[GH-ISSUE #5971] discord: notifications are not shown #3146

New issue

Closed

opened 2026-05-05 09:46:38 -06:00 by gitea-mirror · 6 comments

gitea-mirror commented 2026-05-05 09:46:38 -06:00

Owner

Copy link

Originally created by @haarp on GitHub (Aug 24, 2023).
Original GitHub issue: https://github.com/netblue30/firejail/issues/5971

Description

Discord 0.0.28 on Gentoo Linux is not showing notifications, while other Electron apps are.

# (discord:36): libnotify-WARNING **: 00:25:04.909: Failed to connect to proxy
# [36:0824/002504.909391:ERROR:libnotify_notification.cc(49)] notify_notification_show: domain=299 code=1 message="Could not connect: No such file or directory"
# [36:0824/002504.990190:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /tmp/dbus-qaRt5EYGMt: No such file or directory
# [36:0824/002504.990223:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /tmp/dbus-qaRt5EYGMt: No such file or directory

That points towards private-tmp in electron.global. It works if I add this to the discord profile:

ignore private-tmp

After comparing with signal-desktop (another Electron app, which does display notifications), these directives also work:

dbus-user filter
dbus-user.talk org.freedesktop.Notifications

Steps to Reproduce

Steps to reproduce the behavior

1. Run firejail discord
2. Observe Discord log. dbus complaints arrive even without messages being received

Expected behavior

Notifications :)

Actual behavior

No notifications :(

Behavior without a profile

I wouldn't dare running an Electron app without a sandbox :/

Additional context

Not sure if my environment has broken something to cause this issue.

Environment

• Linux distribution: Gentoo Linux
• Firejail version:0.9.72

Checklist

• [~] The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it). (not checked, can't risk running without sandbox)
• I can reproduce the issue without custom modifications (e.g. globals.local).
• The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
• The profile (and redirect profile if exists) hasn't already been fixed upstream.
• I have performed a short search for similar issues (to avoid opening a duplicate).
  • I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.
• I used --profile=PROFILENAME to set the right profile. (Only relevant for AppImages)

Log

Output of LC_ALL=C firejail /path/to/program

Reading profile /etc/firejail/discord.profile
Reading profile /home/haarp/.config/firejail/discord.local
Reading profile /home/haarp/.config/firejail/globals.local
Reading profile /etc/firejail/discord-common.profile
Reading profile /etc/firejail/electron.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /home/haarp/.config/firejail/disable-common.local
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /home/haarp/.config/firejail/disable-programs.local
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 1595927, child pid 1595928

DNS server 1.1.1.1

Warning: skipping Discord for private /opt
Private /opt installed in 377.23 ms
19 programs installed in 25.08 ms
Warning: skipping alternatives for private /etc
Warning: skipping crypto-policies for private /etc
Warning: skipping ld.so.preload for private /etc
Warning: skipping password for private /etc
Private /etc installed in 16.48 ms
Private /usr/etc installed in 0.00 ms
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Warning: not remounting /run/user/1000/gvfs
Child process initialized in 487.36 ms


Discord 0.0.28

[37:0824/122010.450853:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /tmp/dbus-qaRt5EYGMt: No such file or directory
[37:0824/122010.450928:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /tmp/dbus-qaRt5EYGMt: No such file or directory
[77:0824/122010.471853:ERROR:angle_platform_impl.cc(43)] Display.cpp:1004 (initialize): ANGLE Display::initialize error 0: Internal Vulkan error (-3): Initialization of an object could not be completed for implementation-specific reasons, in ../../third_party/angle/src/libANGLE/renderer/vulkan/RendererVk.cpp, initialize:1430.
ERR: Display.cpp:1004 (initialize): ANGLE Display::initialize error 0: Internal Vulkan error (-3): Initialization of an object could not be completed for implementation-specific reasons, in ../../third_party/angle/src/libANGLE/renderer/vulkan/RendererVk.cpp, initialize:1430.
[77:0824/122010.471931:ERROR:gl_display.cc(508)] EGL Driver message (Critical) eglInitialize: Internal Vulkan error (-3): Initialization of an object could not be completed for implementation-specific reasons, in ../../third_party/angle/src/libANGLE/renderer/vulkan/RendererVk.cpp, initialize:1430.
[77:0824/122010.471959:ERROR:gl_display.cc(920)] eglInitialize SwANGLE failed with error EGL_NOT_INITIALIZED
[77:0824/122010.471998:ERROR:gl_ozone_egl.cc(23)] GLDisplayEGL::Initialize failed.
[77:0824/122010.473146:ERROR:viz_main_impl.cc(186)] Exiting GPU process due to errors during initialization
[37:0824/122010.477303:ERROR:simple_backend_impl.cc(79)] Failed to create directory: /home/haarp/.config/discord/Code Cache/js
[37:0824/122010.477326:ERROR:simple_backend_impl.cc(79)] Failed to create directory: /home/haarp/.config/discord/Code Cache/wasm
[37:0824/122010.477393:ERROR:simple_backend_impl.cc(79)] Failed to create directory: /home/haarp/.config/discord/Code Cache/wasm
[37:0824/122010.477399:ERROR:simple_backend_impl.cc(738)] Simple Cache Backend: wrong file structure on disk: 1 path: /home/haarp/.config/discord/Code Cache/wasm
[37:0824/122010.477421:ERROR:simple_backend_impl.cc(79)] Failed to create directory: /home/haarp/.config/discord/Code Cache/js
[37:0824/122010.477434:ERROR:simple_backend_impl.cc(738)] Simple Cache Backend: wrong file structure on disk: 1 path: /home/haarp/.config/discord/Code Cache/js
[37:0824/122010.477499:ERROR:disk_cache.cc(205)] Unable to create cache
[37:0824/122010.477539:ERROR:disk_cache.cc(205)] Unable to create cache
Starting app.
Starting updater.
2023-08-24T10:20:10.482Z [Modules] Modules initializing
2023-08-24T10:20:10.482Z [Modules] Distribution: remote
2023-08-24T10:20:10.482Z [Modules] Host updates: disabled
2023-08-24T10:20:10.482Z [Modules] Module updates: enabled
2023-08-24T10:20:10.483Z [Modules] Module install path: /home/haarp/.config/discord/0.0.28/modules
2023-08-24T10:20:10.483Z [Modules] Module installed file path: /home/haarp/.config/discord/0.0.28/modules/installed.json
2023-08-24T10:20:10.483Z [Modules] Module download path: /home/haarp/.config/discord/0.0.28/modules/pending
[37:0824/122010.491740:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /tmp/dbus-qaRt5EYGMt: No such file or directory
[98:0824/122010.506438:ERROR:angle_platform_impl.cc(43)] Display.cpp:1004 (initialize): ANGLE Display::initialize error 0: Internal Vulkan error (-3): Initialization of an object could not be completed for implementation-specific reasons, in ../../third_party/angle/src/libANGLE/renderer/vulkan/RendererVk.cpp, initialize:1430.
ERR: Display.cpp:1004 (initialize): ANGLE Display::initialize error 0: Internal Vulkan error (-3): Initialization of an object could not be completed for implementation-specific reasons, in ../../third_party/angle/src/libANGLE/renderer/vulkan/RendererVk.cpp, initialize:1430.
[98:0824/122010.506516:ERROR:gl_display.cc(508)] EGL Driver message (Critical) eglInitialize: Internal Vulkan error (-3): Initialization of an object could not be completed for implementation-specific reasons, in ../../third_party/angle/src/libANGLE/renderer/vulkan/RendererVk.cpp, initialize:1430.
[98:0824/122010.506545:ERROR:gl_display.cc(920)] eglInitialize SwANGLE failed with error EGL_NOT_INITIALIZED
[98:0824/122010.506576:ERROR:gl_ozone_egl.cc(23)] GLDisplayEGL::Initialize failed.
[98:0824/122010.507528:ERROR:viz_main_impl.cc(186)] Exiting GPU process due to errors during initialization
[84:0824/122010.514277:ERROR:simple_backend_impl.cc(79)] Failed to create directory: /home/haarp/.config/discord/Cache/Cache_Data
[84:0824/122010.514439:ERROR:simple_backend_impl.cc(79)] Failed to create directory: /home/haarp/.config/discord/Cache/Cache_Data
[84:0824/122010.514454:ERROR:simple_backend_impl.cc(738)] Simple Cache Backend: wrong file structure on disk: 1 path: /home/haarp/.config/discord/Cache/Cache_Data
[84:0824/122010.514575:ERROR:disk_cache.cc(205)] Unable to create cache
[105:0824/122010.518805:ERROR:angle_platform_impl.cc(43)] Display.cpp:1004 (initialize): ANGLE Display::initialize error 0: Internal Vulkan error (-3): Initialization of an object could not be completed for implementation-specific reasons, in ../../third_party/angle/src/libANGLE/renderer/vulkan/RendererVk.cpp, initialize:1430.
ERR: Display.cpp:1004 (initialize): ANGLE Display::initialize error 0: Internal Vulkan error (-3): Initialization of an object could not be completed for implementation-specific reasons, in ../../third_party/angle/src/libANGLE/renderer/vulkan/RendererVk.cpp, initialize:1430.
[105:0824/122010.518866:ERROR:gl_display.cc(508)] EGL Driver message (Critical) eglInitialize: Internal Vulkan error (-3): Initialization of an object could not be completed for implementation-specific reasons, in ../../third_party/angle/src/libANGLE/renderer/vulkan/RendererVk.cpp, initialize:1430.
[105:0824/122010.518890:ERROR:gl_display.cc(920)] eglInitialize SwANGLE failed with error EGL_NOT_INITIALIZED
[105:0824/122010.518918:ERROR:gl_ozone_egl.cc(23)] GLDisplayEGL::Initialize failed.
[105:0824/122010.519982:ERROR:viz_main_impl.cc(186)] Exiting GPU process due to errors during initialization
[119:0824/122010.526249:ERROR:gpu_init.cc(523)] Passthrough is not supported, GL is disabled, ANGLE is
2023-08-24T10:20:10.680Z [Modules] No updates to install
2023-08-24T10:20:10.681Z [Modules] Host is up to date.
2023-08-24T10:20:10.682Z [Modules] Checking for module updates at https://discord.com/api/modules/stable/versions.json
[37:0824/122010.701437:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /tmp/dbus-qaRt5EYGMt: No such file or directory
[37:0824/122010.701471:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /tmp/dbus-qaRt5EYGMt: No such file or directory
[37:0824/122010.701491:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /tmp/dbus-qaRt5EYGMt: No such file or directory
2023-08-24T10:20:11.048Z [Modules] No module updates available.
[37:0824/122011.156690:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /tmp/dbus-qaRt5EYGMt: No such file or directory
[37:0824/122011.160335:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /tmp/dbus-qaRt5EYGMt: No such file or directory
Optional module ./ElectronTestRpc was not included.
[37:0824/122011.168733:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /tmp/dbus-qaRt5EYGMt: No such file or directory
[37:0824/122011.176766:ERROR:object_proxy.cc(623)] Failed to call method: org.freedesktop.DBus.NameHasOwner: object_path= /org/freedesktop/DBus: unknown error type:

Originally created by @haarp on GitHub (Aug 24, 2023). Original GitHub issue: https://github.com/netblue30/firejail/issues/5971 <!-- See the following links for help with formatting: https://guides.github.com/features/mastering-markdown/ https://docs.github.com/en/github/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax --> ### Description Discord 0.0.28 on Gentoo Linux is not showing notifications, while other Electron apps are. ``` # (discord:36): libnotify-WARNING **: 00:25:04.909: Failed to connect to proxy # [36:0824/002504.909391:ERROR:libnotify_notification.cc(49)] notify_notification_show: domain=299 code=1 message="Could not connect: No such file or directory" # [36:0824/002504.990190:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /tmp/dbus-qaRt5EYGMt: No such file or directory # [36:0824/002504.990223:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /tmp/dbus-qaRt5EYGMt: No such file or directory ``` That points towards `private-tmp` in `electron.global`. It works if I add this to the discord profile: ``` ignore private-tmp ``` After comparing with `signal-desktop` (another Electron app, which does display notifications), these directives also work: ``` dbus-user filter dbus-user.talk org.freedesktop.Notifications ``` ### Steps to Reproduce _Steps to reproduce the behavior_ 1. Run `firejail discord` 2. Observe Discord log. dbus complaints arrive even without messages being received ### Expected behavior Notifications :) ### Actual behavior No notifications :( ### Behavior without a profile I wouldn't dare running an Electron app without a sandbox :/ ### Additional context Not sure if my environment has broken something to cause this issue. ### Environment - Linux distribution: Gentoo Linux - Firejail version:0.9.72 ### Checklist <!-- Note: Items are checked with an "x", like so: - [x] This is a checked item. --> - [~] The issues is caused by firejail (i.e. running the program by path (e.g. `/usr/bin/vlc`) "fixes" it). (not checked, can't risk running without sandbox) - [x] I can reproduce the issue without custom modifications (e.g. globals.local). - [x] The program has a profile. (If not, request one in `https://github.com/netblue30/firejail/issues/1139`) - [x] The profile (and redirect profile if exists) hasn't already been fixed [upstream](https://github.com/netblue30/firejail/tree/master/etc). - [x] I have performed a short search for similar issues (to avoid opening a duplicate). - [ ] I'm aware of `browser-allow-drm yes`/`browser-disable-u2f no` in `firejail.config` to allow DRM/U2F in browsers. - [ ] I used `--profile=PROFILENAME` to set the right profile. (Only relevant for AppImages) ### Log <details> <summary>Output of <code>LC_ALL=C firejail /path/to/program</code></summary> <p> ``` Reading profile /etc/firejail/discord.profile Reading profile /home/haarp/.config/firejail/discord.local Reading profile /home/haarp/.config/firejail/globals.local Reading profile /etc/firejail/discord-common.profile Reading profile /etc/firejail/electron.profile Reading profile /etc/firejail/disable-common.inc Reading profile /home/haarp/.config/firejail/disable-common.local Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /home/haarp/.config/firejail/disable-programs.local Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Parent pid 1595927, child pid 1595928 DNS server 1.1.1.1 Warning: skipping Discord for private /opt Private /opt installed in 377.23 ms 19 programs installed in 25.08 ms Warning: skipping alternatives for private /etc Warning: skipping crypto-policies for private /etc Warning: skipping ld.so.preload for private /etc Warning: skipping password for private /etc Private /etc installed in 16.48 ms Private /usr/etc installed in 0.00 ms Warning: /sbin directory link was not blacklisted Warning: /usr/sbin directory link was not blacklisted Warning: not remounting /run/user/1000/gvfs Child process initialized in 487.36 ms Discord 0.0.28 [37:0824/122010.450853:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /tmp/dbus-qaRt5EYGMt: No such file or directory [37:0824/122010.450928:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /tmp/dbus-qaRt5EYGMt: No such file or directory [77:0824/122010.471853:ERROR:angle_platform_impl.cc(43)] Display.cpp:1004 (initialize): ANGLE Display::initialize error 0: Internal Vulkan error (-3): Initialization of an object could not be completed for implementation-specific reasons, in ../../third_party/angle/src/libANGLE/renderer/vulkan/RendererVk.cpp, initialize:1430. ERR: Display.cpp:1004 (initialize): ANGLE Display::initialize error 0: Internal Vulkan error (-3): Initialization of an object could not be completed for implementation-specific reasons, in ../../third_party/angle/src/libANGLE/renderer/vulkan/RendererVk.cpp, initialize:1430. [77:0824/122010.471931:ERROR:gl_display.cc(508)] EGL Driver message (Critical) eglInitialize: Internal Vulkan error (-3): Initialization of an object could not be completed for implementation-specific reasons, in ../../third_party/angle/src/libANGLE/renderer/vulkan/RendererVk.cpp, initialize:1430. [77:0824/122010.471959:ERROR:gl_display.cc(920)] eglInitialize SwANGLE failed with error EGL_NOT_INITIALIZED [77:0824/122010.471998:ERROR:gl_ozone_egl.cc(23)] GLDisplayEGL::Initialize failed. [77:0824/122010.473146:ERROR:viz_main_impl.cc(186)] Exiting GPU process due to errors during initialization [37:0824/122010.477303:ERROR:simple_backend_impl.cc(79)] Failed to create directory: /home/haarp/.config/discord/Code Cache/js [37:0824/122010.477326:ERROR:simple_backend_impl.cc(79)] Failed to create directory: /home/haarp/.config/discord/Code Cache/wasm [37:0824/122010.477393:ERROR:simple_backend_impl.cc(79)] Failed to create directory: /home/haarp/.config/discord/Code Cache/wasm [37:0824/122010.477399:ERROR:simple_backend_impl.cc(738)] Simple Cache Backend: wrong file structure on disk: 1 path: /home/haarp/.config/discord/Code Cache/wasm [37:0824/122010.477421:ERROR:simple_backend_impl.cc(79)] Failed to create directory: /home/haarp/.config/discord/Code Cache/js [37:0824/122010.477434:ERROR:simple_backend_impl.cc(738)] Simple Cache Backend: wrong file structure on disk: 1 path: /home/haarp/.config/discord/Code Cache/js [37:0824/122010.477499:ERROR:disk_cache.cc(205)] Unable to create cache [37:0824/122010.477539:ERROR:disk_cache.cc(205)] Unable to create cache Starting app. Starting updater. 2023-08-24T10:20:10.482Z [Modules] Modules initializing 2023-08-24T10:20:10.482Z [Modules] Distribution: remote 2023-08-24T10:20:10.482Z [Modules] Host updates: disabled 2023-08-24T10:20:10.482Z [Modules] Module updates: enabled 2023-08-24T10:20:10.483Z [Modules] Module install path: /home/haarp/.config/discord/0.0.28/modules 2023-08-24T10:20:10.483Z [Modules] Module installed file path: /home/haarp/.config/discord/0.0.28/modules/installed.json 2023-08-24T10:20:10.483Z [Modules] Module download path: /home/haarp/.config/discord/0.0.28/modules/pending [37:0824/122010.491740:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /tmp/dbus-qaRt5EYGMt: No such file or directory [98:0824/122010.506438:ERROR:angle_platform_impl.cc(43)] Display.cpp:1004 (initialize): ANGLE Display::initialize error 0: Internal Vulkan error (-3): Initialization of an object could not be completed for implementation-specific reasons, in ../../third_party/angle/src/libANGLE/renderer/vulkan/RendererVk.cpp, initialize:1430. ERR: Display.cpp:1004 (initialize): ANGLE Display::initialize error 0: Internal Vulkan error (-3): Initialization of an object could not be completed for implementation-specific reasons, in ../../third_party/angle/src/libANGLE/renderer/vulkan/RendererVk.cpp, initialize:1430. [98:0824/122010.506516:ERROR:gl_display.cc(508)] EGL Driver message (Critical) eglInitialize: Internal Vulkan error (-3): Initialization of an object could not be completed for implementation-specific reasons, in ../../third_party/angle/src/libANGLE/renderer/vulkan/RendererVk.cpp, initialize:1430. [98:0824/122010.506545:ERROR:gl_display.cc(920)] eglInitialize SwANGLE failed with error EGL_NOT_INITIALIZED [98:0824/122010.506576:ERROR:gl_ozone_egl.cc(23)] GLDisplayEGL::Initialize failed. [98:0824/122010.507528:ERROR:viz_main_impl.cc(186)] Exiting GPU process due to errors during initialization [84:0824/122010.514277:ERROR:simple_backend_impl.cc(79)] Failed to create directory: /home/haarp/.config/discord/Cache/Cache_Data [84:0824/122010.514439:ERROR:simple_backend_impl.cc(79)] Failed to create directory: /home/haarp/.config/discord/Cache/Cache_Data [84:0824/122010.514454:ERROR:simple_backend_impl.cc(738)] Simple Cache Backend: wrong file structure on disk: 1 path: /home/haarp/.config/discord/Cache/Cache_Data [84:0824/122010.514575:ERROR:disk_cache.cc(205)] Unable to create cache [105:0824/122010.518805:ERROR:angle_platform_impl.cc(43)] Display.cpp:1004 (initialize): ANGLE Display::initialize error 0: Internal Vulkan error (-3): Initialization of an object could not be completed for implementation-specific reasons, in ../../third_party/angle/src/libANGLE/renderer/vulkan/RendererVk.cpp, initialize:1430. ERR: Display.cpp:1004 (initialize): ANGLE Display::initialize error 0: Internal Vulkan error (-3): Initialization of an object could not be completed for implementation-specific reasons, in ../../third_party/angle/src/libANGLE/renderer/vulkan/RendererVk.cpp, initialize:1430. [105:0824/122010.518866:ERROR:gl_display.cc(508)] EGL Driver message (Critical) eglInitialize: Internal Vulkan error (-3): Initialization of an object could not be completed for implementation-specific reasons, in ../../third_party/angle/src/libANGLE/renderer/vulkan/RendererVk.cpp, initialize:1430. [105:0824/122010.518890:ERROR:gl_display.cc(920)] eglInitialize SwANGLE failed with error EGL_NOT_INITIALIZED [105:0824/122010.518918:ERROR:gl_ozone_egl.cc(23)] GLDisplayEGL::Initialize failed. [105:0824/122010.519982:ERROR:viz_main_impl.cc(186)] Exiting GPU process due to errors during initialization [119:0824/122010.526249:ERROR:gpu_init.cc(523)] Passthrough is not supported, GL is disabled, ANGLE is 2023-08-24T10:20:10.680Z [Modules] No updates to install 2023-08-24T10:20:10.681Z [Modules] Host is up to date. 2023-08-24T10:20:10.682Z [Modules] Checking for module updates at https://discord.com/api/modules/stable/versions.json [37:0824/122010.701437:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /tmp/dbus-qaRt5EYGMt: No such file or directory [37:0824/122010.701471:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /tmp/dbus-qaRt5EYGMt: No such file or directory [37:0824/122010.701491:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /tmp/dbus-qaRt5EYGMt: No such file or directory 2023-08-24T10:20:11.048Z [Modules] No module updates available. [37:0824/122011.156690:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /tmp/dbus-qaRt5EYGMt: No such file or directory [37:0824/122011.160335:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /tmp/dbus-qaRt5EYGMt: No such file or directory Optional module ./ElectronTestRpc was not included. [37:0824/122011.168733:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /tmp/dbus-qaRt5EYGMt: No such file or directory [37:0824/122011.176766:ERROR:object_proxy.cc(623)] Failed to call method: org.freedesktop.DBus.NameHasOwner: object_path= /org/freedesktop/DBus: unknown error type: ``` </p> </details>

gitea-mirror closed this issue 2026-05-05 09:46:39 -06:00

gitea-mirror commented 2026-05-05 09:46:41 -06:00

Author

Owner

Copy link

@kmk3 commented on GitHub (Aug 24, 2023):

Discord 0.0.28 on Gentoo Linux is not showing notifications, while other
Electron apps are.

[...]

After comparing with signal-desktop (another Electron app, which does
display notifications), these directives also work:

dbus-user filter
dbus-user.talk org.freedesktop.Notifications

Makes sense to me.

Could you open a PR to add it to discord.profile?

<!-- gh-comment-id:1692312755 --> @kmk3 commented on GitHub (Aug 24, 2023): > Discord 0.0.28 on Gentoo Linux is not showing notifications, while other > Electron apps are. [...] > After comparing with `signal-desktop` (another Electron app, which does > display notifications), these directives also work: > > ``` > dbus-user filter > dbus-user.talk org.freedesktop.Notifications > ``` Makes sense to me. Could you open a PR to add it to discord.profile?

gitea-mirror commented 2026-05-05 09:46:41 -06:00

Author

Owner

Copy link

@ghost commented on GitHub (Aug 25, 2023):

dbus-user filter
dbus-user.talk org.freedesktop.Notifications

Makes sense to me.

To me it doesn't make sense. Our discord-common.profile already allows dbus (both user and system): 2ad255432b/etc/profile-a-l/discord-common.profile (L17-L18)

So to me that indeed points to private-tmp. @haarp You did mean both options as alternatives correct? Or did you combine them? Perhaps we're missing something here because we don't know what's in your {disable-common,disable-programs,discord,globals}.local files.

OT: @kmk3 What do you think of asking people to add any foo.local content if they use that to our issue template?

<!-- gh-comment-id:1692569394 --> @ghost commented on GitHub (Aug 25, 2023): > dbus-user filter dbus-user.talk org.freedesktop.Notifications > Makes sense to me. To me it doesn't make sense. Our discord-common.profile already allows dbus (both user and system): https://github.com/netblue30/firejail/blob/2ad255432b7d06fc3d047ba72e7d510d4270f7fd/etc/profile-a-l/discord-common.profile#L17-L18 So to me that indeed points to private-tmp. @haarp You did mean both options as `alternatives` correct? Or did you combine them? Perhaps we're missing something here because we don't know what's in your {disable-common,disable-programs,discord,globals}.local files. OT: @kmk3 What do you think of asking people to add any `foo.local` content if they use that to our `issue template`?

gitea-mirror commented 2026-05-05 09:46:42 -06:00

Author

Owner

Copy link

@haarp commented on GitHub (Aug 25, 2023):

@haarp You did mean both options as alternatives correct?

Correct, either of the two boxes work.

ignore dbus-user none

This one also is in signal-desktop.profile, so I assumed it goes along with dbus-user filter, dbus-user.talk.

we don't know what's in your {disable-common,disable-programs,discord,globals}.local files.

I checked those, but those shouldn't affect notifications. For completeness, here are their contents (now I realize I had duplicates, but that shouldnt matter)

# apps don't need to read this
blacklist ${HOME}/.xsession-errors*
blacklist ${HOME}/.cache/xsession-errors*

# DNS server can change, let's use a generic one (https://github.com/netblue30/firejail/issues/3649)
dns 1.1.1.1

blacklist ${HOME}/Private/lastpass
blacklist ${HOME}/Private/*.kdbx

blacklist ${HOME}/Private/*coin
blacklist ${HOME}/Private/ethereum*
noblacklist ${HOME}/Nextcloud

and discord.local is just the change mentioned in the OP post.

<!-- gh-comment-id:1692858645 --> @haarp commented on GitHub (Aug 25, 2023): > @haarp You did mean both options as `alternatives` correct? Correct, either of the two boxes work. > `ignore dbus-user none` This one also is in `signal-desktop.profile`, so I assumed it goes along with `dbus-user filter`, `dbus-user.talk`. > we don't know what's in your {disable-common,disable-programs,discord,globals}.local files. I checked those, but those shouldn't affect notifications. For completeness, here are their contents (now I realize I had duplicates, but that shouldnt matter) ``` # apps don't need to read this blacklist ${HOME}/.xsession-errors* blacklist ${HOME}/.cache/xsession-errors* # DNS server can change, let's use a generic one (https://github.com/netblue30/firejail/issues/3649) dns 1.1.1.1 ``` ``` blacklist ${HOME}/Private/lastpass blacklist ${HOME}/Private/*.kdbx ``` ``` blacklist ${HOME}/Private/*coin blacklist ${HOME}/Private/ethereum* noblacklist ${HOME}/Nextcloud ``` and `discord.local` is just the change mentioned in the OP post.

gitea-mirror commented 2026-05-05 09:46:43 -06:00

Author

Owner

Copy link

@ghost commented on GitHub (Aug 25, 2023):

@haarp Thanks for your detailed reply. Hardening dbus should be the way to go, cfr. https://github.com/netblue30/firejail/issues/5971#issuecomment-1692312755.

Realizing this goes beyond your issue, I was wondering if you could further test our discord profiles. I'm especially interested in any input you can provide relating to the rather unfortunate crippling we still have in discord-common.profile: 2ad255432b/etc/profile-a-l/discord-common.profile (L9-L18)

As you can see, besides the dbus options, there's more we could do to harden the discord sandbox considerably if someone could provide info on what works/what doesn't. Can take some time and effort obviously. But again, it's just a question now we have a line of communication with someone that actively uses discord :).

<!-- gh-comment-id:1692911381 --> @ghost commented on GitHub (Aug 25, 2023): @haarp Thanks for your detailed reply. Hardening dbus should be the way to go, cfr. https://github.com/netblue30/firejail/issues/5971#issuecomment-1692312755. Realizing this goes beyond your issue, I was wondering if you could further test our discord profiles. I'm especially interested in any input you can provide relating to the rather unfortunate crippling we still have in `discord-common.profile`: https://github.com/netblue30/firejail/blob/2ad255432b7d06fc3d047ba72e7d510d4270f7fd/etc/profile-a-l/discord-common.profile#L9-L18 As you can see, besides the dbus options, there's more we could do to harden the discord sandbox considerably if someone could provide info on what works/what doesn't. Can take some time and effort obviously. But again, it's just a question now we have a line of communication with someone that actively uses discord :).

gitea-mirror commented 2026-05-05 09:46:44 -06:00

Author

Owner

Copy link

@kmk3 commented on GitHub (Aug 25, 2023):

@glitsj16 on Aug 25:

dbus-user filter
dbus-user.talk org.freedesktop.Notifications

Makes sense to me.

To me it doesn't make sense. Our discord-common.profile already allows dbus
(both user and system):

2ad255432b/etc/profile-a-l/discord-common.profile (L17-L18)

So to me that indeed points to private-tmp.

If the dbus-user commands appear before private-tmp (which would be the
case in both discord*.local and discord-common.profile), then the dbus socket
in the real /tmp might be accessed before private-tmp goes into effect.

Maybe we could move the dbus commands before the private commands in the
template, to support the use-case of sockets in /tmp.

Though that might allow escaping private-tmp unless the socket is
whitelisted, I'm not sure.

Perhaps we're missing something here because we don't know what's in your
{disable-common,disable-programs,discord,globals}.local files.

OT: @kmk3 What do you think of asking people to add any foo.local content
if they use that to our issue template?

Yes.

<!-- gh-comment-id:1693460266 --> @kmk3 commented on GitHub (Aug 25, 2023): @glitsj16 [on Aug 25](https://github.com/netblue30/firejail/issues/5971#issuecomment-1692569394): > > dbus-user filter > > dbus-user.talk org.freedesktop.Notifications > > > Makes sense to me. > > To me it doesn't make sense. Our discord-common.profile already allows dbus > (both user and system): > > https://github.com/netblue30/firejail/blob/2ad255432b7d06fc3d047ba72e7d510d4270f7fd/etc/profile-a-l/discord-common.profile#L17-L18 > > So to me that indeed points to private-tmp. If the `dbus-user` commands appear before `private-tmp` (which would be the case in both `discord*.local` and discord-common.profile), then the dbus socket in the real /tmp might be accessed before `private-tmp` goes into effect. Maybe we could move the `dbus` commands before the `private` commands in the template, to support the use-case of sockets in /tmp. Though that might allow escaping `private-tmp` unless the socket is whitelisted, I'm not sure. > Perhaps we're missing something here because we don't know what's in your > {disable-common,disable-programs,discord,globals}.local files. > > OT: @kmk3 What do you think of asking people to add any `foo.local` content > if they use that to our `issue template`? Yes.

gitea-mirror commented 2026-05-05 09:46:45 -06:00

Author

Owner

Copy link

@kmk3 commented on GitHub (Aug 25, 2023):

@glitsj16 on Aug 25:

Realizing this goes beyond your issue, I was wondering if you could further
test our discord profiles. I'm especially interested in any input you can
provide relating to the rather unfortunate crippling we still have in
discord-common.profile:

2ad255432b/etc/profile-a-l/discord-common.profile (L9-L18)

Indeed; I suspect that it would work just fine when removing at least the
following entries (and including the dbus commands from the first post):

ignore disable-mnt 
ignore private-cache 
ignore dbus-system none 

<!-- gh-comment-id:1693469456 --> @kmk3 commented on GitHub (Aug 25, 2023): @glitsj16 [on Aug 25](https://github.com/netblue30/firejail/issues/5971#issuecomment-1692911381): > Realizing this goes beyond your issue, I was wondering if you could further > test our discord profiles. I'm especially interested in any input you can > provide relating to the rather unfortunate crippling we still have in > `discord-common.profile`: > > https://github.com/netblue30/firejail/blob/2ad255432b7d06fc3d047ba72e7d510d4270f7fd/etc/profile-a-l/discord-common.profile#L9-L18 Indeed; I suspect that it would work just fine when removing at least the following entries (and including the dbus commands from the first post): ``` ignore disable-mnt ignore private-cache ignore dbus-system none ```

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

serialize_remounts_v2

landlock_v4

landlock

release-0.9.64

release-0.9.62

gitlab_ci

LTSbase

fred_ctests

docs

0.9.80

0.9.80-rc1

0.9.78

0.9.76

0.9.76-rc4

0.9.76-rc3

0.9.76-rc2

0.9.76-rc1

0.9.74

landlock-split

0.9.72

0.9.72rc1

0.9.70

0.9.68

0.9.68rc1

0.9.66

0.9.66rc1

0.9.64.4

0.9.64.2

0.9.64

0.9.64rc1

0.9.62.4

0.9.62.2

0.9.62

0.9.56.2-LTS

0.9.60

0.9.60-rc1

0.9.58.2

0.9.58

0.9.58-rc1

0.9.56-LTS-release

0.9.56-LTS

0.9.56

0.9.56-rc1

0.9.54

0.9.54-rc2

0.9.54-rc1

0.9.52

0.9.38.12

0.9.50

0.9.50-rc1

0.9.48

0.9.46

0.9.46-rc1

0.9.44.10

0.9.44.8

0.9.44.6

0.9.38.10

0.9.44.4

0.9.38.8

0.9.44.2

0.9.44

0.9.44-rc1

0.9.38.4

0.9.42

0.9.42-rc2

0.9.38.2

0.9.42-rc1

disable-globalcfg

0.9.40

0.9.40-rc1

0.9.38

0.9.38-rc1

0.9.36

0.9.36-rc1

0.9.34

0.9.34-rc1

0.9.32

0.9.32-rc1

0.9.30

0.9.30-rc1

Labels

Clear labels   

LTS merge

  

LTS merge

  

bug

  

bug

  

converted-to-discussion

  

doc-todo

  

documentation

  

duplicate

  

enhancement

  

file-transfer

  

firecfg

  

firejail-in-firejail

  

firetools

  

graphics

  

help wanted

  

information_old

  

installation

  

invalid

  

modif

  

moved

  

needinfo

  

networking

  

notabug

  

notourbug

  

old-version

  

overlayfs

  

packaging

  

profile-request

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question_old

  

removal

  

runtime-permissions

  

sandbox-ipc

  

security

  

stale

  

wiki

  

wiki

  

wontfix

  

wordpress

  

workaround

No labels

LTS merge

LTS merge

bug

bug

converted-to-discussion

doc-todo

documentation

duplicate

enhancement

file-transfer

firecfg

firejail-in-firejail

firetools

graphics

help wanted

information_old

installation

invalid

modif

moved

needinfo

networking

notabug

notourbug

old-version

overlayfs

packaging

profile-request

pull-request

question

question_old

removal

runtime-permissions

sandbox-ipc

security

stale

wiki

wiki

wontfix

wordpress

workaround

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#3146

No description provided.