Project

General

Profile

Bug #17105

No sound in videos played in Tor Browser started by Thunderbird

Added by sajolida about 1 month ago. Updated about 1 month ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
-
Target version:
Start date:
Due date:
% Done:

100%

Feature Branch:
bugfix/17105-torbrowser-started-from-thunderbird
Type of work:
Code
Blueprint:
Starter:
Affected tool:

Description

For example: https://tails.boum.org/install/win/usb/#animation

I get in the journal:

Sep 29 17:39:33 amnesia thunderbird.desktop[10809]: [Child 10016, MediaPlayback #1] WARNING: 71c56309cdc0 OpenCubeb() failed to init cubeb: file /var/tmp/build/firefox-944a0bc18ba6/dom/media/AudioStream.cpp, line 375
Sep 29 17:39:33 amnesia thunderbird.desktop[10809]: [Child 10016, MediaPlayback #1] WARNING: Decoder=71c56616ca00 [OnMediaSinkAudioError]: file /var/tmp/build/firefox-944a0bc18ba6/dom/media/MediaDecoderStateMachine.cpp, line 3385

The log mentions thunderbird but I'm trying to watch the video in Tor Browser.

The same happens on YouTube and Vimeo.


Related issues

Blocks Tails - Feature #16209: Core work: Foundations Team Confirmed

Associated revisions

Revision 666012e9 (diff)
Added by intrigeri about 1 month ago

Thunderbird: run /usr/local/bin/tor-browser unconfined instead of under the sanitized_helper profile (refs: #17105)

The sanitized_helper profile will allow our tor-browser wrapper script to run
basically any executable, including the firefox binary, which is intended.
But under sanitized_helper, such execution is subject to environment scrubbing,
that is: the tor-browser wrapper script cannot pass environment variable to Tor
Browser… which breaks some Tor Browser functionality. For example, videos played
in Tor Browser would have no sound, whenever Tor Browser had been started by
clicking a URL in Thunderbird.

Instead, let's start /usr/local/bin/tor-browser unconfined with Ux,
that is:

- Ux scrubs the environment before executing /usr/local/bin/tor-browser, which
protects this script against an exploited Thunderbird.
- When the /usr/local/bin/tor-browser wrapper starts Tor Browser, it will
be confined under the torbrowser_firefox profile by Linux, as intended,
because that profile is attached to the path of the Firefox binary.

Revision 5b3636ea
Added by segfault about 1 month ago

Merge branch 'bugfix/17105-torbrowser-started-from-thunderbird' into devel (Closes: #17105)

History

#1 Updated by intrigeri about 1 month ago

  • Subject changed from No sound in videos on 4.0~beta2 to No sound in videos played in Tor Browser on 4.0~beta2

#2 Updated by intrigeri about 1 month ago

  • Status changed from New to In Progress
  • Assignee set to intrigeri

I get in the journal:

> Sep 29 17:39:33 amnesia thunderbird.desktop[10809]: [Child 10016, MediaPlayback #1] WARNING: 71c56309cdc0 OpenCubeb() failed to init cubeb: file /var/tmp/build/firefox-944a0bc18ba6/dom/media/AudioStream.cpp, line 375
> Sep 29 17:39:33 amnesia thunderbird.desktop[10809]: [Child 10016, MediaPlayback #1] WARNING: Decoder=71c56616ca00 [OnMediaSinkAudioError]: file /var/tmp/build/firefox-944a0bc18ba6/dom/media/MediaDecoderStateMachine.cpp, line 3385
> 

Ouch!

The good news is that I can't reproduce this if I start Tor Browser from the Applications menu (which is reassuring since we do test this at release time).

However, I can reproduce this if I start Tor Browser by clicking on a link in Thunderbird:

thunderbird.desktop[10669]: [Child 12496, MediaPlayback #3] WARNING: 7eb23684d4c0 OpenCubeb() failed to init cubeb: file /var/tmp/build/firefox-944a0bc18ba6/dom/media/AudioStream.cpp, line 375

First, regarding the thunderbird.desktop part, it's definitely confusing but given how logind/journald work, I don't know how we can fix this for apps started from another app, as long as we have a /usr/local/bin/tor-browser wrapper used in our the tor-browser.desktop: given the firefox.real processes have no .desktop file, there's no way for logind/journald to tell whether a child process is "part of" the parent one, or a fully different external process. Creating a (hidden) .desktop file with Exec=/usr/local/lib/tor-browser/firefox.real might fix it but I doubt it's worth spending much time on it, if any.

Second, process 12496 is /usr/local/lib/tor-browser/firefox.real so it looks like something went wrong in the AppArmor profile transition on exec.
Interestingly though, aa-status tells me that process 12496 is confined by the torbrowser_firefox AppArmor profile, as expected.

I could fix this bug by replacing, in the usr.bin.thunderbird AppArmor profile, the "Allow opening attachments" section with this:

 # Allow opening attachments
 # TODO: create and use abstractions for opening various file formats
/{usr/,}bin/{[^gp],g[^p],gp[^g],p[^s]}* Cx -> sanitized_helper,
/usr/local/bin/{[^t],t[^o],to[^r],tor[^-],tor-[^b],tor-b[^r],tor-br[^o],tor-bro[^w],tor-brow[^s],tor-brows[^e],tor-browse[^r]}* Cx -> sanitized_helper,
/usr/local/bin/tor-browser Uxmr,
/usr/lib/libreoffice/program/soffice Cxr -> sanitized_helper,

The previous version caused this bug because our /usr/local/bin/tor-browser shell wrapper was started under sanitized_helper, which scrubs the environment when our wrapper in turn starts the Firefox process(es).

#3 Updated by intrigeri about 1 month ago

  • Subject changed from No sound in videos played in Tor Browser on 4.0~beta2 to No sound in videos played in Tor Browser started by Thunderbird

(Making it clearer what's the prerequisite to see this problem happens; dropping 4.0~beta2 indication as I bet this affects 3.x as well.)

#4 Updated by intrigeri about 1 month ago

#5 Updated by intrigeri about 1 month ago

  • Feature Branch set to bugfix/17105-torbrowser-started-from-thunderbird

#6 Updated by intrigeri about 1 month ago

  • Status changed from In Progress to Needs Validation
  • Assignee deleted (intrigeri)

#7 Updated by segfault about 1 month ago

  • Status changed from Needs Validation to Resolved
  • % Done changed from 0 to 100

Also available in: Atom PDF