spotify: Failed to load libGL.so.1

[legg33]

Since the last update on ubuntu (firejail version 0.9.46) spotify does not start anymore with the default firecfg.

When running spotify from the terminal I get the following output:

$ spotify
Reading profile /etc/firejail/spotify.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Parent pid 23546, child pid 23547
Child process initialized in 31.88 ms
[0523/170219:ERROR:main_delegate.cc(752)] Could not load cef_extensions.pak
[0523/170219:ERROR:main_delegate.cc(752)] Could not load cef_extensions.pak
[0523/170219:ERROR:gl_implementation.cc(223)] Failed to load libGL.so.1: libGL.so.1: cannot open shared object file: No such file or directory

After running

firecfg --clean

or just deleting the symlink for spotify in /usr/local/bin everything works as expected again.

[Fred-Barclay]

Hi @marvingee What distro are you using?

After deleting the symlink for spotify, does firejail spotify work?

[legg33]

I am using Ubuntu MATE 17.04.

No, firejail spotify does result in the same error.

[Fred-Barclay]

Can you copy this to ~/.config/firejail/spotify.profile and try running firejail spotify again?

# Persistent global definitions go here
include /etc/firejail/globals.local

# This file is overwritten during software install.
# Persistent customizations should go in a .local file.
include /etc/firejail/spotify.local

# Spotify media player profile
noblacklist ${HOME}/.config/spotify
noblacklist ${HOME}/.cache/spotify
noblacklist ${HOME}/.local/share/spotify
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-devel.inc
include /etc/firejail/disable-passwdmgr.inc

# Whitelist the folders needed by Spotify
mkdir ${HOME}/.config/spotify
whitelist ${HOME}/.config/spotify
mkdir ${HOME}/.local/share/spotify
whitelist ${HOME}/.local/share/spotify
mkdir ${HOME}/.cache/spotify
whitelist ${HOME}/.cache/spotify

caps.drop all
netfilter
nogroups
nonewprivs
noroot
protocol unix,inet,inet6,netlink
seccomp
shell none

noexec ${HOME}
noexec /tmp

private-bin spotify,bash,sh
private-etc fonts,machine-id,pulse,resolv.conf
private-dev
private-tmp

blacklist ${HOME}/.Xauthority
blacklist ${HOME}/.bashrc
blacklist /boot
blacklist /lost+found
blacklist /media
blacklist /mnt
blacklist /opt
blacklist /root
blacklist /sbin
blacklist /srv
blacklist /sys

[legg33]

Sure, no problem. Sadly the issue remains :(

Reading profile /home/me/.config/firejail/spotify.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Parent pid 25476, child pid 25477
Child process initialized in 40.13 ms
[0523/172951:ERROR:main_delegate.cc(752)] Could not load cef_extensions.pak
[0523/172951:ERROR:main_delegate.cc(752)] Could not load cef_extensions.pak
[0523/172951:ERROR:gl_implementation.cc(223)] Failed to load libGL.so.1: libGL.so.1: cannot open shared object file: No such file or directory

[Fred-Barclay]

Does firejail --noprofile spotify work?

[legg33]

Yes, that works.

[legg33]

UPDATE: Steam is also not working properly anymore.

$ steam
Reading profile /etc/firejail/steam.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Parent pid 620, child pid 621
Blacklist violations are logged to syslog
Child process initialized in 29.87 ms
rm: cannot remove '/home/me/.steam/ubuntu12_32/steam': Device or resource busy
Running Steam on ubuntu 17.04 64-bit
STEAM_RUNTIME is enabled automatically
Error: Couldn't find bootstrap, it's not safe to reset Steam. Please contact technical support.

Just like spotify when I'm running it with --noprofile or deleting the symlink & the modified .desktop-file it works again.

[Fred-Barclay]

We've got a Steam issue with a fix - can you try these instructions for Steam? https://github.com/netblue30/firejail/issues/1280#issuecomment-302881955

[legg33]

Kmail crashes, too.

Reading profile /etc/firejail/kmail.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Parent pid 5758, child pid 5759
Blacklist violations are logged to syslog
Child process initialized in 39.72 ms
org.kde.pim.kidentitymanagement: IdentityManager: There was no default identity. Marking first one as default.
[0523/212801:ERROR:nss_util.cc(98)] Failed to create /home/me/.pki/nssdb directory.
[0523/212801:ERROR:nss_util.cc(98)] Failed to create /home/me/.pki/nssdb directory.
[0523/212801:FATAL:credentials.cc(317)] Check failed: ChrootToSafeEmptyDir().

[legg33]

The steam fix did not work for me. The issue remains.

[Fred-Barclay]

I'm downloading Ubuntu 17.04 MATE now to take a look around.

[legg33]

Thanks. Maybe my install is just damaged beyond repair :smile:

[legg33]

So, I investigated a bit further today by purging the firejail PPA and installing version "0.9.44.8-1" again (the version in the normal repo).

Summary:

1. Spotify works again.
2. Couldn't test steam because I removed it (that was the reason I wanted to start it yesterday).
3. KMail still crashes.

Therefore it appears that it's not (or not solely) an issue with my installation.

[breznak]

Just my 2c, I'm getting the same error:

Reading profile /etc/firejail/spotify.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Parent pid 24399, child pid 24401
Child process initialized in 221.75 ms
[0525/114428:ERROR:main_delegate.cc(752)] Could not load cef_extensions.pak
[0525/114428:ERROR:main_delegate.cc(752)] Could not load cef_extensions.pak
[0525/114428:ERROR:gl_implementation.cc(223)] Failed to load libGL.so.1: libGL.so.1: cannot open shared object file: No such file or directory
[0525/114428:ERROR:gpu_child_thread.cc(390)] Exiting GPU process due to errors during initialization

But after a while spotify loads and works fine. This is on ubuntu 16.04 lts/KDE Neon. So the err message may be misleading you.

EDIT: Using firejail/firecfg 0.9.46 from the PPA

[Fred-Barclay]

I can't replicate the error on Ubuntu MATE 64-bit. I get the same messages as @breznak (which are expected) but spotify launches fine after about a second or two. This is with firejail built from the latest git commit.

[Fred-Barclay]

@marvingee and @breznak I have a new profile in mainline. Could you try it and let me know if spotify is working? https://raw.githubusercontent.com/netblue30/firejail/29312d8ea5a51228b7eec400e7c8d541e9c3113c/etc/spotify.profile

[ghost]

I've installed firejail from source. Spotify works flawlessly. Thanks for the update, Fred! :) I guess commenting the /mnt blacklist wasn't necessary in general. But in my case it was, since I have a symlinked Spotify cache on /mnt.

[Fred-Barclay]

I guess commenting the /mnt blacklist wasn't necessary in general.

No, you're right, but that's really a job for disable-mnt in /etc/firejail/firejail.config or a user-customised profile. Or so I think. :)

Thanks for debugging this!

[Fred-Barclay]

I'll close for now and we can reopen if needed.

[intika]

Had an issue with the current profile to get spotify working cannot open shared object file: No such file or directory libcef.so Fixed it by removing "shell none" from the profile

[hchr]

@intika Thanks Get the same error on Manjaro with spotify 1.0.77.338-1 and firejail 0.9.52-1 With the spotify profile https://raw.githubusercontent.com/netblue30/firejail/29312d8ea5a51228b7eec400e7c8d541e9c3113c/etc/spotify.profile

uncommenting "shell none" fix spotify