vscodium: missing profile redirect for codium

[MiltiadisKoutsokeras]

Is your feature request related to a problem? Please describe.

Firejail does not contain a profile to support the latest VSCodium in the apt package of Debian 11.

Describe the solution you'd like

I would like the Firejail installation to contain a profile that supports the latest VSCodium, as it does with past versions in files:

• /etc/firejail/code-oss.profile
• /etc/firejail/vscodium.profile

Describe alternatives you've considered

It would be possible to create a local custom file for latest VSCodium version but the program details have changed from the previous versions (whitelisted direcotries, privileges, etc.).

[kmk3]

Basic debugging information is missing; please follow the bug report template:

• https://github.com/netblue30/firejail/issues/new?template=bug_report.md

[MiltiadisKoutsokeras]

I would happily do that, but it is not a BUG. It is a feature request to provide a profile for the latest version of a program.

[rusty-snake]

Moved

[MiltiadisKoutsokeras]

Thanks, you can close this.

[kmk3]

I would happily do that, but it is not a BUG. It is a feature request to provide a profile for the latest version of a program.

Profiles are generally not separated by program versions (with limited exceptions for new major versions of certain programs), they are created based on the name of the executable.

Is there a new executable name for vscodium?

If not, there already exists a profile for vscodium and it either works properly or it doesn't.

If it doesn't work, it's a bug.

the program details have changed from the previous versions (whitelisted direcotries, privileges, etc.).

Which directories and privileges?

In what version of vscodium did they change?

[MiltiadisKoutsokeras]

Profiles are generally not separated by program versions (with limited exceptions for new major versions of certain programs), they are created based on the name of the executable.

Is there a new executable name for vscodium?

The executable is renamed to codium so none of the provided profiles match (even if they did, the contents would not apply).

If it doesn't work, it's a bug.

Well then it is a BUG.

Which directories and privileges?

If I had a complete list for those, I would happily create and share the profile. You have to communicate with the developers for that.

In what version of vscodium did they change?

Unfortunately I do not know this, I realized that firejail did not apply a profile recently while researching another issue.

[rusty-snake]

The executable is renamed to codium so none of the provided profiles match

https://github.com/netblue30/firejail/blob/master/etc/profile-a-l/codium.profile added 3 years ago. Also in https://github.com/netblue30/firejail/blob/897f12dd88c1add667ecb211b61b6126a49c7065/src/firecfg/firecfg.config#L174

So yes basic debugging information like your firejail version are missing.

[MiltiadisKoutsokeras]

Here are my versions:

• Linux distribution and version: Debian 11
• Firejail version (firejail --version): 0.9.64.4

It seems that the package is old enough and includes outdated profiles. I will try to copy the upstream ones. The only profile installed is /etc/firejail/vscodium.profile with contents:

# Firejail profile alias for Visual Studio Code
# This file is overwritten after every install/update

# Persistent local customizations
include vscodium.local

noblacklist ${HOME}/.VSCodium

# Redirect
include code.profile

This is probably something the Debian maintainer should do, so please close the report.

[kmk3]

@MiltiadisKoutsokeras on Sep 4:

• Firejail version (firejail --version): 0.9.64.4

Note that we do not maintain that version of firejail:

• https://github.com/netblue30/firejail/blob/master/SECURITY.md

Versions other than the latest usually have outdated profiles and may contain bugs and security vulnerabilities that were fixed in later versions.

This is probably something the Debian maintainer should do, so please close the report.

I think it's unlikely to be upgraded on a stable Debian release.

See also the recommended way to install firejail on Debian:

• https://github.com/netblue30/firejail#installing

[kmk3]

Duplicate of #3871

[rusty-snake]

I will try to copy the upstream ones.

Does not necessarily work, the profile may use commands unknown by your firejail version or include other profiles you don't have or with wrong content.