Patch fails to run in Artix Linux

ZachIndigo commented 3 years ago

Write clear, concise and in textual form.

Bug and expected behavior

Describe the bug.

Patch always fails to run, complains about missing libdl.so.2 library (which is installed and in /usr/lib).

What did you expect to happen?

I expected the patch command to work properly.

No profile and disabling firejail

What changed calling firejail --noprofile /path/to/program in a terminal?

Patch works properly, no complaint about missing library.

What changed calling the program by path (check which <program> or firejail --list while the sandbox is running)?

Patch works correctly, no complaint about missing library.

Reproduce Steps to reproduce the behavior:

Run in bash firejail patch
See error /usr/sbin/patch: error while loading shared libraries: libdl.so.2: cannot open shared object file: No such file or directory

Environment

Linux distribution and version (ie output of lsb_release -a, screenfetch or cat /etc/os-release)

Artix Linux (fork of Arch), up-to-date

Firejail version (output of firejail --version) exclusive or used git commit (git rev-parse HEAD)

Firejail version 0.9.64.4

Additional context Other context about the problem like related errors to understand the problem.

Patch will also start to work if I comment out the 'private-lib' line in the config.

Checklist

[X] The profile (and redirect profile if exists) hasn't already been fixed upstream.

Trying the master-branch patch.profile does not fix the issue either.

[X] The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)

I am using the upstream patch.profile

[X] I have performed a short search for similar issues (to avoid opening a duplicate).
[ ] If it is a AppImage, --profile=PROFILENAME is used to set the right profile.

It is not an appimage.

[X] Used LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 PROGRAM to get english error-messages.
[X] I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.

debug output

``` OUTPUT OF `firejail --debug PROGRAM` DISPLAY=:0 parsed as 0 Autoselecting /bin/zsh as shell Building quoted command line: 'patch' '-p1' Command name #patch# Found patch.profile profile in /etc/firejail directory Found patch.local profile in /etc/firejail directory Found disable-common.inc profile in /etc/firejail directory Found disable-devel.inc profile in /etc/firejail directory Found disable-exec.inc profile in /etc/firejail directory Found disable-interpreters.inc profile in /etc/firejail directory Found disable-passwdmgr.inc profile in /etc/firejail directory Found disable-shell.inc profile in /etc/firejail directory Found disable-xdg.inc profile in /etc/firejail directory Found whitelist-usr-share-common.inc profile in /etc/firejail directory Found whitelist-var-common.inc profile in /etc/firejail directory Enabling IPC namespace Initializing child process PID namespace installed Mounting tmpfs on /run/firejail/mnt directory Creating empty /run/firejail/mnt/seccomp directory Creating empty /run/firejail/mnt/seccomp/seccomp.protocol file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec file Creating empty /run/firejail/mnt/seccomp/seccomp.postexec32 file sbox run: /run/firejail/lib/fnet ifup lo Network namespace enabled, only loopback interface available Build protocol filter: unix sbox run: /run/firejail/lib/fseccomp protocol build unix /run/firejail/mnt/seccomp/seccomp.protocol Mounting /proc filesystem representing the PID namespace Basic read-only filesystem: Mounting read-only /etc 94 59 254:0 /etc /etc ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=94 fsname=/etc dir=/etc fstype=ext4 Mounting noexec /etc 95 94 254:0 /etc /etc ro,nosuid,nodev,noexec,relatime - ext4 /dev/mapper/cryptlvm rw mountid=95 fsname=/etc dir=/etc fstype=ext4 Mounting read-only /var 96 59 254:0 /var /var ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=96 fsname=/var dir=/var fstype=ext4 Mounting noexec /var 97 96 254:0 /var /var ro,nosuid,nodev,noexec,relatime - ext4 /dev/mapper/cryptlvm rw mountid=97 fsname=/var dir=/var fstype=ext4 Mounting read-only /usr 98 59 254:0 /usr /usr ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=98 fsname=/usr dir=/usr fstype=ext4 Mounting tmpfs on /var/lock Mounting tmpfs on /var/tmp Mounting tmpfs on /var/log Create the new utmp file Mount the new utmp file Cleaning /home directory Cleaning /run/user directory Sanitizing /etc/passwd, UID_MIN 1000 Sanitizing /etc/group, GID_MIN 1000 Disable /home/zachir/.config/firejail Disable /run/firejail/network Disable /run/firejail/bandwidth Disable /run/firejail/name Disable /run/firejail/profile Disable /run/firejail/x11 Disable /run/firejail/appimage Mounting tmpfs on /dev Process /dev/shm directory Copying files in the new bin directory Checking /usr/local/bin/patch firejail exec symlink detected Checking /usr/bin/patch sbox run: /run/firejail/lib/fcopy /usr/bin/patch /run/firejail/mnt/bin Checking /usr/local/bin/red Checking /usr/bin/red Checking /bin/red Checking /usr/games/red Checking /usr/local/games/red Checking /usr/local/sbin/red Checking /usr/sbin/red Checking /sbin/red Mount-bind /run/firejail/mnt/bin on top of /usr/local/bin Mount-bind /run/firejail/mnt/bin on top of /usr/bin Mount-bind /run/firejail/mnt/bin on top of /bin Mount-bind /run/firejail/mnt/bin on top of /usr/local/games Mount-bind /run/firejail/mnt/bin on top of /usr/local/sbin Mount-bind /run/firejail/mnt/bin on top of /usr/sbin Mount-bind /run/firejail/mnt/bin on top of /sbin Starting private-lib processing: program patch, shell none Installing standard C library copying /lib64/libapparmor.so.1 to private /run/firejail/mnt/lib sbox run: /run/firejail/lib/fcopy --follow-link /lib64/libapparmor.so.1 /run/firejail/mnt/lib copying /lib64/libc.so.6 to private /run/firejail/mnt/lib sbox run: /run/firejail/lib/fcopy --follow-link /lib64/libc.so.6 /run/firejail/mnt/lib copying /lib64/libnsl.so.2 to private /run/firejail/mnt/lib sbox run: /run/firejail/lib/fcopy --follow-link /lib64/libnsl.so.2 /run/firejail/mnt/lib copying /lib64/libnsl.so.2.0.1 to private /run/firejail/mnt/lib sbox run: /run/firejail/lib/fcopy --fDebug 456: new_name #/usr/share/alsa#, whitelist Debug 456: new_name #/usr/share/applications#, whitelist Debug 456: new_name #/usr/share/ca-certificates#, whitelist Debug 456: new_name #/usr/share/crypto-policies#, whitelist ollow-link /lib64/libnsl.so.2.0.1 /run/firejail/mnt/lib copying /lib64/libapparmor.so.1.8.0 to private /run/firejail/mnt/lib sbox run: /run/firejail/lib/fcopy --follow-link /lib64/libapparmor.so.1.8.0 /run/firejail/mnt/lib copying /lib64/libpcre2-8.so.0.10.1 to private /run/firejail/mnt/lib sbox run: /run/firejail/lib/fcopy --follow-link /lib64/libpcre2-8.so.0.10.1 /run/firejail/mnt/lib copying /lib64/libmemusage.so to private /run/firejail/mnt/lib sbox run: /run/firejail/lib/fcopy --follow-link /lib64/libmemusage.so /run/firejail/mnt/lib copying /lib64/libcrypt.so.2.0.0 to private /run/firejail/mnt/lib sbox run: /run/firejail/lib/fcopy --follow-link /lib64/libcrypt.so.2.0.0 /run/firejail/mnt/lib copying /lib64/libpcre2-8.so.0 to private /run/firejail/mnt/lib sbox run: /run/firejail/lib/fcopy --follow-link /lib64/libpcre2-8.so.0 /run/firejail/mnt/lib copying /lib64/libthread_db.so.1 to private /run/firejail/mnt/lib sbox run: /run/firejail/lib/fcopy --follow-link /lib64/libthread_db.so.1 /run/firejail/mnt/lib copying /lib64/ld-linux-x86-64.so.2 to private /run/firejail/mnt/lib sbox run: /run/firejail/lib/fcopy --follow-link /lib64/ld-linux-x86-64.so.2 /run/firejail/mnt/lib copying /lib64/libcrypt.so.2 to private /run/firejail/mnt/lib sbox run: /run/firejail/lib/fcopy --follow-link /lib64/libcrypt.so.2 /run/firejail/mnt/lib copying /lib64/libpthread.so.0 to private /run/firejail/mnt/lib sbox run: /run/firejail/lib/fcopy --follow-link /lib64/libpthread.so.0 /run/firejail/mnt/lib fslib_copy_dir /usr/lib/locale Installing Firejail libraries fslib_install_list /usr/bin/firejail fslib_install_list /usr/lib/firejail fslib_copy_dir /usr/lib/firejail Installing sandboxed program libraries Searching $PATH for patch trying #/home/zachir/.local/scripts/patch# trying #/home/zachir/.local/share/cargo/bin/patch# trying #/home/zachir/.local/share/go/bin/patch# trying #/home/zachir/.local/bin/patch# trying #/opt/REAPER/patch# trying #/usr/local/sbin/patch# fslib_install_list /usr/local/sbin/patch fslib_copy_libs /usr/local/sbin/patch Creating empty /run/firejail/mnt/libfiles file running fldd /usr/local/sbin/patch sbox run: /run/firejail/lib/fldd /usr/local/sbin/patch /run/firejail/mnt/libfiles copying /lib64/libattr.so.1 to private /run/firejail/mnt/lib sbox run: /run/firejail/lib/fcopy --follow-link /lib64/libattr.so.1 /run/firejail/mnt/lib Processing private-lib files fslib_install_list libdl.so.*,libfakeroot fslib_copy_dir /usr/lib/libfakeroot fslib_copy_dir /lib/libfakeroot fslib_copy_dir /lib64/libfakeroot fslib_copy_dir /usr/lib/libfakeroot Processing private-bin files fslib_install_list patch,/usr/bin/patch fslib_copy_libs /usr/bin/patch Creating empty /run/firejail/mnt/libfiles file running fldd /usr/bin/patch sbox run: /run/firejail/lib/fldd /usr/bin/patch /run/firejail/mnt/libfiles Installing system libraries Mount-bind /run/firejail/mnt/lib on top of /lib /lib64 /usr/lib Creating empty /run/firejail/mnt/dbus directory Creating empty /run/firejail/mnt/dbus/user file blacklist /run/dbus/system_bus_socket blacklist /home/zachir/.dbus Creating empty /run/firejail/mnt/dbus/system file blacklist /run/dbus/system_bus_socket blacklist /run/firejail/dbus Mounting read-only /proc/sys Remounting /sys directory Disable /sys/firmware Disable /sys/hypervisor Disable /sys/power Disable /sys/kernel/debug Disable /sys/kernel/vmcoreinfo Disable /proc/sys/fs/binfmt_misc Disable /proc/sys/kernel/core_pattern Disable /proc/sys/kernel/modprobe Disable /proc/sysrq-trigger Disable /proc/sys/vm/panic_on_oom Disable /proc/irq Disable /proc/bus Disable /proc/sched_debug Disable /proc/timer_list Disable /proc/kcore Disable /proc/kallsyms Disable /boot Disable /run/user/1000/gnupg Disable /run/user/1000/systemd Disable /proc/kmsg Removed whitelist/nowhitelist path: whitelist /usr/share/crypto-policies expanded: /usr/share/crypto-policies real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/cursors#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/cursors expanded: /usr/share/cursors real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/dconf#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/dconf expanded: /usr/share/dconf real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/distro-info#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/distro-info expanded: /usr/share/distro-info real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/drirc.d#, whitelist Debug 456: new_name #/usr/share/enchant#, whitelist Debug 456: new_name #/usr/share/enchant-2#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/enchant-2 expanded: /usr/share/enchant-2 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/file#, whitelist Debug 456: new_name #/usr/share/fontconfig#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/fontconfig expanded: /usr/share/fontconfig real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/fonts#, whitelist Debug 456: new_name #/usr/share/fonts-config#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/fonts-config expanded: /usr/share/fonts-config real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/gir-1.0#, whitelist Debug 456: new_name #/usr/share/gjs-1.0#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/gjs-1.0 expanded: /usr/share/gjs-1.0 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/glib-2.0#, whitelist Debug 456: new_name #/usr/share/glvnd#, whitelist Debug 456: new_name #/usr/share/gtk-2.0#, whitelist Debug 456: new_name #/usr/share/gtk-3.0#, whitelist Debug 456: new_name #/usr/share/gtk-engines#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/gtk-engines expanded: /usr/share/gtk-engines real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/gtksourceview-3.0#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/gtksourceview-3.0 expanded: /usr/share/gtksourceview-3.0 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/gtksourceview-4#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/gtksourceview-4 expanded: /usr/share/gtksourceview-4 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/hunspell#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/hunspell expanded: /usr/share/hunspell real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/hwdata#, whitelist Debug 456: new_name #/usr/share/icons#, whitelist Debug 456: new_name #/usr/share/icu#, whitelist Debug 456: new_name #/usr/share/knotifications5#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/knotifications5 expanded: /usr/share/knotifications5 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/kservices5#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/kservices5 expanded: /usr/share/kservices5 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/Kvantum#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/Kvantum expanded: /usr/share/Kvantum real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/kxmlgui5#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/kxmlgui5 expanded: /usr/share/kxmlgui5 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/libdrm#, whitelist Debug 456: new_name #/usr/share/libthai#, whitelist Debug 456: new_name #/usr/share/locale#, whitelist Debug 456: new_name #/usr/share/mime#, whitelist Debug 456: new_name #/usr/share/misc#, whitelist Debug 456: new_name #/usr/share/Modules#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/Modules expanded: /usr/share/Modules real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/myspell#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/myspell expanded: /usr/share/myspell real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/p11-kit#, whitelist Debug 456: new_name #/usr/share/perl#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/perl expanded: /usr/share/perl real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/perl5#, whitelist Debug 456: new_name #/usr/share/pixmaps#, whitelist Debug 456: new_name #/usr/share/pki#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/pki expanded: /usr/share/pki real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/plasma#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/plasma expanded: /usr/share/plasma real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/publicsuffix#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/publicsuffix expanded: /usr/share/publicsuffix real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/qt#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/qt expanded: /usr/share/qt real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/qt4#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/qt4 expanded: /usr/share/qt4 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/qt5#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/qt5 expanded: /usr/share/qt5 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/qt5ct#, whitelist Debug 456: new_name #/usr/share/sounds#, whitelist Debug 456: new_name #/usr/share/tcl8.6#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/tcl8.6 expanded: /usr/share/tcl8.6 real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/tcltk#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/tcltk expanded: /usr/share/tcltk real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/terminfo#, whitelist Debug 456: new_name #/usr/share/texlive#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/texlive expanded: /usr/share/texlive real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/texmf#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/texmf expanded: /usr/share/texmf real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/themes#, whitelist Debug 456: new_name #/usr/share/thumbnail.so#, whitelist Removed whitelist/nowhitelist path: whitelist /usr/share/thumbnail.so expanded: /usr/share/thumbnail.so real path: (null) realpath: No such file or directory Debug 456: new_name #/usr/share/vulkan#, whitelist Debug 456: new_name #/usr/share/X11#, whitelist Debug 456: new_name #/usr/share/xml#, whitelist Debug 456: new_name #/usr/share/zenity#, whitelist Debug 456: new_name #/usr/share/zoneinfo#, whitelist Debug 456: new_name #/var/lib/ca-certificates#, whitelist Removed whitelist/nowhitelist path: whitelist /var/lib/ca-certificates expanded: /var/lib/ca-certificates real path: (null) realpath: No such file or directory Debug 456: new_name #/var/lib/dbus#, whitelist Removed whitelist/nowhitelist path: whitelist /var/lib/dbus expanded: /var/lib/dbus real path: (null) realpath: No such file or directory Debug 456: new_name #/var/lib/menu-xdg#, whitelist Removed whitelist/nowhitelist path: whitelist /var/lib/menu-xdg expanded: /var/lib/menu-xdg real path: (null) realpath: No such file or directory Debug 456: new_name #/var/lib/uim#, whitelist Removed whitelist/nowhitelist path: whitelist /var/lib/uim expanded: /var/lib/uim real path: (null) realpath: No such file or directory Debug 456: new_name #/var/cache/fontconfig#, whitelist Debug 456: new_name #/var/tmp#, whitelist Debug 456: new_name #/var/run#, whitelist Debug 456: new_name #/var/lock#, whitelist Replaced whitelist path: whitelist /run Replaced whitelist path: whitelist /run/lock Mounting tmpfs on /var directory Mounting tmpfs on /usr/share directory Whitelisting /usr/share/alsa 161 160 254:0 /usr/share/alsa /usr/share/alsa ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=161 fsname=/usr/share/alsa dir=/usr/share/alsa fstype=ext4 Whitelisting /usr/share/applications 162 160 254:0 /usr/share/applications /usr/share/applications ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=162 fsname=/usr/share/applications dir=/usr/share/applications fstype=ext4 Whitelisting /usr/share/ca-certificates 163 160 254:0 /usr/share/ca-certificates /usr/share/ca-certificates ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=163 fsname=/usr/share/ca-certificates dir=/usr/share/ca-certificates fstype=ext4 Whitelisting /usr/share/drirc.d 164 160 254:0 /usr/share/drirc.d /usr/share/drirc.d ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=164 fsname=/usr/share/drirc.d dir=/usr/share/drirc.d fstype=ext4 Whitelisting /usr/share/enchant 165 160 254:0 /usr/share/enchant /usr/share/enchant ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=165 fsname=/usr/share/enchant dir=/usr/share/enchant fstype=ext4 Whitelisting /usr/share/file 166 160 254:0 /usr/share/file /usr/share/file ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=166 fsname=/usr/share/file dir=/usr/share/file fstype=ext4 Whitelisting /usr/share/fonts 167 160 254:0 /usr/share/fonts /usr/share/fonts ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=167 fsname=/usr/share/fonts dir=/usr/share/fonts fstype=ext4 Whitelisting /usr/share/gir-1.0 168 160 254:0 /usr/share/gir-1.0 /usr/share/gir-1.0 ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=168 fsname=/usr/share/gir-1.0 dir=/usr/share/gir-1.0 fstype=ext4 Whitelisting /usr/share/glib-2.0 169 160 254:0 /usr/share/glib-2.0 /usr/share/glib-2.0 ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=169 fsname=/usr/share/glib-2.0 dir=/usr/share/glib-2.0 fstype=ext4 Whitelisting /usr/share/glvnd 170 160 254:0 /usr/share/glvnd /usr/share/glvnd ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=170 fsname=/usr/share/glvnd dir=/usr/share/glvnd fstype=ext4 Whitelisting /usr/share/gtk-2.0 171 160 254:0 /usr/share/gtk-2.0 /usr/share/gtk-2.0 ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=171 fsname=/usr/share/gtk-2.0 dir=/usr/share/gtk-2.0 fstype=ext4 Whitelisting /usr/share/gtk-3.0 172 160 254:0 /usr/share/gtk-3.0 /usr/share/gtk-3.0 ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=172 fsname=/usr/share/gtk-3.0 dir=/usr/share/gtk-3.0 fstype=ext4 Whitelisting /usr/share/hwdata 173 160 254:0 /usr/share/hwdata /usr/share/hwdata ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=173 fsname=/usr/share/hwdata dir=/usr/share/hwdata fstype=ext4 Whitelisting /usr/share/icons 174 160 254:0 /usr/share/icons /usr/share/icons ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=174 fsname=/usr/share/icons dir=/usr/share/icons fstype=ext4 Whitelisting /usr/share/icu 175 160 254:0 /usr/share/icu /usr/share/icu ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=175 fsname=/usr/share/icu dir=/usr/share/icu fstype=ext4 Whitelisting /usr/share/libdrm 176 160 254:0 /usr/share/libdrm /usr/share/libdrm ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=176 fsname=/usr/share/libdrm dir=/usr/share/libdrm fstype=ext4 Whitelisting /usr/share/libthai 177 160 254:0 /usr/share/libthai /usr/share/libthai ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=177 fsname=/usr/share/libthai dir=/usr/share/libthai fstype=ext4 Whitelisting /usr/share/locale 178 160 254:0 /usr/share/locale /usr/share/locale ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=178 fsname=/usr/share/locale dir=/usr/share/locale fstype=ext4 Whitelisting /usr/share/mime 179 160 254:0 /usr/share/mime /usr/share/mime ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=179 fsname=/usr/share/mime dir=/usr/share/mime fstype=ext4 Whitelisting /usr/share/misc 180 160 254:0 /usr/share/misc /usr/share/misc ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=180 fsname=/usr/share/misc dir=/usr/share/misc fstype=ext4 Whitelisting /usr/share/p11-kit 181 160 254:0 /usr/share/p11-kit /usr/share/p11-kit ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=181 fsname=/usr/share/p11-kit dir=/usr/share/p11-kit fstype=ext4 Whitelisting /usr/share/perl5 182 160 254:0 /usr/share/perl5 /usr/share/perl5 ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=182 fsname=/usr/share/perl5 dir=/usr/share/perl5 fstype=ext4 Whitelisting /usr/share/pixmaps 183 160 254:0 /usr/share/pixmaps /usr/share/pixmaps ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=183 fsname=/usr/share/pixmaps dir=/usr/share/pixmaps fstype=ext4 Whitelisting /usr/share/qt5ct 184 160 254:0 /usr/share/qt5ct /usr/share/qt5ct ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=184 fsname=/usr/share/qt5ct dir=/usr/share/qt5ct fstype=ext4 Whitelisting /usr/share/sounds 185 160 254:0 /usr/share/sounds /usr/share/sounds ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=185 fsname=/usr/share/sounds dir=/usr/share/sounds fstype=ext4 Whitelisting /usr/share/terminfo 186 160 254:0 /usr/share/terminfo /usr/share/terminfo ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=186 fsname=/usr/share/terminfo dir=/usr/share/terminfo fstype=ext4 Whitelisting /usr/share/themes 187 160 254:0 /usr/share/themes /usr/share/themes ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=187 fsname=/usr/share/themes dir=/usr/share/themes fstype=ext4 Whitelisting /usr/share/vulkan 188 160 254:0 /usr/share/vulkan /usr/share/vulkan ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=188 fsname=/usr/share/vulkan dir=/usr/share/vulkan fstype=ext4 Whitelisting /usr/share/X11 189 160 254:0 /usr/share/X11 /usr/share/X11 ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=189 fsname=/usr/share/X11 dir=/usr/share/X11 fstype=ext4 Whitelisting /usr/share/xml 190 160 254:0 /usr/share/xml /usr/share/xml ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=190 fsname=/usr/share/xml dir=/usr/share/xml fstype=ext4 Whitelisting /usr/share/zenity 191 160 254:0 /usr/share/zenity /usr/share/zenity ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=191 fsname=/usr/share/zenity dir=/usr/share/zenity fstype=ext4 Whitelisting /usr/share/zoneinfo 192 160 254:0 /usr/share/zoneinfo /usr/share/zoneinfo ro,relatime - ext4 /dev/mapper/cryptlvm rw mountid=192 fsname=/usr/share/zoneinfo dir=/usr/share/zoneinfo fstype=ext4 Whitelisting /var/cache/fontconfig 193 158 254:0 /var/cache/fontconfig /var/cache/fontconfig ro,nosuid,nodev,noexec,relatime - ext4 /dev/mapper/cryptlvm rw mountid=193 fsname=/var/cache/fontconfig dir=/var/cache/fontconfig fstype=ext4 Whitelisting /var/tmp 194 158 0:54 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw,inode64 mountid=194 fsname=/ dir=/var/tmp fstype=tmpfs Created symbolic link /var/run -> /run Created symbolic link /var/lock -> /run/lock Disable /run/user/1000 Directory ${DOCUMENTS} resolved as Documents Disable /home/zachir/.local/share/Trash Disable /home/zachir/.bash_history Disable /home/zachir/.python_history Disable /home/zachir/.python_history Disable /home/zachir/.viminfo Disable /home/zachir/.config/autostart Disable /home/zachir/.config/awesome Disable /home/zachir/.xinitrc Disable /home/zachir/.xprofile Disable /home/zachir/.xserverrc Disable /home/zachir/.xsession Disable /home/zachir/.xsessionrc Disable /etc/xdg/autostart Mounting read-only /home/zachir/.Xauthority 211 105 0:46 /zachir/.Xauthority /home/zachir/.Xauthority ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=211 fsname=/zachir/.Xauthority dir=/home/zachir/.Xauthority fstype=btrfs Mounting read-only /home/zachir/.config/kdeglobals 212 105 0:46 /zachir/.config/kdeglobals /home/zachir/.config/kdeglobals ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=212 fsname=/zachir/.config/kdeglobals dir=/home/zachir/.config/kdeglobals fstype=btrfs Disable /home/zachir/.local/share/gvfs-metadata Mounting read-only /home/zachir/.config/dconf 214 105 0:46 /zachir/.config/dconf /home/zachir/.config/dconf ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=214 fsname=/zachir/.config/dconf dir=/home/zachir/.config/dconf fstype=btrfs Disable /home/zachir/.config/systemd Disable /etc/init.d (requested /etc/init.d/) Disable /home/zachir/.config/VirtualBox Disable /etc/anacrontab Disable /etc/cron.daily Disable /etc/cron.weekly Disable /etc/cron.hourly Disable /etc/cron.monthly Disable /etc/cron.deny Disable /etc/cron.d Disable /etc/profile.d Disable /etc/rc.local Disable /etc/grub.d Disable /etc/apparmor.d Disable /etc/apparmor Disable /etc/logrotate.conf Disable /etc/logrotate.d Mounting read-only /home/zachir/.profile 232 105 0:46 /zachir/.profile /home/zachir/.profile ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=232 fsname=/zachir/.profile dir=/home/zachir/.profile fstype=btrfs Mounting read-only /home/zachir/.config/zsh/.zshenv 233 105 0:46 /zachir/.config/zsh/.zshenv /home/zachir/.config/zsh/.zshenv ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=233 fsname=/zachir/.config/zsh/.zshenv dir=/home/zachir/.config/zsh/.zshenv fstype=btrfs Mounting read-only /home/zachir/.ssh/authorized_keys 234 105 0:46 /zachir/.ssh/authorized_keys /home/zachir/.ssh/authorized_keys ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=234 fsname=/zachir/.ssh/authorized_keys dir=/home/zachir/.ssh/authorized_keys fstype=btrfs Mounting read-only /home/zachir/.local/lib 235 105 0:46 /zachir/.local/lib /home/zachir/.local/lib ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=235 fsname=/zachir/.local/lib dir=/home/zachir/.local/lib fstype=btrfs Mounting read-only /home/zachir/.viminfo 236 202 0:24 /firejail/firejail.ro.file /home/zachir/.viminfo ro,nosuid,nodev,relatime - tmpfs run rw,mode=755,inode64 mountid=236 fsname=/firejail/firejail.ro.file dir=/home/zachir/.viminfo fstype=tmpfs Mounting read-only /home/zachir/.xmonad 237 105 0:46 /zachir/.xmonad /home/zachir/.xmonad ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=237 fsname=/zachir/.xmonad dir=/home/zachir/.xmonad fstype=btrfs Mounting read-only /home/zachir/.xscreensaver 238 105 0:46 /zachir/.xscreensaver /home/zachir/.xscreensaver ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=238 fsname=/zachir/.xscreensaver dir=/home/zachir/.xscreensaver fstype=btrfs Mounting read-only /home/zachir/.yarnrc 239 105 0:46 /zachir/.yarnrc /home/zachir/.yarnrc ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=239 fsname=/zachir/.yarnrc dir=/home/zachir/.yarnrc fstype=btrfs Mounting read-only /home/zachir/.gem 240 105 0:46 /zachir/.gem /home/zachir/.gem ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=240 fsname=/zachir/.gem dir=/home/zachir/.gem fstype=btrfs Mounting read-only /home/zachir/.local/bin 241 105 0:46 /zachir/.local/bin /home/zachir/.local/bin ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=241 fsname=/zachir/.local/bin dir=/home/zachir/.local/bin fstype=btrfs Mounting read-only /home/zachir/.config/menus 242 105 0:46 /zachir/.config/menus /home/zachir/.config/menus ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=242 fsname=/zachir/.config/menus dir=/home/zachir/.config/menus fstype=btrfs Mounting read-only /home/zachir/.local/share/applications 243 105 0:46 /zachir/.local/share/applications /home/zachir/.local/share/applications ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=243 fsname=/zachir/.local/share/applications dir=/home/zachir/.local/share/applications fstype=btrfs Mounting read-only /home/zachir/.config/mimeapps.list 244 105 0:46 /zachir/.config/mimeapps.list /home/zachir/.config/mimeapps.list ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=244 fsname=/zachir/.config/mimeapps.list dir=/home/zachir/.config/mimeapps.list fstype=btrfs Mounting read-only /home/zachir/.config/user-dirs.dirs 245 105 0:46 /zachir/.config/user-dirs.dirs /home/zachir/.config/user-dirs.dirs ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=245 fsname=/zachir/.config/user-dirs.dirs dir=/home/zachir/.config/user-dirs.dirs fstype=btrfs Mounting read-only /home/zachir/.config/user-dirs.locale 246 105 0:46 /zachir/.config/user-dirs.locale /home/zachir/.config/user-dirs.locale ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=246 fsname=/zachir/.config/user-dirs.locale dir=/home/zachir/.config/user-dirs.locale fstype=btrfs Mounting read-only /home/zachir/.local/share/mime 247 105 0:46 /zachir/.local/share/mime /home/zachir/.local/share/mime ro,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=247 fsname=/zachir/.local/share/mime dir=/home/zachir/.local/share/mime fstype=btrfs Disable /home/zachir/.cert Disable /home/zachir/.gnupg Disable /home/zachir/.local/share/keyrings Disable /home/zachir/.pki Disable /home/zachir/.local/share/pki Disable /home/zachir/.ssh Disable /etc/group- Disable /etc/gshadow Disable /etc/gshadow- Disable /etc/passwd- Disable /etc/shadow Disable /etc/shadow- Disable /etc/ssh Disable /usr/local/sbin Disable /home/zachir/.cache/flatpak Disable /home/zachir/.local/share/flatpak/repo Disable /home/zachir/.local/share/flatpak/.changed Disable /home/zachir/.local/share/flatpak/db Disable /proc/config.gz Disable /home/zachir/.rustup Disable /usr/src Disable /usr/local/src Disable /usr/include Disable /usr/local/include Mounting noexec /home/zachir 319 272 0:24 /firejail/firejail.ro.dir /home/zachir/.rustup rw,nosuid,nodev,relatime - tmpfs run rw,mode=755,inode64 mountid=319 fsname=/firejail/firejail.ro.dir dir=/home/zachir/.rustup fstype=tmpfs Mounting noexec /home/zachir/.Xauthority 320 288 0:46 /zachir/.Xauthority /home/zachir/.Xauthority ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=320 fsname=/zachir/.Xauthority dir=/home/zachir/.Xauthority fstype=btrfs Mounting noexec /home/zachir/.config/kdeglobals 321 289 0:46 /zachir/.config/kdeglobals /home/zachir/.config/kdeglobals ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=321 fsname=/zachir/.config/kdeglobals dir=/home/zachir/.config/kdeglobals fstype=btrfs Mounting noexec /home/zachir/.config/dconf 322 291 0:46 /zachir/.config/dconf /home/zachir/.config/dconf ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=322 fsname=/zachir/.config/dconf dir=/home/zachir/.config/dconf fstype=btrfs Mounting noexec /home/zachir/.profile 323 294 0:46 /zachir/.profile /home/zachir/.profile ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=323 fsname=/zachir/.profile dir=/home/zachir/.profile fstype=btrfs Mounting noexec /home/zachir/.config/zsh/.zshenv 324 295 0:46 /zachir/.config/zsh/.zshenv /home/zachir/.config/zsh/.zshenv ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=324 fsname=/zachir/.config/zsh/.zshenv dir=/home/zachir/.config/zsh/.zshenv fstype=btrfs Mounting noexec /home/zachir/.local/lib 325 297 0:46 /zachir/.local/lib /home/zachir/.local/lib ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=325 fsname=/zachir/.local/lib dir=/home/zachir/.local/lib fstype=btrfs Mounting noexec /home/zachir/.xmonad 326 298 0:46 /zachir/.xmonad /home/zachir/.xmonad ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=326 fsname=/zachir/.xmonad dir=/home/zachir/.xmonad fstype=btrfs Mounting noexec /home/zachir/.xscreensaver 327 299 0:46 /zachir/.xscreensaver /home/zachir/.xscreensaver ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=327 fsname=/zachir/.xscreensaver dir=/DISPLAY=:0 parsed as 0 home/zachir/.xscreensaver fstype=btrfs Mounting noexec /home/zachir/.yarnrc 328 300 0:46 /zachir/.yarnrc /home/zachir/.yarnrc ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=328 fsname=/zachir/.yarnrc dir=/home/zachir/.yarnrc fstype=btrfs Mounting noexec /home/zachir/.gem 329 301 0:46 /zachir/.gem /home/zachir/.gem ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=329 fsname=/zachir/.gem dir=/home/zachir/.gem fstype=btrfs Mounting noexec /home/zachir/.local/bin 330 302 0:46 /zachir/.local/bin /home/zachir/.local/bin ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=330 fsname=/zachir/.local/bin dir=/home/zachir/.local/bin fstype=btrfs Mounting noexec /home/zachir/.config/menus 331 303 0:46 /zachir/.config/menus /home/zachir/.config/menus ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=331 fsname=/zachir/.config/menus dir=/home/zachir/.config/menus fstype=btrfs Mounting noexec /home/zachir/.local/share/applications 332 304 0:46 /zachir/.local/share/applications /home/zachir/.local/share/applications ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=332 fsname=/zachir/.local/share/applications dir=/home/zachir/.local/share/applications fstype=btrfs Mounting noexec /home/zachir/.config/mimeapps.list 333 305 0:46 /zachir/.config/mimeapps.list /home/zachir/.config/mimeapps.list ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=333 fsname=/zachir/.config/mimeapps.list dir=/home/zachir/.config/mimeapps.list fstype=btrfs Mounting noexec /home/zachir/.config/user-dirs.dirs 334 306 0:46 /zachir/.config/user-dirs.dirs /home/zachir/.config/user-dirs.dirs ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=334 fsname=/zachir/.config/user-dirs.dirs dir=/home/zachir/.config/user-dirs.dirs fstype=btrfs Mounting noexec /home/zachir/.config/user-dirs.locale 335 307 0:46 /zachir/.config/user-dirs.locale /home/zachir/.config/user-dirs.locale ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=335 fsname=/zachir/.config/user-dirs.locale dir=/home/zachir/.config/user-dirs.locale fstype=btrfs Mounting noexec /home/zachir/.local/share/mime 336 308 0:46 /zachir/.local/share/mime /home/zachir/.local/share/mime ro,nosuid,nodev,noexec,relatime - btrfs /dev/mapper/crypthome rw,ssd,space_cache,subvolid=5,subvol=/ mountid=336 fsname=/zachir/.local/share/mime dir=/home/zachir/.local/share/mime fstype=btrfs Mounting noexec /dev/shm 337 123 0:60 /shm /dev/shm rw,nosuid,nodev,noexec - tmpfs tmpfs rw,mode=755,inode64 mountid=337 fsname=/shm dir=/dev/shm fstype=tmpfs Mounting noexec /tmp 338 59 254:0 /tmp /tmp rw,nosuid,nodev,noexec,relatime - ext4 /dev/mapper/cryptlvm rw mountid=338 fsname=/tmp dir=/tmp fstype=ext4 Mounting noexec /var 341 339 0:54 / /var/tmp rw,nosuid,nodev,noexec - tmpfs tmpfs rw,inode64 mountid=341 fsname=/ dir=/var/tmp fstype=tmpfs Disable /home/zachir/.nvm Disable /usr/share/perl5 Disable /home/zachir/.config/keepassxc Directory ${DOCUMENTS} resolved as Documents Not blacklist /home/zachir/Documents Directory ${MUSIC} resolved as Music Disable /home/zachir/Music Directory ${PICTURES} resolved as Pictures Disable /home/zachir/Pictures Directory ${VIDEOS} resolved as Videos Disable /home/zachir/Videos Disable /tmp/.X11-unix Disable /home/zachir/.Xauthority Disable /home/zachir/.Xauthority Disable /sys/fs Disable /sys/module disable pulseaudio blacklist /home/zachir/.config/pulse Create the new ld.so.preload file Mount the new ld.so.preload file Current directory: /home/zachir/suckless/dwm Install protocol filter: unix configuring 16 seccomp entries in /run/firejail/mnt/seccomp/seccomp.protocol sbox run: /usr/lib/firejail/fsec-print /run/firejail/mnt/seccomp/seccomp.protocol/usr/lib/firejail/fsec-print: error while loading shared libraries: libdl.so.2: cannot open shared object file: No such file or directory Error: failed to run /usr/lib/firejail/fsec-print Error: proc 781 cannot sync with peer: unexpected EOF Peer 783 unexpectedly exited with status 1 Autoselecting /bin/zsh as shell Building quoted command line: 'patch' '-p1' Command name #patch# Found patch.profile profile in /etc/firejail directory Found patch.local profile in /etc/firejail directory Found disable-common.inc profile in /etc/firejail directory Found disable-devel.inc profile in /etc/firejail directory Found disable-exec.inc profile in /etc/firejail directory Found disable-interpreters.inc profile in /etc/firejail directory Found disable-passwdmgr.inc profile in /etc/firejail directory Found disable-shell.inc profile in /etc/firejail directory Found disable-xdg.inc profile in /etc/firejail directory Found whitelist-usr-share-common.inc profile in /etc/firejail directory Found whitelist-var-common.inc profile in /etc/firejail directory Enabling IPC namespace ```

rusty-snake commented 3 years ago

What shows ls -l /usr/lib*/libdl*?

rusty-snake commented 3 years ago

Found patch.local profile in /etc/firejail directory

What's in it?

kmk3 commented 3 years ago

Reproduce

Steps to reproduce the behavior:

Run in bash firejail patch

See error /usr/sbin/patch: error while loading shared libraries: libdl.so.2: cannot open shared object file: No such file or directory

Same error with a relatively recent firejail-git version, also on Artix.

[X] The profile (and redirect profile if exists) hasn't already been fixed upstream.

It has been fixed by #4000 on master:

https://github.com/zupatisc/firejail/blob/38a5cb1440e000545d7d5802da43170d55f6560b/etc/profile-m-z/patch.profile#L46

So put the following on patch.local:

private-lib libdl.so.*,libfakeroot
ignore private-lib

Or, alternatively, use firejail-git from the AUR until the next release.

ZachIndigo commented 3 years ago

$ ls -l /usr/lib*/libdl*
-rwxr-xr-x 1 dhcpcd dhcpcd 18K Feb 13 17:02 /usr/lib32/libdl-2.33.so
-rw-r--r-- 1 dhcpcd dhcpcd 14K Feb 13 17:02 /usr/lib32/libdl.a
lrwxrwxrwx 1 root   root    10 Feb 13 17:02 /usr/lib32/libdl.so -> libdl.so.2
lrwxrwxrwx 1 root   root    13 Feb 13 17:02 /usr/lib32/libdl.so.2 -> libdl-2.33.so
-rwxr-xr-x 1 dhcpcd dhcpcd 23K Feb 13 17:02 /usr/lib64/libdl-2.33.so
-rw-r--r-- 1 dhcpcd dhcpcd 15K Feb 13 17:02 /usr/lib64/libdl.a
lrwxrwxrwx 1 root   root    10 Feb 13 17:02 /usr/lib64/libdl.so -> libdl.so.2
lrwxrwxrwx 1 root   root    13 Feb 13 17:02 /usr/lib64/libdl.so.2 -> libdl-2.33.so
-rwxr-xr-x 1 dhcpcd dhcpcd 23K Feb 13 17:02 /usr/lib/libdl-2.33.so
-rw-r--r-- 1 dhcpcd dhcpcd 15K Feb 13 17:02 /usr/lib/libdl.a
lrwxrwxrwx 1 root   root    10 Feb 13 17:02 /usr/lib/libdl.so -> libdl.so.2
lrwxrwxrwx 1 root   root    13 Feb 13 17:02 /usr/lib/libdl.so.2 -> libdl-2.33.so

Also, adding in 'ignore private-lib' worked, which is weird, because I copied the Master branch patch.profile into my etc directory and it didn't work. But it is working now, so thanks.

Edit: Fixed code block formatting.

kmk3 commented 3 years ago

Also, adding in 'ignore private-lib' worked, which is weird, because I copied the Master branch patch.profile into my etc directory and it didn't work. But it is working now, so thanks.

Apologies; I wanted to reply quickly and ended up speaking assuming too much and without properly testing my suggestions. #4000 by itself does not really fix it on Artix and the problem still happens on the current master.

It fails even with the following on patch.local:

private-lib libd*,libfakeroot
ignore private-lib

So it's also likely not due to the file names (though it could be a globbing issue).

$ ls -l /usr/lib*/libdl*
-rwxr-xr-x 1 dhcpcd dhcpcd 18K Feb 13 17:02 /usr/lib32/libdl-2.33.so
-rw-r--r-- 1 dhcpcd dhcpcd 14K Feb 13 17:02 /usr/lib32/libdl.a
lrwxrwxrwx 1 root   root    10 Feb 13 17:02 /usr/lib32/libdl.so -> libdl.so.2
lrwxrwxrwx 1 root   root    13 Feb 13 17:02 /usr/lib32/libdl.so.2 -> libdl-2.33.so
-rwxr-xr-x 1 dhcpcd dhcpcd 23K Feb 13 17:02 /usr/lib64/libdl-2.33.so
-rw-r--r-- 1 dhcpcd dhcpcd 15K Feb 13 17:02 /usr/lib64/libdl.a
lrwxrwxrwx 1 root   root    10 Feb 13 17:02 /usr/lib64/libdl.so -> libdl.so.2
lrwxrwxrwx 1 root   root    13 Feb 13 17:02 /usr/lib64/libdl.so.2 -> libdl-2.33.so
-rwxr-xr-x 1 dhcpcd dhcpcd 23K Feb 13 17:02 /usr/lib/libdl-2.33.so
-rw-r--r-- 1 dhcpcd dhcpcd 15K Feb 13 17:02 /usr/lib/libdl.a
lrwxrwxrwx 1 root   root    10 Feb 13 17:02 /usr/lib/libdl.so -> libdl.so.2
lrwxrwxrwx 1 root   root    13 Feb 13 17:02 /usr/lib/libdl.so.2 -> libdl-2.33.so

I have the same output and it does not seem quite right. Why are these libraries owned by dhcpcd when it is not the provider of any of them?

$ pacman -Qo /usr/lib*/libdl* | sort
/usr/lib/libdl-2.33.so is owned by glibc 2.33-4
/usr/lib/libdl-2.33.so is owned by glibc 2.33-4
/usr/lib/libdl.a is owned by glibc 2.33-4
/usr/lib/libdl.a is owned by glibc 2.33-4
/usr/lib/libdl.so is owned by glibc 2.33-4
/usr/lib/libdl.so is owned by glibc 2.33-4
/usr/lib/libdl.so.2 is owned by glibc 2.33-4
/usr/lib/libdl.so.2 is owned by glibc 2.33-4
/usr/lib32/libdl-2.33.so is owned by lib32-glibc 2.33-4
/usr/lib32/libdl.a is owned by lib32-glibc 2.33-4
/usr/lib32/libdl.so is owned by lib32-glibc 2.33-4
/usr/lib32/libdl.so.2 is owned by lib32-glibc 2.33-4

dhcpcd does not even provide any libraries outside of its own directory:

$ pacman -Q dhcpcd
dhcpcd 9.4.0-1
$ pacman -Qlq dhcpcd
/etc/
/etc/dhcpcd.conf
/usr/
/usr/bin/
/usr/bin/dhcpcd
/usr/lib/
/usr/lib/dhcpcd/
/usr/lib/dhcpcd/dev/
/usr/lib/dhcpcd/dev/udev.so
/usr/lib/dhcpcd/dhcpcd-hooks/
/usr/lib/dhcpcd/dhcpcd-hooks/01-test
/usr/lib/dhcpcd/dhcpcd-hooks/20-resolv.conf
/usr/lib/dhcpcd/dhcpcd-hooks/30-hostname
/usr/lib/dhcpcd/dhcpcd-run-hooks
/usr/lib/sysusers.d/
/usr/lib/sysusers.d/dhcpcd.conf
/usr/lib/tmpfiles.d/
/usr/lib/tmpfiles.d/dhcpcd.conf
/usr/share/
/usr/share/dhcpcd/
/usr/share/dhcpcd/hooks/
/usr/share/dhcpcd/hooks/10-wpa_supplicant
/usr/share/dhcpcd/hooks/15-timezone
/usr/share/dhcpcd/hooks/29-lookup-hostname
/usr/share/licenses/
/usr/share/licenses/dhcpcd/
/usr/share/licenses/dhcpcd/LICENSE
/usr/share/man/
/usr/share/man/man5/
/usr/share/man/man5/dhcpcd.conf.5.gz
/usr/share/man/man8/
/usr/share/man/man8/dhcpcd-run-hooks.8.gz
/usr/share/man/man8/dhcpcd.8.gz
/var/
/var/lib/
/var/lib/dhcpcd

I think that the problem might be packaging-related. Will check later.

rusty-snake commented 3 years ago

Will check later.

@kmk3 ping

I think that the problem might be packaging-related.

Could it be #3236?

kmk3 commented 3 years ago

Will check later.

@kmk3 ping

Sorry for the delay, but I still have some patches that I want to send beforehand (some are even from months ago). If anybody wants to take this in the meantime feel free to do so.

Currently I just run unlink /usr/local/bin/patch after running firecfg.

Would be nice if firecfg supported a /etc/firejail/firecfg_ignore.config counterpart to /usr/lib/firejail/firecfg.config, to skip problematic profiles.

I think that the problem might be packaging-related.

To be clear, I meant issues with the dhcpcd package.

By the way, I stopped using dhcpcd, as it would happily and knowingly let the clock drift over an hour without syncing. And there is no way to force it to sync.

Could it be #3236?

Seems plausible; thanks for the link.

rusty-snake commented 3 years ago

Would be nice if firecfg supported a /etc/firejail/firecfg_ignore.config counterpart to /usr/lib/firejail/firecfg.config, to skip problematic profiles.

And here's an other link for you: #2097 :smiley:

netblue30 / firejail

Patch fails to run in Artix Linux #4039