[GH-ISSUE #1773] rewrite browser profiles with redirections

gitea-mirror commented

2026-05-05 07:38:52 -06:00

Owner

Originally created by @smitsohu on GitHub (Feb 11, 2018).
Original GitHub issue: https://github.com/netblue30/firejail/issues/1773

We are shipping Firejail with a large number of browser profiles. Many of these browsers are just forks off Firefox and Chromium, with only minor deviations from the original codebase.

In order to ease maintenance, I would like to propose rewriting these profiles with redirections to something like firefox-common.inc and chromium-common.inc. The browser profiles themselves could keep their specific paths (and private-bin if necessary).

Should projects begin to deviate more strongly (like Moon browser does already), it is still always possible to switch to a dedicated profile.

Originally created by @smitsohu on GitHub (Feb 11, 2018). Original GitHub issue: https://github.com/netblue30/firejail/issues/1773 We are shipping Firejail with a large number of browser profiles. Many of these browsers are just forks off Firefox and Chromium, with only minor deviations from the original codebase. In order to ease maintenance, I would like to propose rewriting these profiles with redirections to something like firefox-common.inc and chromium-common.inc. The browser profiles themselves could keep their specific paths (and `private-bin` if necessary). Should projects begin to deviate more strongly (like Moon browser does already), it is still always possible to switch to a dedicated profile.

gitea-mirror

2026-05-05 07:38:52 -06:00

closed this issue
added the
enhancement
label

gitea-mirror commented

2026-05-05 07:38:58 -06:00

Author

Owner

@SkewedZeppelin commented on GitHub (Feb 11, 2018):

Here are all the browsers we have profiles for. If I missed any just edit it in.

Chromium Based

bnox
brave
chromium (chromium-browser)
dnox
flashpeak-slimjet
google-chrome (google-chrome-stable)
google-chrome-beta
google-chrome-unstable
inox
iridium (iridium-browser)
opera
opera-beta
vivaldi (vivaldi-beta, vivaldi-stable)
yandex-browser

Gecko Based

abrowser
cliqz
cyberfox (Cyberfox)
firefox (firefox-developer-edition, firefox-esr, firefox-nightly, iceweasel)
icecat
palemoon
torbrowser-launcher
waterfox

WekKit2Gtk

epiphany
surf
uzbl

QtWebEngine (cef?)

qupzilla
qutebrowser

Text Based

elinks
lynx

Unknown

dillo
netsurf

@SkewedZeppelin commented on GitHub (Feb 11, 2018): Here are all the browsers we have profiles for. If I missed any just edit it in. ## Chromium Based - bnox - brave - chromium (chromium-browser) - dnox - flashpeak-slimjet - google-chrome (google-chrome-stable) - google-chrome-beta - google-chrome-unstable - inox - iridium (iridium-browser) - opera - opera-beta - vivaldi (vivaldi-beta, vivaldi-stable) - yandex-browser ## Gecko Based - abrowser - cliqz - cyberfox (Cyberfox) - firefox (firefox-developer-edition, firefox-esr, firefox-nightly, iceweasel) - icecat - palemoon - torbrowser-launcher - waterfox ## WekKit2Gtk - epiphany - surf - uzbl ## QtWebEngine (cef?) - qupzilla - qutebrowser ## Text Based - elinks - lynx ## Unknown - dillo - netsurf

gitea-mirror commented

2026-05-05 07:38:59 -06:00

Author

Owner

@SkewedZeppelin commented on GitHub (Feb 11, 2018):

Of note there are 4 email clients that all include firefox.profile for whatever reason:
fossamail, geary, icedove, and thunderbird

@SkewedZeppelin commented on GitHub (Feb 11, 2018): Of note there are 4 email clients that all include firefox.profile for whatever reason: fossamail, geary, icedove, and thunderbird

gitea-mirror commented

2026-05-05 07:39:00 -06:00

Author

Owner

@SkewedZeppelin commented on GitHub (Feb 11, 2018):

Here I gave it a go and unified all of the Chromium-based profiles

30d0b5d179
Edit: Updated with brave added. Its probably safe to merge.

the Firefox ones might be more tedious, we should also evaluate whether or not we want to keep all of the paths that we currently do in Firefox

@SkewedZeppelin commented on GitHub (Feb 11, 2018): Here I gave it a go and unified all of the Chromium-based profiles https://github.com/SkewedZeppelin/firejail/commit/30d0b5d179992f752e38694052de953f8da970c9 Edit: Updated with brave added. Its probably safe to merge. the Firefox ones might be more tedious, we should also evaluate whether or not we want to keep all of the paths that we currently do in Firefox

gitea-mirror commented

2026-05-05 07:39:02 -06:00

Author

Owner

@Fred-Barclay commented on GitHub (Feb 11, 2018):

On the note about the email clients, I for one think we ought to not include firefox in their profiles. We already have to do some workarounds (like ignore private-tmp and commenting out machine-id in the thunderbird profile, all because we also include firefox's profile.)

I'll take a look at the firefox profiles and see if I can get something similar to @SkewedZeppelin

@Fred-Barclay commented on GitHub (Feb 11, 2018): On the note about the email clients, I for one think we ought to not include firefox in their profiles. We already have to do some workarounds (like `ignore private-tmp` and commenting out `machine-id` in the thunderbird profile, all because we also include firefox's profile.) I'll take a look at the firefox profiles and see if I can get something similar to @SkewedZeppelin

gitea-mirror commented

2026-05-05 07:39:02 -06:00

Author

Owner

@SkewedZeppelin commented on GitHub (Feb 11, 2018):

@Fred-Barclay I hope you didn't start yet, because I just finished.

Here are all Chromium and Firefox based browsers profiles unified df2f568041

I left out torbrowser for the increased security. We should also consider removing many of the paths in firefox-common.profile

@SkewedZeppelin commented on GitHub (Feb 11, 2018): @Fred-Barclay I hope you didn't start yet, because I just finished. Here are all Chromium and Firefox based browsers profiles unified https://github.com/SkewedZeppelin/firejail/commit/df2f568041fd926a217812523399b059bc888233 I left out torbrowser for the increased security. We should also consider removing many of the paths in firefox-common.profile

gitea-mirror commented

2026-05-05 07:39:03 -06:00

Author

Owner

@Fred-Barclay commented on GitHub (Feb 11, 2018):

@SkewedZeppelin no worries. 😁 Thanks!

Would removing all of the paths besides

${HOME}/.cache/mozilla/firefox
${HOME}/.mozilla
${HOME}/.pki
whitelist ${DOWNLOADS}

be too far?

@Fred-Barclay commented on GitHub (Feb 11, 2018): @SkewedZeppelin no worries. 😁 Thanks! Would removing all of the paths besides ``` ${HOME}/.cache/mozilla/firefox ${HOME}/.mozilla ${HOME}/.pki whitelist ${DOWNLOADS} ``` be too far?

gitea-mirror commented

2026-05-05 07:39:04 -06:00

Author

Owner

@SkewedZeppelin commented on GitHub (Feb 11, 2018):

So these? That'd be great, but I wonder how many people use addons/plugins that depend on them.

${HOME}/.cache/gnome-mplayer/plugin
${HOME}/.config/gnome-mplayer
${HOME}/.config/okularpartrc
${HOME}/.config/okularrc
${HOME}/.config/pipelight-silverlight5.1
${HOME}/.config/pipelight-widevine
${HOME}/.config/qpdfview
${HOME}/dwhelper
${HOME}/.kde4/share/apps/kget
${HOME}/.kde4/share/apps/okular
${HOME}/.kde4/share/config/kgetrc
${HOME}/.kde4/share/config/okularpartrc
${HOME}/.kde4/share/config/okularrc
${HOME}/.kde/share/apps/kget
${HOME}/.kde/share/apps/okular
${HOME}/.kde/share/config/kgetrc
${HOME}/.kde/share/config/okularpartrc
${HOME}/.kde/share/config/okularrc
${HOME}/.keysnail.js
${HOME}/.lastpass
${HOME}/.local/share/gnome-shell/extensions
${HOME}/.local/share/okular
${HOME}/.local/share/qpdfview
${HOME}/.pentadactyl
${HOME}/.pentadactylrc
${HOME}/.vimperator
${HOME}/.vimperatorrc
${HOME}/.wine-pipelight
${HOME}/.wine-pipelight64
${HOME}/.zotero

We could break them out into an includes and have it included by default, so advanced users wanting extra security can comment the line. Or the inverse or similar.

Like include /etc/firejail/firefox-common-addons.inc

Edit: See c4a640f05a

@SkewedZeppelin commented on GitHub (Feb 11, 2018): So these? That'd be great, but I wonder how many people use addons/plugins that depend on them. ``` ${HOME}/.cache/gnome-mplayer/plugin ${HOME}/.config/gnome-mplayer ${HOME}/.config/okularpartrc ${HOME}/.config/okularrc ${HOME}/.config/pipelight-silverlight5.1 ${HOME}/.config/pipelight-widevine ${HOME}/.config/qpdfview ${HOME}/dwhelper ${HOME}/.kde4/share/apps/kget ${HOME}/.kde4/share/apps/okular ${HOME}/.kde4/share/config/kgetrc ${HOME}/.kde4/share/config/okularpartrc ${HOME}/.kde4/share/config/okularrc ${HOME}/.kde/share/apps/kget ${HOME}/.kde/share/apps/okular ${HOME}/.kde/share/config/kgetrc ${HOME}/.kde/share/config/okularpartrc ${HOME}/.kde/share/config/okularrc ${HOME}/.keysnail.js ${HOME}/.lastpass ${HOME}/.local/share/gnome-shell/extensions ${HOME}/.local/share/okular ${HOME}/.local/share/qpdfview ${HOME}/.pentadactyl ${HOME}/.pentadactylrc ${HOME}/.vimperator ${HOME}/.vimperatorrc ${HOME}/.wine-pipelight ${HOME}/.wine-pipelight64 ${HOME}/.zotero ``` We could break them out into an includes and have it included by default, so advanced users wanting extra security can comment the line. Or the inverse or similar. Like `include /etc/firejail/firefox-common-addons.inc` Edit: See https://github.com/SkewedZeppelin/firejail/commit/c4a640f05acd675ee47452ab078dcc2abd229406

gitea-mirror commented

2026-05-05 07:39:05 -06:00

Author

Owner

@Fred-Barclay commented on GitHub (Feb 11, 2018):

Like include /etc/firejail/firefox-common-addons.inc

Let's do it!
EDIT: by "it" I would prefer commenting the include addons line out and just letting advanced users uncomment it if needed... but this might temporarily break more people's setups than we really ought.

Now that firefox is using webextensions (like Chrome, I believe), maybe we don't need all these paths anyways? The chrome profiles don't have 'em and I don't think we've had any real issues despite them not being there.

@Fred-Barclay commented on GitHub (Feb 11, 2018): > Like `include /etc/firejail/firefox-common-addons.inc` Let's do it! EDIT: by "it" I would prefer commenting the include addons line out and just letting advanced users uncomment it if needed... but this might temporarily break more people's setups than we really ought. Now that firefox is using webextensions (like Chrome, I believe), maybe we don't need all these paths anyways? The chrome profiles don't have 'em and I don't think we've had any real issues despite them not being there.

gitea-mirror commented

2026-05-05 07:39:06 -06:00

Author

Owner

@smitsohu commented on GitHub (Feb 12, 2018):

@Fred-Barclay Ahh, sorry, I had not seen your edit when I posted to the PR.

The chrome profiles don't have 'em and I don't think we've had any real issues despite them not being there.

Maybe external pdf readers were more popular in Firefox because the built-in reader used to be worse than Chromium's 😄

But in general I agree, you have a point there.

@smitsohu commented on GitHub (Feb 12, 2018): @Fred-Barclay Ahh, sorry, I had not seen your edit when I posted to the PR. > The chrome profiles don't have 'em and I don't think we've had any real issues despite them not being there. Maybe external pdf readers were more popular in Firefox because the built-in reader used to be worse than Chromium's :smile: But in general I agree, you have a point there.

gitea-mirror referenced this issue

2026-05-05 10:09:42 -06:00

[PR #1209] [MERGED] --quiet fixes #3883

Rows
Columns

[GH-ISSUE #1773] rewrite browser profiles with redirections #1203

Chromium Based

Gecko Based

WekKit2Gtk

QtWebEngine (cef?)

Text Based

Unknown