Automatically Firejailing Tor Browser


"Note: There is no secure and reliable way to create start menu entries / desktop shortcuts using Firejail. In the meantime, start firejailed applications from the command line. "

Tor Browser can be reliably firejailed in Whonix by adding the proper Exec arguments to /usr/share/applications/janondisttorbrowser.desktop in the Whonix-WS TemplateVM. Is there any security risk in doing this, besides generic recommendations to avoid modifying TemplateVMs?


We already discussed this in another thread (wiki edits one). There was some reason (that I forget) about not using menu entries / desktop shortcuts. You could search and find it.

Anyway, do you mind posting your working janondisttorbrowser.desktop for interest here?


The only information I’ve found was at “firejail / seccomp / More Options for Program Containment”. Patrick mentioned janondisttorbrowser.desktop in post 31, relating to waiting on a trac.torproject ticket and tb-starter. But this was in 2016.

Here’s the text. changes are in bold. Simple!

[Desktop Entry]
Exec=firejail --seccomp torbrowser %u
Name=Tor Browser (AnonDist)
GenericName=Privacy Browser
Comment=Start Tor Browser (AnonDist)

Any flags besides --seccomp that would be useful?


In Whonix 14 you can edit etc/torbrowser.d/50_user.conf and add

tb_starter_bin_pre="firejail --seccomp"



Wiki fixed.

Re: the many, many options, run:

man firejail

or refer to the Firejail website:


I’ve tried a bunch of security-related options before, but seccomp seemed to be the only one that worked properly, at least in Whonix (from wiki) i.e.

Preliminary tests of other security features reveals they are not yet functional in Whonix, for instance --apparmor, --private, and --overlay-tmpfs. If the user does not specify a path to a specific profile when running Firejail, it will search for any relevant profile automatically. If a profile is not found, a default profile will be used.

See also: https://forums.whonix.org/t/firejail-seccomp-more-options-for-program-containment


No good idea to change that. Will be dropped on any package upgrade.

In Whonix 13 it would be better to overwrite function tb_start_tor_browser using a config snippet /etc/torbrowser.d/50_user.conf.

tb_start_tor_browser() {
   if [ -x "$tb_browser_folder/Browser/start-tor-browser" ]; then
      ## Preferring $tb_browser_folder/Browser/start-tor-browser to work around
      ## The Tor Project upstream issue:
      ## 'start-tor-browser.desktop parameter passing broken on spaces'
      ## https://trac.torproject.org/projects/tor/ticket/18022
      firejail --seccomp "$tb_browser_folder/Browser/start-tor-browser" --allow-remote "$@"
   elif [ -x "$tb_browser_folder/start-tor-browser" ]; then
      firejail --seccomp "$tb_browser_folder/start-tor-browser" --allow-remote "$@"
   elif [ -x "$tb_browser_folder/start-tor-browser.desktop" ]; then
      firejail --seccomp "$tb_browser_folder/start-tor-browser.desktop" --allow-remote "$@"
      error "Neither $tb_browser_folder/Browser/start-tor-browser nor\
$tb_browser_folder/start-tor-browser nor \
$tb_browser_folder/start-tor-browser.desktop is executable."

Untested. And make sure to remove this in Whonix 14 (replace with above mentioned method).



The user.conf works well. Thank you for providing it.