support all user readable directories (except cfg.homedir) in --private-home

[thewisenerd]

I found the --private-home option to be perfect for initializing a tmpfs $HOME directory with a few files copied in, however, making it to read files only from user home top level directories is limiting for my use.

I do not want to use the --private=dir option as changes made to dir from the sandboxed application are visible back in userspace. I do not also want, the hassles of unshare and creating a private tmpfs mount.

example: I want to initialize $HOME as private fs with a .config directory, but I do not want to use my ~/.config directory, but another directory such as ~/sandbox/.config. Since fcopy takes the destination name from strrchr(fname, '/'), the end result would be a .config directory copied to $HOME/.config nevertheless.

ps: I have implemented this at https://github.com/thewisenerd/firejail/commit/b548a7b8e09bf4d15b1123061e845f1d592a4c05 and want to know if there's a better way to do this.

[thewisenerd]

nocontext: and this is issue #1000 (yay!)

[a-barinov]

@netblue30, please add this to the next release - this is a truly helpful feature. Couple of use cases are: allowing to use system-wide parts for homedir templates and using homedir parts from eCryptfs.

[chiraag-nataraj]

I don't think this is in yet. @thewisenerd, please feel free to create a pull request (but base it off the current master, obviously haha) if you've already implemented this and we'll take a look there. Thanks!