Closed jperryhouts closed 5 years ago
I'm fine with doing the check this way, but now that I look at I think we can just drop --private-cache
entirely.
It was useful for Firewarden pre-v1.1.0, where I didn't create a private home unless the sandbox was being used to view a local file. Since v1.1.0 Firewarden always creates a private home (to support the configuration script option). So in effect we're just asking Firejail to use a temporary filesystem for /home/user/.cache
when /home/user
is already a temporary filesystem, which is redundant.
First of all, thanks for this script. It's really convenient!
Unfortunately, the version of firejail in the Ubuntu package manager (at least for LTS) is pretty old (over a year old now) and doesn't support the --private-cache flag. This pull request omits that flag if firejail does not support it.
Note: I considered comparing the version number and checking if it's >=0.9.56, but this approach gets more directly to the point. I'm sure there are dozens of ways this could be accomplished, and I'm happy to change this PR however you prefer. Just let me know.