vlc: program does not start with --started-from-file

[ghost]

Hello,

Today, after many months away from Linux, I decided to give VLC a try here. It all worked fine one month ago.

For some reason, I can't open any file with VLC or start it from KDE's menu, because of the --started-from-file part in KDE's launch properties. Output:

[amarildo@amarildo ~]$ firejail /usr/bin/vlc --started-from-file %U Reading profile /etc/firejail/vlc.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-passwdmgr.inc Parent pid 6663, child pid 6664 Warning: /sbin directory link was not blacklisted Warning: /usr/sbin directory link was not blacklisted Blacklist violations are logged to syslog Child process initialized VLC media player 2.2.4 Weatherwax (revision 2.2.3-37-g888b7e89)

Parent is shutting down, bye...

When removing that part, it starts normally:

[amarildo@amarildo ~]$ firejail vlc Reading profile /etc/firejail/vlc.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-passwdmgr.inc Parent pid 6672, child pid 6673 Warning: /sbin directory link was not blacklisted Warning: /usr/sbin directory link was not blacklisted Blacklist violations are logged to syslog Child process initialized VLC media player 2.2.4 Weatherwax (revision 2.2.3-37-g888b7e89) [000000000328aaa8] core libvlc: Running vlc with the default interface. Use 'cvlc' to use vlc without interface.

Following suggestions in https://github.com/netblue30/firejail/issues/814 didn't help. I just compiled firejail-git in Arch and uncommenting private-bin-no-local no didn't help. I also tried setting it to yes.

Commenting the private-tmp only helped if I remove the --started-from-file from the launch properties.

EDIT: Removing --started-from-file from KDE's launch properties does make VLC start normally and it actually adds that part automatically:

3324:amarildo:/usr/bin/firejail /usr/bin/vlc --started-from-file 3325:amarildo:/usr/bin/firejail /usr/bin/vlc --started-from-file 3334:amarildo:/usr/bin/vlc --started-from-file

Not that editing that command wasn't necessary.

[netblue30]

In a text editor open /etc/firejail/vlc.profile and comment out (add a #) the lines there one by one and try vlc again. Probably one of the include lines is creating the problem. I think one of the blacklists in one of the files is creating the problem.

[mr-blobbyyy]

Following suggestions in #814 didn't help. I just compiled firejail-git in Arch and uncommenting private-bin-no-local no didn't help. I also tried setting it to yes.

Wasn't the advice to leave that line indeed commented out?

In a text editor open /etc/firejail/vlc.profile and comment out (add a #) the lines there one by one and try vlc again.

Yep, and for me (v0.9.42), "private-tmp" was the very last line :sweat_smile:

My exec path for "vlc" is this: "vlc --started-from-file %U" for the vlc.desktop file in ~/.local/share/applications/. Here's a swift guide @netblue30 (and others) might reference on the LM forums (in case you already didn't know): https://forums.linuxmint.com/viewtopic.php?p=1165909#p1165909

[chiraag-nataraj]

Is this still an issue?

[chiraag-nataraj]

Seems to work on my end. Going to close this, but @amarildojr and @mr-blobbyyy, please feel free to re-open if it's still an issue.

[GM-Script-Writer-62850]

I am suddenly about to reproduce this xubunut 18.04 64bit

/usr/bin/vlc --started-from-file %U
VLC media player 3.0.4 Vetinari (revision 3.0.4-0-gf615db6332)
chad@Z97Killer:~$ /usr/bin/vlc --started-from-file %U -v
VLC media player 3.0.4 Vetinari (revision 3.0.4-0-gf615db6332)
[000055f8a087d570] main libvlc warning: running VLC instance - exiting..
chad@Z97Killer:~$ apt-cache policy vlc
vlc:
  Installed: 3.0.4-1ubuntu0.2
  Candidate: 3.0.4-1ubuntu0.2
  Version table:
 *** 3.0.4-1ubuntu0.2 500
        500 http://us.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 Packages
        100 /var/lib/dpkg/status
     3.0.3-1-1ubuntu1 500
        500 http://security.ubuntu.com/ubuntu bionic-security/universe amd64 Packages
     3.0.1-3build1 500
        500 http://us.archive.ubuntu.com/ubuntu bionic/universe amd64 Packages

tried reinstalling some parts of VLC tried deleting ~/.cache/vlc, tried deleting ~/.config/vlc, tried deleting ~/.local/share/vlc none of this solved the issue

[Necktwi]

what does --started-from-file %U option do? previously the vlc.desktop worked fine but now it won't start vlc

[0xc0d]

you just need to delete --started-from-file in /usr/share/applications/vlc.desktop something like this: Exec=/usr/bin/vlc %U will be fine

[rusty-snake]

Reopening for now. But I can not reproduce this yet.

---

what does --started-from-file %U option do?

vlc --full-help:

Tell VLC that it is being launched due to a file association in the OS

[b1zzu]

Same here the /usr/bin/vlc --started-from-file doesn't stat VLC, I had to manually fix the .desktop file

OS: Fedora 32 VLC media player 3.0.10 Vetinari (revision 3.0.10-0-g7f145afa84)

[rusty-snake]

Looks like one off you must comment vlc.profile and uncomment line for line to try which is the problematic line.

[b1zzu]

Hi @rusty-snake, I can't find the vlc.profile

[rusty-snake]

Depending on how you installed firejail, but it should be under /etc/firejail/vlc.profile or /usr/local/etc/firejail/vlc.profile.

The easiest way is to copy it to .config/firejail where it will be automatical be loaded by firejail. Example:

mkdir ~/.config/firejail
cp /etc/firejail/vlc.profile ~/.config/firejail
vim ~/.config/firejail/vlc.profile

After testing you can simple delete .config/firejail/vlc.profile.

[it9exm]

Same here. All of a sudden VLC is not starting when double clicking on files. It took a while to discover this was the cause, verified by launching it from a shell. Of course I tried to delete caches , and no, I don't have firejail. Does anybody know what caused this?

[mYnDstrEAm]

I can play a file when I open it in VLC started with firejail /usr/bin/vlc (using /etc/firejail/vlc.profile).

I can play the file with right click->open with->VLC after having added firejail to the VLC application in Debian10/KDE like so: firejail /usr/bin/vlc --started-from-file %U.

But after something happened - and I don't know what - the file doesn't play anymore with the latter method while the former keeps working.

I then get these errors:

filesystem stream error: cannot open file /home/username/file.mp3 (Permission denied) uint DBusMenuExporterDBus::GetLayout(int, int, const QStringList&, DBusMenuLayoutItem&): Condition failed: menu

The latter error shows multiple times and also shows when using the former (working) method to open the file. The file is still owned by my username.

Whatever is happening that causes the file to not play anymore might be related to library scanning by the Nuclear music player (the issue is linked above).

How to solve this problem?

[rusty-snake]

How to solve this problem?

Nobody know. I can not reproduce and other users have not found/reported a cause yet.

[mYnDstrEAm]

I investigated further and the exact same file in one location does played when I select "Open with->VLC media player" and another one in another location didn't play when trying right afterwards. Both files have the same sha512sum and except of the directory-location exactly the same output when entering ls -l filepath. I checked that the open with VLC media player made VLC start via firejail and that no other instance of VLC was running concurrently.

And now I I've found the cause: it works when navigating to the directory directly but not when navigating to the directory via a symbolic link (pressing and holding ctrl+shift while dragging a folder in KDE or selecting "Link Here" after dragging it somewhere).

[rusty-snake]

I tried with this and both ways work. Can you give some more detailed introductions to reproduce.

$ ln -s Videos Videos-slnk
$ cd Videos && firejail vlc --started-from-file foo.mp4 && cd ..
$ cd Videos-slnk && firejail vlc --stared-from-file foo.mp4

[mYnDstrEAm]

These commands work on my machine as well (except for the stared->started typo in the 3rd). The video also plays when creating a folder-link by dragging and choosing open with->VLC media player in KDE/Dolphin. However playing the file doesn't work when the folder-link is placed onto the desktop. Sorry for not testing / stating that it's working in some cases but not in some others (one at least). So:

1. Your commands worked
2. Replicating what your commands do by navigating in Dolphin under Debian10/KDE worked
3. These commands worked:

   ln -s ./Art ~/Desktop/Art-slnk
   cd ~/Desktop/Art-slnk && firejail vlc --started-from-file test.mp4

4. In Debian10/KDE navigating to ~/Desktop/Art-slnk in Dolphin and selecting "Open with->VLC media player" as in 2. did not work.
   I get this error in the VLC media player every 2 seconds or so: filesystem error: cannot open file /home/username/Desktop/Art/test.mp4 (Permission denied).
5. This command did not work (same as 4.): cd ~/Desktop && firejail vlc --started-from-file ~/Desktop/Art-slnk/test.mp4

[rusty-snake]

1. Filesystem is, right?

   - Desktop
   | -  Art
   | | - test.mp4
   | - Art-slnk -> ./Art

2. Is your dolphin firejailed or not?
3. Is a vlc instance already running?
4. This works for me.

   $ mkdir Desktop
   $ mkdir Desktop/Art
   $ ln -s ./Art ~/Desktop/Art-slnk
   $ -- create test video in Desktop/Art
   $ cd Desktop
   $ firejail vlc --started-from-file ~/Desktop/Art-slnk/foo.bar

[mYnDstrEAm]

1. No, it is:

   - Home
   | - Folder
   | | - Art
   | | | - test.mp4
   | - Desktop
   | | - Art-slnk -> ~/Folder/Art

2. It is not firejailed

3. No other VLC instance is running

4. This does not work for me:

mkdir ~/Folder && cd ~/Folder/
mkdir Desktop
mkdir Desktop/Art
ln -s ./Art ./Desktop/Art-slnk
-- copy test video into Desktop/Art
cd ./Desktop/
firejail vlc --started-from-file ./Desktop/Art-slnk/test.mp4

[rusty-snake]

1. Points Art-slnk to ~/Folder/Art (as in 1) or ./Art (as in 4)?
2. Broken for me too. For ls also.

[mYnDstrEAm]

1. In the previous tests and examples given this was the directory-structure. The commands in 4 were executed as they are (hence there the Art folder was the newly created, empty folder).
2. Great, so now we only have to find out what's causing this. MPV also doesn't play the file so it's not VLC-specific.

[rusty-snake]

2. There is no Desktop folder inside the Desktop folder.

[mYnDstrEAm]

You're right, sorry. If you'd like to I could delete the previous comment and edit the post. It works for me as well. What doesn't work is placing the link on the desktop and then opening the file via this link. I could play audio and video files when the link is placed in Home, but not when it is placed onto the desktop. Maybe it has to do with folder-restrictions of other running firejail instances even though I don't think that there's currently any with specific restrictions for the desktop folder and I haven't found any after shortly looking through the firejail profiles currently being used.

[rusty-snake]

You can use firejail --ignore=private-bin --profile=vlc bash to look around inside the sandbox.

[mYnDstrEAm]

The default VLC.profile does not have permissions for the desktop. It seems like the profile for VLC should not blacklist folders as restrictively as it does, and/or make it easy for users to specify which folders contain media files VLC should be able to run via a setup-prompt and/or prompts when trying to open files in other locations (a notification or message-box asking the user to whitelist the directory or file permanently or temporarily) and/or use the target locations for the blacklistings, not the links. For the VLC.profile in specific it might be useful to allow it read-access for all files (in all locations) of specific filetypes.

[rusty-snake]

vlc.profile allows access to ${DESKTOP}, which firejail version do you use? Have you made any modifications to vlc.profile, disable-xdg.inc, vlc.local?

[mYnDstrEAm]

0.9.58.2 in Debian10 and I haven't modified (or created) these files. If this is what caused the problem for the other users here and it has been resolved the issue could be closed. However, only allowing ${DESKTOP} might not solve all issues (I haven't checked if this problem still occurs for other locations) so I'd favor one of the suggestions I have made (for example prompting the user to allow access to a specific directory or all directories for specific filetypes if it gets a permission error). Furthermore, getting a newer version into the Debian repositories might also be good - that might be something mostly outside the scope of this project though.

[rusty-snake]

for example prompting the user to allow access to a specific directory or all directories for specific filetypes if it gets a permission error

unfortunately not possible

getting a newer version into the Debian repositories might also be good

Use the one from the backports

[matu3ba]

0.9.58.2 in Debian10 and I haven't modified (or created) these files. If this is what caused the problem for the other users here and it has been resolved the issue could be closed. However, only allowing ${DESKTOP} might not solve all issues (I haven't checked if this problem still occurs for other locations) so I'd favor one of the suggestions I have made (for example prompting the user to allow access to a specific directory or all directories for specific filetypes if it gets a permission error). Furthermore, getting a newer version into the Debian repositories might also be good - that might be something mostly outside the scope of this project though.

There is a new release planned.

@rusty-snake closing or would you prefer to adjust the bug template for symlink and permission stuff?