Hello, Sandboxed Tor Browser was a great project that was closed, I think they should integrate an official sandbox and even was discussed on tor dev maillists but that was it, no more info.
Since TBB 8 was broken in the Sandboxed Tor Browser I made a fork and by disabling seccomp I made it work, and it’s still working. Check my GitHub
I updated some things to keep it working too.
A little sandbox like this, using BubbleWrap is always safer than no using anything.
Now, I see in the latest Whonix 15 release there is no sandbox/apparmor/firejail for Tor Browser, I think you are working on this, is that right?
Now, Sandboxed using BubbleWrap (BWrap) is making some kind of network isolation like Whonix: one container for TB and one for Tor and TB can only exit to the network connecting to the Tor container.
The question I have is: Can we build with Firejail something like that? I know Firejail profiles are sandboxed/containers and you can deny access to network, but, can you tell FIrejail to only allow connections to Tor process running inside other Firejail sandbox and deny any other network?
BTW, BubbleWrap is not installed by default on Whonix.