From 46b6af3f65e050f310ace108436e60a211e1c669 Mon Sep 17 00:00:00 2001
From: Natasha Moongrave <natasha@256phi.eu>
Date: Mon, 11 May 2026 15:42:21 +0200
Subject: Fixed firefox not being sandboxed properly

---
 home/mun/programs/browser.nix | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'home/mun/programs')

diff --git a/home/mun/programs/browser.nix b/home/mun/programs/browser.nix
index 1e702ad..3179c3c 100644
--- a/home/mun/programs/browser.nix
+++ b/home/mun/programs/browser.nix
@@ -1,4 +1,19 @@
 {pkgs, ...}: {
+  # Fix firefox not being properly sandboxed and security
+  environment.etc."apparmor.d/firefox-local".text = ''
+    # This profile allows everything and only exists to give the
+    # application a name instead of having the label "unconfined"
+    abi <abi/4.0>,
+    include <tunables/global>
+    profile firefox-local
+    /home/mun/bin/firefox/{firefox,firefox-bin,updater}
+    flags=(unconfined) {
+    	userns,
+    	# Site-specific additions and overrides. See local/README for details.
+    	include if exists <local/firefox>
+    }
+  '';
+
   programs.firefox = {
     enable = true;
 
-- 
cgit v1.2.3