[GH-ISSUE #5080] Ephemeral runtime (--private) breaks XDG_RUNTIME_DIR within user home. #2870

New issue

Open

opened 2026-05-05 09:31:51 -06:00 by gitea-mirror · 2 comments

gitea-mirror commented 2026-05-05 09:31:51 -06:00

Owner

Copy link

Originally created by @benaryorg on GitHub (Mar 28, 2022).
Original GitHub issue: https://github.com/netblue30/firejail/issues/5080

Description

Using --private for an ephemeral runtime breaks pulseaudio for installations where XDG_RUNTIME_DIR resides within the users' home directory (e.g. ~/.local/run).

Steps to Reproduce

Steps to reproduce the behavior

env LC_ALL=C firejail --noprofile --private --whitelist=~/.local/run ls -sahl ~/.local/run

Parent pid 13127, child pid 13128
Child process initialized in 18.11 ms
ls: cannot access '/home/benaryorg/.local/run': No such file or directory

Parent is shutting down, bye...

Expected behavior

I would expect --whitelist to either work even when --private is used, or to have any equivalent mechanism of getting a file or directory within such an environment.
Note that specifically in this use-case the socket in question needs to work, so something that copies files may not work as expected.

Actual behavior

The file specified using whitelist was not present at all, and no arguments seem to be present that allow to add it to the sandbox.

Behavior without a profile

There is no difference between profiles as far as I can see.

Additional context

-

Environment

Gentoo:

firejail version 0.9.68

Compile time support:
        - always force nonewprivs support is disabled
        - AppArmor support is disabled
        - AppImage support is enabled
        - chroot support is enabled
        - D-BUS proxy support is enabled
        - file transfer support is enabled
        - firetunnel support is disabled
        - networking support is enabled
        - output logging is enabled
        - overlayfs support is disabled
        - private-home support is enabled
        - private-cache and tmpfs as user enabled
        - SELinux support is disabled
        - user namespace support is enabled
        - X11 sandboxing support is enabled

Checklist

• The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it).
• I can reproduce the issue without custom modifications (e.g. globals.local).
• The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
• The profile (and redirect profile if exists) hasn't already been fixed upstream.
• I have performed a short search for similar issues (to avoid opening a duplicate).
  • I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.
• I used --profile=PROFILENAME to set the right profile. (Only relevant for AppImages)

Log

Output of env LC_ALL=C firejail --private --whitelist=~/.local/run ls -sahl ~/.local/run

Reading profile /etc/firejail/default.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-programs.inc

** Note: you can use --noprofile to disable default.profile **

Parent pid 25067, child pid 25068
Child process initialized in 65.84 ms
ls: cannot access '/home/benaryorg/.local/run': No such file or directory

Parent is shutting down, bye...

Output of env LC_ALL=C firejail --private --debug --whitelist=~/.local/run ls -sahl ~/.local/run

Autoselecting /bin/zsh as shell
Building quoted command line: 'ls' '-sahl' '/home/benaryorg/.local/run'
Command name #ls#
Attempting to find default.profile...
Found default.profile profile in /etc/firejail directory
Reading profile /etc/firejail/default.profile
Found disable-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-common.inc
Found disable-programs.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-programs.inc
[profile] combined protocol list: "unix,inet,inet6"

** Note: you can use --noprofile to disable default.profile **

DISPLAY=:0 parsed as 0
Using the local network stack
Parent pid 25334, child pid 25338
Initializing child process
Host network configured
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp directory
Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file
Build protocol filter: unix,inet,inet6
sbox run: /run/firejail/lib/fseccomp protocol build unix,inet,inet6 /run/firejail/mnt/seccomp/seccomp.protocol
Dropping all capabilities
Drop privileges: pid 2, uid 1000, gid 1000, force_nogroups 1
No supplementary groups
Mounting /proc filesystem representing the PID namespace
Basic read-only filesystem:
Mounting read-only /etc
116 87 0:26 /@/etc /etc ro,noatime - btrfs /dev/mapper/luks-b9b6f3dd-8a6d-4677-9d2f-1cfc10f50490 rw,degraded,compress=zstd:3,ssd,discard=async,space_cache=v2,user_subvol_rm_allowed,autodefrag,subvolid=333,subvol=/@
mountid=116 fsname=/@/etc dir=/etc fstype=btrfs
Mounting noexec /etc
117 116 0:26 /@/etc /etc ro,nosuid,nodev,noexec,noatime - btrfs /dev/mapper/luks-b9b6f3dd-8a6d-4677-9d2f-1cfc10f50490 rw,degraded,compress=zstd:3,ssd,discard=async,space_cache=v2,user_subvol_rm_allowed,autodefrag,subvolid=333,subvol=/@
mountid=117 fsname=/@/etc dir=/etc fstype=btrfs
Mounting read-only /var
123 118 0:26 /@/var/lib/lxd/storage-pools/default /var/lib/lxd/storage-pools/default rw,noatime - btrfs /dev/mapper/luks-b9b6f3dd-8a6d-4677-9d2f-1cfc10f50490 rw,degraded,compress=zstd:3,ssd,discard=async,space_cache=v2,user_subvol_rm_allowed,autodefrag,subvolid=506,subvol=/@/var/lib/lxd/storage-pools/default
mountid=123 fsname=/@/var/lib/lxd/storage-pools/default dir=/var/lib/lxd/storage-pools/default fstype=btrfs
Mounting read-only /var/tmp
124 119 0:35 / /var/tmp ro,noatime - tmpfs none rw,size=50331648k,inode64
mountid=124 fsname=/ dir=/var/tmp fstype=tmpfs
Mounting read-only /var/lib/lxcfs
125 120 0:39 / /var/lib/lxcfs ro,nosuid,nodev,relatime - fuse.lxcfs lxcfs rw,user_id=0,group_id=0,allow_other
mountid=125 fsname=/ dir=/var/lib/lxcfs fstype=fuse.lxcfs
Mounting read-only /var/lib/lxd/shmounts
126 121 0:41 / /var/lib/lxd/shmounts ro,relatime master:1 - tmpfs tmpfs rw,size=100k,mode=711,inode64
mountid=126 fsname=/ dir=/var/lib/lxd/shmounts fstype=tmpfs
Mounting read-only /var/lib/lxd/devlxd
127 122 0:42 / /var/lib/lxd/devlxd ro,relatime - tmpfs tmpfs rw,size=100k,mode=755,inode64
mountid=127 fsname=/ dir=/var/lib/lxd/devlxd fstype=tmpfs
Mounting read-only /var/lib/lxd/storage-pools/default
128 123 0:26 /@/var/lib/lxd/storage-pools/default /var/lib/lxd/storage-pools/default ro,noatime - btrfs /dev/mapper/luks-b9b6f3dd-8a6d-4677-9d2f-1cfc10f50490 rw,degraded,compress=zstd:3,ssd,discard=async,space_cache=v2,user_subvol_rm_allowed,autodefrag,subvolid=506,subvol=/@/var/lib/lxd/storage-pools/default
mountid=128 fsname=/@/var/lib/lxd/storage-pools/default dir=/var/lib/lxd/storage-pools/default fstype=btrfs
Mounting noexec /var
139 138 0:26 /@/var/lib/lxd/storage-pools/default /var/lib/lxd/storage-pools/default ro,noatime - btrfs /dev/mapper/luks-b9b6f3dd-8a6d-4677-9d2f-1cfc10f50490 rw,degraded,compress=zstd:3,ssd,discard=async,space_cache=v2,user_subvol_rm_allowed,autodefrag,subvolid=506,subvol=/@/var/lib/lxd/storage-pools/default
mountid=139 fsname=/@/var/lib/lxd/storage-pools/default dir=/var/lib/lxd/storage-pools/default fstype=btrfs
Mounting noexec /var/tmp
140 131 0:35 / /var/tmp ro,nosuid,nodev,noexec,noatime - tmpfs none rw,size=50331648k,inode64
mountid=140 fsname=/ dir=/var/tmp fstype=tmpfs
Mounting noexec /var/lib/lxcfs
141 133 0:39 / /var/lib/lxcfs ro,nosuid,nodev,noexec,relatime - fuse.lxcfs lxcfs rw,user_id=0,group_id=0,allow_other
mountid=141 fsname=/ dir=/var/lib/lxcfs fstype=fuse.lxcfs
Mounting noexec /var/lib/lxd/shmounts
142 135 0:41 / /var/lib/lxd/shmounts ro,nosuid,nodev,noexec,relatime master:1 - tmpfs tmpfs rw,size=100k,mode=711,inode64
mountid=142 fsname=/ dir=/var/lib/lxd/shmounts fstype=tmpfs
Mounting noexec /var/lib/lxd/devlxd
143 137 0:42 / /var/lib/lxd/devlxd ro,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,size=100k,mode=755,inode64
mountid=143 fsname=/ dir=/var/lib/lxd/devlxd fstype=tmpfs
Mounting noexec /var/lib/lxd/storage-pools/default
144 139 0:26 /@/var/lib/lxd/storage-pools/default /var/lib/lxd/storage-pools/default ro,nosuid,nodev,noexec,noatime - btrfs /dev/mapper/luks-b9b6f3dd-8a6d-4677-9d2f-1cfc10f50490 rw,degraded,compress=zstd:3,ssd,discard=async,space_cache=v2,user_subvol_rm_allowed,autodefrag,subvolid=506,subvol=/@/var/lib/lxd/storage-pools/default
mountid=144 fsname=/@/var/lib/lxd/storage-pools/default dir=/var/lib/lxd/storage-pools/default fstype=btrfs
Mounting read-only /usr
145 87 0:26 /@/usr /usr ro,noatime - btrfs /dev/mapper/luks-b9b6f3dd-8a6d-4677-9d2f-1cfc10f50490 rw,degraded,compress=zstd:3,ssd,discard=async,space_cache=v2,user_subvol_rm_allowed,autodefrag,subvolid=333,subvol=/@
mountid=145 fsname=/@/usr dir=/usr fstype=btrfs
Mounting read-only /bin
146 87 0:26 /@/bin /bin ro,noatime - btrfs /dev/mapper/luks-b9b6f3dd-8a6d-4677-9d2f-1cfc10f50490 rw,degraded,compress=zstd:3,ssd,discard=async,space_cache=v2,user_subvol_rm_allowed,autodefrag,subvolid=333,subvol=/@
mountid=146 fsname=/@/bin dir=/bin fstype=btrfs
Mounting read-only /sbin
147 87 0:26 /@/sbin /sbin ro,noatime - btrfs /dev/mapper/luks-b9b6f3dd-8a6d-4677-9d2f-1cfc10f50490 rw,degraded,compress=zstd:3,ssd,discard=async,space_cache=v2,user_subvol_rm_allowed,autodefrag,subvolid=333,subvol=/@
mountid=147 fsname=/@/sbin dir=/sbin fstype=btrfs
Mounting read-only /lib
148 87 0:26 /@/lib /lib ro,noatime - btrfs /dev/mapper/luks-b9b6f3dd-8a6d-4677-9d2f-1cfc10f50490 rw,degraded,compress=zstd:3,ssd,discard=async,space_cache=v2,user_subvol_rm_allowed,autodefrag,subvolid=333,subvol=/@
mountid=148 fsname=/@/lib dir=/lib fstype=btrfs
Mounting read-only /lib64
149 87 0:26 /@/lib64 /lib64 ro,noatime - btrfs /dev/mapper/luks-b9b6f3dd-8a6d-4677-9d2f-1cfc10f50490 rw,degraded,compress=zstd:3,ssd,discard=async,space_cache=v2,user_subvol_rm_allowed,autodefrag,subvolid=333,subvol=/@
mountid=149 fsname=/@/lib64 dir=/lib64 fstype=btrfs
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Mounting tmpfs on /var/lib/nginx
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Cleaning /run/user directory
Cannot open /run/user/1000 directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/profile
Disable /run/firejail/x11
Drop privileges: pid 3, uid 1000, gid 1000, force_nogroups 0
Supplementary groups: 5 18 19
Mounting a new /root directory
Mounting a new /home directory
Create a new user directory
Drop privileges: pid 4, uid 1000, gid 1000, force_nogroups 0
Supplementary groups: 5 18 19
Drop privileges: pid 5, uid 1000, gid 1000, force_nogroups 0
Supplementary groups: 5 18 19
blacklist /run/firejail/dbus
Mounting read-only /proc/sys
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/timer_list
Disable /proc/kcore
Disable /proc/kallsyms
Disable /usr/src/linux-5.15.23-benaryorg (requested /usr/src/linux)
Disable /lib/modules
Disable /usr/lib/debug
Disable /boot
Disable /dev/port
Disable /dev/kmsg
Disable /proc/kmsg
Debug 558: whitelist ~/.local/run
Debug 579: expanded: /home/benaryorg/.local/run
Debug 590: new_name: /home/benaryorg/.local/run
Debug 604: dir: /home/benaryorg
Debug 420: skip /home/benaryorg/.local/run - a private home dir is configured!
Disable /etc/xdg/autostart
Mounting read-only /home/benaryorg/.Xauthority
188 168 0:1358 /benaryorg/.Xauthority /home/benaryorg/.Xauthority ro,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64
mountid=188 fsname=/benaryorg/.Xauthority dir=/home/benaryorg/.Xauthority fstype=tmpfs
Disable /etc/systemd/system
Disable /etc/init.d
Disable /etc/rc.conf
Disable /etc/runlevels
Disable /var/spool/cron
Disable /etc/cron.daily
Disable /etc/cron.monthly
Disable /etc/cron.weekly
Disable /etc/cron.hourly
Disable /etc/crontab
Disable /etc/cron.d
Disable /etc/default
Disable /etc/kernel
Disable /etc/logrotate.d
Disable /etc/logrotate.conf
Disable /etc/profile.d
Mounting read-only /home/benaryorg/.zshrc
205 168 0:1358 /benaryorg/.zshrc /home/benaryorg/.zshrc ro,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64
mountid=205 fsname=/benaryorg/.zshrc dir=/home/benaryorg/.zshrc fstype=tmpfs
Disable /etc/group-
Disable /etc/gshadow
Disable /etc/gshadow-
Disable /etc/passwd-
Disable /etc/shadow
Disable /etc/shadow-
Disable /etc/ssh
Warning (blacklisting): cannot open /etc/ssh/*: Permission denied
Disable /sbin
Disable /usr/local/sbin
Disable /usr/sbin
Warning (blacklisting): cannot open /usr/local/sbin/at: Permission denied
Warning (blacklisting): cannot open /usr/sbin/at: Permission denied
Disable /usr/bin/at
Warning (blacklisting): cannot open /sbin/at: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/busybox: Permission denied
Warning (blacklisting): cannot open /usr/sbin/busybox: Permission denied
Warning (blacklisting): cannot open /sbin/busybox: Permission denied
Disable /bin/busybox
Warning (blacklisting): cannot open /usr/local/sbin/chage: Permission denied
Warning (blacklisting): cannot open /usr/sbin/chage: Permission denied
Disable /usr/bin/chage
Warning (blacklisting): cannot open /sbin/chage: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/chfn: Permission denied
Warning (blacklisting): cannot open /usr/sbin/chfn: Permission denied
Disable /usr/bin/chfn
Warning (blacklisting): cannot open /sbin/chfn: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/chsh: Permission denied
Warning (blacklisting): cannot open /usr/sbin/chsh: Permission denied
Disable /usr/bin/chsh
Warning (blacklisting): cannot open /sbin/chsh: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/crontab: Permission denied
Warning (blacklisting): cannot open /usr/sbin/crontab: Permission denied
Disable /usr/bin/crontab
Warning (blacklisting): cannot open /sbin/crontab: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/evtest: Permission denied
Warning (blacklisting): cannot open /usr/sbin/evtest: Permission denied
Warning (blacklisting): cannot open /sbin/evtest: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/expiry: Permission denied
Warning (blacklisting): cannot open /usr/sbin/expiry: Permission denied
Disable /usr/bin/expiry
Warning (blacklisting): cannot open /sbin/expiry: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/fusermount: Permission denied
Warning (blacklisting): cannot open /usr/sbin/fusermount: Permission denied
Disable /usr/bin/fusermount
Warning (blacklisting): cannot open /sbin/fusermount: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/gksu: Permission denied
Warning (blacklisting): cannot open /usr/sbin/gksu: Permission denied
Warning (blacklisting): cannot open /sbin/gksu: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/gksudo: Permission denied
Warning (blacklisting): cannot open /usr/sbin/gksudo: Permission denied
Warning (blacklisting): cannot open /sbin/gksudo: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/gpasswd: Permission denied
Warning (blacklisting): cannot open /usr/sbin/gpasswd: Permission denied
Disable /usr/bin/gpasswd
Warning (blacklisting): cannot open /sbin/gpasswd: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/kdesudo: Permission denied
Warning (blacklisting): cannot open /usr/sbin/kdesudo: Permission denied
Warning (blacklisting): cannot open /sbin/kdesudo: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/ksu: Permission denied
Warning (blacklisting): cannot open /usr/sbin/ksu: Permission denied
Warning (blacklisting): cannot open /sbin/ksu: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/mount: Permission denied
Warning (blacklisting): cannot open /usr/sbin/mount: Permission denied
Warning (blacklisting): cannot open /sbin/mount: Permission denied
Disable /bin/mount
Warning (blacklisting): cannot open /usr/local/sbin/mount.ecryptfs_private: Permission denied
Warning (blacklisting): cannot open /usr/sbin/mount.ecryptfs_private: Permission denied
Warning (blacklisting): cannot open /sbin/mount.ecryptfs_private: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/nc: Permission denied
Warning (blacklisting): cannot open /usr/sbin/nc: Permission denied
Disable /usr/bin/nc
Warning (blacklisting): cannot open /sbin/nc: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/ncat: Permission denied
Warning (blacklisting): cannot open /usr/sbin/ncat: Permission denied
Warning (blacklisting): cannot open /sbin/ncat: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/nmap: Permission denied
Warning (blacklisting): cannot open /usr/sbin/nmap: Permission denied
Disable /usr/bin/nmap
Warning (blacklisting): cannot open /sbin/nmap: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/newgidmap: Permission denied
Warning (blacklisting): cannot open /usr/sbin/newgidmap: Permission denied
Disable /usr/bin/newgidmap
Warning (blacklisting): cannot open /sbin/newgidmap: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/newgrp: Permission denied
Warning (blacklisting): cannot open /usr/sbin/newgrp: Permission denied
Disable /usr/bin/newgrp
Warning (blacklisting): cannot open /sbin/newgrp: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/newuidmap: Permission denied
Warning (blacklisting): cannot open /usr/sbin/newuidmap: Permission denied
Disable /usr/bin/newuidmap
Warning (blacklisting): cannot open /sbin/newuidmap: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/ntfs-3g: Permission denied
Warning (blacklisting): cannot open /usr/sbin/ntfs-3g: Permission denied
Warning (blacklisting): cannot open /sbin/ntfs-3g: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/pkexec: Permission denied
Warning (blacklisting): cannot open /usr/sbin/pkexec: Permission denied
Warning (blacklisting): cannot open /sbin/pkexec: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/procmail: Permission denied
Warning (blacklisting): cannot open /usr/sbin/procmail: Permission denied
Warning (blacklisting): cannot open /sbin/procmail: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/sg: Permission denied
Warning (blacklisting): cannot open /usr/sbin/sg: Permission denied
Disable /usr/bin/newgrp (requested /usr/bin/sg)
Warning (blacklisting): cannot open /sbin/sg: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/strace: Permission denied
Warning (blacklisting): cannot open /usr/sbin/strace: Permission denied
Disable /usr/bin/strace
Warning (blacklisting): cannot open /sbin/strace: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/su: Permission denied
Warning (blacklisting): cannot open /usr/sbin/su: Permission denied
Warning (blacklisting): cannot open /sbin/su: Permission denied
Disable /bin/su
Warning (blacklisting): cannot open /usr/local/sbin/sudo: Permission denied
Warning (blacklisting): cannot open /usr/sbin/sudo: Permission denied
Disable /usr/bin/sudo
Warning (blacklisting): cannot open /sbin/sudo: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/tcpdump: Permission denied
Warning (blacklisting): cannot open /usr/sbin/tcpdump: Permission denied
Warning (blacklisting): cannot open /sbin/tcpdump: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/umount: Permission denied
Warning (blacklisting): cannot open /usr/sbin/umount: Permission denied
Warning (blacklisting): cannot open /sbin/umount: Permission denied
Disable /bin/umount
Warning (blacklisting): cannot open /usr/local/sbin/unix_chkpwd: Permission denied
Warning (blacklisting): cannot open /usr/sbin/unix_chkpwd: Permission denied
Warning (blacklisting): cannot open /sbin/unix_chkpwd: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/xev: Permission denied
Warning (blacklisting): cannot open /usr/sbin/xev: Permission denied
Disable /usr/bin/xev
Warning (blacklisting): cannot open /sbin/xev: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/xinput: Permission denied
Warning (blacklisting): cannot open /usr/sbin/xinput: Permission denied
Disable /usr/bin/xinput
Warning (blacklisting): cannot open /sbin/xinput: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/passwd: Permission denied
Warning (blacklisting): cannot open /usr/sbin/passwd: Permission denied
Disable /bin/passwd (requested /usr/bin/passwd)
Warning (blacklisting): cannot open /sbin/passwd: Permission denied
Disable /bin/passwd
Warning (blacklisting): cannot open /usr/local/sbin/suexec: Permission denied
Warning (blacklisting): cannot open /usr/sbin/suexec: Permission denied
Warning (blacklisting): cannot open /sbin/suexec: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/slock: Permission denied
Warning (blacklisting): cannot open /usr/sbin/slock: Permission denied
Warning (blacklisting): cannot open /sbin/slock: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/physlock: Permission denied
Warning (blacklisting): cannot open /usr/sbin/physlock: Permission denied
Warning (blacklisting): cannot open /sbin/physlock: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/schroot: Permission denied
Warning (blacklisting): cannot open /usr/sbin/schroot: Permission denied
Warning (blacklisting): cannot open /sbin/schroot: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/wshowkeys: Permission denied
Warning (blacklisting): cannot open /usr/sbin/wshowkeys: Permission denied
Warning (blacklisting): cannot open /sbin/wshowkeys: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/pmount: Permission denied
Warning (blacklisting): cannot open /usr/sbin/pmount: Permission denied
Warning (blacklisting): cannot open /sbin/pmount: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/pumount: Permission denied
Warning (blacklisting): cannot open /usr/sbin/pumount: Permission denied
Warning (blacklisting): cannot open /sbin/pumount: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/bmon: Permission denied
Warning (blacklisting): cannot open /usr/sbin/bmon: Permission denied
Warning (blacklisting): cannot open /sbin/bmon: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/fping: Permission denied
Warning (blacklisting): cannot open /usr/sbin/fping: Permission denied
Warning (blacklisting): cannot open /sbin/fping: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/fping6: Permission denied
Warning (blacklisting): cannot open /usr/sbin/fping6: Permission denied
Warning (blacklisting): cannot open /sbin/fping6: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/hostname: Permission denied
Warning (blacklisting): cannot open /usr/sbin/hostname: Permission denied
Warning (blacklisting): cannot open /sbin/hostname: Permission denied
Disable /bin/hostname
Warning (blacklisting): cannot open /usr/local/sbin/mtr: Permission denied
Warning (blacklisting): cannot open /usr/sbin/mtr: Permission denied
Warning (blacklisting): cannot open /sbin/mtr: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/mtr-packet: Permission denied
Warning (blacklisting): cannot open /usr/sbin/mtr-packet: Permission denied
Warning (blacklisting): cannot open /sbin/mtr-packet: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/netstat: Permission denied
Warning (blacklisting): cannot open /usr/sbin/netstat: Permission denied
Warning (blacklisting): cannot open /sbin/netstat: Permission denied
Disable /bin/netstat
Warning (blacklisting): cannot open /usr/local/sbin/nm-online: Permission denied
Warning (blacklisting): cannot open /usr/sbin/nm-online: Permission denied
Warning (blacklisting): cannot open /sbin/nm-online: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/nmcli: Permission denied
Warning (blacklisting): cannot open /usr/sbin/nmcli: Permission denied
Warning (blacklisting): cannot open /sbin/nmcli: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/nmtui: Permission denied
Warning (blacklisting): cannot open /usr/sbin/nmtui: Permission denied
Warning (blacklisting): cannot open /sbin/nmtui: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/nmtui-connect: Permission denied
Warning (blacklisting): cannot open /usr/sbin/nmtui-connect: Permission denied
Warning (blacklisting): cannot open /sbin/nmtui-connect: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/nmtui-edit: Permission denied
Warning (blacklisting): cannot open /usr/sbin/nmtui-edit: Permission denied
Warning (blacklisting): cannot open /sbin/nmtui-edit: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/nmtui-hostname: Permission denied
Warning (blacklisting): cannot open /usr/sbin/nmtui-hostname: Permission denied
Warning (blacklisting): cannot open /sbin/nmtui-hostname: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/networkctl: Permission denied
Warning (blacklisting): cannot open /usr/sbin/networkctl: Permission denied
Warning (blacklisting): cannot open /sbin/networkctl: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/ss: Permission denied
Warning (blacklisting): cannot open /usr/sbin/ss: Permission denied
Warning (blacklisting): cannot open /sbin/ss: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/traceroute: Permission denied
Warning (blacklisting): cannot open /usr/sbin/traceroute: Permission denied
Disable /usr/bin/traceroute
Warning (blacklisting): cannot open /sbin/traceroute: Permission denied
Disable /tmp/tmux-1000
Warning (blacklisting): cannot open /usr/local/sbin/gnome-terminal: Permission denied
Warning (blacklisting): cannot open /usr/sbin/gnome-terminal: Permission denied
Warning (blacklisting): cannot open /sbin/gnome-terminal: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/gnome-terminal.wrapper: Permission denied
Warning (blacklisting): cannot open /usr/sbin/gnome-terminal.wrapper: Permission denied
Warning (blacklisting): cannot open /sbin/gnome-terminal.wrapper: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/lilyterm: Permission denied
Warning (blacklisting): cannot open /usr/sbin/lilyterm: Permission denied
Warning (blacklisting): cannot open /sbin/lilyterm: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/lxterminal: Permission denied
Warning (blacklisting): cannot open /usr/sbin/lxterminal: Permission denied
Warning (blacklisting): cannot open /sbin/lxterminal: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/mate-terminal: Permission denied
Warning (blacklisting): cannot open /usr/sbin/mate-terminal: Permission denied
Warning (blacklisting): cannot open /sbin/mate-terminal: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/mate-terminal.wrapper: Permission denied
Warning (blacklisting): cannot open /usr/sbin/mate-terminal.wrapper: Permission denied
Warning (blacklisting): cannot open /sbin/mate-terminal.wrapper: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/pantheon-terminal: Permission denied
Warning (blacklisting): cannot open /usr/sbin/pantheon-terminal: Permission denied
Warning (blacklisting): cannot open /sbin/pantheon-terminal: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/roxterm: Permission denied
Warning (blacklisting): cannot open /usr/sbin/roxterm: Permission denied
Warning (blacklisting): cannot open /sbin/roxterm: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/roxterm-config: Permission denied
Warning (blacklisting): cannot open /usr/sbin/roxterm-config: Permission denied
Warning (blacklisting): cannot open /sbin/roxterm-config: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/terminix: Permission denied
Warning (blacklisting): cannot open /usr/sbin/terminix: Permission denied
Warning (blacklisting): cannot open /sbin/terminix: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/tilix: Permission denied
Warning (blacklisting): cannot open /usr/sbin/tilix: Permission denied
Warning (blacklisting): cannot open /sbin/tilix: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/urxvtc: Permission denied
Warning (blacklisting): cannot open /usr/sbin/urxvtc: Permission denied
Warning (blacklisting): cannot open /sbin/urxvtc: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/urxvtcd: Permission denied
Warning (blacklisting): cannot open /usr/sbin/urxvtcd: Permission denied
Warning (blacklisting): cannot open /sbin/urxvtcd: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/xfce4-terminal: Permission denied
Warning (blacklisting): cannot open /usr/sbin/xfce4-terminal: Permission denied
Warning (blacklisting): cannot open /sbin/xfce4-terminal: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/xfce4-terminal.wrapper: Permission denied
Warning (blacklisting): cannot open /usr/sbin/xfce4-terminal.wrapper: Permission denied
Warning (blacklisting): cannot open /sbin/xfce4-terminal.wrapper: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/bwrap: Permission denied
Warning (blacklisting): cannot open /usr/sbin/bwrap: Permission denied
Warning (blacklisting): cannot open /sbin/bwrap: Permission denied
Disable /proc/config.gz
Warning (blacklisting): cannot open /usr/local/sbin/dig: Permission denied
Warning (blacklisting): cannot open /usr/sbin/dig: Permission denied
Disable /usr/bin/dig
Warning (blacklisting): cannot open /sbin/dig: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/dlint: Permission denied
Warning (blacklisting): cannot open /usr/sbin/dlint: Permission denied
Warning (blacklisting): cannot open /sbin/dlint: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/dns2tcp: Permission denied
Warning (blacklisting): cannot open /usr/sbin/dns2tcp: Permission denied
Warning (blacklisting): cannot open /sbin/dns2tcp: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/dnssec-*: Permission denied
Warning (blacklisting): cannot open /usr/sbin/dnssec-*: Permission denied
Disable /usr/bin/dnssec-dsfromkey
Disable /usr/bin/dnssec-importkey
Disable /usr/bin/dnssec-keyfromlabel
Disable /usr/bin/dnssec-keygen
Disable /usr/bin/dnssec-revoke
Disable /usr/bin/dnssec-settime
Disable /usr/bin/dnssec-signzone
Disable /usr/bin/dnssec-verify
Warning (blacklisting): cannot open /sbin/dnssec-*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/dnswalk: Permission denied
Warning (blacklisting): cannot open /usr/sbin/dnswalk: Permission denied
Warning (blacklisting): cannot open /sbin/dnswalk: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/drill: Permission denied
Warning (blacklisting): cannot open /usr/sbin/drill: Permission denied
Warning (blacklisting): cannot open /sbin/drill: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/host: Permission denied
Warning (blacklisting): cannot open /usr/sbin/host: Permission denied
Disable /usr/bin/host
Warning (blacklisting): cannot open /sbin/host: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/iodine: Permission denied
Warning (blacklisting): cannot open /usr/sbin/iodine: Permission denied
Warning (blacklisting): cannot open /sbin/iodine: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/kdig: Permission denied
Warning (blacklisting): cannot open /usr/sbin/kdig: Permission denied
Warning (blacklisting): cannot open /sbin/kdig: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/khost: Permission denied
Warning (blacklisting): cannot open /usr/sbin/khost: Permission denied
Warning (blacklisting): cannot open /sbin/khost: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/knsupdate: Permission denied
Warning (blacklisting): cannot open /usr/sbin/knsupdate: Permission denied
Warning (blacklisting): cannot open /sbin/knsupdate: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/ldns-*: Permission denied
Warning (blacklisting): cannot open /usr/sbin/ldns-*: Permission denied
Warning (blacklisting): cannot open /sbin/ldns-*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/ldnsd: Permission denied
Warning (blacklisting): cannot open /usr/sbin/ldnsd: Permission denied
Warning (blacklisting): cannot open /sbin/ldnsd: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/nslookup: Permission denied
Warning (blacklisting): cannot open /usr/sbin/nslookup: Permission denied
Disable /usr/bin/nslookup
Warning (blacklisting): cannot open /sbin/nslookup: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/resolvectl: Permission denied
Warning (blacklisting): cannot open /usr/sbin/resolvectl: Permission denied
Warning (blacklisting): cannot open /sbin/resolvectl: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/unbound-host: Permission denied
Warning (blacklisting): cannot open /usr/sbin/unbound-host: Permission denied
Warning (blacklisting): cannot open /sbin/unbound-host: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/ftp: Permission denied
Warning (blacklisting): cannot open /usr/sbin/ftp: Permission denied
Warning (blacklisting): cannot open /sbin/ftp: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/ssh: Permission denied
Warning (blacklisting): cannot open /usr/sbin/ssh: Permission denied
Disable /usr/bin/ssh
Warning (blacklisting): cannot open /sbin/ssh: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/telnet: Permission denied
Warning (blacklisting): cannot open /usr/sbin/telnet: Permission denied
Warning (blacklisting): cannot open /sbin/telnet: Permission denied
Disable /sys/fs
Disable /sys/module
Drop privileges: pid 6, uid 1000, gid 1000, force_nogroups 0
Supplementary groups: 5 18 19
Creating empty /home/benaryorg/.config directory
Drop privileges: pid 7, uid 1000, gid 1000, force_nogroups 0
Supplementary groups: 5 18 19
Creating empty /home/benaryorg/.config/pulse directory
Mounting noexec /run/firejail/mnt/pulse
259 113 0:1350 /pulse /run/firejail/mnt/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64
mountid=259 fsname=/pulse dir=/run/firejail/mnt/pulse fstype=tmpfs
Mounting /run/firejail/mnt/pulse on /home/benaryorg/.config/pulse
260 168 0:1350 /pulse /home/benaryorg/.config/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64
mountid=260 fsname=/pulse dir=/home/benaryorg/.config/pulse fstype=tmpfs
blacklist /dev/video0
blacklist /dev/video1
blacklist /dev/video2
blacklist /dev/video3
blacklist /dev/input
rebuilding /etc directory
Creating empty /run/firejail/mnt/dns-etc/udev directory
Creating empty /run/firejail/mnt/dns-etc/local.d directory
Creating empty /run/firejail/mnt/dns-etc/iproute2 directory
Creating empty /run/firejail/mnt/dns-etc/xml directory
Creating empty /run/firejail/mnt/dns-etc/pam.d directory
Creating empty /run/firejail/mnt/dns-etc/security directory
Creating empty /run/firejail/mnt/dns-etc/xattr.conf file
Creating empty /run/firejail/mnt/dns-etc/inittab.d directory
Creating empty /run/firejail/mnt/dns-etc/sgml directory
Creating empty /run/firejail/mnt/dns-etc/localtime file
Creating empty /run/firejail/mnt/dns-etc/.pwd.lock file
Creating empty /run/firejail/mnt/dns-etc/xinetd.d directory
Creating empty /run/firejail/mnt/dns-etc/terminfo directory
Creating empty /run/firejail/mnt/dns-etc/sysctl.d directory
Creating empty /run/firejail/mnt/dns-etc/ssl directory
Creating empty /run/firejail/mnt/dns-etc/skel directory
Creating empty /run/firejail/mnt/dns-etc/sandbox.d directory
Creating empty /run/firejail/mnt/dns-etc/python-exec directory
Creating empty /run/firejail/mnt/dns-etc/portage directory
Creating empty /run/firejail/mnt/dns-etc/modprobe.d directory
Creating empty /run/firejail/mnt/dns-etc/ld.so.conf.d directory
Creating empty /run/firejail/mnt/dns-etc/environment.d directory
Creating empty /run/firejail/mnt/dns-etc/env.d directory
Creating empty /run/firejail/mnt/dns-etc/conf.d directory
Creating empty /run/firejail/mnt/dns-etc/ca-certificates directory
Creating empty /run/firejail/mnt/dns-etc/bash directory
Creating empty /run/firejail/mnt/dns-etc/subuid- file
Creating empty /run/firejail/mnt/dns-etc/subgid- file
Creating empty /run/firejail/mnt/dns-etc/nullmailer directory
Creating empty /run/firejail/mnt/dns-etc/sudoers.d directory
Creating empty /run/firejail/mnt/dns-etc/lvm directory
Creating empty /run/firejail/mnt/dns-etc/systemd directory
Creating empty /run/firejail/mnt/dns-etc/distcc directory
Creating empty /run/firejail/mnt/dns-etc/NaturalDocs directory
Creating empty /run/firejail/mnt/dns-etc/eixrc directory
Creating empty /run/firejail/mnt/dns-etc/puppetlabs directory
Creating empty /run/firejail/mnt/dns-etc/timezone file
Creating empty /run/firejail/mnt/dns-etc/locale.gen file
Creating empty /run/firejail/mnt/dns-etc/sysctl.conf file
Creating empty /run/firejail/mnt/dns-etc/subuid file
Creating empty /run/firejail/mnt/dns-etc/subgid file
Creating empty /run/firejail/mnt/dns-etc/sudoers file
Creating empty /run/firejail/mnt/dns-etc/config-archive directory
Creating empty /run/firejail/mnt/dns-etc/vim directory
Creating empty /run/firejail/mnt/dns-etc/resolvconf.conf file
Creating empty /run/firejail/mnt/dns-etc/ntpd.conf file
Creating empty /run/firejail/mnt/dns-etc/bindresvport.blacklist file
Creating empty /run/firejail/mnt/dns-etc/netconfig file
Creating empty /run/firejail/mnt/dns-etc/wireguard directory
Creating empty /run/firejail/mnt/dns-etc/mlocate-cron.conf file
Creating empty /run/firejail/mnt/dns-etc/zsh directory
Creating empty /run/firejail/mnt/dns-etc/ntp.conf file
Creating empty /run/firejail/mnt/dns-etc/eclean directory
Creating empty /run/firejail/mnt/dns-etc/revdep-rebuild directory
Creating empty /run/firejail/mnt/dns-etc/needrestart directory
Creating empty /run/firejail/mnt/dns-etc/syslog-ng directory
Creating empty /run/firejail/mnt/dns-etc/mailutils.d directory
Creating empty /run/firejail/mnt/dns-etc/smartd_warning.d directory
Creating empty /run/firejail/mnt/dns-etc/openldap directory
Creating empty /run/firejail/mnt/dns-etc/nginx directory
Creating empty /run/firejail/mnt/dns-etc/qemu directory
Creating empty /run/firejail/mnt/dns-etc/dracut.conf.d directory
Creating empty /run/firejail/mnt/dns-etc/X11 directory
Creating empty /run/firejail/mnt/dns-etc/fonts directory
Creating empty /run/firejail/mnt/dns-etc/vulkan directory
Creating empty /run/firejail/mnt/dns-etc/ImageMagick-7 directory
Creating empty /run/firejail/mnt/dns-etc/xdg directory
Creating empty /run/firejail/mnt/dns-etc/mpv directory
Creating empty /run/firejail/mnt/dns-etc/prelink.conf.d directory
Creating empty /run/firejail/mnt/dns-etc/dbus-1 directory
Creating empty /run/firejail/mnt/dns-etc/machine-id file
Creating empty /run/firejail/mnt/dns-etc/gtk-3.0 directory
Creating empty /run/firejail/mnt/dns-etc/gtk-2.0 directory
Creating empty /run/firejail/mnt/dns-etc/npm directory
Creating empty /run/firejail/mnt/dns-etc/resolv.conf.bak file
Creating empty /run/firejail/mnt/dns-etc/rdnssd directory
Creating empty /run/firejail/mnt/dns-etc/vdpau_wrapper.cfg file
Creating empty /run/firejail/mnt/dns-etc/OpenCL directory
Creating empty /run/firejail/mnt/dns-etc/texmf directory
Creating empty /run/firejail/mnt/dns-etc/papersize file
Creating empty /run/firejail/mnt/dns-etc/containers directory
Creating empty /run/firejail/mnt/dns-etc/inittab file
Creating empty /run/firejail/mnt/dns-etc/wireless-regdb directory
Creating empty /run/firejail/mnt/dns-etc/libnl directory
Creating empty /run/firejail/mnt/dns-etc/wpa_supplicant directory
Creating empty /run/firejail/mnt/dns-etc/xpra directory
Creating empty /run/firejail/mnt/dns-etc/stunnel directory
Creating empty /run/firejail/mnt/dns-etc/nagios directory
Creating empty /run/firejail/mnt/dns-etc/testssl directory
Creating empty /run/firejail/mnt/dns-etc/ethertypes file
Creating empty /run/firejail/mnt/dns-etc/lxc directory
Creating empty /run/firejail/mnt/dns-etc/cups directory
Creating empty /run/firejail/mnt/dns-etc/printcap file
Creating empty /run/firejail/mnt/dns-etc/gimp directory
Creating empty /run/firejail/mnt/dns-etc/updatedb.conf file
Creating empty /run/firejail/mnt/dns-etc/nbdtab file
Creating empty /run/firejail/mnt/dns-etc/alsa directory
Creating empty /run/firejail/mnt/dns-etc/pulse directory
Creating empty /run/firejail/mnt/dns-etc/unbound directory
Creating empty /run/firejail/mnt/dns-etc/dnssec directory
Creating empty /run/firejail/mnt/dns-etc/unixODBC directory
Creating empty /run/firejail/mnt/dns-etc/snmp directory
Creating empty /run/firejail/mnt/dns-etc/zabbix directory
Creating empty /run/firejail/mnt/dns-etc/btrbk directory
Creating empty /run/firejail/mnt/dns-etc/hosts.allow file
Creating empty /run/firejail/mnt/dns-etc/rhashrc file
Creating empty /run/firejail/mnt/dns-etc/dpkg directory
Creating empty /run/firejail/mnt/dns-etc/alternatives directory
Creating empty /run/firejail/mnt/dns-etc/avahi directory
Creating empty /run/firejail/mnt/dns-etc/man_db.conf file
Creating empty /run/firejail/mnt/dns-etc/mailutils.conf file
Creating empty /run/firejail/mnt/dns-etc/fuse.conf file
Creating empty /run/firejail/mnt/dns-etc/at directory
Creating empty /run/firejail/mnt/dns-etc/hosts file
Creating empty /run/firejail/mnt/dns-etc/murmur directory
Creating empty /run/firejail/mnt/dns-etc/sandbox.conf file
Creating empty /run/firejail/mnt/dns-etc/ardour6 directory
Creating empty /run/firejail/mnt/dns-etc/detoxrc file
Creating empty /run/firejail/mnt/dns-etc/dnsmasq.conf file
Creating empty /run/firejail/mnt/dns-etc/rsyncd.conf file
Creating empty /run/firejail/mnt/dns-etc/lsb-release file
Creating empty /run/firejail/mnt/dns-etc/mbuffer.rc file
Creating empty /run/firejail/mnt/dns-etc/smartd_warning.sh file
Creating empty /run/firejail/mnt/dns-etc/smartd.conf file
Creating empty /run/firejail/mnt/dns-etc/ca-certificates.conf file
Creating empty /run/firejail/mnt/dns-etc/environment file
Creating empty /run/firejail/mnt/dns-etc/ld.so.conf file
Creating empty /run/firejail/mnt/dns-etc/udhcpd.conf file
Creating empty /run/firejail/mnt/dns-etc/login.defs file
Creating empty /run/firejail/mnt/dns-etc/networks file
Creating empty /run/firejail/mnt/dns-etc/profile file
Creating empty /run/firejail/mnt/dns-etc/protocols file
Creating empty /run/firejail/mnt/dns-etc/services file
Creating empty /run/firejail/mnt/dns-etc/shells file
Creating empty /run/firejail/mnt/dns-etc/filesystems file
Creating empty /run/firejail/mnt/dns-etc/inputrc file
Creating empty /run/firejail/mnt/dns-etc/issue file
Creating empty /run/firejail/mnt/dns-etc/issue.logo file
Creating empty /run/firejail/mnt/dns-etc/gentoo-release file
Creating empty /run/firejail/mnt/dns-etc/rmt file
Creating empty /run/firejail/mnt/dns-etc/etc-update.conf file
Creating empty /run/firejail/mnt/dns-etc/dispatch-conf.conf file
Creating empty /run/firejail/mnt/dns-etc/e2fsck.conf file
Creating empty /run/firejail/mnt/dns-etc/e2scrub.conf file
Creating empty /run/firejail/mnt/dns-etc/mke2fs.conf file
Creating empty /run/firejail/mnt/dns-etc/dracut.conf file
Creating empty /run/firejail/mnt/dns-etc/dmtab file
Creating empty /run/firejail/mnt/dns-etc/conntrackd directory
Creating empty /run/firejail/mnt/dns-etc/resolv.conf file
Creating empty /run/firejail/mnt/dns-etc/passwd file
Creating empty /run/firejail/mnt/dns-etc/libvirt directory
Creating empty /run/firejail/mnt/dns-etc/mime.types file
Creating empty /run/firejail/mnt/dns-etc/ndppd.conf file
Creating empty /run/firejail/mnt/dns-etc/firejail directory
Creating empty /run/firejail/mnt/dns-etc/wgetrc file
Creating empty /run/firejail/mnt/dns-etc/sudoers.dist file
Creating empty /run/firejail/mnt/dns-etc/sudo.conf file
Creating empty /run/firejail/mnt/dns-etc/sudo_logsrvd.conf file
Creating empty /run/firejail/mnt/dns-etc/dhcpcd.conf file
Creating empty /run/firejail/mnt/dns-etc/whois.conf file
Creating empty /run/firejail/mnt/dns-etc/initramfs-tools directory
Creating empty /run/firejail/mnt/dns-etc/mdadm.conf file
Creating empty /run/firejail/mnt/dns-etc/pkcs11 directory
Creating empty /run/firejail/mnt/dns-etc/java-config-2 directory
Creating empty /run/firejail/mnt/dns-etc/ld.so.preload file
Creating empty /run/firejail/mnt/dns-etc/group file
Creating empty /run/firejail/mnt/dns-etc/wireplumber directory
Creating empty /run/firejail/mnt/dns-etc/DIR_COLORS file
Creating empty /run/firejail/mnt/dns-etc/rpc file
Creating empty /run/firejail/mnt/dns-etc/gai.conf file
Creating empty /run/firejail/mnt/dns-etc/nsswitch.conf file
Creating empty /run/firejail/mnt/dns-etc/host.conf file
Creating empty /run/firejail/mnt/dns-etc/bees directory
Creating empty /run/firejail/mnt/dns-etc/ld.so.cache file
Creating empty /run/firejail/mnt/dns-etc/fstab file
Creating empty /run/firejail/mnt/dns-etc/profile.env file
Creating empty /run/firejail/mnt/dns-etc/csh.env file
Mount-bind /run/firejail/mnt/dns-etc on top of /etc
Current directory: /home/benaryorg
DISPLAY=:0 parsed as 0
Install protocol filter: unix,inet,inet6
configuring 20 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol
sbox run: /usr/lib64/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol
Dropping all capabilities
Drop privileges: pid 8, uid 1000, gid 1000, force_nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 04 00 c000003e   jeq ARCH_64 0006 (false 0002)
 0002: 20 00 00 00000000   ld  data.syscall-number
 0003: 15 01 00 00000167   jeq unknown 0005 (false 0004)
 0004: 06 00 00 7fff0000   ret ALLOW
 0005: 05 00 00 00000006   jmp 000c
 0006: 20 00 00 00000004   ld  data.architecture
 0007: 15 01 00 c000003e   jeq ARCH_64 0009 (false 0008)
 0008: 06 00 00 7fff0000   ret ALLOW
 0009: 20 00 00 00000000   ld  data.syscall-number
 000a: 15 01 00 00000029   jeq socket 000c (false 000b)
 000b: 06 00 00 7fff0000   ret ALLOW
 000c: 20 00 00 00000010   ld  data.args[0]
 000d: 15 00 01 00000001   jeq 1 000e (false 000f)
 000e: 06 00 00 7fff0000   ret ALLOW
 000f: 15 00 01 00000002   jeq 2 0010 (false 0011)
 0010: 06 00 00 7fff0000   ret ALLOW
 0011: 15 00 01 0000000a   jeq a 0012 (false 0013)
 0012: 06 00 00 7fff0000   ret ALLOW
 0013: 06 00 00 0005005f   ret ERRNO(95)
configuring 54 seccomp entries in /run/firejail/mnt/seccomp/seccomp.32
sbox run: /usr/lib64/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.32
Dropping all capabilities
Drop privileges: pid 9, uid 1000, gid 1000, force_nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 40000003   jeq ARCH_32 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 15 30 00 00000015   jeq 15 0035 (false 0005)
 0005: 15 2f 00 00000034   jeq 34 0035 (false 0006)
 0006: 15 2e 00 0000001a   jeq 1a 0035 (false 0007)
 0007: 15 2d 00 0000011b   jeq 11b 0035 (false 0008)
 0008: 15 2c 00 00000155   jeq 155 0035 (false 0009)
 0009: 15 2b 00 00000156   jeq 156 0035 (false 000a)
 000a: 15 2a 00 0000007f   jeq 7f 0035 (false 000b)
 000b: 15 29 00 00000080   jeq 80 0035 (false 000c)
 000c: 15 28 00 0000015e   jeq 15e 0035 (false 000d)
 000d: 15 27 00 00000081   jeq 81 0035 (false 000e)
 000e: 15 26 00 0000006e   jeq 6e 0035 (false 000f)
 000f: 15 25 00 00000065   jeq 65 0035 (false 0010)
 0010: 15 24 00 00000121   jeq 121 0035 (false 0011)
 0011: 15 23 00 00000057   jeq 57 0035 (false 0012)
 0012: 15 22 00 00000073   jeq 73 0035 (false 0013)
 0013: 15 21 00 00000067   jeq 67 0035 (false 0014)
 0014: 15 20 00 0000015b   jeq 15b 0035 (false 0015)
 0015: 15 1f 00 0000015c   jeq 15c 0035 (false 0016)
 0016: 15 1e 00 00000087   jeq 87 0035 (false 0017)
 0017: 15 1d 00 00000095   jeq 95 0035 (false 0018)
 0018: 15 1c 00 0000007c   jeq 7c 0035 (false 0019)
 0019: 15 1b 00 00000157   jeq 157 0035 (false 001a)
 001a: 15 1a 00 000000fd   jeq fd 0035 (false 001b)
 001b: 15 19 00 00000150   jeq 150 0035 (false 001c)
 001c: 15 18 00 00000152   jeq 152 0035 (false 001d)
 001d: 15 17 00 0000015d   jeq 15d 0035 (false 001e)
 001e: 15 16 00 0000011e   jeq 11e 0035 (false 001f)
 001f: 15 15 00 0000011f   jeq 11f 0035 (false 0020)
 0020: 15 14 00 00000120   jeq 120 0035 (false 0021)
 0021: 15 13 00 00000056   jeq 56 0035 (false 0022)
 0022: 15 12 00 00000033   jeq 33 0035 (false 0023)
 0023: 15 11 00 0000007b   jeq 7b 0035 (false 0024)
 0024: 15 10 00 000000d9   jeq d9 0035 (false 0025)
 0025: 15 0f 00 000000f5   jeq f5 0035 (false 0026)
 0026: 15 0e 00 000000f6   jeq f6 0035 (false 0027)
 0027: 15 0d 00 000000f7   jeq f7 0035 (false 0028)
 0028: 15 0c 00 000000f8   jeq f8 0035 (false 0029)
 0029: 15 0b 00 000000f9   jeq f9 0035 (false 002a)
 002a: 15 0a 00 00000101   jeq 101 0035 (false 002b)
 002b: 15 09 00 00000112   jeq 112 0035 (false 002c)
 002c: 15 08 00 00000114   jeq 114 0035 (false 002d)
 002d: 15 07 00 00000126   jeq 126 0035 (false 002e)
 002e: 15 06 00 0000013d   jeq 13d 0035 (false 002f)
 002f: 15 05 00 0000013c   jeq 13c 0035 (false 0030)
 0030: 15 04 00 0000003d   jeq 3d 0035 (false 0031)
 0031: 15 03 00 00000058   jeq 58 0035 (false 0032)
 0032: 15 02 00 000000a9   jeq a9 0035 (false 0033)
 0033: 15 01 00 00000082   jeq 82 0035 (false 0034)
 0034: 06 00 00 7fff0000   ret ALLOW
 0035: 06 00 00 00050001   ret ERRNO(1)
Dual 32/64 bit seccomp filter configured
configuring 71 seccomp entries in /run/firejail/mnt/seccomp/seccomp
sbox run: /usr/lib64/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp
Dropping all capabilities
Drop privileges: pid 10, uid 1000, gid 1000, force_nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 35 01 00 40000000   jge X32_ABI 0006 (false 0005)
 0005: 35 01 00 00000000   jge read 0007 (false 0006)
 0006: 06 00 00 00050001   ret ERRNO(1)
 0007: 15 3e 00 0000009f   jeq adjtimex 0046 (false 0008)
 0008: 15 3d 00 00000131   jeq clock_adjtime 0046 (false 0009)
 0009: 15 3c 00 000000e3   jeq clock_settime 0046 (false 000a)
 000a: 15 3b 00 000000a4   jeq settimeofday 0046 (false 000b)
 000b: 15 3a 00 0000009a   jeq modify_ldt 0046 (false 000c)
 000c: 15 39 00 000000d4   jeq lookup_dcookie 0046 (false 000d)
 000d: 15 38 00 0000012a   jeq perf_event_open 0046 (false 000e)
 000e: 15 37 00 00000137   jeq process_vm_writev 0046 (false 000f)
 000f: 15 36 00 000000b0   jeq delete_module 0046 (false 0010)
 0010: 15 35 00 00000139   jeq finit_module 0046 (false 0011)
 0011: 15 34 00 000000af   jeq init_module 0046 (false 0012)
 0012: 15 33 00 000000a1   jeq chroot 0046 (false 0013)
 0013: 15 32 00 000000a5   jeq mount 0046 (false 0014)
 0014: 15 31 00 0000009b   jeq pivot_root 0046 (false 0015)
 0015: 15 30 00 000000a6   jeq umount2 0046 (false 0016)
 0016: 15 2f 00 0000009c   jeq _sysctl 0046 (false 0017)
 0017: 15 2e 00 000000b7   jeq afs_syscall 0046 (false 0018)
 0018: 15 2d 00 000000ae   jeq create_module 0046 (false 0019)
 0019: 15 2c 00 000000b1   jeq get_kernel_syms 0046 (false 001a)
 001a: 15 2b 00 000000b5   jeq getpmsg 0046 (false 001b)
 001b: 15 2a 00 000000b6   jeq putpmsg 0046 (false 001c)
 001c: 15 29 00 000000b2   jeq query_module 0046 (false 001d)
 001d: 15 28 00 000000b9   jeq security 0046 (false 001e)
 001e: 15 27 00 0000008b   jeq sysfs 0046 (false 001f)
 001f: 15 26 00 000000b8   jeq tuxcall 0046 (false 0020)
 0020: 15 25 00 00000086   jeq uselib 0046 (false 0021)
 0021: 15 24 00 00000088   jeq ustat 0046 (false 0022)
 0022: 15 23 00 000000ec   jeq vserver 0046 (false 0023)
 0023: 15 22 00 000000ad   jeq ioperm 0046 (false 0024)
 0024: 15 21 00 000000ac   jeq iopl 0046 (false 0025)
 0025: 15 20 00 000000f6   jeq kexec_load 0046 (false 0026)
 0026: 15 1f 00 00000140   jeq kexec_file_load 0046 (false 0027)
 0027: 15 1e 00 000000a9   jeq reboot 0046 (false 0028)
 0028: 15 1d 00 000000a7   jeq swapon 0046 (false 0029)
 0029: 15 1c 00 000000a8   jeq swapoff 0046 (false 002a)
 002a: 15 1b 00 00000130   jeq open_by_handle_at 0046 (false 002b)
 002b: 15 1a 00 0000012f   jeq name_to_handle_at 0046 (false 002c)
 002c: 15 19 00 000000fb   jeq ioprio_set 0046 (false 002d)
 002d: 15 18 00 00000067   jeq syslog 0046 (false 002e)
 002e: 15 17 00 0000012c   jeq fanotify_init 0046 (false 002f)
 002f: 15 16 00 000000f8   jeq add_key 0046 (false 0030)
 0030: 15 15 00 000000f9   jeq request_key 0046 (false 0031)
 0031: 15 14 00 000000ed   jeq mbind 0046 (false 0032)
 0032: 15 13 00 00000100   jeq migrate_pages 0046 (false 0033)
 0033: 15 12 00 00000117   jeq move_pages 0046 (false 0034)
 0034: 15 11 00 000000fa   jeq keyctl 0046 (false 0035)
 0035: 15 10 00 000000ce   jeq io_setup 0046 (false 0036)
 0036: 15 0f 00 000000cf   jeq io_destroy 0046 (false 0037)
 0037: 15 0e 00 000000d0   jeq io_getevents 0046 (false 0038)
 0038: 15 0d 00 000000d1   jeq io_submit 0046 (false 0039)
 0039: 15 0c 00 000000d2   jeq io_cancel 0046 (false 003a)
 003a: 15 0b 00 000000d8   jeq remap_file_pages 0046 (false 003b)
 003b: 15 0a 00 00000143   jeq userfaultfd 0046 (false 003c)
 003c: 15 09 00 000000a3   jeq acct 0046 (false 003d)
 003d: 15 08 00 00000141   jeq bpf 0046 (false 003e)
 003e: 15 07 00 000000b4   jeq nfsservctl 0046 (false 003f)
 003f: 15 06 00 000000ab   jeq setdomainname 0046 (false 0040)
 0040: 15 05 00 000000aa   jeq sethostname 0046 (false 0041)
 0041: 15 04 00 00000099   jeq vhangup 0046 (false 0042)
 0042: 15 03 00 00000065   jeq ptrace 0046 (false 0043)
 0043: 15 02 00 00000087   jeq personality 0046 (false 0044)
 0044: 15 01 00 00000136   jeq process_vm_readv 0046 (false 0045)
 0045: 06 00 00 7fff0000   ret ALLOW
 0046: 06 00 00 00050001   ret ERRNO(1)
seccomp filter configured
Mounting read-only /run/firejail/mnt/seccomp
626 113 0:1350 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755,inode64
mountid=626 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs
Seccomp directory:
ls /run/firejail/mnt/seccomp
drwxr-xr-x root     root             160 .
drwxr-xr-x root     root             240 ..
-rw-r--r-- benaryor benaryor         568 seccomp
-rw-r--r-- benaryor benaryor         432 seccomp.32
-rw-r--r-- benaryor benaryor         114 seccomp.list
-rw-r--r-- benaryor benaryor           0 seccomp.postexec
-rw-r--r-- benaryor benaryor           0 seccomp.postexec32
-rw-r--r-- benaryor benaryor         160 seccomp.protocol
Active seccomp files:
cat /run/firejail/mnt/seccomp/seccomp.list
/run/firejail/mnt/seccomp/seccomp.protocol
/run/firejail/mnt/seccomp/seccomp.32
/run/firejail/mnt/seccomp/seccomp
Dropping all capabilities
noroot user namespace installed
Dropping all capabilities
NO_NEW_PRIVS set
Drop privileges: pid 1, uid 1000, gid 1000, force_nogroups 0
Supplementary groups: 5 18 19
Closing non-standard file descriptors
Starting application
LD_PRELOAD=(null)
Running 'ls' '-sahl' '/home/benaryorg/.local/run'  command through /bin/zsh
execvp argument 0: /bin/zsh
execvp argument 1: -c
execvp argument 2: 'ls' '-sahl' '/home/benaryorg/.local/run'
Child process initialized in 76.63 ms
Installing /run/firejail/mnt/seccomp/seccomp seccomp filter
Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter
Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter
ls: cannot access '/home/benaryorg/.local/run': No such file or directory
monitoring pid 11

Sandbox monitor: waitpid 11 retval 11 status 512

Parent is shutting down, bye...

Originally created by @benaryorg on GitHub (Mar 28, 2022). Original GitHub issue: https://github.com/netblue30/firejail/issues/5080 <!-- See the following links for help with formatting: https://guides.github.com/features/mastering-markdown/ https://docs.github.com/en/github/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax --> ### Description Using `--private` for an ephemeral runtime breaks pulseaudio for installations where *XDG_RUNTIME_DIR* resides within the users' home directory (e.g. *~/.local/run*). ### Steps to Reproduce _Steps to reproduce the behavior_ ```bash env LC_ALL=C firejail --noprofile --private --whitelist=~/.local/run ls -sahl ~/.local/run ``` ```text Parent pid 13127, child pid 13128 Child process initialized in 18.11 ms ls: cannot access '/home/benaryorg/.local/run': No such file or directory Parent is shutting down, bye... ``` ### Expected behavior I would expect `--whitelist` to either work even when `--private` is used, or to have any equivalent mechanism of getting a file or directory within such an environment. Note that specifically in this use-case the socket in question needs to work, so something that copies files may not work as expected. ### Actual behavior The file specified using `whitelist` was not present at all, and no arguments seem to be present that allow to add it to the sandbox. ### Behavior without a profile There is no difference between profiles as far as I can see. ### Additional context \- ### Environment Gentoo: ```text firejail version 0.9.68 Compile time support: - always force nonewprivs support is disabled - AppArmor support is disabled - AppImage support is enabled - chroot support is enabled - D-BUS proxy support is enabled - file transfer support is enabled - firetunnel support is disabled - networking support is enabled - output logging is enabled - overlayfs support is disabled - private-home support is enabled - private-cache and tmpfs as user enabled - SELinux support is disabled - user namespace support is enabled - X11 sandboxing support is enabled ``` ### Checklist <!-- Note: Items are checked with an "x", like so: - [x] This is a checked item. --> - [x] The issues is caused by firejail (i.e. running the program by path (e.g. `/usr/bin/vlc`) "fixes" it). - [x] I can reproduce the issue without custom modifications (e.g. globals.local). - [ ] The program has a profile. (If not, request one in `https://github.com/netblue30/firejail/issues/1139`) - [ ] The profile (and redirect profile if exists) hasn't already been fixed [upstream](https://github.com/netblue30/firejail/tree/master/etc). - [x] I have performed a short search for similar issues (to avoid opening a duplicate). - [x] I'm aware of `browser-allow-drm yes`/`browser-disable-u2f no` in `firejail.config` to allow DRM/U2F in browsers. - [x] I used `--profile=PROFILENAME` to set the right profile. (Only relevant for AppImages) ### Log <details> <summary>Output of <code>env LC_ALL=C firejail --private --whitelist=~/.local/run ls -sahl ~/.local/run </code></summary> <p> ``` Reading profile /etc/firejail/default.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-programs.inc ** Note: you can use --noprofile to disable default.profile ** Parent pid 25067, child pid 25068 Child process initialized in 65.84 ms ls: cannot access '/home/benaryorg/.local/run': No such file or directory Parent is shutting down, bye... ``` </p> </details> <details> <summary>Output of <code>env LC_ALL=C firejail --private --debug --whitelist=~/.local/run ls -sahl ~/.local/run </code></summary> <p> ``` Autoselecting /bin/zsh as shell Building quoted command line: 'ls' '-sahl' '/home/benaryorg/.local/run' Command name #ls# Attempting to find default.profile... Found default.profile profile in /etc/firejail directory Reading profile /etc/firejail/default.profile Found disable-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-common.inc Found disable-programs.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-programs.inc [profile] combined protocol list: "unix,inet,inet6" ** Note: you can use --noprofile to disable default.profile ** DISPLAY=:0 parsed as 0 Using the local network stack Parent pid 25334, child pid 25338 Initializing child process Host network configured PID namespace installed Mounting tmpfs on /run/firejail/mnt directory Creating empty /run/firejail/mnt/seccomp directory Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file Build protocol filter: unix,inet,inet6 sbox run: /run/firejail/lib/fseccomp protocol build unix,inet,inet6 /run/firejail/mnt/seccomp/seccomp.protocol Dropping all capabilities Drop privileges: pid 2, uid 1000, gid 1000, force_nogroups 1 No supplementary groups Mounting /proc filesystem representing the PID namespace Basic read-only filesystem: Mounting read-only /etc 116 87 0:26 /@/etc /etc ro,noatime - btrfs /dev/mapper/luks-b9b6f3dd-8a6d-4677-9d2f-1cfc10f50490 rw,degraded,compress=zstd:3,ssd,discard=async,space_cache=v2,user_subvol_rm_allowed,autodefrag,subvolid=333,subvol=/@ mountid=116 fsname=/@/etc dir=/etc fstype=btrfs Mounting noexec /etc 117 116 0:26 /@/etc /etc ro,nosuid,nodev,noexec,noatime - btrfs /dev/mapper/luks-b9b6f3dd-8a6d-4677-9d2f-1cfc10f50490 rw,degraded,compress=zstd:3,ssd,discard=async,space_cache=v2,user_subvol_rm_allowed,autodefrag,subvolid=333,subvol=/@ mountid=117 fsname=/@/etc dir=/etc fstype=btrfs Mounting read-only /var 123 118 0:26 /@/var/lib/lxd/storage-pools/default /var/lib/lxd/storage-pools/default rw,noatime - btrfs /dev/mapper/luks-b9b6f3dd-8a6d-4677-9d2f-1cfc10f50490 rw,degraded,compress=zstd:3,ssd,discard=async,space_cache=v2,user_subvol_rm_allowed,autodefrag,subvolid=506,subvol=/@/var/lib/lxd/storage-pools/default mountid=123 fsname=/@/var/lib/lxd/storage-pools/default dir=/var/lib/lxd/storage-pools/default fstype=btrfs Mounting read-only /var/tmp 124 119 0:35 / /var/tmp ro,noatime - tmpfs none rw,size=50331648k,inode64 mountid=124 fsname=/ dir=/var/tmp fstype=tmpfs Mounting read-only /var/lib/lxcfs 125 120 0:39 / /var/lib/lxcfs ro,nosuid,nodev,relatime - fuse.lxcfs lxcfs rw,user_id=0,group_id=0,allow_other mountid=125 fsname=/ dir=/var/lib/lxcfs fstype=fuse.lxcfs Mounting read-only /var/lib/lxd/shmounts 126 121 0:41 / /var/lib/lxd/shmounts ro,relatime master:1 - tmpfs tmpfs rw,size=100k,mode=711,inode64 mountid=126 fsname=/ dir=/var/lib/lxd/shmounts fstype=tmpfs Mounting read-only /var/lib/lxd/devlxd 127 122 0:42 / /var/lib/lxd/devlxd ro,relatime - tmpfs tmpfs rw,size=100k,mode=755,inode64 mountid=127 fsname=/ dir=/var/lib/lxd/devlxd fstype=tmpfs Mounting read-only /var/lib/lxd/storage-pools/default 128 123 0:26 /@/var/lib/lxd/storage-pools/default /var/lib/lxd/storage-pools/default ro,noatime - btrfs /dev/mapper/luks-b9b6f3dd-8a6d-4677-9d2f-1cfc10f50490 rw,degraded,compress=zstd:3,ssd,discard=async,space_cache=v2,user_subvol_rm_allowed,autodefrag,subvolid=506,subvol=/@/var/lib/lxd/storage-pools/default mountid=128 fsname=/@/var/lib/lxd/storage-pools/default dir=/var/lib/lxd/storage-pools/default fstype=btrfs Mounting noexec /var 139 138 0:26 /@/var/lib/lxd/storage-pools/default /var/lib/lxd/storage-pools/default ro,noatime - btrfs /dev/mapper/luks-b9b6f3dd-8a6d-4677-9d2f-1cfc10f50490 rw,degraded,compress=zstd:3,ssd,discard=async,space_cache=v2,user_subvol_rm_allowed,autodefrag,subvolid=506,subvol=/@/var/lib/lxd/storage-pools/default mountid=139 fsname=/@/var/lib/lxd/storage-pools/default dir=/var/lib/lxd/storage-pools/default fstype=btrfs Mounting noexec /var/tmp 140 131 0:35 / /var/tmp ro,nosuid,nodev,noexec,noatime - tmpfs none rw,size=50331648k,inode64 mountid=140 fsname=/ dir=/var/tmp fstype=tmpfs Mounting noexec /var/lib/lxcfs 141 133 0:39 / /var/lib/lxcfs ro,nosuid,nodev,noexec,relatime - fuse.lxcfs lxcfs rw,user_id=0,group_id=0,allow_other mountid=141 fsname=/ dir=/var/lib/lxcfs fstype=fuse.lxcfs Mounting noexec /var/lib/lxd/shmounts 142 135 0:41 / /var/lib/lxd/shmounts ro,nosuid,nodev,noexec,relatime master:1 - tmpfs tmpfs rw,size=100k,mode=711,inode64 mountid=142 fsname=/ dir=/var/lib/lxd/shmounts fstype=tmpfs Mounting noexec /var/lib/lxd/devlxd 143 137 0:42 / /var/lib/lxd/devlxd ro,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,size=100k,mode=755,inode64 mountid=143 fsname=/ dir=/var/lib/lxd/devlxd fstype=tmpfs Mounting noexec /var/lib/lxd/storage-pools/default 144 139 0:26 /@/var/lib/lxd/storage-pools/default /var/lib/lxd/storage-pools/default ro,nosuid,nodev,noexec,noatime - btrfs /dev/mapper/luks-b9b6f3dd-8a6d-4677-9d2f-1cfc10f50490 rw,degraded,compress=zstd:3,ssd,discard=async,space_cache=v2,user_subvol_rm_allowed,autodefrag,subvolid=506,subvol=/@/var/lib/lxd/storage-pools/default mountid=144 fsname=/@/var/lib/lxd/storage-pools/default dir=/var/lib/lxd/storage-pools/default fstype=btrfs Mounting read-only /usr 145 87 0:26 /@/usr /usr ro,noatime - btrfs /dev/mapper/luks-b9b6f3dd-8a6d-4677-9d2f-1cfc10f50490 rw,degraded,compress=zstd:3,ssd,discard=async,space_cache=v2,user_subvol_rm_allowed,autodefrag,subvolid=333,subvol=/@ mountid=145 fsname=/@/usr dir=/usr fstype=btrfs Mounting read-only /bin 146 87 0:26 /@/bin /bin ro,noatime - btrfs /dev/mapper/luks-b9b6f3dd-8a6d-4677-9d2f-1cfc10f50490 rw,degraded,compress=zstd:3,ssd,discard=async,space_cache=v2,user_subvol_rm_allowed,autodefrag,subvolid=333,subvol=/@ mountid=146 fsname=/@/bin dir=/bin fstype=btrfs Mounting read-only /sbin 147 87 0:26 /@/sbin /sbin ro,noatime - btrfs /dev/mapper/luks-b9b6f3dd-8a6d-4677-9d2f-1cfc10f50490 rw,degraded,compress=zstd:3,ssd,discard=async,space_cache=v2,user_subvol_rm_allowed,autodefrag,subvolid=333,subvol=/@ mountid=147 fsname=/@/sbin dir=/sbin fstype=btrfs Mounting read-only /lib 148 87 0:26 /@/lib /lib ro,noatime - btrfs /dev/mapper/luks-b9b6f3dd-8a6d-4677-9d2f-1cfc10f50490 rw,degraded,compress=zstd:3,ssd,discard=async,space_cache=v2,user_subvol_rm_allowed,autodefrag,subvolid=333,subvol=/@ mountid=148 fsname=/@/lib dir=/lib fstype=btrfs Mounting read-only /lib64 149 87 0:26 /@/lib64 /lib64 ro,noatime - btrfs /dev/mapper/luks-b9b6f3dd-8a6d-4677-9d2f-1cfc10f50490 rw,degraded,compress=zstd:3,ssd,discard=async,space_cache=v2,user_subvol_rm_allowed,autodefrag,subvolid=333,subvol=/@ mountid=149 fsname=/@/lib64 dir=/lib64 fstype=btrfs Mounting tmpfs on /var/lock Mounting tmpfs on /var/tmp Mounting tmpfs on /var/log Mounting tmpfs on /var/lib/nginx Create the new utmp file Mount the new utmp file Cleaning /home directory Cleaning /run/user directory Cannot open /run/user/1000 directory Sanitizing /etc/passwd, UID_MIN 1000 Sanitizing /etc/group, GID_MIN 1000 Disable /run/firejail/network Disable /run/firejail/bandwidth Disable /run/firejail/name Disable /run/firejail/profile Disable /run/firejail/x11 Drop privileges: pid 3, uid 1000, gid 1000, force_nogroups 0 Supplementary groups: 5 18 19 Mounting a new /root directory Mounting a new /home directory Create a new user directory Drop privileges: pid 4, uid 1000, gid 1000, force_nogroups 0 Supplementary groups: 5 18 19 Drop privileges: pid 5, uid 1000, gid 1000, force_nogroups 0 Supplementary groups: 5 18 19 blacklist /run/firejail/dbus Mounting read-only /proc/sys Remounting /sys directory Disable /sys/firmware Disable /sys/hypervisor Disable /sys/power Disable /sys/kernel/debug Disable /sys/kernel/vmcoreinfo Disable /proc/sys/fs/binfmt_misc Disable /proc/sys/kernel/core_pattern Disable /proc/sys/kernel/modprobe Disable /proc/sysrq-trigger Disable /proc/sys/vm/panic_on_oom Disable /proc/irq Disable /proc/bus Disable /proc/timer_list Disable /proc/kcore Disable /proc/kallsyms Disable /usr/src/linux-5.15.23-benaryorg (requested /usr/src/linux) Disable /lib/modules Disable /usr/lib/debug Disable /boot Disable /dev/port Disable /dev/kmsg Disable /proc/kmsg Debug 558: whitelist ~/.local/run Debug 579: expanded: /home/benaryorg/.local/run Debug 590: new_name: /home/benaryorg/.local/run Debug 604: dir: /home/benaryorg Debug 420: skip /home/benaryorg/.local/run - a private home dir is configured! Disable /etc/xdg/autostart Mounting read-only /home/benaryorg/.Xauthority 188 168 0:1358 /benaryorg/.Xauthority /home/benaryorg/.Xauthority ro,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64 mountid=188 fsname=/benaryorg/.Xauthority dir=/home/benaryorg/.Xauthority fstype=tmpfs Disable /etc/systemd/system Disable /etc/init.d Disable /etc/rc.conf Disable /etc/runlevels Disable /var/spool/cron Disable /etc/cron.daily Disable /etc/cron.monthly Disable /etc/cron.weekly Disable /etc/cron.hourly Disable /etc/crontab Disable /etc/cron.d Disable /etc/default Disable /etc/kernel Disable /etc/logrotate.d Disable /etc/logrotate.conf Disable /etc/profile.d Mounting read-only /home/benaryorg/.zshrc 205 168 0:1358 /benaryorg/.zshrc /home/benaryorg/.zshrc ro,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64 mountid=205 fsname=/benaryorg/.zshrc dir=/home/benaryorg/.zshrc fstype=tmpfs Disable /etc/group- Disable /etc/gshadow Disable /etc/gshadow- Disable /etc/passwd- Disable /etc/shadow Disable /etc/shadow- Disable /etc/ssh Warning (blacklisting): cannot open /etc/ssh/*: Permission denied Disable /sbin Disable /usr/local/sbin Disable /usr/sbin Warning (blacklisting): cannot open /usr/local/sbin/at: Permission denied Warning (blacklisting): cannot open /usr/sbin/at: Permission denied Disable /usr/bin/at Warning (blacklisting): cannot open /sbin/at: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/busybox: Permission denied Warning (blacklisting): cannot open /usr/sbin/busybox: Permission denied Warning (blacklisting): cannot open /sbin/busybox: Permission denied Disable /bin/busybox Warning (blacklisting): cannot open /usr/local/sbin/chage: Permission denied Warning (blacklisting): cannot open /usr/sbin/chage: Permission denied Disable /usr/bin/chage Warning (blacklisting): cannot open /sbin/chage: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/chfn: Permission denied Warning (blacklisting): cannot open /usr/sbin/chfn: Permission denied Disable /usr/bin/chfn Warning (blacklisting): cannot open /sbin/chfn: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/chsh: Permission denied Warning (blacklisting): cannot open /usr/sbin/chsh: Permission denied Disable /usr/bin/chsh Warning (blacklisting): cannot open /sbin/chsh: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/crontab: Permission denied Warning (blacklisting): cannot open /usr/sbin/crontab: Permission denied Disable /usr/bin/crontab Warning (blacklisting): cannot open /sbin/crontab: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/evtest: Permission denied Warning (blacklisting): cannot open /usr/sbin/evtest: Permission denied Warning (blacklisting): cannot open /sbin/evtest: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/expiry: Permission denied Warning (blacklisting): cannot open /usr/sbin/expiry: Permission denied Disable /usr/bin/expiry Warning (blacklisting): cannot open /sbin/expiry: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/fusermount: Permission denied Warning (blacklisting): cannot open /usr/sbin/fusermount: Permission denied Disable /usr/bin/fusermount Warning (blacklisting): cannot open /sbin/fusermount: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/gksu: Permission denied Warning (blacklisting): cannot open /usr/sbin/gksu: Permission denied Warning (blacklisting): cannot open /sbin/gksu: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/gksudo: Permission denied Warning (blacklisting): cannot open /usr/sbin/gksudo: Permission denied Warning (blacklisting): cannot open /sbin/gksudo: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/gpasswd: Permission denied Warning (blacklisting): cannot open /usr/sbin/gpasswd: Permission denied Disable /usr/bin/gpasswd Warning (blacklisting): cannot open /sbin/gpasswd: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/kdesudo: Permission denied Warning (blacklisting): cannot open /usr/sbin/kdesudo: Permission denied Warning (blacklisting): cannot open /sbin/kdesudo: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/ksu: Permission denied Warning (blacklisting): cannot open /usr/sbin/ksu: Permission denied Warning (blacklisting): cannot open /sbin/ksu: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/mount: Permission denied Warning (blacklisting): cannot open /usr/sbin/mount: Permission denied Warning (blacklisting): cannot open /sbin/mount: Permission denied Disable /bin/mount Warning (blacklisting): cannot open /usr/local/sbin/mount.ecryptfs_private: Permission denied Warning (blacklisting): cannot open /usr/sbin/mount.ecryptfs_private: Permission denied Warning (blacklisting): cannot open /sbin/mount.ecryptfs_private: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/nc: Permission denied Warning (blacklisting): cannot open /usr/sbin/nc: Permission denied Disable /usr/bin/nc Warning (blacklisting): cannot open /sbin/nc: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/ncat: Permission denied Warning (blacklisting): cannot open /usr/sbin/ncat: Permission denied Warning (blacklisting): cannot open /sbin/ncat: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/nmap: Permission denied Warning (blacklisting): cannot open /usr/sbin/nmap: Permission denied Disable /usr/bin/nmap Warning (blacklisting): cannot open /sbin/nmap: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/newgidmap: Permission denied Warning (blacklisting): cannot open /usr/sbin/newgidmap: Permission denied Disable /usr/bin/newgidmap Warning (blacklisting): cannot open /sbin/newgidmap: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/newgrp: Permission denied Warning (blacklisting): cannot open /usr/sbin/newgrp: Permission denied Disable /usr/bin/newgrp Warning (blacklisting): cannot open /sbin/newgrp: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/newuidmap: Permission denied Warning (blacklisting): cannot open /usr/sbin/newuidmap: Permission denied Disable /usr/bin/newuidmap Warning (blacklisting): cannot open /sbin/newuidmap: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/ntfs-3g: Permission denied Warning (blacklisting): cannot open /usr/sbin/ntfs-3g: Permission denied Warning (blacklisting): cannot open /sbin/ntfs-3g: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/pkexec: Permission denied Warning (blacklisting): cannot open /usr/sbin/pkexec: Permission denied Warning (blacklisting): cannot open /sbin/pkexec: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/procmail: Permission denied Warning (blacklisting): cannot open /usr/sbin/procmail: Permission denied Warning (blacklisting): cannot open /sbin/procmail: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/sg: Permission denied Warning (blacklisting): cannot open /usr/sbin/sg: Permission denied Disable /usr/bin/newgrp (requested /usr/bin/sg) Warning (blacklisting): cannot open /sbin/sg: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/strace: Permission denied Warning (blacklisting): cannot open /usr/sbin/strace: Permission denied Disable /usr/bin/strace Warning (blacklisting): cannot open /sbin/strace: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/su: Permission denied Warning (blacklisting): cannot open /usr/sbin/su: Permission denied Warning (blacklisting): cannot open /sbin/su: Permission denied Disable /bin/su Warning (blacklisting): cannot open /usr/local/sbin/sudo: Permission denied Warning (blacklisting): cannot open /usr/sbin/sudo: Permission denied Disable /usr/bin/sudo Warning (blacklisting): cannot open /sbin/sudo: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/tcpdump: Permission denied Warning (blacklisting): cannot open /usr/sbin/tcpdump: Permission denied Warning (blacklisting): cannot open /sbin/tcpdump: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/umount: Permission denied Warning (blacklisting): cannot open /usr/sbin/umount: Permission denied Warning (blacklisting): cannot open /sbin/umount: Permission denied Disable /bin/umount Warning (blacklisting): cannot open /usr/local/sbin/unix_chkpwd: Permission denied Warning (blacklisting): cannot open /usr/sbin/unix_chkpwd: Permission denied Warning (blacklisting): cannot open /sbin/unix_chkpwd: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/xev: Permission denied Warning (blacklisting): cannot open /usr/sbin/xev: Permission denied Disable /usr/bin/xev Warning (blacklisting): cannot open /sbin/xev: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/xinput: Permission denied Warning (blacklisting): cannot open /usr/sbin/xinput: Permission denied Disable /usr/bin/xinput Warning (blacklisting): cannot open /sbin/xinput: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/passwd: Permission denied Warning (blacklisting): cannot open /usr/sbin/passwd: Permission denied Disable /bin/passwd (requested /usr/bin/passwd) Warning (blacklisting): cannot open /sbin/passwd: Permission denied Disable /bin/passwd Warning (blacklisting): cannot open /usr/local/sbin/suexec: Permission denied Warning (blacklisting): cannot open /usr/sbin/suexec: Permission denied Warning (blacklisting): cannot open /sbin/suexec: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/slock: Permission denied Warning (blacklisting): cannot open /usr/sbin/slock: Permission denied Warning (blacklisting): cannot open /sbin/slock: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/physlock: Permission denied Warning (blacklisting): cannot open /usr/sbin/physlock: Permission denied Warning (blacklisting): cannot open /sbin/physlock: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/schroot: Permission denied Warning (blacklisting): cannot open /usr/sbin/schroot: Permission denied Warning (blacklisting): cannot open /sbin/schroot: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/wshowkeys: Permission denied Warning (blacklisting): cannot open /usr/sbin/wshowkeys: Permission denied Warning (blacklisting): cannot open /sbin/wshowkeys: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/pmount: Permission denied Warning (blacklisting): cannot open /usr/sbin/pmount: Permission denied Warning (blacklisting): cannot open /sbin/pmount: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/pumount: Permission denied Warning (blacklisting): cannot open /usr/sbin/pumount: Permission denied Warning (blacklisting): cannot open /sbin/pumount: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/bmon: Permission denied Warning (blacklisting): cannot open /usr/sbin/bmon: Permission denied Warning (blacklisting): cannot open /sbin/bmon: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/fping: Permission denied Warning (blacklisting): cannot open /usr/sbin/fping: Permission denied Warning (blacklisting): cannot open /sbin/fping: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/fping6: Permission denied Warning (blacklisting): cannot open /usr/sbin/fping6: Permission denied Warning (blacklisting): cannot open /sbin/fping6: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/hostname: Permission denied Warning (blacklisting): cannot open /usr/sbin/hostname: Permission denied Warning (blacklisting): cannot open /sbin/hostname: Permission denied Disable /bin/hostname Warning (blacklisting): cannot open /usr/local/sbin/mtr: Permission denied Warning (blacklisting): cannot open /usr/sbin/mtr: Permission denied Warning (blacklisting): cannot open /sbin/mtr: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/mtr-packet: Permission denied Warning (blacklisting): cannot open /usr/sbin/mtr-packet: Permission denied Warning (blacklisting): cannot open /sbin/mtr-packet: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/netstat: Permission denied Warning (blacklisting): cannot open /usr/sbin/netstat: Permission denied Warning (blacklisting): cannot open /sbin/netstat: Permission denied Disable /bin/netstat Warning (blacklisting): cannot open /usr/local/sbin/nm-online: Permission denied Warning (blacklisting): cannot open /usr/sbin/nm-online: Permission denied Warning (blacklisting): cannot open /sbin/nm-online: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/nmcli: Permission denied Warning (blacklisting): cannot open /usr/sbin/nmcli: Permission denied Warning (blacklisting): cannot open /sbin/nmcli: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/nmtui: Permission denied Warning (blacklisting): cannot open /usr/sbin/nmtui: Permission denied Warning (blacklisting): cannot open /sbin/nmtui: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/nmtui-connect: Permission denied Warning (blacklisting): cannot open /usr/sbin/nmtui-connect: Permission denied Warning (blacklisting): cannot open /sbin/nmtui-connect: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/nmtui-edit: Permission denied Warning (blacklisting): cannot open /usr/sbin/nmtui-edit: Permission denied Warning (blacklisting): cannot open /sbin/nmtui-edit: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/nmtui-hostname: Permission denied Warning (blacklisting): cannot open /usr/sbin/nmtui-hostname: Permission denied Warning (blacklisting): cannot open /sbin/nmtui-hostname: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/networkctl: Permission denied Warning (blacklisting): cannot open /usr/sbin/networkctl: Permission denied Warning (blacklisting): cannot open /sbin/networkctl: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/ss: Permission denied Warning (blacklisting): cannot open /usr/sbin/ss: Permission denied Warning (blacklisting): cannot open /sbin/ss: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/traceroute: Permission denied Warning (blacklisting): cannot open /usr/sbin/traceroute: Permission denied Disable /usr/bin/traceroute Warning (blacklisting): cannot open /sbin/traceroute: Permission denied Disable /tmp/tmux-1000 Warning (blacklisting): cannot open /usr/local/sbin/gnome-terminal: Permission denied Warning (blacklisting): cannot open /usr/sbin/gnome-terminal: Permission denied Warning (blacklisting): cannot open /sbin/gnome-terminal: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/gnome-terminal.wrapper: Permission denied Warning (blacklisting): cannot open /usr/sbin/gnome-terminal.wrapper: Permission denied Warning (blacklisting): cannot open /sbin/gnome-terminal.wrapper: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/lilyterm: Permission denied Warning (blacklisting): cannot open /usr/sbin/lilyterm: Permission denied Warning (blacklisting): cannot open /sbin/lilyterm: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/lxterminal: Permission denied Warning (blacklisting): cannot open /usr/sbin/lxterminal: Permission denied Warning (blacklisting): cannot open /sbin/lxterminal: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/mate-terminal: Permission denied Warning (blacklisting): cannot open /usr/sbin/mate-terminal: Permission denied Warning (blacklisting): cannot open /sbin/mate-terminal: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/mate-terminal.wrapper: Permission denied Warning (blacklisting): cannot open /usr/sbin/mate-terminal.wrapper: Permission denied Warning (blacklisting): cannot open /sbin/mate-terminal.wrapper: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/pantheon-terminal: Permission denied Warning (blacklisting): cannot open /usr/sbin/pantheon-terminal: Permission denied Warning (blacklisting): cannot open /sbin/pantheon-terminal: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/roxterm: Permission denied Warning (blacklisting): cannot open /usr/sbin/roxterm: Permission denied Warning (blacklisting): cannot open /sbin/roxterm: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/roxterm-config: Permission denied Warning (blacklisting): cannot open /usr/sbin/roxterm-config: Permission denied Warning (blacklisting): cannot open /sbin/roxterm-config: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/terminix: Permission denied Warning (blacklisting): cannot open /usr/sbin/terminix: Permission denied Warning (blacklisting): cannot open /sbin/terminix: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/tilix: Permission denied Warning (blacklisting): cannot open /usr/sbin/tilix: Permission denied Warning (blacklisting): cannot open /sbin/tilix: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/urxvtc: Permission denied Warning (blacklisting): cannot open /usr/sbin/urxvtc: Permission denied Warning (blacklisting): cannot open /sbin/urxvtc: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/urxvtcd: Permission denied Warning (blacklisting): cannot open /usr/sbin/urxvtcd: Permission denied Warning (blacklisting): cannot open /sbin/urxvtcd: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/xfce4-terminal: Permission denied Warning (blacklisting): cannot open /usr/sbin/xfce4-terminal: Permission denied Warning (blacklisting): cannot open /sbin/xfce4-terminal: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/xfce4-terminal.wrapper: Permission denied Warning (blacklisting): cannot open /usr/sbin/xfce4-terminal.wrapper: Permission denied Warning (blacklisting): cannot open /sbin/xfce4-terminal.wrapper: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/bwrap: Permission denied Warning (blacklisting): cannot open /usr/sbin/bwrap: Permission denied Warning (blacklisting): cannot open /sbin/bwrap: Permission denied Disable /proc/config.gz Warning (blacklisting): cannot open /usr/local/sbin/dig: Permission denied Warning (blacklisting): cannot open /usr/sbin/dig: Permission denied Disable /usr/bin/dig Warning (blacklisting): cannot open /sbin/dig: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/dlint: Permission denied Warning (blacklisting): cannot open /usr/sbin/dlint: Permission denied Warning (blacklisting): cannot open /sbin/dlint: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/dns2tcp: Permission denied Warning (blacklisting): cannot open /usr/sbin/dns2tcp: Permission denied Warning (blacklisting): cannot open /sbin/dns2tcp: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/dnssec-*: Permission denied Warning (blacklisting): cannot open /usr/sbin/dnssec-*: Permission denied Disable /usr/bin/dnssec-dsfromkey Disable /usr/bin/dnssec-importkey Disable /usr/bin/dnssec-keyfromlabel Disable /usr/bin/dnssec-keygen Disable /usr/bin/dnssec-revoke Disable /usr/bin/dnssec-settime Disable /usr/bin/dnssec-signzone Disable /usr/bin/dnssec-verify Warning (blacklisting): cannot open /sbin/dnssec-*: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/dnswalk: Permission denied Warning (blacklisting): cannot open /usr/sbin/dnswalk: Permission denied Warning (blacklisting): cannot open /sbin/dnswalk: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/drill: Permission denied Warning (blacklisting): cannot open /usr/sbin/drill: Permission denied Warning (blacklisting): cannot open /sbin/drill: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/host: Permission denied Warning (blacklisting): cannot open /usr/sbin/host: Permission denied Disable /usr/bin/host Warning (blacklisting): cannot open /sbin/host: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/iodine: Permission denied Warning (blacklisting): cannot open /usr/sbin/iodine: Permission denied Warning (blacklisting): cannot open /sbin/iodine: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/kdig: Permission denied Warning (blacklisting): cannot open /usr/sbin/kdig: Permission denied Warning (blacklisting): cannot open /sbin/kdig: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/khost: Permission denied Warning (blacklisting): cannot open /usr/sbin/khost: Permission denied Warning (blacklisting): cannot open /sbin/khost: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/knsupdate: Permission denied Warning (blacklisting): cannot open /usr/sbin/knsupdate: Permission denied Warning (blacklisting): cannot open /sbin/knsupdate: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/ldns-*: Permission denied Warning (blacklisting): cannot open /usr/sbin/ldns-*: Permission denied Warning (blacklisting): cannot open /sbin/ldns-*: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/ldnsd: Permission denied Warning (blacklisting): cannot open /usr/sbin/ldnsd: Permission denied Warning (blacklisting): cannot open /sbin/ldnsd: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/nslookup: Permission denied Warning (blacklisting): cannot open /usr/sbin/nslookup: Permission denied Disable /usr/bin/nslookup Warning (blacklisting): cannot open /sbin/nslookup: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/resolvectl: Permission denied Warning (blacklisting): cannot open /usr/sbin/resolvectl: Permission denied Warning (blacklisting): cannot open /sbin/resolvectl: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/unbound-host: Permission denied Warning (blacklisting): cannot open /usr/sbin/unbound-host: Permission denied Warning (blacklisting): cannot open /sbin/unbound-host: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/ftp: Permission denied Warning (blacklisting): cannot open /usr/sbin/ftp: Permission denied Warning (blacklisting): cannot open /sbin/ftp: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/ssh: Permission denied Warning (blacklisting): cannot open /usr/sbin/ssh: Permission denied Disable /usr/bin/ssh Warning (blacklisting): cannot open /sbin/ssh: Permission denied Warning (blacklisting): cannot open /usr/local/sbin/telnet: Permission denied Warning (blacklisting): cannot open /usr/sbin/telnet: Permission denied Warning (blacklisting): cannot open /sbin/telnet: Permission denied Disable /sys/fs Disable /sys/module Drop privileges: pid 6, uid 1000, gid 1000, force_nogroups 0 Supplementary groups: 5 18 19 Creating empty /home/benaryorg/.config directory Drop privileges: pid 7, uid 1000, gid 1000, force_nogroups 0 Supplementary groups: 5 18 19 Creating empty /home/benaryorg/.config/pulse directory Mounting noexec /run/firejail/mnt/pulse 259 113 0:1350 /pulse /run/firejail/mnt/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64 mountid=259 fsname=/pulse dir=/run/firejail/mnt/pulse fstype=tmpfs Mounting /run/firejail/mnt/pulse on /home/benaryorg/.config/pulse 260 168 0:1350 /pulse /home/benaryorg/.config/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64 mountid=260 fsname=/pulse dir=/home/benaryorg/.config/pulse fstype=tmpfs blacklist /dev/video0 blacklist /dev/video1 blacklist /dev/video2 blacklist /dev/video3 blacklist /dev/input rebuilding /etc directory Creating empty /run/firejail/mnt/dns-etc/udev directory Creating empty /run/firejail/mnt/dns-etc/local.d directory Creating empty /run/firejail/mnt/dns-etc/iproute2 directory Creating empty /run/firejail/mnt/dns-etc/xml directory Creating empty /run/firejail/mnt/dns-etc/pam.d directory Creating empty /run/firejail/mnt/dns-etc/security directory Creating empty /run/firejail/mnt/dns-etc/xattr.conf file Creating empty /run/firejail/mnt/dns-etc/inittab.d directory Creating empty /run/firejail/mnt/dns-etc/sgml directory Creating empty /run/firejail/mnt/dns-etc/localtime file Creating empty /run/firejail/mnt/dns-etc/.pwd.lock file Creating empty /run/firejail/mnt/dns-etc/xinetd.d directory Creating empty /run/firejail/mnt/dns-etc/terminfo directory Creating empty /run/firejail/mnt/dns-etc/sysctl.d directory Creating empty /run/firejail/mnt/dns-etc/ssl directory Creating empty /run/firejail/mnt/dns-etc/skel directory Creating empty /run/firejail/mnt/dns-etc/sandbox.d directory Creating empty /run/firejail/mnt/dns-etc/python-exec directory Creating empty /run/firejail/mnt/dns-etc/portage directory Creating empty /run/firejail/mnt/dns-etc/modprobe.d directory Creating empty /run/firejail/mnt/dns-etc/ld.so.conf.d directory Creating empty /run/firejail/mnt/dns-etc/environment.d directory Creating empty /run/firejail/mnt/dns-etc/env.d directory Creating empty /run/firejail/mnt/dns-etc/conf.d directory Creating empty /run/firejail/mnt/dns-etc/ca-certificates directory Creating empty /run/firejail/mnt/dns-etc/bash directory Creating empty /run/firejail/mnt/dns-etc/subuid- file Creating empty /run/firejail/mnt/dns-etc/subgid- file Creating empty /run/firejail/mnt/dns-etc/nullmailer directory Creating empty /run/firejail/mnt/dns-etc/sudoers.d directory Creating empty /run/firejail/mnt/dns-etc/lvm directory Creating empty /run/firejail/mnt/dns-etc/systemd directory Creating empty /run/firejail/mnt/dns-etc/distcc directory Creating empty /run/firejail/mnt/dns-etc/NaturalDocs directory Creating empty /run/firejail/mnt/dns-etc/eixrc directory Creating empty /run/firejail/mnt/dns-etc/puppetlabs directory Creating empty /run/firejail/mnt/dns-etc/timezone file Creating empty /run/firejail/mnt/dns-etc/locale.gen file Creating empty /run/firejail/mnt/dns-etc/sysctl.conf file Creating empty /run/firejail/mnt/dns-etc/subuid file Creating empty /run/firejail/mnt/dns-etc/subgid file Creating empty /run/firejail/mnt/dns-etc/sudoers file Creating empty /run/firejail/mnt/dns-etc/config-archive directory Creating empty /run/firejail/mnt/dns-etc/vim directory Creating empty /run/firejail/mnt/dns-etc/resolvconf.conf file Creating empty /run/firejail/mnt/dns-etc/ntpd.conf file Creating empty /run/firejail/mnt/dns-etc/bindresvport.blacklist file Creating empty /run/firejail/mnt/dns-etc/netconfig file Creating empty /run/firejail/mnt/dns-etc/wireguard directory Creating empty /run/firejail/mnt/dns-etc/mlocate-cron.conf file Creating empty /run/firejail/mnt/dns-etc/zsh directory Creating empty /run/firejail/mnt/dns-etc/ntp.conf file Creating empty /run/firejail/mnt/dns-etc/eclean directory Creating empty /run/firejail/mnt/dns-etc/revdep-rebuild directory Creating empty /run/firejail/mnt/dns-etc/needrestart directory Creating empty /run/firejail/mnt/dns-etc/syslog-ng directory Creating empty /run/firejail/mnt/dns-etc/mailutils.d directory Creating empty /run/firejail/mnt/dns-etc/smartd_warning.d directory Creating empty /run/firejail/mnt/dns-etc/openldap directory Creating empty /run/firejail/mnt/dns-etc/nginx directory Creating empty /run/firejail/mnt/dns-etc/qemu directory Creating empty /run/firejail/mnt/dns-etc/dracut.conf.d directory Creating empty /run/firejail/mnt/dns-etc/X11 directory Creating empty /run/firejail/mnt/dns-etc/fonts directory Creating empty /run/firejail/mnt/dns-etc/vulkan directory Creating empty /run/firejail/mnt/dns-etc/ImageMagick-7 directory Creating empty /run/firejail/mnt/dns-etc/xdg directory Creating empty /run/firejail/mnt/dns-etc/mpv directory Creating empty /run/firejail/mnt/dns-etc/prelink.conf.d directory Creating empty /run/firejail/mnt/dns-etc/dbus-1 directory Creating empty /run/firejail/mnt/dns-etc/machine-id file Creating empty /run/firejail/mnt/dns-etc/gtk-3.0 directory Creating empty /run/firejail/mnt/dns-etc/gtk-2.0 directory Creating empty /run/firejail/mnt/dns-etc/npm directory Creating empty /run/firejail/mnt/dns-etc/resolv.conf.bak file Creating empty /run/firejail/mnt/dns-etc/rdnssd directory Creating empty /run/firejail/mnt/dns-etc/vdpau_wrapper.cfg file Creating empty /run/firejail/mnt/dns-etc/OpenCL directory Creating empty /run/firejail/mnt/dns-etc/texmf directory Creating empty /run/firejail/mnt/dns-etc/papersize file Creating empty /run/firejail/mnt/dns-etc/containers directory Creating empty /run/firejail/mnt/dns-etc/inittab file Creating empty /run/firejail/mnt/dns-etc/wireless-regdb directory Creating empty /run/firejail/mnt/dns-etc/libnl directory Creating empty /run/firejail/mnt/dns-etc/wpa_supplicant directory Creating empty /run/firejail/mnt/dns-etc/xpra directory Creating empty /run/firejail/mnt/dns-etc/stunnel directory Creating empty /run/firejail/mnt/dns-etc/nagios directory Creating empty /run/firejail/mnt/dns-etc/testssl directory Creating empty /run/firejail/mnt/dns-etc/ethertypes file Creating empty /run/firejail/mnt/dns-etc/lxc directory Creating empty /run/firejail/mnt/dns-etc/cups directory Creating empty /run/firejail/mnt/dns-etc/printcap file Creating empty /run/firejail/mnt/dns-etc/gimp directory Creating empty /run/firejail/mnt/dns-etc/updatedb.conf file Creating empty /run/firejail/mnt/dns-etc/nbdtab file Creating empty /run/firejail/mnt/dns-etc/alsa directory Creating empty /run/firejail/mnt/dns-etc/pulse directory Creating empty /run/firejail/mnt/dns-etc/unbound directory Creating empty /run/firejail/mnt/dns-etc/dnssec directory Creating empty /run/firejail/mnt/dns-etc/unixODBC directory Creating empty /run/firejail/mnt/dns-etc/snmp directory Creating empty /run/firejail/mnt/dns-etc/zabbix directory Creating empty /run/firejail/mnt/dns-etc/btrbk directory Creating empty /run/firejail/mnt/dns-etc/hosts.allow file Creating empty /run/firejail/mnt/dns-etc/rhashrc file Creating empty /run/firejail/mnt/dns-etc/dpkg directory Creating empty /run/firejail/mnt/dns-etc/alternatives directory Creating empty /run/firejail/mnt/dns-etc/avahi directory Creating empty /run/firejail/mnt/dns-etc/man_db.conf file Creating empty /run/firejail/mnt/dns-etc/mailutils.conf file Creating empty /run/firejail/mnt/dns-etc/fuse.conf file Creating empty /run/firejail/mnt/dns-etc/at directory Creating empty /run/firejail/mnt/dns-etc/hosts file Creating empty /run/firejail/mnt/dns-etc/murmur directory Creating empty /run/firejail/mnt/dns-etc/sandbox.conf file Creating empty /run/firejail/mnt/dns-etc/ardour6 directory Creating empty /run/firejail/mnt/dns-etc/detoxrc file Creating empty /run/firejail/mnt/dns-etc/dnsmasq.conf file Creating empty /run/firejail/mnt/dns-etc/rsyncd.conf file Creating empty /run/firejail/mnt/dns-etc/lsb-release file Creating empty /run/firejail/mnt/dns-etc/mbuffer.rc file Creating empty /run/firejail/mnt/dns-etc/smartd_warning.sh file Creating empty /run/firejail/mnt/dns-etc/smartd.conf file Creating empty /run/firejail/mnt/dns-etc/ca-certificates.conf file Creating empty /run/firejail/mnt/dns-etc/environment file Creating empty /run/firejail/mnt/dns-etc/ld.so.conf file Creating empty /run/firejail/mnt/dns-etc/udhcpd.conf file Creating empty /run/firejail/mnt/dns-etc/login.defs file Creating empty /run/firejail/mnt/dns-etc/networks file Creating empty /run/firejail/mnt/dns-etc/profile file Creating empty /run/firejail/mnt/dns-etc/protocols file Creating empty /run/firejail/mnt/dns-etc/services file Creating empty /run/firejail/mnt/dns-etc/shells file Creating empty /run/firejail/mnt/dns-etc/filesystems file Creating empty /run/firejail/mnt/dns-etc/inputrc file Creating empty /run/firejail/mnt/dns-etc/issue file Creating empty /run/firejail/mnt/dns-etc/issue.logo file Creating empty /run/firejail/mnt/dns-etc/gentoo-release file Creating empty /run/firejail/mnt/dns-etc/rmt file Creating empty /run/firejail/mnt/dns-etc/etc-update.conf file Creating empty /run/firejail/mnt/dns-etc/dispatch-conf.conf file Creating empty /run/firejail/mnt/dns-etc/e2fsck.conf file Creating empty /run/firejail/mnt/dns-etc/e2scrub.conf file Creating empty /run/firejail/mnt/dns-etc/mke2fs.conf file Creating empty /run/firejail/mnt/dns-etc/dracut.conf file Creating empty /run/firejail/mnt/dns-etc/dmtab file Creating empty /run/firejail/mnt/dns-etc/conntrackd directory Creating empty /run/firejail/mnt/dns-etc/resolv.conf file Creating empty /run/firejail/mnt/dns-etc/passwd file Creating empty /run/firejail/mnt/dns-etc/libvirt directory Creating empty /run/firejail/mnt/dns-etc/mime.types file Creating empty /run/firejail/mnt/dns-etc/ndppd.conf file Creating empty /run/firejail/mnt/dns-etc/firejail directory Creating empty /run/firejail/mnt/dns-etc/wgetrc file Creating empty /run/firejail/mnt/dns-etc/sudoers.dist file Creating empty /run/firejail/mnt/dns-etc/sudo.conf file Creating empty /run/firejail/mnt/dns-etc/sudo_logsrvd.conf file Creating empty /run/firejail/mnt/dns-etc/dhcpcd.conf file Creating empty /run/firejail/mnt/dns-etc/whois.conf file Creating empty /run/firejail/mnt/dns-etc/initramfs-tools directory Creating empty /run/firejail/mnt/dns-etc/mdadm.conf file Creating empty /run/firejail/mnt/dns-etc/pkcs11 directory Creating empty /run/firejail/mnt/dns-etc/java-config-2 directory Creating empty /run/firejail/mnt/dns-etc/ld.so.preload file Creating empty /run/firejail/mnt/dns-etc/group file Creating empty /run/firejail/mnt/dns-etc/wireplumber directory Creating empty /run/firejail/mnt/dns-etc/DIR_COLORS file Creating empty /run/firejail/mnt/dns-etc/rpc file Creating empty /run/firejail/mnt/dns-etc/gai.conf file Creating empty /run/firejail/mnt/dns-etc/nsswitch.conf file Creating empty /run/firejail/mnt/dns-etc/host.conf file Creating empty /run/firejail/mnt/dns-etc/bees directory Creating empty /run/firejail/mnt/dns-etc/ld.so.cache file Creating empty /run/firejail/mnt/dns-etc/fstab file Creating empty /run/firejail/mnt/dns-etc/profile.env file Creating empty /run/firejail/mnt/dns-etc/csh.env file Mount-bind /run/firejail/mnt/dns-etc on top of /etc Current directory: /home/benaryorg DISPLAY=:0 parsed as 0 Install protocol filter: unix,inet,inet6 configuring 20 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol sbox run: /usr/lib64/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol Dropping all capabilities Drop privileges: pid 8, uid 1000, gid 1000, force_nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 04 00 c000003e jeq ARCH_64 0006 (false 0002) 0002: 20 00 00 00000000 ld data.syscall-number 0003: 15 01 00 00000167 jeq unknown 0005 (false 0004) 0004: 06 00 00 7fff0000 ret ALLOW 0005: 05 00 00 00000006 jmp 000c 0006: 20 00 00 00000004 ld data.architecture 0007: 15 01 00 c000003e jeq ARCH_64 0009 (false 0008) 0008: 06 00 00 7fff0000 ret ALLOW 0009: 20 00 00 00000000 ld data.syscall-number 000a: 15 01 00 00000029 jeq socket 000c (false 000b) 000b: 06 00 00 7fff0000 ret ALLOW 000c: 20 00 00 00000010 ld data.args[0] 000d: 15 00 01 00000001 jeq 1 000e (false 000f) 000e: 06 00 00 7fff0000 ret ALLOW 000f: 15 00 01 00000002 jeq 2 0010 (false 0011) 0010: 06 00 00 7fff0000 ret ALLOW 0011: 15 00 01 0000000a jeq a 0012 (false 0013) 0012: 06 00 00 7fff0000 ret ALLOW 0013: 06 00 00 0005005f ret ERRNO(95) configuring 54 seccomp entries in /run/firejail/mnt/seccomp/seccomp.32 sbox run: /usr/lib64/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.32 Dropping all capabilities Drop privileges: pid 9, uid 1000, gid 1000, force_nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 40000003 jeq ARCH_32 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 15 30 00 00000015 jeq 15 0035 (false 0005) 0005: 15 2f 00 00000034 jeq 34 0035 (false 0006) 0006: 15 2e 00 0000001a jeq 1a 0035 (false 0007) 0007: 15 2d 00 0000011b jeq 11b 0035 (false 0008) 0008: 15 2c 00 00000155 jeq 155 0035 (false 0009) 0009: 15 2b 00 00000156 jeq 156 0035 (false 000a) 000a: 15 2a 00 0000007f jeq 7f 0035 (false 000b) 000b: 15 29 00 00000080 jeq 80 0035 (false 000c) 000c: 15 28 00 0000015e jeq 15e 0035 (false 000d) 000d: 15 27 00 00000081 jeq 81 0035 (false 000e) 000e: 15 26 00 0000006e jeq 6e 0035 (false 000f) 000f: 15 25 00 00000065 jeq 65 0035 (false 0010) 0010: 15 24 00 00000121 jeq 121 0035 (false 0011) 0011: 15 23 00 00000057 jeq 57 0035 (false 0012) 0012: 15 22 00 00000073 jeq 73 0035 (false 0013) 0013: 15 21 00 00000067 jeq 67 0035 (false 0014) 0014: 15 20 00 0000015b jeq 15b 0035 (false 0015) 0015: 15 1f 00 0000015c jeq 15c 0035 (false 0016) 0016: 15 1e 00 00000087 jeq 87 0035 (false 0017) 0017: 15 1d 00 00000095 jeq 95 0035 (false 0018) 0018: 15 1c 00 0000007c jeq 7c 0035 (false 0019) 0019: 15 1b 00 00000157 jeq 157 0035 (false 001a) 001a: 15 1a 00 000000fd jeq fd 0035 (false 001b) 001b: 15 19 00 00000150 jeq 150 0035 (false 001c) 001c: 15 18 00 00000152 jeq 152 0035 (false 001d) 001d: 15 17 00 0000015d jeq 15d 0035 (false 001e) 001e: 15 16 00 0000011e jeq 11e 0035 (false 001f) 001f: 15 15 00 0000011f jeq 11f 0035 (false 0020) 0020: 15 14 00 00000120 jeq 120 0035 (false 0021) 0021: 15 13 00 00000056 jeq 56 0035 (false 0022) 0022: 15 12 00 00000033 jeq 33 0035 (false 0023) 0023: 15 11 00 0000007b jeq 7b 0035 (false 0024) 0024: 15 10 00 000000d9 jeq d9 0035 (false 0025) 0025: 15 0f 00 000000f5 jeq f5 0035 (false 0026) 0026: 15 0e 00 000000f6 jeq f6 0035 (false 0027) 0027: 15 0d 00 000000f7 jeq f7 0035 (false 0028) 0028: 15 0c 00 000000f8 jeq f8 0035 (false 0029) 0029: 15 0b 00 000000f9 jeq f9 0035 (false 002a) 002a: 15 0a 00 00000101 jeq 101 0035 (false 002b) 002b: 15 09 00 00000112 jeq 112 0035 (false 002c) 002c: 15 08 00 00000114 jeq 114 0035 (false 002d) 002d: 15 07 00 00000126 jeq 126 0035 (false 002e) 002e: 15 06 00 0000013d jeq 13d 0035 (false 002f) 002f: 15 05 00 0000013c jeq 13c 0035 (false 0030) 0030: 15 04 00 0000003d jeq 3d 0035 (false 0031) 0031: 15 03 00 00000058 jeq 58 0035 (false 0032) 0032: 15 02 00 000000a9 jeq a9 0035 (false 0033) 0033: 15 01 00 00000082 jeq 82 0035 (false 0034) 0034: 06 00 00 7fff0000 ret ALLOW 0035: 06 00 00 00050001 ret ERRNO(1) Dual 32/64 bit seccomp filter configured configuring 71 seccomp entries in /run/firejail/mnt/seccomp/seccomp sbox run: /usr/lib64/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp Dropping all capabilities Drop privileges: pid 10, uid 1000, gid 1000, force_nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005) 0005: 35 01 00 00000000 jge read 0007 (false 0006) 0006: 06 00 00 00050001 ret ERRNO(1) 0007: 15 3e 00 0000009f jeq adjtimex 0046 (false 0008) 0008: 15 3d 00 00000131 jeq clock_adjtime 0046 (false 0009) 0009: 15 3c 00 000000e3 jeq clock_settime 0046 (false 000a) 000a: 15 3b 00 000000a4 jeq settimeofday 0046 (false 000b) 000b: 15 3a 00 0000009a jeq modify_ldt 0046 (false 000c) 000c: 15 39 00 000000d4 jeq lookup_dcookie 0046 (false 000d) 000d: 15 38 00 0000012a jeq perf_event_open 0046 (false 000e) 000e: 15 37 00 00000137 jeq process_vm_writev 0046 (false 000f) 000f: 15 36 00 000000b0 jeq delete_module 0046 (false 0010) 0010: 15 35 00 00000139 jeq finit_module 0046 (false 0011) 0011: 15 34 00 000000af jeq init_module 0046 (false 0012) 0012: 15 33 00 000000a1 jeq chroot 0046 (false 0013) 0013: 15 32 00 000000a5 jeq mount 0046 (false 0014) 0014: 15 31 00 0000009b jeq pivot_root 0046 (false 0015) 0015: 15 30 00 000000a6 jeq umount2 0046 (false 0016) 0016: 15 2f 00 0000009c jeq _sysctl 0046 (false 0017) 0017: 15 2e 00 000000b7 jeq afs_syscall 0046 (false 0018) 0018: 15 2d 00 000000ae jeq create_module 0046 (false 0019) 0019: 15 2c 00 000000b1 jeq get_kernel_syms 0046 (false 001a) 001a: 15 2b 00 000000b5 jeq getpmsg 0046 (false 001b) 001b: 15 2a 00 000000b6 jeq putpmsg 0046 (false 001c) 001c: 15 29 00 000000b2 jeq query_module 0046 (false 001d) 001d: 15 28 00 000000b9 jeq security 0046 (false 001e) 001e: 15 27 00 0000008b jeq sysfs 0046 (false 001f) 001f: 15 26 00 000000b8 jeq tuxcall 0046 (false 0020) 0020: 15 25 00 00000086 jeq uselib 0046 (false 0021) 0021: 15 24 00 00000088 jeq ustat 0046 (false 0022) 0022: 15 23 00 000000ec jeq vserver 0046 (false 0023) 0023: 15 22 00 000000ad jeq ioperm 0046 (false 0024) 0024: 15 21 00 000000ac jeq iopl 0046 (false 0025) 0025: 15 20 00 000000f6 jeq kexec_load 0046 (false 0026) 0026: 15 1f 00 00000140 jeq kexec_file_load 0046 (false 0027) 0027: 15 1e 00 000000a9 jeq reboot 0046 (false 0028) 0028: 15 1d 00 000000a7 jeq swapon 0046 (false 0029) 0029: 15 1c 00 000000a8 jeq swapoff 0046 (false 002a) 002a: 15 1b 00 00000130 jeq open_by_handle_at 0046 (false 002b) 002b: 15 1a 00 0000012f jeq name_to_handle_at 0046 (false 002c) 002c: 15 19 00 000000fb jeq ioprio_set 0046 (false 002d) 002d: 15 18 00 00000067 jeq syslog 0046 (false 002e) 002e: 15 17 00 0000012c jeq fanotify_init 0046 (false 002f) 002f: 15 16 00 000000f8 jeq add_key 0046 (false 0030) 0030: 15 15 00 000000f9 jeq request_key 0046 (false 0031) 0031: 15 14 00 000000ed jeq mbind 0046 (false 0032) 0032: 15 13 00 00000100 jeq migrate_pages 0046 (false 0033) 0033: 15 12 00 00000117 jeq move_pages 0046 (false 0034) 0034: 15 11 00 000000fa jeq keyctl 0046 (false 0035) 0035: 15 10 00 000000ce jeq io_setup 0046 (false 0036) 0036: 15 0f 00 000000cf jeq io_destroy 0046 (false 0037) 0037: 15 0e 00 000000d0 jeq io_getevents 0046 (false 0038) 0038: 15 0d 00 000000d1 jeq io_submit 0046 (false 0039) 0039: 15 0c 00 000000d2 jeq io_cancel 0046 (false 003a) 003a: 15 0b 00 000000d8 jeq remap_file_pages 0046 (false 003b) 003b: 15 0a 00 00000143 jeq userfaultfd 0046 (false 003c) 003c: 15 09 00 000000a3 jeq acct 0046 (false 003d) 003d: 15 08 00 00000141 jeq bpf 0046 (false 003e) 003e: 15 07 00 000000b4 jeq nfsservctl 0046 (false 003f) 003f: 15 06 00 000000ab jeq setdomainname 0046 (false 0040) 0040: 15 05 00 000000aa jeq sethostname 0046 (false 0041) 0041: 15 04 00 00000099 jeq vhangup 0046 (false 0042) 0042: 15 03 00 00000065 jeq ptrace 0046 (false 0043) 0043: 15 02 00 00000087 jeq personality 0046 (false 0044) 0044: 15 01 00 00000136 jeq process_vm_readv 0046 (false 0045) 0045: 06 00 00 7fff0000 ret ALLOW 0046: 06 00 00 00050001 ret ERRNO(1) seccomp filter configured Mounting read-only /run/firejail/mnt/seccomp 626 113 0:1350 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755,inode64 mountid=626 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs Seccomp directory: ls /run/firejail/mnt/seccomp drwxr-xr-x root root 160 . drwxr-xr-x root root 240 .. -rw-r--r-- benaryor benaryor 568 seccomp -rw-r--r-- benaryor benaryor 432 seccomp.32 -rw-r--r-- benaryor benaryor 114 seccomp.list -rw-r--r-- benaryor benaryor 0 seccomp.postexec -rw-r--r-- benaryor benaryor 0 seccomp.postexec32 -rw-r--r-- benaryor benaryor 160 seccomp.protocol Active seccomp files: cat /run/firejail/mnt/seccomp/seccomp.list /run/firejail/mnt/seccomp/seccomp.protocol /run/firejail/mnt/seccomp/seccomp.32 /run/firejail/mnt/seccomp/seccomp Dropping all capabilities noroot user namespace installed Dropping all capabilities NO_NEW_PRIVS set Drop privileges: pid 1, uid 1000, gid 1000, force_nogroups 0 Supplementary groups: 5 18 19 Closing non-standard file descriptors Starting application LD_PRELOAD=(null) Running 'ls' '-sahl' '/home/benaryorg/.local/run' command through /bin/zsh execvp argument 0: /bin/zsh execvp argument 1: -c execvp argument 2: 'ls' '-sahl' '/home/benaryorg/.local/run' Child process initialized in 76.63 ms Installing /run/firejail/mnt/seccomp/seccomp seccomp filter Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter ls: cannot access '/home/benaryorg/.local/run': No such file or directory monitoring pid 11 Sandbox monitor: waitpid 11 retval 11 status 512 Parent is shutting down, bye... ``` </p> </details>

gitea-mirror commented 2026-05-05 09:31:52 -06:00

Author

Owner

Copy link

@kmk3 commented on GitHub (Mar 28, 2022):

@benaryorg commented on Mar 28:

Expected behavior

I would expect --whitelist to either work even when --private is used, or
to have any equivalent mechanism of getting a file or directory within such
an environment. Note that specifically in this use-case the socket in
question needs to work, so something that copies files may not work as
expected.

Actual behavior

The file specified using whitelist was not present at all, and no arguments
seem to be present that allow to add it to the sandbox.

Possibly related:

• #903
• #5052

<!-- gh-comment-id:1081098103 --> @kmk3 commented on GitHub (Mar 28, 2022): @benaryorg commented [on Mar 28](https://github.com/netblue30/firejail/issues/5080#issue-1183895538): > ### Expected behavior > > I would expect `--whitelist` to either work even when `--private` is used, or > to have any equivalent mechanism of getting a file or directory within such > an environment. Note that specifically in this use-case the socket in > question needs to work, so something that copies files may not work as > expected. > > ### Actual behavior > > The file specified using `whitelist` was not present at all, and no arguments > seem to be present that allow to add it to the sandbox. Possibly related: * #903 * #5052

gitea-mirror commented 2026-05-05 09:31:53 -06:00

Author

Owner

Copy link

@rusty-snake commented on GitHub (Mar 29, 2022):

I would expect --whitelist to either work even when --private is used

Then you do not need to use --private because that what --whitelist already is.

To quote myself "private should always mean private and nothing else".

However what we can (and likely should) do is speical handling for XDG_RUNTIME_DIR like we already have for .Xauthority.
070e78a889/src/firejail/fs_home.c (L434-L435)

<!-- gh-comment-id:1081924143 --> @rusty-snake commented on GitHub (Mar 29, 2022): > I would expect --whitelist to either work even when --private is used Then you do not need to use `--private` because that what `--whitelist` already is. To quote myself "`private` should always mean `private` and nothing else". However what we can (and likely should) do is speical handling for `XDG_RUNTIME_DIR` like we already have for `.Xauthority`. https://github.com/netblue30/firejail/blob/070e78a8892d86687a1a3e74262628ee9c562c46/src/firejail/fs_home.c#L434-L435

gitea-mirror referenced this issue 2026-05-05 10:22:28 -06:00

[PR #2870] [CLOSED] Adding sort.py to .travis.yml #4563

gitea-mirror referenced this issue 2026-05-05 10:23:11 -06:00

[PR #2973] [MERGED] Adding sort.py to GitLab CI #4602

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

serialize_remounts_v2

landlock_v4

landlock

release-0.9.64

release-0.9.62

gitlab_ci

LTSbase

fred_ctests

docs

0.9.80

0.9.80-rc1

0.9.78

0.9.76

0.9.76-rc4

0.9.76-rc3

0.9.76-rc2

0.9.76-rc1

0.9.74

landlock-split

0.9.72

0.9.72rc1

0.9.70

0.9.68

0.9.68rc1

0.9.66

0.9.66rc1

0.9.64.4

0.9.64.2

0.9.64

0.9.64rc1

0.9.62.4

0.9.62.2

0.9.62

0.9.56.2-LTS

0.9.60

0.9.60-rc1

0.9.58.2

0.9.58

0.9.58-rc1

0.9.56-LTS-release

0.9.56-LTS

0.9.56

0.9.56-rc1

0.9.54

0.9.54-rc2

0.9.54-rc1

0.9.52

0.9.38.12

0.9.50

0.9.50-rc1

0.9.48

0.9.46

0.9.46-rc1

0.9.44.10

0.9.44.8

0.9.44.6

0.9.38.10

0.9.44.4

0.9.38.8

0.9.44.2

0.9.44

0.9.44-rc1

0.9.38.4

0.9.42

0.9.42-rc2

0.9.38.2

0.9.42-rc1

disable-globalcfg

0.9.40

0.9.40-rc1

0.9.38

0.9.38-rc1

0.9.36

0.9.36-rc1

0.9.34

0.9.34-rc1

0.9.32

0.9.32-rc1

0.9.30

0.9.30-rc1

Labels

Clear labels   

LTS merge

  

LTS merge

  

bug

  

bug

  

converted-to-discussion

  

doc-todo

  

documentation

  

duplicate

  

enhancement

  

file-transfer

  

firecfg

  

firejail-in-firejail

  

firetools

  

graphics

  

help wanted

  

information_old

  

installation

  

invalid

  

modif

  

moved

  

needinfo

  

networking

  

notabug

  

notourbug

  

old-version

  

overlayfs

  

packaging

  

profile-request

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question_old

  

removal

  

runtime-permissions

  

sandbox-ipc

  

security

  

stale

  

wiki

  

wiki

  

wontfix

  

wordpress

  

workaround

No labels

LTS merge

LTS merge

bug

bug

converted-to-discussion

doc-todo

documentation

duplicate

enhancement

file-transfer

firecfg

firejail-in-firejail

firetools

graphics

help wanted

information_old

installation

invalid

modif

moved

needinfo

networking

notabug

notourbug

old-version

overlayfs

packaging

profile-request

pull-request

question

question_old

removal

runtime-permissions

sandbox-ipc

security

stale

wiki

wiki

wontfix

wordpress

workaround

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2870

No description provided.