github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #1818] private-lib doesn't work with Palemoon & Firefox #1238

New issue
Closed
opened 2026-05-05 07:42:33 -06:00 by gitea-mirror · 4 comments
gitea-mirror commented 2026-05-05 07:42:33 -06:00
Owner
Copy link

Originally created by @Fincer on GitHub (Mar 16, 2018).
Original GitHub issue: https://github.com/netblue30/firejail/issues/1818

firejail palemoon

with private-lib profile option gives the following output, rendering the program unusable (it doesn't start):

Warning fldd: cannot find libmozalloc.so, skipping...
Warning fldd: cannot find libxul.so, skipping...
Warning fldd: cannot find libicui18n.so.58, skipping...
Warning fldd: cannot find libicuuc.so.58, skipping...
Warning fldd: cannot find libicudata.so.58, skipping...

Palemoon has these libraries in folder /usr/lib/palemoon/ which seems not to be copied to corresponding /run/firejail/mnt/lib/palemoon/ directory as far as I can see from the debug log.

I currently use a bit outdated version of Palemoon, version 27.8.1-1 (Arch Linux).

Full debug output:

firejail --debug palemoon                
Autoselecting /bin/bash as shell
Building quoted command line: 'palemoon' 
Command name #palemoon#
Found palemoon profile in /etc/firejail directory
Reading profile /etc/firejail/palemoon.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
DISPLAY=:0 parsed as 0
Using the local network stack
Parent pid 10412, child pid 10413
Host network configured
Initializing child process
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp.postexec file
Build protocol filter: unix,inet,inet6,netlink
sbox run: /usr/lib/firejail/fseccomp protocol build unix,inet,inet6,netlink /run/firejail/mnt/seccomp.protocol (null) 
sbox file descriptors:
total 0
lrwx------ 1 fincer fincer 64 Mar 16 17:57 0 -> /dev/null
lrwx------ 1 fincer fincer 64 Mar 16 17:57 1 -> /dev/pts/8
lrwx------ 1 fincer fincer 64 Mar 16 17:57 2 -> /dev/pts/8
lr-x------ 1 fincer fincer 64 Mar 16 17:57 3 -> /proc/10416/fd
Dropping all capabilities
Username fincer, no supplementary groups
Mounting read-only /bin, /sbin, /lib, /lib32, /lib64, /usr, /etc, /var
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/x11
Mounting tmpfs on /dev
mounting /run/firejail/mnt/dev/snd directory
mounting /run/firejail/mnt/dev/dri directory
Create /dev/shm directory
Copying files in the new /etc directory:
copying /etc/passwd to private /etc
sbox run: /usr/lib/firejail/fcopy /etc/passwd /run/firejail/mnt/etc (null) 
sbox file descriptors:
total 0
lrwx------ 1 fincer fincer 64 Mar 16 17:57 0 -> /dev/null
lrwx------ 1 fincer fincer 64 Mar 16 17:57 1 -> /dev/pts/8
lrwx------ 1 fincer fincer 64 Mar 16 17:57 2 -> /dev/pts/8
lr-x------ 1 fincer fincer 64 Mar 16 17:57 3 -> /proc/10418/fd
copying /etc/group to private /etc
sbox run: /usr/lib/firejail/fcopy /etc/group /run/firejail/mnt/etc (null) 
sbox file descriptors:
total 0
lrwx------ 1 fincer fincer 64 Mar 16 17:57 0 -> /dev/null
lrwx------ 1 fincer fincer 64 Mar 16 17:57 1 -> /dev/pts/8
lrwx------ 1 fincer fincer 64 Mar 16 17:57 2 -> /dev/pts/8
lr-x------ 1 fincer fincer 64 Mar 16 17:57 3 -> /proc/10420/fd
copying /etc/hostname to private /etc
sbox run: /usr/lib/firejail/fcopy /etc/hostname /run/firejail/mnt/etc (null) 
sbox file descriptors:
total 0
lrwx------ 1 fincer fincer 64 Mar 16 17:57 0 -> /dev/null
lrwx------ 1 fincer fincer 64 Mar 16 17:57 1 -> /dev/pts/8
lrwx------ 1 fincer fincer 64 Mar 16 17:57 2 -> /dev/pts/8
lr-x------ 1 fincer fincer 64 Mar 16 17:57 3 -> /proc/10422/fd
copying /etc/hosts to private /etc
sbox run: /usr/lib/firejail/fcopy /etc/hosts /run/firejail/mnt/etc (null) 
sbox file descriptors:
total 0
lrwx------ 1 fincer fincer 64 Mar 16 17:57 0 -> /dev/null
lrwx------ 1 fincer fincer 64 Mar 16 17:57 1 -> /dev/pts/8
lrwx------ 1 fincer fincer 64 Mar 16 17:57 2 -> /dev/pts/8
lr-x------ 1 fincer fincer 64 Mar 16 17:57 3 -> /proc/10424/fd
copying /etc/localtime to private /etc
sbox run: /usr/lib/firejail/fcopy /etc/localtime /run/firejail/mnt/etc (null) 
sbox file descriptors:
total 0
lrwx------ 1 fincer fincer 64 Mar 16 17:57 0 -> /dev/null
lrwx------ 1 fincer fincer 64 Mar 16 17:57 1 -> /dev/pts/8
lrwx------ 1 fincer fincer 64 Mar 16 17:57 2 -> /dev/pts/8
lr-x------ 1 fincer fincer 64 Mar 16 17:57 3 -> /proc/10426/fd
copying /etc/nsswitch.conf to private /etc
sbox run: /usr/lib/firejail/fcopy /etc/nsswitch.conf /run/firejail/mnt/etc (null) 
sbox file descriptors:
total 0
lrwx------ 1 fincer fincer 64 Mar 16 17:57 0 -> /dev/null
lrwx------ 1 fincer fincer 64 Mar 16 17:57 1 -> /dev/pts/8
lrwx------ 1 fincer fincer 64 Mar 16 17:57 2 -> /dev/pts/8
lr-x------ 1 fincer fincer 64 Mar 16 17:57 3 -> /proc/10428/fd
copying /etc/resolv.conf to private /etc
sbox run: /usr/lib/firejail/fcopy /etc/resolv.conf /run/firejail/mnt/etc (null) 
sbox file descriptors:
total 0
lrwx------ 1 fincer fincer 64 Mar 16 17:57 0 -> /dev/null
lrwx------ 1 fincer fincer 64 Mar 16 17:57 1 -> /dev/pts/8
lrwx------ 1 fincer fincer 64 Mar 16 17:57 2 -> /dev/pts/8
lr-x------ 1 fincer fincer 64 Mar 16 17:57 3 -> /proc/10430/fd
copying /etc/gtk-2.0 to private /etc
Creating empty /run/firejail/mnt/etc/gtk-2.0 directory
sbox run: /usr/lib/firejail/fcopy /etc/gtk-2.0 /run/firejail/mnt/etc/gtk-2.0 (null) 
sbox file descriptors:
total 0
lrwx------ 1 fincer fincer 64 Mar 16 17:57 0 -> /dev/null
lrwx------ 1 fincer fincer 64 Mar 16 17:57 1 -> /dev/pts/8
lrwx------ 1 fincer fincer 64 Mar 16 17:57 2 -> /dev/pts/8
lr-x------ 1 fincer fincer 64 Mar 16 17:57 3 -> /proc/10432/fd
copying /etc/pango to private /etc
Creating empty /run/firejail/mnt/etc/pango directory
sbox run: /usr/lib/firejail/fcopy /etc/pango /run/firejail/mnt/etc/pango (null) 
sbox file descriptors:
total 0
lrwx------ 1 fincer fincer 64 Mar 16 17:57 0 -> /dev/null
lrwx------ 1 fincer fincer 64 Mar 16 17:57 1 -> /dev/pts/8
lrwx------ 1 fincer fincer 64 Mar 16 17:57 2 -> /dev/pts/8
lr-x------ 1 fincer fincer 64 Mar 16 17:57 3 -> /proc/10434/fd
copying /etc/fonts to private /etc
Creating empty /run/firejail/mnt/etc/fonts directory
sbox run: /usr/lib/firejail/fcopy /etc/fonts /run/firejail/mnt/etc/fonts (null) 
sbox file descriptors:
total 0
lrwx------ 1 fincer fincer 64 Mar 16 17:57 0 -> /dev/null
lrwx------ 1 fincer fincer 64 Mar 16 17:57 1 -> /dev/pts/8
lrwx------ 1 fincer fincer 64 Mar 16 17:57 2 -> /dev/pts/8
lr-x------ 1 fincer fincer 64 Mar 16 17:57 3 -> /proc/10436/fd
Warning: file /etc/iceweasel not found.
Warning: skipping iceweasel for private /etc
Warning: file /etc/firefox not found.
Warning: skipping firefox for private /etc
Warning: file /etc/adobe not found.
Warning: skipping adobe for private /etc
copying /etc/mime.types to private /etc
sbox run: /usr/lib/firejail/fcopy /etc/mime.types /run/firejail/mnt/etc (null) 
sbox file descriptors:
total 0
lrwx------ 1 fincer fincer 64 Mar 16 17:57 0 -> /dev/null
lrwx------ 1 fincer fincer 64 Mar 16 17:57 1 -> /dev/pts/8
lrwx------ 1 fincer fincer 64 Mar 16 17:57 2 -> /dev/pts/8
lr-x------ 1 fincer fincer 64 Mar 16 17:57 3 -> /proc/10438/fd
Warning: file /etc/mailcap not found.
Warning: skipping mailcap for private /etc
copying /etc/asound.conf to private /etc
sbox run: /usr/lib/firejail/fcopy /etc/asound.conf /run/firejail/mnt/etc (null) 
sbox file descriptors:
total 0
lrwx------ 1 fincer fincer 64 Mar 16 17:57 0 -> /dev/null
lrwx------ 1 fincer fincer 64 Mar 16 17:57 1 -> /dev/pts/8
lrwx------ 1 fincer fincer 64 Mar 16 17:57 2 -> /dev/pts/8
lr-x------ 1 fincer fincer 64 Mar 16 17:57 3 -> /proc/10440/fd
copying /etc/pulse to private /etc
Creating empty /run/firejail/mnt/etc/pulse directory
sbox run: /usr/lib/firejail/fcopy /etc/pulse /run/firejail/mnt/etc/pulse (null) 
sbox file descriptors:
total 0
lrwx------ 1 fincer fincer 64 Mar 16 17:57 0 -> /dev/null
lrwx------ 1 fincer fincer 64 Mar 16 17:57 1 -> /dev/pts/8
lrwx------ 1 fincer fincer 64 Mar 16 17:57 2 -> /dev/pts/8
lr-x------ 1 fincer fincer 64 Mar 16 17:57 3 -> /proc/10442/fd
Mount-bind /run/firejail/mnt/etc on top of /etc
Private /etc installed in 116.13 ms
Creating an empty /etc/ld.so.preload file
Copying files in the new bin directory
Checking /usr/local/bin/palemoon
Checking /usr/bin/palemoon
file /usr/lib/palemoon/palemoon not found
sbox run: /usr/lib/firejail/fcopy /usr/bin/palemoon /run/firejail/mnt/bin (null) 
sbox file descriptors:
total 0
lrwx------ 1 fincer fincer 64 Mar 16 17:57 0 -> /dev/null
lrwx------ 1 fincer fincer 64 Mar 16 17:57 1 -> /dev/pts/8
lrwx------ 1 fincer fincer 64 Mar 16 17:57 2 -> /dev/pts/8
lr-x------ 1 fincer fincer 64 Mar 16 17:57 3 -> /proc/10444/fd
Mount-bind /run/firejail/mnt/bin on top of /usr/local/bin
Mount-bind /run/firejail/mnt/bin on top of /usr/bin
Mount-bind /run/firejail/mnt/bin on top of /bin
Mount-bind /run/firejail/mnt/bin on top of /usr/local/games
Mount-bind /run/firejail/mnt/bin on top of /usr/local/sbin
Mount-bind /run/firejail/mnt/bin on top of /usr/sbin
Mount-bind /run/firejail/mnt/bin on top of /sbin
Starting private-lib processing: program palemoon, shell none
copying /lib64/libnsl.so.1 to private /run/firejail/mnt/lib
sbox run: /usr/lib/firejail/fcopy --follow-link /lib64/libnsl.so.1 /run/firejail/mnt/lib (null) 
sbox file descriptors:
copying /lib64/libc.so.6 to private /run/firejail/mnt/lib
sbox run: /usr/lib/firejail/fcopy --follow-link /lib64/libc.so.6 /run/firejail/mnt/lib (null) 
sbox file descriptors:
copying /lib64/libnss_nis.so.2 to private /run/firejail/mnt/lib
sbox run: /usr/lib/firejail/fcopy --follow-link /lib64/libnss_nis.so.2 /run/firejail/mnt/lib (null) 
sbox file descriptors:
copying /lib64/ld-linux-x86-64.so.2 to private /run/firejail/mnt/lib
sbox run: /usr/lib/firejail/fcopy --follow-link /lib64/ld-linux-x86-64.so.2 /run/firejail/mnt/lib (null) 
sbox file descriptors:
copying /lib64/libmemusage.so to private /run/firejail/mnt/lib
sbox run: /usr/lib/firejail/fcopy --follow-link /lib64/libmemusage.so /run/firejail/mnt/lib (null) 
sbox file descriptors:
copying /lib64/libnss_compat.so.2 to private /run/firejail/mnt/lib
sbox run: /usr/lib/firejail/fcopy --follow-link /lib64/libnss_compat.so.2 /run/firejail/mnt/lib (null) 
sbox file descriptors:
copying /lib64/libnss_files.so.2 to private /run/firejail/mnt/lib
sbox run: /usr/lib/firejail/fcopy --follow-link /lib64/libnss_files.so.2 /run/firejail/mnt/lib (null) 
sbox file descriptors:
copying /lib64/libdl.so.2 to private /run/firejail/mnt/lib
sbox run: /usr/lib/firejail/fcopy --follow-link /lib64/libdl.so.2 /run/firejail/mnt/lib (null) 
sbox file descriptors:
copying /lib64/libnss_hesiod.so.2 to private /run/firejail/mnt/lib
sbox run: /usr/lib/firejail/fcopy --follow-link /lib64/libnss_hesiod.so.2 /run/firejail/mnt/lib (null) 
sbox file descriptors:
copying /lib64/libmvec.so.1 to private /run/firejail/mnt/lib
sbox run: /usr/lib/firejail/fcopy --follow-link /lib64/libmvec.so.1 /run/firejail/mnt/lib (null) 
sbox file descriptors:
copying /lib64/libresolv.so.2 to private /run/firejail/mnt/lib
sbox run: /usr/lib/firejail/fcopy --follow-link /lib64/libresolv.so.2 /run/firejail/mnt/lib (null) 
sbox file descriptors:
copying /lib64/libcrypt.so.1 to private /run/firejail/mnt/lib
sbox run: /usr/lib/firejail/fcopy --follow-link /lib64/libcrypt.so.1 /run/firejail/mnt/lib (null) 
sbox file descriptors:
copying /lib64/libm.so.6 to private /run/firejail/mnt/lib
sbox run: /usr/lib/firejail/fcopy --follow-link /lib64/libm.so.6 /run/firejail/mnt/lib (null) 
sbox file descriptors:
copying /lib64/libcidn.so.1 to private /run/firejail/mnt/lib
sbox run: /usr/lib/firejail/fcopy --follow-link /lib64/libcidn.so.1 /run/firejail/mnt/lib (null) 
sbox file descriptors:
copying /lib64/libnss_nisplus.so.2 to private /run/firejail/mnt/lib
sbox run: /usr/lib/firejail/fcopy --follow-link /lib64/libnss_nisplus.so.2 /run/firejail/mnt/lib (null) 
sbox file descriptors:
copying /lib64/libanl.so.1 to private /run/firejail/mnt/lib
sbox run: /usr/lib/firejail/fcopy --follow-link /lib64/libanl.so.1 /run/firejail/mnt/lib (null) 
sbox file descriptors:
copying /lib64/libpthread.so.0 to private /run/firejail/mnt/lib
sbox run: /usr/lib/firejail/fcopy --follow-link /lib64/libpthread.so.0 /run/firejail/mnt/lib (null) 
sbox file descriptors:
copying /lib64/libthread_db.so.1 to private /run/firejail/mnt/lib
sbox run: /usr/lib/firejail/fcopy --follow-link /lib64/libthread_db.so.1 /run/firejail/mnt/lib (null) 
sbox file descriptors:
copying /lib64/libutil.so.1 to private /run/firejail/mnt/lib
sbox run: /usr/lib/firejail/fcopy --follow-link /lib64/libutil.so.1 /run/firejail/mnt/lib (null) 
sbox file descriptors:
copying /lib64/librt.so.1 to private /run/firejail/mnt/lib
sbox run: /usr/lib/firejail/fcopy --follow-link /lib64/librt.so.1 /run/firejail/mnt/lib (null) 
sbox file descriptors:
copying /lib64/libnss_dns.so.2 to private /run/firejail/mnt/lib
sbox run: /usr/lib/firejail/fcopy --follow-link /lib64/libnss_dns.so.2 /run/firejail/mnt/lib (null) 
sbox file descriptors:
fslib_copy_dir /usr/lib/locale
Standard C library installed in 81.56 ms
fslib_copy_libs palemoon
cannot find palemoon for private-lib, skipping...
Copying extra files (palemoon) in the new lib directory
fslib_copy_dir /lib/palemoon
fslib_copy_libs /lib/palemoon
Creating empty /run/firejail/mnt/libfiles file
running fldd /lib/palemoon
sbox run: /usr/lib/firejail/fldd /lib/palemoon /run/firejail/mnt/libfiles (null) 
sbox file descriptors:
Dropping all capabilities
Username fincer, no supplementary groups
Warning fldd: cannot find libmozalloc.so, skipping...
Warning fldd: cannot find libxul.so, skipping...
Warning fldd: cannot find libicui18n.so.58, skipping...
Warning fldd: cannot find libicuuc.so.58, skipping...
Warning fldd: cannot find libicudata.so.58, skipping...
Error stat: main.c:286 walk_directory: No such file or directory
Error: failed to run /usr/lib/firejail/fldd
Error: proc 10412 cannot sync with peer: unexpected EOF
Peer 10413 unexpectedly exited with status 1

EDIT: According to @startx2017 , it seems that this issue (or very similar one) affects Firefox, too. Thus, adding Firefox to the title. Feel free to comment this change.

Originally created by @Fincer on GitHub (Mar 16, 2018). Original GitHub issue: https://github.com/netblue30/firejail/issues/1818 ``` firejail palemoon ``` with private-lib profile option gives the following output, rendering the program unusable (it doesn't start): ``` Warning fldd: cannot find libmozalloc.so, skipping... Warning fldd: cannot find libxul.so, skipping... Warning fldd: cannot find libicui18n.so.58, skipping... Warning fldd: cannot find libicuuc.so.58, skipping... Warning fldd: cannot find libicudata.so.58, skipping... ``` Palemoon has these libraries in folder _/usr/lib/palemoon/_ which seems not to be copied to corresponding /run/firejail/mnt/lib/palemoon/ directory as far as I can see from the debug log. I currently use a bit outdated version of Palemoon, version 27.8.1-1 (Arch Linux). Full debug output: ``` firejail --debug palemoon Autoselecting /bin/bash as shell Building quoted command line: 'palemoon' Command name #palemoon# Found palemoon profile in /etc/firejail directory Reading profile /etc/firejail/palemoon.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/whitelist-common.inc DISPLAY=:0 parsed as 0 Using the local network stack Parent pid 10412, child pid 10413 Host network configured Initializing child process PID namespace installed Mounting tmpfs on /run/firejail/mnt directory Creating empty /run/firejail/mnt/seccomp.protocol file Creating empty /run/firejail/mnt/seccomp.postexec file Build protocol filter: unix,inet,inet6,netlink sbox run: /usr/lib/firejail/fseccomp protocol build unix,inet,inet6,netlink /run/firejail/mnt/seccomp.protocol (null) sbox file descriptors: total 0 lrwx------ 1 fincer fincer 64 Mar 16 17:57 0 -> /dev/null lrwx------ 1 fincer fincer 64 Mar 16 17:57 1 -> /dev/pts/8 lrwx------ 1 fincer fincer 64 Mar 16 17:57 2 -> /dev/pts/8 lr-x------ 1 fincer fincer 64 Mar 16 17:57 3 -> /proc/10416/fd Dropping all capabilities Username fincer, no supplementary groups Mounting read-only /bin, /sbin, /lib, /lib32, /lib64, /usr, /etc, /var Mounting tmpfs on /var/lock Mounting tmpfs on /var/tmp Mounting tmpfs on /var/log Create the new utmp file Mount the new utmp file Cleaning /home directory Sanitizing /etc/passwd, UID_MIN 1000 Sanitizing /etc/group, GID_MIN 1000 Disable /run/firejail/network Disable /run/firejail/bandwidth Disable /run/firejail/name Disable /run/firejail/x11 Mounting tmpfs on /dev mounting /run/firejail/mnt/dev/snd directory mounting /run/firejail/mnt/dev/dri directory Create /dev/shm directory Copying files in the new /etc directory: copying /etc/passwd to private /etc sbox run: /usr/lib/firejail/fcopy /etc/passwd /run/firejail/mnt/etc (null) sbox file descriptors: total 0 lrwx------ 1 fincer fincer 64 Mar 16 17:57 0 -> /dev/null lrwx------ 1 fincer fincer 64 Mar 16 17:57 1 -> /dev/pts/8 lrwx------ 1 fincer fincer 64 Mar 16 17:57 2 -> /dev/pts/8 lr-x------ 1 fincer fincer 64 Mar 16 17:57 3 -> /proc/10418/fd copying /etc/group to private /etc sbox run: /usr/lib/firejail/fcopy /etc/group /run/firejail/mnt/etc (null) sbox file descriptors: total 0 lrwx------ 1 fincer fincer 64 Mar 16 17:57 0 -> /dev/null lrwx------ 1 fincer fincer 64 Mar 16 17:57 1 -> /dev/pts/8 lrwx------ 1 fincer fincer 64 Mar 16 17:57 2 -> /dev/pts/8 lr-x------ 1 fincer fincer 64 Mar 16 17:57 3 -> /proc/10420/fd copying /etc/hostname to private /etc sbox run: /usr/lib/firejail/fcopy /etc/hostname /run/firejail/mnt/etc (null) sbox file descriptors: total 0 lrwx------ 1 fincer fincer 64 Mar 16 17:57 0 -> /dev/null lrwx------ 1 fincer fincer 64 Mar 16 17:57 1 -> /dev/pts/8 lrwx------ 1 fincer fincer 64 Mar 16 17:57 2 -> /dev/pts/8 lr-x------ 1 fincer fincer 64 Mar 16 17:57 3 -> /proc/10422/fd copying /etc/hosts to private /etc sbox run: /usr/lib/firejail/fcopy /etc/hosts /run/firejail/mnt/etc (null) sbox file descriptors: total 0 lrwx------ 1 fincer fincer 64 Mar 16 17:57 0 -> /dev/null lrwx------ 1 fincer fincer 64 Mar 16 17:57 1 -> /dev/pts/8 lrwx------ 1 fincer fincer 64 Mar 16 17:57 2 -> /dev/pts/8 lr-x------ 1 fincer fincer 64 Mar 16 17:57 3 -> /proc/10424/fd copying /etc/localtime to private /etc sbox run: /usr/lib/firejail/fcopy /etc/localtime /run/firejail/mnt/etc (null) sbox file descriptors: total 0 lrwx------ 1 fincer fincer 64 Mar 16 17:57 0 -> /dev/null lrwx------ 1 fincer fincer 64 Mar 16 17:57 1 -> /dev/pts/8 lrwx------ 1 fincer fincer 64 Mar 16 17:57 2 -> /dev/pts/8 lr-x------ 1 fincer fincer 64 Mar 16 17:57 3 -> /proc/10426/fd copying /etc/nsswitch.conf to private /etc sbox run: /usr/lib/firejail/fcopy /etc/nsswitch.conf /run/firejail/mnt/etc (null) sbox file descriptors: total 0 lrwx------ 1 fincer fincer 64 Mar 16 17:57 0 -> /dev/null lrwx------ 1 fincer fincer 64 Mar 16 17:57 1 -> /dev/pts/8 lrwx------ 1 fincer fincer 64 Mar 16 17:57 2 -> /dev/pts/8 lr-x------ 1 fincer fincer 64 Mar 16 17:57 3 -> /proc/10428/fd copying /etc/resolv.conf to private /etc sbox run: /usr/lib/firejail/fcopy /etc/resolv.conf /run/firejail/mnt/etc (null) sbox file descriptors: total 0 lrwx------ 1 fincer fincer 64 Mar 16 17:57 0 -> /dev/null lrwx------ 1 fincer fincer 64 Mar 16 17:57 1 -> /dev/pts/8 lrwx------ 1 fincer fincer 64 Mar 16 17:57 2 -> /dev/pts/8 lr-x------ 1 fincer fincer 64 Mar 16 17:57 3 -> /proc/10430/fd copying /etc/gtk-2.0 to private /etc Creating empty /run/firejail/mnt/etc/gtk-2.0 directory sbox run: /usr/lib/firejail/fcopy /etc/gtk-2.0 /run/firejail/mnt/etc/gtk-2.0 (null) sbox file descriptors: total 0 lrwx------ 1 fincer fincer 64 Mar 16 17:57 0 -> /dev/null lrwx------ 1 fincer fincer 64 Mar 16 17:57 1 -> /dev/pts/8 lrwx------ 1 fincer fincer 64 Mar 16 17:57 2 -> /dev/pts/8 lr-x------ 1 fincer fincer 64 Mar 16 17:57 3 -> /proc/10432/fd copying /etc/pango to private /etc Creating empty /run/firejail/mnt/etc/pango directory sbox run: /usr/lib/firejail/fcopy /etc/pango /run/firejail/mnt/etc/pango (null) sbox file descriptors: total 0 lrwx------ 1 fincer fincer 64 Mar 16 17:57 0 -> /dev/null lrwx------ 1 fincer fincer 64 Mar 16 17:57 1 -> /dev/pts/8 lrwx------ 1 fincer fincer 64 Mar 16 17:57 2 -> /dev/pts/8 lr-x------ 1 fincer fincer 64 Mar 16 17:57 3 -> /proc/10434/fd copying /etc/fonts to private /etc Creating empty /run/firejail/mnt/etc/fonts directory sbox run: /usr/lib/firejail/fcopy /etc/fonts /run/firejail/mnt/etc/fonts (null) sbox file descriptors: total 0 lrwx------ 1 fincer fincer 64 Mar 16 17:57 0 -> /dev/null lrwx------ 1 fincer fincer 64 Mar 16 17:57 1 -> /dev/pts/8 lrwx------ 1 fincer fincer 64 Mar 16 17:57 2 -> /dev/pts/8 lr-x------ 1 fincer fincer 64 Mar 16 17:57 3 -> /proc/10436/fd Warning: file /etc/iceweasel not found. Warning: skipping iceweasel for private /etc Warning: file /etc/firefox not found. Warning: skipping firefox for private /etc Warning: file /etc/adobe not found. Warning: skipping adobe for private /etc copying /etc/mime.types to private /etc sbox run: /usr/lib/firejail/fcopy /etc/mime.types /run/firejail/mnt/etc (null) sbox file descriptors: total 0 lrwx------ 1 fincer fincer 64 Mar 16 17:57 0 -> /dev/null lrwx------ 1 fincer fincer 64 Mar 16 17:57 1 -> /dev/pts/8 lrwx------ 1 fincer fincer 64 Mar 16 17:57 2 -> /dev/pts/8 lr-x------ 1 fincer fincer 64 Mar 16 17:57 3 -> /proc/10438/fd Warning: file /etc/mailcap not found. Warning: skipping mailcap for private /etc copying /etc/asound.conf to private /etc sbox run: /usr/lib/firejail/fcopy /etc/asound.conf /run/firejail/mnt/etc (null) sbox file descriptors: total 0 lrwx------ 1 fincer fincer 64 Mar 16 17:57 0 -> /dev/null lrwx------ 1 fincer fincer 64 Mar 16 17:57 1 -> /dev/pts/8 lrwx------ 1 fincer fincer 64 Mar 16 17:57 2 -> /dev/pts/8 lr-x------ 1 fincer fincer 64 Mar 16 17:57 3 -> /proc/10440/fd copying /etc/pulse to private /etc Creating empty /run/firejail/mnt/etc/pulse directory sbox run: /usr/lib/firejail/fcopy /etc/pulse /run/firejail/mnt/etc/pulse (null) sbox file descriptors: total 0 lrwx------ 1 fincer fincer 64 Mar 16 17:57 0 -> /dev/null lrwx------ 1 fincer fincer 64 Mar 16 17:57 1 -> /dev/pts/8 lrwx------ 1 fincer fincer 64 Mar 16 17:57 2 -> /dev/pts/8 lr-x------ 1 fincer fincer 64 Mar 16 17:57 3 -> /proc/10442/fd Mount-bind /run/firejail/mnt/etc on top of /etc Private /etc installed in 116.13 ms Creating an empty /etc/ld.so.preload file Copying files in the new bin directory Checking /usr/local/bin/palemoon Checking /usr/bin/palemoon file /usr/lib/palemoon/palemoon not found sbox run: /usr/lib/firejail/fcopy /usr/bin/palemoon /run/firejail/mnt/bin (null) sbox file descriptors: total 0 lrwx------ 1 fincer fincer 64 Mar 16 17:57 0 -> /dev/null lrwx------ 1 fincer fincer 64 Mar 16 17:57 1 -> /dev/pts/8 lrwx------ 1 fincer fincer 64 Mar 16 17:57 2 -> /dev/pts/8 lr-x------ 1 fincer fincer 64 Mar 16 17:57 3 -> /proc/10444/fd Mount-bind /run/firejail/mnt/bin on top of /usr/local/bin Mount-bind /run/firejail/mnt/bin on top of /usr/bin Mount-bind /run/firejail/mnt/bin on top of /bin Mount-bind /run/firejail/mnt/bin on top of /usr/local/games Mount-bind /run/firejail/mnt/bin on top of /usr/local/sbin Mount-bind /run/firejail/mnt/bin on top of /usr/sbin Mount-bind /run/firejail/mnt/bin on top of /sbin Starting private-lib processing: program palemoon, shell none copying /lib64/libnsl.so.1 to private /run/firejail/mnt/lib sbox run: /usr/lib/firejail/fcopy --follow-link /lib64/libnsl.so.1 /run/firejail/mnt/lib (null) sbox file descriptors: copying /lib64/libc.so.6 to private /run/firejail/mnt/lib sbox run: /usr/lib/firejail/fcopy --follow-link /lib64/libc.so.6 /run/firejail/mnt/lib (null) sbox file descriptors: copying /lib64/libnss_nis.so.2 to private /run/firejail/mnt/lib sbox run: /usr/lib/firejail/fcopy --follow-link /lib64/libnss_nis.so.2 /run/firejail/mnt/lib (null) sbox file descriptors: copying /lib64/ld-linux-x86-64.so.2 to private /run/firejail/mnt/lib sbox run: /usr/lib/firejail/fcopy --follow-link /lib64/ld-linux-x86-64.so.2 /run/firejail/mnt/lib (null) sbox file descriptors: copying /lib64/libmemusage.so to private /run/firejail/mnt/lib sbox run: /usr/lib/firejail/fcopy --follow-link /lib64/libmemusage.so /run/firejail/mnt/lib (null) sbox file descriptors: copying /lib64/libnss_compat.so.2 to private /run/firejail/mnt/lib sbox run: /usr/lib/firejail/fcopy --follow-link /lib64/libnss_compat.so.2 /run/firejail/mnt/lib (null) sbox file descriptors: copying /lib64/libnss_files.so.2 to private /run/firejail/mnt/lib sbox run: /usr/lib/firejail/fcopy --follow-link /lib64/libnss_files.so.2 /run/firejail/mnt/lib (null) sbox file descriptors: copying /lib64/libdl.so.2 to private /run/firejail/mnt/lib sbox run: /usr/lib/firejail/fcopy --follow-link /lib64/libdl.so.2 /run/firejail/mnt/lib (null) sbox file descriptors: copying /lib64/libnss_hesiod.so.2 to private /run/firejail/mnt/lib sbox run: /usr/lib/firejail/fcopy --follow-link /lib64/libnss_hesiod.so.2 /run/firejail/mnt/lib (null) sbox file descriptors: copying /lib64/libmvec.so.1 to private /run/firejail/mnt/lib sbox run: /usr/lib/firejail/fcopy --follow-link /lib64/libmvec.so.1 /run/firejail/mnt/lib (null) sbox file descriptors: copying /lib64/libresolv.so.2 to private /run/firejail/mnt/lib sbox run: /usr/lib/firejail/fcopy --follow-link /lib64/libresolv.so.2 /run/firejail/mnt/lib (null) sbox file descriptors: copying /lib64/libcrypt.so.1 to private /run/firejail/mnt/lib sbox run: /usr/lib/firejail/fcopy --follow-link /lib64/libcrypt.so.1 /run/firejail/mnt/lib (null) sbox file descriptors: copying /lib64/libm.so.6 to private /run/firejail/mnt/lib sbox run: /usr/lib/firejail/fcopy --follow-link /lib64/libm.so.6 /run/firejail/mnt/lib (null) sbox file descriptors: copying /lib64/libcidn.so.1 to private /run/firejail/mnt/lib sbox run: /usr/lib/firejail/fcopy --follow-link /lib64/libcidn.so.1 /run/firejail/mnt/lib (null) sbox file descriptors: copying /lib64/libnss_nisplus.so.2 to private /run/firejail/mnt/lib sbox run: /usr/lib/firejail/fcopy --follow-link /lib64/libnss_nisplus.so.2 /run/firejail/mnt/lib (null) sbox file descriptors: copying /lib64/libanl.so.1 to private /run/firejail/mnt/lib sbox run: /usr/lib/firejail/fcopy --follow-link /lib64/libanl.so.1 /run/firejail/mnt/lib (null) sbox file descriptors: copying /lib64/libpthread.so.0 to private /run/firejail/mnt/lib sbox run: /usr/lib/firejail/fcopy --follow-link /lib64/libpthread.so.0 /run/firejail/mnt/lib (null) sbox file descriptors: copying /lib64/libthread_db.so.1 to private /run/firejail/mnt/lib sbox run: /usr/lib/firejail/fcopy --follow-link /lib64/libthread_db.so.1 /run/firejail/mnt/lib (null) sbox file descriptors: copying /lib64/libutil.so.1 to private /run/firejail/mnt/lib sbox run: /usr/lib/firejail/fcopy --follow-link /lib64/libutil.so.1 /run/firejail/mnt/lib (null) sbox file descriptors: copying /lib64/librt.so.1 to private /run/firejail/mnt/lib sbox run: /usr/lib/firejail/fcopy --follow-link /lib64/librt.so.1 /run/firejail/mnt/lib (null) sbox file descriptors: copying /lib64/libnss_dns.so.2 to private /run/firejail/mnt/lib sbox run: /usr/lib/firejail/fcopy --follow-link /lib64/libnss_dns.so.2 /run/firejail/mnt/lib (null) sbox file descriptors: fslib_copy_dir /usr/lib/locale Standard C library installed in 81.56 ms fslib_copy_libs palemoon cannot find palemoon for private-lib, skipping... Copying extra files (palemoon) in the new lib directory fslib_copy_dir /lib/palemoon fslib_copy_libs /lib/palemoon Creating empty /run/firejail/mnt/libfiles file running fldd /lib/palemoon sbox run: /usr/lib/firejail/fldd /lib/palemoon /run/firejail/mnt/libfiles (null) sbox file descriptors: Dropping all capabilities Username fincer, no supplementary groups Warning fldd: cannot find libmozalloc.so, skipping... Warning fldd: cannot find libxul.so, skipping... Warning fldd: cannot find libicui18n.so.58, skipping... Warning fldd: cannot find libicuuc.so.58, skipping... Warning fldd: cannot find libicudata.so.58, skipping... Error stat: main.c:286 walk_directory: No such file or directory Error: failed to run /usr/lib/firejail/fldd Error: proc 10412 cannot sync with peer: unexpected EOF Peer 10413 unexpectedly exited with status 1 ``` EDIT: According to @startx2017 , it seems that this issue (or very similar one) affects Firefox, too. Thus, adding Firefox to the title. Feel free to comment this change.
gitea-mirror 2026-05-05 07:42:33 -06:00
gitea-mirror commented 2026-05-05 07:42:38 -06:00
Author
Owner
Copy link

@Fincer commented on GitHub (Mar 16, 2018):

Forgot to mention. The firejail version I used was 0.9.52. I compiled the git version and I see the profile settings for Palemoon differ. Anyway, is there a proper way to run palemoon with 'private-lib' enabled? Are the profile settings compatible only with a newer version of Palemoon?

<!-- gh-comment-id:373781601 --> @Fincer commented on GitHub (Mar 16, 2018): Forgot to mention. The firejail version I used was 0.9.52. I compiled the git version and I see the profile settings for Palemoon differ. Anyway, is there a proper way to run palemoon with 'private-lib' enabled? Are the profile settings compatible only with a newer version of Palemoon?
gitea-mirror commented 2026-05-05 07:42:40 -06:00
Author
Owner
Copy link

@startx2017 commented on GitHub (Mar 17, 2018):

I tried something similar on Firefox, it won't work the way the code is today. We need to bring in some new functionality, it will take a one or two releases until we implement it and fix all the bugs.

<!-- gh-comment-id:373938881 --> @startx2017 commented on GitHub (Mar 17, 2018): I tried something similar on Firefox, it won't work the way the code is today. We need to bring in some new functionality, it will take a one or two releases until we implement it and fix all the bugs.
gitea-mirror commented 2026-05-05 07:42:42 -06:00
Author
Owner
Copy link

@Fincer commented on GitHub (Mar 17, 2018):

Thanks for replying! I'd see private-lib quite important thing to work with web browsers. However, take your time to sort this out.

<!-- gh-comment-id:373940962 --> @Fincer commented on GitHub (Mar 17, 2018): Thanks for replying! I'd see private-lib quite important thing to work with web browsers. However, take your time to sort this out.
gitea-mirror commented 2026-05-05 07:42:44 -06:00
Author
Owner
Copy link

@Fincer commented on GitHub (Mar 25, 2018):

May I ask the reason why this issue was closed? Is it fixed or is it WONTFIX?

<!-- gh-comment-id:375987420 --> @Fincer commented on GitHub (Mar 25, 2018): May I ask the reason why this issue was closed? Is it fixed or is it WONTFIX?
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#1238
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?