Opened 7 years ago

Last modified 8 months ago

#6560 new enhancement

AppArmor, SELinux and other protections

Reported by: ioerror Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: needs-triage, apparmor
Cc: intrigeri, adrelanos@…, erinn, nicoo Actual Points:
Parent ID: #5791 Points:
Reviewer: Sponsor:

Description

We should create AppArmor, SELinux and other kernel level protection configurations for TorBrowser.

Child Tickets

Change History (12)

comment:1 Changed 7 years ago by Shondoit

I would recommend closing this as a duplicate of #5791. Unless you intended this to be something different.

(Also, there is no trac user called 'helix'.)

comment:2 Changed 6 years ago by intrigeri

Cc: intrigeri@… added

comment:3 Changed 6 years ago by proper

Cc: adrelanos@… added
Parent ID: #5791

comment:4 Changed 5 years ago by nickm

Cc: erinn added

Adding 'erinn' to cc list of every ticket with 'helix' in its cc list -- erinn is helix's trac username.

comment:5 Changed 5 years ago by nickm

Cc: helix removed

Removing helix from cc lists -- helix is not erinn's trac username.

comment:6 Changed 5 years ago by erinn

Keywords: needs-triage added

comment:7 Changed 5 years ago by erinn

Component: Tor bundles/installationTor Browser
Owner: changed from erinn to tbb-team

comment:8 Changed 5 years ago by intrigeri

Cc: intrigeri added; intrigeri@… removed

comment:9 Changed 5 years ago by intrigeri

FWIW, I've deeply reworked the AppArmor profiles shipped with the torbrowser-launcher, and they now look good: https://github.com/micahflee/torbrowser-launcher/tree/master/apparmor.

Note, though, that "thanks" to the way Ubuntu ships non-(upstream'ed|released)-yet AppArmor features, the profiles, the kernel logs will be polluted by denials to talk to dbus (reference: discussion starting at https://github.com/micahflee/torbrowser-launcher/issues/92#issuecomment-50591969). Yet, this apparently doesn't harm functionality.

comment:10 Changed 4 years ago by nicoo

Cc: nicoo added

comment:11 Changed 18 months ago by teor

Severity: Normal

Set all open tickets without a severity to "Normal"

comment:12 Changed 8 months ago by traumschule

Keywords: apparmor added

group tickets related to AppArmorForTBB/tor packages

Note: See TracTickets for help on using tickets.