search

netblue30 / firejail

Linux namespaces and seccomp-bpf sandbox
https://firejail.wordpress.com
GNU General Public License v2.0
5.8k stars 567 forks source link

[Tor Browser] ‘./Browser/execdesktop’: No such file or directory #2429

Closed brainscar closed 5 years ago

brainscar commented 5 years ago

Hi,

Thank you for your hard work. I was wondering if you could help me with the following issue:

OS: Manjaro Linux Package used: https://aur.archlinux.org/packages/tor-browser

When I try to run tor browser as such:

firejail --profile=/etc/firejail/start-tor-browser.profile /home/brainscar/.tor-browser/app/start-tor-browser.desktop

I get the following error:

/usr/bin/env: ‘./Browser/execdesktop’: No such file or directory

This is start-tor-browser.desktop:

[Desktop Entry]
Type=Application
Name=Tor Browser
GenericName=Web Browser
Comment=Tor Browser is +1 for privacy and -1 for mass surveillance
Categories=Network;WebBrowser;Security;
Exec=sh -c '"/home/brainscar/.tor-browser/app/Browser/start-tor-browser" --detach || ([ !  -x "/home/brainscar/.tor-browser/app/Browser/start-tor-browser" ] && "$(dirname "$*")"/Browser/start-tor-browser --detach)' dummy %k
X-TorBrowser-ExecShell=./Browser/start-tor-browser --detach
Icon=/home/brainscar/.tor-browser/app/Browser/browser/chrome/icons/default/default128.png
StartupWMClass=Tor Browser

Hope you can help.

Thank you.

rusty-snake commented 5 years ago
  1. $HOME/.tor-browser/ is not whitelisted, fix: firejail --whitelist=$HOME/.tor-browser --profile=/etc/firejail/start-tor-browser.profile /home/brainscar/.tor-browser/app/start-tor-browser.desktop
  2. You must execute this in $HOME/.tor-browser/app/, fix: firejail --profile=/etc/firejail/start-tor-browser.profile $HOME/.tor-browser/app/Browser/start-tor-browser --detach

Final fix: firejail --whitelist=$HOME/.tor-browser --profile=/etc/firejail/start-tor-browser.profile $HOME/.tor-browser/app/Browser/start-tor-browser --detach

smitsohu commented 5 years ago

General question: Are the colon characters in start-tor-browser.desktop.profile supposed to be there?

Also I think it would be good if the desktop file was mounted read-only in the sandbox. Scratch that, the desktop file alone doesn't make much sense. But in a perfect world there would certainly be second, stricter profile where the entire folder ~/.tor-browser is read-only and only some selected paths are writable :)

rusty-snake commented 5 years ago

@smitsohu Yes. I know the issue FJ + TBB well several discussions in german forums, so I'm working on a tutorial right now.

SkewedZeppelin commented 5 years ago

@rusty-snake @brainscar what is wrong with using torbrowser-launcher?

Are the colon characters in start-tor-browser.desktop.profile supposed to be there?

@smitsohu I don't think so

rusty-snake commented 5 years ago

@SkewedZeppelin torbrowser-launcher has IMHO some annoying Issues.

brainscar commented 5 years ago

Thank you so much @rusty-snake you're awesome. That totally worked.