Marek Marczykowski-Górecki: > Am I missing anything else? Glad you are asking! :)
> I don't see any use case for template-only application > (installed into /usr/local there). But surely somebody will trip over it, > sooner or later. In fact, we at Whonix just recently discussed upon a use case for TemplateVM /usr/local/share/applications so to speak. That is, firejail confinement. For example to enable firejail for firefox one would have to edit /usr/share/applications/firefox-esr.desktop and modify the Exec line to: Exec=firejail /usr/lib/firefox-esr/firefox-esr %u We should avoid editing /usr/share/applications/firefox-esr.desktop directly - because next time firefox is updated (can happen also in Debian stable during firefox security upgrades) - modifications are lost. (Firejail containment gets lost far too easy. And no longer using it at some point is as good/bad as never using it.) So where could we drop the .desktop file override? /usr/local/share/applications/firefox-esr.desktop ? - but you said, /usr/local won't be inherited by TemplateBasedVMs in Qubes 4.0. [Which makes sense.] ~/.local/share/applications/firefox-esr.desktop in TemplateBasedVMs? - Not great, because that would have to be done in every TemplateBased AppVM. I don't think the firejail use case is covered anywhere. Would we have to invent some non-standard folder to cover that use case? For example some file /usr/share/applications-overrides/firefox-esr.desktop in root image? Best regards, Patrick -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/eab40a74-6105-3f24-d8a3-75ab9210af34%40riseup.net. For more options, visit https://groups.google.com/d/optout.
