Whonix AppArmor Profiles Development Discussion

Does the slash make a difference? Does it work without? Does it require updated packages in the repository?
No need to update the package, it works without the slash. It's a reflex on my side, to discriminate a file from a folder.
As they are currently or do we need your latest fix before the big shout out?
Let's make the big jump. I have triple checked, the latest fix is not necessary.

Merged.

Rewrote https://www.whonix.org/wiki/Template:AppArmorProfileWarning to make it sound much less scary and neutral.

In the blog, It might be worth explaining how to report AppArmor messages, with "sudo tail -f /var/log/kern/log".

Let’s perhaps add this to AppArmor?

Can we delete the individual profiles on the wiki?

(Oh, in case you don’t want, by the way, there is also a mediawiki extension to embed code files from github in mediawiki.)

Ok, let’s go through a final round of prettifying AppArmor? Made some changes to make it clearer. Please feel free to be bold in your changes.

The “Wishlist” and “Additional inspiration” should be moved to the new bugtracker as soon it’s ready, I think.

Do you have a proposal for the blog post? Got/want a blog account?

apparmor-profile-whonixcheck:
Added full read access on /etc/tor folder. Not an important change, but useful in future and more robust. This is needed for whonxicheck to see if Tor has been enabled in torrc (DisableNetwork 0). It already works, but only implicitly, because apparmor-profile-anondist allows access to /etc/tor/tor.anodist. When someone uses symlinks to torrc (for example tor-launcher adds a symlink /etc/tor/torrc.orig1 → /etc/tor/torrc) then it would break. Therefore given full read access. Please review.
https://github.com/Whonix/apparmor-profile-whonixcheck/commit/df62d410ee9f0781ac3a465481d65bdd7581e397

Downloading files in torbrowser is denied by apparmor, even the default download folder.

Minor changes, because sdwdate has been refactored:

Thanks for reporting.

You have to create a folder “/home/user/Downolads”. It will be created by default in Whonix 10. create once /home/user/Downloads · Kicksecure/usability-misc@ea231d9 · GitHub. Then in the “Preferences/General” tab, set the “Save files to” box to “/home/user/Downloads”.

This is something we’ll have to clarify. When Tor Browser is confined, it does not honor the Preferences “Always ask me where to save files” option, which is the default setting. It tries to save the file in “TorBrowserPath/tor-browser_en-US/Browser/Downloads”, a directory that does not exist after installation.

@parick
To circumvent the problem, may be we should create a /home/user/tor-browser_en-US/Browser/Downloads" directory, as well as the “/home/user/Downloads”. The user could set the preferences later,

Micah Lee is doing that, in “~/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/Downloads”, which does not help finding the downloads . The access to @HOME is forbidden. That has been the main discussion point about usability I had in torbrowser-launcher issues on github.

[quote=“Patrick, post:467, topic:108”]Minor changes, because sdwdate has been refactored:

OK. This a new entry in the profile. In case only the path or the mask is changing, can you leave the old lines untouched and add new lines, for compatibility with older versions?. The cleanup can be done whenever we feel it’s safe.

[quote=“troubadour, post:469, topic:108”][quote author=Patrick link=topic=97.msg5527#msg5527 date=1416021015]
Minor changes, because sdwdate has been refactored:

OK. This a new entry in the profile. In case only the path or the mask is changing, can you leave the old lines untouched and add new lines, for compatibility with older versions?. The cleanup can be done whenever we feel it’s safe.[/quote]
+1

Done for Whonix 10. Untested. Will do so after extracting a new install of TB.

Thinking ahead… When we are getting a local browser homepage for Whonix

What would be a good storage location / path to be compatible with Whonix’s apparmor-profile-torbrowser profile?

We could just add any path to suite us… But…

Keeping compatibility with torbrowser-launcher in mind for the future… So ideally it would be compatible with torbrowser-launcher’s Tor Browser AppArmor profile as well. Can you think off any path we might convince them to add for this use case? Ideally not adding “whonix” within the path name. Some thing like…

/usr/share/homepage r, /usr/share/homepage/** r,

How does that sound? Then we we put the local Whonix homepage into /usr/share/homepage/whonix and others are free to use /usr/share/homepage/tails and so forth?

[quote=“Patrick, post:472, topic:108”]Thinking ahead… When we are getting a local browser homepage for Whonix

What would be a good storage location / path to be compatible with Whonix’s apparmor-profile-torbrowser profile?

We could just add any path to suite us… But…

Keeping compatibility with torbrowser-launcher in mind for the future… So ideally it would be compatible with torbrowser-launcher’s Tor Browser AppArmor profile as well. Can you think off any path we might convince them to add for this use case? Ideally not adding “whonix” within the path name. Some thing like…

/usr/share/homepage r, /usr/share/homepage/** r,

How does that sound? Then we we put the local Whonix homepage into /usr/share/homepage/whonix and others are free to use /usr/share/homepage/tails and so forth?[/quote]
That sounds good. It is an obvious place where to put the homepage. I will make the addition to the profile.

What sounds good too is to have a Whonix homepage. :slight_smile: Whatever the look, it will be better than a blank page.

Still, /usr/share/homepage seems the best candidate. I do not know if Micah is maintaining the profiles in torbrowser-launcher. Intrigeri has made some pull requests earlier, with major updates. Should we open a ticket in torbrowser-launcher github issues now? I am not sure how we should phrase it.

Yes. Let’s phrase it together. I am a big fan of phrasing things together. Much better chance of being clear, understood and succeeding.

I guess a pull request adding these two lines would do.

Don’t remember… If you’re uncomfortable with git branches and pull requests, would you be comfortable using github’s internal editor? (Or I do it. Nevermind. Either way.)

Here is my proposal. (Using github markup already.) Please feel free to either post it right away, either after adjusting it or not, or going through another round of discussion if you feel that’s useful.

[hr]

There is currently a patch in the works to allow distributions set a Tor Browser homepage using an environment variable. We at @Whonix would like to use it and are not aware of a canonical way, where Linux distributions or derivatives could store their local homepages.

What do you think about adding a read-only AppArmor permission to the /usr/share/homepage folder?

(@Whonix is probably soon getting a [local homepage](Whonix Forum. And we would like to store our local homepage at /usr/share/homepage/whonix-homepage.)

The distribution agnostic path name /usr/share/homepage should allow any distribution or derivative allow dropping their homepage folder there.

Can you please check if this approach is sane, review and merge?

@intrigeri, @micahflee, @adrelanos

A bit of history. When I tested torbrowser-launcher for the first time in jessie, it was not working with AppArmor. I did check the profiles, there were some path issues firstly. I had to modify all four profiles in order to get it working happily when confined. I opened a ticket on github and Micah merged my profiles. apparmor modifications · Issue #119 · micahflee/torbrowser-launcher · GitHub

There was a subsequent discussion with Intrigeri (Many new issues introduced with recent changes to the AppArmor profiles · Issue #124 · micahflee/torbrowser-launcher · GitHub) that is besides the point I want to make (but it is a lesson).

I believe that for such a small change, we have a fair chance that it will be accepted right away. I will fork torbrowser.Browser.firefox, make the changes and post the request on github.

I cannot post the issue on GitHub - micahflee/torbrowser-launcher: Securely and easily download, verify, install, and launch Tor Browser in Linux. The “Submit new issue” button stays disabled. Could you give it a try? Nothing urgent, but that would be done.
The appended text:

[hr]

There is currently a patch in the works to allow distributions set a Tor Browser homepage using an environment variable. We at @Whonix would like to use it and are not aware of a canonical way, where Linux distributions or derivatives could store their local homepages.

What do you think about adding a read-only AppArmor permission to the /usr/share/homepage folder?

(@Whonix is probably soon getting a [local homepage](Whonix Forum. And we would like to store our local homepage at /usr/share/homepage/whonix-homepage.)

The distribution agnostic path name /usr/share/homepage should allow any distribution or derivative allow dropping their homepage folder there.

Can you please check if this approach is sane, review and merge commit 12402ae7 ?

Done:

FYI. Could(!) contain interesting info:

Two small commits to GitHub - Kicksecure/apparmor-profile-torbrowser: AppArmor profile for The Tor Browser Bundle (TBB) - https://www.whonix.org/wiki/AppArmor - for better security (hardening).. (Browser homepage.)