diff options
author | Your Name <you@example.com> | 2017-12-30 16:34:44 -0400 |
---|---|---|
committer | Your Name <you@example.com> | 2017-12-30 16:34:44 -0400 |
commit | dbb8a4568ec21b563cf6face932add5af4144334 (patch) | |
tree | 3ba4f8a156584f358dd0bbf8841af941a7b364dc /etc | |
parent | README (diff) | |
download | firejail-dbb8a4568ec21b563cf6face932add5af4144334.tar.gz firejail-dbb8a4568ec21b563cf6face932add5af4144334.tar.zst firejail-dbb8a4568ec21b563cf6face932add5af4144334.zip |
tor flavours
Diffstat (limited to 'etc')
-rw-r--r-- | etc/tor-browser-ar.profile | 36 | ||||
-rw-r--r-- | etc/tor-browser-en-us.profile | 36 | ||||
-rw-r--r-- | etc/tor-browser-en.profile | 38 | ||||
-rw-r--r-- | etc/tor-browser-es-es.profile | 36 | ||||
-rw-r--r-- | etc/tor-browser-es.profile | 36 | ||||
-rw-r--r-- | etc/tor-browser-fa.profile | 36 | ||||
-rw-r--r-- | etc/tor-browser-fr.profile | 36 | ||||
-rw-r--r-- | etc/tor-browser-it.profile | 36 | ||||
-rw-r--r-- | etc/tor-browser-ja.profile | 36 | ||||
-rw-r--r-- | etc/tor-browser-ko.profile | 36 | ||||
-rw-r--r-- | etc/tor-browser-pl.profile | 36 | ||||
-rw-r--r-- | etc/tor-browser-pt-br.profile | 36 | ||||
-rw-r--r-- | etc/tor-browser-ru.profile | 36 | ||||
-rw-r--r-- | etc/tor-browser-vi.profile | 36 | ||||
-rw-r--r-- | etc/tor-browser-zh-cn.profile | 36 |
15 files changed, 538 insertions, 4 deletions
diff --git a/etc/tor-browser-ar.profile b/etc/tor-browser-ar.profile new file mode 100644 index 000000000..4f635166a --- /dev/null +++ b/etc/tor-browser-ar.profile | |||
@@ -0,0 +1,36 @@ | |||
1 | # Firejail profile for tor-browser-ar from the Arch User Repository: | ||
2 | |||
3 | |||
4 | blacklist /usr/local/bin | ||
5 | blacklist /boot | ||
6 | blacklist /media | ||
7 | blacklist /mnt | ||
8 | blacklist /opt | ||
9 | blacklist /var | ||
10 | |||
11 | private-bin bash,grep,sed,tail,tor-browser-ar,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr | ||
12 | whitelist ${HOME}/.tor-browser-ar | ||
13 | whitelist /dev/dri | ||
14 | whitelist /dev/full | ||
15 | whitelist /dev/null | ||
16 | whitelist /dev/ptmx | ||
17 | whitelist /dev/pts | ||
18 | whitelist /dev/random | ||
19 | whitelist /dev/shm | ||
20 | whitelist /dev/snd | ||
21 | whitelist /dev/tty | ||
22 | whitelist /dev/urandom | ||
23 | whitelist /dev/video0 | ||
24 | whitelist /dev/zero | ||
25 | whitelist ~/Downloads | ||
26 | |||
27 | # FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!) | ||
28 | # https://github.com/netblue30/firejail/issues/955 | ||
29 | private-etc X11,pulse,machine-id | ||
30 | |||
31 | private-tmp | ||
32 | noexec /tmp | ||
33 | shell none | ||
34 | seccomp | ||
35 | noroot | ||
36 | caps.drop all | ||
diff --git a/etc/tor-browser-en-us.profile b/etc/tor-browser-en-us.profile new file mode 100644 index 000000000..762925655 --- /dev/null +++ b/etc/tor-browser-en-us.profile | |||
@@ -0,0 +1,36 @@ | |||
1 | # Firejail profile for tor-browser-en-us from the Arch User Repository: | ||
2 | |||
3 | |||
4 | blacklist /usr/local/bin | ||
5 | blacklist /boot | ||
6 | blacklist /media | ||
7 | blacklist /mnt | ||
8 | blacklist /opt | ||
9 | blacklist /var | ||
10 | |||
11 | private-bin bash,grep,sed,tail,tor-browser-en-us,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr | ||
12 | whitelist ${HOME}/.tor-browser-en-us | ||
13 | whitelist /dev/dri | ||
14 | whitelist /dev/full | ||
15 | whitelist /dev/null | ||
16 | whitelist /dev/ptmx | ||
17 | whitelist /dev/pts | ||
18 | whitelist /dev/random | ||
19 | whitelist /dev/shm | ||
20 | whitelist /dev/snd | ||
21 | whitelist /dev/tty | ||
22 | whitelist /dev/urandom | ||
23 | whitelist /dev/video0 | ||
24 | whitelist /dev/zero | ||
25 | whitelist ~/Downloads | ||
26 | |||
27 | # FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!) | ||
28 | # https://github.com/netblue30/firejail/issues/955 | ||
29 | private-etc X11,pulse,machine-id | ||
30 | |||
31 | private-tmp | ||
32 | noexec /tmp | ||
33 | shell none | ||
34 | seccomp | ||
35 | noroot | ||
36 | caps.drop all | ||
diff --git a/etc/tor-browser-en.profile b/etc/tor-browser-en.profile index bf3a80139..b2bd2c5e9 100644 --- a/etc/tor-browser-en.profile +++ b/etc/tor-browser-en.profile | |||
@@ -1,6 +1,36 @@ | |||
1 | # Firejail profile alias for torbrowser-launcher | 1 | # Firejail profile for tor-browser-en from the Arch User Repository: |
2 | # This file is overwritten after every install/update | ||
3 | 2 | ||
4 | 3 | ||
5 | # Redirect | 4 | blacklist /usr/local/bin |
6 | include /etc/firejail/torbrowser-launcher.profile | 5 | blacklist /boot |
6 | blacklist /media | ||
7 | blacklist /mnt | ||
8 | blacklist /opt | ||
9 | blacklist /var | ||
10 | |||
11 | private-bin bash,grep,sed,tail,tor-browser-en,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr | ||
12 | whitelist ${HOME}/.tor-browser-en | ||
13 | whitelist /dev/dri | ||
14 | whitelist /dev/full | ||
15 | whitelist /dev/null | ||
16 | whitelist /dev/ptmx | ||
17 | whitelist /dev/pts | ||
18 | whitelist /dev/random | ||
19 | whitelist /dev/shm | ||
20 | whitelist /dev/snd | ||
21 | whitelist /dev/tty | ||
22 | whitelist /dev/urandom | ||
23 | whitelist /dev/video0 | ||
24 | whitelist /dev/zero | ||
25 | whitelist ~/Downloads | ||
26 | |||
27 | # FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!) | ||
28 | # https://github.com/netblue30/firejail/issues/955 | ||
29 | private-etc X11,pulse,machine-id | ||
30 | |||
31 | private-tmp | ||
32 | noexec /tmp | ||
33 | shell none | ||
34 | seccomp | ||
35 | noroot | ||
36 | caps.drop all | ||
diff --git a/etc/tor-browser-es-es.profile b/etc/tor-browser-es-es.profile new file mode 100644 index 000000000..f332b2cac --- /dev/null +++ b/etc/tor-browser-es-es.profile | |||
@@ -0,0 +1,36 @@ | |||
1 | # Firejail profile for tor-browser-es-es from the Arch User Repository: | ||
2 | |||
3 | |||
4 | blacklist /usr/local/bin | ||
5 | blacklist /boot | ||
6 | blacklist /media | ||
7 | blacklist /mnt | ||
8 | blacklist /opt | ||
9 | blacklist /var | ||
10 | |||
11 | private-bin bash,grep,sed,tail,tor-browser-es-es,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr | ||
12 | whitelist ${HOME}/.tor-browser-es-es | ||
13 | whitelist /dev/dri | ||
14 | whitelist /dev/full | ||
15 | whitelist /dev/null | ||
16 | whitelist /dev/ptmx | ||
17 | whitelist /dev/pts | ||
18 | whitelist /dev/random | ||
19 | whitelist /dev/shm | ||
20 | whitelist /dev/snd | ||
21 | whitelist /dev/tty | ||
22 | whitelist /dev/urandom | ||
23 | whitelist /dev/video0 | ||
24 | whitelist /dev/zero | ||
25 | whitelist ~/Downloads | ||
26 | |||
27 | # FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!) | ||
28 | # https://github.com/netblue30/firejail/issues/955 | ||
29 | private-etc X11,pulse,machine-id | ||
30 | |||
31 | private-tmp | ||
32 | noexec /tmp | ||
33 | shell none | ||
34 | seccomp | ||
35 | noroot | ||
36 | caps.drop all | ||
diff --git a/etc/tor-browser-es.profile b/etc/tor-browser-es.profile new file mode 100644 index 000000000..89cc3b2fe --- /dev/null +++ b/etc/tor-browser-es.profile | |||
@@ -0,0 +1,36 @@ | |||
1 | # Firejail profile for tor-browser-es from the Arch User Repository: | ||
2 | |||
3 | |||
4 | blacklist /usr/local/bin | ||
5 | blacklist /boot | ||
6 | blacklist /media | ||
7 | blacklist /mnt | ||
8 | blacklist /opt | ||
9 | blacklist /var | ||
10 | |||
11 | private-bin bash,grep,sed,tail,tor-browser-es,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr | ||
12 | whitelist ${HOME}/.tor-browser-es | ||
13 | whitelist /dev/dri | ||
14 | whitelist /dev/full | ||
15 | whitelist /dev/null | ||
16 | whitelist /dev/ptmx | ||
17 | whitelist /dev/pts | ||
18 | whitelist /dev/random | ||
19 | whitelist /dev/shm | ||
20 | whitelist /dev/snd | ||
21 | whitelist /dev/tty | ||
22 | whitelist /dev/urandom | ||
23 | whitelist /dev/video0 | ||
24 | whitelist /dev/zero | ||
25 | whitelist ~/Downloads | ||
26 | |||
27 | # FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!) | ||
28 | # https://github.com/netblue30/firejail/issues/955 | ||
29 | private-etc X11,pulse,machine-id | ||
30 | |||
31 | private-tmp | ||
32 | noexec /tmp | ||
33 | shell none | ||
34 | seccomp | ||
35 | noroot | ||
36 | caps.drop all | ||
diff --git a/etc/tor-browser-fa.profile b/etc/tor-browser-fa.profile new file mode 100644 index 000000000..7710d0f76 --- /dev/null +++ b/etc/tor-browser-fa.profile | |||
@@ -0,0 +1,36 @@ | |||
1 | # Firejail profile for tor-browser-fa from the Arch User Repository: | ||
2 | |||
3 | |||
4 | blacklist /usr/local/bin | ||
5 | blacklist /boot | ||
6 | blacklist /media | ||
7 | blacklist /mnt | ||
8 | blacklist /opt | ||
9 | blacklist /var | ||
10 | |||
11 | private-bin bash,grep,sed,tail,tor-browser-fa,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr | ||
12 | whitelist ${HOME}/.tor-browser-fa | ||
13 | whitelist /dev/dri | ||
14 | whitelist /dev/full | ||
15 | whitelist /dev/null | ||
16 | whitelist /dev/ptmx | ||
17 | whitelist /dev/pts | ||
18 | whitelist /dev/random | ||
19 | whitelist /dev/shm | ||
20 | whitelist /dev/snd | ||
21 | whitelist /dev/tty | ||
22 | whitelist /dev/urandom | ||
23 | whitelist /dev/video0 | ||
24 | whitelist /dev/zero | ||
25 | whitelist ~/Downloads | ||
26 | |||
27 | # FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!) | ||
28 | # https://github.com/netblue30/firejail/issues/955 | ||
29 | private-etc X11,pulse,machine-id | ||
30 | |||
31 | private-tmp | ||
32 | noexec /tmp | ||
33 | shell none | ||
34 | seccomp | ||
35 | noroot | ||
36 | caps.drop all | ||
diff --git a/etc/tor-browser-fr.profile b/etc/tor-browser-fr.profile new file mode 100644 index 000000000..c0fbbb33b --- /dev/null +++ b/etc/tor-browser-fr.profile | |||
@@ -0,0 +1,36 @@ | |||
1 | # Firejail profile for tor-browser-fr from the Arch User Repository: | ||
2 | |||
3 | |||
4 | blacklist /usr/local/bin | ||
5 | blacklist /boot | ||
6 | blacklist /media | ||
7 | blacklist /mnt | ||
8 | blacklist /opt | ||
9 | blacklist /var | ||
10 | |||
11 | private-bin bash,grep,sed,tail,tor-browser-fr,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr | ||
12 | whitelist ${HOME}/.tor-browser-fr | ||
13 | whitelist /dev/dri | ||
14 | whitelist /dev/full | ||
15 | whitelist /dev/null | ||
16 | whitelist /dev/ptmx | ||
17 | whitelist /dev/pts | ||
18 | whitelist /dev/random | ||
19 | whitelist /dev/shm | ||
20 | whitelist /dev/snd | ||
21 | whitelist /dev/tty | ||
22 | whitelist /dev/urandom | ||
23 | whitelist /dev/video0 | ||
24 | whitelist /dev/zero | ||
25 | whitelist ~/Downloads | ||
26 | |||
27 | # FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!) | ||
28 | # https://github.com/netblue30/firejail/issues/955 | ||
29 | private-etc X11,pulse,machine-id | ||
30 | |||
31 | private-tmp | ||
32 | noexec /tmp | ||
33 | shell none | ||
34 | seccomp | ||
35 | noroot | ||
36 | caps.drop all | ||
diff --git a/etc/tor-browser-it.profile b/etc/tor-browser-it.profile new file mode 100644 index 000000000..1095a6adb --- /dev/null +++ b/etc/tor-browser-it.profile | |||
@@ -0,0 +1,36 @@ | |||
1 | # Firejail profile for tor-browser-it from the Arch User Repository: | ||
2 | |||
3 | |||
4 | blacklist /usr/local/bin | ||
5 | blacklist /boot | ||
6 | blacklist /media | ||
7 | blacklist /mnt | ||
8 | blacklist /opt | ||
9 | blacklist /var | ||
10 | |||
11 | private-bin bash,grep,sed,tail,tor-browser-it,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr | ||
12 | whitelist ${HOME}/.tor-browser-it | ||
13 | whitelist /dev/dri | ||
14 | whitelist /dev/full | ||
15 | whitelist /dev/null | ||
16 | whitelist /dev/ptmx | ||
17 | whitelist /dev/pts | ||
18 | whitelist /dev/random | ||
19 | whitelist /dev/shm | ||
20 | whitelist /dev/snd | ||
21 | whitelist /dev/tty | ||
22 | whitelist /dev/urandom | ||
23 | whitelist /dev/video0 | ||
24 | whitelist /dev/zero | ||
25 | whitelist ~/Downloads | ||
26 | |||
27 | # FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!) | ||
28 | # https://github.com/netblue30/firejail/issues/955 | ||
29 | private-etc X11,pulse,machine-id | ||
30 | |||
31 | private-tmp | ||
32 | noexec /tmp | ||
33 | shell none | ||
34 | seccomp | ||
35 | noroot | ||
36 | caps.drop all | ||
diff --git a/etc/tor-browser-ja.profile b/etc/tor-browser-ja.profile new file mode 100644 index 000000000..0f6dcf77f --- /dev/null +++ b/etc/tor-browser-ja.profile | |||
@@ -0,0 +1,36 @@ | |||
1 | # Firejail profile for tor-browser-ja from the Arch User Repository: | ||
2 | |||
3 | |||
4 | blacklist /usr/local/bin | ||
5 | blacklist /boot | ||
6 | blacklist /media | ||
7 | blacklist /mnt | ||
8 | blacklist /opt | ||
9 | blacklist /var | ||
10 | |||
11 | private-bin bash,grep,sed,tail,tor-browser-ja,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr | ||
12 | whitelist ${HOME}/.tor-browser-ja | ||
13 | whitelist /dev/dri | ||
14 | whitelist /dev/full | ||
15 | whitelist /dev/null | ||
16 | whitelist /dev/ptmx | ||
17 | whitelist /dev/pts | ||
18 | whitelist /dev/random | ||
19 | whitelist /dev/shm | ||
20 | whitelist /dev/snd | ||
21 | whitelist /dev/tty | ||
22 | whitelist /dev/urandom | ||
23 | whitelist /dev/video0 | ||
24 | whitelist /dev/zero | ||
25 | whitelist ~/Downloads | ||
26 | |||
27 | # FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!) | ||
28 | # https://github.com/netblue30/firejail/issues/955 | ||
29 | private-etc X11,pulse,machine-id | ||
30 | |||
31 | private-tmp | ||
32 | noexec /tmp | ||
33 | shell none | ||
34 | seccomp | ||
35 | noroot | ||
36 | caps.drop all | ||
diff --git a/etc/tor-browser-ko.profile b/etc/tor-browser-ko.profile new file mode 100644 index 000000000..6e87bd24f --- /dev/null +++ b/etc/tor-browser-ko.profile | |||
@@ -0,0 +1,36 @@ | |||
1 | # Firejail profile for tor-browser-ko from the Arch User Repository: | ||
2 | |||
3 | |||
4 | blacklist /usr/local/bin | ||
5 | blacklist /boot | ||
6 | blacklist /media | ||
7 | blacklist /mnt | ||
8 | blacklist /opt | ||
9 | blacklist /var | ||
10 | |||
11 | private-bin bash,grep,sed,tail,tor-browser-ko,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr | ||
12 | whitelist ${HOME}/.tor-browser-ko | ||
13 | whitelist /dev/dri | ||
14 | whitelist /dev/full | ||
15 | whitelist /dev/null | ||
16 | whitelist /dev/ptmx | ||
17 | whitelist /dev/pts | ||
18 | whitelist /dev/random | ||
19 | whitelist /dev/shm | ||
20 | whitelist /dev/snd | ||
21 | whitelist /dev/tty | ||
22 | whitelist /dev/urandom | ||
23 | whitelist /dev/video0 | ||
24 | whitelist /dev/zero | ||
25 | whitelist ~/Downloads | ||
26 | |||
27 | # FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!) | ||
28 | # https://github.com/netblue30/firejail/issues/955 | ||
29 | private-etc X11,pulse,machine-id | ||
30 | |||
31 | private-tmp | ||
32 | noexec /tmp | ||
33 | shell none | ||
34 | seccomp | ||
35 | noroot | ||
36 | caps.drop all | ||
diff --git a/etc/tor-browser-pl.profile b/etc/tor-browser-pl.profile new file mode 100644 index 000000000..06e0315bf --- /dev/null +++ b/etc/tor-browser-pl.profile | |||
@@ -0,0 +1,36 @@ | |||
1 | # Firejail profile for tor-browser-pl from the Arch User Repository: | ||
2 | |||
3 | |||
4 | blacklist /usr/local/bin | ||
5 | blacklist /boot | ||
6 | blacklist /media | ||
7 | blacklist /mnt | ||
8 | blacklist /opt | ||
9 | blacklist /var | ||
10 | |||
11 | private-bin bash,grep,sed,tail,tor-browser-pl,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr | ||
12 | whitelist ${HOME}/.tor-browser-pl | ||
13 | whitelist /dev/dri | ||
14 | whitelist /dev/full | ||
15 | whitelist /dev/null | ||
16 | whitelist /dev/ptmx | ||
17 | whitelist /dev/pts | ||
18 | whitelist /dev/random | ||
19 | whitelist /dev/shm | ||
20 | whitelist /dev/snd | ||
21 | whitelist /dev/tty | ||
22 | whitelist /dev/urandom | ||
23 | whitelist /dev/video0 | ||
24 | whitelist /dev/zero | ||
25 | whitelist ~/Downloads | ||
26 | |||
27 | # FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!) | ||
28 | # https://github.com/netblue30/firejail/issues/955 | ||
29 | private-etc X11,pulse,machine-id | ||
30 | |||
31 | private-tmp | ||
32 | noexec /tmp | ||
33 | shell none | ||
34 | seccomp | ||
35 | noroot | ||
36 | caps.drop all | ||
diff --git a/etc/tor-browser-pt-br.profile b/etc/tor-browser-pt-br.profile new file mode 100644 index 000000000..dc1da8f61 --- /dev/null +++ b/etc/tor-browser-pt-br.profile | |||
@@ -0,0 +1,36 @@ | |||
1 | # Firejail profile for tor-browser-pt-br from the Arch User Repository: | ||
2 | |||
3 | |||
4 | blacklist /usr/local/bin | ||
5 | blacklist /boot | ||
6 | blacklist /media | ||
7 | blacklist /mnt | ||
8 | blacklist /opt | ||
9 | blacklist /var | ||
10 | |||
11 | private-bin bash,grep,sed,tail,tor-browser-pt-br,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr | ||
12 | whitelist ${HOME}/.tor-browser-pt-br | ||
13 | whitelist /dev/dri | ||
14 | whitelist /dev/full | ||
15 | whitelist /dev/null | ||
16 | whitelist /dev/ptmx | ||
17 | whitelist /dev/pts | ||
18 | whitelist /dev/random | ||
19 | whitelist /dev/shm | ||
20 | whitelist /dev/snd | ||
21 | whitelist /dev/tty | ||
22 | whitelist /dev/urandom | ||
23 | whitelist /dev/video0 | ||
24 | whitelist /dev/zero | ||
25 | whitelist ~/Downloads | ||
26 | |||
27 | # FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!) | ||
28 | # https://github.com/netblue30/firejail/issues/955 | ||
29 | private-etc X11,pulse,machine-id | ||
30 | |||
31 | private-tmp | ||
32 | noexec /tmp | ||
33 | shell none | ||
34 | seccomp | ||
35 | noroot | ||
36 | caps.drop all | ||
diff --git a/etc/tor-browser-ru.profile b/etc/tor-browser-ru.profile new file mode 100644 index 000000000..616736da8 --- /dev/null +++ b/etc/tor-browser-ru.profile | |||
@@ -0,0 +1,36 @@ | |||
1 | # Firejail profile for tor-browser-ru from the Arch User Repository: | ||
2 | |||
3 | |||
4 | blacklist /usr/local/bin | ||
5 | blacklist /boot | ||
6 | blacklist /media | ||
7 | blacklist /mnt | ||
8 | blacklist /opt | ||
9 | blacklist /var | ||
10 | |||
11 | private-bin bash,grep,sed,tail,tor-browser-ru,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr | ||
12 | whitelist ${HOME}/.tor-browser-ru | ||
13 | whitelist /dev/dri | ||
14 | whitelist /dev/full | ||
15 | whitelist /dev/null | ||
16 | whitelist /dev/ptmx | ||
17 | whitelist /dev/pts | ||
18 | whitelist /dev/random | ||
19 | whitelist /dev/shm | ||
20 | whitelist /dev/snd | ||
21 | whitelist /dev/tty | ||
22 | whitelist /dev/urandom | ||
23 | whitelist /dev/video0 | ||
24 | whitelist /dev/zero | ||
25 | whitelist ~/Downloads | ||
26 | |||
27 | # FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!) | ||
28 | # https://github.com/netblue30/firejail/issues/955 | ||
29 | private-etc X11,pulse,machine-id | ||
30 | |||
31 | private-tmp | ||
32 | noexec /tmp | ||
33 | shell none | ||
34 | seccomp | ||
35 | noroot | ||
36 | caps.drop all | ||
diff --git a/etc/tor-browser-vi.profile b/etc/tor-browser-vi.profile new file mode 100644 index 000000000..bf5292c2e --- /dev/null +++ b/etc/tor-browser-vi.profile | |||
@@ -0,0 +1,36 @@ | |||
1 | # Firejail profile for tor-browser-vi from the Arch User Repository: | ||
2 | |||
3 | |||
4 | blacklist /usr/local/bin | ||
5 | blacklist /boot | ||
6 | blacklist /media | ||
7 | blacklist /mnt | ||
8 | blacklist /opt | ||
9 | blacklist /var | ||
10 | |||
11 | private-bin bash,grep,sed,tail,tor-browser-vi,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr | ||
12 | whitelist ${HOME}/.tor-browser-vi | ||
13 | whitelist /dev/dri | ||
14 | whitelist /dev/full | ||
15 | whitelist /dev/null | ||
16 | whitelist /dev/ptmx | ||
17 | whitelist /dev/pts | ||
18 | whitelist /dev/random | ||
19 | whitelist /dev/shm | ||
20 | whitelist /dev/snd | ||
21 | whitelist /dev/tty | ||
22 | whitelist /dev/urandom | ||
23 | whitelist /dev/video0 | ||
24 | whitelist /dev/zero | ||
25 | whitelist ~/Downloads | ||
26 | |||
27 | # FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!) | ||
28 | # https://github.com/netblue30/firejail/issues/955 | ||
29 | private-etc X11,pulse,machine-id | ||
30 | |||
31 | private-tmp | ||
32 | noexec /tmp | ||
33 | shell none | ||
34 | seccomp | ||
35 | noroot | ||
36 | caps.drop all | ||
diff --git a/etc/tor-browser-zh-cn.profile b/etc/tor-browser-zh-cn.profile new file mode 100644 index 000000000..af04674f0 --- /dev/null +++ b/etc/tor-browser-zh-cn.profile | |||
@@ -0,0 +1,36 @@ | |||
1 | # Firejail profile for tor-browser-zh-cn from the Arch User Repository: | ||
2 | |||
3 | |||
4 | blacklist /usr/local/bin | ||
5 | blacklist /boot | ||
6 | blacklist /media | ||
7 | blacklist /mnt | ||
8 | blacklist /opt | ||
9 | blacklist /var | ||
10 | |||
11 | private-bin bash,grep,sed,tail,tor-browser-zh-cn,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr | ||
12 | whitelist ${HOME}/.tor-browser-zh-cn | ||
13 | whitelist /dev/dri | ||
14 | whitelist /dev/full | ||
15 | whitelist /dev/null | ||
16 | whitelist /dev/ptmx | ||
17 | whitelist /dev/pts | ||
18 | whitelist /dev/random | ||
19 | whitelist /dev/shm | ||
20 | whitelist /dev/snd | ||
21 | whitelist /dev/tty | ||
22 | whitelist /dev/urandom | ||
23 | whitelist /dev/video0 | ||
24 | whitelist /dev/zero | ||
25 | whitelist ~/Downloads | ||
26 | |||
27 | # FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!) | ||
28 | # https://github.com/netblue30/firejail/issues/955 | ||
29 | private-etc X11,pulse,machine-id | ||
30 | |||
31 | private-tmp | ||
32 | noexec /tmp | ||
33 | shell none | ||
34 | seccomp | ||
35 | noroot | ||
36 | caps.drop all | ||