[GH-ISSUE #5012] vscode: cannot access own config directory (whitelisting issue) #2855

New issue

Closed

opened 2026-05-05 09:30:29 -06:00 by gitea-mirror · 3 comments

gitea-mirror commented 2026-05-05 09:30:29 -06:00

Owner

Copy link

Originally created by @Gerenuk on GitHub (Mar 5, 2022).
Original GitHub issue: https://github.com/netblue30/firejail/issues/5012

Description

Running visual studio code seems to have important directories inaccessible unless the home directory is explicitely whitelisted.

Steps to Reproduce

I'm running firejail /usr/bin/code --no-sandbox --unity-launch as these options for code were already preconfigured by the usual desktop link. Without --no-sandbox it would not start.

Expected behavior

It should start and load my theme from the extensions.

Actual behavior

Visual studio code starts, but apparently does not see a lot of required files. In particular the directory ~/.vscode/extensions appears empty when trying to open a file from vscode whereas in reality there are extension folders inside. It does not load the theme therein either. None of my usual home folders are visible. (Is that intended?)

However, everything seems to work if I white list whitelist ~

Behavior without a profile

--noprofile seems fine.

Environment

Linux: Manjaro (Archlinux based)
firejail 0.9.68

Log

Output of firejail /usr/bin/code --no-sandbox --unity-launch

> firejail /usr/bin/code --no-sandbox --unity-launch
Reading profile /etc/firejail/code.profile
Reading profile /etc/firejail/allow-common-devel.inc
Reading profile /etc/firejail/electron.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-programs.inc
Parent pid 56475, child pid 56476
Warning: NVIDIA card detected, nogroups command ignored
Warning: NVIDIA card detected, nogroups command ignored
Warning: NVIDIA card detected, nogroups command ignored
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Warning: NVIDIA card detected, nogroups command ignored
Child process initialized in 25.91 ms

Output of firejail --debug /usr/bin/code --no-sandbox --unity-launch

Autoselecting /bin/bash as shell
Building quoted command line: '/usr/bin/code' '--no-sandbox' '--unity-launch' 
Command name #code#
Found code.profile profile in /etc/firejail directory
Found allow-common-devel.inc profile in /etc/firejail directory
Found electron.profile profile in /etc/firejail directory
Found disable-common.inc profile in /etc/firejail directory
Found disable-programs.inc profile in /etc/firejail directory
Using the local network stack
Using the local network stack
Initializing child process
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp directory
Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file
Mounting /proc filesystem representing the PID namespace
Basic read-only filesystem:
Mounting read-only /etc
1493 608 259:2 /etc /etc ro,noatime master:1 - ext4 /dev/nvme0n1p2 rw
mountid=1493 fsname=/etc dir=/etc fstype=ext4
Mounting noexec /etc
1494 1493 259:2 /etc /etc ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/nvme0n1p2 rw
mountid=1494 fsname=/etc dir=/etc fstype=ext4
Mounting read-only /var
1495 608 259:2 /var /var ro,noatime master:1 - ext4 /dev/nvme0n1p2 rw
mountid=1495 fsname=/var dir=/var fstype=ext4
Mounting noexec /var
1496 1495 259:2 /var /var ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/nvme0n1p2 rw
mountid=1496 fsname=/var dir=/var fstype=ext4
Mounting read-only /usr
1497 608 259:2 /usr /usr ro,noatime master:1 - ext4 /dev/nvme0n1p2 rw
mountid=1497 fsname=/usr dir=/usr fstype=ext4
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Cleaning /run/user directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /home/user/.config/firejail
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/profile
Disable /run/firejail/x11
Mounting tmpfs on /dev
mounting /run/firejail/mnt/dev/dri directory
mounting /run/firejail/mnt/dev/nvidia0 file
mounting /run/firejail/mnt/dev/nvidiactl file
mounting /run/firejail/mnt/dev/nvidia-modeset file
mounting /run/firejail/mnt/dev/nvidia-uvm file
Process /dev/shm directory
Generate private-tmp whitelist commands
blacklist /run/firejail/dbus
Mounting read-only /proc/sys
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/timer_list
Disable /proc/kcore
Disable /proc/kallsyms
Disable /usr/lib/modules (requested /lib/modules)
Disable /boot
Disable /run/user/1000/gnupg
Disable /run/user/1000/systemd
Disable /proc/kmsg
Debug 558: whitelist ${HOME}/.config/Electron
Debug 579: expanded: /home/user/.config/Electron
Debug 590: new_name: /home/user/.config/Electron
Debug 604: dir: /home/user
Adding whitelist top level directory /home/user
Debug 558: whitelist ${HOME}/.config/electron-flag*.conf
Debug 579: expanded: /home/user/.config/electron-flag*.conf
Debug 590: new_name: /home/user/.config/electron-flag*.conf
Debug 604: dir: /home/user
Removed path: whitelist ${HOME}/.config/electron-flag*.conf
	new_name: /home/user/.config/electron-flag*.conf
	realpath: (null)
	No such file or directory
Debug 558: whitelist /tmp/.X11-unix
Debug 579: expanded: /tmp/.X11-unix
Debug 590: new_name: /tmp/.X11-unix
Debug 604: dir: /tmp
Adding whitelist top level directory /tmp
Debug 558: whitelist /tmp/sndio
Debug 579: expanded: /tmp/sndio
Debug 590: new_name: /tmp/sndio
Debug 604: dir: /tmp
Removed path: whitelist /tmp/sndio
	new_name: /tmp/sndio
	realpath: (null)
	No such file or directory
Mounting tmpfs on /tmp, check owner: no
1574 1487 0:71 / /tmp rw,nosuid,nodev,relatime - tmpfs tmpfs rw,inode64
mountid=1574 fsname=/ dir=/tmp fstype=tmpfs
Mounting a new /root directory
Mounting a new /home directory
Create a new user directory
Debug 739: file: /home/user/.config/Electron; dirfd: 4; topdir: /home/user; rel: .config/Electron
Whitelisting /home/user/.config/Electron
1577 1576 259:2 /home/user/.config/Electron /home/user/.config/Electron rw,noatime master:1 - ext4 /dev/nvme0n1p2 rw
mountid=1577 fsname=/home/user/.config/Electron dir=/home/user/.config/Electron fstype=ext4
Debug 739: file: /tmp/.X11-unix; dirfd: 5; topdir: /tmp; rel: .X11-unix
Whitelisting /tmp/.X11-unix
1578 1574 0:34 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev master:18 - tmpfs tmpfs rw,size=16418180k,nr_inodes=1048576,inode64
mountid=1578 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Mounting noexec /tmp
1580 1579 0:34 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev master:18 - tmpfs tmpfs rw,size=16418180k,nr_inodes=1048576,inode64
mountid=1580 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Mounting noexec /tmp/.X11-unix
1581 1580 0:34 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev,noexec master:18 - tmpfs tmpfs rw,size=16418180k,nr_inodes=1048576,inode64
mountid=1581 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Not blacklist /home/user/.python-history
Not blacklist /home/user/.python_history
Not blacklist /home/user/.pythonhist
Disable /etc/xdg/autostart
Mounting read-only /home/user/.Xauthority
1583 1576 0:73 /user/.Xauthority /home/user/.Xauthority ro,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64
mountid=1583 fsname=/user/.Xauthority dir=/home/user/.Xauthority fstype=tmpfs
Disable /run/user/1000/dolphinazjgCp.5.slave-socket
Disable /run/user/1000/dolphinicvRgg.5.slave-socket
Disable /run/user/1000/dolphinoVWDFM.5.slave-socket
Disable /run/user/1000/dolphingmgwxs.5.slave-socket
Disable /run/user/1000/dolphinYdyxNG.5.slave-socket
Disable /run/user/1000/dolphinjevGkA.5.slave-socket
Disable /run/user/1000/dolphineUJMCk.5.slave-socket
Disable /run/user/1000/dolphinZITsOO.5.slave-socket
Disable /run/user/1000/dolphinPOuTJp.5.slave-socket
Disable /run/user/1000/dolphinbrvJLe.5.slave-socket
Disable /run/user/1000/dolphiniBXnZJ.5.slave-socket
Disable /run/user/1000/dolphinmtOISC.5.slave-socket
Disable /run/user/1000/dolphinOZIuQa.5.slave-socket
Disable /run/user/1000/dolphinIaJbig.5.slave-socket
Disable /run/user/1000/dolphinjOwrPc.5.slave-socket
Disable /run/user/1000/dolphinXdkfjt.5.slave-socket
Disable /run/user/1000/dolphinjDBsXQ.5.slave-socket
Disable /run/user/1000/dolphineyTqxP.5.slave-socket
Disable /run/user/1000/dolphinohmsQx.5.slave-socket
Disable /run/user/1000/dolphinauFFTZ.5.slave-socket
Disable /run/user/1000/dolphinFOMyJG.5.slave-socket
Disable /run/user/1000/dolphinpILkpW.5.slave-socket
Disable /run/user/1000/dolphinRFXcYC.5.slave-socket
Disable /run/user/1000/dolphinSohzQd.5.slave-socket
Disable /run/user/1000/dolphinUQYutX.5.slave-socket
Disable /run/user/1000/dolphineyPCVt.5.slave-socket
Disable /run/user/1000/dolphinNOMaoS.5.slave-socket
Disable /run/user/1000/dolphinZlpbwb.5.slave-socket
Disable /run/user/1000/dolphinzNVTrr.5.slave-socket
Disable /run/user/1000/dolphiniGyeVI.5.slave-socket
Disable /run/user/1000/dolphinswYYYo.5.slave-socket
Disable /run/user/1000/dolphinsufDWu.5.slave-socket
Disable /run/user/1000/dolphinQCPwSz.5.slave-socket
Disable /run/user/1000/dolphinPoyKTn.5.slave-socket
Disable /run/user/1000/dolphinmNtBIF.5.slave-socket
Disable /run/user/1000/dolphinJFaeya.5.slave-socket
Disable /run/user/1000/dolphinwErIsB.5.slave-socket
Disable /usr/bin/systemctl
Disable /usr/bin/systemd-run
Disable /run/user/1000/systemd
Disable /etc/systemd/network
Disable /etc/systemd/system
Disable /var/lib/systemd
Disable /usr/bin/veracrypt
Disable /usr/share/applications/veracrypt.desktop
Disable /usr/share/pixmaps/veracrypt.xpm
Disable /var/cache/pacman
Disable /var/lib/pacman
Disable /var/lib/upower
Disable /var/spool/mail (requested /var/mail)
Disable /var/opt
Disable /var/spool/anacron
Disable /var/spool/mail
Disable /etc/apparmor.d
Disable /etc/apparmor
Disable /etc/cron.deny.pacsave
Disable /etc/default
Disable /etc/grub.d
Disable /etc/kernel
Disable /etc/logrotate.d
Disable /etc/logrotate.conf
Disable /etc/modules-load.d
Disable /etc/profile.d
Disable /etc/rkhunter.conf
Disable /var/lib/rkhunter
Mounting read-only /home/user/.bashrc
1649 1576 0:73 /user/.bashrc /home/user/.bashrc ro,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64
mountid=1649 fsname=/user/.bashrc dir=/home/user/.bashrc fstype=tmpfs
Disable /etc/group-
Disable /etc/gshadow
Disable /etc/gshadow-
Disable /etc/passwd-
Disable /etc/shadow
Disable /etc/shadow-
Disable /etc/ssh
Warning (blacklisting): cannot open /etc/ssh/*: Permission denied
Not blacklist /home/user/.git-credentials
Disable /usr/local/sbin
Warning (blacklisting): cannot open /usr/local/sbin/at: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/busybox: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/chage: Permission denied
Disable /usr/bin/chage
Warning (blacklisting): cannot open /usr/local/sbin/chfn: Permission denied
Disable /usr/bin/chfn
Warning (blacklisting): cannot open /usr/local/sbin/chsh: Permission denied
Disable /usr/bin/chsh
Warning (blacklisting): cannot open /usr/local/sbin/crontab: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/evtest: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/expiry: Permission denied
Disable /usr/bin/expiry
Warning (blacklisting): cannot open /usr/local/sbin/fusermount: Permission denied
Disable /usr/bin/fusermount
Warning (blacklisting): cannot open /usr/local/sbin/gksu: Permission denied
Disable /usr/bin/zensu (requested /usr/bin/gksu)
Warning (blacklisting): cannot open /usr/local/sbin/gksudo: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/gpasswd: Permission denied
Disable /usr/bin/gpasswd
Warning (blacklisting): cannot open /usr/local/sbin/kdesudo: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/ksu: Permission denied
Disable /usr/bin/ksu
Warning (blacklisting): cannot open /usr/local/sbin/mount: Permission denied
Disable /usr/bin/mount
Warning (blacklisting): cannot open /usr/local/sbin/mount.ecryptfs_private: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/nc: Permission denied
Disable /usr/bin/netcat (requested /usr/bin/nc)
Warning (blacklisting): cannot open /usr/local/sbin/ncat: Permission denied
Disable /usr/bin/ncat
Warning (blacklisting): cannot open /usr/local/sbin/nmap: Permission denied
Disable /usr/bin/nmap
Warning (blacklisting): cannot open /usr/local/sbin/newgidmap: Permission denied
Disable /usr/bin/newgidmap
Warning (blacklisting): cannot open /usr/local/sbin/newgrp: Permission denied
Disable /usr/bin/newgrp
Warning (blacklisting): cannot open /usr/local/sbin/newuidmap: Permission denied
Disable /usr/bin/newuidmap
Warning (blacklisting): cannot open /usr/local/sbin/ntfs-3g: Permission denied
Disable /usr/bin/ntfs-3g
Warning (blacklisting): cannot open /usr/local/sbin/pkexec: Permission denied
Disable /usr/bin/pkexec
Warning (blacklisting): cannot open /usr/local/sbin/procmail: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/sg: Permission denied
Disable /usr/bin/sg
Warning (blacklisting): cannot open /usr/local/sbin/strace: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/su: Permission denied
Disable /usr/bin/su
Warning (blacklisting): cannot open /usr/local/sbin/sudo: Permission denied
Disable /usr/bin/sudo
Warning (blacklisting): cannot open /usr/local/sbin/tcpdump: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/umount: Permission denied
Disable /usr/bin/umount
Warning (blacklisting): cannot open /usr/local/sbin/unix_chkpwd: Permission denied
Disable /usr/bin/unix_chkpwd
Warning (blacklisting): cannot open /usr/local/sbin/xev: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/xinput: Permission denied
Disable /usr/lib/ssh
Warning (blacklisting): cannot open /usr/local/sbin/passwd: Permission denied
Disable /usr/bin/passwd
Disable /usr/lib/dbus-1.0/dbus-daemon-launch-helper
Warning (blacklisting): cannot open /usr/local/sbin/suexec: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/slock: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/physlock: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/schroot: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/wshowkeys: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/pmount: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/pumount: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/bmon: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/fping: Permission denied
Disable /usr/bin/fping
Warning (blacklisting): cannot open /usr/local/sbin/fping6: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/hostname: Permission denied
Disable /usr/bin/hostname
Warning (blacklisting): cannot open /usr/local/sbin/mtr: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/mtr-packet: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/netstat: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/nm-online: Permission denied
Disable /usr/bin/nm-online
Warning (blacklisting): cannot open /usr/local/sbin/nmcli: Permission denied
Disable /usr/bin/nmcli
Warning (blacklisting): cannot open /usr/local/sbin/nmtui: Permission denied
Disable /usr/bin/nmtui
Warning (blacklisting): cannot open /usr/local/sbin/nmtui-connect: Permission denied
Disable /usr/bin/nmtui (requested /usr/bin/nmtui-connect)
Warning (blacklisting): cannot open /usr/local/sbin/nmtui-edit: Permission denied
Disable /usr/bin/nmtui (requested /usr/bin/nmtui-edit)
Warning (blacklisting): cannot open /usr/local/sbin/nmtui-hostname: Permission denied
Disable /usr/bin/nmtui (requested /usr/bin/nmtui-hostname)
Warning (blacklisting): cannot open /usr/local/sbin/networkctl: Permission denied
Disable /usr/bin/networkctl
Warning (blacklisting): cannot open /usr/local/sbin/ss: Permission denied
Disable /usr/bin/ss
Warning (blacklisting): cannot open /usr/local/sbin/traceroute: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/gnome-terminal: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/gnome-terminal.wrapper: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/lilyterm: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/lxterminal: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/mate-terminal: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/mate-terminal.wrapper: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/pantheon-terminal: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/roxterm: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/roxterm-config: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/terminix: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/tilix: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/urxvtc: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/urxvtcd: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/xfce4-terminal: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/xfce4-terminal.wrapper: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/bwrap: Permission denied
Disable /usr/bin/bwrap
Warning (blacklisting): cannot stat /run/user/1000/doc: Permission denied
Disable /proc/config.gz
Warning (blacklisting): cannot open /usr/local/sbin/dig: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/dlint: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/dns2tcp: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/dnssec-*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/dnswalk: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/drill: Permission denied
Disable /usr/bin/drill
Warning (blacklisting): cannot open /usr/local/sbin/host: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/iodine: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/kdig: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/khost: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/knsupdate: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/ldns-*: Permission denied
Disable /usr/bin/ldns-verify-zone
Disable /usr/bin/ldns-zcat
Disable /usr/bin/ldns-revoke
Disable /usr/bin/ldns-testns
Disable /usr/bin/ldns-dpa
Disable /usr/bin/ldns-keygen
Disable /usr/bin/ldns-version
Disable /usr/bin/ldns-zsplit
Disable /usr/bin/ldns-update
Disable /usr/bin/ldns-test-edns
Disable /usr/bin/ldns-chaos
Disable /usr/bin/ldns-signzone
Disable /usr/bin/ldns-dane
Disable /usr/bin/ldns-read-zone
Disable /usr/bin/ldns-config
Disable /usr/bin/ldns-resolver
Disable /usr/bin/ldns-keyfetcher
Disable /usr/bin/ldns-gen-zone
Disable /usr/bin/ldns-walk
Disable /usr/bin/ldns-nsec3-hash
Disable /usr/bin/ldns-key2ds
Disable /usr/bin/ldns-mx
Disable /usr/bin/ldns-compare-zones
Disable /usr/bin/ldns-rrsig
Disable /usr/bin/ldns-notify
Warning (blacklisting): cannot open /usr/local/sbin/ldnsd: Permission denied
Disable /usr/bin/ldnsd
Warning (blacklisting): cannot open /usr/local/sbin/nslookup: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/resolvectl: Permission denied
Disable /usr/bin/resolvectl
Warning (blacklisting): cannot open /usr/local/sbin/unbound-host: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/ftp: Permission denied
Disable /usr/bin/ftp
Warning (blacklisting): cannot open /usr/local/sbin/ssh: Permission denied
Disable /usr/bin/ssh
Warning (blacklisting): cannot open /usr/local/sbin/telnet: Permission denied
Disable /usr/bin/telnet
Disable /run/user/1000/pipewire-0.lock
Not blacklist /home/user/.bundle
Not blacklist /home/user/.cargo
Not blacklist /home/user/.config/Code
Not blacklist /home/user/.config/Code - OSS
Not blacklist /home/user/.config/Electron
Not blacklist /home/user/.config/electron-flag*.conf
Not blacklist /home/user/.config/git
Not blacklist /home/user/.gitconfig
Not blacklist /home/user/.gradle
Not blacklist /home/user/.java
Not blacklist /home/user/.node-gyp
Not blacklist /home/user/.npm
Not blacklist /home/user/.npmrc
Not blacklist /home/user/.nvm
Not blacklist /home/user/.pylint.d
Not blacklist /home/user/.vscode
Not blacklist /home/user/.vscode-oss
Not blacklist /home/user/.yarn
Not blacklist /home/user/.yarn-config
Not blacklist /home/user/.yarncache
Not blacklist /home/user/.yarnrc
Mounting read-only /tmp/.X11-unix
1727 1581 0:34 /.X11-unix /tmp/.X11-unix ro,nosuid,nodev,noexec master:18 - tmpfs tmpfs rw,size=16418180k,nr_inodes=1048576,inode64
mountid=1727 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Disable /sys/fs
Disable /sys/module
disable pulseaudio
blacklist /run/user/1000/pulse/native
blacklist /run/user/1000/pulse
disable pipewire
blacklist /run/user/1000/pipewire-0.lock
blacklist /run/user/1000/pipewire-0
blacklist /run/user/1000/pipewire-0.lock
blacklist /run/user/1000/pipewire-0
rebuilding /etc directory
Creating empty /run/firejail/mnt/dns-etc/pkcs11 directory
Creating empty /run/firejail/mnt/dns-etc/slsh.rc file
Creating empty /run/firejail/mnt/dns-etc/mhwd-x86_64.conf file
Creating empty /run/firejail/mnt/dns-etc/dhcpcd.conf file
Creating empty /run/firejail/mnt/dns-etc/ksysguarddrc file
Creating empty /run/firejail/mnt/dns-etc/iproute2 directory
Creating empty /run/firejail/mnt/dns-etc/securetty file
Creating empty /run/firejail/mnt/dns-etc/opt directory
Creating empty /run/firejail/mnt/dns-etc/audit directory
Creating empty /run/firejail/mnt/dns-etc/machine-id file
Creating empty /run/firejail/mnt/dns-etc/tlp.d directory
Creating empty /run/firejail/mnt/dns-etc/sane.d directory
Creating empty /run/firejail/mnt/dns-etc/papersize file
Creating empty /run/firejail/mnt/dns-etc/libinput directory
Creating empty /run/firejail/mnt/dns-etc/.updated file
Creating empty /run/firejail/mnt/dns-etc/alternatives directory
Creating empty /run/firejail/mnt/dns-etc/dpkg directory
Creating empty /run/firejail/mnt/dns-etc/printcap file
Creating empty /run/firejail/mnt/dns-etc/rsyncd.conf file
Creating empty /run/firejail/mnt/dns-etc/avahi directory
Creating empty /run/firejail/mnt/dns-etc/manjaro-firefox.ini file
Creating empty /run/firejail/mnt/dns-etc/depmod.d directory
Creating empty /run/firejail/mnt/dns-etc/ImageMagick-7 directory
Creating empty /run/firejail/mnt/dns-etc/modprobe.d directory
Creating empty /run/firejail/mnt/dns-etc/nscd.conf file
Creating empty /run/firejail/mnt/dns-etc/ca-certificates directory
Creating empty /run/firejail/mnt/dns-etc/ndctl directory
Creating empty /run/firejail/mnt/dns-etc/krb5.conf file
Creating empty /run/firejail/mnt/dns-etc/vpnc directory
Creating empty /run/firejail/mnt/dns-etc/ts.conf file
Creating empty /run/firejail/mnt/dns-etc/trusted-key.key file
Creating empty /run/firejail/mnt/dns-etc/resolv.conf file
Creating empty /run/firejail/mnt/dns-etc/hosts file
Creating empty /run/firejail/mnt/dns-etc/sensors3.conf file
Creating empty /run/firejail/mnt/dns-etc/ssl directory
Creating empty /run/firejail/mnt/dns-etc/sddm.conf.d directory
Creating empty /run/firejail/mnt/dns-etc/bindresvport.blacklist file
Creating empty /run/firejail/mnt/dns-etc/resolvconf.conf file
Creating empty /run/firejail/mnt/dns-etc/appstream.conf file
Creating empty /run/firejail/mnt/dns-etc/usb_modeswitch.conf file
Creating empty /run/firejail/mnt/dns-etc/initcpio directory
Creating empty /run/firejail/mnt/dns-etc/NetworkManager directory
Creating empty /run/firejail/mnt/dns-etc/pacman-mirrors.conf file
Creating empty /run/firejail/mnt/dns-etc/daxctl.conf.d directory
Creating empty /run/firejail/mnt/dns-etc/gtk-3.0 directory
Creating empty /run/firejail/mnt/dns-etc/timezone file
Creating empty /run/firejail/mnt/dns-etc/pacman.conf file
Creating empty /run/firejail/mnt/dns-etc/openmpi directory
Creating empty /run/firejail/mnt/dns-etc/OpenCL directory
Creating empty /run/firejail/mnt/dns-etc/fuse.conf file
Creating empty /run/firejail/mnt/dns-etc/texmf directory
Creating empty /run/firejail/mnt/dns-etc/pacman.d directory
Creating empty /run/firejail/mnt/dns-etc/vconsole.conf file
Creating empty /run/firejail/mnt/dns-etc/vdpau_wrapper.cfg file
Creating empty /run/firejail/mnt/dns-etc/openvpn directory
Creating empty /run/firejail/mnt/dns-etc/inputrc file
Creating empty /run/firejail/mnt/dns-etc/chromium directory
Creating empty /run/firejail/mnt/dns-etc/crypttab file
Creating empty /run/firejail/mnt/dns-etc/nanorc file
Creating empty /run/firejail/mnt/dns-etc/xdg directory
Creating empty /run/firejail/mnt/dns-etc/libva.conf file
Creating empty /run/firejail/mnt/dns-etc/tpm2-tss directory
Creating empty /run/firejail/mnt/dns-etc/security directory
Creating empty /run/firejail/mnt/dns-etc/pam.d directory
Creating empty /run/firejail/mnt/dns-etc/systemd directory
Creating empty /run/firejail/mnt/dns-etc/.pwd.lock file
Creating empty /run/firejail/mnt/dns-etc/login.defs file
Creating empty /run/firejail/mnt/dns-etc/bash.bashrc file
Creating empty /run/firejail/mnt/dns-etc/udev directory
Creating empty /run/firejail/mnt/dns-etc/locale.gen.pacnew file
Creating empty /run/firejail/mnt/dns-etc/environment file
Creating empty /run/firejail/mnt/dns-etc/samba directory
Creating empty /run/firejail/mnt/dns-etc/keyutils directory
Creating empty /run/firejail/mnt/dns-etc/iptables directory
Creating empty /run/firejail/mnt/dns-etc/libpaper.d directory
Creating empty /run/firejail/mnt/dns-etc/ndctl.conf.d directory
Creating empty /run/firejail/mnt/dns-etc/ModemManager directory
Creating empty /run/firejail/mnt/dns-etc/locale.gen file
Creating empty /run/firejail/mnt/dns-etc/xml directory
Creating empty /run/firejail/mnt/dns-etc/UPower directory
Creating empty /run/firejail/mnt/dns-etc/pipewire directory
Creating empty /run/firejail/mnt/dns-etc/sensors.d directory
Creating empty /run/firejail/mnt/dns-etc/libblockdev directory
Creating empty /run/firejail/mnt/dns-etc/wpa_supplicant directory
Creating empty /run/firejail/mnt/dns-etc/xinetd.d directory
Creating empty /run/firejail/mnt/dns-etc/nsswitch.conf file
Creating empty /run/firejail/mnt/dns-etc/firejail directory
Creating empty /run/firejail/mnt/dns-etc/manjaro-thunderbird.ini file
Creating empty /run/firejail/mnt/dns-etc/request-key.conf file
Creating empty /run/firejail/mnt/dns-etc/manjaro-release file
Creating empty /run/firejail/mnt/dns-etc/fonts directory
Creating empty /run/firejail/mnt/dns-etc/libnl directory
Creating empty /run/firejail/mnt/dns-etc/binfmt.d directory
Creating empty /run/firejail/mnt/dns-etc/ppp directory
Creating empty /run/firejail/mnt/dns-etc/usb_modeswitch.setup file
Creating empty /run/firejail/mnt/dns-etc/ld.so.cache file
Creating empty /run/firejail/mnt/dns-etc/adjtime file
Creating empty /run/firejail/mnt/dns-etc/bluetooth directory
Creating empty /run/firejail/mnt/dns-etc/teamviewer directory
Creating empty /run/firejail/mnt/dns-etc/shells file
Creating empty /run/firejail/mnt/dns-etc/mono directory
Creating empty /run/firejail/mnt/dns-etc/signon-ui directory
Creating empty /run/firejail/mnt/dns-etc/fstab file
Creating empty /run/firejail/mnt/dns-etc/openswap.conf file
Creating empty /run/firejail/mnt/dns-etc/sudo_logsrvd.conf file
Creating empty /run/firejail/mnt/dns-etc/rc_maps.cfg file
Creating empty /run/firejail/mnt/dns-etc/mkinitcpio.d directory
Creating empty /run/firejail/mnt/dns-etc/udisks2 directory
Creating empty /run/firejail/mnt/dns-etc/acpi directory
Creating empty /run/firejail/mnt/dns-etc/e2scrub.conf file
Creating empty /run/firejail/mnt/dns-etc/usb_modeswitch.d directory
Creating empty /run/firejail/mnt/dns-etc/mime.types file
Creating empty /run/firejail/mnt/dns-etc/healthd.conf file
Creating empty /run/firejail/mnt/dns-etc/zsh directory
Creating empty /run/firejail/mnt/dns-etc/ufw directory
Creating empty /run/firejail/mnt/dns-etc/tlp.conf file
Creating empty /run/firejail/mnt/dns-etc/hp directory
Creating empty /run/firejail/mnt/dns-etc/host.conf file
Creating empty /run/firejail/mnt/dns-etc/ld.so.conf file
Creating empty /run/firejail/mnt/dns-etc/bash.bash_logout file
Creating empty /run/firejail/mnt/dns-etc/cupshelpers directory
Creating empty /run/firejail/mnt/dns-etc/manjaro-firefox-kde.ini file
Creating empty /run/firejail/mnt/dns-etc/X11 directory
Creating empty /run/firejail/mnt/dns-etc/openldap directory
Creating empty /run/firejail/mnt/dns-etc/nginx directory
Creating empty /run/firejail/mnt/dns-etc/sudo.conf file
Creating empty /run/firejail/mnt/dns-etc/hostname file
Creating empty /run/firejail/mnt/dns-etc/gai.conf file
Creating empty /run/firejail/mnt/dns-etc/services file
Creating empty /run/firejail/mnt/dns-etc/sudoers.d directory
Creating empty /run/firejail/mnt/dns-etc/ntp.conf file
Creating empty /run/firejail/mnt/dns-etc/lvm directory
Creating empty /run/firejail/mnt/dns-etc/gemrc file
Creating empty /run/firejail/mnt/dns-etc/passwd file
Creating empty /run/firejail/mnt/dns-etc/manjaro-firefox-developer-edition.ini file
Creating empty /run/firejail/mnt/dns-etc/smartd.conf file
Creating empty /run/firejail/mnt/dns-etc/pacman.conf.pacnew file
Creating empty /run/firejail/mnt/dns-etc/xattr.conf file
Creating empty /run/firejail/mnt/dns-etc/geoclue directory
Creating empty /run/firejail/mnt/dns-etc/request-key.d directory
Creating empty /run/firejail/mnt/dns-etc/lirc directory
Creating empty /run/firejail/mnt/dns-etc/sudoers file
Creating empty /run/firejail/mnt/dns-etc/libreoffice directory
Creating empty /run/firejail/mnt/dns-etc/cups directory
Creating empty /run/firejail/mnt/dns-etc/lsb-release file
Creating empty /run/firejail/mnt/dns-etc/rc_keymaps directory
Creating empty /run/firejail/mnt/dns-etc/dbus-1 directory
Creating empty /run/firejail/mnt/dns-etc/jack directory
Creating empty /run/firejail/mnt/dns-etc/pinentry directory
Creating empty /run/firejail/mnt/dns-etc/conf.d directory
Creating empty /run/firejail/mnt/dns-etc/signond.conf file
Creating empty /run/firejail/mnt/dns-etc/mailcap file
Creating empty /run/firejail/mnt/dns-etc/mkinitcpio.conf file
Creating empty /run/firejail/mnt/dns-etc/skel directory
Creating empty /run/firejail/mnt/dns-etc/alsa directory
Creating empty /run/firejail/mnt/dns-etc/tmpfiles.d directory
Creating empty /run/firejail/mnt/dns-etc/ethertypes file
Creating empty /run/firejail/mnt/dns-etc/makepkg.conf file
Creating empty /run/firejail/mnt/dns-etc/polkit-1 directory
Creating empty /run/firejail/mnt/dns-etc/libaudit.conf file
Creating empty /run/firejail/mnt/dns-etc/locale.conf file
Creating empty /run/firejail/mnt/dns-etc/ctdb directory
Creating empty /run/firejail/mnt/dns-etc/group file
Creating empty /run/firejail/mnt/dns-etc/netconfig file
Creating empty /run/firejail/mnt/dns-etc/ld.so.conf.d directory
Creating empty /run/firejail/mnt/dns-etc/mke2fs.conf file
Creating empty /run/firejail/mnt/dns-etc/man_db.conf file
Creating empty /run/firejail/mnt/dns-etc/arch-audit directory
Creating empty /run/firejail/mnt/dns-etc/cifs-utils directory
Creating empty /run/firejail/mnt/dns-etc/dconf directory
Creating empty /run/firejail/mnt/dns-etc/dnsmasq.conf file
Creating empty /run/firejail/mnt/dns-etc/wgetrc file
Creating empty /run/firejail/mnt/dns-etc/profile file
Creating empty /run/firejail/mnt/dns-etc/inxi.conf file
Creating empty /run/firejail/mnt/dns-etc/rpc file
Creating empty /run/firejail/mnt/dns-etc/foomatic directory
Creating empty /run/firejail/mnt/dns-etc/issue file
Creating empty /run/firejail/mnt/dns-etc/cpufreq-bench.conf file
Creating empty /run/firejail/mnt/dns-etc/mdadm.conf file
Creating empty /run/firejail/mnt/dns-etc/sysctl.d directory
Creating empty /run/firejail/mnt/dns-etc/sddm.conf file
Creating empty /run/firejail/mnt/dns-etc/pulse directory
Creating empty /run/firejail/mnt/dns-etc/protocols file
Creating empty /run/firejail/mnt/dns-etc/pamac.conf file
Mount-bind /run/firejail/mnt/dns-etc on top of /etc
Current directory: /home/user
Mounting read-only /run/firejail/mnt/seccomp
2111 1490 0:62 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755,inode64
mountid=2111 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs
Seccomp directory:
ls /run/firejail/mnt/seccomp
drwxr-xr-x root     root             120 .
drwxr-xr-x root     root             240 ..
-rw-r--r-- user    user            568 seccomp
-rw-r--r-- user    user            432 seccomp.32
-rw-r--r-- user    user              0 seccomp.postexec
-rw-r--r-- user    user              0 seccomp.postexec32
No active seccomp files
Set caps filter 240000
NO_NEW_PRIVS set
Drop privileges: pid 1, uid 1000, gid 1001, force_nogroups 0
Supplementary groups: 991 
Closing non-standard file descriptors
Starting application
LD_PRELOAD=(null)
execvp argument 0: /usr/bin/code
execvp argument 1: --no-sandbox
execvp argument 2: --unity-launch

---

Edit by @kmk3: Fix formatting.

Originally created by @Gerenuk on GitHub (Mar 5, 2022). Original GitHub issue: https://github.com/netblue30/firejail/issues/5012 ### Description Running visual studio code seems to have important directories inaccessible unless the home directory is explicitely whitelisted. ### Steps to Reproduce I'm running `firejail /usr/bin/code --no-sandbox --unity-launch` as these options for `code` were already preconfigured by the usual desktop link. Without `--no-sandbox` it would not start. ### Expected behavior It should start and load my theme from the extensions. ### Actual behavior Visual studio code starts, but apparently does not see a lot of required files. In particular the directory `~/.vscode/extensions` appears empty when trying to open a file from vscode whereas in reality there are extension folders inside. It does not load the theme therein either. None of my usual home folders are visible. (Is that intended?) However, everything seems to work if I white list `whitelist ~` ### Behavior without a profile `--noprofile` seems fine. ### Environment Linux: Manjaro (Archlinux based) firejail 0.9.68 ### Log <details> <summary>Output of <code>firejail /usr/bin/code --no-sandbox --unity-launch</code></summary> <p> ``` > firejail /usr/bin/code --no-sandbox --unity-launch Reading profile /etc/firejail/code.profile Reading profile /etc/firejail/allow-common-devel.inc Reading profile /etc/firejail/electron.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-programs.inc Parent pid 56475, child pid 56476 Warning: NVIDIA card detected, nogroups command ignored Warning: NVIDIA card detected, nogroups command ignored Warning: NVIDIA card detected, nogroups command ignored Warning: /sbin directory link was not blacklisted Warning: /usr/sbin directory link was not blacklisted Warning: NVIDIA card detected, nogroups command ignored Child process initialized in 25.91 ms ``` </p> </details> <details> <summary>Output of <code>firejail --debug /usr/bin/code --no-sandbox --unity-launch</code></summary> <p> ``` Autoselecting /bin/bash as shell Building quoted command line: '/usr/bin/code' '--no-sandbox' '--unity-launch' Command name #code# Found code.profile profile in /etc/firejail directory Found allow-common-devel.inc profile in /etc/firejail directory Found electron.profile profile in /etc/firejail directory Found disable-common.inc profile in /etc/firejail directory Found disable-programs.inc profile in /etc/firejail directory Using the local network stack Using the local network stack Initializing child process PID namespace installed Mounting tmpfs on /run/firejail/mnt directory Creating empty /run/firejail/mnt/seccomp directory Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file Mounting /proc filesystem representing the PID namespace Basic read-only filesystem: Mounting read-only /etc 1493 608 259:2 /etc /etc ro,noatime master:1 - ext4 /dev/nvme0n1p2 rw mountid=1493 fsname=/etc dir=/etc fstype=ext4 Mounting noexec /etc 1494 1493 259:2 /etc /etc ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/nvme0n1p2 rw mountid=1494 fsname=/etc dir=/etc fstype=ext4 Mounting read-only /var 1495 608 259:2 /var /var ro,noatime master:1 - ext4 /dev/nvme0n1p2 rw mountid=1495 fsname=/var dir=/var fstype=ext4 Mounting noexec /var 1496 1495 259:2 /var /var ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/nvme0n1p2 rw mountid=1496 fsname=/var dir=/var fstype=ext4 Mounting read-only /usr 1497 608 259:2 /usr /usr ro,noatime master:1 - ext4 /dev/nvme0n1p2 rw mountid=1497 fsname=/usr dir=/usr fstype=ext4 Mounting tmpfs on /var/lock Mounting tmpfs on /var/tmp Mounting tmpfs on /var/log Create the new utmp file Mount the new utmp file Cleaning /home directory Cleaning /run/user directory Sanitizing /etc/passwd, UID_MIN 1000 Sanitizing /etc/group, GID_MIN 1000 Disable /home/user/.config/firejail Disable /run/firejail/network Disable /run/firejail/bandwidth Disable /run/firejail/name Disable /run/firejail/profile Disable /run/firejail/x11 Mounting tmpfs on /dev mounting /run/firejail/mnt/dev/dri directory mounting /run/firejail/mnt/dev/nvidia0 file mounting /run/firejail/mnt/dev/nvidiactl file mounting /run/firejail/mnt/dev/nvidia-modeset file mounting /run/firejail/mnt/dev/nvidia-uvm file Process /dev/shm directory Generate private-tmp whitelist commands blacklist /run/firejail/dbus Mounting read-only /proc/sys Remounting /sys directory Disable /sys/firmware Disable /sys/hypervisor Disable /sys/power Disable /sys/kernel/debug Disable /sys/kernel/vmcoreinfo Disable /proc/sys/fs/binfmt_misc Disable /proc/sys/kernel/core_pattern Disable /proc/sys/kernel/modprobe Disable /proc/sysrq-trigger Disable /proc/sys/vm/panic_on_oom Disable /proc/irq Disable /proc/bus Disable /proc/timer_list Disable /proc/kcore Disable /proc/kallsyms Disable /usr/lib/modules (requested /lib/modules) Disable /boot Disable /run/user/1000/gnupg Disable /run/user/1000/systemd Disable /proc/kmsg Debug 558: whitelist ${HOME}/.config/Electron Debug 579: expanded: /home/user/.config/Electron Debug 590: new_name: /home/user/.config/Electron Debug 604: dir: /home/user Adding whitelist top level directory /home/user Debug 558: whitelist ${HOME}/.config/electron-flag*.conf Debug 579: expanded: /home/user/.config/electron-flag*.conf Debug 590: new_name: /home/user/.config/electron-flag*.conf Debug 604: dir: /home/user Removed path: whitelist ${HOME}/.config/electron-flag*.conf new_name: /home/user/.config/electron-flag*.conf realpath: (null) No such file or directory Debug 558: whitelist /tmp/.X11-unix Debug 579: expanded: /tmp/.X11-unix Debug 590: new_name: /tmp/.X11-unix Debug 604: dir: /tmp Adding whitelist top level directory /tmp Debug 558: whitelist /tmp/sndio Debug 579: expanded: /tmp/sndio Debug 590: new_name: /tmp/sndio Debug 604: dir: /tmp Removed path: whitelist /tmp/sndio new_name: /tmp/sndio realpath: (null) No such file or directory Mounting tmpfs on /tmp, check owner: no 1574 1487 0:71 / /tmp rw,nosuid,nodev,relatime - tmpfs tmpfs rw,inode64 mountid=1574 fsname=/ dir=/tmp fstype=tmpfs Mounting a new /root directory Mounting a new /home directory Create a new user directory Debug 739: file: /home/user/.config/Electron; dirfd: 4; topdir: /home/user; rel: .config/Electron Whitelisting /home/user/.config/Electron 1577 1576 259:2 /home/user/.config/Electron /home/user/.config/Electron rw,noatime master:1 - ext4 /dev/nvme0n1p2 rw mountid=1577 fsname=/home/user/.config/Electron dir=/home/user/.config/Electron fstype=ext4 Debug 739: file: /tmp/.X11-unix; dirfd: 5; topdir: /tmp; rel: .X11-unix Whitelisting /tmp/.X11-unix 1578 1574 0:34 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev master:18 - tmpfs tmpfs rw,size=16418180k,nr_inodes=1048576,inode64 mountid=1578 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Mounting noexec /tmp 1580 1579 0:34 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev master:18 - tmpfs tmpfs rw,size=16418180k,nr_inodes=1048576,inode64 mountid=1580 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Mounting noexec /tmp/.X11-unix 1581 1580 0:34 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev,noexec master:18 - tmpfs tmpfs rw,size=16418180k,nr_inodes=1048576,inode64 mountid=1581 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Not blacklist /home/user/.python-history Not blacklist /home/user/.python_history Not blacklist /home/user/.pythonhist Disable /etc/xdg/autostart Mounting read-only /home/user/.Xauthority 1583 1576 0:73 /user/.Xauthority /home/user/.Xauthority ro,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64 mountid=1583 fsname=/user/.Xauthority dir=/home/user/.Xauthority fstype=tmpfs Disable /run/user/1000/dolphinazjgCp.5.slave-socket Disable /run/user/1000/dolphinicvRgg.5.slave-socket Disable /run/user/1000/dolphinoVWDFM.5.slave-socket Disable /run/user/1000/dolphingmgwxs.5.slave-socket Disable /run/user/1000/dolphinYdyxNG.5.slave-socket Disable /run/user/1000/dolphinjevGkA.5.slave-socket Disable /run/user/1000/dolphineUJMCk.5.slave-socket Disable /run/user/1000/dolphinZITsOO.5.slave-socket Disable /run/user/1000/dolphinPOuTJp.5.slave-socket Disable /run/user/1000/dolphinbrvJLe.5.slave-socket Disable /run/user/1000/dolphiniBXnZJ.5.slave-socket Disable /run/user/1000/dolphinmtOISC.5.slave-socket Disable /run/user/1000/dolphinOZIuQa.5.slave-socket Disable /run/user/1000/dolphinIaJbig.5.slave-socket Disable /run/user/1000/dolphinjOwrPc.5.slave-socket Disable /run/user/1000/dolphinXdkfjt.5.slave-socket Disable /run/user/1000/dolphinjDBsXQ.5.slave-socket Disable /run/user/1000/dolphineyTqxP.5.slave-socket Disable /run/user/1000/dolphinohmsQx.5.slave-socket Disable /run/user/1000/dolphinauFFTZ.5.slave-socket Disable /run/user/1000/dolphinFOMyJG.5.slave-socket Disable /run/user/1000/dolphinpILkpW.5.slave-socket Disable /run/user/1000/dolphinRFXcYC.5.slave-socket Disable /run/user/1000/dolphinSohzQd.5.slave-socket Disable /run/user/1000/dolphinUQYutX.5.slave-socket Disable /run/user/1000/dolphineyPCVt.5.slave-socket Disable /run/user/1000/dolphinNOMaoS.5.slave-socket Disable /run/user/1000/dolphinZlpbwb.5.slave-socket Disable /run/user/1000/dolphinzNVTrr.5.slave-socket Disable /run/user/1000/dolphiniGyeVI.5.slave-socket Disable /run/user/1000/dolphinswYYYo.5.slave-socket Disable /run/user/1000/dolphinsufDWu.5.slave-socket Disable /run/user/1000/dolphinQCPwSz.5.slave-socket Disable /run/user/1000/dolphinPoyKTn.5.slave-socket Disable /run/user/1000/dolphinmNtBIF.5.slave-socket Disable /run/user/1000/dolphinJFaeya.5.slave-socket Disable /run/user/1000/dolphinwErIsB.5.slave-socket Disable /usr/bin/systemctl Disable /usr/bin/systemd-run Disable /run/user/1000/systemd Disable /etc/systemd/network Disable /etc/systemd/system Disable /var/lib/systemd Disable /usr/bin/veracrypt Disable /usr/share/applications/veracrypt.desktop Disable /usr/share/pixmaps/veracrypt.xpm Disable /var/cache/pacman Disable /var/lib/pacman Disable /var/lib/upower Disable /var/spool/mail (requested /var/mail) Disable /var/opt Disable /var/spool/anacron Disable /var/spool/mail Disable /etc/apparmor.d Disable /etc/apparmor Disable /etc/cron.deny.pacsave Disable /etc/default Disable /etc/grub.d Disable /etc/kernel Disable /etc/logrotate.d Disable /etc/logrotate.conf Disable /etc/modules-load.d Disable /etc/profile.d Disable /etc/rkhunter.conf Disable /var/lib/rkhunter Mounting read-only /home/user/.bashrc 1649 1576 0:73 /user/.bashrc /home/user/.bashrc ro,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64 mountid=1649 fsname=/user/.bashrc dir=/home/user/.bashrc fstype=tmpfs Disable /etc/group- Disable /etc/gshadow Disable /etc/gshadow- Disable /etc/passwd- Disable /etc/shadow Disable /etc/shadow- Disable /etc/ssh Warning (blacklisting): cannot open /etc/ssh/*: Permission denied Not blacklist /home/user/.git-credentials Disable /usr/local/sbin Warning (blacklisting): cannot open /usr/local/sbin/at: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/busybox: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/chage: Permission denied Disable /usr/bin/chage Warning (blacklisting): cannot open /usr/local/sbin/chfn: Permission denied Disable /usr/bin/chfn Warning (blacklisting): cannot open /usr/local/sbin/chsh: Permission denied Disable /usr/bin/chsh Warning (blacklisting): cannot open /usr/local/sbin/crontab: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/evtest: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/expiry: Permission denied Disable /usr/bin/expiry Warning (blacklisting): cannot open /usr/local/sbin/fusermount: Permission denied Disable /usr/bin/fusermount Warning (blacklisting): cannot open /usr/local/sbin/gksu: Permission denied Disable /usr/bin/zensu (requested /usr/bin/gksu) Warning (blacklisting): cannot open /usr/local/sbin/gksudo: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/gpasswd: Permission denied Disable /usr/bin/gpasswd Warning (blacklisting): cannot open /usr/local/sbin/kdesudo: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/ksu: Permission denied Disable /usr/bin/ksu Warning (blacklisting): cannot open /usr/local/sbin/mount: Permission denied Disable /usr/bin/mount Warning (blacklisting): cannot open /usr/local/sbin/mount.ecryptfs_private: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/nc: Permission denied Disable /usr/bin/netcat (requested /usr/bin/nc) Warning (blacklisting): cannot open /usr/local/sbin/ncat: Permission denied Disable /usr/bin/ncat Warning (blacklisting): cannot open /usr/local/sbin/nmap: Permission denied Disable /usr/bin/nmap Warning (blacklisting): cannot open /usr/local/sbin/newgidmap: Permission denied Disable /usr/bin/newgidmap Warning (blacklisting): cannot open /usr/local/sbin/newgrp: Permission denied Disable /usr/bin/newgrp Warning (blacklisting): cannot open /usr/local/sbin/newuidmap: Permission denied Disable /usr/bin/newuidmap Warning (blacklisting): cannot open /usr/local/sbin/ntfs-3g: Permission denied Disable /usr/bin/ntfs-3g Warning (blacklisting): cannot open /usr/local/sbin/pkexec: Permission denied Disable /usr/bin/pkexec Warning (blacklisting): cannot open /usr/local/sbin/procmail: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/sg: Permission denied Disable /usr/bin/sg Warning (blacklisting): cannot open /usr/local/sbin/strace: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/su: Permission denied Disable /usr/bin/su Warning (blacklisting): cannot open /usr/local/sbin/sudo: Permission denied Disable /usr/bin/sudo Warning (blacklisting): cannot open /usr/local/sbin/tcpdump: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/umount: Permission denied Disable /usr/bin/umount Warning (blacklisting): cannot open /usr/local/sbin/unix_chkpwd: Permission denied Disable /usr/bin/unix_chkpwd Warning (blacklisting): cannot open /usr/local/sbin/xev: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/xinput: Permission denied Disable /usr/lib/ssh Warning (blacklisting): cannot open /usr/local/sbin/passwd: Permission denied Disable /usr/bin/passwd Disable /usr/lib/dbus-1.0/dbus-daemon-launch-helper Warning (blacklisting): cannot open /usr/local/sbin/suexec: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/slock: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/physlock: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/schroot: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/wshowkeys: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/pmount: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/pumount: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/bmon: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/fping: Permission denied Disable /usr/bin/fping Warning (blacklisting): cannot open /usr/local/sbin/fping6: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/hostname: Permission denied Disable /usr/bin/hostname Warning (blacklisting): cannot open /usr/local/sbin/mtr: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/mtr-packet: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/netstat: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/nm-online: Permission denied Disable /usr/bin/nm-online Warning (blacklisting): cannot open /usr/local/sbin/nmcli: Permission denied Disable /usr/bin/nmcli Warning (blacklisting): cannot open /usr/local/sbin/nmtui: Permission denied Disable /usr/bin/nmtui Warning (blacklisting): cannot open /usr/local/sbin/nmtui-connect: Permission denied Disable /usr/bin/nmtui (requested /usr/bin/nmtui-connect) Warning (blacklisting): cannot open /usr/local/sbin/nmtui-edit: Permission denied Disable /usr/bin/nmtui (requested /usr/bin/nmtui-edit) Warning (blacklisting): cannot open /usr/local/sbin/nmtui-hostname: Permission denied Disable /usr/bin/nmtui (requested /usr/bin/nmtui-hostname) Warning (blacklisting): cannot open /usr/local/sbin/networkctl: Permission denied Disable /usr/bin/networkctl Warning (blacklisting): cannot open /usr/local/sbin/ss: Permission denied Disable /usr/bin/ss Warning (blacklisting): cannot open /usr/local/sbin/traceroute: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/gnome-terminal: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/gnome-terminal.wrapper: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/lilyterm: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/lxterminal: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/mate-terminal: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/mate-terminal.wrapper: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/pantheon-terminal: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/roxterm: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/roxterm-config: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/terminix: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/tilix: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/urxvtc: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/urxvtcd: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/xfce4-terminal: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/xfce4-terminal.wrapper: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/bwrap: Permission denied Disable /usr/bin/bwrap Warning (blacklisting): cannot stat /run/user/1000/doc: Permission denied Disable /proc/config.gz Warning (blacklisting): cannot open /usr/local/sbin/dig: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/dlint: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/dns2tcp: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/dnssec-*: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/dnswalk: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/drill: Permission denied Disable /usr/bin/drill Warning (blacklisting): cannot open /usr/local/sbin/host: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/iodine: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/kdig: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/khost: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/knsupdate: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/ldns-*: Permission denied Disable /usr/bin/ldns-verify-zone Disable /usr/bin/ldns-zcat Disable /usr/bin/ldns-revoke Disable /usr/bin/ldns-testns Disable /usr/bin/ldns-dpa Disable /usr/bin/ldns-keygen Disable /usr/bin/ldns-version Disable /usr/bin/ldns-zsplit Disable /usr/bin/ldns-update Disable /usr/bin/ldns-test-edns Disable /usr/bin/ldns-chaos Disable /usr/bin/ldns-signzone Disable /usr/bin/ldns-dane Disable /usr/bin/ldns-read-zone Disable /usr/bin/ldns-config Disable /usr/bin/ldns-resolver Disable /usr/bin/ldns-keyfetcher Disable /usr/bin/ldns-gen-zone Disable /usr/bin/ldns-walk Disable /usr/bin/ldns-nsec3-hash Disable /usr/bin/ldns-key2ds Disable /usr/bin/ldns-mx Disable /usr/bin/ldns-compare-zones Disable /usr/bin/ldns-rrsig Disable /usr/bin/ldns-notify Warning (blacklisting): cannot open /usr/local/sbin/ldnsd: Permission denied Disable /usr/bin/ldnsd Warning (blacklisting): cannot open /usr/local/sbin/nslookup: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/resolvectl: Permission denied Disable /usr/bin/resolvectl Warning (blacklisting): cannot open /usr/local/sbin/unbound-host: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/ftp: Permission denied Disable /usr/bin/ftp Warning (blacklisting): cannot open /usr/local/sbin/ssh: Permission denied Disable /usr/bin/ssh Warning (blacklisting): cannot open /usr/local/sbin/telnet: Permission denied Disable /usr/bin/telnet Disable /run/user/1000/pipewire-0.lock Not blacklist /home/user/.bundle Not blacklist /home/user/.cargo Not blacklist /home/user/.config/Code Not blacklist /home/user/.config/Code - OSS Not blacklist /home/user/.config/Electron Not blacklist /home/user/.config/electron-flag*.conf Not blacklist /home/user/.config/git Not blacklist /home/user/.gitconfig Not blacklist /home/user/.gradle Not blacklist /home/user/.java Not blacklist /home/user/.node-gyp Not blacklist /home/user/.npm Not blacklist /home/user/.npmrc Not blacklist /home/user/.nvm Not blacklist /home/user/.pylint.d Not blacklist /home/user/.vscode Not blacklist /home/user/.vscode-oss Not blacklist /home/user/.yarn Not blacklist /home/user/.yarn-config Not blacklist /home/user/.yarncache Not blacklist /home/user/.yarnrc Mounting read-only /tmp/.X11-unix 1727 1581 0:34 /.X11-unix /tmp/.X11-unix ro,nosuid,nodev,noexec master:18 - tmpfs tmpfs rw,size=16418180k,nr_inodes=1048576,inode64 mountid=1727 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs Disable /sys/fs Disable /sys/module disable pulseaudio blacklist /run/user/1000/pulse/native blacklist /run/user/1000/pulse disable pipewire blacklist /run/user/1000/pipewire-0.lock blacklist /run/user/1000/pipewire-0 blacklist /run/user/1000/pipewire-0.lock blacklist /run/user/1000/pipewire-0 rebuilding /etc directory Creating empty /run/firejail/mnt/dns-etc/pkcs11 directory Creating empty /run/firejail/mnt/dns-etc/slsh.rc file Creating empty /run/firejail/mnt/dns-etc/mhwd-x86_64.conf file Creating empty /run/firejail/mnt/dns-etc/dhcpcd.conf file Creating empty /run/firejail/mnt/dns-etc/ksysguarddrc file Creating empty /run/firejail/mnt/dns-etc/iproute2 directory Creating empty /run/firejail/mnt/dns-etc/securetty file Creating empty /run/firejail/mnt/dns-etc/opt directory Creating empty /run/firejail/mnt/dns-etc/audit directory Creating empty /run/firejail/mnt/dns-etc/machine-id file Creating empty /run/firejail/mnt/dns-etc/tlp.d directory Creating empty /run/firejail/mnt/dns-etc/sane.d directory Creating empty /run/firejail/mnt/dns-etc/papersize file Creating empty /run/firejail/mnt/dns-etc/libinput directory Creating empty /run/firejail/mnt/dns-etc/.updated file Creating empty /run/firejail/mnt/dns-etc/alternatives directory Creating empty /run/firejail/mnt/dns-etc/dpkg directory Creating empty /run/firejail/mnt/dns-etc/printcap file Creating empty /run/firejail/mnt/dns-etc/rsyncd.conf file Creating empty /run/firejail/mnt/dns-etc/avahi directory Creating empty /run/firejail/mnt/dns-etc/manjaro-firefox.ini file Creating empty /run/firejail/mnt/dns-etc/depmod.d directory Creating empty /run/firejail/mnt/dns-etc/ImageMagick-7 directory Creating empty /run/firejail/mnt/dns-etc/modprobe.d directory Creating empty /run/firejail/mnt/dns-etc/nscd.conf file Creating empty /run/firejail/mnt/dns-etc/ca-certificates directory Creating empty /run/firejail/mnt/dns-etc/ndctl directory Creating empty /run/firejail/mnt/dns-etc/krb5.conf file Creating empty /run/firejail/mnt/dns-etc/vpnc directory Creating empty /run/firejail/mnt/dns-etc/ts.conf file Creating empty /run/firejail/mnt/dns-etc/trusted-key.key file Creating empty /run/firejail/mnt/dns-etc/resolv.conf file Creating empty /run/firejail/mnt/dns-etc/hosts file Creating empty /run/firejail/mnt/dns-etc/sensors3.conf file Creating empty /run/firejail/mnt/dns-etc/ssl directory Creating empty /run/firejail/mnt/dns-etc/sddm.conf.d directory Creating empty /run/firejail/mnt/dns-etc/bindresvport.blacklist file Creating empty /run/firejail/mnt/dns-etc/resolvconf.conf file Creating empty /run/firejail/mnt/dns-etc/appstream.conf file Creating empty /run/firejail/mnt/dns-etc/usb_modeswitch.conf file Creating empty /run/firejail/mnt/dns-etc/initcpio directory Creating empty /run/firejail/mnt/dns-etc/NetworkManager directory Creating empty /run/firejail/mnt/dns-etc/pacman-mirrors.conf file Creating empty /run/firejail/mnt/dns-etc/daxctl.conf.d directory Creating empty /run/firejail/mnt/dns-etc/gtk-3.0 directory Creating empty /run/firejail/mnt/dns-etc/timezone file Creating empty /run/firejail/mnt/dns-etc/pacman.conf file Creating empty /run/firejail/mnt/dns-etc/openmpi directory Creating empty /run/firejail/mnt/dns-etc/OpenCL directory Creating empty /run/firejail/mnt/dns-etc/fuse.conf file Creating empty /run/firejail/mnt/dns-etc/texmf directory Creating empty /run/firejail/mnt/dns-etc/pacman.d directory Creating empty /run/firejail/mnt/dns-etc/vconsole.conf file Creating empty /run/firejail/mnt/dns-etc/vdpau_wrapper.cfg file Creating empty /run/firejail/mnt/dns-etc/openvpn directory Creating empty /run/firejail/mnt/dns-etc/inputrc file Creating empty /run/firejail/mnt/dns-etc/chromium directory Creating empty /run/firejail/mnt/dns-etc/crypttab file Creating empty /run/firejail/mnt/dns-etc/nanorc file Creating empty /run/firejail/mnt/dns-etc/xdg directory Creating empty /run/firejail/mnt/dns-etc/libva.conf file Creating empty /run/firejail/mnt/dns-etc/tpm2-tss directory Creating empty /run/firejail/mnt/dns-etc/security directory Creating empty /run/firejail/mnt/dns-etc/pam.d directory Creating empty /run/firejail/mnt/dns-etc/systemd directory Creating empty /run/firejail/mnt/dns-etc/.pwd.lock file Creating empty /run/firejail/mnt/dns-etc/login.defs file Creating empty /run/firejail/mnt/dns-etc/bash.bashrc file Creating empty /run/firejail/mnt/dns-etc/udev directory Creating empty /run/firejail/mnt/dns-etc/locale.gen.pacnew file Creating empty /run/firejail/mnt/dns-etc/environment file Creating empty /run/firejail/mnt/dns-etc/samba directory Creating empty /run/firejail/mnt/dns-etc/keyutils directory Creating empty /run/firejail/mnt/dns-etc/iptables directory Creating empty /run/firejail/mnt/dns-etc/libpaper.d directory Creating empty /run/firejail/mnt/dns-etc/ndctl.conf.d directory Creating empty /run/firejail/mnt/dns-etc/ModemManager directory Creating empty /run/firejail/mnt/dns-etc/locale.gen file Creating empty /run/firejail/mnt/dns-etc/xml directory Creating empty /run/firejail/mnt/dns-etc/UPower directory Creating empty /run/firejail/mnt/dns-etc/pipewire directory Creating empty /run/firejail/mnt/dns-etc/sensors.d directory Creating empty /run/firejail/mnt/dns-etc/libblockdev directory Creating empty /run/firejail/mnt/dns-etc/wpa_supplicant directory Creating empty /run/firejail/mnt/dns-etc/xinetd.d directory Creating empty /run/firejail/mnt/dns-etc/nsswitch.conf file Creating empty /run/firejail/mnt/dns-etc/firejail directory Creating empty /run/firejail/mnt/dns-etc/manjaro-thunderbird.ini file Creating empty /run/firejail/mnt/dns-etc/request-key.conf file Creating empty /run/firejail/mnt/dns-etc/manjaro-release file Creating empty /run/firejail/mnt/dns-etc/fonts directory Creating empty /run/firejail/mnt/dns-etc/libnl directory Creating empty /run/firejail/mnt/dns-etc/binfmt.d directory Creating empty /run/firejail/mnt/dns-etc/ppp directory Creating empty /run/firejail/mnt/dns-etc/usb_modeswitch.setup file Creating empty /run/firejail/mnt/dns-etc/ld.so.cache file Creating empty /run/firejail/mnt/dns-etc/adjtime file Creating empty /run/firejail/mnt/dns-etc/bluetooth directory Creating empty /run/firejail/mnt/dns-etc/teamviewer directory Creating empty /run/firejail/mnt/dns-etc/shells file Creating empty /run/firejail/mnt/dns-etc/mono directory Creating empty /run/firejail/mnt/dns-etc/signon-ui directory Creating empty /run/firejail/mnt/dns-etc/fstab file Creating empty /run/firejail/mnt/dns-etc/openswap.conf file Creating empty /run/firejail/mnt/dns-etc/sudo_logsrvd.conf file Creating empty /run/firejail/mnt/dns-etc/rc_maps.cfg file Creating empty /run/firejail/mnt/dns-etc/mkinitcpio.d directory Creating empty /run/firejail/mnt/dns-etc/udisks2 directory Creating empty /run/firejail/mnt/dns-etc/acpi directory Creating empty /run/firejail/mnt/dns-etc/e2scrub.conf file Creating empty /run/firejail/mnt/dns-etc/usb_modeswitch.d directory Creating empty /run/firejail/mnt/dns-etc/mime.types file Creating empty /run/firejail/mnt/dns-etc/healthd.conf file Creating empty /run/firejail/mnt/dns-etc/zsh directory Creating empty /run/firejail/mnt/dns-etc/ufw directory Creating empty /run/firejail/mnt/dns-etc/tlp.conf file Creating empty /run/firejail/mnt/dns-etc/hp directory Creating empty /run/firejail/mnt/dns-etc/host.conf file Creating empty /run/firejail/mnt/dns-etc/ld.so.conf file Creating empty /run/firejail/mnt/dns-etc/bash.bash_logout file Creating empty /run/firejail/mnt/dns-etc/cupshelpers directory Creating empty /run/firejail/mnt/dns-etc/manjaro-firefox-kde.ini file Creating empty /run/firejail/mnt/dns-etc/X11 directory Creating empty /run/firejail/mnt/dns-etc/openldap directory Creating empty /run/firejail/mnt/dns-etc/nginx directory Creating empty /run/firejail/mnt/dns-etc/sudo.conf file Creating empty /run/firejail/mnt/dns-etc/hostname file Creating empty /run/firejail/mnt/dns-etc/gai.conf file Creating empty /run/firejail/mnt/dns-etc/services file Creating empty /run/firejail/mnt/dns-etc/sudoers.d directory Creating empty /run/firejail/mnt/dns-etc/ntp.conf file Creating empty /run/firejail/mnt/dns-etc/lvm directory Creating empty /run/firejail/mnt/dns-etc/gemrc file Creating empty /run/firejail/mnt/dns-etc/passwd file Creating empty /run/firejail/mnt/dns-etc/manjaro-firefox-developer-edition.ini file Creating empty /run/firejail/mnt/dns-etc/smartd.conf file Creating empty /run/firejail/mnt/dns-etc/pacman.conf.pacnew file Creating empty /run/firejail/mnt/dns-etc/xattr.conf file Creating empty /run/firejail/mnt/dns-etc/geoclue directory Creating empty /run/firejail/mnt/dns-etc/request-key.d directory Creating empty /run/firejail/mnt/dns-etc/lirc directory Creating empty /run/firejail/mnt/dns-etc/sudoers file Creating empty /run/firejail/mnt/dns-etc/libreoffice directory Creating empty /run/firejail/mnt/dns-etc/cups directory Creating empty /run/firejail/mnt/dns-etc/lsb-release file Creating empty /run/firejail/mnt/dns-etc/rc_keymaps directory Creating empty /run/firejail/mnt/dns-etc/dbus-1 directory Creating empty /run/firejail/mnt/dns-etc/jack directory Creating empty /run/firejail/mnt/dns-etc/pinentry directory Creating empty /run/firejail/mnt/dns-etc/conf.d directory Creating empty /run/firejail/mnt/dns-etc/signond.conf file Creating empty /run/firejail/mnt/dns-etc/mailcap file Creating empty /run/firejail/mnt/dns-etc/mkinitcpio.conf file Creating empty /run/firejail/mnt/dns-etc/skel directory Creating empty /run/firejail/mnt/dns-etc/alsa directory Creating empty /run/firejail/mnt/dns-etc/tmpfiles.d directory Creating empty /run/firejail/mnt/dns-etc/ethertypes file Creating empty /run/firejail/mnt/dns-etc/makepkg.conf file Creating empty /run/firejail/mnt/dns-etc/polkit-1 directory Creating empty /run/firejail/mnt/dns-etc/libaudit.conf file Creating empty /run/firejail/mnt/dns-etc/locale.conf file Creating empty /run/firejail/mnt/dns-etc/ctdb directory Creating empty /run/firejail/mnt/dns-etc/group file Creating empty /run/firejail/mnt/dns-etc/netconfig file Creating empty /run/firejail/mnt/dns-etc/ld.so.conf.d directory Creating empty /run/firejail/mnt/dns-etc/mke2fs.conf file Creating empty /run/firejail/mnt/dns-etc/man_db.conf file Creating empty /run/firejail/mnt/dns-etc/arch-audit directory Creating empty /run/firejail/mnt/dns-etc/cifs-utils directory Creating empty /run/firejail/mnt/dns-etc/dconf directory Creating empty /run/firejail/mnt/dns-etc/dnsmasq.conf file Creating empty /run/firejail/mnt/dns-etc/wgetrc file Creating empty /run/firejail/mnt/dns-etc/profile file Creating empty /run/firejail/mnt/dns-etc/inxi.conf file Creating empty /run/firejail/mnt/dns-etc/rpc file Creating empty /run/firejail/mnt/dns-etc/foomatic directory Creating empty /run/firejail/mnt/dns-etc/issue file Creating empty /run/firejail/mnt/dns-etc/cpufreq-bench.conf file Creating empty /run/firejail/mnt/dns-etc/mdadm.conf file Creating empty /run/firejail/mnt/dns-etc/sysctl.d directory Creating empty /run/firejail/mnt/dns-etc/sddm.conf file Creating empty /run/firejail/mnt/dns-etc/pulse directory Creating empty /run/firejail/mnt/dns-etc/protocols file Creating empty /run/firejail/mnt/dns-etc/pamac.conf file Mount-bind /run/firejail/mnt/dns-etc on top of /etc Current directory: /home/user Mounting read-only /run/firejail/mnt/seccomp 2111 1490 0:62 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755,inode64 mountid=2111 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs Seccomp directory: ls /run/firejail/mnt/seccomp drwxr-xr-x root root 120 . drwxr-xr-x root root 240 .. -rw-r--r-- user user 568 seccomp -rw-r--r-- user user 432 seccomp.32 -rw-r--r-- user user 0 seccomp.postexec -rw-r--r-- user user 0 seccomp.postexec32 No active seccomp files Set caps filter 240000 NO_NEW_PRIVS set Drop privileges: pid 1, uid 1000, gid 1001, force_nogroups 0 Supplementary groups: 991 Closing non-standard file descriptors Starting application LD_PRELOAD=(null) execvp argument 0: /usr/bin/code execvp argument 1: --no-sandbox execvp argument 2: --unity-launch ``` </p> </details> --- Edit by @kmk3: Fix formatting.

gitea-mirror closed this issue 2026-05-05 09:30:30 -06:00

gitea-mirror commented 2026-05-05 09:30:31 -06:00

Author

Owner

Copy link

@rusty-snake commented on GitHub (Mar 5, 2022):

https://github.com/netblue30/firejail/pull/4727/files#diff-046ffcfd2a399dd76a2a4d5220f83814a89dc2bd059b2e2c0fd089e1db06dec9

Same as #4965/#4929 but for include electron.profile profiles.

<!-- gh-comment-id:1059807265 --> @rusty-snake commented on GitHub (Mar 5, 2022): https://github.com/netblue30/firejail/pull/4727/files#diff-046ffcfd2a399dd76a2a4d5220f83814a89dc2bd059b2e2c0fd089e1db06dec9 Same as #4965/#4929 but for `include electron.profile` profiles.

gitea-mirror commented 2026-05-05 09:30:32 -06:00

Author

Owner

Copy link

@smitsohu commented on GitHub (Mar 5, 2022):

I think we need to ignore whitelist ${HOME}/.config/Electron and whitelist ${HOME}/.config/electron-flag*.conf.

<!-- gh-comment-id:1059809916 --> @smitsohu commented on GitHub (Mar 5, 2022): I think we need to ignore `whitelist ${HOME}/.config/Electron` and `whitelist ${HOME}/.config/electron-flag*.conf`.

gitea-mirror commented 2026-05-05 09:30:32 -06:00

Author

Owner

Copy link

@rusty-snake commented on GitHub (Mar 5, 2022):

ignore whitelist ${HOME}/.config/Electron
ignore whitelist ${HOME}/.config/electron-flag*.conf

must be added to

$ grep -l "^ignore include whitelist-common.inc" $(grep -l "^include electron.profile" /etc/firejail/*.profile)
/etc/firejail/atom.profile
/etc/firejail/code.profile
/etc/firejail/github-desktop.profile
/etc/firejail/notable.profile
/etc/firejail/skypeforlinux.profile

---

nowhitelist

#2882

<!-- gh-comment-id:1059810433 --> @rusty-snake commented on GitHub (Mar 5, 2022): ``` ignore whitelist ${HOME}/.config/Electron ignore whitelist ${HOME}/.config/electron-flag*.conf ``` must be added to ```console $ grep -l "^ignore include whitelist-common.inc" $(grep -l "^include electron.profile" /etc/firejail/*.profile) /etc/firejail/atom.profile /etc/firejail/code.profile /etc/firejail/github-desktop.profile /etc/firejail/notable.profile /etc/firejail/skypeforlinux.profile ``` --- > nowhitelist #2882

gitea-mirror referenced this issue 2026-05-05 10:22:23 -06:00

[PR #2855] [MERGED] ipc-namespace breaks galculator on archlinux #4561

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

serialize_remounts_v2

landlock_v4

landlock

release-0.9.64

release-0.9.62

gitlab_ci

LTSbase

fred_ctests

docs

0.9.80

0.9.80-rc1

0.9.78

0.9.76

0.9.76-rc4

0.9.76-rc3

0.9.76-rc2

0.9.76-rc1

0.9.74

landlock-split

0.9.72

0.9.72rc1

0.9.70

0.9.68

0.9.68rc1

0.9.66

0.9.66rc1

0.9.64.4

0.9.64.2

0.9.64

0.9.64rc1

0.9.62.4

0.9.62.2

0.9.62

0.9.56.2-LTS

0.9.60

0.9.60-rc1

0.9.58.2

0.9.58

0.9.58-rc1

0.9.56-LTS-release

0.9.56-LTS

0.9.56

0.9.56-rc1

0.9.54

0.9.54-rc2

0.9.54-rc1

0.9.52

0.9.38.12

0.9.50

0.9.50-rc1

0.9.48

0.9.46

0.9.46-rc1

0.9.44.10

0.9.44.8

0.9.44.6

0.9.38.10

0.9.44.4

0.9.38.8

0.9.44.2

0.9.44

0.9.44-rc1

0.9.38.4

0.9.42

0.9.42-rc2

0.9.38.2

0.9.42-rc1

disable-globalcfg

0.9.40

0.9.40-rc1

0.9.38

0.9.38-rc1

0.9.36

0.9.36-rc1

0.9.34

0.9.34-rc1

0.9.32

0.9.32-rc1

0.9.30

0.9.30-rc1

Labels

Clear labels   

LTS merge

  

LTS merge

  

bug

  

bug

  

converted-to-discussion

  

doc-todo

  

documentation

  

duplicate

  

enhancement

  

file-transfer

  

firecfg

  

firejail-in-firejail

  

firetools

  

graphics

  

help wanted

  

information_old

  

installation

  

invalid

  

modif

  

moved

  

needinfo

  

networking

  

notabug

  

notourbug

  

old-version

  

overlayfs

  

packaging

  

profile-request

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question_old

  

removal

  

runtime-permissions

  

sandbox-ipc

  

security

  

stale

  

wiki

  

wiki

  

wontfix

  

wordpress

  

workaround

No labels

LTS merge

LTS merge

bug

bug

converted-to-discussion

doc-todo

documentation

duplicate

enhancement

file-transfer

firecfg

firejail-in-firejail

firetools

graphics

help wanted

information_old

installation

invalid

modif

moved

needinfo

networking

notabug

notourbug

old-version

overlayfs

packaging

profile-request

pull-request

question

question_old

removal

runtime-permissions

sandbox-ipc

security

stale

wiki

wiki

wontfix

wordpress

workaround

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2855

No description provided.