[Pkg-anonymity-tools] Bug#783922: Newest TBB does not start with provided AppArmor profile in enforce mode
Fabian Grünbichler
fabian.gruenbichler at student.tuwien.ac.at
Fri May 1 09:51:06 UTC 2015
Package: torbrowser-launcher
Version: 0.1.9-1
Severity: normal
Tags: upstream
Starting the TBB using "torbrowser-launcher" simply exits without any
error message. When run from a terminal, the following output is displayed:
-------------snip-------------
Tor Browser Launcher
By Micah Lee, licensed under MIT
version 0.1.9
https://github.com/micahflee/torbrowser-launcher
Initializing Tor Browser Launcher
Importing keys
gpg: key 63FEE659: "Erinn Clark <erinn at torproject.org>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
gpg: key 93298290: "Tor Browser Developers (signing key)
<torbrowser at torproject.org>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
Starting launcher dialog
LATEST VERSION 4.5
Checked for update within 24 hours, skipping
Latest version of TBB is installed, launching
/usr/bin/env: error while loading shared libraries: cannot apply
additional memory protection after relocation: Permission denied
--------------snap-------------
AppArmor logs the following DENIED operation (once for every attempt to
start using torbrowser-launcher):
kernel: audit: type=1400 audit(1430470986.687:11317): apparmor="DENIED"
operation="file_mprotect"
profile="/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/,}start-tor-browser"
name="/usr/bin/env" pid=2014 comm="start-tor-brows" requested_mask="r"
denied_mask="r" fsuid=1000 ouid=0
Strangely, the exit code of torbrowser-launcher is 0.
Putting the AppArmor profile torbrowser.start-tor-browser into complain
mode "solves" the problem. The other profiles (for the bundled firefox,
tor and the torbrowser-launcher itself) are all in enforce mode without
problems.
It seems this was already reported upstream on
https://github.com/micahflee/torbrowser-launcher/issues/177
Thanks for your work on Tor and the Tor Browser!
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (510, 'unstable'), (500, 'stable-updates'), (500,
'stable'), (310, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages torbrowser-launcher depends on:
ii gnupg 1.4.18-7
ii python 2.7.9-1
ii python-gtk2 2.24.0-4
ii python-lzma 0.5.3-2+b1
ii python-parsley 1.2-1
ii python-psutil 2.1.1-1+b1
ii python-twisted 14.0.2-3
ii python-txsocksx 1.13.0.3-1
ii tor 0.2.5.12-1
ii wmctrl 1.07-7
torbrowser-launcher recommends no packages.
Versions of packages torbrowser-launcher suggests:
ii apparmor 2.9.0-3
pn python-pygame <none>
-- no debconf information
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-anonymity-tools/attachments/20150501/d973dbc0/attachment.sig>
More information about the Pkg-anonymity-tools
mailing list