Bug#953674: nautilus: Thumbnail generation silently fails without unprivileged_userns_clone
Ian Wienand
ianw at debian.org
Thu Mar 12 06:14:12 GMT 2020
Package: nautilus
Version: 3.34.1-1
Severity: normal
I found that thumbnails were not generating on my NAS share, despite thumbnails
"All Files" being selected.
Upon further investigation with strace, I found that the bwrap call to the
thumbnailer was failing:
---
7836 execve("/usr/bin/bwrap", ["bwrap", "--ro-bind", "/usr", "/usr", "--ro-bind", "/etc/ld.so.cache", "/etc/ld.so.cache", "--ro-bind", "/bin", "/bin", "--ro-bind", "/lib64", "/lib64", "--ro-bind", "/lib", "/lib", "--ro-bind", "/sbin", "/sbin", "--ro-bind-try", "/var/cache/fontconfig", "/var/cache/fontconfig", "--proc", "/proc", "--dev", "/dev", "--chdir", "/", "--setenv", "GIO_USE_VFS", "local", "--unshare-all", "--die-with-parent", "--bind", "/tmp/gnome-desktop-thumbnailer-ME1AH0", "/tmp", "--ro-bind", "/run/user/1000/gvfs/smb-share:server=synology,share=photo/abc.jpg", "/tmp/gnome-desktop-file-to-thumbnail.jpg", "--seccomp", "36", "/usr/bin/gdk-pixbuf-thumbnailer", "-s", "256", "file:///tmp/gnome-desktop-file-to-thumbnail.jpg", "/tmp/gnome-desktop-thumbnailer.png"], 0x55925d555520 /* 40 vars */ <unfinished ...>
...
7836 write(2, "No permissions to creating new namespace, likely because the kernel does not allow non-privileged user namespaces. On e.g. debian this can be enabled with 'sysctl kernel.unprivileged_userns_clone=1'.", 199 <unfinished ...>
---
Setting kernel.unprivileged_userns_clone = 1 made thumbnails work again.
AFAIK I've never fiddled any of these settings. I just got a new NAS
so do not know if this was happening prior to this. Afer I found the problem,
I found someone else had the same thing happening [1], although again
no root cause.
I feel like this should work by default.
bubblewrap is:
$ bwrap --version
bubblewrap 0.4.0
-i
[1] https://bugs.funtoo.org/secure/attachment/16930/debug.html
-- System Information:
Debian Release: bullseye/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, arm64
Kernel: Linux 5.4.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE=en_AU:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages nautilus depends on:
ii bubblewrap 0.4.0-1
ii desktop-file-utils 0.24-1
ii gsettings-desktop-schemas 3.34.0-2
ii gvfs 1.42.2-1
ii libatk1.0-0 2.34.1-1
ii libc6 2.29-10
ii libcairo-gobject2 1.16.0-4
ii libcairo2 1.16.0-4
ii libgdk-pixbuf2.0-0 2.40.0+dfsg-2
ii libgexiv2-2 0.12.0-2
ii libglib2.0-0 2.62.5-1
ii libglib2.0-data 2.62.5-1
ii libgnome-autoar-0-0 0.2.3-2
ii libgnome-desktop-3-18 3.34.2-2
ii libgstreamer-plugins-base1.0-0 1.16.2-2
ii libgstreamer1.0-0 1.16.2-2
ii libgtk-3-0 3.24.13-1
ii libnautilus-extension1a 3.34.1-1
ii libpango-1.0-0 1.42.4-8
ii libpangocairo-1.0-0 1.42.4-8
ii libselinux1 3.0-1+b1
ii libtracker-sparql-2.0-0 2.3.2-1
ii nautilus-data 3.34.1-1
ii shared-mime-info 1.10-1
ii tracker 2.3.2-1
ii tracker-extract 2.3.2-1
ii tracker-miner-fs 2.3.2-1
Versions of packages nautilus recommends:
ii gnome-sushi 3.34.0-2
ii gvfs-backends 1.42.2-1
ii librsvg2-common 2.46.4-1
Versions of packages nautilus suggests:
ii eog 3.34.1-1
ii evince [pdf-viewer] 3.34.1-1+b1
ii nautilus-extension-brasero 3.12.2-6
ii nautilus-sendto 3.8.6-3
ii totem 3.34.1-2
ii vlc [mp3-decoder] 3.0.8-4
ii xdg-user-dirs 0.17-2
-- no debconf information
More information about the pkg-gnome-maintainers
mailing list