github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #3230] Yet another symlink question #2027

New issue

Closed

opened 2026-05-05 08:42:02 -06:00 by gitea-mirror · 7 comments

gitea-mirror commented

2026-05-05 08:42:02 -06:00

Owner

Originally created by @aleprovencio on GitHub (Feb 17, 2020).
Original GitHub issue: https://github.com/netblue30/firejail/issues/3230

Hello,
this is about creating a sandbox for an application (i.e. qutebrowser) which has its configuration files (i.e. ~/.config/qutebrowser/config.py) as symlinks to other files (~/code/dotfiles/qutebrowser/config.py).

I'm sorry about asking 'Yet another symlink question'. I do so because I have seem lots of threads about it and although the workarounds are there (i.e. #2329 and #2617), I could not find a thread that handles the real solution or even concentrates the ideas for a PR, so maybe I can help somehow/subscribe to.

Originally created by @aleprovencio on GitHub (Feb 17, 2020). Original GitHub issue: https://github.com/netblue30/firejail/issues/3230 Hello, this is about creating a sandbox for an application (i.e. `qutebrowser`) which has its configuration files (i.e. `~/.config/qutebrowser/config.py`) as `symlinks` to other files (`~/code/dotfiles/qutebrowser/config.py`). I'm sorry about asking 'Yet another `symlink` question'. I do so because I have seem lots of threads about it and although the workarounds are there (i.e. #2329 and #2617), I could not find a thread that handles the real solution or even concentrates the ideas for a PR, so maybe I can help somehow/subscribe to.

gitea-mirror

2026-05-05 08:42:02 -06:00

closed this issue
added the
information_old
label

gitea-mirror commented

2026-05-05 08:42:05 -06:00

Author

Owner

@smitsohu commented on GitHub (Feb 17, 2020):

whitelist ~/.config/qutebrowser
whitelist ~/code/dotfiles/qutebrowser

Doesn't that work (add to your existing profile)?

@smitsohu commented on GitHub (Feb 17, 2020): ``` whitelist ~/.config/qutebrowser whitelist ~/code/dotfiles/qutebrowser ``` Doesn't that work (add to your existing profile)?

gitea-mirror commented

2026-05-05 08:42:06 -06:00

Author

Owner

@aleprovencio commented on GitHub (Feb 17, 2020):

THANK YOU! I'm really ashamed it was that easy..

As I like to use the original profiles, using whitelist ${HOME}/code on a globals.local file, felt like a neat solution to this problem.

Maybe there's room for improvement on the docs on this or am I blind again?

@aleprovencio commented on GitHub (Feb 17, 2020): THANK YOU! I'm really ashamed it was that easy.. As I like to use the original profiles, using `whitelist ${HOME}/code` on a `globals.local` file, felt like a neat solution to this problem. Maybe there's room for improvement on the docs on this or am I blind again?

gitea-mirror commented

2026-05-05 08:42:07 -06:00

Author

Owner

@rusty-snake commented on GitHub (Feb 17, 2020):

As I like to use the original profiles, using whitelist ${HOME}/code on a globals.local file, felt like a neat solution to this problem.

This will break any non whitelisting profiles for you. You need to add it to all PROFILE.local files for whitelisting profiles.

@rusty-snake commented on GitHub (Feb 17, 2020): > As I like to use the original profiles, using `whitelist ${HOME}/code` on a `globals.local` file, felt like a neat solution to this problem. This will break any non whitelisting profiles for you. You need to add it to all PROFILE.local files for whitelisting profiles.

gitea-mirror commented

2026-05-05 08:42:08 -06:00

Author

Owner

@rusty-snake commented on GitHub (Feb 17, 2020):

Untested code snipped:

for file in /usr/local/bin/*; do
	if [ $(readlink $file) == "/usr/bin/firejail"]; then
		if grep --quite "^include whitelist-common.inc$" /etc/firejail/$(basename $file).profile; then
			echo "whitelist \${HOME}/code" >> ~/.config/firejail/$(basename $file).local
		fi
	fi
done

Does not work with profiles like firefox.profile because wc is in firefox-common.profile.

@rusty-snake commented on GitHub (Feb 17, 2020): **Untested** code snipped: ```bash for file in /usr/local/bin/*; do if [ $(readlink $file) == "/usr/bin/firejail"]; then if grep --quite "^include whitelist-common.inc$" /etc/firejail/$(basename $file).profile; then echo "whitelist \${HOME}/code" >> ~/.config/firejail/$(basename $file).local fi fi done ``` Does not work with profiles like firefox.profile because wc is in firefox-common.profile.

gitea-mirror commented

2026-05-05 08:42:09 -06:00

Author

Owner

@aleprovencio commented on GitHub (Feb 17, 2020):

Got it, thank you.

@aleprovencio commented on GitHub (Feb 17, 2020): Got it, thank you.

gitea-mirror commented

2026-05-05 08:42:10 -06:00

Author

Owner

@aleprovencio commented on GitHub (Feb 17, 2020):

@rusty-snake ,

This will break any non whitelisting profiles for you. You need to add it to all PROFILE.local files for whitelisting profiles.

In order to avoid this redundancy in more profiles, is it fine if I put it under whitelist-common.local?

@aleprovencio commented on GitHub (Feb 17, 2020): @rusty-snake , > This will break any non whitelisting profiles for you. You need to add it to all PROFILE.local files for whitelisting profiles. In order to avoid this redundancy in more profiles, is it fine if I put it under `whitelist-common.local`?

gitea-mirror commented

2026-05-05 08:42:10 -06:00

Author

Owner

@rusty-snake commented on GitHub (Feb 18, 2020):

@aleprovencio works too.

@rusty-snake commented on GitHub (Feb 18, 2020): @aleprovencio works too.

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2027

No description provided.

Rows
Columns