According too https://bugs.gentoo.org/show_bug.cgi?id=653786 , thumbnails are supposed to work in nautilus. Running gnome-light 3.30 (gnome/systemd profile) in a stable system don't generate thumbnails. Files are create in .cache/thumbnails/fail/gnome-thumbnail-factory. If I open an image with gimp, thumbnails is create after I refresh nautilus. I've try with full gnome-3.30 and same issue. Thanks Reproducible: Always
Perhaps this is a manifestation of bug 697602 ?
I've try with gdk-pixbuf 2.38.2 and 2.40 and same result. No thumbnails. Files are allways create in .cache/thumbnails/fail/gnome-thumbnail-factory.
I confirm this issue on a full ~amd64 system with gnome 3.32. The problem persist since upgrade from 3.26. Thanks
Looking at dantrell overlay and the difference is this patch https://github.com/dantrell/gentoo-overlay-dantrell-gnome-3-30/blob/master/gnome-base/nautilus/files/nautilus-3.30.0-dont-sandbox-thumbnailers-on-linux.patch He revert this commit from gnome-desktop-thumbnail-script.c https://gitlab.gnome.org/GNOME/gnome-desktop/commit/8b1db18aa75c2684b513481088b4e289b5c8ed92 I've test and it work. To test I simply modify nautilus-3.30.5-r1 ebuild, mask all patch, and apply the test.patch (wich revert the commit 8b1db18a). PATCHES=( # "${FILESDIR}"/${PV}-docs-build.patch # "${FILESDIR}"/${PV}-thumbnailer-updates{,2}.patch # "${FILESDIR}"/${PV}-seccomp-sparc32.patch # "${FILESDIR}"/${PV}-CVE-2019-11461.patch "${FILESDIR}"/${PV}-test.patch ) Thumbnails are working.
Created attachment 596172 [details, diff] test.patch
Security will not be made optional. Need some hints why it would be broken with bubblewrap still for some. The only idea I have offhand is that there may be problems if the whole system is running under virtualization or containers, but I don't know of any details about any problems otherwise with it remaining. Perhaps some comparison between bubblewrap ran thumbnailer and running it manually via /usr/bin/gdk-pixbuf-thumbnailer -s %s %u %o could yield some interesting info. %s is the size of thumbnail, probably something like "100x100". %u is the input file. %o is the output file of the thumbnail. Though I guess that won't help, if patching bubblewrap and seccomp out makes it work.
Running gdk-pixbuf-thumbnailer -s 256 image.jpg thumb.png work fine. I've strace nautilus and this is the bwrap command invoqued execve("/usr/lib/llvm/8/bin/bwrap", ["bwrap", "--ro-bind", "/usr", "/usr", "--ro-bind", "/etc/ld.so.cache", "/etc/ld.so.cache", "--ro-bind", "/bin", "/bin", "--ro-bind", "/lib64", "/lib64", "--ro-bind", "/lib", "/lib", "--ro-bind", "/sbin", "/sbin", "--ro-bind-try", "/var/cache/fontconfig", "/var/cache/fontconfig", "--proc", "/proc", "--dev", "/dev", "--chdir", "/", "--setenv", "GIO_USE_VFS", "local", "--unshare-all", "--die-with-parent", "--bind", "/tmp/gnome-desktop-thumbnailer-Y0BUB0", "/tmp", "--ro-bind", "/home/seb/a.jpg", "/tmp/gnome-desktop-file-to-thumbnail.jpg", "--seccomp", "28", "/usr/bin/gdk-pixbuf-thumbnailer", "-s", "256", "file:///tmp/gnome-desktop-file-to-thumbnail.jpg", "/tmp/gnome-desktop-thumbnailer.png"], 0x7ffead218c30 /* 54 vars */) = -1 ENOENT (Aucun fichier ou dossier de ce type) I've try running bwrap --ro-bind /usr /usr --ro-bind /etc/ld.so.cache /etc/ld.so.cache --ro-bind /bin /bin --ro-bind /lib64 /lib64 --ro-bind /lib /lib --ro-bind /sbin /sbin --ro-bind-try /var/cache/fontconfig /var/cache/fontconfig --proc /proc --dev /dev --chdir / --setenv GIO_USE_VFS local --unshare-all --die-with-parent --bind /tmp/gnome-desktop-thumbnailer-Y0BUB0 /tmp --ro-bind /home/seb/a.jpg /tmp/gnome-desktop-file-to-thumbnail.jpg --seccomp 28 /usr/bin/gdk-pixbuf-thumbnailer -s 256 file:///tmp/gnome-desktop-file-to-thumbnail.jpg /tmp/gnome-desktop-thumbnailer.png The error mesage is: bwrap: Creating new namespace failed: Invalid argument
The Invalid argument is caused by "--unshare-all" So disabling it with patch 3.30.5-disable-unshare make thumbnails work. In the ebuild I simply apply this patch PATCHES=( "${FILESDIR}"/${PV}-docs-build.patch "${FILESDIR}"/${PV}-thumbnailer-updates{,2}.patch "${FILESDIR}"/${PV}-seccomp-sparc32.patch "${FILESDIR}"/${PV}-CVE-2019-11461.patch "${FILESDIR}"/${PV}-disable-unshare.patch )
Created attachment 596776 [details, diff] disable unshare all
Created attachment 596784 [details, diff] 3.32 disable unshare all Same think with nautilus 3.32. Disabling --unshare-all make thumbnails work. I don't know why this option is not working on gentoo. I've strace nautilus on archlinux and this option is present and work.
(In reply to sebB from comment #7) > > The error mesage is: bwrap: Creating new namespace failed: Invalid argument Thumbnailing works for me in nautilus without any patches, but this error led me to believe USER_NS might have something to do with it. # zgrep -i user_ns /proc/config.gz CONFIG_USER_NS=y CONFIG_USER_NS_UNPRIVILEGED=y I think Arch has disabled USER_NS in their kernel, and that's why they patch it.
Thanks Joonas, Enabling CONFIG_USER_NS=y do the job.
bubblewrap package already checks for USER_NS and complains if you don't have it. I'm not sure if we really want to add the same checks to gnome-desktop and nautilus too..
(In reply to Mart Raudsepp from comment #13) > bubblewrap package already checks for USER_NS and complains if you don't > have it. I'm not sure if we really want to add the same checks to > gnome-desktop and nautilus too.. I think it is enough to have them in bubblewrap ebuild
