Telegram desktop does not open links in browser

Question

Telegram desktop does not open links in browser

reagentoo opened this issue 3 months ago · comments

Hello :) fresh install of Gentoo with Firejail and noticed that clicking links in Telegram with Firejail does not open them in default browser.

Linux:

Gentoo Linux ~amd64

Configuration:

firejail-0.9.72
firefox-123.0.1
telegram-desktop-4.15.2

Console output on clicking links:

/usr/local/bin/xdg-open: line 665: grep: command not found
/usr/local/bin/xdg-open: line 659: grep: command not found
/usr/local/bin/xdg-open: line 688: grep: command not found
xdg-open: file 'https://some.link' does not exist

This is reopen #3031

Kelvin M. Klann · Answer 1 · Sat Mar 16 2024 02:29:46 GMT+0800 (China Standard Time)

Hello :) fresh install of Gentoo with Firejail and noticed that clicking
links in Telegram with Firejail does not open them in default browser.

/usr/local/bin/xdg-open: line 665: grep: command not found
/usr/local/bin/xdg-open: line 659: grep: command not found
/usr/local/bin/xdg-open: line 688: grep: command not found
xdg-open: file 'https://some.link' does not exist

Hello, what happens with the following in ~/.config/firejail/telegram.local:

private-bin grep,sed,tr

If there are more similar errors try adding the commands to private-bin.

Dmitry · Answer 2 · Sat Mar 16 2024 03:31:07 GMT+0800 (China Standard Time)

Hello, what happens with the following in ~/.config/firejail/telegram.local:
private-bin grep,sed,tr
If there are more similar errors try adding the commands to private-bin.

xdg-open: no method available for opening 'https://link'

Kelvin M. Klann · Answer 3 · Sat Mar 16 2024 04:47:03 GMT+0800 (China Standard Time)

If there are more similar errors try adding the commands to private-bin.
xdg-open: no method available for opening 'https://link'

What happens with just ignore private-bin?

Note that you can probably debug this with xdg-open directly:

firejail --profile=telegram /usr/bin/xdg-open 'https://link'

Dmitry · Answer 4 · Sat Mar 16 2024 05:15:57 GMT+0800 (China Standard Time)

What happens with just ignore private-bin?

Note that you can probably debug this with xdg-open directly:
firejail --profile=telegram /usr/bin/xdg-open 'https://link'

I've added the next lines:

noblacklist ${HOME}/.mozilla
whitelist ${HOME}/.mozilla
ignore private-bin

And got the next result:

Error: cannot read UID_MIN and/or GID_MIN from /etc/login.defs, using 1000 by default
Error: cannot read UID_MIN and/or GID_MIN from /etc/login.defs, using 1000 by default
Warning: an existing sandbox was detected. /usr/bin/firefox will run without any additional sandboxing features

Dmitry · Answer 5 · Sat Mar 16 2024 06:20:07 GMT+0800 (China Standard Time)

Fixed by adding dbus related lines and all xdg-open dependencies:

dbus-user.own org.chromium.*
dbus-user.own org.mozilla.firefox.*
private-bin awk,basename,cut,env,grep,head,realpath,sed,tr,uname,xdg-mime
private-bin chromium,chromium-browser,elinks,epiphany,firefox,google-chrome,iceweasel,konqueror,links,links2,lynx,mozilla,seamonkey,w3m,www-browser,x-www-browser

(not tested with chromium)

Related issues:
#3290

glu8716 · Answer 6 · Tue Apr 02 2024 18:31:46 GMT+0800 (China Standard Time)

I just came across this thread and I have a similar problem. By using the default profile what I get is xdg-open: no method available for opening 'https://link'

Adding ignore private-bin opens a new Firefox instance and not the one that is already running:

Error: cannot read UID_MIN and/or GID_MIN from /etc/login.defs, using 1000 by default
Error: cannot read UID_MIN and/or GID_MIN from /etc/login.defs, using 1000 by default
Warning: an existing sandbox was detected. /usr/bin/firefox will run without any additional sandboxing features

Dmitry · Answer 7 · Tue Apr 02 2024 18:40:20 GMT+0800 (China Standard Time)

I just came across this thread and I have a similar problem.

Try this (~/.config/firejail/telegram.local):

noblacklist ${HOME}/Documents
noblacklist ${HOME}/Pictures
noblacklist ${HOME}/Public
noblacklist ${HOME}/Videos

whitelist ${HOME}/Documents
whitelist ${HOME}/Pictures
whitelist ${HOME}/Public
whitelist ${HOME}/Videos

# Fix video calls
# https://github.com/netblue30/firejail/issues/3872
dbus-user.talk org.freedesktop.portal.Desktop
ignore noroot
whitelist /usr/share/pipewire/client.conf

# Fix xdg-open
# https://github.com/netblue30/firejail/issues/6275
dbus-user.own org.chromium.*
dbus-user.own org.mozilla.firefox.*
private-bin awk,basename,cut,env,grep,head,realpath,sed,tr,uname,xdg-mime
private-bin chromium,chromium-browser,elinks,epiphany,firefox,google-chrome,iceweasel,konqueror,links,links2,lynx,mozilla,seamonkey,w3m,www-browser,x-www-browser

glu8716 · Answer 8 · Tue Apr 02 2024 22:28:46 GMT+0800 (China Standard Time)

@reagentoo I've already tried the options in your last post, but unfortunately it doesn't work

glitsj16 · Answer 9 · Tue Apr 02 2024 23:45:14 GMT+0800 (China Standard Time)

Error: cannot read UID_MIN and/or GID_MIN from /etc/login.defs, using 1000 by default

@glu8716
This is fixed in git and will be in the next release. /etc/login.defs is now part of the default group in private-etc refactoring. For 0.9.72 you can add login.defs to private-etc in a telegram.local override. Unlikely this fixes your issue (unless your user != 1000), so just a FYI.

Dmitry · Answer 10 · Tue Apr 02 2024 23:54:29 GMT+0800 (China Standard Time)

Error: cannot read UID_MIN and/or GID_MIN from /etc/login.defs, using 1000 by default

@glu8716 This is fixed in git and will be in the next release. /etc/login.defs is now part of the default group in private-etc refactoring. For 0.9.72 you can add login.defs to private-etc in a telegram.local override. Unlikely this fixes your issue (unless your user != 1000), so just a FYI.

@glitsj16 Hi. Can you please give some comment for the telegram.local in #6275 (comment) (in the context of the refactoring)? Are there any extra or missing rules to fix xdg-open? This config works for me with 0.9.72.

glitsj16 · Answer 11 · Wed Apr 03 2024 00:23:34 GMT+0800 (China Standard Time)

@reagentoo Hi. Your fix from #6275 (comment) looks fine. The mentioned private-etc refactoring doesn't affect it. That being said, there are (socket) alternatives being considered for using D-Bus to support URL handling. See #5364 and #5582 for context.

HTH

glu8716 · Answer 12 · Wed Apr 03 2024 05:43:47 GMT+0800 (China Standard Time)

Error: cannot read UID_MIN and/or GID_MIN from /etc/login.defs, using 1000 by default

@glu8716 This is fixed in git and will be in the next release. /etc/login.defs is now part of the default group in private-etc refactoring. For 0.9.72 you can add login.defs to private-etc in a telegram.local override. Unlikely this fixes your issue (unless your user != 1000), so just a FYI.

Can confirm that the error is fixed with the git version. However I'm still getting Warning: an existing sandbox was detected. /usr/bin/firefox will run without any additional sandboxing features and the link is opened in a new instance of Firefox instead of the already running one.

glitsj16 · Answer 13 · Wed Apr 03 2024 12:38:21 GMT+0800 (China Standard Time)

However I'm still getting Warning: an existing sandbox was detected. /usr/bin/firefox will run without any additional sandboxing features and the link is opened in a new instance of Firefox instead of the already running one.

@glu8716
Have you tried exporting MOZ_DBUS_REMOTE=1 in your ~/.bashrc (or similar if you happen to use a different shell)? It's a known environment variable that avoids the infamous Firefox is already running dialog and should force opening the link in a running Firefox instance. You've got to close all running FF instances, export the env var and start using FF again afterwards.

glu8716 · Answer 14 · Wed Apr 03 2024 21:34:43 GMT+0800 (China Standard Time)

@glitsj16 It doesn't work, unfortunately