Notification from Firefox add-on become of lower resolution & can not induced system sound notification.

[Nokia808]

Hi dears.

I have on my Firefox 2 add-ons:

• "Download Notifications"
  &
• Multithreaded download manager

Without firejail, their text notification when appear at end of download appear with resolution seem to me the same of browser, & they induced sound notification of my Cinnamon DE. Cinnamon DE have option to associate a sound with system text notification so that every time a text system notification appear, there will be a sound induced. This option should activated by user ...

With firejail enabled for Firefox, the text notification appear but with lower resolution so that size of it & it's contents become larger. Also, they failed to induced system sound notification (audio notification).

Very clear this is due to affect of sandbox.

My request is ass following: if fixing this issue NOT undermine the security of firejail sandbox of Firefox, then this issue should fixed. Otherwise, if the fix lead to break security of sandbox then please do not fix it & kindly close this issue because it is cosmetic ...

[glitsj16]

My request is ass following: if fixing this issue NOT undermine the security of firejail sandbox of Firefox, then this issue should fixed. Otherwise, if the fix lead to break security of sandbox then please do not fix it & kindly close this issue because it is cosmetic ...

This sounds very much like a D-Bus issue, see the comments in /etc/firejail/firefox-common.profile. Assuming you are using 0.9.62, the comment on line 37 and following explains what you can try to fix this. The next release of firejail will have more finegrained dbus-* controls. But in 0.9.62 you don't have much other options than to allow D-Bus access. Have you tried adding ignore nodbus to a firefox-common.local file yet? Additionally, depending on where the sound notification files are located on your OS, you might need to whitelist the relevant paths to those too.

[rusty-snake]

Native notifications are implemented over D-Bus (org.freedesktop.Notifications) which need to be allowed.

firejail <= 0.9.62:
#2028 (comment)

firejail >= 0.9.63:

You could allow org.freedesktop.Notifications:

firejail/etc/profile-a-l/firefox.profile

Lines 31 to 35 in 3490ba4

	dbus-user filter
	dbus-user.own org.mozilla.firefox.*
	dbus-user.own org.mpris.MediaPlayer2.firefox.*
	# Uncomment or put in your firefox.local to enable native notifications.
	#dbus-user.talk org.freedesktop.Notifications

Drawback: Under GNOME (and some other DEs) this allows to execute arbitrary code outside the sandbox, record the screen, ...

dbus-user filter
dbus-user.talk org.freedesktop.Notifications

You can prevent this drawback with

dbus-user filter
dbus-user.call org.freedesktop.Notifications=org.freedesktop.Notifications.*@/org/freedesktop/Notifications
dbus-user.broadcast org.freedesktop.Notifications=org.freedesktop.Notifications.*@/org/freedesktop/Notifications

However this looks terrible. A workaround could be a .inc file for that, so that profiles only have include dbus-notifications.inc. IMHO we should avoid to use a lot of inc-files only containing 2-3 lines. My purpose for that is #3412 (or alternative #3424).

[Nokia808]

I think the best - if technically possible - to fix this WITHOUT break security or weakening the power of sandbox & make the fix built-in & user need nothing to do from heir/his side at all. Otherwise, the fix seem to me to penetrate the sandbox & this is bad ...