Apparently these permissions are now needed by plugin-container, not by the
master firefox process.
/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox {
#include <abstractions/gnome>
- # Uncomment the following line if you don't want the Tor Browser
- # to have direct access to your sound hardware. Note that this is not
- # enough to have working sound support in Tor Browser.
- # #include <abstractions/audio>
-
# Uncomment the following lines if you want to give the Tor Browser read-write
# access to most of your personal files.
# #include <abstractions/user-download>
profile torbrowser_plugin_container {
#include <abstractions/gnome>
+ # Uncomment the following lines if you don'want the Tor Browser
+ # to have direct access to your sound hardware.
+ # #include <abstractions/audio>
+ # /etc/asound.conf r,
+ # owner @{PROC}/@{pid}/fd/ r,
+ # owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/tmp/mozilla-temp-* rw,
+
deny /etc/host.conf r,
deny /etc/hosts r,
deny /etc/nsswitch.conf r,