to load driver: iris ``` </details>
gitea-mirror commented 2026-05-05 09:15:48 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (May 4, 2021):

Does one of the following commands work?

  • firejail --ignore=seccomp /usr/bin/wireshark
  • firejail --ignore=caps.keep /usr/bin/wireshark
  • firejail --ignore=apparmor /usr/bin/wireshark
  • firejail --ignore=seccomp --ignore=caps.keep --ignore=apparmor --ignore=private-dev /usr/bin/wireshark

The libGl errors are caused by no3d because you use wayland (right?). They are unrelated to this. There are many program with them.

<!-- gh-comment-id:832166080 --> @rusty-snake commented on GitHub (May 4, 2021): Does one of the following commands work? - `firejail --ignore=seccomp /usr/bin/wireshark` - `firejail --ignore=caps.keep /usr/bin/wireshark` - `firejail --ignore=apparmor /usr/bin/wireshark` - `firejail --ignore=seccomp --ignore=caps.keep --ignore=apparmor --ignore=private-dev /usr/bin/wireshark` The libGl errors are caused by `no3d` because you use wayland (right?). They are unrelated to this. There are many program with them.
gitea-mirror commented 2026-05-05 09:15:49 -06:00
Author
Owner
Copy link

@aminvakil commented on GitHub (May 4, 2021):

The ones with tick on them works.

  • firejail --ignore=seccomp /usr/bin/wireshark
  • firejail --ignore=caps.keep /usr/bin/wireshark
  • firejail --ignore=apparmor /usr/bin/wireshark
  • firejail --ignore=seccomp --ignore=caps.keep --ignore=apparmor --ignore=private-dev /usr/bin/wireshark

So should I just create a PR disabling seccomp in its profile?

<!-- gh-comment-id:832173858 --> @aminvakil commented on GitHub (May 4, 2021): The ones with tick on them works. - [x] `firejail --ignore=seccomp /usr/bin/wireshark` - [ ] `firejail --ignore=caps.keep /usr/bin/wireshark` - [ ] `firejail --ignore=apparmor /usr/bin/wireshark` - [x] `firejail --ignore=seccomp --ignore=caps.keep --ignore=apparmor --ignore=private-dev /usr/bin/wireshark` So should I just create a PR disabling `seccomp` in its profile?
gitea-mirror commented 2026-05-05 09:15:50 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (May 4, 2021):

So should I just create a PR disabling seccomp in its profile?

Probably yes, but check your syslog first.

General: Never disable seccomp because a program dies with it. This can be fixed by adding a exception for only one syscall in 90% of the cases and with exceptions for two or more syscalls for the rest.

Here is it special because seccomp implies NNP IIRC but those privilege issues are a edge case (I know only chromium until now).

<!-- gh-comment-id:832186306 --> @rusty-snake commented on GitHub (May 4, 2021): > So should I just create a PR disabling seccomp in its profile? Probably yes, but check your syslog first. General: Never disable `seccomp` because a program dies with it. This can be fixed by adding a exception for only one syscall in 90% of the cases and with exceptions for two or more syscalls for the rest. Here is it special because `seccomp` implies NNP IIRC but those privilege issues are a edge case (I know only chromium until now).
gitea-mirror commented 2026-05-05 09:15:51 -06:00
Author
Owner
Copy link

@aminvakil commented on GitHub (May 4, 2021):

I will create a PR tomorrow, meanwhile I would appreciate it if you could see output of my journalctl -f with seccomp enabled (not working)

$ journalctl -f 
May 05 00:37:53 hostname firejail[11658]: blacklist violation - sandbox 11655, exe wireshark, syscall access, path /home/username/.config/kwinrc
May 05 00:37:53 hostname firejail[11658]: blacklist violation - sandbox 11655, exe wireshark, syscall access, path /home/username/.config/kwinrc
May 05 00:37:53 hostname firejail[11658]: blacklist violation - sandbox 11655, exe wireshark, syscall access, path /home/username/.config/kwinrc
May 05 00:37:53 hostname firejail[11658]: blacklist violation - sandbox 11655, exe wireshark, syscall access, path /home/username/.config/kwinrc
May 05 00:37:53 hostname firejail[11658]: blacklist violation - sandbox 11655, exe wireshark, syscall open64, path /home/username/.config/kwinrc
May 05 00:37:53 hostname firejail[11658]: blacklist violation - sandbox 11655, exe wireshark, syscall access, path /home/username/.config/kwinrc
May 05 00:37:53 hostname firejail[11658]: blacklist violation - sandbox 11655, exe wireshark, syscall open64, path /home/username/.config/kwinrc
May 05 00:37:53 hostname firejail[11658]: blacklist violation - sandbox 11655, exe wireshark, syscall access, path /home/username/.config/kwinrc
May 05 00:37:53 hostname firejail[11658]: blacklist violation - sandbox 11655, exe wireshark, syscall open64, path /home/username/.config/kwinrc
May 05 00:37:53 hostname firejail[11658]: blacklist violation - sandbox 11655, exe wireshark, syscall access, path /home/username/.config/kwinrc
May 05 00:37:53 hostname firejail[11658]: blacklist violation - sandbox 11655, exe wireshark, syscall open64, path /home/username/.config/kwinrc
May 05 00:37:54 hostname dbus-daemon[1089]: [system] rejected attempt to call AddMatch by connection :1.88 (uid=1003 pid=11722 comm="/usr/bin/dumpcap -i dbus-system -L --list-time-sta") with uid 1003
May 05 00:37:54 hostname dbus-daemon[1089]: [system] rejected attempt to call AddMatch by connection :1.88 (uid=1003 pid=11722 comm="/usr/bin/dumpcap -i dbus-system -L --list-time-sta") with uid 1003
May 05 00:37:54 hostname dbus-daemon[1089]: [system] rejected attempt to call AddMatch by connection :1.88 (uid=1003 pid=11722 comm="/usr/bin/dumpcap -i dbus-system -L --list-time-sta") with uid 1003
May 05 00:37:54 hostname dbus-daemon[1089]: [system] rejected attempt to call AddMatch by connection :1.88 (uid=1003 pid=11722 comm="/usr/bin/dumpcap -i dbus-system -L --list-time-sta") with uid 1003
May 05 00:37:54 hostname dbus-daemon[1089]: [system] rejected attempt to call AddMatch by connection :1.89 (uid=1003 pid=11730 comm="/usr/bin/dumpcap -S -Z none ") with uid 1003
May 05 00:37:54 hostname dbus-daemon[1089]: [system] rejected attempt to call AddMatch by connection :1.89 (uid=1003 pid=11730 comm="/usr/bin/dumpcap -S -Z none ") with uid 1003
May 05 00:37:54 hostname dbus-daemon[1089]: [system] rejected attempt to call AddMatch by connection :1.89 (uid=1003 pid=11730 comm="/usr/bin/dumpcap -S -Z none ") with uid 1003
May 05 00:37:54 hostname dbus-daemon[1089]: [system] rejected attempt to call AddMatch by connection :1.89 (uid=1003 pid=11730 comm="/usr/bin/dumpcap -S -Z none ") with uid 1003
May 05 00:37:59 hostname dbus-daemon[1089]: [system] rejected attempt to call AddMatch by connection :1.90 (uid=1003 pid=11737 comm="/usr/bin/dumpcap -S -Z none ") with uid 1003
May 05 00:37:59 hostname dbus-daemon[1089]: [system] rejected attempt to call AddMatch by connection :1.90 (uid=1003 pid=11737 comm="/usr/bin/dumpcap -S -Z none ") with uid 1003
May 05 00:37:59 hostname dbus-daemon[1089]: [system] rejected attempt to call AddMatch by connection :1.90 (uid=1003 pid=11737 comm="/usr/bin/dumpcap -S -Z none ") with uid 1003
May 05 00:37:59 hostname dbus-daemon[1089]: [system] rejected attempt to call AddMatch by connection :1.90 (uid=1003 pid=11737 comm="/usr/bin/dumpcap -S -Z none ") with uid 1003

and without seccomp (working)

May 05 00:41:09 hostname firejail[11871]: blacklist violation - sandbox 11868, exe wireshark, syscall access, path /home/username/.config/kwinrc
May 05 00:41:09 hostname firejail[11871]: blacklist violation - sandbox 11868, exe wireshark, syscall access, path /home/username/.config/kwinrc
May 05 00:41:09 hostname firejail[11871]: blacklist violation - sandbox 11868, exe wireshark, syscall access, path /home/username/.config/kwinrc
May 05 00:41:09 hostname firejail[11871]: blacklist violation - sandbox 11868, exe wireshark, syscall access, path /home/username/.config/kwinrc
May 05 00:41:09 hostname firejail[11871]: blacklist violation - sandbox 11868, exe wireshark, syscall open64, path /home/username/.config/kwinrc
May 05 00:41:09 hostname firejail[11871]: blacklist violation - sandbox 11868, exe wireshark, syscall access, path /home/username/.config/kwinrc
May 05 00:41:09 hostname firejail[11871]: blacklist violation - sandbox 11868, exe wireshark, syscall open64, path /home/username/.config/kwinrc
May 05 00:41:09 hostname firejail[11871]: blacklist violation - sandbox 11868, exe wireshark, syscall access, path /home/username/.config/kwinrc
May 05 00:41:09 hostname firejail[11871]: blacklist violation - sandbox 11868, exe wireshark, syscall open64, path /home/username/.config/kwinrc
May 05 00:41:09 hostname firejail[11871]: blacklist violation - sandbox 11868, exe wireshark, syscall access, path /home/username/.config/kwinrc
May 05 00:41:09 hostname firejail[11871]: blacklist violation - sandbox 11868, exe wireshark, syscall open64, path /home/username/.config/kwinrc
May 05 00:41:10 hostname dbus-daemon[1089]: [system] rejected attempt to call AddMatch by connection :1.92 (uid=1003 pid=11940 comm="/usr/bin/dumpcap -i dbus-system -L --list-time-sta") with uid 1003
May 05 00:41:10 hostname dbus-daemon[1089]: [system] rejected attempt to call AddMatch by connection :1.92 (uid=1003 pid=11940 comm="/usr/bin/dumpcap -i dbus-system -L --list-time-sta") with uid 1003
May 05 00:41:10 hostname dbus-daemon[1089]: [system] rejected attempt to call AddMatch by connection :1.92 (uid=1003 pid=11940 comm="/usr/bin/dumpcap -i dbus-system -L --list-time-sta") with uid 1003
May 05 00:41:10 hostname dbus-daemon[1089]: [system] rejected attempt to call AddMatch by connection :1.92 (uid=1003 pid=11940 comm="/usr/bin/dumpcap -i dbus-system -L --list-time-sta") with uid 1003
May 05 00:41:11 hostname dbus-daemon[1089]: [system] rejected attempt to call AddMatch by connection :1.93 (uid=1003 pid=11950 comm="/usr/bin/dumpcap -S -Z none ") with uid 1003
May 05 00:41:11 hostname dbus-daemon[1089]: [system] rejected attempt to call AddMatch by connection :1.93 (uid=1003 pid=11950 comm="/usr/bin/dumpcap -S -Z none ") with uid 1003
May 05 00:41:11 hostname dbus-daemon[1089]: [system] rejected attempt to call AddMatch by connection :1.93 (uid=1003 pid=11950 comm="/usr/bin/dumpcap -S -Z none ") with uid 1003
May 05 00:41:11 hostname dbus-daemon[1089]: [system] rejected attempt to call AddMatch by connection :1.93 (uid=1003 pid=11950 comm="/usr/bin/dumpcap -S -Z none ") with uid 1003
May 05 00:41:13 hostname audit: ANOM_PROMISCUOUS dev=wlp3s0 prom=256 old_prom=0 auid=1003 uid=1003 gid=1003 ses=2
May 05 00:41:13 hostname audit[11951]: SYSCALL arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=107 a2=1 a3=7ab0a80e4a90 items=0 ppid=11871 pid=11951 auid=1003 uid=1003 gid=1003 euid=1003 suid=1003 fsuid=1003 egid=1003 sgid=1003 fsgid=1003 tty=pts2 ses=2 comm="dumpcap" exe="/usr/bin/dumpcap" subj==firejail-default (enforce) key=(null)
May 05 00:41:13 hostname audit: PROCTITLE proctitle=2F7573722F62696E2F64756D70636170002D6E002D6900776C70337330002D7900454E31304D42002D5A006E6F6E65
May 05 00:41:13 hostname kernel: device wlp3s0 entered promiscuous mode
May 05 00:41:13 hostname kernel: audit: type=1700 audit(1620159073.185:287): dev=wlp3s0 prom=256 old_prom=0 auid=1003 uid=1003 gid=1003 ses=2
May 05 00:41:13 hostname kernel: audit: type=1300 audit(1620159073.185:287): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=107 a2=1 a3=7ab0a80e4a90 items=0 ppid=11871 pid=11951 auid=1003 uid=1003 gid=1003 euid=1003 suid=1003 fsuid=1003 egid=1003 sgid=1003 fsgid=1003 tty=pts2 ses=2 comm="dumpcap" exe="/usr/bin/dumpcap" subj==firejail-default (enforce) key=(null)
May 05 00:41:13 hostname kernel: audit: type=1327 audit(1620159073.185:287): proctitle=2F7573722F62696E2F64756D70636170002D6E002D6900776C70337330002D7900454E31304D42002D5A006E6F6E65
<!-- gh-comment-id:832212970 --> @aminvakil commented on GitHub (May 4, 2021): I will create a PR tomorrow, meanwhile I would appreciate it if you could see output of my `journalctl -f` with `seccomp` enabled (not working) <details> <summary> $ journalctl -f </summary> ``` May 05 00:37:53 hostname firejail[11658]: blacklist violation - sandbox 11655, exe wireshark, syscall access, path /home/username/.config/kwinrc May 05 00:37:53 hostname firejail[11658]: blacklist violation - sandbox 11655, exe wireshark, syscall access, path /home/username/.config/kwinrc May 05 00:37:53 hostname firejail[11658]: blacklist violation - sandbox 11655, exe wireshark, syscall access, path /home/username/.config/kwinrc May 05 00:37:53 hostname firejail[11658]: blacklist violation - sandbox 11655, exe wireshark, syscall access, path /home/username/.config/kwinrc May 05 00:37:53 hostname firejail[11658]: blacklist violation - sandbox 11655, exe wireshark, syscall open64, path /home/username/.config/kwinrc May 05 00:37:53 hostname firejail[11658]: blacklist violation - sandbox 11655, exe wireshark, syscall access, path /home/username/.config/kwinrc May 05 00:37:53 hostname firejail[11658]: blacklist violation - sandbox 11655, exe wireshark, syscall open64, path /home/username/.config/kwinrc May 05 00:37:53 hostname firejail[11658]: blacklist violation - sandbox 11655, exe wireshark, syscall access, path /home/username/.config/kwinrc May 05 00:37:53 hostname firejail[11658]: blacklist violation - sandbox 11655, exe wireshark, syscall open64, path /home/username/.config/kwinrc May 05 00:37:53 hostname firejail[11658]: blacklist violation - sandbox 11655, exe wireshark, syscall access, path /home/username/.config/kwinrc May 05 00:37:53 hostname firejail[11658]: blacklist violation - sandbox 11655, exe wireshark, syscall open64, path /home/username/.config/kwinrc May 05 00:37:54 hostname dbus-daemon[1089]: [system] rejected attempt to call AddMatch by connection :1.88 (uid=1003 pid=11722 comm="/usr/bin/dumpcap -i dbus-system -L --list-time-sta") with uid 1003 May 05 00:37:54 hostname dbus-daemon[1089]: [system] rejected attempt to call AddMatch by connection :1.88 (uid=1003 pid=11722 comm="/usr/bin/dumpcap -i dbus-system -L --list-time-sta") with uid 1003 May 05 00:37:54 hostname dbus-daemon[1089]: [system] rejected attempt to call AddMatch by connection :1.88 (uid=1003 pid=11722 comm="/usr/bin/dumpcap -i dbus-system -L --list-time-sta") with uid 1003 May 05 00:37:54 hostname dbus-daemon[1089]: [system] rejected attempt to call AddMatch by connection :1.88 (uid=1003 pid=11722 comm="/usr/bin/dumpcap -i dbus-system -L --list-time-sta") with uid 1003 May 05 00:37:54 hostname dbus-daemon[1089]: [system] rejected attempt to call AddMatch by connection :1.89 (uid=1003 pid=11730 comm="/usr/bin/dumpcap -S -Z none ") with uid 1003 May 05 00:37:54 hostname dbus-daemon[1089]: [system] rejected attempt to call AddMatch by connection :1.89 (uid=1003 pid=11730 comm="/usr/bin/dumpcap -S -Z none ") with uid 1003 May 05 00:37:54 hostname dbus-daemon[1089]: [system] rejected attempt to call AddMatch by connection :1.89 (uid=1003 pid=11730 comm="/usr/bin/dumpcap -S -Z none ") with uid 1003 May 05 00:37:54 hostname dbus-daemon[1089]: [system] rejected attempt to call AddMatch by connection :1.89 (uid=1003 pid=11730 comm="/usr/bin/dumpcap -S -Z none ") with uid 1003 May 05 00:37:59 hostname dbus-daemon[1089]: [system] rejected attempt to call AddMatch by connection :1.90 (uid=1003 pid=11737 comm="/usr/bin/dumpcap -S -Z none ") with uid 1003 May 05 00:37:59 hostname dbus-daemon[1089]: [system] rejected attempt to call AddMatch by connection :1.90 (uid=1003 pid=11737 comm="/usr/bin/dumpcap -S -Z none ") with uid 1003 May 05 00:37:59 hostname dbus-daemon[1089]: [system] rejected attempt to call AddMatch by connection :1.90 (uid=1003 pid=11737 comm="/usr/bin/dumpcap -S -Z none ") with uid 1003 May 05 00:37:59 hostname dbus-daemon[1089]: [system] rejected attempt to call AddMatch by connection :1.90 (uid=1003 pid=11737 comm="/usr/bin/dumpcap -S -Z none ") with uid 1003 ``` and without `seccomp` (working) ``` May 05 00:41:09 hostname firejail[11871]: blacklist violation - sandbox 11868, exe wireshark, syscall access, path /home/username/.config/kwinrc May 05 00:41:09 hostname firejail[11871]: blacklist violation - sandbox 11868, exe wireshark, syscall access, path /home/username/.config/kwinrc May 05 00:41:09 hostname firejail[11871]: blacklist violation - sandbox 11868, exe wireshark, syscall access, path /home/username/.config/kwinrc May 05 00:41:09 hostname firejail[11871]: blacklist violation - sandbox 11868, exe wireshark, syscall access, path /home/username/.config/kwinrc May 05 00:41:09 hostname firejail[11871]: blacklist violation - sandbox 11868, exe wireshark, syscall open64, path /home/username/.config/kwinrc May 05 00:41:09 hostname firejail[11871]: blacklist violation - sandbox 11868, exe wireshark, syscall access, path /home/username/.config/kwinrc May 05 00:41:09 hostname firejail[11871]: blacklist violation - sandbox 11868, exe wireshark, syscall open64, path /home/username/.config/kwinrc May 05 00:41:09 hostname firejail[11871]: blacklist violation - sandbox 11868, exe wireshark, syscall access, path /home/username/.config/kwinrc May 05 00:41:09 hostname firejail[11871]: blacklist violation - sandbox 11868, exe wireshark, syscall open64, path /home/username/.config/kwinrc May 05 00:41:09 hostname firejail[11871]: blacklist violation - sandbox 11868, exe wireshark, syscall access, path /home/username/.config/kwinrc May 05 00:41:09 hostname firejail[11871]: blacklist violation - sandbox 11868, exe wireshark, syscall open64, path /home/username/.config/kwinrc May 05 00:41:10 hostname dbus-daemon[1089]: [system] rejected attempt to call AddMatch by connection :1.92 (uid=1003 pid=11940 comm="/usr/bin/dumpcap -i dbus-system -L --list-time-sta") with uid 1003 May 05 00:41:10 hostname dbus-daemon[1089]: [system] rejected attempt to call AddMatch by connection :1.92 (uid=1003 pid=11940 comm="/usr/bin/dumpcap -i dbus-system -L --list-time-sta") with uid 1003 May 05 00:41:10 hostname dbus-daemon[1089]: [system] rejected attempt to call AddMatch by connection :1.92 (uid=1003 pid=11940 comm="/usr/bin/dumpcap -i dbus-system -L --list-time-sta") with uid 1003 May 05 00:41:10 hostname dbus-daemon[1089]: [system] rejected attempt to call AddMatch by connection :1.92 (uid=1003 pid=11940 comm="/usr/bin/dumpcap -i dbus-system -L --list-time-sta") with uid 1003 May 05 00:41:11 hostname dbus-daemon[1089]: [system] rejected attempt to call AddMatch by connection :1.93 (uid=1003 pid=11950 comm="/usr/bin/dumpcap -S -Z none ") with uid 1003 May 05 00:41:11 hostname dbus-daemon[1089]: [system] rejected attempt to call AddMatch by connection :1.93 (uid=1003 pid=11950 comm="/usr/bin/dumpcap -S -Z none ") with uid 1003 May 05 00:41:11 hostname dbus-daemon[1089]: [system] rejected attempt to call AddMatch by connection :1.93 (uid=1003 pid=11950 comm="/usr/bin/dumpcap -S -Z none ") with uid 1003 May 05 00:41:11 hostname dbus-daemon[1089]: [system] rejected attempt to call AddMatch by connection :1.93 (uid=1003 pid=11950 comm="/usr/bin/dumpcap -S -Z none ") with uid 1003 May 05 00:41:13 hostname audit: ANOM_PROMISCUOUS dev=wlp3s0 prom=256 old_prom=0 auid=1003 uid=1003 gid=1003 ses=2 May 05 00:41:13 hostname audit[11951]: SYSCALL arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=107 a2=1 a3=7ab0a80e4a90 items=0 ppid=11871 pid=11951 auid=1003 uid=1003 gid=1003 euid=1003 suid=1003 fsuid=1003 egid=1003 sgid=1003 fsgid=1003 tty=pts2 ses=2 comm="dumpcap" exe="/usr/bin/dumpcap" subj==firejail-default (enforce) key=(null) May 05 00:41:13 hostname audit: PROCTITLE proctitle=2F7573722F62696E2F64756D70636170002D6E002D6900776C70337330002D7900454E31304D42002D5A006E6F6E65 May 05 00:41:13 hostname kernel: device wlp3s0 entered promiscuous mode May 05 00:41:13 hostname kernel: audit: type=1700 audit(1620159073.185:287): dev=wlp3s0 prom=256 old_prom=0 auid=1003 uid=1003 gid=1003 ses=2 May 05 00:41:13 hostname kernel: audit: type=1300 audit(1620159073.185:287): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=107 a2=1 a3=7ab0a80e4a90 items=0 ppid=11871 pid=11951 auid=1003 uid=1003 gid=1003 euid=1003 suid=1003 fsuid=1003 egid=1003 sgid=1003 fsgid=1003 tty=pts2 ses=2 comm="dumpcap" exe="/usr/bin/dumpcap" subj==firejail-default (enforce) key=(null) May 05 00:41:13 hostname kernel: audit: type=1327 audit(1620159073.185:287): proctitle=2F7573722F62696E2F64756D70636170002D6E002D6900776C70337330002D7900454E31304D42002D5A006E6F6E65 ``` </details>
gitea-mirror commented 2026-05-05 09:15:52 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (May 4, 2021):

If there would be something, it would look like
2431d8ba33/etc/templates/syscalls.txt (L94)

The syscall=54 in your second snippet is setsockopt which isn't blocked by seccomp.

<!-- gh-comment-id:832216095 --> @rusty-snake commented on GitHub (May 4, 2021): If there would be something, it would look like https://github.com/netblue30/firejail/blob/2431d8ba33c9d44d30a50a3f73445af29024e479/etc/templates/syscalls.txt#L94 The `syscall=54` in your second snippet is `setsockopt` which isn't blocked by `seccomp`.
gitea-mirror commented 2026-05-05 09:15:53 -06:00
Author
Owner
Copy link

@aminvakil commented on GitHub (May 4, 2021):

I'm not sure if I understood you or not, but changing seccomp to seccomp !setsockopt still prevents the wireshark from gathering traffic.

<!-- gh-comment-id:832221381 --> @aminvakil commented on GitHub (May 4, 2021): I'm not sure if I understood you or not, but changing `seccomp` to `seccomp !setsockopt` still prevents the wireshark from gathering traffic.
gitea-mirror commented 2026-05-05 09:15:55 -06:00
Author
Owner
Copy link

@aminvakil commented on GitHub (May 5, 2021):

@rusty-snake Thanks for your help on finding and fixing the issue!

<!-- gh-comment-id:832563165 --> @aminvakil commented on GitHub (May 5, 2021): @rusty-snake Thanks for your help on finding and fixing the issue!
gitea-mirror commented 2026-05-05 09:15:55 -06:00
Author
Owner
Copy link

@oknyshuk commented on GitHub (Oct 6, 2023):

wireshark doesn't work for me in firejail. I'm on Arch, using linux-hardened

<!-- gh-comment-id:1750809663 --> @oknyshuk commented on GitHub (Oct 6, 2023): wireshark doesn't work for me in firejail. I'm on Arch, using linux-hardened
gitea-mirror commented 2026-05-05 09:15:57 -06:00
Author
Owner
Copy link

@ghost commented on GitHub (Oct 6, 2023):

@k1gen

Are you on firejail 0.9.72? Building from git? Just did a check on the wireshark profile and there's an ommission that needs to be corrected in git.

2a8621cd94/etc/inc/disable-common.inc (L580-L583)

wireshark needs access to that blacklisted ${PATH}/dumpcap. I'll open a PR to fix that. But if you're on 0.9.72 the situation is different and the above doesn't apply. Could you post used version, exact command and output here please?

<!-- gh-comment-id:1751004746 --> @ghost commented on GitHub (Oct 6, 2023): @k1gen Are you on firejail 0.9.72? Building from git? Just did a check on the wireshark profile and there's an ommission that needs to be corrected in git. https://github.com/netblue30/firejail/blob/2a8621cd940262397b048881d7fc34e5ba9644aa/etc/inc/disable-common.inc#L580-L583 wireshark needs access to that blacklisted `${PATH}/dumpcap`. I'll open a PR to fix that. But if you're on 0.9.72 the situation is different and the above doesn't apply. Could you post used version, exact command and output here please?
gitea-mirror commented 2026-05-05 09:15:57 -06:00
Author
Owner
Copy link

@oknyshuk commented on GitHub (Oct 6, 2023):

@glitsj16 https://paste.rs/mFFLG.txt

<!-- gh-comment-id:1751038098 --> @oknyshuk commented on GitHub (Oct 6, 2023): @glitsj16 https://paste.rs/mFFLG.txt
gitea-mirror commented 2026-05-05 09:15:58 -06:00
Author
Owner
Copy link

@ghost commented on GitHub (Oct 6, 2023):

@k1gen

The output related to libEGL stems from the no3d in wireshark.profile. That's to be expected and can safely be ignored. But lines 45 & 46 of your paste make me wonder if your user is in the wireshark group. Check the Arch Wiki for details.

 ** (wireshark:2) 18:18:48.754389 [Capture MESSAGE] -- Error message from child: "You do not have permission to capture on device "eth0".
(socket: Operation not permitted)", "Please check to make sure you have sufficient permissions.
<!-- gh-comment-id:1751093564 --> @ghost commented on GitHub (Oct 6, 2023): @k1gen The output related to libEGL stems from the `no3d` in wireshark.profile. That's to be expected and can safely be ignored. But lines 45 & 46 of your paste make me wonder if your user is in the `wireshark` group. Check the Arch Wiki for [details](https://wiki.archlinux.org/title/Wireshark#Capturing_privileges). ```sh ** (wireshark:2) 18:18:48.754389 [Capture MESSAGE] -- Error message from child: "You do not have permission to capture on device "eth0". (socket: Operation not permitted)", "Please check to make sure you have sufficient permissions. ```
gitea-mirror commented 2026-05-05 09:15:59 -06:00
Author
Owner
Copy link

@oknyshuk commented on GitHub (Oct 6, 2023):

the no3d stuff I did ignore, but my user is in the wireshark group, and everything works without a sandbox

<!-- gh-comment-id:1751097963 --> @oknyshuk commented on GitHub (Oct 6, 2023): the `no3d` stuff I did ignore, but my user is in the `wireshark` group, and everything works without a sandbox
gitea-mirror commented 2026-05-05 09:15:59 -06:00
Author
Owner
Copy link

@ghost commented on GitHub (Oct 6, 2023):

You mentioned using linux-hardened. That might be interfering/needing something extra in the caps.keep dac_override,dac_read_search,net_admin,net_raw, not sure. Anything in journalctl pointing to that?

<!-- gh-comment-id:1751106460 --> @ghost commented on GitHub (Oct 6, 2023): You mentioned using `linux-hardened`. That might be interfering/needing something extra in the `caps.keep dac_override,dac_read_search,net_admin,net_raw`, not sure. Anything in journalctl pointing to that?
gitea-mirror commented 2026-05-05 09:16:00 -06:00
Author
Owner
Copy link

@aminvakil commented on GitHub (Oct 7, 2023):

OP here :)

I can confirm the problem exists on linux-hardened as well.

<!-- gh-comment-id:1751514489 --> @aminvakil commented on GitHub (Oct 7, 2023): OP here :) I can confirm the problem exists on `linux-hardened` as well.
gitea-mirror commented 2026-05-05 09:16:01 -06:00
Author
Owner
Copy link

@aminvakil commented on GitHub (Oct 7, 2023):

Ah, I just tested and the problem still happens with linux-lts, so linux-hardened is irrelevant.

<!-- gh-comment-id:1751516362 --> @aminvakil commented on GitHub (Oct 7, 2023): Ah, I just tested and the problem still happens with [linux-lts](https://archlinux.org/packages/core/x86_64/linux-lts/), so `linux-hardened` is irrelevant.
gitea-mirror commented 2026-05-05 09:16:02 -06:00
Author
Owner
Copy link

@aminvakil commented on GitHub (Oct 7, 2023):

Manually changing /etc/firejail/wireshark.profile as mentioned in https://github.com/netblue30/firejail/pull/6038 did not work either.

(Adding noblacklist ${PATH}/dumpcap to /etc/firejail/wireshark.profile)

<!-- gh-comment-id:1751519306 --> @aminvakil commented on GitHub (Oct 7, 2023): Manually changing `/etc/firejail/wireshark.profile` as mentioned in https://github.com/netblue30/firejail/pull/6038 did not work either. (Adding `noblacklist ${PATH}/dumpcap` to `/etc/firejail/wireshark.profile`)
gitea-mirror commented 2026-05-05 09:16:02 -06:00
Author
Owner
Copy link

@aminvakil commented on GitHub (Oct 7, 2023):

https://paste.rs/Kq8Ns.bash

<!-- gh-comment-id:1751523222 --> @aminvakil commented on GitHub (Oct 7, 2023): https://paste.rs/Kq8Ns.bash
gitea-mirror commented 2026-05-05 09:16:03 -06:00
Author
Owner
Copy link

@kmk3 commented on GitHub (Oct 10, 2023):

It opens just fine with firejail-git on Artix.

Does the error still happen if using firejail-git?

Does it work with the following?

firejail --ignore='include globals.local' --private wireshark
<!-- gh-comment-id:1755165025 --> @kmk3 commented on GitHub (Oct 10, 2023): It opens just fine with firejail-git on Artix. Does the error still happen if using firejail-git? Does it work with the following? ```sh firejail --ignore='include globals.local' --private wireshark ```
gitea-mirror commented 2026-05-05 09:16:03 -06:00
Author
Owner
Copy link

@oknyshuk commented on GitHub (Oct 10, 2023):

@kmk3 firejail-git worked for me even without --ignore='include globals.local' --private

<!-- gh-comment-id:1755299928 --> @oknyshuk commented on GitHub (Oct 10, 2023): @kmk3 firejail-git worked for me even without `--ignore='include globals.local' --private`
gitea-mirror commented 2026-05-05 09:16:03 -06:00
Author
Owner
Copy link

@aminvakil commented on GitHub (Oct 10, 2023):

I can also confirm firejail-git worked without anything on Arch Linux.

<!-- gh-comment-id:1755702719 --> @aminvakil commented on GitHub (Oct 10, 2023): I can also confirm firejail-git worked without anything on Arch Linux.
gitea-mirror commented 2026-05-05 09:16:04 -06:00
Author
Owner
Copy link

@oknyshuk commented on GitHub (Nov 20, 2023):

it's broken again:

$ wireshark
Reading profile /etc/firejail/wireshark.profile
Reading profile /home/olk/.config/firejail/wireshark.local
Reading profile /etc/firejail/allow-lua.inc
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
firejail version 0.9.73

Ignoring "dbus-user.talk org.freedesktop.portal.Desktop".
Parent pid 10552, child pid 10553
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Warning: not remounting /home/olk/.ssh/config
Warning: not remounting /run/user/1000/gvfs
Warning: not remounting /run/user/1000/doc
Base filesystem installed in 209.77 ms
Child process initialized in 253.24 ms
libEGL warning: failed to open /dev/dri/renderD128: Permission denied

libEGL warning: wayland-egl: could not open /dev/dri/renderD128 (Permission denied)
 ** (wireshark:3) 01:49:55.877763 [GUI ECHO] -- Using Qt6 version
 ** (wireshark:3) 01:49:55.882123 [GUI ECHO] -- Changing color scheme to  light
 ** (wireshark:3) 01:49:55.887259 [GUI ECHO] -- Using  "window-close-symbolic.svg"  from  "Adwaita"  theme
 ** (wireshark:3) 01:49:55.891814 [GUI ECHO] -- Using  "window-minimize-symbolic.svg"  from  "Adwaita"  theme
 ** (wireshark:3) 01:49:55.896757 [GUI ECHO] -- Using  "window-maximize-symbolic.svg"  from  "Adwaita"  theme
 ** (wireshark:3) 01:49:55.901337 [GUI ECHO] -- Using  "window-restore-symbolic.svg"  from  "Adwaita"  theme
 ** (wireshark:3) 01:49:56.001167 [GUI ECHO] -- Changing color scheme to  dark
 ** (wireshark:3) 01:49:56.007486 [GUI ECHO] -- Changing titlebar layout to  "appmenu:close"
 ** (wireshark:3) 01:49:56.202638 [Epan WARNING] /usr/src/debug/wireshark/wireshark-4.2.0/epan/prefs.c:5984 -- set_pref(): Preference "extcap.sshdump.remotesudo" has been converted to "extcap.sshdump.remotepriv"
Save your preferences to make this change permanent.
 ** (wireshark:3) 01:49:57.525498 [Capture MESSAGE] -- Capture Start ...
 ** (wireshark:3) 01:49:57.558264 [Capture MESSAGE] -- Error message from child: "You do not have permission to capture on device "eth0".
(socket: Operation not permitted)", "Please check to make sure you have sufficient permissions.

On Debian and Debian derivatives such as Ubuntu, if you have installed Wireshark from a package, try running

    sudo dpkg-reconfigure wireshark-common

selecting "<Yes>" in response to the question

    Should non-superusers be able to capture packets?

adding yourself to the "wireshark" group by running

    sudo usermod -a -G wireshark {your username}

and then logging out and logging back in again.

If you did not install Wireshark from a package, ensure that Dumpcap has the needed CAP_NET_RAW and CAP_NET_ADMIN capabilities by running 

    sudo setcap cap_net_raw,cap_net_admin=ep {path/to/}dumpcap

and then restarting Wireshark."
 ** (wireshark:3) 01:49:58.692422 [Capture MESSAGE] -- Capture stopped.
 ** (wireshark:3) 01:49:58.692450 [Capture WARNING] /usr/src/debug/wireshark/wireshark-4.2.0/ui/capture.c:722 -- capture_input_closed(): 

Parent is shutting down, bye...

works fine without sandbox. I'm on 3c303ab1dc

<!-- gh-comment-id:1818049707 --> @oknyshuk commented on GitHub (Nov 20, 2023): it's broken again: ``` $ wireshark Reading profile /etc/firejail/wireshark.profile Reading profile /home/olk/.config/firejail/wireshark.local Reading profile /etc/firejail/allow-lua.inc Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-xdg.inc Reading profile /etc/firejail/whitelist-usr-share-common.inc Reading profile /etc/firejail/whitelist-var-common.inc firejail version 0.9.73 Ignoring "dbus-user.talk org.freedesktop.portal.Desktop". Parent pid 10552, child pid 10553 Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Warning: /sbin directory link was not blacklisted Warning: /usr/sbin directory link was not blacklisted Warning: not remounting /home/olk/.ssh/config Warning: not remounting /run/user/1000/gvfs Warning: not remounting /run/user/1000/doc Base filesystem installed in 209.77 ms Child process initialized in 253.24 ms libEGL warning: failed to open /dev/dri/renderD128: Permission denied libEGL warning: wayland-egl: could not open /dev/dri/renderD128 (Permission denied) ** (wireshark:3) 01:49:55.877763 [GUI ECHO] -- Using Qt6 version ** (wireshark:3) 01:49:55.882123 [GUI ECHO] -- Changing color scheme to light ** (wireshark:3) 01:49:55.887259 [GUI ECHO] -- Using "window-close-symbolic.svg" from "Adwaita" theme ** (wireshark:3) 01:49:55.891814 [GUI ECHO] -- Using "window-minimize-symbolic.svg" from "Adwaita" theme ** (wireshark:3) 01:49:55.896757 [GUI ECHO] -- Using "window-maximize-symbolic.svg" from "Adwaita" theme ** (wireshark:3) 01:49:55.901337 [GUI ECHO] -- Using "window-restore-symbolic.svg" from "Adwaita" theme ** (wireshark:3) 01:49:56.001167 [GUI ECHO] -- Changing color scheme to dark ** (wireshark:3) 01:49:56.007486 [GUI ECHO] -- Changing titlebar layout to "appmenu:close" ** (wireshark:3) 01:49:56.202638 [Epan WARNING] /usr/src/debug/wireshark/wireshark-4.2.0/epan/prefs.c:5984 -- set_pref(): Preference "extcap.sshdump.remotesudo" has been converted to "extcap.sshdump.remotepriv" Save your preferences to make this change permanent. ** (wireshark:3) 01:49:57.525498 [Capture MESSAGE] -- Capture Start ... ** (wireshark:3) 01:49:57.558264 [Capture MESSAGE] -- Error message from child: "You do not have permission to capture on device "eth0". (socket: Operation not permitted)", "Please check to make sure you have sufficient permissions. On Debian and Debian derivatives such as Ubuntu, if you have installed Wireshark from a package, try running sudo dpkg-reconfigure wireshark-common selecting "<Yes>" in response to the question Should non-superusers be able to capture packets? adding yourself to the "wireshark" group by running sudo usermod -a -G wireshark {your username} and then logging out and logging back in again. If you did not install Wireshark from a package, ensure that Dumpcap has the needed CAP_NET_RAW and CAP_NET_ADMIN capabilities by running sudo setcap cap_net_raw,cap_net_admin=ep {path/to/}dumpcap and then restarting Wireshark." ** (wireshark:3) 01:49:58.692422 [Capture MESSAGE] -- Capture stopped. ** (wireshark:3) 01:49:58.692450 [Capture WARNING] /usr/src/debug/wireshark/wireshark-4.2.0/ui/capture.c:722 -- capture_input_closed(): Parent is shutting down, bye... ``` works fine without sandbox. I'm on 3c303ab1dc172835559b0798df04b9b625bd1093
gitea-mirror commented 2026-05-05 09:16:04 -06:00
Author
Owner
Copy link

@ghost commented on GitHub (Nov 20, 2023):

it's broken again:
[...]
Reading profile /home/olk/.config/firejail/wireshark.local
[...]
Ignoring "dbus-user.talk org.freedesktop.portal.Desktop".

@k1gen What do you have in your wireshark.local exactly? Is that where you've added dbus-user.talk org.freedesktop.portal.Desktop?
On my Arch Linux box wireshark 4.2.0-1 runs/works just fine with firejail-git. I even hardened it to use a fully whitelisting profile via the below wireshark.local:

$ cat ~/.config/firejail/wireshark.local
# Firejail profile for wireshark
# Persistent local customizations

whitelist ${DOCUMENTS}
whitelist ${DOWNLOADS}

mkdir ${HOME}/.config/wireshark
whitelist ${HOME}/.config/wireshark
include whitelist-common.inc
include whitelist-run-common.inc
include whitelist-runuser-common.inc

But, again, my user is in the wireshark group. Unsure if you did similarly...

<!-- gh-comment-id:1819856442 --> @ghost commented on GitHub (Nov 20, 2023): > it's broken again: [...] Reading profile /home/olk/.config/firejail/wireshark.local [...] Ignoring "dbus-user.talk org.freedesktop.portal.Desktop". @k1gen What do you have in your wireshark.local exactly? Is that where you've added `dbus-user.talk org.freedesktop.portal.Desktop`? On my Arch Linux box [wireshark 4.2.0-1](https://archlinux.org/packages/extra/x86_64/wireshark-qt/) runs/works just fine with firejail-git. I even hardened it to use a fully whitelisting profile via the below wireshark.local: ```sh $ cat ~/.config/firejail/wireshark.local # Firejail profile for wireshark # Persistent local customizations whitelist ${DOCUMENTS} whitelist ${DOWNLOADS} mkdir ${HOME}/.config/wireshark whitelist ${HOME}/.config/wireshark include whitelist-common.inc include whitelist-run-common.inc include whitelist-runuser-common.inc ``` But, again, my user is in the `wireshark` group. Unsure if you did similarly...
gitea-mirror commented 2026-05-05 09:16:05 -06:00
Author
Owner
Copy link

@oknyshuk commented on GitHub (Nov 21, 2023):

it's broken again:
[...]
Reading profile /home/olk/.config/firejail/wireshark.local
[...]
Ignoring "dbus-user.talk org.freedesktop.portal.Desktop".

@k1gen What do you have in your wireshark.local exactly? Is that where you've added dbus-user.talk org.freedesktop.portal.Desktop? On my Arch Linux box wireshark 4.2.0-1 runs/works just fine with firejail-git. I even hardened it to use a fully whitelisting profile via the below wireshark.local:
[...]
But, again, my user is in the wireshark group. Unsure if you did similarly...

$ bat -p .config/firejail/wireshark.local
dbus-user filter
dbus-user.talk org.freedesktop.portal.Desktop
ignore dbus-user none

$ groups
wireshark ... olk
<!-- gh-comment-id:1820647778 --> @oknyshuk commented on GitHub (Nov 21, 2023): > > it's broken again: > > [...] > > Reading profile /home/olk/.config/firejail/wireshark.local > > [...] > > Ignoring "dbus-user.talk org.freedesktop.portal.Desktop". > > @k1gen What do you have in your wireshark.local exactly? Is that where you've added `dbus-user.talk org.freedesktop.portal.Desktop`? On my Arch Linux box [wireshark 4.2.0-1](https://archlinux.org/packages/extra/x86_64/wireshark-qt/) runs/works just fine with firejail-git. I even hardened it to use a fully whitelisting profile via the below wireshark.local: > [...] > But, again, my user is in the `wireshark` group. Unsure if you did similarly... ``` $ bat -p .config/firejail/wireshark.local dbus-user filter dbus-user.talk org.freedesktop.portal.Desktop ignore dbus-user none ``` ``` $ groups wireshark ... olk ```
gitea-mirror commented 2026-05-05 09:16:05 -06:00
Author
Owner
Copy link

@oknyshuk commented on GitHub (Dec 5, 2023):

hey, I'm still having this issue on linux-clear 6.6.4

<!-- gh-comment-id:1839797657 --> @oknyshuk commented on GitHub (Dec 5, 2023): hey, I'm still having this issue on `linux-clear` 6.6.4
gitea-mirror commented 2026-05-05 09:16:06 -06:00
Author
Owner
Copy link

@oknyshuk commented on GitHub (Jan 23, 2024):

this is still an issue

<!-- gh-comment-id:1906351524 --> @oknyshuk commented on GitHub (Jan 23, 2024): this is still an issue
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2592
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?