[pkg-apparmor] Bug#1001249: apparmor blocks Tor Browser >= 10.5 starting with MOZ_ENABLE_WAYLAND

Carlos Aguilar hacerespacio at gmail.com
Mon Dec 6 23:05:26 GMT 2021 

Package: apparmor
Version: 2.13.6-10
Severity: important
X-Debbugs-Cc: hacerespacio at gmail.com

Dear Maintainer,



   * What led up to the situation?
Istalling Tor Browser via the `torbrowser-launcher` (0.3.3-6) package in Debian
11.

   * What exactly did you do (or not do) that was effective (or
     ineffective)?
Launching Tor in GNOME using the Wayland session with environmental variable
MOZ_ENABLE_WAYLAND=1 in my .bashrc lead to an unusable Tor.
However, Tor works fine in the X11 session or with MOZ_ENABLE_WAYLAND=0 under
the Wayland session in GNOME.

   * What was the outcome of this action?
Tor can't be used under Wayland.

   * What outcome did you expect instead?
To be able to run Tor with environmental variable MOZ_ENABLE_WAYLAND=1.

I found the following issue in torbrowser-launcher:

https://github.com/micahflee/torbrowser-launcher/issues/591

According to the submitter of the issue, Paul Wise:

>Since Tor Browser 10.5 (release notes, tbb#31729) when the MOZ_ENABLE_WAYLAND
environment variable is set, the Firefox build that is part of Tor Browser will
try to use Wayland IPC and if that fails then Tor Browser will not start. The
current torbrowser.Browser.firefox apparmor profile denies access to the
relevant Wayland IPC files/sockets:

>   Jul 07 08:23:15 audit[437003]: AVC apparmor="DENIED" operation="mknod"
profile="torbrowser_firefox" name="/dev/shm/wayland.mozilla.ipc.0" pid=437003
comm="Compositor" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000

>I was able to workaround this issue using this command:

>   sudo sh -c 'echo "owner /dev/shm/wayland.mozilla.ipc.[0-9]* rw," >
/etc/apparmor.d/local/torbrowser.Browser.firefox ; apparmor_parser -r
/etc/apparmor.d/torbrowser.Browser.firefox'




-- System Information:
Debian Release: 11.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500,
'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-9-amd64 (SMP w/4 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages apparmor depends on:
ii  debconf [debconf-2.0]  1.5.77
ii  libc6                  2.31-13+deb11u2
ii  lsb-base               11.1.0

apparmor recommends no packages.

Versions of packages apparmor suggests:
pn  apparmor-profiles-extra  <none>
pn  apparmor-utils           <none>

-- debconf information:

More information about the pkg-apparmor-team mailing list