[GH-ISSUE #6197] mpv: cannot open files via dolphin #3218

New issue

Open

opened 2026-05-05 09:49:48 -06:00 by gitea-mirror · 9 comments

gitea-mirror commented 2026-05-05 09:49:48 -06:00

Owner

Copy link

Originally created by @aardbol on GitHub (Feb 6, 2024).
Original GitHub issue: https://github.com/netblue30/firejail/issues/6197

Description

Opening videos in mpv via Dolphin doesn't work. mpv doesn't even start. But opening mpv and dragging and dropping the video from the same location works and the video will be played.

Steps to Reproduce

Browse to the folder. Open the video file and see that mpv won't start.

Run mpv video in terminal. In terminal error:
Error: cannot access profile file: globals.local

The behavior works in the Downloads folder though

Expected behavior

Video plays

Actual behavior

Nothing.

Behavior without a profile

Same behavior

Additional context

The folder containing video files has been whitelisted and set read-only.

Environment

Arch with latest firejail

Checklist

• The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it).
• I can reproduce the issue without custom modifications (e.g. globals.local).
• The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
• The profile (and redirect profile if exists) hasn't already been fixed upstream.
• I have performed a short search for similar issues (to avoid opening a duplicate).
  • I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.
• I used --profile=PROFILENAME to set the right profile. (Only relevant for AppImages)

Log

Output of LC_ALL=C firejail /path/to/program

Error: cannot access profile file: globals.local

Output of LC_ALL=C firejail --debug /path/to/program

output goes here

Originally created by @aardbol on GitHub (Feb 6, 2024). Original GitHub issue: https://github.com/netblue30/firejail/issues/6197 <!-- See the following links for help with formatting: https://guides.github.com/features/mastering-markdown/ https://docs.github.com/en/github/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax --> ### Description Opening videos in mpv via Dolphin doesn't work. mpv doesn't even start. But opening mpv and dragging and dropping the video from the same location works and the video will be played. ### Steps to Reproduce Browse to the folder. Open the video file and see that mpv won't start. Run mpv video in terminal. In terminal error: `Error: cannot access profile file: globals.local` The behavior works in the Downloads folder though ### Expected behavior Video plays ### Actual behavior Nothing. ### Behavior without a profile Same behavior ### Additional context The folder containing video files has been whitelisted and set read-only. ### Environment Arch with latest firejail ### Checklist <!-- Note: Items are checked with an "x", like so: - [x] This is a checked item. --> - [x] The issues is caused by firejail (i.e. running the program by path (e.g. `/usr/bin/vlc`) "fixes" it). - [x] I can reproduce the issue without custom modifications (e.g. globals.local). - [x] The program has a profile. (If not, request one in `https://github.com/netblue30/firejail/issues/1139`) - [x] The profile (and redirect profile if exists) hasn't already been fixed [upstream](https://github.com/netblue30/firejail/tree/master/etc). - [x] I have performed a short search for similar issues (to avoid opening a duplicate). - [x] I'm aware of `browser-allow-drm yes`/`browser-disable-u2f no` in `firejail.config` to allow DRM/U2F in browsers. - [x] I used `--profile=PROFILENAME` to set the right profile. (Only relevant for AppImages) ### Log <details> <summary>Output of <code>LC_ALL=C firejail /path/to/program</code></summary> <p> ``` Error: cannot access profile file: globals.local ``` </p> </details> <details> <summary>Output of <code>LC_ALL=C firejail --debug /path/to/program</code></summary> <p> <!-- If the output is too long to embed it into the comment, create a secret gist at https://gist.github.com/ and link it here. --> ``` output goes here ``` </p> </details>

gitea-mirror added the

needinfo

label 2026-05-05 09:49:48 -06:00

gitea-mirror commented 2026-05-05 09:49:50 -06:00

Author

Owner

Copy link

@ghost commented on GitHub (Feb 6, 2024):

Thanks for reporting. We'll need a bit more info on your setup though. Are you running Dolphin sandboxed? How does your mpv.desktop look like (either from /usr/share/applications or ~/.local/share/applications)? In other words, do you use firecfg at all?

The mpv profile doesn't include disable-xdg.inc, so it's unclear why your ~/Downloads folder is working while other paths under your user's /home aren't. Can you post that globals.local here please?

<!-- gh-comment-id:1929185852 --> @ghost commented on GitHub (Feb 6, 2024): Thanks for reporting. We'll need a bit more info on your setup though. Are you running Dolphin sandboxed? How does your mpv.desktop look like (either from /usr/share/applications or ~/.local/share/applications)? In other words, do you use firecfg at all? The mpv profile doesn't include disable-xdg.inc, so it's unclear why your ~/Downloads folder is working while other paths under your user's /home aren't. Can you post that globals.local here please?

gitea-mirror commented 2026-05-05 09:49:51 -06:00

Author

Owner

Copy link

@rusty-snake commented on GitHub (Feb 6, 2024):

Is this a "normal" filesystem or some kind of FUSE like a samba share?

Behavior without a profile
Same behavior

Impossible.

<!-- gh-comment-id:1930325638 --> @rusty-snake commented on GitHub (Feb 6, 2024): Is this a "normal" filesystem or some kind of FUSE like a samba share? > Behavior without a profile > Same behavior Impossible.

gitea-mirror commented 2026-05-05 09:49:52 -06:00

Author

Owner

Copy link

@aardbol commented on GitHub (Feb 7, 2024):

Is this a "normal" filesystem or some kind of FUSE like a samba share?

local FS yes. BTRFS to be specific.

Behavior without a profile
Same behavior

Impossible.

You're right, the problem is a bit different:

firejail --noprofile mpv op.mp4:

Parent pid 872710, child pid 872711
Child process initialized in 5.97 ms
Warning: an existing sandbox was detected. /usr/bin/mpv will run without any additional sandboxing features
[file] Cannot open file 'op.mp4': No such file or directory
Failed to open op.mp4.
Exiting... (Errors when loading file)

Parent is shutting down, bye...

<!-- gh-comment-id:1932139427 --> @aardbol commented on GitHub (Feb 7, 2024): > Is this a "normal" filesystem or some kind of FUSE like a samba share? local FS yes. BTRFS to be specific. > > > Behavior without a profile > > Same behavior > > Impossible. You're right, the problem is a bit different: ` firejail --noprofile mpv op.mp4`: ``` Parent pid 872710, child pid 872711 Child process initialized in 5.97 ms Warning: an existing sandbox was detected. /usr/bin/mpv will run without any additional sandboxing features [file] Cannot open file 'op.mp4': No such file or directory Failed to open op.mp4. Exiting... (Errors when loading file) Parent is shutting down, bye... ```

gitea-mirror commented 2026-05-05 09:49:53 -06:00

Author

Owner

Copy link

@aardbol commented on GitHub (Feb 7, 2024):

Thanks for reporting. We'll need a bit more info on your setup though. Are you running Dolphin sandboxed? How does your mpv.desktop look like (either from /usr/share/applications or ~/.local/share/applications)? In other words, do you use firecfg at all?

The mpv profile doesn't include disable-xdg.inc, so it's unclear why your ~/Downloads folder is working while other paths under your user's /home isn't. Can you post that globals.local here please?

Yes Dolphin is also sandboxes, via firecfg, no custom local config.

In /usr/share/applications:

[Desktop Entry]
Type=Application
Name=mpv Media Player
GenericName=Multimedia player
Comment=Play movies and songs
Icon=mpv
TryExec=mpv
Exec=mpv --player-operation-mode=pseudo-gui -- %U
Terminal=false
Categories=AudioVideo;Audio;Video;Player;TV;
MimeType=application/ogg;application/x-ogg;application/mxf;application/sdp;application/smil;application/x-smil;appl>
X-KDE-Protocols=ftp,http,https,mms,rtmp,rtsp,sftp,smb,srt,rist,webdav,webdavs
StartupWMClass=mpv

mpv.local:

private-bin env,mpv,python*,waf,youtube-dl,yt-dlp,ls

whitelist ${HOME}/.SiriKali
read-only ${HOME}/.SiriKali

whitelist ${HOME}/z_nobackup
read-only ${HOME}/z_nobackup

<!-- gh-comment-id:1932259156 --> @aardbol commented on GitHub (Feb 7, 2024): > Thanks for reporting. We'll need a bit more info on your setup though. Are you running Dolphin sandboxed? How does your mpv.desktop look like (either from /usr/share/applications or ~/.local/share/applications)? In other words, do you use firecfg at all? > > The mpv profile doesn't include disable-xdg.inc, so it's unclear why your ~/Downloads folder is working while other paths under your user's /home isn't. Can you post that globals.local here please? Yes Dolphin is also sandboxes, via `firecfg`, no custom local config. In `/usr/share/applications`: ``` [Desktop Entry] Type=Application Name=mpv Media Player GenericName=Multimedia player Comment=Play movies and songs Icon=mpv TryExec=mpv Exec=mpv --player-operation-mode=pseudo-gui -- %U Terminal=false Categories=AudioVideo;Audio;Video;Player;TV; MimeType=application/ogg;application/x-ogg;application/mxf;application/sdp;application/smil;application/x-smil;appl> X-KDE-Protocols=ftp,http,https,mms,rtmp,rtsp,sftp,smb,srt,rist,webdav,webdavs StartupWMClass=mpv ``` mpv.local: ``` private-bin env,mpv,python*,waf,youtube-dl,yt-dlp,ls whitelist ${HOME}/.SiriKali read-only ${HOME}/.SiriKali whitelist ${HOME}/z_nobackup read-only ${HOME}/z_nobackup ```

gitea-mirror commented 2026-05-05 09:49:54 -06:00

Author

Owner

Copy link

@ghost commented on GitHub (Feb 7, 2024):

$ firejail --noprofile mpv op.mp4
Warning: an existing sandbox was detected. /usr/bin/mpv will run without any additional sandboxing features

This is a common mistake. Always use the full path to the application's executable (in this case /usr/bin/mpv). If you don't, the command actually tries to execute firejail firejail mpv ..., which throws firejail into confusion. I'm not saying this is the cause of your issue, but it sure makes things much harder to debug.

Yes Dolphin is also sandboxes, via firecfg, no custom local config.

How exactly did you add dolphin to firecfg? It isn't in /etc/firejail/firecfg.config by default.

mpv.local
[...]
private-bin env,mpv,python*,waf,youtube-dl,yt-dlp,ls

Our mpv.profile already has private-bin env,mpv,python*,waf,youtube-dl,yt-dlp. If you want to add other binaries to it, just use private-bin ls in mpv.local. The private-bin option is cumulative.

Please make these changes and post output from

$ firejail --noprofile /usr/bin/mpv /full/path/to/op.mp4

<!-- gh-comment-id:1932511272 --> @ghost commented on GitHub (Feb 7, 2024): > $ firejail --noprofile mpv op.mp4 Warning: an existing sandbox was detected. /usr/bin/mpv will run without any additional sandboxing features This is a common mistake. Always use the full path to the application's executable (in this case /usr/bin/mpv). If you don't, the command actually tries to execute `firejail firejail mpv ...`, which throws firejail into confusion. I'm not saying this is the cause of your issue, but it sure makes things much harder to debug. > Yes Dolphin is also sandboxes, via firecfg, no custom local config. How exactly did you add dolphin to firecfg? It isn't in /etc/firejail/firecfg.config by default. > mpv.local [...] private-bin env,mpv,python*,waf,youtube-dl,yt-dlp,ls Our mpv.profile already has `private-bin env,mpv,python*,waf,youtube-dl,yt-dlp`. If you want to add other binaries to it, just use `private-bin ls` in mpv.local. The private-bin option is cumulative. Please make these changes and post output from ```console $ firejail --noprofile /usr/bin/mpv /full/path/to/op.mp4 ```

gitea-mirror commented 2026-05-05 09:49:55 -06:00

Author

Owner

Copy link

@aardbol commented on GitHub (Feb 8, 2024):

Yes Dolphin is also sandboxes, via firecfg, no custom local config.

How exactly did you add dolphin to firecfg? It isn't in /etc/firejail/firecfg.config by default.

Good eye, it's not sandboxed. I didn't know about that file.

Please make these changes and post output from

$ firejail --noprofile /usr/bin/mpv /full/path/to/op.mp4

Same problem as before if given the relative path of the video. Absolute path works.

<!-- gh-comment-id:1934746760 --> @aardbol commented on GitHub (Feb 8, 2024): > > Yes Dolphin is also sandboxes, via firecfg, no custom local config. > > How exactly did you add dolphin to firecfg? It isn't in /etc/firejail/firecfg.config by default. > Good eye, it's not sandboxed. I didn't know about that file. > > Please make these changes and post output from > > ``` > $ firejail --noprofile /usr/bin/mpv /full/path/to/op.mp4 > ``` Same problem as before if given the relative path of the video. Absolute path works.

gitea-mirror commented 2026-05-05 09:49:56 -06:00

Author

Owner

Copy link

@ghost commented on GitHub (Feb 8, 2024):

Same problem as before if it's the relative path. Absolute path works.

Out of ideas here. I'd check (the Exec=... line in) ~/.local/share/applications/mpv.desktop, but I assume you've already done so. And mimeapps.list (both in ~/.config & ~/.local/share/applications). Hopefully someone with actual KDE/Dolphin experience chimes in.

<!-- gh-comment-id:1935022646 --> @ghost commented on GitHub (Feb 8, 2024): > Same problem as before if it's the relative path. Absolute path works. Out of ideas here. I'd check (the Exec=... line in) ~/.local/share/applications/mpv.desktop, but I assume you've already done so. And `mimeapps.list` (both in ~/.config & ~/.local/share/applications). Hopefully someone with actual KDE/Dolphin experience chimes in.

gitea-mirror commented 2026-05-05 09:49:57 -06:00

Author

Owner

Copy link

@aardbol commented on GitHub (Mar 5, 2024):

I have the same issue with gwenview opening an image from a mounted cryptomator container. Path: /home/*/.local/share/Cryptomator. Disabling gwenview in firecfg makes it work again

<!-- gh-comment-id:1979555381 --> @aardbol commented on GitHub (Mar 5, 2024): I have the same issue with gwenview opening an image from a mounted cryptomator container. Path: `/home/*/.local/share/Cryptomator`. Disabling gwenview in firecfg makes it work again

gitea-mirror commented 2026-05-05 09:49:58 -06:00

Author

Owner

Copy link

@rashadgasimli commented on GitHub (May 17, 2024):

However, mpv can play videos and musics from /home/$USER/Videos and /home/$USER/Music and gwenview also can show images from /home/$USER/Pictures.

<!-- gh-comment-id:2118409518 --> @rashadgasimli commented on GitHub (May 17, 2024): However, mpv can play videos and musics from /home/$USER/Videos and /home/$USER/Music and gwenview also can show images from /home/$USER/Pictures.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

serialize_remounts_v2

landlock_v4

landlock

release-0.9.64

release-0.9.62

gitlab_ci

LTSbase

fred_ctests

docs

0.9.80

0.9.80-rc1

0.9.78

0.9.76

0.9.76-rc4

0.9.76-rc3

0.9.76-rc2

0.9.76-rc1

0.9.74

landlock-split

0.9.72

0.9.72rc1

0.9.70

0.9.68

0.9.68rc1

0.9.66

0.9.66rc1

0.9.64.4

0.9.64.2

0.9.64

0.9.64rc1

0.9.62.4

0.9.62.2

0.9.62

0.9.56.2-LTS

0.9.60

0.9.60-rc1

0.9.58.2

0.9.58

0.9.58-rc1

0.9.56-LTS-release

0.9.56-LTS

0.9.56

0.9.56-rc1

0.9.54

0.9.54-rc2

0.9.54-rc1

0.9.52

0.9.38.12

0.9.50

0.9.50-rc1

0.9.48

0.9.46

0.9.46-rc1

0.9.44.10

0.9.44.8

0.9.44.6

0.9.38.10

0.9.44.4

0.9.38.8

0.9.44.2

0.9.44

0.9.44-rc1

0.9.38.4

0.9.42

0.9.42-rc2

0.9.38.2

0.9.42-rc1

disable-globalcfg

0.9.40

0.9.40-rc1

0.9.38

0.9.38-rc1

0.9.36

0.9.36-rc1

0.9.34

0.9.34-rc1

0.9.32

0.9.32-rc1

0.9.30

0.9.30-rc1

Labels

Clear labels   

LTS merge

  

LTS merge

  

bug

  

bug

  

converted-to-discussion

  

doc-todo

  

documentation

  

duplicate

  

enhancement

  

file-transfer

  

firecfg

  

firejail-in-firejail

  

firetools

  

graphics

  

help wanted

  

information_old

  

installation

  

invalid

  

modif

  

moved

  

needinfo

  

networking

  

notabug

  

notourbug

  

old-version

  

overlayfs

  

packaging

  

profile-request

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question_old

  

removal

  

runtime-permissions

  

sandbox-ipc

  

security

  

stale

  

wiki

  

wiki

  

wontfix

  

wordpress

  

workaround

No labels

LTS merge

LTS merge

bug

bug

converted-to-discussion

doc-todo

documentation

duplicate

enhancement

file-transfer

firecfg

firejail-in-firejail

firetools

graphics

help wanted

information_old

installation

invalid

modif

moved

needinfo

networking

notabug

notourbug

old-version

overlayfs

packaging

profile-request

pull-request

question

question_old

removal

runtime-permissions

sandbox-ipc

security

stale

wiki

wiki

wontfix

wordpress

workaround

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#3218

No description provided.