Several command line options can be passed to the program using
profile files. Firejail chooses the profile file as follows:
1. If a profile file is provided by the user with --profile=FILE
option, the profile FILE is loaded. If a profile name is given,
it is searched for first in the ~/.config/firejail directory and
if not found then in /etc/firejail directory. Profile names do
not include the .profile suffix. If there is a file with the same
name as the given profile name, it will be used instead of doing
the profile search. To force a profile search, prefix the profile
name with a colon (:), eg. --profile=:PROFILE_NAME. Example:
$ firejail --profile=/home/netblue/icecat.profile icecat
Reading profile /home/netblue/icecat.profile
[...]
$ firejail --profile=icecat icecat-wrapper.sh
Reading profile /etc/firejail/icecat.profile
[...]
2. If a profile file with the same name as the application is
present in ~/.config/firejail directory or in /etc/firejail, the
profile is loaded. ~/.config/firejail takes precedence over
/etc/firejail. Example:
$ firejail icecat
Command name #icecat#
Found icecat profile in /home/netblue/.config/firejail
directory
Reading profile
/home/netblue/.config/firejail/icecat.profile
[...]
3. Use default.profile file if the sandbox is started by a
regular user, or server.profile file if the sandbox is started by
root. Firejail looks for these files in ~/.config/firejail
directory, followed by /etc/firejail directory. To disable
default profile loading, use --noprofile command option. Example:
$ firejail
Reading profile /etc/firejail/default.profile
Parent pid 8553, child pid 8554
Child process initialized
[...]
$ firejail --noprofile
Parent pid 8553, child pid 8554
Child process initialized
[...]
See man 5 firejail-profile for profile file syntax information.
