github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #5584] spotify: Error fcopy: invalid ownership for file /usr/bin/spotify #3035

New issue
Closed
opened 2026-05-05 09:40:56 -06:00 by gitea-mirror · 14 comments
gitea-mirror commented 2026-05-05 09:40:56 -06:00
Owner
Copy link

Originally created by @ghost on GitHub (Jan 13, 2023).
Original GitHub issue: https://github.com/netblue30/firejail/issues/5584

Reading profile /etc/firejail/spotify.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Warning: networking feature is disabled in Firejail configuration file Parent pid 21820, child pid 21821 Warning: skipping spotify for private /opt Private /opt installed in 0.13 ms Warning: skipping none for private /srv Private /srv installed in 0.09 ms Error fcopy: invalid ownership for file /usr/bin/spotify Error: failed to run /run/firejail/lib/fcopy, exiting... Error: proc 21820 cannot sync with peer: unexpected EOF Peer 21821 unexpectedly exited with status 1

Originally created by @ghost on GitHub (Jan 13, 2023). Original GitHub issue: https://github.com/netblue30/firejail/issues/5584 `Reading profile /etc/firejail/spotify.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Warning: networking feature is disabled in Firejail configuration file Parent pid 21820, child pid 21821 Warning: skipping spotify for private /opt Private /opt installed in 0.13 ms Warning: skipping none for private /srv Private /srv installed in 0.09 ms Error fcopy: invalid ownership for file /usr/bin/spotify Error: failed to run /run/firejail/lib/fcopy, exiting... Error: proc 21820 cannot sync with peer: unexpected EOF Peer 21821 unexpectedly exited with status 1 `
gitea-mirror 2026-05-05 09:40:56 -06:00
gitea-mirror commented 2026-05-05 09:40:58 -06:00
Author
Owner
Copy link

@kmk3 commented on GitHub (Jan 13, 2023):

Basic debugging information is missing; please follow the bug report template:

<!-- gh-comment-id:1381969144 --> @kmk3 commented on GitHub (Jan 13, 2023): Basic debugging information is missing; please follow the bug report template: * <https://github.com/netblue30/firejail/issues/new?template=bug_report.md>
gitea-mirror commented 2026-05-05 09:40:59 -06:00
Author
Owner
Copy link

@kmk3 commented on GitHub (Jan 13, 2023):

Please see the following links for how to format code blocks in markdown:

<!-- gh-comment-id:1381969473 --> @kmk3 commented on GitHub (Jan 13, 2023): Please see the following links for how to format code blocks in markdown: * <https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/creating-and-highlighting-code-blocks> * <https://github.github.com/gfm/#fenced-code-blocks>
gitea-mirror commented 2026-05-05 09:41:00 -06:00
Author
Owner
Copy link

@smitsohu commented on GitHub (Jan 14, 2023):

Problem is here: Error fcopy: invalid ownership for file /usr/bin/spotify

What does ls -l /usr/bin/spotify say?

<!-- gh-comment-id:1382623639 --> @smitsohu commented on GitHub (Jan 14, 2023): Problem is here: `Error fcopy: invalid ownership for file /usr/bin/spotify` What does `ls -l /usr/bin/spotify` say?
gitea-mirror commented 2026-05-05 09:41:01 -06:00
Author
Owner
Copy link

@aberja commented on GitHub (Jan 29, 2023):

I also have the same issue. Below is my bug report:

Description

firejail spotify returns errors and does not start.

Steps to Reproduce

in a terminal run firejail spotify

Expected behavior

spotify should open

Actual behavior

I receive the error messages noted below in the log section.

Behavior without a profile

Spotify starts without any error messages when running without a profile:

LC_ALL=C firejail --noprofile spotify

Additional context

$ ls -l /usr/bin/spotify
lrwxrwxrwx 1 g752vs g752vs 24 Apr 22  2022 /usr/bin/spotify -> ../share/spotify/spotify

Environment

  • Linux distribution and version:
$ uname -a
Linux g752vs-d11 6.1.0-2-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.7-1 (2023-01-18) x86_64 GNU/Linux
  • Firejail version:
firejail --version
firejail version 0.9.70

Checklist

  • The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it).
  • I can reproduce the issue without custom modifications (e.g. globals.local).
  • The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
  • The profile (and redirect profile if exists) hasn't already been fixed upstream.
  • I have performed a short search for similar issues (to avoid opening a duplicate).
  • I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.
  • [n/a] I used --profile=PROFILENAME to set the right profile. (Only relevant for AppImages)

Log

Output of LC_ALL=C firejail spotify 

> LC_ALL=C firejail spotify
Reading profile /etc/firejail/spotify.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Warning: networking feature is disabled in Firejail configuration file
Parent pid 48734, child pid 48735
Warning: skipping spotify for private /opt
Private /opt installed in 0.09 ms
Warning: skipping none for private /srv
Private /srv installed in 0.07 ms
Error fcopy: invalid ownership for file /usr/bin/spotify
Error: failed to run /run/firejail/lib/fcopy, exiting...
Error: proc 48734 cannot sync with peer: unexpected EOF
Peer 48735 unexpectedly exited with status 1

Output of LC_ALL=C firejail --debug spotify 

LC_ALL=C firejail --debug spotify
Autoselecting /usr/bin/zsh as shell
Building quoted command line: 'spotify'
Command name #spotify#
Found spotify.profile profile in /etc/firejail directory
Reading profile /etc/firejail/spotify.profile
Found disable-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-common.inc
Found disable-devel.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-devel.inc
Found disable-exec.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-exec.inc
Found disable-interpreters.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-interpreters.inc
Found disable-programs.inc profile in /etc/firejail directory
Reading profile /etc/firejail/disable-programs.inc
Found whitelist-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-common.inc
Found whitelist-var-common.inc profile in /etc/firejail directory
Reading profile /etc/firejail/whitelist-var-common.inc
Warning: networking feature is disabled in Firejail configuration file
[profile] combined protocol list: "unix,inet,inet6,netlink"
DISPLAY=:0 parsed as 0
Using the local network stack
Parent pid 49701, child pid 49702
Initializing child process
Host network configured
PID namespace installed
Mounting tmpfs on /run/firejail/mnt directory
Creating empty /run/firejail/mnt/seccomp directory
Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file
Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file
IBUS_ADDRESS=unix:abstract=/home/g752vs/.cache/ibus/dbus-fAWPCQMy,guid=bd8e630eeebf12534d45b73363d64174
IBUS_DAEMON_PID=2251
Build protocol filter: unix,inet,inet6,netlink
sbox run: /run/firejail/lib/fseccomp protocol build unix,inet,inet6,netlink /run/firejail/mnt/seccomp/seccomp.protocol
Dropping all capabilities
Drop privileges: pid 2, uid 1000, gid 1000, force_nogroups 1
No supplementary groups
Mounting /proc filesystem representing the PID namespace
Basic read-only filesystem:
Mounting read-only /etc
3192 1242 259:3 /etc /etc ro,noatime master:1 - ext4 /dev/nvme1n1p2 rw
mountid=3192 fsname=/etc dir=/etc fstype=ext4
Mounting noexec /etc
3193 3192 259:3 /etc /etc ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/nvme1n1p2 rw
mountid=3193 fsname=/etc dir=/etc fstype=ext4
Mounting read-only /var
3194 1242 259:3 /var /var ro,noatime master:1 - ext4 /dev/nvme1n1p2 rw
mountid=3194 fsname=/var dir=/var fstype=ext4
Mounting noexec /var
3195 3194 259:3 /var /var ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/nvme1n1p2 rw
mountid=3195 fsname=/var dir=/var fstype=ext4
Mounting read-only /usr
3196 1242 259:3 /usr /usr ro,noatime master:1 - ext4 /dev/nvme1n1p2 rw
mountid=3196 fsname=/usr dir=/usr fstype=ext4
Mounting read-only /bin
3197 1242 259:3 /bin /bin ro,noatime master:1 - ext4 /dev/nvme1n1p2 rw
mountid=3197 fsname=/bin dir=/bin fstype=ext4
Mounting read-only /sbin
3198 1242 259:3 /sbin /sbin ro,noatime master:1 - ext4 /dev/nvme1n1p2 rw
mountid=3198 fsname=/sbin dir=/sbin fstype=ext4
Mounting read-only /lib
3199 1242 259:3 /lib /lib ro,noatime master:1 - ext4 /dev/nvme1n1p2 rw
mountid=3199 fsname=/lib dir=/lib fstype=ext4
Mounting read-only /lib64
3200 1242 259:3 /lib64 /lib64 ro,noatime master:1 - ext4 /dev/nvme1n1p2 rw
mountid=3200 fsname=/lib64 dir=/lib64 fstype=ext4
Mounting read-only /lib32
3201 1242 259:3 /lib32 /lib32 ro,noatime master:1 - ext4 /dev/nvme1n1p2 rw
mountid=3201 fsname=/lib32 dir=/lib32 fstype=ext4
Mounting read-only /libx32
3202 1242 259:3 /libx32 /libx32 ro,noatime master:1 - ext4 /dev/nvme1n1p2 rw
mountid=3202 fsname=/libx32 dir=/libx32 fstype=ext4
Mounting tmpfs on /var/lock
Mounting tmpfs on /var/tmp
Mounting tmpfs on /var/log
Mounting tmpfs on /var/lib/dhcp
Mounting tmpfs on /var/lib/snmp
Mounting tmpfs on /var/lib/sudo
Create the new utmp file
Mount the new utmp file
Cleaning /home directory
Cleaning /run/user directory
Sanitizing /etc/passwd, UID_MIN 1000
Sanitizing /etc/group, GID_MIN 1000
Disable /run/firejail/sandbox
Disable /run/firejail/network
Disable /run/firejail/bandwidth
Disable /run/firejail/name
Disable /run/firejail/profile
Disable /run/firejail/x11
Mounting tmpfs on /dev
mounting /run/firejail/mnt/dev/snd directory
mounting /run/firejail/mnt/dev/dri directory
mounting /run/firejail/mnt/dev/video0 file
mounting /run/firejail/mnt/dev/video1 file
Process /dev/shm directory
Copying files in the new /opt directory:
Warning: file /opt/spotify not found.
Warning: skipping spotify for private /opt
Mount-bind /run/firejail/mnt/opt on top of /opt
Private /opt installed in 0.10 ms
Copying files in the new /srv directory:
Warning: file /srv/none not found.
Warning: skipping none for private /srv
Mount-bind /run/firejail/mnt/srv on top of /srv
Private /srv installed in 0.07 ms
Copying files in the new bin directory
Checking /usr/local/bin/bash
Checking /usr/bin/bash
Checking /bin/bash
sbox run: /run/firejail/lib/fcopy /bin/bash /run/firejail/mnt/bin
Checking /usr/local/bin/cat
Checking /usr/bin/cat
Checking /bin/cat
sbox run: /run/firejail/lib/fcopy /bin/cat /run/firejail/mnt/bin
Checking /usr/local/bin/dirname
Checking /usr/bin/dirname
sbox run: /run/firejail/lib/fcopy /usr/bin/dirname /run/firejail/mnt/bin
Checking /usr/local/bin/find
Checking /usr/bin/find
sbox run: /run/firejail/lib/fcopy /usr/bin/find /run/firejail/mnt/bin
Checking /usr/local/bin/grep
Checking /usr/bin/grep
Checking /bin/grep
sbox run: /run/firejail/lib/fcopy /bin/grep /run/firejail/mnt/bin
Checking /usr/local/bin/head
Checking /usr/bin/head
sbox run: /run/firejail/lib/fcopy /usr/bin/head /run/firejail/mnt/bin
Checking /usr/local/bin/rm
Checking /usr/bin/rm
Checking /bin/rm
sbox run: /run/firejail/lib/fcopy /bin/rm /run/firejail/mnt/bin
Checking /usr/local/bin/sh
Checking /usr/bin/sh
Checking /bin/sh
sbox run: /run/firejail/lib/fcopy /bin/dash /run/firejail/mnt/bin
sbox run: /run/firejail/lib/fcopy /bin/sh /run/firejail/mnt/bin
Checking /usr/local/bin/spotify
Checking /usr/bin/spotify
file /usr/share/spotify/spotify not found
sbox run: /run/firejail/lib/fcopy /usr/bin/spotify /run/firejail/mnt/bin
Error fcopy: invalid ownership for file /usr/bin/spotify
Error: failed to run /run/firejail/lib/fcopy, exiting...
Error: proc 49701 cannot sync with peer: unexpected EOF
Peer 49702 unexpectedly exited with status 1

Edit by @kmk3: Formatting.

<!-- gh-comment-id:1407737070 --> @aberja commented on GitHub (Jan 29, 2023): I also have the same issue. Below is my bug report: ### Description firejail spotify returns errors and does not start. ### Steps to Reproduce in a terminal run `firejail spotify` ### Expected behavior spotify should open ### Actual behavior I receive the error messages noted below in the log section. ### Behavior without a profile Spotify starts without any error messages when running without a profile: ```sh LC_ALL=C firejail --noprofile spotify ``` ### Additional context ```console $ ls -l /usr/bin/spotify lrwxrwxrwx 1 g752vs g752vs 24 Apr 22 2022 /usr/bin/spotify -> ../share/spotify/spotify ``` ### Environment - Linux distribution and version: ```console $ uname -a Linux g752vs-d11 6.1.0-2-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.7-1 (2023-01-18) x86_64 GNU/Linux ``` - Firejail version: ```sh firejail --version firejail version 0.9.70 ``` ### Checklist - [x] The issues is caused by firejail (i.e. running the program by path (e.g. `/usr/bin/vlc`) "fixes" it). - [x] I can reproduce the issue without custom modifications (e.g. globals.local). - [x] The program has a profile. (If not, request one in `https://github.com/netblue30/firejail/issues/1139`) - [x] The profile (and redirect profile if exists) hasn't already been fixed [upstream](https://github.com/netblue30/firejail/tree/master/etc). - [x] I have performed a short search for similar issues (to avoid opening a duplicate). - [x] I'm aware of `browser-allow-drm yes`/`browser-disable-u2f no` in `firejail.config` to allow DRM/U2F in browsers. - [n/a] I used `--profile=PROFILENAME` to set the right profile. (Only relevant for AppImages) ### Log <details> <summary>Output of <code>LC_ALL=C firejail spotify</code></summary> <p> ``` > LC_ALL=C firejail spotify Reading profile /etc/firejail/spotify.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Warning: networking feature is disabled in Firejail configuration file Parent pid 48734, child pid 48735 Warning: skipping spotify for private /opt Private /opt installed in 0.09 ms Warning: skipping none for private /srv Private /srv installed in 0.07 ms Error fcopy: invalid ownership for file /usr/bin/spotify Error: failed to run /run/firejail/lib/fcopy, exiting... Error: proc 48734 cannot sync with peer: unexpected EOF Peer 48735 unexpectedly exited with status 1 ``` </p> </details> <details> <summary>Output of <code>LC_ALL=C firejail --debug spotify</code></summary> <p> <!-- If the output is too long to embed it into the comment, create a secret gist at https://gist.github.com/ and link it here. --> ``` LC_ALL=C firejail --debug spotify Autoselecting /usr/bin/zsh as shell Building quoted command line: 'spotify' Command name #spotify# Found spotify.profile profile in /etc/firejail directory Reading profile /etc/firejail/spotify.profile Found disable-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-common.inc Found disable-devel.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-devel.inc Found disable-exec.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-exec.inc Found disable-interpreters.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-interpreters.inc Found disable-programs.inc profile in /etc/firejail directory Reading profile /etc/firejail/disable-programs.inc Found whitelist-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-common.inc Found whitelist-var-common.inc profile in /etc/firejail directory Reading profile /etc/firejail/whitelist-var-common.inc Warning: networking feature is disabled in Firejail configuration file [profile] combined protocol list: "unix,inet,inet6,netlink" DISPLAY=:0 parsed as 0 Using the local network stack Parent pid 49701, child pid 49702 Initializing child process Host network configured PID namespace installed Mounting tmpfs on /run/firejail/mnt directory Creating empty /run/firejail/mnt/seccomp directory Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file IBUS_ADDRESS=unix:abstract=/home/g752vs/.cache/ibus/dbus-fAWPCQMy,guid=bd8e630eeebf12534d45b73363d64174 IBUS_DAEMON_PID=2251 Build protocol filter: unix,inet,inet6,netlink sbox run: /run/firejail/lib/fseccomp protocol build unix,inet,inet6,netlink /run/firejail/mnt/seccomp/seccomp.protocol Dropping all capabilities Drop privileges: pid 2, uid 1000, gid 1000, force_nogroups 1 No supplementary groups Mounting /proc filesystem representing the PID namespace Basic read-only filesystem: Mounting read-only /etc 3192 1242 259:3 /etc /etc ro,noatime master:1 - ext4 /dev/nvme1n1p2 rw mountid=3192 fsname=/etc dir=/etc fstype=ext4 Mounting noexec /etc 3193 3192 259:3 /etc /etc ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/nvme1n1p2 rw mountid=3193 fsname=/etc dir=/etc fstype=ext4 Mounting read-only /var 3194 1242 259:3 /var /var ro,noatime master:1 - ext4 /dev/nvme1n1p2 rw mountid=3194 fsname=/var dir=/var fstype=ext4 Mounting noexec /var 3195 3194 259:3 /var /var ro,nosuid,nodev,noexec,noatime master:1 - ext4 /dev/nvme1n1p2 rw mountid=3195 fsname=/var dir=/var fstype=ext4 Mounting read-only /usr 3196 1242 259:3 /usr /usr ro,noatime master:1 - ext4 /dev/nvme1n1p2 rw mountid=3196 fsname=/usr dir=/usr fstype=ext4 Mounting read-only /bin 3197 1242 259:3 /bin /bin ro,noatime master:1 - ext4 /dev/nvme1n1p2 rw mountid=3197 fsname=/bin dir=/bin fstype=ext4 Mounting read-only /sbin 3198 1242 259:3 /sbin /sbin ro,noatime master:1 - ext4 /dev/nvme1n1p2 rw mountid=3198 fsname=/sbin dir=/sbin fstype=ext4 Mounting read-only /lib 3199 1242 259:3 /lib /lib ro,noatime master:1 - ext4 /dev/nvme1n1p2 rw mountid=3199 fsname=/lib dir=/lib fstype=ext4 Mounting read-only /lib64 3200 1242 259:3 /lib64 /lib64 ro,noatime master:1 - ext4 /dev/nvme1n1p2 rw mountid=3200 fsname=/lib64 dir=/lib64 fstype=ext4 Mounting read-only /lib32 3201 1242 259:3 /lib32 /lib32 ro,noatime master:1 - ext4 /dev/nvme1n1p2 rw mountid=3201 fsname=/lib32 dir=/lib32 fstype=ext4 Mounting read-only /libx32 3202 1242 259:3 /libx32 /libx32 ro,noatime master:1 - ext4 /dev/nvme1n1p2 rw mountid=3202 fsname=/libx32 dir=/libx32 fstype=ext4 Mounting tmpfs on /var/lock Mounting tmpfs on /var/tmp Mounting tmpfs on /var/log Mounting tmpfs on /var/lib/dhcp Mounting tmpfs on /var/lib/snmp Mounting tmpfs on /var/lib/sudo Create the new utmp file Mount the new utmp file Cleaning /home directory Cleaning /run/user directory Sanitizing /etc/passwd, UID_MIN 1000 Sanitizing /etc/group, GID_MIN 1000 Disable /run/firejail/sandbox Disable /run/firejail/network Disable /run/firejail/bandwidth Disable /run/firejail/name Disable /run/firejail/profile Disable /run/firejail/x11 Mounting tmpfs on /dev mounting /run/firejail/mnt/dev/snd directory mounting /run/firejail/mnt/dev/dri directory mounting /run/firejail/mnt/dev/video0 file mounting /run/firejail/mnt/dev/video1 file Process /dev/shm directory Copying files in the new /opt directory: Warning: file /opt/spotify not found. Warning: skipping spotify for private /opt Mount-bind /run/firejail/mnt/opt on top of /opt Private /opt installed in 0.10 ms Copying files in the new /srv directory: Warning: file /srv/none not found. Warning: skipping none for private /srv Mount-bind /run/firejail/mnt/srv on top of /srv Private /srv installed in 0.07 ms Copying files in the new bin directory Checking /usr/local/bin/bash Checking /usr/bin/bash Checking /bin/bash sbox run: /run/firejail/lib/fcopy /bin/bash /run/firejail/mnt/bin Checking /usr/local/bin/cat Checking /usr/bin/cat Checking /bin/cat sbox run: /run/firejail/lib/fcopy /bin/cat /run/firejail/mnt/bin Checking /usr/local/bin/dirname Checking /usr/bin/dirname sbox run: /run/firejail/lib/fcopy /usr/bin/dirname /run/firejail/mnt/bin Checking /usr/local/bin/find Checking /usr/bin/find sbox run: /run/firejail/lib/fcopy /usr/bin/find /run/firejail/mnt/bin Checking /usr/local/bin/grep Checking /usr/bin/grep Checking /bin/grep sbox run: /run/firejail/lib/fcopy /bin/grep /run/firejail/mnt/bin Checking /usr/local/bin/head Checking /usr/bin/head sbox run: /run/firejail/lib/fcopy /usr/bin/head /run/firejail/mnt/bin Checking /usr/local/bin/rm Checking /usr/bin/rm Checking /bin/rm sbox run: /run/firejail/lib/fcopy /bin/rm /run/firejail/mnt/bin Checking /usr/local/bin/sh Checking /usr/bin/sh Checking /bin/sh sbox run: /run/firejail/lib/fcopy /bin/dash /run/firejail/mnt/bin sbox run: /run/firejail/lib/fcopy /bin/sh /run/firejail/mnt/bin Checking /usr/local/bin/spotify Checking /usr/bin/spotify file /usr/share/spotify/spotify not found sbox run: /run/firejail/lib/fcopy /usr/bin/spotify /run/firejail/mnt/bin Error fcopy: invalid ownership for file /usr/bin/spotify Error: failed to run /run/firejail/lib/fcopy, exiting... Error: proc 49701 cannot sync with peer: unexpected EOF Peer 49702 unexpectedly exited with status 1 ``` </p> </details> --- Edit by @kmk3: Formatting.
gitea-mirror commented 2026-05-05 09:41:01 -06:00
Author
Owner
Copy link

@kmk3 commented on GitHub (Jan 29, 2023):

@aberja on Jan 29:

$ ls -l /usr/bin/spotify
lrwxrwxrwx 1 g752vs g752vs 24 Apr 22  2022 /usr/bin/spotify -> ../share/spotify/spotify

What is the output of ls -l /usr/share/spotify/spotify?

firejail --version
firejail version 0.9.70

Does the error still happen with firejail 0.9.72?

<!-- gh-comment-id:1407786061 --> @kmk3 commented on GitHub (Jan 29, 2023): @aberja [on Jan 29](https://github.com/netblue30/firejail/issues/5584#issuecomment-1407737070): > ``` > $ ls -l /usr/bin/spotify > lrwxrwxrwx 1 g752vs g752vs 24 Apr 22 2022 /usr/bin/spotify -> ../share/spotify/spotify > ``` What is the output of `ls -l /usr/share/spotify/spotify`? > ```shell > firejail --version > firejail version 0.9.70 > ``` Does the error still happen with firejail 0.9.72?
gitea-mirror commented 2026-05-05 09:41:01 -06:00
Author
Owner
Copy link

@aberja commented on GitHub (Jan 30, 2023):

@kmk3

What is the output of ls -l /usr/share/spotify/spotify?

ls -l /usr/share/spotify/spotify
-rwxr-xr-x 1 g752vs g752vs 70253192 Apr 22  2022 /usr/share/spotify/spotify

Does the error still happen with firejail 0.9.72?

Yes, still happening with 0.9.72

firejail --version
firejail version 0.9.72
output of LC_ALL=C firejail spotify with 0.9.72 

Reading profile /etc/firejail/spotify.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Warning: networking feature is disabled in Firejail configuration file
Parent pid 80832, child pid 80833
Warning: skipping spotify for private /opt
Private /opt installed in 0.08 ms
Warning: skipping none for private /srv
Private /srv installed in 0.13 ms
Error fcopy: invalid ownership for file /usr/bin/spotify
Error: failed to run /run/firejail/lib/fcopy, exiting...
Error: proc 80832 cannot sync with peer: unexpected EOF
Peer 80833 unexpectedly exited with status 1

<!-- gh-comment-id:1407818743 --> @aberja commented on GitHub (Jan 30, 2023): @kmk3 > What is the output of `ls -l /usr/share/spotify/spotify`? ``` ls -l /usr/share/spotify/spotify -rwxr-xr-x 1 g752vs g752vs 70253192 Apr 22 2022 /usr/share/spotify/spotify ``` > Does the error still happen with firejail 0.9.72? Yes, still happening with 0.9.72 ``` firejail --version firejail version 0.9.72 ``` <details> <summary>output of <code>LC_ALL=C firejail spotify</code> with 0.9.72</summary> <p> ``` Reading profile /etc/firejail/spotify.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Warning: networking feature is disabled in Firejail configuration file Parent pid 80832, child pid 80833 Warning: skipping spotify for private /opt Private /opt installed in 0.08 ms Warning: skipping none for private /srv Private /srv installed in 0.13 ms Error fcopy: invalid ownership for file /usr/bin/spotify Error: failed to run /run/firejail/lib/fcopy, exiting... Error: proc 80832 cannot sync with peer: unexpected EOF Peer 80833 unexpectedly exited with status 1 ``` </p> </details>
gitea-mirror commented 2026-05-05 09:41:02 -06:00
Author
Owner
Copy link

@kmk3 commented on GitHub (Jan 30, 2023):

@aberja on Jan 29:

What is the output of ls -l /usr/share/spotify/spotify?

ls -l /usr/share/spotify/spotify
-rwxr-xr-x 1 g752vs g752vs 70253192 Apr 22  2022 /usr/share/spotify/spotify

Error fcopy: invalid ownership for file /usr/bin/spotify
Error: failed to run /run/firejail/lib/fcopy, exiting...

Usually files in that location are owned by root:root, which is probably what
fcopy is complaining about.

How was spotify installed?

Does changing the permissions change the output?

Example:

chown -R root:root /usr/share/spotify
<!-- gh-comment-id:1407823694 --> @kmk3 commented on GitHub (Jan 30, 2023): @aberja [on Jan 29](https://github.com/netblue30/firejail/issues/5584#issuecomment-1407818743): > > What is the output of `ls -l /usr/share/spotify/spotify`? > > ``` > ls -l /usr/share/spotify/spotify > -rwxr-xr-x 1 g752vs g752vs 70253192 Apr 22 2022 /usr/share/spotify/spotify > ``` > ``` > Error fcopy: invalid ownership for file /usr/bin/spotify > Error: failed to run /run/firejail/lib/fcopy, exiting... > ``` Usually files in that location are owned by `root:root`, which is probably what fcopy is complaining about. How was spotify installed? Does changing the permissions change the output? Example: ```sh chown -R root:root /usr/share/spotify ```
gitea-mirror commented 2026-05-05 09:41:02 -06:00
Author
Owner
Copy link

@aberja commented on GitHub (Jan 30, 2023):

@kmk3

How was spotify installed?

Spotify was installed pursuant to the instructions on Spotify.com, i.e.:

curl -sS https://download.spotify.com/debian/pubkey_7A3A762FAFD4A51F.gpg | sudo gpg --dearmor --yes -o /etc/apt/trusted.gpg.d/spotify.gpg

echo "deb http://repository.spotify.com stable non-free" | sudo tee /etc/apt/sources.list.d/spotify.list

sudo aptitude update && sudo aptitude install spotify-client
Inside the folder /usr/share/spotify the files are owned by the user, while the folders are root: 

ls -l /usr/share/spotify
total 282296
drwxr-xr-x 2 root   root        4096 Nov 21 11:52 Apps
drwxr-xr-x 2 root   root        4096 Nov 21 11:52 apt-keys
-rw-rw-r-- 1 g752vs g752vs    635724 Mar 31  2022 chrome_100_percent.pak
-rw-rw-r-- 1 g752vs g752vs    957180 Mar 31  2022 chrome_200_percent.pak
drwxr-xr-x 2 root   root        4096 Nov 21 11:52 icons
-rw-rw-r-- 1 g752vs g752vs  10284336 Mar 31  2022 icudtl.dat
-rw-rw-r-- 1 g752vs g752vs 187903408 Apr 22  2022 libcef.so
-rw-rw-r-- 1 g752vs g752vs    255720 Apr 22  2022 libEGL.so
-rw-rw-r-- 1 g752vs g752vs   6010712 Apr 22  2022 libGLESv2.so
-rw-rw-r-- 1 g752vs g752vs   4138176 Apr 22  2022 libvk_swiftshader.so
-rw-rw-r-- 1 g752vs g752vs    581336 Apr 22  2022 libvulkan.so.1
drwxr-xr-x 2 root   root        4096 Nov 21 11:52 locales
-rw-rw-r-- 1 g752vs g752vs   6976573 Mar 31  2022 resources.pak
-rw-rw-r-- 1 g752vs g752vs    351544 Mar 31  2022 snapshot_blob.bin
-rwxr-xr-x 1 g752vs g752vs  70253192 Apr 22  2022 spotify
-rw-r--r-- 1 g752vs g752vs       238 Apr 21  2022 spotify.desktop
drwxr-xr-x 2 root   root        4096 Nov 21 11:52 swiftshader
-rw-rw-r-- 1 g752vs g752vs    672272 Mar 31  2022 v8_context_snapshot.bin
-rw-rw-r-- 1 g752vs g752vs       107 Mar 31  2022 vk_swiftshader_icd.json

Does changing the permissions change the output?

Yes, changing the file permissions to root by running chown -R root:root /usr/share/spotify resolves the issue. As a result, firejail spotify now starts spotify

Going forward, does this mean that for those that want to run spotify with firejail, they will need to change the permissions? Or is there a change in firejail that can be made that recognizes how spotify installs?

<!-- gh-comment-id:1407868252 --> @aberja commented on GitHub (Jan 30, 2023): @kmk3 > How was spotify installed? Spotify was installed pursuant to the instructions on Spotify.com, i.e.: ``` curl -sS https://download.spotify.com/debian/pubkey_7A3A762FAFD4A51F.gpg | sudo gpg --dearmor --yes -o /etc/apt/trusted.gpg.d/spotify.gpg echo "deb http://repository.spotify.com stable non-free" | sudo tee /etc/apt/sources.list.d/spotify.list sudo aptitude update && sudo aptitude install spotify-client ``` <details> <summary>Inside the folder /usr/share/spotify the files are owned by the user, while the folders are root:</summary> <p> ``` ls -l /usr/share/spotify total 282296 drwxr-xr-x 2 root root 4096 Nov 21 11:52 Apps drwxr-xr-x 2 root root 4096 Nov 21 11:52 apt-keys -rw-rw-r-- 1 g752vs g752vs 635724 Mar 31 2022 chrome_100_percent.pak -rw-rw-r-- 1 g752vs g752vs 957180 Mar 31 2022 chrome_200_percent.pak drwxr-xr-x 2 root root 4096 Nov 21 11:52 icons -rw-rw-r-- 1 g752vs g752vs 10284336 Mar 31 2022 icudtl.dat -rw-rw-r-- 1 g752vs g752vs 187903408 Apr 22 2022 libcef.so -rw-rw-r-- 1 g752vs g752vs 255720 Apr 22 2022 libEGL.so -rw-rw-r-- 1 g752vs g752vs 6010712 Apr 22 2022 libGLESv2.so -rw-rw-r-- 1 g752vs g752vs 4138176 Apr 22 2022 libvk_swiftshader.so -rw-rw-r-- 1 g752vs g752vs 581336 Apr 22 2022 libvulkan.so.1 drwxr-xr-x 2 root root 4096 Nov 21 11:52 locales -rw-rw-r-- 1 g752vs g752vs 6976573 Mar 31 2022 resources.pak -rw-rw-r-- 1 g752vs g752vs 351544 Mar 31 2022 snapshot_blob.bin -rwxr-xr-x 1 g752vs g752vs 70253192 Apr 22 2022 spotify -rw-r--r-- 1 g752vs g752vs 238 Apr 21 2022 spotify.desktop drwxr-xr-x 2 root root 4096 Nov 21 11:52 swiftshader -rw-rw-r-- 1 g752vs g752vs 672272 Mar 31 2022 v8_context_snapshot.bin -rw-rw-r-- 1 g752vs g752vs 107 Mar 31 2022 vk_swiftshader_icd.json ``` </p> </details> > Does changing the permissions change the output? Yes, changing the file permissions to root by running <code>chown -R root:root /usr/share/spotify</code> resolves the issue. As a result, <code>firejail spotify</code> now starts spotify Going forward, does this mean that for those that want to run spotify with firejail, they will need to change the permissions? Or is there a change in firejail that can be made that recognizes how spotify installs?
gitea-mirror commented 2026-05-05 09:41:03 -06:00
Author
Owner
Copy link

@kmk3 commented on GitHub (Jan 30, 2023):

@aberja on Jan 30:

How was spotify installed?

Spotify was installed pursuant to the instructions on Spotify.com, i.e.:

curl -sS https://download.spotify.com/debian/pubkey_7A3A762FAFD4A51F.gpg | sudo gpg --dearmor --yes -o /etc/apt/trusted.gpg.d/spotify.gpg

echo "deb http://repository.spotify.com stable non-free" | sudo tee /etc/apt/sources.list.d/spotify.list

sudo aptitude update && sudo aptitude install spotify-client

Inside the folder /usr/share/spotify the files are owned by the user, while
the folders are root:

Does changing the permissions change the output?

Yes, changing the file permissions to root by running chown -R root:root /usr/share/spotify resolves the issue. As a result, firejail spotify now
starts spotify

Going forward, does this mean that for those that want to run spotify with
firejail, they will need to change the permissions? Or is there a change in
firejail that can be made that recognizes how spotify installs?

Usually everything in /usr/share is owned by root:root.

fcopy aborts because it detects an unusual scenario, which could be an attempt
to fool it into copying the wrong files (which could potentially lead to
privilege escalation).

The unexpected permissions seem like a problem in either the package or in the
package manager.

What are the permissions if spotify is uninstalled and re-installed through apt
instead of aptitude?

Did you create the g752vs account or is it related to spotify?

Is it a normal or a system account? Normal accounts usually have UID >= 1000.

<!-- gh-comment-id:1407938106 --> @kmk3 commented on GitHub (Jan 30, 2023): @aberja [on Jan 30](https://github.com/netblue30/firejail/issues/5584#issuecomment-1407868252): > > How was spotify installed? > > Spotify was installed pursuant to the instructions on Spotify.com, i.e.: > > ``` > curl -sS https://download.spotify.com/debian/pubkey_7A3A762FAFD4A51F.gpg | sudo gpg --dearmor --yes -o /etc/apt/trusted.gpg.d/spotify.gpg > > echo "deb http://repository.spotify.com stable non-free" | sudo tee /etc/apt/sources.list.d/spotify.list > > sudo aptitude update && sudo aptitude install spotify-client > ``` > > Inside the folder /usr/share/spotify the files are owned by the user, while > the folders are root: > > > Does changing the permissions change the output? > > Yes, changing the file permissions to root by running `chown -R root:root > /usr/share/spotify` resolves the issue. As a result, `firejail spotify` now > starts spotify > > Going forward, does this mean that for those that want to run spotify with > firejail, they will need to change the permissions? Or is there a change in > firejail that can be made that recognizes how spotify installs? Usually everything in /usr/share is owned by `root:root`. fcopy aborts because it detects an unusual scenario, which could be an attempt to fool it into copying the wrong files (which could potentially lead to privilege escalation). The unexpected permissions seem like a problem in either the package or in the package manager. What are the permissions if spotify is uninstalled and re-installed through apt instead of aptitude? Did you create the `g752vs` account or is it related to spotify? Is it a normal or a system account? Normal accounts usually have UID >= 1000.
gitea-mirror commented 2026-05-05 09:41:03 -06:00
Author
Owner
Copy link

@aberja commented on GitHub (Jan 30, 2023):

@kmk3

What are the permissions if spotify is uninstalled and re-installed through apt
instead of aptitude?

I purged spotify, restarted the computer and then re-installed using apt. The user g742vs then owned all files and folders in /usr/share/spotify

I have tried this on another Debian install and the results were the same. I checked a number of other programs in /usr/share/ and the files and folders were all owned by root. So this issue appears to be only related to Spotify.

Did you create the g752vs account or is it related to spotify?

g752vs was the linux user account I created when I installed Debian and is not related to spotify.

Is it a normal or a system account? Normal accounts usually have UID >= 1000.

It is a normal account. I have also included below the groups that the user belongs to:

id -u g752vs
1000

groups g752vs
g752vs : g752vs cdrom floppy sudo audio dip video plugdev kvm netdev bluetooth lpadmin scanner libvirt wireshark
<!-- gh-comment-id:1408007828 --> @aberja commented on GitHub (Jan 30, 2023): @kmk3 > What are the permissions if spotify is uninstalled and re-installed through apt instead of aptitude? I purged spotify, restarted the computer and then re-installed using apt. The user g742vs then owned all files and folders in <code>/usr/share/spotify</code> I have tried this on another Debian install and the results were the same. I checked a number of other programs in /usr/share/ and the files and folders were all owned by root. So this issue appears to be only related to Spotify. > Did you create the g752vs account or is it related to spotify? g752vs was the linux user account I created when I installed Debian and is not related to spotify. > Is it a normal or a system account? Normal accounts usually have UID >= 1000. It is a normal account. I have also included below the groups that the user belongs to: ``` id -u g752vs 1000 groups g752vs g752vs : g752vs cdrom floppy sudo audio dip video plugdev kvm netdev bluetooth lpadmin scanner libvirt wireshark ```
gitea-mirror commented 2026-05-05 09:41:03 -06:00
Author
Owner
Copy link

@kmk3 commented on GitHub (Jan 30, 2023):

@aberja on Jan 30:

What are the permissions if spotify is uninstalled and re-installed through
apt instead of aptitude?

I purged spotify, restarted the computer and then re-installed using apt. The
user g742vs then owned all files and folders in /usr/share/spotify

I have tried this on another Debian install and the results were the same. I
checked a number of other programs in /usr/share/ and the files and folders
were all owned by root. So this issue appears to be only related to Spotify.

Did you create the g752vs account or is it related to spotify?

g752vs was the linux user account I created when I installed Debian and is
not related to spotify.

Is it a normal or a system account? Normal accounts usually have UID >=
1000.

It is a normal account. I have also included below the groups that the user
belongs to:

id -u g752vs
1000

groups g752vs
g752vs : g752vs cdrom floppy sudo audio dip video plugdev kvm netdev bluetooth lpadmin scanner libvirt wireshark

Good work; so the issue really seems to be with the spotify package.

@reinerh Any idea what could be causing this?

I'm not aware of any repositories related to creating the .deb package,
especially considering that spotify is proprietary software.

So I would suggest reporting this issue to spotify and maybe also contacting
Debian to let them know of the problem.

Closing for now since firejail is working as intended.

Feel free to post any related updates in this issue.

<!-- gh-comment-id:1409488360 --> @kmk3 commented on GitHub (Jan 30, 2023): @aberja [on Jan 30](https://github.com/netblue30/firejail/issues/5584#issuecomment-1408007828): > > What are the permissions if spotify is uninstalled and re-installed through > > apt instead of aptitude? > > I purged spotify, restarted the computer and then re-installed using apt. The > user g742vs then owned all files and folders in `/usr/share/spotify` > > I have tried this on another Debian install and the results were the same. I > checked a number of other programs in /usr/share/ and the files and folders > were all owned by root. So this issue appears to be only related to Spotify. > > > Did you create the g752vs account or is it related to spotify? > > g752vs was the linux user account I created when I installed Debian and is > not related to spotify. > > > Is it a normal or a system account? Normal accounts usually have UID >= > > 1000. > > It is a normal account. I have also included below the groups that the user > belongs to: > > ``` > id -u g752vs > 1000 > > groups g752vs > g752vs : g752vs cdrom floppy sudo audio dip video plugdev kvm netdev bluetooth lpadmin scanner libvirt wireshark > ``` Good work; so the issue really seems to be with the spotify package. @reinerh Any idea what could be causing this? I'm not aware of any repositories related to creating the .deb package, especially considering that spotify is proprietary software. So I would suggest reporting this issue to spotify and maybe also contacting Debian to let them know of the problem. Closing for now since firejail is working as intended. Feel free to post any related updates in this issue.
gitea-mirror commented 2026-05-05 09:41:04 -06:00
Author
Owner
Copy link

@reinerh commented on GitHub (Jan 31, 2023):

@reinerh Any idea what could be causing this?

$ wget https://repository-origin.spotify.com/pool/non-free/s/spotify-client/spotify-client_1.1.84.716.gc5f8b819-2_amd64.deb
...
$ ar x spotify-client_1.1.84.716.gc5f8b819-2_amd64.deb
$ tar --numeric-owner -tvf data.tar
drwxr-xr-x 1000/1000         0 2022-04-22 18:44 ./
drwxr-xr-x 1000/1000         0 2022-04-22 18:44 ./usr/
drwxr-xr-x 1000/1000         0 2022-04-22 18:44 ./usr/share/
drwxr-xr-x 1000/1000         0 2022-04-22 18:44 ./usr/share/doc/
drwxr-xr-x 1000/1000         0 2022-04-22 18:44 ./usr/share/doc/spotify-client/
-rw-r--r-- 1000/1000       160 2022-04-22 18:44 ./usr/share/doc/spotify-client/changelog.gz
drwxr-xr-x 1000/1000         0 2022-04-22 18:44 ./usr/share/spotify/
-rw-rw-r-- 1000/1000  10284336 2022-04-01 05:55 ./usr/share/spotify/icudtl.dat
-rw-r--r-- 1000/1000       238 2022-04-22 05:02 ./usr/share/spotify/spotify.desktop
-rw-rw-r-- 1000/1000   6010712 2022-04-22 18:44 ./usr/share/spotify/libGLESv2.so
-rw-rw-r-- 1000/1000   4138176 2022-04-22 18:44 ./usr/share/spotify/libvk_swiftshader.so
-rw-rw-r-- 1000/1000 187903408 2022-04-22 18:44 ./usr/share/spotify/libcef.so
drwxr-xr-x 1000/1000         0 2022-04-22 18:44 ./usr/share/spotify/icons/
-rw-r--r-- 1000/1000       889 2022-04-22 05:02 ./usr/share/spotify/icons/spotify-linux-24.png
-rw-r--r-- 1000/1000      1573 2022-04-22 05:02 ./usr/share/spotify/icons/spotify-linux-64.png
-rw-r--r-- 1000/1000       527 2022-04-22 05:02 ./usr/share/spotify/icons/spotify-linux-16.png
-rw-r--r-- 1000/1000      6027 2022-04-22 05:02 ./usr/share/spotify/icons/spotify-linux-128.png
-rw-r--r-- 1000/1000      2074 2022-04-22 05:02 ./usr/share/spotify/icons/spotify-linux-48.png
-rw-r--r-- 1000/1000     24360 2022-04-22 05:02 ./usr/share/spotify/icons/spotify_icon.ico
-rw-r--r-- 1000/1000       770 2022-04-22 05:02 ./usr/share/spotify/icons/spotify-linux-22.png
-rw-r--r-- 1000/1000      1230 2022-04-22 05:02 ./usr/share/spotify/icons/spotify-linux-32.png
-rw-r--r-- 1000/1000     22733 2022-04-22 05:02 ./usr/share/spotify/icons/spotify-linux-512.png
-rw-r--r-- 1000/1000     13393 2022-04-22 05:02 ./usr/share/spotify/icons/spotify-linux-256.png
-rw-rw-r-- 1000/1000       107 2022-04-01 06:27 ./usr/share/spotify/vk_swiftshader_icd.json
drwxr-xr-x 1000/1000         0 2022-04-22 18:44 ./usr/share/spotify/swiftshader/
-rw-rw-r-- 1000/1000   2457736 2022-04-22 18:44 ./usr/share/spotify/swiftshader/libGLESv2.so
-rw-rw-r-- 1000/1000    269216 2022-04-22 18:44 ./usr/share/spotify/swiftshader/libEGL.so
-rw-rw-r-- 1000/1000    635724 2022-04-01 06:33 ./usr/share/spotify/chrome_100_percent.pak
-rw-rw-r-- 1000/1000    255720 2022-04-22 18:44 ./usr/share/spotify/libEGL.so
drwxr-xr-x 1000/1000         0 2022-11-15 21:57 ./usr/share/spotify/apt-keys/
-rw-r--r-- 1000/1000      1184 2022-04-22 05:02 ./usr/share/spotify/apt-keys/spotify-2021-10-27-5E3C45D7B312C643.gpg
-rw-rw-r-- 1000/1000      1184 2022-11-15 21:57 ./usr/share/spotify/apt-keys/spotify-2022-11-14-7A3A762FAFD4A51F.gpg
-rw-rw-r-- 1000/1000    672272 2022-04-01 06:48 ./usr/share/spotify/v8_context_snapshot.bin
-rw-rw-r-- 1000/1000    957180 2022-04-01 06:33 ./usr/share/spotify/chrome_200_percent.pak
-rw-rw-r-- 1000/1000    581336 2022-04-22 18:44 ./usr/share/spotify/libvulkan.so.1
drwxr-xr-x 1000/1000         0 2022-04-22 18:44 ./usr/share/spotify/locales/
-rw-rw-r-- 1000/1000    299910 2022-04-01 06:29 ./usr/share/spotify/locales/en-US.pak
-rw-rw-r-- 1000/1000    351544 2022-04-01 06:48 ./usr/share/spotify/snapshot_blob.bin
-rw-rw-r-- 1000/1000   6976573 2022-04-01 06:46 ./usr/share/spotify/resources.pak
-rwxr-xr-x 1000/1000  70253192 2022-04-22 18:44 ./usr/share/spotify/spotify
drwxr-xr-x 1000/1000         0 2022-04-22 18:44 ./usr/share/spotify/Apps/
-rw-r--r-- 1000/1000   1736814 2022-04-22 18:44 ./usr/share/spotify/Apps/login.spa
-rw-r--r-- 1000/1000   4835700 2022-04-22 18:44 ./usr/share/spotify/Apps/xpui.spa
drwxr-xr-x 1000/1000         0 2022-04-22 18:44 ./usr/bin/
lrwxrwxrwx 1000/1000         0 2022-04-22 18:44 ./usr/bin/spotify -> ../share/spotify/spotify

The data in the package is owned by UID 1000. That's a problem of the package created by Spotify.

So I would suggest reporting this issue to spotify and maybe also contacting Debian to let them know of the problem.

No need to contact Debian, they have nothing to do with it. It's just an unusual third-party package. :)

<!-- gh-comment-id:1409585219 --> @reinerh commented on GitHub (Jan 31, 2023): > @reinerh Any idea what could be causing this? ``` $ wget https://repository-origin.spotify.com/pool/non-free/s/spotify-client/spotify-client_1.1.84.716.gc5f8b819-2_amd64.deb ... $ ar x spotify-client_1.1.84.716.gc5f8b819-2_amd64.deb $ tar --numeric-owner -tvf data.tar drwxr-xr-x 1000/1000 0 2022-04-22 18:44 ./ drwxr-xr-x 1000/1000 0 2022-04-22 18:44 ./usr/ drwxr-xr-x 1000/1000 0 2022-04-22 18:44 ./usr/share/ drwxr-xr-x 1000/1000 0 2022-04-22 18:44 ./usr/share/doc/ drwxr-xr-x 1000/1000 0 2022-04-22 18:44 ./usr/share/doc/spotify-client/ -rw-r--r-- 1000/1000 160 2022-04-22 18:44 ./usr/share/doc/spotify-client/changelog.gz drwxr-xr-x 1000/1000 0 2022-04-22 18:44 ./usr/share/spotify/ -rw-rw-r-- 1000/1000 10284336 2022-04-01 05:55 ./usr/share/spotify/icudtl.dat -rw-r--r-- 1000/1000 238 2022-04-22 05:02 ./usr/share/spotify/spotify.desktop -rw-rw-r-- 1000/1000 6010712 2022-04-22 18:44 ./usr/share/spotify/libGLESv2.so -rw-rw-r-- 1000/1000 4138176 2022-04-22 18:44 ./usr/share/spotify/libvk_swiftshader.so -rw-rw-r-- 1000/1000 187903408 2022-04-22 18:44 ./usr/share/spotify/libcef.so drwxr-xr-x 1000/1000 0 2022-04-22 18:44 ./usr/share/spotify/icons/ -rw-r--r-- 1000/1000 889 2022-04-22 05:02 ./usr/share/spotify/icons/spotify-linux-24.png -rw-r--r-- 1000/1000 1573 2022-04-22 05:02 ./usr/share/spotify/icons/spotify-linux-64.png -rw-r--r-- 1000/1000 527 2022-04-22 05:02 ./usr/share/spotify/icons/spotify-linux-16.png -rw-r--r-- 1000/1000 6027 2022-04-22 05:02 ./usr/share/spotify/icons/spotify-linux-128.png -rw-r--r-- 1000/1000 2074 2022-04-22 05:02 ./usr/share/spotify/icons/spotify-linux-48.png -rw-r--r-- 1000/1000 24360 2022-04-22 05:02 ./usr/share/spotify/icons/spotify_icon.ico -rw-r--r-- 1000/1000 770 2022-04-22 05:02 ./usr/share/spotify/icons/spotify-linux-22.png -rw-r--r-- 1000/1000 1230 2022-04-22 05:02 ./usr/share/spotify/icons/spotify-linux-32.png -rw-r--r-- 1000/1000 22733 2022-04-22 05:02 ./usr/share/spotify/icons/spotify-linux-512.png -rw-r--r-- 1000/1000 13393 2022-04-22 05:02 ./usr/share/spotify/icons/spotify-linux-256.png -rw-rw-r-- 1000/1000 107 2022-04-01 06:27 ./usr/share/spotify/vk_swiftshader_icd.json drwxr-xr-x 1000/1000 0 2022-04-22 18:44 ./usr/share/spotify/swiftshader/ -rw-rw-r-- 1000/1000 2457736 2022-04-22 18:44 ./usr/share/spotify/swiftshader/libGLESv2.so -rw-rw-r-- 1000/1000 269216 2022-04-22 18:44 ./usr/share/spotify/swiftshader/libEGL.so -rw-rw-r-- 1000/1000 635724 2022-04-01 06:33 ./usr/share/spotify/chrome_100_percent.pak -rw-rw-r-- 1000/1000 255720 2022-04-22 18:44 ./usr/share/spotify/libEGL.so drwxr-xr-x 1000/1000 0 2022-11-15 21:57 ./usr/share/spotify/apt-keys/ -rw-r--r-- 1000/1000 1184 2022-04-22 05:02 ./usr/share/spotify/apt-keys/spotify-2021-10-27-5E3C45D7B312C643.gpg -rw-rw-r-- 1000/1000 1184 2022-11-15 21:57 ./usr/share/spotify/apt-keys/spotify-2022-11-14-7A3A762FAFD4A51F.gpg -rw-rw-r-- 1000/1000 672272 2022-04-01 06:48 ./usr/share/spotify/v8_context_snapshot.bin -rw-rw-r-- 1000/1000 957180 2022-04-01 06:33 ./usr/share/spotify/chrome_200_percent.pak -rw-rw-r-- 1000/1000 581336 2022-04-22 18:44 ./usr/share/spotify/libvulkan.so.1 drwxr-xr-x 1000/1000 0 2022-04-22 18:44 ./usr/share/spotify/locales/ -rw-rw-r-- 1000/1000 299910 2022-04-01 06:29 ./usr/share/spotify/locales/en-US.pak -rw-rw-r-- 1000/1000 351544 2022-04-01 06:48 ./usr/share/spotify/snapshot_blob.bin -rw-rw-r-- 1000/1000 6976573 2022-04-01 06:46 ./usr/share/spotify/resources.pak -rwxr-xr-x 1000/1000 70253192 2022-04-22 18:44 ./usr/share/spotify/spotify drwxr-xr-x 1000/1000 0 2022-04-22 18:44 ./usr/share/spotify/Apps/ -rw-r--r-- 1000/1000 1736814 2022-04-22 18:44 ./usr/share/spotify/Apps/login.spa -rw-r--r-- 1000/1000 4835700 2022-04-22 18:44 ./usr/share/spotify/Apps/xpui.spa drwxr-xr-x 1000/1000 0 2022-04-22 18:44 ./usr/bin/ lrwxrwxrwx 1000/1000 0 2022-04-22 18:44 ./usr/bin/spotify -> ../share/spotify/spotify ``` The data in the package is owned by UID 1000. That's a problem of the package created by Spotify. > So I would suggest reporting this issue to spotify and maybe also contacting Debian to let them know of the problem. No need to contact Debian, they have nothing to do with it. It's just an unusual third-party package. :)
gitea-mirror commented 2026-05-05 09:41:04 -06:00
Author
Owner
Copy link

@kmk3 commented on GitHub (Feb 2, 2023):

@reinerh on Jan 31:

The data in the package is owned by UID 1000. That's a problem of the package
created by Spotify.

Nice, thanks for debugging it.

So I would suggest reporting this issue to spotify and maybe also
contacting Debian to let them know of the problem.

No need to contact Debian, they have nothing to do with it. It's just an
unusual third-party package. :)

Well, even if it's not the fault of Debian, I think that raising the issue on a
Debian bug tracker/mailing list would help bring visibility to it, especially
considering that Spotify does not appear to have either for the main program
(only a forum).

And since this is a security/packaging issue in the .deb package of a popular
service, I think it's not too unlikely that enough people from Debian would be
annoyed enough by it (and that someone might already know how to fix it) to put
pressure on them to fix it quicker than otherwise.

<!-- gh-comment-id:1412945023 --> @kmk3 commented on GitHub (Feb 2, 2023): @reinerh [on Jan 31](https://github.com/netblue30/firejail/issues/5584#issuecomment-1409585219): > The data in the package is owned by UID 1000. That's a problem of the package > created by Spotify. Nice, thanks for debugging it. > > So I would suggest reporting this issue to spotify and maybe also > > contacting Debian to let them know of the problem. > > No need to contact Debian, they have nothing to do with it. It's just an > unusual third-party package. :) Well, even if it's not the fault of Debian, I think that raising the issue on a Debian bug tracker/mailing list would help bring visibility to it, especially considering that Spotify does not appear to have either for the main program (only a forum). And since this is a security/packaging issue in the .deb package of a popular service, I think it's not too unlikely that enough people from Debian would be annoyed enough by it (and that someone might already know how to fix it) to put pressure on them to fix it quicker than otherwise.
gitea-mirror commented 2026-05-05 09:41:05 -06:00
Author
Owner
Copy link

@aberja commented on GitHub (Feb 3, 2023):

So I would suggest reporting this issue to spotify

This matter has now been reported here: https://community.spotify.com/t5/Desktop-Linux/Incorrect-ownership-of-files-installed-by-deb-package/m-p/5499572

<!-- gh-comment-id:1416259038 --> @aberja commented on GitHub (Feb 3, 2023): > So I would suggest reporting this issue to spotify This matter has now been reported here: https://community.spotify.com/t5/Desktop-Linux/Incorrect-ownership-of-files-installed-by-deb-package/m-p/5499572
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#3035
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?