rusty-snake
commented
4 years ago :+1: a way to get profile fixes and enhancements to debian stable for example would be great.
Open FOSSONLY opened 4 years ago
rusty-snake
commented
4 years ago :+1: a way to get profile fixes and enhancements to debian stable for example would be great.
FOSSONLY
commented
4 years ago Yeah. I mean, theoretically, anyone could do that quickly by hand. Just install git and download the profiles to "/etc/firejail". The idea was to simplify it and make it easier for beginners.
rusty-snake
commented
4 years ago theoretically, anyone could do that quickly by hand.
You missed one point, new/changed options does not work with older firejail binaries.
Example: Debian stable has firejail 0.9.58
Vincent43
commented
4 years ago Yes, there is no guarantee that newer profiles will work with older firejail so shipping those separately isn't possible atm.
glitsj16
commented
4 years ago I'm not sure if all distros offer a firejail-git package like the one from AUR, but we could ask packagers to promote that if they do. I like the idea of a 'rolling-release-kind' firejail, it would offer some interesting opportunities (besides unburdening collaborators a bit regarding issues management/small profile fixes). E.g. https://github.com/netblue30/firejail/pull/3150.
rusty-snake
commented
4 years ago If I look now at the relnotes, IMHO it is not possible to use master profile with a stable firejail after some scripts.
matu3ba
commented
4 years ago @FOSSONLY So your proposal wants to fetch one of the release branches and adjust the paths for each distributions, because the distribution package is out of date? Thats the job of distribution packagers.
Sadly there dont exist programs or scripts that fetch on what distribution you are and adjust the installation paths/rules for the distro accordingly, because the paths are tracked globally different on every distribution with packet managers.
Maybe you can be more specific what you want to do. Doing things for only a subset of the distributions belongs to anothet project.
rusty-snake
commented
4 years ago Every distro I know uses /etc/firejail, that's not an issue.
I would like to suggest a manual or automatic update for profiles. It is noted that there are often problems with the profiles. Especially since not all users use the same versions of different programs, and the profiles per version of Firejail are usually adapted to certain program versions. By automatically updating the profiles directly via git, any adjustments to the profiles could be immediately received by the users. This could prevent typical problems with program updates. What do you think?