Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature Request: Allow specifying paths relative to XDG user dir variables (${DOWNLOADS}/something, ${PICTURES}/something...) #4653

Closed
nativerv opened this issue Oct 29, 2021 · 2 comments
Closed

Feature Request: Allow specifying paths relative to XDG user dir variables (${DOWNLOADS}/something, ${PICTURES}/something...) #4653

nativerv opened this issue Oct 29, 2021 · 2 comments
Labels
duplicate This issue or pull request already exists

Comments

@nativerv
Copy link

The problem

Currently, we can reference XDG user dirs by variables regardless of their actual name: ${DOWNLOADS}, ${DOCUMENTS}, ${PICTURES}, ${VIDEOS}, ${MUSIC}.
Many programs use these directories only to create its own directory inside and use it for its purposes.

For example:
Telegram Desktop creates and defaults to "Telegram Desktop" directory inside ${DOWNLOADS} for its downloads
Flameshot defaults to Screenshots directory inside ${PICTURES} to save its screenshots

Ideally the profiles must only whitelist these default directories to allow default behaviour and deny everything else.
But the only way to allow these dirs and not depend on any hardcoded names is to whitelist/noblacklist the entire ${DOWNLOADS}/${PICTURES}, as currently we get an error by trying to specify paths relative to XDG user dir variable:

telegram-desktop.local:

noblacklist ${DOWNLOADS}
whitelist ${DOWNLOADS}/Telegram Desktop

Reading profile /home/nrv/.config/firejail/telegram-desktop.local
Error: "${DOWNLOADS}/Telegram Desktop" is an invalid filename: rejected character: "{"

The only way to go around that right now is to hardcode directory names relative to ${HOME} variable:
telegram-desktop.local:

noblacklist ${DOWNLOADS}
whitelist ${HOME}/dl/Telegram Desktop

/etc/firejail/keepassxc.profile:

# You can enable whitelisting for keepassxc by adding the below to your keepassxc.local.
# If you do, you MUST store your database under ${HOME}/Documents/KeePassXC/foo.kdbx.
#mkdir ${HOME}/Documents/KeePassXC
#whitelist ${HOME}/Documents/KeePassXC

Describe the solution you'd like

Allow specifying paths relative to XDG user dir variables as with ${HOME} variable:

whitelist ${DOWNLOADS}/Telegram Desktop
whitelist ${PICTURES}/Screenshots
whitelist ${DOCUMENTS}/KeePassXC

Additional context

Even if we consider XDG user dirs to be "public" for use by media programs by default, one can't even change that personally without hardcoding relative to ${HOME}. What if you renamed your XDG user dirs later, e.g. Downloads -> downloads?
@rusty-snake
Copy link
Collaborator

Duplicate of #2359

@rusty-snake rusty-snake marked this as a duplicate of #2359 Oct 29, 2021
@rusty-snake rusty-snake added the duplicate This issue or pull request already exists label Oct 29, 2021
@rusty-snake
Copy link
Collaborator

/etc/firejail/keepassxc.profile:

# You can enable whitelisting for keepassxc by adding the below to your keepassxc.local.
# If you do, you MUST store your database under ${HOME}/Documents/KeePassXC/foo.kdbx.
#mkdir ${HOME}/Documents/KeePassXC
#whitelist ${HOME}/Documents/KeePassXC

Even more important IMHO, #4006 requires this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
duplicate This issue or pull request already exists
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rusty-snake @nativerv