-
Notifications
You must be signed in to change notification settings - Fork 569
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
discord: notifications are not shown #5971
Comments
[...]
Makes sense to me. Could you open a PR to add it to discord.profile? |
To me it doesn't make sense. Our discord-common.profile already allows dbus (both user and system): firejail/etc/profile-a-l/discord-common.profile Lines 17 to 18 in 2ad2554
So to me that indeed points to private-tmp. @haarp You did mean both options as OT: @kmk3 What do you think of asking people to add any |
Correct, either of the two boxes work.
This one also is in
I checked those, but those shouldn't affect notifications. For completeness, here are their contents (now I realize I had duplicates, but that shouldnt matter)
and |
@haarp Thanks for your detailed reply. Hardening dbus should be the way to go, cfr. #5971 (comment). Realizing this goes beyond your issue, I was wondering if you could further test our discord profiles. I'm especially interested in any input you can provide relating to the rather unfortunate crippling we still have in firejail/etc/profile-a-l/discord-common.profile Lines 9 to 18 in 2ad2554
As you can see, besides the dbus options, there's more we could do to harden the discord sandbox considerably if someone could provide info on what works/what doesn't. Can take some time and effort obviously. But again, it's just a question now we have a line of communication with someone that actively uses discord :). |
If the Maybe we could move the Though that might allow escaping
Yes. |
Indeed; I suspect that it would work just fine when removing at least the
|
What works: - Basic functionality - Receiving notifications - Voice communication - Watching streams What wasn't tested: - Casting streams - Opening links - Tracking/displaying "current activity" as status message - Apparmor Notes: - Discord tries to access system dbus (`[ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied`). I don't know what business it has with the system dbus, and didn't notice any problems due to that. - I had one crash after 2h of watching a stream. Probably unrelated. Fixes netblue30#5971.
What works: - Basic functionality - Receiving notifications - Voice communication - Watching streams What wasn't tested: - Casting streams - Opening links - Tracking/displaying "current activity" as status message - Apparmor Notes: - Discord tries to access system dbus (`[ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied`). I don't know what business it has with the system dbus, and didn't notice any problems due to that. - I had one crash after 2h of watching a stream. Probably unrelated. Fixes netblue30#5971.
What works: - Basic functionality - Receiving notifications - Voice communication - Watching streams What wasn't tested: - Casting streams - Opening links - Tracking/displaying "current activity" as status message - Apparmor Notes: - Discord tries to access system dbus (`[ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied`). I don't know what business it has with the system dbus, and didn't notice any problems due to that. - I had one crash after 2h of watching a stream. Probably unrelated. Fixes #5971.
Description
Discord 0.0.28 on Gentoo Linux is not showing notifications, while other Electron apps are.
That points towards
private-tmp
inelectron.global
. It works if I add this to the discord profile:After comparing with
signal-desktop
(another Electron app, which does display notifications), these directives also work:Steps to Reproduce
Steps to reproduce the behavior
firejail discord
Expected behavior
Notifications :)
Actual behavior
No notifications :(
Behavior without a profile
I wouldn't dare running an Electron app without a sandbox :/
Additional context
Not sure if my environment has broken something to cause this issue.
Environment
Checklist
/usr/bin/vlc
) "fixes" it). (not checked, can't risk running without sandbox)https://github.com/netblue30/firejail/issues/1139
)browser-allow-drm yes
/browser-disable-u2f no
infirejail.config
to allow DRM/U2F in browsers.--profile=PROFILENAME
to set the right profile. (Only relevant for AppImages)Log
Output of
LC_ALL=C firejail /path/to/program
The text was updated successfully, but these errors were encountered: