Firejail: Is possible to have these two packets availlable in Trisquel?

9 respostas [Última entrada]
maska
Desconectado
Joined: 02/15/2016

Hi to all. I ask to developers if is possible to have Firejail and Firetools on Trisquel?
These program open in a sandbox many programs.
https://firejail.wordpress.com/
Thanks for reply.

Magic Banana

I am a member!

I am a translator!

Desconectado
Joined: 07/24/2010

Firejail will certainly be in Trisquel 8 because it will be in Ubuntu 16.04: http://packages.ubuntu.com/xenial/firejail

If you cannot wait, download the DEB made for the architecture of your system (the 'arch' command would tell):

With GDebi (in Trisquel's repository), double-clicking on the DEB package will install it.

GNUser
Desconectado
Joined: 07/17/2013

I use it and it's really simple to use it. Like Magic Banana said just download the deb package and install it (I use sudo dpkg -i). Only issue is you have to update it manualy. Having it in the repos will take care of that. But it's not really much of an issue.
I can share my profiles for Tor Browser and Torbirdy if anyone wants it.

nevermoreraven
Desconectado
Joined: 10/15/2014

Can I have your profiles for tor browser and torbirdy?

moxalt
Desconectado
Joined: 06/19/2015

> Can I have your profiles for tor browser and torbirdy?

No.

GNUser
Desconectado
Joined: 07/17/2013

Of course! You may need to adapt them to your own situation but this is what I have got so far:

Tor browser:
# Firejail profile for Tor Browser
noblacklist ${HOME}/.mozilla
whitelist /home/trisquel/tor-browser_en-US/ # change according to your own folders
include /etc/firejail/disable-mgmt.inc
include /etc/firejail/disable-secret.inc
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-history.inc
caps.drop all
# seccomp put back if your kernel is 3.5 or higher
# nosound activate if you don't need sound and want higher privacy security
netfilter
noroot
shell none

Torbirdy:
# Firejail profile for Torbirdy
noblacklist ${HOME}/.gnupg
include /etc/firejail/disable-mgmt.inc
include /etc/firejail/disable-secret.inc
# Users have thunderbird set to open a browser by clicking a link in an email
# We are not allowed to blacklist browser-specific directories
#include /etc/firejail/disable-common.inc thunderbird icedove
blacklist ${HOME}/.adobe
blacklist ${HOME}/.macromedia
blacklist ${HOME}/.filezilla
blacklist ${HOME}/.config/filezilla
blacklist ${HOME}/.purple
blacklist ${HOME}/.config/psi+
blacklist ${HOME}/.remmina
blacklist ${HOME}/.tconn
include /etc/firejail/disable-history.inc
caps.drop all
# seccomp put back if your kernel is 3.5 or higher
nosound
netfilter
noroot
shell none

If anyone has any improvements please suggest them here :)

GNUser
Desconectado
Joined: 07/17/2013

VERY IMPORTANT IN TOR BROWSER PROFILE
I just noticed that the "# change according to your own folders" turns the entire line into a comment (which allows an attacker to read any folder in your computer just the same).
Remove the comment part of it, otherwise it is a weaker defense.

Sorry about that :(

maska
Desconectado
Joined: 02/15/2016

Many thanks to Magic Banana and GNUser. Yes I have installed these packages and works fine.

a_slacker_here
Desconectado
Joined: 06/29/2013

Firejail has been added to Trisquel repos's.

maska
Desconectado
Joined: 02/15/2016

GOOD! :)