apparmor-profile-torbrowser was blocking the ability of TB to access to any /home/user/folder except for /Downloads and the one where TB exist.
Now the profile doenst do any of that instead it allowed the access to all folders.
apparmor-profile-torbrowser was blocking the ability of TB to access to any /home/user/folder except for /Downloads and the one where TB exist.
Now the profile doenst do any of that instead it allowed the access to all folders.
File /etc/apparmor.d/home.tor-browser.firefox
uses:
include <abstractions/user-download>
That means it uses the rules which are written in this file::
/etc/apparmor.d/abstractions/user-download
This file is owned by the apparmor package. Why do I think so? Commands:
dpkg -S /etc/apparmor.d/abstractions/user-download
shows:
apparmor: /etc/apparmor.d/abstractions/user-download
File /etc/apparmor.d/abstractions/user-download
contains AppArmor rules which one could argue are too lenient.
AppArmor upstream file location:
It contains for example, quote:
owner @{HOME}/[^.]* rwl,
Reported a bug upstream:
Commented again.
For developers:
sudoedit /etc/apparmor.d/home.tor-browser.firefox && sudo aa-enforce /etc/apparmor.d/home.tor-browser.firefox && torbrowser && sudo apparmor-info --boot && sudo aa-logprof
This has been fixed and is now in the developers repository.
This is now in the testers repository.
This commit might have caused a regression.
I don’t really have time to perfect this. This will hopefully be fixed or at least then a maintainer is available who knows more about AppArmor and can investigate such issues when apparmor.d gets available in Whonix which is TODO.
Actually no regression or to a much lesser degree. No file in ~/home
folder (which is not in ~/home/Downloads
folder can be read by the browser.
But the file names (not contents!) can be read if these are in ~/home
folder. This is also unwanted. But by denying read access to all of ~/home
then the user would be unable to navigate to ~/home/Downloads
.
Is this issue applicable to, solvable in apparmor.d? @roddhjav
In apparmor.d
for Firefox/TorBrowser (and all browsers), I use both:
abstractions/user-download-strict
to allow read write on well defined download directroryabstractions/user-read
to allow read access on labelled directory (ie: covered by a XDG style variable)This is the best way I found to maintain usability without allowing everything in /home/*/
: restrict write, allow read from well defined directory.
But the file names (not contents!) can be read if these are in
~/home
folder. This is also unwanted.
You might have something like owner @{HOME}/ r,
in the profile. You should test if you can safely deny it or not.
This is now in the stable repository.