Description
I think there should be a more robust alternative to placing executables/links in /usr/local/bin like firecfg does it currently. I recently noticed that, at least in KDE, when for example using Discord, it is possible to launch unsandboxed applications from the sandboxed environment.
I think this can happen in KDE because Discord attempts to launch the application, the KDE-specific xdg-open is used which contacts the unsandboxed, running kioclient and instructs it to open a desktop file -- in this case for some reason the system-wide *.desktop file located in /usr/share/applications instead of the one located in the user-local ~/.local/share/applications folder. If I close all Firefox instances for example beforehand and then open a link from the sandboxed Discord client, an unsandboxed /usr/lib/firefox/firefox executable is running.
This issue could be completely prevented (I think) by moving or renaming the original executables and then symlinking/creating custom firejail launcher executables that execute the original executables. There would be no easy way to accidentally start an unsandboxed application then. Of course this is more invasive to the system.
Slightly related to this issue: it would be very nice if there was a way for firejail to check if the current launch of an application was started originally from an existing firejail environment and then ideally start the application using its own existing profile. To elaborate a bit on what I mean by that: if I have configured a profile for thunderbird and click on an e-mail address in a different sandboxed application, it would be much nicer if thunderbird was started usings its own profile in a new sandbox, instead of the existing one with its configuration. This would probably have to be done on a whitelist-based approach, to prevent for example untrusted, sandboxed applications without internet access launching applications that are able to transmit data.