mattermost-desktop: cannot start

[setpill]

Description

mattermost-desktop with the default profile fails to start.

Steps to Reproduce

1. Run firejail mattermost-desktop

Expected behavior

Mattermost opens

Actual behavior

Mattermost doesn't open

Behavior without a profile

It opened as expected

Additional context

Any other detail that may help to understand/debug the problem

Copying /etc/firejail/mattermost-desktop.profile to ~/.config/firejail/ and commenting out the following line helped.

include disable-shell.inc

This made mattermost run, though the tray icon was broken. This was fixed by commenting out

include electron.profile

Environment

• Linux distribution and version (e.g. "Ubuntu 20.04" or "Arch Linux") Arch Linux
• Firejail version (firejail --version). firejail version 0.9.72
• If you use a development version of firejail, also the commit from which it was compiled (git rev-parse HEAD). Nope, using the version from arch repos.

Checklist

• [x] The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it).
• [x] I can reproduce the issue without custom modifications (e.g. globals.local).
• [x] The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
• [x] The profile (and redirect profile if exists) hasn't already been fixed upstream.
• [x] I have performed a short search for similar issues (to avoid opening a duplicate).
  • [x] I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.
• [x] I used --profile=PROFILENAME to set the right profile. (Only relevant for AppImages)

[rusty-snake]

Copying /etc/firejail/mattermost-desktop.profile to ~/.config/firejail/ and commenting out the following line helped.

include disable-shell.inc

Remove ~/.config/firejail/mattermost-desktop.profile and create instead mattermost-desktop.local with

include allow-bin-sh.inc

and report back. If it works you can open a PR (following the order of the profile.template) with it.

though the tray icon was broken.

Try to add the following to allow-bin-sh.inc too.

ignore dbus-user none
dbus-user filter
dbus-user.own com.mattermost.Desktop
dbus-user.talk org.kde.StatusNotifierWatcher
#dbus-user.talk org.freedesktop.Notifications

[setpill]

Making mattermost-desktop.local with include allow-bin-sh.inc had same effect as commenting out include disable-shell.inc - it worked, but tray icon was broken.

Creating allow-bin-sh.local with the listed options did not fix the tray icon. Even uncommenting the dbus-user.talk org.freedesktop.Notifications did not help.

Also, for these two tests I switched to using the latest git version (commit 020ae58).

[setpill]

On that same version (commit 020ae58) I managed to find the line in electron-common.profile that breaks the tray icon. Commenting out private-tmp made it work.

[setpill]

Okay, the plot thickens. Mattermost-desktop on arch is outdated ( :scream: ). Using the up-to-date mattermost-desktop-bin from the AUR works perfectly fine with the default firejail profile. It also looks like the packaging is generally of higher quality (I suspect the allow-bin-sh.inc fixed things for the default package because the .desktop file was a shell script).

[rusty-snake]

Commenting out private-tmp made it work.

The icon getting replaced with a fallback icon is a known bug with chromium programs. See https://github.com/netblue30/firejail/issues/1137#issuecomment-669496384 for more details and a workaround.

---

OT: If you omit the backticks around commits, they get auto-linked.

020ae58 vs. 020ae58

020ae58 vs. `020ae58`