Simplfy locale specific Tor Browser profiles

author: Tad <tad@spotco.us> 2018-01-01 05:38:43 -0500
committer: Tad <tad@spotco.us> 2018-01-01 05:38:43 -0500
commit: 2cd93846c5133608e9870c6b8c0955bf0a09ab81 (patch)
tree: bb12bdc5453188a4eeb4aa5e7f62017d74daef4e /etc/tor-browser-ko.profile
parent: tor flavours (diff)
download: firejail-2cd93846c5133608e9870c6b8c0955bf0a09ab81.tar.gz
firejail-2cd93846c5133608e9870c6b8c0955bf0a09ab81.tar.zst
firejail-2cd93846c5133608e9870c6b8c0955bf0a09ab81.zip
1 files changed, 5 insertions, 33 deletions
diff --git a/etc/tor-browser-ko.profile b/etc/tor-browser-ko.profile
index 6e87bd24f..c1a29f84e 100644
--- a/etc/tor-browser-ko.profile
+++ b/etc/tor-browser-ko.profile
@@ -1,36 +1,8 @@
-# Firejail profile for tor-browser-ko from the Arch User Repository:
+# Firejail profile alias for torbrowser-launcher
+# This file is overwritten after every install/update
+noblacklist ${HOME}/.tor-browser-ko
-blacklist /usr/local/bin
-blacklist /boot
-blacklist /media
-blacklist /mnt
-blacklist /opt
-blacklist /var
-private-bin bash,grep,sed,tail,tor-browser-ko,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr
 whitelist ${HOME}/.tor-browser-ko
-whitelist /dev/dri
-whitelist /dev/full
-whitelist /dev/null
-whitelist /dev/ptmx
-whitelist /dev/pts
-whitelist /dev/random
-whitelist /dev/shm
-whitelist /dev/snd
-whitelist /dev/tty
-whitelist /dev/urandom
-whitelist /dev/video0
-whitelist /dev/zero
-whitelist ~/Downloads
-# FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!)
-# https://github.com/netblue30/firejail/issues/955
-private-etc X11,pulse,machine-id
-private-tmp
+# Redirect
-noexec /tmp
+include /etc/firejail/torbrowser-launcher.profile
-shell none
-seccomp
-noroot
-caps.drop all
author	Tad <tad@spotco.us>	2018-01-01 05:38:43 -0500
committer	Tad <tad@spotco.us>	2018-01-01 05:38:43 -0500
commit	2cd93846c5133608e9870c6b8c0955bf0a09ab81 (patch)
tree	bb12bdc5453188a4eeb4aa5e7f62017d74daef4e /etc/tor-browser-ko.profile
parent	tor flavours (diff)
download	firejail-2cd93846c5133608e9870c6b8c0955bf0a09ab81.tar.gz firejail-2cd93846c5133608e9870c6b8c0955bf0a09ab81.tar.zst firejail-2cd93846c5133608e9870c6b8c0955bf0a09ab81.zip

diff --git a/etc/tor-browser-ko.profile b/etc/tor-browser-ko.profile index 6e87bd24f..c1a29f84e 100644 --- a/etc/tor-browser-ko.profile +++ b/etc/tor-browser-ko.profile
@@ -1,36 +1,8 @@
1	# Firejail profile for tor-browser-ko from the Arch User Repository:	1	# Firejail profile alias for torbrowser-launcher
		2	# This file is overwritten after every install/update
2		3
3		4	noblacklist ${HOME}/.tor-browser-ko
4	blacklist /usr/local/bin
5	blacklist /boot
6	blacklist /media
7	blacklist /mnt
8	blacklist /opt
9	blacklist /var
10
11	private-bin bash,grep,sed,tail,tor-browser-ko,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr
12	whitelist ${HOME}/.tor-browser-ko	5	whitelist ${HOME}/.tor-browser-ko
13	whitelist /dev/dri
14	whitelist /dev/full
15	whitelist /dev/null
16	whitelist /dev/ptmx
17	whitelist /dev/pts
18	whitelist /dev/random
19	whitelist /dev/shm
20	whitelist /dev/snd
21	whitelist /dev/tty
22	whitelist /dev/urandom
23	whitelist /dev/video0
24	whitelist /dev/zero
25	whitelist ~/Downloads
26
27	# FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!)
28	# https://github.com/netblue30/firejail/issues/955
29	private-etc X11,pulse,machine-id
30		6
31	private-tmp	7	# Redirect
32	noexec /tmp	8	include /etc/firejail/torbrowser-launcher.profile
33	shell none
34	seccomp
35	noroot
36	caps.drop all