-------- Original Message -------- Subject: Re: [qubes-devel] .desktop files in /usr/local of normal AppVM? Local Time: January 7, 2017 1:19 PM UTC Time: January 7, 2017 5:19 AM From: [email protected] To: [email protected]
Marek Marczykowski-Górecki: > Am I missing anything else? Glad you are asking! :) > I don't see any use case for template-only application > (installed into /usr/local there). But surely somebody will trip over it, > sooner or later. In fact, we at Whonix just recently discussed upon a use case for TemplateVM /usr/local/share/applications so to speak. That is, firejail confinement. For example to enable firejail for firefox one would have to edit /usr/share/applications/firefox-esr.desktop and modify the Exec line to: Exec=firejail /usr/lib/firefox-esr/firefox-esr %u We should avoid editing /usr/share/applications/firefox-esr.desktop directly - because next time firefox is updated (can happen also in Debian stable during firefox security upgrades) - modifications are lost. (Firejail containment gets lost far too easy. And no longer using it at some point is as good/bad as never using it.) So where could we drop the .desktop file override? /usr/local/share/applications/firefox-esr.desktop ? - but you said, /usr/local won't be inherited by TemplateBasedVMs in Qubes 4.0. [Which makes sense.] ~/.local/share/applications/firefox-esr.desktop in TemplateBasedVMs? - Not great, because that would have to be done in every TemplateBased AppVM. I don't think the firejail use case is covered anywhere. Would we have to invent some non-standard folder to cover that use case? For example some file /usr/share/applications-overrides/firefox-esr.desktop in root image? Best regards, Patrick Regarding Firejail, I personally use it with Firefox on my VMs. For the shortcuts I just make a copy of /usr/share/applications/firefox-esr.desktop to /usr/share/applications/firefox-firejail.deskop and modify the Exec line along with the program name (i.e. Firefox -> Firefox With Firejail). This way, it is unlikely to be overwritten by updates, and is easily verified by checking the program name. Of course, updates modifying the .desktop file will not apply to the custom shortcut, but in the case of most applications, this (IMO) doesn't matter too much. --WillyPillow -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/QQM8aSvN_GVeRBgaQZYZQRxJ3GailNslKypGDHGQKXWw0SMxinj5wuwLysjZyZu9OLGtKD6gewj7fBpWildUNTjy0FxLqrDkyUMmi4E7SQE%3D%40nerde.pw. For more options, visit https://groups.google.com/d/optout.
