github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #3112] Pavucontrol error while closing #1952

New issue
Closed
opened 2026-05-05 08:37:05 -06:00 by gitea-mirror · 8 comments
gitea-mirror commented 2026-05-05 08:37:05 -06:00
Owner
Copy link

Originally created by @setpill on GitHub (Jan 3, 2020).
Original GitHub issue: https://github.com/netblue30/firejail/issues/3112

When closing pavucontrol, it shows an error message saying

Error writing config file %s/home/[user]/.config/pavucontrol.ini: Bad state

This does not happen if pavucontrol is run outside of firejail.

Firejail version: 0.9.62
Pavucontrol version: 4.0

Originally created by @setpill on GitHub (Jan 3, 2020). Original GitHub issue: https://github.com/netblue30/firejail/issues/3112 When closing pavucontrol, it shows an error message saying > Error writing config file %s/home/[user]/.config/pavucontrol.ini: Bad state This does not happen if pavucontrol is run outside of firejail. Firejail version: 0.9.62 Pavucontrol version: 4.0
gitea-mirror 2026-05-05 08:37:05 -06:00
  • closed this issue
  • added the
    bug
         label
gitea-mirror commented 2026-05-05 08:37:09 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Jan 3, 2020):

pavucontrol writes first a file ~/.config/pavucontrol.ini.XXXXXX (where XXXXXX is random) and then renames this file. Currently this isn't supported in firejails whitelist implementation.

<!-- gh-comment-id:570588090 --> @rusty-snake commented on GitHub (Jan 3, 2020): pavucontrol writes first a file `~/.config/pavucontrol.ini.XXXXXX` (where XXXXXX is random) and then renames this file. Currently this isn't supported in firejails whitelist implementation.
gitea-mirror commented 2026-05-05 08:37:10 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Jan 3, 2020):

Suggested fix (commenting and adding a note):

@@ -16,11 +16,11 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-mkfile ${HOME}/.config/pavucontrol.ini
-whitelist ${HOME}/.config/pavucontrol.ini
+#mkfile ${HOME}/.config/pavucontrol.ini
+#whitelist ${HOME}/.config/pavucontrol.ini
 whitelist /usr/share/pavucontrol
 whitelist /usr/share/pavucontrol-qt
-include whitelist-common.inc
+#include whitelist-common.inc
 include whitelist-usr-share-common.inc

whitelisting in ${HOME} is broken, see #3112

For the other collaborators,

  1. Should it have internet (avahi) access by default or should we do this opt-in?
  2. We can add tracelog
  3. mdwe can be removed.
<!-- gh-comment-id:570588357 --> @rusty-snake commented on GitHub (Jan 3, 2020): Suggested fix (commenting and adding a note): ```diff @@ -16,11 +16,11 @@ include disable-passwdmgr.inc include disable-programs.inc include disable-xdg.inc -mkfile ${HOME}/.config/pavucontrol.ini -whitelist ${HOME}/.config/pavucontrol.ini +#mkfile ${HOME}/.config/pavucontrol.ini +#whitelist ${HOME}/.config/pavucontrol.ini whitelist /usr/share/pavucontrol whitelist /usr/share/pavucontrol-qt -include whitelist-common.inc +#include whitelist-common.inc include whitelist-usr-share-common.inc ``` > whitelisting in ${HOME} is broken, see #3112 --- For the other collaborators, 1. Should it have internet (avahi) access by default or should we do this opt-in? 2. We can add `tracelog` 3. mdwe can be removed.
gitea-mirror commented 2026-05-05 08:37:11 -06:00
Author
Owner
Copy link

@ghost commented on GitHub (Jan 3, 2020):

It dawned on me that I completely missed the error message when originally creating/contributing the pavucontrol profile, or at least can't remember seeing it. I've been using the QT5 version of pavucontrol available on Arch Linux with much joy, firejail and otherwise. That particular version does not show the error dialog on shutdown and shows no issues with whitelisting in ${HOME} as far as I can determine.

So although @rusty-snake's suggested fix does work, it makes me doubt that whitelisting in ${HOME} is in fact completely broken. Perhaps it is only broken for GTK applications (if that makes sense). Having encountered a similar issue with artha yesterday seems to point in that direction.

  1. Should it have internet (avahi) access by default or should we do this opt-in?
    Always difficult to decide for everybody else. We should at least point users to more context via a comment so they can make their own informed decision.
  1. We can add tracelog
    Works.
  1. mdwe can be removed.
    mdwe works for me on Xorg, breaks on Wayland.
<!-- gh-comment-id:570630497 --> @ghost commented on GitHub (Jan 3, 2020): It dawned on me that I completely missed the error message when originally creating/contributing the _pavucontrol_ profile, or at least can't remember seeing it. I've been using the [QT5 version](https://www.archlinux.org/packages/community/x86_64/pavucontrol-qt/) of pavucontrol available on Arch Linux with much joy, firejail and otherwise. That particular version does **not** show the error dialog on shutdown and shows **no** issues with whitelisting in ${HOME} as far as I can determine. So although @rusty-snake's suggested fix does work, it makes me doubt that whitelisting in ${HOME} is in fact completely broken. Perhaps it is _only_ broken for `GTK` applications (if that makes sense). Having encountered a [similar issue](https://github.com/netblue30/firejail/commit/3f94dd1d4769f413d5390198b2bba14e821f03bb) with artha yesterday seems to point in that direction. > 1. Should it have internet (avahi) access by default or should we do this opt-in? Always difficult to decide for everybody else. We should at least point users to more context via a comment so they can make their own informed decision. > 2. We can add tracelog Works. > 3. mdwe can be removed. mdwe works for me on Xorg, breaks on Wayland.
gitea-mirror commented 2026-05-05 08:37:11 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Jan 3, 2020):

  1. right, what about default support and a note to disable if to required.
  2. That's new for me, I know that no3d can be special on Wayland. That mdwe can be break on Wayland and work on Xorg is new for me. However, if it works with Xorg we should leave it and update the comment. Looks like the GTK Wayland implementation needs memfd_create.
<!-- gh-comment-id:570632783 --> @rusty-snake commented on GitHub (Jan 3, 2020): 1. right, what about default support and a note to disable if to required. 3. That's new for me, I know that `no3d` can be special on Wayland. That mdwe can be break on Wayland and work on Xorg is new for me. However, if it works with Xorg we should leave it and update the comment. Looks like the GTK Wayland implementation needs `memfd_create`.
gitea-mirror commented 2026-05-05 08:37:12 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Jan 3, 2020):

@glitsj16 the "whitelisting in ${HOME} is broken, see #3112" is the suggested comment which is missing in the diff. It is only true for pavouconrol (and a few other) since whitelisting can't glob (atm) and probably never supports renaming whitelisted paths.

<!-- gh-comment-id:570633892 --> @rusty-snake commented on GitHub (Jan 3, 2020): @glitsj16 the "whitelisting in ${HOME} is broken, see #3112" is the suggested comment which is missing in the diff. It is only true for pavouconrol (and a few other) since `whitelist`ing can't glob (atm) and probably never supports renaming `whitelist`ed paths.
gitea-mirror commented 2026-05-05 08:37:12 -06:00
Author
Owner
Copy link

@ghost commented on GitHub (Jan 3, 2020):

@rusty-snake Oh, thanks for pointing that out, I read that differently.
Personally I'm ok with enabling network access by default and adding a how-to-disable comment. Same goes for mdwe. Will you be making the PR?

<!-- gh-comment-id:570641688 --> @ghost commented on GitHub (Jan 3, 2020): @rusty-snake Oh, thanks for pointing that out, I read that differently. Personally I'm ok with enabling _network_ access by default and adding a how-to-disable comment. Same goes for _mdwe_. Will you be making the PR?
gitea-mirror commented 2026-05-05 08:37:13 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Jan 3, 2020):

@glitsj16 ^

<!-- gh-comment-id:570647989 --> @rusty-snake commented on GitHub (Jan 3, 2020): @glitsj16 ^
gitea-mirror commented 2026-05-05 08:37:13 -06:00
Author
Owner
Copy link

@ghost commented on GitHub (Jan 3, 2020):

@rusty-snake Looks fine 👍 . I'd say add it. If other people have input we can always deal with it later. I changed artha.profile accordingly ^.

<!-- gh-comment-id:570655806 --> @ghost commented on GitHub (Jan 3, 2020): @rusty-snake Looks fine :+1: . I'd say add it. If other people have input we can always deal with it later. I changed artha.profile accordingly ^.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#1952
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?