| Summary: | gnome-base/nautilus-3.30 won't generate thumbnails | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | sebB <entisten> |
| Component: | Current packages | Assignee: | Gentoo Linux Gnome Desktop Team <gnome> |
| Status: | CONFIRMED --- | ||
| Severity: | normal | CC: | juippis |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Attachments: |
test.patch
disable unshare all 3.32 disable unshare all |
||
|
Description
sebB
2019-04-11 08:52:43 UTC
Perhaps this is a manifestation of bug 697602 ? I've try with gdk-pixbuf 2.38.2 and 2.40 and same result. No thumbnails. Files are allways create in .cache/thumbnails/fail/gnome-thumbnail-factory. I confirm this issue on a full ~amd64 system with gnome 3.32. The problem persist since upgrade from 3.26. Thanks Looking at dantrell overlay and the difference is this patch https://github.com/dantrell/gentoo-overlay-dantrell-gnome-3-30/blob/master/gnome-base/nautilus/files/nautilus-3.30.0-dont-sandbox-thumbnailers-on-linux.patch He revert this commit from gnome-desktop-thumbnail-script.c https://gitlab.gnome.org/GNOME/gnome-desktop/commit/8b1db18aa75c2684b513481088b4e289b5c8ed92 I've test and it work. To test I simply modify nautilus-3.30.5-r1 ebuild, mask all patch, and apply the test.patch (wich revert the commit 8b1db18a). PATCHES=( # "${FILESDIR}"/${PV}-docs-build.patch # "${FILESDIR}"/${PV}-thumbnailer-updates{,2}.patch # "${FILESDIR}"/${PV}-seccomp-sparc32.patch # "${FILESDIR}"/${PV}-CVE-2019-11461.patch "${FILESDIR}"/${PV}-test.patch ) Thumbnails are working. Created attachment 596172 [details, diff]
test.patch
Security will not be made optional. Need some hints why it would be broken with bubblewrap still for some. The only idea I have offhand is that there may be problems if the whole system is running under virtualization or containers, but I don't know of any details about any problems otherwise with it remaining. Perhaps some comparison between bubblewrap ran thumbnailer and running it manually via /usr/bin/gdk-pixbuf-thumbnailer -s %s %u %o could yield some interesting info. %s is the size of thumbnail, probably something like "100x100". %u is the input file. %o is the output file of the thumbnail. Though I guess that won't help, if patching bubblewrap and seccomp out makes it work. Running gdk-pixbuf-thumbnailer -s 256 image.jpg thumb.png work fine.
I've strace nautilus and this is the bwrap command invoqued
execve("/usr/lib/llvm/8/bin/bwrap", ["bwrap", "--ro-bind", "/usr", "/usr", "--ro-bind", "/etc/ld.so.cache", "/etc/ld.so.cache", "--ro-bind", "/bin", "/bin", "--ro-bind", "/lib64", "/lib64", "--ro-bind", "/lib", "/lib", "--ro-bind", "/sbin", "/sbin", "--ro-bind-try", "/var/cache/fontconfig", "/var/cache/fontconfig", "--proc", "/proc", "--dev", "/dev", "--chdir", "/", "--setenv", "GIO_USE_VFS", "local", "--unshare-all", "--die-with-parent", "--bind", "/tmp/gnome-desktop-thumbnailer-Y0BUB0", "/tmp", "--ro-bind", "/home/seb/a.jpg", "/tmp/gnome-desktop-file-to-thumbnail.jpg", "--seccomp", "28", "/usr/bin/gdk-pixbuf-thumbnailer", "-s", "256", "file:///tmp/gnome-desktop-file-to-thumbnail.jpg", "/tmp/gnome-desktop-thumbnailer.png"], 0x7ffead218c30 /* 54 vars */) = -1 ENOENT (Aucun fichier ou dossier de ce type)
I've try running
bwrap --ro-bind /usr /usr --ro-bind /etc/ld.so.cache /etc/ld.so.cache --ro-bind /bin /bin --ro-bind /lib64 /lib64 --ro-bind /lib /lib --ro-bind /sbin /sbin --ro-bind-try /var/cache/fontconfig /var/cache/fontconfig --proc /proc --dev /dev --chdir / --setenv GIO_USE_VFS local --unshare-all --die-with-parent --bind /tmp/gnome-desktop-thumbnailer-Y0BUB0 /tmp --ro-bind /home/seb/a.jpg /tmp/gnome-desktop-file-to-thumbnail.jpg --seccomp 28 /usr/bin/gdk-pixbuf-thumbnailer -s 256 file:///tmp/gnome-desktop-file-to-thumbnail.jpg /tmp/gnome-desktop-thumbnailer.png
The error mesage is: bwrap: Creating new namespace failed: Invalid argument
The Invalid argument is caused by "--unshare-all"
So disabling it with patch 3.30.5-disable-unshare make thumbnails work.
In the ebuild I simply apply this patch
PATCHES=(
"${FILESDIR}"/${PV}-docs-build.patch
"${FILESDIR}"/${PV}-thumbnailer-updates{,2}.patch
"${FILESDIR}"/${PV}-seccomp-sparc32.patch
"${FILESDIR}"/${PV}-CVE-2019-11461.patch
"${FILESDIR}"/${PV}-disable-unshare.patch
)
Created attachment 596776 [details, diff]
disable unshare all
Created attachment 596784 [details, diff]
3.32 disable unshare all
Same think with nautilus 3.32.
Disabling --unshare-all make thumbnails work.
I don't know why this option is not working on gentoo.
I've strace nautilus on archlinux and this option is present and work.
(In reply to sebB from comment #7) > > The error mesage is: bwrap: Creating new namespace failed: Invalid argument Thumbnailing works for me in nautilus without any patches, but this error led me to believe USER_NS might have something to do with it. # zgrep -i user_ns /proc/config.gz CONFIG_USER_NS=y CONFIG_USER_NS_UNPRIVILEGED=y I think Arch has disabled USER_NS in their kernel, and that's why they patch it. Thanks Joonas, Enabling CONFIG_USER_NS=y do the job. bubblewrap package already checks for USER_NS and complains if you don't have it. I'm not sure if we really want to add the same checks to gnome-desktop and nautilus too.. (In reply to Mart Raudsepp from comment #13) > bubblewrap package already checks for USER_NS and complains if you don't > have it. I'm not sure if we really want to add the same checks to > gnome-desktop and nautilus too.. I think it is enough to have them in bubblewrap ebuild |
