Merge branch 'bugfix/KASM-7197-silence_firefox_security_nag_develop' into 'develop'

Resolve KASM-7197 "Bugfix/ silence firefox security nag develop" Closes KASM-7197 See merge request kasm-technologies/internal/workspaces-images!272
2025-06-19 17:18:37 +02:00 · 2025-05-05 18:34:53 +00:00 · 2025-05-05 18:34:53 +00:00 · 062a0bff63
commit 062a0bff63
parent 4527385e22 f1fe0f9539
2 changed files with 33 additions and 2 deletions
--- a/src/alpine/install/firefox/install_firefox.sh
+++ b/src/alpine/install/firefox/install_firefox.sh
@ -20,6 +20,14 @@ done

 # Creating a default profile
 firefox -headless -CreateProfile "kasm $HOME/.mozilla/firefox/kasm"
+
+# For alpine 3.20 and later, firefox version shows a security nag. Silence it..
+if [ "$(printf '%s\n' 3.20 $(cat /etc/alpine-release) | sort -V | head -n 1)" = "3.20" ]; then
+  echo 'user_pref("security.sandbox.warn_unprivileged_namespaces", false);' > $HOME/.mozilla/firefox/kasm/user.js
+  chown 1000:1000 $HOME/.mozilla/firefox/kasm/user.js
+fi
+
+
 # Generate a certdb to be detected on squid start
 HOME=/root firefox --headless &
 mkdir -p /root/.mozilla
--- a/src/ubuntu/install/firefox/install_firefox.sh
+++ b/src/ubuntu/install/firefox/install_firefox.sh
@ -176,6 +176,10 @@ else
  firefox -headless -CreateProfile "kasm $HOME/.mozilla/firefox/kasm"
 fi

+# Silence Firefox security nag "Some of Firefox's features may offer less protection on your current operating system".
+echo 'user_pref("security.sandbox.warn_unprivileged_namespaces", false);' > $HOME/.mozilla/firefox/kasm/user.js
+chown 1000:1000 $HOME/.mozilla/firefox/kasm/user.js
+
 if [[ "${DISTRO}" == @(oracle8|rockylinux9|rockylinux8|oracle9|rhel9|almalinux9|almalinux8|opensuse|fedora39|fedora40) ]]; then
  set_desktop_icon
 fi
@ -183,8 +187,27 @@ fi
 # Starting with version 67, Firefox creates a unique profile mapping per installation which is hash generated
 #   based off the installation path. Because that path will be static for our deployments we can assume the hash
 #   and thus assign our profile to the default for the installation
-
-if [[ "${DISTRO}" != @(oracle8|rockylinux9|rockylinux8|oracle9|rhel9|almalinux9|almalinux8|opensuse|fedora39|fedora40) ]]; then
+if grep -q "ID=kali" /etc/os-release; then
+cat >>$HOME/.mozilla/firefox/profiles.ini <<EOL
+[Install3B6073811A6ABF12]
+Default=kasm
+Locked=1
+EOL
+elif grep -q "ID=debian" /etc/os-release || grep -q "ID=parrot" /etc/os-release; then
+  if [ "${ARCH}" != "amd64" ]; then
+    cat >>$HOME/.mozilla/firefox/profiles.ini <<EOL
+[Install3B6073811A6ABF12]
+Default=kasm
+Locked=1
+EOL
+  else
+    cat >>$HOME/.mozilla/firefox/profiles.ini <<EOL
+  [Install4F96D1932A9F858E]
+  Default=kasm
+  Locked=1
+EOL
+  fi
+elif [[ "${DISTRO}" != @(oracle8|rockylinux9|rockylinux8|oracle9|rhel9|almalinux9|almalinux8|opensuse|fedora39|fedora40) ]]; then
 cat >>$HOME/.mozilla/firefox/profiles.ini <<EOL
 [Install4F96D1932A9F858E]
 Default=kasm