Good for us: it has not many depenencies and is available as a stand-alone application. Worst things first: We need the keepassxc-proxy as a binary, because we want to have it run inside of the Firefox flatpak.Tested with: Fedora 32, v75 from flathub, v2.5.4 from flathub Starting keepassxc-proxy by Firefox ![]() Exposing the UNUX socket from the KeePassXC flatpak to other applications outside of the Flatpak.Note: At that step, you can already run the variation: Firefox (sandboxed), KeePassXC (host-installed) Allowing Firefox to access the socket of KeePassXC.Starting keepassxc-proxy by Firefox (solution: we run it inside the Firefox sandbox).To spoiler, this are the main points we need to solve: However, even if we've solved the fact of Firefox having to run the proxy, there are more problems. ![]() So glad news ahead: This solution preserves all sandboxes and security aspects! After all, from a security POV you could then also just install Firefox on the host, yet again. However, seeing how lovely and quite securley the Firefox sandbox is already built, I would not dare to destroy that security for such a feature. So we could solve that by making wrapper scripts and using flatpak-spawn to let Firefox escape it's sandbox. Anyway, whatever it does, it cannot do one thing: Spawn a process on the host or in another flatpak. it does not have any generic access to the file system (it uses portals).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |