Tor Browser does not work on unprivileged Selinux users

[PhysicsIsAwesome]

Tor Browser installed through Fedora's torbrowser-launcher package needs some additional rules to make it work on unprivileged Selinux users. These rules were needed to make it work on my device. xguest still does not work, but staff and user work.

gen_require(`
    type tor_port_t;
    class tcp_socket name_bind;
    attribute unpriv_userdomain, port_type;
')

type torbrowser_port_t, port_type;
allow unpriv_userdomain tor_port_t:tcp_socket name_bind;
allow unpriv_userdomain torbrowser_port_t:tcp_socket name_bind;

torbrowser_port_t is a port type which I needed to add, because Tor Browser needs access to tcp port 9151, which normally is unreserved_port_t

[PhysicsIsAwesome]

Logs via sudo ausearch -i -m avc | grep tor:

type=AVC msg=audit(29.07.2025 21:19:38.192:318) : avc:  denied  { name_bind } for  pid=9829 comm=tor src=9151 scontext=user_u:user_r:user_t:s0-s0:c100.c150 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket permissive=0 
type=AVC msg=audit(29.07.2025 21:57:12.632:1092) : avc:  denied  { name_bind } for  pid=15763 comm=tor src=9150 scontext=user_u:user_r:user_t:s0-s0:c100.c150 tcontext=system_u:object_r:tor_port_t:s0 tclass=tcp_socket permissive=0 
type=AVC msg=audit(30.07.2025 14:19:53.713:2121) : avc:  denied  { name_connect } for  pid=28180 comm=Socket Thread dest=9151 scontext=xguest_u:xguest_r:xguest_t:s0-s0:c900 tcontext=system_u:object_r:torbrowser_port_t:s0 tclass=tcp_socket permissive=0