diff options
author | Tad <tad@spotco.us> | 2018-01-01 05:38:43 -0500 |
---|---|---|
committer | Tad <tad@spotco.us> | 2018-01-01 05:38:43 -0500 |
commit | 2cd93846c5133608e9870c6b8c0955bf0a09ab81 (patch) | |
tree | bb12bdc5453188a4eeb4aa5e7f62017d74daef4e /etc | |
parent | tor flavours (diff) | |
download | firejail-2cd93846c5133608e9870c6b8c0955bf0a09ab81.tar.gz firejail-2cd93846c5133608e9870c6b8c0955bf0a09ab81.tar.zst firejail-2cd93846c5133608e9870c6b8c0955bf0a09ab81.zip |
Simplfy locale specific Tor Browser profiles
Diffstat (limited to 'etc')
-rw-r--r-- | etc/disable-programs.inc | 2 | ||||
-rw-r--r-- | etc/tor-browser-ar.profile | 38 | ||||
-rw-r--r-- | etc/tor-browser-en-us.profile | 38 | ||||
-rw-r--r-- | etc/tor-browser-en.profile | 38 | ||||
-rw-r--r-- | etc/tor-browser-es-es.profile | 40 | ||||
-rw-r--r-- | etc/tor-browser-es.profile | 38 | ||||
-rw-r--r-- | etc/tor-browser-fa.profile | 38 | ||||
-rw-r--r-- | etc/tor-browser-fr.profile | 38 | ||||
-rw-r--r-- | etc/tor-browser-it.profile | 38 | ||||
-rw-r--r-- | etc/tor-browser-ja.profile | 38 | ||||
-rw-r--r-- | etc/tor-browser-ko.profile | 38 | ||||
-rw-r--r-- | etc/tor-browser-pl.profile | 38 | ||||
-rw-r--r-- | etc/tor-browser-pt-br.profile | 38 | ||||
-rw-r--r-- | etc/tor-browser-ru.profile | 38 | ||||
-rw-r--r-- | etc/tor-browser-vi.profile | 38 | ||||
-rw-r--r-- | etc/tor-browser-zh-cn.profile | 38 | ||||
-rw-r--r-- | etc/torbrowser-launcher.profile | 2 |
17 files changed, 77 insertions, 499 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 96de8050f..feb01e142 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -430,7 +430,7 @@ blacklist ${HOME}/.synfig | |||
430 | blacklist ${HOME}/.tconn | 430 | blacklist ${HOME}/.tconn |
431 | blacklist ${HOME}/.thunderbird | 431 | blacklist ${HOME}/.thunderbird |
432 | blacklist ${HOME}/.tooling | 432 | blacklist ${HOME}/.tooling |
433 | blacklist ${HOME}/.tor-browser-en | 433 | blacklist ${HOME}/.tor-browser-* |
434 | blacklist ${HOME}/.ts3client | 434 | blacklist ${HOME}/.ts3client |
435 | blacklist ${HOME}/.tuxguitar* | 435 | blacklist ${HOME}/.tuxguitar* |
436 | blacklist ${HOME}/.unknown-horizons | 436 | blacklist ${HOME}/.unknown-horizons |
diff --git a/etc/tor-browser-ar.profile b/etc/tor-browser-ar.profile index 4f635166a..36eda5704 100644 --- a/etc/tor-browser-ar.profile +++ b/etc/tor-browser-ar.profile | |||
@@ -1,36 +1,8 @@ | |||
1 | # Firejail profile for tor-browser-ar from the Arch User Repository: | 1 | # Firejail profile alias for torbrowser-launcher |
2 | # This file is overwritten after every install/update | ||
2 | 3 | ||
3 | 4 | noblacklist ${HOME}/.tor-browser-ar | |
4 | blacklist /usr/local/bin | ||
5 | blacklist /boot | ||
6 | blacklist /media | ||
7 | blacklist /mnt | ||
8 | blacklist /opt | ||
9 | blacklist /var | ||
10 | |||
11 | private-bin bash,grep,sed,tail,tor-browser-ar,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr | ||
12 | whitelist ${HOME}/.tor-browser-ar | 5 | whitelist ${HOME}/.tor-browser-ar |
13 | whitelist /dev/dri | ||
14 | whitelist /dev/full | ||
15 | whitelist /dev/null | ||
16 | whitelist /dev/ptmx | ||
17 | whitelist /dev/pts | ||
18 | whitelist /dev/random | ||
19 | whitelist /dev/shm | ||
20 | whitelist /dev/snd | ||
21 | whitelist /dev/tty | ||
22 | whitelist /dev/urandom | ||
23 | whitelist /dev/video0 | ||
24 | whitelist /dev/zero | ||
25 | whitelist ~/Downloads | ||
26 | |||
27 | # FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!) | ||
28 | # https://github.com/netblue30/firejail/issues/955 | ||
29 | private-etc X11,pulse,machine-id | ||
30 | 6 | ||
31 | private-tmp | 7 | # Redirect |
32 | noexec /tmp | 8 | include /etc/firejail/torbrowser-launcher.profile |
33 | shell none | ||
34 | seccomp | ||
35 | noroot | ||
36 | caps.drop all | ||
diff --git a/etc/tor-browser-en-us.profile b/etc/tor-browser-en-us.profile index 762925655..f3ca8a74d 100644 --- a/etc/tor-browser-en-us.profile +++ b/etc/tor-browser-en-us.profile | |||
@@ -1,36 +1,8 @@ | |||
1 | # Firejail profile for tor-browser-en-us from the Arch User Repository: | 1 | # Firejail profile alias for torbrowser-launcher |
2 | # This file is overwritten after every install/update | ||
2 | 3 | ||
3 | 4 | noblacklist ${HOME}/.tor-browser-en-us | |
4 | blacklist /usr/local/bin | ||
5 | blacklist /boot | ||
6 | blacklist /media | ||
7 | blacklist /mnt | ||
8 | blacklist /opt | ||
9 | blacklist /var | ||
10 | |||
11 | private-bin bash,grep,sed,tail,tor-browser-en-us,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr | ||
12 | whitelist ${HOME}/.tor-browser-en-us | 5 | whitelist ${HOME}/.tor-browser-en-us |
13 | whitelist /dev/dri | ||
14 | whitelist /dev/full | ||
15 | whitelist /dev/null | ||
16 | whitelist /dev/ptmx | ||
17 | whitelist /dev/pts | ||
18 | whitelist /dev/random | ||
19 | whitelist /dev/shm | ||
20 | whitelist /dev/snd | ||
21 | whitelist /dev/tty | ||
22 | whitelist /dev/urandom | ||
23 | whitelist /dev/video0 | ||
24 | whitelist /dev/zero | ||
25 | whitelist ~/Downloads | ||
26 | |||
27 | # FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!) | ||
28 | # https://github.com/netblue30/firejail/issues/955 | ||
29 | private-etc X11,pulse,machine-id | ||
30 | 6 | ||
31 | private-tmp | 7 | # Redirect |
32 | noexec /tmp | 8 | include /etc/firejail/torbrowser-launcher.profile |
33 | shell none | ||
34 | seccomp | ||
35 | noroot | ||
36 | caps.drop all | ||
diff --git a/etc/tor-browser-en.profile b/etc/tor-browser-en.profile index b2bd2c5e9..fb2c2f9c9 100644 --- a/etc/tor-browser-en.profile +++ b/etc/tor-browser-en.profile | |||
@@ -1,36 +1,8 @@ | |||
1 | # Firejail profile for tor-browser-en from the Arch User Repository: | 1 | # Firejail profile alias for torbrowser-launcher |
2 | # This file is overwritten after every install/update | ||
2 | 3 | ||
3 | 4 | noblacklist ${HOME}/.tor-browser-en | |
4 | blacklist /usr/local/bin | ||
5 | blacklist /boot | ||
6 | blacklist /media | ||
7 | blacklist /mnt | ||
8 | blacklist /opt | ||
9 | blacklist /var | ||
10 | |||
11 | private-bin bash,grep,sed,tail,tor-browser-en,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr | ||
12 | whitelist ${HOME}/.tor-browser-en | 5 | whitelist ${HOME}/.tor-browser-en |
13 | whitelist /dev/dri | ||
14 | whitelist /dev/full | ||
15 | whitelist /dev/null | ||
16 | whitelist /dev/ptmx | ||
17 | whitelist /dev/pts | ||
18 | whitelist /dev/random | ||
19 | whitelist /dev/shm | ||
20 | whitelist /dev/snd | ||
21 | whitelist /dev/tty | ||
22 | whitelist /dev/urandom | ||
23 | whitelist /dev/video0 | ||
24 | whitelist /dev/zero | ||
25 | whitelist ~/Downloads | ||
26 | |||
27 | # FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!) | ||
28 | # https://github.com/netblue30/firejail/issues/955 | ||
29 | private-etc X11,pulse,machine-id | ||
30 | 6 | ||
31 | private-tmp | 7 | # Redirect |
32 | noexec /tmp | 8 | include /etc/firejail/torbrowser-launcher.profile |
33 | shell none | ||
34 | seccomp | ||
35 | noroot | ||
36 | caps.drop all | ||
diff --git a/etc/tor-browser-es-es.profile b/etc/tor-browser-es-es.profile index f332b2cac..c6c0d6e92 100644 --- a/etc/tor-browser-es-es.profile +++ b/etc/tor-browser-es-es.profile | |||
@@ -1,36 +1,8 @@ | |||
1 | # Firejail profile for tor-browser-es-es from the Arch User Repository: | 1 | # Firejail profile alias for torbrowser-launcher |
2 | # This file is overwritten after every install/update | ||
2 | 3 | ||
4 | noblacklist ${HOME}/.tor-browser-en-es | ||
5 | whitelist ${HOME}/.tor-browser-en-es | ||
3 | 6 | ||
4 | blacklist /usr/local/bin | 7 | # Redirect |
5 | blacklist /boot | 8 | include /etc/firejail/torbrowser-launcher.profile |
6 | blacklist /media | ||
7 | blacklist /mnt | ||
8 | blacklist /opt | ||
9 | blacklist /var | ||
10 | |||
11 | private-bin bash,grep,sed,tail,tor-browser-es-es,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr | ||
12 | whitelist ${HOME}/.tor-browser-es-es | ||
13 | whitelist /dev/dri | ||
14 | whitelist /dev/full | ||
15 | whitelist /dev/null | ||
16 | whitelist /dev/ptmx | ||
17 | whitelist /dev/pts | ||
18 | whitelist /dev/random | ||
19 | whitelist /dev/shm | ||
20 | whitelist /dev/snd | ||
21 | whitelist /dev/tty | ||
22 | whitelist /dev/urandom | ||
23 | whitelist /dev/video0 | ||
24 | whitelist /dev/zero | ||
25 | whitelist ~/Downloads | ||
26 | |||
27 | # FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!) | ||
28 | # https://github.com/netblue30/firejail/issues/955 | ||
29 | private-etc X11,pulse,machine-id | ||
30 | |||
31 | private-tmp | ||
32 | noexec /tmp | ||
33 | shell none | ||
34 | seccomp | ||
35 | noroot | ||
36 | caps.drop all | ||
diff --git a/etc/tor-browser-es.profile b/etc/tor-browser-es.profile index 89cc3b2fe..1fe940f72 100644 --- a/etc/tor-browser-es.profile +++ b/etc/tor-browser-es.profile | |||
@@ -1,36 +1,8 @@ | |||
1 | # Firejail profile for tor-browser-es from the Arch User Repository: | 1 | # Firejail profile alias for torbrowser-launcher |
2 | # This file is overwritten after every install/update | ||
2 | 3 | ||
3 | 4 | noblacklist ${HOME}/.tor-browser-es | |
4 | blacklist /usr/local/bin | ||
5 | blacklist /boot | ||
6 | blacklist /media | ||
7 | blacklist /mnt | ||
8 | blacklist /opt | ||
9 | blacklist /var | ||
10 | |||
11 | private-bin bash,grep,sed,tail,tor-browser-es,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr | ||
12 | whitelist ${HOME}/.tor-browser-es | 5 | whitelist ${HOME}/.tor-browser-es |
13 | whitelist /dev/dri | ||
14 | whitelist /dev/full | ||
15 | whitelist /dev/null | ||
16 | whitelist /dev/ptmx | ||
17 | whitelist /dev/pts | ||
18 | whitelist /dev/random | ||
19 | whitelist /dev/shm | ||
20 | whitelist /dev/snd | ||
21 | whitelist /dev/tty | ||
22 | whitelist /dev/urandom | ||
23 | whitelist /dev/video0 | ||
24 | whitelist /dev/zero | ||
25 | whitelist ~/Downloads | ||
26 | |||
27 | # FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!) | ||
28 | # https://github.com/netblue30/firejail/issues/955 | ||
29 | private-etc X11,pulse,machine-id | ||
30 | 6 | ||
31 | private-tmp | 7 | # Redirect |
32 | noexec /tmp | 8 | include /etc/firejail/torbrowser-launcher.profile |
33 | shell none | ||
34 | seccomp | ||
35 | noroot | ||
36 | caps.drop all | ||
diff --git a/etc/tor-browser-fa.profile b/etc/tor-browser-fa.profile index 7710d0f76..292c82de0 100644 --- a/etc/tor-browser-fa.profile +++ b/etc/tor-browser-fa.profile | |||
@@ -1,36 +1,8 @@ | |||
1 | # Firejail profile for tor-browser-fa from the Arch User Repository: | 1 | # Firejail profile alias for torbrowser-launcher |
2 | # This file is overwritten after every install/update | ||
2 | 3 | ||
3 | 4 | noblacklist ${HOME}/.tor-browser-fa | |
4 | blacklist /usr/local/bin | ||
5 | blacklist /boot | ||
6 | blacklist /media | ||
7 | blacklist /mnt | ||
8 | blacklist /opt | ||
9 | blacklist /var | ||
10 | |||
11 | private-bin bash,grep,sed,tail,tor-browser-fa,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr | ||
12 | whitelist ${HOME}/.tor-browser-fa | 5 | whitelist ${HOME}/.tor-browser-fa |
13 | whitelist /dev/dri | ||
14 | whitelist /dev/full | ||
15 | whitelist /dev/null | ||
16 | whitelist /dev/ptmx | ||
17 | whitelist /dev/pts | ||
18 | whitelist /dev/random | ||
19 | whitelist /dev/shm | ||
20 | whitelist /dev/snd | ||
21 | whitelist /dev/tty | ||
22 | whitelist /dev/urandom | ||
23 | whitelist /dev/video0 | ||
24 | whitelist /dev/zero | ||
25 | whitelist ~/Downloads | ||
26 | |||
27 | # FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!) | ||
28 | # https://github.com/netblue30/firejail/issues/955 | ||
29 | private-etc X11,pulse,machine-id | ||
30 | 6 | ||
31 | private-tmp | 7 | # Redirect |
32 | noexec /tmp | 8 | include /etc/firejail/torbrowser-launcher.profile |
33 | shell none | ||
34 | seccomp | ||
35 | noroot | ||
36 | caps.drop all | ||
diff --git a/etc/tor-browser-fr.profile b/etc/tor-browser-fr.profile index c0fbbb33b..b7b5a3d26 100644 --- a/etc/tor-browser-fr.profile +++ b/etc/tor-browser-fr.profile | |||
@@ -1,36 +1,8 @@ | |||
1 | # Firejail profile for tor-browser-fr from the Arch User Repository: | 1 | # Firejail profile alias for torbrowser-launcher |
2 | # This file is overwritten after every install/update | ||
2 | 3 | ||
3 | 4 | noblacklist ${HOME}/.tor-browser-fr | |
4 | blacklist /usr/local/bin | ||
5 | blacklist /boot | ||
6 | blacklist /media | ||
7 | blacklist /mnt | ||
8 | blacklist /opt | ||
9 | blacklist /var | ||
10 | |||
11 | private-bin bash,grep,sed,tail,tor-browser-fr,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr | ||
12 | whitelist ${HOME}/.tor-browser-fr | 5 | whitelist ${HOME}/.tor-browser-fr |
13 | whitelist /dev/dri | ||
14 | whitelist /dev/full | ||
15 | whitelist /dev/null | ||
16 | whitelist /dev/ptmx | ||
17 | whitelist /dev/pts | ||
18 | whitelist /dev/random | ||
19 | whitelist /dev/shm | ||
20 | whitelist /dev/snd | ||
21 | whitelist /dev/tty | ||
22 | whitelist /dev/urandom | ||
23 | whitelist /dev/video0 | ||
24 | whitelist /dev/zero | ||
25 | whitelist ~/Downloads | ||
26 | |||
27 | # FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!) | ||
28 | # https://github.com/netblue30/firejail/issues/955 | ||
29 | private-etc X11,pulse,machine-id | ||
30 | 6 | ||
31 | private-tmp | 7 | # Redirect |
32 | noexec /tmp | 8 | include /etc/firejail/torbrowser-launcher.profile |
33 | shell none | ||
34 | seccomp | ||
35 | noroot | ||
36 | caps.drop all | ||
diff --git a/etc/tor-browser-it.profile b/etc/tor-browser-it.profile index 1095a6adb..bcaff3305 100644 --- a/etc/tor-browser-it.profile +++ b/etc/tor-browser-it.profile | |||
@@ -1,36 +1,8 @@ | |||
1 | # Firejail profile for tor-browser-it from the Arch User Repository: | 1 | # Firejail profile alias for torbrowser-launcher |
2 | # This file is overwritten after every install/update | ||
2 | 3 | ||
3 | 4 | noblacklist ${HOME}/.tor-browser-it | |
4 | blacklist /usr/local/bin | ||
5 | blacklist /boot | ||
6 | blacklist /media | ||
7 | blacklist /mnt | ||
8 | blacklist /opt | ||
9 | blacklist /var | ||
10 | |||
11 | private-bin bash,grep,sed,tail,tor-browser-it,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr | ||
12 | whitelist ${HOME}/.tor-browser-it | 5 | whitelist ${HOME}/.tor-browser-it |
13 | whitelist /dev/dri | ||
14 | whitelist /dev/full | ||
15 | whitelist /dev/null | ||
16 | whitelist /dev/ptmx | ||
17 | whitelist /dev/pts | ||
18 | whitelist /dev/random | ||
19 | whitelist /dev/shm | ||
20 | whitelist /dev/snd | ||
21 | whitelist /dev/tty | ||
22 | whitelist /dev/urandom | ||
23 | whitelist /dev/video0 | ||
24 | whitelist /dev/zero | ||
25 | whitelist ~/Downloads | ||
26 | |||
27 | # FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!) | ||
28 | # https://github.com/netblue30/firejail/issues/955 | ||
29 | private-etc X11,pulse,machine-id | ||
30 | 6 | ||
31 | private-tmp | 7 | # Redirect |
32 | noexec /tmp | 8 | include /etc/firejail/torbrowser-launcher.profile |
33 | shell none | ||
34 | seccomp | ||
35 | noroot | ||
36 | caps.drop all | ||
diff --git a/etc/tor-browser-ja.profile b/etc/tor-browser-ja.profile index 0f6dcf77f..ffb98b874 100644 --- a/etc/tor-browser-ja.profile +++ b/etc/tor-browser-ja.profile | |||
@@ -1,36 +1,8 @@ | |||
1 | # Firejail profile for tor-browser-ja from the Arch User Repository: | 1 | # Firejail profile alias for torbrowser-launcher |
2 | # This file is overwritten after every install/update | ||
2 | 3 | ||
3 | 4 | noblacklist ${HOME}/.tor-browser-ja | |
4 | blacklist /usr/local/bin | ||
5 | blacklist /boot | ||
6 | blacklist /media | ||
7 | blacklist /mnt | ||
8 | blacklist /opt | ||
9 | blacklist /var | ||
10 | |||
11 | private-bin bash,grep,sed,tail,tor-browser-ja,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr | ||
12 | whitelist ${HOME}/.tor-browser-ja | 5 | whitelist ${HOME}/.tor-browser-ja |
13 | whitelist /dev/dri | ||
14 | whitelist /dev/full | ||
15 | whitelist /dev/null | ||
16 | whitelist /dev/ptmx | ||
17 | whitelist /dev/pts | ||
18 | whitelist /dev/random | ||
19 | whitelist /dev/shm | ||
20 | whitelist /dev/snd | ||
21 | whitelist /dev/tty | ||
22 | whitelist /dev/urandom | ||
23 | whitelist /dev/video0 | ||
24 | whitelist /dev/zero | ||
25 | whitelist ~/Downloads | ||
26 | |||
27 | # FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!) | ||
28 | # https://github.com/netblue30/firejail/issues/955 | ||
29 | private-etc X11,pulse,machine-id | ||
30 | 6 | ||
31 | private-tmp | 7 | # Redirect |
32 | noexec /tmp | 8 | include /etc/firejail/torbrowser-launcher.profile |
33 | shell none | ||
34 | seccomp | ||
35 | noroot | ||
36 | caps.drop all | ||
diff --git a/etc/tor-browser-ko.profile b/etc/tor-browser-ko.profile index 6e87bd24f..c1a29f84e 100644 --- a/etc/tor-browser-ko.profile +++ b/etc/tor-browser-ko.profile | |||
@@ -1,36 +1,8 @@ | |||
1 | # Firejail profile for tor-browser-ko from the Arch User Repository: | 1 | # Firejail profile alias for torbrowser-launcher |
2 | # This file is overwritten after every install/update | ||
2 | 3 | ||
3 | 4 | noblacklist ${HOME}/.tor-browser-ko | |
4 | blacklist /usr/local/bin | ||
5 | blacklist /boot | ||
6 | blacklist /media | ||
7 | blacklist /mnt | ||
8 | blacklist /opt | ||
9 | blacklist /var | ||
10 | |||
11 | private-bin bash,grep,sed,tail,tor-browser-ko,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr | ||
12 | whitelist ${HOME}/.tor-browser-ko | 5 | whitelist ${HOME}/.tor-browser-ko |
13 | whitelist /dev/dri | ||
14 | whitelist /dev/full | ||
15 | whitelist /dev/null | ||
16 | whitelist /dev/ptmx | ||
17 | whitelist /dev/pts | ||
18 | whitelist /dev/random | ||
19 | whitelist /dev/shm | ||
20 | whitelist /dev/snd | ||
21 | whitelist /dev/tty | ||
22 | whitelist /dev/urandom | ||
23 | whitelist /dev/video0 | ||
24 | whitelist /dev/zero | ||
25 | whitelist ~/Downloads | ||
26 | |||
27 | # FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!) | ||
28 | # https://github.com/netblue30/firejail/issues/955 | ||
29 | private-etc X11,pulse,machine-id | ||
30 | 6 | ||
31 | private-tmp | 7 | # Redirect |
32 | noexec /tmp | 8 | include /etc/firejail/torbrowser-launcher.profile |
33 | shell none | ||
34 | seccomp | ||
35 | noroot | ||
36 | caps.drop all | ||
diff --git a/etc/tor-browser-pl.profile b/etc/tor-browser-pl.profile index 06e0315bf..d2b8ea3bc 100644 --- a/etc/tor-browser-pl.profile +++ b/etc/tor-browser-pl.profile | |||
@@ -1,36 +1,8 @@ | |||
1 | # Firejail profile for tor-browser-pl from the Arch User Repository: | 1 | # Firejail profile alias for torbrowser-launcher |
2 | # This file is overwritten after every install/update | ||
2 | 3 | ||
3 | 4 | noblacklist ${HOME}/.tor-browser-pl | |
4 | blacklist /usr/local/bin | ||
5 | blacklist /boot | ||
6 | blacklist /media | ||
7 | blacklist /mnt | ||
8 | blacklist /opt | ||
9 | blacklist /var | ||
10 | |||
11 | private-bin bash,grep,sed,tail,tor-browser-pl,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr | ||
12 | whitelist ${HOME}/.tor-browser-pl | 5 | whitelist ${HOME}/.tor-browser-pl |
13 | whitelist /dev/dri | ||
14 | whitelist /dev/full | ||
15 | whitelist /dev/null | ||
16 | whitelist /dev/ptmx | ||
17 | whitelist /dev/pts | ||
18 | whitelist /dev/random | ||
19 | whitelist /dev/shm | ||
20 | whitelist /dev/snd | ||
21 | whitelist /dev/tty | ||
22 | whitelist /dev/urandom | ||
23 | whitelist /dev/video0 | ||
24 | whitelist /dev/zero | ||
25 | whitelist ~/Downloads | ||
26 | |||
27 | # FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!) | ||
28 | # https://github.com/netblue30/firejail/issues/955 | ||
29 | private-etc X11,pulse,machine-id | ||
30 | 6 | ||
31 | private-tmp | 7 | # Redirect |
32 | noexec /tmp | 8 | include /etc/firejail/torbrowser-launcher.profile |
33 | shell none | ||
34 | seccomp | ||
35 | noroot | ||
36 | caps.drop all | ||
diff --git a/etc/tor-browser-pt-br.profile b/etc/tor-browser-pt-br.profile index dc1da8f61..0b97b5444 100644 --- a/etc/tor-browser-pt-br.profile +++ b/etc/tor-browser-pt-br.profile | |||
@@ -1,36 +1,8 @@ | |||
1 | # Firejail profile for tor-browser-pt-br from the Arch User Repository: | 1 | # Firejail profile alias for torbrowser-launcher |
2 | # This file is overwritten after every install/update | ||
2 | 3 | ||
3 | 4 | noblacklist ${HOME}/.tor-browser-pl | |
4 | blacklist /usr/local/bin | ||
5 | blacklist /boot | ||
6 | blacklist /media | ||
7 | blacklist /mnt | ||
8 | blacklist /opt | ||
9 | blacklist /var | ||
10 | |||
11 | private-bin bash,grep,sed,tail,tor-browser-pt-br,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr | ||
12 | whitelist ${HOME}/.tor-browser-pt-br | 5 | whitelist ${HOME}/.tor-browser-pt-br |
13 | whitelist /dev/dri | ||
14 | whitelist /dev/full | ||
15 | whitelist /dev/null | ||
16 | whitelist /dev/ptmx | ||
17 | whitelist /dev/pts | ||
18 | whitelist /dev/random | ||
19 | whitelist /dev/shm | ||
20 | whitelist /dev/snd | ||
21 | whitelist /dev/tty | ||
22 | whitelist /dev/urandom | ||
23 | whitelist /dev/video0 | ||
24 | whitelist /dev/zero | ||
25 | whitelist ~/Downloads | ||
26 | |||
27 | # FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!) | ||
28 | # https://github.com/netblue30/firejail/issues/955 | ||
29 | private-etc X11,pulse,machine-id | ||
30 | 6 | ||
31 | private-tmp | 7 | # Redirect |
32 | noexec /tmp | 8 | include /etc/firejail/torbrowser-launcher.profile |
33 | shell none | ||
34 | seccomp | ||
35 | noroot | ||
36 | caps.drop all | ||
diff --git a/etc/tor-browser-ru.profile b/etc/tor-browser-ru.profile index 616736da8..21c6bc042 100644 --- a/etc/tor-browser-ru.profile +++ b/etc/tor-browser-ru.profile | |||
@@ -1,36 +1,8 @@ | |||
1 | # Firejail profile for tor-browser-ru from the Arch User Repository: | 1 | # Firejail profile alias for torbrowser-launcher |
2 | # This file is overwritten after every install/update | ||
2 | 3 | ||
3 | 4 | noblacklist ${HOME}/.tor-browser-ru | |
4 | blacklist /usr/local/bin | ||
5 | blacklist /boot | ||
6 | blacklist /media | ||
7 | blacklist /mnt | ||
8 | blacklist /opt | ||
9 | blacklist /var | ||
10 | |||
11 | private-bin bash,grep,sed,tail,tor-browser-ru,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr | ||
12 | whitelist ${HOME}/.tor-browser-ru | 5 | whitelist ${HOME}/.tor-browser-ru |
13 | whitelist /dev/dri | ||
14 | whitelist /dev/full | ||
15 | whitelist /dev/null | ||
16 | whitelist /dev/ptmx | ||
17 | whitelist /dev/pts | ||
18 | whitelist /dev/random | ||
19 | whitelist /dev/shm | ||
20 | whitelist /dev/snd | ||
21 | whitelist /dev/tty | ||
22 | whitelist /dev/urandom | ||
23 | whitelist /dev/video0 | ||
24 | whitelist /dev/zero | ||
25 | whitelist ~/Downloads | ||
26 | |||
27 | # FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!) | ||
28 | # https://github.com/netblue30/firejail/issues/955 | ||
29 | private-etc X11,pulse,machine-id | ||
30 | 6 | ||
31 | private-tmp | 7 | # Redirect |
32 | noexec /tmp | 8 | include /etc/firejail/torbrowser-launcher.profile |
33 | shell none | ||
34 | seccomp | ||
35 | noroot | ||
36 | caps.drop all | ||
diff --git a/etc/tor-browser-vi.profile b/etc/tor-browser-vi.profile index bf5292c2e..b0284814c 100644 --- a/etc/tor-browser-vi.profile +++ b/etc/tor-browser-vi.profile | |||
@@ -1,36 +1,8 @@ | |||
1 | # Firejail profile for tor-browser-vi from the Arch User Repository: | 1 | # Firejail profile alias for torbrowser-launcher |
2 | # This file is overwritten after every install/update | ||
2 | 3 | ||
3 | 4 | noblacklist ${HOME}/.tor-browser-vi | |
4 | blacklist /usr/local/bin | ||
5 | blacklist /boot | ||
6 | blacklist /media | ||
7 | blacklist /mnt | ||
8 | blacklist /opt | ||
9 | blacklist /var | ||
10 | |||
11 | private-bin bash,grep,sed,tail,tor-browser-vi,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr | ||
12 | whitelist ${HOME}/.tor-browser-vi | 5 | whitelist ${HOME}/.tor-browser-vi |
13 | whitelist /dev/dri | ||
14 | whitelist /dev/full | ||
15 | whitelist /dev/null | ||
16 | whitelist /dev/ptmx | ||
17 | whitelist /dev/pts | ||
18 | whitelist /dev/random | ||
19 | whitelist /dev/shm | ||
20 | whitelist /dev/snd | ||
21 | whitelist /dev/tty | ||
22 | whitelist /dev/urandom | ||
23 | whitelist /dev/video0 | ||
24 | whitelist /dev/zero | ||
25 | whitelist ~/Downloads | ||
26 | |||
27 | # FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!) | ||
28 | # https://github.com/netblue30/firejail/issues/955 | ||
29 | private-etc X11,pulse,machine-id | ||
30 | 6 | ||
31 | private-tmp | 7 | # Redirect |
32 | noexec /tmp | 8 | include /etc/firejail/torbrowser-launcher.profile |
33 | shell none | ||
34 | seccomp | ||
35 | noroot | ||
36 | caps.drop all | ||
diff --git a/etc/tor-browser-zh-cn.profile b/etc/tor-browser-zh-cn.profile index af04674f0..330574dd3 100644 --- a/etc/tor-browser-zh-cn.profile +++ b/etc/tor-browser-zh-cn.profile | |||
@@ -1,36 +1,8 @@ | |||
1 | # Firejail profile for tor-browser-zh-cn from the Arch User Repository: | 1 | # Firejail profile alias for torbrowser-launcher |
2 | # This file is overwritten after every install/update | ||
2 | 3 | ||
3 | 4 | noblacklist ${HOME}/.tor-browser-zh-cn | |
4 | blacklist /usr/local/bin | ||
5 | blacklist /boot | ||
6 | blacklist /media | ||
7 | blacklist /mnt | ||
8 | blacklist /opt | ||
9 | blacklist /var | ||
10 | |||
11 | private-bin bash,grep,sed,tail,tor-browser-zh-cn,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr | ||
12 | whitelist ${HOME}/.tor-browser-zh-cn | 5 | whitelist ${HOME}/.tor-browser-zh-cn |
13 | whitelist /dev/dri | ||
14 | whitelist /dev/full | ||
15 | whitelist /dev/null | ||
16 | whitelist /dev/ptmx | ||
17 | whitelist /dev/pts | ||
18 | whitelist /dev/random | ||
19 | whitelist /dev/shm | ||
20 | whitelist /dev/snd | ||
21 | whitelist /dev/tty | ||
22 | whitelist /dev/urandom | ||
23 | whitelist /dev/video0 | ||
24 | whitelist /dev/zero | ||
25 | whitelist ~/Downloads | ||
26 | |||
27 | # FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!) | ||
28 | # https://github.com/netblue30/firejail/issues/955 | ||
29 | private-etc X11,pulse,machine-id | ||
30 | 6 | ||
31 | private-tmp | 7 | # Redirect |
32 | noexec /tmp | 8 | include /etc/firejail/torbrowser-launcher.profile |
33 | shell none | ||
34 | seccomp | ||
35 | noroot | ||
36 | caps.drop all | ||
diff --git a/etc/torbrowser-launcher.profile b/etc/torbrowser-launcher.profile index 81938ca57..51a5d7735 100644 --- a/etc/torbrowser-launcher.profile +++ b/etc/torbrowser-launcher.profile | |||
@@ -5,7 +5,6 @@ include /etc/firejail/torbrowser-launcher.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.tor-browser-en | ||
9 | noblacklist ${HOME}/.config/torbrowser | 8 | noblacklist ${HOME}/.config/torbrowser |
10 | noblacklist ${HOME}/.local/share/torbrowser | 9 | noblacklist ${HOME}/.local/share/torbrowser |
11 | 10 | ||
@@ -14,7 +13,6 @@ include /etc/firejail/disable-devel.inc | |||
14 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
16 | 15 | ||
17 | whitelist ${HOME}/.tor-browser-en | ||
18 | whitelist ${HOME}/.config/torbrowser | 16 | whitelist ${HOME}/.config/torbrowser |
19 | whitelist ${HOME}/.local/share/torbrowser | 17 | whitelist ${HOME}/.local/share/torbrowser |
20 | include /etc/firejail/whitelist-common.inc | 18 | include /etc/firejail/whitelist-common.inc |