feature: add ${PROJECTS} macro (#7157)

Based on the new ~/Projects directory from version 0.20 of the
xdg-user-dirs specification[1]:

* `XDG_PROJECTS_DIR="$HOME/Projects"`

Relates to #7147 #7151.

[1] https://www.freedesktop.org/wiki/Software/xdg-user-dirs/

Makefile

@@ -394,7 +394,7 @@ scan-build: clean
 .PHONY: codespell
 codespell:
 	@printf 'Running %s...\n' $@
-	@$(CODESPELL) --ignore-regex 'Manuel|UE|als|chage|creat|doas|ether|isplay|readby|[Ss]hotcut' \
+	@$(CODESPELL) --ignore-regex 'Manuel|Projets|UE|als|chage|creat|doas|ether|isplay|readby|[Ss]hotcut' \
 	  -S *.d,*.gz,*.o,*.so \
 	  -S COPYING,m4 \
 	  -S ./contrib/syscalls.sh \

contrib/syntax/lists/profile_macros.list

@@ -6,5 +6,6 @@ HOME
 MUSIC
 PATH
 PICTURES
+PROJECTS
 RUNUSER
 VIDEOS

etc/inc/allow-common-devel.inc

@@ -2,6 +2,9 @@
 # Persistent customizations should go in a .local file.
 include allow-common-devel.local
 
+# Default
+noblacklist ${PROJECTS}
+
 # Arduino
 noblacklist ${HOME}/.arduino15
 noblacklist ${HOME}/Arduino

etc/inc/disable-xdg.inc

@@ -5,6 +5,7 @@ include disable-xdg.local
 blacklist ${DOCUMENTS}
 blacklist ${MUSIC}
 blacklist ${PICTURES}
+blacklist ${PROJECTS}
 blacklist ${VIDEOS}
 
 # The following should be considered catch-all directories

etc/profile-a-l/build-systems-common.profile

@@ -28,7 +28,7 @@ include disable-shell.inc
 include disable-x11.inc
 include disable-xdg.inc
 
-#whitelist ${HOME}/Projects
+#whitelist ${PROJECTS}
 #include whitelist-common.inc
 
 whitelist /usr/share/pkgconfig

etc/profile-m-z/nodejs-common.profile

@@ -22,6 +22,7 @@ ignore read-only ${HOME}/.npmrc
 ignore read-only ${HOME}/.nvm
 ignore read-only ${HOME}/.yarnrc
 
+noblacklist ${PROJECTS}
 noblacklist ${HOME}/.cache/deno
 noblacklist ${HOME}/.deno
 noblacklist ${HOME}/.local/share/pnpm
@@ -46,8 +47,8 @@ include disable-shell.inc
 include disable-x11.inc
 include disable-xdg.inc
 
-# If you want whitelisting, change ${HOME}/Projects below to your node projects directory
+# If you want whitelisting, change ${PROJECTS} below to your node projects
-# and add the next lines to your nodejs-common.local.
+# directory and add the next lines to your nodejs-common.local.
 #mkdir ${HOME}/.local/share/pnpm
 #mkdir ${HOME}/.node-gyp
 #mkdir ${HOME}/.npm
@@ -58,6 +59,7 @@ include disable-xdg.inc
 #mkdir ${HOME}/.yarncache
 #mkfile ${HOME}/.npmrc
 #mkfile ${HOME}/.yarnrc
+#whitelist ${PROJECTS}
 #whitelist ${HOME}/.local/share/pnpm
 #whitelist ${HOME}/.node-gyp
 #whitelist ${HOME}/.npm
@@ -68,7 +70,6 @@ include disable-xdg.inc
 #whitelist ${HOME}/.yarn-config
 #whitelist ${HOME}/.yarncache
 #whitelist ${HOME}/.yarnrc
-#whitelist ${HOME}/Projects
 #include whitelist-common.inc
 
 whitelist /usr/share/doc/node

etc/templates/profile.template

@@ -45,6 +45,7 @@
 #  ${HOME} (user's home)
 #  ${PATH} (contents of PATH env var)
 #  ${PICTURES}
+#  ${PROJECTS}
 #  ${MUSIC}
 #  ${RUNUSER} (/run/user/UID)
 #  ${VIDEOS}

src/firejail/macros.c

@@ -61,6 +61,12 @@ Macro macro[] = {
 		{"Pictures", "Изображения", "Images", "Immagini", "Imágenes", "Imagens", "Bilder"}
 	},
 
+	{
+		"${PROJECTS}",
+		"XDG_PROJECTS_DIR=\"$HOME/",
+		{"Projects", "Проекты", "Projets", "Progetti", "Proyectos", "Projectos", "Projekte"}
+	},
+
 	{
 		"${VIDEOS}",
 		"XDG_VIDEOS_DIR=\"$HOME/",

test/fs/fs.sh

@@ -13,6 +13,7 @@ mkdir -p ~/Documents
 mkdir -p ~/Downloads
 mkdir -p ~/Music
 mkdir -p ~/Pictures
+mkdir -p ~/Projects
 mkdir -p ~/Videos
 
 echo "TESTING: tmpfs as regular user (test/fs/tmpfs.exp)"
@@ -108,6 +109,7 @@ rm -f ~/Documents/_firejail_test_file
 rm -f ~/Downloads/_firejail_test_file
 rm -f ~/Music/_firejail_test_file
 rm -f ~/Pictures/_firejail_test_file
+rm -f ~/Projects/_firejail_test_file
 rm -f ~/Videos/_firejail_test_file
 
 mkdir -p ~/Desktop/_firejail_test_dir/a
@@ -120,6 +122,8 @@ mkdir -p ~/Music/_firejail_test_dir/a
 mkdir -p ~/Music/_firejail_test_dir/b
 mkdir -p ~/Pictures/_firejail_test_dir/a
 mkdir -p ~/Pictures/_firejail_test_dir/b
+mkdir -p ~/Projects/_firejail_test_dir/a
+mkdir -p ~/Projects/_firejail_test_dir/b
 mkdir -p ~/Videos/_firejail_test_dir/a
 mkdir -p ~/Videos/_firejail_test_dir/b
 echo "TESTING: macro subpaths (test/fs/macro-subpath.exp)"
@@ -129,6 +133,7 @@ rm -fr ~/Documents/_firejail_test_dir
 rm -fr ~/Downloads/_firejail_test_dir
 rm -fr ~/Music/_firejail_test_dir
 rm -fr ~/Pictures/_firejail_test_dir
+rm -fr ~/Projects/_firejail_test_dir
 rm -fr ~/Videos/_firejail_test_dir
 
 echo "TESTING: whitelist empty (test/fs/whitelist-empty.exp)"

test/fs/macro-blacklist.profile

@@ -3,4 +3,5 @@ blacklist ${DOCUMENTS}
 blacklist ${DOWNLOADS}
 blacklist ${MUSIC}
 blacklist ${PICTURES}
+blacklist ${PROJECTS}
 blacklist ${VIDEOS}

test/fs/macro-readonly.profile

@@ -3,4 +3,5 @@ read-only ${DOCUMENTS}
 read-only ${DOWNLOADS}
 read-only ${MUSIC}
 read-only ${PICTURES}
+read-only ${PROJECTS}
 read-only ${VIDEOS}

test/fs/macro-subpath-blacklist.profile

@@ -3,4 +3,5 @@ blacklist ${DOCUMENTS}/_firejail_test_dir
 blacklist ${DOWNLOADS}/_firejail_test_dir
 blacklist ${MUSIC}/_firejail_test_dir
 blacklist ${PICTURES}/_firejail_test_dir
+blacklist ${PROJECTS}/_firejail_test_dir
 blacklist ${VIDEOS}/_firejail_test_dir

test/fs/macro-subpath-readonly.profile

@@ -3,4 +3,5 @@ read-only ${DOCUMENTS}/_firejail_test_dir
 read-only ${DOWNLOADS}/_firejail_test_dir
 read-only ${MUSIC}/_firejail_test_dir
 read-only ${PICTURES}/_firejail_test_dir
+read-only ${PROJECTS}/_firejail_test_dir
 read-only ${VIDEOS}/_firejail_test_dir

test/fs/macro-subpath-whitelist.profile

@@ -3,4 +3,5 @@ whitelist ${DOCUMENTS}/_firejail_test_dir/a
 whitelist ${DOWNLOADS}/_firejail_test_dir/a
 whitelist ${MUSIC}/_firejail_test_dir/a
 whitelist ${PICTURES}/_firejail_test_dir/a
+whitelist ${PROJECTS}/_firejail_test_dir/a
 whitelist ${VIDEOS}/_firejail_test_dir/a

test/fs/macro-subpath.exp

@@ -14,6 +14,7 @@ send -- "firejail --profile=./macro-subpath-whitelist.profile ls \
 	~/Downloads/_firejail_test_dir \
 	~/Music/_firejail_test_dir \
 	~/Pictures/_firejail_test_dir \
+	~/Projects/_firejail_test_dir \
 	~/Videos/_firejail_test_dir \
 \r"
 
@@ -46,6 +47,11 @@ expect {
 	"Pictures/_firejail_test_dir/a" {}
 	"Pictures/_firejail_test_dir/b" {puts "TESTING ERROR 1.2 Pictures\n";exit}
 }
+expect {
+	timeout {puts "TESTING ERROR 1.1 Projects\n";exit}
+	"Projects/_firejail_test_dir/a" {}
+	"Projects/_firejail_test_dir/b" {puts "TESTING ERROR 1.2 Projects\n";exit}
+}
 expect {
 	timeout {puts "TESTING ERROR 1.1 Videos\n";exit}
 	"Videos/_firejail_test_dir/a" {}
@@ -114,6 +120,18 @@ expect {
 }
 after 100
 
+send -- "firejail --profile=./macro-subpath-blacklist.profile ls ~/Projects/_firejail_test_dir; echo ret \$?\r"
+expect {
+	timeout {puts "TESTING ERROR 2 Projects\n";exit}
+	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+}
+expect {
+	timeout {puts "TESTING ERROR 2.1 Projects\n";exit}
+	"Permission denied" {}
+	-re {ret 0} {puts "TESTING ERROR 2.2 Projects\n";exit}
+}
+after 100
+
 send -- "firejail --profile=./macro-subpath-blacklist.profile ls ~/Videos/_firejail_test_dir; echo ret \$?\r"
 expect {
 	timeout {puts "TESTING ERROR 2 Videos\n";exit}
@@ -187,6 +205,18 @@ expect {
 }
 after 100
 
+send -- "firejail --profile=./macro-subpath-readonly.profile touch ~/Projects/_firejail_test_dir/_firejail_test_file; echo ret \$?\r"
+expect {
+	timeout {puts "TESTING ERROR 3 Projects\n";exit}
+	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+}
+expect {
+	timeout {puts "TESTING ERROR 3.1 Projects\n";exit}
+	"Read-only file system" {}
+	-re {ret 0} {puts "TESTING ERROR 3.2 Projects\n";exit}
+}
+after 100
+
 send -- "firejail --profile=./macro-subpath-readonly.profile touch ~/Videos/_firejail_test_dir/_firejail_test_file; echo ret \$?\r"
 expect {
 	timeout {puts "TESTING ERROR 3 Videos\n";exit}

test/fs/macro-whitelist.profile

@@ -3,4 +3,5 @@ whitelist ${DOCUMENTS}
 whitelist ${DOWNLOADS}
 whitelist ${MUSIC}
 whitelist ${PICTURES}
+whitelist ${PROJECTS}
 whitelist ${VIDEOS}

test/fs/macro.exp

@@ -33,6 +33,10 @@ expect {
 	timeout {puts "TESTING ERROR 1.1 Pictures\n";exit}
 	"Pictures"
 }
+expect {
+	timeout {puts "TESTING ERROR 1.1 Projects\n";exit}
+	"Projects"
+}
 expect {
 	timeout {puts "TESTING ERROR 1.1 Videos\n";exit}
 	"Videos"
@@ -100,6 +104,18 @@ expect {
 }
 after 100
 
+send -- "firejail --profile=./macro-blacklist.profile ls ~/Projects; echo ret \$?\r"
+expect {
+	timeout {puts "TESTING ERROR 2 Projects\n";exit}
+	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+}
+expect {
+	timeout {puts "TESTING ERROR 2.1 Projects\n";exit}
+	"Permission denied" {}
+	-re {ret 0} {puts "TESTING ERROR 2.2 Projects\n";exit}
+}
+after 100
+
 send -- "firejail --profile=./macro-blacklist.profile ls ~/Videos; echo ret \$?\r"
 expect {
 	timeout {puts "TESTING ERROR 2 Videos\n";exit}
@@ -173,6 +189,18 @@ expect {
 }
 after 100
 
+send -- "firejail --profile=./macro-readonly.profile touch ~/Projects/_firejail_test_file; echo ret \$?\r"
+expect {
+	timeout {puts "TESTING ERROR 3 Projects\n";exit}
+	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+}
+expect {
+	timeout {puts "TESTING ERROR 3.1 Projects\n";exit}
+	"Read-only file system" {}
+	-re {ret 0} {puts "TESTING ERROR 3.2 Projects\n";exit}
+}
+after 100
+
 send -- "firejail --profile=./macro-readonly.profile touch ~/Videos/_firejail_test_file; echo ret \$?\r"
 expect {
 	timeout {puts "TESTING ERROR 3 Videos\n";exit}