Re: [Tails-dev] Issue #9700 (Torbutton preset)

Supprimer ce message

Répondre à ce message
Auteur: synthe
Date:  
À: tails-dev
Sujet: Re: [Tails-dev] Issue #9700 (Torbutton preset)
I finally got round to looking into this matter properly. The inability to use dotfiles persistence with the Tor Browser is, quite predictably, an Apparmor issue. tor-browser's access to the filesystem is (quite wisely) restricted to a couple of essential directories, and thus obviously cannot read from /lib/live... which the 'dotfiles' symlinks target.

Symlinks themselves within profile.default work fine, as long as their target is in a location TB is permitted to read from, such as ~/Tor Browser .

At this point three solutions come to mind:

1. A documentation-only approach, allowing a power user to hardcode his desired Torbutton setting with a workaround. The dotfiles persistence approach could still work, albeit in a rather hacky way, such as automatically running a bash script to create ~/.tor-browser/profile.default/prefs.js as the amnesia user logs in.

2. Modifying the TBB's Apparmor profile to allow access to a single additional directory: /lib/live/mount/persistence/TailsData_unlocked/dotfiles/.tor-browser/profile.default/preferences . This would allow a user to use dotfile persistence with the browser. But could it introduce a security issue?

3. Adding a prefs.js to the squashfs build, thus changing Tails' default Torbutton setting at boot from Low to High. This was briefly discussed (in a roundabout way) back in 2015 (Redmine, topic #10481), but a few key developers were not a fan of the concept at the time.

Founders, developers,contributors... let me know what you think :)

Synthe