Question: pywalfox with firejail

[hexive]

Thanks for pywalfox it's great!

I use the firejail sandboxing app with firefox. Would you happen to know what directories I would need to whitelist for pywalfox to work properly?

Thanks in advance.

[Frewacom]

I am glad you like it!

The native messaging host is installed to ~/.mozilla/native-messaging-hosts and should be the only directory that needs whitelisting.

[hexive]

Thanks for your help!

It looks like firejail also restricts some /bin access and does dbus sandboxing as well.

Are there any external programs that pywalfox depends on that should be whitelisted?

And I don't know anything about dbus. I assume pywalfox is using dbus for communication with the api? Would there be a name that could be whitelisted?

The firejail dbus allow statements look like this, for example:

dbus-user.own org.mozilla.Firefox.*
dbus-user.own org.mozilla.firefox.*
dbus-user.own org.mpris.MediaPlayer2.firefox.*
dbus-user.talk org.freedesktop.Notifications

If I can get this working I'll post my firefox.local profile here to help anyone else that may use pywalfox & firejail.

[Frewacom]

Pywalfox is dependent on the executable that you (probably) installed from pip. I suppose which pywalfox should give you the path.

pywalfox update and other commands uses Unix sockets for communication on Linux and UDP sockets on Windows. The Unix socket files are saved in /tmp/pywalfox_socket and /tmp/pywalfox_socket_alt as can be seen here.

Any communicaton between the native app and the extension is managed entirely by Firefox. I believe the native app is spawned as a child process of Firefox (so I guess that does not need any extra configuration?).

[hexive]

Got it--phew! Thanks again for your pointers.

Firejail default blocks all of python3. Here are the magic lines:

~/.config/firejail/firefox.local

whitelist ${HOME}/.local/lib/python3.9/site-packages/pywalfox
whitelist ${HOME}/.cache/wal
include allow-python3.inc
ignore noexec ${HOME}

[noctuid]

@hexive Does that still work for you? I get a pywalfox popup page that the native messenger is outdated (even though pywalfox works without firejail).