diff options
| author |  Tad <tad@spotco.us> | 2022-07-23 13:18:09 -0400 |
|---|---|---|
| committer | Tad <tad@spotco.us> | 2022-07-23 13:18:13 -0400 |
| commit | 89441e48e8f0388f376cd4fcc24ddbd99f7cc858 (patch) | |
| tree | 6a5c709f1f040c6895b8e944f7db45cb1359e59b /etc/profile-m-z | |
| parent | viewnior.profile: allow accessing its /usr/share directory (#5270) (diff) | |
| download | firejail-89441e48e8f0388f376cd4fcc24ddbd99f7cc858.tar.gz firejail-89441e48e8f0388f376cd4fcc24ddbd99f7cc858.tar.zst firejail-89441e48e8f0388f376cd4fcc24ddbd99f7cc858.zip | |
Deny Tor related profiles access to /sys/class/net
This directory contains the MAC address for connections available
Tested working with torbrowser-launcher and onionshare
Signed-off-by: Tad <tad@spotco.us>
Diffstat (limited to 'etc/profile-m-z')
| -rw-r--r-- | etc/profile-m-z/onionshare-gui.profile | 2 | ||||
| -rw-r--r-- | etc/profile-m-z/torbrowser-launcher.profile | 1 | ||||
| -rw-r--r-- | etc/profile-m-z/torbrowser.profile | 1 |
3 files changed, 4 insertions, 0 deletions
diff --git a/etc/profile-m-z/onionshare-gui.profile b/etc/profile-m-z/onionshare-gui.profile index fbf4c3ef0..db923056a 100644 --- a/etc/profile-m-z/onionshare-gui.profile +++ b/etc/profile-m-z/onionshare-gui.profile | |||
| @@ -11,6 +11,8 @@ noblacklist ${HOME}/.config/onionshare | |||
| 11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
| 12 | include allow-python3.inc | 12 | include allow-python3.inc |
| 13 | 13 | ||
| 14 | blacklist /sys/class/net | ||
| 15 | |||
| 14 | include disable-common.inc | 16 | include disable-common.inc |
| 15 | include disable-devel.inc | 17 | include disable-devel.inc |
| 16 | include disable-exec.inc | 18 | include disable-exec.inc |
diff --git a/etc/profile-m-z/torbrowser-launcher.profile b/etc/profile-m-z/torbrowser-launcher.profile index 700a10be8..9d66c5fa4 100644 --- a/etc/profile-m-z/torbrowser-launcher.profile +++ b/etc/profile-m-z/torbrowser-launcher.profile | |||
| @@ -16,6 +16,7 @@ include allow-python2.inc | |||
| 16 | include allow-python3.inc | 16 | include allow-python3.inc |
| 17 | 17 | ||
| 18 | blacklist /srv | 18 | blacklist /srv |
| 19 | blacklist /sys/class/net | ||
| 19 | 20 | ||
| 20 | include disable-common.inc | 21 | include disable-common.inc |
| 21 | include disable-devel.inc | 22 | include disable-devel.inc |
diff --git a/etc/profile-m-z/torbrowser.profile b/etc/profile-m-z/torbrowser.profile index fc579b973..15ca5b550 100644 --- a/etc/profile-m-z/torbrowser.profile +++ b/etc/profile-m-z/torbrowser.profile | |||
| @@ -13,6 +13,7 @@ noblacklist ${HOME}/.cache/mozilla | |||
| 13 | noblacklist ${HOME}/.mozilla | 13 | noblacklist ${HOME}/.mozilla |
| 14 | 14 | ||
| 15 | blacklist /usr/libexec | 15 | blacklist /usr/libexec |
| 16 | blacklist /sys/class/net | ||
| 16 | 17 | ||
| 17 | mkdir ${HOME}/.cache/mozilla/torbrowser | 18 | mkdir ${HOME}/.cache/mozilla/torbrowser |
| 18 | mkdir ${HOME}/.mozilla | 19 | mkdir ${HOME}/.mozilla |