Firejail

Recent Commits

• Devon Kirk (16 Jun 26)

  bugfix: add missing backtick in `reject_meta_chars()` (#7183)

• sofoxe1 (16 Jun 26)

  profiles: lutris: fix proton compatibility (#7181) umu: https://github.com/Open-Wine-Components/umu-launcher seccomp based on this PR: * #5017

• Kelvin M. Klann (16 Jun 26)

  profiles: inkscape: format comment This amends commit 02a81c2f1 ("gimp, inkscape profile fixes (Arch)", 2026-06-12). Relates to #5987.

• netblue30 (12 Jun 26)

  gimp, inkscape profile fixes (Arch)

• netblue30 (10 Jun 26)

  reverting: firecfg: add and use firejail-symlink wrapper Most programs run fine, but I'm running into problems with a small number of them. Among them firefox and libreoffice. I'll bring it back after I figure out what's going on.

• dependabot[bot] (01 Jun 26)

  build(deps): bump step-security/harden-runner from 2.19.0 to 2.19.4 Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.19.0 to 2.19.4. - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/8d3c67de8e2fe68ef647c8db1e6a09f647780f40...9af89fc71515a100421586dfdb3dc9c984fbf411) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-version: 2.19.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

• dependabot[bot] (01 Jun 26)

  build(deps): bump github/codeql-action from 4.35.2 to 4.36.0 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.35.2 to 4.36.0. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/95e58e9a2cdfd71adc6e0353d5c52f41a045d225...7211b7c8077ea37d8641b6271f6a365a22a5fbfa) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.36.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

• netblue30 (01 Jun 26)

  fix add and use firejail-symlink wrapper - added support for make uninstall

• netblue30 (01 Jun 26)

  Merge pull request #7142 from kmk3/add-firejail-symlink-exec feature: firecfg: add and use firejail-symlink wrapper

• netblue30 (01 Jun 26)

  Merge pull request #7148 from kmk3/build-remove-etc-fixes build: remove etc-fixes directory

• netblue30 (01 Jun 26)

  Merge pull request #7131 from hlein/profile-man profiles: man: add terminfo

• Amin Vakil (22 May 26)

  new profile: claude (#7169) https://github.com/anthropics/claude-code

• Kelvin M. Klann (22 May 26)

  RELNOTES: add feature, build, test, ci and profile items Relates to #7157 #7159 #7160 #7162 #7163 #7164 #7166 #7167.

• Kelvin M. Klann (22 May 26)

  RELNOTES: reword test item For consistency with the more recent test items. This amends commit 082956b4f ("RELNOTES: add security, feature, test and profile items", 2026-05-02). Relates to #7147.

• Fidel Ramos (18 May 26)

  new profile: tldr (#7166) This is a profile for tldr official Python CLI: * https://github.com/tldr-pages/tldr * https://github.com/tldr-pages/tldr-python-client It's working on my machine (Arch Linux) with stable Firejail (0.9.80). I tried to make it as restrictive as possible, as it's only downloading files and putting them in `~/.cache/tldr`.

• Kelvin M. Klann (17 May 26)

  profiles: gemini: add mkdir ~/.gemini in whitelist comment This amends commit 3469e5de6 ("new profile: gemini (#6936)", 2026-05-01). Misc: This was noticed on #7169.

• Kelvin M. Klann (17 May 26)

  test/fs: support and use XDG user dir env vars (#7167) This should ensure that the tests work even if custom XDG user directories are used (such as when set in `~/.config/user-dirs.dirs`). The tests should work even if the relevant environment variables are empty (or set to `$HOME`), though note that the setup commands in test/fs/fs.sh likely still have to be executed before the .exp files are executed. Relates to #7147 #7163.

• Kelvin M. Klann (15 May 26)

  feature: add `${PUBLICSHARE}` and `${TEMPLATES}` macros (#7164) Add the following directories from the xdg-user-dirs specification[1]: * `XDG_PUBLICSHARE_DIR="$HOME/Public"` * `XDG_TEMPLATES_DIR="$HOME/Templates"` With this, all directories from the specification are supported as macros. See also /etc/xdg/user-dirs.defaults. Relates to #7157 #7163. [1] https://www.freedesktop.org/wiki/Software/xdg-user-dirs/

• Kelvin M. Klann (09 May 26)

  profiles: sort macros in profile.template Added on commit d4f824519 ("Mention macros in profile.template (#2759)", 2019-06-11). Kind of relates to #7157.

• Kelvin M. Klann (13 May 26)

  test/fs: deduplicate xdg dirs in macro tests (#7163) To make it easier to add new directories. Relates to #7147.

• orbisai0security (13 May 26)

  build: netfilter.c: replace `system()` with `execv()` (#7159)

• Kelvin M. Klann (11 May 26)

  ci: make all main make steps parallel and sync output (#7162) Changes: * Use `scan-build make` instead of running `scan-build` inside of `make` (this appears to be necessary for the output synchronization to work) * Use `-j "$(nproc)"` and `-Orecurse` for the main `make` step in all jobs (including where this step is currently not parallel) The main drawback of using parallel make (`-j`) is that the output of different jobs may be printed interspersed, which makes the output harder to read and less stable across multiple executions. Example: job1: line1 job1: line2 job2: line1 job3: line1 job1: line3 Using `-Orecurse` should fix this by ensuring that the output of all jobs is still printed sequentially in the order that the jobs were executed (that is, as if `-j` was not used), even if the jobs themselves are executed in parallel. This should ensure that the main `make` step in each job runs its targets in parallel and has a stable output at the same time, making it easier to compare the logs of the same job across different CI runs. Note: The `-O` flag is specific to GNU make and was added in version 4.0 (2013-10-09). Related commits: * 500d8f2d6 ("ci: run make in parallel where applicable", 2023-08-14) / PR #5960 * 1f6400bd8 ("build: sync scan-build target with CI", 2024-02-24) / PR #6222

• Kelvin M. Klann (11 May 26)

  test/fs/fs.sh: fix typo of "root" This amends commit 6b7d77c41 ("testing --tmpfs as root and regular user", 2026-01-21).

• Kelvin M. Klann (10 May 26)

  test/fs/macro-subpath.exp: fix permissions (644 -> 755) The tests from this file are currently not even being executed in CI[1]: TESTING: macro subpaths (test/fs/macro-subpath.exp) ./fs.sh: line 130: ./macro-subpath.exp: Permission denied TESTING: whitelist empty (test/fs/whitelist-empty.exp) This amends commit aff7cb630 ("feature: allow subpaths in xdg macros", 2026-04-21) / PR #7151. Relates to #7147. [1] https://github.com/netblue30/firejail/actions/runs/25602127293/job/75157737035

• Kelvin M. Klann (10 May 26)

  test/fs/macro-subpath.exp: fix ls -> find The whitelist test is currently broken[1]: TESTING: macro subpaths (test/fs/macro-subpath.exp) spawn /bin/bash firejail --profile=./macro-subpath-whitelist.profile ls ~/Desktop/_firejail_test_dir [...] [...] /home/runner/Desktop/_firejail_test_dir: a [...] Parent is shutting down, bye... runner@runnervmrc6n4:~/work/firejail/firejail/test/fs$ TESTING ERROR 1.1 Desktop This amends commit aff7cb630 ("feature: allow subpaths in xdg macros", 2026-04-21) / PR #7151. Relates to #7147. [1] https://github.com/netblue30/firejail/actions/runs/25638061680/job/75253423623

• Kelvin M. Klann (11 May 26)

  profiles: use xdg macros with subpaths (#7160) Commands used to search and replace: $ git grep -IElz '\$\{HOME\}/(Desktop|Documents|Downloads|Music|Pictures|Projects|Videos)' -- etc | xargs -0 perl -pi -e ' s/\$\{HOME\}\/Desktop/\${DESKTOP}/; s/\$\{HOME\}\/Documents/\${DOCUMENTS}/; s/\$\{HOME\}\/Downloads/\${DOWNLOADS}/; s/\$\{HOME\}\/Music/\${MUSIC}/; s/\$\{HOME\}\/Pictures/\${PICTURES}/; s/\$\{HOME\}\/Projects/\${PROJECTS}/; s/\$\{HOME\}\/Videos/\${VIDEOS}/; ' Note: The entries in the following profiles were sorted manually: * etc/profile-m-z/Mathematica.profile * etc/profile-m-z/prismlauncher.profile * etc/profile-m-z/zoom.profile This is a follow-up to #7151.

• Kelvin M. Klann (22 Apr 26)

  profiles: zoom: sort noblacklist/whitelist sections

• Kelvin M. Klann (22 Apr 26)

  profiles: keepassxc: sort noblacklist section

• Kelvin M. Klann (09 May 26)

  feature: add `${PROJECTS}` macro (#7157) Based on the new ~/Projects directory from version 0.20 of the xdg-user-dirs specification[1]: * `XDG_PROJECTS_DIR="$HOME/Projects"` Relates to #7147 #7151. [1] https://www.freedesktop.org/wiki/Software/xdg-user-dirs/

• Kelvin M. Klann (09 May 26)

  profiles: move llm-agent-common.inc to llm-agent-common.profile Move it together with the other profiles used for redirecting in `etc/profile*`. Commands used to search and replace: git mv etc/inc/llm-agent-common.inc etc/profile-a-l/llm-agent-common.profile git grep -IElz llm-agent-common.inc | xargs -0 perl -pi -e ' s/llm-agent-common.inc/llm-agent-common.profile/ ' This amends commit c81777164 ("profiles: add llm-agent-common.inc (#7158)", 2026-05-08).