profiles: wget: allow ~/.local/share/wget

netblue30 / firejail

Linux namespaces and seccomp-bpf sandbox

https://firejail.wordpress.com

GNU General Public License v2.0

5.83k stars 568 forks source link

Closed celenityy closed 4 hours ago

celenityy commented 1 week ago

wget appears to require access to this directory for HSTS & HPKP.

Without access to this directory, I get the following error when running wget:

Failed to read HSTS data
Failed to read HPKP data
Failed to write HSTS file

This fixes it.

kmk3 commented 5 days ago

@rusty-snake

Distributions started to replace wget with wget2 (I.e. wget and wget2 are the same binary where one of them is a symlink to the other).

Good catch.

We should reorganize our profile for this fact.

Can you also add .config/wget and remove the then doubled noblacklists from wget2.profile.

Since this is a self-contained fix, how about merging this as is and then I open a PR to refactor them after this PR?