github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #4698] firefox: freeze with custom profile (seccomp) #2754

New issue
Closed
opened 2026-05-05 09:24:58 -06:00 by gitea-mirror · 6 comments
gitea-mirror commented 2026-05-05 09:24:58 -06:00
Owner
Copy link

Originally created by @fpusersuggest on GitHub (Nov 18, 2021).
Original GitHub issue: https://github.com/netblue30/firejail/issues/4698

Description

Describe the bug
Hello, I have a custom profile for firefox.
If I go on a specific facebook group, that firefox tab freeze and I have to close it.
I found an error in the log and I like to know how to fix it.
This is the log:
nov 18 20:48:14 mypc audit[10931]: SECCOMP auid=1000 uid=1000 gid=1001 ses=1 subj=firejail-default pid=10931 comm=57656220436F6E74656E74 exe="/usr/lib/firefox/firefox" sig=31 arch=c000003e syscall=312 compat=0 ip=0x7fe97668589d code=0x0
nov 18 20:48:14 mypc kernel: audit: type=1326 audit(1637264894.948:51): auid=1000 uid=1000 gid=1001 ses=1 subj=firejail-default pid=10931 comm=57656220436F6E74656E74 exe="/usr/lib/firefox/firefox" sig=31 arch=c000003e syscall=312 compat=0 ip=0x7fe97668589d code=0x0

Steps to Reproduce

  1. Run in bash LC_ALL=C firejail PROGRAM (LC_ALL=C to get a consistent output in English that can be understood by everybody)

$ LC_ALL=C firejail firefox
Reading profile /etc/firejail/firefox.profile
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/firefox-common.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Warning: networking feature is disabled in Firejail configuration file
Parent pid 14951, child pid 14952
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Warning: cleaning all supplementary groups
Warning: cleaning all supplementary groups
Warning: cleaning all supplementary groups
Warning: cleaning all supplementary groups
Post-exec seccomp protector enabled
Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
Child process initialized in 182.72 ms
ATTENTION: default value of option mesa_glthread overridden by environment.
ATTENTION: default value of option mesa_glthread overridden by environment.
ATTENTION: default value of option mesa_glthread overridden by environment.
ATTENTION: default value of option mesa_glthread overridden by environment.

ATTENTION: default value of option mesa_glthread overridden by environment.
ATTENTION: default value of option mesa_glthread overridden by environment.

  1. Click on '....'
    I connect to facebook and then to the following facebook group
    https://www.facebook.com/groups/477126719059034
    after that the facebook tab freeze and I see the error in the log:
    nov 18 20:55:56 audit[15170]: SECCOMP auid=1000 uid=1000 gid=1001 ses=1 subj=firejail-default pid=15170 comm=57656220436F6E74656E74 exe="/usr/lib/firefox/firefox" sig=31 arch=c000003e syscall=312 compat=0 ip=0x7f0d6896189d code=0x0
    nov 18 20:55:56 kernel: audit: type=1326 audit(1637265356.469:52): auid=1000 uid=1000 gid=1001 ses=1 subj=firejail-default pid=15170 comm=57656220436F6E74656E74 exe="/usr/lib/firefox/firefox" sig=31 arch=c000003e syscall=312 compat=0 ip=0x7f0d6896189d code=0x0

Expected behavior

browse facebook without freeze

Environment

  • Linux distribution and version (e.g. "Ubuntu 20.04" or "Arch Linux")
    ubuntu 20.04
    $ uname -a
    Linux mypc 5.11.0-40-generic #44~20.04.2-Ubuntu SMP Tue Oct 26 18:07:44 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

  • Firejail version (firejail --version).
    firejail version 0.9.62

Checklist

  • [x ] The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it).
  • I can reproduce the issue without custom modifications (e.g. globals.local).
  • The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
  • The profile (and redirect profile if exists) hasn't already been fixed upstream.
  • I have performed a short search for similar issues (to avoid opening a duplicate).
    • I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.
  • I used --profile=PROFILENAME to set the right profile. (Only relevant for AppImages)
Output of LC_ALL=C firejail --debug /path/to/program 

$ LC_ALL=C firejail --debug firefox  2>&1>fire.debug
Reading profile /etc/firejail/firefox.profile
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/firefox-common.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Warning: networking feature is disabled in Firejail configuration file
DISPLAY=:0 parsed as 0
Parent pid 41527, child pid 41528
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Debug 423: new_name #/home/lws/.cache/mozilla/firefox#, whitelist
Debug 531: fname #/home/lws/.cache/mozilla/firefox#, cfg.homedir #/home/lws#
Debug 423: new_name #/home/lws/.mozilla#, whitelist
Debug 531: fname #/home/lws/.mozilla#, cfg.homedir #/home/lws#
Debug 423: new_name #/usr/share/mozilla#, whitelist
Debug 423: new_name #/usr/share/webext#, whitelist
realpath: No such file or directory
Debug 423: new_name #/usr/share/alsa#, whitelist
Debug 423: new_name #/usr/share/applications#, whitelist
Debug 423: new_name #/usr/share/ca-certificates#, whitelist
Debug 423: new_name #/usr/share/crypto-policies#, whitelist
realpath: No such file or directory
Debug 423: new_name #/usr/share/cursors#, whitelist
realpath: No such file or directory
Debug 423: new_name #/usr/share/dconf#, whitelist
realpath: No such file or directory
Debug 423: new_name #/usr/share/distro-info#, whitelist
Debug 423: new_name #/usr/share/drirc.d#, whitelist
Debug 423: new_name #/usr/share/enchant#, whitelist
realpath: No such file or directory
Debug 423: new_name #/usr/share/enchant-2#, whitelist
Debug 423: new_name #/usr/share/fontconfig#, whitelist
Debug 423: new_name #/usr/share/fonts#, whitelist
Debug 423: new_name #/usr/share/gir-1.0#, whitelist
realpath: No such file or directory
Debug 423: new_name #/usr/share/gjs-1.0#, whitelist
realpath: No such file or directory
Debug 423: new_name #/usr/share/glib-2.0#, whitelist
Debug 423: new_name #/usr/share/glvnd#, whitelist
Debug 423: new_name #/usr/share/gtk-2.0#, whitelist
realpath: No such file or directory
Debug 423: new_name #/usr/share/gtk-3.0#, whitelist
realpath: No such file or directory
Debug 423: new_name #/usr/share/gtksourceview-3.0#, whitelist
Debug 423: new_name #/usr/share/gtksourceview-4#, whitelist
realpath: No such file or directory
Debug 423: new_name #/usr/share/hunspell#, whitelist
Debug 423: new_name #/usr/share/hwdata#, whitelist
realpath: No such file or directory
Debug 423: new_name #/usr/share/icons#, whitelist
Debug 423: new_name #/usr/share/knotifications5#, whitelist
Debug 423: new_name #/usr/share/icu#, whitelist
Debug 423: new_name #/usr/share/kservices5#, whitelist
Debug 423: new_name #/usr/share/Kvantum#, whitelist
realpath: No such file or directory
Debug 423: new_name #/usr/share/kxmlgui5#, whitelist
Debug 423: new_name #/usr/share/libdrm#, whitelist
Debug 423: new_name #/usr/share/libthai#, whitelist
Debug 423: new_name #/usr/share/locale#, whitelist
Debug 423: new_name #/usr/share/mime#, whitelist
Debug 423: new_name #/usr/share/misc#, whitelist
Debug 423: new_name #/usr/share/Modules#, whitelist
realpath: No such file or directory
Debug 423: new_name #/usr/share/myspell#, whitelist
realpath: No such file or directory
Debug 423: new_name #/usr/share/p11-kit#, whitelist
Debug 423: new_name #/usr/share/pixmaps#, whitelist
Debug 423: new_name #/usr/share/pki#, whitelist
realpath: No such file or directory
Debug 423: new_name #/usr/share/plasma#, whitelist
Debug 423: new_name #/usr/share/qt#, whitelist
realpath: No such file or directory
Debug 423: new_name #/usr/share/qt4#, whitelist
realpath: No such file or directory
Debug 423: new_name #/usr/share/qt5#, whitelist
Debug 423: new_name #/usr/share/sounds#, whitelist
Debug 423: new_name #/usr/share/tcl8.6#, whitelist
realpath: No such file or directory
Debug 423: new_name #/usr/share/terminfo#, whitelist
Debug 423: new_name #/usr/share/themes#, whitelist
Debug 423: new_name #/usr/share/thumbnail.so#, whitelist
realpath: No such file or directory
Debug 423: new_name #/usr/share/X11#, whitelist
Debug 423: new_name #/usr/share/xml#, whitelist
Debug 423: new_name #/usr/share/zoneinfo#, whitelist
Debug 423: new_name #/home/lws/Scaricati#, whitelist
Debug 531: fname #/home/lws/Scaricati#, cfg.homedir #/home/lws#
Debug 423: new_name #/home/lws/.pki#, whitelist
Debug 531: fname #/home/lws/.pki#, cfg.homedir #/home/lws#
Debug 423: new_name #/home/lws/.local/share/pki#, whitelist
Debug 531: fname #/home/lws/.local/share/pki#, cfg.homedir #/home/lws#
Debug 423: new_name #/home/lws/.XCompose#, whitelist
realpath: No such file or directory
Debug 423: new_name #/home/lws/.asoundrc#, whitelist
realpath: No such file or directory
Debug 423: new_name #/home/lws/.config/ibus#, whitelist
realpath: No such file or directory
Debug 423: new_name #/home/lws/.config/mimeapps.list#, whitelist
Debug 531: fname #/home/lws/.config/mimeapps.list#, cfg.homedir #/home/lws#
Debug 423: new_name #/home/lws/.config/pkcs11#, whitelist
realpath: No such file or directory
Debug 423: new_name #/home/lws/.config/user-dirs.dirs#, whitelist
Debug 531: fname #/home/lws/.config/user-dirs.dirs#, cfg.homedir #/home/lws#
Debug 423: new_name #/home/lws/.drirc#, whitelist
realpath: No such file or directory
Debug 423: new_name #/home/lws/.icons#, whitelist
Debug 531: fname #/home/lws/.icons#, cfg.homedir #/home/lws#
Debug 423: new_name #/home/lws/.local/share/applications#, whitelist
Debug 531: fname #/home/lws/.local/share/applications#, cfg.homedir #/home/lws#
Debug 423: new_name #/home/lws/.local/share/icons#, whitelist
realpath: No such file or directory
Debug 423: new_name #/home/lws/.local/share/mime#, whitelist
Debug 531: fname #/home/lws/.local/share/mime#, cfg.homedir #/home/lws#
Debug 423: new_name #/home/lws/.mime.types#, whitelist
realpath: No such file or directory
Debug 423: new_name #/home/lws/.config/dconf#, whitelist
Debug 531: fname #/home/lws/.config/dconf#, cfg.homedir #/home/lws#
Debug 423: new_name #/home/lws/.cache/fontconfig#, whitelist
Debug 531: fname #/home/lws/.cache/fontconfig#, cfg.homedir #/home/lws#
Debug 423: new_name #/home/lws/.config/fontconfig#, whitelist
Debug 531: fname #/home/lws/.config/fontconfig#, cfg.homedir #/home/lws#
Debug 423: new_name #/home/lws/.fontconfig#, whitelist
realpath: No such file or directory
Debug 423: new_name #/home/lws/.fonts#, whitelist
realpath: No such file or directory
Debug 423: new_name #/home/lws/.fonts.conf#, whitelist
realpath: No such file or directory
Debug 423: new_name #/home/lws/.fonts.conf.d#, whitelist
realpath: No such file or directory
Debug 423: new_name #/home/lws/.fonts.d#, whitelist
realpath: No such file or directory
Debug 423: new_name #/home/lws/.local/share/fonts#, whitelist
realpath: No such file or directory
Debug 423: new_name #/home/lws/.pangorc#, whitelist
realpath: No such file or directory
Debug 423: new_name #/home/lws/.config/gtk-2.0#, whitelist
realpath: No such file or directory
Debug 423: new_name #/home/lws/.config/gtk-3.0#, whitelist
Debug 531: fname #/home/lws/.config/gtk-3.0#, cfg.homedir #/home/lws#
Debug 423: new_name #/home/lws/.config/gtkrc#, whitelist
realpath: No such file or directory
Debug 423: new_name #/home/lws/.config/gtkrc-2.0#, whitelist
realpath: No such file or directory
Debug 423: new_name #/home/lws/.gnome2#, whitelist
realpath: No such file or directory
Debug 423: new_name #/home/lws/.gnome2-private#, whitelist
realpath: No such file or directory
Debug 423: new_name #/home/lws/.gtk-2.0#, whitelist
realpath: No such file or directory
Debug 423: new_name #/home/lws/.gtkrc#, whitelist
realpath: No such file or directory
Debug 423: new_name #/home/lws/.gtkrc-2.0#, whitelist
Debug 531: fname #/home/lws/.gtkrc-2.0#, cfg.homedir #/home/lws#
Debug 423: new_name #/home/lws/.kde/share/config/gtkrc#, whitelist
realpath: No such file or directory
Debug 423: new_name #/home/lws/.kde/share/config/gtkrc-2.0#, whitelist
realpath: No such file or directory
Debug 423: new_name #/home/lws/.kde4/share/config/gtkrc#, whitelist
realpath: No such file or directory
Debug 423: new_name #/home/lws/.kde4/share/config/gtkrc-2.0#, whitelist
realpath: No such file or directory
Debug 423: new_name #/home/lws/.local/share/themes#, whitelist
realpath: No such file or directory
Debug 423: new_name #/home/lws/.themes#, whitelist
realpath: No such file or directory
Debug 423: new_name #/home/lws/.cache/kioexec/krun#, whitelist
realpath: No such file or directory
Debug 423: new_name #/home/lws/.config/Kvantum#, whitelist
realpath: No such file or directory
Debug 423: new_name #/home/lws/.config/Trolltech.conf#, whitelist
realpath: No such file or directory
Debug 423: new_name #/home/lws/.config/kdeglobals#, whitelist
Debug 531: fname #/home/lws/.config/kdeglobals#, cfg.homedir #/home/lws#
Debug 423: new_name #/home/lws/.config/kio_httprc#, whitelist
realpath: No such file or directory
Debug 423: new_name #/home/lws/.config/kioslaverc#, whitelist
realpath: No such file or directory
Debug 423: new_name #/home/lws/.config/ksslcablacklist#, whitelist
realpath: No such file or directory
Debug 423: new_name #/home/lws/.config/qt5ct#, whitelist
realpath: No such file or directory
Debug 423: new_name #/home/lws/.kde/share/config/kdeglobals#, whitelist
realpath: No such file or directory
Debug 423: new_name #/home/lws/.kde/share/config/kio_httprc#, whitelist
realpath: No such file or directory
Debug 423: new_name #/home/lws/.kde/share/config/kioslaverc#, whitelist
realpath: No such file or directory
Debug 423: new_name #/home/lws/.kde/share/config/ksslcablacklist#, whitelist
realpath: No such file or directory
Debug 423: new_name #/home/lws/.kde/share/config/oxygenrc#, whitelist
realpath: No such file or directory
Debug 423: new_name #/home/lws/.kde/share/icons#, whitelist
realpath: No such file or directory
Debug 423: new_name #/home/lws/.kde4/share/config/kdeglobals#, whitelist
realpath: No such file or directory
Debug 423: new_name #/home/lws/.kde4/share/config/kio_httprc#, whitelist
realpath: No such file or directory
Debug 423: new_name #/home/lws/.kde4/share/config/kioslaverc#, whitelist
realpath: No such file or directory
Debug 423: new_name #/home/lws/.kde4/share/config/ksslcablacklist#, whitelist
realpath: No such file or directory
Debug 423: new_name #/home/lws/.kde4/share/config/oxygenrc#, whitelist
realpath: No such file or directory
Debug 423: new_name #/home/lws/.kde4/share/icons#, whitelist
realpath: No such file or directory
Debug 423: new_name #/home/lws/.local/share/qt5ct#, whitelist
realpath: No such file or directory
Debug 423: new_name #/var/lib/dbus#, whitelist
Debug 423: new_name #/var/lib/menu-xdg#, whitelist
realpath: No such file or directory
Debug 423: new_name #/var/cache/fontconfig#, whitelist
Debug 423: new_name #/var/tmp#, whitelist
Debug 423: new_name #/var/run#, whitelist
Debug 423: new_name #/var/lock#, whitelist
Debug 423: new_name #/tmp/.X11-unix#, whitelist
Warning: cleaning all supplementary groups
Warning: cleaning all supplementary groups
Warning: cleaning all supplementary groups
Warning: cleaning all supplementary groups
Post-exec seccomp protector enabled
DISPLAY=:0 parsed as 0
Child process initialized in 178.53 ms
ATTENTION: default value of option mesa_glthread overridden by environment.
ATTENTION: default value of option mesa_glthread overridden by environment.
ATTENTION: default value of option mesa_glthread overridden by environment.
ATTENTION: default value of option mesa_glthread overridden by environment.













$ cat fire.debug 
Autoselecting /bin/bash as shell
Building quoted command line: 'firefox' 
Command name #firefox#
Found firefox.profile profile in /etc/firejail directory
Found whitelist-usr-share-common.inc profile in /etc/firejail directory
Found firefox-common.profile profile in /etc/firejail directory
conditional BROWSER_ALLOW_DRM, ignore noexec ${HOME}
Found disable-common.inc profile in /etc/firejail directory
Found disable-devel.inc profile in /etc/firejail directory
Found disable-exec.inc profile in /etc/firejail directory
Found disable-interpreters.inc profile in /etc/firejail directory
Found disable-programs.inc profile in /etc/firejail directory
Found whitelist-common.inc profile in /etc/firejail directory
Found whitelist-var-common.inc profile in /etc/firejail directory
conditional BROWSER_DISABLE_U2F, nou2f
Using the local network stack
conditional BROWSER_DISABLE_U2F, nou2f
Using the local network stack
Initializing child process
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp directory
Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file
Build protocol filter: unix,inet,inet6,netlink
sbox run: /run/firejail/lib/fseccomp protocol build unix,inet,inet6,netlink /run/firejail/mnt/seccomp/seccomp.protocol (null) 
Mounting /proc filesystem representing the PID namespace
Basic read-only filesystem:
Mounting read-only /etc
Mounting noexec /etc
Mounting read-only /var
Mounting noexec /var
Mounting read-only /bin
Mounting read-only /sbin
Mounting read-only /lib
Mounting read-only /lib64
Mounting read-only /lib32
Mounting read-only /libx32
Mounting read-only /usr
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Mounting tmpfs on /var/lib/dhcp
Mounting tmpfs on /var/lib/snmp
Mounting tmpfs on /var/lib/sudo
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Cleaning /run/user directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/profile
Disable /run/firejail/x11
Mounting tmpfs on /dev
mounting /run/firejail/mnt/dev/snd directory
mounting /run/firejail/mnt/dev/dri directory
mounting /run/firejail/mnt/dev/video0 file
mounting /run/firejail/mnt/dev/video1 file
Process /dev/shm directory
Generate private-tmp whitelist commands
blacklist /run/user/1000/bus
blacklist /run/dbus/system_bus_socket
Mounting read-only /proc/sys
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /sys/kernel/uevent_helper
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/kernel/hotplug
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/sched_debug
Disable /proc/timer_list
Disable /proc/kcore
Disable /proc/kallsyms
Disable /usr/lib/modules (requested /lib/modules)
Disable /boot
Disable /run/user/1000/gnupg
Disable /run/user/1000/systemd
Disable /proc/kmsg
Replaced whitelist path: whitelist /home/lws/.cache/mozilla/firefox
Replaced whitelist path: whitelist /home/lws/.mozilla
Removed whitelist/nowhitelist path: whitelist /usr/share/webext
	expanded: /usr/share/webext
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist /usr/share/crypto-policies
	expanded: /usr/share/crypto-policies
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist /usr/share/cursors
	expanded: /usr/share/cursors
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist /usr/share/dconf
	expanded: /usr/share/dconf
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist /usr/share/enchant
	expanded: /usr/share/enchant
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist /usr/share/gir-1.0
	expanded: /usr/share/gir-1.0
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist /usr/share/gjs-1.0
	expanded: /usr/share/gjs-1.0
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist /usr/share/gtk-2.0
	expanded: /usr/share/gtk-2.0
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist /usr/share/gtk-3.0
	expanded: /usr/share/gtk-3.0
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist /usr/share/gtksourceview-4
	expanded: /usr/share/gtksourceview-4
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist /usr/share/hwdata
	expanded: /usr/share/hwdata
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist /usr/share/Kvantum
	expanded: /usr/share/Kvantum
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist /usr/share/Modules
	expanded: /usr/share/Modules
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist /usr/share/myspell
	expanded: /usr/share/myspell
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist /usr/share/pki
	expanded: /usr/share/pki
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist /usr/share/qt
	expanded: /usr/share/qt
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist /usr/share/qt4
	expanded: /usr/share/qt4
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist /usr/share/tcl8.6
	expanded: /usr/share/tcl8.6
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist /usr/share/thumbnail.so
	expanded: /usr/share/thumbnail.so
	real path: (null)
	Directory ${DOWNLOADS} resolved as Scaricati
Replaced whitelist path: whitelist /home/lws/Scaricati
Replaced whitelist path: whitelist /home/lws/.pki
Replaced whitelist path: whitelist /home/lws/.local/share/pki
Removed whitelist/nowhitelist path: whitelist ${HOME}/.XCompose
	expanded: /home/lws/.XCompose
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.asoundrc
	expanded: /home/lws/.asoundrc
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/ibus
	expanded: /home/lws/.config/ibus
	real path: (null)
	Replaced whitelist path: whitelist /home/lws/.config/mimeapps.list
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/pkcs11
	expanded: /home/lws/.config/pkcs11
	real path: (null)
	Replaced whitelist path: whitelist /home/lws/.config/user-dirs.dirs
Removed whitelist/nowhitelist path: whitelist ${HOME}/.drirc
	expanded: /home/lws/.drirc
	real path: (null)
	Replaced whitelist path: whitelist /home/lws/.icons
Replaced whitelist path: whitelist /home/lws/.local/share/applications
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/icons
	expanded: /home/lws/.local/share/icons
	real path: (null)
	Replaced whitelist path: whitelist /home/lws/.local/share/mime
Removed whitelist/nowhitelist path: whitelist ${HOME}/.mime.types
	expanded: /home/lws/.mime.types
	real path: (null)
	Replaced whitelist path: whitelist /home/lws/.config/dconf
Replaced whitelist path: whitelist /home/lws/.cache/fontconfig
Replaced whitelist path: whitelist /home/lws/.config/fontconfig
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fontconfig
	expanded: /home/lws/.fontconfig
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts
	expanded: /home/lws/.fonts
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf
	expanded: /home/lws/.fonts.conf
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf.d
	expanded: /home/lws/.fonts.conf.d
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.d
	expanded: /home/lws/.fonts.d
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/fonts
	expanded: /home/lws/.local/share/fonts
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.pangorc
	expanded: /home/lws/.pangorc
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtk-2.0
	expanded: /home/lws/.config/gtk-2.0
	real path: (null)
	Replaced whitelist path: whitelist /home/lws/.config/gtk-3.0
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc
	expanded: /home/lws/.config/gtkrc
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc-2.0
	expanded: /home/lws/.config/gtkrc-2.0
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2
	expanded: /home/lws/.gnome2
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2-private
	expanded: /home/lws/.gnome2-private
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtk-2.0
	expanded: /home/lws/.gtk-2.0
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtkrc
	expanded: /home/lws/.gtkrc
	real path: (null)
	Replaced whitelist path: whitelist /home/lws/.gtkrc-2.0
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc
	expanded: /home/lws/.kde/share/config/gtkrc
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc-2.0
	expanded: /home/lws/.kde/share/config/gtkrc-2.0
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc
	expanded: /home/lws/.kde4/share/config/gtkrc
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc-2.0
	expanded: /home/lws/.kde4/share/config/gtkrc-2.0
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/themes
	expanded: /home/lws/.local/share/themes
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.themes
	expanded: /home/lws/.themes
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.cache/kioexec/krun
	expanded: /home/lws/.cache/kioexec/krun
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/Kvantum
	expanded: /home/lws/.config/Kvantum
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/Trolltech.conf
	expanded: /home/lws/.config/Trolltech.conf
	real path: (null)
	Replaced whitelist path: whitelist /home/lws/.config/kdeglobals
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kio_httprc
	expanded: /home/lws/.config/kio_httprc
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kioslaverc
	expanded: /home/lws/.config/kioslaverc
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/ksslcablacklist
	expanded: /home/lws/.config/ksslcablacklist
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/qt5ct
	expanded: /home/lws/.config/qt5ct
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kdeglobals
	expanded: /home/lws/.kde/share/config/kdeglobals
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kio_httprc
	expanded: /home/lws/.kde/share/config/kio_httprc
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kioslaverc
	expanded: /home/lws/.kde/share/config/kioslaverc
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/ksslcablacklist
	expanded: /home/lws/.kde/share/config/ksslcablacklist
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/oxygenrc
	expanded: /home/lws/.kde/share/config/oxygenrc
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/icons
	expanded: /home/lws/.kde/share/icons
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kdeglobals
	expanded: /home/lws/.kde4/share/config/kdeglobals
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kio_httprc
	expanded: /home/lws/.kde4/share/config/kio_httprc
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kioslaverc
	expanded: /home/lws/.kde4/share/config/kioslaverc
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/ksslcablacklist
	expanded: /home/lws/.kde4/share/config/ksslcablacklist
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/oxygenrc
	expanded: /home/lws/.kde4/share/config/oxygenrc
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/icons
	expanded: /home/lws/.kde4/share/icons
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/qt5ct
	expanded: /home/lws/.local/share/qt5ct
	real path: (null)
	Removed whitelist/nowhitelist path: whitelist /var/lib/menu-xdg
	expanded: /var/lib/menu-xdg
	real path: (null)
	Replaced whitelist path: whitelist /run
Replaced whitelist path: whitelist /run/lock
Mounting tmpfs on /tmp directory
Mounting tmpfs on /var directory
Mounting tmpfs on /usr/share directory
Mounting a new /home directory
Mounting a new /root directory
Create a new user directory
Whitelisting /home/lws/.cache/mozilla/firefox
1337 1335 8:2 /home/lws/.cache/mozilla/firefox /home/lws/.cache/mozilla/firefox rw,relatime master:1 - ext4 /dev/sda2 rw,discard
mountid=1337 fsname=/home/lws/.cache/mozilla/firefox dir=/home/lws/.cache/mozilla/firefox fstype=ext4
Whitelisting /home/lws/.mozilla
1338 1335 8:2 /home/lws/.mozilla /home/lws/.mozilla rw,relatime master:1 - ext4 /dev/sda2 rw,discard
mountid=1338 fsname=/home/lws/.mozilla dir=/home/lws/.mozilla fstype=ext4
Whitelisting /usr/share/mozilla
1339 1333 8:2 /usr/share/mozilla /usr/share/mozilla ro,relatime master:1 - ext4 /dev/sda2 rw,discard
mountid=1339 fsname=/usr/share/mozilla dir=/usr/share/mozilla fstype=ext4
Whitelisting /usr/share/alsa
1340 1333 8:2 /usr/share/alsa /usr/share/alsa ro,relatime master:1 - ext4 /dev/sda2 rw,discard
mountid=1340 fsname=/usr/share/alsa dir=/usr/share/alsa fstype=ext4
Whitelisting /usr/share/applications
1341 1333 8:2 /usr/share/applications /usr/share/applications ro,relatime master:1 - ext4 /dev/sda2 rw,discard
mountid=1341 fsname=/usr/share/applications dir=/usr/share/applications fstype=ext4
Whitelisting /usr/share/ca-certificates
1342 1333 8:2 /usr/share/ca-certificates /usr/share/ca-certificates ro,relatime master:1 - ext4 /dev/sda2 rw,discard
mountid=1342 fsname=/usr/share/ca-certificates dir=/usr/share/ca-certificates fstype=ext4
Whitelisting /usr/share/distro-info
1343 1333 8:2 /usr/share/distro-info /usr/share/distro-info ro,relatime master:1 - ext4 /dev/sda2 rw,discard
mountid=1343 fsname=/usr/share/distro-info dir=/usr/share/distro-info fstype=ext4
Whitelisting /usr/share/drirc.d
1344 1333 8:2 /usr/share/drirc.d /usr/share/drirc.d ro,relatime master:1 - ext4 /dev/sda2 rw,discard
mountid=1344 fsname=/usr/share/drirc.d dir=/usr/share/drirc.d fstype=ext4
Whitelisting /usr/share/enchant-2
1345 1333 8:2 /usr/share/enchant-2 /usr/share/enchant-2 ro,relatime master:1 - ext4 /dev/sda2 rw,discard
mountid=1345 fsname=/usr/share/enchant-2 dir=/usr/share/enchant-2 fstype=ext4
Whitelisting /usr/share/fontconfig
1346 1333 8:2 /usr/share/fontconfig /usr/share/fontconfig ro,relatime master:1 - ext4 /dev/sda2 rw,discard
mountid=1346 fsname=/usr/share/fontconfig dir=/usr/share/fontconfig fstype=ext4
Whitelisting /usr/share/fonts
1347 1333 8:2 /usr/share/fonts /usr/share/fonts ro,relatime master:1 - ext4 /dev/sda2 rw,discard
mountid=1347 fsname=/usr/share/fonts dir=/usr/share/fonts fstype=ext4
Whitelisting /usr/share/glib-2.0
1348 1333 8:2 /usr/share/glib-2.0 /usr/share/glib-2.0 ro,relatime master:1 - ext4 /dev/sda2 rw,discard
mountid=1348 fsname=/usr/share/glib-2.0 dir=/usr/share/glib-2.0 fstype=ext4
Whitelisting /usr/share/glvnd
1349 1333 8:2 /usr/share/glvnd /usr/share/glvnd ro,relatime master:1 - ext4 /dev/sda2 rw,discard
mountid=1349 fsname=/usr/share/glvnd dir=/usr/share/glvnd fstype=ext4
Whitelisting /usr/share/gtksourceview-3.0
1350 1333 8:2 /usr/share/gtksourceview-3.0 /usr/share/gtksourceview-3.0 ro,relatime master:1 - ext4 /dev/sda2 rw,discard
mountid=1350 fsname=/usr/share/gtksourceview-3.0 dir=/usr/share/gtksourceview-3.0 fstype=ext4
Whitelisting /usr/share/hunspell
1351 1333 8:2 /usr/share/hunspell /usr/share/hunspell ro,relatime master:1 - ext4 /dev/sda2 rw,discard
mountid=1351 fsname=/usr/share/hunspell dir=/usr/share/hunspell fstype=ext4
Whitelisting /usr/share/icons
1352 1333 8:2 /usr/share/icons /usr/share/icons ro,relatime master:1 - ext4 /dev/sda2 rw,discard
mountid=1352 fsname=/usr/share/icons dir=/usr/share/icons fstype=ext4
Whitelisting /usr/share/knotifications5
1353 1333 8:2 /usr/share/knotifications5 /usr/share/knotifications5 ro,relatime master:1 - ext4 /dev/sda2 rw,discard
mountid=1353 fsname=/usr/share/knotifications5 dir=/usr/share/knotifications5 fstype=ext4
Whitelisting /usr/share/icu
1354 1333 8:2 /usr/share/icu /usr/share/icu ro,relatime master:1 - ext4 /dev/sda2 rw,discard
mountid=1354 fsname=/usr/share/icu dir=/usr/share/icu fstype=ext4
Whitelisting /usr/share/kservices5
1355 1333 8:2 /usr/share/kservices5 /usr/share/kservices5 ro,relatime master:1 - ext4 /dev/sda2 rw,discard
mountid=1355 fsname=/usr/share/kservices5 dir=/usr/share/kservices5 fstype=ext4
Whitelisting /usr/share/kxmlgui5
1356 1333 8:2 /usr/share/kxmlgui5 /usr/share/kxmlgui5 ro,relatime master:1 - ext4 /dev/sda2 rw,discard
mountid=1356 fsname=/usr/share/kxmlgui5 dir=/usr/share/kxmlgui5 fstype=ext4
Whitelisting /usr/share/libdrm
1357 1333 8:2 /usr/share/libdrm /usr/share/libdrm ro,relatime master:1 - ext4 /dev/sda2 rw,discard
mountid=1357 fsname=/usr/share/libdrm dir=/usr/share/libdrm fstype=ext4
Whitelisting /usr/share/libthai
1358 1333 8:2 /usr/share/libthai /usr/share/libthai ro,relatime master:1 - ext4 /dev/sda2 rw,discard
mountid=1358 fsname=/usr/share/libthai dir=/usr/share/libthai fstype=ext4
Whitelisting /usr/share/locale
1359 1333 8:2 /usr/share/locale /usr/share/locale ro,relatime master:1 - ext4 /dev/sda2 rw,discard
mountid=1359 fsname=/usr/share/locale dir=/usr/share/locale fstype=ext4
Whitelisting /usr/share/mime
1360 1333 8:2 /usr/share/mime /usr/share/mime ro,relatime master:1 - ext4 /dev/sda2 rw,discard
mountid=1360 fsname=/usr/share/mime dir=/usr/share/mime fstype=ext4
Whitelisting /usr/share/misc
1361 1333 8:2 /usr/share/misc /usr/share/misc ro,relatime master:1 - ext4 /dev/sda2 rw,discard
mountid=1361 fsname=/usr/share/misc dir=/usr/share/misc fstype=ext4
Whitelisting /usr/share/p11-kit
1362 1333 8:2 /usr/share/p11-kit /usr/share/p11-kit ro,relatime master:1 - ext4 /dev/sda2 rw,discard
mountid=1362 fsname=/usr/share/p11-kit dir=/usr/share/p11-kit fstype=ext4
Whitelisting /usr/share/pixmaps
1363 1333 8:2 /usr/share/pixmaps /usr/share/pixmaps ro,relatime master:1 - ext4 /dev/sda2 rw,discard
mountid=1363 fsname=/usr/share/pixmaps dir=/usr/share/pixmaps fstype=ext4
Whitelisting /usr/share/plasma
1364 1333 8:2 /usr/share/plasma /usr/share/plasma ro,relatime master:1 - ext4 /dev/sda2 rw,discard
mountid=1364 fsname=/usr/share/plasma dir=/usr/share/plasma fstype=ext4
Whitelisting /usr/share/qt5
1365 1333 8:2 /usr/share/qt5 /usr/share/qt5 ro,relatime master:1 - ext4 /dev/sda2 rw,discard
mountid=1365 fsname=/usr/share/qt5 dir=/usr/share/qt5 fstype=ext4
Whitelisting /usr/share/sounds
1366 1333 8:2 /usr/share/sounds /usr/share/sounds ro,relatime master:1 - ext4 /dev/sda2 rw,discard
mountid=1366 fsname=/usr/share/sounds dir=/usr/share/sounds fstype=ext4
Whitelisting /usr/share/terminfo
1367 1333 8:2 /usr/share/terminfo /usr/share/terminfo ro,relatime master:1 - ext4 /dev/sda2 rw,discard
mountid=1367 fsname=/usr/share/terminfo dir=/usr/share/terminfo fstype=ext4
Whitelisting /usr/share/themes
1368 1333 8:2 /usr/share/themes /usr/share/themes ro,relatime master:1 - ext4 /dev/sda2 rw,discard
mountid=1368 fsname=/usr/share/themes dir=/usr/share/themes fstype=ext4
Whitelisting /usr/share/X11
1369 1333 8:2 /usr/share/X11 /usr/share/X11 ro,relatime master:1 - ext4 /dev/sda2 rw,discard
mountid=1369 fsname=/usr/share/X11 dir=/usr/share/X11 fstype=ext4
Whitelisting /usr/share/xml
1370 1333 8:2 /usr/share/xml /usr/share/xml ro,relatime master:1 - ext4 /dev/sda2 rw,discard
mountid=1370 fsname=/usr/share/xml dir=/usr/share/xml fstype=ext4
Whitelisting /usr/share/zoneinfo
1371 1333 8:2 /usr/share/zoneinfo /usr/share/zoneinfo ro,relatime master:1 - ext4 /dev/sda2 rw,discard
mountid=1371 fsname=/usr/share/zoneinfo dir=/usr/share/zoneinfo fstype=ext4
Whitelisting /home/lws/Scaricati
1372 1335 8:2 /home/lws/Scaricati /home/lws/Scaricati rw,relatime master:1 - ext4 /dev/sda2 rw,discard
mountid=1372 fsname=/home/lws/Scaricati dir=/home/lws/Scaricati fstype=ext4
Whitelisting /home/lws/.pki
1373 1335 8:2 /home/lws/.pki /home/lws/.pki rw,relatime master:1 - ext4 /dev/sda2 rw,discard
mountid=1373 fsname=/home/lws/.pki dir=/home/lws/.pki fstype=ext4
Whitelisting /home/lws/.local/share/pki
1374 1335 8:2 /home/lws/.local/share/pki /home/lws/.local/share/pki rw,relatime master:1 - ext4 /dev/sda2 rw,discard
mountid=1374 fsname=/home/lws/.local/share/pki dir=/home/lws/.local/share/pki fstype=ext4
Whitelisting /home/lws/.config/mimeapps.list
1375 1335 8:2 /home/lws/.config/mimeapps.list /home/lws/.config/mimeapps.list rw,relatime master:1 - ext4 /dev/sda2 rw,discard
mountid=1375 fsname=/home/lws/.config/mimeapps.list dir=/home/lws/.config/mimeapps.list fstype=ext4
Whitelisting /home/lws/.config/user-dirs.dirs
1376 1335 8:2 /home/lws/.config/user-dirs.dirs /home/lws/.config/user-dirs.dirs rw,relatime master:1 - ext4 /dev/sda2 rw,discard
mountid=1376 fsname=/home/lws/.config/user-dirs.dirs dir=/home/lws/.config/user-dirs.dirs fstype=ext4
Whitelisting /home/lws/.icons
1377 1335 8:2 /home/lws/.icons /home/lws/.icons rw,relatime master:1 - ext4 /dev/sda2 rw,discard
mountid=1377 fsname=/home/lws/.icons dir=/home/lws/.icons fstype=ext4
Whitelisting /home/lws/.local/share/applications
1378 1335 8:2 /home/lws/.local/share/applications /home/lws/.local/share/applications rw,relatime master:1 - ext4 /dev/sda2 rw,discard
mountid=1378 fsname=/home/lws/.local/share/applications dir=/home/lws/.local/share/applications fstype=ext4
Whitelisting /home/lws/.local/share/mime
1379 1335 8:2 /home/lws/.local/share/mime /home/lws/.local/share/mime rw,relatime master:1 - ext4 /dev/sda2 rw,discard
mountid=1379 fsname=/home/lws/.local/share/mime dir=/home/lws/.local/share/mime fstype=ext4
Whitelisting /home/lws/.config/dconf
1380 1335 8:2 /home/lws/.config/dconf /home/lws/.config/dconf rw,relatime master:1 - ext4 /dev/sda2 rw,discard
mountid=1380 fsname=/home/lws/.config/dconf dir=/home/lws/.config/dconf fstype=ext4
Whitelisting /home/lws/.cache/fontconfig
1381 1335 8:2 /home/lws/.cache/fontconfig /home/lws/.cache/fontconfig rw,relatime master:1 - ext4 /dev/sda2 rw,discard
mountid=1381 fsname=/home/lws/.cache/fontconfig dir=/home/lws/.cache/fontconfig fstype=ext4
Whitelisting /home/lws/.config/fontconfig
1382 1335 8:2 /home/lws/.config/fontconfig /home/lws/.config/fontconfig rw,relatime master:1 - ext4 /dev/sda2 rw,discard
mountid=1382 fsname=/home/lws/.config/fontconfig dir=/home/lws/.config/fontconfig fstype=ext4
Whitelisting /home/lws/.config/gtk-3.0
1383 1335 8:2 /home/lws/.config/gtk-3.0 /home/lws/.config/gtk-3.0 rw,relatime master:1 - ext4 /dev/sda2 rw,discard
mountid=1383 fsname=/home/lws/.config/gtk-3.0 dir=/home/lws/.config/gtk-3.0 fstype=ext4
Whitelisting /home/lws/.gtkrc-2.0
1384 1335 8:2 /home/lws/.gtkrc-2.0 /home/lws/.gtkrc-2.0 rw,relatime master:1 - ext4 /dev/sda2 rw,discard
mountid=1384 fsname=/home/lws/.gtkrc-2.0 dir=/home/lws/.gtkrc-2.0 fstype=ext4
Whitelisting /home/lws/.config/kdeglobals
1385 1335 8:2 /home/lws/.config/kdeglobals /home/lws/.config/kdeglobals rw,relatime master:1 - ext4 /dev/sda2 rw,discard
mountid=1385 fsname=/home/lws/.config/kdeglobals dir=/home/lws/.config/kdeglobals fstype=ext4
Whitelisting /var/lib/dbus
1386 1331 8:2 /var/lib/dbus /var/lib/dbus ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/sda2 rw,discard
mountid=1386 fsname=/var/lib/dbus dir=/var/lib/dbus fstype=ext4
Whitelisting /var/cache/fontconfig
1387 1331 8:2 /var/cache/fontconfig /var/cache/fontconfig ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/sda2 rw,discard
mountid=1387 fsname=/var/cache/fontconfig dir=/var/cache/fontconfig fstype=ext4
Whitelisting /var/tmp
1388 1331 0:59 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw,inode64
mountid=1388 fsname=/ dir=/var/tmp fstype=tmpfs
Created symbolic link /var/run -> /run
Created symbolic link /var/lock -> /run/lock
Whitelisting /tmp/.X11-unix
1389 1324 0:50 /.X11-unix /tmp/.X11-unix rw,noatime master:69 - tmpfs tmpfs rw,inode64
mountid=1389 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Disable /etc/X11/Xsession.d
Disable /etc/xdg/autostart
Mounting read-only /home/lws/.Xauthority
1396 1335 0:73 /lws/.Xauthority /home/lws/.Xauthority ro,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64
mountid=1396 fsname=/lws/.Xauthority dir=/home/lws/.Xauthority fstype=tmpfs
Mounting read-only /home/lws/.config/kdeglobals
1397 1385 8:2 /home/lws/.config/kdeglobals /home/lws/.config/kdeglobals ro,relatime master:1 - ext4 /dev/sda2 rw,discard
mountid=1397 fsname=/home/lws/.config/kdeglobals dir=/home/lws/.config/kdeglobals fstype=ext4
Mounting read-only /home/lws/.config/dconf
1398 1380 8:2 /home/lws/.config/dconf /home/lws/.config/dconf ro,relatime master:1 - ext4 /dev/sda2 rw,discard
mountid=1398 fsname=/home/lws/.config/dconf dir=/home/lws/.config/dconf fstype=ext4
Disable /run/acpid.socket (requested /var/run/acpid.socket)
Disable /etc/anacrontab
Disable /etc/cron.monthly
Disable /etc/cron.daily
Disable /etc/cron.weekly
Disable /etc/cron.hourly
Disable /etc/cron.d
Disable /etc/crontab
Disable /etc/profile.d
Disable /etc/rc0.d
Disable /etc/rc6.d
Disable /etc/rcS.d
Disable /etc/rc5.d
Disable /etc/rc3.d
Disable /etc/rc1.d
Disable /etc/rc2.d
Disable /etc/rc4.d
Disable /etc/kernel-img.conf
Disable /etc/kerneloops.conf
Disable /etc/kernel
Disable /etc/grub.d
Disable /etc/dkms
Disable /etc/apparmor.d
Disable /etc/apparmor
Disable /etc/selinux
Disable /etc/modules-load.d
Disable /etc/modules
Disable /etc/logrotate.conf
Disable /etc/logrotate.d
Disable /etc/adduser.conf
Mounting read-only /home/lws/.bashrc
1429 1335 0:73 /lws/.bashrc /home/lws/.bashrc ro,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64
mountid=1429 fsname=/lws/.bashrc dir=/home/lws/.bashrc fstype=tmpfs
Mounting read-only /home/lws/.local/share/applications
1430 1378 8:2 /home/lws/.local/share/applications /home/lws/.local/share/applications ro,relatime master:1 - ext4 /dev/sda2 rw,discard
mountid=1430 fsname=/home/lws/.local/share/applications dir=/home/lws/.local/share/applications fstype=ext4
Not blacklist /home/lws/.pki
Not blacklist /home/lws/.local/share/pki
Disable /etc/group-
Disable /etc/gshadow
Disable /etc/gshadow-
Disable /etc/passwd-
Disable /etc/shadow
Disable /etc/shadow-
Disable /etc/ssh
Disable /usr/sbin (requested /sbin)
Disable /usr/local/sbin
Disable /usr/sbin
Disable /usr/bin/chage
Disable /usr/bin/chage (requested /bin/chage)
Disable /usr/bin/chfn
Disable /usr/bin/chfn (requested /bin/chfn)
Disable /usr/bin/chsh
Disable /usr/bin/chsh (requested /bin/chsh)
Disable /usr/bin/crontab
Disable /usr/bin/crontab (requested /bin/crontab)
Disable /usr/bin/expiry
Disable /usr/bin/expiry (requested /bin/expiry)
Disable /usr/bin/fusermount
Disable /usr/bin/fusermount (requested /bin/fusermount)
Disable /usr/bin/gpasswd
Disable /usr/bin/gpasswd (requested /bin/gpasswd)
Disable /usr/bin/mount
Disable /usr/bin/mount (requested /bin/mount)
Disable /usr/bin/nc.openbsd (requested /usr/bin/nc)
Disable /usr/bin/nc.openbsd (requested /bin/nc)
Disable /usr/bin/newgrp
Disable /usr/bin/newgrp (requested /bin/newgrp)
Disable /usr/bin/ntfs-3g
Disable /usr/bin/ntfs-3g (requested /bin/ntfs-3g)
Disable /usr/bin/pkexec
Disable /usr/bin/pkexec (requested /bin/pkexec)
Disable /usr/bin/newgrp (requested /usr/bin/sg)
Disable /usr/bin/newgrp (requested /bin/sg)
Disable /usr/bin/strace
Disable /usr/bin/strace (requested /bin/strace)
Disable /usr/bin/su
Disable /usr/bin/su (requested /bin/su)
Disable /usr/bin/sudo
Disable /usr/bin/sudo (requested /bin/sudo)
Disable /usr/bin/umount
Disable /usr/bin/umount (requested /bin/umount)
Disable /usr/bin/xev
Disable /usr/bin/xev (requested /bin/xev)
Disable /usr/bin/xinput
Disable /usr/bin/xinput (requested /bin/xinput)
Disable /usr/lib/virtualbox
Disable /usr/bin/urxvtc
Disable /usr/bin/urxvtc (requested /bin/urxvtc)
Disable /usr/bin/urxvtcd
Disable /usr/bin/urxvtcd (requested /bin/urxvtcd)
Disable /usr/bin/bwrap
Disable /usr/bin/bwrap (requested /bin/bwrap)
Disable /usr/bin/x86_64-linux-gnu-as (requested /usr/bin/as)
Disable /usr/bin/x86_64-linux-gnu-as (requested /bin/as)
Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /usr/bin/cc)
Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /bin/cc)
Disable /usr/bin/x86_64-linux-gnu-c++filt (requested /usr/bin/c++filt)
Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /usr/bin/c++)
Disable /usr/bin/x86_64-linux-gnu-c++filt (requested /bin/c++filt)
Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /bin/c++)
Disable /usr/bin/c89-gcc
Disable /usr/bin/c89-gcc (requested /usr/bin/c89)
Disable /usr/bin/c89-gcc (requested /bin/c89-gcc)
Disable /usr/bin/c89-gcc (requested /bin/c89)
Disable /usr/bin/c99-gcc
Disable /usr/bin/c99-gcc (requested /usr/bin/c99)
Disable /usr/bin/c99-gcc (requested /bin/c99-gcc)
Disable /usr/bin/c99-gcc (requested /bin/c99)
Disable /usr/bin/x86_64-linux-gnu-cpp-9 (requested /usr/bin/cpp)
Disable /usr/bin/x86_64-linux-gnu-cpp-9 (requested /usr/bin/cpp-9)
Disable /usr/bin/x86_64-linux-gnu-cpp-9 (requested /bin/cpp)
Disable /usr/bin/x86_64-linux-gnu-cpp-9 (requested /bin/cpp-9)
Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /usr/bin/g++)
Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /usr/bin/g++-9)
Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /bin/g++)
Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /bin/g++-9)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9 (requested /usr/bin/gcc-ar-9)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9 (requested /usr/bin/gcc-ranlib-9)
Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /usr/bin/gcc)
Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /usr/bin/gcc-9)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9 (requested /usr/bin/gcc-ar)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9 (requested /usr/bin/gcc-nm)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9 (requested /usr/bin/gcc-ranlib)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9 (requested /usr/bin/gcc-nm-9)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9 (requested /bin/gcc-ar-9)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9 (requested /bin/gcc-ranlib-9)
Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /bin/gcc)
Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /bin/gcc-9)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9 (requested /bin/gcc-ar)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9 (requested /bin/gcc-nm)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9 (requested /bin/gcc-ranlib)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9 (requested /bin/gcc-nm-9)
Disable /usr/bin/x86_64-linux-gnu-ld.bfd (requested /usr/bin/ld)
Disable /usr/bin/x86_64-linux-gnu-ld.bfd (requested /bin/ld)
Disable /usr/bin/c99-gcc
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9 (requested /usr/bin/x86_64-linux-gnu-gcc-nm)
Disable /usr/bin/x86_64-linux-gnu-gcc-9
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9 (requested /usr/bin/x86_64-linux-gnu-gcc-ar)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9 (requested /usr/bin/x86_64-linux-gnu-gcc-ranlib)
Disable /usr/bin/c89-gcc
Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /usr/bin/x86_64-linux-gnu-gcc)
Disable /usr/bin/c99-gcc (requested /bin/c99-gcc)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9 (requested /bin/x86_64-linux-gnu-gcc-nm)
Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /bin/x86_64-linux-gnu-gcc-9)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9 (requested /bin/x86_64-linux-gnu-gcc-nm-9)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9 (requested /bin/x86_64-linux-gnu-gcc-ar-9)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9 (requested /bin/x86_64-linux-gnu-gcc-ar)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9 (requested /bin/x86_64-linux-gnu-gcc-ranlib-9)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9 (requested /bin/x86_64-linux-gnu-gcc-ranlib)
Disable /usr/bin/c89-gcc (requested /bin/c89-gcc)
Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /bin/x86_64-linux-gnu-gcc)
Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /usr/bin/x86_64-linux-gnu-g++)
Disable /usr/bin/x86_64-linux-gnu-g++-9
Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /bin/x86_64-linux-gnu-g++)
Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /bin/x86_64-linux-gnu-g++-9)
Disable /usr/bin/c99-gcc
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9 (requested /usr/bin/x86_64-linux-gnu-gcc-nm)
Disable /usr/bin/x86_64-linux-gnu-gcc-9
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9 (requested /usr/bin/x86_64-linux-gnu-gcc-ar)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9 (requested /usr/bin/x86_64-linux-gnu-gcc-ranlib)
Disable /usr/bin/c89-gcc
Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /usr/bin/x86_64-linux-gnu-gcc)
Disable /usr/bin/c99-gcc (requested /bin/c99-gcc)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9 (requested /bin/x86_64-linux-gnu-gcc-nm)
Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /bin/x86_64-linux-gnu-gcc-9)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9 (requested /bin/x86_64-linux-gnu-gcc-nm-9)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9 (requested /bin/x86_64-linux-gnu-gcc-ar-9)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9 (requested /bin/x86_64-linux-gnu-gcc-ar)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9 (requested /bin/x86_64-linux-gnu-gcc-ranlib-9)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9 (requested /bin/x86_64-linux-gnu-gcc-ranlib)
Disable /usr/bin/c89-gcc (requested /bin/c89-gcc)
Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /bin/x86_64-linux-gnu-gcc)
Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /usr/bin/x86_64-linux-gnu-g++)
Disable /usr/bin/x86_64-linux-gnu-g++-9
Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /bin/x86_64-linux-gnu-g++)
Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /bin/x86_64-linux-gnu-g++-9)
Disable /usr/include
Disable /usr/bin/openssl
Disable /usr/bin/openssl (requested /bin/openssl)
Disable /usr/lib/valgrind
Mounting noexec /run/user/1000
1585 1580 0:25 /firejail/firejail.ro.dir /run/user/1000/systemd rw,nosuid,nodev,noexec,relatime master:5 - tmpfs tmpfs rw,size=392800k,mode=755,inode64
mountid=1585 fsname=/firejail/firejail.ro.dir dir=/run/user/1000/systemd fstype=tmpfs
Mounting noexec /dev/shm
1586 1311 0:68 /shm /dev/shm rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64
mountid=1586 fsname=/shm dir=/dev/shm fstype=tmpfs
Mounting noexec /tmp
1588 1587 0:50 /.X11-unix /tmp/.X11-unix rw,noatime master:69 - tmpfs tmpfs rw,inode64
mountid=1588 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Mounting noexec /tmp/.X11-unix
1589 1588 0:50 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev,noexec,noatime master:69 - tmpfs tmpfs rw,inode64
mountid=1589 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Mounting noexec /var
1593 1590 0:59 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw,inode64
mountid=1593 fsname=/ dir=/var/tmp fstype=tmpfs
Disable /usr/bin/cpan5.30-x86_64-linux-gnu
Disable /usr/bin/cpan5.30-i386-linux-gnu
Disable /usr/bin/cpan
Disable /usr/bin/cpan5.30-x86_64-linux-gnu (requested /bin/cpan5.30-x86_64-linux-gnu)
Disable /usr/bin/cpan5.30-i386-linux-gnu (requested /bin/cpan5.30-i386-linux-gnu)
Disable /usr/bin/cpan (requested /bin/cpan)
Disable /usr/bin/perl
Disable /usr/bin/perl (requested /bin/perl)
Disable /usr/bin/python2.7
Disable /usr/bin/python2.7 (requested /usr/bin/python2)
Disable /usr/bin/python2.7 (requested /bin/python2.7)
Disable /usr/bin/python2.7 (requested /bin/python2)
Disable /usr/lib/python2.7
Disable /usr/local/lib/python2.7
Disable /usr/bin/python3-pasteurize
Disable /usr/bin/python3.8
Disable /usr/bin/python3-futurize
Disable /usr/bin/python3-wsdump
Disable /usr/bin/x86_64-linux-gnu-python3.8-config (requested /usr/bin/python3.8-config)
Disable /usr/bin/x86_64-linux-gnu-python3.8-config (requested /usr/bin/python3-config)
Disable /usr/bin/python3.8 (requested /usr/bin/python3)
Disable /usr/bin/python3-pasteurize (requested /bin/python3-pasteurize)
Disable /usr/bin/python3.8 (requested /bin/python3.8)
Disable /usr/bin/python3-futurize (requested /bin/python3-futurize)
Disable /usr/bin/python3-wsdump (requested /bin/python3-wsdump)
Disable /usr/bin/x86_64-linux-gnu-python3.8-config (requested /bin/python3.8-config)
Disable /usr/bin/x86_64-linux-gnu-python3.8-config (requested /bin/python3-config)
Disable /usr/bin/python3.8 (requested /bin/python3)
Disable /usr/lib/python3.9
Disable /usr/lib/python3.8
Disable /usr/lib/python3
Disable /usr/local/lib/python3.8
Not blacklist /home/lws/.mozilla
Not blacklist /home/lws/.cache/mozilla
Mounting read-only /home/lws/.config/user-dirs.dirs
1626 1376 8:2 /home/lws/.config/user-dirs.dirs /home/lws/.config/user-dirs.dirs ro,relatime master:1 - ext4 /dev/sda2 rw,discard
mountid=1626 fsname=/home/lws/.config/user-dirs.dirs dir=/home/lws/.config/user-dirs.dirs fstype=ext4
Mounting read-only /tmp/.X11-unix
1627 1589 0:50 /.X11-unix /tmp/.X11-unix ro,nosuid,nodev,noexec,noatime master:69 - tmpfs tmpfs rw,inode64
mountid=1627 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Disable /sys/fs
Disable /sys/module
Disable /mnt
Disable /media
Disable /run/mount
Mounting noexec /run/firejail/mnt/pulse
Creating empty /home/lws/.config/pulse directory
Mounting /run/firejail/mnt/pulse on /home/lws/.config/pulse
2199 1335 0:54 /pulse /home/lws/.config/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64
mountid=2199 fsname=/pulse dir=/home/lws/.config/pulse fstype=tmpfs
Create the new ld.so.preload file
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 15 01 00 00000029   jeq socket 0006 (false 0005)
 0005: 06 00 00 7fff0000   ret ALLOW
 0006: 20 00 00 00000010   ld  data.args[0]
 0007: 15 00 01 00000001   jeq 1 0008 (false 0009)
 0008: 06 00 00 7fff0000   ret ALLOW
 0009: 15 00 01 00000002   jeq 2 000a (false 000b)
 000a: 06 00 00 7fff0000   ret ALLOW
 000b: 15 00 01 0000000a   jeq a 000c (false 000d)
 000c: 06 00 00 7fff0000   ret ALLOW
 000d: 15 00 01 00000010   jeq 10 000e (false 000f)
 000e: 06 00 00 7fff0000   ret ALLOW
 000f: 06 00 00 0005005f   ret ERRNO(95)
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 40000003   jeq ARCH_32 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 15 30 00 00000015   jeq 15 0035 (false 0005)
 0005: 15 2f 00 00000034   jeq 34 0035 (false 0006)
 0006: 15 2e 00 0000001a   jeq 1a 0035 (false 0007)
 0007: 15 2d 00 0000011b   jeq 11b 0035 (false 0008)
 0008: 15 2c 00 00000155   jeq 155 0035 (false 0009)
 0009: 15 2b 00 00000156   jeq 156 0035 (false 000a)
 000a: 15 2a 00 0000007f   jeq 7f 0035 (false 000b)
 000b: 15 29 00 00000080   jeq 80 0035 (false 000c)
 000c: 15 28 00 0000015e   jeq 15e 0035 (false 000d)
 000d: 15 27 00 00000081   jeq 81 0035 (false 000e)
 000e: 15 26 00 0000006e   jeq 6e 0035 (false 000f)
 000f: 15 25 00 00000065   jeq 65 0035 (false 0010)
 0010: 15 24 00 00000121   jeq 121 0035 (false 0011)
 0011: 15 23 00 00000057   jeq 57 0035 (false 0012)
 0012: 15 22 00 00000073   jeq 73 0035 (false 0013)
 0013: 15 21 00 00000067   jeq 67 0035 (false 0014)
 0014: 15 20 00 0000015b   jeq 15b 0035 (false 0015)
 0015: 15 1f 00 0000015c   jeq 15c 0035 (false 0016)
 0016: 15 1e 00 00000087   jeq 87 0035 (false 0017)
 0017: 15 1d 00 00000095   jeq 95 0035 (false 0018)
 0018: 15 1c 00 0000007c   jeq 7c 0035 (false 0019)
 0019: 15 1b 00 00000157   jeq 157 0035 (false 001a)
 001a: 15 1a 00 000000fd   jeq fd 0035 (false 001b)
 001b: 15 19 00 00000150   jeq 150 0035 (false 001c)
 001c: 15 18 00 00000152   jeq 152 0035 (false 001d)
 001d: 15 17 00 0000015d   jeq 15d 0035 (false 001e)
 001e: 15 16 00 0000011e   jeq 11e 0035 (false 001f)
 001f: 15 15 00 0000011f   jeq 11f 0035 (false 0020)
 0020: 15 14 00 00000120   jeq 120 0035 (false 0021)
 0021: 15 13 00 00000056   jeq 56 0035 (false 0022)
 0022: 15 12 00 00000033   jeq 33 0035 (false 0023)
 0023: 15 11 00 0000007b   jeq 7b 0035 (false 0024)
 0024: 15 10 00 000000d9   jeq d9 0035 (false 0025)
 0025: 15 0f 00 000000f5   jeq f5 0035 (false 0026)
 0026: 15 0e 00 000000f6   jeq f6 0035 (false 0027)
 0027: 15 0d 00 000000f7   jeq f7 0035 (false 0028)
 0028: 15 0c 00 000000f8   jeq f8 0035 (false 0029)
 0029: 15 0b 00 000000f9   jeq f9 0035 (false 002a)
 002a: 15 0a 00 00000101   jeq 101 0035 (false 002b)
 002b: 15 09 00 00000112   jeq 112 0035 (false 002c)
 002c: 15 08 00 00000114   jeq 114 0035 (false 002d)
 002d: 15 07 00 00000126   jeq 126 0035 (false 002e)
 002e: 15 06 00 0000013d   jeq 13d 0035 (false 002f)
 002f: 15 05 00 0000013c   jeq 13c 0035 (false 0030)
 0030: 15 04 00 0000003d   jeq 3d 0035 (false 0031)
 0031: 15 03 00 00000058   jeq 58 0035 (false 0032)
 0032: 15 02 00 000000a9   jeq a9 0035 (false 0033)
 0033: 15 01 00 00000082   jeq 82 0035 (false 0034)
 0034: 06 00 00 7fff0000   ret ALLOW
 0035: 06 00 00 00000000   ret KILL
Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 35 01 00 40000000   jge X32_ABI 0006 (false 0005)
 0005: 35 01 00 00000000   jge read 0007 (false 0006)
 0006: 06 00 00 00050001   ret ERRNO(1)
 0007: 15 00 01 000000a1   jeq chroot 0008 (false 0009)
 0008: 06 00 00 7fff0000   ret ALLOW
 0009: 15 3f 00 0000009f   jeq adjtimex 0049 (false 000a)
 000a: 15 3e 00 00000131   jeq clock_adjtime 0049 (false 000b)
 000b: 15 3d 00 000000e3   jeq clock_settime 0049 (false 000c)
 000c: 15 3c 00 000000a4   jeq settimeofday 0049 (false 000d)
 000d: 15 3b 00 0000009a   jeq modify_ldt 0049 (false 000e)
 000e: 15 3a 00 000000d4   jeq lookup_dcookie 0049 (false 000f)
 000f: 15 39 00 0000012a   jeq perf_event_open 0049 (false 0010)
 0010: 15 38 00 00000137   jeq process_vm_writev 0049 (false 0011)
 0011: 15 37 00 000000b0   jeq delete_module 0049 (false 0012)
 0012: 15 36 00 00000139   jeq finit_module 0049 (false 0013)
 0013: 15 35 00 000000af   jeq init_module 0049 (false 0014)
 0014: 15 34 00 0000009c   jeq _sysctl 0049 (false 0015)
 0015: 15 33 00 000000b7   jeq afs_syscall 0049 (false 0016)
 0016: 15 32 00 000000ae   jeq create_module 0049 (false 0017)
 0017: 15 31 00 000000b1   jeq get_kernel_syms 0049 (false 0018)
 0018: 15 30 00 000000b5   jeq getpmsg 0049 (false 0019)
 0019: 15 2f 00 000000b6   jeq putpmsg 0049 (false 001a)
 001a: 15 2e 00 000000b2   jeq query_module 0049 (false 001b)
 001b: 15 2d 00 000000b9   jeq security 0049 (false 001c)
 001c: 15 2c 00 0000008b   jeq sysfs 0049 (false 001d)
 001d: 15 2b 00 000000b8   jeq tuxcall 0049 (false 001e)
 001e: 15 2a 00 00000086   jeq uselib 0049 (false 001f)
 001f: 15 29 00 00000088   jeq ustat 0049 (false 0020)
 0020: 15 28 00 000000ec   jeq vserver 0049 (false 0021)
 0021: 15 27 00 000000ad   jeq ioperm 0049 (false 0022)
 0022: 15 26 00 000000ac   jeq iopl 0049 (false 0023)
 0023: 15 25 00 000000f6   jeq kexec_load 0049 (false 0024)
 0024: 15 24 00 00000140   jeq kexec_file_load 0049 (false 0025)
 0025: 15 23 00 000000a9   jeq reboot 0049 (false 0026)
 0026: 15 22 00 000000a7   jeq swapon 0049 (false 0027)
 0027: 15 21 00 000000a8   jeq swapoff 0049 (false 0028)
 0028: 15 20 00 00000130   jeq open_by_handle_at 0049 (false 0029)
 0029: 15 1f 00 0000012f   jeq name_to_handle_at 0049 (false 002a)
 002a: 15 1e 00 000000fb   jeq ioprio_set 0049 (false 002b)
 002b: 15 1d 00 00000067   jeq syslog 0049 (false 002c)
 002c: 15 1c 00 0000012c   jeq fanotify_init 0049 (false 002d)
 002d: 15 1b 00 00000138   jeq kcmp 0049 (false 002e)
 002e: 15 1a 00 000000f8   jeq add_key 0049 (false 002f)
 002f: 15 19 00 000000f9   jeq request_key 0049 (false 0030)
 0030: 15 18 00 000000ed   jeq mbind 0049 (false 0031)
 0031: 15 17 00 00000100   jeq migrate_pages 0049 (false 0032)
 0032: 15 16 00 00000117   jeq move_pages 0049 (false 0033)
 0033: 15 15 00 000000fa   jeq keyctl 0049 (false 0034)
 0034: 15 14 00 000000ce   jeq io_setup 0049 (false 0035)
 0035: 15 13 00 000000cf   jeq io_destroy 0049 (false 0036)
 0036: 15 12 00 000000d0   jeq io_getevents 0049 (false 0037)
 0037: 15 11 00 000000d1   jeq io_submit 0049 (false 0038)
 0038: 15 10 00 000000d2   jeq io_cancel 0049 (false 0039)
 0039: 15 0f 00 000000d8   jeq remap_file_pages 0049 (false 003a)
 003a: 15 0e 00 00000143   jeq userfaultfd 0049 (false 003b)
 003b: 15 0d 00 000000a3   jeq acct 0049 (false 003c)
 003c: 15 0c 00 00000141   jeq bpf 0049 (false 003d)
 003d: 15 0b 00 000000a1   jeq chroot 0049 (false 003e)
 003e: 15 0a 00 000000a5   jeq mount 0049 (false 003f)
 003f: 15 09 00 000000b4   jeq nfsservctl 0049 (false 0040)
 0040: 15 08 00 0000009b   jeq pivot_root 0049 (false 0041)
 0041: 15 07 00 000000ab   jeq setdomainname 0049 (false 0042)
 0042: 15 06 00 000000aa   jeq sethostname 0049 (false 0043)
 0043: 15 05 00 000000a6   jeq umount2 0049 (false 0044)
 0044: 15 04 00 00000099   jeq vhangup 0049 (false 0045)
 0045: 15 03 00 00000065   jeq ptrace 0049 (false 0046)
 0046: 15 02 00 00000087   jeq personality 0049 (false 0047)
 0047: 15 01 00 00000136   jeq process_vm_readv 0049 (false 0048)
 0048: 06 00 00 7fff0000   ret ALLOW
 0049: 06 00 01 00000000   ret KILL
Mount the new ld.so.preload file
Current directory: /home/lws
Install protocol filter: unix,inet,inet6,netlink
configuring 16 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol (null) 
configuring 54 seccomp entries in /run/firejail/mnt/seccomp/seccomp.32
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.32 (null) 
Dual 32/64 bit seccomp filter configured
Build default+drop seccomp filter
sbox run: /run/firejail/lib/fseccomp default drop /run/firejail/mnt/seccomp/seccomp /run/firejail/mnt/seccomp/seccomp.postexec !chroot (null) 
sbox run: /run/firejail/lib/fsec-optimize /run/firejail/mnt/seccomp/seccomp (null) 
configuring 74 seccomp entries in /run/firejail/mnt/seccomp/seccomp
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp (null) 
seccomp filter configured
Mounting read-only /run/firejail/mnt/seccomp
Dropping all capabilities
noroot user namespace installed
Dropping all capabilities
NO_NEW_PRIVS set
Drop privileges: pid 1, uid 1000, gid 1001, nogroups 1
No supplementary groups
AppArmor enabled
starting application
LD_PRELOAD=(null)
execvp argument 0: firefox

When I click on that facebook group I get the following in the console:
ATTENTION: default value of option mesa_glthread overridden by environment.
ATTENTION: default value of option mesa_glthread overridden by environment.

Originally created by @fpusersuggest on GitHub (Nov 18, 2021). Original GitHub issue: https://github.com/netblue30/firejail/issues/4698 ### Description _Describe the bug_ Hello, I have a custom profile for firefox. If I go on a specific facebook group, that firefox tab freeze and I have to close it. I found an error in the log and I like to know how to fix it. This is the log: nov 18 20:48:14 mypc audit[10931]: SECCOMP auid=1000 uid=1000 gid=1001 ses=1 subj=firejail-default pid=10931 comm=57656220436F6E74656E74 exe="/usr/lib/firefox/firefox" sig=31 arch=c000003e syscall=312 compat=0 ip=0x7fe97668589d code=0x0 nov 18 20:48:14 mypc kernel: audit: type=1326 audit(1637264894.948:51): auid=1000 uid=1000 gid=1001 ses=1 subj=firejail-default pid=10931 comm=57656220436F6E74656E74 exe="/usr/lib/firefox/firefox" sig=31 arch=c000003e syscall=312 compat=0 ip=0x7fe97668589d code=0x0 ### Steps to Reproduce 1. Run in bash `LC_ALL=C firejail PROGRAM` (`LC_ALL=C` to get a consistent output in English that can be understood by everybody) $ LC_ALL=C firejail firefox Reading profile /etc/firejail/firefox.profile Reading profile /etc/firejail/whitelist-usr-share-common.inc Reading profile /etc/firejail/firefox-common.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Warning: networking feature is disabled in Firejail configuration file Parent pid 14951, child pid 14952 Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Warning: cleaning all supplementary groups Warning: cleaning all supplementary groups Warning: cleaning all supplementary groups Warning: cleaning all supplementary groups Post-exec seccomp protector enabled Seccomp list in: !chroot, check list: @default-keep, prelist: unknown, Child process initialized in 182.72 ms ATTENTION: default value of option mesa_glthread overridden by environment. ATTENTION: default value of option mesa_glthread overridden by environment. ATTENTION: default value of option mesa_glthread overridden by environment. ATTENTION: default value of option mesa_glthread overridden by environment. ATTENTION: default value of option mesa_glthread overridden by environment. ATTENTION: default value of option mesa_glthread overridden by environment. 2. Click on '....' I connect to facebook and then to the following facebook group https://www.facebook.com/groups/477126719059034 after that the facebook tab freeze and I see the error in the log: nov 18 20:55:56 audit[15170]: SECCOMP auid=1000 uid=1000 gid=1001 ses=1 subj=firejail-default pid=15170 comm=57656220436F6E74656E74 exe="/usr/lib/firefox/firefox" sig=31 arch=c000003e syscall=312 compat=0 ip=0x7f0d6896189d code=0x0 nov 18 20:55:56 kernel: audit: type=1326 audit(1637265356.469:52): auid=1000 uid=1000 gid=1001 ses=1 subj=firejail-default pid=15170 comm=57656220436F6E74656E74 exe="/usr/lib/firefox/firefox" sig=31 arch=c000003e syscall=312 compat=0 ip=0x7f0d6896189d code=0x0 ### Expected behavior browse facebook without freeze ### Environment - Linux distribution and version (e.g. "Ubuntu 20.04" or "Arch Linux") ubuntu 20.04 $ uname -a Linux mypc 5.11.0-40-generic #44~20.04.2-Ubuntu SMP Tue Oct 26 18:07:44 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux - Firejail version (`firejail --version`). firejail version 0.9.62 ### Checklist <!-- Note: Items are checked with an "x", like so: - [x] This is a checked item. --> - [x ] The issues is caused by firejail (i.e. running the program by path (e.g. `/usr/bin/vlc`) "fixes" it). - [ ] I can reproduce the issue without custom modifications (e.g. globals.local). - [ ] The program has a profile. (If not, request one in `https://github.com/netblue30/firejail/issues/1139`) - [ ] The profile (and redirect profile if exists) hasn't already been fixed [upstream](https://github.com/netblue30/firejail/tree/master/etc). - [ ] I have performed a short search for similar issues (to avoid opening a duplicate). - [ ] I'm aware of `browser-allow-drm yes`/`browser-disable-u2f no` in `firejail.config` to allow DRM/U2F in browsers. - [ ] I used `--profile=PROFILENAME` to set the right profile. (Only relevant for AppImages) <details> <summary>Output of <code>LC_ALL=C firejail --debug /path/to/program</code></summary> <p> ``` $ LC_ALL=C firejail --debug firefox 2>&1>fire.debug Reading profile /etc/firejail/firefox.profile Reading profile /etc/firejail/whitelist-usr-share-common.inc Reading profile /etc/firejail/firefox-common.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Warning: networking feature is disabled in Firejail configuration file DISPLAY=:0 parsed as 0 Parent pid 41527, child pid 41528 Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Debug 423: new_name #/home/lws/.cache/mozilla/firefox#, whitelist Debug 531: fname #/home/lws/.cache/mozilla/firefox#, cfg.homedir #/home/lws# Debug 423: new_name #/home/lws/.mozilla#, whitelist Debug 531: fname #/home/lws/.mozilla#, cfg.homedir #/home/lws# Debug 423: new_name #/usr/share/mozilla#, whitelist Debug 423: new_name #/usr/share/webext#, whitelist realpath: No such file or directory Debug 423: new_name #/usr/share/alsa#, whitelist Debug 423: new_name #/usr/share/applications#, whitelist Debug 423: new_name #/usr/share/ca-certificates#, whitelist Debug 423: new_name #/usr/share/crypto-policies#, whitelist realpath: No such file or directory Debug 423: new_name #/usr/share/cursors#, whitelist realpath: No such file or directory Debug 423: new_name #/usr/share/dconf#, whitelist realpath: No such file or directory Debug 423: new_name #/usr/share/distro-info#, whitelist Debug 423: new_name #/usr/share/drirc.d#, whitelist Debug 423: new_name #/usr/share/enchant#, whitelist realpath: No such file or directory Debug 423: new_name #/usr/share/enchant-2#, whitelist Debug 423: new_name #/usr/share/fontconfig#, whitelist Debug 423: new_name #/usr/share/fonts#, whitelist Debug 423: new_name #/usr/share/gir-1.0#, whitelist realpath: No such file or directory Debug 423: new_name #/usr/share/gjs-1.0#, whitelist realpath: No such file or directory Debug 423: new_name #/usr/share/glib-2.0#, whitelist Debug 423: new_name #/usr/share/glvnd#, whitelist Debug 423: new_name #/usr/share/gtk-2.0#, whitelist realpath: No such file or directory Debug 423: new_name #/usr/share/gtk-3.0#, whitelist realpath: No such file or directory Debug 423: new_name #/usr/share/gtksourceview-3.0#, whitelist Debug 423: new_name #/usr/share/gtksourceview-4#, whitelist realpath: No such file or directory Debug 423: new_name #/usr/share/hunspell#, whitelist Debug 423: new_name #/usr/share/hwdata#, whitelist realpath: No such file or directory Debug 423: new_name #/usr/share/icons#, whitelist Debug 423: new_name #/usr/share/knotifications5#, whitelist Debug 423: new_name #/usr/share/icu#, whitelist Debug 423: new_name #/usr/share/kservices5#, whitelist Debug 423: new_name #/usr/share/Kvantum#, whitelist realpath: No such file or directory Debug 423: new_name #/usr/share/kxmlgui5#, whitelist Debug 423: new_name #/usr/share/libdrm#, whitelist Debug 423: new_name #/usr/share/libthai#, whitelist Debug 423: new_name #/usr/share/locale#, whitelist Debug 423: new_name #/usr/share/mime#, whitelist Debug 423: new_name #/usr/share/misc#, whitelist Debug 423: new_name #/usr/share/Modules#, whitelist realpath: No such file or directory Debug 423: new_name #/usr/share/myspell#, whitelist realpath: No such file or directory Debug 423: new_name #/usr/share/p11-kit#, whitelist Debug 423: new_name #/usr/share/pixmaps#, whitelist Debug 423: new_name #/usr/share/pki#, whitelist realpath: No such file or directory Debug 423: new_name #/usr/share/plasma#, whitelist Debug 423: new_name #/usr/share/qt#, whitelist realpath: No such file or directory Debug 423: new_name #/usr/share/qt4#, whitelist realpath: No such file or directory Debug 423: new_name #/usr/share/qt5#, whitelist Debug 423: new_name #/usr/share/sounds#, whitelist Debug 423: new_name #/usr/share/tcl8.6#, whitelist realpath: No such file or directory Debug 423: new_name #/usr/share/terminfo#, whitelist Debug 423: new_name #/usr/share/themes#, whitelist Debug 423: new_name #/usr/share/thumbnail.so#, whitelist realpath: No such file or directory Debug 423: new_name #/usr/share/X11#, whitelist Debug 423: new_name #/usr/share/xml#, whitelist Debug 423: new_name #/usr/share/zoneinfo#, whitelist Debug 423: new_name #/home/lws/Scaricati#, whitelist Debug 531: fname #/home/lws/Scaricati#, cfg.homedir #/home/lws# Debug 423: new_name #/home/lws/.pki#, whitelist Debug 531: fname #/home/lws/.pki#, cfg.homedir #/home/lws# Debug 423: new_name #/home/lws/.local/share/pki#, whitelist Debug 531: fname #/home/lws/.local/share/pki#, cfg.homedir #/home/lws# Debug 423: new_name #/home/lws/.XCompose#, whitelist realpath: No such file or directory Debug 423: new_name #/home/lws/.asoundrc#, whitelist realpath: No such file or directory Debug 423: new_name #/home/lws/.config/ibus#, whitelist realpath: No such file or directory Debug 423: new_name #/home/lws/.config/mimeapps.list#, whitelist Debug 531: fname #/home/lws/.config/mimeapps.list#, cfg.homedir #/home/lws# Debug 423: new_name #/home/lws/.config/pkcs11#, whitelist realpath: No such file or directory Debug 423: new_name #/home/lws/.config/user-dirs.dirs#, whitelist Debug 531: fname #/home/lws/.config/user-dirs.dirs#, cfg.homedir #/home/lws# Debug 423: new_name #/home/lws/.drirc#, whitelist realpath: No such file or directory Debug 423: new_name #/home/lws/.icons#, whitelist Debug 531: fname #/home/lws/.icons#, cfg.homedir #/home/lws# Debug 423: new_name #/home/lws/.local/share/applications#, whitelist Debug 531: fname #/home/lws/.local/share/applications#, cfg.homedir #/home/lws# Debug 423: new_name #/home/lws/.local/share/icons#, whitelist realpath: No such file or directory Debug 423: new_name #/home/lws/.local/share/mime#, whitelist Debug 531: fname #/home/lws/.local/share/mime#, cfg.homedir #/home/lws# Debug 423: new_name #/home/lws/.mime.types#, whitelist realpath: No such file or directory Debug 423: new_name #/home/lws/.config/dconf#, whitelist Debug 531: fname #/home/lws/.config/dconf#, cfg.homedir #/home/lws# Debug 423: new_name #/home/lws/.cache/fontconfig#, whitelist Debug 531: fname #/home/lws/.cache/fontconfig#, cfg.homedir #/home/lws# Debug 423: new_name #/home/lws/.config/fontconfig#, whitelist Debug 531: fname #/home/lws/.config/fontconfig#, cfg.homedir #/home/lws# Debug 423: new_name #/home/lws/.fontconfig#, whitelist realpath: No such file or directory Debug 423: new_name #/home/lws/.fonts#, whitelist realpath: No such file or directory Debug 423: new_name #/home/lws/.fonts.conf#, whitelist realpath: No such file or directory Debug 423: new_name #/home/lws/.fonts.conf.d#, whitelist realpath: No such file or directory Debug 423: new_name #/home/lws/.fonts.d#, whitelist realpath: No such file or directory Debug 423: new_name #/home/lws/.local/share/fonts#, whitelist realpath: No such file or directory Debug 423: new_name #/home/lws/.pangorc#, whitelist realpath: No such file or directory Debug 423: new_name #/home/lws/.config/gtk-2.0#, whitelist realpath: No such file or directory Debug 423: new_name #/home/lws/.config/gtk-3.0#, whitelist Debug 531: fname #/home/lws/.config/gtk-3.0#, cfg.homedir #/home/lws# Debug 423: new_name #/home/lws/.config/gtkrc#, whitelist realpath: No such file or directory Debug 423: new_name #/home/lws/.config/gtkrc-2.0#, whitelist realpath: No such file or directory Debug 423: new_name #/home/lws/.gnome2#, whitelist realpath: No such file or directory Debug 423: new_name #/home/lws/.gnome2-private#, whitelist realpath: No such file or directory Debug 423: new_name #/home/lws/.gtk-2.0#, whitelist realpath: No such file or directory Debug 423: new_name #/home/lws/.gtkrc#, whitelist realpath: No such file or directory Debug 423: new_name #/home/lws/.gtkrc-2.0#, whitelist Debug 531: fname #/home/lws/.gtkrc-2.0#, cfg.homedir #/home/lws# Debug 423: new_name #/home/lws/.kde/share/config/gtkrc#, whitelist realpath: No such file or directory Debug 423: new_name #/home/lws/.kde/share/config/gtkrc-2.0#, whitelist realpath: No such file or directory Debug 423: new_name #/home/lws/.kde4/share/config/gtkrc#, whitelist realpath: No such file or directory Debug 423: new_name #/home/lws/.kde4/share/config/gtkrc-2.0#, whitelist realpath: No such file or directory Debug 423: new_name #/home/lws/.local/share/themes#, whitelist realpath: No such file or directory Debug 423: new_name #/home/lws/.themes#, whitelist realpath: No such file or directory Debug 423: new_name #/home/lws/.cache/kioexec/krun#, whitelist realpath: No such file or directory Debug 423: new_name #/home/lws/.config/Kvantum#, whitelist realpath: No such file or directory Debug 423: new_name #/home/lws/.config/Trolltech.conf#, whitelist realpath: No such file or directory Debug 423: new_name #/home/lws/.config/kdeglobals#, whitelist Debug 531: fname #/home/lws/.config/kdeglobals#, cfg.homedir #/home/lws# Debug 423: new_name #/home/lws/.config/kio_httprc#, whitelist realpath: No such file or directory Debug 423: new_name #/home/lws/.config/kioslaverc#, whitelist realpath: No such file or directory Debug 423: new_name #/home/lws/.config/ksslcablacklist#, whitelist realpath: No such file or directory Debug 423: new_name #/home/lws/.config/qt5ct#, whitelist realpath: No such file or directory Debug 423: new_name #/home/lws/.kde/share/config/kdeglobals#, whitelist realpath: No such file or directory Debug 423: new_name #/home/lws/.kde/share/config/kio_httprc#, whitelist realpath: No such file or directory Debug 423: new_name #/home/lws/.kde/share/config/kioslaverc#, whitelist realpath: No such file or directory Debug 423: new_name #/home/lws/.kde/share/config/ksslcablacklist#, whitelist realpath: No such file or directory Debug 423: new_name #/home/lws/.kde/share/config/oxygenrc#, whitelist realpath: No such file or directory Debug 423: new_name #/home/lws/.kde/share/icons#, whitelist realpath: No such file or directory Debug 423: new_name #/home/lws/.kde4/share/config/kdeglobals#, whitelist realpath: No such file or directory Debug 423: new_name #/home/lws/.kde4/share/config/kio_httprc#, whitelist realpath: No such file or directory Debug 423: new_name #/home/lws/.kde4/share/config/kioslaverc#, whitelist realpath: No such file or directory Debug 423: new_name #/home/lws/.kde4/share/config/ksslcablacklist#, whitelist realpath: No such file or directory Debug 423: new_name #/home/lws/.kde4/share/config/oxygenrc#, whitelist realpath: No such file or directory Debug 423: new_name #/home/lws/.kde4/share/icons#, whitelist realpath: No such file or directory Debug 423: new_name #/home/lws/.local/share/qt5ct#, whitelist realpath: No such file or directory Debug 423: new_name #/var/lib/dbus#, whitelist Debug 423: new_name #/var/lib/menu-xdg#, whitelist realpath: No such file or directory Debug 423: new_name #/var/cache/fontconfig#, whitelist Debug 423: new_name #/var/tmp#, whitelist Debug 423: new_name #/var/run#, whitelist Debug 423: new_name #/var/lock#, whitelist Debug 423: new_name #/tmp/.X11-unix#, whitelist Warning: cleaning all supplementary groups Warning: cleaning all supplementary groups Warning: cleaning all supplementary groups Warning: cleaning all supplementary groups Post-exec seccomp protector enabled DISPLAY=:0 parsed as 0 Child process initialized in 178.53 ms ATTENTION: default value of option mesa_glthread overridden by environment. ATTENTION: default value of option mesa_glthread overridden by environment. ATTENTION: default value of option mesa_glthread overridden by environment. ATTENTION: default value of option mesa_glthread overridden by environment. $ cat fire.debug Autoselecting /bin/bash as shell Building quoted command line: 'firefox' Command name #firefox# Found firefox.profile profile in /etc/firejail directory Found whitelist-usr-share-common.inc profile in /etc/firejail directory Found firefox-common.profile profile in /etc/firejail directory conditional BROWSER_ALLOW_DRM, ignore noexec ${HOME} Found disable-common.inc profile in /etc/firejail directory Found disable-devel.inc profile in /etc/firejail directory Found disable-exec.inc profile in /etc/firejail directory Found disable-interpreters.inc profile in /etc/firejail directory Found disable-programs.inc profile in /etc/firejail directory Found whitelist-common.inc profile in /etc/firejail directory Found whitelist-var-common.inc profile in /etc/firejail directory conditional BROWSER_DISABLE_U2F, nou2f Using the local network stack conditional BROWSER_DISABLE_U2F, nou2f Using the local network stack Initializing child process PID namespace installed Mounting tmpfs on /run/firejail/mnt directory Creating empty /run/firejail/mnt/seccomp directory Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file Build protocol filter: unix,inet,inet6,netlink sbox run: /run/firejail/lib/fseccomp protocol build unix,inet,inet6,netlink /run/firejail/mnt/seccomp/seccomp.protocol (null) Mounting /proc filesystem representing the PID namespace Basic read-only filesystem: Mounting read-only /etc Mounting noexec /etc Mounting read-only /var Mounting noexec /var Mounting read-only /bin Mounting read-only /sbin Mounting read-only /lib Mounting read-only /lib64 Mounting read-only /lib32 Mounting read-only /libx32 Mounting read-only /usr Mounting tmpfs on /var/lock Mounting tmpfs on /var/tmp Mounting tmpfs on /var/log Mounting tmpfs on /var/lib/dhcp Mounting tmpfs on /var/lib/snmp Mounting tmpfs on /var/lib/sudo Create the new utmp file Mount the new utmp file Cleaning /home directory Cleaning /run/user directory Sanitizing /etc/passwd, UID_MIN 1000 Sanitizing /etc/group, GID_MIN 1000 Disable /run/firejail/network Disable /run/firejail/bandwidth Disable /run/firejail/name Disable /run/firejail/profile Disable /run/firejail/x11 Mounting tmpfs on /dev mounting /run/firejail/mnt/dev/snd directory mounting /run/firejail/mnt/dev/dri directory mounting /run/firejail/mnt/dev/video0 file mounting /run/firejail/mnt/dev/video1 file Process /dev/shm directory Generate private-tmp whitelist commands blacklist /run/user/1000/bus blacklist /run/dbus/system_bus_socket Mounting read-only /proc/sys Remounting /sys directory Disable /sys/firmware Disable /sys/hypervisor Disable /sys/power Disable /sys/kernel/debug Disable /sys/kernel/vmcoreinfo Disable /sys/kernel/uevent_helper Disable /proc/sys/fs/binfmt_misc Disable /proc/sys/kernel/core_pattern Disable /proc/sys/kernel/modprobe Disable /proc/sysrq-trigger Disable /proc/sys/kernel/hotplug Disable /proc/sys/vm/panic_on_oom Disable /proc/irq Disable /proc/bus Disable /proc/sched_debug Disable /proc/timer_list Disable /proc/kcore Disable /proc/kallsyms Disable /usr/lib/modules (requested /lib/modules) Disable /boot Disable /run/user/1000/gnupg Disable /run/user/1000/systemd Disable /proc/kmsg Replaced whitelist path: whitelist /home/lws/.cache/mozilla/firefox Replaced whitelist path: whitelist /home/lws/.mozilla Removed whitelist/nowhitelist path: whitelist /usr/share/webext expanded: /usr/share/webext real path: (null) Removed whitelist/nowhitelist path: whitelist /usr/share/crypto-policies expanded: /usr/share/crypto-policies real path: (null) Removed whitelist/nowhitelist path: whitelist /usr/share/cursors expanded: /usr/share/cursors real path: (null) Removed whitelist/nowhitelist path: whitelist /usr/share/dconf expanded: /usr/share/dconf real path: (null) Removed whitelist/nowhitelist path: whitelist /usr/share/enchant expanded: /usr/share/enchant real path: (null) Removed whitelist/nowhitelist path: whitelist /usr/share/gir-1.0 expanded: /usr/share/gir-1.0 real path: (null) Removed whitelist/nowhitelist path: whitelist /usr/share/gjs-1.0 expanded: /usr/share/gjs-1.0 real path: (null) Removed whitelist/nowhitelist path: whitelist /usr/share/gtk-2.0 expanded: /usr/share/gtk-2.0 real path: (null) Removed whitelist/nowhitelist path: whitelist /usr/share/gtk-3.0 expanded: /usr/share/gtk-3.0 real path: (null) Removed whitelist/nowhitelist path: whitelist /usr/share/gtksourceview-4 expanded: /usr/share/gtksourceview-4 real path: (null) Removed whitelist/nowhitelist path: whitelist /usr/share/hwdata expanded: /usr/share/hwdata real path: (null) Removed whitelist/nowhitelist path: whitelist /usr/share/Kvantum expanded: /usr/share/Kvantum real path: (null) Removed whitelist/nowhitelist path: whitelist /usr/share/Modules expanded: /usr/share/Modules real path: (null) Removed whitelist/nowhitelist path: whitelist /usr/share/myspell expanded: /usr/share/myspell real path: (null) Removed whitelist/nowhitelist path: whitelist /usr/share/pki expanded: /usr/share/pki real path: (null) Removed whitelist/nowhitelist path: whitelist /usr/share/qt expanded: /usr/share/qt real path: (null) Removed whitelist/nowhitelist path: whitelist /usr/share/qt4 expanded: /usr/share/qt4 real path: (null) Removed whitelist/nowhitelist path: whitelist /usr/share/tcl8.6 expanded: /usr/share/tcl8.6 real path: (null) Removed whitelist/nowhitelist path: whitelist /usr/share/thumbnail.so expanded: /usr/share/thumbnail.so real path: (null) Directory ${DOWNLOADS} resolved as Scaricati Replaced whitelist path: whitelist /home/lws/Scaricati Replaced whitelist path: whitelist /home/lws/.pki Replaced whitelist path: whitelist /home/lws/.local/share/pki Removed whitelist/nowhitelist path: whitelist ${HOME}/.XCompose expanded: /home/lws/.XCompose real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.asoundrc expanded: /home/lws/.asoundrc real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/ibus expanded: /home/lws/.config/ibus real path: (null) Replaced whitelist path: whitelist /home/lws/.config/mimeapps.list Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/pkcs11 expanded: /home/lws/.config/pkcs11 real path: (null) Replaced whitelist path: whitelist /home/lws/.config/user-dirs.dirs Removed whitelist/nowhitelist path: whitelist ${HOME}/.drirc expanded: /home/lws/.drirc real path: (null) Replaced whitelist path: whitelist /home/lws/.icons Replaced whitelist path: whitelist /home/lws/.local/share/applications Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/icons expanded: /home/lws/.local/share/icons real path: (null) Replaced whitelist path: whitelist /home/lws/.local/share/mime Removed whitelist/nowhitelist path: whitelist ${HOME}/.mime.types expanded: /home/lws/.mime.types real path: (null) Replaced whitelist path: whitelist /home/lws/.config/dconf Replaced whitelist path: whitelist /home/lws/.cache/fontconfig Replaced whitelist path: whitelist /home/lws/.config/fontconfig Removed whitelist/nowhitelist path: whitelist ${HOME}/.fontconfig expanded: /home/lws/.fontconfig real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts expanded: /home/lws/.fonts real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf expanded: /home/lws/.fonts.conf real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf.d expanded: /home/lws/.fonts.conf.d real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.d expanded: /home/lws/.fonts.d real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/fonts expanded: /home/lws/.local/share/fonts real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.pangorc expanded: /home/lws/.pangorc real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtk-2.0 expanded: /home/lws/.config/gtk-2.0 real path: (null) Replaced whitelist path: whitelist /home/lws/.config/gtk-3.0 Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc expanded: /home/lws/.config/gtkrc real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc-2.0 expanded: /home/lws/.config/gtkrc-2.0 real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2 expanded: /home/lws/.gnome2 real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2-private expanded: /home/lws/.gnome2-private real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtk-2.0 expanded: /home/lws/.gtk-2.0 real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtkrc expanded: /home/lws/.gtkrc real path: (null) Replaced whitelist path: whitelist /home/lws/.gtkrc-2.0 Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc expanded: /home/lws/.kde/share/config/gtkrc real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc-2.0 expanded: /home/lws/.kde/share/config/gtkrc-2.0 real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc expanded: /home/lws/.kde4/share/config/gtkrc real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc-2.0 expanded: /home/lws/.kde4/share/config/gtkrc-2.0 real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/themes expanded: /home/lws/.local/share/themes real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.themes expanded: /home/lws/.themes real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.cache/kioexec/krun expanded: /home/lws/.cache/kioexec/krun real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/Kvantum expanded: /home/lws/.config/Kvantum real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/Trolltech.conf expanded: /home/lws/.config/Trolltech.conf real path: (null) Replaced whitelist path: whitelist /home/lws/.config/kdeglobals Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kio_httprc expanded: /home/lws/.config/kio_httprc real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kioslaverc expanded: /home/lws/.config/kioslaverc real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/ksslcablacklist expanded: /home/lws/.config/ksslcablacklist real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/qt5ct expanded: /home/lws/.config/qt5ct real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kdeglobals expanded: /home/lws/.kde/share/config/kdeglobals real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kio_httprc expanded: /home/lws/.kde/share/config/kio_httprc real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kioslaverc expanded: /home/lws/.kde/share/config/kioslaverc real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/ksslcablacklist expanded: /home/lws/.kde/share/config/ksslcablacklist real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/oxygenrc expanded: /home/lws/.kde/share/config/oxygenrc real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/icons expanded: /home/lws/.kde/share/icons real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kdeglobals expanded: /home/lws/.kde4/share/config/kdeglobals real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kio_httprc expanded: /home/lws/.kde4/share/config/kio_httprc real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kioslaverc expanded: /home/lws/.kde4/share/config/kioslaverc real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/ksslcablacklist expanded: /home/lws/.kde4/share/config/ksslcablacklist real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/oxygenrc expanded: /home/lws/.kde4/share/config/oxygenrc real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/icons expanded: /home/lws/.kde4/share/icons real path: (null) Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/qt5ct expanded: /home/lws/.local/share/qt5ct real path: (null) Removed whitelist/nowhitelist path: whitelist /var/lib/menu-xdg expanded: /var/lib/menu-xdg real path: (null) Replaced whitelist path: whitelist /run Replaced whitelist path: whitelist /run/lock Mounting tmpfs on /tmp directory Mounting tmpfs on /var directory Mounting tmpfs on /usr/share directory Mounting a new /home directory Mounting a new /root directory Create a new user directory Whitelisting /home/lws/.cache/mozilla/firefox 1337 1335 8:2 /home/lws/.cache/mozilla/firefox /home/lws/.cache/mozilla/firefox rw,relatime master:1 - ext4 /dev/sda2 rw,discard mountid=1337 fsname=/home/lws/.cache/mozilla/firefox dir=/home/lws/.cache/mozilla/firefox fstype=ext4 Whitelisting /home/lws/.mozilla 1338 1335 8:2 /home/lws/.mozilla /home/lws/.mozilla rw,relatime master:1 - ext4 /dev/sda2 rw,discard mountid=1338 fsname=/home/lws/.mozilla dir=/home/lws/.mozilla fstype=ext4 Whitelisting /usr/share/mozilla 1339 1333 8:2 /usr/share/mozilla /usr/share/mozilla ro,relatime master:1 - ext4 /dev/sda2 rw,discard mountid=1339 fsname=/usr/share/mozilla dir=/usr/share/mozilla fstype=ext4 Whitelisting /usr/share/alsa 1340 1333 8:2 /usr/share/alsa /usr/share/alsa ro,relatime master:1 - ext4 /dev/sda2 rw,discard mountid=1340 fsname=/usr/share/alsa dir=/usr/share/alsa fstype=ext4 Whitelisting /usr/share/applications 1341 1333 8:2 /usr/share/applications /usr/share/applications ro,relatime master:1 - ext4 /dev/sda2 rw,discard mountid=1341 fsname=/usr/share/applications dir=/usr/share/applications fstype=ext4 Whitelisting /usr/share/ca-certificates 1342 1333 8:2 /usr/share/ca-certificates /usr/share/ca-certificates ro,relatime master:1 - ext4 /dev/sda2 rw,discard mountid=1342 fsname=/usr/share/ca-certificates dir=/usr/share/ca-certificates fstype=ext4 Whitelisting /usr/share/distro-info 1343 1333 8:2 /usr/share/distro-info /usr/share/distro-info ro,relatime master:1 - ext4 /dev/sda2 rw,discard mountid=1343 fsname=/usr/share/distro-info dir=/usr/share/distro-info fstype=ext4 Whitelisting /usr/share/drirc.d 1344 1333 8:2 /usr/share/drirc.d /usr/share/drirc.d ro,relatime master:1 - ext4 /dev/sda2 rw,discard mountid=1344 fsname=/usr/share/drirc.d dir=/usr/share/drirc.d fstype=ext4 Whitelisting /usr/share/enchant-2 1345 1333 8:2 /usr/share/enchant-2 /usr/share/enchant-2 ro,relatime master:1 - ext4 /dev/sda2 rw,discard mountid=1345 fsname=/usr/share/enchant-2 dir=/usr/share/enchant-2 fstype=ext4 Whitelisting /usr/share/fontconfig 1346 1333 8:2 /usr/share/fontconfig /usr/share/fontconfig ro,relatime master:1 - ext4 /dev/sda2 rw,discard mountid=1346 fsname=/usr/share/fontconfig dir=/usr/share/fontconfig fstype=ext4 Whitelisting /usr/share/fonts 1347 1333 8:2 /usr/share/fonts /usr/share/fonts ro,relatime master:1 - ext4 /dev/sda2 rw,discard mountid=1347 fsname=/usr/share/fonts dir=/usr/share/fonts fstype=ext4 Whitelisting /usr/share/glib-2.0 1348 1333 8:2 /usr/share/glib-2.0 /usr/share/glib-2.0 ro,relatime master:1 - ext4 /dev/sda2 rw,discard mountid=1348 fsname=/usr/share/glib-2.0 dir=/usr/share/glib-2.0 fstype=ext4 Whitelisting /usr/share/glvnd 1349 1333 8:2 /usr/share/glvnd /usr/share/glvnd ro,relatime master:1 - ext4 /dev/sda2 rw,discard mountid=1349 fsname=/usr/share/glvnd dir=/usr/share/glvnd fstype=ext4 Whitelisting /usr/share/gtksourceview-3.0 1350 1333 8:2 /usr/share/gtksourceview-3.0 /usr/share/gtksourceview-3.0 ro,relatime master:1 - ext4 /dev/sda2 rw,discard mountid=1350 fsname=/usr/share/gtksourceview-3.0 dir=/usr/share/gtksourceview-3.0 fstype=ext4 Whitelisting /usr/share/hunspell 1351 1333 8:2 /usr/share/hunspell /usr/share/hunspell ro,relatime master:1 - ext4 /dev/sda2 rw,discard mountid=1351 fsname=/usr/share/hunspell dir=/usr/share/hunspell fstype=ext4 Whitelisting /usr/share/icons 1352 1333 8:2 /usr/share/icons /usr/share/icons ro,relatime master:1 - ext4 /dev/sda2 rw,discard mountid=1352 fsname=/usr/share/icons dir=/usr/share/icons fstype=ext4 Whitelisting /usr/share/knotifications5 1353 1333 8:2 /usr/share/knotifications5 /usr/share/knotifications5 ro,relatime master:1 - ext4 /dev/sda2 rw,discard mountid=1353 fsname=/usr/share/knotifications5 dir=/usr/share/knotifications5 fstype=ext4 Whitelisting /usr/share/icu 1354 1333 8:2 /usr/share/icu /usr/share/icu ro,relatime master:1 - ext4 /dev/sda2 rw,discard mountid=1354 fsname=/usr/share/icu dir=/usr/share/icu fstype=ext4 Whitelisting /usr/share/kservices5 1355 1333 8:2 /usr/share/kservices5 /usr/share/kservices5 ro,relatime master:1 - ext4 /dev/sda2 rw,discard mountid=1355 fsname=/usr/share/kservices5 dir=/usr/share/kservices5 fstype=ext4 Whitelisting /usr/share/kxmlgui5 1356 1333 8:2 /usr/share/kxmlgui5 /usr/share/kxmlgui5 ro,relatime master:1 - ext4 /dev/sda2 rw,discard mountid=1356 fsname=/usr/share/kxmlgui5 dir=/usr/share/kxmlgui5 fstype=ext4 Whitelisting /usr/share/libdrm 1357 1333 8:2 /usr/share/libdrm /usr/share/libdrm ro,relatime master:1 - ext4 /dev/sda2 rw,discard mountid=1357 fsname=/usr/share/libdrm dir=/usr/share/libdrm fstype=ext4 Whitelisting /usr/share/libthai 1358 1333 8:2 /usr/share/libthai /usr/share/libthai ro,relatime master:1 - ext4 /dev/sda2 rw,discard mountid=1358 fsname=/usr/share/libthai dir=/usr/share/libthai fstype=ext4 Whitelisting /usr/share/locale 1359 1333 8:2 /usr/share/locale /usr/share/locale ro,relatime master:1 - ext4 /dev/sda2 rw,discard mountid=1359 fsname=/usr/share/locale dir=/usr/share/locale fstype=ext4 Whitelisting /usr/share/mime 1360 1333 8:2 /usr/share/mime /usr/share/mime ro,relatime master:1 - ext4 /dev/sda2 rw,discard mountid=1360 fsname=/usr/share/mime dir=/usr/share/mime fstype=ext4 Whitelisting /usr/share/misc 1361 1333 8:2 /usr/share/misc /usr/share/misc ro,relatime master:1 - ext4 /dev/sda2 rw,discard mountid=1361 fsname=/usr/share/misc dir=/usr/share/misc fstype=ext4 Whitelisting /usr/share/p11-kit 1362 1333 8:2 /usr/share/p11-kit /usr/share/p11-kit ro,relatime master:1 - ext4 /dev/sda2 rw,discard mountid=1362 fsname=/usr/share/p11-kit dir=/usr/share/p11-kit fstype=ext4 Whitelisting /usr/share/pixmaps 1363 1333 8:2 /usr/share/pixmaps /usr/share/pixmaps ro,relatime master:1 - ext4 /dev/sda2 rw,discard mountid=1363 fsname=/usr/share/pixmaps dir=/usr/share/pixmaps fstype=ext4 Whitelisting /usr/share/plasma 1364 1333 8:2 /usr/share/plasma /usr/share/plasma ro,relatime master:1 - ext4 /dev/sda2 rw,discard mountid=1364 fsname=/usr/share/plasma dir=/usr/share/plasma fstype=ext4 Whitelisting /usr/share/qt5 1365 1333 8:2 /usr/share/qt5 /usr/share/qt5 ro,relatime master:1 - ext4 /dev/sda2 rw,discard mountid=1365 fsname=/usr/share/qt5 dir=/usr/share/qt5 fstype=ext4 Whitelisting /usr/share/sounds 1366 1333 8:2 /usr/share/sounds /usr/share/sounds ro,relatime master:1 - ext4 /dev/sda2 rw,discard mountid=1366 fsname=/usr/share/sounds dir=/usr/share/sounds fstype=ext4 Whitelisting /usr/share/terminfo 1367 1333 8:2 /usr/share/terminfo /usr/share/terminfo ro,relatime master:1 - ext4 /dev/sda2 rw,discard mountid=1367 fsname=/usr/share/terminfo dir=/usr/share/terminfo fstype=ext4 Whitelisting /usr/share/themes 1368 1333 8:2 /usr/share/themes /usr/share/themes ro,relatime master:1 - ext4 /dev/sda2 rw,discard mountid=1368 fsname=/usr/share/themes dir=/usr/share/themes fstype=ext4 Whitelisting /usr/share/X11 1369 1333 8:2 /usr/share/X11 /usr/share/X11 ro,relatime master:1 - ext4 /dev/sda2 rw,discard mountid=1369 fsname=/usr/share/X11 dir=/usr/share/X11 fstype=ext4 Whitelisting /usr/share/xml 1370 1333 8:2 /usr/share/xml /usr/share/xml ro,relatime master:1 - ext4 /dev/sda2 rw,discard mountid=1370 fsname=/usr/share/xml dir=/usr/share/xml fstype=ext4 Whitelisting /usr/share/zoneinfo 1371 1333 8:2 /usr/share/zoneinfo /usr/share/zoneinfo ro,relatime master:1 - ext4 /dev/sda2 rw,discard mountid=1371 fsname=/usr/share/zoneinfo dir=/usr/share/zoneinfo fstype=ext4 Whitelisting /home/lws/Scaricati 1372 1335 8:2 /home/lws/Scaricati /home/lws/Scaricati rw,relatime master:1 - ext4 /dev/sda2 rw,discard mountid=1372 fsname=/home/lws/Scaricati dir=/home/lws/Scaricati fstype=ext4 Whitelisting /home/lws/.pki 1373 1335 8:2 /home/lws/.pki /home/lws/.pki rw,relatime master:1 - ext4 /dev/sda2 rw,discard mountid=1373 fsname=/home/lws/.pki dir=/home/lws/.pki fstype=ext4 Whitelisting /home/lws/.local/share/pki 1374 1335 8:2 /home/lws/.local/share/pki /home/lws/.local/share/pki rw,relatime master:1 - ext4 /dev/sda2 rw,discard mountid=1374 fsname=/home/lws/.local/share/pki dir=/home/lws/.local/share/pki fstype=ext4 Whitelisting /home/lws/.config/mimeapps.list 1375 1335 8:2 /home/lws/.config/mimeapps.list /home/lws/.config/mimeapps.list rw,relatime master:1 - ext4 /dev/sda2 rw,discard mountid=1375 fsname=/home/lws/.config/mimeapps.list dir=/home/lws/.config/mimeapps.list fstype=ext4 Whitelisting /home/lws/.config/user-dirs.dirs 1376 1335 8:2 /home/lws/.config/user-dirs.dirs /home/lws/.config/user-dirs.dirs rw,relatime master:1 - ext4 /dev/sda2 rw,discard mountid=1376 fsname=/home/lws/.config/user-dirs.dirs dir=/home/lws/.config/user-dirs.dirs fstype=ext4 Whitelisting /home/lws/.icons 1377 1335 8:2 /home/lws/.icons /home/lws/.icons rw,relatime master:1 - ext4 /dev/sda2 rw,discard mountid=1377 fsname=/home/lws/.icons dir=/home/lws/.icons fstype=ext4 Whitelisting /home/lws/.local/share/applications 1378 1335 8:2 /home/lws/.local/share/applications /home/lws/.local/share/applications rw,relatime master:1 - ext4 /dev/sda2 rw,discard mountid=1378 fsname=/home/lws/.local/share/applications dir=/home/lws/.local/share/applications fstype=ext4 Whitelisting /home/lws/.local/share/mime 1379 1335 8:2 /home/lws/.local/share/mime /home/lws/.local/share/mime rw,relatime master:1 - ext4 /dev/sda2 rw,discard mountid=1379 fsname=/home/lws/.local/share/mime dir=/home/lws/.local/share/mime fstype=ext4 Whitelisting /home/lws/.config/dconf 1380 1335 8:2 /home/lws/.config/dconf /home/lws/.config/dconf rw,relatime master:1 - ext4 /dev/sda2 rw,discard mountid=1380 fsname=/home/lws/.config/dconf dir=/home/lws/.config/dconf fstype=ext4 Whitelisting /home/lws/.cache/fontconfig 1381 1335 8:2 /home/lws/.cache/fontconfig /home/lws/.cache/fontconfig rw,relatime master:1 - ext4 /dev/sda2 rw,discard mountid=1381 fsname=/home/lws/.cache/fontconfig dir=/home/lws/.cache/fontconfig fstype=ext4 Whitelisting /home/lws/.config/fontconfig 1382 1335 8:2 /home/lws/.config/fontconfig /home/lws/.config/fontconfig rw,relatime master:1 - ext4 /dev/sda2 rw,discard mountid=1382 fsname=/home/lws/.config/fontconfig dir=/home/lws/.config/fontconfig fstype=ext4 Whitelisting /home/lws/.config/gtk-3.0 1383 1335 8:2 /home/lws/.config/gtk-3.0 /home/lws/.config/gtk-3.0 rw,relatime master:1 - ext4 /dev/sda2 rw,discard mountid=1383 fsname=/home/lws/.config/gtk-3.0 dir=/home/lws/.config/gtk-3.0 fstype=ext4 Whitelisting /home/lws/.gtkrc-2.0 1384 1335 8:2 /home/lws/.gtkrc-2.0 /home/lws/.gtkrc-2.0 rw,relatime master:1 - ext4 /dev/sda2 rw,discard mountid=1384 fsname=/home/lws/.gtkrc-2.0 dir=/home/lws/.gtkrc-2.0 fstype=ext4 Whitelisting /home/lws/.config/kdeglobals 1385 1335 8:2 /home/lws/.config/kdeglobals /home/lws/.config/kdeglobals rw,relatime master:1 - ext4 /dev/sda2 rw,discard mountid=1385 fsname=/home/lws/.config/kdeglobals dir=/home/lws/.config/kdeglobals fstype=ext4 Whitelisting /var/lib/dbus 1386 1331 8:2 /var/lib/dbus /var/lib/dbus ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/sda2 rw,discard mountid=1386 fsname=/var/lib/dbus dir=/var/lib/dbus fstype=ext4 Whitelisting /var/cache/fontconfig 1387 1331 8:2 /var/cache/fontconfig /var/cache/fontconfig ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/sda2 rw,discard mountid=1387 fsname=/var/cache/fontconfig dir=/var/cache/fontconfig fstype=ext4 Whitelisting /var/tmp 1388 1331 0:59 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw,inode64 mountid=1388 fsname=/ dir=/var/tmp fstype=tmpfs Created symbolic link /var/run -> /run Created symbolic link /var/lock -> /run/lock Whitelisting /tmp/.X11-unix 1389 1324 0:50 /.X11-unix /tmp/.X11-unix rw,noatime master:69 - tmpfs tmpfs rw,inode64 mountid=1389 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Disable /etc/X11/Xsession.d Disable /etc/xdg/autostart Mounting read-only /home/lws/.Xauthority 1396 1335 0:73 /lws/.Xauthority /home/lws/.Xauthority ro,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64 mountid=1396 fsname=/lws/.Xauthority dir=/home/lws/.Xauthority fstype=tmpfs Mounting read-only /home/lws/.config/kdeglobals 1397 1385 8:2 /home/lws/.config/kdeglobals /home/lws/.config/kdeglobals ro,relatime master:1 - ext4 /dev/sda2 rw,discard mountid=1397 fsname=/home/lws/.config/kdeglobals dir=/home/lws/.config/kdeglobals fstype=ext4 Mounting read-only /home/lws/.config/dconf 1398 1380 8:2 /home/lws/.config/dconf /home/lws/.config/dconf ro,relatime master:1 - ext4 /dev/sda2 rw,discard mountid=1398 fsname=/home/lws/.config/dconf dir=/home/lws/.config/dconf fstype=ext4 Disable /run/acpid.socket (requested /var/run/acpid.socket) Disable /etc/anacrontab Disable /etc/cron.monthly Disable /etc/cron.daily Disable /etc/cron.weekly Disable /etc/cron.hourly Disable /etc/cron.d Disable /etc/crontab Disable /etc/profile.d Disable /etc/rc0.d Disable /etc/rc6.d Disable /etc/rcS.d Disable /etc/rc5.d Disable /etc/rc3.d Disable /etc/rc1.d Disable /etc/rc2.d Disable /etc/rc4.d Disable /etc/kernel-img.conf Disable /etc/kerneloops.conf Disable /etc/kernel Disable /etc/grub.d Disable /etc/dkms Disable /etc/apparmor.d Disable /etc/apparmor Disable /etc/selinux Disable /etc/modules-load.d Disable /etc/modules Disable /etc/logrotate.conf Disable /etc/logrotate.d Disable /etc/adduser.conf Mounting read-only /home/lws/.bashrc 1429 1335 0:73 /lws/.bashrc /home/lws/.bashrc ro,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64 mountid=1429 fsname=/lws/.bashrc dir=/home/lws/.bashrc fstype=tmpfs Mounting read-only /home/lws/.local/share/applications 1430 1378 8:2 /home/lws/.local/share/applications /home/lws/.local/share/applications ro,relatime master:1 - ext4 /dev/sda2 rw,discard mountid=1430 fsname=/home/lws/.local/share/applications dir=/home/lws/.local/share/applications fstype=ext4 Not blacklist /home/lws/.pki Not blacklist /home/lws/.local/share/pki Disable /etc/group- Disable /etc/gshadow Disable /etc/gshadow- Disable /etc/passwd- Disable /etc/shadow Disable /etc/shadow- Disable /etc/ssh Disable /usr/sbin (requested /sbin) Disable /usr/local/sbin Disable /usr/sbin Disable /usr/bin/chage Disable /usr/bin/chage (requested /bin/chage) Disable /usr/bin/chfn Disable /usr/bin/chfn (requested /bin/chfn) Disable /usr/bin/chsh Disable /usr/bin/chsh (requested /bin/chsh) Disable /usr/bin/crontab Disable /usr/bin/crontab (requested /bin/crontab) Disable /usr/bin/expiry Disable /usr/bin/expiry (requested /bin/expiry) Disable /usr/bin/fusermount Disable /usr/bin/fusermount (requested /bin/fusermount) Disable /usr/bin/gpasswd Disable /usr/bin/gpasswd (requested /bin/gpasswd) Disable /usr/bin/mount Disable /usr/bin/mount (requested /bin/mount) Disable /usr/bin/nc.openbsd (requested /usr/bin/nc) Disable /usr/bin/nc.openbsd (requested /bin/nc) Disable /usr/bin/newgrp Disable /usr/bin/newgrp (requested /bin/newgrp) Disable /usr/bin/ntfs-3g Disable /usr/bin/ntfs-3g (requested /bin/ntfs-3g) Disable /usr/bin/pkexec Disable /usr/bin/pkexec (requested /bin/pkexec) Disable /usr/bin/newgrp (requested /usr/bin/sg) Disable /usr/bin/newgrp (requested /bin/sg) Disable /usr/bin/strace Disable /usr/bin/strace (requested /bin/strace) Disable /usr/bin/su Disable /usr/bin/su (requested /bin/su) Disable /usr/bin/sudo Disable /usr/bin/sudo (requested /bin/sudo) Disable /usr/bin/umount Disable /usr/bin/umount (requested /bin/umount) Disable /usr/bin/xev Disable /usr/bin/xev (requested /bin/xev) Disable /usr/bin/xinput Disable /usr/bin/xinput (requested /bin/xinput) Disable /usr/lib/virtualbox Disable /usr/bin/urxvtc Disable /usr/bin/urxvtc (requested /bin/urxvtc) Disable /usr/bin/urxvtcd Disable /usr/bin/urxvtcd (requested /bin/urxvtcd) Disable /usr/bin/bwrap Disable /usr/bin/bwrap (requested /bin/bwrap) Disable /usr/bin/x86_64-linux-gnu-as (requested /usr/bin/as) Disable /usr/bin/x86_64-linux-gnu-as (requested /bin/as) Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /usr/bin/cc) Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /bin/cc) Disable /usr/bin/x86_64-linux-gnu-c++filt (requested /usr/bin/c++filt) Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /usr/bin/c++) Disable /usr/bin/x86_64-linux-gnu-c++filt (requested /bin/c++filt) Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /bin/c++) Disable /usr/bin/c89-gcc Disable /usr/bin/c89-gcc (requested /usr/bin/c89) Disable /usr/bin/c89-gcc (requested /bin/c89-gcc) Disable /usr/bin/c89-gcc (requested /bin/c89) Disable /usr/bin/c99-gcc Disable /usr/bin/c99-gcc (requested /usr/bin/c99) Disable /usr/bin/c99-gcc (requested /bin/c99-gcc) Disable /usr/bin/c99-gcc (requested /bin/c99) Disable /usr/bin/x86_64-linux-gnu-cpp-9 (requested /usr/bin/cpp) Disable /usr/bin/x86_64-linux-gnu-cpp-9 (requested /usr/bin/cpp-9) Disable /usr/bin/x86_64-linux-gnu-cpp-9 (requested /bin/cpp) Disable /usr/bin/x86_64-linux-gnu-cpp-9 (requested /bin/cpp-9) Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /usr/bin/g++) Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /usr/bin/g++-9) Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /bin/g++) Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /bin/g++-9) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9 (requested /usr/bin/gcc-ar-9) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9 (requested /usr/bin/gcc-ranlib-9) Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /usr/bin/gcc) Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /usr/bin/gcc-9) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9 (requested /usr/bin/gcc-ar) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9 (requested /usr/bin/gcc-nm) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9 (requested /usr/bin/gcc-ranlib) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9 (requested /usr/bin/gcc-nm-9) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9 (requested /bin/gcc-ar-9) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9 (requested /bin/gcc-ranlib-9) Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /bin/gcc) Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /bin/gcc-9) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9 (requested /bin/gcc-ar) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9 (requested /bin/gcc-nm) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9 (requested /bin/gcc-ranlib) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9 (requested /bin/gcc-nm-9) Disable /usr/bin/x86_64-linux-gnu-ld.bfd (requested /usr/bin/ld) Disable /usr/bin/x86_64-linux-gnu-ld.bfd (requested /bin/ld) Disable /usr/bin/c99-gcc Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9 (requested /usr/bin/x86_64-linux-gnu-gcc-nm) Disable /usr/bin/x86_64-linux-gnu-gcc-9 Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9 Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9 Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9 (requested /usr/bin/x86_64-linux-gnu-gcc-ar) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9 Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9 (requested /usr/bin/x86_64-linux-gnu-gcc-ranlib) Disable /usr/bin/c89-gcc Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /usr/bin/x86_64-linux-gnu-gcc) Disable /usr/bin/c99-gcc (requested /bin/c99-gcc) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9 (requested /bin/x86_64-linux-gnu-gcc-nm) Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /bin/x86_64-linux-gnu-gcc-9) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9 (requested /bin/x86_64-linux-gnu-gcc-nm-9) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9 (requested /bin/x86_64-linux-gnu-gcc-ar-9) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9 (requested /bin/x86_64-linux-gnu-gcc-ar) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9 (requested /bin/x86_64-linux-gnu-gcc-ranlib-9) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9 (requested /bin/x86_64-linux-gnu-gcc-ranlib) Disable /usr/bin/c89-gcc (requested /bin/c89-gcc) Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /bin/x86_64-linux-gnu-gcc) Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /usr/bin/x86_64-linux-gnu-g++) Disable /usr/bin/x86_64-linux-gnu-g++-9 Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /bin/x86_64-linux-gnu-g++) Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /bin/x86_64-linux-gnu-g++-9) Disable /usr/bin/c99-gcc Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9 (requested /usr/bin/x86_64-linux-gnu-gcc-nm) Disable /usr/bin/x86_64-linux-gnu-gcc-9 Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9 Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9 Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9 (requested /usr/bin/x86_64-linux-gnu-gcc-ar) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9 Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9 (requested /usr/bin/x86_64-linux-gnu-gcc-ranlib) Disable /usr/bin/c89-gcc Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /usr/bin/x86_64-linux-gnu-gcc) Disable /usr/bin/c99-gcc (requested /bin/c99-gcc) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9 (requested /bin/x86_64-linux-gnu-gcc-nm) Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /bin/x86_64-linux-gnu-gcc-9) Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9 (requested /bin/x86_64-linux-gnu-gcc-nm-9) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9 (requested /bin/x86_64-linux-gnu-gcc-ar-9) Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9 (requested /bin/x86_64-linux-gnu-gcc-ar) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9 (requested /bin/x86_64-linux-gnu-gcc-ranlib-9) Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9 (requested /bin/x86_64-linux-gnu-gcc-ranlib) Disable /usr/bin/c89-gcc (requested /bin/c89-gcc) Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /bin/x86_64-linux-gnu-gcc) Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /usr/bin/x86_64-linux-gnu-g++) Disable /usr/bin/x86_64-linux-gnu-g++-9 Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /bin/x86_64-linux-gnu-g++) Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /bin/x86_64-linux-gnu-g++-9) Disable /usr/include Disable /usr/bin/openssl Disable /usr/bin/openssl (requested /bin/openssl) Disable /usr/lib/valgrind Mounting noexec /run/user/1000 1585 1580 0:25 /firejail/firejail.ro.dir /run/user/1000/systemd rw,nosuid,nodev,noexec,relatime master:5 - tmpfs tmpfs rw,size=392800k,mode=755,inode64 mountid=1585 fsname=/firejail/firejail.ro.dir dir=/run/user/1000/systemd fstype=tmpfs Mounting noexec /dev/shm 1586 1311 0:68 /shm /dev/shm rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64 mountid=1586 fsname=/shm dir=/dev/shm fstype=tmpfs Mounting noexec /tmp 1588 1587 0:50 /.X11-unix /tmp/.X11-unix rw,noatime master:69 - tmpfs tmpfs rw,inode64 mountid=1588 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Mounting noexec /tmp/.X11-unix 1589 1588 0:50 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev,noexec,noatime master:69 - tmpfs tmpfs rw,inode64 mountid=1589 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Mounting noexec /var 1593 1590 0:59 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw,inode64 mountid=1593 fsname=/ dir=/var/tmp fstype=tmpfs Disable /usr/bin/cpan5.30-x86_64-linux-gnu Disable /usr/bin/cpan5.30-i386-linux-gnu Disable /usr/bin/cpan Disable /usr/bin/cpan5.30-x86_64-linux-gnu (requested /bin/cpan5.30-x86_64-linux-gnu) Disable /usr/bin/cpan5.30-i386-linux-gnu (requested /bin/cpan5.30-i386-linux-gnu) Disable /usr/bin/cpan (requested /bin/cpan) Disable /usr/bin/perl Disable /usr/bin/perl (requested /bin/perl) Disable /usr/bin/python2.7 Disable /usr/bin/python2.7 (requested /usr/bin/python2) Disable /usr/bin/python2.7 (requested /bin/python2.7) Disable /usr/bin/python2.7 (requested /bin/python2) Disable /usr/lib/python2.7 Disable /usr/local/lib/python2.7 Disable /usr/bin/python3-pasteurize Disable /usr/bin/python3.8 Disable /usr/bin/python3-futurize Disable /usr/bin/python3-wsdump Disable /usr/bin/x86_64-linux-gnu-python3.8-config (requested /usr/bin/python3.8-config) Disable /usr/bin/x86_64-linux-gnu-python3.8-config (requested /usr/bin/python3-config) Disable /usr/bin/python3.8 (requested /usr/bin/python3) Disable /usr/bin/python3-pasteurize (requested /bin/python3-pasteurize) Disable /usr/bin/python3.8 (requested /bin/python3.8) Disable /usr/bin/python3-futurize (requested /bin/python3-futurize) Disable /usr/bin/python3-wsdump (requested /bin/python3-wsdump) Disable /usr/bin/x86_64-linux-gnu-python3.8-config (requested /bin/python3.8-config) Disable /usr/bin/x86_64-linux-gnu-python3.8-config (requested /bin/python3-config) Disable /usr/bin/python3.8 (requested /bin/python3) Disable /usr/lib/python3.9 Disable /usr/lib/python3.8 Disable /usr/lib/python3 Disable /usr/local/lib/python3.8 Not blacklist /home/lws/.mozilla Not blacklist /home/lws/.cache/mozilla Mounting read-only /home/lws/.config/user-dirs.dirs 1626 1376 8:2 /home/lws/.config/user-dirs.dirs /home/lws/.config/user-dirs.dirs ro,relatime master:1 - ext4 /dev/sda2 rw,discard mountid=1626 fsname=/home/lws/.config/user-dirs.dirs dir=/home/lws/.config/user-dirs.dirs fstype=ext4 Mounting read-only /tmp/.X11-unix 1627 1589 0:50 /.X11-unix /tmp/.X11-unix ro,nosuid,nodev,noexec,noatime master:69 - tmpfs tmpfs rw,inode64 mountid=1627 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Disable /sys/fs Disable /sys/module Disable /mnt Disable /media Disable /run/mount Mounting noexec /run/firejail/mnt/pulse Creating empty /home/lws/.config/pulse directory Mounting /run/firejail/mnt/pulse on /home/lws/.config/pulse 2199 1335 0:54 /pulse /home/lws/.config/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64 mountid=2199 fsname=/pulse dir=/home/lws/.config/pulse fstype=tmpfs Create the new ld.so.preload file line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 15 01 00 00000029 jeq socket 0006 (false 0005) 0005: 06 00 00 7fff0000 ret ALLOW 0006: 20 00 00 00000010 ld data.args[0] 0007: 15 00 01 00000001 jeq 1 0008 (false 0009) 0008: 06 00 00 7fff0000 ret ALLOW 0009: 15 00 01 00000002 jeq 2 000a (false 000b) 000a: 06 00 00 7fff0000 ret ALLOW 000b: 15 00 01 0000000a jeq a 000c (false 000d) 000c: 06 00 00 7fff0000 ret ALLOW 000d: 15 00 01 00000010 jeq 10 000e (false 000f) 000e: 06 00 00 7fff0000 ret ALLOW 000f: 06 00 00 0005005f ret ERRNO(95) line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 40000003 jeq ARCH_32 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 15 30 00 00000015 jeq 15 0035 (false 0005) 0005: 15 2f 00 00000034 jeq 34 0035 (false 0006) 0006: 15 2e 00 0000001a jeq 1a 0035 (false 0007) 0007: 15 2d 00 0000011b jeq 11b 0035 (false 0008) 0008: 15 2c 00 00000155 jeq 155 0035 (false 0009) 0009: 15 2b 00 00000156 jeq 156 0035 (false 000a) 000a: 15 2a 00 0000007f jeq 7f 0035 (false 000b) 000b: 15 29 00 00000080 jeq 80 0035 (false 000c) 000c: 15 28 00 0000015e jeq 15e 0035 (false 000d) 000d: 15 27 00 00000081 jeq 81 0035 (false 000e) 000e: 15 26 00 0000006e jeq 6e 0035 (false 000f) 000f: 15 25 00 00000065 jeq 65 0035 (false 0010) 0010: 15 24 00 00000121 jeq 121 0035 (false 0011) 0011: 15 23 00 00000057 jeq 57 0035 (false 0012) 0012: 15 22 00 00000073 jeq 73 0035 (false 0013) 0013: 15 21 00 00000067 jeq 67 0035 (false 0014) 0014: 15 20 00 0000015b jeq 15b 0035 (false 0015) 0015: 15 1f 00 0000015c jeq 15c 0035 (false 0016) 0016: 15 1e 00 00000087 jeq 87 0035 (false 0017) 0017: 15 1d 00 00000095 jeq 95 0035 (false 0018) 0018: 15 1c 00 0000007c jeq 7c 0035 (false 0019) 0019: 15 1b 00 00000157 jeq 157 0035 (false 001a) 001a: 15 1a 00 000000fd jeq fd 0035 (false 001b) 001b: 15 19 00 00000150 jeq 150 0035 (false 001c) 001c: 15 18 00 00000152 jeq 152 0035 (false 001d) 001d: 15 17 00 0000015d jeq 15d 0035 (false 001e) 001e: 15 16 00 0000011e jeq 11e 0035 (false 001f) 001f: 15 15 00 0000011f jeq 11f 0035 (false 0020) 0020: 15 14 00 00000120 jeq 120 0035 (false 0021) 0021: 15 13 00 00000056 jeq 56 0035 (false 0022) 0022: 15 12 00 00000033 jeq 33 0035 (false 0023) 0023: 15 11 00 0000007b jeq 7b 0035 (false 0024) 0024: 15 10 00 000000d9 jeq d9 0035 (false 0025) 0025: 15 0f 00 000000f5 jeq f5 0035 (false 0026) 0026: 15 0e 00 000000f6 jeq f6 0035 (false 0027) 0027: 15 0d 00 000000f7 jeq f7 0035 (false 0028) 0028: 15 0c 00 000000f8 jeq f8 0035 (false 0029) 0029: 15 0b 00 000000f9 jeq f9 0035 (false 002a) 002a: 15 0a 00 00000101 jeq 101 0035 (false 002b) 002b: 15 09 00 00000112 jeq 112 0035 (false 002c) 002c: 15 08 00 00000114 jeq 114 0035 (false 002d) 002d: 15 07 00 00000126 jeq 126 0035 (false 002e) 002e: 15 06 00 0000013d jeq 13d 0035 (false 002f) 002f: 15 05 00 0000013c jeq 13c 0035 (false 0030) 0030: 15 04 00 0000003d jeq 3d 0035 (false 0031) 0031: 15 03 00 00000058 jeq 58 0035 (false 0032) 0032: 15 02 00 000000a9 jeq a9 0035 (false 0033) 0033: 15 01 00 00000082 jeq 82 0035 (false 0034) 0034: 06 00 00 7fff0000 ret ALLOW 0035: 06 00 00 00000000 ret KILL Seccomp list in: !chroot, check list: @default-keep, prelist: unknown, line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005) 0005: 35 01 00 00000000 jge read 0007 (false 0006) 0006: 06 00 00 00050001 ret ERRNO(1) 0007: 15 00 01 000000a1 jeq chroot 0008 (false 0009) 0008: 06 00 00 7fff0000 ret ALLOW 0009: 15 3f 00 0000009f jeq adjtimex 0049 (false 000a) 000a: 15 3e 00 00000131 jeq clock_adjtime 0049 (false 000b) 000b: 15 3d 00 000000e3 jeq clock_settime 0049 (false 000c) 000c: 15 3c 00 000000a4 jeq settimeofday 0049 (false 000d) 000d: 15 3b 00 0000009a jeq modify_ldt 0049 (false 000e) 000e: 15 3a 00 000000d4 jeq lookup_dcookie 0049 (false 000f) 000f: 15 39 00 0000012a jeq perf_event_open 0049 (false 0010) 0010: 15 38 00 00000137 jeq process_vm_writev 0049 (false 0011) 0011: 15 37 00 000000b0 jeq delete_module 0049 (false 0012) 0012: 15 36 00 00000139 jeq finit_module 0049 (false 0013) 0013: 15 35 00 000000af jeq init_module 0049 (false 0014) 0014: 15 34 00 0000009c jeq _sysctl 0049 (false 0015) 0015: 15 33 00 000000b7 jeq afs_syscall 0049 (false 0016) 0016: 15 32 00 000000ae jeq create_module 0049 (false 0017) 0017: 15 31 00 000000b1 jeq get_kernel_syms 0049 (false 0018) 0018: 15 30 00 000000b5 jeq getpmsg 0049 (false 0019) 0019: 15 2f 00 000000b6 jeq putpmsg 0049 (false 001a) 001a: 15 2e 00 000000b2 jeq query_module 0049 (false 001b) 001b: 15 2d 00 000000b9 jeq security 0049 (false 001c) 001c: 15 2c 00 0000008b jeq sysfs 0049 (false 001d) 001d: 15 2b 00 000000b8 jeq tuxcall 0049 (false 001e) 001e: 15 2a 00 00000086 jeq uselib 0049 (false 001f) 001f: 15 29 00 00000088 jeq ustat 0049 (false 0020) 0020: 15 28 00 000000ec jeq vserver 0049 (false 0021) 0021: 15 27 00 000000ad jeq ioperm 0049 (false 0022) 0022: 15 26 00 000000ac jeq iopl 0049 (false 0023) 0023: 15 25 00 000000f6 jeq kexec_load 0049 (false 0024) 0024: 15 24 00 00000140 jeq kexec_file_load 0049 (false 0025) 0025: 15 23 00 000000a9 jeq reboot 0049 (false 0026) 0026: 15 22 00 000000a7 jeq swapon 0049 (false 0027) 0027: 15 21 00 000000a8 jeq swapoff 0049 (false 0028) 0028: 15 20 00 00000130 jeq open_by_handle_at 0049 (false 0029) 0029: 15 1f 00 0000012f jeq name_to_handle_at 0049 (false 002a) 002a: 15 1e 00 000000fb jeq ioprio_set 0049 (false 002b) 002b: 15 1d 00 00000067 jeq syslog 0049 (false 002c) 002c: 15 1c 00 0000012c jeq fanotify_init 0049 (false 002d) 002d: 15 1b 00 00000138 jeq kcmp 0049 (false 002e) 002e: 15 1a 00 000000f8 jeq add_key 0049 (false 002f) 002f: 15 19 00 000000f9 jeq request_key 0049 (false 0030) 0030: 15 18 00 000000ed jeq mbind 0049 (false 0031) 0031: 15 17 00 00000100 jeq migrate_pages 0049 (false 0032) 0032: 15 16 00 00000117 jeq move_pages 0049 (false 0033) 0033: 15 15 00 000000fa jeq keyctl 0049 (false 0034) 0034: 15 14 00 000000ce jeq io_setup 0049 (false 0035) 0035: 15 13 00 000000cf jeq io_destroy 0049 (false 0036) 0036: 15 12 00 000000d0 jeq io_getevents 0049 (false 0037) 0037: 15 11 00 000000d1 jeq io_submit 0049 (false 0038) 0038: 15 10 00 000000d2 jeq io_cancel 0049 (false 0039) 0039: 15 0f 00 000000d8 jeq remap_file_pages 0049 (false 003a) 003a: 15 0e 00 00000143 jeq userfaultfd 0049 (false 003b) 003b: 15 0d 00 000000a3 jeq acct 0049 (false 003c) 003c: 15 0c 00 00000141 jeq bpf 0049 (false 003d) 003d: 15 0b 00 000000a1 jeq chroot 0049 (false 003e) 003e: 15 0a 00 000000a5 jeq mount 0049 (false 003f) 003f: 15 09 00 000000b4 jeq nfsservctl 0049 (false 0040) 0040: 15 08 00 0000009b jeq pivot_root 0049 (false 0041) 0041: 15 07 00 000000ab jeq setdomainname 0049 (false 0042) 0042: 15 06 00 000000aa jeq sethostname 0049 (false 0043) 0043: 15 05 00 000000a6 jeq umount2 0049 (false 0044) 0044: 15 04 00 00000099 jeq vhangup 0049 (false 0045) 0045: 15 03 00 00000065 jeq ptrace 0049 (false 0046) 0046: 15 02 00 00000087 jeq personality 0049 (false 0047) 0047: 15 01 00 00000136 jeq process_vm_readv 0049 (false 0048) 0048: 06 00 00 7fff0000 ret ALLOW 0049: 06 00 01 00000000 ret KILL Mount the new ld.so.preload file Current directory: /home/lws Install protocol filter: unix,inet,inet6,netlink configuring 16 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol (null) configuring 54 seccomp entries in /run/firejail/mnt/seccomp/seccomp.32 sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.32 (null) Dual 32/64 bit seccomp filter configured Build default+drop seccomp filter sbox run: /run/firejail/lib/fseccomp default drop /run/firejail/mnt/seccomp/seccomp /run/firejail/mnt/seccomp/seccomp.postexec !chroot (null) sbox run: /run/firejail/lib/fsec-optimize /run/firejail/mnt/seccomp/seccomp (null) configuring 74 seccomp entries in /run/firejail/mnt/seccomp/seccomp sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp (null) seccomp filter configured Mounting read-only /run/firejail/mnt/seccomp Dropping all capabilities noroot user namespace installed Dropping all capabilities NO_NEW_PRIVS set Drop privileges: pid 1, uid 1000, gid 1001, nogroups 1 No supplementary groups AppArmor enabled starting application LD_PRELOAD=(null) execvp argument 0: firefox ``` </p> </details> When I click on that facebook group I get the following in the console: ATTENTION: default value of option mesa_glthread overridden by environment. ATTENTION: default value of option mesa_glthread overridden by environment.
gitea-mirror 2026-05-05 09:24:58 -06:00
gitea-mirror commented 2026-05-05 09:25:01 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Nov 18, 2021):

Duplicate of #3219

<!-- gh-comment-id:973235733 --> @rusty-snake commented on GitHub (Nov 18, 2021): Duplicate of #3219
gitea-mirror commented 2026-05-05 09:25:02 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Nov 18, 2021):

Either update firejail (to a version without vulnerabilities) or add !kcmp to seccomp.

<!-- gh-comment-id:973236637 --> @rusty-snake commented on GitHub (Nov 18, 2021): Either update firejail (to a version without vulnerabilities) or add `!kcmp` to `seccomp`.
gitea-mirror commented 2026-05-05 09:25:03 -06:00
Author
Owner
Copy link

@fpusersuggest commented on GitHub (Nov 18, 2021):

thanks, but how should I add it ?
because if I add !kcmp in the following way:
seccomp !chroot !kcmp
firefox don't start and it give the following error:
Error: invalid syscall list entry !chroot !kcmp
and exit. If I add in this other way:

seccomp !chroot
seccomp !kcmp

firefox freeze.

<!-- gh-comment-id:973338812 --> @fpusersuggest commented on GitHub (Nov 18, 2021): thanks, but how should I add it ? because if I add !kcmp in the following way: ```seccomp !chroot !kcmp``` firefox don't start and it give the following error: ```Error: invalid syscall list entry !chroot !kcmp``` and exit. If I add in this other way: ``` seccomp !chroot seccomp !kcmp ``` firefox freeze.
gitea-mirror commented 2026-05-05 09:25:04 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Nov 19, 2021):

seccomp syscall,syscall,syscall
Enable seccomp filter and blacklist the system calls in the list on top of default seccomp filter.

seccomp !chroot,!kcmp
               ^
<!-- gh-comment-id:973800516 --> @rusty-snake commented on GitHub (Nov 19, 2021): > **seccomp syscall,syscall,syscall** > Enable seccomp filter and blacklist the system calls in the list on top of default seccomp filter. ``` seccomp !chroot,!kcmp ^ ```
gitea-mirror commented 2026-05-05 09:25:05 -06:00
Author
Owner
Copy link

@kmk3 commented on GitHub (Nov 23, 2021):

@fpusersuggest commented on Nov 18:

ubuntu 20.04

firejail version 0.9.62

I'd suggest using a more recent version; see:

<!-- gh-comment-id:976418506 --> @kmk3 commented on GitHub (Nov 23, 2021): @fpusersuggest commented [on Nov 18](https://github.com/netblue30/firejail/issues/4698#issue-1057763951): > ubuntu 20.04 > firejail version 0.9.62 I'd suggest using a more recent version; see: * #4663
gitea-mirror commented 2026-05-05 09:25:06 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Nov 29, 2021):

https://bugs.launchpad.net/ubuntu/+source/firejail/+bug/1950683/comments/5:

The problem is discussed in https://github.com/netblue30/firejail/issues/4698 which in turn is marked as a duplicate of https://github.com/netblue30/firejail/issues/3219

The patch mentioned there solves the problem:

$ diff /etc/firejail/firefox-common.profile.orig /etc/firejail/firefox-common.profile
49c49
< seccomp !chroot
---
> seccomp !chroot,!kcmp

Whether that's a good solution security-wise or not I cannot comment on. Upstream recommends to upgrade firejail.

  1. There's no other way, kcmp is required in those cases.
  2. Newer firejail versions do this by default (ed142c62bf).
<!-- gh-comment-id:981743674 --> @rusty-snake commented on GitHub (Nov 29, 2021): https://bugs.launchpad.net/ubuntu/+source/firejail/+bug/1950683/comments/5: > The problem is discussed in https://github.com/netblue30/firejail/issues/4698 which in turn is marked as a duplicate of https://github.com/netblue30/firejail/issues/3219 > > The patch mentioned there solves the problem: > > ``` > $ diff /etc/firejail/firefox-common.profile.orig /etc/firejail/firefox-common.profile > 49c49 > < seccomp !chroot > --- > > seccomp !chroot,!kcmp > ``` > > Whether that's a good solution security-wise or not I cannot comment on. Upstream recommends to upgrade firejail. 1. There's no other way, kcmp is required in those cases. 2. Newer firejail versions do this by default (ed142c62bf5ca01ca5a71a16282a40be8cd45409).
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2754
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?