[HOME] [DOWNLOAD] [DOCS] [BLOG] [SUPPORT] [TIPS] [ISSUES] [Priority Support]

AppArmor & FoxyProxy


#1

FoxyProxy works fine with Tor Browser 7.0a2 hardened, but the AppArmor message appears as follows:

apparmor=“DENIED” operation=“open"
profile=”/home/**/tor-browser*/Browser/firefox"
name="/run/user/1000/dconf/user" pid=XXXX comm="firefox"
requested_mask=“rwc” denied_mask=“rwc” fsuid=1000 ouid=1000

Patrick seems to think it’s harmless, but noting it FYI.


#2

Now tracked here https://phabricator.whonix.org/T662.


#3

@torjunkie
Do you still get this message with 7.0.1?


#4

Hi,

I haven’t tested this for several months, so I’m not sure sorry.

If I have some time later on, I’ll try it again.


#5

It still appears with 7.0.6.

According to our own FoxyProxy template:

can be safely ignored since FoxyProxy never needs access to this dconf/user. However, if you’d like give the Tor Browser permission to use tempory file directory /run/user/ and not receive the warning, edit the file

And uncomment line
# owner /run/user/[0-9]*/** rwkl,
by removing the #.

Seems too permissive if(?) compromised Tor Browser can edit other applications’ configuration keys in dconf. (https://wiki.gnome.org/Projects/dconf/SystemAdministrators)

Perhaps, better to just silence the message:
audit /run/user/[0-9]*/dconf/* rwk,


Also of interest, FoxyProxy is now included in Debian Stretch:
Nevermind, it’s always been in Debian repos…
https://packages.debian.org/stretch/xul-ext-foxyproxy-standard

Supports firefox-esr so may work with Tor Browser.