Systray icon does not appear on in plasma(6) wayland session if sunshine has cap_sys_admin

[v-evets]

Is there an existing issue for this?

• I have searched the existing issues

Is your issue described in the documentation?

• I have read the documentation

Is your issue present in the latest beta/pre-release?

This issue is present in the latest git master

Describe the Bug

If sunshine has cap_sys_admin, libayatana-appindicator cannot get a session bus due to AT_SECURE flag being set:

libayatana-appindicator-WARNING **: 17:01:17.275: Unable to get the session bus: Cannot spawn a message bus when AT_SECURE is set
LIBDBUSMENU-GLIB-WARNING **: 17:01:17.275: Unable to get session bus: Cannot spawn a message bus when AT_SECURE is set
Gtk-CRITICAL **: 17:01:17.380: gtk_widget_get_scale_factor: assertion 'GTK_IS_WIDGET (widget)' failed

Setting GDK_BACKEND=x11 allows creation of a systray icon, but it is non-functional (does not receive clicks).

I am too lazy to test the latest prerelease, because it FTBFS with boost 1.86 (probably #3248), the build system is a nightmare of pinned dep versions and compile-time downloads (we compile in a sandbox on gentoo), I don't have snap or flatpak installed, and appimage is blocked by #3252

Tested with 0.23.1 release and git master@e90b71c

Expected Behavior

Official installation instructions should result in a working install under most common distribution configurations (selinux, wayland, plasma etc.), any required workarounds or caveats should be documented.

Additional Context

No response

Host Operating System

Linux

Operating System Version

Gentoo Linux 2.15

Architecture

64 bit

Sunshine commit or version

0.23.1

Package

other (not listed)

GPU Type

AMD

GPU Model

RX 6700 XT

GPU Driver/Mesa Version

24.1.7

Capture Method

KMX (Linux)

Config

fps = [10,30,60,75]
resolutions = [
    352x240,
    480x360,
    858x480,
    1280x720,
    1920x1080
]
capture = kms
channels = 2
back_button_timeout = 1000
min_log_level = 3
origin_web_ui_allowed = pc
encoder = vaapi

Apps

No response

Relevant log output

Relevant output in report body. Stupid template.

[ReenigneArcher]

because it FTBFS with boost 1.86

If you can remove boost from deps, Sunshine will fetch boost 1.85 automatically (assuming your build has internet access)... or if they are pinned, then it should be pinned to 1.85.

[v-evets]

git master@e90b71c fails with identical errors:

(sunshine:28875): libayatana-appindicator-WARNING **: 21:43:43.143: Unable to get the session bus: Cannot spawn a message bus when AT_SECURE is set

(sunshine:28875): LIBDBUSMENU-GLIB-WARNING **: 21:43:43.143: Unable to get session bus: Cannot spawn a message bus when AT_SECURE is set

[v-evets]

On a more general note, running GUI applications with cap_sys_admin is functionally equivalent to making them suid root. This has been heavily discouraged since 1999, and with good reason.
Running a webserver (local or otherwise) with admin caps is even worse, and frankly makes me reconsider the wisdom of having this project on my systems at all.

[chewi]

FYI I have reproduced this, but I haven't had time to dig into it much. I did see that the glib source simply doesn't allow this, and there didn't seem to be any way around it, but then why does it (almost) work with X11?

[v-evets]

Actually, it does work properly in an X11 (user) session.
Where it's partially broken is wayland with GDK_BACKEND=x11, which will obviously involve xwayland (and whatever convoluted shenanigans plasma uses for a systray this month) rather than X11 proper.

I may have been barking up the wrong tree with my initial take on those warnings too... Because they also appear in an X11 session with a perfectly functional sunshine systray.
Plot thickens and all that.

We're not falling back to "legacy" xembed if appindicator fails are we? From what I see xembed in plasma/xwayland is all kinds of janky at the moment (bunch of reports relating to missing/repeated/misdirected clicks, xwayland sends xembed input through desktop-portal now, e.g.).

Some more permutations:

X11 session with cap_sys_admin (working systray):
libayatana-appindicator-WARNING **: 23:08:52.728: Unable to get the session bus: Cannot spawn a message bus when AT_SECURE is set

LIBDBUSMENU-GLIB-WARNING **: 23:08:52.728: Unable to get session bus: Cannot spawn a message bus when AT_SECURE is set

Wayland session with cap_sys_admin (no systray):
libayatana-appindicator-WARNING **: 23:05:32.252: Unable to get the session bus: Cannot spawn a message bus when AT_SECURE is set

LIBDBUSMENU-GLIB-WARNING **: 23:05:32.252: Unable to get session bus: Cannot spawn a message bus when AT_SECURE is set

Gtk-CRITICAL **: 23:05:32.252: gtk_widget_get_scale_factor: assertion 'GTK_IS_WIDGET (widget)' failed

Wayland + GDK_BACKEND=x11 with cap_sys_admin (broken systray):
libayatana-appindicator-WARNING **: 23:05:32.252: Unable to get the session bus: Cannot spawn a message bus when AT_SECURE is set

LIBDBUSMENU-GLIB-WARNING **: 23:05:32.252: Unable to get session bus: Cannot spawn a message bus when AT_SECURE is set

Wayland or X11, without cap_sys_admin (working systray):
crickets

Very curious.

In any case, I still recon getting rid of cap_sys_admin on the main binary (i.e. use a minimal helper that just opens FDs for KMS capture) is well worth persuing. Something like:
https://obsproject.com/forum/threads/experimental-zero-copy-screen-capture-on-linux.101262/
and:
https://copyconstruct.medium.com/file-descriptor-transfer-over-unix-domain-sockets-dcbbf5b3b6ec
?

[chewi]

I agree, that does seem like the way to go.

[LizardByte-bot]

It seems this issue hasn't had any activity in the past 90 days. If it's still something you'd like addressed, please let us know by leaving a comment. Otherwise, to help keep our backlog tidy, we'll be closing this issue in 10 days. Thanks!

[LizardByte-bot]

This issue was closed because it has been stalled for 10 days with no activity.