programs: sane-sandboxed: avoid reading firejail profiles when the backend isnt firejail

this should provide a marginal perf gain

modules/programs/sane-sandboxed

@@ -3,8 +3,7 @@
 test -n "$SANE_SANDBOX_DEBUG" && set -x
 
 cliArgs=()
-name=
+profilesNamed=()
-firejailProfile=
 rootPaths=()
 homePaths=()
 net=
@@ -25,9 +24,7 @@ loadProfileByPath() {
 }
 
 tryLoadProfileByName() {
-  if [ -z "$name" ]; then
+  profilesNamed+=("$1")
-    name="$1"
-  fi
 
   _profileDirs=(@profileDirs@)
   for _profileDir in "${_profileDirs[@]}"; do
@@ -38,17 +35,6 @@ tryLoadProfileByName() {
       break
     fi
   done
-
-  if [ -z "$firejailProfile" ]; then
-    _fjProfileDirs=(@firejailProfileDirs@)
-    for _fjProfileDir in "${_fjProfileDirs[@]}"; do
-      _fjProfile="$_fjProfileDir/$1.profile"
-      debug "try firejail profile at path: '$_fjProfile'"
-      if [ -f "$_fjProfile" ]; then
-        firejailProfile="$_fjProfile"
-      fi
-    done
-  fi
 }
 
 ## parse CLI args into the variables declared above
@@ -125,8 +111,13 @@ parseArgs() {
 
 ## FIREJAIL BACKEND
 
+firejailName=
+firejailProfile=
+
 firejailIngestRootPath() {
-  firejailFlags+=("--noblacklist=$1" "--whitelist=$1")
+  # XXX: firejail flat-out refuses to whitelist certain root paths
+  #      this exception list is non-exhaustive
+  [ "$1" != "/bin" ] && [ "$1" != "/etc" ] && firejailFlags+=("--noblacklist=$1" "--whitelist=$1")
 }
 firejailIngestHomePath() {
   firejailFlags+=("--noblacklist="'${HOME}/'"$1" "--whitelist="'${HOME}/'"$1")
@@ -137,11 +128,26 @@ firejailIngestNet() {
 firejailIngestDns() {
   firejailFlags+=("--dns=$1")
 }
-firejailIngestName() {
+firejailIngestProfile() {
-  firejailFlags+=("--join-or-start=$1")
+  if [ -z "$firejailName" ]; then
+    firejailName="$1"
+  fi
+  if [ -z "$firejailProfile" ]; then
+    _fjProfileDirs=(@firejailProfileDirs@)
+    for _fjProfileDir in "${_fjProfileDirs[@]}"; do
+      _fjProfile="$_fjProfileDir/$1.profile"
+      debug "try firejail profile at path: '$_fjProfile'"
+      if [ -f "$_fjProfile" ]; then
+        firejailProfile="$_fjProfile"
+      fi
+    done
+  fi
 }
 
 firejailExec() {
+  if [ -n "$firejailName" ]; then
+    firejailFlags+=("--join-or-start=$firejailName")
+  fi
   if [ -n "$firejailProfile" ]; then
     firejailFlags+=("--profile=$firejailProfile")
   fi
@@ -163,8 +169,8 @@ bwrapIngestHomePath() {
   # `test -r` isn't needed here, unless/until i try mounting a symlink like `~/Videos/servo` directly.
   bwrapFlags+=("--dev-bind" "$_path" "$_path")
 }
-bwrapIngestName() {
+bwrapIngestProfile() {
-  echo "bwrap naming/labeling not yet implemented"
+  debug "bwrap doesn't implement profiles"
 }
 # WIP
 
@@ -199,9 +205,9 @@ for _addr in "${dns[@]}"; do
   "$method"IngestDns "$_addr"
 done
 
-if [ -n "$name" ]; then
+for _prof in "${profilesNamed[@]}"; do
-  "$method"IngestName "$name"
+  "$method"IngestProfile "$_prof"
-fi
+done
 
 "$method"Exec