jails Firefox run as a Wayland app in a Ubuntu Jail with dbus for notifications and mpris

[NapoleonWils0n]

I have installed Firefox as deb in a Ubuntu Mantic jail and enabled dbus to communicate with the host
by passing in the DBUS_SESSION_BUS_ADDRESS from the host in a script

this allows desktop notifications from the jailed browser to show up on the host
and mpris to control videos playing in the browser using playerctl on the host

i also used notify-send in the jail with the host dbus session address and the notification appeared on the host

Firefox is run as a native Wayland application on the Freebsd host
which is using labwc as the wayland compositor

Instead of using an Xwayland window which runs an application inside of a single window
Firefox is running a native Wayland application on the host

So you can use picture in picture mode to pop out the video
which isnt possible using an Xwayland window

Firefox is launched using a dektop entry from your application launcher
and is displayed on the host using wayland with the audio routed over a pulseaudio socket from the jail to the host

By editing the mimeapps.list on the host you can also set the jailed firefox to be the default browser
so XDG_OPEN will open links from other applications in the jailed version of firefox

its also possible to mount the downloads directory from the host to the jail as well
nvidia and cuda are also enabled for hardware acceleration

i havent managed to get drm playback to work

ill have to do a write up of all the steps
note i used firefox in the jail to post this thread

screenshots:

firefox playing kylie on youtube with the picture in picture mode

firefox playing kylie on youtube with the picture in picture mode displayed on second monitor

firefox open dialog box showing the home directory in the jail

firefox open dialog box showing the root directory of the jail

 

[NapoleonWils0n]

desktop entry and wrapper scripts to launch jailed linux applications

rather than creating launcher scripts for each application you want to run in the jail
i created 2 wrapper scripts, one for freebsd and one for linux

then i use a desktop entry that calls the wrapper-freebsd script
with an argument of the name of the application i want to launch from the jail

desktop entry for firefox which i called jailfox.desktop

[Desktop Entry]
Version=1.0
Name=Jailfox
Comment=Browse the World Wide Web
GenericName=Web Browser
Keywords=Internet;WWW;Browser;Web;Explorer
Exec=sh -c 'wrapper-freebsd -a firefox %U'
Terminal=false
Type=Application
Icon=firefox
Categories=GNOME;GTK;Network;WebBrowser;
MimeType=text/html;text/xml;application/xhtml+xml;application/xml;application/rss+xml;application/rdf+xml;image/gif;image/jpeg;image/png;x-scheme-handler/http;x-scheme-handler/https;x-scheme-handler/ftp;x-scheme-handler/chrome;video/webm;application/x-xpinstall;
StartupNotify=true
Actions=NewWindow;NewPrivateWindow;

[Desktop Action NewWindow]
Name=Open a New Window
Exec=firefox -new-window

[Desktop Action NewPrivateWindow]
Name=Open a New Private Window
Exec=firefox -private-window

the exec line calls the wrapper-freebsd script

Exec=sh -c 'wrapper-freebsd -a firefox %U'

with the -a option and the name of the application to launch

wrapper-freebsd script

#!/bin/sh

# wrapper-freebsd

#===============================================================================
# script usage
#===============================================================================

usage () {
# if argument passed to function echo it
[ -z "${1}" ] || echo "! ${1}"
# display help
echo "\
# script usage
$(basename "$0") -u ${USER}"
exit 2
}

#===============================================================================
# check the number of arguments passed to the script
#===============================================================================

[ $# -gt 0 ] || usage "${WRONG_ARGS_ERR}"


#===============================================================================
# getopts check the options passed to the script
#===============================================================================

while getopts ':a:h' opt
do
  case ${opt} in
     a) app="${OPTARG}";;
     h) usage;;
     \?) usage "${INVALID_OPT_ERR} ${OPTARG}" 1>&2;;
     :) usage "${INVALID_OPT_ERR} ${OPTARG} ${REQ_ARG_ERR}" 1>&2;;
  esac
done
shift $((OPTIND-1))

#===============================================================================
# run the application in the jail
#===============================================================================

# start pulseaudio
pulseaudio --start --daemonize 2>/dev/null

# doas jexec into ubuntu and run the wrapper script to start the application
doas jexec ubuntu /usr/local/bin/wrapper-linux \
-u "${USER}" \
-d "DBUS_SESSION_BUS_ADDRESS=${DBUS_SESSION_BUS_ADDRESS}" \
-a "${app}"

the wrapper-freebsd script starts pulseaudio
runs the wrapper-linux script in the jail
and passes in the USER, DBUS_SESSION_BUS_ADDRESS and app to launch

wrapper-linux script

#!/bin/bash

#===============================================================================
# wrapper-linux
#===============================================================================

#===============================================================================
# script usage
#===============================================================================

usage () {
# if argument passed to function echo it
[ -z "${1}" ] || echo "! ${1}"
# display help
echo "\
# script usage
$(basename "$0") -u ${USER}"
exit 2
}

#===============================================================================
# check the number of arguments passed to the script
#===============================================================================

[ $# -gt 0 ] || usage "${WRONG_ARGS_ERR}"


#===============================================================================
# getopts check the options passed to the script
#===============================================================================

while getopts ':u:d:a:h' opt
do
  case ${opt} in
     u) username="${OPTARG}";;
     d) dbus="${OPTARG}";;
     a) app="${OPTARG}";;
     h) usage;;
     \?) usage "${INVALID_OPT_ERR} ${OPTARG}" 1>&2;;
     :) usage "${INVALID_OPT_ERR} ${OPTARG} ${REQ_ARG_ERR}" 1>&2;;
  esac
done
shift $((OPTIND-1))


#===============================================================================
# switch to our user in the jail and start the application
#===============================================================================

su "${username}" -c "${dbus} ${app}" 2>/dev/null

the wrapper-linux script gets the USER, DBUS_SESSION_BUS_ADDRESS and app to launch
from the wrapper-freebsd script

the advantage of this technique is that you can launch any application from the jail
by creating a new desktop entry on freebsd and pass in a different application to the wrapper-freebsd script using the -a option

 

[NapoleonWils0n]

firefox on freebsd is using hardware acceleration for the webrenderer
as can be seen in the more troubleshooting information in the screenshot below

firefox in the jail is using the webrenderer (software )
im trying to figure how to enable the webrenderer using hardware acceleration in the jail

i have the nvidia driver installed and nvidia-smi works and shows cuda enabled
ubuntu-restricted-extras and ffmpeg installed

the jail has the /dev/dri, drm and nvidia exposed to the jail using devfs.rules

some thoughts on what the issue might be

1 - jail config something else needs to be set up in the jail
2 - ubuntu needs another package installed
3 - firefox needs some variable set

freebsd firefox

ubuntu jail firefox

 

[NapoleonWils0n]

i copied the .mozilla directory from my laptop running ubuntu
to the ubuntu jail and started firefox with

firefox -P

in the jail which allows you to select the profile to use

i checked the more troubleshooting information on firefox running in the jail

and the WebRenderer is enabled and listed as

WebRenderer

and not

WebRenderer (software)

so its just a setting that needs to be set in about:config
or using user.js in the firefox profile directory to enable the WebRenderer

ill compare the output of about:config and narrow down the setting that needs to be enabled

also i had drm playback enabled in firefox on the laptop running Ubuntu
which works and can play itv in the uk

but when i tried playing back drm content on firefox running in the jail with the same .mozilla directory
it didnt work and just gives a message at the top of the page saying firefox is downloading software needed to playback the video

so no drm playback in firefox even with a .mozilla directory that already has drm enabled and widevine downloaded
also checked what was installed in the jail vs on my ubuntu laptop by running

apt list --installed > installed.txt

and then diffed the 2 files

more troubleshooting information -Firefox running in a Ubuntu Jail with WebRender enabled

 

[NapoleonWils0n]

WebRender enabled on Firefox in the Ubuntu jail

you just need to create user.js file in the firefox profile directory
which you can find by opening the more troubleshooting information menu in firefox

user.js

// userchrome.css usercontent.css activate
user_pref("toolkit.legacyUserProfileCustomizations.stylesheets", true);

// pocket show on home screen = false
user_pref("extensions.pocket.enabled", false);
user_pref("extensions.pocket.showHome", false);
user_pref("extensions.pocket.onSaveRecs", false);
user_pref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includePocket", false);
user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false);
user_pref("gfx.webrender.all", true);

the line needed to enable the webrenderer

user_pref("gfx.webrender.all", true);

one thing to note is that enabling the webrender cause firefox to start up with a black screen for a second
and the fans kick in when playing a video, which they dont using webrenderer (software)