Project

General

Profile

Bug #15717

Feature #15023: Upgrade to Tor Browser based on Firefox ESR60

Firefox' "Web Content" processes are not confined as strictly as they used to

Added by intrigeri 11 months ago. Updated 11 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
-
Target version:
Start date:
07/05/2018
Due date:
% Done:

100%

QA Check:
Feature Branch:
Type of work:
Code
Blueprint:
Starter:
Affected tool:
Browser

Description

Previously they would run under their own, stricter AppArmor profile (torbrowser_plugin_container) but they're not a different binary anymore: Firefox now calls its own binary to start a new Web Content process, so these processes run under the torbrowser_firefox profile.


Related issues

Related to Tails - Bug #12679: Sandbox Tor Browser's content renderer processes more strictly Resolved 06/10/2017
Blocks Tails - Feature #15334: Core work 2018Q3: Foundations Team Resolved 02/20/2018

Associated revisions

Revision f6627223 (diff)
Added by intrigeri 11 months ago

AppArmor: give the Tor Browser "Web Content" process access to the system-wide webext directory (refs: #15717)

… otherwise uBlock cannot be loaded once we confine these processes under their
own AppArmor profile.

History

#1 Updated by intrigeri 11 months ago

  • Related to Bug #12679: Sandbox Tor Browser's content renderer processes more strictly added

#2 Updated by intrigeri 11 months ago

#3 Updated by intrigeri 11 months ago

  • Status changed from Confirmed to Resolved
  • % Done changed from 0 to 100

#4 Updated by intrigeri 11 months ago

  • Assignee deleted (intrigeri)
  • Type of work changed from Research to Code

Also available in: Atom PDF