Sandbox the web browser
The web browser probably has one the biggest attack surface exposed by Tails to a network attacker, so anything we can do to make it harder, for an attacker, to escalate from "browser exploited" to "whole system under's attacker control", is welcome.
When a container-based solution becomes a viable, secure solution for creating isolated jails, the chroot approach used by the unsafe browser will be adaptable to the regular Iceweasel.
Our work to add AppArmor support will be useful in this area too, either in replacement of a container-based approach, or to complement it.
Special care needs to be given to allow sharing files between the Tor Browser and the rest of the system, e.g. to download and upload files. One could give read/write access from/to one special directory in
$HOME (likely: "Downloads"), using bind-mounts and ACLs as needed.
#4 Updated by FireballDWF over 5 years ago
Suggest leveraging the profile being tested at https://www.whonix.org/wiki/AppArmor/Tor_Browser_Bundle, as well as the other AppArmor profiles at https://www.whonix.org/wiki/AppArmor
#12 Updated by intrigeri almost 5 years ago
Note to myself: I'll have to revert the workaround for #8186 in this branch.
More or less done: instead, I'm still allowing Pidgin to run Tor Browser (since the custom path we're using is not supported in Pidgin't AppArmor profile), but under its own profile.