Add as a variable, environment variable handling done outside of fire…

…jail and systemd if required

README.md

@@ -24,15 +24,16 @@ A `.private` file defines several application-specific variables. The following
 * `$privlib` enables the dynamic generation of a `private-lib` filter. If enabled, the following variables should be defined:
   * `$genlib` is the path to the `gen_libraries` path. 
   * `$libdir` is the path to the application's lib folder.
-  * `$extralibs` is the list of hard-coded libraries which are not automatically detected.
+  * `$extralibs` [optional] is the list of hard-coded libraries which are not automatically detected. Can be left unset if no hard-coded libraries are required.
 * `$use_systemd` enables `systemd` integration.
+* `$use_firejail` enables `firejail` integration.
 * `$profiledir` is the path to the directory where profiles are stored.
 * `$tocopy` is the list of files to copy to the temporary profile.
-* `$destdir` is the directory to generate inside the temporary profile directory. If set to `""`, then the temporary directory itself is treated as the profile.
+* `$destdir` [optional] is the directory to generate inside the temporary profile directory. If set to `""` or unset, then the temporary directory itself is treated as the profile.
 * `$progname` is the command to run.
 * `$progargs` is the array of arguments to pass when the program is not already running.
 * `$rprogargs` is the array of arguments to pass when the program is already running.
-* `$envvars` is a bash array used for setting any environment variables (now uses `firejail`'s environment handling!). Set this to an empty array (`()`) if you don't have any environment variables to pass along.
+* `$envvars` [optional] is a bash array used for setting any environment variables (now uses `firejail`'s environment handling!). If set to an empty array (`()`) or unset, no extra environment variables are passed along.
 
 There are two example `.private` files in this repo, `private-profiles/firefox.private` and `private-profiles/chromium.private`.
 

private-profile.sh

@@ -3,6 +3,7 @@
 private=0
 privlib=0
 use_systemd=0
+use_firejail=0
 name=""
 copy=0
 netns=""
@@ -25,7 +26,7 @@ rmprof()
     fi
 }
 
-set -e
+set -eu
 
 while getopts "p:tcn:" arg
 do
@@ -78,21 +79,17 @@ then
 	exitm '$genlib and $libdir must all be set for $privlib!'
     fi
     . "$genlib"
-    libs=$(compile_list "${libdir}" "${extralibs}")
+    libs=$(compile_list "${libdir}" "${extralibs:-}")
     fjargs+=( "--private-lib=$libs" )
 fi
 
 # Deal with creating a private profile if requested
 
 if [ "$private" -eq 1 ]
 then
-    if [[ -z "${destdir+x}" ]]
-    then
-	exitm '$destdir must be specified (even if it is an empty string)!'
-    fi
     nprofile=$(mktemp -d -p "${profiledir}")
     name=$(basename "$nprofile")
-    if [ "${destdir}" != "" ]
+    if [ "${destdir:=}" != "" ]
     then
 	mkdir "${nprofile}"/"${destdir}"
     fi
@@ -132,17 +129,23 @@ do
     fjargs+=( "--env=${i}" )
 done
 
-if [[ -z "${progargs+x}" || -z "${rprogargs+x}" ]]
-then
-    exitm '$progargs and $rprogargs must be specified (even if as empty arrays)!'
-fi
+progargs="${progargs:-}"
+rprogargs="${rprogargs:-}"
 
-cmd="${firejail} ${fjargs[*]} -- ${progname} $(eval echo "${progargs[@]}")"
+cmd="${progname} $(eval echo "${progargs[@]}")"
 rcmd="${progname} $(eval echo "${rprogargs[@]}")"
 
+fjcmd="${firejail} ${fjargs[*]} --"
 systemdcmd="systemd-run --wait --user --unit=${sprogname}-${name}.service --description=${sprogname}-${name}"
 
-# systemd-specific behavior if enabled
+if [ "$use_firejail" -eq 1 ]
+then
+    cmd="${fjcmd} ${cmd}"
+    rcmd="${fjcmd} ${rcmd}"
+else
+    cmd="/usr/bin/env ${envvars[*]} ${cmd}"
+    rcmd="/usr/bin/env ${envvars[*]} ${rcmd}"
+fi
 
 if [ "$use_systemd" -eq 1 ]
 then

private-profiles/chromium.private

@@ -1,9 +1,10 @@
 privlib=0
 use_systemd=1
+use_firejail=1
 profiledir=~/.config/chromium/
 tocopy=( Extensions "Extension State" Preferences )
 destdir="Default"
 progname="/usr/lib/chromium/chromium"
 progargs=( '--user-data-dir=${profile}' '$*' )
 rprogargs=( '--user-data-dir=${profile}' '$*' )
-envvars=()
+# envvars=()

private-profiles/firefox.private

@@ -1,11 +1,11 @@
 libdir=/usr/lib/firefox
 extralibs="nss,pulseaudio,nvidia,python3.6,gconv,libpulse.so.0,libFLAC.so.8,libogg.so.0,libopus.so.0,libvorbis.so.0,libvorbisenc.so.2,libavcodec.so.57,libavutil.so.55,libcrystalhd.so.3,libdrm.so.2,libGL.so.1,libnss_resolve.so.2,libnss_systemd.so.2"
-genlib=~/bin/gen_libraries
+genlib=$(systemd-path user-library-private)/personal/gen_libraries
 privlib=1
 use_systemd=1
+use_firejail=1
 profiledir=~/.config/mozilla/firefox/
 tocopy=( extensions browser-extension-data extension-preferences.json extension-settings.json extensions.json prefs.js gmp gmp-widevinecdm gmp-gmpopenh264 search.json.mozlz4 pluginreg.dat )
-destdir=""
 progname="firefox"
 progargs=( --new-instance --profile '${profile}' '$*' )
 rprogargs=( --profile '${profile}' '$*' )