AppImageLauncher icon indicating copy to clipboard operation
AppImageLauncher copied to clipboard

Published 20 hours ago verified publisher icon TheAssassin

Run AppImages with firejail if possible

Open TheAssassin opened this issue 7 years ago • 3 comments

Similar to appimaged, when firejail is available, AppImageLauncher should use it to run AppImages.

We need to decide whether to always use firejail or give the user control about this. I personally always prefer to give user control about such features. I could imagine to provide a checkbox in the integration dialog, and add "Enable/Disable firejail" desktop actions, depending on the current state. We could add an additional key to keep the state for this inside the desktop files, and wouldn't need to track the state outside.

Also, in case firejail is enabled, we could provide a "Run without firejail" action so that users don't have to disable and re-enable firejail in such situations. We could further provide a "Run with firejail" option when appropriate, but I don't think this would be of much use, so in case Firejail is disabled for an AppImage, I'd have the user enable support for Firejail again in order to use it. This approach also has a UX component: The entries would have a really similar wording, making it difficult for the user to differentiate between them. As many users don't read the actual entries but recognize different entries with some, I'd say, "visual patterns" they have in mind, we could avoid any accidental mistaken runs this way.

TheAssassin avatar May 14 '18 23:05 TheAssassin

Related to #99.

TheAssassin avatar Jun 29 '19 16:06 TheAssassin

is this issue still being token care of? for now to launch programs with firejail simply modify .desktop file to append firejail --appimage or firejail --profile=/etc/firejail/$PROGRAM-NAME.profile --appimage after Exec= (if your program had corresponding firejail rules, where $PROGRAM-NAME is the program name) and you should be good to go. image

Clicking shortcut runs the appimage inside firejail without an issue. However i believe an appimage update will override/revert this change. So the only missing part would be maintaining firejail launch prefix across appimage update.

ghost avatar Feb 12 '21 17:02 ghost

Good idea is to add support for another folder for Appimages that should be Firejailed, for example: ~/.config/appimagelauncher.cfg:

[AppImageLauncher]
# destination = ~/Applications
# destination_jail = ~/Applications-jailed
# enable_daemon = true

Thus, e.g. for an ~/Applications-jailed/jailed-app.Appimage the .desktop file should be the way appimaged does it:

...
Exec=firejail --env=DESKTOPINTEGRATION=AppImageLauncher --noprofile --appimage /home/user/Applications-jailed/jailed-app.Appimage -- %U
...

Flashwalker avatar Aug 06 '22 22:08 Flashwalker