Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Question: pywalfox with firejail #60

Closed
hexive opened this issue Mar 4, 2021 · 5 comments
Closed

Question: pywalfox with firejail #60

hexive opened this issue Mar 4, 2021 · 5 comments

Comments

@hexive
Copy link

hexive commented Mar 4, 2021

Thanks for pywalfox it's great!

I use the firejail sandboxing app with firefox. Would you happen to know what directories I would need to whitelist for pywalfox to work properly?

Thanks in advance.
@Frewacom
Copy link
Owner

Frewacom commented Mar 4, 2021

I am glad you like it!

The native messaging host is installed to ~/.mozilla/native-messaging-hosts and should be the only directory that needs whitelisting.

@hexive
Copy link
Author

hexive commented Mar 4, 2021

Thanks for your help!

It looks like firejail also restricts some /bin access and does dbus sandboxing as well.

Are there any external programs that pywalfox depends on that should be whitelisted?

And I don't know anything about dbus. I assume pywalfox is using dbus for communication with the api? Would there be a name that could be whitelisted?

The firejail dbus allow statements look like this, for example:

dbus-user.own org.mozilla.Firefox.*
dbus-user.own org.mozilla.firefox.*
dbus-user.own org.mpris.MediaPlayer2.firefox.*
dbus-user.talk org.freedesktop.Notifications

If I can get this working I'll post my firefox.local profile here to help anyone else that may use pywalfox & firejail.

@Frewacom
Copy link
Owner

Frewacom commented Mar 4, 2021
edited
Loading

Pywalfox is dependent on the executable that you (probably) installed from pip. I suppose which pywalfox should give you the path.

pywalfox update and other commands uses Unix sockets for communication on Linux and UDP sockets on Windows. The Unix socket files are saved in /tmp/pywalfox_socket and /tmp/pywalfox_socket_alt as can be seen here.

Any communicaton between the native app and the extension is managed entirely by Firefox. I believe the native app is spawned as a child process of Firefox (so I guess that does not need any extra configuration?).

@hexive
Copy link
Author

hexive commented Mar 4, 2021
edited
Loading

Got it--phew! Thanks again for your pointers.

Firejail default blocks all of python3. Here are the magic lines:

~/.config/firejail/firefox.local

whitelist ${HOME}/.local/lib/python3.9/site-packages/pywalfox
whitelist ${HOME}/.cache/wal
include allow-python3.inc
ignore noexec ${HOME}

@hexive hexive closed this as completed Mar 4, 2021
@noctuid
Copy link

noctuid commented Aug 27, 2021

@hexive Does that still work for you? I get a pywalfox popup page that the native messenger is outdated (even though pywalfox works without firejail).

@Frewacom Frewacom mentioned this issue Sep 2, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@hexive @noctuid @Frewacom