diff options
author | Tad <tad@spotco.us> | 2022-07-23 13:18:09 -0400 |
---|---|---|
committer | Tad <tad@spotco.us> | 2022-07-23 13:18:13 -0400 |
commit | 89441e48e8f0388f376cd4fcc24ddbd99f7cc858 (patch) | |
tree | 6a5c709f1f040c6895b8e944f7db45cb1359e59b | |
parent | viewnior.profile: allow accessing its /usr/share directory (#5270) (diff) | |
download | firejail-89441e48e8f0388f376cd4fcc24ddbd99f7cc858.tar.gz firejail-89441e48e8f0388f376cd4fcc24ddbd99f7cc858.tar.zst firejail-89441e48e8f0388f376cd4fcc24ddbd99f7cc858.zip |
Deny Tor related profiles access to /sys/class/net
This directory contains the MAC address for connections available
Tested working with torbrowser-launcher and onionshare
Signed-off-by: Tad <tad@spotco.us>
-rw-r--r-- | etc/profile-m-z/onionshare-gui.profile | 2 | ||||
-rw-r--r-- | etc/profile-m-z/torbrowser-launcher.profile | 1 | ||||
-rw-r--r-- | etc/profile-m-z/torbrowser.profile | 1 |
3 files changed, 4 insertions, 0 deletions
diff --git a/etc/profile-m-z/onionshare-gui.profile b/etc/profile-m-z/onionshare-gui.profile index fbf4c3ef0..db923056a 100644 --- a/etc/profile-m-z/onionshare-gui.profile +++ b/etc/profile-m-z/onionshare-gui.profile | |||
@@ -11,6 +11,8 @@ noblacklist ${HOME}/.config/onionshare | |||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | include allow-python3.inc | 12 | include allow-python3.inc |
13 | 13 | ||
14 | blacklist /sys/class/net | ||
15 | |||
14 | include disable-common.inc | 16 | include disable-common.inc |
15 | include disable-devel.inc | 17 | include disable-devel.inc |
16 | include disable-exec.inc | 18 | include disable-exec.inc |
diff --git a/etc/profile-m-z/torbrowser-launcher.profile b/etc/profile-m-z/torbrowser-launcher.profile index 700a10be8..9d66c5fa4 100644 --- a/etc/profile-m-z/torbrowser-launcher.profile +++ b/etc/profile-m-z/torbrowser-launcher.profile | |||
@@ -16,6 +16,7 @@ include allow-python2.inc | |||
16 | include allow-python3.inc | 16 | include allow-python3.inc |
17 | 17 | ||
18 | blacklist /srv | 18 | blacklist /srv |
19 | blacklist /sys/class/net | ||
19 | 20 | ||
20 | include disable-common.inc | 21 | include disable-common.inc |
21 | include disable-devel.inc | 22 | include disable-devel.inc |
diff --git a/etc/profile-m-z/torbrowser.profile b/etc/profile-m-z/torbrowser.profile index fc579b973..15ca5b550 100644 --- a/etc/profile-m-z/torbrowser.profile +++ b/etc/profile-m-z/torbrowser.profile | |||
@@ -13,6 +13,7 @@ noblacklist ${HOME}/.cache/mozilla | |||
13 | noblacklist ${HOME}/.mozilla | 13 | noblacklist ${HOME}/.mozilla |
14 | 14 | ||
15 | blacklist /usr/libexec | 15 | blacklist /usr/libexec |
16 | blacklist /sys/class/net | ||
16 | 17 | ||
17 | mkdir ${HOME}/.cache/mozilla/torbrowser | 18 | mkdir ${HOME}/.cache/mozilla/torbrowser |
18 | mkdir ${HOME}/.mozilla | 19 | mkdir ${HOME}/.mozilla |