~whynothugo/dotfiles

9302fbf512bc58fb604c874d68ad8446ef1b4de6 — Hugo Osvaldo Barrera 9 days ago 3c5d8ee
keepassxc: Configure sandbox to work with browser

Workaround until sandbox support is patches upstream.

See: https://github.com/keepassxreboot/keepassxc/issues/8018
M sysconfig/etc/firejail/firefox.local => sysconfig/etc/firejail/firefox.local +4 -0
@@ 26,3 26,7 @@ dbus-user.talk org.freedesktop.Notifications
# Add the next line to your firefox.local to allow screen sharing under wayland.
dbus-user.talk org.freedesktop.portal.Desktop
#------------------------------------------------------------------------------

# For KeePassXC:
mkdir ${RUNUSER}/app/org.keepassxc.KeePassXC
whitelist ${RUNUSER}/app/org.keepassxc.KeePassXC

A sysconfig/etc/firejail/keepassxc.local => sysconfig/etc/firejail/keepassxc.local +12 -0
@@ 0,0 1,12 @@
# Change where keepass stores its socket.
mkdir ${RUNUSER}/app/org.keepassxc.KeePassXC
whitelist ${RUNUSER}/app/org.keepassxc.KeePassXC
env XDG_RUNTIME_DIR=${RUNUSER}/app/org.keepassxc.KeePassXC

# Allow access to the wayland socket (symlink points here).
whitelist ${RUNUSER}/wayland-1
#env DBUS_SESSION_BUS_ADDRESS is set by dbus-user filter

whitelist ${HOME}/priv/keepassxc
whitelist ${HOME}/.cache/keepassxc
whitelist ${HOME}/.config/keepassxc

A sysconfig/usr/local/bin/keepassxc-proxy-wrapper => sysconfig/usr/local/bin/keepassxc-proxy-wrapper +3 -0
@@ 0,0 1,3 @@
#!/bin/bash
export XDG_RUNTIME_DIR=/run/user/1000/app/org.keepassxc.KeePassXC
exec /usr/bin/keepassxc-proxy

A sysconfig/usr/share/user-tmpfiles.d/80-keepassxc.conf => sysconfig/usr/share/user-tmpfiles.d/80-keepassxc.conf +1 -0
@@ 0,0 1,1 @@
L    %t/keepassxc/wayland-1    - - -    -    %t/wayland-1