github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #2645] firefox passf plugin not working #1669

New issue

Closed

opened 2026-05-05 08:19:01 -06:00 by gitea-mirror · 7 comments

gitea-mirror commented

2026-05-05 08:19:01 -06:00

Owner

Originally created by @maxodoble on GitHub (Apr 12, 2019).
Original GitHub issue: https://github.com/netblue30/firejail/issues/2645

hi,
when using firejail with firefox on arch the passff extension stops working. passff (https://github.com/passff/passff) uses a native messaging host app to communicate with the pass passwordstore. the native messaging app is a python3 app (https://github.com/passff/passff-host).

what can i do get this browser plugin working when using firejail?

thanks,
Max

Originally created by @maxodoble on GitHub (Apr 12, 2019). Original GitHub issue: https://github.com/netblue30/firejail/issues/2645 hi, when using firejail with firefox on arch the passff extension stops working. passff (https://github.com/passff/passff) uses a native messaging host app to communicate with the pass passwordstore. the native messaging app is a python3 app (https://github.com/passff/passff-host). what can i do get this browser plugin working when using firejail? thanks, Max

gitea-mirror closed this issue

2026-05-05 08:19:02 -06:00

gitea-mirror commented

2026-05-05 08:19:04 -06:00

Author

Owner

@ghost commented on GitHub (Apr 12, 2019):

Due to the complexities of web browsers, firejail has split-up the firefox profile layout. You can use an override file firefox-common.local, either in /etc/firejail or ~/.config/firejail with the following content:

# Uncomment the following line to allow access to common programs/addons/plugins.
include firefox-common-addons.inc

The included firefox-common-addons.inc unblocks python3 in a comment relating to GNOME Shell integration (chrome-gnome-shell), but it will work for passff too:

noblacklist ${PATH}/python3*
noblacklist /usr/lib/python3*

Besides that you'll need to make sure additional paths relating to pass/passff are whitelisted.

@ghost commented on GitHub (Apr 12, 2019): Due to the complexities of web browsers, firejail has split-up the firefox profile layout. You can use an override file `firefox-common.local`, either in /etc/firejail or ~/.config/firejail with the following content: ``` # Uncomment the following line to allow access to common programs/addons/plugins. include firefox-common-addons.inc ``` The included `firefox-common-addons.inc` unblocks python3 in a comment relating to GNOME Shell integration (chrome-gnome-shell), but it will work for passff too: ``` noblacklist ${PATH}/python3* noblacklist /usr/lib/python3* ``` Besides that you'll need to make sure additional paths relating to pass/passff are whitelisted.

gitea-mirror commented

2026-05-05 08:19:05 -06:00

Author

Owner

@maxodoble commented on GitHub (Apr 12, 2019):

Thanks much,

with your help i am one step further: passff is getting the infos from the passwordstore now correctly.

but now i am stuck at the next step: pinentry:

when trying to fill out a form-entry from passff i am getting no more popup for the pwd to the private key which is necessary for getting the credentials out of the passwordstore. so passf stops here with "no gpg key..."

any idea for that as well? (whitelist pinentry or something?)

Cheers,
Max

@maxodoble commented on GitHub (Apr 12, 2019): Thanks much, with your help i am one step further: passff is getting the infos from the passwordstore now correctly. but now i am stuck at the next step: pinentry: when trying to fill out a form-entry from passff i am getting no more popup for the pwd to the private key which is necessary for getting the credentials out of the passwordstore. so passf stops here with "no gpg key..." any idea for that as well? (whitelist pinentry or something?) Cheers, Max

gitea-mirror commented

2026-05-05 08:19:06 -06:00

Author

Owner

@ghost commented on GitHub (Apr 12, 2019):

@maxodoble The plot thickens 😄 ... Looks like you'll need to whitelist access to ${HOME}/.gnupg for passff too. PassFF needs a GUI pinentry program (see https://github.com/passff/passff#troubleshooting). On Arch these are included in the pinentry package, but you might want to check what you have configured in ~/.gnupg/gpg-agent.conf. More info on that on the Arch Wiki.

Now I remember why I stopped using pass/passff with a firejailed firefox, it's complicated and I never bothered to get it all working correctly without loosening the profile too much. Best of luck, interested in your experiences to get this combo working.

@ghost commented on GitHub (Apr 12, 2019): @maxodoble The plot thickens :smile: ... Looks like you'll need to whitelist access to ${HOME}/.gnupg for passff too. PassFF needs a GUI pinentry program (see https://github.com/passff/passff#troubleshooting). On Arch these are included in the pinentry package, but you might want to check what you have configured in ~/.gnupg/gpg-agent.conf. More info on that on the [Arch Wiki](https://wiki.archlinux.org/index.php/GnuPG#pinentry). Now I remember why I stopped using pass/passff with a firejailed firefox, it's complicated and I never bothered to get it all working correctly without loosening the profile too much. Best of luck, interested in your experiences to get this combo working.

gitea-mirror commented

2026-05-05 08:19:07 -06:00

Author

Owner

@maxodoble commented on GitHub (Apr 12, 2019):

So i did whitelist ~/.gnupg but i am stuck at the pinentry problem.

tried with noblacklist /usr/bin/pinentry-gnome3 but i still can't get the pinentry popup to show up.

so, if anybody has an idea, i'd appreciate it :-)

@maxodoble commented on GitHub (Apr 12, 2019): So i did whitelist ~/.gnupg but i am stuck at the pinentry problem. tried with `noblacklist /usr/bin/pinentry-gnome3` but i still can't get the pinentry popup to show up. so, if anybody has an idea, i'd appreciate it :-)

gitea-mirror commented

2026-05-05 08:19:08 -06:00

Author

Owner

@ghost commented on GitHub (Apr 13, 2019):

@maxodoble Have you tried whitelist ${PATH}/pinentry-gnome3 yet? Also, try to experiment by adding ignore nodbus, D-Bus is quite notorious for breaking functionalities.

@ghost commented on GitHub (Apr 13, 2019): @maxodoble Have you tried `whitelist ${PATH}/pinentry-gnome3` yet? Also, try to experiment by adding `ignore nodbus`, D-Bus is quite notorious for breaking functionalities.

gitea-mirror commented

2026-05-05 08:19:09 -06:00

Author

Owner

@maxodoble commented on GitHub (Apr 14, 2019):

tried now:
whitelist ${PATH}/pinentry-gnome3
this gives: Error: invalid whitelist path ${PATH}/pinentry-gnome3

adding
ignore nodbus alone (without pinentry whitelist), also doesn't seem to work.

i think i am at a point now, where it's not worth the hassle ;-)

Thanks though very much for your help and input, at least i learned some new stuff along the way :-)

All the best,
Max

@maxodoble commented on GitHub (Apr 14, 2019): tried now: `whitelist ${PATH}/pinentry-gnome3` this gives: `Error: invalid whitelist path ${PATH}/pinentry-gnome3` adding `ignore nodbus` alone (without pinentry whitelist), also doesn't seem to work. i think i am at a point now, where it's not worth the hassle ;-) Thanks though very much for your help and input, at least i learned some new stuff along the way :-) All the best, Max

gitea-mirror commented

2026-05-05 08:19:09 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (Apr 26, 2019):

Hey @maxodoble! It seems like it's reasonable to go ahead and close this due to your last comment, but please feel free to re-open this if you have more questions or have updates and manage to get it working!

@chiraag-nataraj commented on GitHub (Apr 26, 2019): Hey @maxodoble! It seems like it's reasonable to go ahead and close this due to your last comment, but please feel free to re-open this if you have more questions or have updates and manage to get it working!

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#1669

No description provided.

Rows
Columns