TBB Upstreaming of Yawning's Firejail Script
This ticket is to track the eventual inclusion for a Firejail aware start-tor-browser script in TBB releases - it attempts to run TBB in Firejail if detected on the system. Firejail is a popular and well maintained software containment system available in Debian.
(Yawning is very busy these days and won't be able to work on it. Thanks Yawning for writing it in the first place!)
Since a Tor Browser planned changes is to release versions that can take advantage of system containment features - this work complements it IMHO.
https://git.schwanenlied.me/yawning/tor-firejail
https://lists.torproject.org/pipermail/tor-dev/2016-May/010948.html
Activity
Current: https://gitweb.torproject.org/builders/tor-browser-bundle.git/tree/RelativeLink/start-tor-browser
Proposed: https://git.schwanenlied.me/yawning/tor-firejail/src/master/start-tor-browser
The diff looks reasonable. Should be safe for with non-firejail users.
> # > # Automagic sandboxing based on firejail if it's available. > # > BROWSER_CMD=./firefox > if [ -x /usr/bin/firejail ]; then > BROWSER_CMD="/usr/bin/firejail --profile=${HOME}/tor-browser.profile \ > --env=LD_LIBRARY_PATH=${LD_LIBRARY_PATH} \ > --env=FONTCONFIG_PATH=${FONTCONFIG_PATH} \ > --env=FONTCONFIG_FILE=${FONTCONFIG_FILE} \ > --env=ASAN_OPTIONS=${ASAN_OPTIONS} \ > --whitelist=${HOME} \ > ./firefox" > fi > 359c373 < TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \ --- > TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${BROWSER_CMD} --class "Tor Browser" \ 363c377 < TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \ --- > TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${BROWSER_CMD} --class "Tor Browser" \ 367c381 < TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \ --- > TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${BROWSER_CMD} --class "Tor Browser" \ 371c385 < TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \ --- > TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${BROWSER_CMD} --class "Tor Browser" \ 374c388 < TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \ --- > TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${BROWSER_CMD} --class "Tor Browser" \If you do not mind, please copy https://git.schwanenlied.me/yawning/tor-firejail/src/master/start-tor-browser over https://gitweb.torproject.org/builders/tor-browser-bundle.git/tree/RelativeLink/start-tor-browser... [*] I think this patch is ready for review.
[*] I could also create a git branch.
Trac:
Status: new to needs_reviewA few things.
- Just the script changes is insufficient and will probably misbehave if the firejail profile isn't in the bundle directory.
- The way I setup the profile along with other things probably breaks things, for example, I was rather restrictive about which filesystem paths are allowed, which will at a minimum confuse users.
FOR MY USECASES this works great, and I've been using it in various forms since I first bothered to set up the thing, but I didn't test anything, and I'm do not want to fix random things that break for other people, and will probably ignore most cries for help.
If those caveats are ok, then do what you want, I don't care.
Replying to adrelanos:
The diff looks reasonable. Should be safe for with non-firejail users.
What about users that have firejail installed but only configured for a particular application which is not Tor Browser? Or maybe they just have firejail on their computer for some reason without doing any sandboxing at the moment at all.
And what would it buy our users just having the script differences merged without Tor Browser coming with a usable profile?
Trac:
Parent: N/A to #19750 (moved)mentioned in issue #19750 (moved)