[GH-ISSUE #5793] evolution: Couldn't connect to accessibility bus #3094

New issue

Open

opened 2026-05-05 09:44:02 -06:00 by gitea-mirror · 4 comments

gitea-mirror commented 2026-05-05 09:44:02 -06:00

Owner

Copy link

Originally created by @CocoR55 on GitHub (Apr 18, 2023).
Original GitHub issue: https://github.com/netblue30/firejail/issues/5793

See the following links for help with formatting:

https://guides.github.com/features/mastering-markdown/
https://docs.github.com/en/github/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax

---

Description

On Linux Lint Mate, it is about installing Evolution packages in a firejail sandbox.
First thing, there was no profile dedicated to Evolution in firecfg.

firejail --private /usr/bin/evolution

A profile was created.
Then, the command to launch the program is:

firejail --profile=/etc/firejail/evolution.profile /usr/bin/evolution

The Evolution application starts but with warnings

Warning: networking feature is disabled in Firejail configuration file
Parent pid 8561, child pid 8562
Child process initialized in 374.81 ms

(evolution:3): dbind-WARNING **: 15:01:03.478: Couldn't connect to accessibility bus: Failed to connect to socket /run/user/1000/at-spi/bus_0: Aucun fichier ou dossier de ce type

(evolution-alarm-notify:16): dbind-WARNING **: 15:01:07.020: Couldn't connect to accessibility bus: Failed to connect to socket /run/user/1000/at-spi/bus_0: Aucun fichier ou dossier de ce type

** (evolution:3): WARNING **: 15:01:07.246: Could not open /sys/firmware/acpi/pm_profile: L’ouverture du fichier « /sys/firmware/acpi/pm_profile » a échoué : Permission non accordée

(evolution:3): GVFS-WARNING **: 15:01:08.027: The peer-to-peer connection failed: Error in obtaining information from the file « /run/user/1000/gvfsd » :No such file or folder. Falling back to the session bus. Your application is probably missing --filesystem=xdg-run/gvfsd privileges.

15 times these previous sentences

** (WebKitWebProcess:29): WARNING **: 15:01:10.003: Can't connect to a11y bus: Unable to connect: No such file or folder

(evolution:3): GLib-GIO-WARNING **: 15:35:13.671: Your application did not unregister from D-Bus before destruction. Consider using g_application_run().

evolution.profile

/etc/firejail$ cat evolution.profile
# Firejail profile for evolution
# Description: Groupware suite with mail client and organizer
# This file is overwritten after every install/update
# Persistent local customizations
include evolution.local
# Persistent global definitions
include globals.local

noblacklist /var/mail
noblacklist /var/spool/mail
noblacklist ${HOME}/.bogofilter
noblacklist ${HOME}/.cache/evolution
noblacklist ${HOME}/.config/evolution
noblacklist ${HOME}/.gnupg
noblacklist ${HOME}/.local/share/evolution
noblacklist ${HOME}/.pki
noblacklist ${HOME}/.local/share/pki

include disable-common.inc
include disable-devel.inc
include disable-exec.inc
include disable-interpreters.inc
include disable-passwdmgr.inc
include disable-programs.inc

include whitelist-runuser-common.inc

caps.drop all
netfilter
# no3d breaks under wayland
#no3d
nodvd
nogroups
noinput
nonewprivs
noroot
nosound
notv
nou2f
novideo
protocol unix,inet,inet6
seccomp
shell none

private-dev
private-tmp
writable-var

Something is wrong.
Do you have any idea to solve this issue?
Regards,

Steps to Reproduce

firejail --profile=/etc/firejail/evolution.profile /usr/bin/evolution

$ LC_ALL=C firejail evolution
Reading profile /etc/firejail/evolution.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-runuser-common.inc
Warning: networking feature is disabled in Firejail configuration file
Parent pid 10391, child pid 10392
Child process initialized in 460.45 ms

(evolution:3): dbind-WARNING **: 16:50:53.381: Couldn't connect to accessibility bus: Failed to connect to socket /run/user/1000/at-spi/bus_0: No such file or directory

** (evolution:3): WARNING **: 16:50:55.316: Could not open /sys/firmware/acpi/pm_profile: Failed to open file ?/sys/firmware/acpi/pm_profile?: Permission denied

(evolution-alarm-notify:16): dbind-WARNING **: 16:50:56.550: Couldn't connect to accessibility bus: Failed to connect to socket /run/user/1000/at-spi/bus_0: No such file or directory

(evolution:3): IBUS-WARNING **: 16:50:56.993: Unable to connect to ibus: Could not connect: Connection refused

** Note: you can use --noprofile to disable default.profile **

Parent pid 10056, child pid 10057
Warning: cleaning all supplementary groups
Child process initialized in 211.12 ms
/bin/bash: line 1: PROGRAM: command not found

Expected behavior

No warning

Actual behavior

Can't connect to a11y bus: Unable to connect: No such file or folder
Your application did not unregister from D-Bus before destruction. Consider using g_application_run().

Behavior without a profile

$ firejail --noprofile /usr/bin/evolution
Parent pid 10112, child pid 10113
Child process initialized in 12.99 ms

** (evolution:2): WARNING **: 16:38:17.933: Could not open /sys/firmware/acpi/pm_profile: Openning the file: « /sys/firmware/acpi/pm_profile »failed: Permission no granted

or

/usr/bin$ LC_ALL=C firejail --noprofile /usr/bin/evolution
Parent pid 10263, child pid 10264
Child process initialized in 16.66 ms

** (evolution:2): WARNING **: 16:48:07.167: Could not open /sys/firmware/acpi/pm_profile: Failed to open file ?/sys/firmware/acpi/pm_profile?: Permission denied

(evolution:2): IBUS-WARNING **: 16:48:07.699: Unable to connect to ibus: Could not connect: Connection refused

What changed calling LC_ALL=C firejail --noprofile /path/to/program in a
terminal?

nothing

Environment

• Linux distribution and version (e.g. "Ubuntu 20.04" or "Arch Linux")

$ lsb_release -a
No LSB modules are available.
Distributor ID:	Linuxmint
Description:	Linux Mint 21.1
Release:	21.1
Codename:	vera

$ firejail --version
firejail version 0.9.66

Checklist

• The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it).

/usr/bin$ ./evolution

(evolution:10535): GLib-GIO-WARNING **: 16:58:30.996: Your application did not unregister from D-Bus before destruction. Consider using g_application_run().

• I can reproduce the issue without custom modifications (e.g. globals.local).
• The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
• The profile (and redirect profile if exists) hasn't already been fixed upstream.
• I have performed a short search for similar issues (to avoid opening a duplicate).
  • I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.
• I used --profile=PROFILENAME to set the right profile. (Only relevant for AppImages)

Log

---

Edit by @rusty-snake: Formatting

Originally created by @CocoR55 on GitHub (Apr 18, 2023). Original GitHub issue: https://github.com/netblue30/firejail/issues/5793 > See the following links for help with formatting: > > https://guides.github.com/features/mastering-markdown/ > https://docs.github.com/en/github/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax --- ### Description On Linux Lint Mate, it is about installing Evolution packages in a firejail sandbox. First thing, there was no profile dedicated to Evolution in firecfg. ```sh firejail --private /usr/bin/evolution ``` A profile was created. Then, the command to launch the program is: ```sh firejail --profile=/etc/firejail/evolution.profile /usr/bin/evolution ``` The Evolution application starts but with warnings ``` Warning: networking feature is disabled in Firejail configuration file Parent pid 8561, child pid 8562 Child process initialized in 374.81 ms (evolution:3): dbind-WARNING **: 15:01:03.478: Couldn't connect to accessibility bus: Failed to connect to socket /run/user/1000/at-spi/bus_0: Aucun fichier ou dossier de ce type (evolution-alarm-notify:16): dbind-WARNING **: 15:01:07.020: Couldn't connect to accessibility bus: Failed to connect to socket /run/user/1000/at-spi/bus_0: Aucun fichier ou dossier de ce type ** (evolution:3): WARNING **: 15:01:07.246: Could not open /sys/firmware/acpi/pm_profile: L’ouverture du fichier « /sys/firmware/acpi/pm_profile » a échoué : Permission non accordée (evolution:3): GVFS-WARNING **: 15:01:08.027: The peer-to-peer connection failed: Error in obtaining information from the file « /run/user/1000/gvfsd » :No such file or folder. Falling back to the session bus. Your application is probably missing --filesystem=xdg-run/gvfsd privileges. ``` 15 times these previous sentences ``` ** (WebKitWebProcess:29): WARNING **: 15:01:10.003: Can't connect to a11y bus: Unable to connect: No such file or folder (evolution:3): GLib-GIO-WARNING **: 15:35:13.671: Your application did not unregister from D-Bus before destruction. Consider using g_application_run(). ``` evolution.profile ``` /etc/firejail$ cat evolution.profile # Firejail profile for evolution # Description: Groupware suite with mail client and organizer # This file is overwritten after every install/update # Persistent local customizations include evolution.local # Persistent global definitions include globals.local noblacklist /var/mail noblacklist /var/spool/mail noblacklist ${HOME}/.bogofilter noblacklist ${HOME}/.cache/evolution noblacklist ${HOME}/.config/evolution noblacklist ${HOME}/.gnupg noblacklist ${HOME}/.local/share/evolution noblacklist ${HOME}/.pki noblacklist ${HOME}/.local/share/pki include disable-common.inc include disable-devel.inc include disable-exec.inc include disable-interpreters.inc include disable-passwdmgr.inc include disable-programs.inc include whitelist-runuser-common.inc caps.drop all netfilter # no3d breaks under wayland #no3d nodvd nogroups noinput nonewprivs noroot nosound notv nou2f novideo protocol unix,inet,inet6 seccomp shell none private-dev private-tmp writable-var ``` Something is wrong. Do you have any idea to solve this issue? Regards, ### Steps to Reproduce ```sh firejail --profile=/etc/firejail/evolution.profile /usr/bin/evolution ``` ```console $ LC_ALL=C firejail evolution Reading profile /etc/firejail/evolution.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-passwdmgr.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/whitelist-runuser-common.inc Warning: networking feature is disabled in Firejail configuration file Parent pid 10391, child pid 10392 Child process initialized in 460.45 ms (evolution:3): dbind-WARNING **: 16:50:53.381: Couldn't connect to accessibility bus: Failed to connect to socket /run/user/1000/at-spi/bus_0: No such file or directory ** (evolution:3): WARNING **: 16:50:55.316: Could not open /sys/firmware/acpi/pm_profile: Failed to open file ?/sys/firmware/acpi/pm_profile?: Permission denied (evolution-alarm-notify:16): dbind-WARNING **: 16:50:56.550: Couldn't connect to accessibility bus: Failed to connect to socket /run/user/1000/at-spi/bus_0: No such file or directory (evolution:3): IBUS-WARNING **: 16:50:56.993: Unable to connect to ibus: Could not connect: Connection refused ``` ``` ** Note: you can use --noprofile to disable default.profile ** Parent pid 10056, child pid 10057 Warning: cleaning all supplementary groups Child process initialized in 211.12 ms /bin/bash: line 1: PROGRAM: command not found ``` ### Expected behavior No warning ### Actual behavior Can't connect to a11y bus: Unable to connect: No such file or folder Your application did not unregister from D-Bus before destruction. Consider using g_application_run(). ### Behavior without a profile ```console $ firejail --noprofile /usr/bin/evolution Parent pid 10112, child pid 10113 Child process initialized in 12.99 ms ** (evolution:2): WARNING **: 16:38:17.933: Could not open /sys/firmware/acpi/pm_profile: Openning the file: « /sys/firmware/acpi/pm_profile »failed: Permission no granted ``` or ``` /usr/bin$ LC_ALL=C firejail --noprofile /usr/bin/evolution Parent pid 10263, child pid 10264 Child process initialized in 16.66 ms ** (evolution:2): WARNING **: 16:48:07.167: Could not open /sys/firmware/acpi/pm_profile: Failed to open file ?/sys/firmware/acpi/pm_profile?: Permission denied (evolution:2): IBUS-WARNING **: 16:48:07.699: Unable to connect to ibus: Could not connect: Connection refused ``` _What changed calling `LC_ALL=C firejail --noprofile /path/to/program` in a terminal?_ nothing ### Environment - Linux distribution and version (e.g. "Ubuntu 20.04" or "Arch Linux") ```console $ lsb_release -a No LSB modules are available. Distributor ID: Linuxmint Description: Linux Mint 21.1 Release: 21.1 Codename: vera ``` ```console $ firejail --version firejail version 0.9.66 ``` ### Checklist - [x] The issues is caused by firejail (i.e. running the program by path (e.g. `/usr/bin/vlc`) "fixes" it). ```console /usr/bin$ ./evolution (evolution:10535): GLib-GIO-WARNING **: 16:58:30.996: Your application did not unregister from D-Bus before destruction. Consider using g_application_run(). ``` - [x] I can reproduce the issue without custom modifications (e.g. globals.local). - [x] The program has a profile. (If not, request one in `https://github.com/netblue30/firejail/issues/1139`) - [x] The profile (and redirect profile if exists) hasn't already been fixed [upstream](https://github.com/netblue30/firejail/tree/master/etc). - [x] I have performed a short search for similar issues (to avoid opening a duplicate). - [ ] I'm aware of `browser-allow-drm yes`/`browser-disable-u2f no` in `firejail.config` to allow DRM/U2F in browsers. - [ ] I used `--profile=PROFILENAME` to set the right profile. (Only relevant for AppImages) ### Log --- **Edit by @rusty-snake**: Formatting

gitea-mirror commented 2026-05-05 09:44:04 -06:00

Author

Owner

Copy link

@kmk3 commented on GitHub (Apr 19, 2023):

(Offtopic)

@CocoR55

Please see the following links for how to format code blocks in markdown:

• https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/creating-and-highlighting-code-blocks
• https://github.github.com/gfm/#fenced-code-blocks

<!-- gh-comment-id:1514147071 --> @kmk3 commented on GitHub (Apr 19, 2023): (Offtopic) @CocoR55 Please see the following links for how to format code blocks in markdown: * <https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/creating-and-highlighting-code-blocks> * <https://github.github.com/gfm/#fenced-code-blocks>

gitea-mirror commented 2026-05-05 09:44:04 -06:00

Author

Owner

Copy link

@kmk3 commented on GitHub (Apr 19, 2023):

firejail version 0.9.66

Note that we do not maintain that version of firejail:

• https://github.com/netblue30/firejail/blob/master/SECURITY.md

Versions other than the latest usually have outdated profiles and may contain
bugs and security vulnerabilities that were fixed in later versions.

See also:

• https://github.com/netblue30/firejail#installing

What happens with the latest released version?

<!-- gh-comment-id:1514147368 --> @kmk3 commented on GitHub (Apr 19, 2023): > firejail version 0.9.66 Note that we do not maintain that version of firejail: * <https://github.com/netblue30/firejail/blob/master/SECURITY.md> Versions other than the latest usually have outdated profiles and may contain bugs and security vulnerabilities that were fixed in later versions. See also: * <https://github.com/netblue30/firejail#installing> What happens with the latest released version?

gitea-mirror commented 2026-05-05 09:44:05 -06:00

Author

Owner

Copy link

@CocoR55 commented on GitHub (Apr 20, 2023):

Tests done again with last version of firejail, (version 0.9.72) warnings and messages are the same.
No improvement.

<!-- gh-comment-id:1516718942 --> @CocoR55 commented on GitHub (Apr 20, 2023): Tests done again with last version of firejail, (version 0.9.72) warnings and messages are the same. No improvement.

gitea-mirror commented 2026-05-05 09:44:06 -06:00

Author

Owner

Copy link

@tukanos commented on GitHub (Jan 11, 2026):

The latest version 0.9.76 exhibits the same behaviour.

My system:

lsb_release -a
No LSB modules are available.
Distributor ID:	Debian
Description:	Debian GNU/Linux forky/sid
Release:	n/a
Codename:	forky

Here is the log:

firejail evolution
Reading profile /etc/firejail/evolution.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-runuser-common.inc
firejail version 0.9.76

Parent pid 14376, child pid 14377
Warning: cannot find /var/run/utmp
Warning: not remounting /home/tukan/.ssh/config
Base filesystem installed in 324.61 ms
Child process initialized in 409.12 ms

(org.gnome.Evolution:4): dbind-WARNING **: 10:09:17.112: Couldn't connect to accessibility bus: Failed to connect to socket /run/user/1000/at-spi/bus: No such file or directory

(evolution-alarm-notify:14): dbind-WARNING **: 10:09:17.303: Couldn't connect to accessibility bus: Failed to connect to socket /run/user/1000/at-spi/bus: No such file or directory

** (org.gnome.Evolution:4): ERROR **: 10:09:17.527: Failed to start dbus proxy: Failed to spawn child process “/usr/bin/bwrap” (Permission denied)

Parent is shutting down, bye...

After some digging I found out the issue is double container:

If you disable the WEBKIT snadbox with WEBKIT_DISABLE_SANDBOX_THIS_IS_DANGEROUS=1 before running firejail evolution it will start.

<!-- gh-comment-id:3734282099 --> @tukanos commented on GitHub (Jan 11, 2026): The latest version 0.9.76 exhibits the same behaviour. My system: ``` lsb_release -a No LSB modules are available. Distributor ID: Debian Description: Debian GNU/Linux forky/sid Release: n/a Codename: forky ``` Here is the log: ``` firejail evolution Reading profile /etc/firejail/evolution.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/whitelist-runuser-common.inc firejail version 0.9.76 Parent pid 14376, child pid 14377 Warning: cannot find /var/run/utmp Warning: not remounting /home/tukan/.ssh/config Base filesystem installed in 324.61 ms Child process initialized in 409.12 ms (org.gnome.Evolution:4): dbind-WARNING **: 10:09:17.112: Couldn't connect to accessibility bus: Failed to connect to socket /run/user/1000/at-spi/bus: No such file or directory (evolution-alarm-notify:14): dbind-WARNING **: 10:09:17.303: Couldn't connect to accessibility bus: Failed to connect to socket /run/user/1000/at-spi/bus: No such file or directory ** (org.gnome.Evolution:4): ERROR **: 10:09:17.527: Failed to start dbus proxy: Failed to spawn child process “/usr/bin/bwrap” (Permission denied) Parent is shutting down, bye... ``` After some digging I found out the issue is double container: If you disable the WEBKIT snadbox with `WEBKIT_DISABLE_SANDBOX_THIS_IS_DANGEROUS=1` before running `firejail evolution` it will start.

gitea-mirror referenced this issue 2026-05-05 10:23:51 -06:00

[PR #3094] [MERGED] Add ephemeral profile #4641

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

serialize_remounts_v2

landlock_v4

landlock

release-0.9.64

release-0.9.62

gitlab_ci

LTSbase

fred_ctests

docs

0.9.80

0.9.80-rc1

0.9.78

0.9.76

0.9.76-rc4

0.9.76-rc3

0.9.76-rc2

0.9.76-rc1

0.9.74

landlock-split

0.9.72

0.9.72rc1

0.9.70

0.9.68

0.9.68rc1

0.9.66

0.9.66rc1

0.9.64.4

0.9.64.2

0.9.64

0.9.64rc1

0.9.62.4

0.9.62.2

0.9.62

0.9.56.2-LTS

0.9.60

0.9.60-rc1

0.9.58.2

0.9.58

0.9.58-rc1

0.9.56-LTS-release

0.9.56-LTS

0.9.56

0.9.56-rc1

0.9.54

0.9.54-rc2

0.9.54-rc1

0.9.52

0.9.38.12

0.9.50

0.9.50-rc1

0.9.48

0.9.46

0.9.46-rc1

0.9.44.10

0.9.44.8

0.9.44.6

0.9.38.10

0.9.44.4

0.9.38.8

0.9.44.2

0.9.44

0.9.44-rc1

0.9.38.4

0.9.42

0.9.42-rc2

0.9.38.2

0.9.42-rc1

disable-globalcfg

0.9.40

0.9.40-rc1

0.9.38

0.9.38-rc1

0.9.36

0.9.36-rc1

0.9.34

0.9.34-rc1

0.9.32

0.9.32-rc1

0.9.30

0.9.30-rc1

Labels

Clear labels   

LTS merge

  

LTS merge

  

bug

  

bug

  

converted-to-discussion

  

doc-todo

  

documentation

  

duplicate

  

enhancement

  

file-transfer

  

firecfg

  

firejail-in-firejail

  

firetools

  

graphics

  

help wanted

  

information_old

  

installation

  

invalid

  

modif

  

moved

  

needinfo

  

networking

  

notabug

  

notourbug

  

old-version

  

overlayfs

  

packaging

  

profile-request

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question_old

  

removal

  

runtime-permissions

  

sandbox-ipc

  

security

  

stale

  

wiki

  

wiki

  

wontfix

  

wordpress

  

workaround

No labels

LTS merge

LTS merge

bug

bug

converted-to-discussion

doc-todo

documentation

duplicate

enhancement

file-transfer

firecfg

firejail-in-firejail

firetools

graphics

help wanted

information_old

installation

invalid

modif

moved

needinfo

networking

notabug

notourbug

old-version

overlayfs

packaging

profile-request

pull-request

question

question_old

removal

runtime-permissions

sandbox-ipc

security

stale

wiki

wiki

wontfix

wordpress

workaround

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#3094

No description provided.