Geary crashes when showing email contents

[triallax]

Description

Geary crashes when it tries to show an email's contents (at least that's the trigger as far as I can tell).

Steps to Reproduce

1. Run LC_ALL=C firejail /bin/geary
2. If the opened Geary window is large enough, it will crash almost instantly when it tries to show an email's contents, otherwise pressing on any email in the email list is sufficient to cause the crash as well

Expected behavior

Geary doesn't crash.

Actual behavior

Geary crashes.

Behavior without a profile

Nothing changes, the same crash happens.

Environment

• Void Linux
• Firejail version (firejail --version). firejail version 0.9.72

Checklist

• The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it).
• I can reproduce the issue without custom modifications (e.g. globals.local).
• The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
• The profile (and redirect profile if exists) hasn't already been fixed upstream.
• I have performed a short search for similar issues (to avoid opening a duplicate).
  • I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.
• I used --profile=PROFILENAME to set the right profile. (Only relevant for AppImages)

Log

Output of LC_ALL=C firejail /bin/geary

Reading profile /etc/firejail/geary.profile
Reading profile /etc/firejail/allow-bin-sh.inc
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-shell.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-runuser-common.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 1900, child pid 1907
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Warning: skipping alternatives for private /etc
Warning: skipping crypto-policies for private /etc
Warning: skipping ld.so.preload for private /etc
Warning: skipping machine-id for private /etc
Warning: skipping mailcap for private /etc
Warning: skipping mime.types for private /etc
Private /etc installed in 42.25 ms
Private /usr/etc installed in 0.00 ms
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Child process initialized in 187.91 ms
*[wrn] 20:11:03.0600 dbind:AT-SPI: Error retrieving accessibility bus address: org.freedesktop.DBus.Error.ServiceUnknown: org.freedesktop.DBus.Error.ServiceUnknown
libEGL warning: wayland-egl: could not open /dev/dri/renderD128 (No such file or directory)
*[wrn] 20:11:03.0693 geary:application-certificate-manager.vala:71: No GCR store found, GCR certificate pinning unavailable
*[wrn] 20:11:03.0693 geary:application-certificate-manager.vala:75: GCR store is not RW, GCR certificate pinning unavailable
*[wrn] 20:11:03.0783 folks:backend-store.vala:435: Error preparing Backend 'telepathy': org.freedesktop.DBus.Error.ServiceUnknown
Could not determine the accessibility bus address
![err] 20:11:04.0389 [no domain]:Failed to start dbus proxy: Failed to spawn child process “/usr/bin/bwrap” (Permission denied)

Parent is shutting down, bye...

Output of LC_ALL=C firejail --debug /bin/geary

https://gist.github.com/mhmdanas/70568d0b47f8c0546ee4a13fff24aa10

[rusty-snake]

Behavior without a profile
Nothing changes, the same crash happens.

Try with --profile=noprofile.

[triallax]

Sorry, I messed up the comment body, I did test with firejail --profile=noprofile and the crash also happened.

[triallax]

Never mind my last comment, I just tested again and it seems like Geary hangs with --profile=noprofile when it tries to show an email's contents.

[glitsj16]

Thanks for reporting.

![err] 20:11:04.0389 [no domain]:Failed to start dbus proxy: Failed to spawn child process “/usr/bin/bwrap” (Permission denied)

bwrap is blacklisted in disable-common.inc:

firejail/etc/inc/disable-common.inc

Lines 657 to 658 in d91d430

	# most of the time bwrap is SUID binary
	blacklist ${PATH}/bwrap

You can try adding noblacklist ${PATH}/bwrap in a geary.local. But you might have hit another incompatibility between firejail and bubblewrap cfr. #2995.

[rusty-snake]

That's the answer. We should remove it from firecfg for now.

[glitsj16]

That's the answer. We should remove it from firecfg for now.

Agreed. There are probably more apps affected by webkit2gtk 4.x using bubblewrap (cfr. #3647).
According to 'required by' info available here these need to be checked:

• devhelp
• geary
• lutris (not in firecfg)
• marker
• nyxt (see Profile requests #1139 (comment))
• shotwell
• sushi
• xreader
• yelp