GNU bug report logs -
#77827
[PATCH] gnu: librewolf: Fix video playback.
Previous Next
Reported by: Jakob Kirsch <jakob.kirsch <at> web.de>
Date: Tue, 15 Apr 2025 16:48:02 UTC
Severity: normal
Tags: patch
Done: Ian Eure <ian <at> retrospec.tv>
Bug is archived. No further changes may be made.
Full log
Message #23 received at 77827 <at> debbugs.gnu.org (full text, mbox):
Hi,
On 19 April 2025 21:32, Julian Flake <julian <at> flake.de> wrote:
> --8<---------------cut here---------------start------------->8---
> ➜ ~ librewolf
> libva info: VA-API version 1.22.0
> libva info: Trying to open /run/current-system/profile/lib/dri/iHD_drv_video.so
> libva info: va_openDriver() returns -1
> libva info: Trying to open /run/current-system/profile/lib/dri/i965_drv_video.so
> libva info: va_openDriver() returns -1
> --8<---------------cut here---------------end--------------->8---
intel-vaapi-driver isn't whitelisted in the RDD sandbox, so it will block
opening the drivers. Running with MOZ_SANDBOX_LOGGING=1 will show something
like:
[30324] Sandbox: SandboxBroker: denied op=open rflags=2000000 perms=0 path=/gnu/store/jji80qsrw6dm3zsgwxhz5301d5ww0ga8-intel-vaapi-driver-2.4.1/lib/dri/i965_drv_video.so for pid=30400
[30400] Sandbox: Failed errno -13 op open flags 02000000 path /home/jussi/.guix-profile/lib/dri/i965_drv_video.so
[30324] Sandbox: SandboxBroker: denied op=access rflags=0 perms=0 path=/gnu/store/jji80qsrw6dm3zsgwxhz5301d5ww0ga8-intel-vaapi-driver-2.4.1/lib/dri/i965_drv_video.so for pid=30400
[30400] Sandbox: Failed errno -13 op access flags 00 path /home/jussi/.guix-profile/lib/dri/i965_drv_video.so
libva info: va_openDriver() returns -1
HW video decoding working with MOZ_DISABLE_RDD_SANDBOX=1 further
confirms it being the sandbox issue.
Upstream solved it for Nix by whitelisting the entire store[1]. As Ian
mentioned, there's a patch in #72265[2] trying to do the same for guix.
Footnotes:
[1] https://hg-edge.mozilla.org/releases/mozilla-release/file/FIREFOX_137_0_2_RELEASE/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp#l478
[2] https://issues.guix.gnu.org/72265
Best,
--
Jussi
This bug report was last modified 127 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.