qubes-issues icon indicating copy to clipboard operation
qubes-issues copied to clipboard

Published 20 hours ago verified publisher icon QubesOS

Nautilus stalls at irregular intervals. Issue with Landlock.

Open umbratic opened this issue 6 months ago • 5 comments

How to file a helpful issue

Qubes OS release

Qubes release 4.2.4 (R4.2) Template: fedora-41 $ uname -r : 6.12.25-1.qubes.fc37.x86_64

Brief summary

Nautilus stalls at irregular intervals for up to 10 seconds. Sometimes once a day, sometimes several times.

Steps to reproduce

Start Qube based on fedora-41 start Nautilus At irregular intervals (hours) Nautilus stalls (a few seconds) for no apparent reason.

Expected behavior

Does not stall.

Actual behavior

Stalls.

Additional information

$ journalctl -r Jun 01 13:44:19 PRIVAT tracker-miner-f[3699]: Refusing to extract file data since Landlock could not be enabled. Update your kernel to fix this war> Jun 01 13:44:19 PRIVAT tracker-miner-f[3699]: Could not get landlock supported ABI: Operation not supported

$ sudo journalctl -k Jun 01 13:13:34 PRIVAT kernel: landlock: Disabled but requested by user space. You should enable Landlock at boot time: https://docs.kernel.org/userspace-api/landlock.html#boot-time-configuration

umbratic avatar Jun 01 '25 13:06 umbratic

Probably not related to Landlock but to GNOME Tracker indexing your files. It can be turned off like this:

[user@dom0 ~]$ qvm-service --disable VMNAME tracker

rustybird avatar Jun 02 '25 10:06 rustybird

Thank you @rustybird. Does this have any unintended consequences? Evolution runs in the same VM.

See comment @marmarek: https://github.com/QubesOS/qubes-core-agent-linux/pull/450

umbratic avatar Jun 02 '25 10:06 umbratic

IIUC disabling tracker wouldn't break Evolution, but disabling evolution-data-server would. However:

Tracker disabled breaks the music player insofar as it will not be able to list music the user has in user folders.

rustybird avatar Jun 02 '25 11:06 rustybird

OK, understood. So if I disable Tracker, Rhythmbox (same VM) can no longer update the list of music in user folders? If the music is on a remote server (by CIFS), will it still break the update mechanism?

umbratic avatar Jun 02 '25 11:06 umbratic

Sorry I don't know, but if something breaks I think you could always just re-enable the service by resetting to the default:

[user@dom0 ~]$ qvm-service --default VMNAME tracker

rustybird avatar Jun 02 '25 12:06 rustybird

Another question might be why Landlock is disabled - or not enabled, at any rate. Is there a decision record or issue comment somewhere tracking this? Seems a reasonable LSM to enable in Qubes templates...

ideologysec avatar Jun 21 '25 21:06 ideologysec

FWIW the kernel used by qubes is built with CONFIG_SECURITY_LANDLOCK=y.

marmarek avatar Jun 21 '25 22:06 marmarek