Open odomingao opened 3 months ago
igo95862
commented
3 months ago Hello @odomingao
It looks like evolution's webkit uses its own bubblewrap:
gnome-shell(1545)───evolution(10495)───bwrap(10633)───bwrap(10634,ipc,mnt,net,pid,user,uts)───WebKit+Multiple sandboxes usually conflict with each other. I wonder if there is an option to disable WebkitGtk sandbox.
igo95862
commented
3 months ago I found it. It is called WEBKIT_DISABLE_SANDBOX_THIS_IS_DANGEROUS=1.
I manged to launch the evolution inside sandbox.
First add the dbus_name = "org.gnome.Evolution" to the [common] section.
After that launch evolution inside bubblejail with that environment variable: (evolution-test is the name of the instance)
bubblejail run evolution-test env WEBKIT_FORCE_SANDBOX=0 evolutionThe second option is to recreate the missing /sys directories that the nested bwrap tries to mount.
mkdir /sys/block
mkdir /sys/bus
mkdir /sys/classI wonder if all those directories should be created by default.
odomingao
commented
3 months ago The second option is to recreate the missing
/sysdirectories that the nested bwrap tries to mount.mkdir /sys/block mkdir /sys/bus mkdir /sys/classI wonder if all those directories should be created by default.
Thank you, this works :)
I believe the "double bagging" might be helpful as the webkit sandbox might isolate the web content from the rest of the mail client's processes
odomingao
commented
3 months ago Though I still get this Failed to create sources: org.freedesktop.DBus.Error.ServiceUnknown when attempting to set up an account. Any idea on how to fix this?
igo95862
commented
3 months ago Probably some D-Bus service that is require is not being added to the sandbox. Does it say which interface it tried to access?
odomingao
commented
3 months ago Yeah, it mentions a few in the stdout logs
(evolution:4): Gdk-WARNING **: 17:28:47.485: Failed to read portal settings: GDBus.Error:org.freedesktop.DBus.Error.UnknownMethod: No such interface “org.freedesktop.portal.Settings” on object at path /org/freedesktop/portal/desktop
(evolution:4): dbind-WARNING **: 17:28:47.501: AT-SPI: Error retrieving accessibility bus address: org.freedesktop.DBus.Error.ServiceUnknown: org.freedesktop.DBus.Error.ServiceUnknown
(evolution:4): e-data-server-CRITICAL **: 17:28:47.533: e_source_registry_ref_builtin_proxy: assertion 'source != NULL' failed
(evolution:4): GLib-GObject-CRITICAL **: 17:28:47.533: g_object_unref: assertion 'G_IS_OBJECT (object)' failed
(evolution:4): e-data-server-CRITICAL **: 17:28:47.583: e_source_registry_ref_builtin_mail_account: assertion 'source != NULL' failed
(evolution:4): e-data-server-CRITICAL **: 17:28:47.583: e_source_registry_ref_default_mail_account: assertion 'E_IS_SOURCE (source)' failed
(evolution:4): e-mail-engine-CRITICAL **: 17:28:47.583: mail_session_configure_local_store: assertion 'service != NULL' failed
(evolution:4): e-mail-engine-CRITICAL **: 17:28:47.583: mail_session_configure_vfolder_store: assertion 'service != NULL' failed
(evolution:4): module-mail-CRITICAL **: 17:28:47.632: mail_shell_backend_constructed: assertion 'vstore != NULL' failed
(evolution:4): module-rss-WARNING **: 17:28:47.690: Failed to commit RSS source: org.freedesktop.DBus.Error.ServiceUnknown
(evolution:4): Gtk-WARNING **: 17:28:47.692: Creating a portal monitor failed: GDBus.Error:org.freedesktop.DBus.Error.UnknownMethod: No such interface “org.freedesktop.portal.Inhibit” on object at path /org/freedesktop/portal/desktop
(evolution:4): e-data-server-CRITICAL **: 17:28:47.692: e_source_registry_ref_builtin_mail_account: assertion 'source != NULL' failed
(evolution:4): e-data-server-CRITICAL **: 17:28:47.692: e_source_registry_ref_default_mail_account: assertion 'E_IS_SOURCE (source)' failed
(evolution:4): GLib-GObject-CRITICAL **: 17:28:47.708: invalid (NULL) pointer instance
(evolution:4): GLib-GObject-CRITICAL **: 17:28:47.708: g_signal_connect_data: assertion 'G_TYPE_CHECK_INSTANCE (instance)' failed
(evolution:4): GLib-GObject-CRITICAL **: 17:28:47.708: invalid (NULL) pointer instance
(evolution:4): GLib-GObject-CRITICAL **: 17:28:47.708: g_signal_connect_data: assertion 'G_TYPE_CHECK_INSTANCE (instance)' failed
(evolution:4): Gtk-CRITICAL **: 17:28:47.731: gtk_list_store_reorder: assertion 'new_order != NULL' failed
(evolution-alarm-notify:13): Gdk-WARNING **: 17:28:47.745: Failed to read portal settings: GDBus.Error:org.freedesktop.DBus.Error.UnknownMethod: No such interface “org.freedesktop.portal.Settings” on object at path /org/freedesktop/portal/desktop
(evolution-alarm-notify:13): dbind-WARNING **: 17:28:47.764: AT-SPI: Error retrieving accessibility bus address: org.freedesktop.DBus.Error.ServiceUnknown: org.freedesktop.DBus.Error.ServiceUnknown
Failed to register: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: org.freedesktop.DBus.Error.ServiceUnknown
Gdk-Message: 17:28:47.794: Error reading events from display: Invalid argument
Reaped: 13 Exit code: 256
Fontconfig error: "/etc/fonts/local.conf", line 7: not well-formed (invalid token)
Fontconfig warning: "/etc/fonts/local.conf", line 7: invalid attribute 'name'
Fontconfig warning: "/etc/fonts/local.conf", line 7: invalid attribute 'mode'
Fontconfig warning: "/etc/fonts/local.conf", line 7: invalid attribute 'target'
Could not determine the accessibility bus address
(evolution:4): libenchant-WARNING **: 17:28:47.901: broker.vala:159: Error loading plugin: libnuspell.so.5: cannot open shared object file: No such file or directory
(evolution:4): libenchant-WARNING **: 17:28:47.901: broker.vala:159: Error loading plugin: libvoikko.so.1: cannot open shared object file: No such file or directory
(evolution:4): libenchant-WARNING **: 17:28:47.902: broker.vala:159: Error loading plugin: libhspell.so.0: cannot open shared object file: No such file or directory
(evolution:4): libenchant-WARNING **: 17:28:47.902: broker.vala:159: Error loading plugin: libaspell.so.15: cannot open shared object file: No such file or directory
(WebKitWebProcess:2): Gdk-WARNING **: 17:28:47.965: Failed to read portal settings: GDBus.Error:org.freedesktop.DBus.Error.NameHasNoOwner: org.freedesktop.DBus.Error.NameHasNoOwner
(evolution:4): GLib-GObject-CRITICAL **: 17:28:48.656: g_object_bind_property_full: assertion 'G_IS_OBJECT (source)' failed
(evolution:4): GLib-GObject-CRITICAL **: 17:28:48.656: g_object_unref: assertion 'G_IS_OBJECT (object)' failed
(evolution:4): GLib-GObject-CRITICAL **: 17:28:48.657: g_object_bind_property_full: assertion 'G_IS_OBJECT (source)' failed
(evolution:4): GLib-GObject-CRITICAL **: 17:28:48.657: g_object_unref: assertion 'G_IS_OBJECT (object)' failed
(evolution:4): e-mail-engine-CRITICAL **: 17:28:48.665: e_mail_session_get_local_folder_uri: assertion 'type < local_folder_uris->len' failed
(evolution:4): e-mail-engine-CRITICAL **: 17:28:48.665: e_mail_session_get_local_folder_uri: assertion 'type < local_folder_uris->len' failed
(evolution:4): e-mail-engine-CRITICAL **: 17:28:48.665: e_mail_session_get_local_folder_uri: assertion 'type < local_folder_uris->len' failed
invoking IsSupported() failed for remote volume monitor with dbus name org.gtk.vfs.UDisks2VolumeMonitor:: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: org.freedesktop.DBus.Error.ServiceUnknown (g-dbus-error-quark, 2)
invoking IsSupported() failed for remote volume monitor with dbus name org.gtk.vfs.MTPVolumeMonitor:: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: org.freedesktop.DBus.Error.ServiceUnknown (g-dbus-error-quark, 2)
** (process:2): WARNING **: 17:28:49.147: Failed to connect to bus: The given address is empty
Fontconfig error: "/etc/fonts/local.conf", line 7: not well-formed (invalid token)
Fontconfig warning: "/etc/fonts/local.conf", line 7: invalid attribute 'name'
Fontconfig warning: "/etc/fonts/local.conf", line 7: invalid attribute 'mode'
Fontconfig warning: "/etc/fonts/local.conf", line 7: invalid attribute 'target'
** (WebKitWebProcess:2): WARNING **: 17:28:49.272: Can't connect to a11y bus: Error receiving data: Connection reset by peer
(evolution:4): e-data-server-CRITICAL **: 17:29:05.174: e_source_registry_ref_builtin_proxy: assertion 'source != NULL' failed
(evolution:4): GLib-GObject-CRITICAL **: 17:29:05.174: g_object_unref: assertion 'G_IS_OBJECT (object)' failed
(evolution:4): e-mail-engine-CRITICAL **: 17:29:22.668: e_mail_session_get_local_folder: assertion 'type < local_folders->len' failed
(evolution:4): Gtk-WARNING **: 17:29:22.669: Calling org.freedesktop.portal.Inhibit.Inhibit failed: GDBus.Error:org.freedesktop.DBus.Error.UnknownMethod: No such interface “org.freedesktop.portal.Inhibit” on object at path /org/freedesktop/portal/desktopI know about the raw_dbus_session_args debug option, but I don't know what the proper syntax is.
igo95862
commented
3 months ago The xdg-dbus-proxy options are documented on its man page: https://man.archlinux.org/man/xdg-dbus-proxy.1
The simplest option is --talk which lets sandbox talk with the D-Bus service with the given name. For example, --talk=org.a11y.Bus (as a single argument) should let the sandbox talk with the accessibility D-Bus service. (but I believe D-Bus interface is only there to obtain address of the socket and it will need another socket passed to sandbox)
You can use the D-Spy to explore your D-Bus session and you can even connect to your sandboxed D-Bus by specifying the unix:path=/run/user/<user_id>/bubblejail/<instance_name>/dbus_session_proxy address.
Strange that you have a lot of portal related errors. Even though the gnome_portal option is deprecated it should still allow accessing all the portals.
odomingao
commented
3 months ago Thanks, I added these rules and shared /run/user/1000/at-spi/bus with it.
"--talk=org.a11y.Bus",
"--own=org.freedesktop.portal.Inhibit",
"--own=org.freedesktop.portal.Settings",The warnings about the accessibility portal are gone, but I'm still unable to add the account and still get the same warnings/errors about desktop portals 🤷
igo95862
commented
3 months ago Hmmm... Try disabling the [gnome_toolkit] and pass the portal directly. Pass --talk=org.freedesktop.portal.Desktop option.
You probably don't want to pass the --own but --talk to allow talking to existing service.
odomingao
commented
3 months ago I tried, unfortunately no luck (though now I get dconf warnings due to the lack of [gnome_toolkit]).
igo95862
commented
3 months ago There is a GDK_DEBUG=portals environment variable in a recent GTK versions to force portals. Maybe it will help?
odomingao
commented
3 months ago no luck, unfortunately. I also tried to check the dbus names the flatpak version has permission to talk with and adding these to the configuration, but that didn't help either.
edit: the flatpak version actually lets me add the account, even after disabling share=ipc in flatseal (which is the only thing that is different from the bubblejail sandbox as far as I can tell). I wonder whether the flatpak is built differently, or there's another difference in the sandbox that I'm missing
Hello. I'm trying to sandbox Evolution, but I get these errors:
Any idea on how to fix this? I did enable
gnome_portal = trueanddconf_dbus = trueunder[gnome_toolkit]