Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enhancement hardened internet sandbox needed #4339

Closed
osevan opened this issue Jun 5, 2021 · 8 comments
Closed

Enhancement hardened internet sandbox needed #4339

osevan opened this issue Jun 5, 2021 · 8 comments
Labels
enhancement New feature request

Comments

@osevan
Copy link

osevan commented Jun 5, 2021
edited
Loading

i want start on my host machine squid proxy inside firejail with hardened config.

what i want next is, allowing internet access only from "firejail squid ip address containerjail" ;everything outside of firejail squid jail container should not have internet access - for both ingress and egress.

i know its possible with iptables on hostside.. but how to tell iptables to allow only from firejail container internet and NOTHING ELSE.

i want connect with my browser to internet over squid proxy or other proxy and want start like this one:

firejail --proxy="idofsquidjail/or ip" --x11=xpra firefox

after than every application what i want should run with this command above --proxy.... should have internet access , but all other apps should not have access.

benefits:

everything on hostside cannot access to internet

kernel modules havent any internet access -big attack surface solved

whole /usr/bin havent any internet access - big attack surface solved

every binary not started with firejail --proxy command or proxychains functions in combination with firejail, cannot have access to internet ,because binary dont know how to route traffic out ....

only the admin know the way out and starting firejail smart and tidy :-)

Thanks and

Best Regards
@topimiettinen topimiettinen added the enhancement New feature request label Jun 6, 2021
@topimiettinen
Copy link
Collaborator

I've implemented something similar with a combination of SELinux policies, NFTables firewall rules and NetLabel configuration. The unprivileged user user_u:user_r:user_t:s0 isn't allowed to use network, but for example user_u:user_r:mozilla_t:s0 can connect to TCP ports 80 and 443 and user_u:user_r:ssh_t:s0 can connect to TCP port 22. This may not be airtight considering various methods how processes could influence others but it's something.

I don't know how to implement this with Firejail, but it would surely be great addition. If the user's shell would be firejailed and no way to escape firejailing, maybe everything could be run with 'network=none`, except for the explicitly allowed applications? In your proxy setup, the address of the proxy or crypto key to access it could be disclosed in a file, which would not be accessible by unprivileged applications and only the explicitly allowed applications could be allowed access via Firejail config?

@osevan
Copy link
Author

osevan commented Jun 6, 2021
edited
Loading

Im experimenting with additional user creation and grepping id.

I plant userid here:
ID 1001 for user with internet access.
iptables -A OUTPUT -m owner --uid-owner 1001 -j ALLOW
0 for root and other IDs what I want block :
iptables -A OUTPUT -m owner --uid-owner 0 -j REJECT

iptables -A OUTPUT -m owner --uid-owner 1000 -j REJECT

But my problem is, I cannot start firejail with different user and Firefox.

Sudo su -m internetaccessuser -c "firejail --debug Firefox" wont start - even when internetaccessuser are in sudoers group. ...

Maybe netblue can help

@rusty-snake
Copy link
Collaborator

But my problem is, I cannot start firejail with different user and Firefox.
Sudo su -m internetaccessuser -c "firejail --debug Firefox" wing.start - even when internetaccessuser are in sudoers group. ...

Do you get any error? Does firefox start w/o firejail? Do you can start firejail curl or so? If you have a /etc/firejail/firejail.users is internetaccessuser in it? Do you use X11 or Wayland?

@osevan
Copy link
Author

osevan commented Jun 6, 2021
edited
Loading

But my problem is, I cannot start firejail with different user and Firefox.
Sudo su -m internetaccessuser -c "firejail --debug Firefox" wing.start - even when internetaccessuser are in sudoers group. ...

Do you get any error? Does firefox start w/o firejail? Do you can start firejail curl or so? If you have a /etc/firejail/firejail.users is internetaccessuser in it? Do you use X11 or Wayland?

Woow, Thanks for reply.

I can start Firefox with firejail with my default user and root.
I did not know about firejail.users file.

I will test this tomorrow.

Im using x11 and Firefox will be x11 sandboxed with xpra latest from xpra owns repository.

@osevan osevan closed this as completed Jun 6, 2021
@osevan osevan reopened this Jun 6, 2021
@osevan
Copy link
Author

osevan commented Jun 7, 2021
edited by rusty-snake
Loading

firejail curl inside user shell works fine

$ whoami
internet

$ firejail --version
firejail version 0.9.65

Compile time support:
	- Always force nonewprivs support is disabled
	- AppArmor support is enabled
	- AppImage support is enabled
	- chroot support is enabled
	- D-BUS proxy support is enabled
	- file and directory whitelisting support is enabled
	- file transfer support is enabled
	- firetunnel support is enabled
	- networking support is enabled
	- output logging is enabled
	- overlayfs support is disabled
	- private-home support is enabled
	- private-cache and tmpfs as user enabled
	- SELinux support is disabled
	- user namespace support is enabled
	- X11 sandboxing support is enabled

$ firejail curl gogole.com
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="https://www.google.com/">here</A>.
</BODY></HTML>

EDIT by @rusty-snake: code-block

@osevan
Copy link
Author

osevan commented Jun 7, 2021
edited by rusty-snake
Loading

here when i try to start

firejail --debug firefox 
$ firejail --debug firefox 2>&1 | tee output.log
Reading profile /usr/local/etc/firejail/firefox.profile
Autoselecting /bin/sh as shell
Building quoted command line: 'firefox' 
Command name #firefox#
Found firefox.profile profile in /usr/local/etc/firejail directory
Reading profile /usr/local/etc/firejail/whitelist-usr-share-common.inc
Found whitelist-usr-share-common.inc profile in /usr/local/etc/firejail directory
Reading profile /usr/local/etc/firejail/firefox-common.profile
Found firefox-common.profile profile in /usr/local/etc/firejail directory
Reading profile /usr/local/etc/firejail/disable-common.inc
Found disable-common.inc profile in /usr/local/etc/firejail directory
Reading profile /usr/local/etc/firejail/disable-devel.inc
Found disable-devel.inc profile in /usr/local/etc/firejail directory
Reading profile /usr/local/etc/firejail/disable-exec.inc
Found disable-exec.inc profile in /usr/local/etc/firejail directory
Reading profile /usr/local/etc/firejail/disable-interpreters.inc
Found disable-interpreters.inc profile in /usr/local/etc/firejail directory
Reading profile /usr/local/etc/firejail/disable-programs.inc
Found disable-programs.inc profile in /usr/local/etc/firejail directory
Reading profile /usr/local/etc/firejail/whitelist-common.inc
Found whitelist-common.inc profile in /usr/local/etc/firejail directory
Reading profile /usr/local/etc/firejail/whitelist-runuser-common.inc
Found whitelist-runuser-common.inc profile in /usr/local/etc/firejail directory
Reading profile /usr/local/etc/firejail/whitelist-var-common.inc
Found whitelist-var-common.inc profile in /usr/local/etc/firejail directory
[profile] combined protocol list: "unix,inet,inet6,netlink"
[profile] combined protocol list: "unix,inet,inet6,netlink"
DISPLAY=:0.0 parsed as 0
Warning: /usr/bin/xdg-dbus-proxy was not found, downgrading dbus-user policy to allow.
To enable DBus filtering, install the xdg-dbus-proxy program.
Ignoring "dbus-user.own org.mozilla.Firefox.*" and 2 other dbus-user filter rules.
Parent pid 18484, child pid 18486
conditional BROWSER_DISABLE_U2F, nou2f
conditional BROWSER_DISABLE_U2F, private-dev
Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
Seccomp list in: @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice, check list: @default-keep, prelist: adjtimex,clock_adjtime,clock_settime,settimeofday,modify_ldt,lookup_dcookie,perf_event_open,process_vm_writev,delete_module,finit_module,init_module,_sysctl,afs_syscall,create_module,get_kernel_syms,getpmsg,putpmsg,query_module,security,sysfs,tuxcall,uselib,ustat,vserver,ioperm,iopl,kexec_load,kexec_file_load,reboot,ioprio_set,mbind,migrate_pages,move_pages,sched_setaffinity,sched_setattr,sched_setparam,sched_setscheduler,set_mempolicy,swapon,swapoff,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount2,userfaultfd,vhangup,vmsplice,
Using the local network stack
conditional BROWSER_DISABLE_U2F, nou2f
conditional BROWSER_DISABLE_U2F, private-dev
Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
Seccomp list in: @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice, check list: @default-keep, prelist: adjtimex,clock_adjtime,clock_settime,settimeofday,modify_ldt,lookup_dcookie,perf_event_open,process_vm_writev,delete_module,finit_module,init_module,_sysctl,afs_syscall,create_module,get_kernel_syms,getpmsg,putpmsg,query_module,security,sysfs,tuxcall,uselib,ustat,vserver,ioperm,iopl,kexec_load,kexec_file_load,reboot,ioprio_set,mbind,migrate_pages,move_pages,sched_setaffinity,sched_setattr,sched_setparam,sched_setscheduler,set_mempolicy,swapon,swapoff,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount2,userfaultfd,vhangup,vmsplice,
Using the local network stack
Initializing child process
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp directory
Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file
Build protocol filter: unix,inet,inet6,netlink
sbox run: /run/firejail/lib/fseccomp protocol build unix,inet,inet6,netlink /run/firejail/mnt/seccomp/seccomp.protocol 
Mounting /proc filesystem representing the PID namespace
Basic read-only filesystem:
Mounting read-only /etc
76 52 253:0 /etc /etc ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=76 fsname=/etc dir=/etc fstype=ext4
Mounting noexec /etc
77 76 253:0 /etc /etc ro,nosuid,nodev,noexec,noatime - ext4 /dev/mapper/rootfs rw
mountid=77 fsname=/etc dir=/etc fstype=ext4
Mounting read-only /var
80 78 0:31 / /var/spool rw,noatime - tmpfs none rw,inode64
mountid=80 fsname=/ dir=/var/spool fstype=tmpfs
Mounting read-only /var/tmp
81 79 0:30 / /var/tmp ro,noatime - tmpfs none rw,inode64
mountid=81 fsname=/ dir=/var/tmp fstype=tmpfs
Mounting read-only /var/spool
82 80 0:31 / /var/spool ro,noatime - tmpfs none rw,inode64
mountid=82 fsname=/ dir=/var/spool fstype=tmpfs
Mounting noexec /var
87 86 0:31 / /var/spool ro,noatime - tmpfs none rw,inode64
mountid=87 fsname=/ dir=/var/spool fstype=tmpfs
Mounting noexec /var/tmp
88 85 0:30 / /var/tmp ro,nosuid,nodev,noexec,noatime - tmpfs none rw,inode64
mountid=88 fsname=/ dir=/var/tmp fstype=tmpfs
Mounting noexec /var/spool
89 87 0:31 / /var/spool ro,nosuid,nodev,noexec,noatime - tmpfs none rw,inode64
mountid=89 fsname=/ dir=/var/spool fstype=tmpfs
Mounting read-only /usr
90 52 253:0 /usr /usr ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=90 fsname=/usr dir=/usr fstype=ext4
Mounting read-only /bin
91 52 253:0 /bin /bin ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=91 fsname=/bin dir=/bin fstype=ext4
Mounting read-only /sbin
92 52 253:0 /sbin /sbin ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=92 fsname=/sbin dir=/sbin fstype=ext4
Mounting read-only /lib
93 52 253:0 /lib /lib ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=93 fsname=/lib dir=/lib fstype=ext4
Mounting read-only /lib64
94 52 253:0 /lib64 /lib64 ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=94 fsname=/lib64 dir=/lib64 fstype=ext4
Mounting read-only /lib32
95 52 253:0 /lib32 /lib32 ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=95 fsname=/lib32 dir=/lib32 fstype=ext4
Mounting read-only /libx32
96 52 253:0 /libx32 /libx32 ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=96 fsname=/libx32 dir=/libx32 fstype=ext4
Mounting tmpfs on /var/lock
Mounting tmpfs oWarning: file firefox-wayland not found
Warning: file getenforce not found
Warning: file restorecon not found
n /var/tmp
Mounting tmpfs on /var/log
Mounting tmpfs on /var/lib/dhcp
Mounting tmpfs on /var/lib/snmp
Mounting tmpfs on /var/lib/sudo
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Cleaning /run/user directory
Cannot open /run/user/1001 directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/profile
Disable /run/firejail/x11
Mounting tmpfs on /dev
mounting /run/firejail/mnt/dev/snd directory
mounting /run/firejail/mnt/dev/dri directory
mounting /run/firejail/mnt/dev/video0 file
mounting /run/firejail/mnt/dev/video1 file
Process /dev/shm directory
Copying files in the new bin directory
Checking /usr/local/bin/basename
Checking /usr/bin/basename
sbox run: /run/firejail/lib/fcopy /usr/bin/basename /run/firejail/mnt/bin 
Checking /usr/local/bin/bash
Checking /usr/bin/bash
Checking /bin/bash
sbox run: /run/firejail/lib/fcopy /bin/bash /run/firejail/mnt/bin 
Checking /usr/local/bin/cat
Checking /usr/bin/cat
Checking /bin/cat
sbox run: /run/firejail/lib/fcopy /bin/cat /run/firejail/mnt/bin 
Checking /usr/local/bin/dirname
Checking /usr/bin/dirname
sbox run: /run/firejail/lib/fcopy /usr/bin/dirname /run/firejail/mnt/bin 
Checking /usr/local/bin/expr
Checking /usr/bin/expr
sbox run: /run/firejail/lib/fcopy /usr/bin/expr /run/firejail/mnt/bin 
Checking /usr/local/bin/false
Checking /usr/bin/false
Checking /bin/false
sbox run: /run/firejail/lib/fcopy /bin/false /run/firejail/mnt/bin 
Checking /usr/local/bin/firefox
Checking /usr/bin/firefox
sbox run: /run/firejail/lib/fcopy /usr/bin/firefox /run/firejail/mnt/bin 
Checking /usr/local/bin/firefox-esr
Checking /usr/bin/firefox-esr
file /usr/lib/firefox-esr/firefox-esr not found
sbox run: /run/firejail/lib/fcopy /usr/bin/firefox-esr /run/firejail/mnt/bin 
Checking /usr/local/bin/firefox-wayland
Checking /usr/bin/firefox-wayland
Checking /bin/firefox-wayland
Checking /usr/games/firefox-wayland
Checking /usr/local/games/firefox-wayland
Checking /usr/local/sbin/firefox-wayland
Checking /usr/sbin/firefox-wayland
Checking /sbin/firefox-wayland
Checking /usr/local/bin/getenforce
Checking /usr/bin/getenforce
Checking /bin/getenforce
Checking /usr/games/getenforce
Checking /usr/local/games/getenforce
Checking /usr/local/sbin/getenforce
Checking /usr/sbin/getenforce
Checking /sbin/getenforce
Checking /usr/local/bin/ln
Checking /usr/bin/ln
Checking /bin/ln
sbox run: /run/firejail/lib/fcopy /bin/ln /run/firejail/mnt/bin 
Checking /usr/local/bin/mkdir
Checking /usr/bin/mkdir
Checking /bin/mkdir
sbox run: /run/firejail/lib/fcopy /bin/mkdir /run/firejail/mnt/bin 
Checking /usr/local/bin/pidof
Checking /usr/bin/pidof
Checking /bin/pidof
sbox run: /run/firejail/lib/fcopy /sbin/killall5 /run/firejail/mnt/bin 
sbox run: /run/firejail/lib/fcopy /bin/pidof /run/firejail/mnt/bin 
Checking /usr/local/bin/restorecon
Checking /usr/bin/restorecon
Checking /bin/restorecon
Checking /usr/games/restorecon
Checking /usr/local/games/restorecon
Checking /usr/local/sbin/restorecon
Checking /usr/sbin/restorecon
Checking /sbin/restorecon
Checking /usr/local/bin/rm
Checking /usr/bin/rm
Checking /bin/rm
sbox run: /run/firejail/lib/fcopy /bin/rm /run/firejail/mnt/bin 
Checking /usr/local/bin/rmdir
Checking /usr/bin/rmdir
Checking /bin/rmdir
sbox run: /run/firejail/lib/fcopy /bin/rmdir /run/firejail/mnt/bin 
Checking /usr/local/bin/sed
Checking /usr/bin/sed
Checking /bin/sed
sbox run: /run/firejail/lib/fcopy /bin/sed /run/firejail/mnt/bin 
Checking /usr/local/bin/sh
Checking /usr/bin/sh
Checking /bin/sh
sbox run: /run/firejail/lib/fcopy /bin/dash /run/firejail/mnt/bin 
sbox run: /run/firejail/lib/fcopy /bin/sh /run/firejail/mnt/bin 
Checking /usr/local/bin/tclsh
Checking /usr/bin/tclsh
sbox run: /run/firejail/lib/fcopy /usr/bin/tclsh8.6 /run/firejail/mnt/bin 
sbox run: /run/firejail/lib/fcopy /usr/bin/tclsh /run/firejail/mnt/bin 
Checking /usr/local/bin/true
Checking /usr/bin/true
Checking /bin/true
sbox run: /run/firejail/lib/fcopy /bin/true /run/firejail/mnt/b21 programs installed in 51.53 ms
in 
Checking /usr/local/bin/uname
Checking /usr/bin/uname
Checking /bin/uname
sbox run: /run/firejail/lib/fcopy /bin/uname /run/firejail/mnt/bin 
Mount-bind /run/firejail/mnt/bin on top of /usr/local/bin
Mount-bind /run/firejail/mnt/bin on top of /usr/bin
Mount-bind /run/firejail/mnt/bin on top of /bin
Mount-bind /run/firejail/mnt/bin on top of /usr/games
Mount-bind /run/firejail/mnt/bin on top of /usr/local/games
Mount-bind /run/firejail/mnt/bin on top of /usr/local/sbin
Mount-bind /run/firejail/mnt/bin on top of /usr/sbin
Mount-bind /run/firejail/mnt/bin on top of /sbin
Standard C library installed in 1.43 ms
Starting private-lib processing: program firefox, shell none
Installing standard C library
    mounting /lib/x86_64-linux-gnu/libnss_nis.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libnss_nis.so.2
    mounting /lib/x86_64-linux-gnu/librt.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/librt.so.1
    mounting /lib/x86_64-linux-gnu/libapparmor.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libapparmor.so.1
    mounting /lib/x86_64-linux-gnu/libnss_files.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libnss_files.so.2
    mounting /lib/x86_64-linux-gnu/libselinux.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libselinux.so.1
    mounting /lib/x86_64-linux-gnu/ld-linux-x86-64.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
    mounting /lib/x86_64-linux-gnu/libutil.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libutil.so.1
    mounting /lib/x86_64-linux-gnu/libpthread.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libpthread.so.0
    mounting /lib/x86_64-linux-gnu/libcrypt.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libcrypt.so.1
    mounting /lib/x86_64-linux-gnu/libthread_db.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libthread_db.so.1
    mounting /lib/x86_64-linux-gnu/libnss_hesiod.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libnss_hesiod.so.2
    mounting /lib/x86_64-linux-gnu/libmemusage.so on /run/firejail/mnt/lib/x86_64-linux-gnu/libmemusage.so
    mounting /lib/x86_64-linux-gnu/libmvec.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libmvec.so.1
    mounting /lib/x86_64-linux-gnu/libnss_dns.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libnss_dns.so.2
    mounting /lib/x86_64-linux-gnu/libc.so.6 on /run/firejail/mnt/lib/x86_64-linux-gnu/libc.so.6
    mounting /lib/x86_64-linux-gnu/libanl.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libanl.so.1
    mounting /lib/x86_64-linux-gnu/libnss_compat.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libnss_compat.so.2
    mounting /lib/x86_64-linux-gnu/libnsl.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libnsl.so.1
    mounting /lib/x86_64-linux-gnu/libresolv.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libresolv.so.2
    mounting /lib/x86_64-linux-gnu/libm.so.6 on /run/firejail/mnt/lib/x86_64-linux-gnu/libm.so.6
    mounting /lib/x86_64-linux-gnu/libapparmor.so.1.6.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libapparmor.so.1.6.0
    mounting /lib/x86_64-linux-gnu/libnss_nisplus.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libnss_nisplus.so.2
    mounting /lib/x86_64-linux-gnu/libdl.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libdl.so.2
    mounting /lib64/ld-linux-x86-64.so.2 on /run/firejail/mnt/lib/ld-linux-x86-64.so.2
    mounting /usr/lib/locale on /run/firejail/mnt/lib/locale
Firejail libraries installed in 2.84 ms
Installing Firejail libraries
Cannot read /usr/local/bin/firejail, skipping...
    mounting /usr/local/lib/firejail on /run/firejail/mnt/lib/firejail
    fslib_mount_libs /run/firejail/lib/fcopy (parse as root)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /run/firejail/lib/fcopy
sbox run: /run/firejail/lib/fldd /run/firejail/lib/fcopy /run/firejail/mnt/libfiles 
Installing sandboxed program libraries
Searching $PATH for firefox
trying #/home/ra/.local/bin/firefox#
trying #/usr/local/gcc-10.2.0/bin/firefox#
trying #/usr/local/bin/firefox#
    fslib_install_list  /usr/local/bin/firefox
Processing private-lib files
    fslib_install_list  /usr/lib/firefox-esr/libmozgtk.so,/usr/lib/firefox-esr/libxul.so
    mounting /usr/lib/firefox-esr/libmozgtk.so on /run/firejail/mnt/lib/libmozgtk.so
    fslib_mount_libs /usr/lib/firefox-esr/libmozgtk.so (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /usr/lib/firefox-esr/libmozgtk.so
sbox run: /run/firejail/lib/fldd /usr/lib/firefox-esr/libmozgtk.so /run/firejail/mnt/libfiles 
    mounting /usr/lib/x86_64-linux-gnu/libatspi.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libatspi.so.0
    mounting /lib/x86_64-linux-gnu/libcap.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libcap.so.2
    mounting /lib/x86_64-linux-gnu/libsystemd.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libsystemd.so.0
    mounting /lib/x86_64-linux-gnu/libdbus-1.so.3 on /run/firejail/mnt/lib/x86_64-linux-gnu/libdbus-1.so.3
    mounting /usr/lib/x86_64-linux-gnu/libatk-bridge-2.0.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libatk-bridge-2.0.so.0
    mounting /usr/lib/x86_64-linux-gnu/libatk-1.0.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libatk-1.0.so.0
    mounting /usr/lib/x86_64-linux-gnu/libepoxy.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libepoxy.so.0
    mounting /usr/lib/x86_64-linux-gnu/libwayland-egl.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libwayland-egl.so.1
    mounting /usr/lib/x86_64-linux-gnu/libwayland-client.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libwayland-client.so.0
    mounting /usr/lib/x86_64-linux-gnu/libwayland-cursor.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libwayland-cursor.so.0
    mounting /usr/lib/x86_64-linux-gnu/libxkbcommon.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libxkbcommon.so.0
    mounting /usr/lib/x86_64-linux-gnu/libXdamage.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libXdamage.so.1
    mounting /usr/lib/x86_64-linux-gnu/libXcomposite.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libXcomposite.so.1
    mounting /usr/lib/x86_64-linux-gnu/libXfixes.so.3 on /run/firejail/mnt/lib/x86_64-linux-gnu/libXfixes.so.3
    mounting /usr/lib/x86_64-linux-gnu/libXcursor.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libXcursor.so.1
    mounting /usr/lib/x86_64-linux-gnu/libXrandr.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libXrandr.so.2
    mounting /usr/lib/x86_64-linux-gnu/libXi.so.6 on /run/firejail/mnt/lib/x86_64-linux-gnu/libXi.so.6
    mounting /usr/lib/x86_64-linux-gnu/libXinerama.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libXinerama.so.1
    mounting /usr/lib/x86_64-linux-gnu/libcairo-gobject.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libcairo-gobject.so.2
    mounting /lib/x86_64-linux-gnu/libblkid.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libblkid.so.1
    mounting /lib/x86_64-linux-gnu/libmount.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libmount.so.1
    mounting /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libgio-2.0.so.0
    mounting /usr/lib/x86_64-linux-gnu/libgmodule-2.0.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libgmodule-2.0.so.0
    mounting /usr/lib/x86_64-linux-gnu/libgdk_pixbuf-2.0.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libgdk_pixbuf-2.0.so.0
    mounting /usr/lib/x86_64-linux-gnu/libXext.so.6 on /run/firejail/mnt/lib/x86_64-linux-gnu/libXext.so.6
    mounting /usr/lib/x86_64-linux-gnu/libX11.so.6 on /run/firejail/mnt/lib/x86_64-linux-gnu/libX11.so.6
    mounting /usr/lib/x86_64-linux-gnu/libXrender.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libXrender.so.1
    mounting /usr/lib/x86_64-linux-gnu/libxcb-render.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libxcb-render.so.0
    mounting /usr/lib/x86_64-linux-gnu/libbsd.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libbsd.so.0
    mounting /usr/lib/x86_64-linux-gnu/libXdmcp.so.6 on /run/firejail/mnt/lib/x86_64-linux-gnu/libXdmcp.soWarning fldd: cannot find libmozsandbox.so, skipping...
Warning fldd: cannot find liblgpllibs.so, skipping...
Warning fldd: cannot find libmozsqlite3.so, skipping...
Warning fldd: cannot find libmozgtk.so, skipping...
Warning fldd: cannot find libmozwayland.so, skipping...
.6
    mounting /usr/lib/x86_64-linux-gnu/libXau.so.6 on /run/firejail/mnt/lib/x86_64-linux-gnu/libXau.so.6
    mounting /usr/lib/x86_64-linux-gnu/libxcb.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libxcb.so.1
    mounting /usr/lib/x86_64-linux-gnu/libxcb-shm.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libxcb-shm.so.0
    mounting /usr/lib/x86_64-linux-gnu/libpixman-1.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libpixman-1.so.0
    mounting /usr/lib/x86_64-linux-gnu/libcairo.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libcairo.so.2
    mounting /lib/x86_64-linux-gnu/libuuid.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libuuid.so.1
    mounting /lib/x86_64-linux-gnu/libexpat.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libexpat.so.1
    mounting /usr/lib/x86_64-linux-gnu/libfontconfig.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libfontconfig.so.1
    mounting /usr/lib/x86_64-linux-gnu/libgraphite2.so.3 on /run/firejail/mnt/lib/x86_64-linux-gnu/libgraphite2.so.3
    mounting /lib/x86_64-linux-gnu/libz.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libz.so.1
    mounting /usr/lib/x86_64-linux-gnu/libpng16.so.16 on /run/firejail/mnt/lib/x86_64-linux-gnu/libpng16.so.16
    mounting /usr/lib/x86_64-linux-gnu/libfreetype.so.6 on /run/firejail/mnt/lib/x86_64-linux-gnu/libfreetype.so.6
    mounting /usr/lib/x86_64-linux-gnu/libharfbuzz.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libharfbuzz.so.0
    mounting /usr/lib/x86_64-linux-gnu/libpangoft2-1.0.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libpangoft2-1.0.so.0
    mounting /usr/lib/x86_64-linux-gnu/libfribidi.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libfribidi.so.0
    mounting /usr/lib/x86_64-linux-gnu/libdatrie.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libdatrie.so.1
    mounting /usr/lib/x86_64-linux-gnu/libthai.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libthai.so.0
    mounting /usr/lib/x86_64-linux-gnu/libffi.so.6 on /run/firejail/mnt/lib/x86_64-linux-gnu/libffi.so.6
    mounting /lib/x86_64-linux-gnu/libpcre.so.3 on /run/firejail/mnt/lib/x86_64-linux-gnu/libpcre.so.3
    mounting /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libglib-2.0.so.0
    mounting /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libgobject-2.0.so.0
    mounting /usr/lib/x86_64-linux-gnu/libpango-1.0.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libpango-1.0.so.0
    mounting /usr/lib/x86_64-linux-gnu/libpangocairo-1.0.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libpangocairo-1.0.so.0
    mounting /usr/lib/x86_64-linux-gnu/libgdk-3.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libgdk-3.so.0
    mounting /usr/lib/x86_64-linux-gnu/libgtk-3.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libgtk-3.so.0
    mounting /usr/lib/firefox-esr/libxul.so on /run/firejail/mnt/lib/libxul.so
    fslib_mount_libs /usr/lib/firefox-esr/libxul.so (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /usr/lib/firefox-esr/libxul.so
sbox run: /run/firejail/lib/fldd /usr/lib/firefox-esr/libxul.so /run/firejail/mnt/libfiles 
    mounting /lib/x86_64-linux-gnu/libgcc_s.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libgcc_s.so.1
    mounting /usr/lib/x86_64-linux-gnu/libstdc++.so.6 on /run/firejail/mnt/lib/x86_64-linux-gnu/libstdc++.so.6
    mounting /usr/lib/x86_64-linux-gnu/libdbus-glib-1.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libdbus-glib-1.so.2
    mounting /usr/lib/x86_64-linux-gnu/libevent-2.1.so.6 on /run/firejail/mnt/lib/x86_64-linux-gnu/libevent-2.1.so.6
    mounting /usr/lib/x86_64-linux-gnu/libX11-xcb.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libX11-xcb.so.1
    mounting /usr/lib/x86_64-linux-gnu/libssl3.so on /run/firejail/mnt/lib/x86_64-linux-gnu/libssl3.so
    mounting /usr/lib/x86_64-linux-gnu/libsmime3.so on /run/firejail/mnt/lib/x86_64-linux-gnu/libsmime3.so
    mounting /usr/lib/x86_64-linux-gnu/libplds4.so on /run/firejail/mnt/lib/x86_64-linux-gnu/libplds4.so
    mounting /usr/lib/x86_64-linux-gnu/libnssutil3.so on /run/firejail/mnt/lib/x86_64-linux-gnu/libnssutil3.so
    mounting /usr/lib/x86_64-linux-gnu/libnss3.so on /run/firejail/mnt/lib/x86_64-linux-gnu/libnss3.so
    mounting /usr/lib/x86_64-linux-gnu/libplc4.so on /run/firejail/mnt/lib/x86_64-linux-gnu/libplc4.so
    mounting /usr/lib/x86_64-linux-gnu/libnspr4.so on /run/firejail/mnt/lib/x86_64-linux-gnu/libnspr4.so
Processing private-bin files
    fslib_install_list  basename,/usr/bin/basename,bash,/bin/bash,cat,/bin/cat,dirname,/usr/bin/dirname,expr,/usr/bin/expr,false,/bin/false,firefox,/usr/bin/firefox,firefox-esr,/usr/bin/firefox-esr,ln,/bin/ln,mkdir,/bin/mkdir,pidof,/bin/pidof,rm,/bin/rm,rmdir,/bin/rmdir,sed,/bin/sed,sh,/bin/sh,tclsh,/usr/bin/tclsh,true,/bin/true,uname,/bin/uname
    fslib_mount_libs /usr/bin/basename (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /usr/bin/basename
sbox run: /run/firejail/lib/fldd /usr/bin/basename /run/firejail/mnt/libfiles 
    fslib_mount_libs /bin/bash (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /bin/bash
sbox run: /run/firejail/lib/fldd /bin/bash /run/firejail/mnt/libfiles 
    mounting /lib/x86_64-linux-gnu/libtinfo.so.6 on /run/firejail/mnt/lib/x86_64-linux-gnu/libtinfo.so.6
    fslib_mount_libs /bin/cat (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /bin/cat
sbox run: /run/firejail/lib/fldd /bin/cat /run/firejail/mnt/libfiles 
    fslib_mount_libs /usr/bin/dirname (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /usr/bin/dirname
sbox run: /run/firejail/lib/fldd /usr/bin/dirname /run/firejail/mnt/libfiles 
    fslib_mount_libs /usr/bin/expr (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /usr/bin/expr
sbox run: /run/firejail/lib/fldd /usr/bin/expr /run/firejail/mnt/libfiles 
    fslib_mount_libs /bin/false (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /bin/false
sbox run: /run/firejail/lib/fldd /bin/false /run/firejail/mnt/libfiles 
    mounting /usr/lib/firefox-esr on /run/firejail/mnt/lib/firefox-esr
    fslib_mount_libs /usr/bin/firefox-esr (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /usr/bin/firefox-esr
sbox run: /run/firejail/lib/fldd /usr/bin/firefox-esr /run/firejail/mnt/libfiles 
    fslib_mount_libs /bin/ln (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /bin/ln
sbox run: /run/firejail/lib/fldd /bin/ln /run/firejail/mnt/libfiles 
    fslib_mount_libs /bin/mkdir (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /bin/mkdir
sbox run: /run/firejail/lib/fldd /bin/mkdir /run/firejail/mnt/libfiles 
    fslib_mount_libs /bin/pidof (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /bin/pidof
sbox run: /run/firejail/lib/fldd /bin/pidof /run/firejail/mnt/libfiles 
    fslib_mount_libs /bin/rm (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /bin/rm
sbox run: /run/firejail/lib/fldd /bin/rm /run/firejail/mnt/libfiles 
    fslib_mount_libs /bin/rmdir (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /bin/rmdir
sbox run: /run/firejail/lib/fldd /bin/rmdir /run/firejail/mnt/libfiles 
    fslib_mount_libs /bin/sed (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /bin/sed
sbox run: /run/firejail/lib/fldd /bin/sed /run/firejail/mnt/libfiles 
    mounting /usr/lib/x86_64-linux-gnu/libattr.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libattr.so.1
    mounting /usr/lib/x86_64-linux-gnu/libacl.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libacl.so.1
    fslib_mount_libs /bin/sh (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /bin/sh
sbox run: /run/firejail/lib/fldd /bin/sh /run/firejail/mnt/libfiles 
    fslib_mount_libs /usr/bin/tclsh (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /usr/bin/tclsh
sbox run: /run/firejail/lib/fldd /usr/bin/tclsh /run/firejail/mnt/libfiles 
Dropping all capabilitienux-gnu/libnssutil3.so
    mounting /usr/lib/x86_64-linux-gnu/libnss3.so on /run/firejail/mnt/lib/x86_64-linux-gnu/libnss3.so
    mounting /usr/lib/x86_64-linux-gnu/libplc4.so on /run/firejail/mnt/lib/x86_64-linux-gnu/libplc4.so
    mounting /usr/lib/x86_64-linux-gnu/libnspr4.so on /run/firejail/mnt/lib/x86_64-linux-gnu/libnspr4.so
Processing private-bin files
    fslib_install_list  basename,/usr/bin/basename,bash,/bin/bash,cat,/bin/cat,dirname,/usr/bin/dirname,expr,/usr/bin/expr,false,/bin/false,firefox,/usr/bin/firefox,firefox-esr,/usr/bin/firefox-esr,ln,/bin/ln,mkdir,/bin/mkdir,pidof,/bin/pidof,rm,/bin/rm,rmdir,/bin/rmdir,sed,/bin/sed,sh,/bin/sh,tclsh,/usr/bin/tclsh,true,/bin/true,uname,/bin/uname
    fslib_mount_libs /usr/bin/basename (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /usr/bin/basename
sbox run: /run/firejail/lib/fldd /usr/bin/basename /run/firejail/mnt/libfiles 
    fslib_mount_libs /bin/bash (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /bin/bash
sbox run: /run/firejail/lib/fldd /bin/bash /run/firejail/mnt/libfiles 
    mounting /lib/x86_64-linux-gnu/libtinfo.so.6 on /run/firejail/mnt/lib/x86_64-linux-gnu/libtinfo.so.6
    fslib_mount_libs /bin/cat (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /bin/cat
sbox run: /run/firejail/lib/fldd /bin/cat /run/firejail/mnt/libfiles 
    fslib_mount_libs /usr/bin/dirname (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /usr/bin/dirname
sbox run: /run/firejail/lib/fldd /usr/bin/dirname /run/firejail/mnt/libfiles 
    fslib_mount_libs /usr/bin/expr (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /usr/bin/expr
sbox run: /run/firejail/lib/fldd /usr/bin/expr /run/firejail/mnt/libfiles 
    fslib_mount_libs /bin/false (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /bin/false
sbox run: /run/firejail/lib/fldd /bin/false /run/firejail/mnt/libfiles 
    mounting /usr/lib/firefox-esr on /run/firejail/mnt/lib/firefox-esr
    fslib_mount_libs /usr/bin/firefox-esr (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /usr/bin/firefox-esr
sbox run: /run/firejail/lib/fldd /usr/bin/firefox-esr /run/firejail/mnt/libfiles 
    fslib_mount_libs /bin/ln (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /bin/ln
sbox run: /run/firejail/lib/fldd /bin/ln /run/firejail/mnt/libfiles 
    fslib_mount_libs /bin/mkdir (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /bin/mkdir
sbox run: /run/firejail/lib/fldd /bin/mkdir /run/firejail/mnt/libfiles 
    fslib_mount_libs /bin/pidof (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /bin/pidof
sbox run: /run/firejail/lib/fldd /bin/pidof /run/firejail/mnt/libfiles 
    fslib_mount_libs /bin/rm (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /bin/rm
sbox run: /run/firejail/lib/fldd /bin/rm /run/firejail/mnt/libfiles 
    fslib_mount_libs /bin/rmdir (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /bin/rmdir
sbox run: /run/firejail/lib/fldd /bin/rmdir /run/firejail/mnt/libfiles 
    fslib_mount_libs /bin/sed (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /bin/sed
sbox run: /run/firejail/lib/fldd /bin/sed /run/firejail/mnt/libfiles 
    mounting /usr/lib/x86_64-linux-gnu/libattr.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libattr.so.1
    mounting /usr/lib/x86_64-linux-gnu/libacl.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libacl.so.1
    fslib_mount_libs /bin/sh (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /bin/sh
sbox run: /run/firejail/lib/fldd /bin/sh /run/firejail/mnt/libfiles 
    fslib_mount_libs /usr/bin/tclsh (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /usr/bin/tclsh
sbox run: /run/firejail/lib/fldd /usr/bin/tclsh /run/firejail/mnt/libfiles 
    mounting /usr/lib/x8Program libraries installed in 85.68 ms
6_64-linux-gnu/libtcl8.6.so on /run/firejail/mnt/lib/x86_64-linux-gnu/libtcl8.6.so
    fslib_mount_libs /bin/true (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /bin/true
sbox run: /run/firejail/lib/fldd /bin/true /run/firejail/mnt/libfiles 
    fslib_mount_libs /bin/uname (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /bin/uname
sbox run: /run/firejail/lib/fldd /bin/uname /run/firejail/mnt/libfiles 
GdkPixbuf installed in 19.87 ms
Installing system libraries
    fslib_mount_libs /usr/lib/x86_64-linux-gnu/gdk-pixbuf-2.0 (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /usr/lib/x86_64-linux-gnu/gdk-pixbuf-2.0
sbox run: /run/firejail/lib/fldd /usr/lib/x86_64-linux-gnu/gdk-pixbuf-2.0 /run/firejail/mnt/libfiles 
    mounting /usr/lib/x86_64-linux-gnu/libjpeg.so.62 on /run/firejail/mnt/lib/x86_64-linux-gnu/libjpeg.so.62
    mounting /usr/lib/x86_64-linux-gnu/libjbig.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libjbig.so.0
    mounting /usr/lib/x86_64-linux-gnu/libzstd.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libzstd.so.1
    mounting /usr/lib/x86_64-linux-gnu/libwebp.so.6 on /run/firejail/mnt/lib/x86_64-linux-gnu/libwebp.so.6
    mounting /usr/lib/x86_64-linux-gnu/libtiff.so.5 on /run/firejail/mnt/lib/x86_64-linux-gnu/libtiff.so.5
    mounting /lib/x86_64-linux-gnu/liblzma.so.5 on /run/firejail/mnt/lib/x86_64-linux-gnu/liblzma.so.5
    mounting /usr/lib/x86_64-linux-gnu/libicudata.so.63 on /run/firejail/mnt/lib/x86_64-linux-gnu/libicudata.so.63
    mounting /usr/lib/x86_64-linux-gnu/libicuuc.so.63 on /run/firejail/mnt/lib/x86_64-linux-gnu/libicuuc.so.63
    mounting /usr/lib/x86_64-linux-gnu/libicui18n.so.63 on /run/firejail/mnt/lib/x86_64-linux-gnu/libicui18n.so.63
    mounting /usr/lib/x86_64-linux-gnu/libxml2.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libxml2.so.2
    mounting /usr/lib/x86_64-linux-gnu/libcroco-0.6.so.3 on /run/firejail/mnt/lib/x86_64-linux-gnu/libcroco-0.6.so.3
    mounting /usr/lib/x86_64-linux-gnu/librsvg-2.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/librsvg-2.so.2
    mounting /usr/lib/x86_64-linux-gnu/gdk-pixbuf-2.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/gdk-pixbuf-2.0
GTK3 installed in 56.33 ms
    fslib_mount_libs /usr/lib/x86_64-linux-gnu/gtk-3.0 (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /usr/lib/x86_64-linux-gnu/gtk-3.0
sbox run: /run/firejail/lib/fldd /usr/lib/x86_64-linux-gnu/gtk-3.0 /run/firejail/mnt/libfiles 
    mounting /usr/lib/x86_64-linux-gnu/libavahi-client.so.3 on /run/firejail/mnt/lib/x86_64-linux-gnu/libavahi-client.so.3
    mounting /usr/lib/x86_64-linux-gnu/libavahi-common.so.3 on /run/firejail/mnt/lib/x86_64-linux-gnu/libavahi-common.so.3
    mounting /usr/lib/x86_64-linux-gnu/libgmp.so.10 on /run/firejail/mnt/lib/x86_64-linux-gnu/libgmp.so.10
    mounting /usr/lib/x86_64-linux-gnu/libhogweed.so.4 on /run/firejail/mnt/lib/x86_64-linux-gnu/libhogweed.so.4
    mounting /usr/lib/x86_64-linux-gnu/libnettle.so.6 on /run/firejail/mnt/lib/x86_64-linux-gnu/libnettle.so.6
    mounting /usr/lib/x86_64-linux-gnu/libtasn1.so.6 on /run/firejail/mnt/lib/x86_64-linux-gnu/libtasn1.so.6
    mounting /usr/lib/x86_64-linux-gnu/libp11-kit.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libp11-kit.so.0
    mounting /usr/lib/x86_64-linux-gnu/libgnutls.so.30 on /run/firejail/mnt/lib/x86_64-linux-gnu/libgnutls.so.30
    mounting /usr/lib/x86_64-linux-gnu/libcups.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libcups.so.2
    mounting /lib/x86_64-linux-gnu/libudev.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libudev.so.1
    mounting /usr/lib/x86_64-linux-gnu/liblcms2.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/liblcms2.so.2
    mounting /usr/lib/x86_64-linux-gnu/libcolord.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libcolord.so.2
    mounting /usr/lib/x86_64-linux-gnu/libjson-glib-1.0.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libjson-glib-1.0.so.0
    mounting /usr/lib/x86_64-linux-gnu/libunistring.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libunistring.so.2
    mounting /usr/lib/x86_64-linux-gnu/libidn2.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libidn2.so.0
    mounting /usr/lib/x86_64-linux-gnu/libpsl.so.5 on /run/firejail/mnt/lib/x86_64-linux-gnu/libpsl.so.5
    mounting /usr/lib/x86_64-linux-gnu/libsqlite3.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libsqlite3.so.0
    mounting /lib/x86_64-linux-gnu/libcom_err.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libcom_err.so.2
    mounting /lib/x86_64-linux-gnu/libkeyutils.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libkeyutils.so.1
    mounting /usr/lib/x86_64-linux-gnu/libkrb5support.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libkrb5support.so.0
    mounting /usr/lib/x86_64-linux-gnu/libk5crypto.so.3 on /run/firejail/mnt/lib/x86_64-linux-gnu/libk5crypto.so.3
    mounting /usr/lib/x86_64-linux-gnu/libkrb5.so.3 on /run/firejail/mnt/lib/x86_64-linux-gnu/libkrb5.so.3
    mounting /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2 on /run/firejail/mnt/lib/x86_64-linux-gnu/libgssapi_krb5.so.2
    mounting /usr/lib/x86_64-linux-gnu/libsoup-2.4.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libsoup-2.4.so.1
    mounting /usr/lib/x86_64-linux-gnu/libsoup-gnome-2.4.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libsoup-gnome-2.4.so.1
    mounting /usr/lib/x86_64-linux-gnu/libgthread-2.0.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libgthread-2.0.so.0
    mounting /usr/lib/x86_64-linux-gnu/librest-0.7.so.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/librest-0.7.so.0
    mounting /usr/lib/x86_64-linux-gnu/gtk-3.0 on /run/firejail/mnt/lib/x86_64-linux-gnu/gtk-3.0
    fslib_mount_libs /usr/lib/x86_64-linux-gnu/libgtk-3-0 (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /usr/lib/x86_64-linux-gnu/libgtk-3-0
sbox run: /run/firejail/lib/fldd /usr/lib/x86_64-linux-gnu/libgtk-3-0 /run/firejail/mnt/libfiles 
    mounting /usr/lib/x86_64-linux-gnu/libgtk-3-0 on /run/firejail/mnt/lib/x86_64-linux-gnu/libgtk-3-0
Pango installed in 0.01 ms
GIO installed in 8.98 ms
    fslib_mount_libs /usr/lib/x86_64-linux-gnu/gio (parse as user)
Creating empty /run/firejail/mnt/libfiles file
    running fldd /usr/lib/x86_64-linux-gnu/gio
sbox run: /run/firejail/lib/fldd /usr/lib/x86_64-linux-gnu/gio /run/firejail/mnt/libfiles 
    mounting /usr/lib/x86_64-linux-gnu/libproxy.so.1 on /run/firejail/mnt/lib/x86_64-linux-gnu/libproxy.so.1
    mounting /usr/lib/x86_64-linux-gnu/gio on /run/firejail/mnt/lib/x86_64-linux-gnu/gio
Installed 137 libraries and 7 directories
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Warning: file /etc/pango not found.
Warning: skipping pango for private /etc
Warning: file /etc/$ not found.
Warning: skipping $ for private /etc
Private /etc installed in 46.46 ms
Mounting read-only /run/firejail/mnt/lib
422 278 253:0 /usr/lib/x86_64-linux-gnu/gio /run/firejail/mnt/lib/x86_64-linux-gnu/gio ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=422 fsname=/usr/lib/x86_64-linux-gnu/gio dir=/run/firejail/mnt/lib/x86_64-linux-gnu/gio fstype=ext4
Mount-bind /run/firejail/mnt/lib on top of /usr/lib64
Mount-bind /run/firejail/mnt/lib on top of /lib64
Mount-bind /run/firejail/mnt/lib on top of /usr/lib
Mount-bind /run/firejail/mnt/lib on top of /lib
Mount-bind /run/firejail/mnt/lib on top of /usr/local/lib
Generate private-tmp whitelist commands
Creating empty /run/firejail/mnt/dbus directory
Creating empty /run/firejail/mnt/dbus/system file
blacklist /run/dbus/system_bus_socket
blacklist /run/firejail/dbus
Mounting read-only /proc/sys
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /sys/kernel/uevent_helper
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/kernel/hotplug
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/sched_debug
Disable /proc/timer_list
Disable /proc/kcore
Disable /proc/kallsyms
Disable /boot
Disable /proc/kmsg
Copying files in the new /etc directory:
Copying /etc/passwd to private /etc
sbox run: /run/firejail/lib/fcopy /etc/passwd /run/firejail/mnt/etc 
Copying /etc/group to private /etc
sbox run: /run/firejail/lib/fcopy /etc/group /run/firejail/mnt/etc 
Copying /etc/hostname to private /etc
sbox run: /run/firejail/lib/fcopy /etc/hostname /run/firejail/mnt/etc 
Copying /etc/hosts to private /etc
sbox run: /run/firejail/lib/fcopy /etc/hosts /run/firejail/mnt/etc 
Copying /etc/localtime to private /etc
sbox run: /run/firejail/lib/fcopy /etc/localtime /run/firejail/mnt/etc 
Copying /etc/nsswitch.conf to private /etc
sbox run: /run/firejail/lib/fcopy /etc/nsswitch.conf /run/firejail/mnt/etc 
Copying /etc/resolv.conf to private /etc
sbox run: /run/firejail/lib/fcopy /etc/resolv.conf /run/firejail/mnt/etc 
Copying /etc/gtk-2.0 to private /etc
Creating empty /run/firejail/mnt/etc/gtk-2.0 directory
sbox run: /run/firejail/lib/fcopy /etc/gtk-2.0 /run/firejail/mnt/etc/gtk-2.0 
Copying /etc/fonts to private /etc
Creating empty /run/firejail/mnt/etc/fonts directory
sbox run: /run/firejail/lib/fcopy /etc/fonts /run/firejail/mnt/etc/fonts 
Mount-bind /run/firejail/mnt/etc on top of /etc
Private /usr/etc installed in 0.02 ms
Cannot find /usr/etc: No such file or directory
Mount-bind /run/firejail/mnt/usretc on top of /usr/etc
Cannot find /usr/etc: No such file or directory
Debug 559: whitelist ${HOME}/.cache/mozilla/firefox
Debug 580: expanded: /home/internet/.cache/mozilla/firefox
Debug 591: new_name: /home/internet/.cache/mozilla/firefox
Debug 605: dir: /home/internet
Adding whitelist top level directory /home/internet
Debug 559: whitelist ${HOME}/.mozilla
Debug 580: expanded: /home/internet/.mozilla
Debug 591: new_name: /home/internet/.mozilla
Debug 605: dir: /home/internet
Debug 559: whitelist /usr/share/doc
Debug 580: expanded: /usr/share/doc
Debug 591: new_name: /usr/share/doc
Debug 605: dir: /usr/share
Adding whitelist top level directory /usr/share
Debug 559: whitelist /usr/share/firefox
Debug 580: expanded: /usr/share/firefox
Debug 591: new_name: /usr/share/firefox
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/firefox
	expanded: /usr/share/firefox
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/gnome-shell/search-providers/firefox-search-provider.ini
Debug 580: expanded: /usr/share/gnome-shell/search-providers/firefox-search-provider.ini
Debug 591: new_name: /usr/share/gnome-shell/search-providers/firefox-search-provider.ini
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/gnome-shell/search-providers/firefox-search-provider.ini
	expanded: /usr/share/gnome-shell/search-providers/firefox-search-provider.ini
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/gtk-doc/html
Debug 580: expanded: /usr/share/gtk-doc/html
Debug 591: new_name: /usr/share/gtk-doc/html
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/mozilla
Debug 580: expanded: /usr/share/mozilla
Debug 591: new_name: /usr/share/mozilla
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/webext
Debug 580: expanded: /usr/share/webext
Debug 591: new_name: /usr/share/webext
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/webext
	expanded: /usr/share/webext
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/alsa
Debug 580: expanded: /usr/share/alsa
Debug 591: new_name: /usr/share/alsa
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/applications
Debug 580: expanded: /usr/share/applications
Debug 591: new_name: /usr/share/applications
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/ca-certificates
Debug 580: expanded: /usr/share/ca-certificates
Debug 591: new_name: /usr/share/ca-certificates
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/crypto-policies
Debug 580: expanded: /usr/share/crypto-policies
Debug 591: new_name: /usr/share/crypto-policies
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/crypto-policies
	expanded: /usr/share/crypto-policies
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/cursors
Debug 580: expanded: /usr/share/cursors
Debug 591: new_name: /usr/share/cursors
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/cursors
	expanded: /usr/share/cursors
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/dconf
Debug 580: expanded: /usr/share/dconf
Debug 591: new_name: /usr/share/dconf
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/dconf
	expanded: /usr/share/dconf
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/distro-info
Debug 580: expanded: /usr/share/distro-info
Debug 591: new_name: /usr/share/distro-info
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/drirc.d
Debug 580: expanded: /usr/share/drirc.d
Debug 591: new_name: /usr/share/drirc.d
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/enchant
Debug 580: expanded: /usr/share/enchant
Debug 591: new_name: /usr/share/enchant
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/enchant-2
Debug 580: expanded: /usr/share/enchant-2
Debug 591: new_name: /usr/share/enchant-2
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/enchant-2
	expanded: /usr/share/enchant-2
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/file
Debug 580: expanded: /usr/share/file
Debug 591: new_name: /usr/share/file
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/fontconfig
Debug 580: expanded: /usr/share/fontconfig
Debug 591: new_name: /usr/share/fontconfig
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/fonts
Debug 580: expanded: /usr/share/fonts
Debug 591: new_name: /usr/share/fonts
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/fonts-config
Debug 580: expanded: /usr/share/fonts-config
Debug 591: new_name: /usr/share/fonts-config
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/fonts-config
	expanded: /usr/share/fonts-config
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/gir-1.0
Debug 580: expanded: /usr/share/gir-1.0
Debug 591: new_name: /usr/share/gir-1.0
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/gjs-1.0
Debug 580: expanded: /usr/share/gjs-1.0
Debug 591: new_name: /usr/share/gjs-1.0
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/gjs-1.0
	expanded: /usr/share/gjs-1.0
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/glib-2.0
Debug 580: expanded: /usr/share/glib-2.0
Debug 591: new_name: /usr/share/glib-2.0
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/glvnd
Debug 580: expanded: /usr/share/glvnd
Debug 591: new_name: /usr/share/glvnd
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/gtk-2.0
Debug 580: expanded: /usr/share/gtk-2.0
Debug 591: new_name: /usr/share/gtk-2.0
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/gtk-2.0
	expanded: /usr/share/gtk-2.0
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/gtk-3.0
Debug 580: expanded: /usr/share/gtk-3.0
Debug 591: new_name: /usr/share/gtk-3.0
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/gtk-engines
Debug 580: expanded: /usr/share/gtk-engines
Debug 591: new_name: /usr/share/gtk-engines
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/gtksourceview-3.0
Debug 580: expanded: /usr/share/gtksourceview-3.0
Debug 591: new_name: /usr/share/gtksourceview-3.0
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/gtksourceview-3.0
	expanded: /usr/share/gtksourceview-3.0
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/gtksourceview-4
Debug 580: expanded: /usr/share/gtksourceview-4
Debug 591: new_name: /usr/share/gtksourceview-4
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/gtksourceview-4
	expanded: /usr/share/gtksourceview-4
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/hunspell
Debug 580: expanded: /usr/share/hunspell
Debug 591: new_name: /usr/share/hunspell
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/hwdata
Debug 580: expanded: /usr/share/hwdata
Debug 591: new_name: /usr/share/hwdata
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/hwdata
	expanded: /usr/share/hwdata
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/icons
Debug 580: expanded: /usr/share/icons
Debug 591: new_name: /usr/share/icons
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/icu
Debug 580: expanded: /usr/share/icu
Debug 591: new_name: /usr/share/icu
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/knotifications5
Debug 580: expanded: /usr/share/knotifications5
Debug 591: new_name: /usr/share/knotifications5
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/knotifications5
	expanded: /usr/share/knotifications5
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/kservices5
Debug 580: expanded: /usr/share/kservices5
Debug 591: new_name: /usr/share/kservices5
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/kservices5
	expanded: /usr/share/kservices5
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/Kvantum
Debug 580: expanded: /usr/share/Kvantum
Debug 591: new_name: /usr/share/Kvantum
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/Kvantum
	expanded: /usr/share/Kvantum
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/kxmlgui5
Debug 580: expanded: /usr/share/kxmlgui5
Debug 591: new_name: /usr/share/kxmlgui5
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/kxmlgui5
	expanded: /usr/share/kxmlgui5
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/libdrm
Debug 580: expanded: /usr/share/libdrm
Debug 591: new_name: /usr/share/libdrm
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/libthai
Debug 580: expanded: /usr/share/libthai
Debug 591: new_name: /usr/share/libthai
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/locale
Debug 580: expanded: /usr/share/locale
Debug 591: new_name: /usr/share/locale
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/mime
Debug 580: expanded: /usr/share/mime
Debug 591: new_name: /usr/share/mime
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/misc
Debug 580: expanded: /usr/share/misc
Debug 591: new_name: /usr/share/misc
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/Modules
Debug 580: expanded: /usr/share/Modules
Debug 591: new_name: /usr/share/Modules
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/Modules
	expanded: /usr/share/Modules
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/myspell
Debug 580: expanded: /usr/share/myspell
Debug 591: new_name: /usr/share/myspell
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/p11-kit
Debug 580: expanded: /usr/share/p11-kit
Debug 591: new_name: /usr/share/p11-kit
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/perl
Debug 580: expanded: /usr/share/perl
Debug 591: new_name: /usr/share/perl
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/perl5
Debug 580: expanded: /usr/share/perl5
Debug 591: new_name: /usr/share/perl5
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/pixmaps
Debug 580: expanded: /usr/share/pixmaps
Debug 591: new_name: /usr/share/pixmaps
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/pki
Debug 580: expanded: /usr/share/pki
Debug 591: new_name: /usr/share/pki
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/pki
	expanded: /usr/share/pki
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/plasma
Debug 580: expanded: /usr/share/plasma
Debug 591: new_name: /usr/share/plasma
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/plasma
	expanded: /usr/share/plasma
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/publicsuffix
Debug 580: expanded: /usr/share/publicsuffix
Debug 591: new_name: /usr/share/publicsuffix
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/publicsuffix
	expanded: /usr/share/publicsuffix
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/qt
Debug 580: expanded: /usr/share/qt
Debug 591: new_name: /usr/share/qt
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/qt
	expanded: /usr/share/qt
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/qt4
Debug 580: expanded: /usr/share/qt4
Debug 591: new_name: /usr/share/qt4
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/qt4
	expanded: /usr/share/qt4
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/qt5
Debug 580: expanded: /usr/share/qt5
Debug 591: new_name: /usr/share/qt5
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/qt5
	expanded: /usr/share/qt5
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/qt5ct
Debug 580: expanded: /usr/share/qt5ct
Debug 591: new_name: /usr/share/qt5ct
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/sounds
Debug 580: expanded: /usr/share/sounds
Debug 591: new_name: /usr/share/sounds
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/tcl8.6
Debug 580: expanded: /usr/share/tcl8.6
Debug 591: new_name: /usr/share/tcl8.6
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/tcl8.6
	expanded: /usr/share/tcl8.6
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/tcltk
Debug 580: expanded: /usr/share/tcltk
Debug 591: new_name: /usr/share/tcltk
Debug 605: dir: /usr***
*** Warning: cannot whitelist ${DOWNLOADS} directory
*** Any file saved in this directory will be lost when the sandbox is closed.
***
/share
Debug 559: whitelist /usr/share/terminfo
Debug 580: expanded: /usr/share/terminfo
Debug 591: new_name: /usr/share/terminfo
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/texlive
Debug 580: expanded: /usr/share/texlive
Debug 591: new_name: /usr/share/texlive
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/texlive
	expanded: /usr/share/texlive
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/texmf
Debug 580: expanded: /usr/share/texmf
Debug 591: new_name: /usr/share/texmf
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/themes
Debug 580: expanded: /usr/share/themes
Debug 591: new_name: /usr/share/themes
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/thumbnail.so
Debug 580: expanded: /usr/share/thumbnail.so
Debug 591: new_name: /usr/share/thumbnail.so
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/thumbnail.so
	expanded: /usr/share/thumbnail.so
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/uim
Debug 580: expanded: /usr/share/uim
Debug 591: new_name: /usr/share/uim
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/uim
	expanded: /usr/share/uim
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/vulkan
Debug 580: expanded: /usr/share/vulkan
Debug 591: new_name: /usr/share/vulkan
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/vulkan
	expanded: /usr/share/vulkan
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/X11
Debug 580: expanded: /usr/share/X11
Debug 591: new_name: /usr/share/X11
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/xml
Debug 580: expanded: /usr/share/xml
Debug 591: new_name: /usr/share/xml
Debug 605: dir: /usr/share
Debug 559: whitelist /usr/share/zenity
Debug 580: expanded: /usr/share/zenity
Debug 591: new_name: /usr/share/zenity
Debug 605: dir: /usr/share
Removed path: whitelist /usr/share/zenity
	expanded: /usr/share/zenity
	realpath: (null)
	No such file or directory
Debug 559: whitelist /usr/share/zoneinfo
Debug 580: expanded: /usr/share/zoneinfo
Debug 591: new_name: /usr/share/zoneinfo
Debug 605: dir: /usr/share
Debug 559: whitelist ${DOWNLOADS}
Debug 559: whitelist ${HOME}/.pki
Debug 580: expanded: /home/internet/.pki
Debug 591: new_name: /home/internet/.pki
Debug 605: dir: /home/internet
Debug 559: whitelist ${HOME}/.local/share/pki
Debug 580: expanded: /home/internet/.local/share/pki
Debug 591: new_name: /home/internet/.local/share/pki
Debug 605: dir: /home/internet
Debug 559: whitelist ${HOME}/.XCompose
Debug 580: expanded: /home/internet/.XCompose
Debug 591: new_name: /home/internet/.XCompose
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.XCompose
	expanded: /home/internet/.XCompose
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.alsaequal.bin
Debug 580: expanded: /home/internet/.alsaequal.bin
Debug 591: new_name: /home/internet/.alsaequal.bin
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.alsaequal.bin
	expanded: /home/internet/.alsaequal.bin
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.asoundrc
Debug 580: expanded: /home/internet/.asoundrc
Debug 591: new_name: /home/internet/.asoundrc
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.asoundrc
	expanded: /home/internet/.asoundrc
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.config/ibus
Debug 580: expanded: /home/internet/.config/ibus
Debug 591: new_name: /home/internet/.config/ibus
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.config/ibus
	expanded: /home/internet/.config/ibus
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.config/mimeapps.list
Debug 580: expanded: /home/internet/.config/mimeapps.list
Debug 591: new_name: /home/internet/.config/mimeapps.list
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.config/mimeapps.list
	expanded: /home/internet/.config/mimeapps.list
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.config/pkcs11
Debug 580: expanded: /home/internet/.config/pkcs11
Debug 591: new_name: /home/internet/.config/pkcs11
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.config/pkcs11
	expanded: /home/internet/.config/pkcs11
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.config/user-dirs.dirs
Debug 580: expanded: /home/internet/.config/user-dirs.dirs
Debug 591: new_name: /home/internet/.config/user-dirs.dirs
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.config/user-dirs.dirs
	expanded: /home/internet/.config/user-dirs.dirs
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.config/user-dirs.locale
Debug 580: expanded: /home/internet/.config/user-dirs.locale
Debug 591: new_name: /home/internet/.config/user-dirs.locale
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.config/user-dirs.locale
	expanded: /home/internet/.config/user-dirs.locale
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.drirc
Debug 580: expanded: /home/internet/.drirc
Debug 591: new_name: /home/internet/.drirc
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.drirc
	expanded: /home/internet/.drirc
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.icons
Debug 580: expanded: /home/internet/.icons
Debug 591: new_name: /home/internet/.icons
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.icons
	expanded: /home/internet/.icons
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.local/share/applications
Debug 580: expanded: /home/internet/.local/share/applications
Debug 591: new_name: /home/internet/.local/share/applications
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.local/share/applications
	expanded: /home/internet/.local/share/applications
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.local/share/icons
Debug 580: expanded: /home/internet/.local/share/icons
Debug 591: new_name: /home/internet/.local/share/icons
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.local/share/icons
	expanded: /home/internet/.local/share/icons
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.local/share/mime
Debug 580: expanded: /home/internet/.local/share/mime
Debug 591: new_name: /home/internet/.local/share/mime
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.local/share/mime
	expanded: /home/internet/.local/share/mime
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.mime.types
Debug 580: expanded: /home/internet/.mime.types
Debug 591: new_name: /home/internet/.mime.types
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.mime.types
	expanded: /home/internet/.mime.types
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.uim.d
Debug 580: expanded: /home/internet/.uim.d
Debug 591: new_name: /home/internet/.uim.d
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.uim.d
	expanded: /home/internet/.uim.d
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.config/dconf
Debug 580: expanded: /home/internet/.config/dconf
Debug 591: new_name: /home/internet/.config/dconf
Debug 605: dir: /home/internet
Debug 559: whitelist ${HOME}/.cache/fontconfig
Debug 580: expanded: /home/internet/.cache/fontconfig
Debug 591: new_name: /home/internet/.cache/fontconfig
Debug 605: dir: /home/internet
Debug 559: whitelist ${HOME}/.config/fontconfig
Debug 580: expanded: /home/internet/.config/fontconfig
Debug 591: new_name: /home/internet/.config/fontconfig
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.config/fontconfig
	expanded: /home/internet/.config/fontconfig
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.fontconfig
Debug 580: expanded: /home/internet/.fontconfig
Debug 591: new_name: /home/internet/.fontconfig
Debug 605: dir: /home/internet
Debug 559: whitelist ${HOME}/.fonts
Debug 580: expanded: /home/internet/.fonts
Debug 591: new_name: /home/internet/.fonts
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.fonts
	expanded: /home/internet/.fonts
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.fonts.conf
Debug 580: expanded: /home/internet/.fonts.conf
Debug 591: new_name: /home/internet/.fonts.conf
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.fonts.conf
	expanded: /home/internet/.fonts.conf
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.fonts.conf.d
Debug 580: expanded: /home/internet/.fonts.conf.d
Debug 591: new_name: /home/internet/.fonts.conf.d
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.fonts.conf.d
	expanded: /home/internet/.fonts.conf.d
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.fonts.d
Debug 580: expanded: /home/internet/.fonts.d
Debug 591: new_name: /home/internet/.fonts.d
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.fonts.d
	expanded: /home/internet/.fonts.d
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.local/share/fonts
Debug 580: expanded: /home/internet/.local/share/fonts
Debug 591: new_name: /home/internet/.local/share/fonts
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.local/share/fonts
	expanded: /home/internet/.local/share/fonts
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.pangorc
Debug 580: expanded: /home/internet/.pangorc
Debug 591: new_name: /home/internet/.pangorc
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.pangorc
	expanded: /home/internet/.pangorc
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.config/gtk-2.0
Debug 580: expanded: /home/internet/.config/gtk-2.0
Debug 591: new_name: /home/internet/.config/gtk-2.0
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.config/gtk-2.0
	expanded: /home/internet/.config/gtk-2.0
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.config/gtk-3.0
Debug 580: expanded: /home/internet/.config/gtk-3.0
Debug 591: new_name: /home/internet/.config/gtk-3.0
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.config/gtk-3.0
	expanded: /home/internet/.config/gtk-3.0
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.config/gtk-4.0
Debug 580: expanded: /home/internet/.config/gtk-4.0
Debug 591: new_name: /home/internet/.config/gtk-4.0
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.config/gtk-4.0
	expanded: /home/internet/.config/gtk-4.0
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.config/gtkrc
Debug 580: expanded: /home/internet/.config/gtkrc
Debug 591: new_name: /home/internet/.config/gtkrc
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.config/gtkrc
	expanded: /home/internet/.config/gtkrc
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.config/gtkrc-2.0
Debug 580: expanded: /home/internet/.config/gtkrc-2.0
Debug 591: new_name: /home/internet/.config/gtkrc-2.0
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.config/gtkrc-2.0
	expanded: /home/internet/.config/gtkrc-2.0
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.gnome2
Debug 580: expanded: /home/internet/.gnome2
Debug 591: new_name: /home/internet/.gnome2
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.gnome2
	expanded: /home/internet/.gnome2
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.gnome2-private
Debug 580: expanded: /home/internet/.gnome2-private
Debug 591: new_name: /home/internet/.gnome2-private
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.gnome2-private
	expanded: /home/internet/.gnome2-private
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.gtk-2.0
Debug 580: expanded: /home/internet/.gtk-2.0
Debug 591: new_name: /home/internet/.gtk-2.0
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.gtk-2.0
	expanded: /home/internet/.gtk-2.0
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.gtkrc
Debug 580: expanded: /home/internet/.gtkrc
Debug 591: new_name: /home/internet/.gtkrc
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.gtkrc
	expanded: /home/internet/.gtkrc
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.gtkrc-2.0
Debug 580: expanded: /home/internet/.gtkrc-2.0
Debug 591: new_name: /home/internet/.gtkrc-2.0
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.gtkrc-2.0
	expanded: /home/internet/.gtkrc-2.0
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.kde/share/config/gtkrc
Debug 580: expanded: /home/internet/.kde/share/config/gtkrc
Debug 591: new_name: /home/internet/.kde/share/config/gtkrc
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.kde/share/config/gtkrc
	expanded: /home/internet/.kde/share/config/gtkrc
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.kde/share/config/gtkrc-2.0
Debug 580: expanded: /home/internet/.kde/share/config/gtkrc-2.0
Debug 591: new_name: /home/internet/.kde/share/config/gtkrc-2.0
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.kde/share/config/gtkrc-2.0
	expanded: /home/internet/.kde/share/config/gtkrc-2.0
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.kde4/share/config/gtkrc
Debug 580: expanded: /home/internet/.kde4/share/config/gtkrc
Debug 591: new_name: /home/internet/.kde4/share/config/gtkrc
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.kde4/share/config/gtkrc
	expanded: /home/internet/.kde4/share/config/gtkrc
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.kde4/share/config/gtkrc-2.0
Debug 580: expanded: /home/internet/.kde4/share/config/gtkrc-2.0
Debug 591: new_name: /home/internet/.kde4/share/config/gtkrc-2.0
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.kde4/share/config/gtkrc-2.0
	expanded: /home/internet/.kde4/share/config/gtkrc-2.0
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.local/share/themes
Debug 580: expanded: /home/internet/.local/share/themes
Debug 591: new_name: /home/internet/.local/share/themes
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.local/share/themes
	expanded: /home/internet/.local/share/themes
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.themes
Debug 580: expanded: /home/internet/.themes
Debug 591: new_name: /home/internet/.themes
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.themes
	expanded: /home/internet/.themes
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.cache/kioexec/krun
Debug 580: expanded: /home/internet/.cache/kioexec/krun
Debug 591: new_name: /home/internet/.cache/kioexec/krun
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.cache/kioexec/krun
	expanded: /home/internet/.cache/kioexec/krun
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.config/Kvantum
Debug 580: expanded: /home/internet/.config/Kvantum
Debug 591: new_name: /home/internet/.config/Kvantum
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.config/Kvantum
	expanded: /home/internet/.config/Kvantum
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.config/Trolltech.conf
Debug 580: expanded: /home/internet/.config/Trolltech.conf
Debug 591: new_name: /home/internet/.config/Trolltech.conf
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.config/Trolltech.conf
	expanded: /home/internet/.config/Trolltech.conf
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.config/QtProject.conf
Debug 580: expanded: /home/internet/.config/QtProject.conf
Debug 591: new_name: /home/internet/.config/QtProject.conf
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.config/QtProject.conf
	expanded: /home/internet/.config/QtProject.conf
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.config/kdeglobals
Debug 580: expanded: /home/internet/.config/kdeglobals
Debug 591: new_name: /home/internet/.config/kdeglobals
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.config/kdeglobals
	expanded: /home/internet/.config/kdeglobals
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.config/kio_httprc
Debug 580: expanded: /home/internet/.config/kio_httprc
Debug 591: new_name: /home/internet/.config/kio_httprc
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.config/kio_httprc
	expanded: /home/internet/.config/kio_httprc
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.config/kioslaverc
Debug 580: expanded: /home/internet/.config/kioslaverc
Debug 591: new_name: /home/internet/.config/kioslaverc
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.config/kioslaverc
	expanded: /home/internet/.config/kioslaverc
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.config/ksslcablacklist
Debug 580: expanded: /home/internet/.config/ksslcablacklist
Debug 591: new_name: /home/internet/.config/ksslcablacklist
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.config/ksslcablacklist
	expanded: /home/internet/.config/ksslcablacklist
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.config/qt5ct
Debug 580: expanded: /home/internet/.config/qt5ct
Debug 591: new_name: /home/internet/.config/qt5ct
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.config/qt5ct
	expanded: /home/internet/.config/qt5ct
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.config/qtcurve
Debug 580: expanded: /home/internet/.config/qtcurve
Debug 591: new_name: /home/internet/.config/qtcurve
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.config/qtcurve
	expanded: /home/internet/.config/qtcurve
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.kde/share/config/kdeglobals
Debug 580: expanded: /home/internet/.kde/share/config/kdeglobals
Debug 591: new_name: /home/internet/.kde/share/config/kdeglobals
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.kde/share/config/kdeglobals
	expanded: /home/internet/.kde/share/config/kdeglobals
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.kde/share/config/kio_httprc
Debug 580: expanded: /home/internet/.kde/share/config/kio_httprc
Debug 591: new_name: /home/internet/.kde/share/config/kio_httprc
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.kde/share/config/kio_httprc
	expanded: /home/internet/.kde/share/config/kio_httprc
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.kde/share/config/kioslaverc
Debug 580: expanded: /home/internet/.kde/share/config/kioslaverc
Debug 591: new_name: /home/internet/.kde/share/config/kioslaverc
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.kde/share/config/kioslaverc
	expanded: /home/internet/.kde/share/config/kioslaverc
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.kde/share/config/ksslcablacklist
Debug 580: expanded: /home/internet/.kde/share/config/ksslcablacklist
Debug 591: new_name: /home/internet/.kde/share/config/ksslcablacklist
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.kde/share/config/ksslcablacklist
	expanded: /home/internet/.kde/share/config/ksslcablacklist
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.kde/share/config/oxygenrc
Debug 580: expanded: /home/internet/.kde/share/config/oxygenrc
Debug 591: new_name: /home/internet/.kde/share/config/oxygenrc
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.kde/share/config/oxygenrc
	expanded: /home/internet/.kde/share/config/oxygenrc
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.kde/share/icons
Debug 580: expanded: /home/internet/.kde/share/icons
Debug 591: new_name: /home/internet/.kde/share/icons
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.kde/share/icons
	expanded: /home/internet/.kde/share/icons
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.kde4/share/config/kdeglobals
Debug 580: expanded: /home/internet/.kde4/share/config/kdeglobals
Debug 591: new_name: /home/internet/.kde4/share/config/kdeglobals
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.kde4/share/config/kdeglobals
	expanded: /home/internet/.kde4/share/config/kdeglobals
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.kde4/share/config/kio_httprc
Debug 580: expanded: /home/internet/.kde4/share/config/kio_httprc
Debug 591: new_name: /home/internet/.kde4/share/config/kio_httprc
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.kde4/share/config/kio_httprc
	expanded: /home/internet/.kde4/share/config/kio_httprc
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.kde4/share/config/kioslaverc
Debug 580: expanded: /home/internet/.kde4/share/config/kioslaverc
Debug 591: new_name: /home/internet/.kde4/share/config/kioslaverc
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.kde4/share/config/kioslaverc
	expanded: /home/internet/.kde4/share/config/kioslaverc
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.kde4/share/config/ksslcablacklist
Debug 580: expanded: /home/internet/.kde4/share/config/ksslcablacklist
Debug 591: new_name: /home/internet/.kde4/share/config/ksslcablacklist
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.kde4/share/config/ksslcablacklist
	expanded: /home/internet/.kde4/share/config/ksslcablacklist
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.kde4/share/config/oxygenrc
Debug 580: expanded: /home/internet/.kde4/share/config/oxygenrc
Debug 591: new_name: /home/internet/.kde4/share/config/oxygenrc
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.kde4/share/config/oxygenrc
	expanded: /home/internet/.kde4/share/config/oxygenrc
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.kde4/share/icons
Debug 580: expanded: /home/internet/.kde4/share/icons
Debug 591: new_name: /home/internet/.kde4/share/icons
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.kde4/share/icons
	expanded: /home/internet/.kde4/share/icons
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${HOME}/.local/share/qt5ct
Debug 580: expanded: /home/internet/.local/share/qt5ct
Debug 591: new_name: /home/internet/.local/share/qt5ct
Debug 605: dir: /home/internet
Removed path: whitelist ${HOME}/.local/share/qt5ct
	expanded: /home/internet/.local/share/qt5ct
	realpath: (null)
	No such file or directory
Debug 559: whitelist ${RUNUSER}/bus
Debug 580: expanded: /run/user/1001/bus
Debug 591: new_name: /run/user/1001/bus
Debug 605: dir: /run/user/1001
Cannot access whitelist top level directory /run/user/1001: No such file or directory
Debug 559: whitelist ${RUNUSER}/dconf
Debug 580: expanded: /run/user/1001/dconf
Debug 591: new_name: /run/user/1001/dconf
Debug 605: dir: /run/user/1001
Cannot access whitelist top level directory /run/user/1001: No such file or directory
Debug 559: whitelist ${RUNUSER}/gdm/Xauthority
Debug 580: expanded: /run/user/1001/gdm/Xauthority
Debug 591: new_name: /run/user/1001/gdm/Xauthority
Debug 605: dir: /run/user/1001
Cannot access whitelist top level directory /run/user/1001: No such file or directory
Debug 559: whitelist ${RUNUSER}/ICEauthority
Debug 580: expanded: /run/user/1001/ICEauthority
Debug 591: new_name: /run/user/1001/ICEauthority
Debug 605: dir: /run/user/1001
Cannot access whitelist top level directory /run/user/1001: No such file or directory
Debug 559: whitelist ${RUNUSER}/.mutter-Xwaylandauth.*
Debug 580: expanded: /run/user/1001/.mutter-Xwaylandauth.*
Debug 591: new_name: /run/user/1001/.mutter-Xwaylandauth.*
Debug 605: dir: /run/user/1001
Cannot access whitelist top level directory /run/user/1001: No such file or directory
Debug 559: whitelist ${RUNUSER}/pulse/native
Debug 580: expanded: /run/user/1001/pulse/native
Debug 591: new_name: /run/user/1001/pulse/native
Debug 605: dir: /run/user/1001
Cannot access whitelist top level directory /run/user/1001: No such file or directory
Debug 559: whitelist ${RUNUSER}/wayland-0
Debug 580: expanded: /run/user/1001/wayland-0
Debug 591: new_name: /run/user/1001/wayland-0
Debug 605: dir: /run/user/1001
Cannot access whitelist top level directory /run/user/1001: No such file or directory
Debug 559: whitelist ${RUNUSER}/wayland-1
Debug 580: expanded: /run/user/1001/wayland-1
Debug 591: new_name: /run/user/1001/wayland-1
Debug 605: dir: /run/user/1001
Cannot access whitelist top level directory /run/user/1001: No such file or directory
Debug 559: whitelist ${RUNUSER}/xauth_*
Debug 580: expanded: /run/user/1001/xauth_*
Debug 591: new_name: /run/user/1001/xauth_*
Debug 605: dir: /run/user/1001
Cannot access whitelist top level directory /run/user/1001: No such file or directory
Debug 559: whitelist ${RUNUSER}/[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]
Debug 580: expanded: /run/user/1001/[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]
Debug 591: new_name: /run/user/1001/[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]
Debug 605: dir: /run/user/1001
Cannot access whitelist top level directory /run/user/1001: No such file or directory
Debug 559: whitelist /var/lib/aspell
Debug 580: expanded: /var/lib/aspell
Debug 591: new_name: /var/lib/aspell
Debug 605: dir: /var
Adding whitelist top level directory /var
Debug 559: whitelist /var/lib/ca-certificates
Debug 580: expanded: /var/lib/ca-certificates
Debug 591: new_name: /var/lib/ca-certificates
Debug 605: dir: /var
Removed path: whitelist /var/lib/ca-certificates
	expanded: /var/lib/ca-certificates
	realpath: (null)
	No such file or directory
Debug 559: whitelist /var/lib/dbus
Debug 580: expanded: /var/lib/dbus
Debug 591: new_name: /var/lib/dbus
Debug 605: dir: /var
Debug 559: whitelist /var/lib/menu-xdg
Debug 580: expanded: /var/lib/menu-xdg
Debug 591: new_name: /var/lib/menu-xdg
Debug 605: dir: /var
Debug 559: whitelist /var/lib/uim
Debug 580: expanded: /var/lib/uim
Debug 591: new_name: /var/lib/uim
Debug 605: dir: /var
Removed path: whitelist /var/lib/uim
	expanded: /var/lib/uim
	realpath: (null)
	No such file or directory
Debug 559: whitelist /var/cache/fontconfig
Debug 580: expanded: /var/cache/fontconfig
Debug 591: new_name: /var/cache/fontconfig
Debug 605: dir: /var
Debug 559: whitelist /var/tmp
Debug 580: expanded: /var/tmp
Debug 591: new_name: /var/tmp
Debug 605: dir: /var
Debug 559: whitelist /var/run
Debug 580: expanded: /var/run
Debug 591: new_name: /var/run
Debug 605: dir: /var
Debug 559: whitelist /var/lock
Debug 580: expanded: /var/lock
Debug 591: new_name: /var/lock
Debug 605: dir: /var
Debug 559: whitelist /tmp/.X11-unix
Debug 580: expanded: /tmp/.X11-unix
Debug 591: new_name: /tmp/.X11-unix
Debug 605: dir: /tmp
Adding whitelist top level directory /tmp
Mounting tmpfs on /usr/share, check owner: no
1169 90 0:55 / /usr/share rw,nosuid,nodev,noatime - tmpfs tmpfs rw,mode=755,inode64
mountid=1169 fsname=/ dir=/usr/share fstype=tmpfs
Mounting tmpfs on /var, check owner: no
1170 83 0:56 / /var rw,nosuid,nodev,noexec,noatime - tmpfs tmpfs rw,mode=755,inode64
mountid=1170 fsname=/ dir=/var fstype=tmpfs
Mounting tmpfs on /tmp, check owner: no
1171 69 0:57 / /tmp rw,nosuid,nodev,noatime - tmpfs tmpfs rw,inode64
mountid=1171 fsname=/ dir=/tmp fstype=tmpfs
Mounting a new /root directory
Mounting a new /home directory
Create a new user directory
Debug 741: file: /home/internet/.cache/mozilla/firefox; dirfd: 4; topdir: /home/internet; rel: .cache/mozilla/firefox
Whitelisting /home/internet/.cache/mozilla/firefox
1174 1173 253:0 /home/internet/.cache/mozilla/firefox /home/internet/.cache/mozilla/firefox rw,noatime - ext4 /dev/mapper/rootfs rw
mountid=1174 fsname=/home/internet/.cache/mozilla/firefox dir=/home/internet/.cache/mozilla/firefox fstype=ext4
Debug 741: file: /home/internet/.mozilla; dirfd: 4; topdir: /home/internet; rel: .mozilla
Whitelisting /home/internet/.mozilla
1175 1173 253:0 /home/internet/.mozilla /home/internet/.mozilla rw,noatime - ext4 /dev/mapper/rootfs rw
mountid=1175 fsname=/home/internet/.mozilla dir=/home/internet/.mozilla fstype=ext4
Debug 741: file: /usr/share/doc; dirfd: 5; topdir: /usr/share; rel: doc
Whitelisting /usr/share/doc
1176 1169 253:0 /usr/share/doc /usr/share/doc ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1176 fsname=/usr/share/doc dir=/usr/share/doc fstype=ext4
Debug 741: file: /usr/share/gtk-doc/html; dirfd: 5; topdir: /usr/share; rel: gtk-doc/html
Whitelisting /usr/share/gtk-doc/html
1177 1169 253:0 /usr/share/gtk-doc/html /usr/share/gtk-doc/html ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1177 fsname=/usr/share/gtk-doc/html dir=/usr/share/gtk-doc/html fstype=ext4
Debug 741: file: /usr/share/mozilla; dirfd: 5; topdir: /usr/share; rel: mozilla
Whitelisting /usr/share/mozilla
1178 1169 253:0 /usr/share/mozilla /usr/share/mozilla ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1178 fsname=/usr/share/mozilla dir=/usr/share/mozilla fstype=ext4
Debug 741: file: /usr/share/alsa; dirfd: 5; topdir: /usr/share; rel: alsa
Whitelisting /usr/share/alsa
1179 1169 253:0 /usr/share/alsa /usr/share/alsa ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1179 fsname=/usr/share/alsa dir=/usr/share/alsa fstype=ext4
Debug 741: file: /usr/share/applications; dirfd: 5; topdir: /usr/share; rel: applications
Whitelisting /usr/share/applications
1180 1169 253:0 /usr/share/applications /usr/share/applications ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1180 fsname=/usr/share/applications dir=/usr/share/applications fstype=ext4
Debug 741: file: /usr/share/ca-certificates; dirfd: 5; topdir: /usr/share; rel: ca-certificates
Whitelisting /usr/share/ca-certificates
1181 1169 253:0 /usr/share/ca-certificates /usr/share/ca-certificates ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1181 fsname=/usr/share/ca-certificates dir=/usr/share/ca-certificates fstype=ext4
Debug 741: file: /usr/share/distro-info; dirfd: 5; topdir: /usr/share; rel: distro-info
Whitelisting /usr/share/distro-info
1182 1169 253:0 /usr/share/distro-info /usr/share/distro-info ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1182 fsname=/usr/share/distro-info dir=/usr/share/distro-info fstype=ext4
Debug 741: file: /usr/share/drirc.d; dirfd: 5; topdir: /usr/share; rel: drirc.d
Whitelisting /usr/share/drirc.d
1183 1169 253:0 /usr/share/drirc.d /usr/share/drirc.d ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1183 fsname=/usr/share/drirc.d dir=/usr/share/drirc.d fstype=ext4
Debug 741: file: /usr/share/enchant; dirfd: 5; topdir: /usr/share; rel: enchant
Whitelisting /usr/share/enchant
1184 1169 253:0 /usr/share/enchant /usr/share/enchant ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1184 fsname=/usr/share/enchant dir=/usr/share/enchant fstype=ext4
Debug 741: file: /usr/share/file; dirfd: 5; topdir: /usr/share; rel: file
Whitelisting /usr/share/file
1185 1169 253:0 /usr/share/file /usr/share/file ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1185 fsname=/usr/share/file dir=/usr/share/file fstype=ext4
Debug 741: file: /usr/share/fontconfig; dirfd: 5; topdir: /usr/share; rel: fontconfig
Whitelisting /usr/share/fontconfig
1186 1169 253:0 /usr/share/fontconfig /usr/share/fontconfig ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1186 fsname=/usr/share/fontconfig dir=/usr/share/fontconfig fstype=ext4
Debug 741: file: /usr/share/fonts; dirfd: 5; topdir: /usr/share; rel: fonts
Whitelisting /usr/share/fonts
1187 1169 253:0 /usr/share/fonts /usr/share/fonts ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1187 fsname=/usr/share/fonts dir=/usr/share/fonts fstype=ext4
Debug 741: file: /usr/share/gir-1.0; dirfd: 5; topdir: /usr/share; rel: gir-1.0
Whitelisting /usr/share/gir-1.0
1188 1169 253:0 /usr/share/gir-1.0 /usr/share/gir-1.0 ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1188 fsname=/usr/share/gir-1.0 dir=/usr/share/gir-1.0 fstype=ext4
Debug 741: file: /usr/share/glib-2.0; dirfd: 5; topdir: /usr/share; rel: glib-2.0
Whitelisting /usr/share/glib-2.0
1189 1169 253:0 /usr/share/glib-2.0 /usr/share/glib-2.0 ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1189 fsname=/usr/share/glib-2.0 dir=/usr/share/glib-2.0 fstype=ext4
Debug 741: file: /usr/share/glvnd; dirfd: 5; topdir: /usr/share; rel: glvnd
Whitelisting /usr/share/glvnd
1190 1169 253:0 /usr/share/glvnd /usr/share/glvnd ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1190 fsname=/usr/share/glvnd dir=/usr/share/glvnd fstype=ext4
Debug 741: file: /usr/share/gtk-3.0; dirfd: 5; topdir: /usr/share; rel: gtk-3.0
Whitelisting /usr/share/gtk-3.0
1191 1169 253:0 /usr/share/gtk-3.0 /usr/share/gtk-3.0 ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1191 fsname=/usr/share/gtk-3.0 dir=/usr/share/gtk-3.0 fstype=ext4
Debug 741: file: /usr/share/gtk-engines; dirfd: 5; topdir: /usr/share; rel: gtk-engines
Whitelisting /usr/share/gtk-engines
1192 1169 253:0 /usr/share/gtk-engines /usr/share/gtk-engines ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1192 fsname=/usr/share/gtk-engines dir=/usr/share/gtk-engines fstype=ext4
Debug 741: file: /usr/share/hunspell; dirfd: 5; topdir: /usr/share; rel: hunspell
Whitelisting /usr/share/hunspell
1193 1169 253:0 /usr/share/hunspell /usr/share/hunspell ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1193 fsname=/usr/share/hunspell dir=/usr/share/hunspell fstype=ext4
Debug 741: file: /usr/share/icons; dirfd: 5; topdir: /usr/share; rel: icons
Whitelisting /usr/share/icons
1194 1169 253:0 /usr/share/icons /usr/share/icons ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1194 fsname=/usr/share/icons dir=/usr/share/icons fstype=ext4
Debug 741: file: /usr/share/icu; dirfd: 5; topdir: /usr/share; rel: icu
Whitelisting /usr/share/icu
1195 1169 253:0 /usr/share/icu /usr/share/icu ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1195 fsname=/usr/share/icu dir=/usr/share/icu fstype=ext4
Debug 741: file: /usr/share/libdrm; dirfd: 5; topdir: /usr/share; rel: libdrm
Whitelisting /usr/share/libdrm
1196 1169 253:0 /usr/share/libdrm /usr/share/libdrm ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1196 fsname=/usr/share/libdrm dir=/usr/share/libdrm fstype=ext4
Debug 741: file: /usr/share/libthai; dirfd: 5; topdir: /usr/share; rel: libthai
Whitelisting /usr/share/libthai
1197 1169 253:0 /usr/share/libthai /usr/share/libthai ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1197 fsname=/usr/share/libthai dir=/usr/share/libthai fstype=ext4
Debug 741: file: /usr/share/locale; dirfd: 5; topdir: /usr/share; rel: locale
Whitelisting /usr/share/locale
1198 1169 253:0 /usr/share/locale /usr/share/locale ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1198 fsname=/usr/share/locale dir=/usr/share/locale fstype=ext4
Debug 741: file: /usr/share/mime; dirfd: 5; topdir: /usr/share; rel: mime
Whitelisting /usr/share/mime
1199 1169 253:0 /usr/share/mime /usr/share/mime ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1199 fsname=/usr/share/mime dir=/usr/share/mime fstype=ext4
Debug 741: file: /usr/share/misc; dirfd: 5; topdir: /usr/share; rel: misc
Whitelisting /usr/share/misc
1200 1169 253:0 /usr/share/misc /usr/share/misc ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1200 fsname=/usr/share/misc dir=/usr/share/misc fstype=ext4
Debug 741: file: /usr/share/myspell; dirfd: 5; topdir: /usr/share; rel: myspell
Whitelisting /usr/share/myspell
1201 1169 253:0 /usr/share/myspell /usr/share/myspell ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1201 fsname=/usr/share/myspell dir=/usr/share/myspell fstype=ext4
Debug 741: file: /usr/share/p11-kit; dirfd: 5; topdir: /usr/share; rel: p11-kit
Whitelisting /usr/share/p11-kit
1202 1169 253:0 /usr/share/p11-kit /usr/share/p11-kit ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1202 fsname=/usr/share/p11-kit dir=/usr/share/p11-kit fstype=ext4
Debug 741: file: /usr/share/perl; dirfd: 5; topdir: /usr/share; rel: perl
Whitelisting /usr/share/perl
1203 1169 253:0 /usr/share/perl /usr/share/perl ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1203 fsname=/usr/share/perl dir=/usr/share/perl fstype=ext4
Debug 741: file: /usr/share/perl5; dirfd: 5; topdir: /usr/share; rel: perl5
Whitelisting /usr/share/perl5
1204 1169 253:0 /usr/share/perl5 /usr/share/perl5 ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1204 fsname=/usr/share/perl5 dir=/usr/share/perl5 fstype=ext4
Debug 741: file: /usr/share/pixmaps; dirfd: 5; topdir: /usr/share; rel: pixmaps
Whitelisting /usr/share/pixmaps
1205 1169 253:0 /usr/share/pixmaps /usr/share/pixmaps ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1205 fsname=/usr/share/pixmaps dir=/usr/share/pixmaps fstype=ext4
Debug 741: file: /usr/share/qt5ct; dirfd: 5; topdir: /usr/share; rel: qt5ct
Whitelisting /usr/share/qt5ct
1206 1169 253:0 /usr/share/qt5ct /usr/share/qt5ct ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1206 fsname=/usr/share/qt5ct dir=/usr/share/qt5ct fstype=ext4
Debug 741: file: /usr/share/sounds; dirfd: 5; topdir: /usr/share; rel: sounds
Whitelisting /usr/share/sounds
1207 1169 253:0 /usr/share/sounds /usr/share/sounds ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1207 fsname=/usr/share/sounds dir=/usr/share/sounds fstype=ext4
Debug 741: file: /usr/share/tcltk; dirfd: 5; topdir: /usr/share; rel: tcltk
Whitelisting /usr/share/tcltk
1208 1169 253:0 /usr/share/tcltk /usr/share/tcltk ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1208 fsname=/usr/share/tcltk dir=/usr/share/tcltk fstype=ext4
Debug 741: file: /usr/share/terminfo; dirfd: 5; topdir: /usr/share; rel: terminfo
Whitelisting /usr/share/terminfo
1209 1169 253:0 /usr/share/terminfo /usr/share/terminfo ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1209 fsname=/usr/share/terminfo dir=/usr/share/terminfo fstype=ext4
Debug 741: file: /usr/share/texmf; dirfd: 5; topdir: /usr/share; rel: texmf
Whitelisting /usr/share/texmf
1210 1169 253:0 /usr/share/texmf /usr/share/texmf ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1210 fsname=/usr/share/texmf dir=/usr/share/texmf fstype=ext4
Debug 741: file: /usr/share/themes; dirfd: 5; topdir: /usr/share; rel: themes
Whitelisting /usr/share/themes
1211 1169 253:0 /usr/share/themes /usr/share/themes ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1211 fsname=/usr/share/themes dir=/usr/share/themes fstype=ext4
Debug 741: file: /usr/share/X11; dirfd: 5; topdir: /usr/share; rel: X11
Whitelisting /usr/share/X11
1212 1169 253:0 /usr/share/X11 /usr/share/X11 ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1212 fsname=/usr/share/X11 dir=/usr/share/X11 fstype=ext4
Debug 741: file: /usr/share/xml; dirfd: 5; topdir: /usr/share; rel: xml
Whitelisting /usr/share/xml
1213 1169 253:0 /usr/share/xml /usr/share/xml ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1213 fsname=/usr/share/xml dir=/usr/share/xml fstype=ext4
Debug 741: file: /usr/share/zoneinfo; dirfd: 5; topdir: /usr/share; rel: zoneinfo
Whitelisting /usr/share/zoneinfo
1214 1169 253:0 /usr/share/zoneinfo /usr/share/zoneinfo ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1214 fsname=/usr/share/zoneinfo dir=/usr/share/zoneinfo fstype=ext4
Debug 741: file: /home/internet/.pki; dirfd: 4; topdir: /home/internet; rel: .pki
Whitelisting /home/internet/.pki
1215 1173 253:0 /home/internet/.pki /home/internet/.pki rw,noatime - ext4 /dev/mapper/rootfs rw
mountid=1215 fsname=/home/internet/.pki dir=/home/internet/.pki fstype=ext4
Debug 741: file: /home/internet/.local/share/pki; dirfd: 4; topdir: /home/internet; rel: .local/share/pki
Whitelisting /home/internet/.local/share/pki
1216 1173 253:0 /home/internet/.local/share/pki /home/internet/.local/share/pki rw,noatime - ext4 /dev/mapper/rootfs rw
mountid=1216 fsname=/home/internet/.local/share/pki dir=/home/internet/.local/share/pki fstype=ext4
Debug 741: file: /home/internet/.config/dconf; dirfd: 4; topdir: /home/internet; rel: .config/dconf
Whitelisting /home/internet/.config/dconf
1217 1173 253:0 /home/internet/.config/dconf /home/internet/.config/dconf rw,noatime - ext4 /dev/mapper/rootfs rw
mountid=1217 fsname=/home/internet/.config/dconf dir=/home/internet/.config/dconf fstype=ext4
Debug 741: file: /home/internet/.cache/fontconfig; dirfd: 4; topdir: /home/internet; rel: .cache/fontconfig
Whitelisting /home/internet/.cache/fontconfig
1218 1173 253:0 /home/internet/.cache/fontconfig /home/internet/.cache/fontconfig rw,noatime - ext4 /dev/mapper/rootfs rw
mountid=1218 fsname=/home/internet/.cache/fontconfig dir=/home/internet/.cache/fontconfig fstype=ext4
Debug 741: file: /home/internet/.fontconfig; dirfd: 4; topdir: /home/internet; rel: .fontconfig
Whitelisting /home/internet/.fontconfig
1219 1173 253:0 /home/internet/.fontconfig /home/internet/.fontconfig rw,noatime - ext4 /dev/mapper/rootfs rw
mountid=1219 fsname=/home/internet/.fontconfig dir=/home/internet/.fontconfig fstype=ext4
Debug 741: file: /var/lib/aspell; dirfd: 7; topdir: /var; rel: lib/aspell
Whitelisting /var/lib/aspell
1220 1170 253:0 /var/lib/aspell /var/lib/aspell ro,nosuid,nodev,noexec,noatime - ext4 /dev/mapper/rootfs rw
mountid=1220 fsname=/var/lib/aspell dir=/var/lib/aspell fstype=ext4
Debug 741: file: /var/lib/dbus; dirfd: 7; topdir: /var; rel: lib/dbus
Whitelisting /var/lib/dbus
1221 1170 253:0 /var/lib/dbus /var/lib/dbus ro,nosuid,nodev,noexec,noatime - ext4 /dev/mapper/rootfs rw
mountid=1221 fsname=/var/lib/dbus dir=/var/lib/dbus fstype=ext4
Debug 741: file: /var/lib/menu-xdg; dirfd: 7; topdir: /var; rel: lib/menu-xdg
Whitelisting /var/lib/menu-xdg
1222 1170 253:0 /var/lib/menu-xdg /var/lib/menu-xdg ro,nosuid,nodev,noexec,noatime - ext4 /dev/mapper/rootfs rw
mountid=1222 fsname=/var/lib/menu-xdg dir=/var/lib/menu-xdg fstype=ext4
Debug 741: file: /var/cache/fontconfig; dirfd: 7; topdir: /var; rel: cache/fontconfig
Whitelisting /var/cache/fontconfig
1223 1170 253:0 /var/cache/fontconfig /var/cache/fontconfig ro,nosuid,nodev,noexec,noatime - ext4 /dev/mapper/rootfs rw
mountid=1223 fsname=/var/cache/fontconfig dir=/var/cache/fontconfig fstype=ext4
Debug 741: file: /var/tmp; dirfd: 7; topdir: /var; rel: tmp
Whitelisting /var/tmp
1224 1170 0:46 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw,inode64
mountid=1224 fsname=/ dir=/var/tmp fstype=tmpfs
Created symbolic link /var/run -> /run
Created symbolic link /var/lock -> /run/lock
Debug 741: file: /tmp/.X11-unix; dirfd: 8; topdir: /tmp; rel: .X11-unix
Whitelisting /tmp/.X11-unix
1225 1171 0:29 /.X11-unix /tmp/.X11-unix rw,noatime - tmpfs none rw,inode64
mountid=1225 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Mounting read-only /home/internet/.config/dconf
1226 1217 253:0 /home/internet/.config/dconf /home/internet/.config/dconf ro,noatime - ext4 /dev/mapper/rootfs rw
mountid=1226 fsname=/home/internet/.config/dconf dir=/home/internet/.config/dconf fstype=ext4
Disable /usr/share/applications/veracrypt.desktop
Disable /usr/share/pixmaps/veracrypt.xpm
Disable /run/acpid.socket (requested /var/run/acpid.socket)
Disable /run/rpcbind.sock (requested /var/run/rpcbind.sock)
Not blacklist /home/internet/.pki
Not blacklist /home/internet/.local/share/pki
Disable /sbin
Disable /usr/local/sbin
Disable /usr/sbin
Disable /usr/local/gcc-10.2.0/bin/c++-10.2
Disable /usr/local/gcc-10.2.0/bin/cpp-10.2
Disable /usr/local/gcc-10.2.0/bin/g++-10.2
Disable /usr/local/gcc-10.2.0/bin/gcc-nm-10.2
Disable /usr/local/gcc-10.2.0/bin/gcc-ar-10.2
Disable /usr/local/gcc-10.2.0/bin/gcc-ranlib-10.2
Disable /usr/local/gcc-10.2.0/bin/gcc-10.2
Disable /usr/local/gcc-10.2.0/bin/x86_64-linux-gnu-gcc-ranlib-10.2
Disable /usr/local/gcc-10.2.0/bin/x86_64-linux-gnu-gcc-10.2.0
Disable /usr/local/gcc-10.2.0/bin/x86_64-linux-gnu-gcc-nm-10.2
Disable /usr/local/gcc-10.2.0/bin/x86_64-linux-gnu-gDISPLAY=:0.0 parsed as 0
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 04 00 c000003e   jeq ARCH_64 0006 (false 0002)
 0002: 20 00 00 00000000   ld  data.syscall-number
 0003: 15 01 00 00000167   jeq unknown 0005 (false 0004)
 0004: 06 00 00 7fff0000   ret ALLOW
 0005: 05 00 00 00000006   jmp 000c
 0006: 20 00 00 00000004   ld  data.architecture
 0007: 15 01 00 c000003e   jeq ARCH_64 0009 (false 0008)
 0008: 06 00 00 7fff0000   ret ALLOW
 0009: 20 00 00 00000000   ld  data.syscall-number
 000a: 15 01 00 00000029   jeq socket 000c (false 000b)
 000b: 06 00 00 7fff0000   ret ALLOW
 000c: 20 00 00 00000010   ld  data.args[0]
 000d: 15 00 01 00000001   jeq 1 000e (false 000f)
 000e: 06 00 00 7fff0000   ret ALLOW
 000f: 15 00 01 00000002   jeq 2 0010 (false 0011)
 0010: 06 00 00 7fff0000   ret ALLOW
 0011: 15 00 01 0000000a   jeq a 0012 (false 0013)
 0012: 06 00 00 7fff0000   ret ALLOW
 0013: 15 00 01 00000010   jeq 10 0014 (false 0015)
 0014: 06 00 00 7fff0000   ret ALLOW
 0015: 06 00 00 0005005f   ret ERRNO(95)
cc-ar-10.2
Disable /usr/local/gcc-10.2.0/bin/x86_64-linux-gnu-gcc-10.2
Disable /usr/local/gcc-10.2.0/bin/x86_64-linux-gnu-g++-10.2
Disable /usr/local/gcc-10.2.0/bin/x86_64-linux-gnu-gcc-ranlib-10.2
Disable /usr/local/gcc-10.2.0/bin/x86_64-linux-gnu-gcc-10.2.0
Disable /usr/local/gcc-10.2.0/bin/x86_64-linux-gnu-gcc-nm-10.2
Disable /usr/local/gcc-10.2.0/bin/x86_64-linux-gnu-gcc-ar-10.2
Disable /usr/local/gcc-10.2.0/bin/x86_64-linux-gnu-gcc-10.2
Disable /usr/local/gcc-10.2.0/bin/x86_64-linux-gnu-g++-10.2
Disable /usr/src
Disable /usr/local/src
Disable /usr/include
Disable /usr/local/include
Mounting noexec /home/internet/.cache/mozilla/firefox
1257 1174 253:0 /home/internet/.cache/mozilla/firefox /home/internet/.cache/mozilla/firefox rw,nosuid,nodev,noexec,noatime - ext4 /dev/mapper/rootfs rw
mountid=1257 fsname=/home/internet/.cache/mozilla/firefox dir=/home/internet/.cache/mozilla/firefox fstype=ext4
Mounting noexec /home/internet/.mozilla
1258 1175 253:0 /home/internet/.mozilla /home/internet/.mozilla rw,nosuid,nodev,noexec,noatime - ext4 /dev/mapper/rootfs rw
mountid=1258 fsname=/home/internet/.mozilla dir=/home/internet/.mozilla fstype=ext4
Mounting noexec /home/internet/.pki
1259 1215 253:0 /home/internet/.pki /home/internet/.pki rw,nosuid,nodev,noexec,noatime - ext4 /dev/mapper/rootfs rw
mountid=1259 fsname=/home/internet/.pki dir=/home/internet/.pki fstype=ext4
Mounting noexec /home/internet/.local/share/pki
1260 1216 253:0 /home/internet/.local/share/pki /home/internet/.local/share/pki rw,nosuid,nodev,noexec,noatime - ext4 /dev/mapper/rootfs rw
mountid=1260 fsname=/home/internet/.local/share/pki dir=/home/internet/.local/share/pki fstype=ext4
Mounting noexec /home/internet/.config/dconf
1261 1226 253:0 /home/internet/.config/dconf /home/internet/.config/dconf ro,nosuid,nodev,noexec,noatime - ext4 /dev/mapper/rootfs rw
mountid=1261 fsname=/home/internet/.config/dconf dir=/home/internet/.config/dconf fstype=ext4
Mounting noexec /home/internet/.cache/fontconfig
1262 1218 253:0 /home/internet/.cache/fontconfig /home/internet/.cache/fontconfig rw,nosuid,nodev,noexec,noatime - ext4 /dev/mapper/rootfs rw
mountid=1262 fsname=/home/internet/.cache/fontconfig dir=/home/internet/.cache/fontconfig fstype=ext4
Mounting noexec /home/internet/.fontconfig
1263 1219 253:0 /home/internet/.fontconfig /home/internet/.fontconfig rw,nosuid,nodev,noexec,noatime - ext4 /dev/mapper/rootfs rw
mountid=1263 fsname=/home/internet/.fontconfig dir=/home/internet/.fontconfig fstype=ext4
Mounting noexec /dev/shm
1264 117 0:52 /shm /dev/shm rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64
mountid=1264 fsname=/shm dir=/dev/shm fstype=tmpfs
Mounting noexec /tmp
1266 1265 0:29 /.X11-unix /tmp/.X11-unix rw,noatime - tmpfs none rw,inode64
mountid=1266 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Mounting noexec /tmp/.X11-unix
1267 1266 0:29 /.X11-unix /tmp/.X11-unix rw,nosuid,nodev,noexec,noatime - tmpfs none rw,inode64
mountid=1267 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Disable /usr/share/perl5
Disable /usr/share/perl
Not blacklist /home/internet/.mozilla
Not blacklist /home/internet/.cache/mozilla
Mounting tmpfs on /home/internet/.cache, check owner: yes
1270 1173 0:60 / /home/internet/.cache rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,mode=755,uid=1001,gid=1003,inode64
mountid=1270 fsname=/ dir=/home/internet/.cache fstype=tmpfs
Mounting read-only /tmp/.X11-unix
1271 1267 0:29 /.X11-unix /tmp/.X11-unix ro,nosuid,nodev,noexec,noatime - tmpfs none rw,inode64
mountid=1271 fsname=/.X11-unix dir=/tmp/.X11-unix fstype=tmpfs
Disable /sys/fs
Disable /sys/module
Disable /mnt
Disable /media
Disable /run/mount
/etc/pulse/client.conf not found
Current directory: /home/internet
Install protocol filter: unix,inet,inet6,netlink
configuring 22 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol
sbox run: /usr/local/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol 
Build drop seccomp filter
sbox run: /run/firejail/lib/fseccomp drop /run/firejail/mnt/seccomp/seccomp /run/firejail/mnt/seccomp/seccomp.postexec @cloSeccomp list in: @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice, check list: @default-keep, prelist: adjtimex,clock_adjtime,clock_settime,settimeofday,modify_ldt,lookup_dcookie,perf_event_open,process_vm_writev,delete_module,finit_module,init_module,_sysctl,afs_syscall,create_module,get_kernel_syms,getpmsg,putpmsg,query_module,security,sysfs,tuxcall,uselib,ustat,vserver,ioperm,iopl,kexec_load,kexec_file_load,reboot,ioprio_set,mbind,migrate_pages,move_pages,sched_setaffinity,sched_setattr,sched_setparam,sched_setscheduler,set_mempolicy,swapon,swapoff,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount2,userfaultfd,vhangup,vmsplice,
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 35 01 00 40000000   jge X32_ABI 0006 (false 0005)
 0005: 35 01 00 00000000   jge read 0007 (false 0006)
 0006: 06 00 00 00050001   ret ERRNO(1)
 0007: 15 45 00 0000009f   jeq adjtimex 004d (false 0008)
 0008: 15 44 00 00000131   jeq clock_adjtime 004d (false 0009)
 0009: 15 43 00 000000e3   jeq clock_settime 004d (false 000a)
 000a: 15 42 00 000000a4   jeq settimeofday 004d (false 000b)
 000b: 15 41 00 0000009a   jeq modify_ldt 004d (false 000c)
 000c: 15 40 00 000000d4   jeq lookup_dcookie 004d (false 000d)
 000d: 15 3f 00 0000012a   jeq perf_event_open 004d (false 000e)
 000e: 15 3e 00 00000137   jeq process_vm_writev 004d (false 000f)
 000f: 15 3d 00 000000b0   jeq delete_module 004d (false 0010)
 0010: 15 3c 00 00000139   jeq finit_module 004d (false 0011)
 0011: 15 3b 00 000000af   jeq init_module 004d (false 0012)
 0012: 15 3a 00 0000009c   jeq _sysctl 004d (false 0013)
 0013: 15 39 00 000000b7   jeq afs_syscall 004d (false 0014)
 0014: 15 38 00 000000ae   jeq create_module 004d (false 0015)
 0015: 15 37 00 000000b1   jeq get_kernel_syms 004d (false 0016)
 0016: 15 36 00 000000b5   jeq getpmsg 004d (false 0017)
 0017: 15 35 00 000000b6   jeq putpmsg 004d (false 0018)
 0018: 15 34 00 000000b2   jeq query_module 004d (false 0019)
 0019: 15 33 00 000000b9   jeq security 004d (false 001a)
 001a: 15 32 00 0000008b   jeq sysfs 004d (false 001b)
 001b: 15 31 00 000000b8   jeq tuxcall 004d (false 001c)
 001c: 15 30 00 00000086   jeq uselib 004d (false 001d)
 001d: 15 2f 00 00000088   jeq ustat 004d (false 001e)
 001e: 15 2e 00 000000ec   jeq vserver 004d (false 001f)
 001f: 15 2d 00 000000ad   jeq ioperm 004d (false 0020)
 0020: 15 2c 00 000000ac   jeq iopl 004d (false 0021)
 0021: 15 2b 00 000000f6   jeq kexec_load 004d (false 0022)
 0022: 15 2a 00 00000140   jeq kexec_file_load 004d (false 0023)
 0023: 15 29 00 000000a9   jeq reboot 004d (false 0024)
 0024: 15 28 00 000000fb   jeq ioprio_set 004d (false 0025)
 0025: 15 27 00 000000ed   jeq mbind 004d (false 0026)
 0026: 15 26 00 00000100   jeq migrate_pages 004d (false 0027)
 0027: 15 25 00 00000117   jeq move_pages 004d (false 0028)
 0028: 15 24 00 000000cb   jeq sched_setaffinity 004d (false 0029)
 0029: 15 23 00 0000013a   jeq sched_setattr 004d (false 002a)
 002a: 15 22 00 0000008e   jeq sched_setparam 004d (false 002b)
 002b: 15 21 00 00000090   jeq sched_setscheduler 004d (false 002c)
 002c: 15 20 00 000000ee   jeq set_mempolicy 004d (false 002d)
 002d: 15 1f 00 000000a7   jeq swapon 004d (false 002e)
 002e: 15 1e 00 000000a8   jeq swapoff 004d (false 002f)
 002f: 15 1d 00 000000a3   jeq acct 004d (false 0030)
 0030: 15 1c 00 000000f8   jeq add_key 004d (false 0031)
 0031: 15 1b 00 00000141   jeq bpf 004d (false 0032)
 0032: 15 1a 00 0000012c   jeq fanotify_init 004d (false 0033)
 0033: 15 19 00 000000d2   jeq io_cancel 004d (false 0034)
 0034: 15 18 00 000000cf   jeq io_destroy 004d (false 0035)
 0035: 15 17 00 000000d0   jeq io_getevents 004d (false 0036)
 0036: 15 16 00 000000ce   jeq io_setup 004d (false 0037)
 0037: 15 15 00 000000d1   jeq io_submit 004d (false 0038)
 0038: 15 14 00 000000fb   jeq ioprio_set 004d (false 0039)
 0039: 15 13 00 00000138   jeq kcmp 004d (false 003a)
 003a: 15 12 00 000000fa   jeq keyctl 004d (false 003b)
 003b: 15 11 00 000000a5   jeq mount 004d (false 003c)
 003c: 15 10 00 0000012f   jeq name_to_handle_at 004d (false 003d)
 003d: 15 0f 00 000000b4   jeq nfsservctl 004d (false 003e)
 003e: 15 0e 00 00000130   jeq open_by_handle_at 004d (false 003f)
 003f: 15 0d 00 00000087   jeq personality 004d (false 0040)
 0040: 15 0c 00 0000009b   jeq pivot_root 004d (false 0041)
 0041: 15 0b 00 00000136   jeq process_vm_readv 004d (false 0042)
 0042: 15 0a 00 00000065   jeq ptrace 004d (false 0043)
 0043: 15 09 00 000000d8   jeq remap_file_pages 004d (false 0044)
 0044: 15 08 00 000000f9   jeq request_key 004d (false 0045)
 0045: 15 07 00 000000ab   jeq setdomainname 004d (false 0046)
 0046: 15 06 00 000000aa   jeq sethostname 004d (false 0047)
 0047: 15 05 00 00000067   jeq syslog 004d (false 0048)
 0048: 15 04 00 000000a6   jeq umount2 004d (false 0049)
 0049: 15 03 00 00000143   jeq userfaultfd 004d (false 004a)
 004a: 15 02 00 00000099   jeq vhangup 004d (false 004b)
 004b: 15 01 00 00000116   jeq vmsplice 004d (false 004c)
 004c: 06 00 00 7fff0000   ret ALLOW
 004d: 06 00 01 00050001   ret ERRNO(1)
ck,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice 
sbox run: /run/firejail/lib/fsec-optimize /run/firejail/mnt/seccomp/seccomp 
configuring 78 seccomp entries in /run/firejail/mnt/seccomp/seccomp
sbox run: /usr/local/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp 
seccomp filter configured
Mounting read-only /run/firejail/mnt/seccomp
1277 73 0:43 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755,inode64
mountid=1277 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs
Seccomp directory:
ls /run/firejail/mnt/seccomp
drwxr-xr-x root     root             160 .
drwxr-xr-x root     root             320 ..
-rw-r--r-- internet internet         624 seccomp
-rw-r--r-- internet internet         432 seccomp.32
-rw-r--r-- internet internet          77 seccomp.list
-rw-r--r-- internet internet           0 seccomp.postexec
-rw-r--r-- internet internet           0 seccomp.postexec32
-rw-r--r-- internet internet         176 seccomp.protocol
Active seccomp files:
cat /run/firejail/mnt/seccomp/seccomp.list
/run/firejail/mnt/seccomp/seccomp.protocol
/run/firejail/mnt/seccomp/seccomp
Dropping all capabilities
noroot user namespace installed
Dropping all capabilities
NO_NEW_PRIVS set
Drop privileges: pid 1, uid 1001, gid 1003, nogroups 1
No supplementary groups
AppArmor enabled
Child process initialized in 743.59 ms
Starting application
LD_PRELOAD=(null)
execvp argument 0: firefox
/usr/local/bin/firefox: 3: /usr/local/bin/firefox: which: Permission denied
No protocol specified
Unable to init server: connection....
Error: cannot open display: :0.0

Parent is shutting down, bye...

EDIT by @rusty-snake: code-block and details-summary

@osevan
Copy link
Author

osevan commented Jun 7, 2021
edited by rusty-snake
Loading

firefox.profile works everything with success with default user:

# Firejail profile for firefox
# Description: Safe and easy web browser from Mozilla
# This file is overwritten after every install/update
# Persistent local customizations
include firefox.local
# Persistent global definitions
include globals.local

# NOTE: sandboxing web browsers is as important as it is complex. Users might be
# interested in creating custom profiles depending on use case (e.g. one for
# general browsing, another for banking, ...). Consult our FAQ/issue tracker for more
# info. Here are a few links to get you going.
# https://github.com/netblue30/firejail/wiki/Frequently-Asked-Questions#firefox-doesnt-open-in-a-new-sandbox-instead-it-opens-a-new-tab-in-an-existing-firefox-instance
# https://github.com/netblue30/firejail/wiki/Frequently-Asked-Questions#how-do-i-run-two-instances-of-firefox
# https://github.com/netblue30/firejail/issues/4206#issuecomment-824806968

noblacklist ${HOME}/.cache/mozilla
noblacklist ${HOME}/.mozilla
#firefox nightly using
#noblacklist /home/ra/compile/firefox/mozilla-unified/
#ignore noexec ${HOME}
#whitelist /home/ra/compile/firefox/mozilla-unified/



mkdir ${HOME}/.cache/mozilla/firefox
mkdir ${HOME}/.mozilla
whitelist ${HOME}/.cache/mozilla/firefox
whitelist ${HOME}/.mozilla

# Add one of the following whitelist options to your firefox.local to enable KeePassXC Plugin support.
# NOTE: start KeePassXC before Firefox and keep it open to allow communication between them.
#whitelist ${RUNUSER}/kpxc_server
#whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer

whitelist /usr/share/doc
whitelist /usr/share/firefox
whitelist /usr/share/gnome-shell/search-providers/firefox-search-provider.ini
whitelist /usr/share/gtk-doc/html
whitelist /usr/share/mozilla
whitelist /usr/share/webext
include whitelist-usr-share-common.inc

# firefox requires a shell to launch on Arch - add the next line to your firefox.local to enable private-bin.
#private-bin bash,dbus-launch,dbus-send,env,firefox,sh,which
# Fedora uses shell scripts to launch firefox - add the next line to your firefox.local to enable private-bin.
private-bin basename,bash,cat,dirname,expr,false,firefox,firefox-esr,firefox-wayland,getenforce,ln,mkdir,pidof,restorecon,rm,rmdir,sed,sh,tclsh,true,uname
# Add the next line to your firefox.local to enable private-etc support - note that this must be enabled in your firefox-common.local too.
#private-etc firefox

dbus-user filter
dbus-user.own org.mozilla.Firefox.*
dbus-user.own org.mozilla.firefox.*
dbus-user.own org.mpris.MediaPlayer2.firefox.*
# Add the next line to your firefox.local to enable native notifications.
#dbus-user.talk org.freedesktop.Notifications
# Add the next line to your firefox.local to allow inhibiting screensavers.
#dbus-user.talk org.freedesktop.ScreenSaver
# Add the next lines to your firefox.local for plasma browser integration.
#dbus-user.own org.mpris.MediaPlayer2.plasma-browser-integration
#dbus-user.talk org.kde.JobViewServer
#dbus-user.talk org.kde.kuiserver
# Add the next two lines to your firefox.local to allow screen sharing under wayland.
#whitelist ${RUNUSER}/pipewire-0
#dbus-user.talk org.freedesktop.portal.*
# Add the next line to your firefox.local if screen sharing sharing still does not work
# with the above lines (might depend on the portal implementation).
#ignore noroot
ignore dbus-user none

# Redirect
include firefox-common.profile


apparmor
caps.drop all
netfilter
nonewprivs
noroot
protocol unix,inet,inet6,netlink
nogroups
seccomp

#seccomp.drop adjtimex,clock_adjtime,clock_settime,settimeofday,stime,modify_ldt,subpage_prot,swi$
seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice
#tracelog


# experimental features
private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,$
private-dev
#private-bin firefox-esr
private-tmp
private-cache
private-lib /usr/lib/firefox-esr/libmozgtk.so,/usr/lib/firefox-esr/libxul.so
noexec ${HOME}
noexec /tmp
noexec ${DOWNLOADS}
#memory-deny-write-execute

EDIT by @rusty-snake: code-block

@osevan
Copy link
Author

osevan commented Jun 7, 2021

i did xhost +local:internet

and than sudo -u internet -H firejail --debug firefox

this do this magic trick now all works very well...

please update documents and changelog for this fix

@osevan osevan closed this as completed Jun 8, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@topimiettinen @rusty-snake @osevan