[Pkg-privacy-maintainers] Bug#835479: Doesn't start with tor profile in enforce mode

Guido Günther agx at sigxcpu.org
Fri Aug 26 08:29:45 UTC 2016 

Package: torbrowser-launcher
Version: 0.2.6-1
Severity: normal

Hi,
torbrowser-launcher would not start with

'/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Tor/tor'

set to enforce mode. I get the "Tor launcher" "Tor exited during
startup..." dialog. Restarting doesn't help but setting the above
profile to complain mode does the trick (note that

'/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox'

can stay in enforce mode. Attached is apparmor output, I can't spot
anything related to tor itself there.

Cheers,
 -- Guido

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'stable-updates'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.6.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages torbrowser-launcher depends on:
ii  ca-certificates  20160104
ii  gnupg            1.4.20-6
ii  python-gtk2      2.24.0-5
ii  python-lzma      0.5.3-3
ii  python-parsley   1.2-1
ii  python-psutil    4.2.0-1
ii  python-twisted   16.3.0-1
ii  python-txsocksx  1.15.0.2-1
pn  python:any       <none>
ii  wmctrl           1.07-7

Versions of packages torbrowser-launcher recommends:
ii  tor  0.2.8.7-1

Versions of packages torbrowser-launcher suggests:
ii  apparmor       2.10.95-4
pn  python-pygame  <none>

-- Configuration Files:
/etc/apparmor.d/torbrowser.Tor.tor changed:
/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Tor/tor flags=(complain) {
  #include <abstractions/base>
  network tcp,
  network udp,
  /etc/host.conf r,
  /etc/nsswitch.conf r,
  /etc/passwd r,
  /etc/resolv.conf r,
  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Tor/tor mr,
  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Data/Tor/* rw,
  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Data/Tor/lock rwk,
  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/Tor,Lib}/*.so mr,
  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/Tor,Lib}/*.so.* mr,
  @{PROC}/sys/kernel/random/uuid r,
  /sys/devices/system/cpu/ r,
  # OnionShare compatibility
  /tmp/onionshare/** rw,
  #include <local/torbrowser.Tor.tor>
}


-- no debconf information
-------------- next part --------------
Aug 26 09:34:28 bogon audit[18693]: AVC apparmor="DENIED" operation="open" profile="/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox" name="/dev/shm/" pid=18693 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Aug 26 09:34:28 bogon kernel: audit: type=1400 audit(1472196868.322:853): apparmor="DENIED" operation="open" profile="/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox" name="/etc/pulse/client.conf" pid=18693 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Aug 26 09:34:28 bogon kernel: audit: type=1400 audit(1472196868.322:854): apparmor="DENIED" operation="open" profile="/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox" name="/dev/shm/" pid=18693 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Aug 26 09:34:28 bogon audit[18734]: AVC apparmor="DENIED" operation="open" profile="/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox" name="/proc/18734/fd/" pid=18734 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
Aug 26 09:34:28 bogon audit[18734]: AVC apparmor="DENIED" operation="exec" profile="/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox" name="/usr/bin/pulseaudio" pid=18734 comm="firefox" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
Aug 26 09:34:28 bogon kernel: audit: type=1400 audit(1472196868.322:855): apparmor="DENIED" operation="open" profile="/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox" name="/proc/18734/fd/" pid=18734 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
Aug 26 09:34:28 bogon kernel: audit: type=1400 audit(1472196868.322:856): apparmor="DENIED" operation="exec" profile="/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox" name="/usr/bin/pulseaudio" pid=18734 comm="firefox" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
Aug 26 09:34:31 bogon audit[18693]: AVC apparmor="DENIED" operation="open" profile="/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox" name="/run/resolvconf/resolv.conf" pid=18693 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Aug 26 09:34:31 bogon kernel: audit: type=1400 audit(1472196871.134:857): apparmor="DENIED" operation="open" profile="/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox" name="/run/resolvconf/resolv.conf" pid=18693 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Aug 26 09:34:56 bogon audit[18756]: AVC apparmor="ALLOWED" operation="open" profile="/usr/bin/torbrowser-launcher" name="/home/agx/.local/lib/python2.7/site-packages/" pid=18756 comm="torbrowser-laun" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
Aug 26 09:34:56 bogon kernel: audit: type=1400 audit(1472196896.063:858): apparmor="ALLOWED" operation="open" profile="/usr/bin/torbrowser-launcher" name="/home/agx/.local/lib/python2.7/site-packages/" pid=18756 comm="torbrowser-laun" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
Aug 26 09:34:56 bogon audit[18756]: AVC apparmor="ALLOWED" operation="open" profile="/usr/bin/torbrowser-launcher" name="/sys/devices/pci0000:00/0000:00:1f.2/ata1/host0/target0:0:0/0:0:0:0/block/sda/queue/hw_sector_size" pid=18756 comm="torbrowser-laun" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Aug 26 09:34:56 bogon kernel: audit: type=1400 audit(1472196896.099:859): apparmor="ALLOWED" operation="open" profile="/usr/bin/torbrowser-launcher" name="/sys/devices/pci0000:00/0000:00:1f.2/ata1/host0/target0:0:0/0:0:0:0/block/sda/queue/hw_sector_size" pid=18756 comm="torbrowser-laun" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Aug 26 09:34:56 bogon audit[18756]: AVC apparmor="ALLOWED" operation="open" profile="/usr/bin/torbrowser-launcher" name="/home/agx/.local/lib/python2.7/site-packages/" pid=18756 comm="torbrowser-laun" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
Aug 26 09:34:56 bogon kernel: audit: type=1400 audit(1472196896.187:860): apparmor="ALLOWED" operation="open" profile="/usr/bin/torbrowser-launcher" name="/home/agx/.local/lib/python2.7/site-packages/" pid=18756 comm="torbrowser-laun" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
Aug 26 09:34:56 bogon audit[18756]: AVC apparmor="ALLOWED" operation="open" profile="/usr/bin/torbrowser-launcher" name="/home/agx/.local/lib/python2.7/site-packages/" pid=18756 comm="torbrowser-laun" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
Aug 26 09:34:56 bogon kernel: audit: type=1400 audit(1472196896.227:861): apparmor="ALLOWED" operation="open" profile="/usr/bin/torbrowser-launcher" name="/home/agx/.local/lib/python2.7/site-packages/" pid=18756 comm="torbrowser-laun" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
Aug 26 09:34:56 bogon audit[18757]: AVC apparmor="ALLOWED" operation="exec" profile="/usr/bin/torbrowser-launcher" name="/sbin/ldconfig" pid=18757 comm="torbrowser-laun" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 target="/usr/bin/torbrowser-launcher//null-26"
Aug 26 09:34:56 bogon audit[18757]: AVC apparmor="ALLOWED" operation="open" profile="/usr/bin/torbrowser-launcher//null-26" name="/etc/ld.so.cache" pid=18757 comm="ldconfig" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Aug 26 09:34:56 bogon audit[18757]: AVC apparmor="ALLOWED" operation="getattr" profile="/usr/bin/torbrowser-launcher//null-26" name="/etc/ld.so.cache" pid=18757 comm="ldconfig" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Aug 26 09:34:56 bogon kernel: audit: type=1400 audit(1472196896.283:862): apparmor="ALLOWED" operation="exec" profile="/usr/bin/torbrowser-launcher" name="/sbin/ldconfig" pid=18757 comm="torbrowser-laun" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 target="/usr/bin/torbrowser-launcher//null-26"
Aug 26 09:34:56 bogon kernel: audit: type=1400 audit(1472196896.283:863): apparmor="ALLOWED" operation="open" profile="/usr/bin/torbrowser-launcher//null-26" name="/etc/ld.so.cache" pid=18757 comm="ldconfig" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Aug 26 09:34:56 bogon kernel: audit: type=1400 audit(1472196896.283:864): apparmor="ALLOWED" operation="getattr" profile="/usr/bin/torbrowser-launcher//null-26" name="/etc/ld.so.cache" pid=18757 comm="ldconfig" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Aug 26 09:34:56 bogon audit[18779]: AVC apparmor="DENIED" operation="open" profile="/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox" name="/run/udev/data/c226:0" pid=18779 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Aug 26 09:34:56 bogon audit[18777]: AVC apparmor="DENIED" operation="file_mmap" profile="/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox" name="/home/agx/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/TorBrowser/Tor/libgmp.so.10" pid=18777 comm="firefox" requested_mask="m" denied_mask="m" fsuid=1000 ouid=1000
Aug 26 09:34:56 bogon kernel: audit: type=1400 audit(1472196896.431:865): apparmor="DENIED" operation="open" profile="/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox" name="/run/udev/data/c226:0" pid=18779 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Aug 26 09:34:56 bogon kernel: audit: type=1400 audit(1472196896.431:866): apparmor="DENIED" operation="file_mmap" profile="/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox" name="/home/agx/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/TorBrowser/Tor/libgmp.so.10" pid=18777 comm="firefox" requested_mask="m" denied_mask="m" fsuid=1000 ouid=1000
Aug 26 09:34:56 bogon audit[18777]: AVC apparmor="DENIED" operation="open" profile="/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox" name="/sys/devices/system/cpu/cpufreq/policy0/cpuinfo_max_freq" pid=18777 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Aug 26 09:34:56 bogon audit[18777]: AVC apparmor="DENIED" operation="open" profile="/home/*/.local/share/torbrowse

More information about the Pkg-privacy-maintainers mailing list