Question about Desktop Integration

[FOSSONLY]

According to the man page, it is specified that desktop integration covers, among other things, the execution of files using the icon.

But also all common file managers are isolated by default. That should mean that everything that is executed via file manager should be isolated (via dolphin.profile for example), and therefore also unknown programs without profile? Or is this a thinking error?

[rusty-snake]

Nope, you can see witch programms are firejailed by default, when you run firecfg there are PROGRAMM created lines. If you want to look at it again later you can run ls -l /usr/local/bin every symlink to firejail is an programm that will be executed by default with firejail.

firecfg also does .desktop files fixes that have Exec=/bin/PROGRAMM or DBusActivatable=true (but it have a bug #2624).

Besides: the most filemanagers aren't firejailed by default (but have a profile). You can manualy firejail every programm by default by running sudo ln -s /usr/bin/firejail /usr/local/bin/PROGRAMM

[SkewedZeppelin]

See #1261 for reasoning as to why file managers are not sandboxed by default.

[curiosity-seeker]

Applications are also often unsandboxed if they are referenced in an application as helper applications by using their full path. Which means that their symlinks in /usr/local/bin are bypassed. Example: krusader

[chiraag-nataraj]

Seems like the question was answered, so lemme close this. @FOSSONLY, please feel free to re-open if you have further questions.