Description

There are hidden blacklists like /sys/module and /sys/fs.

It took a while to figure out that zfs required access to /sys/module which firejail quietly blacklisted.

Man pages should mention that --debug-blacklist can reveal those hidden blacklists.