2/18/2023 0 Comments How to use tor browser sandbox![]() t sandbox_net_t -t sandbox_web_t -t sandbox_net_client_t \ Unfortunately, Tor Browser errors: sandbox \ I tried out the SELinux sandbox, which seems to work with Firefox (isolates X11 as well): sandbox -t sandbox_web_t -H /tmp/sandbox/home -T /tmp/sandbox/tmp -X firefox sandbox/ policycoreutils-sandbox → not sure, how it relates to SELinux policies? Is this a simple, sandbox-like alternative for desktop apps akin to firejail?.there is a torbrowser-launcher package by Micah Lee → does not include any SELinux policies.1 root root system_u:object_r:bin_t:s0 7681 May 10 18:08 /usr/bin/firefox ![]() try to learn from existent other Firefox installation rules → unfortunately it has a generic bin_t type:.Though creation of new policies is a different beast. ![]() My linux distro already comes with SELinux included, so this might be a good candidate for hardening.Īfter having watched the excellent talk "Security-enhanced Linux for mere mortals - 2015 Red Hat Summit" by Thomas Cameron, I am able to solve basic problems via semanage, adjusting file or mount context types. ![]() Currently, an exploit gives full write permission to the /home directory and more - test it by typing file:///home/ in the address bar. I would like to add a "last barrier of protection" sandbox to my browser installation. How might Tor Browser be hardened even further (X11 Window system, Tor process) - in this sense what about sandbox/ policycoreutils-sandbox?įalling victim to (Zero Day) exploits by accident via Browser, JavaScript or PDF reader during normal everyday surfing of random pages. How can I define a SELinux policy, that limits filesystem access of portable Tor Browser to its installation directory, say /home/user/.local/opt/tor-browser_en-US?
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |