No keyboard input without --nodbus parameter in chromium-based browsers and thunderbird #5756
Replies: 6 comments
-
In general Note that Lines 277 to 280 in b2fa859 I'm not familiar with OpenSUSE's packaging of firejail, but I wonder if you have |
Beta Was this translation helpful? Give feedback.
-
|
There are known issues with ibus setup bit ENOENT is a New error to me. As @glitsj16 said nodbus makes the Sandbox more strict. There are UX reasons against it but not security reasons. |
Beta Was this translation helpful? Give feedback.
-
|
Thank you for the replies, glitsj16 and rusty-snake. If the change makes the sandbox more strict, I'll regard the issue as solved and leave well enough alone. I do have xdg-dbus-proxy installed. I changed --nodbus to --dbus-user=none in the related script files, and everything still works. |
Beta Was this translation helpful? Give feedback.
-
Note that we do not maintain that version of firejail: Versions other than the latest usually have outdated profiles and may contain See also: (Offtopic) Please see the following links for how to format code blocks in markdown: |
Beta Was this translation helpful? Give feedback.
-
|
Can't we keep nodbus as an alias of these other options ? It is shorter to write and remember. |
Beta Was this translation helpful? Give feedback.
-
It's indeed shorter. I don't think anyone actually wanted to remove --nodbus. Deprecation was a side-effect of the xdg-dbus-proxy integration, which was/is a big plus for finegrained D-Bus control. Profiles no longer reference it, but the actual code-support is still intact. And AFAICT it isn't slated for removal in any document I could find in our repo. For the time being I think you can retain muscle-memory and save some of those braincell-cycles ;) |
Beta Was this translation helpful? Give feedback.
-
This problem appeared with this morning's upgrade (or 'dup') to the openSUSE Tumbleweed 20230324 snapshot and firejail version 0.9.70.
The mouse works, but I have no keyboard input when running Chromium, Brave, Opera or Thunderbird in firejail.
`Reading profile /etc/firejail/brave-browser-stable.profile
Reading profile /etc/firejail/brave.profile
Reading profile /etc/firejail/chromium-common.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-run-common.inc
Reading profile /etc/firejail/whitelist-runuser-common.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 17612, child pid 17613
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Warning: NVIDIA card detected, nogroups command ignored
Warning: NVIDIA card detected, nogroups command ignored
Warning: NVIDIA card detected, nogroups command ignored
Warning: NVIDIA card detected, nogroups command ignored
Warning: NVIDIA card detected, nogroups command ignored
Child process initialized in 123.48 ms
[12:32:0326/105403.924530:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied
[12:42:0326/105404.546018:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied
[12:42:0326/105404.546046:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied
libva error: vaGetDriverNameByIndex() failed with unknown libva error, driver_name = (null)
[12:12:0326/105404.901162:ERROR:object_proxy.cc(623)] Failed to call method: org.kde.KWallet.isEnabled: object_path= /modules/kwalletd5: org.freedesktop.DBus.Error.NoReply: Message recipient disconnected from message bus without replying
[12:12:0326/105404.901184:ERROR:kwallet_dbus.cc(100)] Error contacting kwalletd5 (isEnabled)
[12:12:0326/105404.901588:ERROR:object_proxy.cc(623)] Failed to call method: org.kde.KLauncher.start_service_by_desktop_name: object_path= /KLauncher: org.freedesktop.DBus.Error.ServiceUnknown: The name org.kde.klauncher was not provided by any .service files
[12:12:0326/105404.901595:ERROR:kwallet_dbus.cc(72)] Error contacting klauncher to start kwalletd5
[12:12:0326/105405.180488:ERROR:object_proxy.cc(623)] Failed to call method: org.kde.KWallet.close: object_path= /modules/kwalletd5: org.freedesktop.DBus.Error.NoReply: Message recipient disconnected from message bus without replying
[12:12:0326/105405.180501:ERROR:kwallet_dbus.cc(418)] Error contacting kwalletd5 (close)
[12:133:0326/105405.506037:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied
[12:133:0326/105405.506073:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied
[12:133:0326/105405.506117:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied
[12:133:0326/105405.506146:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied
[12:133:0326/105405.506203:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/firejail/mnt/dbus/system: Permission denied
(brave:12): IBUS-WARNING **: 10:54:05.655: Unable to connect to ibus: Could not connect: No such file or directory
`
If I add the "--nodbus" parameter -- as in firejail --nodbus brave-browser-stable -- everything works properly in the three mentioned browsers and in Thunderbird.
Is there a disadvantage to using the --nodbus parameter? If not, can I leave the parameter in the related script files and regard the problem as fixed?
Beta Was this translation helpful? Give feedback.
All reactions