Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix Spotify and misc Electron apps under firejail #155900

Closed
wants to merge 1 commit into from
Closed

Fix Spotify and misc Electron apps under firejail #155900

wants to merge 1 commit into from

Conversation

reedriley
Copy link
Contributor

@reedriley reedriley commented Jan 20, 2022
edited
Loading

I believe this fixes #153430 and other related issues.

I haven't confirmed if this is a complete fix for discord - but I have confirmed that it fixes at least spotify and signal-desktop.

Motivation for this change

See #153430; something about how firejail sets up the private-etc mount requires a workaround for a large number of applications.

Things done
  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 22.05 Release Notes (or backporting 21.11 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
    • (Release notes changes) Ran nixos/doc/manual/md-to-db.sh to update generated release notes
  • Fits CONTRIBUTING.md.

@reedriley reedriley changed the title Fix Spotify and other Electron apps under firejail Fix Spotify and misc Electron apps under firejail Jan 20, 2022
@reedriley
Fix Spotify and misc Electron apps under firejail
4154ef4 
I believe this fixes NixOS#153430 and other related issues.

I haven't confirmed if this is a complete fix for `discord` - but I have confirmed that it fixes at least `spotify` and `signal-desktop`.
@vs49688
Copy link
Contributor

vs49688 commented Jan 31, 2022
edited
Loading

I'm apprehensive about this, it's why I didn't send a PR when I posted the workaround originally. It's hacky. This should be fixed in Firejail itself.

Could you please file this as an issue with Firejail?
I'd do it myself, but I don't have any of the affected applications installed currently.

@reedriley
Copy link
Contributor Author

reedriley commented Jan 31, 2022
edited
Loading

@vs49688: That's a totally fair point.

And after poking around a bit; it looks like this might be a legit firejail bug. Specifically; if /etc/fonts is a symlink to a directory, then the /run/firejail/lib/fcopy invocation doesn't resolve it to a directory before deciding whether to copy it or copy files from it.

@reedriley
Copy link
Contributor Author

Filed this issue to discuss with firejail devs: netblue30/firejail#4887

@vs49688
Copy link
Contributor

vs49688 commented Feb 7, 2022

Superseded by #153430

@vs49688 vs49688 closed this Feb 7, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
6.topic: nixos 8.has: module (update) 10.rebuild-darwin: 0 10.rebuild-linux: 1-10
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Discord fails to launch under firejail
2 participants
@reedriley @vs49688