[SOLVED]Firejail/firefox.profile whitelist

Questions about applications and software
Forum rules
Before you post please read how to get help
Post Reply
all41
Level 15
Level 15
Posts: 5583
Joined: Tue Dec 31, 2013 9:12 am
Location: Computer, Car, Cage

[SOLVED]Firejail/firefox.profile whitelist

Post by all41 » Wed Aug 01, 2018 11:54 am

I am trying to change the target directory for Firefox downloads but Firejail is blocking.
The directory I want to use is on a searate hdd mounted at /media/uno/archival/downloads
where archival is the hdd label.
I have read xenopeek's posts and Pjotr's site, as well as the man pages, searched the forums and web for examples
but this still eludes me. Here is what I tried:

append to /etc/firejail/firefox.profile the following:
whitelist /media/uno/archival/downloads*

and via terminal
$ firejail --whitelist=/media/uno/archival/downloads*

How to do?
I am caught well off-base here, the instructios and syntax confuse me.
Help and suggestions are needed.
Thank you for reading.

edit: I am using the repository FJ 0.9.52 with the updated firefox.profile and LM19 Mate
Last edited by all41 on Wed Aug 01, 2018 2:48 pm, edited 1 time in total.

User avatar
Sir Charles
Level 7
Level 7
Posts: 1897
Joined: Thu Jan 04, 2018 1:00 pm

Re: Firejail/firefox.profile whitelist

Post by Sir Charles » Wed Aug 01, 2018 12:17 pm

I am sure that there are more elegant ways of doing this by editing the firejail's firefox.profile but maybe as a workaround the following can work:
Create a "symlink" to /media/uno/archival/downloads in Downloads in your home.
Choose ~/Downloads/"symlink" as the location for downloads in Firefox.
I suppose that's one of the ironies of life, doing the wrong thing at the right moment -C.C.

all41
Level 15
Level 15
Posts: 5583
Joined: Tue Dec 31, 2013 9:12 am
Location: Computer, Car, Cage

Re: Firejail/firefox.profile whitelist

Post by all41 » Wed Aug 01, 2018 12:34 pm

Choose ~/Downloads/"symlink"
Unable to select the link, greyed out.
I have set the FF preferences to point at the desired directory while not launched with firejail,
and that setting holds after closing and relaunching firejailed, but the downloads still go to ~/Downloads.
Even if FF preferences are set to 'always ask where to save files' I cannot choose the other location.

User avatar
Sir Charles
Level 7
Level 7
Posts: 1897
Joined: Thu Jan 04, 2018 1:00 pm

Re: Firejail/firefox.profile whitelist

Post by Sir Charles » Wed Aug 01, 2018 12:40 pm

all41 wrote:
Wed Aug 01, 2018 12:34 pm
Choose ~/Downloads/"symlink"
Unable to select the link, greyed out.
That's odd. I tested it before I posted previously and it worked at my end. Something else must be at play.
:?:
I suppose that's one of the ironies of life, doing the wrong thing at the right moment -C.C.

all41
Level 15
Level 15
Posts: 5583
Joined: Tue Dec 31, 2013 9:12 am
Location: Computer, Car, Cage

Re: Firejail/firefox.profile whitelist

Post by all41 » Wed Aug 01, 2018 1:01 pm

How did you make the symlink?
I just made a link and drug it to the ~/Downloads directory.
This link opens /media/uno/archival/downloads, but is not selectable as a download target
in FF preferences.

However without firejail that link is selectable and works--and directs the download to the other hdd

I'm beginning to grasp why this is called a 'jail'.

User avatar
chrisuk
Level 5
Level 5
Posts: 593
Joined: Thu Jun 12, 2008 6:16 am

Re: Firejail/firefox.profile whitelist

Post by chrisuk » Wed Aug 01, 2018 1:07 pm

There's no need to touch the main profiles in /etc/firejail - just create your profile in ~/.config/firejail, firejail looks there before etc/firejail/.

Here's my firefox.profile from ~/config/firejail

Code: Select all

include /etc/firejail/firefox.profile

blacklist ${HOME}/Desktop
blacklist ${HOME}/Documents
blacklist ${HOME}/Music
blacklist ${HOME}/Pictures
blacklist ${HOME}/Public
blacklist ${HOME}/Templates
blacklist ${HOME}/Videos
blacklist /media
No whitelists in mine, but you can try commenting-out the include at the beginning.
Chris

Manjaro MATE - MX Linux - LMDE MATE

User avatar
greerd
Level 6
Level 6
Posts: 1055
Joined: Sat Jul 31, 2010 10:58 am
Location: Nova Scotia, Canada

Re: Firejail/firefox.profile whitelist

Post by greerd » Wed Aug 01, 2018 1:11 pm

Unless things have changed in the last couple of years, you can't whitelist syslinks in your /home that point outside home with firejail, see viewtopic.php?f=47&t=224373.

Which reminds me that I never thanked xenopeek (Thanks xenopeek!)

User avatar
Sir Charles
Level 7
Level 7
Posts: 1897
Joined: Thu Jan 04, 2018 1:00 pm

Re: Firejail/firefox.profile whitelist

Post by Sir Charles » Wed Aug 01, 2018 1:22 pm

all41 wrote:
Wed Aug 01, 2018 1:01 pm
How did you make the symlink?
I just made a link and drug it to the ~/Downloads directory.
This link opens /media/uno/archival/downloads, but is not selectable as a download target
in FF preferences.

However without firejail that link is selectable and works--and directs the download to the other hdd

I'm beginning to grasp why this is called a 'jail'.
Lol.

I did exactly as you describe. Strange.
firejail-firefox.png
And the symlink points to /media/marte/WD Elements/Downloads/

Of course chrisuk's suggestion looks like the proper way of doing it.
I was beginning to think in terms of ownership/permissions issues but maybe that is not relevant.
I suppose that's one of the ironies of life, doing the wrong thing at the right moment -C.C.

all41
Level 15
Level 15
Posts: 5583
Joined: Tue Dec 31, 2013 9:12 am
Location: Computer, Car, Cage

Re: Firejail/firefox.profile whitelist

Post by all41 » Wed Aug 01, 2018 2:46 pm

chrisuk wrote:
Wed Aug 01, 2018 1:07 pm
There's no need to touch the main profiles in /etc/firejail - just create your profile in ~/.config/firejail, firejail looks there before etc/firejail/.

Here's my firefox.profile from ~/config/firejail

Code: Select all

include /etc/firejail/firefox.profile

blacklist ${HOME}/Desktop
blacklist ${HOME}/Documents
blacklist ${HOME}/Music
blacklist ${HOME}/Pictures
blacklist ${HOME}/Public
blacklist ${HOME}/Templates
blacklist ${HOME}/Videos
blacklist /media
No whitelists in mine, but you can try commenting-out the include at the beginning.
This was the key.

This is what solved the issue:
Made firejail directory in ~/.config
Copied the above profile to ~/.config/firejail/firefox.profile
Changed blacklist /media to whitelist /media/uno/archival/downloads
Commented out the include statement
Bingo!
~/.config/firejail/firefox.profile has a blue C after commenting out the include line:
profile.png
profile.png (23.91 KiB) Viewed 251 times
First time I've seen that, but it's all good

Thanks chrisuk, Marziano, greerd

Post Reply

Return to “Software & Applications”