[GH-ISSUE #6831] Allow interpolation in env values: `env XDG_CACHE_HOME=${HOME}/.cache-firejail` #3390

New issue

Open

opened 2026-05-05 09:57:39 -06:00 by gitea-mirror · 0 comments

gitea-mirror commented

2026-05-05 09:57:39 -06:00

Owner

Originally created by @powerman on GitHub (Jul 16, 2025).
Original GitHub issue: https://github.com/netblue30/firejail/issues/6831

I'd like to deny access to data in ~/.cache from a sandbox, but I still wanna use persistent cache (not tmpfs) in that sandbox.
I've tried to use env XDG_CACHE_HOME=${HOME}/.cache-firejail but looks like there is no ${HOME} interpolation for env directive.

Another related issue - I'd like to use current firejail ${PROFILE} name in some other places, e.g.:

# Persistent local customizations
include ${PROFILE}.local

mkdir ${HOME}/.cache-${PROFILE}
mkfile ${HOME}/.viminfo-${PROFILE}
whitelist ${HOME}/.cache-${PROFILE}
whitelist ${HOME}/.viminfo-${PROFILE}

env NVIM_APPNAME=nvim-${PROFILE}

Describe the solution you'd like

Allow interpolation for existing vars (maybe except ${PATH} because it's a bit magical, while all others are just constant strings).
Add ${PROFILE} var with current profile name (name of first loaded profile file without .profile extension).

Describe alternatives you've considered

I've to run firejail --profile=example --env=XDG_CACHE_HOME="${HOME}/.cache-example" … plus hardcode profile's name inside example.profile several times.

Environment

Name/version/arch of the Linux kernel (uname -srm): Linux 6.12.31-gentoo x86_64
Name/version of the Linux distribution (e.g. "Ubuntu 20.04" or "Arch Linux"): Gentoo Linux
Version of Firejail (firejail --version): firejail version 0.9.74

Compile time support:
- always force nonewprivs support is disabled
- AppArmor support is disabled
- AppImage support is enabled
- chroot support is enabled
- D-BUS proxy support is enabled
- file transfer support is enabled
- IDS support is disabled
- Landlock support is enabled
- networking support is enabled
- output logging is enabled
- overlayfs support is disabled
- private-home support is enabled
- private-lib support is disabled
- private-cache and tmpfs as user enabled
- sandbox check is enabled
- SELinux support is disabled
- user namespace support is enabled
- X11 sandboxing support is enabled

Originally created by @powerman on GitHub (Jul 16, 2025). Original GitHub issue: https://github.com/netblue30/firejail/issues/6831 ### Is your feature request related to a problem? Please describe. I'd like to deny access to data in `~/.cache` from a sandbox, but I still wanna use persistent cache (not tmpfs) in that sandbox. I've tried to use `env XDG_CACHE_HOME=${HOME}/.cache-firejail` but looks like there is no ${HOME} interpolation for `env` directive. Another related issue - I'd like to use current firejail `${PROFILE}` name in some other places, e.g.: ``` # Persistent local customizations include ${PROFILE}.local mkdir ${HOME}/.cache-${PROFILE} mkfile ${HOME}/.viminfo-${PROFILE} whitelist ${HOME}/.cache-${PROFILE} whitelist ${HOME}/.viminfo-${PROFILE} env NVIM_APPNAME=nvim-${PROFILE} ``` ### Describe the solution you'd like 1. Allow interpolation for existing vars (maybe except `${PATH}` because it's a bit magical, while all others are just constant strings). 2. Add `${PROFILE}` var with current profile name (name of first loaded profile file without `.profile` extension). ### Describe alternatives you've considered I've to run `firejail --profile=example --env=XDG_CACHE_HOME="${HOME}/.cache-example" …` plus hardcode profile's name inside `example.profile` several times. ### Environment - Name/version/arch of the Linux kernel (`uname -srm`): Linux 6.12.31-gentoo x86_64 - Name/version of the Linux distribution (e.g. "Ubuntu 20.04" or "Arch Linux"): Gentoo Linux - Version of Firejail (`firejail --version`): firejail version 0.9.74 Compile time support: - always force nonewprivs support is disabled - AppArmor support is disabled - AppImage support is enabled - chroot support is enabled - D-BUS proxy support is enabled - file transfer support is enabled - IDS support is disabled - Landlock support is enabled - networking support is enabled - output logging is enabled - overlayfs support is disabled - private-home support is enabled - private-lib support is disabled - private-cache and tmpfs as user enabled - sandbox check is enabled - SELinux support is disabled - user namespace support is enabled - X11 sandboxing support is enabled

gitea-mirror added the

enhancement

label 2026-05-05 09:57:39 -06:00

gitea-mirror referenced this issue

2026-05-05 10:25:47 -06:00

[PR #3390] [MERGED] Disable browser drm by default. #4746

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#3390

No description provided.

Rows
Columns

[GH-ISSUE #6831] Allow interpolation in env values: env XDG_CACHE_HOME=${HOME}/.cache-firejail #3390

Is your feature request related to a problem? Please describe.

Describe the solution you'd like

Describe alternatives you've considered

Environment

[GH-ISSUE #6831] Allow interpolation in env values: `env XDG_CACHE_HOME=${HOME}/.cache-firejail` #3390