Hi,
Note:
* Don't use this unless you are capable of debugging it. * Don't use this if you need strong security (though the author believes it is an improvement over unsandboxed Tor Browser, and the previous sandboxing attempts). * Don't re-package it, it's not ready for that.
In addition to stewing in my infinite self-loathing, I made a serious attempt at sandboxing Tor Browser again. It works, is kind of neat, and isn't totally horrible, so I'm showing what's available.
Where: https://git.schwanenlied.me/yawning/sandboxed-tor-browser
This builds a lightweight launcher process that will:
* Handle installing/updating Tor Browser, while being rather paranoid about having a good trust root (hard copies of PGP keys, the update service's cert chain, and the MAR signing key are included and enforced).
* Run the updater in a sandboxed environment without network access.
* Run Tor Browser in a sandboxed enviornment with the Tor SocksPort being the only way to get beyond the host.
There's a bunch of caveats, and some functionality that's intentionally broken, and certain annoyances that require a Tor Browser patch or two to fix, but it appears to work fairly well.
The README.md file has more detailed documentation on how it works, the sandbox environment, and the various caveats.