Closed hexive closed 3 years ago
I am glad you like it!
The native messaging host is installed to ~/.mozilla/native-messaging-hosts
and should be the only directory that needs whitelisting.
Thanks for your help!
It looks like firejail also restricts some /bin access and does dbus sandboxing as well.
Are there any external programs that pywalfox depends on that should be whitelisted?
And I don't know anything about dbus. I assume pywalfox is using dbus for communication with the api? Would there be a name that could be whitelisted?
The firejail dbus allow statements look like this, for example:
dbus-user.own org.mozilla.Firefox.*
dbus-user.own org.mozilla.firefox.*
dbus-user.own org.mpris.MediaPlayer2.firefox.*
dbus-user.talk org.freedesktop.Notifications
If I can get this working I'll post my firefox.local profile here to help anyone else that may use pywalfox & firejail.
Pywalfox is dependent on the executable that you (probably) installed from pip. I suppose which pywalfox
should give you the path.
pywalfox update
and other commands uses Unix sockets for communication on Linux and UDP sockets on Windows. The Unix socket files are saved in /tmp/pywalfox_socket
and /tmp/pywalfox_socket_alt
as can be seen here.
Any communicaton between the native app and the extension is managed entirely by Firefox. I believe the native app is spawned as a child process of Firefox (so I guess that does not need any extra configuration?).
Got it--phew! Thanks again for your pointers.
Firejail default blocks all of python3. Here are the magic lines:
~/.config/firejail/firefox.local
whitelist ${HOME}/.local/lib/python3.9/site-packages/pywalfox
whitelist ${HOME}/.cache/wal
include allow-python3.inc
ignore noexec ${HOME}
@hexive Does that still work for you? I get a pywalfox popup page that the native messenger is outdated (even though pywalfox works without firejail).
Thanks for pywalfox it's great!
I use the firejail sandboxing app with firefox. Would you happen to know what directories I would need to whitelist for pywalfox to work properly?
Thanks in advance.