audacity: error while loading shared libraries: lib-screen-geometry.so (AppArmor/private-bin)

a61kt commented 2 years ago

Description

firejail audacity
Reading profile /etc/firejail/audacity.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-shell.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 67427, child pid 67428
1 program installed in 112.37 ms
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Warning: not remounting /run/user/1000/gvfs
Warning: not remounting /run/user/1000/doc
Blacklist violations are logged to syslog
Warning: Cannot confine the application using AppArmor.
Maybe firejail-default AppArmor profile is not loaded into the kernel.
As root, run "aa-enforce firejail-default" to load it.
Child process initialized in 418.40 ms
audacity: error while loading shared libraries: lib-screen-geometry.so: cannot open shared object file: No such file or directory

Parent is shutting down, bye...

Steps to Reproduce

open firejail audacity / see it

Run in bash LC_ALL=C firejail PROGRAM (LC_ALL=C to get a consistent output in English that can be understood by everybody)
Click on '....'
Scroll down to '....'
See error ERROR

Expected behavior

get my audacity

Actual behavior

its broken

Behavior without a profile

$ firejail --noprofile --net=none audacity

``` Parent pid 67492, child pid 67493 Child process initialized in 36.74 ms (process:3): Gdk-CRITICAL **: 23:36:36.123: gdk_screen_get_root_window: assertion 'GDK_IS_SCREEN (screen)' failed (process:3): Gdk-CRITICAL **: 23:36:36.125: gdk_window_get_display: assertion 'GDK_IS_WINDOW (window)' failed (process:3): Gdk-CRITICAL **: 23:36:36.125: gdk_cursor_new_from_pixbuf: assertion 'GDK_IS_DISPLAY (display)' failed (audacity:3): Gtk-WARNING **: 23:36:36.182: Theme parsing error: gtk.css:63:28: The :prelight pseudo-class is deprecated. Use :hover instead. (audacity:3): Gtk-WARNING **: 23:36:36.183: Theme parsing error: gtk.css:73:35: The :prelight pseudo-class is deprecated. Use :hover instead. (audacity:3): Gtk-WARNING **: 23:36:36.183: Theme parsing error: gtk.css:115:31: The :insensitive pseudo-class is deprecated. Use :disabled instead. (audacity:3): Gtk-WARNING **: 23:36:36.183: Theme parsing error: gtk.css:116:24: The :insensitive pseudo-class is deprecated. Use :disabled instead. (audacity:3): Gtk-WARNING **: 23:36:36.183: Theme parsing error: gtk.css:145:27: The :insensitive pseudo-class is deprecated. Use :disabled instead. (audacity:3): Gtk-WARNING **: 23:36:36.183: Theme parsing error: gtk.css:146:29: The :insensitive pseudo-class is deprecated. Use :disabled instead. (audacity:3): Gtk-WARNING **: 23:36:36.183: Theme parsing error: gtk.css:166:34: The :insensitive pseudo-class is deprecated. Use :disabled instead. (audacity:3): Gtk-WARNING **: 23:36:36.183: Theme parsing error: gtk.css:187:34: The :inconsistent pseudo-class is deprecated. Use :indeterminate instead. lilv_world_add_plugin(): warning: Duplicate plugin lilv_world_add_plugin(): warning: ... found in file:///usr/lib64/lv2/eg-scope.lv2/ lilv_world_add_plugin(): warning: ... and file:///usr/lib/lv2/eg-scope.lv2/ (ignored) lilv_world_add_plugin(): warning: Duplicate plugin lilv_world_add_plugin(): warning: ... found in file:///usr/lib64/lv2/eg-scope.lv2/ lilv_world_add_plugin(): warning: ... and file:///usr/lib/lv2/eg-scope.lv2/ (ignored) lilv_world_add_plugin(): warning: Duplicate plugin lilv_world_add_plugin(): warning: ... found in file:///usr/lib64/lv2/eg-amp.lv2/ lilv_world_add_plugin(): warning: ... and file:///usr/lib/lv2/eg-amp.lv2/ (ignored) lilv_world_add_plugin(): warning: Duplicate plugin lilv_world_add_plugin(): warning: ... found in file:///usr/lib64/lv2/eg-midigate.lv2/ lilv_world_add_plugin(): warning: ... and file:///usr/lib/lv2/eg-midigate.lv2/ (ignored) lilv_world_add_plugin(): warning: Duplicate plugin lilv_world_add_plugin(): warning: ... found in file:///usr/lib64/lv2/eg-metro.lv2/ lilv_world_add_plugin(): warning: ... and file:///usr/lib/lv2/eg-metro.lv2/ (ignored) lilv_world_add_plugin(): warning: Duplicate plugin lilv_world_add_plugin(): warning: ... found in file:///usr/lib64/lv2/eg-params.lv2/ lilv_world_add_plugin(): warning: ... and file:///usr/lib/lv2/eg-params.lv2/ (ignored) lilv_world_add_plugin(): warning: Duplicate plugin lilv_world_add_plugin(): warning: ... found in file:///usr/lib64/lv2/eg-sampler.lv2/ lilv_world_add_plugin(): warning: ... and file:///usr/lib/lv2/eg-sampler.lv2/ (ignored) lilv_world_add_plugin(): warning: Duplicate plugin lilv_world_add_plugin(): warning: ... found in file:///usr/lib64/lv2/eg-fifths.lv2/ lilv_world_add_plugin(): warning: ... and file:///usr/lib/lv2/eg-fifths.lv2/ (ignored) ALSA lib pcm_dmix.c:999:(snd_pcm_dmix_open) unable to open slave ALSA lib pcm.c:2664:(snd_pcm_open_noupdate) Unknown PCM cards.pcm.rear ALSA lib pcm.c:2664:(snd_pcm_open_noupdate) Unknown PCM cards.pcm.center_lfe ALSA lib pcm.c:2664:(snd_pcm_open_noupdate) Unknown PCM cards.pcm.side ALSA lib pcm_route.c:877:(find_matching_chmap) Found no matching channel map Expression 'alsa_snd_pcm_hw_params_set_buffer_size_near( pcm, hwParams, &alsaBufferFrames )' failed in 'src/hostapi/alsa/pa_linux_alsa.c', line: 923 Expression 'alsa_snd_pcm_hw_params_set_buffer_size_near( pcm, hwParams, &alsaBufferFrames )' failed in 'src/hostapi/alsa/pa_linux_alsa.c', line: 923 Expression 'alsa_snd_pcm_hw_params_set_buffer_size_near( pcm, hwParams, &alsaBufferFrames )' failed in 'src/hostapi/alsa/pa_linux_alsa.c', line: 923 Cannot connect to server socket err = No such file or directory Cannot connect to server request channel jack server is not running or cannot be started JackShmReadWritePtr::~JackShmReadWritePtr - Init not done for -1, skipping unlock JackShmReadWritePtr::~JackShmReadWritePtr - Init not done for -1, skipping unlock Cannot connect to server socket err = No such file or directory Cannot connect to server request channel jack server is not running or cannot be started JackShmReadWritePtr::~JackShmReadWritePtr - Init not done for -1, skipping unlock JackShmReadWritePtr::~JackShmReadWritePtr - Init not done for -1, skipping unlock ALSA lib pcm_oss.c:397:(_snd_pcm_oss_open) Cannot open device /dev/dsp ALSA lib pcm_oss.c:397:(_snd_pcm_oss_open) Cannot open device /dev/dsp ALSA lib pcm_a52.c:1001:(_snd_pcm_a52_open) a52 is only for playback ALSA lib confmisc.c:160:(snd_config_get_card) Invalid field card ALSA lib pcm_usb_stream.c:482:(_snd_pcm_usb_stream_open) Invalid card 'card' ALSA lib confmisc.c:160:(snd_config_get_card) Invalid field card ALSA lib pcm_usb_stream.c:482:(_snd_pcm_usb_stream_open) Invalid card 'card' ALSA lib pcm_dmix.c:999:(snd_pcm_dmix_open) unable to open slave Cannot connect to server socket err = No such file or directory Cannot connect to server request channel jack server is not running or cannot be started JackShmReadWritePtr::~JackShmReadWritePtr - Init not done for -1, skipping unlock JackShmReadWritePtr::~JackShmReadWritePtr - Init not done for -1, skipping unlock ALSA lib confmisc.c:165:(snd_config_get_card) Cannot get card index for -1 ALSA lib confmisc.c:165:(snd_config_get_card) Cannot get card index for -1 Expression 'stream->capture.pcm' failed in 'src/hostapi/alsa/pa_linux_alsa.c', line: 4626 ALSA lib confmisc.c:165:(snd_config_get_card) Cannot get card index for -1 23:36:42: Debug: ScreenToClient cannot work when toplevel window is not shown 23:36:42: Debug: ScreenToClient cannot work when toplevel window is not shown 23:36:42: Debug: ScreenToClient cannot work when toplevel window is not shown 23:36:42: Debug: ScreenToClient cannot work when toplevel window is not shown 23:36:42: Debug: ScreenToClient cannot work when toplevel window is not shown 23:36:42: Debug: ScreenToClient cannot work when toplevel window is not shown 23:36:42: Debug: ScreenToClient cannot work when toplevel window is not shown 23:36:42: Debug: ScreenToClient cannot work when toplevel window is not shown 23:36:42: Debug: ScreenToClient cannot work when toplevel window is not shown 23:36:42: Debug: ScreenToClient cannot work when toplevel window is not shown 23:36:42: Debug: ScreenToClient cannot work when toplevel window is not shown 23:36:42: Debug: ScreenToClient cannot work when toplevel window is not shown 23:36:42: Debug: ScreenToClient cannot work when toplevel window is not shown Expression 'stream->playback.pcm' failed in 'src/hostapi/alsa/pa_linux_alsa.c', line: 4645 Expression 'stream->playback.pcm' failed in 'src/hostapi/alsa/pa_linux_alsa.c', line: 4645 Expression 'stream->playback.pcm' failed in 'src/hostapi/alsa/pa_linux_alsa.c', line: 4645 ALSA lib confmisc.c:165:(snd_config_get_card) Cannot get card index for -1 ALSA lib confmisc.c:165:(snd_config_get_card) Cannot get card index for -1 Expression 'stream->playback.pcm' failed in 'src/hostapi/alsa/pa_linux_alsa.c', line: 4645 Expression 'stream->playback.pcm' failed in 'src/hostapi/alsa/pa_linux_alsa.c', line: 4645 Expression 'stream->playback.pcm' failed in 'src/hostapi/alsa/pa_linux_alsa.c', line: 4645 ALSA lib confmisc.c:165:(snd_config_get_card) Cannot get card index for -1 23:36:43: Debug: ScreenToClient cannot work when toplevel window is not shown 23:36:43: Debug: ScreenToClient cannot work when toplevel window is not shown 23:36:43: Debug: ScreenToClient cannot work when toplevel window is not shown 23:36:43: Debug: ScreenToClient cannot work when toplevel window is not shown 23:36:43: Debug: ScreenToClient cannot work when toplevel window is not shown 23:36:43: Debug: ScreenToClient cannot work when toplevel window is not shown 23:36:43: Debug: ScreenToClient cannot work when toplevel window is not shown 23:36:43: Debug: ScreenToClient cannot work when toplevel window is not shown 23:36:43: Debug: ScreenToClient cannot work when toplevel window is not shown 23:36:44: Debug: ScreenToClient cannot work when toplevel window is not shown 23:36:44: Debug: ScreenToClient cannot work when toplevel window is not shown 23:36:44: Debug: ScreenToClient cannot work when toplevel window is not shown 23:36:44: Debug: ScreenToClient cannot work when toplevel window is not shown 23:36:44: Debug: ScreenToClient cannot work when toplevel window is not shown 23:36:44: Debug: ScreenToClient cannot work when toplevel window is not shown 23:36:44: Debug: ScreenToClient cannot work when toplevel window is not shown 23:36:44: Debug: ScreenToClient cannot work when toplevel window is not shown 23:36:44: Debug: ScreenToClient cannot work when toplevel window is not shown 23:36:44: Debug: ScreenToClient cannot work when toplevel window is not shown 23:36:44: Debug: ClientToScreen cannot work when toplevel window is not shown 23:36:44: Debug: ClientToScreen cannot work when toplevel window is not shown 23:36:44: Debug: ClientToScreen cannot work when toplevel window is not shown 23:36:44: Debug: ClientToScreen cannot work when toplevel window is not shown 23:36:44: Debug: ClientToScreen cannot work when toplevel window is not shown 23:36:44: Debug: ClientToScreen cannot work when toplevel window is not shown 23:36:44: Debug: ClientToScreen cannot work when toplevel window is not shown 23:36:44: Debug: ClientToScreen cannot work when toplevel window is not shown 23:36:44: Debug: ClientToScreen cannot work when toplevel window is not shown 23:36:44: Debug: ClientToScreen cannot work when toplevel window is not shown 23:36:44: Debug: Warning: command doesn't exist: 'Cut' 23:36:44: Debug: Warning: command doesn't exist: 'Copy' 23:36:44: Debug: Warning: command doesn't exist: 'Paste' 23:36:44: Debug: Warning: command doesn't exist: 'Trim' 23:36:44: Debug: Warning: command doesn't exist: 'Silence' 23:36:44: Debug: Warning: command doesn't exist: 'Undo' 23:36:44: Debug: Warning: command doesn't exist: 'Redo' 23:36:44: Debug: Warning: command doesn't exist: 'ZoomIn' 23:36:44: Debug: Warning: command doesn't exist: 'ZoomOut' 23:36:44: Debug: Warning: command doesn't exist: 'ZoomToggle' 23:36:44: Debug: Warning: command doesn't exist: 'ZoomSel' 23:36:44: Debug: Warning: command doesn't exist: 'FitInWindow' 23:36:44: Debug: ClientToScreen cannot work when toplevel window is not shown 23:36:44: Debug: ClientToScreen cannot work when toplevel window is not shown 23:36:44: Debug: ClientToScreen cannot work when toplevel window is not shown 23:36:44: Debug: ClientToScreen cannot work when toplevel window is not shown 23:36:44: Debug: ClientToScreen cannot work when toplevel window is not shown 23:36:44: Debug: ClientToScreen cannot work when toplevel window is not shown 23:36:44: Debug: ClientToScreen cannot work when toplevel window is not shown 23:36:44: Debug: ClientToScreen cannot work when toplevel window is not shown 23:36:44: Debug: ClientToScreen cannot work when toplevel window is not shown 23:36:44: Debug: ClientToScreen cannot work when toplevel window is not shown 23:36:44: Debug: "Izquierda" must use modifiers to be used as a keyboard accelerator with GTK 23:36:44: Debug: "Derecha" must use modifiers to be used as a keyboard accelerator with GTK 23:36:44: Debug: "Arriba" must use modifiers to be used as a keyboard accelerator with GTK 23:36:44: Debug: "Abajo" must use modifiers to be used as a keyboard accelerator with GTK 23:36:44: Debug: Unrecognized accel key 'NUMPAD_ENTER', accel string ignored. 23:36:44: Debug: "Izquierda" must use modifiers to be used as a keyboard accelerator with GTK 23:36:44: Debug: "Derecha" must use modifiers to be used as a keyboard accelerator with GTK *** BUG *** In pixman_region32_init_rect: Invalid rectangle passed Set a breakpoint on '_pixman_log_error' to debug (audacity:3): Gtk-CRITICAL **: 23:37:29.595: gtk_file_chooser_widget_get_current_name: assertion 'priv->action == GTK_FILE_CHOOSER_ACTION_SAVE || priv->action == GTK_FILE_CHOOSER_ACTION_CREATE_FOLDER' failed (audacity:3): Gtk-CRITICAL **: 23:37:29.596: gtk_file_chooser_widget_get_current_name: assertion 'priv->action == GTK_FILE_CHOOSER_ACTION_SAVE || priv->action == GTK_FILE_CHOOSER_ACTION_CREATE_FOLDER' failed (audacity:3): Gtk-CRITICAL **: 23:37:29.596: gtk_file_chooser_widget_get_current_name: assertion 'priv->action == GTK_FILE_CHOOSER_ACTION_SAVE || priv->action == GTK_FILE_CHOOSER_ACTION_CREATE_FOLDER' failed (audacity:3): Gtk-CRITICAL **: 23:37:29.596: gtk_file_chooser_widget_get_current_name: assertion 'priv->action == GTK_FILE_CHOOSER_ACTION_SAVE || priv->action == GTK_FILE_CHOOSER_ACTION_CREATE_FOLDER' failed 23:38:29: Debug: LastOpenType is 23:38:29: Debug: OverrideExtendedImportByOpenFileDialogChoice is 1 23:38:29: Debug: Appending libav 23:38:29: Debug: Appending libsndfile 23:38:29: Debug: Appending liboggvorbis 23:38:29: Debug: Appending libflac 23:38:29: Debug: Appending libmad 23:38:29: Debug: Appending lof 23:38:29: Debug: Appending legacyaup *** BUG *** In pixman_region32_init_rect: Invalid rectangle passed Set a breakpoint on '_pixman_log_error' to debug *** BUG *** In pixman_region32_init_rect: Invalid rectangle passed Set a breakpoint on '_pixman_log_error' to debug *** BUG *** In pixman_region32_init_rect: Invalid rectangle passed Set a breakpoint on '_pixman_log_error' to debug *** BUG *** In pixman_region32_init_rect: Invalid rectangle passed Set a breakpoint on '_pixman_log_error' to debug *** BUG *** In pixman_region32_init_rect: Invalid rectangle passed Set a breakpoint on '_pixman_log_error' to debug *** BUG *** In pixman_region32_init_rect: Invalid rectangle passed Set a breakpoint on '_pixman_log_error' to debug *** BUG *** In pixman_region32_init_rect: Invalid rectangle passed Set a breakpoint on '_pixman_log_error' to debug *** BUG *** In pixman_region32_init_rect: Invalid rectangle passed Set a breakpoint on '_pixman_log_error' to debug *** BUG *** In pixman_region32_init_rect: Invalid rectangle passed Set a breakpoint on '_pixman_log_error' to debug ```

Additional context

Any other detail that may help to understand/debug the problem

Environment

arch
firejail version 0.9.70
Audacity v3.1.3
Checklist

[ ] The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it).
[ ] I can reproduce the issue without custom modifications (e.g. globals.local).
[ ] The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
[ ] The profile (and redirect profile if exists) hasn't already been fixed upstream.
[ ] I have performed a short search for similar issues (to avoid opening a duplicate).
- [ ] I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.
[ ] I used --profile=PROFILENAME to set the right profile. (Only relevant for AppImages)

Log

Output of LC_ALL=C firejail /path/to/program

``` output goes here ```

Output of LC_ALL=C firejail --debug /path/to/program

``` output goes here ```

glitsj16 commented 2 years ago

audacity: error while loading shared libraries: lib-screen-geometry.so: cannot open shared object file: No such file or directory

Odd that audacity complains about missing that file: $ pkgfile lib-screen-geometry.so community/audacity

I've installed https://archlinux.org/packages/community/x86_64/audacity/ on my arch linux box and with firejail from git it works. Only thing that changed in /etc/firejail/audacity.profile compared to 0.9.70 is the removal of shell none. But even when I add that back audacity starts and works as expected for me. So I cannot reproduce this.

UPDATE: other arch users i talked with on #archlinux IRC could reproduce this. For them audacity started to work by ignoring apparmor, so that's something you can try.

Do you use AppArmor? Can you post output from the below command here please? $ firejail --ignore=quiet --ignore=apparmor /usr/bin/audacity

TopherIsSwell commented 2 years ago

Commenting out the private-bin audacity line fixes this error for me on Fedora 36. Which is curious because private-bin is supposed to only bind-mount the /bin, /usr/bin, /sbin, and /usr/sbin dirs, and on my install of Fed36, this library is chilling at /usr/lib64/audacity/lib-screen-geometry.so

I don't know much about firejail profiles, but adding noblacklist /usr/lib64/audacity did not solve the problem for me.

This error occurs on the Fedora 36 packaged version of firejail 0.9.66, and the version I compiled locally off of master (316749ae4) -- labelled as 0.9.71.

I'm adding a PR to adjust the profile, but I wonder why it's not reproduceable by some folks and why private-bin would affect the lib directories. I'm just a drive by, so I'll let the maintainers decide whether this should be a investigated deeper in a separate issue, or if slapping a bandage on the audacity profile is good enough.

TopherIsSwell commented 2 years ago

I'm wondering if this has something to do with the distribution packaging of audacity. I heard there's drama about the upstream and some distro are doing some munging before packaging, maybe that's why some folks are having this issue and others aren't?

TopherIsSwell commented 2 years ago

Okay, plot twist. Removing apparmor OR private-bin (and leaving the other in place) fixes this issue for me on Fedora 36 (i.e. AppArmor is defs not installed).

How does one create a cross-platform app profile? I'm presuming that Debian distros will want the apparmor integration, but it appears to not be playing nice with non-apparmor setups.

glitsj16 commented 2 years ago

Okay, plot twist. Removing apparmor OR private-bin (and leaving the other in place) fixes this issue for me on Fedora 36 (i.e. AppArmor is defs not installed).

Nice catch.

How does one create a cross-platform app profile? I'm presuming that Debian distros will want the apparmor integration, but it appears to not be playing nice with non-apparmor setups.

Firejail doesn't have cross-platform profiles. It's up to distro packagers to add/remove specifics in profiles. @reinerh Do you have any suggestions here?

IMO it would be sufficient to remove apparmor from audacity. Can you edit your PR accordingly please?

TopherIsSwell commented 2 years ago

I present to you a shiny new commit for your reviewing pleasure.

reinerh commented 2 years ago

Audacity works fine on Debian with apparmor enabled, but I'm fine with keeping it disabled if it crashes on other distros.
I don't think it's worth to ship a Debian-specific patch for this.

glitsj16 commented 2 years ago

Fixed in #5300 - closing.

rusty-snake commented 2 years ago

Removing apparmor OR private-bin (and leaving the other in place) fixes this issue for me on Fedora 36 (i.e. AppArmor is defs not installed).

Is AppArmor support enabled in your firejail build?

netblue30 / firejail