Tor Browser Launcher 0.3.0 #352
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…tion. We already allow the main browser profile to do that but with e10s plugin-container now needs it as well.
…m signals. With e10s Firefox does not need to ptrace itself anymore but instead it needs to ptrace and kill its child plugin-container processes.
…ent Firefox process.
We already allow Firefox to send term signals to plugin-container;
this is the receiving counterpart.
This requires giving the Firefox profile a proper name (torbrowser_firefox)
because this:
signal (receive) set=("term") peer=/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox
… does not work.
Note to package maintainers
===========================
(This should probably be copied to the release notes.)
Due to the profile renaming, upgrading the
/etc/apparmor.d/torbrowser.Browser.firefox file requires special care. The best
option is probably to strongly recommend users to reboot their system after
this upgrade.
Other options I can think of have unacceptable consequences:
- if we unload the old profile from the kernel, we will leave any already
running Tor Browser's Firefox executable unconfined, which is an unacceptable
violation of the user's security expectations;
- if we don't unload the old profile from the kernel, surprising behaviour will
happen such as:
- any already running Tor Browser's Firefox executable will be left confined
under the old profile which won't play well with new rules that have
peer=torbrowser_firefox;
- unpredictable behavior when a new Tor Browser is started, because two
profiles matching the Tor Browser's Firefox executable are loaded.
So far we allowed it to do everything in there except a link operation, so let's be consistent.
…es to read. Same rationale as commit 68f502c.
We don't currently allow access to the audio subsystem; let's not let AppArmor spam the logs about it.
This will allow us to handle upgrades more nicely in the future, e.g. when the executable path changes. Besides, this makes the output of aa-status and logs much easier to grasp. Note to packagers: exactly as for the similar change applied to the Tor Browser's Firefox profile, please consider recommending users to reboot their system after the upgrade that applies this change.
This fixes support for obfs4 and obfs3. meek and fte require vastly more extended permissions and thus dedicated child profiles.
This matches how recent dh-apparmor behaves.
Updated the French translation!
…yet still because of twisted issues)
…rors or update the GUI
…tion fails, it saves a backup. And it uses gpg2 to refresh the keyring instead of gpg1, which did nothing.
…of-date and I use systemwide packages for deps
…uncher into forthommel-patch-1
AppArmor profiles, 2018-01 edition
…compiled. Otherwise, Tor Browser 8.0a9 crashes when clicking "Save Page As".
At this point it seems unlikely that the develop branch will be released
before Tor Browser 8.0 so here we go, let's get ready.
Note that I could have written firefox{,.real} instead, to support both Tor
Browser 7.5 and 8.0, but then we would have to open the profile more broadly so
the new shell wrapper installed as "firefox" by Tor Browser 8.0a10 can do its
job. This does not seem worth the hassle and will be fine as long as this new
torbrowser-launcher is released approximately at the same time as, or after, Tor
Browser 8.
…wser_plugin_container AppArmor profile.
…access it now needs.
…, otherwise they fail to load
…ncher into deskos-xp-develop
…cher into NaruTrey-develop
|
I'm not sure I understand what's expected from me. Is it a post-release code review of this PR? |
|
Oh sorry. I just meant to confirm that #323 is working for you now. It appeared to be working when I tested my fix, but since you opened the issue I wanted to make sure it worked for you too. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.