[GH-ISSUE #3191] How to configure applications to automatically go through firejail?

gitea-mirror commented

2026-05-05 08:39:33 -06:00

Owner

Originally created by @Joe23232 on GitHub (Jan 28, 2020).
Original GitHub issue: https://github.com/netblue30/firejail/issues/3191

I wanted to know how do I configure certain applications to go through firejail, even through the launcher, for example if on KDE, if I click on firefox, I want it to open through firejail, how do I configure this?

Originally created by @Joe23232 on GitHub (Jan 28, 2020). Original GitHub issue: https://github.com/netblue30/firejail/issues/3191 I wanted to know how do I configure certain applications to go through firejail, even through the launcher, for example if on KDE, if I click on `firefox`, I want it to open through firejail, how do I configure this?

gitea-mirror

2026-05-05 08:39:33 -06:00

closed this issue
added the
information_old
label

gitea-mirror commented

2026-05-05 08:39:37 -06:00

Author

Owner

@smitsohu commented on GitHub (Jan 28, 2020):

Create a symbolic link:
sudo ln -s /usr/bin/firejail /usr/local/bin/firefox

You may also want to take a look at man 1 firecfg

@smitsohu commented on GitHub (Jan 28, 2020): Create a symbolic link: `sudo ln -s /usr/bin/firejail /usr/local/bin/firefox` You may also want to take a look at `man 1 firecfg`

gitea-mirror commented

2026-05-05 08:39:38 -06:00

Author

Owner

@Joe23232 commented on GitHub (Jan 28, 2020):

Create a symbolic link:
sudo ln -s /usr/bin/firejail /usr/local/bin/firefox

How does it get firefox to run through firejail if I launched it through KDE? I just want to understand this better.

@Joe23232 commented on GitHub (Jan 28, 2020): > Create a symbolic link: > sudo ln -s /usr/bin/firejail /usr/local/bin/firefox How does it get firefox to run through firejail if I launched it through KDE? I just want to understand this better.

gitea-mirror commented

2026-05-05 08:39:39 -06:00

Author

Owner

@smitsohu commented on GitHub (Jan 28, 2020):

It works because on your system /usr/local/bin precedes /usr/bin in the PATH environment variable. This way, if you type firefox in bash or click an icon in the desktop manager of your choice, what is executed is not /usr/bin/firefox but /usr/local/bin/firefox -> /usr/bin/firejail. Then Firejail learns about the original command by looking at the command line parameters, or argv[0] more specifically. That's the magic!

@smitsohu commented on GitHub (Jan 28, 2020): It works because on your system `/usr/local/bin` precedes `/usr/bin` in the PATH environment variable. This way, if you type `firefox` in bash or click an icon in the desktop manager of your choice, what is executed is not /usr/bin/firefox but /usr/local/bin/firefox -> /usr/bin/firejail. Then Firejail learns about the original command by looking at the command line parameters, or argv[0] more specifically. That's the magic!

gitea-mirror commented

2026-05-05 08:39:40 -06:00

Author

Owner

@ghost commented on GitHub (Jan 28, 2020):

Programs implement default application associations in different ways. While command-line programs traditionally use environment variables, graphical applications - or GUI apps - tend to use the XDG MIME Applications specification. This is a common Linux standard (a convention) using .desktop files in /usr/share/applications to deliver the 'magic'. It also offers a per-user location to over-ride what is in that system-wide path: ~/.local/share/applications. These .desktop files contain instructions on how to execute a specific application.

If you take a look inside, you'll notice an 'Exec=blahblah' line, e.g. 'Exec=firefox %U', which in human-speak means "start Firefox by executing the command 'firefox', and append whatever text string follows" - a URL in this context. Easy peasy, let's hit it already - I hear you think. But wait, there's a problem to be solved first. What happens when there are several commands on the system called 'firefox'? Where exactly can we find all these, and decide which one to actually execute?

Machines can figure this all out and solve the problem by - you guessed it - relying on another (set of) standard convention(s). The relevant one in this context being PATH: a limited set of possible locations where executable files can be found. You can check what your OS has predefined by running the below in a terminal:

$ echo "$PATH"
/usr/local/sbin:/usr/local/bin:/usr/bin

Like hordes of hungry beasts, machines start scanning through this collection of predefined locations, eagerly looking for something to execute. No matter how fast (or slow) this happens, this process seems to follow the same 'internal logic': let's not waste too much resources here and always execute the command from whatever location we find first so we can move on and take a rest already.

Scanning stops, beasts happily tiptoe off to greener, shadier pastures and, whammo, a new thingie appears that looks like we can actually use it to surf that WWW everybody is on about! In the grand order of things, hopefully /usr/local/bin/firefox is found first, hence executed. By creating symbolic links under a location - /usr/local/bin - that precedes other usual suspects - /usr/bin - firejail is able to ensure that your application - firefox - will now be sandboxed. Ugh!

@ghost commented on GitHub (Jan 28, 2020): Programs implement default application associations in different ways. While command-line programs traditionally use environment variables, graphical applications - or GUI apps - tend to use the [XDG MIME Applications specification](https://wiki.archlinux.org/index.php/XDG_MIME_Applications). This is a common Linux standard (a convention) using _.desktop_ files in `/usr/share/applications` to deliver the 'magic'. It also offers a per-user location to over-ride what is in that system-wide path: `~/.local/share/applications`. These _.desktop_ files contain instructions on how to execute a specific application. If you take a look inside, you'll notice an 'Exec=blahblah' line, e.g. 'Exec=firefox %U', which in human-speak means "start Firefox by executing the command 'firefox', and append whatever text string follows" - a URL in this context. Easy peasy, let's hit it already - I hear you think. But wait, there's a problem to be solved first. What happens when there are several commands on the system called 'firefox'? Where exactly can we find all these, and decide which one to actually execute? Machines can figure this all out and solve the problem by - you guessed it - relying on another (set of) standard convention(s). The relevant one in this context being `PATH`: a limited set of possible locations where executable files can be found. You can check what your OS has predefined by running the below in a terminal: ``` $ echo "$PATH" /usr/local/sbin:/usr/local/bin:/usr/bin ``` Like hordes of hungry beasts, machines start scanning through this collection of predefined locations, eagerly looking for something to execute. No matter how fast (or slow) this happens, this process seems to follow the same 'internal logic': let's not waste too much resources here and always execute the command from whatever location we find **first** so we can move on and take a rest already. Scanning stops, beasts happily tiptoe off to greener, shadier pastures and, whammo, a new thingie appears that looks like we can actually use it to surf that WWW everybody is on about! In the grand order of things, hopefully `/usr/local/bin/firefox` is found first, hence executed. By creating symbolic links under a location - /usr/local/bin - that _precedes_ other usual suspects - /usr/bin - firejail is able to ensure that your application - firefox - will now be sandboxed. Ugh!

gitea-mirror commented

2026-05-05 08:39:41 -06:00

Author

Owner

@Joe23232 commented on GitHub (Jan 29, 2020):

It works because on your system /usr/local/bin precedes /usr/bin in the PATH environment variable. This way, if you type firefox in bash or click an icon in the desktop manager of your choice, what is executed is not /usr/bin/firefox but /usr/local/bin/firefox -> /usr/bin/firejail. Then Firejail learns about the original command by looking at the command line parameters, or argv[0] more specifically. That's the magic!

I see, so like since firejail knows that the link is named as firefox, therefore it will know to open up firefox, am I correct?

Through firetools I configured firefox to not have access to the Desktop's files and it does work fine when I launch firefox either by firejail or firetools. However after adding the symblink in the specified directory, when I launch firefox through KDE's start menu, I can still access the Desktop's files. Is there a way to fix this?

@Joe23232 commented on GitHub (Jan 29, 2020): > It works because on your system `/usr/local/bin` precedes `/usr/bin` in the PATH environment variable. This way, if you type `firefox` in bash or click an icon in the desktop manager of your choice, what is executed is not /usr/bin/firefox but /usr/local/bin/firefox -> /usr/bin/firejail. Then Firejail learns about the original command by looking at the command line parameters, or argv[0] more specifically. That's the magic! I see, so like since firejail knows that the link is named as `firefox`, therefore it will know to open up firefox, am I correct? Through firetools I configured firefox to not have access to the Desktop's files and it does work fine when I launch firefox either by firejail or firetools. However after adding the symblink in the specified directory, when I launch firefox through KDE's start menu, I can still access the Desktop's files. Is there a way to fix this?

gitea-mirror commented

2026-05-05 08:39:42 -06:00

Author

Owner

@ghost commented on GitHub (Jan 29, 2020):

I see, so like since firejail knows that the link is named as firefox, therefore it will know to open up firefox, am I correct?

Correct.

Through firetools I configured firefox to not have access to the Desktop's files and it does work fine when I launch firefox either by firejail or firetools. However after adding the symblink in the specified directory, when I launch firefox through KDE's start menu, I can still access the Desktop's files. Is there a way to fix this?

It might be a conflict between firetools and firecfg if you previously also tried that, not 100% sure. I'd recommend sticking to one of the GUI tools to avoid clashes. Just try using your favorite GUI tool to undo all changes you've made so far and start afresh. That can also be achieved thru a file manager or in a terminal (so CLI). Be careful not to remove something from ~/.local/share/applications that you put there yourself (and isn't related to firejail). Making a quick local backup of that path is always a good idea. It will enable you to experiment with firejail and related GUI tools without having to worry about making unrecoverable changes to your system. Please contact us here again if fixing this doesn't work as expected.

@ghost commented on GitHub (Jan 29, 2020): > I see, so like since firejail knows that the link is named as firefox, therefore it will know to open up firefox, am I correct? Correct. > Through firetools I configured firefox to not have access to the Desktop's files and it does work fine when I launch firefox either by firejail or firetools. However after adding the symblink in the specified directory, when I launch firefox through KDE's start menu, I can still access the Desktop's files. Is there a way to fix this? It might be a conflict between firetools and firecfg if you previously also tried that, not 100% sure. I'd recommend sticking to one of the GUI tools to avoid clashes. Just try using your favorite GUI tool to undo all changes you've made so far and start afresh. That can also be achieved thru a file manager or in a terminal (so CLI). Be careful not to remove something from ~/.local/share/applications that you put there yourself (and isn't related to firejail). Making a quick local backup of that path is always a good idea. It will enable you to experiment with firejail and related GUI tools without having to worry about making unrecoverable changes to your system. Please contact us here again if fixing this doesn't work as expected.

gitea-mirror commented

2026-05-05 08:39:43 -06:00

Author

Owner

@Joe23232 commented on GitHub (Jan 30, 2020):

@glitsj16

It might be a conflict between firetools and firecfg if you previously also tried that, not 100% sure.

I haven't used firecfg. I only used firetools to change firefox's permission.

I'd recommend sticking to one of the GUI tools to avoid clashes.

Is there something alternative to firetools?

Just try using your favorite GUI tool to undo all changes you've made so far and start afresh. That can also be achieved thru a file manager or in a terminal (so CLI). Be careful not to remove something from ~/.local/share/applications that you put there yourself (and isn't related to firejail).

What am I supposed to remove though to start fresh?

@Joe23232 commented on GitHub (Jan 30, 2020): @glitsj16 > It might be a conflict between firetools and firecfg if you previously also tried that, not 100% sure. I haven't used firecfg. I only used firetools to change firefox's permission. > I'd recommend sticking to one of the GUI tools to avoid clashes. Is there something alternative to firetools? > Just try using your favorite GUI tool to undo all changes you've made so far and start afresh. That can also be achieved thru a file manager or in a terminal (so CLI). Be careful not to remove something from ~/.local/share/applications that you put there yourself (and isn't related to firejail). What am I supposed to remove though to start fresh?

gitea-mirror commented

2026-05-05 08:39:44 -06:00

Author

Owner

@ghost commented on GitHub (Jan 30, 2020):

I haven't used firecfg. I only used firetools to change firefox's permission.

In that case the problem with firefox must be something else. If you could post details here about your firejail and firetools version, files created by firetools in ~/.config/firejail/ to customize firefox and the content of ~/.local/share/applications/firefox.desktop we can determine what is going wrong. Let's not remove anything yet. We can tackle that later.

@ghost commented on GitHub (Jan 30, 2020): > I haven't used firecfg. I only used firetools to change firefox's permission. In that case the problem with firefox must be something else. If you could post details here about your firejail and firetools version, files created by firetools in ~/.config/firejail/ to customize firefox and the content of ~/.local/share/applications/firefox.desktop we can determine what is going wrong. Let's not remove anything yet. We can tackle that later.

gitea-mirror commented

2026-05-05 08:39:45 -06:00

Author

Owner

@Joe23232 commented on GitHub (Jan 30, 2020):

Hmm strange, surprisingly when I typed cd ~/.config/firejail/ and then typed ls the firejail file does not even exist, but there is a firejail-uirc, do you want me to post contents in that file instead?

Also in ~/.local/share/ there is no applications directory. I am using Arch Linux (EndeavourOS) so is the directory structure different or something?

@Joe23232 commented on GitHub (Jan 30, 2020): Hmm strange, surprisingly when I typed `cd ~/.config/firejail/` and then typed `ls` the `firejail` file does not even exist, but there is a `firejail-uirc`, do you want me to post contents in that file instead? Also in `~/.local/share/` there is no `applications` directory. I am using Arch Linux (EndeavourOS) so is the directory structure different or something?

gitea-mirror commented

2026-05-05 08:39:45 -06:00

Author

Owner

@ghost commented on GitHub (Jan 30, 2020):

Ah, yes do post that firejail-uirc file, I've not used firetools before so that would be interesting to see. While your at it, also post output of

$ ls -lA /usr/local/bin

Also in ~/.local/share/ there is no applications directory. I am using Arch Linux (EndeavourOS) so is the directory structure different or something?

No I think it simple means firetools isn't using that directory to locally override /usr/share/applications.

@ghost commented on GitHub (Jan 30, 2020): Ah, yes do post that `firejail-uirc` file, I've not used firetools before so that would be interesting to see. While your at it, also post output of `$ ls -lA /usr/local/bin` > Also in ~/.local/share/ there is no applications directory. I am using Arch Linux (EndeavourOS) so is the directory structure different or something? No I think it simple means firetools isn't using that directory to locally override /usr/share/applications.

gitea-mirror commented

2026-05-05 08:39:46 -06:00

Author

Owner

@Joe23232 commented on GitHub (Jan 30, 2020):

@glitsj16 Under the firejail-uirc file.

[KFileDialog Settings]
detailViewIconSize=0

After executing ls -lA /usr/local/bin I get this.

lrwxrwxrwx 1 root root 17 Jan 29 13:25 firefox -> /usr/bin/firejail

No I think it simple means firetools isn't using that directory to locally override /usr/share/applications.

Oh I see.

So is there something I can do to fix this problem that I am having?

@Joe23232 commented on GitHub (Jan 30, 2020): @glitsj16 Under the `firejail-uirc` file. ``` [KFileDialog Settings] detailViewIconSize=0 ``` After executing `ls -lA /usr/local/bin` I get this. ``` lrwxrwxrwx 1 root root 17 Jan 29 13:25 firefox -> /usr/bin/firejail ``` > No I think it simple means firetools isn't using that directory to locally override /usr/share/applications. Oh I see. So is there something I can do to fix this problem that I am having?

gitea-mirror commented

2026-05-05 08:39:47 -06:00

Author

Owner

@ghost commented on GitHub (Jan 30, 2020):

Did some more research on firetools. Apparently it uses ~/.config/firetools to store files. So you should have a firefox related file under that dir that you can post here.

@ghost commented on GitHub (Jan 30, 2020): Did some more research on firetools. Apparently it uses `~/.config/firetools` to store files. So you should have a firefox related file under that dir that you can post here.

gitea-mirror commented

2026-05-05 08:39:47 -06:00

Author

Owner

@Joe23232 commented on GitHub (Jan 30, 2020):

Ok so under ~/.config/firetools I have this file fstats.config and when I output the file's content I get this.

x 650
y 650

So what does this mean?

@Joe23232 commented on GitHub (Jan 30, 2020): Ok so under `~/.config/firetools` I have this file `fstats.config` and when I output the file's content I get this. ``` x 650 y 650 ``` So what does this mean?

gitea-mirror commented

2026-05-05 08:39:48 -06:00

Author

Owner

@ghost commented on GitHub (Jan 30, 2020):

Looks like window size dimensions. Nothing profile related at least. Is that the only file in that dir?

@ghost commented on GitHub (Jan 30, 2020): Looks like window size dimensions. Nothing profile related at least. Is that the only file in that dir?

gitea-mirror commented

2026-05-05 08:39:48 -06:00

Author

Owner

@Joe23232 commented on GitHub (Jan 30, 2020):

Ok so I typed ls -la and here is the output.

total 12
drwxr-xr-x  2 test test 4096 Jan 29 16:03 .
drwx------ 16 test test 4096 Jan 30 22:29 ..
-rw-r--r--  1 test test   12 Jan 30 16:38 fstats.config

Why does it say total 12 what does that mean?

@Joe23232 commented on GitHub (Jan 30, 2020): Ok so I typed `ls -la` and here is the output. ``` total 12 drwxr-xr-x 2 test test 4096 Jan 29 16:03 . drwx------ 16 test test 4096 Jan 30 22:29 .. -rw-r--r-- 1 test test 12 Jan 30 16:38 fstats.config ``` Why does it say `total 12` what does that mean?

gitea-mirror commented

2026-05-05 08:39:48 -06:00

Author

Owner

@ghost commented on GitHub (Jan 30, 2020):

That's directory information. In the manual page of the 'ls' command (man ls) you can find detailed explanations. But again, nothing helpful to fix your issue. Let me suggest something. For now, close the firetools GUI and disable it from autostarting. We will temporarily use the firecfg command to create the necessary files and I'll explain how you can get the same settings for firefox to not show specific files you want to keep out of the sandbox in a minute. Using firecfg will ensure your applications are getting sandboxed, no matter how/which desktop environment you decide to use. It's the firejail native tool to do so. Up for it?

@ghost commented on GitHub (Jan 30, 2020): That's directory information. In the manual page of the 'ls' command (man ls) you can find detailed explanations. But again, nothing helpful to fix your issue. Let me suggest something. For now, close the firetools GUI and disable it from autostarting. We will temporarily use the firecfg command to create the necessary files and I'll explain how you can get the same settings for firefox to not show specific files you want to keep out of the sandbox in a minute. Using firecfg will ensure your applications are getting sandboxed, no matter how/which desktop environment you decide to use. It's the firejail native tool to do so. Up for it?

gitea-mirror commented

2026-05-05 08:39:49 -06:00

Author

Owner

@Joe23232 commented on GitHub (Jan 30, 2020):

Let me suggest something. For now, close the firetools GUI and disable it from autostarting.

How do I disable it from autostarting?

We will temporarily use the firecfg command to create the necessary files and I'll explain how you can get the same settings for firefox to not show specific files you want to keep out of the sandbox in a minute. Using firecfg will ensure your applications are getting sandboxed, no matter how/which desktop environment you decide to use. It's the firejail native tool to do so. Up for it?

Thanks mate I am up for it. I will just run firecfg, is that what you want me to do right now?

Should I remove firefox from /usr/local/bin?

@Joe23232 commented on GitHub (Jan 30, 2020): > Let me suggest something. For now, close the firetools GUI and disable it from autostarting. How do I disable it from autostarting? > We will temporarily use the firecfg command to create the necessary files and I'll explain how you can get the same settings for firefox to not show specific files you want to keep out of the sandbox in a minute. Using firecfg will ensure your applications are getting sandboxed, no matter how/which desktop environment you decide to use. It's the firejail native tool to do so. Up for it? Thanks mate I am up for it. I will just run `firecfg`, is that what you want me to do right now? Should I remove `firefox` from `/usr/local/bin`?

gitea-mirror commented

2026-05-05 08:39:49 -06:00

Author

Owner

@ghost commented on GitHub (Jan 30, 2020):

To disable firetools from autostarting when you boot your machine you should have 2 options. Either find a setting in the GUI itself to do so. Or open ~/.config/autostart/firetools.desktop and show the content here.

@ghost commented on GitHub (Jan 30, 2020): To disable firetools from autostarting when you boot your machine you should have 2 options. Either find a setting in the GUI itself to do so. Or open ~/.config/autostart/firetools.desktop and show the content here.

gitea-mirror commented

2026-05-05 08:39:50 -06:00

Author

Owner

@Joe23232 commented on GitHub (Jan 30, 2020):

This file doesn't appear to exist ~/.config/autostart/firetools.desktop

Should I remove firefox from /usr/local/bin?

@Joe23232 commented on GitHub (Jan 30, 2020): This file doesn't appear to exist `~/.config/autostart/firetools.desktop` Should I remove `firefox` from `/usr/local/bin`?

gitea-mirror commented

2026-05-05 08:39:50 -06:00

Author

Owner

@ghost commented on GitHub (Jan 30, 2020):

OK. Proceed with running the commands below.
Start by cleaning firejail symlinks first, that will take care of firefox symlink as well as any others you might have.

$ sudo firecfg --clean

Next, set up symlinks and desktop files

$ sudo firecfg

@ghost commented on GitHub (Jan 30, 2020): OK. Proceed with running the commands below. Start by cleaning firejail symlinks first, that will take care of firefox symlink as well as any others you might have. $ sudo firecfg --clean Next, set up symlinks and desktop files $ sudo firecfg

gitea-mirror commented

2026-05-05 08:39:51 -06:00

Author

Owner

@Joe23232 commented on GitHub (Jan 30, 2020):

Ok done that, now what do I do now?

@Joe23232 commented on GitHub (Jan 30, 2020): Ok done that, now what do I do now?

gitea-mirror commented

2026-05-05 08:39:51 -06:00

Author

Owner

@ghost commented on GitHub (Jan 30, 2020):

$ firecfg --list

@ghost commented on GitHub (Jan 30, 2020): $ firecfg --list

gitea-mirror commented

2026-05-05 08:39:51 -06:00

Author

Owner

@Joe23232 commented on GitHub (Jan 30, 2020):

Removing all firejail symlinks:

Configuring symlinks in /usr/local/bin based on firecfg.config
   ark created
   baloo_file created
   baloo_filemetadata_temp_extractor created
   brave created
   conplay created
   display created
   dnsmasq created
   dolphin created
   enchant-2 created
   enchant-lsmod-2 created
   ffmpeg created
   ffmpegthumbnailer created
   ffplay created
   ffprobe created
   firefox created
   gwenview created
   img2txt created
   kate created
   kwrite created
   less created
   mpg123 created
   mpg123-id3dump created
   mpg123-strip created
   mplayer created
   okular created
   out123 created
   patch created
   pavucontrol created
   pdftotext created
   qt-faststart created
   secret-tool created
   ssh created
   strings created
   wget created
   whois created
   wine created

Adding user test to Firejail access database in /etc/firejail/firejail.users
Creating /etc/firejail/firejail.users

Loading AppArmor profile
Cache read/write disabled: interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.)
Warning: unable to find a suitable fs in /proc/mounts, is it mounted?
Use --subdomainfs to override.

Fixing desktop files in /home/test/.local/share/applications
   firefox.desktop created

This is the output I got when I ran sudo firecfg There appears to be an error

@Joe23232 commented on GitHub (Jan 30, 2020): ``` Removing all firejail symlinks: Configuring symlinks in /usr/local/bin based on firecfg.config ark created baloo_file created baloo_filemetadata_temp_extractor created brave created conplay created display created dnsmasq created dolphin created enchant-2 created enchant-lsmod-2 created ffmpeg created ffmpegthumbnailer created ffplay created ffprobe created firefox created gwenview created img2txt created kate created kwrite created less created mpg123 created mpg123-id3dump created mpg123-strip created mplayer created okular created out123 created patch created pavucontrol created pdftotext created qt-faststart created secret-tool created ssh created strings created wget created whois created wine created Adding user test to Firejail access database in /etc/firejail/firejail.users Creating /etc/firejail/firejail.users Loading AppArmor profile Cache read/write disabled: interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.) Warning: unable to find a suitable fs in /proc/mounts, is it mounted? Use --subdomainfs to override. Fixing desktop files in /home/test/.local/share/applications firefox.desktop created ``` This is the output I got when I ran `sudo firecfg` There appears to be an error

gitea-mirror commented

2026-05-05 08:39:52 -06:00

Author

Owner

@ghost commented on GitHub (Jan 30, 2020):

The error you see is AppArmor related. What kernel is your EndeavourOS using? Type 'uname -r' to find out.

@ghost commented on GitHub (Jan 30, 2020): The error you see is AppArmor related. What kernel is your EndeavourOS using? Type 'uname -r' to find out.

gitea-mirror commented

2026-05-05 08:39:52 -06:00

Author

Owner

@Joe23232 commented on GitHub (Jan 30, 2020):

Does firejail use apparmor?

This is the output I get after running uname -r
5.4.15-arch1-1

@Joe23232 commented on GitHub (Jan 30, 2020): Does firejail use apparmor? This is the output I get after running `uname -r` `5.4.15-arch1-1`

gitea-mirror commented

2026-05-05 08:39:52 -06:00

Author

Owner

@ghost commented on GitHub (Jan 30, 2020):

OK, the stock arch linux kernel, which is fine.
$ firejail --version

@ghost commented on GitHub (Jan 30, 2020): OK, the stock arch linux kernel, which is fine. $ firejail --version

gitea-mirror commented

2026-05-05 08:39:53 -06:00

Author

Owner

@Joe23232 commented on GitHub (Jan 30, 2020):

I ran it

firejail version 0.9.62

Compile time support:
        - AppArmor support is enabled
        - AppImage support is enabled
        - chroot support is enabled
        - file and directory whitelisting support is enabled
        - file transfer support is enabled
        - firetunnel support is enabled
        - networking support is enabled
        - overlayfs support is enabled
        - private-home support is enabled
        - seccomp-bpf support is enabled
        - user namespace support is enabled
        - X11 sandboxing support is enabled

@Joe23232 commented on GitHub (Jan 30, 2020): I ran it ``` firejail version 0.9.62 Compile time support: - AppArmor support is enabled - AppImage support is enabled - chroot support is enabled - file and directory whitelisting support is enabled - file transfer support is enabled - firetunnel support is enabled - networking support is enabled - overlayfs support is enabled - private-home support is enabled - seccomp-bpf support is enabled - user namespace support is enabled - X11 sandboxing support is enabled ```

gitea-mirror commented

2026-05-05 08:39:53 -06:00

Author

Owner

@ghost commented on GitHub (Jan 30, 2020):

To test if AppArmor has been correctly enabled:

$ aa-enabled

@ghost commented on GitHub (Jan 30, 2020): To test if AppArmor has been correctly enabled: $ aa-enabled

gitea-mirror commented

2026-05-05 08:39:54 -06:00

Author

Owner

@Joe23232 commented on GitHub (Jan 30, 2020):

After running it No - disabled at boot.

@Joe23232 commented on GitHub (Jan 30, 2020): After running it `No - disabled at boot.`

gitea-mirror commented

2026-05-05 08:39:54 -06:00

Author

Owner

@ghost commented on GitHub (Jan 30, 2020):

OK, that's something you will need to fix later. Follow the Arch wiki page instructions at https://wiki.archlinux.org/index.php/AppArmor. But don't do that just yet. It needs a reboot and to avoid several reboots we are going to test your firefox first. Close all running instances of the browser and start a new one:

$ firejail --ignore=quiet firefox

And check if you see directories/files in the 'Open File' dialog that you would like to hide in the sandbox like you mentioned earlier.

@ghost commented on GitHub (Jan 30, 2020): OK, that's something you will need to fix later. Follow the Arch wiki page instructions at https://wiki.archlinux.org/index.php/AppArmor. But don't do that just yet. It needs a reboot and to avoid several reboots we are going to test your firefox first. Close all running instances of the browser and start a new one: $ firejail --ignore=quiet firefox And check if you see directories/files in the 'Open File' dialog that you would like to hide in the sandbox like you mentioned earlier.

gitea-mirror commented

2026-05-05 08:39:55 -06:00

Author

Owner

@ghost commented on GitHub (Jan 30, 2020):

Take your time. As we seem to be in a chat-like communication right now, we'll get things sorted shortly. Just ask and/or describe anything that looks weird when you use your Firefox as usual. I'm on babysit backup this afternoon, but it looks as if I can stay online here to guide you thru this. I'll let you know if that changes.

@ghost commented on GitHub (Jan 30, 2020): Take your time. As we seem to be in a chat-like communication right now, we'll get things sorted shortly. Just ask and/or describe anything that looks weird when you use your Firefox as usual. I'm on babysit backup this afternoon, but it looks as if I can stay online here to guide you thru this. I'll let you know if that changes.

gitea-mirror commented

2026-05-05 08:39:55 -06:00

Author

Owner

@Joe23232 commented on GitHub (Jan 30, 2020):

OK, that's something you will need to fix later. Follow the Arch wiki page instructions at https://wiki.archlinux.org/index.php/AppArmor. But don't do that just yet.

Thanks for the link I will try it out later as you said.

Unfortunately I had to do a force shutdown as my system became completely laggy and unsable when running firefox via the specified command.

$ firejail --ignore=quiet firefox
And check if you see directories/files in the 'Open File' dialog that you would like to hide in the sandbox like you mentioned earlier.

Ok so after running firejail --ignore=quiet firefox again, and it appears that I can't access the Desktop files.

Take your time. As we seem to be in a chat-like communication right now, we'll get things sorted shortly. Just ask and/or describe anything that looks weird when you use your Firefox as usual. I'm on babysit backup this afternoon, but it looks as if I can stay online here to guide you thru this. I'll let you know if that changes.

Oh I see mate, sorry for taking so long to respond as mentioned earlier my system just screwed up on me. By the way I am using a virtualbox as I just want to test things out before I put all this on my real machine.

@Joe23232 commented on GitHub (Jan 30, 2020): > OK, that's something you will need to fix later. Follow the Arch wiki page instructions at https://wiki.archlinux.org/index.php/AppArmor. But don't do that just yet. Thanks for the link I will try it out later as you said. Unfortunately I had to do a force shutdown as my system became completely laggy and unsable when running firefox via the specified command. > $ firejail --ignore=quiet firefox And check if you see directories/files in the 'Open File' dialog that you would like to hide in the sandbox like you mentioned earlier. Ok so after running `firejail --ignore=quiet firefox` again, and it appears that I can't access the `Desktop` files. > Take your time. As we seem to be in a chat-like communication right now, we'll get things sorted shortly. Just ask and/or describe anything that looks weird when you use your Firefox as usual. I'm on babysit backup this afternoon, but it looks as if I can stay online here to guide you thru this. I'll let you know if that changes. Oh I see mate, sorry for taking so long to respond as mentioned earlier my system just screwed up on me. By the way I am using a virtualbox as I just want to test things out before I put all this on my real machine.

gitea-mirror commented

2026-05-05 08:39:56 -06:00

Author

Owner

@ghost commented on GitHub (Jan 30, 2020):

Oh I see mate, sorry for taking so long to respond as mentioned earlier my system just screwed up on me. By the way I am using a virtualbox as I just want to test things out before I put all this on my real machine.

No problem. That's a wise thing to do actually!

So, after shutting down firefox again, try to test your (KDE) menus, desktop icons and other ways you have on your system to start Firefox to see if they all work properly and firejailed. The latter you can always check via

$ firejail --tree

You should see a firefox entree in the list. If you do you're allright.

@ghost commented on GitHub (Jan 30, 2020): > Oh I see mate, sorry for taking so long to respond as mentioned earlier my system just screwed up on me. By the way I am using a virtualbox as I just want to test things out before I put all this on my real machine. No problem. That's a wise thing to do actually! So, after shutting down firefox again, try to test your (KDE) menus, desktop icons and other ways you have on your system to start Firefox to see if they all work properly and firejailed. The latter you can always check via $ firejail --tree You should see a firefox entree in the list. If you do you're allright.

gitea-mirror commented

2026-05-05 08:39:56 -06:00

Author

Owner

@Joe23232 commented on GitHub (Jan 30, 2020):

No problem. That's a wise thing to do actually!

A few days back for some weird reason KDE completely screwed up and showed absolutely nothing after running firecfg and after when I logged out. I am not too sure if it was because of firecfg or it was to do with how I was messing around with the themes. So I had to reinstall EndeavourOS.

So, after shutting down firefox again, try to test your (KDE) menus, desktop icons and other ways you have on your system to start Firefox to see if they all work properly and firejailed.

I closed firefox and I opened it via the start menu on KDE and surprisingly I can't access any files on the Desktop.

The latter you can always check via
$ firejail --tree
You should see a firefox entree in the list. If you do you're allright.

I did that but i don't see any firefox entry. Here is the output.

1185:test::/usr/bin/firejail /usr/bin/baloo_file 
  1204:test::/usr/bin/firejail /usr/bin/baloo_file 
    1228:test::/usr/bin/baloo_file

Strange is there something wrong with how it is being sandboxed?

@Joe23232 commented on GitHub (Jan 30, 2020): > No problem. That's a wise thing to do actually! A few days back for some weird reason KDE completely screwed up and showed absolutely nothing after running `firecfg` and after when I logged out. I am not too sure if it was because of `firecfg` or it was to do with how I was messing around with the themes. So I had to reinstall EndeavourOS. > So, after shutting down firefox again, try to test your (KDE) menus, desktop icons and other ways you have on your system to start Firefox to see if they all work properly and firejailed. I closed firefox and I opened it via the start menu on KDE and surprisingly I can't access any files on the Desktop. > The latter you can always check via $ firejail --tree You should see a firefox entree in the list. If you do you're allright. I did that but i don't see any firefox entry. Here is the output. ``` 1185:test::/usr/bin/firejail /usr/bin/baloo_file 1204:test::/usr/bin/firejail /usr/bin/baloo_file 1228:test::/usr/bin/baloo_file ``` Strange is there something wrong with how it is being sandboxed?

gitea-mirror commented

2026-05-05 08:39:56 -06:00

Author

Owner

@ghost commented on GitHub (Jan 30, 2020):

Let's see what happened. After running the previous 'sudo firecfg' command, it reported creating /home/test/.local/share/applications/firefox.desktop (see your output posted above). Can you post the content of that file?

@ghost commented on GitHub (Jan 30, 2020): Let's see what happened. After running the previous 'sudo firecfg' command, it reported creating /home/test/.local/share/applications/firefox.desktop (see your output posted above). Can you post the content of that file?

gitea-mirror commented

2026-05-05 08:39:57 -06:00

Author

Owner

@Joe23232 commented on GitHub (Jan 30, 2020):

et's see what happened. After running the previous 'sudo firecfg' command, it reported creating /home/test/.local/share/applications/firefox.desktop (see your output posted above).

Oh I see

Can you post the content of that file?

Yeah sure mate

# converted by firecfg
[Desktop Entry]
Version=1.0
Name=Firefox
GenericName=Web Browser
GenericName[ar]=متصفح ويب
GenericName[ast]=Restolador Web
GenericName[bn]=ওয়েব ব্রাউজার
GenericName[ca]=Navegador web
GenericName[cs]=Webový prohlížeč
GenericName[da]=Webbrowser
GenericName[de]=Webbrowser
GenericName[el]=Περιηγητής διαδικτύου
GenericName[es]=Navegador web
GenericName[et]=Veebibrauser
GenericName[fa]=مرورگر اینترنتی
GenericName[fi]=WWW-selain
GenericName[fr]=Navigateur Web
GenericName[gl]=Navegador Web
GenericName[he]=דפדפן אינטרנט
GenericName[hr]=Web preglednik
GenericName[hu]=Webböngésző
GenericName[it]=Browser web
GenericName[ja]=ウェブ・ブラウザ
GenericName[ko]=웹 브라우저
GenericName[ku]=Geroka torê
GenericName[lt]=Interneto naršyklė
GenericName[nb]=Nettleser
GenericName[nl]=Webbrowser
GenericName[nn]=Nettlesar
GenericName[no]=Nettleser
GenericName[pl]=Przeglądarka WWW
GenericName[pt]=Navegador Web
GenericName[pt_BR]=Navegador Web
GenericName[ro]=Navigator Internet
GenericName[ru]=Веб-браузер
GenericName[sk]=Internetový prehliadač
GenericName[sl]=Spletni brskalnik
GenericName[sv]=Webbläsare
GenericName[tr]=Web Tarayıcı
GenericName[ug]=توركۆرگۈ
GenericName[uk]=Веб-браузер
GenericName[vi]=Trình duyệt Web
GenericName[zh_CN]=网络浏览器
GenericName[zh_TW]=網路瀏覽器
Comment=Browse the World Wide Web
Comment[ar]=تصفح الشبكة العنكبوتية العالمية
Comment[ast]=Restola pela Rede
Comment[bn]=ইন্টারনেট ব্রাউজ করুন
Comment[ca]=Navegueu per el web
Comment[cs]=Prohlížení stránek World Wide Webu
Comment[da]=Surf på internettet
Comment[de]=Im Internet surfen
Comment[el]=Μπορείτε να περιηγηθείτε στο διαδίκτυο (Web)
Comment[es]=Navegue por la web
Comment[et]=Lehitse veebi
Comment[fa]=صفحات شبکه جهانی اینترنت را مرور نمایید
Comment[fi]=Selaa Internetin WWW-sivuja
Comment[fr]=Naviguer sur le Web
Comment[gl]=Navegar pola rede
Comment[he]=גלישה ברחבי האינטרנט
Comment[hr]=Pretražite web
Comment[hu]=A világháló böngészése
Comment[it]=Esplora il web
Comment[ja]=ウェブを閲覧します
Comment[ko]=웹을 돌아 다닙니다
Comment[ku]=Li torê bigere
Comment[lt]=Naršykite internete
Comment[nb]=Surf på nettet
Comment[nl]=Verken het internet
Comment[nn]=Surf på nettet
Comment[no]=Surf på nettet
Comment[pl]=Przeglądanie stron WWW
Comment[pt]=Navegue na Internet
Comment[pt_BR]=Navegue na Internet
Comment[ro]=Navigați pe Internet
Comment[ru]=Доступ в Интернет
Comment[sk]=Prehliadanie internetu
Comment[sl]=Brskajte po spletu
Comment[sv]=Surfa på webben
Comment[tr]=İnternet'te Gezinin
Comment[ug]=دۇنيادىكى توربەتلەرنى كۆرگىلى بولىدۇ
Comment[uk]=Перегляд сторінок Інтернету
Comment[vi]=Để duyệt các trang web
Comment[zh_CN]=浏览互联网
Comment[zh_TW]=瀏覽網際網路
Keywords=Internet;WWW;Browser;Web;Explorer
Keywords[ar]=انترنت;إنترنت;متصفح;ويب;وب
Keywords[ast]=Internet;WWW;Restolador;Web;Esplorador
Keywords[ca]=Internet;WWW;Navegador;Web;Explorador;Explorer
Keywords[cs]=Internet;WWW;Prohlížeč;Web;Explorer
Keywords[da]=Internet;Internettet;WWW;Browser;Browse;Web;Surf;Nettet
Keywords[de]=Internet;WWW;Browser;Web;Explorer;Webseite;Site;surfen;online;browsen
Keywords[el]=Internet;WWW;Browser;Web;Explorer;Διαδίκτυο;Περιηγητής;Firefox;Φιρεφοχ;Ιντερνετ
Keywords[es]=Explorador;Internet;WWW
Keywords[fi]=Internet;WWW;Browser;Web;Explorer;selain;Internet-selain;internetselain;verkkoselain;netti;surffaa
Keywords[fr]=Internet;WWW;Browser;Web;Explorer;Fureteur;Surfer;Navigateur
Keywords[he]=דפדפן;אינטרנט;רשת;אתרים;אתר;פיירפוקס;מוזילה;
Keywords[hr]=Internet;WWW;preglednik;Web
Keywords[hu]=Internet;WWW;Böngésző;Web;Háló;Net;Explorer
Keywords[it]=Internet;WWW;Browser;Web;Navigatore
Keywords[is]=Internet;WWW;Vafri;Vefur;Netvafri;Flakk
Keywords[ja]=Internet;WWW;Web;インターネット;ブラウザ;ウェブ;エクスプローラ
Keywords[nb]=Internett;WWW;Nettleser;Explorer;Web;Browser;Nettside
Keywords[nl]=Internet;WWW;Browser;Web;Explorer;Verkenner;Website;Surfen;Online
Keywords[pt]=Internet;WWW;Browser;Web;Explorador;Navegador
Keywords[pt_BR]=Internet;WWW;Browser;Web;Explorador;Navegador
Keywords[ru]=Internet;WWW;Browser;Web;Explorer;интернет;браузер;веб;файрфокс;огнелис
Keywords[sk]=Internet;WWW;Prehliadač;Web;Explorer
Keywords[sl]=Internet;WWW;Browser;Web;Explorer;Brskalnik;Splet
Keywords[tr]=İnternet;WWW;Tarayıcı;Web;Gezgin;Web sitesi;Site;sörf;çevrimiçi;tara
Keywords[uk]=Internet;WWW;Browser;Web;Explorer;Інтернет;мережа;переглядач;оглядач;браузер;веб;файрфокс;вогнелис;перегляд
Keywords[vi]=Internet;WWW;Browser;Web;Explorer;Trình duyệt;Trang web
Keywords[zh_CN]=Internet;WWW;Browser;Web;Explorer;网页;浏览;上网;火狐;Firefox;ff;互联网;网站;
Keywords[zh_TW]=Internet;WWW;Browser;Web;Explorer;網際網路;網路;瀏覽器;上網;網頁;火狐
Exec=firefox %u
Icon=firefox
Terminal=false
X-MultipleArgs=false
Type=Application
MimeType=text/html;text/xml;application/xhtml+xml;x-scheme-handler/http;x-scheme-handler/https;application/x-xpinstall;
StartupNotify=true
StartupWMClass=firefox
Categories=Network;WebBrowser;
Actions=new-window;new-private-window;

[Desktop Action new-window]
Name=New Window
Name[ach]=Dirica manyen
Name[af]=Nuwe venster
Name[an]=Nueva finestra
Name[ar]=نافذة جديدة
Name[as]=নতুন উইন্ডো
Name[ast]=Ventana nueva
Name[az]=Yeni Pəncərə
Name[be]=Новае акно
Name[bg]=Нов прозорец
Name[bn_BD]=নতুন উইন্ডো (N)
Name[bn_IN]=নতুন উইন্ডো
Name[br]=Prenestr nevez
Name[brx]=गोदान उइन्ड'(N)
Name[bs]=Novi prozor
Name[ca]=Finestra nova
Name[cak]=K'ak'a' tzuwäch
Name[cs]=Nové okno
Name[cy]=Ffenestr Newydd
Name[da]=Nyt vindue
Name[de]=Neues Fenster
Name[dsb]=Nowe wokno
Name[el]=Νέο παράθυρο
Name[en_GB]=New Window
Name[en_US]=New Window
Name[en_ZA]=New Window
Name[eo]=Nova fenestro
Name[es_AR]=Nueva ventana
Name[es_CL]=Nueva ventana
Name[es_ES]=Nueva ventana
Name[es_MX]=Nueva ventana
Name[et]=Uus aken
Name[eu]=Leiho berria
Name[fa]=پنجره جدید
Name[ff]=Henorde Hesere
Name[fi]=Uusi ikkuna
Name[fr]=Nouvelle fenêtre
Name[fy_NL]=Nij finster
Name[ga_IE]=Fuinneog Nua
Name[gd]=Uinneag ùr
Name[gl]=Nova xanela
Name[gn]=Ovetã pyahu
Name[gu_IN]=નવી વિન્ડો
Name[he]=חלון חדש
Name[hi_IN]=नया विंडो
Name[hr]=Novi prozor
Name[hsb]=Nowe wokno
Name[hu]=Új ablak
Name[hy_AM]=Նոր Պատուհան
Name[id]=Jendela Baru
Name[is]=Nýr gluggi
Name[it]=Nuova finestra
Name[ja]=新しいウィンドウ
Name[ja_JP-mac]=新規ウインドウ
Name[ka]=ახალი ფანჯარა
Name[kk]=Жаңа терезе
Name[km]=បង្អួចថ្មី
Name[kn]=ಹೊಸ ಕಿಟಕಿ
Name[ko]=새 창
Name[kok]=नवें जनेल
Name[ks]=نئئ وِنڈو
Name[lij]=Neuvo barcon
Name[lo]=ຫນ້າຕ່າງໃຫມ່
Name[lt]=Naujas langas
Name[ltg]=Jauns lūgs
Name[lv]=Jauns logs
Name[mai]=नव विंडो
Name[mk]=Нов прозорец
Name[ml]=പുതിയ ജാലകം
Name[mr]=नवीन पटल
Name[ms]=Tetingkap Baru
Name[my]=ဝင်းဒိုးအသစ်
Name[nb_NO]=Nytt vindu
Name[ne_NP]=नयाँ सञ्झ्याल
Name[nl]=Nieuw venster
Name[nn_NO]=Nytt vindauge
Name[or]=ନୂତନ ୱିଣ୍ଡୋ
Name[pa_IN]=ਨਵੀਂ ਵਿੰਡੋ
Name[pl]=Nowe okno
Name[pt_BR]=Nova janela
Name[pt_PT]=Nova janela
Name[rm]=Nova fanestra
Name[ro]=Fereastră nouă
Name[ru]=Новое окно
Name[sat]=नावा विंडो (N)
Name[si]=නව කවුළුවක්
Name[sk]=Nové okno
Name[sl]=Novo okno
Name[son]=Zanfun taaga
Name[sq]=Dritare e Re
Name[sr]=Нови прозор
Name[sv_SE]=Nytt fönster
Name[ta]=புதிய சாளரம்
Name[te]=కొత్త విండో
Name[th]=หน้าต่างใหม่
Name[tr]=Yeni pencere
Name[tsz]=Eraatarakua jimpani
Name[uk]=Нове вікно
Name[ur]=نیا دریچہ
Name[uz]=Yangi oyna
Name[vi]=Cửa sổ mới
Name[wo]=Palanteer bu bees
Name[xh]=Ifestile entsha
Name[zh_CN]=新建窗口
Name[zh_TW]=開新視窗
Exec=firefox --new-window %u

[Desktop Action new-private-window]
Name=New Private Window
Name[ach]=Dirica manyen me mung
Name[af]=Nuwe privaatvenster
Name[an]=Nueva finestra privada
Name[ar]=نافذة خاصة جديدة
Name[as]=নতুন ব্যক্তিগত উইন্ডো
Name[ast]=Ventana privada nueva
Name[az]=Yeni Məxfi Pəncərə
Name[be]=Новае акно адасаблення
Name[bg]=Нов прозорец за поверително сърфиране
Name[bn_BD]=নতুন ব্যক্তিগত উইন্ডো
Name[bn_IN]=নতুন ব্যক্তিগত উইন্ডো
Name[br]=Prenestr merdeiñ prevez nevez
Name[brx]=गोदान प्राइभेट उइन्ड'
Name[bs]=Novi privatni prozor
Name[ca]=Finestra privada nova
Name[cak]=K'ak'a' ichinan tzuwäch
Name[cs]=Nové anonymní okno
Name[cy]=Ffenestr Breifat Newydd
Name[da]=Nyt privat vindue
Name[de]=Neues privates Fenster
Name[dsb]=Nowe priwatne wokno
Name[el]=Νέο παράθυρο ιδιωτικής περιήγησης
Name[en_GB]=New Private Window
Name[en_US]=New Private Window
Name[en_ZA]=New Private Window
Name[eo]=Nova privata fenestro
Name[es_AR]=Nueva ventana privada
Name[es_CL]=Nueva ventana privada
Name[es_ES]=Nueva ventana privada
Name[es_MX]=Nueva ventana privada
Name[et]=Uus privaatne aken
Name[eu]=Leiho pribatu berria
Name[fa]=پنجره ناشناس جدید
Name[ff]=Henorde Suturo Hesere
Name[fi]=Uusi yksityinen ikkuna
Name[fr]=Nouvelle fenêtre de navigation privée
Name[fy_NL]=Nij priveefinster
Name[ga_IE]=Fuinneog Nua Phríobháideach
Name[gd]=Uinneag phrìobhaideach ùr
Name[gl]=Nova xanela privada
Name[gn]=Ovetã ñemi pyahu
Name[gu_IN]=નવી ખાનગી વિન્ડો
Name[he]=חלון פרטי חדש
Name[hi_IN]=नयी निजी विंडो
Name[hr]=Novi privatni prozor
Name[hsb]=Nowe priwatne wokno
Name[hu]=Új privát ablak
Name[hy_AM]=Սկսել Գաղտնի դիտարկում
Name[id]=Jendela Mode Pribadi Baru
Name[is]=Nýr huliðsgluggi
Name[it]=Nuova finestra anonima
Name[ja]=新しいプライベートウィンドウ
Name[ja_JP-mac]=新規プライベートウインドウ
Name[ka]=ახალი პირადი ფანჯარა
Name[kk]=Жаңа жекелік терезе
Name[km]=បង្អួចឯកជនថ្មី
Name[kn]=ಹೊಸ ಖಾಸಗಿ ಕಿಟಕಿ
Name[ko]=새 사생활 보호 모드
Name[kok]=नवो खाजगी विंडो
Name[ks]=نْو پرایوٹ وینڈو
Name[lij]=Nêuvo barcón privòu
Name[lo]=ເປີດຫນ້າຕ່າງສວນຕົວຂື້ນມາໃຫມ່
Name[lt]=Naujas privataus naršymo langas
Name[ltg]=Jauns privatais lūgs
Name[lv]=Jauns privātais logs
Name[mai]=नया निज विंडो (W)
Name[mk]=Нов приватен прозорец
Name[ml]=പുതിയ സ്വകാര്യ ജാലകം
Name[mr]=नवीन वैयक्तिक पटल
Name[ms]=Tetingkap Persendirian Baharu
Name[my]=New Private Window
Name[nb_NO]=Nytt privat vindu
Name[ne_NP]=नयाँ निजी सञ्झ्याल
Name[nl]=Nieuw privévenster
Name[nn_NO]=Nytt privat vindauge
Name[or]=ନୂତନ ବ୍ୟକ୍ତିଗତ ୱିଣ୍ଡୋ
Name[pa_IN]=ਨਵੀਂ ਪ੍ਰਾਈਵੇਟ ਵਿੰਡੋ
Name[pl]=Nowe okno prywatne
Name[pt_BR]=Nova janela privativa
Name[pt_PT]=Nova janela privada
Name[rm]=Nova fanestra privata
Name[ro]=Fereastră privată nouă
Name[ru]=Новое приватное окно
Name[sat]=नावा निजेराक् विंडो (W )
Name[si]=නව පුද්ගලික කවුළුව (W)
Name[sk]=Nové okno v režime Súkromné prehliadanie
Name[sl]=Novo zasebno okno
Name[son]=Sutura zanfun taaga
Name[sq]=Dritare e Re Private
Name[sr]=Нови приватан прозор
Name[sv_SE]=Nytt privat fönster
Name[ta]=புதிய தனிப்பட்ட சாளரம்
Name[te]=కొత్త ఆంతరంగిక విండో
Name[th]=หน้าต่างส่วนตัวใหม่
Name[tr]=Yeni gizli pencere
Name[tsz]=Juchiiti eraatarakua jimpani
Name[uk]=Приватне вікно
Name[ur]=نیا نجی دریچہ
Name[uz]=Yangi maxfiy oyna
Name[vi]=Cửa sổ riêng tư mới
Name[wo]=Panlanteeru biir bu bees
Name[xh]=Ifestile yangasese entsha
Name[zh_CN]=新建隐私浏览窗口
Name[zh_TW]=新增隱私視窗
Exec=firefox --private-window %u

@Joe23232 commented on GitHub (Jan 30, 2020): > et's see what happened. After running the previous 'sudo firecfg' command, it reported creating /home/test/.local/share/applications/firefox.desktop (see your output posted above). Oh I see > Can you post the content of that file? Yeah sure mate ``` # converted by firecfg [Desktop Entry] Version=1.0 Name=Firefox GenericName=Web Browser GenericName[ar]=متصفح ويب GenericName[ast]=Restolador Web GenericName[bn]=ওয়েব ব্রাউজার GenericName[ca]=Navegador web GenericName[cs]=Webový prohlížeč GenericName[da]=Webbrowser GenericName[de]=Webbrowser GenericName[el]=Περιηγητής διαδικτύου GenericName[es]=Navegador web GenericName[et]=Veebibrauser GenericName[fa]=مرورگر اینترنتی GenericName[fi]=WWW-selain GenericName[fr]=Navigateur Web GenericName[gl]=Navegador Web GenericName[he]=דפדפן אינטרנט GenericName[hr]=Web preglednik GenericName[hu]=Webböngésző GenericName[it]=Browser web GenericName[ja]=ウェブ・ブラウザ GenericName[ko]=웹 브라우저 GenericName[ku]=Geroka torê GenericName[lt]=Interneto naršyklė GenericName[nb]=Nettleser GenericName[nl]=Webbrowser GenericName[nn]=Nettlesar GenericName[no]=Nettleser GenericName[pl]=Przeglądarka WWW GenericName[pt]=Navegador Web GenericName[pt_BR]=Navegador Web GenericName[ro]=Navigator Internet GenericName[ru]=Веб-браузер GenericName[sk]=Internetový prehliadač GenericName[sl]=Spletni brskalnik GenericName[sv]=Webbläsare GenericName[tr]=Web Tarayıcı GenericName[ug]=توركۆرگۈ GenericName[uk]=Веб-браузер GenericName[vi]=Trình duyệt Web GenericName[zh_CN]=网络浏览器 GenericName[zh_TW]=網路瀏覽器 Comment=Browse the World Wide Web Comment[ar]=تصفح الشبكة العنكبوتية العالمية Comment[ast]=Restola pela Rede Comment[bn]=ইন্টারনেট ব্রাউজ করুন Comment[ca]=Navegueu per el web Comment[cs]=Prohlížení stránek World Wide Webu Comment[da]=Surf på internettet Comment[de]=Im Internet surfen Comment[el]=Μπορείτε να περιηγηθείτε στο διαδίκτυο (Web) Comment[es]=Navegue por la web Comment[et]=Lehitse veebi Comment[fa]=صفحات شبکه جهانی اینترنت را مرور نمایید Comment[fi]=Selaa Internetin WWW-sivuja Comment[fr]=Naviguer sur le Web Comment[gl]=Navegar pola rede Comment[he]=גלישה ברחבי האינטרנט Comment[hr]=Pretražite web Comment[hu]=A világháló böngészése Comment[it]=Esplora il web Comment[ja]=ウェブを閲覧します Comment[ko]=웹을 돌아 다닙니다 Comment[ku]=Li torê bigere Comment[lt]=Naršykite internete Comment[nb]=Surf på nettet Comment[nl]=Verken het internet Comment[nn]=Surf på nettet Comment[no]=Surf på nettet Comment[pl]=Przeglądanie stron WWW Comment[pt]=Navegue na Internet Comment[pt_BR]=Navegue na Internet Comment[ro]=Navigați pe Internet Comment[ru]=Доступ в Интернет Comment[sk]=Prehliadanie internetu Comment[sl]=Brskajte po spletu Comment[sv]=Surfa på webben Comment[tr]=İnternet'te Gezinin Comment[ug]=دۇنيادىكى توربەتلەرنى كۆرگىلى بولىدۇ Comment[uk]=Перегляд сторінок Інтернету Comment[vi]=Để duyệt các trang web Comment[zh_CN]=浏览互联网 Comment[zh_TW]=瀏覽網際網路 Keywords=Internet;WWW;Browser;Web;Explorer Keywords[ar]=انترنت;إنترنت;متصفح;ويب;وب Keywords[ast]=Internet;WWW;Restolador;Web;Esplorador Keywords[ca]=Internet;WWW;Navegador;Web;Explorador;Explorer Keywords[cs]=Internet;WWW;Prohlížeč;Web;Explorer Keywords[da]=Internet;Internettet;WWW;Browser;Browse;Web;Surf;Nettet Keywords[de]=Internet;WWW;Browser;Web;Explorer;Webseite;Site;surfen;online;browsen Keywords[el]=Internet;WWW;Browser;Web;Explorer;Διαδίκτυο;Περιηγητής;Firefox;Φιρεφοχ;Ιντερνετ Keywords[es]=Explorador;Internet;WWW Keywords[fi]=Internet;WWW;Browser;Web;Explorer;selain;Internet-selain;internetselain;verkkoselain;netti;surffaa Keywords[fr]=Internet;WWW;Browser;Web;Explorer;Fureteur;Surfer;Navigateur Keywords[he]=דפדפן;אינטרנט;רשת;אתרים;אתר;פיירפוקס;מוזילה; Keywords[hr]=Internet;WWW;preglednik;Web Keywords[hu]=Internet;WWW;Böngésző;Web;Háló;Net;Explorer Keywords[it]=Internet;WWW;Browser;Web;Navigatore Keywords[is]=Internet;WWW;Vafri;Vefur;Netvafri;Flakk Keywords[ja]=Internet;WWW;Web;インターネット;ブラウザ;ウェブ;エクスプローラ Keywords[nb]=Internett;WWW;Nettleser;Explorer;Web;Browser;Nettside Keywords[nl]=Internet;WWW;Browser;Web;Explorer;Verkenner;Website;Surfen;Online Keywords[pt]=Internet;WWW;Browser;Web;Explorador;Navegador Keywords[pt_BR]=Internet;WWW;Browser;Web;Explorador;Navegador Keywords[ru]=Internet;WWW;Browser;Web;Explorer;интернет;браузер;веб;файрфокс;огнелис Keywords[sk]=Internet;WWW;Prehliadač;Web;Explorer Keywords[sl]=Internet;WWW;Browser;Web;Explorer;Brskalnik;Splet Keywords[tr]=İnternet;WWW;Tarayıcı;Web;Gezgin;Web sitesi;Site;sörf;çevrimiçi;tara Keywords[uk]=Internet;WWW;Browser;Web;Explorer;Інтернет;мережа;переглядач;оглядач;браузер;веб;файрфокс;вогнелис;перегляд Keywords[vi]=Internet;WWW;Browser;Web;Explorer;Trình duyệt;Trang web Keywords[zh_CN]=Internet;WWW;Browser;Web;Explorer;网页;浏览;上网;火狐;Firefox;ff;互联网;网站; Keywords[zh_TW]=Internet;WWW;Browser;Web;Explorer;網際網路;網路;瀏覽器;上網;網頁;火狐 Exec=firefox %u Icon=firefox Terminal=false X-MultipleArgs=false Type=Application MimeType=text/html;text/xml;application/xhtml+xml;x-scheme-handler/http;x-scheme-handler/https;application/x-xpinstall; StartupNotify=true StartupWMClass=firefox Categories=Network;WebBrowser; Actions=new-window;new-private-window; [Desktop Action new-window] Name=New Window Name[ach]=Dirica manyen Name[af]=Nuwe venster Name[an]=Nueva finestra Name[ar]=نافذة جديدة Name[as]=নতুন উইন্ডো Name[ast]=Ventana nueva Name[az]=Yeni Pəncərə Name[be]=Новае акно Name[bg]=Нов прозорец Name[bn_BD]=নতুন উইন্ডো (N) Name[bn_IN]=নতুন উইন্ডো Name[br]=Prenestr nevez Name[brx]=गोदान उइन्ड'(N) Name[bs]=Novi prozor Name[ca]=Finestra nova Name[cak]=K'ak'a' tzuwäch Name[cs]=Nové okno Name[cy]=Ffenestr Newydd Name[da]=Nyt vindue Name[de]=Neues Fenster Name[dsb]=Nowe wokno Name[el]=Νέο παράθυρο Name[en_GB]=New Window Name[en_US]=New Window Name[en_ZA]=New Window Name[eo]=Nova fenestro Name[es_AR]=Nueva ventana Name[es_CL]=Nueva ventana Name[es_ES]=Nueva ventana Name[es_MX]=Nueva ventana Name[et]=Uus aken Name[eu]=Leiho berria Name[fa]=پنجره جدید Name[ff]=Henorde Hesere Name[fi]=Uusi ikkuna Name[fr]=Nouvelle fenêtre Name[fy_NL]=Nij finster Name[ga_IE]=Fuinneog Nua Name[gd]=Uinneag ùr Name[gl]=Nova xanela Name[gn]=Ovetã pyahu Name[gu_IN]=નવી વિન્ડો Name[he]=חלון חדש Name[hi_IN]=नया विंडो Name[hr]=Novi prozor Name[hsb]=Nowe wokno Name[hu]=Új ablak Name[hy_AM]=Նոր Պատուհան Name[id]=Jendela Baru Name[is]=Nýr gluggi Name[it]=Nuova finestra Name[ja]=新しいウィンドウ Name[ja_JP-mac]=新規ウインドウ Name[ka]=ახალი ფანჯარა Name[kk]=Жаңа терезе Name[km]=បង្អួចថ្មី Name[kn]=ಹೊಸ ಕಿಟಕಿ Name[ko]=새 창 Name[kok]=नवें जनेल Name[ks]=نئئ وِنڈو Name[lij]=Neuvo barcon Name[lo]=ຫນ້າຕ່າງໃຫມ່ Name[lt]=Naujas langas Name[ltg]=Jauns lūgs Name[lv]=Jauns logs Name[mai]=नव विंडो Name[mk]=Нов прозорец Name[ml]=പുതിയ ജാലകം Name[mr]=नवीन पटल Name[ms]=Tetingkap Baru Name[my]=ဝင်းဒိုးအသစ် Name[nb_NO]=Nytt vindu Name[ne_NP]=नयाँ सञ्झ्याल Name[nl]=Nieuw venster Name[nn_NO]=Nytt vindauge Name[or]=ନୂତନ ୱିଣ୍ଡୋ Name[pa_IN]=ਨਵੀਂ ਵਿੰਡੋ Name[pl]=Nowe okno Name[pt_BR]=Nova janela Name[pt_PT]=Nova janela Name[rm]=Nova fanestra Name[ro]=Fereastră nouă Name[ru]=Новое окно Name[sat]=नावा विंडो (N) Name[si]=නව කවුළුවක් Name[sk]=Nové okno Name[sl]=Novo okno Name[son]=Zanfun taaga Name[sq]=Dritare e Re Name[sr]=Нови прозор Name[sv_SE]=Nytt fönster Name[ta]=புதிய சாளரம் Name[te]=కొత్త విండో Name[th]=หน้าต่างใหม่ Name[tr]=Yeni pencere Name[tsz]=Eraatarakua jimpani Name[uk]=Нове вікно Name[ur]=نیا دریچہ Name[uz]=Yangi oyna Name[vi]=Cửa sổ mới Name[wo]=Palanteer bu bees Name[xh]=Ifestile entsha Name[zh_CN]=新建窗口 Name[zh_TW]=開新視窗 Exec=firefox --new-window %u [Desktop Action new-private-window] Name=New Private Window Name[ach]=Dirica manyen me mung Name[af]=Nuwe privaatvenster Name[an]=Nueva finestra privada Name[ar]=نافذة خاصة جديدة Name[as]=নতুন ব্যক্তিগত উইন্ডো Name[ast]=Ventana privada nueva Name[az]=Yeni Məxfi Pəncərə Name[be]=Новае акно адасаблення Name[bg]=Нов прозорец за поверително сърфиране Name[bn_BD]=নতুন ব্যক্তিগত উইন্ডো Name[bn_IN]=নতুন ব্যক্তিগত উইন্ডো Name[br]=Prenestr merdeiñ prevez nevez Name[brx]=गोदान प्राइभेट उइन्ड' Name[bs]=Novi privatni prozor Name[ca]=Finestra privada nova Name[cak]=K'ak'a' ichinan tzuwäch Name[cs]=Nové anonymní okno Name[cy]=Ffenestr Breifat Newydd Name[da]=Nyt privat vindue Name[de]=Neues privates Fenster Name[dsb]=Nowe priwatne wokno Name[el]=Νέο παράθυρο ιδιωτικής περιήγησης Name[en_GB]=New Private Window Name[en_US]=New Private Window Name[en_ZA]=New Private Window Name[eo]=Nova privata fenestro Name[es_AR]=Nueva ventana privada Name[es_CL]=Nueva ventana privada Name[es_ES]=Nueva ventana privada Name[es_MX]=Nueva ventana privada Name[et]=Uus privaatne aken Name[eu]=Leiho pribatu berria Name[fa]=پنجره ناشناس جدید Name[ff]=Henorde Suturo Hesere Name[fi]=Uusi yksityinen ikkuna Name[fr]=Nouvelle fenêtre de navigation privée Name[fy_NL]=Nij priveefinster Name[ga_IE]=Fuinneog Nua Phríobháideach Name[gd]=Uinneag phrìobhaideach ùr Name[gl]=Nova xanela privada Name[gn]=Ovetã ñemi pyahu Name[gu_IN]=નવી ખાનગી વિન્ડો Name[he]=חלון פרטי חדש Name[hi_IN]=नयी निजी विंडो Name[hr]=Novi privatni prozor Name[hsb]=Nowe priwatne wokno Name[hu]=Új privát ablak Name[hy_AM]=Սկսել Գաղտնի դիտարկում Name[id]=Jendela Mode Pribadi Baru Name[is]=Nýr huliðsgluggi Name[it]=Nuova finestra anonima Name[ja]=新しいプライベートウィンドウ Name[ja_JP-mac]=新規プライベートウインドウ Name[ka]=ახალი პირადი ფანჯარა Name[kk]=Жаңа жекелік терезе Name[km]=បង្អួចឯកជនថ្មី Name[kn]=ಹೊಸ ಖಾಸಗಿ ಕಿಟಕಿ Name[ko]=새 사생활 보호 모드 Name[kok]=नवो खाजगी विंडो Name[ks]=نْو پرایوٹ وینڈو Name[lij]=Nêuvo barcón privòu Name[lo]=ເປີດຫນ້າຕ່າງສວນຕົວຂື້ນມາໃຫມ່ Name[lt]=Naujas privataus naršymo langas Name[ltg]=Jauns privatais lūgs Name[lv]=Jauns privātais logs Name[mai]=नया निज विंडो (W) Name[mk]=Нов приватен прозорец Name[ml]=പുതിയ സ്വകാര്യ ജാലകം Name[mr]=नवीन वैयक्तिक पटल Name[ms]=Tetingkap Persendirian Baharu Name[my]=New Private Window Name[nb_NO]=Nytt privat vindu Name[ne_NP]=नयाँ निजी सञ्झ्याल Name[nl]=Nieuw privévenster Name[nn_NO]=Nytt privat vindauge Name[or]=ନୂତନ ବ୍ୟକ୍ତିଗତ ୱିଣ୍ଡୋ Name[pa_IN]=ਨਵੀਂ ਪ੍ਰਾਈਵੇਟ ਵਿੰਡੋ Name[pl]=Nowe okno prywatne Name[pt_BR]=Nova janela privativa Name[pt_PT]=Nova janela privada Name[rm]=Nova fanestra privata Name[ro]=Fereastră privată nouă Name[ru]=Новое приватное окно Name[sat]=नावा निजेराक् विंडो (W ) Name[si]=නව පුද්ගලික කවුළුව (W) Name[sk]=Nové okno v režime Súkromné prehliadanie Name[sl]=Novo zasebno okno Name[son]=Sutura zanfun taaga Name[sq]=Dritare e Re Private Name[sr]=Нови приватан прозор Name[sv_SE]=Nytt privat fönster Name[ta]=புதிய தனிப்பட்ட சாளரம் Name[te]=కొత్త ఆంతరంగిక విండో Name[th]=หน้าต่างส่วนตัวใหม่ Name[tr]=Yeni gizli pencere Name[tsz]=Juchiiti eraatarakua jimpani Name[uk]=Приватне вікно Name[ur]=نیا نجی دریچہ Name[uz]=Yangi maxfiy oyna Name[vi]=Cửa sổ riêng tư mới Name[wo]=Panlanteeru biir bu bees Name[xh]=Ifestile yangasese entsha Name[zh_CN]=新建隐私浏览窗口 Name[zh_TW]=新增隱私視窗 Exec=firefox --private-window %u ```

gitea-mirror commented

2026-05-05 08:39:57 -06:00

Author

Owner

@ghost commented on GitHub (Jan 30, 2020):

What is your $PATH?

$ echo $PATH

Let's unclutter that file a bit to make it easier to read. Replace the content with the below.

[Desktop Entry]
Name=Firefox
GenericName=Web Browser
Comment=Browse the World Wide Web
Keywords=Internet;WWW;Browser;Web;Explorer
#Exec=firefox
Exec=firejail firefox %u
Icon=firefox
Terminal=false
X-MultipleArgs=false
Type=Application
MimeType=text/html;text/xml;application/xhtml+xml;x-scheme-handler/http;x-scheme-handler/https;application/x-xpinstall;
StartupNotify=true
StartupWMClass=firefox
Categories=Network;WebBrowser;
Actions=new-window;new-private-window;

[Desktop Action new-window]
Name=New Window
#Exec=firefox --new-window %u
Exec=firejail firefox --new-window %u

[Desktop Action new-private-window]
Name=New Private Window
#Exec=firefox --private-window %u
Exec=firejail firefox --private-window %u

@ghost commented on GitHub (Jan 30, 2020): What is your $PATH? $ echo $PATH Let's unclutter that file a bit to make it easier to read. Replace the content with the below. ``` [Desktop Entry] Name=Firefox GenericName=Web Browser Comment=Browse the World Wide Web Keywords=Internet;WWW;Browser;Web;Explorer #Exec=firefox Exec=firejail firefox %u Icon=firefox Terminal=false X-MultipleArgs=false Type=Application MimeType=text/html;text/xml;application/xhtml+xml;x-scheme-handler/http;x-scheme-handler/https;application/x-xpinstall; StartupNotify=true StartupWMClass=firefox Categories=Network;WebBrowser; Actions=new-window;new-private-window; [Desktop Action new-window] Name=New Window #Exec=firefox --new-window %u Exec=firejail firefox --new-window %u [Desktop Action new-private-window] Name=New Private Window #Exec=firefox --private-window %u Exec=firejail firefox --private-window %u ```

gitea-mirror commented

2026-05-05 08:39:58 -06:00

Author

Owner

@Joe23232 commented on GitHub (Jan 30, 2020):

What is your $PATH?
$ echo $PATH

/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/bin/site_perl:/usr/bin/vendor_perl:/usr/bin/core_perl

Let's unclutter that file a bit to make it easier to read. Replace the content with the below.

So you want me to nano into that file and replace the content and put this content in instead, is that what you mean? What will change if I replace the contents other than the readability?

@Joe23232 commented on GitHub (Jan 30, 2020): > What is your $PATH? $ echo $PATH `/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/bin/site_perl:/usr/bin/vendor_perl:/usr/bin/core_perl` > Let's unclutter that file a bit to make it easier to read. Replace the content with the below. So you want me to `nano` into that file and replace the content and put this content in instead, is that what you mean? What will change if I replace the contents other than the readability?

gitea-mirror commented

2026-05-05 08:39:58 -06:00

Author

Owner

@ghost commented on GitHub (Jan 30, 2020):

PATH looks fine, stock Arch output.

So you want me to nano into that file and replace the content and put this content in instead, is that what you mean? What will change if I replace the contents other than the readability?

Correct. Other than readability I took out the '# converted by firecfg' line and changed the 'Exec=...' lines. The former should protect the file from being overwritten by future 'sudo firecfg' runs. We have some issues reported on that not working well for certain applications. The latter means taking manual control to ensure your Firefox will always run sandboxed now. At least that's what it should do once you make the edits in nano. So proceed with the edits and test your Firefox browser start routines again, double-checking with the 'firejail --tree' command to confirm it is actually sandboxed now.

Don't worry about changing the content. If this doesn't fix your firefox you can always remove that file and regenerate it by running 'sudo firecfg' again. Apologies for editing/updating my comments here. It could help others that look thru the issues here in the future.

@ghost commented on GitHub (Jan 30, 2020): PATH looks fine, stock Arch output. > So you want me to nano into that file and replace the content and put this content in instead, is that what you mean? What will change if I replace the contents other than the readability? Correct. Other than readability I took out the '# converted by firecfg' line and changed the 'Exec=...' lines. The former should protect the file from being overwritten by future 'sudo firecfg' runs. We have some issues reported on that not working well for certain applications. The latter means taking manual control to ensure your Firefox will always run sandboxed now. At least that's what it should do once you make the edits in nano. So proceed with the edits and test your Firefox browser start routines again, double-checking with the 'firejail --tree' command to confirm it is actually sandboxed now. Don't worry about changing the content. If this doesn't fix your firefox you can always remove that file and regenerate it by running 'sudo firecfg' again. Apologies for editing/updating my comments here. It could help others that look thru the issues here in the future.

gitea-mirror commented

2026-05-05 08:39:59 -06:00

Author

Owner

@Joe23232 commented on GitHub (Jan 30, 2020):

PATH looks fine, stock Arch output.

Oh ok nice.

Other than readability I took out the '# converted by firecfg' line and changed the 'Exec=...' lines. The former should protect the file from being overwritten by future 'sudo firecfg' runs.

Do I have to do this to replace all the *.desktop's file's contents and add what you have specified?

What does the firefox.desktop file do anyways, and what happens when it is overwritten? Isn't the same information being overwritten to the same file?

So proceed with the edits and test your Firefox browser start routines again, double-checking with the 'firejail --tree' command to confirm it is actually sandboxed now.

One error, for some weird reason I can make changes using nano but when I am using a text editor (called kate) if I save a change it does not allow me and shows me this error message.

Additionally I did change the write permissions and allowed the file to be written by any user and the same issue still persists.

The reason why I am not using nano is cause how do I highlight all the texts?

@Joe23232 commented on GitHub (Jan 30, 2020): > PATH looks fine, stock Arch output. Oh ok nice. > Other than readability I took out the '# converted by firecfg' line and changed the 'Exec=...' lines. The former should protect the file from being overwritten by future 'sudo firecfg' runs. Do I have to do this to replace all the `*.desktop`'s file's contents and add what you have specified? What does the `firefox.desktop` file do anyways, and what happens when it is overwritten? Isn't the same information being overwritten to the same file? > So proceed with the edits and test your Firefox browser start routines again, double-checking with the 'firejail --tree' command to confirm it is actually sandboxed now. One error, for some weird reason I can make changes using `nano` but when I am using a text editor (called `kate`) if I save a change it does not allow me and shows me this error message. ![image](https://user-images.githubusercontent.com/34926497/73453504-434b1f80-43c0-11ea-9d91-f35cbad2d571.png) Additionally I did change the write permissions and allowed the file to be written by any user and the same issue still persists. The reason why I am not using `nano` is cause how do I highlight all the texts?

gitea-mirror commented

2026-05-05 08:39:59 -06:00

Author

Owner

@Joe23232 commented on GitHub (Jan 30, 2020):

Sorry I have to go for now I will be available in around 10 hours time. Thanks for all your help :)

@Joe23232 commented on GitHub (Jan 30, 2020): Sorry I have to go for now I will be available in around 10 hours time. Thanks for all your help :)

gitea-mirror commented

2026-05-05 08:40:00 -06:00

Author

Owner

@ghost commented on GitHub (Jan 30, 2020):

I'll add a comment explaining a few things regarding your prior comment and what to do next etcetera. We can pick this up again later. Glad to help.

@ghost commented on GitHub (Jan 30, 2020): I'll add a comment explaining a few things regarding your prior comment and what to do next etcetera. We can pick this up again later. Glad to help.

gitea-mirror commented

2026-05-05 08:40:00 -06:00

Author

Owner

@ghost commented on GitHub (Jan 30, 2020):

Do I have to do this to replace all the *.desktop's file's contents and add what you have specified?

No. In fact it shouldn't be needed at all. But due to some firecfg issues (see e.g. #3179) that are still not fixed or in-progress you currently need this workaround. If you notice any other of your installed applications not getting sandboxed properly (via 'firejail --tree') this routine is a way to take manual control and (try to) fix things.

What does the firefox.desktop file do anyways, and what happens when it is overwritten? Isn't the same information being overwritten to the same file?

Like @smitsohu and myself explained in the beginning of this thread, the firefox.desktop file instructs your OS which command to execute (which additional arguments when specified) and - by explicitly specifying 'Exec=firejail firefox ...' - guarantee running all your supported applications through firejail. Taking out that '# converted by firecfg' line is a safeguard against future overwrites by running 'sudo firecfg', which would regenerate another 'broken' desktop file for firefox in this case. Annoying, but hopefully the firecfg tool will be fixed soon and situations like these become unnecessary.

One error, for some weird reason I can make changes using nano but when I am using a text editor (called kate) if I save a change it does not allow me and shows me this error message.

The 'weird' reason here is actually firejail itself :) In the list you posted in https://github.com/netblue30/firejail/issues/3191#issuecomment-580224583 you can see 'kate created'. That means that your 'kate' editor is now being run through firejail (as are all the applications listed in that output).

Additionally I did change the write permissions and allowed the file to be written by any user and the same issue still persists.

Changing file permissions (outside the sandbox on your real filesystem) won't help here. The 'problem' is that the default /etc/firejail/kate.profile contains 'include disable-common.inc', which in turn has read-only ${HOME}/.local/share/applications (see lines 304-307 of /etc/firejail/disable-common.inc). So 'kate' - being unaware it is being run through firejail - tries to write into a location that is read-only inside the sandbox, fails to do so and shows an error window.

This is all 'standard' firejail behaviour: restrict a profile as much as possible while keeping it reasonably functional for the user. You will have to get used to being in control, believe it or not :). It is you - as the firejail user - that has to decide if/when/how to make changes to these defaults as specified in the profiles under /etc/firejail. Not that firejail is trying to shift blame or responsibility for something not working as expected into your shoes, or anything of the sort. Quite the contrary IMHO. Purposely designing things this way forces users to being more aware of how their specific setup uses the firejail sandboxing techniques and not lull them into a false 'install and forget' kind of security disaster. After all, firejail is just another set of tools. Luckily it tries to be (self-)aware of this and provides a convention to use overrides via .local files.

If you decide to keep using 'kate' firejailed and want to allow it saving files under ~/.local/share/applications you have 2 options. Either create /etc/firejail/kate.local or ~/.config/firejail/kate.local. The former is a system-wide override - affecting all firejail users on your system, the latter a per-user override - only affecting your specific user ID account.

# This file is meant for local customizations of kate.profile

# allow editing local .desktop files (read-only in disable-common.inc)
read-write ${HOME}/.local/share/applications

The reason why I am not using nano is cause how do I highlight all the texts?

To be honest I don't know that OTOH. Manual pages and internet searches to the rescue...

@ghost commented on GitHub (Jan 30, 2020): > Do I have to do this to replace all the *.desktop's file's contents and add what you have specified? No. In fact it shouldn't be needed at all. But due to some firecfg issues (see e.g. #3179) that are still not fixed or in-progress you currently need this workaround. If you notice any other of your installed applications not getting sandboxed properly (via 'firejail --tree') this routine is a way to take manual control and (try to) fix things. > What does the firefox.desktop file do anyways, and what happens when it is overwritten? Isn't the same information being overwritten to the same file? Like @smitsohu and myself explained in the beginning of this thread, the `firefox.desktop` file instructs your OS which command to execute (which additional arguments when specified) and - by explicitly specifying 'Exec=firejail firefox ...' - guarantee running all your supported applications through firejail. Taking out that '# converted by firecfg' line is a safeguard against future overwrites by running 'sudo firecfg', which would regenerate another 'broken' desktop file for firefox in this case. Annoying, but hopefully the firecfg tool will be fixed soon and situations like these become unnecessary. > One error, for some weird reason I can make changes using nano but when I am using a text editor (called kate) if I save a change it does not allow me and shows me this error message. **The 'weird' reason here is actually firejail itself** :) In the list you posted in https://github.com/netblue30/firejail/issues/3191#issuecomment-580224583 you can see 'kate created'. That means that your 'kate' editor is now being run through firejail (as are all the applications listed in that output). > Additionally I did change the write permissions and allowed the file to be written by any user and the same issue still persists. Changing file permissions (outside the sandbox on your real filesystem) won't help here. The 'problem' is that the default /etc/firejail/kate.profile contains 'include disable-common.inc', which in turn has `read-only ${HOME}/.local/share/applications` (see lines 304-307 of /etc/firejail/disable-common.inc). So 'kate' - being unaware it is being run through firejail - tries to _write_ into a location that is _read-only_ inside the sandbox, fails to do so and shows an error window. This is all 'standard' firejail behaviour: restrict a profile as much as possible while keeping it reasonably functional for the user. You will have to get used to being in control, believe it or not :). It is **you** - as the firejail user - that has to decide if/when/how to make changes to these defaults as specified in the profiles under /etc/firejail. Not that firejail is trying to shift blame or responsibility for something not working as expected into your shoes, or anything of the sort. Quite the contrary IMHO. Purposely designing things this way forces users to being more aware of how their specific setup uses the firejail sandboxing techniques and not lull them into a false 'install and forget' kind of security disaster. After all, firejail is just another set of tools. Luckily it tries to be (self-)aware of this and provides a convention to use overrides via `.local` files. If you decide to keep using 'kate' firejailed and want to allow it saving files under ~/.local/share/applications you have 2 options. Either create `/etc/firejail/kate.local` or `~/.config/firejail/kate.local`. The former is a _system-wide_ override - affecting _all_ firejail users on your system, the latter a _per-user_ override - only affecting _your_ specific user ID account. ``` # This file is meant for local customizations of kate.profile # allow editing local .desktop files (read-only in disable-common.inc) read-write ${HOME}/.local/share/applications ``` > The reason why I am not using nano is cause how do I highlight all the texts? To be honest I don't know that OTOH. Manual pages and internet searches to the rescue...

gitea-mirror commented

2026-05-05 08:40:01 -06:00

Author

Owner

@ghost commented on GitHub (Jan 30, 2020):

To conclude our session for today, here are 2 reminders.

stop firetools from autostarting (you can decide later to remove it with pacman and use firecfg instead - or keep it and set it up for autostart by changing 'false' to 'true' in the third line below)

mkdir -p ~/.config/autostart
cp -f /etc/xdg/autostart/firetools.desktop ~/.config/autostart/firetools.desktop
echo "X-GNOME-Autostart-enabled=false" >> ~/.config/autostart/firetools.desktop
chmod +x ~/.config/autostart/firetools.desktop

configure/enable AppArmor
see https://wiki.archlinux.org/index.php/AppArmor

Enjoy experimenting!

@ghost commented on GitHub (Jan 30, 2020): To conclude our session for today, here are 2 reminders. - stop `firetools` from autostarting (you can decide later to remove it with pacman and use firecfg instead - or keep it and set it up for autostart by changing 'false' to 'true' in the third line below) ``` mkdir -p ~/.config/autostart cp -f /etc/xdg/autostart/firetools.desktop ~/.config/autostart/firetools.desktop echo "X-GNOME-Autostart-enabled=false" >> ~/.config/autostart/firetools.desktop chmod +x ~/.config/autostart/firetools.desktop ``` - configure/enable AppArmor see https://wiki.archlinux.org/index.php/AppArmor Enjoy experimenting!

gitea-mirror commented

2026-05-05 08:40:01 -06:00

Author

Owner

@Joe23232 commented on GitHub (Jan 31, 2020):

@glitsj16

No. In fact it shouldn't be needed at all. But due to some firecfg issues (see e.g. #3179) that are still not fixed or in-progress you currently need this workaround. If you notice any other of your installed applications not getting sandboxed properly (via 'firejail --tree') this routine is a way to take manual control and (try to) fix things.

Hopefully it gets fixed soon.

Like @smitsohu and myself explained in the beginning of this thread, the firefox.desktop file instructs your OS which command to execute (which additional arguments when specified) and - by explicitly specifying 'Exec=firejail firefox ...' - guarantee running all your supported applications through firejail. Taking out that '# converted by firecfg' line is a safeguard against future overwrites by running 'sudo firecfg', which would regenerate another 'broken' desktop file for firefox in this case. Annoying, but hopefully the firecfg tool will be fixed soon and situations like these become unnecessary.

Oh sorry I should have read it again.

That means that your 'kate' editor is now being run through firejail (as are all the applications listed in that output).

Oh I get it lol.

Changing file permissions (outside the sandbox on your real filesystem) won't help here. The 'problem' is that the default /etc/firejail/kate.profile contains 'include disable-common.inc', which in turn has read-only ${HOME}/.local/share/applications (see lines 304-307 of /etc/firejail/disable-common.inc). So 'kate' - being unaware it is being run through firejail - tries to write into a location that is read-only inside the sandbox, fails to do so and shows an error window.

I understand, I just didn't realise kate was being sandboxed.

Is there a way to use firecfg to specify which applications should get sandboxed? Because I don't want to sandbox all applications, just the ones that I specify?

@Joe23232 commented on GitHub (Jan 31, 2020): @glitsj16 > No. In fact it shouldn't be needed at all. But due to some firecfg issues (see e.g. #3179) that are still not fixed or in-progress you currently need this workaround. If you notice any other of your installed applications not getting sandboxed properly (via 'firejail --tree') this routine is a way to take manual control and (try to) fix things. Hopefully it gets fixed soon. > Like @smitsohu and myself explained in the beginning of this thread, the firefox.desktop file instructs your OS which command to execute (which additional arguments when specified) and - by explicitly specifying 'Exec=firejail firefox ...' - guarantee running all your supported applications through firejail. Taking out that '# converted by firecfg' line is a safeguard against future overwrites by running 'sudo firecfg', which would regenerate another 'broken' desktop file for firefox in this case. Annoying, but hopefully the firecfg tool will be fixed soon and situations like these become unnecessary. Oh sorry I should have read it again. > That means that your 'kate' editor is now being run through firejail (as are all the applications listed in that output). Oh I get it lol. > Changing file permissions (outside the sandbox on your real filesystem) won't help here. The 'problem' is that the default /etc/firejail/kate.profile contains 'include disable-common.inc', which in turn has read-only ${HOME}/.local/share/applications (see lines 304-307 of /etc/firejail/disable-common.inc). So 'kate' - being unaware it is being run through firejail - tries to write into a location that is read-only inside the sandbox, fails to do so and shows an error window. I understand, I just didn't realise `kate` was being sandboxed. Is there a way to use `firecfg` to specify which applications should get sandboxed? Because I don't want to sandbox all applications, just the ones that I specify?

gitea-mirror commented

2026-05-05 08:40:02 -06:00

Author

Owner

@ghost commented on GitHub (Jan 31, 2020):

Is there a way to use firecfg to specify which applications should get sandboxed? Because I don't want to sandbox all applications, just the ones that I specify?

No, in its current design firecfg doesn't allow that functionality. More granular control has been requested before, see #3016. I remembered showing a custom script in that issue, which still works fine, but depends heavily on your workflow. Maybe using https://github.com/rahiel/firectl instead of firecfg is the way to go for you in that case.

@ghost commented on GitHub (Jan 31, 2020): > Is there a way to use firecfg to specify which applications should get sandboxed? Because I don't want to sandbox all applications, just the ones that I specify? No, in its current design firecfg doesn't allow that functionality. More granular control has been requested before, see #3016. I remembered showing a custom script in that issue, which still works fine, but depends heavily on your workflow. Maybe using https://github.com/rahiel/firectl instead of firecfg is the way to go for you in that case.

gitea-mirror commented

2026-05-05 08:40:02 -06:00

Author

Owner

@Joe23232 commented on GitHub (Jan 31, 2020):

@glitsj16

I did a sudo firecfg --clean to clear out all the files from being sandboxed.

I installed firectl via yay -S firectl (since firectl was not in the official archlinux repository) and installed it. Firefox seems to get sandboxed but with chromium (I instealled chromium after running firecfg and running sudo firecfg --clean) and chromium does not get sandboxed at all when I typed sudo firectl enable chromium.

I ran firectl status and I get this output.

1  Firejail profiles are enabled
   program     symlink    desktop file
   chromium    yes        yes    

6  Firejail profiles are disabled and available
   brave-browser
   firefox
   mplayer
   opera
   pavucontrol
   wine

through firejail chromium is being sandboxed which is good but not through firectl and when I launch it through KDE.

I am not too sure why chromium is not working?

@Joe23232 commented on GitHub (Jan 31, 2020): @glitsj16 I did a `sudo firecfg --clean` to clear out all the files from being sandboxed. I installed `firectl` via `yay -S firectl` (since `firectl` was not in the official archlinux repository) and installed it. Firefox seems to get sandboxed but with chromium (I instealled chromium after running `firecfg` and running `sudo firecfg --clean`) and chromium does not get sandboxed at all when I typed `sudo firectl enable chromium`. I ran `firectl status` and I get this output. ``` 1 Firejail profiles are enabled program symlink desktop file chromium yes yes 6 Firejail profiles are disabled and available brave-browser firefox mplayer opera pavucontrol wine ``` through firejail chromium is being sandboxed which is good but not through `firectl` and when I launch it through KDE. I am not too sure why chromium is not working?

gitea-mirror commented

2026-05-05 08:40:02 -06:00

Author

Owner

@ghost commented on GitHub (Jan 31, 2020):

Can you post the current content of /usr/share/applications/chromium.desktop please?

As I understand it, firectl prepends "firejail" to the Exec line of the system-wide desktop files. So you need to make absolutely sure there are no overlapping .desktop files with the same name in your ~/.local/share/applications directory. Perhaps firecfg didn't clean everything there. Check that path, remove every .desktop file and try to use firectl again to disable/enable what you want.

I've started work on a firecfg-ng (firecfg next-generation) to avoid all this messy, headache-inducing stuff. It will have disable/enable functionality cfr. firectl, as well as fixes for all currently known/reported firecfg bugs and issues. This will take a while, but I wanted to inform you nonetheless.

On a similar note, if your list of applications you always want to be firejailed isn't too long, I suggest you drop tools like firectl/firecfg completely and setup symlinks (in /usr/local/bin) and edited .desktop files (in ~/.local/share/applications) yourself manually. In the end that looks to be the more manageable solution to all this IMHO. And even when the list is long(er), doing the work manually and keeping a file with info of what you always run through firejail isn't that complicated. It's what I've been doing ever since starting to use firejail for what that's worth...

@ghost commented on GitHub (Jan 31, 2020): Can you post the current content of /usr/share/applications/chromium.desktop please? As I understand it, `firectl` prepends "firejail" to the Exec line of the **system-wide** desktop files. So you need to make absolutely sure there are no overlapping .desktop files with the same name in your `~/.local/share/applications` directory. Perhaps `firecfg` didn't clean everything there. Check that path, remove every .desktop file and try to use `firectl` again to disable/enable what you want. I've started work on a `firecfg-ng` (firecfg next-generation) to avoid all this messy, headache-inducing stuff. It will have disable/enable functionality cfr. firectl, as well as fixes for all currently known/reported firecfg bugs and issues. This will take a while, but I wanted to inform you nonetheless. On a similar note, if your list of applications you always want to be firejailed isn't too long, I suggest you drop tools like firectl/firecfg completely and setup symlinks (in /usr/local/bin) and edited .desktop files (in ~/.local/share/applications) yourself manually. In the end that looks to be the more manageable solution to all this IMHO. And even when the list is long(er), doing the work manually and keeping a file with info of what you always run through firejail isn't that complicated. It's what I've been doing ever since starting to use firejail for what that's worth...

gitea-mirror commented

2026-05-05 08:40:03 -06:00

Author

Owner

@rusty-snake commented on GitHub (Jan 31, 2020):

I've started work on a firecfg-ng (firecfg next-generation) to avoid all this messy, headache-inducing stuff.

I started a firecfg.py, maybe we should collaborate to avoid duplicated work.

@rusty-snake commented on GitHub (Jan 31, 2020): > I've started work on a `firecfg-ng` (firecfg next-generation) to avoid all this messy, headache-inducing stuff. I started a firecfg.py, maybe we should collaborate to avoid duplicated work.

gitea-mirror commented

2026-05-05 08:40:03 -06:00

Author

Owner

@Joe23232 commented on GitHub (Jan 31, 2020):

@glitsj16

Can you post the current content of /usr/share/applications/chromium.desktop please?

Sure mate.

[Desktop Entry]
Version=1.0
Name=Chromium
# Only KDE 4 seems to use GenericName, so we reuse the KDE strings.
# From Ubuntu's language-pack-kde-XX-base packages, version 9.04-20090413.
GenericName=Web Browser
GenericName[ar]=متصفح الشبكة
GenericName[bg]=Уеб браузър
GenericName[ca]=Navegador web
GenericName[cs]=WWW prohlížeč
GenericName[da]=Browser
GenericName[de]=Web-Browser
GenericName[el]=Περιηγητής ιστού
GenericName[en_GB]=Web Browser
GenericName[es]=Navegador web
GenericName[et]=Veebibrauser
GenericName[fi]=WWW-selain
GenericName[fr]=Navigateur Web
GenericName[gu]=વેબ બ્રાઉઝર
GenericName[he]=דפדפן אינטרנט
GenericName[hi]=वेब ब्राउज़र
GenericName[hu]=Webböngésző
GenericName[it]=Browser Web
GenericName[ja]=ウェブブラウザ
GenericName[kn]=ಜಾಲ ವೀಕ್ಷಕ
GenericName[ko]=웹 브라우저
GenericName[lt]=Žiniatinklio naršyklė
GenericName[lv]=Tīmekļa pārlūks
GenericName[ml]=വെബ് ബ്രൌസര്
GenericName[mr]=वेब ब्राऊजर
GenericName[nb]=Nettleser
GenericName[nl]=Webbrowser
GenericName[pl]=Przeglądarka WWW
GenericName[pt]=Navegador Web
GenericName[pt_BR]=Navegador da Internet
GenericName[ro]=Navigator de Internet
GenericName[ru]=Веб-браузер
GenericName[sl]=Spletni brskalnik
GenericName[sv]=Webbläsare
GenericName[ta]=இணைய உலாவி
GenericName[th]=เว็บเบราว์เซอร์
GenericName[tr]=Web Tarayıcı
GenericName[uk]=Навігатор Тенет
GenericName[zh_CN]=网页浏览器
GenericName[zh_HK]=網頁瀏覽器
GenericName[zh_TW]=網頁瀏覽器
# Not translated in KDE, from Epiphany 2.26.1-0ubuntu1.
GenericName[bn]=ওয়েব ব্রাউজার
GenericName[fil]=Web Browser
GenericName[hr]=Web preglednik
GenericName[id]=Browser Web
GenericName[or]=ଓ୍ବେବ ବ୍ରାଉଜର
GenericName[sk]=WWW prehliadač
GenericName[sr]=Интернет прегледник
GenericName[te]=మహాతల అన్వేషి
GenericName[vi]=Bộ duyệt Web
# Gnome and KDE 3 uses Comment.
Comment=Access the Internet
Comment[ar]=الدخول إلى الإنترنت
Comment[bg]=Достъп до интернет
Comment[bn]=ইন্টারনেটটি অ্যাক্সেস করুন
Comment[ca]=Accedeix a Internet
Comment[cs]=Přístup k internetu
Comment[da]=Få adgang til internettet
Comment[de]=Internetzugriff
Comment[el]=Πρόσβαση στο Διαδίκτυο
Comment[en_GB]=Access the Internet
Comment[es]=Accede a Internet.
Comment[et]=Pääs Internetti
Comment[fi]=Käytä internetiä
Comment[fil]=I-access ang Internet
Comment[fr]=Accéder à Internet
Comment[gu]=ઇંટરનેટ ઍક્સેસ કરો
Comment[he]=גישה אל האינטרנט
Comment[hi]=इंटरनेट तक पहुंच स्थापित करें
Comment[hr]=Pristup Internetu
Comment[hu]=Internetelérés
Comment[id]=Akses Internet
Comment[it]=Accesso a Internet
Comment[ja]=インターネットにアクセス
Comment[kn]=ಇಂಟರ್ನೆಟ್ ಅನ್ನು ಪ್ರವೇಶಿಸಿ
Comment[ko]=인터넷 연결
Comment[lt]=Interneto prieiga
Comment[lv]=Piekļūt internetam
Comment[ml]=ഇന്റര്നെറ്റ് ആക്സസ് ചെയ്യുക
Comment[mr]=इंटरनेटमध्ये प्रवेश करा
Comment[nb]=Gå til Internett
Comment[nl]=Verbinding maken met internet
Comment[or]=ଇଣ୍ଟର୍ନେଟ୍ ପ୍ରବେଶ କରନ୍ତୁ
Comment[pl]=Skorzystaj z internetu
Comment[pt]=Aceder à Internet
Comment[pt_BR]=Acessar a internet
Comment[ro]=Accesaţi Internetul
Comment[ru]=Доступ в Интернет
Comment[sk]=Prístup do siete Internet
Comment[sl]=Dostop do interneta
Comment[sr]=Приступите Интернету
Comment[sv]=Gå ut på Internet
Comment[ta]=இணையத்தை அணுகுதல்
Comment[te]=ఇంటర్నెట్ను ఆక్సెస్ చెయ్యండి
Comment[th]=เข้าถึงอินเทอร์เน็ต
Comment[tr]=İnternet'e erişin
Comment[uk]=Доступ до Інтернету
Comment[vi]=Truy cập Internet
Comment[zh_CN]=访问互联网
Comment[zh_HK]=連線到網際網路
Comment[zh_TW]=連線到網際網路
Exec=firejail /usr/bin/chromium %U
StartupNotify=true
Terminal=false
Icon=chromium
Type=Application
Categories=Network;WebBrowser;
MimeType=text/html;text/xml;application/xhtml_xml;image/webp;x-scheme-handler/http;x-scheme-handler/https;x-scheme-handler/ftp;
Actions=new-window;new-private-window;

[Desktop Action new-window]
Name=New Window
Name[am]=አዲስ መስኮት
Name[ar]=نافذة جديدة
Name[bg]=Нов прозорец
Name[bn]=নতুন উইন্ডো
Name[ca]=Finestra nova
Name[cs]=Nové okno
Name[da]=Nyt vindue
Name[de]=Neues Fenster
Name[el]=Νέο Παράθυρο
Name[en_GB]=New Window
Name[es]=Nueva ventana
Name[et]=Uus aken
Name[fa]=پنجره جدید
Name[fi]=Uusi ikkuna
Name[fil]=New Window
Name[fr]=Nouvelle fenêtre
Name[gu]=નવી વિંડો
Name[hi]=नई विंडो
Name[hr]=Novi prozor
Name[hu]=Új ablak
Name[id]=Jendela Baru
Name[it]=Nuova finestra
Name[iw]=חלון חדש
Name[ja]=新規ウインドウ
Name[kn]=ಹೊಸ ವಿಂಡೊ
Name[ko]=새 창
Name[lt]=Naujas langas
Name[lv]=Jauns logs
Name[ml]=പുതിയ വിന്ഡോ
Name[mr]=नवीन विंडो
Name[nl]=Nieuw venster
Name[no]=Nytt vindu
Name[pl]=Nowe okno
Name[pt]=Nova janela
Name[pt_BR]=Nova janela
Name[ro]=Fereastră nouă
Name[ru]=Новое окно
Name[sk]=Nové okno
Name[sl]=Novo okno
Name[sr]=Нови прозор
Name[sv]=Nytt fönster
Name[sw]=Dirisha Jipya
Name[ta]=புதிய சாளரம்
Name[te]=క్రొత్త విండో
Name[th]=หน้าต่างใหม่
Name[tr]=Yeni Pencere
Name[uk]=Нове вікно
Name[vi]=Cửa sổ Mới
Name[zh_CN]=新建窗口
Name[zh_TW]=開新視窗
Exec=firejail /usr/bin/chromium

[Desktop Action new-private-window]
Name=New Incognito Window
Name[ar]=نافذة جديدة للتصفح المتخفي
Name[bg]=Нов прозорец „инкогнито“
Name[bn]=নতুন ছদ্মবেশী উইন্ডো
Name[ca]=Finestra d'incògnit nova
Name[cs]=Nové anonymní okno
Name[da]=Nyt inkognitovindue
Name[de]=Neues Inkognito-Fenster
Name[el]=Νέο παράθυρο για ανώνυμη περιήγηση
Name[en_GB]=New Incognito window
Name[es]=Nueva ventana de incógnito
Name[et]=Uus inkognito aken
Name[fa]=پنجره جدید حالت ناشناس
Name[fi]=Uusi incognito-ikkuna
Name[fil]=Bagong Incognito window
Name[fr]=Nouvelle fenêtre de navigation privée
Name[gu]=નવી છુપી વિંડો
Name[hi]=नई गुप्त विंडो
Name[hr]=Novi anoniman prozor
Name[hu]=Új Inkognitóablak
Name[id]=Jendela Penyamaran baru
Name[it]=Nuova finestra di navigazione in incognito
Name[iw]=חלון חדש לגלישה בסתר
Name[ja]=新しいシークレット ウィンドウ
Name[kn]=ಹೊಸ ಅಜ್ಞಾತ ವಿಂಡೋ
Name[ko]=새 시크릿 창
Name[lt]=Naujas inkognito langas
Name[lv]=Jauns inkognito režīma logs
Name[ml]=പുതിയ വേഷ പ്രച്ഛന്ന വിന്ഡോ
Name[mr]=नवीन गुप्त विंडो
Name[nl]=Nieuw incognitovenster
Name[no]=Nytt inkognitovindu
Name[pl]=Nowe okno incognito
Name[pt]=Nova janela de navegação anónima
Name[pt_BR]=Nova janela anônima
Name[ro]=Fereastră nouă incognito
Name[ru]=Новое окно в режиме инкогнито
Name[sk]=Nové okno inkognito
Name[sl]=Novo okno brez beleženja zgodovine
Name[sr]=Нови прозор за прегледање без архивирања
Name[sv]=Nytt inkognitofönster
Name[ta]=புதிய மறைநிலைச் சாளரம்
Name[te]=క్రొత్త అజ్ఞాత విండో
Name[th]=หน้าต่างใหม่ที่ไม่ระบุตัวตน
Name[tr]=Yeni Gizli pencere
Name[uk]=Нове вікно в режимі анонімного перегляду
Name[vi]=Cửa sổ ẩn danh mới
Name[zh_CN]=新建隐身窗口
Name[zh_TW]=新增無痕式視窗
Exec=firejail /usr/bin/chromium --incognito

remove every .desktop file and try to use firectl again to disable/enable what you want.

Where could all the *.desktop files be located?

I am having issues with chromium. After running sudo firecfg --clean and rm firefox.desktop in this directory ~/.local/share/applications and after running sudo firectl enable chromium it does get sandboxed but even if I disable it chromium is still being sandboxed.

I've started work on a firecfg-ng (firecfg next-generation) to avoid all this messy, headache-inducing stuff. It will have disable/enable functionality cfr. firectl, as well as fixes for all currently known/reported firecfg bugs and issues. This will take a while, but I wanted to inform you nonetheless.

Oh nice I hope it works out :)

On a similar note, if your list of applications you always want to be firejailed isn't too long, I suggest you drop tools like firectl/firecfg completely and setup symlinks (in /usr/local/bin) and edited .desktop files (in ~/.local/share/applications) yourself manually. In the end that looks to be the more manageable solution to all this IMHO. And even when the list is long(er), doing the work manually and keeping a file with info of what you always run through firejail isn't that complicated. It's what I've been doing ever since starting to use firejail for what that's worth...

I could try that but what do I put inside the *.desktop file?

I started a firecfg.py, maybe we should collaborate to avoid duplicated work.

I wish I could help you out but I have basic programming skills, unless if this is easy to code?

@Joe23232 commented on GitHub (Jan 31, 2020): @glitsj16 > Can you post the current content of /usr/share/applications/chromium.desktop please? Sure mate. ``` [Desktop Entry] Version=1.0 Name=Chromium # Only KDE 4 seems to use GenericName, so we reuse the KDE strings. # From Ubuntu's language-pack-kde-XX-base packages, version 9.04-20090413. GenericName=Web Browser GenericName[ar]=متصفح الشبكة GenericName[bg]=Уеб браузър GenericName[ca]=Navegador web GenericName[cs]=WWW prohlížeč GenericName[da]=Browser GenericName[de]=Web-Browser GenericName[el]=Περιηγητής ιστού GenericName[en_GB]=Web Browser GenericName[es]=Navegador web GenericName[et]=Veebibrauser GenericName[fi]=WWW-selain GenericName[fr]=Navigateur Web GenericName[gu]=વેબ બ્રાઉઝર GenericName[he]=דפדפן אינטרנט GenericName[hi]=वेब ब्राउज़र GenericName[hu]=Webböngésző GenericName[it]=Browser Web GenericName[ja]=ウェブブラウザ GenericName[kn]=ಜಾಲ ವೀಕ್ಷಕ GenericName[ko]=웹 브라우저 GenericName[lt]=Žiniatinklio naršyklė GenericName[lv]=Tīmekļa pārlūks GenericName[ml]=വെബ് ബ്രൌസര് GenericName[mr]=वेब ब्राऊजर GenericName[nb]=Nettleser GenericName[nl]=Webbrowser GenericName[pl]=Przeglądarka WWW GenericName[pt]=Navegador Web GenericName[pt_BR]=Navegador da Internet GenericName[ro]=Navigator de Internet GenericName[ru]=Веб-браузер GenericName[sl]=Spletni brskalnik GenericName[sv]=Webbläsare GenericName[ta]=இணைய உலாவி GenericName[th]=เว็บเบราว์เซอร์ GenericName[tr]=Web Tarayıcı GenericName[uk]=Навігатор Тенет GenericName[zh_CN]=网页浏览器 GenericName[zh_HK]=網頁瀏覽器 GenericName[zh_TW]=網頁瀏覽器 # Not translated in KDE, from Epiphany 2.26.1-0ubuntu1. GenericName[bn]=ওয়েব ব্রাউজার GenericName[fil]=Web Browser GenericName[hr]=Web preglednik GenericName[id]=Browser Web GenericName[or]=ଓ୍ବେବ ବ୍ରାଉଜର GenericName[sk]=WWW prehliadač GenericName[sr]=Интернет прегледник GenericName[te]=మహాతల అన్వేషి GenericName[vi]=Bộ duyệt Web # Gnome and KDE 3 uses Comment. Comment=Access the Internet Comment[ar]=الدخول إلى الإنترنت Comment[bg]=Достъп до интернет Comment[bn]=ইন্টারনেটটি অ্যাক্সেস করুন Comment[ca]=Accedeix a Internet Comment[cs]=Přístup k internetu Comment[da]=Få adgang til internettet Comment[de]=Internetzugriff Comment[el]=Πρόσβαση στο Διαδίκτυο Comment[en_GB]=Access the Internet Comment[es]=Accede a Internet. Comment[et]=Pääs Internetti Comment[fi]=Käytä internetiä Comment[fil]=I-access ang Internet Comment[fr]=Accéder à Internet Comment[gu]=ઇંટરનેટ ઍક્સેસ કરો Comment[he]=גישה אל האינטרנט Comment[hi]=इंटरनेट तक पहुंच स्थापित करें Comment[hr]=Pristup Internetu Comment[hu]=Internetelérés Comment[id]=Akses Internet Comment[it]=Accesso a Internet Comment[ja]=インターネットにアクセス Comment[kn]=ಇಂಟರ್ನೆಟ್ ಅನ್ನು ಪ್ರವೇಶಿಸಿ Comment[ko]=인터넷 연결 Comment[lt]=Interneto prieiga Comment[lv]=Piekļūt internetam Comment[ml]=ഇന്റര്നെറ്റ് ആക്സസ് ചെയ്യുക Comment[mr]=इंटरनेटमध्ये प्रवेश करा Comment[nb]=Gå til Internett Comment[nl]=Verbinding maken met internet Comment[or]=ଇଣ୍ଟର୍ନେଟ୍ ପ୍ରବେଶ କରନ୍ତୁ Comment[pl]=Skorzystaj z internetu Comment[pt]=Aceder à Internet Comment[pt_BR]=Acessar a internet Comment[ro]=Accesaţi Internetul Comment[ru]=Доступ в Интернет Comment[sk]=Prístup do siete Internet Comment[sl]=Dostop do interneta Comment[sr]=Приступите Интернету Comment[sv]=Gå ut på Internet Comment[ta]=இணையத்தை அணுகுதல் Comment[te]=ఇంటర్నెట్ను ఆక్సెస్ చెయ్యండి Comment[th]=เข้าถึงอินเทอร์เน็ต Comment[tr]=İnternet'e erişin Comment[uk]=Доступ до Інтернету Comment[vi]=Truy cập Internet Comment[zh_CN]=访问互联网 Comment[zh_HK]=連線到網際網路 Comment[zh_TW]=連線到網際網路 Exec=firejail /usr/bin/chromium %U StartupNotify=true Terminal=false Icon=chromium Type=Application Categories=Network;WebBrowser; MimeType=text/html;text/xml;application/xhtml_xml;image/webp;x-scheme-handler/http;x-scheme-handler/https;x-scheme-handler/ftp; Actions=new-window;new-private-window; [Desktop Action new-window] Name=New Window Name[am]=አዲስ መስኮት Name[ar]=نافذة جديدة Name[bg]=Нов прозорец Name[bn]=নতুন উইন্ডো Name[ca]=Finestra nova Name[cs]=Nové okno Name[da]=Nyt vindue Name[de]=Neues Fenster Name[el]=Νέο Παράθυρο Name[en_GB]=New Window Name[es]=Nueva ventana Name[et]=Uus aken Name[fa]=پنجره جدید Name[fi]=Uusi ikkuna Name[fil]=New Window Name[fr]=Nouvelle fenêtre Name[gu]=નવી વિંડો Name[hi]=नई विंडो Name[hr]=Novi prozor Name[hu]=Új ablak Name[id]=Jendela Baru Name[it]=Nuova finestra Name[iw]=חלון חדש Name[ja]=新規ウインドウ Name[kn]=ಹೊಸ ವಿಂಡೊ Name[ko]=새 창 Name[lt]=Naujas langas Name[lv]=Jauns logs Name[ml]=പുതിയ വിന്ഡോ Name[mr]=नवीन विंडो Name[nl]=Nieuw venster Name[no]=Nytt vindu Name[pl]=Nowe okno Name[pt]=Nova janela Name[pt_BR]=Nova janela Name[ro]=Fereastră nouă Name[ru]=Новое окно Name[sk]=Nové okno Name[sl]=Novo okno Name[sr]=Нови прозор Name[sv]=Nytt fönster Name[sw]=Dirisha Jipya Name[ta]=புதிய சாளரம் Name[te]=క్రొత్త విండో Name[th]=หน้าต่างใหม่ Name[tr]=Yeni Pencere Name[uk]=Нове вікно Name[vi]=Cửa sổ Mới Name[zh_CN]=新建窗口 Name[zh_TW]=開新視窗 Exec=firejail /usr/bin/chromium [Desktop Action new-private-window] Name=New Incognito Window Name[ar]=نافذة جديدة للتصفح المتخفي Name[bg]=Нов прозорец „инкогнито“ Name[bn]=নতুন ছদ্মবেশী উইন্ডো Name[ca]=Finestra d'incògnit nova Name[cs]=Nové anonymní okno Name[da]=Nyt inkognitovindue Name[de]=Neues Inkognito-Fenster Name[el]=Νέο παράθυρο για ανώνυμη περιήγηση Name[en_GB]=New Incognito window Name[es]=Nueva ventana de incógnito Name[et]=Uus inkognito aken Name[fa]=پنجره جدید حالت ناشناس Name[fi]=Uusi incognito-ikkuna Name[fil]=Bagong Incognito window Name[fr]=Nouvelle fenêtre de navigation privée Name[gu]=નવી છુપી વિંડો Name[hi]=नई गुप्त विंडो Name[hr]=Novi anoniman prozor Name[hu]=Új Inkognitóablak Name[id]=Jendela Penyamaran baru Name[it]=Nuova finestra di navigazione in incognito Name[iw]=חלון חדש לגלישה בסתר Name[ja]=新しいシークレットウィンドウ Name[kn]=ಹೊಸ ಅಜ್ಞಾತ ವಿಂಡೋ Name[ko]=새 시크릿 창 Name[lt]=Naujas inkognito langas Name[lv]=Jauns inkognito režīma logs Name[ml]=പുതിയ വേഷ പ്രച്ഛന്ന വിന്ഡോ Name[mr]=नवीन गुप्त विंडो Name[nl]=Nieuw incognitovenster Name[no]=Nytt inkognitovindu Name[pl]=Nowe okno incognito Name[pt]=Nova janela de navegação anónima Name[pt_BR]=Nova janela anônima Name[ro]=Fereastră nouă incognito Name[ru]=Новое окно в режиме инкогнито Name[sk]=Nové okno inkognito Name[sl]=Novo okno brez beleženja zgodovine Name[sr]=Нови прозор за прегледање без архивирања Name[sv]=Nytt inkognitofönster Name[ta]=புதிய மறைநிலைச் சாளரம் Name[te]=క్రొత్త అజ్ఞాత విండో Name[th]=หน้าต่างใหม่ที่ไม่ระบุตัวตน Name[tr]=Yeni Gizli pencere Name[uk]=Нове вікно в режимі анонімного перегляду Name[vi]=Cửa sổ ẩn danh mới Name[zh_CN]=新建隐身窗口 Name[zh_TW]=新增無痕式視窗 Exec=firejail /usr/bin/chromium --incognito ``` > remove every .desktop file and try to use firectl again to disable/enable what you want. Where could all the *.desktop files be located? I am having issues with chromium. After running `sudo firecfg --clean` and `rm firefox.desktop` in this directory `~/.local/share/applications` and after running `sudo firectl enable chromium` it does get sandboxed but even if I disable it chromium is still being sandboxed. > I've started work on a firecfg-ng (firecfg next-generation) to avoid all this messy, headache-inducing stuff. It will have disable/enable functionality cfr. firectl, as well as fixes for all currently known/reported firecfg bugs and issues. This will take a while, but I wanted to inform you nonetheless. Oh nice I hope it works out :) > On a similar note, if your list of applications you always want to be firejailed isn't too long, I suggest you drop tools like firectl/firecfg completely and setup symlinks (in /usr/local/bin) and edited .desktop files (in ~/.local/share/applications) yourself manually. In the end that looks to be the more manageable solution to all this IMHO. And even when the list is long(er), doing the work manually and keeping a file with info of what you always run through firejail isn't that complicated. It's what I've been doing ever since starting to use firejail for what that's worth... I could try that but what do I put inside the *.desktop file? > I started a firecfg.py, maybe we should collaborate to avoid duplicated work. I wish I could help you out but I have basic programming skills, unless if this is easy to code?

gitea-mirror commented

2026-05-05 08:40:04 -06:00

Author

Owner

@rusty-snake commented on GitHub (Jan 31, 2020):

Working way to fix .desktop files: https://gist.github.com/rusty-snake/3e4b8f8555e942d2964a181d4a5f64a0#file-firecfg-py

@rusty-snake commented on GitHub (Jan 31, 2020): Working way to fix .desktop files: https://gist.github.com/rusty-snake/3e4b8f8555e942d2964a181d4a5f64a0#file-firecfg-py

gitea-mirror commented

2026-05-05 08:40:04 -06:00

Author

Owner

@ghost commented on GitHub (Jan 31, 2020):

I've started work on a firecfg-ng (firecfg next-generation) to avoid all this messy, headache-inducing stuff.

I started a firecfg.py, maybe we should collaborate to avoid duplicated work.

@rusty-snake Yeah, I saw your nice Python script, works fine on a test sample for me. And I would definately like to collaborate on this firecfg mess. Give me a day to do some more extensive testing and I'll keep everybody informed on firecfg-ng in #2624 . For now it is just a simple shell script wrapper around firecfg, building on what I added to the discussion in #3016. I opted for a shell script because

it doesn't add any new dependencies;
it doesn't need any patching.

Allthough I really like your script, IMHO doing it in Python might hinder acceptance due to dependency decisions or keep it in contrib forever, both of which wouldn't serve the main goal here: to unbreak firecfg for regular users. Obviously the best solution would be to fix the C code in firecfg itself. None of the more capable C coders here seem to have an interest, are not yet aware of firecfg's broken state or simply don't have the time to do all work. This is not a critique, just a personal observation on the current situation. I do understand there's plenty of other work to be done on the C codebase to keep busy for a while :)

@ghost commented on GitHub (Jan 31, 2020): > I've started work on a firecfg-ng (firecfg next-generation) to avoid all this messy, headache-inducing stuff. > I started a firecfg.py, maybe we should collaborate to avoid duplicated work. @rusty-snake Yeah, I saw your nice Python script, works fine on a test sample for me. And I would **definately** like to collaborate on this firecfg mess. Give me a day to do some more extensive testing and I'll keep everybody informed on _firecfg-ng_ in #2624 . For now it is just a simple `shell` script wrapper around firecfg, building on what I added to the discussion in #3016. I opted for a shell script because - it doesn't add any new dependencies; - it doesn't need any patching. Allthough I _really_ like your script, IMHO doing it in Python might hinder acceptance due to dependency decisions or keep it in contrib forever, both of which wouldn't serve the main goal here: to unbreak firecfg for regular users. Obviously the best solution would be to fix the `C` code in firecfg itself. None of the more capable C coders here seem to have an interest, are not yet aware of firecfg's broken state or simply don't have the time to do all work. This is not a critique, just a personal observation on the current situation. I do understand there's plenty of other work to be done on the C codebase to keep busy for a while :)

gitea-mirror commented

2026-05-05 08:40:04 -06:00

Author

Owner

@ghost commented on GitHub (Jan 31, 2020):

@Joe23232

Where could all the *.desktop files be located?

Under ~/.local/share/applications.

I am having issues with chromium. After running sudo firecfg --clean and rm firefox.desktop in this directory ~/.local/share/applications and after running sudo firectl enable chromium it does get sandboxed but even if I disable it chromium is still being sandboxed.

The /usr/share/applications/chromium.desktop file looks fine to me. It has all the necessary 'Exec=' lines pointing to 'firejail /usr/bin/chromium', which is the way firectl works. I don't know why your chromium is still being sandboxed after disabling it in firectl. Unless there's still a ~/.local/share/applications/chromium.desktop on your system. If it is, take it out, together with any lingering firejail symlinks in /usr/local/bin.

You can always use @rusty-snake's script too as he suggested. I didn't want to confuse your situation even more by adding another alternative to using firecfg and firectl :).

@ghost commented on GitHub (Jan 31, 2020): @Joe23232 > Where could all the *.desktop files be located? Under ~/.local/share/applications. > I am having issues with chromium. After running sudo firecfg --clean and rm firefox.desktop in this directory ~/.local/share/applications and after running sudo firectl enable chromium it does get sandboxed but even if I disable it chromium is still being sandboxed. The /usr/share/applications/chromium.desktop file looks fine to me. It has all the necessary 'Exec=' lines pointing to 'firejail /usr/bin/chromium', which is the way firectl works. I don't know why your chromium is still being sandboxed after disabling it in firectl. Unless there's still a ~/.local/share/applications/chromium.desktop on your system. If it is, take it out, together with any lingering firejail symlinks in /usr/local/bin. You can always use @rusty-snake's script too as he suggested. I didn't want to confuse your situation even more by adding another alternative to using firecfg and firectl :).

gitea-mirror commented

2026-05-05 08:40:05 -06:00

Author

Owner

@rusty-snake commented on GitHub (Jan 31, 2020):

@glitsj16 as a very first preview: 6f210201c5

IMHO doing it in Python might hinder acceptance due to dependency decisions

My goal about dependencies is to only require python3.6 (or what ever python version it will end). No pip, no other third-party python packages, the standart librarys are big enough.

Reasons for the python decision

In contrast to firejail firecfg is not a suid and not so critical that it must be C, C++, Rust, ...
Easyer to implement new features
I can't C (but Rust)
It will give more people a way to contribute code. @Fred-Barclay 😏

or keep it in contrib forever

or as own project forever ;)

@rusty-snake commented on GitHub (Jan 31, 2020): @glitsj16 as a **very** first preview: https://github.com/rusty-snake/firecfg.py/tree/6f210201c5f4eec35c8e0ddd6c9c10e7e680e831 > IMHO doing it in Python might hinder acceptance due to dependency decisions My goal about dependencies is to only require python3.6 (or what ever python version it will end). No pip, no other third-party python packages, the standart librarys are big enough. Reasons for the python decision - In contrast to firejail firecfg is not a suid and not so critical that it must be C, C++, Rust, ... - Easyer to implement new features - I can't C (but Rust) - It will give more people a way to contribute code. @Fred-Barclay :smirk: > or keep it in contrib forever or as own project forever ;)

gitea-mirror commented

2026-05-05 08:40:05 -06:00

Author

Owner

@ghost commented on GitHub (Jan 31, 2020):

@rusty-snake Thanks for the link and clarifying your reasons to go with Python. I wouldn't mind such a dependency being added to firejail, we have other Pythons in contrib. But I'm not a package manager :). It was a long day for me and I need a break. I'll keep you informed on the firefox-ng script, should be able to put something out during the weekend.

@ghost commented on GitHub (Jan 31, 2020): @rusty-snake Thanks for the link and clarifying your reasons to go with Python. I wouldn't mind such a dependency being added to firejail, we have other Pythons in contrib. But I'm not a package manager :). It was a long day for me and I need a break. I'll keep you informed on the firefox-ng script, should be able to put something out during the weekend.

gitea-mirror commented

2026-05-05 08:40:06 -06:00

Author

Owner

@Joe23232 commented on GitHub (Feb 3, 2020):

@Joe23232

Where could all the *.desktop files be located?

Under ~/.local/share/applications.

I am having issues with chromium. After running sudo firecfg --clean and rm firefox.desktop in this directory ~/.local/share/applications and after running sudo firectl enable chromium it does get sandboxed but even if I disable it chromium is still being sandboxed.

The /usr/share/applications/chromium.desktop file looks fine to me. It has all the necessary 'Exec=' lines pointing to 'firejail /usr/bin/chromium', which is the way firectl works. I don't know why your chromium is still being sandboxed after disabling it in firectl. Unless there's still a ~/.local/share/applications/chromium.desktop on your system. If it is, take it out, together with any lingering firejail symlinks in /usr/local/bin.

You can always use @rusty-snake's script too as he suggested. I didn't want to confuse your situation even more by adding another alternative to using firecfg and firectl :).

Sure mate, but is @rusty-snake's script stable? Or is it still in testing phase?

@Joe23232 commented on GitHub (Feb 3, 2020): > @Joe23232 > > > Where could all the *.desktop files be located? > > Under ~/.local/share/applications. > > > I am having issues with chromium. After running sudo firecfg --clean and rm firefox.desktop in this directory ~/.local/share/applications and after running sudo firectl enable chromium it does get sandboxed but even if I disable it chromium is still being sandboxed. > > The /usr/share/applications/chromium.desktop file looks fine to me. It has all the necessary 'Exec=' lines pointing to 'firejail /usr/bin/chromium', which is the way firectl works. I don't know why your chromium is still being sandboxed after disabling it in firectl. Unless there's still a ~/.local/share/applications/chromium.desktop on your system. If it is, take it out, together with any lingering firejail symlinks in /usr/local/bin. > > You can always use @rusty-snake's script too as he suggested. I didn't want to confuse your situation even more by adding another alternative to using firecfg and firectl :). Sure mate, but is @rusty-snake's script stable? Or is it still in testing phase?

gitea-mirror commented

2026-05-05 08:40:06 -06:00

Author

Owner

@Joe23232 commented on GitHub (Feb 3, 2020):

@rusty-snake Just out of curiosity, if you used Rust instead of Python, would it run faster the script that you are writing?

@Joe23232 commented on GitHub (Feb 3, 2020): @rusty-snake Just out of curiosity, if you used Rust instead of Python, would it run faster the script that you are writing?

gitea-mirror commented

2026-05-05 08:40:07 -06:00

Author

Owner

@rusty-snake commented on GitHub (Feb 3, 2020):

Sure mate, but is @rusty-snake's script stable? Or is it still in testing phase?

Stable: https://gist.github.com/rusty-snake/3e4b8f8555e942d2964a181d4a5f64a0

you must first create the firejail symlinks (sudo firecfg).
it will override your local desktop files unless you set KEEP_EXISTING = True (L51).

Prieview (do not use): https://github.com/rusty-snake/firecfg.py/tree/0.0.0-preview

Just out of curiosity, if you used Rust instead of Python, would it run faster

Sure. However, there are more python developers in the world (and in the firejail community) and my intention was no one man show. The python version runs in under one second and firecfg is usually only executed after installing/removing software.

@rusty-snake commented on GitHub (Feb 3, 2020): > Sure mate, but is @rusty-snake's script stable? Or is it still in testing phase? Stable: https://gist.github.com/rusty-snake/3e4b8f8555e942d2964a181d4a5f64a0 - you must first create the firejail symlinks (`sudo firecfg`). - it will override your local desktop files unless you set `KEEP_EXISTING = True` (L51). Prieview (do not use): https://github.com/rusty-snake/firecfg.py/tree/0.0.0-preview > Just out of curiosity, if you used Rust instead of Python, would it run faster Sure. However, there are more python developers in the world (and in the firejail community) and my intention was no one man show. The python version runs in under one second and firecfg is usually only executed after installing/removing software.

gitea-mirror commented

2026-05-05 08:40:07 -06:00

Author

Owner

@Joe23232 commented on GitHub (Feb 3, 2020):

Stable: https://gist.github.com/rusty-snake/3e4b8f8555e942d2964a181d4a5f64a0

you must first create the firejail symlinks (sudo firecfg).
it will override your local desktop files unless you set KEEP_EXISTING = True (L51).

But firecfg still has bugs right?

Prieview (do not use): https://github.com/rusty-snake/firecfg.py/tree/0.0.0-preview

This is the next updated version of firecfg, right?

@Joe23232 commented on GitHub (Feb 3, 2020): > Stable: https://gist.github.com/rusty-snake/3e4b8f8555e942d2964a181d4a5f64a0 > you must first create the firejail symlinks (sudo firecfg). > it will override your local desktop files unless you set KEEP_EXISTING = True (L51). But `firecfg` still has bugs right? > Prieview (do not use): https://github.com/rusty-snake/firecfg.py/tree/0.0.0-preview This is the next updated version of `firecfg`, right?

gitea-mirror commented

2026-05-05 08:40:08 -06:00

Author

Owner

@rusty-snake commented on GitHub (Feb 3, 2020):

But firecfg still has bugs right?

Yes, that's only an alternative for firecfg --fix

This is the next updated version of firecfg, right?

Nope, currently this is just a personal project from me. Maybe it will replace firecfg in the future if wished or is shipped with the C-firecfg / in contrib.

@rusty-snake commented on GitHub (Feb 3, 2020): > But `firecfg` still has bugs right? Yes, that's only an alternative for `firecfg --fix` > This is the next updated version of `firecfg`, right? Nope, currently this is just a personal project from me. Maybe it will replace firecfg in the future if wished or is shipped with the C-firecfg / in contrib.

gitea-mirror commented

2026-05-05 08:40:08 -06:00

Author

Owner

@Joe23232 commented on GitHub (Feb 5, 2020):

@rusty-snake

Yes, that's only an alternative for firecfg --fix

Oh ok so everytime I want to contain a program I have to run firecfg --fix, right?

Nope, currently this is just a personal project from me. Maybe it will replace firecfg in the future if wished or is shipped with the C-firecfg / in contrib.

Is this ready to use by any chance? If so I just have to build it and it will work, right?

@Joe23232 commented on GitHub (Feb 5, 2020): @rusty-snake > Yes, that's only an alternative for firecfg --fix Oh ok so everytime I want to contain a program I have to run `firecfg --fix`, right? > Nope, currently this is just a personal project from me. Maybe it will replace firecfg in the future if wished or is shipped with the C-firecfg / in contrib. Is this ready to use by any chance? If so I just have to build it and it will work, right?

gitea-mirror commented

2026-05-05 08:40:09 -06:00

Author

Owner

@rusty-snake commented on GitHub (Feb 8, 2020):

Oh ok so everytime I want to contain a program I have to run firecfg --fix, right?

If you install/remove software with a firejail profile you should run sudo firecfg which will create/remove the symlinks and fix the desktop-files if necessary.

Is this ready to use by any chance?

Give it some time ;)

@rusty-snake commented on GitHub (Feb 8, 2020): > Oh ok so everytime I want to contain a program I have to run firecfg --fix, right? If you install/remove software with a firejail profile you should run `sudo firecfg` which will create/remove the symlinks and fix the desktop-files if necessary. > Is this ready to use by any chance? Give it some time ;)

gitea-mirror commented

2026-05-05 08:40:10 -06:00

Author

Owner

@rusty-snake commented on GitHub (Apr 1, 2020):

I'm closing here due to inactivity, please fell free to reopen if you have more questions.

@rusty-snake commented on GitHub (Apr 1, 2020): I'm closing here due to inactivity, please fell free to reopen if you have more questions.

gitea-mirror commented

2026-05-05 08:40:10 -06:00

Author

Owner

@Joe23232 commented on GitHub (Apr 1, 2020):

Oh ok so everytime I want to contain a program I have to run firecfg --fix, right?

If you install/remove software with a firejail profile you should run sudo firecfg which will create/remove the symlinks and fix the desktop-files if necessary.

Is this ready to use by any chance?

Give it some time ;)

For some weird reason I didn't get your notification or something, sorry I forgot to respond to it if I did :)

@Joe23232 commented on GitHub (Apr 1, 2020): > > Oh ok so everytime I want to contain a program I have to run firecfg --fix, right? > > If you install/remove software with a firejail profile you should run `sudo firecfg` which will create/remove the symlinks and fix the desktop-files if necessary. > > > Is this ready to use by any chance? > > Give it some time ;) For some weird reason I didn't get your notification or something, sorry I forgot to respond to it if I did :)

Rows
Columns

[GH-ISSUE #3191] How to configure applications to automatically go through firejail? #1995