Bug 1754460

(In reply to Oliver Gutiérrez from comment #0)
> This is a feature request
> 
> Firefox only reads policies from a system directory. In Fleet Commander we
> need a way to deploy policies for the users in a user basis.
> 
> The way to do this could be to make firefox to read the policies file from 
> 
> /run/user/$PID/firefox/policies.json

$PID is pid of firefox process or user ID?

Oops, Typo. It is the User ID $UID.

Thanks for noticing

Upstream bug - https://bugzilla.mozilla.org/show_bug.cgi?id=1583466

Added to firefox-69.0.1-4

firefox-69.0.1-4 has been built for all Fedoras - https://koji.fedoraproject.org/koji/packageinfo?packageID=37 - can you please check if that fixes your use case?
Thanks.

New packages are built for it - firefox-69.0.1-5.

I've checked the packages again and did not work.

Same result as the first test. Firefox is not loading the file at /run/user/$UID/firefox/policies.json

I add the full log of things I did.

(downloaded files from koji, installed them and closed all firefox instances)

[oliver@t480s Downloads]$ sudo dnf reinstall ./firefox-* 
Last metadata expiration check: 0:00:19 ago on lun 30 sep 2019 15:14:29 WEST.
Dependencies resolved.
======================================================================================
 Package                Architecture  Version               Repository           Size
======================================================================================
Reinstalling:
 firefox                x86_64        69.0.1-4.fc30         @commandline         95 M
 firefox-wayland        x86_64        69.0.1-4.fc30         @commandline         22 k

Transaction Summary
======================================================================================

Total size: 95 M
Installed size: 267 M
Is this ok [y/N]: y
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Running scriptlet: firefox-69.0.1-4.fc30.x86_64                                 1/1 
  Preparing        :                                                              1/1 
  Reinstalling     : firefox-69.0.1-4.fc30.x86_64                                 1/4 
  Running scriptlet: firefox-69.0.1-4.fc30.x86_64                                 1/4 
  Reinstalling     : firefox-wayland-69.0.1-4.fc30.x86_64                         2/4 
  Cleanup          : firefox-wayland-69.0.1-4.fc30.x86_64                         3/4 
  Running scriptlet: firefox-69.0.1-4.fc30.x86_64                                 4/4 
  Cleanup          : firefox-69.0.1-4.fc30.x86_64                                 4/4 
  Running scriptlet: firefox-69.0.1-4.fc30.x86_64                                 4/4 
  Verifying        : firefox-69.0.1-4.fc30.x86_64                                 1/4 
  Verifying        : firefox-69.0.1-4.fc30.x86_64                                 2/4 
  Verifying        : firefox-wayland-69.0.1-4.fc30.x86_64                         3/4 
  Verifying        : firefox-wayland-69.0.1-4.fc30.x86_64                         4/4 

Reinstalled:
  firefox-69.0.1-4.fc30.x86_64          firefox-wayland-69.0.1-4.fc30.x86_64         

Complete!
[oliver@t480s Downloads]$ strace firefox --new-instance --ProfileManager 2>&1| grep policies
access("/etc/crypto-policies/back-ends/nss.config", R_OK) = 0
openat(AT_FDCWD, "/etc/crypto-policies/back-ends/nss.config", O_RDONLY) = 84
^C
[oliver@t480s Downloads]$ firefox --version
Mozilla Firefox 69.0.1
[oliver@t480s Downloads]$ cat /run/user/1000/firefox/policies.json 
{
  "policies": {
    "Bookmarks": [
      {
        "Title": "Test bookmark",
        "URL": "https://example.com",
        "Favicon": "https://example.com/favicon.ico",
        "Placement": "toolbar" | "menu",
        "Folder": "FolderName"
      }
    ]
  }
}
[oliver@t480s Downloads]$

(In reply to Oliver Gutiérrez from comment #7)

Works for me when I create new profile. It's not added to my old profile.


> [oliver@t480s Downloads]$ cat /run/user/1000/firefox/policies.json 
> {
>   "policies": {
>     "Bookmarks": [
>       {
>         "Title": "Test bookmark",
>         "URL": "https://example.com",
>         "Favicon": "https://example.com/favicon.ico",
>         "Placement": "toolbar" | "menu",
>         "Folder": "FolderName"
>       }
>     ]
>   }
> }

"Placement": "toolbar" | "menu" does not work for me, I get "JSON parsing error". 

Works "Placement": "menu"

> [oliver@t480s Downloads]$

Ok. I copied the policies from the samples at policies documentation and did not noticed it is one or another. Thought it was all one string value and firefox was able to parse as both places.

On the other hand, the policies running only on new profile creation works, but the idea with all this is to have the policies applied on every run, because from a sysadmin perspective, you need to control the users computers, and if you can not modify the already existing profiles, it just works as an "skel".

I created this bug upstream to discuss about this.

https://bugzilla.mozilla.org/show_bug.cgi?id=1585324

The feature was implemented and it is working as expected.

Hello! It's not work for me. Firefox 78.0.1, option `pref("browser.policies.perUserDir", true);` by default in `/usr/lib64/firefox/browser/defaults/preferences/firefox-redhat-default-prefs.js`. I make `/run/user/<UID>/firefox/policies.json` and run firefox with strace `strace -e trace=file -ff -o log firefox`. And I doesn't see reading user directory in strace logs: 

# grep 'policies.json' log.*
 log.3430:access("/etc/firefox/policies/policies.json", F_OK) = -1 ENOENT (No such file or directory)
 log.3430:openat(AT_FDCWD, "/usr/lib64/firefox/distribution/policies.json", O_RDONLY) = -1 ENOENT (No such file or directory)

The option is "toolkit.policies.perUserDir" not "browser..."