├── .gitignore ├── COPYING ├── README.md ├── aa-profiles ├── home.sandboxing.bash ├── home.sandboxing.bash-dev ├── home.sandboxing.bash-hide-net ├── home.sandboxing.chromium ├── home.sandboxing.chromium-tmp ├── home.sandboxing.deluge ├── home.sandboxing.discord ├── home.sandboxing.eom-ro ├── home.sandboxing.firefox ├── home.sandboxing.firefox-private ├── home.sandboxing.firefox-tmp ├── home.sandboxing.okular-ro ├── home.sandboxing.okular-rw └── home.sandboxing.thunderbird ├── add_aa_profiles.sh ├── add_links.sh ├── firefox-hardening ├── local-settings.js └── systemwide_user.js ├── gen ├── .gitignore ├── .ocamlformat ├── Makefile ├── dune-project ├── sandboxing_gen.opam └── src │ ├── aa.ml │ ├── bwrap.ml │ ├── commands.ml │ ├── config.ml │ ├── dune │ ├── gen.ml │ ├── profile.ml │ ├── profile_components.ml │ ├── profiles.ml │ ├── runner.ml │ └── seccomp_bpf.ml ├── runners ├── archive-handling.c ├── bash-dev.c ├── bash-hide-home-hide-net.c ├── bash-hide-home.c ├── bash-hide-net.c ├── bash-loose-hide-home.c ├── bash.c ├── chromium-tmp.c ├── chromium.c ├── deluge.c ├── discord.c ├── eom-ro.c ├── firefox-private-arch.c ├── firefox-private.c ├── firefox-tmp.c ├── firefox.c ├── make-workspace.c ├── okular-ro.c ├── okular-rw.c └── thunderbird.c ├── scripts ├── bash-dev.sh ├── bash-hide-net.sh ├── bash.sh ├── chromium-tmp.sh ├── chromium.sh ├── deluge.sh ├── discord.sh ├── eom-ro.sh ├── firefox-private.sh ├── firefox-tmp.sh ├── firefox.sh ├── okular-ro.sh ├── okular-rw.sh └── thunderbird.sh └── seccomp-bpfs ├── bash-dev.c ├── bash-hide-net.c ├── bash.c ├── chromium-tmp.c ├── chromium.c ├── deluge.c ├── discord.c ├── eom-ro.c ├── firefox-private.c ├── firefox-tmp.c ├── firefox.c ├── okular-ro.c ├── okular-rw.c └── thunderbird.c /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/.gitignore -------------------------------------------------------------------------------- /COPYING: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/COPYING -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/README.md -------------------------------------------------------------------------------- /aa-profiles/home.sandboxing.bash: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/aa-profiles/home.sandboxing.bash -------------------------------------------------------------------------------- /aa-profiles/home.sandboxing.bash-dev: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/aa-profiles/home.sandboxing.bash-dev -------------------------------------------------------------------------------- /aa-profiles/home.sandboxing.bash-hide-net: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/aa-profiles/home.sandboxing.bash-hide-net -------------------------------------------------------------------------------- /aa-profiles/home.sandboxing.chromium: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/aa-profiles/home.sandboxing.chromium -------------------------------------------------------------------------------- /aa-profiles/home.sandboxing.chromium-tmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/aa-profiles/home.sandboxing.chromium-tmp -------------------------------------------------------------------------------- /aa-profiles/home.sandboxing.deluge: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/aa-profiles/home.sandboxing.deluge -------------------------------------------------------------------------------- /aa-profiles/home.sandboxing.discord: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/aa-profiles/home.sandboxing.discord -------------------------------------------------------------------------------- /aa-profiles/home.sandboxing.eom-ro: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/aa-profiles/home.sandboxing.eom-ro -------------------------------------------------------------------------------- /aa-profiles/home.sandboxing.firefox: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/aa-profiles/home.sandboxing.firefox -------------------------------------------------------------------------------- /aa-profiles/home.sandboxing.firefox-private: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/aa-profiles/home.sandboxing.firefox-private -------------------------------------------------------------------------------- /aa-profiles/home.sandboxing.firefox-tmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/aa-profiles/home.sandboxing.firefox-tmp -------------------------------------------------------------------------------- /aa-profiles/home.sandboxing.okular-ro: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/aa-profiles/home.sandboxing.okular-ro -------------------------------------------------------------------------------- /aa-profiles/home.sandboxing.okular-rw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/aa-profiles/home.sandboxing.okular-rw -------------------------------------------------------------------------------- /aa-profiles/home.sandboxing.thunderbird: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/aa-profiles/home.sandboxing.thunderbird -------------------------------------------------------------------------------- /add_aa_profiles.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/add_aa_profiles.sh -------------------------------------------------------------------------------- /add_links.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/add_links.sh -------------------------------------------------------------------------------- /firefox-hardening/local-settings.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/firefox-hardening/local-settings.js -------------------------------------------------------------------------------- /firefox-hardening/systemwide_user.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/firefox-hardening/systemwide_user.js -------------------------------------------------------------------------------- /gen/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/gen/.gitignore -------------------------------------------------------------------------------- /gen/.ocamlformat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/gen/.ocamlformat -------------------------------------------------------------------------------- /gen/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/gen/Makefile -------------------------------------------------------------------------------- /gen/dune-project: -------------------------------------------------------------------------------- 1 | (lang dune 1.11) 2 | -------------------------------------------------------------------------------- /gen/sandboxing_gen.opam: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /gen/src/aa.ml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/gen/src/aa.ml -------------------------------------------------------------------------------- /gen/src/bwrap.ml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/gen/src/bwrap.ml -------------------------------------------------------------------------------- /gen/src/commands.ml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/gen/src/commands.ml -------------------------------------------------------------------------------- /gen/src/config.ml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/gen/src/config.ml -------------------------------------------------------------------------------- /gen/src/dune: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/gen/src/dune -------------------------------------------------------------------------------- /gen/src/gen.ml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/gen/src/gen.ml -------------------------------------------------------------------------------- /gen/src/profile.ml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/gen/src/profile.ml -------------------------------------------------------------------------------- /gen/src/profile_components.ml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/gen/src/profile_components.ml -------------------------------------------------------------------------------- /gen/src/profiles.ml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/gen/src/profiles.ml -------------------------------------------------------------------------------- /gen/src/runner.ml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/gen/src/runner.ml -------------------------------------------------------------------------------- /gen/src/seccomp_bpf.ml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/gen/src/seccomp_bpf.ml -------------------------------------------------------------------------------- /runners/archive-handling.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/runners/archive-handling.c -------------------------------------------------------------------------------- /runners/bash-dev.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/runners/bash-dev.c -------------------------------------------------------------------------------- /runners/bash-hide-home-hide-net.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/runners/bash-hide-home-hide-net.c -------------------------------------------------------------------------------- /runners/bash-hide-home.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/runners/bash-hide-home.c -------------------------------------------------------------------------------- /runners/bash-hide-net.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/runners/bash-hide-net.c -------------------------------------------------------------------------------- /runners/bash-loose-hide-home.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/runners/bash-loose-hide-home.c -------------------------------------------------------------------------------- /runners/bash.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/runners/bash.c -------------------------------------------------------------------------------- /runners/chromium-tmp.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/runners/chromium-tmp.c -------------------------------------------------------------------------------- /runners/chromium.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/runners/chromium.c -------------------------------------------------------------------------------- /runners/deluge.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/runners/deluge.c -------------------------------------------------------------------------------- /runners/discord.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/runners/discord.c -------------------------------------------------------------------------------- /runners/eom-ro.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/runners/eom-ro.c -------------------------------------------------------------------------------- /runners/firefox-private-arch.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/runners/firefox-private-arch.c -------------------------------------------------------------------------------- /runners/firefox-private.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/runners/firefox-private.c -------------------------------------------------------------------------------- /runners/firefox-tmp.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/runners/firefox-tmp.c -------------------------------------------------------------------------------- /runners/firefox.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/runners/firefox.c -------------------------------------------------------------------------------- /runners/make-workspace.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/runners/make-workspace.c -------------------------------------------------------------------------------- /runners/okular-ro.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/runners/okular-ro.c -------------------------------------------------------------------------------- /runners/okular-rw.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/runners/okular-rw.c -------------------------------------------------------------------------------- /runners/thunderbird.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/runners/thunderbird.c -------------------------------------------------------------------------------- /scripts/bash-dev.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/scripts/bash-dev.sh -------------------------------------------------------------------------------- /scripts/bash-hide-net.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/scripts/bash-hide-net.sh -------------------------------------------------------------------------------- /scripts/bash.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/scripts/bash.sh -------------------------------------------------------------------------------- /scripts/chromium-tmp.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/scripts/chromium-tmp.sh -------------------------------------------------------------------------------- /scripts/chromium.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/scripts/chromium.sh -------------------------------------------------------------------------------- /scripts/deluge.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/scripts/deluge.sh -------------------------------------------------------------------------------- /scripts/discord.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/scripts/discord.sh -------------------------------------------------------------------------------- /scripts/eom-ro.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/scripts/eom-ro.sh -------------------------------------------------------------------------------- /scripts/firefox-private.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/scripts/firefox-private.sh -------------------------------------------------------------------------------- /scripts/firefox-tmp.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/scripts/firefox-tmp.sh -------------------------------------------------------------------------------- /scripts/firefox.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/scripts/firefox.sh -------------------------------------------------------------------------------- /scripts/okular-ro.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/scripts/okular-ro.sh -------------------------------------------------------------------------------- /scripts/okular-rw.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/scripts/okular-rw.sh -------------------------------------------------------------------------------- /scripts/thunderbird.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/scripts/thunderbird.sh -------------------------------------------------------------------------------- /seccomp-bpfs/bash-dev.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/seccomp-bpfs/bash-dev.c -------------------------------------------------------------------------------- /seccomp-bpfs/bash-hide-net.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/seccomp-bpfs/bash-hide-net.c -------------------------------------------------------------------------------- /seccomp-bpfs/bash.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/seccomp-bpfs/bash.c -------------------------------------------------------------------------------- /seccomp-bpfs/chromium-tmp.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/seccomp-bpfs/chromium-tmp.c -------------------------------------------------------------------------------- /seccomp-bpfs/chromium.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/seccomp-bpfs/chromium.c -------------------------------------------------------------------------------- /seccomp-bpfs/deluge.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/seccomp-bpfs/deluge.c -------------------------------------------------------------------------------- /seccomp-bpfs/discord.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/seccomp-bpfs/discord.c -------------------------------------------------------------------------------- /seccomp-bpfs/eom-ro.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/seccomp-bpfs/eom-ro.c -------------------------------------------------------------------------------- /seccomp-bpfs/firefox-private.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/seccomp-bpfs/firefox-private.c -------------------------------------------------------------------------------- /seccomp-bpfs/firefox-tmp.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/seccomp-bpfs/firefox-tmp.c -------------------------------------------------------------------------------- /seccomp-bpfs/firefox.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/seccomp-bpfs/firefox.c -------------------------------------------------------------------------------- /seccomp-bpfs/okular-ro.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/seccomp-bpfs/okular-ro.c -------------------------------------------------------------------------------- /seccomp-bpfs/okular-rw.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/seccomp-bpfs/okular-rw.c -------------------------------------------------------------------------------- /seccomp-bpfs/thunderbird.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/darrenldl/sandboxing/HEAD/seccomp-bpfs/thunderbird.c --------------------------------------------------------------------------------