github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #4339] Enhancement hardened internet sandbox needed #2628

New issue
Closed
opened 2026-05-05 09:17:23 -06:00 by gitea-mirror · 8 comments
gitea-mirror commented 2026-05-05 09:17:23 -06:00
Owner
Copy link

Originally created by @osevan on GitHub (Jun 5, 2021).
Original GitHub issue: https://github.com/netblue30/firejail/issues/4339

i want start on my host machine squid proxy inside firejail with hardened config.

what i want next is, allowing internet access only from "firejail squid ip address containerjail" ;everything outside of firejail squid jail container should not have internet access - for both ingress and egress.

i know its possible with iptables on hostside.. but how to tell iptables to allow only from firejail container internet and NOTHING ELSE.

i want connect with my browser to internet over squid proxy or other proxy and want start like this one:

firejail --proxy="idofsquidjail/or ip" --x11=xpra firefox

after than every application what i want should run with this command above --proxy.... should have internet access , but all other apps should not have access.

benefits:

everything on hostside cannot access to internet

kernel modules havent any internet access -big attack surface solved

whole /usr/bin havent any internet access - big attack surface solved

every binary not started with firejail --proxy command or proxychains functions in combination with firejail, cannot have access to internet ,because binary dont know how to route traffic out ....

only the admin know the way out and starting firejail smart and tidy :-)

Thanks and

Best Regards

Originally created by @osevan on GitHub (Jun 5, 2021). Original GitHub issue: https://github.com/netblue30/firejail/issues/4339 i want start on my host machine squid proxy inside firejail with hardened config. what i want next is, allowing internet access only from "firejail squid ip address containerjail" ;everything outside of firejail squid jail container should not have internet access - for both ingress and egress. i know its possible with iptables on hostside.. but how to tell iptables to allow only from firejail container internet and NOTHING ELSE. i want connect with my browser to internet over squid proxy or other proxy and want start like this one: firejail --proxy="idofsquidjail/or ip" --x11=xpra firefox after than every application what i want should run with this command above --proxy.... should have internet access , but all other apps should not have access. **benefits:** everything on hostside cannot access to internet kernel modules havent any internet access -big attack surface solved whole /usr/bin havent any internet access - big attack surface solved every binary not started with firejail --proxy command or proxychains functions in combination with firejail, cannot have access to internet ,because binary dont know how to route traffic out .... only the admin know the way out and starting firejail smart and tidy :-) Thanks and Best Regards
gitea-mirror 2026-05-05 09:17:23 -06:00
gitea-mirror commented 2026-05-05 09:17:26 -06:00
Author
Owner
Copy link

@topimiettinen commented on GitHub (Jun 6, 2021):

I've implemented something similar with a combination of SELinux policies, NFTables firewall rules and NetLabel configuration. The unprivileged user user_u:user_r:user_t:s0 isn't allowed to use network, but for example user_u:user_r:mozilla_t:s0 can connect to TCP ports 80 and 443 and user_u:user_r:ssh_t:s0 can connect to TCP port 22. This may not be airtight considering various methods how processes could influence others but it's something.

I don't know how to implement this with Firejail, but it would surely be great addition. If the user's shell would be firejailed and no way to escape firejailing, maybe everything could be run with 'network=none`, except for the explicitly allowed applications? In your proxy setup, the address of the proxy or crypto key to access it could be disclosed in a file, which would not be accessible by unprivileged applications and only the explicitly allowed applications could be allowed access via Firejail config?

<!-- gh-comment-id:855401649 --> @topimiettinen commented on GitHub (Jun 6, 2021): I've implemented something similar with a combination of SELinux policies, NFTables firewall rules and NetLabel configuration. The unprivileged user `user_u:user_r:user_t:s0` isn't allowed to use network, but for example `user_u:user_r:mozilla_t:s0` can connect to TCP ports 80 and 443 and `user_u:user_r:ssh_t:s0` can connect to TCP port 22. This may not be airtight considering various methods how processes could influence others but it's something. I don't know how to implement this with Firejail, but it would surely be great addition. If the user's shell would be firejailed and no way to escape firejailing, maybe everything could be run with 'network=none`, except for the explicitly allowed applications? In your proxy setup, the address of the proxy or crypto key to access it could be disclosed in a file, which would not be accessible by unprivileged applications and only the explicitly allowed applications could be allowed access via Firejail config?
gitea-mirror commented 2026-05-05 09:17:27 -06:00
Author
Owner
Copy link

@osevan commented on GitHub (Jun 6, 2021):

Im experimenting with additional user creation and grepping id.

I plant userid here:
ID 1001 for user with internet access.
iptables -A OUTPUT -m owner --uid-owner 1001 -j ALLOW
0 for root and other IDs what I want block :
iptables -A OUTPUT -m owner --uid-owner 0 -j REJECT

iptables -A OUTPUT -m owner --uid-owner 1000 -j REJECT

But my problem is, I cannot start firejail with different user and Firefox.

Sudo su -m internetaccessuser -c "firejail --debug Firefox" wont start - even when internetaccessuser are in sudoers group. ...

Maybe netblue can help

<!-- gh-comment-id:855433577 --> @osevan commented on GitHub (Jun 6, 2021): Im experimenting with additional user creation and grepping id. I plant userid here: ID 1001 for user with internet access. iptables -A OUTPUT -m owner --uid-owner 1001 -j ALLOW 0 for root and other IDs what I want block : iptables -A OUTPUT -m owner --uid-owner 0 -j REJECT iptables -A OUTPUT -m owner --uid-owner 1000 -j REJECT But my problem is, I cannot start firejail with different user and Firefox. Sudo su -m internetaccessuser -c "firejail --debug Firefox" wont start - even when internetaccessuser are in sudoers group. ... Maybe netblue can help
gitea-mirror commented 2026-05-05 09:17:28 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Jun 6, 2021):

But my problem is, I cannot start firejail with different user and Firefox.
Sudo su -m internetaccessuser -c "firejail --debug Firefox" wing.start - even when internetaccessuser are in sudoers group. ...

Do you get any error? Does firefox start w/o firejail? Do you can start firejail curl or so? If you have a /etc/firejail/firejail.users is internetaccessuser in it? Do you use X11 or Wayland?

<!-- gh-comment-id:855434075 --> @rusty-snake commented on GitHub (Jun 6, 2021): > But my problem is, I cannot start firejail with different user and Firefox. Sudo su -m internetaccessuser -c "firejail --debug Firefox" wing.start - even when internetaccessuser are in sudoers group. ... Do you get any error? Does firefox start w/o firejail? Do you can start `firejail curl` or so? If you have a `/etc/firejail/firejail.users` is internetaccessuser in it? Do you use X11 or Wayland?
gitea-mirror commented 2026-05-05 09:17:29 -06:00
Author
Owner
Copy link

@osevan commented on GitHub (Jun 6, 2021):

But my problem is, I cannot start firejail with different user and Firefox.
Sudo su -m internetaccessuser -c "firejail --debug Firefox" wing.start - even when internetaccessuser are in sudoers group. ...

Do you get any error? Does firefox start w/o firejail? Do you can start firejail curl or so? If you have a /etc/firejail/firejail.users is internetaccessuser in it? Do you use X11 or Wayland?

Woow, Thanks for reply.

I can start Firefox with firejail with my default user and root.
I did not know about firejail.users file.

I will test this tomorrow.

Im using x11 and Firefox will be x11 sandboxed with xpra latest from xpra owns repository.

<!-- gh-comment-id:855434986 --> @osevan commented on GitHub (Jun 6, 2021): > > But my problem is, I cannot start firejail with different user and Firefox. > > Sudo su -m internetaccessuser -c "firejail --debug Firefox" wing.start - even when internetaccessuser are in sudoers group. ... > > Do you get any error? Does firefox start w/o firejail? Do you can start `firejail curl` or so? If you have a `/etc/firejail/firejail.users` is internetaccessuser in it? Do you use X11 or Wayland? Woow, Thanks for reply. I can start Firefox with firejail with my default user and root. I did not know about firejail.users file. I will test this tomorrow. Im using x11 and Firefox will be x11 sandboxed with xpra latest from xpra owns repository.
gitea-mirror commented 2026-05-05 09:17:30 -06:00
Author
Owner
Copy link

@osevan commented on GitHub (Jun 7, 2021):

firejail curl inside user shell works fine

$ whoami
internet

$ firejail --version
firejail version 0.9.65

Compile time support:
	- Always force nonewprivs support is disabled
	- AppArmor support is enabled
	- AppImage support is enabled
	- chroot support is enabled
	- D-BUS proxy support is enabled
	- file and directory whitelisting support is enabled
	- file transfer support is enabled
	- firetunnel support is enabled
	- networking support is enabled
	- output logging is enabled
	- overlayfs support is disabled
	- private-home support is enabled
	- private-cache and tmpfs as user enabled
	- SELinux support is disabled
	- user namespace support is enabled
	- X11 sandboxing support is enabled

$ firejail curl gogole.com
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="https://www.google.com/">here</A>.
</BODY></HTML>

EDIT by @rusty-snake: code-block

<!-- gh-comment-id:855876773 --> @osevan commented on GitHub (Jun 7, 2021): firejail curl inside user shell works fine ``` $ whoami internet $ firejail --version firejail version 0.9.65 Compile time support: - Always force nonewprivs support is disabled - AppArmor support is enabled - AppImage support is enabled - chroot support is enabled - D-BUS proxy support is enabled - file and directory whitelisting support is enabled - file transfer support is enabled - firetunnel support is enabled - networking support is enabled - output logging is enabled - overlayfs support is disabled - private-home support is enabled - private-cache and tmpfs as user enabled - SELinux support is disabled - user namespace support is enabled - X11 sandboxing support is enabled $ firejail curl gogole.com <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"> <TITLE>301 Moved</TITLE></HEAD><BODY> <H1>301 Moved</H1> The document has moved <A HREF="https://www.google.com/">here</A>. </BODY></HTML> ``` --- EDIT by @rusty-snake: code-block
gitea-mirror commented 2026-05-05 09:17:30 -06:00
Author
Owner
Copy link

@osevan commented on GitHub (Jun 7, 2021):

here when i try to start

firejail --debug firefox 
$ firejail --debug firefox 2>&1 | tee output.log
Reading profile /usr/local/etc/firejail/firefox.profile
Autoselecting /bin/sh as shell
Building quoted command line: 'firefox' 
Command name #firefox#
Found firefox.profile profile in /usr/local/etc/firejail directory
Reading profile /usr/local/etc/firejail/whitelist-usr-share-common.inc
Found whitelist-usr-share-common.inc profile in /usr/local/etc/firejail directory
Reading profile /usr/local/etc/firejail/firefox-common.profile
Found firefox-common.profile profile in /usr/local/etc/firejail directory
Reading profile /usr/local/etc/firejail/disable-common.inc
Found disable-common.inc profile in /usr/local/etc/firejail directory
Reading profile /usr/local/etc/firejail/disable-devel.inc
Found disable-devel.inc profile in /usr/local/etc/firejail directory
Reading profile /usr/local/etc/firejail/disable-exec.inc
Found disable-exec.inc profile in /usr/local/etc/firejail directory
Reading profile /usr/local/etc/firejail/disable-interpreters.inc
Found disable-interpreters.inc profile in /usr/local/etc/firejail directory
Reading profile /usr/local/etc/firejail/disable-programs.inc
Found disable-programs.inc profile in /usr/local/etc/firejail directory
Reading profile /usr/local/etc/firejail/whitelist-common.inc
Found whitelist-common.inc profile in /usr/local/etc/firejail directory
Reading profile /usr/local/etc/firejail/whitelist-runuser-common.inc
Found whitelist-runuser-common.inc profile in /usr/local/etc/firejail directory
Reading profile /usr/local/etc/firejail/whitelist-var-common.inc
Found whitelist-var-common.inc profile in /usr/local/etc/firejail directory
[profile] combined protocol list: "unix,inet,inet6,netlink"
[profile] combined protocol list: "unix,inet,inet6,netlink"
DISPLAY=:0.0 parsed as 0
Warning: /usr/bin/xdg-dbus-proxy was not found, downgrading dbus-user policy to allow.
To enable DBus filtering, install the xdg-dbus-proxy program.
Ignoring "dbus-user.own org.mozilla.Firefox.*" and 2 other dbus-user filter rules.
Parent pid 18484, child pid 18486
conditional BROWSER_DISABLE_U2F, nou2f
conditional BROWSER_DISABLE_U2F, private-dev
Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
Seccomp list in: @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice, check list: @default-keep, prelist: adjtimex,clock_adjtime,clock_settime,settimeofday,modify_ldt,lookup_dcookie,perf_event_open,process_vm_writev,delete_module,finit_module,init_module,_sysctl,afs_syscall,create_module,get_kernel_syms,getpmsg,putpmsg,query_module,security,sysfs,tuxcall,uselib,ustat,vserver,ioperm,iopl,kexec_load,kexec_file_load,reboot,ioprio_set,mbind,migrate_pages,move_pages,sched_setaffinity,sched_setattr,sched_setparam,sched_setscheduler,set_mempolicy,swapon,swapoff,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount2,userfaultfd,vhangup,vmsplice,
Using the local network stack
conditional BROWSER_DISABLE_U2F, nou2f
conditional BROWSER_DISABLE_U2F, private-dev
Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
Seccomp list in: @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice, check list: @default-keep, prelist: adjtimex,clock_adjtime,clock_settime,settimeofday,modify_ldt,lookup_dcookie,perf_event_open,process_vm_writev,delete_module,finit_module,init_module,_sysctl,afs_syscall,create_module,get_kernel_syms,getpmsg,putpmsg,query_module,security,sysfs,tuxcall,uselib,ustat,vserver,ioperm,iopl,kexec_load,kexec_file_load,reboot,ioprio_set,mbind,migrate_pages,move_pages,sched_setaffinity,sched_setattr,sched_setparam,sched_setscheduler,set_mempolicy,swapon,swapoff,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount2,userfaultfd,vhangup,vmsplice,
Using the local network stack
Initializing child process
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp directory
Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file
Build protocol filter: unix,inet,inet6,netlink
sbox run: /run/firejail/lib/fseccomp protocol build unix,inet,inet6,netlink /run/firejail/mnt/seccomp/seccomp.protocol 
Mounting /proc filesystem representing the PID namespace
Basic read-only filesystem:
Mounting read-only /etc
76 52 253:0 /etc /etc ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=76 fsname=/etc dir=/etc fstype=ext4
Mounting noexec /etc
77 76 253:0 /etc /etc ro,nosuid,nodev,noexec,noatime - ext4 /dev/mapper/rootfs rw
mountid=77 fsname=/etc dir=/etc fstype=ext4
Mounting read-only /var
80 78 0:31 / /var/spool rw,noatime - tmpfs none rw,inode64
mountid=80 fsname=/ dir=/var/spool fstype=tmpfs
Mounting read-only /var/tmp
81 79 0:30 / /var/tmp ro,noatime - tmpfs none rw,inode64
mountid=81 fsname=/ dir=/var/tmp fstype=tmpfs
Mounting read-only /var/spool
82 80 0:31 / /var/spool ro,noatime - tmpfs none rw,inode64
mountid=82 fsname=/ dir=/var/spool fstype=tmpfs
Mounting noexec /var
87 86 0:31 / /var/spool ro,noatime - tmpfs none rw,inode64
mountid=87 fsname=/ dir=/var/spool fstype=tmpfs
Mounting noexec /var/tmp
88 85 0:30 / /var/tmp ro,nosuid,nodev,noexec,noatime - tmpfs none rw,inode64
mountid=88 fsname=/ dir=/var/tmp fstype=tmpfs
Mounting noexec /var/spool
89 87 0:31 / /var/spool ro,nosuid,nodev,noexec,noatime - tmpfs none rw,inode64
mountid=89 fsname=/ dir=/var/spool fstype=tmpfs
Mounting read-only /usr
90 52 253:0 /usr /usr ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=90 fsname=/usr dir=/usr fstype=ext4
Mounting read-only /bin
91 52 253:0 /bin /bin ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=91 fsname=/bin dir=/bin fstype=ext4
Mounting read-only /sbin
92 52 253:0 /sbin /sbin ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=92 fsname=/sbin dir=/sbin fstype=ext4
Mounting read-only /lib
93 52 253:0 /lib /lib ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=93 fsname=/lib dir=/lib fstype=ext4
Mounting read-only /lib64
94 52 253:0 /lib64 /lib64 ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=94 fsname=/lib64 dir=/lib64 fstype=ext4
Mounting read-only /lib32
95 52 253:0 /lib32 /lib32 ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=95 fsname=/lib32 dir=/lib32 fstype=ext4
Mounting read-only /libx32
96 52 253:0 /libx32 /libx32 ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=96 fsname=/libx32 dir=/libx32 fstype=ext4
Mounting tmpfs on /var/lock
Mounting tmpfs oWarning: file firefox-wayland not found
Warning: file getenforce not found
Warning: file restorecon not found
n /var/tmp
Mounting tmpfs on /var/log
Mounting tmpfs on /var/lib/dhcp
Mounting tmpfs on /var/lib/snmp
Mounting tmpfs on /var/lib/sudo
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Cleaning /run/user directory
Cannot open /run/user/1001 directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/profile
Disable /run/firejail/x11
Mounting tmpfs on /dev
mounting /run/firejail/mnt/dev/snd directory
mounting /run/firejail/mnt/dev/dri directory
mounting /run/firejail/mnt/dev/video0 file
mounting /run/firejail/mnt/dev/video1 file
Process /dev/shm directory
Copying files in the new bin directory
Checking /usr/local/bin/basename
Checking /usr/bin/basename
sbox run: /run/firejail/lib/fcopy /usr/bin/basename /run/firejail/mnt/bin 
Checking /usr/local/bin/bash
Checking /usr/bin/bash
Checking /bin/bash
sbox run: /run/firejail/lib/fcopy /bin/bash /run/firejail/mnt/bin 
Checking /usr/local/bin/cat
Checking /usr/bin/cat
Checking /bin/cat
sbox run: /run/firejail/lib/fcopy /bin/cat /run/firejail/mnt/bin 
Checking /usr/local/bin/dirname
Checking /usr/bin/dirname
sbox run: /run/firejail/lib/fcopy /usr/bin/dirname /run/firejail/mnt/bin 
Checking /usr/local/bin/expr
Checking /usr/bin/expr
sbox run: /run/firejail/lib/fcopy /usr/bin/expr /run/firejail/mnt/bin 
Checking /usr/local/bin/false
Checking /usr/bin/false
Checking /bin/false
sbox run: /run/firejail/lib/fcopy /bin/false /run/firejail/mnt/bin 
Checking /usr/local/bin/firefox
Checking /usr/bin/firefox
sbox run: /run/firejail/lib/fcopy /usr/bin/firefox /run/firejail/mnt/bin 
Checking /usr/local/bin/firefox-esr
Checking /usr/bin/firefox-esr
file /usr/lib/firefox-esr/firefox-esr not found
sbox run: /run/firejail/lib/fcopy /usr/bin/firefox-esr /run/firejail/mnt/bin 
Checking /usr/local/bin/firefox-wayland
Checking /usr/bin/firefox-wayland
Checking /bin/firefox-wayland
Checking /usr/games/firefox-wayland
Checking /usr/local/games/firefox-wayland
Checking /usr/local/sbin/firefox-wayland
Checking /usr/sbin/firefox-wayland
Checking /sbin/firefox-wayland
Checking /usr/local/bin/getenforce
Checking /usr/bin/getenforce
Checking /bin/getenforce
Checking /usr/games/getenforce
Checking /usr/local/games/getenforce
Checking /usr/local/sbin/getenforce
Checking /usr/sbin/getenforce
Checking /sbin/getenforce
Checking /usr/local/bin/ln
Checking /usr/bin/ln
Checking /bin/ln
sbox run: /run/firejail/lib/fcopy /bin/ln /run/firejail/mnt/bin 
Checking /usr/local/bin/mkdir
Checking /usr/bin/mkdir
Checking /bin/mkdir
sbox run: /run/firejail/lib/fcopy /bin/mkdir /run/firejail/mnt/bin 
Checking /usr/local/bin/pidof
Checking /usr/bin/pidof
Checking /bin/pidof
sbox run: /run/firejail/lib/fcopy /sbin/killall5 /run/firejail/mnt/bin 
sbox run: /run/firejail/lib/fcopy /bin/pidof /run/firejail/mnt/bin 
Checking /usr/local/bin/restorecon
Checking /usr/bin/restorecon
Checking /bin/restorecon
Checking /usr/games/restorecon
Checking /usr/local/games/restorecon
Checking /usr/local/sbin/restorecon
Checking /usr/sbin/restorecon
Checking /sbin/restorecon
Checking /usr/local/bin/rm
Checking /usr/bin/rm
Checking /bin/rm
sbox run: /run/firejail/lib/fcopy /bin/rm /run/firejail/mnt/bin 
Checking /usr/local/bin/rmdir
Checking /usr/bin/rmdir
Checking /bin/rmdir
sbox run: /run/firejail/lib/fcopy /bin/rmdir /run/firejail/mnt/bin 
Checking /usr/local/bin/sed
Checking /usr/bin/sed
Checking /bin/sed
sbox run: /run/firejail/lib/fcopy /bin/sed /run/firejail/mnt/bin 
Checking /usr/local/bin/sh
Checking /usr/bin/sh
Checking /bin/sh
sbox run: /run/firejail/lib/fcopy /bin/dash /run/firejail/mnt/bin 
sbox run: /run/firejail/lib/fcopy /bin/sh /run/firejail/mnt/bin 
Checking /usr/local/bin/tclsh
Checking /usr/bin/tclsh
sbox run: /run/firejail/lib/fcopy /usr/bin/tclsh8.6 /run/firejail/mnt/bin 
sbox run: /run/firejail/lib/fcopy /usr/bin/tclsh /run/firejail/mnt/bin 
Checking /usr/local/bin/true
Checking /usr/bin/true
Checking /bin/true
sbox run: /run/firejail/lib/fcopy /bin/true /run/firejail/mnt/b21 programs installed in 51.53 ms
in 
Checking /usr/local/bin/uname
Checking /usr/bin/uname
Checking /bin/uname
sbox run: /run/firejail/lib/fcopy /bin/uname /run/firejail/mnt/bin 
Mount-bind /run/firejail/mnt/bin on top of /usr/local/bin
Mount-bind /run/firejail/mnt/bin on top of /usr/bin
Mount-bind /run/firejail/mnt/bin on top of /bin
Mount-bind /run/firejail/mnt/bin on top of /usr/games
Mount-bind /run/firejail/mnt/bin on top of /usr/local/games
Mount-bind /run/firejail/mnt/bin on top of /usr/local/sbin
Mount-bind /run/firejail/mnt/bin on top of /usr/sbin
Mount-bind /run/firejail/mnt/bin on top of /sbin
Standard C library installed in 1.43 ms
Starting private-lib processing: program firefox, shell none
Installing standard C library
    mounting /lib/x86_64-linux-gnu/libnss_nis.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libnss_nis.so.2
    mounting /lib/x86_64-linux-gnu/librt.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/librt.so.1
    mounting /lib/x86_64-linux-gnu/libapparmor.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libapparmor.so.1
    mounting /lib/x86_64-linux-gnu/libnss_files.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libnss_files.so.2
    mounting /lib/x86_64-linux-gnu/libselinux.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libselinux.so.1
    mounting /lib/x86_64-linux-gnu/ld-linux-x86-64.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
    mounting /lib/x86_64-linux-gnu/libutil.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libutil.so.1
    mounting /lib/x86_64-linux-gnu/libpthread.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libpthread.so.0
    mounting /lib/x86_64-linux-gnu/libcrypt.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libcrypt.so.1
    mounting /lib/x86_64-linux-gnu/libthread_db.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libthread_db.so.1
    mounting /lib/x86_64-linux-gnu/libnss_hesiod.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libnss_hesiod.so.2
    mounting /lib/x86_64-linux-gnu/libmemusage.so on /run/firejail/mnt/lib/x86_64-linux-gnu/libmemusage.so
    mounting /lib/x86_64-linux-gnu/libmvec.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libmvec.so.1
    mounting /lib/x86_64-linux-gnu/libnss_dns.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libnss_dns.so.2
    mounting /lib/x86_64-linux-gnu/libc.so.6 on /run/firejail/mnt/lib/x86_64-linux-gnu/libc.so.6
    mounting /lib/x86_64-linux-gnu/libanl.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libanl.so.1
    mounting /lib/x86_64-linux-gnu/libnss_compat.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libnss_compat.so.2
    mounting /lib/x86_64-linux-gnu/libnsl.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libnsl.so.1
    mounting /lib/x86_64-linux-gnu/libresolv.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libresolv.so.2
    mounting /lib/x86_64-linux-gnu/libm.so.6 on /run/firejail/mnt/lib/x86_64-linux-gnu/libm.so.6
    mounting /lib/x86_64-linux-gnu/libapparmor.so.1.6.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libapparmor.so.1.6.0
    mounting /lib/x86_64-linux-gnu/libnss_nisplus.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libnss_nisplus.so.2
    mounting /lib/x86_64-linux-gnu/libdl.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libdl.so.2
    mounting /lib64/ld-linux-x86-64.so.2 on /run/firejail/mnt/lib/ld-linux-x86-64.so.2
    mounting /usr/lib/locale on /run/firejail/mnt/lib/locale
Firejail libraries installed in 2.84 ms
Installing Firejail libraries
Cannot read /usr/local/bin/firejail, skipping...
    mounting /usr/local/lib/firejail on /run/firejail/mnt/lib/firejail
    fslib_mount_libs /run/firejail/lib/fcopy (parse as root)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /run/firejail/lib/fcopy
sbox run: /run/firejail/lib/fldd /run/firejail/lib/fcopy /run/firejail/mnt/libfiles 
Installing sandboxed program libraries
Searching $PATH for firefox
trying #/home/ra/.local/bin/firefox#
trying #/usr/local/gcc-10.2.0/bin/firefox#
trying #/usr/local/bin/firefox#
    fslib_install_list  /usr/local/bin/firefox
Processing private-lib files
    fslib_install_list  /usr/lib/firefox-esr/libmozgtk.so,/usr/lib/firefox-esr/libxul.so
    mounting /usr/lib/firefox-esr/libmozgtk.so on /run/firejail/mnt/lib/libmozgtk.so
    fslib_mount_libs /usr/lib/firefox-esr/libmozgtk.so (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /usr/lib/firefox-esr/libmozgtk.so
sbox run: /run/firejail/lib/fldd /usr/lib/firefox-esr/libmozgtk.so /run/firejail/mnt/libfiles 
    mounting /usr/lib/x86_64-linux-gnu/libatspi.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libatspi.so.0
    mounting /lib/x86_64-linux-gnu/libcap.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libcap.so.2
    mounting /lib/x86_64-linux-gnu/libsystemd.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libsystemd.so.0
    mounting /lib/x86_64-linux-gnu/libdbus-1.so.3 on /run/firejail/mnt/lib/x86_64-linux-gnu/libdbus-1.so.3
    mounting /usr/lib/x86_64-linux-gnu/libatk-bridge-2.0.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libatk-bridge-2.0.so.0
    mounting /usr/lib/x86_64-linux-gnu/libatk-1.0.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libatk-1.0.so.0
    mounting /usr/lib/x86_64-linux-gnu/libepoxy.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libepoxy.so.0
    mounting /usr/lib/x86_64-linux-gnu/libwayland-egl.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libwayland-egl.so.1
    mounting /usr/lib/x86_64-linux-gnu/libwayland-client.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libwayland-client.so.0
    mounting /usr/lib/x86_64-linux-gnu/libwayland-cursor.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libwayland-cursor.so.0
    mounting /usr/lib/x86_64-linux-gnu/libxkbcommon.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libxkbcommon.so.0
    mounting /usr/lib/x86_64-linux-gnu/libXdamage.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libXdamage.so.1
    mounting /usr/lib/x86_64-linux-gnu/libXcomposite.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libXcomposite.so.1
    mounting /usr/lib/x86_64-linux-gnu/libXfixes.so.3 on /run/firejail/mnt/lib/x86_64-linux-gnu/libXfixes.so.3
    mounting /usr/lib/x86_64-linux-gnu/libXcursor.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libXcursor.so.1
    mounting /usr/lib/x86_64-linux-gnu/libXrandr.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libXrandr.so.2
    mounting /usr/lib/x86_64-linux-gnu/libXi.so.6 on /run/firejail/mnt/lib/x86_64-linux-gnu/libXi.so.6
    mounting /usr/lib/x86_64-linux-gnu/libXinerama.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libXinerama.so.1
    mounting /usr/lib/x86_64-linux-gnu/libcairo-gobject.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libcairo-gobject.so.2
    mounting /lib/x86_64-linux-gnu/libblkid.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libblkid.so.1
    mounting /lib/x86_64-linux-gnu/libmount.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libmount.so.1
    mounting /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libgio-2.0.so.0
    mounting /usr/lib/x86_64-linux-gnu/libgmodule-2.0.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libgmodule-2.0.so.0
    mounting /usr/lib/x86_64-linux-gnu/libgdk_pixbuf-2.0.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libgdk_pixbuf-2.0.so.0
    mounting /usr/lib/x86_64-linux-gnu/libXext.so.6 on /run/firejail/mnt/lib/x86_64-linux-gnu/libXext.so.6
    mounting /usr/lib/x86_64-linux-gnu/libX11.so.6 on /run/firejail/mnt/lib/x86_64-linux-gnu/libX11.so.6
    mounting /usr/lib/x86_64-linux-gnu/libXrender.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libXrender.so.1
    mounting /usr/lib/x86_64-linux-gnu/libxcb-render.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libxcb-render.so.0
    mounting /usr/lib/x86_64-linux-gnu/libbsd.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libbsd.so.0
    mounting /usr/lib/x86_64-linux-gnu/libXdmcp.so.6 on /run/firejail/mnt/lib/x86_64-linux-gnu/libXdmcp.soWarning fldd: cannot find libmozsandbox.so, skipping...
Warning fldd: cannot find liblgpllibs.so, skipping...
Warning fldd: cannot find libmozsqlite3.so, skipping...
Warning fldd: cannot find libmozgtk.so, skipping...
Warning fldd: cannot find libmozwayland.so, skipping...
.6
    mounting /usr/lib/x86_64-linux-gnu/libXau.so.6 on /run/firejail/mnt/lib/x86_64-linux-gnu/libXau.so.6
    mounting /usr/lib/x86_64-linux-gnu/libxcb.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libxcb.so.1
    mounting /usr/lib/x86_64-linux-gnu/libxcb-shm.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libxcb-shm.so.0
    mounting /usr/lib/x86_64-linux-gnu/libpixman-1.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libpixman-1.so.0
    mounting /usr/lib/x86_64-linux-gnu/libcairo.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libcairo.so.2
    mounting /lib/x86_64-linux-gnu/libuuid.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libuuid.so.1
    mounting /lib/x86_64-linux-gnu/libexpat.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libexpat.so.1
    mounting /usr/lib/x86_64-linux-gnu/libfontconfig.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libfontconfig.so.1
    mounting /usr/lib/x86_64-linux-gnu/libgraphite2.so.3 on /run/firejail/mnt/lib/x86_64-linux-gnu/libgraphite2.so.3
    mounting /lib/x86_64-linux-gnu/libz.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libz.so.1
    mounting /usr/lib/x86_64-linux-gnu/libpng16.so.16 on /run/firejail/mnt/lib/x86_64-linux-gnu/libpng16.so.16
    mounting /usr/lib/x86_64-linux-gnu/libfreetype.so.6 on /run/firejail/mnt/lib/x86_64-linux-gnu/libfreetype.so.6
    mounting /usr/lib/x86_64-linux-gnu/libharfbuzz.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libharfbuzz.so.0
    mounting /usr/lib/x86_64-linux-gnu/libpangoft2-1.0.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libpangoft2-1.0.so.0
    mounting /usr/lib/x86_64-linux-gnu/libfribidi.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libfribidi.so.0
    mounting /usr/lib/x86_64-linux-gnu/libdatrie.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libdatrie.so.1
    mounting /usr/lib/x86_64-linux-gnu/libthai.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libthai.so.0
    mounting /usr/lib/x86_64-linux-gnu/libffi.so.6 on /run/firejail/mnt/lib/x86_64-linux-gnu/libffi.so.6
    mounting /lib/x86_64-linux-gnu/libpcre.so.3 on /run/firejail/mnt/lib/x86_64-linux-gnu/libpcre.so.3
    mounting /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libglib-2.0.so.0
    mounting /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libgobject-2.0.so.0
    mounting /usr/lib/x86_64-linux-gnu/libpango-1.0.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libpango-1.0.so.0
    mounting /usr/lib/x86_64-linux-gnu/libpangocairo-1.0.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libpangocairo-1.0.so.0
    mounting /usr/lib/x86_64-linux-gnu/libgdk-3.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libgdk-3.so.0
    mounting /usr/lib/x86_64-linux-gnu/libgtk-3.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libgtk-3.so.0
    mounting /usr/lib/firefox-esr/libxul.so on /run/firejail/mnt/lib/libxul.so
    fslib_mount_libs /usr/lib/firefox-esr/libxul.so (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /usr/lib/firefox-esr/libxul.so
sbox run: /run/firejail/lib/fldd /usr/lib/firefox-esr/libxul.so /run/firejail/mnt/libfiles 
    mounting /lib/x86_64-linux-gnu/libgcc_s.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libgcc_s.so.1
    mounting /usr/lib/x86_64-linux-gnu/libstdc++.so.6 on /run/firejail/mnt/lib/x86_64-linux-gnu/libstdc++.so.6
    mounting /usr/lib/x86_64-linux-gnu/libdbus-glib-1.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libdbus-glib-1.so.2
    mounting /usr/lib/x86_64-linux-gnu/libevent-2.1.so.6 on /run/firejail/mnt/lib/x86_64-linux-gnu/libevent-2.1.so.6
    mounting /usr/lib/x86_64-linux-gnu/libX11-xcb.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libX11-xcb.so.1
    mounting /usr/lib/x86_64-linux-gnu/libssl3.so on /run/firejail/mnt/lib/x86_64-linux-gnu/libssl3.so
    mounting /usr/lib/x86_64-linux-gnu/libsmime3.so on /run/firejail/mnt/lib/x86_64-linux-gnu/libsmime3.so
    mounting /usr/lib/x86_64-linux-gnu/libplds4.so on /run/firejail/mnt/lib/x86_64-linux-gnu/libplds4.so
    mounting /usr/lib/x86_64-linux-gnu/libnssutil3.so on /run/firejail/mnt/lib/x86_64-linux-gnu/libnssutil3.so
    mounting /usr/lib/x86_64-linux-gnu/libnss3.so on /run/firejail/mnt/lib/x86_64-linux-gnu/libnss3.so
    mounting /usr/lib/x86_64-linux-gnu/libplc4.so on /run/firejail/mnt/lib/x86_64-linux-gnu/libplc4.so
    mounting /usr/lib/x86_64-linux-gnu/libnspr4.so on /run/firejail/mnt/lib/x86_64-linux-gnu/libnspr4.so
Processing private-bin files
    fslib_install_list  basename,/usr/bin/basename,bash,/bin/bash,cat,/bin/cat,dirname,/usr/bin/dirname,expr,/usr/bin/expr,false,/bin/false,firefox,/usr/bin/firefox,firefox-esr,/usr/bin/firefox-esr,ln,/bin/ln,mkdir,/bin/mkdir,pidof,/bin/pidof,rm,/bin/rm,rmdir,/bin/rmdir,sed,/bin/sed,sh,/bin/sh,tclsh,/usr/bin/tclsh,true,/bin/true,uname,/bin/uname
    fslib_mount_libs /usr/bin/basename (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /usr/bin/basename
sbox run: /run/firejail/lib/fldd /usr/bin/basename /run/firejail/mnt/libfiles 
    fslib_mount_libs /bin/bash (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /bin/bash
sbox run: /run/firejail/lib/fldd /bin/bash /run/firejail/mnt/libfiles 
    mounting /lib/x86_64-linux-gnu/libtinfo.so.6 on /run/firejail/mnt/lib/x86_64-linux-gnu/libtinfo.so.6
    fslib_mount_libs /bin/cat (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /bin/cat
sbox run: /run/firejail/lib/fldd /bin/cat /run/firejail/mnt/libfiles 
    fslib_mount_libs /usr/bin/dirname (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /usr/bin/dirname
sbox run: /run/firejail/lib/fldd /usr/bin/dirname /run/firejail/mnt/libfiles 
    fslib_mount_libs /usr/bin/expr (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /usr/bin/expr
sbox run: /run/firejail/lib/fldd /usr/bin/expr /run/firejail/mnt/libfiles 
    fslib_mount_libs /bin/false (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /bin/false
sbox run: /run/firejail/lib/fldd /bin/false /run/firejail/mnt/libfiles 
    mounting /usr/lib/firefox-esr on /run/firejail/mnt/lib/firefox-esr
    fslib_mount_libs /usr/bin/firefox-esr (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /usr/bin/firefox-esr
sbox run: /run/firejail/lib/fldd /usr/bin/firefox-esr /run/firejail/mnt/libfiles 
    fslib_mount_libs /bin/ln (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /bin/ln
sbox run: /run/firejail/lib/fldd /bin/ln /run/firejail/mnt/libfiles 
    fslib_mount_libs /bin/mkdir (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /bin/mkdir
sbox run: /run/firejail/lib/fldd /bin/mkdir /run/firejail/mnt/libfiles 
    fslib_mount_libs /bin/pidof (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /bin/pidof
sbox run: /run/firejail/lib/fldd /bin/pidof /run/firejail/mnt/libfiles 
    fslib_mount_libs /bin/rm (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /bin/rm
sbox run: /run/firejail/lib/fldd /bin/rm /run/firejail/mnt/libfiles 
    fslib_mount_libs /bin/rmdir (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /bin/rmdir
sbox run: /run/firejail/lib/fldd /bin/rmdir /run/firejail/mnt/libfiles 
    fslib_mount_libs /bin/sed (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /bin/sed
sbox run: /run/firejail/lib/fldd /bin/sed /run/firejail/mnt/libfiles 
    mounting /usr/lib/x86_64-linux-gnu/libattr.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libattr.so.1
    mounting /usr/lib/x86_64-linux-gnu/libacl.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libacl.so.1
    fslib_mount_libs /bin/sh (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /bin/sh
sbox run: /run/firejail/lib/fldd /bin/sh /run/firejail/mnt/libfiles 
    fslib_mount_libs /usr/bin/tclsh (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /usr/bin/tclsh
sbox run: /run/firejail/lib/fldd /usr/bin/tclsh /run/firejail/mnt/libfiles 
Dropping all capabilitienux-gnu/libnssutil3.so
    mounting /usr/lib/x86_64-linux-gnu/libnss3.so on /run/firejail/mnt/lib/x86_64-linux-gnu/libnss3.so
    mounting /usr/lib/x86_64-linux-gnu/libplc4.so on /run/firejail/mnt/lib/x86_64-linux-gnu/libplc4.so
    mounting /usr/lib/x86_64-linux-gnu/libnspr4.so on /run/firejail/mnt/lib/x86_64-linux-gnu/libnspr4.so
Processing private-bin files
    fslib_install_list  basename,/usr/bin/basename,bash,/bin/bash,cat,/bin/cat,dirname,/usr/bin/dirname,expr,/usr/bin/expr,false,/bin/false,firefox,/usr/bin/firefox,firefox-esr,/usr/bin/firefox-esr,ln,/bin/ln,mkdir,/bin/mkdir,pidof,/bin/pidof,rm,/bin/rm,rmdir,/bin/rmdir,sed,/bin/sed,sh,/bin/sh,tclsh,/usr/bin/tclsh,true,/bin/true,uname,/bin/uname
    fslib_mount_libs /usr/bin/basename (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /usr/bin/basename
sbox run: /run/firejail/lib/fldd /usr/bin/basename /run/firejail/mnt/libfiles 
    fslib_mount_libs /bin/bash (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /bin/bash
sbox run: /run/firejail/lib/fldd /bin/bash /run/firejail/mnt/libfiles 
    mounting /lib/x86_64-linux-gnu/libtinfo.so.6 on /run/firejail/mnt/lib/x86_64-linux-gnu/libtinfo.so.6
    fslib_mount_libs /bin/cat (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /bin/cat
sbox run: /run/firejail/lib/fldd /bin/cat /run/firejail/mnt/libfiles 
    fslib_mount_libs /usr/bin/dirname (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /usr/bin/dirname
sbox run: /run/firejail/lib/fldd /usr/bin/dirname /run/firejail/mnt/libfiles 
    fslib_mount_libs /usr/bin/expr (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /usr/bin/expr
sbox run: /run/firejail/lib/fldd /usr/bin/expr /run/firejail/mnt/libfiles 
    fslib_mount_libs /bin/false (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /bin/false
sbox run: /run/firejail/lib/fldd /bin/false /run/firejail/mnt/libfiles 
    mounting /usr/lib/firefox-esr on /run/firejail/mnt/lib/firefox-esr
    fslib_mount_libs /usr/bin/firefox-esr (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /usr/bin/firefox-esr
sbox run: /run/firejail/lib/fldd /usr/bin/firefox-esr /run/firejail/mnt/libfiles 
    fslib_mount_libs /bin/ln (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /bin/ln
sbox run: /run/firejail/lib/fldd /bin/ln /run/firejail/mnt/libfiles 
    fslib_mount_libs /bin/mkdir (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /bin/mkdir
sbox run: /run/firejail/lib/fldd /bin/mkdir /run/firejail/mnt/libfiles 
    fslib_mount_libs /bin/pidof (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /bin/pidof
sbox run: /run/firejail/lib/fldd /bin/pidof /run/firejail/mnt/libfiles 
    fslib_mount_libs /bin/rm (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /bin/rm
sbox run: /run/firejail/lib/fldd /bin/rm /run/firejail/mnt/libfiles 
    fslib_mount_libs /bin/rmdir (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /bin/rmdir
sbox run: /run/firejail/lib/fldd /bin/rmdir /run/firejail/mnt/libfiles 
    fslib_mount_libs /bin/sed (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /bin/sed
sbox run: /run/firejail/lib/fldd /bin/sed /run/firejail/mnt/libfiles 
    mounting /usr/lib/x86_64-linux-gnu/libattr.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libattr.so.1
    mounting /usr/lib/x86_64-linux-gnu/libacl.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libacl.so.1
    fslib_mount_libs /bin/sh (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /bin/sh
sbox run: /run/firejail/lib/fldd /bin/sh /run/firejail/mnt/libfiles 
    fslib_mount_libs /usr/bin/tclsh (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /usr/bin/tclsh
sbox run: /run/firejail/lib/fldd /usr/bin/tclsh /run/firejail/mnt/libfiles 
    mounting /usr/lib/x8Program libraries installed in 85.68 ms
6_64-linux-gnu/libtcl8.6.so on /run/firejail/mnt/lib/x86_64-linux-gnu/libtcl8.6.so
    fslib_mount_libs /bin/true (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /bin/true
sbox run: /run/firejail/lib/fldd /bin/true /run/firejail/mnt/libfiles 
    fslib_mount_libs /bin/uname (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /bin/uname
sbox run: /run/firejail/lib/fldd /bin/uname /run/firejail/mnt/libfiles 
GdkPixbuf installed in 19.87 ms
Installing system libraries
    fslib_mount_libs /usr/lib/x86_64-linux-gnu/gdk-pixbuf-2.0 (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /usr/lib/x86_64-linux-gnu/gdk-pixbuf-2.0
sbox run: /run/firejail/lib/fldd /usr/lib/x86_64-linux-gnu/gdk-pixbuf-2.0 /run/firejail/mnt/libfiles 
    mounting /usr/lib/x86_64-linux-gnu/libjpeg.so.62 on /run/firejail/mnt/lib/x86_64-linux-gnu/libjpeg.so.62
    mounting /usr/lib/x86_64-linux-gnu/libjbig.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libjbig.so.0
    mounting /usr/lib/x86_64-linux-gnu/libzstd.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libzstd.so.1
    mounting /usr/lib/x86_64-linux-gnu/libwebp.so.6 on /run/firejail/mnt/lib/x86_64-linux-gnu/libwebp.so.6
    mounting /usr/lib/x86_64-linux-gnu/libtiff.so.5 on /run/firejail/mnt/lib/x86_64-linux-gnu/libtiff.so.5
    mounting /lib/x86_64-linux-gnu/liblzma.so.5 on /run/firejail/mnt/lib/x86_64-linux-gnu/liblzma.so.5
    mounting /usr/lib/x86_64-linux-gnu/libicudata.so.63 on /run/firejail/mnt/lib/x86_64-linux-gnu/libicudata.so.63
    mounting /usr/lib/x86_64-linux-gnu/libicuuc.so.63 on /run/firejail/mnt/lib/x86_64-linux-gnu/libicuuc.so.63
    mounting /usr/lib/x86_64-linux-gnu/libicui18n.so.63 on /run/firejail/mnt/lib/x86_64-linux-gnu/libicui18n.so.63
    mounting /usr/lib/x86_64-linux-gnu/libxml2.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libxml2.so.2
    mounting /usr/lib/x86_64-linux-gnu/libcroco-0.6.so.3 on /run/firejail/mnt/lib/x86_64-linux-gnu/libcroco-0.6.so.3
    mounting /usr/lib/x86_64-linux-gnu/librsvg-2.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/librsvg-2.so.2
    mounting /usr/lib/x86_64-linux-gnu/gdk-pixbuf-2.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/gdk-pixbuf-2.0
GTK3 installed in 56.33 ms
    fslib_mount_libs /usr/lib/x86_64-linux-gnu/gtk-3.0 (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /usr/lib/x86_64-linux-gnu/gtk-3.0
sbox run: /run/firejail/lib/fldd /usr/lib/x86_64-linux-gnu/gtk-3.0 /run/firejail/mnt/libfiles 
    mounting /usr/lib/x86_64-linux-gnu/libavahi-client.so.3 on /run/firejail/mnt/lib/x86_64-linux-gnu/libavahi-client.so.3
    mounting /usr/lib/x86_64-linux-gnu/libavahi-common.so.3 on /run/firejail/mnt/lib/x86_64-linux-gnu/libavahi-common.so.3
    mounting /usr/lib/x86_64-linux-gnu/libgmp.so.10 on /run/firejail/mnt/lib/x86_64-linux-gnu/libgmp.so.10
    mounting /usr/lib/x86_64-linux-gnu/libhogweed.so.4 on /run/firejail/mnt/lib/x86_64-linux-gnu/libhogweed.so.4
    mounting /usr/lib/x86_64-linux-gnu/libnettle.so.6 on /run/firejail/mnt/lib/x86_64-linux-gnu/libnettle.so.6
    mounting /usr/lib/x86_64-linux-gnu/libtasn1.so.6 on /run/firejail/mnt/lib/x86_64-linux-gnu/libtasn1.so.6
    mounting /usr/lib/x86_64-linux-gnu/libp11-kit.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libp11-kit.so.0
    mounting /usr/lib/x86_64-linux-gnu/libgnutls.so.30 on /run/firejail/mnt/lib/x86_64-linux-gnu/libgnutls.so.30
    mounting /usr/lib/x86_64-linux-gnu/libcups.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libcups.so.2
    mounting /lib/x86_64-linux-gnu/libudev.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libudev.so.1
    mounting /usr/lib/x86_64-linux-gnu/liblcms2.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/liblcms2.so.2
    mounting /usr/lib/x86_64-linux-gnu/libcolord.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libcolord.so.2
    mounting /usr/lib/x86_64-linux-gnu/libjson-glib-1.0.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libjson-glib-1.0.so.0
    mounting /usr/lib/x86_64-linux-gnu/libunistring.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libunistring.so.2
    mounting /usr/lib/x86_64-linux-gnu/libidn2.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libidn2.so.0
    mounting /usr/lib/x86_64-linux-gnu/libpsl.so.5 on /run/firejail/mnt/lib/x86_64-linux-gnu/libpsl.so.5
    mounting /usr/lib/x86_64-linux-gnu/libsqlite3.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libsqlite3.so.0
    mounting /lib/x86_64-linux-gnu/libcom_err.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libcom_err.so.2
    mounting /lib/x86_64-linux-gnu/libkeyutils.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libkeyutils.so.1
    mounting /usr/lib/x86_64-linux-gnu/libkrb5support.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libkrb5support.so.0
    mounting /usr/lib/x86_64-linux-gnu/libk5crypto.so.3 on /run/firejail/mnt/lib/x86_64-linux-gnu/libk5crypto.so.3
    mounting /usr/lib/x86_64-linux-gnu/libkrb5.so.3 on /run/firejail/mnt/lib/x86_64-linux-gnu/libkrb5.so.3
    mounting /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libgssapi_krb5.so.2
    mounting /usr/lib/x86_64-linux-gnu/libsoup-2.4.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libsoup-2.4.so.1
    mounting /usr/lib/x86_64-linux-gnu/libsoup-gnome-2.4.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libsoup-gnome-2.4.so.1
    mounting /usr/lib/x86_64-linux-gnu/libgthread-2.0.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libgthread-2.0.so.0
    mounting /usr/lib/x86_64-linux-gnu/librest-0.7.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/librest-0.7.so.0
    mounting /usr/lib/x86_64-linux-gnu/gtk-3.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/gtk-3.0
    fslib_mount_libs /usr/lib/x86_64-linux-gnu/libgtk-3-0 (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /usr/lib/x86_64-linux-gnu/libgtk-3-0
sbox run: /run/firejail/lib/fldd /usr/lib/x86_64-linux-gnu/libgtk-3-0 /run/firejail/mnt/libfiles 
    mounting /usr/lib/x86_64-linux-gnu/libgtk-3-0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libgtk-3-0
Pango installed in 0.01 ms
GIO installed in 8.98 ms
    fslib_mount_libs /usr/lib/x86_64-linux-gnu/gio (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /usr/lib/x86_64-linux-gnu/gio
sbox run: /run/firejail/lib/fldd /usr/lib/x86_64-linux-gnu/gio /run/firejail/mnt/libfiles 
    mounting /usr/lib/x86_64-linux-gnu/libproxy.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libproxy.so.1
    mounting /usr/lib/x86_64-linux-gnu/gio on /run/firejail/mnt/lib/x86_64-linux-gnu/gio
Installed 137 libraries and 7 directories
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Warning: file /etc/pango not found.
Warning: skipping pango for private /etc
Warning: file /etc/$ not found.
Warning: skipping $ for private /etc
Private /etc installed in 46.46 ms
Mounting read-only /run/firejail/mnt/lib
422 278 253:0 /usr/lib/x86_64-linux-gnu/gio /run/firejail/mnt/lib/x86_64-linux-gnu/gio ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=422 fsname=/usr/lib/x86_64-linux-gnu/gio dir=/run/firejail/mnt/lib/x86_64-linux-gnu/gio fstype=ext4
Mount-bind /run/firejail/mnt/lib on top of /usr/lib64
Mount-bind /run/firejail/mnt/lib on top of /lib64
Mount-bind /run/firejail/mnt/lib on top of /usr/lib
Mount-bind /run/firejail/mnt/lib on top of /lib
Mount-bind /run/firejail/mnt/lib on top of /usr/local/lib
Generate private-tmp whitelist commands
Creating empty /run/firejail/mnt/dbus directory
Creating empty /run/firejail/mnt/dbus/system file
blacklist /run/dbus/system_bus_socket
blacklist /run/firejail/dbus
Mounting read-only /proc/sys
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /sys/kernel/uevent_helper
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/kernel/hotplug
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/sched_debug
Disable /proc/timer_list
Disable /proc/kcore
Disable /proc/kallsyms
Disable /boot
Disable /proc/kmsg
Copying files in the new /etc directory:
Copying /etc/passwd to private /etc
sbox run: /run/firejail/lib/fcopy /etc/passwd /run/firejail/mnt/etc 
Copying /etc/group to private /etc
sbox run: /run/firejail/lib/fcopy /etc/group /run/firejail/mnt/etc 
Copying /etc/hostname to private /etc
sbox run: /run/firejail/lib/fcopy /etc/hostname /run/firejail/mnt/etc 
Copying /etc/hosts to private /etc
sbox run: /run/firejail/lib/fcopy /etc/hosts /run/firejail/mnt/etc 
Copying /etc/localtime to private /etc
sbox run: /run/firejail/lib/fcopy /etc/localtime /run/firejail/mnt/etc 
Copying /etc/nsswitch.conf to private /etc
sbox run: /run/firejail/lib/fcopy /etc/nsswitch.conf /run/firejail/mnt/etc 
Copying /etc/resolv.conf to private /etc
sbox run: /run/firejail/lib/fcopy /etc/resolv.conf /run/firejail/mnt/etc 
Copying /etc/gtk-2.0 to private /etc
Creating empty /run/firejail/mnt/etc/gtk-2.0 directory
sbox run: /run/firejail/lib/fcopy /etc/gtk-2.0 /run/firejail/mnt/etc/gtk-2.0 
Copying /etc/fonts to private /etc
Creating empty /run/firejail/mnt/etc/fonts directory
sbox run: /run/firejail/lib/fcopy /etc/fonts /run/firejail/mnt/etc/fonts 
Mount-bind /run/firejail/mnt/etc on top of /etc
Private /usr/etc installed in 0.02 ms
Cannot find /usr/etc: No such file or directory
Mount-bind /run/firejail/mnt/usretc on top of /usr/etc
Cannot find /usr/etc: No such file or directory
Debug 559: whitelist ${HOME}/.cache/mozilla/firefox
Debug 580: expanded: /home/internet/.cache/mozilla/firefox
Debug 591: new_name: /home/internet/.cache/mozilla/firefox
Debug 605: dir: /home/internet
Adding whitelist top level directory /home/internet
Debug 559: whitelist ${HOME}/.mozilla
Debug 580: expanded: /home/internet/.mozilla
Debug 591: new_name: /home/internet/.mozilla
Debug 605: dir: /home/internet
Debug 559: whitelist /usr/share/doc
Debug 580: expanded: /usr/share/doc
Debug 591: new_name: /usr/share/doc
Debug 605: dir: /usr/share
Adding whitelist top level directory /usr/share
Debug 559: whitelist /usr/share/firefox
Debug 580: expanded: /usr/share/firefox
Debug 591: new_name: /usr/share/firefox
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/firefox
	expanded: /usr/share/firefox
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/gnome-shell/search-providers/firefox-search-provider.ini
Debug 580: expanded: /usr/share/gnome-shell/search-providers/firefox-search-provider.ini
Debug 591: new_name: /usr/share/gnome-shell/search-providers/firefox-search-provider.ini
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/gnome-shell/search-providers/firefox-search-provider.ini
	expanded: /usr/share/gnome-shell/search-providers/firefox-search-provider.ini
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/gtk-doc/html
Debug 580: expanded: /usr/share/gtk-doc/html
Debug 591: new_name: /usr/share/gtk-doc/html
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/mozilla
Debug 580: expanded: /usr/share/mozilla
Debug 591: new_name: /usr/share/mozilla
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/webext
Debug 580: expanded: /usr/share/webext
Debug 591: new_name: /usr/share/webext
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/webext
	expanded: /usr/share/webext
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/alsa
Debug 580: expanded: /usr/share/alsa
Debug 591: new_name: /usr/share/alsa
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/applications
Debug 580: expanded: /usr/share/applications
Debug 591: new_name: /usr/share/applications
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/ca-certificates
Debug 580: expanded: /usr/share/ca-certificates
Debug 591: new_name: /usr/share/ca-certificates
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/crypto-policies
Debug 580: expanded: /usr/share/crypto-policies
Debug 591: new_name: /usr/share/crypto-policies
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/crypto-policies
	expanded: /usr/share/crypto-policies
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/cursors
Debug 580: expanded: /usr/share/cursors
Debug 591: new_name: /usr/share/cursors
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/cursors
	expanded: /usr/share/cursors
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/dconf
Debug 580: expanded: /usr/share/dconf
Debug 591: new_name: /usr/share/dconf
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/dconf
	expanded: /usr/share/dconf
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/distro-info
Debug 580: expanded: /usr/share/distro-info
Debug 591: new_name: /usr/share/distro-info
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/drirc.d
Debug 580: expanded: /usr/share/drirc.d
Debug 591: new_name: /usr/share/drirc.d
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/enchant
Debug 580: expanded: /usr/share/enchant
Debug 591: new_name: /usr/share/enchant
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/enchant-2
Debug 580: expanded: /usr/share/enchant-2
Debug 591: new_name: /usr/share/enchant-2
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/enchant-2
	expanded: /usr/share/enchant-2
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/file
Debug 580: expanded: /usr/share/file
Debug 591: new_name: /usr/share/file
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/fontconfig
Debug 580: expanded: /usr/share/fontconfig
Debug 591: new_name: /usr/share/fontconfig
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/fonts
Debug 580: expanded: /usr/share/fonts
Debug 591: new_name: /usr/share/fonts
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/fonts-config
Debug 580: expanded: /usr/share/fonts-config
Debug 591: new_name: /usr/share/fonts-config
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/fonts-config
	expanded: /usr/share/fonts-config
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/gir-1.0
Debug 580: expanded: /usr/share/gir-1.0
Debug 591: new_name: /usr/share/gir-1.0
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/gjs-1.0
Debug 580: expanded: /usr/share/gjs-1.0
Debug 591: new_name: /usr/share/gjs-1.0
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/gjs-1.0
	expanded: /usr/share/gjs-1.0
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/glib-2.0
Debug 580: expanded: /usr/share/glib-2.0
Debug 591: new_name: /usr/share/glib-2.0
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/glvnd
Debug 580: expanded: /usr/share/glvnd
Debug 591: new_name: /usr/share/glvnd
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/gtk-2.0
Debug 580: expanded: /usr/share/gtk-2.0
Debug 591: new_name: /usr/share/gtk-2.0
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/gtk-2.0
	expanded: /usr/share/gtk-2.0
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/gtk-3.0
Debug 580: expanded: /usr/share/gtk-3.0
Debug 591: new_name: /usr/share/gtk-3.0
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/gtk-engines
Debug 580: expanded: /usr/share/gtk-engines
Debug 591: new_name: /usr/share/gtk-engines
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/gtksourceview-3.0
Debug 580: expanded: /usr/share/gtksourceview-3.0
Debug 591: new_name: /usr/share/gtksourceview-3.0
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/gtksourceview-3.0
	expanded: /usr/share/gtksourceview-3.0
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/gtksourceview-4
Debug 580: expanded: /usr/share/gtksourceview-4
Debug 591: new_name: /usr/share/gtksourceview-4
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/gtksourceview-4
	expanded: /usr/share/gtksourceview-4
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/hunspell
Debug 580: expanded: /usr/share/hunspell
Debug 591: new_name: /usr/share/hunspell
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/hwdata
Debug 580: expanded: /usr/share/hwdata
Debug 591: new_name: /usr/share/hwdata
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/hwdata
	expanded: /usr/share/hwdata
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/icons
Debug 580: expanded: /usr/share/icons
Debug 591: new_name: /usr/share/icons
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/icu
Debug 580: expanded: /usr/share/icu
Debug 591: new_name: /usr/share/icu
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/knotifications5
Debug 580: expanded: /usr/share/knotifications5
Debug 591: new_name: /usr/share/knotifications5
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/knotifications5
	expanded: /usr/share/knotifications5
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/kservices5
Debug 580: expanded: /usr/share/kservices5
Debug 591: new_name: /usr/share/kservices5
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/kservices5
	expanded: /usr/share/kservices5
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/Kvantum
Debug 580: expanded: /usr/share/Kvantum
Debug 591: new_name: /usr/share/Kvantum
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/Kvantum
	expanded: /usr/share/Kvantum
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/kxmlgui5
Debug 580: expanded: /usr/share/kxmlgui5
Debug 591: new_name: /usr/share/kxmlgui5
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/kxmlgui5
	expanded: /usr/share/kxmlgui5
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/libdrm
Debug 580: expanded: /usr/share/libdrm
Debug 591: new_name: /usr/share/libdrm
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/libthai
Debug 580: expanded: /usr/share/libthai
Debug 591: new_name: /usr/share/libthai
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/locale
Debug 580: expanded: /usr/share/locale
Debug 591: new_name: /usr/share/locale
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/mime
Debug 580: expanded: /usr/share/mime
Debug 591: new_name: /usr/share/mime
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/misc
Debug 580: expanded: /usr/share/misc
Debug 591: new_name: /usr/share/misc
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/Modules
Debug 580: expanded: /usr/share/Modules
Debug 591: new_name: /usr/share/Modules
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/Modules
	expanded: /usr/share/Modules
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/myspell
Debug 580: expanded: /usr/share/myspell
Debug 591: new_name: /usr/share/myspell
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/p11-kit
Debug 580: expanded: /usr/share/p11-kit
Debug 591: new_name: /usr/share/p11-kit
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/perl
Debug 580: expanded: /usr/share/perl
Debug 591: new_name: /usr/share/perl
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/perl5
Debug 580: expanded: /usr/share/perl5
Debug 591: new_name: /usr/share/perl5
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/pixmaps
Debug 580: expanded: /usr/share/pixmaps
Debug 591: new_name: /usr/share/pixmaps
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/pki
Debug 580: expanded: /usr/share/pki
Debug 591: new_name: /usr/share/pki
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/pki
	expanded: /usr/share/pki
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/plasma
Debug 580: expanded: /usr/share/plasma
Debug 591: new_name: /usr/share/plasma
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/plasma
	expanded: /usr/share/plasma
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/publicsuffix
Debug 580: expanded: /usr/share/publicsuffix
Debug 591: new_name: /usr/share/publicsuffix
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/publicsuffix
	expanded: /usr/share/publicsuffix
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/qt
Debug 580: expanded: /usr/share/qt
Debug 591: new_name: /usr/share/qt
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/qt
	expanded: /usr/share/qt
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/qt4
Debug 580: expanded: /usr/share/qt4
Debug 591: new_name: /usr/share/qt4
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/qt4
	expanded: /usr/share/qt4
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/qt5
Debug 580: expanded: /usr/share/qt5
Debug 591: new_name: /usr/share/qt5
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/qt5
	expanded: /usr/share/qt5
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/qt5ct
Debug 580: expanded: /usr/share/qt5ct
Debug 591: new_name: /usr/share/qt5ct
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/sounds
Debug 580: expanded: /usr/share/sounds
Debug 591: new_name: /usr/share/sounds
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/tcl8.6
Debug 580: expanded: /usr/share/tcl8.6
Debug 591: new_name: /usr/share/tcl8.6
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/tcl8.6
	expanded: /usr/share/tcl8.6
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/tcltk
Debug 580: expanded: /usr/share/tcltk
Debug 591: new_name: /usr/share/tcltk
Debug 605: dir: /usr***
*** Warning: cannot whitelist ${DOWNLOADS} directory
*** Any file saved in this directory will be lost when the sandbox is closed.
***
/share
Debug 559: whitelist /usr/share/terminfo
Debug 580: expanded: /usr/share/terminfo
Debug 591: new_name: /usr/share/terminfo
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/texlive
Debug 580: expanded: /usr/share/texlive
Debug 591: new_name: /usr/share/texlive
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/texlive
	expanded: /usr/share/texlive
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/texmf
Debug 580: expanded: /usr/share/texmf
Debug 591: new_name: /usr/share/texmf
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/themes
Debug 580: expanded: /usr/share/themes
Debug 591: new_name: /usr/share/themes
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/thumbnail.so
Debug 580: expanded: /usr/share/thumbnail.so
Debug 591: new_name: /usr/share/thumbnail.so
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/thumbnail.so
	expanded: /usr/share/thumbnail.so
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/uim
Debug 580: expanded: /usr/share/uim
Debug 591: new_name: /usr/share/uim
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/uim
	expanded: /usr/share/uim
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/vulkan
Debug 580: expanded: /usr/share/vulkan
Debug 591: new_name: /usr/share/vulkan
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/vulkan
	expanded: /usr/share/vulkan
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/X11
Debug 580: expanded: /usr/share/X11
Debug 591: new_name: /usr/share/X11
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/xml
Debug 580: expanded: /usr/share/xml
Debug 591: new_name: /usr/share/xml
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/zenity
Debug 580: expanded: /usr/share/zenity
Debug 591: new_name: /usr/share/zenity
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/zenity
	expanded: /usr/share/zenity
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/zoneinfo
Debug 580: expanded: /usr/share/zoneinfo
Debug 591: new_name: /usr/share/zoneinfo
Debug 605: dir: /usr/share
Debug 559: whitelist ${DOWNLOADS}
Debug 559: whitelist ${HOME}/.pki
Debug 580: expanded: /home/internet/.pki
Debug 591: new_name: /home/internet/.pki
Debug 605: dir: /home/internet
Debug 559: whitelist ${HOME}/.local/share/pki
Debug 580: expanded: /home/internet/.local/share/pki
Debug 591: new_name: /home/internet/.local/share/pki
Debug 605: dir: /home/internet
Debug 559: whitelist ${HOME}/.XCompose
Debug 580: expanded: /home/internet/.XCompose
Debug 591: new_name: /home/internet/.XCompose
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.XCompose
	expanded: /home/internet/.XCompose
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.alsaequal.bin
Debug 580: expanded: /home/internet/.alsaequal.bin
Debug 591: new_name: /home/internet/.alsaequal.bin
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.alsaequal.bin
	expanded: /home/internet/.alsaequal.bin
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.asoundrc
Debug 580: expanded: /home/internet/.asoundrc
Debug 591: new_name: /home/internet/.asoundrc
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.asoundrc
	expanded: /home/internet/.asoundrc
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.config/ibus
Debug 580: expanded: /home/internet/.config/ibus
Debug 591: new_name: /home/internet/.config/ibus
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.config/ibus
	expanded: /home/internet/.config/ibus
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.config/mimeapps.list
Debug 580: expanded: /home/internet/.config/mimeapps.list
Debug 591: new_name: /home/internet/.config/mimeapps.list
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.config/mimeapps.list
	expanded: /home/internet/.config/mimeapps.list
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.config/pkcs11
Debug 580: expanded: /home/internet/.config/pkcs11
Debug 591: new_name: /home/internet/.config/pkcs11
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.config/pkcs11
	expanded: /home/internet/.config/pkcs11
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.config/user-dirs.dirs
Debug 580: expanded: /home/internet/.config/user-dirs.dirs
Debug 591: new_name: /home/internet/.config/user-dirs.dirs
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.config/user-dirs.dirs
	expanded: /home/internet/.config/user-dirs.dirs
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.config/user-dirs.locale
Debug 580: expanded: /home/internet/.config/user-dirs.locale
Debug 591: new_name: /home/internet/.config/user-dirs.locale
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.config/user-dirs.locale
	expanded: /home/internet/.config/user-dirs.locale
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.drirc
Debug 580: expanded: /home/internet/.drirc
Debug 591: new_name: /home/internet/.drirc
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.drirc
	expanded: /home/internet/.drirc
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.icons
Debug 580: expanded: /home/internet/.icons
Debug 591: new_name: /home/internet/.icons
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.icons
	expanded: /home/internet/.icons
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.local/share/applications
Debug 580: expanded: /home/internet/.local/share/applications
Debug 591: new_name: /home/internet/.local/share/applications
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.local/share/applications
	expanded: /home/internet/.local/share/applications
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.local/share/icons
Debug 580: expanded: /home/internet/.local/share/icons
Debug 591: new_name: /home/internet/.local/share/icons
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.local/share/icons
	expanded: /home/internet/.local/share/icons
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.local/share/mime
Debug 580: expanded: /home/internet/.local/share/mime
Debug 591: new_name: /home/internet/.local/share/mime
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.local/share/mime
	expanded: /home/internet/.local/share/mime
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.mime.types
Debug 580: expanded: /home/internet/.mime.types
Debug 591: new_name: /home/internet/.mime.types
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.mime.types
	expanded: /home/internet/.mime.types
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.uim.d
Debug 580: expanded: /home/internet/.uim.d
Debug 591: new_name: /home/internet/.uim.d
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.uim.d
	expanded: /home/internet/.uim.d
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.config/dconf
Debug 580: expanded: /home/internet/.config/dconf
Debug 591: new_name: /home/internet/.config/dconf
Debug 605: dir: /home/internet
Debug 559: whitelist ${HOME}/.cache/fontconfig
Debug 580: expanded: /home/internet/.cache/fontconfig
Debug 591: new_name: /home/internet/.cache/fontconfig
Debug 605: dir: /home/internet
Debug 559: whitelist ${HOME}/.config/fontconfig
Debug 580: expanded: /home/internet/.config/fontconfig
Debug 591: new_name: /home/internet/.config/fontconfig
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.config/fontconfig
	expanded: /home/internet/.config/fontconfig
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.fontconfig
Debug 580: expanded: /home/internet/.fontconfig
Debug 591: new_name: /home/internet/.fontconfig
Debug 605: dir: /home/internet
Debug 559: whitelist ${HOME}/.fonts
Debug 580: expanded: /home/internet/.fonts
Debug 591: new_name: /home/internet/.fonts
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.fonts
	expanded: /home/internet/.fonts
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.fonts.conf
Debug 580: expanded: /home/internet/.fonts.conf
Debug 591: new_name: /home/internet/.fonts.conf
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.fonts.conf
	expanded: /home/internet/.fonts.conf
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.fonts.conf.d
Debug 580: expanded: /home/internet/.fonts.conf.d
Debug 591: new_name: /home/internet/.fonts.conf.d
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.fonts.conf.d
	expanded: /home/internet/.fonts.conf.d
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.fonts.d
Debug 580: expanded: /home/internet/.fonts.d
Debug 591: new_name: /home/internet/.fonts.d
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.fonts.d
	expanded: /home/internet/.fonts.d
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.local/share/fonts
Debug 580: expanded: /home/internet/.local/share/fonts
Debug 591: new_name: /home/internet/.local/share/fonts
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.local/share/fonts
	expanded: /home/internet/.local/share/fonts
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.pangorc
Debug 580: expanded: /home/internet/.pangorc
Debug 591: new_name: /home/internet/.pangorc
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.pangorc
	expanded: /home/internet/.pangorc
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.config/gtk-2.0
Debug 580: expanded: /home/internet/.config/gtk-2.0
Debug 591: new_name: /home/internet/.config/gtk-2.0
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.config/gtk-2.0
	expanded: /home/internet/.config/gtk-2.0
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.config/gtk-3.0
Debug 580: expanded: /home/internet/.config/gtk-3.0
Debug 591: new_name: /home/internet/.config/gtk-3.0
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.config/gtk-3.0
	expanded: /home/internet/.config/gtk-3.0
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.config/gtk-4.0
Debug 580: expanded: /home/internet/.config/gtk-4.0
Debug 591: new_name: /home/internet/.config/gtk-4.0
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.config/gtk-4.0
	expanded: /home/internet/.config/gtk-4.0
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.config/gtkrc
Debug 580: expanded: /home/internet/.config/gtkrc
Debug 591: new_name: /home/internet/.config/gtkrc
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.config/gtkrc
	expanded: /home/internet/.config/gtkrc
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.config/gtkrc-2.0
Debug 580: expanded: /home/internet/.config/gtkrc-2.0
Debug 591: new_name: /home/internet/.config/gtkrc-2.0
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.config/gtkrc-2.0
	expanded: /home/internet/.config/gtkrc-2.0
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.gnome2
Debug 580: expanded: /home/internet/.gnome2
Debug 591: new_name: /home/internet/.gnome2
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.gnome2
	expanded: /home/internet/.gnome2
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.gnome2-private
Debug 580: expanded: /home/internet/.gnome2-private
Debug 591: new_name: /home/internet/.gnome2-private
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.gnome2-private
	expanded: /home/internet/.gnome2-private
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.gtk-2.0
Debug 580: expanded: /home/internet/.gtk-2.0
Debug 591: new_name: /home/internet/.gtk-2.0
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.gtk-2.0
	expanded: /home/internet/.gtk-2.0
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.gtkrc
Debug 580: expanded: /home/internet/.gtkrc
Debug 591: new_name: /home/internet/.gtkrc
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.gtkrc
	expanded: /home/internet/.gtkrc
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.gtkrc-2.0
Debug 580: expanded: /home/internet/.gtkrc-2.0
Debug 591: new_name: /home/internet/.gtkrc-2.0
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.gtkrc-2.0
	expanded: /home/internet/.gtkrc-2.0
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.kde/share/config/gtkrc
Debug 580: expanded: /home/internet/.kde/share/config/gtkrc
Debug 591: new_name: /home/internet/.kde/share/config/gtkrc
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.kde/share/config/gtkrc
	expanded: /home/internet/.kde/share/config/gtkrc
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.kde/share/config/gtkrc-2.0
Debug 580: expanded: /home/internet/.kde/share/config/gtkrc-2.0
Debug 591: new_name: /home/internet/.kde/share/config/gtkrc-2.0
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.kde/share/config/gtkrc-2.0
	expanded: /home/internet/.kde/share/config/gtkrc-2.0
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.kde4/share/config/gtkrc
Debug 580: expanded: /home/internet/.kde4/share/config/gtkrc
Debug 591: new_name: /home/internet/.kde4/share/config/gtkrc
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.kde4/share/config/gtkrc
	expanded: /home/internet/.kde4/share/config/gtkrc
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.kde4/share/config/gtkrc-2.0
Debug 580: expanded: /home/internet/.kde4/share/config/gtkrc-2.0
Debug 591: new_name: /home/internet/.kde4/share/config/gtkrc-2.0
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.kde4/share/config/gtkrc-2.0
	expanded: /home/internet/.kde4/share/config/gtkrc-2.0
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.local/share/themes
Debug 580: expanded: /home/internet/.local/share/themes
Debug 591: new_name: /home/internet/.local/share/themes
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.local/share/themes
	expanded: /home/internet/.local/share/themes
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.themes
Debug 580: expanded: /home/internet/.themes
Debug 591: new_name: /home/internet/.themes
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.themes
	expanded: /home/internet/.themes
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.cache/kioexec/krun
Debug 580: expanded: /home/internet/.cache/kioexec/krun
Debug 591: new_name: /home/internet/.cache/kioexec/krun
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.cache/kioexec/krun
	expanded: /home/internet/.cache/kioexec/krun
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.config/Kvantum
Debug 580: expanded: /home/internet/.config/Kvantum
Debug 591: new_name: /home/internet/.config/Kvantum
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.config/Kvantum
	expanded: /home/internet/.config/Kvantum
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.config/Trolltech.conf
Debug 580: expanded: /home/internet/.config/Trolltech.conf
Debug 591: new_name: /home/internet/.config/Trolltech.conf
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.config/Trolltech.conf
	expanded: /home/internet/.config/Trolltech.conf
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.config/QtProject.conf
Debug 580: expanded: /home/internet/.config/QtProject.conf
Debug 591: new_name: /home/internet/.config/QtProject.conf
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.config/QtProject.conf
	expanded: /home/internet/.config/QtProject.conf
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.config/kdeglobals
Debug 580: expanded: /home/internet/.config/kdeglobals
Debug 591: new_name: /home/internet/.config/kdeglobals
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.config/kdeglobals
	expanded: /home/internet/.config/kdeglobals
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.config/kio_httprc
Debug 580: expanded: /home/internet/.config/kio_httprc
Debug 591: new_name: /home/internet/.config/kio_httprc
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.config/kio_httprc
	expanded: /home/internet/.config/kio_httprc
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.config/kioslaverc
Debug 580: expanded: /home/internet/.config/kioslaverc
Debug 591: new_name: /home/internet/.config/kioslaverc
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.config/kioslaverc
	expanded: /home/internet/.config/kioslaverc
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.config/ksslcablacklist
Debug 580: expanded: /home/internet/.config/ksslcablacklist
Debug 591: new_name: /home/internet/.config/ksslcablacklist
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.config/ksslcablacklist
	expanded: /home/internet/.config/ksslcablacklist
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.config/qt5ct
Debug 580: expanded: /home/internet/.config/qt5ct
Debug 591: new_name: /home/internet/.config/qt5ct
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.config/qt5ct
	expanded: /home/internet/.config/qt5ct
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.config/qtcurve
Debug 580: expanded: /home/internet/.config/qtcurve
Debug 591: new_name: /home/internet/.config/qtcurve
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.config/qtcurve
	expanded: /home/internet/.config/qtcurve
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.kde/share/config/kdeglobals
Debug 580: expanded: /home/internet/.kde/share/config/kdeglobals
Debug 591: new_name: /home/internet/.kde/share/config/kdeglobals
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.kde/share/config/kdeglobals
	expanded: /home/internet/.kde/share/config/kdeglobals
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.kde/share/config/kio_httprc
Debug 580: expanded: /home/internet/.kde/share/config/kio_httprc
Debug 591: new_name: /home/internet/.kde/share/config/kio_httprc
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.kde/share/config/kio_httprc
	expanded: /home/internet/.kde/share/config/kio_httprc
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.kde/share/config/kioslaverc
Debug 580: expanded: /home/internet/.kde/share/config/kioslaverc
Debug 591: new_name: /home/internet/.kde/share/config/kioslaverc
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.kde/share/config/kioslaverc
	expanded: /home/internet/.kde/share/config/kioslaverc
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.kde/share/config/ksslcablacklist
Debug 580: expanded: /home/internet/.kde/share/config/ksslcablacklist
Debug 591: new_name: /home/internet/.kde/share/config/ksslcablacklist
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.kde/share/config/ksslcablacklist
	expanded: /home/internet/.kde/share/config/ksslcablacklist
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.kde/share/config/oxygenrc
Debug 580: expanded: /home/internet/.kde/share/config/oxygenrc
Debug 591: new_name: /home/internet/.kde/share/config/oxygenrc
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.kde/share/config/oxygenrc
	expanded: /home/internet/.kde/share/config/oxygenrc
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.kde/share/icons
Debug 580: expanded: /home/internet/.kde/share/icons
Debug 591: new_name: /home/internet/.kde/share/icons
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.kde/share/icons
	expanded: /home/internet/.kde/share/icons
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.kde4/share/config/kdeglobals
Debug 580: expanded: /home/internet/.kde4/share/config/kdeglobals
Debug 591: new_name: /home/internet/.kde4/share/config/kdeglobals
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.kde4/share/config/kdeglobals
	expanded: /home/internet/.kde4/share/config/kdeglobals
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.kde4/share/config/kio_httprc
Debug 580: expanded: /home/internet/.kde4/share/config/kio_httprc
Debug 591: new_name: /home/internet/.kde4/share/config/kio_httprc
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.kde4/share/config/kio_httprc
	expanded: /home/internet/.kde4/share/config/kio_httprc
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.kde4/share/config/kioslaverc
Debug 580: expanded: /home/internet/.kde4/share/config/kioslaverc
Debug 591: new_name: /home/internet/.kde4/share/config/kioslaverc
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.kde4/share/config/kioslaverc
	expanded: /home/internet/.kde4/share/config/kioslaverc
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.kde4/share/config/ksslcablacklist
Debug 580: expanded: /home/internet/.kde4/share/config/ksslcablacklist
Debug 591: new_name: /home/internet/.kde4/share/config/ksslcablacklist
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.kde4/share/config/ksslcablacklist
	expanded: /home/internet/.kde4/share/config/ksslcablacklist
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.kde4/share/config/oxygenrc
Debug 580: expanded: /home/internet/.kde4/share/config/oxygenrc
Debug 591: new_name: /home/internet/.kde4/share/config/oxygenrc
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.kde4/share/config/oxygenrc
	expanded: /home/internet/.kde4/share/config/oxygenrc
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.kde4/share/icons
Debug 580: expanded: /home/internet/.kde4/share/icons
Debug 591: new_name: /home/internet/.kde4/share/icons
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.kde4/share/icons
	expanded: /home/internet/.kde4/share/icons
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.local/share/qt5ct
Debug 580: expanded: /home/internet/.local/share/qt5ct
Debug 591: new_name: /home/internet/.local/share/qt5ct
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.local/share/qt5ct
	expanded: /home/internet/.local/share/qt5ct
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${RUNUSER}/bus
Debug 580: expanded: /run/user/1001/bus
Debug 591: new_name: /run/user/1001/bus
Debug 605: dir: /run/user/1001
Cannot access whitelist top level directory /run/user/1001: No such file or directory
Debug 559: whitelist ${RUNUSER}/dconf
Debug 580: expanded: /run/user/1001/dconf
Debug 591: new_name: /run/user/1001/dconf
Debug 605: dir: /run/user/1001
Cannot access whitelist top level directory /run/user/1001: No such file or directory
Debug 559: whitelist ${RUNUSER}/gdm/Xauthority
Debug 580: expanded: /run/user/1001/gdm/Xauthority
Debug 591: new_name: /run/user/1001/gdm/Xauthority
Debug 605: dir: /run/user/1001
Cannot access whitelist top level directory /run/user/1001: No such file or directory
Debug 559: whitelist ${RUNUSER}/ICEauthority
Debug 580: expanded: /run/user/1001/ICEauthority
Debug 591: new_name: /run/user/1001/ICEauthority
Debug 605: dir: /run/user/1001
Cannot access whitelist top level directory /run/user/1001: No such file or directory
Debug 559: whitelist ${RUNUSER}/.mutter-Xwaylandauth.*
Debug 580: expanded: /run/user/1001/.mutter-Xwaylandauth.*
Debug 591: new_name: /run/user/1001/.mutter-Xwaylandauth.*
Debug 605: dir: /run/user/1001
Cannot access whitelist top level directory /run/user/1001: No such file or directory
Debug 559: whitelist ${RUNUSER}/pulse/native
Debug 580: expanded: /run/user/1001/pulse/native
Debug 591: new_name: /run/user/1001/pulse/native
Debug 605: dir: /run/user/1001
Cannot access whitelist top level directory /run/user/1001: No such file or directory
Debug 559: whitelist ${RUNUSER}/wayland-0
Debug 580: expanded: /run/user/1001/wayland-0
Debug 591: new_name: /run/user/1001/wayland-0
Debug 605: dir: /run/user/1001
Cannot access whitelist top level directory /run/user/1001: No such file or directory
Debug 559: whitelist ${RUNUSER}/wayland-1
Debug 580: expanded: /run/user/1001/wayland-1
Debug 591: new_name: /run/user/1001/wayland-1
Debug 605: dir: /run/user/1001
Cannot access whitelist top level directory /run/user/1001: No such file or directory
Debug 559: whitelist ${RUNUSER}/xauth_*
Debug 580: expanded: /run/user/1001/xauth_*
Debug 591: new_name: /run/user/1001/xauth_*
Debug 605: dir: /run/user/1001
Cannot access whitelist top level directory /run/user/1001: No such file or directory
Debug 559: whitelist ${RUNUSER}/[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]
Debug 580: expanded: /run/user/1001/[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]
Debug 591: new_name: /run/user/1001/[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]
Debug 605: dir: /run/user/1001
Cannot access whitelist top level directory /run/user/1001: No such file or directory
Debug 559: whitelist /var/lib/aspell
Debug 580: expanded: /var/lib/aspell
Debug 591: new_name: /var/lib/aspell
Debug 605: dir: /var
Adding whitelist top level directory /var
Debug 559: whitelist /var/lib/ca-certificates
Debug 580: expanded: /var/lib/ca-certificates
Debug 591: new_name: /var/lib/ca-certificates
Debug 605: dir: /var
Removed path: whitelist /var/lib/ca-certificates
	expanded: /var/lib/ca-certificates
	realpath: (null)
	No such file or directory
Debug 559: whitelist /var/lib/dbus
Debug 580: expanded: /var/lib/dbus
Debug 591: new_name: /var/lib/dbus
Debug 605: dir: /var
Debug 559: whitelist /var/lib/menu-xdg
Debug 580: expanded: /var/lib/menu-xdg
Debug 591: new_name: /var/lib/menu-xdg
Debug 605: dir: /var
Debug 559: whitelist /var/lib/uim
Debug 580: expanded: /var/lib/uim
Debug 591: new_name: /var/lib/uim
Debug 605: dir: /var
Removed path: whitelist /var/lib/uim
	expanded: /var/lib/uim
	realpath: (null)
	No such file or directory
Debug 559: whitelist /var/cache/fontconfig
Debug 580: expanded: /var/cache/fontconfig
Debug 591: new_name: /var/cache/fontconfig
Debug 605: dir: /var
Debug 559: whitelist /var/tmp
Debug 580: expanded: /var/tmp
Debug 591: new_name: /var/tmp
Debug 605: dir: /var
Debug 559: whitelist /var/run
Debug 580: expanded: /var/run
Debug 591: new_name: /var/run
Debug 605: dir: /var
Debug 559: whitelist /var/lock
Debug 580: expanded: /var/lock
Debug 591: new_name: /var/lock
Debug 605: dir: /var
Debug 559: whitelist /tmp/.X11-unix
Debug 580: expanded: /tmp/.X11-unix
Debug 591: new_name: /tmp/.X11-unix
Debug 605: dir: /tmp
Adding whitelist top level directory /tmp
Mounting tmpfs on /usr/share, check owner: no
1169 90 0:55 / /usr/share rw,nosuid,nodev,noatime - tmpfs tmpfs rw,mode=755,inode64
mountid=1169 fsname=/ dir=/usr/share fstype=tmpfs
Mounting tmpfs on /var, check owner: no
1170 83 0:56 / /var rw,nosuid,nodev,noexec,noatime - tmpfs tmpfs rw,mode=755,inode64
mountid=1170 fsname=/ dir=/var fstype=tmpfs
Mounting tmpfs on /tmp, check owner: no
1171 69 0:57 / /tmp rw,nosuid,nodev,noatime - tmpfs tmpfs rw,inode64
mountid=1171 fsname=/ dir=/tmp fstype=tmpfs
Mounting a new /root directory
Mounting a new /home directory
Create a new user directory
Debug 741: file: /home/internet/.cache/mozilla/firefox; dirfd: 4; topdir: /home/internet; rel: .cache/mozilla/firefox
Whitelisting /home/internet/.cache/mozilla/firefox
1174 1173 253:0 /home/internet/.cache/mozilla/firefox /home/internet/.cache/mozilla/firefox rw,noatime - ext4 /dev/mapper/rootfs rw
mountid=1174 fsname=/home/internet/.cache/mozilla/firefox dir=/home/internet/.cache/mozilla/firefox fstype=ext4
Debug 741: file: /home/internet/.mozilla; dirfd: 4; topdir: /home/internet; rel: .mozilla
Whitelisting /home/internet/.mozilla
1175 1173 253:0 /home/internet/.mozilla /home/internet/.mozilla rw,noatime - ext4 /dev/mapper/rootfs rw
mountid=1175 fsname=/home/internet/.mozilla dir=/home/internet/.mozilla fstype=ext4
Debug 741: file: /usr/share/doc; dirfd: 5; topdir: /usr/share; rel: doc
Whitelisting /usr/share/doc
1176 1169 253:0 /usr/share/doc /usr/share/doc ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1176 fsname=/usr/share/doc dir=/usr/share/doc fstype=ext4
Debug 741: file: /usr/share/gtk-doc/html; dirfd: 5; topdir: /usr/share; rel: gtk-doc/html
Whitelisting /usr/share/gtk-doc/html
1177 1169 253:0 /usr/share/gtk-doc/html /usr/share/gtk-doc/html ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1177 fsname=/usr/share/gtk-doc/html dir=/usr/share/gtk-doc/html fstype=ext4
Debug 741: file: /usr/share/mozilla; dirfd: 5; topdir: /usr/share; rel: mozilla
Whitelisting /usr/share/mozilla
1178 1169 253:0 /usr/share/mozilla /usr/share/mozilla ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1178 fsname=/usr/share/mozilla dir=/usr/share/mozilla fstype=ext4
Debug 741: file: /usr/share/alsa; dirfd: 5; topdir: /usr/share; rel: alsa
Whitelisting /usr/share/alsa
1179 1169 253:0 /usr/share/alsa /usr/share/alsa ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1179 fsname=/usr/share/alsa dir=/usr/share/alsa fstype=ext4
Debug 741: file: /usr/share/applications; dirfd: 5; topdir: /usr/share; rel: applications
Whitelisting /usr/share/applications
1180 1169 253:0 /usr/share/applications /usr/share/applications ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1180 fsname=/usr/share/applications dir=/usr/share/applications fstype=ext4
Debug 741: file: /usr/share/ca-certificates; dirfd: 5; topdir: /usr/share; rel: ca-certificates
Whitelisting /usr/share/ca-certificates
1181 1169 253:0 /usr/share/ca-certificates /usr/share/ca-certificates ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1181 fsname=/usr/share/ca-certificates dir=/usr/share/ca-certificates fstype=ext4
Debug 741: file: /usr/share/distro-info; dirfd: 5; topdir: /usr/share; rel: distro-info
Whitelisting /usr/share/distro-info
1182 1169 253:0 /usr/share/distro-info /usr/share/distro-info ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1182 fsname=/usr/share/distro-info dir=/usr/share/distro-info fstype=ext4
Debug 741: file: /usr/share/drirc.d; dirfd: 5; topdir: /usr/share; rel: drirc.d
Whitelisting /usr/share/drirc.d
1183 1169 253:0 /usr/share/drirc.d /usr/share/drirc.d ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1183 fsname=/usr/share/drirc.d dir=/usr/share/drirc.d fstype=ext4
Debug 741: file: /usr/share/enchant; dirfd: 5; topdir: /usr/share; rel: enchant
Whitelisting /usr/share/enchant
1184 1169 253:0 /usr/share/enchant /usr/share/enchant ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1184 fsname=/usr/share/enchant dir=/usr/share/enchant fstype=ext4
Debug 741: file: /usr/share/file; dirfd: 5; topdir: /usr/share; rel: file
Whitelisting /usr/share/file
1185 1169 253:0 /usr/share/file /usr/share/file ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1185 fsname=/usr/share/file dir=/usr/share/file fstype=ext4
Debug 741: file: /usr/share/fontconfig; dirfd: 5; topdir: /usr/share; rel: fontconfig
Whitelisting /usr/share/fontconfig
1186 1169 253:0 /usr/share/fontconfig /usr/share/fontconfig ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1186 fsname=/usr/share/fontconfig dir=/usr/share/fontconfig fstype=ext4
Debug 741: file: /usr/share/fonts; dirfd: 5; topdir: /usr/share; rel: fonts
Whitelisting /usr/share/fonts
1187 1169 253:0 /usr/share/fonts /usr/share/fonts ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1187 fsname=/usr/share/fonts dir=/usr/share/fonts fstype=ext4
Debug 741: file: /usr/share/gir-1.0; dirfd: 5; topdir: /usr/share; rel: gir-1.0
Whitelisting /usr/share/gir-1.0
1188 1169 253:0 /usr/share/gir-1.0 /usr/share/gir-1.0 ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1188 fsname=/usr/share/gir-1.0 dir=/usr/share/gir-1.0 fstype=ext4
Debug 741: file: /usr/share/glib-2.0; dirfd: 5; topdir: /usr/share; rel: glib-2.0
Whitelisting /usr/share/glib-2.0
1189 1169 253:0 /usr/share/glib-2.0 /usr/share/glib-2.0 ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1189 fsname=/usr/share/glib-2.0 dir=/usr/share/glib-2.0 fstype=ext4
Debug 741: file: /usr/share/glvnd; dirfd: 5; topdir: /usr/share; rel: glvnd
Whitelisting /usr/share/glvnd
1190 1169 253:0 /usr/share/glvnd /usr/share/glvnd ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1190 fsname=/usr/share/glvnd dir=/usr/share/glvnd fstype=ext4
Debug 741: file: /usr/share/gtk-3.0; dirfd: 5; topdir: /usr/share; rel: gtk-3.0
Whitelisting /usr/share/gtk-3.0
1191 1169 253:0 /usr/share/gtk-3.0 /usr/share/gtk-3.0 ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1191 fsname=/usr/share/gtk-3.0 dir=/usr/share/gtk-3.0 fstype=ext4
Debug 741: file: /usr/share/gtk-engines; dirfd: 5; topdir: /usr/share; rel: gtk-engines
Whitelisting /usr/share/gtk-engines
1192 1169 253:0 /usr/share/gtk-engines /usr/share/gtk-engines ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1192 fsname=/usr/share/gtk-engines dir=/usr/share/gtk-engines fstype=ext4
Debug 741: file: /usr/share/hunspell; dirfd: 5; topdir: /usr/share; rel: hunspell
Whitelisting /usr/share/hunspell
1193 1169 253:0 /usr/share/hunspell /usr/share/hunspell ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1193 fsname=/usr/share/hunspell dir=/usr/share/hunspell fstype=ext4
Debug 741: file: /usr/share/icons; dirfd: 5; topdir: /usr/share; rel: icons
Whitelisting /usr/share/icons
1194 1169 253:0 /usr/share/icons /usr/share/icons ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1194 fsname=/usr/share/icons dir=/usr/share/icons fstype=ext4
Debug 741: file: /usr/share/icu; dirfd: 5; topdir: /usr/share; rel: icu
Whitelisting /usr/share/icu
1195 1169 253:0 /usr/share/icu /usr/share/icu ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1195 fsname=/usr/share/icu dir=/usr/share/icu fstype=ext4
Debug 741: file: /usr/share/libdrm; dirfd: 5; topdir: /usr/share; rel: libdrm
Whitelisting /usr/share/libdrm
1196 1169 253:0 /usr/share/libdrm /usr/share/libdrm ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1196 fsname=/usr/share/libdrm dir=/usr/share/libdrm fstype=ext4
Debug 741: file: /usr/share/libthai; dirfd: 5; topdir: /usr/share; rel: libthai
Whitelisting /usr/share/libthai
1197 1169 253:0 /usr/share/libthai /usr/share/libthai ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1197 fsname=/usr/share/libthai dir=/usr/share/libthai fstype=ext4
Debug 741: file: /usr/share/locale; dirfd: 5; topdir: /usr/share; rel: locale
Whitelisting /usr/share/locale
1198 1169 253:0 /usr/share/locale /usr/share/locale ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1198 fsname=/usr/share/locale dir=/usr/share/locale fstype=ext4
Debug 741: file: /usr/share/mime; dirfd: 5; topdir: /usr/share; rel: mime
Whitelisting /usr/share/mime
1199 1169 253:0 /usr/share/mime /usr/share/mime ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1199 fsname=/usr/share/mime dir=/usr/share/mime fstype=ext4
Debug 741: file: /usr/share/misc; dirfd: 5; topdir: /usr/share; rel: misc
Whitelisting /usr/share/misc
1200 1169 253:0 /usr/share/misc /usr/share/misc ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1200 fsname=/usr/share/misc dir=/usr/share/misc fstype=ext4
Debug 741: file: /usr/share/myspell; dirfd: 5; topdir: /usr/share; rel: myspell
Whitelisting /usr/share/myspell
1201 1169 253:0 /usr/share/myspell /usr/share/myspell ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1201 fsname=/usr/share/myspell dir=/usr/share/myspell fstype=ext4
Debug 741: file: /usr/share/p11-kit; dirfd: 5; topdir: /usr/share; rel: p11-kit
Whitelisting /usr/share/p11-kit
1202 1169 253:0 /usr/share/p11-kit /usr/share/p11-kit ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1202 fsname=/usr/share/p11-kit dir=/usr/share/p11-kit fstype=ext4
Debug 741: file: /usr/share/perl; dirfd: 5; topdir: /usr/share; rel: perl
Whitelisting /usr/share/perl
1203 1169 253:0 /usr/share/perl /usr/share/perl ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1203 fsname=/usr/share/perl dir=/usr/share/perl fstype=ext4
Debug 741: file: /usr/share/perl5; dirfd: 5; topdir: /usr/share; rel: perl5
Whitelisting /usr/share/perl5
1204 1169 253:0 /usr/share/perl5 /usr/share/perl5 ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1204 fsname=/usr/share/perl5 dir=/usr/share/perl5 fstype=ext4
Debug 741: file: /usr/share/pixmaps; dirfd: 5; topdir: /usr/share; rel: pixmaps
Whitelisting /usr/share/pixmaps
1205 1169 253:0 /usr/share/pixmaps /usr/share/pixmaps ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1205 fsname=/usr/share/pixmaps dir=/usr/share/pixmaps fstype=ext4
Debug 741: file: /usr/share/qt5ct; dirfd: 5; topdir: /usr/share; rel: qt5ct
Whitelisting /usr/share/qt5ct
1206 1169 253:0 /usr/share/qt5ct /usr/share/qt5ct ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1206 fsname=/usr/share/qt5ct dir=/usr/share/qt5ct fstype=ext4
Debug 741: file: /usr/share/sounds; dirfd: 5; topdir: /usr/share; rel: sounds
Whitelisting /usr/share/sounds
1207 1169 253:0 /usr/share/sounds /usr/share/sounds ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1207 fsname=/usr/share/sounds dir=/usr/share/sounds fstype=ext4
Debug 741: file: /usr/share/tcltk; dirfd: 5; topdir: /usr/share; rel: tcltk
Whitelisting /usr/share/tcltk
1208 1169 253:0 /usr/share/tcltk /usr/share/tcltk ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1208 fsname=/usr/share/tcltk dir=/usr/share/tcltk fstype=ext4
Debug 741: file: /usr/share/terminfo; dirfd: 5; topdir: /usr/share; rel: terminfo
Whitelisting /usr/share/terminfo
1209 1169 253:0 /usr/share/terminfo /usr/share/terminfo ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1209 fsname=/usr/share/terminfo dir=/usr/share/terminfo fstype=ext4
Debug 741: file: /usr/share/texmf; dirfd: 5; topdir: /usr/share; rel: texmf
Whitelisting /usr/share/texmf
1210 1169 253:0 /usr/share/texmf /usr/share/texmf ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1210 fsname=/usr/share/texmf dir=/usr/share/texmf fstype=ext4
Debug 741: file: /usr/share/themes; dirfd: 5; topdir: /usr/share; rel: themes
Whitelisting /usr/share/themes
1211 1169 253:0 /usr/share/themes /usr/share/themes ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1211 fsname=/usr/share/themes dir=/usr/share/themes fstype=ext4
Debug 741: file: /usr/share/X11; dirfd: 5; topdir: /usr/share; rel: X11
Whitelisting /usr/share/X11
1212 1169 253:0 /usr/share/X11 /usr/share/X11 ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1212 fsname=/usr/share/X11 dir=/usr/share/X11 fstype=ext4
Debug 741: file: /usr/share/xml; dirfd: 5; topdir: /usr/share; rel: xml
Whitelisting /usr/share/xml
1213 1169 253:0 /usr/share/xml /usr/share/xml ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1213 fsname=/usr/share/xml dir=/usr/share/xml fstype=ext4
Debug 741: file: /usr/share/zoneinfo; dirfd: 5; topdir: /usr/share; rel: zoneinfo
Whitelisting /usr/share/zoneinfo
1214 1169 253:0 /usr/share/zoneinfo /usr/share/zoneinfo ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1214 fsname=/usr/share/zoneinfo dir=/usr/share/zoneinfo fstype=ext4
Debug 741: file: /home/internet/.pki; dirfd: 4; topdir: /home/internet; rel: .pki
Whitelisting /home/internet/.pki
1215 1173 253:0 /home/internet/.pki /home/internet/.pki rw,noatime - ext4 /dev/mapper/rootfs rw
mountid=1215 fsname=/home/internet/.pki dir=/home/internet/.pki fstype=ext4
Debug 741: file: /home/internet/.local/share/pki; dirfd: 4; topdir: /home/internet; rel: .local/share/pki
Whitelisting /home/internet/.local/share/pki
1216 1173 253:0 /home/internet/.local/share/pki /home/internet/.local/share/pki rw,noatime - ext4 /dev/mapper/rootfs rw
mountid=1216 fsname=/home/internet/.local/share/pki dir=/home/internet/.local/share/pki fstype=ext4
Debug 741: file: /home/internet/.config/dconf; dirfd: 4; topdir: /home/internet; rel: .config/dconf
Whitelisting /home/internet/.config/dconf
1217 1173 253:0 /home/internet/.config/dconf /home/internet/.config/dconf rw,noatime - ext4 /dev/mapper/rootfs rw
mountid=1217 fsname=/home/internet/.config/dconf dir=/home/internet/.config/dconf fstype=ext4
Debug 741: file: /home/internet/.cache/fontconfig; dirfd: 4; topdir: /home/internet; rel: .cache/fontconfig
Whitelisting /home/internet/.cache/fontconfig
1218 1173 253:0 /home/internet/.cache/fontconfig /home/internet/.cache/fontconfig rw,noatime - ext4 /dev/mapper/rootfs rw
mountid=1218 fsname=/home/internet/.cache/fontconfig dir=/home/internet/.cache/fontconfig fstype=ext4
Debug 741: file: /home/internet/.fontconfig; dirfd: 4; topdir: /home/internet; rel: .fontconfig
Whitelisting /home/internet/.fontconfig
1219 1173 253:0 /home/internet/.fontconfig /home/internet/.fontconfig rw,noatime - ext4 /dev/mapper/rootfs rw
mountid=1219 fsname=/home/internet/.fontconfig dir=/home/internet/.fontconfig fstype=ext4
Debug 741: file: /var/lib/aspell; dirfd: 7; topdir: /var; rel: lib/aspell
Whitelisting /var/lib/aspell
1220 1170 253:0 /var/lib/aspell /var/lib/aspell ro,nosuid,nodev,noexec,noatime - ext4 /dev/mapper/rootfs rw
mountid=1220 fsname=/var/lib/aspell dir=/var/lib/aspell fstype=ext4
Debug 741: file: /var/lib/dbus; dirfd: 7; topdir: /var; rel: lib/dbus
Whitelisting /var/lib/dbus
1221 1170 253:0 /var/lib/dbus /var/lib/dbus ro,nosuid,nodev,noexec,noatime - ext4 /dev/mapper/rootfs rw
mountid=1221 fsname=/var/lib/dbus dir=/var/lib/dbus fstype=ext4
Debug 741: file: /var/lib/menu-xdg; dirfd: 7; topdir: /var; rel: lib/menu-xdg
Whitelisting /var/lib/menu-xdg
1222 1170 253:0 /var/lib/menu-xdg /var/lib/menu-xdg ro,nosuid,nodev,noexec,noatime - ext4 /dev/mapper/rootfs rw
mountid=1222 fsname=/var/lib/menu-xdg dir=/var/lib/menu-xdg fstype=ext4
Debug 741: file: /var/cache/fontconfig; dirfd: 7; topdir: /var; rel: cache/fontconfig
Whitelisting /var/cache/fontconfig
1223 1170 253:0 /var/cache/fontconfig /var/cache/fontconfig ro,nosuid,nodev,noexec,noatime - ext4 /dev/mapper/rootfs rw
mountid=1223 fsname=/var/cache/fontconfig dir=/var/cache/fontconfig fstype=ext4
Debug 741: file: /var/tmp; dirfd: 7; topdir: /var; rel: tmp
Whitelisting /var/tmp
1224 1170 0:46 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw,inode64
mountid=1224 fsname=/ dir=/var/tmp fstype=tmpfs
Created symbolic link /var/run -> /run
Created symbolic link /var/lock -> /run/lock
Debug 741: file: /tmp/.X11-unix; dirfd: 8; topdir: /tmp; rel: .X11-unix
Whitelisting /tmp/.X11-unix
1225 1171 0:29 /.X11-unix /tmp/.X11-unix rw,noatime - tmpfs none rw,inode64
mountid=1225 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Mounting read-only /home/internet/.config/dconf
1226 1217 253:0 /home/internet/.config/dconf /home/internet/.config/dconf ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1226 fsname=/home/internet/.config/dconf dir=/home/internet/.config/dconf fstype=ext4
Disable /usr/share/applications/veracrypt.desktop
Disable /usr/share/pixmaps/veracrypt.xpm
Disable /run/acpid.socket (requested /var/run/acpid.socket)
Disable /run/rpcbind.sock (requested /var/run/rpcbind.sock)
Not blacklist /home/internet/.pki
Not blacklist /home/internet/.local/share/pki
Disable /sbin
Disable /usr/local/sbin
Disable /usr/sbin
Disable /usr/local/gcc-10.2.0/bin/c++-10.2
Disable /usr/local/gcc-10.2.0/bin/cpp-10.2
Disable /usr/local/gcc-10.2.0/bin/g++-10.2
Disable /usr/local/gcc-10.2.0/bin/gcc-nm-10.2
Disable /usr/local/gcc-10.2.0/bin/gcc-ar-10.2
Disable /usr/local/gcc-10.2.0/bin/gcc-ranlib-10.2
Disable /usr/local/gcc-10.2.0/bin/gcc-10.2
Disable /usr/local/gcc-10.2.0/bin/x86_64-linux-gnu-gcc-ranlib-10.2
Disable /usr/local/gcc-10.2.0/bin/x86_64-linux-gnu-gcc-10.2.0
Disable /usr/local/gcc-10.2.0/bin/x86_64-linux-gnu-gcc-nm-10.2
Disable /usr/local/gcc-10.2.0/bin/x86_64-linux-gnu-gDISPLAY=:0.0 parsed as 0
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 04 00 c000003e   jeq ARCH_64 0006 (false 0002)
 0002: 20 00 00 00000000   ld  data.syscall-number
 0003: 15 01 00 00000167   jeq unknown 0005 (false 0004)
 0004: 06 00 00 7fff0000   ret ALLOW
 0005: 05 00 00 00000006   jmp 000c
 0006: 20 00 00 00000004   ld  data.architecture
 0007: 15 01 00 c000003e   jeq ARCH_64 0009 (false 0008)
 0008: 06 00 00 7fff0000   ret ALLOW
 0009: 20 00 00 00000000   ld  data.syscall-number
 000a: 15 01 00 00000029   jeq socket 000c (false 000b)
 000b: 06 00 00 7fff0000   ret ALLOW
 000c: 20 00 00 00000010   ld  data.args[0]
 000d: 15 00 01 00000001   jeq 1 000e (false 000f)
 000e: 06 00 00 7fff0000   ret ALLOW
 000f: 15 00 01 00000002   jeq 2 0010 (false 0011)
 0010: 06 00 00 7fff0000   ret ALLOW
 0011: 15 00 01 0000000a   jeq a 0012 (false 0013)
 0012: 06 00 00 7fff0000   ret ALLOW
 0013: 15 00 01 00000010   jeq 10 0014 (false 0015)
 0014: 06 00 00 7fff0000   ret ALLOW
 0015: 06 00 00 0005005f   ret ERRNO(95)
cc-ar-10.2
Disable /usr/local/gcc-10.2.0/bin/x86_64-linux-gnu-gcc-10.2
Disable /usr/local/gcc-10.2.0/bin/x86_64-linux-gnu-g++-10.2
Disable /usr/local/gcc-10.2.0/bin/x86_64-linux-gnu-gcc-ranlib-10.2
Disable /usr/local/gcc-10.2.0/bin/x86_64-linux-gnu-gcc-10.2.0
Disable /usr/local/gcc-10.2.0/bin/x86_64-linux-gnu-gcc-nm-10.2
Disable /usr/local/gcc-10.2.0/bin/x86_64-linux-gnu-gcc-ar-10.2
Disable /usr/local/gcc-10.2.0/bin/x86_64-linux-gnu-gcc-10.2
Disable /usr/local/gcc-10.2.0/bin/x86_64-linux-gnu-g++-10.2
Disable /usr/src
Disable /usr/local/src
Disable /usr/include
Disable /usr/local/include
Mounting noexec /home/internet/.cache/mozilla/firefox
1257 1174 253:0 /home/internet/.cache/mozilla/firefox /home/internet/.cache/mozilla/firefox rw,nosuid,nodev,noexec,noatime - ext4 /dev/mapper/rootfs rw
mountid=1257 fsname=/home/internet/.cache/mozilla/firefox dir=/home/internet/.cache/mozilla/firefox fstype=ext4
Mounting noexec /home/internet/.mozilla
1258 1175 253:0 /home/internet/.mozilla /home/internet/.mozilla rw,nosuid,nodev,noexec,noatime - ext4 /dev/mapper/rootfs rw
mountid=1258 fsname=/home/internet/.mozilla dir=/home/internet/.mozilla fstype=ext4
Mounting noexec /home/internet/.pki
1259 1215 253:0 /home/internet/.pki /home/internet/.pki rw,nosuid,nodev,noexec,noatime - ext4 /dev/mapper/rootfs rw
mountid=1259 fsname=/home/internet/.pki dir=/home/internet/.pki fstype=ext4
Mounting noexec /home/internet/.local/share/pki
1260 1216 253:0 /home/internet/.local/share/pki /home/internet/.local/share/pki rw,nosuid,nodev,noexec,noatime - ext4 /dev/mapper/rootfs rw
mountid=1260 fsname=/home/internet/.local/share/pki dir=/home/internet/.local/share/pki fstype=ext4
Mounting noexec /home/internet/.config/dconf
1261 1226 253:0 /home/internet/.config/dconf /home/internet/.config/dconf ro,nosuid,nodev,noexec,noatime - ext4 /dev/mapper/rootfs rw
mountid=1261 fsname=/home/internet/.config/dconf dir=/home/internet/.config/dconf fstype=ext4
Mounting noexec /home/internet/.cache/fontconfig
1262 1218 253:0 /home/internet/.cache/fontconfig /home/internet/.cache/fontconfig rw,nosuid,nodev,noexec,noatime - ext4 /dev/mapper/rootfs rw
mountid=1262 fsname=/home/internet/.cache/fontconfig dir=/home/internet/.cache/fontconfig fstype=ext4
Mounting noexec /home/internet/.fontconfig
1263 1219 253:0 /home/internet/.fontconfig /home/internet/.fontconfig rw,nosuid,nodev,noexec,noatime - ext4 /dev/mapper/rootfs rw
mountid=1263 fsname=/home/internet/.fontconfig dir=/home/internet/.fontconfig fstype=ext4
Mounting noexec /dev/shm
1264 117 0:52 /shm /dev/shm rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64
mountid=1264 fsname=/shm dir=/dev/shm fstype=tmpfs
Mounting noexec /tmp
1266 1265 0:29 /.X11-unix /tmp/.X11-unix rw,noatime - tmpfs none rw,inode64
mountid=1266 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Mounting noexec /tmp/.X11-unix
1267 1266 0:29 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev,noexec,noatime - tmpfs none rw,inode64
mountid=1267 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Disable /usr/share/perl5
Disable /usr/share/perl
Not blacklist /home/internet/.mozilla
Not blacklist /home/internet/.cache/mozilla
Mounting tmpfs on /home/internet/.cache, check owner: yes
1270 1173 0:60 / /home/internet/.cache rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,mode=755,uid=1001,gid=1003,inode64
mountid=1270 fsname=/ dir=/home/internet/.cache fstype=tmpfs
Mounting read-only /tmp/.X11-unix
1271 1267 0:29 /.X11-unix /tmp/.X11-unix ro,nosuid,nodev,noexec,noatime - tmpfs none rw,inode64
mountid=1271 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Disable /sys/fs
Disable /sys/module
Disable /mnt
Disable /media
Disable /run/mount
/etc/pulse/client.conf not found
Current directory: /home/internet
Install protocol filter: unix,inet,inet6,netlink
configuring 22 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol
sbox run: /usr/local/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol 
Build drop seccomp filter
sbox run: /run/firejail/lib/fseccomp drop /run/firejail/mnt/seccomp/seccomp /run/firejail/mnt/seccomp/seccomp.postexec @cloSeccomp list in: @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice, check list: @default-keep, prelist: adjtimex,clock_adjtime,clock_settime,settimeofday,modify_ldt,lookup_dcookie,perf_event_open,process_vm_writev,delete_module,finit_module,init_module,_sysctl,afs_syscall,create_module,get_kernel_syms,getpmsg,putpmsg,query_module,security,sysfs,tuxcall,uselib,ustat,vserver,ioperm,iopl,kexec_load,kexec_file_load,reboot,ioprio_set,mbind,migrate_pages,move_pages,sched_setaffinity,sched_setattr,sched_setparam,sched_setscheduler,set_mempolicy,swapon,swapoff,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount2,userfaultfd,vhangup,vmsplice,
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 35 01 00 40000000   jge X32_ABI 0006 (false 0005)
 0005: 35 01 00 00000000   jge read 0007 (false 0006)
 0006: 06 00 00 00050001   ret ERRNO(1)
 0007: 15 45 00 0000009f   jeq adjtimex 004d (false 0008)
 0008: 15 44 00 00000131   jeq clock_adjtime 004d (false 0009)
 0009: 15 43 00 000000e3   jeq clock_settime 004d (false 000a)
 000a: 15 42 00 000000a4   jeq settimeofday 004d (false 000b)
 000b: 15 41 00 0000009a   jeq modify_ldt 004d (false 000c)
 000c: 15 40 00 000000d4   jeq lookup_dcookie 004d (false 000d)
 000d: 15 3f 00 0000012a   jeq perf_event_open 004d (false 000e)
 000e: 15 3e 00 00000137   jeq process_vm_writev 004d (false 000f)
 000f: 15 3d 00 000000b0   jeq delete_module 004d (false 0010)
 0010: 15 3c 00 00000139   jeq finit_module 004d (false 0011)
 0011: 15 3b 00 000000af   jeq init_module 004d (false 0012)
 0012: 15 3a 00 0000009c   jeq _sysctl 004d (false 0013)
 0013: 15 39 00 000000b7   jeq afs_syscall 004d (false 0014)
 0014: 15 38 00 000000ae   jeq create_module 004d (false 0015)
 0015: 15 37 00 000000b1   jeq get_kernel_syms 004d (false 0016)
 0016: 15 36 00 000000b5   jeq getpmsg 004d (false 0017)
 0017: 15 35 00 000000b6   jeq putpmsg 004d (false 0018)
 0018: 15 34 00 000000b2   jeq query_module 004d (false 0019)
 0019: 15 33 00 000000b9   jeq security 004d (false 001a)
 001a: 15 32 00 0000008b   jeq sysfs 004d (false 001b)
 001b: 15 31 00 000000b8   jeq tuxcall 004d (false 001c)
 001c: 15 30 00 00000086   jeq uselib 004d (false 001d)
 001d: 15 2f 00 00000088   jeq ustat 004d (false 001e)
 001e: 15 2e 00 000000ec   jeq vserver 004d (false 001f)
 001f: 15 2d 00 000000ad   jeq ioperm 004d (false 0020)
 0020: 15 2c 00 000000ac   jeq iopl 004d (false 0021)
 0021: 15 2b 00 000000f6   jeq kexec_load 004d (false 0022)
 0022: 15 2a 00 00000140   jeq kexec_file_load 004d (false 0023)
 0023: 15 29 00 000000a9   jeq reboot 004d (false 0024)
 0024: 15 28 00 000000fb   jeq ioprio_set 004d (false 0025)
 0025: 15 27 00 000000ed   jeq mbind 004d (false 0026)
 0026: 15 26 00 00000100   jeq migrate_pages 004d (false 0027)
 0027: 15 25 00 00000117   jeq move_pages 004d (false 0028)
 0028: 15 24 00 000000cb   jeq sched_setaffinity 004d (false 0029)
 0029: 15 23 00 0000013a   jeq sched_setattr 004d (false 002a)
 002a: 15 22 00 0000008e   jeq sched_setparam 004d (false 002b)
 002b: 15 21 00 00000090   jeq sched_setscheduler 004d (false 002c)
 002c: 15 20 00 000000ee   jeq set_mempolicy 004d (false 002d)
 002d: 15 1f 00 000000a7   jeq swapon 004d (false 002e)
 002e: 15 1e 00 000000a8   jeq swapoff 004d (false 002f)
 002f: 15 1d 00 000000a3   jeq acct 004d (false 0030)
 0030: 15 1c 00 000000f8   jeq add_key 004d (false 0031)
 0031: 15 1b 00 00000141   jeq bpf 004d (false 0032)
 0032: 15 1a 00 0000012c   jeq fanotify_init 004d (false 0033)
 0033: 15 19 00 000000d2   jeq io_cancel 004d (false 0034)
 0034: 15 18 00 000000cf   jeq io_destroy 004d (false 0035)
 0035: 15 17 00 000000d0   jeq io_getevents 004d (false 0036)
 0036: 15 16 00 000000ce   jeq io_setup 004d (false 0037)
 0037: 15 15 00 000000d1   jeq io_submit 004d (false 0038)
 0038: 15 14 00 000000fb   jeq ioprio_set 004d (false 0039)
 0039: 15 13 00 00000138   jeq kcmp 004d (false 003a)
 003a: 15 12 00 000000fa   jeq keyctl 004d (false 003b)
 003b: 15 11 00 000000a5   jeq mount 004d (false 003c)
 003c: 15 10 00 0000012f   jeq name_to_handle_at 004d (false 003d)
 003d: 15 0f 00 000000b4   jeq nfsservctl 004d (false 003e)
 003e: 15 0e 00 00000130   jeq open_by_handle_at 004d (false 003f)
 003f: 15 0d 00 00000087   jeq personality 004d (false 0040)
 0040: 15 0c 00 0000009b   jeq pivot_root 004d (false 0041)
 0041: 15 0b 00 00000136   jeq process_vm_readv 004d (false 0042)
 0042: 15 0a 00 00000065   jeq ptrace 004d (false 0043)
 0043: 15 09 00 000000d8   jeq remap_file_pages 004d (false 0044)
 0044: 15 08 00 000000f9   jeq request_key 004d (false 0045)
 0045: 15 07 00 000000ab   jeq setdomainname 004d (false 0046)
 0046: 15 06 00 000000aa   jeq sethostname 004d (false 0047)
 0047: 15 05 00 00000067   jeq syslog 004d (false 0048)
 0048: 15 04 00 000000a6   jeq umount2 004d (false 0049)
 0049: 15 03 00 00000143   jeq userfaultfd 004d (false 004a)
 004a: 15 02 00 00000099   jeq vhangup 004d (false 004b)
 004b: 15 01 00 00000116   jeq vmsplice 004d (false 004c)
 004c: 06 00 00 7fff0000   ret ALLOW
 004d: 06 00 01 00050001   ret ERRNO(1)
ck,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice 
sbox run: /run/firejail/lib/fsec-optimize /run/firejail/mnt/seccomp/seccomp 
configuring 78 seccomp entries in /run/firejail/mnt/seccomp/seccomp
sbox run: /usr/local/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp 
seccomp filter configured
Mounting read-only /run/firejail/mnt/seccomp
1277 73 0:43 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755,inode64
mountid=1277 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs
Seccomp directory:
ls /run/firejail/mnt/seccomp
drwxr-xr-x root     root             160 .
drwxr-xr-x root     root             320 ..
-rw-r--r-- internet internet         624 seccomp
-rw-r--r-- internet internet         432 seccomp.32
-rw-r--r-- internet internet          77 seccomp.list
-rw-r--r-- internet internet           0 seccomp.postexec
-rw-r--r-- internet internet           0 seccomp.postexec32
-rw-r--r-- internet internet         176 seccomp.protocol
Active seccomp files:
cat /run/firejail/mnt/seccomp/seccomp.list
/run/firejail/mnt/seccomp/seccomp.protocol
/run/firejail/mnt/seccomp/seccomp
Dropping all capabilities
noroot user namespace installed
Dropping all capabilities
NO_NEW_PRIVS set
Drop privileges: pid 1, uid 1001, gid 1003, nogroups 1
No supplementary groups
AppArmor enabled
Child process initialized in 743.59 ms
Starting application
LD_PRELOAD=(null)
execvp argument 0: firefox
/usr/local/bin/firefox: 3: /usr/local/bin/firefox: which: Permission denied
No protocol specified
Unable to init server: connection....
Error: cannot open display: :0.0

Parent is shutting down, bye...

EDIT by @rusty-snake: code-block and details-summary

<!-- gh-comment-id:855879097 --> @osevan commented on GitHub (Jun 7, 2021): here when i try to start <details><summary><code>firejail --debug firefox</code></summary> ``` $ firejail --debug firefox 2>&1 | tee output.log Reading profile /usr/local/etc/firejail/firefox.profile Autoselecting /bin/sh as shell Building quoted command line: 'firefox' Command name #firefox# Found firefox.profile profile in /usr/local/etc/firejail directory Reading profile /usr/local/etc/firejail/whitelist-usr-share-common.inc Found whitelist-usr-share-common.inc profile in /usr/local/etc/firejail directory Reading profile /usr/local/etc/firejail/firefox-common.profile Found firefox-common.profile profile in /usr/local/etc/firejail directory Reading profile /usr/local/etc/firejail/disable-common.inc Found disable-common.inc profile in /usr/local/etc/firejail directory Reading profile /usr/local/etc/firejail/disable-devel.inc Found disable-devel.inc profile in /usr/local/etc/firejail directory Reading profile /usr/local/etc/firejail/disable-exec.inc Found disable-exec.inc profile in /usr/local/etc/firejail directory Reading profile /usr/local/etc/firejail/disable-interpreters.inc Found disable-interpreters.inc profile in /usr/local/etc/firejail directory Reading profile /usr/local/etc/firejail/disable-programs.inc Found disable-programs.inc profile in /usr/local/etc/firejail directory Reading profile /usr/local/etc/firejail/whitelist-common.inc Found whitelist-common.inc profile in /usr/local/etc/firejail directory Reading profile /usr/local/etc/firejail/whitelist-runuser-common.inc Found whitelist-runuser-common.inc profile in /usr/local/etc/firejail directory Reading profile /usr/local/etc/firejail/whitelist-var-common.inc Found whitelist-var-common.inc profile in /usr/local/etc/firejail directory [profile] combined protocol list: "unix,inet,inet6,netlink" [profile] combined protocol list: "unix,inet,inet6,netlink" DISPLAY=:0.0 parsed as 0 Warning: /usr/bin/xdg-dbus-proxy was not found, downgrading dbus-user policy to allow. To enable DBus filtering, install the xdg-dbus-proxy program. Ignoring "dbus-user.own org.mozilla.Firefox.*" and 2 other dbus-user filter rules. Parent pid 18484, child pid 18486 conditional BROWSER_DISABLE_U2F, nou2f conditional BROWSER_DISABLE_U2F, private-dev Seccomp list in: !chroot, check list: @default-keep, prelist: unknown, Seccomp list in: @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice, check list: @default-keep, prelist: adjtimex,clock_adjtime,clock_settime,settimeofday,modify_ldt,lookup_dcookie,perf_event_open,process_vm_writev,delete_module,finit_module,init_module,_sysctl,afs_syscall,create_module,get_kernel_syms,getpmsg,putpmsg,query_module,security,sysfs,tuxcall,uselib,ustat,vserver,ioperm,iopl,kexec_load,kexec_file_load,reboot,ioprio_set,mbind,migrate_pages,move_pages,sched_setaffinity,sched_setattr,sched_setparam,sched_setscheduler,set_mempolicy,swapon,swapoff,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount2,userfaultfd,vhangup,vmsplice, Using the local network stack conditional BROWSER_DISABLE_U2F, nou2f conditional BROWSER_DISABLE_U2F, private-dev Seccomp list in: !chroot, check list: @default-keep, prelist: unknown, Seccomp list in: @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice, check list: @default-keep, prelist: adjtimex,clock_adjtime,clock_settime,settimeofday,modify_ldt,lookup_dcookie,perf_event_open,process_vm_writev,delete_module,finit_module,init_module,_sysctl,afs_syscall,create_module,get_kernel_syms,getpmsg,putpmsg,query_module,security,sysfs,tuxcall,uselib,ustat,vserver,ioperm,iopl,kexec_load,kexec_file_load,reboot,ioprio_set,mbind,migrate_pages,move_pages,sched_setaffinity,sched_setattr,sched_setparam,sched_setscheduler,set_mempolicy,swapon,swapoff,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount2,userfaultfd,vhangup,vmsplice, Using the local network stack Initializing child process PID namespace installed Mounting tmpfs on /run/firejail/mnt directory Creating empty /run/firejail/mnt/seccomp directory Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file Build protocol filter: unix,inet,inet6,netlink sbox run: /run/firejail/lib/fseccomp protocol build unix,inet,inet6,netlink /run/firejail/mnt/seccomp/seccomp.protocol Mounting /proc filesystem representing the PID namespace Basic read-only filesystem: Mounting read-only /etc 76 52 253:0 /etc /etc ro,noatime - ext4 /dev/mapper/rootfs rw mountid=76 fsname=/etc dir=/etc fstype=ext4 Mounting noexec /etc 77 76 253:0 /etc /etc ro,nosuid,nodev,noexec,noatime - ext4 /dev/mapper/rootfs rw mountid=77 fsname=/etc dir=/etc fstype=ext4 Mounting read-only /var 80 78 0:31 / /var/spool rw,noatime - tmpfs none rw,inode64 mountid=80 fsname=/ dir=/var/spool fstype=tmpfs Mounting read-only /var/tmp 81 79 0:30 / /var/tmp ro,noatime - tmpfs none rw,inode64 mountid=81 fsname=/ dir=/var/tmp fstype=tmpfs Mounting read-only /var/spool 82 80 0:31 / /var/spool ro,noatime - tmpfs none rw,inode64 mountid=82 fsname=/ dir=/var/spool fstype=tmpfs Mounting noexec /var 87 86 0:31 / /var/spool ro,noatime - tmpfs none rw,inode64 mountid=87 fsname=/ dir=/var/spool fstype=tmpfs Mounting noexec /var/tmp 88 85 0:30 / /var/tmp ro,nosuid,nodev,noexec,noatime - tmpfs none rw,inode64 mountid=88 fsname=/ dir=/var/tmp fstype=tmpfs Mounting noexec /var/spool 89 87 0:31 / /var/spool ro,nosuid,nodev,noexec,noatime - tmpfs none rw,inode64 mountid=89 fsname=/ dir=/var/spool fstype=tmpfs Mounting read-only /usr 90 52 253:0 /usr /usr ro,noatime - ext4 /dev/mapper/rootfs rw mountid=90 fsname=/usr dir=/usr fstype=ext4 Mounting read-only /bin 91 52 253:0 /bin /bin ro,noatime - ext4 /dev/mapper/rootfs rw mountid=91 fsname=/bin dir=/bin fstype=ext4 Mounting read-only /sbin 92 52 253:0 /sbin /sbin ro,noatime - ext4 /dev/mapper/rootfs rw mountid=92 fsname=/sbin dir=/sbin fstype=ext4 Mounting read-only /lib 93 52 253:0 /lib /lib ro,noatime - ext4 /dev/mapper/rootfs rw mountid=93 fsname=/lib dir=/lib fstype=ext4 Mounting read-only /lib64 94 52 253:0 /lib64 /lib64 ro,noatime - ext4 /dev/mapper/rootfs rw mountid=94 fsname=/lib64 dir=/lib64 fstype=ext4 Mounting read-only /lib32 95 52 253:0 /lib32 /lib32 ro,noatime - ext4 /dev/mapper/rootfs rw mountid=95 fsname=/lib32 dir=/lib32 fstype=ext4 Mounting read-only /libx32 96 52 253:0 /libx32 /libx32 ro,noatime - ext4 /dev/mapper/rootfs rw mountid=96 fsname=/libx32 dir=/libx32 fstype=ext4 Mounting tmpfs on /var/lock Mounting tmpfs oWarning: file firefox-wayland not found Warning: file getenforce not found Warning: file restorecon not found n /var/tmp Mounting tmpfs on /var/log Mounting tmpfs on /var/lib/dhcp Mounting tmpfs on /var/lib/snmp Mounting tmpfs on /var/lib/sudo Create the new utmp file Mount the new utmp file Cleaning /home directory Cleaning /run/user directory Cannot open /run/user/1001 directory Sanitizing /etc/passwd, UID_MIN 1000 Sanitizing /etc/group, GID_MIN 1000 Disable /run/firejail/network Disable /run/firejail/bandwidth Disable /run/firejail/name Disable /run/firejail/profile Disable /run/firejail/x11 Mounting tmpfs on /dev mounting /run/firejail/mnt/dev/snd directory mounting /run/firejail/mnt/dev/dri directory mounting /run/firejail/mnt/dev/video0 file mounting /run/firejail/mnt/dev/video1 file Process /dev/shm directory Copying files in the new bin directory Checking /usr/local/bin/basename Checking /usr/bin/basename sbox run: /run/firejail/lib/fcopy /usr/bin/basename /run/firejail/mnt/bin Checking /usr/local/bin/bash Checking /usr/bin/bash Checking /bin/bash sbox run: /run/firejail/lib/fcopy /bin/bash /run/firejail/mnt/bin Checking /usr/local/bin/cat Checking /usr/bin/cat Checking /bin/cat sbox run: /run/firejail/lib/fcopy /bin/cat /run/firejail/mnt/bin Checking /usr/local/bin/dirname Checking /usr/bin/dirname sbox run: /run/firejail/lib/fcopy /usr/bin/dirname /run/firejail/mnt/bin Checking /usr/local/bin/expr Checking /usr/bin/expr sbox run: /run/firejail/lib/fcopy /usr/bin/expr /run/firejail/mnt/bin Checking /usr/local/bin/false Checking /usr/bin/false Checking /bin/false sbox run: /run/firejail/lib/fcopy /bin/false /run/firejail/mnt/bin Checking /usr/local/bin/firefox Checking /usr/bin/firefox sbox run: /run/firejail/lib/fcopy /usr/bin/firefox /run/firejail/mnt/bin Checking /usr/local/bin/firefox-esr Checking /usr/bin/firefox-esr file /usr/lib/firefox-esr/firefox-esr not found sbox run: /run/firejail/lib/fcopy /usr/bin/firefox-esr /run/firejail/mnt/bin Checking /usr/local/bin/firefox-wayland Checking /usr/bin/firefox-wayland Checking /bin/firefox-wayland Checking /usr/games/firefox-wayland Checking /usr/local/games/firefox-wayland Checking /usr/local/sbin/firefox-wayland Checking /usr/sbin/firefox-wayland Checking /sbin/firefox-wayland Checking /usr/local/bin/getenforce Checking /usr/bin/getenforce Checking /bin/getenforce Checking /usr/games/getenforce Checking /usr/local/games/getenforce Checking /usr/local/sbin/getenforce Checking /usr/sbin/getenforce Checking /sbin/getenforce Checking /usr/local/bin/ln Checking /usr/bin/ln Checking /bin/ln sbox run: /run/firejail/lib/fcopy /bin/ln /run/firejail/mnt/bin Checking /usr/local/bin/mkdir Checking /usr/bin/mkdir Checking /bin/mkdir sbox run: /run/firejail/lib/fcopy /bin/mkdir /run/firejail/mnt/bin Checking /usr/local/bin/pidof Checking /usr/bin/pidof Checking /bin/pidof sbox run: /run/firejail/lib/fcopy /sbin/killall5 /run/firejail/mnt/bin sbox run: /run/firejail/lib/fcopy /bin/pidof /run/firejail/mnt/bin Checking /usr/local/bin/restorecon Checking /usr/bin/restorecon Checking /bin/restorecon Checking /usr/games/restorecon Checking /usr/local/games/restorecon Checking /usr/local/sbin/restorecon Checking /usr/sbin/restorecon Checking /sbin/restorecon Checking /usr/local/bin/rm Checking /usr/bin/rm Checking /bin/rm sbox run: /run/firejail/lib/fcopy /bin/rm /run/firejail/mnt/bin Checking /usr/local/bin/rmdir Checking /usr/bin/rmdir Checking /bin/rmdir sbox run: /run/firejail/lib/fcopy /bin/rmdir /run/firejail/mnt/bin Checking /usr/local/bin/sed Checking /usr/bin/sed Checking /bin/sed sbox run: /run/firejail/lib/fcopy /bin/sed /run/firejail/mnt/bin Checking /usr/local/bin/sh Checking /usr/bin/sh Checking /bin/sh sbox run: /run/firejail/lib/fcopy /bin/dash /run/firejail/mnt/bin sbox run: /run/firejail/lib/fcopy /bin/sh /run/firejail/mnt/bin Checking /usr/local/bin/tclsh Checking /usr/bin/tclsh sbox run: /run/firejail/lib/fcopy /usr/bin/tclsh8.6 /run/firejail/mnt/bin sbox run: /run/firejail/lib/fcopy /usr/bin/tclsh /run/firejail/mnt/bin Checking /usr/local/bin/true Checking /usr/bin/true Checking /bin/true sbox run: /run/firejail/lib/fcopy /bin/true /run/firejail/mnt/b21 programs installed in 51.53 ms in Checking /usr/local/bin/uname Checking /usr/bin/uname Checking /bin/uname sbox run: /run/firejail/lib/fcopy /bin/uname /run/firejail/mnt/bin Mount-bind /run/firejail/mnt/bin on top of /usr/local/bin Mount-bind /run/firejail/mnt/bin on top of /usr/bin Mount-bind /run/firejail/mnt/bin on top of /bin Mount-bind /run/firejail/mnt/bin on top of /usr/games Mount-bind /run/firejail/mnt/bin on top of /usr/local/games Mount-bind /run/firejail/mnt/bin on top of /usr/local/sbin Mount-bind /run/firejail/mnt/bin on top of /usr/sbin Mount-bind /run/firejail/mnt/bin on top of /sbin Standard C library installed in 1.43 ms Starting private-lib processing: program firefox, shell none Installing standard C library mounting /lib/x86_64-linux-gnu/libnss_nis.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libnss_nis.so.2 mounting /lib/x86_64-linux-gnu/librt.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/librt.so.1 mounting /lib/x86_64-linux-gnu/libapparmor.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libapparmor.so.1 mounting /lib/x86_64-linux-gnu/libnss_files.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libnss_files.so.2 mounting /lib/x86_64-linux-gnu/libselinux.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libselinux.so.1 mounting /lib/x86_64-linux-gnu/ld-linux-x86-64.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2 mounting /lib/x86_64-linux-gnu/libutil.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libutil.so.1 mounting /lib/x86_64-linux-gnu/libpthread.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libpthread.so.0 mounting /lib/x86_64-linux-gnu/libcrypt.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libcrypt.so.1 mounting /lib/x86_64-linux-gnu/libthread_db.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libthread_db.so.1 mounting /lib/x86_64-linux-gnu/libnss_hesiod.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libnss_hesiod.so.2 mounting /lib/x86_64-linux-gnu/libmemusage.so on /run/firejail/mnt/lib/x86_64-linux-gnu/libmemusage.so mounting /lib/x86_64-linux-gnu/libmvec.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libmvec.so.1 mounting /lib/x86_64-linux-gnu/libnss_dns.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libnss_dns.so.2 mounting /lib/x86_64-linux-gnu/libc.so.6 on /run/firejail/mnt/lib/x86_64-linux-gnu/libc.so.6 mounting /lib/x86_64-linux-gnu/libanl.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libanl.so.1 mounting /lib/x86_64-linux-gnu/libnss_compat.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libnss_compat.so.2 mounting /lib/x86_64-linux-gnu/libnsl.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libnsl.so.1 mounting /lib/x86_64-linux-gnu/libresolv.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libresolv.so.2 mounting /lib/x86_64-linux-gnu/libm.so.6 on /run/firejail/mnt/lib/x86_64-linux-gnu/libm.so.6 mounting /lib/x86_64-linux-gnu/libapparmor.so.1.6.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libapparmor.so.1.6.0 mounting /lib/x86_64-linux-gnu/libnss_nisplus.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libnss_nisplus.so.2 mounting /lib/x86_64-linux-gnu/libdl.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libdl.so.2 mounting /lib64/ld-linux-x86-64.so.2 on /run/firejail/mnt/lib/ld-linux-x86-64.so.2 mounting /usr/lib/locale on /run/firejail/mnt/lib/locale Firejail libraries installed in 2.84 ms Installing Firejail libraries Cannot read /usr/local/bin/firejail, skipping... mounting /usr/local/lib/firejail on /run/firejail/mnt/lib/firejail fslib_mount_libs /run/firejail/lib/fcopy (parse as root) Creating empty /run/firejail/mnt/libfiles file running fldd /run/firejail/lib/fcopy sbox run: /run/firejail/lib/fldd /run/firejail/lib/fcopy /run/firejail/mnt/libfiles Installing sandboxed program libraries Searching $PATH for firefox trying #/home/ra/.local/bin/firefox# trying #/usr/local/gcc-10.2.0/bin/firefox# trying #/usr/local/bin/firefox# fslib_install_list /usr/local/bin/firefox Processing private-lib files fslib_install_list /usr/lib/firefox-esr/libmozgtk.so,/usr/lib/firefox-esr/libxul.so mounting /usr/lib/firefox-esr/libmozgtk.so on /run/firejail/mnt/lib/libmozgtk.so fslib_mount_libs /usr/lib/firefox-esr/libmozgtk.so (parse as user) Creating empty /run/firejail/mnt/libfiles file running fldd /usr/lib/firefox-esr/libmozgtk.so sbox run: /run/firejail/lib/fldd /usr/lib/firefox-esr/libmozgtk.so /run/firejail/mnt/libfiles mounting /usr/lib/x86_64-linux-gnu/libatspi.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libatspi.so.0 mounting /lib/x86_64-linux-gnu/libcap.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libcap.so.2 mounting /lib/x86_64-linux-gnu/libsystemd.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libsystemd.so.0 mounting /lib/x86_64-linux-gnu/libdbus-1.so.3 on /run/firejail/mnt/lib/x86_64-linux-gnu/libdbus-1.so.3 mounting /usr/lib/x86_64-linux-gnu/libatk-bridge-2.0.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libatk-bridge-2.0.so.0 mounting /usr/lib/x86_64-linux-gnu/libatk-1.0.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libatk-1.0.so.0 mounting /usr/lib/x86_64-linux-gnu/libepoxy.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libepoxy.so.0 mounting /usr/lib/x86_64-linux-gnu/libwayland-egl.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libwayland-egl.so.1 mounting /usr/lib/x86_64-linux-gnu/libwayland-client.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libwayland-client.so.0 mounting /usr/lib/x86_64-linux-gnu/libwayland-cursor.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libwayland-cursor.so.0 mounting /usr/lib/x86_64-linux-gnu/libxkbcommon.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libxkbcommon.so.0 mounting /usr/lib/x86_64-linux-gnu/libXdamage.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libXdamage.so.1 mounting /usr/lib/x86_64-linux-gnu/libXcomposite.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libXcomposite.so.1 mounting /usr/lib/x86_64-linux-gnu/libXfixes.so.3 on /run/firejail/mnt/lib/x86_64-linux-gnu/libXfixes.so.3 mounting /usr/lib/x86_64-linux-gnu/libXcursor.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libXcursor.so.1 mounting /usr/lib/x86_64-linux-gnu/libXrandr.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libXrandr.so.2 mounting /usr/lib/x86_64-linux-gnu/libXi.so.6 on /run/firejail/mnt/lib/x86_64-linux-gnu/libXi.so.6 mounting /usr/lib/x86_64-linux-gnu/libXinerama.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libXinerama.so.1 mounting /usr/lib/x86_64-linux-gnu/libcairo-gobject.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libcairo-gobject.so.2 mounting /lib/x86_64-linux-gnu/libblkid.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libblkid.so.1 mounting /lib/x86_64-linux-gnu/libmount.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libmount.so.1 mounting /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libgio-2.0.so.0 mounting /usr/lib/x86_64-linux-gnu/libgmodule-2.0.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libgmodule-2.0.so.0 mounting /usr/lib/x86_64-linux-gnu/libgdk_pixbuf-2.0.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libgdk_pixbuf-2.0.so.0 mounting /usr/lib/x86_64-linux-gnu/libXext.so.6 on /run/firejail/mnt/lib/x86_64-linux-gnu/libXext.so.6 mounting /usr/lib/x86_64-linux-gnu/libX11.so.6 on /run/firejail/mnt/lib/x86_64-linux-gnu/libX11.so.6 mounting /usr/lib/x86_64-linux-gnu/libXrender.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libXrender.so.1 mounting /usr/lib/x86_64-linux-gnu/libxcb-render.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libxcb-render.so.0 mounting /usr/lib/x86_64-linux-gnu/libbsd.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libbsd.so.0 mounting /usr/lib/x86_64-linux-gnu/libXdmcp.so.6 on /run/firejail/mnt/lib/x86_64-linux-gnu/libXdmcp.soWarning fldd: cannot find libmozsandbox.so, skipping... Warning fldd: cannot find liblgpllibs.so, skipping... Warning fldd: cannot find libmozsqlite3.so, skipping... Warning fldd: cannot find libmozgtk.so, skipping... Warning fldd: cannot find libmozwayland.so, skipping... .6 mounting /usr/lib/x86_64-linux-gnu/libXau.so.6 on /run/firejail/mnt/lib/x86_64-linux-gnu/libXau.so.6 mounting /usr/lib/x86_64-linux-gnu/libxcb.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libxcb.so.1 mounting /usr/lib/x86_64-linux-gnu/libxcb-shm.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libxcb-shm.so.0 mounting /usr/lib/x86_64-linux-gnu/libpixman-1.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libpixman-1.so.0 mounting /usr/lib/x86_64-linux-gnu/libcairo.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libcairo.so.2 mounting /lib/x86_64-linux-gnu/libuuid.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libuuid.so.1 mounting /lib/x86_64-linux-gnu/libexpat.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libexpat.so.1 mounting /usr/lib/x86_64-linux-gnu/libfontconfig.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libfontconfig.so.1 mounting /usr/lib/x86_64-linux-gnu/libgraphite2.so.3 on /run/firejail/mnt/lib/x86_64-linux-gnu/libgraphite2.so.3 mounting /lib/x86_64-linux-gnu/libz.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libz.so.1 mounting /usr/lib/x86_64-linux-gnu/libpng16.so.16 on /run/firejail/mnt/lib/x86_64-linux-gnu/libpng16.so.16 mounting /usr/lib/x86_64-linux-gnu/libfreetype.so.6 on /run/firejail/mnt/lib/x86_64-linux-gnu/libfreetype.so.6 mounting /usr/lib/x86_64-linux-gnu/libharfbuzz.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libharfbuzz.so.0 mounting /usr/lib/x86_64-linux-gnu/libpangoft2-1.0.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libpangoft2-1.0.so.0 mounting /usr/lib/x86_64-linux-gnu/libfribidi.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libfribidi.so.0 mounting /usr/lib/x86_64-linux-gnu/libdatrie.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libdatrie.so.1 mounting /usr/lib/x86_64-linux-gnu/libthai.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libthai.so.0 mounting /usr/lib/x86_64-linux-gnu/libffi.so.6 on /run/firejail/mnt/lib/x86_64-linux-gnu/libffi.so.6 mounting /lib/x86_64-linux-gnu/libpcre.so.3 on /run/firejail/mnt/lib/x86_64-linux-gnu/libpcre.so.3 mounting /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libglib-2.0.so.0 mounting /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libgobject-2.0.so.0 mounting /usr/lib/x86_64-linux-gnu/libpango-1.0.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libpango-1.0.so.0 mounting /usr/lib/x86_64-linux-gnu/libpangocairo-1.0.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libpangocairo-1.0.so.0 mounting /usr/lib/x86_64-linux-gnu/libgdk-3.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libgdk-3.so.0 mounting /usr/lib/x86_64-linux-gnu/libgtk-3.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libgtk-3.so.0 mounting /usr/lib/firefox-esr/libxul.so on /run/firejail/mnt/lib/libxul.so fslib_mount_libs /usr/lib/firefox-esr/libxul.so (parse as user) Creating empty /run/firejail/mnt/libfiles file running fldd /usr/lib/firefox-esr/libxul.so sbox run: /run/firejail/lib/fldd /usr/lib/firefox-esr/libxul.so /run/firejail/mnt/libfiles mounting /lib/x86_64-linux-gnu/libgcc_s.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libgcc_s.so.1 mounting /usr/lib/x86_64-linux-gnu/libstdc++.so.6 on /run/firejail/mnt/lib/x86_64-linux-gnu/libstdc++.so.6 mounting /usr/lib/x86_64-linux-gnu/libdbus-glib-1.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libdbus-glib-1.so.2 mounting /usr/lib/x86_64-linux-gnu/libevent-2.1.so.6 on /run/firejail/mnt/lib/x86_64-linux-gnu/libevent-2.1.so.6 mounting /usr/lib/x86_64-linux-gnu/libX11-xcb.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libX11-xcb.so.1 mounting /usr/lib/x86_64-linux-gnu/libssl3.so on /run/firejail/mnt/lib/x86_64-linux-gnu/libssl3.so mounting /usr/lib/x86_64-linux-gnu/libsmime3.so on /run/firejail/mnt/lib/x86_64-linux-gnu/libsmime3.so mounting /usr/lib/x86_64-linux-gnu/libplds4.so on /run/firejail/mnt/lib/x86_64-linux-gnu/libplds4.so mounting /usr/lib/x86_64-linux-gnu/libnssutil3.so on /run/firejail/mnt/lib/x86_64-linux-gnu/libnssutil3.so mounting /usr/lib/x86_64-linux-gnu/libnss3.so on /run/firejail/mnt/lib/x86_64-linux-gnu/libnss3.so mounting /usr/lib/x86_64-linux-gnu/libplc4.so on /run/firejail/mnt/lib/x86_64-linux-gnu/libplc4.so mounting /usr/lib/x86_64-linux-gnu/libnspr4.so on /run/firejail/mnt/lib/x86_64-linux-gnu/libnspr4.so Processing private-bin files fslib_install_list basename,/usr/bin/basename,bash,/bin/bash,cat,/bin/cat,dirname,/usr/bin/dirname,expr,/usr/bin/expr,false,/bin/false,firefox,/usr/bin/firefox,firefox-esr,/usr/bin/firefox-esr,ln,/bin/ln,mkdir,/bin/mkdir,pidof,/bin/pidof,rm,/bin/rm,rmdir,/bin/rmdir,sed,/bin/sed,sh,/bin/sh,tclsh,/usr/bin/tclsh,true,/bin/true,uname,/bin/uname fslib_mount_libs /usr/bin/basename (parse as user) Creating empty /run/firejail/mnt/libfiles file running fldd /usr/bin/basename sbox run: /run/firejail/lib/fldd /usr/bin/basename /run/firejail/mnt/libfiles fslib_mount_libs /bin/bash (parse as user) Creating empty /run/firejail/mnt/libfiles file running fldd /bin/bash sbox run: /run/firejail/lib/fldd /bin/bash /run/firejail/mnt/libfiles mounting /lib/x86_64-linux-gnu/libtinfo.so.6 on /run/firejail/mnt/lib/x86_64-linux-gnu/libtinfo.so.6 fslib_mount_libs /bin/cat (parse as user) Creating empty /run/firejail/mnt/libfiles file running fldd /bin/cat sbox run: /run/firejail/lib/fldd /bin/cat /run/firejail/mnt/libfiles fslib_mount_libs /usr/bin/dirname (parse as user) Creating empty /run/firejail/mnt/libfiles file running fldd /usr/bin/dirname sbox run: /run/firejail/lib/fldd /usr/bin/dirname /run/firejail/mnt/libfiles fslib_mount_libs /usr/bin/expr (parse as user) Creating empty /run/firejail/mnt/libfiles file running fldd /usr/bin/expr sbox run: /run/firejail/lib/fldd /usr/bin/expr /run/firejail/mnt/libfiles fslib_mount_libs /bin/false (parse as user) Creating empty /run/firejail/mnt/libfiles file running fldd /bin/false sbox run: /run/firejail/lib/fldd /bin/false /run/firejail/mnt/libfiles mounting /usr/lib/firefox-esr on /run/firejail/mnt/lib/firefox-esr fslib_mount_libs /usr/bin/firefox-esr (parse as user) Creating empty /run/firejail/mnt/libfiles file running fldd /usr/bin/firefox-esr sbox run: /run/firejail/lib/fldd /usr/bin/firefox-esr /run/firejail/mnt/libfiles fslib_mount_libs /bin/ln (parse as user) Creating empty /run/firejail/mnt/libfiles file running fldd /bin/ln sbox run: /run/firejail/lib/fldd /bin/ln /run/firejail/mnt/libfiles fslib_mount_libs /bin/mkdir (parse as user) Creating empty /run/firejail/mnt/libfiles file running fldd /bin/mkdir sbox run: /run/firejail/lib/fldd /bin/mkdir /run/firejail/mnt/libfiles fslib_mount_libs /bin/pidof (parse as user) Creating empty /run/firejail/mnt/libfiles file running fldd /bin/pidof sbox run: /run/firejail/lib/fldd /bin/pidof /run/firejail/mnt/libfiles fslib_mount_libs /bin/rm (parse as user) Creating empty /run/firejail/mnt/libfiles file running fldd /bin/rm sbox run: /run/firejail/lib/fldd /bin/rm /run/firejail/mnt/libfiles fslib_mount_libs /bin/rmdir (parse as user) Creating empty /run/firejail/mnt/libfiles file running fldd /bin/rmdir sbox run: /run/firejail/lib/fldd /bin/rmdir /run/firejail/mnt/libfiles fslib_mount_libs /bin/sed (parse as user) Creating empty /run/firejail/mnt/libfiles file running fldd /bin/sed sbox run: /run/firejail/lib/fldd /bin/sed /run/firejail/mnt/libfiles mounting /usr/lib/x86_64-linux-gnu/libattr.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libattr.so.1 mounting /usr/lib/x86_64-linux-gnu/libacl.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libacl.so.1 fslib_mount_libs /bin/sh (parse as user) Creating empty /run/firejail/mnt/libfiles file running fldd /bin/sh sbox run: /run/firejail/lib/fldd /bin/sh /run/firejail/mnt/libfiles fslib_mount_libs /usr/bin/tclsh (parse as user) Creating empty /run/firejail/mnt/libfiles file running fldd /usr/bin/tclsh sbox run: /run/firejail/lib/fldd /usr/bin/tclsh /run/firejail/mnt/libfiles Dropping all capabilitienux-gnu/libnssutil3.so mounting /usr/lib/x86_64-linux-gnu/libnss3.so on /run/firejail/mnt/lib/x86_64-linux-gnu/libnss3.so mounting /usr/lib/x86_64-linux-gnu/libplc4.so on /run/firejail/mnt/lib/x86_64-linux-gnu/libplc4.so mounting /usr/lib/x86_64-linux-gnu/libnspr4.so on /run/firejail/mnt/lib/x86_64-linux-gnu/libnspr4.so Processing private-bin files fslib_install_list basename,/usr/bin/basename,bash,/bin/bash,cat,/bin/cat,dirname,/usr/bin/dirname,expr,/usr/bin/expr,false,/bin/false,firefox,/usr/bin/firefox,firefox-esr,/usr/bin/firefox-esr,ln,/bin/ln,mkdir,/bin/mkdir,pidof,/bin/pidof,rm,/bin/rm,rmdir,/bin/rmdir,sed,/bin/sed,sh,/bin/sh,tclsh,/usr/bin/tclsh,true,/bin/true,uname,/bin/uname fslib_mount_libs /usr/bin/basename (parse as user) Creating empty /run/firejail/mnt/libfiles file running fldd /usr/bin/basename sbox run: /run/firejail/lib/fldd /usr/bin/basename /run/firejail/mnt/libfiles fslib_mount_libs /bin/bash (parse as user) Creating empty /run/firejail/mnt/libfiles file running fldd /bin/bash sbox run: /run/firejail/lib/fldd /bin/bash /run/firejail/mnt/libfiles mounting /lib/x86_64-linux-gnu/libtinfo.so.6 on /run/firejail/mnt/lib/x86_64-linux-gnu/libtinfo.so.6 fslib_mount_libs /bin/cat (parse as user) Creating empty /run/firejail/mnt/libfiles file running fldd /bin/cat sbox run: /run/firejail/lib/fldd /bin/cat /run/firejail/mnt/libfiles fslib_mount_libs /usr/bin/dirname (parse as user) Creating empty /run/firejail/mnt/libfiles file running fldd /usr/bin/dirname sbox run: /run/firejail/lib/fldd /usr/bin/dirname /run/firejail/mnt/libfiles fslib_mount_libs /usr/bin/expr (parse as user) Creating empty /run/firejail/mnt/libfiles file running fldd /usr/bin/expr sbox run: /run/firejail/lib/fldd /usr/bin/expr /run/firejail/mnt/libfiles fslib_mount_libs /bin/false (parse as user) Creating empty /run/firejail/mnt/libfiles file running fldd /bin/false sbox run: /run/firejail/lib/fldd /bin/false /run/firejail/mnt/libfiles mounting /usr/lib/firefox-esr on /run/firejail/mnt/lib/firefox-esr fslib_mount_libs /usr/bin/firefox-esr (parse as user) Creating empty /run/firejail/mnt/libfiles file running fldd /usr/bin/firefox-esr sbox run: /run/firejail/lib/fldd /usr/bin/firefox-esr /run/firejail/mnt/libfiles fslib_mount_libs /bin/ln (parse as user) Creating empty /run/firejail/mnt/libfiles file running fldd /bin/ln sbox run: /run/firejail/lib/fldd /bin/ln /run/firejail/mnt/libfiles fslib_mount_libs /bin/mkdir (parse as user) Creating empty /run/firejail/mnt/libfiles file running fldd /bin/mkdir sbox run: /run/firejail/lib/fldd /bin/mkdir /run/firejail/mnt/libfiles fslib_mount_libs /bin/pidof (parse as user) Creating empty /run/firejail/mnt/libfiles file running fldd /bin/pidof sbox run: /run/firejail/lib/fldd /bin/pidof /run/firejail/mnt/libfiles fslib_mount_libs /bin/rm (parse as user) Creating empty /run/firejail/mnt/libfiles file running fldd /bin/rm sbox run: /run/firejail/lib/fldd /bin/rm /run/firejail/mnt/libfiles fslib_mount_libs /bin/rmdir (parse as user) Creating empty /run/firejail/mnt/libfiles file running fldd /bin/rmdir sbox run: /run/firejail/lib/fldd /bin/rmdir /run/firejail/mnt/libfiles fslib_mount_libs /bin/sed (parse as user) Creating empty /run/firejail/mnt/libfiles file running fldd /bin/sed sbox run: /run/firejail/lib/fldd /bin/sed /run/firejail/mnt/libfiles mounting /usr/lib/x86_64-linux-gnu/libattr.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libattr.so.1 mounting /usr/lib/x86_64-linux-gnu/libacl.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libacl.so.1 fslib_mount_libs /bin/sh (parse as user) Creating empty /run/firejail/mnt/libfiles file running fldd /bin/sh sbox run: /run/firejail/lib/fldd /bin/sh /run/firejail/mnt/libfiles fslib_mount_libs /usr/bin/tclsh (parse as user) Creating empty /run/firejail/mnt/libfiles file running fldd /usr/bin/tclsh sbox run: /run/firejail/lib/fldd /usr/bin/tclsh /run/firejail/mnt/libfiles mounting /usr/lib/x8Program libraries installed in 85.68 ms 6_64-linux-gnu/libtcl8.6.so on /run/firejail/mnt/lib/x86_64-linux-gnu/libtcl8.6.so fslib_mount_libs /bin/true (parse as user) Creating empty /run/firejail/mnt/libfiles file running fldd /bin/true sbox run: /run/firejail/lib/fldd /bin/true /run/firejail/mnt/libfiles fslib_mount_libs /bin/uname (parse as user) Creating empty /run/firejail/mnt/libfiles file running fldd /bin/uname sbox run: /run/firejail/lib/fldd /bin/uname /run/firejail/mnt/libfiles GdkPixbuf installed in 19.87 ms Installing system libraries fslib_mount_libs /usr/lib/x86_64-linux-gnu/gdk-pixbuf-2.0 (parse as user) Creating empty /run/firejail/mnt/libfiles file running fldd /usr/lib/x86_64-linux-gnu/gdk-pixbuf-2.0 sbox run: /run/firejail/lib/fldd /usr/lib/x86_64-linux-gnu/gdk-pixbuf-2.0 /run/firejail/mnt/libfiles mounting /usr/lib/x86_64-linux-gnu/libjpeg.so.62 on /run/firejail/mnt/lib/x86_64-linux-gnu/libjpeg.so.62 mounting /usr/lib/x86_64-linux-gnu/libjbig.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libjbig.so.0 mounting /usr/lib/x86_64-linux-gnu/libzstd.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libzstd.so.1 mounting /usr/lib/x86_64-linux-gnu/libwebp.so.6 on /run/firejail/mnt/lib/x86_64-linux-gnu/libwebp.so.6 mounting /usr/lib/x86_64-linux-gnu/libtiff.so.5 on /run/firejail/mnt/lib/x86_64-linux-gnu/libtiff.so.5 mounting /lib/x86_64-linux-gnu/liblzma.so.5 on /run/firejail/mnt/lib/x86_64-linux-gnu/liblzma.so.5 mounting /usr/lib/x86_64-linux-gnu/libicudata.so.63 on /run/firejail/mnt/lib/x86_64-linux-gnu/libicudata.so.63 mounting /usr/lib/x86_64-linux-gnu/libicuuc.so.63 on /run/firejail/mnt/lib/x86_64-linux-gnu/libicuuc.so.63 mounting /usr/lib/x86_64-linux-gnu/libicui18n.so.63 on /run/firejail/mnt/lib/x86_64-linux-gnu/libicui18n.so.63 mounting /usr/lib/x86_64-linux-gnu/libxml2.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libxml2.so.2 mounting /usr/lib/x86_64-linux-gnu/libcroco-0.6.so.3 on /run/firejail/mnt/lib/x86_64-linux-gnu/libcroco-0.6.so.3 mounting /usr/lib/x86_64-linux-gnu/librsvg-2.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/librsvg-2.so.2 mounting /usr/lib/x86_64-linux-gnu/gdk-pixbuf-2.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/gdk-pixbuf-2.0 GTK3 installed in 56.33 ms fslib_mount_libs /usr/lib/x86_64-linux-gnu/gtk-3.0 (parse as user) Creating empty /run/firejail/mnt/libfiles file running fldd /usr/lib/x86_64-linux-gnu/gtk-3.0 sbox run: /run/firejail/lib/fldd /usr/lib/x86_64-linux-gnu/gtk-3.0 /run/firejail/mnt/libfiles mounting /usr/lib/x86_64-linux-gnu/libavahi-client.so.3 on /run/firejail/mnt/lib/x86_64-linux-gnu/libavahi-client.so.3 mounting /usr/lib/x86_64-linux-gnu/libavahi-common.so.3 on /run/firejail/mnt/lib/x86_64-linux-gnu/libavahi-common.so.3 mounting /usr/lib/x86_64-linux-gnu/libgmp.so.10 on /run/firejail/mnt/lib/x86_64-linux-gnu/libgmp.so.10 mounting /usr/lib/x86_64-linux-gnu/libhogweed.so.4 on /run/firejail/mnt/lib/x86_64-linux-gnu/libhogweed.so.4 mounting /usr/lib/x86_64-linux-gnu/libnettle.so.6 on /run/firejail/mnt/lib/x86_64-linux-gnu/libnettle.so.6 mounting /usr/lib/x86_64-linux-gnu/libtasn1.so.6 on /run/firejail/mnt/lib/x86_64-linux-gnu/libtasn1.so.6 mounting /usr/lib/x86_64-linux-gnu/libp11-kit.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libp11-kit.so.0 mounting /usr/lib/x86_64-linux-gnu/libgnutls.so.30 on /run/firejail/mnt/lib/x86_64-linux-gnu/libgnutls.so.30 mounting /usr/lib/x86_64-linux-gnu/libcups.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libcups.so.2 mounting /lib/x86_64-linux-gnu/libudev.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libudev.so.1 mounting /usr/lib/x86_64-linux-gnu/liblcms2.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/liblcms2.so.2 mounting /usr/lib/x86_64-linux-gnu/libcolord.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libcolord.so.2 mounting /usr/lib/x86_64-linux-gnu/libjson-glib-1.0.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libjson-glib-1.0.so.0 mounting /usr/lib/x86_64-linux-gnu/libunistring.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libunistring.so.2 mounting /usr/lib/x86_64-linux-gnu/libidn2.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libidn2.so.0 mounting /usr/lib/x86_64-linux-gnu/libpsl.so.5 on /run/firejail/mnt/lib/x86_64-linux-gnu/libpsl.so.5 mounting /usr/lib/x86_64-linux-gnu/libsqlite3.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libsqlite3.so.0 mounting /lib/x86_64-linux-gnu/libcom_err.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libcom_err.so.2 mounting /lib/x86_64-linux-gnu/libkeyutils.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libkeyutils.so.1 mounting /usr/lib/x86_64-linux-gnu/libkrb5support.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libkrb5support.so.0 mounting /usr/lib/x86_64-linux-gnu/libk5crypto.so.3 on /run/firejail/mnt/lib/x86_64-linux-gnu/libk5crypto.so.3 mounting /usr/lib/x86_64-linux-gnu/libkrb5.so.3 on /run/firejail/mnt/lib/x86_64-linux-gnu/libkrb5.so.3 mounting /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libgssapi_krb5.so.2 mounting /usr/lib/x86_64-linux-gnu/libsoup-2.4.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libsoup-2.4.so.1 mounting /usr/lib/x86_64-linux-gnu/libsoup-gnome-2.4.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libsoup-gnome-2.4.so.1 mounting /usr/lib/x86_64-linux-gnu/libgthread-2.0.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libgthread-2.0.so.0 mounting /usr/lib/x86_64-linux-gnu/librest-0.7.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/librest-0.7.so.0 mounting /usr/lib/x86_64-linux-gnu/gtk-3.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/gtk-3.0 fslib_mount_libs /usr/lib/x86_64-linux-gnu/libgtk-3-0 (parse as user) Creating empty /run/firejail/mnt/libfiles file running fldd /usr/lib/x86_64-linux-gnu/libgtk-3-0 sbox run: /run/firejail/lib/fldd /usr/lib/x86_64-linux-gnu/libgtk-3-0 /run/firejail/mnt/libfiles mounting /usr/lib/x86_64-linux-gnu/libgtk-3-0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libgtk-3-0 Pango installed in 0.01 ms GIO installed in 8.98 ms fslib_mount_libs /usr/lib/x86_64-linux-gnu/gio (parse as user) Creating empty /run/firejail/mnt/libfiles file running fldd /usr/lib/x86_64-linux-gnu/gio sbox run: /run/firejail/lib/fldd /usr/lib/x86_64-linux-gnu/gio /run/firejail/mnt/libfiles mounting /usr/lib/x86_64-linux-gnu/libproxy.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libproxy.so.1 mounting /usr/lib/x86_64-linux-gnu/gio on /run/firejail/mnt/lib/x86_64-linux-gnu/gio Installed 137 libraries and 7 directories Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Warning: file /etc/pango not found. Warning: skipping pango for private /etc Warning: file /etc/$ not found. Warning: skipping $ for private /etc Private /etc installed in 46.46 ms Mounting read-only /run/firejail/mnt/lib 422 278 253:0 /usr/lib/x86_64-linux-gnu/gio /run/firejail/mnt/lib/x86_64-linux-gnu/gio ro,noatime - ext4 /dev/mapper/rootfs rw mountid=422 fsname=/usr/lib/x86_64-linux-gnu/gio dir=/run/firejail/mnt/lib/x86_64-linux-gnu/gio fstype=ext4 Mount-bind /run/firejail/mnt/lib on top of /usr/lib64 Mount-bind /run/firejail/mnt/lib on top of /lib64 Mount-bind /run/firejail/mnt/lib on top of /usr/lib Mount-bind /run/firejail/mnt/lib on top of /lib Mount-bind /run/firejail/mnt/lib on top of /usr/local/lib Generate private-tmp whitelist commands Creating empty /run/firejail/mnt/dbus directory Creating empty /run/firejail/mnt/dbus/system file blacklist /run/dbus/system_bus_socket blacklist /run/firejail/dbus Mounting read-only /proc/sys Remounting /sys directory Disable /sys/firmware Disable /sys/hypervisor Disable /sys/power Disable /sys/kernel/debug Disable /sys/kernel/vmcoreinfo Disable /sys/kernel/uevent_helper Disable /proc/sys/fs/binfmt_misc Disable /proc/sys/kernel/core_pattern Disable /proc/sys/kernel/modprobe Disable /proc/sysrq-trigger Disable /proc/sys/kernel/hotplug Disable /proc/sys/vm/panic_on_oom Disable /proc/irq Disable /proc/bus Disable /proc/sched_debug Disable /proc/timer_list Disable /proc/kcore Disable /proc/kallsyms Disable /boot Disable /proc/kmsg Copying files in the new /etc directory: Copying /etc/passwd to private /etc sbox run: /run/firejail/lib/fcopy /etc/passwd /run/firejail/mnt/etc Copying /etc/group to private /etc sbox run: /run/firejail/lib/fcopy /etc/group /run/firejail/mnt/etc Copying /etc/hostname to private /etc sbox run: /run/firejail/lib/fcopy /etc/hostname /run/firejail/mnt/etc Copying /etc/hosts to private /etc sbox run: /run/firejail/lib/fcopy /etc/hosts /run/firejail/mnt/etc Copying /etc/localtime to private /etc sbox run: /run/firejail/lib/fcopy /etc/localtime /run/firejail/mnt/etc Copying /etc/nsswitch.conf to private /etc sbox run: /run/firejail/lib/fcopy /etc/nsswitch.conf /run/firejail/mnt/etc Copying /etc/resolv.conf to private /etc sbox run: /run/firejail/lib/fcopy /etc/resolv.conf /run/firejail/mnt/etc Copying /etc/gtk-2.0 to private /etc Creating empty /run/firejail/mnt/etc/gtk-2.0 directory sbox run: /run/firejail/lib/fcopy /etc/gtk-2.0 /run/firejail/mnt/etc/gtk-2.0 Copying /etc/fonts to private /etc Creating empty /run/firejail/mnt/etc/fonts directory sbox run: /run/firejail/lib/fcopy /etc/fonts /run/firejail/mnt/etc/fonts Mount-bind /run/firejail/mnt/etc on top of /etc Private /usr/etc installed in 0.02 ms Cannot find /usr/etc: No such file or directory Mount-bind /run/firejail/mnt/usretc on top of /usr/etc Cannot find /usr/etc: No such file or directory Debug 559: whitelist ${HOME}/.cache/mozilla/firefox Debug 580: expanded: /home/internet/.cache/mozilla/firefox Debug 591: new_name: /home/internet/.cache/mozilla/firefox Debug 605: dir: /home/internet Adding whitelist top level directory /home/internet Debug 559: whitelist ${HOME}/.mozilla Debug 580: expanded: /home/internet/.mozilla Debug 591: new_name: /home/internet/.mozilla Debug 605: dir: /home/internet Debug 559: whitelist /usr/share/doc Debug 580: expanded: /usr/share/doc Debug 591: new_name: /usr/share/doc Debug 605: dir: /usr/share Adding whitelist top level directory /usr/share Debug 559: whitelist /usr/share/firefox Debug 580: expanded: /usr/share/firefox Debug 591: new_name: /usr/share/firefox Debug 605: dir: /usr/share Removed path: whitelist /usr/share/firefox expanded: /usr/share/firefox realpath: (null) No such file or directory Debug 559: whitelist /usr/share/gnome-shell/search-providers/firefox-search-provider.ini Debug 580: expanded: /usr/share/gnome-shell/search-providers/firefox-search-provider.ini Debug 591: new_name: /usr/share/gnome-shell/search-providers/firefox-search-provider.ini Debug 605: dir: /usr/share Removed path: whitelist /usr/share/gnome-shell/search-providers/firefox-search-provider.ini expanded: /usr/share/gnome-shell/search-providers/firefox-search-provider.ini realpath: (null) No such file or directory Debug 559: whitelist /usr/share/gtk-doc/html Debug 580: expanded: /usr/share/gtk-doc/html Debug 591: new_name: /usr/share/gtk-doc/html Debug 605: dir: /usr/share Debug 559: whitelist /usr/share/mozilla Debug 580: expanded: /usr/share/mozilla Debug 591: new_name: /usr/share/mozilla Debug 605: dir: /usr/share Debug 559: whitelist /usr/share/webext Debug 580: expanded: /usr/share/webext Debug 591: new_name: /usr/share/webext Debug 605: dir: /usr/share Removed path: whitelist /usr/share/webext expanded: /usr/share/webext realpath: (null) No such file or directory Debug 559: whitelist /usr/share/alsa Debug 580: expanded: /usr/share/alsa Debug 591: new_name: /usr/share/alsa Debug 605: dir: /usr/share Debug 559: whitelist /usr/share/applications Debug 580: expanded: /usr/share/applications Debug 591: new_name: /usr/share/applications Debug 605: dir: /usr/share Debug 559: whitelist /usr/share/ca-certificates Debug 580: expanded: /usr/share/ca-certificates Debug 591: new_name: /usr/share/ca-certificates Debug 605: dir: /usr/share Debug 559: whitelist /usr/share/crypto-policies Debug 580: expanded: /usr/share/crypto-policies Debug 591: new_name: /usr/share/crypto-policies Debug 605: dir: /usr/share Removed path: whitelist /usr/share/crypto-policies expanded: /usr/share/crypto-policies realpath: (null) No such file or directory Debug 559: whitelist /usr/share/cursors Debug 580: expanded: /usr/share/cursors Debug 591: new_name: /usr/share/cursors Debug 605: dir: /usr/share Removed path: whitelist /usr/share/cursors expanded: /usr/share/cursors realpath: (null) No such file or directory Debug 559: whitelist /usr/share/dconf Debug 580: expanded: /usr/share/dconf Debug 591: new_name: /usr/share/dconf Debug 605: dir: /usr/share Removed path: whitelist /usr/share/dconf expanded: /usr/share/dconf realpath: (null) No such file or directory Debug 559: whitelist /usr/share/distro-info Debug 580: expanded: /usr/share/distro-info Debug 591: new_name: /usr/share/distro-info Debug 605: dir: /usr/share Debug 559: whitelist /usr/share/drirc.d Debug 580: expanded: /usr/share/drirc.d Debug 591: new_name: /usr/share/drirc.d Debug 605: dir: /usr/share Debug 559: whitelist /usr/share/enchant Debug 580: expanded: /usr/share/enchant Debug 591: new_name: /usr/share/enchant Debug 605: dir: /usr/share Debug 559: whitelist /usr/share/enchant-2 Debug 580: expanded: /usr/share/enchant-2 Debug 591: new_name: /usr/share/enchant-2 Debug 605: dir: /usr/share Removed path: whitelist /usr/share/enchant-2 expanded: /usr/share/enchant-2 realpath: (null) No such file or directory Debug 559: whitelist /usr/share/file Debug 580: expanded: /usr/share/file Debug 591: new_name: /usr/share/file Debug 605: dir: /usr/share Debug 559: whitelist /usr/share/fontconfig Debug 580: expanded: /usr/share/fontconfig Debug 591: new_name: /usr/share/fontconfig Debug 605: dir: /usr/share Debug 559: whitelist /usr/share/fonts Debug 580: expanded: /usr/share/fonts Debug 591: new_name: /usr/share/fonts Debug 605: dir: /usr/share Debug 559: whitelist /usr/share/fonts-config Debug 580: expanded: /usr/share/fonts-config Debug 591: new_name: /usr/share/fonts-config Debug 605: dir: /usr/share Removed path: whitelist /usr/share/fonts-config expanded: /usr/share/fonts-config realpath: (null) No such file or directory Debug 559: whitelist /usr/share/gir-1.0 Debug 580: expanded: /usr/share/gir-1.0 Debug 591: new_name: /usr/share/gir-1.0 Debug 605: dir: /usr/share Debug 559: whitelist /usr/share/gjs-1.0 Debug 580: expanded: /usr/share/gjs-1.0 Debug 591: new_name: /usr/share/gjs-1.0 Debug 605: dir: /usr/share Removed path: whitelist /usr/share/gjs-1.0 expanded: /usr/share/gjs-1.0 realpath: (null) No such file or directory Debug 559: whitelist /usr/share/glib-2.0 Debug 580: expanded: /usr/share/glib-2.0 Debug 591: new_name: /usr/share/glib-2.0 Debug 605: dir: /usr/share Debug 559: whitelist /usr/share/glvnd Debug 580: expanded: /usr/share/glvnd Debug 591: new_name: /usr/share/glvnd Debug 605: dir: /usr/share Debug 559: whitelist /usr/share/gtk-2.0 Debug 580: expanded: /usr/share/gtk-2.0 Debug 591: new_name: /usr/share/gtk-2.0 Debug 605: dir: /usr/share Removed path: whitelist /usr/share/gtk-2.0 expanded: /usr/share/gtk-2.0 realpath: (null) No such file or directory Debug 559: whitelist /usr/share/gtk-3.0 Debug 580: expanded: /usr/share/gtk-3.0 Debug 591: new_name: /usr/share/gtk-3.0 Debug 605: dir: /usr/share Debug 559: whitelist /usr/share/gtk-engines Debug 580: expanded: /usr/share/gtk-engines Debug 591: new_name: /usr/share/gtk-engines Debug 605: dir: /usr/share Debug 559: whitelist /usr/share/gtksourceview-3.0 Debug 580: expanded: /usr/share/gtksourceview-3.0 Debug 591: new_name: /usr/share/gtksourceview-3.0 Debug 605: dir: /usr/share Removed path: whitelist /usr/share/gtksourceview-3.0 expanded: /usr/share/gtksourceview-3.0 realpath: (null) No such file or directory Debug 559: whitelist /usr/share/gtksourceview-4 Debug 580: expanded: /usr/share/gtksourceview-4 Debug 591: new_name: /usr/share/gtksourceview-4 Debug 605: dir: /usr/share Removed path: whitelist /usr/share/gtksourceview-4 expanded: /usr/share/gtksourceview-4 realpath: (null) No such file or directory Debug 559: whitelist /usr/share/hunspell Debug 580: expanded: /usr/share/hunspell Debug 591: new_name: /usr/share/hunspell Debug 605: dir: /usr/share Debug 559: whitelist /usr/share/hwdata Debug 580: expanded: /usr/share/hwdata Debug 591: new_name: /usr/share/hwdata Debug 605: dir: /usr/share Removed path: whitelist /usr/share/hwdata expanded: /usr/share/hwdata realpath: (null) No such file or directory Debug 559: whitelist /usr/share/icons Debug 580: expanded: /usr/share/icons Debug 591: new_name: /usr/share/icons Debug 605: dir: /usr/share Debug 559: whitelist /usr/share/icu Debug 580: expanded: /usr/share/icu Debug 591: new_name: /usr/share/icu Debug 605: dir: /usr/share Debug 559: whitelist /usr/share/knotifications5 Debug 580: expanded: /usr/share/knotifications5 Debug 591: new_name: /usr/share/knotifications5 Debug 605: dir: /usr/share Removed path: whitelist /usr/share/knotifications5 expanded: /usr/share/knotifications5 realpath: (null) No such file or directory Debug 559: whitelist /usr/share/kservices5 Debug 580: expanded: /usr/share/kservices5 Debug 591: new_name: /usr/share/kservices5 Debug 605: dir: /usr/share Removed path: whitelist /usr/share/kservices5 expanded: /usr/share/kservices5 realpath: (null) No such file or directory Debug 559: whitelist /usr/share/Kvantum Debug 580: expanded: /usr/share/Kvantum Debug 591: new_name: /usr/share/Kvantum Debug 605: dir: /usr/share Removed path: whitelist /usr/share/Kvantum expanded: /usr/share/Kvantum realpath: (null) No such file or directory Debug 559: whitelist /usr/share/kxmlgui5 Debug 580: expanded: /usr/share/kxmlgui5 Debug 591: new_name: /usr/share/kxmlgui5 Debug 605: dir: /usr/share Removed path: whitelist /usr/share/kxmlgui5 expanded: /usr/share/kxmlgui5 realpath: (null) No such file or directory Debug 559: whitelist /usr/share/libdrm Debug 580: expanded: /usr/share/libdrm Debug 591: new_name: /usr/share/libdrm Debug 605: dir: /usr/share Debug 559: whitelist /usr/share/libthai Debug 580: expanded: /usr/share/libthai Debug 591: new_name: /usr/share/libthai Debug 605: dir: /usr/share Debug 559: whitelist /usr/share/locale Debug 580: expanded: /usr/share/locale Debug 591: new_name: /usr/share/locale Debug 605: dir: /usr/share Debug 559: whitelist /usr/share/mime Debug 580: expanded: /usr/share/mime Debug 591: new_name: /usr/share/mime Debug 605: dir: /usr/share Debug 559: whitelist /usr/share/misc Debug 580: expanded: /usr/share/misc Debug 591: new_name: /usr/share/misc Debug 605: dir: /usr/share Debug 559: whitelist /usr/share/Modules Debug 580: expanded: /usr/share/Modules Debug 591: new_name: /usr/share/Modules Debug 605: dir: /usr/share Removed path: whitelist /usr/share/Modules expanded: /usr/share/Modules realpath: (null) No such file or directory Debug 559: whitelist /usr/share/myspell Debug 580: expanded: /usr/share/myspell Debug 591: new_name: /usr/share/myspell Debug 605: dir: /usr/share Debug 559: whitelist /usr/share/p11-kit Debug 580: expanded: /usr/share/p11-kit Debug 591: new_name: /usr/share/p11-kit Debug 605: dir: /usr/share Debug 559: whitelist /usr/share/perl Debug 580: expanded: /usr/share/perl Debug 591: new_name: /usr/share/perl Debug 605: dir: /usr/share Debug 559: whitelist /usr/share/perl5 Debug 580: expanded: /usr/share/perl5 Debug 591: new_name: /usr/share/perl5 Debug 605: dir: /usr/share Debug 559: whitelist /usr/share/pixmaps Debug 580: expanded: /usr/share/pixmaps Debug 591: new_name: /usr/share/pixmaps Debug 605: dir: /usr/share Debug 559: whitelist /usr/share/pki Debug 580: expanded: /usr/share/pki Debug 591: new_name: /usr/share/pki Debug 605: dir: /usr/share Removed path: whitelist /usr/share/pki expanded: /usr/share/pki realpath: (null) No such file or directory Debug 559: whitelist /usr/share/plasma Debug 580: expanded: /usr/share/plasma Debug 591: new_name: /usr/share/plasma Debug 605: dir: /usr/share Removed path: whitelist /usr/share/plasma expanded: /usr/share/plasma realpath: (null) No such file or directory Debug 559: whitelist /usr/share/publicsuffix Debug 580: expanded: /usr/share/publicsuffix Debug 591: new_name: /usr/share/publicsuffix Debug 605: dir: /usr/share Removed path: whitelist /usr/share/publicsuffix expanded: /usr/share/publicsuffix realpath: (null) No such file or directory Debug 559: whitelist /usr/share/qt Debug 580: expanded: /usr/share/qt Debug 591: new_name: /usr/share/qt Debug 605: dir: /usr/share Removed path: whitelist /usr/share/qt expanded: /usr/share/qt realpath: (null) No such file or directory Debug 559: whitelist /usr/share/qt4 Debug 580: expanded: /usr/share/qt4 Debug 591: new_name: /usr/share/qt4 Debug 605: dir: /usr/share Removed path: whitelist /usr/share/qt4 expanded: /usr/share/qt4 realpath: (null) No such file or directory Debug 559: whitelist /usr/share/qt5 Debug 580: expanded: /usr/share/qt5 Debug 591: new_name: /usr/share/qt5 Debug 605: dir: /usr/share Removed path: whitelist /usr/share/qt5 expanded: /usr/share/qt5 realpath: (null) No such file or directory Debug 559: whitelist /usr/share/qt5ct Debug 580: expanded: /usr/share/qt5ct Debug 591: new_name: /usr/share/qt5ct Debug 605: dir: /usr/share Debug 559: whitelist /usr/share/sounds Debug 580: expanded: /usr/share/sounds Debug 591: new_name: /usr/share/sounds Debug 605: dir: /usr/share Debug 559: whitelist /usr/share/tcl8.6 Debug 580: expanded: /usr/share/tcl8.6 Debug 591: new_name: /usr/share/tcl8.6 Debug 605: dir: /usr/share Removed path: whitelist /usr/share/tcl8.6 expanded: /usr/share/tcl8.6 realpath: (null) No such file or directory Debug 559: whitelist /usr/share/tcltk Debug 580: expanded: /usr/share/tcltk Debug 591: new_name: /usr/share/tcltk Debug 605: dir: /usr*** *** Warning: cannot whitelist ${DOWNLOADS} directory *** Any file saved in this directory will be lost when the sandbox is closed. *** /share Debug 559: whitelist /usr/share/terminfo Debug 580: expanded: /usr/share/terminfo Debug 591: new_name: /usr/share/terminfo Debug 605: dir: /usr/share Debug 559: whitelist /usr/share/texlive Debug 580: expanded: /usr/share/texlive Debug 591: new_name: /usr/share/texlive Debug 605: dir: /usr/share Removed path: whitelist /usr/share/texlive expanded: /usr/share/texlive realpath: (null) No such file or directory Debug 559: whitelist /usr/share/texmf Debug 580: expanded: /usr/share/texmf Debug 591: new_name: /usr/share/texmf Debug 605: dir: /usr/share Debug 559: whitelist /usr/share/themes Debug 580: expanded: /usr/share/themes Debug 591: new_name: /usr/share/themes Debug 605: dir: /usr/share Debug 559: whitelist /usr/share/thumbnail.so Debug 580: expanded: /usr/share/thumbnail.so Debug 591: new_name: /usr/share/thumbnail.so Debug 605: dir: /usr/share Removed path: whitelist /usr/share/thumbnail.so expanded: /usr/share/thumbnail.so realpath: (null) No such file or directory Debug 559: whitelist /usr/share/uim Debug 580: expanded: /usr/share/uim Debug 591: new_name: /usr/share/uim Debug 605: dir: /usr/share Removed path: whitelist /usr/share/uim expanded: /usr/share/uim realpath: (null) No such file or directory Debug 559: whitelist /usr/share/vulkan Debug 580: expanded: /usr/share/vulkan Debug 591: new_name: /usr/share/vulkan Debug 605: dir: /usr/share Removed path: whitelist /usr/share/vulkan expanded: /usr/share/vulkan realpath: (null) No such file or directory Debug 559: whitelist /usr/share/X11 Debug 580: expanded: /usr/share/X11 Debug 591: new_name: /usr/share/X11 Debug 605: dir: /usr/share Debug 559: whitelist /usr/share/xml Debug 580: expanded: /usr/share/xml Debug 591: new_name: /usr/share/xml Debug 605: dir: /usr/share Debug 559: whitelist /usr/share/zenity Debug 580: expanded: /usr/share/zenity Debug 591: new_name: /usr/share/zenity Debug 605: dir: /usr/share Removed path: whitelist /usr/share/zenity expanded: /usr/share/zenity realpath: (null) No such file or directory Debug 559: whitelist /usr/share/zoneinfo Debug 580: expanded: /usr/share/zoneinfo Debug 591: new_name: /usr/share/zoneinfo Debug 605: dir: /usr/share Debug 559: whitelist ${DOWNLOADS} Debug 559: whitelist ${HOME}/.pki Debug 580: expanded: /home/internet/.pki Debug 591: new_name: /home/internet/.pki Debug 605: dir: /home/internet Debug 559: whitelist ${HOME}/.local/share/pki Debug 580: expanded: /home/internet/.local/share/pki Debug 591: new_name: /home/internet/.local/share/pki Debug 605: dir: /home/internet Debug 559: whitelist ${HOME}/.XCompose Debug 580: expanded: /home/internet/.XCompose Debug 591: new_name: /home/internet/.XCompose Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.XCompose expanded: /home/internet/.XCompose realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.alsaequal.bin Debug 580: expanded: /home/internet/.alsaequal.bin Debug 591: new_name: /home/internet/.alsaequal.bin Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.alsaequal.bin expanded: /home/internet/.alsaequal.bin realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.asoundrc Debug 580: expanded: /home/internet/.asoundrc Debug 591: new_name: /home/internet/.asoundrc Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.asoundrc expanded: /home/internet/.asoundrc realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.config/ibus Debug 580: expanded: /home/internet/.config/ibus Debug 591: new_name: /home/internet/.config/ibus Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.config/ibus expanded: /home/internet/.config/ibus realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.config/mimeapps.list Debug 580: expanded: /home/internet/.config/mimeapps.list Debug 591: new_name: /home/internet/.config/mimeapps.list Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.config/mimeapps.list expanded: /home/internet/.config/mimeapps.list realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.config/pkcs11 Debug 580: expanded: /home/internet/.config/pkcs11 Debug 591: new_name: /home/internet/.config/pkcs11 Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.config/pkcs11 expanded: /home/internet/.config/pkcs11 realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.config/user-dirs.dirs Debug 580: expanded: /home/internet/.config/user-dirs.dirs Debug 591: new_name: /home/internet/.config/user-dirs.dirs Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.config/user-dirs.dirs expanded: /home/internet/.config/user-dirs.dirs realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.config/user-dirs.locale Debug 580: expanded: /home/internet/.config/user-dirs.locale Debug 591: new_name: /home/internet/.config/user-dirs.locale Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.config/user-dirs.locale expanded: /home/internet/.config/user-dirs.locale realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.drirc Debug 580: expanded: /home/internet/.drirc Debug 591: new_name: /home/internet/.drirc Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.drirc expanded: /home/internet/.drirc realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.icons Debug 580: expanded: /home/internet/.icons Debug 591: new_name: /home/internet/.icons Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.icons expanded: /home/internet/.icons realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.local/share/applications Debug 580: expanded: /home/internet/.local/share/applications Debug 591: new_name: /home/internet/.local/share/applications Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.local/share/applications expanded: /home/internet/.local/share/applications realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.local/share/icons Debug 580: expanded: /home/internet/.local/share/icons Debug 591: new_name: /home/internet/.local/share/icons Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.local/share/icons expanded: /home/internet/.local/share/icons realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.local/share/mime Debug 580: expanded: /home/internet/.local/share/mime Debug 591: new_name: /home/internet/.local/share/mime Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.local/share/mime expanded: /home/internet/.local/share/mime realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.mime.types Debug 580: expanded: /home/internet/.mime.types Debug 591: new_name: /home/internet/.mime.types Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.mime.types expanded: /home/internet/.mime.types realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.uim.d Debug 580: expanded: /home/internet/.uim.d Debug 591: new_name: /home/internet/.uim.d Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.uim.d expanded: /home/internet/.uim.d realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.config/dconf Debug 580: expanded: /home/internet/.config/dconf Debug 591: new_name: /home/internet/.config/dconf Debug 605: dir: /home/internet Debug 559: whitelist ${HOME}/.cache/fontconfig Debug 580: expanded: /home/internet/.cache/fontconfig Debug 591: new_name: /home/internet/.cache/fontconfig Debug 605: dir: /home/internet Debug 559: whitelist ${HOME}/.config/fontconfig Debug 580: expanded: /home/internet/.config/fontconfig Debug 591: new_name: /home/internet/.config/fontconfig Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.config/fontconfig expanded: /home/internet/.config/fontconfig realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.fontconfig Debug 580: expanded: /home/internet/.fontconfig Debug 591: new_name: /home/internet/.fontconfig Debug 605: dir: /home/internet Debug 559: whitelist ${HOME}/.fonts Debug 580: expanded: /home/internet/.fonts Debug 591: new_name: /home/internet/.fonts Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.fonts expanded: /home/internet/.fonts realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.fonts.conf Debug 580: expanded: /home/internet/.fonts.conf Debug 591: new_name: /home/internet/.fonts.conf Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.fonts.conf expanded: /home/internet/.fonts.conf realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.fonts.conf.d Debug 580: expanded: /home/internet/.fonts.conf.d Debug 591: new_name: /home/internet/.fonts.conf.d Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.fonts.conf.d expanded: /home/internet/.fonts.conf.d realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.fonts.d Debug 580: expanded: /home/internet/.fonts.d Debug 591: new_name: /home/internet/.fonts.d Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.fonts.d expanded: /home/internet/.fonts.d realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.local/share/fonts Debug 580: expanded: /home/internet/.local/share/fonts Debug 591: new_name: /home/internet/.local/share/fonts Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.local/share/fonts expanded: /home/internet/.local/share/fonts realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.pangorc Debug 580: expanded: /home/internet/.pangorc Debug 591: new_name: /home/internet/.pangorc Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.pangorc expanded: /home/internet/.pangorc realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.config/gtk-2.0 Debug 580: expanded: /home/internet/.config/gtk-2.0 Debug 591: new_name: /home/internet/.config/gtk-2.0 Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.config/gtk-2.0 expanded: /home/internet/.config/gtk-2.0 realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.config/gtk-3.0 Debug 580: expanded: /home/internet/.config/gtk-3.0 Debug 591: new_name: /home/internet/.config/gtk-3.0 Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.config/gtk-3.0 expanded: /home/internet/.config/gtk-3.0 realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.config/gtk-4.0 Debug 580: expanded: /home/internet/.config/gtk-4.0 Debug 591: new_name: /home/internet/.config/gtk-4.0 Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.config/gtk-4.0 expanded: /home/internet/.config/gtk-4.0 realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.config/gtkrc Debug 580: expanded: /home/internet/.config/gtkrc Debug 591: new_name: /home/internet/.config/gtkrc Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.config/gtkrc expanded: /home/internet/.config/gtkrc realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.config/gtkrc-2.0 Debug 580: expanded: /home/internet/.config/gtkrc-2.0 Debug 591: new_name: /home/internet/.config/gtkrc-2.0 Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.config/gtkrc-2.0 expanded: /home/internet/.config/gtkrc-2.0 realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.gnome2 Debug 580: expanded: /home/internet/.gnome2 Debug 591: new_name: /home/internet/.gnome2 Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.gnome2 expanded: /home/internet/.gnome2 realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.gnome2-private Debug 580: expanded: /home/internet/.gnome2-private Debug 591: new_name: /home/internet/.gnome2-private Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.gnome2-private expanded: /home/internet/.gnome2-private realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.gtk-2.0 Debug 580: expanded: /home/internet/.gtk-2.0 Debug 591: new_name: /home/internet/.gtk-2.0 Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.gtk-2.0 expanded: /home/internet/.gtk-2.0 realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.gtkrc Debug 580: expanded: /home/internet/.gtkrc Debug 591: new_name: /home/internet/.gtkrc Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.gtkrc expanded: /home/internet/.gtkrc realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.gtkrc-2.0 Debug 580: expanded: /home/internet/.gtkrc-2.0 Debug 591: new_name: /home/internet/.gtkrc-2.0 Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.gtkrc-2.0 expanded: /home/internet/.gtkrc-2.0 realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.kde/share/config/gtkrc Debug 580: expanded: /home/internet/.kde/share/config/gtkrc Debug 591: new_name: /home/internet/.kde/share/config/gtkrc Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.kde/share/config/gtkrc expanded: /home/internet/.kde/share/config/gtkrc realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.kde/share/config/gtkrc-2.0 Debug 580: expanded: /home/internet/.kde/share/config/gtkrc-2.0 Debug 591: new_name: /home/internet/.kde/share/config/gtkrc-2.0 Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.kde/share/config/gtkrc-2.0 expanded: /home/internet/.kde/share/config/gtkrc-2.0 realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.kde4/share/config/gtkrc Debug 580: expanded: /home/internet/.kde4/share/config/gtkrc Debug 591: new_name: /home/internet/.kde4/share/config/gtkrc Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.kde4/share/config/gtkrc expanded: /home/internet/.kde4/share/config/gtkrc realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.kde4/share/config/gtkrc-2.0 Debug 580: expanded: /home/internet/.kde4/share/config/gtkrc-2.0 Debug 591: new_name: /home/internet/.kde4/share/config/gtkrc-2.0 Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.kde4/share/config/gtkrc-2.0 expanded: /home/internet/.kde4/share/config/gtkrc-2.0 realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.local/share/themes Debug 580: expanded: /home/internet/.local/share/themes Debug 591: new_name: /home/internet/.local/share/themes Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.local/share/themes expanded: /home/internet/.local/share/themes realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.themes Debug 580: expanded: /home/internet/.themes Debug 591: new_name: /home/internet/.themes Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.themes expanded: /home/internet/.themes realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.cache/kioexec/krun Debug 580: expanded: /home/internet/.cache/kioexec/krun Debug 591: new_name: /home/internet/.cache/kioexec/krun Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.cache/kioexec/krun expanded: /home/internet/.cache/kioexec/krun realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.config/Kvantum Debug 580: expanded: /home/internet/.config/Kvantum Debug 591: new_name: /home/internet/.config/Kvantum Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.config/Kvantum expanded: /home/internet/.config/Kvantum realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.config/Trolltech.conf Debug 580: expanded: /home/internet/.config/Trolltech.conf Debug 591: new_name: /home/internet/.config/Trolltech.conf Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.config/Trolltech.conf expanded: /home/internet/.config/Trolltech.conf realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.config/QtProject.conf Debug 580: expanded: /home/internet/.config/QtProject.conf Debug 591: new_name: /home/internet/.config/QtProject.conf Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.config/QtProject.conf expanded: /home/internet/.config/QtProject.conf realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.config/kdeglobals Debug 580: expanded: /home/internet/.config/kdeglobals Debug 591: new_name: /home/internet/.config/kdeglobals Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.config/kdeglobals expanded: /home/internet/.config/kdeglobals realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.config/kio_httprc Debug 580: expanded: /home/internet/.config/kio_httprc Debug 591: new_name: /home/internet/.config/kio_httprc Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.config/kio_httprc expanded: /home/internet/.config/kio_httprc realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.config/kioslaverc Debug 580: expanded: /home/internet/.config/kioslaverc Debug 591: new_name: /home/internet/.config/kioslaverc Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.config/kioslaverc expanded: /home/internet/.config/kioslaverc realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.config/ksslcablacklist Debug 580: expanded: /home/internet/.config/ksslcablacklist Debug 591: new_name: /home/internet/.config/ksslcablacklist Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.config/ksslcablacklist expanded: /home/internet/.config/ksslcablacklist realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.config/qt5ct Debug 580: expanded: /home/internet/.config/qt5ct Debug 591: new_name: /home/internet/.config/qt5ct Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.config/qt5ct expanded: /home/internet/.config/qt5ct realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.config/qtcurve Debug 580: expanded: /home/internet/.config/qtcurve Debug 591: new_name: /home/internet/.config/qtcurve Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.config/qtcurve expanded: /home/internet/.config/qtcurve realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.kde/share/config/kdeglobals Debug 580: expanded: /home/internet/.kde/share/config/kdeglobals Debug 591: new_name: /home/internet/.kde/share/config/kdeglobals Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.kde/share/config/kdeglobals expanded: /home/internet/.kde/share/config/kdeglobals realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.kde/share/config/kio_httprc Debug 580: expanded: /home/internet/.kde/share/config/kio_httprc Debug 591: new_name: /home/internet/.kde/share/config/kio_httprc Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.kde/share/config/kio_httprc expanded: /home/internet/.kde/share/config/kio_httprc realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.kde/share/config/kioslaverc Debug 580: expanded: /home/internet/.kde/share/config/kioslaverc Debug 591: new_name: /home/internet/.kde/share/config/kioslaverc Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.kde/share/config/kioslaverc expanded: /home/internet/.kde/share/config/kioslaverc realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.kde/share/config/ksslcablacklist Debug 580: expanded: /home/internet/.kde/share/config/ksslcablacklist Debug 591: new_name: /home/internet/.kde/share/config/ksslcablacklist Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.kde/share/config/ksslcablacklist expanded: /home/internet/.kde/share/config/ksslcablacklist realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.kde/share/config/oxygenrc Debug 580: expanded: /home/internet/.kde/share/config/oxygenrc Debug 591: new_name: /home/internet/.kde/share/config/oxygenrc Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.kde/share/config/oxygenrc expanded: /home/internet/.kde/share/config/oxygenrc realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.kde/share/icons Debug 580: expanded: /home/internet/.kde/share/icons Debug 591: new_name: /home/internet/.kde/share/icons Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.kde/share/icons expanded: /home/internet/.kde/share/icons realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.kde4/share/config/kdeglobals Debug 580: expanded: /home/internet/.kde4/share/config/kdeglobals Debug 591: new_name: /home/internet/.kde4/share/config/kdeglobals Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.kde4/share/config/kdeglobals expanded: /home/internet/.kde4/share/config/kdeglobals realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.kde4/share/config/kio_httprc Debug 580: expanded: /home/internet/.kde4/share/config/kio_httprc Debug 591: new_name: /home/internet/.kde4/share/config/kio_httprc Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.kde4/share/config/kio_httprc expanded: /home/internet/.kde4/share/config/kio_httprc realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.kde4/share/config/kioslaverc Debug 580: expanded: /home/internet/.kde4/share/config/kioslaverc Debug 591: new_name: /home/internet/.kde4/share/config/kioslaverc Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.kde4/share/config/kioslaverc expanded: /home/internet/.kde4/share/config/kioslaverc realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.kde4/share/config/ksslcablacklist Debug 580: expanded: /home/internet/.kde4/share/config/ksslcablacklist Debug 591: new_name: /home/internet/.kde4/share/config/ksslcablacklist Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.kde4/share/config/ksslcablacklist expanded: /home/internet/.kde4/share/config/ksslcablacklist realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.kde4/share/config/oxygenrc Debug 580: expanded: /home/internet/.kde4/share/config/oxygenrc Debug 591: new_name: /home/internet/.kde4/share/config/oxygenrc Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.kde4/share/config/oxygenrc expanded: /home/internet/.kde4/share/config/oxygenrc realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.kde4/share/icons Debug 580: expanded: /home/internet/.kde4/share/icons Debug 591: new_name: /home/internet/.kde4/share/icons Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.kde4/share/icons expanded: /home/internet/.kde4/share/icons realpath: (null) No such file or directory Debug 559: whitelist ${HOME}/.local/share/qt5ct Debug 580: expanded: /home/internet/.local/share/qt5ct Debug 591: new_name: /home/internet/.local/share/qt5ct Debug 605: dir: /home/internet Removed path: whitelist ${HOME}/.local/share/qt5ct expanded: /home/internet/.local/share/qt5ct realpath: (null) No such file or directory Debug 559: whitelist ${RUNUSER}/bus Debug 580: expanded: /run/user/1001/bus Debug 591: new_name: /run/user/1001/bus Debug 605: dir: /run/user/1001 Cannot access whitelist top level directory /run/user/1001: No such file or directory Debug 559: whitelist ${RUNUSER}/dconf Debug 580: expanded: /run/user/1001/dconf Debug 591: new_name: /run/user/1001/dconf Debug 605: dir: /run/user/1001 Cannot access whitelist top level directory /run/user/1001: No such file or directory Debug 559: whitelist ${RUNUSER}/gdm/Xauthority Debug 580: expanded: /run/user/1001/gdm/Xauthority Debug 591: new_name: /run/user/1001/gdm/Xauthority Debug 605: dir: /run/user/1001 Cannot access whitelist top level directory /run/user/1001: No such file or directory Debug 559: whitelist ${RUNUSER}/ICEauthority Debug 580: expanded: /run/user/1001/ICEauthority Debug 591: new_name: /run/user/1001/ICEauthority Debug 605: dir: /run/user/1001 Cannot access whitelist top level directory /run/user/1001: No such file or directory Debug 559: whitelist ${RUNUSER}/.mutter-Xwaylandauth.* Debug 580: expanded: /run/user/1001/.mutter-Xwaylandauth.* Debug 591: new_name: /run/user/1001/.mutter-Xwaylandauth.* Debug 605: dir: /run/user/1001 Cannot access whitelist top level directory /run/user/1001: No such file or directory Debug 559: whitelist ${RUNUSER}/pulse/native Debug 580: expanded: /run/user/1001/pulse/native Debug 591: new_name: /run/user/1001/pulse/native Debug 605: dir: /run/user/1001 Cannot access whitelist top level directory /run/user/1001: No such file or directory Debug 559: whitelist ${RUNUSER}/wayland-0 Debug 580: expanded: /run/user/1001/wayland-0 Debug 591: new_name: /run/user/1001/wayland-0 Debug 605: dir: /run/user/1001 Cannot access whitelist top level directory /run/user/1001: No such file or directory Debug 559: whitelist ${RUNUSER}/wayland-1 Debug 580: expanded: /run/user/1001/wayland-1 Debug 591: new_name: /run/user/1001/wayland-1 Debug 605: dir: /run/user/1001 Cannot access whitelist top level directory /run/user/1001: No such file or directory Debug 559: whitelist ${RUNUSER}/xauth_* Debug 580: expanded: /run/user/1001/xauth_* Debug 591: new_name: /run/user/1001/xauth_* Debug 605: dir: /run/user/1001 Cannot access whitelist top level directory /run/user/1001: No such file or directory Debug 559: whitelist ${RUNUSER}/[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]] Debug 580: expanded: /run/user/1001/[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]] Debug 591: new_name: /run/user/1001/[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]] Debug 605: dir: /run/user/1001 Cannot access whitelist top level directory /run/user/1001: No such file or directory Debug 559: whitelist /var/lib/aspell Debug 580: expanded: /var/lib/aspell Debug 591: new_name: /var/lib/aspell Debug 605: dir: /var Adding whitelist top level directory /var Debug 559: whitelist /var/lib/ca-certificates Debug 580: expanded: /var/lib/ca-certificates Debug 591: new_name: /var/lib/ca-certificates Debug 605: dir: /var Removed path: whitelist /var/lib/ca-certificates expanded: /var/lib/ca-certificates realpath: (null) No such file or directory Debug 559: whitelist /var/lib/dbus Debug 580: expanded: /var/lib/dbus Debug 591: new_name: /var/lib/dbus Debug 605: dir: /var Debug 559: whitelist /var/lib/menu-xdg Debug 580: expanded: /var/lib/menu-xdg Debug 591: new_name: /var/lib/menu-xdg Debug 605: dir: /var Debug 559: whitelist /var/lib/uim Debug 580: expanded: /var/lib/uim Debug 591: new_name: /var/lib/uim Debug 605: dir: /var Removed path: whitelist /var/lib/uim expanded: /var/lib/uim realpath: (null) No such file or directory Debug 559: whitelist /var/cache/fontconfig Debug 580: expanded: /var/cache/fontconfig Debug 591: new_name: /var/cache/fontconfig Debug 605: dir: /var Debug 559: whitelist /var/tmp Debug 580: expanded: /var/tmp Debug 591: new_name: /var/tmp Debug 605: dir: /var Debug 559: whitelist /var/run Debug 580: expanded: /var/run Debug 591: new_name: /var/run Debug 605: dir: /var Debug 559: whitelist /var/lock Debug 580: expanded: /var/lock Debug 591: new_name: /var/lock Debug 605: dir: /var Debug 559: whitelist /tmp/.X11-unix Debug 580: expanded: /tmp/.X11-unix Debug 591: new_name: /tmp/.X11-unix Debug 605: dir: /tmp Adding whitelist top level directory /tmp Mounting tmpfs on /usr/share, check owner: no 1169 90 0:55 / /usr/share rw,nosuid,nodev,noatime - tmpfs tmpfs rw,mode=755,inode64 mountid=1169 fsname=/ dir=/usr/share fstype=tmpfs Mounting tmpfs on /var, check owner: no 1170 83 0:56 / /var rw,nosuid,nodev,noexec,noatime - tmpfs tmpfs rw,mode=755,inode64 mountid=1170 fsname=/ dir=/var fstype=tmpfs Mounting tmpfs on /tmp, check owner: no 1171 69 0:57 / /tmp rw,nosuid,nodev,noatime - tmpfs tmpfs rw,inode64 mountid=1171 fsname=/ dir=/tmp fstype=tmpfs Mounting a new /root directory Mounting a new /home directory Create a new user directory Debug 741: file: /home/internet/.cache/mozilla/firefox; dirfd: 4; topdir: /home/internet; rel: .cache/mozilla/firefox Whitelisting /home/internet/.cache/mozilla/firefox 1174 1173 253:0 /home/internet/.cache/mozilla/firefox /home/internet/.cache/mozilla/firefox rw,noatime - ext4 /dev/mapper/rootfs rw mountid=1174 fsname=/home/internet/.cache/mozilla/firefox dir=/home/internet/.cache/mozilla/firefox fstype=ext4 Debug 741: file: /home/internet/.mozilla; dirfd: 4; topdir: /home/internet; rel: .mozilla Whitelisting /home/internet/.mozilla 1175 1173 253:0 /home/internet/.mozilla /home/internet/.mozilla rw,noatime - ext4 /dev/mapper/rootfs rw mountid=1175 fsname=/home/internet/.mozilla dir=/home/internet/.mozilla fstype=ext4 Debug 741: file: /usr/share/doc; dirfd: 5; topdir: /usr/share; rel: doc Whitelisting /usr/share/doc 1176 1169 253:0 /usr/share/doc /usr/share/doc ro,noatime - ext4 /dev/mapper/rootfs rw mountid=1176 fsname=/usr/share/doc dir=/usr/share/doc fstype=ext4 Debug 741: file: /usr/share/gtk-doc/html; dirfd: 5; topdir: /usr/share; rel: gtk-doc/html Whitelisting /usr/share/gtk-doc/html 1177 1169 253:0 /usr/share/gtk-doc/html /usr/share/gtk-doc/html ro,noatime - ext4 /dev/mapper/rootfs rw mountid=1177 fsname=/usr/share/gtk-doc/html dir=/usr/share/gtk-doc/html fstype=ext4 Debug 741: file: /usr/share/mozilla; dirfd: 5; topdir: /usr/share; rel: mozilla Whitelisting /usr/share/mozilla 1178 1169 253:0 /usr/share/mozilla /usr/share/mozilla ro,noatime - ext4 /dev/mapper/rootfs rw mountid=1178 fsname=/usr/share/mozilla dir=/usr/share/mozilla fstype=ext4 Debug 741: file: /usr/share/alsa; dirfd: 5; topdir: /usr/share; rel: alsa Whitelisting /usr/share/alsa 1179 1169 253:0 /usr/share/alsa /usr/share/alsa ro,noatime - ext4 /dev/mapper/rootfs rw mountid=1179 fsname=/usr/share/alsa dir=/usr/share/alsa fstype=ext4 Debug 741: file: /usr/share/applications; dirfd: 5; topdir: /usr/share; rel: applications Whitelisting /usr/share/applications 1180 1169 253:0 /usr/share/applications /usr/share/applications ro,noatime - ext4 /dev/mapper/rootfs rw mountid=1180 fsname=/usr/share/applications dir=/usr/share/applications fstype=ext4 Debug 741: file: /usr/share/ca-certificates; dirfd: 5; topdir: /usr/share; rel: ca-certificates Whitelisting /usr/share/ca-certificates 1181 1169 253:0 /usr/share/ca-certificates /usr/share/ca-certificates ro,noatime - ext4 /dev/mapper/rootfs rw mountid=1181 fsname=/usr/share/ca-certificates dir=/usr/share/ca-certificates fstype=ext4 Debug 741: file: /usr/share/distro-info; dirfd: 5; topdir: /usr/share; rel: distro-info Whitelisting /usr/share/distro-info 1182 1169 253:0 /usr/share/distro-info /usr/share/distro-info ro,noatime - ext4 /dev/mapper/rootfs rw mountid=1182 fsname=/usr/share/distro-info dir=/usr/share/distro-info fstype=ext4 Debug 741: file: /usr/share/drirc.d; dirfd: 5; topdir: /usr/share; rel: drirc.d Whitelisting /usr/share/drirc.d 1183 1169 253:0 /usr/share/drirc.d /usr/share/drirc.d ro,noatime - ext4 /dev/mapper/rootfs rw mountid=1183 fsname=/usr/share/drirc.d dir=/usr/share/drirc.d fstype=ext4 Debug 741: file: /usr/share/enchant; dirfd: 5; topdir: /usr/share; rel: enchant Whitelisting /usr/share/enchant 1184 1169 253:0 /usr/share/enchant /usr/share/enchant ro,noatime - ext4 /dev/mapper/rootfs rw mountid=1184 fsname=/usr/share/enchant dir=/usr/share/enchant fstype=ext4 Debug 741: file: /usr/share/file; dirfd: 5; topdir: /usr/share; rel: file Whitelisting /usr/share/file 1185 1169 253:0 /usr/share/file /usr/share/file ro,noatime - ext4 /dev/mapper/rootfs rw mountid=1185 fsname=/usr/share/file dir=/usr/share/file fstype=ext4 Debug 741: file: /usr/share/fontconfig; dirfd: 5; topdir: /usr/share; rel: fontconfig Whitelisting /usr/share/fontconfig 1186 1169 253:0 /usr/share/fontconfig /usr/share/fontconfig ro,noatime - ext4 /dev/mapper/rootfs rw mountid=1186 fsname=/usr/share/fontconfig dir=/usr/share/fontconfig fstype=ext4 Debug 741: file: /usr/share/fonts; dirfd: 5; topdir: /usr/share; rel: fonts Whitelisting /usr/share/fonts 1187 1169 253:0 /usr/share/fonts /usr/share/fonts ro,noatime - ext4 /dev/mapper/rootfs rw mountid=1187 fsname=/usr/share/fonts dir=/usr/share/fonts fstype=ext4 Debug 741: file: /usr/share/gir-1.0; dirfd: 5; topdir: /usr/share; rel: gir-1.0 Whitelisting /usr/share/gir-1.0 1188 1169 253:0 /usr/share/gir-1.0 /usr/share/gir-1.0 ro,noatime - ext4 /dev/mapper/rootfs rw mountid=1188 fsname=/usr/share/gir-1.0 dir=/usr/share/gir-1.0 fstype=ext4 Debug 741: file: /usr/share/glib-2.0; dirfd: 5; topdir: /usr/share; rel: glib-2.0 Whitelisting /usr/share/glib-2.0 1189 1169 253:0 /usr/share/glib-2.0 /usr/share/glib-2.0 ro,noatime - ext4 /dev/mapper/rootfs rw mountid=1189 fsname=/usr/share/glib-2.0 dir=/usr/share/glib-2.0 fstype=ext4 Debug 741: file: /usr/share/glvnd; dirfd: 5; topdir: /usr/share; rel: glvnd Whitelisting /usr/share/glvnd 1190 1169 253:0 /usr/share/glvnd /usr/share/glvnd ro,noatime - ext4 /dev/mapper/rootfs rw mountid=1190 fsname=/usr/share/glvnd dir=/usr/share/glvnd fstype=ext4 Debug 741: file: /usr/share/gtk-3.0; dirfd: 5; topdir: /usr/share; rel: gtk-3.0 Whitelisting /usr/share/gtk-3.0 1191 1169 253:0 /usr/share/gtk-3.0 /usr/share/gtk-3.0 ro,noatime - ext4 /dev/mapper/rootfs rw mountid=1191 fsname=/usr/share/gtk-3.0 dir=/usr/share/gtk-3.0 fstype=ext4 Debug 741: file: /usr/share/gtk-engines; dirfd: 5; topdir: /usr/share; rel: gtk-engines Whitelisting /usr/share/gtk-engines 1192 1169 253:0 /usr/share/gtk-engines /usr/share/gtk-engines ro,noatime - ext4 /dev/mapper/rootfs rw mountid=1192 fsname=/usr/share/gtk-engines dir=/usr/share/gtk-engines fstype=ext4 Debug 741: file: /usr/share/hunspell; dirfd: 5; topdir: /usr/share; rel: hunspell Whitelisting /usr/share/hunspell 1193 1169 253:0 /usr/share/hunspell /usr/share/hunspell ro,noatime - ext4 /dev/mapper/rootfs rw mountid=1193 fsname=/usr/share/hunspell dir=/usr/share/hunspell fstype=ext4 Debug 741: file: /usr/share/icons; dirfd: 5; topdir: /usr/share; rel: icons Whitelisting /usr/share/icons 1194 1169 253:0 /usr/share/icons /usr/share/icons ro,noatime - ext4 /dev/mapper/rootfs rw mountid=1194 fsname=/usr/share/icons dir=/usr/share/icons fstype=ext4 Debug 741: file: /usr/share/icu; dirfd: 5; topdir: /usr/share; rel: icu Whitelisting /usr/share/icu 1195 1169 253:0 /usr/share/icu /usr/share/icu ro,noatime - ext4 /dev/mapper/rootfs rw mountid=1195 fsname=/usr/share/icu dir=/usr/share/icu fstype=ext4 Debug 741: file: /usr/share/libdrm; dirfd: 5; topdir: /usr/share; rel: libdrm Whitelisting /usr/share/libdrm 1196 1169 253:0 /usr/share/libdrm /usr/share/libdrm ro,noatime - ext4 /dev/mapper/rootfs rw mountid=1196 fsname=/usr/share/libdrm dir=/usr/share/libdrm fstype=ext4 Debug 741: file: /usr/share/libthai; dirfd: 5; topdir: /usr/share; rel: libthai Whitelisting /usr/share/libthai 1197 1169 253:0 /usr/share/libthai /usr/share/libthai ro,noatime - ext4 /dev/mapper/rootfs rw mountid=1197 fsname=/usr/share/libthai dir=/usr/share/libthai fstype=ext4 Debug 741: file: /usr/share/locale; dirfd: 5; topdir: /usr/share; rel: locale Whitelisting /usr/share/locale 1198 1169 253:0 /usr/share/locale /usr/share/locale ro,noatime - ext4 /dev/mapper/rootfs rw mountid=1198 fsname=/usr/share/locale dir=/usr/share/locale fstype=ext4 Debug 741: file: /usr/share/mime; dirfd: 5; topdir: /usr/share; rel: mime Whitelisting /usr/share/mime 1199 1169 253:0 /usr/share/mime /usr/share/mime ro,noatime - ext4 /dev/mapper/rootfs rw mountid=1199 fsname=/usr/share/mime dir=/usr/share/mime fstype=ext4 Debug 741: file: /usr/share/misc; dirfd: 5; topdir: /usr/share; rel: misc Whitelisting /usr/share/misc 1200 1169 253:0 /usr/share/misc /usr/share/misc ro,noatime - ext4 /dev/mapper/rootfs rw mountid=1200 fsname=/usr/share/misc dir=/usr/share/misc fstype=ext4 Debug 741: file: /usr/share/myspell; dirfd: 5; topdir: /usr/share; rel: myspell Whitelisting /usr/share/myspell 1201 1169 253:0 /usr/share/myspell /usr/share/myspell ro,noatime - ext4 /dev/mapper/rootfs rw mountid=1201 fsname=/usr/share/myspell dir=/usr/share/myspell fstype=ext4 Debug 741: file: /usr/share/p11-kit; dirfd: 5; topdir: /usr/share; rel: p11-kit Whitelisting /usr/share/p11-kit 1202 1169 253:0 /usr/share/p11-kit /usr/share/p11-kit ro,noatime - ext4 /dev/mapper/rootfs rw mountid=1202 fsname=/usr/share/p11-kit dir=/usr/share/p11-kit fstype=ext4 Debug 741: file: /usr/share/perl; dirfd: 5; topdir: /usr/share; rel: perl Whitelisting /usr/share/perl 1203 1169 253:0 /usr/share/perl /usr/share/perl ro,noatime - ext4 /dev/mapper/rootfs rw mountid=1203 fsname=/usr/share/perl dir=/usr/share/perl fstype=ext4 Debug 741: file: /usr/share/perl5; dirfd: 5; topdir: /usr/share; rel: perl5 Whitelisting /usr/share/perl5 1204 1169 253:0 /usr/share/perl5 /usr/share/perl5 ro,noatime - ext4 /dev/mapper/rootfs rw mountid=1204 fsname=/usr/share/perl5 dir=/usr/share/perl5 fstype=ext4 Debug 741: file: /usr/share/pixmaps; dirfd: 5; topdir: /usr/share; rel: pixmaps Whitelisting /usr/share/pixmaps 1205 1169 253:0 /usr/share/pixmaps /usr/share/pixmaps ro,noatime - ext4 /dev/mapper/rootfs rw mountid=1205 fsname=/usr/share/pixmaps dir=/usr/share/pixmaps fstype=ext4 Debug 741: file: /usr/share/qt5ct; dirfd: 5; topdir: /usr/share; rel: qt5ct Whitelisting /usr/share/qt5ct 1206 1169 253:0 /usr/share/qt5ct /usr/share/qt5ct ro,noatime - ext4 /dev/mapper/rootfs rw mountid=1206 fsname=/usr/share/qt5ct dir=/usr/share/qt5ct fstype=ext4 Debug 741: file: /usr/share/sounds; dirfd: 5; topdir: /usr/share; rel: sounds Whitelisting /usr/share/sounds 1207 1169 253:0 /usr/share/sounds /usr/share/sounds ro,noatime - ext4 /dev/mapper/rootfs rw mountid=1207 fsname=/usr/share/sounds dir=/usr/share/sounds fstype=ext4 Debug 741: file: /usr/share/tcltk; dirfd: 5; topdir: /usr/share; rel: tcltk Whitelisting /usr/share/tcltk 1208 1169 253:0 /usr/share/tcltk /usr/share/tcltk ro,noatime - ext4 /dev/mapper/rootfs rw mountid=1208 fsname=/usr/share/tcltk dir=/usr/share/tcltk fstype=ext4 Debug 741: file: /usr/share/terminfo; dirfd: 5; topdir: /usr/share; rel: terminfo Whitelisting /usr/share/terminfo 1209 1169 253:0 /usr/share/terminfo /usr/share/terminfo ro,noatime - ext4 /dev/mapper/rootfs rw mountid=1209 fsname=/usr/share/terminfo dir=/usr/share/terminfo fstype=ext4 Debug 741: file: /usr/share/texmf; dirfd: 5; topdir: /usr/share; rel: texmf Whitelisting /usr/share/texmf 1210 1169 253:0 /usr/share/texmf /usr/share/texmf ro,noatime - ext4 /dev/mapper/rootfs rw mountid=1210 fsname=/usr/share/texmf dir=/usr/share/texmf fstype=ext4 Debug 741: file: /usr/share/themes; dirfd: 5; topdir: /usr/share; rel: themes Whitelisting /usr/share/themes 1211 1169 253:0 /usr/share/themes /usr/share/themes ro,noatime - ext4 /dev/mapper/rootfs rw mountid=1211 fsname=/usr/share/themes dir=/usr/share/themes fstype=ext4 Debug 741: file: /usr/share/X11; dirfd: 5; topdir: /usr/share; rel: X11 Whitelisting /usr/share/X11 1212 1169 253:0 /usr/share/X11 /usr/share/X11 ro,noatime - ext4 /dev/mapper/rootfs rw mountid=1212 fsname=/usr/share/X11 dir=/usr/share/X11 fstype=ext4 Debug 741: file: /usr/share/xml; dirfd: 5; topdir: /usr/share; rel: xml Whitelisting /usr/share/xml 1213 1169 253:0 /usr/share/xml /usr/share/xml ro,noatime - ext4 /dev/mapper/rootfs rw mountid=1213 fsname=/usr/share/xml dir=/usr/share/xml fstype=ext4 Debug 741: file: /usr/share/zoneinfo; dirfd: 5; topdir: /usr/share; rel: zoneinfo Whitelisting /usr/share/zoneinfo 1214 1169 253:0 /usr/share/zoneinfo /usr/share/zoneinfo ro,noatime - ext4 /dev/mapper/rootfs rw mountid=1214 fsname=/usr/share/zoneinfo dir=/usr/share/zoneinfo fstype=ext4 Debug 741: file: /home/internet/.pki; dirfd: 4; topdir: /home/internet; rel: .pki Whitelisting /home/internet/.pki 1215 1173 253:0 /home/internet/.pki /home/internet/.pki rw,noatime - ext4 /dev/mapper/rootfs rw mountid=1215 fsname=/home/internet/.pki dir=/home/internet/.pki fstype=ext4 Debug 741: file: /home/internet/.local/share/pki; dirfd: 4; topdir: /home/internet; rel: .local/share/pki Whitelisting /home/internet/.local/share/pki 1216 1173 253:0 /home/internet/.local/share/pki /home/internet/.local/share/pki rw,noatime - ext4 /dev/mapper/rootfs rw mountid=1216 fsname=/home/internet/.local/share/pki dir=/home/internet/.local/share/pki fstype=ext4 Debug 741: file: /home/internet/.config/dconf; dirfd: 4; topdir: /home/internet; rel: .config/dconf Whitelisting /home/internet/.config/dconf 1217 1173 253:0 /home/internet/.config/dconf /home/internet/.config/dconf rw,noatime - ext4 /dev/mapper/rootfs rw mountid=1217 fsname=/home/internet/.config/dconf dir=/home/internet/.config/dconf fstype=ext4 Debug 741: file: /home/internet/.cache/fontconfig; dirfd: 4; topdir: /home/internet; rel: .cache/fontconfig Whitelisting /home/internet/.cache/fontconfig 1218 1173 253:0 /home/internet/.cache/fontconfig /home/internet/.cache/fontconfig rw,noatime - ext4 /dev/mapper/rootfs rw mountid=1218 fsname=/home/internet/.cache/fontconfig dir=/home/internet/.cache/fontconfig fstype=ext4 Debug 741: file: /home/internet/.fontconfig; dirfd: 4; topdir: /home/internet; rel: .fontconfig Whitelisting /home/internet/.fontconfig 1219 1173 253:0 /home/internet/.fontconfig /home/internet/.fontconfig rw,noatime - ext4 /dev/mapper/rootfs rw mountid=1219 fsname=/home/internet/.fontconfig dir=/home/internet/.fontconfig fstype=ext4 Debug 741: file: /var/lib/aspell; dirfd: 7; topdir: /var; rel: lib/aspell Whitelisting /var/lib/aspell 1220 1170 253:0 /var/lib/aspell /var/lib/aspell ro,nosuid,nodev,noexec,noatime - ext4 /dev/mapper/rootfs rw mountid=1220 fsname=/var/lib/aspell dir=/var/lib/aspell fstype=ext4 Debug 741: file: /var/lib/dbus; dirfd: 7; topdir: /var; rel: lib/dbus Whitelisting /var/lib/dbus 1221 1170 253:0 /var/lib/dbus /var/lib/dbus ro,nosuid,nodev,noexec,noatime - ext4 /dev/mapper/rootfs rw mountid=1221 fsname=/var/lib/dbus dir=/var/lib/dbus fstype=ext4 Debug 741: file: /var/lib/menu-xdg; dirfd: 7; topdir: /var; rel: lib/menu-xdg Whitelisting /var/lib/menu-xdg 1222 1170 253:0 /var/lib/menu-xdg /var/lib/menu-xdg ro,nosuid,nodev,noexec,noatime - ext4 /dev/mapper/rootfs rw mountid=1222 fsname=/var/lib/menu-xdg dir=/var/lib/menu-xdg fstype=ext4 Debug 741: file: /var/cache/fontconfig; dirfd: 7; topdir: /var; rel: cache/fontconfig Whitelisting /var/cache/fontconfig 1223 1170 253:0 /var/cache/fontconfig /var/cache/fontconfig ro,nosuid,nodev,noexec,noatime - ext4 /dev/mapper/rootfs rw mountid=1223 fsname=/var/cache/fontconfig dir=/var/cache/fontconfig fstype=ext4 Debug 741: file: /var/tmp; dirfd: 7; topdir: /var; rel: tmp Whitelisting /var/tmp 1224 1170 0:46 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw,inode64 mountid=1224 fsname=/ dir=/var/tmp fstype=tmpfs Created symbolic link /var/run -> /run Created symbolic link /var/lock -> /run/lock Debug 741: file: /tmp/.X11-unix; dirfd: 8; topdir: /tmp; rel: .X11-unix Whitelisting /tmp/.X11-unix 1225 1171 0:29 /.X11-unix /tmp/.X11-unix rw,noatime - tmpfs none rw,inode64 mountid=1225 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Mounting read-only /home/internet/.config/dconf 1226 1217 253:0 /home/internet/.config/dconf /home/internet/.config/dconf ro,noatime - ext4 /dev/mapper/rootfs rw mountid=1226 fsname=/home/internet/.config/dconf dir=/home/internet/.config/dconf fstype=ext4 Disable /usr/share/applications/veracrypt.desktop Disable /usr/share/pixmaps/veracrypt.xpm Disable /run/acpid.socket (requested /var/run/acpid.socket) Disable /run/rpcbind.sock (requested /var/run/rpcbind.sock) Not blacklist /home/internet/.pki Not blacklist /home/internet/.local/share/pki Disable /sbin Disable /usr/local/sbin Disable /usr/sbin Disable /usr/local/gcc-10.2.0/bin/c++-10.2 Disable /usr/local/gcc-10.2.0/bin/cpp-10.2 Disable /usr/local/gcc-10.2.0/bin/g++-10.2 Disable /usr/local/gcc-10.2.0/bin/gcc-nm-10.2 Disable /usr/local/gcc-10.2.0/bin/gcc-ar-10.2 Disable /usr/local/gcc-10.2.0/bin/gcc-ranlib-10.2 Disable /usr/local/gcc-10.2.0/bin/gcc-10.2 Disable /usr/local/gcc-10.2.0/bin/x86_64-linux-gnu-gcc-ranlib-10.2 Disable /usr/local/gcc-10.2.0/bin/x86_64-linux-gnu-gcc-10.2.0 Disable /usr/local/gcc-10.2.0/bin/x86_64-linux-gnu-gcc-nm-10.2 Disable /usr/local/gcc-10.2.0/bin/x86_64-linux-gnu-gDISPLAY=:0.0 parsed as 0 line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 04 00 c000003e jeq ARCH_64 0006 (false 0002) 0002: 20 00 00 00000000 ld data.syscall-number 0003: 15 01 00 00000167 jeq unknown 0005 (false 0004) 0004: 06 00 00 7fff0000 ret ALLOW 0005: 05 00 00 00000006 jmp 000c 0006: 20 00 00 00000004 ld data.architecture 0007: 15 01 00 c000003e jeq ARCH_64 0009 (false 0008) 0008: 06 00 00 7fff0000 ret ALLOW 0009: 20 00 00 00000000 ld data.syscall-number 000a: 15 01 00 00000029 jeq socket 000c (false 000b) 000b: 06 00 00 7fff0000 ret ALLOW 000c: 20 00 00 00000010 ld data.args[0] 000d: 15 00 01 00000001 jeq 1 000e (false 000f) 000e: 06 00 00 7fff0000 ret ALLOW 000f: 15 00 01 00000002 jeq 2 0010 (false 0011) 0010: 06 00 00 7fff0000 ret ALLOW 0011: 15 00 01 0000000a jeq a 0012 (false 0013) 0012: 06 00 00 7fff0000 ret ALLOW 0013: 15 00 01 00000010 jeq 10 0014 (false 0015) 0014: 06 00 00 7fff0000 ret ALLOW 0015: 06 00 00 0005005f ret ERRNO(95) cc-ar-10.2 Disable /usr/local/gcc-10.2.0/bin/x86_64-linux-gnu-gcc-10.2 Disable /usr/local/gcc-10.2.0/bin/x86_64-linux-gnu-g++-10.2 Disable /usr/local/gcc-10.2.0/bin/x86_64-linux-gnu-gcc-ranlib-10.2 Disable /usr/local/gcc-10.2.0/bin/x86_64-linux-gnu-gcc-10.2.0 Disable /usr/local/gcc-10.2.0/bin/x86_64-linux-gnu-gcc-nm-10.2 Disable /usr/local/gcc-10.2.0/bin/x86_64-linux-gnu-gcc-ar-10.2 Disable /usr/local/gcc-10.2.0/bin/x86_64-linux-gnu-gcc-10.2 Disable /usr/local/gcc-10.2.0/bin/x86_64-linux-gnu-g++-10.2 Disable /usr/src Disable /usr/local/src Disable /usr/include Disable /usr/local/include Mounting noexec /home/internet/.cache/mozilla/firefox 1257 1174 253:0 /home/internet/.cache/mozilla/firefox /home/internet/.cache/mozilla/firefox rw,nosuid,nodev,noexec,noatime - ext4 /dev/mapper/rootfs rw mountid=1257 fsname=/home/internet/.cache/mozilla/firefox dir=/home/internet/.cache/mozilla/firefox fstype=ext4 Mounting noexec /home/internet/.mozilla 1258 1175 253:0 /home/internet/.mozilla /home/internet/.mozilla rw,nosuid,nodev,noexec,noatime - ext4 /dev/mapper/rootfs rw mountid=1258 fsname=/home/internet/.mozilla dir=/home/internet/.mozilla fstype=ext4 Mounting noexec /home/internet/.pki 1259 1215 253:0 /home/internet/.pki /home/internet/.pki rw,nosuid,nodev,noexec,noatime - ext4 /dev/mapper/rootfs rw mountid=1259 fsname=/home/internet/.pki dir=/home/internet/.pki fstype=ext4 Mounting noexec /home/internet/.local/share/pki 1260 1216 253:0 /home/internet/.local/share/pki /home/internet/.local/share/pki rw,nosuid,nodev,noexec,noatime - ext4 /dev/mapper/rootfs rw mountid=1260 fsname=/home/internet/.local/share/pki dir=/home/internet/.local/share/pki fstype=ext4 Mounting noexec /home/internet/.config/dconf 1261 1226 253:0 /home/internet/.config/dconf /home/internet/.config/dconf ro,nosuid,nodev,noexec,noatime - ext4 /dev/mapper/rootfs rw mountid=1261 fsname=/home/internet/.config/dconf dir=/home/internet/.config/dconf fstype=ext4 Mounting noexec /home/internet/.cache/fontconfig 1262 1218 253:0 /home/internet/.cache/fontconfig /home/internet/.cache/fontconfig rw,nosuid,nodev,noexec,noatime - ext4 /dev/mapper/rootfs rw mountid=1262 fsname=/home/internet/.cache/fontconfig dir=/home/internet/.cache/fontconfig fstype=ext4 Mounting noexec /home/internet/.fontconfig 1263 1219 253:0 /home/internet/.fontconfig /home/internet/.fontconfig rw,nosuid,nodev,noexec,noatime - ext4 /dev/mapper/rootfs rw mountid=1263 fsname=/home/internet/.fontconfig dir=/home/internet/.fontconfig fstype=ext4 Mounting noexec /dev/shm 1264 117 0:52 /shm /dev/shm rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64 mountid=1264 fsname=/shm dir=/dev/shm fstype=tmpfs Mounting noexec /tmp 1266 1265 0:29 /.X11-unix /tmp/.X11-unix rw,noatime - tmpfs none rw,inode64 mountid=1266 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Mounting noexec /tmp/.X11-unix 1267 1266 0:29 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev,noexec,noatime - tmpfs none rw,inode64 mountid=1267 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Disable /usr/share/perl5 Disable /usr/share/perl Not blacklist /home/internet/.mozilla Not blacklist /home/internet/.cache/mozilla Mounting tmpfs on /home/internet/.cache, check owner: yes 1270 1173 0:60 / /home/internet/.cache rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,mode=755,uid=1001,gid=1003,inode64 mountid=1270 fsname=/ dir=/home/internet/.cache fstype=tmpfs Mounting read-only /tmp/.X11-unix 1271 1267 0:29 /.X11-unix /tmp/.X11-unix ro,nosuid,nodev,noexec,noatime - tmpfs none rw,inode64 mountid=1271 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Disable /sys/fs Disable /sys/module Disable /mnt Disable /media Disable /run/mount /etc/pulse/client.conf not found Current directory: /home/internet Install protocol filter: unix,inet,inet6,netlink configuring 22 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol sbox run: /usr/local/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol Build drop seccomp filter sbox run: /run/firejail/lib/fseccomp drop /run/firejail/mnt/seccomp/seccomp /run/firejail/mnt/seccomp/seccomp.postexec @cloSeccomp list in: @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice, check list: @default-keep, prelist: adjtimex,clock_adjtime,clock_settime,settimeofday,modify_ldt,lookup_dcookie,perf_event_open,process_vm_writev,delete_module,finit_module,init_module,_sysctl,afs_syscall,create_module,get_kernel_syms,getpmsg,putpmsg,query_module,security,sysfs,tuxcall,uselib,ustat,vserver,ioperm,iopl,kexec_load,kexec_file_load,reboot,ioprio_set,mbind,migrate_pages,move_pages,sched_setaffinity,sched_setattr,sched_setparam,sched_setscheduler,set_mempolicy,swapon,swapoff,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount2,userfaultfd,vhangup,vmsplice, line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005) 0005: 35 01 00 00000000 jge read 0007 (false 0006) 0006: 06 00 00 00050001 ret ERRNO(1) 0007: 15 45 00 0000009f jeq adjtimex 004d (false 0008) 0008: 15 44 00 00000131 jeq clock_adjtime 004d (false 0009) 0009: 15 43 00 000000e3 jeq clock_settime 004d (false 000a) 000a: 15 42 00 000000a4 jeq settimeofday 004d (false 000b) 000b: 15 41 00 0000009a jeq modify_ldt 004d (false 000c) 000c: 15 40 00 000000d4 jeq lookup_dcookie 004d (false 000d) 000d: 15 3f 00 0000012a jeq perf_event_open 004d (false 000e) 000e: 15 3e 00 00000137 jeq process_vm_writev 004d (false 000f) 000f: 15 3d 00 000000b0 jeq delete_module 004d (false 0010) 0010: 15 3c 00 00000139 jeq finit_module 004d (false 0011) 0011: 15 3b 00 000000af jeq init_module 004d (false 0012) 0012: 15 3a 00 0000009c jeq _sysctl 004d (false 0013) 0013: 15 39 00 000000b7 jeq afs_syscall 004d (false 0014) 0014: 15 38 00 000000ae jeq create_module 004d (false 0015) 0015: 15 37 00 000000b1 jeq get_kernel_syms 004d (false 0016) 0016: 15 36 00 000000b5 jeq getpmsg 004d (false 0017) 0017: 15 35 00 000000b6 jeq putpmsg 004d (false 0018) 0018: 15 34 00 000000b2 jeq query_module 004d (false 0019) 0019: 15 33 00 000000b9 jeq security 004d (false 001a) 001a: 15 32 00 0000008b jeq sysfs 004d (false 001b) 001b: 15 31 00 000000b8 jeq tuxcall 004d (false 001c) 001c: 15 30 00 00000086 jeq uselib 004d (false 001d) 001d: 15 2f 00 00000088 jeq ustat 004d (false 001e) 001e: 15 2e 00 000000ec jeq vserver 004d (false 001f) 001f: 15 2d 00 000000ad jeq ioperm 004d (false 0020) 0020: 15 2c 00 000000ac jeq iopl 004d (false 0021) 0021: 15 2b 00 000000f6 jeq kexec_load 004d (false 0022) 0022: 15 2a 00 00000140 jeq kexec_file_load 004d (false 0023) 0023: 15 29 00 000000a9 jeq reboot 004d (false 0024) 0024: 15 28 00 000000fb jeq ioprio_set 004d (false 0025) 0025: 15 27 00 000000ed jeq mbind 004d (false 0026) 0026: 15 26 00 00000100 jeq migrate_pages 004d (false 0027) 0027: 15 25 00 00000117 jeq move_pages 004d (false 0028) 0028: 15 24 00 000000cb jeq sched_setaffinity 004d (false 0029) 0029: 15 23 00 0000013a jeq sched_setattr 004d (false 002a) 002a: 15 22 00 0000008e jeq sched_setparam 004d (false 002b) 002b: 15 21 00 00000090 jeq sched_setscheduler 004d (false 002c) 002c: 15 20 00 000000ee jeq set_mempolicy 004d (false 002d) 002d: 15 1f 00 000000a7 jeq swapon 004d (false 002e) 002e: 15 1e 00 000000a8 jeq swapoff 004d (false 002f) 002f: 15 1d 00 000000a3 jeq acct 004d (false 0030) 0030: 15 1c 00 000000f8 jeq add_key 004d (false 0031) 0031: 15 1b 00 00000141 jeq bpf 004d (false 0032) 0032: 15 1a 00 0000012c jeq fanotify_init 004d (false 0033) 0033: 15 19 00 000000d2 jeq io_cancel 004d (false 0034) 0034: 15 18 00 000000cf jeq io_destroy 004d (false 0035) 0035: 15 17 00 000000d0 jeq io_getevents 004d (false 0036) 0036: 15 16 00 000000ce jeq io_setup 004d (false 0037) 0037: 15 15 00 000000d1 jeq io_submit 004d (false 0038) 0038: 15 14 00 000000fb jeq ioprio_set 004d (false 0039) 0039: 15 13 00 00000138 jeq kcmp 004d (false 003a) 003a: 15 12 00 000000fa jeq keyctl 004d (false 003b) 003b: 15 11 00 000000a5 jeq mount 004d (false 003c) 003c: 15 10 00 0000012f jeq name_to_handle_at 004d (false 003d) 003d: 15 0f 00 000000b4 jeq nfsservctl 004d (false 003e) 003e: 15 0e 00 00000130 jeq open_by_handle_at 004d (false 003f) 003f: 15 0d 00 00000087 jeq personality 004d (false 0040) 0040: 15 0c 00 0000009b jeq pivot_root 004d (false 0041) 0041: 15 0b 00 00000136 jeq process_vm_readv 004d (false 0042) 0042: 15 0a 00 00000065 jeq ptrace 004d (false 0043) 0043: 15 09 00 000000d8 jeq remap_file_pages 004d (false 0044) 0044: 15 08 00 000000f9 jeq request_key 004d (false 0045) 0045: 15 07 00 000000ab jeq setdomainname 004d (false 0046) 0046: 15 06 00 000000aa jeq sethostname 004d (false 0047) 0047: 15 05 00 00000067 jeq syslog 004d (false 0048) 0048: 15 04 00 000000a6 jeq umount2 004d (false 0049) 0049: 15 03 00 00000143 jeq userfaultfd 004d (false 004a) 004a: 15 02 00 00000099 jeq vhangup 004d (false 004b) 004b: 15 01 00 00000116 jeq vmsplice 004d (false 004c) 004c: 06 00 00 7fff0000 ret ALLOW 004d: 06 00 01 00050001 ret ERRNO(1) ck,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice sbox run: /run/firejail/lib/fsec-optimize /run/firejail/mnt/seccomp/seccomp configuring 78 seccomp entries in /run/firejail/mnt/seccomp/seccomp sbox run: /usr/local/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp seccomp filter configured Mounting read-only /run/firejail/mnt/seccomp 1277 73 0:43 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755,inode64 mountid=1277 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs Seccomp directory: ls /run/firejail/mnt/seccomp drwxr-xr-x root root 160 . drwxr-xr-x root root 320 .. -rw-r--r-- internet internet 624 seccomp -rw-r--r-- internet internet 432 seccomp.32 -rw-r--r-- internet internet 77 seccomp.list -rw-r--r-- internet internet 0 seccomp.postexec -rw-r--r-- internet internet 0 seccomp.postexec32 -rw-r--r-- internet internet 176 seccomp.protocol Active seccomp files: cat /run/firejail/mnt/seccomp/seccomp.list /run/firejail/mnt/seccomp/seccomp.protocol /run/firejail/mnt/seccomp/seccomp Dropping all capabilities noroot user namespace installed Dropping all capabilities NO_NEW_PRIVS set Drop privileges: pid 1, uid 1001, gid 1003, nogroups 1 No supplementary groups AppArmor enabled Child process initialized in 743.59 ms Starting application LD_PRELOAD=(null) execvp argument 0: firefox /usr/local/bin/firefox: 3: /usr/local/bin/firefox: which: Permission denied No protocol specified Unable to init server: connection.... Error: cannot open display: :0.0 Parent is shutting down, bye... ``` </details> --- EDIT by @rusty-snake: code-block and details-summary
gitea-mirror commented 2026-05-05 09:17:31 -06:00
Author
Owner
Copy link

@osevan commented on GitHub (Jun 7, 2021):

firefox.profile works everything with success with default user:

# Firejail profile for firefox
# Description: Safe and easy web browser from Mozilla
# This file is overwritten after every install/update
# Persistent local customizations
include firefox.local
# Persistent global definitions
include globals.local

# NOTE: sandboxing web browsers is as important as it is complex. Users might be
# interested in creating custom profiles depending on use case (e.g. one for
# general browsing, another for banking, ...). Consult our FAQ/issue tracker for more
# info. Here are a few links to get you going.
# https://github.com/netblue30/firejail/wiki/Frequently-Asked-Questions#firefox-doesnt-open-in-a-new-sandbox-instead-it-opens-a-new-tab-in-an-existing-firefox-instance
# https://github.com/netblue30/firejail/wiki/Frequently-Asked-Questions#how-do-i-run-two-instances-of-firefox
# https://github.com/netblue30/firejail/issues/4206#issuecomment-824806968

noblacklist ${HOME}/.cache/mozilla
noblacklist ${HOME}/.mozilla
#firefox nightly using
#noblacklist /home/ra/compile/firefox/mozilla-unified/
#ignore noexec ${HOME}
#whitelist /home/ra/compile/firefox/mozilla-unified/



mkdir ${HOME}/.cache/mozilla/firefox
mkdir ${HOME}/.mozilla
whitelist ${HOME}/.cache/mozilla/firefox
whitelist ${HOME}/.mozilla

# Add one of the following whitelist options to your firefox.local to enable KeePassXC Plugin support.
# NOTE: start KeePassXC before Firefox and keep it open to allow communication between them.
#whitelist ${RUNUSER}/kpxc_server
#whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer

whitelist /usr/share/doc
whitelist /usr/share/firefox
whitelist /usr/share/gnome-shell/search-providers/firefox-search-provider.ini
whitelist /usr/share/gtk-doc/html
whitelist /usr/share/mozilla
whitelist /usr/share/webext
include whitelist-usr-share-common.inc

# firefox requires a shell to launch on Arch - add the next line to your firefox.local to enable private-bin.
#private-bin bash,dbus-launch,dbus-send,env,firefox,sh,which
# Fedora uses shell scripts to launch firefox - add the next line to your firefox.local to enable private-bin.
private-bin basename,bash,cat,dirname,expr,false,firefox,firefox-esr,firefox-wayland,getenforce,ln,mkdir,pidof,restorecon,rm,rmdir,sed,sh,tclsh,true,uname
# Add the next line to your firefox.local to enable private-etc support - note that this must be enabled in your firefox-common.local too.
#private-etc firefox

dbus-user filter
dbus-user.own org.mozilla.Firefox.*
dbus-user.own org.mozilla.firefox.*
dbus-user.own org.mpris.MediaPlayer2.firefox.*
# Add the next line to your firefox.local to enable native notifications.
#dbus-user.talk org.freedesktop.Notifications
# Add the next line to your firefox.local to allow inhibiting screensavers.
#dbus-user.talk org.freedesktop.ScreenSaver
# Add the next lines to your firefox.local for plasma browser integration.
#dbus-user.own org.mpris.MediaPlayer2.plasma-browser-integration
#dbus-user.talk org.kde.JobViewServer
#dbus-user.talk org.kde.kuiserver
# Add the next two lines to your firefox.local to allow screen sharing under wayland.
#whitelist ${RUNUSER}/pipewire-0
#dbus-user.talk org.freedesktop.portal.*
# Add the next line to your firefox.local if screen sharing sharing still does not work
# with the above lines (might depend on the portal implementation).
#ignore noroot
ignore dbus-user none

# Redirect
include firefox-common.profile


apparmor
caps.drop all
netfilter
nonewprivs
noroot
protocol unix,inet,inet6,netlink
nogroups
seccomp

#seccomp.drop adjtimex,clock_adjtime,clock_settime,settimeofday,stime,modify_ldt,subpage_prot,swi$
seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice
#tracelog


# experimental features
private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,$
private-dev
#private-bin firefox-esr
private-tmp
private-cache
private-lib /usr/lib/firefox-esr/libmozgtk.so,/usr/lib/firefox-esr/libxul.so
noexec ${HOME}
noexec /tmp
noexec ${DOWNLOADS}
#memory-deny-write-execute

EDIT by @rusty-snake: code-block

<!-- gh-comment-id:855879984 --> @osevan commented on GitHub (Jun 7, 2021): firefox.profile works everything with success with default user: ``` # Firejail profile for firefox # Description: Safe and easy web browser from Mozilla # This file is overwritten after every install/update # Persistent local customizations include firefox.local # Persistent global definitions include globals.local # NOTE: sandboxing web browsers is as important as it is complex. Users might be # interested in creating custom profiles depending on use case (e.g. one for # general browsing, another for banking, ...). Consult our FAQ/issue tracker for more # info. Here are a few links to get you going. # https://github.com/netblue30/firejail/wiki/Frequently-Asked-Questions#firefox-doesnt-open-in-a-new-sandbox-instead-it-opens-a-new-tab-in-an-existing-firefox-instance # https://github.com/netblue30/firejail/wiki/Frequently-Asked-Questions#how-do-i-run-two-instances-of-firefox # https://github.com/netblue30/firejail/issues/4206#issuecomment-824806968 noblacklist ${HOME}/.cache/mozilla noblacklist ${HOME}/.mozilla #firefox nightly using #noblacklist /home/ra/compile/firefox/mozilla-unified/ #ignore noexec ${HOME} #whitelist /home/ra/compile/firefox/mozilla-unified/ mkdir ${HOME}/.cache/mozilla/firefox mkdir ${HOME}/.mozilla whitelist ${HOME}/.cache/mozilla/firefox whitelist ${HOME}/.mozilla # Add one of the following whitelist options to your firefox.local to enable KeePassXC Plugin support. # NOTE: start KeePassXC before Firefox and keep it open to allow communication between them. #whitelist ${RUNUSER}/kpxc_server #whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer whitelist /usr/share/doc whitelist /usr/share/firefox whitelist /usr/share/gnome-shell/search-providers/firefox-search-provider.ini whitelist /usr/share/gtk-doc/html whitelist /usr/share/mozilla whitelist /usr/share/webext include whitelist-usr-share-common.inc # firefox requires a shell to launch on Arch - add the next line to your firefox.local to enable private-bin. #private-bin bash,dbus-launch,dbus-send,env,firefox,sh,which # Fedora uses shell scripts to launch firefox - add the next line to your firefox.local to enable private-bin. private-bin basename,bash,cat,dirname,expr,false,firefox,firefox-esr,firefox-wayland,getenforce,ln,mkdir,pidof,restorecon,rm,rmdir,sed,sh,tclsh,true,uname # Add the next line to your firefox.local to enable private-etc support - note that this must be enabled in your firefox-common.local too. #private-etc firefox dbus-user filter dbus-user.own org.mozilla.Firefox.* dbus-user.own org.mozilla.firefox.* dbus-user.own org.mpris.MediaPlayer2.firefox.* # Add the next line to your firefox.local to enable native notifications. #dbus-user.talk org.freedesktop.Notifications # Add the next line to your firefox.local to allow inhibiting screensavers. #dbus-user.talk org.freedesktop.ScreenSaver # Add the next lines to your firefox.local for plasma browser integration. #dbus-user.own org.mpris.MediaPlayer2.plasma-browser-integration #dbus-user.talk org.kde.JobViewServer #dbus-user.talk org.kde.kuiserver # Add the next two lines to your firefox.local to allow screen sharing under wayland. #whitelist ${RUNUSER}/pipewire-0 #dbus-user.talk org.freedesktop.portal.* # Add the next line to your firefox.local if screen sharing sharing still does not work # with the above lines (might depend on the portal implementation). #ignore noroot ignore dbus-user none # Redirect include firefox-common.profile apparmor caps.drop all netfilter nonewprivs noroot protocol unix,inet,inet6,netlink nogroups seccomp #seccomp.drop adjtimex,clock_adjtime,clock_settime,settimeofday,stime,modify_ldt,subpage_prot,swi$ seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice #tracelog # experimental features private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,$ private-dev #private-bin firefox-esr private-tmp private-cache private-lib /usr/lib/firefox-esr/libmozgtk.so,/usr/lib/firefox-esr/libxul.so noexec ${HOME} noexec /tmp noexec ${DOWNLOADS} #memory-deny-write-execute ``` --- EDIT by @rusty-snake: code-block
gitea-mirror commented 2026-05-05 09:17:31 -06:00
Author
Owner
Copy link

@osevan commented on GitHub (Jun 7, 2021):

i did xhost +local:internet

and than sudo -u internet -H firejail --debug firefox

this do this magic trick now all works very well...

please update documents and changelog for this fix

<!-- gh-comment-id:855891164 --> @osevan commented on GitHub (Jun 7, 2021): i did xhost +local:internet and than sudo -u internet -H firejail --debug firefox this do this magic trick now all works very well... please update documents and changelog for this fix
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2628
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?