Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

man: cannot use nvim as man pager #6112

Open
5 tasks done
ShellCode33 opened this issue Nov 30, 2023 · 13 comments
Open
5 tasks done

man: cannot use nvim as man pager #6112

ShellCode33 opened this issue Nov 30, 2023 · 13 comments

Comments

@ShellCode33
Copy link

Description

I'm unable to use nvim as man pager.

Steps to Reproduce

MANPAGER='nvim +Man!' firejail /usr/bin/man sendfile

Expected behavior

To show the man page.

Actual behavior

nvim: error while loading shared libraries: libluajit-5.1.so.2: cannot open shared object file: Permission denied
/usr/bin/man: command exited with status 127: sed -e '/^[[:space:]]*$/{ N; /^[[:space:]]*\n[[:space:]]*$/D; }' | LESS=-ix8RmPm Manual page sendfile(2) ?ltline %lt?L/%L.:byte %bB?s/%s..?e (END):?pB %pB\%.. (press h for help or q to quit)$PM Manual page sendfile(2) ?ltline %lt?L/%L.:byte %bB?s/%s..?e (END):?pB %pB\%.. (press h for help or q to quit)$ MAN_PN=sendfile(2) nvim +Man!

Behavior without a profile

Works fine.

Additional context

I tried to create a man.local with the following content with no luck (I'm not familiar at all with Firejail):

private-bin apropos,bash,cat,catman,col,gpreconv,groff,grotty,gunzip,gzip,less,man,most,nroff,preconv,sed,sh,tbl,tr,troff,whatis,which,xtotroff,zcat,zsoelim,nvim
whitelist /usr/lib/libluajit-*

(notice the nvim at the end of the private-bin statement)

Not sure it's relevant but just in case:

$ ldd /usr/bin/nvim
        linux-vdso.so.1 (0x000060215a8b2000)
        libluv.so.1 => /usr/lib/libluv.so.1 (0x000060215a3b1000)
        libtermkey.so.1 => /usr/lib/libtermkey.so.1 (0x000060215a3a5000)
        libvterm.so.0 => /usr/lib/libvterm.so.0 (0x000060215a392000)
        libmsgpackc.so.2 => /usr/lib/libmsgpackc.so.2 (0x000060215a389000)
        libtree-sitter.so.0 => /usr/lib/libtree-sitter.so.0 (0x000060215a35b000)
        libunibilium.so.4 => /usr/lib/libunibilium.so.4 (0x000060215a346000)
        libluajit-5.1.so.2 => /usr/lib/libluajit-5.1.so.2 (0x000060215a2b3000)
        libm.so.6 => /usr/lib/libm.so.6 (0x000060215a1c6000)
        libuv.so.1 => /usr/lib/libuv.so.1 (0x000060215a192000)
        libgcc_s.so.1 => /usr/lib/libgcc_s.so.1 (0x000060215a16d000)
        libc.so.6 => /usr/lib/libc.so.6 (0x0000602159f8b000)
        /lib64/ld-linux-x86-64.so.2 => /usr/lib64/ld-linux-x86-64.so.2 (0x000060215a8b4000)

Environment

  • ArchLinux with hardened kernel from GraphenOS
  • Firejail version: 0.9.72

Checklist

  • The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it).
  • I can reproduce the issue without custom modifications (e.g. globals.local).
  • The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
  • The profile (and redirect profile if exists) hasn't already been fixed upstream.
  • I have performed a short search for similar issues (to avoid opening a duplicate).

Log

Output of LC_ALL=C firejail /path/to/program 

See above

Output of LC_ALL=C firejail --debug /path/to/program 

Leaks a lot, I can send it in private if need be

@glitsj16
Copy link
Collaborator

nvim: error while loading shared libraries: libluajit-5.1.so.2: cannot open shared object file: Permission denied

Lua is blacklisted in disable-interpreters.inc (as are others):

firejail/etc/inc/disable-interpreters.inc

Lines 13 to 20 in 8f55f6c

# Lua
blacklist ${PATH}/lua*
blacklist /usr/include/lua*
blacklist /usr/lib/liblua*
blacklist /usr/lib/lua
blacklist /usr/lib64/liblua*
blacklist /usr/lib64/lua
blacklist /usr/share/lua*

You probably just need to allow it in the man sandbox. Try include allow-lua.inc in your man.local.

@ShellCode33
Copy link
Author

It's better now, thanks a lot !

However I have new errors now, the man page opens, but is not displayed properly :

image

Here's the error I have:

Error detected while processing /etc/xdg/nvim/sysinit.vim:
line    2:
E484: Can't open file /usr/share/nvim/archlinux.vim
E484: Can't open file /usr/share/nvim/syntax/syntax.vim
E886: System error while opening ShaDa file /home/shellcode/.local/state/nvim/shada/main.shada for reading: permission denied
E303: Unable to create directory "/home/shellcode/.local/state/nvim/swap" for swap file, recovery impossible: permission denied
E303: Unable to open swap file for "[No Name]", recovery impossible

In man.local I tried to include nvim.profile but it doesn't seem to work. Any idea ?

@glitsj16
Copy link
Collaborator

In man.local I tried to include nvim.profile but it doesn't seem to work. Any idea ?

Yeah that won't work, but you're on the right track. You only need to cherrypick the nvim configuration paths and add those into man.local:

$ cat ~/.config/firejail/man.local
include allow-lua.inc

noblacklist ${HOME}/.vim
noblacklist ${HOME}/.vimrc
noblacklist ${HOME}/.cache/nvim
noblacklist ${HOME}/.config/nvim
noblacklist ${HOME}/.local/share/nvim
noblacklist ${HOME}/.local/state/nvim

whitelist /usr/share/nvim

What does that do?

@ShellCode33
Copy link
Author

Still no luck, the error is different and doesn't give much information unfortunately:

/usr/bin/man: command exited with status 1: sed -e '/^[[:space:]]*$/{ N; /^[[:space:]]*\n[[:space:]]*$/D; }' | LESS=-ix8RmPm Manual page sendfile(2) ?ltline %lt?L/%L.:byte %bB?s/%s..?e (END):?pB %pB\%.. (press h for help or q to quit)$PM Manual page sendfile(2) ?ltline %lt?L/%L.:byte %bB?s/%s..?e (END):?pB %pB\%.. (press h for help or q to quit)$ MAN_PN=sendfile(2) nvim +Man!

Here's what my man.local looks like:

private-bin apropos,bash,cat,catman,col,gpreconv,groff,grotty,gunzip,gzip,less,man,most,nroff,preconv,sed,sh,tbl,tr,troff,whatis,which,xtotroff,zcat,zsoelim,nvim
include allow-lua.inc

noblacklist ${HOME}/.cache/nvim
noblacklist ${HOME}/.config/nvim
noblacklist ${HOME}/.dotfiles/.config/nvim
noblacklist ${HOME}/.local/share/nvim
noblacklist ${HOME}/.local/state/nvim

whitelist /usr/share/nvim

Is there a way to know exactly what is being denied ? I tried to use something like:

MANPAGER='nvim +Man!' firejail --allow-debuggers --profile=man strace /usr/bin/man sendfile

With no luck.

Here's the output of MANPAGER='nvim +Man!' firejail --debug /usr/bin/man sendfile :

Log 
Reading profile /etc/firejail/man.profile
Building quoted command line: '/usr/bin/man' 'sendfile' 
Command name #man#
Found man.profile profile in /etc/firejail directory
Reading profile /etc/firejail/man.local
Found man.local profile in /etc/firejail directory
Reading profile /etc/firejail/allow-lua.inc
Found allow-lua.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-common.inc
Found disable-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-devel.inc
Found disable-devel.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-exec.inc
Found disable-exec.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-interpreters.inc
Found disable-interpreters.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-programs.inc
Found disable-programs.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-xdg.inc
Found disable-xdg.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-runuser-common.inc
Found whitelist-runuser-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Found whitelist-usr-share-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-var-common.inc
Found whitelist-var-common.inc profile in /etc/firejail directory
[profile] combined protocol list: "unix"
DISPLAY is not set
Parent pid 122090, child pid 122091
Enabling IPC namespace
Enabling IPC namespace
Initializing child process
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp directory
Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp/seccomp.namespaces file
Creating empty /run/firejail/mnt/seccomp/seccomp.namespaces.32 file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file
sbox run: /run/firejail/lib/fnet ifup lo 
Network namespace enabled, only loopback interface available
Build protocol filter: unix
sbox run: /run/firejail/lib/fseccomp protocol build unix /run/firejail/mnt/seccomp/seccomp.protocol 
Mounting /proc filesystem representing the PID namespace
Basic read-only filesystem:
Mounting read-only /etc
1731 1204 0:26 /@/etc /etc ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1731 fsname=/@/etc dir=/etc fstype=btrfs
Mounting noexec /etc
1732 1731 0:26 /@/etc /etc ro,nosuid,nodev,noexec,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1732 fsname=/@/etc dir=/etc fstype=btrfs
Mounting read-only /var
1738 1733 0:26 /@var-log /var/log rw,noatime,nodiratime master:60 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=661,subvol=/@var-log
mountid=1738 fsname=/@var-log dir=/var/log fstype=btrfs
Mounting read-only /var/cache/pacman/pkg
1739 1734 0:26 /@cache-pacman-pkgs /var/cache/pacman/pkg ro,noatime,nodiratime master:50 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=665,subvol=/@cache-pacman-pkgs
mountid=1739 fsname=/@cache-pacman-pkgs dir=/var/cache/pacman/pkg fstype=btrfs
Mounting read-only /var/lib/docker
1740 1735 0:26 /@docker /var/lib/docker ro,noatime,nodiratime master:52 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=664,subvol=/@docker
mountid=1740 fsname=/@docker dir=/var/lib/docker fstype=btrfs
Mounting read-only /var/lib/libvirt
1741 1736 0:26 /@libvirt /var/lib/libvirt ro,noatime,nodiratime master:54 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=663,subvol=/@libvirt
mountid=1741 fsname=/@libvirt dir=/var/lib/libvirt fstype=btrfs
Mounting read-only /var/tmp
1742 1737 0:26 /@var-tmp /var/tmp ro,noatime,nodiratime master:58 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=662,subvol=/@var-tmp
mountid=1742 fsname=/@var-tmp dir=/var/tmp fstype=btrfs
Mounting read-only /var/log
1743 1738 0:26 /@var-log /var/log ro,noatime,nodiratime master:60 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=661,subvol=/@var-log
mountid=1743 fsname=/@var-log dir=/var/log fstype=btrfs
Mounting noexec /var
1754 1753 0:26 /@var-log /var/log ro,noatime,nodiratime master:60 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=661,subvol=/@var-log
mountid=1754 fsname=/@var-log dir=/var/log fstype=btrfs
Mounting noexec /var/cache/pacman/pkg
1755 1746 0:26 /@cache-pacman-pkgs /var/cache/pacman/pkg ro,nosuid,nodev,noexec,noatime,nodiratime master:50 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=665,subvol=/@cache-pacman-pkgs
mountid=1755 fsname=/@cache-pacman-pkgs dir=/var/cache/pacman/pkg fstype=btrfs
Mounting noexec /var/lib/docker
1756 1748 0:26 /@docker /var/lib/docker ro,nosuid,nodev,noexec,noatime,nodiratime master:52 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=664,subvol=/@docker
mountid=1756 fsname=/@docker dir=/var/lib/docker fstype=btrfs
Mounting noexec /var/lib/libvirt
1757 1750 0:26 /@libvirt /var/lib/libvirt ro,nosuid,nodev,noexec,noatime,nodiratime master:54 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=663,subvol=/@libvirt
mountid=1757 fsname=/@libvirt dir=/var/lib/libvirt fstype=btrfs
Mounting noexec /var/tmp
1758 1752 0:26 /@var-tmp /var/tmp ro,nosuid,nodev,noexecWarning: file gpreconv not found
,noatime,nodiratime master:58 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=662,subvol=/@var-tmp
mountid=1758 fsname=/@var-tmp dir=/var/tmp fstype=btrfs
Mounting noexec /var/log
1759 1754 0:26 /@var-log /var/log ro,nosuid,nodev,noexec,noatime,nodiratime master:60 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=661,subvol=/@var-log
mountid=1759 fsname=/@var-log dir=/var/log fstype=btrfs
Mounting read-only /usr
1760 1204 0:26 /@/usr /usr ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1760 fsname=/@/usr dir=/usr fstype=btrfs
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Create the new utmp file
Mount the new utmp file
Generating a new machine-id
installing a new /etc/machine-id
Cleaning /home directory
Cleaning /run/user directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /run/firejail/sandbox
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/profile
Disable /run/firejail/x11
Mounting tmpfs on /dev
Process /dev/shm directory
Copying files in the new bin directory
Checking /usr/local/bin/apropos
Checking /usr/bin/apropos
sbox run: /run/firejail/lib/fcopy /usr/bin/whatis /run/firejail/mnt/bin 
sbox run: /run/firejail/lib/fcopy /usr/bin/apropos /run/firejail/mnt/bin 
Checking /usr/local/bin/bash
Checking /usr/bin/bash
sbox run: /run/firejail/lib/fcopy /usr/bin/bash /run/firejail/mnt/bin 
Checking /usr/local/bin/cat
Checking /usr/bin/cat
sbox run: /run/firejail/lib/fcopy /usr/bin/cat /run/firejail/mnt/bin 
Checking /usr/local/bin/catman
Checking /usr/bin/catman
sbox run: /run/firejail/lib/fcopy /usr/bin/catman /run/firejail/mnt/bin 
Checking /usr/local/bin/col
Checking /usr/bin/col
sbox run: /run/firejail/lib/fcopy /usr/bin/col /run/firejail/mnt/bin 
Checking /usr/local/bin/gpreconv
Checking /usr/bin/gpreconv
Checking /bin/gpreconv
Checking /usr/games/gpreconv
Checking /usr/local/games/gpreconv
Checking /usr/local/sbin/gpreconv
Checking /usr/sbin/gpreconv
Checking /sbin/gpreconv
Checking /usr/local/bin/groff
Checking /usr/bin/groff
sbox run: /run/firejail/lib/fcopy /usr/bin/groff /run/firejail/mnt/bin 
Checking /usr/local/bin/grotty
Checking /usr/bin/grotty
sbox run: /run/firejail/lib/fcopy /usr/bin/grotty /run/firejail/mnt/bin 
Checking /usr/local/bin/gunzip
Checking /usr/bin/gunzip
sbox run: /run/firejail/lib/fcopy /usr/bin/gunzip /run/firejail/mnt/bin 
Checking /usr/local/bin/gzip
Checking /usr/bin/gzip
sbox run: /run/firejail/lib/fcopy /usr/bin/gzip /run/firejail/mnt/bin 
Checking /usr/local/bin/less
Checking /usr/bin/less
sbox run: /run/firejail/lib/fcopy /usr/bin/less /run/firejail/mnt/bin 
Checking /usr/local/bin/man
Checking /usr/bin/man
sbox run: /run/firejail/lib/fcopy /usr/bin/man /run/firejail/mnt/bin 
Checking /usr/local/bin/most
Checking /usr/bin/most
sbox run: /run/firejail/lib/fcopy /usr/bin/most /run/firejail/mnt/bin 
Checking /usr/local/bin/nroff
Checking /usr/bin/nroff
sbox run: /run/firejail/lib/fcopy /usr/bin/nroff /run/firejail/mnt/bin 
Checking /usr/local/bin/preconv
Checking /usr/bin/preconv
sbox run: /run/firejail/lib/fcopy /usr/bin/preconv /run/firejail/mnt/bin 
Checking /usr/local/bin/sed
Checking /usr/bin/sed
sbox run: /run/firejail/lib/fcopy /usr/bin/sed /run/firejail/mnt/bin 
Checking /usr/local/bin/sh
Checking /usr/bin/sh
sbox run: /run/firejail/lib/fcopy /usr/bin/dash /run/firejail/mnt/bin 
sbox run: /run/firejail/lib/fcopy /usr/bin/sh /run/firejail/mnt/bin 
Checking /usr/local/bin/tbl
Checking /usr/bin/tbl
sbox run: /run/firejail/lib/fcopy /usr/bin/tbl /run/firejail/mnt/bin 
Checking /usr/local/bin/tr
Checking /usr/bin/tr
sbox run: /run/firejail/lib/fcopy /usr/bin/tr /run/firejail/mnt/bin 
Checking /usr/local/bin/troff
Checking /usr/bin/troff
sbox run: /run/firejail/lib/fcopy /usr/bin/troff /run/firejail/mnt/bin 
Checking /usr/local/bin/whatis
Checking /usr/bin/whatis
sbox run: /run/firejail/lib/fcopy /usr/bin/whatis /run29 programs installed in 93.30 ms
/firejail/mnt/bin 
Checking /usr/local/bin/which
Checking /usr/bin/which
sbox run: /run/firejail/lib/fcopy /usr/bin/which /run/firejail/mnt/bin 
Checking /usr/local/bin/xtotroff
Checking /usr/bin/xtotroff
sbox run: /run/firejail/lib/fcopy /usr/bin/xtotroff /run/firejail/mnt/bin 
Checking /usr/local/bin/zcat
Checking /usr/bin/zcat
sbox run: /run/firejail/lib/fcopy /usr/bin/zcat /run/firejail/mnt/bin 
Checking /usr/local/bin/zsoelim
Checking /usr/bin/zsoelim
sbox run: /run/firejail/lib/fcopy /usr/bin/soelim /run/firejail/mnt/bin 
sbox run: /run/firejail/lib/fcopy /usr/bin/zsoelim /run/firejail/mnt/bin 
Checking /usr/local/bin/nvim
Checking /usr/bin/nvim
sbox run: /run/firejail/lib/fcopy /usr/bin/nvim /run/firejail/mnt/bin 
Checking /usr/local/bin/strace
Checking /usr/bin/strace
sbox run: /run/firejail/lib/fcopy /usr/bin/strace /run/firejail/mnt/bin 
Mount-bind /run/firejail/mnt/bin on top of /usr/local/bin
Mount-bind /run/firejail/mnt/bin on top of /usr/bin
Mount-bind /run/firejail/mnt/bin on top of /bin
Mount-bind /run/firejail/mnt/bin on top of /usr/local/games
Mount-bind /run/firejail/mnt/bin on top of /usr/local/sbin
Mount-bind /run/firejail/mnt/bin on top of /usr/sbin
Mount-bind /run/firejail/mnt/bin on top of /sbin
Warning: file /etc/alternatives not found.
Warning: skipping alternatives for private /etc
Warning: file /etc/groff not found.
Warning: skipping groff for private /etc
Warning: file /etc/ld.so.preload not found.
Warning: skipping ld.so.preload for private /etc
Warning: file /etc/locale not found.
Warning: skipping locale for private /etc
Warning: file /etc/locale.alias not found.
Warning: skipping locale.alias for private /etc
Warning: file /etc/manpath.config not found.
Warning: skipping manpath.config for private /etc
Warning: file /etc/selinux not found.
Warning: skipping selinux for private /etc
Warning: file /etc/sysless not found.
Warning: skipping sysless for private /etc
Private /etc installed in 17.42 ms
Creating empty /run/firejail/mnt/dbus directory
Creating empty /run/firejail/mnt/dbus/user file
blacklist /run/user/1000/bus
Creating empty /run/firejail/mnt/dbus/system file
blacklist /run/dbus/system_bus_socket
blacklist /run/firejail/dbus
Mounting read-only /proc/sys
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/power
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/timer_list
Disable /proc/kallsyms
Disable /usr/lib/modules (requested /lib/modules)
Disable /boot
Disable /run/user/1000/gnupg
Disable /run/user/1000/systemd
Disable /proc/kmsg
Disable /mnt
Disable /media
Disable /run/mount
Copying files in the new /etc directory:
Copying /etc/fonts to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/fonts /run/firejail/mnt/etc/fonts 
Copying /etc/group to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/group /run/firejail/mnt/etc 
Copying /etc/ld.so.cache to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/ld.so.cache /run/firejail/mnt/etc 
Copying /etc/locale.conf to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/locale.conf /run/firejail/mnt/etc 
Copying /etc/login.defs to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/login.defs /run/firejail/mnt/etc 
Copying /etc/man_db.conf to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/man_db.conf /run/firejail/mnt/etc 
Copying /etc/passwd to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/passwd /run/firejail/mnt/etc 
Copying /etc/xdg to private /etc
sbox run: /run/firejail/lib/fcopy --follow-link /etc/xdg /run/firejail/mnt/etc/xdg 
Mount-bind /run/firejail/mnt/etc on top of /etc
Private /usr/etc installed in 0.01 ms
Cannot find /usr/etc: No such file or directory
Mount-bind /run/firejail/mnt/usretc on top of /usr/etc
Cannot find /usr/etc: No such file or directory
Debug 588: whitelist /usr/share/nvim
Debug 609: expanded: /usr/share/nvim
Debug 620: new_name: /usr/share/nvim
Debug 630: dir: /usr/share
Adding whitelist top level directory /usr/share
Debug 588: whitelist /usr/share/groff
Debug 609: expanded: /usr/share/groff
Debug 620: new_name: /usr/share/groff
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/info
Debug 609: expanded: /usr/share/info
Debug 620: new_name: /usr/share/info
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/lintian
Debug 609: expanded: /usr/share/lintian
Debug 620: new_name: /usr/share/lintian
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/lintian
	new_name: /usr/share/lintian
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/man
Debug 609: expanded: /usr/share/man
Debug 620: new_name: /usr/share/man
Debug 630: dir: /usr/share
Debug 588: whitelist /var/cache/man
Debug 609: expanded: /var/cache/man
Debug 620: new_name: /var/cache/man
Debug 630: dir: /var
Adding whitelist top level directory /var
Debug 588: whitelist ${RUNUSER}/bus
Debug 609: expanded: /run/user/1000/bus
Debug 620: new_name: /run/user/1000/bus
Debug 630: dir: /run/user/1000
Adding whitelist top level directory /run/user/1000
Debug 588: whitelist ${RUNUSER}/dconf
Debug 609: expanded: /run/user/1000/dconf
Debug 620: new_name: /run/user/1000/dconf
Debug 630: dir: /run/user/1000
Debug 588: whitelist ${RUNUSER}/gdm/Xauthority
Debug 609: expanded: /run/user/1000/gdm/Xauthority
Debug 620: new_name: /run/user/1000/gdm/Xauthority
Debug 630: dir: /run/user/1000
Removed path: whitelist ${RUNUSER}/gdm/Xauthority
	new_name: /run/user/1000/gdm/Xauthority
	realpath: (null)
	No such file or directory
Debug 588: whitelist ${RUNUSER}/ICEauthority
Debug 609: expanded: /run/user/1000/ICEauthority
Debug 620: new_name: /run/user/1000/ICEauthority
Debug 630: dir: /run/user/1000
Removed path: whitelist ${RUNUSER}/ICEauthority
	new_name: /run/user/1000/ICEauthority
	realpath: (null)
	No such file or directory
Debug 588: whitelist ${RUNUSER}/.mutter-Xwaylandauth.*
Debug 609: expanded: /run/user/1000/.mutter-Xwaylandauth.*
Debug 620: new_name: /run/user/1000/.mutter-Xwaylandauth.*
Debug 630: dir: /run/user/1000
Removed path: whitelist ${RUNUSER}/.mutter-Xwaylandauth.*
	new_name: /run/user/1000/.mutter-Xwaylandauth.*
	realpath: (null)
	No such file or directory
Debug 588: whitelist ${RUNUSER}/pulse/native
Debug 609: expanded: /run/user/1000/pulse/native
Debug 620: new_name: /run/user/1000/pulse/native
Debug 630: dir: /run/user/1000
Debug 588: whitelist ${RUNUSER}/pipewire-?
Debug 609: expanded: /run/user/1000/pipewire-?
Debug 620: new_name: /run/user/1000/pipewire-?
Debug 630: dir: /run/user/1000
Removed path: whitelist ${RUNUSER}/pipewire-?
	new_name: /run/user/1000/pipewire-?
	realpath: (null)
	No such file or directory
Adding new profile command: whitelist /run/user/1000/pipewire-0
Debug 588: whitelist ${RUNUSER}/wayland-?
Debug 609: expanded: /run/user/1000/wayland-?
Debug 620: new_name: /run/user/1000/wayland-?
Debug 630: dir: /run/user/1000
Removed path: whitelist ${RUNUSER}/wayland-?
	new_name: /run/user/1000/wayland-?
	realpath: (null)
	No such file or directory
Adding new profile command: whitelist /run/user/1000/wayland-1
Debug 588: whitelist ${RUNUSER}/xauth_*
Debug 609: expanded: /run/user/1000/xauth_*
Debug 620: new_name: /run/user/1000/xauth_*
Debug 630: dir: /run/user/1000
Removed path: whitelist ${RUNUSER}/xauth_*
	new_name: /run/user/1000/xauth_*
	realpath: (null)
	No such file or directory
Debug 588: whitelist ${RUNUSER}/[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]
Debug 609: expanded: /run/user/1000/[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]
Debug 620: new_name: /run/user/1000/[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]
Debug 630: dir: /run/user/1000
Removed path: whitelist ${RUNUSER}/[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]
	new_name: /run/user/1000/[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]
	realpath: (null)
	File name too long
Debug 588: whitelist /usr/share/alsa
Debug 609: expanded: /usr/share/alsa
Debug 620: new_name: /usr/share/alsa
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/applications
Debug 609: expanded: /usr/share/applications
Debug 620: new_name: /usr/share/applications
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/ca-certificates
Debug 609: expanded: /usr/share/ca-certificates
Debug 620: new_name: /usr/share/ca-certificates
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/crypto-policies
Debug 609: expanded: /usr/share/crypto-policies
Debug 620: new_name: /usr/share/crypto-policies
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/crypto-policies
	new_name: /usr/share/crypto-policies
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/cursors
Debug 609: expanded: /usr/share/cursors
Debug 620: new_name: /usr/share/cursors
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/cursors
	new_name: /usr/share/cursors
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/dconf
Debug 609: expanded: /usr/share/dconf
Debug 620: new_name: /usr/share/dconf
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/dconf
	new_name: /usr/share/dconf
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/distro-info
Debug 609: expanded: /usr/share/distro-info
Debug 620: new_name: /usr/share/distro-info
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/distro-info
	new_name: /usr/share/distro-info
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/drirc.d
Debug 609: expanded: /usr/share/drirc.d
Debug 620: new_name: /usr/share/drirc.d
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/egl
Debug 609: expanded: /usr/share/egl
Debug 620: new_name: /usr/share/egl
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/egl
	new_name: /usr/share/egl
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/enchant
Debug 609: expanded: /usr/share/enchant
Debug 620: new_name: /usr/share/enchant
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/enchant
	new_name: /usr/share/enchant
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/enchant-2
Debug 609: expanded: /usr/share/enchant-2
Debug 620: new_name: /usr/share/enchant-2
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/enchant-2
	new_name: /usr/share/enchant-2
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/file
Debug 609: expanded: /usr/share/file
Debug 620: new_name: /usr/share/file
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/fontconfig
Debug 609: expanded: /usr/share/fontconfig
Debug 620: new_name: /usr/share/fontconfig
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/fonts
Debug 609: expanded: /usr/share/fonts
Debug 620: new_name: /usr/share/fonts
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/fonts-config
Debug 609: expanded: /usr/share/fonts-config
Debug 620: new_name: /usr/share/fonts-config
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/fonts-config
	new_name: /usr/share/fonts-config
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/gir-1.0
Debug 609: expanded: /usr/share/gir-1.0
Debug 620: new_name: /usr/share/gir-1.0
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/gjs-1.0
Debug 609: expanded: /usr/share/gjs-1.0
Debug 620: new_name: /usr/share/gjs-1.0
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/gjs-1.0
	new_name: /usr/share/gjs-1.0
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/glib-2.0
Debug 609: expanded: /usr/share/glib-2.0
Debug 620: new_name: /usr/share/glib-2.0
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/glvnd
Debug 609: expanded: /usr/share/glvnd
Debug 620: new_name: /usr/share/glvnd
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/gtk-2.0
Debug 609: expanded: /usr/share/gtk-2.0
Debug 620: new_name: /usr/share/gtk-2.0
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/gtk-3.0
Debug 609: expanded: /usr/share/gtk-3.0
Debug 620: new_name: /usr/share/gtk-3.0
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/gtk-engines
Debug 609: expanded: /usr/share/gtk-engines
Debug 620: new_name: /usr/share/gtk-engines
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/gtk-engines
	new_name: /usr/share/gtk-engines
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/gtksourceview-3.0
Debug 609: expanded: /usr/share/gtksourceview-3.0
Debug 620: new_name: /usr/share/gtksourceview-3.0
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/gtksourceview-3.0
	new_name: /usr/share/gtksourceview-3.0
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/gtksourceview-4
Debug 609: expanded: /usr/share/gtksourceview-4
Debug 620: new_name: /usr/share/gtksourceview-4
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/hunspell
Debug 609: expanded: /usr/share/hunspell
Debug 620: new_name: /usr/share/hunspell
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/hunspell
	new_name: /usr/share/hunspell
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/hwdata
Debug 609: expanded: /usr/share/hwdata
Debug 620: new_name: /usr/share/hwdata
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/icons
Debug 609: expanded: /usr/share/icons
Debug 620: new_name: /usr/share/icons
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/icu
Debug 609: expanded: /usr/share/icu
Debug 620: new_name: /usr/share/icu
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/knotifications5
Debug 609: expanded: /usr/share/knotifications5
Debug 620: new_name: /usr/share/knotifications5
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/knotifications5
	new_name: /usr/share/knotifications5
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/kservices5
Debug 609: expanded: /usr/share/kservices5
Debug 620: new_name: /usr/share/kservices5
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/kservices5
	new_name: /usr/share/kservices5
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/Kvantum
Debug 609: expanded: /usr/share/Kvantum
Debug 620: new_name: /usr/share/Kvantum
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/Kvantum
	new_name: /usr/share/Kvantum
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/kxmlgui5
Debug 609: expanded: /usr/share/kxmlgui5
Debug 620: new_name: /usr/share/kxmlgui5
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/kxmlgui5
	new_name: /usr/share/kxmlgui5
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/libdrm
Debug 609: expanded: /usr/share/libdrm
Debug 620: new_name: /usr/share/libdrm
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/libthai
Debug 609: expanded: /usr/share/libthai
Debug 620: new_name: /usr/share/libthai
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/locale
Debug 609: expanded: /usr/share/locale
Debug 620: new_name: /usr/share/locale
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/mime
Debug 609: expanded: /usr/share/mime
Debug 620: new_name: /usr/share/mime
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/misc
Debug 609: expanded: /usr/share/misc
Debug 620: new_name: /usr/share/misc
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/Modules
Debug 609: expanded: /usr/share/Modules
Debug 620: new_name: /usr/share/Modules
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/Modules
	new_name: /usr/share/Modules
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/myspell
Debug 609: expanded: /usr/share/myspell
Debug 620: new_name: /usr/share/myspell
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/myspell
	new_name: /usr/share/myspell
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/p11-kit
Debug 609: expanded: /usr/share/p11-kit
Debug 620: new_name: /usr/share/p11-kit
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/perl
Debug 609: expanded: /usr/share/perl
Debug 620: new_name: /usr/share/perl
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/perl
	new_name: /usr/share/perl
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/perl5
Debug 609: expanded: /usr/share/perl5
Debug 620: new_name: /usr/share/perl5
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/pipewire
Debug 609: expanded: /usr/share/pipewire
Debug 620: new_name: /usr/share/pipewire
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/pixmaps
Debug 609: expanded: /usr/share/pixmaps
Debug 620: new_name: /usr/share/pixmaps
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/pki
Debug 609: expanded: /usr/share/pki
Debug 620: new_name: /usr/share/pki
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/pki
	new_name: /usr/share/pki
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/plasma
Debug 609: expanded: /usr/share/plasma
Debug 620: new_name: /usr/share/plasma
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/plasma
	new_name: /usr/share/plasma
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/publicsuffix
Debug 609: expanded: /usr/share/publicsuffix
Debug 620: new_name: /usr/share/publicsuffix
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/publicsuffix
	new_name: /usr/share/publicsuffix
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/qt
Debug 609: expanded: /usr/share/qt
Debug 620: new_name: /usr/share/qt
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/qt4
Debug 609: expanded: /usr/share/qt4
Debug 620: new_name: /usr/share/qt4
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/qt4
	new_name: /usr/share/qt4
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/qt5
Debug 609: expanded: /usr/share/qt5
Debug 620: new_name: /usr/share/qt5
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/qt5
	new_name: /usr/share/qt5
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/qt5ct
Debug 609: expanded: /usr/share/qt5ct
Debug 620: new_name: /usr/share/qt5ct
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/qt5ct
	new_name: /usr/share/qt5ct
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/qt6
Debug 609: expanded: /usr/share/qt6
Debug 620: new_name: /usr/share/qt6
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/qt6ct
Debug 609: expanded: /usr/share/qt6ct
Debug 620: new_name: /usr/share/qt6ct
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/qt6ct
	new_name: /usr/share/qt6ct
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/sounds
Debug 609: expanded: /usr/share/sounds
Debug 620: new_name: /usr/share/sounds
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/tcl8.6
Debug 609: expanded: /usr/share/tcl8.6
Debug 620: new_name: /usr/share/tcl8.6
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/tcl8.6
	new_name: /usr/share/tcl8.6
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/tcltk
Debug 609: expanded: /usr/share/tcltk
Debug 620: new_name: /usr/share/tcltk
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/tcltk
	new_name: /usr/share/tcltk
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/terminfo
Debug 609: expanded: /usr/share/terminfo
Debug 620: new_name: /usr/share/terminfo
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/texlive
Debug 609: expanded: /usr/share/texlive
Debug 620: new_name: /usr/share/texlive
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/texlive
	new_name: /usr/share/texlive
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/texmf
Debug 609: expanded: /usr/share/texmf
Debug 620: new_name: /usr/share/texmf
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/texmf
	new_name: /usr/share/texmf
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/themes
Debug 609: expanded: /usr/share/themes
Debug 620: new_name: /usr/share/themes
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/thumbnail.so
Debug 609: expanded: /usr/share/thumbnail.so
Debug 620: new_name: /usr/share/thumbnail.so
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/thumbnail.so
	new_name: /usr/share/thumbnail.so
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/uim
Debug 609: expanded: /usr/share/uim
Debug 620: new_name: /usr/share/uim
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/uim
	new_name: /usr/share/uim
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/vulkan
Debug 609: expanded: /usr/share/vulkan
Debug 620: new_name: /usr/share/vulkan
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/X11
Debug 609: expanded: /usr/share/X11
Debug 620: new_name: /usr/share/X11
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/xml
Debug 609: expanded: /usr/share/xml
Debug 620: new_name: /usr/share/xml
Debug 630: dir: /usr/share
Debug 588: whitelist /usr/share/zenity
Debug 609: expanded: /usr/share/zenity
Debug 620: new_name: /usr/share/zenity
Debug 630: dir: /usr/share
Removed path: whitelist /usr/share/zenity
	new_name: /usr/share/zenity
	realpath: (null)
	No such file or directory
Debug 588: whitelist /usr/share/zoneinfo
Debug 609: expanded: /usr/share/zoneinfo
Debug 620: new_name: /usr/share/zoneinfo
Debug 630: dir: /usr/share
Debug 588: whitelist /var/lib/aspell
Debug 609: expanded: /var/lib/aspell
Debug 620: new_name: /var/lib/aspell
Debug 630: dir: /var
Removed path: whitelist /var/lib/aspell
	new_name: /var/lib/aspell
	realpath: (null)
	No such file or directory
Debug 588: whitelist /var/lib/ca-certificates
Debug 609: expanded: /var/lib/ca-certificates
Debug 620: new_name: /var/lib/ca-certificates
Debug 630: dir: /var
Removed path: whitelist /var/lib/ca-certificates
	new_name: /var/lib/ca-certificates
	realpath: (null)
	No such file or directory
Debug 588: whitelist /var/lib/dbus
Debug 609: expanded: /var/lib/dbus
Debug 620: new_name: /var/lib/dbus
Debug 630: dir: /var
Debug 588: whitelist /var/lib/menu-xdg
Debug 609: expanded: /var/lib/menu-xdg
Debug 620: new_name: /var/lib/menu-xdg
Debug 630: dir: /var
Removed path: whitelist /var/lib/menu-xdg
	new_name: /var/lib/menu-xdg
	realpath: (null)
	No such file or directory
Debug 588: whitelist /var/lib/uim
Debug 609: expanded: /var/lib/uim
Debug 620: new_name: /var/lib/uim
Debug 630: dir: /var
Removed path: whitelist /var/lib/uim
	new_name: /var/lib/uim
	realpath: (null)
	No such file or directory
Debug 588: whitelist /var/cache/fontconfig
Debug 609: expanded: /var/cache/fontconfig
Debug 620: new_name: /var/cache/fontconfig
Debug 630: dir: /var
Debug 588: whitelist /var/tmp
Debug 609: expanded: /var/tmp
Debug 620: new_name: /var/tmp
Debug 630: dir: /var
Debug 588: whitelist /var/run
Debug 609: expanded: /var/run
Debug 620: new_name: /var/run
Debug 630: dir: /var
Debug 588: whitelist /var/lock
Debug 609: expanded: /var/lock
Debug 620: new_name: /var/lock
Debug 630: dir: /var
Debug 588: whitelist /run/user/1000/pipewire-0
Debug 609: expanded: /run/user/1000/pipewire-0
Debug 620: new_name: /run/user/1000/pipewire-0
Debug 630: dir: /run/user/1000
Debug 588: whitelist /run/user/1000/wayland-1
Debug 609: expanded: /run/user/1000/wayland-1
Debug 620: new_name: /run/user/1000/wayland-1
Debug 630: dir: /run/user/1000
Mounting tmpfs on /usr/share, check owner: no
1817 1760 0:207 / /usr/share rw,nosuid,nodev,noatime,nodiratime - tmpfs tmpfs rw,mode=755,inode64
mountid=1817 fsname=/ dir=/usr/share fstype=tmpfs
Mounting tmpfs on /var, check owner: no
1818 1744 0:208 / /var rw,nosuid,nodev,noexec,noatime,nodiratime - tmpfs tmpfs rw,mode=755,inode64
mountid=1818 fsname=/ dir=/var fstype=tmpfs
Mounting tmpfs on /run/user/1000, check owner: no
1819 1771 0:209 / /run/user/1000 rw,nosuid,nodev,relatime - tmpfs tmpfs rw,mode=700,uid=1000,gid=1000,inode64
mountid=1819 fsname=/ dir=/run/user/1000 fstype=tmpfs
Whitelisting /usr/share/nvim
1820 1817 0:26 /@/usr/share/nvim /usr/share/nvim ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1820 fsname=/@/usr/share/nvim dir=/usr/share/nvim fstype=btrfs
Whitelisting /usr/share/groff
1821 1817 0:26 /@/usr/share/groff /usr/share/groff ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1821 fsname=/@/usr/share/groff dir=/usr/share/groff fstype=btrfs
Whitelisting /usr/share/info
1822 1817 0:26 /@/usr/share/info /usr/share/info ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1822 fsname=/@/usr/share/info dir=/usr/share/info fstype=btrfs
Whitelisting /usr/share/man
1823 1817 0:26 /@/usr/share/man /usr/share/man ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1823 fsname=/@/usr/share/man dir=/usr/share/man fstype=btrfs
Whitelisting /var/cache/man
1824 1818 0:26 /@var/cache/man /var/cache/man ro,nosuid,nodev,noexec,noatime,nodiratime master:46 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=660,subvol=/@var
mountid=1824 fsname=/@var/cache/man dir=/var/cache/man fstype=btrfs
Whitelisting /run/user/1000/bus
1825 1819 0:23 /firejail/firejail.ro.file /run/user/1000/bus ro,nosuid,nodev,relatime master:12 - tmpfs run rw,mode=755,inode64
mountid=1825 fsname=/firejail/firejail.ro.file dir=/run/user/1000/bus fstype=tmpfs
Whitelisting /run/user/1000/dconf
1826 1819 0:53 /dconf /run/user/1000/dconf rw,nosuid,nodev,relatime master:248 - tmpfs tmpfs rw,size=1211456k,nr_inodes=302864,mode=700,uid=1000,gid=1000,inode64
mountid=1826 fsname=/dconf dir=/run/user/1000/dconf fstype=tmpfs
Whitelisting /run/user/1000/pulse/native
1827 1819 0:53 /pulse/native /run/user/1000/pulse/native rw,nosuid,nodev,relatime master:248 - tmpfs tmpfs rw,size=1211456k,nr_inodes=302864,mode=700,uid=1000,gid=1000,inode64
mountid=1827 fsname=/pulse/native dir=/run/user/1000/pulse/native fstype=tmpfs
Whitelisting /usr/share/alsa
1828 1817 0:26 /@/usr/share/alsa /usr/share/alsa ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1828 fsname=/@/usr/share/alsa dir=/usr/share/alsa fstype=btrfs
Whitelisting /usr/share/applications
1829 1817 0:26 /@/usr/share/applications /usr/share/applications ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1829 fsname=/@/usr/share/applications dir=/usr/share/applications fstype=btrfs
Whitelisting /usr/share/ca-certificates
1830 1817 0:26 /@/usr/share/ca-certificates /usr/share/ca-certificates ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1830 fsname=/@/usr/share/ca-certificates dir=/usr/share/ca-certificates fstype=btrfs
Whitelisting /usr/share/drirc.d
1831 1817 0:26 /@/usr/share/drirc.d /usr/share/drirc.d ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1831 fsname=/@/usr/share/drirc.d dir=/usr/share/drirc.d fstype=btrfs
Whitelisting /usr/share/file
1832 1817 0:26 /@/usr/share/file /usr/share/file ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1832 fsname=/@/usr/share/file dir=/usr/share/file fstype=btrfs
Whitelisting /usr/share/fontconfig
1833 1817 0:26 /@/usr/share/fontconfig /usr/share/fontconfig ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1833 fsname=/@/usr/share/fontconfig dir=/usr/share/fontconfig fstype=btrfs
Whitelisting /usr/share/fonts
1834 1817 0:26 /@/usr/share/fonts /usr/share/fonts ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1834 fsname=/@/usr/share/fonts dir=/usr/share/fonts fstype=btrfs
Whitelisting /usr/share/gir-1.0
1835 1817 0:26 /@/usr/share/gir-1.0 /usr/share/gir-1.0 ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1835 fsname=/@/usr/share/gir-1.0 dir=/usr/share/gir-1.0 fstype=btrfs
Whitelisting /usr/share/glib-2.0
1836 1817 0:26 /@/usr/share/glib-2.0 /usr/share/glib-2.0 ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1836 fsname=/@/usr/share/glib-2.0 dir=/usr/share/glib-2.0 fstype=btrfs
Whitelisting /usr/share/glvnd
1837 1817 0:26 /@/usr/share/glvnd /usr/share/glvnd ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1837 fsname=/@/usr/share/glvnd dir=/usr/share/glvnd fstype=btrfs
Whitelisting /usr/share/gtk-2.0
1838 1817 0:26 /@/usr/share/gtk-2.0 /usr/share/gtk-2.0 ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1838 fsname=/@/usr/share/gtk-2.0 dir=/usr/share/gtk-2.0 fstype=btrfs
Whitelisting /usr/share/gtk-3.0
1839 1817 0:26 /@/usr/share/gtk-3.0 /usr/share/gtk-3.0 ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1839 fsname=/@/usr/share/gtk-3.0 dir=/usr/share/gtk-3.0 fstype=btrfs
Whitelisting /usr/share/gtksourceview-4
1840 1817 0:26 /@/usr/share/gtksourceview-4 /usr/share/gtksourceview-4 ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1840 fsname=/@/usr/share/gtksourceview-4 dir=/usr/share/gtksourceview-4 fstype=btrfs
Whitelisting /usr/share/hwdata
1841 1817 0:26 /@/usr/share/hwdata /usr/share/hwdata ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1841 fsname=/@/usr/share/hwdata dir=/usr/share/hwdata fstype=btrfs
Whitelisting /usr/share/icons
1842 1817 0:26 /@/usr/share/icons /usr/share/icons ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1842 fsname=/@/usr/share/icons dir=/usr/share/icons fstype=btrfs
Whitelisting /usr/share/icu
1843 1817 0:26 /@/usr/share/icu /usr/share/icu ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1843 fsname=/@/usr/share/icu dir=/usr/share/icu fstype=btrfs
Whitelisting /usr/share/libdrm
1844 1817 0:26 /@/usr/share/libdrm /usr/share/libdrm ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1844 fsname=/@/usr/share/libdrm dir=/usr/share/libdrm fstype=btrfs
Whitelisting /usr/share/libthai
1845 1817 0:26 /@/usr/share/libthai /usr/share/libthai ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1845 fsname=/@/usr/share/libthai dir=/usr/share/libthai fstype=btrfs
Whitelisting /usr/share/locale
1846 1817 0:26 /@/usr/share/locale /usr/share/locale ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1846 fsname=/@/usr/share/locale dir=/usr/share/locale fstype=btrfs
Whitelisting /usr/share/mime
1847 1817 0:26 /@/usr/share/mime /usr/share/mime ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1847 fsname=/@/usr/share/mime dir=/usr/share/mime fstype=btrfs
Whitelisting /usr/share/misc
1848 1817 0:26 /@/usr/share/misc /usr/share/misc ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1848 fsname=/@/usr/share/misc dir=/usr/share/misc fstype=btrfs
Whitelisting /usr/share/p11-kit
1849 1817 0:26 /@/usr/share/p11-kit /usr/share/p11-kit ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1849 fsname=/@/usr/share/p11-kit dir=/usr/share/p11-kit fstype=btrfs
Whitelisting /usr/share/perl5
1850 1817 0:26 /@/usr/share/perl5 /usr/share/perl5 ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1850 fsname=/@/usr/share/perl5 dir=/usr/share/perl5 fstype=btrfs
Whitelisting /usr/share/pipewire
1851 1817 0:26 /@/usr/share/pipewire /usr/share/pipewire ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1851 fsname=/@/usr/share/pipewire dir=/usr/share/pipewire fstype=btrfs
Whitelisting /usr/share/pixmaps
1852 1817 0:26 /@/usr/share/pixmaps /usr/share/pixmaps ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1852 fsname=/@/usr/share/pixmaps dir=/usr/share/pixmaps fstype=btrfs
Whitelisting /usr/share/qt
1853 1817 0:26 /@/usr/share/qt /usr/share/qt ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1853 fsname=/@/usr/share/qt dir=/usr/share/qt fstype=btrfs
Whitelisting /usr/share/qt6
1854 1817 0:26 /@/usr/share/qt6 /usr/share/qt6 ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1854 fsname=/@/usr/share/qt6 dir=/usr/share/qt6 fstype=btrfs
Whitelisting /usr/share/sounds
1855 1817 0:26 /@/usr/share/sounds /usr/share/sounds ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1855 fsname=/@/usr/share/sounds dir=/usr/share/sounds fstype=btrfs
Whitelisting /usr/share/terminfo
1856 1817 0:26 /@/usr/share/terminfo /usr/share/terminfo ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1856 fsname=/@/usr/share/terminfo dir=/usr/share/terminfo fstype=btrfs
Whitelisting /usr/share/themes
1857 1817 0:26 /@/usr/share/themes /usr/share/themes ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1857 fsname=/@/usr/share/themes dir=/usr/share/themes fstype=btrfs
Whitelisting /usr/share/vulkan
1858 1817 0:26 /@/usr/share/vulkan /usr/share/vulkan ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1858 fsname=/@/usr/share/vulkan dir=/usr/share/vulkan fstype=btrfs
Whitelisting /usr/share/X11
1859 1817 0:26 /@/usr/share/X11 /usr/share/X11 ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1859 fsname=/@/usr/share/X11 dir=/usr/share/X11 fstype=btrfs
Whitelisting /usr/share/xml
1860 1817 0:26 /@/usr/share/xml /usr/share/xml ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1860 fsname=/@/usr/share/xml dir=/usr/share/xml fstype=btrfs
Whitelisting /usr/share/zoneinfo
1861 1817 0:26 /@/usr/share/zoneinfo /usr/share/zoneinfo ro,noatime,nodiratime master:1 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/@
mountid=1861 fsname=/@/usr/share/zoneinfo dir=/usr/share/zoneinfo fstype=btrfs
Whitelisting /var/lib/dbus
1862 1818 0:26 /@var/lib/dbus /var/lib/dbus ro,nosuid,nodev,noexec,noatime,nodiratime master:46 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=660,subvol=/@var
mountid=1862 fsname=/@var/lib/dbus dir=/var/lib/dbus fstype=btrfs
Whitelisting /var/cache/fontconfig
1863 1818 0:26 /@var/cache/fontconfig /var/cache/fontconfig ro,nosuid,nodev,noexec,noatime,nodiratime master:46 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=660,subvol=/@var
mountid=1863 fsname=/@var/cache/fontconfig dir=/var/cache/fontconfig fstype=btrfs
Whitelisting /var/tmp
1864 1818 0:199 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw,inode64
mountid=1864 fsname=/ dir=/var/tmp fstype=tmpfs
Created symbolic link /var/run -> /run
Created symbolic link /var/lock -> /run/lock
Whitelisting /run/user/1000/pipewire-0
1865 1819 0:53 /pipewire-0 /run/user/1000/pipewire-0 rw,nosuid,nodev,relatime master:248 - tmpfs tmpfs rw,size=1211456k,nr_inodes=302864,mode=700,uid=1000,gid=1000,inode64
mountid=1865 fsname=/pipewire-0 dir=/run/user/1000/pipewire-0 fstype=tmpfs
Whitelisting /run/user/1000/wayland-1
1866 1819 0:53 /wayland-1 /run/user/1000/wayland-1 rw,nosuid,nodev,relatime master:248 - tmpfs tmpfs rw,size=1211456k,nr_inodes=302864,mode=700,uid=1000,gid=1000,inode64
mountid=1866 fsname=/wayland-1 dir=/run/user/1000/wayland-1 fstype=tmpfs
Disable /run/user/1000
Not blacklist /home/shellcode/.local/share/nvim
Not blacklist /home/shellcode/.local/state/nvim
Disable /home/shellcode/.dotfiles/.config/sway (requested /home/shellcode/.config/sway)
Disable /etc/xdg/autostart
Warning (blacklisting): cannot open /run/user/1000/*.slave-socket: Permission denied
Warning (blacklisting): cannot open /run/user/1000/kdeinit5__*: Permission denied
Warning (blacklisting): cannot open /run/user/1000/kdesud_*: Permission denied
Mounting read-only /home/shellcode/.config/dconf
1870 1769 0:26 /@home/shellcode/.config/dconf /home/shellcode/.config/dconf ro,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home
mountid=1870 fsname=/@home/shellcode/.config/dconf dir=/home/shellcode/.config/dconf fstype=btrfs
Warning (blacklisting): cannot open /run/user/1000/gnome-session-leader-fifo: Permission denied
Warning (blacklisting): cannot open /run/user/1000/gnome-shell: Permission denied
Warning (blacklisting): cannot open /run/user/1000/gsconnect: Permission denied
Disable /home/shellcode/.config/systemd
Disable /home/shellcode/.local/share/systemd
Warning (blacklisting): cannot open /run/user/1000/systemd: Permission denied
Warning (blacklisting): cannot open /run/user/1000/libvirt: Permission denied
Warning (blacklisting): cannot open /run/user/1000/containers: Permission denied
Warning (blacklisting): cannot open /run/user/1000/crun: Permission denied
Warning (blacklisting): cannot open /run/user/1000/libpod: Permission denied
Warning (blacklisting): cannot open /run/user/1000/runc: Permission denied
Warning (blacklisting): cannot open /run/user/1000/toolbox: Permission denied
Disable /run/docker.sock (requested /var/run/docker.sock)
Mounting read-only /home/shellcode/.bash_logout
1874 1769 0:26 /@home/shellcode/.bash_logout /home/shellcode/.bash_logout ro,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home
mountid=1874 fsname=/@home/shellcode/.bash_logout dir=/home/shellcode/.bash_logout fstype=btrfs
Mounting read-only /home/shellcode/.bash_profile
1875 1769 0:26 /@home/shellcode/.bash_profile /home/shellcode/.bash_profile ro,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home
mountid=1875 fsname=/@home/shellcode/.bash_profile dir=/home/shellcode/.bash_profile fstype=btrfs
Mounting read-only /home/shellcode/.bashrc
1876 1769 0:26 /@home/shellcode/.bashrc /home/shellcode/.bashrc ro,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home
mountid=1876 fsname=/@home/shellcode/.bashrc dir=/home/shellcode/.bashrc fstype=btrfs
Mounting read-only /home/shellcode/.dotfiles/.profile
1877 1769 0:26 /@home/shellcode/.dotfiles/.profile /home/shellcode/.dotfiles/.profile ro,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home
mountid=1877 fsname=/@home/shellcode/.dotfiles/.profile dir=/home/shellcode/.dotfiles/.profile fstype=btrfs
Mounting read-only /home/shellcode/.ssh/config
1878 1769 0:26 /@home/shellcode/.ssh/config /home/shellcode/.ssh/config ro,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home
mountid=1878 fsname=/@home/shellcode/.ssh/config dir=/home/shellcode/.ssh/config fstype=btrfs
Mounting read-only /home/shellcode/.dotfiles/.config/nvim
1879 1769 0:26 /@home/shellcode/.dotfiles/.config/nvim /home/shellcode/.dotfiles/.config/nvim ro,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home
mountid=1879 fsname=/@home/shellcode/.dotfiles/.config/nvim dir=/home/shellcode/.dotfiles/.config/nvim fstype=btrfs
Mounting read-only /home/shellcode/.dotfiles
1883 1880 0:26 /@home/shellcode/.dotfiles/.config/nvim /home/shellcode/.dotfiles/.config/nvim ro,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home
mountid=1883 fsname=/@home/shellcode/.dotfiles/.config/nvim dir=/home/shellcode/.dotfiles/.config/nvim fstype=btrfs
Mounting read-only /home/shellcode/.local/share/nvim
1884 1769 0:26 /@home/shellcode/.local/share/nvim /home/shellcode/.local/share/nvim ro,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home
mountid=1884 fsname=/@home/shellcode/.local/share/nvim dir=/home/shellcode/.local/share/nvim fstype=btrfs
Mounting read-only /home/shellcode/.local/state/nvim
1885 1769 0:26 /@home/shellcode/.local/state/nvim /home/shellcode/.local/state/nvim ro,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home
mountid=1885 fsname=/@home/shellcode/.local/state/nvim dir=/home/shellcode/.local/state/nvim fstype=btrfs
Mounting read-only /home/shellcode/.cargo/bin
1886 1769 0:26 /@home/shellcode/.cargo/bin /home/shellcode/.cargo/bin ro,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home
mountid=1886 fsname=/@home/shellcode/.cargo/bin dir=/home/shellcode/.cargo/bin fstype=btrfs
Mounting read-only /home/shellcode/.rustup
1887 1769 0:26 /@home/shellcode/.rustup /home/shellcode/.rustup ro,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home
mountid=1887 fsname=/@home/shellcode/.rustup dir=/home/shellcode/.rustup fstype=btrfs
Disable /tmp/ssh-XXXXXWarning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
X409B7Q
Disable /home/shellcode/.gnupg
Disable /home/shellcode/.local/share/pki
Disable /home/shellcode/.pki
Disable /home/shellcode/.ssh
Disable /usr/local/sbin
Disable /usr/local/bin/strace
Disable /usr/bin/strace
Disable /usr/lib/ssh
Disable /usr/lib/dbus-1.0/dbus-daemon-launch-helper
Disable /usr/lib/chromium/chrome-sandbox
Disable /.snapshots
Warning (blacklisting): cannot open /run/user/1000/.dbus-proxy: Permission denied
Warning (blacklisting): cannot open /run/user/1000/.flatpak: Permission denied
Warning (blacklisting): cannot open /run/user/1000/.flatpak-cache: Permission denied
Warning (blacklisting): cannot open /run/user/1000/.flatpak-helper: Permission denied
Warning (blacklisting): cannot open /run/user/1000/app: Permission denied
Warning (blacklisting): cannot open /run/user/1000/doc: Permission denied
Warning (blacklisting): cannot open /run/user/1000/snapd-session-agent.socket: Permission denied
Disable /proc/config.gz
Warning (blacklisting): cannot open /run/user/1000/*.lock: Permission denied
Warning (blacklisting): cannot open /run/user/1000/inaccessible: Permission denied
Warning (blacklisting): cannot open /run/user/1000/pk-debconf-socket: Permission denied
Warning (blacklisting): cannot open /run/user/1000/update-notifier.pid: Permission denied
Not blacklist /home/shellcode/.rustup
Disable /usr/src
Disable /usr/local/src
Not blacklist /usr/include
Disable /usr/local/include
Mounting noexec /home/shellcode
1926 1904 0:23 /firejail/firejail.ro.dir /home/shellcode/.ssh ro,nosuid,nodev,relatime master:12 - tmpfs run rw,mode=755,inode64
mountid=1926 fsname=/firejail/firejail.ro.dir dir=/home/shellcode/.ssh fstype=tmpfs
Mounting noexec /home/shellcode/.dotfiles/.config/sway
1927 1916 0:23 /firejail/firejail.ro.dir /home/shellcode/.dotfiles/.config/sway ro,nosuid,nodev,noexec,relatime master:12 - tmpfs run rw,mode=755,inode64
mountid=1927 fsname=/firejail/firejail.ro.dir dir=/home/shellcode/.dotfiles/.config/sway fstype=tmpfs
Mounting noexec /home/shellcode/.config/dconf
1928 1906 0:26 /@home/shellcode/.config/dconf /home/shellcode/.config/dconf ro,nosuid,nodev,noexec,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home
mountid=1928 fsname=/@home/shellcode/.config/dconf dir=/home/shellcode/.config/dconf fstype=btrfs
Mounting noexec /home/shellcode/.config/systemd
1929 1907 0:23 /firejail/firejail.ro.dir /home/shellcode/.config/systemd ro,nosuid,nodev,noexec,relatime master:12 - tmpfs run rw,mode=755,inode64
mountid=1929 fsname=/firejail/firejail.ro.dir dir=/home/shellcode/.config/systemd fstype=tmpfs
Mounting noexec /home/shellcode/.local/share/systemd
1930 1908 0:23 /firejail/firejail.ro.dir /home/shellcode/.local/share/systemd ro,nosuid,nodev,noexec,relatime master:12 - tmpfs run rw,mode=755,inode64
mountid=1930 fsname=/firejail/firejail.ro.dir dir=/home/shellcode/.local/share/systemd fstype=tmpfs
Mounting noexec /home/shellcode/.bash_logout
1931 1909 0:26 /@home/shellcode/.bash_logout /home/shellcode/.bash_logout ro,nosuid,nodev,noexec,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home
mountid=1931 fsname=/@home/shellcode/.bash_logout dir=/home/shellcode/.bash_logout fstype=btrfs
Mounting noexec /home/shellcode/.bash_profile
1932 1910 0:26 /@home/shellcode/.bash_profile /home/shellcode/.bash_profile ro,nosuid,nodev,noexec,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home
mountid=1932 fsname=/@home/shellcode/.bash_profile dir=/home/shellcode/.bash_profile fstype=btrfs
Mounting noexec /home/shellcode/.bashrc
1933 1911 0:26 /@home/shellcode/.bashrc /home/shellcode/.bashrc ro,nosuid,nodev,noexec,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home
mountid=1933 fsname=/@home/shellcode/.bashrc dir=/home/shellcode/.bashrc fstype=btrfs
Mounting noexec /home/shellcode/.dotfiles/.profile
1934 1917 0:26 /@home/shellcode/.dotfileWarning: not remounting /home/shellcode/.ssh/config
s/.profile /home/shellcode/.dotfiles/.profile ro,nosuid,nodev,noexec,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home
mountid=1934 fsname=/@home/shellcode/.dotfiles/.profile dir=/home/shellcode/.dotfiles/.profile fstype=btrfs
Mounting noexec /home/shellcode/.dotfiles/.config/nvim
1935 1918 0:26 /@home/shellcode/.dotfiles/.config/nvim /home/shellcode/.dotfiles/.config/nvim ro,nosuid,nodev,noexec,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home
mountid=1935 fsname=/@home/shellcode/.dotfiles/.config/nvim dir=/home/shellcode/.dotfiles/.config/nvim fstype=btrfs
Mounting noexec /home/shellcode/.dotfiles
1942 1941 0:26 /@home/shellcode/.dotfiles/.config/nvim /home/shellcode/.dotfiles/.config/nvim ro,nosuid,nodev,noexec,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home
mountid=1942 fsname=/@home/shellcode/.dotfiles/.config/nvim dir=/home/shellcode/.dotfiles/.config/nvim fstype=btrfs
Mounting noexec /home/shellcode/.local/share/nvim
1943 1919 0:26 /@home/shellcode/.local/share/nvim /home/shellcode/.local/share/nvim ro,nosuid,nodev,noexec,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home
mountid=1943 fsname=/@home/shellcode/.local/share/nvim dir=/home/shellcode/.local/share/nvim fstype=btrfs
Mounting noexec /home/shellcode/.local/state/nvim
1944 1920 0:26 /@home/shellcode/.local/state/nvim /home/shellcode/.local/state/nvim ro,nosuid,nodev,noexec,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home
mountid=1944 fsname=/@home/shellcode/.local/state/nvim dir=/home/shellcode/.local/state/nvim fstype=btrfs
Mounting noexec /home/shellcode/.cargo/bin
1945 1921 0:26 /@home/shellcode/.cargo/bin /home/shellcode/.cargo/bin ro,nosuid,nodev,noexec,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home
mountid=1945 fsname=/@home/shellcode/.cargo/bin dir=/home/shellcode/.cargo/bin fstype=btrfs
Mounting noexec /home/shellcode/.rustup
1946 1922 0:26 /@home/shellcode/.rustup /home/shellcode/.rustup ro,nosuid,nodev,noexec,noatime,nodiratime master:44 - btrfs /dev/mapper/archlinux rw,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/@home
mountid=1946 fsname=/@home/shellcode/.rustup dir=/home/shellcode/.rustup fstype=btrfs
Mounting noexec /home/shellcode/.gnupg
1947 1923 0:23 /firejail/firejail.ro.dir /home/shellcode/.gnupg ro,nosuid,nodev,noexec,relatime master:12 - tmpfs run rw,mode=755,inode64
mountid=1947 fsname=/firejail/firejail.ro.dir dir=/home/shellcode/.gnupg fstype=tmpfs
Mounting noexec /home/shellcode/.local/share/pki
1948 1924 0:23 /firejail/firejail.ro.dir /home/shellcode/.local/share/pki ro,nosuid,nodev,noexec,relatime master:12 - tmpfs run rw,mode=755,inode64
mountid=1948 fsname=/firejail/firejail.ro.dir dir=/home/shellcode/.local/share/pki fstype=tmpfs
Mounting noexec /home/shellcode/.pki
1949 1925 0:23 /firejail/firejail.ro.dir /home/shellcode/.pki ro,nosuid,nodev,noexec,relatime master:12 - tmpfs run rw,mode=755,inode64
mountid=1949 fsname=/firejail/firejail.ro.dir dir=/home/shellcode/.pki fstype=tmpfs
Mounting noexec /home/shellcode/.ssh
1950 1926 0:23 /firejail/firejail.ro.dir /home/shellcode/.ssh ro,nosuid,nodev,noexec,relatime master:12 - tmpfs run rw,mode=755,inode64
mountid=1950 fsname=/firejail/firejail.ro.dir dir=/home/shellcode/.ssh fstype=tmpfs
Mounting noexec /run/user/1000
1951 1867 0:23 /firejail/firejail.ro.dir /run/user/1000 ro,nosuid,nodev,noexec,relatime master:12 - tmpfs run rw,mode=755,inode64
mountid=1951 fsname=/firejail/firejail.ro.dir dir=/run/user/1000 fstype=tmpfs
Mounting noexec /dev/shm
1952 1789 0:203 /shm /dev/shm rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64
mountid=1952 fsname=/shm dir=/dev/shm fstype=tmpfs
Mounting noexec /tmp
1954 1953 0:23 /firejail/firWarning: not remounting /home/shellcode/.ssh/config
Warning: not remounting /home/shellcode/.cargo/bin
Warning: not remounting /home/shellcode/.cargo/bin
ejail.ro.dir /tmp/ssh-XXXXXX409B7Q ro,nosuid,nodev,relatime master:12 - tmpfs run rw,mode=755,inode64
mountid=1954 fsname=/firejail/firejail.ro.dir dir=/tmp/ssh-XXXXXX409B7Q fstype=tmpfs
Mounting noexec /tmp/ssh-XXXXXX409B7Q
1955 1954 0:23 /firejail/firejail.ro.dir /tmp/ssh-XXXXXX409B7Q ro,nosuid,nodev,noexec,relatime master:12 - tmpfs run rw,mode=755,inode64
mountid=1955 fsname=/firejail/firejail.ro.dir dir=/tmp/ssh-XXXXXX409B7Q fstype=tmpfs
Not blacklist /usr/local/bin/lua*
Not blacklist /usr/bin/lua*
Not blacklist /home/shellcode/.local/bin/lua*
Disable /usr/include/luajit-2.1
Disable /usr/include/lua.h
Disable /usr/include/lua.hpp
Disable /usr/include/luaconf.h
Disable /usr/include/lualib.h
Not blacklist /usr/lib/liblua++.so
Not blacklist /usr/lib/liblua++.so.5.4
Not blacklist /usr/lib/liblua++.so.5.4.6
Not blacklist /usr/lib/liblua++5.4.so
Not blacklist /usr/lib/liblua.so
Not blacklist /usr/lib/liblua.so.5.4
Not blacklist /usr/lib/liblua.so.5.4.6
Not blacklist /usr/lib/liblua5.4.so
Not blacklist /usr/lib/libluajit-5.1.so
Not blacklist /usr/lib/libluajit-5.1.so.2
Not blacklist /usr/lib/libluajit-5.1.so.2.1.1700008891
Not blacklist /usr/lib/lua
Not blacklist /usr/lib64/liblua++.so
Not blacklist /usr/lib64/liblua++.so.5.4
Not blacklist /usr/lib64/liblua++.so.5.4.6
Not blacklist /usr/lib64/liblua++5.4.so
Not blacklist /usr/lib64/liblua.so
Not blacklist /usr/lib64/liblua.so.5.4
Not blacklist /usr/lib64/liblua.so.5.4.6
Not blacklist /usr/lib64/liblua5.4.so
Not blacklist /usr/lib64/libluajit-5.1.so
Not blacklist /usr/lib64/libluajit-5.1.so.2
Not blacklist /usr/lib64/libluajit-5.1.so.2.1.1700008891
Not blacklist /usr/lib64/lua
Not blacklist /usr/share/lua*
Disable /usr/include/node
Disable /usr/lib/perl5
Disable /usr/lib/perl5 (requested /usr/lib64/perl5)
Disable /usr/share/perl5
Disable /usr/lib/ruby
Disable /usr/lib/ruby (requested /usr/lib64/ruby)
Disable /usr/include/python3.11
Disable /usr/lib/python3.11
Disable /usr/lib/python3.11 (requested /usr/lib64/python3.11)
Disable /home/shellcode/.cache/babl
Disable /home/shellcode/.cache/chromium
Disable /home/shellcode/.cache/gegl-0.4
Disable /home/shellcode/.cache/keepassxc
Disable /home/shellcode/.cache/mozilla
Not blacklist /home/shellcode/.cache/nvim
Disable /home/shellcode/.cache/pip
Disable /home/shellcode/.cargo
Disable /home/shellcode/.config/Signal
Disable /home/shellcode/.config/chromium
Disable /home/shellcode/.dotfiles/.config/chromium-flags.conf (requested /home/shellcode/.config/chromium-flags.conf)
Disable /home/shellcode/.config/deluge
Disable /home/shellcode/.dotfiles/.config/electron-flags.conf (requested /home/shellcode/.config/electron-flags.conf)
Disable /home/shellcode/.config/flameshot
Disable /home/shellcode/.dotfiles/.config/git (requested /home/shellcode/.config/git)
Disable /home/shellcode/.config/keepassxc
Disable /home/shellcode/.config/libreoffice
Not blacklist /home/shellcode/.config/nvim
Disable /home/shellcode/.config/pavucontrol.ini
Disable /home/shellcode/.config/remmina
Disable /home/shellcode/.config/transmission
Not blacklist /home/shellcode/.local/share/man
Disable /home/shellcode/.local/share/remmina
Disable /home/shellcode/.mozilla
Disable /home/shellcode/.wget-hsts
Warning (blacklisting): cannot open /run/user/1000/*firefox*: Permission denied
Warning (blacklisting): cannot open /run/user/1000/akonadi: Permission denied
Warning (blacklisting): cannot open /run/user/1000/psd/*firefox*: Permission denied
Directory ${DOCUMENTS} resolved as documents
Disable /home/shellcode/documents
Directory ${MUSIC} resolved as media/music
Disable /home/shellcode/media/music
Directory ${PICTURES} resolved as media/pictures
Disable /home/shellcode/media/pictures
Directory ${VIDEOS} resolved as media/videos
Disable /home/shellcode/media/videos
Mounting read-only /home/shellcode
2068 1996 0:23 /firejail/firejail.ro.dir /home/shellcode/media/videos ro,nosuid,nodev,relatime master:12 - tmpfs run rw,mode=755,inode64
mountid=2068 fsname=/firejail/firejail.ro.dir dir=/home/shellcode/media/videos fstype=tmpfs
Disable /tmp/.X11-unix
Mounting tmpfs on /home/shelDISPLAY is not set
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 04 00 c000003e   jeq ARCH_64 0006 (false 0002)
 0002: 20 00 00 00000000   ld  data.syscall-number
 0003: 15 01 00 00000167   jeq unknown 0005 (false 0004)
 0004: 06 00 00 7fff0000   ret ALLOW
 0005: 05 00 00 00000009   jmp 000f
 0006: 20 00 00 00000004   ld  data.architecture
 0007: 15 01 00 c000003e   jeq ARCH_64 0009 (false 0008)
 0008: 06 00 00 7fff0000   ret ALLOW
 0009: 20 00 00 00000000   ld  data.syscall-number
 000a: 35 01 00 40000000   jge X32_ABI 000c (false 000b)
 000b: 35 01 00 00000000   jge read 000d (false 000c)
 000c: 06 00 00 00050001   ret ERRNO(1)
 000d: 15 01 00 00000029   jeq socket 000f (false 000e)
 000e: 06 00 00 7fff0000   ret ALLOW
 000f: 20 00 00 00000010   ld  data.args[0]
 0010: 15 00 01 00000001   jeq 1 0011 (false 0012)
 0011: 06 00 00 7fff0000   ret ALLOW
 0012: 06 00 00 0005005f   ret ERRNO(95)
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 40000003   jeq ARCH_32 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 15 30 00 00000015   jeq 15 0035 (false 0005)
 0005: 15 2f 00 00000034   jeq 34 0035 (false 0006)
 0006: 15 2e 00 0000001a   jeq 1a 0035 (false 0007)
 0007: 15 2d 00 0000011b   jeq 11b 0035 (false 0008)
 0008: 15 2c 00 00000155   jeq 155 0035 (false 0009)
 0009: 15 2b 00 00000156   jeq 156 0035 (false 000a)
 000a: 15 2a 00 0000007f   jeq 7f 0035 (false 000b)
 000b: 15 29 00 00000080   jeq 80 0035 (false 000c)
 000c: 15 28 00 0000015e   jeq 15e 0035 (false 000d)
 000d: 15 27 00 00000081   jeq 81 0035 (false 000e)
 000e: 15 26 00 0000006e   jeq 6e 0035 (false 000f)
 000f: 15 25 00 00000065   jeq 65 0035 (false 0010)
 0010: 15 24 00 00000121   jeq 121 0035 (false 0011)
 0011: 15 23 00 00000057   jeq 57 0035 (false 0012)
 0012: 15 22 00 00000073   jeq 73 0035 (false 0013)
 0013: 15 21 00 00000067   jeq 67 0035 (false 0014)
 0014: 15 20 00 0000015b   jeq 15b 0035 (false 0015)
 0015: 15 1f 00 0000015c   jeq 15c 0035 (false 0016)
 0016: 15 1e 00 00000087   jeq 87 0035 (false 0017)
 0017: 15 1d 00 00000095   jeq 95 0035 (false 0018)
 0018: 15 1c 00 0000007c   jeq 7c 0035 (false 0019)
 0019: 15 1b 00 00000157   jeq 157 0035 (false 001a)
 001a: 15 1a 00 000000fd   jeq fd 0035 (false 001b)
 001b: 15 19 00 00000150   jeq 150 0035 (false 001c)
 001c: 15 18 00 00000152   jeq 152 0035 (false 001d)
 001d: 15 17 00 0000015d   jeq 15d 0035 (false 001e)
 001e: 15 16 00 0000011e   jeq 11e 0035 (false 001f)
 001f: 15 15 00 0000011f   jeq 11f 0035 (false 0020)
 0020: 15 14 00 00000120   jeq 120 0035 (false 0021)
 0021: 15 13 00 00000056   jeq 56 0035 (false 0022)
 0022: 15 12 00 00000033   jeq 33 0035 (false 0023)
 0023: 15 11 00 0000007b   jeq 7b 0035 (false 0024)
 0024: 15 10 00 000000d9   jeq d9 0035 (false 0025)
 0025: 15 0f 00 000000f5   jeq f5 0035 (false 0026)
 0026: 15 0e 00 000000f6   jeq f6 0035 (false 0027)
 0027: 15 0d 00 000000f7   jeq f7 0035 (false 0028)
 0028: 15 0c 00 000000f8   jeq f8 0035 (false 0029)
 0029: 15 0b 00 000000f9   jeq f9 0035 (false 002a)
 002a: 15 0a 00 00000101   jeq 101 0035 (false 002b)
 002b: 15 09 00 00000112   jeq 112 0035 (false 002c)
 002c: 15 08 00 00000114   jeq 114 0035 (false 002d)
 002d: 15 07 00 00000126   jeq 126 0035 (false 002e)
 002e: 15 06 00 0000013d   jeq 13d 0035 (false 002f)
 002f: 15 05 00 0000013c   jeq 13c 0035 (false 0030)
 0030: 15 04 00 0000003d   jeq 3d 0035 (false 0031)
 0031: 15 03 00 00000058   jeq 58 0035 (false 0032)
 0032: 15 02 00 000000a9   jeq a9 0035 (false 0033)
 0033: 15 01 00 00000082   jeq 82 0035 (false 0034)
 0034: 06 00 00 7fff0000   ret ALLOW
 0035: 06 00 00 00050001   ret ERRNO(1)
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 35 01 00 40000000   jge X32_ABI 0006 (false 0005)
 0005: 35 01 00 00000000   jge read 0007 (false 0006)
 0006: 06 00 00 00050001   ret ERRNO(1)
 0007: 15 47 00 0000009f   jeq adjtimex 004f (false 0008)
 0008: 15 46 00 00000131   jeq clock_adjtime 004f (false 0009)
 0009: 15 45 00 000000e3   jeq clock_settime 004f (false 000a)
 000a: 15 44 00 000000a4   jeq settimeofday 004f (false 000b)
 000b: 15 43 00 0000009a   jeq modify_ldt 004f (false 000c)
 000c: 15 42 00 000000d4   jeq lookup_dcookie 004f (false 000d)
 000d: 15 41 00 0000012a   jeq perf_event_open 004f (false 000e)
 000e: 15 40 00 000001b6   jeq pidfd_getfd 004f (false 000f)
 000f: 15 3f 00 00000137   jeq process_vm_writev 004f (false 0010)
 0010: 15 3e 00 000000b0   jeq delete_module 004f (false 0011)
 0011: 15 3d 00 00000139   jeq finit_module 004f (false 0012)
 0012: 15 3c 00 000000af   jeq init_module 004f (false 0013)
 0013: 15 3b 00 000000a1   jeq chroot 004f (false 0014)
 0014: 15 3a 00 000001af   jeq fsconfig 004f (false 0015)
 0015: 15 39 00 000001b0   jeq fsmount 004f (false 0016)
 0016: 15 38 00 000001ae   jeq fsopen 004f (false 0017)
 0017: 15 37 00 000001b1   jeq fspick 004f (false 0018)
 0018: 15 36 00 000000a5   jeq mount 004f (false 0019)
 0019: 15 35 00 000001ad   jeq move_mount 004f (false 001a)
 001a: 15 34 00 000001ac   jeq open_tree 004f (false 001b)
 001b: 15 33 00 0000009b   jeq pivot_root 004f (false 001c)
 001c: 15 32 00 000000a6   jeq umount2 004f (false 001d)
 001d: 15 31 00 0000009c   jeq _sysctl 004f (false 001e)
 001e: 15 30 00 000000b7   jeq afs_syscall 004f (false 001f)
 001f: 15 2f 00 000000ae   jeq create_module 004f (false 0020)
 0020: 15 2e 00 000000b1   jeq get_kernel_syms 004f (false 0021)
 0021: 15 2d 00 000000b5   jeq getpmsg 004f (false 0022)
 0022: 15 2c 00 000000b6   jeq putpmsg 004f (false 0023)
 0023: 15 2b 00 000000b2   jeq query_module 004f (false 0024)
 0024: 15 2a 00 000000b9   jeq security 004f (false 0025)
 0025: 15 29 00 0000008b   jeq sysfs 004f (false 0026)
 0026: 15 28 00 000000b8   jeq tuxcall 004f (false 0027)
 0027: 15 27 00 00000086   jeq uselib 004f (false 0028)
 0028: 15 26 00 00000088   jeq ustat 004f (false 0029)
 0029: 15 25 00 000000ec   jeq vserver 004f (false 002a)
 002a: 15 24 00 000000ad   jeq ioperm 004f (false 002b)
 002b: 15 23 00 000000ac   jeq iopl 004f (false 002c)
 002c: 15 22 00 000000f6   jeq kexec_load 004f (false 002d)
 002d: 15 21 00 00000140   jeq kexec_file_load 004f (false 002e)
 002e: 15 20 00 000000a9   jeq reboot 004f (false 002f)
 002f: 15 1f 00 000000a7   jeq swapon 004f (false 0030)
 0030: 15 1e 00 000000a8   jeq swapoff 004f (false 0031)
 0031: 15 1d 00 00000130   jeq open_by_handle_at 004f (false 0032)
 0032: 15 1c 00 0000012f   jeq name_to_handle_at 004f (false 0033)
 0033: 15 1b 00 000000fb   jeq ioprio_set 004f (false 0034)
 0034: 15 1a 00 00000067   jeq syslog 004f (false 0035)
 0035: 15 19 00 0000012c   jeq fanotify_init 004f (false 0036)
 0036: 15 18 00 000000f8   jeq add_key 004f (false 0037)
 0037: 15 17 00 000000f9   jeq request_key 004f (false 0038)
 0038: 15 16 00 000000ed   jeq mbind 004f (false 0039)
 0039: 15 15 00 00000100   jeq migrate_pages 004f (false 003a)
 003a: 15 14 00 00000117   jeq move_pages 004f (false 003b)
 003b: 15 13 00 000000fa   jeq keyctl 004f (false 003c)
 003c: 15 12 00 000000ce   jeq io_setup 004f (false 003d)
 003d: 15 11 00 000000cf   jeq io_destroy 004f (false 003e)
 003e: 15 10 00 000000d0   jeq io_getevents 004f (false 003f)
 003f: 15 0f 00 000000d1   jeq io_submit 004f (false 0040)
 0040: 15 0e 00 000000d2   jeq io_cancel 004f (false 0041)
 0041: 15 0d 00 000000d8   jeq remap_file_pages 004f (false 0042)
 0042: 15 0c 00 000000ee   jeq set_mempolicy 004f (false 0043)
 0043: 15 0b 00 00000116   jeq vmsplice 004f (false 0044)
 0044: 15 0a 00 00000143   jeq userfaultfd 004f (false 0045)
 0045: 15 09 00 000000a3   jeq acct 004f (false 0046)
 0046: 15 08 00 00000141   jeq bpf 004f (false 0047)
 0047: 15 07 00 000000b4   jeq nfsservctl 004f (false 0048)
 0048: 15 06 00 000000ab   jeq setdomainname 004f (false 0049)
 0049: 15 05 00 000000aa   jeq sethostname 004f (false 004a)
 004a: 15 04 00 00000099   jeq vhangup 004f (false 004b)
 004b: 15 03 00 00000065   jeq ptrace 004f (false 004c)
 004c: 15 02 00 00000087   jeq personality 004f (false 004d)
 004d: 15 01 00 00000136   jeq process_vm_readv 004f (false 004e)
 004e: 06 00 00 7fff0000   ret ALLOW
 004f: 06 00 01 00050001   ret ERRNO(1)
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 35 01 00 40000000   jge X32_ABI 0006 (false 0005)
 0005: 35 01 00 00000000   jge read 0007 (false 0006)
 0006: 06 00 00 00050001   ret ERRNO(1)
 0007: 15 00 05 00000009   jeq mmap 0008 (false 000d)
 0008: 20 00 00 00000020   ld  data.args[10]
 0009: 54 00 00 00000006   and 00000006
 000a: 15 00 01 00000006   jeq 6 000b (false 000c)
 000b: 06 00 00 00050001   ret ERRNO(1)
 000c: 06 00 00 7fff0000   ret ALLOW
 000d: 15 00 05 0000000a   jeq a 000e (false 0013)
 000e: 20 00 00 00000020   ld  data.args[10]
 000f: 54 00 00 00000004   and 00000004
 0010: 15 00 01 00000004   jeq 4 0011 (false 0012)
 0011: 06 00 00 00050001   ret ERRNO(1)
 0012: 06 00 00 7fff0000   ret ALLOW
 0013: 15 00 05 00000149   jeq 149 0014 (false 0019)
 0014: 20 00 00 00000020   ld  data.args[10]
 0015: 54 00 00 00000004   and 00000004
 0016: 15 00 01 00000004   jeq 4 0017 (false 0018)
 0017: 06 00 00 00050001   ret ERRNO(1)
 0018: 06 00 00 7fff0000   ret ALLOW
 0019: 15 00 05 0000001e   jeq 1e 001a (false 001f)
 001a: 20 00 00 00000020   ld  data.args[10]
 001b: 54 00 00 00008000   and 00008000
 001c: 15 00 01 00008000   jeq 8000 001d (false 001e)
 001d: 06 00 00 00050001   ret ERRNO(1)
 001e: 06 00 00 7fff0000   ret ALLOW
 001f: 15 00 01 0000013f   jeq 13f 0020 (false 0021)
 0020: 06 00 00 00050001   ret ERRNO(1)
 0021: 06 00 00 7fff0000   ret ALLOW
 0022: 06 00 00 7fff0000   ret ALLOW
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 40000003   jeq ARCH_32 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 15 00 01 0000005a   jeq 5a 0005 (false 0006)
 0005: 06 00 00 00050001   ret ERRNO(1)
 0006: 15 00 05 000000c0   jeq c0 0007 (false 000c)
 0007: 20 00 00 00000020   ld  data.args[10]
 0008: 54 00 00 00000006   and 00000006
 0009: 15 00 01 00000006   jeq 6 000a (false 000b)
 000a: 06 00 00 00050001   ret ERRNO(1)
 000b: 06 00 00 7fff0000   ret ALLOW
 000c: 15 00 05 0000007d   jeq 7d 000d (false 0012)
 000d: 20 00 00 00000020   ld  data.args[10]
 000e: 54 00 00 00000004   and 00000004
 000f: 15 00 01 00000004   jeq 4 0010 (false 0011)
 0010: 06 00 00 00050001   ret ERRNO(1)
 0011: 06 00 00 7fff0000   ret ALLOW
 0012: 15 00 05 0000017c   jeq 17c 0013 (false 0018)
 0013: 20 00 00 00000020   ld  data.args[10]
 0014: 54 00 00 00000004   and 00000004
 0015: 15 00 01 00000004   jeq 4 0016 (false 0017)
 0016: 06 00 00 00050001   ret ERRNO(1)
 0017: 06 00 00 7fff0000   ret ALLOW
 0018: 15 00 05 0000018d   jeq 18d 0019 (false 001e)
 0019: 20 00 00 00000020   ld  data.args[10]
 001a: 54 00 00 00008000   and 00008000
 001b: 15 00 01 00008000   jeq 8000 001c (false 001d)
 001c: 06 00 00 00050001   ret ERRNO(1)
 001d: 06 00 00 7fff0000   ret ALLOW
 001e: 15 00 01 00000164   jeq 164 001f (false 0020)
 001f: 06 00 00 00050001   ret ERRNO(1)
 0020: 06 00 00 7fff0000   ret ALLOW
 0021: 06 00 00 7fff0000   ret ALLOW
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 c000003e   jeq ARCH_64 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 35 01 00 40000000   jge X32_ABI 0006 (false 0005)
 0005: 35 01 00 00000000   jge read 0007 (false 0006)
 0006: 06 00 00 00050001   ret ERRNO(1)
 0007: 15 00 04 00000038   jeq clone 0008 (false 000c)
 0008: 20 00 00 00000010   ld  data.args[0]
 0009: 45 00 01 7e020000   jset 7e020000 000a (false 000b)
 000a: 06 00 00 00050001   ret ERRNO(1)
 000b: 06 00 00 7fff0000   ret ALLOW
 000c: 15 00 01 000001b3   jeq 1b3 000d (false 000e)
 000d: 06 00 00 00050026   ret ERRNO(38)
 000e: 15 00 04 00000110   jeq 110 000f (false 0013)
 000f: 20 00 00 00000010   ld  data.args[0]
 0010: 45 00 01 7e020080   jset 7e020080 0011 (false 0012)
 0011: 06 00 00 00050001   ret ERRNO(1)
 0012: 06 00 00 7fff0000   ret ALLOW
 0013: 15 00 04 00000134   jeq 134 0014 (false 0018)
 0014: 20 00 00 00000018   ld  data.args[8]
 0015: 15 01 00 00000000   jeq 0 0017 (false 0016)
 0016: 45 00 01 7e020080   jset 7e020080 0017 (false 0018)
 0017: 06 00 00 00050001   ret ERRNO(1)
 0018: 06 00 00 7fff0000   ret ALLOW
 0019: 06 00 00 7fff0000   ret ALLOW
 line  OP JT JF    K
=================================
 0000: 20 00 00 00000004   ld  data.architecture
 0001: 15 01 00 40000003   jeq ARCH_32 0003 (false 0002)
 0002: 06 00 00 7fff0000   ret ALLOW
 0003: 20 00 00 00000000   ld  data.syscall-number
 0004: 15 00 04 00000078   jeq 78 0005 (false 0009)
 0005: 20 00 00 00000010   ld  data.args[0]
 0006: 45 00 01 7e020000   jset 7e020000 0007 (false 0008)
 0007: 06 00 00 00050001   ret ERRNO(1)
 0008: 06 00 00 7fff0000   ret ALLOW
 0009: 15 00 01 000001b3   jeq 1b3 000a (false 000b)
 000a: 06 00 00 00050026   ret ERRNO(38)
 000b: 15 00 04 00000136   jeq 136 000c (false 0010)
 000c: 20 00 00 00000010   ld  data.args[0]
 000d: 45 00 01 7e020080   jset 7e020080 000e (false 000f)
 000e: 06 00 00 00050001   ret ERRNO(1)
 000f: 06 00 00 7fff0000   ret ALLOW
 0010: 15 00 04 0000015a   jeq 15a 0011 (false 0015)
 0011: 20 00 00 00000018   ld  data.args[8]
 0012: 15 01 00 00000000   jeq 0 0014 (false 0013)
 0013: 45 00 01 7e020080   jset 7e020080 0014 (false 0015)
 0014: 06 00 00 00050001   ret ERRNO(1)
 0015: 06 00 00 7fff0000   ret ALLOW
 0016: 06 00 00 7fff0000   ret ALLOW
lcode/.cache, check owner: yes
2070 1996 0:210 / /home/shellcode/.cache rw,nosuid,nodev,noexec,noatime,nodiratime - tmpfs tmpfs rw,mode=755,uid=1000,gid=1000,inode64
mountid=2070 fsname=/ dir=/home/shellcode/.cache fstype=tmpfs
Disable /sys/fs
Disable /sys/module
disable pulseaudio
blacklist /home/shellcode/.config/pulse
disable pipewire
Current directory: /home/shellcode/dev
Install protocol filter: unix
configuring 19 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol
sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol 
configuring 54 seccomp entries in /run/firejail/mnt/seccomp/seccomp.32
sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp.32 
Dual 32/64 bit seccomp filter configured
configuring 80 seccomp entries in /run/firejail/mnt/seccomp/seccomp
sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp 
seccomp filter configured
Install memory write&execute filter
configuring 35 seccomp entries in /run/firejail/mnt/seccomp/seccomp.mdwx
sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp.mdwx 
configuring 34 seccomp entries in /run/firejail/mnt/seccomp/seccomp.mdwx.32
sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp.mdwx.32 
Build restrict-namespaces filter
sbox run: /run/firejail/lib/fseccomp restrict-namespaces /run/firejail/mnt/seccomp/seccomp.namespaces cgroup,ipc,net,mnt,pid,time,user,uts 
restrict-namespaces filter configured
Build restrict-namespaces filter
sbox run: /run/firejail/lib/fseccomp restrict-namespaces.32 /run/firejail/mnt/seccomp/seccomp.namespaces.32 cgroup,ipc,net,mnt,pid,time,user,uts 
restrict-namespaces filter configured
Install namespaces filter
configuring 26 seccomp entries in /run/firejail/mnt/seccomp/seccomp.namespaces
sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp.namespaces 
configuring 23 seccomp entries in /run/firejail/mnt/seccomp/seccomp.namespaces.32
sbox run: /run/firejail/lib/fsec-print /run/firejail/mnt/seccomp/seccomp.namespaces.32 
Mounting read-only /run/firejail/mnt/seccomp
2074 1728 0:149 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755,inode64
mountid=2074 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs
Seccomp directory:
ls /run/firejail/mnt/seccomp
drwxr-xr-x root     root             240 .
drwxr-xr-x root     root             320 ..
-rw-r--r-- shellcod shellcod         640 seccomp
-rw-r--r-- shellcod shellcod         432 seccomp.32
-rw-r--r-- shellcod shellcod         288 seccomp.list
-rw-r--r-- shellcod shellcod         280 seccomp.mdwx
-rw-r--r-- shellcod shellcod         272 seccomp.mdwx.32
-rw-r--r-- shellcod shellcod         208 seccomp.namespaces
-rw-r--r-- shellcod shellcod         184 seccomp.namespaces.32
-rw-r--r-- shellcod shellcod           0 seccomp.postexec
-rw-r--r-- shellcod shellcod           0 seccomp.postexec32
-rw-r--r-- shellcod shellcod         152 seccomp.protocol
Active seccomp files:
cat /run/firejail/mnt/seccomp/seccomp.list
/run/firejail/mnt/seccomp/seccomp.protocol
/run/firejail/mnt/seccomp/seccomp.32
/run/firejail/mnt/seccomp/seccomp
/run/firejail/mnt/seccomp/seccomp.mdwx
/run/firejail/mnt/seccomp/seccomp.mdwx.32
/run/firejail/mnt/seccomp/seccomp.namespaces
/run/firejail/mnt/seccomp/seccomp.namespaces.32
nogroups command not ignored
nogroups command not ignored
Dropping all capabilities
noroot user namespace installed
Dropping all capabilities
NO_NEW_PRIVS set
Drop privileges: pid 1, uid 1000, gid 1000, force_nogroups 0
No supplementary groups
AppArmor enabled
Closing non-standard file descriptors
Child process initialized in 338.37 ms
Starting application
LD_PRELOAD=(null)
execvp argument 0: /usr/bin/man
execvp argument 1: sendfile

sendfile(2)                                                                         System Calls Manual                                                                        sendfile(2)

NAME
       sendfile - transfer data between file descriptors

LIBRARY
       Standard C library (libc, -lc)

SYNOPSIS
       #include <sys/sendfile.h>

       ssize_t sendfile(int out_fd, int in_fd, off_t *_Nullable offset,
                        size_t count);

DESCRIPTION
       sendfile()  copies  data between one file descriptor and another.  Because this copying is done within the kernel, sendfile() is more efficient than the combination of read(2) and
       write(2), which would require transferring data to and from user space.

       in_fd should be a file descriptor opened for reading and out_fd should be a descriptor opened for writing.

       If offset is not NULL, then it points to a variable holding the file offset from which sendfile() will start reading data from in_fd.  When sendfile() returns, this variable  will
       be set to the offset of the byte following the last byte that was read.  If offset is not NULL, then sendfile() does not modify the file offset of in_fd; otherwise the file offset
       is adjusted to reflect the number of bytes read from in_fd.

       If offset is NULL, then data will be read from in_fd starting at the file offset, and the file offset will be updated by the call.

       count is the number of bytes to copy between the file descriptors.

       The in_fd argument must correspond to a file which supports mmap(2)-like operations (i.e., it cannot be a socket).

       Before Linux 2.6.33, out_fd must refer to a socket.  Since Linux 2.6.33 it can be any file.  If it is a regular file, then sendfile() changes the file offset appropriately.

RETURN VALUE
       If  the  transfer  was  successful,  the number of bytes written to out_fd is returned.  Note that a successful call to sendfile() may write fewer bytes than requested; the caller
       should be prepared to retry the call if there were unsent bytes.  See also NOTES.

       On error, -1 is returned, and errno is set to indicate the error.

ERRORS
       EAGAIN Nonblocking I/O has been selected using O_NONBLOCK and the write would block.

       EBADF  The input file was not opened for reading or the output file was not opened for writing.

       EFAULT Bad address.

       EINVAL Descriptor is not valid or locked, or an mmap(2)-like operation is not available for in_fd, or count is negative.

       EINVAL out_fd has the O_APPEND flag set.  This is not currently supported by sendfile().

       EIO    Unspecified error while reading from in_fd.

       ENOMEM Insufficient memory to read from in_fd.

       EOVERFLOW
              count is too large, the operation would result in exceeding the maximum size of either the input file or the output file.

       ESPIPE offset is not NULL but the input file is not seekable.

VERSIONS
       Other UNIX systems implement sendfile() with different semantics and prototypes.  It should not be used in portable programs.

STANDARDS
       None.

HISTORY
       Linux 2.2, glibc 2.1.

       In Linux 2.4 and earlier, out_fd could also refer to a regular file; this possibility went away in the Linux 2.6.x kernel series, but was restored in Linux 2.6.33.

       The original Linux sendfile() system call was not designed to handle large file offsets.  Consequently, Linux 2.4 added sendfile64(), with a wider type for  the  offset  argument.
       The glibc sendfile() wrapper function transparently deals with the kernel differences.

NOTES
       sendfile() will transfer at most 0x7ffff000 (2,147,479,552) bytes, returning the number of bytes actually transferred.  (This is true on both 32-bit and 64-bit systems.)

       If  you  plan  to use sendfile() for sending files to a TCP socket, but need to send some header data in front of the file contents, you will find it useful to employ the TCP_CORK
       option, described in tcp(7), to minimize the number of packets and to tune performance.

       Applications may wish to fall back to read(2) and write(2) in the case where sendfile() fails with EINVAL or ENOSYS.

       If out_fd refers to a socket or pipe with zero-copy support, callers must ensure the transferred portions of the file referred to by in_fd remain unmodified until  the  reader  on
       the other end of out_fd has consumed the transferred data.

       The Linux-specific splice(2) call supports transferring data between arbitrary file descriptors provided one (or both) of them is a pipe.

SEE ALSO
       copy_file_range(2), mmap(2), open(2), socket(2), splice(2)

Linux man-pages 6.05.01                                                                 2023-07-15                                                                             sendfile(2)

Parent is shutting down, bye...

@ShellCode33
Copy link
Author

I tried to copy the whole nvim.profile into man.local and tweak it a bit:

private-bin apropos,bash,cat,catman,col,gpreconv,groff,grotty,gunzip,gzip,less,man,most,nroff,preconv,sed,sh,tbl,tr,troff,whatis,which,xtotroff,zcat,zsoelim,nvim,strace
include allow-lua.inc

noblacklist ${HOME}/.vim
noblacklist ${HOME}/.vimrc
noblacklist ${HOME}/.cache/nvim
noblacklist ${HOME}/.config/nvim
noblacklist ${HOME}/.dotfiles/.config/nvim
noblacklist ${HOME}/.local/share/nvim
noblacklist ${HOME}/.local/state/nvim

whitelist /usr/share/nvim

include whitelist-runuser-common.inc

ipc-namespace
machine-id
net none
no3d
nodvd
nogroups
noinput
nonewprivs
noroot
notv
nou2f
novideo
protocol unix,inet,inet6
seccomp
seccomp.block-secondary
tracelog
x11 none

private-dev

dbus-user none
dbus-system none

read-only ${HOME}/.config
read-only ${HOME}/.dotfiles
read-only ${HOME}/.dotfiles/.config
read-write ${HOME}/.config/nvim
read-write ${HOME}/.dotfiles/config/nvim
read-write ${HOME}/.local/share/nvim
read-write ${HOME}/.local/state/nvim
read-write ${HOME}/.vim
read-write ${HOME}/.vimrc
restrict-namespaces

Still the same error

@kmk3
Copy link
Collaborator

kmk3 commented Nov 30, 2023

@glitsj16 on Nov 30:

Yeah that won't work, but you're on the right track. You only need to
cherrypick the nvim configuration paths and add those into man.local:

$ cat ~/.config/firejail/man.local
include allow-lua.inc

noblacklist ${HOME}/.vim
noblacklist ${HOME}/.vimrc
noblacklist ${HOME}/.cache/nvim
noblacklist ${HOME}/.config/nvim
noblacklist ${HOME}/.local/share/nvim
noblacklist ${HOME}/.local/state/nvim

whitelist /usr/share/nvim

What does that do?

I managed to get it working with the following in man.local:

ignore memory-deny-write-execute

# Allow lua (blacklisted by disable-interpreters.inc)
include allow-lua.inc

noblacklist ${HOME}/.vim
noblacklist ${HOME}/.vimrc
noblacklist ${HOME}/.cache/nvim
noblacklist ${HOME}/.config/nvim
noblacklist ${HOME}/.local/share/nvim
noblacklist ${HOME}/.local/state/nvim

whitelist /usr/share/nvim

read-write ${HOME}/.local/state/nvim

Note: The read-write entry is only needed to avoid warnings.

@ShellCode33 Does that work for you?

@ShellCode33
Copy link
Author

ShellCode33 commented Nov 30, 2023
edited
Loading

Works like a charm, thanks a lot ! The key thing seems to be ignore memory-deny-write-execute, I'd be glad to know why w+x memory is required though.

Small additional note, I had errors you apparently didn't have which seem to be related to my/your nvim config.

The first one I had to solve was related to nvim swap mechanism, I don't want them anyway so instead of changing the firejail profile, I disabled it in my nvim config:

vim.opt.swapfile = false

The second one I've been unable to solve for now is related to treesitter:

Error detected while processing User Autocommands for "VeryLazy":
Parser dir ' /home/shellcode/.local/share/nvim/lazy/nvim-treesitter/parser ' should be read/write (see README on how to configure an alternative install location) /home/shellcode/.local/share
/nvim/lazy/nvim-treesitter/parser '

I'm not sure why the write permission is required for ~/.local/share/nvim/lazy/nvim-treesitter/parser as it only contains .so files.

I tried to add read-write ${HOME}/.local/share/nvim/lazy/nvim-treesitter/parser to man.local but it doesn't work. Still the same error.

This is not an error that prevents me from reading the man page, but the warning is annoying:

image

@kmk3
Copy link
Collaborator

kmk3 commented Dec 1, 2023

@ShellCode33 on Nov 30:

Works like a charm, thanks a lot !

No problem.

The key thing seems to be ignore memory-deny-write-execute, I'd be glad to
know why w+x memory is required though.

Probably for executing Vimscript, Lua, etc.

Small additional note, I had errors you apparently didn't have which seem to
be related to my/your nvim config.

The first one I had to solve was related to nvim swap mechanism, I don't want
them anyway so instead of changing the firejail profile, I disabled it in my
nvim config:

vim.opt.swapfile = false

With the default configuration, if the swapfile and shada file are disabled in
the command line, then it should work without any read-write entries:

MANPAGER='nvim -n -i NONE +Man!' firejail /usr/bin/man sendfile

The second one I've been unable to solve for now is related to treesitter:

Error detected while processing User Autocommands for "VeryLazy":
Parser dir ' /home/shellcode/.local/share/nvim/lazy/nvim-treesitter/parser ' should be read/write (see README on how to configure an alternative install location) /home/shellcode/.local/share
/nvim/lazy/nvim-treesitter/parser '

I tried to add read-write ${HOME}/.local/share/nvim/lazy/nvim-treesitter/parser to man.local but it
doesn't work. Still the same error.

This is not an error that prevents me from reading the man page, but the
warning is annoying:

Note that there are multiple read-only nvim entries:

$ grep -R '^read-only .*nvim' /etc/firejail/
/etc/firejail/disable-common.inc:read-only ${HOME}/.config/nvim
/etc/firejail/disable-common.inc:read-only ${HOME}/.local/share/nvim
/etc/firejail/disable-common.inc:read-only ${HOME}/.local/state/nvim

In this case the read-write command might need to match the existing
read-only command:

read-write ${HOME}/.local/share/nvim

@ShellCode33
Copy link
Author

Thanks for your reply. I tried to add all these read-write statements but it doesn't seem to work. I think the issue might be that man.profile first include man.local and THEN include disable-common.inc. Therefore the read-write directive is overridden by the read-only one. Any advice on how to workaround that ?

@kmk3
Copy link
Collaborator

kmk3 commented Dec 1, 2023

Thanks for your reply. I tried to add all these read-write statements but it
doesn't seem to work. I think the issue might be that man.profile first
include man.local and THEN include disable-common.inc. Therefore the
read-write directive is overridden by the read-only one. Any advice on how to
workaround that ?

Good catch; though the read-write entries did remove the warnings when I was
testing, so maybe something changed in 0.9.73.

How about the following?

# ignore entries from disable-common.inc
ignore read-only ${HOME}/.local/share/nvim
ignore read-only ${HOME}/.local/state/nvim

# because of read-only ${HOME}
read-write ${HOME}/.local/share/nvim
read-write ${HOME}/.local/state/nvim

@ShellCode33
Copy link
Author

Nop still doesn't work :/

Here's what my man.local looks like so far:

ignore memory-deny-write-execute

# Allow lua (blacklisted by disable-interpreters.inc)
include allow-lua.inc

noblacklist ${HOME}/.cache/nvim
noblacklist ${HOME}/.config/nvim
noblacklist ${HOME}/.local/share/nvim
noblacklist ${HOME}/.local/state/nvim

whitelist /usr/share/nvim

# ignore entries from disable-common.inc
ignore read-only ${HOME}/.local/share/nvim
ignore read-only ${HOME}/.local/state/nvim

read-write ${HOME}/.local/share/nvim
read-write ${HOME}/.local/state/nvim

restrict-namespaces

@kmk3
Copy link
Collaborator

kmk3 commented Dec 2, 2023

Nop still doesn't work :/

Is the error still about treesitter read/write?

What is the neovim and treesitter plugin version?

How is treesitter configured in neovim?

Does it still happen with firejail-git?

If you join the sandbox, what are the permissions in the treesitter
directories?

Can you create files in them?

Example:

MANPAGER='nvim -n -i NONE +Man!' firejail --name=nvim /usr/bin/man sendfile

# in another shell
firejail --join=nvim
ls -l    ~/.local/share/nvim/lazy/nvim-treesitter/parser
mkdir -p ~/.local/share/nvim/lazy/nvim-treesitter/parser
touch    ~/.local/share/nvim/lazy/nvim-treesitter/parser/test
ls -l    ~/.local/share/nvim/lazy/nvim-treesitter/parser

@ShellCode33
Copy link
Author

ShellCode33 commented Dec 3, 2023
edited
Loading

Is the error still about treesitter read/write?

Yes it is

What is the neovim and treesitter plugin version?

Neovim up to date with ArchLinux repo

$ nvim --version
NVIM v0.9.4
Build type: Release
LuaJIT 2.1.1700008891

I don't know what is the version of Treesitter but it is built into Neovim, so for reproducibility purposes, having neovim 0.9.4 would give the same Treesitter version.

However I use the nvim-treesitter plugin which - from what I understand - is a common interface for other plugins to build onto. And I'm on b41bbcb (almost the head). I might be wrong but I don't think this plugin is relevant.

How is treesitter configured in neovim?

I use LazyVim which configures it for me, its Treesitter configuration can be found here ("Full spec" must be selected)

My whole neovim config can be found here.

Does it still happen with firejail-git?

Yes it does, the exact same error

$ firejail --version
firejail version 0.9.73

Can you create files in them?

No

$ touch    ~/.local/share/nvim/lazy/nvim-treesitter/parser/test
touch: cannot touch '/home/shellcode/.local/share/nvim/lazy/nvim-treesitter/parser/test': Read-only file system
Full logs of the commands you provided 
$ firejail --join=29029
Switching to pid 29000, the first child process inside the sandbox
Changing root to /proc/29000/root
Child process initialized in 24.71 ms
$ ls -l    ~/.local/share/nvim/lazy/nvim-treesitter/parser
total 12172
-rwx------ 1 shellcode shellcode 1127520 Nov 30 19:42 bash.so
-rwx------ 1 shellcode shellcode   98088 Nov 30 19:42 cmake.so
-rwx------ 1 shellcode shellcode 3339232 Nov 30 19:43 cpp.so
-rwx------ 1 shellcode shellcode  699960 Nov 30 19:42 c.so
-rwx------ 1 shellcode shellcode   31936 Nov 30 19:42 diff.so
-rwx------ 1 shellcode shellcode   60616 Nov 30 19:42 dockerfile.so
-rwx------ 1 shellcode shellcode   29296 Nov 30 19:42 html.so
-rwx------ 1 shellcode shellcode  578448 Nov 30 19:42 javascript.so
-rwx------ 1 shellcode shellcode   23616 Nov 30 19:42 jsdoc.so
-rwx------ 1 shellcode shellcode   40296 Nov 30 19:42 json5.so
-rwx------ 1 shellcode shellcode   17896 Nov 30 19:42 jsonc.so
-rwx------ 1 shellcode shellcode   19648 Nov 30 19:42 json.so
-rwx------ 1 shellcode shellcode  105664 Nov 30 19:42 luadoc.so
-rwx------ 1 shellcode shellcode   23808 Nov 30 19:42 luap.so
-rwx------ 1 shellcode shellcode   65656 Nov 30 19:42 lua.so
-rwx------ 1 shellcode shellcode  339872 Nov 30 19:42 markdown_inline.so
-rwx------ 1 shellcode shellcode  353088 Nov 30 19:42 markdown.so
-rwx------ 1 shellcode shellcode   44224 Nov 30 19:42 ninja.so
-rwx------ 1 shellcode shellcode  512408 Nov 30 19:42 python.so
-rwx------ 1 shellcode shellcode   36032 Nov 30 19:42 query.so
-rwx------ 1 shellcode shellcode   23616 Nov 30 19:42 regex.so
-rwx------ 1 shellcode shellcode   73904 Nov 30 19:43 ron.so
-rwx------ 1 shellcode shellcode   67200 Nov 30 19:42 rst.so
-rwx------ 1 shellcode shellcode  979328 Nov 30 19:43 rust.so
-rwx------ 1 shellcode shellcode   36712 Nov 30 19:42 toml.so
-rwx------ 1 shellcode shellcode 1204680 Nov 30 19:43 tsx.so
-rwx------ 1 shellcode shellcode 1163704 Nov 30 19:43 typescript.so
-rwx------ 1 shellcode shellcode  101568 Nov 30 19:42 vimdoc.so
-rwx------ 1 shellcode shellcode 1013000 Nov 30 19:43 vim.so
-rwx------ 1 shellcode shellcode  194944 Nov 30 19:42 yaml.so
$ mkdir -p ~/.local/share/nvim/lazy/nvim-treesitter/parser
$ touch    ~/.local/share/nvim/lazy/nvim-treesitter/parser/test
touch: cannot touch '/home/shellcode/.local/share/nvim/lazy/nvim-treesitter/parser/test': Read-only file system

Process tree in case that's useful:

shellco+    9053  1.1  1.9 2765948 231148 ?      Sl   19:13   0:36 /usr/bin/wezterm-gui
shellco+    9060  0.0  0.0  14132 10396 pts/0    Ss   19:13   0:01  \_ /usr/bin/zsh
shellco+   28999  0.0  0.0   4472  2816 pts/0    S+   20:03   0:00  |   \_ firejail /usr/bin/man sendfile
shellco+   29000  0.0  0.0   6096  3304 pts/0    S+   20:03   0:00  |       \_ firejail /usr/bin/man sendfile
shellco+   29013  0.0  0.0   8776  4416 pts/0    S+   20:03   0:00  |           \_ /usr/bin/man sendfile
shellco+   29023  0.0  0.0  13720  8192 pts/0    Sl+  20:03   0:00  |               \_ nvim -n -i NONE +Man!
shellco+   29029  0.7  0.2  29672 25088 ?        Ssl  20:03   0:02  |                   \_ nvim --embed -n -i NONE +Man!

Note: my man.local hasn't changed between my last comment and this one

Again, thanks a lot for your help

@kmk3 kmk3 changed the title Unable to use nvim as man pager man: cannot use nvim as man pager Aug 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@glitsj16 @ShellCode33 @kmk3