mybin

my ~/bin
git clone https://a3nm.net/git/mybin/
Log | Files | Refs | README

sandboxed-browser (653B)


      1 #!/bin/bash
      2 
      3 # need to create browser2 user
      4 # you may also want to add the local user to the browser2 group
      5 
      6 ENDPOINT="$HOME/mnt/browser2"
      7 
      8 mkdir -p "$ENDPOINT"
      9 
     10 # replace by ACLs
     11 grep -qs " $ENDPOINT " /proc/mounts || (
     12   echo "$ENDPOINT was not mounted, mounting it"
     13   sudo bindfs --create-for-user=$(id -u browser2) \
     14     --create-for-group=$(id -g browser2) \
     15     --chown-deny --chgrp-deny --chmod-deny -p '700' \
     16     -u $(id -u) -g $(id -g) \
     17     ~browser2 "$ENDPOINT"
     18 )
     19 
     20 # escape all arguments; is there a better way?
     21 ESC=""
     22 for var
     23 do
     24   ESCA=$(printf %q "$var")
     25   ESC="$ESC $ESCA"
     26 done
     27 exec sudo -u browser2 sh -c "umask 007; exec firefox $ESC"
     28