Comment 20 for bug 1946599

I would expect https://searchfox.org/mozilla-central/source/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp#499 to pick up libraries shipped alongside Firefox. I guess what's happening here is that the library is shipped in the snap (but not in the default system), not next to the binary, and then "something" is done to make the dynamic linker pick it up?

Our sandbox knows about LD_LIBRARY_PATH and such https://searchfox.org/mozilla-central/rev/c3d7964c593e0bedabea2fea0b35ba243cf9e696/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp#258 but I guess this is using something different?

In general readonly permission to trusted system library dirs should not be a security concern.