Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

--netlock does not work (Error: no valid sandbox) #5312

Closed
4 tasks done
distinctjuggle opened this issue Aug 13, 2022 · 3 comments
Closed
4 tasks done

--netlock does not work (Error: no valid sandbox) #5312

distinctjuggle opened this issue Aug 13, 2022 · 3 comments
Labels
bug Something isn't working

Comments

@distinctjuggle
Copy link

distinctjuggle commented Aug 13, 2022
edited
Loading

Description

Attempting to pass --netlock doesn't seem to be recognized by firejail - there is no terminal indication of it being present (as was demonstrated in the demo video for netlock's release), and I am able to access other networks that have not been connected to well after the default 1 minute timeout.

I also seem to get the following output in any command that I run which contains --netlock: Error: no valid sandbox

It seemingly makes no difference as to which command is run, or if I include the --net option as specified as required for --netlock

It should also be noted that the error appears with a delay. For example, running nano will cause the error to appear inside of the text editor. Running htop will cause the error to appear as new lines as the bottom of the screen. Running a command/program which has a longer startup will show up as a normal line of logs in a terminal.

Steps to Reproduce

firejail --net=eth0 --netlock --noprofile *any command*
firejail --netlock --noprofile *any command*
firejail --netlock *any command*

All of the above will still output the same error, and netlock's specific logs are not present anywhere

Expected behavior

I expected netlock to function

Actual behavior

Netlock did not function

Behavior without a profile

Profile has no bearing

Additional context

I'm just trying to limit a program to local network traffic only. This seemed like the easiest way that I could find, since I can control what this device tries to connect to within the first minute or so.

Environment

  • Arch Linux repo package - repo version 0.9.70-2
  • Firejail version 0.9.70

Checklist

  • [] The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it).
  • I can reproduce the issue without custom modifications (e.g. globals.local).
  • The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
  • The profile (and redirect profile if exists) hasn't already been fixed upstream.
  • I have performed a short search for similar issues (to avoid opening a duplicate).
    • [] I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.
  • [] I used --profile=PROFILENAME to set the right profile. (Only relevant for AppImages)

Log

Output of LC_ALL=C firejail /path/to/program

Nothing from firejail, unless I pass the --netlock option with or without --net=eth0 (then I get: Error: no valid sandbox)

Output of LC_ALL=C firejail --debug /path/to/program

No errors other than the previously mentioned Error: no valid sandbox when passing --netlock.

I ran both firejail with no options, as well as with the options which cause the problem. Note that since echo is a short command, the relevant error shows up after the command has finished:

$ LC_ALL=C firejail --debug --net=eth0 --netlock --noprofile echo "2"
Autoselecting /bin/bash as shell
Building quoted command line: 'echo' '2' 
Command name #echo#
get interface eth0 configuration
MTU of eth0 is 1500.
macvlan parent device eth0 at 192.168.0.35/24
DISPLAY=:0 parsed as 0
Parent pid 16706, child pid 16707
Initializing child process
sbox run: /usr/lib/firejail/fnet create macvlan eth0-16706 eth0 16707 
Set caps filter 3000
Host network configured
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp directory
Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file
sbox run: /run/firejail/lib/fnet ifup lo 
Set caps filter 3000
sbox run: /run/firejail/lib/fnet ifup eth0-16706 
Set caps filter 3000
ARP-scan eth0-16706, 192.168.0.35/24
IP address range from 192.168.0.1 to 192.168.0.255
Trying 192.168.0.22 ...
Configuring 192.168.0.22 address on interface eth0-16706
sbox run: /run/firejail/lib/fnet config interface eth0-16706 3232235542 4294967040 1500 
Set caps filter 3000
Announce 192.168.0.22 ...
Network namespace enabled

sbox run: /run/firejail/lib/fnet printif 
Set caps filter 3000
Interface        MAC                IP               Mask             Status
lo                                  127.0.0.1        255.0.0.0        UP    
eth0-16706       mac                192.168.0.22     255.255.255.0    UP    
Default gateway 192.168.0.1

Mounting /proc filesystem representing the PID namespace
Basic read-only filesystem:
Mounting read-only /etc
563 409 8:2 /etc /etc ro,relatime master:1 - ext4 /dev/sda2 rw
mountid=563 fsname=/etc dir=/etc fstype=ext4
Mounting noexec /etc
564 563 8:2 /etc /etc ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/sda2 rw
mountid=564 fsname=/etc dir=/etc fstype=ext4
Mounting read-only /var
565 409 8:2 /var /var ro,relatime master:1 - ext4 /dev/sda2 rw
mountid=565 fsname=/var dir=/var fstype=ext4
Mounting noexec /var
566 565 8:2 /var /var ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/sda2 rw
mountid=566 fsname=/var dir=/var fstype=ext4
Mounting read-only /usr
567 409 8:2 /usr /usr ro,relatime master:1 - ext4 /dev/sda2 rw
mountid=567 fsname=/usr dir=/usr fstype=ext4
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Mounting tmpfs on /var/lib/dhcp
Mounting tmpfs on /var/cache/lighttpd
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Cleaning /run/user directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /home/user/.config/firejail
Disable /run/firejail/sandbox
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/profile
Disable /run/firejail/x11
blacklist /run/firejail/dbus
Mounting read-only /proc/sys
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/timer_list
Disable /proc/kcore
Disable /proc/kallsyms
Disable /usr/lib/modules/5.18.16-arch1-1/build (requested /usr/src/linux)
Disable /usr/lib/modules (requested /lib/modules)
Disable /usr/lib/debug
Disable /boot
Disable /dev/port
Disable /run/user/1000/gnupg
Disable /run/user/1000/systemd
Disable /dev/kmsg
Disable /proc/kmsg
Disable /sys/fs
Disable /sys/module
rebuilding /etc directory
Creating empty /run/firejail/mnt/dns-etc/UPower directory
Creating empty /run/firejail/mnt/dns-etc/ftester directory
Creating empty /run/firejail/mnt/dns-etc/mkinitcpio.d directory
Creating empty /run/firejail/mnt/dns-etc/sudo.conf file
Creating empty /run/firejail/mnt/dns-etc/mail.rc file
Creating empty /run/firejail/mnt/dns-etc/fang.conf file
Creating empty /run/firejail/mnt/dns-etc/my.cnf file
Creating empty /run/firejail/mnt/dns-etc/sane.d directory
Creating empty /run/firejail/mnt/dns-etc/resolv.conf file
Creating empty /run/firejail/mnt/dns-etc/lsb-release file
Creating empty /run/firejail/mnt/dns-etc/daxctl.conf.d directory
Creating empty /run/firejail/mnt/dns-etc/conf.d directory
Creating empty /run/firejail/mnt/dns-etc/sqlmap.conf file
Creating empty /run/firejail/mnt/dns-etc/dhcpd6.conf file
Creating empty /run/firejail/mnt/dns-etc/gss directory
Creating empty /run/firejail/mnt/dns-etc/btscanner directory
Creating empty /run/firejail/mnt/dns-etc/openpmix directory
Creating empty /run/firejail/mnt/dns-etc/modprobe.d directory
Creating empty /run/firejail/mnt/dns-etc/reaver directory
Creating empty /run/firejail/mnt/dns-etc/alsa directory
Creating empty /run/firejail/mnt/dns-etc/bind.keys file
Creating empty /run/firejail/mnt/dns-etc/moloch directory
Creating empty /run/firejail/mnt/dns-etc/man_db.conf file
Creating empty /run/firejail/mnt/dns-etc/snort directory
Creating empty /run/firejail/mnt/dns-etc/sniffjoke directory
Creating empty /run/firejail/mnt/dns-etc/sslsplit directory
Creating empty /run/firejail/mnt/dns-etc/lynx.cfg file
Creating empty /run/firejail/mnt/dns-etc/openldap directory
Creating empty /run/firejail/mnt/dns-etc/e2scrub.conf file
Creating empty /run/firejail/mnt/dns-etc/profile file
Creating empty /run/firejail/mnt/dns-etc/passwd- file
Creating empty /run/firejail/mnt/dns-etc/netctl directory
Creating empty /run/firejail/mnt/dns-etc/xprobe2 directory
Creating empty /run/firejail/mnt/dns-etc/cron.monthly directory
Creating empty /run/firejail/mnt/dns-etc/nscd.conf file
Creating empty /run/firejail/mnt/dns-etc/fstab file
Creating empty /run/firejail/mnt/dns-etc/fl0p directory
Creating empty /run/firejail/mnt/dns-etc/tpm2-tss directory
Creating empty /run/firejail/mnt/dns-etc/rsyncd.conf file
Creating empty /run/firejail/mnt/dns-etc/gssapi_mech.conf file
Creating empty /run/firejail/mnt/dns-etc/krb5.conf file
Creating empty /run/firejail/mnt/dns-etc/ssh directory
Creating empty /run/firejail/mnt/dns-etc/airoscript-ng directory
Creating empty /run/firejail/mnt/dns-etc/skel directory
Creating empty /run/firejail/mnt/dns-etc/mtools.conf file
Creating empty /run/firejail/mnt/dns-etc/passwd.pacnew file
Creating empty /run/firejail/mnt/dns-etc/arpon.sarpi file
Creating empty /run/firejail/mnt/dns-etc/login.defs file
Creating empty /run/firejail/mnt/dns-etc/default directory
Creating empty /run/firejail/mnt/dns-etc/dnsmasq.conf file
Creating empty /run/firejail/mnt/dns-etc/gshadow- file
Creating empty /run/firejail/mnt/dns-etc/zmap directory
Creating empty /run/firejail/mnt/dns-etc/php directory
Creating empty /run/firejail/mnt/dns-etc/lighttpd directory
Creating empty /run/firejail/mnt/dns-etc/bash_completion.d directory
Creating empty /run/firejail/mnt/dns-etc/pipewire directory
Creating empty /run/firejail/mnt/dns-etc/makepkg.conf file
Creating empty /run/firejail/mnt/dns-etc/gnuradio directory
Creating empty /run/firejail/mnt/dns-etc/libva.conf file
Creating empty /run/firejail/mnt/dns-etc/sslh.cfg file
Creating empty /run/firejail/mnt/dns-etc/libsmbios directory
Creating empty /run/firejail/mnt/dns-etc/initcpio directory
Creating empty /run/firejail/mnt/dns-etc/mdadm.conf file
Creating empty /run/firejail/mnt/dns-etc/prometheus directory
Creating empty /run/firejail/mnt/dns-etc/apache2 directory
Creating empty /run/firejail/mnt/dns-etc/healthd.conf file
Creating empty /run/firejail/mnt/dns-etc/siegerc file
Creating empty /run/firejail/mnt/dns-etc/drirc.pacnew file
Creating empty /run/firejail/mnt/dns-etc/openmpi directory
Creating empty /run/firejail/mnt/dns-etc/GeoIP.conf file
Creating empty /run/firejail/mnt/dns-etc/unbound directory
Creating empty /run/firejail/mnt/dns-etc/environment file
Creating empty /run/firejail/mnt/dns-etc/inetsim directory
Creating empty /run/firejail/mnt/dns-etc/nfs.conf file
Creating empty /run/firejail/mnt/dns-etc/postfix directory
Creating empty /run/firejail/mnt/dns-etc/ndctl directory
Creating empty /run/firejail/mnt/dns-etc/dnsrecon directory
Creating empty /run/firejail/mnt/dns-etc/hostapd-wpe directory
Creating empty /run/firejail/mnt/dns-etc/junkie directory
Creating empty /run/firejail/mnt/dns-etc/fuse.conf file
Creating empty /run/firejail/mnt/dns-etc/grub.d directory
Creating empty /run/firejail/mnt/dns-etc/gtk-2.0 directory
Creating empty /run/firejail/mnt/dns-etc/ld.so.cache file
Creating empty /run/firejail/mnt/dns-etc/pam.d directory
Creating empty /run/firejail/mnt/dns-etc/mplayer directory
Creating empty /run/firejail/mnt/dns-etc/speech-dispatcher directory
Creating empty /run/firejail/mnt/dns-etc/vnstat.conf file
Creating empty /run/firejail/mnt/dns-etc/dhcpcd.secret file
Creating empty /run/firejail/mnt/dns-etc/sudoers file
Creating empty /run/firejail/mnt/dns-etc/machinae.yml file
Creating empty /run/firejail/mnt/dns-etc/dhcpcd.duid file
Creating empty /run/firejail/mnt/dns-etc/nsswitch.conf file
Creating empty /run/firejail/mnt/dns-etc/named.conf file
Creating empty /run/firejail/mnt/dns-etc/3proxy directory
Creating empty /run/firejail/mnt/dns-etc/logrotate.conf file
Creating empty /run/firejail/mnt/dns-etc/.updated file
Creating empty /run/firejail/mnt/dns-etc/group file
Creating empty /run/firejail/mnt/dns-etc/crypttab file
Creating empty /run/firejail/mnt/dns-etc/unicornscan directory
Creating empty /run/firejail/mnt/dns-etc/rc_keymaps directory
Creating empty /run/firejail/mnt/dns-etc/signond.conf file
Creating empty /run/firejail/mnt/dns-etc/NetworkManager directory
Creating empty /run/firejail/mnt/dns-etc/securetty file
Creating empty /run/firejail/mnt/dns-etc/bindresvport.blacklist file
Creating empty /run/firejail/mnt/dns-etc/hostname file
Creating empty /run/firejail/mnt/dns-etc/locale.gen.pacnew file
Creating empty /run/firejail/mnt/dns-etc/mana-toolkit directory
Creating empty /run/firejail/mnt/dns-etc/services file
Creating empty /run/firejail/mnt/dns-etc/rc_maps.cfg file
Creating empty /run/firejail/mnt/dns-etc/java-openjdk directory
Creating empty /run/firejail/mnt/dns-etc/tigervnc directory
Creating empty /run/firejail/mnt/dns-etc/swanctl directory
Creating empty /run/firejail/mnt/dns-etc/netconfig file
Creating empty /run/firejail/mnt/dns-etc/kernel directory
Creating empty /run/firejail/mnt/dns-etc/freetds directory
Creating empty /run/firejail/mnt/dns-etc/ipsec.conf file
Creating empty /run/firejail/mnt/dns-etc/guymager directory
Creating empty /run/firejail/mnt/dns-etc/cifs-utils directory
Creating empty /run/firejail/mnt/dns-etc/host.conf file
Creating empty /run/firejail/mnt/dns-etc/mono directory
Creating empty /run/firejail/mnt/dns-etc/shadow.pacnew file
Creating empty /run/firejail/mnt/dns-etc/cron.deny file
Creating empty /run/firejail/mnt/dns-etc/gconf directory
Creating empty /run/firejail/mnt/dns-etc/libvirt directory
Creating empty /run/firejail/mnt/dns-etc/bitcoin directory
Creating empty /run/firejail/mnt/dns-etc/rpc file
Creating empty /run/firejail/mnt/dns-etc/mercurial directory
Creating empty /run/firejail/mnt/dns-etc/opt directory
Creating empty /run/firejail/mnt/dns-etc/proxychains.conf file
Creating empty /run/firejail/mnt/dns-etc/yasat directory
Creating empty /run/firejail/mnt/dns-etc/polkit-1 directory
Creating empty /run/firejail/mnt/dns-etc/pacman.conf.pacnew file
Creating empty /run/firejail/mnt/dns-etc/odbcinst.ini file
Creating empty /run/firejail/mnt/dns-etc/xinetd.d directory
Creating empty /run/firejail/mnt/dns-etc/udev directory
Creating empty /run/firejail/mnt/dns-etc/texmf directory
Creating empty /run/firejail/mnt/dns-etc/tor directory
Creating empty /run/firejail/mnt/dns-etc/vpnc directory
Creating empty /run/firejail/mnt/dns-etc/screenrc file
Creating empty /run/firejail/mnt/dns-etc/sasl2 directory
Creating empty /run/firejail/mnt/dns-etc/hosts.pacnew file
Creating empty /run/firejail/mnt/dns-etc/sensors.d directory
Creating empty /run/firejail/mnt/dns-etc/arpalert directory
Creating empty /run/firejail/mnt/dns-etc/hyperion directory
Creating empty /run/firejail/mnt/dns-etc/ethertypes file
Creating empty /run/firejail/mnt/dns-etc/dhcp_fingerprints.conf file
Creating empty /run/firejail/mnt/dns-etc/locale.gen file
Creating empty /run/firejail/mnt/dns-etc/ODBCDataSources directory
Creating empty /run/firejail/mnt/dns-etc/ld.so.conf.d directory
Creating empty /run/firejail/mnt/dns-etc/urlview directory
Creating empty /run/firejail/mnt/dns-etc/libinput directory
Creating empty /run/firejail/mnt/dns-etc/libnl directory
Creating empty /run/firejail/mnt/dns-etc/netsniff-ng directory
Creating empty /run/firejail/mnt/dns-etc/tinyproxy directory
Creating empty /run/firejail/mnt/dns-etc/asound.conf.backup file
Creating empty /run/firejail/mnt/dns-etc/iproute2 directory
Creating empty /run/firejail/mnt/dns-etc/raddb.default directory
Creating empty /run/firejail/mnt/dns-etc/ssl directory
Creating empty /run/firejail/mnt/dns-etc/appstream.conf file
Creating empty /run/firejail/mnt/dns-etc/jack directory
Creating empty /run/firejail/mnt/dns-etc/drirc.pacsave file
Creating empty /run/firejail/mnt/dns-etc/cron.weekly directory
Creating empty /run/firejail/mnt/dns-etc/ts.conf file
Creating empty /run/firejail/mnt/dns-etc/.pwd.lock file
Creating empty /run/firejail/mnt/dns-etc/kismet directory
Creating empty /run/firejail/mnt/dns-etc/ld.so.preload file
Creating empty /run/firejail/mnt/dns-etc/brltty.conf file
Creating empty /run/firejail/mnt/dns-etc/avahi directory
Creating empty /run/firejail/mnt/dns-etc/cron.daily directory
Creating empty /run/firejail/mnt/dns-etc/keyutils directory
Creating empty /run/firejail/mnt/dns-etc/hostapd directory
Creating empty /run/firejail/mnt/dns-etc/cvechecker.conf file
Creating empty /run/firejail/mnt/dns-etc/refind.d directory
Creating empty /run/firejail/mnt/dns-etc/machine-id file
Creating empty /run/firejail/mnt/dns-etc/wgetrc file
Creating empty /run/firejail/mnt/dns-etc/rhashrc file
Creating empty /run/firejail/mnt/dns-etc/sddm.conf file
Creating empty /run/firejail/mnt/dns-etc/dnsmasq.conf.backup file
Creating empty /run/firejail/mnt/dns-etc/malmon directory
Creating empty /run/firejail/mnt/dns-etc/bash.bashrc file
Creating empty /run/firejail/mnt/dns-etc/cpufreq-bench.conf file
Creating empty /run/firejail/mnt/dns-etc/wireguard directory
Creating empty /run/firejail/mnt/dns-etc/haka directory
Creating empty /run/firejail/mnt/dns-etc/resolv.conf.pacnew file
Creating empty /run/firejail/mnt/dns-etc/security directory
Creating empty /run/firejail/mnt/dns-etc/bluedivingNG.conf file
Creating empty /run/firejail/mnt/dns-etc/sysctl.d directory
Creating empty /run/firejail/mnt/dns-etc/mime.types file
Creating empty /run/firejail/mnt/dns-etc/tcpxtract.conf file
Creating empty /run/firejail/mnt/dns-etc/tmpfiles.d directory
Creating empty /run/firejail/mnt/dns-etc/lynis directory
Creating empty /run/firejail/mnt/dns-etc/papersize file
Creating empty /run/firejail/mnt/dns-etc/my.cnf.d directory
Creating empty /run/firejail/mnt/dns-etc/X11 directory
Creating empty /run/firejail/mnt/dns-etc/hosts file
Creating empty /run/firejail/mnt/dns-etc/lynx.lss file
Creating empty /run/firejail/mnt/dns-etc/mpv directory
Creating empty /run/firejail/mnt/dns-etc/libblockdev directory
Creating empty /run/firejail/mnt/dns-etc/logrotate.d directory
Creating empty /run/firejail/mnt/dns-etc/java-7-openjdk directory
Creating empty /run/firejail/mnt/dns-etc/slsh.rc file
Creating empty /run/firejail/mnt/dns-etc/ksysguarddrc file
Creating empty /run/firejail/mnt/dns-etc/libao.conf file
Creating empty /run/firejail/mnt/dns-etc/resolvconf.conf file
Creating empty /run/firejail/mnt/dns-etc/sagan.yaml file
Creating empty /run/firejail/mnt/dns-etc/sddm.conf.pacnew file
Creating empty /run/firejail/mnt/dns-etc/nikto.conf file
Creating empty /run/firejail/mnt/dns-etc/libaudit.conf file
Creating empty /run/firejail/mnt/dns-etc/create_ap.conf file
Creating empty /run/firejail/mnt/dns-etc/wirouterkeyrec directory
Creating empty /run/firejail/mnt/dns-etc/ImageMagick-7 directory
Creating empty /run/firejail/mnt/dns-etc/gssproxy directory
Creating empty /run/firejail/mnt/dns-etc/brlapi.key file
Creating empty /run/firejail/mnt/dns-etc/rc.d directory
Creating empty /run/firejail/mnt/dns-etc/dhcpd.conf file
Creating empty /run/firejail/mnt/dns-etc/modules-load.d directory
Creating empty /run/firejail/mnt/dns-etc/nfsmount.conf file
Creating empty /run/firejail/mnt/dns-etc/dhcpcd.conf file
Creating empty /run/firejail/mnt/dns-etc/nginx directory
Creating empty /run/firejail/mnt/dns-etc/sudoers.d directory
Creating empty /run/firejail/mnt/dns-etc/group- file
Creating empty /run/firejail/mnt/dns-etc/clamav directory
Creating empty /run/firejail/mnt/dns-etc/PackageKit directory
Creating empty /run/firejail/mnt/dns-etc/qemu directory
Creating empty /run/firejail/mnt/dns-etc/foremost.conf file
Creating empty /run/firejail/mnt/dns-etc/httpd directory
Creating empty /run/firejail/mnt/dns-etc/debuginfod directory
Creating empty /run/firejail/mnt/dns-etc/asound.conf.workingwithpulse file
Creating empty /run/firejail/mnt/dns-etc/profile.d directory
Creating empty /run/firejail/mnt/dns-etc/udisks2 directory
Creating empty /run/firejail/mnt/dns-etc/strongswan.d directory
Creating empty /run/firejail/mnt/dns-etc/fstab.pacnew file
Creating empty /run/firejail/mnt/dns-etc/OpenCL directory
Creating empty /run/firejail/mnt/dns-etc/yaf.conf file
Creating empty /run/firejail/mnt/dns-etc/gimp directory
Creating empty /run/firejail/mnt/dns-etc/multitun.conf file
Creating empty /run/firejail/mnt/dns-etc/sudo_logsrvd.conf file
Creating empty /run/firejail/mnt/dns-etc/systemd directory
Creating empty /run/firejail/mnt/dns-etc/rabbitmq directory
Creating empty /run/firejail/mnt/dns-etc/ipv6toolkit directory
Creating empty /run/firejail/mnt/dns-etc/john directory
Creating empty /run/firejail/mnt/dns-etc/arch-release file
Creating empty /run/firejail/mnt/dns-etc/elasticsearch directory
Creating empty /run/firejail/mnt/dns-etc/lvm directory
Creating empty /run/firejail/mnt/dns-etc/firejail directory
Creating empty /run/firejail/mnt/dns-etc/rkhunter.conf file
Creating empty /run/firejail/mnt/dns-etc/pacman.conf file
Creating empty /run/firejail/mnt/dns-etc/apparmor.d directory
Creating empty /run/firejail/mnt/dns-etc/couchdb directory
Creating empty /run/firejail/mnt/dns-etc/raddb directory
Creating empty /run/firejail/mnt/dns-etc/gtk-3.0 directory
Creating empty /run/firejail/mnt/dns-etc/vdpau_wrapper.cfg file
Creating empty /run/firejail/mnt/dns-etc/ndctl.conf.d directory
Creating empty /run/firejail/mnt/dns-etc/mkinitcpio.conf file
Creating empty /run/firejail/mnt/dns-etc/sudoers.pacnew file
Creating empty /run/firejail/mnt/dns-etc/pcmcia directory
Creating empty /run/firejail/mnt/dns-etc/sensors3.conf file
Creating empty /run/firejail/mnt/dns-etc/chromium directory
Creating empty /run/firejail/mnt/dns-etc/mailcap file
Creating empty /run/firejail/mnt/dns-etc/poison directory
Creating empty /run/firejail/mnt/dns-etc/pinentry directory
Creating empty /run/firejail/mnt/dns-etc/freeipmi directory
Creating empty /run/firejail/mnt/dns-etc/libpaper.d directory
Creating empty /run/firejail/mnt/dns-etc/ettercap directory
Creating empty /run/firejail/mnt/dns-etc/request-key.conf file
Creating empty /run/firejail/mnt/dns-etc/ca-certificates directory
Creating empty /run/firejail/mnt/dns-etc/wpa_supplicant directory
Creating empty /run/firejail/mnt/dns-etc/ld.so.conf file
Creating empty /run/firejail/mnt/dns-etc/ModemManager directory
Creating empty /run/firejail/mnt/dns-etc/cron.d directory
Creating empty /run/firejail/mnt/dns-etc/xml directory
Creating empty /run/firejail/mnt/dns-etc/malheur.cfg file
Creating empty /run/firejail/mnt/dns-etc/vde2 directory
Creating empty /run/firejail/mnt/dns-etc/yafDPIRules.conf file
Creating empty /run/firejail/mnt/dns-etc/audit directory
Creating empty /run/firejail/mnt/dns-etc/grokevt directory
Creating empty /run/firejail/mnt/dns-etc/nipper.conf file
Creating empty /run/firejail/mnt/dns-etc/locale.conf file
Creating empty /run/firejail/mnt/dns-etc/btoui file
Creating empty /run/firejail/mnt/dns-etc/samba directory
Creating empty /run/firejail/mnt/dns-etc/gdb directory
Creating empty /run/firejail/mnt/dns-etc/idmapd.conf file
Creating empty /run/firejail/mnt/dns-etc/sddm.conf.pacsave file
Creating empty /run/firejail/mnt/dns-etc/apparmor directory
Creating empty /run/firejail/mnt/dns-etc/gshadow file
Creating empty /run/firejail/mnt/dns-etc/fwupd directory
Creating empty /run/firejail/mnt/dns-etc/Nextcloud directory
Creating empty /run/firejail/mnt/dns-etc/pacman.d directory
Creating empty /run/firejail/mnt/dns-etc/p0f directory
Creating empty /run/firejail/mnt/dns-etc/init.d directory
Creating empty /run/firejail/mnt/dns-etc/xattr.conf file
Creating empty /run/firejail/mnt/dns-etc/nanorc file
Creating empty /run/firejail/mnt/dns-etc/passwd file
Creating empty /run/firejail/mnt/dns-etc/multipath directory
Creating empty /run/firejail/mnt/dns-etc/gvm directory
Creating empty /run/firejail/mnt/dns-etc/cron.hourly directory
Creating empty /run/firejail/mnt/dns-etc/shells.pacnew file
Creating empty /run/firejail/mnt/dns-etc/voipong directory
Creating empty /run/firejail/mnt/dns-etc/exabgp.conf file
Creating empty /run/firejail/mnt/dns-etc/lirc directory
Creating empty /run/firejail/mnt/dns-etc/ipsec.d directory
Creating empty /run/firejail/mnt/dns-etc/vimrc file
Creating empty /run/firejail/mnt/dns-etc/exports file
Creating empty /run/firejail/mnt/dns-etc/exports.d directory
Creating empty /run/firejail/mnt/dns-etc/pulse directory
Creating empty /run/firejail/mnt/dns-etc/strongswan.conf file
Creating empty /run/firejail/mnt/dns-etc/inputrc file
Creating empty /run/firejail/mnt/dns-etc/iptables directory
Creating empty /run/firejail/mnt/dns-etc/group.pacnew file
Creating empty /run/firejail/mnt/dns-etc/libreoffice directory
Creating empty /run/firejail/mnt/dns-etc/gai.conf file
Creating empty /run/firejail/mnt/dns-etc/dconf directory
Creating empty /run/firejail/mnt/dns-etc/ifplugd directory
Creating empty /run/firejail/mnt/dns-etc/ppp directory
Creating empty /run/firejail/mnt/dns-etc/xdg directory
Creating empty /run/firejail/mnt/dns-etc/odbc.ini file
Creating empty /run/firejail/mnt/dns-etc/portspoof directory
Creating empty /run/firejail/mnt/dns-etc/mke2fs.conf file
Creating empty /run/firejail/mnt/dns-etc/pkcs11 directory
Creating empty /run/firejail/mnt/dns-etc/smartd.conf file
Creating empty /run/firejail/mnt/dns-etc/protocols file
Creating empty /run/firejail/mnt/dns-etc/request-key.d directory
Creating empty /run/firejail/mnt/dns-etc/binfmt.d directory
Creating empty /run/firejail/mnt/dns-etc/openvpn directory
Creating empty /run/firejail/mnt/dns-etc/ipsec.secrets file
Creating empty /run/firejail/mnt/dns-etc/pki directory
Creating empty /run/firejail/mnt/dns-etc/resolv.conf.bak file
Creating empty /run/firejail/mnt/dns-etc/x3270 directory
Creating empty /run/firejail/mnt/dns-etc/java11-openjdk directory
Creating empty /run/firejail/mnt/dns-etc/suricata directory
Creating empty /run/firejail/mnt/dns-etc/depmod.d directory
Creating empty /run/firejail/mnt/dns-etc/bash.bash_logout file
Creating empty /run/firejail/mnt/dns-etc/zsh directory
Creating empty /run/firejail/mnt/dns-etc/stunnel directory
Creating empty /run/firejail/mnt/dns-etc/bluetooth directory
Creating empty /run/firejail/mnt/dns-etc/shadow- file
Creating empty /run/firejail/mnt/dns-etc/java-8-openjdk directory
Creating empty /run/firejail/mnt/dns-etc/fonts directory
Creating empty /run/firejail/mnt/dns-etc/fakechroot directory
Creating empty /run/firejail/mnt/dns-etc/proxydriver.d directory
Creating empty /run/firejail/mnt/dns-etc/scalpel directory
Creating empty /run/firejail/mnt/dns-etc/hcraft.modes file
Creating empty /run/firejail/mnt/dns-etc/yafApplabelRules.conf file
Creating empty /run/firejail/mnt/dns-etc/trusted-key.key file
Creating empty /run/firejail/mnt/dns-etc/gshadow.pacnew file
Creating empty /run/firejail/mnt/dns-etc/shells file
Creating empty /run/firejail/mnt/dns-etc/sshuttle directory
Creating empty /run/firejail/mnt/dns-etc/prads directory
Creating empty /run/firejail/mnt/dns-etc/issue file
Creating empty /run/firejail/mnt/dns-etc/searchsploit_rc file
Creating empty /run/firejail/mnt/dns-etc/wifi-honey directory
Creating empty /run/firejail/mnt/dns-etc/anacrontab file
Creating empty /run/firejail/mnt/dns-etc/syncplay directory
Creating empty /run/firejail/mnt/dns-etc/nfc directory
Creating empty /run/firejail/mnt/dns-etc/urls.txt file
Creating empty /run/firejail/mnt/dns-etc/shadow file
Creating empty /run/firejail/mnt/dns-etc/mongodb.conf file
Mount-bind /run/firejail/mnt/dns-etc on top of /etc
Current directory: /home/user
DISPLAY=:0 parsed as 0
Mounting read-only /run/firejail/mnt/seccomp
1325 560 0:88 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755,inode64
mountid=1325 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs
Seccomp directory:
ls /run/firejail/mnt/seccomp
drwxr-xr-x root root                 120 .
drwxr-xr-x root root                 180 ..
-rw-r--r-- user user                 568 seccomp
-rw-r--r-- user user                 432 seccomp.32
-rw-r--r-- user user                 0 seccomp.postexec
-rw-r--r-- user user                 0 seccomp.postexec32
No active seccomp files
Drop privileges: pid 1, uid 1000, gid 1000, force_nogroups 0
Closing non-standard file descriptors
Starting application
LD_PRELOAD=(null)
Running 'echo' '2'  command through /bin/bash
execvp argument 0: /bin/bash
execvp argument 1: -c
execvp argument 2: 'echo' '2' 
Child process initialized in 1100.33 ms
2
monitoring pid 6

Sandbox monitor: waitpid 6 retval 6 status 0

Parent is shutting down, bye...
$ Error: no valid sandbox









$ LC_ALL=C firejail --debug --net=eth0 --noprofile echo "2"
Autoselecting /bin/bash as shell
Building quoted command line: 'echo' '2' 
Command name #echo#
get interface eth0 configuration
MTU of eth0 is 1500.
macvlan parent device eth0 at 192.168.0.35/24
DISPLAY=:0 parsed as 0
Initializing child process
Parent pid 17079, child pid 17080
sbox run: /usr/lib/firejail/fnet create macvlan eth0-17079 eth0 17080 
Set caps filter 3000
Host network configured
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp directory
Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file
sbox run: /run/firejail/lib/fnet ifup lo 
Set caps filter 3000
sbox run: /run/firejail/lib/fnet ifup eth0-17079 
Set caps filter 3000
ARP-scan eth0-17079, 192.168.0.35/24
IP address range from 192.168.0.1 to 192.168.0.255
Trying 192.168.0.250 ...
Configuring 192.168.0.250 address on interface eth0-17079
sbox run: /run/firejail/lib/fnet config interface eth0-17079 3232235770 4294967040 1500 
Set caps filter 3000
Announce 192.168.0.250 ...
Network namespace enabled

sbox run: /run/firejail/lib/fnet printif 
Set caps filter 3000
Interface        MAC                IP               Mask             Status
lo                                  127.0.0.1        255.0.0.0        UP    
eth0-17079       mac                192.168.0.250    255.255.255.0    UP    
Default gateway 192.168.0.1

Mounting /proc filesystem representing the PID namespace
Basic read-only filesystem:
Mounting read-only /etc
563 409 8:2 /etc /etc ro,relatime master:1 - ext4 /dev/sda2 rw
mountid=563 fsname=/etc dir=/etc fstype=ext4
Mounting noexec /etc
564 563 8:2 /etc /etc ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/sda2 rw
mountid=564 fsname=/etc dir=/etc fstype=ext4
Mounting read-only /var
565 409 8:2 /var /var ro,relatime master:1 - ext4 /dev/sda2 rw
mountid=565 fsname=/var dir=/var fstype=ext4
Mounting noexec /var
566 565 8:2 /var /var ro,nosuid,nodev,noexec,relatime master:1 - ext4 /dev/sda2 rw
mountid=566 fsname=/var dir=/var fstype=ext4
Mounting read-only /usr
567 409 8:2 /usr /usr ro,relatime master:1 - ext4 /dev/sda2 rw
mountid=567 fsname=/usr dir=/usr fstype=ext4
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Mounting tmpfs on /var/lib/dhcp
Mounting tmpfs on /var/cache/lighttpd
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Cleaning /run/user directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /home/user/.config/firejail
Disable /run/firejail/sandbox
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/profile
Disable /run/firejail/x11
blacklist /run/firejail/dbus
Mounting read-only /proc/sys
Remounting /sys directory
Disable /sys/firmware
Disable /sys/hypervisor
Disable /sys/power
Disable /sys/kernel/debug
Disable /sys/kernel/vmcoreinfo
Disable /proc/sys/fs/binfmt_misc
Disable /proc/sys/kernel/core_pattern
Disable /proc/sys/kernel/modprobe
Disable /proc/sysrq-trigger
Disable /proc/sys/vm/panic_on_oom
Disable /proc/irq
Disable /proc/bus
Disable /proc/timer_list
Disable /proc/kcore
Disable /proc/kallsyms
Disable /usr/lib/modules/5.18.16-arch1-1/build (requested /usr/src/linux)
Disable /usr/lib/modules (requested /lib/modules)
Disable /usr/lib/debug
Disable /boot
Disable /dev/port
Disable /run/user/1000/gnupg
Disable /run/user/1000/systemd
Disable /dev/kmsg
Disable /proc/kmsg
Disable /sys/fs
Disable /sys/module
rebuilding /etc directory
Creating empty /run/firejail/mnt/dns-etc/UPower directory
Creating empty /run/firejail/mnt/dns-etc/ftester directory
Creating empty /run/firejail/mnt/dns-etc/mkinitcpio.d directory
Creating empty /run/firejail/mnt/dns-etc/sudo.conf file
Creating empty /run/firejail/mnt/dns-etc/mail.rc file
Creating empty /run/firejail/mnt/dns-etc/fang.conf file
Creating empty /run/firejail/mnt/dns-etc/my.cnf file
Creating empty /run/firejail/mnt/dns-etc/sane.d directory
Creating empty /run/firejail/mnt/dns-etc/resolv.conf file
Creating empty /run/firejail/mnt/dns-etc/lsb-release file
Creating empty /run/firejail/mnt/dns-etc/daxctl.conf.d directory
Creating empty /run/firejail/mnt/dns-etc/conf.d directory
Creating empty /run/firejail/mnt/dns-etc/sqlmap.conf file
Creating empty /run/firejail/mnt/dns-etc/dhcpd6.conf file
Creating empty /run/firejail/mnt/dns-etc/gss directory
Creating empty /run/firejail/mnt/dns-etc/btscanner directory
Creating empty /run/firejail/mnt/dns-etc/openpmix directory
Creating empty /run/firejail/mnt/dns-etc/modprobe.d directory
Creating empty /run/firejail/mnt/dns-etc/reaver directory
Creating empty /run/firejail/mnt/dns-etc/alsa directory
Creating empty /run/firejail/mnt/dns-etc/bind.keys file
Creating empty /run/firejail/mnt/dns-etc/moloch directory
Creating empty /run/firejail/mnt/dns-etc/man_db.conf file
Creating empty /run/firejail/mnt/dns-etc/snort directory
Creating empty /run/firejail/mnt/dns-etc/sniffjoke directory
Creating empty /run/firejail/mnt/dns-etc/sslsplit directory
Creating empty /run/firejail/mnt/dns-etc/lynx.cfg file
Creating empty /run/firejail/mnt/dns-etc/openldap directory
Creating empty /run/firejail/mnt/dns-etc/e2scrub.conf file
Creating empty /run/firejail/mnt/dns-etc/profile file
Creating empty /run/firejail/mnt/dns-etc/passwd- file
Creating empty /run/firejail/mnt/dns-etc/netctl directory
Creating empty /run/firejail/mnt/dns-etc/xprobe2 directory
Creating empty /run/firejail/mnt/dns-etc/cron.monthly directory
Creating empty /run/firejail/mnt/dns-etc/nscd.conf file
Creating empty /run/firejail/mnt/dns-etc/fstab file
Creating empty /run/firejail/mnt/dns-etc/fl0p directory
Creating empty /run/firejail/mnt/dns-etc/tpm2-tss directory
Creating empty /run/firejail/mnt/dns-etc/rsyncd.conf file
Creating empty /run/firejail/mnt/dns-etc/gssapi_mech.conf file
Creating empty /run/firejail/mnt/dns-etc/krb5.conf file
Creating empty /run/firejail/mnt/dns-etc/ssh directory
Creating empty /run/firejail/mnt/dns-etc/airoscript-ng directory
Creating empty /run/firejail/mnt/dns-etc/skel directory
Creating empty /run/firejail/mnt/dns-etc/mtools.conf file
Creating empty /run/firejail/mnt/dns-etc/passwd.pacnew file
Creating empty /run/firejail/mnt/dns-etc/arpon.sarpi file
Creating empty /run/firejail/mnt/dns-etc/login.defs file
Creating empty /run/firejail/mnt/dns-etc/default directory
Creating empty /run/firejail/mnt/dns-etc/dnsmasq.conf file
Creating empty /run/firejail/mnt/dns-etc/gshadow- file
Creating empty /run/firejail/mnt/dns-etc/zmap directory
Creating empty /run/firejail/mnt/dns-etc/php directory
Creating empty /run/firejail/mnt/dns-etc/lighttpd directory
Creating empty /run/firejail/mnt/dns-etc/bash_completion.d directory
Creating empty /run/firejail/mnt/dns-etc/pipewire directory
Creating empty /run/firejail/mnt/dns-etc/makepkg.conf file
Creating empty /run/firejail/mnt/dns-etc/gnuradio directory
Creating empty /run/firejail/mnt/dns-etc/libva.conf file
Creating empty /run/firejail/mnt/dns-etc/sslh.cfg file
Creating empty /run/firejail/mnt/dns-etc/libsmbios directory
Creating empty /run/firejail/mnt/dns-etc/initcpio directory
Creating empty /run/firejail/mnt/dns-etc/mdadm.conf file
Creating empty /run/firejail/mnt/dns-etc/prometheus directory
Creating empty /run/firejail/mnt/dns-etc/apache2 directory
Creating empty /run/firejail/mnt/dns-etc/healthd.conf file
Creating empty /run/firejail/mnt/dns-etc/siegerc file
Creating empty /run/firejail/mnt/dns-etc/drirc.pacnew file
Creating empty /run/firejail/mnt/dns-etc/openmpi directory
Creating empty /run/firejail/mnt/dns-etc/GeoIP.conf file
Creating empty /run/firejail/mnt/dns-etc/unbound directory
Creating empty /run/firejail/mnt/dns-etc/environment file
Creating empty /run/firejail/mnt/dns-etc/inetsim directory
Creating empty /run/firejail/mnt/dns-etc/nfs.conf file
Creating empty /run/firejail/mnt/dns-etc/postfix directory
Creating empty /run/firejail/mnt/dns-etc/ndctl directory
Creating empty /run/firejail/mnt/dns-etc/dnsrecon directory
Creating empty /run/firejail/mnt/dns-etc/hostapd-wpe directory
Creating empty /run/firejail/mnt/dns-etc/junkie directory
Creating empty /run/firejail/mnt/dns-etc/fuse.conf file
Creating empty /run/firejail/mnt/dns-etc/grub.d directory
Creating empty /run/firejail/mnt/dns-etc/gtk-2.0 directory
Creating empty /run/firejail/mnt/dns-etc/ld.so.cache file
Creating empty /run/firejail/mnt/dns-etc/pam.d directory
Creating empty /run/firejail/mnt/dns-etc/mplayer directory
Creating empty /run/firejail/mnt/dns-etc/speech-dispatcher directory
Creating empty /run/firejail/mnt/dns-etc/vnstat.conf file
Creating empty /run/firejail/mnt/dns-etc/dhcpcd.secret file
Creating empty /run/firejail/mnt/dns-etc/sudoers file
Creating empty /run/firejail/mnt/dns-etc/machinae.yml file
Creating empty /run/firejail/mnt/dns-etc/dhcpcd.duid file
Creating empty /run/firejail/mnt/dns-etc/nsswitch.conf file
Creating empty /run/firejail/mnt/dns-etc/named.conf file
Creating empty /run/firejail/mnt/dns-etc/3proxy directory
Creating empty /run/firejail/mnt/dns-etc/logrotate.conf file
Creating empty /run/firejail/mnt/dns-etc/.updated file
Creating empty /run/firejail/mnt/dns-etc/group file
Creating empty /run/firejail/mnt/dns-etc/crypttab file
Creating empty /run/firejail/mnt/dns-etc/unicornscan directory
Creating empty /run/firejail/mnt/dns-etc/rc_keymaps directory
Creating empty /run/firejail/mnt/dns-etc/signond.conf file
Creating empty /run/firejail/mnt/dns-etc/NetworkManager directory
Creating empty /run/firejail/mnt/dns-etc/securetty file
Creating empty /run/firejail/mnt/dns-etc/bindresvport.blacklist file
Creating empty /run/firejail/mnt/dns-etc/hostname file
Creating empty /run/firejail/mnt/dns-etc/locale.gen.pacnew file
Creating empty /run/firejail/mnt/dns-etc/mana-toolkit directory
Creating empty /run/firejail/mnt/dns-etc/services file
Creating empty /run/firejail/mnt/dns-etc/rc_maps.cfg file
Creating empty /run/firejail/mnt/dns-etc/java-openjdk directory
Creating empty /run/firejail/mnt/dns-etc/tigervnc directory
Creating empty /run/firejail/mnt/dns-etc/swanctl directory
Creating empty /run/firejail/mnt/dns-etc/netconfig file
Creating empty /run/firejail/mnt/dns-etc/kernel directory
Creating empty /run/firejail/mnt/dns-etc/freetds directory
Creating empty /run/firejail/mnt/dns-etc/ipsec.conf file
Creating empty /run/firejail/mnt/dns-etc/guymager directory
Creating empty /run/firejail/mnt/dns-etc/cifs-utils directory
Creating empty /run/firejail/mnt/dns-etc/host.conf file
Creating empty /run/firejail/mnt/dns-etc/mono directory
Creating empty /run/firejail/mnt/dns-etc/shadow.pacnew file
Creating empty /run/firejail/mnt/dns-etc/cron.deny file
Creating empty /run/firejail/mnt/dns-etc/gconf directory
Creating empty /run/firejail/mnt/dns-etc/libvirt directory
Creating empty /run/firejail/mnt/dns-etc/bitcoin directory
Creating empty /run/firejail/mnt/dns-etc/rpc file
Creating empty /run/firejail/mnt/dns-etc/mercurial directory
Creating empty /run/firejail/mnt/dns-etc/opt directory
Creating empty /run/firejail/mnt/dns-etc/proxychains.conf file
Creating empty /run/firejail/mnt/dns-etc/yasat directory
Creating empty /run/firejail/mnt/dns-etc/polkit-1 directory
Creating empty /run/firejail/mnt/dns-etc/pacman.conf.pacnew file
Creating empty /run/firejail/mnt/dns-etc/odbcinst.ini file
Creating empty /run/firejail/mnt/dns-etc/xinetd.d directory
Creating empty /run/firejail/mnt/dns-etc/udev directory
Creating empty /run/firejail/mnt/dns-etc/texmf directory
Creating empty /run/firejail/mnt/dns-etc/tor directory
Creating empty /run/firejail/mnt/dns-etc/vpnc directory
Creating empty /run/firejail/mnt/dns-etc/screenrc file
Creating empty /run/firejail/mnt/dns-etc/sasl2 directory
Creating empty /run/firejail/mnt/dns-etc/hosts.pacnew file
Creating empty /run/firejail/mnt/dns-etc/sensors.d directory
Creating empty /run/firejail/mnt/dns-etc/arpalert directory
Creating empty /run/firejail/mnt/dns-etc/hyperion directory
Creating empty /run/firejail/mnt/dns-etc/ethertypes file
Creating empty /run/firejail/mnt/dns-etc/dhcp_fingerprints.conf file
Creating empty /run/firejail/mnt/dns-etc/locale.gen file
Creating empty /run/firejail/mnt/dns-etc/ODBCDataSources directory
Creating empty /run/firejail/mnt/dns-etc/ld.so.conf.d directory
Creating empty /run/firejail/mnt/dns-etc/urlview directory
Creating empty /run/firejail/mnt/dns-etc/libinput directory
Creating empty /run/firejail/mnt/dns-etc/libnl directory
Creating empty /run/firejail/mnt/dns-etc/netsniff-ng directory
Creating empty /run/firejail/mnt/dns-etc/tinyproxy directory
Creating empty /run/firejail/mnt/dns-etc/asound.conf.backup file
Creating empty /run/firejail/mnt/dns-etc/iproute2 directory
Creating empty /run/firejail/mnt/dns-etc/raddb.default directory
Creating empty /run/firejail/mnt/dns-etc/ssl directory
Creating empty /run/firejail/mnt/dns-etc/appstream.conf file
Creating empty /run/firejail/mnt/dns-etc/jack directory
Creating empty /run/firejail/mnt/dns-etc/drirc.pacsave file
Creating empty /run/firejail/mnt/dns-etc/cron.weekly directory
Creating empty /run/firejail/mnt/dns-etc/ts.conf file
Creating empty /run/firejail/mnt/dns-etc/.pwd.lock file
Creating empty /run/firejail/mnt/dns-etc/kismet directory
Creating empty /run/firejail/mnt/dns-etc/ld.so.preload file
Creating empty /run/firejail/mnt/dns-etc/brltty.conf file
Creating empty /run/firejail/mnt/dns-etc/avahi directory
Creating empty /run/firejail/mnt/dns-etc/cron.daily directory
Creating empty /run/firejail/mnt/dns-etc/keyutils directory
Creating empty /run/firejail/mnt/dns-etc/hostapd directory
Creating empty /run/firejail/mnt/dns-etc/cvechecker.conf file
Creating empty /run/firejail/mnt/dns-etc/refind.d directory
Creating empty /run/firejail/mnt/dns-etc/machine-id file
Creating empty /run/firejail/mnt/dns-etc/wgetrc file
Creating empty /run/firejail/mnt/dns-etc/rhashrc file
Creating empty /run/firejail/mnt/dns-etc/sddm.conf file
Creating empty /run/firejail/mnt/dns-etc/dnsmasq.conf.backup file
Creating empty /run/firejail/mnt/dns-etc/malmon directory
Creating empty /run/firejail/mnt/dns-etc/bash.bashrc file
Creating empty /run/firejail/mnt/dns-etc/cpufreq-bench.conf file
Creating empty /run/firejail/mnt/dns-etc/wireguard directory
Creating empty /run/firejail/mnt/dns-etc/haka directory
Creating empty /run/firejail/mnt/dns-etc/resolv.conf.pacnew file
Creating empty /run/firejail/mnt/dns-etc/security directory
Creating empty /run/firejail/mnt/dns-etc/bluedivingNG.conf file
Creating empty /run/firejail/mnt/dns-etc/sysctl.d directory
Creating empty /run/firejail/mnt/dns-etc/mime.types file
Creating empty /run/firejail/mnt/dns-etc/tcpxtract.conf file
Creating empty /run/firejail/mnt/dns-etc/tmpfiles.d directory
Creating empty /run/firejail/mnt/dns-etc/lynis directory
Creating empty /run/firejail/mnt/dns-etc/papersize file
Creating empty /run/firejail/mnt/dns-etc/my.cnf.d directory
Creating empty /run/firejail/mnt/dns-etc/X11 directory
Creating empty /run/firejail/mnt/dns-etc/hosts file
Creating empty /run/firejail/mnt/dns-etc/lynx.lss file
Creating empty /run/firejail/mnt/dns-etc/mpv directory
Creating empty /run/firejail/mnt/dns-etc/libblockdev directory
Creating empty /run/firejail/mnt/dns-etc/logrotate.d directory
Creating empty /run/firejail/mnt/dns-etc/java-7-openjdk directory
Creating empty /run/firejail/mnt/dns-etc/slsh.rc file
Creating empty /run/firejail/mnt/dns-etc/ksysguarddrc file
Creating empty /run/firejail/mnt/dns-etc/libao.conf file
Creating empty /run/firejail/mnt/dns-etc/resolvconf.conf file
Creating empty /run/firejail/mnt/dns-etc/sagan.yaml file
Creating empty /run/firejail/mnt/dns-etc/sddm.conf.pacnew file
Creating empty /run/firejail/mnt/dns-etc/nikto.conf file
Creating empty /run/firejail/mnt/dns-etc/libaudit.conf file
Creating empty /run/firejail/mnt/dns-etc/create_ap.conf file
Creating empty /run/firejail/mnt/dns-etc/wirouterkeyrec directory
Creating empty /run/firejail/mnt/dns-etc/ImageMagick-7 directory
Creating empty /run/firejail/mnt/dns-etc/gssproxy directory
Creating empty /run/firejail/mnt/dns-etc/brlapi.key file
Creating empty /run/firejail/mnt/dns-etc/rc.d directory
Creating empty /run/firejail/mnt/dns-etc/dhcpd.conf file
Creating empty /run/firejail/mnt/dns-etc/modules-load.d directory
Creating empty /run/firejail/mnt/dns-etc/nfsmount.conf file
Creating empty /run/firejail/mnt/dns-etc/dhcpcd.conf file
Creating empty /run/firejail/mnt/dns-etc/nginx directory
Creating empty /run/firejail/mnt/dns-etc/sudoers.d directory
Creating empty /run/firejail/mnt/dns-etc/group- file
Creating empty /run/firejail/mnt/dns-etc/clamav directory
Creating empty /run/firejail/mnt/dns-etc/PackageKit directory
Creating empty /run/firejail/mnt/dns-etc/qemu directory
Creating empty /run/firejail/mnt/dns-etc/foremost.conf file
Creating empty /run/firejail/mnt/dns-etc/httpd directory
Creating empty /run/firejail/mnt/dns-etc/debuginfod directory
Creating empty /run/firejail/mnt/dns-etc/asound.conf.workingwithpulse file
Creating empty /run/firejail/mnt/dns-etc/profile.d directory
Creating empty /run/firejail/mnt/dns-etc/udisks2 directory
Creating empty /run/firejail/mnt/dns-etc/strongswan.d directory
Creating empty /run/firejail/mnt/dns-etc/fstab.pacnew file
Creating empty /run/firejail/mnt/dns-etc/OpenCL directory
Creating empty /run/firejail/mnt/dns-etc/yaf.conf file
Creating empty /run/firejail/mnt/dns-etc/gimp directory
Creating empty /run/firejail/mnt/dns-etc/multitun.conf file
Creating empty /run/firejail/mnt/dns-etc/sudo_logsrvd.conf file
Creating empty /run/firejail/mnt/dns-etc/systemd directory
Creating empty /run/firejail/mnt/dns-etc/rabbitmq directory
Creating empty /run/firejail/mnt/dns-etc/ipv6toolkit directory
Creating empty /run/firejail/mnt/dns-etc/john directory
Creating empty /run/firejail/mnt/dns-etc/arch-release file
Creating empty /run/firejail/mnt/dns-etc/elasticsearch directory
Creating empty /run/firejail/mnt/dns-etc/lvm directory
Creating empty /run/firejail/mnt/dns-etc/firejail directory
Creating empty /run/firejail/mnt/dns-etc/rkhunter.conf file
Creating empty /run/firejail/mnt/dns-etc/pacman.conf file
Creating empty /run/firejail/mnt/dns-etc/apparmor.d directory
Creating empty /run/firejail/mnt/dns-etc/couchdb directory
Creating empty /run/firejail/mnt/dns-etc/raddb directory
Creating empty /run/firejail/mnt/dns-etc/gtk-3.0 directory
Creating empty /run/firejail/mnt/dns-etc/vdpau_wrapper.cfg file
Creating empty /run/firejail/mnt/dns-etc/ndctl.conf.d directory
Creating empty /run/firejail/mnt/dns-etc/mkinitcpio.conf file
Creating empty /run/firejail/mnt/dns-etc/sudoers.pacnew file
Creating empty /run/firejail/mnt/dns-etc/pcmcia directory
Creating empty /run/firejail/mnt/dns-etc/sensors3.conf file
Creating empty /run/firejail/mnt/dns-etc/chromium directory
Creating empty /run/firejail/mnt/dns-etc/mailcap file
Creating empty /run/firejail/mnt/dns-etc/poison directory
Creating empty /run/firejail/mnt/dns-etc/pinentry directory
Creating empty /run/firejail/mnt/dns-etc/freeipmi directory
Creating empty /run/firejail/mnt/dns-etc/libpaper.d directory
Creating empty /run/firejail/mnt/dns-etc/ettercap directory
Creating empty /run/firejail/mnt/dns-etc/request-key.conf file
Creating empty /run/firejail/mnt/dns-etc/ca-certificates directory
Creating empty /run/firejail/mnt/dns-etc/wpa_supplicant directory
Creating empty /run/firejail/mnt/dns-etc/ld.so.conf file
Creating empty /run/firejail/mnt/dns-etc/ModemManager directory
Creating empty /run/firejail/mnt/dns-etc/cron.d directory
Creating empty /run/firejail/mnt/dns-etc/xml directory
Creating empty /run/firejail/mnt/dns-etc/malheur.cfg file
Creating empty /run/firejail/mnt/dns-etc/vde2 directory
Creating empty /run/firejail/mnt/dns-etc/yafDPIRules.conf file
Creating empty /run/firejail/mnt/dns-etc/audit directory
Creating empty /run/firejail/mnt/dns-etc/grokevt directory
Creating empty /run/firejail/mnt/dns-etc/nipper.conf file
Creating empty /run/firejail/mnt/dns-etc/locale.conf file
Creating empty /run/firejail/mnt/dns-etc/btoui file
Creating empty /run/firejail/mnt/dns-etc/samba directory
Creating empty /run/firejail/mnt/dns-etc/gdb directory
Creating empty /run/firejail/mnt/dns-etc/idmapd.conf file
Creating empty /run/firejail/mnt/dns-etc/sddm.conf.pacsave file
Creating empty /run/firejail/mnt/dns-etc/apparmor directory
Creating empty /run/firejail/mnt/dns-etc/gshadow file
Creating empty /run/firejail/mnt/dns-etc/fwupd directory
Creating empty /run/firejail/mnt/dns-etc/Nextcloud directory
Creating empty /run/firejail/mnt/dns-etc/pacman.d directory
Creating empty /run/firejail/mnt/dns-etc/p0f directory
Creating empty /run/firejail/mnt/dns-etc/init.d directory
Creating empty /run/firejail/mnt/dns-etc/xattr.conf file
Creating empty /run/firejail/mnt/dns-etc/nanorc file
Creating empty /run/firejail/mnt/dns-etc/passwd file
Creating empty /run/firejail/mnt/dns-etc/multipath directory
Creating empty /run/firejail/mnt/dns-etc/gvm directory
Creating empty /run/firejail/mnt/dns-etc/cron.hourly directory
Creating empty /run/firejail/mnt/dns-etc/shells.pacnew file
Creating empty /run/firejail/mnt/dns-etc/voipong directory
Creating empty /run/firejail/mnt/dns-etc/exabgp.conf file
Creating empty /run/firejail/mnt/dns-etc/lirc directory
Creating empty /run/firejail/mnt/dns-etc/ipsec.d directory
Creating empty /run/firejail/mnt/dns-etc/vimrc file
Creating empty /run/firejail/mnt/dns-etc/exports file
Creating empty /run/firejail/mnt/dns-etc/exports.d directory
Creating empty /run/firejail/mnt/dns-etc/pulse directory
Creating empty /run/firejail/mnt/dns-etc/strongswan.conf file
Creating empty /run/firejail/mnt/dns-etc/inputrc file
Creating empty /run/firejail/mnt/dns-etc/iptables directory
Creating empty /run/firejail/mnt/dns-etc/group.pacnew file
Creating empty /run/firejail/mnt/dns-etc/libreoffice directory
Creating empty /run/firejail/mnt/dns-etc/gai.conf file
Creating empty /run/firejail/mnt/dns-etc/dconf directory
Creating empty /run/firejail/mnt/dns-etc/ifplugd directory
Creating empty /run/firejail/mnt/dns-etc/ppp directory
Creating empty /run/firejail/mnt/dns-etc/xdg directory
Creating empty /run/firejail/mnt/dns-etc/odbc.ini file
Creating empty /run/firejail/mnt/dns-etc/portspoof directory
Creating empty /run/firejail/mnt/dns-etc/mke2fs.conf file
Creating empty /run/firejail/mnt/dns-etc/pkcs11 directory
Creating empty /run/firejail/mnt/dns-etc/smartd.conf file
Creating empty /run/firejail/mnt/dns-etc/protocols file
Creating empty /run/firejail/mnt/dns-etc/request-key.d directory
Creating empty /run/firejail/mnt/dns-etc/binfmt.d directory
Creating empty /run/firejail/mnt/dns-etc/openvpn directory
Creating empty /run/firejail/mnt/dns-etc/ipsec.secrets file
Creating empty /run/firejail/mnt/dns-etc/pki directory
Creating empty /run/firejail/mnt/dns-etc/resolv.conf.bak file
Creating empty /run/firejail/mnt/dns-etc/x3270 directory
Creating empty /run/firejail/mnt/dns-etc/java11-openjdk directory
Creating empty /run/firejail/mnt/dns-etc/suricata directory
Creating empty /run/firejail/mnt/dns-etc/depmod.d directory
Creating empty /run/firejail/mnt/dns-etc/bash.bash_logout file
Creating empty /run/firejail/mnt/dns-etc/zsh directory
Creating empty /run/firejail/mnt/dns-etc/stunnel directory
Creating empty /run/firejail/mnt/dns-etc/bluetooth directory
Creating empty /run/firejail/mnt/dns-etc/shadow- file
Creating empty /run/firejail/mnt/dns-etc/java-8-openjdk directory
Creating empty /run/firejail/mnt/dns-etc/fonts directory
Creating empty /run/firejail/mnt/dns-etc/fakechroot directory
Creating empty /run/firejail/mnt/dns-etc/proxydriver.d directory
Creating empty /run/firejail/mnt/dns-etc/scalpel directory
Creating empty /run/firejail/mnt/dns-etc/hcraft.modes file
Creating empty /run/firejail/mnt/dns-etc/yafApplabelRules.conf file
Creating empty /run/firejail/mnt/dns-etc/trusted-key.key file
Creating empty /run/firejail/mnt/dns-etc/gshadow.pacnew file
Creating empty /run/firejail/mnt/dns-etc/shells file
Creating empty /run/firejail/mnt/dns-etc/sshuttle directory
Creating empty /run/firejail/mnt/dns-etc/prads directory
Creating empty /run/firejail/mnt/dns-etc/issue file
Creating empty /run/firejail/mnt/dns-etc/searchsploit_rc file
Creating empty /run/firejail/mnt/dns-etc/wifi-honey directory
Creating empty /run/firejail/mnt/dns-etc/anacrontab file
Creating empty /run/firejail/mnt/dns-etc/syncplay directory
Creating empty /run/firejail/mnt/dns-etc/nfc directory
Creating empty /run/firejail/mnt/dns-etc/urls.txt file
Creating empty /run/firejail/mnt/dns-etc/shadow file
Creating empty /run/firejail/mnt/dns-etc/mongodb.conf file
Mount-bind /run/firejail/mnt/dns-etc on top of /etc
Current directory: /home/user
DISPLAY=:0 parsed as 0
Mounting read-only /run/firejail/mnt/seccomp
1325 560 0:88 /seccomp /run/firejail/mnt/seccomp ro,nosuid - tmpfs tmpfs rw,mode=755,inode64
mountid=1325 fsname=/seccomp dir=/run/firejail/mnt/seccomp fstype=tmpfs
Seccomp directory:
ls /run/firejail/mnt/seccomp
drwxr-xr-x root root             120 .
drwxr-xr-x root root             180 ..
-rw-r--r-- user user             568 seccomp
-rw-r--r-- user user             432 seccomp.32
-rw-r--r-- user user             0 seccomp.postexec
-rw-r--r-- user user             0 seccomp.postexec32
No active seccomp files
Drop privileges: pid 1, uid 1000, gid 1000, force_nogroups 0
Closing non-standard file descriptors
Starting application
LD_PRELOAD=(null)
Running 'echo' '2'  command through /bin/bash
execvp argument 0: /bin/bash
execvp argument 1: -c
execvp argument 2: 'echo' '2' 
Child process initialized in 1124.36 ms
2
monitoring pid 6

Sandbox monitor: waitpid 6 retval 6 status 0

Parent is shutting down, bye...
$

Edit: Attempting to use any netfilter options also results in an error: Error: invalid network filter file *filename*

I've tried the default template configs as well as one that I made myself, none seem to work. Debug doesn't add any additional information or context.
@rusty-snake rusty-snake added the bug Something isn't working label Aug 14, 2022
netblue30 added a commit that referenced this issue Sep 26, 2022
@netblue30
fix --netlock (#5312)
8040833
@netblue30 netblue30 added in testing A bugfix that is being tested and removed bug Something isn't working labels Sep 26, 2022
@netblue30
Copy link
Owner

Thanks for the bug, something went wrong in the last release. Fixed on mainline!

@kmk3 kmk3 changed the title --netlock does not work / is not being used as an argument --netlock does not work (Error: no valid sandbox) Dec 23, 2022
@kmk3
Copy link
Collaborator

kmk3 commented Jan 11, 2023

@netblue30 on Sep 26:

Fixed on mainline!

In that case, can this be closed?

I cannot reproduce the error with the following command:

firejail --net=eth0 --netlock --noprofile /bin/sh -c 'sleep 70'

@netblue30
Copy link
Owner

closing!

@kmk3 kmk3 added bug Something isn't working and removed in testing A bugfix that is being tested labels Jan 12, 2023
kmk3 added a commit that referenced this issue Jan 12, 2023
@kmk3
RELNOTES: add --netlock bugfix
09e1192 
Relates to #5312.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
Release 0.9.72
Status: Done (on RELNOTES)
Milestone
No milestone
Development

No branches or pull requests
4 participants
@netblue30 @kmk3 @rusty-snake @distinctjuggle