Add the following directories from the xdg-user-dirs specification[1]:
* `XDG_PUBLICSHARE_DIR="$HOME/Public"`
* `XDG_TEMPLATES_DIR="$HOME/Templates"`
With this, all directories from the specification are supported as
macros.
See also /etc/xdg/user-dirs.defaults.
Relates to #7157#7163.
[1] https://www.freedesktop.org/wiki/Software/xdg-user-dirs/
The tests from this file are currently not even being executed in CI[1]:
TESTING: macro subpaths (test/fs/macro-subpath.exp)
./fs.sh: line 130: ./macro-subpath.exp: Permission denied
TESTING: whitelist empty (test/fs/whitelist-empty.exp)
This amends commit aff7cb630 ("feature: allow subpaths in xdg macros",
2026-04-21) / PR #7151.
Relates to #7147.
[1] https://github.com/netblue30/firejail/actions/runs/25602127293/job/75157737035
The whitelist test is currently broken[1]:
TESTING: macro subpaths (test/fs/macro-subpath.exp)
spawn /bin/bash
firejail --profile=./macro-subpath-whitelist.profile ls ~/Desktop/_firejail_test_dir [...]
[...]
/home/runner/Desktop/_firejail_test_dir:
a
[...]
Parent is shutting down, bye...
runner@runnervmrc6n4:~/work/firejail/firejail/test/fs$ TESTING ERROR 1.1 Desktop
This amends commit aff7cb630 ("feature: allow subpaths in xdg macros",
2026-04-21) / PR #7151.
Relates to #7147.
[1] https://github.com/netblue30/firejail/actions/runs/25638061680/job/75253423623
To make it easier to add new directories.
This is similar to commit 1511aab5f
("test/fs/disable-devnull-symlink.exp: simplify error messages",
2026-04-27).
Relates to #7147#7151.
Currently it is not possible to use XDG-related macros (such as
`${DOCUMENTS}`) with subpaths (such as `${DOCUMENTS}/foo`) and so
profiles just use `${HOME}` with a hardcoded path using the English
directory name and the subpath (such as `${HOME}/Documents/foo`).
Allow using subpaths after XDG macros, so that they automatically use
the auto-detected XDG path, just as when currently using the XDG macros
without subpaths.
Before:
${HOME}/Documents/foo
After:
${DOCUMENTS}/foo
This is a follow-up to #7147.
Closes#2359.
Relates to #4229.
The test is failing at multiple parts in CI due to timeouts.
From [1]:
runner@runnervmrc6n4:~/work/firejail/firejail/test/fs$
<=./macro-blacklist.profile ls ~/Videos; echo ret $?
Reading profile ./macro-blacklist.profile
firejail version 0.9.81
Parent pid 6385, child pid 6386
Base filesystem installed in 0.25 ms
firejail ls /home/runner/Videos
Child process initialized in 7.58 ms
ls: cannot open directory '/home/runner/Videos': Permission denied
Parent is shutting down, bye...
ret 2
runner@runnervmrc6n4:~/work/firejail/firejail/test/fs$
<le touch ~/Desktop/_firejail_test_file; echo ret $?
Reading profile ./macro-readonly.profile
firejail version 0.9.81
Parent pid 6390, child pid 6391
Base filesystem installed in 3.23 ms
TESTING ERROR 19
From [2]:
runner@runnervmrc6n4:~/work/firejail/firejail/test/fs$
<macro-blacklist.profile ls ~/Documents; echo ret $?
Reading profile ./macro-blacklist.profile
firejail version 0.9.81
Parent pid 6382, child pid 6383
Base filesystem installed in 0.26 ms
firejail ls /home/runner/Documents
Child process initialized in 7.84 ms
ls: cannot open directory '/home/runner/Documents': Permission denied
Parent is shutting down, bye...
ret 2
runner@runnervmrc6n4:~/work/firejail/firejail/test/fs$
<macro-blacklist.profile ls ~/Downloads; echo ret $?
Reading profile ./macro-blacklist.profile
firejail version 0.9.81
Parent pid 6387, child pid 6388
Base filesystem installed in 0.25 ms
firejail ls /home/runner/Downloads
TESTING ERROR 11
This amends commit 574885778 ("test/fs/macro.exp: reduce timeout and
sleep", 2026-04-24) / PR #7147.
[1] https://github.com/netblue30/firejail/actions/runs/25076422708/job/73470137137
[2] https://github.com/netblue30/firejail/actions/runs/25076422708/job/73522630528
Fail faster instead of waiting for the timeout.
See also commit a4e6495fd ("modif: do not follow symlinks to /dev/null
on disable (#7129)", 2026-04-17).
Use `_firejail_test_file` instead of `blablabla`, as the former is a
more common filename in tests and is what is actually removed in
test/fs/fs.sh.
Related commits:
* 2155203b3 ("xdg macro testing", 2018-08-07)
* 188d5f16d ("--profile=FILE rework (#6896)", 2026-01-05)
When trying to prevent a file or directory in the user home from being
written to, it is not uncommon to replace it with a symlink to
/dev/null.
If this path is also blacklisted (such as by disable-common.inc), the
symlink will be followed, resulting in /dev/null itself being
blacklisted, which can cause issues with (unrelated) programs that have
their output redirected to /dev/null (for example).
To avoid disabling /dev/null, when applying commands from
`disable_file()` (such as `blacklist` and `read-only`), if a file is a
symlink to /dev/null, avoid following the symlink and perform the
operation on the link itself instead.
Using these commands with "/dev/null" directly as the argument (that is,
without going through a symlink) should still work the same way.
It has been confirmed to work on Linux 3.8[1], so it should work on at
least 3.8 and later.
Closes#5803.
[1] https://github.com/netblue30/firejail/pull/7129#issuecomment-4233141574
Reported-by: @fgpietersz
Suggested-by: @Changaco
Tested-by: @Changaco
Tested-by: @Zopolis4
if strace runs in a terminal, it probes the background color to select
its color palette. this probing expects a reply, but due to expect
intercepting the io, the answer isn't sent back to strace, so it never
starts printing the expected output.
Changes:
* Keep hostname by default (same as using `--keep-hostname`)
* Add `--hostname-randomize` command to randomize the hostname
* Ignore `--keep-hostname` command and print a warning if it is used
Setting a different hostname inside of the sandbox may prevent X11
programs from authenticating to the X server and displaying windows at
all (see #7062).
To avoid breakage, keep the hostname as is by default and only set it to
a random value if a new `hostname-randomize` command is used.
This also avoids potentially surprising behavior, as the user might not
expect the hostname to be changed inside of the sandbox, considering
that usually the protections that are applied firejail involve
restricting access to resources (like file paths), rather than modifying
their values inside of the sandbox.
Fixes#7062
Relates to #7048#7069.
The `--disable-man` test was added twice on commit 5c7c58f6e and only
one instance was removed on commit a655b7d1b.
Related commits:
* 5c7c58f6e ("rework make test-compile", 2026-01-20)
* a655b7d1b ("removed ./configure --disable-man option", 2026-01-21).
Move them from the distclean target in the root Makefile.
Related commits:
* a1ff0c3fd ("testing", 2026-01-16)
* 2f6afc99d ("gcov testing", 2026-01-16)
