ports/www/tor-browser/browser/files/unveil.main

# for uuid generation?
/dev/urandom r
/dev/video rw
/dev/video0 rw
/dev/fido rw
# for webgl info in about:support
/dev/dri/card0 rw
/usr/lib r

/etc/fonts r
/etc/machine-id r

# normally "pledge dns" exempts this from unveil, but pledge might be disabled
/etc/resolv.conf r

/usr/local/bin/tor rx
/usr/local/lib r
/usr/local/lib/tor-browser rx
/usr/local/share r
/usr/share/locale r
/usr/share/zoneinfo r
/var/cache/fontconfig r
/usr/X11R6/lib r
/usr/X11R6/share r
/var/run r

# printing
/usr/bin/lpr rx
/var/run/cups/cups.sock rw

/etc/mailcap r
~/.mailcap r
~/.mime.types r

~/.XCompose r
~/.Xauthority r
~/.Xdefaults r
~/.fontconfig r
~/.fonts r
~/.fonts.conf r
~/.fonts.conf.d r
~/.icons r
~/.pki rwc
~/.sndio rwc
~/.terminfo r

~/TorBrowser-Data rwc
~/Downloads rwc

# for at least shm_open (for now)
/tmp rwc

# $XDG_CACHE_HOME, $XDG_CONFIG_HOME, and $XDG_DATA_HOME will expand to the
# given variable if it exists in the environment, otherwise defaulting to
# ~/.cache, ~/.config, and ~/.local/share
$XDG_RUNTIME_DIR/dconf rwc
$XDG_CACHE_HOME/thumbnails rwc
$XDG_CACHE_HOME/mesa_shader_cache rwc
$XDG_CONFIG_HOME/dconf rw
$XDG_CONFIG_HOME/fcitx r
$XDG_CONFIG_HOME/fontconfig r
$XDG_CONFIG_HOME/gtk-3.0 r
$XDG_CONFIG_HOME/mimeapps.list r
$XDG_CONFIG_HOME/user-dirs.dirs r
$XDG_DATA_HOME/applications rwc
$XDG_DATA_HOME/applnk r
$XDG_DATA_HOME/fonts r
$XDG_DATA_HOME/glib-2.0 r
$XDG_DATA_HOME/icons r
$XDG_DATA_HOME/mime r
$XDG_DATA_HOME/recently-used.xbel rwc
$XDG_DATA_HOME/themes r
SecBSD's official ports repository 2023-08-16 22:26:55 +00:00			`# for uuid generation?`
			`/dev/urandom r`
			`/dev/video rw`
			`/dev/video0 rw`
			`/dev/fido rw`
			`# for webgl info in about:support`
			`/dev/dri/card0 rw`
			`/usr/lib r`

			`/etc/fonts r`
			`/etc/machine-id r`

			`# normally "pledge dns" exempts this from unveil, but pledge might be disabled`
			`/etc/resolv.conf r`

			`/usr/local/bin/tor rx`
			`/usr/local/lib r`
			`/usr/local/lib/tor-browser rx`
			`/usr/local/share r`
			`/usr/share/locale r`
			`/usr/share/zoneinfo r`
			`/var/cache/fontconfig r`
			`/usr/X11R6/lib r`
			`/usr/X11R6/share r`
			`/var/run r`

			`# printing`
			`/usr/bin/lpr rx`
			`/var/run/cups/cups.sock rw`

			`/etc/mailcap r`
			`~/.mailcap r`
			`~/.mime.types r`

			`~/.XCompose r`
			`~/.Xauthority r`
			`~/.Xdefaults r`
			`~/.fontconfig r`
			`~/.fonts r`
			`~/.fonts.conf r`
			`~/.fonts.conf.d r`
			`~/.icons r`
			`~/.pki rwc`
			`~/.sndio rwc`
			`~/.terminfo r`

			`~/TorBrowser-Data rwc`
			`~/Downloads rwc`

			`# for at least shm_open (for now)`
			`/tmp rwc`

			`# $XDG_CACHE_HOME, $XDG_CONFIG_HOME, and $XDG_DATA_HOME will expand to the`
			`# given variable if it exists in the environment, otherwise defaulting to`
			`# ~/.cache, ~/.config, and ~/.local/share`
			`$XDG_RUNTIME_DIR/dconf rwc`
			`$XDG_CACHE_HOME/thumbnails rwc`
			`$XDG_CACHE_HOME/mesa_shader_cache rwc`
			`$XDG_CONFIG_HOME/dconf rw`
			`$XDG_CONFIG_HOME/fcitx r`
			`$XDG_CONFIG_HOME/fontconfig r`
			`$XDG_CONFIG_HOME/gtk-3.0 r`
			`$XDG_CONFIG_HOME/mimeapps.list r`
			`$XDG_CONFIG_HOME/user-dirs.dirs r`
			`$XDG_DATA_HOME/applications rwc`
			`$XDG_DATA_HOME/applnk r`
			`$XDG_DATA_HOME/fonts r`
			`$XDG_DATA_HOME/glib-2.0 r`
			`$XDG_DATA_HOME/icons r`
			`$XDG_DATA_HOME/mime r`
			`$XDG_DATA_HOME/recently-used.xbel rwc`
			`$XDG_DATA_HOME/themes r`