Fixup 36 profiles

author: Tad <tad@spotco.us> 2017-09-16 13:47:31 -0400
committer: Tad <tad@spotco.us> 2017-09-18 18:24:13 -0400
commit: 60606c2d041dc08b0af10baff1b18dbf507f8d81 (patch)
tree: 75ca83f6148cf6e93e75df9be3b85ab702a5fb9c /etc/tor-browser-en.profile
parent: Add 5 profiles (diff)
download: firejail-60606c2d041dc08b0af10baff1b18dbf507f8d81.tar.gz
firejail-60606c2d041dc08b0af10baff1b18dbf507f8d81.tar.zst
firejail-60606c2d041dc08b0af10baff1b18dbf507f8d81.zip
1 files changed, 7 insertions, 21 deletions
diff --git a/etc/tor-browser-en.profile b/etc/tor-browser-en.profile
index 1f0b61c75..65ea41e18 100644
--- a/etc/tor-browser-en.profile
+++ b/etc/tor-browser-en.profile
@@ -5,26 +5,15 @@ include /etc/firejail/tor-browser-en.local
 # Persistent global definitions
 include /etc/firejail/globals.local
-blacklist /boot
-blacklist /media
+noblacklist ${HOME}/.tor-browser-en
-blacklist /mnt
-blacklist /opt
+include /etc/firejail/disable-common.inc
-blacklist /usr/local/bin
+include /etc/firejail/disable-devel.inc
-blacklist /var
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
 whitelist ${HOME}/.tor-browser-en
-whitelist /dev/dri
-whitelist /dev/full
-whitelist /dev/null
-whitelist /dev/ptmx
-whitelist /dev/pts
-whitelist /dev/random
-whitelist /dev/shm
-whitelist /dev/snd
-whitelist /dev/tty
-whitelist /dev/urandom
-whitelist /dev/video0
-whitelist /dev/zero
 include /etc/firejail/whitelist-common.inc
 caps.drop all
@@ -33,9 +22,6 @@ seccomp
 shell none
 private-bin bash,grep,sed,tail,tor-browser-en,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr
-# FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!)
-# https://github.com/netblue30/firejail/issues/955
-private-etc X11,pulse,machine-id
 private-tmp
 noexec /tmp
author	Tad <tad@spotco.us>	2017-09-16 13:47:31 -0400
committer	Tad <tad@spotco.us>	2017-09-18 18:24:13 -0400
commit	60606c2d041dc08b0af10baff1b18dbf507f8d81 (patch)
tree	75ca83f6148cf6e93e75df9be3b85ab702a5fb9c /etc/tor-browser-en.profile
parent	Add 5 profiles (diff)
download	firejail-60606c2d041dc08b0af10baff1b18dbf507f8d81.tar.gz firejail-60606c2d041dc08b0af10baff1b18dbf507f8d81.tar.zst firejail-60606c2d041dc08b0af10baff1b18dbf507f8d81.zip

diff --git a/etc/tor-browser-en.profile b/etc/tor-browser-en.profile index 1f0b61c75..65ea41e18 100644 --- a/etc/tor-browser-en.profile +++ b/etc/tor-browser-en.profile
@@ -5,26 +5,15 @@ include /etc/firejail/tor-browser-en.local
5	# Persistent global definitions	5	# Persistent global definitions
6	include /etc/firejail/globals.local	6	include /etc/firejail/globals.local
7		7
8	blacklist /boot	8
9	blacklist /media	9	noblacklist ${HOME}/.tor-browser-en
10	blacklist /mnt	10
11	blacklist /opt	11	include /etc/firejail/disable-common.inc
12	blacklist /usr/local/bin	12	include /etc/firejail/disable-devel.inc
13	blacklist /var	13	include /etc/firejail/disable-passwdmgr.inc
		14	include /etc/firejail/disable-programs.inc
14		15
15	whitelist ${HOME}/.tor-browser-en	16	whitelist ${HOME}/.tor-browser-en
16	whitelist /dev/dri
17	whitelist /dev/full
18	whitelist /dev/null
19	whitelist /dev/ptmx
20	whitelist /dev/pts
21	whitelist /dev/random
22	whitelist /dev/shm
23	whitelist /dev/snd
24	whitelist /dev/tty
25	whitelist /dev/urandom
26	whitelist /dev/video0
27	whitelist /dev/zero
28	include /etc/firejail/whitelist-common.inc	17	include /etc/firejail/whitelist-common.inc
29		18
30	caps.drop all	19	caps.drop all
@@ -33,9 +22,6 @@ seccomp
33	shell none	22	shell none
34		23
35	private-bin bash,grep,sed,tail,tor-browser-en,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr	24	private-bin bash,grep,sed,tail,tor-browser-en,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr
36	# FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!)
37	# https://github.com/netblue30/firejail/issues/955
38	private-etc X11,pulse,machine-id
39	private-tmp	25	private-tmp
40		26
41	noexec /tmp	27	noexec /tmp