[GH-ISSUE #1140] Strange error when I use firejail with $HOME/.local for prefix

gitea-mirror commented

2026-05-05 06:40:08 -06:00

Owner

Originally created by @kadogo on GitHub (Mar 13, 2017).
Original GitHub issue: https://github.com/netblue30/firejail/issues/1140

Hello, I most all build and install my application in $HOME/.local so I did the same for firejail

./configure --prefix=$HOME.local
make
I need to use sudo withtout it I have an error about elevation privilege
sudo make install
I need to comment .local profile because they not exist
sed -e '/.local$/ s/^#*/#/' -i ~/.local/etc/firejail/*

It looked ok for me before I saw the next error.
ERROR: ld.so: object '/home/user/.local/lib/firejail/libtracelog.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.

I don't have this error if I use default prefix.
If I did something false in the build process let me know.

Thanks for you help.

Originally created by @kadogo on GitHub (Mar 13, 2017). Original GitHub issue: https://github.com/netblue30/firejail/issues/1140 Hello, I most all build and install my application in $HOME/.local so I did the same for firejail `./configure --prefix=$HOME.local` `make` I need to use sudo withtout it I have an error about elevation privilege `sudo make install` I need to comment .local profile because they not exist `sed -e '/.local$/ s/^#*/#/' -i ~/.local/etc/firejail/*` It looked ok for me before I saw the next error. ERROR: ld.so: object '/home/user/.local/lib/firejail/libtracelog.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored. I don't have this error if I use default prefix. If I did something false in the build process let me know. Thanks for you help.

gitea-mirror

2026-05-05 06:40:08 -06:00

closed this issue
added the
enhancement
label

gitea-mirror commented

2026-05-05 06:40:18 -06:00

Author

Owner

@netblue30 commented on GitHub (Mar 13, 2017):

I think you need a / in --prefix: ./configure --prefix=$HOME/.local
Without it, it will use /home/user.local as a prefix:

$ ./configure --prefix=$HOME.local
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables... 
[...]
Configuration options:
   prefix: /home/netblue.local
   sysconfdir: ${prefix}/etc
[...]

@netblue30 commented on GitHub (Mar 13, 2017): I think you need a / in --prefix: ./configure --prefix=$HOME/.local Without it, it will use /home/user.local as a prefix: ````` $ ./configure --prefix=$HOME.local checking for gcc... gcc checking whether the C compiler works... yes checking for C compiler default output file name... a.out checking for suffix of executables... [...] Configuration options: prefix: /home/netblue.local sysconfdir: ${prefix}/etc [...] `````

gitea-mirror commented

2026-05-05 06:40:20 -06:00

Author

Owner

@kadogo commented on GitHub (Mar 13, 2017):

Oups my bad
I did it good, I just missed copy paste here.

I did this
./configure --prefix=$HOME/.local

@kadogo commented on GitHub (Mar 13, 2017): Oups my bad I did it good, I just missed copy paste here. I did this `./configure --prefix=$HOME/.local`

gitea-mirror commented

2026-05-05 06:40:23 -06:00

Author

Owner

@netblue30 commented on GitHub (Mar 14, 2017):

I got it:

$ ~/.local/bin/firejail 
Reading profile /home/netblue/.local/etc/firejail/default.profile
Reading profile /home/netblue/.local/etc/firejail/disable-common.inc
Error: cannot open profile file /home/netblue/.local/etc/firejail/disable-common.local
$

Thanks for the bug!

@netblue30 commented on GitHub (Mar 14, 2017): I got it: ````` $ ~/.local/bin/firejail Reading profile /home/netblue/.local/etc/firejail/default.profile Reading profile /home/netblue/.local/etc/firejail/disable-common.inc Error: cannot open profile file /home/netblue/.local/etc/firejail/disable-common.local $ ````` Thanks for the bug!

gitea-mirror commented

2026-05-05 06:40:25 -06:00

Author

Owner

@kadogo commented on GitHub (Mar 14, 2017):

A workaround is to comment it with this line.
sed -e '/.local$/ s/^#*/#/' -i ~/.local/etc/firejail/*

But it's more about the next error that I don't know if it's related or not.
I forgot to say, I had the error when I run

firejail --private firefox

@kadogo commented on GitHub (Mar 14, 2017): A workaround is to comment it with this line. `sed -e '/.local$/ s/^#*/#/' -i ~/.local/etc/firejail/*` But it's more about the next error that I don't know if it's related or not. I forgot to say, I had the error when I run `firejail --private firefox`

gitea-mirror commented

2026-05-05 06:40:28 -06:00

Author

Owner

@netblue30 commented on GitHub (Mar 14, 2017):

Fixed!

@netblue30 commented on GitHub (Mar 14, 2017): Fixed!

gitea-mirror commented

2026-05-05 06:40:30 -06:00

Author

Owner

@kadogo commented on GitHub (Mar 14, 2017):

I confirm it's ok for the error about the profile.

But it look that these is not fix:
ERROR: ld.so: object '/home/user/.local/lib/firejail/libtracelog.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.

I don't have this error if I build it with the default prefix.

@kadogo commented on GitHub (Mar 14, 2017): I confirm it's ok for the error about the profile. But it look that these is not fix: ERROR: ld.so: object '/home/user/.local/lib/firejail/libtracelog.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored. I don't have this error if I build it with the default prefix.

gitea-mirror commented

2026-05-05 06:40:33 -06:00

Author

Owner

@netblue30 commented on GitHub (Mar 15, 2017):

It seems to be working fine:

l$ /home/netblue/.local/bin/firejail --tracelog
Reading profile /home/netblue/.local/etc/firejail/default.profile
Reading profile /home/netblue/.local/etc/firejail/disable-common.inc
Reading profile /home/netblue/.local/etc/firejail/disable-programs.inc
Reading profile /home/netblue/.local/etc/firejail/disable-passwdmgr.inc

** Note: you can use --noprofile to disable default.profile **

Parent pid 7061, child pid 7062
Warning: you are not allowed to change /home/netblue/.local/share to read-write
Blacklist violations are logged to syslog
Child process initialized
$ cat /etc/ld.so.preload
/home/netblue/.local/lib/firejail/libtracelog.so
$ ls ~/.local/lib/firejail
faudit             fix_private-bin.py  fseccomp        seccomp
fcopy              fjclip.py           fshaper.sh      seccomp.amd64
fgit-install.sh    fjdisplay.py        ftee            seccomp.debug
fgit-uninstall.sh  fjresize.py         libtracelog.so  seccomp.i386
firecfg.config     fnet                libtrace.so

@netblue30 commented on GitHub (Mar 15, 2017): It seems to be working fine: ````` l$ /home/netblue/.local/bin/firejail --tracelog Reading profile /home/netblue/.local/etc/firejail/default.profile Reading profile /home/netblue/.local/etc/firejail/disable-common.inc Reading profile /home/netblue/.local/etc/firejail/disable-programs.inc Reading profile /home/netblue/.local/etc/firejail/disable-passwdmgr.inc ** Note: you can use --noprofile to disable default.profile ** Parent pid 7061, child pid 7062 Warning: you are not allowed to change /home/netblue/.local/share to read-write Blacklist violations are logged to syslog Child process initialized $ cat /etc/ld.so.preload /home/netblue/.local/lib/firejail/libtracelog.so $ ls ~/.local/lib/firejail faudit fix_private-bin.py fseccomp seccomp fcopy fjclip.py fshaper.sh seccomp.amd64 fgit-install.sh fjdisplay.py ftee seccomp.debug fgit-uninstall.sh fjresize.py libtracelog.so seccomp.i386 firecfg.config fnet libtrace.so `````

gitea-mirror commented

2026-05-05 06:40:37 -06:00

Author

Owner

@kadogo commented on GitHub (Mar 15, 2017):

If I do the same command as you it's ok.
But with chromium it make the next errors.
I use a Debian Jessie x64 in case it can help.

~/.local/bin/firejail --tracelog chromium
Reading profile /home/user/.local/etc/firejail/chromium.profile
Reading profile /home/user/.local/etc/firejail/disable-common.inc
Reading profile /home/user/.local/etc/firejail/disable-programs.inc
Reading profile /home/user/.local/etc/firejail/whitelist-common.inc
Parent pid 10886, child pid 10887
Blacklist violations are logged to syslog
Child process initialized
ERROR: ld.so: object '/home/user/.local/lib/firejail/libtracelog.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
...
[7:7:0315/132757.401633:ERROR:background_mode_manager_aura.cc(13)] Not implemented reached in virtual void BackgroundModeManager::EnableLaunchOnStartup(bool)
ERROR: ld.so: object '/home/user/.local/lib/firejail/libtracelog.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
...
[106:106:0315/132804.418462:ERROR:sandbox_linux.cc(343)] InitializeSandbox() called with multiple threads in process gpu-process.

@kadogo commented on GitHub (Mar 15, 2017): If I do the same command as you it's ok. But with chromium it make the next errors. I use a Debian Jessie x64 in case it can help. ~/.local/bin/firejail --tracelog chromium Reading profile /home/user/.local/etc/firejail/chromium.profile Reading profile /home/user/.local/etc/firejail/disable-common.inc Reading profile /home/user/.local/etc/firejail/disable-programs.inc Reading profile /home/user/.local/etc/firejail/whitelist-common.inc Parent pid 10886, child pid 10887 Blacklist violations are logged to syslog Child process initialized ERROR: ld.so: object '/home/user/.local/lib/firejail/libtracelog.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored. ... [7:7:0315/132757.401633:ERROR:background_mode_manager_aura.cc(13)] Not implemented reached in virtual void BackgroundModeManager::EnableLaunchOnStartup(bool) ERROR: ld.so: object '/home/user/.local/lib/firejail/libtracelog.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored. ... [106:106:0315/132804.418462:ERROR:sandbox_linux.cc(343)] InitializeSandbox() called with multiple threads in process gpu-process.

gitea-mirror commented

2026-05-05 06:40:40 -06:00

Author

Owner

@netblue30 commented on GitHub (Mar 16, 2017):

The problem is specific to Chromium, I am getting it on Debian stable installed using the regular prefix. Probably Chrome sandbox disables most files in the filesystem, and when they start the process in the sandbox, the process cannot load the library.

@netblue30 commented on GitHub (Mar 16, 2017): The problem is specific to Chromium, I am getting it on Debian stable installed using the regular prefix. Probably Chrome sandbox disables most files in the filesystem, and when they start the process in the sandbox, the process cannot load the library.

gitea-mirror commented

2026-05-05 06:40:41 -06:00

Author

Owner

@kadogo commented on GitHub (Mar 16, 2017):

I just tried it with firefox-esr of Debian because I use normaly firefox nightly and I have the same error.

firejail --private /usr/bin/firefox-esr
Reading profile /home/user/.local/etc/firejail/firefox-esr.profile
Reading profile /home/user/.local/etc/firejail/firefox.profile
Reading profile /home/user/.local/etc/firejail/disable-common.inc
Reading profile /home/user/.local/etc/firejail/disable-programs.inc
Reading profile /home/user/.local/etc/firejail/disable-devel.inc
Reading profile /home/user/.local/etc/firejail/whitelist-common.inc
Parent pid 29407, child pid 29408

*** Warning: cannot whitelist Downloads directory
*** Any file saved will be lost when the sandbox is closed.
*** Please create a proper Downloads directory for your application.

Blacklist violations are logged to syslog
Child process initialized
ERROR: ld.so: object '/home/user/.local/lib/firejail/libtracelog.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
ERROR: ld.so: object '/home/user/.local/lib/firejail/libtracelog.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.

Sorry to bother you with this error, now if you say it's nothing really bad it's ok to let it so.
I prefer to ask to be sure.

@kadogo commented on GitHub (Mar 16, 2017): I just tried it with firefox-esr of Debian because I use normaly firefox nightly and I have the same error. firejail --private /usr/bin/firefox-esr Reading profile /home/user/.local/etc/firejail/firefox-esr.profile Reading profile /home/user/.local/etc/firejail/firefox.profile Reading profile /home/user/.local/etc/firejail/disable-common.inc Reading profile /home/user/.local/etc/firejail/disable-programs.inc Reading profile /home/user/.local/etc/firejail/disable-devel.inc Reading profile /home/user/.local/etc/firejail/whitelist-common.inc Parent pid 29407, child pid 29408 *** *** Warning: cannot whitelist Downloads directory *** Any file saved will be lost when the sandbox is closed. *** Please create a proper Downloads directory for your application. *** Blacklist violations are logged to syslog Child process initialized ERROR: ld.so: object '/home/user/.local/lib/firejail/libtracelog.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored. ERROR: ld.so: object '/home/user/.local/lib/firejail/libtracelog.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored. Sorry to bother you with this error, now if you say it's nothing really bad it's ok to let it so. I prefer to ask to be sure.

gitea-mirror commented

2026-05-05 06:40:42 -06:00

Author

Owner

@netblue30 commented on GitHub (Mar 18, 2017):

Actually I like your examples. This particular one with Firefox explains what's going on: by the time Firefox starts and tries to load in libracelog.so, the sandbox already removed all the directories from user home with the exception of ~/Downloads and ~/.mozilla.

You would need to whitelist ~/.local:

$ mkdir ~/.config/firejail
$ cp /etc/firejail/firefox-esr.profile ~/.config/firejail/.
$ echo "whitelist ~/.local" >> ~/.config/firejail/firefox-esr.profile

I'll try to put some fix in.

@netblue30 commented on GitHub (Mar 18, 2017): Actually I like your examples. This particular one with Firefox explains what's going on: by the time Firefox starts and tries to load in libracelog.so, the sandbox already removed all the directories from user home with the exception of ~/Downloads and ~/.mozilla. You would need to whitelist ~/.local: ````` $ mkdir ~/.config/firejail $ cp /etc/firejail/firefox-esr.profile ~/.config/firejail/. $ echo "whitelist ~/.local" >> ~/.config/firejail/firefox-esr.profile ````` I'll try to put some fix in.

gitea-mirror commented

2026-05-05 06:40:44 -06:00

Author

Owner

@kadogo commented on GitHub (Mar 19, 2017):

I tried to whitelist ~/.local like you said but it seem that the problem is still there.

firejail --private firefox-esr
Reading profile /home/user/.config/firejail/firefox-esr.profile
Reading profile /home/user/.local/etc/firejail/firefox.profile
Reading profile /home/user/.local/etc/firejail/disable-common.inc
Reading profile /home/user/.local/etc/firejail/disable-programs.inc
Reading profile /home/user/.local/etc/firejail/disable-devel.inc
Reading profile /home/user/.local/etc/firejail/whitelist-common.inc
Parent pid 15669, child pid 15670

*** Warning: cannot whitelist Downloads directory
*** Any file saved will be lost when the sandbox is closed.
*** Please create a proper Downloads directory for your application.

Blacklist violations are logged to syslog
Child process initialized
ERROR: ld.so: object '/home/user/.local/lib/firejail/libtracelog.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
ERROR: ld.so: object '/home/user/.local/lib/firejail/libtracelog.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.

@kadogo commented on GitHub (Mar 19, 2017): I tried to whitelist ~/.local like you said but it seem that the problem is still there. firejail --private firefox-esr Reading profile /home/user/.config/firejail/firefox-esr.profile Reading profile /home/user/.local/etc/firejail/firefox.profile Reading profile /home/user/.local/etc/firejail/disable-common.inc Reading profile /home/user/.local/etc/firejail/disable-programs.inc Reading profile /home/user/.local/etc/firejail/disable-devel.inc Reading profile /home/user/.local/etc/firejail/whitelist-common.inc Parent pid 15669, child pid 15670 *** *** Warning: cannot whitelist Downloads directory *** Any file saved will be lost when the sandbox is closed. *** Please create a proper Downloads directory for your application. *** Blacklist violations are logged to syslog Child process initialized ERROR: ld.so: object '/home/user/.local/lib/firejail/libtracelog.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored. ERROR: ld.so: object '/home/user/.local/lib/firejail/libtracelog.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.

gitea-mirror commented

2026-05-05 06:40:47 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (Aug 19, 2018):

Is this still an issue?

@chiraag-nataraj commented on GitHub (Aug 19, 2018): Is this still an issue?

gitea-mirror commented

2026-05-05 06:40:50 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (Aug 22, 2018):

Closing for inactivity. @kadogo, please feel free to re-open if you still have this issue.

@chiraag-nataraj commented on GitHub (Aug 22, 2018): Closing for inactivity. @kadogo, please feel free to re-open if you still have this issue.

gitea-mirror commented

2026-05-05 06:40:52 -06:00

Author

Owner

@kadogo commented on GitHub (Aug 23, 2018):

It's not completely the same.

I just tried to compile it and I have the following error

$ .local/bin/firejail firefox-esr
Reading profile /home/user/.local/etc/firejail/firefox-esr.profile
Reading profile /home/user/.local/etc/firejail/firefox.profile
Reading profile /home/user/.local/etc/firejail/firefox-common.profile
Reading profile /home/user/.local/etc/firejail/disable-common.inc
Reading profile /home/user/.local/etc/firejail/disable-devel.inc
Reading profile /home/user/.local/etc/firejail/disable-interpreters.inc
Reading profile /home/user/.local/etc/firejail/disable-programs.inc
Reading profile /home/user/.local/etc/firejail/whitelist-common.inc
Reading profile /home/user/.local/etc/firejail/whitelist-var-common.inc
Parent pid 14995, child pid 14996
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Post-exec seccomp protector enabled
execvp: No such file or directory
Error: failed to run /home/user/.local/lib/firejail/fseccomp
Error: proc 14995 cannot sync with peer: unexpected EOF
Peer 14996 unexpectedly exited with status 1

I just clone the git, did a ./configure --prefix $HOME/.local and sudo make install before testing with firefox-esr.

Cheers.

@kadogo commented on GitHub (Aug 23, 2018): It's not completely the same. I just tried to compile it and I have the following error ``` $ .local/bin/firejail firefox-esr Reading profile /home/user/.local/etc/firejail/firefox-esr.profile Reading profile /home/user/.local/etc/firejail/firefox.profile Reading profile /home/user/.local/etc/firejail/firefox-common.profile Reading profile /home/user/.local/etc/firejail/disable-common.inc Reading profile /home/user/.local/etc/firejail/disable-devel.inc Reading profile /home/user/.local/etc/firejail/disable-interpreters.inc Reading profile /home/user/.local/etc/firejail/disable-programs.inc Reading profile /home/user/.local/etc/firejail/whitelist-common.inc Reading profile /home/user/.local/etc/firejail/whitelist-var-common.inc Parent pid 14995, child pid 14996 Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Post-exec seccomp protector enabled execvp: No such file or directory Error: failed to run /home/user/.local/lib/firejail/fseccomp Error: proc 14995 cannot sync with peer: unexpected EOF Peer 14996 unexpectedly exited with status 1 ``` I just clone the git, did a ./configure --prefix $HOME/.local and sudo make install before testing with firefox-esr. Cheers.

gitea-mirror commented

2026-05-05 06:40:54 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (Aug 23, 2018):

Reopening!

@chiraag-nataraj commented on GitHub (Aug 23, 2018): Reopening!

gitea-mirror commented

2026-05-05 06:40:56 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (Aug 23, 2018):

.local/bin/firejail --whitelist=~/.local firefox-esr worked for me with the stock firefox-esr profile from git.

@chiraag-nataraj commented on GitHub (Aug 23, 2018): `.local/bin/firejail --whitelist=~/.local firefox-esr` worked for me with the stock firefox-esr profile from git.

gitea-mirror commented

2026-05-05 06:40:58 -06:00

Author

Owner

@kadogo commented on GitHub (Aug 23, 2018):

It's true I forgot .local must be whitelist

I only have a warning but I think it's normal

Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.

So I think It may be closed again (sorry)

@kadogo commented on GitHub (Aug 23, 2018): It's true I forgot .local must be whitelist I only have a warning but I think it's normal ``` Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. ``` So I think It may be closed again (sorry)

gitea-mirror commented

2026-05-05 06:41:01 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (Aug 23, 2018):

Yeah, that warning is normal.

No worries! 🙂

@chiraag-nataraj commented on GitHub (Aug 23, 2018): Yeah, that warning is normal. No worries! :slightly_smiling_face:

Rows
Columns

[GH-ISSUE #1140] Strange error when I use firejail with $HOME/.local for prefix #787