AppArmor Issue on non-GNOME environments? #588
Comments
|
This was traced on Ubuntu Impish development so that we can just do the following: However, there is a regression in the X abstractions on Ubuntu Impish where read/write is just 'read only' on the unix sockets. This is the core problem, so even if we add the above, we still have to fix stuff. I'll make a PR for the abstractions to fix the dbus failures and the X abstraction bits after Ubuntu SEcurity Team addresses the Impish issue. |
teward
added a commit
to teward/torbrowser-launcher
that referenced
this issue
Jun 29, 2021
X abstractions are needed since we use X Server for the display bits for Firefox Browser. On Ubuntu/Lubuntu though, in 21.04 and up, the "write" permission is yanked from the X display sockets in `/tmp/.X11-unix/*` though, and is needed, so we'll override it for now in-profile. This addresses torproject#588.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
torbrowser-launcherappears to not work properly with the AppArmor rules on non-GNOME environments like XFCE, LXQt, and KDE in latest versions.Apparmor denies connect access to the runtime bus which in turn prevents Firefox of the TBB to actually load up to the connection screen, or start things.
This results in a hard segmentation fault on the underlying Tor Browser firefox.
Testing this, an apparmor rule to permit readwrite on
/run/user/{gid,uid}/busseemed to permit it. Is it possible this is a new requirement, or something introduced recently that could be breaking things on non-GNOME environments?The text was updated successfully, but these errors were encountered: