github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #36] Support for symlink to firejail binary #16

New issue

Closed

opened 2026-05-05 04:45:01 -06:00 by gitea-mirror · 2 comments

gitea-mirror commented

2026-05-05 04:45:01 -06:00

Owner

Originally created by @blueyed on GitHub (Aug 20, 2015).
Original GitHub issue: https://github.com/netblue30/firejail/issues/36

It would be useful to support symlinks to the firejail binary, which means that a symlink firefox to firejail would start firefox, instead of bash.

The idea comes from envoy.

This would allow you to add a symlink firefox to e.g. ~/bin, and it would automatically use firejail, if ~/bin is before /usr/bin in your PATH.

Originally created by @blueyed on GitHub (Aug 20, 2015). Original GitHub issue: https://github.com/netblue30/firejail/issues/36 It would be useful to support symlinks to the `firejail` binary, which means that a symlink `firefox` to `firejail` would start `firefox`, instead of `bash`. The idea comes from [envoy](https://github.com/vodik/envoy). This would allow you to add a symlink `firefox` to e.g. `~/bin`, and it would automatically use firejail, if `~/bin` is before `/usr/bin` in your PATH.

gitea-mirror

2026-05-05 04:45:01 -06:00

closed this issue
added the
information_old
label

gitea-mirror commented

2026-05-05 04:45:10 -06:00

Author

Owner

@ghost commented on GitHub (Aug 20, 2015):

This could work if it was restricted to a few known commands (like firefox or chrome) and then run them in --shell=none mode to handle command-line arguments the same as normal.

@ghost commented on GitHub (Aug 20, 2015): This could work if it was restricted to a few known commands (like `firefox` or `chrome`) and then run them in `--shell=none` mode to handle command-line arguments the same as normal.

gitea-mirror commented

2026-05-05 04:45:13 -06:00

Author

Owner

@netblue30 commented on GitHub (Aug 21, 2015):

That's a cool idea, thanks!

envoy people (https://github.com/vodik/envoy) are doing something very interesting in "Wrappers with envoy" section. It seems to me all we need is a simple bash script with the same name as the executable, and we put the bash script in the path before the original executable.

For example for transmission-gtk (bittorrent client), we add the script in /usr/local/bin directory:

$ cat /usr/local/bin/transmission-gtk 
#!/bin/bash
firejail /usr/bin/transmission-gtk

In the script we need the full path (/usr/bin/transmission-gtk), otherwise we'll end up calling ourselves in a loop forever. It works today, it is integrated by default with the file manager, desktop menus and icons. You click on a torrent file and it automatically opens the bittorent client in a sandbox.

@netblue30 commented on GitHub (Aug 21, 2015): That's a cool idea, thanks! envoy people (https://github.com/vodik/envoy) are doing something very interesting in "Wrappers with envoy" section. It seems to me all we need is a simple bash script with the same name as the executable, and we put the bash script in the path before the original executable. For example for transmission-gtk (bittorrent client), we add the script in /usr/local/bin directory: ``` $ cat /usr/local/bin/transmission-gtk #!/bin/bash firejail /usr/bin/transmission-gtk ``` In the script we need the full path (/usr/bin/transmission-gtk), otherwise we'll end up calling ourselves in a loop forever. It works today, it is integrated by default with the file manager, desktop menus and icons. You click on a torrent file and it automatically opens the bittorent client in a sandbox.

gitea-mirror referenced this issue

2026-05-05 10:02:38 -06:00

[PR #16] [MERGED] Block access to history files #3502

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#16

No description provided.

Rows
Columns