-
intrigeri authored
Thunderbird: run /usr/local/bin/tor-browser unconfined instead of under the sanitized_helper profile (refs: #17105) The sanitized_helper profile will allow our tor-browser wrapper script to run basically any executable, including the firefox binary, which is intended. But under sanitized_helper, such execution is subject to environment scrubbing, that is: the tor-browser wrapper script cannot pass environment variable to Tor Browser… which breaks some Tor Browser functionality. For example, videos played in Tor Browser would have no sound, whenever Tor Browser had been started by clicking a URL in Thunderbird. Instead, let's start /usr/local/bin/tor-browser unconfined with Ux, that is: - Ux scrubs the environment before executing /usr/local/bin/tor-browser, which protects this script against an exploited Thunderbird. - When the /usr/local/bin/tor-browser wrapper starts Tor Browser, it will be confined under the torbrowser_firefox profile by Linux, as intended, because that profile is attached to the path of the Firefox binary.
666012e9