search

netblue30 / firejail

Linux namespaces and seccomp-bpf sandbox
https://firejail.wordpress.com
GNU General Public License v2.0
5.69k stars 557 forks source link

mpv: hardware video decoding nvdec does not work #3335

Open gedec-coin-one opened 4 years ago

gedec-coin-one commented 4 years ago

seems nvdec need nvidia_uvm kernel module loadded to work. Without firejail, when I running mpv, it will load nvidia_uvm module automatically (if it not loaded yet), but inside firejail, it not gonna work, so nvdec can't work either.

temporary workaround: mannually load nvidia_uvm module, eg. sudo modprobe nvidia_uvm.

FYI: firejail version: 0.9.62 kernel version: 5.6.3 nvidia-drivers version: 440.82 my current mpv.local file:

env __NV_PRIME_RENDER_OFFLOAD=1
env __VK_LAYER_NV_optimus=NVIDIA_only
env __GLX_VENDOR_LIBRARY_NAME=nvidia
ignore nodbus
ignore nogroups
ignore nonewprivs
ignore private-dev
ignore noexec ${HOME}
glitsj16 commented 4 years ago

Might be similar to #2447. That was never actually cleared-up.

Without firejail, when I running mpv, it will load nvidia_uvm module automatically (if it not loaded yet),

IMO it's not mpv but the linux kernel that loads the nvidia_uvm module. In any case, the mpv profile uses private-bin env,mpv,python*,youtube-dl, which might be too restrictive in this context. I suggest ignoring that too. Another possibility (in combination with what you already ignored) is noroot. Did you try the --build/--build= options yet?

gedec-coin-one commented 4 years ago

Might be similar to #2447.

I tried --noprofile too, not work.

it's not mpv but the linux kernel that loads the nvidia_uvm module

English is not my first language, I meant mpv triggered something then made kernel loads that.

I tried ignore private-bin env,mpv,python*,youtube-dl and ignore noroot,each then both, and the --build/--build= options, still not work.

here is the profile --build= option generated:

############################################
# /usr/bin/mpv profile
############################################
# Persistent global definitions
# include /etc/firejail/globals.local

### basic blacklisting
include /etc/firejail/disable-common.inc
# include /etc/firejail/disable-devel.inc
include /etc/firejail/disable-passwdmgr.inc
# include /etc/firejail/disable-programs.inc

### home directory whitelisting
whitelist ~/.icons/default
whitelist ~/.icons/default/cursors
whitelist ~/.cursors/default
whitelist ~/.cursors/default/cursors
whitelist ~/.icons/breeze_cursors
whitelist ~/.icons/breeze_cursors/cursors
whitelist ~/.cursors/breeze_cursors
whitelist ~/.cursors/breeze_cursors/cursors
whitelist ~/.Xdefaults-Phantom-Pro
whitelist ~/.pulse-cookie
whitelist ~/.rubberband.wisdom.d
whitelist ~/.XCompose
whitelist ~/.fonts
whitelist ~/.local/share/fonts
whitelist ~/.fonts.conf
whitelist ~/.fonts.conf.d
whitelist ~/.config/fontconfig
whitelist ~/Videos
whitelist ~/.config/mpv
whitelist ~/.nv
include /etc/firejail/whitelist-common.inc

### filesystem

# private-tmp
# File accessed in /tmp directory:
# /tmp/firejail-strace.7wIibg,
# private-dev
# This is the list of devices accessed (on top of regular private-dev devices:
# /dev/dri/card0,/dev/shm/cuda_injection_path_shm,/dev/dri/renderD129,
private-etc machine-id,libva.conf,fonts,mpv,ssl,nvidia,
blacklist /var
private-bin xset,dbus-send,which,sed,grep,mv,bash,mpv,
# private-lib
whitelist /usr/share/icons
whitelist /usr/share/pixmaps
whitelist /usr/share/cursors
whitelist /usr/share/glvnd
whitelist /usr/share/X11
whitelist /usr/share/fonts
whitelist /usr/share/nvidia

### security filters
caps.drop all
nonewprivs
seccomp
# seccomp.keep futex,poll,ioctl,wait4,restart_syscall,getpid,read,write,stat,recvmsg,openat,munmap,mmap,close,sched_yield,lseek,mprotect,execve,clone,writev,sendto,access,getdents64,fstat,mremap,rmdir,unlink,recvfrom,fstatfs,sendmsg,rt_sigprocmask,readlink,rt_sigaction,brk,madvise,fcntl,getpgrp,getrandom,geteuid,set_robust_list,prctl,getegid,getuid,sched_setattr,getgid,socket,connect,fadvise64,shutdown,mkdir,splice,eventfd2,arch_prctl,pipe,dup2,rt_sigreturn,socketpair,getpeername,getsockname,uname,set_tid_address,dup,prlimit64,lstat,setsockopt,statfs,clock_getres,getresuid,getresgid,sigaltstack,fallocate,pipe2,renameat2,ftruncate,newfstatat,umask,sched_get_priority_max,sched_get_priority_min,sched_getaffinity,getsockopt,sysinfo,getppid,gettid,sched_getattr
# 84 syscalls total
# Probably you will need to add more syscalls to seccomp.keep. Look for
# seccomp errors in /var/log/syslog or /var/log/audit/audit.log while
# running your sandbox.

### network
protocol unix,
net none

### environment
shell none
glitsj16 commented 4 years ago

Thanks for posting the --build output. Did that actually work to run mpv with nvdec?

gedec-coin-one commented 4 years ago

Thanks for posting the --build output. Did that actually work to run mpv with nvdec?

no, it's still not work unless load nvidia_uvm module manually.

glitsj16 commented 4 years ago

After a decent portion of sleep I think this is probably seccomp related. Can you try the seccomp.keep list seen in your output from the --build command instead of seccomp?

#seccomp
seccomp.keep futex,poll,ioctl,wait4,restart_syscall,getpid,read,write,stat,recvmsg,openat,munmap,mmap,close,sched_yield,lseek,mprotect,execve,clone,writev,sendto,access,getdents64,fstat,mremap,rmdir,unlink,recvfrom,fstatfs,sendmsg,rt_sigprocmask,readlink,rt_sigaction,brk,madvise,fcntl,getpgrp,getrandom,geteuid,set_robust_list,prctl,getegid,getuid,sched_setattr,getgid,socket,connect,fadvise64,shutdown,mkdir,splice,eventfd2,arch_prctl,pipe,dup2,rt_sigreturn,socketpair,getpeername,getsockname,uname,set_tid_address,dup,prlimit64,lstat,setsockopt,statfs,clock_getres,getresuid,getresgid,sigaltstack,fallocate,pipe2,renameat2,ftruncate,newfstatat,umask,sched_get_priority_max,sched_get_priority_min,sched_getaffinity,getsockopt,sysinfo,getppid,gettid,sched_getattr
rusty-snake commented 4 years ago

@glitsj16 with --noprofile, there are no seccomp filters. @gedec-coin-one have you (or your distro) set force-nonewprivs (or anythin else) in firejail.config?

glitsj16 commented 4 years ago

@rusty-snake Right. I guess I need more/better sleep heh. Too bad I don't have hardware to fully test mpv with nvdec. Our profile seems to cause issues with that specifically, cfr. #2447.

gedec-coin-one commented 4 years ago

have you (or your distro) set force-nonewprivs (or anythin else) in firejail.config?

I'm using Gentoo right now, seems force-nonewprivs is disabled by default.

Screenshot_20200410_202123

firejail.config

# This is Firejail system-wide configuration file. The file contains
# keyword-argument pairs, one per line. Most features are enabled by default.
# Use 'yes' or 'no' as configuration values.

# Enable AppArmor functionality, default enabled.
# apparmor yes

# Number of ARP probes sent when assigning an IP address for --net option,
# default 2. This is a partial implementation of RFC 5227. A 0.5 seconds
# timeout is implemented for each probe. Increase this number to 4 if your
# local layer 2 network uses RSTP (IEEE 802.1w). Permitted values are
# between 1 and 30.
# arp-probes 2

# Enable or disable bind support, default enabled.
# bind yes

# Allow (DRM) execution in browsers, default disabled.
# browser-allow-drm no

# Disable U2F in browsers, default enabled.
# browser-disable-u2f yes

# Enable or disable cgroup support, default enabled.
# cgroup yes

# Enable or disable chroot support, default enabled.
# chroot yes

# Enable or disable dbus handling by --nodbus flag, default enabled.
# dbus yes

# Disable /mnt, /media, /run/mount and /run/media access. By default access
# to these directories is enabled. Unlike --disable-mnt profile option this
# cannot be overridden by --noblacklist or --ignore.
# disable-mnt no

# Set the limit for file copy in several --private-* options. The size is set
# in megabytes. By default we allow up to 500MB.
# Note: the files are copied in RAM.
# file-copy-limit 500

# Enable or disable file transfer support, default enabled.
# file-transfer yes

# Enable Firejail green prompt in terminal, default disabled
# firejail-prompt no

# Follow symlink as user. While using --whitelist feature,
# symlinks pointing outside home directory are followed only
# if both the link and the real file are owned by the user.
# Enabled by default
# follow-symlink-as-user yes

# Force use of nonewprivs.  This mitigates the possibility of
# a user abusing firejail's features to trick a privileged (suid
# or file capabilities) process into loading code or configuration
# that is partially under their control.  Default disabled.
# force-nonewprivs no

# Allow sandbox joining as a regular user, default enabled.
# root user can always join sandboxes.
# join yes

# Enable or disable sandbox name change, default enabled.
# name-change yes

# Enable or disable networking features, default enabled.
# network yes

# Enable or disable overlayfs features, default enabled.
# overlayfs yes

# Remove /usr/local directories from private-bin list, default disabled.
# private-bin-no-local no

# Enable or disable private-home feature, default enabled
# private-home yes

# Enable or disable private-cache feature, default enabled
# private-cache yes

# Enable or disable private-lib feature, default enabled
# private-lib yes

# Enable --quiet as default every time the sandbox is started. Default disabled.
# quiet-by-default no

# Enable or disable restricted network support, default disabled. If enabled,
# networking features should also be enabled (network yes).
# Restricted networking grants access to --interface, --net=ethXXX and
# --netfilter only to root user. Regular users are only allowed --net=none.
# restricted-network no

# Change default netfilter configuration. When using --netfilter option without
# a file argument, the default filter is hardcoded (see man 1 firejail). This
# configuration entry allows the user to change the default by specifying
# a file containing the filter configuration. The filter file format is the
# format of  iptables-save  and iptable-restore commands. Example:
# netfilter-default /etc/iptables.iptables.rules

# Enable or disable seccomp support, default enabled.
# seccomp yes

# Enable or disable user namespace support, default enabled.
# userns yes

# Enable or disable whitelisting support, default enabled.
# whitelist yes

# Enable or disable X11 sandboxing support, default enabled.
# x11 yes

# Screen size for --x11=xephyr, default 800x600. Run /usr/bin/xrandr for
# a full list of resolutions available on your specific setup.
# xephyr-screen 640x480
# xephyr-screen 800x600
# xephyr-screen 1024x768
# xephyr-screen 1280x1024

# Firejail window title in Xephyr, default enabled.
# xephyr-window-title yes

# Xephyr command extra parameters. None by default; these are examples.
# xephyr-extra-params -keybd ephyr,,,xkbmodel=evdev
# xephyr-extra-params -grayscale

# Xpra server command extra parameters. None by default; this is an example.
# xpra-extra-params --dpi 96

# Enable this option if you have a version of Xpra that supports --attach switch
# for start command, default disabled.
# xpra-attach no

# Screen size for --x11=xvfb, default 800x600x24.  The third dimension is
# color depth; use 24 unless you know exactly what you're doing.
# xvfb-screen 640x480x24
# xvfb-screen 800x600x24
# xvfb-screen 1024x768x24
# xvfb-screen 1280x1024x24

# Xvfb command extra parameters.  None by default; this is an example.
# xvfb-extra-params -pixdepths 8 24 32
Ryujinra commented 4 years ago

I should weigh in here since I created #2447, found the problem, and found a solution that works for me (I forgot to return to #2447 and post this solution earlier).

The issue is that the nvidia-uvm device node is not created in /dev when mpv is run via firejail, which in turn prevents CUDA/NVDEC from working.

To solve this without any changes to firejail, you can just use the script nvidia provides to setup the device nodes manually on startup: https://docs.nvidia.com/cuda/cuda-installation-guide-linux/index.html#runfile-verifications. Must be run as root.

Now, the setting up of these device nodes is supposed to be the job of nvidia-modprobe from what I can tell, but it doesn't work properly for some reason on some machines (maybe related to it being a setuid binary), so in these cases I believe firejail is preventing the (kernel's?) automatic setup of any missing device nodes when a program like mpv is called from within the firejail container. You can take a closer look at nvidia's script above to see exactly what permissions are needed to set up these nodes and what internal firejail restrictions may be preventing this process.

Hope this helps get to the bottom of this tricky issue.

glitsj16 commented 4 years ago

@Ryujinra Thank you very much for providing this vital piece of information here. Chances are that we can work with this missing piece of the mpv/nvdec puzzle. I just added a comment to #2447 so users can find this thread more easily. Appreciated, stay healthy!

rusty-snake commented 4 years ago

@gedec-coin-one can you try firejail --noprofile --noblacklist=/sys/module mpv

gedec-coin-one commented 4 years ago

@gedec-coin-one can you try firejail --noprofile --noblacklist=/sys/module mpv

still not work

[ffmpeg] AVHWDeviceContext: cu->cuInit(0) failed -> CUDA_ERROR_UNKNOWN: unknown error