Applies to:

Platform: Linux
Device types: BYOD and company-owned devices
Minimum OS: Linux
Swif policy: Linux Firefox Extension Policy

This policy lets you centrally manage Firefox extensions on Linux devices using Swif. You can:

Turn on the Swif Firefox Extension with one click
Silently install specific Firefox extensions
Uninstall disallowed or legacy extensions
Lock critical extensions so users cannot remove or disable them

Use this policy when you want consistent Firefox behavior across Linux endpoints (for example, to fulfill security/compliance requirements or prospect requests such as Rapyd).

Policy Fields in Swif

1. Swif Extension

Display name: Swif Extension
Type: Toggle (On / Off)
Description: Enable Swif Firefox Extension.

Behavior

On – Swif configures Firefox policies on Linux to install and enable the Swif Firefox extension (where supported on the device).
Off – Swif does not enforce the Swif Firefox extension via this policy.

Recommended: Turn this On for managed Linux devices where you rely on Swif’s browser-based discovery or access controls.

2. Install

Display name: Install
Type: List of text values (array of strings)
Description: A list of URLs or native paths for extensions to be installed.

Use this field to define which Firefox extensions will be silently installed by policy on Linux.

Each entry can be either:

A URL to the extension package (XPI file), or
A native path on disk where the extension package is stored.

Examples

/opt/swif/extensions/swif-access-discovery.xpi 
/mnt/shared/firefox/security-addon.xpi 
https://addons.mozilla.org/firefox/downloads/latest/swif-access-discovery/addon-18837729-latest.xpi 
https://extensions.mycompany.com/firefox/security-addon.xpi

On Linux, Swif writes Firefox policies under /etc/firefox/policies/. The Install list is used to populate the Extensions.Install array in the Firefox policy JSON. Ensure that:

Each entry is a valid and reachable URL or path for the Linux device.
The field is an array (list) of strings, not null. For example, Swif will generate:

"Extensions": {
  "Install": [
    "https://addons.mozilla.org/firefox/downloads/latest/swif-access-discovery/addon-18837729-latest.xpi"
  ],
  "Uninstall": [],
  "Locked": [
    "swif-extension@swifteam.com"
  ]
}

Important: An empty list must be [], not null. Using "Uninstall": null or "Locked": null may break Firefox policy parsing.

3. Uninstall

Display name: Uninstall
Type: List of text values (array of strings)
Description: A list of extension IDs that should be uninstalled if found.

Use this field to remove unwanted or unapproved Firefox extensions from Linux devices.

Each entry must be a Firefox extension ID.

Examples

bad-extension@example.com 
legacy-toolbar@oldvendor.com 
unapproved-addon@corp.local

When the Linux Firefox Extension Policy is applied:

If any installed extension matches an ID in Uninstall, Firefox will remove it.
The field should be a list; if you have no IDs to uninstall, leave it empty in Swif (it will be written as "Uninstall": [] in the underlying JSON).

4. Locked

Display name: Locked
Type: List of text values (array of strings)
Description: A list of extension IDs that the user cannot disable or uninstall.

Use this field to enforce critical extensions on Linux devices. Locked extensions:

Cannot be disabled from about:addons
Cannot be uninstalled by the user

Each value is a Firefox extension ID.

Examples

swif-extension@swifteam.com 
security-addon@mycompany.com 
compliance-monitor@corp.local

A common pattern is:

Add the extension’s URL or path to Install, and
Add the extension’s ID to Locked.

This ensures the extension is installed and remains active.

Where the Policy is Applied on Linux

On Linux, Firefox enterprise policies are typically read from:

/etc/firefox/policies/policies.json

Swif’s Linux agent manages this file for you. If you are troubleshooting:

Check /etc/firefox/policies/ for policies.json.
Confirm that Extensions.Install, Extensions.Uninstall, and Extensions.Locked match your Swif policy configuration.
If you changed configuration and want to force a clean state, you can remove old policy files under /etc/firefox/policies/* and let Swif re-apply the policy.

This technique was used during QA verification of this policy and can help clear stale or invalid policy files.

How to Find URLs or Native Paths for Firefox Extensions (Linux)

The Install field entries must point to a real XPI package that Linux devices can reach.

Option 1: Internal Linux Filesystem or Shared Mount

If you distribute extensions via packages or shared directories:

Ensure the XPI file is deployed to a consistent path on all Linux devices, such as:
- /opt/swif/extensions/swif-access-discovery.xpi
- /usr/local/share/firefox-addons/security-addon.xpi
- A mounted network share (e.g. /mnt/company-extensions/security-addon.xpi)
On a test Linux device, run:
ls -l /opt/swif/extensions/
Copy the absolute path to the XPI file.
Paste that path as a new line in the Install list in Swif.

Example Install list using native paths

/opt/swif/extensions/swif-access-discovery.xpi 
/usr/local/share/firefox-addons/compliance-monitor.xpi

Option 2: Internal Web Server (HTTP/HTTPS)

If you host extensions on an internal server:

Open the extension URL in Firefox on a test Linux device. Example:
https://extensions.mycompany.com/firefox/security-addon.xpi
Confirm that the file downloads and that Firefox can install it.
Use that exact HTTPS URL as an entry in the Install field.

Example Install list using URLs

https://addons.mozilla.org/firefox/downloads/latest/swif-access-discovery/addon-18837729-latest.xpi 
https://extensions.mycompany.com/firefox/security-addon.xpi

Note: For enterprise deployments, it’s common to host XPI files internally rather than relying on the public AMO UI for silent installs.

Option 3: Extracting from a Local Firefox Profile (for Packaging)

If you manually installed an extension on a Linux test device and want to turn it into a centrally managed extension:

Locate your Firefox profile directory. On Linux, it’s usually:
~/.mozilla/firefox/
List profiles:
ls ~/.mozilla/firefox
You’ll see directories like xxxxx.default-release.
Go into the profile directory and look for extensions:
cd ~/.mozilla/firefox/xxxxx.default-release ls extensions
Inside extensions, you’ll often see:
- .xpi files, and/or
- Directories named with the extension ID.
Copy the .xpi file to a shared path or internal web server.
Use the new shared path or URL in the Install list.

How to Find Firefox Extension IDs (Linux)

The Uninstall and Locked fields require extension IDs. You can obtain these IDs the same way on Linux as on other platforms; only file paths differ slightly.

Method 1: Firefox Add-ons Manager (`about:addons`)

Open Firefox on a Linux device.
In the address bar, go to:
about:addons
Click Extensions.
For each extension:
- Click the extension name or More / Manage.
- Check if the ID or a support/technical details section is exposed (this varies by extension).

If visible, copy the extension ID and paste it into:

Uninstall – to remove it on managed devices, or
Locked – to enforce it and prevent removal.

Method 2: Firefox Troubleshooting Information (`about:support`)

In Firefox, open a new tab.
Go to:
about:support
Scroll down to the Extensions section.
Locate the extension by name.
Look for a field named ID.

Example:

Name: Swif Access Discovery ID: swif-extension@swifteam.com

Use the ID value (swif-extension@swifteam.com) in the Uninstall or Locked lists.

Method 3: Reading `manifest.json` / `install.rdf` from the Extension Package

If you have the extension XPI file:

Copy the XPI to a working directory on a Linux device, e.g.:

cp /opt/swif/extensions/swif-access-discovery.xpi /tmp/swif-extension.xpi 
cd /tmp

Treat it as a ZIP archive and extract:

unzip swif-extension.xpi -d swif-extension 
cd swif-extension

Inspect the manifest. For modern WebExtensions, open manifest.json:
cat manifest.json | grep -A5 browser_specific_settings
Look for:
```
"browser_specific_settings": {
  "gecko": {
    "id": "swif-extension@swifteam.com"
  }
}
```
Use the "id" value as the extension ID in Uninstall or Locked.

For older extensions that use install.rdf, look for:

<em:id>my-extension@example.com</em:id>

Configuration Examples

Example 1: Enforce Swif Extension Only

Goal: Ensure Swif Firefox extension is installed and active on Linux devices.

Swif Extension: On

Install:

https://addons.mozilla.org/firefox/downloads/latest/swif-access-discovery/addon-18837729-latest.xpi

Uninstall: (empty)
Locked:
swif-extension@swifteam.com

Result:

Swif extension is installed on Linux Firefox via policies.
Users cannot disable or remove it.

Example 2: Enforce Multiple Security Extensions and Remove a Legacy One

Goal: Deploy security extensions, lock them, and remove an old toolbar.

Swif Extension: On

Install:

/opt/swif/extensions/swif-access-discovery.xpi 
/usr/local/share/firefox-addons/security-addon.xpi

Uninstall:
legacy-toolbar@oldvendor.com
Locked:
swif-extension@swifteam.com security-addon@mycompany.com

Result:

Swif and the security addon are installed and locked.
A known-bad legacy toolbar is removed wherever it exists.

Troubleshooting Tips (Linux)

Extension not installing?
- Confirm the path or URL in Install is valid and reachable from the Linux device.
- Check /etc/firefox/policies/policies.json to make sure Extensions.Install lists are correct and that "Uninstall" and "Locked" are arrays ([]) instead of null.
- Remove stale files in /etc/firefox/policies/* and let Swif re-apply the policy if necessary.
Changes not visible in Firefox?
- Restart Firefox.
- On some Linux distributions, you may need to fully quit the process (not just close a window).