Yes, we run /usr/bin/torbrowser unconfined. Tor Browser is still enforced.
Merged.
…
Minor.
Merged.
systemd AppArmorProfile= directive unavailable leads to not loading AppArmor profile on Debian jessie
:
https://github.com/Whonix/whonixcheck/commit/c93a264d47e67eeace9fc657ff6e52ef492ac5ff
https://github.com/Whonix/whonixcheck/commit/971260573446e73d288424df06a39e076d590724
https://github.com/Whonix/whonixcheck/commit/e49e3157b2a2aa17c293b441a405034eb43dcfab
Any changes from
required in apparmor-profile-torbrowser/home.tor-browser.firefox at master · Kicksecure/apparmor-profile-torbrowser · GitHub?
Anything we should apply to GitHub - Kicksecure/apparmor-profile-torbrowser: AppArmor profile for The Tor Browser Bundle (TBB) - https://www.whonix.org/wiki/AppArmor - for better security (hardening). as well?
Following the last post from @iry and the issue regarding /etc/torrc.d
, an update to apparmor-profile-whonixcheck, including /usr/local/etc/apparmor.d
just in case.
Note.
After cloning my repository from github, I fetched and merged https://github.com/Whonix/apparmor-profile-whonixcheck, which is out of date. So I copied the installed profile in the package folder and then made the changes, hence the two commits.
apparmor-profile-whonixcheck does no longer exist. We integrated it into whonixcheck. (Please merge Whonix master please.)
That explains.
The same change in whonixcheck.
After installing the profile, whonixcheck does not complain after running anon-connection-wizard.
Merged.
Are you sure the following is required?
/etc/ r,
/etc/torrc.d/ r,
/usr/local/etc/torrc.d/ r,
I speculate the following alone would do?
/etc/torrc.d/* rw,
/usr/local/etc/torrc.d/* rw,
Wondering because we had /etc/tor/** r,
without /etc/ r,
and it always worked.