Flatpak on Sailfish OS - Page 7 - maemo.org

rinigus | # 61 | 2020-02-25, 07:44 | Report

That could be considerable roadblock for the older kernels out there. Looks like you fail at

Code:

  /* Never gain any more privs during exec */
  if (prctl (PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0)
    die_with_error ("prctl(PR_SET_NO_NEW_CAPS) failed");

PR_SET_NO_NEW_PRIVS, according to manuals, has been introduced into 3.5 kernels. So, older kernels, including S2 and the several devices with 3.4 are no go, as far as I understand.

From looking around, it seems that there are backports available, though. See https://wiki.mozilla.org/Security/Sandbox/Seccomp and https://bugzilla.mozilla.org/show_bug.cgi?id=790923 referenced there. Cannot guarantee that it will work, though.

Note that there could be more backports available, I just took one of the first links.

The Following 3 Users Say Thank You to rinigus For This Useful Post:
Amboss, edp17, juiceme

edp17 | # 62 | 2020-02-25, 08:31 | Report

Originally Posted by rinigus View Post

That could be considerable roadblock for the older kernels out there.
...

Thank you for taking a look into it. When I switched my PC off I realised that I should have asked whether that error was something that I could/should fix on the device (or in the kernel) or something else in the flatpak-runner.
Now, I understand this is limitation of the old kernel and there might be a workaround. (This is what I love in Linux, there always is a or more workaround.

)
I have checked the links you provided for the backport and found this in the second one: backport NO_NEW_PRIVS

I apply this into the S2's kernel and will re-try.

(By the way, with adding this Flatpak support into the kernel, something else also changed because the sneak-peek function started to work there.

Thanks for that.)

The Following 2 Users Say Thank You to edp17 For This Useful Post:
carlosgonz, juiceme

claustn | # 63 | 2020-02-25, 14:05 | Report

On Nexus 5, despite the added flags in the kernel, Angelfish does not start. Here is the output:

Code:

nemo@Sailfish ~]$ flatpak-runner 
org.kde.mobi le.angelfish Starting: 
org.kde.mobile.angelfish h: modules.devname [D] 
unknown:0 - Using Wayland-EGL Wayland 
socket: ../../display/wayland-2 
WAYLAND_DISPLAY="../../display/wayland-2" 
FLAT 
PAK_MALIIT_CONTAINER_DBUS="unix:abstract=/tmp/ 
dbus-WOnQp4HCDA,guid=23d92ab87b61acf890bb9eff5 
e5527a4" flatpak run 
--env=QT_WAYLAND_FORCE_DP I=442 
--filesystem=/system:ro 
--filesystem=/ve ndor:ro 
--filesystem=/odm:ro --device=all --ta 
lk-name=org.maliit.server 
--filesystem=/opt/fl 
atpak/maliit/org.kde.Platform/arm/5.12:ro 
--en 
v=QT_PLUGIN_PATH=/app/lib64/plugins:/app/lib/p 
lugins:/usr/share/runtime/lib/plugins:/opt/fla 
tpak/maliit/org.kde.Platform/arm/5.12 
--env=QT _QUICK_CONTROLS_MOBILE=1 
--env=QT_QUICK_CONTRO LS_STYLE=Plasma 
--env=HYBRIS_EGLPLATFORM_DIR=/ 
usr/lib/arm-linux-gnueabihf/GL/host/lib/libhyb 
ris 
--env=HYBRIS_LINKER_DIR=/usr/lib/arm-linux 
-gnueabihf/GL/host/lib/libhybris/linker 
--env= 
HYBRIS_LD_LIBRARY_PATH=/usr/lib/arm-linux-gnue 
abihf/GL/host/libexec/droid-hybris/system/lib: 
/usr/libexec/droid-hybris/system/lib:/vendor/l 
ib:/system/lib 
--env=LD_LIBRARY_PATH=/usr/lib/ 
arm-linux-gnueabihf/GL/host/lib 
org.kde.mobile .angelfish [D] 
onCompleted:389 - Warning: specifying 
an o bject instance for initialPage is 
sub-optimal - prefer to use a 
Component [W] unknown:52 - 
file:///usr/share/flatpak-run 
ner/qml/main.qml:52:26: Unable to 
assign [unde fined] to bool bwrap: 
execvp xdg-dbus-proxy: No such file or
directory

The Following 3 Users Say Thank You to claustn For This Useful Post:
edp17, juiceme, rinigus

edp17 | # 64 | 2020-02-25, 14:25 | Report

Originally Posted by claustn View Post

On Nexus 5, despite the added flags in the kernel, Angelfish does not start. Here is the output:
...

I think I got this error. Did you try to start angelfish on the device in a fingerterm or from a PC logged into the device with ssh? Try to run it on the device!

Last edited by edp17; 2020-02-25 at 14:47.

The Following 2 Users Say Thank You to edp17 For This Useful Post:
juiceme, rinigus

claustn | # 65 | 2020-02-25, 14:48 | Report

I run it from fingerterm on device with your new kernel! The Angelfish app cover shows up with its icon but the loading circle spins forever.

The Following 4 Users Say Thank You to claustn For This Useful Post:
carlosgonz, edp17, juiceme, rinigus

rinigus | # 66 | 2020-02-25, 17:38 | Report

@claustn, how did you install flatpak support? did you install by zypper after setting up repository? or downloaded and installed manually?

It looks like xdg-dbus-proxy from flatpak repo is not installed (see missing command error: execvp xdg-dbus-proxy: No such file or
directory)

But in addition to that, we probably have an issue with 3.4 kernel on the top of that, as referred to earlier.

The Following 3 Users Say Thank You to rinigus For This Useful Post:
Amboss, edp17, juiceme

edp17 | # 67 | 2020-02-26, 08:32 | Report

Originally Posted by rinigus View Post

@claustn, how did you install flatpak support? did you install by zypper after setting up repository? or downloaded and installed manually?

It looks like xdg-dbus-proxy from flatpak repo is not installed (see missing command error: execvp xdg-dbus-proxy: No such file or
directory)

But in addition to that, we probably have an issue with 3.4 kernel on the top of that, as referred to earlier.

I am not sure this is related to that kernel thing because I when I first tried I got exactly the same error. Then I fixed it somehow but don't remember how.
(I will try to find out what have done when I get home. I hope the console is still active on my PC and I can look back what I was doing.

+ I will try to install this on my Nexus 5 too.)
And just after then I got the other error about the 'PR_SET_NO_NEW_PRIVS'.

The Following 2 Users Say Thank You to edp17 For This Useful Post:
juiceme, rinigus

edp17 | # 68 | 2020-02-26, 22:22 | Report

Originally Posted by edp17 View Post

I am not sure this is related to that kernel thing because I when I first tried I got exactly the same error. Then I fixed it somehow but don't remember how.
(I will try to find out what have done when I get home. I hope the console is still active on my PC and I can look back what I was doing.

+ I will try to install this on my Nexus 5 too.)
And just after then I got the other error about the 'PR_SET_NO_NEW_PRIVS'.

Unfortunately my console I used for S2 is full of AD related stuff, so I could not check what I was doing when I got this Flatpak related error.

I have tried to install it on my Nexus 5 and got exactly the same error and the rotating circle as an app cover.

To compare the two message on the devices:

On Nexus 5:

Code:

[W] unknown:52 - file:///usr/share/flatpak-runner/qml/main.qml:52:26: Unable to assign [undefined] to bool
bwrap: execvp xdg-dbus-proxy: No such file or directory

On S2:

Code:

[W] unknown:52 - file:///usr/share/flatpak-runner/qml/main.qml:52:26: Unable to assign [undefined] to bool
bwrap: prctl(PR_SET_NO_NEW_CAPS) failed: Invalid argument
error: ldconfig failed, exit status 256

Both error do look similar and probably they are related to the kernel just how @rinigus said earlier.

The Following 2 Users Say Thank You to edp17 For This Useful Post:
Amboss, juiceme

edp17 | # 69 | 2020-02-26, 23:31 | Report

It looks like the Flatpak won't work on the S2 (or some other fixes also needs to be backported).
I have backported the NO_NEW_PRIVS from here but when I re-run the angelfish, I got this:

Code:

[nemo@GalaxyS2 ~]$ flatpak-runner org.kde.mobile.angelfish
Starting: org.kde.mobile.angelfish
[D] unknown:0 - Using Wayland-EGL
Wayland socket: ../../display/wayland-2
WAYLAND_DISPLAY="../../display/wayland-2" FLATPAK_MALIIT_CONTAINER_DBUS="unix:abstract=/tmp/dbus-7rr6cT2EOw,guid=8929142dcc20de9f7e54f93c5e56fd25" flatpak run --env=QT_WAYLAND_FORCE_DPI=218 --filesystem=/system:ro --filesystem=/vendor:ro --filesystem=/odm:ro --device=all --talk-name=org.maliit.server --filesystem=/opt/flatpak/maliit/org.kde.Platform/arm/5.12:ro --env=QT_PLUGIN_PATH=/app/lib64/plugins:/app/lib/plugins:/usr/share/runtime/lib/plugins:/opt/flatpak/maliit/org.kde.Platform/arm/5.12 --env=QTWEBENGINE_CHROMIUM_FLAGS=--disable-gpu-compositing --env=QT_QUICK_CONTROLS_MOBILE=1 --env=QT_QUICK_CONTROLS_STYLE=Plasma --env=HYBRIS_EGLPLATFORM_DIR=/usr/lib/arm-linux-gnueabihf/GL/host/lib/libhybris --env=HYBRIS_LINKER_DIR=/usr/lib/arm-linux-gnueabihf/GL/host/lib/libhybris/linker --env=HYBRIS_LD_LIBRARY_PATH=/usr/lib/arm-linux-gnueabihf/GL/host/libexec/droid-hybris/system/lib:/usr/libexec/droid-hybris/system/lib:/vendor/lib:/system/lib --env=LD_LIBRARY_PATH=/usr/lib/arm-linux-gnueabihf/GL/host/lib org.kde.mobile.angelfish
[D] onCompleted:389 - Warning: specifying an object instance for initialPage is sub-optimal - prefer to use a Component
[W] unknown:52 - file:///usr/share/flatpak-runner/qml/main.qml:52:26: Unable to assign [undefined] to bool
FATAL: kernel too old
error: ldconfig failed, exit status 34304
[D] expression for onExit:58 - Skipping quit as it will hang the window. Proper exit is needed
^C

Some of the strace is here.

Do I need the CONFIG_SECCOMP in the kernel? (Or something else?)

The Following 4 Users Say Thank You to edp17 For This Useful Post:
Amboss, carlosgonz, juiceme, rinigus

edp17 | # 70 | 2020-02-27, 02:15 | Report

I have got an idea from elros. If we can patch the glibc for flatpak it can work on my S2 and probably on hammerhead too. I had to do this for my S2 port, otherwise sailfish wouldn't build. More info here.

(For the S2 port, I needed to add a glibc.ini file into /usr/share/ssu/features.d/ folder.)

The Following 3 Users Say Thank You to edp17 For This Useful Post:
Amboss, juiceme, rinigus