I'm on Debian, i installed a soundfont (fluid-soundfont-gm), that is 150MB. That soundfont uses the update-alternatives system, so it shows up in the etc as a symlink, for compatibility reasons it's linked twice. private-etc copies both of them, that's 300MB... so the 500MB limit is often hit.

Then it seams that it simply ignores what ever exceeds the limit but still runs the app, so the end result is random chaos for any profile that uses private-etc.

At the very least, firejail should not try to run if it loads part of what it was expected to load.

To me it is not clear what the actionable part is here. Can you reformulate it or give examples.

private-etc copies both of them, that's 300MB... so the 500MB limit is often hit.

So there are 200MB left. What else is in /etc that takes so much space?

things started breaking in a chaotic manner and it wasn't obvious that etc was "filled up".... with symlinks.

also electron apps build with electron builder, use update alternative and they are 166MB each because they are statically linked to death. Yes, that's just the executable, i'm discovering this now. Then they are a few normal fonts at 7MB and liblapack.so at 7MB, the rest are smaller. So you only need 3 electron apps build with electron builder to brake firejail.

WITHOUT the soundfonts... du -shL /etc/alternatives/ 375MB

Fedora has update-alternatives?
you can check your's with: du -hL /etc/alternatives/* | grep M for anything weird.

At the very least, that folder should be treated in a special way. Does it really need to copy the symlinked files?

Note that there was recently a change that might fixes this in the next release. #5957

yea ok, it seams a duplicate of #5378