Commit 8adcfc21 authored by Tails developers's avatar Tails developers
Browse files

Run Tor Launcher in an unconfined Firefox.

Running Tor Launcher with the same AppArmor profile as Tor Browser would force
us to open that profile too broadly. E.g. it requires the ability to run
dbus-daemon, to give an idea.

Given:

 * Tor Launcher runs as a dedicated user
 * Tor Launcher runs very early, at a time when the user likely isn't doing
   anything sensitive to X keystrokes sniffing etc., and closes immediately
   after Tor is ready
 * Tor Launcher offers a very limited set of functionality

=> it seems safe enough to run it unconfined, at least for now.
parent a3f460e3
......@@ -210,6 +210,10 @@ install_debian_extensions "${TBB_EXT}" ${DEBIAN_EXT_PKGS}
mkdir -p "${TBB_PROFILE}"
create_default_profile "${TBB_INSTALL}"/TorBrowser/Data/Browser/profile.default "${TBB_EXT}" "${TBB_PROFILE}"
# Create a copy of the Firefox binary, for use e.g. by Tor Launcher.
# It won't be subject to AppArmor confinement.
cp -a "${TBB_INSTALL}/firefox" "${TBB_INSTALL}/firefox-unconfined"
chown -R root:root "${TBB_INSTALL}" "${TBB_PROFILE}" "${TBB_EXT}"
chmod -R a+rX "${TBB_INSTALL}" "${TBB_PROFILE}" "${TBB_EXT}"
......
......@@ -27,4 +27,4 @@ EOF
configure_best_tor_launcher_locale "${HOME}"/.tor-launcher/TorBrowser/Data/Browser/profile.default
fi
exec_firefox -app "${HOME}"/.tor-launcher/tor-launcher-standalone/application.ini
exec_unconfined_firefox -app "${HOME}"/.tor-launcher/tor-launcher-standalone/application.ini
......@@ -11,6 +11,12 @@ exec_firefox() {
exec "${TBB_INSTALL}"/firefox "${@}"
}
exec_unconfined_firefox() {
LD_LIBRARY_PATH="${TBB_INSTALL}"
export LD_LIBRARY_PATH
exec "${TBB_INSTALL}"/firefox-unconfined "${@}"
}
guess_best_tor_browser_locale() {
local long_locale short_locale similar_locale
long_locale="$(echo ${LANG} | sed -e 's/\..*$//' -e 's/_/-/')"
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment