VLC can't read MakeMKV's libmmbd for BDs decryption
glu8716 opened this issue · comments
Description
MakeMKV provides libmmbd, which is a library for Blurays Discs decryption. It is installed in /usr/lib/libmmbd.so.0. VLC should automatically read it and play the BD, but it doesn't if launched with Firejail.
Steps to Reproduce
- Download and install MakeMKV
- Open a BD with VLC
Expected behavior
The BD should play.
Actual behavior
The BD doesn't play.
Behavior without a profile
The BD plays.
Environment
- Linux distribution and version: Artix
- Firejail version: 0.9.73
Checklist
- The issues is caused by firejail (i.e. running the program by path (e.g.
/usr/bin/vlc) "fixes" it). - I can reproduce the issue without custom modifications (e.g. globals.local).
- The program has a profile. (If not, request one in
https://github.com/netblue30/firejail/issues/1139) - The profile (and redirect profile if exists) hasn't already been fixed upstream.
- I have performed a short search for similar issues (to avoid opening a duplicate).
- I'm aware of
browser-allow-drm yes/browser-disable-u2f noinfirejail.configto allow DRM/U2F in browsers.
- I'm aware of
- I used
--profile=PROFILENAMEto set the right profile. (Only relevant for AppImages)
Log
VLC launched with Firejail
Reading profile /etc/firejail/vlc.profile
Reading profile /home/freedom/.config/firejail/vlc.local
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-player-common.inc
Reading profile /etc/firejail/whitelist-run-common.inc
Reading profile /etc/firejail/whitelist-runuser-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
firejail version 0.9.73
Parent pid 13452, child pid 13456
Warning: NVIDIA card detected, nogroups command ignored
6 programs installed in 4.23 ms
Warning: NVIDIA card detected, nogroups command ignored
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Base filesystem installed in 42.33 ms
Warning: NVIDIA card detected, nogroups command ignored
Warning: NVIDIA card detected, nogroups command ignored
Warning: NVIDIA card detected, nogroups command ignored
Child process initialized in 91.01 ms
VLC media player 3.0.20 Vetinari (revision 3.0.20-0-g6f0d0ab126b)
[000064b0c83c15b0] main libvlc: Running vlc with the default interface. Use 'cvlc' to use vlc without interface.
[000064b0c849f020] qt interface error: Unable to load extensions module
[000064b0c8451530] main playlist: playlist is empty
keydbcfg.c:701: No valid AACS configuration files found
aacs.c:121: No usable AACS libraries found!
dec.c:197: aacs_open() failed: -2!
[00007dd6f0001130] libbluray demux: First play: 1, Top menu: 1
HDMV Titles: 6, BD-J Titles: 0, Other: 0
VLC launched withfirejail --noprofile
firejail version 0.9.73
Parent pid 13896, child pid 13897
Base filesystem installed in 0.03 ms
Child process initialized in 4.24 ms
Warning: an existing sandbox was detected. /usr/bin/vlc will run without any additional sandboxing features
VLC media player 3.0.20 Vetinari (revision 3.0.20-0-g6f0d0ab126b)
[00005d9bca1af5b0] main libvlc: Running vlc with the default interface. Use 'cvlc' to use vlc without interface.
[00005d9bca23f530] main playlist: playlist is empty
keydbcfg.c:701: No valid AACS configuration files found
[00007b1f84001130] libbluray demux: First play: 1, Top menu: 1
HDMV Titles: 6, BD-J Titles: 0, Other: 0
[00007b1f84001130] libbluray demux: Adding ES 4113 select 1
[00007b1f84001130] libbluray demux: Adding ES 4352 select 1
[00005d9bca27ed80] main audio output error: too low audio sample frequency (0)
[00007b1f7c0d3860] main decoder error: failed to create audio output
[00005d9bca27ed80] vlcpulse audio output error: digital pass-through stream connection failure: Input/Output error
[00005d9bca27ed80] main audio output error: module not functional
[00007b1f7c0d3860] main decoder error: failed to create audio output
[00007b1f60047880] freetype spu text error: LoadFace: Error creating face for /usr/share/fonts/truetype/freefont/FreeSerifBold.ttf - 0 - 2 - 2
[00007b1f60047880] freetype spu text error: Error loading default face
libva error: vaGetDriverNames() failed with unknown libva error
[00007b1f5c001f30] glconv_vaapi_x11 gl error: vaInitialize: unknown libva error
[00007b1f5c001f30] glconv_vaapi_drm gl error: vaInitialize: unknown libva error
libva error: vaGetDriverNames() failed with operation failed
[00007b1f5c001f30] glconv_vaapi_drm gl error: vaInitialize: operation failed
[00007b1f60047880] freetype spu text error: LoadFace: Error creating face for /usr/share/fonts/truetype/freefont/FreeSerifBold.ttf - 0 - 2 - 2
[00007b1f60047880] freetype spu text error: Error loading default face
[00007b1f7c005130] avcodec decoder: Using NVIDIA VDPAU Driver Shared Library 550.78 Sun Apr 14 06:21:06 UTC 2024 for hardware decoding
[00007b1f7c005130] main decoder error: buffer deadlock prevented
[00007b1f84001130] libbluray demux: Reusing ES 4113
[00007b1f84001130] libbluray demux: Reusing ES 4352
[00005d9bca27ed80] main audio output error: too low audio sample frequency (0)
[00007b1f7c0d3860] main decoder error: failed to create audio output
[00007b1f84001130] libbluray demux: Adding ES 4608 select 0
[00007b1f84001130] libbluray demux: Adding ES 4609 select 0
[00005d9bca27ed80] vlcpulse audio output error: digital pass-through stream connection failure: Input/Output error
[00005d9bca27ed80] main audio output error: module not functional
[00007b1f7c0d3860] main decoder error: failed to create audio output
[00007b1f60047880] freetype spu text error: LoadFace: Error creating face for /usr/share/fonts/truetype/freefont/FreeSerifBold.ttf - 0 - 2 - 2
[00007b1f60047880] freetype spu text error: Error loading default face
[00007b1f7c005130] avcodec decoder: Using NVIDIA VDPAU Driver Shared Library 550.78 Sun Apr 14 06:21:06 UTC 2024 for hardware decoding
[00007b1f7c005130] avcodec decoder error: hardware acceleration picture allocation failed
[h264 @ 0x7b1f3c091c00] get_buffer() failed
[h264 @ 0x7b1f3c091c00] thread_get_buffer() failed
[h264 @ 0x7b1f3c091c00] decode_slice_header error
[00007b1f84001130] libbluray demux: Initializing overlay
[00007b1f84001130] libbluray demux: Reusing ES 4113
[00007b1f84001130] libbluray demux error: blurayReleaseVout: subpicture channel exists
[00007b1f84001130] libbluray demux: Reusing ES 4352
[00005d9bca27ed80] main audio output error: too low audio sample frequency (0)
[00007b1f7c0d3860] main decoder error: failed to create audio output
[00007b1f84001130] libbluray demux: Adding ES 4353 select 0
[00007b1f84001130] libbluray demux: Reusing ES 4608
[00007b1f84001130] libbluray demux: Reusing ES 4609
[00005d9bca27ed80] vlcpulse audio output error: digital pass-through stream connection failure: Input/Output error
[00005d9bca27ed80] main audio output error: module not functional
[00007b1f7c0d3860] main decoder error: failed to create audio output
[00007b1f60047880] freetype spu text error: LoadFace: Error creating face for /usr/share/fonts/truetype/freefont/FreeSerifBold.ttf - 0 - 2 - 2
[00007b1f60047880] freetype spu text error: Error loading default face
[00007b1f84001130] libbluray demux error: blurayReleaseVout: subpicture channel exists
[00007b1f7c005130] avcodec decoder: Using NVIDIA VDPAU Driver Shared Library 550.78 Sun Apr 14 06:21:06 UTC 2024 for hardware decoding
[00007b1f84001130] libbluray demux: Reusing ES 4113
[00007b1f84001130] libbluray demux: Reusing ES 4352
[00007b1f84001130] libbluray demux: Reusing ES 4353
[00007b1f84001130] libbluray demux: Reusing ES 4608
[00007b1f84001130] libbluray demux: Reusing ES 4609
[h264 @ 0x7b1f78037a40] co located POCs unavailable
[h264 @ 0x7b1f78008840] co located POCs unavailable
[h264 @ 0x7b1f78001c00] co located POCs unavailable
Never actually used BDs, but VLC probably relies on libbluray to access those. And AFAICT that library needs a java runtime, which the profile blocks by including disable-devel.inc and using a restrictive private-bin.
Have you tried allowing access to java(c) yet? I see you already use a vlc.local, so try adding the below to that:
include allow-java.inc
private-bin java*PS: anything in your vlc.local that might be relevant to this?
I tried to add the two lines but it still won't load the BD. In my .local file I only have the net none option.
Well, that's unfortunate. It might need other stuff in private-bin. I assume you've already tried ignore private-bin to rule that in or out?
Tracking down the culprit option(s) by commenting (=disabling) lines one by one (or in bulk for that matter) does take time, I do realize the pain in that. Yet, as this requires access to bluray hardware (which most if not all collaborators probably don't have) to actually test/reproduce/fix, its your best bet.
I'd start by confirming VLC can do this when sandboxed by running firejail --profile=noprofile /usr/bin/vlc. If that doesn't work it would mean the BD functionality is impossible to sandbox with Firejail. If it does, the detective work can proceed :)
Yes, I have tried with ignore private-bin, but it doesn't work. I'll try to disable different lines and see if I can find the culprit.