Firejail: Unable to launch Firefox for SSO from Zoom profile
Write clear, concise and in textual form.
Bug and expected behavior
Zoom fails to launch Firefox in order to be able to use the SSO feature. Also launching Firefox directly but using the Zoom profile gives the same error.
No profile or disabling firejail
- What changed calling
firejail --noprofile PROGRAMin a shell? Works normally. - What changed calling the program by path=without firejail (check
whereis PROGRAM,firejail --list,stat $programpath)? Works normally.
Reproduce
Steps to reproduce the behavior:
- Launch zoom as
firejail --profile=/etc//firejail/zoom --private=$somewhere /opt/zoom/ZoomLauncher - Try to log in using an SSO provider (can test with
northeastern, in my case), which should launch Firefox - Firefox fails with "Your Firefox profile cannot be loaded. It may be missing or inaccessible."
I'm not confident this is not user error, so some guidance would be appreciated.
Environment
- Linux distribution and version (ie output of
lsb_release -a)
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 20.04 LTS
Release: 20.04
Codename: focal
- Firejail version (output of
firejail --version) exclusive or used git commit (git rev-parse HEAD) 0.9.62 - What other programs interact with the affected program for the functionality? Firefox
- Are these listed in the profile? No
Additional context
It seems that it's really Firefox failing with the profile directories not being set up properly. It would be fine to launch a sandboxed Firefox profile, but I'm not sure with how Firefox manages those to be able to fix it myself.
Checklist
- [x] The upstream profile (and redirect profile if exists) have no changes fixing it.
- [x] The upstream profile exists (
find / -name 'firejail' 2>/dev/null/fd firejailto locate profiles ie in/usr/local/etc/firejail/PROGRAM.profile) - [ ] Programs needed for interaction are listed. (unfamiliar with how this works)
- [x] Error was checked in search engine and on issue list without success.
debug output
firejail --debug --profile=/etc/firejail/zoom.profile --private=/opt/zoom/home/ /opt/zoom/ZoomLauncher
Reading profile /etc/firejail/zoom.profile
Found disable-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-common.inc
Found disable-devel.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-devel.inc
Found disable-interpreters.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-interpreters.inc
Found disable-programs.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-programs.inc
Found whitelist-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-common.inc
Warning: networking feature is disabled in Firejail configuration file
Autoselecting /bin/bash as shell
Building quoted command line: '/opt/zoom/ZoomLauncher'
Command name #ZoomLauncher#
DISPLAY=:0 parsed as 0
Using the local network stack
Parent pid 46734, child pid 46735
Initializing child process
Host network configured
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp directory
Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file
IBUS_ADDRESS=unix:abstract=/tmp/ibus/dbus-crQ4FIx1,guid=4181a8e937683d18c99dcf395e910c32
IBUS_DAEMON_PID=23593
IBUS_ADDRESS=unix:abstract=/home/treyzania/.cache/ibus/dbus-mNOYleW9,guid=de14a24389a819e58693204a5ef7f22e
IBUS_DAEMON_PID=1861
Build protocol filter: unix,inet,inet6
sbox run: /run/firejail/lib/fseccomp protocol build unix,inet,inet6 /run/firejail/mnt/seccomp/seccomp.protocol (null)
Dropping all capabilities
Drop privileges: pid 2, uid 1000, gid 1000, nogroups 1
No supplementary groups
Mounting /proc filesystem representing the PID namespace
Basic read-only filesystem:
Mounting read-only /etc
Mounting noexec /etc
Mounting read-only /var
Mounting noexec /var
Mounting read-only /bin
Mounting read-only /sbin
Mounting read-only /lib
Mounting read-only /lib64
Mounting read-only /lib32
Mounting read-only /libx32
Mounting read-only /usr
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Mounting tmpfs on /var/lib/dhcp
Mounting tmpfs on /var/lib/nginx
Mounting tmpfs on /var/lib/snmp
Mounting tmpfs on /var/lib/sudo
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Cleaning /run/user directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/profile
Disable /run/firejail/x11
Mount-bind /opt/zoom/home on top of /home/treyzania
1392 1375 8:3 /opt/zoom/home /home/treyzania rw,relatime master:1 - ext4 /dev/sda3 rw,errors=remount-ro
mountid=1392 fsname=/opt/zoom/home dir=/home/treyzania fstype=ext4
Mounting a new /root directory
Generate private-tmp whitelist commands
Mounting read-only /proc/sys
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /sys/kernel/uevent_helper
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/kernel/hotplug
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/sched_debug
Disable /proc/timer_list
Disable /proc/kcore
Disable /proc/kallsyms
Disable /usr/lib/modules (requested /lib/modules)
Disable /usr/lib/debug
Disable /boot
Disable /dev/port
Disable /run/user/1000/gnupg
Disable /run/user/1000/systemd
Disable /dev/kmsg
Disable /proc/kmsg
Debug 423: new_name #/home/treyzania/.cache/zoom#, whitelist
"whitelist ${HOME}/.cache/zoom" disabled by --private
Debug 423: new_name #/home/treyzania/.config/zoomus.conf#, whitelist
"whitelist ${HOME}/.config/zoomus.conf" disabled by --private
Debug 423: new_name #/home/treyzania/.zoom#, whitelist
"whitelist ${HOME}/.zoom" disabled by --private
Debug 423: new_name #/home/treyzania/.XCompose#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.XCompose
expanded: /home/treyzania/.XCompose
real path: (null)
realpath: No such file or directory
Debug 423: new_name #/home/treyzania/.asoundrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.asoundrc
expanded: /home/treyzania/.asoundrc
real path: (null)
realpath: No such file or directory
Debug 423: new_name #/home/treyzania/.config/ibus#, whitelist
"whitelist ${HOME}/.config/ibus" disabled by --private
Debug 423: new_name #/home/treyzania/.config/mimeapps.list#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/mimeapps.list
expanded: /home/treyzania/.config/mimeapps.list
real path: (null)
realpath: No such file or directory
Debug 423: new_name #/home/treyzania/.config/pkcs11#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/pkcs11
expanded: /home/treyzania/.config/pkcs11
real path: (null)
realpath: No such file or directory
Debug 423: new_name #/home/treyzania/.config/user-dirs.dirs#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/user-dirs.dirs
expanded: /home/treyzania/.config/user-dirs.dirs
real path: (null)
realpath: No such file or directory
Debug 423: new_name #/home/treyzania/.drirc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.drirc
expanded: /home/treyzania/.drirc
real path: (null)
realpath: No such file or directory
Debug 423: new_name #/home/treyzania/.icons#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.icons
expanded: /home/treyzania/.icons
real path: (null)
realpath: No such file or directory
Debug 423: new_name #/home/treyzania/.local/share/applications#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/applications
expanded: /home/treyzania/.local/share/applications
real path: (null)
realpath: No such file or directory
Debug 423: new_name #/home/treyzania/.local/share/icons#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/icons
expanded: /home/treyzania/.local/share/icons
real path: (null)
realpath: No such file or directory
Debug 423: new_name #/home/treyzania/.local/share/mime#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/mime
expanded: /home/treyzania/.local/share/mime
real path: (null)
realpath: No such file or directory
Debug 423: new_name #/home/treyzania/.mime.types#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.mime.types
expanded: /home/treyzania/.mime.types
real path: (null)
realpath: No such file or directory
Debug 423: new_name #/home/treyzania/.config/dconf#, whitelist
"whitelist ${HOME}/.config/dconf" disabled by --private
Debug 423: new_name #/home/treyzania/.cache/fontconfig#, whitelist
"whitelist ${HOME}/.cache/fontconfig" disabled by --private
Debug 423: new_name #/home/treyzania/.config/fontconfig#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/fontconfig
expanded: /home/treyzania/.config/fontconfig
real path: (null)
realpath: No such file or directory
Debug 423: new_name #/home/treyzania/.fontconfig#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fontconfig
expanded: /home/treyzania/.fontconfig
real path: (null)
realpath: No such file or directory
Debug 423: new_name #/home/treyzania/.fonts#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts
expanded: /home/treyzania/.fonts
real path: (null)
realpath: No such file or directory
Debug 423: new_name #/home/treyzania/.fonts.conf#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf
expanded: /home/treyzania/.fonts.conf
real path: (null)
realpath: No such file or directory
Debug 423: new_name #/home/treyzania/.fonts.conf.d#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.conf.d
expanded: /home/treyzania/.fonts.conf.d
real path: (null)
realpath: No such file or directory
Debug 423: new_name #/home/treyzania/.fonts.d#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.fonts.d
expanded: /home/treyzania/.fonts.d
real path: (null)
realpath: No such file or directory
Debug 423: new_name #/home/treyzania/.local/share/fonts#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/fonts
expanded: /home/treyzania/.local/share/fonts
real path: (null)
realpath: No such file or directory
Debug 423: new_name #/home/treyzania/.pangorc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.pangorc
expanded: /home/treyzania/.pangorc
real path: (null)
realpath: No such file or directory
Debug 423: new_name #/home/treyzania/.config/gtk-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtk-2.0
expanded: /home/treyzania/.config/gtk-2.0
real path: (null)
realpath: No such file or directory
Debug 423: new_name #/home/treyzania/.config/gtk-3.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtk-3.0
expanded: /home/treyzania/.config/gtk-3.0
real path: (null)
realpath: No such file or directory
Debug 423: new_name #/home/treyzania/.config/gtkrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc
expanded: /home/treyzania/.config/gtkrc
real path: (null)
realpath: No such file or directory
Debug 423: new_name #/home/treyzania/.config/gtkrc-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/gtkrc-2.0
expanded: /home/treyzania/.config/gtkrc-2.0
real path: (null)
realpath: No such file or directory
Debug 423: new_name #/home/treyzania/.gnome2#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2
expanded: /home/treyzania/.gnome2
real path: (null)
realpath: No such file or directory
Debug 423: new_name #/home/treyzania/.gnome2-private#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gnome2-private
expanded: /home/treyzania/.gnome2-private
real path: (null)
realpath: No such file or directory
Debug 423: new_name #/home/treyzania/.gtk-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtk-2.0
expanded: /home/treyzania/.gtk-2.0
real path: (null)
realpath: No such file or directory
Debug 423: new_name #/home/treyzania/.gtkrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtkrc
expanded: /home/treyzania/.gtkrc
real path: (null)
realpath: No such file or directory
Debug 423: new_name #/home/treyzania/.gtkrc-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.gtkrc-2.0
expanded: /home/treyzania/.gtkrc-2.0
real path: (null)
realpath: No such file or directory
Debug 423: new_name #/home/treyzania/.kde/share/config/gtkrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc
expanded: /home/treyzania/.kde/share/config/gtkrc
real path: (null)
realpath: No such file or directory
Debug 423: new_name #/home/treyzania/.kde/share/config/gtkrc-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/gtkrc-2.0
expanded: /home/treyzania/.kde/share/config/gtkrc-2.0
real path: (null)
realpath: No such file or directory
Debug 423: new_name #/home/treyzania/.kde4/share/config/gtkrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc
expanded: /home/treyzania/.kde4/share/config/gtkrc
real path: (null)
realpath: No such file or directory
Debug 423: new_name #/home/treyzania/.kde4/share/config/gtkrc-2.0#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/gtkrc-2.0
expanded: /home/treyzania/.kde4/share/config/gtkrc-2.0
real path: (null)
realpath: No such file or directory
Debug 423: new_name #/home/treyzania/.local/share/themes#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/themes
expanded: /home/treyzania/.local/share/themes
real path: (null)
realpath: No such file or directory
Debug 423: new_name #/home/treyzania/.themes#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.themes
expanded: /home/treyzania/.themes
real path: (null)
realpath: No such file or directory
Debug 423: new_name #/home/treyzania/.cache/kioexec/krun#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.cache/kioexec/krun
expanded: /home/treyzania/.cache/kioexec/krun
real path: (null)
realpath: No such file or directory
Debug 423: new_name #/home/treyzania/.config/Kvantum#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/Kvantum
expanded: /home/treyzania/.config/Kvantum
real path: (null)
realpath: No such file or directory
Debug 423: new_name #/home/treyzania/.config/Trolltech.conf#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/Trolltech.conf
expanded: /home/treyzania/.config/Trolltech.conf
real path: (null)
realpath: No such file or directory
Debug 423: new_name #/home/treyzania/.config/kdeglobals#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kdeglobals
expanded: /home/treyzania/.config/kdeglobals
real path: (null)
realpath: No such file or directory
Debug 423: new_name #/home/treyzania/.config/kio_httprc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kio_httprc
expanded: /home/treyzania/.config/kio_httprc
real path: (null)
realpath: No such file or directory
Debug 423: new_name #/home/treyzania/.config/kioslaverc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/kioslaverc
expanded: /home/treyzania/.config/kioslaverc
real path: (null)
realpath: No such file or directory
Debug 423: new_name #/home/treyzania/.config/ksslcablacklist#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/ksslcablacklist
expanded: /home/treyzania/.config/ksslcablacklist
real path: (null)
realpath: No such file or directory
Debug 423: new_name #/home/treyzania/.config/qt5ct#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.config/qt5ct
expanded: /home/treyzania/.config/qt5ct
real path: (null)
realpath: No such file or directory
Debug 423: new_name #/home/treyzania/.kde/share/config/kdeglobals#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kdeglobals
expanded: /home/treyzania/.kde/share/config/kdeglobals
real path: (null)
realpath: No such file or directory
Debug 423: new_name #/home/treyzania/.kde/share/config/kio_httprc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kio_httprc
expanded: /home/treyzania/.kde/share/config/kio_httprc
real path: (null)
realpath: No such file or directory
Debug 423: new_name #/home/treyzania/.kde/share/config/kioslaverc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/kioslaverc
expanded: /home/treyzania/.kde/share/config/kioslaverc
real path: (null)
realpath: No such file or directory
Debug 423: new_name #/home/treyzania/.kde/share/config/ksslcablacklist#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/ksslcablacklist
expanded: /home/treyzania/.kde/share/config/ksslcablacklist
real path: (null)
realpath: No such file or directory
Debug 423: new_name #/home/treyzania/.kde/share/config/oxygenrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/config/oxygenrc
expanded: /home/treyzania/.kde/share/config/oxygenrc
real path: (null)
realpath: No such file or directory
Debug 423: new_name #/home/treyzania/.kde/share/icons#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde/share/icons
expanded: /home/treyzania/.kde/share/icons
real path: (null)
realpath: No such file or directory
Debug 423: new_name #/home/treyzania/.kde4/share/config/kdeglobals#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kdeglobals
expanded: /home/treyzania/.kde4/share/config/kdeglobals
real path: (null)
realpath: No such file or directory
Debug 423: new_name #/home/treyzania/.kde4/share/config/kio_httprc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kio_httprc
expanded: /home/treyzania/.kde4/share/config/kio_httprc
real path: (null)
realpath: No such file or directory
Debug 423: new_name #/home/treyzania/.kde4/share/config/kioslaverc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/kioslaverc
expanded: /home/treyzania/.kde4/share/config/kioslaverc
real path: (null)
realpath: No such file or directory
Debug 423: new_name #/home/treyzania/.kde4/share/config/ksslcablacklist#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/ksslcablacklist
expanded: /home/treyzania/.kde4/share/config/ksslcablacklist
real path: (null)
realpath: No such file or directory
Debug 423: new_name #/home/treyzania/.kde4/share/config/oxygenrc#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/config/oxygenrc
expanded: /home/treyzania/.kde4/share/config/oxygenrc
real path: (null)
realpath: No such file or directory
Debug 423: new_name #/home/treyzania/.kde4/share/icons#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.kde4/share/icons
expanded: /home/treyzania/.kde4/share/icons
real path: (null)
realpath: No such file or directory
Debug 423: new_name #/home/treyzania/.local/share/qt5ct#, whitelist
Removed whitelist/nowhitelist path: whitelist ${HOME}/.local/share/qt5ct
expanded: /home/treyzania/.local/share/qt5ct
real path: (null)
realpath: No such file or directory
Debug 423: new_name #/tmp/.X11-unix#, whitelist
Mounting tmpfs on /tmp directory
Whitelisting /tmp/.X11-unix
1401 1400 8:3 /tmp/.X11-unix /tmp/.X11-unix rw,relatime master:1 - ext4 /dev/sda3 rw,errors=remount-ro
mountid=1401 fsname=/tmp/.X11-unix dir=/tmp/.X11-unix fstype=ext4
Disable /home/treyzania/.bash_history
Disable /etc/X11/Xsession.d
Disable /etc/xdg/autostart
Mounting read-only /home/treyzania/.config/dconf
1406 1392 8:3 /opt/zoom/home/.config/dconf /home/treyzania/.config/dconf ro,relatime master:1 - ext4 /dev/sda3 rw,errors=remount-ro
mountid=1406 fsname=/opt/zoom/home/.config/dconf dir=/home/treyzania/.config/dconf fstype=ext4
Disable /var/lib/systemd
Disable /var/cache/apt
Disable /var/lib/apt
Disable /var/lib/clamav
Disable /var/lib/upower
Disable /var/mail
Disable /var/opt
Disable /run/acpid.socket (requested /var/run/acpid.socket)
Disable /var/spool/anacron
Disable /var/spool/cron
Disable /var/mail (requested /var/spool/mail)
Disable /etc/anacrontab
Disable /etc/cron.weekly
Disable /etc/cron.monthly
Disable /etc/cron.hourly
Disable /etc/cron.daily
Disable /etc/cron.d
Disable /etc/crontab
Disable /etc/profile.d
Disable /etc/rc3.d
Disable /etc/rcS.d
Disable /etc/rc0.d
Disable /etc/rc6.d
Disable /etc/rc2.d
Disable /etc/rc5.d
Disable /etc/rc1.d
Disable /etc/rc4.d
Disable /etc/kernel-img.conf
Disable /etc/kernel
Disable /etc/kerneloops.conf
Disable /etc/grub.d
Disable /etc/dkms
Disable /etc/apparmor
Disable /etc/apparmor.d
Disable /etc/selinux
Disable /etc/modules-load.d
Disable /etc/modules
Disable /etc/logrotate.d
Disable /etc/logrotate.conf
Disable /etc/adduser.conf
Mounting read-only /home/treyzania/.bashrc
1447 1392 8:3 /opt/zoom/home/.bashrc /home/treyzania/.bashrc ro,relatime master:1 - ext4 /dev/sda3 rw,errors=remount-ro
mountid=1447 fsname=/opt/zoom/home/.bashrc dir=/home/treyzania/.bashrc fstype=ext4
Disable /home/treyzania/.pki
Disable /home/treyzania/.local/share/pki
Disable /etc/group-
Disable /etc/gshadow
Disable /etc/gshadow-
Disable /etc/passwd-
Disable /etc/shadow
Disable /etc/shadow-
Disable /etc/ssh
Disable /usr/sbin (requested /sbin)
Disable /usr/local/sbin
Disable /usr/sbin
Disable /usr/bin/chage
Disable /usr/bin/chage (requested /bin/chage)
Disable /usr/bin/chfn
Disable /usr/bin/chfn (requested /bin/chfn)
Disable /usr/bin/chsh
Disable /usr/bin/chsh (requested /bin/chsh)
Disable /usr/bin/crontab
Disable /usr/bin/crontab (requested /bin/crontab)
Disable /usr/bin/expiry
Disable /usr/bin/expiry (requested /bin/expiry)
Disable /usr/bin/fusermount
Disable /usr/bin/fusermount (requested /bin/fusermount)
Disable /usr/bin/gpasswd
Disable /usr/bin/gpasswd (requested /bin/gpasswd)
Disable /usr/bin/mount
Disable /usr/bin/mount (requested /bin/mount)
Disable /usr/bin/nc.openbsd (requested /usr/bin/nc)
Disable /usr/bin/nc.openbsd (requested /bin/nc)
Disable /usr/bin/newgrp
Disable /usr/bin/newgrp (requested /bin/newgrp)
Disable /usr/bin/ntfs-3g
Disable /usr/bin/ntfs-3g (requested /bin/ntfs-3g)
Disable /usr/bin/pkexec
Disable /usr/bin/pkexec (requested /bin/pkexec)
Disable /usr/bin/newgrp (requested /usr/bin/sg)
Disable /usr/bin/newgrp (requested /bin/sg)
Disable /usr/bin/strace
Disable /usr/bin/strace (requested /bin/strace)
Disable /usr/bin/su
Disable /usr/bin/su (requested /bin/su)
Disable /usr/bin/sudo
Disable /usr/bin/sudo (requested /bin/sudo)
Disable /usr/bin/umount
Disable /usr/bin/umount (requested /bin/umount)
Disable /usr/bin/xev
Disable /usr/bin/xev (requested /bin/xev)
Disable /usr/bin/xinput
Disable /usr/bin/xinput (requested /bin/xinput)
Disable /usr/bin/gnome-terminal
Disable /usr/bin/gnome-terminal (requested /bin/gnome-terminal)
Disable /usr/bin/gnome-terminal.wrapper
Disable /usr/bin/gnome-terminal.wrapper (requested /bin/gnome-terminal.wrapper)
Disable /usr/share/flatpak
Disable /var/lib/flatpak
Disable /usr/bin/bwrap
Disable /usr/bin/bwrap (requested /bin/bwrap)
Disable /usr/lib/llvm-10/share/clang/clang-tidy-diff.py (requested /usr/bin/clang-tidy-diff)
Disable /usr/lib/llvm-10/bin/clang-query (requested /usr/bin/clang-query-10)
Disable /usr/lib/llvm-10/bin/clang-offload-bundler (requested /usr/bin/clang-offload-bundler-10)
Disable /usr/lib/llvm-10/bin/clang (requested /usr/bin/clang-cpp-10)
Disable /usr/lib/llvm-10/bin/clang-refactor (requested /usr/bin/clang-refactor-10)
Disable /usr/lib/llvm-10/bin/clang-include-fixer (requested /usr/bin/clang-include-fixer-10)
Disable /usr/lib/llvm-10/bin/clang-rename (requested /usr/bin/clang-rename-10)
Disable /usr/lib/llvm-10/bin/clang (requested /usr/bin/clang-cl-10)
Disable /usr/lib/llvm-10/bin/clang (requested /usr/bin/clang++)
Disable /usr/lib/llvm-10/bin/clang-import-test (requested /usr/bin/clang-import-test-10)
Disable /usr/lib/llvm-10/bin/clang-scan-deps (requested /usr/bin/clang-scan-deps-10)
Disable /usr/lib/llvm-10/bin/clang-extdef-mapping (requested /usr/bin/clang-extdef-mapping-10)
Disable /usr/lib/llvm-10/bin/clang-tidy (requested /usr/bin/clang-tidy-10)
Disable /usr/lib/llvm-10/bin/clang-reorder-fields (requested /usr/bin/clang-reorder-fields-10)
Disable /usr/lib/llvm-10/bin/clang-move (requested /usr/bin/clang-move-10)
Disable /usr/lib/llvm-10/bin/clang-apply-replacements (requested /usr/bin/clang-apply-replacements-10)
Disable /usr/lib/llvm-10/share/clang/clang-tidy-diff.py (requested /usr/bin/clang-tidy-diff-10.py)
Disable /usr/lib/llvm-10/bin/clang (requested /usr/bin/clang++-10)
Disable /usr/lib/llvm-10/bin/clang-tidy (requested /usr/bin/clang-tidy)
Disable /usr/lib/llvm-10/bin/clang (requested /usr/bin/clang-10)
Disable /usr/lib/llvm-10/bin/clang-check (requested /usr/bin/clang-check-10)
Disable /usr/lib/llvm-10/bin/clang-change-namespace (requested /usr/bin/clang-change-namespace-10)
Disable /usr/lib/llvm-10/bin/clang (requested /usr/bin/clang)
Disable /usr/lib/llvm-10/bin/clang-offload-wrapper (requested /usr/bin/clang-offload-wrapper-10)
Disable /usr/lib/llvm-10/bin/clang-doc (requested /usr/bin/clang-doc-10)
Disable /usr/lib/llvm-10/share/clang/clang-tidy-diff.py (requested /bin/clang-tidy-diff)
Disable /usr/lib/llvm-10/bin/clang-query (requested /bin/clang-query-10)
Disable /usr/lib/llvm-10/bin/clang-offload-bundler (requested /bin/clang-offload-bundler-10)
Disable /usr/lib/llvm-10/bin/clang (requested /bin/clang-cpp-10)
Disable /usr/lib/llvm-10/bin/clang-refactor (requested /bin/clang-refactor-10)
Disable /usr/lib/llvm-10/bin/clang-include-fixer (requested /bin/clang-include-fixer-10)
Disable /usr/lib/llvm-10/bin/clang-rename (requested /bin/clang-rename-10)
Disable /usr/lib/llvm-10/bin/clang (requested /bin/clang-cl-10)
Disable /usr/lib/llvm-10/bin/clang (requested /bin/clang++)
Disable /usr/lib/llvm-10/bin/clang-import-test (requested /bin/clang-import-test-10)
Disable /usr/lib/llvm-10/bin/clang-scan-deps (requested /bin/clang-scan-deps-10)
Disable /usr/lib/llvm-10/bin/clang-extdef-mapping (requested /bin/clang-extdef-mapping-10)
Disable /usr/lib/llvm-10/bin/clang-tidy (requested /bin/clang-tidy-10)
Disable /usr/lib/llvm-10/bin/clang-reorder-fields (requested /bin/clang-reorder-fields-10)
Disable /usr/lib/llvm-10/bin/clang-move (requested /bin/clang-move-10)
Disable /usr/lib/llvm-10/bin/clang-apply-replacements (requested /bin/clang-apply-replacements-10)
Disable /usr/lib/llvm-10/share/clang/clang-tidy-diff.py (requested /bin/clang-tidy-diff-10.py)
Disable /usr/lib/llvm-10/bin/clang (requested /bin/clang++-10)
Disable /usr/lib/llvm-10/bin/clang-tidy (requested /bin/clang-tidy)
Disable /usr/lib/llvm-10/bin/clang (requested /bin/clang-10)
Disable /usr/lib/llvm-10/bin/clang-check (requested /bin/clang-check-10)
Disable /usr/lib/llvm-10/bin/clang-change-namespace (requested /bin/clang-change-namespace-10)
Disable /usr/lib/llvm-10/bin/clang (requested /bin/clang)
Disable /usr/lib/llvm-10/bin/clang-offload-wrapper (requested /bin/clang-offload-wrapper-10)
Disable /usr/lib/llvm-10/bin/clang-doc (requested /bin/clang-doc-10)
Disable /usr/lib/llvm-10/bin/llvm-rc (requested /usr/bin/llvm-rc-10)
Disable /usr/lib/llvm-10/bin/llvm-cov (requested /usr/bin/llvm-cov-10)
Disable /usr/lib/llvm-10/bin/llvm-objcopy (requested /usr/bin/llvm-strip-10)
Disable /usr/lib/llvm-10/bin/llvm-pdbutil (requested /usr/bin/llvm-pdbutil-10)
Disable /usr/lib/llvm-10/bin/llvm-cat (requested /usr/bin/llvm-cat)
Disable /usr/lib/llvm-10/bin/llvm-modextract (requested /usr/bin/llvm-modextract-10)
Disable /usr/lib/llvm-10/bin/llvm-mt (requested /usr/bin/llvm-mt)
Disable /usr/lib/llvm-10/bin/llvm-symbolizer (requested /usr/bin/llvm-addr2line-10)
Disable /usr/lib/llvm-10/bin/llvm-lto (requested /usr/bin/llvm-lto-10)
Disable /usr/lib/llvm-10/bin/llvm-cov (requested /usr/bin/llvm-cov)
Disable /usr/lib/llvm-10/bin/llvm-cfi-verify (requested /usr/bin/llvm-cfi-verify)
Disable /usr/lib/llvm-10/bin/llvm-cfi-verify (requested /usr/bin/llvm-cfi-verify-10)
Disable /usr/lib/llvm-10/bin/llvm-xray (requested /usr/bin/llvm-xray-10)
Disable /usr/lib/llvm-10/bin/llvm-rtdyld (requested /usr/bin/llvm-rtdyld-10)
Disable /usr/lib/llvm-10/bin/llvm-stress (requested /usr/bin/llvm-stress-10)
Disable /usr/lib/llvm-10/bin/llvm-config (requested /usr/bin/llvm-config-10)
Disable /usr/lib/llvm-10/bin/llvm-cxxdump (requested /usr/bin/llvm-cxxdump-10)
Disable /usr/lib/llvm-10/bin/llvm-rtdyld (requested /usr/bin/llvm-rtdyld)
Disable /usr/lib/llvm-10/bin/llvm-extract (requested /usr/bin/llvm-extract-10)
Disable /usr/lib/llvm-10/bin/llvm-mc (requested /usr/bin/llvm-mc-10)
Disable /usr/lib/llvm-10/bin/llvm-strings (requested /usr/bin/llvm-strings)
Disable /usr/lib/llvm-10/bin/llvm-strings (requested /usr/bin/llvm-strings-10)
Disable /usr/lib/llvm-10/bin/llvm-dwp (requested /usr/bin/llvm-dwp)
Disable /usr/lib/llvm-10/bin/llvm-extract (requested /usr/bin/llvm-extract)
Disable /usr/lib/llvm-10/bin/llvm-mca (requested /usr/bin/llvm-mca-10)
Disable /usr/lib/llvm-10/bin/llvm-nm (requested /usr/bin/llvm-nm)
Disable /usr/lib/llvm-10/bin/llvm-cxxfilt (requested /usr/bin/llvm-cxxfilt-10)
Disable /usr/lib/llvm-10/bin/llvm-readobj (requested /usr/bin/llvm-readelf)
Disable /usr/lib/llvm-10/bin/llvm-nm (requested /usr/bin/llvm-nm-10)
Disable /usr/lib/llvm-10/bin/llvm-exegesis (requested /usr/bin/llvm-exegesis-10)
Disable /usr/lib/llvm-10/bin/llvm-objdump (requested /usr/bin/llvm-objdump)
Disable /usr/lib/llvm-10/bin/llvm-mca (requested /usr/bin/llvm-mca)
Disable /usr/lib/llvm-10/bin/llvm-size (requested /usr/bin/llvm-size-10)
Disable /usr/lib/llvm-10/bin/llvm-cxxfilt (requested /usr/bin/llvm-cxxfilt)
Disable /usr/lib/llvm-10/bin/llvm-symbolizer (requested /usr/bin/llvm-symbolizer-10)
Disable /usr/lib/llvm-10/bin/llvm-opt-report (requested /usr/bin/llvm-opt-report)
Disable /usr/lib/llvm-10/bin/llvm-ar (requested /usr/bin/llvm-ar)
Disable /usr/lib/llvm-10/bin/llvm-PerfectShuffle (requested /usr/bin/llvm-PerfectShuffle-10)
Disable /usr/lib/llvm-10/bin/llvm-diff (requested /usr/bin/llvm-diff)
Disable /usr/lib/llvm-10/bin/llvm-objcopy (requested /usr/bin/llvm-objcopy-10)
Disable /usr/lib/llvm-10/bin/llvm-dis (requested /usr/bin/llvm-dis)
Disable /usr/lib/llvm-10/bin/llvm-objdump (requested /usr/bin/llvm-objdump-10)
Disable /usr/lib/llvm-10/bin/llvm-ar (requested /usr/bin/llvm-dlltool-10)
Disable /usr/lib/llvm-10/bin/llvm-as (requested /usr/bin/llvm-as)
Disable /usr/lib/llvm-10/bin/llvm-tblgen (requested /usr/bin/llvm-tblgen)
Disable /usr/lib/llvm-10/bin/llvm-ar (requested /usr/bin/llvm-dlltool)
Disable /usr/lib/llvm-10/bin/llvm-profdata (requested /usr/bin/llvm-profdata-10)
Disable /usr/lib/llvm-10/bin/llvm-rc (requested /usr/bin/llvm-rc)
Disable /usr/lib/llvm-10/bin/llvm-objcopy (requested /usr/bin/llvm-objcopy)
Disable /usr/lib/llvm-10/bin/llvm-opt-report (requested /usr/bin/llvm-opt-report-10)
Disable /usr/lib/llvm-10/bin/llvm-cxxmap (requested /usr/bin/llvm-cxxmap-10)
Disable /usr/lib/llvm-10/bin/llvm-cxxdump (requested /usr/bin/llvm-cxxdump)
Disable /usr/lib/llvm-10/bin/llvm-exegesis (requested /usr/bin/llvm-exegesis)
Disable /usr/lib/llvm-10/bin/llvm-bcanalyzer (requested /usr/bin/llvm-bcanalyzer)
Disable /usr/lib/llvm-10/bin/llvm-profdata (requested /usr/bin/llvm-profdata)
Disable /usr/lib/llvm-10/bin/llvm-tblgen (requested /usr/bin/llvm-tblgen-10)
Disable /usr/lib/llvm-10/bin/llvm-readobj (requested /usr/bin/llvm-readelf-10)
Disable /usr/lib/llvm-10/bin/llvm-modextract (requested /usr/bin/llvm-modextract)
Disable /usr/lib/llvm-10/bin/llvm-bcanalyzer (requested /usr/bin/llvm-bcanalyzer-10)
Disable /usr/lib/llvm-10/bin/llvm-objcopy (requested /usr/bin/llvm-install-name-tool-10)
Disable /usr/lib/llvm-10/bin/llvm-pdbutil (requested /usr/bin/llvm-pdbutil)
Disable /usr/lib/llvm-10/bin/llvm-xray (requested /usr/bin/llvm-xray)
Disable /usr/lib/llvm-10/bin/llvm-dwarfdump (requested /usr/bin/llvm-dwarfdump-10)
Disable /usr/lib/llvm-10/bin/llvm-cvtres (requested /usr/bin/llvm-cvtres-10)
Disable /usr/lib/llvm-10/bin/llvm-ar (requested /usr/bin/llvm-lib)
Disable /usr/lib/llvm-10/bin/llvm-config (requested /usr/bin/llvm-config)
Disable /usr/lib/llvm-10/bin/llvm-symbolizer (requested /usr/bin/llvm-symbolizer)
Disable /usr/lib/llvm-10/bin/llvm-split (requested /usr/bin/llvm-split-10)
Disable /usr/lib/llvm-10/bin/llvm-dwarfdump (requested /usr/bin/llvm-dwarfdump)
Disable /usr/lib/llvm-10/bin/llvm-lto2 (requested /usr/bin/llvm-lto2)
Disable /usr/lib/llvm-10/bin/llvm-objcopy (requested /usr/bin/llvm-strip)
Disable /usr/lib/llvm-10/bin/llvm-jitlink (requested /usr/bin/llvm-jitlink-10)
Disable /usr/lib/llvm-10/bin/llvm-mt (requested /usr/bin/llvm-mt-10)
Disable /usr/lib/llvm-10/bin/llvm-ifs (requested /usr/bin/llvm-ifs-10)
Disable /usr/lib/llvm-10/bin/llvm-elfabi (requested /usr/bin/llvm-elfabi-10)
Disable /usr/lib/llvm-10/bin/llvm-dis (requested /usr/bin/llvm-dis-10)
Disable /usr/lib/llvm-10/bin/llvm-split (requested /usr/bin/llvm-split)
Disable /usr/lib/llvm-10/bin/llvm-c-test (requested /usr/bin/llvm-c-test-10)
Disable /usr/lib/llvm-10/bin/llvm-mc (requested /usr/bin/llvm-mc)
Disable /usr/lib/llvm-10/bin/llvm-ar (requested /usr/bin/llvm-lib-10)
Disable /usr/lib/llvm-10/bin/llvm-readobj (requested /usr/bin/llvm-readobj)
Disable /usr/lib/llvm-10/bin/llvm-PerfectShuffle (requested /usr/bin/llvm-PerfectShuffle)
Disable /usr/lib/llvm-10/bin/llvm-lipo (requested /usr/bin/llvm-lipo-10)
Disable /usr/lib/llvm-10/bin/llvm-lto2 (requested /usr/bin/llvm-lto2-10)
Disable /usr/lib/llvm-10/bin/llvm-as (requested /usr/bin/llvm-as-10)
Disable /usr/lib/llvm-10/bin/llvm-lto (requested /usr/bin/llvm-lto)
Disable /usr/lib/llvm-10/bin/llvm-undname (requested /usr/bin/llvm-undname)
Disable /usr/lib/llvm-10/bin/llvm-ar (requested /usr/bin/llvm-ar-10)
Disable /usr/lib/llvm-10/bin/llvm-link (requested /usr/bin/llvm-link-10)
Disable /usr/lib/llvm-10/bin/llvm-cvtres (requested /usr/bin/llvm-cvtres)
Disable /usr/lib/llvm-10/bin/llvm-ar (requested /usr/bin/llvm-ranlib-10)
Disable /usr/lib/llvm-10/bin/llvm-readobj (requested /usr/bin/llvm-readobj-10)
Disable /usr/lib/llvm-10/bin/llvm-cat (requested /usr/bin/llvm-cat-10)
Disable /usr/lib/llvm-10/bin/llvm-link (requested /usr/bin/llvm-link)
Disable /usr/lib/llvm-10/bin/llvm-undname (requested /usr/bin/llvm-undname-10)
Disable /usr/lib/llvm-10/bin/llvm-reduce (requested /usr/bin/llvm-reduce-10)
Disable /usr/lib/llvm-10/bin/llvm-ar (requested /usr/bin/llvm-ranlib)
Disable /usr/lib/llvm-10/bin/llvm-dwp (requested /usr/bin/llvm-dwp-10)
Disable /usr/lib/llvm-10/bin/llvm-c-test (requested /usr/bin/llvm-c-test)
Disable /usr/lib/llvm-10/bin/llvm-diff (requested /usr/bin/llvm-diff-10)
Disable /usr/lib/llvm-10/bin/llvm-stress (requested /usr/bin/llvm-stress)
Disable /usr/lib/llvm-10/bin/llvm-size (requested /usr/bin/llvm-size)
Disable /usr/lib/llvm-10/bin/llvm-rc (requested /bin/llvm-rc-10)
Disable /usr/lib/llvm-10/bin/llvm-cov (requested /bin/llvm-cov-10)
Disable /usr/lib/llvm-10/bin/llvm-objcopy (requested /bin/llvm-strip-10)
Disable /usr/lib/llvm-10/bin/llvm-pdbutil (requested /bin/llvm-pdbutil-10)
Disable /usr/lib/llvm-10/bin/llvm-cat (requested /bin/llvm-cat)
Disable /usr/lib/llvm-10/bin/llvm-modextract (requested /bin/llvm-modextract-10)
Disable /usr/lib/llvm-10/bin/llvm-mt (requested /bin/llvm-mt)
Disable /usr/lib/llvm-10/bin/llvm-symbolizer (requested /bin/llvm-addr2line-10)
Disable /usr/lib/llvm-10/bin/llvm-lto (requested /bin/llvm-lto-10)
Disable /usr/lib/llvm-10/bin/llvm-cov (requested /bin/llvm-cov)
Disable /usr/lib/llvm-10/bin/llvm-cfi-verify (requested /bin/llvm-cfi-verify)
Disable /usr/lib/llvm-10/bin/llvm-cfi-verify (requested /bin/llvm-cfi-verify-10)
Disable /usr/lib/llvm-10/bin/llvm-xray (requested /bin/llvm-xray-10)
Disable /usr/lib/llvm-10/bin/llvm-rtdyld (requested /bin/llvm-rtdyld-10)
Disable /usr/lib/llvm-10/bin/llvm-stress (requested /bin/llvm-stress-10)
Disable /usr/lib/llvm-10/bin/llvm-config (requested /bin/llvm-config-10)
Disable /usr/lib/llvm-10/bin/llvm-cxxdump (requested /bin/llvm-cxxdump-10)
Disable /usr/lib/llvm-10/bin/llvm-rtdyld (requested /bin/llvm-rtdyld)
Disable /usr/lib/llvm-10/bin/llvm-extract (requested /bin/llvm-extract-10)
Disable /usr/lib/llvm-10/bin/llvm-mc (requested /bin/llvm-mc-10)
Disable /usr/lib/llvm-10/bin/llvm-strings (requested /bin/llvm-strings)
Disable /usr/lib/llvm-10/bin/llvm-strings (requested /bin/llvm-strings-10)
Disable /usr/lib/llvm-10/bin/llvm-dwp (requested /bin/llvm-dwp)
Disable /usr/lib/llvm-10/bin/llvm-extract (requested /bin/llvm-extract)
Disable /usr/lib/llvm-10/bin/llvm-mca (requested /bin/llvm-mca-10)
Disable /usr/lib/llvm-10/bin/llvm-nm (requested /bin/llvm-nm)
Disable /usr/lib/llvm-10/bin/llvm-cxxfilt (requested /bin/llvm-cxxfilt-10)
Disable /usr/lib/llvm-10/bin/llvm-readobj (requested /bin/llvm-readelf)
Disable /usr/lib/llvm-10/bin/llvm-nm (requested /bin/llvm-nm-10)
Disable /usr/lib/llvm-10/bin/llvm-exegesis (requested /bin/llvm-exegesis-10)
Disable /usr/lib/llvm-10/bin/llvm-objdump (requested /bin/llvm-objdump)
Disable /usr/lib/llvm-10/bin/llvm-mca (requested /bin/llvm-mca)
Disable /usr/lib/llvm-10/bin/llvm-size (requested /bin/llvm-size-10)
Disable /usr/lib/llvm-10/bin/llvm-cxxfilt (requested /bin/llvm-cxxfilt)
Disable /usr/lib/llvm-10/bin/llvm-symbolizer (requested /bin/llvm-symbolizer-10)
Disable /usr/lib/llvm-10/bin/llvm-opt-report (requested /bin/llvm-opt-report)
Disable /usr/lib/llvm-10/bin/llvm-ar (requested /bin/llvm-ar)
Disable /usr/lib/llvm-10/bin/llvm-PerfectShuffle (requested /bin/llvm-PerfectShuffle-10)
Disable /usr/lib/llvm-10/bin/llvm-diff (requested /bin/llvm-diff)
Disable /usr/lib/llvm-10/bin/llvm-objcopy (requested /bin/llvm-objcopy-10)
Disable /usr/lib/llvm-10/bin/llvm-dis (requested /bin/llvm-dis)
Disable /usr/lib/llvm-10/bin/llvm-objdump (requested /bin/llvm-objdump-10)
Disable /usr/lib/llvm-10/bin/llvm-ar (requested /bin/llvm-dlltool-10)
Disable /usr/lib/llvm-10/bin/llvm-as (requested /bin/llvm-as)
Disable /usr/lib/llvm-10/bin/llvm-tblgen (requested /bin/llvm-tblgen)
Disable /usr/lib/llvm-10/bin/llvm-ar (requested /bin/llvm-dlltool)
Disable /usr/lib/llvm-10/bin/llvm-profdata (requested /bin/llvm-profdata-10)
Disable /usr/lib/llvm-10/bin/llvm-rc (requested /bin/llvm-rc)
Disable /usr/lib/llvm-10/bin/llvm-objcopy (requested /bin/llvm-objcopy)
Disable /usr/lib/llvm-10/bin/llvm-opt-report (requested /bin/llvm-opt-report-10)
Disable /usr/lib/llvm-10/bin/llvm-cxxmap (requested /bin/llvm-cxxmap-10)
Disable /usr/lib/llvm-10/bin/llvm-cxxdump (requested /bin/llvm-cxxdump)
Disable /usr/lib/llvm-10/bin/llvm-exegesis (requested /bin/llvm-exegesis)
Disable /usr/lib/llvm-10/bin/llvm-bcanalyzer (requested /bin/llvm-bcanalyzer)
Disable /usr/lib/llvm-10/bin/llvm-profdata (requested /bin/llvm-profdata)
Disable /usr/lib/llvm-10/bin/llvm-tblgen (requested /bin/llvm-tblgen-10)
Disable /usr/lib/llvm-10/bin/llvm-readobj (requested /bin/llvm-readelf-10)
Disable /usr/lib/llvm-10/bin/llvm-modextract (requested /bin/llvm-modextract)
Disable /usr/lib/llvm-10/bin/llvm-bcanalyzer (requested /bin/llvm-bcanalyzer-10)
Disable /usr/lib/llvm-10/bin/llvm-objcopy (requested /bin/llvm-install-name-tool-10)
Disable /usr/lib/llvm-10/bin/llvm-pdbutil (requested /bin/llvm-pdbutil)
Disable /usr/lib/llvm-10/bin/llvm-xray (requested /bin/llvm-xray)
Disable /usr/lib/llvm-10/bin/llvm-dwarfdump (requested /bin/llvm-dwarfdump-10)
Disable /usr/lib/llvm-10/bin/llvm-cvtres (requested /bin/llvm-cvtres-10)
Disable /usr/lib/llvm-10/bin/llvm-ar (requested /bin/llvm-lib)
Disable /usr/lib/llvm-10/bin/llvm-config (requested /bin/llvm-config)
Disable /usr/lib/llvm-10/bin/llvm-symbolizer (requested /bin/llvm-symbolizer)
Disable /usr/lib/llvm-10/bin/llvm-split (requested /bin/llvm-split-10)
Disable /usr/lib/llvm-10/bin/llvm-dwarfdump (requested /bin/llvm-dwarfdump)
Disable /usr/lib/llvm-10/bin/llvm-lto2 (requested /bin/llvm-lto2)
Disable /usr/lib/llvm-10/bin/llvm-objcopy (requested /bin/llvm-strip)
Disable /usr/lib/llvm-10/bin/llvm-jitlink (requested /bin/llvm-jitlink-10)
Disable /usr/lib/llvm-10/bin/llvm-mt (requested /bin/llvm-mt-10)
Disable /usr/lib/llvm-10/bin/llvm-ifs (requested /bin/llvm-ifs-10)
Disable /usr/lib/llvm-10/bin/llvm-elfabi (requested /bin/llvm-elfabi-10)
Disable /usr/lib/llvm-10/bin/llvm-dis (requested /bin/llvm-dis-10)
Disable /usr/lib/llvm-10/bin/llvm-split (requested /bin/llvm-split)
Disable /usr/lib/llvm-10/bin/llvm-c-test (requested /bin/llvm-c-test-10)
Disable /usr/lib/llvm-10/bin/llvm-mc (requested /bin/llvm-mc)
Disable /usr/lib/llvm-10/bin/llvm-ar (requested /bin/llvm-lib-10)
Disable /usr/lib/llvm-10/bin/llvm-readobj (requested /bin/llvm-readobj)
Disable /usr/lib/llvm-10/bin/llvm-PerfectShuffle (requested /bin/llvm-PerfectShuffle)
Disable /usr/lib/llvm-10/bin/llvm-lipo (requested /bin/llvm-lipo-10)
Disable /usr/lib/llvm-10/bin/llvm-lto2 (requested /bin/llvm-lto2-10)
Disable /usr/lib/llvm-10/bin/llvm-as (requested /bin/llvm-as-10)
Disable /usr/lib/llvm-10/bin/llvm-lto (requested /bin/llvm-lto)
Disable /usr/lib/llvm-10/bin/llvm-undname (requested /bin/llvm-undname)
Disable /usr/lib/llvm-10/bin/llvm-ar (requested /bin/llvm-ar-10)
Disable /usr/lib/llvm-10/bin/llvm-link (requested /bin/llvm-link-10)
Disable /usr/lib/llvm-10/bin/llvm-cvtres (requested /bin/llvm-cvtres)
Disable /usr/lib/llvm-10/bin/llvm-ar (requested /bin/llvm-ranlib-10)
Disable /usr/lib/llvm-10/bin/llvm-readobj (requested /bin/llvm-readobj-10)
Disable /usr/lib/llvm-10/bin/llvm-cat (requested /bin/llvm-cat-10)
Disable /usr/lib/llvm-10/bin/llvm-link (requested /bin/llvm-link)
Disable /usr/lib/llvm-10/bin/llvm-undname (requested /bin/llvm-undname-10)
Disable /usr/lib/llvm-10/bin/llvm-reduce (requested /bin/llvm-reduce-10)
Disable /usr/lib/llvm-10/bin/llvm-ar (requested /bin/llvm-ranlib)
Disable /usr/lib/llvm-10/bin/llvm-dwp (requested /bin/llvm-dwp-10)
Disable /usr/lib/llvm-10/bin/llvm-c-test (requested /bin/llvm-c-test)
Disable /usr/lib/llvm-10/bin/llvm-diff (requested /bin/llvm-diff-10)
Disable /usr/lib/llvm-10/bin/llvm-stress (requested /bin/llvm-stress)
Disable /usr/lib/llvm-10/bin/llvm-size (requested /bin/llvm-size)
Disable /usr/bin/x86_64-linux-gnu-as (requested /usr/bin/as)
Disable /usr/bin/x86_64-linux-gnu-as (requested /bin/as)
Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /usr/bin/cc)
Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /bin/cc)
Disable /usr/bin/x86_64-linux-gnu-c++filt (requested /usr/bin/c++filt)
Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /usr/bin/c++)
Disable /usr/bin/x86_64-linux-gnu-c++filt (requested /bin/c++filt)
Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /bin/c++)
Disable /usr/bin/c89-gcc
Disable /usr/bin/c89-gcc (requested /usr/bin/c89)
Disable /usr/bin/c89-gcc (requested /bin/c89-gcc)
Disable /usr/bin/c89-gcc (requested /bin/c89)
Disable /usr/bin/c99-gcc
Disable /usr/bin/c99-gcc (requested /usr/bin/c99)
Disable /usr/bin/c99-gcc (requested /bin/c99-gcc)
Disable /usr/bin/c99-gcc (requested /bin/c99)
Disable /usr/bin/x86_64-linux-gnu-cpp-9 (requested /usr/bin/cpp)
Disable /usr/bin/x86_64-linux-gnu-cpp-9 (requested /usr/bin/cpp-9)
Disable /usr/bin/x86_64-linux-gnu-cpp-9 (requested /bin/cpp)
Disable /usr/bin/x86_64-linux-gnu-cpp-9 (requested /bin/cpp-9)
Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /usr/bin/g++)
Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /usr/bin/g++-9)
Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /bin/g++)
Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /bin/g++-9)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9 (requested /usr/bin/gcc-ranlib-9)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9 (requested /usr/bin/gcc-nm)
Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /usr/bin/gcc-9)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9 (requested /usr/bin/gcc-ar-9)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9 (requested /usr/bin/gcc-ar)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9 (requested /usr/bin/gcc-ranlib)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9 (requested /usr/bin/gcc-nm-9)
Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /usr/bin/gcc)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9 (requested /bin/gcc-ranlib-9)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9 (requested /bin/gcc-nm)
Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /bin/gcc-9)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9 (requested /bin/gcc-ar-9)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9 (requested /bin/gcc-ar)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9 (requested /bin/gcc-ranlib)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9 (requested /bin/gcc-nm-9)
Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /bin/gcc)
Disable /usr/bin/gdb
Disable /usr/bin/gdb (requested /bin/gdb)
Disable /usr/bin/x86_64-linux-gnu-ld.bfd (requested /usr/bin/ld)
Disable /usr/bin/x86_64-linux-gnu-ld.bfd (requested /bin/ld)
Disable /usr/bin/c89-gcc
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9 (requested /usr/bin/x86_64-linux-gnu-gcc-nm)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9 (requested /usr/bin/x86_64-linux-gnu-gcc-ar)
Disable /usr/bin/c99-gcc
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9
Disable /usr/bin/x86_64-linux-gnu-gcc-9
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9 (requested /usr/bin/x86_64-linux-gnu-gcc-ranlib)
Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /usr/bin/x86_64-linux-gnu-gcc)
Disable /usr/bin/c89-gcc (requested /bin/c89-gcc)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9 (requested /bin/x86_64-linux-gnu-gcc-ranlib-9)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9 (requested /bin/x86_64-linux-gnu-gcc-nm)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9 (requested /bin/x86_64-linux-gnu-gcc-ar)
Disable /usr/bin/c99-gcc (requested /bin/c99-gcc)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9 (requested /bin/x86_64-linux-gnu-gcc-nm-9)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9 (requested /bin/x86_64-linux-gnu-gcc-ar-9)
Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /bin/x86_64-linux-gnu-gcc-9)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9 (requested /bin/x86_64-linux-gnu-gcc-ranlib)
Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /bin/x86_64-linux-gnu-gcc)
Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /usr/bin/x86_64-linux-gnu-g++)
Disable /usr/bin/x86_64-linux-gnu-g++-9
Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /bin/x86_64-linux-gnu-g++)
Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /bin/x86_64-linux-gnu-g++-9)
Disable /usr/bin/c89-gcc
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9 (requested /usr/bin/x86_64-linux-gnu-gcc-nm)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9 (requested /usr/bin/x86_64-linux-gnu-gcc-ar)
Disable /usr/bin/c99-gcc
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9
Disable /usr/bin/x86_64-linux-gnu-gcc-9
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9 (requested /usr/bin/x86_64-linux-gnu-gcc-ranlib)
Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /usr/bin/x86_64-linux-gnu-gcc)
Disable /usr/bin/c89-gcc (requested /bin/c89-gcc)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9 (requested /bin/x86_64-linux-gnu-gcc-ranlib-9)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9 (requested /bin/x86_64-linux-gnu-gcc-nm)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9 (requested /bin/x86_64-linux-gnu-gcc-ar)
Disable /usr/bin/c99-gcc (requested /bin/c99-gcc)
Disable /usr/bin/x86_64-linux-gnu-gcc-nm-9 (requested /bin/x86_64-linux-gnu-gcc-nm-9)
Disable /usr/bin/x86_64-linux-gnu-gcc-ar-9 (requested /bin/x86_64-linux-gnu-gcc-ar-9)
Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /bin/x86_64-linux-gnu-gcc-9)
Disable /usr/bin/x86_64-linux-gnu-gcc-ranlib-9 (requested /bin/x86_64-linux-gnu-gcc-ranlib)
Disable /usr/bin/x86_64-linux-gnu-gcc-9 (requested /bin/x86_64-linux-gnu-gcc)
Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /usr/bin/x86_64-linux-gnu-g++)
Disable /usr/bin/x86_64-linux-gnu-g++-9
Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /bin/x86_64-linux-gnu-g++)
Disable /usr/bin/x86_64-linux-gnu-g++-9 (requested /bin/x86_64-linux-gnu-g++-9)
Disable /usr/include
Disable /usr/lib/jvm/java-11-openjdk-amd64/bin/java (requested /usr/bin/java)
Disable /usr/lib/jvm/java-11-openjdk-amd64/bin/java (requested /bin/java)
Disable /usr/lib/jvm/java-11-openjdk-amd64/bin/javac (requested /usr/bin/javac)
Disable /usr/lib/jvm/java-11-openjdk-amd64/bin/javac (requested /bin/javac)
Disable /usr/share/java
Disable /usr/bin/openssl
Disable /usr/bin/openssl (requested /bin/openssl)
Disable /usr/lib/valgrind
Disable /usr/bin/lua5.2
Disable /usr/bin/lua5.2 (requested /usr/bin/lua)
Disable /usr/bin/luac5.2 (requested /usr/bin/luac)
Disable /usr/bin/luac5.2
Disable /usr/bin/lua5.2 (requested /bin/lua5.2)
Disable /usr/bin/lua5.2 (requested /bin/lua)
Disable /usr/bin/luac5.2 (requested /bin/luac)
Disable /usr/bin/luac5.2 (requested /bin/luac5.2)
Disable /usr/share/lua
Disable /usr/bin/cpan5.30-x86_64-linux-gnu
Disable /usr/bin/cpan
Disable /usr/bin/cpan5.30-x86_64-linux-gnu (requested /bin/cpan5.30-x86_64-linux-gnu)
Disable /usr/bin/cpan (requested /bin/cpan)
Disable /usr/bin/perl
Disable /usr/bin/perl (requested /bin/perl)
Disable /usr/share/perl
Disable /usr/share/perl5
Disable /usr/share/perl-openssl-defaults
Disable /usr/bin/python2.7 (requested /usr/bin/python2)
Disable /usr/bin/python2.7
Disable /usr/bin/python2.7 (requested /bin/python2)
Disable /usr/bin/python2.7 (requested /bin/python2.7)
Disable /usr/lib/python2.7
Disable /usr/local/lib/python2.7
Disable /usr/bin/python3.8 (requested /usr/bin/python3)
Disable /usr/bin/python3.8
Disable /usr/bin/x86_64-linux-gnu-python3.8-config (requested /usr/bin/python3.8-config)
Disable /usr/bin/x86_64-linux-gnu-python3.8-config (requested /usr/bin/python3-config)
Disable /usr/bin/python3-futurize
Disable /usr/bin/python3-pasteurize
Disable /usr/bin/python3.8 (requested /bin/python3)
Disable /usr/bin/python3.8 (requested /bin/python3.8)
Disable /usr/bin/x86_64-linux-gnu-python3.8-config (requested /bin/python3.8-config)
Disable /usr/bin/x86_64-linux-gnu-python3.8-config (requested /bin/python3-config)
Disable /usr/bin/python3-futurize (requested /bin/python3-futurize)
Disable /usr/bin/python3-pasteurize (requested /bin/python3-pasteurize)
Disable /usr/lib/python3
Disable /usr/lib/python3.8
Disable /usr/local/lib/python3.8
Disable /usr/share/python3
Disable /usr/share/python3-pycparser
Not blacklist /home/treyzania/.config/zoomus.conf
Disable /home/treyzania/.mozilla
Not blacklist /home/treyzania/.zoom
Disable /home/treyzania/.cache/mozilla
Mounting read-only /tmp/.X11-unix
1904 1401 8:3 /tmp/.X11-unix /tmp/.X11-unix ro,relatime master:1 - ext4 /dev/sda3 rw,errors=remount-ro
mountid=1904 fsname=/tmp/.X11-unix dir=/tmp/.X11-unix fstype=ext4
Disable /sys/fs
Disable /sys/module
Mounting noexec /run/firejail/mnt/pulse
Mounting /run/firejail/mnt/pulse on /home/treyzania/.config/pulse
1908 1392 0:70 /pulse /home/treyzania/.config/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755
mountid=1908 fsname=/pulse dir=/home/treyzania/.config/pulse fstype=tmpfs
Current directory: /home/treyzania
DISPLAY=:0 parsed as 0
Install protocol filter: unix,inet,inet6
configuring 14 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol (null)
Dropping all capabilities
Drop privileges: pid 3, uid 1000, gid 1000, nogroups 1
No supplementary groups
line OP JT JF K
=================================
0000: 20 00 00 00000004 ld data.architecture
0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002)
0002: 06 00 00 7fff0000 ret ALLOW
0003: 20 00 00 00000000 ld data.syscall-number
0004: 15 01 00 00000029 jeq socket 0006 (false 0005)
0005: 06 00 00 7fff0000 ret ALLOW
0006: 20 00 00 00000010 ld data.args[0]
0007: 15 00 01 00000001 jeq 1 0008 (false 0009)
0008: 06 00 00 7fff0000 ret ALLOW
0009: 15 00 01 00000002 jeq 2 000a (false 000b)
000a: 06 00 00 7fff0000 ret ALLOW
000b: 15 00 01 0000000a jeq a 000c (false 000d)
000c: 06 00 00 7fff0000 ret ALLOW
000d: 06 00 00 0005005f ret ERRNO(95)
configuring 54 seccomp entries in /run/firejail/mnt/seccomp/seccomp.32
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.32 (null)
Dropping all capabilities
Drop privileges: pid 4, uid 1000, gid 1000, nogroups 1
No supplementary groups
line OP JT JF K
=================================
0000: 20 00 00 00000004 ld data.architecture
0001: 15 01 00 40000003 jeq ARCH_32 0003 (false 0002)
0002: 06 00 00 7fff0000 ret ALLOW
0003: 20 00 00 00000000 ld data.syscall-number
0004: 15 30 00 00000015 jeq 15 0035 (false 0005)
0005: 15 2f 00 00000034 jeq 34 0035 (false 0006)
0006: 15 2e 00 0000001a jeq 1a 0035 (false 0007)
0007: 15 2d 00 0000011b jeq 11b 0035 (false 0008)
0008: 15 2c 00 00000155 jeq 155 0035 (false 0009)
0009: 15 2b 00 00000156 jeq 156 0035 (false 000a)
000a: 15 2a 00 0000007f jeq 7f 0035 (false 000b)
000b: 15 29 00 00000080 jeq 80 0035 (false 000c)
000c: 15 28 00 0000015e jeq 15e 0035 (false 000d)
000d: 15 27 00 00000081 jeq 81 0035 (false 000e)
000e: 15 26 00 0000006e jeq 6e 0035 (false 000f)
000f: 15 25 00 00000065 jeq 65 0035 (false 0010)
0010: 15 24 00 00000121 jeq 121 0035 (false 0011)
0011: 15 23 00 00000057 jeq 57 0035 (false 0012)
0012: 15 22 00 00000073 jeq 73 0035 (false 0013)
0013: 15 21 00 00000067 jeq 67 0035 (false 0014)
0014: 15 20 00 0000015b jeq 15b 0035 (false 0015)
0015: 15 1f 00 0000015c jeq 15c 0035 (false 0016)
0016: 15 1e 00 00000087 jeq 87 0035 (false 0017)
0017: 15 1d 00 00000095 jeq 95 0035 (false 0018)
0018: 15 1c 00 0000007c jeq 7c 0035 (false 0019)
0019: 15 1b 00 00000157 jeq 157 0035 (false 001a)
001a: 15 1a 00 000000fd jeq fd 0035 (false 001b)
001b: 15 19 00 00000150 jeq 150 0035 (false 001c)
001c: 15 18 00 00000152 jeq 152 0035 (false 001d)
001d: 15 17 00 0000015d jeq 15d 0035 (false 001e)
001e: 15 16 00 0000011e jeq 11e 0035 (false 001f)
001f: 15 15 00 0000011f jeq 11f 0035 (false 0020)
0020: 15 14 00 00000120 jeq 120 0035 (false 0021)
0021: 15 13 00 00000056 jeq 56 0035 (false 0022)
0022: 15 12 00 00000033 jeq 33 0035 (false 0023)
0023: 15 11 00 0000007b jeq 7b 0035 (false 0024)
0024: 15 10 00 000000d9 jeq d9 0035 (false 0025)
0025: 15 0f 00 000000f5 jeq f5 0035 (false 0026)
0026: 15 0e 00 000000f6 jeq f6 0035 (false 0027)
0027: 15 0d 00 000000f7 jeq f7 0035 (false 0028)
0028: 15 0c 00 000000f8 jeq f8 0035 (false 0029)
0029: 15 0b 00 000000f9 jeq f9 0035 (false 002a)
002a: 15 0a 00 00000101 jeq 101 0035 (false 002b)
002b: 15 09 00 00000112 jeq 112 0035 (false 002c)
002c: 15 08 00 00000114 jeq 114 0035 (false 002d)
002d: 15 07 00 00000126 jeq 126 0035 (false 002e)
002e: 15 06 00 0000013d jeq 13d 0035 (false 002f)
002f: 15 05 00 0000013c jeq 13c 0035 (false 0030)
0030: 15 04 00 0000003d jeq 3d 0035 (false 0031)
0031: 15 03 00 00000058 jeq 58 0035 (false 0032)
0032: 15 02 00 000000a9 jeq a9 0035 (false 0033)
0033: 15 01 00 00000082 jeq 82 0035 (false 0034)
0034: 06 00 00 7fff0000 ret ALLOW
0035: 06 00 00 00000000 ret KILL
Dual 32/64 bit seccomp filter configured
configuring 72 seccomp entries in /run/firejail/mnt/seccomp/seccomp
sbox run: /usr/lib/x86_64-linux-gnu/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp (null)
Dropping all capabilities
Drop privileges: pid 5, uid 1000, gid 1000, nogroups 1
No supplementary groups
line OP JT JF K
=================================
0000: 20 00 00 00000004 ld data.architecture
0001: 15 01 00 c000003e jeq ARCH_64 0003 (false 0002)
0002: 06 00 00 7fff0000 ret ALLOW
0003: 20 00 00 00000000 ld data.syscall-number
0004: 35 01 00 40000000 jge X32_ABI 0006 (false 0005)
0005: 35 01 00 00000000 jge read 0007 (false 0006)
0006: 06 00 00 00050001 ret ERRNO(1)
0007: 15 3f 00 0000009f jeq adjtimex 0047 (false 0008)
0008: 15 3e 00 00000131 jeq clock_adjtime 0047 (false 0009)
0009: 15 3d 00 000000e3 jeq clock_settime 0047 (false 000a)
000a: 15 3c 00 000000a4 jeq settimeofday 0047 (false 000b)
000b: 15 3b 00 0000009a jeq modify_ldt 0047 (false 000c)
000c: 15 3a 00 000000d4 jeq lookup_dcookie 0047 (false 000d)
000d: 15 39 00 0000012a jeq perf_event_open 0047 (false 000e)
000e: 15 38 00 00000137 jeq process_vm_writev 0047 (false 000f)
000f: 15 37 00 000000b0 jeq delete_module 0047 (false 0010)
0010: 15 36 00 00000139 jeq finit_module 0047 (false 0011)
0011: 15 35 00 000000af jeq init_module 0047 (false 0012)
0012: 15 34 00 0000009c jeq _sysctl 0047 (false 0013)
0013: 15 33 00 000000b7 jeq afs_syscall 0047 (false 0014)
0014: 15 32 00 000000ae jeq create_module 0047 (false 0015)
0015: 15 31 00 000000b1 jeq get_kernel_syms 0047 (false 0016)
0016: 15 30 00 000000b5 jeq getpmsg 0047 (false 0017)
0017: 15 2f 00 000000b6 jeq putpmsg 0047 (false 0018)
0018: 15 2e 00 000000b2 jeq query_module 0047 (false 0019)
0019: 15 2d 00 000000b9 jeq security 0047 (false 001a)
001a: 15 2c 00 0000008b jeq sysfs 0047 (false 001b)
001b: 15 2b 00 000000b8 jeq tuxcall 0047 (false 001c)
001c: 15 2a 00 00000086 jeq uselib 0047 (false 001d)
001d: 15 29 00 00000088 jeq ustat 0047 (false 001e)
001e: 15 28 00 000000ec jeq vserver 0047 (false 001f)
001f: 15 27 00 000000ad jeq ioperm 0047 (false 0020)
0020: 15 26 00 000000ac jeq iopl 0047 (false 0021)
0021: 15 25 00 000000f6 jeq kexec_load 0047 (false 0022)
0022: 15 24 00 00000140 jeq kexec_file_load 0047 (false 0023)
0023: 15 23 00 000000a9 jeq reboot 0047 (false 0024)
0024: 15 22 00 000000a7 jeq swapon 0047 (false 0025)
0025: 15 21 00 000000a8 jeq swapoff 0047 (false 0026)
0026: 15 20 00 00000130 jeq open_by_handle_at 0047 (false 0027)
0027: 15 1f 00 0000012f jeq name_to_handle_at 0047 (false 0028)
0028: 15 1e 00 000000fb jeq ioprio_set 0047 (false 0029)
0029: 15 1d 00 00000067 jeq syslog 0047 (false 002a)
002a: 15 1c 00 0000012c jeq fanotify_init 0047 (false 002b)
002b: 15 1b 00 00000138 jeq kcmp 0047 (false 002c)
002c: 15 1a 00 000000f8 jeq add_key 0047 (false 002d)
002d: 15 19 00 000000f9 jeq request_key 0047 (false 002e)
002e: 15 18 00 000000ed jeq mbind 0047 (false 002f)
002f: 15 17 00 00000100 jeq migrate_pages 0047 (false 0030)
0030: 15 16 00 00000117 jeq move_pages 0047 (false 0031)
0031: 15 15 00 000000fa jeq keyctl 0047 (false 0032)
0032: 15 14 00 000000ce jeq io_setup 0047 (false 0033)
0033: 15 13 00 000000cf jeq io_destroy 0047 (false 0034)
0034: 15 12 00 000000d0 jeq io_getevents 0047 (false 0035)
0035: 15 11 00 000000d1 jeq io_submit 0047 (false 0036)
0036: 15 10 00 000000d2 jeq io_cancel 0047 (false 0037)
0037: 15 0f 00 000000d8 jeq remap_file_pages 0047 (false 0038)
0038: 15 0e 00 00000143 jeq userfaultfd 0047 (false 0039)
0039: 15 0d 00 000000a3 jeq acct 0047 (false 003a)
003a: 15 0c 00 00000141 jeq bpf 0047 (false 003b)
003b: 15 0b 00 000000a1 jeq chroot 0047 (false 003c)
003c: 15 0a 00 000000a5 jeq mount 0047 (false 003d)
003d: 15 09 00 000000b4 jeq nfsservctl 0047 (false 003e)
003e: 15 08 00 0000009b jeq pivot_root 0047 (false 003f)
003f: 15 07 00 000000ab jeq setdomainname 0047 (false 0040)
0040: 15 06 00 000000aa jeq sethostname 0047 (false 0041)
0041: 15 05 00 000000a6 jeq umount2 0047 (false 0042)
0042: 15 04 00 00000099 jeq vhangup 0047 (false 0043)
0043: 15 03 00 00000065 jeq ptrace 0047 (false 0044)
0044: 15 02 00 00000087 jeq personality 0047 (false 0045)
0045: 15 01 00 00000136 jeq process_vm_readv 0047 (false 0046)
0046: 06 00 00 7fff0000 ret ALLOW
0047: 06 00 01 00000000 ret KILL
seccomp filter configured
Mounting read-only /run/firejail/mnt/seccomp
Dropping all capabilities
noroot user namespace installed
Dropping all capabilities
NO_NEW_PRIVS set
Drop privileges: pid 1, uid 1000, gid 1000, nogroups 0
Warning: cleaning all supplementary groups
starting application
LD_PRELOAD=(null)
Running '/opt/zoom/ZoomLauncher' command through /bin/bash
execvp argument 0: /bin/bash
execvp argument 1: -c
execvp argument 2: '/opt/zoom/ZoomLauncher'
Child process initialized in 173.40 ms
Installing /run/firejail/mnt/seccomp/seccomp seccomp filter
Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter
Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter
monitoring pid 6
^C
Parent received signal 2, shutting down the child process...
Child received signal 2, shutting down the sandbox...
Parent is shutting down, bye...
delbonis
All 5 comments
What changed calling firejail --noprofile PROGRAM in a shell? XXXXXXXXXXXXXXXX
What does the XXXXXXXX mean?
launch zoom as firejail --profile=/etc//firejail/zoom --private=$somewhere /opt/zoom/ZoomLauncher
Does it work w/o --private? Likely not, but in order to make it work, you propertly need to drop it.
Without --private and this in zoom.local it may work.
zoom.local
noblacklist ${HOME}/.mozilla
whitelist ${HOME}/.mozilla/firefox/profiles.ini
read-only ${HOME}/.mozilla/firefox/profiles.ini
rusty-snake
on 29 Jun 2020
What does the XXXXXXXX mean?
OOPS I meant to fill that in after my zoom meeting ended. Updated.
Does it work w/o --private? [...] Without --private and this in zoom.local it may work.
That launches Firefox properly. Although after the SSO flow finishes it opens a zoommtg:// link, which the jailed Zoom process doesn't know what to do with.
If I kill the jailed Zoom process and launch it as /opt/zoom/ZoomLauncher zoommtg://blah with the link the website tried to open it does work correctly and properly logs me in. I'm not sure if there's a better way around this or if I'll just have to live with it.
Out of curiosity, is there anything important in $HOME/.mozilla/ that Zoom would have access to now?
delbonis
on 30 Jun 2020
Out of curiosity, is there anything important in $HOME/.mozilla/ that Zoom would have access to now?
With the three lines in my last comment no. zoom has read-only access to ${HOME}/.mozilla/firefox/profiles.ini (where firefox stores the names and paths to your firefox-profiles) and nothing more. No bookmarks, no history, no extensions, …
Although after the SSO flow finishes it opens a zoommtg:// link, which the jailed Zoom process doesn't know what to do with.
I guess this is due to the firejailed firefox. Probably you would need to weaken the firefox sandbox.
rusty-snake
on 1 Jul 2020
I'm closing here due to inactivity, please fell free to request to reopen if you still have this issue.
rusty-snake
on 1 Sep 2020
👍1
If anyone encounters this thread in the future, I found a solution:
- use any web browser and go to https://northeastern.zoom.us/saml/login?from=desktop
- sign in
- copy the
zoommtg://northeastern.zoom.us/sso?token=XXXXXXXXXXXXlink firejail --profile=/etc/firejail/zoom.profile xdg-open "zoommtg://northeastern.zoom.us/sso?token=XXXXXXXXXXXX"
jennydaman
on 25 Sep 2020
👍2
Was this page helpful?
0 / 5 - 0 ratings
Related issues
ericschdt
·
3Comments
fl-chris
·
4Comments
thiswillbeyourgithub
·
3Comments
Fincer
·
4Comments
nuxwin
·
3Comments
Most helpful comment
If anyone encounters this thread in the future, I found a solution:
zoommtg://northeastern.zoom.us/sso?token=XXXXXXXXXXXXlinkfirejail --profile=/etc/firejail/zoom.profile xdg-open "zoommtg://northeastern.zoom.us/sso?token=XXXXXXXXXXXX"