Created
January 25, 2024 03:16
-
-
Save digitalsignalperson/dbaf5ecef5c50cb74417dafe515cf8bf to your computer and use it in GitHub Desktop.
Bubblewrapped firefox with a fifo on the host to open links inside the container
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| URL_FIFO=$HOME/Downloads/ff_fifo | |
| mkfifo "$URL_FIFO" | |
| ffscript=$(mktemp) | |
| cat > "$ffscript" << EOF | |
| #!/bin/bash | |
| echo "Creating profile" | |
| firefox -CreateProfile myprofile | |
| firefoxUserJsPath="\$HOME/.mozilla/firefox/\$(kreadconfig5 --file ~/.mozilla/firefox/profiles.ini --group Profile0 --key Path)/user.js" | |
| echo "Setting user.js" | |
| cat > "\$firefoxUserJsPath" << FOE | |
| // Always ask where to download | |
| user_pref("browser.download.useDownloadDir", false); | |
| // Disable pocket, sponsored | |
| user_pref("extensions.pocket.enabled", "false"); | |
| user_pref("browser.newtabpage.activity-stream.showSponsored", "false"); | |
| user_pref("browser.newtabpage.activity-stream.feeds.section.topstories", "false"); | |
| user_pref("browser.newtabpage.activity-stream.showSponsoredTopSites", "false"); | |
| // Open DevTools in a Window | |
| user_pref("devtools.toolbox.host", "window"); | |
| // Disable Firefox studies, experiments, and reporting | |
| user_pref("app.shield.optoutstudies.enabled", false); | |
| user_pref("browser.discovery.enabled", false); | |
| user_pref("datareporting.healthreport.uploadEnabled", false); | |
| // Cookie banner management | |
| // 1: (rejects all cookies if possible, otherwise does nothing) or 2 (rejects all cookies if possible, otherwise does what you would probably do to quickly get rid of the cookie banner, which is to accept all of them). | |
| user_pref("cookiebanners.service.mode", 2); | |
| user_pref("cookiebanners.service.mode.privateBrowsing", 2); | |
| // Disable Search Engine AutoComplete in AddressBar | |
| user_pref("browser.search.suggest.enabled", "false"); | |
| user_pref("browser.urlbar.suggest.engines", "false"); | |
| // Homepage > Shortcuts > Rows: 4 | |
| user_pref("browser.newtabpage.activity-stream.topSitesRows", "4"); | |
| FOE | |
| echo "Starting firefox and fifo read loop" | |
| firefox -P myprofile & | |
| FFPID=\$! | |
| while true; do | |
| if ! kill -0 \$FFPID > /dev/null 2>&1; then | |
| break | |
| fi | |
| if read -r -t 0.5 url <> "$URL_FIFO"; then | |
| firefox --new-tab \$url | |
| # echo "\$url" | |
| # sleep 1 | |
| else | |
| sleep 0.5 | |
| fi | |
| done | |
| EOF | |
| chmod +x "$ffscript" | |
| bwrap \ | |
| --symlink usr/bin /bin \ | |
| --symlink usr/bin /sbin \ | |
| --symlink usr/lib /lib \ | |
| --symlink usr/lib64 /lib64 \ | |
| --ro-bind /usr/bin /usr/bin \ | |
| --ro-bind /usr/lib /usr/lib \ | |
| --ro-bind /usr/lib64 /usr/lib64 \ | |
| --ro-bind /usr/share /usr/share \ | |
| --ro-bind /etc /etc \ | |
| --tmpfs /tmp \ | |
| --proc /proc \ | |
| --dev /dev \ | |
| --dev-bind /dev/dri /dev/dri \ | |
| --ro-bind /sys/dev/char /sys/dev/char \ | |
| --ro-bind /sys/devices /sys/devices \ | |
| --dir "$XDG_RUNTIME_DIR" \ | |
| --ro-bind "$XDG_RUNTIME_DIR/wayland-0" "$XDG_RUNTIME_DIR/wayland-0" \ | |
| --ro-bind "$XDG_RUNTIME_DIR/pipewire-0" "$XDG_RUNTIME_DIR/pipewire-0" \ | |
| --ro-bind "$XDG_RUNTIME_DIR/pulse" "$XDG_RUNTIME_DIR/pulse" \ | |
| --ro-bind /run/systemd/resolve/stub-resolv.conf /run/systemd/resolve/stub-resolv.conf \ | |
| --unshare-all \ | |
| --share-net \ | |
| --die-with-parent \ | |
| --new-session \ | |
| --bind $HOME/Downloads $HOME/Downloads \ | |
| --chdir $HOME \ | |
| --bind "$ffscript" "$HOME/firefox.sh" \ | |
| dbus-run-session -- ./firefox.sh |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment