BastilleBSD template to bootstrap Firefox.
When applied to a container, this template will install with dependencies
- firefox
- noto fonts ( All the glyphs for the modern web )
- xauth
- mesa-dri ( 3D Support if available )
- add user
firefox
- gives access to the socket
/tmp/.X11-unix/:0=
from inside the jail.
This all adds up to a container size of: ~1.8 Gigabyte
To run the jailed firefox from the host system please visit jailfox-install for further instructions.
bastille bootstrap https://github.com/ddowse/jailfox
bastille template TARGET ddowse/jailfox [ --arg WITH_USB=1 ] [ --arg WITH_3D=1 ]
The arguments WITH_3D
and WITH_USB
are stricly optional. But if you decide
to use them. You have add some rules to /etc/devfs.rules
, some rules that i
have found working are listed in the devfs.rules
file in this repo.
Add the content of devfs.rules
to your existing /etc/devfs.rules
.
[bastille_xorg=99]
add include $devfsrules_hide_all
add include $devfsrules_unhide_basic
add include $devfsrules_unhide_login
# Remove comments in the next 2 lines to allow access to soundcard
#add path 'mixer*' unhide
#add path 'dsp*' unhide
# Remove comment in the next line to allow access to all output/input sound devices
# This is mandatory to get microphone working
#add path 'sndstat' unhide
# Remove comments in the next 2 lines to allow access to Webcam
#add path 'cuse*' unhide
#add path 'video' unhide
# Remove comments in the next 5 lines to allow access to Videocard for 3D
#add path 'dri' unhide
#add path 'dri/*' unhide
#add path 'drm' unhide
#add path 'drm/*' unhide
#add path 'pci' unhide
# Remove comments in the next 2 lines to allow access to USB devices.
# Mandatory if Webcam and Headset is connected via USB
#add path 'usb' unhide
#add path 'usb/*' unhide
bastille config TARGET set devfs_ruleset 99
service devfs restart
bastille restart TARGET
Go to Settings
scroll down then Uncheck "Use recommended performance settings".
Open about:config
and set gfx.webrender.all
to true
Restart Firefox
To avoid frustration, I recommend to ZFS snapshot the target jail before applying the BastilleBSD template. This way it makes it very easy to start all over again by rolling back to the snapshot. You could also create a ZFS snapshot of the target jail, after the template is applied, to always have a fresh webbrowser at your disposal.
And feedback on this template is welcome.