[Pkg-privacy-maintainers] Bug#874383: torbrowser-launcher: AppArmor failures

Tue Sep 5 16:26:47 UTC 2017

Package: torbrowser-launcher
Version: 0.2.8-1
Severity: important
User: pkg-apparmor-team at lists.alioth.debian.org 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

0.2.8-1 changes the AppArmor profile to include:

+  # Required for multiprocess Firefox (aka Electrolysis, i.e. e10s)
+  owner /dev/shm/org.chromium.* rw,

in /etc/apparmor.d/torbrowser.Browser.firefox.

This doesn't seem to be enough, the syslog is full of:

Sep  5 18:21:18 jadzia kernel: [848718.105570] audit: type=1400 audit(1504628478.309:7268): apparmor="DENIED" operation="mknod" profile="/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox" name="/run/shm/org.chromium.Ob3qhH" pid=19088 comm=57656220436F6E74656E74 requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
Sep  5 18:21:18 jadzia kernel: [848718.105724] audit: type=1400 audit(1504628478.310:7269): apparmor="DENIED" operation="mknod" profile="/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox" name="/run/shm/org.chromium.LvK8f0" pid=19088 comm=57656220436F6E74656E74 requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
Sep  5 18:21:18 jadzia kernel: [848718.105884] audit: type=1400 audit(1504628478.310:7270): apparmor="DENIED" operation="mknod" profile="/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox" name="/run/shm/org.chromium.bchSej" pid=19088 comm=57656220436F6E74656E74 requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
Sep  5 18:21:20 jadzia kernel: [848720.361627] audit: type=1400 audit(1504628480.565:7271): apparmor="DENIED" operation="mknod" profile="/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox" name="/run/shm/org.chromium.MaBrQI" pid=19088 comm=57656220436F6E74656E74 requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
Sep  5 18:21:20 jadzia kernel: [848720.361713] audit: type=1400 audit(1504628480.566:7272): apparmor="DENIED" operation="mknod" profile="/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox" name="/run/shm/org.chromium.7Jb2r8" pid=19088 comm=57656220436F6E74656E74 requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
Sep  5 18:21:20 jadzia kernel: [848720.361769] audit: type=1400 audit(1504628480.566:7273): apparmor="DENIED" operation="mknod" profile="/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox" name="/run/shm/org.chromium.YQpD3x" pid=19088 comm=57656220436F6E74656E74 requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000

and loading any page just hangs.

Cheers,
gregor

- -- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'unstable-debug'), (500, 'oldoldstable'), (500, 'experimental'), (500, 'testing'), (500, 'stable'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.12.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=de_AT.utf8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: sysvinit (via /sbin/init)

Versions of packages torbrowser-launcher depends on:
ii  ca-certificates  20170717
ii  gnupg            2.1.23-2
ii  python           2.7.13-2
ii  python-gtk2      2.24.0-5.1
ii  python-lzma      0.5.3-3
ii  python-parsley   1.2-1
ii  python-psutil    5.0.1-1+b1
ii  python-twisted   17.5.0-2
ii  python-txsocksx  1.15.0.2-1

Versions of packages torbrowser-launcher recommends:
ii  tor  0.3.0.10-1

Versions of packages torbrowser-launcher suggests:
ii  apparmor       2.11.0-10
ii  python-pygame  1.9.3+dfsg-2+b1

- -- no debconf information

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEE0eExbpOnYKgQTYX6uzpoAYZJqgYFAlmu0EdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEQx
RTEzMTZFOTNBNzYwQTgxMDREODVGQUJCM0E2ODAxODY0OUFBMDYACgkQuzpoAYZJ
qgZpfA//Z1RbMmzli4uSM50q74VFOq5mmzs1UeG8wawIKQ1Eu0IFU/xf3aW134oq
Qm2BSmOXakHWNRDkKek+uTK9XjPzCH3LraCLrwd0faRLsJl3jwoqzwbLQ87ecn+8
d8F2icBI/rDE9cqsuKU6LhDQ/5Q8qKawkGsl+tptS56604ezGz+BR3xPKiXdriMd
g/c2s6gntrJ5YmzZaDrzi5siBy58Y2jfAxvLT0Kw17o8u7Yv1xVbMDqTM9n595rY
fqX0mgi6iLJxyTSaebXX57Qx/+9NpRsAdzEZbbB0jJQvkztNsCdVWJTpf8DgF/U4
32OXVySFWr8iMG65g6JHORerHXXa9jcv0ENPhl3ch3Yceo17wTFsznXiB6xgiVnD
tsqg9ZXmZXXcuMWkKqfaIUDtSjKQZGS72TLfb4B5R+OUPCWaIsL1fxUQE0hZFLFS
Zi8vd4GMx80rGoZAl7lV93cM42pD+jM+8+l3TGrnb5vKXdAhOTQhBoymxoRFEcly
GTXFQfQkReyl4x6VWgInsFgyOZFCCBNcxN+jMpPa2RS+RAwx6p+M2YrHKIqfoB/4
tPqik8KlZ2uTv77erEvhS/5O5yNaYiYB5xduzhJEN/ilygQYJq+ZAWI88xvnasZS
GdFpemUPnUGOMyqTVbiJSm+/UcuQQhIarGBpzFV7WKsHXBBEFiw=
=qPjJ
-----END PGP SIGNATURE-----