[GH-ISSUE #2760] Spotify on Fedora fails to open (no sse2 support) #1732

New issue

Closed

opened 2026-05-05 08:24:14 -06:00 by gitea-mirror · 16 comments

gitea-mirror commented 2026-05-05 08:24:14 -06:00

Owner

Copy link

Originally created by @jpeisenbarth on GitHub (Jun 11, 2019).
Original GitHub issue: https://github.com/netblue30/firejail/issues/2760

Hello,

I'm on Fedora 30, and when I run firejail spotify a window opens with the message "Cannot run on this CPU (no sse2 support)"

Versions :

$ firejail --version
firejail version 0.9.57

Compile time support:
	- AppArmor support is disabled
	- AppImage support is enabled
	- chroot support is enabled
	- file and directory whitelisting support is enabled
	- file transfer support is enabled
	- networking support is enabled
	- overlayfs support is enabled
	- private-home support is enabled
	- seccomp-bpf support is enabled
	- user namespace support is enabled
	- X11 sandboxing support is enabled

Spotify from RPMFusion Spotify version 1.1.5.153.gf614956d, Copyright (c) 2019, Spotify Ltd

Execution output :

$ firejail spotify
Reading profile /etc/firejail/spotify.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 26974, child pid 26975
Warning: skipping ca-certificates for private /etc
Private /etc installed in 17.35 ms
Warning: skipping spotify for private /opt
Private /opt installed in 0.03 ms
5 programs installed in 6.04 ms
Warning: cleaning all supplementary groups
Blacklist violations are logged to syslog
Child process initialized in 55.51 ms
/usr/share/Modules/init/bash: line 37: /usr/bin/tclsh: No such file or directory
/usr/local/bin/spotify: line 13: rm: command not found
/usr/local/bin/spotify: line 17: rm: command not found
/usr/local/bin/spotify: line 18: touch: command not found
/usr/local/bin/spotify: line 22: cat: command not found
/usr/local/bin/spotify: line 22: grep: command not found

Parent is shutting down, bye...

and the window with "Cannot run on this CPU (no sse2 support)"

firejail --noprofile spotify runs flawlessly though

Originally created by @jpeisenbarth on GitHub (Jun 11, 2019). Original GitHub issue: https://github.com/netblue30/firejail/issues/2760 Hello, I'm on Fedora 30, and when I run `firejail spotify` a window opens with the message "Cannot run on this CPU (no sse2 support)" Versions : ``` $ firejail --version firejail version 0.9.57 Compile time support: - AppArmor support is disabled - AppImage support is enabled - chroot support is enabled - file and directory whitelisting support is enabled - file transfer support is enabled - networking support is enabled - overlayfs support is enabled - private-home support is enabled - seccomp-bpf support is enabled - user namespace support is enabled - X11 sandboxing support is enabled ``` Spotify from RPMFusion `Spotify version 1.1.5.153.gf614956d, Copyright (c) 2019, Spotify Ltd` Execution output : ``` $ firejail spotify Reading profile /etc/firejail/spotify.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-passwdmgr.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Parent pid 26974, child pid 26975 Warning: skipping ca-certificates for private /etc Private /etc installed in 17.35 ms Warning: skipping spotify for private /opt Private /opt installed in 0.03 ms 5 programs installed in 6.04 ms Warning: cleaning all supplementary groups Blacklist violations are logged to syslog Child process initialized in 55.51 ms /usr/share/Modules/init/bash: line 37: /usr/bin/tclsh: No such file or directory /usr/local/bin/spotify: line 13: rm: command not found /usr/local/bin/spotify: line 17: rm: command not found /usr/local/bin/spotify: line 18: touch: command not found /usr/local/bin/spotify: line 22: cat: command not found /usr/local/bin/spotify: line 22: grep: command not found Parent is shutting down, bye... ``` and the window with "Cannot run on this CPU (no sse2 support)" `firejail --noprofile spotify` runs flawlessly though

gitea-mirror 2026-05-05 08:24:14 -06:00

• closed this issue
• added the
  bug
  label

gitea-mirror commented 2026-05-05 08:24:17 -06:00

Author

Owner

Copy link

@rusty-snake commented on GitHub (Jun 11, 2019):

@jpeisenbarth can you try firejail --ignore=private-bin --ignore=private-etc spotify

<!-- gh-comment-id:500890169 --> @rusty-snake commented on GitHub (Jun 11, 2019): @jpeisenbarth can you try `firejail --ignore=private-bin --ignore=private-etc spotify`

gitea-mirror commented 2026-05-05 08:24:18 -06:00

Author

Owner

Copy link

@jpeisenbarth commented on GitHub (Jun 11, 2019):

@rusty-snake Yup it works ! I guess that if I add the commands (rm, touch, cat, grep) in the profile (private-bin line) it will also work right ?

<!-- gh-comment-id:500908109 --> @jpeisenbarth commented on GitHub (Jun 11, 2019): @rusty-snake Yup it works ! I guess that if I add the commands (rm, touch, cat, grep) in the profile (private-bin line) it will also work right ?

gitea-mirror commented 2026-05-05 08:24:18 -06:00

Author

Owner

Copy link

@rusty-snake commented on GitHub (Jun 11, 2019):

@jpeisenbarth yes, try firejail --private-bin=rm,touch,cat,grep,tclsh --private-etc=alsa,asound.conf,drirc,openal spotify.
If it works try only with --private-bin and onyl with --private-etc.

<!-- gh-comment-id:500925748 --> @rusty-snake commented on GitHub (Jun 11, 2019): @jpeisenbarth yes, try `firejail --private-bin=rm,touch,cat,grep,tclsh --private-etc=alsa,asound.conf,drirc,openal spotify`. If it works try only with `--private-bin` and onyl with `--private-etc`.

gitea-mirror commented 2026-05-05 08:24:19 -06:00

Author

Owner

Copy link

@jpeisenbarth commented on GitHub (Jun 12, 2019):

@rusty-snake
firejail --private-bin=rm,touch,cat,grep,tclsh,find,head,dirname --private-etc=alsa,asound.conf,drirc,openal spotify works (i needed to add find,head,dirname in the private-bin)

With only --private-etc it doesn't work (same "command not found" as my first post)

With only --private-bin=rm,touch,cat,grep,tclsh,find,head,dirname it does work, I don't see any changes between --private-bin and --private-bin --private-etc though

But I noticed that even when it works (either --private-bin or --ignore=private-bin) I have this error rm: cannot remove '/home/jpe/.cache/spotify': Device or resource busy and the images in Spotify do not load (it may be related to the busy resource)

<!-- gh-comment-id:501186095 --> @jpeisenbarth commented on GitHub (Jun 12, 2019): @rusty-snake `firejail --private-bin=rm,touch,cat,grep,tclsh,find,head,dirname --private-etc=alsa,asound.conf,drirc,openal spotify` works (i needed to add find,head,dirname in the private-bin) With only `--private-etc` it doesn't work (same "command not found" as my first post) With only `--private-bin=rm,touch,cat,grep,tclsh,find,head,dirname` it does work, I don't see any changes between `--private-bin` and `--private-bin --private-etc` though But I noticed that even when it works (either `--private-bin` or `--ignore=private-bin`) I have this error `rm: cannot remove '/home/jpe/.cache/spotify': Device or resource busy` and the images in Spotify do not load (it may be related to the busy resource)

gitea-mirror commented 2026-05-05 08:24:20 -06:00

Author

Owner

Copy link

@rusty-snake commented on GitHub (Jun 12, 2019):

But I noticed that even when it works (either --private-bin or --ignore=private-bin) I have this error rm: cannot remove '/home/jpe/.cache/spotify': Device or resource busy and the images in Spotify do not load (it may be related to the busy resource)

Reason: 72494481b2/etc/spotify.profile (L24)
In general:

$ touch something
$ firejail --whitelist=~/something bash
% rm something
rm: cannot remove 'something': Device or resource busy

firejail --private-bin=rm,touch,cat,grep,tclsh,find,head,dirname spotify works

You are welcome to open a PR to add this to private-bin in spotify.profile

<!-- gh-comment-id:501200644 --> @rusty-snake commented on GitHub (Jun 12, 2019): > But I noticed that even when it works (either `--private-bin` or `--ignore=private-bin`) I have this error `rm: cannot remove '/home/jpe/.cache/spotify': Device or resource busy` and the images in Spotify do not load (it may be related to the busy resource) Reason: https://github.com/netblue30/firejail/blob/72494481b2cb958badbb49b118f76a5d795a62fb/etc/spotify.profile#L24 In general: ``` $ touch something $ firejail --whitelist=~/something bash % rm something rm: cannot remove 'something': Device or resource busy ``` > `firejail --private-bin=rm,touch,cat,grep,tclsh,find,head,dirname spotify` works You are welcome to open a PR to add this to private-bin in spotify.profile

gitea-mirror commented 2026-05-05 08:24:21 -06:00

Author

Owner

Copy link

@jpeisenbarth commented on GitHub (Jun 12, 2019):

Yes, I will open a PR :)

I just noticed another bug, the radio doesn't work with this profile.
If I comment the line private-etc in the profile it works, I guess something is missing here also but I don't know how to find it (I already tested by adding alsa,asound.conf,drirc,openal, but the radio is still not working)
The images load well also if I comment the private-etc line.

<!-- gh-comment-id:501234124 --> @jpeisenbarth commented on GitHub (Jun 12, 2019): Yes, I will open a PR :) I just noticed another bug, the radio doesn't work with this profile. If I comment the line `private-etc` in the profile it works, I guess something is missing here also but I don't know how to find it (I already tested by adding `alsa,asound.conf,drirc,openal`, but the radio is still not working) The images load well also if I comment the `private-etc` line.

gitea-mirror commented 2026-05-05 08:24:22 -06:00

Author

Owner

Copy link

@rusty-snake commented on GitHub (Jun 12, 2019):

firejail --trace spotify 2>&1 | grep "/etc"

<!-- gh-comment-id:501237418 --> @rusty-snake commented on GitHub (Jun 12, 2019): `firejail --trace spotify 2>&1 | grep "/etc"`

gitea-mirror commented 2026-05-05 08:24:22 -06:00

Author

Owner

Copy link

@jpeisenbarth commented on GitHub (Jun 12, 2019):

A window opens with You havn't write access to 48:head:exec /usr/local/bin/head:0 47:find:fopen /proc/filesystems:0x55b843402290, problems ahead. and firejail exits

<!-- gh-comment-id:501241155 --> @jpeisenbarth commented on GitHub (Jun 12, 2019): A window opens with `You havn't write access to 48:head:exec /usr/local/bin/head:0 47:find:fopen /proc/filesystems:0x55b843402290, problems ahead.` and firejail exits

gitea-mirror commented 2026-05-05 08:24:23 -06:00

Author

Owner

Copy link

@rusty-snake commented on GitHub (Jun 12, 2019):

No Idea.
You add rm,touch,cat,grep,tclsh,find,head,dirname to spotify.profile?
firejail --trace spotify 2>&1 (without grep)
firejail --trace spotify (without merge stdout and stderr)
firejail --trace /bin/spotify (or where ever you install spotify)

<!-- gh-comment-id:501252392 --> @rusty-snake commented on GitHub (Jun 12, 2019): No Idea. You add `rm,touch,cat,grep,tclsh,find,head,dirname` to spotify.profile? `firejail --trace spotify 2>&1` (without grep) `firejail --trace spotify` (without merge stdout and stderr) `firejail --trace /bin/spotify` (or where ever you install spotify)

gitea-mirror commented 2026-05-05 08:24:24 -06:00

Author

Owner

Copy link

@jpeisenbarth commented on GitHub (Jun 12, 2019):

Yes, firejail spotify works, firejail --trace spotify does not (literally just adding --trace)

The 3 commands you suggest give the same error.

Maybe the execution outpout (stdout + stderr) would be interesting : firejail_spotify.log

Maybe these lines ?

/usr/share/Modules/init/bash: line 95: 37:tclsh:exec: command not found
/usr/share/Modules/init/bash: eval: line 96: syntax error near unexpected token `('
/usr/share/Modules/init/bash: eval: line 96: `37:tclsh:fopen /etc/passwd:(nil)'

<!-- gh-comment-id:501264428 --> @jpeisenbarth commented on GitHub (Jun 12, 2019): Yes, `firejail spotify` works, `firejail --trace spotify` does not (literally just adding `--trace`) The 3 commands you suggest give the same error. Maybe the execution outpout (stdout + stderr) would be interesting : [firejail_spotify.log](https://github.com/netblue30/firejail/files/3281393/firejail_spotify.log) Maybe these lines ? ``` /usr/share/Modules/init/bash: line 95: 37:tclsh:exec: command not found /usr/share/Modules/init/bash: eval: line 96: syntax error near unexpected token `(' /usr/share/Modules/init/bash: eval: line 96: `37:tclsh:fopen /etc/passwd:(nil)' ```

gitea-mirror commented 2026-05-05 08:24:24 -06:00

Author

Owner

Copy link

@rusty-snake commented on GitHub (Jun 12, 2019):

Maybe firejail --noprofile --trace spotify 2>&1 | grep "/etc" works, if not, I don't have any more ideas.

<!-- gh-comment-id:501274109 --> @rusty-snake commented on GitHub (Jun 12, 2019): Maybe `firejail --noprofile --trace spotify 2>&1 | grep "/etc"` works, if not, I don't have any more ideas.

gitea-mirror commented 2026-05-05 08:24:26 -06:00

Author

Owner

Copy link

@jpeisenbarth commented on GitHub (Jun 12, 2019):

Nope, it doesn't work 😕

<!-- gh-comment-id:501277378 --> @jpeisenbarth commented on GitHub (Jun 12, 2019): Nope, it doesn't work :confused:

gitea-mirror commented 2026-05-05 08:24:26 -06:00

Author

Owner

Copy link

@rusty-snake commented on GitHub (Jun 14, 2019):

@jpeisenbarth you can try firejail --build spotify, at the bottom of the output is a private-etc line, after starting with this command you must open the radio.

<!-- gh-comment-id:502025535 --> @rusty-snake commented on GitHub (Jun 14, 2019): @jpeisenbarth you can try `firejail --build spotify`, at the bottom of the output is a private-etc line, after starting with this command you must open the radio.

gitea-mirror commented 2026-05-05 08:24:27 -06:00

Author

Owner

Copy link

@jpeisenbarth commented on GitHub (Jun 14, 2019):

@rusty-snake
This command fails with the same error message in a window (You havn't write access to 30:head:exec /usr/bin/head:0 29:find:fopen /proc/filesystems:0x5616b1343290, problems ahead.)

In the output logs there is indeed a private-etc line (private-etc fonts,xdg,gtk-3.0,selinux,system-fips,terminfo,). I added these elements in the private-etc line in the profile but the radio still doesn't work.
I'm not sure if I understood well what I should do with this line (from the --build command)

<!-- gh-comment-id:502041222 --> @jpeisenbarth commented on GitHub (Jun 14, 2019): @rusty-snake This command fails with the same error message in a window (`You havn't write access to 30:head:exec /usr/bin/head:0 29:find:fopen /proc/filesystems:0x5616b1343290, problems ahead.`) In the output logs there is indeed a `private-etc` line (`private-etc fonts,xdg,gtk-3.0,selinux,system-fips,terminfo,`). I added these elements in the `private-etc` line in the profile but the radio still doesn't work. I'm not sure if I understood well what I should do with this line (from the `--build` command)

gitea-mirror commented 2026-05-05 08:24:28 -06:00

Author

Owner

Copy link

@rusty-snake commented on GitHub (Jun 14, 2019):

1. You done it right.
2. Looks like spotify doesn't like it to be debugged.
3. Check journalctl -r, if there is nothing helpfull about spotify do 4.
4. Open the PR with private-bin and a comment like # comment the next line or put 'ignore private-etc' in your spotify.local if you want to use the radio.

<!-- gh-comment-id:502046182 --> @rusty-snake commented on GitHub (Jun 14, 2019): 1. You done it right. 2. Looks like spotify doesn't like it to be debugged. 3. Check `journalctl -r`, if there is nothing helpfull about spotify do 4. 4. Open the PR with private-bin and a comment like `# comment the next line or put 'ignore private-etc' in your spotify.local if you want to use the radio.`

gitea-mirror commented 2026-05-05 08:24:28 -06:00

Author

Owner

Copy link

@jpeisenbarth commented on GitHub (Jun 14, 2019):

Nothing related to firejail/spotify in the journal 😕

I will add the comment in the PR then
Thank you for your help !

<!-- gh-comment-id:502058362 --> @jpeisenbarth commented on GitHub (Jun 14, 2019): Nothing related to firejail/spotify in the journal :confused: I will add the comment in the PR then Thank you for your help !

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

serialize_remounts_v2

landlock_v4

landlock

release-0.9.64

release-0.9.62

gitlab_ci

LTSbase

fred_ctests

docs

0.9.80

0.9.80-rc1

0.9.78

0.9.76

0.9.76-rc4

0.9.76-rc3

0.9.76-rc2

0.9.76-rc1

0.9.74

landlock-split

0.9.72

0.9.72rc1

0.9.70

0.9.68

0.9.68rc1

0.9.66

0.9.66rc1

0.9.64.4

0.9.64.2

0.9.64

0.9.64rc1

0.9.62.4

0.9.62.2

0.9.62

0.9.56.2-LTS

0.9.60

0.9.60-rc1

0.9.58.2

0.9.58

0.9.58-rc1

0.9.56-LTS-release

0.9.56-LTS

0.9.56

0.9.56-rc1

0.9.54

0.9.54-rc2

0.9.54-rc1

0.9.52

0.9.38.12

0.9.50

0.9.50-rc1

0.9.48

0.9.46

0.9.46-rc1

0.9.44.10

0.9.44.8

0.9.44.6

0.9.38.10

0.9.44.4

0.9.38.8

0.9.44.2

0.9.44

0.9.44-rc1

0.9.38.4

0.9.42

0.9.42-rc2

0.9.38.2

0.9.42-rc1

disable-globalcfg

0.9.40

0.9.40-rc1

0.9.38

0.9.38-rc1

0.9.36

0.9.36-rc1

0.9.34

0.9.34-rc1

0.9.32

0.9.32-rc1

0.9.30

0.9.30-rc1

Labels

Clear labels   

LTS merge

  

LTS merge

  

bug

  

bug

  

converted-to-discussion

  

doc-todo

  

documentation

  

duplicate

  

enhancement

  

file-transfer

  

firecfg

  

firejail-in-firejail

  

firetools

  

graphics

  

help wanted

  

information_old

  

installation

  

invalid

  

modif

  

moved

  

needinfo

  

networking

  

notabug

  

notourbug

  

old-version

  

overlayfs

  

packaging

  

profile-request

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question_old

  

removal

  

runtime-permissions

  

sandbox-ipc

  

security

  

stale

  

wiki

  

wiki

  

wontfix

  

wordpress

  

workaround

No labels

LTS merge

LTS merge

bug

bug

converted-to-discussion

doc-todo

documentation

duplicate

enhancement

file-transfer

firecfg

firejail-in-firejail

firetools

graphics

help wanted

information_old

installation

invalid

modif

moved

needinfo

networking

notabug

notourbug

old-version

overlayfs

packaging

profile-request

pull-request

question

question_old

removal

runtime-permissions

sandbox-ipc

security

stale

wiki

wiki

wontfix

wordpress

workaround

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#1732

No description provided.