github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #4299] Improve dolphin (and pluggins and applications) startup from other applications (open directory containing file). #2616

New issue
Open
opened 2026-05-05 09:16:54 -06:00 by gitea-mirror · 3 comments
gitea-mirror commented 2026-05-05 09:16:54 -06:00
Owner
Copy link

Originally created by @13ilya-old on GitHub (May 23, 2021).
Original GitHub issue: https://github.com/netblue30/firejail/issues/4299

At first I just wanted to fix the opening of the directory with the downloaded file in firefox and telegram-desktop.
But then I noticed that dolphin also has other useful plugins/applications (kcheck, kfind, kate, kompare, kwrite) which also break launching from such, oddly running dolphin.
So I decided to immediately fix not only this problem but also deepen the integration of the most important applications launched from the KDE file manager as well as the console.

I seem to have added those files that should not give out any unwanted data.
For example I refrained from adding:

~/.abook
~/.bash_history
~/.dbus
~/.local/share/RecentDocuments
~/.local/share/recently-used.xbel

If you find any of the files I have added unnecessary or dangerous, I will be happy to discuss it.

From gtk/gnome, I moved the parameters to qt/kde, which, in spite of the name, belonged to qt/kde.

whitelist-common.inc-v2.patch.txt

whitelist-common.inc-v2.patch 

--- /home/ilya/.config/firejail/whitelist-common.inc.orig	2021-03-25 23:12:01.000000000 +0300
+++ /home/ilya/.config/firejail/whitelist-common.inc	2021-05-24 00:51:13.021092279 +0300
@@ -7,23 +7,47 @@ include whitelist-common.local
 whitelist ${HOME}/.XCompose
 whitelist ${HOME}/.alsaequal.bin
 whitelist ${HOME}/.asoundrc
+whitelist ${HOME}/.aspell.ru.prepl
+whitelist ${HOME}/.bashrc
+whitelist ${HOME}/.compose-cache
+whitelist ${HOME}/.config/git
+whitelist ${HOME}/.config/git-cola
 whitelist ${HOME}/.config/ibus
+whitelist ${HOME}/.config/mc
+whitelist ${HOME}/.config/menus
 whitelist ${HOME}/.config/mimeapps.list
 whitelist ${HOME}/.config/pkcs11
 read-only ${HOME}/.config/pkcs11
+read-only ${HOME}/.config/pulse
 whitelist ${HOME}/.config/user-dirs.dirs
 read-only ${HOME}/.config/user-dirs.dirs
 whitelist ${HOME}/.config/user-dirs.locale
 read-only ${HOME}/.config/user-dirs.locale
 whitelist ${HOME}/.drirc
+whitelist ${HOME}/.emacs
+whitelist ${HOME}/.gitconfig
+whitelist ${HOME}/.gnupg
 whitelist ${HOME}/.icons
 ?HAS_APPIMAGE: whitelist ${HOME}/.local/share/appimagekit
 whitelist ${HOME}/.local/share/applications
 read-only ${HOME}/.local/share/applications
+whitelist ${HOME}/.local/share/color-schemes
+whitelist ${HOME}/.local/share/desktop-directories
+read-only ${HOME}/.local/share/desktop-directories
 whitelist ${HOME}/.local/share/icons
+whitelist ${HOME}/.local/share/mc
 whitelist ${HOME}/.local/share/mime
+whitelist ${HOME}/.local/share/pixmaps
+whitelist ${HOME}/.local/share/user-places.xbel
+whitelist ${HOME}/.local/share/user-places.xbel.tbcache
 whitelist ${HOME}/.mime.types
+whitelist ${HOME}/.pki
+whitelist ${HOME}/.profile
+whitelist ${HOME}/.thumbnails
 whitelist ${HOME}/.uim.d
+whitelist ${HOME}/.viminfo
+whitelist ${HOME}/.wget-hsts
+whitelist ${HOME}/.xdg_menu_cache
 
 # dconf
 mkdir ${HOME}/.config/dconf
@@ -44,41 +68,158 @@ whitelist ${HOME}/.pangorc
 whitelist ${HOME}/.config/gtk-2.0
 whitelist ${HOME}/.config/gtk-3.0
 whitelist ${HOME}/.config/gtk-4.0
-whitelist ${HOME}/.config/gtkrc
-whitelist ${HOME}/.config/gtkrc-2.0
+whitelist ${HOME}/.gconf
 whitelist ${HOME}/.gnome2
 whitelist ${HOME}/.gnome2-private
 whitelist ${HOME}/.gtk-2.0
-whitelist ${HOME}/.gtkrc
-whitelist ${HOME}/.gtkrc-2.0
-whitelist ${HOME}/.kde/share/config/gtkrc
-whitelist ${HOME}/.kde/share/config/gtkrc-2.0
-whitelist ${HOME}/.kde4/share/config/gtkrc
-whitelist ${HOME}/.kde4/share/config/gtkrc-2.0
+whitelist ${HOME}/.gtk-bookmarks
 whitelist ${HOME}/.local/share/themes
 whitelist ${HOME}/.themes
 
 # qt/kde
-whitelist ${HOME}/.cache/kioexec/krun
+whitelist ${HOME}/.cache/icon-cache.kcache
+whitelist ${HOME}/.cache/kioexec
+whitelist ${HOME}/.config/KDE
 whitelist ${HOME}/.config/Kvantum
 whitelist ${HOME}/.config/Trolltech.conf
 whitelist ${HOME}/.config/QtProject.conf
+whitelist ${HOME}/.config/baloofileinformationrc
+whitelist ${HOME}/.config/baloofilerc
+whitelist ${HOME}/.config/dolphinrc
+whitelist ${HOME}/.config/gtk-qt-engine
+whitelist ${HOME}/.config/gtkrc
+whitelist ${HOME}/.config/gtkrc-2.0
+whitelist ${HOME}/.config/katemetainfos
+whitelist ${HOME}/.config/katemoderc
+whitelist ${HOME}/.config/katepartrc
+whitelist ${HOME}/.config/katerc
+whitelist ${HOME}/.config/kateschemarc
+whitelist ${HOME}/.config/katesyntaxhighlightingrc
+whitelist ${HOME}/.config/katevirc
+whitelist ${HOME}/.config/kcheckhash
+whitelist ${HOME}/.config/kde.org
 whitelist ${HOME}/.config/kdeglobals
+whitelist ${HOME}/.config/kfindrc
 whitelist ${HOME}/.config/kio_httprc
 whitelist ${HOME}/.config/kioslaverc
+whitelist ${HOME}/.config/komparerc
+whitelist ${HOME}/.config/konsolerc
+whitelist ${HOME}/.config/kservicemenurc
 whitelist ${HOME}/.config/ksslcablacklist
+whitelist ${HOME}/.config/kwriterc
 whitelist ${HOME}/.config/qt5ct
 whitelist ${HOME}/.config/qtcurve
+whitelist ${HOME}/.config/session
+whitelist ${HOME}/.config/soundkonverterrc
+whitelist ${HOME}/.gtkrc
+whitelist ${HOME}/.gtkrc-2.0
+whitelist ${HOME}/.gtkrc-2.0-kde4
+whitelist ${HOME}/.kde/cache-*
+whitelist ${HOME}/.kde/env
+whitelist ${HOME}/.kde/share/apps/QtCurve
+whitelist ${HOME}/.kde/share/apps/color-schemes
+whitelist ${HOME}/.kde/share/apps/dolphin
+whitelist ${HOME}/.kde/share/apps/dolphinpart
+whitelist ${HOME}/.kde/share/apps/dolphinui.rc
+whitelist ${HOME}/.kde/share/apps/katepart
+whitelist ${HOME}/.kde/share/apps/konsole
+whitelist ${HOME}/.kde/share/apps/soundkonverter
+whitelist ${HOME}/.kde/share/config/baloofileinformationrc
+whitelist ${HOME}/.kde/share/config/baloofilerc
+whitelist ${HOME}/.kde/share/config/baloorc
+whitelist ${HOME}/.kde/share/config/colors
+whitelist ${HOME}/.kde/share/config/dolphinrc
+whitelist ${HOME}/.kde/share/config/gtkrc
+whitelist ${HOME}/.kde/share/config/gtkrc-2.0
+whitelist ${HOME}/.kde/share/config/katepartpluginsrc
+whitelist ${HOME}/.kde/share/config/kateschemarc
+whitelist ${HOME}/.kde/share/config/katescriptingrc
+whitelist ${HOME}/.kde/share/config/katesyntaxhighlightingrc
 whitelist ${HOME}/.kde/share/config/kdeglobals
+whitelist ${HOME}/.kde/share/config/kderc
+whitelist ${HOME}/.kde/share/config/kfindrc
+whitelist ${HOME}/.kde/share/config/kio_filerc
 whitelist ${HOME}/.kde/share/config/kio_httprc
+whitelist ${HOME}/.kde/share/config/kio_trashrc
 whitelist ${HOME}/.kde/share/config/kioslaverc
+whitelist ${HOME}/.kde/share/config/knfsshare
+whitelist ${HOME}/.kde/share/config/komparerc
+whitelist ${HOME}/.kde/share/config/konsolerc
+whitelist ${HOME}/.kde/share/config/kresources
+whitelist ${HOME}/.kde/share/config/kservicemenurc
 whitelist ${HOME}/.kde/share/config/ksslcablacklist
+whitelist ${HOME}/.kde/share/config/ktimezonedrc
+whitelist ${HOME}/.kde/share/config/kwrited.notifyrc
+whitelist ${HOME}/.kde/share/config/kwriterc
 whitelist ${HOME}/.kde/share/config/oxygenrc
+whitelist ${HOME}/.kde/share/config/session
+whitelist ${HOME}/.kde/share/config/servicetype_profilerc
+whitelist ${HOME}/.kde/share/config/soundkonverterrc
+whitelist ${HOME}/.kde/share/config/system.kdeglobals
+whitelist ${HOME}/.kde/share/config/ui
+whitelist ${HOME}/.kde/share/kde4
 whitelist ${HOME}/.kde/share/icons
+whitelist ${HOME}/.kde/share/locale
+whitelist ${HOME}/.kde/share/pixmaps
+whitelist ${HOME}/.kde/socket-*
+whitelist ${HOME}/.kde/tmp-*
+whitelist ${HOME}/.kde4/cache-*
+whitelist ${HOME}/.kde4/env
+whitelist ${HOME}/.kde4/share/apps/QtCurve
+whitelist ${HOME}/.kde4/share/apps/color-schemes
+whitelist ${HOME}/.kde4/share/apps/dolphin
+whitelist ${HOME}/.kde4/share/apps/dolphinpart
+whitelist ${HOME}/.kde4/share/apps/dolphinui.rc
+whitelist ${HOME}/.kde4/share/apps/katepart
+whitelist ${HOME}/.kde4/share/apps/konsole
+whitelist ${HOME}/.kde4/share/apps/soundkonverter
+whitelist ${HOME}/.kde4/share/config/baloofileinformationrc
+whitelist ${HOME}/.kde4/share/config/baloofilerc
+whitelist ${HOME}/.kde4/share/config/baloorc
+whitelist ${HOME}/.kde4/share/config/colors
+whitelist ${HOME}/.kde4/share/config/dolphinrc
+whitelist ${HOME}/.kde4/share/config/gtkrc
+whitelist ${HOME}/.kde4/share/config/gtkrc-2.0
+whitelist ${HOME}/.kde4/share/config/katepartpluginsrc
+whitelist ${HOME}/.kde4/share/config/kateschemarc
+whitelist ${HOME}/.kde4/share/config/katescriptingrc
+whitelist ${HOME}/.kde4/share/config/katesyntaxhighlightingrc
 whitelist ${HOME}/.kde4/share/config/kdeglobals
+whitelist ${HOME}/.kde4/share/config/kderc
+whitelist ${HOME}/.kde4/share/config/kfindrc
+whitelist ${HOME}/.kde4/share/config/kio_filerc
 whitelist ${HOME}/.kde4/share/config/kio_httprc
+whitelist ${HOME}/.kde4/share/config/kio_trashrc
 whitelist ${HOME}/.kde4/share/config/kioslaverc
+whitelist ${HOME}/.kde4/share/config/knfsshare
+whitelist ${HOME}/.kde4/share/config/komparerc
+whitelist ${HOME}/.kde4/share/config/konsolerc
+whitelist ${HOME}/.kde4/share/config/kresources
+whitelist ${HOME}/.kde4/share/config/kservicemenurc
 whitelist ${HOME}/.kde4/share/config/ksslcablacklist
+whitelist ${HOME}/.kde4/share/config/ktimezonedrc
+whitelist ${HOME}/.kde4/share/config/kwrited.notifyrc
+whitelist ${HOME}/.kde4/share/config/kwriterc
 whitelist ${HOME}/.kde4/share/config/oxygenrc
+whitelist ${HOME}/.kde4/share/config/session
+whitelist ${HOME}/.kde4/share/config/servicetype_profilerc
+whitelist ${HOME}/.kde4/share/config/soundkonverterrc
+whitelist ${HOME}/.kde4/share/config/system.kdeglobals
+whitelist ${HOME}/.kde4/share/config/ui
+whitelist ${HOME}/.kde4/share/kde4
 whitelist ${HOME}/.kde4/share/icons
+whitelist ${HOME}/.kde4/share/locale
+whitelist ${HOME}/.kde4/share/pixmaps
+whitelist ${HOME}/.kde4/socket-*
+whitelist ${HOME}/.kde4/tmp-*
+whitelist ${HOME}/.kderc
+whitelist ${HOME}/.local/share/QtCurve
+whitelist ${HOME}/.local/share/baloo
+whitelist ${HOME}/.local/share/dolphin
+whitelist ${HOME}/.local/share/kate
+whitelist ${HOME}/.local/share/konsole
+whitelist ${HOME}/.local/share/kservices5
+whitelist ${HOME}/.local/share/kxmlgui5
 whitelist ${HOME}/.local/share/qt5ct
+whitelist ${HOME}/.local/share/org.kde.syntax-highlighting
+whitelist ${HOME}/.local/share/soundkonverter

whitelist-usr-share-common.inc-v2.patch.txt

whitelist-usr-share-common.inc-v2.patch 

--- /home/ilya/.config/firejail/whitelist-usr-share-common.inc.orig	2021-03-25 23:12:01.000000000 +0300
+++ /home/ilya/.config/firejail/whitelist-usr-share-common.inc	2021-05-23 22:38:00.810906614 +0300
@@ -4,44 +4,86 @@ include whitelist-usr-share-common.local
 
 # common /usr/share whitelist for all profiles
 
+whitelist /usr/share/accounts
+whitelist /usr/share/aclocal
 whitelist /usr/share/alsa
+whitelist /usr/share/apparmor
+whitelist /usr/share/appdata
 whitelist /usr/share/applications
+whitelist /usr/share/awk
+whitelist /usr/share/bash
+whitelist /usr/share/bash-completion
 whitelist /usr/share/ca-certificates
 whitelist /usr/share/crypto-policies
 whitelist /usr/share/cursors
+whitelist /usr/share/dbus-1
 whitelist /usr/share/dconf
+whitelist /usr/share/defaults
+whitelist /usr/share/desktop-directories
+whitelist /usr/share/dict
 whitelist /usr/share/distro-info
+whitelist /usr/share/doc
 whitelist /usr/share/drirc.d
+whitelist /usr/share/emacs
+whitelist /usr/share/emoticons
 whitelist /usr/share/enchant
 whitelist /usr/share/enchant-2
+whitelist /usr/share/espeak-data
+whitelist /usr/share/ffmpeg
 whitelist /usr/share/file
 whitelist /usr/share/fontconfig
 whitelist /usr/share/fonts
 whitelist /usr/share/fonts-config
+whitelist /usr/share/games
+whitelist /usr/share/GConf
+whitelist /usr/share/gettext
+whitelist /usr/share/gettext-0.21
 whitelist /usr/share/gir-1.0
 whitelist /usr/share/gjs-1.0
 whitelist /usr/share/glib-2.0
 whitelist /usr/share/glvnd
+whitelist /usr/share/gnome-background-properties
+whitelist /usr/share/gnome-control-center
+whitelist /usr/share/gnome-shell
+whitelist /usr/share/gnupg
 whitelist /usr/share/gtk-2.0
 whitelist /usr/share/gtk-3.0
+whitelist /usr/share/gtk-doc
 whitelist /usr/share/gtk-engines
 whitelist /usr/share/gtksourceview-3.0
 whitelist /usr/share/gtksourceview-4
+whitelist /usr/share/help
 whitelist /usr/share/hunspell
 whitelist /usr/share/hwdata
+whitelist /usr/share/hwinfo
 whitelist /usr/share/icons
 whitelist /usr/share/icu
+whitelist /usr/share/info
+whitelist /usr/share/katepart5
+whitelist /usr/share/kbd
+whitelist /usr/share/kde4
+whitelist /usr/share/kf5
 whitelist /usr/share/knotifications5
 whitelist /usr/share/kservices5
+whitelist /usr/share/kservicetypes5
+whitelist /usr/share/kstyle
 whitelist /usr/share/Kvantum
 whitelist /usr/share/kxmlgui5
 whitelist /usr/share/libdrm
 whitelist /usr/share/libthai
+whitelist /usr/share/licenses
 whitelist /usr/share/locale
+whitelist /usr/share/locale-bundle
+whitelist /usr/share/locale-langpack
+whitelist /usr/share/man
+whitelist /usr/share/mc
+whitelist /usr/share/menu
 whitelist /usr/share/mime
 whitelist /usr/share/misc
 whitelist /usr/share/Modules
+whitelist /usr/share/modules
 whitelist /usr/share/myspell
+whitelist /usr/share/nano
 whitelist /usr/share/p11-kit
 whitelist /usr/share/perl
 whitelist /usr/share/perl5
@@ -49,11 +91,15 @@ whitelist /usr/share/pixmaps
 whitelist /usr/share/pki
 whitelist /usr/share/plasma
 whitelist /usr/share/publicsuffix
+whitelist /usr/share/pulseaudio
+whitelist /usr/share/qlogging-categories5
 whitelist /usr/share/qt
 whitelist /usr/share/qt4
 whitelist /usr/share/qt5
 whitelist /usr/share/qt5ct
+whitelist /usr/share/soundkonverter
 whitelist /usr/share/sounds
+whitelist /usr/share/spec-cleaner
 whitelist /usr/share/tcl8.6
 whitelist /usr/share/tcltk
 whitelist /usr/share/terminfo
@@ -61,8 +107,11 @@ whitelist /usr/share/texlive
 whitelist /usr/share/texmf
 whitelist /usr/share/themes
 whitelist /usr/share/thumbnail.so
+whitelist /usr/share/vim
 whitelist /usr/share/vulkan
 whitelist /usr/share/X11
 whitelist /usr/share/xml
 whitelist /usr/share/zenity
 whitelist /usr/share/zoneinfo
+whitelist /usr/share/zypp
+whitelist /usr/share/zypper

Originally created by @13ilya-old on GitHub (May 23, 2021). Original GitHub issue: https://github.com/netblue30/firejail/issues/4299 At first I just wanted to fix the opening of the directory with the downloaded file in firefox and telegram-desktop. But then I noticed that dolphin also has other useful plugins/applications (kcheck, kfind, kate, kompare, kwrite) which also break launching from such, oddly running dolphin. So I decided to immediately fix not only this problem but also deepen the integration of the most important applications launched from the KDE file manager as well as the console. I seem to have added those files that should not give out any unwanted data. For example I refrained from adding: ``` ~/.abook ~/.bash_history ~/.dbus ~/.local/share/RecentDocuments ~/.local/share/recently-used.xbel ``` If you find any of the files I have added unnecessary or dangerous, I will be happy to discuss it. From gtk/gnome, I moved the parameters to qt/kde, which, in spite of the name, belonged to qt/kde. [whitelist-common.inc-v2.patch.txt](https://github.com/netblue30/firejail/files/6528973/whitelist-common.inc-v2.patch.txt) <details> <summary>whitelist-common.inc-v2.patch</summary> <p> ```diff --- /home/ilya/.config/firejail/whitelist-common.inc.orig 2021-03-25 23:12:01.000000000 +0300 +++ /home/ilya/.config/firejail/whitelist-common.inc 2021-05-24 00:51:13.021092279 +0300 @@ -7,23 +7,47 @@ include whitelist-common.local whitelist ${HOME}/.XCompose whitelist ${HOME}/.alsaequal.bin whitelist ${HOME}/.asoundrc +whitelist ${HOME}/.aspell.ru.prepl +whitelist ${HOME}/.bashrc +whitelist ${HOME}/.compose-cache +whitelist ${HOME}/.config/git +whitelist ${HOME}/.config/git-cola whitelist ${HOME}/.config/ibus +whitelist ${HOME}/.config/mc +whitelist ${HOME}/.config/menus whitelist ${HOME}/.config/mimeapps.list whitelist ${HOME}/.config/pkcs11 read-only ${HOME}/.config/pkcs11 +read-only ${HOME}/.config/pulse whitelist ${HOME}/.config/user-dirs.dirs read-only ${HOME}/.config/user-dirs.dirs whitelist ${HOME}/.config/user-dirs.locale read-only ${HOME}/.config/user-dirs.locale whitelist ${HOME}/.drirc +whitelist ${HOME}/.emacs +whitelist ${HOME}/.gitconfig +whitelist ${HOME}/.gnupg whitelist ${HOME}/.icons ?HAS_APPIMAGE: whitelist ${HOME}/.local/share/appimagekit whitelist ${HOME}/.local/share/applications read-only ${HOME}/.local/share/applications +whitelist ${HOME}/.local/share/color-schemes +whitelist ${HOME}/.local/share/desktop-directories +read-only ${HOME}/.local/share/desktop-directories whitelist ${HOME}/.local/share/icons +whitelist ${HOME}/.local/share/mc whitelist ${HOME}/.local/share/mime +whitelist ${HOME}/.local/share/pixmaps +whitelist ${HOME}/.local/share/user-places.xbel +whitelist ${HOME}/.local/share/user-places.xbel.tbcache whitelist ${HOME}/.mime.types +whitelist ${HOME}/.pki +whitelist ${HOME}/.profile +whitelist ${HOME}/.thumbnails whitelist ${HOME}/.uim.d +whitelist ${HOME}/.viminfo +whitelist ${HOME}/.wget-hsts +whitelist ${HOME}/.xdg_menu_cache # dconf mkdir ${HOME}/.config/dconf @@ -44,41 +68,158 @@ whitelist ${HOME}/.pangorc whitelist ${HOME}/.config/gtk-2.0 whitelist ${HOME}/.config/gtk-3.0 whitelist ${HOME}/.config/gtk-4.0 -whitelist ${HOME}/.config/gtkrc -whitelist ${HOME}/.config/gtkrc-2.0 +whitelist ${HOME}/.gconf whitelist ${HOME}/.gnome2 whitelist ${HOME}/.gnome2-private whitelist ${HOME}/.gtk-2.0 -whitelist ${HOME}/.gtkrc -whitelist ${HOME}/.gtkrc-2.0 -whitelist ${HOME}/.kde/share/config/gtkrc -whitelist ${HOME}/.kde/share/config/gtkrc-2.0 -whitelist ${HOME}/.kde4/share/config/gtkrc -whitelist ${HOME}/.kde4/share/config/gtkrc-2.0 +whitelist ${HOME}/.gtk-bookmarks whitelist ${HOME}/.local/share/themes whitelist ${HOME}/.themes # qt/kde -whitelist ${HOME}/.cache/kioexec/krun +whitelist ${HOME}/.cache/icon-cache.kcache +whitelist ${HOME}/.cache/kioexec +whitelist ${HOME}/.config/KDE whitelist ${HOME}/.config/Kvantum whitelist ${HOME}/.config/Trolltech.conf whitelist ${HOME}/.config/QtProject.conf +whitelist ${HOME}/.config/baloofileinformationrc +whitelist ${HOME}/.config/baloofilerc +whitelist ${HOME}/.config/dolphinrc +whitelist ${HOME}/.config/gtk-qt-engine +whitelist ${HOME}/.config/gtkrc +whitelist ${HOME}/.config/gtkrc-2.0 +whitelist ${HOME}/.config/katemetainfos +whitelist ${HOME}/.config/katemoderc +whitelist ${HOME}/.config/katepartrc +whitelist ${HOME}/.config/katerc +whitelist ${HOME}/.config/kateschemarc +whitelist ${HOME}/.config/katesyntaxhighlightingrc +whitelist ${HOME}/.config/katevirc +whitelist ${HOME}/.config/kcheckhash +whitelist ${HOME}/.config/kde.org whitelist ${HOME}/.config/kdeglobals +whitelist ${HOME}/.config/kfindrc whitelist ${HOME}/.config/kio_httprc whitelist ${HOME}/.config/kioslaverc +whitelist ${HOME}/.config/komparerc +whitelist ${HOME}/.config/konsolerc +whitelist ${HOME}/.config/kservicemenurc whitelist ${HOME}/.config/ksslcablacklist +whitelist ${HOME}/.config/kwriterc whitelist ${HOME}/.config/qt5ct whitelist ${HOME}/.config/qtcurve +whitelist ${HOME}/.config/session +whitelist ${HOME}/.config/soundkonverterrc +whitelist ${HOME}/.gtkrc +whitelist ${HOME}/.gtkrc-2.0 +whitelist ${HOME}/.gtkrc-2.0-kde4 +whitelist ${HOME}/.kde/cache-* +whitelist ${HOME}/.kde/env +whitelist ${HOME}/.kde/share/apps/QtCurve +whitelist ${HOME}/.kde/share/apps/color-schemes +whitelist ${HOME}/.kde/share/apps/dolphin +whitelist ${HOME}/.kde/share/apps/dolphinpart +whitelist ${HOME}/.kde/share/apps/dolphinui.rc +whitelist ${HOME}/.kde/share/apps/katepart +whitelist ${HOME}/.kde/share/apps/konsole +whitelist ${HOME}/.kde/share/apps/soundkonverter +whitelist ${HOME}/.kde/share/config/baloofileinformationrc +whitelist ${HOME}/.kde/share/config/baloofilerc +whitelist ${HOME}/.kde/share/config/baloorc +whitelist ${HOME}/.kde/share/config/colors +whitelist ${HOME}/.kde/share/config/dolphinrc +whitelist ${HOME}/.kde/share/config/gtkrc +whitelist ${HOME}/.kde/share/config/gtkrc-2.0 +whitelist ${HOME}/.kde/share/config/katepartpluginsrc +whitelist ${HOME}/.kde/share/config/kateschemarc +whitelist ${HOME}/.kde/share/config/katescriptingrc +whitelist ${HOME}/.kde/share/config/katesyntaxhighlightingrc whitelist ${HOME}/.kde/share/config/kdeglobals +whitelist ${HOME}/.kde/share/config/kderc +whitelist ${HOME}/.kde/share/config/kfindrc +whitelist ${HOME}/.kde/share/config/kio_filerc whitelist ${HOME}/.kde/share/config/kio_httprc +whitelist ${HOME}/.kde/share/config/kio_trashrc whitelist ${HOME}/.kde/share/config/kioslaverc +whitelist ${HOME}/.kde/share/config/knfsshare +whitelist ${HOME}/.kde/share/config/komparerc +whitelist ${HOME}/.kde/share/config/konsolerc +whitelist ${HOME}/.kde/share/config/kresources +whitelist ${HOME}/.kde/share/config/kservicemenurc whitelist ${HOME}/.kde/share/config/ksslcablacklist +whitelist ${HOME}/.kde/share/config/ktimezonedrc +whitelist ${HOME}/.kde/share/config/kwrited.notifyrc +whitelist ${HOME}/.kde/share/config/kwriterc whitelist ${HOME}/.kde/share/config/oxygenrc +whitelist ${HOME}/.kde/share/config/session +whitelist ${HOME}/.kde/share/config/servicetype_profilerc +whitelist ${HOME}/.kde/share/config/soundkonverterrc +whitelist ${HOME}/.kde/share/config/system.kdeglobals +whitelist ${HOME}/.kde/share/config/ui +whitelist ${HOME}/.kde/share/kde4 whitelist ${HOME}/.kde/share/icons +whitelist ${HOME}/.kde/share/locale +whitelist ${HOME}/.kde/share/pixmaps +whitelist ${HOME}/.kde/socket-* +whitelist ${HOME}/.kde/tmp-* +whitelist ${HOME}/.kde4/cache-* +whitelist ${HOME}/.kde4/env +whitelist ${HOME}/.kde4/share/apps/QtCurve +whitelist ${HOME}/.kde4/share/apps/color-schemes +whitelist ${HOME}/.kde4/share/apps/dolphin +whitelist ${HOME}/.kde4/share/apps/dolphinpart +whitelist ${HOME}/.kde4/share/apps/dolphinui.rc +whitelist ${HOME}/.kde4/share/apps/katepart +whitelist ${HOME}/.kde4/share/apps/konsole +whitelist ${HOME}/.kde4/share/apps/soundkonverter +whitelist ${HOME}/.kde4/share/config/baloofileinformationrc +whitelist ${HOME}/.kde4/share/config/baloofilerc +whitelist ${HOME}/.kde4/share/config/baloorc +whitelist ${HOME}/.kde4/share/config/colors +whitelist ${HOME}/.kde4/share/config/dolphinrc +whitelist ${HOME}/.kde4/share/config/gtkrc +whitelist ${HOME}/.kde4/share/config/gtkrc-2.0 +whitelist ${HOME}/.kde4/share/config/katepartpluginsrc +whitelist ${HOME}/.kde4/share/config/kateschemarc +whitelist ${HOME}/.kde4/share/config/katescriptingrc +whitelist ${HOME}/.kde4/share/config/katesyntaxhighlightingrc whitelist ${HOME}/.kde4/share/config/kdeglobals +whitelist ${HOME}/.kde4/share/config/kderc +whitelist ${HOME}/.kde4/share/config/kfindrc +whitelist ${HOME}/.kde4/share/config/kio_filerc whitelist ${HOME}/.kde4/share/config/kio_httprc +whitelist ${HOME}/.kde4/share/config/kio_trashrc whitelist ${HOME}/.kde4/share/config/kioslaverc +whitelist ${HOME}/.kde4/share/config/knfsshare +whitelist ${HOME}/.kde4/share/config/komparerc +whitelist ${HOME}/.kde4/share/config/konsolerc +whitelist ${HOME}/.kde4/share/config/kresources +whitelist ${HOME}/.kde4/share/config/kservicemenurc whitelist ${HOME}/.kde4/share/config/ksslcablacklist +whitelist ${HOME}/.kde4/share/config/ktimezonedrc +whitelist ${HOME}/.kde4/share/config/kwrited.notifyrc +whitelist ${HOME}/.kde4/share/config/kwriterc whitelist ${HOME}/.kde4/share/config/oxygenrc +whitelist ${HOME}/.kde4/share/config/session +whitelist ${HOME}/.kde4/share/config/servicetype_profilerc +whitelist ${HOME}/.kde4/share/config/soundkonverterrc +whitelist ${HOME}/.kde4/share/config/system.kdeglobals +whitelist ${HOME}/.kde4/share/config/ui +whitelist ${HOME}/.kde4/share/kde4 whitelist ${HOME}/.kde4/share/icons +whitelist ${HOME}/.kde4/share/locale +whitelist ${HOME}/.kde4/share/pixmaps +whitelist ${HOME}/.kde4/socket-* +whitelist ${HOME}/.kde4/tmp-* +whitelist ${HOME}/.kderc +whitelist ${HOME}/.local/share/QtCurve +whitelist ${HOME}/.local/share/baloo +whitelist ${HOME}/.local/share/dolphin +whitelist ${HOME}/.local/share/kate +whitelist ${HOME}/.local/share/konsole +whitelist ${HOME}/.local/share/kservices5 +whitelist ${HOME}/.local/share/kxmlgui5 whitelist ${HOME}/.local/share/qt5ct +whitelist ${HOME}/.local/share/org.kde.syntax-highlighting +whitelist ${HOME}/.local/share/soundkonverter ``` </p> </details> [whitelist-usr-share-common.inc-v2.patch.txt](https://github.com/netblue30/firejail/files/6528974/whitelist-usr-share-common.inc-v2.patch.txt) <details> <summary>whitelist-usr-share-common.inc-v2.patch</summary> <p> ```diff --- /home/ilya/.config/firejail/whitelist-usr-share-common.inc.orig 2021-03-25 23:12:01.000000000 +0300 +++ /home/ilya/.config/firejail/whitelist-usr-share-common.inc 2021-05-23 22:38:00.810906614 +0300 @@ -4,44 +4,86 @@ include whitelist-usr-share-common.local # common /usr/share whitelist for all profiles +whitelist /usr/share/accounts +whitelist /usr/share/aclocal whitelist /usr/share/alsa +whitelist /usr/share/apparmor +whitelist /usr/share/appdata whitelist /usr/share/applications +whitelist /usr/share/awk +whitelist /usr/share/bash +whitelist /usr/share/bash-completion whitelist /usr/share/ca-certificates whitelist /usr/share/crypto-policies whitelist /usr/share/cursors +whitelist /usr/share/dbus-1 whitelist /usr/share/dconf +whitelist /usr/share/defaults +whitelist /usr/share/desktop-directories +whitelist /usr/share/dict whitelist /usr/share/distro-info +whitelist /usr/share/doc whitelist /usr/share/drirc.d +whitelist /usr/share/emacs +whitelist /usr/share/emoticons whitelist /usr/share/enchant whitelist /usr/share/enchant-2 +whitelist /usr/share/espeak-data +whitelist /usr/share/ffmpeg whitelist /usr/share/file whitelist /usr/share/fontconfig whitelist /usr/share/fonts whitelist /usr/share/fonts-config +whitelist /usr/share/games +whitelist /usr/share/GConf +whitelist /usr/share/gettext +whitelist /usr/share/gettext-0.21 whitelist /usr/share/gir-1.0 whitelist /usr/share/gjs-1.0 whitelist /usr/share/glib-2.0 whitelist /usr/share/glvnd +whitelist /usr/share/gnome-background-properties +whitelist /usr/share/gnome-control-center +whitelist /usr/share/gnome-shell +whitelist /usr/share/gnupg whitelist /usr/share/gtk-2.0 whitelist /usr/share/gtk-3.0 +whitelist /usr/share/gtk-doc whitelist /usr/share/gtk-engines whitelist /usr/share/gtksourceview-3.0 whitelist /usr/share/gtksourceview-4 +whitelist /usr/share/help whitelist /usr/share/hunspell whitelist /usr/share/hwdata +whitelist /usr/share/hwinfo whitelist /usr/share/icons whitelist /usr/share/icu +whitelist /usr/share/info +whitelist /usr/share/katepart5 +whitelist /usr/share/kbd +whitelist /usr/share/kde4 +whitelist /usr/share/kf5 whitelist /usr/share/knotifications5 whitelist /usr/share/kservices5 +whitelist /usr/share/kservicetypes5 +whitelist /usr/share/kstyle whitelist /usr/share/Kvantum whitelist /usr/share/kxmlgui5 whitelist /usr/share/libdrm whitelist /usr/share/libthai +whitelist /usr/share/licenses whitelist /usr/share/locale +whitelist /usr/share/locale-bundle +whitelist /usr/share/locale-langpack +whitelist /usr/share/man +whitelist /usr/share/mc +whitelist /usr/share/menu whitelist /usr/share/mime whitelist /usr/share/misc whitelist /usr/share/Modules +whitelist /usr/share/modules whitelist /usr/share/myspell +whitelist /usr/share/nano whitelist /usr/share/p11-kit whitelist /usr/share/perl whitelist /usr/share/perl5 @@ -49,11 +91,15 @@ whitelist /usr/share/pixmaps whitelist /usr/share/pki whitelist /usr/share/plasma whitelist /usr/share/publicsuffix +whitelist /usr/share/pulseaudio +whitelist /usr/share/qlogging-categories5 whitelist /usr/share/qt whitelist /usr/share/qt4 whitelist /usr/share/qt5 whitelist /usr/share/qt5ct +whitelist /usr/share/soundkonverter whitelist /usr/share/sounds +whitelist /usr/share/spec-cleaner whitelist /usr/share/tcl8.6 whitelist /usr/share/tcltk whitelist /usr/share/terminfo @@ -61,8 +107,11 @@ whitelist /usr/share/texlive whitelist /usr/share/texmf whitelist /usr/share/themes whitelist /usr/share/thumbnail.so +whitelist /usr/share/vim whitelist /usr/share/vulkan whitelist /usr/share/X11 whitelist /usr/share/xml whitelist /usr/share/zenity whitelist /usr/share/zoneinfo +whitelist /usr/share/zypp +whitelist /usr/share/zypper ``` </p> </details>
gitea-mirror added the
bug
firecfg
 labels 2026-05-05 09:16:54 -06:00
gitea-mirror commented 2026-05-05 09:16:55 -06:00
Author
Owner
Copy link

@netblue30 commented on GitHub (May 26, 2021):

I think you have dolphin sandboxed by default by firejail (via "sudo firecfg"). If you do a "ls -l /usr/local/bin", do you have a symbolic link to firejail for dolphin? If you have it, remove it (sudo rm /usr/local/bin/dolphin) and logout and login again. This is a bug on our side, file managers should not be sandboxed by default!

I've just put a fix for firecfg in 12d1de4845

<!-- gh-comment-id:848911354 --> @netblue30 commented on GitHub (May 26, 2021): I think you have dolphin sandboxed by default by firejail (via "sudo firecfg"). If you do a "ls -l /usr/local/bin", do you have a symbolic link to firejail for dolphin? If you have it, remove it (sudo rm /usr/local/bin/dolphin) and logout and login again. This is a bug on our side, file managers should not be sandboxed by default! I've just put a fix for firecfg in https://github.com/netblue30/firejail/commit/12d1de484556f397997f61a24ab7b1f2ef0ed9a6
gitea-mirror commented 2026-05-05 09:16:56 -06:00
Author
Owner
Copy link

@13ilya-old commented on GitHub (May 26, 2021):

I have Dolphin without a sandbox.
The problem occurs, for example in firefox, when I click "open file directory" in the download manager.
Firefox (and probably other browsers and instant messengers that support file transfers and downloads), when open in the sandbox, open dolphin as if inside its sandbox.

<!-- gh-comment-id:848926403 --> @13ilya-old commented on GitHub (May 26, 2021): I have Dolphin without a sandbox. The problem occurs, for example in firefox, when I click "open file directory" in the download manager. Firefox (and probably other browsers and instant messengers that support file transfers and downloads), when open in the sandbox, open dolphin as if inside its sandbox.
gitea-mirror commented 2026-05-05 09:16:56 -06:00
Author
Owner
Copy link

@rusty-snake commented on GitHub (Aug 4, 2021):

Do we want to close here?

<!-- gh-comment-id:892579270 --> @rusty-snake commented on GitHub (Aug 4, 2021): Do we want to close here?
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2616
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?