Add novideo and noexec /tmp to tor browsers

author: Tad <tad@spotco.us> 2017-08-14 13:40:58 -0400
committer: Tad <tad@spotco.us> 2017-08-14 13:40:58 -0400
commit: 437764a4679c5246f218764b79cc9e875ce84fb8 (patch)
tree: ccdc0f5b89a77d264c17d9e1c2aa11dc355f717d /etc
parent: Typo (diff)
download: firejail-437764a4679c5246f218764b79cc9e875ce84fb8.tar.gz
firejail-437764a4679c5246f218764b79cc9e875ce84fb8.tar.zst
firejail-437764a4679c5246f218764b79cc9e875ce84fb8.zip
2 files changed, 5 insertions, 2 deletions
diff --git a/etc/start-tor-browser.profile b/etc/start-tor-browser.profile
index ca521e08c..e12a38164 100644
--- a/etc/start-tor-browser.profile
+++ b/etc/start-tor-browser.profile
@@ -18,6 +18,7 @@ nogroups
 nonewprivs
 noroot
 notv
+novideo
 protocol unix,inet,inet6
 seccomp
 shell none
@@ -27,3 +28,5 @@ private-bin bash,dash,sh,grep,tail,env,gpg,id,readlink,dirname,test,mkdir,ln,sed
 private-dev
 private-etc fonts
 private-tmp
+noexec /tmp
diff --git a/etc/torbrowser-launcher.profile b/etc/torbrowser-launcher.profile
index 8ae0c56c1..763c2d051 100644
--- a/etc/torbrowser-launcher.profile
+++ b/etc/torbrowser-launcher.profile
@@ -11,13 +11,11 @@ whitelist ~/.config/torbrowser
 noblacklist ~/.local/share/torbrowser
 whitelist ~/.local/share/torbrowser
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
 netfilter
 nodvd
@@ -25,6 +23,7 @@ nogroups
 nonewprivs
 noroot
 notv
+novideo
 protocol unix,inet,inet6
 seccomp
 shell none
@@ -35,3 +34,4 @@ private-dev
 private-etc fonts
 private-tmp
+noexec /tmp
author	Tad <tad@spotco.us>	2017-08-14 13:40:58 -0400
committer	Tad <tad@spotco.us>	2017-08-14 13:40:58 -0400
commit	437764a4679c5246f218764b79cc9e875ce84fb8 (patch)
tree	ccdc0f5b89a77d264c17d9e1c2aa11dc355f717d /etc
parent	Typo (diff)
download	firejail-437764a4679c5246f218764b79cc9e875ce84fb8.tar.gz firejail-437764a4679c5246f218764b79cc9e875ce84fb8.tar.zst firejail-437764a4679c5246f218764b79cc9e875ce84fb8.zip

diff --git a/etc/start-tor-browser.profile b/etc/start-tor-browser.profile index ca521e08c..e12a38164 100644 --- a/etc/start-tor-browser.profile +++ b/etc/start-tor-browser.profile
@@ -18,6 +18,7 @@ nogroups
18	nonewprivs	18	nonewprivs
19	noroot	19	noroot
20	notv	20	notv
		21	novideo
21	protocol unix,inet,inet6	22	protocol unix,inet,inet6
22	seccomp	23	seccomp
23	shell none	24	shell none
@@ -27,3 +28,5 @@ private-bin bash,dash,sh,grep,tail,env,gpg,id,readlink,dirname,test,mkdir,ln,sed
27	private-dev	28	private-dev
28	private-etc fonts	29	private-etc fonts
29	private-tmp	30	private-tmp
		31
		32	noexec /tmp


diff --git a/etc/torbrowser-launcher.profile b/etc/torbrowser-launcher.profile index 8ae0c56c1..763c2d051 100644 --- a/etc/torbrowser-launcher.profile +++ b/etc/torbrowser-launcher.profile
@@ -11,13 +11,11 @@ whitelist ~/.config/torbrowser
11	noblacklist ~/.local/share/torbrowser	11	noblacklist ~/.local/share/torbrowser
12	whitelist ~/.local/share/torbrowser	12	whitelist ~/.local/share/torbrowser
13		13
14
15	include /etc/firejail/disable-common.inc	14	include /etc/firejail/disable-common.inc
16	include /etc/firejail/disable-devel.inc	15	include /etc/firejail/disable-devel.inc
17	include /etc/firejail/disable-passwdmgr.inc	16	include /etc/firejail/disable-passwdmgr.inc
18	include /etc/firejail/disable-programs.inc	17	include /etc/firejail/disable-programs.inc
19		18
20
21	caps.drop all	19	caps.drop all
22	netfilter	20	netfilter
23	nodvd	21	nodvd
@@ -25,6 +23,7 @@ nogroups
25	nonewprivs	23	nonewprivs
26	noroot	24	noroot
27	notv	25	notv
		26	novideo
28	protocol unix,inet,inet6	27	protocol unix,inet,inet6
29	seccomp	28	seccomp
30	shell none	29	shell none
@@ -35,3 +34,4 @@ private-dev
35	private-etc fonts	34	private-etc fonts
36	private-tmp	35	private-tmp
37		36
		37	noexec /tmp