1 files changed, 10 insertions, 9 deletions
diff --git a/etc/start-tor-browser.profile b/etc/start-tor-browser.profile
index 4d9ebcb2e..d3b0b27e3 100644
--- a/etc/start-tor-browser.profile
+++ b/etc/start-tor-browser.profile
@@ -1,19 +1,19 @@
 # Firejail profile for start-tor-browser
 # This file is overwritten after every install/update
 # Persistent local customizations
-include /etc/firejail/start-tor-browser.local
+include start-tor-browser.local
 # Persistent global definitions
-include /etc/firejail/globals.local
+include globals.local
-include /etc/firejail/disable-common.inc
+include disable-common.inc
-include /etc/firejail/disable-devel.inc
+include disable-devel.inc
-include /etc/firejail/disable-interpreters.inc
+include disable-interpreters.inc
-include /etc/firejail/disable-passwdmgr.inc
+include disable-passwdmgr.inc
-include /etc/firejail/disable-programs.inc
+include disable-programs.inc
-include /etc/firejail/disable-xdg.inc
+include disable-xdg.inc
-include /etc/firejail/whitelist-var-common.inc
+include whitelist-var-common.inc
 caps.drop all
 netfilter
@@ -23,6 +23,7 @@ nogroups
 nonewprivs
 noroot
 notv
+nou2f
 novideo
 protocol unix,inet,inet6
 seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice

diff --git a/etc/start-tor-browser.profile b/etc/start-tor-browser.profile index 4d9ebcb2e..d3b0b27e3 100644 --- a/etc/start-tor-browser.profile +++ b/etc/start-tor-browser.profile
@@ -1,19 +1,19 @@
1	# Firejail profile for start-tor-browser	1	# Firejail profile for start-tor-browser
2	# This file is overwritten after every install/update	2	# This file is overwritten after every install/update
3	# Persistent local customizations	3	# Persistent local customizations
4	include /etc/firejail/start-tor-browser.local	4	include start-tor-browser.local
5	# Persistent global definitions	5	# Persistent global definitions
6	include /etc/firejail/globals.local	6	include globals.local
7		7
8		8
9	include /etc/firejail/disable-common.inc	9	include disable-common.inc
10	include /etc/firejail/disable-devel.inc	10	include disable-devel.inc
11	include /etc/firejail/disable-interpreters.inc	11	include disable-interpreters.inc
12	include /etc/firejail/disable-passwdmgr.inc	12	include disable-passwdmgr.inc
13	include /etc/firejail/disable-programs.inc	13	include disable-programs.inc
14	include /etc/firejail/disable-xdg.inc	14	include disable-xdg.inc
15		15
16	include /etc/firejail/whitelist-var-common.inc	16	include whitelist-var-common.inc
17		17
18	caps.drop all	18	caps.drop all
19	netfilter	19	netfilter
@@ -23,6 +23,7 @@ nogroups
23	nonewprivs	23	nonewprivs
24	noroot	24	noroot
25	notv	25	notv
		26	nou2f
26	novideo	27	novideo
27	protocol unix,inet,inet6	28	protocol unix,inet,inet6
28	seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice	29	seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice