[Pkg-anonymity-tools] Bug#803171: torbrowser-launcher: AppArmor profiles broken with latest Tor Browser
Kjö Hansi Glaz
kjo at a4nancy.net.eu.org
Tue Oct 27 16:37:32 UTC 2015
Package: torbrowser-launcher
Version: 0.2.0-2
Severity: normal
Dear Maintainer,
* What led up to the situation?
I installed torbrowser-launcher, on an uptodate sid installation with
apparmor enabled.
I switched the included profiles to enforce mode with:
$ sudo aa-enforce usr.bin.torbrowser-launcher
Setting /etc/apparmor.d/usr.bin.torbrowser-launcher to enforce mode.
$ sudo aa-enforce torbrowser.start-tor-browser
Setting /etc/apparmor.d/torbrowser.start-tor-browser to enforce mode.
$ sudo aa-enforce torbrowser.Browser.firefox
Setting /etc/apparmor.d/torbrowser.Browser.firefox to enforce mode.
* What exactly did you do (or not do) that was effective (or
ineffective)?
I tried to start torbrowser-launcher.
* What was the outcome of this action?
$ torbrowser-launcher
Tor Browser Launcher
By Micah Lee, licensed under MIT
version 0.2.0
https://github.com/micahflee/torbrowser-launcher
Checked for update within 24 hours, skipping
Latest version of TBB is installed, launching
Traceback (most recent call last):
File "/usr/bin/torbrowser-launcher", line 30, in <module>
torbrowser_launcher.main()
File "/usr/lib/python2.7/dist-packages/torbrowser_launcher/__init__.py", line 69, in main
app = Launcher(common, url_list)
File "/usr/lib/python2.7/dist-packages/torbrowser_launcher/launcher.py", line 117, in __init__
self.start_launcher()
File "/usr/lib/python2.7/dist-packages/torbrowser_launcher/launcher.py", line 151, in start_launcher
self.run(False)
File "/usr/lib/python2.7/dist-packages/torbrowser_launcher/launcher.py", line 634, in run
subprocess.call([self.common.paths['tbb']['start']], cwd=self.common.paths['tbb']['dir_tbb'])
File "/usr/lib/python2.7/subprocess.py", line 522, in call
return Popen(*popenargs, **kwargs).wait()
File "/usr/lib/python2.7/subprocess.py", line 710, in __init__
errread, errwrite)
File "/usr/lib/python2.7/subprocess.py", line 1335, in _execute_child
raise child_exception
OSError: [Errno 13] Permission non accordée
* What outcome did you expect instead?
I expect Tor Browser to start
* Proposed solution
Adding the following in apparmor.d/local/ solved the problem for me.
These might need to be added to the profile shipped in the Debian
package.
$ cat apparmor.d/local/torbrowser.start-tor-browser
# Site-specific additions and overrides for torbrowser.start-tor-browser.
# For more details, please see /etc/apparmor.d/local/README.
/sbin/ldconfig ix,
/usr/bin/gcc-5 ix,
/usr/bin/env r,
/bin/bash ix,
$ cat apparmor.d/local/usr.bin.torbrowser-launcher
# Site-specific additions and overrides for usr.bin.torbrowser-launcher.
# For more details, please see /etc/apparmor.d/local/README.
/sbin/ldconfig rix,
/sbin/ldconfig.real rix,
/usr/bin/gcc-5 rix,
/bin/sed rix,
/usr/bin/tail ix,
@{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/,}start-tor-browser.desktop rix,
@{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/execdesktop ix,
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (900, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.2.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages torbrowser-launcher depends on:
ii gnupg 1.4.19-6
ii python 2.7.9-1
ii python-gtk2 2.24.0-4
ii python-lzma 0.5.3-3
ii python-parsley 1.2-1
ii python-psutil 2.2.1-3+b1
ii python-twisted 15.2.1-1
ii python-txsocksx 1.15.0.2-1
ii tor 0.2.7.4-rc-1
ii wmctrl 1.07-7
torbrowser-launcher recommends no packages.
Versions of packages torbrowser-launcher suggests:
ii apparmor 2.10-2+b1
pn python-pygame <none>
-- Configuration Files:
/etc/apparmor.d/torbrowser.start-tor-browser changed:
$ diff -Naur deb/etc/apparmor.d/torbrowser.start-tor-browser /etc/apparmor.d/torbrowser.start-tor-browser
--- deb/etc/apparmor.d/torbrowser.start-tor-browser 2015-08-12 12:35:34.000000000 +0200
+++ /etc/apparmor.d/torbrowser.start-tor-browser 2015-10-26 14:58:35.692329726 +0100
@@ -1,6 +1,6 @@
#include <tunables/global>
-/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/,}start-tor-browser flags=(complain) {
+/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/,}start-tor-browser {
#include <abstractions/base>
#include <abstractions/bash>
#include <abstractions/fonts>
/etc/apparmor.d/usr.bin.torbrowser-launcher changed:
$ diff -Naur deb/etc/apparmor.d/usr.bin.torbrowser-launcher /etc/apparmor.d/usr.bin.torbrowser-launcher
--- etc/apparmor.d/usr.bin.torbrowser-launcher 2015-08-12 12:35:33.000000000 +0200
+++ /etc/apparmor.d/usr.bin.torbrowser-launcher 2015-10-26 15:54:02.001050005 +0100
@@ -1,7 +1,7 @@
# Last Modified: Thu Jan 2 15:12:38 2014
#include <tunables/global>
-/usr/bin/torbrowser-launcher flags=(complain) {
+/usr/bin/torbrowser-launcher {
#include <abstractions/base>
#include <abstractions/nameservice>
#include <abstractions/python>
-- no debconf information
More information about the Pkg-anonymity-tools
mailing list