github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #3465] Notification from Firefox add-on become of lower resolution & can not induced system sound notification. #2177

New issue

Closed

opened 2026-05-05 08:51:23 -06:00 by gitea-mirror · 3 comments

gitea-mirror commented

2026-05-05 08:51:23 -06:00

Owner

Originally created by @Nokia808 on GitHub (Jun 12, 2020).
Original GitHub issue: https://github.com/netblue30/firejail/issues/3465

Hi dears.

I have on my Firefox 2 add-ons:

"Download Notifications"
&
Multithreaded download manager

Without firejail, their text notification when appear at end of download appear with resolution seem to me the same of browser, & they induced sound notification of my Cinnamon DE. Cinnamon DE have option to associate a sound with system text notification so that every time a text system notification appear, there will be a sound induced. This option should activated by user ...

With firejail enabled for Firefox, the text notification appear but with lower resolution so that size of it & it's contents become larger. Also, they failed to induced system sound notification (audio notification).

Very clear this is due to affect of sandbox.

My request is ass following: if fixing this issue NOT undermine the security of firejail sandbox of Firefox, then this issue should fixed. Otherwise, if the fix lead to break security of sandbox then please do not fix it & kindly close this issue because it is cosmetic ...

Originally created by @Nokia808 on GitHub (Jun 12, 2020). Original GitHub issue: https://github.com/netblue30/firejail/issues/3465 Hi dears. I have on my Firefox 2 add-ons: - "Download Notifications" & - Multithreaded download manager Without firejail, their text notification when appear at end of download appear with resolution seem to me the same of browser, & they induced sound notification of my Cinnamon DE. Cinnamon DE have option to associate a sound with system text notification so that every time a text system notification appear, there will be a sound induced. This option should activated by user ... With firejail enabled for Firefox, the text notification appear but with lower resolution so that size of it & it's contents become larger. Also, they failed to induced system sound notification (audio notification). Very clear this is due to affect of sandbox. My request is ass following: if fixing this issue NOT undermine the security of firejail sandbox of Firefox, then this issue should fixed. Otherwise, if the fix lead to break security of sandbox then please do not fix it & kindly close this issue because it is cosmetic ...

gitea-mirror

2026-05-05 08:51:23 -06:00

closed this issue
added the
workaround

notabug
labels

gitea-mirror commented

2026-05-05 08:51:26 -06:00

Author

Owner

@ghost commented on GitHub (Jun 12, 2020):

My request is ass following: if fixing this issue NOT undermine the security of firejail sandbox of Firefox, then this issue should fixed. Otherwise, if the fix lead to break security of sandbox then please do not fix it & kindly close this issue because it is cosmetic ...

This sounds very much like a D-Bus issue, see the comments in /etc/firejail/firefox-common.profile. Assuming you are using 0.9.62, the comment on line 37 and following explains what you can try to fix this. The next release of firejail will have more finegrained dbus-* controls. But in 0.9.62 you don't have much other options than to allow D-Bus access. Have you tried adding ignore nodbus to a firefox-common.local file yet? Additionally, depending on where the sound notification files are located on your OS, you might need to whitelist the relevant paths to those too.

@ghost commented on GitHub (Jun 12, 2020): > My request is ass following: if fixing this issue NOT undermine the security of firejail sandbox of Firefox, then this issue should fixed. Otherwise, if the fix lead to break security of sandbox then please do not fix it & kindly close this issue because it is cosmetic ... This sounds very much like a D-Bus issue, see the comments in /etc/firejail/firefox-common.profile. Assuming you are using 0.9.62, the comment on line 37 and following explains what you can try to fix this. The next release of firejail will have more finegrained dbus-* controls. But in 0.9.62 you don't have much other options than to allow D-Bus access. Have you tried adding `ignore nodbus` to a firefox-common.local file yet? Additionally, depending on where the sound notification files are located on your OS, you might need to whitelist the relevant paths to those too.

gitea-mirror commented

2026-05-05 08:51:28 -06:00

Author

Owner

@rusty-snake commented on GitHub (Jun 12, 2020):

Native notifications are implemented over D-Bus (org.freedesktop.Notifications) which need to be allowed.

firejail <= 0.9.62:
https://github.com/netblue30/firejail/issues/2028#issuecomment-402754297

firejail >= 0.9.63:

You could allow org.freedesktop.Notifications:
3490ba4fe2/etc/profile-a-l/firefox.profile (L31-L35)
Drawback: Under GNOME (and some other DEs) this allows to execute arbitrary code outside the sandbox, record the screen, ...

dbus-user filter
dbus-user.talk org.freedesktop.Notifications

You can prevent this drawback with

dbus-user filter
dbus-user.call org.freedesktop.Notifications=org.freedesktop.Notifications.*@/org/freedesktop/Notifications
dbus-user.broadcast org.freedesktop.Notifications=org.freedesktop.Notifications.*@/org/freedesktop/Notifications

However this looks terrible. A workaround could be a .inc file for that, so that profiles only have include dbus-notifications.inc. IMHO we should avoid to use a lot of inc-files only containing 2-3 lines. My purpose for that is #3412 (or alternative #3424).

@rusty-snake commented on GitHub (Jun 12, 2020): Native notifications are implemented over D-Bus (`org.freedesktop.Notifications`) which need to be allowed. firejail <= 0.9.62: https://github.com/netblue30/firejail/issues/2028#issuecomment-402754297 firejail >= 0.9.63: You could allow `org.freedesktop.Notifications`: https://github.com/netblue30/firejail/blob/3490ba4fe24395b916c2b70237e96bb8040e151b/etc/profile-a-l/firefox.profile#L31-L35 Drawback: Under GNOME (and some other DEs) this allows to execute arbitrary code outside the sandbox, record the screen, ... ``` dbus-user filter dbus-user.talk org.freedesktop.Notifications ``` You can prevent this drawback with ``` dbus-user filter dbus-user.call org.freedesktop.Notifications=org.freedesktop.Notifications.*@/org/freedesktop/Notifications dbus-user.broadcast org.freedesktop.Notifications=org.freedesktop.Notifications.*@/org/freedesktop/Notifications ``` However this looks terrible. A workaround could be a `.inc` file for that, so that profiles only have `include dbus-notifications.inc`. IMHO we should avoid to use a lot of inc-files only containing 2-3 lines. My purpose for that is #3412 (or alternative #3424).

gitea-mirror commented

2026-05-05 08:51:28 -06:00

Author

Owner

@Nokia808 commented on GitHub (Jun 12, 2020):

I think the best - if technically possible - to fix this WITHOUT break security or weakening the power of sandbox & make the fix built-in & user need nothing to do from heir/his side at all. Otherwise, the fix seem to me to penetrate the sandbox & this is bad ...

@Nokia808 commented on GitHub (Jun 12, 2020): I think the best - if technically possible - to fix this WITHOUT break security or weakening the power of sandbox & make the fix built-in & user need nothing to do from heir/his side at all. Otherwise, the fix seem to me to penetrate the sandbox & this is bad ...

gitea-mirror referenced this issue

2026-05-05 10:15:40 -06:00

[PR #2177] [MERGED] Add gzip aliases #4204

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2177

No description provided.

Rows
Columns