AppArmor & FoxyProxy

FoxyProxy works fine with Tor Browser 7.0a2 hardened, but the AppArmor message appears as follows:

apparmor=“DENIED” operation=“open”
profile=“/home/**/tor-browser*/Browser/firefox”
name=“/run/user/1000/dconf/user” pid=XXXX comm=“firefox”
requested_mask=“rwc” denied_mask=“rwc” fsuid=1000 ouid=1000

Patrick seems to think it’s harmless, but noting it FYI.

1 Like

Now tracked here ⚓ T662 AppArmor & FoxyProxy denied message.

@torjunkie
Do you still get this message with 7.0.1?

Hi,

I haven’t tested this for several months, so I’m not sure sorry.

If I have some time later on, I’ll try it again.

1 Like

It still appears with 7.0.6.

According to our own FoxyProxy template:

can be safely ignored since FoxyProxy never needs access to this dconf/user. However, if you’d like give the Tor Browser permission to use tempory file directory /run/user/ and not receive the warning, edit the file

And uncomment line
# owner /run/user/[0-9]*/** rwkl,
by removing the #.

Seems too permissive if(?) compromised Tor Browser can edit other applications’ configuration keys in dconf. (Projects/dconf/SystemAdministrators - GNOME Wiki!)

Perhaps, better to just silence the message:
audit /run/user/[0-9]*/dconf/* rwk,


Also of interest, FoxyProxy is now included in Debian Stretch:
Nevermind, it’s always been in Debian repos…
https://packages.debian.org/stretch/xul-ext-foxyproxy-standard

Supports firefox-esr so may work with Tor Browser.

2 Likes