tor flavours

author: Your Name <you@example.com> 2017-12-30 16:34:44 -0400
committer: Your Name <you@example.com> 2017-12-30 16:34:44 -0400
commit: dbb8a4568ec21b563cf6face932add5af4144334 (patch)
tree: 3ba4f8a156584f358dd0bbf8841af941a7b364dc
parent: README (diff)
download: firejail-dbb8a4568ec21b563cf6face932add5af4144334.tar.gz
firejail-dbb8a4568ec21b563cf6face932add5af4144334.tar.zst
firejail-dbb8a4568ec21b563cf6face932add5af4144334.zip
15 files changed, 538 insertions, 4 deletions
diff --git a/etc/tor-browser-ar.profile b/etc/tor-browser-ar.profile
new file mode 100644
index 000000000..4f635166a
--- /dev/null
+++ b/etc/tor-browser-ar.profile
@@ -0,0 +1,36 @@
+# Firejail profile for tor-browser-ar from the Arch User Repository:
+blacklist /usr/local/bin
+blacklist /boot
+blacklist /media
+blacklist /mnt
+blacklist /opt
+blacklist /var
+private-bin bash,grep,sed,tail,tor-browser-ar,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr
+whitelist ${HOME}/.tor-browser-ar
+whitelist /dev/dri
+whitelist /dev/full
+whitelist /dev/null
+whitelist /dev/ptmx
+whitelist /dev/pts
+whitelist /dev/random
+whitelist /dev/shm
+whitelist /dev/snd
+whitelist /dev/tty
+whitelist /dev/urandom
+whitelist /dev/video0
+whitelist /dev/zero
+whitelist ~/Downloads
+# FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!)
+# https://github.com/netblue30/firejail/issues/955
+private-etc X11,pulse,machine-id
+private-tmp
+noexec /tmp
+shell none
+seccomp
+noroot
+caps.drop all
diff --git a/etc/tor-browser-en-us.profile b/etc/tor-browser-en-us.profile
new file mode 100644
index 000000000..762925655
--- /dev/null
+++ b/etc/tor-browser-en-us.profile
@@ -0,0 +1,36 @@
+# Firejail profile for tor-browser-en-us from the Arch User Repository:
+blacklist /usr/local/bin
+blacklist /boot
+blacklist /media
+blacklist /mnt
+blacklist /opt
+blacklist /var
+private-bin bash,grep,sed,tail,tor-browser-en-us,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr
+whitelist ${HOME}/.tor-browser-en-us
+whitelist /dev/dri
+whitelist /dev/full
+whitelist /dev/null
+whitelist /dev/ptmx
+whitelist /dev/pts
+whitelist /dev/random
+whitelist /dev/shm
+whitelist /dev/snd
+whitelist /dev/tty
+whitelist /dev/urandom
+whitelist /dev/video0
+whitelist /dev/zero
+whitelist ~/Downloads
+# FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!)
+# https://github.com/netblue30/firejail/issues/955
+private-etc X11,pulse,machine-id
+private-tmp
+noexec /tmp
+shell none
+seccomp
+noroot
+caps.drop all
diff --git a/etc/tor-browser-en.profile b/etc/tor-browser-en.profile
index bf3a80139..b2bd2c5e9 100644
--- a/etc/tor-browser-en.profile
+++ b/etc/tor-browser-en.profile
@@ -1,6 +1,36 @@
-# Firejail profile alias for torbrowser-launcher
+# Firejail profile for tor-browser-en from the Arch User Repository:
-# This file is overwritten after every install/update
-# Redirect
+blacklist /usr/local/bin
-include /etc/firejail/torbrowser-launcher.profile
+blacklist /boot
+blacklist /media
+blacklist /mnt
+blacklist /opt
+blacklist /var
+private-bin bash,grep,sed,tail,tor-browser-en,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr
+whitelist ${HOME}/.tor-browser-en
+whitelist /dev/dri
+whitelist /dev/full
+whitelist /dev/null
+whitelist /dev/ptmx
+whitelist /dev/pts
+whitelist /dev/random
+whitelist /dev/shm
+whitelist /dev/snd
+whitelist /dev/tty
+whitelist /dev/urandom
+whitelist /dev/video0
+whitelist /dev/zero
+whitelist ~/Downloads
+# FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!)
+# https://github.com/netblue30/firejail/issues/955
+private-etc X11,pulse,machine-id
+private-tmp
+noexec /tmp
+shell none
+seccomp
+noroot
+caps.drop all
diff --git a/etc/tor-browser-es-es.profile b/etc/tor-browser-es-es.profile
new file mode 100644
index 000000000..f332b2cac
--- /dev/null
+++ b/etc/tor-browser-es-es.profile
@@ -0,0 +1,36 @@
+# Firejail profile for tor-browser-es-es from the Arch User Repository:
+blacklist /usr/local/bin
+blacklist /boot
+blacklist /media
+blacklist /mnt
+blacklist /opt
+blacklist /var
+private-bin bash,grep,sed,tail,tor-browser-es-es,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr
+whitelist ${HOME}/.tor-browser-es-es
+whitelist /dev/dri
+whitelist /dev/full
+whitelist /dev/null
+whitelist /dev/ptmx
+whitelist /dev/pts
+whitelist /dev/random
+whitelist /dev/shm
+whitelist /dev/snd
+whitelist /dev/tty
+whitelist /dev/urandom
+whitelist /dev/video0
+whitelist /dev/zero
+whitelist ~/Downloads
+# FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!)
+# https://github.com/netblue30/firejail/issues/955
+private-etc X11,pulse,machine-id
+private-tmp
+noexec /tmp
+shell none
+seccomp
+noroot
+caps.drop all
diff --git a/etc/tor-browser-es.profile b/etc/tor-browser-es.profile
new file mode 100644
index 000000000..89cc3b2fe
--- /dev/null
+++ b/etc/tor-browser-es.profile
@@ -0,0 +1,36 @@
+# Firejail profile for tor-browser-es from the Arch User Repository:
+blacklist /usr/local/bin
+blacklist /boot
+blacklist /media
+blacklist /mnt
+blacklist /opt
+blacklist /var
+private-bin bash,grep,sed,tail,tor-browser-es,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr
+whitelist ${HOME}/.tor-browser-es
+whitelist /dev/dri
+whitelist /dev/full
+whitelist /dev/null
+whitelist /dev/ptmx
+whitelist /dev/pts
+whitelist /dev/random
+whitelist /dev/shm
+whitelist /dev/snd
+whitelist /dev/tty
+whitelist /dev/urandom
+whitelist /dev/video0
+whitelist /dev/zero
+whitelist ~/Downloads
+# FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!)
+# https://github.com/netblue30/firejail/issues/955
+private-etc X11,pulse,machine-id
+private-tmp
+noexec /tmp
+shell none
+seccomp
+noroot
+caps.drop all
diff --git a/etc/tor-browser-fa.profile b/etc/tor-browser-fa.profile
new file mode 100644
index 000000000..7710d0f76
--- /dev/null
+++ b/etc/tor-browser-fa.profile
@@ -0,0 +1,36 @@
+# Firejail profile for tor-browser-fa from the Arch User Repository:
+blacklist /usr/local/bin
+blacklist /boot
+blacklist /media
+blacklist /mnt
+blacklist /opt
+blacklist /var
+private-bin bash,grep,sed,tail,tor-browser-fa,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr
+whitelist ${HOME}/.tor-browser-fa
+whitelist /dev/dri
+whitelist /dev/full
+whitelist /dev/null
+whitelist /dev/ptmx
+whitelist /dev/pts
+whitelist /dev/random
+whitelist /dev/shm
+whitelist /dev/snd
+whitelist /dev/tty
+whitelist /dev/urandom
+whitelist /dev/video0
+whitelist /dev/zero
+whitelist ~/Downloads
+# FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!)
+# https://github.com/netblue30/firejail/issues/955
+private-etc X11,pulse,machine-id
+private-tmp
+noexec /tmp
+shell none
+seccomp
+noroot
+caps.drop all
diff --git a/etc/tor-browser-fr.profile b/etc/tor-browser-fr.profile
new file mode 100644
index 000000000..c0fbbb33b
--- /dev/null
+++ b/etc/tor-browser-fr.profile
@@ -0,0 +1,36 @@
+# Firejail profile for tor-browser-fr from the Arch User Repository:
+blacklist /usr/local/bin
+blacklist /boot
+blacklist /media
+blacklist /mnt
+blacklist /opt
+blacklist /var
+private-bin bash,grep,sed,tail,tor-browser-fr,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr
+whitelist ${HOME}/.tor-browser-fr
+whitelist /dev/dri
+whitelist /dev/full
+whitelist /dev/null
+whitelist /dev/ptmx
+whitelist /dev/pts
+whitelist /dev/random
+whitelist /dev/shm
+whitelist /dev/snd
+whitelist /dev/tty
+whitelist /dev/urandom
+whitelist /dev/video0
+whitelist /dev/zero
+whitelist ~/Downloads
+# FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!)
+# https://github.com/netblue30/firejail/issues/955
+private-etc X11,pulse,machine-id
+private-tmp
+noexec /tmp
+shell none
+seccomp
+noroot
+caps.drop all
diff --git a/etc/tor-browser-it.profile b/etc/tor-browser-it.profile
new file mode 100644
index 000000000..1095a6adb
--- /dev/null
+++ b/etc/tor-browser-it.profile
@@ -0,0 +1,36 @@
+# Firejail profile for tor-browser-it from the Arch User Repository:
+blacklist /usr/local/bin
+blacklist /boot
+blacklist /media
+blacklist /mnt
+blacklist /opt
+blacklist /var
+private-bin bash,grep,sed,tail,tor-browser-it,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr
+whitelist ${HOME}/.tor-browser-it
+whitelist /dev/dri
+whitelist /dev/full
+whitelist /dev/null
+whitelist /dev/ptmx
+whitelist /dev/pts
+whitelist /dev/random
+whitelist /dev/shm
+whitelist /dev/snd
+whitelist /dev/tty
+whitelist /dev/urandom
+whitelist /dev/video0
+whitelist /dev/zero
+whitelist ~/Downloads
+# FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!)
+# https://github.com/netblue30/firejail/issues/955
+private-etc X11,pulse,machine-id
+private-tmp
+noexec /tmp
+shell none
+seccomp
+noroot
+caps.drop all
diff --git a/etc/tor-browser-ja.profile b/etc/tor-browser-ja.profile
new file mode 100644
index 000000000..0f6dcf77f
--- /dev/null
+++ b/etc/tor-browser-ja.profile
@@ -0,0 +1,36 @@
+# Firejail profile for tor-browser-ja from the Arch User Repository:
+blacklist /usr/local/bin
+blacklist /boot
+blacklist /media
+blacklist /mnt
+blacklist /opt
+blacklist /var
+private-bin bash,grep,sed,tail,tor-browser-ja,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr
+whitelist ${HOME}/.tor-browser-ja
+whitelist /dev/dri
+whitelist /dev/full
+whitelist /dev/null
+whitelist /dev/ptmx
+whitelist /dev/pts
+whitelist /dev/random
+whitelist /dev/shm
+whitelist /dev/snd
+whitelist /dev/tty
+whitelist /dev/urandom
+whitelist /dev/video0
+whitelist /dev/zero
+whitelist ~/Downloads
+# FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!)
+# https://github.com/netblue30/firejail/issues/955
+private-etc X11,pulse,machine-id
+private-tmp
+noexec /tmp
+shell none
+seccomp
+noroot
+caps.drop all
diff --git a/etc/tor-browser-ko.profile b/etc/tor-browser-ko.profile
new file mode 100644
index 000000000..6e87bd24f
--- /dev/null
+++ b/etc/tor-browser-ko.profile
@@ -0,0 +1,36 @@
+# Firejail profile for tor-browser-ko from the Arch User Repository:
+blacklist /usr/local/bin
+blacklist /boot
+blacklist /media
+blacklist /mnt
+blacklist /opt
+blacklist /var
+private-bin bash,grep,sed,tail,tor-browser-ko,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr
+whitelist ${HOME}/.tor-browser-ko
+whitelist /dev/dri
+whitelist /dev/full
+whitelist /dev/null
+whitelist /dev/ptmx
+whitelist /dev/pts
+whitelist /dev/random
+whitelist /dev/shm
+whitelist /dev/snd
+whitelist /dev/tty
+whitelist /dev/urandom
+whitelist /dev/video0
+whitelist /dev/zero
+whitelist ~/Downloads
+# FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!)
+# https://github.com/netblue30/firejail/issues/955
+private-etc X11,pulse,machine-id
+private-tmp
+noexec /tmp
+shell none
+seccomp
+noroot
+caps.drop all
diff --git a/etc/tor-browser-pl.profile b/etc/tor-browser-pl.profile
new file mode 100644
index 000000000..06e0315bf
--- /dev/null
+++ b/etc/tor-browser-pl.profile
@@ -0,0 +1,36 @@
+# Firejail profile for tor-browser-pl from the Arch User Repository:
+blacklist /usr/local/bin
+blacklist /boot
+blacklist /media
+blacklist /mnt
+blacklist /opt
+blacklist /var
+private-bin bash,grep,sed,tail,tor-browser-pl,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr
+whitelist ${HOME}/.tor-browser-pl
+whitelist /dev/dri
+whitelist /dev/full
+whitelist /dev/null
+whitelist /dev/ptmx
+whitelist /dev/pts
+whitelist /dev/random
+whitelist /dev/shm
+whitelist /dev/snd
+whitelist /dev/tty
+whitelist /dev/urandom
+whitelist /dev/video0
+whitelist /dev/zero
+whitelist ~/Downloads
+# FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!)
+# https://github.com/netblue30/firejail/issues/955
+private-etc X11,pulse,machine-id
+private-tmp
+noexec /tmp
+shell none
+seccomp
+noroot
+caps.drop all
diff --git a/etc/tor-browser-pt-br.profile b/etc/tor-browser-pt-br.profile
new file mode 100644
index 000000000..dc1da8f61
--- /dev/null
+++ b/etc/tor-browser-pt-br.profile
@@ -0,0 +1,36 @@
+# Firejail profile for tor-browser-pt-br from the Arch User Repository:
+blacklist /usr/local/bin
+blacklist /boot
+blacklist /media
+blacklist /mnt
+blacklist /opt
+blacklist /var
+private-bin bash,grep,sed,tail,tor-browser-pt-br,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr
+whitelist ${HOME}/.tor-browser-pt-br
+whitelist /dev/dri
+whitelist /dev/full
+whitelist /dev/null
+whitelist /dev/ptmx
+whitelist /dev/pts
+whitelist /dev/random
+whitelist /dev/shm
+whitelist /dev/snd
+whitelist /dev/tty
+whitelist /dev/urandom
+whitelist /dev/video0
+whitelist /dev/zero
+whitelist ~/Downloads
+# FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!)
+# https://github.com/netblue30/firejail/issues/955
+private-etc X11,pulse,machine-id
+private-tmp
+noexec /tmp
+shell none
+seccomp
+noroot
+caps.drop all
diff --git a/etc/tor-browser-ru.profile b/etc/tor-browser-ru.profile
new file mode 100644
index 000000000..616736da8
--- /dev/null
+++ b/etc/tor-browser-ru.profile
@@ -0,0 +1,36 @@
+# Firejail profile for tor-browser-ru from the Arch User Repository:
+blacklist /usr/local/bin
+blacklist /boot
+blacklist /media
+blacklist /mnt
+blacklist /opt
+blacklist /var
+private-bin bash,grep,sed,tail,tor-browser-ru,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr
+whitelist ${HOME}/.tor-browser-ru
+whitelist /dev/dri
+whitelist /dev/full
+whitelist /dev/null
+whitelist /dev/ptmx
+whitelist /dev/pts
+whitelist /dev/random
+whitelist /dev/shm
+whitelist /dev/snd
+whitelist /dev/tty
+whitelist /dev/urandom
+whitelist /dev/video0
+whitelist /dev/zero
+whitelist ~/Downloads
+# FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!)
+# https://github.com/netblue30/firejail/issues/955
+private-etc X11,pulse,machine-id
+private-tmp
+noexec /tmp
+shell none
+seccomp
+noroot
+caps.drop all
diff --git a/etc/tor-browser-vi.profile b/etc/tor-browser-vi.profile
new file mode 100644
index 000000000..bf5292c2e
--- /dev/null
+++ b/etc/tor-browser-vi.profile
@@ -0,0 +1,36 @@
+# Firejail profile for tor-browser-vi from the Arch User Repository:
+blacklist /usr/local/bin
+blacklist /boot
+blacklist /media
+blacklist /mnt
+blacklist /opt
+blacklist /var
+private-bin bash,grep,sed,tail,tor-browser-vi,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr
+whitelist ${HOME}/.tor-browser-vi
+whitelist /dev/dri
+whitelist /dev/full
+whitelist /dev/null
+whitelist /dev/ptmx
+whitelist /dev/pts
+whitelist /dev/random
+whitelist /dev/shm
+whitelist /dev/snd
+whitelist /dev/tty
+whitelist /dev/urandom
+whitelist /dev/video0
+whitelist /dev/zero
+whitelist ~/Downloads
+# FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!)
+# https://github.com/netblue30/firejail/issues/955
+private-etc X11,pulse,machine-id
+private-tmp
+noexec /tmp
+shell none
+seccomp
+noroot
+caps.drop all
diff --git a/etc/tor-browser-zh-cn.profile b/etc/tor-browser-zh-cn.profile
new file mode 100644
index 000000000..af04674f0
--- /dev/null
+++ b/etc/tor-browser-zh-cn.profile
@@ -0,0 +1,36 @@
+# Firejail profile for tor-browser-zh-cn from the Arch User Repository:
+blacklist /usr/local/bin
+blacklist /boot
+blacklist /media
+blacklist /mnt
+blacklist /opt
+blacklist /var
+private-bin bash,grep,sed,tail,tor-browser-zh-cn,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr
+whitelist ${HOME}/.tor-browser-zh-cn
+whitelist /dev/dri
+whitelist /dev/full
+whitelist /dev/null
+whitelist /dev/ptmx
+whitelist /dev/pts
+whitelist /dev/random
+whitelist /dev/shm
+whitelist /dev/snd
+whitelist /dev/tty
+whitelist /dev/urandom
+whitelist /dev/video0
+whitelist /dev/zero
+whitelist ~/Downloads
+# FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!)
+# https://github.com/netblue30/firejail/issues/955
+private-etc X11,pulse,machine-id
+private-tmp
+noexec /tmp
+shell none
+seccomp
+noroot
+caps.drop all
author	Your Name <you@example.com>	2017-12-30 16:34:44 -0400
committer	Your Name <you@example.com>	2017-12-30 16:34:44 -0400
commit	dbb8a4568ec21b563cf6face932add5af4144334 (patch)
tree	3ba4f8a156584f358dd0bbf8841af941a7b364dc
parent	README (diff)
download	firejail-dbb8a4568ec21b563cf6face932add5af4144334.tar.gz firejail-dbb8a4568ec21b563cf6face932add5af4144334.tar.zst firejail-dbb8a4568ec21b563cf6face932add5af4144334.zip

diff --git a/etc/tor-browser-ar.profile b/etc/tor-browser-ar.profile new file mode 100644 index 000000000..4f635166a --- /dev/null +++ b/etc/tor-browser-ar.profile
@@ -0,0 +1,36 @@
		1	# Firejail profile for tor-browser-ar from the Arch User Repository:
		2
		3
		4	blacklist /usr/local/bin
		5	blacklist /boot
		6	blacklist /media
		7	blacklist /mnt
		8	blacklist /opt
		9	blacklist /var
		10
		11	private-bin bash,grep,sed,tail,tor-browser-ar,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr
		12	whitelist ${HOME}/.tor-browser-ar
		13	whitelist /dev/dri
		14	whitelist /dev/full
		15	whitelist /dev/null
		16	whitelist /dev/ptmx
		17	whitelist /dev/pts
		18	whitelist /dev/random
		19	whitelist /dev/shm
		20	whitelist /dev/snd
		21	whitelist /dev/tty
		22	whitelist /dev/urandom
		23	whitelist /dev/video0
		24	whitelist /dev/zero
		25	whitelist ~/Downloads
		26
		27	# FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!)
		28	# https://github.com/netblue30/firejail/issues/955
		29	private-etc X11,pulse,machine-id
		30
		31	private-tmp
		32	noexec /tmp
		33	shell none
		34	seccomp
		35	noroot
		36	caps.drop all


diff --git a/etc/tor-browser-en-us.profile b/etc/tor-browser-en-us.profile new file mode 100644 index 000000000..762925655 --- /dev/null +++ b/etc/tor-browser-en-us.profile
@@ -0,0 +1,36 @@
		1	# Firejail profile for tor-browser-en-us from the Arch User Repository:
		2
		3
		4	blacklist /usr/local/bin
		5	blacklist /boot
		6	blacklist /media
		7	blacklist /mnt
		8	blacklist /opt
		9	blacklist /var
		10
		11	private-bin bash,grep,sed,tail,tor-browser-en-us,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr
		12	whitelist ${HOME}/.tor-browser-en-us
		13	whitelist /dev/dri
		14	whitelist /dev/full
		15	whitelist /dev/null
		16	whitelist /dev/ptmx
		17	whitelist /dev/pts
		18	whitelist /dev/random
		19	whitelist /dev/shm
		20	whitelist /dev/snd
		21	whitelist /dev/tty
		22	whitelist /dev/urandom
		23	whitelist /dev/video0
		24	whitelist /dev/zero
		25	whitelist ~/Downloads
		26
		27	# FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!)
		28	# https://github.com/netblue30/firejail/issues/955
		29	private-etc X11,pulse,machine-id
		30
		31	private-tmp
		32	noexec /tmp
		33	shell none
		34	seccomp
		35	noroot
		36	caps.drop all


diff --git a/etc/tor-browser-en.profile b/etc/tor-browser-en.profile index bf3a80139..b2bd2c5e9 100644 --- a/etc/tor-browser-en.profile +++ b/etc/tor-browser-en.profile
@@ -1,6 +1,36 @@
1	# Firejail profile alias for torbrowser-launcher	1	# Firejail profile for tor-browser-en from the Arch User Repository:
2	# This file is overwritten after every install/update
3		2
4		3
5	# Redirect	4	blacklist /usr/local/bin
6	include /etc/firejail/torbrowser-launcher.profile	5	blacklist /boot
		6	blacklist /media
		7	blacklist /mnt
		8	blacklist /opt
		9	blacklist /var
		10
		11	private-bin bash,grep,sed,tail,tor-browser-en,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr
		12	whitelist ${HOME}/.tor-browser-en
		13	whitelist /dev/dri
		14	whitelist /dev/full
		15	whitelist /dev/null
		16	whitelist /dev/ptmx
		17	whitelist /dev/pts
		18	whitelist /dev/random
		19	whitelist /dev/shm
		20	whitelist /dev/snd
		21	whitelist /dev/tty
		22	whitelist /dev/urandom
		23	whitelist /dev/video0
		24	whitelist /dev/zero
		25	whitelist ~/Downloads
		26
		27	# FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!)
		28	# https://github.com/netblue30/firejail/issues/955
		29	private-etc X11,pulse,machine-id
		30
		31	private-tmp
		32	noexec /tmp
		33	shell none
		34	seccomp
		35	noroot
		36	caps.drop all


diff --git a/etc/tor-browser-es-es.profile b/etc/tor-browser-es-es.profile new file mode 100644 index 000000000..f332b2cac --- /dev/null +++ b/etc/tor-browser-es-es.profile
@@ -0,0 +1,36 @@
		1	# Firejail profile for tor-browser-es-es from the Arch User Repository:
		2
		3
		4	blacklist /usr/local/bin
		5	blacklist /boot
		6	blacklist /media
		7	blacklist /mnt
		8	blacklist /opt
		9	blacklist /var
		10
		11	private-bin bash,grep,sed,tail,tor-browser-es-es,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr
		12	whitelist ${HOME}/.tor-browser-es-es
		13	whitelist /dev/dri
		14	whitelist /dev/full
		15	whitelist /dev/null
		16	whitelist /dev/ptmx
		17	whitelist /dev/pts
		18	whitelist /dev/random
		19	whitelist /dev/shm
		20	whitelist /dev/snd
		21	whitelist /dev/tty
		22	whitelist /dev/urandom
		23	whitelist /dev/video0
		24	whitelist /dev/zero
		25	whitelist ~/Downloads
		26
		27	# FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!)
		28	# https://github.com/netblue30/firejail/issues/955
		29	private-etc X11,pulse,machine-id
		30
		31	private-tmp
		32	noexec /tmp
		33	shell none
		34	seccomp
		35	noroot
		36	caps.drop all


diff --git a/etc/tor-browser-es.profile b/etc/tor-browser-es.profile new file mode 100644 index 000000000..89cc3b2fe --- /dev/null +++ b/etc/tor-browser-es.profile
@@ -0,0 +1,36 @@
		1	# Firejail profile for tor-browser-es from the Arch User Repository:
		2
		3
		4	blacklist /usr/local/bin
		5	blacklist /boot
		6	blacklist /media
		7	blacklist /mnt
		8	blacklist /opt
		9	blacklist /var
		10
		11	private-bin bash,grep,sed,tail,tor-browser-es,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr
		12	whitelist ${HOME}/.tor-browser-es
		13	whitelist /dev/dri
		14	whitelist /dev/full
		15	whitelist /dev/null
		16	whitelist /dev/ptmx
		17	whitelist /dev/pts
		18	whitelist /dev/random
		19	whitelist /dev/shm
		20	whitelist /dev/snd
		21	whitelist /dev/tty
		22	whitelist /dev/urandom
		23	whitelist /dev/video0
		24	whitelist /dev/zero
		25	whitelist ~/Downloads
		26
		27	# FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!)
		28	# https://github.com/netblue30/firejail/issues/955
		29	private-etc X11,pulse,machine-id
		30
		31	private-tmp
		32	noexec /tmp
		33	shell none
		34	seccomp
		35	noroot
		36	caps.drop all


diff --git a/etc/tor-browser-fa.profile b/etc/tor-browser-fa.profile new file mode 100644 index 000000000..7710d0f76 --- /dev/null +++ b/etc/tor-browser-fa.profile
@@ -0,0 +1,36 @@
		1	# Firejail profile for tor-browser-fa from the Arch User Repository:
		2
		3
		4	blacklist /usr/local/bin
		5	blacklist /boot
		6	blacklist /media
		7	blacklist /mnt
		8	blacklist /opt
		9	blacklist /var
		10
		11	private-bin bash,grep,sed,tail,tor-browser-fa,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr
		12	whitelist ${HOME}/.tor-browser-fa
		13	whitelist /dev/dri
		14	whitelist /dev/full
		15	whitelist /dev/null
		16	whitelist /dev/ptmx
		17	whitelist /dev/pts
		18	whitelist /dev/random
		19	whitelist /dev/shm
		20	whitelist /dev/snd
		21	whitelist /dev/tty
		22	whitelist /dev/urandom
		23	whitelist /dev/video0
		24	whitelist /dev/zero
		25	whitelist ~/Downloads
		26
		27	# FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!)
		28	# https://github.com/netblue30/firejail/issues/955
		29	private-etc X11,pulse,machine-id
		30
		31	private-tmp
		32	noexec /tmp
		33	shell none
		34	seccomp
		35	noroot
		36	caps.drop all


diff --git a/etc/tor-browser-fr.profile b/etc/tor-browser-fr.profile new file mode 100644 index 000000000..c0fbbb33b --- /dev/null +++ b/etc/tor-browser-fr.profile
@@ -0,0 +1,36 @@
		1	# Firejail profile for tor-browser-fr from the Arch User Repository:
		2
		3
		4	blacklist /usr/local/bin
		5	blacklist /boot
		6	blacklist /media
		7	blacklist /mnt
		8	blacklist /opt
		9	blacklist /var
		10
		11	private-bin bash,grep,sed,tail,tor-browser-fr,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr
		12	whitelist ${HOME}/.tor-browser-fr
		13	whitelist /dev/dri
		14	whitelist /dev/full
		15	whitelist /dev/null
		16	whitelist /dev/ptmx
		17	whitelist /dev/pts
		18	whitelist /dev/random
		19	whitelist /dev/shm
		20	whitelist /dev/snd
		21	whitelist /dev/tty
		22	whitelist /dev/urandom
		23	whitelist /dev/video0
		24	whitelist /dev/zero
		25	whitelist ~/Downloads
		26
		27	# FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!)
		28	# https://github.com/netblue30/firejail/issues/955
		29	private-etc X11,pulse,machine-id
		30
		31	private-tmp
		32	noexec /tmp
		33	shell none
		34	seccomp
		35	noroot
		36	caps.drop all


diff --git a/etc/tor-browser-it.profile b/etc/tor-browser-it.profile new file mode 100644 index 000000000..1095a6adb --- /dev/null +++ b/etc/tor-browser-it.profile
@@ -0,0 +1,36 @@
		1	# Firejail profile for tor-browser-it from the Arch User Repository:
		2
		3
		4	blacklist /usr/local/bin
		5	blacklist /boot
		6	blacklist /media
		7	blacklist /mnt
		8	blacklist /opt
		9	blacklist /var
		10
		11	private-bin bash,grep,sed,tail,tor-browser-it,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr
		12	whitelist ${HOME}/.tor-browser-it
		13	whitelist /dev/dri
		14	whitelist /dev/full
		15	whitelist /dev/null
		16	whitelist /dev/ptmx
		17	whitelist /dev/pts
		18	whitelist /dev/random
		19	whitelist /dev/shm
		20	whitelist /dev/snd
		21	whitelist /dev/tty
		22	whitelist /dev/urandom
		23	whitelist /dev/video0
		24	whitelist /dev/zero
		25	whitelist ~/Downloads
		26
		27	# FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!)
		28	# https://github.com/netblue30/firejail/issues/955
		29	private-etc X11,pulse,machine-id
		30
		31	private-tmp
		32	noexec /tmp
		33	shell none
		34	seccomp
		35	noroot
		36	caps.drop all


diff --git a/etc/tor-browser-ja.profile b/etc/tor-browser-ja.profile new file mode 100644 index 000000000..0f6dcf77f --- /dev/null +++ b/etc/tor-browser-ja.profile
@@ -0,0 +1,36 @@
		1	# Firejail profile for tor-browser-ja from the Arch User Repository:
		2
		3
		4	blacklist /usr/local/bin
		5	blacklist /boot
		6	blacklist /media
		7	blacklist /mnt
		8	blacklist /opt
		9	blacklist /var
		10
		11	private-bin bash,grep,sed,tail,tor-browser-ja,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr
		12	whitelist ${HOME}/.tor-browser-ja
		13	whitelist /dev/dri
		14	whitelist /dev/full
		15	whitelist /dev/null
		16	whitelist /dev/ptmx
		17	whitelist /dev/pts
		18	whitelist /dev/random
		19	whitelist /dev/shm
		20	whitelist /dev/snd
		21	whitelist /dev/tty
		22	whitelist /dev/urandom
		23	whitelist /dev/video0
		24	whitelist /dev/zero
		25	whitelist ~/Downloads
		26
		27	# FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!)
		28	# https://github.com/netblue30/firejail/issues/955
		29	private-etc X11,pulse,machine-id
		30
		31	private-tmp
		32	noexec /tmp
		33	shell none
		34	seccomp
		35	noroot
		36	caps.drop all


diff --git a/etc/tor-browser-ko.profile b/etc/tor-browser-ko.profile new file mode 100644 index 000000000..6e87bd24f --- /dev/null +++ b/etc/tor-browser-ko.profile
@@ -0,0 +1,36 @@
		1	# Firejail profile for tor-browser-ko from the Arch User Repository:
		2
		3
		4	blacklist /usr/local/bin
		5	blacklist /boot
		6	blacklist /media
		7	blacklist /mnt
		8	blacklist /opt
		9	blacklist /var
		10
		11	private-bin bash,grep,sed,tail,tor-browser-ko,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr
		12	whitelist ${HOME}/.tor-browser-ko
		13	whitelist /dev/dri
		14	whitelist /dev/full
		15	whitelist /dev/null
		16	whitelist /dev/ptmx
		17	whitelist /dev/pts
		18	whitelist /dev/random
		19	whitelist /dev/shm
		20	whitelist /dev/snd
		21	whitelist /dev/tty
		22	whitelist /dev/urandom
		23	whitelist /dev/video0
		24	whitelist /dev/zero
		25	whitelist ~/Downloads
		26
		27	# FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!)
		28	# https://github.com/netblue30/firejail/issues/955
		29	private-etc X11,pulse,machine-id
		30
		31	private-tmp
		32	noexec /tmp
		33	shell none
		34	seccomp
		35	noroot
		36	caps.drop all


diff --git a/etc/tor-browser-pl.profile b/etc/tor-browser-pl.profile new file mode 100644 index 000000000..06e0315bf --- /dev/null +++ b/etc/tor-browser-pl.profile
@@ -0,0 +1,36 @@
		1	# Firejail profile for tor-browser-pl from the Arch User Repository:
		2
		3
		4	blacklist /usr/local/bin
		5	blacklist /boot
		6	blacklist /media
		7	blacklist /mnt
		8	blacklist /opt
		9	blacklist /var
		10
		11	private-bin bash,grep,sed,tail,tor-browser-pl,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr
		12	whitelist ${HOME}/.tor-browser-pl
		13	whitelist /dev/dri
		14	whitelist /dev/full
		15	whitelist /dev/null
		16	whitelist /dev/ptmx
		17	whitelist /dev/pts
		18	whitelist /dev/random
		19	whitelist /dev/shm
		20	whitelist /dev/snd
		21	whitelist /dev/tty
		22	whitelist /dev/urandom
		23	whitelist /dev/video0
		24	whitelist /dev/zero
		25	whitelist ~/Downloads
		26
		27	# FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!)
		28	# https://github.com/netblue30/firejail/issues/955
		29	private-etc X11,pulse,machine-id
		30
		31	private-tmp
		32	noexec /tmp
		33	shell none
		34	seccomp
		35	noroot
		36	caps.drop all


diff --git a/etc/tor-browser-pt-br.profile b/etc/tor-browser-pt-br.profile new file mode 100644 index 000000000..dc1da8f61 --- /dev/null +++ b/etc/tor-browser-pt-br.profile
@@ -0,0 +1,36 @@
		1	# Firejail profile for tor-browser-pt-br from the Arch User Repository:
		2
		3
		4	blacklist /usr/local/bin
		5	blacklist /boot
		6	blacklist /media
		7	blacklist /mnt
		8	blacklist /opt
		9	blacklist /var
		10
		11	private-bin bash,grep,sed,tail,tor-browser-pt-br,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr
		12	whitelist ${HOME}/.tor-browser-pt-br
		13	whitelist /dev/dri
		14	whitelist /dev/full
		15	whitelist /dev/null
		16	whitelist /dev/ptmx
		17	whitelist /dev/pts
		18	whitelist /dev/random
		19	whitelist /dev/shm
		20	whitelist /dev/snd
		21	whitelist /dev/tty
		22	whitelist /dev/urandom
		23	whitelist /dev/video0
		24	whitelist /dev/zero
		25	whitelist ~/Downloads
		26
		27	# FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!)
		28	# https://github.com/netblue30/firejail/issues/955
		29	private-etc X11,pulse,machine-id
		30
		31	private-tmp
		32	noexec /tmp
		33	shell none
		34	seccomp
		35	noroot
		36	caps.drop all


diff --git a/etc/tor-browser-ru.profile b/etc/tor-browser-ru.profile new file mode 100644 index 000000000..616736da8 --- /dev/null +++ b/etc/tor-browser-ru.profile
@@ -0,0 +1,36 @@
		1	# Firejail profile for tor-browser-ru from the Arch User Repository:
		2
		3
		4	blacklist /usr/local/bin
		5	blacklist /boot
		6	blacklist /media
		7	blacklist /mnt
		8	blacklist /opt
		9	blacklist /var
		10
		11	private-bin bash,grep,sed,tail,tor-browser-ru,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr
		12	whitelist ${HOME}/.tor-browser-ru
		13	whitelist /dev/dri
		14	whitelist /dev/full
		15	whitelist /dev/null
		16	whitelist /dev/ptmx
		17	whitelist /dev/pts
		18	whitelist /dev/random
		19	whitelist /dev/shm
		20	whitelist /dev/snd
		21	whitelist /dev/tty
		22	whitelist /dev/urandom
		23	whitelist /dev/video0
		24	whitelist /dev/zero
		25	whitelist ~/Downloads
		26
		27	# FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!)
		28	# https://github.com/netblue30/firejail/issues/955
		29	private-etc X11,pulse,machine-id
		30
		31	private-tmp
		32	noexec /tmp
		33	shell none
		34	seccomp
		35	noroot
		36	caps.drop all


diff --git a/etc/tor-browser-vi.profile b/etc/tor-browser-vi.profile new file mode 100644 index 000000000..bf5292c2e --- /dev/null +++ b/etc/tor-browser-vi.profile
@@ -0,0 +1,36 @@
		1	# Firejail profile for tor-browser-vi from the Arch User Repository:
		2
		3
		4	blacklist /usr/local/bin
		5	blacklist /boot
		6	blacklist /media
		7	blacklist /mnt
		8	blacklist /opt
		9	blacklist /var
		10
		11	private-bin bash,grep,sed,tail,tor-browser-vi,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr
		12	whitelist ${HOME}/.tor-browser-vi
		13	whitelist /dev/dri
		14	whitelist /dev/full
		15	whitelist /dev/null
		16	whitelist /dev/ptmx
		17	whitelist /dev/pts
		18	whitelist /dev/random
		19	whitelist /dev/shm
		20	whitelist /dev/snd
		21	whitelist /dev/tty
		22	whitelist /dev/urandom
		23	whitelist /dev/video0
		24	whitelist /dev/zero
		25	whitelist ~/Downloads
		26
		27	# FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!)
		28	# https://github.com/netblue30/firejail/issues/955
		29	private-etc X11,pulse,machine-id
		30
		31	private-tmp
		32	noexec /tmp
		33	shell none
		34	seccomp
		35	noroot
		36	caps.drop all


diff --git a/etc/tor-browser-zh-cn.profile b/etc/tor-browser-zh-cn.profile new file mode 100644 index 000000000..af04674f0 --- /dev/null +++ b/etc/tor-browser-zh-cn.profile
@@ -0,0 +1,36 @@
		1	# Firejail profile for tor-browser-zh-cn from the Arch User Repository:
		2
		3
		4	blacklist /usr/local/bin
		5	blacklist /boot
		6	blacklist /media
		7	blacklist /mnt
		8	blacklist /opt
		9	blacklist /var
		10
		11	private-bin bash,grep,sed,tail,tor-browser-zh-cn,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr
		12	whitelist ${HOME}/.tor-browser-zh-cn
		13	whitelist /dev/dri
		14	whitelist /dev/full
		15	whitelist /dev/null
		16	whitelist /dev/ptmx
		17	whitelist /dev/pts
		18	whitelist /dev/random
		19	whitelist /dev/shm
		20	whitelist /dev/snd
		21	whitelist /dev/tty
		22	whitelist /dev/urandom
		23	whitelist /dev/video0
		24	whitelist /dev/zero
		25	whitelist ~/Downloads
		26
		27	# FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!)
		28	# https://github.com/netblue30/firejail/issues/955
		29	private-etc X11,pulse,machine-id
		30
		31	private-tmp
		32	noexec /tmp
		33	shell none
		34	seccomp
		35	noroot
		36	caps.drop all