github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #6813] neochat: cannot log in #3379

New issue
Open
opened 2026-05-05 09:57:20 -06:00 by gitea-mirror · 3 comments
gitea-mirror commented 2026-05-05 09:57:20 -06:00
Owner
Copy link

Originally created by @madbehaviorus on GitHub (Jul 10, 2025).
Original GitHub issue: https://github.com/netblue30/firejail/issues/6813

Description

Hello community,

with a fresh new installed Debian 12 mini with fully xfce4 envirement, it is not possible to start neochat fully.
It breaks on the neochat "connection-site".

Steps to Reproduce

  1. Use firejail for all apps with profiles with "firecfg"
  2. Start neochat correctly with neochat (/usr/local/bin/neochat => softlink to the correct firejail profile)

Expected behavior

Normal login.

Actual behavior

Neochat stuck on "connection-site".

Behavior without a profile

Nothing changed on the GUI => same like above.

LC_ALL=C firejail --noprofile /usr/bin/neochat
firejail version 0.9.75

Parent pid 1244585, child pid 1244586
Warning: not remounting /var/lib/docker/overlay2/45740ab6dc89cbb4358639eece14dca40e05af1fa5e79e70e1755f68060dccde/merged
Warning: not remounting /var/lib/docker/overlay2/45740ab6dc89cbb4358639eece14dca40e05af1fa5e79e70e1755f68060dccde/merged
Base filesystem installed in 0.05 ms
Child process initialized in 8.97 ms
Reading access token from the keychain for "@$user:matrix.org"
qrc:/main.qml:168: TypeError: Cannot read property 'contentItem' of null

Environment

OS: Linux localhost 6.1.0-37-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.140-1 (2025-05-22) x86_64 GNU/Linux

$firejail --version

firejail version 0.9.75

Compile time support:
	- always force nonewprivs support is disabled
	- AppArmor support is disabled
	- AppImage support is enabled
	- chroot support is enabled
	- D-BUS proxy support is enabled
	- file transfer support is enabled
	- IDS support is disabled
	- Landlock support is enabled
	- networking support is enabled
	- output logging is enabled
	- overlayfs support is disabled
	- private-home support is enabled
	- private-lib support is disabled
	- private-cache and tmpfs as user enabled
	- sandbox check is enabled
	- SELinux support is disabled
	- user namespace support is enabled
	- X11 sandboxing support is enabled

neochat version: 23.01

Checklist

  • The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it).
  • I can reproduce the issue without custom modifications (e.g. globals.local).
  • The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
  • The profile (and redirect profile if exists) hasn't already been fixed upstream.
  • I have performed a short search for similar issues (to avoid opening a duplicate).
  • [-] I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.
  • [-] I used --profile=PROFILENAME to set the right profile. (Only relevant for AppImages)

Log

Output of LC_ALL=C firejail /path/to/program 

Reading profile /etc/firejail/neochat.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-shell.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-1793-workaround.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-runuser-common.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 1245521, child pid 1245524
Warning: not remounting /var/lib/docker/overlay2/45740ab6dc89cbb4358639eece14dca40e05af1fa5e79e70e1755f68060dccde/merged
Warning: not remounting /var/lib/docker/overlay2/45740ab6dc89cbb4358639eece14dca40e05af1fa5e79e70e1755f68060dccde/merged
1 program installed in 10.72 ms
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Warning: skipping crypto-policies for private /etc
Warning: skipping kde4rc for private /etc
Warning: skipping kde5rc for private /etc
Warning: skipping locale for private /etc
Warning: skipping locale.conf for private /etc
Warning: skipping pango for private /etc
Warning: skipping pki for private /etc
Warning: skipping Trolltech.conf for private /etc
Private /etc installed in 86.56 ms
Private /usr/etc installed in 0.01 ms
Child process initialized in 286.54 ms

(neochat:31): dbind-WARNING **: 00:31:21.484: Couldn't connect to accessibility bus: Failed to connect to socket /run/user/1000/at-spi/bus_0: Datei oder Verzeichnis nicht gefunden
QSystemTrayIcon::setVisible: No Icon set
Reading access token from the keychain for "@$user:matrix.org"
qrc:/main.qml:168: TypeError: Cannot read property 'contentItem' of null
qrc:/main.qml:168: TypeError: Cannot read property 'contentItem' of null

Output of LC_ALL=C firejail --debug /path/to/program 

ooking for kernel processes
Found kthreadd process, we are not running in a sandbox
pid=1246036: locking /run/firejail/firejail-run.lock ...
pid=1246036: locked /run/firejail/firejail-run.lock
pid=1246036: unlocking /run/firejail/firejail-run.lock ...
pid=1246036: unlocked /run/firejail/firejail-run.lock
Building quoted command line: '/usr/local/bin/firejail' 
Command name #firejail#
Attempting to find default.profile...
Found default.profile profile in /usr/local/etc/firejail directory
Reading profile /usr/local/etc/firejail/default.profile
Cannot access .local file default.local: No such file or directory, skipping...
Cannot access .local file globals.local: No such file or directory, skipping...
Found disable-common.inc profile in /usr/local/etc/firejail directory
Reading profile /usr/local/etc/firejail/disable-common.inc
Cannot access .local file disable-common.local: No such file or directory, skipping...
Found disable-programs.inc profile in /usr/local/etc/firejail directory
Reading profile /usr/local/etc/firejail/disable-programs.inc
Cannot access .local file disable-programs.local: No such file or directory, skipping...
Found landlock-common.inc profile in /usr/local/etc/firejail directory
Reading profile /usr/local/etc/firejail/landlock-common.inc
Cannot access .local file landlock-common.local: No such file or directory, skipping...
[profile] combined protocol list: "unix,inet,inet6"

** Note: you can use --noprofile to disable default.profile **

firejail version 0.9.75

pid=1246036: locking /run/firejail/firejail-run.lock ...
pid=1246036: locked /run/firejail/firejail-run.lock
DISPLAY=:0.0 parsed as 0
pid=1246036: unlocking /run/firejail/firejail-run.lock ...
pid=1246036: unlocked /run/firejail/firejail-run.lock
Using the local network stack
Parent pid 1246036, child pid 1246037
Initializing child process
Host network configured
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp directory
Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file
IBUS_ADDRESS=unix:abstract=/home/qizou/.cache/ibus/dbus-AxsgwWok,guid=a76d9b40f7b1d72ca4153c51686ab311
IBUS_DAEMON_PID=2520
Build protocol filter: unix,inet,inet6
sbox run: /run/firejail/lib/fseccomp protocol build unix,inet,inet6 /run/firejail/mnt/seccomp/seccomp.protocol 
Dropping all capabilities
Drop privileges: pid 2, uid 1000, gid 1000, force_nogroups 1
No supplementary groups
Drop privileges: pid 3, uid 1000, gid 1000, force_nogroups 0
Supplementary groups: 29 24 46 
Mounting /proc filesystem representing the PID namespace
Basic read-only filesystem:
Mounting read-only /etc
5262 4252 253:1 /etc /etc ro,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro
mountid=5262 fsname=/etc dir=/etc fstype=ext4
Mounting noexec /etc
5263 5262 253:1 /etc /etc ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro
mountid=5263 fsname=/etc dir=/etc fstype=ext4
Mounting read-only /var
5265 5264 0:56 / /var/lib/docker/overlay2/45740ab6dc89cbb4358639eece14dca40e05af1fa5e79e70e1755f68060dccde/merged rw,relatime master:884 - overlay overlay rw,lowerdir=/var/lib/docker/overlay2/l/YHKSWZV2RXSMEJQFYZYK3UHYTI:/var/lib/docker/overlay2/l/HDH4X74N3IKIVVRAIKR57VFU44:/var/lib/docker/overlay2/l/DV6QR356YUKWMGAGFUQY6JFVM3:/var/lib/docker/overlay2/l/4GYK4DCUT4C7NE7U4G3CPYCVG4:/var/lib/docker/overlay2/l/F2HNZ2UJBRLHTCAYOMYHHF7AQX:/var/lib/docker/overlay2/l/6BMA2WFDEWFHKYHXRCIRWGALAG:/var/lib/docker/overlay2/l/KJO3NHWCDTAB3IYJ462HBEXYXY:/var/lib/docker/overlay2/l/ZIUA6HKMOPJHTGW2BQC35FCHZV:/var/lib/docker/overlay2/l/SOYVQBIUENWJOPYKEH6PQZBVPW:/var/lib/docker/overlay2/l/MMYFRATI5V4AVEZY7HINBMD64U:/var/lib/docker/overlay2/l/EUXNQ4EH6UWPRGTZNWTZKB6MYL,upperdir=/var/lib/docker/overlay2/45740ab6dc89cbb4358639eece14dca40e05af1fa5e79e70e1755f68060dccde/diff,workdir=/var/lib/docker/overlay2/45740ab6dc89cbb4358639eece14dca40e05af1fa5e79e70e1755f68060dccde/work
mountid=5265 fsname=/ dir=/var/lib/docker/overlay2/45740ab6dc89cbb4358639eece14dca40e05af1fa5e79e70e1755f68060dccde/merged fstype=overlay
Warning: not remounting /var/lib/docker/overlay2/45740ab6dc89cbb4358639eece14dca40e05af1fa5e79e70e1755f68060dccde/merged
Mounting noexec /var
5267 5266 0:56 / /var/lib/docker/overlay2/45740ab6dc89cbb4358639eece14dca40e05af1fa5e79e70e1755f68060dccde/merged rw,relatime master:884 - overlay overlay rw,lowerdir=/var/lib/docker/overlay2/l/YHKSWZV2RXSMEJQFYZYK3UHYTI:/var/lib/docker/overlay2/l/HDH4X74N3IKIVVRAIKR57VFU44:/var/lib/docker/overlay2/l/DV6QR356YUKWMGAGFUQY6JFVM3:/var/lib/docker/overlay2/l/4GYK4DCUT4C7NE7U4G3CPYCVG4:/var/lib/docker/overlay2/l/F2HNZ2UJBRLHTCAYOMYHHF7AQX:/var/lib/docker/overlay2/l/6BMA2WFDEWFHKYHXRCIRWGALAG:/var/lib/docker/overlay2/l/KJO3NHWCDTAB3IYJ462HBEXYXY:/var/lib/docker/overlay2/l/ZIUA6HKMOPJHTGW2BQC35FCHZV:/var/lib/docker/overlay2/l/SOYVQBIUENWJOPYKEH6PQZBVPW:/var/lib/docker/overlay2/l/MMYFRATI5V4AVEZY7HINBMD64U:/var/lib/docker/overlay2/l/EUXNQ4EH6UWPRGTZNWTZKB6MYL,upperdir=/var/lib/docker/overlay2/45740ab6dc89cbb4358639eece14dca40e05af1fa5e79e70e1755f68060dccde/diff,workdir=/var/lib/docker/overlay2/45740ab6dc89cbb4358639eece14dca40e05af1fa5e79e70e1755f68060dccde/work
mountid=5267 fsname=/ dir=/var/lib/docker/overlay2/45740ab6dc89cbb4358639eece14dca40e05af1fa5e79e70e1755f68060dccde/merged fstype=overlay
Warning: not remounting /var/lib/docker/overlay2/45740ab6dc89cbb4358639eece14dca40e05af1fa5e79e70e1755f68060dccde/merged
Mounting read-only /usr
5268 4252 253:1 /usr /usr ro,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro
mountid=5268 fsname=/usr dir=/usr fstype=ext4
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Mounting tmpfs on /var/lib/dhcp
Mounting tmpfs on /var/lib/snmp
Mounting tmpfs on /var/lib/sudo
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Cleaning /run/user directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /run/firejail/sandbox
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/profile
Disable /run/firejail/x11
Mounting tmpfs on /dev
Globbing /run/firejail/mnt/dev/snd on /dev/snd (type=sound)
mounting /run/firejail/mnt/dev/snd on /dev/snd (type=sound) directory
Globbing /run/firejail/mnt/dev/dri on /dev/dri (type=3d)
mounting /run/firejail/mnt/dev/dri on /dev/dri (type=3d) directory
Globbing /run/firejail/mnt/dev/kfd on /dev/kfd (type=3d)
No match /run/firejail/mnt/dev/kfd (type=3d)
Globbing /run/firejail/mnt/dev/nvidia[0-9]* on /dev/nvidia[0-9]* (type=3d)
No match /run/firejail/mnt/dev/nvidia[0-9]* (type=3d)
Globbing /run/firejail/mnt/dev/nvidiactl on /dev/nvidiactl (type=3d)
No match /run/firejail/mnt/dev/nvidiactl (type=3d)
Globbing /run/firejail/mnt/dev/nvidia-modeset on /dev/nvidia-modeset (type=3d)
No match /run/firejail/mnt/dev/nvidia-modeset (type=3d)
Globbing /run/firejail/mnt/dev/nvidia-uvm on /dev/nvidia-uvm (type=3d)
No match /run/firejail/mnt/dev/nvidia-uvm (type=3d)
Globbing /run/firejail/mnt/dev/video[0-9]* on /dev/video[0-9]* (type=video)
skipping /run/firejail/mnt/dev/video0 on /dev/video0 due to its type (type=video)
skipping /run/firejail/mnt/dev/video1 on /dev/video1 due to its type (type=video)
Globbing /run/firejail/mnt/dev/dvb on /dev/dvb (type=tv)
No match /run/firejail/mnt/dev/dvb (type=tv)
Globbing /run/firejail/mnt/dev/sr[0-9]* on /dev/sr[0-9]* (type=dvd)
No match /run/firejail/mnt/dev/sr[0-9]* (type=dvd)
Globbing /run/firejail/mnt/dev/tcm[0-9]* on /dev/tcm[0-9]* (type=tpm)
No match /run/firejail/mnt/dev/tcm[0-9]* (type=tpm)
Globbing /run/firejail/mnt/dev/tcmrm[0-9]* on /dev/tcmrm[0-9]* (type=tpm)
No match /run/firejail/mnt/dev/tcmrm[0-9]* (type=tpm)
Globbing /run/firejail/mnt/dev/tpm[0-9]* on /dev/tpm[0-9]* (type=tpm)
skipping /run/firejail/mnt/dev/tpm0 on /dev/tpm0 due to its type (type=tpm)
Globbing /run/firejail/mnt/dev/tpmrm[0-9]* on /dev/tpmrm[0-9]* (type=tpm)
No match /run/firejail/mnt/dev/tpmrm[0-9]* (type=tpm)
Globbing /run/firejail/mnt/dev/hidraw[0-9]* on /dev/hidraw[0-9]* (type=u2f)
mounting /run/firejail/mnt/dev/hidraw0 on /dev/hidraw0 (type=u2f) file
mounting /run/firejail/mnt/dev/hidraw1 on /dev/hidraw1 (type=u2f) file
mounting /run/firejail/mnt/dev/hidraw2 on /dev/hidraw2 (type=u2f) file
mounting /run/firejail/mnt/dev/hidraw3 on /dev/hidraw3 (type=u2f) file
Globbing /run/firejail/mnt/dev/usb on /dev/usb (type=u2f)
mounting /run/firejail/mnt/dev/usb on /dev/usb (type=u2f) directory
Globbing /run/firejail/mnt/dev/input on /dev/input (type=input)
skipping /run/firejail/mnt/dev/input on /dev/input due to its type (type=input)
Globbing /run/firejail/mnt/dev/ntsync on /dev/ntsync (type=ntsync)
No match /run/firejail/mnt/dev/ntsync (type=ntsync)
Process /dev/shm directory
Generate private-tmp whitelist commands
blacklist /run/firejail/dbus
Creating a new /etc/hostname file
Creating empty /run/firejail/mnt/hostname file
Creating a new /etc/hosts file
Loading user hosts file
Mounting read-only /proc/sys
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/timer_list
Disable /proc/kcore
Disable /proc/kallsyms
Disable /usr/lib/modules (requested /lib/modules)
Disable /usr/lib/debug
Disable /boot
Disable /run/user/1000/gnupg
Disable /run/user/1000/systemd
Disable /proc/kmsg
Debug 588: whitelist /tmp/.X11-unix
Debug 609: expanded: /tmp/.X11-unix
Debug 620: new_name: /tmp/.X11-unix
Debug 630: dir: /tmp
Adding whitelist top level directory /tmp
Debug 588: whitelist /tmp/sndio
Debug 609: expanded: /tmp/sndio
Debug 620: new_name: /tmp/sndio
Debug 630: dir: /tmp
Removed path: whitelist /tmp/sndio
	new_name: /tmp/sndio
	realpath: (null)
	No such file or directory
Mounting tmpfs on /tmp, check owner: no
5328 4252 0:230 / /tmp rw,nosuid,nodev,relatime - tmpfs tmpfs rw,inode64
mountid=5328 fsname=/ dir=/tmp fstype=tmpfs
Whitelisting /tmp/.X11-unix
5329 5328 253:1 /tmp/.X11-unix /tmp/.X11-unix rw,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro
mountid=5329 fsname=/tmp/.X11-unix dir=/tmp/.X11-unix fstype=ext4
Disable /home/qizou/.local/share/Trash
Disable /home/qizou/.python_history
Disable /home/qizou/.bash_history
Disable /home/qizou/.sqlite_history
Disable /home/qizou/.lesshst
Disable /home/qizou/.config/autostart
Disable /home/qizou/.local/share/xorg
Disable /etc/X11/Xsession.d
Disable /etc/X11/xinit
Disable /etc/X11/xorg.conf.d
Disable /etc/xdg/autostart
Mounting read-only /home/qizou/.Xauthority
5341 5278 253:1 /home/qizou/.Xauthority /home/qizou/.Xauthority ro,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro
mountid=5341 fsname=/home/qizou/.Xauthority dir=/home/qizou/.Xauthority fstype=ext4
Disable /home/qizou/.config/kwalletrc
Mounting read-only /home/qizou/.cache/ksycoca5_de_qNXo_KAgpVcPLibHt5iY_zcDxYU=
5343 5278 253:1 /home/qizou/.cache/ksycoca5_de_qNXo_KAgpVcPLibHt5iY_zcDxYU= /home/qizou/.cache/ksycoca5_de_qNXo_KAgpVcPLibHt5iY_zcDxYU= ro,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro
mountid=5343 fsname=/home/qizou/.cache/ksycoca5_de_qNXo_KAgpVcPLibHt5iY_zcDxYU= dir=/home/qizou/.cache/ksycoca5_de_qNXo_KAgpVcPLibHt5iY_zcDxYU= fstype=ext4
Mounting read-only /home/qizou/.cache/ksycoca5_en_OlEdy2IYLZ5cBV8qlgsUHlCktd4=
5344 5278 253:1 /home/qizou/.cache/ksycoca5_en_OlEdy2IYLZ5cBV8qlgsUHlCktd4= /home/qizou/.cache/ksycoca5_en_OlEdy2IYLZ5cBV8qlgsUHlCktd4= ro,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro
mountid=5344 fsname=/home/qizou/.cache/ksycoca5_en_OlEdy2IYLZ5cBV8qlgsUHlCktd4= dir=/home/qizou/.cache/ksycoca5_en_OlEdy2IYLZ5cBV8qlgsUHlCktd4= fstype=ext4
Mounting read-only /home/qizou/.cache/ksycoca5_de_OlEdy2IYLZ5cBV8qlgsUHlCktd4=
5345 5278 253:1 /home/qizou/.cache/ksycoca5_de_OlEdy2IYLZ5cBV8qlgsUHlCktd4= /home/qizou/.cache/ksycoca5_de_OlEdy2IYLZ5cBV8qlgsUHlCktd4= ro,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro
mountid=5345 fsname=/home/qizou/.cache/ksycoca5_de_OlEdy2IYLZ5cBV8qlgsUHlCktd4= dir=/home/qizou/.cache/ksycoca5_de_OlEdy2IYLZ5cBV8qlgsUHlCktd4= fstype=ext4
Mounting read-only /home/qizou/.config/kdeglobals
5346 5278 253:1 /home/qizou/.config/kdeglobals /home/qizou/.config/kdeglobals ro,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro
mountid=5346 fsname=/home/qizou/.config/kdeglobals dir=/home/qizou/.config/kdeglobals fstype=ext4
Mounting read-only /home/qizou/.kde/share/config/kdeglobals
5347 5278 253:1 /home/qizou/.kde/share/config/kdeglobals /home/qizou/.kde/share/config/kdeglobals ro,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro
mountid=5347 fsname=/home/qizou/.kde/share/config/kdeglobals dir=/home/qizou/.kde/share/config/kdeglobals fstype=ext4
Mounting read-only /home/qizou/.local/share/konsole
5348 5278 253:1 /home/qizou/.local/share/konsole /home/qizou/.local/share/konsole ro,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro
mountid=5348 fsname=/home/qizou/.local/share/konsole dir=/home/qizou/.local/share/konsole fstype=ext4
Disable /home/qizou/.local/share/gvfs-metadata
Mounting read-only /home/qizou/.config/dconf
5350 5278 253:1 /home/qizou/.config/dconf /home/qizou/.config/dconf ro,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro
mountid=5350 fsname=/home/qizou/.config/dconf dir=/home/qizou/.config/dconf fstype=ext4
Add path entry /usr/local/bin
Add path entry /usr/bin
...skip path /bin
Add path entry /usr/local/games
Add path entry /usr/games
Add path entry /home/qizou/.local/bin
Number of path entries: 5
Disable /usr/bin/systemctl
Disable /usr/bin/systemd-delta
Disable /usr/bin/systemd-stdio-bridge
Disable /usr/bin/systemd-mount (requested /usr/bin/systemd-umount)
Disable /usr/bin/systemd-machine-id-setup
Disable /usr/bin/systemd-dissect
Disable /usr/bin/systemd-escape
Disable /usr/bin/systemd-notify
Disable /usr/bin/systemd-hwdb
Disable /usr/bin/systemd-detect-virt
Disable /usr/bin/systemd-mount
Disable /usr/bin/systemd-tmpfiles
Disable /usr/bin/systemd-cgtop
Disable /usr/bin/systemd-creds
Disable /usr/bin/systemd-inhibit
Disable /usr/bin/systemd-cat
Disable /usr/bin/systemd-sysext
Disable /usr/bin/systemd-nspawn
Disable /usr/bin/systemd-tty-ask-password-agent
Disable /usr/bin/systemd-firstboot
Disable /usr/bin/systemd-path
Disable /usr/bin/systemd-cryptenroll
Disable /usr/bin/systemd-sysusers
Disable /usr/bin/systemd-analyze
Disable /usr/bin/systemd-id128
Disable /usr/bin/systemd-repart
Disable /usr/bin/systemd-cgls
Disable /usr/bin/systemd-run
Disable /usr/bin/systemd-socket-activate
Disable /usr/bin/systemd-ask-password
Disable /usr/lib/systemd/systemd (requested /usr/bin/systemd)
Disable /run/user/1000/systemd
Disable /etc/systemd/network
Disable /etc/systemd/system
Disable /run/credentials
Disable /var/lib/systemd
Disable /etc/init.d
Disable /var/cache/libvirt
Disable /var/lib/libvirt
Disable /var/log/libvirt
Disable /usr/bin/zuluCrypt-cli
Disable /var/cache/apt
Disable /var/lib/apt
Disable /var/lib/dkms
Disable /var/lib/upower
Disable /var/mail
Disable /var/opt
Disable /run/docker.sock (requested /var/run/docker.sock)
Disable /var/spool/anacron
Disable /var/spool/cron
Disable /var/mail (requested /var/spool/mail)
Disable /etc/adduser.conf
Disable /etc/anacrontab
Disable /etc/apparmor
Disable /etc/apparmor.d
Disable /etc/crontab
Disable /etc/cron.monthly
Disable /etc/cron.daily
Disable /etc/cron.weekly
Disable /etc/cron.yearly
Disable /etc/cron.d
Disable /etc/cron.hourly
Disable /etc/default
Disable /etc/dkms
Disable /etc/grub.d
Disable /etc/kernel-img.conf
Disable /etc/kernel
Disable /etc/logrotate.d
Disable /etc/logrotate.conf
Disable /etc/modules-load.d
Disable /etc/modules
Disable /etc/rc6.d
Disable /etc/rc2.d
Disable /etc/rc5.d
Disable /etc/rc1.d
Disable /etc/rc4.d
Disable /etc/rc0.d
Disable /etc/rcS.d
Disable /etc/rc3.d
Disable /etc/logcheck
Disable /etc/rkhunter.conf
Disable /etc/rkhunter.conf.dpkg-dist
Disable /var/lib/rkhunter
Mounting read-only /home/qizou/.bash_aliases
5434 5278 253:1 /home/qizou/.bash_aliases /home/qizou/.bash_aliases ro,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro
mountid=5434 fsname=/home/qizou/.bash_aliases dir=/home/qizou/.bash_aliases fstype=ext4
Mounting read-only /home/qizou/.bash_logout
5435 5278 253:1 /home/qizou/.bash_logout /home/qizou/.bash_logout ro,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro
mountid=5435 fsname=/home/qizou/.bash_logout dir=/home/qizou/.bash_logout fstype=ext4
Mounting read-only /home/qizou/.bashrc
5436 5278 253:1 /home/qizou/.bashrc /home/qizou/.bashrc ro,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro
mountid=5436 fsname=/home/qizou/.bashrc dir=/home/qizou/.bashrc fstype=ext4
Mounting read-only /home/qizou/.profile
5437 5278 253:1 /home/qizou/.profile /home/qizou/.profile ro,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro
mountid=5437 fsname=/home/qizou/.profile dir=/home/qizou/.profile fstype=ext4
Mounting read-only /home/qizou/.gnupg/gpg.conf
5438 5278 253:1 /home/qizou/.gnupg/gpg.conf /home/qizou/.gnupg/gpg.conf ro,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro
mountid=5438 fsname=/home/qizou/.gnupg/gpg.conf dir=/home/qizou/.gnupg/gpg.conf fstype=ext4
Mounting read-only /home/qizou/.mozilla/firefox/profiles.ini
5439 5278 253:1 /home/qizou/.mozilla/firefox/profiles.ini /home/qizou/.mozilla/firefox/profiles.ini ro,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro
mountid=5439 fsname=/home/qizou/.mozilla/firefox/profiles.ini dir=/home/qizou/.mozilla/firefox/profiles.ini fstype=ext4
Mounting read-only /home/qizou/.reportbugrc
5440 5278 253:1 /home/qizou/.reportbugrc /home/qizou/.reportbugrc ro,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro
mountid=5440 fsname=/home/qizou/.reportbugrc dir=/home/qizou/.reportbugrc fstype=ext4
Mounting read-only /home/qizou/.ssh/config
5441 5278 253:1 /home/qizou/.ssh/config /home/qizou/.ssh/config ro,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro
mountid=5441 fsname=/home/qizou/.ssh/config dir=/home/qizou/.ssh/config fstype=ext4
Mounting read-only /home/qizou/.local/bin
5442 5278 253:1 /home/qizou/.local/bin /home/qizou/.local/bin ro,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro
mountid=5442 fsname=/home/qizou/.local/bin dir=/home/qizou/.local/bin fstype=ext4
Mounting read-only /home/qizou/.config/menus
5443 5278 253:1 /home/qizou/.config/menus /home/qizou/.config/menus ro,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro
mountid=5443 fsname=/home/qizou/.config/menus dir=/home/qizou/.config/menus fstype=ext4
Mounting read-only /home/qizou/.gnome/apps
5444 5278 253:1 /home/qizou/.gnome/apps /home/qizou/.gnome/apps ro,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro
mountid=5444 fsname=/home/qizou/.gnome/apps dir=/home/qizou/.gnome/apps fstype=ext4
Mounting read-only /home/qizou/.local/share/applications
5445 5278 253:1 /home/qizou/.local/share/applications /home/qizou/.local/share/applications ro,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro
mountid=5445 fsname=/home/qizou/.local/share/applications dir=/home/qizou/.local/share/applications fstype=ext4
Mounting read-only /home/qizou/.config/mimeapps.list
5446 5278 253:1 /home/qizou/.config/mimeapps.list /home/qizou/.config/mimeapps.list ro,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro
mountid=5446 fsname=/home/qizou/.config/mimeapps.list dir=/home/qizou/.config/mimeapps.list fstype=ext4
Mounting read-only /home/qizou/.config/user-dirs.dirs
5447 5278 253:1 /home/qizou/.config/user-dirs.dirs /home/qizou/.config/user-dirs.dirs ro,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro
mountid=5447 fsname=/home/qizou/.config/user-dirs.dirs dir=/home/qizou/.config/user-dirs.dirs fstype=ext4
Mounting read-only /home/qizou/.config/user-dirs.locale
5448 5278 253:1 /home/qizou/.config/user-dirs.locale /home/qizou/.config/user-dirs.locale ro,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro
mountid=5448 fsname=/home/qizou/.config/user-dirs.locale dir=/home/qizou/.config/user-dirs.locale fstype=ext4
Mounting read-only /home/qizou/.local/share/mime
5449 5278 253:1 /home/qizou/.local/share/mime /home/qizou/.local/share/mime ro,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro
mountid=5449 fsname=/home/qizou/.local/share/mime dir=/home/qizou/.local/share/mime fstype=ext4
Disable /etc/group-
Disable /etc/gshadow
Disable /etc/gshadow-
Disable /etc/passwd-
Disable /etc/shadow
Disable /etc/shadow-
Disable /etc/ssh
Disable /etc/sudo_logsrvd.conf
Disable /etc/sudo.conf
Disable /etc/sudoers.d
Disable /etc/sudoers
Disable /home/qizou/.cert
Disable /home/qizou/.gnupg
Disable /home/qizou/.local/share/keyrings
Disable /home/qizou/.local/share/kwalletd
Disable /home/qizou/.local/share/pki
Disable /home/qizou/.pki
Disable /home/qizou/.ssh
Disable /usr/sbin (requested /sbin)
Disable /usr/local/sbin
Disable /usr/sbin
Disable /usr/bin/busybox
Disable /usr/bin/chage
Disable /usr/bin/chfn
Disable /usr/bin/chsh
Disable /usr/bin/crontab
Disable /usr/bin/expiry
Disable /usr/bin/fusermount3
Disable /usr/bin/fusermount3 (requested /usr/bin/fusermount)
Disable /usr/bin/gpasswd
Disable /usr/bin/hostname
Disable /usr/bin/mount
Disable /usr/bin/mountpoint
Disable /usr/bin/nc.openbsd (requested /usr/bin/nc)
Disable /usr/bin/nc.openbsd
Disable /usr/bin/nc.traditional
Disable /usr/bin/netstat
Disable /usr/bin/networkctl
Disable /usr/bin/newgrp
Disable /usr/bin/nm-online
Disable /usr/bin/nmap
Disable /usr/bin/nmcli
Disable /usr/bin/nmtui
Disable /usr/bin/nmtui (requested /usr/bin/nmtui-connect)
Disable /usr/bin/nmtui (requested /usr/bin/nmtui-edit)
Disable /usr/bin/nmtui (requested /usr/bin/nmtui-hostname)
Disable /usr/bin/ntfs-3g
Disable /usr/bin/passwd
Disable /usr/bin/pkexec
Disable /usr/bin/plocate
Disable /usr/bin/newgrp (requested /usr/bin/sg)
Disable /usr/bin/ss
Disable /usr/bin/strace
Disable /usr/bin/su
Disable /usr/bin/sudo
Disable /usr/bin/traceroute.db (requested /usr/bin/traceroute)
Disable /usr/bin/umount
Disable /usr/bin/wall
Disable /usr/bin/write
Disable /usr/bin/xev
Disable /usr/lib/dbus-1.0/dbus-daemon-launch-helper
Disable /usr/lib/openssh
Disable /usr/lib/polkit-1/polkit-agent-helper-1 (requested /usr/lib/policykit-1/polkit-agent-helper-1)
Disable /usr/lib/xorg/Xorg.wrap
Disable /usr/bin/dpkg-genbuilddeps
Disable /usr/bin/dpkg-shlibdeps
Disable /usr/bin/dpkg-statoverride
Disable /usr/bin/dpkg-distaddfile
Disable /usr/bin/dpkg-vendor
Disable /usr/bin/dpkg-name
Disable /usr/bin/dpkg-scanpackages
Disable /usr/bin/dpkg-gencontrol
Disable /usr/bin/dpkg-deb
Disable /usr/bin/dpkg-split
Disable /usr/bin/dpkg-mergechangelogs
Disable /usr/bin/dpkg-buildflags
Disable /usr/bin/dpkg
Disable /usr/bin/dpkg-gensymbols
Disable /usr/bin/dpkg-source
Disable /usr/bin/dpkg-maintscript-helper
Disable /usr/bin/dpkg-scansources
Disable /usr/bin/dpkg-buildpackage
Disable /usr/bin/dpkg-realpath
Disable /usr/bin/dpkg-query
Disable /usr/bin/dpkg-genchanges
Disable /usr/bin/dpkg-genbuildinfo
Disable /usr/bin/dpkg-depcheck
Disable /usr/bin/dpkg-parsechangelog
Disable /usr/bin/dpkg-checkbuilddeps
Disable /usr/bin/dpkg-divert
Disable /usr/bin/dpkg-trigger
Disable /usr/bin/dpkg-architecture
Disable /usr/bin/apt-sortpkgs
Disable /usr/bin/apt-cdrom
Disable /usr/bin/apt-key
Disable /usr/bin/apt-ftparchive
Disable /usr/bin/apt-venv
Disable /usr/bin/apt
Disable /usr/bin/apt-show-versions
Disable /usr/bin/apt-mark
Disable /usr/bin/apt-extracttemplates
Disable /usr/bin/apt-listchanges
Disable /usr/bin/apt-get
Disable /usr/bin/apt-config
Disable /usr/bin/apt-cache
Disable /usr/bin/expect_passmass (requested /usr/bin/passmass)
Disable /usr/bin/proxy
Disable /usr/bin/aa-features-abi
Disable /usr/bin/aa-easyprof
Disable /usr/bin/aa-enabled
Disable /usr/bin/aa-exec
Disable /usr/bin/avahi-browse
Disable /usr/bin/avahi-resolve (requested /usr/bin/avahi-resolve-host-name)
Disable /usr/bin/avahi-resolve (requested /usr/bin/avahi-resolve-address)
Disable /usr/bin/avahi-resolve
Disable /usr/bin/avahi-publish (requested /usr/bin/avahi-publish-address)
Disable /usr/bin/avahi-browse (requested /usr/bin/avahi-browse-domains)
Disable /usr/bin/avahi-publish (requested /usr/bin/avahi-publish-service)
Disable /usr/bin/avahi-publish
Disable /usr/bin/avahi-set-host-name
Disable /usr/bin/dbus-update-activation-environment
Disable /usr/bin/dbus-run-session
Disable /usr/bin/dbus-launch
Disable /usr/bin/dbus-uuidgen
Disable /usr/bin/dbus-send
Disable /usr/bin/dbus-monitor
Disable /usr/bin/dbus-cleanup-sockets
Disable /usr/bin/dbus-daemon
Disable /usr/bin/debconf-apt-progress
Disable /usr/bin/debconf-copydb
Disable /usr/bin/debconf-communicate
Disable /usr/bin/debconf-set-selections
Disable /usr/bin/debconf-escape
Disable /usr/bin/debconf-show
Disable /usr/bin/debconf-gettextize
Disable /usr/bin/debconf-updatepo
Disable /usr/bin/debconf
Disable /usr/bin/grub-glue-efi
Disable /usr/bin/grub-render-label
Disable /usr/bin/grub-mklayout
Disable /usr/bin/grub-script-check
Disable /usr/bin/grub-mkimage
Disable /usr/bin/grub-mkrelpath
Disable /usr/bin/grub-menulst2cfg
Disable /usr/bin/grub-mount
Disable /usr/lib/grub/i386-pc/grub-ntldr-img (requested /usr/bin/grub-ntldr-img)
Disable /usr/bin/grub-fstest
Disable /usr/bin/grub-mkpasswd-pbkdf2
Disable /usr/bin/grub-mknetdir
Disable /usr/bin/grub-syslinux2cfg
Disable /usr/bin/grub-mkstandalone
Disable /usr/bin/grub-kbdcomp
Disable /usr/bin/grub-mkfont
Disable /usr/bin/grub-editenv
Disable /usr/bin/grub-mkrescue
Disable /usr/bin/grub-file
Disable /usr/bin/kernel-install
Disable /usr/local/bin/firemon
Disable /usr/bin/firemon
Disable /usr/local/bin/firecfg
Disable /usr/bin/firecfg
Disable /usr/local/bin/jailcheck
Disable /usr/bin/jailcheck
Disable /usr/bin/gnome-terminal
Disable /usr/bin/gnome-terminal.wrapper
Disable /usr/bin/xfce4-terminal
Disable /usr/bin/xfce4-terminal.wrapper
Disable /home/qizou/.cache/flatpak
Disable /home/qizou/.local/share/flatpak/.changed
Disable /home/qizou/.local/share/flatpak/repo
Disable /home/qizou/.local/share/flatpak/overrides
Disable /home/qizou/.local/share/flatpak/db
Disable /home/qizou/.var
Disable /usr/bin/bwrap
Disable /run/user/1000/.dbus-proxy
Disable /run/user/1000/.flatpak
Disable /run/user/1000/.flatpak-helper
Disable /run/user/1000/app
Warning (blacklisting): cannot stat /run/user/1000/doc: Permission denied
Disable /usr/share/flatpak
Disable /var/lib/flatpak/.changed
Disable /var/lib/flatpak/repo
Disable /var/lib/flatpak/appstream
Not blacklist /var/lib/flatpak/exports
Disable /var/lib/flatpak/runtime
Disable /var/lib/flatpak/.removed
Disable /var/lib/flatpak/app
Disable /home/qizou/snap
Disable /usr/bin/snap
Disable /usr/lib/snapd/snapctl (requested /usr/bin/snapctl)
Disable /run/user/1000/snapd-session-agent.socket
Disable /snap
Disable /usr/lib/snapd
Disable /var/lib/snapd
Disable /var/snap
Disable /usr/bin/delv
Disable /usr/bin/firejail (requested /usr/local/bin/dig)
Disable /usr/bin/dig
Disable /usr/bin/dnstap-read
Disable /usr/bin/mdig
Disable /usr/bin/firejail (requested /usr/local/bin/host)
Disable /usr/bin/host
Disable /usr/bin/firejail (requested /usr/local/bin/nslookup)
Disable /usr/bin/nslookup
Disable /usr/bin/nsupdate
Disable /usr/bin/nstat
Disable /usr/bin/firejail (requested /usr/local/bin/ssh)
Disable /usr/libexec/ssh-askpass/x11-ssh-askpass (requested /usr/bin/ssh-askpass)
Disable /usr/bin/ssh-add
Disable /usr/bin/ssh-keygen
Disable /usr/bin/ssh-argv0
Disable /usr/bin/ssh-keyscan
Disable /usr/bin/sshfs
Disable /usr/bin/ssh-agent
Disable /usr/bin/ssh-copy-id
Disable /usr/bin/ssh
Disable /usr/bin/firejail (requested /usr/local/bin/telnet)
Disable /usr/bin/inetutils-telnet (requested /usr/bin/telnet)
Disable /run/user/1000/pipewire-0.lock
Disable /run/user/1000/pk-debconf-socket
Disable /home/qizou/.android
Disable /home/qizou/.audacity-data
Disable /home/qizou/.bogofilter
Disable /home/qizou/.cache/0ad
Disable /home/qizou/.cache/Clementine
Disable /home/qizou/.cache/Flavio Tordini
Disable /home/qizou/.cache/KDE/neochat
Disable /home/qizou/.cache/atril
Disable /home/qizou/.cache/babl
Disable /home/qizou/.cache/calibre
Disable /home/qizou/.cache/champlain
Disable /home/qizou/.cache/darktable
Disable /home/qizou/.cache/deja-dup
Disable /home/qizou/.cache/epiphany
Disable /home/qizou/.cache/evolution
Disable /home/qizou/.cache/feedreader
Disable /home/qizou/.cache/folks
Disable /home/qizou/.cache/freecol
Disable /home/qizou/.cache/gajim
Disable /home/qizou/.cache/gegl-0.4
Disable /home/qizou/.cache/gimp
Disable /home/qizou/.cache/kdenlive
Disable /home/qizou/.cache/keepassxc
Disable /home/qizou/.cache/liferea
Disable /home/qizou/.cache/mozilla
Disable /home/qizou/.cache/org.gnome.Maps
Disable /home/qizou/.cache/pdfmod
Disable /home/qizou/.cache/pip
Disable /home/qizou/.cache/pipe-viewer
Disable /home/qizou/.cache/quodlibet
Disable /home/qizou/.cache/simple-scan
Disable /home/qizou/.cache/systemsettings
Disable /home/qizou/.cache/transmission
Disable /home/qizou/.cache/virt-manager
Disable /home/qizou/.cache/vlc
Disable /home/qizou/.cache/winetricks
Disable /home/qizou/.cache/xournalpp
Disable /home/qizou/.cache/youtube-dl
Disable /home/qizou/.cache/yt-dlp
Disable /home/qizou/.config/0ad
Disable /home/qizou/.config/Clementine
Disable /home/qizou/.config/Code
Disable /home/qizou/.config/Element
Disable /home/qizou/.config/Flavio Tordini
Disable /home/qizou/.config/FreeCAD
Disable /home/qizou/.config/GIMP
Disable /home/qizou/.config/Google
Disable /home/qizou/.config/Mousepad
Disable /home/qizou/.config/Nextcloud
Disable /home/qizou/.config/Riot
Disable /home/qizou/.config/Thunar
Disable /home/qizou/.config/Unknown Organization
Disable /home/qizou/.config/atril
Disable /home/qizou/.config/brasero
Disable /home/qizou/.config/calibre
Disable /home/qizou/.config/catfish
Disable /home/qizou/.config/cherrytree
Disable /home/qizou/.config/darktable
Disable /home/qizou/.config/digikamrc
Disable /home/qizou/.config/emaildefaults
Disable /home/qizou/.config/emailidentities
Disable /home/qizou/.config/enchant
Disable /home/qizou/.config/epiphany
Disable /home/qizou/.config/evince
Disable /home/qizou/.config/evolution
Disable /home/qizou/.config/flameshot
Disable /home/qizou/.config/freecol
Disable /home/qizou/.config/gajim
Disable /home/qizou/.config/gedit
Disable /home/qizou/.config/ghb
Disable /home/qizou/.config/ghostwriter
Disable /home/qizou/.config/git
Disable /home/qizou/.config/gnome-session
Disable /home/qizou/.config/gnote
Disable /home/qizou/.config/gpicview
Disable /home/qizou/.config/gthumb
Disable /home/qizou/.config/k3brc
Disable /home/qizou/.config/katemetainfos
Disable /home/qizou/.config/katerc
Disable /home/qizou/.config/katevirc
Disable /home/qizou/.config/kdenliverc
Disable /home/qizou/.config/kdiff3rc
Disable /home/qizou/.config/keepassxc
Disable /home/qizou/.config/kid3rc
Disable /home/qizou/.config/konversationrc
Disable /home/qizou/.config/libreoffice
Disable /home/qizou/.config/liferea
Disable /home/qizou/.config/nautilus
Disable /home/qizou/.config/neochatrc
Disable /home/qizou/.config/obsidian
Disable /home/qizou/.config/okularpartrc
Disable /home/qizou/.config/okularrc
Disable /home/qizou/.config/pavucontrol.ini
Disable /home/qizou/.config/pdfmod
Disable /home/qizou/.config/pipe-viewer
Disable /home/qizou/.config/quodlibet
Disable /home/qizou/.config/remmina
Disable /home/qizou/.config/ristretto
Disable /home/qizou/.config/sqlitebrowser
Disable /home/qizou/.config/torbrowser
Disable /home/qizou/.config/transmission
Disable /home/qizou/.config/vlc
Disable /home/qizou/.config/xarchiver
Disable /home/qizou/.config/xfburn
Disable /home/qizou/.config/xfce4-dict
Disable /home/qizou/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml
Disable /home/qizou/.config/xournalpp
Disable /home/qizou/.config/yt-dlp
Disable /home/qizou/.config/zoomus.conf
Disable /home/qizou/.gitconfig
Disable /home/qizou/.hugin
Disable /home/qizou/.java
Disable /home/qizou/.local/share/0ad
Disable /home/qizou/.local/share/Flavio Tordini
Disable /home/qizou/.local/share/KDE/neochat
Disable /home/qizou/.local/share/Nextcloud
Disable /home/qizou/.local/share/epiphany
Disable /home/qizou/.local/share/evolution
Disable /home/qizou/.local/share/feedreader
Disable /home/qizou/.local/share/freecol
Disable /home/qizou/.local/share/gajim
Disable /home/qizou/.local/share/ghostwriter
Disable /home/qizou/.local/share/gnote
Disable /home/qizou/.local/share/kate
Disable /home/qizou/.local/share/kdenlive
Disable /home/qizou/.local/share/kxmlgui5/kigo
Disable /home/qizou/.local/share/kxmlgui5/kmymoney
Disable /home/qizou/.local/share/kxmlgui5/konversation
Disable /home/qizou/.local/share/kxmlgui5/kdevelop
Disable /home/qizou/.local/share/liferea
Disable /home/qizou/.local/share/maps-places.json
Disable /home/qizou/.local/share/nautilus
Disable /home/qizou/.local/share/okular
Disable /home/qizou/.local/share/remmina
Disable /home/qizou/.local/share/torbrowser
Disable /home/qizou/.local/share/vlc
Disable /home/qizou/.lyx
Disable /home/qizou/.mediathek3
Disable /home/qizou/.mozilla
Disable /home/qizou/.mplayer
Disable /home/qizou/.quodlibet
Disable /home/qizou/.ssr
Disable /home/qizou/.texlive2022
Disable /home/qizou/.viking
Disable /home/qizou/.viking-maps
Disable /home/qizou/.vscode
Disable /home/qizou/.wget-hsts
Disable /home/qizou/.zoom
Disable /home/qizou/Nextcloud
Mounting read-only /tmp/.X11-unix
5817 5329 253:1 /tmp/.X11-unix /tmp/.X11-unix ro,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro
mountid=5817 fsname=/tmp/.X11-unix dir=/tmp/.X11-unix fstype=ext4
Disable /sys/fs
Disable /sys/module
Base filesystem installed in 119.06 ms
Mounting noexec /run/firejail/mnt/pulse
5820 5259 0:133 /pulse /run/firejail/mnt/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64
mountid=5820 fsname=/pulse dir=/run/firejail/mnt/pulse fstype=tmpfs
Mounting /run/firejail/mnt/pulse on /home/qizou/.config/pulse
5821 5278 0:133 /pulse /home/qizou/.config/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64
mountid=5821 fsname=/pulse dir=/home/qizou/.config/pulse fstype=tmpfs
Globbing /dev/dvb (type=tv skip_symlinks=0)
No match /dev/dvb (type=tv)
Globbing /dev/tcm[0-9]* (type=tpm skip_symlinks=0)
No match /dev/tcm[0-9]* (type=tpm)
Globbing /dev/tcmrm[0-9]* (type=tpm skip_symlinks=0)
No match /dev/tcmrm[0-9]* (type=tpm)
Globbing /dev/tpm[0-9]* (type=tpm skip_symlinks=0)
No match /dev/tpm[0-9]* (type=tpm)
Globbing /dev/tpmrm[0-9]* (type=tpm skip_symlinks=0)
No match /dev/tpmrm[0-9]* (type=tpm)
Globbing /dev/video[0-9]* (type=video skip_symlinks=0)
No match /dev/video[0-9]* (type=video)
Globbing /dev/input (type=input skip_symlinks=0)
No match /dev/input (type=input)
Globbing /dev/ntsync (type=ntsync skip_symlinks=0)
No match /dev/ntsync (type=ntsync)
Current directory: /home/qizou
DISPLAY=:0.0 parsed as 0
Install protocol filter: unix,inet,inet6
configuring 23 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol
sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol 
Dropping all capabilities
Drop privileges: pid 4, uid 1000, gid 1000, force_nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 04 00 c000003e   jeq ARCH_64 0006 (false 0002)
 0002: 20 00 00 00000000   ld  data.syscall-number
 0003: 15 01 00 00000167   jeq unknown 0005 (false 0004)
 0004: 06 00 00 7fff0000   ret ALLOW
 0005: 05 00 00 00000009   jmp 000f
 0006: 20 00 00 00000004   ld  data.architecture
 0007: 15 01 00 c000003e   jeq ARCH_64 0009 (false 0008)
 0008: 06 00 00 7fff0000   ret ALLOW
 0009: 20 00 00 00000000   ld  data.syscall-number
 000a: 35 01 00 40000000   jge X32_ABI 000c (false 000b)
 000b: 35 01 00 00000000   jge read 000d (false 000c)
 000c: 06 00 00 00050001   ret ERRNO(1)
 000d: 15 01 00 00000029   jeq socket 000f (false 000e)
 000e: 06 00 00 7fff0000   ret ALLOW
 000f: 20 00 00 00000010   ld  data.args[0]
 0010: 15 00 01 00000001   jeq 1 0011 (false 0012)
 0011: 06 00 00 7fff0000   ret ALLOW
 0012: 15 00 01 00000002   jeq 2 0013 (false 0014)
 0013: 06 00 00 7fff0000   ret ALLOW
 0014: 15 00 01 0000000a   jeq a 0015 (false 0016)
 0015: 06 00 00 7fff0000   ret ALLOW
 0016: 06 00 00 0005005f   ret ERRNO(95)
configuring 54 seccomp entries in /run/firejail/mnt/seccomp/seccomp.32
sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp.32 
Dropping all capabilities
Drop privileges: pid 5, uid 1000, gid 1000, force_nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 40000003   jeq ARCH_32 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 15 30 00 00000015   jeq 15 0035 (false 0005)
 0005: 15 2f 00 00000034   jeq 34 0035 (false 0006)
 0006: 15 2e 00 0000001a   jeq 1a 0035 (false 0007)
 0007: 15 2d 00 0000011b   jeq 11b 0035 (false 0008)
 0008: 15 2c 00 00000155   jeq 155 0035 (false 0009)
 0009: 15 2b 00 00000156   jeq 156 0035 (false 000a)
 000a: 15 2a 00 0000007f   jeq 7f 0035 (false 000b)
 000b: 15 29 00 00000080   jeq 80 0035 (false 000c)
 000c: 15 28 00 0000015e   jeq 15e 0035 (false 000d)
 000d: 15 27 00 00000081   jeq 81 0035 (false 000e)
 000e: 15 26 00 0000006e   jeq 6e 0035 (false 000f)
 000f: 15 25 00 00000065   jeq 65 0035 (false 0010)
 0010: 15 24 00 00000121   jeq 121 0035 (false 0011)
 0011: 15 23 00 00000057   jeq 57 0035 (false 0012)
 0012: 15 22 00 00000073   jeq 73 0035 (false 0013)
 0013: 15 21 00 00000067   jeq 67 0035 (false 0014)
 0014: 15 20 00 0000015b   jeq 15b 0035 (false 0015)
 0015: 15 1f 00 0000015c   jeq 15c 0035 (false 0016)
 0016: 15 1e 00 00000087   jeq 87 0035 (false 0017)
 0017: 15 1d 00 00000095   jeq 95 0035 (false 0018)
 0018: 15 1c 00 0000007c   jeq 7c 0035 (false 0019)
 0019: 15 1b 00 00000157   jeq 157 0035 (false 001a)
 001a: 15 1a 00 000000fd   jeq fd 0035 (false 001b)
 001b: 15 19 00 00000150   jeq 150 0035 (false 001c)
 001c: 15 18 00 00000152   jeq 152 0035 (false 001d)
 001d: 15 17 00 0000015d   jeq 15d 0035 (false 001e)
 001e: 15 16 00 0000011e   jeq 11e 0035 (false 001f)
 001f: 15 15 00 0000011f   jeq 11f 0035 (false 0020)
 0020: 15 14 00 00000120   jeq 120 0035 (false 0021)
 0021: 15 13 00 00000056   jeq 56 0035 (false 0022)
 0022: 15 12 00 00000033   jeq 33 0035 (false 0023)
 0023: 15 11 00 0000007b   jeq 7b 0035 (false 0024)
 0024: 15 10 00 000000d9   jeq d9 0035 (false 0025)
 0025: 15 0f 00 000000f5   jeq f5 0035 (false 0026)
 0026: 15 0e 00 000000f6   jeq f6 0035 (false 0027)
 0027: 15 0d 00 000000f7   jeq f7 0035 (false 0028)
 0028: 15 0c 00 000000f8   jeq f8 0035 (false 0029)
 0029: 15 0b 00 000000f9   jeq f9 0035 (false 002a)
 002a: 15 0a 00 00000101   jeq 101 0035 (false 002b)
 002b: 15 09 00 00000112   jeq 112 0035 (false 002c)
 002c: 15 08 00 00000114   jeq 114 0035 (false 002d)
 002d: 15 07 00 00000126   jeq 126 0035 (false 002e)
 002e: 15 06 00 0000013d   jeq 13d 0035 (false 002f)
 002f: 15 05 00 0000013c   jeq 13c 0035 (false 0030)
 0030: 15 04 00 0000003d   jeq 3d 0035 (false 0031)
 0031: 15 03 00 00000058   jeq 58 0035 (false 0032)
 0032: 15 02 00 000000a9   jeq a9 0035 (false 0033)
 0033: 15 01 00 00000082   jeq 82 0035 (false 0034)
 0034: 06 00 00 7fff0000   ret ALLOW
 0035: 06 00 00 00050001   ret ERRNO(1)
Dual 32/64 bit seccomp filter configured
configuring 80 seccomp entries in /run/firejail/mnt/seccomp/seccomp
sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp 
Dropping all capabilities
Drop privileges: pid 6, uid 1000, gid 1000, force_nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 35 01 00 40000000   jge X32_ABI 0006 (false 0005)
 0005: 35 01 00 00000000   jge read 0007 (false 0006)
 0006: 06 00 00 00050001   ret ERRNO(1)
 0007: 15 47 00 0000009f   jeq adjtimex 004f (false 0008)
 0008: 15 46 00 00000131   jeq clock_adjtime 004f (false 0009)
 0009: 15 45 00 000000e3   jeq clock_settime 004f (false 000a)
 000a: 15 44 00 000000a4   jeq settimeofday 004f (false 000b)
 000b: 15 43 00 0000009a   jeq modify_ldt 004f (false 000c)
 000c: 15 42 00 000000d4   jeq lookup_dcookie 004f (false 000d)
 000d: 15 41 00 0000012a   jeq perf_event_open 004f (false 000e)
 000e: 15 40 00 000001b6   jeq pidfd_getfd 004f (false 000f)
 000f: 15 3f 00 00000137   jeq process_vm_writev 004f (false 0010)
 0010: 15 3e 00 000000b0   jeq delete_module 004f (false 0011)
 0011: 15 3d 00 00000139   jeq finit_module 004f (false 0012)
 0012: 15 3c 00 000000af   jeq init_module 004f (false 0013)
 0013: 15 3b 00 000000a1   jeq chroot 004f (false 0014)
 0014: 15 3a 00 000001af   jeq fsconfig 004f (false 0015)
 0015: 15 39 00 000001b0   jeq fsmount 004f (false 0016)
 0016: 15 38 00 000001ae   jeq fsopen 004f (false 0017)
 0017: 15 37 00 000001b1   jeq fspick 004f (false 0018)
 0018: 15 36 00 000000a5   jeq mount 004f (false 0019)
 0019: 15 35 00 000001ad   jeq move_mount 004f (false 001a)
 001a: 15 34 00 000001ac   jeq open_tree 004f (false 001b)
 001b: 15 33 00 0000009b   jeq pivot_root 004f (false 001c)
 001c: 15 32 00 000000a6   jeq umount2 004f (false 001d)
 001d: 15 31 00 0000009c   jeq _sysctl 004f (false 001e)
 001e: 15 30 00 000000b7   jeq afs_syscall 004f (false 001f)
 001f: 15 2f 00 000000ae   jeq create_module 004f (false 0020)
 0020: 15 2e 00 000000b1   jeq get_kernel_syms 004f (false 0021)
 0021: 15 2d 00 000000b5   jeq getpmsg 004f (false 0022)
 0022: 15 2c 00 000000b6   jeq putpmsg 004f (false 0023)
 0023: 15 2b 00 000000b2   jeq query_module 004f (false 0024)
 0024: 15 2a 00 000000b9   jeq security 004f (false 0025)
 0025: 15 29 00 0000008b   jeq sysfs 004f (false 0026)
 0026: 15 28 00 000000b8   jeq tuxcall 004f (false 0027)
 0027: 15 27 00 00000086   jeq uselib 004f (false 0028)
 0028: 15 26 00 00000088   jeq ustat 004f (false 0029)
 0029: 15 25 00 000000ec   jeq vserver 004f (false 002a)
 002a: 15 24 00 000000ad   jeq ioperm 004f (false 002b)
 002b: 15 23 00 000000ac   jeq iopl 004f (false 002c)
 002c: 15 22 00 000000f6   jeq kexec_load 004f (false 002d)
 002d: 15 21 00 00000140   jeq kexec_file_load 004f (false 002e)
 002e: 15 20 00 000000a9   jeq reboot 004f (false 002f)
 002f: 15 1f 00 000000a7   jeq swapon 004f (false 0030)
 0030: 15 1e 00 000000a8   jeq swapoff 004f (false 0031)
 0031: 15 1d 00 00000130   jeq open_by_handle_at 004f (false 0032)
 0032: 15 1c 00 0000012f   jeq name_to_handle_at 004f (false 0033)
 0033: 15 1b 00 000000fb   jeq ioprio_set 004f (false 0034)
 0034: 15 1a 00 00000067   jeq syslog 004f (false 0035)
 0035: 15 19 00 0000012c   jeq fanotify_init 004f (false 0036)
 0036: 15 18 00 000000f8   jeq add_key 004f (false 0037)
 0037: 15 17 00 000000f9   jeq request_key 004f (false 0038)
 0038: 15 16 00 000000ed   jeq mbind 004f (false 0039)
 0039: 15 15 00 00000100   jeq migrate_pages 004f (false 003a)
 003a: 15 14 00 00000117   jeq move_pages 004f (false 003b)
 003b: 15 13 00 000000fa   jeq keyctl 004f (false 003c)
 003c: 15 12 00 000000ce   jeq io_setup 004f (false 003d)
 003d: 15 11 00 000000cf   jeq io_destroy 004f (false 003e)
 003e: 15 10 00 000000d0   jeq io_getevents 004f (false 003f)
 003f: 15 0f 00 000000d1   jeq io_submit 004f (false 0040)
 0040: 15 0e 00 000000d2   jeq io_cancel 004f (false 0041)
 0041: 15 0d 00 000000d8   jeq remap_file_pages 004f (false 0042)
 0042: 15 0c 00 000000ee   jeq set_mempolicy 004f (false 0043)
 0043: 15 0b 00 00000116   jeq vmsplice 004f (false 0044)
 0044: 15 0a 00 00000143   jeq userfaultfd 004f (false 0045)
 0045: 15 09 00 000000a3   jeq acct 004f (false 0046)
 0046: 15 08 00 00000141   jeq bpf 004f (false 0047)
 0047: 15 07 00 000000b4   jeq nfsservctl 004f (false 0048)
 0048: 15 06 00 000000ab   jeq setdomainname 004f (false 0049)
 0049: 15 05 00 000000aa   jeq sethostname 004f (false 004a)
 004a: 15 04 00 00000099   jeq vhangup 004f (false 004b)
 004b: 15 03 00 00000065   jeq ptrace 004f (false 004c)
 004c: 15 02 00 00000087   jeq personality 004f (false 004d)
 004d: 15 01 00 00000136   jeq process_vm_readv 004f (false 004e)
 004e: 06 00 00 7fff0000   ret ALLOW
 004f: 06 00 01 00050001   ret ERRNO(1)
seccomp filter configured
Install namespaces filter
configuring 26 seccomp entries in /run/firejail/mnt/seccomp/seccomp.namespaces
sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp.namespaces 
Dropping all capabilities
Drop privileges: pid 7, uid 1000, gid 1000, force_nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 35 01 00 40000000   jge X32_ABI 0006 (false 0005)
 0005: 35 01 00 00000000   jge read 0007 (false 0006)
 0006: 06 00 00 00050001   ret ERRNO(1)
 0007: 15 00 04 00000038   jeq clone 0008 (false 000c)
 0008: 20 00 00 00000010   ld  data.args[0]
 0009: 45 00 01 7e020000   jset 7e020000 000a (false 000b)
 000a: 06 00 00 00050001   ret ERRNO(1)
 000b: 06 00 00 7fff0000   ret ALLOW
 000c: 15 00 01 000001b3   jeq 1b3 000d (false 000e)
 000d: 06 00 00 00050026   ret ERRNO(38)
 000e: 15 00 04 00000110   jeq 110 000f (false 0013)
 000f: 20 00 00 00000010   ld  data.args[0]
 0010: 45 00 01 7e020080   jset 7e020080 0011 (false 0012)
 0011: 06 00 00 00050001   ret ERRNO(1)
 0012: 06 00 00 7fff0000   ret ALLOW
 0013: 15 00 04 00000134   jeq 134 0014 (false 0018)
 0014: 20 00 00 00000018   ld  data.args[8]
 0015: 15 01 00 00000000   jeq 0 0017 (false 0016)
 0016: 45 00 01 7e020080   jset 7e020080 0017 (false 0018)
 0017: 06 00 00 00050001   ret ERRNO(1)
 0018: 06 00 00 7fff0000   ret ALLOW
 0019: 06 00 00 7fff0000   ret ALLOW
configuring 26 seccomp entries in /run/firejail/mnt/seccomp/seccomp.namespaces.32
sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp.namespaces.32 
Dropping all capabilities
Drop privileges: pid 8, uid 1000, gid 1000, force_nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 35 01 00 40000000   jge X32_ABI 0006 (false 0005)
 0005: 35 01 00 00000000   jge read 0007 (false 0006)
 0006: 06 00 00 00050001   ret ERRNO(1)
 0007: 15 00 04 00000038   jeq clone 0008 (false 000c)
 0008: 20 00 00 00000010   ld  data.args[0]
 0009: 45 00 01 7e020000   jset 7e020000 000a (false 000b)
 000a: 06 00 00 00050001   ret ERRNO(1)
 000b: 06 00 00 7fff0000   ret ALLOW
 000c: 15 00 01 000001b3   jeq 1b3 000d (false 000e)
 000d: 06 00 00 00050026   ret ERRNO(38)
 000e: 15 00 04 00000110   jeq 110 000f (false 0013)
 000f: 20 00 00 00000010   ld  data.args[0]
 0010: 45 00 01 7e020080   jset 7e020080 0011 (false 0012)
 0011: 06 00 00 00050001   ret ERRNO(1)
 0012: 06 00 00 7fff0000   ret ALLOW
 0013: 15 00 04 00000134   jeq 134 0014 (false 0018)
 0014: 20 00 00 00000018   ld  data.args[8]
 0015: 15 01 00 00000000   jeq 0 0017 (false 0016)
 0016: 45 00 01 7e020080   jset 7e020080 0017 (false 0018)
 0017: 06 00 00 00050001   ret ERRNO(1)
 0018: 06 00 00 7fff0000   ret ALLOW
 0019: 06 00 00 7fff0000   ret ALLOW
Mounting read-only /run/firejail/mnt/seccomp
5823 5259 0:133 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755,inode64
mountid=5823 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs
Seccomp directory:
ls /run/firejail/mnt/seccomp
drwxr-xr-x root     root             200 .
drwxr-xr-x root     root             320 ..
-rw-r--r-- qizou    qizou            640 seccomp
-rw-r--r-- qizou    qizou            432 seccomp.32
-rw-r--r-- qizou    qizou            207 seccomp.list
-rw-r--r-- qizou    qizou            208 seccomp.namespaces
-rw-r--r-- qizou    qizou            208 seccomp.namespaces.32
-rw-r--r-- qizou    qizou              0 seccomp.postexec
-rw-r--r-- qizou    qizou              0 seccomp.postexec32
-rw-r--r-- qizou    qizou            184 seccomp.protocol
Active seccomp files:
cat /run/firejail/mnt/seccomp/seccomp.list
/run/firejail/mnt/seccomp/seccomp.protocol
/run/firejail/mnt/seccomp/seccomp.32
/run/firejail/mnt/seccomp/seccomp
/run/firejail/mnt/seccomp/seccomp.namespaces
/run/firejail/mnt/seccomp/seccomp.namespaces.32
Dropping all capabilities
pid=1246036: unlocking /run/firejail/firejail-network.lock ...
pid=1246036: already unlocked /run/firejail/firejail-network.lock
noroot user namespace installed
Dropping all capabilities
NO_NEW_PRIVS set
Drop privileges: pid 1, uid 1000, gid 1000, force_nogroups 0
Supplementary groups: 29 24 46 
Closing non-standard file descriptors
Starting application
LD_PRELOAD=(null)
Not enforcing Landlock (see landlock.enforce)
execvp argument 0: /usr/local/bin/firejail
Child process initialized in 200.66 ms
Installing /run/firejail/mnt/seccomp/seccomp.namespaces.32 seccomp filter
Installing /run/firejail/mnt/seccomp/seccomp.namespaces seccomp filter
Installing /run/firejail/mnt/seccomp/seccomp seccomp filter
Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter
Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter
Warning: an existing sandbox was detected. /bin/bash will run without any additional sandboxing features
Error: --shell=none configured, but no program specified
monitoring pid 9

Sandbox monitor: waitpid 9 retval 9 status 256

Parent is shutting down, bye...

  • Edit 1-2,4 fix characters
  • Edit 3: updated @ newest version and profiles + add more info
Originally created by @madbehaviorus on GitHub (Jul 10, 2025). Original GitHub issue: https://github.com/netblue30/firejail/issues/6813 ### Description Hello community, with a fresh new installed Debian 12 mini with fully xfce4 envirement, it is not possible to start neochat fully. It breaks on the neochat "connection-site". ### Steps to Reproduce 1. Use firejail for all apps with profiles with "firecfg" 2. Start neochat correctly with neochat (/usr/local/bin/neochat => softlink to the correct firejail profile) ### Expected behavior Normal login. ### Actual behavior Neochat stuck on "connection-site". ### Behavior without a profile Nothing changed on the GUI => same like above. ``` LC_ALL=C firejail --noprofile /usr/bin/neochat firejail version 0.9.75 Parent pid 1244585, child pid 1244586 Warning: not remounting /var/lib/docker/overlay2/45740ab6dc89cbb4358639eece14dca40e05af1fa5e79e70e1755f68060dccde/merged Warning: not remounting /var/lib/docker/overlay2/45740ab6dc89cbb4358639eece14dca40e05af1fa5e79e70e1755f68060dccde/merged Base filesystem installed in 0.05 ms Child process initialized in 8.97 ms Reading access token from the keychain for "@$user:matrix.org" qrc:/main.qml:168: TypeError: Cannot read property 'contentItem' of null ``` ### Environment OS: `Linux localhost 6.1.0-37-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.140-1 (2025-05-22) x86_64 GNU/Linux` ``` $firejail --version firejail version 0.9.75 Compile time support: - always force nonewprivs support is disabled - AppArmor support is disabled - AppImage support is enabled - chroot support is enabled - D-BUS proxy support is enabled - file transfer support is enabled - IDS support is disabled - Landlock support is enabled - networking support is enabled - output logging is enabled - overlayfs support is disabled - private-home support is enabled - private-lib support is disabled - private-cache and tmpfs as user enabled - sandbox check is enabled - SELinux support is disabled - user namespace support is enabled - X11 sandboxing support is enabled ``` neochat version: 23.01 ### Checklist - [x] The issues is caused by firejail (i.e. running the program by path (e.g. `/usr/bin/vlc`) "fixes" it). - [x] I can reproduce the issue without custom modifications (e.g. globals.local). - [x] The program has a profile. (If not, request one in `https://github.com/netblue30/firejail/issues/1139`) - [x] The profile (and redirect profile if exists) hasn't already been fixed [upstream](https://github.com/netblue30/firejail/tree/master/etc). - [x] I have performed a short search for similar issues (to avoid opening a duplicate). - [-] I'm aware of `browser-allow-drm yes`/`browser-disable-u2f no` in `firejail.config` to allow DRM/U2F in browsers. - [-] I used `--profile=PROFILENAME` to set the right profile. (Only relevant for AppImages) ### Log <details> <summary>Output of <code>LC_ALL=C firejail /path/to/program</code></summary> <p> ``` Reading profile /etc/firejail/neochat.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-shell.inc Reading profile /etc/firejail/disable-xdg.inc Reading profile /etc/firejail/whitelist-1793-workaround.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-runuser-common.inc Reading profile /etc/firejail/whitelist-usr-share-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Parent pid 1245521, child pid 1245524 Warning: not remounting /var/lib/docker/overlay2/45740ab6dc89cbb4358639eece14dca40e05af1fa5e79e70e1755f68060dccde/merged Warning: not remounting /var/lib/docker/overlay2/45740ab6dc89cbb4358639eece14dca40e05af1fa5e79e70e1755f68060dccde/merged 1 program installed in 10.72 ms Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Warning: skipping crypto-policies for private /etc Warning: skipping kde4rc for private /etc Warning: skipping kde5rc for private /etc Warning: skipping locale for private /etc Warning: skipping locale.conf for private /etc Warning: skipping pango for private /etc Warning: skipping pki for private /etc Warning: skipping Trolltech.conf for private /etc Private /etc installed in 86.56 ms Private /usr/etc installed in 0.01 ms Child process initialized in 286.54 ms (neochat:31): dbind-WARNING **: 00:31:21.484: Couldn't connect to accessibility bus: Failed to connect to socket /run/user/1000/at-spi/bus_0: Datei oder Verzeichnis nicht gefunden QSystemTrayIcon::setVisible: No Icon set Reading access token from the keychain for "@$user:matrix.org" qrc:/main.qml:168: TypeError: Cannot read property 'contentItem' of null qrc:/main.qml:168: TypeError: Cannot read property 'contentItem' of null ``` </p> </details> <details> <summary>Output of <code>LC_ALL=C firejail --debug /path/to/program</code></summary> <p> ``` ooking for kernel processes Found kthreadd process, we are not running in a sandbox pid=1246036: locking /run/firejail/firejail-run.lock ... pid=1246036: locked /run/firejail/firejail-run.lock pid=1246036: unlocking /run/firejail/firejail-run.lock ... pid=1246036: unlocked /run/firejail/firejail-run.lock Building quoted command line: '/usr/local/bin/firejail' Command name #firejail# Attempting to find default.profile... Found default.profile profile in /usr/local/etc/firejail directory Reading profile /usr/local/etc/firejail/default.profile Cannot access .local file default.local: No such file or directory, skipping... Cannot access .local file globals.local: No such file or directory, skipping... Found disable-common.inc profile in /usr/local/etc/firejail directory Reading profile /usr/local/etc/firejail/disable-common.inc Cannot access .local file disable-common.local: No such file or directory, skipping... Found disable-programs.inc profile in /usr/local/etc/firejail directory Reading profile /usr/local/etc/firejail/disable-programs.inc Cannot access .local file disable-programs.local: No such file or directory, skipping... Found landlock-common.inc profile in /usr/local/etc/firejail directory Reading profile /usr/local/etc/firejail/landlock-common.inc Cannot access .local file landlock-common.local: No such file or directory, skipping... [profile] combined protocol list: "unix,inet,inet6" ** Note: you can use --noprofile to disable default.profile ** firejail version 0.9.75 pid=1246036: locking /run/firejail/firejail-run.lock ... pid=1246036: locked /run/firejail/firejail-run.lock DISPLAY=:0.0 parsed as 0 pid=1246036: unlocking /run/firejail/firejail-run.lock ... pid=1246036: unlocked /run/firejail/firejail-run.lock Using the local network stack Parent pid 1246036, child pid 1246037 Initializing child process Host network configured PID namespace installed Mounting tmpfs on /run/firejail/mnt directory Creating empty /run/firejail/mnt/seccomp directory Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file IBUS_ADDRESS=unix:abstract=/home/qizou/.cache/ibus/dbus-AxsgwWok,guid=a76d9b40f7b1d72ca4153c51686ab311 IBUS_DAEMON_PID=2520 Build protocol filter: unix,inet,inet6 sbox run: /run/firejail/lib/fseccomp protocol build unix,inet,inet6 /run/firejail/mnt/seccomp/seccomp.protocol Dropping all capabilities Drop privileges: pid 2, uid 1000, gid 1000, force_nogroups 1 No supplementary groups Drop privileges: pid 3, uid 1000, gid 1000, force_nogroups 0 Supplementary groups: 29 24 46 Mounting /proc filesystem representing the PID namespace Basic read-only filesystem: Mounting read-only /etc 5262 4252 253:1 /etc /etc ro,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro mountid=5262 fsname=/etc dir=/etc fstype=ext4 Mounting noexec /etc 5263 5262 253:1 /etc /etc ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro mountid=5263 fsname=/etc dir=/etc fstype=ext4 Mounting read-only /var 5265 5264 0:56 / /var/lib/docker/overlay2/45740ab6dc89cbb4358639eece14dca40e05af1fa5e79e70e1755f68060dccde/merged rw,relatime master:884 - overlay overlay rw,lowerdir=/var/lib/docker/overlay2/l/YHKSWZV2RXSMEJQFYZYK3UHYTI:/var/lib/docker/overlay2/l/HDH4X74N3IKIVVRAIKR57VFU44:/var/lib/docker/overlay2/l/DV6QR356YUKWMGAGFUQY6JFVM3:/var/lib/docker/overlay2/l/4GYK4DCUT4C7NE7U4G3CPYCVG4:/var/lib/docker/overlay2/l/F2HNZ2UJBRLHTCAYOMYHHF7AQX:/var/lib/docker/overlay2/l/6BMA2WFDEWFHKYHXRCIRWGALAG:/var/lib/docker/overlay2/l/KJO3NHWCDTAB3IYJ462HBEXYXY:/var/lib/docker/overlay2/l/ZIUA6HKMOPJHTGW2BQC35FCHZV:/var/lib/docker/overlay2/l/SOYVQBIUENWJOPYKEH6PQZBVPW:/var/lib/docker/overlay2/l/MMYFRATI5V4AVEZY7HINBMD64U:/var/lib/docker/overlay2/l/EUXNQ4EH6UWPRGTZNWTZKB6MYL,upperdir=/var/lib/docker/overlay2/45740ab6dc89cbb4358639eece14dca40e05af1fa5e79e70e1755f68060dccde/diff,workdir=/var/lib/docker/overlay2/45740ab6dc89cbb4358639eece14dca40e05af1fa5e79e70e1755f68060dccde/work mountid=5265 fsname=/ dir=/var/lib/docker/overlay2/45740ab6dc89cbb4358639eece14dca40e05af1fa5e79e70e1755f68060dccde/merged fstype=overlay Warning: not remounting /var/lib/docker/overlay2/45740ab6dc89cbb4358639eece14dca40e05af1fa5e79e70e1755f68060dccde/merged Mounting noexec /var 5267 5266 0:56 / /var/lib/docker/overlay2/45740ab6dc89cbb4358639eece14dca40e05af1fa5e79e70e1755f68060dccde/merged rw,relatime master:884 - overlay overlay rw,lowerdir=/var/lib/docker/overlay2/l/YHKSWZV2RXSMEJQFYZYK3UHYTI:/var/lib/docker/overlay2/l/HDH4X74N3IKIVVRAIKR57VFU44:/var/lib/docker/overlay2/l/DV6QR356YUKWMGAGFUQY6JFVM3:/var/lib/docker/overlay2/l/4GYK4DCUT4C7NE7U4G3CPYCVG4:/var/lib/docker/overlay2/l/F2HNZ2UJBRLHTCAYOMYHHF7AQX:/var/lib/docker/overlay2/l/6BMA2WFDEWFHKYHXRCIRWGALAG:/var/lib/docker/overlay2/l/KJO3NHWCDTAB3IYJ462HBEXYXY:/var/lib/docker/overlay2/l/ZIUA6HKMOPJHTGW2BQC35FCHZV:/var/lib/docker/overlay2/l/SOYVQBIUENWJOPYKEH6PQZBVPW:/var/lib/docker/overlay2/l/MMYFRATI5V4AVEZY7HINBMD64U:/var/lib/docker/overlay2/l/EUXNQ4EH6UWPRGTZNWTZKB6MYL,upperdir=/var/lib/docker/overlay2/45740ab6dc89cbb4358639eece14dca40e05af1fa5e79e70e1755f68060dccde/diff,workdir=/var/lib/docker/overlay2/45740ab6dc89cbb4358639eece14dca40e05af1fa5e79e70e1755f68060dccde/work mountid=5267 fsname=/ dir=/var/lib/docker/overlay2/45740ab6dc89cbb4358639eece14dca40e05af1fa5e79e70e1755f68060dccde/merged fstype=overlay Warning: not remounting /var/lib/docker/overlay2/45740ab6dc89cbb4358639eece14dca40e05af1fa5e79e70e1755f68060dccde/merged Mounting read-only /usr 5268 4252 253:1 /usr /usr ro,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro mountid=5268 fsname=/usr dir=/usr fstype=ext4 Mounting tmpfs on /var/lock Mounting tmpfs on /var/tmp Mounting tmpfs on /var/log Mounting tmpfs on /var/lib/dhcp Mounting tmpfs on /var/lib/snmp Mounting tmpfs on /var/lib/sudo Create the new utmp file Mount the new utmp file Cleaning /home directory Cleaning /run/user directory Sanitizing /etc/passwd, UID_MIN 1000 Sanitizing /etc/group, GID_MIN 1000 Disable /run/firejail/sandbox Disable /run/firejail/network Disable /run/firejail/bandwidth Disable /run/firejail/name Disable /run/firejail/profile Disable /run/firejail/x11 Mounting tmpfs on /dev Globbing /run/firejail/mnt/dev/snd on /dev/snd (type=sound) mounting /run/firejail/mnt/dev/snd on /dev/snd (type=sound) directory Globbing /run/firejail/mnt/dev/dri on /dev/dri (type=3d) mounting /run/firejail/mnt/dev/dri on /dev/dri (type=3d) directory Globbing /run/firejail/mnt/dev/kfd on /dev/kfd (type=3d) No match /run/firejail/mnt/dev/kfd (type=3d) Globbing /run/firejail/mnt/dev/nvidia[0-9]* on /dev/nvidia[0-9]* (type=3d) No match /run/firejail/mnt/dev/nvidia[0-9]* (type=3d) Globbing /run/firejail/mnt/dev/nvidiactl on /dev/nvidiactl (type=3d) No match /run/firejail/mnt/dev/nvidiactl (type=3d) Globbing /run/firejail/mnt/dev/nvidia-modeset on /dev/nvidia-modeset (type=3d) No match /run/firejail/mnt/dev/nvidia-modeset (type=3d) Globbing /run/firejail/mnt/dev/nvidia-uvm on /dev/nvidia-uvm (type=3d) No match /run/firejail/mnt/dev/nvidia-uvm (type=3d) Globbing /run/firejail/mnt/dev/video[0-9]* on /dev/video[0-9]* (type=video) skipping /run/firejail/mnt/dev/video0 on /dev/video0 due to its type (type=video) skipping /run/firejail/mnt/dev/video1 on /dev/video1 due to its type (type=video) Globbing /run/firejail/mnt/dev/dvb on /dev/dvb (type=tv) No match /run/firejail/mnt/dev/dvb (type=tv) Globbing /run/firejail/mnt/dev/sr[0-9]* on /dev/sr[0-9]* (type=dvd) No match /run/firejail/mnt/dev/sr[0-9]* (type=dvd) Globbing /run/firejail/mnt/dev/tcm[0-9]* on /dev/tcm[0-9]* (type=tpm) No match /run/firejail/mnt/dev/tcm[0-9]* (type=tpm) Globbing /run/firejail/mnt/dev/tcmrm[0-9]* on /dev/tcmrm[0-9]* (type=tpm) No match /run/firejail/mnt/dev/tcmrm[0-9]* (type=tpm) Globbing /run/firejail/mnt/dev/tpm[0-9]* on /dev/tpm[0-9]* (type=tpm) skipping /run/firejail/mnt/dev/tpm0 on /dev/tpm0 due to its type (type=tpm) Globbing /run/firejail/mnt/dev/tpmrm[0-9]* on /dev/tpmrm[0-9]* (type=tpm) No match /run/firejail/mnt/dev/tpmrm[0-9]* (type=tpm) Globbing /run/firejail/mnt/dev/hidraw[0-9]* on /dev/hidraw[0-9]* (type=u2f) mounting /run/firejail/mnt/dev/hidraw0 on /dev/hidraw0 (type=u2f) file mounting /run/firejail/mnt/dev/hidraw1 on /dev/hidraw1 (type=u2f) file mounting /run/firejail/mnt/dev/hidraw2 on /dev/hidraw2 (type=u2f) file mounting /run/firejail/mnt/dev/hidraw3 on /dev/hidraw3 (type=u2f) file Globbing /run/firejail/mnt/dev/usb on /dev/usb (type=u2f) mounting /run/firejail/mnt/dev/usb on /dev/usb (type=u2f) directory Globbing /run/firejail/mnt/dev/input on /dev/input (type=input) skipping /run/firejail/mnt/dev/input on /dev/input due to its type (type=input) Globbing /run/firejail/mnt/dev/ntsync on /dev/ntsync (type=ntsync) No match /run/firejail/mnt/dev/ntsync (type=ntsync) Process /dev/shm directory Generate private-tmp whitelist commands blacklist /run/firejail/dbus Creating a new /etc/hostname file Creating empty /run/firejail/mnt/hostname file Creating a new /etc/hosts file Loading user hosts file Mounting read-only /proc/sys Remounting /sys directory Disable /sys/firmware Disable /sys/hypervisor Disable /sys/power Disable /sys/kernel/debug Disable /sys/kernel/vmcoreinfo Disable /proc/sys/fs/binfmt_misc Disable /proc/sys/kernel/core_pattern Disable /proc/sys/kernel/modprobe Disable /proc/sysrq-trigger Disable /proc/sys/vm/panic_on_oom Disable /proc/irq Disable /proc/bus Disable /proc/timer_list Disable /proc/kcore Disable /proc/kallsyms Disable /usr/lib/modules (requested /lib/modules) Disable /usr/lib/debug Disable /boot Disable /run/user/1000/gnupg Disable /run/user/1000/systemd Disable /proc/kmsg Debug 588: whitelist /tmp/.X11-unix Debug 609: expanded: /tmp/.X11-unix Debug 620: new_name: /tmp/.X11-unix Debug 630: dir: /tmp Adding whitelist top level directory /tmp Debug 588: whitelist /tmp/sndio Debug 609: expanded: /tmp/sndio Debug 620: new_name: /tmp/sndio Debug 630: dir: /tmp Removed path: whitelist /tmp/sndio new_name: /tmp/sndio realpath: (null) No such file or directory Mounting tmpfs on /tmp, check owner: no 5328 4252 0:230 / /tmp rw,nosuid,nodev,relatime - tmpfs tmpfs rw,inode64 mountid=5328 fsname=/ dir=/tmp fstype=tmpfs Whitelisting /tmp/.X11-unix 5329 5328 253:1 /tmp/.X11-unix /tmp/.X11-unix rw,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro mountid=5329 fsname=/tmp/.X11-unix dir=/tmp/.X11-unix fstype=ext4 Disable /home/qizou/.local/share/Trash Disable /home/qizou/.python_history Disable /home/qizou/.bash_history Disable /home/qizou/.sqlite_history Disable /home/qizou/.lesshst Disable /home/qizou/.config/autostart Disable /home/qizou/.local/share/xorg Disable /etc/X11/Xsession.d Disable /etc/X11/xinit Disable /etc/X11/xorg.conf.d Disable /etc/xdg/autostart Mounting read-only /home/qizou/.Xauthority 5341 5278 253:1 /home/qizou/.Xauthority /home/qizou/.Xauthority ro,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro mountid=5341 fsname=/home/qizou/.Xauthority dir=/home/qizou/.Xauthority fstype=ext4 Disable /home/qizou/.config/kwalletrc Mounting read-only /home/qizou/.cache/ksycoca5_de_qNXo_KAgpVcPLibHt5iY_zcDxYU= 5343 5278 253:1 /home/qizou/.cache/ksycoca5_de_qNXo_KAgpVcPLibHt5iY_zcDxYU= /home/qizou/.cache/ksycoca5_de_qNXo_KAgpVcPLibHt5iY_zcDxYU= ro,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro mountid=5343 fsname=/home/qizou/.cache/ksycoca5_de_qNXo_KAgpVcPLibHt5iY_zcDxYU= dir=/home/qizou/.cache/ksycoca5_de_qNXo_KAgpVcPLibHt5iY_zcDxYU= fstype=ext4 Mounting read-only /home/qizou/.cache/ksycoca5_en_OlEdy2IYLZ5cBV8qlgsUHlCktd4= 5344 5278 253:1 /home/qizou/.cache/ksycoca5_en_OlEdy2IYLZ5cBV8qlgsUHlCktd4= /home/qizou/.cache/ksycoca5_en_OlEdy2IYLZ5cBV8qlgsUHlCktd4= ro,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro mountid=5344 fsname=/home/qizou/.cache/ksycoca5_en_OlEdy2IYLZ5cBV8qlgsUHlCktd4= dir=/home/qizou/.cache/ksycoca5_en_OlEdy2IYLZ5cBV8qlgsUHlCktd4= fstype=ext4 Mounting read-only /home/qizou/.cache/ksycoca5_de_OlEdy2IYLZ5cBV8qlgsUHlCktd4= 5345 5278 253:1 /home/qizou/.cache/ksycoca5_de_OlEdy2IYLZ5cBV8qlgsUHlCktd4= /home/qizou/.cache/ksycoca5_de_OlEdy2IYLZ5cBV8qlgsUHlCktd4= ro,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro mountid=5345 fsname=/home/qizou/.cache/ksycoca5_de_OlEdy2IYLZ5cBV8qlgsUHlCktd4= dir=/home/qizou/.cache/ksycoca5_de_OlEdy2IYLZ5cBV8qlgsUHlCktd4= fstype=ext4 Mounting read-only /home/qizou/.config/kdeglobals 5346 5278 253:1 /home/qizou/.config/kdeglobals /home/qizou/.config/kdeglobals ro,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro mountid=5346 fsname=/home/qizou/.config/kdeglobals dir=/home/qizou/.config/kdeglobals fstype=ext4 Mounting read-only /home/qizou/.kde/share/config/kdeglobals 5347 5278 253:1 /home/qizou/.kde/share/config/kdeglobals /home/qizou/.kde/share/config/kdeglobals ro,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro mountid=5347 fsname=/home/qizou/.kde/share/config/kdeglobals dir=/home/qizou/.kde/share/config/kdeglobals fstype=ext4 Mounting read-only /home/qizou/.local/share/konsole 5348 5278 253:1 /home/qizou/.local/share/konsole /home/qizou/.local/share/konsole ro,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro mountid=5348 fsname=/home/qizou/.local/share/konsole dir=/home/qizou/.local/share/konsole fstype=ext4 Disable /home/qizou/.local/share/gvfs-metadata Mounting read-only /home/qizou/.config/dconf 5350 5278 253:1 /home/qizou/.config/dconf /home/qizou/.config/dconf ro,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro mountid=5350 fsname=/home/qizou/.config/dconf dir=/home/qizou/.config/dconf fstype=ext4 Add path entry /usr/local/bin Add path entry /usr/bin ...skip path /bin Add path entry /usr/local/games Add path entry /usr/games Add path entry /home/qizou/.local/bin Number of path entries: 5 Disable /usr/bin/systemctl Disable /usr/bin/systemd-delta Disable /usr/bin/systemd-stdio-bridge Disable /usr/bin/systemd-mount (requested /usr/bin/systemd-umount) Disable /usr/bin/systemd-machine-id-setup Disable /usr/bin/systemd-dissect Disable /usr/bin/systemd-escape Disable /usr/bin/systemd-notify Disable /usr/bin/systemd-hwdb Disable /usr/bin/systemd-detect-virt Disable /usr/bin/systemd-mount Disable /usr/bin/systemd-tmpfiles Disable /usr/bin/systemd-cgtop Disable /usr/bin/systemd-creds Disable /usr/bin/systemd-inhibit Disable /usr/bin/systemd-cat Disable /usr/bin/systemd-sysext Disable /usr/bin/systemd-nspawn Disable /usr/bin/systemd-tty-ask-password-agent Disable /usr/bin/systemd-firstboot Disable /usr/bin/systemd-path Disable /usr/bin/systemd-cryptenroll Disable /usr/bin/systemd-sysusers Disable /usr/bin/systemd-analyze Disable /usr/bin/systemd-id128 Disable /usr/bin/systemd-repart Disable /usr/bin/systemd-cgls Disable /usr/bin/systemd-run Disable /usr/bin/systemd-socket-activate Disable /usr/bin/systemd-ask-password Disable /usr/lib/systemd/systemd (requested /usr/bin/systemd) Disable /run/user/1000/systemd Disable /etc/systemd/network Disable /etc/systemd/system Disable /run/credentials Disable /var/lib/systemd Disable /etc/init.d Disable /var/cache/libvirt Disable /var/lib/libvirt Disable /var/log/libvirt Disable /usr/bin/zuluCrypt-cli Disable /var/cache/apt Disable /var/lib/apt Disable /var/lib/dkms Disable /var/lib/upower Disable /var/mail Disable /var/opt Disable /run/docker.sock (requested /var/run/docker.sock) Disable /var/spool/anacron Disable /var/spool/cron Disable /var/mail (requested /var/spool/mail) Disable /etc/adduser.conf Disable /etc/anacrontab Disable /etc/apparmor Disable /etc/apparmor.d Disable /etc/crontab Disable /etc/cron.monthly Disable /etc/cron.daily Disable /etc/cron.weekly Disable /etc/cron.yearly Disable /etc/cron.d Disable /etc/cron.hourly Disable /etc/default Disable /etc/dkms Disable /etc/grub.d Disable /etc/kernel-img.conf Disable /etc/kernel Disable /etc/logrotate.d Disable /etc/logrotate.conf Disable /etc/modules-load.d Disable /etc/modules Disable /etc/rc6.d Disable /etc/rc2.d Disable /etc/rc5.d Disable /etc/rc1.d Disable /etc/rc4.d Disable /etc/rc0.d Disable /etc/rcS.d Disable /etc/rc3.d Disable /etc/logcheck Disable /etc/rkhunter.conf Disable /etc/rkhunter.conf.dpkg-dist Disable /var/lib/rkhunter Mounting read-only /home/qizou/.bash_aliases 5434 5278 253:1 /home/qizou/.bash_aliases /home/qizou/.bash_aliases ro,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro mountid=5434 fsname=/home/qizou/.bash_aliases dir=/home/qizou/.bash_aliases fstype=ext4 Mounting read-only /home/qizou/.bash_logout 5435 5278 253:1 /home/qizou/.bash_logout /home/qizou/.bash_logout ro,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro mountid=5435 fsname=/home/qizou/.bash_logout dir=/home/qizou/.bash_logout fstype=ext4 Mounting read-only /home/qizou/.bashrc 5436 5278 253:1 /home/qizou/.bashrc /home/qizou/.bashrc ro,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro mountid=5436 fsname=/home/qizou/.bashrc dir=/home/qizou/.bashrc fstype=ext4 Mounting read-only /home/qizou/.profile 5437 5278 253:1 /home/qizou/.profile /home/qizou/.profile ro,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro mountid=5437 fsname=/home/qizou/.profile dir=/home/qizou/.profile fstype=ext4 Mounting read-only /home/qizou/.gnupg/gpg.conf 5438 5278 253:1 /home/qizou/.gnupg/gpg.conf /home/qizou/.gnupg/gpg.conf ro,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro mountid=5438 fsname=/home/qizou/.gnupg/gpg.conf dir=/home/qizou/.gnupg/gpg.conf fstype=ext4 Mounting read-only /home/qizou/.mozilla/firefox/profiles.ini 5439 5278 253:1 /home/qizou/.mozilla/firefox/profiles.ini /home/qizou/.mozilla/firefox/profiles.ini ro,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro mountid=5439 fsname=/home/qizou/.mozilla/firefox/profiles.ini dir=/home/qizou/.mozilla/firefox/profiles.ini fstype=ext4 Mounting read-only /home/qizou/.reportbugrc 5440 5278 253:1 /home/qizou/.reportbugrc /home/qizou/.reportbugrc ro,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro mountid=5440 fsname=/home/qizou/.reportbugrc dir=/home/qizou/.reportbugrc fstype=ext4 Mounting read-only /home/qizou/.ssh/config 5441 5278 253:1 /home/qizou/.ssh/config /home/qizou/.ssh/config ro,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro mountid=5441 fsname=/home/qizou/.ssh/config dir=/home/qizou/.ssh/config fstype=ext4 Mounting read-only /home/qizou/.local/bin 5442 5278 253:1 /home/qizou/.local/bin /home/qizou/.local/bin ro,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro mountid=5442 fsname=/home/qizou/.local/bin dir=/home/qizou/.local/bin fstype=ext4 Mounting read-only /home/qizou/.config/menus 5443 5278 253:1 /home/qizou/.config/menus /home/qizou/.config/menus ro,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro mountid=5443 fsname=/home/qizou/.config/menus dir=/home/qizou/.config/menus fstype=ext4 Mounting read-only /home/qizou/.gnome/apps 5444 5278 253:1 /home/qizou/.gnome/apps /home/qizou/.gnome/apps ro,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro mountid=5444 fsname=/home/qizou/.gnome/apps dir=/home/qizou/.gnome/apps fstype=ext4 Mounting read-only /home/qizou/.local/share/applications 5445 5278 253:1 /home/qizou/.local/share/applications /home/qizou/.local/share/applications ro,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro mountid=5445 fsname=/home/qizou/.local/share/applications dir=/home/qizou/.local/share/applications fstype=ext4 Mounting read-only /home/qizou/.config/mimeapps.list 5446 5278 253:1 /home/qizou/.config/mimeapps.list /home/qizou/.config/mimeapps.list ro,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro mountid=5446 fsname=/home/qizou/.config/mimeapps.list dir=/home/qizou/.config/mimeapps.list fstype=ext4 Mounting read-only /home/qizou/.config/user-dirs.dirs 5447 5278 253:1 /home/qizou/.config/user-dirs.dirs /home/qizou/.config/user-dirs.dirs ro,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro mountid=5447 fsname=/home/qizou/.config/user-dirs.dirs dir=/home/qizou/.config/user-dirs.dirs fstype=ext4 Mounting read-only /home/qizou/.config/user-dirs.locale 5448 5278 253:1 /home/qizou/.config/user-dirs.locale /home/qizou/.config/user-dirs.locale ro,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro mountid=5448 fsname=/home/qizou/.config/user-dirs.locale dir=/home/qizou/.config/user-dirs.locale fstype=ext4 Mounting read-only /home/qizou/.local/share/mime 5449 5278 253:1 /home/qizou/.local/share/mime /home/qizou/.local/share/mime ro,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro mountid=5449 fsname=/home/qizou/.local/share/mime dir=/home/qizou/.local/share/mime fstype=ext4 Disable /etc/group- Disable /etc/gshadow Disable /etc/gshadow- Disable /etc/passwd- Disable /etc/shadow Disable /etc/shadow- Disable /etc/ssh Disable /etc/sudo_logsrvd.conf Disable /etc/sudo.conf Disable /etc/sudoers.d Disable /etc/sudoers Disable /home/qizou/.cert Disable /home/qizou/.gnupg Disable /home/qizou/.local/share/keyrings Disable /home/qizou/.local/share/kwalletd Disable /home/qizou/.local/share/pki Disable /home/qizou/.pki Disable /home/qizou/.ssh Disable /usr/sbin (requested /sbin) Disable /usr/local/sbin Disable /usr/sbin Disable /usr/bin/busybox Disable /usr/bin/chage Disable /usr/bin/chfn Disable /usr/bin/chsh Disable /usr/bin/crontab Disable /usr/bin/expiry Disable /usr/bin/fusermount3 Disable /usr/bin/fusermount3 (requested /usr/bin/fusermount) Disable /usr/bin/gpasswd Disable /usr/bin/hostname Disable /usr/bin/mount Disable /usr/bin/mountpoint Disable /usr/bin/nc.openbsd (requested /usr/bin/nc) Disable /usr/bin/nc.openbsd Disable /usr/bin/nc.traditional Disable /usr/bin/netstat Disable /usr/bin/networkctl Disable /usr/bin/newgrp Disable /usr/bin/nm-online Disable /usr/bin/nmap Disable /usr/bin/nmcli Disable /usr/bin/nmtui Disable /usr/bin/nmtui (requested /usr/bin/nmtui-connect) Disable /usr/bin/nmtui (requested /usr/bin/nmtui-edit) Disable /usr/bin/nmtui (requested /usr/bin/nmtui-hostname) Disable /usr/bin/ntfs-3g Disable /usr/bin/passwd Disable /usr/bin/pkexec Disable /usr/bin/plocate Disable /usr/bin/newgrp (requested /usr/bin/sg) Disable /usr/bin/ss Disable /usr/bin/strace Disable /usr/bin/su Disable /usr/bin/sudo Disable /usr/bin/traceroute.db (requested /usr/bin/traceroute) Disable /usr/bin/umount Disable /usr/bin/wall Disable /usr/bin/write Disable /usr/bin/xev Disable /usr/lib/dbus-1.0/dbus-daemon-launch-helper Disable /usr/lib/openssh Disable /usr/lib/polkit-1/polkit-agent-helper-1 (requested /usr/lib/policykit-1/polkit-agent-helper-1) Disable /usr/lib/xorg/Xorg.wrap Disable /usr/bin/dpkg-genbuilddeps Disable /usr/bin/dpkg-shlibdeps Disable /usr/bin/dpkg-statoverride Disable /usr/bin/dpkg-distaddfile Disable /usr/bin/dpkg-vendor Disable /usr/bin/dpkg-name Disable /usr/bin/dpkg-scanpackages Disable /usr/bin/dpkg-gencontrol Disable /usr/bin/dpkg-deb Disable /usr/bin/dpkg-split Disable /usr/bin/dpkg-mergechangelogs Disable /usr/bin/dpkg-buildflags Disable /usr/bin/dpkg Disable /usr/bin/dpkg-gensymbols Disable /usr/bin/dpkg-source Disable /usr/bin/dpkg-maintscript-helper Disable /usr/bin/dpkg-scansources Disable /usr/bin/dpkg-buildpackage Disable /usr/bin/dpkg-realpath Disable /usr/bin/dpkg-query Disable /usr/bin/dpkg-genchanges Disable /usr/bin/dpkg-genbuildinfo Disable /usr/bin/dpkg-depcheck Disable /usr/bin/dpkg-parsechangelog Disable /usr/bin/dpkg-checkbuilddeps Disable /usr/bin/dpkg-divert Disable /usr/bin/dpkg-trigger Disable /usr/bin/dpkg-architecture Disable /usr/bin/apt-sortpkgs Disable /usr/bin/apt-cdrom Disable /usr/bin/apt-key Disable /usr/bin/apt-ftparchive Disable /usr/bin/apt-venv Disable /usr/bin/apt Disable /usr/bin/apt-show-versions Disable /usr/bin/apt-mark Disable /usr/bin/apt-extracttemplates Disable /usr/bin/apt-listchanges Disable /usr/bin/apt-get Disable /usr/bin/apt-config Disable /usr/bin/apt-cache Disable /usr/bin/expect_passmass (requested /usr/bin/passmass) Disable /usr/bin/proxy Disable /usr/bin/aa-features-abi Disable /usr/bin/aa-easyprof Disable /usr/bin/aa-enabled Disable /usr/bin/aa-exec Disable /usr/bin/avahi-browse Disable /usr/bin/avahi-resolve (requested /usr/bin/avahi-resolve-host-name) Disable /usr/bin/avahi-resolve (requested /usr/bin/avahi-resolve-address) Disable /usr/bin/avahi-resolve Disable /usr/bin/avahi-publish (requested /usr/bin/avahi-publish-address) Disable /usr/bin/avahi-browse (requested /usr/bin/avahi-browse-domains) Disable /usr/bin/avahi-publish (requested /usr/bin/avahi-publish-service) Disable /usr/bin/avahi-publish Disable /usr/bin/avahi-set-host-name Disable /usr/bin/dbus-update-activation-environment Disable /usr/bin/dbus-run-session Disable /usr/bin/dbus-launch Disable /usr/bin/dbus-uuidgen Disable /usr/bin/dbus-send Disable /usr/bin/dbus-monitor Disable /usr/bin/dbus-cleanup-sockets Disable /usr/bin/dbus-daemon Disable /usr/bin/debconf-apt-progress Disable /usr/bin/debconf-copydb Disable /usr/bin/debconf-communicate Disable /usr/bin/debconf-set-selections Disable /usr/bin/debconf-escape Disable /usr/bin/debconf-show Disable /usr/bin/debconf-gettextize Disable /usr/bin/debconf-updatepo Disable /usr/bin/debconf Disable /usr/bin/grub-glue-efi Disable /usr/bin/grub-render-label Disable /usr/bin/grub-mklayout Disable /usr/bin/grub-script-check Disable /usr/bin/grub-mkimage Disable /usr/bin/grub-mkrelpath Disable /usr/bin/grub-menulst2cfg Disable /usr/bin/grub-mount Disable /usr/lib/grub/i386-pc/grub-ntldr-img (requested /usr/bin/grub-ntldr-img) Disable /usr/bin/grub-fstest Disable /usr/bin/grub-mkpasswd-pbkdf2 Disable /usr/bin/grub-mknetdir Disable /usr/bin/grub-syslinux2cfg Disable /usr/bin/grub-mkstandalone Disable /usr/bin/grub-kbdcomp Disable /usr/bin/grub-mkfont Disable /usr/bin/grub-editenv Disable /usr/bin/grub-mkrescue Disable /usr/bin/grub-file Disable /usr/bin/kernel-install Disable /usr/local/bin/firemon Disable /usr/bin/firemon Disable /usr/local/bin/firecfg Disable /usr/bin/firecfg Disable /usr/local/bin/jailcheck Disable /usr/bin/jailcheck Disable /usr/bin/gnome-terminal Disable /usr/bin/gnome-terminal.wrapper Disable /usr/bin/xfce4-terminal Disable /usr/bin/xfce4-terminal.wrapper Disable /home/qizou/.cache/flatpak Disable /home/qizou/.local/share/flatpak/.changed Disable /home/qizou/.local/share/flatpak/repo Disable /home/qizou/.local/share/flatpak/overrides Disable /home/qizou/.local/share/flatpak/db Disable /home/qizou/.var Disable /usr/bin/bwrap Disable /run/user/1000/.dbus-proxy Disable /run/user/1000/.flatpak Disable /run/user/1000/.flatpak-helper Disable /run/user/1000/app Warning (blacklisting): cannot stat /run/user/1000/doc: Permission denied Disable /usr/share/flatpak Disable /var/lib/flatpak/.changed Disable /var/lib/flatpak/repo Disable /var/lib/flatpak/appstream Not blacklist /var/lib/flatpak/exports Disable /var/lib/flatpak/runtime Disable /var/lib/flatpak/.removed Disable /var/lib/flatpak/app Disable /home/qizou/snap Disable /usr/bin/snap Disable /usr/lib/snapd/snapctl (requested /usr/bin/snapctl) Disable /run/user/1000/snapd-session-agent.socket Disable /snap Disable /usr/lib/snapd Disable /var/lib/snapd Disable /var/snap Disable /usr/bin/delv Disable /usr/bin/firejail (requested /usr/local/bin/dig) Disable /usr/bin/dig Disable /usr/bin/dnstap-read Disable /usr/bin/mdig Disable /usr/bin/firejail (requested /usr/local/bin/host) Disable /usr/bin/host Disable /usr/bin/firejail (requested /usr/local/bin/nslookup) Disable /usr/bin/nslookup Disable /usr/bin/nsupdate Disable /usr/bin/nstat Disable /usr/bin/firejail (requested /usr/local/bin/ssh) Disable /usr/libexec/ssh-askpass/x11-ssh-askpass (requested /usr/bin/ssh-askpass) Disable /usr/bin/ssh-add Disable /usr/bin/ssh-keygen Disable /usr/bin/ssh-argv0 Disable /usr/bin/ssh-keyscan Disable /usr/bin/sshfs Disable /usr/bin/ssh-agent Disable /usr/bin/ssh-copy-id Disable /usr/bin/ssh Disable /usr/bin/firejail (requested /usr/local/bin/telnet) Disable /usr/bin/inetutils-telnet (requested /usr/bin/telnet) Disable /run/user/1000/pipewire-0.lock Disable /run/user/1000/pk-debconf-socket Disable /home/qizou/.android Disable /home/qizou/.audacity-data Disable /home/qizou/.bogofilter Disable /home/qizou/.cache/0ad Disable /home/qizou/.cache/Clementine Disable /home/qizou/.cache/Flavio Tordini Disable /home/qizou/.cache/KDE/neochat Disable /home/qizou/.cache/atril Disable /home/qizou/.cache/babl Disable /home/qizou/.cache/calibre Disable /home/qizou/.cache/champlain Disable /home/qizou/.cache/darktable Disable /home/qizou/.cache/deja-dup Disable /home/qizou/.cache/epiphany Disable /home/qizou/.cache/evolution Disable /home/qizou/.cache/feedreader Disable /home/qizou/.cache/folks Disable /home/qizou/.cache/freecol Disable /home/qizou/.cache/gajim Disable /home/qizou/.cache/gegl-0.4 Disable /home/qizou/.cache/gimp Disable /home/qizou/.cache/kdenlive Disable /home/qizou/.cache/keepassxc Disable /home/qizou/.cache/liferea Disable /home/qizou/.cache/mozilla Disable /home/qizou/.cache/org.gnome.Maps Disable /home/qizou/.cache/pdfmod Disable /home/qizou/.cache/pip Disable /home/qizou/.cache/pipe-viewer Disable /home/qizou/.cache/quodlibet Disable /home/qizou/.cache/simple-scan Disable /home/qizou/.cache/systemsettings Disable /home/qizou/.cache/transmission Disable /home/qizou/.cache/virt-manager Disable /home/qizou/.cache/vlc Disable /home/qizou/.cache/winetricks Disable /home/qizou/.cache/xournalpp Disable /home/qizou/.cache/youtube-dl Disable /home/qizou/.cache/yt-dlp Disable /home/qizou/.config/0ad Disable /home/qizou/.config/Clementine Disable /home/qizou/.config/Code Disable /home/qizou/.config/Element Disable /home/qizou/.config/Flavio Tordini Disable /home/qizou/.config/FreeCAD Disable /home/qizou/.config/GIMP Disable /home/qizou/.config/Google Disable /home/qizou/.config/Mousepad Disable /home/qizou/.config/Nextcloud Disable /home/qizou/.config/Riot Disable /home/qizou/.config/Thunar Disable /home/qizou/.config/Unknown Organization Disable /home/qizou/.config/atril Disable /home/qizou/.config/brasero Disable /home/qizou/.config/calibre Disable /home/qizou/.config/catfish Disable /home/qizou/.config/cherrytree Disable /home/qizou/.config/darktable Disable /home/qizou/.config/digikamrc Disable /home/qizou/.config/emaildefaults Disable /home/qizou/.config/emailidentities Disable /home/qizou/.config/enchant Disable /home/qizou/.config/epiphany Disable /home/qizou/.config/evince Disable /home/qizou/.config/evolution Disable /home/qizou/.config/flameshot Disable /home/qizou/.config/freecol Disable /home/qizou/.config/gajim Disable /home/qizou/.config/gedit Disable /home/qizou/.config/ghb Disable /home/qizou/.config/ghostwriter Disable /home/qizou/.config/git Disable /home/qizou/.config/gnome-session Disable /home/qizou/.config/gnote Disable /home/qizou/.config/gpicview Disable /home/qizou/.config/gthumb Disable /home/qizou/.config/k3brc Disable /home/qizou/.config/katemetainfos Disable /home/qizou/.config/katerc Disable /home/qizou/.config/katevirc Disable /home/qizou/.config/kdenliverc Disable /home/qizou/.config/kdiff3rc Disable /home/qizou/.config/keepassxc Disable /home/qizou/.config/kid3rc Disable /home/qizou/.config/konversationrc Disable /home/qizou/.config/libreoffice Disable /home/qizou/.config/liferea Disable /home/qizou/.config/nautilus Disable /home/qizou/.config/neochatrc Disable /home/qizou/.config/obsidian Disable /home/qizou/.config/okularpartrc Disable /home/qizou/.config/okularrc Disable /home/qizou/.config/pavucontrol.ini Disable /home/qizou/.config/pdfmod Disable /home/qizou/.config/pipe-viewer Disable /home/qizou/.config/quodlibet Disable /home/qizou/.config/remmina Disable /home/qizou/.config/ristretto Disable /home/qizou/.config/sqlitebrowser Disable /home/qizou/.config/torbrowser Disable /home/qizou/.config/transmission Disable /home/qizou/.config/vlc Disable /home/qizou/.config/xarchiver Disable /home/qizou/.config/xfburn Disable /home/qizou/.config/xfce4-dict Disable /home/qizou/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml Disable /home/qizou/.config/xournalpp Disable /home/qizou/.config/yt-dlp Disable /home/qizou/.config/zoomus.conf Disable /home/qizou/.gitconfig Disable /home/qizou/.hugin Disable /home/qizou/.java Disable /home/qizou/.local/share/0ad Disable /home/qizou/.local/share/Flavio Tordini Disable /home/qizou/.local/share/KDE/neochat Disable /home/qizou/.local/share/Nextcloud Disable /home/qizou/.local/share/epiphany Disable /home/qizou/.local/share/evolution Disable /home/qizou/.local/share/feedreader Disable /home/qizou/.local/share/freecol Disable /home/qizou/.local/share/gajim Disable /home/qizou/.local/share/ghostwriter Disable /home/qizou/.local/share/gnote Disable /home/qizou/.local/share/kate Disable /home/qizou/.local/share/kdenlive Disable /home/qizou/.local/share/kxmlgui5/kigo Disable /home/qizou/.local/share/kxmlgui5/kmymoney Disable /home/qizou/.local/share/kxmlgui5/konversation Disable /home/qizou/.local/share/kxmlgui5/kdevelop Disable /home/qizou/.local/share/liferea Disable /home/qizou/.local/share/maps-places.json Disable /home/qizou/.local/share/nautilus Disable /home/qizou/.local/share/okular Disable /home/qizou/.local/share/remmina Disable /home/qizou/.local/share/torbrowser Disable /home/qizou/.local/share/vlc Disable /home/qizou/.lyx Disable /home/qizou/.mediathek3 Disable /home/qizou/.mozilla Disable /home/qizou/.mplayer Disable /home/qizou/.quodlibet Disable /home/qizou/.ssr Disable /home/qizou/.texlive2022 Disable /home/qizou/.viking Disable /home/qizou/.viking-maps Disable /home/qizou/.vscode Disable /home/qizou/.wget-hsts Disable /home/qizou/.zoom Disable /home/qizou/Nextcloud Mounting read-only /tmp/.X11-unix 5817 5329 253:1 /tmp/.X11-unix /tmp/.X11-unix ro,relatime master:1 - ext4 /dev/mapper/tianhe-root rw,errors=remount-ro mountid=5817 fsname=/tmp/.X11-unix dir=/tmp/.X11-unix fstype=ext4 Disable /sys/fs Disable /sys/module Base filesystem installed in 119.06 ms Mounting noexec /run/firejail/mnt/pulse 5820 5259 0:133 /pulse /run/firejail/mnt/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64 mountid=5820 fsname=/pulse dir=/run/firejail/mnt/pulse fstype=tmpfs Mounting /run/firejail/mnt/pulse on /home/qizou/.config/pulse 5821 5278 0:133 /pulse /home/qizou/.config/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64 mountid=5821 fsname=/pulse dir=/home/qizou/.config/pulse fstype=tmpfs Globbing /dev/dvb (type=tv skip_symlinks=0) No match /dev/dvb (type=tv) Globbing /dev/tcm[0-9]* (type=tpm skip_symlinks=0) No match /dev/tcm[0-9]* (type=tpm) Globbing /dev/tcmrm[0-9]* (type=tpm skip_symlinks=0) No match /dev/tcmrm[0-9]* (type=tpm) Globbing /dev/tpm[0-9]* (type=tpm skip_symlinks=0) No match /dev/tpm[0-9]* (type=tpm) Globbing /dev/tpmrm[0-9]* (type=tpm skip_symlinks=0) No match /dev/tpmrm[0-9]* (type=tpm) Globbing /dev/video[0-9]* (type=video skip_symlinks=0) No match /dev/video[0-9]* (type=video) Globbing /dev/input (type=input skip_symlinks=0) No match /dev/input (type=input) Globbing /dev/ntsync (type=ntsync skip_symlinks=0) No match /dev/ntsync (type=ntsync) Current directory: /home/qizou DISPLAY=:0.0 parsed as 0 Install protocol filter: unix,inet,inet6 configuring 23 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol Dropping all capabilities Drop privileges: pid 4, uid 1000, gid 1000, force_nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 04 00 c000003e jeq ARCH_64 0006 (false 0002) 0002: 20 00 00 00000000 ld data.syscall-number 0003: 15 01 00 00000167 jeq unknown 0005 (false 0004) 0004: 06 00 00 7fff0000 ret ALLOW 0005: 05 00 00 00000009 jmp 000f 0006: 20 00 00 00000004 ld data.architecture 0007: 15 01 00 c000003e jeq ARCH_64 0009 (false 0008) 0008: 06 00 00 7fff0000 ret ALLOW 0009: 20 00 00 00000000 ld data.syscall-number 000a: 35 01 00 40000000 jge X32_ABI 000c (false 000b) 000b: 35 01 00 00000000 jge read 000d (false 000c) 000c: 06 00 00 00050001 ret ERRNO(1) 000d: 15 01 00 00000029 jeq socket 000f (false 000e) 000e: 06 00 00 7fff0000 ret ALLOW 000f: 20 00 00 00000010 ld data.args[0] 0010: 15 00 01 00000001 jeq 1 0011 (false 0012) 0011: 06 00 00 7fff0000 ret ALLOW 0012: 15 00 01 00000002 jeq 2 0013 (false 0014) 0013: 06 00 00 7fff0000 ret ALLOW 0014: 15 00 01 0000000a jeq a 0015 (false 0016) 0015: 06 00 00 7fff0000 ret ALLOW 0016: 06 00 00 0005005f ret ERRNO(95) configuring 54 seccomp entries in /run/firejail/mnt/seccomp/seccomp.32 sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp.32 Dropping all capabilities Drop privileges: pid 5, uid 1000, gid 1000, force_nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 40000003 jeq ARCH_32 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 15 30 00 00000015 jeq 15 0035 (false 0005) 0005: 15 2f 00 00000034 jeq 34 0035 (false 0006) 0006: 15 2e 00 0000001a jeq 1a 0035 (false 0007) 0007: 15 2d 00 0000011b jeq 11b 0035 (false 0008) 0008: 15 2c 00 00000155 jeq 155 0035 (false 0009) 0009: 15 2b 00 00000156 jeq 156 0035 (false 000a) 000a: 15 2a 00 0000007f jeq 7f 0035 (false 000b) 000b: 15 29 00 00000080 jeq 80 0035 (false 000c) 000c: 15 28 00 0000015e jeq 15e 0035 (false 000d) 000d: 15 27 00 00000081 jeq 81 0035 (false 000e) 000e: 15 26 00 0000006e jeq 6e 0035 (false 000f) 000f: 15 25 00 00000065 jeq 65 0035 (false 0010) 0010: 15 24 00 00000121 jeq 121 0035 (false 0011) 0011: 15 23 00 00000057 jeq 57 0035 (false 0012) 0012: 15 22 00 00000073 jeq 73 0035 (false 0013) 0013: 15 21 00 00000067 jeq 67 0035 (false 0014) 0014: 15 20 00 0000015b jeq 15b 0035 (false 0015) 0015: 15 1f 00 0000015c jeq 15c 0035 (false 0016) 0016: 15 1e 00 00000087 jeq 87 0035 (false 0017) 0017: 15 1d 00 00000095 jeq 95 0035 (false 0018) 0018: 15 1c 00 0000007c jeq 7c 0035 (false 0019) 0019: 15 1b 00 00000157 jeq 157 0035 (false 001a) 001a: 15 1a 00 000000fd jeq fd 0035 (false 001b) 001b: 15 19 00 00000150 jeq 150 0035 (false 001c) 001c: 15 18 00 00000152 jeq 152 0035 (false 001d) 001d: 15 17 00 0000015d jeq 15d 0035 (false 001e) 001e: 15 16 00 0000011e jeq 11e 0035 (false 001f) 001f: 15 15 00 0000011f jeq 11f 0035 (false 0020) 0020: 15 14 00 00000120 jeq 120 0035 (false 0021) 0021: 15 13 00 00000056 jeq 56 0035 (false 0022) 0022: 15 12 00 00000033 jeq 33 0035 (false 0023) 0023: 15 11 00 0000007b jeq 7b 0035 (false 0024) 0024: 15 10 00 000000d9 jeq d9 0035 (false 0025) 0025: 15 0f 00 000000f5 jeq f5 0035 (false 0026) 0026: 15 0e 00 000000f6 jeq f6 0035 (false 0027) 0027: 15 0d 00 000000f7 jeq f7 0035 (false 0028) 0028: 15 0c 00 000000f8 jeq f8 0035 (false 0029) 0029: 15 0b 00 000000f9 jeq f9 0035 (false 002a) 002a: 15 0a 00 00000101 jeq 101 0035 (false 002b) 002b: 15 09 00 00000112 jeq 112 0035 (false 002c) 002c: 15 08 00 00000114 jeq 114 0035 (false 002d) 002d: 15 07 00 00000126 jeq 126 0035 (false 002e) 002e: 15 06 00 0000013d jeq 13d 0035 (false 002f) 002f: 15 05 00 0000013c jeq 13c 0035 (false 0030) 0030: 15 04 00 0000003d jeq 3d 0035 (false 0031) 0031: 15 03 00 00000058 jeq 58 0035 (false 0032) 0032: 15 02 00 000000a9 jeq a9 0035 (false 0033) 0033: 15 01 00 00000082 jeq 82 0035 (false 0034) 0034: 06 00 00 7fff0000 ret ALLOW 0035: 06 00 00 00050001 ret ERRNO(1) Dual 32/64 bit seccomp filter configured configuring 80 seccomp entries in /run/firejail/mnt/seccomp/seccomp sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp Dropping all capabilities Drop privileges: pid 6, uid 1000, gid 1000, force_nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005) 0005: 35 01 00 00000000 jge read 0007 (false 0006) 0006: 06 00 00 00050001 ret ERRNO(1) 0007: 15 47 00 0000009f jeq adjtimex 004f (false 0008) 0008: 15 46 00 00000131 jeq clock_adjtime 004f (false 0009) 0009: 15 45 00 000000e3 jeq clock_settime 004f (false 000a) 000a: 15 44 00 000000a4 jeq settimeofday 004f (false 000b) 000b: 15 43 00 0000009a jeq modify_ldt 004f (false 000c) 000c: 15 42 00 000000d4 jeq lookup_dcookie 004f (false 000d) 000d: 15 41 00 0000012a jeq perf_event_open 004f (false 000e) 000e: 15 40 00 000001b6 jeq pidfd_getfd 004f (false 000f) 000f: 15 3f 00 00000137 jeq process_vm_writev 004f (false 0010) 0010: 15 3e 00 000000b0 jeq delete_module 004f (false 0011) 0011: 15 3d 00 00000139 jeq finit_module 004f (false 0012) 0012: 15 3c 00 000000af jeq init_module 004f (false 0013) 0013: 15 3b 00 000000a1 jeq chroot 004f (false 0014) 0014: 15 3a 00 000001af jeq fsconfig 004f (false 0015) 0015: 15 39 00 000001b0 jeq fsmount 004f (false 0016) 0016: 15 38 00 000001ae jeq fsopen 004f (false 0017) 0017: 15 37 00 000001b1 jeq fspick 004f (false 0018) 0018: 15 36 00 000000a5 jeq mount 004f (false 0019) 0019: 15 35 00 000001ad jeq move_mount 004f (false 001a) 001a: 15 34 00 000001ac jeq open_tree 004f (false 001b) 001b: 15 33 00 0000009b jeq pivot_root 004f (false 001c) 001c: 15 32 00 000000a6 jeq umount2 004f (false 001d) 001d: 15 31 00 0000009c jeq _sysctl 004f (false 001e) 001e: 15 30 00 000000b7 jeq afs_syscall 004f (false 001f) 001f: 15 2f 00 000000ae jeq create_module 004f (false 0020) 0020: 15 2e 00 000000b1 jeq get_kernel_syms 004f (false 0021) 0021: 15 2d 00 000000b5 jeq getpmsg 004f (false 0022) 0022: 15 2c 00 000000b6 jeq putpmsg 004f (false 0023) 0023: 15 2b 00 000000b2 jeq query_module 004f (false 0024) 0024: 15 2a 00 000000b9 jeq security 004f (false 0025) 0025: 15 29 00 0000008b jeq sysfs 004f (false 0026) 0026: 15 28 00 000000b8 jeq tuxcall 004f (false 0027) 0027: 15 27 00 00000086 jeq uselib 004f (false 0028) 0028: 15 26 00 00000088 jeq ustat 004f (false 0029) 0029: 15 25 00 000000ec jeq vserver 004f (false 002a) 002a: 15 24 00 000000ad jeq ioperm 004f (false 002b) 002b: 15 23 00 000000ac jeq iopl 004f (false 002c) 002c: 15 22 00 000000f6 jeq kexec_load 004f (false 002d) 002d: 15 21 00 00000140 jeq kexec_file_load 004f (false 002e) 002e: 15 20 00 000000a9 jeq reboot 004f (false 002f) 002f: 15 1f 00 000000a7 jeq swapon 004f (false 0030) 0030: 15 1e 00 000000a8 jeq swapoff 004f (false 0031) 0031: 15 1d 00 00000130 jeq open_by_handle_at 004f (false 0032) 0032: 15 1c 00 0000012f jeq name_to_handle_at 004f (false 0033) 0033: 15 1b 00 000000fb jeq ioprio_set 004f (false 0034) 0034: 15 1a 00 00000067 jeq syslog 004f (false 0035) 0035: 15 19 00 0000012c jeq fanotify_init 004f (false 0036) 0036: 15 18 00 000000f8 jeq add_key 004f (false 0037) 0037: 15 17 00 000000f9 jeq request_key 004f (false 0038) 0038: 15 16 00 000000ed jeq mbind 004f (false 0039) 0039: 15 15 00 00000100 jeq migrate_pages 004f (false 003a) 003a: 15 14 00 00000117 jeq move_pages 004f (false 003b) 003b: 15 13 00 000000fa jeq keyctl 004f (false 003c) 003c: 15 12 00 000000ce jeq io_setup 004f (false 003d) 003d: 15 11 00 000000cf jeq io_destroy 004f (false 003e) 003e: 15 10 00 000000d0 jeq io_getevents 004f (false 003f) 003f: 15 0f 00 000000d1 jeq io_submit 004f (false 0040) 0040: 15 0e 00 000000d2 jeq io_cancel 004f (false 0041) 0041: 15 0d 00 000000d8 jeq remap_file_pages 004f (false 0042) 0042: 15 0c 00 000000ee jeq set_mempolicy 004f (false 0043) 0043: 15 0b 00 00000116 jeq vmsplice 004f (false 0044) 0044: 15 0a 00 00000143 jeq userfaultfd 004f (false 0045) 0045: 15 09 00 000000a3 jeq acct 004f (false 0046) 0046: 15 08 00 00000141 jeq bpf 004f (false 0047) 0047: 15 07 00 000000b4 jeq nfsservctl 004f (false 0048) 0048: 15 06 00 000000ab jeq setdomainname 004f (false 0049) 0049: 15 05 00 000000aa jeq sethostname 004f (false 004a) 004a: 15 04 00 00000099 jeq vhangup 004f (false 004b) 004b: 15 03 00 00000065 jeq ptrace 004f (false 004c) 004c: 15 02 00 00000087 jeq personality 004f (false 004d) 004d: 15 01 00 00000136 jeq process_vm_readv 004f (false 004e) 004e: 06 00 00 7fff0000 ret ALLOW 004f: 06 00 01 00050001 ret ERRNO(1) seccomp filter configured Install namespaces filter configuring 26 seccomp entries in /run/firejail/mnt/seccomp/seccomp.namespaces sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp.namespaces Dropping all capabilities Drop privileges: pid 7, uid 1000, gid 1000, force_nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005) 0005: 35 01 00 00000000 jge read 0007 (false 0006) 0006: 06 00 00 00050001 ret ERRNO(1) 0007: 15 00 04 00000038 jeq clone 0008 (false 000c) 0008: 20 00 00 00000010 ld data.args[0] 0009: 45 00 01 7e020000 jset 7e020000 000a (false 000b) 000a: 06 00 00 00050001 ret ERRNO(1) 000b: 06 00 00 7fff0000 ret ALLOW 000c: 15 00 01 000001b3 jeq 1b3 000d (false 000e) 000d: 06 00 00 00050026 ret ERRNO(38) 000e: 15 00 04 00000110 jeq 110 000f (false 0013) 000f: 20 00 00 00000010 ld data.args[0] 0010: 45 00 01 7e020080 jset 7e020080 0011 (false 0012) 0011: 06 00 00 00050001 ret ERRNO(1) 0012: 06 00 00 7fff0000 ret ALLOW 0013: 15 00 04 00000134 jeq 134 0014 (false 0018) 0014: 20 00 00 00000018 ld data.args[8] 0015: 15 01 00 00000000 jeq 0 0017 (false 0016) 0016: 45 00 01 7e020080 jset 7e020080 0017 (false 0018) 0017: 06 00 00 00050001 ret ERRNO(1) 0018: 06 00 00 7fff0000 ret ALLOW 0019: 06 00 00 7fff0000 ret ALLOW configuring 26 seccomp entries in /run/firejail/mnt/seccomp/seccomp.namespaces.32 sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp.namespaces.32 Dropping all capabilities Drop privileges: pid 8, uid 1000, gid 1000, force_nogroups 1 No supplementary groups line OP JT JF K ================================= 0000: 20 00 00 00000004 ld data.architecture 0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002) 0002: 06 00 00 7fff0000 ret ALLOW 0003: 20 00 00 00000000 ld data.syscall-number 0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005) 0005: 35 01 00 00000000 jge read 0007 (false 0006) 0006: 06 00 00 00050001 ret ERRNO(1) 0007: 15 00 04 00000038 jeq clone 0008 (false 000c) 0008: 20 00 00 00000010 ld data.args[0] 0009: 45 00 01 7e020000 jset 7e020000 000a (false 000b) 000a: 06 00 00 00050001 ret ERRNO(1) 000b: 06 00 00 7fff0000 ret ALLOW 000c: 15 00 01 000001b3 jeq 1b3 000d (false 000e) 000d: 06 00 00 00050026 ret ERRNO(38) 000e: 15 00 04 00000110 jeq 110 000f (false 0013) 000f: 20 00 00 00000010 ld data.args[0] 0010: 45 00 01 7e020080 jset 7e020080 0011 (false 0012) 0011: 06 00 00 00050001 ret ERRNO(1) 0012: 06 00 00 7fff0000 ret ALLOW 0013: 15 00 04 00000134 jeq 134 0014 (false 0018) 0014: 20 00 00 00000018 ld data.args[8] 0015: 15 01 00 00000000 jeq 0 0017 (false 0016) 0016: 45 00 01 7e020080 jset 7e020080 0017 (false 0018) 0017: 06 00 00 00050001 ret ERRNO(1) 0018: 06 00 00 7fff0000 ret ALLOW 0019: 06 00 00 7fff0000 ret ALLOW Mounting read-only /run/firejail/mnt/seccomp 5823 5259 0:133 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755,inode64 mountid=5823 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs Seccomp directory: ls /run/firejail/mnt/seccomp drwxr-xr-x root root 200 . drwxr-xr-x root root 320 .. -rw-r--r-- qizou qizou 640 seccomp -rw-r--r-- qizou qizou 432 seccomp.32 -rw-r--r-- qizou qizou 207 seccomp.list -rw-r--r-- qizou qizou 208 seccomp.namespaces -rw-r--r-- qizou qizou 208 seccomp.namespaces.32 -rw-r--r-- qizou qizou 0 seccomp.postexec -rw-r--r-- qizou qizou 0 seccomp.postexec32 -rw-r--r-- qizou qizou 184 seccomp.protocol Active seccomp files: cat /run/firejail/mnt/seccomp/seccomp.list /run/firejail/mnt/seccomp/seccomp.protocol /run/firejail/mnt/seccomp/seccomp.32 /run/firejail/mnt/seccomp/seccomp /run/firejail/mnt/seccomp/seccomp.namespaces /run/firejail/mnt/seccomp/seccomp.namespaces.32 Dropping all capabilities pid=1246036: unlocking /run/firejail/firejail-network.lock ... pid=1246036: already unlocked /run/firejail/firejail-network.lock noroot user namespace installed Dropping all capabilities NO_NEW_PRIVS set Drop privileges: pid 1, uid 1000, gid 1000, force_nogroups 0 Supplementary groups: 29 24 46 Closing non-standard file descriptors Starting application LD_PRELOAD=(null) Not enforcing Landlock (see landlock.enforce) execvp argument 0: /usr/local/bin/firejail Child process initialized in 200.66 ms Installing /run/firejail/mnt/seccomp/seccomp.namespaces.32 seccomp filter Installing /run/firejail/mnt/seccomp/seccomp.namespaces seccomp filter Installing /run/firejail/mnt/seccomp/seccomp seccomp filter Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter Warning: an existing sandbox was detected. /bin/bash will run without any additional sandboxing features Error: --shell=none configured, but no program specified monitoring pid 9 Sandbox monitor: waitpid 9 retval 9 status 256 Parent is shutting down, bye... ``` </p> </details> - Edit 1-2,4 fix characters - Edit 3: updated @ newest version and profiles + add more info
gitea-mirror added the
needinfo
 label 2026-05-05 09:57:20 -06:00
gitea-mirror commented 2026-05-05 09:57:22 -06:00
Author
Owner
Copy link

@kmk3 commented on GitHub (Jul 10, 2025):

firejail version 0.9.72

Note that we do not maintain that version of firejail:

Versions other than the latest usually have outdated profiles and may contain
bugs and security vulnerabilities that were fixed in later versions.

See also:

Child process initialized in 279.66 ms
qt.qpa.xcb: could not connect to display :0.0
qt.qpa.plugin: Could not load the Qt platform plugin "xcb" in "" even though it was found.
This application failed to start because no Qt platform plugin could be initialized. Reinstalling the application may fix this problem.

Available platform plugins are: eglfs, linuxfb, minimal, minimalegl, offscreen, vnc, wayland-egl, wayland, wayland-xcomposite-egl, wayland-xcomposite-glx, xcb.

Potentially a duplicate of:

What happens with firejail-git?

<!-- gh-comment-id:3059201125 --> @kmk3 commented on GitHub (Jul 10, 2025): > firejail version 0.9.72 Note that we do not maintain that version of firejail: * <https://github.com/netblue30/firejail/blob/master/SECURITY.md> Versions other than the latest usually have outdated profiles and may contain bugs and security vulnerabilities that were fixed in later versions. See also: * <https://github.com/netblue30/firejail#installing> > ``` > Child process initialized in 279.66 ms > qt.qpa.xcb: could not connect to display :0.0 > qt.qpa.plugin: Could not load the Qt platform plugin "xcb" in "" even though it was found. > This application failed to start because no Qt platform plugin could be initialized. Reinstalling the application may fix this problem. > > Available platform plugins are: eglfs, linuxfb, minimal, minimalegl, offscreen, vnc, wayland-egl, wayland, wayland-xcomposite-egl, wayland-xcomposite-glx, xcb. > ``` Potentially a duplicate of: * #6773 What happens with [firejail-git](https://github.com/netblue30/firejail?tab=readme-ov-file#building)?
gitea-mirror commented 2026-05-05 09:57:23 -06:00
Author
Owner
Copy link

@madbehaviorus commented on GitHub (Jul 10, 2025):

Thank you for this information.

I updated to the actually firejail version (0.9.75) and the profiles.
I add whitelist /usr/share/xkeyboard-config-2 also and the output changes to this:

Reading profile /etc/firejail/neochat.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-shell.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-1793-workaround.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-runuser-common.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 1245521, child pid 1245524
Warning: not remounting /var/lib/docker/overlay2/45740ab6dc89cbb4358639eece14dca40e05af1fa5e79e70e1755f68060dccde/merged
Warning: not remounting /var/lib/docker/overlay2/45740ab6dc89cbb4358639eece14dca40e05af1fa5e79e70e1755f68060dccde/merged
1 program installed in 10.72 ms
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Warning: skipping crypto-policies for private /etc
Warning: skipping kde4rc for private /etc
Warning: skipping kde5rc for private /etc
Warning: skipping locale for private /etc
Warning: skipping locale.conf for private /etc
Warning: skipping pango for private /etc
Warning: skipping pki for private /etc
Warning: skipping Trolltech.conf for private /etc
Private /etc installed in 86.56 ms
Private /usr/etc installed in 0.01 ms
Child process initialized in 286.54 ms

(neochat:31): dbind-WARNING **: 00:31:21.484: Couldn't connect to accessibility bus: Failed to connect to socket /run/user/1000/at-spi/bus_0: Datei oder Verzeichnis nicht gefunden
QSystemTrayIcon::setVisible: No Icon set
Reading access token from the keychain for "@$user:matrix.org"
qrc:/main.qml:168: TypeError: Cannot read property 'contentItem' of null
qrc:/main.qml:168: TypeError: Cannot read property 'contentItem' of null
<!-- gh-comment-id:3059363152 --> @madbehaviorus commented on GitHub (Jul 10, 2025): Thank you for this information. I updated to the actually firejail version (0.9.75) and the profiles. I add `whitelist /usr/share/xkeyboard-config-2` also and the output changes to this: ``` Reading profile /etc/firejail/neochat.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-shell.inc Reading profile /etc/firejail/disable-xdg.inc Reading profile /etc/firejail/whitelist-1793-workaround.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-runuser-common.inc Reading profile /etc/firejail/whitelist-usr-share-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Parent pid 1245521, child pid 1245524 Warning: not remounting /var/lib/docker/overlay2/45740ab6dc89cbb4358639eece14dca40e05af1fa5e79e70e1755f68060dccde/merged Warning: not remounting /var/lib/docker/overlay2/45740ab6dc89cbb4358639eece14dca40e05af1fa5e79e70e1755f68060dccde/merged 1 program installed in 10.72 ms Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Warning: skipping crypto-policies for private /etc Warning: skipping kde4rc for private /etc Warning: skipping kde5rc for private /etc Warning: skipping locale for private /etc Warning: skipping locale.conf for private /etc Warning: skipping pango for private /etc Warning: skipping pki for private /etc Warning: skipping Trolltech.conf for private /etc Private /etc installed in 86.56 ms Private /usr/etc installed in 0.01 ms Child process initialized in 286.54 ms (neochat:31): dbind-WARNING **: 00:31:21.484: Couldn't connect to accessibility bus: Failed to connect to socket /run/user/1000/at-spi/bus_0: Datei oder Verzeichnis nicht gefunden QSystemTrayIcon::setVisible: No Icon set Reading access token from the keychain for "@$user:matrix.org" qrc:/main.qml:168: TypeError: Cannot read property 'contentItem' of null qrc:/main.qml:168: TypeError: Cannot read property 'contentItem' of null ```
gitea-mirror commented 2026-05-05 09:57:24 -06:00
Author
Owner
Copy link

@kmk3 commented on GitHub (Jul 11, 2025):

Thank you for this information.

No problem.

I updated to the actually firejail version (0.9.75) and the profiles. I add
whitelist /usr/share/xkeyboard-config-2 also and the output changes to
this:

It seems similar to the output of when it's working.

You can try commenting the profile until it works and post the lines that are
causing issues.

<!-- gh-comment-id:3060560423 --> @kmk3 commented on GitHub (Jul 11, 2025): > Thank you for this information. No problem. > I updated to the actually firejail version (0.9.75) and the profiles. I add > `whitelist /usr/share/xkeyboard-config-2` also and the output changes to > this: It seems similar to the output of when it's working. You can try commenting the profile until it works and post the lines that are causing issues.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#3379
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?