1 files changed, 6 insertions, 1 deletions

diff --git a/etc/torbrowser-launcher.profile b/etc/torbrowser-launcher.profile
index 9e3e0ef49..f175b6590 100644
--- a/etc/torbrowser-launcher.profile
+++ b/etc/torbrowser-launcher.profile
@@ -1,4 +1,5 @@
 # Firejail profile for torbrowser-launcher
+# Description: Helps download and run the Tor Browser Bundle
 # This file is overwritten after every install/update
 # Persistent local customizations
 include /etc/firejail/torbrowser-launcher.local
@@ -19,9 +20,11 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
 
 mkdir ${HOME}/.config/torbrowser
 mkdir ${HOME}/.local/share/torbrowser
+whitelist ${DOWNLOADS}
 whitelist ${HOME}/.config/torbrowser
 whitelist ${HOME}/.local/share/torbrowser
 include /etc/firejail/whitelist-common.inc
@@ -29,6 +32,7 @@ include /etc/firejail/whitelist-var-common.inc
 
 caps.drop all
 netfilter
+nodbus
 nodvd
 nogroups
 nonewprivs
@@ -36,8 +40,9 @@ noroot
 notv
 novideo
 protocol unix,inet,inet6
-seccomp
+seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice
 shell none
+# tracelog may cause issues, see github issue #1930
 tracelog
 
 disable-mnt