github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #2405] Script to spoof Opera browser #1605

New issue

Closed

opened 2026-05-05 08:15:36 -06:00 by gitea-mirror · 2 comments

gitea-mirror commented

2026-05-05 08:15:36 -06:00

Owner

Originally created by @jackTaw88 on GitHub (Feb 15, 2019).
Original GitHub issue: https://github.com/netblue30/firejail/issues/2405

Hi,

what is the best (possible/optimal) way to spoof a closed source web browser like opera?

For example this scipt works perfect:

firejail --private-home=/fakehome --noprofile --hostname=$FAKE_HOST_NAME --x11=xephyr --machine-id --net=eth0 --dns=8.8.8.8 --dns=8.8.4.4 /operaportable/opera

Do I need -private-tmp? It does not run as root, it can see other temp files from other apps?
How can I spoof my username?
It can see others apps from IPC?
What other parameters do you prefer?

Thank you

Originally created by @jackTaw88 on GitHub (Feb 15, 2019). Original GitHub issue: https://github.com/netblue30/firejail/issues/2405 Hi, what is the best (possible/optimal) way to spoof a closed source web browser like opera? For example this scipt works perfect: > firejail --private-home=/fakehome --noprofile --hostname=$FAKE_HOST_NAME --x11=xephyr --machine-id --net=eth0 --dns=8.8.8.8 --dns=8.8.4.4 /operaportable/opera - Do I need -private-tmp? It does not run as root, it can see other temp files from other apps? - How can I spoof my username? - It can see others apps from IPC? - What other parameters do you prefer? Thank you

gitea-mirror

2026-05-05 08:15:36 -06:00

closed this issue
added the
information_old
label

gitea-mirror commented

2026-05-05 08:15:38 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (Feb 17, 2019):

I'm not sure I understand what you're trying to do here. If you're trying to make it look as though you are using Opera when you are, in fact, using a different browser, this has nothing to do with firejail and everything to do with changing your "user agent" in the browser.

But you seem to possibly be asking how to jail Opera (restricting what it can do). If that is the case, there's no perfect/"optimal" answer. I personally use the following combination (in general) when designing my personal profiles:

common options: private-tmp, read-only /tmp/.X11-unix, private-srv, private-dev, disable-mnt, private-opt emp, shell none, seccomp, seccomp.block-secondary, noroot, caps.drop all, apparmor, nonewprivs, ipc-namespace, machine-id, nodbus, nou2f, nogroups, net none, netfilter, memory-deny-write-execute, noexec ${HOME}, noexec /tmp, noexec ${RUNUSER}, blacklist /usr/local/bin, blacklist /usr/local/sbin, blacklist /boot (some of these - e.g. net none - are overridden in specialized profiles, but I put this in a common.inc file and source it in all of my personal profiles).
whitelist only the config files/folders needed for the program to function and ${DOWNLOADS} (for file transfers).
Depending on the program, whitelist additional XDG directories (e.g. ${DOCUMENTS}, ${MUSIC}, etc). In the case of my firefox and chromium profiles, I don't do this.
private-bin, private-etc, and private-lib (private-lib can be more tedious to figure out, so I sometimes skip it).
Sometimes whitelist files/directories in /usr/share.
Sometimes use a network namespace (I often use a VPN from my laptop, which doesn't work with network namespaces at the moment).

Does that help?

@chiraag-nataraj commented on GitHub (Feb 17, 2019): I'm not sure I understand what you're trying to do here. If you're trying to make it look _as though_ you are using Opera when you are, in fact, using a _different_ browser, this has nothing to do with firejail and everything to do with changing your "user agent" in the browser. But you seem to possibly be asking how to _jail_ Opera (restricting what it can do). If that is the case, there's no perfect/"optimal" answer. I personally use the following combination (in general) when designing my personal profiles: * common options: `private-tmp`, `read-only /tmp/.X11-unix`, `private-srv`, `private-dev`, `disable-mnt`, `private-opt emp`, `shell none`, `seccomp`, `seccomp.block-secondary`, `noroot`, `caps.drop all`, `apparmor`, `nonewprivs`, `ipc-namespace`, `machine-id`, `nodbus`, `nou2f`, `nogroups`, `net none`, `netfilter`, `memory-deny-write-execute`, `noexec ${HOME}`, `noexec /tmp`, `noexec ${RUNUSER}`, `blacklist /usr/local/bin`, `blacklist /usr/local/sbin`, `blacklist /boot` (some of these - e.g. `net none` - are overridden in specialized profiles, but I put this in a `common.inc` file and source it in all of my personal profiles). * `whitelist` only the config files/folders needed for the program to function and `${DOWNLOADS}` (for file transfers). * Depending on the program, `whitelist` additional `XDG` directories (e.g. `${DOCUMENTS}`, `${MUSIC}`, etc). In the case of my `firefox` and `chromium` profiles, I don't do this. * `private-bin`, `private-etc`, and `private-lib` (`private-lib` can be more tedious to figure out, so I sometimes skip it). * Sometimes `whitelist` files/directories in `/usr/share`. * Sometimes use a network namespace (I often use a VPN from my laptop, which doesn't work with network namespaces at the moment). Does that help?

gitea-mirror commented

2026-05-05 08:15:39 -06:00

Author

Owner

@jackTaw88 commented on GitHub (Feb 20, 2019):

I don't trust closed source softwares. It can get screenshots from my machine anytime, it can identify (create a fingerprint of my machine) from my mac, local-ip, directory structure ...) ... I want to spoof them...

But I need a fast and free and not-configurable vpn which is embeeded to opera :)

I will read your answer... I will try to make more advance script. If I will need help I will write again here.

Thank you

@jackTaw88 commented on GitHub (Feb 20, 2019): I don't trust closed source softwares. It can get screenshots from my machine anytime, it can identify (create a fingerprint of my machine) from my mac, local-ip, directory structure ...) ... I want to spoof them... But I need a fast and free and not-configurable vpn which is embeeded to opera :) I will read your answer... I will try to make more advance script. If I will need help I will write again here. Thank you

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#1605

No description provided.

Rows
Columns