Firejail: Need help for plasma browser integration
I have installed plasma integration extension for firefox(nightly) & it does work if firefox ain't firejailed. So is there a way to make it work inside firejail? Inside firejail it's showing "failed to connect to native host".
Neo00001
All 22 comments
Try adding ignore nodbus to firefox.local.
rusty-snake
on 9 Sep 2019
It's still showing the same message. btw, I have private etc enabled in firefox-common.profile
can that be the reason?
Neo00001
on 9 Sep 2019
Possible, but I think that rather one more path needs to be whitelisted.
rusty-snake
on 9 Sep 2019
which one?
Neo00001
on 9 Sep 2019
Thats the big question. :roll_eyes:
rusty-snake
on 9 Sep 2019
I have disabled private-etc, but the problem persists.
Neo00001
on 9 Sep 2019
Have you enabled private-bin?
rusty-snake
on 9 Sep 2019
yea in firefox profile.
Neo00001
on 9 Sep 2019
done... just had to add plasma-browser-integration-host in private-bin
Thanks
Neo00001
on 9 Sep 2019
https://github.com/KDE/plasma-browser-integration/blob/63721fad1a3b04ccf9fef4e7d86bfac359625150/org.kde.plasma.firefox_integration.json.in#L4
Try adding private-bin plasma-browser-integration-host to firefox.local.
rusty-snake
on 9 Sep 2019
can I ask another question which is not related with this issue or should I open a new one?
Neo00001
on 9 Sep 2019
If an other user has the same question it's easy to find it in a new issue.
rusty-snake
on 9 Sep 2019
ok
Neo00001
on 9 Sep 2019
@Neo00001
nodbus
private-bin plasma-browser-integration-host
With it works, right?
rusty-snake
on 9 Sep 2019
ignore nodbus & private-bin plasma-browser-integration-host
Neo00001
on 9 Sep 2019
Wiki done: https://github.com/netblue30/firejail/wiki/Frequently-Asked-Questions#how-do-i-enable-plasma-browser-integration-in-firefox
rusty-snake
on 9 Sep 2019
with xdg-dbus-proxy having some problem. basic media control works but progress of downloads in notification are doesn't work properly.
with
dbus-user filter
dbus-user.own org.mozilla.firefox.*
dbus-user.own org.mpris.MediaPlayer2.firefox.*
dbus-user.talk org.freedesktop.Notifications
ignore dbus-user none
it shows pic1. so I added dbus-user.talk org.kde.JobViewServer & now it shows pic2 along with pic1. Desired is only pic2.
If I use only ignore dbus-user none without any dbus-user filter it works as intended. So most likely some other portals must have to be allowed. Any help or hint will be appreciated.
btw,is there any way to trace dbus call or trace/log blocked dbus call? hope it makes sense
Neo00001
on 25 Oct 2020
btw,is there any way to trace dbus call or trace/log blocked dbus call? hope it makes sense
You can inspect D-Bus names with d-feet or qdbus-viewer or in /usr/share/dbus-1/services/*. To trace/monitor D-Bus calls in the sandbox you can use firejail --log-dbus but this works only for dbus-user filter. Or you can monitor you session-bus with tools such as dbus-monitor, bustle or busctl monitor, However monitoring the session-bus creates a lot of spam which is not form the sandbox. I plan to write a script which catches all the D-Bus traffic of a program using dbus-daemon and dbus-monitor, but I do not have that time ATM. If the program has a flatpak, you can also look at it's permissions.
rusty-snake
on 26 Oct 2020
btw,is there any way to trace dbus call or trace/log blocked dbus call? hope it makes sense
You can inspect D-Bus names with d-feet or qdbus-viewer or in /usr/share/dbus-1/services/*. To trace/monitor D-Bus calls in the sandbox you can use
firejail --log-dbusbut this works only fordbus-user filter. Or you can monitor you session-bus with tools such as dbus-monitor, bustle or busctl monitor, However monitoring the session-bus creates a lot of spam which is not form the sandbox. I plan to write a script which catches all the D-Bus traffic of a program using dbus-daemon and dbus-monitor, but I do not have that time ATM. If the program has a flatpak, you can also look at it's permissions.
ok... I will look into these later.
Neo00001
on 26 Oct 2020
ok. here what worked for me.
dbus-user.talk org.kde.JobViewServer
dbus-user.talk org.kde.kuiserver
thanks for the help.
Neo00001
on 26 Oct 2020
So your dbus-policy for firefox looks like this.
dbus-user filter
dbus-user.own org.mozilla.firefox.*
dbus-user.own org.mpris.MediaPlayer2.firefox.*
dbus-user.talk org.freedesktop.Notifications
dbus-user.talk org.kde.JobViewServer
dbus-user.talk org.kde.kuiserver
ignore dbus-user none
Works plasma browser integration w/o org.freedesktop.Notifications? (I want to add a note to firefox.profile.)
rusty-snake
on 27 Oct 2020
Works plasma browser integration w/o
org.freedesktop.Notifications? (I want to add a note to firefox.profile.)
plasma browser integration works without org.freedesktop.Notifications & regarding proper functioning of plasma browser integration you don't need
dbus-user.own org.mozilla.firefox.*
dbus-user.own org.mpris.MediaPlayer2.firefox.*
I'm using this
dbus-user filter
dbus-user.own org.mpris.MediaPlayer2.plasma-browser-integration
dbus-user.talk org.kde.JobViewServer
dbus-user.talk org.kde.kuiserver
ignore dbus-user none
if instead of dbus-user.own org.mpris.MediaPlayer2.plasma-browser-integration I use
dbus-user.own org.mozilla.firefox.*
dbus-user.own org.mpris.MediaPlayer2.firefox.*
then I can pause & resume media from system tray but can't get the thumbnail & the progress bar.
Spec-
OS: Arch(KDE plasma) Kernel: 5.9.1 Plasma ver: 5.20.2 firejail ver:0.9.64
Neo00001
on 27 Oct 2020
Related issues
semente
路
4Comments
thiswillbeyourgithub
路
3Comments
ericschdt
路
3Comments
fl-chris
路
4Comments
dandelionred
路
3Comments
Most helpful comment
ignore nodbus & private-bin plasma-browser-integration-host