Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

broken bash autocomplete with --private option #4936

Closed
3 of 7 tasks
kuesji opened this issue Feb 13, 2022 · 12 comments
Closed
3 of 7 tasks

broken bash autocomplete with --private option #4936

kuesji opened this issue Feb 13, 2022 · 12 comments
Labels
enhancement New feature request
Projects
Release 0.9.70

Comments

@kuesji
Copy link
Contributor

kuesji commented Feb 13, 2022
edited

Description

tab inserts tab instead of autocompleting current command in bash when you run firejail with --private parameter

Steps to Reproduce

  • install 0.9.68
  • run with firejail --private
  • type a few letter of any command and press tab

Expected behavior

completion of current command

Actual behavior

inserts tab

Behavior without a profile

nothing. behavior is same with default.profile and --noprofile

Additional context

tab works as intented if --private parameter not supplied to firejail

Environment

  • Linux distribution : arch linux
  • Firejail version : 0.9.68

Checklist

  • The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it).
  • I can reproduce the issue without custom modifications (e.g. globals.local).
  • The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
  • The profile (and redirect profile if exists) hasn't already been fixed upstream.
  • I have performed a short search for similar issues (to avoid opening a duplicate).
    • I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.
  • I used --profile=PROFILENAME to set the right profile. (Only relevant for AppImages)

Log

Output of LC_ALL=C firejail /path/to/program 

Reading profile /etc/firejail/default.profile
Reading profile /etc/firejail/disable-common.inc

** Note: you can use --noprofile to disable default.profile **

Parent pid 19777, child pid 19778
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Child process initialized in 203.57 ms

Output of LC_ALL=C firejail --debug /path/to/program 

Autoselecting /bin/bash as shell
Building quoted command line: '/bin/bash' 
Command name #bash#
Attempting to find default.profile...
Found default.profile profile in /etc/firejail directory
Reading profile /etc/firejail/default.profile
Found disable-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-common.inc
[profile] combined protocol list: "unix,inet,inet6"

** Note: you can use --noprofile to disable default.profile **

DISPLAY=:0 parsed as 0
Using the local network stack
Parent pid 19803, child pid 19804
Initializing child process
Host network configured
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp directory
Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file
Build protocol filter: unix,inet,inet6
sbox run: /run/firejail/lib/fseccomp protocol build unix,inet,inet6 /run/firejail/mnt/seccomp/seccomp.protocol 
Dropping all capabilities
Drop privileges: pid 2, uid 1000, gid 1000, force_nogroups 1
No supplementary groups
Mounting /proc filesystem representing the PID namespace
Basic read-only filesystem:
Mounting read-only /etc
1538 1506 8:2 /etc /etc ro,relatime master:1 - ext4 /dev/sda2 rw
mountid=1538 fsname=/etc dir=/etc fstype=ext4
Mounting noexec /etc
1539 1538 8:2 /etc /etc ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/sda2 rw
mountid=1539 fsname=/etc dir=/etc fstype=ext4
Mounting read-only /var
1540 1506 8:2 /var /var ro,relatime master:1 - ext4 /dev/sda2 rw
mountid=1540 fsname=/var dir=/var fstype=ext4
Mounting noexec /var
1541 1540 8:2 /var /var ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/sda2 rw
mountid=1541 fsname=/var dir=/var fstype=ext4
Mounting read-only /usr
1542 1506 8:2 /usr /usr ro,relatime master:1 - ext4 /dev/sda2 rw
mountid=1542 fsname=/usr dir=/usr fstype=ext4
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Create the new utmp file
Mount the new utmp file
Cleaning /run/user directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/profile
Disable /run/firejail/x11
Drop privileges: pid 3, uid 1000, gid 1000, force_nogroups 0
Supplementary groups: 995 986 991 
Mounting a new /root directory
Mounting a new /home directory
Mounting tmpfs on /data/home/kuesji, check owner: yes
1563 1506 0:90 / /data/home/kuesji rw,nosuid,nodev,relatime - tmpfs tmpfs rw,mode=700,uid=1000,gid=1000,inode64
mountid=1563 fsname=/ dir=/data/home/kuesji fstype=tmpfs
Drop privileges: pid 4, uid 1000, gid 1000, force_nogroups 0
Supplementary groups: 995 986 991 
Drop privileges: pid 5, uid 1000, gid 1000, force_nogroups 0
Supplementary groups: 995 986 991 
blacklist /run/firejail/dbus
Mounting read-only /proc/sys
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/timer_list
Disable /proc/kcore
Disable /proc/kallsyms
Disable /usr/lib/modules/5.16.8-arch1-1/build (requested /usr/src/linux)
Disable /usr/lib/modules (requested /lib/modules)
Disable /boot
Disable /dev/port
Disable /run/user/1000/gnupg
Disable /run/user/1000/systemd
Disable /dev/kmsg
Disable /proc/kmsg
Disable /data/jails
Not blacklist /data/home/kuesji/.*_history
Not blacklist /data/home/kuesji/.adobe
Not blacklist /data/home/kuesji/.histfile
Not blacklist /data/home/kuesji/.history
Not blacklist /data/home/kuesji/.macromedia
Not blacklist /data/home/kuesji/.mupdf.history
Not blacklist /data/home/kuesji/.python-history
Not blacklist /data/home/kuesji/.python_history
Not blacklist /data/home/kuesji/.pythonhist
Not blacklist /data/home/kuesji/.lesshst
Not blacklist /data/home/kuesji/.viminfo
Not blacklist /data/home/kuesji/.Xsession
Not blacklist /data/home/kuesji/.blackbox
Not blacklist /data/home/kuesji/.fluxbox
Not blacklist /data/home/kuesji/.gnomerc
Not blacklist /data/home/kuesji/.xinitrc
Not blacklist /data/home/kuesji/.xprofile
Not blacklist /data/home/kuesji/.xserverrc
Not blacklist /data/home/kuesji/.xsession
Not blacklist /data/home/kuesji/.xsessionrc
Disable /etc/xdg/autostart
Mounting read-only /data/home/kuesji/.Xauthority
1582 1563 0:90 /.Xauthority /data/home/kuesji/.Xauthority ro,nosuid,nodev,relatime - tmpfs tmpfs rw,mode=700,uid=1000,gid=1000,inode64
mountid=1582 fsname=/.Xauthority dir=/data/home/kuesji/.Xauthority fstype=tmpfs
Disable /run/user/1000/gnome-session-leader-fifo
Disable /run/user/1000/gnome-shell
Disable /usr/bin/systemctl
Disable /usr/bin/systemd-run
Disable /run/user/1000/systemd
Disable /etc/systemd/network
Disable /etc/systemd/system
Disable /var/lib/systemd
Not blacklist /data/home/kuesji/.VirtualBox
Not blacklist /data/home/kuesji/.VeraCrypt
Not blacklist /data/home/kuesji/.TrueCrypt
Not blacklist /data/home/kuesji/.zuluCrypt
Not blacklist /data/home/kuesji/.zuluCrypt-socket
Disable /var/cache/pacman
Disable /var/lib/dkms
Disable /var/lib/pacman
Disable /var/lib/upower
Disable /var/spool/mail (requested /var/mail)
Disable /var/opt
Disable /var/spool/mail
Disable /etc/apparmor.d
Disable /etc/apparmor
Disable /etc/default
Disable /etc/dkms
Disable /etc/grub.d
Disable /etc/kernel
Disable /etc/logrotate.d
Disable /etc/modules-load.d
Disable /etc/profile.d
Mounting read-only /data/home/kuesji/.bashrc
1607 1563 0:90 /.bashrc /data/home/kuesji/.bashrc ro,nosuid,nodev,relatime - tmpfs tmpfs rw,mode=700,uid=1000,gid=1000,inode64
mountid=1607 fsname=/.bashrc dir=/data/home/kuesji/.bashrc fstype=tmpfs
Not blacklist /data/home/kuesji/.rhosts
Not blacklist /data/home/kuesji/.shosts
Disable /etc/group-
Disable /etc/gshadow
Disable /etc/gshadow-
Disable /etc/passwd-
Disable /etc/shadow
Disable /etc/shadow-
Disable /etc/ssh
Warning (blacklisting): cannot open /etc/ssh/*: Permission denied
Not blacklist /data/home/kuesji/.Private
Not blacklist /data/home/kuesji/.caff
Not blacklist /data/home/kuesji/.cargo/credentials
Not blacklist /data/home/kuesji/.cargo/credentials.toml
Not blacklist /data/home/kuesji/.cert
Not blacklist /data/home/kuesji/.ecryptfs
Not blacklist /data/home/kuesji/.fetchmailrc
Not blacklist /data/home/kuesji/.fscrypt
Not blacklist /data/home/kuesji/.git-credential-cache
Not blacklist /data/home/kuesji/.git-credentials
Not blacklist /data/home/kuesji/.gnupg
Not blacklist /data/home/kuesji/.minisign
Not blacklist /data/home/kuesji/.msmtprc
Not blacklist /data/home/kuesji/.mutt
Not blacklist /data/home/kuesji/.muttrc
Not blacklist /data/home/kuesji/.netrc
Not blacklist /data/home/kuesji/.nyx
Not blacklist /data/home/kuesji/.pki
Not blacklist /data/home/kuesji/.smbcredentials
Not blacklist /data/home/kuesji/.ssh
Not blacklist /data/home/kuesji/.vaults
Not blacklist /data/home/kuesji/.aws
Not blacklist /data/home/kuesji/.boto
Not blacklist /data/home/kuesji/.kube
Not blacklist /data/home/kuesji/.passwd-s3fs
Not blacklist /data/home/kuesji/.s3cmd
Warning: /sbin directory link was not blacklisted
Disable /usr/local/sbin
Warning: /usr/sbin directory link was not blacklisted
Warning (blacklisting): cannot open /usr/local/sbin/at: Permission denied
Disable /usr/bin/busybox
Warning (blacklisting): cannot open /usr/local/sbin/busybox: Permission denied
Disable /usr/bin/chage
Warning (blacklisting): cannot open /usr/local/sbin/chage: Permission denied
Disable /usr/bin/chfn
Warning (blacklisting): cannot open /usr/local/sbin/chfn: Permission denied
Disable /usr/bin/chsh
Warning (blacklisting): cannot open /usr/local/sbin/chsh: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/crontab: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/evtest: Permission denied
Disable /usr/bin/expiry
Warning (blacklisting): cannot open /usr/local/sbin/expiry: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/fusermount: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/gksu: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/gksudo: Permission denied
Disable /usr/bin/gpasswd
Warning (blacklisting): cannot open /usr/local/sbin/gpasswd: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/kdesudo: Permission denied
Disable /usr/bin/ksu
Warning (blacklisting): cannot open /usr/local/sbin/ksu: Permission denied
Disable /usr/bin/mount
Warning (blacklisting): cannot open /usr/local/sbin/mount: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/mount.ecryptfs_private: Permission denied
Disable /usr/bin/nc
Warning (blacklisting): cannot open /usr/local/sbin/nc: Permission denied
Disable /usr/bin/ncat
Warning (blacklisting): cannot open /usr/local/sbin/ncat: Permission denied
Disable /usr/bin/nmap
Warning (blacklisting): cannot open /usr/local/sbin/nmap: Permission denied
Disable /usr/bin/newgidmap
Warning (blacklisting): cannot open /usr/local/sbin/newgidmap: Permission denied
Disable /usr/bin/newgrp
Warning (blacklisting): cannot open /usr/local/sbin/newgrp: Permission denied
Disable /usr/bin/newuidmap
Warning (blacklisting): cannot open /usr/local/sbin/newuidmap: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/ntfs-3g: Permission denied
Disable /usr/bin/pkexec
Warning (blacklisting): cannot open /usr/local/sbin/pkexec: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/procmail: Permission denied
Disable /usr/bin/sg
Warning (blacklisting): cannot open /usr/local/sbin/sg: Permission denied
Disable /usr/bin/strace
Warning (blacklisting): cannot open /usr/local/sbin/strace: Permission denied
Disable /usr/bin/su
Warning (blacklisting): cannot open /usr/local/sbin/su: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/sudo: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/tcpdump: Permission denied
Disable /usr/bin/umount
Warning (blacklisting): cannot open /usr/local/sbin/umount: Permission denied
Disable /usr/bin/unix_chkpwd
Warning (blacklisting): cannot open /usr/local/sbin/unix_chkpwd: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/xev: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/xinput: Permission denied
Disable /usr/lib/ssh
Disable /usr/bin/passwd
Warning (blacklisting): cannot open /usr/local/sbin/passwd: Permission denied
Disable /usr/lib/dbus-1.0/dbus-daemon-launch-helper
Disable /usr/lib/chromium/chrome-sandbox
Disable /usr/bin/suexec
Warning (blacklisting): cannot open /usr/local/sbin/suexec: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/slock: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/physlock: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/schroot: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/wshowkeys: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/pmount: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/pumount: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/bmon: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/fping: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/fping6: Permission denied
Disable /usr/bin/hostname
Warning (blacklisting): cannot open /usr/local/sbin/hostname: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/mtr: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/mtr-packet: Permission denied
Disable /usr/bin/netstat
Warning (blacklisting): cannot open /usr/local/sbin/netstat: Permission denied
Disable /usr/bin/nm-online
Warning (blacklisting): cannot open /usr/local/sbin/nm-online: Permission denied
Disable /usr/bin/nmcli
Warning (blacklisting): cannot open /usr/local/sbin/nmcli: Permission denied
Disable /usr/bin/nmtui
Warning (blacklisting): cannot open /usr/local/sbin/nmtui: Permission denied
Disable /usr/bin/nmtui (requested /usr/bin/nmtui-connect)
Warning (blacklisting): cannot open /usr/local/sbin/nmtui-connect: Permission denied
Disable /usr/bin/nmtui (requested /usr/bin/nmtui-edit)
Warning (blacklisting): cannot open /usr/local/sbin/nmtui-edit: Permission denied
Disable /usr/bin/nmtui (requested /usr/bin/nmtui-hostname)
Warning (blacklisting): cannot open /usr/local/sbin/nmtui-hostname: Permission denied
Disable /usr/bin/networkctl
Warning (blacklisting): cannot open /usr/local/sbin/networkctl: Permission denied
Disable /usr/bin/ss
Warning (blacklisting): cannot open /usr/local/sbin/ss: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/traceroute: Permission denied
Disable /usr/bin/gnome-terminal
Warning (blacklisting): cannot open /usr/local/sbin/gnome-terminal: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/gnome-terminal.wrapper: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/lilyterm: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/lxterminal: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/mate-terminal: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/mate-terminal.wrapper: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/pantheon-terminal: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/roxterm: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/roxterm-config: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/terminix: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/tilix: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/urxvtc: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/urxvtcd: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/xfce4-terminal: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/xfce4-terminal.wrapper: Permission denied
Not blacklist /data/home/kuesji/.var
Disable /usr/bin/bwrap
Warning (blacklisting): cannot open /usr/local/sbin/bwrap: Permission denied
Disable /var/lib/flatpak/.changed
Disable /var/lib/flatpak/repo
Not blacklist /data/home/kuesji/.Mail
Not blacklist /data/home/kuesji/.mail
Not blacklist /data/home/kuesji/.signature
Disable /proc/config.gz
Disable /usr/bin/dig
Warning (blacklisting): cannot open /usr/local/sbin/dig: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/dlint: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/dns2tcp: Permission denied
Disable /usr/bin/dnssec-importkey
Disable /usr/bin/dnssec-keygen
Disable /usr/bin/dnssec-keymgr
Disable /usr/bin/dnssec-settime
Disable /usr/bin/dnssec-verify
Disable /usr/bin/dnssec-keyfromlabel
Disable /usr/bin/dnssec-signzone
Disable /usr/bin/dnssec-revoke
Disable /usr/bin/dnssec-coverage
Disable /usr/bin/dnssec-cds
Disable /usr/bin/dnssec-dsfromkey
Disable /usr/bin/dnssec-checkds
Warning (blacklisting): cannot open /usr/local/sbin/dnssec-*: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/dnswalk: Permission denied
Disable /usr/bin/drill
Warning (blacklisting): cannot open /usr/local/sbin/drill: Permission denied
Disable /usr/bin/host
Warning (blacklisting): cannot open /usr/local/sbin/host: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/iodine: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/kdig: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/khost: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/knsupdate: Permission denied
Disable /usr/bin/ldns-gen-zone
Disable /usr/bin/ldns-chaos
Disable /usr/bin/ldns-signzone
Disable /usr/bin/ldns-revoke
Disable /usr/bin/ldns-version
Disable /usr/bin/ldns-zcat
Disable /usr/bin/ldns-key2ds
Disable /usr/bin/ldns-zsplit
Disable /usr/bin/ldns-dpa
Disable /usr/bin/ldns-mx
Disable /usr/bin/ldns-test-edns
Disable /usr/bin/ldns-walk
Disable /usr/bin/ldns-resolver
Disable /usr/bin/ldns-keygen
Disable /usr/bin/ldns-nsec3-hash
Disable /usr/bin/ldns-verify-zone
Disable /usr/bin/ldns-dane
Disable /usr/bin/ldns-read-zone
Disable /usr/bin/ldns-rrsig
Disable /usr/bin/ldns-compare-zones
Disable /usr/bin/ldns-keyfetcher
Disable /usr/bin/ldns-config
Disable /usr/bin/ldns-testns
Disable /usr/bin/ldns-update
Disable /usr/bin/ldns-notify
Warning (blacklisting): cannot open /usr/local/sbin/ldns-*: Permission denied
Disable /usr/bin/ldnsd
Warning (blacklisting): cannot open /usr/local/sbin/ldnsd: Permission denied
Disable /usr/bin/nslookup
Warning (blacklisting): cannot open /usr/local/sbin/nslookup: Permission denied
Disable /usr/bin/resolvectl
Warning (blacklisting): cannot open /usr/local/sbin/resolvectl: Permission denied
Warning (blacklisting): cannot open /usr/local/sbin/unbound-host: Permission denied
Disable /usr/bin/ftp
Warning (blacklisting): cannot open /usr/local/sbin/ftp: Permission denied
Disable /usr/bin/ssh
Warning (blacklisting): cannot open /usr/local/sbin/ssh: Permission denied
Disable /usr/bin/telnet
Warning (blacklisting): cannot open /usr/local/sbin/telnet: Permission denied
Disable /run/user/1000/wayland-0.lock
Not blacklist /data/home/kuesji/.password-store
Disable /sys/fs
Disable /sys/module
Drop privileges: pid 6, uid 1000, gid 1000, force_nogroups 0
Supplementary groups: 995 986 991 
Creating empty /data/home/kuesji/.config directory
Drop privileges: pid 7, uid 1000, gid 1000, force_nogroups 0
Supplementary groups: 995 986 991 
Creating empty /data/home/kuesji/.config/pulse directory
Mounting noexec /run/firejail/mnt/pulse
1705 1535 0:56 /pulse /run/firejail/mnt/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64
mountid=1705 fsname=/pulse dir=/run/firejail/mnt/pulse fstype=tmpfs
Mounting /run/firejail/mnt/pulse on /data/home/kuesji/.config/pulse
1706 1563 0:56 /pulse /data/home/kuesji/.config/pulse rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64
mountid=1706 fsname=/pulse dir=/data/home/kuesji/.config/pulse fstype=tmpfs
rebuilding /etc directory
Creating empty /run/firejail/mnt/dns-etc/mkinitcpio.conf file
Creating empty /run/firejail/mnt/dns-etc/libpaper.d directory
Creating empty /run/firejail/mnt/dns-etc/openvpn directory
Creating empty /run/firejail/mnt/dns-etc/mono directory
Creating empty /run/firejail/mnt/dns-etc/java11-openjdk directory
Creating empty /run/firejail/mnt/dns-etc/environment file
Creating empty /run/firejail/mnt/dns-etc/shells file
Creating empty /run/firejail/mnt/dns-etc/openmpi directory
Creating empty /run/firejail/mnt/dns-etc/machine-id file
Creating empty /run/firejail/mnt/dns-etc/nanorc file
Creating empty /run/firejail/mnt/dns-etc/resolv.conf file
Creating empty /run/firejail/mnt/dns-etc/httpd directory
Creating empty /run/firejail/mnt/dns-etc/papersize file
Creating empty /run/firejail/mnt/dns-etc/locale.conf file
Creating empty /run/firejail/mnt/dns-etc/depmod.d directory
Creating empty /run/firejail/mnt/dns-etc/nginx directory
Creating empty /run/firejail/mnt/dns-etc/pipewire directory
Creating empty /run/firejail/mnt/dns-etc/avahi directory
Creating empty /run/firejail/mnt/dns-etc/dconf directory
Creating empty /run/firejail/mnt/dns-etc/host.conf file
Creating empty /run/firejail/mnt/dns-etc/locale.gen file
Creating empty /run/firejail/mnt/dns-etc/vconsole.conf file
Creating empty /run/firejail/mnt/dns-etc/e2scrub.conf file
Creating empty /run/firejail/mnt/dns-etc/request-key.d directory
Creating empty /run/firejail/mnt/dns-etc/sysctl.d directory
Creating empty /run/firejail/mnt/dns-etc/gimp directory
Creating empty /run/firejail/mnt/dns-etc/openldap directory
Creating empty /run/firejail/mnt/dns-etc/passwd file
Creating empty /run/firejail/mnt/dns-etc/ndctl.conf.d directory
Creating empty /run/firejail/mnt/dns-etc/wpa_supplicant directory
Creating empty /run/firejail/mnt/dns-etc/fuse.conf file
Creating empty /run/firejail/mnt/dns-etc/cifs-utils directory
Creating empty /run/firejail/mnt/dns-etc/libreoffice directory
Creating empty /run/firejail/mnt/dns-etc/X11 directory
Creating empty /run/firejail/mnt/dns-etc/rygel.conf file
Creating empty /run/firejail/mnt/dns-etc/libaudit.conf file
Creating empty /run/firejail/mnt/dns-etc/ld.so.cache file
Creating empty /run/firejail/mnt/dns-etc/issue file
Creating empty /run/firejail/mnt/dns-etc/makepkg.conf file
Creating empty /run/firejail/mnt/dns-etc/group file
Creating empty /run/firejail/mnt/dns-etc/polkit-1 directory
Creating empty /run/firejail/mnt/dns-etc/rc_keymaps directory
Creating empty /run/firejail/mnt/dns-etc/systemd directory
Creating empty /run/firejail/mnt/dns-etc/adjtime file
Creating empty /run/firejail/mnt/dns-etc/ts.conf file
Creating empty /run/firejail/mnt/dns-etc/trusted-key.key file
Creating empty /run/firejail/mnt/dns-etc/daxctl.conf.d directory
Creating empty /run/firejail/mnt/dns-etc/services file
Creating empty /run/firejail/mnt/dns-etc/protocols file
Creating empty /run/firejail/mnt/dns-etc/netctl directory
Creating empty /run/firejail/mnt/dns-etc/gtk-2.0 directory
Creating empty /run/firejail/mnt/dns-etc/mailcap file
Creating empty /run/firejail/mnt/dns-etc/xdg directory
Creating empty /run/firejail/mnt/dns-etc/netconfig file
Creating empty /run/firejail/mnt/dns-etc/skel directory
Creating empty /run/firejail/mnt/dns-etc/request-key.conf file
Creating empty /run/firejail/mnt/dns-etc/resolv.conf.bak file
Creating empty /run/firejail/mnt/dns-etc/locale.gen.pacnew file
Creating empty /run/firejail/mnt/dns-etc/hotplug directory
Creating empty /run/firejail/mnt/dns-etc/mke2fs.conf file
Creating empty /run/firejail/mnt/dns-etc/pacman.conf file
Creating empty /run/firejail/mnt/dns-etc/conf.d directory
Creating empty /run/firejail/mnt/dns-etc/ifplugd directory
Creating empty /run/firejail/mnt/dns-etc/geoclue directory
Creating empty /run/firejail/mnt/dns-etc/healthd.conf file
Creating empty /run/firejail/mnt/dns-etc/.pwd.lock file
Creating empty /run/firejail/mnt/dns-etc/udev directory
Creating empty /run/firejail/mnt/dns-etc/dhcpcd.conf file
Creating empty /run/firejail/mnt/dns-etc/mdadm.conf file
Creating empty /run/firejail/mnt/dns-etc/pam.d directory
Creating empty /run/firejail/mnt/dns-etc/mkinitcpio.d directory
Creating empty /run/firejail/mnt/dns-etc/crypttab file
Creating empty /run/firejail/mnt/dns-etc/bluetooth directory
Creating empty /run/firejail/mnt/dns-etc/bash.bashrc file
Creating empty /run/firejail/mnt/dns-etc/xattr.conf file
Creating empty /run/firejail/mnt/dns-etc/bash.bash_logout file
Creating empty /run/firejail/mnt/dns-etc/security directory
Creating empty /run/firejail/mnt/dns-etc/rhashrc file
Creating empty /run/firejail/mnt/dns-etc/rc_maps.cfg file
Creating empty /run/firejail/mnt/dns-etc/named.conf file
Creating empty /run/firejail/mnt/dns-etc/NetworkManager directory
Creating empty /run/firejail/mnt/dns-etc/cpufreq-bench.conf file
Creating empty /run/firejail/mnt/dns-etc/krb5.conf file
Creating empty /run/firejail/mnt/dns-etc/ca-certificates directory
Creating empty /run/firejail/mnt/dns-etc/ethertypes file
Creating empty /run/firejail/mnt/dns-etc/ld.so.conf file
Creating empty /run/firejail/mnt/dns-etc/xinetd.d directory
Creating empty /run/firejail/mnt/dns-etc/hostname file
Creating empty /run/firejail/mnt/dns-etc/profile file
Creating empty /run/firejail/mnt/dns-etc/dleyna-renderer-service.conf file
Creating empty /run/firejail/mnt/dns-etc/inputrc file
Creating empty /run/firejail/mnt/dns-etc/vdpau_wrapper.cfg file
Creating empty /run/firejail/mnt/dns-etc/lvm directory
Creating empty /run/firejail/mnt/dns-etc/ld.so.preload file
Creating empty /run/firejail/mnt/dns-etc/gtk-3.0 directory
Creating empty /run/firejail/mnt/dns-etc/securetty file
Creating empty /run/firejail/mnt/dns-etc/sensors.d directory
Creating empty /run/firejail/mnt/dns-etc/smartd.conf file
Creating empty /run/firejail/mnt/dns-etc/jack directory
Creating empty /run/firejail/mnt/dns-etc/gdm directory
Creating empty /run/firejail/mnt/dns-etc/sensors3.conf file
Creating empty /run/firejail/mnt/dns-etc/pacman.d directory
Creating empty /run/firejail/mnt/dns-etc/audit directory
Creating empty /run/firejail/mnt/dns-etc/.updated file
Creating empty /run/firejail/mnt/dns-etc/libinput directory
Creating empty /run/firejail/mnt/dns-etc/gssapi_mech.conf file
Creating empty /run/firejail/mnt/dns-etc/alsa directory
Creating empty /run/firejail/mnt/dns-etc/bind.keys file
Creating empty /run/firejail/mnt/dns-etc/ant.conf file
Creating empty /run/firejail/mnt/dns-etc/gai.conf file
Creating empty /run/firejail/mnt/dns-etc/modprobe.d directory
Creating empty /run/firejail/mnt/dns-etc/gdb directory
Creating empty /run/firejail/mnt/dns-etc/resolvconf.conf file
Creating empty /run/firejail/mnt/dns-etc/nscd.conf file
Creating empty /run/firejail/mnt/dns-etc/libva.conf file
Creating empty /run/firejail/mnt/dns-etc/ndctl directory
Creating empty /run/firejail/mnt/dns-etc/slsh.rc file
Creating empty /run/firejail/mnt/dns-etc/libnl directory
Creating empty /run/firejail/mnt/dns-etc/pulse directory
Creating empty /run/firejail/mnt/dns-etc/ld.so.conf.d directory
Creating empty /run/firejail/mnt/dns-etc/man_db.conf file
Creating empty /run/firejail/mnt/dns-etc/bindresvport.blacklist file
Creating empty /run/firejail/mnt/dns-etc/keyutils directory
Creating empty /run/firejail/mnt/dns-etc/dleyna-server-service.conf file
Creating empty /run/firejail/mnt/dns-etc/iproute2 directory
Creating empty /run/firejail/mnt/dns-etc/login.defs file
Creating empty /run/firejail/mnt/dns-etc/arch-release file
Creating empty /run/firejail/mnt/dns-etc/java-openjdk directory
Creating empty /run/firejail/mnt/dns-etc/UPower directory
Creating empty /run/firejail/mnt/dns-etc/rpc file
Creating empty /run/firejail/mnt/dns-etc/fstab file
Creating empty /run/firejail/mnt/dns-etc/pkcs11 directory
Creating empty /run/firejail/mnt/dns-etc/fonts directory
Creating empty /run/firejail/mnt/dns-etc/binfmt.d directory
Creating empty /run/firejail/mnt/dns-etc/ImageMagick-7 directory
Creating empty /run/firejail/mnt/dns-etc/wgetrc file
Creating empty /run/firejail/mnt/dns-etc/hosts file
Creating empty /run/firejail/mnt/dns-etc/firejail directory
Creating empty /run/firejail/mnt/dns-etc/mime.types file
Creating empty /run/firejail/mnt/dns-etc/iptables directory
Creating empty /run/firejail/mnt/dns-etc/pinentry directory
Creating empty /run/firejail/mnt/dns-etc/libblockdev directory
Creating empty /run/firejail/mnt/dns-etc/udisks2 directory
Creating empty /run/firejail/mnt/dns-etc/initcpio directory
Creating empty /run/firejail/mnt/dns-etc/ssl directory
Creating empty /run/firejail/mnt/dns-etc/nsswitch.conf file
Creating empty /run/firejail/mnt/dns-etc/tmpfiles.d directory
Mount-bind /run/firejail/mnt/dns-etc on top of /etc
Current directory: /data/home/kuesji
DISPLAY=:0 parsed as 0
Install protocol filter: unix,inet,inet6
configuring 20 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol
sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol 
Dropping all capabilities
Drop privileges: pid 8, uid 1000, gid 1000, force_nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 04 00 c000003e   jeq ARCH_64 0006 (false 0002)
 0002: 20 00 00 00000000   ld  data.syscall-number
 0003: 15 01 00 00000167   jeq unknown 0005 (false 0004)
 0004: 06 00 00 7fff0000   ret ALLOW
 0005: 05 00 00 00000006   jmp 000c
 0006: 20 00 00 00000004   ld  data.architecture
 0007: 15 01 00 c000003e   jeq ARCH_64 0009 (false 0008)
 0008: 06 00 00 7fff0000   ret ALLOW
 0009: 20 00 00 00000000   ld  data.syscall-number
 000a: 15 01 00 00000029   jeq socket 000c (false 000b)
 000b: 06 00 00 7fff0000   ret ALLOW
 000c: 20 00 00 00000010   ld  data.args[0]
 000d: 15 00 01 00000001   jeq 1 000e (false 000f)
 000e: 06 00 00 7fff0000   ret ALLOW
 000f: 15 00 01 00000002   jeq 2 0010 (false 0011)
 0010: 06 00 00 7fff0000   ret ALLOW
 0011: 15 00 01 0000000a   jeq a 0012 (false 0013)
 0012: 06 00 00 7fff0000   ret ALLOW
 0013: 06 00 00 0005005f   ret ERRNO(95)
configuring 54 seccomp entries in /run/firejail/mnt/seccomp/seccomp.32
sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.32 
Dropping all capabilities
Drop privileges: pid 9, uid 1000, gid 1000, force_nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 40000003   jeq ARCH_32 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 15 30 00 00000015   jeq 15 0035 (false 0005)
 0005: 15 2f 00 00000034   jeq 34 0035 (false 0006)
 0006: 15 2e 00 0000001a   jeq 1a 0035 (false 0007)
 0007: 15 2d 00 0000011b   jeq 11b 0035 (false 0008)
 0008: 15 2c 00 00000155   jeq 155 0035 (false 0009)
 0009: 15 2b 00 00000156   jeq 156 0035 (false 000a)
 000a: 15 2a 00 0000007f   jeq 7f 0035 (false 000b)
 000b: 15 29 00 00000080   jeq 80 0035 (false 000c)
 000c: 15 28 00 0000015e   jeq 15e 0035 (false 000d)
 000d: 15 27 00 00000081   jeq 81 0035 (false 000e)
 000e: 15 26 00 0000006e   jeq 6e 0035 (false 000f)
 000f: 15 25 00 00000065   jeq 65 0035 (false 0010)
 0010: 15 24 00 00000121   jeq 121 0035 (false 0011)
 0011: 15 23 00 00000057   jeq 57 0035 (false 0012)
 0012: 15 22 00 00000073   jeq 73 0035 (false 0013)
 0013: 15 21 00 00000067   jeq 67 0035 (false 0014)
 0014: 15 20 00 0000015b   jeq 15b 0035 (false 0015)
 0015: 15 1f 00 0000015c   jeq 15c 0035 (false 0016)
 0016: 15 1e 00 00000087   jeq 87 0035 (false 0017)
 0017: 15 1d 00 00000095   jeq 95 0035 (false 0018)
 0018: 15 1c 00 0000007c   jeq 7c 0035 (false 0019)
 0019: 15 1b 00 00000157   jeq 157 0035 (false 001a)
 001a: 15 1a 00 000000fd   jeq fd 0035 (false 001b)
 001b: 15 19 00 00000150   jeq 150 0035 (false 001c)
 001c: 15 18 00 00000152   jeq 152 0035 (false 001d)
 001d: 15 17 00 0000015d   jeq 15d 0035 (false 001e)
 001e: 15 16 00 0000011e   jeq 11e 0035 (false 001f)
 001f: 15 15 00 0000011f   jeq 11f 0035 (false 0020)
 0020: 15 14 00 00000120   jeq 120 0035 (false 0021)
 0021: 15 13 00 00000056   jeq 56 0035 (false 0022)
 0022: 15 12 00 00000033   jeq 33 0035 (false 0023)
 0023: 15 11 00 0000007b   jeq 7b 0035 (false 0024)
 0024: 15 10 00 000000d9   jeq d9 0035 (false 0025)
 0025: 15 0f 00 000000f5   jeq f5 0035 (false 0026)
 0026: 15 0e 00 000000f6   jeq f6 0035 (false 0027)
 0027: 15 0d 00 000000f7   jeq f7 0035 (false 0028)
 0028: 15 0c 00 000000f8   jeq f8 0035 (false 0029)
 0029: 15 0b 00 000000f9   jeq f9 0035 (false 002a)
 002a: 15 0a 00 00000101   jeq 101 0035 (false 002b)
 002b: 15 09 00 00000112   jeq 112 0035 (false 002c)
 002c: 15 08 00 00000114   jeq 114 0035 (false 002d)
 002d: 15 07 00 00000126   jeq 126 0035 (false 002e)
 002e: 15 06 00 0000013d   jeq 13d 0035 (false 002f)
 002f: 15 05 00 0000013c   jeq 13c 0035 (false 0030)
 0030: 15 04 00 0000003d   jeq 3d 0035 (false 0031)
 0031: 15 03 00 00000058   jeq 58 0035 (false 0032)
 0032: 15 02 00 000000a9   jeq a9 0035 (false 0033)
 0033: 15 01 00 00000082   jeq 82 0035 (false 0034)
 0034: 06 00 00 7fff0000   ret ALLOW
 0035: 06 00 00 00050001   ret ERRNO(1)
Dual 32/64 bit seccomp filter configured
configuring 71 seccomp entries in /run/firejail/mnt/seccomp/seccomp
sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp 
Dropping all capabilities
Drop privileges: pid 10, uid 1000, gid 1000, force_nogroups 1
No supplementary groups
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 35 01 00 40000000   jge X32_ABI 0006 (false 0005)
 0005: 35 01 00 00000000   jge read 0007 (false 0006)
 0006: 06 00 00 00050001   ret ERRNO(1)
 0007: 15 3e 00 0000009f   jeq adjtimex 0046 (false 0008)
 0008: 15 3d 00 00000131   jeq clock_adjtime 0046 (false 0009)
 0009: 15 3c 00 000000e3   jeq clock_settime 0046 (false 000a)
 000a: 15 3b 00 000000a4   jeq settimeofday 0046 (false 000b)
 000b: 15 3a 00 0000009a   jeq modify_ldt 0046 (false 000c)
 000c: 15 39 00 000000d4   jeq lookup_dcookie 0046 (false 000d)
 000d: 15 38 00 0000012a   jeq perf_event_open 0046 (false 000e)
 000e: 15 37 00 00000137   jeq process_vm_writev 0046 (false 000f)
 000f: 15 36 00 000000b0   jeq delete_module 0046 (false 0010)
 0010: 15 35 00 00000139   jeq finit_module 0046 (false 0011)
 0011: 15 34 00 000000af   jeq init_module 0046 (false 0012)
 0012: 15 33 00 000000a1   jeq chroot 0046 (false 0013)
 0013: 15 32 00 000000a5   jeq mount 0046 (false 0014)
 0014: 15 31 00 0000009b   jeq pivot_root 0046 (false 0015)
 0015: 15 30 00 000000a6   jeq umount2 0046 (false 0016)
 0016: 15 2f 00 0000009c   jeq _sysctl 0046 (false 0017)
 0017: 15 2e 00 000000b7   jeq afs_syscall 0046 (false 0018)
 0018: 15 2d 00 000000ae   jeq create_module 0046 (false 0019)
 0019: 15 2c 00 000000b1   jeq get_kernel_syms 0046 (false 001a)
 001a: 15 2b 00 000000b5   jeq getpmsg 0046 (false 001b)
 001b: 15 2a 00 000000b6   jeq putpmsg 0046 (false 001c)
 001c: 15 29 00 000000b2   jeq query_module 0046 (false 001d)
 001d: 15 28 00 000000b9   jeq security 0046 (false 001e)
 001e: 15 27 00 0000008b   jeq sysfs 0046 (false 001f)
 001f: 15 26 00 000000b8   jeq tuxcall 0046 (false 0020)
 0020: 15 25 00 00000086   jeq uselib 0046 (false 0021)
 0021: 15 24 00 00000088   jeq ustat 0046 (false 0022)
 0022: 15 23 00 000000ec   jeq vserver 0046 (false 0023)
 0023: 15 22 00 000000ad   jeq ioperm 0046 (false 0024)
 0024: 15 21 00 000000ac   jeq iopl 0046 (false 0025)
 0025: 15 20 00 000000f6   jeq kexec_load 0046 (false 0026)
 0026: 15 1f 00 00000140   jeq kexec_file_load 0046 (false 0027)
 0027: 15 1e 00 000000a9   jeq reboot 0046 (false 0028)
 0028: 15 1d 00 000000a7   jeq swapon 0046 (false 0029)
 0029: 15 1c 00 000000a8   jeq swapoff 0046 (false 002a)
 002a: 15 1b 00 00000130   jeq open_by_handle_at 0046 (false 002b)
 002b: 15 1a 00 0000012f   jeq name_to_handle_at 0046 (false 002c)
 002c: 15 19 00 000000fb   jeq ioprio_set 0046 (false 002d)
 002d: 15 18 00 00000067   jeq syslog 0046 (false 002e)
 002e: 15 17 00 0000012c   jeq fanotify_init 0046 (false 002f)
 002f: 15 16 00 000000f8   jeq add_key 0046 (false 0030)
 0030: 15 15 00 000000f9   jeq request_key 0046 (false 0031)
 0031: 15 14 00 000000ed   jeq mbind 0046 (false 0032)
 0032: 15 13 00 00000100   jeq migrate_pages 0046 (false 0033)
 0033: 15 12 00 00000117   jeq move_pages 0046 (false 0034)
 0034: 15 11 00 000000fa   jeq keyctl 0046 (false 0035)
 0035: 15 10 00 000000ce   jeq io_setup 0046 (false 0036)
 0036: 15 0f 00 000000cf   jeq io_destroy 0046 (false 0037)
 0037: 15 0e 00 000000d0   jeq io_getevents 0046 (false 0038)
 0038: 15 0d 00 000000d1   jeq io_submit 0046 (false 0039)
 0039: 15 0c 00 000000d2   jeq io_cancel 0046 (false 003a)
 003a: 15 0b 00 000000d8   jeq remap_file_pages 0046 (false 003b)
 003b: 15 0a 00 00000143   jeq userfaultfd 0046 (false 003c)
 003c: 15 09 00 000000a3   jeq acct 0046 (false 003d)
 003d: 15 08 00 00000141   jeq bpf 0046 (false 003e)
 003e: 15 07 00 000000b4   jeq nfsservctl 0046 (false 003f)
 003f: 15 06 00 000000ab   jeq setdomainname 0046 (false 0040)
 0040: 15 05 00 000000aa   jeq sethostname 0046 (false 0041)
 0041: 15 04 00 00000099   jeq vhangup 0046 (false 0042)
 0042: 15 03 00 00000065   jeq ptrace 0046 (false 0043)
 0043: 15 02 00 00000087   jeq personality 0046 (false 0044)
 0044: 15 01 00 00000136   jeq process_vm_readv 0046 (false 0045)
 0045: 06 00 00 7fff0000   ret ALLOW
 0046: 06 00 00 00050001   ret ERRNO(1)
seccomp filter configured
Mounting read-only /run/firejail/mnt/seccomp
2009 1535 0:56 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755,inode64
mountid=2009 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs
Seccomp directory:
ls /run/firejail/mnt/seccomp
drwxr-xr-x root     root             160 .
drwxr-xr-x root     root             240 ..
-rw-r--r-- kuesji   kuesji           568 seccomp
-rw-r--r-- kuesji   kuesji           432 seccomp.32
-rw-r--r-- kuesji   kuesji           114 seccomp.list
-rw-r--r-- kuesji   kuesji             0 seccomp.postexec
-rw-r--r-- kuesji   kuesji             0 seccomp.postexec32
-rw-r--r-- kuesji   kuesji           160 seccomp.protocol
Active seccomp files:
cat /run/firejail/mnt/seccomp/seccomp.list
/run/firejail/mnt/seccomp/seccomp.protocol
/run/firejail/mnt/seccomp/seccomp.32
/run/firejail/mnt/seccomp/seccomp
Dropping all capabilities
noroot user namespace installed
Dropping all capabilities
NO_NEW_PRIVS set
Drop privileges: pid 1, uid 1000, gid 1000, force_nogroups 0
Supplementary groups: 995 986 991 
Closing non-standard file descriptors
Starting application
LD_PRELOAD=(null)
Running '/bin/bash'  command through /bin/bash
execvp argument 0: /bin/bash
execvp argument 1: -c
execvp argument 2: '/bin/bash' 
Child process initialized in 184.76 ms
Installing /run/firejail/mnt/seccomp/seccomp seccomp filter
Installing /run/firejail/mnt/seccomp/seccomp.32 seccomp filter
Installing /run/firejail/mnt/seccomp/seccomp.protocol seccomp filter

@kmk3 kmk3 changed the title broken autocomplete with --private option broken bash autocomplete with --private option Feb 13, 2022
@kmk3
Copy link
Collaborator

kmk3 commented Feb 13, 2022

@kuesji commented on Feb 13:

Description

tab inserts tab instead of autocompleting current command in bash when you
run firejail with --private parameter

I can confirm this on Artix. Tested with git br -> git branch. Works
outside of firejail but fails with firejail --private /bin/bash.

@kuesji
Copy link
Contributor Author

kuesji commented Feb 13, 2022
edited

hi @netblue30 . i checked source code now and saw your commit ( disable shell tab completion for --whitelist and --private commands ).

  • is this intentional?
  • what is the reason?
  • [solved] can i bypass this behaviour without recompiling from source while still using --private ?

@rusty-snake
Copy link
Collaborator

If you --blacklist=${HOME}/.inputrc bash can not read it.

@kuesji
Copy link
Contributor Author

kuesji commented Feb 13, 2022

thanks, it worked and i added this to default profile for future use.

@netblue30 netblue30 added the enhancement New feature request label Feb 14, 2022
@netblue30
Copy link
Owner

Yes, I disabled it by default on --private/whitelisted sandboxes. I'll add a --enable-tab-completion command line option/profile command for people who still want it.

@netblue30
Copy link
Owner

Ended up doing --tab instead. Fix here: e6c5024

@netblue30 netblue30 added the in testing A bugfix that is being tested label Feb 20, 2022
@rusty-snake
Copy link
Collaborator

--tab todos:

  • Update shell completions
  • Update vim syntax files

@kmk3 kmk3 added this to Done (on RELNOTES) in Release 0.9.70 Mar 9, 2022
@kuesji kuesji closed this as completed Mar 14, 2022
@RalfJung
Copy link

I just spent >15min debugging my setup to figure out why tab completion is broken. Never in my life would I have expected this to be a feature...
I guess now I will have to wait until 0.9.70 reaches my distribution before shells inside this jail become useful again. Or, more likely, I will switch that jail from whitelisting to blacklisting, thus reducing its security but restoring its usability.

@rusty-snake
Copy link
Collaborator

I guess now I will have to wait until 0.9.70 reaches my distribution before shells inside this jail become useful again. Or, more likely, I will switch that jail from whitelisting to blacklisting, thus reducing its security but restoring its usability.

There is a workaround: #4936 (comment)

@RalfJung
Copy link

Ah that's a cheeky one. :D Thanks!

@nnmfnwl7
Copy link

nnmfnwl7 commented May 9, 2022

If you --blacklist=${HOME}/.inputrc bash can not read it.

I completely have no clue what is going on in this bug, but doing any --whitelist=${home}/neededstuff is also causing tab insert instead of doing autocomplete.

Also I have no clue why blacklist some non existent file could make autocomplete feature to be working again.

Thank you for this workaround. Looking forward to be fixed by default.

@rusty-snake
Copy link
Collaborator

but doing any --whitelist=${home}/neededstuff is also causing tab insert instead of doing autocomplete.

disable shell tab completion for --whitelist and --private commands

Also I have no clue why blacklist some non existent file could make autocomplete feature to be working again.

Because that's the config where auto-complete is disabled.

kmk3 added a commit that referenced this issue Jun 8, 2022
@kmk3
RELNOTES: mention --tab option on its entry
b079c89 
Added on commit ddd7e6f ("merges", 2022-02-20).

Relates to #4936.
@rusty-snake rusty-snake removed the in testing A bugfix that is being tested label Jun 21, 2022
kmk3 added a commit that referenced this issue Jul 19, 2023
@kmk3
zsh: add shell completion for --tab
2c86cac 
Note: It already works for bash and it's already present in the syntax
files:

    $ grep '^tab' contrib/syntax/lists/profile_commands_arg0.list
    tab

Added on commit e6c5024 ("--tab: enable shell tab completion",
2022-02-20) / #4936.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature request
Projects
No open projects
Release 0.9.70
  
Done (on RELNOTES)
Milestone
No milestone
Development

No branches or pull requests
6 participants
@RalfJung @netblue30 @kmk3 @rusty-snake @nnmfnwl7 @kuesji