feature: add ${PROJECTS} macro (#7157)

Based on the new ~/Projects directory from version 0.20 of the xdg-user-dirs specification[1]: * `XDG_PROJECTS_DIR="$HOME/Projects"` Relates to #7147 #7151. [1] https://www.freedesktop.org/wiki/Software/xdg-user-dirs/
2026-05-15 06:06:02 -06:00 · 2026-05-09 13:19:42 +00:00 · 2026-05-09 13:19:42 +00:00 · 5abf0577a7
commit 5abf0577a7
parent f4170dd82e
17 changed files with 87 additions and 5 deletions
--- a/2
+++ b/2
@ -394,7 +394,7 @@ scan-build: clean
 .PHONY: codespell
 codespell:
 	@printf 'Running %s...\n' $@
-	@$(CODESPELL) --ignore-regex 'Manuel|UE|als|chage|creat|doas|ether|isplay|readby|[Ss]hotcut' \
+	@$(CODESPELL) --ignore-regex 'Manuel|Projets|UE|als|chage|creat|doas|ether|isplay|readby|[Ss]hotcut' \
 	  -S *.d,*.gz,*.o,*.so \
 	  -S COPYING,m4 \
 	  -S ./contrib/syscalls.sh \
--- a/contrib/syntax/lists/profile_macros.list
+++ b/contrib/syntax/lists/profile_macros.list
@ -6,5 +6,6 @@ HOME
 MUSIC
 PATH
 PICTURES
+PROJECTS
 RUNUSER
 VIDEOS
--- a/etc/inc/allow-common-devel.inc
+++ b/etc/inc/allow-common-devel.inc
@ -2,6 +2,9 @@
 # Persistent customizations should go in a .local file.
 include allow-common-devel.local

+# Default
+noblacklist ${PROJECTS}
+
 # Arduino
 noblacklist ${HOME}/.arduino15
 noblacklist ${HOME}/Arduino
--- a/etc/inc/disable-xdg.inc
+++ b/etc/inc/disable-xdg.inc
@ -5,6 +5,7 @@ include disable-xdg.local
 blacklist ${DOCUMENTS}
 blacklist ${MUSIC}
 blacklist ${PICTURES}
+blacklist ${PROJECTS}
 blacklist ${VIDEOS}

 # The following should be considered catch-all directories
--- a/etc/profile-a-l/build-systems-common.profile
+++ b/etc/profile-a-l/build-systems-common.profile
@ -28,7 +28,7 @@ include disable-shell.inc
 include disable-x11.inc
 include disable-xdg.inc

-#whitelist ${HOME}/Projects
+#whitelist ${PROJECTS}
 #include whitelist-common.inc

 whitelist /usr/share/pkgconfig
--- a/etc/profile-m-z/nodejs-common.profile
+++ b/etc/profile-m-z/nodejs-common.profile
@ -22,6 +22,7 @@ ignore read-only ${HOME}/.npmrc
 ignore read-only ${HOME}/.nvm
 ignore read-only ${HOME}/.yarnrc

+noblacklist ${PROJECTS}
 noblacklist ${HOME}/.cache/deno
 noblacklist ${HOME}/.deno
 noblacklist ${HOME}/.local/share/pnpm
@ -46,8 +47,8 @@ include disable-shell.inc
 include disable-x11.inc
 include disable-xdg.inc

-# If you want whitelisting, change ${HOME}/Projects below to your node projects directory
-# and add the next lines to your nodejs-common.local.
+# If you want whitelisting, change ${PROJECTS} below to your node projects
+# directory and add the next lines to your nodejs-common.local.
 #mkdir ${HOME}/.local/share/pnpm
 #mkdir ${HOME}/.node-gyp
 #mkdir ${HOME}/.npm
@ -58,6 +59,7 @@ include disable-xdg.inc
 #mkdir ${HOME}/.yarncache
 #mkfile ${HOME}/.npmrc
 #mkfile ${HOME}/.yarnrc
+#whitelist ${PROJECTS}
 #whitelist ${HOME}/.local/share/pnpm
 #whitelist ${HOME}/.node-gyp
 #whitelist ${HOME}/.npm
@ -68,7 +70,6 @@ include disable-xdg.inc
 #whitelist ${HOME}/.yarn-config
 #whitelist ${HOME}/.yarncache
 #whitelist ${HOME}/.yarnrc
-#whitelist ${HOME}/Projects
 #include whitelist-common.inc

 whitelist /usr/share/doc/node
--- a/etc/templates/profile.template
+++ b/etc/templates/profile.template
@ -45,6 +45,7 @@
 #  ${HOME} (user's home)
 #  ${PATH} (contents of PATH env var)
 #  ${PICTURES}
+#  ${PROJECTS}
 #  ${MUSIC}
 #  ${RUNUSER} (/run/user/UID)
 #  ${VIDEOS}
--- a/src/firejail/macros.c
+++ b/src/firejail/macros.c
@ -61,6 +61,12 @@ Macro macro[] = {
 		{"Pictures", "Изображения", "Images", "Immagini", "Imágenes", "Imagens", "Bilder"}
 	},

+	{
+		"${PROJECTS}",
+		"XDG_PROJECTS_DIR=\"$HOME/",
+		{"Projects", "Проекты", "Projets", "Progetti", "Proyectos", "Projectos", "Projekte"}
+	},
+
 	{
 		"${VIDEOS}",
 		"XDG_VIDEOS_DIR=\"$HOME/",
--- a/test/fs/fs.sh
+++ b/test/fs/fs.sh
@ -13,6 +13,7 @@ mkdir -p ~/Documents
 mkdir -p ~/Downloads
 mkdir -p ~/Music
 mkdir -p ~/Pictures
+mkdir -p ~/Projects
 mkdir -p ~/Videos

 echo "TESTING: tmpfs as regular user (test/fs/tmpfs.exp)"
@ -108,6 +109,7 @@ rm -f ~/Documents/_firejail_test_file
 rm -f ~/Downloads/_firejail_test_file
 rm -f ~/Music/_firejail_test_file
 rm -f ~/Pictures/_firejail_test_file
+rm -f ~/Projects/_firejail_test_file
 rm -f ~/Videos/_firejail_test_file

 mkdir -p ~/Desktop/_firejail_test_dir/a
@ -120,6 +122,8 @@ mkdir -p ~/Music/_firejail_test_dir/a
 mkdir -p ~/Music/_firejail_test_dir/b
 mkdir -p ~/Pictures/_firejail_test_dir/a
 mkdir -p ~/Pictures/_firejail_test_dir/b
+mkdir -p ~/Projects/_firejail_test_dir/a
+mkdir -p ~/Projects/_firejail_test_dir/b
 mkdir -p ~/Videos/_firejail_test_dir/a
 mkdir -p ~/Videos/_firejail_test_dir/b
 echo "TESTING: macro subpaths (test/fs/macro-subpath.exp)"
@ -129,6 +133,7 @@ rm -fr ~/Documents/_firejail_test_dir
 rm -fr ~/Downloads/_firejail_test_dir
 rm -fr ~/Music/_firejail_test_dir
 rm -fr ~/Pictures/_firejail_test_dir
+rm -fr ~/Projects/_firejail_test_dir
 rm -fr ~/Videos/_firejail_test_dir

 echo "TESTING: whitelist empty (test/fs/whitelist-empty.exp)"
--- a/test/fs/macro-blacklist.profile
+++ b/test/fs/macro-blacklist.profile
@ -3,4 +3,5 @@ blacklist ${DOCUMENTS}
 blacklist ${DOWNLOADS}
 blacklist ${MUSIC}
 blacklist ${PICTURES}
+blacklist ${PROJECTS}
 blacklist ${VIDEOS}
--- a/test/fs/macro-readonly.profile
+++ b/test/fs/macro-readonly.profile
@ -3,4 +3,5 @@ read-only ${DOCUMENTS}
 read-only ${DOWNLOADS}
 read-only ${MUSIC}
 read-only ${PICTURES}
+read-only ${PROJECTS}
 read-only ${VIDEOS}
--- a/test/fs/macro-subpath-blacklist.profile
+++ b/test/fs/macro-subpath-blacklist.profile
@ -3,4 +3,5 @@ blacklist ${DOCUMENTS}/_firejail_test_dir
 blacklist ${DOWNLOADS}/_firejail_test_dir
 blacklist ${MUSIC}/_firejail_test_dir
 blacklist ${PICTURES}/_firejail_test_dir
+blacklist ${PROJECTS}/_firejail_test_dir
 blacklist ${VIDEOS}/_firejail_test_dir
--- a/test/fs/macro-subpath-readonly.profile
+++ b/test/fs/macro-subpath-readonly.profile
@ -3,4 +3,5 @@ read-only ${DOCUMENTS}/_firejail_test_dir
 read-only ${DOWNLOADS}/_firejail_test_dir
 read-only ${MUSIC}/_firejail_test_dir
 read-only ${PICTURES}/_firejail_test_dir
+read-only ${PROJECTS}/_firejail_test_dir
 read-only ${VIDEOS}/_firejail_test_dir
--- a/test/fs/macro-subpath-whitelist.profile
+++ b/test/fs/macro-subpath-whitelist.profile
@ -3,4 +3,5 @@ whitelist ${DOCUMENTS}/_firejail_test_dir/a
 whitelist ${DOWNLOADS}/_firejail_test_dir/a
 whitelist ${MUSIC}/_firejail_test_dir/a
 whitelist ${PICTURES}/_firejail_test_dir/a
+whitelist ${PROJECTS}/_firejail_test_dir/a
 whitelist ${VIDEOS}/_firejail_test_dir/a
--- a/test/fs/macro-subpath.exp
+++ b/test/fs/macro-subpath.exp
@ -14,6 +14,7 @@ send -- "firejail --profile=./macro-subpath-whitelist.profile ls \
 	~/Downloads/_firejail_test_dir \
 	~/Music/_firejail_test_dir \
 	~/Pictures/_firejail_test_dir \
+	~/Projects/_firejail_test_dir \
 	~/Videos/_firejail_test_dir \
 \r"

@ -46,6 +47,11 @@ expect {
 	"Pictures/_firejail_test_dir/a" {}
 	"Pictures/_firejail_test_dir/b" {puts "TESTING ERROR 1.2 Pictures\n";exit}
 }
+expect {
+	timeout {puts "TESTING ERROR 1.1 Projects\n";exit}
+	"Projects/_firejail_test_dir/a" {}
+	"Projects/_firejail_test_dir/b" {puts "TESTING ERROR 1.2 Projects\n";exit}
+}
 expect {
 	timeout {puts "TESTING ERROR 1.1 Videos\n";exit}
 	"Videos/_firejail_test_dir/a" {}
@ -114,6 +120,18 @@ expect {
 }
 after 100

+send -- "firejail --profile=./macro-subpath-blacklist.profile ls ~/Projects/_firejail_test_dir; echo ret \$?\r"
+expect {
+	timeout {puts "TESTING ERROR 2 Projects\n";exit}
+	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+}
+expect {
+	timeout {puts "TESTING ERROR 2.1 Projects\n";exit}
+	"Permission denied" {}
+	-re {ret 0} {puts "TESTING ERROR 2.2 Projects\n";exit}
+}
+after 100
+
 send -- "firejail --profile=./macro-subpath-blacklist.profile ls ~/Videos/_firejail_test_dir; echo ret \$?\r"
 expect {
 	timeout {puts "TESTING ERROR 2 Videos\n";exit}
@ -187,6 +205,18 @@ expect {
 }
 after 100

+send -- "firejail --profile=./macro-subpath-readonly.profile touch ~/Projects/_firejail_test_dir/_firejail_test_file; echo ret \$?\r"
+expect {
+	timeout {puts "TESTING ERROR 3 Projects\n";exit}
+	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+}
+expect {
+	timeout {puts "TESTING ERROR 3.1 Projects\n";exit}
+	"Read-only file system" {}
+	-re {ret 0} {puts "TESTING ERROR 3.2 Projects\n";exit}
+}
+after 100
+
 send -- "firejail --profile=./macro-subpath-readonly.profile touch ~/Videos/_firejail_test_dir/_firejail_test_file; echo ret \$?\r"
 expect {
 	timeout {puts "TESTING ERROR 3 Videos\n";exit}
--- a/test/fs/macro-whitelist.profile
+++ b/test/fs/macro-whitelist.profile
@ -3,4 +3,5 @@ whitelist ${DOCUMENTS}
 whitelist ${DOWNLOADS}
 whitelist ${MUSIC}
 whitelist ${PICTURES}
+whitelist ${PROJECTS}
 whitelist ${VIDEOS}
--- a/test/fs/macro.exp
+++ b/test/fs/macro.exp
@ -33,6 +33,10 @@ expect {
 	timeout {puts "TESTING ERROR 1.1 Pictures\n";exit}
 	"Pictures"
 }
+expect {
+	timeout {puts "TESTING ERROR 1.1 Projects\n";exit}
+	"Projects"
+}
 expect {
 	timeout {puts "TESTING ERROR 1.1 Videos\n";exit}
 	"Videos"
@ -100,6 +104,18 @@ expect {
 }
 after 100

+send -- "firejail --profile=./macro-blacklist.profile ls ~/Projects; echo ret \$?\r"
+expect {
+	timeout {puts "TESTING ERROR 2 Projects\n";exit}
+	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+}
+expect {
+	timeout {puts "TESTING ERROR 2.1 Projects\n";exit}
+	"Permission denied" {}
+	-re {ret 0} {puts "TESTING ERROR 2.2 Projects\n";exit}
+}
+after 100
+
 send -- "firejail --profile=./macro-blacklist.profile ls ~/Videos; echo ret \$?\r"
 expect {
 	timeout {puts "TESTING ERROR 2 Videos\n";exit}
@ -173,6 +189,18 @@ expect {
 }
 after 100

+send -- "firejail --profile=./macro-readonly.profile touch ~/Projects/_firejail_test_file; echo ret \$?\r"
+expect {
+	timeout {puts "TESTING ERROR 3 Projects\n";exit}
+	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+}
+expect {
+	timeout {puts "TESTING ERROR 3.1 Projects\n";exit}
+	"Read-only file system" {}
+	-re {ret 0} {puts "TESTING ERROR 3.2 Projects\n";exit}
+}
+after 100
+
 send -- "firejail --profile=./macro-readonly.profile touch ~/Videos/_firejail_test_file; echo ret \$?\r"
 expect {
 	timeout {puts "TESTING ERROR 3 Videos\n";exit}