AppArmor & FoxyProxy


FoxyProxy works fine with Tor Browser 7.0a2 hardened, but the AppArmor message appears as follows:

apparmor=“DENIED” operation=“open"
name="/run/user/1000/dconf/user" pid=XXXX comm="firefox"
requested_mask=“rwc” denied_mask=“rwc” fsuid=1000 ouid=1000

Patrick seems to think it’s harmless, but noting it FYI.


Now tracked here https://phabricator.whonix.org/T662.


Do you still get this message with 7.0.1?



I haven’t tested this for several months, so I’m not sure sorry.

If I have some time later on, I’ll try it again.


It still appears with 7.0.6.

According to our own FoxyProxy template:

can be safely ignored since FoxyProxy never needs access to this dconf/user. However, if you’d like give the Tor Browser permission to use tempory file directory /run/user/ and not receive the warning, edit the file

And uncomment line
# owner /run/user/[0-9]*/** rwkl,
by removing the #.

Seems too permissive if(?) compromised Tor Browser can edit other applications’ configuration keys in dconf. (https://wiki.gnome.org/Projects/dconf/SystemAdministrators)

Perhaps, better to just silence the message:
audit /run/user/[0-9]*/dconf/* rwk,

Also of interest, FoxyProxy is now included in Debian Stretch:
Nevermind, it’s always been in Debian repos…

Supports firefox-esr so may work with Tor Browser.