Issues getting started with Portmaster

Thank you for the tip, however, portmaster leaves me with a small empty window indefinitely. There is a fix on their website but the /opt/safing folder doesn’t (yet) exist on my machine.

Looking at my terminal output I seem to have 2 problems:

(portmaster:49779): libayatana-appindicator-WARNING **: 10:00:08.909: libayatana-appindicator is deprecated. Please use libayatana-appindicator-glib in newly written code.

I can do that but I’d have to get the glib package from the AUR. However, the portmaster icon works so this doesn’t seem to be critical.

The second issue is:

Could not create GBM EGL display: EGL_SUCCESS. Aborting...
[2026-04-14][07:55:31][portmaster::portmaster::websocket][DEBUG] Trying to connect to websocket endpoint
[2026-04-14][07:55:31][portmaster::portmaster::websocket][ERROR] failed to create portapi client: Connection refused (os error 111)

Since I’m running firejail the reason for this might be the missing firejail profile for portmaster. I tried:
firejail --noprofile portmaster
but the issue remains.
Can you see an easy way to make the two apps work together or are they simply incompatible?

I have been playing with the portmaster in connection with the security topics.

All my tests is on unstable branch - so I could suspect there could be differences between stable and unstable - issues may have been solved with the iteration I was testing.

It makes no sense to run portmaster in a firejail.

I believe this is the source of the blank window…

According to the firejail man page firejail --noprofile portmaster should start portmaster outside the sandbox.

Switched from 2.0.0-2 from the repos to 2.0.0-6 in AUR.

What’s odd is that the icon showed yellow, a notification about downloading config files appeared and now the icon shows green with status ‘secured’, however, the UI stays blank.

That won’t change anything.

The package is a stub - which loads the necessary files from the official distribution servers - so my thought is that your network configuration prevents portmaster from getting the files.

But I don’t understand why you must run it through firejail - that makes absolute no sense at all.

It works. For example it blocks connected devices on the wifi AP I’m running on the machine. If I use the Icon and ‘pause portmaster for a minute’ the devices connect to the AP again, for a minute.

However, the main window stays blank. Btw, I’m not the only one with this issue.

Hmm - I cannot reproduce it - I have tried with a couple of systems - the portmaster GUI opens as I expect.

I am inclined to think it has something to do with running with firejail.

Running multiple security solutions at the same time often create hard to troubleshoot issues.

Have you tested without firejail?

/EDIT:
I just realised the systems I have tested is all based on AMD.

So now I am going to test an Nvidia based system.

/EDIT:

I have tested on

• Plasma Desktop (AMD system) - no issues
• Cosmic Desktop (Intel/Nvidia system) - no issues
• low spec Yepo winbook with Manjaro xfce (Intel) - no issues

Whatever is causing your black window - I do not know

• Desktop - far fetched in my opinion
• Local configuration - more likely

• Removed firejail - issue persists

• Followed instructions on their website to first completely uninstall/remove any left-overs, then reinstalled with their install-portmaster.sh script - issue persists.

• Finally, followed the hint: libayatana-appindicator is deprecated. Please use libayatana-appindicator-glib in newly written code. - issue persists

Giving up.

That is OK with me.

Since then I have tested yet another test laptop, this time a Tuxedo InfinitiBook Pro gen.8 - a new installation using a custom Manjaro Plasma.

After a reboot the service started as indicated by running

systemctl status portmaster

but the app window did not open when started.

The error message indicated an issue with the libayatana app indicator.

After syncing the package, the application open as expected.

sudo pacman -Syu libayatana-appindicator

Every system I have tested is using Manjaro unstable branch except for the Nvidia system - it was done using stable branch.

Laptops for testing

20260418_1732161920×1440 321 KB

Thanks for putting so much effort in it.
By ‘giving up’ I meant that I’m running out of ideas. If anyone can point me to a fix I’m happy to have a go. Like your Tuxedo mine is also a Clevo (Schenker):

inxi -Fz
System:
  Kernel: 6.6.128-1-MANJARO arch: x86_64 bits: 64
  Desktop: Xfce v: 4.20.1 Distro: Manjaro Linux
Machine:
  Type: Laptop System: Notebook product: W35xSS_370SS v: N/A
    serial: <superuser required>
  Mobo: Notebook model: W35xSS_370SS serial: <superuser required>
    Firmware: BIOS vendor: American Megatrends v: 4.6.5 date: 04/08/2014
Battery:
  ID-1: BAT0 charge: 56.9 Wh (100%) condition: 56.9/77 Wh (73.9%) volts: 6.86
    min: 14.8
CPU:
  Info: quad core model: Intel Core i7-4712MQ bits: 64 type: MT MCP cache:
    L2: 1024 KiB
  Speed (MHz): avg: 2300 min/max: 800/3300 cores: 1: 2300 2: 2300 3: 2300
    4: 2300 5: 2300 6: 2300 7: 2300 8: 2300
Graphics:
  Device-1: Intel 4th Gen Core Processor Integrated Graphics driver: i915
    v: kernel
  Device-2: NVIDIA GM107M [GeForce GTX 860M] driver: nvidia v: 575.64.05
  Display: x11 server: X.Org v: 21.1.21 driver: X:
    loaded: modesetting,nvidia dri: crocus gpu: i915 resolution:
    1: 1920x1080~60Hz 2: 1368x768~60Hz
  API: EGL v: 1.5 drivers: nvidia platforms: x11,surfaceless
  API: OpenGL v: 4.6.0 vendor: nvidia v: 575.64.05 renderer: NVIDIA GeForce
    GTX 860M/PCIe/SSE2
  Info: Tools: api: eglinfo,glxinfo de: xfce4-display-settings
    gpu: nvidia-settings,nvidia-smi x11: xdpyinfo, xprop, xrandr
Audio:
  Device-1: Intel Xeon E3-1200 v3/4th Gen Core Processor HD Audio
    driver: snd_hda_intel
  Device-2: Intel 8 Series/C220 Series High Definition Audio
    driver: snd_hda_intel
  Device-3: BEHRINGER GmbH UMC404HD 192k driver: snd-usb-audio type: USB
  API: ALSA v: k6.6.128-1-MANJARO status: kernel-api
  Server-1: PipeWire v: 1.6.2 status: active
Network:
  Device-1: Intel Wireless 3160 driver: iwlwifi
  IF: ap0 state: up mac: <filter>
  Device-2: Realtek RTL8111/8168/8211/8411 PCI Express Gigabit Ethernet
    driver: r8169
  IF: enp4s0f1 state: up speed: 100 Mbps duplex: full mac: <filter>
  IF-ID-1: wlp3s0 state: down mac: <filter>
Bluetooth:
  Device-1: Intel Bluetooth wireless interface driver: btusb type: USB
  Report: rfkill ID: hci0 rfk-id: 0 state: down bt-service: N/A rfk-block:
    hardware: no software: no address: see --recommends
Drives:
  Local Storage: total: 305.16 GiB used: 64.96 GiB (21.3%)
  ID-1: /dev/mmcblk0 model: SR64G size: 59.48 GiB type: Removable
  ID-2: /dev/sda vendor: Crucial model: CT120M500SSD1 size: 111.79 GiB
  ID-3: /dev/sdb vendor: IBM model: ESA3SMD2MSPB128GB size: 119.24 GiB
  ID-4: /dev/sdc model: General size: 14.65 GiB type: USB
Partition:
  ID-1: / size: 113.6 GiB used: 64.96 GiB (57.2%) fs: ext4 dev: /dev/sdb6
Swap:
  ID-1: swap-1 type: partition size: 3.42 GiB used: 0 KiB (0.0%)
    dev: /dev/sdb5
Sensors:
  System Temperatures: cpu: 81.0 C mobo: N/A gpu: nvidia temp: 65 C
  Fan Speeds (rpm): N/A
Info:
  Memory: total: 24 GiB note: est. available: 23.3 GiB used: 3.12 GiB (13.4%)
  Processes: 257 Uptime: 3h 43m Shell: Bash inxi: 3.3.40

I’m starting to wonder if this might be caused by webkit2gtk-4.1 not playing well with the 475.xxx nvidia driver since I encountered similar blank windows in foliate and bookworm e-readers. They used to work but I had to move to coolreader a while ago. However, atril also requires the package and this works.

Trying a newer kernel or switching branches isn’t an option right now since I’m traveling in a couple of days, will have another go when I’m back.

the portmaster executable is a symlink to `/usr/lib/portmaster/portmaster-ui-start.sh

 $ cat /usr/lib/portmaster/portmaster-ui-start.sh 
#!/bin/bash

# WEBKIT_DISABLE_COMPOSITING_MODE=1 disables hardware acceleration in WebKit
# This prevents rendering issues on certain Linux systems
# with problematic GPU drivers or configurations. For Tauri 2 applications like Portmaster,
# this forces software rendering which provides more consistent behavior across different
# Linux distributions and hardware combinations.

WEBKIT_DISABLE_COMPOSITING_MODE=1 /usr/lib/portmaster/portmaster "$@"

What if you test the app by running from CLI

WEBKIT_DISABLE_COMPOSITING_MODE=0 /usr/lib/portmaster/portmaster "$@"

You can add verbose as well (if the above doesn’t give you enough information).

WEBKIT_DISABLE_COMPOSITING_MODE=0 /usr/lib/portmaster/portmaster -v "$@"

Would like to add that this seems unconnected to nvidia since the issue persists when using the integrated intel gpu.

Thanks for the hints but running out of time for now, will follow up on that when I’m back.

Edit: Errmm, couldn’t possibly bugger off without trying it, et voilà, ça marche.

So it just worked in the terminal?

Or did the terminal output give you the information you needed to get it to work?

I knew that once it’s run or the machine is rebooted it creates an entry in Control Center >> Sessions and Startup >> Application Autostart with the command usr/bin/portmaster --with-prompts --with-notifications --background. So I did a clean install and started it in terminal with:

WEBKIT_DISABLE_COMPOSITING_MODE=0 /usr/lib/portmaster/portmaster "$@"

which created:

$ cat /usr/bin/portmaster
#!/bin/bash

# WEBKIT_DISABLE_COMPOSITING_MODE=1 disables hardware acceleration in WebKit
# This prevents rendering issues on certain Linux systems
# with problematic GPU drivers or configurations. For Tauri 2 applications like Portmaster,
# this forces software rendering which provides more consistent behavior across different
# Linux distributions and hardware combinations.

WEBKIT_DISABLE_COMPOSITING_MODE=1 /usr/lib/portmaster/portmaster "$@"

and makes this permanent. Oh… I see…, well, must be magic because it does work now. Maybe WEBKIT_DISABLE_COMPOSITING_MODE=0 is only needed for the setup?
Got to go.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.