I know this is a thread on Silverblue, but with what you are trying to do with sandboxing the Tor Browser, could you use policycoreutils-sandbox ? I actually use firefox in this fashion.
sandbox -X -w 1920x1080 -H temphome -T tmp -t sandbox_web_t firefox
This instance of Firefox has only access to files in sandbox/temphome, sandbox/tmp . I actually have a Downloads folder and have a firefox profile .mozilla file as well. You are running a virtual X server so copy and paste from that sandboxed firefox won’t work. I do have my vpn plugin for firefox and that works as well. This type of setup works for me for now. Although I have been intrigued by silverblue so far, I’m just not ready to move over completely.
Hope this helps