Firejail: Is possible to have these two packets availlable in Trisquel?
- Inicie sesión o regístrese para enviar comentarios
Hi to all. I ask to developers if is possible to have Firejail and Firetools on Trisquel?
These program open in a sandbox many programs.
https://firejail.wordpress.com/
Thanks for reply.
Firejail will certainly be in Trisquel 8 because it will be in Ubuntu 16.04: http://packages.ubuntu.com/xenial/firejail
If you cannot wait, download the DEB made for the architecture of your system (the 'arch' command would tell):
- 32-bit: http://downloads.sourceforge.net/project/firejail/firejail/firejail_0.9.38_1_i386.deb
- 64-bit: http://downloads.sourceforge.net/project/firejail/firejail/firejail_0.9.38_1_amd64.deb
With GDebi (in Trisquel's repository), double-clicking on the DEB package will install it.
I use it and it's really simple to use it. Like Magic Banana said just download the deb package and install it (I use sudo dpkg -i). Only issue is you have to update it manualy. Having it in the repos will take care of that. But it's not really much of an issue.
I can share my profiles for Tor Browser and Torbirdy if anyone wants it.
Can I have your profiles for tor browser and torbirdy?
> Can I have your profiles for tor browser and torbirdy?
No.
Of course! You may need to adapt them to your own situation but this is what I have got so far:
Tor browser:
# Firejail profile for Tor Browser
noblacklist ${HOME}/.mozilla
whitelist /home/trisquel/tor-browser_en-US/ # change according to your own folders
include /etc/firejail/disable-mgmt.inc
include /etc/firejail/disable-secret.inc
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-history.inc
caps.drop all
# seccomp put back if your kernel is 3.5 or higher
# nosound activate if you don't need sound and want higher privacy security
netfilter
noroot
shell none
Torbirdy:
# Firejail profile for Torbirdy
noblacklist ${HOME}/.gnupg
include /etc/firejail/disable-mgmt.inc
include /etc/firejail/disable-secret.inc
# Users have thunderbird set to open a browser by clicking a link in an email
# We are not allowed to blacklist browser-specific directories
#include /etc/firejail/disable-common.inc thunderbird icedove
blacklist ${HOME}/.adobe
blacklist ${HOME}/.macromedia
blacklist ${HOME}/.filezilla
blacklist ${HOME}/.config/filezilla
blacklist ${HOME}/.purple
blacklist ${HOME}/.config/psi+
blacklist ${HOME}/.remmina
blacklist ${HOME}/.tconn
include /etc/firejail/disable-history.inc
caps.drop all
# seccomp put back if your kernel is 3.5 or higher
nosound
netfilter
noroot
shell none
If anyone has any improvements please suggest them here :)
VERY IMPORTANT IN TOR BROWSER PROFILE
I just noticed that the "# change according to your own folders" turns the entire line into a comment (which allows an attacker to read any folder in your computer just the same).
Remove the comment part of it, otherwise it is a weaker defense.
Sorry about that :(
Many thanks to Magic Banana and GNUser. Yes I have installed these packages and works fine.
Firejail has been added to Trisquel repos's.
GOOD! :)
- Inicie sesión o regístrese para enviar comentarios