Personal Sandboxed Tor Browser development repo. https://gitweb.torproject.org/tor-browser/sandboxed-tor-browser.git/

Yawning Angel fc34757614 Bug 21977: Fetch install/update metadata files from a different location. 1 day ago
data fc34757614 Bug 21977: Fetch install/update metadata files from a different location. 1 day ago
src 043ac0d0a8 Bug 22038: Stub out `pa_start_child_for_read`. 1 day ago
vendor 710c78e325 Use Config.Clone() to clone TLS configs when available. 2 weeks ago
.gitignore c3a280dc12 Bug 21093: Go back to using gosecco for seccomp rule compilation. 3 months ago
ChangeLog fc34757614 Bug 21977: Fetch install/update metadata files from a different location. 1 day ago
LICENSE 0b52de2ab4 Relicense to something "Libre". 6 months ago
Makefile c3a280dc12 Bug 21093: Go back to using gosecco for seccomp rule compilation. 3 months ago
README.md 851b16c0eb Remove suggestions to use other projects. No functional changes. 3 months ago

README.md

sandboxed-tor-browser

Yawning Angel (yawning at schwanenlied dot me)

I would build a great sandbox. And nobody builds sandboxes better than me, believe me. I will build a great, great sandbox on our application border. And I will have Tor Browser pay for that sandbox.

Tor Browser sandboxed somewhat correctly using bubblewrap. Obviously only works on Linux, and will NEVER support anything else since sandboxing is OS specific.

There are several unresolved issues that affect security and fingerprinting. Do not assume that this is perfect, merely "an improvement over nothing".

Runtime dependencies:

  • A modern Linux system on x86_64 architecture.
  • bubblewrap >= 0.1.3 (https://github.com/projectatomic/bubblewrap).
  • Gtk+ >= 3.14.0
  • (Optional) PulseAudio
  • (Optional) Adwaita Gtk+-2.0 theme
  • (Optional) libnotify and a Desktop Notification daemon

Build time dependencies:

  • Make
  • A C compiler
  • gb (https://getgb.io/ Yes I know it's behind fucking cloudflare)
  • Go (Tested with 1.7.x)
  • libnotify

Things that the sandbox breaks:

  • Audio (Unless allowed via the config)
  • DRI
  • X11 input methods (IBus requires access to the host D-Bus)
  • Installing addons via the browser UI (Unless allowed via the config)
  • Tor Browser's updater (launcher handles keeping the bundle up to date)

Places where the sandbox could be better:

  • More about the host system is exposed than neccecary, primarily because Firefox crashes without /proc.

Upstream Bugs:

Notes:

  • Follows the XDG Base Dir specification.
  • Questions that could be answered by reading the code will be ignored.
  • Unless you're capable of debugging it, don't use it, and don't contact me about it.
  • By default the sandbox ~/Desktop and ~/Downloads directories are mapped to the host ~/.local/share/sandboxed-tor-browser/tor-browser/Browser/[Desktop,Downloads] directories.
  • https://git.schwanenlied.me/yawning/sandboxed-tor-browser/wiki has something resembling build instructions, that may or may not be up to date.