[GH-ISSUE #1434] app local profiles should be placed before global local profiles #972

New issue

Closed

opened 2026-05-05 07:14:21 -06:00 by gitea-mirror · 2 comments

gitea-mirror commented

2026-05-05 07:14:21 -06:00

Owner

Originally created by @ghost on GitHub (Aug 4, 2017).
Original GitHub issue: https://github.com/netblue30/firejail/issues/1434

Currently local profiles are sourced in this precedence:

# Persistent global definitions go here
include /etc/firejail/globals.local

# This file is overwritten during software install.
# Persistent customizations should go in a .local file.
include /etc/firejail/ark.local

It means that when user enables some option in global.local profile it can't be overridden in ark.local profile. Therefore any global option which breaks one app (example: apparmor) can be overridden only by editing ark.profile directly which will be overwritten during next update or by creating new profile in ~/.config/firejail/ark.profile which have to be then maintained solely by user.

Basing on the above I propose changing precedence to:

# This file is overwritten during software install.
# Persistent customizations should go in a .local file.
include /etc/firejail/ark.local

# Persistent global definitions go here
include /etc/firejail/globals.local

This way user can override any global.local option in ark.local file easily. As both global.local and ark.local are used only for personal local administration this shouldn't create any security issues.

Originally created by @ghost on GitHub (Aug 4, 2017). Original GitHub issue: https://github.com/netblue30/firejail/issues/1434 Currently local profiles are sourced in this precedence: ``` # Persistent global definitions go here include /etc/firejail/globals.local # This file is overwritten during software install. # Persistent customizations should go in a .local file. include /etc/firejail/ark.local ``` It means that when user enables some option in `global.local `profile it can't be overridden in `ark.local` profile. Therefore any global option which breaks one app (example:` apparmor`) can be overridden only by editing `ark.profile` directly which will be overwritten during next update or by creating new profile in `~/.config/firejail/ark.profile` which have to be then maintained solely by user. Basing on the above I propose changing precedence to: ``` # This file is overwritten during software install. # Persistent customizations should go in a .local file. include /etc/firejail/ark.local # Persistent global definitions go here include /etc/firejail/globals.local ``` This way user can override any `global.local` option in `ark.local` file easily. As both `global.local` and `ark.local` are used only for personal local administration this shouldn't create any security issues.

gitea-mirror

2026-05-05 07:14:21 -06:00

closed this issue
added the
enhancement
label

gitea-mirror commented

2026-05-05 07:14:27 -06:00

Author

Owner

@netblue30 commented on GitHub (Aug 5, 2017):

Sure, it makes sense. Let's wait for @Fred-Barclay and @SpotComms to finish with the current round of cleanups, and I'll write some small script to go through all the files and switch the lines.

@netblue30 commented on GitHub (Aug 5, 2017): Sure, it makes sense. Let's wait for @Fred-Barclay and @SpotComms to finish with the current round of cleanups, and I'll write some small script to go through all the files and switch the lines.

gitea-mirror commented

2026-05-05 07:14:29 -06:00

Author

Owner

@SkewedZeppelin commented on GitHub (Aug 5, 2017):

This is actually already fixed in #1427 since sometime after you opened this.

@SkewedZeppelin commented on GitHub (Aug 5, 2017): This is actually already fixed in #1427 since sometime after you opened this.

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#972

No description provided.

Rows
Columns