File:Firejail seccomp example.png

Summary
Screenshot of an xterm running in a xephyr window (started using firejail from the command line in parent desktop), in which "chroot / /bin/bash" is attempted, to illustrate firejail's seccomp-bpf syscall filter (shows message written to audit log, and that the chroot process itself dumps core, with a "Bad system call" message). Uploaded for use in a forthcoming mini-guide on X11 sandboxing (an addendum to Sakaki's EFI Install Guide).