Created
November 5, 2018 08:49
-
-
Save pmakholm/54017de4a5b64bfc1a13bf48706f7d6c to your computer and use it in GitHub Desktop.
Run Google Chrome with restricted access to $HOME
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # This runs Google Chrome in a sandboxed environment with | |
| # only restricted access to $HOME | |
| # | |
| # Requires bubblewrap https://github.com/projectatomic/bubblewrap | |
| # | |
| # TODO: Create a minimal /dev | |
| exec bwrap --ro-bind / / \ | |
| --tmpfs /tmp \ | |
| --dev-bind /dev /dev \ | |
| --proc /proc \ | |
| --bind /run/user/$(id -u) /run/user/$(id -u) \ | |
| --tmpfs /home \ | |
| --bind $HOME/Downloads $HOME/Downloads \ | |
| --bind $HOME/.config/google-chrome $HOME/.config/google-chrome \ | |
| --unshare-pid \ | |
| --new-session \ | |
| /opt/google/chrome/chrome --no-sandbox |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment