a process outside its sandbox) to then run the KeePassXC Flatpak and that then runs the NMH. The problem is that Firefox can’t simply flatpak run the native messaging host, it needs to spawn a host process (i.e. Naturally we’ll also need to adjust the Flatpak permissions so KeePassXC can write to this path.įlatpak override -user -filesystem=~/.var/app//.mozilla/native-messaging-hosts Īt this point Firefox knows about the native messaging host but it won’t be able to run it. ~/.var/app//.mozilla/native-messaging-hosts/ is the path inside Firefox’ home where the defintion file will be written. So, don’t do this if you don’t keep your Firefox updated or visit particularly dodgy websites.įor the purposes of this post I’m assuming Firefox and KeePassXC are installed as Flatpaks in user scope.įirst order of business is setting up KeePassXC so it writes its definition file in a place where Firefox can read it. Opening the same database from within the. This enables the use of native messaging even without portal integration, albeit also without sane degrees of sandboxing.įirst off, please understand that this undermines the sandbox on a fairly fundamental level. KeepassXC possible bug on TOTP I have noticed that, if I have a database saved on a support like a smartphone memory, connected to a Windows machine via USB cable, and I open the file witout copying it to the local drive (as a cached copy, as done by Windows), KeepassXC shows wrong TOTP codes. ![]() ![]() To celebrate its anniversary I thought I’d write down how to drill a native-messaging sized hole into the sandbox. ![]() Perhaps it shouldn’t come as a surprise that native-messaging sandboxing support for Flatpak has been in development for over a year. ![]() But application sandboxing, so an application cannot do anything it wants, is a challenge – even more so when you have two applications that need to talk to each other.
0 Comments
Leave a Reply. |