Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Profile Updates #3076

Open
FOSSONLY opened this issue Dec 9, 2019 · 8 comments
Open

Profile Updates #3076

FOSSONLY opened this issue Dec 9, 2019 · 8 comments
Labels
enhancement New feature request

Comments

@FOSSONLY
Copy link

FOSSONLY commented Dec 9, 2019

I would like to suggest a manual or automatic update for profiles. It is noted that there are often problems with the profiles. Especially since not all users use the same versions of different programs, and the profiles per version of Firejail are usually adapted to certain program versions. By automatically updating the profiles directly via git, any adjustments to the profiles could be immediately received by the users. This could prevent typical problems with program updates. What do you think?
@rusty-snake
Copy link
Collaborator

👍 a way to get profile fixes and enhancements to debian stable for example would be great.

@rusty-snake rusty-snake added the enhancement New feature request label Dec 15, 2019
@FOSSONLY
Copy link
Author

Yeah. I mean, theoretically, anyone could do that quickly by hand. Just install git and download the profiles to "/etc/firejail". The idea was to simplify it and make it easier for beginners.

@rusty-snake
Copy link
Collaborator

theoretically, anyone could do that quickly by hand.

You missed one point, new/changed options does not work with older firejail binaries.

Example: Debian stable has firejail 0.9.58

  • mdwe breaks all most every GNOME-APP since firejail 0.9.60
  • allow-debuggers works only with firejail master in profiles
  • the seccomp exception syntax
  • ...

@Vincent43
Copy link
Collaborator

Yes, there is no guarantee that newer profiles will work with older firejail so shipping those separately isn't possible atm.

@rusty-snake rusty-snake mentioned this issue Jan 16, 2020
Closed
@glitsj16
Copy link
Collaborator

I'm not sure if all distros offer a firejail-git package like the one from AUR, but we could ask packagers to promote that if they do. I like the idea of a 'rolling-release-kind' firejail, it would offer some interesting opportunities (besides unburdening collaborators a bit regarding issues management/small profile fixes). E.g. #3150.

@rusty-snake
Copy link
Collaborator

If I look now at the relnotes, IMHO it is not possible to use master profile with a stable firejail after some scripts.

@matu3ba
Copy link
Contributor

matu3ba commented May 7, 2020
edited
Loading

@FOSSONLY So your proposal wants to fetch one of the release branches and adjust the paths for each distributions, because the distribution package is out of date?
Thats the job of distribution packagers.

Sadly there dont exist programs or scripts that fetch on what distribution you are and adjust the installation paths/rules for the distro accordingly, because the paths are tracked globally different on every distribution with packet managers.

Maybe you can be more specific what you want to do. Doing things for only a subset of the distributions belongs to anothet project.

@rusty-snake
Copy link
Collaborator

Every distro I know uses /etc/firejail, that's not an issue.

@kmk3 kmk3 changed the title [Feature] Profile Updates Profile Updates Aug 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@glitsj16 @matu3ba @Vincent43 @FOSSONLY @rusty-snake