From 63d455fbe6cfde2f97137f51b779d44f22cb4675 Mon Sep 17 00:00:00 2001 From: Tad Date: Tue, 27 Feb 2018 02:34:22 -0500 Subject: Sync start-tor-browser with torbrowser-launcher profile' start-tor-browser.profile should stay seperate from torbrowser-launcher for the case when downloaded manually. The other tor-browser-* are okay to extend torbrowser-launcher because their paths are known. --- etc/start-tor-browser.profile | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'etc') diff --git a/etc/start-tor-browser.profile b/etc/start-tor-browser.profile index a2bf47281..4cec0ad81 100644 --- a/etc/start-tor-browser.profile +++ b/etc/start-tor-browser.profile @@ -11,6 +11,8 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc +include /etc/firejail/whitelist-var-common.inc + caps.drop all netfilter nodvd @@ -25,9 +27,9 @@ shell none tracelog disable-mnt -private-bin bash,sh,grep,tail,env,gpg,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf +private-bin bash,cp,dirname,env,expr,file,getconf,gpg,grep,id,ln,mkdir,python*,readlink,rm,sed,sh,tail,test,tor-browser-en,torbrowser-launcher private-dev -private-etc fonts +private-etc fonts,hostname,hosts,resolv.conf,pki,ssl,ca-certificates,crypto-policies,alsa,asound.conf,pulse,machine-id,ld.so.cache private-tmp noexec /tmp -- cgit v1.2.3-54-g00ecf