Skip to main content

Bubblewrap Firefox Sandbox

For Alpine Linux

 

doas apk add bubblewrap

 

nano ~/.bin/firefox
 #!/bin/sh
DBUS_SOCKET_DIR=$(echo "$DBUS_SESSION_BUS_ADDRESS" | sed 's/unix:path=//; s/,.*//')
/usr/bin/bwrap 
--unshare-all --share-net --new-session --die-with-parent --cap-drop ALL  
--clearenv
--setenv XDG_RUNTIME_DIR "$XDG_RUNTIME_DIR"
--setenv WAYLAND_DISPLAY "$WAYLAND_DISPLAY"
--setenv DBUS_SESSION_BUS_ADDRESS "$DBUS_SESSION_BUS_ADDRESS"
--setenv NO_AT_SPI "1"
--setenv HOME "$HOME"
--hostname localhost
--dev /dev/
--dev-bind /dev/dri /dev/dri
--dev-bind /dev/snd /dev/snd
--ro-bind /sys/dev/char /sys/dev/char
--ro-bind /sys/devices/pci0000:00 /sys/devices/pci0000:00
--ro-bind /etc/fonts/ /etc/fonts/
--ro-bind /etc/group /etc/group
--ro-bind /etc/passwd /etc/passwd
--ro-bind /etc/resolv.conf /etc/resolv.conf
--bind ~/.mozilla/ ~/.mozilla/
--ro-bind ~/.fonts ~/.fonts
--bind-try ~/Downloads/ ~/Downloads/
--ro-bind /lib/ld-musl-x86_64.so.1 /lib/ld-musl-x86_64.so.1
--ro-bind /lib/libblkid.so.1 /lib/libblkid.so.1
--ro-bind /lib/libcrypto.so.3 /lib/libcrypto.so.3
--ro-bind /lib/libmount.so.1 /lib/libmount.so.1
--ro-bind /lib/libz.so.1 /lib/libz.so.1
--proc /proc/
--tmpfs /tmp
--ro-bind $DBUS_SOCKET_DIR $DBUS_SOCKET_DIR
--ro-bind "${XDG_RUNTIME_DIR}/${WAYLAND_DISPLAY}" "${XDG_RUNTIME_DIR}/${WAYLAND_DISPLAY}"
--ro-bind /usr/lib/ /usr/lib/
--ro-bind /usr/share/alsa/ /usr/share/alsa/
--ro-bind /usr/share/drirc.d/ /usr/share/drirc.d/
--ro-bind /usr/share/X11/xkb/ /usr/share/X11/xkb/
--ro-bind /usr/share/fontconfig/ /usr/share/fontconfig/
--ro-bind /usr/share/fonts/ /usr/share/fonts/
--ro-bind /usr/share/glib-2.0/ /usr/share/glib-2.0/
--ro-bind /usr/share/icons/ /usr/share/icons/
--ro-bind /usr/share/themes /usr/share/themes
--ro-bind /usr/share/icu/ /usr/share/icu/
--ro-bind /usr/share/mime/ /usr/share/mime/
/usr/lib/firefox/firefox 
 

For Debian

 bwrap \
--unshare-all \
--share-net \
--die-with-parent \
--new-session \
--clearenv \
--setenv HOME /home/kai \
--setenv GTK_THEME Adwaita:dark \
--setenv MOZ_ENABLE_WAYLAND 1 \
--setenv WAYLAND_DISPLAY "$WAYLAND_DISPLAY" \
--setenv XDG_RUNTIME_DIR "$XDG_RUNTIME_DIR" \
--setenv PATH /usr/bin \
--hostname localhost \
--symlink usr/lib /lib \
--symlink usr/lib64 /lib64 \
--ro-bind /usr/lib /usr/lib \
--ro-bind /usr/lib64 /usr/lib64 \
--dev /dev \
--dev-bind /dev/dri /dev/dri \
--ro-bind /sys/dev/char /sys/dev/char \
--ro-bind /sys/devices/pci0000:00 /sys/devices/pci0000:00 \
--proc /proc \
--tmpfs /tmp \
--ro-bind /usr/share/applications /usr/share/applications \
--ro-bind /usr/share/gtk-3.0 /usr/share/gtk-3.0 \
--ro-bind /usr/share/fontconfig /usr/share/fontconfig \
--ro-bind-try /usr/share/icu /usr/share/icu \
--ro-bind /usr/share/drirc.d /usr/share/drirc.d \
--ro-bind /usr/share/fonts /usr/share/fonts \
--ro-bind /usr/share/glib-2.0 /usr/share/glib-2.0 \
--ro-bind /usr/share/glvnd /usr/share/glvnd \
--ro-bind /usr/share/icons /usr/share/icons \
--ro-bind /usr/share/libdrm /usr/share/libdrm \
--ro-bind /usr/share/mime /usr/share/mime \
--ro-bind /usr/share/X11/xkb /usr/share/X11/xkb \
--ro-bind /usr/share/icons /usr/share/icons \
--ro-bind /usr/share/mime /usr/share/mime \
--ro-bind /etc/fonts /etc/fonts \
--ro-bind /etc/resolv.conf /etc/resolv.conf \
--ro-bind /usr/share/ca-certificates /usr/share/ca-certificates \
--ro-bind /etc/ssl /etc/ssl \
--ro-bind /etc/ca-certificates /etc/ca-certificates \
--bind "$XDG_RUNTIME_DIR/pulse" "$XDG_RUNTIME_DIR/pulse" \
--ro-bind "$XDG_RUNTIME_DIR/wayland-1" "$XDG_RUNTIME_DIR/wayland-1" \
--ro-bind "$XDG_RUNTIME_DIR/bus" "$XDG_RUNTIME_DIR/bus" \
--bind-try ~/.mozilla ~/.mozilla \
--bind-try ~/Downloads ~/Downloads \
--bind ~/opt/firefox ~/opt/firefox \
--ro-bind-try ~/.local/share/fonts/ ~/.local/share/fonts/ \
~/opt/firefox/firefox
 
 

References

 
 
 
 
 
 

Comments

Popular posts from this blog

xdm linux merge incomplete download parts

 some download stuck at 99.99% , merge them regardless got to ~/.xdm-app-data/Data/*.state cat dec.py import os import re # Define the pattern to extract the segment number pattern = re.compile(r'seg-(\d+)-v1-a1\.ts') # Get the current working directory current_directory = os.getcwd() # List to hold tuples of (segment_number, filename) files_with_segments = [] # Iterate through files in the current directory for filename in os.listdir(current_directory): match = pattern.search(filename) if match: # Extract the segment number as an integer segment_number = int(match.group(1)) # Add the tuple (segment_number, filename) to the list files_with_segments.append((segment_number, filename)) # Sort the list by the segment number (numerical sort) files_with_segments.sort(key=lambda x: x[0]) # Open the filelist.txt for writing with open('filelist.txt', 'w') as filelist: for _, filename in files_with_segments: file...

kde on debian

https://wiki.debian.org/KDE sudo apt install   xserver-xorg-input-libinput xserver-xorg-video-intel  sudo apt install plasma-desktop plasma-workspace-wayland  sddm  issue  file:///usr/share/plasma/plasmoids/org.kde.plasma.kickoff/contents/ui/Kickoff.qml:157:34: Type FullRepresentat ion unavailable file:///usr/share/plasma/plasmoids/org.kde.plasma.kickoff/contents/ui/FullRepresentation.qml:80:22: Type Norma lPage unavailable file:///usr/share/plasma/plasmoids/org.kde.plasma.kickoff/contents/ui/NormalPage.qml:43:13: Type Footer unavai lable file:///usr/share/plasma/plasmoids/org.kde.plasma.kickoff/contents/ui/Footer.qml:155:5: Type LeaveButtons unav ailable file:///usr/share/plasma/plasmoids/org.kde.plasma.kickoff/contents/ui/LeaveButtons.qml:14:1: module "org.kde.k itemmodels" is not installed # upower , it is installed by powerdevil though sudo apt install kde-config-gtk-style  kde-config-gtk-style-preview   breeze-gtk-theme  sudo apt i...

rsa encryption

 choose two large  prime number p (prime 1) and q (prime 2)   n = p x q , where n is called the modulus for encryption and decryption   φ = ( p - 1) x ( q -1) is called Euler's totient function for n= pq For a given positive integer n, Euler's totient function ϕ(n) is defined as the number of positive integers less than or equal to n that are coprime (i.e., share no common factors) with n. ϕ( n ) = n ∏ p ∣ n ( 1 − 1 p )     \phi(n) = n \prod_{p \mid n} \left(1 - \frac{1}{p}\right)   p ∣ n means that p p divides n , and is a prime factor greater than 1  i  n    example , n=2*3=6 with factors f=1 , 2 , 3 , 4 , 5,6 factors Two numbers are coprime if their greatest common divisor (GCD) is 1 here find gcd(f,n)=1  only 1 and 5 are coprime with 6  φ =1*2 =2   choose e less  than φ , such that  e is co prime with φ , ie  e has no common factor with φ except 1 mathematically : gcd ( e , φ ...