Firefox and native messaging

[alkim0]

Hi, somewhat recently, firefox started allowing native apps. However, this requires that another executable be allowed to run in the firefox jail. I'm not quite sure how to do this.

Specifically, I'm trying to use the native app for tridactyl which installs a python script to $HOME/.local/share/tridactyl/native_main.py. Firefox needs to be able to execute this python script (like a shell script, and not as an argument to the interpreter).

I use firejail with a private directory for firefox: firejail --private=~/firefox-jail, and I made sure the python script is installed to the private directory, and I've enabled the firefox-common-addons.profile to allow python. However, I'm continuing to get permission denied errors. Any suggestions?

[Vincent43]

Try disabling noexec ${HOME} from /etc/firejail/firefox-common.profile. If you have distro with apparmor then you have to add /{,run/firejail/mnt/oroot/}home/** ix, to /etc/apparmor.d/local/firejail-local as well.

[chiraag-nataraj]

@alkim0 Did @Vincent43's suggestion work?

[alkim0]

Sorry for the late response, but yes! This does work! Thank you.

[petRUShka]

@Vincent43, could you please tell if it is possible to narrow folders with exec capability.

Idea is to add noexec to all $HOME but some particular directory.

[petRUShka]

@alkim0, could you please provide whole configuration changes for native to work?

I've added python and have disabled noexec $HOME but it doesn't work...

noblacklist ${PATH}/python3.7*
noblacklist /usr/lib/python3.7*

[Vincent43]

@petRUShka you would have to add noexec to all dirs except one which isn't much scalable.

[petRUShka]

@Vincent43, sad to hear :(