github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #4909] eog: Thumbnail creation failed #2813

New issue
Open
opened 2026-05-05 09:28:01 -06:00 by gitea-mirror · 11 comments
gitea-mirror commented 2026-05-05 09:28:01 -06:00
Owner
Copy link

Originally created by @mooreye on GitHub (Feb 7, 2022).
Original GitHub issue: https://github.com/netblue30/firejail/issues/4909

Firejail version: 0.9.66
System: Fedora 35

Launching eog normally:

Reading profile /etc/firejail/eo-common.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-write-mnt.inc
Reading profile /etc/firejail/whitelist-runuser-common.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 85963, child pid 85964
1 program installed in 8.57 ms
Standard C library installed in 1.20 ms
Firejail libraries installed in 1.21 ms
Program libraries installed in 26.03 ms
GdkPixbuf installed in 5.41 ms
GTK3 installed in 9.30 ms
Pango installed in 0.00 ms
GIRepository installed in 1.10 ms
GIO installed in 2.77 ms
Installed 143 libraries and 8 directories
Warning fcopy: skipping /etc/alternatives/libnssckbi.so.x86_64, cannot find inode
Warning fcopy: skipping /etc/alternatives/soelim, cannot find inode
Warning fcopy: skipping /etc/alternatives/cifs-idmap-plugin, cannot find inode
Warning fcopy: skipping /etc/alternatives/iptables, cannot find inode
Warning fcopy: skipping /etc/alternatives/ip6tables, cannot find inode
Warning fcopy: skipping /etc/alternatives/iptables-restore, cannot find inode
Warning fcopy: skipping /etc/alternatives/iptables-save, cannot find inode
Warning fcopy: skipping /etc/alternatives/ip6tables-restore, cannot find inode
Warning fcopy: skipping /etc/alternatives/ip6tables-save, cannot find inode
Warning fcopy: skipping /etc/alternatives/ebtables, cannot find inode
Warning fcopy: skipping /etc/alternatives/ebtables-save, cannot find inode
Warning fcopy: skipping /etc/alternatives/ebtables-restore, cannot find inode
Warning fcopy: skipping /etc/alternatives/arptables, cannot find inode
Warning fcopy: skipping /etc/alternatives/arptables-save, cannot find inode
Warning fcopy: skipping /etc/alternatives/arptables-restore, cannot find inode
Warning fcopy: skipping /etc/alternatives/man, cannot find inode
Warning fcopy: skipping /etc/alternatives/apropos, cannot find inode
Warning fcopy: skipping /etc/alternatives/whatis, cannot find inode
Warning fcopy: skipping /etc/alternatives/ld, cannot find inode
Warning fcopy: skipping /etc/alternatives/nc, cannot find inode
Warning fcopy: skipping /etc/alternatives/mkisofs, cannot find inode
Warning fcopy: skipping /etc/alternatives/mkisofs-mkhybrid, cannot find inode
Warning fcopy: skipping /etc/alternatives/fakeroot, cannot find inode
Warning fcopy: skipping /etc/alternatives/faked, cannot find inode
Warning fcopy: skipping /etc/alternatives/libfakeroot.so, cannot find inode
Warning fcopy: skipping /etc/alternatives/libwbclient.so.0.15-64, cannot find inode
Warning fcopy: skipping /etc/alternatives/java, cannot find inode
Warning fcopy: skipping /etc/alternatives/jre, cannot find inode
Warning fcopy: skipping /etc/alternatives/alt-java, cannot find inode
Warning fcopy: skipping /etc/alternatives/jjs, cannot find inode
Warning fcopy: skipping /etc/alternatives/keytool, cannot find inode
Warning fcopy: skipping /etc/alternatives/pack200, cannot find inode
Warning fcopy: skipping /etc/alternatives/rmid, cannot find inode
Warning fcopy: skipping /etc/alternatives/rmiregistry, cannot find inode
Warning fcopy: skipping /etc/alternatives/unpack200, cannot find inode
Warning fcopy: skipping /etc/alternatives/jre_openjdk, cannot find inode
Warning fcopy: skipping /etc/alternatives/jre_11, cannot find inode
Warning fcopy: skipping /etc/alternatives/jre_11_openjdk, cannot find inode
Warning: skipping gtk-3.0 for private /etc
Private /etc installed in 15.74 ms
Private /usr/etc installed in 0.00 ms
Warning: not remounting /home/user/.ssh/config
Blacklist violations are logged to syslog
Child process initialized in 382.74 ms

(eog:15): dbind-WARNING **: 14:05:08.045: Couldn't connect to accessibility bus: Failed to connect to socket 00008: Connection refused

Launching eog with firejail --noprofile eog:

Child process initialized in 4.98 ms
Warning: an existing sandbox was detected. /usr/bin/eog will run without any additional sandboxing features

(eog:2): EOG-WARNING **: 14:08:00.598: Thumbnail creation failed

(eog:2): EOG-WARNING **: 14:08:00.602: Thumbnail creation failed

(eog:2): EOG-WARNING **: 14:08:00.607: Thumbnail creation failed

(eog:2): EOG-WARNING **: 14:08:00.613: Thumbnail creation failed

(eog:2): EOG-WARNING **: 14:08:00.618: Thumbnail creation failed

(eog:2): EOG-WARNING **: 14:08:00.623: Thumbnail creation failed

(eog:2): EOG-WARNING **: 14:08:00.630: Thumbnail creation failed

(eog:2): EOG-WARNING **: 14:08:00.636: Thumbnail creation failed

(eog:2): EOG-WARNING **: 14:08:00.648: Thumbnail creation failed

(eog:2): EOG-WARNING **: 14:08:00.657: Thumbnail creation failed

(eog:2): EOG-WARNING **: 14:08:00.668: Thumbnail creation failed

(eog:2): EOG-WARNING **: 14:08:00.675: Thumbnail creation failed

Tried deleting thumbnails:
rm -r ~/.cache/thumbnails
didn't work.

Originally created by @mooreye on GitHub (Feb 7, 2022). Original GitHub issue: https://github.com/netblue30/firejail/issues/4909 Firejail version: 0.9.66 System: Fedora 35 Launching `eog` normally: ```Reading profile /etc/firejail/eog.profile Reading profile /etc/firejail/eo-common.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-passwdmgr.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-write-mnt.inc Reading profile /etc/firejail/whitelist-runuser-common.inc Reading profile /etc/firejail/whitelist-usr-share-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Parent pid 85963, child pid 85964 1 program installed in 8.57 ms Standard C library installed in 1.20 ms Firejail libraries installed in 1.21 ms Program libraries installed in 26.03 ms GdkPixbuf installed in 5.41 ms GTK3 installed in 9.30 ms Pango installed in 0.00 ms GIRepository installed in 1.10 ms GIO installed in 2.77 ms Installed 143 libraries and 8 directories Warning fcopy: skipping /etc/alternatives/libnssckbi.so.x86_64, cannot find inode Warning fcopy: skipping /etc/alternatives/soelim, cannot find inode Warning fcopy: skipping /etc/alternatives/cifs-idmap-plugin, cannot find inode Warning fcopy: skipping /etc/alternatives/iptables, cannot find inode Warning fcopy: skipping /etc/alternatives/ip6tables, cannot find inode Warning fcopy: skipping /etc/alternatives/iptables-restore, cannot find inode Warning fcopy: skipping /etc/alternatives/iptables-save, cannot find inode Warning fcopy: skipping /etc/alternatives/ip6tables-restore, cannot find inode Warning fcopy: skipping /etc/alternatives/ip6tables-save, cannot find inode Warning fcopy: skipping /etc/alternatives/ebtables, cannot find inode Warning fcopy: skipping /etc/alternatives/ebtables-save, cannot find inode Warning fcopy: skipping /etc/alternatives/ebtables-restore, cannot find inode Warning fcopy: skipping /etc/alternatives/arptables, cannot find inode Warning fcopy: skipping /etc/alternatives/arptables-save, cannot find inode Warning fcopy: skipping /etc/alternatives/arptables-restore, cannot find inode Warning fcopy: skipping /etc/alternatives/man, cannot find inode Warning fcopy: skipping /etc/alternatives/apropos, cannot find inode Warning fcopy: skipping /etc/alternatives/whatis, cannot find inode Warning fcopy: skipping /etc/alternatives/ld, cannot find inode Warning fcopy: skipping /etc/alternatives/nc, cannot find inode Warning fcopy: skipping /etc/alternatives/mkisofs, cannot find inode Warning fcopy: skipping /etc/alternatives/mkisofs-mkhybrid, cannot find inode Warning fcopy: skipping /etc/alternatives/fakeroot, cannot find inode Warning fcopy: skipping /etc/alternatives/faked, cannot find inode Warning fcopy: skipping /etc/alternatives/libfakeroot.so, cannot find inode Warning fcopy: skipping /etc/alternatives/libwbclient.so.0.15-64, cannot find inode Warning fcopy: skipping /etc/alternatives/java, cannot find inode Warning fcopy: skipping /etc/alternatives/jre, cannot find inode Warning fcopy: skipping /etc/alternatives/alt-java, cannot find inode Warning fcopy: skipping /etc/alternatives/jjs, cannot find inode Warning fcopy: skipping /etc/alternatives/keytool, cannot find inode Warning fcopy: skipping /etc/alternatives/pack200, cannot find inode Warning fcopy: skipping /etc/alternatives/rmid, cannot find inode Warning fcopy: skipping /etc/alternatives/rmiregistry, cannot find inode Warning fcopy: skipping /etc/alternatives/unpack200, cannot find inode Warning fcopy: skipping /etc/alternatives/jre_openjdk, cannot find inode Warning fcopy: skipping /etc/alternatives/jre_11, cannot find inode Warning fcopy: skipping /etc/alternatives/jre_11_openjdk, cannot find inode Warning: skipping gtk-3.0 for private /etc Private /etc installed in 15.74 ms Private /usr/etc installed in 0.00 ms Warning: not remounting /home/user/.ssh/config Blacklist violations are logged to syslog Child process initialized in 382.74 ms (eog:15): dbind-WARNING **: 14:05:08.045: Couldn't connect to accessibility bus: Failed to connect to socket 00008: Connection refused ``` Launching `eog` with `firejail --noprofile eog`: ```Parent pid 90517, child pid 90518 Child process initialized in 4.98 ms Warning: an existing sandbox was detected. /usr/bin/eog will run without any additional sandboxing features (eog:2): EOG-WARNING **: 14:08:00.598: Thumbnail creation failed (eog:2): EOG-WARNING **: 14:08:00.602: Thumbnail creation failed (eog:2): EOG-WARNING **: 14:08:00.607: Thumbnail creation failed (eog:2): EOG-WARNING **: 14:08:00.613: Thumbnail creation failed (eog:2): EOG-WARNING **: 14:08:00.618: Thumbnail creation failed (eog:2): EOG-WARNING **: 14:08:00.623: Thumbnail creation failed (eog:2): EOG-WARNING **: 14:08:00.630: Thumbnail creation failed (eog:2): EOG-WARNING **: 14:08:00.636: Thumbnail creation failed (eog:2): EOG-WARNING **: 14:08:00.648: Thumbnail creation failed (eog:2): EOG-WARNING **: 14:08:00.657: Thumbnail creation failed (eog:2): EOG-WARNING **: 14:08:00.668: Thumbnail creation failed (eog:2): EOG-WARNING **: 14:08:00.675: Thumbnail creation failed ``` Tried deleting thumbnails: `rm -r ~/.cache/thumbnails` didn't work.
gitea-mirror commented 2026-05-05 09:28:03 -06:00
Author
Owner
Copy link

@ghost commented on GitHub (Feb 7, 2022):

Launching eog with firejail --noprofile eog:
Warning: an existing sandbox was detected. /usr/bin/eog will run without any additional sandboxing features

Remember using full paths when running firejail manually like this: if you've used firecfg to generate symlinks eog is interpreted as /usr/local/bin/eog, which is already under firejail's control. Just run firejail --noprofile /usr/bin/eog to test again, avoiding potential confusing output due to this double-sandbox situation.

That being said, the eog profile has private-cache via eo-common.profile. Have you tried ignore private-cache yet in a eo-common.local to check if that changes thumbnail creation?

<!-- gh-comment-id:1031475977 --> @ghost commented on GitHub (Feb 7, 2022): > Launching eog with firejail --noprofile eog: Warning: an existing sandbox was detected. /usr/bin/eog will run without any additional sandboxing features Remember using full paths when running firejail manually like this: if you've used firecfg to generate symlinks `eog` is interpreted as /usr/local/bin/eog, which is already under firejail's control. Just run `firejail --noprofile /usr/bin/eog` to test again, avoiding potential confusing output due to this double-sandbox situation. That being said, the eog profile has `private-cache` via eo-common.profile. Have you tried `ignore private-cache` yet in a eo-common.local to check if that changes thumbnail creation?
gitea-mirror commented 2026-05-05 09:28:04 -06:00
Author
Owner
Copy link

@mooreye commented on GitHub (Feb 7, 2022):

Thanks for reply, however proposed solution did not seem to work.

$ pwd
/home/user/.config/firejail
$ cat eo-common.local 
ignore private-cache

Then:

$ rm -r ~/.cache/thumbnails/; /usr/local/bin/eog test.jpg 
rm: cannot remove '/home/user/.cache/thumbnails/': No such file or directory
Reading profile /etc/firejail/eog.profile
Reading profile /etc/firejail/eo-common.profile
Reading profile /home/user/.config/firejail/eo-common.local
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-write-mnt.inc
Reading profile /etc/firejail/whitelist-runuser-common.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 263942, child pid 263943
1 program installed in 11.92 ms
Standard C library installed in 2.55 ms
Firejail libraries installed in 1.98 ms
Program libraries installed in 33.29 ms
GdkPixbuf installed in 8.27 ms
GTK3 installed in 16.72 ms
Pango installed in 0.00 ms
GIRepository installed in 1.56 ms
GIO installed in 4.12 ms
Installed 143 libraries and 8 directories
Warning fcopy: skipping /etc/alternatives/libnssckbi.so.x86_64, cannot find inode
Warning fcopy: skipping /etc/alternatives/soelim, cannot find inode
Warning fcopy: skipping /etc/alternatives/cifs-idmap-plugin, cannot find inode
Warning fcopy: skipping /etc/alternatives/iptables, cannot find inode
Warning fcopy: skipping /etc/alternatives/ip6tables, cannot find inode
Warning fcopy: skipping /etc/alternatives/iptables-restore, cannot find inode
Warning fcopy: skipping /etc/alternatives/iptables-save, cannot find inode
Warning fcopy: skipping /etc/alternatives/ip6tables-restore, cannot find inode
Warning fcopy: skipping /etc/alternatives/ip6tables-save, cannot find inode
Warning fcopy: skipping /etc/alternatives/ebtables, cannot find inode
Warning fcopy: skipping /etc/alternatives/ebtables-save, cannot find inode
Warning fcopy: skipping /etc/alternatives/ebtables-restore, cannot find inode
Warning fcopy: skipping /etc/alternatives/arptables, cannot find inode
Warning fcopy: skipping /etc/alternatives/arptables-save, cannot find inode
Warning fcopy: skipping /etc/alternatives/arptables-restore, cannot find inode
Warning fcopy: skipping /etc/alternatives/man, cannot find inode
Warning fcopy: skipping /etc/alternatives/apropos, cannot find inode
Warning fcopy: skipping /etc/alternatives/whatis, cannot find inode
Warning fcopy: skipping /etc/alternatives/ld, cannot find inode
Warning fcopy: skipping /etc/alternatives/nc, cannot find inode
Warning fcopy: skipping /etc/alternatives/mkisofs, cannot find inode
Warning fcopy: skipping /etc/alternatives/mkisofs-mkhybrid, cannot find inode
Warning fcopy: skipping /etc/alternatives/fakeroot, cannot find inode
Warning fcopy: skipping /etc/alternatives/faked, cannot find inode
Warning fcopy: skipping /etc/alternatives/libfakeroot.so, cannot find inode
Warning fcopy: skipping /etc/alternatives/libwbclient.so.0.15-64, cannot find inode
Warning fcopy: skipping /etc/alternatives/java, cannot find inode
Warning fcopy: skipping /etc/alternatives/jre, cannot find inode
Warning fcopy: skipping /etc/alternatives/alt-java, cannot find inode
Warning fcopy: skipping /etc/alternatives/jjs, cannot find inode
Warning fcopy: skipping /etc/alternatives/keytool, cannot find inode
Warning fcopy: skipping /etc/alternatives/pack200, cannot find inode
Warning fcopy: skipping /etc/alternatives/rmid, cannot find inode
Warning fcopy: skipping /etc/alternatives/rmiregistry, cannot find inode
Warning fcopy: skipping /etc/alternatives/unpack200, cannot find inode
Warning fcopy: skipping /etc/alternatives/jre_openjdk, cannot find inode
Warning fcopy: skipping /etc/alternatives/jre_11, cannot find inode
Warning fcopy: skipping /etc/alternatives/jre_11_openjdk, cannot find inode
Warning: skipping gtk-3.0 for private /etc
Private /etc installed in 19.49 ms
Private /usr/etc installed in 0.00 ms
Warning: not remounting /home/user/.ssh/config
Blacklist violations are logged to syslog
Child process initialized in 619.92 ms

(eog:15): dbind-WARNING **: 16:05:18.131: Couldn't connect to accessibility bus: Failed to connect to socket 00008: Connection refused
<!-- gh-comment-id:1031567845 --> @mooreye commented on GitHub (Feb 7, 2022): Thanks for reply, however proposed solution did not seem to work. ``` $ pwd /home/user/.config/firejail $ cat eo-common.local ignore private-cache ``` Then: ``` $ rm -r ~/.cache/thumbnails/; /usr/local/bin/eog test.jpg rm: cannot remove '/home/user/.cache/thumbnails/': No such file or directory Reading profile /etc/firejail/eog.profile Reading profile /etc/firejail/eo-common.profile Reading profile /home/user/.config/firejail/eo-common.local Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-passwdmgr.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-write-mnt.inc Reading profile /etc/firejail/whitelist-runuser-common.inc Reading profile /etc/firejail/whitelist-usr-share-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Parent pid 263942, child pid 263943 1 program installed in 11.92 ms Standard C library installed in 2.55 ms Firejail libraries installed in 1.98 ms Program libraries installed in 33.29 ms GdkPixbuf installed in 8.27 ms GTK3 installed in 16.72 ms Pango installed in 0.00 ms GIRepository installed in 1.56 ms GIO installed in 4.12 ms Installed 143 libraries and 8 directories Warning fcopy: skipping /etc/alternatives/libnssckbi.so.x86_64, cannot find inode Warning fcopy: skipping /etc/alternatives/soelim, cannot find inode Warning fcopy: skipping /etc/alternatives/cifs-idmap-plugin, cannot find inode Warning fcopy: skipping /etc/alternatives/iptables, cannot find inode Warning fcopy: skipping /etc/alternatives/ip6tables, cannot find inode Warning fcopy: skipping /etc/alternatives/iptables-restore, cannot find inode Warning fcopy: skipping /etc/alternatives/iptables-save, cannot find inode Warning fcopy: skipping /etc/alternatives/ip6tables-restore, cannot find inode Warning fcopy: skipping /etc/alternatives/ip6tables-save, cannot find inode Warning fcopy: skipping /etc/alternatives/ebtables, cannot find inode Warning fcopy: skipping /etc/alternatives/ebtables-save, cannot find inode Warning fcopy: skipping /etc/alternatives/ebtables-restore, cannot find inode Warning fcopy: skipping /etc/alternatives/arptables, cannot find inode Warning fcopy: skipping /etc/alternatives/arptables-save, cannot find inode Warning fcopy: skipping /etc/alternatives/arptables-restore, cannot find inode Warning fcopy: skipping /etc/alternatives/man, cannot find inode Warning fcopy: skipping /etc/alternatives/apropos, cannot find inode Warning fcopy: skipping /etc/alternatives/whatis, cannot find inode Warning fcopy: skipping /etc/alternatives/ld, cannot find inode Warning fcopy: skipping /etc/alternatives/nc, cannot find inode Warning fcopy: skipping /etc/alternatives/mkisofs, cannot find inode Warning fcopy: skipping /etc/alternatives/mkisofs-mkhybrid, cannot find inode Warning fcopy: skipping /etc/alternatives/fakeroot, cannot find inode Warning fcopy: skipping /etc/alternatives/faked, cannot find inode Warning fcopy: skipping /etc/alternatives/libfakeroot.so, cannot find inode Warning fcopy: skipping /etc/alternatives/libwbclient.so.0.15-64, cannot find inode Warning fcopy: skipping /etc/alternatives/java, cannot find inode Warning fcopy: skipping /etc/alternatives/jre, cannot find inode Warning fcopy: skipping /etc/alternatives/alt-java, cannot find inode Warning fcopy: skipping /etc/alternatives/jjs, cannot find inode Warning fcopy: skipping /etc/alternatives/keytool, cannot find inode Warning fcopy: skipping /etc/alternatives/pack200, cannot find inode Warning fcopy: skipping /etc/alternatives/rmid, cannot find inode Warning fcopy: skipping /etc/alternatives/rmiregistry, cannot find inode Warning fcopy: skipping /etc/alternatives/unpack200, cannot find inode Warning fcopy: skipping /etc/alternatives/jre_openjdk, cannot find inode Warning fcopy: skipping /etc/alternatives/jre_11, cannot find inode Warning fcopy: skipping /etc/alternatives/jre_11_openjdk, cannot find inode Warning: skipping gtk-3.0 for private /etc Private /etc installed in 19.49 ms Private /usr/etc installed in 0.00 ms Warning: not remounting /home/user/.ssh/config Blacklist violations are logged to syslog Child process initialized in 619.92 ms (eog:15): dbind-WARNING **: 16:05:18.131: Couldn't connect to accessibility bus: Failed to connect to socket 00008: Connection refused ```
gitea-mirror commented 2026-05-05 09:28:05 -06:00
Author
Owner
Copy link

@reinerh commented on GitHub (Feb 7, 2022):

And then thumbnails are still not generated? Or does the thumbnails directory contain them?

<!-- gh-comment-id:1031718418 --> @reinerh commented on GitHub (Feb 7, 2022): And then thumbnails are still not generated? Or does the thumbnails directory contain them?
gitea-mirror commented 2026-05-05 09:28:05 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Feb 7, 2022):

  • The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it).
<!-- gh-comment-id:1031789200 --> @rusty-snake commented on GitHub (Feb 7, 2022): > - [ ] The issues is caused by firejail (i.e. running the program by path (e.g. `/usr/bin/vlc`) "fixes" it).
gitea-mirror commented 2026-05-05 09:28:06 -06:00
Author
Owner
Copy link

@mooreye commented on GitHub (Feb 7, 2022):

And then thumbnails are still not generated? Or does the thumbnails directory contain them?

Still not generated, directory is empty, and by running with --noprofile they appear in ~/.cache/thumbnails/fail directory and are empty/broken.

  • The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it).

Yes, if run by /usr/bin/eog thumbnails are created successfully.

<!-- gh-comment-id:1032025814 --> @mooreye commented on GitHub (Feb 7, 2022): > And then thumbnails are still not generated? Or does the thumbnails directory contain them? Still not generated, directory is empty, and by running with `--noprofile` they appear in `~/.cache/thumbnails/fail` directory and are empty/broken. > > * [ ] The issues is caused by firejail (i.e. running the program by path (e.g. `/usr/bin/vlc`) "fixes" it). Yes, if run by `/usr/bin/eog` thumbnails are created successfully.
gitea-mirror commented 2026-05-05 09:28:06 -06:00
Author
Owner
Copy link

@smitsohu commented on GitHub (Feb 8, 2022):

Might have to do with Gnome running the thumbnailer in a bubblewrap sandbox.

What does grep force-nonewprivs /etc/firejail/firejail.config and firejail --version | grep nonewprivs say?

<!-- gh-comment-id:1032144358 --> @smitsohu commented on GitHub (Feb 8, 2022): Might have to do with Gnome running the thumbnailer in a bubblewrap sandbox. What does `grep force-nonewprivs /etc/firejail/firejail.config` and `firejail --version | grep nonewprivs` say?
gitea-mirror commented 2026-05-05 09:28:07 -06:00
Author
Owner
Copy link

@smitsohu commented on GitHub (Feb 8, 2022):

It is well possible that I am missing something, but from skimming through the sources[1, 2] it looks that if the thumbnailer sandbox is configured at compile time, and if for whatever reason there is no bubblewrap in the filesystem (in this case because Firejail's private-bin removes it from the sandbox filesystem), Gnome doesn't attempt to fall back to something that works but stops producing thumbnails altogether.

<!-- gh-comment-id:1032155931 --> @smitsohu commented on GitHub (Feb 8, 2022): It is well possible that I am missing something, but from skimming through the sources[[1](https://gitlab.gnome.org/GNOME/gnome-desktop/-/blob/master/libgnome-desktop/gnome-desktop-thumbnail.c), [2](https://gitlab.gnome.org/GNOME/gnome-desktop/-/blob/master/libgnome-desktop/gnome-desktop-thumbnail-script.c)] it looks that if the thumbnailer sandbox is configured at compile time, and if for whatever reason there is no bubblewrap in the filesystem (in this case because Firejail's `private-bin` removes it from the sandbox filesystem), Gnome doesn't attempt to fall back to something that works but stops producing thumbnails altogether.
gitea-mirror commented 2026-05-05 09:28:07 -06:00
Author
Owner
Copy link

@ghost commented on GitHub (Feb 8, 2022):

@smitsohu Great find. I guess that explains the 'Thumbnail creation failed' warnings when running firejail --noprofile /usr/bin/eog. The default.profile that is used in that case includes disable-common.inc, which blacklists ${PATH}/bwrap. Might be a better test with firejail --profile=noprofile /usr/bin/eog... I've tried eog with several iterations but I can't get it to generate thumbnails reliably at all. Not sure if we can fix that properly...

<!-- gh-comment-id:1032218612 --> @ghost commented on GitHub (Feb 8, 2022): @smitsohu Great find. I guess that explains the 'Thumbnail creation failed' warnings when running `firejail --noprofile /usr/bin/eog`. The default.profile that is used in that case includes disable-common.inc, which blacklists ${PATH}/bwrap. Might be a better test with `firejail --profile=noprofile /usr/bin/eog`... I've tried eog with several iterations but I can't get it to generate thumbnails reliably at all. Not sure if we can fix that properly...
gitea-mirror commented 2026-05-05 09:28:08 -06:00
Author
Owner
Copy link

@mooreye commented on GitHub (Feb 8, 2022):

Might have to do with Gnome running the thumbnailer in a bubblewrap sandbox.

What does grep force-nonewprivs /etc/firejail/firejail.config and firejail --version | grep nonewprivs say?

$ grep force-nonewprivs /etc/firejail/firejail.config
# force-nonewprivs no
$ firejail --version | grep nonewprivs
	- always force nonewprivs support is disabled

Might be a better test with firejail --profile=noprofile /usr/bin/eog... I've tried eog with several iterations but I can't get it to generate thumbnails reliably at all. Not sure if we can fix that properly...

$ firejail --profile=noprofile /usr/bin/eog test.jpg
Error: no profile with name "noprofile" found.
<!-- gh-comment-id:1032554834 --> @mooreye commented on GitHub (Feb 8, 2022): > Might have to do with Gnome running the thumbnailer in a bubblewrap sandbox. > > What does `grep force-nonewprivs /etc/firejail/firejail.config` and `firejail --version | grep nonewprivs` say? ``` $ grep force-nonewprivs /etc/firejail/firejail.config # force-nonewprivs no $ firejail --version | grep nonewprivs - always force nonewprivs support is disabled ``` > Might be a better test with `firejail --profile=noprofile /usr/bin/eog`... I've tried eog with several iterations but I can't get it to generate thumbnails reliably at all. Not sure if we can fix that properly... ``` $ firejail --profile=noprofile /usr/bin/eog test.jpg Error: no profile with name "noprofile" found. ```
gitea-mirror commented 2026-05-05 09:28:08 -06:00
Author
Owner
Copy link

@ghost commented on GitHub (Feb 8, 2022):

You'll have to download the noprofile.profile and add it in ~/.config/firejail. It isn't available in 0.9.66. Normally it's not advised to mix newer profiles with older releases, but in this case you should be fine. It sets up the weakest possible sandbox and comes very handy for testing purposes. Just remember to remove it when Fedora offers 0.9.68 and puts it in /etc/firejail.

<!-- gh-comment-id:1032671487 --> @ghost commented on GitHub (Feb 8, 2022): You'll have to download the [noprofile.profile](https://github.com/netblue30/firejail/raw/master/etc/profile-m-z/noprofile.profile) and add it in ~/.config/firejail. It isn't available in 0.9.66. Normally it's not advised to mix newer profiles with older releases, but in this case you should be fine. It sets up the weakest possible sandbox and comes very handy for testing purposes. Just remember to remove it when Fedora offers 0.9.68 and puts it in /etc/firejail.
gitea-mirror commented 2026-05-05 09:28:08 -06:00
Author
Owner
Copy link

@mooreye commented on GitHub (Mar 28, 2022):

I do not use firejail anymore so if no one wants to take over this issue, please close.

<!-- gh-comment-id:1080950140 --> @mooreye commented on GitHub (Mar 28, 2022): I do not use firejail anymore so if no one wants to take over this issue, please close.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2813
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?