[GH-ISSUE #5568] Potentially broken chaining in electron redirect profiles #3032

New issue

Closed

opened 2026-05-05 09:40:49 -06:00 by gitea-mirror · 0 comments

gitea-mirror commented

2026-05-05 09:40:49 -06:00

Owner

Originally created by @ghost on GitHub (Jan 4, 2023).
Original GitHub issue: https://github.com/netblue30/firejail/issues/5568

During review of #5563 there was a suggestion raised about this comment in our electron.profile:

9cfd0921fd/etc/profile-a-l/electron.profile (L25-L26)

IMO this is quite confusing for users. When they follow the instruction to the letter, and add include chromium-common-hardened.inc.profile to their chromium-common.local, this does absolutely NOTHING for their electron-based applications. Because chromium-common.profile is nowhere included in the electron profile chain, neither will any local override carrying that name.

Due to the considerable hardening offered via chromium-common-hardened.inc.profile I think we should de-confuse this unfortunate situation. Perhaps an explicit mention of this potential problem in the release notes could attract the attention of our users.

At the time of writing this affects 28 profiles that could benefit from changing the comment and creating an electron-hardenend.inc.profile alias:

1password.profile
atom.profile
beaker.profile
bitwarden.profile
code.profile
discord-common.profile
electron-mail.profile
freetube.profile
github-desktop.profile
jitsi-meet-desktop.profile
mattermost-desktop.profile
notable.profile
nuclear.profile
riot-web.profile
rocketchat.profile
signal-desktop.profile
skypeforlinux.profile
slack.profile
teams-for-linux.profile
teams.profile
tutanota-desktop.profile
twitch.profile
whalebird.profile
wire-desktop.profile
youtubemusic-nativefier.profile
youtube.profile
ytmdesktop.profile
zoom.profile

Relates to:

#3807

Originally created by @ghost on GitHub (Jan 4, 2023). Original GitHub issue: https://github.com/netblue30/firejail/issues/5568 During review of #5563 there was a [suggestion](https://github.com/netblue30/firejail/pull/5563#pullrequestreview-1234814718) raised about this comment in our electron.profile: https://github.com/netblue30/firejail/blob/9cfd0921fd41dbda35eecad73d53984372078142/etc/profile-a-l/electron.profile#L25-L26 IMO this is quite confusing for users. When they follow the instruction to the letter, and add `include chromium-common-hardened.inc.profile` to their `chromium-common.local`, this does absolutely NOTHING for their electron-based applications. Because `chromium-common.profile` is nowhere included in the electron profile chain, neither will any local override carrying that name. Due to the considerable hardening offered via chromium-common-hardened.inc.profile I think we should de-confuse this unfortunate situation. Perhaps an explicit mention of this potential problem in the release notes could attract the attention of our users. At the time of writing this affects 28 profiles that could benefit from changing the comment and creating an electron-hardenend.inc.profile alias: ``` 1password.profile atom.profile beaker.profile bitwarden.profile code.profile discord-common.profile electron-mail.profile freetube.profile github-desktop.profile jitsi-meet-desktop.profile mattermost-desktop.profile notable.profile nuclear.profile riot-web.profile rocketchat.profile signal-desktop.profile skypeforlinux.profile slack.profile teams-for-linux.profile teams.profile tutanota-desktop.profile twitch.profile whalebird.profile wire-desktop.profile youtubemusic-nativefier.profile youtube.profile ytmdesktop.profile zoom.profile ``` Relates to: * #3807