[GH-ISSUE #6745] build: fnettrace: cannot execute binary file (cross-compilation) #3357

New issue

Open

opened 2026-05-05 09:56:17 -06:00 by gitea-mirror · 7 comments

gitea-mirror commented 2026-05-05 09:56:17 -06:00

Owner

Copy link

Originally created by @lamar-studio on GitHub (May 8, 2025).
Original GitHub issue: https://github.com/netblue30/firejail/issues/6745

Description

Hello, I'd like to report an issue. While cross-compiling for the ARM64 architecture on Ubuntu_x86, I encountered the following error:

/bin/sh: ../.../.../src/fnettrace/fnettrace: cannot execute binary file  
make[1]: *** [static-ip-map] Error 126  
make[1]: Leaving directory `/data1/linzaorong/linzr/c6c/firejail-0.9.74/src/fnettrace'  
make: *** [src/fnettrace/fnettrace] Error 2  

The root cause is that fnettrace was compiled as an ARM64 binary, which cannot run directly on the Ubuntu_x86 host. Similar issues occurred later during the compilation process (e.g., attempting to execute ARM64 binaries generated during compilation). How should such issues be resolved?

Environment

• Name/version/arch of the Linux kernel (uname -srm): Linux 5.15.0-139-generic x86_64
• Name/version of the Linux distribution (e.g. "Ubuntu 20.04" or "Arch Linux"): Ubuntu 20.04.6 LTS

Originally created by @lamar-studio on GitHub (May 8, 2025). Original GitHub issue: https://github.com/netblue30/firejail/issues/6745 ### Description Hello, I'd like to report an issue. While cross-compiling for the ARM64 architecture on Ubuntu_x86, I encountered the following error: ``` /bin/sh: ../.../.../src/fnettrace/fnettrace: cannot execute binary file make[1]: *** [static-ip-map] Error 126 make[1]: Leaving directory `/data1/linzaorong/linzr/c6c/firejail-0.9.74/src/fnettrace' make: *** [src/fnettrace/fnettrace] Error 2 ``` The root cause is that `fnettrace` was compiled as an ARM64 binary, which cannot run directly on the Ubuntu_x86 host. Similar issues occurred later during the compilation process (e.g., attempting to execute ARM64 binaries generated during compilation). How should such issues be resolved? ### Environment - Name/version/arch of the Linux kernel (`uname -srm`): Linux 5.15.0-139-generic x86_64 - Name/version of the Linux distribution (e.g. "Ubuntu 20.04" or "Arch Linux"): Ubuntu 20.04.6 LTS

gitea-mirror added the

bug

needinfo

labels 2026-05-05 09:56:17 -06:00

gitea-mirror commented 2026-05-05 09:56:18 -06:00

Author

Owner

Copy link

@kmk3 commented on GitHub (May 8, 2025):

Hello, I'd like to report an issue. While cross-compiling for the ARM64
architecture on Ubuntu_x86, I encountered the following error:

/bin/sh: ../.../.../src/fnettrace/fnettrace: cannot execute binary file  
make[1]: *** [static-ip-map] Error 126  
make[1]: Leaving directory `/data1/linzaorong/linzr/c6c/firejail-0.9.74/src/fnettrace'  
make: *** [src/fnettrace/fnettrace] Error 2  

The root cause is that fnettrace was compiled as an ARM64 binary, which
cannot run directly on the Ubuntu_x86 host.

This is likely because fnettrace is used to build static-ip-map:

• https://github.com/netblue30/firejail/blob/0d8973638cbf75a3a6d3d29a6dcc5c14541e3748/src/fnettrace/Makefile#L14-L16

Similar issues occurred later during the compilation process (e.g.,
attempting to execute ARM64 binaries generated during compilation).

That is not clear from the log provided.

Please post the full configure/make build logs and the missing environment
items from the build issue template:

• https://github.com/netblue30/firejail/issues/new?template=build_issue.md

How should such issues be resolved?

Maybe we could add a configure option to disable building fnettrace.

<!-- gh-comment-id:2862141496 --> @kmk3 commented on GitHub (May 8, 2025): > Hello, I'd like to report an issue. While cross-compiling for the ARM64 > architecture on Ubuntu_x86, I encountered the following error: > > ``` > /bin/sh: ../.../.../src/fnettrace/fnettrace: cannot execute binary file > make[1]: *** [static-ip-map] Error 126 > make[1]: Leaving directory `/data1/linzaorong/linzr/c6c/firejail-0.9.74/src/fnettrace' > make: *** [src/fnettrace/fnettrace] Error 2 > ``` > > The root cause is that `fnettrace` was compiled as an ARM64 binary, which > cannot run directly on the Ubuntu_x86 host. This is likely because `fnettrace` is used to build `static-ip-map`: * <https://github.com/netblue30/firejail/blob/0d8973638cbf75a3a6d3d29a6dcc5c14541e3748/src/fnettrace/Makefile#L14-L16> > Similar issues occurred later during the compilation process (e.g., > attempting to execute ARM64 binaries generated during compilation). That is not clear from the log provided. Please post the full configure/make build logs and the missing environment items from the build issue template: * <https://github.com/netblue30/firejail/issues/new?template=build_issue.md> > How should such issues be resolved? Maybe we could add a configure option to disable building `fnettrace`.

gitea-mirror commented 2026-05-05 09:56:19 -06:00

Author

Owner

Copy link

@lamar-studio commented on GitHub (May 22, 2025):

When performing cross-compilation on Ubuntu, technical challenges may emerge due to the execution of binaries targeting different architectures during the compilation process. To address this, it would be advisable to refine the compilation scripts to ensure proper cross-platform compatibility.

For instance, the code snippet shown below cannot be executed. Other similar scenarios may require cross-compilation environments that involve rigorous stress testing.

diff --git a/Makefile b/Makefile
index e18749c..a61c888 100644
--- a/Makefile
+++ b/Makefile
@@ -83,31 +83,31 @@ strip: all
 .PHONY: filters
 filters: $(SECCOMP_FILTERS)
 seccomp: src/fseccomp/fseccomp src/fsec-optimize/fsec-optimize Makefile
-       src/fseccomp/fseccomp default seccomp
-       src/fsec-optimize/fsec-optimize seccomp
+#      src/fseccomp/fseccomp default seccomp
+#      src/fsec-optimize/fsec-optimize seccomp

 seccomp.debug: src/fseccomp/fseccomp src/fsec-optimize/fsec-optimize Makefile
-       src/fseccomp/fseccomp default seccomp.debug allow-debuggers
-       src/fsec-optimize/fsec-optimize seccomp.debug
+#      src/fseccomp/fseccomp default seccomp.debug allow-debuggers
+#      src/fsec-optimize/fsec-optimize seccomp.debug

 seccomp.32: src/fseccomp/fseccomp src/fsec-optimize/fsec-optimize Makefile
-       src/fseccomp/fseccomp secondary 32 seccomp.32
-       src/fsec-optimize/fsec-optimize seccomp.32
+#      src/fseccomp/fseccomp secondary 32 seccomp.32
+#      src/fsec-optimize/fsec-optimize seccomp.32

 seccomp.block_secondary: src/fseccomp/fseccomp Makefile
-       src/fseccomp/fseccomp secondary block seccomp.block_secondary
+#      src/fseccomp/fseccomp secondary block seccomp.block_secondary

 seccomp.mdwx: src/fseccomp/fseccomp Makefile
-       src/fseccomp/fseccomp memory-deny-write-execute seccomp.mdwx
+#      src/fseccomp/fseccomp memory-deny-write-execute seccomp.mdwx

 seccomp.mdwx.32: src/fseccomp/fseccomp Makefile
-       src/fseccomp/fseccomp memory-deny-write-execute.32 seccomp.mdwx.32
+#      src/fseccomp/fseccomp memory-deny-write-execute.32 seccomp.mdwx.32

 seccomp.namespaces: src/fseccomp/fseccomp Makefile
-       src/fseccomp/fseccomp restrict-namespaces seccomp.namespaces cgroup,ipc,net,mnt,pid,time,user,uts
+#      src/fseccomp/fseccomp restrict-namespaces seccomp.namespaces cgroup,ipc,net,mnt,pid,time,user,uts

 seccomp.namespaces.32: src/fseccomp/fseccomp Makefile
-       src/fseccomp/fseccomp restrict-namespaces seccomp.namespaces.32 cgroup,ipc,net,mnt,pid,time,user,uts
+#      src/fseccomp/fseccomp restrict-namespaces seccomp.namespaces.32 cgroup,ipc,net,mnt,pid,time,user,uts

 .PHONY: man
 man:

<!-- gh-comment-id:2900004510 --> @lamar-studio commented on GitHub (May 22, 2025): When performing cross-compilation on Ubuntu, technical challenges may emerge due to the execution of binaries targeting different architectures during the compilation process. To address this, it would be advisable to refine the compilation scripts to ensure proper cross-platform compatibility. For instance, the code snippet shown below cannot be executed. Other similar scenarios may require cross-compilation environments that involve rigorous stress testing. ``` diff --git a/Makefile b/Makefile index e18749c..a61c888 100644 --- a/Makefile +++ b/Makefile @@ -83,31 +83,31 @@ strip: all .PHONY: filters filters: $(SECCOMP_FILTERS) seccomp: src/fseccomp/fseccomp src/fsec-optimize/fsec-optimize Makefile - src/fseccomp/fseccomp default seccomp - src/fsec-optimize/fsec-optimize seccomp +# src/fseccomp/fseccomp default seccomp +# src/fsec-optimize/fsec-optimize seccomp seccomp.debug: src/fseccomp/fseccomp src/fsec-optimize/fsec-optimize Makefile - src/fseccomp/fseccomp default seccomp.debug allow-debuggers - src/fsec-optimize/fsec-optimize seccomp.debug +# src/fseccomp/fseccomp default seccomp.debug allow-debuggers +# src/fsec-optimize/fsec-optimize seccomp.debug seccomp.32: src/fseccomp/fseccomp src/fsec-optimize/fsec-optimize Makefile - src/fseccomp/fseccomp secondary 32 seccomp.32 - src/fsec-optimize/fsec-optimize seccomp.32 +# src/fseccomp/fseccomp secondary 32 seccomp.32 +# src/fsec-optimize/fsec-optimize seccomp.32 seccomp.block_secondary: src/fseccomp/fseccomp Makefile - src/fseccomp/fseccomp secondary block seccomp.block_secondary +# src/fseccomp/fseccomp secondary block seccomp.block_secondary seccomp.mdwx: src/fseccomp/fseccomp Makefile - src/fseccomp/fseccomp memory-deny-write-execute seccomp.mdwx +# src/fseccomp/fseccomp memory-deny-write-execute seccomp.mdwx seccomp.mdwx.32: src/fseccomp/fseccomp Makefile - src/fseccomp/fseccomp memory-deny-write-execute.32 seccomp.mdwx.32 +# src/fseccomp/fseccomp memory-deny-write-execute.32 seccomp.mdwx.32 seccomp.namespaces: src/fseccomp/fseccomp Makefile - src/fseccomp/fseccomp restrict-namespaces seccomp.namespaces cgroup,ipc,net,mnt,pid,time,user,uts +# src/fseccomp/fseccomp restrict-namespaces seccomp.namespaces cgroup,ipc,net,mnt,pid,time,user,uts seccomp.namespaces.32: src/fseccomp/fseccomp Makefile - src/fseccomp/fseccomp restrict-namespaces seccomp.namespaces.32 cgroup,ipc,net,mnt,pid,time,user,uts +# src/fseccomp/fseccomp restrict-namespaces seccomp.namespaces.32 cgroup,ipc,net,mnt,pid,time,user,uts .PHONY: man man: ```

gitea-mirror commented 2026-05-05 09:56:20 -06:00

Author

Owner

Copy link

@kmk3 commented on GitHub (May 22, 2025):

When performing cross-compilation on Ubuntu, technical challenges may emerge
due to the execution of binaries targeting different architectures during the
compilation process. To address this, it would be advisable to refine the
compilation scripts to ensure proper cross-platform compatibility.

For instance, the code snippet shown below cannot be executed. Other similar
scenarios may require cross-compilation environments that involve rigorous
stress testing.

This sounds like AI-generated slop and adds nothing new.

So what is your point?

Did you actually read the previous comment?

<!-- gh-comment-id:2900583382 --> @kmk3 commented on GitHub (May 22, 2025): > When performing cross-compilation on Ubuntu, technical challenges may emerge > due to the execution of binaries targeting different architectures during the > compilation process. To address this, it would be advisable to refine the > compilation scripts to ensure proper cross-platform compatibility. > > For instance, the code snippet shown below cannot be executed. Other similar > scenarios may require cross-compilation environments that involve rigorous > stress testing. This sounds like AI-generated slop and adds nothing new. So what is your point? Did you actually read the previous comment?

gitea-mirror commented 2026-05-05 09:56:20 -06:00

Author

Owner

Copy link

@lamar-studio commented on GitHub (May 22, 2025):

What I meant to say is that you can verify this issue yourself using a cross-compilation environment - the problem is 100% reproducible.

<!-- gh-comment-id:2900596961 --> @lamar-studio commented on GitHub (May 22, 2025): What I meant to say is that you can verify this issue yourself using a cross-compilation environment - the problem is 100% reproducible.

gitea-mirror commented 2026-05-05 09:56:21 -06:00

Author

Owner

Copy link

@kmk3 commented on GitHub (May 22, 2025):

What I meant to say is that you can verify this issue yourself using a
cross-compilation environment - the problem is 100% reproducible.

That already seemed to be the case.

See this comment:

• https://github.com/netblue30/firejail/issues/6745#issuecomment-2862141496

<!-- gh-comment-id:2900623553 --> @kmk3 commented on GitHub (May 22, 2025): > What I meant to say is that you can verify this issue yourself using a > cross-compilation environment - the problem is 100% reproducible. That already seemed to be the case. See this comment: * <https://github.com/netblue30/firejail/issues/6745#issuecomment-2862141496>

gitea-mirror commented 2026-05-05 09:56:21 -06:00

Author

Owner

Copy link

@lamar-studio commented on GitHub (May 22, 2025):

What I meant to say is that you can verify this issue yourself using a
cross-compilation environment - the problem is 100% reproducible.

That already seemed to be the case.

See this comment:

• build: fnettrace: cannot execute binary file (cross-compilation) #6745 (comment)

Thank you for your response. Additionally, I'd like to ask whether the latest version of Firejail supports physical memory limitations. The --rlimit-as option seems to restrict virtual memory instead.

ref：https://github.com/netblue30/firejail/discussions/6757

<!-- gh-comment-id:2900643834 --> @lamar-studio commented on GitHub (May 22, 2025): > > What I meant to say is that you can verify this issue yourself using a > > cross-compilation environment - the problem is 100% reproducible. > > That already seemed to be the case. > > See this comment: > > * [build: fnettrace: cannot execute binary file (cross-compilation) #6745 (comment)](https://github.com/netblue30/firejail/issues/6745#issuecomment-2862141496) Thank you for your response. Additionally, I'd like to ask whether the latest version of Firejail supports physical memory limitations. The --rlimit-as option seems to restrict virtual memory instead. ref：https://github.com/netblue30/firejail/discussions/6757

gitea-mirror commented 2026-05-05 09:56:21 -06:00

Author

Owner

Copy link

@kmk3 commented on GitHub (May 22, 2025):

Thank you for your response.

No problem.

Additionally, I'd like to ask whether the latest version of Firejail supports
physical memory limitations. The --rlimit-as option seems to restrict virtual
memory instead.

ref：#6757

That was already asked and anyone can see and reply to it if they know the
answer.

There is no point in talking about it in unrelated issues.

<!-- gh-comment-id:2900707873 --> @kmk3 commented on GitHub (May 22, 2025): > Thank you for your response. No problem. > Additionally, I'd like to ask whether the latest version of Firejail supports > physical memory limitations. The --rlimit-as option seems to restrict virtual > memory instead. > > ref：[#6757](https://github.com/netblue30/firejail/discussions/6757) That was already asked and anyone can see and reply to it if they know the answer. There is no point in talking about it in unrelated issues.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

serialize_remounts_v2

landlock_v4

landlock

release-0.9.64

release-0.9.62

gitlab_ci

LTSbase

fred_ctests

docs

0.9.80

0.9.80-rc1

0.9.78

0.9.76

0.9.76-rc4

0.9.76-rc3

0.9.76-rc2

0.9.76-rc1

0.9.74

landlock-split

0.9.72

0.9.72rc1

0.9.70

0.9.68

0.9.68rc1

0.9.66

0.9.66rc1

0.9.64.4

0.9.64.2

0.9.64

0.9.64rc1

0.9.62.4

0.9.62.2

0.9.62

0.9.56.2-LTS

0.9.60

0.9.60-rc1

0.9.58.2

0.9.58

0.9.58-rc1

0.9.56-LTS-release

0.9.56-LTS

0.9.56

0.9.56-rc1

0.9.54

0.9.54-rc2

0.9.54-rc1

0.9.52

0.9.38.12

0.9.50

0.9.50-rc1

0.9.48

0.9.46

0.9.46-rc1

0.9.44.10

0.9.44.8

0.9.44.6

0.9.38.10

0.9.44.4

0.9.38.8

0.9.44.2

0.9.44

0.9.44-rc1

0.9.38.4

0.9.42

0.9.42-rc2

0.9.38.2

0.9.42-rc1

disable-globalcfg

0.9.40

0.9.40-rc1

0.9.38

0.9.38-rc1

0.9.36

0.9.36-rc1

0.9.34

0.9.34-rc1

0.9.32

0.9.32-rc1

0.9.30

0.9.30-rc1

Labels

Clear labels   

LTS merge

  

LTS merge

  

bug

  

bug

  

converted-to-discussion

  

doc-todo

  

documentation

  

duplicate

  

enhancement

  

file-transfer

  

firecfg

  

firejail-in-firejail

  

firetools

  

graphics

  

help wanted

  

information_old

  

installation

  

invalid

  

modif

  

moved

  

needinfo

  

networking

  

notabug

  

notourbug

  

old-version

  

overlayfs

  

packaging

  

profile-request

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question_old

  

removal

  

runtime-permissions

  

sandbox-ipc

  

security

  

stale

  

wiki

  

wiki

  

wontfix

  

wordpress

  

workaround

No labels

LTS merge

LTS merge

bug

bug

converted-to-discussion

doc-todo

documentation

duplicate

enhancement

file-transfer

firecfg

firejail-in-firejail

firetools

graphics

help wanted

information_old

installation

invalid

modif

moved

needinfo

networking

notabug

notourbug

old-version

overlayfs

packaging

profile-request

pull-request

question

question_old

removal

runtime-permissions

sandbox-ipc

security

stale

wiki

wiki

wontfix

wordpress

workaround

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#3357

No description provided.