github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #3016] [feature request] Exclude certain programs with firecfg? #1890

New issue

Closed

opened 2026-05-05 08:33:24 -06:00 by gitea-mirror · 6 comments

gitea-mirror commented

2026-05-05 08:33:24 -06:00

Owner

Originally created by @rieje on GitHub (Oct 29, 2019).
Original GitHub issue: https://github.com/netblue30/firejail/issues/3016

Currently, I have firecfg called as a pacman hook when updating my system--useful for automatically using firejail with new programs. However, I'm currently debugging LibreOffice (finding it very difficult to have a decent experience with Firefox and the clipboard) and would like to exclude that from firecfg.

What's a good workaround? chattr +i doesn't work on symlinks.

Originally created by @rieje on GitHub (Oct 29, 2019). Original GitHub issue: https://github.com/netblue30/firejail/issues/3016 Currently, I have firecfg called as a pacman hook when updating my system--useful for automatically using firejail with new programs. However, I'm currently debugging LibreOffice (finding it very difficult to have a decent experience with Firefox and the clipboard) and would like to exclude that from firecfg. What's a good workaround? `chattr +i` doesn't work on symlinks.

gitea-mirror

2026-05-05 08:33:24 -06:00

closed this issue
added the
duplicate
label

gitea-mirror commented

2026-05-05 08:33:27 -06:00

Author

Owner

@ghost commented on GitHub (Oct 29, 2019):

Until a native feature is integrated to do what you want, I'd place a small wrapper script in /usr/local/bin/firecfg and disable/enable any applications before running the real deal firecfg. Call it with 'skip' to keep state. Point your pacman hook to this script and debug LibreOffice until you're done. Something like the below should work [untested]:

#!/bin/sh
#
# disable/enable applications from firecfg

### vars
_bin="/usr/bin/firecfg"
_conf="/usr/lib/firejail/firecfg.config"

### logic
# triage
case "$1" in
    disable)
	for _app in libreoffice lobase localc lodraw loffice lofromtemplate \
	    loimpress lomath loweb lowriter soffice; do
		sed -i -e "s/${_app}/#${_app}/" "$_conf"
	done
	;;
    enable)
	for _app in libreoffice lobase localc lodraw loffice lofromtemplate \
	    loimpress lomath loweb lowriter soffice; do
		sed -i -e "s/#${_app}/${_app}/" "$_conf"
	done
	;;
    skip)
	true
	;;
esac

# ensure firecfg gets the options it understands
shift

# run the real deal
${_bin} "$@"

@ghost commented on GitHub (Oct 29, 2019): Until a native feature is integrated to do what you want, I'd place a small wrapper script in _/usr/local/bin/firecfg_ and disable/enable any applications **before** running the real deal firecfg. Call it with 'skip' to keep state. Point your pacman hook to this script and debug LibreOffice until you're done. Something like the below should work [untested]: ``` #!/bin/sh # # disable/enable applications from firecfg ### vars _bin="/usr/bin/firecfg" _conf="/usr/lib/firejail/firecfg.config" ### logic # triage case "$1" in disable) for _app in libreoffice lobase localc lodraw loffice lofromtemplate \ loimpress lomath loweb lowriter soffice; do sed -i -e "s/${_app}/#${_app}/" "$_conf" done ;; enable) for _app in libreoffice lobase localc lodraw loffice lofromtemplate \ loimpress lomath loweb lowriter soffice; do sed -i -e "s/#${_app}/${_app}/" "$_conf" done ;; skip) true ;; esac # ensure firecfg gets the options it understands shift # run the real deal ${_bin} "$@" ```

gitea-mirror commented

2026-05-05 08:33:27 -06:00

Author

Owner

@rusty-snake commented on GitHub (Oct 29, 2019):

what about

firecfg
cd /usr/local/bin
rm libreoffice localc ...

@rusty-snake commented on GitHub (Oct 29, 2019): what about ```bash firecfg cd /usr/local/bin rm libreoffice localc ... ```

gitea-mirror commented

2026-05-05 08:33:28 -06:00

Author

Owner

@rusty-snake commented on GitHub (Oct 29, 2019):

Duplicate of #2097

@rusty-snake commented on GitHub (Oct 29, 2019): Duplicate of #2097

gitea-mirror commented

2026-05-05 08:33:29 -06:00

Author

Owner

@rusty-snake commented on GitHub (Oct 29, 2019):

and #2829. Looks like a realy wanted feature.

@rusty-snake commented on GitHub (Oct 29, 2019): and #2829. Looks like a realy wanted feature.

gitea-mirror commented

2026-05-05 08:33:29 -06:00

Author

Owner

@rusty-snake commented on GitHub (Oct 29, 2019):

The long time goal here would be file based (see discussions in #2829 and #2097), but a fast fix can be something like --ignore=PROGRAM.

@rusty-snake commented on GitHub (Oct 29, 2019): The long time goal here would be file based (see discussions in #2829 and #2097), but a fast fix can be something like `--ignore=PROGRAM`.

gitea-mirror commented

2026-05-05 08:33:30 -06:00

Author

Owner

@pizzadude commented on GitHub (Nov 2, 2019):

I have a script in /usr/local/bin/ called "unlinkfirejailapps" which does "unlink appname" in /usr/local/bin/ for the programs I don't want to use firejail with.

@pizzadude commented on GitHub (Nov 2, 2019): I have a script in /usr/local/bin/ called "unlinkfirejailapps" which does "unlink appname" in /usr/local/bin/ for the programs I don't want to use firejail with.

gitea-mirror referenced this issue

2026-05-05 10:14:00 -06:00

[PR #1890] [MERGED] fix bitblbee doubled-up private-dev option #4112

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#1890

No description provided.

Rows
Columns