add --private-template=directory option #681
Merged
Conversation
|
Merged, thanks for the patch. I used to have this feature a long time ago and scrapped it. I will rename it private-home. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
--private mount a tmpfs over the user home, so, things like browser extensions and configurations are back to the defaults and you cannot pre-configure it easily.
--private=directory, on the other side, make the user home persistent.
--private-template=directory aim to /opt/firejail/templates/usernamebe an alternative, it act like --private mounting a tmpfs over the user home, and then it copy recursively all the files and dirs from a template directory to the created empty user home.
This way you can put, for example, a preconfigured .config/cromium directory let's says in /opt/firejail/templates/username, and then use
firejail --private-template=/opt/firejail/templates/username cromiumNOTE: as the copy from template is done after mounting the tmpfs to mask the user home, the template directory cannot be copied from inside the original user home.