[Pkg-anonymity-tools] Bug#783922: [torbrowser-launcher] Newest TBB does not start with provided AppArmor profile in enforce mode

ricola ricola at poivron.org
Sun May 24 15:28:39 UTC 2015 

Package: torbrowser-launcher
Version: 0.2.0-1

--- Please enter the report below this line. ---

I've got some more similar incidents to report. They seem to be
complementary to this one so I'm not opening a new bug report. Tell me
if I should.

The first AppArmor error I get when starting torbrowser-launcher is:

Latest version of TBB is installed, launching
Traceback (most recent call last):
  File "/usr/bin/torbrowser-launcher", line 30, in <module>
    torbrowser_launcher.main()
  File
"/usr/lib/python2.7/dist-packages/torbrowser_launcher/__init__.py", line
69, in main
    app = Launcher(common, url_list)
  File
"/usr/lib/python2.7/dist-packages/torbrowser_launcher/launcher.py", line
117, in __init__
    self.start_launcher()
  File
"/usr/lib/python2.7/dist-packages/torbrowser_launcher/launcher.py", line
151, in start_launcher
    self.run(False)
  File
"/usr/lib/python2.7/dist-packages/torbrowser_launcher/launcher.py", line
634, in run
    subprocess.call([self.common.paths['tbb']['start']],
cwd=self.common.paths['tbb']['dir_tbb'])
  File "/usr/lib/python2.7/subprocess.py", line 522, in call
    return Popen(*popenargs, **kwargs).wait()
  File "/usr/lib/python2.7/subprocess.py", line 710, in __init__
    errread, errwrite)
  File "/usr/lib/python2.7/subprocess.py", line 1335, in _execute_child
    raise child_exception
OSError: [Errno 13] Permission denied

And in /var/log/kern.log:

May 24 17:07:29 localhost kernel: [ 5454.060742] audit: type=1400
audit(1432480049.538:89): apparmor="DENIED" operation="exec"
profile="/usr/bin/torbrowser-launcher"
name="/home/ricola/.local/share/torbrowser/tbb/i686/tor-browser_en-US/start-tor-browser.desktop"
pid=10435 comm="torbrowser-laun" requested_mask="x" denied_mask="x"
fsuid=1000 ouid=1000

If I disable /etc/apparmor.d/usr.bin.torbrowser-launcher, I get:

Latest version of TBB is installed, launching
Launching './Browser/start-tor-browser --detach'...
/usr/bin/env: bash: Permission denied

And in /var/log/kern.log:

May 24 17:19:26 localhost kernel: [ 6171.305631] audit: type=1400
audit(1432480766.782:122): apparmor="DENIED" operation="exec"
profile="/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/,}start-tor-browser"
name="/bin/bash" pid=11025 comm="start-tor-brows" requested_mask="x"
denied_mask="x" fsuid=1000 ouid=0

Then, if I disable /etc/apparmor.d/torbrowser.start-tor-browser:

Latest version of TBB is installed, launching
Launching './Browser/start-tor-browser --detach'...

And in /var/log/kern.log:

May 24 17:11:31 localhost kernel: [ 5696.068610] audit: type=1400
audit(1432480291.544:99): apparmor="DENIED" operation="file_mmap"
profile="/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox"
name="/home/ricola/.local/share/torbrowser/tbb/i686/tor-browser_en-US/Browser/TorBrowser/Tor/libstdc++.so.6"
pid=10523 comm="firefox" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000

Then again, if I disable /etc/apparmor.d/torbrowser.Browser.firefox, Tor
Browser starts and I can use it but before opening the following
(apparently harmless) error message appears in a dialog:

"An error occurred while loading or saving configuration information for
firefox. Some of your configuration settings may not work properly."

--- System information. ---
Architecture: i386
Kernel:       Linux 3.16.0-4-686-pae

Debian Release: 8.0
  990 stable          security.debian.org
  990 stable          ftp.us.debian.org
  500 unstable        ftp.us.debian.org
  500 testing         ftp.us.debian.org
  500 stable-updates  ftp.us.debian.org
  100 jessie-backports ftp.us.debian.org

--- Package information. ---
Package's Depends field is empty.

Package's Recommends field is empty.

Package's Suggests field is empty.

More information about the Pkg-anonymity-tools mailing list