Simplfy locale specific Tor Browser profiles

author: Tad <tad@spotco.us> 2018-01-01 05:38:43 -0500
committer: Tad <tad@spotco.us> 2018-01-01 05:38:43 -0500
commit: 2cd93846c5133608e9870c6b8c0955bf0a09ab81 (patch)
tree: bb12bdc5453188a4eeb4aa5e7f62017d74daef4e /etc
parent: tor flavours (diff)
download: firejail-2cd93846c5133608e9870c6b8c0955bf0a09ab81.tar.gz
firejail-2cd93846c5133608e9870c6b8c0955bf0a09ab81.tar.zst
firejail-2cd93846c5133608e9870c6b8c0955bf0a09ab81.zip
17 files changed, 77 insertions, 499 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 96de8050f..feb01e142 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -430,7 +430,7 @@ blacklist ${HOME}/.synfig
 blacklist ${HOME}/.tconn
 blacklist ${HOME}/.thunderbird
 blacklist ${HOME}/.tooling
-blacklist ${HOME}/.tor-browser-en
+blacklist ${HOME}/.tor-browser-*
 blacklist ${HOME}/.ts3client
 blacklist ${HOME}/.tuxguitar*
 blacklist ${HOME}/.unknown-horizons
diff --git a/etc/tor-browser-ar.profile b/etc/tor-browser-ar.profile
index 4f635166a..36eda5704 100644
--- a/etc/tor-browser-ar.profile
+++ b/etc/tor-browser-ar.profile
@@ -1,36 +1,8 @@
-# Firejail profile for tor-browser-ar from the Arch User Repository:
+# Firejail profile alias for torbrowser-launcher
+# This file is overwritten after every install/update
+noblacklist ${HOME}/.tor-browser-ar
-blacklist /usr/local/bin
-blacklist /boot
-blacklist /media
-blacklist /mnt
-blacklist /opt
-blacklist /var
-private-bin bash,grep,sed,tail,tor-browser-ar,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr
 whitelist ${HOME}/.tor-browser-ar
-whitelist /dev/dri
-whitelist /dev/full
-whitelist /dev/null
-whitelist /dev/ptmx
-whitelist /dev/pts
-whitelist /dev/random
-whitelist /dev/shm
-whitelist /dev/snd
-whitelist /dev/tty
-whitelist /dev/urandom
-whitelist /dev/video0
-whitelist /dev/zero
-whitelist ~/Downloads
-# FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!)
-# https://github.com/netblue30/firejail/issues/955
-private-etc X11,pulse,machine-id
-private-tmp
+# Redirect
-noexec /tmp
+include /etc/firejail/torbrowser-launcher.profile
-shell none
-seccomp
-noroot
-caps.drop all
diff --git a/etc/tor-browser-en-us.profile b/etc/tor-browser-en-us.profile
index 762925655..f3ca8a74d 100644
--- a/etc/tor-browser-en-us.profile
+++ b/etc/tor-browser-en-us.profile
@@ -1,36 +1,8 @@
-# Firejail profile for tor-browser-en-us from the Arch User Repository:
+# Firejail profile alias for torbrowser-launcher
+# This file is overwritten after every install/update
+noblacklist ${HOME}/.tor-browser-en-us
-blacklist /usr/local/bin
-blacklist /boot
-blacklist /media
-blacklist /mnt
-blacklist /opt
-blacklist /var
-private-bin bash,grep,sed,tail,tor-browser-en-us,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr
 whitelist ${HOME}/.tor-browser-en-us
-whitelist /dev/dri
-whitelist /dev/full
-whitelist /dev/null
-whitelist /dev/ptmx
-whitelist /dev/pts
-whitelist /dev/random
-whitelist /dev/shm
-whitelist /dev/snd
-whitelist /dev/tty
-whitelist /dev/urandom
-whitelist /dev/video0
-whitelist /dev/zero
-whitelist ~/Downloads
-# FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!)
-# https://github.com/netblue30/firejail/issues/955
-private-etc X11,pulse,machine-id
-private-tmp
+# Redirect
-noexec /tmp
+include /etc/firejail/torbrowser-launcher.profile
-shell none
-seccomp
-noroot
-caps.drop all
diff --git a/etc/tor-browser-en.profile b/etc/tor-browser-en.profile
index b2bd2c5e9..fb2c2f9c9 100644
--- a/etc/tor-browser-en.profile
+++ b/etc/tor-browser-en.profile
@@ -1,36 +1,8 @@
-# Firejail profile for tor-browser-en from the Arch User Repository:
+# Firejail profile alias for torbrowser-launcher
+# This file is overwritten after every install/update
+noblacklist ${HOME}/.tor-browser-en
-blacklist /usr/local/bin
-blacklist /boot
-blacklist /media
-blacklist /mnt
-blacklist /opt
-blacklist /var
-private-bin bash,grep,sed,tail,tor-browser-en,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr
 whitelist ${HOME}/.tor-browser-en
-whitelist /dev/dri
-whitelist /dev/full
-whitelist /dev/null
-whitelist /dev/ptmx
-whitelist /dev/pts
-whitelist /dev/random
-whitelist /dev/shm
-whitelist /dev/snd
-whitelist /dev/tty
-whitelist /dev/urandom
-whitelist /dev/video0
-whitelist /dev/zero
-whitelist ~/Downloads
-# FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!)
-# https://github.com/netblue30/firejail/issues/955
-private-etc X11,pulse,machine-id
-private-tmp
+# Redirect
-noexec /tmp
+include /etc/firejail/torbrowser-launcher.profile
-shell none
-seccomp
-noroot
-caps.drop all
diff --git a/etc/tor-browser-es-es.profile b/etc/tor-browser-es-es.profile
index f332b2cac..c6c0d6e92 100644
--- a/etc/tor-browser-es-es.profile
+++ b/etc/tor-browser-es-es.profile
@@ -1,36 +1,8 @@
-# Firejail profile for tor-browser-es-es from the Arch User Repository:
+# Firejail profile alias for torbrowser-launcher
+# This file is overwritten after every install/update
+noblacklist ${HOME}/.tor-browser-en-es
+whitelist ${HOME}/.tor-browser-en-es
-blacklist /usr/local/bin
+# Redirect
-blacklist /boot
+include /etc/firejail/torbrowser-launcher.profile
-blacklist /media
-blacklist /mnt
-blacklist /opt
-blacklist /var
-private-bin bash,grep,sed,tail,tor-browser-es-es,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr
-whitelist ${HOME}/.tor-browser-es-es
-whitelist /dev/dri
-whitelist /dev/full
-whitelist /dev/null
-whitelist /dev/ptmx
-whitelist /dev/pts
-whitelist /dev/random
-whitelist /dev/shm
-whitelist /dev/snd
-whitelist /dev/tty
-whitelist /dev/urandom
-whitelist /dev/video0
-whitelist /dev/zero
-whitelist ~/Downloads
-# FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!)
-# https://github.com/netblue30/firejail/issues/955
-private-etc X11,pulse,machine-id
-private-tmp
-noexec /tmp
-shell none
-seccomp
-noroot
-caps.drop all
diff --git a/etc/tor-browser-es.profile b/etc/tor-browser-es.profile
index 89cc3b2fe..1fe940f72 100644
--- a/etc/tor-browser-es.profile
+++ b/etc/tor-browser-es.profile
@@ -1,36 +1,8 @@
-# Firejail profile for tor-browser-es from the Arch User Repository:
+# Firejail profile alias for torbrowser-launcher
+# This file is overwritten after every install/update
+noblacklist ${HOME}/.tor-browser-es
-blacklist /usr/local/bin
-blacklist /boot
-blacklist /media
-blacklist /mnt
-blacklist /opt
-blacklist /var
-private-bin bash,grep,sed,tail,tor-browser-es,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr
 whitelist ${HOME}/.tor-browser-es
-whitelist /dev/dri
-whitelist /dev/full
-whitelist /dev/null
-whitelist /dev/ptmx
-whitelist /dev/pts
-whitelist /dev/random
-whitelist /dev/shm
-whitelist /dev/snd
-whitelist /dev/tty
-whitelist /dev/urandom
-whitelist /dev/video0
-whitelist /dev/zero
-whitelist ~/Downloads
-# FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!)
-# https://github.com/netblue30/firejail/issues/955
-private-etc X11,pulse,machine-id
-private-tmp
+# Redirect
-noexec /tmp
+include /etc/firejail/torbrowser-launcher.profile
-shell none
-seccomp
-noroot
-caps.drop all
diff --git a/etc/tor-browser-fa.profile b/etc/tor-browser-fa.profile
index 7710d0f76..292c82de0 100644
--- a/etc/tor-browser-fa.profile
+++ b/etc/tor-browser-fa.profile
@@ -1,36 +1,8 @@
-# Firejail profile for tor-browser-fa from the Arch User Repository:
+# Firejail profile alias for torbrowser-launcher
+# This file is overwritten after every install/update
+noblacklist ${HOME}/.tor-browser-fa
-blacklist /usr/local/bin
-blacklist /boot
-blacklist /media
-blacklist /mnt
-blacklist /opt
-blacklist /var
-private-bin bash,grep,sed,tail,tor-browser-fa,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr
 whitelist ${HOME}/.tor-browser-fa
-whitelist /dev/dri
-whitelist /dev/full
-whitelist /dev/null
-whitelist /dev/ptmx
-whitelist /dev/pts
-whitelist /dev/random
-whitelist /dev/shm
-whitelist /dev/snd
-whitelist /dev/tty
-whitelist /dev/urandom
-whitelist /dev/video0
-whitelist /dev/zero
-whitelist ~/Downloads
-# FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!)
-# https://github.com/netblue30/firejail/issues/955
-private-etc X11,pulse,machine-id
-private-tmp
+# Redirect
-noexec /tmp
+include /etc/firejail/torbrowser-launcher.profile
-shell none
-seccomp
-noroot
-caps.drop all
diff --git a/etc/tor-browser-fr.profile b/etc/tor-browser-fr.profile
index c0fbbb33b..b7b5a3d26 100644
--- a/etc/tor-browser-fr.profile
+++ b/etc/tor-browser-fr.profile
@@ -1,36 +1,8 @@
-# Firejail profile for tor-browser-fr from the Arch User Repository:
+# Firejail profile alias for torbrowser-launcher
+# This file is overwritten after every install/update
+noblacklist ${HOME}/.tor-browser-fr
-blacklist /usr/local/bin
-blacklist /boot
-blacklist /media
-blacklist /mnt
-blacklist /opt
-blacklist /var
-private-bin bash,grep,sed,tail,tor-browser-fr,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr
 whitelist ${HOME}/.tor-browser-fr
-whitelist /dev/dri
-whitelist /dev/full
-whitelist /dev/null
-whitelist /dev/ptmx
-whitelist /dev/pts
-whitelist /dev/random
-whitelist /dev/shm
-whitelist /dev/snd
-whitelist /dev/tty
-whitelist /dev/urandom
-whitelist /dev/video0
-whitelist /dev/zero
-whitelist ~/Downloads
-# FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!)
-# https://github.com/netblue30/firejail/issues/955
-private-etc X11,pulse,machine-id
-private-tmp
+# Redirect
-noexec /tmp
+include /etc/firejail/torbrowser-launcher.profile
-shell none
-seccomp
-noroot
-caps.drop all
diff --git a/etc/tor-browser-it.profile b/etc/tor-browser-it.profile
index 1095a6adb..bcaff3305 100644
--- a/etc/tor-browser-it.profile
+++ b/etc/tor-browser-it.profile
@@ -1,36 +1,8 @@
-# Firejail profile for tor-browser-it from the Arch User Repository:
+# Firejail profile alias for torbrowser-launcher
+# This file is overwritten after every install/update
+noblacklist ${HOME}/.tor-browser-it
-blacklist /usr/local/bin
-blacklist /boot
-blacklist /media
-blacklist /mnt
-blacklist /opt
-blacklist /var
-private-bin bash,grep,sed,tail,tor-browser-it,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr
 whitelist ${HOME}/.tor-browser-it
-whitelist /dev/dri
-whitelist /dev/full
-whitelist /dev/null
-whitelist /dev/ptmx
-whitelist /dev/pts
-whitelist /dev/random
-whitelist /dev/shm
-whitelist /dev/snd
-whitelist /dev/tty
-whitelist /dev/urandom
-whitelist /dev/video0
-whitelist /dev/zero
-whitelist ~/Downloads
-# FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!)
-# https://github.com/netblue30/firejail/issues/955
-private-etc X11,pulse,machine-id
-private-tmp
+# Redirect
-noexec /tmp
+include /etc/firejail/torbrowser-launcher.profile
-shell none
-seccomp
-noroot
-caps.drop all
diff --git a/etc/tor-browser-ja.profile b/etc/tor-browser-ja.profile
index 0f6dcf77f..ffb98b874 100644
--- a/etc/tor-browser-ja.profile
+++ b/etc/tor-browser-ja.profile
@@ -1,36 +1,8 @@
-# Firejail profile for tor-browser-ja from the Arch User Repository:
+# Firejail profile alias for torbrowser-launcher
+# This file is overwritten after every install/update
+noblacklist ${HOME}/.tor-browser-ja
-blacklist /usr/local/bin
-blacklist /boot
-blacklist /media
-blacklist /mnt
-blacklist /opt
-blacklist /var
-private-bin bash,grep,sed,tail,tor-browser-ja,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr
 whitelist ${HOME}/.tor-browser-ja
-whitelist /dev/dri
-whitelist /dev/full
-whitelist /dev/null
-whitelist /dev/ptmx
-whitelist /dev/pts
-whitelist /dev/random
-whitelist /dev/shm
-whitelist /dev/snd
-whitelist /dev/tty
-whitelist /dev/urandom
-whitelist /dev/video0
-whitelist /dev/zero
-whitelist ~/Downloads
-# FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!)
-# https://github.com/netblue30/firejail/issues/955
-private-etc X11,pulse,machine-id
-private-tmp
+# Redirect
-noexec /tmp
+include /etc/firejail/torbrowser-launcher.profile
-shell none
-seccomp
-noroot
-caps.drop all
diff --git a/etc/tor-browser-ko.profile b/etc/tor-browser-ko.profile
index 6e87bd24f..c1a29f84e 100644
--- a/etc/tor-browser-ko.profile
+++ b/etc/tor-browser-ko.profile
@@ -1,36 +1,8 @@
-# Firejail profile for tor-browser-ko from the Arch User Repository:
+# Firejail profile alias for torbrowser-launcher
+# This file is overwritten after every install/update
+noblacklist ${HOME}/.tor-browser-ko
-blacklist /usr/local/bin
-blacklist /boot
-blacklist /media
-blacklist /mnt
-blacklist /opt
-blacklist /var
-private-bin bash,grep,sed,tail,tor-browser-ko,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr
 whitelist ${HOME}/.tor-browser-ko
-whitelist /dev/dri
-whitelist /dev/full
-whitelist /dev/null
-whitelist /dev/ptmx
-whitelist /dev/pts
-whitelist /dev/random
-whitelist /dev/shm
-whitelist /dev/snd
-whitelist /dev/tty
-whitelist /dev/urandom
-whitelist /dev/video0
-whitelist /dev/zero
-whitelist ~/Downloads
-# FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!)
-# https://github.com/netblue30/firejail/issues/955
-private-etc X11,pulse,machine-id
-private-tmp
+# Redirect
-noexec /tmp
+include /etc/firejail/torbrowser-launcher.profile
-shell none
-seccomp
-noroot
-caps.drop all
diff --git a/etc/tor-browser-pl.profile b/etc/tor-browser-pl.profile
index 06e0315bf..d2b8ea3bc 100644
--- a/etc/tor-browser-pl.profile
+++ b/etc/tor-browser-pl.profile
@@ -1,36 +1,8 @@
-# Firejail profile for tor-browser-pl from the Arch User Repository:
+# Firejail profile alias for torbrowser-launcher
+# This file is overwritten after every install/update
+noblacklist ${HOME}/.tor-browser-pl
-blacklist /usr/local/bin
-blacklist /boot
-blacklist /media
-blacklist /mnt
-blacklist /opt
-blacklist /var
-private-bin bash,grep,sed,tail,tor-browser-pl,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr
 whitelist ${HOME}/.tor-browser-pl
-whitelist /dev/dri
-whitelist /dev/full
-whitelist /dev/null
-whitelist /dev/ptmx
-whitelist /dev/pts
-whitelist /dev/random
-whitelist /dev/shm
-whitelist /dev/snd
-whitelist /dev/tty
-whitelist /dev/urandom
-whitelist /dev/video0
-whitelist /dev/zero
-whitelist ~/Downloads
-# FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!)
-# https://github.com/netblue30/firejail/issues/955
-private-etc X11,pulse,machine-id
-private-tmp
+# Redirect
-noexec /tmp
+include /etc/firejail/torbrowser-launcher.profile
-shell none
-seccomp
-noroot
-caps.drop all
diff --git a/etc/tor-browser-pt-br.profile b/etc/tor-browser-pt-br.profile
index dc1da8f61..0b97b5444 100644
--- a/etc/tor-browser-pt-br.profile
+++ b/etc/tor-browser-pt-br.profile
@@ -1,36 +1,8 @@
-# Firejail profile for tor-browser-pt-br from the Arch User Repository:
+# Firejail profile alias for torbrowser-launcher
+# This file is overwritten after every install/update
+noblacklist ${HOME}/.tor-browser-pl
-blacklist /usr/local/bin
-blacklist /boot
-blacklist /media
-blacklist /mnt
-blacklist /opt
-blacklist /var
-private-bin bash,grep,sed,tail,tor-browser-pt-br,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr
 whitelist ${HOME}/.tor-browser-pt-br
-whitelist /dev/dri
-whitelist /dev/full
-whitelist /dev/null
-whitelist /dev/ptmx
-whitelist /dev/pts
-whitelist /dev/random
-whitelist /dev/shm
-whitelist /dev/snd
-whitelist /dev/tty
-whitelist /dev/urandom
-whitelist /dev/video0
-whitelist /dev/zero
-whitelist ~/Downloads
-# FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!)
-# https://github.com/netblue30/firejail/issues/955
-private-etc X11,pulse,machine-id
-private-tmp
+# Redirect
-noexec /tmp
+include /etc/firejail/torbrowser-launcher.profile
-shell none
-seccomp
-noroot
-caps.drop all
diff --git a/etc/tor-browser-ru.profile b/etc/tor-browser-ru.profile
index 616736da8..21c6bc042 100644
--- a/etc/tor-browser-ru.profile
+++ b/etc/tor-browser-ru.profile
@@ -1,36 +1,8 @@
-# Firejail profile for tor-browser-ru from the Arch User Repository:
+# Firejail profile alias for torbrowser-launcher
+# This file is overwritten after every install/update
+noblacklist ${HOME}/.tor-browser-ru
-blacklist /usr/local/bin
-blacklist /boot
-blacklist /media
-blacklist /mnt
-blacklist /opt
-blacklist /var
-private-bin bash,grep,sed,tail,tor-browser-ru,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr
 whitelist ${HOME}/.tor-browser-ru
-whitelist /dev/dri
-whitelist /dev/full
-whitelist /dev/null
-whitelist /dev/ptmx
-whitelist /dev/pts
-whitelist /dev/random
-whitelist /dev/shm
-whitelist /dev/snd
-whitelist /dev/tty
-whitelist /dev/urandom
-whitelist /dev/video0
-whitelist /dev/zero
-whitelist ~/Downloads
-# FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!)
-# https://github.com/netblue30/firejail/issues/955
-private-etc X11,pulse,machine-id
-private-tmp
+# Redirect
-noexec /tmp
+include /etc/firejail/torbrowser-launcher.profile
-shell none
-seccomp
-noroot
-caps.drop all
diff --git a/etc/tor-browser-vi.profile b/etc/tor-browser-vi.profile
index bf5292c2e..b0284814c 100644
--- a/etc/tor-browser-vi.profile
+++ b/etc/tor-browser-vi.profile
@@ -1,36 +1,8 @@
-# Firejail profile for tor-browser-vi from the Arch User Repository:
+# Firejail profile alias for torbrowser-launcher
+# This file is overwritten after every install/update
+noblacklist ${HOME}/.tor-browser-vi
-blacklist /usr/local/bin
-blacklist /boot
-blacklist /media
-blacklist /mnt
-blacklist /opt
-blacklist /var
-private-bin bash,grep,sed,tail,tor-browser-vi,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr
 whitelist ${HOME}/.tor-browser-vi
-whitelist /dev/dri
-whitelist /dev/full
-whitelist /dev/null
-whitelist /dev/ptmx
-whitelist /dev/pts
-whitelist /dev/random
-whitelist /dev/shm
-whitelist /dev/snd
-whitelist /dev/tty
-whitelist /dev/urandom
-whitelist /dev/video0
-whitelist /dev/zero
-whitelist ~/Downloads
-# FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!)
-# https://github.com/netblue30/firejail/issues/955
-private-etc X11,pulse,machine-id
-private-tmp
+# Redirect
-noexec /tmp
+include /etc/firejail/torbrowser-launcher.profile
-shell none
-seccomp
-noroot
-caps.drop all
diff --git a/etc/tor-browser-zh-cn.profile b/etc/tor-browser-zh-cn.profile
index af04674f0..330574dd3 100644
--- a/etc/tor-browser-zh-cn.profile
+++ b/etc/tor-browser-zh-cn.profile
@@ -1,36 +1,8 @@
-# Firejail profile for tor-browser-zh-cn from the Arch User Repository:
+# Firejail profile alias for torbrowser-launcher
+# This file is overwritten after every install/update
+noblacklist ${HOME}/.tor-browser-zh-cn
-blacklist /usr/local/bin
-blacklist /boot
-blacklist /media
-blacklist /mnt
-blacklist /opt
-blacklist /var
-private-bin bash,grep,sed,tail,tor-browser-zh-cn,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr
 whitelist ${HOME}/.tor-browser-zh-cn
-whitelist /dev/dri
-whitelist /dev/full
-whitelist /dev/null
-whitelist /dev/ptmx
-whitelist /dev/pts
-whitelist /dev/random
-whitelist /dev/shm
-whitelist /dev/snd
-whitelist /dev/tty
-whitelist /dev/urandom
-whitelist /dev/video0
-whitelist /dev/zero
-whitelist ~/Downloads
-# FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!)
-# https://github.com/netblue30/firejail/issues/955
-private-etc X11,pulse,machine-id
-private-tmp
+# Redirect
-noexec /tmp
+include /etc/firejail/torbrowser-launcher.profile
-shell none
-seccomp
-noroot
-caps.drop all
diff --git a/etc/torbrowser-launcher.profile b/etc/torbrowser-launcher.profile
index 81938ca57..51a5d7735 100644
--- a/etc/torbrowser-launcher.profile
+++ b/etc/torbrowser-launcher.profile
@@ -5,7 +5,6 @@ include /etc/firejail/torbrowser-launcher.local
 # Persistent global definitions
 include /etc/firejail/globals.local
-noblacklist ${HOME}/.tor-browser-en
 noblacklist ${HOME}/.config/torbrowser
 noblacklist ${HOME}/.local/share/torbrowser
@@ -14,7 +13,6 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
-whitelist ${HOME}/.tor-browser-en
 whitelist ${HOME}/.config/torbrowser
 whitelist ${HOME}/.local/share/torbrowser
 include /etc/firejail/whitelist-common.inc
author	Tad <tad@spotco.us>	2018-01-01 05:38:43 -0500
committer	Tad <tad@spotco.us>	2018-01-01 05:38:43 -0500
commit	2cd93846c5133608e9870c6b8c0955bf0a09ab81 (patch)
tree	bb12bdc5453188a4eeb4aa5e7f62017d74daef4e /etc
parent	tor flavours (diff)
download	firejail-2cd93846c5133608e9870c6b8c0955bf0a09ab81.tar.gz firejail-2cd93846c5133608e9870c6b8c0955bf0a09ab81.tar.zst firejail-2cd93846c5133608e9870c6b8c0955bf0a09ab81.zip