diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/profile-m-z/torbrowser-launcher.profile | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/etc/profile-m-z/torbrowser-launcher.profile b/etc/profile-m-z/torbrowser-launcher.profile index 41ac6f7a7..86746c7f1 100644 --- a/etc/profile-m-z/torbrowser-launcher.profile +++ b/etc/profile-m-z/torbrowser-launcher.profile | |||
@@ -22,6 +22,7 @@ include disable-common.inc | |||
22 | include disable-devel.inc | 22 | include disable-devel.inc |
23 | include disable-exec.inc | 23 | include disable-exec.inc |
24 | include disable-interpreters.inc | 24 | include disable-interpreters.inc |
25 | include disable-proc.inc | ||
25 | include disable-programs.inc | 26 | include disable-programs.inc |
26 | include disable-xdg.inc | 27 | include disable-xdg.inc |
27 | 28 | ||
@@ -33,9 +34,10 @@ whitelist ${HOME}/.local/share/torbrowser | |||
33 | whitelist /opt/tor-browser | 34 | whitelist /opt/tor-browser |
34 | whitelist /usr/share/torbrowser-launcher | 35 | whitelist /usr/share/torbrowser-launcher |
35 | include whitelist-common.inc | 36 | include whitelist-common.inc |
36 | include whitelist-var-common.inc | 37 | include whitelist-run-common.inc |
37 | include whitelist-runuser-common.inc | 38 | include whitelist-runuser-common.inc |
38 | include whitelist-usr-share-common.inc | 39 | include whitelist-usr-share-common.inc |
40 | include whitelist-var-common.inc | ||
39 | 41 | ||
40 | # Add 'apparmor' to your torbrowser-launcher.local to enable AppArmor support. | 42 | # Add 'apparmor' to your torbrowser-launcher.local to enable AppArmor support. |
41 | # IMPORTANT: the relevant rule in /etc/apparmor.d/local/firejail-default will need | 43 | # IMPORTANT: the relevant rule in /etc/apparmor.d/local/firejail-default will need |
@@ -53,12 +55,14 @@ nou2f | |||
53 | novideo | 55 | novideo |
54 | protocol unix,inet,inet6 | 56 | protocol unix,inet,inet6 |
55 | seccomp !chroot | 57 | seccomp !chroot |
58 | seccomp.block-secondary | ||
56 | #tracelog - may cause issues, see #1930 | 59 | #tracelog - may cause issues, see #1930 |
57 | 60 | ||
58 | disable-mnt | 61 | disable-mnt |
59 | private-bin bash,cat,cp,cut,dirname,env,expr,file,gpg,grep,gxmessage,id,kdialog,ln,mkdir,mv,python*,rm,sed,sh,tail,tar,tclsh,test,tor-browser,tor-browser-en,torbrowser-launcher,update-desktop-database,xmessage,xz,zenity | 62 | private-bin bash,cat,cp,cut,dirname,env,expr,file,gpg,grep,gxmessage,id,kdialog,ln,mkdir,mv,python*,rm,sed,sh,tail,tar,tclsh,test,tor-browser,tor-browser-en,torbrowser-launcher,update-desktop-database,xmessage,xz,zenity |
60 | private-dev | 63 | private-dev |
61 | private-etc @tls-ca | 64 | private-etc @tls-ca |
65 | #private-opt tor-browser - can cause slow startup | ||
62 | private-tmp | 66 | private-tmp |
63 | 67 | ||
64 | dbus-user none | 68 | dbus-user none |