[PR #6785] [MERGED] profiles: finish converting private-opt to whitelist #6167

New issue

Closed

opened 2026-05-05 10:52:00 -06:00 by gitea-mirror · 0 comments

gitea-mirror commented

2026-05-05 10:52:00 -06:00

Owner

📋 Pull Request Information

Original PR: https://github.com/netblue30/firejail/pull/6785
Author: @kmk3
Created: 6/18/2025
Status: ✅ Merged
Merged: 6/22/2025
Merged by: @kmk3

Base: master ← Head: profiles-finish-private-opt

📝 Commits (1)

ddb8f2f profiles: finish converting private-opt to whitelist

📊 Changes

10 files changed (+9 additions, -22 deletions)

View changed files

📝 etc/profile-a-l/basilisk.profile (+1 -1)
📝 etc/profile-a-l/enpass.profile (+1 -1)
📝 etc/profile-m-z/mate-dictionary.profile (+1 -1)
📝 etc/profile-m-z/microsoft-edge-dev.profile (+0 -3)
📝 etc/profile-m-z/microsoft-edge.profile (+0 -3)
📝 etc/profile-m-z/minecraft-launcher.profile (+1 -1)
📝 etc/profile-m-z/postman.profile (+1 -4)
📝 etc/profile-m-z/ppsspp.profile (+1 -1)
📝 etc/profile-m-z/tidal-hifi.profile (+1 -1)
📝 etc/templates/profile.template (+2 -6)

📄 Description

Changes:

Convert all private-opt entries (other than private-opt none) to
whitelist entries
Remove remaining commented private-opt entries and related comments
(for profiles that also have a corresponding whitelist entry)
Enable whitelist /opt/basilisk in basilisk.profile (similarly to
mullvad-browser.profile and palemoon.profile)
Update private-opt comment in etc/templates/profile.template

Most private-opt entries were converted into whitelist entries on commit
175905530 ("profiles: exchange private-opt with a whitelist (#6021)",
2023-10-18), while some of them were left alone due to the program size
being deemed small enough as not to break file-copy-limit in
firejail.config.

For the sake of simplicity and clarity (and to avoid potential issues
with program install sizes increasing over time), convert those
private-opt entries into whitelist entries as well (note that users can
still enable private-opt in the corresponding .local profile).

Also, some commented private-opt entries remain (with a note about
potential issues with private-opt).

Since commit 175905530 also documented the drawbacks of private-opt in
firejail.1, it should be fine to remove the commented entries and
related comments (note that in all of the profiles containing such
comments, there is already an equivalent whitelist entry).

Related commits:

f3f739c5d ("microsoft-edge.profile: rewrite profile for stable
channel", 2022-08-11) /
PR #5709
121e043df ("microsoft-edge-{dev,beta}: replaced private-opt by
whitelist #5307", 2022-08-11) /
PR #5709
2cb40fbec ("microsoft-edge fixes (#5697)", 2023-03-14)
58732a654 ("Add profiles for jami and postman (#5691)", 2023-03-15)
175905530 ("profiles: exchange private-opt with a whitelist (#6021)",
2023-10-18)

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/netblue30/firejail/pull/6785 **Author:** [@kmk3](https://github.com/kmk3) **Created:** 6/18/2025 **Status:** ✅ Merged **Merged:** 6/22/2025 **Merged by:** [@kmk3](https://github.com/kmk3) **Base:** `master` ← **Head:** `profiles-finish-private-opt` --- ### 📝 Commits (1) - [`ddb8f2f`](https://github.com/netblue30/firejail/commit/ddb8f2f4bfe1384a08a764b8d0a924abbf3fb5bc) profiles: finish converting private-opt to whitelist ### 📊 Changes **10 files changed** (+9 additions, -22 deletions) <details> <summary>View changed files</summary> 📝 `etc/profile-a-l/basilisk.profile` (+1 -1) 📝 `etc/profile-a-l/enpass.profile` (+1 -1) 📝 `etc/profile-m-z/mate-dictionary.profile` (+1 -1) 📝 `etc/profile-m-z/microsoft-edge-dev.profile` (+0 -3) 📝 `etc/profile-m-z/microsoft-edge.profile` (+0 -3) 📝 `etc/profile-m-z/minecraft-launcher.profile` (+1 -1) 📝 `etc/profile-m-z/postman.profile` (+1 -4) 📝 `etc/profile-m-z/ppsspp.profile` (+1 -1) 📝 `etc/profile-m-z/tidal-hifi.profile` (+1 -1) 📝 `etc/templates/profile.template` (+2 -6) </details> ### 📄 Description Changes: * Convert all private-opt entries (other than `private-opt none`) to whitelist entries * Remove remaining commented private-opt entries and related comments (for profiles that also have a corresponding whitelist entry) * Enable `whitelist /opt/basilisk` in basilisk.profile (similarly to mullvad-browser.profile and palemoon.profile) * Update private-opt comment in etc/templates/profile.template Most private-opt entries were converted into whitelist entries on commit 175905530 ("profiles: exchange private-opt with a whitelist (#6021)", 2023-10-18), while some of them were left alone due to the program size being deemed small enough as not to break file-copy-limit in firejail.config. For the sake of simplicity and clarity (and to avoid potential issues with program install sizes increasing over time), convert those private-opt entries into whitelist entries as well (note that users can still enable private-opt in the corresponding .local profile). Also, some commented private-opt entries remain (with a note about potential issues with private-opt). Since commit 175905530 also documented the drawbacks of private-opt in firejail.1, it should be fine to remove the commented entries and related comments (note that in all of the profiles containing such comments, there is already an equivalent whitelist entry). Related commits: * f3f739c5d ("microsoft-edge.profile: rewrite profile for stable channel", 2022-08-11) / PR #5709 * 121e043df ("microsoft-edge-{dev,beta}: replaced private-opt by whitelist #5307", 2022-08-11) / PR #5709 * 2cb40fbec ("microsoft-edge fixes (#5697)", 2023-03-14) * 58732a654 ("Add profiles for jami and postman (#5691)", 2023-03-15) * 175905530 ("profiles: exchange private-opt with a whitelist (#6021)", 2023-10-18) --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

gitea-mirror

2026-05-05 10:52:00 -06:00

closed this issue
added the
pull-request
label

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#6167

No description provided.

Rows
Columns