VNC-235 Close browser sandbox breakout via file manager

dockerfile-kasm-brave

@@ -34,6 +34,8 @@ RUN chmod +x $STARTUPDIR/custom_startup.sh
 ENV KASM_RESTRICTED_FILE_CHOOSER=1
 COPY ./src/ubuntu/install/gtk/ $INST_SCRIPTS/gtk/
 RUN bash $INST_SCRIPTS/gtk/install_restricted_file_chooser.sh
+COPY ./src/ubuntu/install/close_browser_breakout_via_file_manager/ $INST_SCRIPTS/close_browser_breakout_via_file_manager/
+RUN bash $INST_SCRIPTS/close_browser_breakout_via_file_manager/replace_thunar_with_empty_script.sh
 
 ######### End Customizations ###########
 

dockerfile-kasm-chrome

@@ -38,6 +38,8 @@ RUN chmod +x $STARTUPDIR/custom_startup.sh
 ENV KASM_RESTRICTED_FILE_CHOOSER=1
 COPY ./src/ubuntu/install/gtk/ $INST_SCRIPTS/gtk/
 RUN bash $INST_SCRIPTS/gtk/install_restricted_file_chooser.sh
+COPY ./src/ubuntu/install/close_browser_breakout_via_file_manager/ $INST_SCRIPTS/close_browser_breakout_via_file_manager/
+RUN bash $INST_SCRIPTS/close_browser_breakout_via_file_manager/replace_thunar_with_empty_script.sh
 
 
 ######### End Customizations ###########

dockerfile-kasm-chromium

@@ -37,6 +37,8 @@ RUN chmod +x $STARTUPDIR/custom_startup.sh
 ENV KASM_RESTRICTED_FILE_CHOOSER=1
 COPY ./src/ubuntu/install/gtk/ $INST_SCRIPTS/gtk/
 RUN bash $INST_SCRIPTS/gtk/install_restricted_file_chooser.sh
+COPY ./src/ubuntu/install/close_browser_breakout_via_file_manager/ $INST_SCRIPTS/close_browser_breakout_via_file_manager/
+RUN bash $INST_SCRIPTS/close_browser_breakout_via_file_manager/replace_thunar_with_empty_script.sh
 
 
 ######### End Customizations ###########

dockerfile-kasm-edge

@@ -23,6 +23,8 @@ RUN apt-get remove -y xfce4-panel
 ENV KASM_RESTRICTED_FILE_CHOOSER=1
 COPY ./src/ubuntu/install/gtk/ $INST_SCRIPTS/gtk/
 RUN bash $INST_SCRIPTS/gtk/install_restricted_file_chooser.sh
+COPY ./src/ubuntu/install/close_browser_breakout_via_file_manager/ $INST_SCRIPTS/close_browser_breakout_via_file_manager/
+RUN bash $INST_SCRIPTS/close_browser_breakout_via_file_manager/replace_thunar_with_empty_script.sh
 
 # Security modifications
 COPY ./src/ubuntu/install/misc/single_app_security.sh $INST_SCRIPTS/misc/

dockerfile-kasm-firefox

@@ -38,6 +38,8 @@ RUN chmod +x $STARTUPDIR/custom_startup.sh
 ENV KASM_RESTRICTED_FILE_CHOOSER=1
 COPY ./src/ubuntu/install/gtk/ $INST_SCRIPTS/gtk/
 RUN bash $INST_SCRIPTS/gtk/install_restricted_file_chooser.sh
+COPY ./src/ubuntu/install/close_browser_breakout_via_file_manager/ $INST_SCRIPTS/close_browser_breakout_via_file_manager/
+RUN bash $INST_SCRIPTS/close_browser_breakout_via_file_manager/replace_thunar_with_empty_script.sh
 
 ######### End Customizations ###########
 

dockerfile-kasm-tor-browser

@@ -27,6 +27,8 @@ RUN  bash $INST_SCRIPTS/misc/single_app_security.sh -t && rm -rf $INST_SCRIPTS/m
 ENV KASM_RESTRICTED_FILE_CHOOSER=1
 COPY ./src/ubuntu/install/gtk/ $INST_SCRIPTS/gtk/
 RUN bash $INST_SCRIPTS/gtk/install_restricted_file_chooser.sh
+COPY ./src/ubuntu/install/close_browser_breakout_via_file_manager/ $INST_SCRIPTS/close_browser_breakout_via_file_manager/
+RUN bash $INST_SCRIPTS/close_browser_breakout_via_file_manager/replace_thunar_with_empty_script.sh
 
 # Setup the custom startup script that will be invoked when the container starts
 #ENV LAUNCH_URL about:blank

dockerfile-kasm-vivaldi

@@ -38,6 +38,8 @@ RUN chmod +x $STARTUPDIR/custom_startup.sh
 ENV KASM_RESTRICTED_FILE_CHOOSER=1
 COPY ./src/ubuntu/install/gtk/ $INST_SCRIPTS/gtk/
 RUN bash $INST_SCRIPTS/gtk/install_restricted_file_chooser.sh
+COPY ./src/ubuntu/install/close_browser_breakout_via_file_manager/ $INST_SCRIPTS/close_browser_breakout_via_file_manager/
+RUN bash $INST_SCRIPTS/close_browser_breakout_via_file_manager/replace_thunar_with_empty_script.sh
 
 
 ######### End Customizations ###########

src/ubuntu/install/close_browser_breakout_via_file_manager/replace_thunar_with_empty_script.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+set -e
+
+cp /dockerstartup/install/close_browser_breakout_via_file_manager/script_that_just_exits /usr/bin/thunar

src/ubuntu/install/close_browser_breakout_via_file_manager/script_that_just_exits

@@ -0,0 +1 @@
+#!/bin/sh