torbrowser-launcher

mirror of https://github.com/torproject/torbrowser-launcher.git synced 2024-11-23 09:29:42 +00:00

History

intrigeri c5d37c0d05 AppArmor: drop the profile dedicated to Web Content processes. Before Firefox 60, Web Content processes were instances of a dedicated binary (plugin-container). But since Firefox 60, the Web Content processes are instances of the very same executable as the parent Firefox process, which makes it impossible to apply a different AppArmor policy to: - Web Content processes, that should ideally be more strictly confined - the new parent Firefox process that's spawned while restarting during a self-upgrade of Tor Browser And indeed, we had to drop this distinction with commit `678d083491`. As a result, the new parent Firefox process that's spawned while restarting during a self-upgrade of Tor Browser runs under the torbrowser_plugin_container profile, i.e. more strictly confined than it should be, which breaks all kinds of things. A Firefox release manager tells me there's no plan to give Web Content processes a dedicated binary again; let's give up and go back to confining the entire browser under one single AppArmor profile, and rely on Firefox' own sandboxing systems to protect itself against rogue Web Content processes.	2019-03-31 14:55:24 +00:00
..
torbrowser.Browser.firefox	AppArmor: remove boilerplate from local override files.	2018-01-29 08:24:52 +00:00
torbrowser.Tor.tor	AppArmor: remove boilerplate from local override files.	2018-01-29 08:24:52 +00:00

intrigeri c5d37c0d05 AppArmor: drop the profile dedicated to Web Content processes.

Before Firefox 60, Web Content processes were instances of a dedicated
binary (plugin-container). But since Firefox 60, the Web Content processes are
instances of the very same executable as the parent Firefox process,
which makes it impossible to apply a different AppArmor policy to:

 - Web Content processes, that should ideally be more strictly confined

 - the new parent Firefox process that's spawned while restarting
   during a self-upgrade of Tor Browser

And indeed, we had to drop this distinction with commit
678d083491.

As a result, the new parent Firefox process that's spawned while restarting
during a self-upgrade of Tor Browser runs under the torbrowser_plugin_container
profile, i.e. more strictly confined than it should be, which breaks all kinds
of things.

A Firefox release manager tells me there's no plan to give Web Content processes
a dedicated binary again; let's give up and go back to confining the entire
browser under one single AppArmor profile, and rely on Firefox' own sandboxing
systems to protect itself against rogue Web Content processes.

2019-03-31 14:55:24 +00:00

torbrowser.Browser.firefox AppArmor: remove boilerplate from local override files. 2018-01-29 08:24:52 +00:00

torbrowser.Tor.tor AppArmor: remove boilerplate from local override files. 2018-01-29 08:24:52 +00:00