Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
profiles: whitelist /usr/share/webext in firefox-common
directory is used for system-wide installed webext-addons. Reported at: https://bugs.debian.org/948558
- Loading branch information
c8f78d7
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@reinerh wusc is in firefox.profile and not in firefox-common.profile. The reason for this decision was that firefox-common is also includes in other profiles (like waterfox) which are untested with wusc. Adding it here enable wusc also for such profiles.
EDIT:
grep "include firefox-common.profile" /etc/firejail/*
c8f78d7
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed: bd47899
c8f78d7
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hm, I'm not sure I understand your suggestion, yet.
Do you want me to add the webext directory to whitelist-usr-share-common.inc? Or move it to firefox.profile?
c8f78d7
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Okay, thanks for fixing it. I can confirm that this works as well (with firefox-esr).
c8f78d7
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is the webext directory then also accessible for browsers not including firefox.profile (if they support webext addons)?
Edit: thunderbird also still has access to webext.
c8f78d7
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As long as they don't include whitelist-usr-share-common.inc, yes.
c8f78d7
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, I was a bit confused how whitelist is working.
c8f78d7
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the impulse to think: has thunderbird webext support?
(should be taken into account in #3091)
c8f78d7
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes it has, see for example https://packages.debian.org/unstable/webext-compactheader