[Pkg-privacy-maintainers] Bug#874383: torbrowser-launcher: AppArmor failures

intrigeri intrigeri at debian.org
Fri Sep 8 06:48:41 UTC 2017


Control: tag -1 + moreinfo

Hi gregor,

gregor herrmann:
> This doesn't seem to be enough, the syslog is full of:

> Sep 5 18:21:18 jadzia kernel: [848718.105570] audit: type=1400
> audit(1504628478.309:7268): apparmor="DENIED" operation="mknod"
> profile="/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox"
> name="/run/shm/org.chromium.Ob3qhH" pid=19088 comm=57656220436F6E74656E74
> requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
> [...]
> and loading any page just hangs.

Ouch! On my system (sid, systemd) /run/shm is a symlink to /dev/shm,
so "owner /dev/shm/org.chromium.* rw," is enough. I suspect that:

> Init: sysvinit (via /sbin/init)

… explains why these things are setup differently on your system.
I admit I've not tested anything on sysvinit for ages.

Can you please try replacing:

  owner /dev/shm/org.chromium.* rw,

with:

  owner /{dev,run}/shm/org.chromium.* rw,

… and then `sudo apparmor_parser -r /etc/apparmor.d/torbrowser.Browser.firefox'
and retry?

If that works better for you, then I'll submit a pull request upstream
about this (and will ask my team-mates who actively maintain
torbrowser-launcher to consider applying the patch in Debian without
waiting for a new upstream release).

Cheers,
-- 
intrigeri



More information about the Pkg-privacy-maintainers mailing list