apparmor + firejail behavior torbrowser

I was running tor browser with the command firejail --seccomp torbrowser. It worked fine, then all of the suddn noscript stopped working and said it had to be restarted. I restarted tor browser the same way (firejail --seccomp) and got a red screen, saying something went wrong.

I then opened up torbrowser without firejail and it worked perfectly.

Does firejail --seccomp torbrowser disable noscript in some way?

As for apparmor, when I run sudo aa-status, it shows 3 processes in enforce mode for tor-browser, but I am only running 1. They each have their own id also.

Can anyone help me investigate this to see what is going on and how to correct it?

Documentation updated just now. See https://www.whonix.org/wiki/Tor_Browser#Hardening instead.

Not deliberate. It probably happens due to firejail restricting access to that file or something else.

The default seccomp filter for firejail likely blocks a syscall the Tor Browser needs. Use the proper profile instead by running

firejail --profile=/etc/firejail/start-tor-browser.profile torbrowser

Insufficient. Details:

We don’t confine the wrapper /usr/bin/torbrowser. As per above ticket. We confine actual Tor Browser only.

Use as per wiki instructions.

Yes but the only way to confine the Tor Browser only while still using the torbrowser script is to set a variable in a file in /etc/torbrowser.d which is permanent unless you remove it which is not good for a one-time test.

No, can also use.

torbrowser --hardening

That is temporary until next browser start.
(Adds hardening to actual Tor Browser only. Not to the wrapper. Same.)

(Environment variable would also work.)

Ah, I haven’t tried that yet so I forgot it was possible.