[HOME] [DOWNLOAD] [DOCS] [BLOG] [SUPPORT] [TIPS] [ISSUES] [Priority Support]

Apparmor breaks TorBrowser in KVM


#1

When the TorBrowser profiles are enabled, the browser displays only blank pages.

How to reproduce:

Install Whonix Workstation in KVM. Use testers repo. Install apparmor. Run TorBrowser. Browser is now blank, it shows only white pages.

I dont know if this affects only KVM.


#2

//cc @HulaHoop


#3

This is a general Apparmor support I’d say. KVM operates at a much lower level and wouldn’t really influence the layer Apparmor works at.

You can help pinpoint the problem by posting debugging info for the profile but personally I don’t know much to help.


#4

There is some KVM specificness such as /dev/kvm which one wouldn’t notice unless developing the apparmor profile under KVM. (Similarly there are VirtualBox specific virtual linux devices.) Missing access to these virtualizer specific virtual linux deivces can lead to an apparmor profile working in VirtualBox but not KVM or vice versa.


#5

Hm. I thought /dev/kvm was only relevant on the host side when confining vm guests since you’d need to allow access to the hypervisor privileged components while confining other paths with Apparmor…