[GH-ISSUE #2889] transmission-remote-gtk libcanberra issue - fails to start #1806

New issue

Closed

opened 2026-05-05 08:28:39 -06:00 by gitea-mirror · 20 comments

gitea-mirror commented 2026-05-05 08:28:39 -06:00

Owner

Copy link

Originally created by @ilikenwf on GitHub (Aug 4, 2019).
Original GitHub issue: https://github.com/netblue30/firejail/issues/2889

I'm using transmission-remote-gtk 1.4.1

Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Gtk-Message: 21:54:55.506: Failed to load module "canberra-gtk-module"

(transmission-remote-gtk:285): Gtk-WARNING **: 21:54:55.506: cannot open display: :0

Originally created by @ilikenwf on GitHub (Aug 4, 2019). Original GitHub issue: https://github.com/netblue30/firejail/issues/2889 I'm using transmission-remote-gtk 1.4.1 ```transmission-remote-gtk [08/04 04:54 PM] Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Gtk-Message: 21:54:55.506: Failed to load module "canberra-gtk-module" (transmission-remote-gtk:285): Gtk-WARNING **: 21:54:55.506: cannot open display: :0 ```

gitea-mirror 2026-05-05 08:28:39 -06:00

• closed this issue
• added the
  bug
  label

gitea-mirror commented 2026-05-05 08:28:41 -06:00

Author

Owner

Copy link

@ilikenwf commented on GitHub (Aug 4, 2019):

...it does start without using firejail.

<!-- gh-comment-id:518039608 --> @ilikenwf commented on GitHub (Aug 4, 2019): ...it does start without using firejail.

gitea-mirror commented 2026-05-05 08:28:43 -06:00

Author

Owner

Copy link

@Fred-Barclay commented on GitHub (Aug 4, 2019):

Hi @ilikenwf
What version of firejail and linux distro are you using?

Can you open the file /etc/firejail/transmission-remote.profile and comment out the line memory-deny-write-execute (put a # at the beginning of the line). Then save it and try to run transmission-remote-gtk with firejail again.

Cheers!
Fred

<!-- gh-comment-id:518040207 --> @Fred-Barclay commented on GitHub (Aug 4, 2019): Hi @ilikenwf What version of firejail and linux distro are you using? Can you open the file `/etc/firejail/transmission-remote.profile` and comment out the line `memory-deny-write-execute` (put a `#` at the beginning of the line). Then save it and try to run transmission-remote-gtk with firejail again. Cheers! Fred

gitea-mirror commented 2026-05-05 08:28:44 -06:00

Author

Owner

Copy link

@ghost commented on GitHub (Aug 5, 2019):

Gtk-Message: 21:54:55.506: Failed to load module "canberra-gtk-module"

@ilikenwf Depending on firejail version and OS used this part of the issue might be caused by using private-lib without any further specifications in the profile or by simply not having the mentioned GTK module installed on your system. On Arch it is part of the libcanberra package but you can check this with your OS's native package manager tools. I'm guessing this issue can be easily fixed as soon as we get more info from your side on what @Fred-Barclay asked above. Thanks for reporting this.

<!-- gh-comment-id:518048325 --> @ghost commented on GitHub (Aug 5, 2019): > Gtk-Message: 21:54:55.506: Failed to load module "canberra-gtk-module" @ilikenwf Depending on firejail version and OS used this part of the issue might be caused by using `private-lib` without any further specifications in the profile or by simply not having the mentioned GTK module installed on your system. On Arch it is part of the `libcanberra` package but you can check this with your OS's native package manager tools. I'm guessing this issue can be easily fixed as soon as we get more info from your side on what @Fred-Barclay asked above. Thanks for reporting this.

gitea-mirror commented 2026-05-05 08:28:45 -06:00

Author

Owner

Copy link

@ilikenwf commented on GitHub (Aug 5, 2019):

I'm using arch and have both canberra packages installed; I'm also using the git version of firejail.

<!-- gh-comment-id:518048953 --> @ilikenwf commented on GitHub (Aug 5, 2019): I'm using arch and have both canberra packages installed; I'm also using the git version of firejail.

gitea-mirror commented 2026-05-05 08:28:45 -06:00

Author

Owner

Copy link

@ilikenwf commented on GitHub (Aug 5, 2019):

Commenting out the private-lib and memory-deny-write-execute directives results in only this:

Reading profile /etc/firejail/transmission-remote-gtk.profile
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc

(transmission-remote-gtk:8): Gtk-WARNING **: 00:26:06.979: cannot open display: :0

<!-- gh-comment-id:518049215 --> @ilikenwf commented on GitHub (Aug 5, 2019): Commenting out the private-lib and memory-deny-write-execute directives results in only this: ```transmission-remote-gtk [08/04 07:26 PM] Reading profile /etc/firejail/transmission-remote-gtk.profile Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-var-common.inc (transmission-remote-gtk:8): Gtk-WARNING **: 00:26:06.979: cannot open display: :0 ```

gitea-mirror commented 2026-05-05 08:28:46 -06:00

Author

Owner

Copy link

@Fred-Barclay commented on GitHub (Aug 5, 2019):

@ilikenwf With private-lib still commented out, can you try adding unix to the protocol line?

E.g.

protocol unix,inet,inet6

EDIT: second inet is inet6

<!-- gh-comment-id:518049745 --> @Fred-Barclay commented on GitHub (Aug 5, 2019): @ilikenwf With `private-lib` still commented out, can you try adding `unix` to the `protocol` line? E.g. ``` protocol unix,inet,inet6 ``` EDIT: second inet is inet**6**

gitea-mirror commented 2026-05-05 08:28:47 -06:00

Author

Owner

Copy link

@Fred-Barclay commented on GitHub (Aug 5, 2019):

Also (with protocol unix,inet,inet6) can you try out the following private-lib?

private-lib libjson-glib*,libcurl.so*,libgtk-3.so*,libGeoIP.so*,libnotify.so*

<!-- gh-comment-id:518050256 --> @Fred-Barclay commented on GitHub (Aug 5, 2019): Also (with `protocol unix,inet,inet6`) can you try out the following private-lib? ``` private-lib libjson-glib*,libcurl.so*,libgtk-3.so*,libGeoIP.so*,libnotify.so* ```

gitea-mirror commented 2026-05-05 08:28:47 -06:00

Author

Owner

Copy link

@ilikenwf commented on GitHub (Aug 5, 2019):

Adding unix to the protocol line helped in that the application now runs, however it seems to be
unable to read it's profile in .config or wherver transmission-remote stores settings.

The private-lib settings cause it to break again...

Those settings appear to be in ~/.config/transmission-remote-gtk

Beyond that it is reading settings with the mkdir and whitelist in place, however it can't resolve my transmission host's domain now.

<!-- gh-comment-id:518077621 --> @ilikenwf commented on GitHub (Aug 5, 2019): Adding unix to the protocol line helped in that the application now runs, however it seems to be unable to read it's profile in .config or wherver transmission-remote stores settings. The private-lib settings cause it to break again... Those settings appear to be in ~/.config/transmission-remote-gtk Beyond that it is reading settings with the mkdir and whitelist in place, however it can't resolve my transmission host's domain now.

gitea-mirror commented 2026-05-05 08:28:47 -06:00

Author

Owner

Copy link

@rusty-snake commented on GitHub (Aug 5, 2019):

@ilikenwf so the following transmission-remote-gtk.profile works?
not sure about ignore mdwe and ${HOME}/.config/transmission

# Firejail profile for transmission-remote-gtk
# Description: A remote control utility for transmission-daemon (GTK GUI)
# This file is overwritten after every install/update
# Persistent local customizations
include transmission-remote-gtk.local
# Persistent global definitions
# added by included profile
#include globals.local

ignore private-lib
ignore memory-deny-write-execute

mkdir ${HOME}/.cache/transmission
mkdir ${HOME}/.config/transmission
mkdir ${HOME}/.config/transmission-remote-gtk
whitelist ${HOME}/.cache/transmission
whitelist ${HOME}/.config/transmission
whitelist ${HOME}/.config/transmission-remote-gtk
include whitelist-common.inc
include whitelist-var-common.inc

protocol unix

private-etc fonts

# Redirect
include transmission-remote.profile

however it can't resolve my transmission host's domain now.

Try --ignore=private-etc if that fix it try --private-etc=resolv.conf.

<!-- gh-comment-id:518132521 --> @rusty-snake commented on GitHub (Aug 5, 2019): @ilikenwf so the following `transmission-remote-gtk.profile` works? not sure about `ignore mdwe` and `${HOME}/.config/transmission` ``` # Firejail profile for transmission-remote-gtk # Description: A remote control utility for transmission-daemon (GTK GUI) # This file is overwritten after every install/update # Persistent local customizations include transmission-remote-gtk.local # Persistent global definitions # added by included profile #include globals.local ignore private-lib ignore memory-deny-write-execute mkdir ${HOME}/.cache/transmission mkdir ${HOME}/.config/transmission mkdir ${HOME}/.config/transmission-remote-gtk whitelist ${HOME}/.cache/transmission whitelist ${HOME}/.config/transmission whitelist ${HOME}/.config/transmission-remote-gtk include whitelist-common.inc include whitelist-var-common.inc protocol unix private-etc fonts # Redirect include transmission-remote.profile ``` > however it can't resolve my transmission host's domain now. Try `--ignore=private-etc` if that fix it try `--private-etc=resolv.conf`.

gitea-mirror commented 2026-05-05 08:28:48 -06:00

Author

Owner

Copy link

@ghost commented on GitHub (Aug 5, 2019):

IMHO we should redo the profile and redirect to transmission-gtk.profile instead. That should solve all encountered issues by @ilikenwf in a more elegant and maintainable way. Just my two cents.

<!-- gh-comment-id:518267941 --> @ghost commented on GitHub (Aug 5, 2019): IMHO we should redo the profile and redirect to `transmission-gtk.profile` instead. That should solve all encountered issues by @ilikenwf in a more elegant and maintainable way. Just my two cents.

gitea-mirror commented 2026-05-05 08:28:48 -06:00

Author

Owner

Copy link

@rusty-snake commented on GitHub (Aug 5, 2019):

Or turn the redirect
=> transmission-remote.profile include transmission-remote-gtk.profile and add some restrictions.

<!-- gh-comment-id:518274185 --> @rusty-snake commented on GitHub (Aug 5, 2019): Or turn the redirect => transmission-remote.profile include transmission-remote-gtk.profile and add some restrictions.

gitea-mirror commented 2026-05-05 08:28:49 -06:00

Author

Owner

Copy link

@ilikenwf commented on GitHub (Aug 5, 2019):

The modifications I mentioned to transmission-remote.profile and the above do work to run the application, however it is not able to access the network for some reason.

<!-- gh-comment-id:518436682 --> @ilikenwf commented on GitHub (Aug 5, 2019): The modifications I mentioned to transmission-remote.profile and the above do work to run the application, however it is not able to access the network for some reason.

gitea-mirror commented 2026-05-05 08:28:49 -06:00

Author

Owner

Copy link

@rusty-snake commented on GitHub (Aug 6, 2019):

however it is not able to access the network

internet or your LAN?

I assume that firejail --noprofile transmission-remote-gtk works.
Can you try firejail --ignore=eth --ignore=netfilter --ignore=protocol --ignore=net --ignore="net none" --ignore=private-etc --ignore=nodbus transmission-remote-gtk. And if it works, try to find out which ignore is needed.

<!-- gh-comment-id:518823318 --> @rusty-snake commented on GitHub (Aug 6, 2019): > however it is not able to access the network internet or your LAN? I assume that `firejail --noprofile transmission-remote-gtk` works. Can you try `firejail --ignore=eth --ignore=netfilter --ignore=protocol --ignore=net --ignore="net none" --ignore=private-etc --ignore=nodbus transmission-remote-gtk`. And if it works, try to find out which `ignore` is needed.

gitea-mirror commented 2026-05-05 08:28:49 -06:00

Author

Owner

Copy link

@ilikenwf commented on GitHub (Aug 6, 2019):

firejail --noprofile transmission-remote-gtk does indeed work as expected.

<!-- gh-comment-id:518840557 --> @ilikenwf commented on GitHub (Aug 6, 2019): ```firejail --noprofile transmission-remote-gtk``` does indeed work as expected.

gitea-mirror commented 2026-05-05 08:28:50 -06:00

Author

Owner

Copy link

@ilikenwf commented on GitHub (Aug 6, 2019):

Ok, so it seems these are the ones breaking it, as it runs fine this way:

firejail --ignore=protocol --ignore=private-lib --ignore=private-etc transmission-remote-gtk

Along with these profiles:
https://gist.github.com/ilikenwf/f265644a87788d0a698c9a5e8cbc1e2a

<!-- gh-comment-id:518841647 --> @ilikenwf commented on GitHub (Aug 6, 2019): Ok, so it seems these are the ones breaking it, as it runs fine this way: ```firejail --ignore=protocol --ignore=private-lib --ignore=private-etc transmission-remote-gtk``` Along with these profiles: https://gist.github.com/ilikenwf/f265644a87788d0a698c9a5e8cbc1e2a

gitea-mirror commented 2026-05-05 08:28:50 -06:00

Author

Owner

Copy link

@rusty-snake commented on GitHub (Aug 6, 2019):

@ilikenwf transmisson has a very restrictiv private-etc, can you try with:
--private-etc=ca-certificates,ssl,pki,crypto-policies,nsswitch.conf,resolv.conf,hosts,host.conf,hostname,protocols,services,rpc
And maybe also:
--private-etc=alternatives,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,xdg,dconf,gconf,gtk-2.0,gtk-3.0

<!-- gh-comment-id:518844836 --> @rusty-snake commented on GitHub (Aug 6, 2019): @ilikenwf transmisson has a very restrictiv private-etc, can you try with: `--private-etc=ca-certificates,ssl,pki,crypto-policies,nsswitch.conf,resolv.conf,hosts,host.conf,hostname,protocols,services,rpc` And maybe also: `--private-etc=alternatives,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,xdg,dconf,gconf,gtk-2.0,gtk-3.0`

gitea-mirror commented 2026-05-05 08:28:51 -06:00

Author

Owner

Copy link

@ilikenwf commented on GitHub (Aug 7, 2019):

After playing with those private-etc settings, I find this is the minimum required to work with the aforementioned/gisted profiles:

firejail --ignore=protocol --private-etc=resolv.conf,hosts,hostname transmission-remote-gtk

<!-- gh-comment-id:518901191 --> @ilikenwf commented on GitHub (Aug 7, 2019): After playing with those private-etc settings, I find this is the minimum required to work with the aforementioned/gisted profiles: ```firejail --ignore=protocol --private-etc=resolv.conf,hosts,hostname transmission-remote-gtk```

gitea-mirror commented 2026-05-05 08:28:51 -06:00

Author

Owner

Copy link

@ilikenwf commented on GitHub (Aug 7, 2019):

Ok, so after all that is rolled into the profiles I end up with this so far:

# Firejail profile for transmission-remote-gtk
# Description: A remote control utility for transmission-daemon (GTK GUI)
# This file is overwritten after every install/update
# Persistent local customizations
include transmission-remote-gtk.local
# Persistent global definitions
# added by included profile
#include globals.local

ignore private-lib

mkdir ${HOME}/.cache/transmission
mkdir ${HOME}/.config/transmission
mkdir ${HOME}/.config/transmission-remote-gtk
whitelist ${HOME}/.cache/transmission
whitelist ${HOME}/.config/transmission
whitelist ${HOME}/.config/transmission-remote-gtk
include whitelist-common.inc
include whitelist-var-common.inc

protocol inet,inet6,unix

private-bin transmission-remote-gtk
private-etc fonts,resolv.conf,hosts,hostname

# Redirect
include transmission-remote.profile

# Firejail profile for transmission-remote
# Description: A remote control utility for transmission-daemon (CLI)
# This file is overwritten after every install/update
quiet
# Persistent local customizations
include transmission-remote.local
# Persistent global definitions
include globals.local


noblacklist ${HOME}/.cache/transmission
noblacklist ${HOME}/.config/transmission

include disable-common.inc
include disable-devel.inc
include disable-exec.inc
include disable-interpreters.inc
include disable-passwdmgr.inc
include disable-programs.inc

apparmor
caps.drop all
machine-id
netfilter
nodbus
nodvd
nonewprivs
noroot
nosound
notv
nou2f
novideo
protocol inet,inet6,unix
seccomp
shell none
tracelog

private-bin transmission-remote
private-dev
private-etc alternatives,hosts,nsswitch.conf
private-lib 
private-tmp

memory-deny-write-execute

So we're really just down to the private lib ignore line being the only ignore rule now...

<!-- gh-comment-id:518901817 --> @ilikenwf commented on GitHub (Aug 7, 2019): Ok, so after all that is rolled into the profiles I end up with this so far: ``` # Firejail profile for transmission-remote-gtk # Description: A remote control utility for transmission-daemon (GTK GUI) # This file is overwritten after every install/update # Persistent local customizations include transmission-remote-gtk.local # Persistent global definitions # added by included profile #include globals.local ignore private-lib mkdir ${HOME}/.cache/transmission mkdir ${HOME}/.config/transmission mkdir ${HOME}/.config/transmission-remote-gtk whitelist ${HOME}/.cache/transmission whitelist ${HOME}/.config/transmission whitelist ${HOME}/.config/transmission-remote-gtk include whitelist-common.inc include whitelist-var-common.inc protocol inet,inet6,unix private-bin transmission-remote-gtk private-etc fonts,resolv.conf,hosts,hostname # Redirect include transmission-remote.profile ``` ``` # Firejail profile for transmission-remote # Description: A remote control utility for transmission-daemon (CLI) # This file is overwritten after every install/update quiet # Persistent local customizations include transmission-remote.local # Persistent global definitions include globals.local noblacklist ${HOME}/.cache/transmission noblacklist ${HOME}/.config/transmission include disable-common.inc include disable-devel.inc include disable-exec.inc include disable-interpreters.inc include disable-passwdmgr.inc include disable-programs.inc apparmor caps.drop all machine-id netfilter nodbus nodvd nonewprivs noroot nosound notv nou2f novideo protocol inet,inet6,unix seccomp shell none tracelog private-bin transmission-remote private-dev private-etc alternatives,hosts,nsswitch.conf private-lib private-tmp memory-deny-write-execute ```` So we're really just down to the private lib ignore line being the only ignore rule now...

gitea-mirror commented 2026-05-05 08:28:51 -06:00

Author

Owner

Copy link

@ghost commented on GitHub (Aug 21, 2019):

I've gone ahead and pushed refactored transmission profiles. Re-opening this to get input from the OP, @ilikenwf.

<!-- gh-comment-id:523663937 --> @ghost commented on GitHub (Aug 21, 2019): I've gone ahead and pushed refactored transmission profiles. Re-opening this to get input from the OP, @ilikenwf.

gitea-mirror commented 2026-05-05 08:28:52 -06:00

Author

Owner

Copy link

@ghost commented on GitHub (Aug 28, 2019):

@ilikenwf I'm closing this as it should be fixed now. Feel free to reopen when needed.

<!-- gh-comment-id:525949643 --> @ghost commented on GitHub (Aug 28, 2019): @ilikenwf I'm closing this as it should be fixed now. Feel free to reopen when needed.

gitea-mirror referenced this issue 2026-05-05 10:13:17 -06:00

[PR #1806] [CLOSED] kate: allow system-wide read access #4075

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

serialize_remounts_v2

landlock_v4

landlock

release-0.9.64

release-0.9.62

gitlab_ci

LTSbase

fred_ctests

docs

0.9.80

0.9.80-rc1

0.9.78

0.9.76

0.9.76-rc4

0.9.76-rc3

0.9.76-rc2

0.9.76-rc1

0.9.74

landlock-split

0.9.72

0.9.72rc1

0.9.70

0.9.68

0.9.68rc1

0.9.66

0.9.66rc1

0.9.64.4

0.9.64.2

0.9.64

0.9.64rc1

0.9.62.4

0.9.62.2

0.9.62

0.9.56.2-LTS

0.9.60

0.9.60-rc1

0.9.58.2

0.9.58

0.9.58-rc1

0.9.56-LTS-release

0.9.56-LTS

0.9.56

0.9.56-rc1

0.9.54

0.9.54-rc2

0.9.54-rc1

0.9.52

0.9.38.12

0.9.50

0.9.50-rc1

0.9.48

0.9.46

0.9.46-rc1

0.9.44.10

0.9.44.8

0.9.44.6

0.9.38.10

0.9.44.4

0.9.38.8

0.9.44.2

0.9.44

0.9.44-rc1

0.9.38.4

0.9.42

0.9.42-rc2

0.9.38.2

0.9.42-rc1

disable-globalcfg

0.9.40

0.9.40-rc1

0.9.38

0.9.38-rc1

0.9.36

0.9.36-rc1

0.9.34

0.9.34-rc1

0.9.32

0.9.32-rc1

0.9.30

0.9.30-rc1

Labels

Clear labels   

LTS merge

  

LTS merge

  

bug

  

bug

  

converted-to-discussion

  

doc-todo

  

documentation

  

duplicate

  

enhancement

  

file-transfer

  

firecfg

  

firejail-in-firejail

  

firetools

  

graphics

  

help wanted

  

information_old

  

installation

  

invalid

  

modif

  

moved

  

needinfo

  

networking

  

notabug

  

notourbug

  

old-version

  

overlayfs

  

packaging

  

profile-request

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question_old

  

removal

  

runtime-permissions

  

sandbox-ipc

  

security

  

stale

  

wiki

  

wiki

  

wontfix

  

wordpress

  

workaround

No labels

LTS merge

LTS merge

bug

bug

converted-to-discussion

doc-todo

documentation

duplicate

enhancement

file-transfer

firecfg

firejail-in-firejail

firetools

graphics

help wanted

information_old

installation

invalid

modif

moved

needinfo

networking

notabug

notourbug

old-version

overlayfs

packaging

profile-request

pull-request

question

question_old

removal

runtime-permissions

sandbox-ipc

security

stale

wiki

wiki

wontfix

wordpress

workaround

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#1806

No description provided.