From 437764a4679c5246f218764b79cc9e875ce84fb8 Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Mon, 14 Aug 2017 13:40:58 -0400
Subject: Add novideo and noexec /tmp to tor browsers

---
 etc/start-tor-browser.profile   | 3 +++
 etc/torbrowser-launcher.profile | 4 ++--
 2 files changed, 5 insertions(+), 2 deletions(-)

(limited to 'etc')

diff --git a/etc/start-tor-browser.profile b/etc/start-tor-browser.profile
index ca521e08c..e12a38164 100644
--- a/etc/start-tor-browser.profile
+++ b/etc/start-tor-browser.profile
@@ -18,6 +18,7 @@ nogroups
 nonewprivs
 noroot
 notv
+novideo
 protocol unix,inet,inet6
 seccomp
 shell none
@@ -27,3 +28,5 @@ private-bin bash,dash,sh,grep,tail,env,gpg,id,readlink,dirname,test,mkdir,ln,sed
 private-dev
 private-etc fonts
 private-tmp
+
+noexec /tmp
diff --git a/etc/torbrowser-launcher.profile b/etc/torbrowser-launcher.profile
index 8ae0c56c1..763c2d051 100644
--- a/etc/torbrowser-launcher.profile
+++ b/etc/torbrowser-launcher.profile
@@ -11,13 +11,11 @@ whitelist ~/.config/torbrowser
 noblacklist ~/.local/share/torbrowser
 whitelist ~/.local/share/torbrowser
 
-
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
-
 caps.drop all
 netfilter
 nodvd
@@ -25,6 +23,7 @@ nogroups
 nonewprivs
 noroot
 notv
+novideo
 protocol unix,inet,inet6
 seccomp
 shell none
@@ -35,3 +34,4 @@ private-dev
 private-etc fonts
 private-tmp
 
+noexec /tmp
-- 
cgit v1.2.3-54-g00ecf