github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #6703] Missing files when whitelisting /var/log (--writable-var-log) #3344

New issue
Closed
opened 2026-05-05 09:55:47 -06:00 by gitea-mirror · 2 comments
gitea-mirror commented 2026-05-05 09:55:47 -06:00
Owner
Copy link

Originally created by @alopatindev on GitHub (Apr 7, 2025).
Original GitHub issue: https://github.com/netblue30/firejail/issues/6703

Looks like #698 is still there: I can't seem to open /var/log/* using any program:

Output of sudo LC_ALL=C firejail --debug --noprofile --noblacklist=/var/log --whitelist=/var/log --read-write=/var/log/messages /bin/tail /var/log/messages | grep -vE '(nvidia|docker|clang|llvm|gcc)' 

$ sudo LC_ALL=C firejail --debug --noprofile --noblacklist=/var/log --whitelist=/var/log --read-write=/var/log/messages /bin/tail /var/log/messages | grep -vE '(nvidia|docker|clang|llvm|gcc)'
pid=23321: locking /run/firejail/firejail-run.lock ...
pid=23321: locked /run/firejail/firejail-run.lock
pid=23321: unlocking /run/firejail/firejail-run.lock ...
pid=23321: unlocked /run/firejail/firejail-run.lock
firejail version 0.9.74

pid=23321: locking /run/firejail/firejail-run.lock ...
pid=23321: locked /run/firejail/firejail-run.lock
DISPLAY=:0 parsed as 0
pid=23321: unlocking /run/firejail/firejail-run.lock ...
pid=23321: unlocked /run/firejail/firejail-run.lock
Parent pid 23321, child pid 23322
Looking for kernel processes
Found kthreadd process, we are not running in a sandbox
Building quoted command line: '/bin/tail' '/var/log/messages'
Command name #tail#
Enabling IPC namespace
Using the local network stack
Looking for kernel processes
Found kthreadd process, we are not running in a sandbox
Building quoted command line: '/bin/tail' '/var/log/messages'
Command name #tail#
Enabling IPC namespace
Using the local network stack
Initializing child process
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp directory
Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file
Mounting /proc filesystem representing the PID namespace
Basic read-only filesystem:
Mounting read-only /etc
791 754 259:5 /etc /etc ro,noatime,nodiratime - ext4 /dev/root rw,discard,errors=remount-ro,commit=60
mountid=791 fsname=/etc dir=/etc fstype=ext4
Mounting read-only /var
Mounting read-only /usr
813 754 259:5 /usr /usr ro,noatime,nodiratime - ext4 /dev/root rw,discard,errors=remount-ro,commit=60
mountid=813 fsname=/usr dir=/usr fstype=ext4
Mounting read-only /bin
814 754 259:5 /bin /bin ro,noatime,nodiratime - ext4 /dev/root rw,discard,errors=remount-ro,commit=60
mountid=814 fsname=/bin dir=/bin fstype=ext4
Mounting read-only /sbin
815 754 259:5 /sbin /sbin ro,noatime,nodiratime - ext4 /dev/root rw,discard,errors=remount-ro,commit=60
mountid=815 fsname=/sbin dir=/sbin fstype=ext4
Mounting read-only /lib
816 754 259:5 /lib /lib ro,noatime,nodiratime - ext4 /dev/root rw,discard,errors=remount-ro,commit=60
mountid=816 fsname=/lib dir=/lib fstype=ext4
Mounting read-only /lib64
817 754 259:5 /lib64 /lib64 ro,noatime,nodiratime - ext4 /dev/root rw,discard,errors=remount-ro,commit=60
mountid=817 fsname=/lib64 dir=/lib64 fstype=ext4
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/log
Mounting tmpfs on /var/lib/dhcp
Mounting tmpfs on /var/lib/nginx
Create the new utmp file
Mount the new utmp file
blacklist /run/firejail/dbus
Creating a new /etc/hosts file
Loading user hosts file
Mounting read-only /proc/sys
Remounting /sys directory
Disable /sys/firmware
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /sys/kernel/uevent_helper
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/kernel/hotplug
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/timer_list
Disable /proc/kcore
Disable /proc/kallsyms
Disable /usr/src/linux-6.14.0 (requested /usr/src/linux)
Disable /lib/modules
Disable /usr/lib/debug
Disable /boot
Disable /dev/port
Debug 588: whitelist /var/log
Debug 609: expanded: /var/log
Debug 620: new_name: /var/log
Debug 630: dir: /var
Adding whitelist top level directory /var
Debug 630: dir: /sys/module
Adding whitelist top level directory /sys/module
        realpath: (null)
        No such file or directory
Debug 630: dir: /sys/module
Debug 630: dir: /sys/module
Debug 630: dir: /sys/module
Debug 630: dir: /sys/module
Debug 630: dir: /sys/module
Mounting tmpfs on /var, check owner: no
845 792 0:97 / /var rw,nosuid,nodev,noatime,nodiratime - tmpfs tmpfs rw,mode=755
mountid=845 fsname=/ dir=/var fstype=tmpfs
Mounting tmpfs on /sys/module, check owner: no
846 768 0:98 / /sys/module rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,mode=755
mountid=846 fsname=/ dir=/sys/module fstype=tmpfs
Whitelisting /var/log
847 845 0:94 / /var/log rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755
mountid=847 fsname=/ dir=/var/log fstype=tmpfs
Disable /sys/fs
Base filesystem installed in 0.57 ms
DISPLAY=:0 parsed as 0
pid=23321: unlocking /run/firejail/firejail-network.lock ...
pid=23321: already unlocked /run/firejail/firejail-network.lock
Not enforcing Landlock
Child process initialized in 5.68 ms
Current directory: /home/al
Mounting read-only /run/firejail/mnt/seccomp
854 788 0:81 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755
mountid=854 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs
Seccomp directory:
ls /run/firejail/mnt/seccomp
drwxr-xr-x root     root             120 .
drwxr-xr-x root     root             160 ..
-rw-r--r-- root     root             640 seccomp
-rw-r--r-- root     root             432 seccomp.32
-rw-r--r-- root     root               0 seccomp.postexec
-rw-r--r-- root     root               0 seccomp.postexec32
No active seccomp files
Drop privileges: pid 1, uid 0, gid 0, force_nogroups 0
No supplementary groups
Closing non-standard file descriptors
Starting application
LD_PRELOAD=(null)
execvp argument 0: /bin/tail
execvp argument 1: /var/log/messages
/bin/tail: cannot open '/var/log/messages' for reading: No such file or directory
The new log directory is /proc/23322/root/var/log

Parent is shutting down, bye...

Same with any profile:

Output of sudo LC_ALL=C firejail --debug --noblacklist=/var/log --whitelist=/var/log --read-write=/var/log/messages xxd /var/log/messages | grep -vE '(nvidia|docker|clang|llvm|gcc)' 

$ sudo LC_ALL=C firejail --debug --noblacklist=/var/log --whitelist=/var/log --read-write=/var/log/messages xxd /var/log/messages | grep -vE '(nvidia|docker|clang|llvm|gcc)'
pid=24615: locking /run/firejail/firejail-run.lock ...
pid=24615: locked /run/firejail/firejail-run.lock
pid=24615: unlocking /run/firejail/firejail-run.lock ...
pid=24615: unlocked /run/firejail/firejail-run.lock
Reading profile /etc/firejail/xxd.profile
Looking for kernel processes
Found kthreadd process, we are not running in a sandbox
Building quoted command line: 'xxd' '/var/log/messages'
Command name #xxd#
Found xxd.profile profile in /etc/firejail directory
Cannot access .local file xxd.local: No such file or directory, skipping...
Found cpio.profile profile in /etc/firejail directory
Reading profile /etc/firejail/cpio.profile
Reading profile /etc/firejail/archiver-common.profile
Cannot access .local file cpio.local: No such file or directory, skipping...
Cannot access .local file globals.local: No such file or directory, skipping...
Found archiver-common.profile profile in /etc/firejail directory
Cannot access .local file archiver-common.local: No such file or directory, skipping...
Found disable-devel.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Cannot access .local file disable-devel.local: No such file or directory, skipping...
Found disable-exec.inc profile in /etc/firejail directory
Cannot access .local file disable-exec.local: No such file or directory, skipping...
Found disable-interpreters.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-interpreters.inc
Cannot access .local file disable-interpreters.local: No such file or directory, skipping...
Found disable-shell.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-shell.inc
[profile] combined protocol list: "unix"
firejail version 0.9.74

pid=24615: locking /run/firejail/firejail-run.lock ...
pid=24615: locked /run/firejail/firejail-run.lock
DISPLAY is not set
pid=24615: unlocking /run/firejail/firejail-run.lock ...
pid=24615: unlocked /run/firejail/firejail-run.lock
Cannot access .local file disable-shell.local: No such file or directory, skipping...
Enabling IPC namespace
Parent pid 24615, child pid 24616
Cannot access .local file disable-shell.local: No such file or directory, skipping...
Enabling IPC namespace
Initializing child process
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp directory
Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file
sbox run: /run/firejail/lib/fnet ifup lo
Network namespace enabled, only loopback interface available
Build protocol filter: unix
sbox run: /run/firejail/lib/fseccomp protocol build unix /run/firejail/mnt/seccomp/seccomp.protocol
Mounting /proc filesystem representing the PID namespace
Basic read-only filesystem:
Mounting read-only /etc
791 754 259:5 /etc /etc ro,noatime,nodiratime - ext4 /dev/root rw,discard,errors=remount-ro,commit=60
mountid=791 fsname=/etc dir=/etc fstype=ext4
Mounting read-only /var
Warning: file /etc/alternatives not found.
Warning fcopy: cannot create symbolic link /etc/fonts/infinality/conf.d
Warning: file /etc/gcrypt not found.
Mounting read-only /usr
813 754 259:5 /usr /usr ro,noatime,nodiratime - ext4 /dev/root rw,discard,errors=remount-ro,commit=60
mountid=813 fsname=/usr dir=/usr fstype=ext4
Mounting read-only /bin
814 754 259:5 /bin /bin ro,noatime,nodiratime - ext4 /dev/root rw,discard,errors=remount-ro,commit=60
mountid=814 fsname=/bin dir=/bin fstype=ext4
Mounting read-only /sbin
815 754 259:5 /sbin /sbin ro,noatime,nodiratime - ext4 /dev/root rw,discard,errors=remount-ro,commit=60
mountid=815 fsname=/sbin dir=/sbin fstype=ext4
Mounting read-only /lib
816 754 259:5 /lib /lib ro,noatime,nodiratime - ext4 /dev/root rw,discard,errors=remount-ro,commit=60
mountid=816 fsname=/lib dir=/lib fstype=ext4
Mounting read-only /lib64
817 754 259:5 /lib64 /lib64 ro,noatime,nodiratime - ext4 /dev/root rw,discard,errors=remount-ro,commit=60
mountid=817 fsname=/lib64 dir=/lib64 fstype=ext4
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/log
Mounting tmpfs on /var/lib/dhcp
Mounting tmpfs on /var/lib/nginx
Create the new utmp file
Mount the new utmp file
Generating a new machine-id
installing a new /etc/machine-id
Mounting tmpfs on /dev
Process /dev/shm directory
Creating empty /run/firejail/mnt/dbus directory
Creating empty /run/firejail/mnt/dbus/user file
blacklist /root/.dbus
Creating empty /run/firejail/mnt/dbus/system file
blacklist /run/dbus/system_bus_socket
blacklist /run/firejail/dbus
Creating a new /etc/hosts file
Loading user hosts file
Mounting read-only /proc/sys
Remounting /sys directory
Disable /sys/firmware
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /sys/kernel/uevent_helper
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/kernel/hotplug
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/timer_list
Disable /proc/kcore
Disable /proc/kallsyms
Disable /usr/src/linux-6.14.0 (requested /usr/src/linux)
Disable /lib/modules
Disable /usr/lib/debug
Disable /boot
Copying files in the new /etc directory:
Copying /etc/fonts to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/fonts /run/firejail/mnt/etc/fonts
Copying /etc/group to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/group /run/firejail/mnt/etc
Warning: file /etc/locale not found.
Warning: file /etc/locale.alias not found.
Warning: file /etc/locale.conf not found.
Warning: file /etc/selinux not found.
Warning: file /etc/mkinitcpio* not found.
/etc/group: unmount: Invalid argument
/etc/passwd: unmount: Invalid argument
Private /etc installed in 6.67 ms
Copying /etc/ld.so.cache to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/ld.so.cache /run/firejail/mnt/etc
Copying /etc/ld.so.conf to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/ld.so.conf /run/firejail/mnt/etc
Copying /etc/ld.so.conf.d to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/ld.so.conf.d /run/firejail/mnt/etc/ld.so.conf.d
Copying /etc/ld.so.preload to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/ld.so.preload /run/firejail/mnt/etc
Copying /etc/localtime to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/localtime /run/firejail/mnt/etc
Copying /etc/login.defs to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/login.defs /run/firejail/mnt/etc
Copying /etc/nsswitch.conf to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/nsswitch.conf /run/firejail/mnt/etc
Copying /etc/passwd to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/passwd /run/firejail/mnt/etc
Mount-bind /run/firejail/mnt/etc on top of /etc
Debug 588: whitelist /var/log
Debug 609: expanded: /var/log
Debug 620: new_name: /var/log
Debug 630: dir: /var
Adding whitelist top level directory /var
Mounting tmpfs on /var, check owner: no
860 792 0:117 / /var rw,nosuid,nodev,noatime,nodiratime - tmpfs tmpfs rw,mode=755
mountid=860 fsname=/ dir=/var fstype=tmpfs
Whitelisting /var/log
861 860 0:94 / /var/log rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755
mountid=861 fsname=/ dir=/var/log fstype=tmpfs
Add path entry /usr/local/sbin
Add path entry /usr/local/bin
Add path entry /usr/sbin
Add path entry /usr/bin
Add path entry /sbin
Add path entry /bin
Add path entry /opt/bin
Number of path entries: 11
Disable /usr/bin/aclocal-1.16
Disable /usr/bin/aclocal-1.17
Disable /usr/lib64/misc/am-wrapper.sh (requested /usr/bin/aclocal)
Disable /usr/lib64/misc/ac-wrapper.sh (requested /usr/bin/autoconf)
Disable /usr/lib64/misc/ac-wrapper.sh (requested /usr/bin/autoheader)
Disable /usr/lib64/misc/ac-wrapper.sh (requested /usr/bin/autom4te)
Disable /usr/bin/automake-1.16
Disable /usr/bin/automake-1.17
Disable /usr/lib64/misc/am-wrapper.sh (requested /usr/bin/automake)
Disable /usr/lib64/misc/ac-wrapper.sh (requested /usr/bin/autoreconf)
Disable /usr/lib64/misc/ac-wrapper.sh (requested /usr/bin/autoscan)
Disable /usr/lib64/misc/ac-wrapper.sh (requested /usr/bin/autoupdate)
Disable /usr/lib64/misc/ac-wrapper.sh (requested /usr/bin/ifnames)
Disable /usr/bin/m4
Disable /usr/x86_64-pc-linux-gnu/binutils-bin/2.42/elfedit (requested /usr/bin/elfedit)
Disable /usr/bin/espdiff
Disable /usr/local/bin/patch
Disable /usr/bin/gpatch (requested /usr/bin/patch)
Disable /usr/bin/filterdiff (requested /usr/bin/patchview)
Disable /usr/bin/lldb
Disable /usr/bin/lldb-argdumper
Disable /usr/bin/lldb-dap
Disable /usr/bin/lldb-server
Disable /usr/bin/lldb-instr
Disable /usr/x86_64-pc-linux-gnu/binutils-bin/2.42/as (requested /usr/bin/as)
Disable /usr/x86_64-pc-linux-gnu/binutils-bin/2.42/c++filt (requested /usr/bin/c++filt)
Disable /usr/bin/c89
Disable /usr/bin/c99
Disable /usr/bin/cppgir
Disable /usr/bin/cpp2html
Disable /usr/lib/python-exec/python-exec2 (requested /usr/bin/cppcheck-htmlreport)
Disable /usr/bin/cppcheck
Disable /usr/x86_64-pc-linux-gnu/binutils-bin/2.42/elfedit (requested /usr/bin/elfedit)
Disable /usr/bin/gdb
Disable /usr/bin/gmake
Disable /usr/x86_64-pc-linux-gnu/binutils-bin/2.42/ld (requested /usr/local/sbin/ld)
Disable /usr/x86_64-pc-linux-gnu/binutils-bin/2.42/ld (requested /usr/bin/ld)
Disable /usr/local/bin/make
Base filesystem installed in 38.30 ms
Disable /usr/bin/gmake (requested /usr/bin/make)
Disable /usr/lib/go/bin/go (requested /usr/bin/go)
Disable /usr/lib/go/bin/gofmt (requested /usr/bin/gofmt)
Disable /usr/libexec/eselect-java/run-java-tool.bash (requested /usr/bin/java)
Disable /usr/libexec/eselect-java/run-java-tool.bash (requested /usr/bin/javac)
Disable /usr/bin/openssl
Disable /usr/lib/rust/1.83.0/bin/rust-gdb-1.83.0 (requested /usr/bin/rust-gdb)
Disable /usr/lib/rust/1.83.0/bin/rust-lldb-1.83.0 (requested /usr/bin/rust-lldb)
Disable /usr/lib/rust/1.83.0/bin/rustc-1.83.0 (requested /usr/bin/rustc)
Disable /usr/bin/valgrind-di-server
Disable /usr/bin/valgrind
Disable /usr/bin/valgrind-listener
Disable /usr/include
Disable /usr/src
Mounting noexec /root
2132 2131 0:20 /firejail/firejail.ro.dir /root/.dbus ro,nosuid,nodev,noexec - tmpfs tmpfs rw,size=13020688k,nr_inodes=819200,mode=755
mountid=2132 fsname=/firejail/firejail.ro.dir dir=/root/.dbus fstype=tmpfs
Mounting noexec /dev/shm
2133 831 0:97 /shm /dev/shm rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755
mountid=2133 fsname=/shm dir=/dev/shm fstype=tmpfs
Mounting noexec /tmp
2134 777 0:29 / /tmp rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,size=5242880k
mountid=2134 fsname=/ dir=/tmp fstype=tmpfs
Mounting noexec /var
2136 2135 0:94 / /var/log rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755
mountid=2136 fsname=/ dir=/var/log fstype=tmpfs
Disable /usr/bin/luajit-2.1.1716656478
Disable /usr/share/texmf-dist/scripts/luaotfload/luaotfload-tool.lua (requested /usr/bin/luaotfload-tool)
Disable /usr/bin/luarocks-admin
Disable /usr/bin/luahbtex (requested /usr/bin/lualatex-dev)
Disable /usr/bin/lua5.4
Disable /usr/share/texmf-dist/scripts/luafindfont/luafindfont.lua (requested /usr/bin/luafindfont)
Disable /usr/bin/luajit-2.1.1716656478 (requested /usr/bin/luajit)
Disable /usr/bin/luahbtex
Disable /usr/bin/luajithbtex
Disable /usr/bin/lua5.3
Disable /usr/bin/luarocks
Disable /usr/bin/luatex
Disable /usr/bin/lua5.4 (requested /usr/bin/lua)
Disable /usr/bin/luahbtex (requested /usr/bin/lualatex)
Disable /usr/bin/luac5.4
Disable /usr/bin/luac5.3
Disable /usr/bin/luajittex
Disable /usr/bin/luac5.4 (requested /usr/bin/luac)
Disable /usr/lib64/libluajit-5.1.so.2.1.1716656478
Disable /usr/lib64/liblua5.3.so.0.0.0 (requested /usr/lib64/liblua5.3.so)
Disable /usr/lib64/liblua5.4.so.0.0.0
Disable /usr/lib64/libluajit-5.1.so.2.1.1716656478 (requested /usr/lib64/libluajit-5.1.so.2)
Disable /usr/lib64/liblua5.4.so.0.0.0 (requested /usr/lib64/liblua5.4.so.0)
Disable /usr/lib64/liblua5.4.so.0.0.0 (requested /usr/lib64/liblua5.4.so)
Disable /usr/lib64/libluajit-5.1.so.2.1.1716656478 (requested /usr/lib64/libluajit-5.1.so)
Disable /usr/lib64/liblua5.3.so.0.0.0
Disable /usr/lib64/liblua5.3.so.0.0.0 (requested /usr/lib64/liblua5.3.so.0)
Disable /usr/lib64/lua
Disable /usr/share/lua
Disable /usr/share/luajit-2.1
Disable /usr/bin/node
Disable /usr/bin/cpan-2.360.0-perl-5.40.0
Disable /usr/bin/cpan-2.360.0-perl-5.40.0 (requested /usr/bin/cpan)
Disable /usr/bin/perl
Disable /usr/lib64/perl5
Disable /usr/bin/ruby32 (requested /usr/bin/ruby)
Disable /usr/lib64/ruby
Disable /usr/bin/python3.11-config
Disable /usr/bin/python3.10
Disable /usr/bin/python3.12-config
Disable /usr/bin/python3.13-config
Disable /usr/bin/python3.12
Disable /usr/lib/python-exec/python-exec2 (requested /usr/bin/python3-config)
Disable /usr/bin/python3.10-config
Disable /usr/bin/python-exec2c (requested /usr/bin/python3)
Disable /usr/bin/python3.11
Disable /usr/bin/python3.13
Disable /usr/lib/python3.10
Disable /usr/lib/python3.12
Disable /usr/lib/python3.11
Disable /usr/lib/python3.13
Disable /bin/bash
Disable /bin/bash (requested /bin/sh)
Disable /usr/bin/tclsh8.6 (requested /usr/bin/tclsh)
Disable /bin/zsh
Disable /tmp/.X11-unix
Disable /home/al/.Xauthority
Mounting tmpfs on /root/.cache, check owner: no
2194 2131 0:118 / /root/.cache rw,nosuid,nodev,noexec,noatime,nodiratime - tmpfs tmpfs rw,mode=700
mountid=2194 fsname=/ dir=/root/.cache fstype=tmpfs
Disable /sys/fs
Disable /sys/module
DISPLAY is not set
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 04 00 c000003e   jeq ARCH_64 0006 (false 0002)
 0002: 20 00 00 00000000   ld  data.syscall-number
 0003: 15 01 00 00000167   jeq unknown 0005 (false 0004)
 0004: 06 00 00 7fff0000   ret ALLOW
 0005: 05 00 00 00000009   jmp 000f
 0006: 20 00 00 00000004   ld  data.architecture
 0007: 15 01 00 c000003e   jeq ARCH_64 0009 (false 0008)
 0008: 06 00 00 7fff0000   ret ALLOW
 0009: 20 00 00 00000000   ld  data.syscall-number
 000a: 35 01 00 40000000   jge X32_ABI 000c (false 000b)
 000b: 35 01 00 00000000   jge read 000d (false 000c)
 000c: 06 00 00 00050001   ret ERRNO(1)
 000d: 15 01 00 00000029   jeq socket 000f (false 000e)
 000e: 06 00 00 7fff0000   ret ALLOW
 000f: 20 00 00 00000010   ld  data.args[0]
 0010: 15 00 01 00000001   jeq 1 0011 (false 0012)
 0011: 06 00 00 7fff0000   ret ALLOW
 0012: 06 00 00 0005005f   ret ERRNO(95)
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 40000003   jeq ARCH_32 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 15 30 00 00000015   jeq 15 0035 (false 0005)
 0005: 15 2f 00 00000034   jeq 34 0035 (false 0006)
 0006: 15 2e 00 0000001a   jeq 1a 0035 (false 0007)
 0007: 15 2d 00 0000011b   jeq 11b 0035 (false 0008)
 0008: 15 2c 00 00000155   jeq 155 0035 (false 0009)
 0009: 15 2b 00 00000156   jeq 156 0035 (false 000a)
 000a: 15 2a 00 0000007f   jeq 7f 0035 (false 000b)
 000b: 15 29 00 00000080   jeq 80 0035 (false 000c)
 000c: 15 28 00 0000015e   jeq 15e 0035 (false 000d)
 000d: 15 27 00 00000081   jeq 81 0035 (false 000e)
 000e: 15 26 00 0000006e   jeq 6e 0035 (false 000f)
 000f: 15 25 00 00000065   jeq 65 0035 (false 0010)
 0010: 15 24 00 00000121   jeq 121 0035 (false 0011)
 0011: 15 23 00 00000057   jeq 57 0035 (false 0012)
 0012: 15 22 00 00000073   jeq 73 0035 (false 0013)
 0013: 15 21 00 00000067   jeq 67 0035 (false 0014)
 0014: 15 20 00 0000015b   jeq 15b 0035 (false 0015)
 0015: 15 1f 00 0000015c   jeq 15c 0035 (false 0016)
 0016: 15 1e 00 00000087   jeq 87 0035 (false 0017)
 0017: 15 1d 00 00000095   jeq 95 0035 (false 0018)
 0018: 15 1c 00 0000007c   jeq 7c 0035 (false 0019)
 0019: 15 1b 00 00000157   jeq 157 0035 (false 001a)
 001a: 15 1a 00 000000fd   jeq fd 0035 (false 001b)
 001b: 15 19 00 00000150   jeq 150 0035 (false 001c)
 001c: 15 18 00 00000152   jeq 152 0035 (false 001d)
 001d: 15 17 00 0000015d   jeq 15d 0035 (false 001e)
 001e: 15 16 00 0000011e   jeq 11e 0035 (false 001f)
 001f: 15 15 00 0000011f   jeq 11f 0035 (false 0020)
 0020: 15 14 00 00000120   jeq 120 0035 (false 0021)
 0021: 15 13 00 00000056   jeq 56 0035 (false 0022)
 0022: 15 12 00 00000033   jeq 33 0035 (false 0023)
 0023: 15 11 00 0000007b   jeq 7b 0035 (false 0024)
 0024: 15 10 00 000000d9   jeq d9 0035 (false 0025)
 0025: 15 0f 00 000000f5   jeq f5 0035 (false 0026)
 0026: 15 0e 00 000000f6   jeq f6 0035 (false 0027)
 0027: 15 0d 00 000000f7   jeq f7 0035 (false 0028)
 0028: 15 0c 00 000000f8   jeq f8 0035 (false 0029)
 0029: 15 0b 00 000000f9   jeq f9 0035 (false 002a)
 002a: 15 0a 00 00000101   jeq 101 0035 (false 002b)
 002b: 15 09 00 00000112   jeq 112 0035 (false 002c)
 002c: 15 08 00 00000114   jeq 114 0035 (false 002d)
 002d: 15 07 00 00000126   jeq 126 0035 (false 002e)
 002e: 15 06 00 0000013d   jeq 13d 0035 (false 002f)
 002f: 15 05 00 0000013c   jeq 13c 0035 (false 0030)
 0030: 15 04 00 0000003d   jeq 3d 0035 (false 0031)
 0031: 15 03 00 00000058   jeq 58 0035 (false 0032)
 0032: 15 02 00 000000a9   jeq a9 0035 (false 0033)
 0033: 15 01 00 00000082   jeq 82 0035 (false 0034)
 0034: 06 00 00 7fff0000   ret ALLOW
 0035: 06 00 00 00050001   ret ERRNO(1)
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 35 01 00 40000000   jge X32_ABI 0006 (false 0005)
 0005: 35 01 00 00000000   jge read 0007 (false 0006)
 0006: 06 00 00 00050001   ret ERRNO(1)
 0007: 15 47 00 0000009f   jeq adjtimex 004f (false 0008)
 0008: 15 46 00 00000131   jeq clock_adjtime 004f (false 0009)
 0009: 15 45 00 000000e3   jeq clock_settime 004f (false 000a)
 000a: 15 44 00 000000a4   jeq settimeofday 004f (false 000b)
 000b: 15 43 00 0000009a   jeq modify_ldt 004f (false 000c)
 000c: 15 42 00 000000d4   jeq lookup_dcookie 004f (false 000d)
 000d: 15 41 00 0000012a   jeq perf_event_open 004f (false 000e)
 000e: 15 40 00 000001b6   jeq pidfd_getfd 004f (false 000f)
 000f: 15 3f 00 00000137   jeq process_vm_writev 004f (false 0010)
 0010: 15 3e 00 000000b0   jeq delete_module 004f (false 0011)
 0011: 15 3d 00 00000139   jeq finit_module 004f (false 0012)
 0012: 15 3c 00 000000af   jeq init_module 004f (false 0013)
 0013: 15 3b 00 000000a1   jeq chroot 004f (false 0014)
 0014: 15 3a 00 000001af   jeq fsconfig 004f (false 0015)
 0015: 15 39 00 000001b0   jeq fsmount 004f (false 0016)
 0016: 15 38 00 000001ae   jeq fsopen 004f (false 0017)
 0017: 15 37 00 000001b1   jeq fspick 004f (false 0018)
 0018: 15 36 00 000000a5   jeq mount 004f (false 0019)
 0019: 15 35 00 000001ad   jeq move_mount 004f (false 001a)
 001a: 15 34 00 000001ac   jeq open_tree 004f (false 001b)
 001b: 15 33 00 0000009b   jeq pivot_root 004f (false 001c)
 001c: 15 32 00 000000a6   jeq umount2 004f (false 001d)
 001d: 15 31 00 0000009c   jeq _sysctl 004f (false 001e)
 001e: 15 30 00 000000b7   jeq afs_syscall 004f (false 001f)
 001f: 15 2f 00 000000ae   jeq create_module 004f (false 0020)
 0020: 15 2e 00 000000b1   jeq get_kernel_syms 004f (false 0021)
 0021: 15 2d 00 000000b5   jeq getpmsg 004f (false 0022)
 0022: 15 2c 00 000000b6   jeq putpmsg 004f (false 0023)
 0023: 15 2b 00 000000b2   jeq query_module 004f (false 0024)
 0024: 15 2a 00 000000b9   jeq security 004f (false 0025)
 0025: 15 29 00 0000008b   jeq sysfs 004f (false 0026)
 0026: 15 28 00 000000b8   jeq tuxcall 004f (false 0027)
 0027: 15 27 00 00000086   jeq uselib 004f (false 0028)
 0028: 15 26 00 00000088   jeq ustat 004f (false 0029)
 0029: 15 25 00 000000ec   jeq vserver 004f (false 002a)
 002a: 15 24 00 000000ad   jeq ioperm 004f (false 002b)
 002b: 15 23 00 000000ac   jeq iopl 004f (false 002c)
 002c: 15 22 00 000000f6   jeq kexec_load 004f (false 002d)
 002d: 15 21 00 00000140   jeq kexec_file_load 004f (false 002e)
 002e: 15 20 00 000000a9   jeq reboot 004f (false 002f)
 002f: 15 1f 00 000000a7   jeq swapon 004f (false 0030)
 0030: 15 1e 00 000000a8   jeq swapoff 004f (false 0031)
 0031: 15 1d 00 00000130   jeq open_by_handle_at 004f (false 0032)
 0032: 15 1c 00 0000012f   jeq name_to_handle_at 004f (false 0033)
 0033: 15 1b 00 000000fb   jeq ioprio_set 004f (false 0034)
 0034: 15 1a 00 00000067   jeq syslog 004f (false 0035)
 0035: 15 19 00 0000012c   jeq fanotify_init 004f (false 0036)
 0036: 15 18 00 000000f8   jeq add_key 004f (false 0037)
 0037: 15 17 00 000000f9   jeq request_key 004f (false 0038)
 0038: 15 16 00 000000ed   jeq mbind 004f (false 0039)
 0039: 15 15 00 00000100   jeq migrate_pages 004f (false 003a)
 003a: 15 14 00 00000117   jeq move_pages 004f (false 003b)
 003b: 15 13 00 000000fa   jeq keyctl 004f (false 003c)
 003c: 15 12 00 000000ce   jeq io_setup 004f (false 003d)
 003d: 15 11 00 000000cf   jeq io_destroy 004f (false 003e)
 003e: 15 10 00 000000d0   jeq io_getevents 004f (false 003f)
 003f: 15 0f 00 000000d1   jeq io_submit 004f (false 0040)
 0040: 15 0e 00 000000d2   jeq io_cancel 004f (false 0041)
 0041: 15 0d 00 000000d8   jeq remap_file_pages 004f (false 0042)
 0042: 15 0c 00 000000ee   jeq set_mempolicy 004f (false 0043)
 0043: 15 0b 00 00000116   jeq vmsplice 004f (false 0044)
 0044: 15 0a 00 00000143   jeq userfaultfd 004f (false 0045)
 0045: 15 09 00 000000a3   jeq acct 004f (false 0046)
 0046: 15 08 00 00000141   jeq bpf 004f (false 0047)
 0047: 15 07 00 000000b4   jeq nfsservctl 004f (false 0048)
 0048: 15 06 00 000000ab   jeq setdomainname 004f (false 0049)
 0049: 15 05 00 000000aa   jeq sethostname 004f (false 004a)
 004a: 15 04 00 00000099   jeq vhangup 004f (false 004b)
 004b: 15 03 00 00000065   jeq ptrace 004f (false 004c)
 004c: 15 02 00 00000087   jeq personality 004f (false 004d)
 004d: 15 01 00 00000136   jeq process_vm_readv 004f (false 004e)
 004e: 06 00 00 7fff0000   ret ALLOW
 004f: 06 00 01 00050001   ret ERRNO(1)
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 35 01 00 40000000   jge X32_ABI 0006 (false 0005)
 0005: 35 01 00 00000000   jge read 0007 (false 0006)
 0006: 06 00 00 00050001   ret ERRNO(1)
 0007: 15 00 05 00000009   jeq mmap 0008 (false 000d)
 0008: 20 00 00 00000020   ld  data.args[10]
 0009: 54 00 00 00000006   and 00000006
 000a: 15 00 01 00000006   jeq 6 000b (false 000c)
 000b: 06 00 00 00050001   ret ERRNO(1)
 000c: 06 00 00 7fff0000   ret ALLOW
 000d: 15 00 05 0000000a   jeq a 000e (false 0013)
 000e: 20 00 00 00000020   ld  data.args[10]
 000f: 54 00 00 00000004   and 00000004
 0010: 15 00 01 00000004   jeq 4 0011 (false 0012)
 0011: 06 00 00 00050001   ret ERRNO(1)
 0012: 06 00 00 7fff0000   ret ALLOW
 0013: 15 00 05 00000149   jeq 149 0014 (false 0019)
 0014: 20 00 00 00000020   ld  data.args[10]
 0015: 54 00 00 00000004   and 00000004
 0016: 15 00 01 00000004   jeq 4 0017 (false 0018)
 0017: 06 00 00 00050001   ret ERRNO(1)
 0018: 06 00 00 7fff0000   ret ALLOW
 0019: 15 00 05 0000001e   jeq 1e 001a (false 001f)
 001a: 20 00 00 00000020   ld  data.args[10]
 001b: 54 00 00 00008000   and 00008000
 001c: 15 00 01 00008000   jeq 8000 001d (false 001e)
 001d: 06 00 00 00050001   ret ERRNO(1)
 001e: 06 00 00 7fff0000   ret ALLOW
 001f: 15 00 01 0000013f   jeq 13f 0020 (false 0021)
 0020: 06 00 00 00050001   ret ERRNO(1)
 0021: 06 00 00 7fff0000   ret ALLOW
 0022: 06 00 00 7fff0000   ret ALLOW
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 40000003   jeq ARCH_32 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 15 00 01 0000005a   jeq 5a 0005 (false 0006)
 0005: 06 00 00 00050001   ret ERRNO(1)
 0006: 15 00 05 000000c0   jeq c0 0007 (false 000c)
 0007: 20 00 00 00000020   ld  data.args[10]
 0008: 54 00 00 00000006   and 00000006
 0009: 15 00 01 00000006   jeq 6 000a (false 000b)
 000a: 06 00 00 00050001   ret ERRNO(1)
 000b: 06 00 00 7fff0000   ret ALLOW
 000c: 15 00 05 0000007d   jeq 7d 000d (false 0012)
 000d: 20 00 00 00000020   ld  data.args[10]
 000e: 54 00 00 00000004   and 00000004
 000f: 15 00 01 00000004   jeq 4 0010 (false 0011)
 0010: 06 00 00 00050001   ret ERRNO(1)
 0011: 06 00 00 7fff0000   ret ALLOW
 0012: 15 00 05 0000017c   jeq 17c 0013 (false 0018)
 0013: 20 00 00 00000020   ld  data.args[10]
 0014: 54 00 00 00000004   and 00000004
 0015: 15 00 01 00000004   jeq 4 0016 (false 0017)
 0016: 06 00 00 00050001   ret ERRNO(1)
 0017: 06 00 00 7fff0000   ret ALLOW
 0018: 15 00 05 0000018d   jeq 18d 0019 (false 001e)
 0019: 20 00 00 00000020   ld  data.args[10]
 001a: 54 00 00 00008000   and 00008000
 001b: 15 00 01 00008000   jeq 8000 001c (false 001d)
 001c: 06 00 00 00050001   ret ERRNO(1)
 001d: 06 00 00 7fff0000   ret ALLOW
 001e: 15 00 01 00000164   jeq 164 001f (false 0020)
 001f: 06 00 00 00050001   ret ERRNO(1)
 0020: 06 00 00 7fff0000   ret ALLOW
 0021: 06 00 00 7fff0000   ret ALLOW
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 35 01 00 40000000   jge X32_ABI 0006 (false 0005)
 0005: 35 01 00 00000000   jge read 0007 (false 0006)
 0006: 06 00 00 00050001   ret ERRNO(1)
 0007: 15 00 04 00000038   jeq clone 0008 (false 000c)
 0008: 20 00 00 00000010   ld  data.args[0]
 0009: 45 00 01 7e020000   jset 7e020000 000a (false 000b)
 000a: 06 00 00 00050001   ret ERRNO(1)
 000b: 06 00 00 7fff0000   ret ALLOW
 000c: 15 00 01 000001b3   jeq 1b3 000d (false 000e)
 000d: 06 00 00 00050026   ret ERRNO(38)
 000e: 15 00 04 00000110   jeq 110 000f (false 0013)
 000f: 20 00 00 00000010   ld  data.args[0]
 0010: 45 00 01 7e020080   jset 7e020080 0011 (false 0012)
 0011: 06 00 00 00050001   ret ERRNO(1)
 0012: 06 00 00 7fff0000   ret ALLOW
 0013: 15 00 04 00000134   jeq 134 0014 (false 0018)
 0014: 20 00 00 00000018   ld  data.args[8]
 0015: 15 01 00 00000000   jeq 0 0017 (false 0016)
 0016: 45 00 01 7e020080   jset 7e020080 0017 (false 0018)
 0017: 06 00 00 00050001   ret ERRNO(1)
 0018: 06 00 00 7fff0000   ret ALLOW
 0019: 06 00 00 7fff0000   ret ALLOW
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 35 01 00 40000000   jge X32_ABI 0006 (false 0005)
 0005: 35 01 00 00000000   jge read 0007 (false 0006)
 0006: 06 00 00 00050001   ret ERRNO(1)
 0007: 15 00 04 00000038   jeq clone 0008 (false 000c)
 0008: 20 00 00 00000010   ld  data.args[0]
 0009: 45 00 01 7e020000   jset 7e020000 000a (false 000b)
 000a: 06 00 00 00050001   ret ERRNO(1)
 000b: 06 00 00 7fff0000   ret ALLOW
 000c: 15 00 01 000001b3   jeq 1b3 000d (false 000e)
 000d: 06 00 00 00050026   ret ERRNO(38)
 000e: 15 00 04 00000110   jeq 110 000f (false 0013)
 000f: 20 00 00 00000010   ld  data.args[0]
 0010: 45 00 01 7e020080   jset 7e020080 0011 (false 0012)
 0011: 06 00 00 00050001   ret ERRNO(1)
 0012: 06 00 00 7fff0000   ret ALLOW
 0013: 15 00 04 00000134   jeq 134 0014 (false 0018)
 0014: 20 00 00 00000018   ld  data.args[8]
 0015: 15 01 00 00000000   jeq 0 0017 (false 0016)
 0016: 45 00 01 7e020080   jset 7e020080 0017 (false 0018)
 0017: 06 00 00 00050001   ret ERRNO(1)
 0018: 06 00 00 7fff0000   ret ALLOW
 0019: 06 00 00 7fff0000   ret ALLOW
disable pulseaudio
disable pipewire
Current directory: /home/al
Install protocol filter: unix
configuring 19 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol
sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol
configuring 54 seccomp entries in /run/firejail/mnt/seccomp/seccomp.32
sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp.32
Dual 32/64 bit seccomp filter configured
configuring 80 seccomp entries in /run/firejail/mnt/seccomp/seccomp
sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp
seccomp filter configured
Install memory write&execute filter
configuring 35 seccomp entries in /run/firejail/mnt/seccomp/seccomp.mdwx
sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp.mdwx
configuring 34 seccomp entries in /run/firejail/mnt/seccomp/seccomp.mdwx.32
sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp.mdwx.32
Install namespaces filter
configuring 26 seccomp entries in /run/firejail/mnt/seccomp/seccomp.namespaces
sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp.namespaces
configuring 26 seccomp entries in /run/firejail/mnt/seccomp/seccomp.namespaces.32
sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp.namespaces.32
Mounting read-only /run/firejail/mnt/seccomp
2197 788 0:81 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755
mountid=2197 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs
Seccomp directory:
ls /run/firejail/mnt/seccomp
drwxr-xr-x root     root             240 .
drwxr-xr-x root     root             300 ..
-rw-r--r-- root     root             640 seccomp
-rw-r--r-- root     root             432 seccomp.32
-rw-r--r-- root     root             288 seccomp.list
-rw-r--r-- root     root             280 seccomp.mdwx
-rw-r--r-- root     root             272 seccomp.mdwx.32
-rw-r--r-- root     root             208 seccomp.namespaces
-rw-r--r-- root     root             208 seccomp.namespaces.32
-rw-r--r-- root     root               0 seccomp.postexec
-rw-r--r-- root     root               0 seccomp.postexec32
-rw-r--r-- root     root             152 seccomp.protocol
Active seccomp files:
cat /run/firejail/mnt/seccomp/seccomp.list
/run/firejail/mnt/seccomp/seccomp.protocol
/run/firejail/mnt/seccomp/seccomp.32
/run/firejail/mnt/seccomp/seccomp
/run/firejail/mnt/seccomp/seccomp.mdwx
/run/firejail/mnt/seccomp/seccomp.mdwx.32
/run/firejail/mnt/seccomp/seccomp.namespaces
/run/firejail/mnt/seccomp/seccomp.namespaces.32
pid=24615: unlocking /run/firejail/firejail-network.lock ...
pid=24615: already unlocked /run/firejail/firejail-network.lock
Dropping all capabilities
Drop CAP_DAC_OVERRIDE
Drop CAP_DAC_READ_SEARCH
NO_NEW_PRIVS set
Drop privileges: pid 1, uid 0, gid 0, force_nogroups 0
No supplementary groups
Closing non-standard file descriptors
Starting application
LD_PRELOAD=(null)
execvp argument 0: xxd
execvp argument 1: /var/log/messages
Not enforcing Landlock
Child process initialized in 70.29 ms
xxd: /var/log/messages: No such file or directory
The new log directory is /proc/24616/root/var/log

Parent is shutting down, bye...

Originally created by @alopatindev on GitHub (Apr 7, 2025). Original GitHub issue: https://github.com/netblue30/firejail/issues/6703 Looks like #698 is still there: I can't seem to open `/var/log/*` using any program: <details> <summary>Output of <code>sudo LC_ALL=C firejail --debug --noprofile --noblacklist=/var/log --whitelist=/var/log --read-write=/var/log/messages /bin/tail /var/log/messages | grep -vE '(nvidia|docker|clang|llvm|gcc)'</code></summary> <p> ``` $ sudo LC_ALL=C firejail --debug --noprofile --noblacklist=/var/log --whitelist=/var/log --read-write=/var/log/messages /bin/tail /var/log/messages | grep -vE '(nvidia|docker|clang|llvm|gcc)' pid=23321: locking /run/firejail/firejail-run.lock ... pid=23321: locked /run/firejail/firejail-run.lock pid=23321: unlocking /run/firejail/firejail-run.lock ... pid=23321: unlocked /run/firejail/firejail-run.lock firejail version 0.9.74 pid=23321: locking /run/firejail/firejail-run.lock ... pid=23321: locked /run/firejail/firejail-run.lock DISPLAY=:0 parsed as 0 pid=23321: unlocking /run/firejail/firejail-run.lock ... pid=23321: unlocked /run/firejail/firejail-run.lock Parent pid 23321, child pid 23322 Looking for kernel processes Found kthreadd process, we are not running in a sandbox Building quoted command line: '/bin/tail' '/var/log/messages' Command name #tail# Enabling IPC namespace Using the local network stack Looking for kernel processes Found kthreadd process, we are not running in a sandbox Building quoted command line: '/bin/tail' '/var/log/messages' Command name #tail# Enabling IPC namespace Using the local network stack Initializing child process PID namespace installed Mounting tmpfs on /run/firejail/mnt directory Creating empty /run/firejail/mnt/seccomp directory Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file Mounting /proc filesystem representing the PID namespace Basic read-only filesystem: Mounting read-only /etc 791 754 259:5 /etc /etc ro,noatime,nodiratime - ext4 /dev/root rw,discard,errors=remount-ro,commit=60 mountid=791 fsname=/etc dir=/etc fstype=ext4 Mounting read-only /var Mounting read-only /usr 813 754 259:5 /usr /usr ro,noatime,nodiratime - ext4 /dev/root rw,discard,errors=remount-ro,commit=60 mountid=813 fsname=/usr dir=/usr fstype=ext4 Mounting read-only /bin 814 754 259:5 /bin /bin ro,noatime,nodiratime - ext4 /dev/root rw,discard,errors=remount-ro,commit=60 mountid=814 fsname=/bin dir=/bin fstype=ext4 Mounting read-only /sbin 815 754 259:5 /sbin /sbin ro,noatime,nodiratime - ext4 /dev/root rw,discard,errors=remount-ro,commit=60 mountid=815 fsname=/sbin dir=/sbin fstype=ext4 Mounting read-only /lib 816 754 259:5 /lib /lib ro,noatime,nodiratime - ext4 /dev/root rw,discard,errors=remount-ro,commit=60 mountid=816 fsname=/lib dir=/lib fstype=ext4 Mounting read-only /lib64 817 754 259:5 /lib64 /lib64 ro,noatime,nodiratime - ext4 /dev/root rw,discard,errors=remount-ro,commit=60 mountid=817 fsname=/lib64 dir=/lib64 fstype=ext4 Mounting tmpfs on /var/lock Mounting tmpfs on /var/log Mounting tmpfs on /var/lib/dhcp Mounting tmpfs on /var/lib/nginx Create the new utmp file Mount the new utmp file blacklist /run/firejail/dbus Creating a new /etc/hosts file Loading user hosts file Mounting read-only /proc/sys Remounting /sys directory Disable /sys/firmware Disable /sys/power Disable /sys/kernel/debug Disable /sys/kernel/vmcoreinfo Disable /sys/kernel/uevent_helper Disable /proc/sys/fs/binfmt_misc Disable /proc/sys/kernel/core_pattern Disable /proc/sys/kernel/modprobe Disable /proc/sysrq-trigger Disable /proc/sys/kernel/hotplug Disable /proc/sys/vm/panic_on_oom Disable /proc/irq Disable /proc/bus Disable /proc/timer_list Disable /proc/kcore Disable /proc/kallsyms Disable /usr/src/linux-6.14.0 (requested /usr/src/linux) Disable /lib/modules Disable /usr/lib/debug Disable /boot Disable /dev/port Debug 588: whitelist /var/log Debug 609: expanded: /var/log Debug 620: new_name: /var/log Debug 630: dir: /var Adding whitelist top level directory /var Debug 630: dir: /sys/module Adding whitelist top level directory /sys/module realpath: (null) No such file or directory Debug 630: dir: /sys/module Debug 630: dir: /sys/module Debug 630: dir: /sys/module Debug 630: dir: /sys/module Debug 630: dir: /sys/module Mounting tmpfs on /var, check owner: no 845 792 0:97 / /var rw,nosuid,nodev,noatime,nodiratime - tmpfs tmpfs rw,mode=755 mountid=845 fsname=/ dir=/var fstype=tmpfs Mounting tmpfs on /sys/module, check owner: no 846 768 0:98 / /sys/module rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,mode=755 mountid=846 fsname=/ dir=/sys/module fstype=tmpfs Whitelisting /var/log 847 845 0:94 / /var/log rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755 mountid=847 fsname=/ dir=/var/log fstype=tmpfs Disable /sys/fs Base filesystem installed in 0.57 ms DISPLAY=:0 parsed as 0 pid=23321: unlocking /run/firejail/firejail-network.lock ... pid=23321: already unlocked /run/firejail/firejail-network.lock Not enforcing Landlock Child process initialized in 5.68 ms Current directory: /home/al Mounting read-only /run/firejail/mnt/seccomp 854 788 0:81 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755 mountid=854 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs Seccomp directory: ls /run/firejail/mnt/seccomp drwxr-xr-x root root 120 . drwxr-xr-x root root 160 .. -rw-r--r-- root root 640 seccomp -rw-r--r-- root root 432 seccomp.32 -rw-r--r-- root root 0 seccomp.postexec -rw-r--r-- root root 0 seccomp.postexec32 No active seccomp files Drop privileges: pid 1, uid 0, gid 0, force_nogroups 0 No supplementary groups Closing non-standard file descriptors Starting application LD_PRELOAD=(null) execvp argument 0: /bin/tail execvp argument 1: /var/log/messages /bin/tail: cannot open '/var/log/messages' for reading: No such file or directory The new log directory is /proc/23322/root/var/log Parent is shutting down, bye... ``` </p> </details> Same with any profile: <details> <summary>Output of <code>sudo LC_ALL=C firejail --debug --noblacklist=/var/log --whitelist=/var/log --read-write=/var/log/messages xxd /var/log/messages | grep -vE '(nvidia|docker|clang|llvm|gcc)'</code></summary> <p> ``` $ sudo LC_ALL=C firejail --debug --noblacklist=/var/log --whitelist=/var/log --read-write=/var/log/messages xxd /var/log/messages | grep -vE '(nvidia|docker|clang|llvm|gcc)' pid=24615: locking /run/firejail/firejail-run.lock ... pid=24615: locked /run/firejail/firejail-run.lock pid=24615: unlocking /run/firejail/firejail-run.lock ... pid=24615: unlocked /run/firejail/firejail-run.lock Reading profile /etc/firejail/xxd.profile Looking for kernel processes Found kthreadd process, we are not running in a sandbox Building quoted command line: 'xxd' '/var/log/messages' Command name #xxd# Found xxd.profile profile in /etc/firejail directory Cannot access .local file xxd.local: No such file or directory, skipping... Found cpio.profile profile in /etc/firejail directory Reading profile /etc/firejail/cpio.profile Reading profile /etc/firejail/archiver-common.profile Cannot access .local file cpio.local: No such file or directory, skipping... Cannot access .local file globals.local: No such file or directory, skipping... Found archiver-common.profile profile in /etc/firejail directory Cannot access .local file archiver-common.local: No such file or directory, skipping... Found disable-devel.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Cannot access .local file disable-devel.local: No such file or directory, skipping... Found disable-exec.inc profile in /etc/firejail directory Cannot access .local file disable-exec.local: No such file or directory, skipping... Found disable-interpreters.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-interpreters.inc Cannot access .local file disable-interpreters.local: No such file or directory, skipping... Found disable-shell.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-shell.inc [profile] combined protocol list: "unix" firejail version 0.9.74 pid=24615: locking /run/firejail/firejail-run.lock ... pid=24615: locked /run/firejail/firejail-run.lock DISPLAY is not set pid=24615: unlocking /run/firejail/firejail-run.lock ... pid=24615: unlocked /run/firejail/firejail-run.lock Cannot access .local file disable-shell.local: No such file or directory, skipping... Enabling IPC namespace Parent pid 24615, child pid 24616 Cannot access .local file disable-shell.local: No such file or directory, skipping... Enabling IPC namespace Initializing child process PID namespace installed Mounting tmpfs on /run/firejail/mnt directory Creating empty /run/firejail/mnt/seccomp directory Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file sbox run: /run/firejail/lib/fnet ifup lo Network namespace enabled, only loopback interface available Build protocol filter: unix sbox run: /run/firejail/lib/fseccomp protocol build unix /run/firejail/mnt/seccomp/seccomp.protocol Mounting /proc filesystem representing the PID namespace Basic read-only filesystem: Mounting read-only /etc 791 754 259:5 /etc /etc ro,noatime,nodiratime - ext4 /dev/root rw,discard,errors=remount-ro,commit=60 mountid=791 fsname=/etc dir=/etc fstype=ext4 Mounting read-only /var Warning: file /etc/alternatives not found. Warning fcopy: cannot create symbolic link /etc/fonts/infinality/conf.d Warning: file /etc/gcrypt not found. Mounting read-only /usr 813 754 259:5 /usr /usr ro,noatime,nodiratime - ext4 /dev/root rw,discard,errors=remount-ro,commit=60 mountid=813 fsname=/usr dir=/usr fstype=ext4 Mounting read-only /bin 814 754 259:5 /bin /bin ro,noatime,nodiratime - ext4 /dev/root rw,discard,errors=remount-ro,commit=60 mountid=814 fsname=/bin dir=/bin fstype=ext4 Mounting read-only /sbin 815 754 259:5 /sbin /sbin ro,noatime,nodiratime - ext4 /dev/root rw,discard,errors=remount-ro,commit=60 mountid=815 fsname=/sbin dir=/sbin fstype=ext4 Mounting read-only /lib 816 754 259:5 /lib /lib ro,noatime,nodiratime - ext4 /dev/root rw,discard,errors=remount-ro,commit=60 mountid=816 fsname=/lib dir=/lib fstype=ext4 Mounting read-only /lib64 817 754 259:5 /lib64 /lib64 ro,noatime,nodiratime - ext4 /dev/root rw,discard,errors=remount-ro,commit=60 mountid=817 fsname=/lib64 dir=/lib64 fstype=ext4 Mounting tmpfs on /var/lock Mounting tmpfs on /var/log Mounting tmpfs on /var/lib/dhcp Mounting tmpfs on /var/lib/nginx Create the new utmp file Mount the new utmp file Generating a new machine-id installing a new /etc/machine-id Mounting tmpfs on /dev Process /dev/shm directory Creating empty /run/firejail/mnt/dbus directory Creating empty /run/firejail/mnt/dbus/user file blacklist /root/.dbus Creating empty /run/firejail/mnt/dbus/system file blacklist /run/dbus/system_bus_socket blacklist /run/firejail/dbus Creating a new /etc/hosts file Loading user hosts file Mounting read-only /proc/sys Remounting /sys directory Disable /sys/firmware Disable /sys/power Disable /sys/kernel/debug Disable /sys/kernel/vmcoreinfo Disable /sys/kernel/uevent_helper Disable /proc/sys/fs/binfmt_misc Disable /proc/sys/kernel/core_pattern Disable /proc/sys/kernel/modprobe Disable /proc/sysrq-trigger Disable /proc/sys/kernel/hotplug Disable /proc/sys/vm/panic_on_oom Disable /proc/irq Disable /proc/bus Disable /proc/timer_list Disable /proc/kcore Disable /proc/kallsyms Disable /usr/src/linux-6.14.0 (requested /usr/src/linux) Disable /lib/modules Disable /usr/lib/debug Disable /boot Copying files in the new /etc directory: Copying /etc/fonts to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/fonts /run/firejail/mnt/etc/fonts Copying /etc/group to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/group /run/firejail/mnt/etc Warning: file /etc/locale not found. Warning: file /etc/locale.alias not found. Warning: file /etc/locale.conf not found. Warning: file /etc/selinux not found. Warning: file /etc/mkinitcpio* not found. /etc/group: unmount: Invalid argument /etc/passwd: unmount: Invalid argument Private /etc installed in 6.67 ms Copying /etc/ld.so.cache to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/ld.so.cache /run/firejail/mnt/etc Copying /etc/ld.so.conf to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/ld.so.conf /run/firejail/mnt/etc Copying /etc/ld.so.conf.d to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/ld.so.conf.d /run/firejail/mnt/etc/ld.so.conf.d Copying /etc/ld.so.preload to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/ld.so.preload /run/firejail/mnt/etc Copying /etc/localtime to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/localtime /run/firejail/mnt/etc Copying /etc/login.defs to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/login.defs /run/firejail/mnt/etc Copying /etc/nsswitch.conf to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/nsswitch.conf /run/firejail/mnt/etc Copying /etc/passwd to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/passwd /run/firejail/mnt/etc Mount-bind /run/firejail/mnt/etc on top of /etc Debug 588: whitelist /var/log Debug 609: expanded: /var/log Debug 620: new_name: /var/log Debug 630: dir: /var Adding whitelist top level directory /var Mounting tmpfs on /var, check owner: no 860 792 0:117 / /var rw,nosuid,nodev,noatime,nodiratime - tmpfs tmpfs rw,mode=755 mountid=860 fsname=/ dir=/var fstype=tmpfs Whitelisting /var/log 861 860 0:94 / /var/log rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755 mountid=861 fsname=/ dir=/var/log fstype=tmpfs Add path entry /usr/local/sbin Add path entry /usr/local/bin Add path entry /usr/sbin Add path entry /usr/bin Add path entry /sbin Add path entry /bin Add path entry /opt/bin Number of path entries: 11 Disable /usr/bin/aclocal-1.16 Disable /usr/bin/aclocal-1.17 Disable /usr/lib64/misc/am-wrapper.sh (requested /usr/bin/aclocal) Disable /usr/lib64/misc/ac-wrapper.sh (requested /usr/bin/autoconf) Disable /usr/lib64/misc/ac-wrapper.sh (requested /usr/bin/autoheader) Disable /usr/lib64/misc/ac-wrapper.sh (requested /usr/bin/autom4te) Disable /usr/bin/automake-1.16 Disable /usr/bin/automake-1.17 Disable /usr/lib64/misc/am-wrapper.sh (requested /usr/bin/automake) Disable /usr/lib64/misc/ac-wrapper.sh (requested /usr/bin/autoreconf) Disable /usr/lib64/misc/ac-wrapper.sh (requested /usr/bin/autoscan) Disable /usr/lib64/misc/ac-wrapper.sh (requested /usr/bin/autoupdate) Disable /usr/lib64/misc/ac-wrapper.sh (requested /usr/bin/ifnames) Disable /usr/bin/m4 Disable /usr/x86_64-pc-linux-gnu/binutils-bin/2.42/elfedit (requested /usr/bin/elfedit) Disable /usr/bin/espdiff Disable /usr/local/bin/patch Disable /usr/bin/gpatch (requested /usr/bin/patch) Disable /usr/bin/filterdiff (requested /usr/bin/patchview) Disable /usr/bin/lldb Disable /usr/bin/lldb-argdumper Disable /usr/bin/lldb-dap Disable /usr/bin/lldb-server Disable /usr/bin/lldb-instr Disable /usr/x86_64-pc-linux-gnu/binutils-bin/2.42/as (requested /usr/bin/as) Disable /usr/x86_64-pc-linux-gnu/binutils-bin/2.42/c++filt (requested /usr/bin/c++filt) Disable /usr/bin/c89 Disable /usr/bin/c99 Disable /usr/bin/cppgir Disable /usr/bin/cpp2html Disable /usr/lib/python-exec/python-exec2 (requested /usr/bin/cppcheck-htmlreport) Disable /usr/bin/cppcheck Disable /usr/x86_64-pc-linux-gnu/binutils-bin/2.42/elfedit (requested /usr/bin/elfedit) Disable /usr/bin/gdb Disable /usr/bin/gmake Disable /usr/x86_64-pc-linux-gnu/binutils-bin/2.42/ld (requested /usr/local/sbin/ld) Disable /usr/x86_64-pc-linux-gnu/binutils-bin/2.42/ld (requested /usr/bin/ld) Disable /usr/local/bin/make Base filesystem installed in 38.30 ms Disable /usr/bin/gmake (requested /usr/bin/make) Disable /usr/lib/go/bin/go (requested /usr/bin/go) Disable /usr/lib/go/bin/gofmt (requested /usr/bin/gofmt) Disable /usr/libexec/eselect-java/run-java-tool.bash (requested /usr/bin/java) Disable /usr/libexec/eselect-java/run-java-tool.bash (requested /usr/bin/javac) Disable /usr/bin/openssl Disable /usr/lib/rust/1.83.0/bin/rust-gdb-1.83.0 (requested /usr/bin/rust-gdb) Disable /usr/lib/rust/1.83.0/bin/rust-lldb-1.83.0 (requested /usr/bin/rust-lldb) Disable /usr/lib/rust/1.83.0/bin/rustc-1.83.0 (requested /usr/bin/rustc) Disable /usr/bin/valgrind-di-server Disable /usr/bin/valgrind Disable /usr/bin/valgrind-listener Disable /usr/include Disable /usr/src Mounting noexec /root 2132 2131 0:20 /firejail/firejail.ro.dir /root/.dbus ro,nosuid,nodev,noexec - tmpfs tmpfs rw,size=13020688k,nr_inodes=819200,mode=755 mountid=2132 fsname=/firejail/firejail.ro.dir dir=/root/.dbus fstype=tmpfs Mounting noexec /dev/shm 2133 831 0:97 /shm /dev/shm rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755 mountid=2133 fsname=/shm dir=/dev/shm fstype=tmpfs Mounting noexec /tmp 2134 777 0:29 / /tmp rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,size=5242880k mountid=2134 fsname=/ dir=/tmp fstype=tmpfs Mounting noexec /var 2136 2135 0:94 / /var/log rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755 mountid=2136 fsname=/ dir=/var/log fstype=tmpfs Disable /usr/bin/luajit-2.1.1716656478 Disable /usr/share/texmf-dist/scripts/luaotfload/luaotfload-tool.lua (requested /usr/bin/luaotfload-tool) Disable /usr/bin/luarocks-admin Disable /usr/bin/luahbtex (requested /usr/bin/lualatex-dev) Disable /usr/bin/lua5.4 Disable /usr/share/texmf-dist/scripts/luafindfont/luafindfont.lua (requested /usr/bin/luafindfont) Disable /usr/bin/luajit-2.1.1716656478 (requested /usr/bin/luajit) Disable /usr/bin/luahbtex Disable /usr/bin/luajithbtex Disable /usr/bin/lua5.3 Disable /usr/bin/luarocks Disable /usr/bin/luatex Disable /usr/bin/lua5.4 (requested /usr/bin/lua) Disable /usr/bin/luahbtex (requested /usr/bin/lualatex) Disable /usr/bin/luac5.4 Disable /usr/bin/luac5.3 Disable /usr/bin/luajittex Disable /usr/bin/luac5.4 (requested /usr/bin/luac) Disable /usr/lib64/libluajit-5.1.so.2.1.1716656478 Disable /usr/lib64/liblua5.3.so.0.0.0 (requested /usr/lib64/liblua5.3.so) Disable /usr/lib64/liblua5.4.so.0.0.0 Disable /usr/lib64/libluajit-5.1.so.2.1.1716656478 (requested /usr/lib64/libluajit-5.1.so.2) Disable /usr/lib64/liblua5.4.so.0.0.0 (requested /usr/lib64/liblua5.4.so.0) Disable /usr/lib64/liblua5.4.so.0.0.0 (requested /usr/lib64/liblua5.4.so) Disable /usr/lib64/libluajit-5.1.so.2.1.1716656478 (requested /usr/lib64/libluajit-5.1.so) Disable /usr/lib64/liblua5.3.so.0.0.0 Disable /usr/lib64/liblua5.3.so.0.0.0 (requested /usr/lib64/liblua5.3.so.0) Disable /usr/lib64/lua Disable /usr/share/lua Disable /usr/share/luajit-2.1 Disable /usr/bin/node Disable /usr/bin/cpan-2.360.0-perl-5.40.0 Disable /usr/bin/cpan-2.360.0-perl-5.40.0 (requested /usr/bin/cpan) Disable /usr/bin/perl Disable /usr/lib64/perl5 Disable /usr/bin/ruby32 (requested /usr/bin/ruby) Disable /usr/lib64/ruby Disable /usr/bin/python3.11-config Disable /usr/bin/python3.10 Disable /usr/bin/python3.12-config Disable /usr/bin/python3.13-config Disable /usr/bin/python3.12 Disable /usr/lib/python-exec/python-exec2 (requested /usr/bin/python3-config) Disable /usr/bin/python3.10-config Disable /usr/bin/python-exec2c (requested /usr/bin/python3) Disable /usr/bin/python3.11 Disable /usr/bin/python3.13 Disable /usr/lib/python3.10 Disable /usr/lib/python3.12 Disable /usr/lib/python3.11 Disable /usr/lib/python3.13 Disable /bin/bash Disable /bin/bash (requested /bin/sh) Disable /usr/bin/tclsh8.6 (requested /usr/bin/tclsh) Disable /bin/zsh Disable /tmp/.X11-unix Disable /home/al/.Xauthority Mounting tmpfs on /root/.cache, check owner: no 2194 2131 0:118 / /root/.cache rw,nosuid,nodev,noexec,noatime,nodiratime - tmpfs tmpfs rw,mode=700 mountid=2194 fsname=/ dir=/root/.cache fstype=tmpfs Disable /sys/fs Disable /sys/module DISPLAY is not set line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 04 00 c000003e jeq ARCH_64 0006 (false 0002) 0002: 20 00 00 00000000 ld data.syscall-number 0003: 15 01 00 00000167 jeq unknown 0005 (false 0004) 0004: 06 00 00 7fff0000 ret ALLOW 0005: 05 00 00 00000009 jmp 000f 0006: 20 00 00 00000004 ld data.architecture 0007: 15 01 00 c000003e jeq ARCH_64 0009 (false 0008) 0008: 06 00 00 7fff0000 ret ALLOW 0009: 20 00 00 00000000 ld data.syscall-number 000a: 35 01 00 40000000 jge X32_ABI 000c (false 000b) 000b: 35 01 00 00000000 jge read 000d (false 000c) 000c: 06 00 00 00050001 ret ERRNO(1) 000d: 15 01 00 00000029 jeq socket 000f (false 000e) 000e: 06 00 00 7fff0000 ret ALLOW 000f: 20 00 00 00000010 ld data.args[0] 0010: 15 00 01 00000001 jeq 1 0011 (false 0012) 0011: 06 00 00 7fff0000 ret ALLOW 0012: 06 00 00 0005005f ret ERRNO(95) line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 40000003 jeq ARCH_32 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 15 30 00 00000015 jeq 15 0035 (false 0005) 0005: 15 2f 00 00000034 jeq 34 0035 (false 0006) 0006: 15 2e 00 0000001a jeq 1a 0035 (false 0007) 0007: 15 2d 00 0000011b jeq 11b 0035 (false 0008) 0008: 15 2c 00 00000155 jeq 155 0035 (false 0009) 0009: 15 2b 00 00000156 jeq 156 0035 (false 000a) 000a: 15 2a 00 0000007f jeq 7f 0035 (false 000b) 000b: 15 29 00 00000080 jeq 80 0035 (false 000c) 000c: 15 28 00 0000015e jeq 15e 0035 (false 000d) 000d: 15 27 00 00000081 jeq 81 0035 (false 000e) 000e: 15 26 00 0000006e jeq 6e 0035 (false 000f) 000f: 15 25 00 00000065 jeq 65 0035 (false 0010) 0010: 15 24 00 00000121 jeq 121 0035 (false 0011) 0011: 15 23 00 00000057 jeq 57 0035 (false 0012) 0012: 15 22 00 00000073 jeq 73 0035 (false 0013) 0013: 15 21 00 00000067 jeq 67 0035 (false 0014) 0014: 15 20 00 0000015b jeq 15b 0035 (false 0015) 0015: 15 1f 00 0000015c jeq 15c 0035 (false 0016) 0016: 15 1e 00 00000087 jeq 87 0035 (false 0017) 0017: 15 1d 00 00000095 jeq 95 0035 (false 0018) 0018: 15 1c 00 0000007c jeq 7c 0035 (false 0019) 0019: 15 1b 00 00000157 jeq 157 0035 (false 001a) 001a: 15 1a 00 000000fd jeq fd 0035 (false 001b) 001b: 15 19 00 00000150 jeq 150 0035 (false 001c) 001c: 15 18 00 00000152 jeq 152 0035 (false 001d) 001d: 15 17 00 0000015d jeq 15d 0035 (false 001e) 001e: 15 16 00 0000011e jeq 11e 0035 (false 001f) 001f: 15 15 00 0000011f jeq 11f 0035 (false 0020) 0020: 15 14 00 00000120 jeq 120 0035 (false 0021) 0021: 15 13 00 00000056 jeq 56 0035 (false 0022) 0022: 15 12 00 00000033 jeq 33 0035 (false 0023) 0023: 15 11 00 0000007b jeq 7b 0035 (false 0024) 0024: 15 10 00 000000d9 jeq d9 0035 (false 0025) 0025: 15 0f 00 000000f5 jeq f5 0035 (false 0026) 0026: 15 0e 00 000000f6 jeq f6 0035 (false 0027) 0027: 15 0d 00 000000f7 jeq f7 0035 (false 0028) 0028: 15 0c 00 000000f8 jeq f8 0035 (false 0029) 0029: 15 0b 00 000000f9 jeq f9 0035 (false 002a) 002a: 15 0a 00 00000101 jeq 101 0035 (false 002b) 002b: 15 09 00 00000112 jeq 112 0035 (false 002c) 002c: 15 08 00 00000114 jeq 114 0035 (false 002d) 002d: 15 07 00 00000126 jeq 126 0035 (false 002e) 002e: 15 06 00 0000013d jeq 13d 0035 (false 002f) 002f: 15 05 00 0000013c jeq 13c 0035 (false 0030) 0030: 15 04 00 0000003d jeq 3d 0035 (false 0031) 0031: 15 03 00 00000058 jeq 58 0035 (false 0032) 0032: 15 02 00 000000a9 jeq a9 0035 (false 0033) 0033: 15 01 00 00000082 jeq 82 0035 (false 0034) 0034: 06 00 00 7fff0000 ret ALLOW 0035: 06 00 00 00050001 ret ERRNO(1) line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005) 0005: 35 01 00 00000000 jge read 0007 (false 0006) 0006: 06 00 00 00050001 ret ERRNO(1) 0007: 15 47 00 0000009f jeq adjtimex 004f (false 0008) 0008: 15 46 00 00000131 jeq clock_adjtime 004f (false 0009) 0009: 15 45 00 000000e3 jeq clock_settime 004f (false 000a) 000a: 15 44 00 000000a4 jeq settimeofday 004f (false 000b) 000b: 15 43 00 0000009a jeq modify_ldt 004f (false 000c) 000c: 15 42 00 000000d4 jeq lookup_dcookie 004f (false 000d) 000d: 15 41 00 0000012a jeq perf_event_open 004f (false 000e) 000e: 15 40 00 000001b6 jeq pidfd_getfd 004f (false 000f) 000f: 15 3f 00 00000137 jeq process_vm_writev 004f (false 0010) 0010: 15 3e 00 000000b0 jeq delete_module 004f (false 0011) 0011: 15 3d 00 00000139 jeq finit_module 004f (false 0012) 0012: 15 3c 00 000000af jeq init_module 004f (false 0013) 0013: 15 3b 00 000000a1 jeq chroot 004f (false 0014) 0014: 15 3a 00 000001af jeq fsconfig 004f (false 0015) 0015: 15 39 00 000001b0 jeq fsmount 004f (false 0016) 0016: 15 38 00 000001ae jeq fsopen 004f (false 0017) 0017: 15 37 00 000001b1 jeq fspick 004f (false 0018) 0018: 15 36 00 000000a5 jeq mount 004f (false 0019) 0019: 15 35 00 000001ad jeq move_mount 004f (false 001a) 001a: 15 34 00 000001ac jeq open_tree 004f (false 001b) 001b: 15 33 00 0000009b jeq pivot_root 004f (false 001c) 001c: 15 32 00 000000a6 jeq umount2 004f (false 001d) 001d: 15 31 00 0000009c jeq _sysctl 004f (false 001e) 001e: 15 30 00 000000b7 jeq afs_syscall 004f (false 001f) 001f: 15 2f 00 000000ae jeq create_module 004f (false 0020) 0020: 15 2e 00 000000b1 jeq get_kernel_syms 004f (false 0021) 0021: 15 2d 00 000000b5 jeq getpmsg 004f (false 0022) 0022: 15 2c 00 000000b6 jeq putpmsg 004f (false 0023) 0023: 15 2b 00 000000b2 jeq query_module 004f (false 0024) 0024: 15 2a 00 000000b9 jeq security 004f (false 0025) 0025: 15 29 00 0000008b jeq sysfs 004f (false 0026) 0026: 15 28 00 000000b8 jeq tuxcall 004f (false 0027) 0027: 15 27 00 00000086 jeq uselib 004f (false 0028) 0028: 15 26 00 00000088 jeq ustat 004f (false 0029) 0029: 15 25 00 000000ec jeq vserver 004f (false 002a) 002a: 15 24 00 000000ad jeq ioperm 004f (false 002b) 002b: 15 23 00 000000ac jeq iopl 004f (false 002c) 002c: 15 22 00 000000f6 jeq kexec_load 004f (false 002d) 002d: 15 21 00 00000140 jeq kexec_file_load 004f (false 002e) 002e: 15 20 00 000000a9 jeq reboot 004f (false 002f) 002f: 15 1f 00 000000a7 jeq swapon 004f (false 0030) 0030: 15 1e 00 000000a8 jeq swapoff 004f (false 0031) 0031: 15 1d 00 00000130 jeq open_by_handle_at 004f (false 0032) 0032: 15 1c 00 0000012f jeq name_to_handle_at 004f (false 0033) 0033: 15 1b 00 000000fb jeq ioprio_set 004f (false 0034) 0034: 15 1a 00 00000067 jeq syslog 004f (false 0035) 0035: 15 19 00 0000012c jeq fanotify_init 004f (false 0036) 0036: 15 18 00 000000f8 jeq add_key 004f (false 0037) 0037: 15 17 00 000000f9 jeq request_key 004f (false 0038) 0038: 15 16 00 000000ed jeq mbind 004f (false 0039) 0039: 15 15 00 00000100 jeq migrate_pages 004f (false 003a) 003a: 15 14 00 00000117 jeq move_pages 004f (false 003b) 003b: 15 13 00 000000fa jeq keyctl 004f (false 003c) 003c: 15 12 00 000000ce jeq io_setup 004f (false 003d) 003d: 15 11 00 000000cf jeq io_destroy 004f (false 003e) 003e: 15 10 00 000000d0 jeq io_getevents 004f (false 003f) 003f: 15 0f 00 000000d1 jeq io_submit 004f (false 0040) 0040: 15 0e 00 000000d2 jeq io_cancel 004f (false 0041) 0041: 15 0d 00 000000d8 jeq remap_file_pages 004f (false 0042) 0042: 15 0c 00 000000ee jeq set_mempolicy 004f (false 0043) 0043: 15 0b 00 00000116 jeq vmsplice 004f (false 0044) 0044: 15 0a 00 00000143 jeq userfaultfd 004f (false 0045) 0045: 15 09 00 000000a3 jeq acct 004f (false 0046) 0046: 15 08 00 00000141 jeq bpf 004f (false 0047) 0047: 15 07 00 000000b4 jeq nfsservctl 004f (false 0048) 0048: 15 06 00 000000ab jeq setdomainname 004f (false 0049) 0049: 15 05 00 000000aa jeq sethostname 004f (false 004a) 004a: 15 04 00 00000099 jeq vhangup 004f (false 004b) 004b: 15 03 00 00000065 jeq ptrace 004f (false 004c) 004c: 15 02 00 00000087 jeq personality 004f (false 004d) 004d: 15 01 00 00000136 jeq process_vm_readv 004f (false 004e) 004e: 06 00 00 7fff0000 ret ALLOW 004f: 06 00 01 00050001 ret ERRNO(1) line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005) 0005: 35 01 00 00000000 jge read 0007 (false 0006) 0006: 06 00 00 00050001 ret ERRNO(1) 0007: 15 00 05 00000009 jeq mmap 0008 (false 000d) 0008: 20 00 00 00000020 ld data.args[10] 0009: 54 00 00 00000006 and 00000006 000a: 15 00 01 00000006 jeq 6 000b (false 000c) 000b: 06 00 00 00050001 ret ERRNO(1) 000c: 06 00 00 7fff0000 ret ALLOW 000d: 15 00 05 0000000a jeq a 000e (false 0013) 000e: 20 00 00 00000020 ld data.args[10] 000f: 54 00 00 00000004 and 00000004 0010: 15 00 01 00000004 jeq 4 0011 (false 0012) 0011: 06 00 00 00050001 ret ERRNO(1) 0012: 06 00 00 7fff0000 ret ALLOW 0013: 15 00 05 00000149 jeq 149 0014 (false 0019) 0014: 20 00 00 00000020 ld data.args[10] 0015: 54 00 00 00000004 and 00000004 0016: 15 00 01 00000004 jeq 4 0017 (false 0018) 0017: 06 00 00 00050001 ret ERRNO(1) 0018: 06 00 00 7fff0000 ret ALLOW 0019: 15 00 05 0000001e jeq 1e 001a (false 001f) 001a: 20 00 00 00000020 ld data.args[10] 001b: 54 00 00 00008000 and 00008000 001c: 15 00 01 00008000 jeq 8000 001d (false 001e) 001d: 06 00 00 00050001 ret ERRNO(1) 001e: 06 00 00 7fff0000 ret ALLOW 001f: 15 00 01 0000013f jeq 13f 0020 (false 0021) 0020: 06 00 00 00050001 ret ERRNO(1) 0021: 06 00 00 7fff0000 ret ALLOW 0022: 06 00 00 7fff0000 ret ALLOW line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 40000003 jeq ARCH_32 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 15 00 01 0000005a jeq 5a 0005 (false 0006) 0005: 06 00 00 00050001 ret ERRNO(1) 0006: 15 00 05 000000c0 jeq c0 0007 (false 000c) 0007: 20 00 00 00000020 ld data.args[10] 0008: 54 00 00 00000006 and 00000006 0009: 15 00 01 00000006 jeq 6 000a (false 000b) 000a: 06 00 00 00050001 ret ERRNO(1) 000b: 06 00 00 7fff0000 ret ALLOW 000c: 15 00 05 0000007d jeq 7d 000d (false 0012) 000d: 20 00 00 00000020 ld data.args[10] 000e: 54 00 00 00000004 and 00000004 000f: 15 00 01 00000004 jeq 4 0010 (false 0011) 0010: 06 00 00 00050001 ret ERRNO(1) 0011: 06 00 00 7fff0000 ret ALLOW 0012: 15 00 05 0000017c jeq 17c 0013 (false 0018) 0013: 20 00 00 00000020 ld data.args[10] 0014: 54 00 00 00000004 and 00000004 0015: 15 00 01 00000004 jeq 4 0016 (false 0017) 0016: 06 00 00 00050001 ret ERRNO(1) 0017: 06 00 00 7fff0000 ret ALLOW 0018: 15 00 05 0000018d jeq 18d 0019 (false 001e) 0019: 20 00 00 00000020 ld data.args[10] 001a: 54 00 00 00008000 and 00008000 001b: 15 00 01 00008000 jeq 8000 001c (false 001d) 001c: 06 00 00 00050001 ret ERRNO(1) 001d: 06 00 00 7fff0000 ret ALLOW 001e: 15 00 01 00000164 jeq 164 001f (false 0020) 001f: 06 00 00 00050001 ret ERRNO(1) 0020: 06 00 00 7fff0000 ret ALLOW 0021: 06 00 00 7fff0000 ret ALLOW line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005) 0005: 35 01 00 00000000 jge read 0007 (false 0006) 0006: 06 00 00 00050001 ret ERRNO(1) 0007: 15 00 04 00000038 jeq clone 0008 (false 000c) 0008: 20 00 00 00000010 ld data.args[0] 0009: 45 00 01 7e020000 jset 7e020000 000a (false 000b) 000a: 06 00 00 00050001 ret ERRNO(1) 000b: 06 00 00 7fff0000 ret ALLOW 000c: 15 00 01 000001b3 jeq 1b3 000d (false 000e) 000d: 06 00 00 00050026 ret ERRNO(38) 000e: 15 00 04 00000110 jeq 110 000f (false 0013) 000f: 20 00 00 00000010 ld data.args[0] 0010: 45 00 01 7e020080 jset 7e020080 0011 (false 0012) 0011: 06 00 00 00050001 ret ERRNO(1) 0012: 06 00 00 7fff0000 ret ALLOW 0013: 15 00 04 00000134 jeq 134 0014 (false 0018) 0014: 20 00 00 00000018 ld data.args[8] 0015: 15 01 00 00000000 jeq 0 0017 (false 0016) 0016: 45 00 01 7e020080 jset 7e020080 0017 (false 0018) 0017: 06 00 00 00050001 ret ERRNO(1) 0018: 06 00 00 7fff0000 ret ALLOW 0019: 06 00 00 7fff0000 ret ALLOW line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005) 0005: 35 01 00 00000000 jge read 0007 (false 0006) 0006: 06 00 00 00050001 ret ERRNO(1) 0007: 15 00 04 00000038 jeq clone 0008 (false 000c) 0008: 20 00 00 00000010 ld data.args[0] 0009: 45 00 01 7e020000 jset 7e020000 000a (false 000b) 000a: 06 00 00 00050001 ret ERRNO(1) 000b: 06 00 00 7fff0000 ret ALLOW 000c: 15 00 01 000001b3 jeq 1b3 000d (false 000e) 000d: 06 00 00 00050026 ret ERRNO(38) 000e: 15 00 04 00000110 jeq 110 000f (false 0013) 000f: 20 00 00 00000010 ld data.args[0] 0010: 45 00 01 7e020080 jset 7e020080 0011 (false 0012) 0011: 06 00 00 00050001 ret ERRNO(1) 0012: 06 00 00 7fff0000 ret ALLOW 0013: 15 00 04 00000134 jeq 134 0014 (false 0018) 0014: 20 00 00 00000018 ld data.args[8] 0015: 15 01 00 00000000 jeq 0 0017 (false 0016) 0016: 45 00 01 7e020080 jset 7e020080 0017 (false 0018) 0017: 06 00 00 00050001 ret ERRNO(1) 0018: 06 00 00 7fff0000 ret ALLOW 0019: 06 00 00 7fff0000 ret ALLOW disable pulseaudio disable pipewire Current directory: /home/al Install protocol filter: unix configuring 19 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol configuring 54 seccomp entries in /run/firejail/mnt/seccomp/seccomp.32 sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp.32 Dual 32/64 bit seccomp filter configured configuring 80 seccomp entries in /run/firejail/mnt/seccomp/seccomp sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp seccomp filter configured Install memory write&execute filter configuring 35 seccomp entries in /run/firejail/mnt/seccomp/seccomp.mdwx sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp.mdwx configuring 34 seccomp entries in /run/firejail/mnt/seccomp/seccomp.mdwx.32 sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp.mdwx.32 Install namespaces filter configuring 26 seccomp entries in /run/firejail/mnt/seccomp/seccomp.namespaces sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp.namespaces configuring 26 seccomp entries in /run/firejail/mnt/seccomp/seccomp.namespaces.32 sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp.namespaces.32 Mounting read-only /run/firejail/mnt/seccomp 2197 788 0:81 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755 mountid=2197 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs Seccomp directory: ls /run/firejail/mnt/seccomp drwxr-xr-x root root 240 . drwxr-xr-x root root 300 .. -rw-r--r-- root root 640 seccomp -rw-r--r-- root root 432 seccomp.32 -rw-r--r-- root root 288 seccomp.list -rw-r--r-- root root 280 seccomp.mdwx -rw-r--r-- root root 272 seccomp.mdwx.32 -rw-r--r-- root root 208 seccomp.namespaces -rw-r--r-- root root 208 seccomp.namespaces.32 -rw-r--r-- root root 0 seccomp.postexec -rw-r--r-- root root 0 seccomp.postexec32 -rw-r--r-- root root 152 seccomp.protocol Active seccomp files: cat /run/firejail/mnt/seccomp/seccomp.list /run/firejail/mnt/seccomp/seccomp.protocol /run/firejail/mnt/seccomp/seccomp.32 /run/firejail/mnt/seccomp/seccomp /run/firejail/mnt/seccomp/seccomp.mdwx /run/firejail/mnt/seccomp/seccomp.mdwx.32 /run/firejail/mnt/seccomp/seccomp.namespaces /run/firejail/mnt/seccomp/seccomp.namespaces.32 pid=24615: unlocking /run/firejail/firejail-network.lock ... pid=24615: already unlocked /run/firejail/firejail-network.lock Dropping all capabilities Drop CAP_DAC_OVERRIDE Drop CAP_DAC_READ_SEARCH NO_NEW_PRIVS set Drop privileges: pid 1, uid 0, gid 0, force_nogroups 0 No supplementary groups Closing non-standard file descriptors Starting application LD_PRELOAD=(null) execvp argument 0: xxd execvp argument 1: /var/log/messages Not enforcing Landlock Child process initialized in 70.29 ms xxd: /var/log/messages: No such file or directory The new log directory is /proc/24616/root/var/log Parent is shutting down, bye... ``` </p> </details>
gitea-mirror 2026-05-05 09:55:47 -06:00
  • closed this issue
  • added the
    notabug
         label
gitea-mirror commented 2026-05-05 09:55:50 -06:00
Author
Owner
Copy link

@netblue30 commented on GitHub (Apr 8, 2025):

/var/log gets some special treatment. By default it is a brand-new temporary (tmpfs) directory. You can read or write to it if you have enough permissions.

To keep the original /var/log in place use --writable-var-log:

$ sudo firejail --writable-var-log
Reading profile /etc/firejail/server.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-programs.inc
...
root@debian:~# ls /var/log
alternatives.log        auth.log.2.gz  cron.log.3.gz    dpkg.log.11.gz  kern.log.1         syslog.1
alternatives.log.1      auth.log.3.gz  cron.log.4.gz    dpkg.log.12.gz  kern.log.2.gz      syslog.2.gz
alternatives.log.10.gz  auth.log.4.gz  cups             dpkg.log.2.gz   kern.log.3.gz      syslog.3.gz
alternatives.log.11.gz  boot.log       daemon.log       dpkg.log.3.gz   kern.log.4.gz      syslog.4.gz
...
<!-- gh-comment-id:2786221522 --> @netblue30 commented on GitHub (Apr 8, 2025): /var/log gets some special treatment. By default it is a brand-new temporary (tmpfs) directory. You can read or write to it if you have enough permissions. To keep the original /var/log in place use --writable-var-log: ````` $ sudo firejail --writable-var-log Reading profile /etc/firejail/server.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-programs.inc ... root@debian:~# ls /var/log alternatives.log auth.log.2.gz cron.log.3.gz dpkg.log.11.gz kern.log.1 syslog.1 alternatives.log.1 auth.log.3.gz cron.log.4.gz dpkg.log.12.gz kern.log.2.gz syslog.2.gz alternatives.log.10.gz auth.log.4.gz cups dpkg.log.2.gz kern.log.3.gz syslog.3.gz alternatives.log.11.gz boot.log daemon.log dpkg.log.3.gz kern.log.4.gz syslog.4.gz ... `````
gitea-mirror commented 2026-05-05 09:55:50 -06:00
Author
Owner
Copy link

@alopatindev commented on GitHub (Apr 9, 2025):

It works, thanks!

<!-- gh-comment-id:2788151009 --> @alopatindev commented on GitHub (Apr 9, 2025): It works, thanks!
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#3344
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?