New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Profile requests #1139
Comments
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
1 brl-cad (a millitary-veteran CAD..but common at civilian enviorments)
|
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
would be nice to have profiles for |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
InSync variety KDE connect
and Would be nice to have too. |
A profile for BEEPER would be great. https://www.beeper.com/ |
@vinoff I had a look at Apparently the
IMO this isn't the most secure thing to do, so I'd advise to try this app while removing that If you could test Beeper when actually using it, that would be great. We could consider adding the profile (adjusted where needed) later. Don't feel comfortable doing so when I haven't done that properly. HTH |
a profile for tidal-hifi would be great. So far I have this, I'll try to open a PR later:
|
I would be happy about a profile for Eclipse. |
Pinokio allows you to play around with all the awesome new open source AI models that are rapidly coming out these days. It allows you to install, run, and automate any AI applications and models automatically and effortlessly. I'm very eager to try it out via AppImage, but I need a firejail profile for it. This video claims it is already self-contained, but I'd feel more comfortable if firejail ensured that containment. I don't want the AI to break out and take over my computer! Anyway, I'm really looking forward to there being a profile for this AppImage. Thank you in advance. |
Pulsar: AppImage is available here: This is live fork of the (discontinued) Atom text editor. Atom was made by GitHub's original owners. Microsoft purchased GitHub and "sunset" the project on December 15, 2022. It is a fantastic text editor for web development. I'm so happy to see it forked. The profile will likely be very similar to the one already created for Atom: However, from running it in a virtual machine, I see at least two changes that are needed; its config file folder location: I'd love to see a Pulsar profile located here: I achieved a custom profile that launches Pulsar, but it can likely be improved to be less permissive. I'm still learning. |
I would be happy about a profile for Nyxt. |
What does it mean that it is in bwrap? Why can't Firejail build Sandox around bwrap? |
Sielo: https://sielo.app/ This web browser has some innovative features. I'm especially interested in what they call tabs spaces, which essentially allows you to tile multiple webpages within a single window. They provide a portable AppImage for download, and that's what I'd like a Firejail profile for. |
@marek22k (1) Behind the scenes --noprofile uses /etc/default.profile, which includes disable-common.inc. The latter file blacklists ${PATH}/bwrap. Try |
Too bad firejail and bwrap don't work together. firejail blocks file access for browsers by default except for the download folder, bwrap doesn't do that. I'll see if I can find some bwrap documentation somewhere where I can set this. |
@marek22k Yup, those incompatibilities are indeed a pain. Maybe you can try containing nyxt with bubblejail, which is bubblewrap-based. |
No. It is more like --profile=/dev/null (I.e. empty.profile). Longer firejail+bwrap discussions should happen in a new Discussion. |
I would be happy about a profile for Apache NetBeans IDE. Maybe something like the following:
|
I'd like a profile for Armcord, as it seems hamsket is not developed anymore. As an aside, what's the difference between including the hardened electron profile and the normal one? Either way, something like the following (it uses gio for opening links).
|
I have tweaked some electron profile for Joplin (distributed as appimage). Happy to share my file with the notes of what I tried and didn't. A cleaned up version below (i removed all comments):
Then launching with: |
@dev-uhuru Nice! Feel free to open a PR for joplin.profile. We can help work out any specifics for the non-appimage version (if there are any). Thanks for sharing. |
I recently set up KDE connect and plasma-browser-integration for firefox (Linux Mint 21.2) and it seems that the comments in the profile are slightly outdated.
(and to
This should probably be added to the comment in |
@RundownRhino Thanks for reporting. Comments are prone to gather dust as software moves on. Can you open a PR for it? |
@glitsj16 Opened a PR. As a side note, it seems |
Hi, I have sketched out a profile for Obsidian, I needed it urgently. I've been looking into it for a couple of hours, so I think more knowledgeable people will suggest improvements. But it already works for appimage and binary.
There's a resolution for git, as I'm using the Obsidian plugin for git.
Launch commands: firejail --appimage --profile=/home/$USER/.config/firejail/obsidian.profile ./Obsidian-1.5.12.AppImage
# or
firejail --profile=/home/$USER/.config/firejail/obsidian.profile /usr/bin/obsidian I left some things commented out as I didn't fully understand them. I'm interested in a discussion on this profile, anyone have any tips for improvement? UPD: #6314 |
Please open a pull request for it; this issue is not a good place for reviews. |
I humbly request profile support for DaVinci Resolve for Linux, a non-linear video editor application. It requires input and gpu dev access. It is released as a self-contained AppImage executable. The file is free to download but the website may hide the download link and ask you to register before download. I've not managed to get it working on Linux Mint 21.3. It seems to require elevated privileges and it looks like that conflicts with |
I've looked into 'DaVinci Resolve for Linux'. Don't have the hardware to actually use it, but there are a few things you might try. First of all, its Other observations. This is not your 'common' application, and there seem to be loads of potential roadblocks (not very surprising with proprietary software). I consulted the Arch Wiki page while investigating, might be helpful on your Linux Mint too: https://wiki.archlinux.org/title/DaVinci_Resolve. There are several AUR packages available that you can look at for guidance on how to get it properly installed (if you're familiar with Arch Linux's PKGBUILD format). To save some time and hair-pulling you can Far from ideal and very likely a lot of moving parts. The PDF that came with the download actually mentions 'Installing DaVinci Resolve’s Rocky Linux ISO' in a VM. IMO that's going to be the easier route. HTH |
Issue to ask for and discuss about new profiles.
Progress is tracked in: https://github.com/netblue30/firejail/projects/3?fullscreen=true
latex2*
,pdf*
,rst2*
,pod2
,pcp2pdf
,wkhtmltopdf
, ...)disable-sys.inc
to restrict access to files in/sys/{block,bus,class,dev,devices,kernel}
io.elementary.calculator
)io.elementary.calendar
io.elementary.calendar-daemon
io.elementary.camera
)io.elementary.capnet-assist
)io.elementary.code
)io.elementary.files
io.elementary.files-daemon
io.elementary.files-pkexec
io.elementary.music
)io.elementary.photos
) - Based on the old Shotwell codeio.elementary.terminal
)io.elementary.videos
)gnome-podcasts
)pass
gopass
kbfsfuse
(not sure if this one makes sense...)keybase
keybase-gui
ykman
ykman-gui
gzdoom
)quake
)rrootage
)Resolved
gnome-online-minersGhetto-skypeTbb PPAGnome-boxesTor MessengerTemaviewerProfile requests #825 (comment)The text was updated successfully, but these errors were encountered: