1 files changed, 15 insertions, 0 deletions

diff --git a/home/mun/programs/browser.nix b/home/mun/programs/browser.nix
index 1e702ad..3179c3c 100644
--- a/home/mun/programs/browser.nix
+++ b/home/mun/programs/browser.nix
@@ -1,4 +1,19 @@
 {pkgs, ...}: {
+  # Fix firefox not being properly sandboxed and security
+  environment.etc."apparmor.d/firefox-local".text = ''
+    # This profile allows everything and only exists to give the
+    # application a name instead of having the label "unconfined"
+    abi <abi/4.0>,
+    include <tunables/global>
+    profile firefox-local
+    /home/mun/bin/firefox/{firefox,firefox-bin,updater}
+    flags=(unconfined) {
+    	userns,
+    	# Site-specific additions and overrides. See local/README for details.
+    	include if exists <local/firefox>
+    }
+  '';
+
   programs.firefox = {
     enable = true;