diff options
author | Tad <tad@spotco.us> | 2017-09-16 13:47:31 -0400 |
---|---|---|
committer | Tad <tad@spotco.us> | 2017-09-18 18:24:13 -0400 |
commit | 60606c2d041dc08b0af10baff1b18dbf507f8d81 (patch) | |
tree | 75ca83f6148cf6e93e75df9be3b85ab702a5fb9c /etc/tor-browser-en.profile | |
parent | Add 5 profiles (diff) | |
download | firejail-60606c2d041dc08b0af10baff1b18dbf507f8d81.tar.gz firejail-60606c2d041dc08b0af10baff1b18dbf507f8d81.tar.zst firejail-60606c2d041dc08b0af10baff1b18dbf507f8d81.zip |
Fixup 36 profiles
Diffstat (limited to 'etc/tor-browser-en.profile')
-rw-r--r-- | etc/tor-browser-en.profile | 28 |
1 files changed, 7 insertions, 21 deletions
diff --git a/etc/tor-browser-en.profile b/etc/tor-browser-en.profile index 1f0b61c75..65ea41e18 100644 --- a/etc/tor-browser-en.profile +++ b/etc/tor-browser-en.profile | |||
@@ -5,26 +5,15 @@ include /etc/firejail/tor-browser-en.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /boot | 8 | |
9 | blacklist /media | 9 | noblacklist ${HOME}/.tor-browser-en |
10 | blacklist /mnt | 10 | |
11 | blacklist /opt | 11 | include /etc/firejail/disable-common.inc |
12 | blacklist /usr/local/bin | 12 | include /etc/firejail/disable-devel.inc |
13 | blacklist /var | 13 | include /etc/firejail/disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | ||
14 | 15 | ||
15 | whitelist ${HOME}/.tor-browser-en | 16 | whitelist ${HOME}/.tor-browser-en |
16 | whitelist /dev/dri | ||
17 | whitelist /dev/full | ||
18 | whitelist /dev/null | ||
19 | whitelist /dev/ptmx | ||
20 | whitelist /dev/pts | ||
21 | whitelist /dev/random | ||
22 | whitelist /dev/shm | ||
23 | whitelist /dev/snd | ||
24 | whitelist /dev/tty | ||
25 | whitelist /dev/urandom | ||
26 | whitelist /dev/video0 | ||
27 | whitelist /dev/zero | ||
28 | include /etc/firejail/whitelist-common.inc | 17 | include /etc/firejail/whitelist-common.inc |
29 | 18 | ||
30 | caps.drop all | 19 | caps.drop all |
@@ -33,9 +22,6 @@ seccomp | |||
33 | shell none | 22 | shell none |
34 | 23 | ||
35 | private-bin bash,grep,sed,tail,tor-browser-en,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr | 24 | private-bin bash,grep,sed,tail,tor-browser-en,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr |
36 | # FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!) | ||
37 | # https://github.com/netblue30/firejail/issues/955 | ||
38 | private-etc X11,pulse,machine-id | ||
39 | private-tmp | 25 | private-tmp |
40 | 26 | ||
41 | noexec /tmp | 27 | noexec /tmp |