How to use Mullvad browser with qvm-open-in-vm?

Hi everyone,
I’m trying to create a Mullvad setup that is similar to Whonix. This would consist of:

• A sys-mullvad qube that acts as a VPN gateway
• A mullvad qube that uses the Mullvad browser.

I know, it’s not supported, since the Mullvad browser isn’t supposed to be your default browser, but I’ld like to do it anyways .

I managed to setup the sys-mullvad qube via qubes-tunnel. But I struggle with the creation of a fully featured VM that utilizes the Mullvad browser.

What I already have accomplished:

• I managed to set the browser as my default browser by adding the Mime types of Firefox its desktop file
  ** echo ‘MimeType=text/html;text/xml;application/xhtml+xml;application/vnd.mozilla.xul+xml;text/mml;x-scheme-handler/http;x-scheme-handler/https;’ >> “./mullvad-browser/Browser/start-mullvad-browser.desktop”
• I manged to get the browser to open URLs within the AppVM by adding the %u parameter to the Exec= command within the start-mullvad-browser script, which will trickle down to the .desktop file once you run start-mullvad-browser.desktop --register-app
  ** sed -i ‘/Exec=/ s/–detach/& %u/’ “./mullvad-browser/Browser/start-mullvad-browser”
• I managed to open the Browser via the .desktop file in a DVM by monitoring the mullvadbrowser process in the start-mullvad-browser script
  ** sed -i ‘0,/disown “$!”/ s//& & while pgrep mullvadbrowser > /dev/null; do sleep 1; done/’ “./mullvad-browser/Browser/start-mullvad-browser”
  ** An alternative solution would be to remove the --detach option from the .desktop file, as mentioned here: Running new mulvad browser in disposable - #2 by szz9pza

So everything works fine within the VMs itself. But when I try to open a link from another qube via qvm-open-in-vm mullvad https://qubes-os.org, the browser won’t open.
The command works great with my Whonix and Online VM, but I can’t get it to work with my mullvad VM.

I must miss something basic, but I can’t put my finger on it.

Any help is appreciated.

Thanks in advance for your time and help!

You can’t use detach in the DVM link, if you remove the detach option it should work.

Thanks for the reply. Unfortunately I’m still doing something wrong.

I started a fresh installation of the Mullvad browser, added the %u and the Mime types within the .desktop file. I also removed every occurrence of --detach from the Exec= line in the .desktop file.

Now, the Exec line looks like this:

Exec=sh -c ‘“/home/user/.local/share/mullvad-browser/Browser/start-mullvad-browser” %u || ([ ! -x “/home/user/.local/share/mullvad-browser/Browser/start-mullvad-browser” ] && “$(dirname “$*”)”/Browser/start-mullvad-browser)’ dummy %k

The result semms to be the same:

• Opening the browser in an App- or DispVM works
• Opening URLs from within the VMs work
• Opening URLs via qvm-open-in-vm won’t work

Do I need to simplify the .desktop-file further?

I totally forgot to mention that I use a fedora-37-minimal image as the basis for my browser vm.

When I use a fedora-37 image as the baseline for the VM, Firefox will be used for qvm-open-in-vm instead of Mullvad browser.
URLs that I open from within the VM use Mullvad.

It seems like qvm-open-in-vm doesn’t respect my browser choice…

Did you remove it from all the .desktop files?

/home/user/.local/share/applications/start-mullvad-browser.desktop

You also need to remove it from that file.

Wow, thanks again for the quick reply :).

Originally, I only removed the option within the ~/.local/share/applications/start-mullvad-browser.desktop file.

Now I repeated this for
mullvad-browser/start-mullvad-browser.desktop
and
mullvadbrowser/Browser/start-mullvad-browser.desktop

But the command qvm-open-in-vm command still won’t open the Mullvad browser.

I misunderstood what you wanted to do.

I think you need to make mullvad the default x-www-browser in the DVM template, but I can’t get that to work.

Are you able to open mullvad with xdg-open https://www.qubes-os.org/ in the template?

Hi renehoj,
first of all, let me thank you again for taking so much time of your day to assist me regarding this matter!

The xdg-open command works fine within my DVM. I also have a AppVM based on the same template in which I also installed the browser. Both VMs act the same.

===Please proceed with caution after this line===

If you want to archive this too, you need to add a line with the Mime Types to your ~/.local/share/applications/start-mullvad-browser.desktop file:

MimeType=x-scheme-handler/http;x-scheme-handler/https;’

You might need to run this command afterwards according to this article: NewMIMESystem - Fedora Project Wiki

update-desktop-database &> /dev/null || :

To my understanding, this will add Mullvad browser as a suitable Application for http(s) links to ~/.local/share/applications/mimeinfo.cahce, which in turn will enable you to set it as the default browser of your current user with gnome-control center.

Also, you’ll have to add %u before || in the Exec= line of your desktop file, so URLs will actually open within the browser.

Exec=sh -c ‘“/home/user/.local/share/mullvad-browser/Browser/start-mullvad-browser” %u || ([ ! -x “/home/user/.local/share/mullvad-browser/Browser/start-mullvad-browser” ] && “$(dirname “$*”)”/Browser/start-mullvad-browser)’ dummy %k

===Proceed with even more caution after this line===

However, this change does ONLY affect the current user. If I am correct in my assumptions and you want to set Mullvad browser as the default browser system wide, you’ll have to tinker with /usr/share/applications/mimeapps.list and /usr/share/applications/mimeinfo.cache.

I was able to set the browser as the default for root and user by

• Extracting the Mullvad browser to /usr/share/mullvad-browser
• Add the Mime types with the command in my first post
• • echo ‘MimeType=text/html;text/xml;application/xhtml+xml;application/vnd.mozilla.xul+xml;text/mml;x-scheme-handler/http;x-scheme-handler/https;’ >> “./mullvad-browser/Browser/start-mullvad-browser.desktop”
• Add %u to the Exec= command via the command in my first post
• • sed -i ‘/Exec=/ s/–detach/& %u/’ “./mullvad-browser/Browser/start-mullvad-browser”
• Register the app
• Move the resulting desktop file from ~/.local/share/applications/start-mullvad-browser.desktop to /usr/share/applications
• Run the command to update thie Mimeapps.list as root
• • update-desktop-database &> /dev/null || :
• Change the start-mullvad-browser script so you can run it as root (even if you shouldn’t)
• • sed -i ‘/^if [ “id -u” -eq 0 ]; then$/,/^fi/ s/^/# /’ “./mullvad-browser/Browser/start-mullvad-browser”

This seems to me completely nuts, but it’s the best lead I got this far. It doesn’t solve my problem however. qvm-open-in-vm or qvm-open-in-dvm still won’t open URLs in Mullvad browser.

===TL;DR===
I didn’t find a solution yet and am still thankful for any help.

I’m signing off for the day to keep my sanity and will tinker with that a bit more tomorrow .

If you make a desktop file for mullvad browser in /usr/share/application, then you can use the option menu on a html file in the files browser to make mullvad the default application for html.

If you do this in the DVM template, it works with qvm-open-in-dvm for html files and urls.

Hi renehoj,
thanks for your reply. I still can’t get this to work however. Can you go into more detail of what you’ve done to accomplish this?

I extracted the mullvad-browser-archive, added the Mime Types, added %u and removed the --detach option of the desktop file:

tar -xf mullvad-browser-linux64-*.tar.xz -C .
echo 'MimeType=text/html;text/xml;application/xhtml+xml;text/mml;x-scheme-handler/http;x-scheme-handler/https;' >> "./mullvad-browser/Browser/start-mullvad-browser.desktop"
sed -i '/Exec=/ s/--detach/& %u/' "./mullvad-browser/Browser/start-mullvad-browser"
sed -i '/Exec=/s/ --detach//g' "./mullvad-browser/Browser/start-mullvad-browser"

Then put mullvad-browser into /usr/share, ran the --register-app command and moved the resulting desktop file from ~/.local/share/applications to /usr/share/applications

sudo mv mullvad-browser /usr/share
cd /usr/share/mullvad-browser
./start-mullvad-browser.desktop --register-app
sudo mv ~/.local/share/applications/start-mullvad-browser.desktop /usr/share

After that, I set the browser as the default browser, html and xml application for my system.

sudo xdg-settings set default-web-browser start-mullvad-browser.desktop
sudo xdg-mime default start-mullvad-browser.desktop text/html
sudo xdg-mime default start-mullvad-browser.desktop text/xml;
sudo xdg-mime default start-mullvad-browser.desktop application/xhtml+xml

Just to be sure everything went fine, I ran the following commands

sudo xdg-settings get default-web-browser
sudo xdg-mime query text/html
sudo xdg-mime query text/xml
sudo xdg-mime query xhtml+xml

As the default browser, I get start-mullvad-browser.desktop. The HTML-App however wasn’t set correctly for the root user as it returns firefox.desktop. The same command seems to work however for the user account.

xdg-open https://qubes-os.org will work, but sudo xdg-open https://qubes-os.org will open firefox instead…

[Desktop Entry]
Name=Mullvad Browser
GenericName=Browser
Comment=Mullvad web browser
Exec=/opt/mullvad-browser/Browser/mullvadbrowser.real %F
Terminal=false
Type=Application
Keywords=Text;editor;
Icon=gvim
Categories=Utility;TextEditor;
StartupNotify=false
MimeType=text/english;text/plain;text/x-makefile;text/x-c++hdr;text/x-c++src;text/x-chdr;text/x-csrc;text/x-java;text/x-moc;text/x-pascal;text/x-tcl;text/x-tex;application/x-shellscript;text/x-c;text/x-c++;

I just made a copy of the vim desktop file and changed the tags.

In the files browser in the DVM template, you right-click a html file and under properties you can select mullvad in the “open with” tab.

That’s the one I was struggling with all along! I never used the binary in my .desktop-file but the start-mullvad-browser script.

I’m still curious why this causes trouble and will look further into it, but you definitely solved my problem!

Thanks renehoj!

Can someone please state the most secure way of installing this browser?

Should this be installed in a disposable template? What are the most secure steps from start to finish to install this to minimize risks?

Hi lakbux,
while I do think your question can only be answered individually since it depends on your threat model and level of convenience you’re willing to sacrifice , I’ll gladly walk you through the process I took.

Regardless of using the Browser in a DVM or not, the Browser should be installed in a AppVM, not within a template, since it will by default only be installed for the current user and not systemwide.

First, you need to download the Mullvad Browser for Linux:
https://mullvad.net/en/download/browser/linux

Once downloaded, extracting the archive and moving the resulting files where you would like the application to be are the next steps. You can do that via your file manager or on the command line:

tar -xf ~/Downloads/mullvad-browser-linux64-*.tar.xz -C ~/.local/share

Next, you’ll need to “install” the app using the command line. This will create a desktop entry in your AppVM:

cd ~/.local/share/mullvad-browser
./start-mullvad-browser.desktop --register-app

At this is the point , you’ve completed the installation as Mullvad intended it.

You can now click on start in dom0, choose Qubes Tools - Qube Manager, go into the settings of your AppVM, switch into the Applications tab and click on Refresh applications.

The Mullvad Browser should appear on the list and you can start it from the AppVM Menu. However, you might miss some features:

• Mullvad Browser can’t be set as your default Browser, so if you click a link in another application it won’t open in Mullvad Browser.
• The Mullvad Browser won’t start in a DVM.
• You can’t open Links from other Qubes within the Mullvad Browser using qvm-open-in-vm

It’s not a bug - it’s a feature! Mullvad intended the Browser to work that way, but it’s far from convenient. So if you would like to increase the usability, you can proceed as follows:

The key to success lays within the ~/.local/share/applications/start-mullvad-browser.desktop file Mullvad Browser created during the installation process. You need to change the Exec= line, so it looks like this:

Exec=/home/user/.local/share/mullvad-browser/Browser/start-mullvad-browser %u

And add a line containing the Mime Types at the end of the file, so it reads like this:

MimeType=text/html;application/xhtml+xml;x-scheme-handler/http;x-scheme-handler/https;

The choice of GUI or console is up to you. I’ll provide the console commands just in case you need them:

sed -i '/Exec=.*\"\s\+\|\|/s/\" --detach/ %u/g' ~/.local/share/applications/start-mullvad-browser.desktop
sed -i "s/sh -c '\"//g" ~/.local/share/applications/start-mullvad-browser.desktop
sed -i "s/ |.*%k//g" ~/.local/share/applications/start-mullvad-browser.desktop
echo 'MimeType=text/html;application/xhtml+xml;x-scheme-handler/http;x-scheme-handler/https;' >> ~/.local/share/applications/start-mullvad-browser.desktop

The last step missing is to update your mimeinfo cahce. This will check your . desktop-files and link them to matching file extensions.

sudo update-desktop-database ~/.local/share/applications

Now you’re golden. The browser should now behave like a regular default browser.

Some additional info
If something went wrong, you can create a ne desktop file by “reinstalling” the app:

cd ~/.local/share/mullvad-browser
./start-mullvad-browser.desktop --unregister-app
./start-mullvad-browser.desktop --register-app

In case you use a minimal template, you’ll need to install some Firefox dependencies:

sudo dnf install pciutils-libs dbus-glib libva

I hope this will help you to setup the Browser to your needs.

can you explain this more? isnt the whole purpose of Mullvad browser to give you a hardened default browser? Like Tor itself isnt supposed to be your default browser but I thought the Mullvad browser project WAS to replace your default Browser. Why shouldn’t it be your default browser in place of lets say Firefox etc.

Alternate means of installing Mullvad Browser

Although you have to install the Flatpak itself first.

Then go to Settings/Applications
Then just under the center.
Refresh Applications
After awhile. Mullvad Browser appears in left hand list
use “>” to put it on the other side.

Apply / OK

You should now have a Tab to start “Mullvad Browser”

And for all you effort to install Flatpak, you have all those other easier to install programs shown in Flathub.

much appreciated! this was easier for me in the end.