Open aardbol opened 8 months ago
Thanks for reporting. We'll need a bit more info on your setup though. Are you running Dolphin sandboxed? How does your mpv.desktop look like (either from /usr/share/applications or ~/.local/share/applications)? In other words, do you use firecfg at all?
The mpv profile doesn't include disable-xdg.inc, so it's unclear why your ~/Downloads folder is working while other paths under your user's /home aren't. Can you post that globals.local here please?
Is this a "normal" filesystem or some kind of FUSE like a samba share?
Behavior without a profile Same behavior
Impossible.
Is this a "normal" filesystem or some kind of FUSE like a samba share?
local FS yes. BTRFS to be specific.
Behavior without a profile Same behavior
Impossible.
You're right, the problem is a bit different:
firejail --noprofile mpv op.mp4
:
Parent pid 872710, child pid 872711
Child process initialized in 5.97 ms
Warning: an existing sandbox was detected. /usr/bin/mpv will run without any additional sandboxing features
[file] Cannot open file 'op.mp4': No such file or directory
Failed to open op.mp4.
Exiting... (Errors when loading file)
Parent is shutting down, bye...
Thanks for reporting. We'll need a bit more info on your setup though. Are you running Dolphin sandboxed? How does your mpv.desktop look like (either from /usr/share/applications or ~/.local/share/applications)? In other words, do you use firecfg at all?
The mpv profile doesn't include disable-xdg.inc, so it's unclear why your ~/Downloads folder is working while other paths under your user's /home isn't. Can you post that globals.local here please?
Yes Dolphin is also sandboxes, via firecfg
, no custom local config.
In /usr/share/applications
:
[Desktop Entry]
Type=Application
Name=mpv Media Player
GenericName=Multimedia player
Comment=Play movies and songs
Icon=mpv
TryExec=mpv
Exec=mpv --player-operation-mode=pseudo-gui -- %U
Terminal=false
Categories=AudioVideo;Audio;Video;Player;TV;
MimeType=application/ogg;application/x-ogg;application/mxf;application/sdp;application/smil;application/x-smil;appl>
X-KDE-Protocols=ftp,http,https,mms,rtmp,rtsp,sftp,smb,srt,rist,webdav,webdavs
StartupWMClass=mpv
mpv.local:
private-bin env,mpv,python*,waf,youtube-dl,yt-dlp,ls
whitelist ${HOME}/.SiriKali
read-only ${HOME}/.SiriKali
whitelist ${HOME}/z_nobackup
read-only ${HOME}/z_nobackup
$ firejail --noprofile mpv op.mp4 Warning: an existing sandbox was detected. /usr/bin/mpv will run without any additional sandboxing features
This is a common mistake. Always use the full path to the application's executable (in this case /usr/bin/mpv). If you don't, the command actually tries to execute firejail firejail mpv ...
, which throws firejail into confusion. I'm not saying this is the cause of your issue, but it sure makes things much harder to debug.
Yes Dolphin is also sandboxes, via firecfg, no custom local config.
How exactly did you add dolphin to firecfg? It isn't in /etc/firejail/firecfg.config by default.
mpv.local [...] private-bin env,mpv,python*,waf,youtube-dl,yt-dlp,ls
Our mpv.profile already has private-bin env,mpv,python*,waf,youtube-dl,yt-dlp
. If you want to add other binaries to it, just use private-bin ls
in mpv.local. The private-bin option is cumulative.
Please make these changes and post output from
$ firejail --noprofile /usr/bin/mpv /full/path/to/op.mp4
Yes Dolphin is also sandboxes, via firecfg, no custom local config.
How exactly did you add dolphin to firecfg? It isn't in /etc/firejail/firecfg.config by default.
Good eye, it's not sandboxed. I didn't know about that file.
Please make these changes and post output from
$ firejail --noprofile /usr/bin/mpv /full/path/to/op.mp4
Same problem as before if given the relative path of the video. Absolute path works.
Same problem as before if it's the relative path. Absolute path works.
Out of ideas here. I'd check (the Exec=... line in) ~/.local/share/applications/mpv.desktop, but I assume you've already done so. And mimeapps.list
(both in ~/.config & ~/.local/share/applications). Hopefully someone with actual KDE/Dolphin experience chimes in.
I have the same issue with gwenview opening an image from a mounted cryptomator container. Path: /home/*/.local/share/Cryptomator
. Disabling gwenview in firecfg makes it work again
However, mpv can play videos and musics from /home/$USER/Videos and /home/$USER/Music and gwenview also can show images from /home/$USER/Pictures.
Description
Opening videos in mpv via Dolphin doesn't work. mpv doesn't even start. But opening mpv and dragging and dropping the video from the same location works and the video will be played.
Steps to Reproduce
Browse to the folder. Open the video file and see that mpv won't start.
Run mpv video in terminal. In terminal error:
Error: cannot access profile file: globals.local
The behavior works in the Downloads folder though
Expected behavior
Video plays
Actual behavior
Nothing.
Behavior without a profile
Same behavior
Additional context
The folder containing video files has been whitelisted and set read-only.
Environment
Arch with latest firejail
Checklist
/usr/bin/vlc
) "fixes" it).https://github.com/netblue30/firejail/issues/1139
)browser-allow-drm yes
/browser-disable-u2f no
infirejail.config
to allow DRM/U2F in browsers.--profile=PROFILENAME
to set the right profile. (Only relevant for AppImages)Log
Output of
LC_ALL=C firejail /path/to/program
``` Error: cannot access profile file: globals.local ```
Output of
LC_ALL=C firejail --debug /path/to/program
``` output goes here ```