github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #4749] shotwell: cannot access PTP camera (gphoto2) #2772

New issue

Open

opened 2026-05-05 09:26:07 -06:00 by gitea-mirror · 6 comments

gitea-mirror commented

2026-05-05 09:26:07 -06:00

Owner

Originally created by @skrat on GitHub (Dec 8, 2021).
Original GitHub issue: https://github.com/netblue30/firejail/issues/4749

I don't know too much about the specifics, all I know that without firejail I can see my camera, and import photos, with firejail, I cannot.

Originally created by @skrat on GitHub (Dec 8, 2021). Original GitHub issue: https://github.com/netblue30/firejail/issues/4749 I don't know too much about the specifics, all I know that without firejail I can see my camera, and import photos, with firejail, I cannot.

gitea-mirror commented

2026-05-05 09:26:09 -06:00

Author

Owner

@ghost commented on GitHub (Dec 8, 2021):

I think we need to drop the novideo from our profile for camera support (and perhaps add to private-bin). Does it work with the below command?

$ firejail --ignore=novideo /usr/bin/shotwell

@ghost commented on GitHub (Dec 8, 2021): I think we need to drop the `novideo` from our profile for camera support (and perhaps add to private-bin). Does it work with the below command? ``` $ firejail --ignore=novideo /usr/bin/shotwell ```

gitea-mirror commented

2026-05-05 09:26:10 -06:00

Author

Owner

@rusty-snake commented on GitHub (Dec 8, 2021):

I think we need org.gtk.vfs.GPhoto2VolumeMonitor.

Does this work?

$ firejail --dbus-user.talk="org.gtk.vfs.*" /usr/bin/shotwell

@rusty-snake commented on GitHub (Dec 8, 2021): I think we need `org.gtk.vfs.GPhoto2VolumeMonitor`. Does this work? ```console $ firejail --dbus-user.talk="org.gtk.vfs.*" /usr/bin/shotwell ```

gitea-mirror commented

2026-05-05 09:26:11 -06:00

Author

Owner

@skrat commented on GitHub (Dec 8, 2021):

Nope, none of these work. @rusty-snake @glitsj16

~ $ shotwell
Reading profile /etc/firejail/shotwell.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-shell.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-runuser-common.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 2159542, child pid 2159545
Warning: skipping none for private /opt
Private /opt installed in 0.05 ms
1 program installed in 5.13 ms
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Warning: skipping alternatives for private /etc
Private /etc installed in 1.84 ms
Private /usr/etc installed in 0.00 ms
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Blacklist violations are logged to syslog
Warning: Cannot confine the application using AppArmor.
Maybe firejail-default AppArmor profile is not loaded into the kernel.
As root, run "aa-enforce firejail-default" to load it.
Child process initialized in 65.91 ms

(shotwell:6): dbind-WARNING **: 17:04:12.182: AT-SPI: Error retrieving accessibility bus address: org.freedesktop.DBus.Error.ServiceUnknown: org.freedesktop.DBus.Error.ServiceUnknown

(shotwell:6): GLib-WARNING **: 17:04:12.333: getpwuid_r(): failed due to unknown user id (1000)

Parent is shutting down, bye...
~ 4.4s $ /usr/bin/shotwell
~ 20.2s $

@skrat commented on GitHub (Dec 8, 2021): Nope, none of these work. @rusty-snake @glitsj16 ``` ~ $ shotwell Reading profile /etc/firejail/shotwell.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-passwdmgr.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-shell.inc Reading profile /etc/firejail/disable-xdg.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-runuser-common.inc Reading profile /etc/firejail/whitelist-usr-share-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Parent pid 2159542, child pid 2159545 Warning: skipping none for private /opt Private /opt installed in 0.05 ms 1 program installed in 5.13 ms Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Warning: skipping alternatives for private /etc Private /etc installed in 1.84 ms Private /usr/etc installed in 0.00 ms Warning: /sbin directory link was not blacklisted Warning: /usr/sbin directory link was not blacklisted Blacklist violations are logged to syslog Warning: Cannot confine the application using AppArmor. Maybe firejail-default AppArmor profile is not loaded into the kernel. As root, run "aa-enforce firejail-default" to load it. Child process initialized in 65.91 ms (shotwell:6): dbind-WARNING **: 17:04:12.182: AT-SPI: Error retrieving accessibility bus address: org.freedesktop.DBus.Error.ServiceUnknown: org.freedesktop.DBus.Error.ServiceUnknown (shotwell:6): GLib-WARNING **: 17:04:12.333: getpwuid_r(): failed due to unknown user id (1000) Parent is shutting down, bye... ~ 4.4s $ /usr/bin/shotwell ~ 20.2s $ ```

gitea-mirror commented

2026-05-05 09:26:12 -06:00

Author

Owner

@ghost commented on GitHub (Dec 8, 2021):

(shotwell:6): GLib-WARNING **: 17:04:12.333: getpwuid_r(): failed due to unknown user id (1000)

That can be fixed by adding --private-etc=passwd (on command line) or by adding private-etc passwd to a shotwell.local override. After doing so, please retest both suggestions and report back.

@ghost commented on GitHub (Dec 8, 2021): > (shotwell:6): GLib-WARNING **: 17:04:12.333: getpwuid_r(): failed due to unknown user id (1000) That can be fixed by adding `--private-etc=passwd` (on command line) or by adding `private-etc passwd` to a shotwell.local override. After doing so, please retest both suggestions and report back.

gitea-mirror commented

2026-05-05 09:26:12 -06:00

Author

Owner

@skrat commented on GitHub (Dec 8, 2021):

@glitsj16 nope, that doesn't help either. I removed everything I could from the profile and still no camera:

# Firejail profile for shotwell
# Description: A digital photo organizer designed for the GNOME desktop environment
# This file is overwritten after every install/update
# Persistent local customizations
include shotwell.local
# Persistent global definitions
include globals.local

noblacklist ${HOME}/.cache/shotwell
noblacklist ${HOME}/.local/share/shotwell

noblacklist ${PICTURES}

mkdir ${HOME}/.cache/shotwell
mkdir ${HOME}/.local/share/shotwell
whitelist ${HOME}/.cache/shotwell
whitelist ${HOME}/.local/share/shotwell
whitelist ${PICTURES}
include whitelist-common.inc
include whitelist-runuser-common.inc
include whitelist-usr-share-common.inc
include whitelist-var-common.inc

protocol unix,inet,inet6
shell none

@skrat commented on GitHub (Dec 8, 2021): @glitsj16 nope, that doesn't help either. I removed everything I could from the profile and still no camera: ``` # Firejail profile for shotwell # Description: A digital photo organizer designed for the GNOME desktop environment # This file is overwritten after every install/update # Persistent local customizations include shotwell.local # Persistent global definitions include globals.local noblacklist ${HOME}/.cache/shotwell noblacklist ${HOME}/.local/share/shotwell noblacklist ${PICTURES} mkdir ${HOME}/.cache/shotwell mkdir ${HOME}/.local/share/shotwell whitelist ${HOME}/.cache/shotwell whitelist ${HOME}/.local/share/shotwell whitelist ${PICTURES} include whitelist-common.inc include whitelist-runuser-common.inc include whitelist-usr-share-common.inc include whitelist-var-common.inc protocol unix,inet,inet6 shell none ```

gitea-mirror commented

2026-05-05 09:26:13 -06:00

Author

Owner

@skrat commented on GitHub (Dec 8, 2021):

I also looked and compared the profiles to other gphoto2 based apps (digiKam, gthumb) and didn't find anything. Is there a way to do some kind of syscall tracing, and then maybe, compare the run with firejail and without?

@skrat commented on GitHub (Dec 8, 2021): I also looked and compared the profiles to other gphoto2 based apps (digiKam, gthumb) and didn't find anything. Is there a way to do some kind of syscall tracing, and then maybe, compare the run with firejail and without?

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2772

No description provided.

Rows
Columns