Firefox and bubblewrap?
Clash Royale CLAN TAG#URR8PPP
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0;
up vote
0
down vote
favorite
I have asked this question on the bubblewrap issue tracker, but no one has been able to provide an answer, so I'm hoping this is a more appropriate place to ask.
1. I do not have much experience with bubblewrap yet, but I have read all the documentation I could find and tried to create a profile for Mozilla Firefox:
#!/bin/sh
(exec bwrap
--proc /proc
--dev /dev
--ro-bind /usr /usr
--ro-bind /bin /bin
--ro-bind /etc /etc
--ro-bind /lib /lib
--ro-bind "$HOME"/.Xauthority "$HOME"/.Xauthority
--bind "$HOME"/.cache/mozilla "$HOME"/.cache/mozilla
--bind "$HOME"/.mozilla "$HOME"/.mozilla
--dev-bind /dev/snd /dev/snd
--unshare-all
--share-net
firefox "$@")
--dev-bind /dev/snd /dev/snd
is needed for ALSA sound to work.
The main goal is to protect files in my home folder in case of a browser exploit and the profile I have created so far, actually seems to work like I want, if tested in a virtual machine. I'm unable to browse files in my home folder from within the browser, and there is not much access to the rest of the system.
However, I would really appreciate if someone more experienced with bubblewrap could review my profile and tell if I have done something completely wrong, as it would not be good if I have made the security worse than without bubblewrap. Any ideas for enhancing the profile is also welcomed.
2. The brwap binary on my system has the setuid bit set, but I have found out that I can remove it and the profile seems to work just as before, so are there any reasons for me not doing that?
linux security firefox
add a comment |Â
up vote
0
down vote
favorite
I have asked this question on the bubblewrap issue tracker, but no one has been able to provide an answer, so I'm hoping this is a more appropriate place to ask.
1. I do not have much experience with bubblewrap yet, but I have read all the documentation I could find and tried to create a profile for Mozilla Firefox:
#!/bin/sh
(exec bwrap
--proc /proc
--dev /dev
--ro-bind /usr /usr
--ro-bind /bin /bin
--ro-bind /etc /etc
--ro-bind /lib /lib
--ro-bind "$HOME"/.Xauthority "$HOME"/.Xauthority
--bind "$HOME"/.cache/mozilla "$HOME"/.cache/mozilla
--bind "$HOME"/.mozilla "$HOME"/.mozilla
--dev-bind /dev/snd /dev/snd
--unshare-all
--share-net
firefox "$@")
--dev-bind /dev/snd /dev/snd
is needed for ALSA sound to work.
The main goal is to protect files in my home folder in case of a browser exploit and the profile I have created so far, actually seems to work like I want, if tested in a virtual machine. I'm unable to browse files in my home folder from within the browser, and there is not much access to the rest of the system.
However, I would really appreciate if someone more experienced with bubblewrap could review my profile and tell if I have done something completely wrong, as it would not be good if I have made the security worse than without bubblewrap. Any ideas for enhancing the profile is also welcomed.
2. The brwap binary on my system has the setuid bit set, but I have found out that I can remove it and the profile seems to work just as before, so are there any reasons for me not doing that?
linux security firefox
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I have asked this question on the bubblewrap issue tracker, but no one has been able to provide an answer, so I'm hoping this is a more appropriate place to ask.
1. I do not have much experience with bubblewrap yet, but I have read all the documentation I could find and tried to create a profile for Mozilla Firefox:
#!/bin/sh
(exec bwrap
--proc /proc
--dev /dev
--ro-bind /usr /usr
--ro-bind /bin /bin
--ro-bind /etc /etc
--ro-bind /lib /lib
--ro-bind "$HOME"/.Xauthority "$HOME"/.Xauthority
--bind "$HOME"/.cache/mozilla "$HOME"/.cache/mozilla
--bind "$HOME"/.mozilla "$HOME"/.mozilla
--dev-bind /dev/snd /dev/snd
--unshare-all
--share-net
firefox "$@")
--dev-bind /dev/snd /dev/snd
is needed for ALSA sound to work.
The main goal is to protect files in my home folder in case of a browser exploit and the profile I have created so far, actually seems to work like I want, if tested in a virtual machine. I'm unable to browse files in my home folder from within the browser, and there is not much access to the rest of the system.
However, I would really appreciate if someone more experienced with bubblewrap could review my profile and tell if I have done something completely wrong, as it would not be good if I have made the security worse than without bubblewrap. Any ideas for enhancing the profile is also welcomed.
2. The brwap binary on my system has the setuid bit set, but I have found out that I can remove it and the profile seems to work just as before, so are there any reasons for me not doing that?
linux security firefox
I have asked this question on the bubblewrap issue tracker, but no one has been able to provide an answer, so I'm hoping this is a more appropriate place to ask.
1. I do not have much experience with bubblewrap yet, but I have read all the documentation I could find and tried to create a profile for Mozilla Firefox:
#!/bin/sh
(exec bwrap
--proc /proc
--dev /dev
--ro-bind /usr /usr
--ro-bind /bin /bin
--ro-bind /etc /etc
--ro-bind /lib /lib
--ro-bind "$HOME"/.Xauthority "$HOME"/.Xauthority
--bind "$HOME"/.cache/mozilla "$HOME"/.cache/mozilla
--bind "$HOME"/.mozilla "$HOME"/.mozilla
--dev-bind /dev/snd /dev/snd
--unshare-all
--share-net
firefox "$@")
--dev-bind /dev/snd /dev/snd
is needed for ALSA sound to work.
The main goal is to protect files in my home folder in case of a browser exploit and the profile I have created so far, actually seems to work like I want, if tested in a virtual machine. I'm unable to browse files in my home folder from within the browser, and there is not much access to the rest of the system.
However, I would really appreciate if someone more experienced with bubblewrap could review my profile and tell if I have done something completely wrong, as it would not be good if I have made the security worse than without bubblewrap. Any ideas for enhancing the profile is also welcomed.
2. The brwap binary on my system has the setuid bit set, but I have found out that I can remove it and the profile seems to work just as before, so are there any reasons for me not doing that?
linux security firefox
edited Jul 29 at 7:39
slmâ¦
232k65479649
232k65479649
asked Jul 29 at 7:32
cae3uax
11
11
add a comment |Â
add a comment |Â
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f459141%2ffirefox-and-bubblewrap%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password