Bug #8280: Users should be able to manipulate local files in I2P browser

Bug #8280

Users should be able to manipulate local files in I2P browser

Added by sajolida 2014-11-20 16:55:08 . Updated 2018-01-19 17:29:13 .

Status:

Confirmed

Priority:

Low

Assignee:

Category:

Target version:

Start date:

2014-11-20

Due date:

% Done:

Feature Branch:

Type of work:

Code

Blueprint:

Starter:

Affected tool:

I2P

Deliverable for:

Description

Several users asked about the new isolation of I2P. Now that I2P runs in
a dedicated browser, from inside a chroot, I understand that the same
warning than from the Unsafe Browser applies:

« As a consequence, if you download files using the Unsafe Browser it is
not possible to access them outside of the Unsafe Browser itself. »

It was proposed on tails-dev to have a dedicated folder mounted in the chroot for that use.

Subtasks

Related issues

Related to Tails - ~~Feature #5525~~: Sandbox the web browser	Resolved	2015-01-24	2015-02-04
Related to Tails - ~~Bug #9894~~: Document permissions issues with i2p	Duplicate	2015-08-04

History

#1 Updated by intrigeri 2014-11-20 19:23:11

As mentioned on tails-dev@, I plan to work on a “solution” for this kind of issues for our Tor Browser, so Kill Your TV: either start working on this before I do (but then, let’s communicate about the specs and implementation ideas before you spend too much time on it), or just wait for me to do the work and replicate it for the I2P browser.

#2 Updated by intrigeri 2014-11-20 19:28:42

related to ~~Feature #5525~~: Sandbox the web browser added

#3 Updated by kytv 2015-02-24 20:00:49

Target version changed from Tails_1.3 to Tails_1.3.2

#4 Updated by kytv 2015-03-25 01:02:32

Assignee changed from kytv to intrigeri

intrigeri wrote:
> As mentioned on tails-dev@, I plan to work on a “solution” for this kind of issues for our Tor Browser, so Kill Your TV: either start working on this before I do (but then, let’s communicate about the specs and implementation ideas before you spend too much time on it), or just wait for me to do the work and replicate it for the I2P browser.

Do you have anything for this for the Unsafe Browser? I’m still thinking about what might be the best way to do this with the chroot browsers…

#5 Updated by intrigeri 2015-03-25 09:59:35

> Do you have anything for this for the Unsafe Browser? I’m still thinking about what
> might be the best way to do this with the chroot browsers…

The only thing I have done that can be reused for the chroot’ed browsers is the general UI and folder names that were discussed with -ux@. For the rest, I guess you’ll have to go with bind-mounts and ACLs.

#6 Updated by kytv 2015-03-25 18:31:48

Assignee changed from intrigeri to kytv

intrigeri wrote:
> I guess you’ll have to go with bind-mounts and ACLs.

That’s all that came to mind for me, OK.

#7 Updated by kytv 2015-04-06 15:13:50

Target version changed from Tails_1.3.2 to Tails_1.4

#8 Updated by kytv 2015-04-12 21:21:35

Assignee changed from kytv to intrigeri
QA Check set to Info Needed

According to this post from 2011 and this StackExchange thread, aufs doesn’t support acls.

intrigeri, do you have any ideas as to how to tackle this? (I’m trying to come up with a good resolution but am coming up blank ATM)

#9 Updated by intrigeri 2015-04-14 16:09:08

> intrigeri, do you have any ideas as to how to tackle this? (I’m trying to come up with a good resolution but am coming up blank ATM)

I would try:

bind-mount I2P Browser’s default download directory into some place that the amnesia user can access, or vice-versa
make sure that the I2P Browser is started with a umask that allows the amnesia user to read files it creates