Just a heads up. I went through a similar issue where the change in dnsmasq the way the path is handled. As you did, disabling firejail allowed for libvirtd to start … and then let me access my virtual network. All my notes are in the bug referenced below.
opened 06:29PM - 09 May 22 UTC
closed 12:51AM - 23 May 22 UTC
### Description
The default libvirt NAT network fails to start (even after ap… plying the dnsmasq.profile which was in fix 5089.
Appears to be related to:
https://github.com/netblue30/firejail/issues/5089
### Steps to Reproduce
1. Replace the dnsmasq.profile with the latest one in the repository:
https://github.com/netblue30/firejail/blob/master/etc/profile-a-l/dnsmasq.profile
2. Open terminal and try to start the NAT network inf
```
sudo virsh net-start default
```
3. Then the following error will show:
```
error: Failed to start network default
error: internal error: Child process (VIR_BRIDGE_NAME=virbr0 /usr/local/bin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/lib/libvirt/libvirt_leaseshelper) unexpected exit status 1: Error: PATH environment variable not set
```
### Expected behavior
1. The NAT Nework interface should start and go active.
```
❯ sudo virsh net-start default
Network default started
~
❯ sudo virsh net-list --all
Name State Autostart Persistent
--------------------------------------------
default active yes yes
```
### Actual behavior
The NAT Network interface fails to go active when firejail is enabled.
### Environment
Linux info:
```
OS: EndeavourOS Linux x86_64
Kernel: 5.15.37-1-lts
Shell: zsh 5.8.1
DE: GNOME 42.1
WM: Mutter
```
firejail --version
```
firejail version 0.9.68
Compile time support:
- always force nonewprivs support is disabled
- AppArmor support is enabled
- AppImage support is enabled
- chroot support is enabled
- D-BUS proxy support is enabled
- file transfer support is enabled
- firetunnel support is enabled
- networking support is enabled
- output logging is enabled
- overlayfs support is disabled
- private-home support is enabled
- private-cache and tmpfs as user enabled
- SELinux support is disabled
- user namespace support is enabled
- X11 sandboxing support is enabled
```
### Checklist
<!--
Note: Items are checked with an "x", like so:
- [x] This is a checked item.
-->
- [x] The issues is caused by firejail (i.e. running the program by path (e.g. `/usr/bin/vlc`) "fixes" it).
- [x] I can reproduce the issue without custom modifications (e.g. globals.local).
- [ ] The program has a profile. (If not, request one in `https://github.com/netblue30/firejail/issues/1139`)
- [x] The profile (and redirect profile if exists) hasn't already been fixed [upstream](https://github.com/netblue30/firejail/tree/master/etc).
- [x] I have performed a short search for similar issues (to avoid opening a duplicate).
- [x] I'm aware of `browser-allow-drm yes`/`browser-disable-u2f no` in `firejail.config` to allow DRM/U2F in browsers.
- [ ] I used `--profile=PROFILENAME` to set the right profile. (Only relevant for AppImages)
---
EDIT by @rusty-snake: Fix check-boxes
1 Like