profiles: keepassxc: add new socket location #6391
Conversation
etc/profile-a-l/firefox.profile
Outdated
| @@ -33,6 +33,7 @@ whitelist ${HOME}/.mozilla | |||
| # Note: Start KeePassXC before Firefox and keep it open to allow communication between them. | |||
| #whitelist ${RUNUSER}/kpxc_server | |||
| #whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer | |||
| #noblacklist ${RUNUSER}/app | |||
There was a problem hiding this comment.
This should also be added to {cachy-browser,floorp,librewolf}.profile.
There was a problem hiding this comment.
This should also be added to {cachy-browser,floorp,librewolf}.profile.
If this applies to multiple browsers, I think it would be better to improve the
comment then move it to firefox-common.profile.
Then copy it to chromium-common.profile as suggested above.
I could do the refactor after this PR.
kmk3
changed the title
etc/profile-a-l/firefox.profile
Outdated
| @@ -33,6 +33,7 @@ whitelist ${HOME}/.mozilla | |||
| # Note: Start KeePassXC before Firefox and keep it open to allow communication between them. | |||
| #whitelist ${RUNUSER}/kpxc_server | |||
| #whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer | |||
| #noblacklist ${RUNUSER}/app | |||
There was a problem hiding this comment.
This should also be added to {cachy-browser,floorp,librewolf}.profile.
If this applies to multiple browsers, I think it would be better to improve the
comment then move it to firefox-common.profile.
Then copy it to chromium-common.profile as suggested above.
I could do the refactor after this PR.
There was a problem hiding this comment.
Note that the following issue is still unresolved:
Also, the current commit message has very long lines (>72 characters) and is
not consistent with the usual format:
$ git show --pretty='%s%n%n%b' -s d8e01fe62f8c5910b23411acbe42e5447846b3f8
Add comment to include `noblacklist ${RUNUSER}/app` in browser profiles
KeePassXC browser extension look for KeePassXC in the /run/user/app directory (https://github.com/keepassxreboot/keepassxc/blob/6b1ab1a5edd66ac10706a2fb5af34ec9458a901d/src/browser/BrowserShared.cpp\#L41). Unfortunately, /run/user/app seems to be blacklisted in disable-common.inc under the flatpak section (https://github.com/netblue30/firejail/blob/b89ec818926b4bcd3a58bb4e2a67b68a8090ba1c/etc/inc/disable-common.inc\#L667), as a result, KeePassXC extension cannot connect to it.
$ git show --pretty='%b' -s d8e01fe62f8c5910b23411acbe42e5447846b3f8 | tr -d '\n' | wc -m
481Suggestion:
Squash all commits, then reword the message to:
profiles: keepassxc: document new socket location
The KeePassXC browser extension looks for the KeePassXC socket at
`${RUNUSER}/app/org.keepassxc.KeePassXC`[1].
But `${RUNUSER}/app` seems to be blacklisted in disable-common.inc under the
flatpak section[2], so the KeePassXC extension cannot connect to it.
Fixes #5447.
[1] https://github.com/keepassxreboot/keepassxc/blob/6b1ab1a5edd66ac10706a2fb5af34ec9458a901d/src/browser/BrowserShared.cpp#L41
[2] https://github.com/netblue30/firejail/blob/b89ec818926b4bcd3a58bb4e2a67b68a8090ba1c/etc/inc/disable-common.inc#L667
(The link lines are still long, but the URLs cannot be line-wrapped)
See the following for details:
Let me know if you have any questions.
|
Done. Thanks for the link to the article, that will definitely help :) |
kmk3
changed the title
| mkdir ${RUNUSER}/app/org.keepassxc.KeePassXC | ||
| whitelist ${RUNUSER}/app/org.keepassxc.KeePassXC | ||
| whitelist /usr/share/keepassxc | ||
| include whitelist-run-common.inc | ||
| include whitelist-runuser-common.inc |
There was a problem hiding this comment.
whitelist ${RUNUSER}/app/org.keepassxc.KeePassXC
This will break X11, D-Bus, ...
Do you think the whitelisting is safe with whitelist-run-user-common.inc
included?
Centralize it on firefox-common and copy it to chromium-common. Relates to netblue30#3984 netblue30#6391.
The KeePassXC browser extension looks for the KeePassXC socket at
`${RUNUSER}/app/org.keepassxc.KeePassXC`[1].
But `${RUNUSER}/app` seems to be blacklisted in disable-common.inc under the
flatpak section[2], so the KeePassXC extension cannot connect to it.
Fixes netblue30#5447.
Relates to netblue30#3984.
[1] https://github.com/keepassxreboot/keepassxc/blob/6b1ab1a5edd66ac10706a2fb5af34ec9458a901d/src/browser/BrowserShared.cpp#L41
[2] https://github.com/netblue30/firejail/blob/b89ec818926b4bcd3a58bb4e2a67b68a8090ba1c/etc/inc/disable-common.inc#L667
Fixes netblue30#3314. Relates to netblue30#6391 netblue30#6529.
KeePassXC browser extension look for KeePassXC socket in the /run/user/app directory (https://github.com/keepassxreboot/keepassxc/blob/6b1ab1a5edd66ac10706a2fb5af34ec9458a901d/src/browser/BrowserShared.cpp#L41).
Unfortunately, /run/user/app seems to be blacklisted in disable-common.inc under the flatpak section (
firejail/etc/inc/disable-common.inc
Line 667 in b89ec81
Fixes #5447.
Relates to: