Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Execute firecfg on every change? #2226

Closed
francoism90 opened this issue Oct 29, 2018 · 5 comments
Closed

Execute firecfg on every change? #2226

francoism90 opened this issue Oct 29, 2018 · 5 comments
Labels
information_old (Deprecated; use "doc-todo" or "needinfo" instead) Information was/is required

Comments

@francoism90
Copy link

francoism90 commented Oct 29, 2018
edited
Loading

To use Firejail as default, one can use # firecfg to create symlinks and fix *.desktop files.

Would it be useful to have a package manager hook and/or systemd service to allow checking and recreating this on every boot?

# firejail@.service -> firejail@archie.service
[Unit]
Description=Creates symbolic links for Firejail

[Service]
Type=oneshot
ExecStart=/usr/bin/firecfg
ProtectSystem=strict
ReadWritePaths=/etc/firejail
ReadWritePaths=/usr/local/bin
ReadWritePaths=/home/%i/.local/share/applications
Environment=SUDO_USER=%i
Environment=HOME=/home/%i

[Install]
WantedBy=multi-user.target

Is this concerned as a bad practice?

Thanks.
@SkewedZeppelin
Copy link
Collaborator

But why?

@francoism90
Copy link
Author

@SkewedZeppelin When installing new and/or removing applications, entries are getting out-of-dated or not symlinked at all.

@reinerh
Copy link
Collaborator

reinerh commented Oct 30, 2018

For Debian-based systems you could install a trigger in /etc/apt/apt.conf.d/ that will run firecfg each time after you install something with apt (something like Dpkg::Post-Invoke {"firecfg";} (untested)).
https://wiki.debian.org/AptConf

@francoism90
Copy link
Author

@reinerh That's actually a better idea! On Arch Linux pacman hooks are available and can do the same thing. :)

@francoism90 francoism90 changed the title Execute firecfg on boot? Execute firecfg on every change? Oct 30, 2018
@reinerh reinerh added the information_old (Deprecated; use "doc-todo" or "needinfo" instead) Information was/is required label Oct 31, 2018
@reinerh reinerh closed this as completed Oct 31, 2018
@SkewedZeppelin
Copy link
Collaborator

@francoism90 feel free to make a PR adding the systemd unit file and the pacman alpm hook to the contrib directory

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
information_old (Deprecated; use "doc-todo" or "needinfo" instead) Information was/is required
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@reinerh @francoism90 @SkewedZeppelin