[Pkg-privacy-maintainers] Bug#908068: torbrowser-launcher fails with torbrowser 8.0

Wed Sep 5 20:41:03 BST 2018

Package: torbrowser-launcher
Version: 0.2.9-3
Severity: grave
Tags: upstream
Justification: renders package unusable
User: pkg-apparmor-team at lists.alioth.debian.org 
Usertags: buggy-profile

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Today torbrowser 8.0 was released, and after updating it (from
torbrowser 7.x, started with torbrowser-launcher), the new version
doesn't start:

% torbrowser-launcher           
Tor Browser Launcher
By Micah Lee, licensed under MIT
version 0.2.9
https://github.com/micahflee/torbrowser-launcher
Refreshing local keyring...
Keyring refreshed successfully...
  No key updates for key: EF6E286DDA85EA2A4BA7DE684E2C6E8793298290
Launching './Browser/start-tor-browser --detach'...
%

At that point AppArmor says:

Sep  5 21:21:28 jadzia kernel: [1647972.387747] audit: type=1400 audit(1536175288.429:218): apparmor="DENIED" operation="open" profile="torbrowser_firefox" name="/dev/tty" pid=27409 comm="firefox" requested_mask="wr" denied_mask="wr" fsuid=1000 ouid=0
Sep  5 21:21:28 jadzia kernel: [1647972.389168] audit: type=1400 audit(1536175288.429:219): apparmor="DENIED" operation="exec" profile="torbrowser_firefox" name="/usr/bin/dirname" pid=27410 comm="firefox" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
Sep  5 21:21:28 jadzia kernel: [1647972.389200] audit: type=1400 audit(1536175288.429:220): apparmor="DENIED" operation="open" profile="torbrowser_firefox" name="/usr/bin/dirname" pid=27410 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

Trying to start the browser manually is not better:

% ~/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/start-tor-browser --verbose
./firefox: line 3: /usr/bin/dirname: Permission denied
./firefox: line 14: /firefox.real: No such file or directory

And AppArmor details:

Sep  5 21:22:36 jadzia kernel: [1648040.572592] audit: type=1400 audit(1536175356.609:221): apparmor="DENIED" operation="open" profile="torbrowser_firefox" name="/dev/tty" pid=28449 comm="firefox" requested_mask="wr" denied_mask="wr" fsuid=1000 ouid=0
Sep  5 21:22:36 jadzia kernel: [1648040.573203] audit: type=1400 audit(1536175356.609:222): apparmor="DENIED" operation="exec" profile="torbrowser_firefox" name="/usr/bin/dirname" pid=28450 comm="firefox" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
Sep  5 21:22:36 jadzia kernel: [1648040.573224] audit: type=1400 audit(1536175356.609:223): apparmor="DENIED" operation="open" profile="torbrowser_firefox" name="/usr/bin/dirname" pid=28450 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

Same for the version in experimental (0.3.0~dev-1~exp3).

I suppose this needs "just" some AppArmor tweaks but I was not
successful in the first few tries (it's a bit of a rabbit hole for a
layperson like me, after dirname comes firefox.real, and then
something about libstdc++.so.6 …).

Cheers,
gregor

- -- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'unstable-debug'), (500, 'oldoldstable'), (500, 'experimental'), (500, 'testing'), (500, 'stable'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.17.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=de_AT.utf8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: sysvinit (via /sbin/init)
LSM: AppArmor: enabled

Versions of packages torbrowser-launcher depends on:
ii  ca-certificates   20180409
ii  gnupg             2.2.10-1
ii  libdbus-glib-1-2  0.110-3
ii  python            2.7.15-3
ii  python-gtk2       2.24.0-5.1+b1
ii  python-lzma       0.5.3-3.1
pn  python-parsley    <none>
pn  python-psutil     <none>
ii  python-twisted    18.7.0-2
pn  python-txsocksx   <none>

Versions of packages torbrowser-launcher recommends:
ii  tor  0.3.3.9-1

Versions of packages torbrowser-launcher suggests:
ii  apparmor       2.13-8
ii  python-pygame  1.9.3+dfsg2-2

- -- no debconf information

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEE0eExbpOnYKgQTYX6uzpoAYZJqgYFAluQMU5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEQx
RTEzMTZFOTNBNzYwQTgxMDREODVGQUJCM0E2ODAxODY0OUFBMDYACgkQuzpoAYZJ
qgaWZRAAnSKawPgJyZ6ncZ9V76ANmlWF0i7i4lJH5MBUu83ZvcRppBEXjZHM/RD6
Xqtn8G7qhZKcvswm5nMVbGwep9Afk2+SugWHXBpy2RU365a68zj437uxtaHkfVrl
NP7BWf7o2wSbWeU/vNmCAB7i++BJCM6CZnWY4/gEeJ7/badyr2xVnNzjAKc1wMxh
jWoXnZTf/K/4jgOS55GUDOJrqDTRBugYVoDWT6mlByoiBHmmvj5pdUm9hsMH40BC
+9SETYSV16sNUCmdT1RCjgnq8c2xv08CkcXjV+sv6IrgvP4AcXQ66+mcNbx9a/Ii
mSIWxne4n03BymfPLIOcSptFGafZH55jliTxvkqcZ5KreDLmN76gR+U/3gqmnyFo
gDGyPl64RVyJxgbE1HVAQvgCat+f9JotQ/5PYw/ddzJyrB+u6MN0KvM7nIkToKOi
WNXfCzWZ9gYjESw1fh1LXUm2PVewrMlrPxP/DqRFYeh6kk16w6Q4Y9smD2N+YLzg
Qb3jbFxsTuCVKEsZmxkYhUZFakyPXFVj4EAhCbZ9FEF59QuNQv7fHYtTTxYkX0DC
5QDZs265KueZGHAQbTNEHe1/bOxsoHHyBDvNgOaTDjGtGWFNB/FhYm0ZiFGtFgdE
UMQmVFUf/Q9pn6FVsn4MYT6RxbhX46xyfeqO2o/s0uaS+RlleYI=
=hTCu
-----END PGP SIGNATURE-----