-
Notifications
You must be signed in to change notification settings - Fork 556
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Firefox-based browsers have issues with cursor hiding in sway WM (NixOS) #5611
Comments
Can you test with |
Yes, --noprofile allows for it to work as expected. I did just notice something though. I have a qt mouse when running with --noprofile or when not sand-boxed at all. However, when running with the librewolf.profile and firefox.profile, I do not. I believe this may be relevant. |
I checked the console and now see this:
but only when sandboxed with firejail using the librewolf profile. Thats a gtk error so honestly i'm a bit lost, maybe I was wrong in my last message about it being a qt cursor. |
See https://wiki.archlinux.org/title/Cursor_themes#Create_links_to_missing_cursors. In fact, that whole wiki page might be helpful to check. AFAIK mozilla browsers use GTK theming, so if you're using Qt cursor theme(s) this would make sense. |
I read through this, but unfortunately I am using nixOS and don't have a .icons directory at all. I did however do a check, I am using the breeze gtk theme and not the breeze qt theme. They look identical so I got a bit confused. |
So the reason could be that the cursor icon isn't accessible by Firefox. Now the question is where is it installed or configured. |
Okay so here is what I have found so far: The theme is stored in the /nix/store. This is where all packages in nixOS are stored. (This may be different if using home-manager, but I am not.) The good thing is, every node in the nix-store is immutable so I don't believe allowing read access to them from a container/sandbox poses any security risk. That being said, It does mean that someone who is willing to look through my store can read the different packages, derivations, etc. that I have built, so it's not exactly the "best" solution. |
Update: Allowing read-write access to the nix-store and nix-var does not fix anything |
Does this happen with firejail 0.9.72? This does indeed seem like a path-related issue, so try disabling/commenting Then re-enable one by one to see which one breaks it. If it does not change anything, considering that |
It seems that uncommenting the inclusion of the Firefox.profile does do "something". It is able to find a theme. With that being said, this is not breeze-dark(my theme), I have no idea where it is getting this data from. That being said, this is an improvement from not having a theme whatsoever. I will look more into firefox.profile to see what is breaking from inside that. |
Unfortunately, nix packages doesn't have 0.9.72 even on the unstable branch. |
I have found the issue. The line
breaks things. Moreover
is not valid according to the errors I'm getting. Will now look into whitelist-run-common.inc. |
So it seems that trying to whitelist anything from the /run directory on nixos breaks things. I have tried to read and understand the debug log but I don't understand what's wrong. I have attached the debug output below. |
We already Also, as indicated by your output.txt there are several overrides (*.local files that get included too) in play here. I'm not suggesting there's something wrong with that. But it makes debugging this slightly more difficult without seeing their content. Please post those as well. |
Apologies, I uncommented apparmor-replace. Here is my error:
Unfortunately, I have not set up any overrides, it must be nixos's doing. The only thing that I have done is copy paste the profiles into my home folder so I can edit them. (They are immutable by default due to nixos). Just FYI, I uncommented most of the files in whitelist-run-common.inc when taking this output I was uncommenting and recommenting things as needed, I will set everything to default and take another output. |
Thank you for this info. Regarding Alas, I'm clueless at the moment on how to proceed here to fix the issue. Hopefully you can find something to drop from or add to whitelist-run-common.inc. |
This is my fault, It's difficult to find the immutable /etc/ specifically for the package and I found it easier to download the necessary files from the repo. I apologize. I've included the other output directly using the immutable etc for the package. |
No worries, that can happen. You're not the first one to try newer profiles on an older release to fix a problem. Just keep in mind that this is likely to create incompatibility issues and is not advised.
In this context we can ignore the VA-API part. Does librewolf 109.0 throw the same console error when started without firejail? The |
Yes this is not an issue with firejail. It seems to do this regardless of if I put a valid URL in. Either way, this doesn't seem to inhibit the usability of the program. |
FWIW I get similar errors on Artix and the program seems to work fine (though |
@kmk3 Thanks for these de-confusing details on latest librewolf :-) It would be nice to find out if indeed |
It is not "fully" broken as far as I can tell. whitelist-run-common.inc works fine(minus the cursor issue) when using the default firefox-common.profile in the immutable /etc. Unfortunately, it seems to fully break the minute I am using a firefox-common.profile not in the package's immutable /etc. |
Can you create per-user overrides in ${HOME}/.config/firejail? In other words, you do have access to Firejail's overrides functionality on nixos, correct? Although syntactically different, the below should all have the same result. $ cat ~/.config/firejail/firefox-common.local
ignore include whitelist-run-common.inc Or $ cat ~/.config/firejail/firefox-common.profile
ignore include whitelist-run-common.inc
include /etc/firejail/firefox-common.profile Or $ cat ~/.config/firejail/librewolf.local
ignore include whitelist-run-common.inc |
does nothing. |
Glad to hear your overrides are being loaded. Less happy about the mistake I made :-) It should be |
No worries, it's nice to see that I can finally get back to debugging the issue. Anyways yes, putting the new setting into firefox-common.local has the same behavior as using custom profiles. |
Description
On a firejail sandboxed instance of firefox based browsers on swayWM, if the cursor is changed inside the browser, it has trouble changing back. This is most notable when the cursor is hidden such as when viewing a video. Once this happens, the cursor is forever hidden inside that window. Moving the cursor outside the window fixes it, but moving the cursor back inside the window breaks it.
Steps to reproduce
Expected Behavior: Mouse unhides after moving it.
Actual Behavior: Mouse continues to stay hidden after moving it.
Extra testing
Supplemental Information
Firejail version: 0.9.70
SwayWM version: 1.7
Distrobution: NixOS 22.11
The text was updated successfully, but these errors were encountered: