Merge pull request netblue30#1469 from SpotComms/tb

Add novideo and noexec /tmp to Tor browsers
onny · Aug 14, 2017 · 811be46 · 811be46
2 parents 89a2fa9 + 437764a
commit 811be46
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 2 deletions.
diff --git a/etc/start-tor-browser.profile b/etc/start-tor-browser.profile
@@ -18,6 +18,7 @@ nogroups
 nonewprivs
 noroot
 notv
+novideo
 protocol unix,inet,inet6
 seccomp
 shell none
@@ -27,3 +28,5 @@ private-bin bash,dash,sh,grep,tail,env,gpg,id,readlink,dirname,test,mkdir,ln,sed
 private-dev
 private-etc fonts
 private-tmp
+
+noexec /tmp
diff --git a/etc/torbrowser-launcher.profile b/etc/torbrowser-launcher.profile
@@ -11,20 +11,19 @@ whitelist ~/.config/torbrowser
 noblacklist ~/.local/share/torbrowser
 whitelist ~/.local/share/torbrowser
 
-
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
-
 caps.drop all
 netfilter
 nodvd
 nogroups
 nonewprivs
 noroot
 notv
+novideo
 protocol unix,inet,inet6
 seccomp
 shell none
@@ -35,3 +34,4 @@ private-dev
 private-etc fonts
 private-tmp
 
+noexec /tmp