[PR #5071] [MERGED] profiles: blacklist and make ~/Applications dir read-only #5352

New issue

Closed

opened 2026-05-05 10:36:54 -06:00 by gitea-mirror · 0 comments

gitea-mirror commented

2026-05-05 10:36:54 -06:00

Owner

📋 Pull Request Information

Original PR: https://github.com/netblue30/firejail/pull/5071
Author: @kmk3
Created: 3/24/2022
Status: ✅ Merged
Merged: 3/29/2022
Merged by: @netblue30

Base: master ← Head: add-appimage-dir

📝 Commits (2)

2dc957d disable-common.inc: make ~/Applications dir read-only
d1336c9 disable-programs.inc: blacklist ~/Applications dir

📊 Changes

2 files changed (+4 additions, -0 deletions)

View changed files

📝 etc/inc/disable-common.inc (+3 -0)
📝 etc/inc/disable-programs.inc (+1 -0)

📄 Description

This directory is monitored by both appimaged[1] and
AppImageLauncher[2]. Also, when opening an AppImage with
AppImageLauncher, it may prompt the user to move the AppImage to
~/Applications.

Note that even when blacklisting a directory, it is possible to execute
an AppImage from it. For example, the following works:

firejail --noprofile --blacklist='${HOME}/Applications' --appimage \
  ~/Applications/foo.AppImage

While the resulting process does not appear to have access to the
blacklisted directory.

[1] 2323f1825e/README.md (monitored-directories)
[2] https://github.com/TheAssassin/AppImageLauncher/wiki/Configuration

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/netblue30/firejail/pull/5071 **Author:** [@kmk3](https://github.com/kmk3) **Created:** 3/24/2022 **Status:** ✅ Merged **Merged:** 3/29/2022 **Merged by:** [@netblue30](https://github.com/netblue30) **Base:** `master` ← **Head:** `add-appimage-dir` --- ### 📝 Commits (2) - [`2dc957d`](https://github.com/netblue30/firejail/commit/2dc957d1c576cc335218d143622780837eeccce0) disable-common.inc: make ~/Applications dir read-only - [`d1336c9`](https://github.com/netblue30/firejail/commit/d1336c9927d7f88fc939c2b7a319655cdd898240) disable-programs.inc: blacklist ~/Applications dir ### 📊 Changes **2 files changed** (+4 additions, -0 deletions) <details> <summary>View changed files</summary> 📝 `etc/inc/disable-common.inc` (+3 -0) 📝 `etc/inc/disable-programs.inc` (+1 -0) </details> ### 📄 Description This directory is monitored by both appimaged[1] and AppImageLauncher[2]. Also, when opening an AppImage with AppImageLauncher, it may prompt the user to move the AppImage to ~/Applications. Note that even when blacklisting a directory, it is possible to execute an AppImage from it. For example, the following works: firejail --noprofile --blacklist='${HOME}/Applications' --appimage \ ~/Applications/foo.AppImage While the resulting process does not appear to have access to the blacklisted directory. [1] https://github.com/AppImage/appimaged/blob/2323f1825ed6abe19f2d3791d81307449692be03/README.md#monitored-directories [2] https://github.com/TheAssassin/AppImageLauncher/wiki/Configuration --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

gitea-mirror

2026-05-05 10:36:54 -06:00

closed this issue
added the
pull-request
label

gitea-mirror referenced this issue

2026-05-05 10:38:43 -06:00

[PR #5352] [MERGED] fix opening links in firefox youtube-viewers-common.profile #5456

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#5352

No description provided.

Rows
Columns