[GH-ISSUE #2411] How to allow kate to edit files in .config ?

gitea-mirror commented

2026-05-05 08:15:47 -06:00

Owner

Originally created by @Utini2000 on GitHub (Feb 17, 2019).
Original GitHub issue: https://github.com/netblue30/firejail/issues/2411

Hello everyone,

I can't figure out how to allow "kate" to edit files in /home/user/.config/ ?
I already allowed the folder itself but every file I open will be run as an empty "new file" in kate although it's an existing file with content.

Thanks in advance!

Originally created by @Utini2000 on GitHub (Feb 17, 2019). Original GitHub issue: https://github.com/netblue30/firejail/issues/2411 Hello everyone, I can't figure out how to allow "kate" to edit files in /home/user/.config/ ? I already allowed the folder itself but every file I open will be run as an empty "new file" in kate although it's an existing file with content. Thanks in advance!

gitea-mirror

2026-05-05 08:15:47 -06:00

closed this issue
added the
question_old
label

gitea-mirror commented

2026-05-05 08:15:50 -06:00

Author

Owner

@rusty-snake commented on GitHub (Feb 17, 2019):

You can run kate without firejail for something like that: /bin/kate or /usr/bin/kate depending on your distro.

or by noblacklisting everything in .config: firejail --noblacklist="${HOME}/.config/*" kate

@rusty-snake commented on GitHub (Feb 17, 2019): You can run kate without firejail for something like that: `/bin/kate` or `/usr/bin/kate` depending on your distro. or by `noblacklist`ing everything in .config: `firejail --noblacklist="${HOME}/.config/*" kate`

gitea-mirror commented

2026-05-05 08:15:51 -06:00

Author

Owner

@Utini2000 commented on GitHub (Feb 17, 2019):

Already did noblacklist everything but it still doesnt work :S

@Utini2000 commented on GitHub (Feb 17, 2019): Already did noblacklist everything but it still doesnt work :S

gitea-mirror commented

2026-05-05 08:15:52 -06:00

Author

Owner

@rusty-snake commented on GitHub (Feb 17, 2019):

@Utini2000 With or without the ${HOME}.

Don't work: firejail --noblacklist=".config/*" kate
Should work: firejail --noblacklist="${HOME}/.config/*" kate

@rusty-snake commented on GitHub (Feb 17, 2019): @Utini2000 With or without the `${HOME}`. Don't work: `firejail --noblacklist=".config/*" kate` Should work: `firejail --noblacklist="${HOME}/.config/*" kate`

gitea-mirror commented

2026-05-05 08:15:53 -06:00

Author

Owner

@Utini2000 commented on GitHub (Feb 17, 2019):

In my kate.local

noblacklist ${HOME}/.config/*

When I open some in .config it is just an empty file and kate says "New file".
When running kate with your command I get "permission denied" when opening e.g. ./config/firejail/

@Utini2000 commented on GitHub (Feb 17, 2019): In my kate.local noblacklist ${HOME}/.config/* When I open some in .config it is just an empty file and kate says "New file". When running kate with your command I get "permission denied" when opening e.g. ./config/firejail/

gitea-mirror commented

2026-05-05 08:15:54 -06:00

Author

Owner

@rusty-snake commented on GitHub (Feb 17, 2019):

Maybe .config/firejail is special.

@rusty-snake commented on GitHub (Feb 17, 2019): Maybe .config/firejail is special.

gitea-mirror commented

2026-05-05 08:15:55 -06:00

Author

Owner

@Utini2000 commented on GitHub (Feb 17, 2019):

Lol that is weird,

The folder for firejail,mpv,vlc in /.config/... wont work.
cantana for example does work.

@Utini2000 commented on GitHub (Feb 17, 2019): Lol that is weird, The folder for firejail,mpv,vlc in /.config/... wont work. cantana for example does work.

gitea-mirror commented

2026-05-05 08:15:56 -06:00

Author

Owner

@Vincent43 commented on GitHub (Feb 17, 2019):

.config/firejail will be always blacklisted in firejail. For others you have to disable include disable-common.inc, include disable-passwdmgr.inc and include disable-programs.inc in kate.profile.

@Vincent43 commented on GitHub (Feb 17, 2019): `.config/firejail ` will be always blacklisted in firejail. For others you have to disable `include disable-common.inc`, `include disable-passwdmgr.inc` and `include disable-programs.inc` in `kate.profile`.

gitea-mirror commented

2026-05-05 08:15:57 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (Feb 17, 2019):

@Utini2000 So I've actually run into this issue because I sandbox emacs (my editor of choice). My personal favorite solution has been to whitelist a specific directory (in my case, ~/.config/emacs/emacs_tmp) and write a wrapper script which hardlinks the file into that directory, opens emacs for editing the file, and deletes the hardlink when I close the file. It's definitely a kludgy solution, but has the advantage that I can, for example, even edit firejail profiles in emacs using this method even if emacs is jailed.

I'd also like to note that my emacs profile is a whitelist profile which only whitelists ${DOCUMENTS} and ${DOWNLOADS}, which means I need the script to edit any file outside of those directories (aka config files, scripts in ~/.local/bin, etc).

@chiraag-nataraj commented on GitHub (Feb 17, 2019): @Utini2000 So I've actually run into this issue because I sandbox `emacs` (my editor of choice). My personal favorite solution has been to whitelist a specific directory (in my case, `~/.config/emacs/emacs_tmp`) and write a wrapper script which hardlinks the file into that directory, opens `emacs` for editing the file, and deletes the hardlink when I close the file. It's definitely a kludgy solution, but has the advantage that I can, for example, even edit firejail profiles in `emacs` using this method _even if_ `emacs` is jailed. I'd also like to note that my `emacs` profile is a _whitelist_ profile which only whitelists `${DOCUMENTS}` and `${DOWNLOADS}`, which means I need the script to edit any file outside of those directories (aka config files, scripts in `~/.local/bin`, etc).

gitea-mirror commented

2026-05-05 08:15:57 -06:00

Author

Owner

@Utini2000 commented on GitHub (Feb 18, 2019):

Hmm but what is the logic behind disabling the whole .config folder for kate but not for other editors e.g. nano?

@Utini2000 commented on GitHub (Feb 18, 2019): Hmm but what is the logic behind disabling the whole .config folder for kate but not for other editors e.g. nano?

gitea-mirror commented

2026-05-05 08:15:58 -06:00

Author

Owner

@rusty-snake commented on GitHub (Feb 18, 2019):

@Utini2000 look here.

or with words: nano doesn't have a firejail profile.

@rusty-snake commented on GitHub (Feb 18, 2019): @Utini2000 look [here](https://github.com/netblue30/firejail/tree/master/etc/nano.profile). or with words: nano doesn't have a firejail profile.

gitea-mirror commented

2026-05-05 08:15:58 -06:00

Author

Owner

@Utini2000 commented on GitHub (Feb 18, 2019):

Link doesnt work.

But if nano doesn't have a profile, why does kate? :D

@Utini2000 commented on GitHub (Feb 18, 2019): Link doesnt work. But if nano doesn't have a profile, why does kate? :D

gitea-mirror commented

2026-05-05 08:15:59 -06:00

Author

Owner

@rusty-snake commented on GitHub (Feb 18, 2019):

@Utini2000 the broken link was intentional, otherwise you would find there the nano-profile there.

But if nano doesn't have a profile, why does kate?

Because someone has writte a profile for kate, but nobody for nano. ;)

@rusty-snake commented on GitHub (Feb 18, 2019): @Utini2000 the broken link was intentional, otherwise you would find there the nano-profile there. > But if nano doesn't have a profile, why does kate? Because someone has writte a profile for kate, but nobody for nano. ;)

gitea-mirror commented

2026-05-05 08:15:59 -06:00

Author

Owner

@Vincent43 commented on GitHub (Feb 18, 2019):

Some time ago I proposed relaxed config for app like kate or dolphin but the consensus was against this change: https://github.com/netblue30/firejail/pull/1806

@Vincent43 commented on GitHub (Feb 18, 2019): Some time ago I proposed relaxed config for app like kate or dolphin but the consensus was against this change: https://github.com/netblue30/firejail/pull/1806

gitea-mirror commented

2026-05-05 08:16:00 -06:00

Author

Owner

@Utini2000 commented on GitHub (Feb 18, 2019):

Its not just about beeing relaxed, its about beeing unmatching between apps of the same type.

Kate and nano are both very common text editors. One is handled so strict that is basically cripples th usage of the app while the other one isn't handlet by firejail at all.

@Utini2000 commented on GitHub (Feb 18, 2019): Its not just about beeing relaxed, its about beeing unmatching between apps of the same type. Kate and nano are both very common text editors. One is handled so strict that is basically cripples th usage of the app while the other one isn't handlet by firejail at all.

gitea-mirror commented

2026-05-05 08:16:00 -06:00

Author

Owner

@Vincent43 commented on GitHub (Feb 18, 2019):

We have dedicated issue for requesting new profiles. You can also create new profile yourself. Creating app profiles is a collaborative work, everyone can contribute to it. We add many new profiles in each release but you can't expect that we provide a profile for every app in universe.

@Vincent43 commented on GitHub (Feb 18, 2019): We have dedicated[ issue for requesting new profiles](https://github.com/netblue30/firejail/issues/1139). You can also create new profile yourself. Creating app profiles is a collaborative work, everyone can contribute to it. We add many new profiles in each release but you can't expect that we provide a profile for every app in universe.

gitea-mirror commented

2026-05-05 08:16:01 -06:00

Author

Owner

@ghost commented on GitHub (Feb 19, 2019):

just copy the kate.profile to home .config/firejail/ and comment the superfluous lines, the kate profile and some other are too restricted

@ghost commented on GitHub (Feb 19, 2019): just copy the kate.profile to home .config/firejail/ and comment the superfluous lines, the kate profile and some other are too restricted

gitea-mirror commented

2026-05-05 08:16:01 -06:00

Author

Owner

@Utini2000 commented on GitHub (Feb 19, 2019):

Oh so the .profile in .config/firejail overwrites the .profile in /etc/firejail?
And the .local simply adds stuff to the .profile of /etc/firejail?

Ye I guess I will do that and check every now and then if the kate/nano profiles were updated :)

I dont want to give them too much access,just enough to also edit config files in .config

@Utini2000 commented on GitHub (Feb 19, 2019): Oh so the .profile in .config/firejail overwrites the .profile in /etc/firejail? And the .local simply adds stuff to the .profile of /etc/firejail? Ye I guess I will do that and check every now and then if the kate/nano profiles were updated :) I dont want to give them too much access,just enough to also edit config files in .config

gitea-mirror commented

2026-05-05 08:16:01 -06:00

Author

Owner

@rusty-snake commented on GitHub (Feb 19, 2019):

@Utini2000 #2422

@rusty-snake commented on GitHub (Feb 19, 2019): @Utini2000 #2422

gitea-mirror commented

2026-05-05 08:16:02 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (May 20, 2019):

So we have a nano profile now and the original question has been aswered with several workarounds. I'm going to go ahead and close this, but @Utini2000, feel free to reopen if you have more questions.

@chiraag-nataraj commented on GitHub (May 20, 2019): So we have a nano profile now and the original question has been aswered with several workarounds. I'm going to go ahead and close this, but @Utini2000, feel free to reopen if you have more questions.

Rows
Columns

[GH-ISSUE #2411] How to allow kate to edit files in .config ? #1606