kate: program will not truly exit (AppImage) (dbus)

[Lonniebiz]

Debian 11 Firejail 0.9.70 profile: https://github.com/netblue30/firejail/blob/master/etc/profile-a-l/kate.profile

I downloaded an AppImage of Kate from here: https://binary-factory.kde.org/job/Kate_Release_appimage-centos7/

I launch this application using the following command: firejail --appimage --profile=/etc/firejail/kate.profile ~/AppImages/kate-22.04.3-574-linux-64-gcc.AppImage

The issue I'm having, is that when I exit Kate, using Kate's own GUI, the process doesn't really exit until I press down ctrl-c at the command line from where I launched the command above.

Typically, when you exit a program you've launched from the terminal using firejail, as soon as you exit (via the GUI), the terminal goes back to a ready command prompt, but with Kate, it leaves the program running indefinitely after attempting to exit via its GUI.

Kate has a lot of features that I'd like to have in a text editor, but I'm against its activity tracker that cannot be formally turned off, and you can't install Kate without that activity tracker as a required dependency. I thought maybe I could circumvent these undesired aspects of Kate by running an AppImage of Kate via Firejail, but even after this it seems that Kate is still trying to do something it shouldn't upon exiting. I wish I could find a fork of Kate that removes all unnecessary KDE dependencies.

However, could this issue I'm having (with properly exiting) be due to something in the firejail profile I'm using above? I'd appreciate any advice.

[smitsohu]

Can you try adding deterministic-shutdown to your sandbox options?

Also, if you open a second terminal and run firejail --tree it should show you which processes prevent the sandbox from shutting down.

[Lonniebiz]

@smitsohu : After adding deterministic-shutdown to the very end of the profile (and saving), I launched the AppImage again (using the newly saved profile) like this:

firejail --appimage --profile=/etc/firejail/kate.profile ~/AppImages/kate-22.04.3-574-linux-64-gcc.AppImage

This is the output while running Kate:

Reading profile /etc/firejail/kate.profile
Reading profile /etc/firejail/allow-common-devel.inc
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-run-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Warning: networking feature is disabled in Firejail configuration file
Parent pid 3674, child pid 3686

** Warning: dropping all Linux capabilities and setting NO_NEW_PRIVS prctl **

Mounting appimage type 2
Warning: not remounting /run/user/1000/gvfs
Warning: cleaning all supplementary groups
Child process initialized in 506.71 ms
kf.service.sycoca: ERROR creating database "/home/user/.cache/ksycoca5_en_XnTMwdntpV9HTnlqnyDqea8TdnE=" : "Existing file /home/user/.cache/ksycoca5_en_XnTMwdntpV9HTnlqnyDqea8TdnE= is not writable"

Upon exiting Kate (via Kate's GUI: "File" menu > "Quit"), the process was still running (indicated by firejail not returning to a ready command prompt yet). Exiting Kate via the GUI produce no output at the command line. So, I launched another terminal and entered firejail --tree, and that produced the following output:

3674:user:kate:firejail --appimage --profile=/etc/firejail/kate.profile /home/user/AppImages/kate-22.04.3-574-linux-64-gcc.AppImage 
  3686:user::firejail --appimage --profile=/etc/firejail/kate.profile /home/user/AppImages/kate-22.04.3-574-linux-64-gcc.AppImage 
    3690:user::/run/firejail/appimage/AppRun.wrapped

After waiting 5 minutes, the terminal (where I launched the process initially) provided no additional output and it still had not returned to a ready prompt. So, finally, I pressed ctrl+c, and over the next 10 seconds, this is the output that happened prior to ultimately reaching a ready command prompt:

Parent received signal 2, shutting down the child process...

Child received signal 2, shutting down the sandbox...

Parent is shutting down, bye...
AppImage detached

The exact AppImage I'm using can be downloaded here.

[smitsohu]

I downloaded the AppImage, and I get the same result, but also without Firejail.

So it seems this is a bug (or a feature) in Kate or in the AppImage packaging.

[kmk3]

@Lonniebiz commented on Jul 25:

Debian 11

Kate has a lot of features that I'd like to have in a text editor, but I'm against its activity tracker that cannot be formally turned off

Sounds like a bug to me. Please consider reporting it to KDE (and linking to the report in here). This seems to be the official project page for kactivitymanagerd:

• https://invent.kde.org/plasma/kactivitymanagerd

and you can't install Kate without that activity tracker as a required dependency.

On Arch/Artix, Kate by itself can be installed without kactivitymanagerd, which is only listed as a hard dependency on the plasma-workspace meta-package (though not on the plasma-desktop meta-package):

$ LC_ALL=C pacman -Sii kate | grep ^Depends | sort -u
Depends On      : knewstuff  ktexteditor  kactivities  kuserfeedback  hicolor-icon-theme
$ LC_ALL=C pacman -Sii kactivitymanagerd | grep -e ^Depends -e ^Required | sort -u
Depends On      : kio
Required By     : plasma-workspace
$
$ LC_ALL=C pacman -Sii plasma-workspace | grep -e ^Depends -e ^Required | sort -u
Depends On      : knotifyconfig  ksystemstats  ktexteditor  libqalculate  kde-cli-tools  appstream-qt  xorg-xrdb  xorg-xsetroot  kactivitymanagerd  kholidays  xorg-xmessage  milou  prison  kwin  plasma-integration  kpeople  kactivities-stats  libkscreen  kquickcharts  kuserfeedback  accountsservice  kio-extras  kio-fuse  qt5-tools  oxygen-sounds
Required By     : kcm-wacomtablet  kdeplasma-addons  kget  khotkeys  plasma-browser-integration  plasma-nm  plasma-pa  plasma-pass  plasma-vault  plasma-wayland-session  plasma5-applets-active-window-control  plasma5-applets-thermal-monitor  plasma5-applets-weather-widget  plasma5-applets-window-buttons  powerdevil  systemsettings  telepathy-kde-desktop-applets
$
$ LC_ALL=C pacman -Sii plasma-desktop | grep -e ^Depends -e ^Required | sort -u
Depends On      : gawk  kdelibs4support  polkit-kde-agent  kmenuedit  systemsettings  baloo  xdg-user-dirs  libibus
Required By     : plasma-meta

Though removing plasma-workspace on an Artix KDE install would also remove core DE packages, such as plasma-nm, plasma-pa, powerdevil and even systemsettings, all of which depend directly on plasma-workspace.

Anyway, if it is indeed Kate itself that has a hard dependency on kactivitymanagerd, please consider reporting that as a packaging issue to Debian.

I thought maybe I could circumvent these undesired aspects of Kate by running an AppImage of Kate via Firejail, but even after this it seems that Kate is still trying to do something it shouldn't upon exiting. I wish I could find a fork of Kate that removes all unnecessary KDE dependencies.

However, could this issue I'm having (with properly exiting) be due to something in the firejail profile I'm using above? I'd appreciate any advice.

@Lonniebiz commented on Jul 25:

After adding deterministic-shutdown to the very end of the profile (and saving), I launched the AppImage again (using the newly saved profile) like this:

firejail --appimage --profile=/etc/firejail/kate.profile ~/AppImages/kate-22.04.3-574-linux-64-gcc.AppImage

This is the output while running Kate:

# [...]
kf.service.sycoca: ERROR creating database "/home/user/.cache/ksycoca5_en_XnTMwdntpV9HTnlqnyDqea8TdnE=" : "Existing file /home/user/.cache/ksycoca5_en_XnTMwdntpV9HTnlqnyDqea8TdnE= is not writable"

Upon exiting Kate (via Kate's GUI: "File" menu > "Quit"), the process was still running (indicated by firejail not returning to a ready command prompt yet). Exiting Kate via the GUI produce no output at the command line. So, I launched another terminal and entered firejail --tree, and that produced the following output:

3674:user:kate:firejail --appimage --profile=/etc/firejail/kate.profile /home/user/AppImages/kate-22.04.3-574-linux-64-gcc.AppImage 
  3686:user::firejail --appimage --profile=/etc/firejail/kate.profile /home/user/AppImages/kate-22.04.3-574-linux-64-gcc.AppImage 
    3690:user::/run/firejail/appimage/AppRun.wrapped

Does private-cache prevent the error?

It mounts a tmpfs directory onto ~/.cache, which should prevent junk from being written to the real user home at least on that directory.

[smitsohu]

Ah, with activity tracker you mean kactivitymanagerd! Sorry for the misunderstanding.

If I'm not mistaken you can prevent talk to kactivitymangerd by blocking D-Bus. Simply do firejail --dbus-user=none kate

[Lonniebiz]

@kmk3 Thanks for all the advise. Adding private-cache to the profile didn't prevent the issue of Kate not properly exiting. While running Kate with that option, the command line outputted:

nux-64-gcc.AppImage
Reading profile /etc/firejail/kate.profile
Reading profile /etc/firejail/allow-common-devel.inc
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-run-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Warning: networking feature is disabled in Firejail configuration file
Parent pid 2489072, child pid 2489075

** Warning: dropping all Linux capabilities and setting NO_NEW_PRIVS prctl **

Mounting appimage type 2
Warning: not remounting /run/user/1000/gvfs
Warning: cleaning all supplementary groups
Child process initialized in 110.33 ms
"AppImages.menu"  not found in  ("/etc/xdg/menus")
kf.service.sycoca: Service type not found: "inode/directory"
kf.service.sycoca: Service type not found: "text/markdown"
kf.service.sycoca: Service type not found: "text/plain"
inotify_add_watch(/home/user/AppImages) failed: (Permission denied)

After pressing ctrl+c, to force closing Kate, this output took about 10 seconds to finish:

^C
Parent received signal 2, shutting down the child process...

Child received signal 2, shutting down the sandbox...

Parent is shutting down, bye...
AppImage detached

The exact AppImage I'm using can be downloaded here.

[Lonniebiz]

@smitsohu Thanks! Launching with --dbus-user=none seems to have fixed the issue of Kate not being able to exit using the GUI:

firejail --dbus-user=none --appimage --profile=/etc/firejail/kate.profile /home/user/AppImages/kate-22.04.3-574-linux-64-gcc.AppImage
Reading profile /etc/firejail/kate.profile
Reading profile /etc/firejail/allow-common-devel.inc
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-run-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Warning: networking feature is disabled in Firejail configuration file
Parent pid 2513689, child pid 2513692

** Warning: dropping all Linux capabilities and setting NO_NEW_PRIVS prctl **

Mounting appimage type 2
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Warning: not remounting /run/user/1000/gvfs
Warning: cleaning all supplementary groups
Child process initialized in 116.50 ms
"applications.menu"  not found in  ("/etc/xdg/menus")
kf.service.sycoca: Service type not found: "text/markdown"
kf.service.sycoca: Service type not found: "inode/directory"
kf.service.sycoca: Service type not found: "text/plain"

Upon exiting, using Kate's GUI, the terminal immediately reached a ready prompt:

Parent is shutting down, bye...
AppImage detached
▶

[smitsohu]

Glad you have solution!

Should we close here?

[kmk3]

@Lonniebiz commented on Jul 28:

Launching with --dbus-user=none seems to have fixed the issue of Kate not being able to exit using the GUI:

Glad that a workaround was found.

Re-closing as "not planned" since nothing was changed in firejail.

By the way, hanging indefinitely due to lack of access to dbus seems like a bug to me, so please consider reporting it to Kate:

• https://invent.kde.org/utilities/kate

Fixing the issue there would obviate the need to work around it for everyone affected.