Fedora Account System
Red Hat Associate
Red Hat Customer
generating thumbnails for EPUB images doesn't work on Fedora 43. It looks like the thumbnailer internally uses gdk-pixbuf2, which launches a glycin loader, but this fails: $ gnome-epub-thumbnailer --size 64 <something>.epub output.png ** (gnome-epub-thumbnailer:5832): WARNING **: 23:50:52.761: Could not thumbnail 'pg76871-images.epub': Loader process exited early with status '1'Command: "bwrap" "--unshare-all" "--die-with-parent" "--chdir" "/" "--ro-bind" "/usr" "/usr" "--dev" "/dev" "--ro-bind-try" "/etc/ld.so.cache" "/etc/ld.so.cache" "--ro-bind-try" "/nix/store" "/nix/store" "--tmpfs" "/tmp-home" "--tmpfs" "/tmp-run" "--clearenv" "--setenv" "HOME" "/tmp-home" "--setenv" "XDG_RUNTIME_DIR" "/tmp-run" "--symlink" "/usr/lib" "/lib" "--symlink" "/usr/lib64" "/lib64" "--seccomp" "13" "/usr/libexec/glycin-loaders/2+/glycin-image-rs" "--dbus-fd" "12" In the journal, multiple SELinux issues are visible: AVC avc: denied { write } for pid=5832 comm="blocking-4" name="org.gnome.DisplayManager" dev="tmpfs" ino=2333 scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xdm_var_run_t:s0 tclass=sock_file permissive=0 AVC avc: denied { create } for pid=5840 comm="bwrap" scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tclass=user_namespace permissive=0 AVC avc: denied { write } for pid=5832 comm="blocking-4" name="io.systemd.Machine" dev="tmpfs" ino=2162 scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=system_u:object_r:systemd_userdbd_runtime_t:s0 tclass=sock_file permissive=0 AVC avc: denied { write } for pid=5832 comm="blocking-4" name="io.systemd.Multiplexer" dev="tmpfs" ino=998 scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=system_u:object_r:systemd_userdbd_runtime_t:s0 tclass=sock_file permissive=0 AVC avc: denied { write } for pid=5832 comm="blocking-4" name="io.systemd.DynamicUser" dev="tmpfs" ino=982 scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=system_u:object_r:systemd_userdbd_runtime_t:s0 tclass=sock_file permissive=0 Reproducible: Always
Disabling SELinux and running the thumbnailer from the command line makes it work, but actually, the thumbnailer still doesn't produce thumbnails that are usable by file managers like nautilus. So I'm not sure what's going on.
I am not sure what "usable by filemanagers" means in this context, but at least here the thumbnalier produces normal png $ gnome-epub-thumbnailer ./humblebookbundle/unix/unixpowertools.epub test.png $ file test.png test.png: PNG image data, 256 x 335, 8-bit/color RGB, non-interlaced
Yes, as I wrote in the second comment, running it from the command line works. But as far as I can tell, that's just because thumbnailer processes are sandboxed an additional time when triggered by file managers, and *that* is what breaks here.
Sorry but I am clueless and don't have the bandwidth to dive into it. Whomever came up with the new out of process gdk-pixbuf architecture probably has some ideas on what to do/test/fix here
Yeah, the issue is being discussed in GNOME upstream. I just filed this bug so it is tracked downstream too.
This was resolved by changes in gdk-pixbuf2 / glycin.