github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #76] shell scripting firejail a.k.a. add rss feed from firefox to liferea when both run sandboxed #44

New issue

Closed

opened 2026-05-05 04:53:14 -06:00 by gitea-mirror · 2 comments

gitea-mirror commented

2026-05-05 04:53:14 -06:00

Owner

Originally created by @ghost on GitHub (Oct 10, 2015).
Original GitHub issue: https://github.com/netblue30/firejail/issues/76

SITUATION

:: in a non-sandboxed world firefox users can easily add rss feeds to liferea by
instructing the browser to use a script liferea offers as handler for web feeds
(i.e. liferea-add-feed)

:: in a sandboxed context things are different and the above routine fails
because liferea-add-feed checks for a running liferea process..

[...]
if ! pgrep -x liferea >/dev/null 2>&1; then
    echo "Liferea is not running! You need to start it first."
    exit 1
fi
[...]

..which is invisible (expected behavior) from within a firejailed firefox:

$ firejail --list
2212:glitsj:firejail --private=/home/glitsj firefox 
26367:glitsj:firejail --private=/home/glitsj liferea

$ firejail --join=2212
Switching to pid 2213, the first child process inside the sandbox
[glitsj@lab16 ~]$ liferea-add-feed https://l3net.wordpress.com/feed/
Liferea is not running! You need to start it first.

SOLUTION

:: use a shell script as firefox's rss handler, intercepts the feed URL, greps firejail --list
and joins liferea's sandbox to execute the regular liferea-add-feed command.

:: from a terminal this all works just fine..

$ firejail --join=26367
Switching to pid 26368, the first child process inside the sandbox
[glitsj@lab16 ~]$ liferea-add-feed https://l3net.wordpress.com/feed/

QUESTION

How can this be done using a shell script? Getting liferea's sandbox pid by grepping
'firejail --list' for liferea and issuing a 'firejail --join=26367' command isn't the issue.
How to execute a command inside that joined sandbox in a shell script is. Any pointers
on how to tackle this?

Originally created by @ghost on GitHub (Oct 10, 2015). Original GitHub issue: https://github.com/netblue30/firejail/issues/76 SITUATION :: in a non-sandboxed world firefox users can easily add rss feeds to liferea by instructing the browser to use a script liferea offers as handler for web feeds (i.e. liferea-add-feed) :: in a sandboxed context things are different and the above routine fails because liferea-add-feed checks for a running liferea process.. ``` [...] if ! pgrep -x liferea >/dev/null 2>&1; then echo "Liferea is not running! You need to start it first." exit 1 fi [...] ``` ..which is invisible (expected behavior) from within a firejailed firefox: ``` $ firejail --list 2212:glitsj:firejail --private=/home/glitsj firefox 26367:glitsj:firejail --private=/home/glitsj liferea $ firejail --join=2212 Switching to pid 2213, the first child process inside the sandbox [glitsj@lab16 ~]$ liferea-add-feed https://l3net.wordpress.com/feed/ Liferea is not running! You need to start it first. ``` SOLUTION :: use a shell script as firefox's rss handler, intercepts the feed URL, greps firejail --list and joins liferea's sandbox to execute the regular liferea-add-feed command. :: from a terminal this all works just fine.. ``` $ firejail --join=26367 Switching to pid 26368, the first child process inside the sandbox [glitsj@lab16 ~]$ liferea-add-feed https://l3net.wordpress.com/feed/ ``` QUESTION How can this be done using a shell script? Getting liferea's sandbox pid by grepping 'firejail --list' for liferea and issuing a 'firejail --join=26367' command isn't the issue. How to execute a command inside that joined sandbox in a shell script is. Any pointers on how to tackle this?

gitea-mirror

2026-05-05 04:53:15 -06:00

closed this issue
added the
information_old
label

gitea-mirror commented

2026-05-05 04:53:22 -06:00

Author

Owner

@netblue30 commented on GitHub (Oct 11, 2015):

First of all, instead of PID, it is easier to use a --name to refer to the sandbox:

$ firejail --name=mybrowser firefox

Then, you can join it like this:

$ firejail --join=mybrowser

You can pass a command the regular way when you join a sandbox:

$ firejail --join=mybrowser liferea-add-feed https://l3net.wordpress.com/feed/

@netblue30 commented on GitHub (Oct 11, 2015): First of all, instead of PID, it is easier to use a --name to refer to the sandbox: ``` $ firejail --name=mybrowser firefox ``` Then, you can join it like this: ``` $ firejail --join=mybrowser ``` You can pass a command the regular way when you join a sandbox: ``` $ firejail --join=mybrowser liferea-add-feed https://l3net.wordpress.com/feed/ ```

gitea-mirror commented

2026-05-05 04:53:24 -06:00

Author

Owner

@ghost commented on GitHub (Oct 12, 2015):

Thanks for your reply. I did read about the --name=... option in firejail's man page and played with it. Works just fine, but I had reservations about it adding another string to my already quite overburdened browser's titlebar.

Passing the command like you proposed made adding rss feeds work. Thank you kindly for your reaction. Kudos for making firejail available to the world!

@ghost commented on GitHub (Oct 12, 2015): Thanks for your reply. I did read about the --name=... option in firejail's man page and played with it. Works just fine, but I had reservations about it adding another string to my already quite overburdened browser's titlebar. Passing the command like you proposed made adding rss feeds work. Thank you kindly for your reaction. Kudos for making firejail available to the world!

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#44

No description provided.

Rows
Columns