Bug #12679
Sandbox Tor Browser's content renderer processes more strictly
100%
Description
Since we have enabled Electrolysis (e10s), we confine these processes in exactly the same way as the parent Firefox process. I’m pretty sure they could be confined much more strictly, without impacting UX whatsoever. And while we’re at it, maybe some permissions we currently grant to the parent Firefox process are not needed anymore, as it does less work.
Subtasks
Related issues
Related to Tails - |
Resolved | 2018-07-05 | |
Blocked by Tails - |
Resolved | 2017-06-07 | |
Blocks Tails - |
Resolved | 2017-06-29 |
History
#1 Updated by intrigeri 2017-06-16 14:58:57
- blocked by
Feature #12653: Upstream changes to our Tor Browser 7.0 AppArmor profile added
#2 Updated by intrigeri 2017-06-16 14:59:29
(This blocking relationship is not exactly correct, but it would be nice to upstream our existing delta before adding some more.)
#3 Updated by intrigeri 2017-06-16 17:59:10
- Status changed from Confirmed to In Progress
- % Done changed from 0 to 10
I have something that Works On My Machine™. Up-to-date info about it can be found on https://github.com/micahflee/torbrowser-launcher/issues/278.
#4 Updated by intrigeri 2017-06-17 10:08:43
- % Done changed from 10 to 20
- Feature Branch set to feature/12679-sandbox-firefox-content-renderers
#5 Updated by intrigeri 2017-06-22 18:12:34
It passed the subset of our test suite we run on Jenkins.
Next step: run all affected tests locally.
#6 Updated by intrigeri 2017-06-23 15:07:21
- % Done changed from 20 to 30
The branch now passes features/documentation.feature:4 features/localization.feature features/tor_enforcement.feature:15 features/tor_stream_isolation.feature:26 features/torified_browsing.feature features/unsafe_browser.feature
locally. Next step: upstream my changes to tbl, and then wait for them to reach Debian sid, and then we can replace my hard-coded profiles in tails.git with a proper patch.
#7 Updated by intrigeri 2017-06-23 15:17:15
- Type of work changed from Code to Wait
#8 Updated by intrigeri 2017-06-29 10:23:03
- blocks
Feature #13234: Core work 2017Q3: Foundations Team added
#9 Updated by intrigeri 2017-07-24 06:24:24
intrigeri wrote:
> https://github.com/micahflee/torbrowser-launcher/pull/280
Pinged there.
#10 Updated by intrigeri 2017-09-02 09:27:43
- Target version changed from Tails_3.2 to Tails_3.3
I’ll ping again during next cycle.
#11 Updated by intrigeri 2017-09-08 07:48:51
Pinged upstream, refreshed our branch so it’s tested by Jenkins again.
#12 Updated by intrigeri 2017-09-24 09:40:36
- blocks
Feature #13244: Core work 2017Q4: Foundations Team added
#13 Updated by intrigeri 2017-09-24 09:41:26
- blocked by deleted (
)Feature #13234: Core work 2017Q3: Foundations Team
#14 Updated by intrigeri 2017-09-30 11:31:14
- Target version changed from Tails_3.3 to Tails_3.5
#15 Updated by intrigeri 2017-11-18 17:57:45
- Target version changed from Tails_3.5 to Tails_3.6
That’s for a major release (and pinging upstream doesn’t seem to help).
#16 Updated by intrigeri 2018-01-01 16:40:39
- blocked by deleted (
)Feature #13244: Core work 2017Q4: Foundations Team
#17 Updated by intrigeri 2018-01-01 16:40:42
- blocks
Feature #13245: Core work 2018Q1: Foundations Team added
#18 Updated by intrigeri 2018-01-29 08:34:33
- % Done changed from 30 to 40
My branch was merged upstream \o/ but I’m not sure how well it will work as-is (I had actually asked upstream to first merge something else so I could then update my branch on top of that).
I’ve sent a follow-up PR: https://github.com/micahflee/torbrowser-launcher/pull/310.
#19 Updated by intrigeri 2018-01-29 08:56:39
> My branch was merged upstream \o/
This implies that devel will FTBFS once torbrowser-launcher 0.2.9 makes it into Debian.
#20 Updated by intrigeri 2018-02-05 08:04:09
- Type of work changed from Wait to Code
#21 Updated by bertagaz 2018-02-05 15:35:20
eeek, torbrowser-launcher 0.2.9-1 has entered stretch-backports, so devel do FTBFS again. :/ I’m giving a try to your branch as is, at least to see if it fixes the build.
#22 Updated by intrigeri 2018-02-06 16:01:33
> eeek, torbrowser-launcher 0.2.9-1 has entered stretch-backports, so devel do FTBFS again. :/ I’m giving a try to your branch as is, at least to see if it fixes the build.
Yes, see Bug #15270.
#23 Updated by intrigeri 2018-02-07 08:26:36
I’ll request a first merge of this branch to fix Bug #15270 as soon as some local test suite runs finish successfully, but I’m not done here yet: I want to do some more manual testing, ensure the plugin container profile is applied and e10s is enabled, look at AppArmor logs, and possibly backport some deny
rules from my last upstream PR to make the kernel logs less noisy.
#24 Updated by intrigeri 2018-02-07 13:38:41
The only failing relevant automated test in my local run is caused by Bug #14935#note-13.
#25 Updated by intrigeri 2018-02-14 08:12:50
- blocked by
Bug #15270: devel branch FTBFS since torbrowser-launcher 0.2.9 entered sid added
#26 Updated by intrigeri 2018-02-14 08:23:03
intrigeri wrote:
> I want to do some more manual testing, ensure the plugin container profile is applied and e10s is enabled, look at AppArmor logs, and possibly backport some deny
rules from my last upstream PR to make the kernel logs less noisy.
Done all this, will submit for QA once I’ve confirmed an ISO built from my (updated) branch behaves correctly.
#27 Updated by intrigeri 2018-02-14 09:25:18
- Assignee changed from intrigeri to bertagaz
- % Done changed from 40 to 50
- QA Check set to Ready for QA
#28 Updated by intrigeri 2018-02-14 09:25:28
- blocks deleted (
)Bug #15270: devel branch FTBFS since torbrowser-launcher 0.2.9 entered sid
#29 Updated by segfault 2018-02-16 18:35:42
- blocks
Feature #11753: Port complex shell scripts shipped in /usr/local to Python added
#30 Updated by intrigeri 2018-02-19 09:07:47
- blocked by deleted (
)Feature #11753: Port complex shell scripts shipped in /usr/local to Python
#31 Updated by anonym 2018-02-19 14:24:19
- Assignee changed from bertagaz to anonym
I’m taking this one over to relieve our overloaded RM, and to get devel
building again (Bug #15270).
#32 Updated by anonym 2018-02-19 18:59:03
- Status changed from In Progress to Fix committed
- Assignee deleted (
anonym) - % Done changed from 50 to 100
- QA Check changed from Ready for QA to Pass
Works for me! I found it a bit hard to track our patch’s changes being split over the two profiles, but think I managed to in the end. :)
#33 Updated by bertagaz 2018-03-14 11:09:25
- Status changed from Fix committed to Resolved
#34 Updated by intrigeri 2018-07-05 16:28:52
- related to
Bug #15717: Firefox' "Web Content" processes are not confined as strictly as they used to added