diff options
| author | Natasha Moongrave <natasha@256phi.eu> | 2026-05-11 15:42:21 +0200 |
|---|---|---|
| committer | Natasha Moongrave <natasha@256phi.eu> | 2026-05-11 15:42:21 +0200 |
| commit | 46b6af3f65e050f310ace108436e60a211e1c669 (patch) | |
| tree | 9edc31d7e59c625c167ed9321e50d2040f54735e | |
| parent | 8c1fb1ba25953181991229284094f8377f42bd9a (diff) | |
Fixed firefox not being sandboxed properly
| -rw-r--r-- | home/mun/programs/browser.nix | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/home/mun/programs/browser.nix b/home/mun/programs/browser.nix index 1e702ad..3179c3c 100644 --- a/home/mun/programs/browser.nix +++ b/home/mun/programs/browser.nix @@ -1,4 +1,19 @@ {pkgs, ...}: { + # Fix firefox not being properly sandboxed and security + environment.etc."apparmor.d/firefox-local".text = '' + # This profile allows everything and only exists to give the + # application a name instead of having the label "unconfined" + abi <abi/4.0>, + include <tunables/global> + profile firefox-local + /home/mun/bin/firefox/{firefox,firefox-bin,updater} + flags=(unconfined) { + userns, + # Site-specific additions and overrides. See local/README for details. + include if exists <local/firefox> + } + ''; + programs.firefox = { enable = true; |