github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #6112] man: cannot use nvim as man pager #3185

New issue
Open
opened 2026-05-05 09:48:17 -06:00 by gitea-mirror · 13 comments
gitea-mirror commented 2026-05-05 09:48:17 -06:00
Owner
Copy link

Originally created by @ShellCode33 on GitHub (Nov 30, 2023).
Original GitHub issue: https://github.com/netblue30/firejail/issues/6112

Description

I'm unable to use nvim as man pager.

Steps to Reproduce

MANPAGER='nvim +Man!' firejail /usr/bin/man sendfile

Expected behavior

To show the man page.

Actual behavior

nvim: error while loading shared libraries: libluajit-5.1.so.2: cannot open shared object file: Permission denied
/usr/bin/man: command exited with status 127: sed -e '/^[[:space:]]*$/{ N; /^[[:space:]]*\n[[:space:]]*$/D; }' | LESS=-ix8RmPm Manual page sendfile(2) ?ltline %lt?L/%L.:byte %bB?s/%s..?e (END):?pB %pB\%.. (press h for help or q to quit)$PM Manual page sendfile(2) ?ltline %lt?L/%L.:byte %bB?s/%s..?e (END):?pB %pB\%.. (press h for help or q to quit)$ MAN_PN=sendfile(2) nvim +Man!

Behavior without a profile

Works fine.

Additional context

I tried to create a man.local with the following content with no luck (I'm not familiar at all with Firejail):

private-bin apropos,bash,cat,catman,col,gpreconv,groff,grotty,gunzip,gzip,less,man,most,nroff,preconv,sed,sh,tbl,tr,troff,whatis,which,xtotroff,zcat,zsoelim,nvim
whitelist /usr/lib/libluajit-*

(notice the nvim at the end of the private-bin statement)

Not sure it's relevant but just in case:

$ ldd /usr/bin/nvim
        linux-vdso.so.1 (0x000060215a8b2000)
        libluv.so.1 => /usr/lib/libluv.so.1 (0x000060215a3b1000)
        libtermkey.so.1 => /usr/lib/libtermkey.so.1 (0x000060215a3a5000)
        libvterm.so.0 => /usr/lib/libvterm.so.0 (0x000060215a392000)
        libmsgpackc.so.2 => /usr/lib/libmsgpackc.so.2 (0x000060215a389000)
        libtree-sitter.so.0 => /usr/lib/libtree-sitter.so.0 (0x000060215a35b000)
        libunibilium.so.4 => /usr/lib/libunibilium.so.4 (0x000060215a346000)
        libluajit-5.1.so.2 => /usr/lib/libluajit-5.1.so.2 (0x000060215a2b3000)
        libm.so.6 => /usr/lib/libm.so.6 (0x000060215a1c6000)
        libuv.so.1 => /usr/lib/libuv.so.1 (0x000060215a192000)
        libgcc_s.so.1 => /usr/lib/libgcc_s.so.1 (0x000060215a16d000)
        libc.so.6 => /usr/lib/libc.so.6 (0x0000602159f8b000)
        /lib64/ld-linux-x86-64.so.2 => /usr/lib64/ld-linux-x86-64.so.2 (0x000060215a8b4000)

Environment

  • ArchLinux with hardened kernel from GraphenOS
  • Firejail version: 0.9.72

Checklist

  • The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it).
  • I can reproduce the issue without custom modifications (e.g. globals.local).
  • The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
  • The profile (and redirect profile if exists) hasn't already been fixed upstream.
  • I have performed a short search for similar issues (to avoid opening a duplicate).

Log

Output of LC_ALL=C firejail /path/to/program 

See above

Output of LC_ALL=C firejail --debug /path/to/program 

Leaks a lot, I can send it in private if need be

Originally created by @ShellCode33 on GitHub (Nov 30, 2023). Original GitHub issue: https://github.com/netblue30/firejail/issues/6112 ### Description I'm unable to use nvim as man pager. ### Steps to Reproduce ``` MANPAGER='nvim +Man!' firejail /usr/bin/man sendfile ``` ### Expected behavior To show the man page. ### Actual behavior ``` nvim: error while loading shared libraries: libluajit-5.1.so.2: cannot open shared object file: Permission denied /usr/bin/man: command exited with status 127: sed -e '/^[[:space:]]*$/{ N; /^[[:space:]]*\n[[:space:]]*$/D; }' | LESS=-ix8RmPm Manual page sendfile(2) ?ltline %lt?L/%L.:byte %bB?s/%s..?e (END):?pB %pB\%.. (press h for help or q to quit)$PM Manual page sendfile(2) ?ltline %lt?L/%L.:byte %bB?s/%s..?e (END):?pB %pB\%.. (press h for help or q to quit)$ MAN_PN=sendfile(2) nvim +Man! ``` ### Behavior without a profile Works fine. ### Additional context I tried to create a `man.local` with the following content with no luck (I'm not familiar at all with Firejail): ``` private-bin apropos,bash,cat,catman,col,gpreconv,groff,grotty,gunzip,gzip,less,man,most,nroff,preconv,sed,sh,tbl,tr,troff,whatis,which,xtotroff,zcat,zsoelim,nvim whitelist /usr/lib/libluajit-* ``` (notice the `nvim` at the end of the `private-bin` statement) Not sure it's relevant but just in case: ``` $ ldd /usr/bin/nvim linux-vdso.so.1 (0x000060215a8b2000) libluv.so.1 => /usr/lib/libluv.so.1 (0x000060215a3b1000) libtermkey.so.1 => /usr/lib/libtermkey.so.1 (0x000060215a3a5000) libvterm.so.0 => /usr/lib/libvterm.so.0 (0x000060215a392000) libmsgpackc.so.2 => /usr/lib/libmsgpackc.so.2 (0x000060215a389000) libtree-sitter.so.0 => /usr/lib/libtree-sitter.so.0 (0x000060215a35b000) libunibilium.so.4 => /usr/lib/libunibilium.so.4 (0x000060215a346000) libluajit-5.1.so.2 => /usr/lib/libluajit-5.1.so.2 (0x000060215a2b3000) libm.so.6 => /usr/lib/libm.so.6 (0x000060215a1c6000) libuv.so.1 => /usr/lib/libuv.so.1 (0x000060215a192000) libgcc_s.so.1 => /usr/lib/libgcc_s.so.1 (0x000060215a16d000) libc.so.6 => /usr/lib/libc.so.6 (0x0000602159f8b000) /lib64/ld-linux-x86-64.so.2 => /usr/lib64/ld-linux-x86-64.so.2 (0x000060215a8b4000) ``` ### Environment - ArchLinux with hardened kernel from GraphenOS - Firejail version: 0.9.72 ### Checklist - [x] The issues is caused by firejail (i.e. running the program by path (e.g. `/usr/bin/vlc`) "fixes" it). - [x] I can reproduce the issue without custom modifications (e.g. globals.local). - [x] The program has a profile. (If not, request one in `https://github.com/netblue30/firejail/issues/1139`) - [x] The profile (and redirect profile if exists) hasn't already been fixed [upstream](https://github.com/netblue30/firejail/tree/master/etc). - [x] I have performed a short search for similar issues (to avoid opening a duplicate). ### Log <details> <summary>Output of <code>LC_ALL=C firejail /path/to/program</code></summary> <p> ``` See above ``` </p> </details> <details> <summary>Output of <code>LC_ALL=C firejail --debug /path/to/program</code></summary> <p> ``` Leaks a lot, I can send it in private if need be ``` </p> </details>
gitea-mirror commented 2026-05-05 09:48:19 -06:00
Author
Owner
Copy link

@ghost commented on GitHub (Nov 30, 2023):

nvim: error while loading shared libraries: libluajit-5.1.so.2: cannot open shared object file: Permission denied

Lua is blacklisted in disable-interpreters.inc (as are others):

8f55f6c9ab/etc/inc/disable-interpreters.inc (L13-L20)

You probably just need to allow it in the man sandbox. Try include allow-lua.inc in your man.local.

<!-- gh-comment-id:1833251342 --> @ghost commented on GitHub (Nov 30, 2023): > nvim: error while loading shared libraries: libluajit-5.1.so.2: cannot open shared object file: Permission denied Lua is blacklisted in `disable-interpreters.inc` (as are others): https://github.com/netblue30/firejail/blob/8f55f6c9ab819f0a2883ea07955b0db3db859022/etc/inc/disable-interpreters.inc#L13-L20 You probably just need to allow it in the man sandbox. Try `include allow-lua.inc` in your `man.local`.
gitea-mirror commented 2026-05-05 09:48:20 -06:00
Author
Owner
Copy link

@ShellCode33 commented on GitHub (Nov 30, 2023):

It's better now, thanks a lot !

However I have new errors now, the man page opens, but is not displayed properly :

image

Here's the error I have:

Error detected while processing /etc/xdg/nvim/sysinit.vim:
line    2:
E484: Can't open file /usr/share/nvim/archlinux.vim
E484: Can't open file /usr/share/nvim/syntax/syntax.vim
E886: System error while opening ShaDa file /home/shellcode/.local/state/nvim/shada/main.shada for reading: permission denied
E303: Unable to create directory "/home/shellcode/.local/state/nvim/swap" for swap file, recovery impossible: permission denied
E303: Unable to open swap file for "[No Name]", recovery impossible

In man.local I tried to include nvim.profile but it doesn't seem to work. Any idea ?

<!-- gh-comment-id:1833746092 --> @ShellCode33 commented on GitHub (Nov 30, 2023): It's better now, thanks a lot ! However I have new errors now, the man page opens, but is not displayed properly : ![image](https://github.com/netblue30/firejail/assets/8455652/d6a271d5-b0fe-44c6-a3d7-00cf6c8b1067) Here's the error I have: ``` Error detected while processing /etc/xdg/nvim/sysinit.vim: line 2: E484: Can't open file /usr/share/nvim/archlinux.vim E484: Can't open file /usr/share/nvim/syntax/syntax.vim E886: System error while opening ShaDa file /home/shellcode/.local/state/nvim/shada/main.shada for reading: permission denied E303: Unable to create directory "/home/shellcode/.local/state/nvim/swap" for swap file, recovery impossible: permission denied E303: Unable to open swap file for "[No Name]", recovery impossible ``` In `man.local` I tried to `include nvim.profile` but it doesn't seem to work. Any idea ?
gitea-mirror commented 2026-05-05 09:48:21 -06:00
Author
Owner
Copy link

@ghost commented on GitHub (Nov 30, 2023):

In man.local I tried to include nvim.profile but it doesn't seem to work. Any idea ?

Yeah that won't work, but you're on the right track. You only need to cherrypick the nvim configuration paths and add those into man.local:

$ cat ~/.config/firejail/man.local
include allow-lua.inc

noblacklist ${HOME}/.vim
noblacklist ${HOME}/.vimrc
noblacklist ${HOME}/.cache/nvim
noblacklist ${HOME}/.config/nvim
noblacklist ${HOME}/.local/share/nvim
noblacklist ${HOME}/.local/state/nvim

whitelist /usr/share/nvim

What does that do?

<!-- gh-comment-id:1833892019 --> @ghost commented on GitHub (Nov 30, 2023): > In man.local I tried to include nvim.profile but it doesn't seem to work. Any idea ? Yeah that won't work, but you're on the right track. You only need to cherrypick the nvim configuration paths and add those into man.local: ```sh $ cat ~/.config/firejail/man.local include allow-lua.inc noblacklist ${HOME}/.vim noblacklist ${HOME}/.vimrc noblacklist ${HOME}/.cache/nvim noblacklist ${HOME}/.config/nvim noblacklist ${HOME}/.local/share/nvim noblacklist ${HOME}/.local/state/nvim whitelist /usr/share/nvim ``` What does that do?
gitea-mirror commented 2026-05-05 09:48:22 -06:00
Author
Owner
Copy link

@ShellCode33 commented on GitHub (Nov 30, 2023):

Still no luck, the error is different and doesn't give much information unfortunately:

/usr/bin/man: command exited with status 1: sed -e '/^[[:space:]]*$/{ N; /^[[:space:]]*\n[[:space:]]*$/D; }' | LESS=-ix8RmPm Manual page sendfile(2) ?ltline %lt?L/%L.:byte %bB?s/%s..?e (END):?pB %pB\%.. (press h for help or q to quit)$PM Manual page sendfile(2) ?ltline %lt?L/%L.:byte %bB?s/%s..?e (END):?pB %pB\%.. (press h for help or q to quit)$ MAN_PN=sendfile(2) nvim +Man!

Here's what my man.local looks like:

private-bin apropos,bash,cat,catman,col,gpreconv,groff,grotty,gunzip,gzip,less,man,most,nroff,preconv,sed,sh,tbl,tr,troff,whatis,which,xtotroff,zcat,zsoelim,nvim
include allow-lua.inc

noblacklist ${HOME}/.cache/nvim
noblacklist ${HOME}/.config/nvim
noblacklist ${HOME}/.dotfiles/.config/nvim
noblacklist ${HOME}/.local/share/nvim
noblacklist ${HOME}/.local/state/nvim

whitelist /usr/share/nvim

Is there a way to know exactly what is being denied ? I tried to use something like:

MANPAGER='nvim +Man!' firejail --allow-debuggers --profile=man strace /usr/bin/man sendfile

With no luck.

Here's the output of MANPAGER='nvim +Man!' firejail --debug /usr/bin/man sendfile :

Log 
Reading profile /etc/firejail/man.profile
Building quoted command line: '/usr/bin/man' 'sendfile' 
Command name #man#
Found man.profile profile in /etc/firejail directory
Reading profile /etc/firejail/man.local
Found man.local profile in /etc/firejail directory
Reading profile /etc/firejail/allow-lua.inc
Found allow-lua.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-common.inc
Found disable-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-devel.inc
Found disable-devel.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-exec.inc
Found disable-exec.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-interpreters.inc
Found disable-interpreters.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-programs.inc
Found disable-programs.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-xdg.inc
Found disable-xdg.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-runuser-common.inc
Found whitelist-runuser-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Found whitelist-usr-share-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-var-common.inc
Found whitelist-var-common.inc profile in /etc/firejail directory
[profile] combined protocol list: "unix"
DISPLAY is not set
Parent pid 122090, child pid 122091
Enabling IPC namespace
Enabling IPC namespace
Initializing child process
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp directory
Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp/seccomp.namespaces file
Creating empty /run/firejail/mnt/seccomp/seccomp.namespaces.32 file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file
sbox run: /run/firejail/lib/fnet ifup lo 
Network namespace enabled, only loopback interface available
Build protocol filter: unix
sbox run: /run/firejail/lib/fseccomp protocol build unix /run/firejail/mnt/seccomp/seccomp.protocol 
Mounting /proc filesystem representing the PID namespace
Basic read-only filesystem:
Mounting read-only /etc
1731 1204 0:26 /@/etc /etc ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1731 fsname=/@/etc dir=/etc fstype=btrfs
Mounting noexec /etc
1732 1731 0:26 /@/etc /etc ro,nosuid,nodev,noexec,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1732 fsname=/@/etc dir=/etc fstype=btrfs
Mounting read-only /var
1738 1733 0:26 /@var-log /var/log rw,noatime,nodiratime master:60 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=661,subvol=/@var-log
mountid=1738 fsname=/@var-log dir=/var/log fstype=btrfs
Mounting read-only /var/cache/pacman/pkg
1739 1734 0:26 /@cache-pacman-pkgs /var/cache/pacman/pkg ro,noatime,nodiratime master:50 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=665,subvol=/@cache-pacman-pkgs
mountid=1739 fsname=/@cache-pacman-pkgs dir=/var/cache/pacman/pkg fstype=btrfs
Mounting read-only /var/lib/docker
1740 1735 0:26 /@docker /var/lib/docker ro,noatime,nodiratime master:52 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=664,subvol=/@docker
mountid=1740 fsname=/@docker dir=/var/lib/docker fstype=btrfs
Mounting read-only /var/lib/libvirt
1741 1736 0:26 /@libvirt /var/lib/libvirt ro,noatime,nodiratime master:54 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=663,subvol=/@libvirt
mountid=1741 fsname=/@libvirt dir=/var/lib/libvirt fstype=btrfs
Mounting read-only /var/tmp
1742 1737 0:26 /@var-tmp /var/tmp ro,noatime,nodiratime master:58 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=662,subvol=/@var-tmp
mountid=1742 fsname=/@var-tmp dir=/var/tmp fstype=btrfs
Mounting read-only /var/log
1743 1738 0:26 /@var-log /var/log ro,noatime,nodiratime master:60 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=661,subvol=/@var-log
mountid=1743 fsname=/@var-log dir=/var/log fstype=btrfs
Mounting noexec /var
1754 1753 0:26 /@var-log /var/log ro,noatime,nodiratime master:60 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=661,subvol=/@var-log
mountid=1754 fsname=/@var-log dir=/var/log fstype=btrfs
Mounting noexec /var/cache/pacman/pkg
1755 1746 0:26 /@cache-pacman-pkgs /var/cache/pacman/pkg ro,nosuid,nodev,noexec,noatime,nodiratime master:50 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=665,subvol=/@cache-pacman-pkgs
mountid=1755 fsname=/@cache-pacman-pkgs dir=/var/cache/pacman/pkg fstype=btrfs
Mounting noexec /var/lib/docker
1756 1748 0:26 /@docker /var/lib/docker ro,nosuid,nodev,noexec,noatime,nodiratime master:52 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=664,subvol=/@docker
mountid=1756 fsname=/@docker dir=/var/lib/docker fstype=btrfs
Mounting noexec /var/lib/libvirt
1757 1750 0:26 /@libvirt /var/lib/libvirt ro,nosuid,nodev,noexec,noatime,nodiratime master:54 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=663,subvol=/@libvirt
mountid=1757 fsname=/@libvirt dir=/var/lib/libvirt fstype=btrfs
Mounting noexec /var/tmp
1758 1752 0:26 /@var-tmp /var/tmp ro,nosuid,nodev,noexecWarning: file gpreconv not found
,noatime,nodiratime master:58 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=662,subvol=/@var-tmp
mountid=1758 fsname=/@var-tmp dir=/var/tmp fstype=btrfs
Mounting noexec /var/log
1759 1754 0:26 /@var-log /var/log ro,nosuid,nodev,noexec,noatime,nodiratime master:60 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=661,subvol=/@var-log
mountid=1759 fsname=/@var-log dir=/var/log fstype=btrfs
Mounting read-only /usr
1760 1204 0:26 /@/usr /usr ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1760 fsname=/@/usr dir=/usr fstype=btrfs
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Create the new utmp file
Mount the new utmp file
Generating a new machine-id
installing a new /etc/machine-id
Cleaning /home directory
Cleaning /run/user directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /run/firejail/sandbox
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/profile
Disable /run/firejail/x11
Mounting tmpfs on /dev
Process /dev/shm directory
Copying files in the new bin directory
Checking /usr/local/bin/apropos
Checking /usr/bin/apropos
sbox run: /run/firejail/lib/fcopy /usr/bin/whatis /run/firejail/mnt/bin 
sbox run: /run/firejail/lib/fcopy /usr/bin/apropos /run/firejail/mnt/bin 
Checking /usr/local/bin/bash
Checking /usr/bin/bash
sbox run: /run/firejail/lib/fcopy /usr/bin/bash /run/firejail/mnt/bin 
Checking /usr/local/bin/cat
Checking /usr/bin/cat
sbox run: /run/firejail/lib/fcopy /usr/bin/cat /run/firejail/mnt/bin 
Checking /usr/local/bin/catman
Checking /usr/bin/catman
sbox run: /run/firejail/lib/fcopy /usr/bin/catman /run/firejail/mnt/bin 
Checking /usr/local/bin/col
Checking /usr/bin/col
sbox run: /run/firejail/lib/fcopy /usr/bin/col /run/firejail/mnt/bin 
Checking /usr/local/bin/gpreconv
Checking /usr/bin/gpreconv
Checking /bin/gpreconv
Checking /usr/games/gpreconv
Checking /usr/local/games/gpreconv
Checking /usr/local/sbin/gpreconv
Checking /usr/sbin/gpreconv
Checking /sbin/gpreconv
Checking /usr/local/bin/groff
Checking /usr/bin/groff
sbox run: /run/firejail/lib/fcopy /usr/bin/groff /run/firejail/mnt/bin 
Checking /usr/local/bin/grotty
Checking /usr/bin/grotty
sbox run: /run/firejail/lib/fcopy /usr/bin/grotty /run/firejail/mnt/bin 
Checking /usr/local/bin/gunzip
Checking /usr/bin/gunzip
sbox run: /run/firejail/lib/fcopy /usr/bin/gunzip /run/firejail/mnt/bin 
Checking /usr/local/bin/gzip
Checking /usr/bin/gzip
sbox run: /run/firejail/lib/fcopy /usr/bin/gzip /run/firejail/mnt/bin 
Checking /usr/local/bin/less
Checking /usr/bin/less
sbox run: /run/firejail/lib/fcopy /usr/bin/less /run/firejail/mnt/bin 
Checking /usr/local/bin/man
Checking /usr/bin/man
sbox run: /run/firejail/lib/fcopy /usr/bin/man /run/firejail/mnt/bin 
Checking /usr/local/bin/most
Checking /usr/bin/most
sbox run: /run/firejail/lib/fcopy /usr/bin/most /run/firejail/mnt/bin 
Checking /usr/local/bin/nroff
Checking /usr/bin/nroff
sbox run: /run/firejail/lib/fcopy /usr/bin/nroff /run/firejail/mnt/bin 
Checking /usr/local/bin/preconv
Checking /usr/bin/preconv
sbox run: /run/firejail/lib/fcopy /usr/bin/preconv /run/firejail/mnt/bin 
Checking /usr/local/bin/sed
Checking /usr/bin/sed
sbox run: /run/firejail/lib/fcopy /usr/bin/sed /run/firejail/mnt/bin 
Checking /usr/local/bin/sh
Checking /usr/bin/sh
sbox run: /run/firejail/lib/fcopy /usr/bin/dash /run/firejail/mnt/bin 
sbox run: /run/firejail/lib/fcopy /usr/bin/sh /run/firejail/mnt/bin 
Checking /usr/local/bin/tbl
Checking /usr/bin/tbl
sbox run: /run/firejail/lib/fcopy /usr/bin/tbl /run/firejail/mnt/bin 
Checking /usr/local/bin/tr
Checking /usr/bin/tr
sbox run: /run/firejail/lib/fcopy /usr/bin/tr /run/firejail/mnt/bin 
Checking /usr/local/bin/troff
Checking /usr/bin/troff
sbox run: /run/firejail/lib/fcopy /usr/bin/troff /run/firejail/mnt/bin 
Checking /usr/local/bin/whatis
Checking /usr/bin/whatis
sbox run: /run/firejail/lib/fcopy /usr/bin/whatis /run29 programs installed in 93.30 ms
/firejail/mnt/bin 
Checking /usr/local/bin/which
Checking /usr/bin/which
sbox run: /run/firejail/lib/fcopy /usr/bin/which /run/firejail/mnt/bin 
Checking /usr/local/bin/xtotroff
Checking /usr/bin/xtotroff
sbox run: /run/firejail/lib/fcopy /usr/bin/xtotroff /run/firejail/mnt/bin 
Checking /usr/local/bin/zcat
Checking /usr/bin/zcat
sbox run: /run/firejail/lib/fcopy /usr/bin/zcat /run/firejail/mnt/bin 
Checking /usr/local/bin/zsoelim
Checking /usr/bin/zsoelim
sbox run: /run/firejail/lib/fcopy /usr/bin/soelim /run/firejail/mnt/bin 
sbox run: /run/firejail/lib/fcopy /usr/bin/zsoelim /run/firejail/mnt/bin 
Checking /usr/local/bin/nvim
Checking /usr/bin/nvim
sbox run: /run/firejail/lib/fcopy /usr/bin/nvim /run/firejail/mnt/bin 
Checking /usr/local/bin/strace
Checking /usr/bin/strace
sbox run: /run/firejail/lib/fcopy /usr/bin/strace /run/firejail/mnt/bin 
Mount-bind /run/firejail/mnt/bin on top of /usr/local/bin
Mount-bind /run/firejail/mnt/bin on top of /usr/bin
Mount-bind /run/firejail/mnt/bin on top of /bin
Mount-bind /run/firejail/mnt/bin on top of /usr/local/games
Mount-bind /run/firejail/mnt/bin on top of /usr/local/sbin
Mount-bind /run/firejail/mnt/bin on top of /usr/sbin
Mount-bind /run/firejail/mnt/bin on top of /sbin
Warning: file /etc/alternatives not found.
Warning: skipping alternatives for private /etc
Warning: file /etc/groff not found.
Warning: skipping groff for private /etc
Warning: file /etc/ld.so.preload not found.
Warning: skipping ld.so.preload for private /etc
Warning: file /etc/locale not found.
Warning: skipping locale for private /etc
Warning: file /etc/locale.alias not found.
Warning: skipping locale.alias for private /etc
Warning: file /etc/manpath.config not found.
Warning: skipping manpath.config for private /etc
Warning: file /etc/selinux not found.
Warning: skipping selinux for private /etc
Warning: file /etc/sysless not found.
Warning: skipping sysless for private /etc
Private /etc installed in 17.42 ms
Creating empty /run/firejail/mnt/dbus directory
Creating empty /run/firejail/mnt/dbus/user file
blacklist /run/user/1000/bus
Creating empty /run/firejail/mnt/dbus/system file
blacklist /run/dbus/system_bus_socket
blacklist /run/firejail/dbus
Mounting read-only /proc/sys
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/power
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/timer_list
Disable /proc/kallsyms
Disable /usr/lib/modules (requested /lib/modules)
Disable /boot
Disable /run/user/1000/gnupg
Disable /run/user/1000/systemd
Disable /proc/kmsg
Disable /mnt
Disable /media
Disable /run/mount
Copying files in the new /etc directory:
Copying /etc/fonts to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/fonts /run/firejail/mnt/etc/fonts 
Copying /etc/group to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/group /run/firejail/mnt/etc 
Copying /etc/ld.so.cache to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/ld.so.cache /run/firejail/mnt/etc 
Copying /etc/locale.conf to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/locale.conf /run/firejail/mnt/etc 
Copying /etc/login.defs to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/login.defs /run/firejail/mnt/etc 
Copying /etc/man_db.conf to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/man_db.conf /run/firejail/mnt/etc 
Copying /etc/passwd to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/passwd /run/firejail/mnt/etc 
Copying /etc/xdg to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/xdg /run/firejail/mnt/etc/xdg 
Mount-bind /run/firejail/mnt/etc on top of /etc
Private /usr/etc installed in 0.01 ms
Cannot find /usr/etc: No such file or directory
Mount-bind /run/firejail/mnt/usretc on top of /usr/etc
Cannot find /usr/etc: No such file or directory
Debug 588: whitelist /usr/share/nvim
Debug 609: expanded: /usr/share/nvim
Debug 620: new_name: /usr/share/nvim
Debug 630: dir: /usr/share
Adding whitelist top level directory /usr/share
Debug 588: whitelist /usr/share/groff
Debug 609: expanded: /usr/share/groff
Debug 620: new_name: /usr/share/groff
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/info
Debug 609: expanded: /usr/share/info
Debug 620: new_name: /usr/share/info
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/lintian
Debug 609: expanded: /usr/share/lintian
Debug 620: new_name: /usr/share/lintian
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/lintian
	new_name: /usr/share/lintian
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/man
Debug 609: expanded: /usr/share/man
Debug 620: new_name: /usr/share/man
Debug 630: dir: /usr/share
Debug 588: whitelist /var/cache/man
Debug 609: expanded: /var/cache/man
Debug 620: new_name: /var/cache/man
Debug 630: dir: /var
Adding whitelist top level directory /var
Debug 588: whitelist ${RUNUSER}/bus
Debug 609: expanded: /run/user/1000/bus
Debug 620: new_name: /run/user/1000/bus
Debug 630: dir: /run/user/1000
Adding whitelist top level directory /run/user/1000
Debug 588: whitelist ${RUNUSER}/dconf
Debug 609: expanded: /run/user/1000/dconf
Debug 620: new_name: /run/user/1000/dconf
Debug 630: dir: /run/user/1000
Debug 588: whitelist ${RUNUSER}/gdm/Xauthority
Debug 609: expanded: /run/user/1000/gdm/Xauthority
Debug 620: new_name: /run/user/1000/gdm/Xauthority
Debug 630: dir: /run/user/1000
Removed path: whitelist ${RUNUSER}/gdm/Xauthority
	new_name: /run/user/1000/gdm/Xauthority
	realpath: (null)
	No such file or directory
Debug 588: whitelist ${RUNUSER}/ICEauthority
Debug 609: expanded: /run/user/1000/ICEauthority
Debug 620: new_name: /run/user/1000/ICEauthority
Debug 630: dir: /run/user/1000
Removed path: whitelist ${RUNUSER}/ICEauthority
	new_name: /run/user/1000/ICEauthority
	realpath: (null)
	No such file or directory
Debug 588: whitelist ${RUNUSER}/.mutter-Xwaylandauth.*
Debug 609: expanded: /run/user/1000/.mutter-Xwaylandauth.*
Debug 620: new_name: /run/user/1000/.mutter-Xwaylandauth.*
Debug 630: dir: /run/user/1000
Removed path: whitelist ${RUNUSER}/.mutter-Xwaylandauth.*
	new_name: /run/user/1000/.mutter-Xwaylandauth.*
	realpath: (null)
	No such file or directory
Debug 588: whitelist ${RUNUSER}/pulse/native
Debug 609: expanded: /run/user/1000/pulse/native
Debug 620: new_name: /run/user/1000/pulse/native
Debug 630: dir: /run/user/1000
Debug 588: whitelist ${RUNUSER}/pipewire-?
Debug 609: expanded: /run/user/1000/pipewire-?
Debug 620: new_name: /run/user/1000/pipewire-?
Debug 630: dir: /run/user/1000
Removed path: whitelist ${RUNUSER}/pipewire-?
	new_name: /run/user/1000/pipewire-?
	realpath: (null)
	No such file or directory
Adding new profile command: whitelist /run/user/1000/pipewire-0
Debug 588: whitelist ${RUNUSER}/wayland-?
Debug 609: expanded: /run/user/1000/wayland-?
Debug 620: new_name: /run/user/1000/wayland-?
Debug 630: dir: /run/user/1000
Removed path: whitelist ${RUNUSER}/wayland-?
	new_name: /run/user/1000/wayland-?
	realpath: (null)
	No such file or directory
Adding new profile command: whitelist /run/user/1000/wayland-1
Debug 588: whitelist ${RUNUSER}/xauth_*
Debug 609: expanded: /run/user/1000/xauth_*
Debug 620: new_name: /run/user/1000/xauth_*
Debug 630: dir: /run/user/1000
Removed path: whitelist ${RUNUSER}/xauth_*
	new_name: /run/user/1000/xauth_*
	realpath: (null)
	No such file or directory
Debug 588: whitelist ${RUNUSER}/[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]
Debug 609: expanded: /run/user/1000/[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]
Debug 620: new_name: /run/user/1000/[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]
Debug 630: dir: /run/user/1000
Removed path: whitelist ${RUNUSER}/[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]
	new_name: /run/user/1000/[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]
	realpath: (null)
	File name too long
Debug 588: whitelist /usr/share/alsa
Debug 609: expanded: /usr/share/alsa
Debug 620: new_name: /usr/share/alsa
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/applications
Debug 609: expanded: /usr/share/applications
Debug 620: new_name: /usr/share/applications
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/ca-certificates
Debug 609: expanded: /usr/share/ca-certificates
Debug 620: new_name: /usr/share/ca-certificates
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/crypto-policies
Debug 609: expanded: /usr/share/crypto-policies
Debug 620: new_name: /usr/share/crypto-policies
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/crypto-policies
	new_name: /usr/share/crypto-policies
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/cursors
Debug 609: expanded: /usr/share/cursors
Debug 620: new_name: /usr/share/cursors
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/cursors
	new_name: /usr/share/cursors
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/dconf
Debug 609: expanded: /usr/share/dconf
Debug 620: new_name: /usr/share/dconf
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/dconf
	new_name: /usr/share/dconf
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/distro-info
Debug 609: expanded: /usr/share/distro-info
Debug 620: new_name: /usr/share/distro-info
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/distro-info
	new_name: /usr/share/distro-info
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/drirc.d
Debug 609: expanded: /usr/share/drirc.d
Debug 620: new_name: /usr/share/drirc.d
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/egl
Debug 609: expanded: /usr/share/egl
Debug 620: new_name: /usr/share/egl
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/egl
	new_name: /usr/share/egl
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/enchant
Debug 609: expanded: /usr/share/enchant
Debug 620: new_name: /usr/share/enchant
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/enchant
	new_name: /usr/share/enchant
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/enchant-2
Debug 609: expanded: /usr/share/enchant-2
Debug 620: new_name: /usr/share/enchant-2
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/enchant-2
	new_name: /usr/share/enchant-2
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/file
Debug 609: expanded: /usr/share/file
Debug 620: new_name: /usr/share/file
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/fontconfig
Debug 609: expanded: /usr/share/fontconfig
Debug 620: new_name: /usr/share/fontconfig
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/fonts
Debug 609: expanded: /usr/share/fonts
Debug 620: new_name: /usr/share/fonts
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/fonts-config
Debug 609: expanded: /usr/share/fonts-config
Debug 620: new_name: /usr/share/fonts-config
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/fonts-config
	new_name: /usr/share/fonts-config
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/gir-1.0
Debug 609: expanded: /usr/share/gir-1.0
Debug 620: new_name: /usr/share/gir-1.0
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/gjs-1.0
Debug 609: expanded: /usr/share/gjs-1.0
Debug 620: new_name: /usr/share/gjs-1.0
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/gjs-1.0
	new_name: /usr/share/gjs-1.0
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/glib-2.0
Debug 609: expanded: /usr/share/glib-2.0
Debug 620: new_name: /usr/share/glib-2.0
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/glvnd
Debug 609: expanded: /usr/share/glvnd
Debug 620: new_name: /usr/share/glvnd
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/gtk-2.0
Debug 609: expanded: /usr/share/gtk-2.0
Debug 620: new_name: /usr/share/gtk-2.0
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/gtk-3.0
Debug 609: expanded: /usr/share/gtk-3.0
Debug 620: new_name: /usr/share/gtk-3.0
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/gtk-engines
Debug 609: expanded: /usr/share/gtk-engines
Debug 620: new_name: /usr/share/gtk-engines
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/gtk-engines
	new_name: /usr/share/gtk-engines
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/gtksourceview-3.0
Debug 609: expanded: /usr/share/gtksourceview-3.0
Debug 620: new_name: /usr/share/gtksourceview-3.0
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/gtksourceview-3.0
	new_name: /usr/share/gtksourceview-3.0
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/gtksourceview-4
Debug 609: expanded: /usr/share/gtksourceview-4
Debug 620: new_name: /usr/share/gtksourceview-4
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/hunspell
Debug 609: expanded: /usr/share/hunspell
Debug 620: new_name: /usr/share/hunspell
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/hunspell
	new_name: /usr/share/hunspell
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/hwdata
Debug 609: expanded: /usr/share/hwdata
Debug 620: new_name: /usr/share/hwdata
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/icons
Debug 609: expanded: /usr/share/icons
Debug 620: new_name: /usr/share/icons
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/icu
Debug 609: expanded: /usr/share/icu
Debug 620: new_name: /usr/share/icu
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/knotifications5
Debug 609: expanded: /usr/share/knotifications5
Debug 620: new_name: /usr/share/knotifications5
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/knotifications5
	new_name: /usr/share/knotifications5
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/kservices5
Debug 609: expanded: /usr/share/kservices5
Debug 620: new_name: /usr/share/kservices5
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/kservices5
	new_name: /usr/share/kservices5
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/Kvantum
Debug 609: expanded: /usr/share/Kvantum
Debug 620: new_name: /usr/share/Kvantum
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/Kvantum
	new_name: /usr/share/Kvantum
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/kxmlgui5
Debug 609: expanded: /usr/share/kxmlgui5
Debug 620: new_name: /usr/share/kxmlgui5
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/kxmlgui5
	new_name: /usr/share/kxmlgui5
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/libdrm
Debug 609: expanded: /usr/share/libdrm
Debug 620: new_name: /usr/share/libdrm
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/libthai
Debug 609: expanded: /usr/share/libthai
Debug 620: new_name: /usr/share/libthai
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/locale
Debug 609: expanded: /usr/share/locale
Debug 620: new_name: /usr/share/locale
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/mime
Debug 609: expanded: /usr/share/mime
Debug 620: new_name: /usr/share/mime
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/misc
Debug 609: expanded: /usr/share/misc
Debug 620: new_name: /usr/share/misc
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/Modules
Debug 609: expanded: /usr/share/Modules
Debug 620: new_name: /usr/share/Modules
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/Modules
	new_name: /usr/share/Modules
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/myspell
Debug 609: expanded: /usr/share/myspell
Debug 620: new_name: /usr/share/myspell
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/myspell
	new_name: /usr/share/myspell
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/p11-kit
Debug 609: expanded: /usr/share/p11-kit
Debug 620: new_name: /usr/share/p11-kit
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/perl
Debug 609: expanded: /usr/share/perl
Debug 620: new_name: /usr/share/perl
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/perl
	new_name: /usr/share/perl
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/perl5
Debug 609: expanded: /usr/share/perl5
Debug 620: new_name: /usr/share/perl5
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/pipewire
Debug 609: expanded: /usr/share/pipewire
Debug 620: new_name: /usr/share/pipewire
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/pixmaps
Debug 609: expanded: /usr/share/pixmaps
Debug 620: new_name: /usr/share/pixmaps
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/pki
Debug 609: expanded: /usr/share/pki
Debug 620: new_name: /usr/share/pki
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/pki
	new_name: /usr/share/pki
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/plasma
Debug 609: expanded: /usr/share/plasma
Debug 620: new_name: /usr/share/plasma
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/plasma
	new_name: /usr/share/plasma
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/publicsuffix
Debug 609: expanded: /usr/share/publicsuffix
Debug 620: new_name: /usr/share/publicsuffix
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/publicsuffix
	new_name: /usr/share/publicsuffix
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/qt
Debug 609: expanded: /usr/share/qt
Debug 620: new_name: /usr/share/qt
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/qt4
Debug 609: expanded: /usr/share/qt4
Debug 620: new_name: /usr/share/qt4
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/qt4
	new_name: /usr/share/qt4
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/qt5
Debug 609: expanded: /usr/share/qt5
Debug 620: new_name: /usr/share/qt5
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/qt5
	new_name: /usr/share/qt5
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/qt5ct
Debug 609: expanded: /usr/share/qt5ct
Debug 620: new_name: /usr/share/qt5ct
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/qt5ct
	new_name: /usr/share/qt5ct
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/qt6
Debug 609: expanded: /usr/share/qt6
Debug 620: new_name: /usr/share/qt6
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/qt6ct
Debug 609: expanded: /usr/share/qt6ct
Debug 620: new_name: /usr/share/qt6ct
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/qt6ct
	new_name: /usr/share/qt6ct
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/sounds
Debug 609: expanded: /usr/share/sounds
Debug 620: new_name: /usr/share/sounds
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/tcl8.6
Debug 609: expanded: /usr/share/tcl8.6
Debug 620: new_name: /usr/share/tcl8.6
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/tcl8.6
	new_name: /usr/share/tcl8.6
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/tcltk
Debug 609: expanded: /usr/share/tcltk
Debug 620: new_name: /usr/share/tcltk
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/tcltk
	new_name: /usr/share/tcltk
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/terminfo
Debug 609: expanded: /usr/share/terminfo
Debug 620: new_name: /usr/share/terminfo
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/texlive
Debug 609: expanded: /usr/share/texlive
Debug 620: new_name: /usr/share/texlive
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/texlive
	new_name: /usr/share/texlive
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/texmf
Debug 609: expanded: /usr/share/texmf
Debug 620: new_name: /usr/share/texmf
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/texmf
	new_name: /usr/share/texmf
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/themes
Debug 609: expanded: /usr/share/themes
Debug 620: new_name: /usr/share/themes
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/thumbnail.so
Debug 609: expanded: /usr/share/thumbnail.so
Debug 620: new_name: /usr/share/thumbnail.so
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/thumbnail.so
	new_name: /usr/share/thumbnail.so
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/uim
Debug 609: expanded: /usr/share/uim
Debug 620: new_name: /usr/share/uim
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/uim
	new_name: /usr/share/uim
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/vulkan
Debug 609: expanded: /usr/share/vulkan
Debug 620: new_name: /usr/share/vulkan
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/X11
Debug 609: expanded: /usr/share/X11
Debug 620: new_name: /usr/share/X11
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/xml
Debug 609: expanded: /usr/share/xml
Debug 620: new_name: /usr/share/xml
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/zenity
Debug 609: expanded: /usr/share/zenity
Debug 620: new_name: /usr/share/zenity
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/zenity
	new_name: /usr/share/zenity
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/zoneinfo
Debug 609: expanded: /usr/share/zoneinfo
Debug 620: new_name: /usr/share/zoneinfo
Debug 630: dir: /usr/share
Debug 588: whitelist /var/lib/aspell
Debug 609: expanded: /var/lib/aspell
Debug 620: new_name: /var/lib/aspell
Debug 630: dir: /var
Removed path: whitelist /var/lib/aspell
	new_name: /var/lib/aspell
	realpath: (null)
	No such file or directory
Debug 588: whitelist /var/lib/ca-certificates
Debug 609: expanded: /var/lib/ca-certificates
Debug 620: new_name: /var/lib/ca-certificates
Debug 630: dir: /var
Removed path: whitelist /var/lib/ca-certificates
	new_name: /var/lib/ca-certificates
	realpath: (null)
	No such file or directory
Debug 588: whitelist /var/lib/dbus
Debug 609: expanded: /var/lib/dbus
Debug 620: new_name: /var/lib/dbus
Debug 630: dir: /var
Debug 588: whitelist /var/lib/menu-xdg
Debug 609: expanded: /var/lib/menu-xdg
Debug 620: new_name: /var/lib/menu-xdg
Debug 630: dir: /var
Removed path: whitelist /var/lib/menu-xdg
	new_name: /var/lib/menu-xdg
	realpath: (null)
	No such file or directory
Debug 588: whitelist /var/lib/uim
Debug 609: expanded: /var/lib/uim
Debug 620: new_name: /var/lib/uim
Debug 630: dir: /var
Removed path: whitelist /var/lib/uim
	new_name: /var/lib/uim
	realpath: (null)
	No such file or directory
Debug 588: whitelist /var/cache/fontconfig
Debug 609: expanded: /var/cache/fontconfig
Debug 620: new_name: /var/cache/fontconfig
Debug 630: dir: /var
Debug 588: whitelist /var/tmp
Debug 609: expanded: /var/tmp
Debug 620: new_name: /var/tmp
Debug 630: dir: /var
Debug 588: whitelist /var/run
Debug 609: expanded: /var/run
Debug 620: new_name: /var/run
Debug 630: dir: /var
Debug 588: whitelist /var/lock
Debug 609: expanded: /var/lock
Debug 620: new_name: /var/lock
Debug 630: dir: /var
Debug 588: whitelist /run/user/1000/pipewire-0
Debug 609: expanded: /run/user/1000/pipewire-0
Debug 620: new_name: /run/user/1000/pipewire-0
Debug 630: dir: /run/user/1000
Debug 588: whitelist /run/user/1000/wayland-1
Debug 609: expanded: /run/user/1000/wayland-1
Debug 620: new_name: /run/user/1000/wayland-1
Debug 630: dir: /run/user/1000
Mounting tmpfs on /usr/share, check owner: no
1817 1760 0:207 / /usr/share rw,nosuid,nodev,noatime,nodiratime - tmpfs tmpfs rw,mode=755,inode64
mountid=1817 fsname=/ dir=/usr/share fstype=tmpfs
Mounting tmpfs on /var, check owner: no
1818 1744 0:208 / /var rw,nosuid,nodev,noexec,noatime,nodiratime - tmpfs tmpfs rw,mode=755,inode64
mountid=1818 fsname=/ dir=/var fstype=tmpfs
Mounting tmpfs on /run/user/1000, check owner: no
1819 1771 0:209 / /run/user/1000 rw,nosuid,nodev,relatime - tmpfs tmpfs rw,mode=700,uid=1000,gid=1000,inode64
mountid=1819 fsname=/ dir=/run/user/1000 fstype=tmpfs
Whitelisting /usr/share/nvim
1820 1817 0:26 /@/usr/share/nvim /usr/share/nvim ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1820 fsname=/@/usr/share/nvim dir=/usr/share/nvim fstype=btrfs
Whitelisting /usr/share/groff
1821 1817 0:26 /@/usr/share/groff /usr/share/groff ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1821 fsname=/@/usr/share/groff dir=/usr/share/groff fstype=btrfs
Whitelisting /usr/share/info
1822 1817 0:26 /@/usr/share/info /usr/share/info ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1822 fsname=/@/usr/share/info dir=/usr/share/info fstype=btrfs
Whitelisting /usr/share/man
1823 1817 0:26 /@/usr/share/man /usr/share/man ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1823 fsname=/@/usr/share/man dir=/usr/share/man fstype=btrfs
Whitelisting /var/cache/man
1824 1818 0:26 /@var/cache/man /var/cache/man ro,nosuid,nodev,noexec,noatime,nodiratime master:46 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=660,subvol=/@var
mountid=1824 fsname=/@var/cache/man dir=/var/cache/man fstype=btrfs
Whitelisting /run/user/1000/bus
1825 1819 0:23 /firejail/firejail.ro.file /run/user/1000/bus ro,nosuid,nodev,relatime master:12 - tmpfs run rw,mode=755,inode64
mountid=1825 fsname=/firejail/firejail.ro.file dir=/run/user/1000/bus fstype=tmpfs
Whitelisting /run/user/1000/dconf
1826 1819 0:53 /dconf /run/user/1000/dconf rw,nosuid,nodev,relatime master:248 - tmpfs tmpfs rw,size=1211456k,nr_inodes=302864,mode=700,uid=1000,gid=1000,inode64
mountid=1826 fsname=/dconf dir=/run/user/1000/dconf fstype=tmpfs
Whitelisting /run/user/1000/pulse/native
1827 1819 0:53 /pulse/native /run/user/1000/pulse/native rw,nosuid,nodev,relatime master:248 - tmpfs tmpfs rw,size=1211456k,nr_inodes=302864,mode=700,uid=1000,gid=1000,inode64
mountid=1827 fsname=/pulse/native dir=/run/user/1000/pulse/native fstype=tmpfs
Whitelisting /usr/share/alsa
1828 1817 0:26 /@/usr/share/alsa /usr/share/alsa ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1828 fsname=/@/usr/share/alsa dir=/usr/share/alsa fstype=btrfs
Whitelisting /usr/share/applications
1829 1817 0:26 /@/usr/share/applications /usr/share/applications ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1829 fsname=/@/usr/share/applications dir=/usr/share/applications fstype=btrfs
Whitelisting /usr/share/ca-certificates
1830 1817 0:26 /@/usr/share/ca-certificates /usr/share/ca-certificates ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1830 fsname=/@/usr/share/ca-certificates dir=/usr/share/ca-certificates fstype=btrfs
Whitelisting /usr/share/drirc.d
1831 1817 0:26 /@/usr/share/drirc.d /usr/share/drirc.d ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1831 fsname=/@/usr/share/drirc.d dir=/usr/share/drirc.d fstype=btrfs
Whitelisting /usr/share/file
1832 1817 0:26 /@/usr/share/file /usr/share/file ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1832 fsname=/@/usr/share/file dir=/usr/share/file fstype=btrfs
Whitelisting /usr/share/fontconfig
1833 1817 0:26 /@/usr/share/fontconfig /usr/share/fontconfig ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1833 fsname=/@/usr/share/fontconfig dir=/usr/share/fontconfig fstype=btrfs
Whitelisting /usr/share/fonts
1834 1817 0:26 /@/usr/share/fonts /usr/share/fonts ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1834 fsname=/@/usr/share/fonts dir=/usr/share/fonts fstype=btrfs
Whitelisting /usr/share/gir-1.0
1835 1817 0:26 /@/usr/share/gir-1.0 /usr/share/gir-1.0 ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1835 fsname=/@/usr/share/gir-1.0 dir=/usr/share/gir-1.0 fstype=btrfs
Whitelisting /usr/share/glib-2.0
1836 1817 0:26 /@/usr/share/glib-2.0 /usr/share/glib-2.0 ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1836 fsname=/@/usr/share/glib-2.0 dir=/usr/share/glib-2.0 fstype=btrfs
Whitelisting /usr/share/glvnd
1837 1817 0:26 /@/usr/share/glvnd /usr/share/glvnd ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1837 fsname=/@/usr/share/glvnd dir=/usr/share/glvnd fstype=btrfs
Whitelisting /usr/share/gtk-2.0
1838 1817 0:26 /@/usr/share/gtk-2.0 /usr/share/gtk-2.0 ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1838 fsname=/@/usr/share/gtk-2.0 dir=/usr/share/gtk-2.0 fstype=btrfs
Whitelisting /usr/share/gtk-3.0
1839 1817 0:26 /@/usr/share/gtk-3.0 /usr/share/gtk-3.0 ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1839 fsname=/@/usr/share/gtk-3.0 dir=/usr/share/gtk-3.0 fstype=btrfs
Whitelisting /usr/share/gtksourceview-4
1840 1817 0:26 /@/usr/share/gtksourceview-4 /usr/share/gtksourceview-4 ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1840 fsname=/@/usr/share/gtksourceview-4 dir=/usr/share/gtksourceview-4 fstype=btrfs
Whitelisting /usr/share/hwdata
1841 1817 0:26 /@/usr/share/hwdata /usr/share/hwdata ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1841 fsname=/@/usr/share/hwdata dir=/usr/share/hwdata fstype=btrfs
Whitelisting /usr/share/icons
1842 1817 0:26 /@/usr/share/icons /usr/share/icons ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1842 fsname=/@/usr/share/icons dir=/usr/share/icons fstype=btrfs
Whitelisting /usr/share/icu
1843 1817 0:26 /@/usr/share/icu /usr/share/icu ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1843 fsname=/@/usr/share/icu dir=/usr/share/icu fstype=btrfs
Whitelisting /usr/share/libdrm
1844 1817 0:26 /@/usr/share/libdrm /usr/share/libdrm ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1844 fsname=/@/usr/share/libdrm dir=/usr/share/libdrm fstype=btrfs
Whitelisting /usr/share/libthai
1845 1817 0:26 /@/usr/share/libthai /usr/share/libthai ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1845 fsname=/@/usr/share/libthai dir=/usr/share/libthai fstype=btrfs
Whitelisting /usr/share/locale
1846 1817 0:26 /@/usr/share/locale /usr/share/locale ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1846 fsname=/@/usr/share/locale dir=/usr/share/locale fstype=btrfs
Whitelisting /usr/share/mime
1847 1817 0:26 /@/usr/share/mime /usr/share/mime ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1847 fsname=/@/usr/share/mime dir=/usr/share/mime fstype=btrfs
Whitelisting /usr/share/misc
1848 1817 0:26 /@/usr/share/misc /usr/share/misc ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1848 fsname=/@/usr/share/misc dir=/usr/share/misc fstype=btrfs
Whitelisting /usr/share/p11-kit
1849 1817 0:26 /@/usr/share/p11-kit /usr/share/p11-kit ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1849 fsname=/@/usr/share/p11-kit dir=/usr/share/p11-kit fstype=btrfs
Whitelisting /usr/share/perl5
1850 1817 0:26 /@/usr/share/perl5 /usr/share/perl5 ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1850 fsname=/@/usr/share/perl5 dir=/usr/share/perl5 fstype=btrfs
Whitelisting /usr/share/pipewire
1851 1817 0:26 /@/usr/share/pipewire /usr/share/pipewire ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1851 fsname=/@/usr/share/pipewire dir=/usr/share/pipewire fstype=btrfs
Whitelisting /usr/share/pixmaps
1852 1817 0:26 /@/usr/share/pixmaps /usr/share/pixmaps ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1852 fsname=/@/usr/share/pixmaps dir=/usr/share/pixmaps fstype=btrfs
Whitelisting /usr/share/qt
1853 1817 0:26 /@/usr/share/qt /usr/share/qt ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1853 fsname=/@/usr/share/qt dir=/usr/share/qt fstype=btrfs
Whitelisting /usr/share/qt6
1854 1817 0:26 /@/usr/share/qt6 /usr/share/qt6 ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1854 fsname=/@/usr/share/qt6 dir=/usr/share/qt6 fstype=btrfs
Whitelisting /usr/share/sounds
1855 1817 0:26 /@/usr/share/sounds /usr/share/sounds ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1855 fsname=/@/usr/share/sounds dir=/usr/share/sounds fstype=btrfs
Whitelisting /usr/share/terminfo
1856 1817 0:26 /@/usr/share/terminfo /usr/share/terminfo ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1856 fsname=/@/usr/share/terminfo dir=/usr/share/terminfo fstype=btrfs
Whitelisting /usr/share/themes
1857 1817 0:26 /@/usr/share/themes /usr/share/themes ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1857 fsname=/@/usr/share/themes dir=/usr/share/themes fstype=btrfs
Whitelisting /usr/share/vulkan
1858 1817 0:26 /@/usr/share/vulkan /usr/share/vulkan ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1858 fsname=/@/usr/share/vulkan dir=/usr/share/vulkan fstype=btrfs
Whitelisting /usr/share/X11
1859 1817 0:26 /@/usr/share/X11 /usr/share/X11 ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1859 fsname=/@/usr/share/X11 dir=/usr/share/X11 fstype=btrfs
Whitelisting /usr/share/xml
1860 1817 0:26 /@/usr/share/xml /usr/share/xml ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1860 fsname=/@/usr/share/xml dir=/usr/share/xml fstype=btrfs
Whitelisting /usr/share/zoneinfo
1861 1817 0:26 /@/usr/share/zoneinfo /usr/share/zoneinfo ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1861 fsname=/@/usr/share/zoneinfo dir=/usr/share/zoneinfo fstype=btrfs
Whitelisting /var/lib/dbus
1862 1818 0:26 /@var/lib/dbus /var/lib/dbus ro,nosuid,nodev,noexec,noatime,nodiratime master:46 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=660,subvol=/@var
mountid=1862 fsname=/@var/lib/dbus dir=/var/lib/dbus fstype=btrfs
Whitelisting /var/cache/fontconfig
1863 1818 0:26 /@var/cache/fontconfig /var/cache/fontconfig ro,nosuid,nodev,noexec,noatime,nodiratime master:46 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=660,subvol=/@var
mountid=1863 fsname=/@var/cache/fontconfig dir=/var/cache/fontconfig fstype=btrfs
Whitelisting /var/tmp
1864 1818 0:199 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw,inode64
mountid=1864 fsname=/ dir=/var/tmp fstype=tmpfs
Created symbolic link /var/run -> /run
Created symbolic link /var/lock -> /run/lock
Whitelisting /run/user/1000/pipewire-0
1865 1819 0:53 /pipewire-0 /run/user/1000/pipewire-0 rw,nosuid,nodev,relatime master:248 - tmpfs tmpfs rw,size=1211456k,nr_inodes=302864,mode=700,uid=1000,gid=1000,inode64
mountid=1865 fsname=/pipewire-0 dir=/run/user/1000/pipewire-0 fstype=tmpfs
Whitelisting /run/user/1000/wayland-1
1866 1819 0:53 /wayland-1 /run/user/1000/wayland-1 rw,nosuid,nodev,relatime master:248 - tmpfs tmpfs rw,size=1211456k,nr_inodes=302864,mode=700,uid=1000,gid=1000,inode64
mountid=1866 fsname=/wayland-1 dir=/run/user/1000/wayland-1 fstype=tmpfs
Disable /run/user/1000
Not blacklist /home/shellcode/.local/share/nvim
Not blacklist /home/shellcode/.local/state/nvim
Disable /home/shellcode/.dotfiles/.config/sway (requested /home/shellcode/.config/sway)
Disable /etc/xdg/autostart
Warning (blacklisting): cannot open /run/user/1000/*.slave-socket: Permission denied
Warning (blacklisting): cannot open /run/user/1000/kdeinit5__*: Permission denied
Warning (blacklisting): cannot open /run/user/1000/kdesud_*: Permission denied
Mounting read-only /home/shellcode/.config/dconf
1870 1769 0:26 /@home/shellcode/.config/dconf /home/shellcode/.config/dconf ro,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home
mountid=1870 fsname=/@home/shellcode/.config/dconf dir=/home/shellcode/.config/dconf fstype=btrfs
Warning (blacklisting): cannot open /run/user/1000/gnome-session-leader-fifo: Permission denied
Warning (blacklisting): cannot open /run/user/1000/gnome-shell: Permission denied
Warning (blacklisting): cannot open /run/user/1000/gsconnect: Permission denied
Disable /home/shellcode/.config/systemd
Disable /home/shellcode/.local/share/systemd
Warning (blacklisting): cannot open /run/user/1000/systemd: Permission denied
Warning (blacklisting): cannot open /run/user/1000/libvirt: Permission denied
Warning (blacklisting): cannot open /run/user/1000/containers: Permission denied
Warning (blacklisting): cannot open /run/user/1000/crun: Permission denied
Warning (blacklisting): cannot open /run/user/1000/libpod: Permission denied
Warning (blacklisting): cannot open /run/user/1000/runc: Permission denied
Warning (blacklisting): cannot open /run/user/1000/toolbox: Permission denied
Disable /run/docker.sock (requested /var/run/docker.sock)
Mounting read-only /home/shellcode/.bash_logout
1874 1769 0:26 /@home/shellcode/.bash_logout /home/shellcode/.bash_logout ro,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home
mountid=1874 fsname=/@home/shellcode/.bash_logout dir=/home/shellcode/.bash_logout fstype=btrfs
Mounting read-only /home/shellcode/.bash_profile
1875 1769 0:26 /@home/shellcode/.bash_profile /home/shellcode/.bash_profile ro,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home
mountid=1875 fsname=/@home/shellcode/.bash_profile dir=/home/shellcode/.bash_profile fstype=btrfs
Mounting read-only /home/shellcode/.bashrc
1876 1769 0:26 /@home/shellcode/.bashrc /home/shellcode/.bashrc ro,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home
mountid=1876 fsname=/@home/shellcode/.bashrc dir=/home/shellcode/.bashrc fstype=btrfs
Mounting read-only /home/shellcode/.dotfiles/.profile
1877 1769 0:26 /@home/shellcode/.dotfiles/.profile /home/shellcode/.dotfiles/.profile ro,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home
mountid=1877 fsname=/@home/shellcode/.dotfiles/.profile dir=/home/shellcode/.dotfiles/.profile fstype=btrfs
Mounting read-only /home/shellcode/.ssh/config
1878 1769 0:26 /@home/shellcode/.ssh/config /home/shellcode/.ssh/config ro,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home
mountid=1878 fsname=/@home/shellcode/.ssh/config dir=/home/shellcode/.ssh/config fstype=btrfs
Mounting read-only /home/shellcode/.dotfiles/.config/nvim
1879 1769 0:26 /@home/shellcode/.dotfiles/.config/nvim /home/shellcode/.dotfiles/.config/nvim ro,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home
mountid=1879 fsname=/@home/shellcode/.dotfiles/.config/nvim dir=/home/shellcode/.dotfiles/.config/nvim fstype=btrfs
Mounting read-only /home/shellcode/.dotfiles
1883 1880 0:26 /@home/shellcode/.dotfiles/.config/nvim /home/shellcode/.dotfiles/.config/nvim ro,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home
mountid=1883 fsname=/@home/shellcode/.dotfiles/.config/nvim dir=/home/shellcode/.dotfiles/.config/nvim fstype=btrfs
Mounting read-only /home/shellcode/.local/share/nvim
1884 1769 0:26 /@home/shellcode/.local/share/nvim /home/shellcode/.local/share/nvim ro,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home
mountid=1884 fsname=/@home/shellcode/.local/share/nvim dir=/home/shellcode/.local/share/nvim fstype=btrfs
Mounting read-only /home/shellcode/.local/state/nvim
1885 1769 0:26 /@home/shellcode/.local/state/nvim /home/shellcode/.local/state/nvim ro,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home
mountid=1885 fsname=/@home/shellcode/.local/state/nvim dir=/home/shellcode/.local/state/nvim fstype=btrfs
Mounting read-only /home/shellcode/.cargo/bin
1886 1769 0:26 /@home/shellcode/.cargo/bin /home/shellcode/.cargo/bin ro,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home
mountid=1886 fsname=/@home/shellcode/.cargo/bin dir=/home/shellcode/.cargo/bin fstype=btrfs
Mounting read-only /home/shellcode/.rustup
1887 1769 0:26 /@home/shellcode/.rustup /home/shellcode/.rustup ro,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home
mountid=1887 fsname=/@home/shellcode/.rustup dir=/home/shellcode/.rustup fstype=btrfs
Disable /tmp/ssh-XXXXXWarning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
X409B7Q
Disable /home/shellcode/.gnupg
Disable /home/shellcode/.local/share/pki
Disable /home/shellcode/.pki
Disable /home/shellcode/.ssh
Disable /usr/local/sbin
Disable /usr/local/bin/strace
Disable /usr/bin/strace
Disable /usr/lib/ssh
Disable /usr/lib/dbus-1.0/dbus-daemon-launch-helper
Disable /usr/lib/chromium/chrome-sandbox
Disable /.snapshots
Warning (blacklisting): cannot open /run/user/1000/.dbus-proxy: Permission denied
Warning (blacklisting): cannot open /run/user/1000/.flatpak: Permission denied
Warning (blacklisting): cannot open /run/user/1000/.flatpak-cache: Permission denied
Warning (blacklisting): cannot open /run/user/1000/.flatpak-helper: Permission denied
Warning (blacklisting): cannot open /run/user/1000/app: Permission denied
Warning (blacklisting): cannot open /run/user/1000/doc: Permission denied
Warning (blacklisting): cannot open /run/user/1000/snapd-session-agent.socket: Permission denied
Disable /proc/config.gz
Warning (blacklisting): cannot open /run/user/1000/*.lock: Permission denied
Warning (blacklisting): cannot open /run/user/1000/inaccessible: Permission denied
Warning (blacklisting): cannot open /run/user/1000/pk-debconf-socket: Permission denied
Warning (blacklisting): cannot open /run/user/1000/update-notifier.pid: Permission denied
Not blacklist /home/shellcode/.rustup
Disable /usr/src
Disable /usr/local/src
Not blacklist /usr/include
Disable /usr/local/include
Mounting noexec /home/shellcode
1926 1904 0:23 /firejail/firejail.ro.dir /home/shellcode/.ssh ro,nosuid,nodev,relatime master:12 - tmpfs run rw,mode=755,inode64
mountid=1926 fsname=/firejail/firejail.ro.dir dir=/home/shellcode/.ssh fstype=tmpfs
Mounting noexec /home/shellcode/.dotfiles/.config/sway
1927 1916 0:23 /firejail/firejail.ro.dir /home/shellcode/.dotfiles/.config/sway ro,nosuid,nodev,noexec,relatime master:12 - tmpfs run rw,mode=755,inode64
mountid=1927 fsname=/firejail/firejail.ro.dir dir=/home/shellcode/.dotfiles/.config/sway fstype=tmpfs
Mounting noexec /home/shellcode/.config/dconf
1928 1906 0:26 /@home/shellcode/.config/dconf /home/shellcode/.config/dconf ro,nosuid,nodev,noexec,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home
mountid=1928 fsname=/@home/shellcode/.config/dconf dir=/home/shellcode/.config/dconf fstype=btrfs
Mounting noexec /home/shellcode/.config/systemd
1929 1907 0:23 /firejail/firejail.ro.dir /home/shellcode/.config/systemd ro,nosuid,nodev,noexec,relatime master:12 - tmpfs run rw,mode=755,inode64
mountid=1929 fsname=/firejail/firejail.ro.dir dir=/home/shellcode/.config/systemd fstype=tmpfs
Mounting noexec /home/shellcode/.local/share/systemd
1930 1908 0:23 /firejail/firejail.ro.dir /home/shellcode/.local/share/systemd ro,nosuid,nodev,noexec,relatime master:12 - tmpfs run rw,mode=755,inode64
mountid=1930 fsname=/firejail/firejail.ro.dir dir=/home/shellcode/.local/share/systemd fstype=tmpfs
Mounting noexec /home/shellcode/.bash_logout
1931 1909 0:26 /@home/shellcode/.bash_logout /home/shellcode/.bash_logout ro,nosuid,nodev,noexec,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home
mountid=1931 fsname=/@home/shellcode/.bash_logout dir=/home/shellcode/.bash_logout fstype=btrfs
Mounting noexec /home/shellcode/.bash_profile
1932 1910 0:26 /@home/shellcode/.bash_profile /home/shellcode/.bash_profile ro,nosuid,nodev,noexec,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home
mountid=1932 fsname=/@home/shellcode/.bash_profile dir=/home/shellcode/.bash_profile fstype=btrfs
Mounting noexec /home/shellcode/.bashrc
1933 1911 0:26 /@home/shellcode/.bashrc /home/shellcode/.bashrc ro,nosuid,nodev,noexec,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home
mountid=1933 fsname=/@home/shellcode/.bashrc dir=/home/shellcode/.bashrc fstype=btrfs
Mounting noexec /home/shellcode/.dotfiles/.profile
1934 1917 0:26 /@home/shellcode/.dotfileWarning: not remounting /home/shellcode/.ssh/config
s/.profile /home/shellcode/.dotfiles/.profile ro,nosuid,nodev,noexec,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home
mountid=1934 fsname=/@home/shellcode/.dotfiles/.profile dir=/home/shellcode/.dotfiles/.profile fstype=btrfs
Mounting noexec /home/shellcode/.dotfiles/.config/nvim
1935 1918 0:26 /@home/shellcode/.dotfiles/.config/nvim /home/shellcode/.dotfiles/.config/nvim ro,nosuid,nodev,noexec,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home
mountid=1935 fsname=/@home/shellcode/.dotfiles/.config/nvim dir=/home/shellcode/.dotfiles/.config/nvim fstype=btrfs
Mounting noexec /home/shellcode/.dotfiles
1942 1941 0:26 /@home/shellcode/.dotfiles/.config/nvim /home/shellcode/.dotfiles/.config/nvim ro,nosuid,nodev,noexec,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home
mountid=1942 fsname=/@home/shellcode/.dotfiles/.config/nvim dir=/home/shellcode/.dotfiles/.config/nvim fstype=btrfs
Mounting noexec /home/shellcode/.local/share/nvim
1943 1919 0:26 /@home/shellcode/.local/share/nvim /home/shellcode/.local/share/nvim ro,nosuid,nodev,noexec,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home
mountid=1943 fsname=/@home/shellcode/.local/share/nvim dir=/home/shellcode/.local/share/nvim fstype=btrfs
Mounting noexec /home/shellcode/.local/state/nvim
1944 1920 0:26 /@home/shellcode/.local/state/nvim /home/shellcode/.local/state/nvim ro,nosuid,nodev,noexec,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home
mountid=1944 fsname=/@home/shellcode/.local/state/nvim dir=/home/shellcode/.local/state/nvim fstype=btrfs
Mounting noexec /home/shellcode/.cargo/bin
1945 1921 0:26 /@home/shellcode/.cargo/bin /home/shellcode/.cargo/bin ro,nosuid,nodev,noexec,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home
mountid=1945 fsname=/@home/shellcode/.cargo/bin dir=/home/shellcode/.cargo/bin fstype=btrfs
Mounting noexec /home/shellcode/.rustup
1946 1922 0:26 /@home/shellcode/.rustup /home/shellcode/.rustup ro,nosuid,nodev,noexec,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home
mountid=1946 fsname=/@home/shellcode/.rustup dir=/home/shellcode/.rustup fstype=btrfs
Mounting noexec /home/shellcode/.gnupg
1947 1923 0:23 /firejail/firejail.ro.dir /home/shellcode/.gnupg ro,nosuid,nodev,noexec,relatime master:12 - tmpfs run rw,mode=755,inode64
mountid=1947 fsname=/firejail/firejail.ro.dir dir=/home/shellcode/.gnupg fstype=tmpfs
Mounting noexec /home/shellcode/.local/share/pki
1948 1924 0:23 /firejail/firejail.ro.dir /home/shellcode/.local/share/pki ro,nosuid,nodev,noexec,relatime master:12 - tmpfs run rw,mode=755,inode64
mountid=1948 fsname=/firejail/firejail.ro.dir dir=/home/shellcode/.local/share/pki fstype=tmpfs
Mounting noexec /home/shellcode/.pki
1949 1925 0:23 /firejail/firejail.ro.dir /home/shellcode/.pki ro,nosuid,nodev,noexec,relatime master:12 - tmpfs run rw,mode=755,inode64
mountid=1949 fsname=/firejail/firejail.ro.dir dir=/home/shellcode/.pki fstype=tmpfs
Mounting noexec /home/shellcode/.ssh
1950 1926 0:23 /firejail/firejail.ro.dir /home/shellcode/.ssh ro,nosuid,nodev,noexec,relatime master:12 - tmpfs run rw,mode=755,inode64
mountid=1950 fsname=/firejail/firejail.ro.dir dir=/home/shellcode/.ssh fstype=tmpfs
Mounting noexec /run/user/1000
1951 1867 0:23 /firejail/firejail.ro.dir /run/user/1000 ro,nosuid,nodev,noexec,relatime master:12 - tmpfs run rw,mode=755,inode64
mountid=1951 fsname=/firejail/firejail.ro.dir dir=/run/user/1000 fstype=tmpfs
Mounting noexec /dev/shm
1952 1789 0:203 /shm /dev/shm rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64
mountid=1952 fsname=/shm dir=/dev/shm fstype=tmpfs
Mounting noexec /tmp
1954 1953 0:23 /firejail/firWarning: not remounting /home/shellcode/.ssh/config
Warning: not remounting /home/shellcode/.cargo/bin
Warning: not remounting /home/shellcode/.cargo/bin
ejail.ro.dir /tmp/ssh-XXXXXX409B7Q ro,nosuid,nodev,relatime master:12 - tmpfs run rw,mode=755,inode64
mountid=1954 fsname=/firejail/firejail.ro.dir dir=/tmp/ssh-XXXXXX409B7Q fstype=tmpfs
Mounting noexec /tmp/ssh-XXXXXX409B7Q
1955 1954 0:23 /firejail/firejail.ro.dir /tmp/ssh-XXXXXX409B7Q ro,nosuid,nodev,noexec,relatime master:12 - tmpfs run rw,mode=755,inode64
mountid=1955 fsname=/firejail/firejail.ro.dir dir=/tmp/ssh-XXXXXX409B7Q fstype=tmpfs
Not blacklist /usr/local/bin/lua*
Not blacklist /usr/bin/lua*
Not blacklist /home/shellcode/.local/bin/lua*
Disable /usr/include/luajit-2.1
Disable /usr/include/lua.h
Disable /usr/include/lua.hpp
Disable /usr/include/luaconf.h
Disable /usr/include/lualib.h
Not blacklist /usr/lib/liblua++.so
Not blacklist /usr/lib/liblua++.so.5.4
Not blacklist /usr/lib/liblua++.so.5.4.6
Not blacklist /usr/lib/liblua++5.4.so
Not blacklist /usr/lib/liblua.so
Not blacklist /usr/lib/liblua.so.5.4
Not blacklist /usr/lib/liblua.so.5.4.6
Not blacklist /usr/lib/liblua5.4.so
Not blacklist /usr/lib/libluajit-5.1.so
Not blacklist /usr/lib/libluajit-5.1.so.2
Not blacklist /usr/lib/libluajit-5.1.so.2.1.1700008891
Not blacklist /usr/lib/lua
Not blacklist /usr/lib64/liblua++.so
Not blacklist /usr/lib64/liblua++.so.5.4
Not blacklist /usr/lib64/liblua++.so.5.4.6
Not blacklist /usr/lib64/liblua++5.4.so
Not blacklist /usr/lib64/liblua.so
Not blacklist /usr/lib64/liblua.so.5.4
Not blacklist /usr/lib64/liblua.so.5.4.6
Not blacklist /usr/lib64/liblua5.4.so
Not blacklist /usr/lib64/libluajit-5.1.so
Not blacklist /usr/lib64/libluajit-5.1.so.2
Not blacklist /usr/lib64/libluajit-5.1.so.2.1.1700008891
Not blacklist /usr/lib64/lua
Not blacklist /usr/share/lua*
Disable /usr/include/node
Disable /usr/lib/perl5
Disable /usr/lib/perl5 (requested /usr/lib64/perl5)
Disable /usr/share/perl5
Disable /usr/lib/ruby
Disable /usr/lib/ruby (requested /usr/lib64/ruby)
Disable /usr/include/python3.11
Disable /usr/lib/python3.11
Disable /usr/lib/python3.11 (requested /usr/lib64/python3.11)
Disable /home/shellcode/.cache/babl
Disable /home/shellcode/.cache/chromium
Disable /home/shellcode/.cache/gegl-0.4
Disable /home/shellcode/.cache/keepassxc
Disable /home/shellcode/.cache/mozilla
Not blacklist /home/shellcode/.cache/nvim
Disable /home/shellcode/.cache/pip
Disable /home/shellcode/.cargo
Disable /home/shellcode/.config/Signal
Disable /home/shellcode/.config/chromium
Disable /home/shellcode/.dotfiles/.config/chromium-flags.conf (requested /home/shellcode/.config/chromium-flags.conf)
Disable /home/shellcode/.config/deluge
Disable /home/shellcode/.dotfiles/.config/electron-flags.conf (requested /home/shellcode/.config/electron-flags.conf)
Disable /home/shellcode/.config/flameshot
Disable /home/shellcode/.dotfiles/.config/git (requested /home/shellcode/.config/git)
Disable /home/shellcode/.config/keepassxc
Disable /home/shellcode/.config/libreoffice
Not blacklist /home/shellcode/.config/nvim
Disable /home/shellcode/.config/pavucontrol.ini
Disable /home/shellcode/.config/remmina
Disable /home/shellcode/.config/transmission
Not blacklist /home/shellcode/.local/share/man
Disable /home/shellcode/.local/share/remmina
Disable /home/shellcode/.mozilla
Disable /home/shellcode/.wget-hsts
Warning (blacklisting): cannot open /run/user/1000/*firefox*: Permission denied
Warning (blacklisting): cannot open /run/user/1000/akonadi: Permission denied
Warning (blacklisting): cannot open /run/user/1000/psd/*firefox*: Permission denied
Directory ${DOCUMENTS} resolved as documents
Disable /home/shellcode/documents
Directory ${MUSIC} resolved as media/music
Disable /home/shellcode/media/music
Directory ${PICTURES} resolved as media/pictures
Disable /home/shellcode/media/pictures
Directory ${VIDEOS} resolved as media/videos
Disable /home/shellcode/media/videos
Mounting read-only /home/shellcode
2068 1996 0:23 /firejail/firejail.ro.dir /home/shellcode/media/videos ro,nosuid,nodev,relatime master:12 - tmpfs run rw,mode=755,inode64
mountid=2068 fsname=/firejail/firejail.ro.dir dir=/home/shellcode/media/videos fstype=tmpfs
Disable /tmp/.X11-unix
Mounting tmpfs on /home/shelDISPLAY is not set
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 04 00 c000003e   jeq ARCH_64 0006 (false 0002)
 0002: 20 00 00 00000000   ld  data.syscall-number
 0003: 15 01 00 00000167   jeq unknown 0005 (false 0004)
 0004: 06 00 00 7fff0000   ret ALLOW
 0005: 05 00 00 00000009   jmp 000f
 0006: 20 00 00 00000004   ld  data.architecture
 0007: 15 01 00 c000003e   jeq ARCH_64 0009 (false 0008)
 0008: 06 00 00 7fff0000   ret ALLOW
 0009: 20 00 00 00000000   ld  data.syscall-number
 000a: 35 01 00 40000000   jge X32_ABI 000c (false 000b)
 000b: 35 01 00 00000000   jge read 000d (false 000c)
 000c: 06 00 00 00050001   ret ERRNO(1)
 000d: 15 01 00 00000029   jeq socket 000f (false 000e)
 000e: 06 00 00 7fff0000   ret ALLOW
 000f: 20 00 00 00000010   ld  data.args[0]
 0010: 15 00 01 00000001   jeq 1 0011 (false 0012)
 0011: 06 00 00 7fff0000   ret ALLOW
 0012: 06 00 00 0005005f   ret ERRNO(95)
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 40000003   jeq ARCH_32 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 15 30 00 00000015   jeq 15 0035 (false 0005)
 0005: 15 2f 00 00000034   jeq 34 0035 (false 0006)
 0006: 15 2e 00 0000001a   jeq 1a 0035 (false 0007)
 0007: 15 2d 00 0000011b   jeq 11b 0035 (false 0008)
 0008: 15 2c 00 00000155   jeq 155 0035 (false 0009)
 0009: 15 2b 00 00000156   jeq 156 0035 (false 000a)
 000a: 15 2a 00 0000007f   jeq 7f 0035 (false 000b)
 000b: 15 29 00 00000080   jeq 80 0035 (false 000c)
 000c: 15 28 00 0000015e   jeq 15e 0035 (false 000d)
 000d: 15 27 00 00000081   jeq 81 0035 (false 000e)
 000e: 15 26 00 0000006e   jeq 6e 0035 (false 000f)
 000f: 15 25 00 00000065   jeq 65 0035 (false 0010)
 0010: 15 24 00 00000121   jeq 121 0035 (false 0011)
 0011: 15 23 00 00000057   jeq 57 0035 (false 0012)
 0012: 15 22 00 00000073   jeq 73 0035 (false 0013)
 0013: 15 21 00 00000067   jeq 67 0035 (false 0014)
 0014: 15 20 00 0000015b   jeq 15b 0035 (false 0015)
 0015: 15 1f 00 0000015c   jeq 15c 0035 (false 0016)
 0016: 15 1e 00 00000087   jeq 87 0035 (false 0017)
 0017: 15 1d 00 00000095   jeq 95 0035 (false 0018)
 0018: 15 1c 00 0000007c   jeq 7c 0035 (false 0019)
 0019: 15 1b 00 00000157   jeq 157 0035 (false 001a)
 001a: 15 1a 00 000000fd   jeq fd 0035 (false 001b)
 001b: 15 19 00 00000150   jeq 150 0035 (false 001c)
 001c: 15 18 00 00000152   jeq 152 0035 (false 001d)
 001d: 15 17 00 0000015d   jeq 15d 0035 (false 001e)
 001e: 15 16 00 0000011e   jeq 11e 0035 (false 001f)
 001f: 15 15 00 0000011f   jeq 11f 0035 (false 0020)
 0020: 15 14 00 00000120   jeq 120 0035 (false 0021)
 0021: 15 13 00 00000056   jeq 56 0035 (false 0022)
 0022: 15 12 00 00000033   jeq 33 0035 (false 0023)
 0023: 15 11 00 0000007b   jeq 7b 0035 (false 0024)
 0024: 15 10 00 000000d9   jeq d9 0035 (false 0025)
 0025: 15 0f 00 000000f5   jeq f5 0035 (false 0026)
 0026: 15 0e 00 000000f6   jeq f6 0035 (false 0027)
 0027: 15 0d 00 000000f7   jeq f7 0035 (false 0028)
 0028: 15 0c 00 000000f8   jeq f8 0035 (false 0029)
 0029: 15 0b 00 000000f9   jeq f9 0035 (false 002a)
 002a: 15 0a 00 00000101   jeq 101 0035 (false 002b)
 002b: 15 09 00 00000112   jeq 112 0035 (false 002c)
 002c: 15 08 00 00000114   jeq 114 0035 (false 002d)
 002d: 15 07 00 00000126   jeq 126 0035 (false 002e)
 002e: 15 06 00 0000013d   jeq 13d 0035 (false 002f)
 002f: 15 05 00 0000013c   jeq 13c 0035 (false 0030)
 0030: 15 04 00 0000003d   jeq 3d 0035 (false 0031)
 0031: 15 03 00 00000058   jeq 58 0035 (false 0032)
 0032: 15 02 00 000000a9   jeq a9 0035 (false 0033)
 0033: 15 01 00 00000082   jeq 82 0035 (false 0034)
 0034: 06 00 00 7fff0000   ret ALLOW
 0035: 06 00 00 00050001   ret ERRNO(1)
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 35 01 00 40000000   jge X32_ABI 0006 (false 0005)
 0005: 35 01 00 00000000   jge read 0007 (false 0006)
 0006: 06 00 00 00050001   ret ERRNO(1)
 0007: 15 47 00 0000009f   jeq adjtimex 004f (false 0008)
 0008: 15 46 00 00000131   jeq clock_adjtime 004f (false 0009)
 0009: 15 45 00 000000e3   jeq clock_settime 004f (false 000a)
 000a: 15 44 00 000000a4   jeq settimeofday 004f (false 000b)
 000b: 15 43 00 0000009a   jeq modify_ldt 004f (false 000c)
 000c: 15 42 00 000000d4   jeq lookup_dcookie 004f (false 000d)
 000d: 15 41 00 0000012a   jeq perf_event_open 004f (false 000e)
 000e: 15 40 00 000001b6   jeq pidfd_getfd 004f (false 000f)
 000f: 15 3f 00 00000137   jeq process_vm_writev 004f (false 0010)
 0010: 15 3e 00 000000b0   jeq delete_module 004f (false 0011)
 0011: 15 3d 00 00000139   jeq finit_module 004f (false 0012)
 0012: 15 3c 00 000000af   jeq init_module 004f (false 0013)
 0013: 15 3b 00 000000a1   jeq chroot 004f (false 0014)
 0014: 15 3a 00 000001af   jeq fsconfig 004f (false 0015)
 0015: 15 39 00 000001b0   jeq fsmount 004f (false 0016)
 0016: 15 38 00 000001ae   jeq fsopen 004f (false 0017)
 0017: 15 37 00 000001b1   jeq fspick 004f (false 0018)
 0018: 15 36 00 000000a5   jeq mount 004f (false 0019)
 0019: 15 35 00 000001ad   jeq move_mount 004f (false 001a)
 001a: 15 34 00 000001ac   jeq open_tree 004f (false 001b)
 001b: 15 33 00 0000009b   jeq pivot_root 004f (false 001c)
 001c: 15 32 00 000000a6   jeq umount2 004f (false 001d)
 001d: 15 31 00 0000009c   jeq _sysctl 004f (false 001e)
 001e: 15 30 00 000000b7   jeq afs_syscall 004f (false 001f)
 001f: 15 2f 00 000000ae   jeq create_module 004f (false 0020)
 0020: 15 2e 00 000000b1   jeq get_kernel_syms 004f (false 0021)
 0021: 15 2d 00 000000b5   jeq getpmsg 004f (false 0022)
 0022: 15 2c 00 000000b6   jeq putpmsg 004f (false 0023)
 0023: 15 2b 00 000000b2   jeq query_module 004f (false 0024)
 0024: 15 2a 00 000000b9   jeq security 004f (false 0025)
 0025: 15 29 00 0000008b   jeq sysfs 004f (false 0026)
 0026: 15 28 00 000000b8   jeq tuxcall 004f (false 0027)
 0027: 15 27 00 00000086   jeq uselib 004f (false 0028)
 0028: 15 26 00 00000088   jeq ustat 004f (false 0029)
 0029: 15 25 00 000000ec   jeq vserver 004f (false 002a)
 002a: 15 24 00 000000ad   jeq ioperm 004f (false 002b)
 002b: 15 23 00 000000ac   jeq iopl 004f (false 002c)
 002c: 15 22 00 000000f6   jeq kexec_load 004f (false 002d)
 002d: 15 21 00 00000140   jeq kexec_file_load 004f (false 002e)
 002e: 15 20 00 000000a9   jeq reboot 004f (false 002f)
 002f: 15 1f 00 000000a7   jeq swapon 004f (false 0030)
 0030: 15 1e 00 000000a8   jeq swapoff 004f (false 0031)
 0031: 15 1d 00 00000130   jeq open_by_handle_at 004f (false 0032)
 0032: 15 1c 00 0000012f   jeq name_to_handle_at 004f (false 0033)
 0033: 15 1b 00 000000fb   jeq ioprio_set 004f (false 0034)
 0034: 15 1a 00 00000067   jeq syslog 004f (false 0035)
 0035: 15 19 00 0000012c   jeq fanotify_init 004f (false 0036)
 0036: 15 18 00 000000f8   jeq add_key 004f (false 0037)
 0037: 15 17 00 000000f9   jeq request_key 004f (false 0038)
 0038: 15 16 00 000000ed   jeq mbind 004f (false 0039)
 0039: 15 15 00 00000100   jeq migrate_pages 004f (false 003a)
 003a: 15 14 00 00000117   jeq move_pages 004f (false 003b)
 003b: 15 13 00 000000fa   jeq keyctl 004f (false 003c)
 003c: 15 12 00 000000ce   jeq io_setup 004f (false 003d)
 003d: 15 11 00 000000cf   jeq io_destroy 004f (false 003e)
 003e: 15 10 00 000000d0   jeq io_getevents 004f (false 003f)
 003f: 15 0f 00 000000d1   jeq io_submit 004f (false 0040)
 0040: 15 0e 00 000000d2   jeq io_cancel 004f (false 0041)
 0041: 15 0d 00 000000d8   jeq remap_file_pages 004f (false 0042)
 0042: 15 0c 00 000000ee   jeq set_mempolicy 004f (false 0043)
 0043: 15 0b 00 00000116   jeq vmsplice 004f (false 0044)
 0044: 15 0a 00 00000143   jeq userfaultfd 004f (false 0045)
 0045: 15 09 00 000000a3   jeq acct 004f (false 0046)
 0046: 15 08 00 00000141   jeq bpf 004f (false 0047)
 0047: 15 07 00 000000b4   jeq nfsservctl 004f (false 0048)
 0048: 15 06 00 000000ab   jeq setdomainname 004f (false 0049)
 0049: 15 05 00 000000aa   jeq sethostname 004f (false 004a)
 004a: 15 04 00 00000099   jeq vhangup 004f (false 004b)
 004b: 15 03 00 00000065   jeq ptrace 004f (false 004c)
 004c: 15 02 00 00000087   jeq personality 004f (false 004d)
 004d: 15 01 00 00000136   jeq process_vm_readv 004f (false 004e)
 004e: 06 00 00 7fff0000   ret ALLOW
 004f: 06 00 01 00050001   ret ERRNO(1)
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 35 01 00 40000000   jge X32_ABI 0006 (false 0005)
 0005: 35 01 00 00000000   jge read 0007 (false 0006)
 0006: 06 00 00 00050001   ret ERRNO(1)
 0007: 15 00 05 00000009   jeq mmap 0008 (false 000d)
 0008: 20 00 00 00000020   ld  data.args[10]
 0009: 54 00 00 00000006   and 00000006
 000a: 15 00 01 00000006   jeq 6 000b (false 000c)
 000b: 06 00 00 00050001   ret ERRNO(1)
 000c: 06 00 00 7fff0000   ret ALLOW
 000d: 15 00 05 0000000a   jeq a 000e (false 0013)
 000e: 20 00 00 00000020   ld  data.args[10]
 000f: 54 00 00 00000004   and 00000004
 0010: 15 00 01 00000004   jeq 4 0011 (false 0012)
 0011: 06 00 00 00050001   ret ERRNO(1)
 0012: 06 00 00 7fff0000   ret ALLOW
 0013: 15 00 05 00000149   jeq 149 0014 (false 0019)
 0014: 20 00 00 00000020   ld  data.args[10]
 0015: 54 00 00 00000004   and 00000004
 0016: 15 00 01 00000004   jeq 4 0017 (false 0018)
 0017: 06 00 00 00050001   ret ERRNO(1)
 0018: 06 00 00 7fff0000   ret ALLOW
 0019: 15 00 05 0000001e   jeq 1e 001a (false 001f)
 001a: 20 00 00 00000020   ld  data.args[10]
 001b: 54 00 00 00008000   and 00008000
 001c: 15 00 01 00008000   jeq 8000 001d (false 001e)
 001d: 06 00 00 00050001   ret ERRNO(1)
 001e: 06 00 00 7fff0000   ret ALLOW
 001f: 15 00 01 0000013f   jeq 13f 0020 (false 0021)
 0020: 06 00 00 00050001   ret ERRNO(1)
 0021: 06 00 00 7fff0000   ret ALLOW
 0022: 06 00 00 7fff0000   ret ALLOW
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 40000003   jeq ARCH_32 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 15 00 01 0000005a   jeq 5a 0005 (false 0006)
 0005: 06 00 00 00050001   ret ERRNO(1)
 0006: 15 00 05 000000c0   jeq c0 0007 (false 000c)
 0007: 20 00 00 00000020   ld  data.args[10]
 0008: 54 00 00 00000006   and 00000006
 0009: 15 00 01 00000006   jeq 6 000a (false 000b)
 000a: 06 00 00 00050001   ret ERRNO(1)
 000b: 06 00 00 7fff0000   ret ALLOW
 000c: 15 00 05 0000007d   jeq 7d 000d (false 0012)
 000d: 20 00 00 00000020   ld  data.args[10]
 000e: 54 00 00 00000004   and 00000004
 000f: 15 00 01 00000004   jeq 4 0010 (false 0011)
 0010: 06 00 00 00050001   ret ERRNO(1)
 0011: 06 00 00 7fff0000   ret ALLOW
 0012: 15 00 05 0000017c   jeq 17c 0013 (false 0018)
 0013: 20 00 00 00000020   ld  data.args[10]
 0014: 54 00 00 00000004   and 00000004
 0015: 15 00 01 00000004   jeq 4 0016 (false 0017)
 0016: 06 00 00 00050001   ret ERRNO(1)
 0017: 06 00 00 7fff0000   ret ALLOW
 0018: 15 00 05 0000018d   jeq 18d 0019 (false 001e)
 0019: 20 00 00 00000020   ld  data.args[10]
 001a: 54 00 00 00008000   and 00008000
 001b: 15 00 01 00008000   jeq 8000 001c (false 001d)
 001c: 06 00 00 00050001   ret ERRNO(1)
 001d: 06 00 00 7fff0000   ret ALLOW
 001e: 15 00 01 00000164   jeq 164 001f (false 0020)
 001f: 06 00 00 00050001   ret ERRNO(1)
 0020: 06 00 00 7fff0000   ret ALLOW
 0021: 06 00 00 7fff0000   ret ALLOW
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 35 01 00 40000000   jge X32_ABI 0006 (false 0005)
 0005: 35 01 00 00000000   jge read 0007 (false 0006)
 0006: 06 00 00 00050001   ret ERRNO(1)
 0007: 15 00 04 00000038   jeq clone 0008 (false 000c)
 0008: 20 00 00 00000010   ld  data.args[0]
 0009: 45 00 01 7e020000   jset 7e020000 000a (false 000b)
 000a: 06 00 00 00050001   ret ERRNO(1)
 000b: 06 00 00 7fff0000   ret ALLOW
 000c: 15 00 01 000001b3   jeq 1b3 000d (false 000e)
 000d: 06 00 00 00050026   ret ERRNO(38)
 000e: 15 00 04 00000110   jeq 110 000f (false 0013)
 000f: 20 00 00 00000010   ld  data.args[0]
 0010: 45 00 01 7e020080   jset 7e020080 0011 (false 0012)
 0011: 06 00 00 00050001   ret ERRNO(1)
 0012: 06 00 00 7fff0000   ret ALLOW
 0013: 15 00 04 00000134   jeq 134 0014 (false 0018)
 0014: 20 00 00 00000018   ld  data.args[8]
 0015: 15 01 00 00000000   jeq 0 0017 (false 0016)
 0016: 45 00 01 7e020080   jset 7e020080 0017 (false 0018)
 0017: 06 00 00 00050001   ret ERRNO(1)
 0018: 06 00 00 7fff0000   ret ALLOW
 0019: 06 00 00 7fff0000   ret ALLOW
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 40000003   jeq ARCH_32 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 15 00 04 00000078   jeq 78 0005 (false 0009)
 0005: 20 00 00 00000010   ld  data.args[0]
 0006: 45 00 01 7e020000   jset 7e020000 0007 (false 0008)
 0007: 06 00 00 00050001   ret ERRNO(1)
 0008: 06 00 00 7fff0000   ret ALLOW
 0009: 15 00 01 000001b3   jeq 1b3 000a (false 000b)
 000a: 06 00 00 00050026   ret ERRNO(38)
 000b: 15 00 04 00000136   jeq 136 000c (false 0010)
 000c: 20 00 00 00000010   ld  data.args[0]
 000d: 45 00 01 7e020080   jset 7e020080 000e (false 000f)
 000e: 06 00 00 00050001   ret ERRNO(1)
 000f: 06 00 00 7fff0000   ret ALLOW
 0010: 15 00 04 0000015a   jeq 15a 0011 (false 0015)
 0011: 20 00 00 00000018   ld  data.args[8]
 0012: 15 01 00 00000000   jeq 0 0014 (false 0013)
 0013: 45 00 01 7e020080   jset 7e020080 0014 (false 0015)
 0014: 06 00 00 00050001   ret ERRNO(1)
 0015: 06 00 00 7fff0000   ret ALLOW
 0016: 06 00 00 7fff0000   ret ALLOW
lcode/.cache, check owner: yes
2070 1996 0:210 / /home/shellcode/.cache rw,nosuid,nodev,noexec,noatime,nodiratime - tmpfs tmpfs rw,mode=755,uid=1000,gid=1000,inode64
mountid=2070 fsname=/ dir=/home/shellcode/.cache fstype=tmpfs
Disable /sys/fs
Disable /sys/module
disable pulseaudio
blacklist /home/shellcode/.config/pulse
disable pipewire
Current directory: /home/shellcode/dev
Install protocol filter: unix
configuring 19 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol
sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol 
configuring 54 seccomp entries in /run/firejail/mnt/seccomp/seccomp.32
sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp.32 
Dual 32/64 bit seccomp filter configured
configuring 80 seccomp entries in /run/firejail/mnt/seccomp/seccomp
sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp 
seccomp filter configured
Install memory write&execute filter
configuring 35 seccomp entries in /run/firejail/mnt/seccomp/seccomp.mdwx
sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp.mdwx 
configuring 34 seccomp entries in /run/firejail/mnt/seccomp/seccomp.mdwx.32
sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp.mdwx.32 
Build restrict-namespaces filter
sbox run: /run/firejail/lib/fseccomp restrict-namespaces /run/firejail/mnt/seccomp/seccomp.namespaces cgroup,ipc,net,mnt,pid,time,user,uts 
restrict-namespaces filter configured
Build restrict-namespaces filter
sbox run: /run/firejail/lib/fseccomp restrict-namespaces.32 /run/firejail/mnt/seccomp/seccomp.namespaces.32 cgroup,ipc,net,mnt,pid,time,user,uts 
restrict-namespaces filter configured
Install namespaces filter
configuring 26 seccomp entries in /run/firejail/mnt/seccomp/seccomp.namespaces
sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp.namespaces 
configuring 23 seccomp entries in /run/firejail/mnt/seccomp/seccomp.namespaces.32
sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp.namespaces.32 
Mounting read-only /run/firejail/mnt/seccomp
2074 1728 0:149 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755,inode64
mountid=2074 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs
Seccomp directory:
ls /run/firejail/mnt/seccomp
drwxr-xr-x root     root             240 .
drwxr-xr-x root     root             320 ..
-rw-r--r-- shellcod shellcod         640 seccomp
-rw-r--r-- shellcod shellcod         432 seccomp.32
-rw-r--r-- shellcod shellcod         288 seccomp.list
-rw-r--r-- shellcod shellcod         280 seccomp.mdwx
-rw-r--r-- shellcod shellcod         272 seccomp.mdwx.32
-rw-r--r-- shellcod shellcod         208 seccomp.namespaces
-rw-r--r-- shellcod shellcod         184 seccomp.namespaces.32
-rw-r--r-- shellcod shellcod           0 seccomp.postexec
-rw-r--r-- shellcod shellcod           0 seccomp.postexec32
-rw-r--r-- shellcod shellcod         152 seccomp.protocol
Active seccomp files:
cat /run/firejail/mnt/seccomp/seccomp.list
/run/firejail/mnt/seccomp/seccomp.protocol
/run/firejail/mnt/seccomp/seccomp.32
/run/firejail/mnt/seccomp/seccomp
/run/firejail/mnt/seccomp/seccomp.mdwx
/run/firejail/mnt/seccomp/seccomp.mdwx.32
/run/firejail/mnt/seccomp/seccomp.namespaces
/run/firejail/mnt/seccomp/seccomp.namespaces.32
nogroups command not ignored
nogroups command not ignored
Dropping all capabilities
noroot user namespace installed
Dropping all capabilities
NO_NEW_PRIVS set
Drop privileges: pid 1, uid 1000, gid 1000, force_nogroups 0
No supplementary groups
AppArmor enabled
Closing non-standard file descriptors
Child process initialized in 338.37 ms
Starting application
LD_PRELOAD=(null)
execvp argument 0: /usr/bin/man
execvp argument 1: sendfile

sendfile(2)                                                                         System Calls Manual                                                                        sendfile(2)

NAME
       sendfile - transfer data between file descriptors

LIBRARY
       Standard C library (libc, -lc)

SYNOPSIS
       #include <sys/sendfile.h>

       ssize_t sendfile(int out_fd, int in_fd, off_t *_Nullable offset,
                        size_t count);

DESCRIPTION
       sendfile()  copies  data between one file descriptor and another.  Because this copying is done within the kernel, sendfile() is more efficient than the combination of read(2) and
       write(2), which would require transferring data to and from user space.

       in_fd should be a file descriptor opened for reading and out_fd should be a descriptor opened for writing.

       If offset is not NULL, then it points to a variable holding the file offset from which sendfile() will start reading data from in_fd.  When sendfile() returns, this variable  will
       be set to the offset of the byte following the last byte that was read.  If offset is not NULL, then sendfile() does not modify the file offset of in_fd; otherwise the file offset
       is adjusted to reflect the number of bytes read from in_fd.

       If offset is NULL, then data will be read from in_fd starting at the file offset, and the file offset will be updated by the call.

       count is the number of bytes to copy between the file descriptors.

       The in_fd argument must correspond to a file which supports mmap(2)-like operations (i.e., it cannot be a socket).

       Before Linux 2.6.33, out_fd must refer to a socket.  Since Linux 2.6.33 it can be any file.  If it is a regular file, then sendfile() changes the file offset appropriately.

RETURN VALUE
       If  the  transfer  was  successful,  the number of bytes written to out_fd is returned.  Note that a successful call to sendfile() may write fewer bytes than requested; the caller
       should be prepared to retry the call if there were unsent bytes.  See also NOTES.

       On error, -1 is returned, and errno is set to indicate the error.

ERRORS
       EAGAIN Nonblocking I/O has been selected using O_NONBLOCK and the write would block.

       EBADF  The input file was not opened for reading or the output file was not opened for writing.

       EFAULT Bad address.

       EINVAL Descriptor is not valid or locked, or an mmap(2)-like operation is not available for in_fd, or count is negative.

       EINVAL out_fd has the O_APPEND flag set.  This is not currently supported by sendfile().

       EIO    Unspecified error while reading from in_fd.

       ENOMEM Insufficient memory to read from in_fd.

       EOVERFLOW
              count is too large, the operation would result in exceeding the maximum size of either the input file or the output file.

       ESPIPE offset is not NULL but the input file is not seekable.

VERSIONS
       Other UNIX systems implement sendfile() with different semantics and prototypes.  It should not be used in portable programs.

STANDARDS
       None.

HISTORY
       Linux 2.2, glibc 2.1.

       In Linux 2.4 and earlier, out_fd could also refer to a regular file; this possibility went away in the Linux 2.6.x kernel series, but was restored in Linux 2.6.33.

       The original Linux sendfile() system call was not designed to handle large file offsets.  Consequently, Linux 2.4 added sendfile64(), with a wider type for  the  offset  argument.
       The glibc sendfile() wrapper function transparently deals with the kernel differences.

NOTES
       sendfile() will transfer at most 0x7ffff000 (2,147,479,552) bytes, returning the number of bytes actually transferred.  (This is true on both 32-bit and 64-bit systems.)

       If  you  plan  to use sendfile() for sending files to a TCP socket, but need to send some header data in front of the file contents, you will find it useful to employ the TCP_CORK
       option, described in tcp(7), to minimize the number of packets and to tune performance.

       Applications may wish to fall back to read(2) and write(2) in the case where sendfile() fails with EINVAL or ENOSYS.

       If out_fd refers to a socket or pipe with zero-copy support, callers must ensure the transferred portions of the file referred to by in_fd remain unmodified until  the  reader  on
       the other end of out_fd has consumed the transferred data.

       The Linux-specific splice(2) call supports transferring data between arbitrary file descriptors provided one (or both) of them is a pipe.

SEE ALSO
       copy_file_range(2), mmap(2), open(2), socket(2), splice(2)

Linux man-pages 6.05.01                                                                 2023-07-15                                                                             sendfile(2)

Parent is shutting down, bye...
<!-- gh-comment-id:1834129664 --> @ShellCode33 commented on GitHub (Nov 30, 2023): Still no luck, the error is different and doesn't give much information unfortunately: ``` /usr/bin/man: command exited with status 1: sed -e '/^[[:space:]]*$/{ N; /^[[:space:]]*\n[[:space:]]*$/D; }' | LESS=-ix8RmPm Manual page sendfile(2) ?ltline %lt?L/%L.:byte %bB?s/%s..?e (END):?pB %pB\%.. (press h for help or q to quit)$PM Manual page sendfile(2) ?ltline %lt?L/%L.:byte %bB?s/%s..?e (END):?pB %pB\%.. (press h for help or q to quit)$ MAN_PN=sendfile(2) nvim +Man! ``` Here's what my `man.local` looks like: ``` private-bin apropos,bash,cat,catman,col,gpreconv,groff,grotty,gunzip,gzip,less,man,most,nroff,preconv,sed,sh,tbl,tr,troff,whatis,which,xtotroff,zcat,zsoelim,nvim include allow-lua.inc noblacklist ${HOME}/.cache/nvim noblacklist ${HOME}/.config/nvim noblacklist ${HOME}/.dotfiles/.config/nvim noblacklist ${HOME}/.local/share/nvim noblacklist ${HOME}/.local/state/nvim whitelist /usr/share/nvim ``` Is there a way to know exactly what is being denied ? I tried to use something like: ``` MANPAGER='nvim +Man!' firejail --allow-debuggers --profile=man strace /usr/bin/man sendfile ``` With no luck. Here's the output of `MANPAGER='nvim +Man!' firejail --debug /usr/bin/man sendfile` : <details> <summary>Log</summary> ``` Reading profile /etc/firejail/man.profile Building quoted command line: '/usr/bin/man' 'sendfile' Command name #man# Found man.profile profile in /etc/firejail directory Reading profile /etc/firejail/man.local Found man.local profile in /etc/firejail directory Reading profile /etc/firejail/allow-lua.inc Found allow-lua.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-common.inc Found disable-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-devel.inc Found disable-devel.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-exec.inc Found disable-exec.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-interpreters.inc Found disable-interpreters.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-programs.inc Found disable-programs.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-xdg.inc Found disable-xdg.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-runuser-common.inc Found whitelist-runuser-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-usr-share-common.inc Found whitelist-usr-share-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-var-common.inc Found whitelist-var-common.inc profile in /etc/firejail directory [profile] combined protocol list: "unix" DISPLAY is not set Parent pid 122090, child pid 122091 Enabling IPC namespace Enabling IPC namespace Initializing child process PID namespace installed Mounting tmpfs on /run/firejail/mnt directory Creating empty /run/firejail/mnt/seccomp directory Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file Creating empty /run/firejail/mnt/seccomp/seccomp.namespaces file Creating empty /run/firejail/mnt/seccomp/seccomp.namespaces.32 file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file sbox run: /run/firejail/lib/fnet ifup lo Network namespace enabled, only loopback interface available Build protocol filter: unix sbox run: /run/firejail/lib/fseccomp protocol build unix /run/firejail/mnt/seccomp/seccomp.protocol Mounting /proc filesystem representing the PID namespace Basic read-only filesystem: Mounting read-only /etc 1731 1204 0:26 /@/etc /etc ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@ mountid=1731 fsname=/@/etc dir=/etc fstype=btrfs Mounting noexec /etc 1732 1731 0:26 /@/etc /etc ro,nosuid,nodev,noexec,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@ mountid=1732 fsname=/@/etc dir=/etc fstype=btrfs Mounting read-only /var 1738 1733 0:26 /@var-log /var/log rw,noatime,nodiratime master:60 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=661,subvol=/@var-log mountid=1738 fsname=/@var-log dir=/var/log fstype=btrfs Mounting read-only /var/cache/pacman/pkg 1739 1734 0:26 /@cache-pacman-pkgs /var/cache/pacman/pkg ro,noatime,nodiratime master:50 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=665,subvol=/@cache-pacman-pkgs mountid=1739 fsname=/@cache-pacman-pkgs dir=/var/cache/pacman/pkg fstype=btrfs Mounting read-only /var/lib/docker 1740 1735 0:26 /@docker /var/lib/docker ro,noatime,nodiratime master:52 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=664,subvol=/@docker mountid=1740 fsname=/@docker dir=/var/lib/docker fstype=btrfs Mounting read-only /var/lib/libvirt 1741 1736 0:26 /@libvirt /var/lib/libvirt ro,noatime,nodiratime master:54 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=663,subvol=/@libvirt mountid=1741 fsname=/@libvirt dir=/var/lib/libvirt fstype=btrfs Mounting read-only /var/tmp 1742 1737 0:26 /@var-tmp /var/tmp ro,noatime,nodiratime master:58 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=662,subvol=/@var-tmp mountid=1742 fsname=/@var-tmp dir=/var/tmp fstype=btrfs Mounting read-only /var/log 1743 1738 0:26 /@var-log /var/log ro,noatime,nodiratime master:60 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=661,subvol=/@var-log mountid=1743 fsname=/@var-log dir=/var/log fstype=btrfs Mounting noexec /var 1754 1753 0:26 /@var-log /var/log ro,noatime,nodiratime master:60 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=661,subvol=/@var-log mountid=1754 fsname=/@var-log dir=/var/log fstype=btrfs Mounting noexec /var/cache/pacman/pkg 1755 1746 0:26 /@cache-pacman-pkgs /var/cache/pacman/pkg ro,nosuid,nodev,noexec,noatime,nodiratime master:50 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=665,subvol=/@cache-pacman-pkgs mountid=1755 fsname=/@cache-pacman-pkgs dir=/var/cache/pacman/pkg fstype=btrfs Mounting noexec /var/lib/docker 1756 1748 0:26 /@docker /var/lib/docker ro,nosuid,nodev,noexec,noatime,nodiratime master:52 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=664,subvol=/@docker mountid=1756 fsname=/@docker dir=/var/lib/docker fstype=btrfs Mounting noexec /var/lib/libvirt 1757 1750 0:26 /@libvirt /var/lib/libvirt ro,nosuid,nodev,noexec,noatime,nodiratime master:54 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=663,subvol=/@libvirt mountid=1757 fsname=/@libvirt dir=/var/lib/libvirt fstype=btrfs Mounting noexec /var/tmp 1758 1752 0:26 /@var-tmp /var/tmp ro,nosuid,nodev,noexecWarning: file gpreconv not found ,noatime,nodiratime master:58 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=662,subvol=/@var-tmp mountid=1758 fsname=/@var-tmp dir=/var/tmp fstype=btrfs Mounting noexec /var/log 1759 1754 0:26 /@var-log /var/log ro,nosuid,nodev,noexec,noatime,nodiratime master:60 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=661,subvol=/@var-log mountid=1759 fsname=/@var-log dir=/var/log fstype=btrfs Mounting read-only /usr 1760 1204 0:26 /@/usr /usr ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@ mountid=1760 fsname=/@/usr dir=/usr fstype=btrfs Mounting tmpfs on /var/lock Mounting tmpfs on /var/tmp Mounting tmpfs on /var/log Create the new utmp file Mount the new utmp file Generating a new machine-id installing a new /etc/machine-id Cleaning /home directory Cleaning /run/user directory Sanitizing /etc/passwd, UID_MIN 1000 Sanitizing /etc/group, GID_MIN 1000 Disable /run/firejail/sandbox Disable /run/firejail/network Disable /run/firejail/bandwidth Disable /run/firejail/name Disable /run/firejail/profile Disable /run/firejail/x11 Mounting tmpfs on /dev Process /dev/shm directory Copying files in the new bin directory Checking /usr/local/bin/apropos Checking /usr/bin/apropos sbox run: /run/firejail/lib/fcopy /usr/bin/whatis /run/firejail/mnt/bin sbox run: /run/firejail/lib/fcopy /usr/bin/apropos /run/firejail/mnt/bin Checking /usr/local/bin/bash Checking /usr/bin/bash sbox run: /run/firejail/lib/fcopy /usr/bin/bash /run/firejail/mnt/bin Checking /usr/local/bin/cat Checking /usr/bin/cat sbox run: /run/firejail/lib/fcopy /usr/bin/cat /run/firejail/mnt/bin Checking /usr/local/bin/catman Checking /usr/bin/catman sbox run: /run/firejail/lib/fcopy /usr/bin/catman /run/firejail/mnt/bin Checking /usr/local/bin/col Checking /usr/bin/col sbox run: /run/firejail/lib/fcopy /usr/bin/col /run/firejail/mnt/bin Checking /usr/local/bin/gpreconv Checking /usr/bin/gpreconv Checking /bin/gpreconv Checking /usr/games/gpreconv Checking /usr/local/games/gpreconv Checking /usr/local/sbin/gpreconv Checking /usr/sbin/gpreconv Checking /sbin/gpreconv Checking /usr/local/bin/groff Checking /usr/bin/groff sbox run: /run/firejail/lib/fcopy /usr/bin/groff /run/firejail/mnt/bin Checking /usr/local/bin/grotty Checking /usr/bin/grotty sbox run: /run/firejail/lib/fcopy /usr/bin/grotty /run/firejail/mnt/bin Checking /usr/local/bin/gunzip Checking /usr/bin/gunzip sbox run: /run/firejail/lib/fcopy /usr/bin/gunzip /run/firejail/mnt/bin Checking /usr/local/bin/gzip Checking /usr/bin/gzip sbox run: /run/firejail/lib/fcopy /usr/bin/gzip /run/firejail/mnt/bin Checking /usr/local/bin/less Checking /usr/bin/less sbox run: /run/firejail/lib/fcopy /usr/bin/less /run/firejail/mnt/bin Checking /usr/local/bin/man Checking /usr/bin/man sbox run: /run/firejail/lib/fcopy /usr/bin/man /run/firejail/mnt/bin Checking /usr/local/bin/most Checking /usr/bin/most sbox run: /run/firejail/lib/fcopy /usr/bin/most /run/firejail/mnt/bin Checking /usr/local/bin/nroff Checking /usr/bin/nroff sbox run: /run/firejail/lib/fcopy /usr/bin/nroff /run/firejail/mnt/bin Checking /usr/local/bin/preconv Checking /usr/bin/preconv sbox run: /run/firejail/lib/fcopy /usr/bin/preconv /run/firejail/mnt/bin Checking /usr/local/bin/sed Checking /usr/bin/sed sbox run: /run/firejail/lib/fcopy /usr/bin/sed /run/firejail/mnt/bin Checking /usr/local/bin/sh Checking /usr/bin/sh sbox run: /run/firejail/lib/fcopy /usr/bin/dash /run/firejail/mnt/bin sbox run: /run/firejail/lib/fcopy /usr/bin/sh /run/firejail/mnt/bin Checking /usr/local/bin/tbl Checking /usr/bin/tbl sbox run: /run/firejail/lib/fcopy /usr/bin/tbl /run/firejail/mnt/bin Checking /usr/local/bin/tr Checking /usr/bin/tr sbox run: /run/firejail/lib/fcopy /usr/bin/tr /run/firejail/mnt/bin Checking /usr/local/bin/troff Checking /usr/bin/troff sbox run: /run/firejail/lib/fcopy /usr/bin/troff /run/firejail/mnt/bin Checking /usr/local/bin/whatis Checking /usr/bin/whatis sbox run: /run/firejail/lib/fcopy /usr/bin/whatis /run29 programs installed in 93.30 ms /firejail/mnt/bin Checking /usr/local/bin/which Checking /usr/bin/which sbox run: /run/firejail/lib/fcopy /usr/bin/which /run/firejail/mnt/bin Checking /usr/local/bin/xtotroff Checking /usr/bin/xtotroff sbox run: /run/firejail/lib/fcopy /usr/bin/xtotroff /run/firejail/mnt/bin Checking /usr/local/bin/zcat Checking /usr/bin/zcat sbox run: /run/firejail/lib/fcopy /usr/bin/zcat /run/firejail/mnt/bin Checking /usr/local/bin/zsoelim Checking /usr/bin/zsoelim sbox run: /run/firejail/lib/fcopy /usr/bin/soelim /run/firejail/mnt/bin sbox run: /run/firejail/lib/fcopy /usr/bin/zsoelim /run/firejail/mnt/bin Checking /usr/local/bin/nvim Checking /usr/bin/nvim sbox run: /run/firejail/lib/fcopy /usr/bin/nvim /run/firejail/mnt/bin Checking /usr/local/bin/strace Checking /usr/bin/strace sbox run: /run/firejail/lib/fcopy /usr/bin/strace /run/firejail/mnt/bin Mount-bind /run/firejail/mnt/bin on top of /usr/local/bin Mount-bind /run/firejail/mnt/bin on top of /usr/bin Mount-bind /run/firejail/mnt/bin on top of /bin Mount-bind /run/firejail/mnt/bin on top of /usr/local/games Mount-bind /run/firejail/mnt/bin on top of /usr/local/sbin Mount-bind /run/firejail/mnt/bin on top of /usr/sbin Mount-bind /run/firejail/mnt/bin on top of /sbin Warning: file /etc/alternatives not found. Warning: skipping alternatives for private /etc Warning: file /etc/groff not found. Warning: skipping groff for private /etc Warning: file /etc/ld.so.preload not found. Warning: skipping ld.so.preload for private /etc Warning: file /etc/locale not found. Warning: skipping locale for private /etc Warning: file /etc/locale.alias not found. Warning: skipping locale.alias for private /etc Warning: file /etc/manpath.config not found. Warning: skipping manpath.config for private /etc Warning: file /etc/selinux not found. Warning: skipping selinux for private /etc Warning: file /etc/sysless not found. Warning: skipping sysless for private /etc Private /etc installed in 17.42 ms Creating empty /run/firejail/mnt/dbus directory Creating empty /run/firejail/mnt/dbus/user file blacklist /run/user/1000/bus Creating empty /run/firejail/mnt/dbus/system file blacklist /run/dbus/system_bus_socket blacklist /run/firejail/dbus Mounting read-only /proc/sys Remounting /sys directory Disable /sys/firmware Disable /sys/hypervisor Disable /sys/power Disable /proc/sys/fs/binfmt_misc Disable /proc/sys/kernel/core_pattern Disable /proc/sys/kernel/modprobe Disable /proc/sysrq-trigger Disable /proc/sys/vm/panic_on_oom Disable /proc/irq Disable /proc/bus Disable /proc/timer_list Disable /proc/kallsyms Disable /usr/lib/modules (requested /lib/modules) Disable /boot Disable /run/user/1000/gnupg Disable /run/user/1000/systemd Disable /proc/kmsg Disable /mnt Disable /media Disable /run/mount Copying files in the new /etc directory: Copying /etc/fonts to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/fonts /run/firejail/mnt/etc/fonts Copying /etc/group to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/group /run/firejail/mnt/etc Copying /etc/ld.so.cache to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/ld.so.cache /run/firejail/mnt/etc Copying /etc/locale.conf to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/locale.conf /run/firejail/mnt/etc Copying /etc/login.defs to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/login.defs /run/firejail/mnt/etc Copying /etc/man_db.conf to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/man_db.conf /run/firejail/mnt/etc Copying /etc/passwd to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/passwd /run/firejail/mnt/etc Copying /etc/xdg to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/xdg /run/firejail/mnt/etc/xdg Mount-bind /run/firejail/mnt/etc on top of /etc Private /usr/etc installed in 0.01 ms Cannot find /usr/etc: No such file or directory Mount-bind /run/firejail/mnt/usretc on top of /usr/etc Cannot find /usr/etc: No such file or directory Debug 588: whitelist /usr/share/nvim Debug 609: expanded: /usr/share/nvim Debug 620: new_name: /usr/share/nvim Debug 630: dir: /usr/share Adding whitelist top level directory /usr/share Debug 588: whitelist /usr/share/groff Debug 609: expanded: /usr/share/groff Debug 620: new_name: /usr/share/groff Debug 630: dir: /usr/share Debug 588: whitelist /usr/share/info Debug 609: expanded: /usr/share/info Debug 620: new_name: /usr/share/info Debug 630: dir: /usr/share Debug 588: whitelist /usr/share/lintian Debug 609: expanded: /usr/share/lintian Debug 620: new_name: /usr/share/lintian Debug 630: dir: /usr/share Removed path: whitelist /usr/share/lintian new_name: /usr/share/lintian realpath: (null) No such file or directory Debug 588: whitelist /usr/share/man Debug 609: expanded: /usr/share/man Debug 620: new_name: /usr/share/man Debug 630: dir: /usr/share Debug 588: whitelist /var/cache/man Debug 609: expanded: /var/cache/man Debug 620: new_name: /var/cache/man Debug 630: dir: /var Adding whitelist top level directory /var Debug 588: whitelist ${RUNUSER}/bus Debug 609: expanded: /run/user/1000/bus Debug 620: new_name: /run/user/1000/bus Debug 630: dir: /run/user/1000 Adding whitelist top level directory /run/user/1000 Debug 588: whitelist ${RUNUSER}/dconf Debug 609: expanded: /run/user/1000/dconf Debug 620: new_name: /run/user/1000/dconf Debug 630: dir: /run/user/1000 Debug 588: whitelist ${RUNUSER}/gdm/Xauthority Debug 609: expanded: /run/user/1000/gdm/Xauthority Debug 620: new_name: /run/user/1000/gdm/Xauthority Debug 630: dir: /run/user/1000 Removed path: whitelist ${RUNUSER}/gdm/Xauthority new_name: /run/user/1000/gdm/Xauthority realpath: (null) No such file or directory Debug 588: whitelist ${RUNUSER}/ICEauthority Debug 609: expanded: /run/user/1000/ICEauthority Debug 620: new_name: /run/user/1000/ICEauthority Debug 630: dir: /run/user/1000 Removed path: whitelist ${RUNUSER}/ICEauthority new_name: /run/user/1000/ICEauthority realpath: (null) No such file or directory Debug 588: whitelist ${RUNUSER}/.mutter-Xwaylandauth.* Debug 609: expanded: /run/user/1000/.mutter-Xwaylandauth.* Debug 620: new_name: /run/user/1000/.mutter-Xwaylandauth.* Debug 630: dir: /run/user/1000 Removed path: whitelist ${RUNUSER}/.mutter-Xwaylandauth.* new_name: /run/user/1000/.mutter-Xwaylandauth.* realpath: (null) No such file or directory Debug 588: whitelist ${RUNUSER}/pulse/native Debug 609: expanded: /run/user/1000/pulse/native Debug 620: new_name: /run/user/1000/pulse/native Debug 630: dir: /run/user/1000 Debug 588: whitelist ${RUNUSER}/pipewire-? Debug 609: expanded: /run/user/1000/pipewire-? Debug 620: new_name: /run/user/1000/pipewire-? Debug 630: dir: /run/user/1000 Removed path: whitelist ${RUNUSER}/pipewire-? new_name: /run/user/1000/pipewire-? realpath: (null) No such file or directory Adding new profile command: whitelist /run/user/1000/pipewire-0 Debug 588: whitelist ${RUNUSER}/wayland-? Debug 609: expanded: /run/user/1000/wayland-? Debug 620: new_name: /run/user/1000/wayland-? Debug 630: dir: /run/user/1000 Removed path: whitelist ${RUNUSER}/wayland-? new_name: /run/user/1000/wayland-? realpath: (null) No such file or directory Adding new profile command: whitelist /run/user/1000/wayland-1 Debug 588: whitelist ${RUNUSER}/xauth_* Debug 609: expanded: /run/user/1000/xauth_* Debug 620: new_name: /run/user/1000/xauth_* Debug 630: dir: /run/user/1000 Removed path: whitelist ${RUNUSER}/xauth_* new_name: /run/user/1000/xauth_* realpath: (null) No such file or directory Debug 588: whitelist ${RUNUSER}/[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]] Debug 609: expanded: /run/user/1000/[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]] Debug 620: new_name: /run/user/1000/[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]] Debug 630: dir: /run/user/1000 Removed path: whitelist ${RUNUSER}/[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]] new_name: /run/user/1000/[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]] realpath: (null) File name too long Debug 588: whitelist /usr/share/alsa Debug 609: expanded: /usr/share/alsa Debug 620: new_name: /usr/share/alsa Debug 630: dir: /usr/share Debug 588: whitelist /usr/share/applications Debug 609: expanded: /usr/share/applications Debug 620: new_name: /usr/share/applications Debug 630: dir: /usr/share Debug 588: whitelist /usr/share/ca-certificates Debug 609: expanded: /usr/share/ca-certificates Debug 620: new_name: /usr/share/ca-certificates Debug 630: dir: /usr/share Debug 588: whitelist /usr/share/crypto-policies Debug 609: expanded: /usr/share/crypto-policies Debug 620: new_name: /usr/share/crypto-policies Debug 630: dir: /usr/share Removed path: whitelist /usr/share/crypto-policies new_name: /usr/share/crypto-policies realpath: (null) No such file or directory Debug 588: whitelist /usr/share/cursors Debug 609: expanded: /usr/share/cursors Debug 620: new_name: /usr/share/cursors Debug 630: dir: /usr/share Removed path: whitelist /usr/share/cursors new_name: /usr/share/cursors realpath: (null) No such file or directory Debug 588: whitelist /usr/share/dconf Debug 609: expanded: /usr/share/dconf Debug 620: new_name: /usr/share/dconf Debug 630: dir: /usr/share Removed path: whitelist /usr/share/dconf new_name: /usr/share/dconf realpath: (null) No such file or directory Debug 588: whitelist /usr/share/distro-info Debug 609: expanded: /usr/share/distro-info Debug 620: new_name: /usr/share/distro-info Debug 630: dir: /usr/share Removed path: whitelist /usr/share/distro-info new_name: /usr/share/distro-info realpath: (null) No such file or directory Debug 588: whitelist /usr/share/drirc.d Debug 609: expanded: /usr/share/drirc.d Debug 620: new_name: /usr/share/drirc.d Debug 630: dir: /usr/share Debug 588: whitelist /usr/share/egl Debug 609: expanded: /usr/share/egl Debug 620: new_name: /usr/share/egl Debug 630: dir: /usr/share Removed path: whitelist /usr/share/egl new_name: /usr/share/egl realpath: (null) No such file or directory Debug 588: whitelist /usr/share/enchant Debug 609: expanded: /usr/share/enchant Debug 620: new_name: /usr/share/enchant Debug 630: dir: /usr/share Removed path: whitelist /usr/share/enchant new_name: /usr/share/enchant realpath: (null) No such file or directory Debug 588: whitelist /usr/share/enchant-2 Debug 609: expanded: /usr/share/enchant-2 Debug 620: new_name: /usr/share/enchant-2 Debug 630: dir: /usr/share Removed path: whitelist /usr/share/enchant-2 new_name: /usr/share/enchant-2 realpath: (null) No such file or directory Debug 588: whitelist /usr/share/file Debug 609: expanded: /usr/share/file Debug 620: new_name: /usr/share/file Debug 630: dir: /usr/share Debug 588: whitelist /usr/share/fontconfig Debug 609: expanded: /usr/share/fontconfig Debug 620: new_name: /usr/share/fontconfig Debug 630: dir: /usr/share Debug 588: whitelist /usr/share/fonts Debug 609: expanded: /usr/share/fonts Debug 620: new_name: /usr/share/fonts Debug 630: dir: /usr/share Debug 588: whitelist /usr/share/fonts-config Debug 609: expanded: /usr/share/fonts-config Debug 620: new_name: /usr/share/fonts-config Debug 630: dir: /usr/share Removed path: whitelist /usr/share/fonts-config new_name: /usr/share/fonts-config realpath: (null) No such file or directory Debug 588: whitelist /usr/share/gir-1.0 Debug 609: expanded: /usr/share/gir-1.0 Debug 620: new_name: /usr/share/gir-1.0 Debug 630: dir: /usr/share Debug 588: whitelist /usr/share/gjs-1.0 Debug 609: expanded: /usr/share/gjs-1.0 Debug 620: new_name: /usr/share/gjs-1.0 Debug 630: dir: /usr/share Removed path: whitelist /usr/share/gjs-1.0 new_name: /usr/share/gjs-1.0 realpath: (null) No such file or directory Debug 588: whitelist /usr/share/glib-2.0 Debug 609: expanded: /usr/share/glib-2.0 Debug 620: new_name: /usr/share/glib-2.0 Debug 630: dir: /usr/share Debug 588: whitelist /usr/share/glvnd Debug 609: expanded: /usr/share/glvnd Debug 620: new_name: /usr/share/glvnd Debug 630: dir: /usr/share Debug 588: whitelist /usr/share/gtk-2.0 Debug 609: expanded: /usr/share/gtk-2.0 Debug 620: new_name: /usr/share/gtk-2.0 Debug 630: dir: /usr/share Debug 588: whitelist /usr/share/gtk-3.0 Debug 609: expanded: /usr/share/gtk-3.0 Debug 620: new_name: /usr/share/gtk-3.0 Debug 630: dir: /usr/share Debug 588: whitelist /usr/share/gtk-engines Debug 609: expanded: /usr/share/gtk-engines Debug 620: new_name: /usr/share/gtk-engines Debug 630: dir: /usr/share Removed path: whitelist /usr/share/gtk-engines new_name: /usr/share/gtk-engines realpath: (null) No such file or directory Debug 588: whitelist /usr/share/gtksourceview-3.0 Debug 609: expanded: /usr/share/gtksourceview-3.0 Debug 620: new_name: /usr/share/gtksourceview-3.0 Debug 630: dir: /usr/share Removed path: whitelist /usr/share/gtksourceview-3.0 new_name: /usr/share/gtksourceview-3.0 realpath: (null) No such file or directory Debug 588: whitelist /usr/share/gtksourceview-4 Debug 609: expanded: /usr/share/gtksourceview-4 Debug 620: new_name: /usr/share/gtksourceview-4 Debug 630: dir: /usr/share Debug 588: whitelist /usr/share/hunspell Debug 609: expanded: /usr/share/hunspell Debug 620: new_name: /usr/share/hunspell Debug 630: dir: /usr/share Removed path: whitelist /usr/share/hunspell new_name: /usr/share/hunspell realpath: (null) No such file or directory Debug 588: whitelist /usr/share/hwdata Debug 609: expanded: /usr/share/hwdata Debug 620: new_name: /usr/share/hwdata Debug 630: dir: /usr/share Debug 588: whitelist /usr/share/icons Debug 609: expanded: /usr/share/icons Debug 620: new_name: /usr/share/icons Debug 630: dir: /usr/share Debug 588: whitelist /usr/share/icu Debug 609: expanded: /usr/share/icu Debug 620: new_name: /usr/share/icu Debug 630: dir: /usr/share Debug 588: whitelist /usr/share/knotifications5 Debug 609: expanded: /usr/share/knotifications5 Debug 620: new_name: /usr/share/knotifications5 Debug 630: dir: /usr/share Removed path: whitelist /usr/share/knotifications5 new_name: /usr/share/knotifications5 realpath: (null) No such file or directory Debug 588: whitelist /usr/share/kservices5 Debug 609: expanded: /usr/share/kservices5 Debug 620: new_name: /usr/share/kservices5 Debug 630: dir: /usr/share Removed path: whitelist /usr/share/kservices5 new_name: /usr/share/kservices5 realpath: (null) No such file or directory Debug 588: whitelist /usr/share/Kvantum Debug 609: expanded: /usr/share/Kvantum Debug 620: new_name: /usr/share/Kvantum Debug 630: dir: /usr/share Removed path: whitelist /usr/share/Kvantum new_name: /usr/share/Kvantum realpath: (null) No such file or directory Debug 588: whitelist /usr/share/kxmlgui5 Debug 609: expanded: /usr/share/kxmlgui5 Debug 620: new_name: /usr/share/kxmlgui5 Debug 630: dir: /usr/share Removed path: whitelist /usr/share/kxmlgui5 new_name: /usr/share/kxmlgui5 realpath: (null) No such file or directory Debug 588: whitelist /usr/share/libdrm Debug 609: expanded: /usr/share/libdrm Debug 620: new_name: /usr/share/libdrm Debug 630: dir: /usr/share Debug 588: whitelist /usr/share/libthai Debug 609: expanded: /usr/share/libthai Debug 620: new_name: /usr/share/libthai Debug 630: dir: /usr/share Debug 588: whitelist /usr/share/locale Debug 609: expanded: /usr/share/locale Debug 620: new_name: /usr/share/locale Debug 630: dir: /usr/share Debug 588: whitelist /usr/share/mime Debug 609: expanded: /usr/share/mime Debug 620: new_name: /usr/share/mime Debug 630: dir: /usr/share Debug 588: whitelist /usr/share/misc Debug 609: expanded: /usr/share/misc Debug 620: new_name: /usr/share/misc Debug 630: dir: /usr/share Debug 588: whitelist /usr/share/Modules Debug 609: expanded: /usr/share/Modules Debug 620: new_name: /usr/share/Modules Debug 630: dir: /usr/share Removed path: whitelist /usr/share/Modules new_name: /usr/share/Modules realpath: (null) No such file or directory Debug 588: whitelist /usr/share/myspell Debug 609: expanded: /usr/share/myspell Debug 620: new_name: /usr/share/myspell Debug 630: dir: /usr/share Removed path: whitelist /usr/share/myspell new_name: /usr/share/myspell realpath: (null) No such file or directory Debug 588: whitelist /usr/share/p11-kit Debug 609: expanded: /usr/share/p11-kit Debug 620: new_name: /usr/share/p11-kit Debug 630: dir: /usr/share Debug 588: whitelist /usr/share/perl Debug 609: expanded: /usr/share/perl Debug 620: new_name: /usr/share/perl Debug 630: dir: /usr/share Removed path: whitelist /usr/share/perl new_name: /usr/share/perl realpath: (null) No such file or directory Debug 588: whitelist /usr/share/perl5 Debug 609: expanded: /usr/share/perl5 Debug 620: new_name: /usr/share/perl5 Debug 630: dir: /usr/share Debug 588: whitelist /usr/share/pipewire Debug 609: expanded: /usr/share/pipewire Debug 620: new_name: /usr/share/pipewire Debug 630: dir: /usr/share Debug 588: whitelist /usr/share/pixmaps Debug 609: expanded: /usr/share/pixmaps Debug 620: new_name: /usr/share/pixmaps Debug 630: dir: /usr/share Debug 588: whitelist /usr/share/pki Debug 609: expanded: /usr/share/pki Debug 620: new_name: /usr/share/pki Debug 630: dir: /usr/share Removed path: whitelist /usr/share/pki new_name: /usr/share/pki realpath: (null) No such file or directory Debug 588: whitelist /usr/share/plasma Debug 609: expanded: /usr/share/plasma Debug 620: new_name: /usr/share/plasma Debug 630: dir: /usr/share Removed path: whitelist /usr/share/plasma new_name: /usr/share/plasma realpath: (null) No such file or directory Debug 588: whitelist /usr/share/publicsuffix Debug 609: expanded: /usr/share/publicsuffix Debug 620: new_name: /usr/share/publicsuffix Debug 630: dir: /usr/share Removed path: whitelist /usr/share/publicsuffix new_name: /usr/share/publicsuffix realpath: (null) No such file or directory Debug 588: whitelist /usr/share/qt Debug 609: expanded: /usr/share/qt Debug 620: new_name: /usr/share/qt Debug 630: dir: /usr/share Debug 588: whitelist /usr/share/qt4 Debug 609: expanded: /usr/share/qt4 Debug 620: new_name: /usr/share/qt4 Debug 630: dir: /usr/share Removed path: whitelist /usr/share/qt4 new_name: /usr/share/qt4 realpath: (null) No such file or directory Debug 588: whitelist /usr/share/qt5 Debug 609: expanded: /usr/share/qt5 Debug 620: new_name: /usr/share/qt5 Debug 630: dir: /usr/share Removed path: whitelist /usr/share/qt5 new_name: /usr/share/qt5 realpath: (null) No such file or directory Debug 588: whitelist /usr/share/qt5ct Debug 609: expanded: /usr/share/qt5ct Debug 620: new_name: /usr/share/qt5ct Debug 630: dir: /usr/share Removed path: whitelist /usr/share/qt5ct new_name: /usr/share/qt5ct realpath: (null) No such file or directory Debug 588: whitelist /usr/share/qt6 Debug 609: expanded: /usr/share/qt6 Debug 620: new_name: /usr/share/qt6 Debug 630: dir: /usr/share Debug 588: whitelist /usr/share/qt6ct Debug 609: expanded: /usr/share/qt6ct Debug 620: new_name: /usr/share/qt6ct Debug 630: dir: /usr/share Removed path: whitelist /usr/share/qt6ct new_name: /usr/share/qt6ct realpath: (null) No such file or directory Debug 588: whitelist /usr/share/sounds Debug 609: expanded: /usr/share/sounds Debug 620: new_name: /usr/share/sounds Debug 630: dir: /usr/share Debug 588: whitelist /usr/share/tcl8.6 Debug 609: expanded: /usr/share/tcl8.6 Debug 620: new_name: /usr/share/tcl8.6 Debug 630: dir: /usr/share Removed path: whitelist /usr/share/tcl8.6 new_name: /usr/share/tcl8.6 realpath: (null) No such file or directory Debug 588: whitelist /usr/share/tcltk Debug 609: expanded: /usr/share/tcltk Debug 620: new_name: /usr/share/tcltk Debug 630: dir: /usr/share Removed path: whitelist /usr/share/tcltk new_name: /usr/share/tcltk realpath: (null) No such file or directory Debug 588: whitelist /usr/share/terminfo Debug 609: expanded: /usr/share/terminfo Debug 620: new_name: /usr/share/terminfo Debug 630: dir: /usr/share Debug 588: whitelist /usr/share/texlive Debug 609: expanded: /usr/share/texlive Debug 620: new_name: /usr/share/texlive Debug 630: dir: /usr/share Removed path: whitelist /usr/share/texlive new_name: /usr/share/texlive realpath: (null) No such file or directory Debug 588: whitelist /usr/share/texmf Debug 609: expanded: /usr/share/texmf Debug 620: new_name: /usr/share/texmf Debug 630: dir: /usr/share Removed path: whitelist /usr/share/texmf new_name: /usr/share/texmf realpath: (null) No such file or directory Debug 588: whitelist /usr/share/themes Debug 609: expanded: /usr/share/themes Debug 620: new_name: /usr/share/themes Debug 630: dir: /usr/share Debug 588: whitelist /usr/share/thumbnail.so Debug 609: expanded: /usr/share/thumbnail.so Debug 620: new_name: /usr/share/thumbnail.so Debug 630: dir: /usr/share Removed path: whitelist /usr/share/thumbnail.so new_name: /usr/share/thumbnail.so realpath: (null) No such file or directory Debug 588: whitelist /usr/share/uim Debug 609: expanded: /usr/share/uim Debug 620: new_name: /usr/share/uim Debug 630: dir: /usr/share Removed path: whitelist /usr/share/uim new_name: /usr/share/uim realpath: (null) No such file or directory Debug 588: whitelist /usr/share/vulkan Debug 609: expanded: /usr/share/vulkan Debug 620: new_name: /usr/share/vulkan Debug 630: dir: /usr/share Debug 588: whitelist /usr/share/X11 Debug 609: expanded: /usr/share/X11 Debug 620: new_name: /usr/share/X11 Debug 630: dir: /usr/share Debug 588: whitelist /usr/share/xml Debug 609: expanded: /usr/share/xml Debug 620: new_name: /usr/share/xml Debug 630: dir: /usr/share Debug 588: whitelist /usr/share/zenity Debug 609: expanded: /usr/share/zenity Debug 620: new_name: /usr/share/zenity Debug 630: dir: /usr/share Removed path: whitelist /usr/share/zenity new_name: /usr/share/zenity realpath: (null) No such file or directory Debug 588: whitelist /usr/share/zoneinfo Debug 609: expanded: /usr/share/zoneinfo Debug 620: new_name: /usr/share/zoneinfo Debug 630: dir: /usr/share Debug 588: whitelist /var/lib/aspell Debug 609: expanded: /var/lib/aspell Debug 620: new_name: /var/lib/aspell Debug 630: dir: /var Removed path: whitelist /var/lib/aspell new_name: /var/lib/aspell realpath: (null) No such file or directory Debug 588: whitelist /var/lib/ca-certificates Debug 609: expanded: /var/lib/ca-certificates Debug 620: new_name: /var/lib/ca-certificates Debug 630: dir: /var Removed path: whitelist /var/lib/ca-certificates new_name: /var/lib/ca-certificates realpath: (null) No such file or directory Debug 588: whitelist /var/lib/dbus Debug 609: expanded: /var/lib/dbus Debug 620: new_name: /var/lib/dbus Debug 630: dir: /var Debug 588: whitelist /var/lib/menu-xdg Debug 609: expanded: /var/lib/menu-xdg Debug 620: new_name: /var/lib/menu-xdg Debug 630: dir: /var Removed path: whitelist /var/lib/menu-xdg new_name: /var/lib/menu-xdg realpath: (null) No such file or directory Debug 588: whitelist /var/lib/uim Debug 609: expanded: /var/lib/uim Debug 620: new_name: /var/lib/uim Debug 630: dir: /var Removed path: whitelist /var/lib/uim new_name: /var/lib/uim realpath: (null) No such file or directory Debug 588: whitelist /var/cache/fontconfig Debug 609: expanded: /var/cache/fontconfig Debug 620: new_name: /var/cache/fontconfig Debug 630: dir: /var Debug 588: whitelist /var/tmp Debug 609: expanded: /var/tmp Debug 620: new_name: /var/tmp Debug 630: dir: /var Debug 588: whitelist /var/run Debug 609: expanded: /var/run Debug 620: new_name: /var/run Debug 630: dir: /var Debug 588: whitelist /var/lock Debug 609: expanded: /var/lock Debug 620: new_name: /var/lock Debug 630: dir: /var Debug 588: whitelist /run/user/1000/pipewire-0 Debug 609: expanded: /run/user/1000/pipewire-0 Debug 620: new_name: /run/user/1000/pipewire-0 Debug 630: dir: /run/user/1000 Debug 588: whitelist /run/user/1000/wayland-1 Debug 609: expanded: /run/user/1000/wayland-1 Debug 620: new_name: /run/user/1000/wayland-1 Debug 630: dir: /run/user/1000 Mounting tmpfs on /usr/share, check owner: no 1817 1760 0:207 / /usr/share rw,nosuid,nodev,noatime,nodiratime - tmpfs tmpfs rw,mode=755,inode64 mountid=1817 fsname=/ dir=/usr/share fstype=tmpfs Mounting tmpfs on /var, check owner: no 1818 1744 0:208 / /var rw,nosuid,nodev,noexec,noatime,nodiratime - tmpfs tmpfs rw,mode=755,inode64 mountid=1818 fsname=/ dir=/var fstype=tmpfs Mounting tmpfs on /run/user/1000, check owner: no 1819 1771 0:209 / /run/user/1000 rw,nosuid,nodev,relatime - tmpfs tmpfs rw,mode=700,uid=1000,gid=1000,inode64 mountid=1819 fsname=/ dir=/run/user/1000 fstype=tmpfs Whitelisting /usr/share/nvim 1820 1817 0:26 /@/usr/share/nvim /usr/share/nvim ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@ mountid=1820 fsname=/@/usr/share/nvim dir=/usr/share/nvim fstype=btrfs Whitelisting /usr/share/groff 1821 1817 0:26 /@/usr/share/groff /usr/share/groff ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@ mountid=1821 fsname=/@/usr/share/groff dir=/usr/share/groff fstype=btrfs Whitelisting /usr/share/info 1822 1817 0:26 /@/usr/share/info /usr/share/info ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@ mountid=1822 fsname=/@/usr/share/info dir=/usr/share/info fstype=btrfs Whitelisting /usr/share/man 1823 1817 0:26 /@/usr/share/man /usr/share/man ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@ mountid=1823 fsname=/@/usr/share/man dir=/usr/share/man fstype=btrfs Whitelisting /var/cache/man 1824 1818 0:26 /@var/cache/man /var/cache/man ro,nosuid,nodev,noexec,noatime,nodiratime master:46 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=660,subvol=/@var mountid=1824 fsname=/@var/cache/man dir=/var/cache/man fstype=btrfs Whitelisting /run/user/1000/bus 1825 1819 0:23 /firejail/firejail.ro.file /run/user/1000/bus ro,nosuid,nodev,relatime master:12 - tmpfs run rw,mode=755,inode64 mountid=1825 fsname=/firejail/firejail.ro.file dir=/run/user/1000/bus fstype=tmpfs Whitelisting /run/user/1000/dconf 1826 1819 0:53 /dconf /run/user/1000/dconf rw,nosuid,nodev,relatime master:248 - tmpfs tmpfs rw,size=1211456k,nr_inodes=302864,mode=700,uid=1000,gid=1000,inode64 mountid=1826 fsname=/dconf dir=/run/user/1000/dconf fstype=tmpfs Whitelisting /run/user/1000/pulse/native 1827 1819 0:53 /pulse/native /run/user/1000/pulse/native rw,nosuid,nodev,relatime master:248 - tmpfs tmpfs rw,size=1211456k,nr_inodes=302864,mode=700,uid=1000,gid=1000,inode64 mountid=1827 fsname=/pulse/native dir=/run/user/1000/pulse/native fstype=tmpfs Whitelisting /usr/share/alsa 1828 1817 0:26 /@/usr/share/alsa /usr/share/alsa ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@ mountid=1828 fsname=/@/usr/share/alsa dir=/usr/share/alsa fstype=btrfs Whitelisting /usr/share/applications 1829 1817 0:26 /@/usr/share/applications /usr/share/applications ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@ mountid=1829 fsname=/@/usr/share/applications dir=/usr/share/applications fstype=btrfs Whitelisting /usr/share/ca-certificates 1830 1817 0:26 /@/usr/share/ca-certificates /usr/share/ca-certificates ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@ mountid=1830 fsname=/@/usr/share/ca-certificates dir=/usr/share/ca-certificates fstype=btrfs Whitelisting /usr/share/drirc.d 1831 1817 0:26 /@/usr/share/drirc.d /usr/share/drirc.d ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@ mountid=1831 fsname=/@/usr/share/drirc.d dir=/usr/share/drirc.d fstype=btrfs Whitelisting /usr/share/file 1832 1817 0:26 /@/usr/share/file /usr/share/file ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@ mountid=1832 fsname=/@/usr/share/file dir=/usr/share/file fstype=btrfs Whitelisting /usr/share/fontconfig 1833 1817 0:26 /@/usr/share/fontconfig /usr/share/fontconfig ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@ mountid=1833 fsname=/@/usr/share/fontconfig dir=/usr/share/fontconfig fstype=btrfs Whitelisting /usr/share/fonts 1834 1817 0:26 /@/usr/share/fonts /usr/share/fonts ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@ mountid=1834 fsname=/@/usr/share/fonts dir=/usr/share/fonts fstype=btrfs Whitelisting /usr/share/gir-1.0 1835 1817 0:26 /@/usr/share/gir-1.0 /usr/share/gir-1.0 ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@ mountid=1835 fsname=/@/usr/share/gir-1.0 dir=/usr/share/gir-1.0 fstype=btrfs Whitelisting /usr/share/glib-2.0 1836 1817 0:26 /@/usr/share/glib-2.0 /usr/share/glib-2.0 ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@ mountid=1836 fsname=/@/usr/share/glib-2.0 dir=/usr/share/glib-2.0 fstype=btrfs Whitelisting /usr/share/glvnd 1837 1817 0:26 /@/usr/share/glvnd /usr/share/glvnd ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@ mountid=1837 fsname=/@/usr/share/glvnd dir=/usr/share/glvnd fstype=btrfs Whitelisting /usr/share/gtk-2.0 1838 1817 0:26 /@/usr/share/gtk-2.0 /usr/share/gtk-2.0 ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@ mountid=1838 fsname=/@/usr/share/gtk-2.0 dir=/usr/share/gtk-2.0 fstype=btrfs Whitelisting /usr/share/gtk-3.0 1839 1817 0:26 /@/usr/share/gtk-3.0 /usr/share/gtk-3.0 ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@ mountid=1839 fsname=/@/usr/share/gtk-3.0 dir=/usr/share/gtk-3.0 fstype=btrfs Whitelisting /usr/share/gtksourceview-4 1840 1817 0:26 /@/usr/share/gtksourceview-4 /usr/share/gtksourceview-4 ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@ mountid=1840 fsname=/@/usr/share/gtksourceview-4 dir=/usr/share/gtksourceview-4 fstype=btrfs Whitelisting /usr/share/hwdata 1841 1817 0:26 /@/usr/share/hwdata /usr/share/hwdata ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@ mountid=1841 fsname=/@/usr/share/hwdata dir=/usr/share/hwdata fstype=btrfs Whitelisting /usr/share/icons 1842 1817 0:26 /@/usr/share/icons /usr/share/icons ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@ mountid=1842 fsname=/@/usr/share/icons dir=/usr/share/icons fstype=btrfs Whitelisting /usr/share/icu 1843 1817 0:26 /@/usr/share/icu /usr/share/icu ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@ mountid=1843 fsname=/@/usr/share/icu dir=/usr/share/icu fstype=btrfs Whitelisting /usr/share/libdrm 1844 1817 0:26 /@/usr/share/libdrm /usr/share/libdrm ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@ mountid=1844 fsname=/@/usr/share/libdrm dir=/usr/share/libdrm fstype=btrfs Whitelisting /usr/share/libthai 1845 1817 0:26 /@/usr/share/libthai /usr/share/libthai ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@ mountid=1845 fsname=/@/usr/share/libthai dir=/usr/share/libthai fstype=btrfs Whitelisting /usr/share/locale 1846 1817 0:26 /@/usr/share/locale /usr/share/locale ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@ mountid=1846 fsname=/@/usr/share/locale dir=/usr/share/locale fstype=btrfs Whitelisting /usr/share/mime 1847 1817 0:26 /@/usr/share/mime /usr/share/mime ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@ mountid=1847 fsname=/@/usr/share/mime dir=/usr/share/mime fstype=btrfs Whitelisting /usr/share/misc 1848 1817 0:26 /@/usr/share/misc /usr/share/misc ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@ mountid=1848 fsname=/@/usr/share/misc dir=/usr/share/misc fstype=btrfs Whitelisting /usr/share/p11-kit 1849 1817 0:26 /@/usr/share/p11-kit /usr/share/p11-kit ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@ mountid=1849 fsname=/@/usr/share/p11-kit dir=/usr/share/p11-kit fstype=btrfs Whitelisting /usr/share/perl5 1850 1817 0:26 /@/usr/share/perl5 /usr/share/perl5 ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@ mountid=1850 fsname=/@/usr/share/perl5 dir=/usr/share/perl5 fstype=btrfs Whitelisting /usr/share/pipewire 1851 1817 0:26 /@/usr/share/pipewire /usr/share/pipewire ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@ mountid=1851 fsname=/@/usr/share/pipewire dir=/usr/share/pipewire fstype=btrfs Whitelisting /usr/share/pixmaps 1852 1817 0:26 /@/usr/share/pixmaps /usr/share/pixmaps ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@ mountid=1852 fsname=/@/usr/share/pixmaps dir=/usr/share/pixmaps fstype=btrfs Whitelisting /usr/share/qt 1853 1817 0:26 /@/usr/share/qt /usr/share/qt ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@ mountid=1853 fsname=/@/usr/share/qt dir=/usr/share/qt fstype=btrfs Whitelisting /usr/share/qt6 1854 1817 0:26 /@/usr/share/qt6 /usr/share/qt6 ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@ mountid=1854 fsname=/@/usr/share/qt6 dir=/usr/share/qt6 fstype=btrfs Whitelisting /usr/share/sounds 1855 1817 0:26 /@/usr/share/sounds /usr/share/sounds ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@ mountid=1855 fsname=/@/usr/share/sounds dir=/usr/share/sounds fstype=btrfs Whitelisting /usr/share/terminfo 1856 1817 0:26 /@/usr/share/terminfo /usr/share/terminfo ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@ mountid=1856 fsname=/@/usr/share/terminfo dir=/usr/share/terminfo fstype=btrfs Whitelisting /usr/share/themes 1857 1817 0:26 /@/usr/share/themes /usr/share/themes ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@ mountid=1857 fsname=/@/usr/share/themes dir=/usr/share/themes fstype=btrfs Whitelisting /usr/share/vulkan 1858 1817 0:26 /@/usr/share/vulkan /usr/share/vulkan ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@ mountid=1858 fsname=/@/usr/share/vulkan dir=/usr/share/vulkan fstype=btrfs Whitelisting /usr/share/X11 1859 1817 0:26 /@/usr/share/X11 /usr/share/X11 ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@ mountid=1859 fsname=/@/usr/share/X11 dir=/usr/share/X11 fstype=btrfs Whitelisting /usr/share/xml 1860 1817 0:26 /@/usr/share/xml /usr/share/xml ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@ mountid=1860 fsname=/@/usr/share/xml dir=/usr/share/xml fstype=btrfs Whitelisting /usr/share/zoneinfo 1861 1817 0:26 /@/usr/share/zoneinfo /usr/share/zoneinfo ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@ mountid=1861 fsname=/@/usr/share/zoneinfo dir=/usr/share/zoneinfo fstype=btrfs Whitelisting /var/lib/dbus 1862 1818 0:26 /@var/lib/dbus /var/lib/dbus ro,nosuid,nodev,noexec,noatime,nodiratime master:46 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=660,subvol=/@var mountid=1862 fsname=/@var/lib/dbus dir=/var/lib/dbus fstype=btrfs Whitelisting /var/cache/fontconfig 1863 1818 0:26 /@var/cache/fontconfig /var/cache/fontconfig ro,nosuid,nodev,noexec,noatime,nodiratime master:46 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=660,subvol=/@var mountid=1863 fsname=/@var/cache/fontconfig dir=/var/cache/fontconfig fstype=btrfs Whitelisting /var/tmp 1864 1818 0:199 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw,inode64 mountid=1864 fsname=/ dir=/var/tmp fstype=tmpfs Created symbolic link /var/run -> /run Created symbolic link /var/lock -> /run/lock Whitelisting /run/user/1000/pipewire-0 1865 1819 0:53 /pipewire-0 /run/user/1000/pipewire-0 rw,nosuid,nodev,relatime master:248 - tmpfs tmpfs rw,size=1211456k,nr_inodes=302864,mode=700,uid=1000,gid=1000,inode64 mountid=1865 fsname=/pipewire-0 dir=/run/user/1000/pipewire-0 fstype=tmpfs Whitelisting /run/user/1000/wayland-1 1866 1819 0:53 /wayland-1 /run/user/1000/wayland-1 rw,nosuid,nodev,relatime master:248 - tmpfs tmpfs rw,size=1211456k,nr_inodes=302864,mode=700,uid=1000,gid=1000,inode64 mountid=1866 fsname=/wayland-1 dir=/run/user/1000/wayland-1 fstype=tmpfs Disable /run/user/1000 Not blacklist /home/shellcode/.local/share/nvim Not blacklist /home/shellcode/.local/state/nvim Disable /home/shellcode/.dotfiles/.config/sway (requested /home/shellcode/.config/sway) Disable /etc/xdg/autostart Warning (blacklisting): cannot open /run/user/1000/*.slave-socket: Permission denied Warning (blacklisting): cannot open /run/user/1000/kdeinit5__*: Permission denied Warning (blacklisting): cannot open /run/user/1000/kdesud_*: Permission denied Mounting read-only /home/shellcode/.config/dconf 1870 1769 0:26 /@home/shellcode/.config/dconf /home/shellcode/.config/dconf ro,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home mountid=1870 fsname=/@home/shellcode/.config/dconf dir=/home/shellcode/.config/dconf fstype=btrfs Warning (blacklisting): cannot open /run/user/1000/gnome-session-leader-fifo: Permission denied Warning (blacklisting): cannot open /run/user/1000/gnome-shell: Permission denied Warning (blacklisting): cannot open /run/user/1000/gsconnect: Permission denied Disable /home/shellcode/.config/systemd Disable /home/shellcode/.local/share/systemd Warning (blacklisting): cannot open /run/user/1000/systemd: Permission denied Warning (blacklisting): cannot open /run/user/1000/libvirt: Permission denied Warning (blacklisting): cannot open /run/user/1000/containers: Permission denied Warning (blacklisting): cannot open /run/user/1000/crun: Permission denied Warning (blacklisting): cannot open /run/user/1000/libpod: Permission denied Warning (blacklisting): cannot open /run/user/1000/runc: Permission denied Warning (blacklisting): cannot open /run/user/1000/toolbox: Permission denied Disable /run/docker.sock (requested /var/run/docker.sock) Mounting read-only /home/shellcode/.bash_logout 1874 1769 0:26 /@home/shellcode/.bash_logout /home/shellcode/.bash_logout ro,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home mountid=1874 fsname=/@home/shellcode/.bash_logout dir=/home/shellcode/.bash_logout fstype=btrfs Mounting read-only /home/shellcode/.bash_profile 1875 1769 0:26 /@home/shellcode/.bash_profile /home/shellcode/.bash_profile ro,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home mountid=1875 fsname=/@home/shellcode/.bash_profile dir=/home/shellcode/.bash_profile fstype=btrfs Mounting read-only /home/shellcode/.bashrc 1876 1769 0:26 /@home/shellcode/.bashrc /home/shellcode/.bashrc ro,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home mountid=1876 fsname=/@home/shellcode/.bashrc dir=/home/shellcode/.bashrc fstype=btrfs Mounting read-only /home/shellcode/.dotfiles/.profile 1877 1769 0:26 /@home/shellcode/.dotfiles/.profile /home/shellcode/.dotfiles/.profile ro,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home mountid=1877 fsname=/@home/shellcode/.dotfiles/.profile dir=/home/shellcode/.dotfiles/.profile fstype=btrfs Mounting read-only /home/shellcode/.ssh/config 1878 1769 0:26 /@home/shellcode/.ssh/config /home/shellcode/.ssh/config ro,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home mountid=1878 fsname=/@home/shellcode/.ssh/config dir=/home/shellcode/.ssh/config fstype=btrfs Mounting read-only /home/shellcode/.dotfiles/.config/nvim 1879 1769 0:26 /@home/shellcode/.dotfiles/.config/nvim /home/shellcode/.dotfiles/.config/nvim ro,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home mountid=1879 fsname=/@home/shellcode/.dotfiles/.config/nvim dir=/home/shellcode/.dotfiles/.config/nvim fstype=btrfs Mounting read-only /home/shellcode/.dotfiles 1883 1880 0:26 /@home/shellcode/.dotfiles/.config/nvim /home/shellcode/.dotfiles/.config/nvim ro,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home mountid=1883 fsname=/@home/shellcode/.dotfiles/.config/nvim dir=/home/shellcode/.dotfiles/.config/nvim fstype=btrfs Mounting read-only /home/shellcode/.local/share/nvim 1884 1769 0:26 /@home/shellcode/.local/share/nvim /home/shellcode/.local/share/nvim ro,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home mountid=1884 fsname=/@home/shellcode/.local/share/nvim dir=/home/shellcode/.local/share/nvim fstype=btrfs Mounting read-only /home/shellcode/.local/state/nvim 1885 1769 0:26 /@home/shellcode/.local/state/nvim /home/shellcode/.local/state/nvim ro,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home mountid=1885 fsname=/@home/shellcode/.local/state/nvim dir=/home/shellcode/.local/state/nvim fstype=btrfs Mounting read-only /home/shellcode/.cargo/bin 1886 1769 0:26 /@home/shellcode/.cargo/bin /home/shellcode/.cargo/bin ro,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home mountid=1886 fsname=/@home/shellcode/.cargo/bin dir=/home/shellcode/.cargo/bin fstype=btrfs Mounting read-only /home/shellcode/.rustup 1887 1769 0:26 /@home/shellcode/.rustup /home/shellcode/.rustup ro,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home mountid=1887 fsname=/@home/shellcode/.rustup dir=/home/shellcode/.rustup fstype=btrfs Disable /tmp/ssh-XXXXXWarning: /sbin directory link was not blacklisted Warning: /usr/sbin directory link was not blacklisted X409B7Q Disable /home/shellcode/.gnupg Disable /home/shellcode/.local/share/pki Disable /home/shellcode/.pki Disable /home/shellcode/.ssh Disable /usr/local/sbin Disable /usr/local/bin/strace Disable /usr/bin/strace Disable /usr/lib/ssh Disable /usr/lib/dbus-1.0/dbus-daemon-launch-helper Disable /usr/lib/chromium/chrome-sandbox Disable /.snapshots Warning (blacklisting): cannot open /run/user/1000/.dbus-proxy: Permission denied Warning (blacklisting): cannot open /run/user/1000/.flatpak: Permission denied Warning (blacklisting): cannot open /run/user/1000/.flatpak-cache: Permission denied Warning (blacklisting): cannot open /run/user/1000/.flatpak-helper: Permission denied Warning (blacklisting): cannot open /run/user/1000/app: Permission denied Warning (blacklisting): cannot open /run/user/1000/doc: Permission denied Warning (blacklisting): cannot open /run/user/1000/snapd-session-agent.socket: Permission denied Disable /proc/config.gz Warning (blacklisting): cannot open /run/user/1000/*.lock: Permission denied Warning (blacklisting): cannot open /run/user/1000/inaccessible: Permission denied Warning (blacklisting): cannot open /run/user/1000/pk-debconf-socket: Permission denied Warning (blacklisting): cannot open /run/user/1000/update-notifier.pid: Permission denied Not blacklist /home/shellcode/.rustup Disable /usr/src Disable /usr/local/src Not blacklist /usr/include Disable /usr/local/include Mounting noexec /home/shellcode 1926 1904 0:23 /firejail/firejail.ro.dir /home/shellcode/.ssh ro,nosuid,nodev,relatime master:12 - tmpfs run rw,mode=755,inode64 mountid=1926 fsname=/firejail/firejail.ro.dir dir=/home/shellcode/.ssh fstype=tmpfs Mounting noexec /home/shellcode/.dotfiles/.config/sway 1927 1916 0:23 /firejail/firejail.ro.dir /home/shellcode/.dotfiles/.config/sway ro,nosuid,nodev,noexec,relatime master:12 - tmpfs run rw,mode=755,inode64 mountid=1927 fsname=/firejail/firejail.ro.dir dir=/home/shellcode/.dotfiles/.config/sway fstype=tmpfs Mounting noexec /home/shellcode/.config/dconf 1928 1906 0:26 /@home/shellcode/.config/dconf /home/shellcode/.config/dconf ro,nosuid,nodev,noexec,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home mountid=1928 fsname=/@home/shellcode/.config/dconf dir=/home/shellcode/.config/dconf fstype=btrfs Mounting noexec /home/shellcode/.config/systemd 1929 1907 0:23 /firejail/firejail.ro.dir /home/shellcode/.config/systemd ro,nosuid,nodev,noexec,relatime master:12 - tmpfs run rw,mode=755,inode64 mountid=1929 fsname=/firejail/firejail.ro.dir dir=/home/shellcode/.config/systemd fstype=tmpfs Mounting noexec /home/shellcode/.local/share/systemd 1930 1908 0:23 /firejail/firejail.ro.dir /home/shellcode/.local/share/systemd ro,nosuid,nodev,noexec,relatime master:12 - tmpfs run rw,mode=755,inode64 mountid=1930 fsname=/firejail/firejail.ro.dir dir=/home/shellcode/.local/share/systemd fstype=tmpfs Mounting noexec /home/shellcode/.bash_logout 1931 1909 0:26 /@home/shellcode/.bash_logout /home/shellcode/.bash_logout ro,nosuid,nodev,noexec,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home mountid=1931 fsname=/@home/shellcode/.bash_logout dir=/home/shellcode/.bash_logout fstype=btrfs Mounting noexec /home/shellcode/.bash_profile 1932 1910 0:26 /@home/shellcode/.bash_profile /home/shellcode/.bash_profile ro,nosuid,nodev,noexec,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home mountid=1932 fsname=/@home/shellcode/.bash_profile dir=/home/shellcode/.bash_profile fstype=btrfs Mounting noexec /home/shellcode/.bashrc 1933 1911 0:26 /@home/shellcode/.bashrc /home/shellcode/.bashrc ro,nosuid,nodev,noexec,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home mountid=1933 fsname=/@home/shellcode/.bashrc dir=/home/shellcode/.bashrc fstype=btrfs Mounting noexec /home/shellcode/.dotfiles/.profile 1934 1917 0:26 /@home/shellcode/.dotfileWarning: not remounting /home/shellcode/.ssh/config s/.profile /home/shellcode/.dotfiles/.profile ro,nosuid,nodev,noexec,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home mountid=1934 fsname=/@home/shellcode/.dotfiles/.profile dir=/home/shellcode/.dotfiles/.profile fstype=btrfs Mounting noexec /home/shellcode/.dotfiles/.config/nvim 1935 1918 0:26 /@home/shellcode/.dotfiles/.config/nvim /home/shellcode/.dotfiles/.config/nvim ro,nosuid,nodev,noexec,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home mountid=1935 fsname=/@home/shellcode/.dotfiles/.config/nvim dir=/home/shellcode/.dotfiles/.config/nvim fstype=btrfs Mounting noexec /home/shellcode/.dotfiles 1942 1941 0:26 /@home/shellcode/.dotfiles/.config/nvim /home/shellcode/.dotfiles/.config/nvim ro,nosuid,nodev,noexec,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home mountid=1942 fsname=/@home/shellcode/.dotfiles/.config/nvim dir=/home/shellcode/.dotfiles/.config/nvim fstype=btrfs Mounting noexec /home/shellcode/.local/share/nvim 1943 1919 0:26 /@home/shellcode/.local/share/nvim /home/shellcode/.local/share/nvim ro,nosuid,nodev,noexec,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home mountid=1943 fsname=/@home/shellcode/.local/share/nvim dir=/home/shellcode/.local/share/nvim fstype=btrfs Mounting noexec /home/shellcode/.local/state/nvim 1944 1920 0:26 /@home/shellcode/.local/state/nvim /home/shellcode/.local/state/nvim ro,nosuid,nodev,noexec,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home mountid=1944 fsname=/@home/shellcode/.local/state/nvim dir=/home/shellcode/.local/state/nvim fstype=btrfs Mounting noexec /home/shellcode/.cargo/bin 1945 1921 0:26 /@home/shellcode/.cargo/bin /home/shellcode/.cargo/bin ro,nosuid,nodev,noexec,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home mountid=1945 fsname=/@home/shellcode/.cargo/bin dir=/home/shellcode/.cargo/bin fstype=btrfs Mounting noexec /home/shellcode/.rustup 1946 1922 0:26 /@home/shellcode/.rustup /home/shellcode/.rustup ro,nosuid,nodev,noexec,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home mountid=1946 fsname=/@home/shellcode/.rustup dir=/home/shellcode/.rustup fstype=btrfs Mounting noexec /home/shellcode/.gnupg 1947 1923 0:23 /firejail/firejail.ro.dir /home/shellcode/.gnupg ro,nosuid,nodev,noexec,relatime master:12 - tmpfs run rw,mode=755,inode64 mountid=1947 fsname=/firejail/firejail.ro.dir dir=/home/shellcode/.gnupg fstype=tmpfs Mounting noexec /home/shellcode/.local/share/pki 1948 1924 0:23 /firejail/firejail.ro.dir /home/shellcode/.local/share/pki ro,nosuid,nodev,noexec,relatime master:12 - tmpfs run rw,mode=755,inode64 mountid=1948 fsname=/firejail/firejail.ro.dir dir=/home/shellcode/.local/share/pki fstype=tmpfs Mounting noexec /home/shellcode/.pki 1949 1925 0:23 /firejail/firejail.ro.dir /home/shellcode/.pki ro,nosuid,nodev,noexec,relatime master:12 - tmpfs run rw,mode=755,inode64 mountid=1949 fsname=/firejail/firejail.ro.dir dir=/home/shellcode/.pki fstype=tmpfs Mounting noexec /home/shellcode/.ssh 1950 1926 0:23 /firejail/firejail.ro.dir /home/shellcode/.ssh ro,nosuid,nodev,noexec,relatime master:12 - tmpfs run rw,mode=755,inode64 mountid=1950 fsname=/firejail/firejail.ro.dir dir=/home/shellcode/.ssh fstype=tmpfs Mounting noexec /run/user/1000 1951 1867 0:23 /firejail/firejail.ro.dir /run/user/1000 ro,nosuid,nodev,noexec,relatime master:12 - tmpfs run rw,mode=755,inode64 mountid=1951 fsname=/firejail/firejail.ro.dir dir=/run/user/1000 fstype=tmpfs Mounting noexec /dev/shm 1952 1789 0:203 /shm /dev/shm rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64 mountid=1952 fsname=/shm dir=/dev/shm fstype=tmpfs Mounting noexec /tmp 1954 1953 0:23 /firejail/firWarning: not remounting /home/shellcode/.ssh/config Warning: not remounting /home/shellcode/.cargo/bin Warning: not remounting /home/shellcode/.cargo/bin ejail.ro.dir /tmp/ssh-XXXXXX409B7Q ro,nosuid,nodev,relatime master:12 - tmpfs run rw,mode=755,inode64 mountid=1954 fsname=/firejail/firejail.ro.dir dir=/tmp/ssh-XXXXXX409B7Q fstype=tmpfs Mounting noexec /tmp/ssh-XXXXXX409B7Q 1955 1954 0:23 /firejail/firejail.ro.dir /tmp/ssh-XXXXXX409B7Q ro,nosuid,nodev,noexec,relatime master:12 - tmpfs run rw,mode=755,inode64 mountid=1955 fsname=/firejail/firejail.ro.dir dir=/tmp/ssh-XXXXXX409B7Q fstype=tmpfs Not blacklist /usr/local/bin/lua* Not blacklist /usr/bin/lua* Not blacklist /home/shellcode/.local/bin/lua* Disable /usr/include/luajit-2.1 Disable /usr/include/lua.h Disable /usr/include/lua.hpp Disable /usr/include/luaconf.h Disable /usr/include/lualib.h Not blacklist /usr/lib/liblua++.so Not blacklist /usr/lib/liblua++.so.5.4 Not blacklist /usr/lib/liblua++.so.5.4.6 Not blacklist /usr/lib/liblua++5.4.so Not blacklist /usr/lib/liblua.so Not blacklist /usr/lib/liblua.so.5.4 Not blacklist /usr/lib/liblua.so.5.4.6 Not blacklist /usr/lib/liblua5.4.so Not blacklist /usr/lib/libluajit-5.1.so Not blacklist /usr/lib/libluajit-5.1.so.2 Not blacklist /usr/lib/libluajit-5.1.so.2.1.1700008891 Not blacklist /usr/lib/lua Not blacklist /usr/lib64/liblua++.so Not blacklist /usr/lib64/liblua++.so.5.4 Not blacklist /usr/lib64/liblua++.so.5.4.6 Not blacklist /usr/lib64/liblua++5.4.so Not blacklist /usr/lib64/liblua.so Not blacklist /usr/lib64/liblua.so.5.4 Not blacklist /usr/lib64/liblua.so.5.4.6 Not blacklist /usr/lib64/liblua5.4.so Not blacklist /usr/lib64/libluajit-5.1.so Not blacklist /usr/lib64/libluajit-5.1.so.2 Not blacklist /usr/lib64/libluajit-5.1.so.2.1.1700008891 Not blacklist /usr/lib64/lua Not blacklist /usr/share/lua* Disable /usr/include/node Disable /usr/lib/perl5 Disable /usr/lib/perl5 (requested /usr/lib64/perl5) Disable /usr/share/perl5 Disable /usr/lib/ruby Disable /usr/lib/ruby (requested /usr/lib64/ruby) Disable /usr/include/python3.11 Disable /usr/lib/python3.11 Disable /usr/lib/python3.11 (requested /usr/lib64/python3.11) Disable /home/shellcode/.cache/babl Disable /home/shellcode/.cache/chromium Disable /home/shellcode/.cache/gegl-0.4 Disable /home/shellcode/.cache/keepassxc Disable /home/shellcode/.cache/mozilla Not blacklist /home/shellcode/.cache/nvim Disable /home/shellcode/.cache/pip Disable /home/shellcode/.cargo Disable /home/shellcode/.config/Signal Disable /home/shellcode/.config/chromium Disable /home/shellcode/.dotfiles/.config/chromium-flags.conf (requested /home/shellcode/.config/chromium-flags.conf) Disable /home/shellcode/.config/deluge Disable /home/shellcode/.dotfiles/.config/electron-flags.conf (requested /home/shellcode/.config/electron-flags.conf) Disable /home/shellcode/.config/flameshot Disable /home/shellcode/.dotfiles/.config/git (requested /home/shellcode/.config/git) Disable /home/shellcode/.config/keepassxc Disable /home/shellcode/.config/libreoffice Not blacklist /home/shellcode/.config/nvim Disable /home/shellcode/.config/pavucontrol.ini Disable /home/shellcode/.config/remmina Disable /home/shellcode/.config/transmission Not blacklist /home/shellcode/.local/share/man Disable /home/shellcode/.local/share/remmina Disable /home/shellcode/.mozilla Disable /home/shellcode/.wget-hsts Warning (blacklisting): cannot open /run/user/1000/*firefox*: Permission denied Warning (blacklisting): cannot open /run/user/1000/akonadi: Permission denied Warning (blacklisting): cannot open /run/user/1000/psd/*firefox*: Permission denied Directory ${DOCUMENTS} resolved as documents Disable /home/shellcode/documents Directory ${MUSIC} resolved as media/music Disable /home/shellcode/media/music Directory ${PICTURES} resolved as media/pictures Disable /home/shellcode/media/pictures Directory ${VIDEOS} resolved as media/videos Disable /home/shellcode/media/videos Mounting read-only /home/shellcode 2068 1996 0:23 /firejail/firejail.ro.dir /home/shellcode/media/videos ro,nosuid,nodev,relatime master:12 - tmpfs run rw,mode=755,inode64 mountid=2068 fsname=/firejail/firejail.ro.dir dir=/home/shellcode/media/videos fstype=tmpfs Disable /tmp/.X11-unix Mounting tmpfs on /home/shelDISPLAY is not set line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 04 00 c000003e jeq ARCH_64 0006 (false 0002) 0002: 20 00 00 00000000 ld data.syscall-number 0003: 15 01 00 00000167 jeq unknown 0005 (false 0004) 0004: 06 00 00 7fff0000 ret ALLOW 0005: 05 00 00 00000009 jmp 000f 0006: 20 00 00 00000004 ld data.architecture 0007: 15 01 00 c000003e jeq ARCH_64 0009 (false 0008) 0008: 06 00 00 7fff0000 ret ALLOW 0009: 20 00 00 00000000 ld data.syscall-number 000a: 35 01 00 40000000 jge X32_ABI 000c (false 000b) 000b: 35 01 00 00000000 jge read 000d (false 000c) 000c: 06 00 00 00050001 ret ERRNO(1) 000d: 15 01 00 00000029 jeq socket 000f (false 000e) 000e: 06 00 00 7fff0000 ret ALLOW 000f: 20 00 00 00000010 ld data.args[0] 0010: 15 00 01 00000001 jeq 1 0011 (false 0012) 0011: 06 00 00 7fff0000 ret ALLOW 0012: 06 00 00 0005005f ret ERRNO(95) line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 40000003 jeq ARCH_32 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 15 30 00 00000015 jeq 15 0035 (false 0005) 0005: 15 2f 00 00000034 jeq 34 0035 (false 0006) 0006: 15 2e 00 0000001a jeq 1a 0035 (false 0007) 0007: 15 2d 00 0000011b jeq 11b 0035 (false 0008) 0008: 15 2c 00 00000155 jeq 155 0035 (false 0009) 0009: 15 2b 00 00000156 jeq 156 0035 (false 000a) 000a: 15 2a 00 0000007f jeq 7f 0035 (false 000b) 000b: 15 29 00 00000080 jeq 80 0035 (false 000c) 000c: 15 28 00 0000015e jeq 15e 0035 (false 000d) 000d: 15 27 00 00000081 jeq 81 0035 (false 000e) 000e: 15 26 00 0000006e jeq 6e 0035 (false 000f) 000f: 15 25 00 00000065 jeq 65 0035 (false 0010) 0010: 15 24 00 00000121 jeq 121 0035 (false 0011) 0011: 15 23 00 00000057 jeq 57 0035 (false 0012) 0012: 15 22 00 00000073 jeq 73 0035 (false 0013) 0013: 15 21 00 00000067 jeq 67 0035 (false 0014) 0014: 15 20 00 0000015b jeq 15b 0035 (false 0015) 0015: 15 1f 00 0000015c jeq 15c 0035 (false 0016) 0016: 15 1e 00 00000087 jeq 87 0035 (false 0017) 0017: 15 1d 00 00000095 jeq 95 0035 (false 0018) 0018: 15 1c 00 0000007c jeq 7c 0035 (false 0019) 0019: 15 1b 00 00000157 jeq 157 0035 (false 001a) 001a: 15 1a 00 000000fd jeq fd 0035 (false 001b) 001b: 15 19 00 00000150 jeq 150 0035 (false 001c) 001c: 15 18 00 00000152 jeq 152 0035 (false 001d) 001d: 15 17 00 0000015d jeq 15d 0035 (false 001e) 001e: 15 16 00 0000011e jeq 11e 0035 (false 001f) 001f: 15 15 00 0000011f jeq 11f 0035 (false 0020) 0020: 15 14 00 00000120 jeq 120 0035 (false 0021) 0021: 15 13 00 00000056 jeq 56 0035 (false 0022) 0022: 15 12 00 00000033 jeq 33 0035 (false 0023) 0023: 15 11 00 0000007b jeq 7b 0035 (false 0024) 0024: 15 10 00 000000d9 jeq d9 0035 (false 0025) 0025: 15 0f 00 000000f5 jeq f5 0035 (false 0026) 0026: 15 0e 00 000000f6 jeq f6 0035 (false 0027) 0027: 15 0d 00 000000f7 jeq f7 0035 (false 0028) 0028: 15 0c 00 000000f8 jeq f8 0035 (false 0029) 0029: 15 0b 00 000000f9 jeq f9 0035 (false 002a) 002a: 15 0a 00 00000101 jeq 101 0035 (false 002b) 002b: 15 09 00 00000112 jeq 112 0035 (false 002c) 002c: 15 08 00 00000114 jeq 114 0035 (false 002d) 002d: 15 07 00 00000126 jeq 126 0035 (false 002e) 002e: 15 06 00 0000013d jeq 13d 0035 (false 002f) 002f: 15 05 00 0000013c jeq 13c 0035 (false 0030) 0030: 15 04 00 0000003d jeq 3d 0035 (false 0031) 0031: 15 03 00 00000058 jeq 58 0035 (false 0032) 0032: 15 02 00 000000a9 jeq a9 0035 (false 0033) 0033: 15 01 00 00000082 jeq 82 0035 (false 0034) 0034: 06 00 00 7fff0000 ret ALLOW 0035: 06 00 00 00050001 ret ERRNO(1) line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005) 0005: 35 01 00 00000000 jge read 0007 (false 0006) 0006: 06 00 00 00050001 ret ERRNO(1) 0007: 15 47 00 0000009f jeq adjtimex 004f (false 0008) 0008: 15 46 00 00000131 jeq clock_adjtime 004f (false 0009) 0009: 15 45 00 000000e3 jeq clock_settime 004f (false 000a) 000a: 15 44 00 000000a4 jeq settimeofday 004f (false 000b) 000b: 15 43 00 0000009a jeq modify_ldt 004f (false 000c) 000c: 15 42 00 000000d4 jeq lookup_dcookie 004f (false 000d) 000d: 15 41 00 0000012a jeq perf_event_open 004f (false 000e) 000e: 15 40 00 000001b6 jeq pidfd_getfd 004f (false 000f) 000f: 15 3f 00 00000137 jeq process_vm_writev 004f (false 0010) 0010: 15 3e 00 000000b0 jeq delete_module 004f (false 0011) 0011: 15 3d 00 00000139 jeq finit_module 004f (false 0012) 0012: 15 3c 00 000000af jeq init_module 004f (false 0013) 0013: 15 3b 00 000000a1 jeq chroot 004f (false 0014) 0014: 15 3a 00 000001af jeq fsconfig 004f (false 0015) 0015: 15 39 00 000001b0 jeq fsmount 004f (false 0016) 0016: 15 38 00 000001ae jeq fsopen 004f (false 0017) 0017: 15 37 00 000001b1 jeq fspick 004f (false 0018) 0018: 15 36 00 000000a5 jeq mount 004f (false 0019) 0019: 15 35 00 000001ad jeq move_mount 004f (false 001a) 001a: 15 34 00 000001ac jeq open_tree 004f (false 001b) 001b: 15 33 00 0000009b jeq pivot_root 004f (false 001c) 001c: 15 32 00 000000a6 jeq umount2 004f (false 001d) 001d: 15 31 00 0000009c jeq _sysctl 004f (false 001e) 001e: 15 30 00 000000b7 jeq afs_syscall 004f (false 001f) 001f: 15 2f 00 000000ae jeq create_module 004f (false 0020) 0020: 15 2e 00 000000b1 jeq get_kernel_syms 004f (false 0021) 0021: 15 2d 00 000000b5 jeq getpmsg 004f (false 0022) 0022: 15 2c 00 000000b6 jeq putpmsg 004f (false 0023) 0023: 15 2b 00 000000b2 jeq query_module 004f (false 0024) 0024: 15 2a 00 000000b9 jeq security 004f (false 0025) 0025: 15 29 00 0000008b jeq sysfs 004f (false 0026) 0026: 15 28 00 000000b8 jeq tuxcall 004f (false 0027) 0027: 15 27 00 00000086 jeq uselib 004f (false 0028) 0028: 15 26 00 00000088 jeq ustat 004f (false 0029) 0029: 15 25 00 000000ec jeq vserver 004f (false 002a) 002a: 15 24 00 000000ad jeq ioperm 004f (false 002b) 002b: 15 23 00 000000ac jeq iopl 004f (false 002c) 002c: 15 22 00 000000f6 jeq kexec_load 004f (false 002d) 002d: 15 21 00 00000140 jeq kexec_file_load 004f (false 002e) 002e: 15 20 00 000000a9 jeq reboot 004f (false 002f) 002f: 15 1f 00 000000a7 jeq swapon 004f (false 0030) 0030: 15 1e 00 000000a8 jeq swapoff 004f (false 0031) 0031: 15 1d 00 00000130 jeq open_by_handle_at 004f (false 0032) 0032: 15 1c 00 0000012f jeq name_to_handle_at 004f (false 0033) 0033: 15 1b 00 000000fb jeq ioprio_set 004f (false 0034) 0034: 15 1a 00 00000067 jeq syslog 004f (false 0035) 0035: 15 19 00 0000012c jeq fanotify_init 004f (false 0036) 0036: 15 18 00 000000f8 jeq add_key 004f (false 0037) 0037: 15 17 00 000000f9 jeq request_key 004f (false 0038) 0038: 15 16 00 000000ed jeq mbind 004f (false 0039) 0039: 15 15 00 00000100 jeq migrate_pages 004f (false 003a) 003a: 15 14 00 00000117 jeq move_pages 004f (false 003b) 003b: 15 13 00 000000fa jeq keyctl 004f (false 003c) 003c: 15 12 00 000000ce jeq io_setup 004f (false 003d) 003d: 15 11 00 000000cf jeq io_destroy 004f (false 003e) 003e: 15 10 00 000000d0 jeq io_getevents 004f (false 003f) 003f: 15 0f 00 000000d1 jeq io_submit 004f (false 0040) 0040: 15 0e 00 000000d2 jeq io_cancel 004f (false 0041) 0041: 15 0d 00 000000d8 jeq remap_file_pages 004f (false 0042) 0042: 15 0c 00 000000ee jeq set_mempolicy 004f (false 0043) 0043: 15 0b 00 00000116 jeq vmsplice 004f (false 0044) 0044: 15 0a 00 00000143 jeq userfaultfd 004f (false 0045) 0045: 15 09 00 000000a3 jeq acct 004f (false 0046) 0046: 15 08 00 00000141 jeq bpf 004f (false 0047) 0047: 15 07 00 000000b4 jeq nfsservctl 004f (false 0048) 0048: 15 06 00 000000ab jeq setdomainname 004f (false 0049) 0049: 15 05 00 000000aa jeq sethostname 004f (false 004a) 004a: 15 04 00 00000099 jeq vhangup 004f (false 004b) 004b: 15 03 00 00000065 jeq ptrace 004f (false 004c) 004c: 15 02 00 00000087 jeq personality 004f (false 004d) 004d: 15 01 00 00000136 jeq process_vm_readv 004f (false 004e) 004e: 06 00 00 7fff0000 ret ALLOW 004f: 06 00 01 00050001 ret ERRNO(1) line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005) 0005: 35 01 00 00000000 jge read 0007 (false 0006) 0006: 06 00 00 00050001 ret ERRNO(1) 0007: 15 00 05 00000009 jeq mmap 0008 (false 000d) 0008: 20 00 00 00000020 ld data.args[10] 0009: 54 00 00 00000006 and 00000006 000a: 15 00 01 00000006 jeq 6 000b (false 000c) 000b: 06 00 00 00050001 ret ERRNO(1) 000c: 06 00 00 7fff0000 ret ALLOW 000d: 15 00 05 0000000a jeq a 000e (false 0013) 000e: 20 00 00 00000020 ld data.args[10] 000f: 54 00 00 00000004 and 00000004 0010: 15 00 01 00000004 jeq 4 0011 (false 0012) 0011: 06 00 00 00050001 ret ERRNO(1) 0012: 06 00 00 7fff0000 ret ALLOW 0013: 15 00 05 00000149 jeq 149 0014 (false 0019) 0014: 20 00 00 00000020 ld data.args[10] 0015: 54 00 00 00000004 and 00000004 0016: 15 00 01 00000004 jeq 4 0017 (false 0018) 0017: 06 00 00 00050001 ret ERRNO(1) 0018: 06 00 00 7fff0000 ret ALLOW 0019: 15 00 05 0000001e jeq 1e 001a (false 001f) 001a: 20 00 00 00000020 ld data.args[10] 001b: 54 00 00 00008000 and 00008000 001c: 15 00 01 00008000 jeq 8000 001d (false 001e) 001d: 06 00 00 00050001 ret ERRNO(1) 001e: 06 00 00 7fff0000 ret ALLOW 001f: 15 00 01 0000013f jeq 13f 0020 (false 0021) 0020: 06 00 00 00050001 ret ERRNO(1) 0021: 06 00 00 7fff0000 ret ALLOW 0022: 06 00 00 7fff0000 ret ALLOW line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 40000003 jeq ARCH_32 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 15 00 01 0000005a jeq 5a 0005 (false 0006) 0005: 06 00 00 00050001 ret ERRNO(1) 0006: 15 00 05 000000c0 jeq c0 0007 (false 000c) 0007: 20 00 00 00000020 ld data.args[10] 0008: 54 00 00 00000006 and 00000006 0009: 15 00 01 00000006 jeq 6 000a (false 000b) 000a: 06 00 00 00050001 ret ERRNO(1) 000b: 06 00 00 7fff0000 ret ALLOW 000c: 15 00 05 0000007d jeq 7d 000d (false 0012) 000d: 20 00 00 00000020 ld data.args[10] 000e: 54 00 00 00000004 and 00000004 000f: 15 00 01 00000004 jeq 4 0010 (false 0011) 0010: 06 00 00 00050001 ret ERRNO(1) 0011: 06 00 00 7fff0000 ret ALLOW 0012: 15 00 05 0000017c jeq 17c 0013 (false 0018) 0013: 20 00 00 00000020 ld data.args[10] 0014: 54 00 00 00000004 and 00000004 0015: 15 00 01 00000004 jeq 4 0016 (false 0017) 0016: 06 00 00 00050001 ret ERRNO(1) 0017: 06 00 00 7fff0000 ret ALLOW 0018: 15 00 05 0000018d jeq 18d 0019 (false 001e) 0019: 20 00 00 00000020 ld data.args[10] 001a: 54 00 00 00008000 and 00008000 001b: 15 00 01 00008000 jeq 8000 001c (false 001d) 001c: 06 00 00 00050001 ret ERRNO(1) 001d: 06 00 00 7fff0000 ret ALLOW 001e: 15 00 01 00000164 jeq 164 001f (false 0020) 001f: 06 00 00 00050001 ret ERRNO(1) 0020: 06 00 00 7fff0000 ret ALLOW 0021: 06 00 00 7fff0000 ret ALLOW line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005) 0005: 35 01 00 00000000 jge read 0007 (false 0006) 0006: 06 00 00 00050001 ret ERRNO(1) 0007: 15 00 04 00000038 jeq clone 0008 (false 000c) 0008: 20 00 00 00000010 ld data.args[0] 0009: 45 00 01 7e020000 jset 7e020000 000a (false 000b) 000a: 06 00 00 00050001 ret ERRNO(1) 000b: 06 00 00 7fff0000 ret ALLOW 000c: 15 00 01 000001b3 jeq 1b3 000d (false 000e) 000d: 06 00 00 00050026 ret ERRNO(38) 000e: 15 00 04 00000110 jeq 110 000f (false 0013) 000f: 20 00 00 00000010 ld data.args[0] 0010: 45 00 01 7e020080 jset 7e020080 0011 (false 0012) 0011: 06 00 00 00050001 ret ERRNO(1) 0012: 06 00 00 7fff0000 ret ALLOW 0013: 15 00 04 00000134 jeq 134 0014 (false 0018) 0014: 20 00 00 00000018 ld data.args[8] 0015: 15 01 00 00000000 jeq 0 0017 (false 0016) 0016: 45 00 01 7e020080 jset 7e020080 0017 (false 0018) 0017: 06 00 00 00050001 ret ERRNO(1) 0018: 06 00 00 7fff0000 ret ALLOW 0019: 06 00 00 7fff0000 ret ALLOW line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 40000003 jeq ARCH_32 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 15 00 04 00000078 jeq 78 0005 (false 0009) 0005: 20 00 00 00000010 ld data.args[0] 0006: 45 00 01 7e020000 jset 7e020000 0007 (false 0008) 0007: 06 00 00 00050001 ret ERRNO(1) 0008: 06 00 00 7fff0000 ret ALLOW 0009: 15 00 01 000001b3 jeq 1b3 000a (false 000b) 000a: 06 00 00 00050026 ret ERRNO(38) 000b: 15 00 04 00000136 jeq 136 000c (false 0010) 000c: 20 00 00 00000010 ld data.args[0] 000d: 45 00 01 7e020080 jset 7e020080 000e (false 000f) 000e: 06 00 00 00050001 ret ERRNO(1) 000f: 06 00 00 7fff0000 ret ALLOW 0010: 15 00 04 0000015a jeq 15a 0011 (false 0015) 0011: 20 00 00 00000018 ld data.args[8] 0012: 15 01 00 00000000 jeq 0 0014 (false 0013) 0013: 45 00 01 7e020080 jset 7e020080 0014 (false 0015) 0014: 06 00 00 00050001 ret ERRNO(1) 0015: 06 00 00 7fff0000 ret ALLOW 0016: 06 00 00 7fff0000 ret ALLOW lcode/.cache, check owner: yes 2070 1996 0:210 / /home/shellcode/.cache rw,nosuid,nodev,noexec,noatime,nodiratime - tmpfs tmpfs rw,mode=755,uid=1000,gid=1000,inode64 mountid=2070 fsname=/ dir=/home/shellcode/.cache fstype=tmpfs Disable /sys/fs Disable /sys/module disable pulseaudio blacklist /home/shellcode/.config/pulse disable pipewire Current directory: /home/shellcode/dev Install protocol filter: unix configuring 19 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol configuring 54 seccomp entries in /run/firejail/mnt/seccomp/seccomp.32 sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp.32 Dual 32/64 bit seccomp filter configured configuring 80 seccomp entries in /run/firejail/mnt/seccomp/seccomp sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp seccomp filter configured Install memory write&execute filter configuring 35 seccomp entries in /run/firejail/mnt/seccomp/seccomp.mdwx sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp.mdwx configuring 34 seccomp entries in /run/firejail/mnt/seccomp/seccomp.mdwx.32 sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp.mdwx.32 Build restrict-namespaces filter sbox run: /run/firejail/lib/fseccomp restrict-namespaces /run/firejail/mnt/seccomp/seccomp.namespaces cgroup,ipc,net,mnt,pid,time,user,uts restrict-namespaces filter configured Build restrict-namespaces filter sbox run: /run/firejail/lib/fseccomp restrict-namespaces.32 /run/firejail/mnt/seccomp/seccomp.namespaces.32 cgroup,ipc,net,mnt,pid,time,user,uts restrict-namespaces filter configured Install namespaces filter configuring 26 seccomp entries in /run/firejail/mnt/seccomp/seccomp.namespaces sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp.namespaces configuring 23 seccomp entries in /run/firejail/mnt/seccomp/seccomp.namespaces.32 sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp.namespaces.32 Mounting read-only /run/firejail/mnt/seccomp 2074 1728 0:149 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755,inode64 mountid=2074 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs Seccomp directory: ls /run/firejail/mnt/seccomp drwxr-xr-x root root 240 . drwxr-xr-x root root 320 .. -rw-r--r-- shellcod shellcod 640 seccomp -rw-r--r-- shellcod shellcod 432 seccomp.32 -rw-r--r-- shellcod shellcod 288 seccomp.list -rw-r--r-- shellcod shellcod 280 seccomp.mdwx -rw-r--r-- shellcod shellcod 272 seccomp.mdwx.32 -rw-r--r-- shellcod shellcod 208 seccomp.namespaces -rw-r--r-- shellcod shellcod 184 seccomp.namespaces.32 -rw-r--r-- shellcod shellcod 0 seccomp.postexec -rw-r--r-- shellcod shellcod 0 seccomp.postexec32 -rw-r--r-- shellcod shellcod 152 seccomp.protocol Active seccomp files: cat /run/firejail/mnt/seccomp/seccomp.list /run/firejail/mnt/seccomp/seccomp.protocol /run/firejail/mnt/seccomp/seccomp.32 /run/firejail/mnt/seccomp/seccomp /run/firejail/mnt/seccomp/seccomp.mdwx /run/firejail/mnt/seccomp/seccomp.mdwx.32 /run/firejail/mnt/seccomp/seccomp.namespaces /run/firejail/mnt/seccomp/seccomp.namespaces.32 nogroups command not ignored nogroups command not ignored Dropping all capabilities noroot user namespace installed Dropping all capabilities NO_NEW_PRIVS set Drop privileges: pid 1, uid 1000, gid 1000, force_nogroups 0 No supplementary groups AppArmor enabled Closing non-standard file descriptors Child process initialized in 338.37 ms Starting application LD_PRELOAD=(null) execvp argument 0: /usr/bin/man execvp argument 1: sendfile sendfile(2) System Calls Manual sendfile(2) NAME sendfile - transfer data between file descriptors LIBRARY Standard C library (libc, -lc) SYNOPSIS #include <sys/sendfile.h> ssize_t sendfile(int out_fd, int in_fd, off_t *_Nullable offset, size_t count); DESCRIPTION sendfile() copies data between one file descriptor and another. Because this copying is done within the kernel, sendfile() is more efficient than the combination of read(2) and write(2), which would require transferring data to and from user space. in_fd should be a file descriptor opened for reading and out_fd should be a descriptor opened for writing. If offset is not NULL, then it points to a variable holding the file offset from which sendfile() will start reading data from in_fd. When sendfile() returns, this variable will be set to the offset of the byte following the last byte that was read. If offset is not NULL, then sendfile() does not modify the file offset of in_fd; otherwise the file offset is adjusted to reflect the number of bytes read from in_fd. If offset is NULL, then data will be read from in_fd starting at the file offset, and the file offset will be updated by the call. count is the number of bytes to copy between the file descriptors. The in_fd argument must correspond to a file which supports mmap(2)-like operations (i.e., it cannot be a socket). Before Linux 2.6.33, out_fd must refer to a socket. Since Linux 2.6.33 it can be any file. If it is a regular file, then sendfile() changes the file offset appropriately. RETURN VALUE If the transfer was successful, the number of bytes written to out_fd is returned. Note that a successful call to sendfile() may write fewer bytes than requested; the caller should be prepared to retry the call if there were unsent bytes. See also NOTES. On error, -1 is returned, and errno is set to indicate the error. ERRORS EAGAIN Nonblocking I/O has been selected using O_NONBLOCK and the write would block. EBADF The input file was not opened for reading or the output file was not opened for writing. EFAULT Bad address. EINVAL Descriptor is not valid or locked, or an mmap(2)-like operation is not available for in_fd, or count is negative. EINVAL out_fd has the O_APPEND flag set. This is not currently supported by sendfile(). EIO Unspecified error while reading from in_fd. ENOMEM Insufficient memory to read from in_fd. EOVERFLOW count is too large, the operation would result in exceeding the maximum size of either the input file or the output file. ESPIPE offset is not NULL but the input file is not seekable. VERSIONS Other UNIX systems implement sendfile() with different semantics and prototypes. It should not be used in portable programs. STANDARDS None. HISTORY Linux 2.2, glibc 2.1. In Linux 2.4 and earlier, out_fd could also refer to a regular file; this possibility went away in the Linux 2.6.x kernel series, but was restored in Linux 2.6.33. The original Linux sendfile() system call was not designed to handle large file offsets. Consequently, Linux 2.4 added sendfile64(), with a wider type for the offset argument. The glibc sendfile() wrapper function transparently deals with the kernel differences. NOTES sendfile() will transfer at most 0x7ffff000 (2,147,479,552) bytes, returning the number of bytes actually transferred. (This is true on both 32-bit and 64-bit systems.) If you plan to use sendfile() for sending files to a TCP socket, but need to send some header data in front of the file contents, you will find it useful to employ the TCP_CORK option, described in tcp(7), to minimize the number of packets and to tune performance. Applications may wish to fall back to read(2) and write(2) in the case where sendfile() fails with EINVAL or ENOSYS. If out_fd refers to a socket or pipe with zero-copy support, callers must ensure the transferred portions of the file referred to by in_fd remain unmodified until the reader on the other end of out_fd has consumed the transferred data. The Linux-specific splice(2) call supports transferring data between arbitrary file descriptors provided one (or both) of them is a pipe. SEE ALSO copy_file_range(2), mmap(2), open(2), socket(2), splice(2) Linux man-pages 6.05.01 2023-07-15 sendfile(2) Parent is shutting down, bye... ``` </details>
gitea-mirror commented 2026-05-05 09:48:23 -06:00
Author
Owner
Copy link

@ShellCode33 commented on GitHub (Nov 30, 2023):

I tried to copy the whole nvim.profile into man.local and tweak it a bit:

private-bin apropos,bash,cat,catman,col,gpreconv,groff,grotty,gunzip,gzip,less,man,most,nroff,preconv,sed,sh,tbl,tr,troff,whatis,which,xtotroff,zcat,zsoelim,nvim,strace
include allow-lua.inc

noblacklist ${HOME}/.vim
noblacklist ${HOME}/.vimrc
noblacklist ${HOME}/.cache/nvim
noblacklist ${HOME}/.config/nvim
noblacklist ${HOME}/.dotfiles/.config/nvim
noblacklist ${HOME}/.local/share/nvim
noblacklist ${HOME}/.local/state/nvim

whitelist /usr/share/nvim

include whitelist-runuser-common.inc

ipc-namespace
machine-id
net none
no3d
nodvd
nogroups
noinput
nonewprivs
noroot
notv
nou2f
novideo
protocol unix,inet,inet6
seccomp
seccomp.block-secondary
tracelog
x11 none

private-dev

dbus-user none
dbus-system none

read-only ${HOME}/.config
read-only ${HOME}/.dotfiles
read-only ${HOME}/.dotfiles/.config
read-write ${HOME}/.config/nvim
read-write ${HOME}/.dotfiles/config/nvim
read-write ${HOME}/.local/share/nvim
read-write ${HOME}/.local/state/nvim
read-write ${HOME}/.vim
read-write ${HOME}/.vimrc
restrict-namespaces

Still the same error

<!-- gh-comment-id:1834142477 --> @ShellCode33 commented on GitHub (Nov 30, 2023): I tried to copy the whole `nvim.profile` into `man.local` and tweak it a bit: ``` private-bin apropos,bash,cat,catman,col,gpreconv,groff,grotty,gunzip,gzip,less,man,most,nroff,preconv,sed,sh,tbl,tr,troff,whatis,which,xtotroff,zcat,zsoelim,nvim,strace include allow-lua.inc noblacklist ${HOME}/.vim noblacklist ${HOME}/.vimrc noblacklist ${HOME}/.cache/nvim noblacklist ${HOME}/.config/nvim noblacklist ${HOME}/.dotfiles/.config/nvim noblacklist ${HOME}/.local/share/nvim noblacklist ${HOME}/.local/state/nvim whitelist /usr/share/nvim include whitelist-runuser-common.inc ipc-namespace machine-id net none no3d nodvd nogroups noinput nonewprivs noroot notv nou2f novideo protocol unix,inet,inet6 seccomp seccomp.block-secondary tracelog x11 none private-dev dbus-user none dbus-system none read-only ${HOME}/.config read-only ${HOME}/.dotfiles read-only ${HOME}/.dotfiles/.config read-write ${HOME}/.config/nvim read-write ${HOME}/.dotfiles/config/nvim read-write ${HOME}/.local/share/nvim read-write ${HOME}/.local/state/nvim read-write ${HOME}/.vim read-write ${HOME}/.vimrc restrict-namespaces ``` Still the same error
gitea-mirror commented 2026-05-05 09:48:25 -06:00
Author
Owner
Copy link

@kmk3 commented on GitHub (Nov 30, 2023):

@glitsj16 on Nov 30:

Yeah that won't work, but you're on the right track. You only need to
cherrypick the nvim configuration paths and add those into man.local:

$ cat ~/.config/firejail/man.local
include allow-lua.inc

noblacklist ${HOME}/.vim
noblacklist ${HOME}/.vimrc
noblacklist ${HOME}/.cache/nvim
noblacklist ${HOME}/.config/nvim
noblacklist ${HOME}/.local/share/nvim
noblacklist ${HOME}/.local/state/nvim

whitelist /usr/share/nvim

What does that do?

I managed to get it working with the following in man.local:

ignore memory-deny-write-execute

# Allow lua (blacklisted by disable-interpreters.inc)
include allow-lua.inc

noblacklist ${HOME}/.vim
noblacklist ${HOME}/.vimrc
noblacklist ${HOME}/.cache/nvim
noblacklist ${HOME}/.config/nvim
noblacklist ${HOME}/.local/share/nvim
noblacklist ${HOME}/.local/state/nvim

whitelist /usr/share/nvim

read-write ${HOME}/.local/state/nvim

Note: The read-write entry is only needed to avoid warnings.

@ShellCode33 Does that work for you?

<!-- gh-comment-id:1834147442 --> @kmk3 commented on GitHub (Nov 30, 2023): @glitsj16 [on Nov 30](https://github.com/netblue30/firejail/issues/6112#issuecomment-1833892019): > Yeah that won't work, but you're on the right track. You only need to > cherrypick the nvim configuration paths and add those into man.local: > > ```shell > $ cat ~/.config/firejail/man.local > include allow-lua.inc > > noblacklist ${HOME}/.vim > noblacklist ${HOME}/.vimrc > noblacklist ${HOME}/.cache/nvim > noblacklist ${HOME}/.config/nvim > noblacklist ${HOME}/.local/share/nvim > noblacklist ${HOME}/.local/state/nvim > > whitelist /usr/share/nvim > ``` > > What does that do? I managed to get it working with the following in man.local: ``` ignore memory-deny-write-execute # Allow lua (blacklisted by disable-interpreters.inc) include allow-lua.inc noblacklist ${HOME}/.vim noblacklist ${HOME}/.vimrc noblacklist ${HOME}/.cache/nvim noblacklist ${HOME}/.config/nvim noblacklist ${HOME}/.local/share/nvim noblacklist ${HOME}/.local/state/nvim whitelist /usr/share/nvim read-write ${HOME}/.local/state/nvim ``` Note: The `read-write` entry is only needed to avoid warnings. @ShellCode33 Does that work for you?
gitea-mirror commented 2026-05-05 09:48:26 -06:00
Author
Owner
Copy link

@ShellCode33 commented on GitHub (Nov 30, 2023):

Works like a charm, thanks a lot ! The key thing seems to be ignore memory-deny-write-execute, I'd be glad to know why w+x memory is required though.

Small additional note, I had errors you apparently didn't have which seem to be related to my/your nvim config.

The first one I had to solve was related to nvim swap mechanism, I don't want them anyway so instead of changing the firejail profile, I disabled it in my nvim config:

vim.opt.swapfile = false

The second one I've been unable to solve for now is related to treesitter:

Error detected while processing User Autocommands for "VeryLazy":
Parser dir ' /home/shellcode/.local/share/nvim/lazy/nvim-treesitter/parser ' should be read/write (see README on how to configure an alternative install location) /home/shellcode/.local/share
/nvim/lazy/nvim-treesitter/parser '

I'm not sure why the write permission is required for ~/.local/share/nvim/lazy/nvim-treesitter/parser as it only contains .so files.

I tried to add read-write ${HOME}/.local/share/nvim/lazy/nvim-treesitter/parser to man.local but it doesn't work. Still the same error.

This is not an error that prevents me from reading the man page, but the warning is annoying:

image

<!-- gh-comment-id:1834181965 --> @ShellCode33 commented on GitHub (Nov 30, 2023): Works like a charm, thanks a lot ! The key thing seems to be `ignore memory-deny-write-execute`, I'd be glad to know why w+x memory is required though. Small additional note, I had errors you apparently didn't have which seem to be related to my/your nvim config. The first one I had to solve was related to nvim swap mechanism, I don't want them anyway so instead of changing the firejail profile, I disabled it in my nvim config: ``` vim.opt.swapfile = false ``` The second one I've been unable to solve for now is related to treesitter: ``` Error detected while processing User Autocommands for "VeryLazy": Parser dir ' /home/shellcode/.local/share/nvim/lazy/nvim-treesitter/parser ' should be read/write (see README on how to configure an alternative install location) /home/shellcode/.local/share /nvim/lazy/nvim-treesitter/parser ' ``` I'm not sure why the write permission is required for `~/.local/share/nvim/lazy/nvim-treesitter/parser` as it only contains `.so` files. I tried to add `read-write ${HOME}/.local/share/nvim/lazy/nvim-treesitter/parser` to `man.local` but it doesn't work. Still the same error. This is not an error that prevents me from reading the man page, but the warning is annoying: ![image](https://github.com/netblue30/firejail/assets/8455652/4900b18d-ece4-44f8-aefc-d46ef7cfc69f)
gitea-mirror commented 2026-05-05 09:48:27 -06:00
Author
Owner
Copy link

@kmk3 commented on GitHub (Dec 1, 2023):

@ShellCode33 on Nov 30:

Works like a charm, thanks a lot !

No problem.

The key thing seems to be ignore memory-deny-write-execute, I'd be glad to
know why w+x memory is required though.

Probably for executing Vimscript, Lua, etc.

Small additional note, I had errors you apparently didn't have which seem to
be related to my/your nvim config.

The first one I had to solve was related to nvim swap mechanism, I don't want
them anyway so instead of changing the firejail profile, I disabled it in my
nvim config:

vim.opt.swapfile = false

With the default configuration, if the swapfile and shada file are disabled in
the command line, then it should work without any read-write entries:

MANPAGER='nvim -n -i NONE +Man!' firejail /usr/bin/man sendfile

The second one I've been unable to solve for now is related to treesitter:

Error detected while processing User Autocommands for "VeryLazy":
Parser dir ' /home/shellcode/.local/share/nvim/lazy/nvim-treesitter/parser ' should be read/write (see README on how to configure an alternative install location) /home/shellcode/.local/share
/nvim/lazy/nvim-treesitter/parser '

I tried to add read-write ${HOME}/.local/share/nvim/lazy/nvim-treesitter/parser to man.local but it
doesn't work. Still the same error.

This is not an error that prevents me from reading the man page, but the
warning is annoying:

Note that there are multiple read-only nvim entries:

$ grep -R '^read-only .*nvim' /etc/firejail/
/etc/firejail/disable-common.inc:read-only ${HOME}/.config/nvim
/etc/firejail/disable-common.inc:read-only ${HOME}/.local/share/nvim
/etc/firejail/disable-common.inc:read-only ${HOME}/.local/state/nvim

In this case the read-write command might need to match the existing
read-only command:

read-write ${HOME}/.local/share/nvim
<!-- gh-comment-id:1836115902 --> @kmk3 commented on GitHub (Dec 1, 2023): @ShellCode33 [on Nov 30](https://github.com/netblue30/firejail/issues/6112#issuecomment-1834181965): > Works like a charm, thanks a lot ! No problem. > The key thing seems to be `ignore memory-deny-write-execute`, I'd be glad to > know why w+x memory is required though. Probably for executing Vimscript, Lua, etc. > Small additional note, I had errors you apparently didn't have which seem to > be related to my/your nvim config. > > The first one I had to solve was related to nvim swap mechanism, I don't want > them anyway so instead of changing the firejail profile, I disabled it in my > nvim config: > > ``` > vim.opt.swapfile = false > ``` With the default configuration, if the swapfile and shada file are disabled in the command line, then it should work without any `read-write` entries: ```sh MANPAGER='nvim -n -i NONE +Man!' firejail /usr/bin/man sendfile ``` > The second one I've been unable to solve for now is related to treesitter: > > ``` > Error detected while processing User Autocommands for "VeryLazy": > Parser dir ' /home/shellcode/.local/share/nvim/lazy/nvim-treesitter/parser ' should be read/write (see README on how to configure an alternative install location) /home/shellcode/.local/share > /nvim/lazy/nvim-treesitter/parser ' > ``` > I tried to add `read-write > ${HOME}/.local/share/nvim/lazy/nvim-treesitter/parser` to `man.local` but it > doesn't work. Still the same error. > > This is not an error that prevents me from reading the man page, but the > warning is annoying: Note that there are multiple `read-only` nvim entries: ```console $ grep -R '^read-only .*nvim' /etc/firejail/ /etc/firejail/disable-common.inc:read-only ${HOME}/.config/nvim /etc/firejail/disable-common.inc:read-only ${HOME}/.local/share/nvim /etc/firejail/disable-common.inc:read-only ${HOME}/.local/state/nvim ``` In this case the `read-write` command might need to match the existing `read-only` command: ``` read-write ${HOME}/.local/share/nvim ```
gitea-mirror commented 2026-05-05 09:48:28 -06:00
Author
Owner
Copy link

@ShellCode33 commented on GitHub (Dec 1, 2023):

Thanks for your reply. I tried to add all these read-write statements but it doesn't seem to work. I think the issue might be that man.profile first include man.local and THEN include disable-common.inc. Therefore the read-write directive is overridden by the read-only one. Any advice on how to workaround that ?

<!-- gh-comment-id:1836139871 --> @ShellCode33 commented on GitHub (Dec 1, 2023): Thanks for your reply. I tried to add all these read-write statements but it doesn't seem to work. I think the issue might be that `man.profile` first `include man.local` and THEN `include disable-common.inc`. Therefore the read-write directive is overridden by the read-only one. Any advice on how to workaround that ?
gitea-mirror commented 2026-05-05 09:48:29 -06:00
Author
Owner
Copy link

@kmk3 commented on GitHub (Dec 1, 2023):

Thanks for your reply. I tried to add all these read-write statements but it
doesn't seem to work. I think the issue might be that man.profile first
include man.local and THEN include disable-common.inc. Therefore the
read-write directive is overridden by the read-only one. Any advice on how to
workaround that ?

Good catch; though the read-write entries did remove the warnings when I was
testing, so maybe something changed in 0.9.73.

How about the following?

# ignore entries from disable-common.inc
ignore read-only ${HOME}/.local/share/nvim
ignore read-only ${HOME}/.local/state/nvim

# because of read-only ${HOME}
read-write ${HOME}/.local/share/nvim
read-write ${HOME}/.local/state/nvim
<!-- gh-comment-id:1836315236 --> @kmk3 commented on GitHub (Dec 1, 2023): > Thanks for your reply. I tried to add all these read-write statements but it > doesn't seem to work. I think the issue might be that `man.profile` first > `include man.local` and THEN `include disable-common.inc`. Therefore the > read-write directive is overridden by the read-only one. Any advice on how to > workaround that ? Good catch; though the `read-write` entries did remove the warnings when I was testing, so maybe something changed in 0.9.73. How about the following? ``` # ignore entries from disable-common.inc ignore read-only ${HOME}/.local/share/nvim ignore read-only ${HOME}/.local/state/nvim # because of read-only ${HOME} read-write ${HOME}/.local/share/nvim read-write ${HOME}/.local/state/nvim ```
gitea-mirror commented 2026-05-05 09:48:30 -06:00
Author
Owner
Copy link

@ShellCode33 commented on GitHub (Dec 2, 2023):

Nop still doesn't work :/

Here's what my man.local looks like so far:

ignore memory-deny-write-execute

# Allow lua (blacklisted by disable-interpreters.inc)
include allow-lua.inc

noblacklist ${HOME}/.cache/nvim
noblacklist ${HOME}/.config/nvim
noblacklist ${HOME}/.local/share/nvim
noblacklist ${HOME}/.local/state/nvim

whitelist /usr/share/nvim

# ignore entries from disable-common.inc
ignore read-only ${HOME}/.local/share/nvim
ignore read-only ${HOME}/.local/state/nvim

read-write ${HOME}/.local/share/nvim
read-write ${HOME}/.local/state/nvim

restrict-namespaces
<!-- gh-comment-id:1836946853 --> @ShellCode33 commented on GitHub (Dec 2, 2023): Nop still doesn't work :/ Here's what my `man.local` looks like so far: ``` ignore memory-deny-write-execute # Allow lua (blacklisted by disable-interpreters.inc) include allow-lua.inc noblacklist ${HOME}/.cache/nvim noblacklist ${HOME}/.config/nvim noblacklist ${HOME}/.local/share/nvim noblacklist ${HOME}/.local/state/nvim whitelist /usr/share/nvim # ignore entries from disable-common.inc ignore read-only ${HOME}/.local/share/nvim ignore read-only ${HOME}/.local/state/nvim read-write ${HOME}/.local/share/nvim read-write ${HOME}/.local/state/nvim restrict-namespaces ```
gitea-mirror commented 2026-05-05 09:48:31 -06:00
Author
Owner
Copy link

@kmk3 commented on GitHub (Dec 2, 2023):

Nop still doesn't work :/

Is the error still about treesitter read/write?

What is the neovim and treesitter plugin version?

How is treesitter configured in neovim?

Does it still happen with firejail-git?

If you join the sandbox, what are the permissions in the treesitter
directories?

Can you create files in them?

Example:

MANPAGER='nvim -n -i NONE +Man!' firejail --name=nvim /usr/bin/man sendfile

# in another shell
firejail --join=nvim
ls -l    ~/.local/share/nvim/lazy/nvim-treesitter/parser
mkdir -p ~/.local/share/nvim/lazy/nvim-treesitter/parser
touch    ~/.local/share/nvim/lazy/nvim-treesitter/parser/test
ls -l    ~/.local/share/nvim/lazy/nvim-treesitter/parser
<!-- gh-comment-id:1837192859 --> @kmk3 commented on GitHub (Dec 2, 2023): > Nop still doesn't work :/ Is the error still about treesitter read/write? What is the neovim and treesitter plugin version? How is treesitter configured in neovim? Does it still happen with firejail-git? If you join the sandbox, what are the permissions in the treesitter directories? Can you create files in them? Example: ```sh MANPAGER='nvim -n -i NONE +Man!' firejail --name=nvim /usr/bin/man sendfile # in another shell firejail --join=nvim ls -l ~/.local/share/nvim/lazy/nvim-treesitter/parser mkdir -p ~/.local/share/nvim/lazy/nvim-treesitter/parser touch ~/.local/share/nvim/lazy/nvim-treesitter/parser/test ls -l ~/.local/share/nvim/lazy/nvim-treesitter/parser ```
gitea-mirror commented 2026-05-05 09:48:32 -06:00
Author
Owner
Copy link

@ShellCode33 commented on GitHub (Dec 3, 2023):

Is the error still about treesitter read/write?

Yes it is

What is the neovim and treesitter plugin version?

Neovim up to date with ArchLinux repo

$ nvim --version
NVIM v0.9.4
Build type: Release
LuaJIT 2.1.1700008891

I don't know what is the version of Treesitter but it is built into Neovim, so for reproducibility purposes, having neovim 0.9.4 would give the same Treesitter version.

However I use the nvim-treesitter plugin which - from what I understand - is a common interface for other plugins to build onto. And I'm on b41bbcb (almost the head). I might be wrong but I don't think this plugin is relevant.

How is treesitter configured in neovim?

I use LazyVim which configures it for me, its Treesitter configuration can be found here ("Full spec" must be selected)

My whole neovim config can be found here.

Does it still happen with firejail-git?

Yes it does, the exact same error

$ firejail --version
firejail version 0.9.73

Can you create files in them?

No

$ touch    ~/.local/share/nvim/lazy/nvim-treesitter/parser/test
touch: cannot touch '/home/shellcode/.local/share/nvim/lazy/nvim-treesitter/parser/test': Read-only file system
Full logs of the commands you provided 
$ firejail --join=29029
Switching to pid 29000, the first child process inside the sandbox
Changing root to /proc/29000/root
Child process initialized in 24.71 ms
$ ls -l    ~/.local/share/nvim/lazy/nvim-treesitter/parser
total 12172
-rwx------ 1 shellcode shellcode 1127520 Nov 30 19:42 bash.so
-rwx------ 1 shellcode shellcode   98088 Nov 30 19:42 cmake.so
-rwx------ 1 shellcode shellcode 3339232 Nov 30 19:43 cpp.so
-rwx------ 1 shellcode shellcode  699960 Nov 30 19:42 c.so
-rwx------ 1 shellcode shellcode   31936 Nov 30 19:42 diff.so
-rwx------ 1 shellcode shellcode   60616 Nov 30 19:42 dockerfile.so
-rwx------ 1 shellcode shellcode   29296 Nov 30 19:42 html.so
-rwx------ 1 shellcode shellcode  578448 Nov 30 19:42 javascript.so
-rwx------ 1 shellcode shellcode   23616 Nov 30 19:42 jsdoc.so
-rwx------ 1 shellcode shellcode   40296 Nov 30 19:42 json5.so
-rwx------ 1 shellcode shellcode   17896 Nov 30 19:42 jsonc.so
-rwx------ 1 shellcode shellcode   19648 Nov 30 19:42 json.so
-rwx------ 1 shellcode shellcode  105664 Nov 30 19:42 luadoc.so
-rwx------ 1 shellcode shellcode   23808 Nov 30 19:42 luap.so
-rwx------ 1 shellcode shellcode   65656 Nov 30 19:42 lua.so
-rwx------ 1 shellcode shellcode  339872 Nov 30 19:42 markdown_inline.so
-rwx------ 1 shellcode shellcode  353088 Nov 30 19:42 markdown.so
-rwx------ 1 shellcode shellcode   44224 Nov 30 19:42 ninja.so
-rwx------ 1 shellcode shellcode  512408 Nov 30 19:42 python.so
-rwx------ 1 shellcode shellcode   36032 Nov 30 19:42 query.so
-rwx------ 1 shellcode shellcode   23616 Nov 30 19:42 regex.so
-rwx------ 1 shellcode shellcode   73904 Nov 30 19:43 ron.so
-rwx------ 1 shellcode shellcode   67200 Nov 30 19:42 rst.so
-rwx------ 1 shellcode shellcode  979328 Nov 30 19:43 rust.so
-rwx------ 1 shellcode shellcode   36712 Nov 30 19:42 toml.so
-rwx------ 1 shellcode shellcode 1204680 Nov 30 19:43 tsx.so
-rwx------ 1 shellcode shellcode 1163704 Nov 30 19:43 typescript.so
-rwx------ 1 shellcode shellcode  101568 Nov 30 19:42 vimdoc.so
-rwx------ 1 shellcode shellcode 1013000 Nov 30 19:43 vim.so
-rwx------ 1 shellcode shellcode  194944 Nov 30 19:42 yaml.so
$ mkdir -p ~/.local/share/nvim/lazy/nvim-treesitter/parser
$ touch    ~/.local/share/nvim/lazy/nvim-treesitter/parser/test
touch: cannot touch '/home/shellcode/.local/share/nvim/lazy/nvim-treesitter/parser/test': Read-only file system

Process tree in case that's useful:

shellco+    9053  1.1  1.9 2765948 231148 ?      Sl   19:13   0:36 /usr/bin/wezterm-gui
shellco+    9060  0.0  0.0  14132 10396 pts/0    Ss   19:13   0:01  \_ /usr/bin/zsh
shellco+   28999  0.0  0.0   4472  2816 pts/0    S+   20:03   0:00  |   \_ firejail /usr/bin/man sendfile
shellco+   29000  0.0  0.0   6096  3304 pts/0    S+   20:03   0:00  |       \_ firejail /usr/bin/man sendfile
shellco+   29013  0.0  0.0   8776  4416 pts/0    S+   20:03   0:00  |           \_ /usr/bin/man sendfile
shellco+   29023  0.0  0.0  13720  8192 pts/0    Sl+  20:03   0:00  |               \_ nvim -n -i NONE +Man!
shellco+   29029  0.7  0.2  29672 25088 ?        Ssl  20:03   0:02  |                   \_ nvim --embed -n -i NONE +Man!

Note: my man.local hasn't changed between my last comment and this one

Again, thanks a lot for your help

<!-- gh-comment-id:1837572489 --> @ShellCode33 commented on GitHub (Dec 3, 2023): > Is the error still about treesitter read/write? Yes it is ----------------- > What is the neovim and treesitter plugin version? Neovim up to date with ArchLinux repo ``` $ nvim --version NVIM v0.9.4 Build type: Release LuaJIT 2.1.1700008891 ``` I don't know what is the version of Treesitter but it is built into Neovim, so for reproducibility purposes, having neovim `0.9.4` would give the same Treesitter version. However I use the [nvim-treesitter](https://github.com/nvim-treesitter/nvim-treesitter) plugin which - from what I understand - is a common interface for other plugins to build onto. And I'm on [b41bbcb](https://github.com/nvim-treesitter/nvim-treesitter/tree/b41bbcbb9a2c5543d3bfa4cf7e2b0948a5f61ce6) (almost the head). I might be wrong but I don't think this plugin is relevant. ----------------- > How is treesitter configured in neovim? I use LazyVim which configures it for me, its Treesitter configuration can be found [here](https://www.lazyvim.org/plugins/treesitter) ("Full spec" must be selected) My whole neovim config can be found [here](https://github.com/ShellCode33/.dotfiles/tree/master/.config/nvim). ----------------- > Does it still happen with firejail-git? Yes it does, the exact same error ``` $ firejail --version firejail version 0.9.73 ``` ----------------- > Can you create files in them? No ``` $ touch ~/.local/share/nvim/lazy/nvim-treesitter/parser/test touch: cannot touch '/home/shellcode/.local/share/nvim/lazy/nvim-treesitter/parser/test': Read-only file system ``` <details> <summary><b>Full logs of the commands you provided</b></summary> ``` $ firejail --join=29029 Switching to pid 29000, the first child process inside the sandbox Changing root to /proc/29000/root Child process initialized in 24.71 ms $ ls -l ~/.local/share/nvim/lazy/nvim-treesitter/parser total 12172 -rwx------ 1 shellcode shellcode 1127520 Nov 30 19:42 bash.so -rwx------ 1 shellcode shellcode 98088 Nov 30 19:42 cmake.so -rwx------ 1 shellcode shellcode 3339232 Nov 30 19:43 cpp.so -rwx------ 1 shellcode shellcode 699960 Nov 30 19:42 c.so -rwx------ 1 shellcode shellcode 31936 Nov 30 19:42 diff.so -rwx------ 1 shellcode shellcode 60616 Nov 30 19:42 dockerfile.so -rwx------ 1 shellcode shellcode 29296 Nov 30 19:42 html.so -rwx------ 1 shellcode shellcode 578448 Nov 30 19:42 javascript.so -rwx------ 1 shellcode shellcode 23616 Nov 30 19:42 jsdoc.so -rwx------ 1 shellcode shellcode 40296 Nov 30 19:42 json5.so -rwx------ 1 shellcode shellcode 17896 Nov 30 19:42 jsonc.so -rwx------ 1 shellcode shellcode 19648 Nov 30 19:42 json.so -rwx------ 1 shellcode shellcode 105664 Nov 30 19:42 luadoc.so -rwx------ 1 shellcode shellcode 23808 Nov 30 19:42 luap.so -rwx------ 1 shellcode shellcode 65656 Nov 30 19:42 lua.so -rwx------ 1 shellcode shellcode 339872 Nov 30 19:42 markdown_inline.so -rwx------ 1 shellcode shellcode 353088 Nov 30 19:42 markdown.so -rwx------ 1 shellcode shellcode 44224 Nov 30 19:42 ninja.so -rwx------ 1 shellcode shellcode 512408 Nov 30 19:42 python.so -rwx------ 1 shellcode shellcode 36032 Nov 30 19:42 query.so -rwx------ 1 shellcode shellcode 23616 Nov 30 19:42 regex.so -rwx------ 1 shellcode shellcode 73904 Nov 30 19:43 ron.so -rwx------ 1 shellcode shellcode 67200 Nov 30 19:42 rst.so -rwx------ 1 shellcode shellcode 979328 Nov 30 19:43 rust.so -rwx------ 1 shellcode shellcode 36712 Nov 30 19:42 toml.so -rwx------ 1 shellcode shellcode 1204680 Nov 30 19:43 tsx.so -rwx------ 1 shellcode shellcode 1163704 Nov 30 19:43 typescript.so -rwx------ 1 shellcode shellcode 101568 Nov 30 19:42 vimdoc.so -rwx------ 1 shellcode shellcode 1013000 Nov 30 19:43 vim.so -rwx------ 1 shellcode shellcode 194944 Nov 30 19:42 yaml.so $ mkdir -p ~/.local/share/nvim/lazy/nvim-treesitter/parser $ touch ~/.local/share/nvim/lazy/nvim-treesitter/parser/test touch: cannot touch '/home/shellcode/.local/share/nvim/lazy/nvim-treesitter/parser/test': Read-only file system ``` </details> ----------------- Process tree in case that's useful: ``` shellco+ 9053 1.1 1.9 2765948 231148 ? Sl 19:13 0:36 /usr/bin/wezterm-gui shellco+ 9060 0.0 0.0 14132 10396 pts/0 Ss 19:13 0:01 \_ /usr/bin/zsh shellco+ 28999 0.0 0.0 4472 2816 pts/0 S+ 20:03 0:00 | \_ firejail /usr/bin/man sendfile shellco+ 29000 0.0 0.0 6096 3304 pts/0 S+ 20:03 0:00 | \_ firejail /usr/bin/man sendfile shellco+ 29013 0.0 0.0 8776 4416 pts/0 S+ 20:03 0:00 | \_ /usr/bin/man sendfile shellco+ 29023 0.0 0.0 13720 8192 pts/0 Sl+ 20:03 0:00 | \_ nvim -n -i NONE +Man! shellco+ 29029 0.7 0.2 29672 25088 ? Ssl 20:03 0:02 | \_ nvim --embed -n -i NONE +Man! ``` ----------------- Note: my `man.local` hasn't changed between my last comment and this one ----------------- Again, thanks a lot for your help
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#3185
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?