Support bash or AppArmor like variables

[curiosityseeker]

@rusty-snake 's proposal to support aliases gave me the idea to propose the support of variables in Firejail.

I once saw this neat trick in an AppArmor profile for LibreOffice:

@{libo_user_dirs} = @{HOME} /mnt /media
@{libreoffice_ext} = [mM][mM][lL] [tT][iI][fF] [xX][mMsS][lL] {,f,F}[oO][dDtT][tTsSpPbBgGfF] [jJ][pP][eE][gG] [tT][iI][fF][fF] [sS][vV][gG] [pP][dD][fF] [sS][wW][fF] {,x,X}[hH][tT][mM]{,l,L} [pP][pP][tTsS]{,x,X} [rR][tT][fF] [tT][xX][tT] [sS][vV][gG][zZ] [dD][iIbB][fF] [jJ][pP][gG] [pP][nN][gG] [pP][sS][dD] [cCtT][sS][vV] [sS][lL][kK] [sS][dD][wW] [uU][oO][fFtTsSpP] [xX][lL][sSwWtT]{,x,X} [dD][oO][cCtT]{,x,X} [pP][oO][tT]{,m,M}

...
owner @{libo_user_dirs}/**.@{libreoffice_ext} rwk, #Open files rw with the right exts
owner @{libo_user_dirs}/**/ rw, #allow creating directories that we own
owner @{libo_user_dirs}/**~lock.* rw, #lock file support

Since then I'm using a similar approach in several of my AppArmor profiles.

I think supporting something similar in Firejail - in combination with globbing - would make writing profiles easier and, at the same time, more powerful. Above example illustrates how whitelisting files with specific extensions could be facilitated.

[rusty-snake]

I just read @curiosityseeker variable proposal and felt remind to rpm's macros. At the end all three (aliases, variables, macros (not the static once we now have)) are the same, dynamical generated profiles.

[rusty-snake]

FWIW: https://github.com/sailfishos/firejail/blob/master/rpm/0004-Implement-template-addition-for-replacing-keys-in-pr.patch