github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #6544] anki: program fails to open because it requires mpv #3298

New issue

Closed

opened 2026-05-05 09:53:57 -06:00 by gitea-mirror · 3 comments

gitea-mirror commented

2026-05-05 09:53:57 -06:00

Owner

Originally created by @haplo on GitHub (Nov 12, 2024).
Original GitHub issue: https://github.com/netblue30/firejail/issues/6544

Description

Running anki with firejail breaks because it requires mpv.

Notice that anki is missing in firecfg.config.

Steps to Reproduce

Install anki
firejail anki
Error window shows

Expected behavior

Anki UI opens and it works.

Actual behavior

Error window.

Behavior without a profile

It works.

Additional context

This error probably only happens when mpv is installed.

Environment

Name/version/arch of the Linux kernel (uname -srm): Linux 6.11.6-arch1-1 x86_64
Name/version of the Linux distribution (e.g. "Ubuntu 20.04" or "Arch Linux"): Arch Linux
Version of Firejail (firejail --version): 0.9.72

Checklist

The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it).
I can reproduce the issue without custom modifications (e.g. globals.local).
The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
The profile (and redirect profile if exists) hasn't already been fixed upstream.
I have performed a short search for similar issues (to avoid opening a duplicate).

Log

Output of LC_ALL=C firejail /usr/bin/anki

Reading profile /etc/firejail/anki.profile
Reading profile /home/fidel/.config/firejail/globals.local
Reading profile /etc/firejail/allow-python2.inc
Reading profile /etc/firejail/allow-python3.inc
Reading profile /etc/firejail/disable-common.inc
Reading profile /home/fidel/.config/firejail/disable-common.local
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /home/fidel/.config/firejail/disable-programs.local
Reading profile /etc/firejail/disable-shell.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
Parent pid 93684, child pid 93685
49 programs installed in 32.20 ms
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Warning: skipping alternatives for private /etc
Warning: skipping ld.so.preload for private /etc
Warning: skipping Trolltech.conf for private /etc
Private /etc installed in 25.47 ms
Private /usr/etc installed in 0.00 ms
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Warning: not remounting /run/user/1000/doc
Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
Child process initialized in 120.30 ms
Preparing to run...
Qt warning: QGuiApplication::setDesktopFileName: the specified desktop file name ends with .desktop. For compatibility reasons, the .desktop suffix will be removed. Please specify a desktop file name without .desktop suffix
libEGL warning: wayland-egl: could not open /dev/dri/renderD128 (No such file or directory)
2024-11-13 09:21:19,282:INFO:aqt.mediasrv: Serving on http://127.0.0.1:37933
[64:138:1113/092119.477461:ERROR:address_tracker_linux.cc(207)] Could not create NETLINK socket: Operation not supported (95)
[64:134:1113/092119.484201:ERROR:udev_watcher.cc(51)] Failed to initialize a udev monitor.
todo: windows paths in import screen
Starting main loop...
Traceback (most recent call last):
File "/usr/lib/python3.12/site-packages/aqt/progress.py", line 119, in handler
func()
File "/usr/lib/python3.12/site-packages/aqt/main.py", line 219, in on_window_init
fn()
File "/usr/lib/python3.12/site-packages/aqt/main.py", line 318, in setupProfile
self.loadProfile()
File "/usr/lib/python3.12/site-packages/aqt/main.py", line 478, in loadProfile
self.setup_sound()
File "/usr/lib/python3.12/site-packages/aqt/main.py", line 589, in setup_sound
aqt.sound.setup_audio(self.taskman, self.pm.base, self.col.media.dir())
File "/usr/lib/python3.12/site-packages/aqt/sound.py", line 854, in setup_audio
mpvManager = MpvManager(base_folder, media_folder)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.12/site-packages/aqt/sound.py", line 408, in __init__
super().__init__(window_id=None, debug=False)
File "/usr/lib/python3.12/site-packages/aqt/mpv.py", line 442, in __init__
super().__init__(*args, **kwargs)
File "/usr/lib/python3.12/site-packages/aqt/mpv.py", line 103, in __init__
self._start_process()
File "/usr/lib/python3.12/site-packages/aqt/mpv.py", line 129, in _start_process
self._proc = subprocess.Popen(self.argv, env=self.popenEnv)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.12/subprocess.py", line 1026, in __init__
self._execute_child(args, executable, preexec_fn, close_fds,
File "/usr/lib/python3.12/subprocess.py", line 1955, in _execute_child
raise child_exception_type(errno_num, err_msg, err_filename)
PermissionError: [Errno 13] Permission denied: 'mpv'

Exception ignored in atexit callbackException ignored in sys.unraisablehook
Parent is shutting down, bye...

Gist to debug log

Originally created by @haplo on GitHub (Nov 12, 2024). Original GitHub issue: https://github.com/netblue30/firejail/issues/6544 ### Description Running [anki](https://apps.ankiweb.net/) with firejail breaks because it requires mpv. ![image](https://github.com/user-attachments/assets/9da250bd-9d9a-4850-b403-df5d84884901) Notice that anki is missing in `firecfg.config`. ### Steps to Reproduce 1. Install anki 2. `firejail anki` 3. Error window shows ### Expected behavior Anki UI opens and it works. ### Actual behavior Error window. ### Behavior without a profile It works. ### Additional context This error probably only happens when mpv is installed. ### Environment - Name/version/arch of the Linux kernel (`uname -srm`): Linux 6.11.6-arch1-1 x86_64 - Name/version of the Linux distribution (e.g. "Ubuntu 20.04" or "Arch Linux"): Arch Linux - Version of Firejail (`firejail --version`): 0.9.72 ### Checklist - [x] The issues is caused by firejail (i.e. running the program by path (e.g. `/usr/bin/vlc`) "fixes" it). - [x] I can reproduce the issue without custom modifications (e.g. globals.local). - [x] The program has a profile. (If not, request one in `https://github.com/netblue30/firejail/issues/1139`) - [x] The profile (and redirect profile if exists) hasn't already been fixed [upstream](https://github.com/netblue30/firejail/blob/master/etc/profile-a-l/anki.profile). - [x] I have performed a short search for similar issues (to avoid opening a duplicate). ### Log <details> <summary>Output of <code>LC_ALL=C firejail /usr/bin/anki</code></summary> <p> ``` Reading profile /etc/firejail/anki.profile Reading profile /home/fidel/.config/firejail/globals.local Reading profile /etc/firejail/allow-python2.inc Reading profile /etc/firejail/allow-python3.inc Reading profile /etc/firejail/disable-common.inc Reading profile /home/fidel/.config/firejail/disable-common.local Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /home/fidel/.config/firejail/disable-programs.local Reading profile /etc/firejail/disable-shell.inc Reading profile /etc/firejail/disable-xdg.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Seccomp list in: !chroot, check list: @default-keep, prelist: unknown, Parent pid 93684, child pid 93685 49 programs installed in 32.20 ms Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Warning: skipping alternatives for private /etc Warning: skipping ld.so.preload for private /etc Warning: skipping Trolltech.conf for private /etc Private /etc installed in 25.47 ms Private /usr/etc installed in 0.00 ms Warning: /sbin directory link was not blacklisted Warning: /usr/sbin directory link was not blacklisted Warning: not remounting /run/user/1000/doc Seccomp list in: !chroot, check list: @default-keep, prelist: unknown, Child process initialized in 120.30 ms Preparing to run... Qt warning: QGuiApplication::setDesktopFileName: the specified desktop file name ends with .desktop. For compatibility reasons, the .desktop suffix will be removed. Please specify a desktop file name without .desktop suffix libEGL warning: wayland-egl: could not open /dev/dri/renderD128 (No such file or directory) 2024-11-13 09:21:19,282:INFO:aqt.mediasrv: Serving on http://127.0.0.1:37933 [64:138:1113/092119.477461:ERROR:address_tracker_linux.cc(207)] Could not create NETLINK socket: Operation not supported (95) [64:134:1113/092119.484201:ERROR:udev_watcher.cc(51)] Failed to initialize a udev monitor. todo: windows paths in import screen Starting main loop... Traceback (most recent call last): File "/usr/lib/python3.12/site-packages/aqt/progress.py", line 119, in handler func() File "/usr/lib/python3.12/site-packages/aqt/main.py", line 219, in on_window_init fn() File "/usr/lib/python3.12/site-packages/aqt/main.py", line 318, in setupProfile self.loadProfile() File "/usr/lib/python3.12/site-packages/aqt/main.py", line 478, in loadProfile self.setup_sound() File "/usr/lib/python3.12/site-packages/aqt/main.py", line 589, in setup_sound aqt.sound.setup_audio(self.taskman, self.pm.base, self.col.media.dir()) File "/usr/lib/python3.12/site-packages/aqt/sound.py", line 854, in setup_audio mpvManager = MpvManager(base_folder, media_folder) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.12/site-packages/aqt/sound.py", line 408, in __init__ super().__init__(window_id=None, debug=False) File "/usr/lib/python3.12/site-packages/aqt/mpv.py", line 442, in __init__ super().__init__(*args, **kwargs) File "/usr/lib/python3.12/site-packages/aqt/mpv.py", line 103, in __init__ self._start_process() File "/usr/lib/python3.12/site-packages/aqt/mpv.py", line 129, in _start_process self._proc = subprocess.Popen(self.argv, env=self.popenEnv) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.12/subprocess.py", line 1026, in __init__ self._execute_child(args, executable, preexec_fn, close_fds, File "/usr/lib/python3.12/subprocess.py", line 1955, in _execute_child raise child_exception_type(errno_num, err_msg, err_filename) PermissionError: [Errno 13] Permission denied: 'mpv' Exception ignored in atexit callbackException ignored in sys.unraisablehook Parent is shutting down, bye... ``` </p> </details> [Gist to debug log](https://gist.github.com/haplo/ff6fa038f651970168f6dda489723751)

gitea-mirror

2026-05-05 09:53:57 -06:00

closed this issue
added the
bug
label

gitea-mirror commented

2026-05-05 09:54:00 -06:00

Author

Owner

@haplo commented on GitHub (Nov 13, 2024):

BTW the fix at #6545 is only the minimum to allow anki to start, but it still fails to record or play media. To fix the latter this is needed in anki.local:

# required by mpv
include allow-lua.inc

# Required to record and play sound
ignore nosound

@kmk3 Should this be in the main anki.profile? Or commented out with pointers to the user to add to anki.local if media playing/recording is desired?

@haplo commented on GitHub (Nov 13, 2024): BTW the fix at #6545 is only the minimum to allow anki to start, but it still fails to record or play media. To fix the latter this is needed in `anki.local`: ``` # required by mpv include allow-lua.inc # Required to record and play sound ignore nosound ``` @kmk3 Should this be in the main `anki.profile`? Or commented out with pointers to the user to add to `anki.local` if media playing/recording is desired?

gitea-mirror commented

2026-05-05 09:54:00 -06:00

Author

Owner

@kmk3 commented on GitHub (Nov 13, 2024):

BTW the fix at #6545 is only the minimum to allow anki to start, but it still
fails to record or play media. To fix the latter this is needed in
anki.local:
# required by mpv
include allow-lua.inc

# Required to record and play sound
ignore nosound
@kmk3 Should this be in the main anki.profile? Or commented out with
pointers to the user to add to anki.local if media playing/recording is
desired?

I'm not familiar with anki, but if playing/recording media is a common use case
then I think it would make sense to enable these lines by default.

By the way, does it use mpv to play just sound or also videos?

@kmk3 commented on GitHub (Nov 13, 2024): > BTW the fix at #6545 is only the minimum to allow anki to start, but it still > fails to record or play media. To fix the latter this is needed in > `anki.local`: > > ``` > # required by mpv > include allow-lua.inc > > # Required to record and play sound > ignore nosound > ``` > > @kmk3 Should this be in the main `anki.profile`? Or commented out with > pointers to the user to add to `anki.local` if media playing/recording is > desired? I'm not familiar with anki, but if playing/recording media is a common use case then I think it would make sense to enable these lines by default. By the way, does it use mpv to play just sound or also videos?

gitea-mirror commented

2026-05-05 09:54:01 -06:00

Author

Owner

@haplo commented on GitHub (Nov 14, 2024):

I'm not familiar with anki, but if playing/recording media is a common use case then I think it would make sense to enable these lines by default.

It depends on the user, some will use media and others only text. But those expecting media to just work might be puzzled, as there is no error message in the UI when it fails to play, although there is one when it fails to record ('no microphone found").

I will add to the PR to enable these by default, with a comment on how to disable in anki.local for those users who don't need it.

By the way, does it use mpv to play just sound or also videos?

Both.

@haplo commented on GitHub (Nov 14, 2024): > I'm not familiar with anki, but if playing/recording media is a common use case then I think it would make sense to enable these lines by default. It depends on the user, some will use media and others only text. But those expecting media to just work might be puzzled, as there is no error message in the UI when it fails to play, although there is one when it fails to record ('no microphone found"). I will add to the PR to enable these by default, with a comment on how to disable in `anki.local` for those users who don't need it. > By the way, does it use mpv to play just sound or also videos? Both.

gitea-mirror referenced this issue

2026-05-05 10:25:15 -06:00

[PR #3298] [MERGED] fsec-print: print address of BPF_JA jump in hex #4713

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#3298

No description provided.

Rows
Columns