1. 12 Jun, 2020 1 commit
  2. 22 Nov, 2019 2 commits
  3. 03 Oct, 2019 1 commit
    • intrigeri's avatar
      Thunderbird: run /usr/local/bin/tor-browser unconfined instead of under the... · 666012e9
      intrigeri authored
      Thunderbird: run /usr/local/bin/tor-browser unconfined instead of under the sanitized_helper profile (refs: #17105)
      
      The sanitized_helper profile will allow our tor-browser wrapper script to run
      basically any executable, including the firefox binary, which is intended.
      But under sanitized_helper, such execution is subject to environment scrubbing,
      that is: the tor-browser wrapper script cannot pass environment variable to Tor
      Browser… which breaks some Tor Browser functionality. For example, videos played
      in Tor Browser would have no sound, whenever Tor Browser had been started by
      clicking a URL in Thunderbird.
      
      Instead, let's start /usr/local/bin/tor-browser unconfined with Ux,
      that is:
      
       - Ux scrubs the environment before executing /usr/local/bin/tor-browser, which
         protects this script against an exploited Thunderbird.
      
       - When the /usr/local/bin/tor-browser wrapper starts Tor Browser, it will
         be confined under the torbrowser_firefox profile by Linux, as intended,
         because that profile is attached to the path of the Firefox binary.
      666012e9
  4. 11 Jul, 2019 2 commits
  5. 24 May, 2019 1 commit
  6. 18 Mar, 2019 1 commit
  7. 17 Mar, 2019 1 commit
  8. 29 Nov, 2018 2 commits
  9. 05 Nov, 2018 1 commit
  10. 21 Aug, 2018 1 commit
  11. 14 Aug, 2018 1 commit
  12. 16 Jun, 2018 1 commit
    • intrigeri's avatar
      Don't give Thunderbird its own TMPDIR anymore and drop the corresponding,... · 80ca5660
      intrigeri authored
      Don't give Thunderbird its own TMPDIR anymore and drop the corresponding, incomplete AppArmor profile adjustments (refs: #15610)
      
      The rationale provided for this customization (commit:a1fd1f0f, #9558) does not
      hold here: the AppArmor profile allows Thunderbird to access /tmp anyway.
      
      Besides, the AppArmor profile tweaks we had in place to match this custom
      TMPDIR were incomplete: for example, as reported on #15395#note-24
      this broke importing public OpenPGP keys from email attachments.
      80ca5660
  13. 25 May, 2018 1 commit
  14. 26 Feb, 2018 3 commits
  15. 24 Feb, 2018 1 commit
  16. 23 Feb, 2018 2 commits