-
Notifications
You must be signed in to change notification settings - Fork 584
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hexchat links do not open in chromium #1718
Comments
I believe this is related to the fact that the |
Weird. After last kernel update to
...but this bypasses a lot of security settings. Any ideas why chromium is not opening from hexchat? |
If you run a
My suspicion is that if you're not already running Chromium, it starts its own instance inside the |
Also, for what it's worth, I've given up on allowing apps to talk to each other. If I want to open a link, I copy-paste it into my browser window. This has the added benefit of making me check the URL before hitting "Go" 😉 Since I'm on Debian, I could probably do some convoluted thing with |
Yes. Is there a way to make chromium run in its own sandbox from hexchat? |
Huh, weird.
Nope - not yet. I forget where, but there's an open bug report about this (tried a cursory search but couldn't find it... @netblue30). |
@carbolymer Do you still have this issue? Most likely, chromium doesn't know how to talk to an already-running instance and thus you're experiencing this problem. Personally, as I said above, I've given up on having apps talk to each other. If there's a link I want to open, I copy-paste it. Simple and keeps the boundaries separate. |
Yes, I still have this issue. I've also given up and I am copy-pasting it. |
@carbolymer Okay. Yeah, it's not ideal, but this is what happens when every program assumes it can talk with other programs with absolutely no security boundaries - as soon as you put security boundaries in place, things break. I don't have this problem with firefox since (I think) it uses something in the profile directory to determine if firefox is already running - I assume chromium uses some other method which breaks as soon as you install PID namespaces or some other basic isolation techniques used by firejail. The two options you have are:
Personally, (2) is the clear winner, but depending on what your priorities are, you may end up going with (1). Since we don't really have any way to fix this without drastically reducing security for many profiles, I'm going to go ahead and close this. |
Steps to reproduce
Fix:Create~/.config/firejail/hexchat.profile
with the following content:Somehow, hexchat tries to access~/.config/chromium
directory when opening URLs. Can we add some rule (I am not sure if my solution is the secure one) for handling such cases?UPDATE: This workaround stopped working.
The text was updated successfully, but these errors were encountered: