search

torproject / torbrowser-launcher

Securely and easily download, verify, install, and launch Tor Browser in Linux. This repository is a mirror of https://gitlab.torproject.org/tpo/applications/torbrowser-launcher
MIT License
779 stars 181 forks source link

`Test` button in `about:preferences#connection` causes AppArmor denial for obfs4proxy #656

Open pabs3 opened 1 year ago

pabs3 commented 1 year ago

Pressing the Test button in the about:preferences#connection panel (new in Tor Browser 11.5) does nothing, probably due to the AppArmor denial blocking the browser component from directly using the pluggable transports, obfs4proxy in particular.

Nov 10 13:56:35 audit[184602]: AVC apparmor="DENIED" operation="exec" profile="torbrowser_firefox" name="/home/pabs/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/TorBrowser/Tor/PluggableTransports/obfs4proxy" pid=184602 comm=444F4D20576F726B6572 requested_mask="x" denied_mask="x" fsuid=1000 ouid=1000

I tried copying the PluggableTransports allow from the torbrowser.Tor.tor AppArmor profile to the torbrowser.Browser.firefox profile and reloading but it does not seem to have worked even after a browser exit and restart.

pabs3 commented 1 year ago

I note that this issue breaks the captcha in the "Request a Bridge" dialog too.

pabs3 commented 1 year ago

This particular issue seems to have been fixed at some point, but the feature is still broken and the audit log gives new errors:

Jan 11 22:30:30 audit[1378356]: AVC apparmor="DENIED" operation="open" profile="torbrowser_firefox" name="/sys/kernel/mm/transparent_hugepage/hpage_pmd_size" pid=1378356 comm="obfs4proxy" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Jan 11 22:30:30 audit[1378356]: AVC apparmor="DENIED" operation="open" profile="torbrowser_firefox" name="/proc/sys/net/core/somaxconn" pid=1378356 comm="obfs4proxy" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Jan 11 22:30:30 audit[1378356]: AVC apparmor="DENIED" operation="open" profile="torbrowser_firefox" name="/etc/services" pid=1378356 comm="obfs4proxy" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Jan 11 22:30:30 audit[1378356]: AVC apparmor="DENIED" operation="open" profile="torbrowser_firefox" name="/etc/services" pid=1378356 comm="obfs4proxy" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Jan 11 22:30:30 audit[1378356]: AVC apparmor="DENIED" operation="create" profile="torbrowser_firefox" pid=1378356 comm="obfs4proxy" family="inet" sock_type="dgram" protocol=0 requested_mask="create" denied_mask="create"
pabs3 commented 1 year ago

PS: I am using the torbrowser-launcher 0.3.5-3 package from Debian bookworm.