[GH-ISSUE #6749] libreoffice: cannot use IBus #3360

New issue

Open

opened 2026-05-05 09:56:22 -06:00 by gitea-mirror · 9 comments

gitea-mirror commented 2026-05-05 09:56:22 -06:00

Owner

Copy link

Originally created by @Lidoca on GitHub (May 13, 2025).
Original GitHub issue: https://github.com/netblue30/firejail/issues/6749

Description

Running libreoffice with firejail default profile makes IBus unavailable, resulting users cannot switch input sources

Steps to Reproduce

1. Run libreoffice with default Firejail profile (sudo firecfg)
2. Observe the output
3. Try to change the input source through IBus
4. Type anything through the keyboard if the input source is changed

Expected behavior

There's no problem with IBus, input sources can be changed

Actual behavior

Unable to connect to IBus, input source cannot be changed

Behavior without a profile

Through the command firejail --noprofile libreoffice, the behavior is slightly different, Permission denied instead of No such file or directory

IBus is usable only if LibreOffice is not run through Firejail (no --noprofile or firecfg is configured)

firejail version 0.9.74

Parent pid 16236, child pid 16237
Base filesystem installed in 0.03 ms
Child process initialized in 14.87 ms
Warning: failed to launch javaldx - java may not function correctly

(soffice:18): IBUS-WARNING **: 15:18:16.037: Unable to connect to ibus: Could not connect: Permission denied

Additional context

Any other detail that may help to understand/debug the problem

Environment

• Name/version/arch of the Linux kernel (uname -srm): Linux 6.11.0-25-generic x86_64
• Name/version of the Linux distribution (e.g. "Ubuntu 20.04" or "Arch Linux"): Ubuntu 24.04
• Name/version of the relevant program(s)/package(s) (e.g. "firefox 134.0-1,
  mesa 1:24.3.3-2"): libreoffice 4:24.2.7-0ubuntu0.24.04.4
• Version of Firejail (firejail --version): 0.9.74

Checklist

• The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it).
• I can reproduce the issue without custom modifications (e.g. globals.local).
• The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
• The profile (and redirect profile if exists) hasn't already been fixed upstream.
• I have performed a short search for similar issues (to avoid opening a duplicate).
  • I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.
• I used --profile=PROFILENAME to set the right profile. (Only relevant for AppImages)

Log

Output of LC_ALL=C firejail /path/to/program

Reading profile /etc/firejail/libreoffice.profile
Reading profile /etc/firejail/allow-java.inc
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-run-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Warning: networking feature is disabled in Firejail configuration file
firejail version 0.9.74

Parent pid 21706, child pid 21707
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Private /etc installed in 70.81 ms
Warning: not remounting /home/local-optimum/.ssh/authorized_keys
Warning: not remounting /run/user/1000/doc
Warning: not remounting /run/user/1000/gvfs
Base filesystem installed in 55.53 ms
Child process initialized in 165.11 ms
Warning: failed to launch javaldx - java may not function correctly

(soffice:54): IBUS-WARNING **: 15:33:58.438: Unable to connect to ibus: Could not connect: No such file or directory

Output of LC_ALL=C firejail --debug /path/to/program

Looking for kernel processes
Found kthreadd process, we are not running in a sandbox
pid=22023: locking /run/firejail/firejail-run.lock ...
pid=22023: locked /run/firejail/firejail-run.lock
pid=22023: unlocking /run/firejail/firejail-run.lock ...
pid=22023: unlocked /run/firejail/firejail-run.lock
Building quoted command line: 'libreoffice' 
Command name #libreoffice#
Found libreoffice.profile profile in /etc/firejail directory
Reading profile /etc/firejail/libreoffice.profile
Cannot access .local file libreoffice.local: No such file or directory, skipping...
Cannot access .local file globals.local: No such file or directory, skipping...
Found allow-java.inc profile in /etc/firejail directory
Reading profile /etc/firejail/allow-java.inc
Cannot access .local file allow-java.local: No such file or directory, skipping...
Found disable-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-common.inc
Cannot access .local file disable-common.local: No such file or directory, skipping...
Found disable-devel.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-devel.inc
Cannot access .local file disable-devel.local: No such file or directory, skipping...
Found disable-exec.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-exec.inc
Cannot access .local file disable-exec.local: No such file or directory, skipping...
Found disable-programs.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-programs.inc
Cannot access .local file disable-programs.local: No such file or directory, skipping...
Found whitelist-run-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-run-common.inc
Cannot access .local file whitelist-run-common.local: No such file or directory, skipping...
Found whitelist-var-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-var-common.inc
Cannot access .local file whitelist-var-common.local: No such file or directory, skipping...
Warning: networking feature is disabled in Firejail configuration file
[profile] combined protocol list: "unix,inet,inet6"
firejail version 0.9.74

pid=22023: locking /run/firejail/firejail-run.lock ...
pid=22023: locked /run/firejail/firejail-run.lock
DISPLAY=:0 parsed as 0
pid=22023: unlocking /run/firejail/firejail-run.lock ...
pid=22023: unlocked /run/firejail/firejail-run.lock
Using the local network stack
Parent pid 22023, child pid 22024
Initializing child process
Host network configured
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp directory
Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file
IBUS_ADDRESS=unix:path=/home/local-optimum/.cache/ibus/dbus-Sg2mT7TU,guid=3d1928b615998d946e3b29ec6822dd8a
IBUS_DAEMON_PID=3235
Build protocol filter: unix,inet,inet6
sbox run: /run/firejail/lib/fseccomp protocol build unix,inet,inet6 /run/firejail/mnt/seccomp/seccomp.protocol 
Dropping all capabilities
Drop privileges: pid 2, uid 1000, gid 1000, force_nogroups 1
No supplementary groups
Drop privileges: pid 3, uid 1000, gid 1000, force_nogroups 0
nogroups command not ignored
No supplementary groups
Mounting /proc filesystem representing the PID namespace
Basic read-only filesystem:
Mounting read-only /etc
2536 2479 252:1 /etc /etc ro,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw
mountid=2536 fsname=/etc dir=/etc fstype=ext4
Mounting noexec /etc
2537 2536 252:1 /etc /etc ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw
mountid=2537 fsname=/etc dir=/etc fstype=ext4
Mounting read-only /var
3705 3704 252:1 /usr/share/hunspell /var/snap/firefox/common/host-hunspell ro,noexec,noatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw
mountid=3705 fsname=/usr/share/hunspell dir=/var/snap/firefox/common/host-hunspell fstype=ext4
Mounting noexec /var
3707 3706 252:1 /usr/share/hunspell /var/snap/firefox/common/host-hunspell ro,noexec,noatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw
mountid=3707 fsname=/usr/share/hunspell dir=/var/snap/firefox/common/host-hunspell fstype=ext4
Mounting noexec /var/snap/firefox/common/host-hunspell
3708 3707 252:1 /usr/share/hunspell /var/snap/firefox/common/host-hunspell ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw
mountid=3708 fsname=/usr/share/hunspell dir=/var/snap/firefox/common/host-hunspell fstype=ext4
Mounting read-only /usr
3709 2479 252:1 /usr /usr ro,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw
mountid=3709 fsname=/usr dir=/usr fstype=ext4
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Mounting tmpfs on /var/lib/snmp
Mounting tmpfs on /var/lib/sudo
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Cleaning /run/user directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /run/firejail/sandbox
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/profile
Disable /run/firejail/x11
Mounting tmpfs on /dev
mounting /run/firejail/mnt/dev/snd directory
mounting /run/firejail/mnt/dev/dri directory
mounting /run/firejail/mnt/dev/kfd file
mounting /run/firejail/mnt/dev/tpm0 file
Process /dev/shm directory
Generate private-tmp whitelist commands
Creating empty /run/firejail/mnt/dbus directory
Creating empty /run/firejail/mnt/dbus/system file
blacklist /run/dbus/system_bus_socket
blacklist /run/firejail/dbus
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Creating a new /etc/hostname file
Creating empty /run/firejail/mnt/hostname file
Creating a new /etc/hosts file
Loading user hosts file
Mounting read-only /proc/sys
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /sys/kernel/uevent_helper
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/kernel/hotplug
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/timer_list
Disable /proc/kcore
Disable /proc/kallsyms
Disable /usr/lib/modules (requested /lib/modules)
Disable /usr/lib/debug
Disable /boot
Disable /run/user/1000/gnupg
Disable /run/user/1000/systemd
Disable /proc/kmsg
Copying files in the new /etc directory:
Copying /etc/alternatives to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/alternatives /run/firejail/mnt/etc/alternatives 
Copying /etc/fonts to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/fonts /run/firejail/mnt/etc/fonts 
Warning: file /etc/gcrypt not found.
Copying /etc/group to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/group /run/firejail/mnt/etc 
Copying /etc/ld.so.cache to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/ld.so.cache /run/firejail/mnt/etc 
Copying /etc/ld.so.conf to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/ld.so.conf /run/firejail/mnt/etc 
Copying /etc/ld.so.conf.d to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/ld.so.conf.d /run/firejail/mnt/etc/ld.so.conf.d 
Warning: file /etc/ld.so.preload not found.
Warning: file /etc/locale not found.
Copying /etc/locale.alias to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/locale.alias /run/firejail/mnt/etc 
Copying /etc/locale.conf to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/locale.conf /run/firejail/mnt/etc 
Copying /etc/localtime to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/localtime /run/firejail/mnt/etc 
Copying /etc/login.defs to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/login.defs /run/firejail/mnt/etc 
Copying /etc/nsswitch.conf to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/nsswitch.conf /run/firejail/mnt/etc 
Copying /etc/passwd to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/passwd /run/firejail/mnt/etc 
Copying /etc/selinux to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/selinux /run/firejail/mnt/etc/selinux 
Copying /etc/hostname to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/hostname /run/firejail/mnt/etc 
Copying /etc/hosts to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/hosts /run/firejail/mnt/etc 
Copying /etc/protocols to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/protocols /run/firejail/mnt/etc 
Copying /etc/resolv.conf to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/resolv.conf /run/firejail/mnt/etc 
Copying /etc/alsa to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/alsa /run/firejail/mnt/etc/alsa 
Warning: file /etc/asound.conf not found.
Copying /etc/machine-id to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/machine-id /run/firejail/mnt/etc 
Warning: file /etc/pipewire not found.
Copying /etc/pulse to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/pulse /run/firejail/mnt/etc/pulse 
Copying /etc/ca-certificates to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/ca-certificates /run/firejail/mnt/etc/ca-certificates 
Warning: file /etc/crypto-policies not found.
Copying /etc/gnutls to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/gnutls /run/firejail/mnt/etc/gnutls 
Copying /etc/pki to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/pki /run/firejail/mnt/etc/pki 
Copying /etc/ssl to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/ssl /run/firejail/mnt/etc/ssl 
Warning: file /etc/@tls-ca not found.
Warning: file /etc/ati not found.
Copying /etc/dconf to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/dconf /run/firejail/mnt/etc/dconf 
Warning: file /etc/drirc not found.
Copying /etc/gtk-2.0 to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/gtk-2.0 /run/firejail/mnt/etc/gtk-2.0 
Copying /etc/gtk-3.0 to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/gtk-3.0 /run/firejail/mnt/etc/gtk-3.0 
Warning: file /etc/kde4rc not found.
Warning: file /etc/kde5rc not found.
Copying /etc/machine-id to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/machine-id /run/firejail/mnt/etc 
Warning: file /etc/nvidia not found.
Warning: file /etc/pango not found.
Warning: file /etc/Trolltech.conf not found.
Copying /etc/vulkan to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/vulkan /run/firejail/mnt/etc/vulkan 
Copying /etc/X11 to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/X11 /run/firejail/mnt/etc/X11 
Copying /etc/xdg to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/xdg /run/firejail/mnt/etc/xdg 
Warning: file /etc/@x11 not found.
Copying /etc/cups to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/cups /run/firejail/mnt/etc/cups 
Warning: file /etc/gnupg not found.
Copying /etc/libreoffice to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/libreoffice /run/firejail/mnt/etc/libreoffice 
Copying /etc/papersize to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/papersize /run/firejail/mnt/etc 
Copying /etc/ssh to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/ssh /run/firejail/mnt/etc/ssh 
Mount-bind /run/firejail/mnt/etc on top of /etc
Private /etc installed in 70.64 ms
Debug 588: whitelist /run/NetworkManager/resolv.conf
Debug 609: expanded: /run/NetworkManager/resolv.conf
Debug 620: new_name: /run/NetworkManager/resolv.conf
Debug 630: dir: /run
Adding whitelist top level directory /run
Debug 588: whitelist /run/avahi-daemon/socket
Debug 609: expanded: /run/avahi-daemon/socket
Debug 620: new_name: /run/avahi-daemon/socket
Debug 630: dir: /run
Debug 588: whitelist /run/cups/cups.sock
Debug 609: expanded: /run/cups/cups.sock
Debug 620: new_name: /run/cups/cups.sock
Debug 630: dir: /run
Debug 588: whitelist /run/dbus/system_bus_socket
Debug 609: expanded: /run/dbus/system_bus_socket
Debug 620: new_name: /run/dbus/system_bus_socket
Debug 630: dir: /run
Debug 588: whitelist /run/media
Debug 609: expanded: /run/media
Debug 620: new_name: /run/media
Debug 630: dir: /run
Removed path: whitelist /run/media
	new_name: /run/media
	realpath: (null)
	No such file or directory
Debug 588: whitelist /run/resolvconf/resolv.conf
Debug 609: expanded: /run/resolvconf/resolv.conf
Debug 620: new_name: /run/resolvconf/resolv.conf
Debug 630: dir: /run
Removed path: whitelist /run/resolvconf/resolv.conf
	new_name: /run/resolvconf/resolv.conf
	realpath: (null)
	No such file or directory
Debug 588: whitelist /run/netconfig/resolv.conf
Debug 609: expanded: /run/netconfig/resolv.conf
Debug 620: new_name: /run/netconfig/resolv.conf
Debug 630: dir: /run
Removed path: whitelist /run/netconfig/resolv.conf
	new_name: /run/netconfig/resolv.conf
	realpath: (null)
	No such file or directory
Debug 588: whitelist /run/shm
Debug 609: expanded: /run/shm
Debug 620: new_name: /run/shm
Debug 630: dir: /run
Debug 588: whitelist /run/systemd/journal/dev-log
Debug 609: expanded: /run/systemd/journal/dev-log
Debug 620: new_name: /run/systemd/journal/dev-log
Debug 630: dir: /run
Debug 588: whitelist /run/systemd/journal/socket
Debug 609: expanded: /run/systemd/journal/socket
Debug 620: new_name: /run/systemd/journal/socket
Debug 630: dir: /run
Debug 588: whitelist /run/systemd/resolve/resolv.conf
Debug 609: expanded: /run/systemd/resolve/resolv.conf
Debug 620: new_name: /run/systemd/resolve/resolv.conf
Debug 630: dir: /run
Debug 588: whitelist /run/systemd/resolve/stub-resolv.conf
Debug 609: expanded: /run/systemd/resolve/stub-resolv.conf
Debug 620: new_name: /run/systemd/resolve/stub-resolv.conf
Debug 630: dir: /run
Debug 588: whitelist /run/udev/data
Debug 609: expanded: /run/udev/data
Debug 620: new_name: /run/udev/data
Debug 630: dir: /run
Debug 588: whitelist /run/opengl-driver
Debug 609: expanded: /run/opengl-driver
Debug 620: new_name: /run/opengl-driver
Debug 630: dir: /run
Removed path: whitelist /run/opengl-driver
	new_name: /run/opengl-driver
	realpath: (null)
	No such file or directory
Debug 588: whitelist /var/lib/aspell
Debug 609: expanded: /var/lib/aspell
Debug 620: new_name: /var/lib/aspell
Debug 630: dir: /var
Adding whitelist top level directory /var
Debug 588: whitelist /var/lib/ca-certificates
Debug 609: expanded: /var/lib/ca-certificates
Debug 620: new_name: /var/lib/ca-certificates
Debug 630: dir: /var
Removed path: whitelist /var/lib/ca-certificates
	new_name: /var/lib/ca-certificates
	realpath: (null)
	No such file or directory
Debug 588: whitelist /var/lib/dbus
Debug 609: expanded: /var/lib/dbus
Debug 620: new_name: /var/lib/dbus
Debug 630: dir: /var
Debug 588: whitelist /var/lib/menu-xdg
Debug 609: expanded: /var/lib/menu-xdg
Debug 620: new_name: /var/lib/menu-xdg
Debug 630: dir: /var
Removed path: whitelist /var/lib/menu-xdg
	new_name: /var/lib/menu-xdg
	realpath: (null)
	No such file or directory
Debug 588: whitelist /var/lib/uim
Debug 609: expanded: /var/lib/uim
Debug 620: new_name: /var/lib/uim
Debug 630: dir: /var
Removed path: whitelist /var/lib/uim
	new_name: /var/lib/uim
	realpath: (null)
	No such file or directory
Debug 588: whitelist /var/cache/fontconfig
Debug 609: expanded: /var/cache/fontconfig
Debug 620: new_name: /var/cache/fontconfig
Debug 630: dir: /var
Debug 588: whitelist /var/tmp
Debug 609: expanded: /var/tmp
Debug 620: new_name: /var/tmp
Debug 630: dir: /var
Debug 588: whitelist /var/run
Debug 609: expanded: /var/run
Debug 620: new_name: /var/run
Debug 630: dir: /var
Debug 588: whitelist /var/lock
Debug 609: expanded: /var/lock
Debug 620: new_name: /var/lock
Debug 630: dir: /var
Debug 588: whitelist /var/games
Debug 609: expanded: /var/games
Debug 620: new_name: /var/games
Debug 630: dir: /var
Removed path: whitelist /var/games
	new_name: /var/games
	realpath: (null)
	No such file or directory
Debug 588: whitelist /tmp/.X11-unix
Debug 609: expanded: /tmp/.X11-unix
Debug 620: new_name: /tmp/.X11-unix
Debug 630: dir: /tmp
Adding whitelist top level directory /tmp
Debug 588: whitelist /tmp/sndio
Debug 609: expanded: /tmp/sndio
Debug 620: new_name: /tmp/sndio
Debug 630: dir: /tmp
Removed path: whitelist /tmp/sndio
	new_name: /tmp/sndio
	realpath: (null)
	No such file or directory
Mounting tmpfs on /run, check owner: no
3767 2485 0:117 / /run rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,mode=755,inode64
mountid=3767 fsname=/ dir=/run fstype=tmpfs
Whitelisting /run/user/1000
3796 3792 0:27 /firejail/firejail.ro.dir /run/user/1000/systemd ro,nosuid,nodev,noexec,relatime master:5 - tmpfs tmpfs rw,size=3146496k,mode=755,inode64
mountid=3796 fsname=/firejail/firejail.ro.dir dir=/run/user/1000/systemd fstype=tmpfs
Mounting tmpfs on /var, check owner: no
3797 3706 0:118 / /var rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,mode=755,inode64
mountid=3797 fsname=/ dir=/var fstype=tmpfs
Mounting tmpfs on /tmp, check owner: no
3798 2479 0:119 / /tmp rw,nosuid,nodev,relatime - tmpfs tmpfs rw,inode64
mountid=3798 fsname=/ dir=/tmp fstype=tmpfs
Whitelisting /run/NetworkManager/resolv.conf
3799 3767 0:27 /NetworkManager/resolv.conf /run/NetworkManager/resolv.conf rw,nosuid,nodev,noexec,relatime master:5 - tmpfs tmpfs rw,size=3146496k,mode=755,inode64
mountid=3799 fsname=/NetworkManager/resolv.conf dir=/run/NetworkManager/resolv.conf fstype=tmpfs
Whitelisting /run/avahi-daemon/socket
3800 3767 0:27 /avahi-daemon/socket /run/avahi-daemon/socket rw,nosuid,nodev,noexec,relatime master:5 - tmpfs tmpfs rw,size=3146496k,mode=755,inode64
mountid=3800 fsname=/avahi-daemon/socket dir=/run/avahi-daemon/socket fstype=tmpfs
Whitelisting /run/cups/cups.sock
3801 3767 0:27 /cups/cups.sock /run/cups/cups.sock rw,nosuid,nodev,noexec,relatime master:5 - tmpfs tmpfs rw,size=3146496k,mode=755,inode64
mountid=3801 fsname=/cups/cups.sock dir=/run/cups/cups.sock fstype=tmpfs
Whitelisting /run/dbus/system_bus_socket
3802 3767 0:27 /firejail/firejail.ro.file /run/dbus/system_bus_socket ro,nosuid,nodev,noexec,relatime master:5 - tmpfs tmpfs rw,size=3146496k,mode=755,inode64
mountid=3802 fsname=/firejail/firejail.ro.file dir=/run/dbus/system_bus_socket fstype=tmpfs
Created symbolic link /run/shm -> /dev/shm
Whitelisting /run/systemd/journal/dev-log
3803 3767 0:27 /systemd/journal/dev-log /run/systemd/journal/dev-log rw,nosuid,nodev,noexec,relatime master:5 - tmpfs tmpfs rw,size=3146496k,mode=755,inode64
mountid=3803 fsname=/systemd/journal/dev-log dir=/run/systemd/journal/dev-log fstype=tmpfs
Whitelisting /run/systemd/journal/socket
3804 3767 0:27 /systemd/journal/socket /run/systemd/journal/socket rw,nosuid,nodev,noexec,relatime master:5 - tmpfs tmpfs rw,size=3146496k,mode=755,inode64
mountid=3804 fsname=/systemd/journal/socket dir=/run/systemd/journal/socket fstype=tmpfs
Whitelisting /run/systemd/resolve/resolv.conf
3805 3767 0:27 /systemd/resolve/resolv.conf /run/systemd/resolve/resolv.conf rw,nosuid,nodev,noexec,relatime master:5 - tmpfs tmpfs rw,size=3146496k,mode=755,inode64
mountid=3805 fsname=/systemd/resolve/resolv.conf dir=/run/systemd/resolve/resolv.conf fstype=tmpfs
Whitelisting /run/systemd/resolve/stub-resolv.conf
3806 3767 0:27 /systemd/resolve/stub-resolv.conf /run/systemd/resolve/stub-resolv.conf rw,nosuid,nodev,noexec,relatime master:5 - tmpfs tmpfs rw,size=3146496k,mode=755,inode64
mountid=3806 fsname=/systemd/resolve/stub-resolv.conf dir=/run/systemd/resolve/stub-resolv.conf fstype=tmpfs
Whitelisting /run/udev/data
3807 3767 0:27 /udev/data /run/udev/data rw,nosuid,nodev,noexec,relatime master:5 - tmpfs tmpfs rw,size=3146496k,mode=755,inode64
mountid=3807 fsname=/udev/data dir=/run/udev/data fstype=tmpfs
Whitelisting /var/lib/aspell
3808 3797 252:1 /var/lib/aspell /var/lib/aspell ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw
mountid=3808 fsname=/var/lib/aspell dir=/var/lib/aspell fstype=ext4
Whitelisting /var/lib/dbus
3809 3797 252:1 /var/lib/dbus /var/lib/dbus ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw
mountid=3809 fsname=/var/lib/dbus dir=/var/lib/dbus fstype=ext4
Whitelisting /var/cache/fontconfig
3810 3797 252:1 /var/cache/fontconfig /var/cache/fontconfig ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw
mountid=3810 fsname=/var/cache/fontconfig dir=/var/cache/fontconfig fstype=ext4
Whitelisting /var/tmp
3811 3797 0:98 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw,inode64
mountid=3811 fsname=/ dir=/var/tmp fstype=tmpfs
Created symbolic link /var/run -> /run
Created symbolic link /var/lock -> /run/lock
Whitelisting /tmp/.X11-unix
3812 3798 252:1 /tmp/.X11-unix /tmp/.X11-unix rw,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw
mountid=3812 fsname=/tmp/.X11-unix dir=/tmp/.X11-unix fstype=ext4
Mounting read-only /home/local-optimum/.gnupg/trustdb.gpg
3813 3718 252:1 /home/local-optimum/.gnupg/trustdb.gpg /home/local-optimum/.gnupg/trustdb.gpg ro,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw
mountid=3813 fsname=/home/local-optimum/.gnupg/trustdb.gpg dir=/home/local-optimum/.gnupg/trustdb.gpg fstype=ext4
Mounting read-only /home/local-optimum/.gnupg/pubring.kbx
3814 3718 252:1 /home/local-optimum/.gnupg/pubring.kbx /home/local-optimum/.gnupg/pubring.kbx ro,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw
mountid=3814 fsname=/home/local-optimum/.gnupg/pubring.kbx dir=/home/local-optimum/.gnupg/pubring.kbx fstype=ext4
Add path entry /home/local-optimum/.nvm/versions/node/v22.15.0/bin
Add path entry /usr/local/sbin
Add path entry /usr/local/bin
Add path entry /usr/sbin
Add path entry /usr/bin
Add path entry /sbin
...skip path /bin
Add path entry /usr/games
Add path entry /usr/local/games
Add path entry /snap/bin
Number of path entries: 9
Disable /usr/libexec
Disable /home/local-optimum/.local/share/Trash
Disable /home/local-optimum/.python_history
Disable /home/local-optimum/.bash_history
Disable /home/local-optimum/.psql_history
Disable /home/local-optimum/.node_repl_history
Disable /home/local-optimum/.lesshst
Disable /etc/X11/Xsession.d
Disable /etc/xdg/autostart
Disable /home/local-optimum/.local/share/gnome-shell
Disable /home/local-optimum/.local/share/gvfs-metadata
Mounting read-only /home/local-optimum/.config/dconf
3826 3718 252:1 /home/local-optimum/.config/dconf /home/local-optimum/.config/dconf ro,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw
mountid=3826 fsname=/home/local-optimum/.config/dconf dir=/home/local-optimum/.config/dconf fstype=ext4
Disable /run/user/1000/gnome-session-leader-fifo
Disable /run/user/1000/gnome-shell
Disable /home/local-optimum/.config/systemd
Disable /usr/bin/systemctl
Disable /usr/bin/systemd-cgls
Disable /usr/bin/systemd-socket-activate
Disable /usr/bin/systemd-detect-virt
Disable /usr/bin/systemd-ask-password
Disable /usr/bin/systemd-cat
Disable /usr/bin/systemd-cryptsetup
Disable /usr/bin/systemd-firstboot
Disable /usr/bin/systemd-sysext
Disable /usr/bin/systemd-sysusers
Disable /usr/bin/systemd-machine-id-setup
Disable /usr/bin/systemd-sysext (requested /usr/bin/systemd-confext)
Disable /usr/bin/systemd-tmpfiles
Disable /usr/bin/systemd-inhibit
Disable /usr/bin/systemd-cryptenroll
Disable /usr/bin/systemd-stdio-bridge
Disable /usr/bin/systemd-ac-power
Disable /usr/lib/systemd/systemd (requested /usr/bin/systemd)
Disable /usr/bin/systemd-repart
Disable /usr/bin/systemd-cgtop
Disable /usr/bin/systemd-mount
Disable /usr/bin/systemd-id128
Disable /usr/bin/systemd-hwdb
Disable /usr/bin/systemd-creds
Disable /usr/bin/systemd-mount (requested /usr/bin/systemd-umount)
Disable /usr/bin/systemd-run
Disable /usr/bin/systemd-tty-ask-password-agent
Disable /usr/bin/systemd-notify
Disable /usr/bin/systemd-escape
Disable /usr/bin/systemd-analyze
Disable /usr/bin/systemd-path
Disable /usr/bin/systemd-delta
Disable /run/user/1000/systemd
Disable /run/user/1000/runc
Mounting read-only /home/local-optimum/.bash_logout
3864 3718 252:1 /home/local-optimum/.bash_logout /home/local-optimum/.bash_logout ro,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw
mountid=3864 fsname=/home/local-optimum/.bash_logout dir=/home/local-optimum/.bash_logout fstype=ext4
Mounting read-only /home/local-optimum/.bashrc
3865 3718 252:1 /home/local-optimum/.bashrc /home/local-optimum/.bashrc ro,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw
mountid=3865 fsname=/home/local-optimum/.bashrc dir=/home/local-optimum/.bashrc fstype=ext4
Mounting read-only /home/local-optimum/.profile
3866 3718 252:1 /home/local-optimum/.profile /home/local-optimum/.profile ro,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw
mountid=3866 fsname=/home/local-optimum/.profile dir=/home/local-optimum/.profile fstype=ext4
Disable /home/local-optimum/.ssh/authorized_keys
Mounting read-only /home/local-optimum/.nvm
3868 3718 252:1 /home/local-optimum/.nvm /home/local-optimum/.nvm ro,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw
mountid=3868 fsname=/home/local-optimum/.nvm dir=/home/local-optimum/.nvm fstype=ext4
Mounting read-only /home/local-optimum/.config/menus
3869 3718 252:1 /home/local-optimum/.config/menus /home/local-optimum/.config/menus ro,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw
mountid=3869 fsname=/home/local-optimum/.config/menus dir=/home/local-optimum/.config/menus fstype=ext4
Mounting read-only /home/local-optimum/.gnome/apps
3870 3718 252:1 /home/local-optimum/.gnome/apps /home/local-optimum/.gnome/apps ro,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw
mountid=3870 fsname=/home/local-optimum/.gnome/apps dir=/home/local-optimum/.gnome/apps fstype=ext4
Mounting read-only /home/local-optimum/.local/share/applications
3871 3718 252:1 /home/local-optimum/.local/share/applications /home/local-optimum/.local/share/applications ro,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw
mountid=3871 fsname=/home/local-optimum/.local/share/applications dir=/home/local-optimum/.local/share/applications fstype=ext4
Mounting read-only /home/local-optimum/.config/mimeapps.list
3872 3718 252:1 /home/local-optimum/.config/mimeapps.list /home/local-optimum/.config/mimeapps.list ro,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw
mountid=3872 fsname=/home/local-optimum/.config/mimeapps.list dir=/home/local-optimum/.config/mimeapps.list fstype=ext4
Mounting read-only /home/local-optimum/.config/user-dirs.dirs
3873 3718 252:1 /home/local-optimum/.config/user-dirs.dirs /home/local-optimum/.config/user-dirs.dirs ro,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw
mountid=3873 fsname=/home/local-optimum/.config/user-dirs.dirs dir=/home/local-optimum/.config/user-dirs.dirs fstype=ext4
Mounting read-only /home/local-optimum/.config/user-dirs.locale
3874 3718 252:1 /home/local-optimum/.config/user-dirs.locale /home/local-optimum/.config/user-dirs.locale ro,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw
mountid=3874 fsname=/home/local-optimum/.config/user-dirs.locale dir=/home/local-optimum/.config/user-dirs.locale fstype=ext4
Mounting read-only /home/local-optimum/.local/share/mime
3875 3718 252:1 /home/local-optimum/.local/share/mime /home/local-optimum/.local/share/mime ro,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw
mountid=3875 fsname=/home/local-optimum/.local/share/mime dir=/home/local-optimum/.local/share/mime fstype=ext4
Disable /etc/ssh
Not blacklist /home/local-optimum/.gnupg
Disable /home/local-optimum/.local/share/keyrings
Disable /home/local-optimum/.local/share/pki
Disable /home/local-optimum/.pki
Disable /home/local-optimum/.ssh
Disable /usr/sbin (requested /sbin)
Not blacklist /usr/local/sbin
Disable /usr/sbin
Disable /usr/bin/busybox
Disable /usr/bin/chage
Disable /usr/bin/chfn
Disable /usr/bin/chsh
Disable /usr/bin/crontab
Disable /usr/bin/expiry
Disable /usr/bin/fusermount3 (requested /usr/bin/fusermount)
Disable /usr/bin/fusermount3
Disable /usr/bin/gpasswd
Disable /usr/bin/hostname
Disable /usr/bin/mount
Disable /usr/bin/mountpoint
Disable /usr/bin/mtr
Disable /usr/bin/mtr-packet
Disable /usr/bin/nc.openbsd (requested /usr/bin/nc)
Disable /usr/bin/nc.openbsd
Disable /usr/bin/networkctl
Disable /usr/bin/newgidmap
Disable /usr/bin/newgrp
Disable /usr/bin/newuidmap
Disable /usr/bin/nm-online
Disable /usr/bin/nmcli
Disable /usr/bin/nmtui
Disable /usr/bin/nmtui (requested /usr/bin/nmtui-connect)
Disable /usr/bin/nmtui (requested /usr/bin/nmtui-edit)
Disable /usr/bin/nmtui (requested /usr/bin/nmtui-hostname)
Disable /usr/bin/ntfs-3g
Disable /usr/bin/passwd
Disable /usr/bin/pkexec
Disable /usr/bin/newgrp (requested /usr/bin/sg)
Disable /usr/bin/ss
Disable /usr/bin/strace
Disable /usr/bin/su
Disable /usr/bin/sudo
Disable /usr/bin/tcpdump
Disable /usr/bin/umount
Disable /usr/bin/wall
Disable /usr/bin/write
Disable /usr/bin/xev
Disable /usr/bin/xinput
Disable /usr/lib/dbus-1.0/dbus-daemon-launch-helper
Disable /usr/lib/openssh
Disable /usr/lib/polkit-1/polkit-agent-helper-1 (requested /usr/lib/policykit-1/polkit-agent-helper-1)
Disable /usr/lib/xorg/Xorg.wrap
Disable /usr/bin/dpkg
Disable /usr/bin/dpkg-statoverride
Disable /usr/bin/dpkg-maintscript-helper
Disable /usr/bin/dpkg-deb
Disable /usr/bin/dpkg-divert
Disable /usr/bin/dpkg-query
Disable /usr/bin/dpkg-split
Disable /usr/bin/dpkg-trigger
Disable /usr/bin/dpkg-realpath
Disable /usr/bin/apt-cache
Disable /usr/bin/apt-extracttemplates
Disable /usr/bin/apt-sortpkgs
Disable /usr/bin/apt-key
Disable /usr/bin/aptdcon
Disable /usr/bin/apt-cdrom
Disable /usr/bin/apt-config
Disable /usr/bin/add-apt-repository (requested /usr/bin/apt-add-repository)
Disable /usr/bin/apt
Disable /usr/bin/apt-get
Disable /usr/bin/apt-mark
Disable /usr/bin/apt-ftparchive
Disable /usr/bin/efibootdump
Disable /usr/bin/efibootmgr
Disable /usr/bin/aa-enabled
Disable /usr/bin/aa-exec
Disable /usr/bin/aa-features-abi
Disable /usr/bin/airscan-discover
Disable /usr/bin/dbus-send
Disable /usr/bin/dbus-cleanup-sockets
Disable /usr/bin/dbus-update-activation-environment
Disable /usr/bin/dbus-run-session
Disable /usr/bin/dbus-uuidgen
Disable /usr/bin/dbus-monitor
Disable /usr/bin/dbus-daemon
Disable /usr/bin/debconf-communicate
Disable /usr/bin/debconf-show
Disable /usr/bin/debconf-escape
Disable /usr/bin/debconf-set-selections
Disable /usr/bin/debconf
Disable /usr/bin/debconf-apt-progress
Disable /usr/bin/debconf-copydb
Disable /usr/bin/grub-mkrescue
Disable /usr/bin/grub-render-label
Disable /usr/bin/grub-file
Disable /usr/bin/grub-mknetdir
Disable /usr/bin/grub-mkpasswd-pbkdf2
Disable /usr/bin/grub-kbdcomp
Disable /usr/bin/grub-fstest
Disable /usr/bin/grub-mkimage
Disable /usr/bin/grub-editenv
Disable /usr/bin/grub-menulst2cfg
Disable /usr/bin/grub-syslinux2cfg
Disable /usr/bin/grub-mkstandalone
Disable /usr/bin/grub-glue-efi
Disable /usr/bin/grub-mkfont
Disable /usr/bin/grub-script-check
Disable /usr/bin/grub-mkrelpath
Disable /usr/bin/grub-mklayout
Disable /usr/bin/grub-mount
Disable /usr/bin/kernel-install
Disable /usr/bin/firemon
Disable /usr/bin/firecfg
Disable /usr/bin/jailcheck
Disable /usr/bin/gnome-terminal
Disable /usr/bin/gnome-terminal.wrapper
Disable /home/local-optimum/.cache/flatpak
Disable /home/local-optimum/.local/share/flatpak/db
Disable /home/local-optimum/.var
Disable /usr/bin/bwrap
Warning (blacklisting): cannot stat /run/user/1000/doc: Permission denied
Disable /home/local-optimum/snap
Disable /usr/bin/snap
Disable /usr/lib/snapd/snapctl (requested /usr/bin/snapctl)
Disable /run/user/1000/snapd-session-agent.socket
Disable /snap
Disable /usr/lib/snapd
Disable /usr/bin/delv
Disable /usr/bin/dig
Disable /usr/bin/mdig
Disable /usr/bin/host
Disable /usr/bin/nslookup
Disable /usr/bin/nsupdate
Disable /usr/bin/nstat
Disable /usr/bin/resolvectl
Disable /usr/bin/tnftp (requested /usr/bin/ftp)
Disable /usr/bin/ssh-keyscan
Disable /usr/bin/ssh-add
Disable /usr/bin/ssh-copy-id
Disable /usr/bin/ssh
Disable /usr/bin/ssh-keygen
Disable /usr/bin/ssh-agent
Disable /usr/bin/ssh-argv0
Disable /usr/bin/inetutils-telnet (requested /usr/bin/telnet)
Disable /run/user/1000/wayland-0.lock
Disable /run/user/1000/pipewire-0-manager.lock
Disable /run/user/1000/pipewire-0.lock
Disable /run/user/1000/pk-debconf-socket
Disable /run/user/1000/update-notifier.pid
Disable /usr/bin/patch
Disable /usr/bin/dh_perl_openssl
Disable /usr/bin/dh_installxmlcatalogs
Disable /usr/bin/dh_bash-completion
Disable /usr/bin/x86_64-linux-gnu-cpp-13 (requested /usr/bin/cpp-13)
Disable /usr/bin/x86_64-linux-gnu-cpp-13 (requested /usr/bin/cpp)
Disable /usr/bin/gdb
Disable /usr/bin/make (requested /usr/bin/gmake)
Disable /usr/bin/make
Disable /usr/bin/make-first-existing-target
Disable /usr/bin/x86_64-linux-gnu-cpp-13 (requested /usr/bin/x86_64-linux-gnu-cpp)
Disable /usr/bin/x86_64-linux-gnu-cpp-13
Not blacklist /home/local-optimum/.nvm/versions/node/v22.15.0/bin/java
Not blacklist /usr/local/sbin/java
Not blacklist /usr/local/bin/java
Not blacklist /usr/sbin/java
Not blacklist /usr/bin/java
Not blacklist /sbin/java
Not blacklist /usr/games/java
Not blacklist /usr/local/games/java
Not blacklist /snap/bin/java
Disable /usr/lib/jvm/bellsoft-java21-amd64/bin/javac (requested /usr/bin/javac)
Not blacklist /etc/java
Not blacklist /usr/lib/java
Not blacklist /usr/share/java
Disable /usr/bin/openssl
Disable /usr/lib/valgrind
Disable /usr/include
Disable /usr/local/include
Disable /usr/local/src
Disable /usr/src
Mounting noexec /home/local-optimum
4075 4043 0:27 /firejail/firejail.ro.dir /home/local-optimum/snap ro,nosuid,nodev,noexec,relatime master:5 - tmpfs tmpfs rw,size=3146496k,mode=755,inode64
mountid=4075 fsname=/firejail/firejail.ro.dir dir=/home/local-optimum/snap fstype=tmpfs
Mounting noexec /home/local-optimum/.gnupg/trustdb.gpg
4076 4044 252:1 /home/local-optimum/.gnupg/trustdb.gpg /home/local-optimum/.gnupg/trustdb.gpg ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw
mountid=4076 fsname=/home/local-optimum/.gnupg/trustdb.gpg dir=/home/local-optimum/.gnupg/trustdb.gpg fstype=ext4
Mounting noexec /home/local-optimum/.gnupg/pubring.kbx
4077 4045 252:1 /home/local-optimum/.gnupg/pubring.kbx /home/local-optimum/.gnupg/pubring.kbx ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw
mountid=4077 fsname=/home/local-optimum/.gnupg/pubring.kbx dir=/home/local-optimum/.gnupg/pubring.kbx fstype=ext4
Mounting noexec /home/local-optimum/.config/dconf
4078 4054 252:1 /home/local-optimum/.config/dconf /home/local-optimum/.config/dconf ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw
mountid=4078 fsname=/home/local-optimum/.config/dconf dir=/home/local-optimum/.config/dconf fstype=ext4
Mounting noexec /home/local-optimum/.bash_logout
4079 4056 252:1 /home/local-optimum/.bash_logout /home/local-optimum/.bash_logout ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw
mountid=4079 fsname=/home/local-optimum/.bash_logout dir=/home/local-optimum/.bash_logout fstype=ext4
Mounting noexec /home/local-optimum/.bashrc
4080 4057 252:1 /home/local-optimum/.bashrc /home/local-optimum/.bashrc ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw
mountid=4080 fsname=/home/local-optimum/.bashrc dir=/home/local-optimum/.bashrc fstype=ext4
Mounting noexec /home/local-optimum/.profile
4081 4058 252:1 /home/local-optimum/.profile /home/local-optimum/.profile ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw
mountid=4081 fsname=/home/local-optimum/.profile dir=/home/local-optimum/.profile fstype=ext4
Warning: not remounting /home/local-optimum/.ssh/authorized_keys
Mounting noexec /home/local-optimum/.nvm
4082 4060 252:1 /home/local-optimum/.nvm /home/local-optimum/.nvm ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw
mountid=4082 fsname=/home/local-optimum/.nvm dir=/home/local-optimum/.nvm fstype=ext4
Mounting noexec /home/local-optimum/.config/menus
4083 4061 252:1 /home/local-optimum/.config/menus /home/local-optimum/.config/menus ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw
mountid=4083 fsname=/home/local-optimum/.config/menus dir=/home/local-optimum/.config/menus fstype=ext4
Mounting noexec /home/local-optimum/.gnome/apps
4084 4062 252:1 /home/local-optimum/.gnome/apps /home/local-optimum/.gnome/apps ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw
mountid=4084 fsname=/home/local-optimum/.gnome/apps dir=/home/local-optimum/.gnome/apps fstype=ext4
Mounting noexec /home/local-optimum/.local/share/applications
4085 4063 252:1 /home/local-optimum/.local/share/applications /home/local-optimum/.local/share/applications ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw
mountid=4085 fsname=/home/local-optimum/.local/share/applications dir=/home/local-optimum/.local/share/applications fstype=ext4
Mounting noexec /home/local-optimum/.config/mimeapps.list
4086 4064 252:1 /home/local-optimum/.config/mimeapps.list /home/local-optimum/.config/mimeapps.list ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw
mountid=4086 fsname=/home/local-optimum/.config/mimeapps.list dir=/home/local-optimum/.config/mimeapps.list fstype=ext4
Mounting noexec /home/local-optimum/.config/user-dirs.dirs
4087 4065 252:1 /home/local-optimum/.config/user-dirs.dirs /home/local-optimum/.config/user-dirs.dirs ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw
mountid=4087 fsname=/home/local-optimum/.config/user-dirs.dirs dir=/home/local-optimum/.config/user-dirs.dirs fstype=ext4
Mounting noexec /home/local-optimum/.config/user-dirs.locale
4088 4066 252:1 /home/local-optimum/.config/user-dirs.locale /home/local-optimum/.config/user-dirs.locale ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw
mountid=4088 fsname=/home/local-optimum/.config/user-dirs.locale dir=/home/local-optimum/.config/user-dirs.locale fstype=ext4
Mounting noexec /home/local-optimum/.local/share/mime
4089 4067 252:1 /home/local-optimum/.local/share/mime /home/local-optimum/.local/share/mime ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw
mountid=4089 fsname=/home/local-optimum/.local/share/mime dir=/home/local-optimum/.local/share/mime fstype=ext4
Mounting noexec /run/user/1000
4104 4090 0:27 /firejail/firejail.ro.file /run/user/1000/update-notifier.pid ro,nosuid,nodev,noexec,relatime master:5 - tmpfs tmpfs rw,size=3146496k,mode=755,inode64
mountid=4104 fsname=/firejail/firejail.ro.file dir=/run/user/1000/update-notifier.pid fstype=tmpfs
Warning: not remounting /run/user/1000/doc
Warning: not remounting /run/user/1000/gvfs
Mounting noexec /dev/shm
4105 3739 0:114 /shm /dev/shm rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64
mountid=4105 fsname=/shm dir=/dev/shm fstype=tmpfs
Mounting noexec /tmp
4107 4106 252:1 /tmp/.X11-unix /tmp/.X11-unix rw,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw
mountid=4107 fsname=/tmp/.X11-unix dir=/tmp/.X11-unix fstype=ext4
Mounting noexec /tmp/.X11-unix
4108 4107 252:1 /tmp/.X11-unix /tmp/.X11-unix rw,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw
mountid=4108 fsname=/tmp/.X11-unix dir=/tmp/.X11-unix fstype=ext4
Disable /home/local-optimum/.cache/babl
Disable /home/local-optimum/.cache/evolution
Disable /home/local-optimum/.cache/gegl-0.4
Disable /home/local-optimum/.cache/gimp
Disable /home/local-optimum/.cache/gnome-software
Disable /home/local-optimum/.cache/mozilla
Disable /home/local-optimum/.cache/rhythmbox
Disable /home/local-optimum/.cache/shotwell
Disable /home/local-optimum/.cache/simple-scan
Disable /home/local-optimum/.cache/wine
Disable /home/local-optimum/.cache/winetricks
Disable /home/local-optimum/.config/Code
Disable /home/local-optimum/.config/GIMP
Disable /home/local-optimum/.config/Postman
Disable /home/local-optimum/.config/enchant
Disable /home/local-optimum/.config/eog
Disable /home/local-optimum/.config/evolution
Disable /home/local-optimum/.config/gnome-initial-setup-done
Disable /home/local-optimum/.config/gnome-session
Not blacklist /home/local-optimum/.config/libreoffice
Disable /home/local-optimum/.config/nautilus
Disable /home/local-optimum/.config/remmina
Disable /home/local-optimum/.config/totem
Disable /home/local-optimum/.config/yelp
Disable /home/local-optimum/.gitconfig
Disable /home/local-optimum/.gradle
Not blacklist /home/local-optimum/.java
Disable /home/local-optimum/.local/share/JetBrains
Disable /home/local-optimum/.local/share/evolution
Disable /home/local-optimum/.local/share/godot
Disable /home/local-optimum/.local/share/nautilus
Disable /home/local-optimum/.local/share/remmina
Disable /home/local-optimum/.local/share/rhythmbox
Disable /home/local-optimum/.local/share/shotwell
Disable /home/local-optimum/.local/share/totem
Disable /home/local-optimum/.mozilla
Disable /home/local-optimum/.npm
Disable /home/local-optimum/.nvm
Disable /home/local-optimum/.vscode
Disable /home/local-optimum/.wget-hsts
Disable /home/local-optimum/.wine
Disable /home/local-optimum/Postman
Disable /run/user/1000/snap.firefox
Mounting tmpfs on /home/local-optimum/.cache, check owner: yes
4151 4043 0:120 / /home/local-optimum/.cache rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,mode=700,uid=1000,gid=1000,inode64
mountid=4151 fsname=/ dir=/home/local-optimum/.cache fstype=tmpfs
Mounting read-only /tmp/.X11-unix
4152 4108 252:1 /tmp/.X11-unix /tmp/.X11-unix ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw
mountid=4152 fsname=/tmp/.X11-unix dir=/tmp/.X11-unix fstype=ext4
Disable /sys/fs
Disable /sys/module
Base filesystem installed in 56.52 ms
Mounting noexec /run/firejail/mnt/pulse
4155 3771 0:95 /pulse /run/firejail/mnt/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64
mountid=4155 fsname=/pulse dir=/run/firejail/mnt/pulse fstype=tmpfs
Mounting /run/firejail/mnt/pulse on /home/local-optimum/.config/pulse
4156 4043 0:95 /pulse /home/local-optimum/.config/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64
mountid=4156 fsname=/pulse dir=/home/local-optimum/.config/pulse fstype=tmpfs
Current directory: /home/local-optimum
DISPLAY=:0 parsed as 0
Install protocol filter: unix,inet,inet6
configuring 23 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol
sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol 
Dropping all capabilities
Drop privileges: pid 39, uid 1000, gid 1000, force_nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 04 00 c000003e   jeq ARCH_64 0006 (false 0002)
 0002: 20 00 00 00000000   ld  data.syscall-number
 0003: 15 01 00 00000167   jeq unknown 0005 (false 0004)
 0004: 06 00 00 7fff0000   ret ALLOW
 0005: 05 00 00 00000009   jmp 000f
 0006: 20 00 00 00000004   ld  data.architecture
 0007: 15 01 00 c000003e   jeq ARCH_64 0009 (false 0008)
 0008: 06 00 00 7fff0000   ret ALLOW
 0009: 20 00 00 00000000   ld  data.syscall-number
 000a: 35 01 00 40000000   jge X32_ABI 000c (false 000b)
 000b: 35 01 00 00000000   jge read 000d (false 000c)
 000c: 06 00 00 00050001   ret ERRNO(1)
 000d: 15 01 00 00000029   jeq socket 000f (false 000e)
 000e: 06 00 00 7fff0000   ret ALLOW
 000f: 20 00 00 00000010   ld  data.args[0]
 0010: 15 00 01 00000001   jeq 1 0011 (false 0012)
 0011: 06 00 00 7fff0000   ret ALLOW
 0012: 15 00 01 00000002   jeq 2 0013 (false 0014)
 0013: 06 00 00 7fff0000   ret ALLOW
 0014: 15 00 01 0000000a   jeq a 0015 (false 0016)
 0015: 06 00 00 7fff0000   ret ALLOW
 0016: 06 00 00 0005005f   ret ERRNO(95)
configuring 54 seccomp entries in /run/firejail/mnt/seccomp/seccomp.32
sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp.32 
Dropping all capabilities
Drop privileges: pid 40, uid 1000, gid 1000, force_nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 40000003   jeq ARCH_32 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 15 30 00 00000015   jeq 15 0035 (false 0005)
 0005: 15 2f 00 00000034   jeq 34 0035 (false 0006)
 0006: 15 2e 00 0000001a   jeq 1a 0035 (false 0007)
 0007: 15 2d 00 0000011b   jeq 11b 0035 (false 0008)
 0008: 15 2c 00 00000155   jeq 155 0035 (false 0009)
 0009: 15 2b 00 00000156   jeq 156 0035 (false 000a)
 000a: 15 2a 00 0000007f   jeq 7f 0035 (false 000b)
 000b: 15 29 00 00000080   jeq 80 0035 (false 000c)
 000c: 15 28 00 0000015e   jeq 15e 0035 (false 000d)
 000d: 15 27 00 00000081   jeq 81 0035 (false 000e)
 000e: 15 26 00 0000006e   jeq 6e 0035 (false 000f)
 000f: 15 25 00 00000065   jeq 65 0035 (false 0010)
 0010: 15 24 00 00000121   jeq 121 0035 (false 0011)
 0011: 15 23 00 00000057   jeq 57 0035 (false 0012)
 0012: 15 22 00 00000073   jeq 73 0035 (false 0013)
 0013: 15 21 00 00000067   jeq 67 0035 (false 0014)
 0014: 15 20 00 0000015b   jeq 15b 0035 (false 0015)
 0015: 15 1f 00 0000015c   jeq 15c 0035 (false 0016)
 0016: 15 1e 00 00000087   jeq 87 0035 (false 0017)
 0017: 15 1d 00 00000095   jeq 95 0035 (false 0018)
 0018: 15 1c 00 0000007c   jeq 7c 0035 (false 0019)
 0019: 15 1b 00 00000157   jeq 157 0035 (false 001a)
 001a: 15 1a 00 000000fd   jeq fd 0035 (false 001b)
 001b: 15 19 00 00000150   jeq 150 0035 (false 001c)
 001c: 15 18 00 00000152   jeq 152 0035 (false 001d)
 001d: 15 17 00 0000015d   jeq 15d 0035 (false 001e)
 001e: 15 16 00 0000011e   jeq 11e 0035 (false 001f)
 001f: 15 15 00 0000011f   jeq 11f 0035 (false 0020)
 0020: 15 14 00 00000120   jeq 120 0035 (false 0021)
 0021: 15 13 00 00000056   jeq 56 0035 (false 0022)
 0022: 15 12 00 00000033   jeq 33 0035 (false 0023)
 0023: 15 11 00 0000007b   jeq 7b 0035 (false 0024)
 0024: 15 10 00 000000d9   jeq d9 0035 (false 0025)
 0025: 15 0f 00 000000f5   jeq f5 0035 (false 0026)
 0026: 15 0e 00 000000f6   jeq f6 0035 (false 0027)
 0027: 15 0d 00 000000f7   jeq f7 0035 (false 0028)
 0028: 15 0c 00 000000f8   jeq f8 0035 (false 0029)
 0029: 15 0b 00 000000f9   jeq f9 0035 (false 002a)
 002a: 15 0a 00 00000101   jeq 101 0035 (false 002b)
 002b: 15 09 00 00000112   jeq 112 0035 (false 002c)
 002c: 15 08 00 00000114   jeq 114 0035 (false 002d)
 002d: 15 07 00 00000126   jeq 126 0035 (false 002e)
 002e: 15 06 00 0000013d   jeq 13d 0035 (false 002f)
 002f: 15 05 00 0000013c   jeq 13c 0035 (false 0030)
 0030: 15 04 00 0000003d   jeq 3d 0035 (false 0031)
 0031: 15 03 00 00000058   jeq 58 0035 (false 0032)
 0032: 15 02 00 000000a9   jeq a9 0035 (false 0033)
 0033: 15 01 00 00000082   jeq 82 0035 (false 0034)
 0034: 06 00 00 7fff0000   ret ALLOW
 0035: 06 00 00 00050001   ret ERRNO(1)
Dual 32/64 bit seccomp filter configured
configuring 80 seccomp entries in /run/firejail/mnt/seccomp/seccomp
sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp 
Dropping all capabilities
Drop privileges: pid 41, uid 1000, gid 1000, force_nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 35 01 00 40000000   jge X32_ABI 0006 (false 0005)
 0005: 35 01 00 00000000   jge read 0007 (false 0006)
 0006: 06 00 00 00050001   ret ERRNO(1)
 0007: 15 47 00 0000009f   jeq adjtimex 004f (false 0008)
 0008: 15 46 00 00000131   jeq clock_adjtime 004f (false 0009)
 0009: 15 45 00 000000e3   jeq clock_settime 004f (false 000a)
 000a: 15 44 00 000000a4   jeq settimeofday 004f (false 000b)
 000b: 15 43 00 0000009a   jeq modify_ldt 004f (false 000c)
 000c: 15 42 00 000000d4   jeq lookup_dcookie 004f (false 000d)
 000d: 15 41 00 0000012a   jeq perf_event_open 004f (false 000e)
 000e: 15 40 00 000001b6   jeq pidfd_getfd 004f (false 000f)
 000f: 15 3f 00 00000137   jeq process_vm_writev 004f (false 0010)
 0010: 15 3e 00 000000b0   jeq delete_module 004f (false 0011)
 0011: 15 3d 00 00000139   jeq finit_module 004f (false 0012)
 0012: 15 3c 00 000000af   jeq init_module 004f (false 0013)
 0013: 15 3b 00 000000a1   jeq chroot 004f (false 0014)
 0014: 15 3a 00 000001af   jeq fsconfig 004f (false 0015)
 0015: 15 39 00 000001b0   jeq fsmount 004f (false 0016)
 0016: 15 38 00 000001ae   jeq fsopen 004f (false 0017)
 0017: 15 37 00 000001b1   jeq fspick 004f (false 0018)
 0018: 15 36 00 000000a5   jeq mount 004f (false 0019)
 0019: 15 35 00 000001ad   jeq move_mount 004f (false 001a)
 001a: 15 34 00 000001ac   jeq open_tree 004f (false 001b)
 001b: 15 33 00 0000009b   jeq pivot_root 004f (false 001c)
 001c: 15 32 00 000000a6   jeq umount2 004f (false 001d)
 001d: 15 31 00 0000009c   jeq _sysctl 004f (false 001e)
 001e: 15 30 00 000000b7   jeq afs_syscall 004f (false 001f)
 001f: 15 2f 00 000000ae   jeq create_module 004f (false 0020)
 0020: 15 2e 00 000000b1   jeq get_kernel_syms 004f (false 0021)
 0021: 15 2d 00 000000b5   jeq getpmsg 004f (false 0022)
 0022: 15 2c 00 000000b6   jeq putpmsg 004f (false 0023)
 0023: 15 2b 00 000000b2   jeq query_module 004f (false 0024)
 0024: 15 2a 00 000000b9   jeq security 004f (false 0025)
 0025: 15 29 00 0000008b   jeq sysfs 004f (false 0026)
 0026: 15 28 00 000000b8   jeq tuxcall 004f (false 0027)
 0027: 15 27 00 00000086   jeq uselib 004f (false 0028)
 0028: 15 26 00 00000088   jeq ustat 004f (false 0029)
 0029: 15 25 00 000000ec   jeq vserver 004f (false 002a)
 002a: 15 24 00 000000ad   jeq ioperm 004f (false 002b)
 002b: 15 23 00 000000ac   jeq iopl 004f (false 002c)
 002c: 15 22 00 000000f6   jeq kexec_load 004f (false 002d)
 002d: 15 21 00 00000140   jeq kexec_file_load 004f (false 002e)
 002e: 15 20 00 000000a9   jeq reboot 004f (false 002f)
 002f: 15 1f 00 000000a7   jeq swapon 004f (false 0030)
 0030: 15 1e 00 000000a8   jeq swapoff 004f (false 0031)
 0031: 15 1d 00 00000130   jeq open_by_handle_at 004f (false 0032)
 0032: 15 1c 00 0000012f   jeq name_to_handle_at 004f (false 0033)
 0033: 15 1b 00 000000fb   jeq ioprio_set 004f (false 0034)
 0034: 15 1a 00 00000067   jeq syslog 004f (false 0035)
 0035: 15 19 00 0000012c   jeq fanotify_init 004f (false 0036)
 0036: 15 18 00 000000f8   jeq add_key 004f (false 0037)
 0037: 15 17 00 000000f9   jeq request_key 004f (false 0038)
 0038: 15 16 00 000000ed   jeq mbind 004f (false 0039)
 0039: 15 15 00 00000100   jeq migrate_pages 004f (false 003a)
 003a: 15 14 00 00000117   jeq move_pages 004f (false 003b)
 003b: 15 13 00 000000fa   jeq keyctl 004f (false 003c)
 003c: 15 12 00 000000ce   jeq io_setup 004f (false 003d)
 003d: 15 11 00 000000cf   jeq io_destroy 004f (false 003e)
 003e: 15 10 00 000000d0   jeq io_getevents 004f (false 003f)
 003f: 15 0f 00 000000d1   jeq io_submit 004f (false 0040)
 0040: 15 0e 00 000000d2   jeq io_cancel 004f (false 0041)
 0041: 15 0d 00 000000d8   jeq remap_file_pages 004f (false 0042)
 0042: 15 0c 00 000000ee   jeq set_mempolicy 004f (false 0043)
 0043: 15 0b 00 00000116   jeq vmsplice 004f (false 0044)
 0044: 15 0a 00 00000143   jeq userfaultfd 004f (false 0045)
 0045: 15 09 00 000000a3   jeq acct 004f (false 0046)
 0046: 15 08 00 00000141   jeq bpf 004f (false 0047)
 0047: 15 07 00 000000b4   jeq nfsservctl 004f (false 0048)
 0048: 15 06 00 000000ab   jeq setdomainname 004f (false 0049)
 0049: 15 05 00 000000aa   jeq sethostname 004f (false 004a)
 004a: 15 04 00 00000099   jeq vhangup 004f (false 004b)
 004b: 15 03 00 00000065   jeq ptrace 004f (false 004c)
 004c: 15 02 00 00000087   jeq personality 004f (false 004d)
 004d: 15 01 00 00000136   jeq process_vm_readv 004f (false 004e)
 004e: 06 00 00 7fff0000   ret ALLOW
 004f: 06 00 01 00050001   ret ERRNO(1)
seccomp filter configured
Install namespaces filter
configuring 26 seccomp entries in /run/firejail/mnt/seccomp/seccomp.namespaces
sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp.namespaces 
Dropping all capabilities
Drop privileges: pid 42, uid 1000, gid 1000, force_nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 35 01 00 40000000   jge X32_ABI 0006 (false 0005)
 0005: 35 01 00 00000000   jge read 0007 (false 0006)
 0006: 06 00 00 00050001   ret ERRNO(1)
 0007: 15 00 04 00000038   jeq clone 0008 (false 000c)
 0008: 20 00 00 00000010   ld  data.args[0]
 0009: 45 00 01 7e020000   jset 7e020000 000a (false 000b)
 000a: 06 00 00 00050001   ret ERRNO(1)
 000b: 06 00 00 7fff0000   ret ALLOW
 000c: 15 00 01 000001b3   jeq 1b3 000d (false 000e)
 000d: 06 00 00 00050026   ret ERRNO(38)
 000e: 15 00 04 00000110   jeq 110 000f (false 0013)
 000f: 20 00 00 00000010   ld  data.args[0]
 0010: 45 00 01 7e020080   jset 7e020080 0011 (false 0012)
 0011: 06 00 00 00050001   ret ERRNO(1)
 0012: 06 00 00 7fff0000   ret ALLOW
 0013: 15 00 04 00000134   jeq 134 0014 (false 0018)
 0014: 20 00 00 00000018   ld  data.args[8]
 0015: 15 01 00 00000000   jeq 0 0017 (false 0016)
 0016: 45 00 01 7e020080   jset 7e020080 0017 (false 0018)
 0017: 06 00 00 00050001   ret ERRNO(1)
 0018: 06 00 00 7fff0000   ret ALLOW
 0019: 06 00 00 7fff0000   ret ALLOW
configuring 26 seccomp entries in /run/firejail/mnt/seccomp/seccomp.namespaces.32
sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp.namespaces.32 
Dropping all capabilities
Drop privileges: pid 43, uid 1000, gid 1000, force_nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 35 01 00 40000000   jge X32_ABI 0006 (false 0005)
 0005: 35 01 00 00000000   jge read 0007 (false 0006)
 0006: 06 00 00 00050001   ret ERRNO(1)
 0007: 15 00 04 00000038   jeq clone 0008 (false 000c)
 0008: 20 00 00 00000010   ld  data.args[0]
 0009: 45 00 01 7e020000   jset 7e020000 000a (false 000b)
 000a: 06 00 00 00050001   ret ERRNO(1)
 000b: 06 00 00 7fff0000   ret ALLOW
 000c: 15 00 01 000001b3   jeq 1b3 000d (false 000e)
 000d: 06 00 00 00050026   ret ERRNO(38)
 000e: 15 00 04 00000110   jeq 110 000f (false 0013)
 000f: 20 00 00 00000010   ld  data.args[0]
 0010: 45 00 01 7e020080   jset 7e020080 0011 (false 0012)
 0011: 06 00 00 00050001   ret ERRNO(1)
 0012: 06 00 00 7fff0000   ret ALLOW
 0013: 15 00 04 00000134   jeq 134 0014 (false 0018)
 0014: 20 00 00 00000018   ld  data.args[8]
 0015: 15 01 00 00000000   jeq 0 0017 (false 0016)
 0016: 45 00 01 7e020080   jset 7e020080 0017 (false 0018)
 0017: 06 00 00 00050001   ret ERRNO(1)
 0018: 06 00 00 7fff0000   ret ALLOW
 0019: 06 00 00 7fff0000   ret ALLOW
Mounting read-only /run/firejail/mnt/seccomp
4158 3771 0:95 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755,inode64
mountid=4158 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs
Seccomp directory:
ls /run/firejail/mnt/seccomp
drwxr-xr-x root     root             200 .
drwxr-xr-x root     root             360 ..
-rw-r--r-- local-op local-op         640 seccomp
-rw-r--r-- local-op local-op         432 seccomp.32
-rw-r--r-- local-op local-op         207 seccomp.list
-rw-r--r-- local-op local-op         208 seccomp.namespaces
-rw-r--r-- local-op local-op         208 seccomp.namespaces.32
-rw-r--r-- local-op local-op           0 seccomp.postexec
-rw-r--r-- local-op local-op           0 seccomp.postexec32
-rw-r--r-- local-op local-op         184 seccomp.protocol
Active seccomp files:
cat /run/firejail/mnt/seccomp/seccomp.list
/run/firejail/mnt/seccomp/seccomp.protocol
/run/firejail/mnt/seccomp/seccomp.32
/run/firejail/mnt/seccomp/seccomp
/run/firejail/mnt/seccomp/seccomp.namespaces
/run/firejail/mnt/seccomp/seccomp.namespaces.32
Dropping all capabilities
nogroups command not ignored
pid=22023: unlocking /run/firejail/firejail-network.lock ...
noroot user namespace installed
pid=22023: already unlocked /run/firejail/firejail-network.lock
Dropping all capabilities
NO_NEW_PRIVS set
Drop privileges: pid 1, uid 1000, gid 1000, force_nogroups 0
AppArmor enabled
Closing non-standard file descriptors
Starting application
LD_PRELOAD=(null)
Not enforcing Landlock
execvp argument 0: libreoffice
Child process initialized in 182.68 ms
Searching $PATH for libreoffice
trying #/home/local-optimum/.nvm/versions/node/v22.15.0/bin/libreoffice#
trying #/usr/local/sbin/libreoffice#
trying #/usr/local/bin/libreoffice#
trying #/usr/sbin/libreoffice#
trying #/usr/bin/libreoffice#
Installing /run/firejail/mnt/seccomp/seccomp.namespaces.32 seccomp filter
Installing /run/firejail/mnt/seccomp/seccomp.namespaces seccomp filter
Installing /run/firejail/mnt/seccomp/seccomp seccomp filter
Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter
Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter
Warning: failed to launch javaldx - java may not function correctly
monitoring pid 44


(soffice:59): IBUS-WARNING **: 15:34:36.738: Unable to connect to ibus: Could not connect: No such file or directory

Originally created by @Lidoca on GitHub (May 13, 2025). Original GitHub issue: https://github.com/netblue30/firejail/issues/6749 <!-- See the following links for help with formatting: https://guides.github.com/features/mastering-markdown/ https://docs.github.com/en/github/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax --> ### Description Running `libreoffice` with firejail default profile makes IBus unavailable, resulting users cannot switch input sources ### Steps to Reproduce 1. Run `libreoffice` with default Firejail profile (`sudo firecfg`) 2. Observe the output 3. Try to change the input source through IBus 4. Type anything through the keyboard if the input source is changed ### Expected behavior There's no problem with IBus, input sources can be changed ### Actual behavior Unable to connect to IBus, input source cannot be changed ### Behavior without a profile Through the command `firejail --noprofile libreoffice`, the behavior is slightly different, **Permission denied** instead of **No such file or directory** IBus is usable only if LibreOffice is not run through Firejail (no `--noprofile` or `firecfg` is configured) ```output firejail version 0.9.74 Parent pid 16236, child pid 16237 Base filesystem installed in 0.03 ms Child process initialized in 14.87 ms Warning: failed to launch javaldx - java may not function correctly (soffice:18): IBUS-WARNING **: 15:18:16.037: Unable to connect to ibus: Could not connect: Permission denied ``` ### Additional context _Any other detail that may help to understand/debug the problem_ ### Environment - Name/version/arch of the Linux kernel (`uname -srm`): Linux 6.11.0-25-generic x86_64 - Name/version of the Linux distribution (e.g. "Ubuntu 20.04" or "Arch Linux"): Ubuntu 24.04 - Name/version of the relevant program(s)/package(s) (e.g. "firefox 134.0-1, mesa 1:24.3.3-2"): libreoffice 4:24.2.7-0ubuntu0.24.04.4 - Version of Firejail (`firejail --version`): 0.9.74 ### Checklist <!-- Note: Items are checked with an "x", like so: - [x] This is a checked item. --> - [x] The issues is caused by firejail (i.e. running the program by path (e.g. `/usr/bin/vlc`) "fixes" it). - [x] I can reproduce the issue without custom modifications (e.g. globals.local). - [x] The program has a profile. (If not, request one in `https://github.com/netblue30/firejail/issues/1139`) - [x] The profile (and redirect profile if exists) hasn't already been fixed [upstream](https://github.com/netblue30/firejail/tree/master/etc). - [x] I have performed a short search for similar issues (to avoid opening a duplicate). - [ ] I'm aware of `browser-allow-drm yes`/`browser-disable-u2f no` in `firejail.config` to allow DRM/U2F in browsers. - [ ] I used `--profile=PROFILENAME` to set the right profile. (Only relevant for AppImages) ### Log <details> <summary>Output of <code>LC_ALL=C firejail /path/to/program</code></summary> <p> ``` Reading profile /etc/firejail/libreoffice.profile Reading profile /etc/firejail/allow-java.inc Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/whitelist-run-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Warning: networking feature is disabled in Firejail configuration file firejail version 0.9.74 Parent pid 21706, child pid 21707 Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Private /etc installed in 70.81 ms Warning: not remounting /home/local-optimum/.ssh/authorized_keys Warning: not remounting /run/user/1000/doc Warning: not remounting /run/user/1000/gvfs Base filesystem installed in 55.53 ms Child process initialized in 165.11 ms Warning: failed to launch javaldx - java may not function correctly (soffice:54): IBUS-WARNING **: 15:33:58.438: Unable to connect to ibus: Could not connect: No such file or directory ``` </p> </details> <details> <summary>Output of <code>LC_ALL=C firejail --debug /path/to/program</code></summary> <p> ``` Looking for kernel processes Found kthreadd process, we are not running in a sandbox pid=22023: locking /run/firejail/firejail-run.lock ... pid=22023: locked /run/firejail/firejail-run.lock pid=22023: unlocking /run/firejail/firejail-run.lock ... pid=22023: unlocked /run/firejail/firejail-run.lock Building quoted command line: 'libreoffice' Command name #libreoffice# Found libreoffice.profile profile in /etc/firejail directory Reading profile /etc/firejail/libreoffice.profile Cannot access .local file libreoffice.local: No such file or directory, skipping... Cannot access .local file globals.local: No such file or directory, skipping... Found allow-java.inc profile in /etc/firejail directory Reading profile /etc/firejail/allow-java.inc Cannot access .local file allow-java.local: No such file or directory, skipping... Found disable-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-common.inc Cannot access .local file disable-common.local: No such file or directory, skipping... Found disable-devel.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-devel.inc Cannot access .local file disable-devel.local: No such file or directory, skipping... Found disable-exec.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-exec.inc Cannot access .local file disable-exec.local: No such file or directory, skipping... Found disable-programs.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-programs.inc Cannot access .local file disable-programs.local: No such file or directory, skipping... Found whitelist-run-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-run-common.inc Cannot access .local file whitelist-run-common.local: No such file or directory, skipping... Found whitelist-var-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-var-common.inc Cannot access .local file whitelist-var-common.local: No such file or directory, skipping... Warning: networking feature is disabled in Firejail configuration file [profile] combined protocol list: "unix,inet,inet6" firejail version 0.9.74 pid=22023: locking /run/firejail/firejail-run.lock ... pid=22023: locked /run/firejail/firejail-run.lock DISPLAY=:0 parsed as 0 pid=22023: unlocking /run/firejail/firejail-run.lock ... pid=22023: unlocked /run/firejail/firejail-run.lock Using the local network stack Parent pid 22023, child pid 22024 Initializing child process Host network configured PID namespace installed Mounting tmpfs on /run/firejail/mnt directory Creating empty /run/firejail/mnt/seccomp directory Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file IBUS_ADDRESS=unix:path=/home/local-optimum/.cache/ibus/dbus-Sg2mT7TU,guid=3d1928b615998d946e3b29ec6822dd8a IBUS_DAEMON_PID=3235 Build protocol filter: unix,inet,inet6 sbox run: /run/firejail/lib/fseccomp protocol build unix,inet,inet6 /run/firejail/mnt/seccomp/seccomp.protocol Dropping all capabilities Drop privileges: pid 2, uid 1000, gid 1000, force_nogroups 1 No supplementary groups Drop privileges: pid 3, uid 1000, gid 1000, force_nogroups 0 nogroups command not ignored No supplementary groups Mounting /proc filesystem representing the PID namespace Basic read-only filesystem: Mounting read-only /etc 2536 2479 252:1 /etc /etc ro,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw mountid=2536 fsname=/etc dir=/etc fstype=ext4 Mounting noexec /etc 2537 2536 252:1 /etc /etc ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw mountid=2537 fsname=/etc dir=/etc fstype=ext4 Mounting read-only /var 3705 3704 252:1 /usr/share/hunspell /var/snap/firefox/common/host-hunspell ro,noexec,noatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw mountid=3705 fsname=/usr/share/hunspell dir=/var/snap/firefox/common/host-hunspell fstype=ext4 Mounting noexec /var 3707 3706 252:1 /usr/share/hunspell /var/snap/firefox/common/host-hunspell ro,noexec,noatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw mountid=3707 fsname=/usr/share/hunspell dir=/var/snap/firefox/common/host-hunspell fstype=ext4 Mounting noexec /var/snap/firefox/common/host-hunspell 3708 3707 252:1 /usr/share/hunspell /var/snap/firefox/common/host-hunspell ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw mountid=3708 fsname=/usr/share/hunspell dir=/var/snap/firefox/common/host-hunspell fstype=ext4 Mounting read-only /usr 3709 2479 252:1 /usr /usr ro,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw mountid=3709 fsname=/usr dir=/usr fstype=ext4 Mounting tmpfs on /var/lock Mounting tmpfs on /var/tmp Mounting tmpfs on /var/log Mounting tmpfs on /var/lib/snmp Mounting tmpfs on /var/lib/sudo Create the new utmp file Mount the new utmp file Cleaning /home directory Cleaning /run/user directory Sanitizing /etc/passwd, UID_MIN 1000 Sanitizing /etc/group, GID_MIN 1000 Disable /run/firejail/sandbox Disable /run/firejail/network Disable /run/firejail/bandwidth Disable /run/firejail/name Disable /run/firejail/profile Disable /run/firejail/x11 Mounting tmpfs on /dev mounting /run/firejail/mnt/dev/snd directory mounting /run/firejail/mnt/dev/dri directory mounting /run/firejail/mnt/dev/kfd file mounting /run/firejail/mnt/dev/tpm0 file Process /dev/shm directory Generate private-tmp whitelist commands Creating empty /run/firejail/mnt/dbus directory Creating empty /run/firejail/mnt/dbus/system file blacklist /run/dbus/system_bus_socket blacklist /run/firejail/dbus Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Creating a new /etc/hostname file Creating empty /run/firejail/mnt/hostname file Creating a new /etc/hosts file Loading user hosts file Mounting read-only /proc/sys Remounting /sys directory Disable /sys/firmware Disable /sys/hypervisor Disable /sys/power Disable /sys/kernel/debug Disable /sys/kernel/vmcoreinfo Disable /sys/kernel/uevent_helper Disable /proc/sys/fs/binfmt_misc Disable /proc/sys/kernel/core_pattern Disable /proc/sys/kernel/modprobe Disable /proc/sysrq-trigger Disable /proc/sys/kernel/hotplug Disable /proc/sys/vm/panic_on_oom Disable /proc/irq Disable /proc/bus Disable /proc/timer_list Disable /proc/kcore Disable /proc/kallsyms Disable /usr/lib/modules (requested /lib/modules) Disable /usr/lib/debug Disable /boot Disable /run/user/1000/gnupg Disable /run/user/1000/systemd Disable /proc/kmsg Copying files in the new /etc directory: Copying /etc/alternatives to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/alternatives /run/firejail/mnt/etc/alternatives Copying /etc/fonts to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/fonts /run/firejail/mnt/etc/fonts Warning: file /etc/gcrypt not found. Copying /etc/group to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/group /run/firejail/mnt/etc Copying /etc/ld.so.cache to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/ld.so.cache /run/firejail/mnt/etc Copying /etc/ld.so.conf to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/ld.so.conf /run/firejail/mnt/etc Copying /etc/ld.so.conf.d to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/ld.so.conf.d /run/firejail/mnt/etc/ld.so.conf.d Warning: file /etc/ld.so.preload not found. Warning: file /etc/locale not found. Copying /etc/locale.alias to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/locale.alias /run/firejail/mnt/etc Copying /etc/locale.conf to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/locale.conf /run/firejail/mnt/etc Copying /etc/localtime to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/localtime /run/firejail/mnt/etc Copying /etc/login.defs to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/login.defs /run/firejail/mnt/etc Copying /etc/nsswitch.conf to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/nsswitch.conf /run/firejail/mnt/etc Copying /etc/passwd to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/passwd /run/firejail/mnt/etc Copying /etc/selinux to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/selinux /run/firejail/mnt/etc/selinux Copying /etc/hostname to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/hostname /run/firejail/mnt/etc Copying /etc/hosts to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/hosts /run/firejail/mnt/etc Copying /etc/protocols to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/protocols /run/firejail/mnt/etc Copying /etc/resolv.conf to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/resolv.conf /run/firejail/mnt/etc Copying /etc/alsa to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/alsa /run/firejail/mnt/etc/alsa Warning: file /etc/asound.conf not found. Copying /etc/machine-id to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/machine-id /run/firejail/mnt/etc Warning: file /etc/pipewire not found. Copying /etc/pulse to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/pulse /run/firejail/mnt/etc/pulse Copying /etc/ca-certificates to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/ca-certificates /run/firejail/mnt/etc/ca-certificates Warning: file /etc/crypto-policies not found. Copying /etc/gnutls to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/gnutls /run/firejail/mnt/etc/gnutls Copying /etc/pki to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/pki /run/firejail/mnt/etc/pki Copying /etc/ssl to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/ssl /run/firejail/mnt/etc/ssl Warning: file /etc/@tls-ca not found. Warning: file /etc/ati not found. Copying /etc/dconf to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/dconf /run/firejail/mnt/etc/dconf Warning: file /etc/drirc not found. Copying /etc/gtk-2.0 to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/gtk-2.0 /run/firejail/mnt/etc/gtk-2.0 Copying /etc/gtk-3.0 to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/gtk-3.0 /run/firejail/mnt/etc/gtk-3.0 Warning: file /etc/kde4rc not found. Warning: file /etc/kde5rc not found. Copying /etc/machine-id to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/machine-id /run/firejail/mnt/etc Warning: file /etc/nvidia not found. Warning: file /etc/pango not found. Warning: file /etc/Trolltech.conf not found. Copying /etc/vulkan to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/vulkan /run/firejail/mnt/etc/vulkan Copying /etc/X11 to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/X11 /run/firejail/mnt/etc/X11 Copying /etc/xdg to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/xdg /run/firejail/mnt/etc/xdg Warning: file /etc/@x11 not found. Copying /etc/cups to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/cups /run/firejail/mnt/etc/cups Warning: file /etc/gnupg not found. Copying /etc/libreoffice to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/libreoffice /run/firejail/mnt/etc/libreoffice Copying /etc/papersize to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/papersize /run/firejail/mnt/etc Copying /etc/ssh to private /etc sbox run: /run/firejail/lib/fcopy --follow-link /etc/ssh /run/firejail/mnt/etc/ssh Mount-bind /run/firejail/mnt/etc on top of /etc Private /etc installed in 70.64 ms Debug 588: whitelist /run/NetworkManager/resolv.conf Debug 609: expanded: /run/NetworkManager/resolv.conf Debug 620: new_name: /run/NetworkManager/resolv.conf Debug 630: dir: /run Adding whitelist top level directory /run Debug 588: whitelist /run/avahi-daemon/socket Debug 609: expanded: /run/avahi-daemon/socket Debug 620: new_name: /run/avahi-daemon/socket Debug 630: dir: /run Debug 588: whitelist /run/cups/cups.sock Debug 609: expanded: /run/cups/cups.sock Debug 620: new_name: /run/cups/cups.sock Debug 630: dir: /run Debug 588: whitelist /run/dbus/system_bus_socket Debug 609: expanded: /run/dbus/system_bus_socket Debug 620: new_name: /run/dbus/system_bus_socket Debug 630: dir: /run Debug 588: whitelist /run/media Debug 609: expanded: /run/media Debug 620: new_name: /run/media Debug 630: dir: /run Removed path: whitelist /run/media new_name: /run/media realpath: (null) No such file or directory Debug 588: whitelist /run/resolvconf/resolv.conf Debug 609: expanded: /run/resolvconf/resolv.conf Debug 620: new_name: /run/resolvconf/resolv.conf Debug 630: dir: /run Removed path: whitelist /run/resolvconf/resolv.conf new_name: /run/resolvconf/resolv.conf realpath: (null) No such file or directory Debug 588: whitelist /run/netconfig/resolv.conf Debug 609: expanded: /run/netconfig/resolv.conf Debug 620: new_name: /run/netconfig/resolv.conf Debug 630: dir: /run Removed path: whitelist /run/netconfig/resolv.conf new_name: /run/netconfig/resolv.conf realpath: (null) No such file or directory Debug 588: whitelist /run/shm Debug 609: expanded: /run/shm Debug 620: new_name: /run/shm Debug 630: dir: /run Debug 588: whitelist /run/systemd/journal/dev-log Debug 609: expanded: /run/systemd/journal/dev-log Debug 620: new_name: /run/systemd/journal/dev-log Debug 630: dir: /run Debug 588: whitelist /run/systemd/journal/socket Debug 609: expanded: /run/systemd/journal/socket Debug 620: new_name: /run/systemd/journal/socket Debug 630: dir: /run Debug 588: whitelist /run/systemd/resolve/resolv.conf Debug 609: expanded: /run/systemd/resolve/resolv.conf Debug 620: new_name: /run/systemd/resolve/resolv.conf Debug 630: dir: /run Debug 588: whitelist /run/systemd/resolve/stub-resolv.conf Debug 609: expanded: /run/systemd/resolve/stub-resolv.conf Debug 620: new_name: /run/systemd/resolve/stub-resolv.conf Debug 630: dir: /run Debug 588: whitelist /run/udev/data Debug 609: expanded: /run/udev/data Debug 620: new_name: /run/udev/data Debug 630: dir: /run Debug 588: whitelist /run/opengl-driver Debug 609: expanded: /run/opengl-driver Debug 620: new_name: /run/opengl-driver Debug 630: dir: /run Removed path: whitelist /run/opengl-driver new_name: /run/opengl-driver realpath: (null) No such file or directory Debug 588: whitelist /var/lib/aspell Debug 609: expanded: /var/lib/aspell Debug 620: new_name: /var/lib/aspell Debug 630: dir: /var Adding whitelist top level directory /var Debug 588: whitelist /var/lib/ca-certificates Debug 609: expanded: /var/lib/ca-certificates Debug 620: new_name: /var/lib/ca-certificates Debug 630: dir: /var Removed path: whitelist /var/lib/ca-certificates new_name: /var/lib/ca-certificates realpath: (null) No such file or directory Debug 588: whitelist /var/lib/dbus Debug 609: expanded: /var/lib/dbus Debug 620: new_name: /var/lib/dbus Debug 630: dir: /var Debug 588: whitelist /var/lib/menu-xdg Debug 609: expanded: /var/lib/menu-xdg Debug 620: new_name: /var/lib/menu-xdg Debug 630: dir: /var Removed path: whitelist /var/lib/menu-xdg new_name: /var/lib/menu-xdg realpath: (null) No such file or directory Debug 588: whitelist /var/lib/uim Debug 609: expanded: /var/lib/uim Debug 620: new_name: /var/lib/uim Debug 630: dir: /var Removed path: whitelist /var/lib/uim new_name: /var/lib/uim realpath: (null) No such file or directory Debug 588: whitelist /var/cache/fontconfig Debug 609: expanded: /var/cache/fontconfig Debug 620: new_name: /var/cache/fontconfig Debug 630: dir: /var Debug 588: whitelist /var/tmp Debug 609: expanded: /var/tmp Debug 620: new_name: /var/tmp Debug 630: dir: /var Debug 588: whitelist /var/run Debug 609: expanded: /var/run Debug 620: new_name: /var/run Debug 630: dir: /var Debug 588: whitelist /var/lock Debug 609: expanded: /var/lock Debug 620: new_name: /var/lock Debug 630: dir: /var Debug 588: whitelist /var/games Debug 609: expanded: /var/games Debug 620: new_name: /var/games Debug 630: dir: /var Removed path: whitelist /var/games new_name: /var/games realpath: (null) No such file or directory Debug 588: whitelist /tmp/.X11-unix Debug 609: expanded: /tmp/.X11-unix Debug 620: new_name: /tmp/.X11-unix Debug 630: dir: /tmp Adding whitelist top level directory /tmp Debug 588: whitelist /tmp/sndio Debug 609: expanded: /tmp/sndio Debug 620: new_name: /tmp/sndio Debug 630: dir: /tmp Removed path: whitelist /tmp/sndio new_name: /tmp/sndio realpath: (null) No such file or directory Mounting tmpfs on /run, check owner: no 3767 2485 0:117 / /run rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,mode=755,inode64 mountid=3767 fsname=/ dir=/run fstype=tmpfs Whitelisting /run/user/1000 3796 3792 0:27 /firejail/firejail.ro.dir /run/user/1000/systemd ro,nosuid,nodev,noexec,relatime master:5 - tmpfs tmpfs rw,size=3146496k,mode=755,inode64 mountid=3796 fsname=/firejail/firejail.ro.dir dir=/run/user/1000/systemd fstype=tmpfs Mounting tmpfs on /var, check owner: no 3797 3706 0:118 / /var rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,mode=755,inode64 mountid=3797 fsname=/ dir=/var fstype=tmpfs Mounting tmpfs on /tmp, check owner: no 3798 2479 0:119 / /tmp rw,nosuid,nodev,relatime - tmpfs tmpfs rw,inode64 mountid=3798 fsname=/ dir=/tmp fstype=tmpfs Whitelisting /run/NetworkManager/resolv.conf 3799 3767 0:27 /NetworkManager/resolv.conf /run/NetworkManager/resolv.conf rw,nosuid,nodev,noexec,relatime master:5 - tmpfs tmpfs rw,size=3146496k,mode=755,inode64 mountid=3799 fsname=/NetworkManager/resolv.conf dir=/run/NetworkManager/resolv.conf fstype=tmpfs Whitelisting /run/avahi-daemon/socket 3800 3767 0:27 /avahi-daemon/socket /run/avahi-daemon/socket rw,nosuid,nodev,noexec,relatime master:5 - tmpfs tmpfs rw,size=3146496k,mode=755,inode64 mountid=3800 fsname=/avahi-daemon/socket dir=/run/avahi-daemon/socket fstype=tmpfs Whitelisting /run/cups/cups.sock 3801 3767 0:27 /cups/cups.sock /run/cups/cups.sock rw,nosuid,nodev,noexec,relatime master:5 - tmpfs tmpfs rw,size=3146496k,mode=755,inode64 mountid=3801 fsname=/cups/cups.sock dir=/run/cups/cups.sock fstype=tmpfs Whitelisting /run/dbus/system_bus_socket 3802 3767 0:27 /firejail/firejail.ro.file /run/dbus/system_bus_socket ro,nosuid,nodev,noexec,relatime master:5 - tmpfs tmpfs rw,size=3146496k,mode=755,inode64 mountid=3802 fsname=/firejail/firejail.ro.file dir=/run/dbus/system_bus_socket fstype=tmpfs Created symbolic link /run/shm -> /dev/shm Whitelisting /run/systemd/journal/dev-log 3803 3767 0:27 /systemd/journal/dev-log /run/systemd/journal/dev-log rw,nosuid,nodev,noexec,relatime master:5 - tmpfs tmpfs rw,size=3146496k,mode=755,inode64 mountid=3803 fsname=/systemd/journal/dev-log dir=/run/systemd/journal/dev-log fstype=tmpfs Whitelisting /run/systemd/journal/socket 3804 3767 0:27 /systemd/journal/socket /run/systemd/journal/socket rw,nosuid,nodev,noexec,relatime master:5 - tmpfs tmpfs rw,size=3146496k,mode=755,inode64 mountid=3804 fsname=/systemd/journal/socket dir=/run/systemd/journal/socket fstype=tmpfs Whitelisting /run/systemd/resolve/resolv.conf 3805 3767 0:27 /systemd/resolve/resolv.conf /run/systemd/resolve/resolv.conf rw,nosuid,nodev,noexec,relatime master:5 - tmpfs tmpfs rw,size=3146496k,mode=755,inode64 mountid=3805 fsname=/systemd/resolve/resolv.conf dir=/run/systemd/resolve/resolv.conf fstype=tmpfs Whitelisting /run/systemd/resolve/stub-resolv.conf 3806 3767 0:27 /systemd/resolve/stub-resolv.conf /run/systemd/resolve/stub-resolv.conf rw,nosuid,nodev,noexec,relatime master:5 - tmpfs tmpfs rw,size=3146496k,mode=755,inode64 mountid=3806 fsname=/systemd/resolve/stub-resolv.conf dir=/run/systemd/resolve/stub-resolv.conf fstype=tmpfs Whitelisting /run/udev/data 3807 3767 0:27 /udev/data /run/udev/data rw,nosuid,nodev,noexec,relatime master:5 - tmpfs tmpfs rw,size=3146496k,mode=755,inode64 mountid=3807 fsname=/udev/data dir=/run/udev/data fstype=tmpfs Whitelisting /var/lib/aspell 3808 3797 252:1 /var/lib/aspell /var/lib/aspell ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw mountid=3808 fsname=/var/lib/aspell dir=/var/lib/aspell fstype=ext4 Whitelisting /var/lib/dbus 3809 3797 252:1 /var/lib/dbus /var/lib/dbus ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw mountid=3809 fsname=/var/lib/dbus dir=/var/lib/dbus fstype=ext4 Whitelisting /var/cache/fontconfig 3810 3797 252:1 /var/cache/fontconfig /var/cache/fontconfig ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw mountid=3810 fsname=/var/cache/fontconfig dir=/var/cache/fontconfig fstype=ext4 Whitelisting /var/tmp 3811 3797 0:98 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw,inode64 mountid=3811 fsname=/ dir=/var/tmp fstype=tmpfs Created symbolic link /var/run -> /run Created symbolic link /var/lock -> /run/lock Whitelisting /tmp/.X11-unix 3812 3798 252:1 /tmp/.X11-unix /tmp/.X11-unix rw,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw mountid=3812 fsname=/tmp/.X11-unix dir=/tmp/.X11-unix fstype=ext4 Mounting read-only /home/local-optimum/.gnupg/trustdb.gpg 3813 3718 252:1 /home/local-optimum/.gnupg/trustdb.gpg /home/local-optimum/.gnupg/trustdb.gpg ro,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw mountid=3813 fsname=/home/local-optimum/.gnupg/trustdb.gpg dir=/home/local-optimum/.gnupg/trustdb.gpg fstype=ext4 Mounting read-only /home/local-optimum/.gnupg/pubring.kbx 3814 3718 252:1 /home/local-optimum/.gnupg/pubring.kbx /home/local-optimum/.gnupg/pubring.kbx ro,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw mountid=3814 fsname=/home/local-optimum/.gnupg/pubring.kbx dir=/home/local-optimum/.gnupg/pubring.kbx fstype=ext4 Add path entry /home/local-optimum/.nvm/versions/node/v22.15.0/bin Add path entry /usr/local/sbin Add path entry /usr/local/bin Add path entry /usr/sbin Add path entry /usr/bin Add path entry /sbin ...skip path /bin Add path entry /usr/games Add path entry /usr/local/games Add path entry /snap/bin Number of path entries: 9 Disable /usr/libexec Disable /home/local-optimum/.local/share/Trash Disable /home/local-optimum/.python_history Disable /home/local-optimum/.bash_history Disable /home/local-optimum/.psql_history Disable /home/local-optimum/.node_repl_history Disable /home/local-optimum/.lesshst Disable /etc/X11/Xsession.d Disable /etc/xdg/autostart Disable /home/local-optimum/.local/share/gnome-shell Disable /home/local-optimum/.local/share/gvfs-metadata Mounting read-only /home/local-optimum/.config/dconf 3826 3718 252:1 /home/local-optimum/.config/dconf /home/local-optimum/.config/dconf ro,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw mountid=3826 fsname=/home/local-optimum/.config/dconf dir=/home/local-optimum/.config/dconf fstype=ext4 Disable /run/user/1000/gnome-session-leader-fifo Disable /run/user/1000/gnome-shell Disable /home/local-optimum/.config/systemd Disable /usr/bin/systemctl Disable /usr/bin/systemd-cgls Disable /usr/bin/systemd-socket-activate Disable /usr/bin/systemd-detect-virt Disable /usr/bin/systemd-ask-password Disable /usr/bin/systemd-cat Disable /usr/bin/systemd-cryptsetup Disable /usr/bin/systemd-firstboot Disable /usr/bin/systemd-sysext Disable /usr/bin/systemd-sysusers Disable /usr/bin/systemd-machine-id-setup Disable /usr/bin/systemd-sysext (requested /usr/bin/systemd-confext) Disable /usr/bin/systemd-tmpfiles Disable /usr/bin/systemd-inhibit Disable /usr/bin/systemd-cryptenroll Disable /usr/bin/systemd-stdio-bridge Disable /usr/bin/systemd-ac-power Disable /usr/lib/systemd/systemd (requested /usr/bin/systemd) Disable /usr/bin/systemd-repart Disable /usr/bin/systemd-cgtop Disable /usr/bin/systemd-mount Disable /usr/bin/systemd-id128 Disable /usr/bin/systemd-hwdb Disable /usr/bin/systemd-creds Disable /usr/bin/systemd-mount (requested /usr/bin/systemd-umount) Disable /usr/bin/systemd-run Disable /usr/bin/systemd-tty-ask-password-agent Disable /usr/bin/systemd-notify Disable /usr/bin/systemd-escape Disable /usr/bin/systemd-analyze Disable /usr/bin/systemd-path Disable /usr/bin/systemd-delta Disable /run/user/1000/systemd Disable /run/user/1000/runc Mounting read-only /home/local-optimum/.bash_logout 3864 3718 252:1 /home/local-optimum/.bash_logout /home/local-optimum/.bash_logout ro,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw mountid=3864 fsname=/home/local-optimum/.bash_logout dir=/home/local-optimum/.bash_logout fstype=ext4 Mounting read-only /home/local-optimum/.bashrc 3865 3718 252:1 /home/local-optimum/.bashrc /home/local-optimum/.bashrc ro,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw mountid=3865 fsname=/home/local-optimum/.bashrc dir=/home/local-optimum/.bashrc fstype=ext4 Mounting read-only /home/local-optimum/.profile 3866 3718 252:1 /home/local-optimum/.profile /home/local-optimum/.profile ro,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw mountid=3866 fsname=/home/local-optimum/.profile dir=/home/local-optimum/.profile fstype=ext4 Disable /home/local-optimum/.ssh/authorized_keys Mounting read-only /home/local-optimum/.nvm 3868 3718 252:1 /home/local-optimum/.nvm /home/local-optimum/.nvm ro,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw mountid=3868 fsname=/home/local-optimum/.nvm dir=/home/local-optimum/.nvm fstype=ext4 Mounting read-only /home/local-optimum/.config/menus 3869 3718 252:1 /home/local-optimum/.config/menus /home/local-optimum/.config/menus ro,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw mountid=3869 fsname=/home/local-optimum/.config/menus dir=/home/local-optimum/.config/menus fstype=ext4 Mounting read-only /home/local-optimum/.gnome/apps 3870 3718 252:1 /home/local-optimum/.gnome/apps /home/local-optimum/.gnome/apps ro,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw mountid=3870 fsname=/home/local-optimum/.gnome/apps dir=/home/local-optimum/.gnome/apps fstype=ext4 Mounting read-only /home/local-optimum/.local/share/applications 3871 3718 252:1 /home/local-optimum/.local/share/applications /home/local-optimum/.local/share/applications ro,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw mountid=3871 fsname=/home/local-optimum/.local/share/applications dir=/home/local-optimum/.local/share/applications fstype=ext4 Mounting read-only /home/local-optimum/.config/mimeapps.list 3872 3718 252:1 /home/local-optimum/.config/mimeapps.list /home/local-optimum/.config/mimeapps.list ro,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw mountid=3872 fsname=/home/local-optimum/.config/mimeapps.list dir=/home/local-optimum/.config/mimeapps.list fstype=ext4 Mounting read-only /home/local-optimum/.config/user-dirs.dirs 3873 3718 252:1 /home/local-optimum/.config/user-dirs.dirs /home/local-optimum/.config/user-dirs.dirs ro,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw mountid=3873 fsname=/home/local-optimum/.config/user-dirs.dirs dir=/home/local-optimum/.config/user-dirs.dirs fstype=ext4 Mounting read-only /home/local-optimum/.config/user-dirs.locale 3874 3718 252:1 /home/local-optimum/.config/user-dirs.locale /home/local-optimum/.config/user-dirs.locale ro,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw mountid=3874 fsname=/home/local-optimum/.config/user-dirs.locale dir=/home/local-optimum/.config/user-dirs.locale fstype=ext4 Mounting read-only /home/local-optimum/.local/share/mime 3875 3718 252:1 /home/local-optimum/.local/share/mime /home/local-optimum/.local/share/mime ro,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw mountid=3875 fsname=/home/local-optimum/.local/share/mime dir=/home/local-optimum/.local/share/mime fstype=ext4 Disable /etc/ssh Not blacklist /home/local-optimum/.gnupg Disable /home/local-optimum/.local/share/keyrings Disable /home/local-optimum/.local/share/pki Disable /home/local-optimum/.pki Disable /home/local-optimum/.ssh Disable /usr/sbin (requested /sbin) Not blacklist /usr/local/sbin Disable /usr/sbin Disable /usr/bin/busybox Disable /usr/bin/chage Disable /usr/bin/chfn Disable /usr/bin/chsh Disable /usr/bin/crontab Disable /usr/bin/expiry Disable /usr/bin/fusermount3 (requested /usr/bin/fusermount) Disable /usr/bin/fusermount3 Disable /usr/bin/gpasswd Disable /usr/bin/hostname Disable /usr/bin/mount Disable /usr/bin/mountpoint Disable /usr/bin/mtr Disable /usr/bin/mtr-packet Disable /usr/bin/nc.openbsd (requested /usr/bin/nc) Disable /usr/bin/nc.openbsd Disable /usr/bin/networkctl Disable /usr/bin/newgidmap Disable /usr/bin/newgrp Disable /usr/bin/newuidmap Disable /usr/bin/nm-online Disable /usr/bin/nmcli Disable /usr/bin/nmtui Disable /usr/bin/nmtui (requested /usr/bin/nmtui-connect) Disable /usr/bin/nmtui (requested /usr/bin/nmtui-edit) Disable /usr/bin/nmtui (requested /usr/bin/nmtui-hostname) Disable /usr/bin/ntfs-3g Disable /usr/bin/passwd Disable /usr/bin/pkexec Disable /usr/bin/newgrp (requested /usr/bin/sg) Disable /usr/bin/ss Disable /usr/bin/strace Disable /usr/bin/su Disable /usr/bin/sudo Disable /usr/bin/tcpdump Disable /usr/bin/umount Disable /usr/bin/wall Disable /usr/bin/write Disable /usr/bin/xev Disable /usr/bin/xinput Disable /usr/lib/dbus-1.0/dbus-daemon-launch-helper Disable /usr/lib/openssh Disable /usr/lib/polkit-1/polkit-agent-helper-1 (requested /usr/lib/policykit-1/polkit-agent-helper-1) Disable /usr/lib/xorg/Xorg.wrap Disable /usr/bin/dpkg Disable /usr/bin/dpkg-statoverride Disable /usr/bin/dpkg-maintscript-helper Disable /usr/bin/dpkg-deb Disable /usr/bin/dpkg-divert Disable /usr/bin/dpkg-query Disable /usr/bin/dpkg-split Disable /usr/bin/dpkg-trigger Disable /usr/bin/dpkg-realpath Disable /usr/bin/apt-cache Disable /usr/bin/apt-extracttemplates Disable /usr/bin/apt-sortpkgs Disable /usr/bin/apt-key Disable /usr/bin/aptdcon Disable /usr/bin/apt-cdrom Disable /usr/bin/apt-config Disable /usr/bin/add-apt-repository (requested /usr/bin/apt-add-repository) Disable /usr/bin/apt Disable /usr/bin/apt-get Disable /usr/bin/apt-mark Disable /usr/bin/apt-ftparchive Disable /usr/bin/efibootdump Disable /usr/bin/efibootmgr Disable /usr/bin/aa-enabled Disable /usr/bin/aa-exec Disable /usr/bin/aa-features-abi Disable /usr/bin/airscan-discover Disable /usr/bin/dbus-send Disable /usr/bin/dbus-cleanup-sockets Disable /usr/bin/dbus-update-activation-environment Disable /usr/bin/dbus-run-session Disable /usr/bin/dbus-uuidgen Disable /usr/bin/dbus-monitor Disable /usr/bin/dbus-daemon Disable /usr/bin/debconf-communicate Disable /usr/bin/debconf-show Disable /usr/bin/debconf-escape Disable /usr/bin/debconf-set-selections Disable /usr/bin/debconf Disable /usr/bin/debconf-apt-progress Disable /usr/bin/debconf-copydb Disable /usr/bin/grub-mkrescue Disable /usr/bin/grub-render-label Disable /usr/bin/grub-file Disable /usr/bin/grub-mknetdir Disable /usr/bin/grub-mkpasswd-pbkdf2 Disable /usr/bin/grub-kbdcomp Disable /usr/bin/grub-fstest Disable /usr/bin/grub-mkimage Disable /usr/bin/grub-editenv Disable /usr/bin/grub-menulst2cfg Disable /usr/bin/grub-syslinux2cfg Disable /usr/bin/grub-mkstandalone Disable /usr/bin/grub-glue-efi Disable /usr/bin/grub-mkfont Disable /usr/bin/grub-script-check Disable /usr/bin/grub-mkrelpath Disable /usr/bin/grub-mklayout Disable /usr/bin/grub-mount Disable /usr/bin/kernel-install Disable /usr/bin/firemon Disable /usr/bin/firecfg Disable /usr/bin/jailcheck Disable /usr/bin/gnome-terminal Disable /usr/bin/gnome-terminal.wrapper Disable /home/local-optimum/.cache/flatpak Disable /home/local-optimum/.local/share/flatpak/db Disable /home/local-optimum/.var Disable /usr/bin/bwrap Warning (blacklisting): cannot stat /run/user/1000/doc: Permission denied Disable /home/local-optimum/snap Disable /usr/bin/snap Disable /usr/lib/snapd/snapctl (requested /usr/bin/snapctl) Disable /run/user/1000/snapd-session-agent.socket Disable /snap Disable /usr/lib/snapd Disable /usr/bin/delv Disable /usr/bin/dig Disable /usr/bin/mdig Disable /usr/bin/host Disable /usr/bin/nslookup Disable /usr/bin/nsupdate Disable /usr/bin/nstat Disable /usr/bin/resolvectl Disable /usr/bin/tnftp (requested /usr/bin/ftp) Disable /usr/bin/ssh-keyscan Disable /usr/bin/ssh-add Disable /usr/bin/ssh-copy-id Disable /usr/bin/ssh Disable /usr/bin/ssh-keygen Disable /usr/bin/ssh-agent Disable /usr/bin/ssh-argv0 Disable /usr/bin/inetutils-telnet (requested /usr/bin/telnet) Disable /run/user/1000/wayland-0.lock Disable /run/user/1000/pipewire-0-manager.lock Disable /run/user/1000/pipewire-0.lock Disable /run/user/1000/pk-debconf-socket Disable /run/user/1000/update-notifier.pid Disable /usr/bin/patch Disable /usr/bin/dh_perl_openssl Disable /usr/bin/dh_installxmlcatalogs Disable /usr/bin/dh_bash-completion Disable /usr/bin/x86_64-linux-gnu-cpp-13 (requested /usr/bin/cpp-13) Disable /usr/bin/x86_64-linux-gnu-cpp-13 (requested /usr/bin/cpp) Disable /usr/bin/gdb Disable /usr/bin/make (requested /usr/bin/gmake) Disable /usr/bin/make Disable /usr/bin/make-first-existing-target Disable /usr/bin/x86_64-linux-gnu-cpp-13 (requested /usr/bin/x86_64-linux-gnu-cpp) Disable /usr/bin/x86_64-linux-gnu-cpp-13 Not blacklist /home/local-optimum/.nvm/versions/node/v22.15.0/bin/java Not blacklist /usr/local/sbin/java Not blacklist /usr/local/bin/java Not blacklist /usr/sbin/java Not blacklist /usr/bin/java Not blacklist /sbin/java Not blacklist /usr/games/java Not blacklist /usr/local/games/java Not blacklist /snap/bin/java Disable /usr/lib/jvm/bellsoft-java21-amd64/bin/javac (requested /usr/bin/javac) Not blacklist /etc/java Not blacklist /usr/lib/java Not blacklist /usr/share/java Disable /usr/bin/openssl Disable /usr/lib/valgrind Disable /usr/include Disable /usr/local/include Disable /usr/local/src Disable /usr/src Mounting noexec /home/local-optimum 4075 4043 0:27 /firejail/firejail.ro.dir /home/local-optimum/snap ro,nosuid,nodev,noexec,relatime master:5 - tmpfs tmpfs rw,size=3146496k,mode=755,inode64 mountid=4075 fsname=/firejail/firejail.ro.dir dir=/home/local-optimum/snap fstype=tmpfs Mounting noexec /home/local-optimum/.gnupg/trustdb.gpg 4076 4044 252:1 /home/local-optimum/.gnupg/trustdb.gpg /home/local-optimum/.gnupg/trustdb.gpg ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw mountid=4076 fsname=/home/local-optimum/.gnupg/trustdb.gpg dir=/home/local-optimum/.gnupg/trustdb.gpg fstype=ext4 Mounting noexec /home/local-optimum/.gnupg/pubring.kbx 4077 4045 252:1 /home/local-optimum/.gnupg/pubring.kbx /home/local-optimum/.gnupg/pubring.kbx ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw mountid=4077 fsname=/home/local-optimum/.gnupg/pubring.kbx dir=/home/local-optimum/.gnupg/pubring.kbx fstype=ext4 Mounting noexec /home/local-optimum/.config/dconf 4078 4054 252:1 /home/local-optimum/.config/dconf /home/local-optimum/.config/dconf ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw mountid=4078 fsname=/home/local-optimum/.config/dconf dir=/home/local-optimum/.config/dconf fstype=ext4 Mounting noexec /home/local-optimum/.bash_logout 4079 4056 252:1 /home/local-optimum/.bash_logout /home/local-optimum/.bash_logout ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw mountid=4079 fsname=/home/local-optimum/.bash_logout dir=/home/local-optimum/.bash_logout fstype=ext4 Mounting noexec /home/local-optimum/.bashrc 4080 4057 252:1 /home/local-optimum/.bashrc /home/local-optimum/.bashrc ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw mountid=4080 fsname=/home/local-optimum/.bashrc dir=/home/local-optimum/.bashrc fstype=ext4 Mounting noexec /home/local-optimum/.profile 4081 4058 252:1 /home/local-optimum/.profile /home/local-optimum/.profile ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw mountid=4081 fsname=/home/local-optimum/.profile dir=/home/local-optimum/.profile fstype=ext4 Warning: not remounting /home/local-optimum/.ssh/authorized_keys Mounting noexec /home/local-optimum/.nvm 4082 4060 252:1 /home/local-optimum/.nvm /home/local-optimum/.nvm ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw mountid=4082 fsname=/home/local-optimum/.nvm dir=/home/local-optimum/.nvm fstype=ext4 Mounting noexec /home/local-optimum/.config/menus 4083 4061 252:1 /home/local-optimum/.config/menus /home/local-optimum/.config/menus ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw mountid=4083 fsname=/home/local-optimum/.config/menus dir=/home/local-optimum/.config/menus fstype=ext4 Mounting noexec /home/local-optimum/.gnome/apps 4084 4062 252:1 /home/local-optimum/.gnome/apps /home/local-optimum/.gnome/apps ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw mountid=4084 fsname=/home/local-optimum/.gnome/apps dir=/home/local-optimum/.gnome/apps fstype=ext4 Mounting noexec /home/local-optimum/.local/share/applications 4085 4063 252:1 /home/local-optimum/.local/share/applications /home/local-optimum/.local/share/applications ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw mountid=4085 fsname=/home/local-optimum/.local/share/applications dir=/home/local-optimum/.local/share/applications fstype=ext4 Mounting noexec /home/local-optimum/.config/mimeapps.list 4086 4064 252:1 /home/local-optimum/.config/mimeapps.list /home/local-optimum/.config/mimeapps.list ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw mountid=4086 fsname=/home/local-optimum/.config/mimeapps.list dir=/home/local-optimum/.config/mimeapps.list fstype=ext4 Mounting noexec /home/local-optimum/.config/user-dirs.dirs 4087 4065 252:1 /home/local-optimum/.config/user-dirs.dirs /home/local-optimum/.config/user-dirs.dirs ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw mountid=4087 fsname=/home/local-optimum/.config/user-dirs.dirs dir=/home/local-optimum/.config/user-dirs.dirs fstype=ext4 Mounting noexec /home/local-optimum/.config/user-dirs.locale 4088 4066 252:1 /home/local-optimum/.config/user-dirs.locale /home/local-optimum/.config/user-dirs.locale ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw mountid=4088 fsname=/home/local-optimum/.config/user-dirs.locale dir=/home/local-optimum/.config/user-dirs.locale fstype=ext4 Mounting noexec /home/local-optimum/.local/share/mime 4089 4067 252:1 /home/local-optimum/.local/share/mime /home/local-optimum/.local/share/mime ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw mountid=4089 fsname=/home/local-optimum/.local/share/mime dir=/home/local-optimum/.local/share/mime fstype=ext4 Mounting noexec /run/user/1000 4104 4090 0:27 /firejail/firejail.ro.file /run/user/1000/update-notifier.pid ro,nosuid,nodev,noexec,relatime master:5 - tmpfs tmpfs rw,size=3146496k,mode=755,inode64 mountid=4104 fsname=/firejail/firejail.ro.file dir=/run/user/1000/update-notifier.pid fstype=tmpfs Warning: not remounting /run/user/1000/doc Warning: not remounting /run/user/1000/gvfs Mounting noexec /dev/shm 4105 3739 0:114 /shm /dev/shm rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64 mountid=4105 fsname=/shm dir=/dev/shm fstype=tmpfs Mounting noexec /tmp 4107 4106 252:1 /tmp/.X11-unix /tmp/.X11-unix rw,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw mountid=4107 fsname=/tmp/.X11-unix dir=/tmp/.X11-unix fstype=ext4 Mounting noexec /tmp/.X11-unix 4108 4107 252:1 /tmp/.X11-unix /tmp/.X11-unix rw,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw mountid=4108 fsname=/tmp/.X11-unix dir=/tmp/.X11-unix fstype=ext4 Disable /home/local-optimum/.cache/babl Disable /home/local-optimum/.cache/evolution Disable /home/local-optimum/.cache/gegl-0.4 Disable /home/local-optimum/.cache/gimp Disable /home/local-optimum/.cache/gnome-software Disable /home/local-optimum/.cache/mozilla Disable /home/local-optimum/.cache/rhythmbox Disable /home/local-optimum/.cache/shotwell Disable /home/local-optimum/.cache/simple-scan Disable /home/local-optimum/.cache/wine Disable /home/local-optimum/.cache/winetricks Disable /home/local-optimum/.config/Code Disable /home/local-optimum/.config/GIMP Disable /home/local-optimum/.config/Postman Disable /home/local-optimum/.config/enchant Disable /home/local-optimum/.config/eog Disable /home/local-optimum/.config/evolution Disable /home/local-optimum/.config/gnome-initial-setup-done Disable /home/local-optimum/.config/gnome-session Not blacklist /home/local-optimum/.config/libreoffice Disable /home/local-optimum/.config/nautilus Disable /home/local-optimum/.config/remmina Disable /home/local-optimum/.config/totem Disable /home/local-optimum/.config/yelp Disable /home/local-optimum/.gitconfig Disable /home/local-optimum/.gradle Not blacklist /home/local-optimum/.java Disable /home/local-optimum/.local/share/JetBrains Disable /home/local-optimum/.local/share/evolution Disable /home/local-optimum/.local/share/godot Disable /home/local-optimum/.local/share/nautilus Disable /home/local-optimum/.local/share/remmina Disable /home/local-optimum/.local/share/rhythmbox Disable /home/local-optimum/.local/share/shotwell Disable /home/local-optimum/.local/share/totem Disable /home/local-optimum/.mozilla Disable /home/local-optimum/.npm Disable /home/local-optimum/.nvm Disable /home/local-optimum/.vscode Disable /home/local-optimum/.wget-hsts Disable /home/local-optimum/.wine Disable /home/local-optimum/Postman Disable /run/user/1000/snap.firefox Mounting tmpfs on /home/local-optimum/.cache, check owner: yes 4151 4043 0:120 / /home/local-optimum/.cache rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,mode=700,uid=1000,gid=1000,inode64 mountid=4151 fsname=/ dir=/home/local-optimum/.cache fstype=tmpfs Mounting read-only /tmp/.X11-unix 4152 4108 252:1 /tmp/.X11-unix /tmp/.X11-unix ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw mountid=4152 fsname=/tmp/.X11-unix dir=/tmp/.X11-unix fstype=ext4 Disable /sys/fs Disable /sys/module Base filesystem installed in 56.52 ms Mounting noexec /run/firejail/mnt/pulse 4155 3771 0:95 /pulse /run/firejail/mnt/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64 mountid=4155 fsname=/pulse dir=/run/firejail/mnt/pulse fstype=tmpfs Mounting /run/firejail/mnt/pulse on /home/local-optimum/.config/pulse 4156 4043 0:95 /pulse /home/local-optimum/.config/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64 mountid=4156 fsname=/pulse dir=/home/local-optimum/.config/pulse fstype=tmpfs Current directory: /home/local-optimum DISPLAY=:0 parsed as 0 Install protocol filter: unix,inet,inet6 configuring 23 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol Dropping all capabilities Drop privileges: pid 39, uid 1000, gid 1000, force_nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 04 00 c000003e jeq ARCH_64 0006 (false 0002) 0002: 20 00 00 00000000 ld data.syscall-number 0003: 15 01 00 00000167 jeq unknown 0005 (false 0004) 0004: 06 00 00 7fff0000 ret ALLOW 0005: 05 00 00 00000009 jmp 000f 0006: 20 00 00 00000004 ld data.architecture 0007: 15 01 00 c000003e jeq ARCH_64 0009 (false 0008) 0008: 06 00 00 7fff0000 ret ALLOW 0009: 20 00 00 00000000 ld data.syscall-number 000a: 35 01 00 40000000 jge X32_ABI 000c (false 000b) 000b: 35 01 00 00000000 jge read 000d (false 000c) 000c: 06 00 00 00050001 ret ERRNO(1) 000d: 15 01 00 00000029 jeq socket 000f (false 000e) 000e: 06 00 00 7fff0000 ret ALLOW 000f: 20 00 00 00000010 ld data.args[0] 0010: 15 00 01 00000001 jeq 1 0011 (false 0012) 0011: 06 00 00 7fff0000 ret ALLOW 0012: 15 00 01 00000002 jeq 2 0013 (false 0014) 0013: 06 00 00 7fff0000 ret ALLOW 0014: 15 00 01 0000000a jeq a 0015 (false 0016) 0015: 06 00 00 7fff0000 ret ALLOW 0016: 06 00 00 0005005f ret ERRNO(95) configuring 54 seccomp entries in /run/firejail/mnt/seccomp/seccomp.32 sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp.32 Dropping all capabilities Drop privileges: pid 40, uid 1000, gid 1000, force_nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 40000003 jeq ARCH_32 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 15 30 00 00000015 jeq 15 0035 (false 0005) 0005: 15 2f 00 00000034 jeq 34 0035 (false 0006) 0006: 15 2e 00 0000001a jeq 1a 0035 (false 0007) 0007: 15 2d 00 0000011b jeq 11b 0035 (false 0008) 0008: 15 2c 00 00000155 jeq 155 0035 (false 0009) 0009: 15 2b 00 00000156 jeq 156 0035 (false 000a) 000a: 15 2a 00 0000007f jeq 7f 0035 (false 000b) 000b: 15 29 00 00000080 jeq 80 0035 (false 000c) 000c: 15 28 00 0000015e jeq 15e 0035 (false 000d) 000d: 15 27 00 00000081 jeq 81 0035 (false 000e) 000e: 15 26 00 0000006e jeq 6e 0035 (false 000f) 000f: 15 25 00 00000065 jeq 65 0035 (false 0010) 0010: 15 24 00 00000121 jeq 121 0035 (false 0011) 0011: 15 23 00 00000057 jeq 57 0035 (false 0012) 0012: 15 22 00 00000073 jeq 73 0035 (false 0013) 0013: 15 21 00 00000067 jeq 67 0035 (false 0014) 0014: 15 20 00 0000015b jeq 15b 0035 (false 0015) 0015: 15 1f 00 0000015c jeq 15c 0035 (false 0016) 0016: 15 1e 00 00000087 jeq 87 0035 (false 0017) 0017: 15 1d 00 00000095 jeq 95 0035 (false 0018) 0018: 15 1c 00 0000007c jeq 7c 0035 (false 0019) 0019: 15 1b 00 00000157 jeq 157 0035 (false 001a) 001a: 15 1a 00 000000fd jeq fd 0035 (false 001b) 001b: 15 19 00 00000150 jeq 150 0035 (false 001c) 001c: 15 18 00 00000152 jeq 152 0035 (false 001d) 001d: 15 17 00 0000015d jeq 15d 0035 (false 001e) 001e: 15 16 00 0000011e jeq 11e 0035 (false 001f) 001f: 15 15 00 0000011f jeq 11f 0035 (false 0020) 0020: 15 14 00 00000120 jeq 120 0035 (false 0021) 0021: 15 13 00 00000056 jeq 56 0035 (false 0022) 0022: 15 12 00 00000033 jeq 33 0035 (false 0023) 0023: 15 11 00 0000007b jeq 7b 0035 (false 0024) 0024: 15 10 00 000000d9 jeq d9 0035 (false 0025) 0025: 15 0f 00 000000f5 jeq f5 0035 (false 0026) 0026: 15 0e 00 000000f6 jeq f6 0035 (false 0027) 0027: 15 0d 00 000000f7 jeq f7 0035 (false 0028) 0028: 15 0c 00 000000f8 jeq f8 0035 (false 0029) 0029: 15 0b 00 000000f9 jeq f9 0035 (false 002a) 002a: 15 0a 00 00000101 jeq 101 0035 (false 002b) 002b: 15 09 00 00000112 jeq 112 0035 (false 002c) 002c: 15 08 00 00000114 jeq 114 0035 (false 002d) 002d: 15 07 00 00000126 jeq 126 0035 (false 002e) 002e: 15 06 00 0000013d jeq 13d 0035 (false 002f) 002f: 15 05 00 0000013c jeq 13c 0035 (false 0030) 0030: 15 04 00 0000003d jeq 3d 0035 (false 0031) 0031: 15 03 00 00000058 jeq 58 0035 (false 0032) 0032: 15 02 00 000000a9 jeq a9 0035 (false 0033) 0033: 15 01 00 00000082 jeq 82 0035 (false 0034) 0034: 06 00 00 7fff0000 ret ALLOW 0035: 06 00 00 00050001 ret ERRNO(1) Dual 32/64 bit seccomp filter configured configuring 80 seccomp entries in /run/firejail/mnt/seccomp/seccomp sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp Dropping all capabilities Drop privileges: pid 41, uid 1000, gid 1000, force_nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005) 0005: 35 01 00 00000000 jge read 0007 (false 0006) 0006: 06 00 00 00050001 ret ERRNO(1) 0007: 15 47 00 0000009f jeq adjtimex 004f (false 0008) 0008: 15 46 00 00000131 jeq clock_adjtime 004f (false 0009) 0009: 15 45 00 000000e3 jeq clock_settime 004f (false 000a) 000a: 15 44 00 000000a4 jeq settimeofday 004f (false 000b) 000b: 15 43 00 0000009a jeq modify_ldt 004f (false 000c) 000c: 15 42 00 000000d4 jeq lookup_dcookie 004f (false 000d) 000d: 15 41 00 0000012a jeq perf_event_open 004f (false 000e) 000e: 15 40 00 000001b6 jeq pidfd_getfd 004f (false 000f) 000f: 15 3f 00 00000137 jeq process_vm_writev 004f (false 0010) 0010: 15 3e 00 000000b0 jeq delete_module 004f (false 0011) 0011: 15 3d 00 00000139 jeq finit_module 004f (false 0012) 0012: 15 3c 00 000000af jeq init_module 004f (false 0013) 0013: 15 3b 00 000000a1 jeq chroot 004f (false 0014) 0014: 15 3a 00 000001af jeq fsconfig 004f (false 0015) 0015: 15 39 00 000001b0 jeq fsmount 004f (false 0016) 0016: 15 38 00 000001ae jeq fsopen 004f (false 0017) 0017: 15 37 00 000001b1 jeq fspick 004f (false 0018) 0018: 15 36 00 000000a5 jeq mount 004f (false 0019) 0019: 15 35 00 000001ad jeq move_mount 004f (false 001a) 001a: 15 34 00 000001ac jeq open_tree 004f (false 001b) 001b: 15 33 00 0000009b jeq pivot_root 004f (false 001c) 001c: 15 32 00 000000a6 jeq umount2 004f (false 001d) 001d: 15 31 00 0000009c jeq _sysctl 004f (false 001e) 001e: 15 30 00 000000b7 jeq afs_syscall 004f (false 001f) 001f: 15 2f 00 000000ae jeq create_module 004f (false 0020) 0020: 15 2e 00 000000b1 jeq get_kernel_syms 004f (false 0021) 0021: 15 2d 00 000000b5 jeq getpmsg 004f (false 0022) 0022: 15 2c 00 000000b6 jeq putpmsg 004f (false 0023) 0023: 15 2b 00 000000b2 jeq query_module 004f (false 0024) 0024: 15 2a 00 000000b9 jeq security 004f (false 0025) 0025: 15 29 00 0000008b jeq sysfs 004f (false 0026) 0026: 15 28 00 000000b8 jeq tuxcall 004f (false 0027) 0027: 15 27 00 00000086 jeq uselib 004f (false 0028) 0028: 15 26 00 00000088 jeq ustat 004f (false 0029) 0029: 15 25 00 000000ec jeq vserver 004f (false 002a) 002a: 15 24 00 000000ad jeq ioperm 004f (false 002b) 002b: 15 23 00 000000ac jeq iopl 004f (false 002c) 002c: 15 22 00 000000f6 jeq kexec_load 004f (false 002d) 002d: 15 21 00 00000140 jeq kexec_file_load 004f (false 002e) 002e: 15 20 00 000000a9 jeq reboot 004f (false 002f) 002f: 15 1f 00 000000a7 jeq swapon 004f (false 0030) 0030: 15 1e 00 000000a8 jeq swapoff 004f (false 0031) 0031: 15 1d 00 00000130 jeq open_by_handle_at 004f (false 0032) 0032: 15 1c 00 0000012f jeq name_to_handle_at 004f (false 0033) 0033: 15 1b 00 000000fb jeq ioprio_set 004f (false 0034) 0034: 15 1a 00 00000067 jeq syslog 004f (false 0035) 0035: 15 19 00 0000012c jeq fanotify_init 004f (false 0036) 0036: 15 18 00 000000f8 jeq add_key 004f (false 0037) 0037: 15 17 00 000000f9 jeq request_key 004f (false 0038) 0038: 15 16 00 000000ed jeq mbind 004f (false 0039) 0039: 15 15 00 00000100 jeq migrate_pages 004f (false 003a) 003a: 15 14 00 00000117 jeq move_pages 004f (false 003b) 003b: 15 13 00 000000fa jeq keyctl 004f (false 003c) 003c: 15 12 00 000000ce jeq io_setup 004f (false 003d) 003d: 15 11 00 000000cf jeq io_destroy 004f (false 003e) 003e: 15 10 00 000000d0 jeq io_getevents 004f (false 003f) 003f: 15 0f 00 000000d1 jeq io_submit 004f (false 0040) 0040: 15 0e 00 000000d2 jeq io_cancel 004f (false 0041) 0041: 15 0d 00 000000d8 jeq remap_file_pages 004f (false 0042) 0042: 15 0c 00 000000ee jeq set_mempolicy 004f (false 0043) 0043: 15 0b 00 00000116 jeq vmsplice 004f (false 0044) 0044: 15 0a 00 00000143 jeq userfaultfd 004f (false 0045) 0045: 15 09 00 000000a3 jeq acct 004f (false 0046) 0046: 15 08 00 00000141 jeq bpf 004f (false 0047) 0047: 15 07 00 000000b4 jeq nfsservctl 004f (false 0048) 0048: 15 06 00 000000ab jeq setdomainname 004f (false 0049) 0049: 15 05 00 000000aa jeq sethostname 004f (false 004a) 004a: 15 04 00 00000099 jeq vhangup 004f (false 004b) 004b: 15 03 00 00000065 jeq ptrace 004f (false 004c) 004c: 15 02 00 00000087 jeq personality 004f (false 004d) 004d: 15 01 00 00000136 jeq process_vm_readv 004f (false 004e) 004e: 06 00 00 7fff0000 ret ALLOW 004f: 06 00 01 00050001 ret ERRNO(1) seccomp filter configured Install namespaces filter configuring 26 seccomp entries in /run/firejail/mnt/seccomp/seccomp.namespaces sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp.namespaces Dropping all capabilities Drop privileges: pid 42, uid 1000, gid 1000, force_nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005) 0005: 35 01 00 00000000 jge read 0007 (false 0006) 0006: 06 00 00 00050001 ret ERRNO(1) 0007: 15 00 04 00000038 jeq clone 0008 (false 000c) 0008: 20 00 00 00000010 ld data.args[0] 0009: 45 00 01 7e020000 jset 7e020000 000a (false 000b) 000a: 06 00 00 00050001 ret ERRNO(1) 000b: 06 00 00 7fff0000 ret ALLOW 000c: 15 00 01 000001b3 jeq 1b3 000d (false 000e) 000d: 06 00 00 00050026 ret ERRNO(38) 000e: 15 00 04 00000110 jeq 110 000f (false 0013) 000f: 20 00 00 00000010 ld data.args[0] 0010: 45 00 01 7e020080 jset 7e020080 0011 (false 0012) 0011: 06 00 00 00050001 ret ERRNO(1) 0012: 06 00 00 7fff0000 ret ALLOW 0013: 15 00 04 00000134 jeq 134 0014 (false 0018) 0014: 20 00 00 00000018 ld data.args[8] 0015: 15 01 00 00000000 jeq 0 0017 (false 0016) 0016: 45 00 01 7e020080 jset 7e020080 0017 (false 0018) 0017: 06 00 00 00050001 ret ERRNO(1) 0018: 06 00 00 7fff0000 ret ALLOW 0019: 06 00 00 7fff0000 ret ALLOW configuring 26 seccomp entries in /run/firejail/mnt/seccomp/seccomp.namespaces.32 sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp.namespaces.32 Dropping all capabilities Drop privileges: pid 43, uid 1000, gid 1000, force_nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005) 0005: 35 01 00 00000000 jge read 0007 (false 0006) 0006: 06 00 00 00050001 ret ERRNO(1) 0007: 15 00 04 00000038 jeq clone 0008 (false 000c) 0008: 20 00 00 00000010 ld data.args[0] 0009: 45 00 01 7e020000 jset 7e020000 000a (false 000b) 000a: 06 00 00 00050001 ret ERRNO(1) 000b: 06 00 00 7fff0000 ret ALLOW 000c: 15 00 01 000001b3 jeq 1b3 000d (false 000e) 000d: 06 00 00 00050026 ret ERRNO(38) 000e: 15 00 04 00000110 jeq 110 000f (false 0013) 000f: 20 00 00 00000010 ld data.args[0] 0010: 45 00 01 7e020080 jset 7e020080 0011 (false 0012) 0011: 06 00 00 00050001 ret ERRNO(1) 0012: 06 00 00 7fff0000 ret ALLOW 0013: 15 00 04 00000134 jeq 134 0014 (false 0018) 0014: 20 00 00 00000018 ld data.args[8] 0015: 15 01 00 00000000 jeq 0 0017 (false 0016) 0016: 45 00 01 7e020080 jset 7e020080 0017 (false 0018) 0017: 06 00 00 00050001 ret ERRNO(1) 0018: 06 00 00 7fff0000 ret ALLOW 0019: 06 00 00 7fff0000 ret ALLOW Mounting read-only /run/firejail/mnt/seccomp 4158 3771 0:95 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755,inode64 mountid=4158 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs Seccomp directory: ls /run/firejail/mnt/seccomp drwxr-xr-x root root 200 . drwxr-xr-x root root 360 .. -rw-r--r-- local-op local-op 640 seccomp -rw-r--r-- local-op local-op 432 seccomp.32 -rw-r--r-- local-op local-op 207 seccomp.list -rw-r--r-- local-op local-op 208 seccomp.namespaces -rw-r--r-- local-op local-op 208 seccomp.namespaces.32 -rw-r--r-- local-op local-op 0 seccomp.postexec -rw-r--r-- local-op local-op 0 seccomp.postexec32 -rw-r--r-- local-op local-op 184 seccomp.protocol Active seccomp files: cat /run/firejail/mnt/seccomp/seccomp.list /run/firejail/mnt/seccomp/seccomp.protocol /run/firejail/mnt/seccomp/seccomp.32 /run/firejail/mnt/seccomp/seccomp /run/firejail/mnt/seccomp/seccomp.namespaces /run/firejail/mnt/seccomp/seccomp.namespaces.32 Dropping all capabilities nogroups command not ignored pid=22023: unlocking /run/firejail/firejail-network.lock ... noroot user namespace installed pid=22023: already unlocked /run/firejail/firejail-network.lock Dropping all capabilities NO_NEW_PRIVS set Drop privileges: pid 1, uid 1000, gid 1000, force_nogroups 0 AppArmor enabled Closing non-standard file descriptors Starting application LD_PRELOAD=(null) Not enforcing Landlock execvp argument 0: libreoffice Child process initialized in 182.68 ms Searching $PATH for libreoffice trying #/home/local-optimum/.nvm/versions/node/v22.15.0/bin/libreoffice# trying #/usr/local/sbin/libreoffice# trying #/usr/local/bin/libreoffice# trying #/usr/sbin/libreoffice# trying #/usr/bin/libreoffice# Installing /run/firejail/mnt/seccomp/seccomp.namespaces.32 seccomp filter Installing /run/firejail/mnt/seccomp/seccomp.namespaces seccomp filter Installing /run/firejail/mnt/seccomp/seccomp seccomp filter Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter Warning: failed to launch javaldx - java may not function correctly monitoring pid 44 (soffice:59): IBUS-WARNING **: 15:34:36.738: Unable to connect to ibus: Could not connect: No such file or directory ``` </p> </details>

gitea-mirror added the

workaround

label 2026-05-05 09:56:22 -06:00

gitea-mirror commented 2026-05-05 09:56:24 -06:00

Author

Owner

Copy link

@Lidoca commented on GitHub (Aug 30, 2025):

Let me know if I can assist in any way or help prioritize this.

<!-- gh-comment-id:3238847846 --> @Lidoca commented on GitHub (Aug 30, 2025): Let me know if I can assist in any way or help prioritize this.

gitea-mirror commented 2026-05-05 09:56:25 -06:00

Author

Owner

Copy link

@kmk3 commented on GitHub (Aug 31, 2025):

What desktop environment name/version?

Wayland or Xorg?

What is the output of the following?

env | LC_ALL=C sort | grep -i ibus

Through the command firejail --noprofile libreoffice, the behavior is
slightly different, Permission denied instead of No such file or
directory

IBus is usable only if LibreOffice is not run through Firejail (no
--noprofile or firecfg is configured)

Does it work with the following?

firejail --profile=noprofile /usr/bin/libreoffice

<!-- gh-comment-id:3240031193 --> @kmk3 commented on GitHub (Aug 31, 2025): What desktop environment name/version? Wayland or Xorg? What is the output of the following? ```sh env | LC_ALL=C sort | grep -i ibus ``` > Through the command `firejail --noprofile libreoffice`, the behavior is > slightly different, **Permission denied** instead of **No such file or > directory** > > IBus is usable only if LibreOffice is not run through Firejail (no > `--noprofile` or `firecfg` is configured) Does it work with the following? ```sh firejail --profile=noprofile /usr/bin/libreoffice ```

gitea-mirror commented 2026-05-05 09:56:26 -06:00

Author

Owner

Copy link

@rusty-snake commented on GitHub (Aug 31, 2025):

Maybe also try https://github.com/netblue30/firejail/issues/116#issuecomment-1007921471

@kmk3 if this works, we should add it to Wiki FAQ.

<!-- gh-comment-id:3240046282 --> @rusty-snake commented on GitHub (Aug 31, 2025): Maybe also try https://github.com/netblue30/firejail/issues/116#issuecomment-1007921471 @kmk3 if this works, we should add it to Wiki FAQ.

gitea-mirror commented 2026-05-05 09:56:27 -06:00

Author

Owner

Copy link

@Lidoca commented on GitHub (Sep 1, 2025):

I'm using GNOME 46, on Wayland.

The output of env | LC_ALL=C sort | grep -i ibus is

QT_IM_MODULE=ibus
XMODIFIERS=@im=ibus

firejail --profile=noprofile /usr/bin/libreoffice does not fix the problem.

But the following command works.

env GTK_IM_MODULE=ibus /usr/bin/libreoffice

Even without disabling Firejail profile.

<!-- gh-comment-id:3242586229 --> @Lidoca commented on GitHub (Sep 1, 2025): I'm using GNOME 46, on Wayland. The output of `env | LC_ALL=C sort | grep -i ibus` is ```output QT_IM_MODULE=ibus XMODIFIERS=@im=ibus ``` `firejail --profile=noprofile /usr/bin/libreoffice` does not fix the problem. But the following command works. ```sh env GTK_IM_MODULE=ibus /usr/bin/libreoffice ``` Even without disabling Firejail profile.

gitea-mirror commented 2026-05-05 09:56:28 -06:00

Author

Owner

Copy link

@kmk3 commented on GitHub (Sep 1, 2025):

I'm using GNOME 46, on Wayland.

The output of env | LC_ALL=C sort | grep -i ibus is

QT_IM_MODULE=ibus
XMODIFIERS=@im=ibus

Were those variables set automatically by the distribution or did you set them
manually?

firejail --profile=noprofile /usr/bin/libreoffice does not fix the problem.

But the following command works.

env GTK_IM_MODULE=ibus /usr/bin/libreoffice

Even without disabling Firejail profile.

Nice.

<!-- gh-comment-id:3242949889 --> @kmk3 commented on GitHub (Sep 1, 2025): > I'm using GNOME 46, on Wayland. > > The output of `env | LC_ALL=C sort | grep -i ibus` is > > ``` > QT_IM_MODULE=ibus > XMODIFIERS=@im=ibus > ``` Were those variables set automatically by the distribution or did you set them manually? > `firejail --profile=noprofile /usr/bin/libreoffice` does not fix the problem. > > But the following command works. > > ``` > env GTK_IM_MODULE=ibus /usr/bin/libreoffice > ``` > > Even without disabling Firejail profile. Nice.

gitea-mirror commented 2026-05-05 09:56:29 -06:00

Author

Owner

Copy link

@Lidoca commented on GitHub (Sep 1, 2025):

The variables are default value by the distribution.

Too bad that the symbolic link is set to /usr/local/bin/libreoffice.

<!-- gh-comment-id:3243359015 --> @Lidoca commented on GitHub (Sep 1, 2025): The variables are default value by the distribution. Too bad that the symbolic link is set to `/usr/local/bin/libreoffice`.

gitea-mirror commented 2026-05-05 09:56:30 -06:00

Author

Owner

Copy link

@kmk3 commented on GitHub (Sep 2, 2025):

Too bad that the symbolic link is set to /usr/local/bin/libreoffice.

What do you mean?

That is set by firecfg; see man firecfg and #2877.

<!-- gh-comment-id:3245015451 --> @kmk3 commented on GitHub (Sep 2, 2025): > Too bad that the symbolic link is set to `/usr/local/bin/libreoffice`. What do you mean? That is set by firecfg; see `man firecfg` and #2877.

gitea-mirror commented 2026-05-05 09:56:31 -06:00

Author

Owner

Copy link

@Lidoca commented on GitHub (Sep 2, 2025):

That is set by firecfg

I didn’t know that. Any thought about setting the LibreOffice default profile to /usr/bin/libreoffice?

<!-- gh-comment-id:3245200832 --> @Lidoca commented on GitHub (Sep 2, 2025): > That is set by firecfg I didn’t know that. Any thought about setting the LibreOffice default profile to `/usr/bin/libreoffice`?

gitea-mirror commented 2026-05-05 09:56:31 -06:00

Author

Owner

Copy link

@kmk3 commented on GitHub (Sep 2, 2025):

That is set by firecfg

I didn’t know that. Any thought about setting the LibreOffice default profile
to /usr/bin/libreoffice?

I have no idea what you mean; that is likely the path to the libreoffice
program itself and firejail does not modify files that belong to other
packages (especially binaries).

Firstly, make sure that you know how the $PATH variable works on Linux
(search it if not sure).

Then please read DESKTOP INTEGRATION in man firejail, all of man firecfg
and /etc/firejail/libreoffice.profile.

<!-- gh-comment-id:3245824595 --> @kmk3 commented on GitHub (Sep 2, 2025): > > That is set by firecfg > > I didn’t know that. Any thought about setting the LibreOffice default profile > to `/usr/bin/libreoffice`? I have no idea what you mean; that is likely the path to the libreoffice program itself and firejail does not modify files that belong to other packages (especially binaries). Firstly, make sure that you know how the `$PATH` variable works on Linux (search it if not sure). Then please read `DESKTOP INTEGRATION` in `man firejail`, all of `man firecfg` and /etc/firejail/libreoffice.profile.

gitea-mirror referenced this issue 2026-05-05 10:25:41 -06:00

[PR #3370] [CLOSED] github issue template ask unusual setups,debug warnings/errors #4737

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

serialize_remounts_v2

landlock_v4

landlock

release-0.9.64

release-0.9.62

gitlab_ci

LTSbase

fred_ctests

docs

0.9.80

0.9.80-rc1

0.9.78

0.9.76

0.9.76-rc4

0.9.76-rc3

0.9.76-rc2

0.9.76-rc1

0.9.74

landlock-split

0.9.72

0.9.72rc1

0.9.70

0.9.68

0.9.68rc1

0.9.66

0.9.66rc1

0.9.64.4

0.9.64.2

0.9.64

0.9.64rc1

0.9.62.4

0.9.62.2

0.9.62

0.9.56.2-LTS

0.9.60

0.9.60-rc1

0.9.58.2

0.9.58

0.9.58-rc1

0.9.56-LTS-release

0.9.56-LTS

0.9.56

0.9.56-rc1

0.9.54

0.9.54-rc2

0.9.54-rc1

0.9.52

0.9.38.12

0.9.50

0.9.50-rc1

0.9.48

0.9.46

0.9.46-rc1

0.9.44.10

0.9.44.8

0.9.44.6

0.9.38.10

0.9.44.4

0.9.38.8

0.9.44.2

0.9.44

0.9.44-rc1

0.9.38.4

0.9.42

0.9.42-rc2

0.9.38.2

0.9.42-rc1

disable-globalcfg

0.9.40

0.9.40-rc1

0.9.38

0.9.38-rc1

0.9.36

0.9.36-rc1

0.9.34

0.9.34-rc1

0.9.32

0.9.32-rc1

0.9.30

0.9.30-rc1

Labels

Clear labels   

LTS merge

  

LTS merge

  

bug

  

bug

  

converted-to-discussion

  

doc-todo

  

documentation

  

duplicate

  

enhancement

  

file-transfer

  

firecfg

  

firejail-in-firejail

  

firetools

  

graphics

  

help wanted

  

information_old

  

installation

  

invalid

  

modif

  

moved

  

needinfo

  

networking

  

notabug

  

notourbug

  

old-version

  

overlayfs

  

packaging

  

profile-request

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question_old

  

removal

  

runtime-permissions

  

sandbox-ipc

  

security

  

stale

  

wiki

  

wiki

  

wontfix

  

wordpress

  

workaround

No labels

LTS merge

LTS merge

bug

bug

converted-to-discussion

doc-todo

documentation

duplicate

enhancement

file-transfer

firecfg

firejail-in-firejail

firetools

graphics

help wanted

information_old

installation

invalid

modif

moved

needinfo

networking

notabug

notourbug

old-version

overlayfs

packaging

profile-request

pull-request

question

question_old

removal

runtime-permissions

sandbox-ipc

security

stale

wiki

wiki

wontfix

wordpress

workaround

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#3360

No description provided.