Merge pull request #1468 from pizzadude/patch-2

firejail profile for torbrowser-launcher
author: Fred Barclay <Fred-Barclay@users.noreply.github.com> 2017-08-14 11:54:08 -0500
committer: GitHub <noreply@github.com> 2017-08-14 11:54:08 -0500
commit: 3dd2aaecf3de5250b4bfd2c746b0ef81da29bc9f (patch)
tree: 3c724c907082c97df75f6b646dec4db9ecf9b91f /etc
parent: Fixes for Gitter (diff)
parent: firejail profile for torbrowser-launcher (diff)
download: firejail-3dd2aaecf3de5250b4bfd2c746b0ef81da29bc9f.tar.gz
firejail-3dd2aaecf3de5250b4bfd2c746b0ef81da29bc9f.tar.zst
firejail-3dd2aaecf3de5250b4bfd2c746b0ef81da29bc9f.zip
1 files changed, 37 insertions, 0 deletions
diff --git a/etc/torbrowser-launcher.profile b/etc/torbrowser-launcher.profile
new file mode 100644
index 000000000..8ae0c56c1
--- /dev/null
+++ b/etc/torbrowser-launcher.profile
@@ -0,0 +1,37 @@
+# Firejail profile for torbrowser-launcher
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/torbrowser-launcher.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+noblacklist ~/.config/torbrowser
+whitelist ~/.config/torbrowser
+noblacklist ~/.local/share/torbrowser
+whitelist ~/.local/share/torbrowser
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+caps.drop all
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+private-bin torbrowser-launcher,python2.7,python,bash,dash,sh,grep,tail,env,gpg,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf
+private-dev
+private-etc fonts
+private-tmp
author	Fred Barclay <Fred-Barclay@users.noreply.github.com>	2017-08-14 11:54:08 -0500
committer	GitHub <noreply@github.com>	2017-08-14 11:54:08 -0500
commit	3dd2aaecf3de5250b4bfd2c746b0ef81da29bc9f (patch)
tree	3c724c907082c97df75f6b646dec4db9ecf9b91f /etc
parent	Fixes for Gitter (diff)
parent	firejail profile for torbrowser-launcher (diff)
download	firejail-3dd2aaecf3de5250b4bfd2c746b0ef81da29bc9f.tar.gz firejail-3dd2aaecf3de5250b4bfd2c746b0ef81da29bc9f.tar.zst firejail-3dd2aaecf3de5250b4bfd2c746b0ef81da29bc9f.zip

diff --git a/etc/torbrowser-launcher.profile b/etc/torbrowser-launcher.profile new file mode 100644 index 000000000..8ae0c56c1 --- /dev/null +++ b/etc/torbrowser-launcher.profile
@@ -0,0 +1,37 @@
	1	# Firejail profile for torbrowser-launcher
	2	# This file is overwritten after every install/update
	3	# Persistent local customizations
	4	include /etc/firejail/torbrowser-launcher.local
	5	# Persistent global definitions
	6	include /etc/firejail/globals.local
	7
	8
	9	noblacklist ~/.config/torbrowser
	10	whitelist ~/.config/torbrowser
	11	noblacklist ~/.local/share/torbrowser
	12	whitelist ~/.local/share/torbrowser
	13
	14
	15	include /etc/firejail/disable-common.inc
	16	include /etc/firejail/disable-devel.inc
	17	include /etc/firejail/disable-passwdmgr.inc
	18	include /etc/firejail/disable-programs.inc
	19
	20
	21	caps.drop all
	22	netfilter
	23	nodvd
	24	nogroups
	25	nonewprivs
	26	noroot
	27	notv
	28	protocol unix,inet,inet6
	29	seccomp
	30	shell none
	31	tracelog
	32
	33	private-bin torbrowser-launcher,python2.7,python,bash,dash,sh,grep,tail,env,gpg,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf
	34	private-dev
	35	private-etc fonts
	36	private-tmp
	37