From dbb8a4568ec21b563cf6face932add5af4144334 Mon Sep 17 00:00:00 2001
From: Your Name <you@example.com>
Date: Sat, 30 Dec 2017 16:34:44 -0400
Subject: tor flavours

---
 etc/tor-browser-it.profile | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 etc/tor-browser-it.profile

(limited to 'etc/tor-browser-it.profile')

diff --git a/etc/tor-browser-it.profile b/etc/tor-browser-it.profile
new file mode 100644
index 000000000..1095a6adb
--- /dev/null
+++ b/etc/tor-browser-it.profile
@@ -0,0 +1,36 @@
+# Firejail profile for tor-browser-it from the Arch User Repository:
+
+
+blacklist /usr/local/bin
+blacklist /boot
+blacklist /media
+blacklist /mnt
+blacklist /opt
+blacklist /var
+
+private-bin bash,grep,sed,tail,tor-browser-it,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr
+whitelist ${HOME}/.tor-browser-it
+whitelist /dev/dri
+whitelist /dev/full
+whitelist /dev/null
+whitelist /dev/ptmx
+whitelist /dev/pts
+whitelist /dev/random
+whitelist /dev/shm
+whitelist /dev/snd
+whitelist /dev/tty
+whitelist /dev/urandom
+whitelist /dev/video0
+whitelist /dev/zero
+whitelist ~/Downloads
+
+# FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!)
+# https://github.com/netblue30/firejail/issues/955
+private-etc X11,pulse,machine-id
+
+private-tmp
+noexec /tmp
+shell none
+seccomp
+noroot
+caps.drop all
-- 
cgit v1.2.3-54-g00ecf