diff options
author | York Zhao <gtdplatform@gmail.com> | 2021-12-17 12:53:39 -0500 |
---|---|---|
committer | York Zhao <gtdplatform@gmail.com> | 2021-12-17 14:11:47 -0500 |
commit | b91e2ff9cc0c704c7322174f9e749d4184516d93 (patch) | |
tree | 07669c63930642b97b3306407d177488d5786fba | |
parent | RELNOTES: s/deprecated/removed/ (diff) | |
download | firejail-b91e2ff9cc0c704c7322174f9e749d4184516d93.tar.gz firejail-b91e2ff9cc0c704c7322174f9e749d4184516d93.tar.zst firejail-b91e2ff9cc0c704c7322174f9e749d4184516d93.zip |
Whitelist ${HOME}/.local/opt/tor-browser to make tor-browser work
tor-browser 11.0.2-1 doesn't work without whitelisting this directory. The
following was the message I got before whitelisting this directory.
Reading profile /etc/firejail/tor-browser.profile
Reading profile /etc/firejail/torbrowser-launcher.profile
Reading profile /etc/firejail/allow-python2.inc
Reading profile /etc/firejail/allow-python3.inc
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Reading profile /etc/firejail/whitelist-runuser-common.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Warning: Warning: NVIDIA card detected, nogroups command disabled
Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
Parent pid 12653, child pid 12654
104 programs installed in 153.32 ms
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Warning: skipping asound.conf for private /etc
Warning: skipping crypto-policies for private /etc
Warning fcopy: skipping /etc/fonts/conf.d/11-lcdfilter-default.conf, cannot find inode
Warning: skipping pki for private /etc
Private /etc installed in 64.84 ms
Private /usr/etc installed in 0.00 ms
Warning: cleaning all supplementary groups
Warning: cleaning all supplementary groups
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Warning: cleaning all supplementary groups
Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
Warning: cleaning all supplementary groups
Child process initialized in 325.75 ms
/usr/bin/tor-browser: [Error] The tor-browser archive could not be extracted to your home directory.
Check the permissions of ~/.local/opt/tor-browser/app.
The error log can be found in ~/.local/opt/tor-browser/LOG.
/usr/bin/tor-browser: line 218: ~/.local/opt/tor-browser/app/Browser/start-tor-browser: No such file or directory
-rw-r--r-- | etc/inc/disable-common.inc | 2 | ||||
-rw-r--r-- | etc/profile-m-z/tor-browser.profile | 3 |
2 files changed, 5 insertions, 0 deletions
diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc index 3ec13e482..b1ec25987 100644 --- a/etc/inc/disable-common.inc +++ b/etc/inc/disable-common.inc | |||
@@ -630,3 +630,5 @@ blacklist ${RUNUSER}/inaccessible | |||
630 | blacklist ${RUNUSER}/pk-debconf-socket | 630 | blacklist ${RUNUSER}/pk-debconf-socket |
631 | blacklist ${RUNUSER}/update-notifier.pid | 631 | blacklist ${RUNUSER}/update-notifier.pid |
632 | 632 | ||
633 | # tor-browser | ||
634 | blacklist ${HOME}/.local/opt/tor-browser | ||
diff --git a/etc/profile-m-z/tor-browser.profile b/etc/profile-m-z/tor-browser.profile index 76a0e1fa5..13f422b0a 100644 --- a/etc/profile-m-z/tor-browser.profile +++ b/etc/profile-m-z/tor-browser.profile | |||
@@ -7,9 +7,12 @@ include tor-browser.local | |||
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser | 9 | noblacklist ${HOME}/.tor-browser |
10 | noblacklist ${HOME}/.local/opt/tor-browser | ||
10 | 11 | ||
11 | mkdir ${HOME}/.tor-browser | 12 | mkdir ${HOME}/.tor-browser |
12 | whitelist ${HOME}/.tor-browser | 13 | whitelist ${HOME}/.tor-browser |
14 | mkdir ${HOME}/.local/opt/tor-browser | ||
15 | whitelist ${HOME}/.local/opt/tor-browser | ||
13 | 16 | ||
14 | # Redirect | 17 | # Redirect |
15 | include torbrowser-launcher.profile | 18 | include torbrowser-launcher.profile |