This is a feature request Firefox only reads policies from a system directory. In Fleet Commander we need a way to deploy policies for the users in a user basis. The way to do this could be to make firefox to read the policies file from /run/user/$PID/firefox/policies.json So Fleet Commander could deploy that file and firefox apply the policies there.
(In reply to Oliver Gutiérrez from comment #0) > This is a feature request > > Firefox only reads policies from a system directory. In Fleet Commander we > need a way to deploy policies for the users in a user basis. > > The way to do this could be to make firefox to read the policies file from > > /run/user/$PID/firefox/policies.json $PID is pid of firefox process or user ID?
Oops, Typo. It is the User ID $UID. Thanks for noticing
Upstream bug - https://bugzilla.mozilla.org/show_bug.cgi?id=1583466
Added to firefox-69.0.1-4
firefox-69.0.1-4 has been built for all Fedoras - https://koji.fedoraproject.org/koji/packageinfo?packageID=37 - can you please check if that fixes your use case? Thanks.
New packages are built for it - firefox-69.0.1-5.
I've checked the packages again and did not work. Same result as the first test. Firefox is not loading the file at /run/user/$UID/firefox/policies.json I add the full log of things I did. (downloaded files from koji, installed them and closed all firefox instances) [oliver@t480s Downloads]$ sudo dnf reinstall ./firefox-* Last metadata expiration check: 0:00:19 ago on lun 30 sep 2019 15:14:29 WEST. Dependencies resolved. ====================================================================================== Package Architecture Version Repository Size ====================================================================================== Reinstalling: firefox x86_64 69.0.1-4.fc30 @commandline 95 M firefox-wayland x86_64 69.0.1-4.fc30 @commandline 22 k Transaction Summary ====================================================================================== Total size: 95 M Installed size: 267 M Is this ok [y/N]: y Downloading Packages: Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Running scriptlet: firefox-69.0.1-4.fc30.x86_64 1/1 Preparing : 1/1 Reinstalling : firefox-69.0.1-4.fc30.x86_64 1/4 Running scriptlet: firefox-69.0.1-4.fc30.x86_64 1/4 Reinstalling : firefox-wayland-69.0.1-4.fc30.x86_64 2/4 Cleanup : firefox-wayland-69.0.1-4.fc30.x86_64 3/4 Running scriptlet: firefox-69.0.1-4.fc30.x86_64 4/4 Cleanup : firefox-69.0.1-4.fc30.x86_64 4/4 Running scriptlet: firefox-69.0.1-4.fc30.x86_64 4/4 Verifying : firefox-69.0.1-4.fc30.x86_64 1/4 Verifying : firefox-69.0.1-4.fc30.x86_64 2/4 Verifying : firefox-wayland-69.0.1-4.fc30.x86_64 3/4 Verifying : firefox-wayland-69.0.1-4.fc30.x86_64 4/4 Reinstalled: firefox-69.0.1-4.fc30.x86_64 firefox-wayland-69.0.1-4.fc30.x86_64 Complete! [oliver@t480s Downloads]$ strace firefox --new-instance --ProfileManager 2>&1| grep policies access("/etc/crypto-policies/back-ends/nss.config", R_OK) = 0 openat(AT_FDCWD, "/etc/crypto-policies/back-ends/nss.config", O_RDONLY) = 84 ^C [oliver@t480s Downloads]$ firefox --version Mozilla Firefox 69.0.1 [oliver@t480s Downloads]$ cat /run/user/1000/firefox/policies.json { "policies": { "Bookmarks": [ { "Title": "Test bookmark", "URL": "https://example.com", "Favicon": "https://example.com/favicon.ico", "Placement": "toolbar" | "menu", "Folder": "FolderName" } ] } } [oliver@t480s Downloads]$
(In reply to Oliver Gutiérrez from comment #7) Works for me when I create new profile. It's not added to my old profile. > [oliver@t480s Downloads]$ cat /run/user/1000/firefox/policies.json > { > "policies": { > "Bookmarks": [ > { > "Title": "Test bookmark", > "URL": "https://example.com", > "Favicon": "https://example.com/favicon.ico", > "Placement": "toolbar" | "menu", > "Folder": "FolderName" > } > ] > } > } "Placement": "toolbar" | "menu" does not work for me, I get "JSON parsing error". Works "Placement": "menu" > [oliver@t480s Downloads]$
Ok. I copied the policies from the samples at policies documentation and did not noticed it is one or another. Thought it was all one string value and firefox was able to parse as both places. On the other hand, the policies running only on new profile creation works, but the idea with all this is to have the policies applied on every run, because from a sysadmin perspective, you need to control the users computers, and if you can not modify the already existing profiles, it just works as an "skel". I created this bug upstream to discuss about this. https://bugzilla.mozilla.org/show_bug.cgi?id=1585324
The feature was implemented and it is working as expected.
Hello! It's not work for me. Firefox 78.0.1, option `pref("browser.policies.perUserDir", true);` by default in `/usr/lib64/firefox/browser/defaults/preferences/firefox-redhat-default-prefs.js`. I make `/run/user/<UID>/firefox/policies.json` and run firefox with strace `strace -e trace=file -ff -o log firefox`. And I doesn't see reading user directory in strace logs: # grep 'policies.json' log.* log.3430:access("/etc/firefox/policies/policies.json", F_OK) = -1 ENOENT (No such file or directory) log.3430:openat(AT_FDCWD, "/usr/lib64/firefox/distribution/policies.json", O_RDONLY) = -1 ENOENT (No such file or directory)
The option is "toolkit.policies.perUserDir" not "browser..."