Default directories in Firefox 146 and earlier:
* ~/.cache/mozilla # cache files
* ~/.mozilla # config and data
In Firefox 147[1]:
* ~/.cache/mozilla # cache files
* ~/.config/mozilla # config and data
Note that the new location apparently contains the same files as in the
former location (including settings, bookmarks, extensions, etc).
That is, even though the new directory resides in `$XDG_CONFIG_HOME` /
~/.config, it is not solely used for program configuration as described
in the XDG Base Directory specification[2] and `$XDG_DATA_HOME` /
~/.local/share/mozilla is seemingly not used at all (see also the
discussion in the bug tracker[3]).
Commands used to search and replace:
$ perl -pi -e 's/(.* )(\${HOME}\/\.mozilla)(.*)/$1\${HOME}\/.config\/mozilla$3\n$1$2$3/' \
-- \
etc/inc/*.inc \
etc/profile*/*.profile \
Note: The entries in the following profiles were sorted manually:
* etc/inc/disable-common.inc
* etc/inc/disable-programs.inc
* etc/profile-a-l/keepassxc.profile
* etc/profile-a-l/krunner.profile
* etc/profile-m-z/seamonkey.profile
Relates to #7040.
[1] https://www.firefox.com/en-US/firefox/147.0/releasenotes/
[2] https://specifications.freedesktop.org/basedir/latest/
[3] https://bugzilla.mozilla.org/show_bug.cgi?id=259356
disable-common.inc has these lines:
blacklist ${PATH}/nc
blacklist ${PATH}/nc.openbsd
blacklist ${PATH}/nc.traditional
blacklist ${PATH}/ncat
With openbsd-netcat on Artix, `/usr/bin/nc.openbsd` is symlinked to
`/usr/bin/nc`:
$ pacman -Fl gnu-netcat openbsd-netcat | grep bin/nc
gnu-netcat usr/bin/nc
openbsd-netcat usr/bin/nc
openbsd-netcat usr/bin/nc.openbsd
$ realpath /usr/bin/nc.openbsd
/usr/bin/nc
So `noblacklist ${PATH}/nc` is not enough, as
`blacklist ${PATH}/nc.openbsd` will follow the symlink to `/usr/bin/nc`
and still blacklist it.
To prevent `/usr/bin/nc` from being blacklisted,
`noblacklist ${PATH}/nc.openbsd` is also needed in this case.
To ensure that netcat is allowed, always `noblacklist` all netcat paths.
Fixes#6911.
Put it together with the other `keep-` commands.
And move it to the allow section in libreoffice.profile.
Related commits:
* cc8b019b5 ("--keep-hostname part 1 (#7048)", 2026-02-03)
* fbc94070e ("adding keep-hostname to libreoffice.profile", 2026-02-11).
Relates to #7048.
- src/firejail/usage.c
- src/zsh_completion/_firejail.in
- Add entries for `--debug-syscall-groups`
- src/lib/syscall.c
- Complete string literals
- src/man/firejail.1.in
- Add an entry for `--debug-syscall-groups`
- Add `@memfd` and `@sandbox` syscall groups for the `--seccomp` option
This is the last part.
Keep the existing commit references and add missing PR references.
This amends commit 5dc63f1a0 ("RELNOTES update", 2026-01-22).
Relates to #6996#6999#7023#7029#7030.
Related commits:
* 825fb24ff ("place some syscalls with access to a clock, used for time
reading, theoretical resolution and sleep functions into
`@default-keep`", 2026-01-28) /
PR #7044
* f281d76f2 ("move other syscalls considered deprecated into
`@obsolete`", 2026-01-28) /
PR #7045
Command used to search and replace:
$ perl -i -pe 's/clokc_/clock_/g' src/lib/syscall.c
This option allows to list all seccomp groups and their syscalls defined for the architecture in use.
Usage examples:
`firejail --debug-syscall-groups`
`firejail --debug-syscall-groups=@chown,@mount,@swap`
`firejail --debug-syscall-groups=@all`
This is the first part.
This amends commit 5d78ff54a ("Removing time-reading syscalls from
@clock group. It stops several networked programs such as firefox, or
any other program that tries to access the time. For example: firejail
sleep 10", 2026-01-25).
The `--disable-man` test was added twice on commit 5c7c58f6e and only
one instance was removed on commit a655b7d1b.
Related commits:
* 5c7c58f6e ("rework make test-compile", 2026-01-20)
* a655b7d1b ("removed ./configure --disable-man option", 2026-01-21).
The second commit is a small amendment of the first commit:
* e256efe64 ("fix non-ASCII hypehens in manpages (#5903)", 2026-01-08)
* 0ddf56a31 ("docs: man: fix double backslash before hyphen",
2026-01-10)
Relates to #5903.
- Remove extra empty lines
- Definition of groups:
- Add the two new groups `@memfd` and `@sandbox`
- Add new syscalls
- Inheritance of groups:
- Redraw it in a clearer form of groups and subgroups
- Add the two new groups
- Sort `@mount` and `@obsolete` groups by alphabetical order
This is the last part.
