search

LizardByte / Sunshine

Self-hosted game stream host for Moonlight.
http://app.lizardbyte.dev/Sunshine/
GNU General Public License v3.0
20.06k stars 963 forks source link

Systray icon does not appear on in plasma(6) wayland session if sunshine has cap_sys_admin #3253

Open v-evets opened 1 month ago

v-evets commented 1 month ago

Is there an existing issue for this?

Is your issue described in the documentation?

Is your issue present in the latest beta/pre-release?

This issue is present in the latest git master

Describe the Bug

If sunshine has cap_sys_admin, libayatana-appindicator cannot get a session bus due to AT_SECURE flag being set:

libayatana-appindicator-WARNING **: 17:01:17.275: Unable to get the session bus: Cannot spawn a message bus when AT_SECURE is set LIBDBUSMENU-GLIB-WARNING **: 17:01:17.275: Unable to get session bus: Cannot spawn a message bus when AT_SECURE is set Gtk-CRITICAL **: 17:01:17.380: gtk_widget_get_scale_factor: assertion 'GTK_IS_WIDGET (widget)' failed

Setting GDK_BACKEND=x11 allows creation of a systray icon, but it is non-functional (does not receive clicks).

I am too lazy to test the latest prerelease, because it FTBFS with boost 1.86 (probably #3248), the build system is a nightmare of pinned dep versions and compile-time downloads (we compile in a sandbox on gentoo), I don't have snap or flatpak installed, and appimage is blocked by #3252

Tested with 0.23.1 release and git master@e90b71c

Expected Behavior

Official installation instructions should result in a working install under most common distribution configurations (selinux, wayland, plasma etc.), any required workarounds or caveats should be documented.

Additional Context

No response

Host Operating System

Linux

Operating System Version

Gentoo Linux 2.15

Architecture

64 bit

Sunshine commit or version

0.23.1

Package

other (not listed)

GPU Type

AMD

GPU Model

RX 6700 XT

GPU Driver/Mesa Version

24.1.7

Capture Method

KMX (Linux)

Config

fps = [10,30,60,75]
resolutions = [
    352x240,
    480x360,
    858x480,
    1280x720,
    1920x1080
]
capture = kms
channels = 2
back_button_timeout = 1000
min_log_level = 3
origin_web_ui_allowed = pc
encoder = vaapi

Apps

No response

Relevant log output

Relevant output in report body. Stupid template.
ReenigneArcher commented 1 month ago

because it FTBFS with boost 1.86

If you can remove boost from deps, Sunshine will fetch boost 1.85 automatically (assuming your build has internet access)... or if they are pinned, then it should be pinned to 1.85.

v-evets commented 1 month ago

git master@e90b71c fails with identical errors:

(sunshine:28875): libayatana-appindicator-WARNING **: 21:43:43.143: Unable to get the session bus: Cannot spawn a message bus when AT_SECURE is set

(sunshine:28875): LIBDBUSMENU-GLIB-WARNING **: 21:43:43.143: Unable to get session bus: Cannot spawn a message bus when AT_SECURE is set

v-evets commented 1 month ago

On a more general note, running GUI applications with cap_sys_admin is functionally equivalent to making them suid root. This has been heavily discouraged since 1999, and with good reason. Running a webserver (local or otherwise) with admin caps is even worse, and frankly makes me reconsider the wisdom of having this project on my systems at all.

chewi commented 1 month ago

FYI I have reproduced this, but I haven't had time to dig into it much. I did see that the glib source simply doesn't allow this, and there didn't seem to be any way around it, but then why does it (almost) work with X11?

v-evets commented 1 month ago

Actually, it does work properly in an X11 (user) session. Where it's partially broken is wayland with GDK_BACKEND=x11, which will obviously involve xwayland (and whatever convoluted shenanigans plasma uses for a systray this month) rather than X11 proper.

I may have been barking up the wrong tree with my initial take on those warnings too... Because they also appear in an X11 session with a perfectly functional sunshine systray. Plot thickens and all that.

We're not falling back to "legacy" xembed if appindicator fails are we? From what I see xembed in plasma/xwayland is all kinds of janky at the moment (bunch of reports relating to missing/repeated/misdirected clicks, xwayland sends xembed input through desktop-portal now, e.g.).

Some more permutations:

X11 session with cap_sys_admin (working systray): libayatana-appindicator-WARNING **: 23:08:52.728: Unable to get the session bus: Cannot spawn a message bus when AT_SECURE is set

LIBDBUSMENU-GLIB-WARNING **: 23:08:52.728: Unable to get session bus: Cannot spawn a message bus when AT_SECURE is set

Wayland session with cap_sys_admin (no systray): libayatana-appindicator-WARNING **: 23:05:32.252: Unable to get the session bus: Cannot spawn a message bus when AT_SECURE is set

LIBDBUSMENU-GLIB-WARNING **: 23:05:32.252: Unable to get session bus: Cannot spawn a message bus when AT_SECURE is set

Gtk-CRITICAL **: 23:05:32.252: gtk_widget_get_scale_factor: assertion 'GTK_IS_WIDGET (widget)' failed

Wayland + GDK_BACKEND=x11 with cap_sys_admin (broken systray): libayatana-appindicator-WARNING **: 23:05:32.252: Unable to get the session bus: Cannot spawn a message bus when AT_SECURE is set

LIBDBUSMENU-GLIB-WARNING **: 23:05:32.252: Unable to get session bus: Cannot spawn a message bus when AT_SECURE is set

Wayland or X11, without cap_sys_admin (working systray): crickets

Very curious.

In any case, I still recon getting rid of cap_sys_admin on the main binary (i.e. use a minimal helper that just opens FDs for KMS capture) is well worth persuing. Something like: https://obsproject.com/forum/threads/experimental-zero-copy-screen-capture-on-linux.101262/ and: https://copyconstruct.medium.com/file-descriptor-transfer-over-unix-domain-sockets-dcbbf5b3b6ec ?

chewi commented 1 month ago

I agree, that does seem like the way to go.