Firefox wouldn't run on Plasma Wayland

YamiYukiSenpai · February 16, 2021, 5:42am

I have Firefox from the beta channel, and it wouldn’t launch on my KDE Neon 20.04 Unstable Edition running on Wayland session.

When I do it from the terminal, I get this:

No protocol specified
Unable to init server: Could not connect: Connection refused
Error: cannot open display: :1

I have XWayland installed, but is there anything I need to do to make it run?

alan_g · February 16, 2021, 3:09pm

From my experience running Firefox with Mir Wayland:

Check that the wayland interface is connected; and,
Firefox may need MOZ_ENABLE_WAYLAND=1 set in the environment to connect to Wayland.

HTH

oSoMoN · February 16, 2021, 3:54pm

Additionally to what Alan wrote, this needs to be enabled in the firefox snap itself, which is tracked by upstream bug #1631462.

YamiYukiSenpai · February 21, 2021, 3:55pm

Damn. Seems like they won’t do it until version 87 (probably).

jamesh · February 22, 2021, 7:27am

While having Firefox run as a native Wayland client would likely fix things, I’m curious about why it couldn’t connect to Plasma’s Xwayland. Have you had any success running other X11-only snaps? My suspicion is that this is a problem with the snap being able to read the Xauthority file holding the login token for the X11 server.

Could you try running echo $XAUTHORITY from a terminal on a Plasma Wayland session? The output should be a file name, whose name is not security sensitive.

Looking at the Kwin source code, it looks like it will be generating an Xauthority file named like $XDG_RUNTIME_DIR/xauth_*, which our current AppArmor rules don’t grant read access to:

github.com

KDE/kwin/blob/553b6d39c69fccbb6854bb4a35a6bba889ad342d/src/xwl/xwayland.cpp#L102-L104


const QString runtimeDirectory = QStandardPaths::writableLocation(QStandardPaths::RuntimeLocation);
authorityFile->setFileTemplate(runtimeDirectory + QStringLiteral("/xauth_XXXXXX"));

If that’s the case, then we can probably solve this on the snapd side by allowing read access to this path.

YamiYukiSenpai · February 22, 2021, 6:57pm

/run/user/1000/xauth_gLnrWy

jamesh · February 23, 2021, 1:10am

Thank you. That looks like something we could fix on the snapd side.

If you’d like to help verify, you could try editing the AppArmor profile that snapd generated for Firefox to see if it fixes things. This is a bit fiddly, so I would understand if you’d prefer not to.

These are the steps if you’re game:

Open /var/lib/snapd/apparmor/profiles/snap.firefox.firefox in a text editor. You’ll have to use sudo, as the file is only writable by root.
In that file, search for “mutter/Xauthority”
Insert a new line below that with the following contents (note that the trailing comma is important):
```
owner /run/user/[0-9]*/xauth_* r,
```
Save the file. You can close the text editor now.

Load the modified AppArmor profile into the kernel with the following command:

sudo apparmor_parser -r /var/lib/snapd/apparmor/profiles/snap.firefox.firefox

If everything has worked, you should be able to start Firefox now. Note that this fix is only temporary, and will likely be undone if any of the firefox or snapd snaps get updated. The real fix will be to get snapd to include this new rule in the profiles it generates.

jamesh · February 23, 2021, 5:19am

And here’s the snapd pull request that would make this profile change permanent:

It looks like this code for setting up the Xauthority file is only a few weeks old at this point, which is probably why you’re one of the first to trip over it. So hopefully we can get the snapd fix in before it makes it to a stable KDE release.