UB
Universal Blue•2d ago
mindxpert

Flatpak permission issues

Lately, I've been having some issues with running most of my Flatpak apps. It seems to be related to Vulkan and the inability to create files in /usr (which it shouldn't). I've tried repairing flatpak, tried reinstalling apps with system or user with no luck. I tried rolling back to F40 with no luck then rebased to stable again. Everything should be up to date (using ujust upgrade). I've tried researching with no luck, I might have to wipe and install bazzite again but I hope I don't have to go that route. Here's an example where protontricks fails to run: 
 Nov 19 19:01:57 bazzite systemd[2603]: Started app-com.github.Matoking.protontricks@d4ef2dd0cb9d47dfbba376868b1f2061.service - Protontricks.
Nov 19 19:01:57 bazzite flatpak[36337]: bwrap: Can't mkdir /usr/lib/extensions/vulkan: Read-only file system
Nov 19 19:01:57 bazzite flatpak[36332]: error: ldconfig failed, exit status 256
Nov 19 19:01:57 bazzite systemd[2603]: app-com.github.Matoking.protontricks@d4ef2dd0cb9d47dfbba376868b1f2061.service: Main process exited, code=exited, status=1/FAILURE
Nov 19 19:01:57 bazzite systemd[2603]: app-com.github.Matoking.protontricks@d4ef2dd0cb9d47dfbba376868b1f2061.service: Failed with result 'exit-code'. 
 Nov 19 19:01:57 bazzite systemd[2603]: Started app-com.github.Matoking.protontricks@d4ef2dd0cb9d47dfbba376868b1f2061.service - Protontricks.
Nov 19 19:01:57 bazzite flatpak[36337]: bwrap: Can't mkdir /usr/lib/extensions/vulkan: Read-only file system
Nov 19 19:01:57 bazzite flatpak[36332]: error: ldconfig failed, exit status 256
Nov 19 19:01:57 bazzite systemd[2603]: app-com.github.Matoking.protontricks@d4ef2dd0cb9d47dfbba376868b1f2061.service: Main process exited, code=exited, status=1/FAILURE
Nov 19 19:01:57 bazzite systemd[2603]: app-com.github.Matoking.protontricks@d4ef2dd0cb9d47dfbba376868b1f2061.service: Failed with result 'exit-code'.
30 Replies
termdisc
termdisc•2d ago
why is that trying to run it as a service?
mindxpert
mindxpertOP•2d ago
I'm not sure. I pulled these logs from journalctl. Almost all flatpak apps will generate a similar error. I was having the same issue with Chrome a few days ago. It randomly started working, and today, it stopped working again. 
ed@bazzite:~$ flatpak run com.github.Matoking.protontricks 
bwrap: Can't mkdir /usr/lib/extensions/vulkan: Read-only file system
error: ldconfig failed, exit status 256

ed@bazzite:~$ flatpak run com.google.Chrome 
bwrap: Can't mkdir parents for /usr/lib/x86_64-linux-gnu/GL: Read-only file system

ed@bazzite:~$ flatpak run org.mozilla.firefox
bwrap: Can't mkdir /usr/lib/extensions/vulkan: Read-only file system
error: ldconfig failed, exit status 256
ed@bazzite:~$ flatpak run com.github.Matoking.protontricks 
bwrap: Can't mkdir /usr/lib/extensions/vulkan: Read-only file system
error: ldconfig failed, exit status 256

ed@bazzite:~$ flatpak run com.google.Chrome 
bwrap: Can't mkdir parents for /usr/lib/x86_64-linux-gnu/GL: Read-only file system

ed@bazzite:~$ flatpak run org.mozilla.firefox
bwrap: Can't mkdir /usr/lib/extensions/vulkan: Read-only file system
error: ldconfig failed, exit status 256
termdisc
termdisc•2d ago
i usually only see those bwrap errors when there's a bad symlink somewhere do you have any folders symlinked to / or ~/.var/app? please run ll / and provide the output
mindxpert
mindxpertOP•2d ago
lrwxrwxrwx.   7 root root    7 Sep 29 20:17 bin -> usr/bin
drwxr-xr-x.   7 root root 4096 Nov 19 10:57 boot
drwxr-xr-x.  19 root root 5120 Nov 19 20:45 dev
drwxr-xr-x.   1 root root 5290 Nov 19 10:58 etc
lrwxrwxrwx.   4 root root    8 Sep 29 20:17 home -> var/home
lrwxrwxrwx.   7 root root    7 Sep 29 20:17 lib -> usr/lib
lrwxrwxrwx.   4 root root    9 Sep 29 20:17 lib64 -> usr/lib64
lrwxrwxrwx.   4 root root    9 Sep 29 20:17 media -> run/media
lrwxrwxrwx.   4 root root    7 Sep 29 20:17 mnt -> var/mnt
lrwxrwxrwx.   4 root root    7 Sep 29 20:17 opt -> var/opt
lrwxrwxrwx.   4 root root   14 Sep 29 20:19 ostree -> sysroot/ostree
dr-xr-xr-x. 639 root root    0 Nov 19  2024 proc
lrwxrwxrwx.   4 root root   12 Sep 29 20:17 root -> var/roothome
drwxr-xr-x.  55 root root 1440 Nov 19 20:39 run
lrwxrwxrwx.   7 root root    8 Sep 29 20:17 sbin -> usr/sbin
lrwxrwxrwx.   4 root root    7 Sep 29 20:17 srv -> var/srv
dr-xr-xr-x.  13 root root    0 Nov 19 20:39 sys
drwxr-xr-x.   1 root root   74 Sep 29 20:14 sysroot
drwxrwxrwt.  33 root root 1040 Nov 19 20:45 tmp
drwxr-xr-x.   1 root root  174 Jan  1  1970 usr
drwxr-xr-x.   1 root root  280 Nov 19 10:58 var
lrwxrwxrwx.   7 root root    7 Sep 29 20:17 bin -> usr/bin
drwxr-xr-x.   7 root root 4096 Nov 19 10:57 boot
drwxr-xr-x.  19 root root 5120 Nov 19 20:45 dev
drwxr-xr-x.   1 root root 5290 Nov 19 10:58 etc
lrwxrwxrwx.   4 root root    8 Sep 29 20:17 home -> var/home
lrwxrwxrwx.   7 root root    7 Sep 29 20:17 lib -> usr/lib
lrwxrwxrwx.   4 root root    9 Sep 29 20:17 lib64 -> usr/lib64
lrwxrwxrwx.   4 root root    9 Sep 29 20:17 media -> run/media
lrwxrwxrwx.   4 root root    7 Sep 29 20:17 mnt -> var/mnt
lrwxrwxrwx.   4 root root    7 Sep 29 20:17 opt -> var/opt
lrwxrwxrwx.   4 root root   14 Sep 29 20:19 ostree -> sysroot/ostree
dr-xr-xr-x. 639 root root    0 Nov 19  2024 proc
lrwxrwxrwx.   4 root root   12 Sep 29 20:17 root -> var/roothome
drwxr-xr-x.  55 root root 1440 Nov 19 20:39 run
lrwxrwxrwx.   7 root root    8 Sep 29 20:17 sbin -> usr/sbin
lrwxrwxrwx.   4 root root    7 Sep 29 20:17 srv -> var/srv
dr-xr-xr-x.  13 root root    0 Nov 19 20:39 sys
drwxr-xr-x.   1 root root   74 Sep 29 20:14 sysroot
drwxrwxrwt.  33 root root 1040 Nov 19 20:45 tmp
drwxr-xr-x.   1 root root  174 Jan  1  1970 usr
drwxr-xr-x.   1 root root  280 Nov 19 10:58 var
bazzite@bazzite:~$ ll .var/app/
total 0
drwxr-xr-x. 1 bazzite bazzite 12 Sep 29 20:20 com.github.GradienceTeam.Gradience
drwxr-xr-x. 1 bazzite bazzite 54 Sep 30 14:01 com.github.Matoking.protontricks
drwxr-xr-x. 1 bazzite bazzite 54 Sep 29 23:40 com.github.mtkennerly.ludusavi
drwxr-xr-x. 1 bazzite bazzite 54 Nov 15 16:50 com.github.tchx84.Flatseal
drwxr-xr-x. 1 bazzite bazzite 54 Sep 29 19:17 com.google.Chrome
drwxr-xr-x. 1 bazzite bazzite 54 Sep 30 09:24 com.mattjakeman.ExtensionManager
drwxr-xr-x. 1 bazzite bazzite 54 Nov  9 22:11 com.opera.Opera
drwxr-xr-x. 1 bazzite bazzite 54 Oct 18 20:34 com.transmissionbt.Transmission
drwxr-xr-x. 1 bazzite bazzite 54 Nov  9 22:13 com.vivaldi.Vivaldi
drwxr-xr-x. 1 bazzite bazzite 54 Nov  1 09:15 dev.lizardbyte.app.Sunshine
drwxr-xr-x. 1 bazzite bazzite 54 Sep 30 15:15 info.cemu.Cemu
drwxr-xr-x. 1 bazzite bazzite 12 Sep 29 20:20 io.github.dvlv.boxbuddyrs
drwxr-xr-x. 1 bazzite bazzite 54 Sep 30 14:02 io.github.fastrizwaan.WineZGUI
drwxr-xr-x. 1 bazzite bazzite 54 Sep 30 00:08 it.mijorus.gearlever
drwxr-xr-x. 1 bazzite bazzite 46 Nov  3 10:07 net.agalwood.Motrix
drwxr-xr-x. 1 bazzite bazzite 54 Sep 29 20:12 net.davidotek.pupgui2
drwxr-xr-x. 1 bazzite bazzite 12 Sep 29 19:51 net.kuribo64.melonDS
drwxr-xr-x. 1 bazzite bazzite 54 Oct 30 15:10 net.nokyan.Resources
drwxr-xr-x. 1 bazzite bazzite 46 Nov  3 10:07 org.freedownloadmanager.Manager
drwxr-xr-x. 1 bazzite bazzite 54 Oct 18 20:45 org.jdownloader.JDownloader
drwxr-xr-x. 1 bazzite bazzite 54 Sep 29 20:11 org.kde.filelight
drwxr-xr-x. 1 bazzite bazzite 54 Oct  2 15:57 org.kde.gwenview
drwxr-xr-x. 1 bazzite bazzite 54 Oct  1 22:13 org.kde.haruna
drwxr-xr-x. 1 bazzite bazzite 54 Sep 30 13:23 org.kde.okular
drwxr-xr-x. 1 bazzite bazzite 46 Nov  3 10:07 org.libretro.RetroArch
drwxr-xr-x. 1 bazzite bazzite 54 Nov 19 20:30 org.mozilla.firefox
drwxr-xr-x. 1 bazzite bazzite 12 Sep 29 19:51 org.ppsspp.PPSSPP
drwxr-xr-x. 1 bazzite bazzite 54 Oct 24 10:09 tv.plex.PlexDesktop
bazzite@bazzite:~$ ll .var/app/
total 0
drwxr-xr-x. 1 bazzite bazzite 12 Sep 29 20:20 com.github.GradienceTeam.Gradience
drwxr-xr-x. 1 bazzite bazzite 54 Sep 30 14:01 com.github.Matoking.protontricks
drwxr-xr-x. 1 bazzite bazzite 54 Sep 29 23:40 com.github.mtkennerly.ludusavi
drwxr-xr-x. 1 bazzite bazzite 54 Nov 15 16:50 com.github.tchx84.Flatseal
drwxr-xr-x. 1 bazzite bazzite 54 Sep 29 19:17 com.google.Chrome
drwxr-xr-x. 1 bazzite bazzite 54 Sep 30 09:24 com.mattjakeman.ExtensionManager
drwxr-xr-x. 1 bazzite bazzite 54 Nov  9 22:11 com.opera.Opera
drwxr-xr-x. 1 bazzite bazzite 54 Oct 18 20:34 com.transmissionbt.Transmission
drwxr-xr-x. 1 bazzite bazzite 54 Nov  9 22:13 com.vivaldi.Vivaldi
drwxr-xr-x. 1 bazzite bazzite 54 Nov  1 09:15 dev.lizardbyte.app.Sunshine
drwxr-xr-x. 1 bazzite bazzite 54 Sep 30 15:15 info.cemu.Cemu
drwxr-xr-x. 1 bazzite bazzite 12 Sep 29 20:20 io.github.dvlv.boxbuddyrs
drwxr-xr-x. 1 bazzite bazzite 54 Sep 30 14:02 io.github.fastrizwaan.WineZGUI
drwxr-xr-x. 1 bazzite bazzite 54 Sep 30 00:08 it.mijorus.gearlever
drwxr-xr-x. 1 bazzite bazzite 46 Nov  3 10:07 net.agalwood.Motrix
drwxr-xr-x. 1 bazzite bazzite 54 Sep 29 20:12 net.davidotek.pupgui2
drwxr-xr-x. 1 bazzite bazzite 12 Sep 29 19:51 net.kuribo64.melonDS
drwxr-xr-x. 1 bazzite bazzite 54 Oct 30 15:10 net.nokyan.Resources
drwxr-xr-x. 1 bazzite bazzite 46 Nov  3 10:07 org.freedownloadmanager.Manager
drwxr-xr-x. 1 bazzite bazzite 54 Oct 18 20:45 org.jdownloader.JDownloader
drwxr-xr-x. 1 bazzite bazzite 54 Sep 29 20:11 org.kde.filelight
drwxr-xr-x. 1 bazzite bazzite 54 Oct  2 15:57 org.kde.gwenview
drwxr-xr-x. 1 bazzite bazzite 54 Oct  1 22:13 org.kde.haruna
drwxr-xr-x. 1 bazzite bazzite 54 Sep 30 13:23 org.kde.okular
drwxr-xr-x. 1 bazzite bazzite 46 Nov  3 10:07 org.libretro.RetroArch
drwxr-xr-x. 1 bazzite bazzite 54 Nov 19 20:30 org.mozilla.firefox
drwxr-xr-x. 1 bazzite bazzite 12 Sep 29 19:51 org.ppsspp.PPSSPP
drwxr-xr-x. 1 bazzite bazzite 54 Oct 24 10:09 tv.plex.PlexDesktop
termdisc
termdisc•2d ago
did you ever run flatpak with sudo? or did you install those apps using sudo?
mindxpert
mindxpertOP•2d ago
Just chekcked history and the only time I've ran flatpak with sudo (or as root) was when trying to update Sunshine as I was having trouble launching it. flatpak update com.sunshine.Sunshine 
root@bazzite:~# history | grep flatpak
  136  flatpak update com.sunshine.Sunshine
  160  flatpak list
  161  flatpak run dev.lizardbyte.app.Sunshine
  163  flatpak run dev.lizardbyte.app.Sunshine
  164  flatpak list
  173  flatpak run com.google.Chrome
  181  flatpak override --show com.google.Chrome
  182  flatpak override com.google.Chrome --filesystem=home
  183  flatpak override --show com.google.Chrome
  184  flatpak uninstall com.google.Chrome
  185  flatpak install --user com.google.Chrome
  186  flatpak install com.google.Chrome
  197  flatpak run com.google.Chrome
  202  flatpak run protontricks
  203  flatpak list
  205  flatpak update --subpath=en,gl
  206  flatpak --repair
  207  flatpak repair
  214  flatpak override --system --show
  217  flatpak run com.github.Matoking.protontricks
  220  history | grep flatpak
root@bazzite:~# history | grep flatpak
  136  flatpak update com.sunshine.Sunshine
  160  flatpak list
  161  flatpak run dev.lizardbyte.app.Sunshine
  163  flatpak run dev.lizardbyte.app.Sunshine
  164  flatpak list
  173  flatpak run com.google.Chrome
  181  flatpak override --show com.google.Chrome
  182  flatpak override com.google.Chrome --filesystem=home
  183  flatpak override --show com.google.Chrome
  184  flatpak uninstall com.google.Chrome
  185  flatpak install --user com.google.Chrome
  186  flatpak install com.google.Chrome
  197  flatpak run com.google.Chrome
  202  flatpak run protontricks
  203  flatpak list
  205  flatpak update --subpath=en,gl
  206  flatpak --repair
  207  flatpak repair
  214  flatpak override --system --show
  217  flatpak run com.github.Matoking.protontricks
  220  history | grep flatpak
Everything after #173 was tests after I started having issues. 
bazzite@bazzite:~$ history | grep "sudo flatpak"
  446  sudo flatpak run com.google.Chrome
  471  sudo flatpak run com.google.Chrome
  677  sudo flatpak run com.github.Matoking.protontricks
  689  sudo flatpak update --commit=0f90faaea3e66a353bb667ee87b39eb49626d37d6117f37bba33b770b398b6c9 org.freedesktop.Platform.GL.default/x86_64/23.08-extra
  690  sudo flatpak update --commit=6896a1e84f623eba039b3a0eeabe21a16537f297460a3f3fcbcaab724cd97aaf org.freedesktop.Platform.GL.default//23.08
  691  sudo flatpak update --commit=0f90faaea3e66a353bb667ee87b39eb49626d37d6117f37bba33b770b398b6c9 org.freedesktop.Platform.GL.default//23.08-extra
bazzite@bazzite:~$ history | grep "sudo flatpak"
  446  sudo flatpak run com.google.Chrome
  471  sudo flatpak run com.google.Chrome
  677  sudo flatpak run com.github.Matoking.protontricks
  689  sudo flatpak update --commit=0f90faaea3e66a353bb667ee87b39eb49626d37d6117f37bba33b770b398b6c9 org.freedesktop.Platform.GL.default/x86_64/23.08-extra
  690  sudo flatpak update --commit=6896a1e84f623eba039b3a0eeabe21a16537f297460a3f3fcbcaab724cd97aaf org.freedesktop.Platform.GL.default//23.08
  691  sudo flatpak update --commit=0f90faaea3e66a353bb667ee87b39eb49626d37d6117f37bba33b770b398b6c9 org.freedesktop.Platform.GL.default//23.08-extra
termdisc
termdisc•2d ago
I can’t imagine that updating those Vulkan runtimes using sudo helped
mindxpert
mindxpertOP•2d ago
nope, but I was desperate 😅
termdisc
termdisc•2d ago
something jumping out at me from this is that you ran this command as root. do you normally run commands as root?
mindxpert
mindxpertOP•2d ago
No, don't run things as root usually. At least I don't try to. The reason why I ran that command as root is to search history when I tried running flatpak as root (sudo -i) and not sudo flatpak from my normal user.
termdisc
termdisc•2d ago
I should note here that you should never be running flatpak with sudo -- likely to avoid all of this you should probably uninstall everything you touched using sudo flatpak or sudo -i also, don't mess with the Sunshine flatpak. there's already a ujust script to layer it in for better usage
mindxpert
mindxpertOP•2d ago
The only exception was Sunshine because it needed some access and read that it was suggested to run as sudo. Other commands were my tests/tries to get the flatpaks to work. It's been a long time since I ran the Sunshine commands and stuff had been working fine until recently
termdisc
termdisc•2d ago
ujust setup-sunshine exists already
mindxpert
mindxpertOP•2d ago
that's what I'm using now. Learned that a bit late though as I had already tried to get it with Flatpak (and sudo on top of it)
termdisc
termdisc•2d ago
I'd go in and uninstall Chrome, Sunshine and Protontricks then reinstall them non-sudo
mindxpert
mindxpertOP•2d ago
I can give that another try. Do you suggest installing via Discover or cli?
termdisc
termdisc•2d ago
doesn't really matter so long as you aren't root/sudo
mindxpert
mindxpertOP•2d ago
reinstalled but the same error shows up
termdisc
termdisc•2d ago
can you try running any other flatpak that wasn't touched by sudo? I also forgot to mention that you may probably want to uninstall the GL runtime as well because you updated that with sudo
mindxpert
mindxpertOP•2d ago
Same error by picking random flatpak apps. I have not installed Chrome or Protontricks via sudo. reinstalling GL now Protontricks error changed with a different directory: 
bazzite@bazzite:~$ flatpak run com.github.Matoking.protontricks 
bwrap: Can't mkdir /app/lib/i386-linux-gnu/GL: Read-only file system
error: ldconfig failed, exit status 256
bazzite@bazzite:~$ flatpak run com.github.Matoking.protontricks 
bwrap: Can't mkdir /app/lib/i386-linux-gnu/GL: Read-only file system
error: ldconfig failed, exit status 256
termdisc
termdisc•2d ago
reinstall the packages with GL32 in the name
mindxpert
mindxpertOP•2d ago
same GL error with protontricks
termdisc
termdisc•2d ago
https://github.com/flathub/net.lutris.Lutris/issues/61
GitHub
bwrap: Can't mkdir /app/lib/i386-linux-gnu/GL: Read-only file syste...
Hello, When trying to launch lutris, I get the following error: bwrap: Can't mkdir /app/lib/i386-linux-gnu/GL: Read-only file system error: ldconfig failed, exit status 256 Is there anything th...
mindxpert
mindxpertOP•2d ago
Similar refs found for ‘org.gnome.Platform.Compat.i386’ in remote ‘flathub’ (system):

   1) runtime/org.gnome.Platform.Compat.i386/x86_64/3.34
   2) runtime/org.gnome.Platform.Compat.i386/x86_64/3.38
   3) runtime/org.gnome.Platform.Compat.i386/x86_64/3.36
   4) runtime/org.gnome.Platform.Compat.i386/x86_64/40
   5) runtime/org.gnome.Platform.Compat.i386/x86_64/41
   6) runtime/org.gnome.Platform.Compat.i386/x86_64/42
   7) runtime/org.gnome.Platform.Compat.i386/x86_64/43
   8) runtime/org.gnome.Platform.Compat.i386/x86_64/44
   9) runtime/org.gnome.Platform.Compat.i386/x86_64/47
  10) runtime/org.gnome.Platform.Compat.i386/x86_64/46
  11) runtime/org.gnome.Platform.Compat.i386/x86_64/45

Which do you want to use (0 to abort)? [0-11]: 
Similar refs found for ‘org.gnome.Platform.Compat.i386’ in remote ‘flathub’ (system):

   1) runtime/org.gnome.Platform.Compat.i386/x86_64/3.34
   2) runtime/org.gnome.Platform.Compat.i386/x86_64/3.38
   3) runtime/org.gnome.Platform.Compat.i386/x86_64/3.36
   4) runtime/org.gnome.Platform.Compat.i386/x86_64/40
   5) runtime/org.gnome.Platform.Compat.i386/x86_64/41
   6) runtime/org.gnome.Platform.Compat.i386/x86_64/42
   7) runtime/org.gnome.Platform.Compat.i386/x86_64/43
   8) runtime/org.gnome.Platform.Compat.i386/x86_64/44
   9) runtime/org.gnome.Platform.Compat.i386/x86_64/47
  10) runtime/org.gnome.Platform.Compat.i386/x86_64/46
  11) runtime/org.gnome.Platform.Compat.i386/x86_64/45

Which do you want to use (0 to abort)? [0-11]:
I assume #9 for 47 right? The comment on Github mentions 3.34 but I'm assuming that was recent back in 2019
termdisc
termdisc•2d ago
yeah you probably need 47
mindxpert
mindxpertOP•2d ago
Also, is there a difference when installing flatpaks as system vs user? I think it's the same even though I only have one user
termdisc
termdisc•2d ago
system is the default now I wouldn't install anything with user because then you'd have two copies of the runtimes
mindxpert
mindxpertOP•2d ago
protontricks same error with the changes 
bazzite@bazzite:~$ flatpak run com.github.Matoking.protontricks 
bwrap: Can't mkdir /app/lib/i386-linux-gnu/GL: Read-only file system
bazzite@bazzite:~$ flatpak run com.github.Matoking.protontricks 
bwrap: Can't mkdir /app/lib/i386-linux-gnu/GL: Read-only file system
interesting that org.libretro.RetroArch might be the only flatpak working. Maybe it does not depend on vulkan?
mindxpert
mindxpertOP•2d ago
Nope, it uses vulkan so that might not be it
No description
mindxpert
mindxpertOP•2d ago
One thing that could be related is that I had trouble running games in Desktop mode as well. The ~/.vulkan/extensions/vulkan_icd.json did not exist. I added the file manually with some data that I gathered during some research for my device (Rog Ally X with AMD iGPU). Games run fine in desktop mode now. Game mode was not affected. 
{
    "ICD": {
    "api_version": "1.3.289",
        "library_path": "/usr/lib64/libvulkan_radeon.so"
    },
    "file_format_version": "1.0.0"
}
{
    "ICD": {
    "api_version": "1.3.289",
        "library_path": "/usr/lib64/libvulkan_radeon.so"
    },
    "file_format_version": "1.0.0"
}
Not sure if that could be related with the flatpak mentioning the /usr/lib/extension/vulkan directory.
Want results from more Discord servers?
Add your server