github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #3701] Firefox native messaging regression in 0.9.62.4 -> 0.9.64rc1 #2331

New issue

Closed

opened 2026-05-05 09:01:04 -06:00 by gitea-mirror · 2 comments

gitea-mirror commented

2026-05-05 09:01:04 -06:00

Owner

Originally created by @cinnaboot on GitHub (Oct 26, 2020).
Original GitHub issue: https://github.com/netblue30/firejail/issues/3701

When upgrading to firejail 0.9.64rc1, the firefox extension https://github.com/woodruffw/ff2mpv breaks.
It makes use of https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Native_messaging to talk to other native applications.

In firefox.local, I have
# Python 3
noblacklist ${PATH}/python3*
noblacklist /usr/include/python3*
noblacklist /usr/lib/python3*
noblacklist /usr/lib64/python3*
noblacklist /usr/local/lib/python3*
noblacklist /usr/share/python3*

After upgrading to 1.9.64rc1 (and in 1.9.64), I get the following in strace:
[pid 261] execve("/home/user/.mozilla/ff2mpv.py", ["/home/user/.mozilla/ff2mpv.py", "/home/user/.mozilla/native-mes"..., "ff2mpv@yossarian.net"], 0x7f9a121b4c00 /* 86 vars */) = -1 EACCES (Permission denied)

firejail --noprofile does work too

Do I need to add some more options for the new DBus filtering maybe?

Forgot to add, this is on Arch Linux

Originally created by @cinnaboot on GitHub (Oct 26, 2020). Original GitHub issue: https://github.com/netblue30/firejail/issues/3701 When upgrading to firejail 0.9.64rc1, the firefox extension https://github.com/woodruffw/ff2mpv breaks. It makes use of https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Native_messaging to talk to other native applications. In firefox.local, I have `# Python 3` `noblacklist ${PATH}/python3*` `noblacklist /usr/include/python3*` `noblacklist /usr/lib/python3*` `noblacklist /usr/lib64/python3*` `noblacklist /usr/local/lib/python3*` `noblacklist /usr/share/python3*` After upgrading to 1.9.64rc1 (and in 1.9.64), I get the following in strace: `[pid 261] execve("/home/user/.mozilla/ff2mpv.py", ["/home/user/.mozilla/ff2mpv.py", "/home/user/.mozilla/native-mes"..., "ff2mpv@yossarian.net"], 0x7f9a121b4c00 /* 86 vars */) = -1 EACCES (Permission denied)` firejail --noprofile does work too Do I need to add some more options for the new DBus filtering maybe? Forgot to add, this is on Arch Linux

gitea-mirror

2026-05-05 09:01:04 -06:00

closed this issue
added the
information_old
label

gitea-mirror commented

2026-05-05 09:01:07 -06:00

Author

Owner

@rusty-snake commented on GitHub (Oct 26, 2020):

Add ignore noexec ${HOME} to your firefox.local.

In 0.9.62 was ignore noexec ${HOME} by default set even it shouldn't.

@rusty-snake commented on GitHub (Oct 26, 2020): Add `ignore noexec ${HOME}` to your firefox.local. In 0.9.62 was `ignore noexec ${HOME}` by default set even it shouldn't.

gitea-mirror commented

2026-05-05 09:01:07 -06:00

Author

Owner

@cinnaboot commented on GitHub (Oct 26, 2020):

Thanks, that helped.
I ended up needing to add a bunch of stuff from mpv.profile to make it go also:

ignore noexec ${HOME}

# copy firejail config parts from mpv.profile
noblacklist ${HOME}/.config/mpv
noblacklist ${HOME}/.config/youtube-dl
noblacklist ${HOME}/.netrc

include allow-lua.inc
include allow-python3.inc
mkdir ${HOME}/.config/mpv
mkdir ${HOME}/.config/youtube-dl
mkfile ${HOME}/.netrc
whitelist ${HOME}/.config/mpv
whitelist ${HOME}/.config/youtube-dl
whitelist ${HOME}/.netrc
whitelist /usr/share/lua
whitelist /usr/share/lua*
whitelist /usr/share/vulkan

private-bin env,mpv,python*,waf,youtube-dl

@cinnaboot commented on GitHub (Oct 26, 2020): Thanks, that helped. I ended up needing to add a bunch of stuff from mpv.profile to make it go also: ``` ignore noexec ${HOME} # copy firejail config parts from mpv.profile noblacklist ${HOME}/.config/mpv noblacklist ${HOME}/.config/youtube-dl noblacklist ${HOME}/.netrc include allow-lua.inc include allow-python3.inc mkdir ${HOME}/.config/mpv mkdir ${HOME}/.config/youtube-dl mkfile ${HOME}/.netrc whitelist ${HOME}/.config/mpv whitelist ${HOME}/.config/youtube-dl whitelist ${HOME}/.netrc whitelist /usr/share/lua whitelist /usr/share/lua* whitelist /usr/share/vulkan private-bin env,mpv,python*,waf,youtube-dl ```

gitea-mirror referenced this issue

2026-05-05 10:16:54 -06:00

[PR #2331] [CLOSED] update mps-youtube profile #4267

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2331

No description provided.

Rows
Columns