1 files changed, 47 insertions, 0 deletions
diff --git a/etc/tor.profile b/etc/tor.profile
new file mode 100644
index 000000000..fcb123eef
--- /dev/null
+++ b/etc/tor.profile
@@ -0,0 +1,47 @@
+# Firejail profile for tor
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/tor.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+# How to use:
+# Create a script called anything (e.g. mytor)
+# with the following contents:
+# #!/bin/bash
+# TORCMD="tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 1"
+# sudo -b daemon -f -d -- firejail --profile=/home/<username>/.config/firejail/tor.profile $TORCMD
+# You'll also likely want to disable the system service (if it exists)
+# Run mytor (or whatever you called the script above) whenever you want to start tor
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+caps.keep setuid,setgid,net_bind_service,dac_read_search
+ipc-namespace
+netfilter
+no3d
+nodvd
+nogroups
+nonewprivs
+nosound
+notv
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+writable-var
+disable-mnt
+private
+private-bin tor,bash
+private-dev
+private-etc tor,passwd
+private-tmp
+noexec ${HOME}
+noexec /tmp

diff --git a/etc/tor.profile b/etc/tor.profile new file mode 100644 index 000000000..fcb123eef --- /dev/null +++ b/etc/tor.profile
@@ -0,0 +1,47 @@
	1	# Firejail profile for tor
	2	# This file is overwritten after every install/update
	3	# Persistent local customizations
	4	include /etc/firejail/tor.local
	5	# Persistent global definitions
	6	include /etc/firejail/globals.local
	7
	8	# How to use:
	9	# Create a script called anything (e.g. mytor)
	10	# with the following contents:
	11
	12	# #!/bin/bash
	13	# TORCMD="tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 1"
	14	# sudo -b daemon -f -d -- firejail --profile=/home/<username>/.config/firejail/tor.profile $TORCMD
	15
	16	# You'll also likely want to disable the system service (if it exists)
	17	# Run mytor (or whatever you called the script above) whenever you want to start tor
	18
	19	include /etc/firejail/disable-common.inc
	20	include /etc/firejail/disable-devel.inc
	21	include /etc/firejail/disable-passwdmgr.inc
	22	include /etc/firejail/disable-programs.inc
	23
	24	caps.keep setuid,setgid,net_bind_service,dac_read_search
	25	ipc-namespace
	26	netfilter
	27	no3d
	28	nodvd
	29	nogroups
	30	nonewprivs
	31	nosound
	32	notv
	33	novideo
	34	protocol unix,inet,inet6
	35	seccomp
	36	shell none
	37	writable-var
	38
	39	disable-mnt
	40	private
	41	private-bin tor,bash
	42	private-dev
	43	private-etc tor,passwd
	44	private-tmp
	45
	46	noexec ${HOME}
	47	noexec /tmp