[Pkg-privacy-maintainers] Bug#990776: torbrowser-launcher: apparmor blocks Tor Browser >= 10.5 starting with MOZ_ENABLE_WAYLAND set

Paul Wise pabs at debian.org
Wed Jul 7 02:01:43 BST 2021 

Package: torbrowser-launcher
Version: 0.3.3-6
Severity: important
Forwarded: https://github.com/micahflee/torbrowser-launcher/issues/591

Since Tor Browser 10.5, when the MOZ_ENABLE_WAYLAND environment
variable is set, the Firefox build that is part of Tor Browser will try
to use Wayland IPC and if that fails then Tor Browser will not start.
The current torbrowser.Browser.firefox apparmor profile denies access
to the relevant Wayland IPC files/sockets:

   Jul 07 08:23:15 audit[437003]: AVC apparmor="DENIED" operation="mknod" profile="torbrowser_firefox" name="/dev/shm/wayland.mozilla.ipc.0" pid=437003 comm="Compositor" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000

   https://blog.torproject.org/new-release-tor-browser-105
   https://gitlab.torproject.org/legacy/trac/-/issues/31729

I was able to workaround this issue using this command:

   sudo sh -c 'echo "owner /dev/shm/wayland.mozilla.ipc.[0-9]* rw," > /etc/apparmor.d/local/torbrowser.Browser.firefox ; apparmor_parser -r /etc/apparmor.d/torbrowser.Browser.firefox'

-- System Information:
Debian Release: 11.0
  APT prefers testing-debug
  APT policy: (900, 'testing-debug'), (900, 'testing'), (800, 'unstable-debug'), (800, 'unstable'), (790, 'buildd-unstable'), (700, 'experimental-debug'), (700, 'experimental'), (690, 'buildd-experimental'), (500, 'testing-security')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-8-amd64 (SMP w/8 CPU threads)
Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8), LANGUAGE=en_AU:en
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages torbrowser-launcher depends on:
ii  ca-certificates    20210119
ii  gnupg              2.2.27-2
ii  libdbus-glib-1-2   0.110-6
ii  python3            3.9.2-3
ii  python3-gpg        1.14.0-1+b2
ii  python3-packaging  20.9-2
ii  python3-pyqt5      5.15.2+dfsg-3
ii  python3-requests   2.25.1+dfsg-2
ii  python3-socks      1.7.1+dfsg-1

Versions of packages torbrowser-launcher recommends:
ii  tor  0.4.5.9-1

Versions of packages torbrowser-launcher suggests:
ii  apparmor  2.13.6-10

-- no debconf information

-- 
bye,
pabs

https://wiki.debian.org/PaulWise
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://alioth-lists.debian.net/pipermail/pkg-privacy-maintainers/attachments/20210707/f64491a5/attachment.sig>

More information about the Pkg-privacy-maintainers mailing list