Open jose1711 opened 2 years ago
Yes, I originally brought this up as a negative to switching steam.profile to whitelist. Can be very annoying.
edit: see #3292
What if we revert it back to a regular blacklisted profile?
We have in steam profile hardcoded at least 10 games with directories all over ~/.config and ~/.local/share. We clean up disable-programs.inc, then grab the old steam blacklisted profile and fix it. We just have to find when the whitelisting was put in.
I'll attempt a full rewrite of steam profile, and I'll ask you guys to test it - I don't have steam here.
I do not know what I am talking about, take this with a grain of salt.
Would a GUI be useful? An application is given a default profile, but any more access will prompt the use a GUI asking for permission (notification).
Without a GUI: Currently
With a GUI:
The granted permission can persist only during that session or it can permanently persist.
I can see a some downsides to this:
Possible Solutions:
For Downside 4: The rules within the default profile are nonnegotiable, meaning If a game in steam.profile wanted to access ~/Documents, but steam.profile contained a rule that prevented this access, then the GUI will NOT prompt a notification and the request is silently voided.
For Downside 5: The user is allowed to edit the rules found the GUI. When the GUI prompts a resources request, the user has the ability to define the rule. Example. Application asks for access to ~/Documents, but the user can edit the request and override to ~/Documents/Specific_FileorFolder
These were my thoughts on a solution, I am pretty sure there is more downsides, but this was the only things I could come up with.
Description
We are already unblacklisting/whitelisting quite a few games but there may be a lot of missing and keeping up with changes may be sustainable.
Steps to Reproduce
noblacklist
/whitelist
setOne such example would be Road Redemption which uses
${HOME}/Road Redemption
. We could add it manually tosteam.profile
but a long-term/more dynamic solution would be needed (IMHO).Environment
Checklist
/usr/bin/vlc
) "fixes" it).https://github.com/netblue30/firejail/issues/1139
)browser-allow-drm yes
/browser-disable-u2f no
infirejail.config
to allow DRM/U2F in browsers.--profile=PROFILENAME
to set the right profile. (Only relevant for AppImages)