[Feature request] Bundling LibreWolf with Firejail
It would be very useful if LibreWolf would have Firejail as a dependency. This would add "Sandboxing" as "Main Feature".
Sandboxing is an important security element, especially for browsers, and can limit or forestall damage exploits of vulnerabilities can cause and even prevent some vulnerabilities. Adding this to LibreWolf would make it very easy for users to make use of this, giving people a far better reason to install LibreWolf.
It's just a perfect thing to use for Librewolf as its focus also is "on privacy, security". Because Firejail is for GNU/Linux only, the main feature tile "Sandboxing" of the website would include a small note like "For Linux users".
I think this would need to get implemented differently per platform. If possible, it would be best if it installed from backports for Debian so a newer version of Firejail gets installed if it's not already installed.
Beyond making sure that firejail is installed after installing LibreWolf, the launch command of the .desktop file would also need to get changed to for example firejail /usr/share/librewolf/librewolf.
Edit: if you want to give it a try on Debian this how:
- On Debian the command to install the latest version from backports would be:
sudo apt install -t bullseye-backports firejail firejail-profiles
(on other distros the command to install is shorter and in a few months you could probably also install it from bullseye) - then one can run it (it automatically uses the profile) by
firejail /usr/share/librewolf/librewolf
(orfirejail librewolf; this would be set in the .desktop file which is used to launch the app) - only until in a few months you may have to replace the firejail profile with the latest profile because it's not yet in the repositories:
copy the content of https://github.com/netblue30/firejail/blob/master/etc/profile-a-l/librewolf.profile into /etc/firejail/librewolf.profile
It could be useful to first add a short note about firejail to the FAQ such as To sandbox the browser for additional security you can do this: sudo apt install -t bullseye-backports firejail firejail-profiles and then change the launcher's command to firejail librewolf.