Bug #12679: Sandbox Tor Browser's content renderer processes more strictly

Bug #12679

Sandbox Tor Browser's content renderer processes more strictly

Added by intrigeri 2017-06-10 10:14:30 . Updated 2018-03-14 11:09:25 .

Status:

Resolved

Priority:

Normal

Assignee:

Category:

Target version:

Tails_3.6

Start date:

2017-06-10

Due date:

% Done:

100%

Feature Branch:

feature/12679-sandbox-firefox-content-renderers

Type of work:

Code

Blueprint:

Starter:

Affected tool:

Browser

Deliverable for:

Description

Since we have enabled Electrolysis (e10s), we confine these processes in exactly the same way as the parent Firefox process. I’m pretty sure they could be confined much more strictly, without impacting UX whatsoever. And while we’re at it, maybe some permissions we currently grant to the parent Firefox process are not needed anymore, as it does less work.

Subtasks

Related issues

Related to Tails - ~~Bug #15717~~: Firefox' "Web Content" processes are not confined as strictly as they used to	Resolved	2018-07-05
Blocked by Tails - ~~Feature #12653~~: Upstream changes to our Tor Browser 7.0 AppArmor profile	Resolved	2017-06-07
Blocks Tails - ~~Feature #13245~~: Core work 2018Q1: Foundations Team	Resolved	2017-06-29

History

#1 Updated by intrigeri 2017-06-16 14:58:57

blocked by ~~Feature #12653~~: Upstream changes to our Tor Browser 7.0 AppArmor profile added

#2 Updated by intrigeri 2017-06-16 14:59:29

(This blocking relationship is not exactly correct, but it would be nice to upstream our existing delta before adding some more.)

#3 Updated by intrigeri 2017-06-16 17:59:10

Status changed from Confirmed to In Progress
% Done changed from 0 to 10

I have something that Works On My Machine™. Up-to-date info about it can be found on https://github.com/micahflee/torbrowser-launcher/issues/278.

#4 Updated by intrigeri 2017-06-17 10:08:43

% Done changed from 10 to 20
Feature Branch set to feature/12679-sandbox-firefox-content-renderers

#5 Updated by intrigeri 2017-06-22 18:12:34

It passed the subset of our test suite we run on Jenkins.

Next step: run all affected tests locally.

#6 Updated by intrigeri 2017-06-23 15:07:21

% Done changed from 20 to 30

The branch now passes features/documentation.feature:4 features/localization.feature features/tor_enforcement.feature:15 features/tor_stream_isolation.feature:26 features/torified_browsing.feature features/unsafe_browser.feature locally. Next step: upstream my changes to tbl, and then wait for them to reach Debian sid, and then we can replace my hard-coded profiles in tails.git with a proper patch.

#7 Updated by intrigeri 2017-06-23 15:17:15

Type of work changed from Code to Wait

https://github.com/micahflee/torbrowser-launcher/pull/280

#8 Updated by intrigeri 2017-06-29 10:23:03

blocks ~~Feature #13234~~: Core work 2017Q3: Foundations Team added

#9 Updated by intrigeri 2017-07-24 06:24:24

intrigeri wrote:
> https://github.com/micahflee/torbrowser-launcher/pull/280

Pinged there.

#10 Updated by intrigeri 2017-09-02 09:27:43

Target version changed from Tails_3.2 to Tails_3.3

I’ll ping again during next cycle.

#11 Updated by intrigeri 2017-09-08 07:48:51

Pinged upstream, refreshed our branch so it’s tested by Jenkins again.

#12 Updated by intrigeri 2017-09-24 09:40:36

blocks ~~Feature #13244~~: Core work 2017Q4: Foundations Team added

#13 Updated by intrigeri 2017-09-24 09:41:26

blocked by deleted (~~~~Feature #13234~~: Core work 2017Q3: Foundations Team~~)

#14 Updated by intrigeri 2017-09-30 11:31:14

Target version changed from Tails_3.3 to Tails_3.5

#15 Updated by intrigeri 2017-11-18 17:57:45

Target version changed from Tails_3.5 to Tails_3.6

That’s for a major release (and pinging upstream doesn’t seem to help).

#16 Updated by intrigeri 2018-01-01 16:40:39

blocked by deleted (~~~~Feature #13244~~: Core work 2017Q4: Foundations Team~~)

#17 Updated by intrigeri 2018-01-01 16:40:42

blocks ~~Feature #13245~~: Core work 2018Q1: Foundations Team added

#18 Updated by intrigeri 2018-01-29 08:34:33

% Done changed from 30 to 40

My branch was merged upstream \o/ but I’m not sure how well it will work as-is (I had actually asked upstream to first merge something else so I could then update my branch on top of that).

I’ve sent a follow-up PR: https://github.com/micahflee/torbrowser-launcher/pull/310.

#19 Updated by intrigeri 2018-01-29 08:56:39

> My branch was merged upstream \o/

This implies that devel will FTBFS once torbrowser-launcher 0.2.9 makes it into Debian.

#20 Updated by intrigeri 2018-02-05 08:04:09

Type of work changed from Wait to Code

#21 Updated by bertagaz 2018-02-05 15:35:20

eeek, torbrowser-launcher 0.2.9-1 has entered stretch-backports, so devel do FTBFS again. :/ I’m giving a try to your branch as is, at least to see if it fixes the build.

#22 Updated by intrigeri 2018-02-06 16:01:33

> eeek, torbrowser-launcher 0.2.9-1 has entered stretch-backports, so devel do FTBFS again. :/ I’m giving a try to your branch as is, at least to see if it fixes the build.

Yes, see ~~Bug #15270~~.

#23 Updated by intrigeri 2018-02-07 08:26:36

I’ll request a first merge of this branch to fix ~~Bug #15270~~ as soon as some local test suite runs finish successfully, but I’m not done here yet: I want to do some more manual testing, ensure the plugin container profile is applied and e10s is enabled, look at AppArmor logs, and possibly backport some deny rules from my last upstream PR to make the kernel logs less noisy.

#24 Updated by intrigeri 2018-02-07 13:38:41

The only failing relevant automated test in my local run is caused by ~~Bug #14935#note-13~~.

#25 Updated by intrigeri 2018-02-14 08:12:50

blocked by ~~Bug #15270~~: devel branch FTBFS since torbrowser-launcher 0.2.9 entered sid added

#26 Updated by intrigeri 2018-02-14 08:23:03

intrigeri wrote:
> I want to do some more manual testing, ensure the plugin container profile is applied and e10s is enabled, look at AppArmor logs, and possibly backport some deny rules from my last upstream PR to make the kernel logs less noisy.

Done all this, will submit for QA once I’ve confirmed an ISO built from my (updated) branch behaves correctly.

#27 Updated by intrigeri 2018-02-14 09:25:18

Assignee changed from intrigeri to bertagaz
% Done changed from 40 to 50
QA Check set to Ready for QA

#28 Updated by intrigeri 2018-02-14 09:25:28

blocks deleted (~~~~Bug #15270~~: devel branch FTBFS since torbrowser-launcher 0.2.9 entered sid~~)

#29 Updated by segfault 2018-02-16 18:35:42

blocks ~~Feature #11753~~: Port complex shell scripts shipped in /usr/local to Python added

#30 Updated by intrigeri 2018-02-19 09:07:47

blocked by deleted (~~~~Feature #11753~~: Port complex shell scripts shipped in /usr/local to Python~~)

#31 Updated by anonym 2018-02-19 14:24:19

Assignee changed from bertagaz to anonym

I’m taking this one over to relieve our overloaded RM, and to get devel building again (~~Bug #15270~~).

#32 Updated by anonym 2018-02-19 18:59:03

Status changed from In Progress to Fix committed
Assignee deleted (~~anonym~~)
% Done changed from 50 to 100
QA Check changed from Ready for QA to Pass

Works for me! I found it a bit hard to track our patch’s changes being split over the two profiles, but think I managed to in the end. :)

#33 Updated by bertagaz 2018-03-14 11:09:25

Status changed from Fix committed to Resolved

#34 Updated by intrigeri 2018-07-05 16:28:52

related to ~~Bug #15717~~: Firefox' "Web Content" processes are not confined as strictly as they used to added