Hi, now that jcs@'s work has been commited upstream and will be in firefox 72 (cf https://bugzilla.mozilla.org/show_bug.cgi?id=1580268, https://bugzilla.mozilla.org/show_bug.cgi?id=1584839 & https://bugzilla.mozilla.org/show_bug.cgi?id=1580271) i've backported all the corresponding commits to the upcoming 71 release (due beginning of december) in my git repo (in the unveil branch) and adapted the corresponding pledge/unveil per-process configs - cf https://cgit.rhaalovely.net/mozilla-firefox/?h=unveil
see https://cgit.rhaalovely.net/mozilla-firefox/tree/pkg/README?h=unveil#n17 for the details on the configuration, and note that this will break/ignore the file associations configured in firefox, relying on xdg-open to rely on the file associations configured via xdg-mime. https://cgit.rhaalovely.net/mozilla-firefox/tree/pkg/README?h=unveil#n68 has more bits on specific logging/debugging. https://packages.rhaalovely.net/ has amd64 pkgs for 71.0b8 built from this branch, and i'm running it now. This needs more testing from anyone actually using firefox in weird environments so that we figure out more missing paths. Landry
