[GH-ISSUE #4928] keepassxc: cannot access Yubikeys #2822

New issue

Open

opened 2026-05-05 09:28:27 -06:00 by gitea-mirror · 20 comments

gitea-mirror commented 2026-05-05 09:28:27 -06:00

Owner

Copy link

Originally created by @seonwoolee on GitHub (Feb 11, 2022).
Original GitHub issue: https://github.com/netblue30/firejail/issues/4928

Description

I use KeePassXC to open my KeePass database that is protected with a password, key file, and a challenge-response from my Yubikey. After the version 0.9.68 update, KeePassXC can no longer access my Yubikey when run under firejail. I have verified that it works fine when run without firejail.

I saw #4883 and the corresponding PR #4915 to add back nou2f. I have tried putting both ignore nou2f and ignore private-dev in my ~/.config/firejail/keepassxc.local, but it still doesn't work. I also tried commenting out private-dev in /etc/firejail/keepassxc.profile, but that didn't work either. I'm not sure where the problem actually is, as that's the only line in keepassxc.profile that has changed recently. I assume the problem lies in some other file that keepass.profile includes, but I'm not sure which.

Steps to Reproduce

Run firejail keepassxc, select my database, and then attempt to select my Yubikey as my hardware key. In the terminal it outputs the error YubiKey: Failed to initialize USB interface. (full log at the end)

I also tried this without a globals.local or a keepassxc.local, and it didn't work. I also tried this without a globals.local and just ignore nou2f in keepassxc.local, and it still didn't work.

Expected behavior

KeePassXC can access my Yubikey for Challenge-Response authentication

Actual behavior

KeePassXC cannot find my Yubikey

Behavior without a profile

Terminal output is uneventful and KeePassXC successfully finds my Yubikey.

$ LC_ALL=C firejail --noprofile keepassxc
Parent pid 220855, child pid 220856
Warning: cannot find /var/run/utmp
Child process initialized in 15.33 ms

Additional context

This only started occurring after the 0.9.68 update.

Environment

• Arch Linux

firejail version 0.9.68

Compile time support:
        - always force nonewprivs support is disabled
        - AppArmor support is enabled
        - AppImage support is enabled
        - chroot support is enabled
        - D-BUS proxy support is enabled
        - file transfer support is enabled
        - firetunnel support is enabled
        - networking support is enabled
        - output logging is enabled
        - overlayfs support is disabled
        - private-home support is enabled
        - private-cache and tmpfs as user enabled
        - SELinux support is disabled
        - user namespace support is enabled
        - X11 sandboxing support is enabled

Checklist

• The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it).
• I can reproduce the issue without custom modifications (e.g. globals.local).
• The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
• The profile (and redirect profile if exists) hasn't already been fixed upstream.
• I have performed a short search for similar issues (to avoid opening a duplicate).
  • I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.
• I used --profile=PROFILENAME to set the right profile. (Only relevant for AppImages)

Log

Output of LC_ALL=C firejail /path/to/program

$ LC_ALL=C firejail keepassxc
Reading profile /etc/firejail/keepassxc.profile
Reading profile /home/seonwoo/.config/firejail/keepassxc.local
Reading profile /home/seonwoo/.config/firejail/globals.local
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-shell.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-run-common.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Seccomp list in: !name_to_handle_at, check list: @default-keep, prelist: unknown,
Parent pid 216124, child pid 216127
Warning: cannot find /var/run/utmp
3 programs installed in 45.41 ms
Warning: skipping alternatives for private /etc
Private /etc installed in 5.75 ms
Warning: skipping alternatives for private /usr/etc
Warning: skipping fonts for private /usr/etc
Warning: skipping ld.so.cache for private /usr/etc
Warning: skipping ld.so.preload for private /usr/etc
Warning: skipping machine-id for private /usr/etc
Private /usr/etc installed in 0.12 ms
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Warning: not remounting /home/seonwoo/.ssh/authorized_keys
Warning: not remounting /home/seonwoo/.ssh/config
Warning: not remounting /run/user/1000/gvfs
Seccomp list in: !name_to_handle_at, check list: @default-keep, prelist: unknown,
Blacklist violations are logged to syslog
Warning: logind not detected, nogroups command ignored
Warning: cleaning all supplementary groups
Child process initialized in 237.57 ms

(keepassxc:13): dbind-WARNING **: 05:11:35.626: AT-SPI: Error retrieving accessibility bus address: org.freedesktop.DBus.Error.ServiceUnknown: org.freedesktop.DBus.Error.ServiceUnknown
Qt: Session management error: Could not open network socket
YubiKey: Failed to initialize USB interface.

(keepassxc:13): GLib-WARNING **: 05:11:39.049: getpwuid_r(): failed due to unknown user id (1000)

(keepassxc:13): dconf-WARNING **: 05:11:42.592: failed to commit changes to dconf: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: org.freedesktop.DBus.Error.ServiceUnknown

Output of LC_ALL=C firejail --debug /path/to/program

Autoselecting /bin/bash as shell
Building quoted command line: 'keepassxc' 
Command name #keepassxc#
Found keepassxc.profile profile in /etc/firejail directory
Reading profile /etc/firejail/keepassxc.profile
Found keepassxc.local profile in /home/seonwoo/.config/firejail directory
Reading profile /home/seonwoo/.config/firejail/keepassxc.local
Found disable-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-common.inc
Found disable-devel.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-devel.inc
Found disable-exec.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-exec.inc
Found disable-interpreters.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-interpreters.inc
Found disable-programs.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-programs.inc
Found disable-shell.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-shell.inc
Found disable-xdg.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-xdg.inc
Found whitelist-run-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-run-common.inc
Found whitelist-usr-share-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Found whitelist-var-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-var-common.inc
[profile] combined protocol list: "unix"
Seccomp list in: !name_to_handle_at, check list: @default-keep, prelist: unknown,
DISPLAY=:0.0 parsed as 0
xdg-dbus-proxy arg: unix:path=/run/user/1000/bus
xdg-dbus-proxy arg: /run/firejail/dbus/1000/256024-user
xdg-dbus-proxy arg: --filter
xdg-dbus-proxy arg: --own=org.keepassxc.KeePassXC.*
xdg-dbus-proxy arg: --talk=com.canonical.Unity
xdg-dbus-proxy arg: --talk=org.freedesktop.ScreenSaver
xdg-dbus-proxy arg: --talk=org.gnome.ScreenSaver
xdg-dbus-proxy arg: --talk=org.gnome.SessionManager
xdg-dbus-proxy arg: --talk=org.xfce.ScreenSaver
xdg-dbus-proxy arg: unix:path=/run/dbus/system_bus_socket
xdg-dbus-proxy arg: /run/firejail/dbus/1000/256024-system
xdg-dbus-proxy arg: --filter
xdg-dbus-proxy arg: --talk=org.freedesktop.login1
starting xdg-dbus-proxy
sbox exec: /usr/bin/xdg-dbus-proxy --fd=4 --args=5 
Dropping all capabilities
Drop privileges: pid 256025, uid 1000, gid 100, force_nogroups 1
No supplementary groups
xdg-dbus-proxy initialized
Parent pid 256024, child pid 256027
Initializing child process
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp directory
Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file
sbox run: /run/firejail/lib/fnet ifup lo 
Set caps filter 3000
Network namespace enabled, only loopback interface available
Build protocol filter: unix
sbox run: /run/firejail/lib/fseccomp protocol build unix /run/firejail/mnt/seccomp/seccomp.protocol 
Dropping all capabilities
Drop privileges: pid 3, uid 1000, gid 100, force_nogroups 1
No supplementary groups
Mounting /proc filesystem representing the PID namespace
Basic read-only filesystem:
Mounting read-only /etc
1120 541 0:25 /etc /etc ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl
mountid=1120 fsname=/etc dir=/etc fstype=zfs
Mounting noexec /etc
1121 1120 0:25 /etc /etc ro,nosuid,nodev,noexec,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl
mountid=1121 fsname=/etc dir=/etc fstype=zfs
Mounting read-only /var
1129 1122 0:55 / /var/lib/nfs/rpc_pipefs rw,relatime master:94 - rpc_pipefs sunrpc rw
mountid=1129 fsname=/ dir=/var/lib/nfs/rpc_pipefs fstype=rpc_pipefs
Mounting read-only /var/cache
1130 1123 0:43 / /var/cache ro,noatime master:50 - zfs zroot/enc/ephem/no-repl/var/cache rw,xattr,posixacl
mountid=1130 fsname=/ dir=/var/cache fstype=zfs
Mounting read-only /var/tmp
1131 1125 0:44 / /var/tmp ro,noatime master:54 - zfs zroot/enc/ephem/no-repl/var/tmp rw,xattr,posixacl
mountid=1131 fsname=/ dir=/var/tmp fstype=zfs
Mounting read-only /var/log
1132 1126 0:45 / /var/log ro,noatime master:56 - zfs zroot/enc/ephem/no-repl/var/log rw,xattr,posixacl
mountid=1132 fsname=/ dir=/var/log fstype=zfs
Mounting read-only /var/lib/systemd/coredump
1134 1127 0:42 / /var/lib/systemd/coredump ro,noatime master:58 - zfs zroot/enc/ephem/no-repl/coredump rw,xattr,posixacl
mountid=1134 fsname=/ dir=/var/lib/systemd/coredump fstype=zfs
Mounting read-only /var/lib/docker
1135 1128 0:46 / /var/lib/docker ro,noatime master:62 - zfs zroot/enc/ephem/no-repl/docker rw,xattr,posixacl
mountid=1135 fsname=/ dir=/var/lib/docker fstype=zfs
Mounting read-only /var/lib/nfs/rpc_pipefs
1136 1129 0:55 / /var/lib/nfs/rpc_pipefs ro,relatime master:94 - rpc_pipefs sunrpc rw
mountid=1136 fsname=/ dir=/var/lib/nfs/rpc_pipefs fstype=rpc_pipefs
Mounting noexec /var
1149 1148 0:55 / /var/lib/nfs/rpc_pipefs ro,relatime master:94 - rpc_pipefs sunrpc rw
mountid=1149 fsname=/ dir=/var/lib/nfs/rpc_pipefs fstype=rpc_pipefs
Mounting noexec /var/cache
1150 1139 0:43 / /var/cache ro,nosuid,nodev,noexec,noatime master:50 - zfs zroot/enc/ephem/no-repl/var/cache rw,xattr,posixacl
mountid=1150 fsname=/ dir=/var/cache fstype=zfs
Mounting noexec /var/tmp
1151 1141 0:44 / /var/tmp ro,nosuid,nodev,noexec,noatime master:54 - zfs zroot/enc/ephem/no-repl/var/tmp rw,xattr,posixacl
mountid=1151 fsname=/ dir=/var/tmp fstype=zfs
Mounting noexec /var/log
1152 1143 0:45 / /var/log ro,nosuid,nodev,noexec,noatime master:56 - zfs zroot/enc/ephem/no-repl/var/log rw,xattr,posixacl
mountid=1152 fsname=/ dir=/var/log fstype=zfs
Mounting noexec /var/lib/systemd/coredump
1153 1145 0:42 / /var/lib/systemd/coredump ro,nosuid,nodev,noexec,noatime master:58 - zfs zroot/enc/ephem/no-repl/coredump rw,xattr,posixacl
mountid=1153 fsname=/ dir=/var/lib/systemd/coredump fstype=zfs
Mounting noexec /var/lib/docker
1154 1147 0:46 / /var/lib/docker ro,nosuid,nodev,noexec,noatime master:62 - zfs zroot/enc/ephem/no-repl/docker rw,xattr,posixacl
mountid=1154 fsname=/ dir=/var/lib/docker fstype=zfs
Mounting noexec /var/lib/nfs/rpc_pipefs
1155 1149 0:55 / /var/lib/nfs/rpc_pipefs ro,nosuid,nodev,noexec,relatime master:94 - rpc_pipefs sunrpc rw
mountid=1155 fsname=/ dir=/var/lib/nfs/rpc_pipefs fstype=rpc_pipefs
Mounting read-only /usr
1158 1156 0:47 / /usr/local/texlive rw,noatime master:66 - zfs zroot/enc/ephem/local-repl/texlive rw,xattr,posixacl
mountid=1158 fsname=/ dir=/usr/local/texlive fstype=zfs
Mounting read-only /usr/local/texlive
1160 1158 0:47 / /usr/local/texlive ro,noatime master:66 - zfs zroot/enc/ephem/local-repl/texlive rw,xattr,posixacl
mountid=1160 fsname=/ dir=/usr/local/texlive fstype=zfs
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Warning: cannot find /var/run/utmp
Generating a new machine-id
installing a new /etc/machine-id
Cleaning /home directory
Cleaning /run/user directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /home/seonwoo/.config/firejail
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/profile
Disable /run/firejail/x11
Copying files in the new bin directory
Checking /usr/local/bin/keepassxc
Checking /usr/bin/keepassxc
sbox run: /run/firejail/lib/fcopy /usr/bin/keepassxc /run/firejail/mnt/bin 
Checking /usr/local/bin/keepassxc-cli
Checking /usr/bin/keepassxc-cli
sbox run: /run/firejail/lib/fcopy /usr/bin/keepassxc-cli /run/firejail/mnt/bin 
Checking /usr/local/bin/keepassxc-proxy
Checking /usr/bin/keepassxc-proxy
sbox run: /run/firejail/lib/fcopy /usr/bin/keepassxc-proxy /run/firejail/mnt/bin 
Mount-bind /run/firejail/mnt/bin on top of /usr/local/bin
Mount-bind /run/firejail/mnt/bin on top of /usr/bin
Mount-bind /run/firejail/mnt/bin on top of /bin
Mount-bind /run/firejail/mnt/bin on top of /usr/local/games
Mount-bind /run/firejail/mnt/bin on top of /usr/local/sbin
Mount-bind /run/firejail/mnt/bin on top of /usr/sbin
Mount-bind /run/firejail/mnt/bin on top of /sbin
3 programs installed in 41.01 ms
Generate private-tmp whitelist commands
Creating empty /run/firejail/mnt/dbus directory
Creating empty /run/firejail/mnt/dbus/user file
blacklist /run/user/1000/bus
Creating empty /run/firejail/mnt/dbus/system file
blacklist /run/dbus/system_bus_socket
blacklist /run/firejail/dbus
Mounting read-only /proc/sys
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/power
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/timer_list
Disable /proc/kallsyms
Disable /usr/lib/modules/5.16.8-arch1-1/build (requested /usr/src/linux)
Disable /usr/lib/modules (requested /lib/modules)
Disable /boot
Disable /run/user/1000/gnupg
Disable /run/user/1000/systemd
Disable /dev/kmsg
Disable /proc/kmsg
Copying files in the new /etc directory:
Warning: file /etc/alternatives not found.
Warning: skipping alternatives for private /etc
Copying /etc/fonts to private /etc
Creating empty /run/firejail/mnt/etc/fonts directory
sbox run: /run/firejail/lib/fcopy --follow-link /etc/fonts /run/firejail/mnt/etc/fonts 
Copying /etc/ld.so.cache to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/ld.so.cache /run/firejail/mnt/etc 
Copying /etc/ld.so.preload to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/ld.so.preload /run/firejail/mnt/etc 
Copying /etc/machine-id to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/machine-id /run/firejail/mnt/etc 
Mount-bind /run/firejail/mnt/etc on top of /etc
Private /etc installed in 5.66 ms
Copying files in the new /usr/etc directory:
Warning: file /usr/etc/alternatives not found.
Warning: skipping alternatives for private /usr/etc
Warning: file /usr/etc/fonts not found.
Warning: skipping fonts for private /usr/etc
Warning: file /usr/etc/ld.so.cache not found.
Warning: skipping ld.so.cache for private /usr/etc
Warning: file /usr/etc/ld.so.preload not found.
Warning: skipping ld.so.preload for private /usr/etc
Warning: file /usr/etc/machine-id not found.
Warning: skipping machine-id for private /usr/etc
Mount-bind /run/firejail/mnt/usretc on top of /usr/etc
Private /usr/etc installed in 0.14 ms
Debug 558: whitelist /usr/share/keepassxc
Debug 579: expanded: /usr/share/keepassxc
Debug 590: new_name: /usr/share/keepassxc
Debug 604: dir: /usr/share
Adding whitelist top level directory /usr/share
Debug 558: whitelist /run/NetworkManager/resolv.conf
Debug 579: expanded: /run/NetworkManager/resolv.conf
Debug 590: new_name: /run/NetworkManager/resolv.conf
Debug 604: dir: /run
Adding whitelist top level directory /run
Removed path: whitelist /run/NetworkManager/resolv.conf
	new_name: /run/NetworkManager/resolv.conf
	realpath: (null)
	No such file or directory
Debug 558: whitelist /run/cups/cups.sock
Debug 579: expanded: /run/cups/cups.sock
Debug 590: new_name: /run/cups/cups.sock
Debug 604: dir: /run
Debug 558: whitelist /run/dbus/system_bus_socket
Debug 579: expanded: /run/dbus/system_bus_socket
Debug 590: new_name: /run/dbus/system_bus_socket
Debug 604: dir: /run
Debug 558: whitelist /run/media
Debug 579: expanded: /run/media
Debug 590: new_name: /run/media
Debug 604: dir: /run
Removed path: whitelist /run/media
	new_name: /run/media
	realpath: (null)
	No such file or directory
Debug 558: whitelist /run/resolvconf/resolv.conf
Debug 579: expanded: /run/resolvconf/resolv.conf
Debug 590: new_name: /run/resolvconf/resolv.conf
Debug 604: dir: /run
Removed path: whitelist /run/resolvconf/resolv.conf
	new_name: /run/resolvconf/resolv.conf
	realpath: (null)
	No such file or directory
Debug 558: whitelist /run/shm
Debug 579: expanded: /run/shm
Debug 590: new_name: /run/shm
Debug 604: dir: /run
Removed path: whitelist /run/shm
	new_name: /run/shm
	realpath: (null)
	No such file or directory
Debug 558: whitelist /run/systemd/journal/dev-log
Debug 579: expanded: /run/systemd/journal/dev-log
Debug 590: new_name: /run/systemd/journal/dev-log
Debug 604: dir: /run
Debug 558: whitelist /run/systemd/journal/socket
Debug 579: expanded: /run/systemd/journal/socket
Debug 590: new_name: /run/systemd/journal/socket
Debug 604: dir: /run
Debug 558: whitelist /run/systemd/resolve/resolv.conf
Debug 579: expanded: /run/systemd/resolve/resolv.conf
Debug 590: new_name: /run/systemd/resolve/resolv.conf
Debug 604: dir: /run
Removed path: whitelist /run/systemd/resolve/resolv.conf
	new_name: /run/systemd/resolve/resolv.conf
	realpath: (null)
	No such file or directory
Debug 558: whitelist /run/systemd/resolve/stub-resolv.conf
Debug 579: expanded: /run/systemd/resolve/stub-resolv.conf
Debug 590: new_name: /run/systemd/resolve/stub-resolv.conf
Debug 604: dir: /run
Removed path: whitelist /run/systemd/resolve/stub-resolv.conf
	new_name: /run/systemd/resolve/stub-resolv.conf
	realpath: (null)
	No such file or directory
Debug 558: whitelist /run/udev/data
Debug 579: expanded: /run/udev/data
Debug 590: new_name: /run/udev/data
Debug 604: dir: /run
Debug 558: whitelist /usr/share/alsa
Debug 579: expanded: /usr/share/alsa
Debug 590: new_name: /usr/share/alsa
Debug 604: dir: /usr/share
Debug 558: whitelist /usr/share/applications
Debug 579: expanded: /usr/share/applications
Debug 590: new_name: /usr/share/applications
Debug 604: dir: /usr/share
Debug 558: whitelist /usr/share/ca-certificates
Debug 579: expanded: /usr/share/ca-certificates
Debug 590: new_name: /usr/share/ca-certificates
Debug 604: dir: /usr/share
Debug 558: whitelist /usr/share/crypto-policies
Debug 579: expanded: /usr/share/crypto-policies
Debug 590: new_name: /usr/share/crypto-policies
Debug 604: dir: /usr/share
Removed path: whitelist /usr/share/crypto-policies
	new_name: /usr/share/crypto-policies
	realpath: (null)
	No such file or directory
Debug 558: whitelist /usr/share/cursors
Debug 579: expanded: /usr/share/cursors
Debug 590: new_name: /usr/share/cursors
Debug 604: dir: /usr/share
Removed path: whitelist /usr/share/cursors
	new_name: /usr/share/cursors
	realpath: (null)
	No such file or directory
Debug 558: whitelist /usr/share/dconf
Debug 579: expanded: /usr/share/dconf
Debug 590: new_name: /usr/share/dconf
Debug 604: dir: /usr/share
Removed path: whitelist /usr/share/dconf
	new_name: /usr/share/dconf
	realpath: (null)
	No such file or directory
Debug 558: whitelist /usr/share/distro-info
Debug 579: expanded: /usr/share/distro-info
Debug 590: new_name: /usr/share/distro-info
Debug 604: dir: /usr/share
Removed path: whitelist /usr/share/distro-info
	new_name: /usr/share/distro-info
	realpath: (null)
	No such file or directory
Debug 558: whitelist /usr/share/drirc.d
Debug 579: expanded: /usr/share/drirc.d
Debug 590: new_name: /usr/share/drirc.d
Debug 604: dir: /usr/share
Debug 558: whitelist /usr/share/egl
Debug 579: expanded: /usr/share/egl
Debug 590: new_name: /usr/share/egl
Debug 604: dir: /usr/share
Debug 558: whitelist /usr/share/enchant
Debug 579: expanded: /usr/share/enchant
Debug 590: new_name: /usr/share/enchant
Debug 604: dir: /usr/share
Debug 558: whitelist /usr/share/enchant-2
Debug 579: expanded: /usr/share/enchant-2
Debug 590: new_name: /usr/share/enchant-2
Debug 604: dir: /usr/share
Removed path: whitelist /usr/share/enchant-2
	new_name: /usr/share/enchant-2
	realpath: (null)
	No such file or directory
Debug 558: whitelist /usr/share/file
Debug 579: expanded: /usr/share/file
Debug 590: new_name: /usr/share/file
Debug 604: dir: /usr/share
Debug 558: whitelist /usr/share/fontconfig
Debug 579: expanded: /usr/share/fontconfig
Debug 590: new_name: /usr/share/fontconfig
Debug 604: dir: /usr/share
Debug 558: whitelist /usr/share/fonts
Debug 579: expanded: /usr/share/fonts
Debug 590: new_name: /usr/share/fonts
Debug 604: dir: /usr/share
Debug 558: whitelist /usr/share/fonts-config
Debug 579: expanded: /usr/share/fonts-config
Debug 590: new_name: /usr/share/fonts-config
Debug 604: dir: /usr/share
Removed path: whitelist /usr/share/fonts-config
	new_name: /usr/share/fonts-config
	realpath: (null)
	No such file or directory
Debug 558: whitelist /usr/share/gir-1.0
Debug 579: expanded: /usr/share/gir-1.0
Debug 590: new_name: /usr/share/gir-1.0
Debug 604: dir: /usr/share
Debug 558: whitelist /usr/share/gjs-1.0
Debug 579: expanded: /usr/share/gjs-1.0
Debug 590: new_name: /usr/share/gjs-1.0
Debug 604: dir: /usr/share
Removed path: whitelist /usr/share/gjs-1.0
	new_name: /usr/share/gjs-1.0
	realpath: (null)
	No such file or directory
Debug 558: whitelist /usr/share/glib-2.0
Debug 579: expanded: /usr/share/glib-2.0
Debug 590: new_name: /usr/share/glib-2.0
Debug 604: dir: /usr/share
Debug 558: whitelist /usr/share/glvnd
Debug 579: expanded: /usr/share/glvnd
Debug 590: new_name: /usr/share/glvnd
Debug 604: dir: /usr/share
Debug 558: whitelist /usr/share/gtk-2.0
Debug 579: expanded: /usr/share/gtk-2.0
Debug 590: new_name: /usr/share/gtk-2.0
Debug 604: dir: /usr/share
Debug 558: whitelist /usr/share/gtk-3.0
Debug 579: expanded: /usr/share/gtk-3.0
Debug 590: new_name: /usr/share/gtk-3.0
Debug 604: dir: /usr/share
Debug 558: whitelist /usr/share/gtk-engines
Debug 579: expanded: /usr/share/gtk-engines
Debug 590: new_name: /usr/share/gtk-engines
Debug 604: dir: /usr/share
Removed path: whitelist /usr/share/gtk-engines
	new_name: /usr/share/gtk-engines
	realpath: (null)
	No such file or directory
Debug 558: whitelist /usr/share/gtksourceview-3.0
Debug 579: expanded: /usr/share/gtksourceview-3.0
Debug 590: new_name: /usr/share/gtksourceview-3.0
Debug 604: dir: /usr/share
Removed path: whitelist /usr/share/gtksourceview-3.0
	new_name: /usr/share/gtksourceview-3.0
	realpath: (null)
	No such file or directory
Debug 558: whitelist /usr/share/gtksourceview-4
Debug 579: expanded: /usr/share/gtksourceview-4
Debug 590: new_name: /usr/share/gtksourceview-4
Debug 604: dir: /usr/share
Debug 558: whitelist /usr/share/hunspell
Debug 579: expanded: /usr/share/hunspell
Debug 590: new_name: /usr/share/hunspell
Debug 604: dir: /usr/share
Debug 558: whitelist /usr/share/hwdata
Debug 579: expanded: /usr/share/hwdata
Debug 590: new_name: /usr/share/hwdata
Debug 604: dir: /usr/share
Debug 558: whitelist /usr/share/icons
Debug 579: expanded: /usr/share/icons
Debug 590: new_name: /usr/share/icons
Debug 604: dir: /usr/share
Debug 558: whitelist /usr/share/icu
Debug 579: expanded: /usr/share/icu
Debug 590: new_name: /usr/share/icu
Debug 604: dir: /usr/share
Debug 558: whitelist /usr/share/knotifications5
Debug 579: expanded: /usr/share/knotifications5
Debug 590: new_name: /usr/share/knotifications5
Debug 604: dir: /usr/share
Removed path: whitelist /usr/share/knotifications5
	new_name: /usr/share/knotifications5
	realpath: (null)
	No such file or directory
Debug 558: whitelist /usr/share/kservices5
Debug 579: expanded: /usr/share/kservices5
Debug 590: new_name: /usr/share/kservices5
Debug 604: dir: /usr/share
Debug 558: whitelist /usr/share/Kvantum
Debug 579: expanded: /usr/share/Kvantum
Debug 590: new_name: /usr/share/Kvantum
Debug 604: dir: /usr/share
Removed path: whitelist /usr/share/Kvantum
	new_name: /usr/share/Kvantum
	realpath: (null)
	No such file or directory
Debug 558: whitelist /usr/share/kxmlgui5
Debug 579: expanded: /usr/share/kxmlgui5
Debug 590: new_name: /usr/share/kxmlgui5
Debug 604: dir: /usr/share
Removed path: whitelist /usr/share/kxmlgui5
	new_name: /usr/share/kxmlgui5
	realpath: (null)
	No such file or directory
Debug 558: whitelist /usr/share/libdrm
Debug 579: expanded: /usr/share/libdrm
Debug 590: new_name: /usr/share/libdrm
Debug 604: dir: /usr/share
Debug 558: whitelist /usr/share/libthai
Debug 579: expanded: /usr/share/libthai
Debug 590: new_name: /usr/share/libthai
Debug 604: dir: /usr/share
Debug 558: whitelist /usr/share/locale
Debug 579: expanded: /usr/share/locale
Debug 590: new_name: /usr/share/locale
Debug 604: dir: /usr/share
Debug 558: whitelist /usr/share/mime
Debug 579: expanded: /usr/share/mime
Debug 590: new_name: /usr/share/mime
Debug 604: dir: /usr/share
Debug 558: whitelist /usr/share/misc
Debug 579: expanded: /usr/share/misc
Debug 590: new_name: /usr/share/misc
Debug 604: dir: /usr/share
Debug 558: whitelist /usr/share/Modules
Debug 579: expanded: /usr/share/Modules
Debug 590: new_name: /usr/share/Modules
Debug 604: dir: /usr/share
Removed path: whitelist /usr/share/Modules
	new_name: /usr/share/Modules
	realpath: (null)
	No such file or directory
Debug 558: whitelist /usr/share/myspell
Debug 579: expanded: /usr/share/myspell
Debug 590: new_name: /usr/share/myspell
Debug 604: dir: /usr/share
Debug 558: whitelist /usr/share/p11-kit
Debug 579: expanded: /usr/share/p11-kit
Debug 590: new_name: /usr/share/p11-kit
Debug 604: dir: /usr/share
Debug 558: whitelist /usr/share/perl
Debug 579: expanded: /usr/share/perl
Debug 590: new_name: /usr/share/perl
Debug 604: dir: /usr/share
Removed path: whitelist /usr/share/perl
	new_name: /usr/share/perl
	realpath: (null)
	No such file or directory
Debug 558: whitelist /usr/share/perl5
Debug 579: expanded: /usr/share/perl5
Debug 590: new_name: /usr/share/perl5
Debug 604: dir: /usr/share
Debug 558: whitelist /usr/share/pipewire
Debug 579: expanded: /usr/share/pipewire
Debug 590: new_name: /usr/share/pipewire
Debug 604: dir: /usr/share
Debug 558: whitelist /usr/share/pixmaps
Debug 579: expanded: /usr/share/pixmaps
Debug 590: new_name: /usr/share/pixmaps
Debug 604: dir: /usr/share
Debug 558: whitelist /usr/share/pki
Debug 579: expanded: /usr/share/pki
Debug 590: new_name: /usr/share/pki
Debug 604: dir: /usr/share
Removed path: whitelist /usr/share/pki
	new_name: /usr/share/pki
	realpath: (null)
	No such file or directory
Debug 558: whitelist /usr/share/plasma
Debug 579: expanded: /usr/share/plasma
Debug 590: new_name: /usr/share/plasma
Debug 604: dir: /usr/share
Removed path: whitelist /usr/share/plasma
	new_name: /usr/share/plasma
	realpath: (null)
	No such file or directory
Debug 558: whitelist /usr/share/publicsuffix
Debug 579: expanded: /usr/share/publicsuffix
Debug 590: new_name: /usr/share/publicsuffix
Debug 604: dir: /usr/share
Removed path: whitelist /usr/share/publicsuffix
	new_name: /usr/share/publicsuffix
	realpath: (null)
	No such file or directory
Debug 558: whitelist /usr/share/qt
Debug 579: expanded: /usr/share/qt
Debug 590: new_name: /usr/share/qt
Debug 604: dir: /usr/share
Debug 558: whitelist /usr/share/qt4
Debug 579: expanded: /usr/share/qt4
Debug 590: new_name: /usr/share/qt4
Debug 604: dir: /usr/share
Removed path: whitelist /usr/share/qt4
	new_name: /usr/share/qt4
	realpath: (null)
	No such file or directory
Debug 558: whitelist /usr/share/qt5
Debug 579: expanded: /usr/share/qt5
Debug 590: new_name: /usr/share/qt5
Debug 604: dir: /usr/share
Removed path: whitelist /usr/share/qt5
	new_name: /usr/share/qt5
	realpath: (null)
	No such file or directory
Debug 558: whitelist /usr/share/qt5ct
Debug 579: expanded: /usr/share/qt5ct
Debug 590: new_name: /usr/share/qt5ct
Debug 604: dir: /usr/share
Removed path: whitelist /usr/share/qt5ct
	new_name: /usr/share/qt5ct
	realpath: (null)
	No such file or directory
Debug 558: whitelist /usr/share/sounds
Debug 579: expanded: /usr/share/sounds
Debug 590: new_name: /usr/share/sounds
Debug 604: dir: /usr/share
Debug 558: whitelist /usr/share/tcl8.6
Debug 579: expanded: /usr/share/tcl8.6
Debug 590: new_name: /usr/share/tcl8.6
Debug 604: dir: /usr/share
Removed path: whitelist /usr/share/tcl8.6
	new_name: /usr/share/tcl8.6
	realpath: (null)
	No such file or directory
Debug 558: whitelist /usr/share/tcltk
Debug 579: expanded: /usr/share/tcltk
Debug 590: new_name: /usr/share/tcltk
Debug 604: dir: /usr/share
Removed path: whitelist /usr/share/tcltk
	new_name: /usr/share/tcltk
	realpath: (null)
	No such file or directory
Debug 558: whitelist /usr/share/terminfo
Debug 579: expanded: /usr/share/terminfo
Debug 590: new_name: /usr/share/terminfo
Debug 604: dir: /usr/share
Debug 558: whitelist /usr/share/texlive
Debug 579: expanded: /usr/share/texlive
Debug 590: new_name: /usr/share/texlive
Debug 604: dir: /usr/share
Removed path: whitelist /usr/share/texlive
	new_name: /usr/share/texlive
	realpath: (null)
	No such file or directory
Debug 558: whitelist /usr/share/texmf
Debug 579: expanded: /usr/share/texmf
Debug 590: new_name: /usr/share/texmf
Debug 604: dir: /usr/share
Removed path: whitelist /usr/share/texmf
	new_name: /usr/share/texmf
	realpath: (null)
	No such file or directory
Debug 558: whitelist /usr/share/themes
Debug 579: expanded: /usr/share/themes
Debug 590: new_name: /usr/share/themes
Debug 604: dir: /usr/share
Debug 558: whitelist /usr/share/thumbnail.so
Debug 579: expanded: /usr/share/thumbnail.so
Debug 590: new_name: /usr/share/thumbnail.so
Debug 604: dir: /usr/share
Removed path: whitelist /usr/share/thumbnail.so
	new_name: /usr/share/thumbnail.so
	realpath: (null)
	No such file or directory
Debug 558: whitelist /usr/share/uim
Debug 579: expanded: /usr/share/uim
Debug 590: new_name: /usr/share/uim
Debug 604: dir: /usr/share
Removed path: whitelist /usr/share/uim
	new_name: /usr/share/uim
	realpath: (null)
	No such file or directory
Debug 558: whitelist /usr/share/vulkan
Debug 579: expanded: /usr/share/vulkan
Debug 590: new_name: /usr/share/vulkan
Debug 604: dir: /usr/share
Debug 558: whitelist /usr/share/X11
Debug 579: expanded: /usr/share/X11
Debug 590: new_name: /usr/share/X11
Debug 604: dir: /usr/share
Debug 558: whitelist /usr/share/xml
Debug 579: expanded: /usr/share/xml
Debug 590: new_name: /usr/share/xml
Debug 604: dir: /usr/share
Debug 558: whitelist /usr/share/zenity
Debug 579: expanded: /usr/share/zenity
Debug 590: new_name: /usr/share/zenity
Debug 604: dir: /usr/share
Debug 558: whitelist /usr/share/zoneinfo
Debug 579: expanded: /usr/share/zoneinfo
Debug 590: new_name: /usr/share/zoneinfo
Debug 604: dir: /usr/share
Debug 558: whitelist /var/lib/aspell
Debug 579: expanded: /var/lib/aspell
Debug 590: new_name: /var/lib/aspell
Debug 604: dir: /var
Adding whitelist top level directory /var
Removed path: whitelist /var/lib/aspell
	new_name: /var/lib/aspell
	realpath: (null)
	No such file or directory
Debug 558: whitelist /var/lib/ca-certificates
Debug 579: expanded: /var/lib/ca-certificates
Debug 590: new_name: /var/lib/ca-certificates
Debug 604: dir: /var
Removed path: whitelist /var/lib/ca-certificates
	new_name: /var/lib/ca-certificates
	realpath: (null)
	No such file or directory
Debug 558: whitelist /var/lib/dbus
Debug 579: expanded: /var/lib/dbus
Debug 590: new_name: /var/lib/dbus
Debug 604: dir: /var
Debug 558: whitelist /var/lib/menu-xdg
Debug 579: expanded: /var/lib/menu-xdg
Debug 590: new_name: /var/lib/menu-xdg
Debug 604: dir: /var
Removed path: whitelist /var/lib/menu-xdg
	new_name: /var/lib/menu-xdg
	realpath: (null)
	No such file or directory
Debug 558: whitelist /var/lib/uim
Debug 579: expanded: /var/lib/uim
Debug 590: new_name: /var/lib/uim
Debug 604: dir: /var
Removed path: whitelist /var/lib/uim
	new_name: /var/lib/uim
	realpath: (null)
	No such file or directory
Debug 558: whitelist /var/cache/fontconfig
Debug 579: expanded: /var/cache/fontconfig
Debug 590: new_name: /var/cache/fontconfig
Debug 604: dir: /var
Debug 558: whitelist /var/tmp
Debug 579: expanded: /var/tmp
Debug 590: new_name: /var/tmp
Debug 604: dir: /var
Debug 558: whitelist /var/run
Debug 579: expanded: /var/run
Debug 590: new_name: /var/run
Debug 604: dir: /var
Debug 558: whitelist /var/lock
Debug 579: expanded: /var/lock
Debug 590: new_name: /var/lock
Debug 604: dir: /var
Debug 558: whitelist /tmp/.X11-unix
Debug 579: expanded: /tmp/.X11-unix
Debug 590: new_name: /tmp/.X11-unix
Debug 604: dir: /tmp
Adding whitelist top level directory /tmp
Debug 558: whitelist /tmp/sndio
Debug 579: expanded: /tmp/sndio
Debug 590: new_name: /tmp/sndio
Debug 604: dir: /tmp
Removed path: whitelist /tmp/sndio
	new_name: /tmp/sndio
	realpath: (null)
	No such file or directory
Mounting tmpfs on /usr/share, check owner: no
1213 1156 0:89 / /usr/share rw,nosuid,nodev,relatime - tmpfs tmpfs rw,mode=755,inode64
mountid=1213 fsname=/ dir=/usr/share fstype=tmpfs
Mounting tmpfs on /run, check owner: no
1214 1067 0:90 / /run rw,nosuid,nodev,relatime - tmpfs tmpfs rw,mode=755,inode64
mountid=1214 fsname=/ dir=/run fstype=tmpfs
Whitelisting /run/user/1000
1236 1232 0:23 /firejail/firejail.ro.dir /run/user/1000/systemd rw,nosuid,nodev,relatime master:15 - tmpfs run rw,mode=755,inode64
mountid=1236 fsname=/firejail/firejail.ro.dir dir=/run/user/1000/systemd fstype=tmpfs
Mounting tmpfs on /var, check owner: no
1237 1137 0:130 / /var rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,mode=755,inode64
mountid=1237 fsname=/ dir=/var fstype=tmpfs
Mounting tmpfs on /tmp, check owner: no
1238 1084 0:133 / /tmp rw,nosuid,nodev,noatime - tmpfs tmpfs rw,inode64
mountid=1238 fsname=/ dir=/tmp fstype=tmpfs
Debug 739: file: /usr/share/keepassxc; dirfd: 5; topdir: /usr/share; rel: keepassxc
Whitelisting /usr/share/keepassxc
1239 1213 0:25 /usr/share/keepassxc /usr/share/keepassxc ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl
mountid=1239 fsname=/usr/share/keepassxc dir=/usr/share/keepassxc fstype=zfs
Debug 739: file: /run/cups/cups.sock; dirfd: 6; topdir: /run; rel: cups/cups.sock
Whitelisting /run/cups/cups.sock
1240 1214 0:23 /cups/cups.sock /run/cups/cups.sock rw,nosuid,nodev,relatime master:15 - tmpfs run rw,mode=755,inode64
mountid=1240 fsname=/cups/cups.sock dir=/run/cups/cups.sock fstype=tmpfs
Debug 739: file: /run/dbus/system_bus_socket; dirfd: 6; topdir: /run; rel: dbus/system_bus_socket
Whitelisting /run/dbus/system_bus_socket
1241 1214 0:23 /firejail/firejail.ro.file /run/dbus/system_bus_socket rw,nosuid,nodev,relatime master:15 - tmpfs run rw,mode=755,inode64
mountid=1241 fsname=/firejail/firejail.ro.file dir=/run/dbus/system_bus_socket fstype=tmpfs
Debug 739: file: /run/systemd/journal/dev-log; dirfd: 6; topdir: /run; rel: systemd/journal/dev-log
Whitelisting /run/systemd/journal/dev-log
1242 1214 0:23 /systemd/journal/dev-log /run/systemd/journal/dev-log rw,nosuid,nodev,relatime master:15 - tmpfs run rw,mode=755,inode64
mountid=1242 fsname=/systemd/journal/dev-log dir=/run/systemd/journal/dev-log fstype=tmpfs
Debug 739: file: /run/systemd/journal/socket; dirfd: 6; topdir: /run; rel: systemd/journal/socket
Whitelisting /run/systemd/journal/socket
1243 1214 0:23 /systemd/journal/socket /run/systemd/journal/socket rw,nosuid,nodev,relatime master:15 - tmpfs run rw,mode=755,inode64
mountid=1243 fsname=/systemd/journal/socket dir=/run/systemd/journal/socket fstype=tmpfs
Debug 739: file: /run/udev/data; dirfd: 6; topdir: /run; rel: udev/data
Whitelisting /run/udev/data
1244 1214 0:23 /udev/data /run/udev/data rw,nosuid,nodev,relatime master:15 - tmpfs run rw,mode=755,inode64
mountid=1244 fsname=/udev/data dir=/run/udev/data fstype=tmpfs
Debug 739: file: /usr/share/alsa; dirfd: 5; topdir: /usr/share; rel: alsa
Whitelisting /usr/share/alsa
1245 1213 0:25 /usr/share/alsa /usr/share/alsa ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl
mountid=1245 fsname=/usr/share/alsa dir=/usr/share/alsa fstype=zfs
Debug 739: file: /usr/share/applications; dirfd: 5; topdir: /usr/share; rel: applications
Whitelisting /usr/share/applications
1246 1213 0:25 /usr/share/applications /usr/share/applications ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl
mountid=1246 fsname=/usr/share/applications dir=/usr/share/applications fstype=zfs
Debug 739: file: /usr/share/ca-certificates; dirfd: 5; topdir: /usr/share; rel: ca-certificates
Whitelisting /usr/share/ca-certificates
1247 1213 0:25 /usr/share/ca-certificates /usr/share/ca-certificates ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl
mountid=1247 fsname=/usr/share/ca-certificates dir=/usr/share/ca-certificates fstype=zfs
Debug 739: file: /usr/share/drirc.d; dirfd: 5; topdir: /usr/share; rel: drirc.d
Whitelisting /usr/share/drirc.d
1248 1213 0:25 /usr/share/drirc.d /usr/share/drirc.d ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl
mountid=1248 fsname=/usr/share/drirc.d dir=/usr/share/drirc.d fstype=zfs
Debug 739: file: /usr/share/egl; dirfd: 5; topdir: /usr/share; rel: egl
Whitelisting /usr/share/egl
1249 1213 0:25 /usr/share/egl /usr/share/egl ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl
mountid=1249 fsname=/usr/share/egl dir=/usr/share/egl fstype=zfs
Debug 739: file: /usr/share/enchant; dirfd: 5; topdir: /usr/share; rel: enchant
Whitelisting /usr/share/enchant
1250 1213 0:25 /usr/share/enchant /usr/share/enchant ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl
mountid=1250 fsname=/usr/share/enchant dir=/usr/share/enchant fstype=zfs
Debug 739: file: /usr/share/file; dirfd: 5; topdir: /usr/share; rel: file
Whitelisting /usr/share/file
1251 1213 0:25 /usr/share/file /usr/share/file ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl
mountid=1251 fsname=/usr/share/file dir=/usr/share/file fstype=zfs
Debug 739: file: /usr/share/fontconfig; dirfd: 5; topdir: /usr/share; rel: fontconfig
Whitelisting /usr/share/fontconfig
1252 1213 0:25 /usr/share/fontconfig /usr/share/fontconfig ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl
mountid=1252 fsname=/usr/share/fontconfig dir=/usr/share/fontconfig fstype=zfs
Debug 739: file: /usr/share/fonts; dirfd: 5; topdir: /usr/share; rel: fonts
Whitelisting /usr/share/fonts
1253 1213 0:25 /usr/share/fonts /usr/share/fonts ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl
mountid=1253 fsname=/usr/share/fonts dir=/usr/share/fonts fstype=zfs
Debug 739: file: /usr/share/gir-1.0; dirfd: 5; topdir: /usr/share; rel: gir-1.0
Whitelisting /usr/share/gir-1.0
1254 1213 0:25 /usr/share/gir-1.0 /usr/share/gir-1.0 ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl
mountid=1254 fsname=/usr/share/gir-1.0 dir=/usr/share/gir-1.0 fstype=zfs
Debug 739: file: /usr/share/glib-2.0; dirfd: 5; topdir: /usr/share; rel: glib-2.0
Whitelisting /usr/share/glib-2.0
1255 1213 0:25 /usr/share/glib-2.0 /usr/share/glib-2.0 ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl
mountid=1255 fsname=/usr/share/glib-2.0 dir=/usr/share/glib-2.0 fstype=zfs
Debug 739: file: /usr/share/glvnd; dirfd: 5; topdir: /usr/share; rel: glvnd
Whitelisting /usr/share/glvnd
1256 1213 0:25 /usr/share/glvnd /usr/share/glvnd ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl
mountid=1256 fsname=/usr/share/glvnd dir=/usr/share/glvnd fstype=zfs
Debug 739: file: /usr/share/gtk-2.0; dirfd: 5; topdir: /usr/share; rel: gtk-2.0
Whitelisting /usr/share/gtk-2.0
1257 1213 0:25 /usr/share/gtk-2.0 /usr/share/gtk-2.0 ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl
mountid=1257 fsname=/usr/share/gtk-2.0 dir=/usr/share/gtk-2.0 fstype=zfs
Debug 739: file: /usr/share/gtk-3.0; dirfd: 5; topdir: /usr/share; rel: gtk-3.0
Whitelisting /usr/share/gtk-3.0
1258 1213 0:25 /usr/share/gtk-3.0 /usr/share/gtk-3.0 ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl
mountid=1258 fsname=/usr/share/gtk-3.0 dir=/usr/share/gtk-3.0 fstype=zfs
Debug 739: file: /usr/share/gtksourceview-4; dirfd: 5; topdir: /usr/share; rel: gtksourceview-4
Whitelisting /usr/share/gtksourceview-4
1259 1213 0:25 /usr/share/gtksourceview-4 /usr/share/gtksourceview-4 ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl
mountid=1259 fsname=/usr/share/gtksourceview-4 dir=/usr/share/gtksourceview-4 fstype=zfs
Debug 739: file: /usr/share/hunspell; dirfd: 5; topdir: /usr/share; rel: hunspell
Whitelisting /usr/share/hunspell
1260 1213 0:25 /usr/share/hunspell /usr/share/hunspell ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl
mountid=1260 fsname=/usr/share/hunspell dir=/usr/share/hunspell fstype=zfs
Debug 739: file: /usr/share/hwdata; dirfd: 5; topdir: /usr/share; rel: hwdata
Whitelisting /usr/share/hwdata
1261 1213 0:25 /usr/share/hwdata /usr/share/hwdata ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl
mountid=1261 fsname=/usr/share/hwdata dir=/usr/share/hwdata fstype=zfs
Debug 739: file: /usr/share/icons; dirfd: 5; topdir: /usr/share; rel: icons
Whitelisting /usr/share/icons
1262 1213 0:25 /usr/share/icons /usr/share/icons ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl
mountid=1262 fsname=/usr/share/icons dir=/usr/share/icons fstype=zfs
Debug 739: file: /usr/share/icu; dirfd: 5; topdir: /usr/share; rel: icu
Whitelisting /usr/share/icu
1263 1213 0:25 /usr/share/icu /usr/share/icu ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl
mountid=1263 fsname=/usr/share/icu dir=/usr/share/icu fstype=zfs
Debug 739: file: /usr/share/kservices5; dirfd: 5; topdir: /usr/share; rel: kservices5
Whitelisting /usr/share/kservices5
1264 1213 0:25 /usr/share/kservices5 /usr/share/kservices5 ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl
mountid=1264 fsname=/usr/share/kservices5 dir=/usr/share/kservices5 fstype=zfs
Debug 739: file: /usr/share/libdrm; dirfd: 5; topdir: /usr/share; rel: libdrm
Whitelisting /usr/share/libdrm
1265 1213 0:25 /usr/share/libdrm /usr/share/libdrm ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl
mountid=1265 fsname=/usr/share/libdrm dir=/usr/share/libdrm fstype=zfs
Debug 739: file: /usr/share/libthai; dirfd: 5; topdir: /usr/share; rel: libthai
Whitelisting /usr/share/libthai
1266 1213 0:25 /usr/share/libthai /usr/share/libthai ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl
mountid=1266 fsname=/usr/share/libthai dir=/usr/share/libthai fstype=zfs
Debug 739: file: /usr/share/locale; dirfd: 5; topdir: /usr/share; rel: locale
Whitelisting /usr/share/locale
1267 1213 0:25 /usr/share/locale /usr/share/locale ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl
mountid=1267 fsname=/usr/share/locale dir=/usr/share/locale fstype=zfs
Debug 739: file: /usr/share/mime; dirfd: 5; topdir: /usr/share; rel: mime
Whitelisting /usr/share/mime
1269 1213 0:25 /usr/share/mime /usr/share/mime ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl
mountid=1269 fsname=/usr/share/mime dir=/usr/share/mime fstype=zfs
Debug 739: file: /usr/share/misc; dirfd: 5; topdir: /usr/share; rel: misc
Whitelisting /usr/share/misc
1270 1213 0:25 /usr/share/misc /usr/share/misc ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl
mountid=1270 fsname=/usr/share/misc dir=/usr/share/misc fstype=zfs
Debug 739: file: /usr/share/myspell; dirfd: 5; topdir: /usr/share; rel: myspell
Whitelisting /usr/share/myspell
1271 1213 0:25 /usr/share/myspell /usr/share/myspell ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl
mountid=1271 fsname=/usr/share/myspell dir=/usr/share/myspell fstype=zfs
Debug 739: file: /usr/share/p11-kit; dirfd: 5; topdir: /usr/share; rel: p11-kit
Whitelisting /usr/share/p11-kit
1272 1213 0:25 /usr/share/p11-kit /usr/share/p11-kit ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl
mountid=1272 fsname=/usr/share/p11-kit dir=/usr/share/p11-kit fstype=zfs
Debug 739: file: /usr/share/perl5; dirfd: 5; topdir: /usr/share; rel: perl5
Whitelisting /usr/share/perl5
1273 1213 0:25 /usr/share/perl5 /usr/share/perl5 ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl
mountid=1273 fsname=/usr/share/perl5 dir=/usr/share/perl5 fstype=zfs
Debug 739: file: /usr/share/pipewire; dirfd: 5; topdir: /usr/share; rel: pipewire
Whitelisting /usr/share/pipewire
1274 1213 0:25 /usr/share/pipewire /usr/share/pipewire ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl
mountid=1274 fsname=/usr/share/pipewire dir=/usr/share/pipewire fstype=zfs
Debug 739: file: /usr/share/pixmaps; dirfd: 5; topdir: /usr/share; rel: pixmaps
Whitelisting /usr/share/pixmaps
1275 1213 0:25 /usr/share/pixmaps /usr/share/pixmaps ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl
mountid=1275 fsname=/usr/share/pixmaps dir=/usr/share/pixmaps fstype=zfs
Debug 739: file: /usr/share/qt; dirfd: 5; topdir: /usr/share; rel: qt
Whitelisting /usr/share/qt
1276 1213 0:25 /usr/share/qt /usr/share/qt ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl
mountid=1276 fsname=/usr/share/qt dir=/usr/share/qt fstype=zfs
Debug 739: file: /usr/share/sounds; dirfd: 5; topdir: /usr/share; rel: sounds
Whitelisting /usr/share/sounds
1277 1213 0:25 /usr/share/sounds /usr/share/sounds ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl
mountid=1277 fsname=/usr/share/sounds dir=/usr/share/sounds fstype=zfs
Debug 739: file: /usr/share/terminfo; dirfd: 5; topdir: /usr/share; rel: terminfo
Whitelisting /usr/share/terminfo
1278 1213 0:25 /usr/share/terminfo /usr/share/terminfo ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl
mountid=1278 fsname=/usr/share/terminfo dir=/usr/share/terminfo fstype=zfs
Debug 739: file: /usr/share/themes; dirfd: 5; topdir: /usr/share; rel: themes
Whitelisting /usr/share/themes
1279 1213 0:25 /usr/share/themes /usr/share/themes ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl
mountid=1279 fsname=/usr/share/themes dir=/usr/share/themes fstype=zfs
Debug 739: file: /usr/share/vulkan; dirfd: 5; topdir: /usr/share; rel: vulkan
Whitelisting /usr/share/vulkan
1280 1213 0:25 /usr/share/vulkan /usr/share/vulkan ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl
mountid=1280 fsname=/usr/share/vulkan dir=/usr/share/vulkan fstype=zfs
Debug 739: file: /usr/share/X11; dirfd: 5; topdir: /usr/share; rel: X11
Whitelisting /usr/share/X11
1281 1213 0:25 /usr/share/X11 /usr/share/X11 ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl
mountid=1281 fsname=/usr/share/X11 dir=/usr/share/X11 fstype=zfs
Debug 739: file: /usr/share/xml; dirfd: 5; topdir: /usr/share; rel: xml
Whitelisting /usr/share/xml
1282 1213 0:25 /usr/share/xml /usr/share/xml ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl
mountid=1282 fsname=/usr/share/xml dir=/usr/share/xml fstype=zfs
Debug 739: file: /usr/share/zenity; dirfd: 5; topdir: /usr/share; rel: zenity
Whitelisting /usr/share/zenity
1283 1213 0:25 /usr/share/zenity /usr/share/zenity ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl
mountid=1283 fsname=/usr/share/zenity dir=/usr/share/zenity fstype=zfs
Debug 739: file: /usr/share/zoneinfo; dirfd: 5; topdir: /usr/share; rel: zoneinfo
Whitelisting /usr/share/zoneinfo
1284 1213 0:25 /usr/share/zoneinfo /usr/share/zoneinfo ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl
mountid=1284 fsname=/usr/share/zoneinfo dir=/usr/share/zoneinfo fstype=zfs
Debug 739: file: /var/lib/dbus; dirfd: 8; topdir: /var; rel: lib/dbus
Whitelisting /var/lib/dbus
1286 1237 0:25 /var/lib/dbus /var/lib/dbus ro,nosuid,nodev,noexec,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl
mountid=1286 fsname=/var/lib/dbus dir=/var/lib/dbus fstype=zfs
Debug 739: file: /var/cache/fontconfig; dirfd: 8; topdir: /var; rel: cache/fontconfig
Whitelisting /var/cache/fontconfig
1287 1237 0:43 /fontconfig /var/cache/fontconfig ro,nosuid,nodev,noexec,noatime master:50 - zfs zroot/enc/ephem/no-repl/var/cache rw,xattr,posixacl
mountid=1287 fsname=/fontconfig dir=/var/cache/fontconfig fstype=zfs
Debug 739: file: /var/tmp; dirfd: 8; topdir: /var; rel: tmp
Whitelisting /var/tmp
1289 1237 0:82 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw,inode64
mountid=1289 fsname=/ dir=/var/tmp fstype=tmpfs
Created symbolic link /var/run -> /run
Created symbolic link /var/lock -> /run/lock
Debug 739: file: /tmp/.X11-unix; dirfd: 9; topdir: /tmp; rel: .X11-unix
Whitelisting /tmp/.X11-unix
1290 1238 0:52 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev,noatime master:74 - tmpfs tmpfs rw,size=6291456k,inode64
mountid=1290 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Disable /home/seonwoo/.local/share/Trash
Disable /home/seonwoo/.python_history
Disable /home/seonwoo/.bash_history
Disable /home/seonwoo/.local/share/klipper
Disable /home/seonwoo/.python_history
Disable /home/seonwoo/.lesshst
Disable /home/seonwoo/.viminfo
Disable /home/seonwoo/.config/autostart
Disable /home/seonwoo/.config/lxsession/LXDE/autostart
Disable /home/seonwoo/.config/openbox
Mounting read-only /home/seonwoo/.Xauthority
1301 1167 0:27 /.Xauthority /home/seonwoo/.Xauthority ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=1301 fsname=/.Xauthority dir=/home/seonwoo/.Xauthority fstype=zfs
Mounting read-only /home/seonwoo/.kde4/share/config/kdeglobals
1302 1167 0:27 /.kde4/share/config/kdeglobals /home/seonwoo/.kde4/share/config/kdeglobals ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=1302 fsname=/.kde4/share/config/kdeglobals dir=/home/seonwoo/.kde4/share/config/kdeglobals fstype=zfs
Mounting read-only /home/seonwoo/.kde4/share/kde4/services
1303 1167 0:27 /.kde4/share/kde4/services /home/seonwoo/.kde4/share/kde4/services ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=1303 fsname=/.kde4/share/kde4/services dir=/home/seonwoo/.kde4/share/kde4/services fstype=zfs
Disable /home/seonwoo/.local/share/gnome-shell
Disable /home/seonwoo/.local/share/gvfs-metadata
Mounting read-only /home/seonwoo/.config/dconf
1306 1167 0:27 /.config/dconf /home/seonwoo/.config/dconf ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=1306 fsname=/.config/dconf dir=/home/seonwoo/.config/dconf fstype=zfs
Disable /home/seonwoo/.config/systemd
Disable /home/seonwoo/.local/share/systemd
Disable /run/user/1000/systemd
Disable /home/seonwoo/.VirtualBox
Disable /home/seonwoo/.VeraCrypt
Disable /usr/share/applications/veracrypt.desktop
Disable /usr/share/pixmaps/veracrypt.xpm
Mounting read-only /home/seonwoo/.bash_logout
1315 1167 0:27 /.bash_logout /home/seonwoo/.bash_logout ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=1315 fsname=/.bash_logout dir=/home/seonwoo/.bash_logout fstype=zfs
Mounting read-only /home/seonwoo/.bash_profile
1316 1167 0:27 /.bash_profile /home/seonwoo/.bash_profile ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=1316 fsname=/.bash_profile dir=/home/seonwoo/.bash_profile fstype=zfs
Mounting read-only /home/seonwoo/.bashrc
1317 1167 0:27 /.bashrc /home/seonwoo/.bashrc ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=1317 fsname=/.bashrc dir=/home/seonwoo/.bashrc fstype=zfs
Mounting read-only /home/seonwoo/.profile
1318 1167 0:27 /.profile /home/seonwoo/.profile ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=1318 fsname=/.profile dir=/home/seonwoo/.profile fstype=zfs
Disable /home/seonwoo/.ssh/authorized_keys
Mounting read-only /home/seonwoo/.ssh/config
1320 1167 0:27 /.ssh/config /home/seonwoo/.ssh/config ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=1320 fsname=/.ssh/config dir=/home/seonwoo/.ssh/config fstype=zfs
Mounting read-only /home/seonwoo/.emacs
1321 1167 0:27 /.emacs /home/seonwoo/.emacs ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=1321 fsname=/.emacs dir=/home/seonwoo/.emacs fstype=zfs
Mounting read-only /home/seonwoo/.emacs.d
1322 1167 0:27 /.emacs.d /home/seonwoo/.emacs.d ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=1322 fsname=/.emacs.d dir=/home/seonwoo/.emacs.d fstype=zfs
Mounting read-only /home/seonwoo/.local/lib
1323 1167 0:27 /.local/lib /home/seonwoo/.local/lib ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=1323 fsname=/.local/lib dir=/home/seonwoo/.local/lib fstype=zfs
Mounting read-only /home/seonwoo/.vim
1324 1167 0:27 /.vim /home/seonwoo/.vim ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=1324 fsname=/.vim dir=/home/seonwoo/.vim fstype=zfs
Mounting read-only /home/seonwoo/.viminfo
1325 1297 0:23 /firejail/firejail.ro.file /home/seonwoo/.viminfo ro,nosuid,nodev,relatime master:15 - tmpfs run rw,mode=755,inode64
mountid=1325 fsname=/firejail/firejail.ro.file dir=/home/seonwoo/.viminfo fstype=tmpfs
Mounting read-only /home/seonwoo/.vimrc
1326 1167 0:27 /.vimrc /home/seonwoo/.vimrc ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=1326 fsname=/.vimrc dir=/home/seonwoo/.vimrc fstype=zfs
Mounting read-only /home/seonwoo/.local/bin
1327 1167 0:27 /.local/bin /home/seonwoo/.local/bin ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=1327 fsname=/.local/bin dir=/home/seonwoo/.local/bin fstype=zfs
Mounting read-only /home/seonwoo/bin
1328 1167 0:27 /bin /home/seonwoo/bin ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=1328 fsname=/bin dir=/home/seonwoo/bin fstype=zfs
Mounting read-only /home/seonwoo/.config/menus
1329 1167 0:27 /.config/menus /home/seonwoo/.config/menus ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=1329 fsname=/.config/menus dir=/home/seonwoo/.config/menus fstype=zfs
Mounting read-only /home/seonwoo/.local/share/applications
1330 1167 0:27 /.local/share/applications /home/seonwoo/.local/share/applications ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=1330 fsname=/.local/share/applications dir=/home/seonwoo/.local/share/applications fstype=zfs
Mounting read-only /home/seonwoo/.config/mimeapps.list
1331 1167 0:27 /.config/mimeapps.list /home/seonwoo/.config/mimeapps.list ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=1331 fsname=/.config/mimeapps.list dir=/home/seonwoo/.config/mimeapps.list fstype=zfs
Mounting read-only /home/seonwoo/.config/user-dirs.dirs
1332 1167 0:27 /.config/user-dirs.dirs /home/seonwoo/.config/user-dirs.dirs ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=1332 fsname=/.config/user-dirs.dirs dir=/home/seonwoo/.config/user-dirs.dirs fstype=zfs
Mounting read-only /home/seonwoo/.config/user-dirs.locale
1333 1167 0:27 /.config/user-dirs.locale /home/seonwoo/.config/user-dirs.locale ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=1333 fsname=/.config/user-dirs.locale dir=/home/seonwoo/.config/user-dirs.locale fstype=zfs
Mounting read-only /home/seonwoo/.local/share/mime
1334 1167 0:27 /.local/share/mime /home/seonwoo/.local/share/mime ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=1334 fsname=/.local/share/mime dir=/home/seonwoo/.local/share/mime fstype=zfs
Not blacklist /home/seonwoo/*.kdb
Not blacklist /home/seonwoo/Database-cached.kdbx
Disable /home/seonwoo/.gnupg
Disable /home/seonwoo/.local/share/keyrings
Disable /home/seonwoo/.local/share/pki
Disable /home/seonwoo/.pki
Disable /home/seonwoo/.ssh
Warning: /sbin directory link was not blacklisted
Disable /usr/local/sbin
Warning: /usr/sbin directory link was not blacklisted
Warning (blacklisting): cannot open /usr/local/sbin/at: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/busybox: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/chage: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/chfn: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/chsh: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/crontab: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/evtest: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/expiry: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/fusermount: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/gksu: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/gksudo: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/gpasswd: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/kdesudo: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/ksu: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/mount: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/mount.ecryptfs_private: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/nc: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/ncat: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/nmap: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/newgidmap: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/newgrp: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/newuidmap: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/ntfs-3g: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/pkexec: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/procmail: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/sg: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/strace: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/su: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/sudo: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/tcpdump: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/umount: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/unix_chkpwd: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/xev: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/xinput: Permission denied
Disable /usr/lib/ssh
Warning (blacklisting): cannot open /usr/local/sbin/passwd: Permission denied
Disable /usr/lib/dbus-1.0/dbus-daemon-launch-helper
Disable /usr/lib/chromium/chrome-sandbox
Warning (blacklisting): cannot open /usr/local/sbin/suexec: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/slock: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/physlock: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/schroot: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/wshowkeys: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/pmount: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/pumount: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/bmon: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/fping: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/fping6: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/hostname: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/mtr: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/mtr-packet: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/netstat: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/nm-online: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/nmcli: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/nmtui: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/nmtui-connect: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/nmtui-edit: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/nmtui-hostname: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/networkctl: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/ss: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/traceroute: Permission denied
Disable /usr/lib/virtualbox
Disable /usr/lib/virtualbox (requested /usr/lib64/virtualbox)
Warning (blacklisting): cannot open /usr/local/sbin/gnome-terminal: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/gnome-terminal.wrapper: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/lilyterm: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/lxterminal: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/mate-terminal: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/mate-terminal.wrapper: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/pantheon-terminal: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/roxterm: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/roxterm-config: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/terminix: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/tilix: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/urxvtc: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/urxvtcd: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/xfce4-terminal: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/xfce4-terminal.wrapper: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/bwrap: Permission denied
Disable /proc/config.gz
Warning (blacklisting): cannot open /usr/local/sbin/dig: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/dlint: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/dns2tcp: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/dnssec-*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/dnswalk: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/drill: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/host: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/iodine: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/kdig: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/khost: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/knsupdate: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/ldns-*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/ldnsd: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/nslookup: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/resolvectl: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/unbound-host: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/ftp: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/ssh: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/telnet: Permission denied
Disable /run/user/1000/pipewire-0.lock
Disable /home/seonwoo/.local/opt/tor-browser
Warning (blacklisting): cannot open /usr/local/sbin/clang*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/lldb*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/llvm*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/as: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/cc: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/c++*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/c8*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/c9*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/cpp*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/g++*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/gcc*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/gdb: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/ld: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/*-gcc*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/*-g++*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/*-gcc*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/*-g++*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/gccgo: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/go: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/gofmt: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/java: Permission denied
Disable /usr/lib/jvm/java-17-openjdk/bin/java (requested /usr/lib/jvm/default/bin/java)
Warning (blacklisting): cannot open /usr/local/sbin/javac: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/openssl: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/openssl-1.0: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/rust-gdb: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/rust-lldb: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/rustc: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/tcc: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/x86_64-tcc: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/valgrind*: Permission denied
Disable /usr/src
Disable /usr/local/src
Disable /usr/include
Disable /usr/local/include
Mounting noexec /home/seonwoo
1418 1365 0:23 /firejail/firejail.ro.dir /home/seonwoo/.config/firejail rw,nosuid,nodev,noexec,relatime master:15 - tmpfs run rw,mode=755,inode64
mountid=1418 fsname=/firejail/firejail.ro.dir dir=/home/seonwoo/.config/firejail fstype=tmpfs
Mounting noexec /home/seonwoo/.local/share/Trash
1419 1366 0:23 /firejail/firejail.ro.dir /home/seonwoo/.local/share/Trash rw,nosuid,nodev,noexec,relatime master:15 - tmpfs run rw,mode=755,inode64
mountid=1419 fsname=/firejail/firejail.ro.dir dir=/home/seonwoo/.local/share/Trash fstype=tmpfs
Mounting noexec /home/seonwoo/.python_history
1420 1368 0:23 /firejail/firejail.ro.file /home/seonwoo/.python_history rw,nosuid,nodev,noexec,relatime master:15 - tmpfs run rw,mode=755,inode64
mountid=1420 fsname=/firejail/firejail.ro.file dir=/home/seonwoo/.python_history fstype=tmpfs
Mounting noexec /home/seonwoo/.bash_history
1421 1369 0:23 /firejail/firejail.ro.file /home/seonwoo/.bash_history rw,nosuid,nodev,noexec,relatime master:15 - tmpfs run rw,mode=755,inode64
mountid=1421 fsname=/firejail/firejail.ro.file dir=/home/seonwoo/.bash_history fstype=tmpfs
Mounting noexec /home/seonwoo/.local/share/klipper
1422 1370 0:23 /firejail/firejail.ro.dir /home/seonwoo/.local/share/klipper rw,nosuid,nodev,noexec,relatime master:15 - tmpfs run rw,mode=755,inode64
mountid=1422 fsname=/firejail/firejail.ro.dir dir=/home/seonwoo/.local/share/klipper fstype=tmpfs
Mounting noexec /home/seonwoo/.lesshst
1423 1371 0:23 /firejail/firejail.ro.file /home/seonwoo/.lesshst rw,nosuid,nodev,noexec,relatime master:15 - tmpfs run rw,mode=755,inode64
mountid=1423 fsname=/firejail/firejail.ro.file dir=/home/seonwoo/.lesshst fstype=tmpfs
Mounting noexec /home/seonwoo/.viminfo
1424 1373 0:23 /firejail/firejail.ro.file /home/seonwoo/.viminfo ro,nosuid,nodev,noexec,relatime master:15 - tmpfs run rw,mode=755,inode64
mountid=1424 fsname=/firejail/firejail.ro.file dir=/home/seonwoo/.viminfo fstype=tmpfs
Mounting noexec /home/seonwoo/.config/autostart
1425 1374 0:23 /firejail/firejail.ro.dir /home/seonwoo/.config/autostart rw,nosuid,nodev,noexec,relatime master:15 - tmpfs run rw,mode=755,inode64
mountid=1425 fsname=/firejail/firejail.ro.dir dir=/home/seonwoo/.config/autostart fstype=tmpfs
Mounting noexec /home/seonwoo/.config/lxsession/LXDE/autostart
1426 1375 0:23 /firejail/firejail.ro.file /home/seonwoo/.config/lxsession/LXDE/autostart rw,nosuid,nodev,noexec,relatime master:15 - tmpfs run rw,mode=755,inode64
mountid=1426 fsname=/firejail/firejail.ro.file dir=/home/seonwoo/.config/lxsession/LXDE/autostart fstype=tmpfs
Mounting noexec /home/seonwoo/.config/openbox
1427 1376 0:23 /firejail/firejail.ro.dir /home/seonwoo/.config/openbox rw,nosuid,nodev,noexec,relatime master:15 - tmpfs run rw,mode=755,inode64
mountid=1427 fsname=/firejail/firejail.ro.dir dir=/home/seonwoo/.config/openbox fstype=tmpfs
Mounting noexec /home/seonwoo/.Xauthority
1428 1377 0:27 /.Xauthority /home/seonwoo/.Xauthority ro,nosuid,nodev,noexec,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=1428 fsname=/.Xauthority dir=/home/seonwoo/.Xauthority fstype=zfs
Mounting noexec /home/seonwoo/.kde4/share/config/kdeglobals
1429 1378 0:27 /.kde4/share/config/kdeglobals /home/seonwoo/.kde4/share/config/kdeglobals ro,nosuid,nodev,noexec,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=1429 fsname=/.kde4/share/config/kdeglobals dir=/home/seonwoo/.kde4/share/config/kdeglobals fstype=zfs
Mounting noexec /home/seonwoo/.kde4/share/kde4/services
1430 1379 0:27 /.kde4/share/kde4/services /home/seonwoo/.kde4/share/kde4/services ro,nosuid,nodev,noexec,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=1430 fsname=/.kde4/share/kde4/services dir=/home/seonwoo/.kde4/share/kde4/services fstype=zfs
Mounting noexec /home/seonwoo/.local/share/gnome-shell
1431 1380 0:23 /firejail/firejail.ro.dir /home/seonwoo/.local/share/gnome-shell rw,nosuid,nodev,noexec,relatime master:15 - tmpfs run rw,mode=755,inode64
mountid=1431 fsname=/firejail/firejail.ro.dir dir=/home/seonwoo/.local/share/gnome-shell fstype=tmpfs
Mounting noexec /home/seonwoo/.local/share/gvfs-metadata
1432 1381 0:23 /firejail/firejail.ro.dir /home/seonwoo/.local/share/gvfs-metadata rw,nosuid,nodev,noexec,relatime master:15 - tmpfs run rw,mode=755,inode64
mountid=1432 fsname=/firejail/firejail.ro.dir dir=/home/seonwoo/.local/share/gvfs-metadata fstype=tmpfs
Mounting noexec /home/seonwoo/.config/dconf
1433 1382 0:27 /.config/dconf /home/seonwoo/.config/dconf ro,nosuid,nodev,noexec,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=1433 fsname=/.config/dconf dir=/home/seonwoo/.config/dconf fstype=zfs
Mounting noexec /home/seonwoo/.config/systemd
1434 1383 0:23 /firejail/firejail.ro.dir /home/seonwoo/.config/systemd rw,nosuid,nodev,noexec,relatime master:15 - tmpfs run rw,mode=755,inode64
mountid=1434 fsname=/firejail/firejail.ro.dir dir=/home/seonwoo/.config/systemd fstype=tmpfs
Mounting noexec /home/seonwoo/.local/share/systemd
1435 1384 0:23 /firejail/firejail.ro.dir /home/seonwoo/.local/share/systemd rw,nosuid,nodev,noexec,relatime master:15 - tmpfs run rw,mode=755,inode64
mountid=1435 fsname=/firejail/firejail.ro.dir dir=/home/seonwoo/.local/share/systemd fstype=tmpfs
Mounting noexec /home/seonwoo/.VirtualBox
1436 1385 0:23 /firejail/firejail.ro.dir /home/seonwoo/.VirtualBox rw,nosuid,nodev,noexec,relatime master:15 - tmpfs run rw,mode=755,inode64
mountid=1436 fsname=/firejail/firejail.ro.dir dir=/home/seonwoo/.VirtualBox fstype=tmpfs
Mounting noexec /home/seonwoo/.VeraCrypt
1437 1386 0:23 /firejail/firejail.ro.dir /home/seonwoo/.VeraCrypt rw,nosuid,nodev,noexec,relatime master:15 - tmpfs run rw,mode=755,inode64
mountid=1437 fsname=/firejail/firejail.ro.dir dir=/home/seonwoo/.VeraCrypt fstype=tmpfs
Mounting noexec /home/seonwoo/.bash_logout
1438 1387 0:27 /.bash_logout /home/seonwoo/.bash_logout ro,nosuid,nodev,noexec,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=1438 fsname=/.bash_logout dir=/home/seonwoo/.bash_logout fstype=zfs
Mounting noexec /home/seonwoo/.bash_profile
1439 1388 0:27 /.bash_profile /home/seonwoo/.bash_profile ro,nosuid,nodev,noexec,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=1439 fsname=/.bash_profile dir=/home/seonwoo/.bash_profile fstype=zfs
Mounting noexec /home/seonwoo/.bashrc
1440 1389 0:27 /.bashrc /home/seonwoo/.bashrc ro,nosuid,nodev,noexec,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=1440 fsname=/.bashrc dir=/home/seonwoo/.bashrc fstype=zfs
Mounting noexec /home/seonwoo/.profile
1441 1390 0:27 /.profile /home/seonwoo/.profile ro,nosuid,nodev,noexec,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=1441 fsname=/.profile dir=/home/seonwoo/.profile fstype=zfs
Warning: not remounting /home/seonwoo/.ssh/authorized_keys
Warning: not remounting /home/seonwoo/.ssh/config
Mounting noexec /home/seonwoo/.emacs
1442 1393 0:27 /.emacs /home/seonwoo/.emacs ro,nosuid,nodev,noexec,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=1442 fsname=/.emacs dir=/home/seonwoo/.emacs fstype=zfs
Mounting noexec /home/seonwoo/.emacs.d
1443 1394 0:27 /.emacs.d /home/seonwoo/.emacs.d ro,nosuid,nodev,noexec,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=1443 fsname=/.emacs.d dir=/home/seonwoo/.emacs.d fstype=zfs
Mounting noexec /home/seonwoo/.local/lib
1444 1395 0:27 /.local/lib /home/seonwoo/.local/lib ro,nosuid,nodev,noexec,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=1444 fsname=/.local/lib dir=/home/seonwoo/.local/lib fstype=zfs
Mounting noexec /home/seonwoo/.vim
1445 1396 0:27 /.vim /home/seonwoo/.vim ro,nosuid,nodev,noexec,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=1445 fsname=/.vim dir=/home/seonwoo/.vim fstype=zfs
Mounting noexec /home/seonwoo/.vimrc
1446 1397 0:27 /.vimrc /home/seonwoo/.vimrc ro,nosuid,nodev,noexec,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=1446 fsname=/.vimrc dir=/home/seonwoo/.vimrc fstype=zfs
Mounting noexec /home/seonwoo/.local/bin
1447 1398 0:27 /.local/bin /home/seonwoo/.local/bin ro,nosuid,nodev,noexec,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=1447 fsname=/.local/bin dir=/home/seonwoo/.local/bin fstype=zfs
Mounting noexec /home/seonwoo/bin
1448 1399 0:27 /bin /home/seonwoo/bin ro,nosuid,nodev,noexec,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=1448 fsname=/bin dir=/home/seonwoo/bin fstype=zfs
Mounting noexec /home/seonwoo/.config/menus
1449 1400 0:27 /.config/menus /home/seonwoo/.config/menus ro,nosuid,nodev,noexec,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=1449 fsname=/.config/menus dir=/home/seonwoo/.config/menus fstype=zfs
Mounting noexec /home/seonwoo/.local/share/applications
1450 1401 0:27 /.local/share/applications /home/seonwoo/.local/share/applications ro,nosuid,nodev,noexec,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=1450 fsname=/.local/share/applications dir=/home/seonwoo/.local/share/applications fstype=zfs
Mounting noexec /home/seonwoo/.config/mimeapps.list
1451 1402 0:27 /.config/mimeapps.list /home/seonwoo/.config/mimeapps.list ro,nosuid,nodev,noexec,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=1451 fsname=/.config/mimeapps.list dir=/home/seonwoo/.config/mimeapps.list fstype=zfs
Mounting noexec /home/seonwoo/.config/user-dirs.dirs
1452 1403 0:27 /.config/user-dirs.dirs /home/seonwoo/.config/user-dirs.dirs ro,nosuid,nodev,noexec,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=1452 fsname=/.config/user-dirs.dirs dir=/home/seonwoo/.config/user-dirs.dirs fstype=zfs
Mounting noexec /home/seonwoo/.config/user-dirs.locale
1453 1404 0:27 /.config/user-dirs.locale /home/seonwoo/.config/user-dirs.locale ro,nosuid,nodev,noexec,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=1453 fsname=/.config/user-dirs.locale dir=/home/seonwoo/.config/user-dirs.locale fstype=zfs
Mounting noexec /home/seonwoo/.local/share/mime
1454 1405 0:27 /.local/share/mime /home/seonwoo/.local/share/mime ro,nosuid,nodev,noexec,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl
mountid=1454 fsname=/.local/share/mime dir=/home/seonwoo/.local/share/mime fstype=zfs
Mounting noexec /home/seonwoo/.gnupg
1455 1406 0:23 /firejail/firejail.ro.dir /home/seonwoo/.gnupg rw,nosuid,nodev,noexec,relatime master:15 - tmpfs run rw,mode=755,inode64
mountid=1455 fsname=/firejail/firejail.ro.dir dir=/home/seonwoo/.gnupg fstype=tmpfs
Mounting noexec /home/seonwoo/.local/share/keyrings
1456 1407 0:23 /firejail/firejail.ro.dir /home/seonwoo/.local/share/keyrings rw,nosuid,nodev,noexec,relatime master:15 - tmpfs run rw,mode=755,inode64
mountid=1456 fsname=/firejail/firejail.ro.dir dir=/home/seonwoo/.local/share/keyrings fstype=tmpfs
Mounting noexec /home/seonwoo/.local/share/pki
1457 1408 0:23 /firejail/firejail.ro.dir /home/seonwoo/.local/share/pki rw,nosuid,nodev,noexec,relatime master:15 - tmpfs run rw,mode=755,inode64
mountid=1457 fsname=/firejail/firejail.ro.dir dir=/home/seonwoo/.local/share/pki fstype=tmpfs
Mounting noexec /home/seonwoo/.pki
1458 1409 0:23 /firejail/firejail.ro.dir /home/seonwoo/.pki rw,nosuid,nodev,noexec,relatime master:15 - tmpfs run rw,mode=755,inode64
mountid=1458 fsname=/firejail/firejail.ro.dir dir=/home/seonwoo/.pki fstype=tmpfs
Mounting noexec /home/seonwoo/.ssh
1459 1410 0:23 /firejail/firejail.ro.dir /home/seonwoo/.ssh rw,nosuid,nodev,noexec,relatime master:15 - tmpfs run rw,mode=755,inode64
mountid=1459 fsname=/firejail/firejail.ro.dir dir=/home/seonwoo/.ssh fstype=tmpfs
Mounting noexec /home/seonwoo/.local/opt/tor-browser
1460 1411 0:23 /firejail/firejail.ro.dir /home/seonwoo/.local/opt/tor-browser rw,nosuid,nodev,noexec,relatime master:15 - tmpfs run rw,mode=755,inode64
mountid=1460 fsname=/firejail/firejail.ro.dir dir=/home/seonwoo/.local/opt/tor-browser fstype=tmpfs
Mounting noexec /run/user/1000
1467 1461 0:23 /firejail/firejail.ro.file /run/user/1000/pipewire-0.lock rw,nosuid,nodev,relatime master:15 - tmpfs run rw,mode=755,inode64
mountid=1467 fsname=/firejail/firejail.ro.file dir=/run/user/1000/pipewire-0.lock fstype=tmpfs
Warning: not remounting /run/user/1000/gvfs
Mounting noexec /run/user/1000/bus
1468 1463 0:23 /firejail/firejail.ro.file /run/user/1000/bus rw,nosuid,nodev,noexec,relatime master:15 - tmpfs run rw,mode=755,inode64
mountid=1468 fsname=/firejail/firejail.ro.file dir=/run/user/1000/bus fstype=tmpfs
Mounting noexec /run/user/1000/gnupg
1469 1464 0:23 /firejail/firejail.ro.dir /run/user/1000/gnupg rw,nosuid,nodev,noexec,relatime master:15 - tmpfs run rw,mode=755,inode64
mountid=1469 fsname=/firejail/firejail.ro.dir dir=/run/user/1000/gnupg fstype=tmpfs
Mounting noexec /run/user/1000/systemd
1470 1466 0:23 /firejail/firejail.ro.dir /run/user/1000/systemd rw,nosuid,nodev,noexec,relatime master:15 - tmpfs run rw,mode=755,inode64
mountid=1470 fsname=/firejail/firejail.ro.dir dir=/run/user/1000/systemd fstype=tmpfs
Mounting noexec /run/user/1000/pipewire-0.lock
1471 1467 0:23 /firejail/firejail.ro.file /run/user/1000/pipewire-0.lock rw,nosuid,nodev,noexec,relatime master:15 - tmpfs run rw,mode=755,inode64
mountid=1471 fsname=/firejail/firejail.ro.file dir=/run/user/1000/pipewire-0.lock fstype=tmpfs
Mounting noexec /dev/shm
1472 1025 0:24 / /dev/shm rw,nosuid,nodev,noexec master:7 - tmpfs tmpfs rw,inode64
mountid=1472 fsname=/ dir=/dev/shm fstype=tmpfs
Mounting noexec /tmp
1474 1473 0:52 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev,noatime master:74 - tmpfs tmpfs rw,size=6291456k,inode64
mountid=1474 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Mounting noexec /tmp/.X11-unix
1475 1474 0:52 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev,noexec,noatime master:74 - tmpfs tmpfs rw,size=6291456k,inode64
mountid=1475 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Warning (blacklisting): cannot open /usr/local/sbin/gjs: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/gjs-console: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/lua*: Permission denied
Warning (blacklisting): cannot open /usr/include/lua*: Permission denied
Disable /usr/lib/liblua5.3.so.5.3.6 (requested /usr/lib/liblua.so.5.3.6)
Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib/liblua5.2.so)
Disable /usr/lib/libluajit-5.1.so.2.1.0
Disable /usr/lib/liblua5.2.so.5.2.4
Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib/liblua5.2.so.5.2)
Disable /usr/lib/liblua5.3.so.5.3.6 (requested /usr/lib/liblua5.3.so)
Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib/liblua.so.5.2)
Disable /usr/lib/liblua.so.5.4.4 (requested /usr/lib/liblua5.4.so)
Disable /usr/lib/liblua.so.5.4.4
Disable /usr/lib/libluajit-5.1.so.2.1.0 (requested /usr/lib/libluajit-5.1.so)
Disable /usr/lib/liblua5.3.so.5.3.6 (requested /usr/lib/liblua5.3.so.5.3)
Disable /usr/lib/liblua5.3.so.5.3.6
Disable /usr/lib/liblua.so.5.4.4 (requested /usr/lib/liblua.so)
Disable /usr/lib/liblua.so.5.4.4 (requested /usr/lib/liblua.so.5.4)
Disable /usr/lib/libluajit-5.1.so.2.1.0 (requested /usr/lib/libluajit-5.1.so.2)
Disable /usr/lib/liblua5.3.so.5.3.6 (requested /usr/lib/liblua.so.5.3)
Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib/liblua.so.5.2.4)
Disable /usr/lib/lua
Disable /usr/lib/liblua5.3.so.5.3.6 (requested /usr/lib64/liblua.so.5.3.6)
Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib64/liblua5.2.so)
Disable /usr/lib/libluajit-5.1.so.2.1.0 (requested /usr/lib64/libluajit-5.1.so.2.1.0)
Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib64/liblua5.2.so.5.2.4)
Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib64/liblua5.2.so.5.2)
Disable /usr/lib/liblua5.3.so.5.3.6 (requested /usr/lib64/liblua5.3.so)
Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib64/liblua.so.5.2)
Disable /usr/lib/liblua.so.5.4.4 (requested /usr/lib64/liblua5.4.so)
Disable /usr/lib/liblua.so.5.4.4 (requested /usr/lib64/liblua.so.5.4.4)
Disable /usr/lib/libluajit-5.1.so.2.1.0 (requested /usr/lib64/libluajit-5.1.so)
Disable /usr/lib/liblua5.3.so.5.3.6 (requested /usr/lib64/liblua5.3.so.5.3)
Disable /usr/lib/liblua5.3.so.5.3.6 (requested /usr/lib64/liblua5.3.so.5.3.6)
Disable /usr/lib/liblua.so.5.4.4 (requested /usr/lib64/liblua.so)
Disable /usr/lib/liblua.so.5.4.4 (requested /usr/lib64/liblua.so.5.4)
Disable /usr/lib/libluajit-5.1.so.2.1.0 (requested /usr/lib64/libluajit-5.1.so.2)
Disable /usr/lib/liblua5.3.so.5.3.6 (requested /usr/lib64/liblua.so.5.3)
Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib64/liblua.so.5.2.4)
Disable /usr/lib/lua (requested /usr/lib64/lua)
Disable /usr/lib/libmozjs-52.so.old
Disable /usr/lib/libmozjs-78.so
Disable /usr/lib/libmozjs-52.so.old (requested /usr/lib/libmozjs-52.so.0)
Disable /usr/lib/libmozjs-52.so.old (requested /usr/lib64/libmozjs-52.so.old)
Disable /usr/lib/libmozjs-78.so (requested /usr/lib64/libmozjs-78.so)
Disable /usr/lib/libmozjs-52.so.old (requested /usr/lib64/libmozjs-52.so.0)
Warning (blacklisting): cannot open /usr/local/sbin/node: Permission denied
Warning (blacklisting): cannot open /usr/include/node: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/core_perl: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/cpan*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/perl: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/site_perl: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/vendor_perl: Permission denied
Disable /usr/lib/perl5
Disable /usr/lib/perl5 (requested /usr/lib64/perl5)
Disable /usr/share/perl5
Warning (blacklisting): cannot open /usr/local/sbin/rxvt: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/php*: Permission denied
Disable /usr/lib/php7
Warning (blacklisting): cannot open /usr/local/sbin/ruby: Permission denied
Disable /usr/lib/ruby
Disable /usr/lib/ruby (requested /usr/lib64/ruby)
Warning (blacklisting): cannot open /usr/local/sbin/python2*: Permission denied
Warning (blacklisting): cannot open /usr/include/python2*: Permission denied
Disable /usr/lib/python2.7
Warning (blacklisting): cannot open /usr/local/sbin/python3*: Permission denied
Warning (blacklisting): cannot open /usr/include/python3*: Permission denied
Disable /usr/lib/python3.10
Disable /usr/lib/python3.9
Disable /usr/lib/python3.10 (requested /usr/lib64/python3.10)
Disable /usr/lib/python3.9 (requested /usr/lib64/python3.9)
Disable /home/seonwoo/.VirtualBox
Disable /home/seonwoo/.android
Disable /home/seonwoo/.audacity-data
Disable /home/seonwoo/.cache/chromium
Disable /home/seonwoo/.cache/geeqie
Not blacklist /home/seonwoo/.cache/keepassxc
Disable /home/seonwoo/.cache/mozilla
Disable /home/seonwoo/.cache/vlc
Not blacklist /home/seonwoo/.config/BraveSoftware
Not blacklist /home/seonwoo/.config/KeePassXCrc
Disable /home/seonwoo/.config/Slack
Disable /home/seonwoo/.config/Thunar
Disable /home/seonwoo/.config/asunder
Not blacklist /home/seonwoo/.config/chromium
Disable /home/seonwoo/.config/gnome-session
Not blacklist /home/seonwoo/.config/google-chrome
Not blacklist /home/seonwoo/.config/keepassxc
Not blacklist /home/seonwoo/.config/vivaldi
Disable /home/seonwoo/.config/vlc
Disable /home/seonwoo/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml
Disable /home/seonwoo/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml
Disable /home/seonwoo/.cups
Disable /home/seonwoo/.elinks
Disable /home/seonwoo/.emacs
Disable /home/seonwoo/.emacs.d
Disable /home/seonwoo/.gimp-2.8
Disable /home/seonwoo/.gitconfig
Not blacklist /home/seonwoo/.keepassxc
Disable /home/seonwoo/.killingfloor
Disable /home/seonwoo/.klei
Disable /home/seonwoo/.local/share/qpdfview
Not blacklist /home/seonwoo/.local/share/torbrowser
Disable /home/seonwoo/.local/share/totem
Disable /home/seonwoo/.local/share/vlc
Disable /home/seonwoo/.local/share/vpltd
Disable /home/seonwoo/.local/share/vulkan
Disable /home/seonwoo/.local/state/pipewire
Disable /home/seonwoo/.mbwarband
Not blacklist /home/seonwoo/.mozilla
Disable /home/seonwoo/.npm
Disable /home/seonwoo/.nv
Disable /home/seonwoo/.paradoxinteractive
Disable /home/seonwoo/.vim
Disable /home/seonwoo/.vimrc
Disable /home/seonwoo/.wget-hsts
Warning (blacklisting): cannot open /usr/local/sbin/bash: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/csh: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/dash: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/fish: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/ksh: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/mksh: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/oksh: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/sh: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/tclsh: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/tcsh: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/zsh: Permission denied
Not blacklist ${DOCUMENTS}
Mounting read-only /tmp/.X11-unix
1633 1475 0:52 /.X11-unix /tmp/.X11-unix ro,nosuid,nodev,noexec,noatime master:74 - tmpfs tmpfs rw,size=6291456k,inode64
mountid=1633 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Disable /sys/fs
Disable /sys/module
disable pulseaudio
blacklist /home/seonwoo/.config/pulse
blacklist /run/user/1000/pulse/native
blacklist /run/user/1000/pulse
disable pipewire
blacklist /run/user/1000/pipewire-0.lock
blacklist /run/user/1000/pipewire-0
blacklist /run/user/1000/pipewire-0.lock
blacklist /run/user/1000/pipewire-0
blacklist /dev/snd
blacklist /dev/dri
blacklist /dev/nvidia0
blacklist /dev/nvidiactl
blacklist /dev/nvidia-modeset
blacklist /dev/nvidia-uvm
blacklist /dev/input
rebuilding /etc directory
Creating empty /run/firejail/mnt/dns-etc/machine-id file
Creating empty /run/firejail/mnt/dns-etc/ld.so.preload file
Creating empty /run/firejail/mnt/dns-etc/ld.so.cache file
Creating empty /run/firejail/mnt/dns-etc/fonts directory
Mount-bind /run/firejail/mnt/dns-etc on top of /etc
Current directory: /home/seonwoo
DISPLAY=:0.0 parsed as 0
Install protocol filter: unix
configuring 16 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol
sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol 
Dropping all capabilities
Drop privileges: pid 11, uid 1000, gid 100, force_nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 04 00 c000003e   jeq ARCH_64 0006 (false 0002)
 0002: 20 00 00 00000000   ld  data.syscall-number
 0003: 15 01 00 00000167   jeq unknown 0005 (false 0004)
 0004: 06 00 00 7fff0000   ret ALLOW
 0005: 05 00 00 00000006   jmp 000c
 0006: 20 00 00 00000004   ld  data.architecture
 0007: 15 01 00 c000003e   jeq ARCH_64 0009 (false 0008)
 0008: 06 00 00 7fff0000   ret ALLOW
 0009: 20 00 00 00000000   ld  data.syscall-number
 000a: 15 01 00 00000029   jeq socket 000c (false 000b)
 000b: 06 00 00 7fff0000   ret ALLOW
 000c: 20 00 00 00000010   ld  data.args[0]
 000d: 15 00 01 00000001   jeq 1 000e (false 000f)
 000e: 06 00 00 7fff0000   ret ALLOW
 000f: 06 00 00 0005005f   ret ERRNO(95)
configuring 15 seccomp entries in /run/firejail/mnt/seccomp/seccomp.block_secondary
sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.block_secondary 
Dropping all capabilities
Drop privileges: pid 12, uid 1000, gid 100, force_nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 00050001   ret ERRNO(1)
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 35 01 00 40000000   jge X32_ABI 0006 (false 0005)
 0005: 35 01 00 00000000   jge read 0007 (false 0006)
 0006: 06 00 00 00050001   ret ERRNO(1)
 0007: 15 00 06 00000087   jeq personality 0008 (false 000e)
 0008: 20 00 00 00000010   ld  data.args[0]
 0009: 15 01 00 00000000   jeq 0 000b (false 000a)
 000a: 15 00 02 ffffffff   jeq ffffffff 000b (false 000d)
 000b: 20 00 00 00000014   ld  data.args[4]
 000c: 15 01 00 00000000   jeq 0 000e (false 000d)
 000d: 06 00 00 00050001   ret ERRNO(1)
 000e: 06 00 00 7fff0000   ret ALLOW
Secondary arch blocking seccomp filter configured
Build default+drop seccomp filter
sbox run: /run/firejail/lib/fseccomp default drop /run/firejail/mnt/seccomp/seccomp /run/firejail/mnt/seccomp/seccomp.postexec !name_to_handle_at 
Dropping all capabilities
Drop privileges: pid 13, uid 1000, gid 100, force_nogroups 1
No supplementary groups
Seccomp list in: !name_to_handle_at, check list: @default-keep, prelist: unknown,
sbox run: /run/firejail/lib/fsec-optimize /run/firejail/mnt/seccomp/seccomp 
Dropping all capabilities
Drop privileges: pid 14, uid 1000, gid 100, force_nogroups 1
No supplementary groups
configuring 73 seccomp entries in /run/firejail/mnt/seccomp/seccomp
sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp 
Dropping all capabilities
Drop privileges: pid 15, uid 1000, gid 100, force_nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 35 01 00 40000000   jge X32_ABI 0006 (false 0005)
 0005: 35 01 00 00000000   jge read 0007 (false 0006)
 0006: 06 00 00 00050001   ret ERRNO(1)
 0007: 15 00 01 0000012f   jeq name_to_handle_at 0008 (false 0009)
 0008: 06 00 00 7fff0000   ret ALLOW
 0009: 15 3e 00 0000009f   jeq adjtimex 0048 (false 000a)
 000a: 15 3d 00 00000131   jeq clock_adjtime 0048 (false 000b)
 000b: 15 3c 00 000000e3   jeq clock_settime 0048 (false 000c)
 000c: 15 3b 00 000000a4   jeq settimeofday 0048 (false 000d)
 000d: 15 3a 00 0000009a   jeq modify_ldt 0048 (false 000e)
 000e: 15 39 00 000000d4   jeq lookup_dcookie 0048 (false 000f)
 000f: 15 38 00 0000012a   jeq perf_event_open 0048 (false 0010)
 0010: 15 37 00 00000137   jeq process_vm_writev 0048 (false 0011)
 0011: 15 36 00 000000b0   jeq delete_module 0048 (false 0012)
 0012: 15 35 00 00000139   jeq finit_module 0048 (false 0013)
 0013: 15 34 00 000000af   jeq init_module 0048 (false 0014)
 0014: 15 33 00 000000a1   jeq chroot 0048 (false 0015)
 0015: 15 32 00 000000a5   jeq mount 0048 (false 0016)
 0016: 15 31 00 0000009b   jeq pivot_root 0048 (false 0017)
 0017: 15 30 00 000000a6   jeq umount2 0048 (false 0018)
 0018: 15 2f 00 0000009c   jeq _sysctl 0048 (false 0019)
 0019: 15 2e 00 000000b7   jeq afs_syscall 0048 (false 001a)
 001a: 15 2d 00 000000ae   jeq create_module 0048 (false 001b)
 001b: 15 2c 00 000000b1   jeq get_kernel_syms 0048 (false 001c)
 001c: 15 2b 00 000000b5   jeq getpmsg 0048 (false 001d)
 001d: 15 2a 00 000000b6   jeq putpmsg 0048 (false 001e)
 001e: 15 29 00 000000b2   jeq query_module 0048 (false 001f)
 001f: 15 28 00 000000b9   jeq security 0048 (false 0020)
 0020: 15 27 00 0000008b   jeq sysfs 0048 (false 0021)
 0021: 15 26 00 000000b8   jeq tuxcall 0048 (false 0022)
 0022: 15 25 00 00000086   jeq uselib 0048 (false 0023)
 0023: 15 24 00 00000088   jeq ustat 0048 (false 0024)
 0024: 15 23 00 000000ec   jeq vserver 0048 (false 0025)
 0025: 15 22 00 000000ad   jeq ioperm 0048 (false 0026)
 0026: 15 21 00 000000ac   jeq iopl 0048 (false 0027)
 0027: 15 20 00 000000f6   jeq kexec_load 0048 (false 0028)
 0028: 15 1f 00 00000140   jeq kexec_file_load 0048 (false 0029)
 0029: 15 1e 00 000000a9   jeq reboot 0048 (false 002a)
 002a: 15 1d 00 000000a7   jeq swapon 0048 (false 002b)
 002b: 15 1c 00 000000a8   jeq swapoff 0048 (false 002c)
 002c: 15 1b 00 00000130   jeq open_by_handle_at 0048 (false 002d)
 002d: 15 1a 00 0000012f   jeq name_to_handle_at 0048 (false 002e)
 002e: 15 19 00 000000fb   jeq ioprio_set 0048 (false 002f)
 002f: 15 18 00 00000067   jeq syslog 0048 (false 0030)
 0030: 15 17 00 0000012c   jeq fanotify_init 0048 (false 0031)
 0031: 15 16 00 000000f8   jeq add_key 0048 (false 0032)
 0032: 15 15 00 000000f9   jeq request_key 0048 (false 0033)
 0033: 15 14 00 000000ed   jeq mbind 0048 (false 0034)
 0034: 15 13 00 00000100   jeq migrate_pages 0048 (false 0035)
 0035: 15 12 00 00000117   jeq move_pages 0048 (false 0036)
 0036: 15 11 00 000000fa   jeq keyctl 0048 (false 0037)
 0037: 15 10 00 000000ce   jeq io_setup 0048 (false 0038)
 0038: 15 0f 00 000000cf   jeq io_destroy 0048 (false 0039)
 0039: 15 0e 00 000000d0   jeq io_getevents 0048 (false 003a)
 003a: 15 0d 00 000000d1   jeq io_submit 0048 (false 003b)
 003b: 15 0c 00 000000d2   jeq io_cancel 0048 (false 003c)
 003c: 15 0b 00 000000d8   jeq remap_file_pages 0048 (false 003d)
 003d: 15 0a 00 00000143   jeq userfaultfd 0048 (false 003e)
 003e: 15 09 00 000000a3   jeq acct 0048 (false 003f)
 003f: 15 08 00 00000141   jeq bpf 0048 (false 0040)
 0040: 15 07 00 000000b4   jeq nfsservctl 0048 (false 0041)
 0041: 15 06 00 000000ab   jeq setdomainname 0048 (false 0042)
 0042: 15 05 00 000000aa   jeq sethostname 0048 (false 0043)
 0043: 15 04 00 00000099   jeq vhangup 0048 (false 0044)
 0044: 15 03 00 00000065   jeq ptrace 0048 (false 0045)
 0045: 15 02 00 00000087   jeq personality 0048 (false 0046)
 0046: 15 01 00 00000136   jeq process_vm_readv 0048 (false 0047)
 0047: 06 00 00 7fff0000   ret ALLOW
 0048: 06 00 00 00050001   ret ERRNO(1)
seccomp filter configured
Mounting read-only /run/firejail/mnt/seccomp
1759 1218 0:79 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755,inode64
mountid=1759 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs
Seccomp directory:
ls /run/firejail/mnt/seccomp
drwxr-xr-x root     root             160 .
drwxr-xr-x root     root             300 ..
-rw-r--r-- 1000     100              584 seccomp
-rw-r--r-- 1000     100              120 seccomp.block_secondary
-rw-r--r-- 1000     100              127 seccomp.list
-rw-r--r-- 1000     100                0 seccomp.postexec
-rw-r--r-- 1000     100                0 seccomp.postexec32
-rw-r--r-- 1000     100              128 seccomp.protocol
Active seccomp files:
cat /run/firejail/mnt/seccomp/seccomp.list
/run/firejail/mnt/seccomp/seccomp.protocol
/run/firejail/mnt/seccomp/seccomp.block_secondary
/run/firejail/mnt/seccomp/seccomp
Create the new ld.so.preload file
Blacklist violations are logged to syslog
Mount the new ld.so.preload file
Dropping all capabilities
nogroups command not ignored
noroot user namespace installed
Dropping all capabilities
NO_NEW_PRIVS set
Drop privileges: pid 1, uid 1000, gid 100, force_nogroups 0
Warning: logind not detected, nogroups command ignored
Warning: cleaning all supplementary groups
Closing non-standard file descriptors
Starting application
LD_PRELOAD=(null)
execvp argument 0: keepassxc
Child process initialized in 235.61 ms
Searching $PATH for keepassxc
trying #/home/seonwoo/bin/keepassxc#
trying #/usr/local/sbin/keepassxc#
trying #/usr/local/bin/keepassxc#
Installing /run/firejail/mnt/seccomp/seccomp seccomp filter
Installing /run/firejail/mnt/seccomp/seccomp.block_secondary seccomp filter
Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter
monitoring pid 16


(keepassxc:16): dbind-WARNING **: 05:22:16.201: AT-SPI: Error retrieving accessibility bus address: org.freedesktop.DBus.Error.ServiceUnknown: org.freedesktop.DBus.Error.ServiceUnknown
Qt: Session management error: Could not open network socket
YubiKey: Failed to initialize USB interface.

Originally created by @seonwoolee on GitHub (Feb 11, 2022). Original GitHub issue: https://github.com/netblue30/firejail/issues/4928 <!-- See the following links for help with formatting: https://guides.github.com/features/mastering-markdown/ https://docs.github.com/en/github/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax --> ### Description I use KeePassXC to open my KeePass database that is protected with a password, key file, and a challenge-response from my Yubikey. After the version 0.9.68 update, KeePassXC can no longer access my Yubikey when run under firejail. I have verified that it works fine when run without firejail. I saw #4883 and the corresponding PR #4915 to add back `nou2f`. I have tried putting both `ignore nou2f` and `ignore private-dev` in my `~/.config/firejail/keepassxc.local`, but it still doesn't work. I also tried commenting out `private-dev` in `/etc/firejail/keepassxc.profile`, but that didn't work either. I'm not sure where the problem actually is, as that's the only line in `keepassxc.profile` that has changed recently. I assume the problem lies in some other file that `keepass.profile` includes, but I'm not sure which. ### Steps to Reproduce Run `firejail keepassxc`, select my database, and then attempt to select my Yubikey as my hardware key. In the terminal it outputs the error `YubiKey: Failed to initialize USB interface.` (full log at the end) I also tried this without a `globals.local` or a `keepassxc.local`, and it didn't work. I also tried this without a `globals.local` and just `ignore nou2f` in `keepassxc.local`, and it still didn't work. ### Expected behavior KeePassXC can access my Yubikey for Challenge-Response authentication ### Actual behavior KeePassXC cannot find my Yubikey ### Behavior without a profile Terminal output is uneventful and KeePassXC successfully finds my Yubikey. ``` $ LC_ALL=C firejail --noprofile keepassxc Parent pid 220855, child pid 220856 Warning: cannot find /var/run/utmp Child process initialized in 15.33 ms ``` ### Additional context This only started occurring after the 0.9.68 update. ### Environment - Arch Linux ``` firejail version 0.9.68 Compile time support: - always force nonewprivs support is disabled - AppArmor support is enabled - AppImage support is enabled - chroot support is enabled - D-BUS proxy support is enabled - file transfer support is enabled - firetunnel support is enabled - networking support is enabled - output logging is enabled - overlayfs support is disabled - private-home support is enabled - private-cache and tmpfs as user enabled - SELinux support is disabled - user namespace support is enabled - X11 sandboxing support is enabled ``` ### Checklist <!-- Note: Items are checked with an "x", like so: - [x] This is a checked item. --> - [x] The issues is caused by firejail (i.e. running the program by path (e.g. `/usr/bin/vlc`) "fixes" it). - [x] I can reproduce the issue without custom modifications (e.g. globals.local). - [x] The program has a profile. (If not, request one in `https://github.com/netblue30/firejail/issues/1139`) - [x] The profile (and redirect profile if exists) hasn't already been fixed [upstream](https://github.com/netblue30/firejail/tree/master/etc). - [x] I have performed a short search for similar issues (to avoid opening a duplicate). - [x] I'm aware of `browser-allow-drm yes`/`browser-disable-u2f no` in `firejail.config` to allow DRM/U2F in browsers. - [x] I used `--profile=PROFILENAME` to set the right profile. (Only relevant for AppImages) ### Log <details> <summary>Output of <code>LC_ALL=C firejail /path/to/program</code></summary> <p> ``` $ LC_ALL=C firejail keepassxc Reading profile /etc/firejail/keepassxc.profile Reading profile /home/seonwoo/.config/firejail/keepassxc.local Reading profile /home/seonwoo/.config/firejail/globals.local Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-shell.inc Reading profile /etc/firejail/disable-xdg.inc Reading profile /etc/firejail/whitelist-run-common.inc Reading profile /etc/firejail/whitelist-usr-share-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Seccomp list in: !name_to_handle_at, check list: @default-keep, prelist: unknown, Parent pid 216124, child pid 216127 Warning: cannot find /var/run/utmp 3 programs installed in 45.41 ms Warning: skipping alternatives for private /etc Private /etc installed in 5.75 ms Warning: skipping alternatives for private /usr/etc Warning: skipping fonts for private /usr/etc Warning: skipping ld.so.cache for private /usr/etc Warning: skipping ld.so.preload for private /usr/etc Warning: skipping machine-id for private /usr/etc Private /usr/etc installed in 0.12 ms Warning: /sbin directory link was not blacklisted Warning: /usr/sbin directory link was not blacklisted Warning: not remounting /home/seonwoo/.ssh/authorized_keys Warning: not remounting /home/seonwoo/.ssh/config Warning: not remounting /run/user/1000/gvfs Seccomp list in: !name_to_handle_at, check list: @default-keep, prelist: unknown, Blacklist violations are logged to syslog Warning: logind not detected, nogroups command ignored Warning: cleaning all supplementary groups Child process initialized in 237.57 ms (keepassxc:13): dbind-WARNING **: 05:11:35.626: AT-SPI: Error retrieving accessibility bus address: org.freedesktop.DBus.Error.ServiceUnknown: org.freedesktop.DBus.Error.ServiceUnknown Qt: Session management error: Could not open network socket YubiKey: Failed to initialize USB interface. (keepassxc:13): GLib-WARNING **: 05:11:39.049: getpwuid_r(): failed due to unknown user id (1000) (keepassxc:13): dconf-WARNING **: 05:11:42.592: failed to commit changes to dconf: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: org.freedesktop.DBus.Error.ServiceUnknown ``` </p> </details> <details> <summary>Output of <code>LC_ALL=C firejail --debug /path/to/program</code></summary> <p> ``` Autoselecting /bin/bash as shell Building quoted command line: 'keepassxc' Command name #keepassxc# Found keepassxc.profile profile in /etc/firejail directory Reading profile /etc/firejail/keepassxc.profile Found keepassxc.local profile in /home/seonwoo/.config/firejail directory Reading profile /home/seonwoo/.config/firejail/keepassxc.local Found disable-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-common.inc Found disable-devel.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-devel.inc Found disable-exec.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-exec.inc Found disable-interpreters.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-interpreters.inc Found disable-programs.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-programs.inc Found disable-shell.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-shell.inc Found disable-xdg.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-xdg.inc Found whitelist-run-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-run-common.inc Found whitelist-usr-share-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-usr-share-common.inc Found whitelist-var-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-var-common.inc [profile] combined protocol list: "unix" Seccomp list in: !name_to_handle_at, check list: @default-keep, prelist: unknown, DISPLAY=:0.0 parsed as 0 xdg-dbus-proxy arg: unix:path=/run/user/1000/bus xdg-dbus-proxy arg: /run/firejail/dbus/1000/256024-user xdg-dbus-proxy arg: --filter xdg-dbus-proxy arg: --own=org.keepassxc.KeePassXC.* xdg-dbus-proxy arg: --talk=com.canonical.Unity xdg-dbus-proxy arg: --talk=org.freedesktop.ScreenSaver xdg-dbus-proxy arg: --talk=org.gnome.ScreenSaver xdg-dbus-proxy arg: --talk=org.gnome.SessionManager xdg-dbus-proxy arg: --talk=org.xfce.ScreenSaver xdg-dbus-proxy arg: unix:path=/run/dbus/system_bus_socket xdg-dbus-proxy arg: /run/firejail/dbus/1000/256024-system xdg-dbus-proxy arg: --filter xdg-dbus-proxy arg: --talk=org.freedesktop.login1 starting xdg-dbus-proxy sbox exec: /usr/bin/xdg-dbus-proxy --fd=4 --args=5 Dropping all capabilities Drop privileges: pid 256025, uid 1000, gid 100, force_nogroups 1 No supplementary groups xdg-dbus-proxy initialized Parent pid 256024, child pid 256027 Initializing child process PID namespace installed Mounting tmpfs on /run/firejail/mnt directory Creating empty /run/firejail/mnt/seccomp directory Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file sbox run: /run/firejail/lib/fnet ifup lo Set caps filter 3000 Network namespace enabled, only loopback interface available Build protocol filter: unix sbox run: /run/firejail/lib/fseccomp protocol build unix /run/firejail/mnt/seccomp/seccomp.protocol Dropping all capabilities Drop privileges: pid 3, uid 1000, gid 100, force_nogroups 1 No supplementary groups Mounting /proc filesystem representing the PID namespace Basic read-only filesystem: Mounting read-only /etc 1120 541 0:25 /etc /etc ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl mountid=1120 fsname=/etc dir=/etc fstype=zfs Mounting noexec /etc 1121 1120 0:25 /etc /etc ro,nosuid,nodev,noexec,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl mountid=1121 fsname=/etc dir=/etc fstype=zfs Mounting read-only /var 1129 1122 0:55 / /var/lib/nfs/rpc_pipefs rw,relatime master:94 - rpc_pipefs sunrpc rw mountid=1129 fsname=/ dir=/var/lib/nfs/rpc_pipefs fstype=rpc_pipefs Mounting read-only /var/cache 1130 1123 0:43 / /var/cache ro,noatime master:50 - zfs zroot/enc/ephem/no-repl/var/cache rw,xattr,posixacl mountid=1130 fsname=/ dir=/var/cache fstype=zfs Mounting read-only /var/tmp 1131 1125 0:44 / /var/tmp ro,noatime master:54 - zfs zroot/enc/ephem/no-repl/var/tmp rw,xattr,posixacl mountid=1131 fsname=/ dir=/var/tmp fstype=zfs Mounting read-only /var/log 1132 1126 0:45 / /var/log ro,noatime master:56 - zfs zroot/enc/ephem/no-repl/var/log rw,xattr,posixacl mountid=1132 fsname=/ dir=/var/log fstype=zfs Mounting read-only /var/lib/systemd/coredump 1134 1127 0:42 / /var/lib/systemd/coredump ro,noatime master:58 - zfs zroot/enc/ephem/no-repl/coredump rw,xattr,posixacl mountid=1134 fsname=/ dir=/var/lib/systemd/coredump fstype=zfs Mounting read-only /var/lib/docker 1135 1128 0:46 / /var/lib/docker ro,noatime master:62 - zfs zroot/enc/ephem/no-repl/docker rw,xattr,posixacl mountid=1135 fsname=/ dir=/var/lib/docker fstype=zfs Mounting read-only /var/lib/nfs/rpc_pipefs 1136 1129 0:55 / /var/lib/nfs/rpc_pipefs ro,relatime master:94 - rpc_pipefs sunrpc rw mountid=1136 fsname=/ dir=/var/lib/nfs/rpc_pipefs fstype=rpc_pipefs Mounting noexec /var 1149 1148 0:55 / /var/lib/nfs/rpc_pipefs ro,relatime master:94 - rpc_pipefs sunrpc rw mountid=1149 fsname=/ dir=/var/lib/nfs/rpc_pipefs fstype=rpc_pipefs Mounting noexec /var/cache 1150 1139 0:43 / /var/cache ro,nosuid,nodev,noexec,noatime master:50 - zfs zroot/enc/ephem/no-repl/var/cache rw,xattr,posixacl mountid=1150 fsname=/ dir=/var/cache fstype=zfs Mounting noexec /var/tmp 1151 1141 0:44 / /var/tmp ro,nosuid,nodev,noexec,noatime master:54 - zfs zroot/enc/ephem/no-repl/var/tmp rw,xattr,posixacl mountid=1151 fsname=/ dir=/var/tmp fstype=zfs Mounting noexec /var/log 1152 1143 0:45 / /var/log ro,nosuid,nodev,noexec,noatime master:56 - zfs zroot/enc/ephem/no-repl/var/log rw,xattr,posixacl mountid=1152 fsname=/ dir=/var/log fstype=zfs Mounting noexec /var/lib/systemd/coredump 1153 1145 0:42 / /var/lib/systemd/coredump ro,nosuid,nodev,noexec,noatime master:58 - zfs zroot/enc/ephem/no-repl/coredump rw,xattr,posixacl mountid=1153 fsname=/ dir=/var/lib/systemd/coredump fstype=zfs Mounting noexec /var/lib/docker 1154 1147 0:46 / /var/lib/docker ro,nosuid,nodev,noexec,noatime master:62 - zfs zroot/enc/ephem/no-repl/docker rw,xattr,posixacl mountid=1154 fsname=/ dir=/var/lib/docker fstype=zfs Mounting noexec /var/lib/nfs/rpc_pipefs 1155 1149 0:55 / /var/lib/nfs/rpc_pipefs ro,nosuid,nodev,noexec,relatime master:94 - rpc_pipefs sunrpc rw mountid=1155 fsname=/ dir=/var/lib/nfs/rpc_pipefs fstype=rpc_pipefs Mounting read-only /usr 1158 1156 0:47 / /usr/local/texlive rw,noatime master:66 - zfs zroot/enc/ephem/local-repl/texlive rw,xattr,posixacl mountid=1158 fsname=/ dir=/usr/local/texlive fstype=zfs Mounting read-only /usr/local/texlive 1160 1158 0:47 / /usr/local/texlive ro,noatime master:66 - zfs zroot/enc/ephem/local-repl/texlive rw,xattr,posixacl mountid=1160 fsname=/ dir=/usr/local/texlive fstype=zfs Mounting tmpfs on /var/lock Mounting tmpfs on /var/tmp Mounting tmpfs on /var/log Warning: cannot find /var/run/utmp Generating a new machine-id installing a new /etc/machine-id Cleaning /home directory Cleaning /run/user directory Sanitizing /etc/passwd, UID_MIN 1000 Sanitizing /etc/group, GID_MIN 1000 Disable /home/seonwoo/.config/firejail Disable /run/firejail/network Disable /run/firejail/bandwidth Disable /run/firejail/name Disable /run/firejail/profile Disable /run/firejail/x11 Copying files in the new bin directory Checking /usr/local/bin/keepassxc Checking /usr/bin/keepassxc sbox run: /run/firejail/lib/fcopy /usr/bin/keepassxc /run/firejail/mnt/bin Checking /usr/local/bin/keepassxc-cli Checking /usr/bin/keepassxc-cli sbox run: /run/firejail/lib/fcopy /usr/bin/keepassxc-cli /run/firejail/mnt/bin Checking /usr/local/bin/keepassxc-proxy Checking /usr/bin/keepassxc-proxy sbox run: /run/firejail/lib/fcopy /usr/bin/keepassxc-proxy /run/firejail/mnt/bin Mount-bind /run/firejail/mnt/bin on top of /usr/local/bin Mount-bind /run/firejail/mnt/bin on top of /usr/bin Mount-bind /run/firejail/mnt/bin on top of /bin Mount-bind /run/firejail/mnt/bin on top of /usr/local/games Mount-bind /run/firejail/mnt/bin on top of /usr/local/sbin Mount-bind /run/firejail/mnt/bin on top of /usr/sbin Mount-bind /run/firejail/mnt/bin on top of /sbin 3 programs installed in 41.01 ms Generate private-tmp whitelist commands Creating empty /run/firejail/mnt/dbus directory Creating empty /run/firejail/mnt/dbus/user file blacklist /run/user/1000/bus Creating empty /run/firejail/mnt/dbus/system file blacklist /run/dbus/system_bus_socket blacklist /run/firejail/dbus Mounting read-only /proc/sys Remounting /sys directory Disable /sys/firmware Disable /sys/hypervisor Disable /sys/power Disable /proc/sys/fs/binfmt_misc Disable /proc/sys/kernel/core_pattern Disable /proc/sys/kernel/modprobe Disable /proc/sysrq-trigger Disable /proc/sys/vm/panic_on_oom Disable /proc/irq Disable /proc/bus Disable /proc/timer_list Disable /proc/kallsyms Disable /usr/lib/modules/5.16.8-arch1-1/build (requested /usr/src/linux) Disable /usr/lib/modules (requested /lib/modules) Disable /boot Disable /run/user/1000/gnupg Disable /run/user/1000/systemd Disable /dev/kmsg Disable /proc/kmsg Copying files in the new /etc directory: Warning: file /etc/alternatives not found. Warning: skipping alternatives for private /etc Copying /etc/fonts to private /etc Creating empty /run/firejail/mnt/etc/fonts directory sbox run: /run/firejail/lib/fcopy --follow-link /etc/fonts /run/firejail/mnt/etc/fonts Copying /etc/ld.so.cache to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/ld.so.cache /run/firejail/mnt/etc Copying /etc/ld.so.preload to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/ld.so.preload /run/firejail/mnt/etc Copying /etc/machine-id to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/machine-id /run/firejail/mnt/etc Mount-bind /run/firejail/mnt/etc on top of /etc Private /etc installed in 5.66 ms Copying files in the new /usr/etc directory: Warning: file /usr/etc/alternatives not found. Warning: skipping alternatives for private /usr/etc Warning: file /usr/etc/fonts not found. Warning: skipping fonts for private /usr/etc Warning: file /usr/etc/ld.so.cache not found. Warning: skipping ld.so.cache for private /usr/etc Warning: file /usr/etc/ld.so.preload not found. Warning: skipping ld.so.preload for private /usr/etc Warning: file /usr/etc/machine-id not found. Warning: skipping machine-id for private /usr/etc Mount-bind /run/firejail/mnt/usretc on top of /usr/etc Private /usr/etc installed in 0.14 ms Debug 558: whitelist /usr/share/keepassxc Debug 579: expanded: /usr/share/keepassxc Debug 590: new_name: /usr/share/keepassxc Debug 604: dir: /usr/share Adding whitelist top level directory /usr/share Debug 558: whitelist /run/NetworkManager/resolv.conf Debug 579: expanded: /run/NetworkManager/resolv.conf Debug 590: new_name: /run/NetworkManager/resolv.conf Debug 604: dir: /run Adding whitelist top level directory /run Removed path: whitelist /run/NetworkManager/resolv.conf new_name: /run/NetworkManager/resolv.conf realpath: (null) No such file or directory Debug 558: whitelist /run/cups/cups.sock Debug 579: expanded: /run/cups/cups.sock Debug 590: new_name: /run/cups/cups.sock Debug 604: dir: /run Debug 558: whitelist /run/dbus/system_bus_socket Debug 579: expanded: /run/dbus/system_bus_socket Debug 590: new_name: /run/dbus/system_bus_socket Debug 604: dir: /run Debug 558: whitelist /run/media Debug 579: expanded: /run/media Debug 590: new_name: /run/media Debug 604: dir: /run Removed path: whitelist /run/media new_name: /run/media realpath: (null) No such file or directory Debug 558: whitelist /run/resolvconf/resolv.conf Debug 579: expanded: /run/resolvconf/resolv.conf Debug 590: new_name: /run/resolvconf/resolv.conf Debug 604: dir: /run Removed path: whitelist /run/resolvconf/resolv.conf new_name: /run/resolvconf/resolv.conf realpath: (null) No such file or directory Debug 558: whitelist /run/shm Debug 579: expanded: /run/shm Debug 590: new_name: /run/shm Debug 604: dir: /run Removed path: whitelist /run/shm new_name: /run/shm realpath: (null) No such file or directory Debug 558: whitelist /run/systemd/journal/dev-log Debug 579: expanded: /run/systemd/journal/dev-log Debug 590: new_name: /run/systemd/journal/dev-log Debug 604: dir: /run Debug 558: whitelist /run/systemd/journal/socket Debug 579: expanded: /run/systemd/journal/socket Debug 590: new_name: /run/systemd/journal/socket Debug 604: dir: /run Debug 558: whitelist /run/systemd/resolve/resolv.conf Debug 579: expanded: /run/systemd/resolve/resolv.conf Debug 590: new_name: /run/systemd/resolve/resolv.conf Debug 604: dir: /run Removed path: whitelist /run/systemd/resolve/resolv.conf new_name: /run/systemd/resolve/resolv.conf realpath: (null) No such file or directory Debug 558: whitelist /run/systemd/resolve/stub-resolv.conf Debug 579: expanded: /run/systemd/resolve/stub-resolv.conf Debug 590: new_name: /run/systemd/resolve/stub-resolv.conf Debug 604: dir: /run Removed path: whitelist /run/systemd/resolve/stub-resolv.conf new_name: /run/systemd/resolve/stub-resolv.conf realpath: (null) No such file or directory Debug 558: whitelist /run/udev/data Debug 579: expanded: /run/udev/data Debug 590: new_name: /run/udev/data Debug 604: dir: /run Debug 558: whitelist /usr/share/alsa Debug 579: expanded: /usr/share/alsa Debug 590: new_name: /usr/share/alsa Debug 604: dir: /usr/share Debug 558: whitelist /usr/share/applications Debug 579: expanded: /usr/share/applications Debug 590: new_name: /usr/share/applications Debug 604: dir: /usr/share Debug 558: whitelist /usr/share/ca-certificates Debug 579: expanded: /usr/share/ca-certificates Debug 590: new_name: /usr/share/ca-certificates Debug 604: dir: /usr/share Debug 558: whitelist /usr/share/crypto-policies Debug 579: expanded: /usr/share/crypto-policies Debug 590: new_name: /usr/share/crypto-policies Debug 604: dir: /usr/share Removed path: whitelist /usr/share/crypto-policies new_name: /usr/share/crypto-policies realpath: (null) No such file or directory Debug 558: whitelist /usr/share/cursors Debug 579: expanded: /usr/share/cursors Debug 590: new_name: /usr/share/cursors Debug 604: dir: /usr/share Removed path: whitelist /usr/share/cursors new_name: /usr/share/cursors realpath: (null) No such file or directory Debug 558: whitelist /usr/share/dconf Debug 579: expanded: /usr/share/dconf Debug 590: new_name: /usr/share/dconf Debug 604: dir: /usr/share Removed path: whitelist /usr/share/dconf new_name: /usr/share/dconf realpath: (null) No such file or directory Debug 558: whitelist /usr/share/distro-info Debug 579: expanded: /usr/share/distro-info Debug 590: new_name: /usr/share/distro-info Debug 604: dir: /usr/share Removed path: whitelist /usr/share/distro-info new_name: /usr/share/distro-info realpath: (null) No such file or directory Debug 558: whitelist /usr/share/drirc.d Debug 579: expanded: /usr/share/drirc.d Debug 590: new_name: /usr/share/drirc.d Debug 604: dir: /usr/share Debug 558: whitelist /usr/share/egl Debug 579: expanded: /usr/share/egl Debug 590: new_name: /usr/share/egl Debug 604: dir: /usr/share Debug 558: whitelist /usr/share/enchant Debug 579: expanded: /usr/share/enchant Debug 590: new_name: /usr/share/enchant Debug 604: dir: /usr/share Debug 558: whitelist /usr/share/enchant-2 Debug 579: expanded: /usr/share/enchant-2 Debug 590: new_name: /usr/share/enchant-2 Debug 604: dir: /usr/share Removed path: whitelist /usr/share/enchant-2 new_name: /usr/share/enchant-2 realpath: (null) No such file or directory Debug 558: whitelist /usr/share/file Debug 579: expanded: /usr/share/file Debug 590: new_name: /usr/share/file Debug 604: dir: /usr/share Debug 558: whitelist /usr/share/fontconfig Debug 579: expanded: /usr/share/fontconfig Debug 590: new_name: /usr/share/fontconfig Debug 604: dir: /usr/share Debug 558: whitelist /usr/share/fonts Debug 579: expanded: /usr/share/fonts Debug 590: new_name: /usr/share/fonts Debug 604: dir: /usr/share Debug 558: whitelist /usr/share/fonts-config Debug 579: expanded: /usr/share/fonts-config Debug 590: new_name: /usr/share/fonts-config Debug 604: dir: /usr/share Removed path: whitelist /usr/share/fonts-config new_name: /usr/share/fonts-config realpath: (null) No such file or directory Debug 558: whitelist /usr/share/gir-1.0 Debug 579: expanded: /usr/share/gir-1.0 Debug 590: new_name: /usr/share/gir-1.0 Debug 604: dir: /usr/share Debug 558: whitelist /usr/share/gjs-1.0 Debug 579: expanded: /usr/share/gjs-1.0 Debug 590: new_name: /usr/share/gjs-1.0 Debug 604: dir: /usr/share Removed path: whitelist /usr/share/gjs-1.0 new_name: /usr/share/gjs-1.0 realpath: (null) No such file or directory Debug 558: whitelist /usr/share/glib-2.0 Debug 579: expanded: /usr/share/glib-2.0 Debug 590: new_name: /usr/share/glib-2.0 Debug 604: dir: /usr/share Debug 558: whitelist /usr/share/glvnd Debug 579: expanded: /usr/share/glvnd Debug 590: new_name: /usr/share/glvnd Debug 604: dir: /usr/share Debug 558: whitelist /usr/share/gtk-2.0 Debug 579: expanded: /usr/share/gtk-2.0 Debug 590: new_name: /usr/share/gtk-2.0 Debug 604: dir: /usr/share Debug 558: whitelist /usr/share/gtk-3.0 Debug 579: expanded: /usr/share/gtk-3.0 Debug 590: new_name: /usr/share/gtk-3.0 Debug 604: dir: /usr/share Debug 558: whitelist /usr/share/gtk-engines Debug 579: expanded: /usr/share/gtk-engines Debug 590: new_name: /usr/share/gtk-engines Debug 604: dir: /usr/share Removed path: whitelist /usr/share/gtk-engines new_name: /usr/share/gtk-engines realpath: (null) No such file or directory Debug 558: whitelist /usr/share/gtksourceview-3.0 Debug 579: expanded: /usr/share/gtksourceview-3.0 Debug 590: new_name: /usr/share/gtksourceview-3.0 Debug 604: dir: /usr/share Removed path: whitelist /usr/share/gtksourceview-3.0 new_name: /usr/share/gtksourceview-3.0 realpath: (null) No such file or directory Debug 558: whitelist /usr/share/gtksourceview-4 Debug 579: expanded: /usr/share/gtksourceview-4 Debug 590: new_name: /usr/share/gtksourceview-4 Debug 604: dir: /usr/share Debug 558: whitelist /usr/share/hunspell Debug 579: expanded: /usr/share/hunspell Debug 590: new_name: /usr/share/hunspell Debug 604: dir: /usr/share Debug 558: whitelist /usr/share/hwdata Debug 579: expanded: /usr/share/hwdata Debug 590: new_name: /usr/share/hwdata Debug 604: dir: /usr/share Debug 558: whitelist /usr/share/icons Debug 579: expanded: /usr/share/icons Debug 590: new_name: /usr/share/icons Debug 604: dir: /usr/share Debug 558: whitelist /usr/share/icu Debug 579: expanded: /usr/share/icu Debug 590: new_name: /usr/share/icu Debug 604: dir: /usr/share Debug 558: whitelist /usr/share/knotifications5 Debug 579: expanded: /usr/share/knotifications5 Debug 590: new_name: /usr/share/knotifications5 Debug 604: dir: /usr/share Removed path: whitelist /usr/share/knotifications5 new_name: /usr/share/knotifications5 realpath: (null) No such file or directory Debug 558: whitelist /usr/share/kservices5 Debug 579: expanded: /usr/share/kservices5 Debug 590: new_name: /usr/share/kservices5 Debug 604: dir: /usr/share Debug 558: whitelist /usr/share/Kvantum Debug 579: expanded: /usr/share/Kvantum Debug 590: new_name: /usr/share/Kvantum Debug 604: dir: /usr/share Removed path: whitelist /usr/share/Kvantum new_name: /usr/share/Kvantum realpath: (null) No such file or directory Debug 558: whitelist /usr/share/kxmlgui5 Debug 579: expanded: /usr/share/kxmlgui5 Debug 590: new_name: /usr/share/kxmlgui5 Debug 604: dir: /usr/share Removed path: whitelist /usr/share/kxmlgui5 new_name: /usr/share/kxmlgui5 realpath: (null) No such file or directory Debug 558: whitelist /usr/share/libdrm Debug 579: expanded: /usr/share/libdrm Debug 590: new_name: /usr/share/libdrm Debug 604: dir: /usr/share Debug 558: whitelist /usr/share/libthai Debug 579: expanded: /usr/share/libthai Debug 590: new_name: /usr/share/libthai Debug 604: dir: /usr/share Debug 558: whitelist /usr/share/locale Debug 579: expanded: /usr/share/locale Debug 590: new_name: /usr/share/locale Debug 604: dir: /usr/share Debug 558: whitelist /usr/share/mime Debug 579: expanded: /usr/share/mime Debug 590: new_name: /usr/share/mime Debug 604: dir: /usr/share Debug 558: whitelist /usr/share/misc Debug 579: expanded: /usr/share/misc Debug 590: new_name: /usr/share/misc Debug 604: dir: /usr/share Debug 558: whitelist /usr/share/Modules Debug 579: expanded: /usr/share/Modules Debug 590: new_name: /usr/share/Modules Debug 604: dir: /usr/share Removed path: whitelist /usr/share/Modules new_name: /usr/share/Modules realpath: (null) No such file or directory Debug 558: whitelist /usr/share/myspell Debug 579: expanded: /usr/share/myspell Debug 590: new_name: /usr/share/myspell Debug 604: dir: /usr/share Debug 558: whitelist /usr/share/p11-kit Debug 579: expanded: /usr/share/p11-kit Debug 590: new_name: /usr/share/p11-kit Debug 604: dir: /usr/share Debug 558: whitelist /usr/share/perl Debug 579: expanded: /usr/share/perl Debug 590: new_name: /usr/share/perl Debug 604: dir: /usr/share Removed path: whitelist /usr/share/perl new_name: /usr/share/perl realpath: (null) No such file or directory Debug 558: whitelist /usr/share/perl5 Debug 579: expanded: /usr/share/perl5 Debug 590: new_name: /usr/share/perl5 Debug 604: dir: /usr/share Debug 558: whitelist /usr/share/pipewire Debug 579: expanded: /usr/share/pipewire Debug 590: new_name: /usr/share/pipewire Debug 604: dir: /usr/share Debug 558: whitelist /usr/share/pixmaps Debug 579: expanded: /usr/share/pixmaps Debug 590: new_name: /usr/share/pixmaps Debug 604: dir: /usr/share Debug 558: whitelist /usr/share/pki Debug 579: expanded: /usr/share/pki Debug 590: new_name: /usr/share/pki Debug 604: dir: /usr/share Removed path: whitelist /usr/share/pki new_name: /usr/share/pki realpath: (null) No such file or directory Debug 558: whitelist /usr/share/plasma Debug 579: expanded: /usr/share/plasma Debug 590: new_name: /usr/share/plasma Debug 604: dir: /usr/share Removed path: whitelist /usr/share/plasma new_name: /usr/share/plasma realpath: (null) No such file or directory Debug 558: whitelist /usr/share/publicsuffix Debug 579: expanded: /usr/share/publicsuffix Debug 590: new_name: /usr/share/publicsuffix Debug 604: dir: /usr/share Removed path: whitelist /usr/share/publicsuffix new_name: /usr/share/publicsuffix realpath: (null) No such file or directory Debug 558: whitelist /usr/share/qt Debug 579: expanded: /usr/share/qt Debug 590: new_name: /usr/share/qt Debug 604: dir: /usr/share Debug 558: whitelist /usr/share/qt4 Debug 579: expanded: /usr/share/qt4 Debug 590: new_name: /usr/share/qt4 Debug 604: dir: /usr/share Removed path: whitelist /usr/share/qt4 new_name: /usr/share/qt4 realpath: (null) No such file or directory Debug 558: whitelist /usr/share/qt5 Debug 579: expanded: /usr/share/qt5 Debug 590: new_name: /usr/share/qt5 Debug 604: dir: /usr/share Removed path: whitelist /usr/share/qt5 new_name: /usr/share/qt5 realpath: (null) No such file or directory Debug 558: whitelist /usr/share/qt5ct Debug 579: expanded: /usr/share/qt5ct Debug 590: new_name: /usr/share/qt5ct Debug 604: dir: /usr/share Removed path: whitelist /usr/share/qt5ct new_name: /usr/share/qt5ct realpath: (null) No such file or directory Debug 558: whitelist /usr/share/sounds Debug 579: expanded: /usr/share/sounds Debug 590: new_name: /usr/share/sounds Debug 604: dir: /usr/share Debug 558: whitelist /usr/share/tcl8.6 Debug 579: expanded: /usr/share/tcl8.6 Debug 590: new_name: /usr/share/tcl8.6 Debug 604: dir: /usr/share Removed path: whitelist /usr/share/tcl8.6 new_name: /usr/share/tcl8.6 realpath: (null) No such file or directory Debug 558: whitelist /usr/share/tcltk Debug 579: expanded: /usr/share/tcltk Debug 590: new_name: /usr/share/tcltk Debug 604: dir: /usr/share Removed path: whitelist /usr/share/tcltk new_name: /usr/share/tcltk realpath: (null) No such file or directory Debug 558: whitelist /usr/share/terminfo Debug 579: expanded: /usr/share/terminfo Debug 590: new_name: /usr/share/terminfo Debug 604: dir: /usr/share Debug 558: whitelist /usr/share/texlive Debug 579: expanded: /usr/share/texlive Debug 590: new_name: /usr/share/texlive Debug 604: dir: /usr/share Removed path: whitelist /usr/share/texlive new_name: /usr/share/texlive realpath: (null) No such file or directory Debug 558: whitelist /usr/share/texmf Debug 579: expanded: /usr/share/texmf Debug 590: new_name: /usr/share/texmf Debug 604: dir: /usr/share Removed path: whitelist /usr/share/texmf new_name: /usr/share/texmf realpath: (null) No such file or directory Debug 558: whitelist /usr/share/themes Debug 579: expanded: /usr/share/themes Debug 590: new_name: /usr/share/themes Debug 604: dir: /usr/share Debug 558: whitelist /usr/share/thumbnail.so Debug 579: expanded: /usr/share/thumbnail.so Debug 590: new_name: /usr/share/thumbnail.so Debug 604: dir: /usr/share Removed path: whitelist /usr/share/thumbnail.so new_name: /usr/share/thumbnail.so realpath: (null) No such file or directory Debug 558: whitelist /usr/share/uim Debug 579: expanded: /usr/share/uim Debug 590: new_name: /usr/share/uim Debug 604: dir: /usr/share Removed path: whitelist /usr/share/uim new_name: /usr/share/uim realpath: (null) No such file or directory Debug 558: whitelist /usr/share/vulkan Debug 579: expanded: /usr/share/vulkan Debug 590: new_name: /usr/share/vulkan Debug 604: dir: /usr/share Debug 558: whitelist /usr/share/X11 Debug 579: expanded: /usr/share/X11 Debug 590: new_name: /usr/share/X11 Debug 604: dir: /usr/share Debug 558: whitelist /usr/share/xml Debug 579: expanded: /usr/share/xml Debug 590: new_name: /usr/share/xml Debug 604: dir: /usr/share Debug 558: whitelist /usr/share/zenity Debug 579: expanded: /usr/share/zenity Debug 590: new_name: /usr/share/zenity Debug 604: dir: /usr/share Debug 558: whitelist /usr/share/zoneinfo Debug 579: expanded: /usr/share/zoneinfo Debug 590: new_name: /usr/share/zoneinfo Debug 604: dir: /usr/share Debug 558: whitelist /var/lib/aspell Debug 579: expanded: /var/lib/aspell Debug 590: new_name: /var/lib/aspell Debug 604: dir: /var Adding whitelist top level directory /var Removed path: whitelist /var/lib/aspell new_name: /var/lib/aspell realpath: (null) No such file or directory Debug 558: whitelist /var/lib/ca-certificates Debug 579: expanded: /var/lib/ca-certificates Debug 590: new_name: /var/lib/ca-certificates Debug 604: dir: /var Removed path: whitelist /var/lib/ca-certificates new_name: /var/lib/ca-certificates realpath: (null) No such file or directory Debug 558: whitelist /var/lib/dbus Debug 579: expanded: /var/lib/dbus Debug 590: new_name: /var/lib/dbus Debug 604: dir: /var Debug 558: whitelist /var/lib/menu-xdg Debug 579: expanded: /var/lib/menu-xdg Debug 590: new_name: /var/lib/menu-xdg Debug 604: dir: /var Removed path: whitelist /var/lib/menu-xdg new_name: /var/lib/menu-xdg realpath: (null) No such file or directory Debug 558: whitelist /var/lib/uim Debug 579: expanded: /var/lib/uim Debug 590: new_name: /var/lib/uim Debug 604: dir: /var Removed path: whitelist /var/lib/uim new_name: /var/lib/uim realpath: (null) No such file or directory Debug 558: whitelist /var/cache/fontconfig Debug 579: expanded: /var/cache/fontconfig Debug 590: new_name: /var/cache/fontconfig Debug 604: dir: /var Debug 558: whitelist /var/tmp Debug 579: expanded: /var/tmp Debug 590: new_name: /var/tmp Debug 604: dir: /var Debug 558: whitelist /var/run Debug 579: expanded: /var/run Debug 590: new_name: /var/run Debug 604: dir: /var Debug 558: whitelist /var/lock Debug 579: expanded: /var/lock Debug 590: new_name: /var/lock Debug 604: dir: /var Debug 558: whitelist /tmp/.X11-unix Debug 579: expanded: /tmp/.X11-unix Debug 590: new_name: /tmp/.X11-unix Debug 604: dir: /tmp Adding whitelist top level directory /tmp Debug 558: whitelist /tmp/sndio Debug 579: expanded: /tmp/sndio Debug 590: new_name: /tmp/sndio Debug 604: dir: /tmp Removed path: whitelist /tmp/sndio new_name: /tmp/sndio realpath: (null) No such file or directory Mounting tmpfs on /usr/share, check owner: no 1213 1156 0:89 / /usr/share rw,nosuid,nodev,relatime - tmpfs tmpfs rw,mode=755,inode64 mountid=1213 fsname=/ dir=/usr/share fstype=tmpfs Mounting tmpfs on /run, check owner: no 1214 1067 0:90 / /run rw,nosuid,nodev,relatime - tmpfs tmpfs rw,mode=755,inode64 mountid=1214 fsname=/ dir=/run fstype=tmpfs Whitelisting /run/user/1000 1236 1232 0:23 /firejail/firejail.ro.dir /run/user/1000/systemd rw,nosuid,nodev,relatime master:15 - tmpfs run rw,mode=755,inode64 mountid=1236 fsname=/firejail/firejail.ro.dir dir=/run/user/1000/systemd fstype=tmpfs Mounting tmpfs on /var, check owner: no 1237 1137 0:130 / /var rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,mode=755,inode64 mountid=1237 fsname=/ dir=/var fstype=tmpfs Mounting tmpfs on /tmp, check owner: no 1238 1084 0:133 / /tmp rw,nosuid,nodev,noatime - tmpfs tmpfs rw,inode64 mountid=1238 fsname=/ dir=/tmp fstype=tmpfs Debug 739: file: /usr/share/keepassxc; dirfd: 5; topdir: /usr/share; rel: keepassxc Whitelisting /usr/share/keepassxc 1239 1213 0:25 /usr/share/keepassxc /usr/share/keepassxc ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl mountid=1239 fsname=/usr/share/keepassxc dir=/usr/share/keepassxc fstype=zfs Debug 739: file: /run/cups/cups.sock; dirfd: 6; topdir: /run; rel: cups/cups.sock Whitelisting /run/cups/cups.sock 1240 1214 0:23 /cups/cups.sock /run/cups/cups.sock rw,nosuid,nodev,relatime master:15 - tmpfs run rw,mode=755,inode64 mountid=1240 fsname=/cups/cups.sock dir=/run/cups/cups.sock fstype=tmpfs Debug 739: file: /run/dbus/system_bus_socket; dirfd: 6; topdir: /run; rel: dbus/system_bus_socket Whitelisting /run/dbus/system_bus_socket 1241 1214 0:23 /firejail/firejail.ro.file /run/dbus/system_bus_socket rw,nosuid,nodev,relatime master:15 - tmpfs run rw,mode=755,inode64 mountid=1241 fsname=/firejail/firejail.ro.file dir=/run/dbus/system_bus_socket fstype=tmpfs Debug 739: file: /run/systemd/journal/dev-log; dirfd: 6; topdir: /run; rel: systemd/journal/dev-log Whitelisting /run/systemd/journal/dev-log 1242 1214 0:23 /systemd/journal/dev-log /run/systemd/journal/dev-log rw,nosuid,nodev,relatime master:15 - tmpfs run rw,mode=755,inode64 mountid=1242 fsname=/systemd/journal/dev-log dir=/run/systemd/journal/dev-log fstype=tmpfs Debug 739: file: /run/systemd/journal/socket; dirfd: 6; topdir: /run; rel: systemd/journal/socket Whitelisting /run/systemd/journal/socket 1243 1214 0:23 /systemd/journal/socket /run/systemd/journal/socket rw,nosuid,nodev,relatime master:15 - tmpfs run rw,mode=755,inode64 mountid=1243 fsname=/systemd/journal/socket dir=/run/systemd/journal/socket fstype=tmpfs Debug 739: file: /run/udev/data; dirfd: 6; topdir: /run; rel: udev/data Whitelisting /run/udev/data 1244 1214 0:23 /udev/data /run/udev/data rw,nosuid,nodev,relatime master:15 - tmpfs run rw,mode=755,inode64 mountid=1244 fsname=/udev/data dir=/run/udev/data fstype=tmpfs Debug 739: file: /usr/share/alsa; dirfd: 5; topdir: /usr/share; rel: alsa Whitelisting /usr/share/alsa 1245 1213 0:25 /usr/share/alsa /usr/share/alsa ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl mountid=1245 fsname=/usr/share/alsa dir=/usr/share/alsa fstype=zfs Debug 739: file: /usr/share/applications; dirfd: 5; topdir: /usr/share; rel: applications Whitelisting /usr/share/applications 1246 1213 0:25 /usr/share/applications /usr/share/applications ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl mountid=1246 fsname=/usr/share/applications dir=/usr/share/applications fstype=zfs Debug 739: file: /usr/share/ca-certificates; dirfd: 5; topdir: /usr/share; rel: ca-certificates Whitelisting /usr/share/ca-certificates 1247 1213 0:25 /usr/share/ca-certificates /usr/share/ca-certificates ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl mountid=1247 fsname=/usr/share/ca-certificates dir=/usr/share/ca-certificates fstype=zfs Debug 739: file: /usr/share/drirc.d; dirfd: 5; topdir: /usr/share; rel: drirc.d Whitelisting /usr/share/drirc.d 1248 1213 0:25 /usr/share/drirc.d /usr/share/drirc.d ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl mountid=1248 fsname=/usr/share/drirc.d dir=/usr/share/drirc.d fstype=zfs Debug 739: file: /usr/share/egl; dirfd: 5; topdir: /usr/share; rel: egl Whitelisting /usr/share/egl 1249 1213 0:25 /usr/share/egl /usr/share/egl ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl mountid=1249 fsname=/usr/share/egl dir=/usr/share/egl fstype=zfs Debug 739: file: /usr/share/enchant; dirfd: 5; topdir: /usr/share; rel: enchant Whitelisting /usr/share/enchant 1250 1213 0:25 /usr/share/enchant /usr/share/enchant ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl mountid=1250 fsname=/usr/share/enchant dir=/usr/share/enchant fstype=zfs Debug 739: file: /usr/share/file; dirfd: 5; topdir: /usr/share; rel: file Whitelisting /usr/share/file 1251 1213 0:25 /usr/share/file /usr/share/file ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl mountid=1251 fsname=/usr/share/file dir=/usr/share/file fstype=zfs Debug 739: file: /usr/share/fontconfig; dirfd: 5; topdir: /usr/share; rel: fontconfig Whitelisting /usr/share/fontconfig 1252 1213 0:25 /usr/share/fontconfig /usr/share/fontconfig ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl mountid=1252 fsname=/usr/share/fontconfig dir=/usr/share/fontconfig fstype=zfs Debug 739: file: /usr/share/fonts; dirfd: 5; topdir: /usr/share; rel: fonts Whitelisting /usr/share/fonts 1253 1213 0:25 /usr/share/fonts /usr/share/fonts ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl mountid=1253 fsname=/usr/share/fonts dir=/usr/share/fonts fstype=zfs Debug 739: file: /usr/share/gir-1.0; dirfd: 5; topdir: /usr/share; rel: gir-1.0 Whitelisting /usr/share/gir-1.0 1254 1213 0:25 /usr/share/gir-1.0 /usr/share/gir-1.0 ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl mountid=1254 fsname=/usr/share/gir-1.0 dir=/usr/share/gir-1.0 fstype=zfs Debug 739: file: /usr/share/glib-2.0; dirfd: 5; topdir: /usr/share; rel: glib-2.0 Whitelisting /usr/share/glib-2.0 1255 1213 0:25 /usr/share/glib-2.0 /usr/share/glib-2.0 ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl mountid=1255 fsname=/usr/share/glib-2.0 dir=/usr/share/glib-2.0 fstype=zfs Debug 739: file: /usr/share/glvnd; dirfd: 5; topdir: /usr/share; rel: glvnd Whitelisting /usr/share/glvnd 1256 1213 0:25 /usr/share/glvnd /usr/share/glvnd ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl mountid=1256 fsname=/usr/share/glvnd dir=/usr/share/glvnd fstype=zfs Debug 739: file: /usr/share/gtk-2.0; dirfd: 5; topdir: /usr/share; rel: gtk-2.0 Whitelisting /usr/share/gtk-2.0 1257 1213 0:25 /usr/share/gtk-2.0 /usr/share/gtk-2.0 ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl mountid=1257 fsname=/usr/share/gtk-2.0 dir=/usr/share/gtk-2.0 fstype=zfs Debug 739: file: /usr/share/gtk-3.0; dirfd: 5; topdir: /usr/share; rel: gtk-3.0 Whitelisting /usr/share/gtk-3.0 1258 1213 0:25 /usr/share/gtk-3.0 /usr/share/gtk-3.0 ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl mountid=1258 fsname=/usr/share/gtk-3.0 dir=/usr/share/gtk-3.0 fstype=zfs Debug 739: file: /usr/share/gtksourceview-4; dirfd: 5; topdir: /usr/share; rel: gtksourceview-4 Whitelisting /usr/share/gtksourceview-4 1259 1213 0:25 /usr/share/gtksourceview-4 /usr/share/gtksourceview-4 ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl mountid=1259 fsname=/usr/share/gtksourceview-4 dir=/usr/share/gtksourceview-4 fstype=zfs Debug 739: file: /usr/share/hunspell; dirfd: 5; topdir: /usr/share; rel: hunspell Whitelisting /usr/share/hunspell 1260 1213 0:25 /usr/share/hunspell /usr/share/hunspell ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl mountid=1260 fsname=/usr/share/hunspell dir=/usr/share/hunspell fstype=zfs Debug 739: file: /usr/share/hwdata; dirfd: 5; topdir: /usr/share; rel: hwdata Whitelisting /usr/share/hwdata 1261 1213 0:25 /usr/share/hwdata /usr/share/hwdata ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl mountid=1261 fsname=/usr/share/hwdata dir=/usr/share/hwdata fstype=zfs Debug 739: file: /usr/share/icons; dirfd: 5; topdir: /usr/share; rel: icons Whitelisting /usr/share/icons 1262 1213 0:25 /usr/share/icons /usr/share/icons ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl mountid=1262 fsname=/usr/share/icons dir=/usr/share/icons fstype=zfs Debug 739: file: /usr/share/icu; dirfd: 5; topdir: /usr/share; rel: icu Whitelisting /usr/share/icu 1263 1213 0:25 /usr/share/icu /usr/share/icu ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl mountid=1263 fsname=/usr/share/icu dir=/usr/share/icu fstype=zfs Debug 739: file: /usr/share/kservices5; dirfd: 5; topdir: /usr/share; rel: kservices5 Whitelisting /usr/share/kservices5 1264 1213 0:25 /usr/share/kservices5 /usr/share/kservices5 ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl mountid=1264 fsname=/usr/share/kservices5 dir=/usr/share/kservices5 fstype=zfs Debug 739: file: /usr/share/libdrm; dirfd: 5; topdir: /usr/share; rel: libdrm Whitelisting /usr/share/libdrm 1265 1213 0:25 /usr/share/libdrm /usr/share/libdrm ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl mountid=1265 fsname=/usr/share/libdrm dir=/usr/share/libdrm fstype=zfs Debug 739: file: /usr/share/libthai; dirfd: 5; topdir: /usr/share; rel: libthai Whitelisting /usr/share/libthai 1266 1213 0:25 /usr/share/libthai /usr/share/libthai ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl mountid=1266 fsname=/usr/share/libthai dir=/usr/share/libthai fstype=zfs Debug 739: file: /usr/share/locale; dirfd: 5; topdir: /usr/share; rel: locale Whitelisting /usr/share/locale 1267 1213 0:25 /usr/share/locale /usr/share/locale ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl mountid=1267 fsname=/usr/share/locale dir=/usr/share/locale fstype=zfs Debug 739: file: /usr/share/mime; dirfd: 5; topdir: /usr/share; rel: mime Whitelisting /usr/share/mime 1269 1213 0:25 /usr/share/mime /usr/share/mime ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl mountid=1269 fsname=/usr/share/mime dir=/usr/share/mime fstype=zfs Debug 739: file: /usr/share/misc; dirfd: 5; topdir: /usr/share; rel: misc Whitelisting /usr/share/misc 1270 1213 0:25 /usr/share/misc /usr/share/misc ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl mountid=1270 fsname=/usr/share/misc dir=/usr/share/misc fstype=zfs Debug 739: file: /usr/share/myspell; dirfd: 5; topdir: /usr/share; rel: myspell Whitelisting /usr/share/myspell 1271 1213 0:25 /usr/share/myspell /usr/share/myspell ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl mountid=1271 fsname=/usr/share/myspell dir=/usr/share/myspell fstype=zfs Debug 739: file: /usr/share/p11-kit; dirfd: 5; topdir: /usr/share; rel: p11-kit Whitelisting /usr/share/p11-kit 1272 1213 0:25 /usr/share/p11-kit /usr/share/p11-kit ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl mountid=1272 fsname=/usr/share/p11-kit dir=/usr/share/p11-kit fstype=zfs Debug 739: file: /usr/share/perl5; dirfd: 5; topdir: /usr/share; rel: perl5 Whitelisting /usr/share/perl5 1273 1213 0:25 /usr/share/perl5 /usr/share/perl5 ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl mountid=1273 fsname=/usr/share/perl5 dir=/usr/share/perl5 fstype=zfs Debug 739: file: /usr/share/pipewire; dirfd: 5; topdir: /usr/share; rel: pipewire Whitelisting /usr/share/pipewire 1274 1213 0:25 /usr/share/pipewire /usr/share/pipewire ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl mountid=1274 fsname=/usr/share/pipewire dir=/usr/share/pipewire fstype=zfs Debug 739: file: /usr/share/pixmaps; dirfd: 5; topdir: /usr/share; rel: pixmaps Whitelisting /usr/share/pixmaps 1275 1213 0:25 /usr/share/pixmaps /usr/share/pixmaps ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl mountid=1275 fsname=/usr/share/pixmaps dir=/usr/share/pixmaps fstype=zfs Debug 739: file: /usr/share/qt; dirfd: 5; topdir: /usr/share; rel: qt Whitelisting /usr/share/qt 1276 1213 0:25 /usr/share/qt /usr/share/qt ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl mountid=1276 fsname=/usr/share/qt dir=/usr/share/qt fstype=zfs Debug 739: file: /usr/share/sounds; dirfd: 5; topdir: /usr/share; rel: sounds Whitelisting /usr/share/sounds 1277 1213 0:25 /usr/share/sounds /usr/share/sounds ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl mountid=1277 fsname=/usr/share/sounds dir=/usr/share/sounds fstype=zfs Debug 739: file: /usr/share/terminfo; dirfd: 5; topdir: /usr/share; rel: terminfo Whitelisting /usr/share/terminfo 1278 1213 0:25 /usr/share/terminfo /usr/share/terminfo ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl mountid=1278 fsname=/usr/share/terminfo dir=/usr/share/terminfo fstype=zfs Debug 739: file: /usr/share/themes; dirfd: 5; topdir: /usr/share; rel: themes Whitelisting /usr/share/themes 1279 1213 0:25 /usr/share/themes /usr/share/themes ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl mountid=1279 fsname=/usr/share/themes dir=/usr/share/themes fstype=zfs Debug 739: file: /usr/share/vulkan; dirfd: 5; topdir: /usr/share; rel: vulkan Whitelisting /usr/share/vulkan 1280 1213 0:25 /usr/share/vulkan /usr/share/vulkan ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl mountid=1280 fsname=/usr/share/vulkan dir=/usr/share/vulkan fstype=zfs Debug 739: file: /usr/share/X11; dirfd: 5; topdir: /usr/share; rel: X11 Whitelisting /usr/share/X11 1281 1213 0:25 /usr/share/X11 /usr/share/X11 ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl mountid=1281 fsname=/usr/share/X11 dir=/usr/share/X11 fstype=zfs Debug 739: file: /usr/share/xml; dirfd: 5; topdir: /usr/share; rel: xml Whitelisting /usr/share/xml 1282 1213 0:25 /usr/share/xml /usr/share/xml ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl mountid=1282 fsname=/usr/share/xml dir=/usr/share/xml fstype=zfs Debug 739: file: /usr/share/zenity; dirfd: 5; topdir: /usr/share; rel: zenity Whitelisting /usr/share/zenity 1283 1213 0:25 /usr/share/zenity /usr/share/zenity ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl mountid=1283 fsname=/usr/share/zenity dir=/usr/share/zenity fstype=zfs Debug 739: file: /usr/share/zoneinfo; dirfd: 5; topdir: /usr/share; rel: zoneinfo Whitelisting /usr/share/zoneinfo 1284 1213 0:25 /usr/share/zoneinfo /usr/share/zoneinfo ro,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl mountid=1284 fsname=/usr/share/zoneinfo dir=/usr/share/zoneinfo fstype=zfs Debug 739: file: /var/lib/dbus; dirfd: 8; topdir: /var; rel: lib/dbus Whitelisting /var/lib/dbus 1286 1237 0:25 /var/lib/dbus /var/lib/dbus ro,nosuid,nodev,noexec,relatime master:1 - zfs zroot/enc/perm/root rw,xattr,posixacl mountid=1286 fsname=/var/lib/dbus dir=/var/lib/dbus fstype=zfs Debug 739: file: /var/cache/fontconfig; dirfd: 8; topdir: /var; rel: cache/fontconfig Whitelisting /var/cache/fontconfig 1287 1237 0:43 /fontconfig /var/cache/fontconfig ro,nosuid,nodev,noexec,noatime master:50 - zfs zroot/enc/ephem/no-repl/var/cache rw,xattr,posixacl mountid=1287 fsname=/fontconfig dir=/var/cache/fontconfig fstype=zfs Debug 739: file: /var/tmp; dirfd: 8; topdir: /var; rel: tmp Whitelisting /var/tmp 1289 1237 0:82 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw,inode64 mountid=1289 fsname=/ dir=/var/tmp fstype=tmpfs Created symbolic link /var/run -> /run Created symbolic link /var/lock -> /run/lock Debug 739: file: /tmp/.X11-unix; dirfd: 9; topdir: /tmp; rel: .X11-unix Whitelisting /tmp/.X11-unix 1290 1238 0:52 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev,noatime master:74 - tmpfs tmpfs rw,size=6291456k,inode64 mountid=1290 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Disable /home/seonwoo/.local/share/Trash Disable /home/seonwoo/.python_history Disable /home/seonwoo/.bash_history Disable /home/seonwoo/.local/share/klipper Disable /home/seonwoo/.python_history Disable /home/seonwoo/.lesshst Disable /home/seonwoo/.viminfo Disable /home/seonwoo/.config/autostart Disable /home/seonwoo/.config/lxsession/LXDE/autostart Disable /home/seonwoo/.config/openbox Mounting read-only /home/seonwoo/.Xauthority 1301 1167 0:27 /.Xauthority /home/seonwoo/.Xauthority ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=1301 fsname=/.Xauthority dir=/home/seonwoo/.Xauthority fstype=zfs Mounting read-only /home/seonwoo/.kde4/share/config/kdeglobals 1302 1167 0:27 /.kde4/share/config/kdeglobals /home/seonwoo/.kde4/share/config/kdeglobals ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=1302 fsname=/.kde4/share/config/kdeglobals dir=/home/seonwoo/.kde4/share/config/kdeglobals fstype=zfs Mounting read-only /home/seonwoo/.kde4/share/kde4/services 1303 1167 0:27 /.kde4/share/kde4/services /home/seonwoo/.kde4/share/kde4/services ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=1303 fsname=/.kde4/share/kde4/services dir=/home/seonwoo/.kde4/share/kde4/services fstype=zfs Disable /home/seonwoo/.local/share/gnome-shell Disable /home/seonwoo/.local/share/gvfs-metadata Mounting read-only /home/seonwoo/.config/dconf 1306 1167 0:27 /.config/dconf /home/seonwoo/.config/dconf ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=1306 fsname=/.config/dconf dir=/home/seonwoo/.config/dconf fstype=zfs Disable /home/seonwoo/.config/systemd Disable /home/seonwoo/.local/share/systemd Disable /run/user/1000/systemd Disable /home/seonwoo/.VirtualBox Disable /home/seonwoo/.VeraCrypt Disable /usr/share/applications/veracrypt.desktop Disable /usr/share/pixmaps/veracrypt.xpm Mounting read-only /home/seonwoo/.bash_logout 1315 1167 0:27 /.bash_logout /home/seonwoo/.bash_logout ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=1315 fsname=/.bash_logout dir=/home/seonwoo/.bash_logout fstype=zfs Mounting read-only /home/seonwoo/.bash_profile 1316 1167 0:27 /.bash_profile /home/seonwoo/.bash_profile ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=1316 fsname=/.bash_profile dir=/home/seonwoo/.bash_profile fstype=zfs Mounting read-only /home/seonwoo/.bashrc 1317 1167 0:27 /.bashrc /home/seonwoo/.bashrc ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=1317 fsname=/.bashrc dir=/home/seonwoo/.bashrc fstype=zfs Mounting read-only /home/seonwoo/.profile 1318 1167 0:27 /.profile /home/seonwoo/.profile ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=1318 fsname=/.profile dir=/home/seonwoo/.profile fstype=zfs Disable /home/seonwoo/.ssh/authorized_keys Mounting read-only /home/seonwoo/.ssh/config 1320 1167 0:27 /.ssh/config /home/seonwoo/.ssh/config ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=1320 fsname=/.ssh/config dir=/home/seonwoo/.ssh/config fstype=zfs Mounting read-only /home/seonwoo/.emacs 1321 1167 0:27 /.emacs /home/seonwoo/.emacs ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=1321 fsname=/.emacs dir=/home/seonwoo/.emacs fstype=zfs Mounting read-only /home/seonwoo/.emacs.d 1322 1167 0:27 /.emacs.d /home/seonwoo/.emacs.d ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=1322 fsname=/.emacs.d dir=/home/seonwoo/.emacs.d fstype=zfs Mounting read-only /home/seonwoo/.local/lib 1323 1167 0:27 /.local/lib /home/seonwoo/.local/lib ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=1323 fsname=/.local/lib dir=/home/seonwoo/.local/lib fstype=zfs Mounting read-only /home/seonwoo/.vim 1324 1167 0:27 /.vim /home/seonwoo/.vim ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=1324 fsname=/.vim dir=/home/seonwoo/.vim fstype=zfs Mounting read-only /home/seonwoo/.viminfo 1325 1297 0:23 /firejail/firejail.ro.file /home/seonwoo/.viminfo ro,nosuid,nodev,relatime master:15 - tmpfs run rw,mode=755,inode64 mountid=1325 fsname=/firejail/firejail.ro.file dir=/home/seonwoo/.viminfo fstype=tmpfs Mounting read-only /home/seonwoo/.vimrc 1326 1167 0:27 /.vimrc /home/seonwoo/.vimrc ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=1326 fsname=/.vimrc dir=/home/seonwoo/.vimrc fstype=zfs Mounting read-only /home/seonwoo/.local/bin 1327 1167 0:27 /.local/bin /home/seonwoo/.local/bin ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=1327 fsname=/.local/bin dir=/home/seonwoo/.local/bin fstype=zfs Mounting read-only /home/seonwoo/bin 1328 1167 0:27 /bin /home/seonwoo/bin ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=1328 fsname=/bin dir=/home/seonwoo/bin fstype=zfs Mounting read-only /home/seonwoo/.config/menus 1329 1167 0:27 /.config/menus /home/seonwoo/.config/menus ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=1329 fsname=/.config/menus dir=/home/seonwoo/.config/menus fstype=zfs Mounting read-only /home/seonwoo/.local/share/applications 1330 1167 0:27 /.local/share/applications /home/seonwoo/.local/share/applications ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=1330 fsname=/.local/share/applications dir=/home/seonwoo/.local/share/applications fstype=zfs Mounting read-only /home/seonwoo/.config/mimeapps.list 1331 1167 0:27 /.config/mimeapps.list /home/seonwoo/.config/mimeapps.list ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=1331 fsname=/.config/mimeapps.list dir=/home/seonwoo/.config/mimeapps.list fstype=zfs Mounting read-only /home/seonwoo/.config/user-dirs.dirs 1332 1167 0:27 /.config/user-dirs.dirs /home/seonwoo/.config/user-dirs.dirs ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=1332 fsname=/.config/user-dirs.dirs dir=/home/seonwoo/.config/user-dirs.dirs fstype=zfs Mounting read-only /home/seonwoo/.config/user-dirs.locale 1333 1167 0:27 /.config/user-dirs.locale /home/seonwoo/.config/user-dirs.locale ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=1333 fsname=/.config/user-dirs.locale dir=/home/seonwoo/.config/user-dirs.locale fstype=zfs Mounting read-only /home/seonwoo/.local/share/mime 1334 1167 0:27 /.local/share/mime /home/seonwoo/.local/share/mime ro,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=1334 fsname=/.local/share/mime dir=/home/seonwoo/.local/share/mime fstype=zfs Not blacklist /home/seonwoo/*.kdb Not blacklist /home/seonwoo/Database-cached.kdbx Disable /home/seonwoo/.gnupg Disable /home/seonwoo/.local/share/keyrings Disable /home/seonwoo/.local/share/pki Disable /home/seonwoo/.pki Disable /home/seonwoo/.ssh Warning: /sbin directory link was not blacklisted Disable /usr/local/sbin Warning: /usr/sbin directory link was not blacklisted Warning (blacklisting): cannot open /usr/local/sbin/at: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/busybox: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/chage: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/chfn: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/chsh: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/crontab: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/evtest: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/expiry: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/fusermount: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/gksu: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/gksudo: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/gpasswd: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/kdesudo: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/ksu: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/mount: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/mount.ecryptfs_private: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/nc: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/ncat: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/nmap: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/newgidmap: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/newgrp: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/newuidmap: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/ntfs-3g: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/pkexec: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/procmail: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/sg: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/strace: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/su: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/sudo: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/tcpdump: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/umount: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/unix_chkpwd: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/xev: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/xinput: Permission denied Disable /usr/lib/ssh Warning (blacklisting): cannot open /usr/local/sbin/passwd: Permission denied Disable /usr/lib/dbus-1.0/dbus-daemon-launch-helper Disable /usr/lib/chromium/chrome-sandbox Warning (blacklisting): cannot open /usr/local/sbin/suexec: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/slock: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/physlock: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/schroot: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/wshowkeys: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/pmount: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/pumount: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/bmon: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/fping: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/fping6: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/hostname: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/mtr: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/mtr-packet: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/netstat: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/nm-online: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/nmcli: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/nmtui: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/nmtui-connect: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/nmtui-edit: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/nmtui-hostname: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/networkctl: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/ss: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/traceroute: Permission denied Disable /usr/lib/virtualbox Disable /usr/lib/virtualbox (requested /usr/lib64/virtualbox) Warning (blacklisting): cannot open /usr/local/sbin/gnome-terminal: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/gnome-terminal.wrapper: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/lilyterm: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/lxterminal: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/mate-terminal: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/mate-terminal.wrapper: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/pantheon-terminal: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/roxterm: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/roxterm-config: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/terminix: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/tilix: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/urxvtc: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/urxvtcd: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/xfce4-terminal: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/xfce4-terminal.wrapper: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/bwrap: Permission denied Disable /proc/config.gz Warning (blacklisting): cannot open /usr/local/sbin/dig: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/dlint: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/dns2tcp: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/dnssec-*: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/dnswalk: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/drill: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/host: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/iodine: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/kdig: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/khost: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/knsupdate: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/ldns-*: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/ldnsd: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/nslookup: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/resolvectl: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/unbound-host: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/ftp: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/ssh: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/telnet: Permission denied Disable /run/user/1000/pipewire-0.lock Disable /home/seonwoo/.local/opt/tor-browser Warning (blacklisting): cannot open /usr/local/sbin/clang*: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/lldb*: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/llvm*: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/as: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/cc: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/c++*: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/c8*: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/c9*: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/cpp*: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/g++*: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/gcc*: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/gdb: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/ld: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/*-gcc*: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/*-g++*: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/*-gcc*: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/*-g++*: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/gccgo: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/go: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/gofmt: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/java: Permission denied Disable /usr/lib/jvm/java-17-openjdk/bin/java (requested /usr/lib/jvm/default/bin/java) Warning (blacklisting): cannot open /usr/local/sbin/javac: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/openssl: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/openssl-1.0: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/rust-gdb: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/rust-lldb: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/rustc: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/tcc: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/x86_64-tcc: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/valgrind*: Permission denied Disable /usr/src Disable /usr/local/src Disable /usr/include Disable /usr/local/include Mounting noexec /home/seonwoo 1418 1365 0:23 /firejail/firejail.ro.dir /home/seonwoo/.config/firejail rw,nosuid,nodev,noexec,relatime master:15 - tmpfs run rw,mode=755,inode64 mountid=1418 fsname=/firejail/firejail.ro.dir dir=/home/seonwoo/.config/firejail fstype=tmpfs Mounting noexec /home/seonwoo/.local/share/Trash 1419 1366 0:23 /firejail/firejail.ro.dir /home/seonwoo/.local/share/Trash rw,nosuid,nodev,noexec,relatime master:15 - tmpfs run rw,mode=755,inode64 mountid=1419 fsname=/firejail/firejail.ro.dir dir=/home/seonwoo/.local/share/Trash fstype=tmpfs Mounting noexec /home/seonwoo/.python_history 1420 1368 0:23 /firejail/firejail.ro.file /home/seonwoo/.python_history rw,nosuid,nodev,noexec,relatime master:15 - tmpfs run rw,mode=755,inode64 mountid=1420 fsname=/firejail/firejail.ro.file dir=/home/seonwoo/.python_history fstype=tmpfs Mounting noexec /home/seonwoo/.bash_history 1421 1369 0:23 /firejail/firejail.ro.file /home/seonwoo/.bash_history rw,nosuid,nodev,noexec,relatime master:15 - tmpfs run rw,mode=755,inode64 mountid=1421 fsname=/firejail/firejail.ro.file dir=/home/seonwoo/.bash_history fstype=tmpfs Mounting noexec /home/seonwoo/.local/share/klipper 1422 1370 0:23 /firejail/firejail.ro.dir /home/seonwoo/.local/share/klipper rw,nosuid,nodev,noexec,relatime master:15 - tmpfs run rw,mode=755,inode64 mountid=1422 fsname=/firejail/firejail.ro.dir dir=/home/seonwoo/.local/share/klipper fstype=tmpfs Mounting noexec /home/seonwoo/.lesshst 1423 1371 0:23 /firejail/firejail.ro.file /home/seonwoo/.lesshst rw,nosuid,nodev,noexec,relatime master:15 - tmpfs run rw,mode=755,inode64 mountid=1423 fsname=/firejail/firejail.ro.file dir=/home/seonwoo/.lesshst fstype=tmpfs Mounting noexec /home/seonwoo/.viminfo 1424 1373 0:23 /firejail/firejail.ro.file /home/seonwoo/.viminfo ro,nosuid,nodev,noexec,relatime master:15 - tmpfs run rw,mode=755,inode64 mountid=1424 fsname=/firejail/firejail.ro.file dir=/home/seonwoo/.viminfo fstype=tmpfs Mounting noexec /home/seonwoo/.config/autostart 1425 1374 0:23 /firejail/firejail.ro.dir /home/seonwoo/.config/autostart rw,nosuid,nodev,noexec,relatime master:15 - tmpfs run rw,mode=755,inode64 mountid=1425 fsname=/firejail/firejail.ro.dir dir=/home/seonwoo/.config/autostart fstype=tmpfs Mounting noexec /home/seonwoo/.config/lxsession/LXDE/autostart 1426 1375 0:23 /firejail/firejail.ro.file /home/seonwoo/.config/lxsession/LXDE/autostart rw,nosuid,nodev,noexec,relatime master:15 - tmpfs run rw,mode=755,inode64 mountid=1426 fsname=/firejail/firejail.ro.file dir=/home/seonwoo/.config/lxsession/LXDE/autostart fstype=tmpfs Mounting noexec /home/seonwoo/.config/openbox 1427 1376 0:23 /firejail/firejail.ro.dir /home/seonwoo/.config/openbox rw,nosuid,nodev,noexec,relatime master:15 - tmpfs run rw,mode=755,inode64 mountid=1427 fsname=/firejail/firejail.ro.dir dir=/home/seonwoo/.config/openbox fstype=tmpfs Mounting noexec /home/seonwoo/.Xauthority 1428 1377 0:27 /.Xauthority /home/seonwoo/.Xauthority ro,nosuid,nodev,noexec,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=1428 fsname=/.Xauthority dir=/home/seonwoo/.Xauthority fstype=zfs Mounting noexec /home/seonwoo/.kde4/share/config/kdeglobals 1429 1378 0:27 /.kde4/share/config/kdeglobals /home/seonwoo/.kde4/share/config/kdeglobals ro,nosuid,nodev,noexec,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=1429 fsname=/.kde4/share/config/kdeglobals dir=/home/seonwoo/.kde4/share/config/kdeglobals fstype=zfs Mounting noexec /home/seonwoo/.kde4/share/kde4/services 1430 1379 0:27 /.kde4/share/kde4/services /home/seonwoo/.kde4/share/kde4/services ro,nosuid,nodev,noexec,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=1430 fsname=/.kde4/share/kde4/services dir=/home/seonwoo/.kde4/share/kde4/services fstype=zfs Mounting noexec /home/seonwoo/.local/share/gnome-shell 1431 1380 0:23 /firejail/firejail.ro.dir /home/seonwoo/.local/share/gnome-shell rw,nosuid,nodev,noexec,relatime master:15 - tmpfs run rw,mode=755,inode64 mountid=1431 fsname=/firejail/firejail.ro.dir dir=/home/seonwoo/.local/share/gnome-shell fstype=tmpfs Mounting noexec /home/seonwoo/.local/share/gvfs-metadata 1432 1381 0:23 /firejail/firejail.ro.dir /home/seonwoo/.local/share/gvfs-metadata rw,nosuid,nodev,noexec,relatime master:15 - tmpfs run rw,mode=755,inode64 mountid=1432 fsname=/firejail/firejail.ro.dir dir=/home/seonwoo/.local/share/gvfs-metadata fstype=tmpfs Mounting noexec /home/seonwoo/.config/dconf 1433 1382 0:27 /.config/dconf /home/seonwoo/.config/dconf ro,nosuid,nodev,noexec,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=1433 fsname=/.config/dconf dir=/home/seonwoo/.config/dconf fstype=zfs Mounting noexec /home/seonwoo/.config/systemd 1434 1383 0:23 /firejail/firejail.ro.dir /home/seonwoo/.config/systemd rw,nosuid,nodev,noexec,relatime master:15 - tmpfs run rw,mode=755,inode64 mountid=1434 fsname=/firejail/firejail.ro.dir dir=/home/seonwoo/.config/systemd fstype=tmpfs Mounting noexec /home/seonwoo/.local/share/systemd 1435 1384 0:23 /firejail/firejail.ro.dir /home/seonwoo/.local/share/systemd rw,nosuid,nodev,noexec,relatime master:15 - tmpfs run rw,mode=755,inode64 mountid=1435 fsname=/firejail/firejail.ro.dir dir=/home/seonwoo/.local/share/systemd fstype=tmpfs Mounting noexec /home/seonwoo/.VirtualBox 1436 1385 0:23 /firejail/firejail.ro.dir /home/seonwoo/.VirtualBox rw,nosuid,nodev,noexec,relatime master:15 - tmpfs run rw,mode=755,inode64 mountid=1436 fsname=/firejail/firejail.ro.dir dir=/home/seonwoo/.VirtualBox fstype=tmpfs Mounting noexec /home/seonwoo/.VeraCrypt 1437 1386 0:23 /firejail/firejail.ro.dir /home/seonwoo/.VeraCrypt rw,nosuid,nodev,noexec,relatime master:15 - tmpfs run rw,mode=755,inode64 mountid=1437 fsname=/firejail/firejail.ro.dir dir=/home/seonwoo/.VeraCrypt fstype=tmpfs Mounting noexec /home/seonwoo/.bash_logout 1438 1387 0:27 /.bash_logout /home/seonwoo/.bash_logout ro,nosuid,nodev,noexec,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=1438 fsname=/.bash_logout dir=/home/seonwoo/.bash_logout fstype=zfs Mounting noexec /home/seonwoo/.bash_profile 1439 1388 0:27 /.bash_profile /home/seonwoo/.bash_profile ro,nosuid,nodev,noexec,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=1439 fsname=/.bash_profile dir=/home/seonwoo/.bash_profile fstype=zfs Mounting noexec /home/seonwoo/.bashrc 1440 1389 0:27 /.bashrc /home/seonwoo/.bashrc ro,nosuid,nodev,noexec,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=1440 fsname=/.bashrc dir=/home/seonwoo/.bashrc fstype=zfs Mounting noexec /home/seonwoo/.profile 1441 1390 0:27 /.profile /home/seonwoo/.profile ro,nosuid,nodev,noexec,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=1441 fsname=/.profile dir=/home/seonwoo/.profile fstype=zfs Warning: not remounting /home/seonwoo/.ssh/authorized_keys Warning: not remounting /home/seonwoo/.ssh/config Mounting noexec /home/seonwoo/.emacs 1442 1393 0:27 /.emacs /home/seonwoo/.emacs ro,nosuid,nodev,noexec,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=1442 fsname=/.emacs dir=/home/seonwoo/.emacs fstype=zfs Mounting noexec /home/seonwoo/.emacs.d 1443 1394 0:27 /.emacs.d /home/seonwoo/.emacs.d ro,nosuid,nodev,noexec,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=1443 fsname=/.emacs.d dir=/home/seonwoo/.emacs.d fstype=zfs Mounting noexec /home/seonwoo/.local/lib 1444 1395 0:27 /.local/lib /home/seonwoo/.local/lib ro,nosuid,nodev,noexec,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=1444 fsname=/.local/lib dir=/home/seonwoo/.local/lib fstype=zfs Mounting noexec /home/seonwoo/.vim 1445 1396 0:27 /.vim /home/seonwoo/.vim ro,nosuid,nodev,noexec,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=1445 fsname=/.vim dir=/home/seonwoo/.vim fstype=zfs Mounting noexec /home/seonwoo/.vimrc 1446 1397 0:27 /.vimrc /home/seonwoo/.vimrc ro,nosuid,nodev,noexec,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=1446 fsname=/.vimrc dir=/home/seonwoo/.vimrc fstype=zfs Mounting noexec /home/seonwoo/.local/bin 1447 1398 0:27 /.local/bin /home/seonwoo/.local/bin ro,nosuid,nodev,noexec,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=1447 fsname=/.local/bin dir=/home/seonwoo/.local/bin fstype=zfs Mounting noexec /home/seonwoo/bin 1448 1399 0:27 /bin /home/seonwoo/bin ro,nosuid,nodev,noexec,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=1448 fsname=/bin dir=/home/seonwoo/bin fstype=zfs Mounting noexec /home/seonwoo/.config/menus 1449 1400 0:27 /.config/menus /home/seonwoo/.config/menus ro,nosuid,nodev,noexec,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=1449 fsname=/.config/menus dir=/home/seonwoo/.config/menus fstype=zfs Mounting noexec /home/seonwoo/.local/share/applications 1450 1401 0:27 /.local/share/applications /home/seonwoo/.local/share/applications ro,nosuid,nodev,noexec,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=1450 fsname=/.local/share/applications dir=/home/seonwoo/.local/share/applications fstype=zfs Mounting noexec /home/seonwoo/.config/mimeapps.list 1451 1402 0:27 /.config/mimeapps.list /home/seonwoo/.config/mimeapps.list ro,nosuid,nodev,noexec,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=1451 fsname=/.config/mimeapps.list dir=/home/seonwoo/.config/mimeapps.list fstype=zfs Mounting noexec /home/seonwoo/.config/user-dirs.dirs 1452 1403 0:27 /.config/user-dirs.dirs /home/seonwoo/.config/user-dirs.dirs ro,nosuid,nodev,noexec,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=1452 fsname=/.config/user-dirs.dirs dir=/home/seonwoo/.config/user-dirs.dirs fstype=zfs Mounting noexec /home/seonwoo/.config/user-dirs.locale 1453 1404 0:27 /.config/user-dirs.locale /home/seonwoo/.config/user-dirs.locale ro,nosuid,nodev,noexec,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=1453 fsname=/.config/user-dirs.locale dir=/home/seonwoo/.config/user-dirs.locale fstype=zfs Mounting noexec /home/seonwoo/.local/share/mime 1454 1405 0:27 /.local/share/mime /home/seonwoo/.local/share/mime ro,nosuid,nodev,noexec,relatime master:3 - zfs zroot/enc/perm/root/home/seonwoo rw,xattr,posixacl mountid=1454 fsname=/.local/share/mime dir=/home/seonwoo/.local/share/mime fstype=zfs Mounting noexec /home/seonwoo/.gnupg 1455 1406 0:23 /firejail/firejail.ro.dir /home/seonwoo/.gnupg rw,nosuid,nodev,noexec,relatime master:15 - tmpfs run rw,mode=755,inode64 mountid=1455 fsname=/firejail/firejail.ro.dir dir=/home/seonwoo/.gnupg fstype=tmpfs Mounting noexec /home/seonwoo/.local/share/keyrings 1456 1407 0:23 /firejail/firejail.ro.dir /home/seonwoo/.local/share/keyrings rw,nosuid,nodev,noexec,relatime master:15 - tmpfs run rw,mode=755,inode64 mountid=1456 fsname=/firejail/firejail.ro.dir dir=/home/seonwoo/.local/share/keyrings fstype=tmpfs Mounting noexec /home/seonwoo/.local/share/pki 1457 1408 0:23 /firejail/firejail.ro.dir /home/seonwoo/.local/share/pki rw,nosuid,nodev,noexec,relatime master:15 - tmpfs run rw,mode=755,inode64 mountid=1457 fsname=/firejail/firejail.ro.dir dir=/home/seonwoo/.local/share/pki fstype=tmpfs Mounting noexec /home/seonwoo/.pki 1458 1409 0:23 /firejail/firejail.ro.dir /home/seonwoo/.pki rw,nosuid,nodev,noexec,relatime master:15 - tmpfs run rw,mode=755,inode64 mountid=1458 fsname=/firejail/firejail.ro.dir dir=/home/seonwoo/.pki fstype=tmpfs Mounting noexec /home/seonwoo/.ssh 1459 1410 0:23 /firejail/firejail.ro.dir /home/seonwoo/.ssh rw,nosuid,nodev,noexec,relatime master:15 - tmpfs run rw,mode=755,inode64 mountid=1459 fsname=/firejail/firejail.ro.dir dir=/home/seonwoo/.ssh fstype=tmpfs Mounting noexec /home/seonwoo/.local/opt/tor-browser 1460 1411 0:23 /firejail/firejail.ro.dir /home/seonwoo/.local/opt/tor-browser rw,nosuid,nodev,noexec,relatime master:15 - tmpfs run rw,mode=755,inode64 mountid=1460 fsname=/firejail/firejail.ro.dir dir=/home/seonwoo/.local/opt/tor-browser fstype=tmpfs Mounting noexec /run/user/1000 1467 1461 0:23 /firejail/firejail.ro.file /run/user/1000/pipewire-0.lock rw,nosuid,nodev,relatime master:15 - tmpfs run rw,mode=755,inode64 mountid=1467 fsname=/firejail/firejail.ro.file dir=/run/user/1000/pipewire-0.lock fstype=tmpfs Warning: not remounting /run/user/1000/gvfs Mounting noexec /run/user/1000/bus 1468 1463 0:23 /firejail/firejail.ro.file /run/user/1000/bus rw,nosuid,nodev,noexec,relatime master:15 - tmpfs run rw,mode=755,inode64 mountid=1468 fsname=/firejail/firejail.ro.file dir=/run/user/1000/bus fstype=tmpfs Mounting noexec /run/user/1000/gnupg 1469 1464 0:23 /firejail/firejail.ro.dir /run/user/1000/gnupg rw,nosuid,nodev,noexec,relatime master:15 - tmpfs run rw,mode=755,inode64 mountid=1469 fsname=/firejail/firejail.ro.dir dir=/run/user/1000/gnupg fstype=tmpfs Mounting noexec /run/user/1000/systemd 1470 1466 0:23 /firejail/firejail.ro.dir /run/user/1000/systemd rw,nosuid,nodev,noexec,relatime master:15 - tmpfs run rw,mode=755,inode64 mountid=1470 fsname=/firejail/firejail.ro.dir dir=/run/user/1000/systemd fstype=tmpfs Mounting noexec /run/user/1000/pipewire-0.lock 1471 1467 0:23 /firejail/firejail.ro.file /run/user/1000/pipewire-0.lock rw,nosuid,nodev,noexec,relatime master:15 - tmpfs run rw,mode=755,inode64 mountid=1471 fsname=/firejail/firejail.ro.file dir=/run/user/1000/pipewire-0.lock fstype=tmpfs Mounting noexec /dev/shm 1472 1025 0:24 / /dev/shm rw,nosuid,nodev,noexec master:7 - tmpfs tmpfs rw,inode64 mountid=1472 fsname=/ dir=/dev/shm fstype=tmpfs Mounting noexec /tmp 1474 1473 0:52 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev,noatime master:74 - tmpfs tmpfs rw,size=6291456k,inode64 mountid=1474 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Mounting noexec /tmp/.X11-unix 1475 1474 0:52 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev,noexec,noatime master:74 - tmpfs tmpfs rw,size=6291456k,inode64 mountid=1475 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Warning (blacklisting): cannot open /usr/local/sbin/gjs: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/gjs-console: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/lua*: Permission denied Warning (blacklisting): cannot open /usr/include/lua*: Permission denied Disable /usr/lib/liblua5.3.so.5.3.6 (requested /usr/lib/liblua.so.5.3.6) Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib/liblua5.2.so) Disable /usr/lib/libluajit-5.1.so.2.1.0 Disable /usr/lib/liblua5.2.so.5.2.4 Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib/liblua5.2.so.5.2) Disable /usr/lib/liblua5.3.so.5.3.6 (requested /usr/lib/liblua5.3.so) Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib/liblua.so.5.2) Disable /usr/lib/liblua.so.5.4.4 (requested /usr/lib/liblua5.4.so) Disable /usr/lib/liblua.so.5.4.4 Disable /usr/lib/libluajit-5.1.so.2.1.0 (requested /usr/lib/libluajit-5.1.so) Disable /usr/lib/liblua5.3.so.5.3.6 (requested /usr/lib/liblua5.3.so.5.3) Disable /usr/lib/liblua5.3.so.5.3.6 Disable /usr/lib/liblua.so.5.4.4 (requested /usr/lib/liblua.so) Disable /usr/lib/liblua.so.5.4.4 (requested /usr/lib/liblua.so.5.4) Disable /usr/lib/libluajit-5.1.so.2.1.0 (requested /usr/lib/libluajit-5.1.so.2) Disable /usr/lib/liblua5.3.so.5.3.6 (requested /usr/lib/liblua.so.5.3) Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib/liblua.so.5.2.4) Disable /usr/lib/lua Disable /usr/lib/liblua5.3.so.5.3.6 (requested /usr/lib64/liblua.so.5.3.6) Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib64/liblua5.2.so) Disable /usr/lib/libluajit-5.1.so.2.1.0 (requested /usr/lib64/libluajit-5.1.so.2.1.0) Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib64/liblua5.2.so.5.2.4) Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib64/liblua5.2.so.5.2) Disable /usr/lib/liblua5.3.so.5.3.6 (requested /usr/lib64/liblua5.3.so) Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib64/liblua.so.5.2) Disable /usr/lib/liblua.so.5.4.4 (requested /usr/lib64/liblua5.4.so) Disable /usr/lib/liblua.so.5.4.4 (requested /usr/lib64/liblua.so.5.4.4) Disable /usr/lib/libluajit-5.1.so.2.1.0 (requested /usr/lib64/libluajit-5.1.so) Disable /usr/lib/liblua5.3.so.5.3.6 (requested /usr/lib64/liblua5.3.so.5.3) Disable /usr/lib/liblua5.3.so.5.3.6 (requested /usr/lib64/liblua5.3.so.5.3.6) Disable /usr/lib/liblua.so.5.4.4 (requested /usr/lib64/liblua.so) Disable /usr/lib/liblua.so.5.4.4 (requested /usr/lib64/liblua.so.5.4) Disable /usr/lib/libluajit-5.1.so.2.1.0 (requested /usr/lib64/libluajit-5.1.so.2) Disable /usr/lib/liblua5.3.so.5.3.6 (requested /usr/lib64/liblua.so.5.3) Disable /usr/lib/liblua5.2.so.5.2.4 (requested /usr/lib64/liblua.so.5.2.4) Disable /usr/lib/lua (requested /usr/lib64/lua) Disable /usr/lib/libmozjs-52.so.old Disable /usr/lib/libmozjs-78.so Disable /usr/lib/libmozjs-52.so.old (requested /usr/lib/libmozjs-52.so.0) Disable /usr/lib/libmozjs-52.so.old (requested /usr/lib64/libmozjs-52.so.old) Disable /usr/lib/libmozjs-78.so (requested /usr/lib64/libmozjs-78.so) Disable /usr/lib/libmozjs-52.so.old (requested /usr/lib64/libmozjs-52.so.0) Warning (blacklisting): cannot open /usr/local/sbin/node: Permission denied Warning (blacklisting): cannot open /usr/include/node: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/core_perl: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/cpan*: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/perl: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/site_perl: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/vendor_perl: Permission denied Disable /usr/lib/perl5 Disable /usr/lib/perl5 (requested /usr/lib64/perl5) Disable /usr/share/perl5 Warning (blacklisting): cannot open /usr/local/sbin/rxvt: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/php*: Permission denied Disable /usr/lib/php7 Warning (blacklisting): cannot open /usr/local/sbin/ruby: Permission denied Disable /usr/lib/ruby Disable /usr/lib/ruby (requested /usr/lib64/ruby) Warning (blacklisting): cannot open /usr/local/sbin/python2*: Permission denied Warning (blacklisting): cannot open /usr/include/python2*: Permission denied Disable /usr/lib/python2.7 Warning (blacklisting): cannot open /usr/local/sbin/python3*: Permission denied Warning (blacklisting): cannot open /usr/include/python3*: Permission denied Disable /usr/lib/python3.10 Disable /usr/lib/python3.9 Disable /usr/lib/python3.10 (requested /usr/lib64/python3.10) Disable /usr/lib/python3.9 (requested /usr/lib64/python3.9) Disable /home/seonwoo/.VirtualBox Disable /home/seonwoo/.android Disable /home/seonwoo/.audacity-data Disable /home/seonwoo/.cache/chromium Disable /home/seonwoo/.cache/geeqie Not blacklist /home/seonwoo/.cache/keepassxc Disable /home/seonwoo/.cache/mozilla Disable /home/seonwoo/.cache/vlc Not blacklist /home/seonwoo/.config/BraveSoftware Not blacklist /home/seonwoo/.config/KeePassXCrc Disable /home/seonwoo/.config/Slack Disable /home/seonwoo/.config/Thunar Disable /home/seonwoo/.config/asunder Not blacklist /home/seonwoo/.config/chromium Disable /home/seonwoo/.config/gnome-session Not blacklist /home/seonwoo/.config/google-chrome Not blacklist /home/seonwoo/.config/keepassxc Not blacklist /home/seonwoo/.config/vivaldi Disable /home/seonwoo/.config/vlc Disable /home/seonwoo/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml Disable /home/seonwoo/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml Disable /home/seonwoo/.cups Disable /home/seonwoo/.elinks Disable /home/seonwoo/.emacs Disable /home/seonwoo/.emacs.d Disable /home/seonwoo/.gimp-2.8 Disable /home/seonwoo/.gitconfig Not blacklist /home/seonwoo/.keepassxc Disable /home/seonwoo/.killingfloor Disable /home/seonwoo/.klei Disable /home/seonwoo/.local/share/qpdfview Not blacklist /home/seonwoo/.local/share/torbrowser Disable /home/seonwoo/.local/share/totem Disable /home/seonwoo/.local/share/vlc Disable /home/seonwoo/.local/share/vpltd Disable /home/seonwoo/.local/share/vulkan Disable /home/seonwoo/.local/state/pipewire Disable /home/seonwoo/.mbwarband Not blacklist /home/seonwoo/.mozilla Disable /home/seonwoo/.npm Disable /home/seonwoo/.nv Disable /home/seonwoo/.paradoxinteractive Disable /home/seonwoo/.vim Disable /home/seonwoo/.vimrc Disable /home/seonwoo/.wget-hsts Warning (blacklisting): cannot open /usr/local/sbin/bash: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/csh: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/dash: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/fish: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/ksh: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/mksh: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/oksh: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/sh: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/tclsh: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/tcsh: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/zsh: Permission denied Not blacklist ${DOCUMENTS} Mounting read-only /tmp/.X11-unix 1633 1475 0:52 /.X11-unix /tmp/.X11-unix ro,nosuid,nodev,noexec,noatime master:74 - tmpfs tmpfs rw,size=6291456k,inode64 mountid=1633 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Disable /sys/fs Disable /sys/module disable pulseaudio blacklist /home/seonwoo/.config/pulse blacklist /run/user/1000/pulse/native blacklist /run/user/1000/pulse disable pipewire blacklist /run/user/1000/pipewire-0.lock blacklist /run/user/1000/pipewire-0 blacklist /run/user/1000/pipewire-0.lock blacklist /run/user/1000/pipewire-0 blacklist /dev/snd blacklist /dev/dri blacklist /dev/nvidia0 blacklist /dev/nvidiactl blacklist /dev/nvidia-modeset blacklist /dev/nvidia-uvm blacklist /dev/input rebuilding /etc directory Creating empty /run/firejail/mnt/dns-etc/machine-id file Creating empty /run/firejail/mnt/dns-etc/ld.so.preload file Creating empty /run/firejail/mnt/dns-etc/ld.so.cache file Creating empty /run/firejail/mnt/dns-etc/fonts directory Mount-bind /run/firejail/mnt/dns-etc on top of /etc Current directory: /home/seonwoo DISPLAY=:0.0 parsed as 0 Install protocol filter: unix configuring 16 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol Dropping all capabilities Drop privileges: pid 11, uid 1000, gid 100, force_nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 04 00 c000003e jeq ARCH_64 0006 (false 0002) 0002: 20 00 00 00000000 ld data.syscall-number 0003: 15 01 00 00000167 jeq unknown 0005 (false 0004) 0004: 06 00 00 7fff0000 ret ALLOW 0005: 05 00 00 00000006 jmp 000c 0006: 20 00 00 00000004 ld data.architecture 0007: 15 01 00 c000003e jeq ARCH_64 0009 (false 0008) 0008: 06 00 00 7fff0000 ret ALLOW 0009: 20 00 00 00000000 ld data.syscall-number 000a: 15 01 00 00000029 jeq socket 000c (false 000b) 000b: 06 00 00 7fff0000 ret ALLOW 000c: 20 00 00 00000010 ld data.args[0] 000d: 15 00 01 00000001 jeq 1 000e (false 000f) 000e: 06 00 00 7fff0000 ret ALLOW 000f: 06 00 00 0005005f ret ERRNO(95) configuring 15 seccomp entries in /run/firejail/mnt/seccomp/seccomp.block_secondary sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.block_secondary Dropping all capabilities Drop privileges: pid 12, uid 1000, gid 100, force_nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 00050001 ret ERRNO(1) 0003: 20 00 00 00000000 ld data.syscall-number 0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005) 0005: 35 01 00 00000000 jge read 0007 (false 0006) 0006: 06 00 00 00050001 ret ERRNO(1) 0007: 15 00 06 00000087 jeq personality 0008 (false 000e) 0008: 20 00 00 00000010 ld data.args[0] 0009: 15 01 00 00000000 jeq 0 000b (false 000a) 000a: 15 00 02 ffffffff jeq ffffffff 000b (false 000d) 000b: 20 00 00 00000014 ld data.args[4] 000c: 15 01 00 00000000 jeq 0 000e (false 000d) 000d: 06 00 00 00050001 ret ERRNO(1) 000e: 06 00 00 7fff0000 ret ALLOW Secondary arch blocking seccomp filter configured Build default+drop seccomp filter sbox run: /run/firejail/lib/fseccomp default drop /run/firejail/mnt/seccomp/seccomp /run/firejail/mnt/seccomp/seccomp.postexec !name_to_handle_at Dropping all capabilities Drop privileges: pid 13, uid 1000, gid 100, force_nogroups 1 No supplementary groups Seccomp list in: !name_to_handle_at, check list: @default-keep, prelist: unknown, sbox run: /run/firejail/lib/fsec-optimize /run/firejail/mnt/seccomp/seccomp Dropping all capabilities Drop privileges: pid 14, uid 1000, gid 100, force_nogroups 1 No supplementary groups configuring 73 seccomp entries in /run/firejail/mnt/seccomp/seccomp sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp Dropping all capabilities Drop privileges: pid 15, uid 1000, gid 100, force_nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005) 0005: 35 01 00 00000000 jge read 0007 (false 0006) 0006: 06 00 00 00050001 ret ERRNO(1) 0007: 15 00 01 0000012f jeq name_to_handle_at 0008 (false 0009) 0008: 06 00 00 7fff0000 ret ALLOW 0009: 15 3e 00 0000009f jeq adjtimex 0048 (false 000a) 000a: 15 3d 00 00000131 jeq clock_adjtime 0048 (false 000b) 000b: 15 3c 00 000000e3 jeq clock_settime 0048 (false 000c) 000c: 15 3b 00 000000a4 jeq settimeofday 0048 (false 000d) 000d: 15 3a 00 0000009a jeq modify_ldt 0048 (false 000e) 000e: 15 39 00 000000d4 jeq lookup_dcookie 0048 (false 000f) 000f: 15 38 00 0000012a jeq perf_event_open 0048 (false 0010) 0010: 15 37 00 00000137 jeq process_vm_writev 0048 (false 0011) 0011: 15 36 00 000000b0 jeq delete_module 0048 (false 0012) 0012: 15 35 00 00000139 jeq finit_module 0048 (false 0013) 0013: 15 34 00 000000af jeq init_module 0048 (false 0014) 0014: 15 33 00 000000a1 jeq chroot 0048 (false 0015) 0015: 15 32 00 000000a5 jeq mount 0048 (false 0016) 0016: 15 31 00 0000009b jeq pivot_root 0048 (false 0017) 0017: 15 30 00 000000a6 jeq umount2 0048 (false 0018) 0018: 15 2f 00 0000009c jeq _sysctl 0048 (false 0019) 0019: 15 2e 00 000000b7 jeq afs_syscall 0048 (false 001a) 001a: 15 2d 00 000000ae jeq create_module 0048 (false 001b) 001b: 15 2c 00 000000b1 jeq get_kernel_syms 0048 (false 001c) 001c: 15 2b 00 000000b5 jeq getpmsg 0048 (false 001d) 001d: 15 2a 00 000000b6 jeq putpmsg 0048 (false 001e) 001e: 15 29 00 000000b2 jeq query_module 0048 (false 001f) 001f: 15 28 00 000000b9 jeq security 0048 (false 0020) 0020: 15 27 00 0000008b jeq sysfs 0048 (false 0021) 0021: 15 26 00 000000b8 jeq tuxcall 0048 (false 0022) 0022: 15 25 00 00000086 jeq uselib 0048 (false 0023) 0023: 15 24 00 00000088 jeq ustat 0048 (false 0024) 0024: 15 23 00 000000ec jeq vserver 0048 (false 0025) 0025: 15 22 00 000000ad jeq ioperm 0048 (false 0026) 0026: 15 21 00 000000ac jeq iopl 0048 (false 0027) 0027: 15 20 00 000000f6 jeq kexec_load 0048 (false 0028) 0028: 15 1f 00 00000140 jeq kexec_file_load 0048 (false 0029) 0029: 15 1e 00 000000a9 jeq reboot 0048 (false 002a) 002a: 15 1d 00 000000a7 jeq swapon 0048 (false 002b) 002b: 15 1c 00 000000a8 jeq swapoff 0048 (false 002c) 002c: 15 1b 00 00000130 jeq open_by_handle_at 0048 (false 002d) 002d: 15 1a 00 0000012f jeq name_to_handle_at 0048 (false 002e) 002e: 15 19 00 000000fb jeq ioprio_set 0048 (false 002f) 002f: 15 18 00 00000067 jeq syslog 0048 (false 0030) 0030: 15 17 00 0000012c jeq fanotify_init 0048 (false 0031) 0031: 15 16 00 000000f8 jeq add_key 0048 (false 0032) 0032: 15 15 00 000000f9 jeq request_key 0048 (false 0033) 0033: 15 14 00 000000ed jeq mbind 0048 (false 0034) 0034: 15 13 00 00000100 jeq migrate_pages 0048 (false 0035) 0035: 15 12 00 00000117 jeq move_pages 0048 (false 0036) 0036: 15 11 00 000000fa jeq keyctl 0048 (false 0037) 0037: 15 10 00 000000ce jeq io_setup 0048 (false 0038) 0038: 15 0f 00 000000cf jeq io_destroy 0048 (false 0039) 0039: 15 0e 00 000000d0 jeq io_getevents 0048 (false 003a) 003a: 15 0d 00 000000d1 jeq io_submit 0048 (false 003b) 003b: 15 0c 00 000000d2 jeq io_cancel 0048 (false 003c) 003c: 15 0b 00 000000d8 jeq remap_file_pages 0048 (false 003d) 003d: 15 0a 00 00000143 jeq userfaultfd 0048 (false 003e) 003e: 15 09 00 000000a3 jeq acct 0048 (false 003f) 003f: 15 08 00 00000141 jeq bpf 0048 (false 0040) 0040: 15 07 00 000000b4 jeq nfsservctl 0048 (false 0041) 0041: 15 06 00 000000ab jeq setdomainname 0048 (false 0042) 0042: 15 05 00 000000aa jeq sethostname 0048 (false 0043) 0043: 15 04 00 00000099 jeq vhangup 0048 (false 0044) 0044: 15 03 00 00000065 jeq ptrace 0048 (false 0045) 0045: 15 02 00 00000087 jeq personality 0048 (false 0046) 0046: 15 01 00 00000136 jeq process_vm_readv 0048 (false 0047) 0047: 06 00 00 7fff0000 ret ALLOW 0048: 06 00 00 00050001 ret ERRNO(1) seccomp filter configured Mounting read-only /run/firejail/mnt/seccomp 1759 1218 0:79 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755,inode64 mountid=1759 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs Seccomp directory: ls /run/firejail/mnt/seccomp drwxr-xr-x root root 160 . drwxr-xr-x root root 300 .. -rw-r--r-- 1000 100 584 seccomp -rw-r--r-- 1000 100 120 seccomp.block_secondary -rw-r--r-- 1000 100 127 seccomp.list -rw-r--r-- 1000 100 0 seccomp.postexec -rw-r--r-- 1000 100 0 seccomp.postexec32 -rw-r--r-- 1000 100 128 seccomp.protocol Active seccomp files: cat /run/firejail/mnt/seccomp/seccomp.list /run/firejail/mnt/seccomp/seccomp.protocol /run/firejail/mnt/seccomp/seccomp.block_secondary /run/firejail/mnt/seccomp/seccomp Create the new ld.so.preload file Blacklist violations are logged to syslog Mount the new ld.so.preload file Dropping all capabilities nogroups command not ignored noroot user namespace installed Dropping all capabilities NO_NEW_PRIVS set Drop privileges: pid 1, uid 1000, gid 100, force_nogroups 0 Warning: logind not detected, nogroups command ignored Warning: cleaning all supplementary groups Closing non-standard file descriptors Starting application LD_PRELOAD=(null) execvp argument 0: keepassxc Child process initialized in 235.61 ms Searching $PATH for keepassxc trying #/home/seonwoo/bin/keepassxc# trying #/usr/local/sbin/keepassxc# trying #/usr/local/bin/keepassxc# Installing /run/firejail/mnt/seccomp/seccomp seccomp filter Installing /run/firejail/mnt/seccomp/seccomp.block_secondary seccomp filter Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter monitoring pid 16 (keepassxc:16): dbind-WARNING **: 05:22:16.201: AT-SPI: Error retrieving accessibility bus address: org.freedesktop.DBus.Error.ServiceUnknown: org.freedesktop.DBus.Error.ServiceUnknown Qt: Session management error: Could not open network socket YubiKey: Failed to initialize USB interface. ``` </p> </details>

gitea-mirror commented 2026-05-05 09:28:29 -06:00

Author

Owner

Copy link

@rusty-snake commented on GitHub (Feb 11, 2022):

corresponding PR https://github.com/netblue30/firejail/pull/4915 to add back nou2f

This is about keepassx (no c) not keepassxc.

<!-- gh-comment-id:1035982589 --> @rusty-snake commented on GitHub (Feb 11, 2022): > corresponding PR https://github.com/netblue30/firejail/pull/4915 to add back nou2f This is about keepassx (no c) not keepassxc.

gitea-mirror commented 2026-05-05 09:28:29 -06:00

Author

Owner

Copy link

@rusty-snake commented on GitHub (Feb 11, 2022):

No idea but can use test

• ignore noinput
• ignore include whitelist-run-common.inc
• protocol netlink

<!-- gh-comment-id:1036068123 --> @rusty-snake commented on GitHub (Feb 11, 2022): No idea but can use test - `ignore noinput` - `ignore include whitelist-run-common.inc` - `protocol netlink`

gitea-mirror commented 2026-05-05 09:28:31 -06:00

Author

Owner

Copy link

@seonwoolee commented on GitHub (Feb 11, 2022):

corresponding PR #4915 to add back nou2f

This is about keepassx (no c) not keepassxc.

Oops. My bad.

No idea but can use test
* ignore noinput
* ignore include whitelist-run-common.inc
* protocol netlink

Well that's interesting. There's no YubiKey: Failed to initialize USB interface error in the terminal output, but it still fails to find my Yubikey.

<!-- gh-comment-id:1036170393 --> @seonwoolee commented on GitHub (Feb 11, 2022): > > corresponding PR #4915 to add back nou2f > > This is about keepassx (no c) not keepassxc. Oops. My bad. > No idea but can use test > * `ignore noinput` > * `ignore include whitelist-run-common.inc` > * `protocol netlink` Well that's interesting. There's no `YubiKey: Failed to initialize USB interface` error in the terminal output, but it still fails to find my Yubikey.

gitea-mirror commented 2026-05-05 09:28:32 -06:00

Author

Owner

Copy link

@rusty-snake commented on GitHub (Feb 11, 2022):

Well that's interesting. There's no YubiKey: Failed to initialize USB interface error in the terminal output, but it still fails to find my Yubikey.

With all of them? Or just one?

<!-- gh-comment-id:1036171649 --> @rusty-snake commented on GitHub (Feb 11, 2022): > Well that's interesting. There's no YubiKey: Failed to initialize USB interface error in the terminal output, but it still fails to find my Yubikey. With all of them? Or just one?

gitea-mirror commented 2026-05-05 09:28:33 -06:00

Author

Owner

Copy link

@seonwoolee commented on GitHub (Feb 11, 2022):

That was for all of them.

I just tested all possible combinations of the three options (so 3x just one of them and 3x two of them). All combinations fail. The protocol netlink is responsible for making the Yubikey: Failed to initialize USB interface message go away, but it still can't find my Yubikey

<!-- gh-comment-id:1036474769 --> @seonwoolee commented on GitHub (Feb 11, 2022): That was for all of them. I just tested all possible combinations of the three options (so 3x just one of them and 3x two of them). All combinations fail. The `protocol netlink` is responsible for making the `Yubikey: Failed to initialize USB interface` message go away, but it still can't find my Yubikey

gitea-mirror commented 2026-05-05 09:28:35 -06:00

Author

Owner

Copy link

@rusty-snake commented on GitHub (Feb 11, 2022):

Then you will need to comment the profile and uncomment it line for line to find the problematic command.

<!-- gh-comment-id:1036476865 --> @rusty-snake commented on GitHub (Feb 11, 2022): Then you will need to comment the profile and uncomment it line for line to find the problematic command.

gitea-mirror commented 2026-05-05 09:28:36 -06:00

Author

Owner

Copy link

@seonwoolee commented on GitHub (Feb 12, 2022):

So the minimal number of changes I needed to make this work was to eliminate private-dev and use protocol netlink,unix. So I have added ignore private-dev and protocol netlink,unix to my keepassxc.local

Should I open a pull request to modify the current comment about private-dev, which is

# Note: private-dev prevents the program from seeing new devices (such as
# hardware keys) on /dev after it has already started; add "ignore nou2f" to
# keepassxc.local if this is an issue (see #4883).

<!-- gh-comment-id:1036976510 --> @seonwoolee commented on GitHub (Feb 12, 2022): So the minimal number of changes I needed to make this work was to eliminate `private-dev` and use `protocol netlink,unix`. So I have added `ignore private-dev` and `protocol netlink,unix` to my `keepassxc.local` Should I open a pull request to modify the current comment about `private-dev`, which is ``` # Note: private-dev prevents the program from seeing new devices (such as # hardware keys) on /dev after it has already started; add "ignore nou2f" to # keepassxc.local if this is an issue (see #4883). ```

gitea-mirror commented 2026-05-05 09:28:37 -06:00

Author

Owner

Copy link

@rusty-snake commented on GitHub (Feb 12, 2022):

Are you really sure private-dev break the detection of you yubikeys other then descripted?

<!-- gh-comment-id:1037059710 --> @rusty-snake commented on GitHub (Feb 12, 2022): Are you really sure `private-dev` break the detection of you yubikeys other then descripted?

gitea-mirror commented 2026-05-05 09:28:38 -06:00

Author

Owner

Copy link

@seonwoolee commented on GitHub (Feb 13, 2022):

Yeah that was puzzling to me based on the current description of how private-dev is supposed to work, but I tested it multiple times and ignore private-dev is absolutely necessary for Yubikey detection and usage to work. It didn't matter if I had the Yubikey already plugged in before starting KeePassXC under firejail or if I plugged it after

<!-- gh-comment-id:1037702754 --> @seonwoolee commented on GitHub (Feb 13, 2022): Yeah that was puzzling to me based on the current description of how `private-dev` is supposed to work, but I tested it multiple times and `ignore private-dev` is absolutely necessary for Yubikey detection and usage to work. It didn't matter if I had the Yubikey already plugged in before starting KeePassXC under firejail or if I plugged it after

gitea-mirror commented 2026-05-05 09:28:39 -06:00

Author

Owner

Copy link

@kmk3 commented on GitHub (Feb 13, 2022):

@seonwoolee commented on Feb 13:

Yeah that was puzzling to me based on the current description of how
private-dev is supposed to work, but I tested it multiple times and ignore private-dev is absolutely necessary for Yubikey detection and usage to work.
It didn't matter if I had the Yubikey already plugged in before starting
KeePassXC under firejail or if I plugged it after

What does the yubikey show up as in /dev?

That is, what is the output of ls -l /dev/<yubikey>?

If it shows up as /dev/hidrawN with N > 9, this could be caused by #2723.

<!-- gh-comment-id:1037709581 --> @kmk3 commented on GitHub (Feb 13, 2022): @seonwoolee commented [on Feb 13](https://github.com/netblue30/firejail/issues/4928#issuecomment-1037702754): > Yeah that was puzzling to me based on the current description of how > `private-dev` is supposed to work, but I tested it multiple times and `ignore > private-dev` is absolutely necessary for Yubikey detection and usage to work. > It didn't matter if I had the Yubikey already plugged in before starting > KeePassXC under firejail or if I plugged it after What does the yubikey show up as in /dev? That is, what is the output of `ls -l /dev/<yubikey>`? If it shows up as `/dev/hidrawN` with N > 9, this could be caused by #2723.

gitea-mirror commented 2026-05-05 09:28:40 -06:00

Author

Owner

Copy link

@seonwoolee commented on GitHub (Feb 13, 2022):

By doing a ls /dev with and without the Yubikey plugged in, I determined the Yubikey adds /dev/hidraw1 and /dev/hidraw2. I then commented out ignore private-dev in my keepassxc.local and ran firejail --ignore=private-bin --profile=keepassxc ls -alh /dev, and /dev/hidraw1 and /dev/hidraw2 are definitely listed. So I don't understand why the heck KeePassXC can't find my Yubikey

<!-- gh-comment-id:1037716010 --> @seonwoolee commented on GitHub (Feb 13, 2022): By doing a `ls /dev` with and without the Yubikey plugged in, I determined the Yubikey adds `/dev/hidraw1` and `/dev/hidraw2`. I then commented out `ignore private-dev` in my `keepassxc.local` and ran `firejail --ignore=private-bin --profile=keepassxc ls -alh /dev`, and `/dev/hidraw1` and `/dev/hidraw2` are definitely listed. So I don't understand why the heck KeePassXC can't find my Yubikey

gitea-mirror commented 2026-05-05 09:28:40 -06:00

Author

Owner

Copy link

@kmk3 commented on GitHub (Feb 13, 2022):

@seonwoolee commented on Feb 13:

Some follow up:

By doing a ls /dev with and without the Yubikey plugged in, I determined
the Yubikey adds /dev/hidraw1 and /dev/hidraw2.

What are their permissions and the user:group owners outside/inside the
sandbox?

I then commented out ignore private-dev in my keepassxc.local and ran
firejail --ignore=private-bin --profile=keepassxc ls -alh /dev, and
/dev/hidraw1 and /dev/hidraw2 are definitely listed. So I don't
understand why the heck KeePassXC can't find my Yubikey

<!-- gh-comment-id:1037718743 --> @kmk3 commented on GitHub (Feb 13, 2022): @seonwoolee commented [on Feb 13](https://github.com/netblue30/firejail/issues/4928#issuecomment-1037716010): > Some follow up: > > By doing a `ls /dev` with and without the Yubikey plugged in, I determined > the Yubikey adds `/dev/hidraw1` and `/dev/hidraw2`. What are their permissions and the user:group owners outside/inside the sandbox? > I then commented out `ignore private-dev` in my `keepassxc.local` and ran > `firejail --ignore=private-bin --profile=keepassxc ls -alh /dev`, and > `/dev/hidraw1` and `/dev/hidraw2` are definitely listed. So I don't > understand why the heck KeePassXC can't find my Yubikey

gitea-mirror commented 2026-05-05 09:28:41 -06:00

Author

Owner

Copy link

@seonwoolee commented on GitHub (Feb 13, 2022):

Outside the sandbox

crw-rw----+ 1 root root 240, 1 Feb 12 22:21 /dev/hidraw1
crw-rw----+ 1 root root 240, 2 Feb 12 22:12 /dev/hidraw2

Inside the sandbox, run as normal user

crw-rw----+  1 65534 65534 240, 1 Feb 13 03:21 hidraw1
crw-rw----+  1 65534 65534 240, 2 Feb 13 03:12 hidraw2

I tried sudo firejail --ignore=private-bin --profile=keepassxc ls -alh /dev and I get

crw-rw----+  1    0 0 240, 1 Feb 13 03:21 hidraw1
crw-rw----+  1    0 0 240, 2 Feb 13 03:12 hidraw2

Just for fun I tried sudo firejail keepassxc but I get

qt.qpa.xcb: could not connect to display :0.0
qt.qpa.plugin: Could not load the Qt platform plugin "xcb" in "" even though it was found.

<!-- gh-comment-id:1037721276 --> @seonwoolee commented on GitHub (Feb 13, 2022): Outside the sandbox ``` crw-rw----+ 1 root root 240, 1 Feb 12 22:21 /dev/hidraw1 crw-rw----+ 1 root root 240, 2 Feb 12 22:12 /dev/hidraw2 ``` Inside the sandbox, run as normal user ``` crw-rw----+ 1 65534 65534 240, 1 Feb 13 03:21 hidraw1 crw-rw----+ 1 65534 65534 240, 2 Feb 13 03:12 hidraw2 ``` I tried `sudo firejail --ignore=private-bin --profile=keepassxc ls -alh /dev` and I get ``` crw-rw----+ 1 0 0 240, 1 Feb 13 03:21 hidraw1 crw-rw----+ 1 0 0 240, 2 Feb 13 03:12 hidraw2 ``` Just for fun I tried `sudo firejail keepassxc` but I get ``` qt.qpa.xcb: could not connect to display :0.0 qt.qpa.plugin: Could not load the Qt platform plugin "xcb" in "" even though it was found. ```

gitea-mirror commented 2026-05-05 09:28:42 -06:00

Author

Owner

Copy link

@seonwoolee commented on GitHub (Feb 17, 2022):

@kmk3 any thoughts?

<!-- gh-comment-id:1042492023 --> @seonwoolee commented on GitHub (Feb 17, 2022): @kmk3 any thoughts?

gitea-mirror commented 2026-05-05 09:28:43 -06:00

Author

Owner

Copy link

@kmk3 commented on GitHub (Feb 18, 2022):

@seonwoolee commented on Feb 13:

Outside the sandbox

crw-rw----+ 1 root root 240, 1 Feb 12 22:21 /dev/hidraw1
crw-rw----+ 1 root root 240, 2 Feb 12 22:12 /dev/hidraw2

Inside the sandbox, run as normal user

crw-rw----+  1 65534 65534 240, 1 Feb 13 03:21 hidraw1
crw-rw----+  1 65534 65534 240, 2 Feb 13 03:12 hidraw2

65534:65534 is probably because of noroot (root -> nobody) + private-etc
(numeric output).

To clarify the ACLs now, based on a similar previous attempt from this comment:

• https://github.com/netblue30/firejail/issues/3644#issuecomment-988523518

What is the output of running the code below?

getfacl /dev/hidraw1 /dev/hidraw2
udevadm info /dev/hidraw1 | grep SUBSYSTEM
echo
udevadm info /dev/hidraw2 | grep SUBSYSTEM
udevadm test "$(udevadm info --query=path --name=/dev/hidraw1)" 2>&1 |
  grep -e GROUP -e MODE

udevadm test "$(udevadm info --query=path --name=/dev/hidraw2)" 2>&1 |
  grep -e GROUP -e MODE

checkudevgroups() {
    gids="$(udevadm test "$(udevadm info --query=path --name="$1")" 2>&1 |
    grep GROUP | rev | cut -f 1 -d ' ' | rev | tr '\n' ' ')"
    printf 'udev gids for %s: %s\n' "$1" "$gids"
    printf 'udev groups for %s: ' "$1"
    printf '%s\n' "$gids" | while read -r gid
    do
        getent group "$gid" | cut -f 1 -d :
    done | tr '\n' ' '
    echo
    test -z "$gids" && return 1
}

checkudevgroups /dev/hidraw1
checkudevgroups /dev/hidraw2

I tried sudo firejail --ignore=private-bin --profile=keepassxc ls -alh /dev
and I get

crw-rw----+  1    0 0 240, 1 Feb 13 03:21 hidraw1
crw-rw----+  1    0 0 240, 2 Feb 13 03:12 hidraw2

0:0 is probably because noroot does not apply when running as root. Also,
private-bin should only affect /bin, /usr/bin, etc.

Just for fun I tried sudo firejail keepassxc but I get

qt.qpa.xcb: could not connect to display :0.0
qt.qpa.plugin: Could not load the Qt platform plugin "xcb" in "" even though it was found.

<!-- gh-comment-id:1045367040 --> @kmk3 commented on GitHub (Feb 18, 2022): @seonwoolee commented [on Feb 13](https://github.com/netblue30/firejail/issues/4928#issuecomment-1037721276): > Outside the sandbox > > ``` > crw-rw----+ 1 root root 240, 1 Feb 12 22:21 /dev/hidraw1 > crw-rw----+ 1 root root 240, 2 Feb 12 22:12 /dev/hidraw2 > ``` > > Inside the sandbox, run as normal user > > ``` > crw-rw----+ 1 65534 65534 240, 1 Feb 13 03:21 hidraw1 > crw-rw----+ 1 65534 65534 240, 2 Feb 13 03:12 hidraw2 > ``` 65534:65534 is probably because of `noroot` (root -> nobody) + `private-etc` (numeric output). To clarify the ACLs now, based on a similar previous attempt from this comment: * <https://github.com/netblue30/firejail/issues/3644#issuecomment-988523518> What is the output of running the code below? ```sh getfacl /dev/hidraw1 /dev/hidraw2 udevadm info /dev/hidraw1 | grep SUBSYSTEM echo udevadm info /dev/hidraw2 | grep SUBSYSTEM udevadm test "$(udevadm info --query=path --name=/dev/hidraw1)" 2>&1 | grep -e GROUP -e MODE udevadm test "$(udevadm info --query=path --name=/dev/hidraw2)" 2>&1 | grep -e GROUP -e MODE checkudevgroups() { gids="$(udevadm test "$(udevadm info --query=path --name="$1")" 2>&1 | grep GROUP | rev | cut -f 1 -d ' ' | rev | tr '\n' ' ')" printf 'udev gids for %s: %s\n' "$1" "$gids" printf 'udev groups for %s: ' "$1" printf '%s\n' "$gids" | while read -r gid do getent group "$gid" | cut -f 1 -d : done | tr '\n' ' ' echo test -z "$gids" && return 1 } checkudevgroups /dev/hidraw1 checkudevgroups /dev/hidraw2 ``` > I tried `sudo firejail --ignore=private-bin --profile=keepassxc ls -alh /dev` > and I get > > ``` > crw-rw----+ 1 0 0 240, 1 Feb 13 03:21 hidraw1 > crw-rw----+ 1 0 0 240, 2 Feb 13 03:12 hidraw2 > ``` 0:0 is probably because `noroot` does not apply when running as root. Also, `private-bin` should only affect /bin, /usr/bin, etc. > Just for fun I tried `sudo firejail keepassxc` but I get > > ``` > qt.qpa.xcb: could not connect to display :0.0 > qt.qpa.plugin: Could not load the Qt platform plugin "xcb" in "" even though it was found. > ```

gitea-mirror commented 2026-05-05 09:28:43 -06:00

Author

Owner

Copy link

@seonwoolee commented on GitHub (Feb 19, 2022):

@kmk3

What is the output of running the code below?

I had to change the hid IDs because they changed across the reboot, but here's what I get

getfacl: Removing leading '/' from absolute path names
# file: dev/hidraw6
# owner: root
# group: root
user::rw-
user:seonwoo:rw-
group::---
mask::rw-
other::---

# file: dev/hidraw7
# owner: root
# group: root
user::rw-
user:seonwoo:rw-
group::---
mask::rw-
other::---

E: SUBSYSTEM=hidraw

E: SUBSYSTEM=hidraw
udev gids for /dev/hidraw6: 
udev groups for /dev/hidraw6: 
udev gids for /dev/hidraw7: 
udev groups for /dev/hidraw7: 

You checkudevgroups function doesn't work as intended. There is no line with "GROUP" in the output of udevadm test "$(udevadm info --query=path --name="$1")".

Here's the output of that command, as root

This program is for debugging only, it does not run any program
specified by a RUN key. It may show incorrect results, because
some values may be different, or not available at a simulation run.

Trying to open "/etc/systemd/hwdb/hwdb.bin"...
Trying to open "/etc/udev/hwdb.bin"...
=== trie on-disk ===
tool version:          250
file size:        11786480 bytes
header size             80 bytes
strings            2410280 bytes
nodes              9376120 bytes
Load module index
Found cgroup2 on /sys/fs/cgroup/, full unified hierarchy
Found container virtualization none.
Loaded timestamp for '/etc/systemd/network'.
Loaded timestamp for '/usr/lib/systemd/network'.
Parsed configuration file /usr/lib/systemd/network/99-default.link
Created link configuration context.
Loaded timestamp for '/etc/udev/rules.d'.
Loaded timestamp for '/usr/lib/udev/rules.d'.
Reading rules file: /usr/lib/udev/rules.d/01-md-raid-creating.rules
Reading rules file: /usr/lib/udev/rules.d/10-dm.rules
Reading rules file: /usr/lib/udev/rules.d/11-dm-lvm.rules
Reading rules file: /usr/lib/udev/rules.d/13-dm-disk.rules
Reading rules file: /usr/lib/udev/rules.d/40-gphoto.rules
Reading rules file: /usr/lib/udev/rules.d/40-usb_modeswitch.rules
Reading rules file: /usr/lib/udev/rules.d/50-udev-default.rules
Reading rules file: /usr/lib/udev/rules.d/51-android.rules
Reading rules file: /usr/lib/udev/rules.d/60-autosuspend.rules
Reading rules file: /usr/lib/udev/rules.d/60-block.rules
Reading rules file: /usr/lib/udev/rules.d/60-cdrom_id.rules
Reading rules file: /usr/lib/udev/rules.d/60-drm.rules
Reading rules file: /usr/lib/udev/rules.d/60-evdev.rules
Reading rules file: /usr/lib/udev/rules.d/60-fido-id.rules
Reading rules file: /usr/lib/udev/rules.d/60-input-id.rules
Reading rules file: /usr/lib/udev/rules.d/60-nvidia-470xx.rules
Reading rules file: /usr/lib/udev/rules.d/60-persistent-alsa.rules
Reading rules file: /usr/lib/udev/rules.d/60-persistent-input.rules
Reading rules file: /usr/lib/udev/rules.d/60-persistent-storage-tape.rules
Reading rules file: /usr/lib/udev/rules.d/60-persistent-storage.rules
Reading rules file: /usr/lib/udev/rules.d/60-persistent-v4l.rules
Reading rules file: /usr/lib/udev/rules.d/60-rfkill.rules
Reading rules file: /etc/udev/rules.d/60-schedulers.rules
Reading rules file: /usr/lib/udev/rules.d/60-sensor.rules
Reading rules file: /usr/lib/udev/rules.d/60-serial.rules
Reading rules file: /usr/lib/udev/rules.d/60-vboxdrv.rules
Reading rules file: /usr/lib/udev/rules.d/60-zvol.rules
Reading rules file: /usr/lib/udev/rules.d/63-md-raid-arrays.rules
Reading rules file: /usr/lib/udev/rules.d/64-btrfs-dm.rules
Reading rules file: /usr/lib/udev/rules.d/64-btrfs-zoned.rules
Reading rules file: /usr/lib/udev/rules.d/64-btrfs.rules
Reading rules file: /usr/lib/udev/rules.d/64-md-raid-assembly.rules
Reading rules file: /usr/lib/udev/rules.d/65-libwacom.rules
Reading rules file: /usr/lib/udev/rules.d/65-sane.rules
Reading rules file: /usr/lib/udev/rules.d/66-saned.rules
Reading rules file: /usr/lib/udev/rules.d/69-cd-sensors.rules
Reading rules file: /usr/lib/udev/rules.d/69-dm-lvm.rules
Reading rules file: /usr/lib/udev/rules.d/69-libmtp.rules
Reading rules file: /usr/lib/udev/rules.d/69-md-clustered-confirm-device.rules
Reading rules file: /usr/lib/udev/rules.d/69-vdev.rules
Reading rules file: /usr/lib/udev/rules.d/69-yubikey.rules
Reading rules file: /usr/lib/udev/rules.d/70-camera.rules
Reading rules file: /usr/lib/udev/rules.d/70-infrared.rules
Reading rules file: /usr/lib/udev/rules.d/70-joystick.rules
Reading rules file: /usr/lib/udev/rules.d/70-memory.rules
Reading rules file: /usr/lib/udev/rules.d/70-mouse.rules
Reading rules file: /usr/lib/udev/rules.d/70-power-switch.rules
Reading rules file: /usr/lib/udev/rules.d/70-steam-input.rules
Reading rules file: /usr/lib/udev/rules.d/70-steam-vr.rules
Reading rules file: /usr/lib/udev/rules.d/70-touchpad.rules
Reading rules file: /usr/lib/udev/rules.d/70-uaccess.rules
Reading rules file: /usr/lib/udev/rules.d/71-seat.rules
Reading rules file: /usr/lib/udev/rules.d/71-xpra-virtual-pointer.rules
Reading rules file: /usr/lib/udev/rules.d/73-seat-late.rules
Reading rules file: /usr/lib/udev/rules.d/75-net-description.rules
Reading rules file: /usr/lib/udev/rules.d/75-probe_mtd.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-broadmobi-port-types.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-cinterion-port-types.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-dell-port-types.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-dlink-port-types.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-ericsson-mbm.rules
Configuration file /usr/lib/udev/rules.d/77-mm-fibocom-port-types.rules is marked executable. Please remove executable permission bits. Proceeding anyway.
Reading rules file: /usr/lib/udev/rules.d/77-mm-fibocom-port-types.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-foxconn-port-types.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-gosuncn-port-types.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-haier-port-types.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-huawei-net-port-types.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-longcheer-port-types.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-mtk-port-types.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-nokia-port-types.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-quectel-port-types.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-sierra.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-simtech-port-types.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-telit-port-types.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-tplink-port-types.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-ublox-port-types.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-x22x-port-types.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-zte-port-types.rules
Reading rules file: /usr/lib/udev/rules.d/78-sound-card.rules
Reading rules file: /usr/lib/udev/rules.d/80-drivers.rules
Reading rules file: /usr/lib/udev/rules.d/80-libinput-device-groups.rules
Reading rules file: /usr/lib/udev/rules.d/80-mm-candidate.rules
Reading rules file: /usr/lib/udev/rules.d/80-net-setup-link.rules
Reading rules file: /usr/lib/udev/rules.d/80-udisks2.rules
Reading rules file: /usr/lib/udev/rules.d/81-net-dhcp.rules
Reading rules file: /usr/lib/udev/rules.d/85-regulatory.rules
Reading rules file: /usr/lib/udev/rules.d/90-alsa-restore.rules
Reading rules file: /usr/lib/udev/rules.d/90-daxctl-device.rules
Reading rules file: /usr/lib/udev/rules.d/90-libinput-fuzz-override.rules
Reading rules file: /usr/lib/udev/rules.d/90-pipewire-alsa.rules
Reading rules file: /usr/lib/udev/rules.d/90-udisks2-zram.rules
Reading rules file: /usr/lib/udev/rules.d/90-vconsole.rules
Reading rules file: /usr/lib/udev/rules.d/90-zfs.rules
Reading rules file: /usr/lib/udev/rules.d/92_pcscd_ccid.rules
Reading rules file: /usr/lib/udev/rules.d/95-cd-devices.rules
Reading rules file: /usr/lib/udev/rules.d/95-dm-notify.rules
Reading rules file: /usr/lib/udev/rules.d/96-e2scrub.rules
Reading rules file: /usr/lib/udev/rules.d/97-hid2hci.rules
Reading rules file: /usr/lib/udev/rules.d/99-fuse.rules
Reading rules file: /usr/lib/udev/rules.d/99-fuse3.rules
Reading rules file: /usr/lib/udev/rules.d/99-systemd.rules
Reading rules file: /etc/udev/rules.d/99-zram.rules
hidraw6: /usr/lib/udev/rules.d/60-fido-id.rules:5 Importing properties from results of 'fido_id'
hidraw6: Starting 'fido_id'
Successfully forked off '(spawn)' as PID 3001480.
hidraw6: 'fido_id'(err) 'Failed to get current device from environment: Invalid argument'
hidraw6: Process 'fido_id' failed with exit code 1.
hidraw6: /usr/lib/udev/rules.d/60-fido-id.rules:5 Command "fido_id" returned 1 (error), ignoring
hidraw6: /usr/lib/udev/rules.d/71-seat.rules:74 Importing properties from results of builtin command 'path_id'
hidraw6: /usr/lib/udev/rules.d/73-seat-late.rules:16 RUN 'uaccess'
hidraw6: Preserve permissions of /dev/hidraw6, uid=0, gid=0, mode=0660
hidraw6: Handling device node '/dev/hidraw6', devnum=c240:6
hidraw6: sd-device: Created db file '/run/udev/data/c240:6' for '/devices/pci0000:00/0000:00:14.0/usb3/3-13/3-13.3/3-13.3:1.0/0003:1050:0407.0050/hidraw/hidraw6'
DEVPATH=/devices/pci0000:00/0000:00:14.0/usb3/3-13/3-13.3/3-13.3:1.0/0003:1050:0407.0050/hidraw/hidraw6
DEVNAME=/dev/hidraw6
MAJOR=240
MINOR=6
ACTION=add
SUBSYSTEM=hidraw
TAGS=:uaccess:seat:
ID_SECURITY_TOKEN=1
CURRENT_TAGS=:seat:uaccess:
ID_PATH=pci-0000:00:14.0-usb-0:13.3:1.0
ID_PATH_TAG=pci-0000_00_14_0-usb-0_13_3_1_0
ID_FOR_SEAT=hidraw-pci-0000_00_14_0-usb-0_13_3_1_0
USEC_INITIALIZED=278903252053
run: 'uaccess'
Unload module index
Unloaded link configuration context.

<!-- gh-comment-id:1045931840 --> @seonwoolee commented on GitHub (Feb 19, 2022): @kmk3 > What is the output of running the code below? I had to change the hid IDs because they changed across the reboot, but here's what I get ``` getfacl: Removing leading '/' from absolute path names # file: dev/hidraw6 # owner: root # group: root user::rw- user:seonwoo:rw- group::--- mask::rw- other::--- # file: dev/hidraw7 # owner: root # group: root user::rw- user:seonwoo:rw- group::--- mask::rw- other::--- E: SUBSYSTEM=hidraw E: SUBSYSTEM=hidraw udev gids for /dev/hidraw6: udev groups for /dev/hidraw6: udev gids for /dev/hidraw7: udev groups for /dev/hidraw7: ``` You checkudevgroups function doesn't work as intended. There is no line with "GROUP" in the output of `udevadm test "$(udevadm info --query=path --name="$1")"`. <details> <summary> Here's the output of that command, as root </summary> <p> ``` This program is for debugging only, it does not run any program specified by a RUN key. It may show incorrect results, because some values may be different, or not available at a simulation run. Trying to open "/etc/systemd/hwdb/hwdb.bin"... Trying to open "/etc/udev/hwdb.bin"... === trie on-disk === tool version: 250 file size: 11786480 bytes header size 80 bytes strings 2410280 bytes nodes 9376120 bytes Load module index Found cgroup2 on /sys/fs/cgroup/, full unified hierarchy Found container virtualization none. Loaded timestamp for '/etc/systemd/network'. Loaded timestamp for '/usr/lib/systemd/network'. Parsed configuration file /usr/lib/systemd/network/99-default.link Created link configuration context. Loaded timestamp for '/etc/udev/rules.d'. Loaded timestamp for '/usr/lib/udev/rules.d'. Reading rules file: /usr/lib/udev/rules.d/01-md-raid-creating.rules Reading rules file: /usr/lib/udev/rules.d/10-dm.rules Reading rules file: /usr/lib/udev/rules.d/11-dm-lvm.rules Reading rules file: /usr/lib/udev/rules.d/13-dm-disk.rules Reading rules file: /usr/lib/udev/rules.d/40-gphoto.rules Reading rules file: /usr/lib/udev/rules.d/40-usb_modeswitch.rules Reading rules file: /usr/lib/udev/rules.d/50-udev-default.rules Reading rules file: /usr/lib/udev/rules.d/51-android.rules Reading rules file: /usr/lib/udev/rules.d/60-autosuspend.rules Reading rules file: /usr/lib/udev/rules.d/60-block.rules Reading rules file: /usr/lib/udev/rules.d/60-cdrom_id.rules Reading rules file: /usr/lib/udev/rules.d/60-drm.rules Reading rules file: /usr/lib/udev/rules.d/60-evdev.rules Reading rules file: /usr/lib/udev/rules.d/60-fido-id.rules Reading rules file: /usr/lib/udev/rules.d/60-input-id.rules Reading rules file: /usr/lib/udev/rules.d/60-nvidia-470xx.rules Reading rules file: /usr/lib/udev/rules.d/60-persistent-alsa.rules Reading rules file: /usr/lib/udev/rules.d/60-persistent-input.rules Reading rules file: /usr/lib/udev/rules.d/60-persistent-storage-tape.rules Reading rules file: /usr/lib/udev/rules.d/60-persistent-storage.rules Reading rules file: /usr/lib/udev/rules.d/60-persistent-v4l.rules Reading rules file: /usr/lib/udev/rules.d/60-rfkill.rules Reading rules file: /etc/udev/rules.d/60-schedulers.rules Reading rules file: /usr/lib/udev/rules.d/60-sensor.rules Reading rules file: /usr/lib/udev/rules.d/60-serial.rules Reading rules file: /usr/lib/udev/rules.d/60-vboxdrv.rules Reading rules file: /usr/lib/udev/rules.d/60-zvol.rules Reading rules file: /usr/lib/udev/rules.d/63-md-raid-arrays.rules Reading rules file: /usr/lib/udev/rules.d/64-btrfs-dm.rules Reading rules file: /usr/lib/udev/rules.d/64-btrfs-zoned.rules Reading rules file: /usr/lib/udev/rules.d/64-btrfs.rules Reading rules file: /usr/lib/udev/rules.d/64-md-raid-assembly.rules Reading rules file: /usr/lib/udev/rules.d/65-libwacom.rules Reading rules file: /usr/lib/udev/rules.d/65-sane.rules Reading rules file: /usr/lib/udev/rules.d/66-saned.rules Reading rules file: /usr/lib/udev/rules.d/69-cd-sensors.rules Reading rules file: /usr/lib/udev/rules.d/69-dm-lvm.rules Reading rules file: /usr/lib/udev/rules.d/69-libmtp.rules Reading rules file: /usr/lib/udev/rules.d/69-md-clustered-confirm-device.rules Reading rules file: /usr/lib/udev/rules.d/69-vdev.rules Reading rules file: /usr/lib/udev/rules.d/69-yubikey.rules Reading rules file: /usr/lib/udev/rules.d/70-camera.rules Reading rules file: /usr/lib/udev/rules.d/70-infrared.rules Reading rules file: /usr/lib/udev/rules.d/70-joystick.rules Reading rules file: /usr/lib/udev/rules.d/70-memory.rules Reading rules file: /usr/lib/udev/rules.d/70-mouse.rules Reading rules file: /usr/lib/udev/rules.d/70-power-switch.rules Reading rules file: /usr/lib/udev/rules.d/70-steam-input.rules Reading rules file: /usr/lib/udev/rules.d/70-steam-vr.rules Reading rules file: /usr/lib/udev/rules.d/70-touchpad.rules Reading rules file: /usr/lib/udev/rules.d/70-uaccess.rules Reading rules file: /usr/lib/udev/rules.d/71-seat.rules Reading rules file: /usr/lib/udev/rules.d/71-xpra-virtual-pointer.rules Reading rules file: /usr/lib/udev/rules.d/73-seat-late.rules Reading rules file: /usr/lib/udev/rules.d/75-net-description.rules Reading rules file: /usr/lib/udev/rules.d/75-probe_mtd.rules Reading rules file: /usr/lib/udev/rules.d/77-mm-broadmobi-port-types.rules Reading rules file: /usr/lib/udev/rules.d/77-mm-cinterion-port-types.rules Reading rules file: /usr/lib/udev/rules.d/77-mm-dell-port-types.rules Reading rules file: /usr/lib/udev/rules.d/77-mm-dlink-port-types.rules Reading rules file: /usr/lib/udev/rules.d/77-mm-ericsson-mbm.rules Configuration file /usr/lib/udev/rules.d/77-mm-fibocom-port-types.rules is marked executable. Please remove executable permission bits. Proceeding anyway. Reading rules file: /usr/lib/udev/rules.d/77-mm-fibocom-port-types.rules Reading rules file: /usr/lib/udev/rules.d/77-mm-foxconn-port-types.rules Reading rules file: /usr/lib/udev/rules.d/77-mm-gosuncn-port-types.rules Reading rules file: /usr/lib/udev/rules.d/77-mm-haier-port-types.rules Reading rules file: /usr/lib/udev/rules.d/77-mm-huawei-net-port-types.rules Reading rules file: /usr/lib/udev/rules.d/77-mm-longcheer-port-types.rules Reading rules file: /usr/lib/udev/rules.d/77-mm-mtk-port-types.rules Reading rules file: /usr/lib/udev/rules.d/77-mm-nokia-port-types.rules Reading rules file: /usr/lib/udev/rules.d/77-mm-quectel-port-types.rules Reading rules file: /usr/lib/udev/rules.d/77-mm-sierra.rules Reading rules file: /usr/lib/udev/rules.d/77-mm-simtech-port-types.rules Reading rules file: /usr/lib/udev/rules.d/77-mm-telit-port-types.rules Reading rules file: /usr/lib/udev/rules.d/77-mm-tplink-port-types.rules Reading rules file: /usr/lib/udev/rules.d/77-mm-ublox-port-types.rules Reading rules file: /usr/lib/udev/rules.d/77-mm-x22x-port-types.rules Reading rules file: /usr/lib/udev/rules.d/77-mm-zte-port-types.rules Reading rules file: /usr/lib/udev/rules.d/78-sound-card.rules Reading rules file: /usr/lib/udev/rules.d/80-drivers.rules Reading rules file: /usr/lib/udev/rules.d/80-libinput-device-groups.rules Reading rules file: /usr/lib/udev/rules.d/80-mm-candidate.rules Reading rules file: /usr/lib/udev/rules.d/80-net-setup-link.rules Reading rules file: /usr/lib/udev/rules.d/80-udisks2.rules Reading rules file: /usr/lib/udev/rules.d/81-net-dhcp.rules Reading rules file: /usr/lib/udev/rules.d/85-regulatory.rules Reading rules file: /usr/lib/udev/rules.d/90-alsa-restore.rules Reading rules file: /usr/lib/udev/rules.d/90-daxctl-device.rules Reading rules file: /usr/lib/udev/rules.d/90-libinput-fuzz-override.rules Reading rules file: /usr/lib/udev/rules.d/90-pipewire-alsa.rules Reading rules file: /usr/lib/udev/rules.d/90-udisks2-zram.rules Reading rules file: /usr/lib/udev/rules.d/90-vconsole.rules Reading rules file: /usr/lib/udev/rules.d/90-zfs.rules Reading rules file: /usr/lib/udev/rules.d/92_pcscd_ccid.rules Reading rules file: /usr/lib/udev/rules.d/95-cd-devices.rules Reading rules file: /usr/lib/udev/rules.d/95-dm-notify.rules Reading rules file: /usr/lib/udev/rules.d/96-e2scrub.rules Reading rules file: /usr/lib/udev/rules.d/97-hid2hci.rules Reading rules file: /usr/lib/udev/rules.d/99-fuse.rules Reading rules file: /usr/lib/udev/rules.d/99-fuse3.rules Reading rules file: /usr/lib/udev/rules.d/99-systemd.rules Reading rules file: /etc/udev/rules.d/99-zram.rules hidraw6: /usr/lib/udev/rules.d/60-fido-id.rules:5 Importing properties from results of 'fido_id' hidraw6: Starting 'fido_id' Successfully forked off '(spawn)' as PID 3001480. hidraw6: 'fido_id'(err) 'Failed to get current device from environment: Invalid argument' hidraw6: Process 'fido_id' failed with exit code 1. hidraw6: /usr/lib/udev/rules.d/60-fido-id.rules:5 Command "fido_id" returned 1 (error), ignoring hidraw6: /usr/lib/udev/rules.d/71-seat.rules:74 Importing properties from results of builtin command 'path_id' hidraw6: /usr/lib/udev/rules.d/73-seat-late.rules:16 RUN 'uaccess' hidraw6: Preserve permissions of /dev/hidraw6, uid=0, gid=0, mode=0660 hidraw6: Handling device node '/dev/hidraw6', devnum=c240:6 hidraw6: sd-device: Created db file '/run/udev/data/c240:6' for '/devices/pci0000:00/0000:00:14.0/usb3/3-13/3-13.3/3-13.3:1.0/0003:1050:0407.0050/hidraw/hidraw6' DEVPATH=/devices/pci0000:00/0000:00:14.0/usb3/3-13/3-13.3/3-13.3:1.0/0003:1050:0407.0050/hidraw/hidraw6 DEVNAME=/dev/hidraw6 MAJOR=240 MINOR=6 ACTION=add SUBSYSTEM=hidraw TAGS=:uaccess:seat: ID_SECURITY_TOKEN=1 CURRENT_TAGS=:seat:uaccess: ID_PATH=pci-0000:00:14.0-usb-0:13.3:1.0 ID_PATH_TAG=pci-0000_00_14_0-usb-0_13_3_1_0 ID_FOR_SEAT=hidraw-pci-0000_00_14_0-usb-0_13_3_1_0 USEC_INITIALIZED=278903252053 run: 'uaccess' Unload module index Unloaded link configuration context. ``` </p> </details>

gitea-mirror commented 2026-05-05 09:28:44 -06:00

Author

Owner

Copy link

@DatAres37 commented on GitHub (May 15, 2022):

I can confirm it works with ignore nou2f, ignore private-dev, protocol netlink,unix, but it doesn't work if you pull the key while KeepassXC is open and plug it back in unfortunately.

<!-- gh-comment-id:1126971229 --> @DatAres37 commented on GitHub (May 15, 2022): I can confirm it works with `ignore nou2f, ignore private-dev, protocol netlink,unix`, but it doesn't work if you pull the key while KeepassXC is open and plug it back in unfortunately.

gitea-mirror commented 2026-05-05 09:28:44 -06:00

Author

Owner

Copy link

@andreystepanov commented on GitHub (Jan 19, 2023):

I can confirm it works with ignore nou2f, ignore private-dev, protocol netlink,unix, but it doesn't work if you pull the key while KeepassXC is open and plug it back in unfortunately.

I'm having the same issue

<!-- gh-comment-id:1396937302 --> @andreystepanov commented on GitHub (Jan 19, 2023): > I can confirm it works with `ignore nou2f, ignore private-dev, protocol netlink,unix`, but it doesn't work if you pull the key while KeepassXC is open and plug it back in unfortunately. I'm having the same issue

gitea-mirror commented 2026-05-05 09:28:45 -06:00

Author

Owner

Copy link

@haplo commented on GitHub (Jan 16, 2024):

I was having the same issue (but with an Onlykey) and it worked with ignore private-dev plus protocol netlink.

<!-- gh-comment-id:1893574655 --> @haplo commented on GitHub (Jan 16, 2024): I was having the same issue (but with an Onlykey) and it worked with `ignore private-dev` plus `protocol netlink`.

gitea-mirror commented 2026-05-05 09:28:45 -06:00

Author

Owner

Copy link

@sashee commented on GitHub (Mar 30, 2024):

If I start keepassxc with this command then Yubikey works and it also detects when it is inserted/removed:

firejail --ignore="private-dev" --protocol=unix,netlink --ignore="net" keepassxc

<!-- gh-comment-id:2028004994 --> @sashee commented on GitHub (Mar 30, 2024): If I start keepassxc with this command then Yubikey works and it also detects when it is inserted/removed: ``` firejail --ignore="private-dev" --protocol=unix,netlink --ignore="net" keepassxc ```

gitea-mirror referenced this issue 2026-05-05 10:22:05 -06:00

[PR #2822] [MERGED] Unbreak gconf-editor #4542

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

serialize_remounts_v2

landlock_v4

landlock

release-0.9.64

release-0.9.62

gitlab_ci

LTSbase

fred_ctests

docs

0.9.80

0.9.80-rc1

0.9.78

0.9.76

0.9.76-rc4

0.9.76-rc3

0.9.76-rc2

0.9.76-rc1

0.9.74

landlock-split

0.9.72

0.9.72rc1

0.9.70

0.9.68

0.9.68rc1

0.9.66

0.9.66rc1

0.9.64.4

0.9.64.2

0.9.64

0.9.64rc1

0.9.62.4

0.9.62.2

0.9.62

0.9.56.2-LTS

0.9.60

0.9.60-rc1

0.9.58.2

0.9.58

0.9.58-rc1

0.9.56-LTS-release

0.9.56-LTS

0.9.56

0.9.56-rc1

0.9.54

0.9.54-rc2

0.9.54-rc1

0.9.52

0.9.38.12

0.9.50

0.9.50-rc1

0.9.48

0.9.46

0.9.46-rc1

0.9.44.10

0.9.44.8

0.9.44.6

0.9.38.10

0.9.44.4

0.9.38.8

0.9.44.2

0.9.44

0.9.44-rc1

0.9.38.4

0.9.42

0.9.42-rc2

0.9.38.2

0.9.42-rc1

disable-globalcfg

0.9.40

0.9.40-rc1

0.9.38

0.9.38-rc1

0.9.36

0.9.36-rc1

0.9.34

0.9.34-rc1

0.9.32

0.9.32-rc1

0.9.30

0.9.30-rc1

Labels

Clear labels   

LTS merge

  

LTS merge

  

bug

  

bug

  

converted-to-discussion

  

doc-todo

  

documentation

  

duplicate

  

enhancement

  

file-transfer

  

firecfg

  

firejail-in-firejail

  

firetools

  

graphics

  

help wanted

  

information_old

  

installation

  

invalid

  

modif

  

moved

  

needinfo

  

networking

  

notabug

  

notourbug

  

old-version

  

overlayfs

  

packaging

  

profile-request

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question_old

  

removal

  

runtime-permissions

  

sandbox-ipc

  

security

  

stale

  

wiki

  

wiki

  

wontfix

  

wordpress

  

workaround

No labels

LTS merge

LTS merge

bug

bug

converted-to-discussion

doc-todo

documentation

duplicate

enhancement

file-transfer

firecfg

firejail-in-firejail

firetools

graphics

help wanted

information_old

installation

invalid

modif

moved

needinfo

networking

notabug

notourbug

old-version

overlayfs

packaging

profile-request

pull-request

question

question_old

removal

runtime-permissions

sandbox-ipc

security

stale

wiki

wiki

wontfix

wordpress

workaround

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2822

No description provided.