sandboxed-browser (653B)
1 #!/bin/bash 2 3 # need to create browser2 user 4 # you may also want to add the local user to the browser2 group 5 6 ENDPOINT="$HOME/mnt/browser2" 7 8 mkdir -p "$ENDPOINT" 9 10 # replace by ACLs 11 grep -qs " $ENDPOINT " /proc/mounts || ( 12 echo "$ENDPOINT was not mounted, mounting it" 13 sudo bindfs --create-for-user=$(id -u browser2) \ 14 --create-for-group=$(id -g browser2) \ 15 --chown-deny --chgrp-deny --chmod-deny -p '700' \ 16 -u $(id -u) -g $(id -g) \ 17 ~browser2 "$ENDPOINT" 18 ) 19 20 # escape all arguments; is there a better way? 21 ESC="" 22 for var 23 do 24 ESCA=$(printf %q "$var") 25 ESC="$ESC $ESCA" 26 done 27 exec sudo -u browser2 sh -c "umask 007; exec firefox $ESC" 28