[PR #5645] Revert "private-etc: big profile changes" #5589

New issue

Open

opened 2026-05-05 10:41:14 -06:00 by gitea-mirror · 0 comments

gitea-mirror commented

2026-05-05 10:41:14 -06:00

Owner

📋 Pull Request Information

Original PR: https://github.com/netblue30/firejail/pull/5645
Author: @kmk3
Created: 2/7/2023
Status: 🔄 Open

Base: master ← Head: revert-private-etc-big-refactor

📝 Commits (10+)

9c29f6e Revert "private-etc: big profile changes"
2d15f33 private-etc: cleanup tool changes
c6c901b private-etc: groups modified
214aa6d private-etc: pushing vulkan into games group
003f751 aria2c: fix private-etc
2f40a1d discord-common: fix private-etc
7219608 email-common: fix private-etc
310c8cc ghostwriter: fix private-etc
99d0b44 marker: fix private-etc
06f9d36 xiphos: fix private-etc

📊 Changes

319 files changed (+321 additions, -319 deletions)

View changed files

📝 etc/profile-a-l/1password.profile (+1 -1)
📝 etc/profile-a-l/abiword.profile (+1 -1)
📝 etc/profile-a-l/agetpkg.profile (+1 -1)
📝 etc/profile-a-l/alacarte.profile (+1 -1)
📝 etc/profile-a-l/alienarena.profile (+1 -1)
📝 etc/profile-a-l/alpine.profile (+1 -1)
📝 etc/profile-a-l/anki.profile (+1 -1)
📝 etc/profile-a-l/apostrophe.profile (+1 -1)
📝 etc/profile-a-l/aria2c.profile (+1 -1)
📝 etc/profile-a-l/arm.profile (+1 -1)
📝 etc/profile-a-l/artha.profile (+1 -1)
📝 etc/profile-a-l/atool.profile (+1 -1)
📝 etc/profile-a-l/atril.profile (+1 -1)
📝 etc/profile-a-l/audio-recorder.profile (+1 -1)
📝 etc/profile-a-l/authenticator-rs.profile (+1 -1)
📝 etc/profile-a-l/authenticator.profile (+1 -1)
📝 etc/profile-a-l/ballbuster.profile (+1 -1)
📝 etc/profile-a-l/bibletime.profile (+1 -1)
📝 etc/profile-a-l/bijiben.profile (+1 -1)
📝 etc/profile-a-l/bitwarden.profile (+1 -1)

...and 80 more files

📄 Description

This reverts commit 5d0822c52c and later
commits that touch the same files (which is necessary in order to revert
the commit in question).

There seems to be a non-trivial amount of changes done in error in the
big refactor from commit 5d0822c52 ("private-etc: big profile changes",
2023-02-05). For example, there are profiles for CLI programs
(including man.profile) and servers that now contain the @x11 group:

$ git grep -l '^private-etc .*@x11' -- etc
# [...]
etc/profile-a-l/email-common.profile:private-etc @tls-ca,@x11,gnupg,hosts.conf,mailname,timezone
etc/profile-m-z/man.profile:private-etc @x11,groff,man_db.conf,manpath.config,sysless
etc/profile-m-z/mutt.profile:private-etc @tls-ca,@x11,Mutt,Muttrc,Muttrc.d,gai.conf,gnupg,gnutls,hosts.conf,mail,mailname,nntpserver,terminfo
etc/profile-m-z/neomutt.profile:private-etc @tls-ca,@x11,Mutt,Muttrc,Muttrc.d,gnupg,hosts.conf,mail,mailname,neomuttrc,neomuttrc.d,nntpserver
etc/profile-m-z/nextcloud.profile:private-etc @tls-ca,@x11,Nextcloud,host.conf,os-release
etc/profile-m-z/nodejs-common.profile:private-etc @tls-ca,@x11,host.conf,mime.types,rpc,services

Note: These are just the ones that I immediately noticed; it is possible
that there are many that I missed.

Part of the issue is that the groups appear to be inconsistent and
rather broad. For example, paths related to 3D graphics (vulkan) and
audio (openal) are in the @games group, which are not used only by games
and not all games use those standards/libraries. As another example,
the @x11 group contains paths related to GTK, KDE and GPU hardware
acceleration, even though those are not necessarily tied to X11 (and
even though hardware acceleration may be used by headless programs).
Replacing the known paths with groups that are not very granular results
in loss of information about what exactly a profile actually needs and
so makes the profiles less self-documenting. Note also that a given
path could potentially belong to multiple groups, which would preclude
using the "etc-cleanup" tool (in its current form at least), as it would
not know which is the correct group to replace the path with.

Command used to revert the changes:

$ git revert \
  1be9bb3c78b3f129eb2a9fefc07211694c700e4e \
  e889db095873197e999c84077fe28c135b49e43c \
  e6f2374d557c94616b9b9db0bcebe0bbd5d78d88 \
  acb0154ea2a71edf935f7c45cc280b0244937336 \
  740f502aeef509ddec89679d2a9fc24270a8c953 \
  5649bd4568f194eb93eaefb7619d92b57fd27e9c \
  2e4e9d13add71bd0b96246e54e209a29583644b6 \
  0f996ea4de584dc061faf21853d61a600da1a1d8 \
  5d0822c52c9a5e631676899e9642911d9143dba8

Note: This reverts commits from PRs #5641 #5642 #5643, most of which are
later re-applied.

Relates to #5610.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/netblue30/firejail/pull/5645 **Author:** [@kmk3](https://github.com/kmk3) **Created:** 2/7/2023 **Status:** 🔄 Open **Base:** `master` ← **Head:** `revert-private-etc-big-refactor` --- ### 📝 Commits (10+) - [`9c29f6e`](https://github.com/netblue30/firejail/commit/9c29f6e0e9f3e2521d72a67224b7c343f627fbdb) Revert "private-etc: big profile changes" - [`2d15f33`](https://github.com/netblue30/firejail/commit/2d15f33cd2651c7da8007e187f01c65a36598e55) private-etc: cleanup tool changes - [`c6c901b`](https://github.com/netblue30/firejail/commit/c6c901bc1f9b0f7ba4915b95389acafb134f2aa0) private-etc: groups modified - [`214aa6d`](https://github.com/netblue30/firejail/commit/214aa6dc2d8ade73df709a595679d6d19014c3fa) private-etc: pushing vulkan into games group - [`003f751`](https://github.com/netblue30/firejail/commit/003f751de86ed4d35272065af9f0017db875b2e2) aria2c: fix private-etc - [`2f40a1d`](https://github.com/netblue30/firejail/commit/2f40a1d44761682fe973e232a4ef364dba639eb0) discord-common: fix private-etc - [`7219608`](https://github.com/netblue30/firejail/commit/72196085b114f01fa48b9f64d88cb4d98ab25746) email-common: fix private-etc - [`310c8cc`](https://github.com/netblue30/firejail/commit/310c8cc08017b86ef80ef30a7600d695e1ce1239) ghostwriter: fix private-etc - [`99d0b44`](https://github.com/netblue30/firejail/commit/99d0b4477cac0f0e509e6ac59693583bb048c11d) marker: fix private-etc - [`06f9d36`](https://github.com/netblue30/firejail/commit/06f9d36fc37626bafb54ff8782943375dde80b4c) xiphos: fix private-etc ### 📊 Changes **319 files changed** (+321 additions, -319 deletions) <details> <summary>View changed files</summary> 📝 `etc/profile-a-l/1password.profile` (+1 -1) 📝 `etc/profile-a-l/abiword.profile` (+1 -1) 📝 `etc/profile-a-l/agetpkg.profile` (+1 -1) 📝 `etc/profile-a-l/alacarte.profile` (+1 -1) 📝 `etc/profile-a-l/alienarena.profile` (+1 -1) 📝 `etc/profile-a-l/alpine.profile` (+1 -1) 📝 `etc/profile-a-l/anki.profile` (+1 -1) 📝 `etc/profile-a-l/apostrophe.profile` (+1 -1) 📝 `etc/profile-a-l/aria2c.profile` (+1 -1) 📝 `etc/profile-a-l/arm.profile` (+1 -1) 📝 `etc/profile-a-l/artha.profile` (+1 -1) 📝 `etc/profile-a-l/atool.profile` (+1 -1) 📝 `etc/profile-a-l/atril.profile` (+1 -1) 📝 `etc/profile-a-l/audio-recorder.profile` (+1 -1) 📝 `etc/profile-a-l/authenticator-rs.profile` (+1 -1) 📝 `etc/profile-a-l/authenticator.profile` (+1 -1) 📝 `etc/profile-a-l/ballbuster.profile` (+1 -1) 📝 `etc/profile-a-l/bibletime.profile` (+1 -1) 📝 `etc/profile-a-l/bijiben.profile` (+1 -1) 📝 `etc/profile-a-l/bitwarden.profile` (+1 -1) _...and 80 more files_ </details> ### 📄 Description This reverts commit 5d0822c52c9a5e631676899e9642911d9143dba8 and later commits that touch the same files (which is necessary in order to revert the commit in question). There seems to be a non-trivial amount of changes done in error in the big refactor from commit 5d0822c52 ("private-etc: big profile changes", 2023-02-05). For example, there are profiles for CLI programs (including man.profile) and servers that now contain the @x11 group: $ git grep -l '^private-etc .*@x11' -- etc # [...] etc/profile-a-l/email-common.profile:private-etc @tls-ca,@x11,gnupg,hosts.conf,mailname,timezone etc/profile-m-z/man.profile:private-etc @x11,groff,man_db.conf,manpath.config,sysless etc/profile-m-z/mutt.profile:private-etc @tls-ca,@x11,Mutt,Muttrc,Muttrc.d,gai.conf,gnupg,gnutls,hosts.conf,mail,mailname,nntpserver,terminfo etc/profile-m-z/neomutt.profile:private-etc @tls-ca,@x11,Mutt,Muttrc,Muttrc.d,gnupg,hosts.conf,mail,mailname,neomuttrc,neomuttrc.d,nntpserver etc/profile-m-z/nextcloud.profile:private-etc @tls-ca,@x11,Nextcloud,host.conf,os-release etc/profile-m-z/nodejs-common.profile:private-etc @tls-ca,@x11,host.conf,mime.types,rpc,services Note: These are just the ones that I immediately noticed; it is possible that there are many that I missed. Part of the issue is that the groups appear to be inconsistent and rather broad. For example, paths related to 3D graphics (vulkan) and audio (openal) are in the @games group, which are not used only by games and not all games use those standards/libraries. As another example, the @x11 group contains paths related to GTK, KDE and GPU hardware acceleration, even though those are not necessarily tied to X11 (and even though hardware acceleration may be used by headless programs). Replacing the known paths with groups that are not very granular results in loss of information about what exactly a profile actually needs and so makes the profiles less self-documenting. Note also that a given path could potentially belong to multiple groups, which would preclude using the "etc-cleanup" tool (in its current form at least), as it would not know which is the correct group to replace the path with. Command used to revert the changes: $ git revert \ 1be9bb3c78b3f129eb2a9fefc07211694c700e4e \ e889db095873197e999c84077fe28c135b49e43c \ e6f2374d557c94616b9b9db0bcebe0bbd5d78d88 \ acb0154ea2a71edf935f7c45cc280b0244937336 \ 740f502aeef509ddec89679d2a9fc24270a8c953 \ 5649bd4568f194eb93eaefb7619d92b57fd27e9c \ 2e4e9d13add71bd0b96246e54e209a29583644b6 \ 0f996ea4de584dc061faf21853d61a600da1a1d8 \ 5d0822c52c9a5e631676899e9642911d9143dba8 Note: This reverts commits from PRs #5641 #5642 #5643, most of which are later re-applied. Relates to #5610. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

gitea-mirror added the

pull-request

label 2026-05-05 10:41:14 -06:00

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#5589

No description provided.

Rows
Columns