-
Notifications
You must be signed in to change notification settings - Fork 573
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
spectacle: cannot take screenshots (KDE Wayland) #5127
Comments
Can you create an empty |
I'm closing here due to inactivity, please fell free to request to reopen if you still have this issue. |
Is this related to https://bugs.kde.org/show_bug.cgi?id=446628 ? |
Could be. |
I think it is related because if I run |
From #5245: spectacle does not even work with $ cat ~/.config/firejail/spectacle.profile
include noprofile.profile |
Somebody needs to investigate how the Wayland implementations works and what is breaking it. |
Maybe (I'm guessing around) it works with |
The following debug information has been generated from the following environment: Distro: Arch Linux Output of
|
flameshot-org/flameshot#1380 (comment):
That's what I'm feared.
Update: Relates to #5035 because it looks at And this symlink needs to return the same path as used by https://github.com/KDE/kwin/blob/master/src/wayland/utils/executable_path_proc.cpp If we can foul KApplicationTrader it would be the simplest workaround.
This becomes really difficult to implement. If possible at all. |
I'm having the same issue. In the interim I commented Spectacle out of This works until the next time |
Removing it from firecfg.config should have been enough; see also:
As a workaround, manually create an override in ~/bin and/or |
5245 is exactly what I experienced. For now I replaced the file in |
I can confirm this is still happening, Fedora 38, KDE 5.27.3 |
Update: you need to remove two offending rules to get it to work on Wayland:
With these changes it appears to work fine on firejail version 0.9.72 on Arch. |
@alexpyattaev Nice find. Can you open a PR and fix our spectacle.profile? |
I am not sure if my "fix" is a good one. In particular, I am unsure if a
narrower profile would work, or even what exactly noroot command does:)
Should I make a PR?
ke 13. syysk. 2023 klo 4.34 glitsj16 ***@***.***> kirjoitti:
… @alexpyattaev <https://github.com/alexpyattaev> Nice find. Can you open a
PR and fix our spectacle.profile?
—
Reply to this email directly, view it on GitHub
<#5127 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABNIL3XIWPE6RMPXG6C52VDX2EETXANCNFSM5U2YRVUA>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
That's understandable, although your reasoning looks sound to me. Let's wait for the OP and others to chime in before acting on this. |
Well that is what makes it scary - it is just good enough to pass the "sanity check" while being made entirely of guesswork and assumptions. Kinda like GPT4 programming. |
noroot was already known since #5127 (comment) |
UPDATE: more testing carried out on my OpenSUSE Tumbleweed with KDE Wayland
I'll need some more time putting together a profile that can deliver all this functionality in a reasonably secure way. |
There is additional aspect to this. Apparently, the ~/.local/share/applications/org.kde.spectacle.desktop that firecfg makes somehow manages to make dbus forget that the application has X-KDE-Wayland-Interfaces=zkde_screencast_unstable_v1 permission, which in turn makes Pipewire daemon deny access to the screen recording. Removing the .desktop file fixes the issue (as the system builtin file is used instead), but firejail remakes the user's local file making spectacle to fail starting. I am unsure what the problem is, as the line in .desktop that enables access to pipewire is still in place. |
something that may be interesting: not only spectacle broke, but also Firefox screenshots and Ctrl+P Website printing and Flameshot Flatpak. Is this related? Would all these need seperate profiles? |
@alexpyattaev I did notice the 'weirdness' of the spectacle desktop file(s) too. Not exactly sure what Anyway, here are my latest findings. Note that I've always opted to start the app with its $ QT_QPA_PLATFORM=wayland firejail --ignore=quiet /usr/bin/spectacle -l Putting together a reliably working
If anyone wants to test/confirm/deny, here's my proposed spectacle.profile: $ cat ~/.config/firejail/spectacle.profile# Firejail profile for spectacle
# Description: Spectacle is a simple application for capturing desktop screenshots.
# This file is overwritten after every install/update
# Persistent local customizations
include spectacle.local
# Persistent global definitions
include globals.local
# Add the next lines to your spectacle.local to use sharing services.
#netfilter
#ignore net none
#private-etc ca-certificates,crypto-policies,pki,resolv.conf,ssl
#protocol unix,inet,inet6
noblacklist ${HOME}/.config/spectaclerc
noblacklist ${PICTURES}
noblacklist ${VIDEOS}
include disable-common.inc
include disable-devel.inc
include disable-exec.inc
include disable-interpreters.inc
include disable-proc.inc
include disable-programs.inc
include disable-xdg.inc
mkfile ${HOME}/.config/spectaclerc
whitelist ${HOME}/.config/spectaclerc
whitelist ${DOWNLOADS}
whitelist ${PICTURES}
whitelist ${VIDEOS}
whitelist /usr/share/kconf_update/spectacle_*
include whitelist-common.inc
include whitelist-run-common.inc
include whitelist-runuser-common.inc
include whitelist-usr-share-common.inc
include whitelist-var-common.inc
apparmor
caps.drop all
#machine-id
net none
#no3d
nodvd
nogroups
noinput
nonewprivs
noprinters
#noroot
#nosound
notv
nou2f
novideo
protocol unix
seccomp
seccomp.block-secondary
tracelog
disable-mnt
private-bin spectacle
private-cache
private-dev
private-etc alternatives,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload
private-tmp
# finding a reliably working dbus-user filtering combo for
# screenshot/screenrecording functionality failed - help wanted
#dbus-user filter
#dbus-user.own org.kde.spectacle
#dbus-user.own org.kde.Spectacle
#dbus-user.talk org.freedesktop.FileManager1
#dbus-user.talk org.kde.JobViewServer
#dbus-user.talk org.kde.kglobalaccel
dbus-system none
restrict-namespaces
HTH |
@firefoxlover Hard to tell whether those are related. Are you seeing all that on KDE Wayland? Or how should we understand your comment in this issues context? Please try to describe exactly what broke where. One thing is clear though, Flatpak and Firejail don't mix: firejail/src/man/firejail.1.in Lines 82 to 84 in eb5c971
|
Firefox and chrome work just fine for me. In Firejail both of them. So I do not think it is 100% related. |
Firefox Screenshots: Not blocked by firejail, check your Firefox profile. Ctrl+P: Unrelated => new issue |
This is not my experience though. After removing the .desktop entry generated by firejail it suddenly worked again. I didnt change anything on the profile. Ctrl+P always crashed, and screenshots had really weird issues, getting the wrong areas etc. I expected a wayland bug but on the same system, different user profile the bugs where completely gone. After removing the firejail .desktop files, everything was working again. |
Removing the local desktop file solves the issue, but that is just a workaround, doesn't solve the actual problem.
at this point the GUI error message pops up, after hitting OK on it, the log continues:
Spectacle's window opens, but no screenshot is taken. |
thanks for keeping track of this! I am more interested in bubblejail, but that one has even less tooling, so unless some big org decides to support it, it will take some time to get usable |
For me spectacle does not work on with X server too, only removing symlink from |
given that most distros ship with wayland nowadays, should firejail ship with something like:
in |
There are various reports in netblue30#5127 that the current profile is broken on wayland (and at least one report that it is broken on xorg as well).
If you disable it X users will not benefit from it. |
The comment you just quoted said that firejailed spectacle does not work on X But even if it did, profiles should work by default on common setups (xorg and The effect is worse for programs that are usually not started from the CLI, as Lastly, in firejail-git you can include more programs in firecfg by adding them |
There are various reports in netblue30#5127 that the current profile is broken on wayland (and at least one report that it is broken on xorg as well). Relates to netblue30#6268.
There are various reports in netblue30#5127 that the current profile is broken on wayland (and at least one report that it is broken on xorg as well). Relates to netblue30#6268.
Ok, so what is left to complete so we can mark this issue as completed? And as far as I understand (I tried reading the thread), the problem seems to be coming from Spectacle behaving weirdly? |
Do we want to do the same for things like |
Ye so after reading this and trying all kind of workarounds, the only solution was to exclude spectacle (and obs) from firecfg. |
this have bite me again and again :) I remove it from the config list, but then the .desktop file remains and for some reason without the permission lines it needs. And i cannot take screenshots until i remember i have to delete my desktop file in ~/.local something. maybe someone who knows better the code can comment if the "fix" for this is to add a "delete all user desktop files created by firejail" before reaching the copy step https://github.com/netblue30/firejail/blob/master/src/firecfg/desktop_files.c#L189 ? |
See also: Does it work with firejail-git? If not, please open a new issue and follow the bug report template: |
My point was that |
Description
Spectacle not working under KDE Wayland. It opens, but complains "Could not take a screenshot". However it works under x11 session.
Steps to Reproduce
Click the spectacle desktop shortcut and doesn't work.
kioclient exec /home/nikki/.local/share/applications/org.kde.spectacle.desktop, doesn't work.
Logs are shown in Log section.
To reduce the dbus errors above, I created ~/.config/firejail/spectacle.local with the following content:
Run the command above again, DBus errors are gone, but left with Screenshot request failed: "The process is not authorized to take a screenshot". Still doesn't work.
Expected behavior
Spectacle should take screenshots normally under KDE Wayland.
Actual behavior
Cannot take screenshots under KDE Wayland. Does not affect X11 session. Console outputs are provided above.
If I modify the desktop file, replace "spectacle" with "/usr/bin/spectacle", it will take screenshot normally.
Behavior without a profile
LC_ALL=C firejail --noprofile kioclient exec /home/nikki/.local/share/applications/org.kde.spectacle.desktop
Logs are shown in Log Section. Console output is similar with the one after modifying spectacle.local. Doesn't work either.
Additional context
If simply edit the spectacle desktop file and change the Exec from "spectacle" to "/usr/bin/spectacle", it will work normally.
Environment
Checklist
/usr/bin/vlc
) "fixes" it).https://github.com/netblue30/firejail/issues/1139
)browser-allow-drm yes
/browser-disable-u2f no
infirejail.config
to allow DRM/U2F in browsers.--profile=PROFILENAME
to set the right profile. (Only relevant for AppImages)Log
Output of
kioclient exec /home/nikki/.local/share/applications/org.kde.spectacle.desktop
Output of
kioclient exec /home/nikki/.local/share/applications/org.kde.spectacle.desktop
after modifying spectacle.localOutput of
LC_ALL=C firejail --noprofile kioclient exec /home/nikki/.local/share/applications/org.kde.spectacle.desktop
Output of
LC_ALL=C firejail --noprofile kioclient exec /usr/share/applications/org.kde.spectacle.desktop
The text was updated successfully, but these errors were encountered: