"Note: There is no secure and reliable way to create start menu entries / desktop shortcuts using Firejail. In the meantime, start firejailed applications from the command line. "
Tor Browser can be reliably firejailed in Whonix by adding the proper Exec arguments to /usr/share/applications/janondisttorbrowser.desktop in the Whonix-WS TemplateVM. Is there any security risk in doing this, besides generic recommendations to avoid modifying TemplateVMs?
Edit by Patrick: