[PR #2152] [CLOSED] Improve profile handling #4185

New issue

Closed

opened 2026-05-05 10:15:18 -06:00 by gitea-mirror · 0 comments

gitea-mirror commented

2026-05-05 10:15:18 -06:00

Owner

📋 Pull Request Information

Original PR: https://github.com/netblue30/firejail/pull/2152
Author: @crass
Created: 10/9/2018
Status: ❌ Closed

Base: master ← Head: improve-profile-handling

📝 Commits (10+)

5d36986 rename expand_home -> expand_macros to better reflect usage and remove unneeded homedir argument.
36c04db Allow specifying a profile "name" with the profile option (eg. --profile=firefox).
1990103 Update man pages and usage to reflect --profile enhancement.
36281ef allow overriding of disable-mnt with noblacklist - #2154
62d1e5a Fix file.profile
86267d2 Harden file.profile
e16f469 Create QMediathekView
985ed28 Update disable-programs.inc
dcc05a5 Update firecfg.config
f51e3b4 Harden strings.profile

📊 Changes

79 files changed (+1219 additions, -114 deletions)

View changed files

📝 README (+15 -2)
📝 README.md (+41 -1)
📝 RELNOTES (+14 -0)
📝 configure (+9 -9)
📝 configure.ac (+1 -1)
➕ etc/QMediathekView.profile (+54 -0)
➕ etc/aria2c.profile (+45 -0)
➕ etc/artha.profile (+46 -0)
➕ etc/authenticator.profile (+49 -0)
➕ etc/bsdcat.profile (+6 -0)
➕ etc/bsdcpio.profile (+6 -0)
📝 etc/bsdtar.profile (+1 -1)
➕ etc/checkbashisms.profile (+49 -0)
📝 etc/claws-mail.profile (+3 -0)
➕ etc/desktop.profile (+44 -0)
➕ etc/devilspie.profile (+49 -0)
➕ etc/devilspie2.profile (+49 -0)
📝 etc/disable-common.inc (+10 -8)
📝 etc/disable-passwdmgr.inc (+1 -0)
📝 etc/disable-programs.inc (+15 -2)

...and 59 more files

📄 Description

The first commit is not strictly necessary, but it makes the code easier to understand because expand_home was really expanding all the macros.

The second commit allows specifying --profile=firefox on the command line and doing what you'd expect. That is looking first in .config/firejail for firefox.profile, and if not there checking ${CFG}/firefox.profile.

The third commit enhances the include directive to allow specifying just the filename component of a profile path and searching the userdir and then system config dir for the file to include.

And the fourth commit did sed -i 's#include /etc/firejail/#include #' etc/* to use the behavior of the third commit. This makes it simple to "hook" various include directives without needing write access to SYSCONFDIR, which is especially useful for globals.local.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/netblue30/firejail/pull/2152 **Author:** [@crass](https://github.com/crass) **Created:** 10/9/2018 **Status:** ❌ Closed **Base:** `master` ← **Head:** `improve-profile-handling` --- ### 📝 Commits (10+) - [`5d36986`](https://github.com/netblue30/firejail/commit/5d3698607e991ee35f3d9f5493e65adaabd64b7c) rename expand_home -> expand_macros to better reflect usage and remove unneeded homedir argument. - [`36c04db`](https://github.com/netblue30/firejail/commit/36c04dbd3ef132a796e5bc815fa13d1851153180) Allow specifying a profile "name" with the profile option (eg. --profile=firefox). - [`1990103`](https://github.com/netblue30/firejail/commit/19901034aa8f9077cda6207b3f847f6fda0ec5d5) Update man pages and usage to reflect --profile enhancement. - [`36281ef`](https://github.com/netblue30/firejail/commit/36281ef60b3fcc272e5d4d67b72d673d0028beab) allow overriding of disable-mnt with noblacklist - #2154 - [`62d1e5a`](https://github.com/netblue30/firejail/commit/62d1e5a0606f0d383ab2df59deda0618e7e7f274) Fix file.profile - [`86267d2`](https://github.com/netblue30/firejail/commit/86267d2749d056ad01114af127a250a5988130d8) Harden file.profile - [`e16f469`](https://github.com/netblue30/firejail/commit/e16f469ac81af9023b89127c6978cd519d3bb78f) Create QMediathekView - [`985ed28`](https://github.com/netblue30/firejail/commit/985ed288a44770118970d673b57732460d968eef) Update disable-programs.inc - [`dcc05a5`](https://github.com/netblue30/firejail/commit/dcc05a50eb65fbc999e2631420623d09069f07f3) Update firecfg.config - [`f51e3b4`](https://github.com/netblue30/firejail/commit/f51e3b42c843974c8945b93b3a88a0a687051449) Harden strings.profile ### 📊 Changes **79 files changed** (+1219 additions, -114 deletions) <details> <summary>View changed files</summary> 📝 `README` (+15 -2) 📝 `README.md` (+41 -1) 📝 `RELNOTES` (+14 -0) 📝 `configure` (+9 -9) 📝 `configure.ac` (+1 -1) ➕ `etc/QMediathekView.profile` (+54 -0) ➕ `etc/aria2c.profile` (+45 -0) ➕ `etc/artha.profile` (+46 -0) ➕ `etc/authenticator.profile` (+49 -0) ➕ `etc/bsdcat.profile` (+6 -0) ➕ `etc/bsdcpio.profile` (+6 -0) 📝 `etc/bsdtar.profile` (+1 -1) ➕ `etc/checkbashisms.profile` (+49 -0) 📝 `etc/claws-mail.profile` (+3 -0) ➕ `etc/desktop.profile` (+44 -0) ➕ `etc/devilspie.profile` (+49 -0) ➕ `etc/devilspie2.profile` (+49 -0) 📝 `etc/disable-common.inc` (+10 -8) 📝 `etc/disable-passwdmgr.inc` (+1 -0) 📝 `etc/disable-programs.inc` (+15 -2) _...and 59 more files_ </details> ### 📄 Description The first commit is not strictly necessary, but it makes the code easier to understand because `expand_home` was really expanding all the macros. The second commit allows specifying `--profile=firefox` on the command line and doing what you'd expect. That is looking first in `.config/firejail` for `firefox.profile`, and if not there checking `${CFG}/firefox.profile`. The third commit enhances the `include` directive to allow specifying just the filename component of a profile path and searching the userdir and then system config dir for the file to include. And the fourth commit did `sed -i 's#include /etc/firejail/#include #' etc/*` to use the behavior of the third commit. This makes it simple to "hook" various include directives without needing write access to `SYSCONFDIR`, which is especially useful for `globals.local`. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

gitea-mirror

2026-05-05 10:15:18 -06:00

closed this issue
added the
pull-request
label

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#4185

No description provided.

Rows
Columns