Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

discord: notifications are not shown #5971

Closed
4 of 6 tasks
haarp opened this issue Aug 24, 2023 · 6 comments · Fixed by #5978
Closed
4 of 6 tasks

discord: notifications are not shown #5971

haarp opened this issue Aug 24, 2023 · 6 comments · Fixed by #5978

Comments

@haarp
Copy link
Contributor

haarp commented Aug 24, 2023

Description

Discord 0.0.28 on Gentoo Linux is not showing notifications, while other Electron apps are.

# (discord:36): libnotify-WARNING **: 00:25:04.909: Failed to connect to proxy
# [36:0824/002504.909391:ERROR:libnotify_notification.cc(49)] notify_notification_show: domain=299 code=1 message="Could not connect: No such file or directory"
# [36:0824/002504.990190:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /tmp/dbus-qaRt5EYGMt: No such file or directory
# [36:0824/002504.990223:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /tmp/dbus-qaRt5EYGMt: No such file or directory

That points towards private-tmp in electron.global. It works if I add this to the discord profile:

ignore private-tmp

After comparing with signal-desktop (another Electron app, which does display notifications), these directives also work:

dbus-user filter
dbus-user.talk org.freedesktop.Notifications

Steps to Reproduce

Steps to reproduce the behavior

  1. Run firejail discord
  2. Observe Discord log. dbus complaints arrive even without messages being received

Expected behavior

Notifications :)

Actual behavior

No notifications :(

Behavior without a profile

I wouldn't dare running an Electron app without a sandbox :/

Additional context

Not sure if my environment has broken something to cause this issue.

Environment

  • Linux distribution: Gentoo Linux
  • Firejail version:0.9.72

Checklist

  • [~] The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it). (not checked, can't risk running without sandbox)
  • I can reproduce the issue without custom modifications (e.g. globals.local).
  • The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
  • The profile (and redirect profile if exists) hasn't already been fixed upstream.
  • I have performed a short search for similar issues (to avoid opening a duplicate).
    • I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.
  • I used --profile=PROFILENAME to set the right profile. (Only relevant for AppImages)

Log

Output of LC_ALL=C firejail /path/to/program

Reading profile /etc/firejail/discord.profile
Reading profile /home/haarp/.config/firejail/discord.local
Reading profile /home/haarp/.config/firejail/globals.local
Reading profile /etc/firejail/discord-common.profile
Reading profile /etc/firejail/electron.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /home/haarp/.config/firejail/disable-common.local
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /home/haarp/.config/firejail/disable-programs.local
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 1595927, child pid 1595928

DNS server 1.1.1.1

Warning: skipping Discord for private /opt
Private /opt installed in 377.23 ms
19 programs installed in 25.08 ms
Warning: skipping alternatives for private /etc
Warning: skipping crypto-policies for private /etc
Warning: skipping ld.so.preload for private /etc
Warning: skipping password for private /etc
Private /etc installed in 16.48 ms
Private /usr/etc installed in 0.00 ms
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Warning: not remounting /run/user/1000/gvfs
Child process initialized in 487.36 ms


Discord 0.0.28

[37:0824/122010.450853:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /tmp/dbus-qaRt5EYGMt: No such file or directory
[37:0824/122010.450928:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /tmp/dbus-qaRt5EYGMt: No such file or directory
[77:0824/122010.471853:ERROR:angle_platform_impl.cc(43)] Display.cpp:1004 (initialize): ANGLE Display::initialize error 0: Internal Vulkan error (-3): Initialization of an object could not be completed for implementation-specific reasons, in ../../third_party/angle/src/libANGLE/renderer/vulkan/RendererVk.cpp, initialize:1430.
ERR: Display.cpp:1004 (initialize): ANGLE Display::initialize error 0: Internal Vulkan error (-3): Initialization of an object could not be completed for implementation-specific reasons, in ../../third_party/angle/src/libANGLE/renderer/vulkan/RendererVk.cpp, initialize:1430.
[77:0824/122010.471931:ERROR:gl_display.cc(508)] EGL Driver message (Critical) eglInitialize: Internal Vulkan error (-3): Initialization of an object could not be completed for implementation-specific reasons, in ../../third_party/angle/src/libANGLE/renderer/vulkan/RendererVk.cpp, initialize:1430.
[77:0824/122010.471959:ERROR:gl_display.cc(920)] eglInitialize SwANGLE failed with error EGL_NOT_INITIALIZED
[77:0824/122010.471998:ERROR:gl_ozone_egl.cc(23)] GLDisplayEGL::Initialize failed.
[77:0824/122010.473146:ERROR:viz_main_impl.cc(186)] Exiting GPU process due to errors during initialization
[37:0824/122010.477303:ERROR:simple_backend_impl.cc(79)] Failed to create directory: /home/haarp/.config/discord/Code Cache/js
[37:0824/122010.477326:ERROR:simple_backend_impl.cc(79)] Failed to create directory: /home/haarp/.config/discord/Code Cache/wasm
[37:0824/122010.477393:ERROR:simple_backend_impl.cc(79)] Failed to create directory: /home/haarp/.config/discord/Code Cache/wasm
[37:0824/122010.477399:ERROR:simple_backend_impl.cc(738)] Simple Cache Backend: wrong file structure on disk: 1 path: /home/haarp/.config/discord/Code Cache/wasm
[37:0824/122010.477421:ERROR:simple_backend_impl.cc(79)] Failed to create directory: /home/haarp/.config/discord/Code Cache/js
[37:0824/122010.477434:ERROR:simple_backend_impl.cc(738)] Simple Cache Backend: wrong file structure on disk: 1 path: /home/haarp/.config/discord/Code Cache/js
[37:0824/122010.477499:ERROR:disk_cache.cc(205)] Unable to create cache
[37:0824/122010.477539:ERROR:disk_cache.cc(205)] Unable to create cache
Starting app.
Starting updater.
2023-08-24T10:20:10.482Z [Modules] Modules initializing
2023-08-24T10:20:10.482Z [Modules] Distribution: remote
2023-08-24T10:20:10.482Z [Modules] Host updates: disabled
2023-08-24T10:20:10.482Z [Modules] Module updates: enabled
2023-08-24T10:20:10.483Z [Modules] Module install path: /home/haarp/.config/discord/0.0.28/modules
2023-08-24T10:20:10.483Z [Modules] Module installed file path: /home/haarp/.config/discord/0.0.28/modules/installed.json
2023-08-24T10:20:10.483Z [Modules] Module download path: /home/haarp/.config/discord/0.0.28/modules/pending
[37:0824/122010.491740:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /tmp/dbus-qaRt5EYGMt: No such file or directory
[98:0824/122010.506438:ERROR:angle_platform_impl.cc(43)] Display.cpp:1004 (initialize): ANGLE Display::initialize error 0: Internal Vulkan error (-3): Initialization of an object could not be completed for implementation-specific reasons, in ../../third_party/angle/src/libANGLE/renderer/vulkan/RendererVk.cpp, initialize:1430.
ERR: Display.cpp:1004 (initialize): ANGLE Display::initialize error 0: Internal Vulkan error (-3): Initialization of an object could not be completed for implementation-specific reasons, in ../../third_party/angle/src/libANGLE/renderer/vulkan/RendererVk.cpp, initialize:1430.
[98:0824/122010.506516:ERROR:gl_display.cc(508)] EGL Driver message (Critical) eglInitialize: Internal Vulkan error (-3): Initialization of an object could not be completed for implementation-specific reasons, in ../../third_party/angle/src/libANGLE/renderer/vulkan/RendererVk.cpp, initialize:1430.
[98:0824/122010.506545:ERROR:gl_display.cc(920)] eglInitialize SwANGLE failed with error EGL_NOT_INITIALIZED
[98:0824/122010.506576:ERROR:gl_ozone_egl.cc(23)] GLDisplayEGL::Initialize failed.
[98:0824/122010.507528:ERROR:viz_main_impl.cc(186)] Exiting GPU process due to errors during initialization
[84:0824/122010.514277:ERROR:simple_backend_impl.cc(79)] Failed to create directory: /home/haarp/.config/discord/Cache/Cache_Data
[84:0824/122010.514439:ERROR:simple_backend_impl.cc(79)] Failed to create directory: /home/haarp/.config/discord/Cache/Cache_Data
[84:0824/122010.514454:ERROR:simple_backend_impl.cc(738)] Simple Cache Backend: wrong file structure on disk: 1 path: /home/haarp/.config/discord/Cache/Cache_Data
[84:0824/122010.514575:ERROR:disk_cache.cc(205)] Unable to create cache
[105:0824/122010.518805:ERROR:angle_platform_impl.cc(43)] Display.cpp:1004 (initialize): ANGLE Display::initialize error 0: Internal Vulkan error (-3): Initialization of an object could not be completed for implementation-specific reasons, in ../../third_party/angle/src/libANGLE/renderer/vulkan/RendererVk.cpp, initialize:1430.
ERR: Display.cpp:1004 (initialize): ANGLE Display::initialize error 0: Internal Vulkan error (-3): Initialization of an object could not be completed for implementation-specific reasons, in ../../third_party/angle/src/libANGLE/renderer/vulkan/RendererVk.cpp, initialize:1430.
[105:0824/122010.518866:ERROR:gl_display.cc(508)] EGL Driver message (Critical) eglInitialize: Internal Vulkan error (-3): Initialization of an object could not be completed for implementation-specific reasons, in ../../third_party/angle/src/libANGLE/renderer/vulkan/RendererVk.cpp, initialize:1430.
[105:0824/122010.518890:ERROR:gl_display.cc(920)] eglInitialize SwANGLE failed with error EGL_NOT_INITIALIZED
[105:0824/122010.518918:ERROR:gl_ozone_egl.cc(23)] GLDisplayEGL::Initialize failed.
[105:0824/122010.519982:ERROR:viz_main_impl.cc(186)] Exiting GPU process due to errors during initialization
[119:0824/122010.526249:ERROR:gpu_init.cc(523)] Passthrough is not supported, GL is disabled, ANGLE is
2023-08-24T10:20:10.680Z [Modules] No updates to install
2023-08-24T10:20:10.681Z [Modules] Host is up to date.
2023-08-24T10:20:10.682Z [Modules] Checking for module updates at https://discord.com/api/modules/stable/versions.json
[37:0824/122010.701437:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /tmp/dbus-qaRt5EYGMt: No such file or directory
[37:0824/122010.701471:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /tmp/dbus-qaRt5EYGMt: No such file or directory
[37:0824/122010.701491:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /tmp/dbus-qaRt5EYGMt: No such file or directory
2023-08-24T10:20:11.048Z [Modules] No module updates available.
[37:0824/122011.156690:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /tmp/dbus-qaRt5EYGMt: No such file or directory
[37:0824/122011.160335:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /tmp/dbus-qaRt5EYGMt: No such file or directory
Optional module ./ElectronTestRpc was not included.
[37:0824/122011.168733:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /tmp/dbus-qaRt5EYGMt: No such file or directory
[37:0824/122011.176766:ERROR:object_proxy.cc(623)] Failed to call method: org.freedesktop.DBus.NameHasOwner: object_path= /org/freedesktop/DBus: unknown error type:

@kmk3
Copy link
Collaborator

kmk3 commented Aug 24, 2023

Discord 0.0.28 on Gentoo Linux is not showing notifications, while other
Electron apps are.

[...]

After comparing with signal-desktop (another Electron app, which does
display notifications), these directives also work:

dbus-user filter
dbus-user.talk org.freedesktop.Notifications

Makes sense to me.

Could you open a PR to add it to discord.profile?

@glitsj16
Copy link
Collaborator

glitsj16 commented Aug 25, 2023

dbus-user filter
dbus-user.talk org.freedesktop.Notifications

Makes sense to me.

To me it doesn't make sense. Our discord-common.profile already allows dbus (both user and system):

ignore dbus-user none
ignore dbus-system none

So to me that indeed points to private-tmp. @haarp You did mean both options as alternatives correct? Or did you combine them? Perhaps we're missing something here because we don't know what's in your {disable-common,disable-programs,discord,globals}.local files.

OT: @kmk3 What do you think of asking people to add any foo.local content if they use that to our issue template?

@haarp
Copy link
Contributor Author

haarp commented Aug 25, 2023

@haarp You did mean both options as alternatives correct?

Correct, either of the two boxes work.

ignore dbus-user none

This one also is in signal-desktop.profile, so I assumed it goes along with dbus-user filter, dbus-user.talk.

we don't know what's in your {disable-common,disable-programs,discord,globals}.local files.

I checked those, but those shouldn't affect notifications. For completeness, here are their contents (now I realize I had duplicates, but that shouldnt matter)

# apps don't need to read this
blacklist ${HOME}/.xsession-errors*
blacklist ${HOME}/.cache/xsession-errors*

# DNS server can change, let's use a generic one (https://github.com/netblue30/firejail/issues/3649)
dns 1.1.1.1
blacklist ${HOME}/Private/lastpass
blacklist ${HOME}/Private/*.kdbx
blacklist ${HOME}/Private/*coin
blacklist ${HOME}/Private/ethereum*
noblacklist ${HOME}/Nextcloud

and discord.local is just the change mentioned in the OP post.

@glitsj16
Copy link
Collaborator

@haarp Thanks for your detailed reply. Hardening dbus should be the way to go, cfr. #5971 (comment).

Realizing this goes beyond your issue, I was wondering if you could further test our discord profiles. I'm especially interested in any input you can provide relating to the rather unfortunate crippling we still have in discord-common.profile:

# Disabled until someone reported positive feedback
ignore include disable-interpreters.inc
ignore include disable-xdg.inc
ignore include whitelist-runuser-common.inc
ignore include whitelist-usr-share-common.inc
ignore apparmor
ignore disable-mnt
ignore private-cache
ignore dbus-user none
ignore dbus-system none

As you can see, besides the dbus options, there's more we could do to harden the discord sandbox considerably if someone could provide info on what works/what doesn't. Can take some time and effort obviously. But again, it's just a question now we have a line of communication with someone that actively uses discord :).

@kmk3
Copy link
Collaborator

kmk3 commented Aug 25, 2023

@glitsj16 on Aug 25:

dbus-user filter
dbus-user.talk org.freedesktop.Notifications

Makes sense to me.

To me it doesn't make sense. Our discord-common.profile already allows dbus
(both user and system):

ignore dbus-user none
ignore dbus-system none

So to me that indeed points to private-tmp.

If the dbus-user commands appear before private-tmp (which would be the
case in both discord*.local and discord-common.profile), then the dbus socket
in the real /tmp might be accessed before private-tmp goes into effect.

Maybe we could move the dbus commands before the private commands in the
template, to support the use-case of sockets in /tmp.

Though that might allow escaping private-tmp unless the socket is
whitelisted, I'm not sure.

Perhaps we're missing something here because we don't know what's in your
{disable-common,disable-programs,discord,globals}.local files.

OT: @kmk3 What do you think of asking people to add any foo.local content
if they use that to our issue template?

Yes.

@kmk3
Copy link
Collaborator

kmk3 commented Aug 25, 2023

@glitsj16 on Aug 25:

Realizing this goes beyond your issue, I was wondering if you could further
test our discord profiles. I'm especially interested in any input you can
provide relating to the rather unfortunate crippling we still have in
discord-common.profile:

# Disabled until someone reported positive feedback
ignore include disable-interpreters.inc
ignore include disable-xdg.inc
ignore include whitelist-runuser-common.inc
ignore include whitelist-usr-share-common.inc
ignore apparmor
ignore disable-mnt
ignore private-cache
ignore dbus-user none
ignore dbus-system none

Indeed; I suspect that it would work just fine when removing at least the
following entries (and including the dbus commands from the first post):

ignore disable-mnt 
ignore private-cache 
ignore dbus-system none 

kmk3 pushed a commit to haarp/firejail that referenced this issue Aug 30, 2023
What works:
- Basic functionality
- Receiving notifications
- Voice communication
- Watching streams

What wasn't tested:
- Casting streams
- Opening links
- Tracking/displaying "current activity" as status message
- Apparmor

Notes:
- Discord tries to access system dbus (`[ERROR:bus.cc(399)] Failed to
  connect to the bus: Failed to connect to socket
  /run/firejail/mnt/dbus/system: Permission denied`). I don't know what
  business it has with the system dbus, and didn't notice any problems
  due to that.
- I had one crash after 2h of watching a stream. Probably unrelated.

Fixes netblue30#5971.
kmk3 pushed a commit to haarp/firejail that referenced this issue Sep 6, 2023
What works:
- Basic functionality
- Receiving notifications
- Voice communication
- Watching streams

What wasn't tested:
- Casting streams
- Opening links
- Tracking/displaying "current activity" as status message
- Apparmor

Notes:
- Discord tries to access system dbus (`[ERROR:bus.cc(399)] Failed to
  connect to the bus: Failed to connect to socket
  /run/firejail/mnt/dbus/system: Permission denied`). I don't know what
  business it has with the system dbus, and didn't notice any problems
  due to that.
- I had one crash after 2h of watching a stream. Probably unrelated.

Fixes netblue30#5971.
@kmk3 kmk3 closed this as completed in #5978 Sep 6, 2023
kmk3 pushed a commit that referenced this issue Sep 6, 2023
What works:
- Basic functionality
- Receiving notifications
- Voice communication
- Watching streams

What wasn't tested:
- Casting streams
- Opening links
- Tracking/displaying "current activity" as status message
- Apparmor

Notes:
- Discord tries to access system dbus (`[ERROR:bus.cc(399)] Failed to
  connect to the bus: Failed to connect to socket
  /run/firejail/mnt/dbus/system: Permission denied`). I don't know what
  business it has with the system dbus, and didn't notice any problems
  due to that.
- I had one crash after 2h of watching a stream. Probably unrelated.

Fixes #5971.
@kmk3 kmk3 changed the title Discord not showing notifications discord: notifications are not shown Sep 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants