fractal: program does not start (missing whitelist)

[triallax]

Description

Fractal 5 fails to start with Firejail.

Steps to Reproduce

Steps to reproduce the behavior

1. LC_ALL=C firejail /bin/fractal
2. Fractal outputs Could not load gresource file: Error { domain: g-file-error-quark, code: 4, message: "Failed to open file “/usr/share/fractal/resources.gresource”: open() failed: No such file or directory" }

Expected behavior

Fractal starts up successfully.

Actual behavior

Fractal crashes before startup.

Behavior without a profile

Seems to work fine without a profile.

Environment

• Linux distribution and version (e.g. "Ubuntu 20.04" or "Arch Linux") Void Linux
• Firejail version (firejail --version). 0.9.72

Checklist

• The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it).
• I can reproduce the issue without custom modifications (e.g. globals.local).
• The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
• The profile (and redirect profile if exists) hasn't already been fixed upstream.
• I have performed a short search for similar issues (to avoid opening a duplicate).
  • I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.
• I used --profile=PROFILENAME to set the right profile. (Only relevant for AppImages)

Log

Output of LC_ALL=C firejail /path/to/program

Reading profile /etc/firejail/fractal.profile                   
Reading profile /etc/firejail/allow-python2.inc                                                                                 
Reading profile /etc/firejail/allow-python3.inc                 
Reading profile /etc/firejail/disable-common.inc                
Reading profile /etc/firejail/disable-devel.inc                 
Reading profile /etc/firejail/disable-exec.inc                                                                                  
Reading profile /etc/firejail/disable-interpreters.inc          
Reading profile /etc/firejail/disable-programs.inc                                                                                       
Reading profile /etc/firejail/disable-shell.inc                 
Reading profile /etc/firejail/disable-xdg.inc                                                                                            
Reading profile /etc/firejail/whitelist-common.inc              
Reading profile /etc/firejail/whitelist-runuser-common.inc                                                                                         
Reading profile /etc/firejail/whitelist-usr-share-common.inc                                                                                                    
Reading profile /etc/firejail/whitelist-var-common.inc          
Parent pid 28828, child pid 28832                               
1 program installed in 49.06 ms                                 
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.                                      
Warning: skipping alsa for private /etc                         
Warning: skipping alternatives for private /etc                 
Warning: skipping asound.conf for private /etc                  
Warning: skipping crypto-policies for private /etc              
Warning: skipping gtk-2.0 for private /etc                                                                                      
Warning: skipping ld.so.preload for private /etc                
Warning: skipping locale for private /etc                                                                                       
Warning: skipping locale.alias for private /etc                 
Warning: skipping mime.types for private /etc                                                                                            
Warning: skipping pulse for private /etc                        
Warning: skipping selinux for private /etc                                                                                               
Private /etc installed in 15.34 ms                              
Private /usr/etc installed in 0.00 ms                                                                                                              
Warning: /sbin directory link was not blacklisted                                                                                                               
Warning: /usr/sbin directory link was not blacklisted                                                                                              
Child process initialized in 149.71 ms                                                                                                                          
thread 'main' panicked at src/main.rs:53:51:                             
Could not load gresource file: Error { domain: g-file-error-quark, code: 4, message: "Failed to open file “/usr/share/fractal/resources.gresource”: open() faile
d: No such file or directory" }         
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace                                                                                   

Parent is shutting down, bye...                                                 

Output of LC_ALL=C firejail --debug /path/to/program

https://gist.github.com/mhmdanas/b585199dcc47dbd42fb97eae6abcb1b9

[rusty-snake]

Add whitelist /usr/share/fractal and try again.

[triallax]

That seems to fix it, thanks!