[GH-ISSUE #6103] geary: crash when showing email contents

gitea-mirror commented

2026-05-05 09:48:12 -06:00

Owner

Originally created by @triallax on GitHub (Nov 24, 2023).
Original GitHub issue: https://github.com/netblue30/firejail/issues/6103

Description

Geary crashes when it tries to show an email's contents (at least that's the trigger as far as I can tell).

Steps to Reproduce

Run LC_ALL=C firejail /bin/geary
If the opened Geary window is large enough, it will crash almost instantly when it tries to show an email's contents, otherwise pressing on any email in the email list is sufficient to cause the crash as well

Expected behavior

Geary doesn't crash.

Actual behavior

Geary crashes.

Behavior without a profile

Nothing changes, the same crash happens.

Environment

Void Linux
Firejail version (firejail --version). firejail version 0.9.72

Checklist

The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it).
I can reproduce the issue without custom modifications (e.g. globals.local).
The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
The profile (and redirect profile if exists) hasn't already been fixed upstream.
I have performed a short search for similar issues (to avoid opening a duplicate).
- I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.
I used --profile=PROFILENAME to set the right profile. (Only relevant for AppImages)

Log

Output of LC_ALL=C firejail /bin/geary

Reading profile /etc/firejail/geary.profile
Reading profile /etc/firejail/allow-bin-sh.inc
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-shell.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-runuser-common.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 1900, child pid 1907
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Warning: skipping alternatives for private /etc
Warning: skipping crypto-policies for private /etc
Warning: skipping ld.so.preload for private /etc
Warning: skipping machine-id for private /etc
Warning: skipping mailcap for private /etc
Warning: skipping mime.types for private /etc
Private /etc installed in 42.25 ms
Private /usr/etc installed in 0.00 ms
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Child process initialized in 187.91 ms
*[wrn] 20:11:03.0600 dbind:AT-SPI: Error retrieving accessibility bus address: org.freedesktop.DBus.Error.ServiceUnknown: org.freedesktop.DBus.Error.ServiceUnknown
libEGL warning: wayland-egl: could not open /dev/dri/renderD128 (No such file or directory)
*[wrn] 20:11:03.0693 geary:application-certificate-manager.vala:71: No GCR store found, GCR certificate pinning unavailable
*[wrn] 20:11:03.0693 geary:application-certificate-manager.vala:75: GCR store is not RW, GCR certificate pinning unavailable
*[wrn] 20:11:03.0783 folks:backend-store.vala:435: Error preparing Backend 'telepathy': org.freedesktop.DBus.Error.ServiceUnknown
Could not determine the accessibility bus address
![err] 20:11:04.0389 [no domain]:Failed to start dbus proxy: Failed to spawn child process “/usr/bin/bwrap” (Permission denied)

Parent is shutting down, bye...

Output of LC_ALL=C firejail --debug /bin/geary

https://gist.github.com/mhmdanas/70568d0b47f8c0546ee4a13fff24aa10

Originally created by @triallax on GitHub (Nov 24, 2023). Original GitHub issue: https://github.com/netblue30/firejail/issues/6103 ### Description Geary crashes when it tries to show an email's contents (at least that's the trigger as far as I can tell). ### Steps to Reproduce 1. Run `LC_ALL=C firejail /bin/geary` 2. If the opened Geary window is large enough, it will crash almost instantly when it tries to show an email's contents, otherwise pressing on any email in the email list is sufficient to cause the crash as well ### Expected behavior Geary doesn't crash. ### Actual behavior Geary crashes. ### Behavior without a profile Nothing changes, the same crash happens. ### Environment - Void Linux - Firejail version (`firejail --version`). firejail version 0.9.72 ### Checklist  - [x] The issues is caused by firejail (i.e. running the program by path (e.g. `/usr/bin/vlc`) "fixes" it). - [x] I can reproduce the issue without custom modifications (e.g. globals.local). - [x] The program has a profile. (If not, request one in `https://github.com/netblue30/firejail/issues/1139`) - [x] The profile (and redirect profile if exists) hasn't already been fixed [upstream](https://github.com/netblue30/firejail/tree/master/etc). - [x] I have performed a short search for similar issues (to avoid opening a duplicate). - [x] I'm aware of `browser-allow-drm yes`/`browser-disable-u2f no` in `firejail.config` to allow DRM/U2F in browsers. - [ ] I used `--profile=PROFILENAME` to set the right profile. (Only relevant for AppImages) ### Log <details> <summary>Output of <code>LC_ALL=C firejail /bin/geary</code></summary> <p> ``` Reading profile /etc/firejail/geary.profile Reading profile /etc/firejail/allow-bin-sh.inc Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-shell.inc Reading profile /etc/firejail/disable-xdg.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-runuser-common.inc Reading profile /etc/firejail/whitelist-usr-share-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Parent pid 1900, child pid 1907 Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Warning: skipping alternatives for private /etc Warning: skipping crypto-policies for private /etc Warning: skipping ld.so.preload for private /etc Warning: skipping machine-id for private /etc Warning: skipping mailcap for private /etc Warning: skipping mime.types for private /etc Private /etc installed in 42.25 ms Private /usr/etc installed in 0.00 ms Warning: /sbin directory link was not blacklisted Warning: /usr/sbin directory link was not blacklisted Child process initialized in 187.91 ms *[wrn] 20:11:03.0600 dbind:AT-SPI: Error retrieving accessibility bus address: org.freedesktop.DBus.Error.ServiceUnknown: org.freedesktop.DBus.Error.ServiceUnknown libEGL warning: wayland-egl: could not open /dev/dri/renderD128 (No such file or directory) *[wrn] 20:11:03.0693 geary:application-certificate-manager.vala:71: No GCR store found, GCR certificate pinning unavailable *[wrn] 20:11:03.0693 geary:application-certificate-manager.vala:75: GCR store is not RW, GCR certificate pinning unavailable *[wrn] 20:11:03.0783 folks:backend-store.vala:435: Error preparing Backend 'telepathy': org.freedesktop.DBus.Error.ServiceUnknown Could not determine the accessibility bus address ![err] 20:11:04.0389 [no domain]:Failed to start dbus proxy: Failed to spawn child process “/usr/bin/bwrap” (Permission denied) Parent is shutting down, bye... ``` </p> </details> <details> <summary>Output of <code>LC_ALL=C firejail --debug /bin/geary</code></summary> <p>  https://gist.github.com/mhmdanas/70568d0b47f8c0546ee4a13fff24aa10 </p> </details>

gitea-mirror closed this issue

2026-05-05 09:48:13 -06:00

gitea-mirror commented

2026-05-05 09:48:15 -06:00

Author

Owner

@rusty-snake commented on GitHub (Nov 24, 2023):

Behavior without a profile
Nothing changes, the same crash happens.

Try with --profile=noprofile.

@rusty-snake commented on GitHub (Nov 24, 2023): > Behavior without a profile > Nothing changes, the same crash happens. Try with `--profile=noprofile`.

gitea-mirror commented

2026-05-05 09:48:15 -06:00

Author

Owner

@triallax commented on GitHub (Nov 24, 2023):

Sorry, I messed up the comment body, I did test with firejail --profile=noprofile and the crash also happened.

@triallax commented on GitHub (Nov 24, 2023): Sorry, I messed up the comment body, I did test with `firejail --profile=noprofile` and the crash also happened.

gitea-mirror commented

2026-05-05 09:48:16 -06:00

Author

Owner

@triallax commented on GitHub (Nov 24, 2023):

Never mind my last comment, I just tested again and it seems like Geary hangs with --profile=noprofile when it tries to show an email's contents.

@triallax commented on GitHub (Nov 24, 2023): Never mind my last comment, I just tested again and it seems like Geary hangs with `--profile=noprofile` when it tries to show an email's contents.

gitea-mirror commented

2026-05-05 09:48:16 -06:00

Author

Owner

@ghost commented on GitHub (Nov 25, 2023):

Thanks for reporting.

![err] 20:11:04.0389 [no domain]:Failed to start dbus proxy: Failed to spawn child process “/usr/bin/bwrap” (Permission denied)

bwrap is blacklisted in disable-common.inc:

d91d430fb9/etc/inc/disable-common.inc (L657-L658)

You can try adding noblacklist ${PATH}/bwrap in a geary.local. But you might have hit another incompatibility between firejail and bubblewrap cfr. https://github.com/netblue30/firejail/issues/2995.

@ghost commented on GitHub (Nov 25, 2023): Thanks for reporting. > ![err] 20:11:04.0389 [no domain]:Failed to start dbus proxy: Failed to spawn child process “/usr/bin/bwrap” (Permission denied) bwrap is blacklisted in disable-common.inc: https://github.com/netblue30/firejail/blob/d91d430fb992bbb2187d8fc489812058eccc2745/etc/inc/disable-common.inc#L657-L658 You can try adding `noblacklist ${PATH}/bwrap` in a `geary.local`. But you might have hit another incompatibility between firejail and bubblewrap cfr. https://github.com/netblue30/firejail/issues/2995.

gitea-mirror commented

2026-05-05 09:48:16 -06:00

Author

Owner

@rusty-snake commented on GitHub (Nov 25, 2023):

That's the answer. We should remove it from firecfg for now.

@rusty-snake commented on GitHub (Nov 25, 2023): That's the answer. We should remove it from firecfg for now.

gitea-mirror commented

2026-05-05 09:48:17 -06:00

Author

Owner

@ghost commented on GitHub (Nov 30, 2023):

That's the answer. We should remove it from firecfg for now.

Agreed. There are probably more apps affected by webkit2gtk 4.x using bubblewrap (cfr. #3647).
According to 'required by' info available here these need to be checked:

devhelp
geary
lutris (not in firecfg)
marker
nyxt (see https://github.com/netblue30/firejail/issues/1139#issuecomment-1833379156)
shotwell
sushi
xreader
yelp

@ghost commented on GitHub (Nov 30, 2023): > That's the answer. We should remove it from firecfg for now. Agreed. There are probably more apps affected by `webkit2gtk 4.x` using `bubblewrap` (cfr. #3647). According to 'required by' info available [here](https://archlinux.org/packages/extra/x86_64/webkit2gtk-4.1/) these need to be checked: - devhelp - geary - lutris (not in firecfg) - marker - nyxt (see https://github.com/netblue30/firejail/issues/1139#issuecomment-1833379156) - shotwell - sushi - xreader - yelp

gitea-mirror referenced this issue

2026-05-05 10:24:35 -06:00

[PR #3183] [CLOSED] fix test catchsignal-master.sh #4677