Firejail: firefox addon mailvelope not work w/ firejail
Background:
Mailvelope is a browser extension offers email encryption with PGP.
Version:
- firejail: 0.9.60
- firefox: 68.0.1
- mailvelope: latest
Issues:
I followed this instruction, the connection is established, but no gpg key displayed.
- using the default profile, not work;
- add
whitelist ${HOME}/.gnupg, still not work; - run firefox w/o firejail, it works.
and I trying run
firejail --profile=/etc/firejail/firefox.profile --whitelist='${HOME}/.gnupg' gpgme-json -i
with input {"op":"keylist"} , got
Reading profile /etc/firejail/firefox.profile
Reading profile /etc/firejail/firefox-common.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 461083, child pid 461084
Post-exec seccomp protector enabled
Seccomp list in: @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destr
oy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,p
rocess_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice, check list: @def
ault-keep, prelist: adjtimex,clock_adjtime,clock_settime,settimeofday,modify_ldt,lookup_dcookie,perf_event_open,process_vm_writev,delete_module,fi
nit_module,init_module,_sysctl,afs_syscall,create_module,get_kernel_syms,getpmsg,putpmsg,query_module,security,sysfs,tuxcall,uselib,ustat,vserver,
ioperm,iopl,kexec_load,kexec_file_load,reboot,set_mempolicy,migrate_pages,move_pages,mbind,swapon,swapoff,acct,add_key,bpf,fanotify_init,io_cancel
,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,open_by_handle_at,personality,pivot_root,pro
cess_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount2,userfaultfd,vhangup,vmsplice,
Child process initialized in 118.97 ms
gpgme-json 1.13.0 ready (enter ",help" for help)
> {"op":"keylist"}
>
===> {
===> "keys": []
===> }
>
how to make it work?
question
OwenChia
All 4 comments
Maybe the following firefox.local
noblacklist ${HOME}/.gnupg
mkdir ${HOME}/.gnupg
whitelist ${HOME}/.gnupg
writable-run-user
ignore nodbus
Idea from enigmail in thunderbird.local.
rusty-snake
on 3 Aug 2019
👍1
it works!
Thank you for your reply.
OwenChia
on 3 Aug 2019
🎉1
@OwenChia If you want, you can try if one or both of the last two line are not needed for mailvelope.
rusty-snake
on 3 Aug 2019
@rusty-snake
I tried to remove and add those line one by one, found that only noblacklist ${HOME}/.gnupg and whitelist ${HOME}/.gnupg is needed.
OwenChia
on 4 Aug 2019
👍2
Was this page helpful?
0 / 5 - 0 ratings
Related issues
SkewedZeppelin
路
3Comments
thiswillbeyourgithub
路
3Comments
fl-chris
路
4Comments
dandelionred
路
3Comments
Vincent43
路
3Comments
Most helpful comment
@rusty-snake
I tried to remove and add those line one by one, found that only
noblacklist ${HOME}/.gnupgandwhitelist ${HOME}/.gnupgis needed.