[Pkg-privacy-maintainers] Bug#908463: Bug#908463: torbrowser-launcher: Fails to start "Web Content" processes due to outdated AppArmor policy

Antoine Beaupré anarcat at debian.org
Mon Sep 10 15:43:32 BST 2018 

On 2018-09-10 09:59:54, intrigeri at debian.org wrote:
> Package: torbrowser-launcher
> Version: 0.2.9-4
> Severity: serious
> Tags: upstream fixed-upstream
>
> Hi,
>
> I've just pushed to commits to the upstream "develop" branch that fix
> Tor Browser 8 for me. Without these, Tor Browser does start but with
> e10s enabled, no tab will render as Firefox is not allowed to start
> any "Web Content" process.

I confirm this problem is real. It seems that as soon as anyone tries to
upgrade torbrowser in Debian now it either fails with #908068 (before
launcher upgrade) or this (after launcher upgrade).

Here's the full apparmor log I'm getting:

sep 10 10:30:50 curie audit[19914]: AVC apparmor="DENIED" operation="exec" profile="torbrowser_firefox" name="/usr/bin/lsb_release" pid=19914 comm="firefox.real" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 
sep 10 10:30:51 curie audit[19888]: AVC apparmor="DENIED" operation="open" profile="torbrowser_firefox" name="/usr/share/fontconfig/conf.avail/" pid=19888 comm="firefox.real" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 
sep 10 10:30:51 curie dbus-daemon[2881]: [session uid=1000 pid=2865] Activating service name='org.a11y.Bus' requested by ':1.238' (uid=1000 pid=19888 comm="./firefox.real --class Tor Browser -profile TorBro") 
sep 10 10:30:59 curie audit[19975]: AVC apparmor="DENIED" operation="exec" profile="torbrowser_firefox" name="/home/anarcat/.local/share/torbrowser/tbb/x86_64/tor-browser_fr/Browser/firefox.real" pid=19975 comm="Gecko_IOThread" requested_mask="x" denied_mask="x" fsuid=1000 ouid=1000 
sep 10 10:30:59 curie audit[19977]: AVC apparmor="DENIED" operation="exec" profile="torbrowser_firefox" name="/home/anarcat/.local/share/torbrowser/tbb/x86_64/tor-browser_fr/Browser/firefox.real" pid=19977 comm="Gecko_IOThread" requested_mask="x" denied_mask="x" fsuid=1000 ouid=1000 
sep 10 10:30:59 curie audit[19979]: AVC apparmor="DENIED" operation="exec" profile="torbrowser_firefox" name="/home/anarcat/.local/share/torbrowser/tbb/x86_64/tor-browser_fr/Browser/firefox.real" pid=19979 comm="Gecko_IOThread" requested_mask="x" denied_mask="x" fsuid=1000 ouid=1000 
sep 10 10:30:59 curie audit[19981]: AVC apparmor="DENIED" operation="exec" profile="torbrowser_firefox" name="/home/anarcat/.local/share/torbrowser/tbb/x86_64/tor-browser_fr/Browser/firefox.real" pid=19981 comm="Gecko_IOThread" requested_mask="x" denied_mask="x" fsuid=1000 ouid=1000 
sep 10 10:30:59 curie audit[19888]: AVC apparmor="DENIED" operation="open" profile="torbrowser_firefox" name="/var/lib/snapd/desktop/applications/" pid=19888 comm="firefox.real" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 
sep 10 10:30:59 curie audit[19888]: AVC apparmor="DENIED" operation="open" profile="torbrowser_firefox" name="/var/lib/snapd/desktop/applications/mimeinfo.cache" pid=19888 comm="firefox.real" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 
sep 10 10:30:59 curie audit[19888]: AVC apparmor="DENIED" operation="open" profile="torbrowser_firefox" name="/var/lib/snapd/desktop/applications/" pid=19888 comm="firefox.real" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 
sep 10 10:30:59 curie audit[19888]: AVC apparmor="DENIED" operation="open" profile="torbrowser_firefox" name="/var/lib/snapd/desktop/applications/mimeinfo.cache" pid=19888 comm="firefox.real" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 
sep 10 10:31:00 curie audit[19999]: AVC apparmor="DENIED" operation="exec" profile="torbrowser_firefox" name="/home/anarcat/.local/share/torbrowser/tbb/x86_64/tor-browser_fr/Browser/firefox.real" pid=19999 comm="Gecko_IOThread" requested_mask="x" denied_mask="x" fsuid=1000 ouid=1000 
sep 10 10:31:00 curie kernel: audit: type=1400 audit(1536589860.289:162): apparmor="DENIED" operation="exec" profile="torbrowser_firefox" name="/home/anarcat/.local/share/torbrowser/tbb/x86_64/tor-browser_fr/Browser/firefox.real" pid=19999 comm="Gecko_IOThread" requested_mask="x" denied_mask="x" fsuid=1000 ouid=1000 

Not sure what's going on with the snapd up there - I'm not using the
Firefox snap, as far as I know (although I did in the past) so that part
of the log is a bit strange. I noticed that my language ("fr") is in the
path to `firefox.real` so I figured this could be an issue. But starting
with a `C.UTF-8` locale crashes torbrowser completely with a "Tor
unexpectedly exited" GUI popup:

    Tor exited during startup. This might be due to an error in your
    torrc file, a bug in Tor or another program on your system, or
    faulty hardware. Until you fix the underlying problem and restart
    Tor, Tor Browser will not start.

I have then tried to reinstall TBL in that locale, without luck - same
error. What is strange is that the installer is still trying to write to
my locale-specific directory:

sep 10 10:37:24 curie audit[19888]: AVC apparmor="DENIED" operation="mkdir" profile="torbrowser_firefox" name="/home/anarcat/.local/share/torbrowser/tbb/x86_64/tor-browser_fr/" pid=19888 comm=53747265616D5472616E7320233232 requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000 

A message like this is written to the log every second or so, flooding
logs too, and there's no obvious way to stop this from the terminal or
GUI as the process is running in the background. Only `kill 19888` fixes
that flood and obviously does not return correct behavior.

Disabling the apparmor profiles fix this:

aa-complain torbrowser.Tor.tor
aa-complain torbrowser.Browser.firefox

Unfortunately, my browser bookmarks seem to have been lost after the 8.0
upgrade. But at least things work now.

A.

More information about the Pkg-privacy-maintainers mailing list