Example: setting up Torbrowser
This guide will show you how to setup bubblejail to run Tor browser.
First create a new generic instance tor_browser. Generic profile provides access to the most commonly used resources such as windowing system (both X11 and Wayland) and sound.
[username@hostname ~] bubblejail create --no-desktop-entry --profile generic tor_browserNext run a terminal inside sandbox. Most terminal applications should work (alacritty, foot, konsole) with exception of GNOME Terminal which requires full access to D-Bus.
[username@hostname ~] bubblejail run tor_browser alacrittyA terminal window should open. This terminal will be inside sandbox.
Now it is time to download Torbrowser from the official website using the sandboxed terminal. This guide downloads the latest Torbrowser version as of 2024-03-02. Check the official website for a more recent version.
[sandbox ~] wget 'https://www.torproject.org/dist/torbrowser/13.0.10/tor-browser-linux-x86_64-13.0.10.tar.xz'
HTTP request sent, awaiting response... 200 OK
Length: 114603108 (109M) [application/x-xz]
Saving to: ‘tor-browser-linux-x86_64-13.0.10.tar.xz’The wget saved the Torbrowser archive to the sandbox home folder. Now it is time to unpack it.
[sandbox ~] tar --verbose --extract --file ./tor-browser-linux-x86_64-13.0.10.tar.xzBy default the Tor browser archive contains a tor-browser folder. Test that Tor browser can launch directly from shell.
[sandbox ~] cd tor-browser
[sandbox ~] ./start-tor-browser.desktopTor browser should launch.
When Tor browser is launched with ./start-tor-browser.desktop --register-app option it will create a desktop entry at ~/.local/share/applications/.
[sandbox ~] ./start-tor-browser.desktop --register-app
Launching './Browser/start-tor-browser --detach --register-app'...
Tor Browser has been registered as a desktop app for this user in ~/.local/share/applications/
However, this folder is from the perspective of sandbox so it won't run from the desktop environment.
All sandboxed directories are usually located in ~/.local/share/bubblejail/instances/<instance_name>/home/ folder where <instance_name> is the name of the instance. (tor_browser in this example)
Bubblejail provides a tool to modify the desktop entries of an application, however, it can't automatically modify the absolute paths used in Tor browser's desktop entry. This has to be manually edited.
First, make bubblejail modify and save the Tor browser's desktop entry:
[username@hostname ~] bubblejail generate-desktop-entry --desktop-entry ~/.local/share/bubblejail/instances/tor_browser/home/.local/share/applications/start-tor-browser.desktop tor_browserNotice how the path should be a combination of path to sandboxed home and path relative to sandboxed home to the desktop entry.
The new desktop entry should became available to the desktop environment
However, the icon will be broken because the path to icon in the desktop entry is relative to the sandboxed home.
To fix this manualy edit the desktop entry's Icon value.
[username@hostname ~] nano ~/.local/share/applications/start-tor-browser.desktopChange
Icon=/home/username/tor-browser/Browser/browser/chrome/icons/default/default128.png
To:
Icon=/home/username/.local/share/bubblejail/instances/tor_browser/home/tor-browser/Browser/browser/chrome/icons/default/default128.png
And update the desktop entries database:
[username@hostname ~] update-desktop-database ~/.local/share/applications/Now the Tor browser desktop entry should display the proper icon.
