Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow KeePassXC access to its socket path #5452

Closed
wants to merge 1 commit into from
Closed

Allow KeePassXC access to its socket path #5452

wants to merge 1 commit into from

Conversation

WhyNotHugo
Copy link
Contributor

KeePassXC now exposes its browser socket in a dedicated directory, so that this directory can be mounted inside the same sandbox as browser and browsers can talk to it.

This allows using the browser extension when KeePassXC and/or the browser are sandboxed.

See: keepassxreboot/keepassxc#8018
Fixes: #5447

@WhyNotHugo
Allow KeePassXC access to its socket path
4c29a1d 
KeePassXC now exposes its browser socket in a dedicated directory, so
that this directory can be mounted inside the same sandbox as browser
and browsers can talk to it.

This allows using the browser extension when KeePassXC and/or the
browser are sandboxed.

See: keepassxreboot/keepassxc#8018
Fixes: #5447
rusty-snake
rusty-snake requested changes Nov 5, 2022
View reviewed changes
Copy link
Collaborator

@rusty-snake rusty-snake left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will break X11, D-Bus, ...

@WhyNotHugo
Copy link
Contributor Author

This will break X11, D-Bus, ...

Can you finish the sentence? How? I'm not using X11, so can't really try that.

@WhyNotHugo
Copy link
Contributor Author

This only adds a new whitelist entry on top of the existing one. That is, a new directory is now exposed. I can't imagine how X11 would break because of that.

@rusty-snake
Copy link
Collaborator

Because the Xauthority location of gdm, sddm, XWayland (mutter), ... are now hidden.

@WhyNotHugo
Copy link
Contributor Author

Right, as discussed in #5453, this is not the right approach, but the original issue remains valid.

@WhyNotHugo
Copy link
Contributor Author

Oh, see #5447

@WhyNotHugo WhyNotHugo closed this Nov 5, 2022
@WhyNotHugo WhyNotHugo deleted the keepassxc-socket branch November 5, 2022 12:23
@rusty-snake
Copy link
Collaborator

Actually the noblacklist ${RUNUSRR]/app should be done. We should also consider if it makes sense to blacklist app id programs start to require it.

@WhyNotHugo
Copy link
Contributor Author

Indeed, but #5447 tracks this.

@kmk3 kmk3 mentioned this pull request Jul 7, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rusty-snake rusty-snake rusty-snake requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

firefox: cannot communicate with KeePassXC
2 participants
@WhyNotHugo @rusty-snake