systemcheck sudo: error while loading shared libraries: cannot open shared object file: No such file or directory

I ran a clean release upgrade but now am seeing this:

$ systemcheck
sudo: error while loading shared libraries: cannot open shared object file: No such file or directory

$ sudo whoami

What is a clean release upgrade?

Which virtualizer?

Please check your systemcheck version:

dpkg -l | grep systemcheck

I apologize about the ambiguity. I mean that I ran all Release Upgrade steps without generating any errors (including sanity checks). The system seems virtually intact…

$ dpkg -l | grep systemcheck
ii systemcheck 3:25.8-1 all Anonymity and security check

VirtualBox 7.0

I cannot reproduce this.

This could be because of prior manual changes to AppArmor profiles? I suspect the AppArmor profile in /etc/apparmor.d is outdated.

To check if configuration files are up-to-date and how to reset these to vendor defaults, see:
Configuration Files - Kicksecure chapter Reset Configuration Files to Vendor Default in Kicksecure wiki

(Whonix is based on Kicksecure.)

I wasn’t sure if you wanted me to post my findings in my thread or here so I’m posting in both and will delete the other after a reply.

dpkg -l | greo systemcheck

ii systemcheck 3.25.8-1

All Anonymity and security check

Ran the following:
sudo debsums -ce


I opened up the debian.list file and everything other than the following was # out.

deb tor+ bookworm main contrib non-free
deb tor+ bookworm-updates main contrib non-free
deb tor+ bookworm-security main
contrib non-free
deb tor+ bookworm-backports main contrib
deb tor+ bookworm-fasttrack main
contrib non-free


cat /etc/apt/sources.list.d/derivative.list | grep --invert-match "#"

show both lines starting with deb and having:


repository lines?

Please compare with your local file /etc/apparmor.d/usr.bin.systemcheck. Is it exactly the same? Check using meld or something.

Hi Patrick. After running the cat command this is the output:

deb [signed-by=/usr/share/keyring/derivative.asc] tor+ bookworm main contrib non-free

Sudo nano `/etc/apparmor.d/usr.bin.systemcheck

Output file is different to the link you provided:

the copyright shows 2012 - 2022 and then after this line:
usr/bin/systemcheck flags=(attach_disconnected) {

All the includes have # in front of them and there is only 5 includes the first capability shows capability sys_ptrace, the rest of the contents also appear different compared to the link you provided.

I then installed virtual box on a different machine and checked the file, the file show the same content as the link you provided.

Therefore the KVM file appears to be an old and outdated.

You’re missing the Kicksecure repository. Since Whonix 17, both, Whonix and Kicksecure repositories need to be enabled in Whonix. To enable:

sudo repository-dist --enable --repository stable

Then please re-check that file.

(Whonix APT Repository)

(Whonix is based on Kicksecure.)

It’s a upgrade migration bug that you’re missing that repository and that the release-upgrade script did not advice on that beforehand.

This issue is unspecific to KVM / VIrtualBox / Qubes. These are all using the same repositories. [1]

[1] (Except Qubes-Whonix having the Qubes repository enabled by default but that’s not important and besides the pont.)

Ran the command:

sudo repository-dist --enable --repository stable

Afterwards I ran upgrade-nonroot. (on both GW and WS)

New files installed and systemcheck now working. I have been using my setup without this fix for about a week is there any way I was compromised?

There’s no indication for that.

Malware, Computer Viruses, Firmware Trojans and Antivirus Scanners chapter Valid Compromise Indicators versus Invalid Compromise Indicators in Kicksecure wiki

1 Like

Thanks Patrick everything appears to be in working order now.

For me, running sudo debsums -ce results in:

$ cat /etc/apt/sources.list.d/derivative.list | grep --invert-match "#"

deb [signed-by=/usr/share/keyrings/derivative.asc] tor+http://deb.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion bookworm main contrib non-free
$ sudo cat /etc/apparmor.d/local/usr.bin.thunderbird

(empty file)

$ sudo apt-get-reset thunderbird
Unpacking thunderbird (1:102.15.1-1~deb12u1) over (1:102.15.1-1~deb12u1) ...
Setting up thunderbird (1:102.15.1-1~deb12u1) ...
Skipping profile in /etc/apparmor.d/disable: usr.bin.thunderbird

Not sure how to proceed with the Thunderbird matter.

You do not have the Kicksecure repository. Can be enabled as per:
systemcheck sudo: error while loading shared libraries: cannot open shared object file: No such file or directory - #8 by Patrick

Yes, I saw that and remediated it, thank you. I can’t say that I recall disabling Thunderbird’s AppArmor profile. Does anything need to be done about this?

Or, after invoking both:

$ sudo repository-dist --enable --repository stable --transport onion
$ sudo apt-get-reset thunderbird

Despite the message from apt-get-reset that:
Skipping profile in /etc/apparmor.d/disable: usr.bin.thunderbird

and from debsums -ce that:


after executing the prior commands, can I just go ahead and run upgrade-nonroot and expect that systemcheck will be in working order?


If you are using Thunderbird.

sudo aa-enforce /etc/apparmor.d/usr.bin.thunderbird

After the “full” release-upgrade with both repositories enabled.

1 Like