Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Run Firefox in a protected sandbox' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Run Firefox in a protected sandbox
Authored by: ezgranny420 on Mar 20, '10 12:35:38AM

 

I'd really like to get this working, however, the following error is occurring.

Brendon@Brendon-Maragias-MacBook-Pro /u/s/sandbox> cd /usr/share/sandbox/
Brendon@Brendon-Maragias-MacBook-Pro /u/s/sandbox> sandbox-exec -f firefox-sandbox /Applications/Firefox.app/Contents/MacOS/firefox-bin
sandbox-exec: profile not found
Brendon@Brendon-Maragias-MacBook-Pro /u/s/sandbox>

Here is firefox-sandbox

;; http://codereview.chromium.org/379019/diff/1/2
(version 1)
(deny default)


(allow file-write* file-read-data file-read-metadata
(regex "^/Users/Brendon/Downloads")
(regex "^/Users/Brendon/Library/Application Support/Mozilla")
(regex "^/Users/Brendon/Library/Application Support/Firefox")
(regex "^/Users/Brendon/Library/Preferences")
(regex "^/Users/Brendon/Library/PreferencePanes")
(regex "^/Users/Brendon/Library/Caches/Firefox")
(regex "^/Users/Brendon/Library/Caches/TemporaryItems")
(regex "^/Applications/Firefox.app")
(regex "^(/private)?/tmp/"))


(allow file-read-data file-read-metadata
(regex "^/dev/autofs.*")
(regex "^/Library/Preferences")
(regex "^/Library/Internet Plug-Ins")
(regex "^/Library/PreferencePanes")
(regex "^/usr/share/icu")
(regex "^/usr/share/locale")
(regex "^/System/Library")
(regex "^/Applications/Firefox.app")
(regex "^/usr/lib")
(regex "^/var")
(regex #"Frameworks/SDL.framework")
; Our Module Directory Services cache
(regex "^/private/var/tmp/mds/")
(regex "^/private/var/tmp/mds/[0-9]+(/|$)")
(regex "^/Users/Brendon"))


(allow mach* sysctl-read)


(import "/usr/share/sandbox/bsd.sb")
(deny file-write-data
(regex #"^(/private)?/etc/localtime$"
#"^/usr/share/nls/"
#"^/usr/share/zoneinfo/"))


(allow process-exec
(regex "^/Applications/Firefox.app"))

(allow network*)

 



[ Reply to This | # ]
Run Firefox in a protected sandbox
Authored by: miggins on Mar 23, '10 08:35:25PM

Try changing your line: sandbox-exec -f firefox-sandbox /Applications/Firefox.app/Contents/MacOS/firefox-bin

to be:

sandbox-exec -f /path/to/firefox-sandbox /Applications/Firefox.app/Contents/MacOS/firefox-bin



[ Reply to This | # ]