and would like to edit the profile to change the allowed folders. How can i do that?
I tried to access the file in the terminal but this yields
~ ❯ bat ${pkgs.firejail}/etc/firejail/thunderbird.profile
fish: ${ is not a valid variable in fish.
bat ${pkgs.firejail}/etc/firejail/thunderbird.profile
${pkgs.firejail}/etc/firejail/chromium.profile is expanded into the nix store path of package firefox, so something like /nix/store/2aq35w0j03j39m2ylgi6gv3r7n68z8a8-firejail-0.9.70/ depending on firejail derivation. You can’t edit it, all the store is read only.
A solution would be to copy the profile into a read only place, and give the path into the configuration. Why a read only? Because you certainly don’t want a compromised user to have access to the sandbox settings (firejail profile file in this case)
‘firejail’ expands to ‘/nix/store/g9m781hbz7301w7dds4nna6j8mg8nyv1-firejail-0.9.68/bin/firejail’
Howevever, running `ls /nix/store/g9m781hbz7301w7dds4nna6j8mg8nyv1-firejail-0.9.68/bin/firejail’ shows nothing, especially no sub folders or profiles, so i can’t grab the default profile and put it somewhere else.
What am i doing wrong? How can i grab the default profile?
This is related to how nix works, when a package (or anything ending in the nix store) is built, it get assigned a hash (the part before the -) computed from ALL the inputs (packages, metadata) required to create the package.
If anything change for that package, a new hash is created, the package is recreated and you update your system with the new one. I picked a firejail path from my nix store, but if you are not using the same repository version as me, it’s unlikely you get the same.
It’s a bit tricky to find it for firejail because it’s a SUID program, and handled a bit differently by Nix. A quicky way to find something is find /nix/store -type d -name '*firejail*' -maxdepth 1
