Skip to content

Commit

Permalink
profiles: whitelist /usr/share/webext in firefox-common
Browse files Browse the repository at this point in the history 
directory is used for system-wide installed webext-addons.
Reported at: https://bugs.debian.org/948558
  • Loading branch information
@reinerh
reinerh committed Jan 12, 2020
1 parent d5f359f commit c8f78d7
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions etc/firefox-common.profile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ mkdir ${HOME}/.local/share/pki
whitelist ${DOWNLOADS}
whitelist ${HOME}/.pki
whitelist ${HOME}/.local/share/pki
whitelist /usr/share/webext
include whitelist-common.inc
include whitelist-var-common.inc

Expand Down

9 comments on commit c8f78d7

@rusty-snake
Copy link
Collaborator

@rusty-snake rusty-snake commented on c8f78d7 Jan 12, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@reinerh wusc is in firefox.profile and not in firefox-common.profile. The reason for this decision was that firefox-common is also includes in other profiles (like waterfox) which are untested with wusc. Adding it here enable wusc also for such profiles.

EDIT: grep "include firefox-common.profile" /etc/firejail/*

/etc/firejail/abrowser.profile:include firefox-common.profile
/etc/firejail/basilisk.profile:include firefox-common.profile
/etc/firejail/cliqz.profile:include firefox-common.profile
/etc/firejail/cyberfox.profile:include firefox-common.profile
/etc/firejail/firefox.profile:include firefox-common.profile
/etc/firejail/icecat.profile:include firefox-common.profile
/etc/firejail/palemoon.profile:include firefox-common.profile
/etc/firejail/thunderbird.profile:include firefox-common.profile
/etc/firejail/waterfox.profile:include firefox-common.profile

@rusty-snake
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed: bd47899

@reinerh
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hm, I'm not sure I understand your suggestion, yet.
Do you want me to add the webext directory to whitelist-usr-share-common.inc? Or move it to firefox.profile?

@reinerh
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay, thanks for fixing it. I can confirm that this works as well (with firefox-esr).

@reinerh
Copy link
Collaborator Author

@reinerh reinerh commented on c8f78d7 Jan 12, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is the webext directory then also accessible for browsers not including firefox.profile (if they support webext addons)?

Edit: thunderbird also still has access to webext.

@rusty-snake
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As long as they don't include whitelist-usr-share-common.inc, yes.

@reinerh
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, I was a bit confused how whitelist is working.

@rusty-snake
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the impulse to think: has thunderbird webext support?
(should be taken into account in #3091)

@reinerh
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes it has, see for example https://packages.debian.org/unstable/webext-compactheader

Please sign in to comment.