From 9c833ae929f64fa54c5d8aa49e4a784803b805c8 Mon Sep 17 00:00:00 2001
From: Chiraag Nataraj <chiraag.nataraj@gmail.com>
Date: Sat, 16 Sep 2017 13:18:26 -0400
Subject: Add 31 profiles

---
 etc/tor.profile | 38 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 etc/tor.profile

(limited to 'etc/tor.profile')

diff --git a/etc/tor.profile b/etc/tor.profile
new file mode 100644
index 000000000..2e2172cad
--- /dev/null
+++ b/etc/tor.profile
@@ -0,0 +1,38 @@
+# Firejail profile for tor
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/tor.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+
+# How to use:
+# Create a script called anything (e.g. mytor)
+# with the following contents:
+# #!/bin/bash
+# TORCMD="tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 1"
+# sudo -b daemon -f -d -- firejail --profile=/home/<username>/.config/firejail/tor.profile $TORCMD
+
+# You'll also likely want to disable the system service (if it exists)
+# Run mytor (or whatever you called the script above) whenever you want to start tor
+
+blacklist /boot
+blacklist /media
+blacklist /mnt
+blacklist /opt
+
+caps.keep setuid,setgid,net_bind_service,dac_read_search
+ipc-namespace
+no3d
+nogroups
+nonewprivs
+nosound
+seccomp
+shell none
+writable-var
+x11 none
+
+private
+private-bin tor,bash
+private-dev
+private-etc tor,passwd
+private-tmp
-- 
cgit v1.2.3-54-g00ecf