Created
December 26, 2019 14:17
-
-
Save legionus/80eb534ec0f60782d48dd08bd7d3b683 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/ash -efux | |
| export DISPLAY=:0 | |
| export LIBDIR="$(getconf LIBDIR)" | |
| # $ hsh --init | |
| # $ hsh-install firefox xauth | |
| # $ hsh-install fonts-ttf-google-droid-sans fonts-ttf-google-droid-sans-mono fonts-ttf-google-droid-serif | |
| # $ grep -v '^#' /etc/hasher-priv/fstab | |
| # tmpfs /dev/shm tmpfs size=500m,nr_inodes=4096 0 0 | |
| in_chroot_rooter() | |
| { | |
| cat >"$TMPDIR/script" | |
| chmod +x "$TMPDIR/script" | |
| hsh-run --rooter --execute="$TMPDIR/script" </dev/null | |
| } | |
| in_chroot_rooter "Copy system resolv.conf ..." <<-EOF | |
| #!/bin/sh -efu | |
| cat >/etc/resolv.conf <<EOF1 | |
| $(cat /etc/resolv.conf) | |
| EOF1 | |
| EOF | |
| in_chroot_rooter "Customize firefox settings ..." <<-EOF | |
| #!/bin/sh -efu | |
| cat > $LIBDIR/firefox/browser/defaults/preferences/all-privacy.js <<EOF1 | |
| pref("privacy.resistfingerprinting", true); /* Enable Fingerprint Resistance */ | |
| pref("media.peerconnection.enabled", false); /* Disable WebRTC */ | |
| pref("security.ssl3.rsa_des_ede3_sha", false); /* Disable the 3DES cipher */ | |
| pref("security.ssl.require_safe_negotiation", true); /* Require Safe Negotiation */ | |
| pref("security.ssl.treat_unsafe_negotiation_as_broken", true); | |
| pref("security.ssl.disable_session_identifiers", true); /* Disable Session Identifiers */ | |
| pref("security.ssl.enable_false_start", false); /* Disable TLS False Start */ | |
| pref("security.tls.version.min", 3); /* Disable TLS versions 1.0 and 1.1 */ | |
| pref("security.tls.enable_0rtt_data", false); /* Disable 0-RTT – Zero Round Trip Time Resumption (0-RTT) is a feature that is new in TLS 1.3 */ | |
| pref("browser.formfill.enable", false); /* Disable Automatic Formfill */ | |
| pref("browser.cache.disk.enable", false); /* Disable All Disk Caching */ | |
| pref("browser.cache.disk_cache_ssl", false); /* Disable All Disk Caching */ | |
| pref("browser.cache.memory.enable", false); /* Disable All Disk Caching */ | |
| pref("browser.cache.offline.enable", false); /* Disable All Disk Caching */ | |
| pref("browser.cache.insecure.enable", false); /* Disable All Disk Caching */ | |
| pref("geo.enabled", false); /* Disable Geolocation Services */ | |
| pref("plugin.scan.plid.all", false); /* Disable Plugin Scanning */ | |
| pref("browser.newtabpage.activity-stream.feeds.telemetry", false); /* Disable ALL Telemetry Features */ | |
| pref("browser.newtabpage.activity-stream.telemetry", false); /* Disable ALL Telemetry Features */ | |
| pref("browser.pingcentre.telemetry", false); /* Disable ALL Telemetry Features */ | |
| pref("devtools.onboarding.telemetry-logged", false); /* Disable ALL Telemetry Features */ | |
| pref("media.wmf.deblacklisting-for-telemetry-in-gpu-process", false); /* Disable ALL Telemetry Features */ | |
| pref("toolkit.telemetry.archive.enabled", false); /* Disable ALL Telemetry Features */ | |
| pref("toolkit.telemetry.bhrping.enabled", false); /* Disable ALL Telemetry Features */ | |
| pref("toolkit.telemetry.firstshutdownping.enabled", false); /* Disable ALL Telemetry Features */ | |
| pref("toolkit.telemetry.hybridcontent.enabled", false); /* Disable ALL Telemetry Features */ | |
| pref("toolkit.telemetry.newprofileping.enabled", false); /* Disable ALL Telemetry Features */ | |
| pref("toolkit.telemetry.unified", false); /* Disable ALL Telemetry Features */ | |
| pref("toolkit.telemetry.updateping.enabled", false); /* Disable ALL Telemetry Features */ | |
| pref("toolkit.telemetry.shutdownpingsender.enabled", false); /* Disable ALL Telemetry Features */ | |
| pref("network.dns.disableprefetch", false); /* Disable DNS Prefetching */ | |
| pref("network.prefetch-next", false); /* Disable Network Prefetching */ | |
| pref("network.http.sendRefererHeader", 0); /* Disable HTTP Referral Headers */ | |
| pref("network.security.esni.enabled", true); /* Enable encrypted SNI */ | |
| pref("webgl.disabled", true); /* Disable WebGL */ | |
| pref("dom.battery.enabled", false); /* Disable Battery API */ | |
| pref("privacy.firstparty.isolate", true); /* Enable First-Party Isolation */ | |
| EOF1 | |
| EOF | |
| cat >"$TMPDIR/script" <<EOF | |
| #!/bin/sh -efux | |
| cat /proc/mounts | |
| exec firefox | |
| EOF | |
| chmod +x "$TMPDIR/script" | |
| env \ | |
| share_network=1 \ | |
| hsh-run --mountpoint=/proc,/dev/shm -X --execute="$TMPDIR/script" | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@imz In this particular case, yes. But I wanted to use a generic wrapper.