Disable creation of wrapper for single binary

[WhyNotHugo]

Is your feature request related to a problem? Please describe.

I have a system hook that runs firecfg each time a file is installed into /usr/bin.

However, this re-creates some link in /usr/local/bin that I don't want because sandboxing those applications is problematic.

I do want the links for most binaries, but I want a few exceptions.

Describe the solution you'd like

Some form of configuration file where I can specify names to skip when running firecfg.

Describe alternatives you've considered

Deleting the profiles should be possible, but since those are provided by firejail, they'll get reinstalled on update. I'm not a fan of altering / deleting package-provided files anyway.

It should be possible to instruct the package manager to ignore installing unwanted profiles, but that's not very portable and sounds like a big hack.

Additional context

I mostly want to disable to link in /usr/local/bin/ for some programs where the sandbox does not work well for me or still needs to be refined more.

[reinerh]

firecfg is only creating symlinks for programs/profiles that are mentioned in /etc/firejail/firecfg.config. Does this solve your problem?

[WhyNotHugo]

Kinda... but not really.

I don't like the idea of mutating files provided by system packages (firejail in this case). It makes maintenance and setting up new hosts a bit tricky. For example, the file cannot be provided by a configuration meta-package because the file conflicts (owned by both).

Are you open to discussing more flexible solutions?

One possible approach is putting the file in /usr/share/factory/etc/firejail/firecfg.config and installing it via tmpfiles.d. So if the file is absent, it gets copied to /etc/firejail/firecfg.config at startup, but otherwise is left alone.

Another possible approach is to have a /etc/firejail/firecfg.d/ and place drop-in files in there which can exclude provides (via !mpv, for example).

[rusty-snake]

Duplicate of #2097