Personal Sandboxed Tor Browser development repo. https://gitweb.torproject.org/tor-browser/sandboxed-tor-browser.git/

Yawning Angel 3ebd74a7b1 Bump the version to 0.0.8-dev, so I can do development again. 4 days ago
data 3ebd74a7b1 Bump the version to 0.0.8-dev, so I can do development again. 4 days ago
src 043ac0d0a8 Bug 22038: Stub out `pa_start_child_for_read`. 1 month ago
vendor 710c78e325 Use Config.Clone() to clone TLS configs when available. 1 month ago
.gitignore c3a280dc12 Bug 21093: Go back to using gosecco for seccomp rule compilation. 4 months ago
ChangeLog 3ebd74a7b1 Bump the version to 0.0.8-dev, so I can do development again. 4 days ago
LICENSE 0b52de2ab4 Relicense to something "Libre". 7 months ago
Makefile c3a280dc12 Bug 21093: Go back to using gosecco for seccomp rule compilation. 4 months ago
README.md 7d55a23caf Add a note in the README about the MIT-SHM bug. No functional changes. 4 days ago

README.md

sandboxed-tor-browser

Yawning Angel (yawning at schwanenlied dot me)

I would build a great sandbox. And nobody builds sandboxes better than me, believe me. I will build a great, great sandbox on our application border. And I will have Tor Browser pay for that sandbox.

Tor Browser sandboxed somewhat correctly using bubblewrap. Obviously only works on Linux, and will NEVER support anything else since sandboxing is OS specific.

There are several unresolved issues that affect security and fingerprinting. Do not assume that this is perfect, merely "an improvement over nothing".

Runtime dependencies:

  • A modern Linux system on x86_64 architecture.
  • bubblewrap >= 0.1.3 (https://github.com/projectatomic/bubblewrap).
  • Gtk+ >= 3.14.0
  • (Optional) PulseAudio
  • (Optional) Adwaita Gtk+-2.0 theme
  • (Optional) libnotify and a Desktop Notification daemon

Build time dependencies:

  • Make
  • A C compiler
  • gb (https://getgb.io/ Yes I know it's behind fucking cloudflare)
  • Go (Tested with 1.7.x)
  • libnotify

Things that the sandbox breaks:

  • Audio (Unless allowed via the config)
  • DRI
  • X11 input methods (IBus requires access to the host D-Bus)
  • Installing addons via the browser UI (Unless allowed via the config)
  • Tor Browser's updater (launcher handles keeping the bundle up to date)

Places where the sandbox could be better:

  • More about the host system is exposed than neccecary, primarily because Firefox crashes without /proc.

Upstream Bugs:

Notes:

  • Follows the XDG Base Dir specification.
  • Questions that could be answered by reading the code will be ignored.
  • Unless you're capable of debugging it, don't use it, and don't contact me about it.
  • By default the sandbox ~/Desktop and ~/Downloads directories are mapped to the host ~/.local/share/sandboxed-tor-browser/tor-browser/Browser/[Desktop,Downloads] directories.
  • https://git.schwanenlied.me/yawning/sandboxed-tor-browser/wiki has something resembling build instructions, that may or may not be up to date.