Add 31 profiles

author: Chiraag Nataraj <chiraag.nataraj@gmail.com> 2017-09-16 13:18:26 -0400
committer: Tad <tad@spotco.us> 2017-09-18 18:24:13 -0400
commit: 9c833ae929f64fa54c5d8aa49e4a784803b805c8 (patch)
tree: 6a15f6bda1665adfb1ff58842b995a8a03bba921 /etc/tor.profile
parent: Add a profile for TeamSpeak3 (diff)
download: firejail-9c833ae929f64fa54c5d8aa49e4a784803b805c8.tar.gz
firejail-9c833ae929f64fa54c5d8aa49e4a784803b805c8.tar.zst
firejail-9c833ae929f64fa54c5d8aa49e4a784803b805c8.zip
1 files changed, 38 insertions, 0 deletions
diff --git a/etc/tor.profile b/etc/tor.profile
new file mode 100644
index 000000000..2e2172cad
--- /dev/null
+++ b/etc/tor.profile
@@ -0,0 +1,38 @@
+# Firejail profile for tor
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/tor.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+# How to use:
+# Create a script called anything (e.g. mytor)
+# with the following contents:
+# #!/bin/bash
+# TORCMD="tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 1"
+# sudo -b daemon -f -d -- firejail --profile=/home/<username>/.config/firejail/tor.profile $TORCMD
+# You'll also likely want to disable the system service (if it exists)
+# Run mytor (or whatever you called the script above) whenever you want to start tor
+blacklist /boot
+blacklist /media
+blacklist /mnt
+blacklist /opt
+caps.keep setuid,setgid,net_bind_service,dac_read_search
+ipc-namespace
+no3d
+nogroups
+nonewprivs
+nosound
+seccomp
+shell none
+writable-var
+x11 none
+private
+private-bin tor,bash
+private-dev
+private-etc tor,passwd
+private-tmp
author	Chiraag Nataraj <chiraag.nataraj@gmail.com>	2017-09-16 13:18:26 -0400
committer	Tad <tad@spotco.us>	2017-09-18 18:24:13 -0400
commit	9c833ae929f64fa54c5d8aa49e4a784803b805c8 (patch)
tree	6a15f6bda1665adfb1ff58842b995a8a03bba921 /etc/tor.profile
parent	Add a profile for TeamSpeak3 (diff)
download	firejail-9c833ae929f64fa54c5d8aa49e4a784803b805c8.tar.gz firejail-9c833ae929f64fa54c5d8aa49e4a784803b805c8.tar.zst firejail-9c833ae929f64fa54c5d8aa49e4a784803b805c8.zip

diff --git a/etc/tor.profile b/etc/tor.profile new file mode 100644 index 000000000..2e2172cad --- /dev/null +++ b/etc/tor.profile
@@ -0,0 +1,38 @@
	1	# Firejail profile for tor
	2	# This file is overwritten after every install/update
	3	# Persistent local customizations
	4	include /etc/firejail/tor.local
	5	# Persistent global definitions
	6	include /etc/firejail/globals.local
	7
	8	# How to use:
	9	# Create a script called anything (e.g. mytor)
	10	# with the following contents:
	11	# #!/bin/bash
	12	# TORCMD="tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 1"
	13	# sudo -b daemon -f -d -- firejail --profile=/home/<username>/.config/firejail/tor.profile $TORCMD
	14
	15	# You'll also likely want to disable the system service (if it exists)
	16	# Run mytor (or whatever you called the script above) whenever you want to start tor
	17
	18	blacklist /boot
	19	blacklist /media
	20	blacklist /mnt
	21	blacklist /opt
	22
	23	caps.keep setuid,setgid,net_bind_service,dac_read_search
	24	ipc-namespace
	25	no3d
	26	nogroups
	27	nonewprivs
	28	nosound
	29	seccomp
	30	shell none
	31	writable-var
	32	x11 none
	33
	34	private
	35	private-bin tor,bash
	36	private-dev
	37	private-etc tor,passwd
	38	private-tmp