One of the small missing details in my browser configuration has been the lack of automated opening of URL’s inside the container. So when I’m for example skimming through news feed, or reading e-mail, and need to open some URL in graphical browser, so far I’ve been using functions that send the URL in the container clipboard, and then manually switch to the container and open the URL from clipboard.

This is a clear call for automation, and it was just a matter or finding the best way to do it. I did some experiments in monitoring the clipboard with browser add-on, but it didn’t feel like correct solution. Technically that is indeed possible, but it is against one of design principles in my container setup: to enforce data I/O from outside the container. In the clipboard monitoring, while the URL opening is initiated by user outside the container, it is still the browser inside container making the decision, thus it cannot be trusted.

If nothing else, all this is just an example of wrong thinking, and how far it should be taken in order to make it meet the design. Then it just occurred to me: this is the job of Window Manager! From that idea, everything clicked in minutes.

This is the script:


# 1. get the container
SEC=`ls -Z /home/jarkko/net_home/seremote | sed 's/.*s0:\(.*\) .*/\1/g'`
WIN=`stumpish echo-windows "%n %t" | grep $SEC | awk '{print $1}'`
if [[-z $WIN ]]; then
    echo "No browser running."
# 2. activate container window
stumpish select-window-by-number $WIN

# 3. send input 'Ctrl+x Y'
stumpish meta "C-x"
stumpish meta "Y"

In the script, I use stumpish to control the WM, and rely on the Vimium definition of openCopiedUrlInNewTab. Locating the container frame is based on the fact that SELinux sandbox sets certain SELinux parameters to the window title. Since I may have several containers running at the same time (one for Internet browsing, one for online banking etc.) I use the SELinux MLS/MCS range to identify the container (variable SEC).

In the Emacs, I just then use something like this to override browse-url-default-browser:

(advice-add 'browse-url-default-browser :override
	    (lambda (url &rest args)
		  (kill-new url)
		  (start-process "set-clip" "maintenance" "~/bin/" "net" "0")
		  (start-process "send-url" "maintenance" "~/bin/")))) is the bash-script above, and is defined here.

With this setup, I also get the added bonus of rising the browser no matter where it is buried.