github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #3753] [Feature] different profiles/behavior per user? #2366

New issue

Closed

opened 2026-05-05 09:02:59 -06:00 by gitea-mirror · 3 comments

gitea-mirror commented

2026-05-05 09:02:59 -06:00

Owner

Originally created by @hlein on GitHub (Nov 14, 2020).
Original GitHub issue: https://github.com/netblue30/firejail/issues/3753

This is a request for advice that might turn into a feature request. I'm probably not the first to ask, but I couldn't find a previous discussion on this.

I would like firejail to behave differently for different users. Does the profile syntax have support for testing the current user or group memberships, and enabling/disabling things based on that? If not, what would be some options to accomplish that, and/or features that would need to be added to firejail?

For instance, on Gentoo, builds are done as user portage. In order for that to work, it needs various things that other system users (including myself!) do not need, such as, wget needs to be able to write to /var/cache/distfiles/, pass ridiculously large environment variables (which currently requires changing firejail.h and recompiling, but that's another matter ;), and a few other things I'm still discovering. Meanwhile, users that run certain services could have their profiles restricted still further. On some multiuser systems, I might want to restrict some regular users more than others, etc.

I see /etc/firejail/login.users, that's not what I'm after, but I suppose something similar that applied extra or alternate profile-files any time a named user ran a program via firejail might do it.

I can see some workarounds with alternate paths for firejail symlinks (created by firecfg --bindir or similar), that get added to different users' PATHs based on dotfiles, etc., and/or multiple compiled copies of firejail that look in different /etc/firejail/*/ subdirs, but that'd be pretty messy and require custom upkeep.

Originally created by @hlein on GitHub (Nov 14, 2020). Original GitHub issue: https://github.com/netblue30/firejail/issues/3753 This is a request for advice that might turn into a feature request. I'm probably not the first to ask, but I couldn't find a previous discussion on this. I would like firejail to behave differently for different users. Does the profile syntax have support for testing the current user or group memberships, and enabling/disabling things based on that? If not, what would be some options to accomplish that, and/or features that would need to be added to firejail? For instance, on Gentoo, builds are done as user portage. In order for that to work, it needs various things that other system users (including myself!) do not need, such as, `wget` needs to be able to write to `/var/cache/distfiles/`, pass ridiculously large environment variables (which currently requires changing `firejail.h` and recompiling, but that's another matter ;), and a few other things I'm still discovering. Meanwhile, users that run certain services could have their profiles restricted still further. On some multiuser systems, I might want to restrict some regular users more than others, etc. I see `/etc/firejail/login.users`, that's not what I'm after, but I suppose something similar that applied extra or alternate profile-files any time a named user ran a program via firejail might do it. I can see some workarounds with alternate paths for firejail symlinks (created by `firecfg --bindir` or similar), that get added to different users' PATHs based on dotfiles, etc., and/or multiple compiled copies of firejail that look in different `/etc/firejail/*/` subdirs, but that'd be pretty messy and require custom upkeep.

gitea-mirror closed this issue

2026-05-05 09:03:00 -06:00

gitea-mirror commented

2026-05-05 09:03:01 -06:00

Author

Owner

@rusty-snake commented on GitHub (Nov 14, 2020):

You can create profile overrides or add profiles to $HOME/.config/firejail.

@rusty-snake commented on GitHub (Nov 14, 2020): You can create profile overrides or add profiles to `$HOME/.config/firejail`.

gitea-mirror commented

2026-05-05 09:03:02 -06:00

Author

Owner

@hlein commented on GitHub (Nov 14, 2020):

You can create profile overrides or add profiles to $HOME/.config/firejail.

Duh, good call, that's a good start anyway; will be back if I run into things it isn't sufficient for.

@hlein commented on GitHub (Nov 14, 2020): > You can create profile overrides or add profiles to `$HOME/.config/firejail`. Duh, good call, that's a good start anyway; will be back if I run into things it isn't sufficient for.

gitea-mirror commented

2026-05-05 09:03:04 -06:00

Author

Owner

@rusty-snake commented on GitHub (Jan 4, 2021):

I'm closing here due to inactivity, please fell free to request to reopen if you have more questions.

@rusty-snake commented on GitHub (Jan 4, 2021): I'm closing here due to inactivity, please fell free to request to reopen if you have more questions.

gitea-mirror referenced this issue

2026-05-05 10:17:05 -06:00

[PR #2366] [CLOSED] add nyx, crow, fix g earth pro #4277

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2366

No description provided.

Rows
Columns