Info

New links to LibreWolf Firfox Fork added (including Firejail Config)

LibreWolf

LibreWolf, a fork of Firefox, focuses on privacy, security, and freedom

https://eurafri.com/de/projekte/softwareverzeichnis

Firejail Config



## LibreWolf Messenger Profile
## KMJ (https://kmj.at) 
## 20210128
## Version 1.00
## symlink appimage to LibreWolf.x86_64.AppImage
## base dir /opt/Firejail/librewolf

## you are able to test with:
## /usr/bin/firejail --profile=/home/BENUTZER/.config/firejail/librewolf.profile  /bin/bash
## or start with
## /usr/bin/firejail --profile=/home/BENUTZER/.config/firejail/librewolf.profile --appimage /opt/Firejail/librewolf/LibreWolf.x86_64.AppImage

###################################################################
## NOTES:
## home is /opt/Firejail/librewolf
###################################################################

ignore noexec /tmp

noblacklist ${HOME}/.cache/librewolf
noblacklist ${HOME}/.config/librewolf
noblacklist ${HOME}/.local/share/librewolf
noblacklist ${HOME}/.librewolf
noblacklist ${HOME}/.mozilla

noblacklist /opt/Firejail/librewolf

blacklist /opt/Firejail
blacklist /opt/Element
blacklist /snap
blacklist /usr/local/EXTRA

## Disable access 
include /etc/firejail/disable-common.inc 
include /etc/firejail/disable-programs.inc 
include /etc/firejail/disable-passwdmgr.inc 
include /etc/firejail/disable-devel.inc
include /etc/firejail/disable-exec.inc
include /etc/firejail/disable-interpreters.inc
include /etc/firejail/disable-programs.inc

## Security filters 
caps.drop all 
netfilter
nodvd
nonewprivs 
noroot 
protocol unix,inet,inet6 
#seccomp
nogroups
shell none 

apparmor
notv
nou2f

## Filesystem
disable-mnt
private-cache 
private-tmp 
private-dev 
private-etc resolv.conf,localtime,alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nsswitch.conf,pki,ssl

private-bin bash,sh,grep,tail,env,gpg,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,ls

private /opt/Firejail/librewolf

# Blacklist 
blacklist /boot 
blacklist /mnt 
blacklist /media 
blacklist /root 
blacklist /srv

dbus-user none
dbus-system none