├── Bastillefile
├── LICENSE
├── README.md
├── devfs.rules
└── ff-performance.png


/Bastillefile:
--------------------------------------------------------------------------------
1 | ARG WITH_USB
2 | ARG WITH_3D
3 | PKG firefox xauth noto-basic noto-emoji noto-extra 
4 | CMD pw useradd -n firefox -m -w random 
5 | CMD if [ -n "${WITH_USB}" ]; then if [ ${WITH_USB} -eq 1 ]; then echo "Adding USB Group"; pw groupadd usb -M firefox; fi; fi
6 | CMD if [ -n "${WITH_3D}" ]; then if [ ${WITH_3D} -eq 1 ]; then echo "Adding 3D Support"; pw groupmod video -m firefox; pkg install -y mesa-dri; fi; fi
7 | CMD mkdir -m 777 /tmp/.X11-unix
8 | FSTAB /tmp/.X11-unix /tmp/.X11-unix nullfs ro 0 0
9 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | BSD 3-Clause License
 2 | 
 3 | Copyright (c) 2019-2021, Christer Edwards <christer.edwards@gmail.com>
 4 | All rights reserved.
 5 | 
 6 | Redistribution and use in source and binary forms, with or without
 7 | modification, are permitted provided that the following conditions are met:
 8 | 
 9 | 1. Redistributions of source code must retain the above copyright notice, this
10 |    list of conditions and the following disclaimer.
11 | 
12 | 2. Redistributions in binary form must reproduce the above copyright notice,
13 |    this list of conditions and the following disclaimer in the documentation
14 |    and/or other materials provided with the distribution.
15 | 
16 | 3. Neither the name of the copyright holder nor the names of its
17 |    contributors may be used to endorse or promote products derived from
18 |    this software without specific prior written permission.
19 | 
20 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
23 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
24 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
26 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
27 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
28 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Jailfox 
 2 | 
 3 | [BastilleBSD](https://bastillebsd.org) template to bootstrap Firefox.
 4 | 
 5 | ## Description
 6 | 
 7 | When applied to a container, this template will install with dependencies
 8 |  
 9 | - firefox 
10 | - noto fonts ( All the glyphs for the modern web )
11 | - xauth
12 | - mesa-dri ( 3D Support if available )
13 | - add user `firefox` 
14 | - gives access to the socket `/tmp/.X11-unix/:0=` from inside the jail.
15 | 
16 | This all adds up to a container size of: **~1.8 Gigabyte**
17 | 
18 | To run the jailed firefox from the host system please visit 
19 | [jailfox-install](https://github.com/ddowse/jailfox-install) for further instructions.
20 | 
21 | ## Bootstrap
22 | ```shell
23 | bastille bootstrap https://github.com/ddowse/jailfox 
24 | ```
25 | 
26 | ## Apply
27 | ```shell
28 | bastille template TARGET ddowse/jailfox [ --arg WITH_USB=1 ] [ --arg WITH_3D=1  ]
29 | ```
30 | The arguments `WITH_3D` and `WITH_USB` are stricly optional. But if you decide
31 | to use them. You have add some rules to `/etc/devfs.rules`, some rules that i
32 | have found working are listed in the `devfs.rules` file in this repo.   
33 | Add the content of `devfs.rules` to your existing `/etc/devfs.rules`.
34 | 
35 | ```sh
36 | [bastille_xorg=99]
37 | add include $devfsrules_hide_all
38 | add include $devfsrules_unhide_basic
39 | add include $devfsrules_unhide_login
40 | 
41 | # Remove comments in the next 2 lines to allow access to soundcard
42 | #add path 'mixer*' unhide
43 | #add path 'dsp*'   unhide
44 | 
45 | # Remove comment in the next line to allow access to all output/input sound devices
46 | # This is mandatory to get microphone working
47 | #add path 'sndstat' unhide
48 | 
49 | # Remove comments in the next 2 lines to allow access to Webcam
50 | #add path 'cuse*'  unhide
51 | #add path 'video'  unhide
52 | 
53 | # Remove comments in the next 5 lines to allow access to Videocard for 3D
54 | #add path 'dri'    unhide
55 | #add path 'dri/*'  unhide 
56 | #add path 'drm'    unhide
57 | #add path 'drm/*'  unhide
58 | #add path 'pci'    unhide
59 | 
60 | # Remove comments in the next 2 lines to allow access to USB devices.
61 | # Mandatory if Webcam and Headset is connected via USB 
62 | #add path 'usb'    unhide
63 | #add path 'usb/*'  unhide
64 | ```
65 | 
66 | ```shell
67 | bastille config TARGET set devfs_ruleset 99
68 | service devfs restart
69 | bastille restart TARGET
70 | ```
71 | 
72 | ## 3D Acceleration 
73 | 
74 | Go to `Settings` scroll down then **Uncheck** "Use recommended performance settings".   
75 | 
76 | ![Firefox Settings](ff-performance.png)
77 | 
78 | Open `about:config` and set `gfx.webrender.all` to `true`
79 | 
80 | Restart Firefox
81 | 
82 | ## Hint
83 | 
84 | To avoid frustration, I recommend to ZFS snapshot the target jail before applying
85 | the BastilleBSD template. This way it makes it very easy to start all over again by rolling back to the snapshot. 
86 | You could also create a ZFS snapshot of the target jail, after the template is
87 | applied, to always have a fresh webbrowser at your disposal.
88 | 
89 | And feedback on this template is welcome. 
90 | 


--------------------------------------------------------------------------------
/devfs.rules:
--------------------------------------------------------------------------------
 1 | [bastille_xorg=99]
 2 | add include $devfsrules_hide_all
 3 | add include $devfsrules_unhide_basic
 4 | add include $devfsrules_unhide_login
 5 | 
 6 | # Remove comments in the next 2 lines to allow access to soundcard
 7 | #add path 'mixer*' unhide
 8 | #add path 'dsp*'   unhide
 9 | 
10 | # Remove comment in the next line to allow access to all output/input sound devices
11 | # This is mandatory to get microphone working
12 | #add path 'sndstat' unhide
13 | 
14 | # Remove comments in the next 2 lines to allow access to Webcam
15 | #add path 'cuse*'  unhide
16 | #add path 'video'  unhide
17 | 
18 | # Remove comments in the next 5 lines to allow access to Videocard for 3D
19 | #add path 'dri'    unhide
20 | #add path 'dri/*'  unhide 
21 | #add path 'drm'    unhide
22 | #add path 'drm/*'  unhide
23 | #add path 'pci'    unhide
24 | 
25 | # Remove comments in the next 2 lines to allow access to USB devices.
26 | # Mandatory if Webcam and Headset is connected via USB 
27 | #add path 'usb'    unhide
28 | #add path 'usb/*'  unhide
29 | 


--------------------------------------------------------------------------------
/ff-performance.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ddowse/jailfox/8f56a4e24d5443c52c091b061dcf12fe33f2f146/ff-performance.png


--------------------------------------------------------------------------------