Bug #12679

Sandbox Tor Browser's content renderer processes more strictly

Added by intrigeri about 2 months ago. Updated 2 days ago.

Status:In ProgressStart date:06/10/2017
Priority:NormalDue date:
Assignee:intrigeri% Done:

30%

Category:-
Target version:Tails_3.2
QA Check: Blueprint:
Feature Branch:feature/12679-sandbox-firefox-content-renderers Easy:
Type of work:Wait Affected tool:Browser

Description

Since we have enabled Electrolysis (e10s), we confine these processes in exactly the same way as the parent Firefox process. I'm pretty sure they could be confined much more strictly, without impacting UX whatsoever. And while we're at it, maybe some permissions we currently grant to the parent Firefox process are not needed anymore, as it does less work.


Related issues

Blocked by Tails - Feature #12653: Upstream changes to our Tor Browser 7.0 AppArmor profile Resolved 06/07/2017
Blocks Tails - Feature #13234: Core work 2017Q3: Foundations Team Confirmed 06/29/2017

Associated revisions

Revision 6e2ca1eb
Added by intrigeri about 1 month ago

Import Tor Browser AppArmor profiles with stricter content rendering processes confinement (refs: #12679).

These profiles were taken from the
feature/12679-sandbox-firefox-content-renderers branch in our
torbrowser-launcher.git repository at commit
a86475a2565cbbbdf846248238ffb7f072bebed5, which is based on my
https://github.com/intrigeri/torbrowser-launcher/tree/apparmor-e10s branch at
commit 33502fa03669c009c4344eb825f1d58c95f1e929.

Note: we must not merge a branch with this commit as-is: once these profiles
have passed our own QA, I will submit a PR to torbrowser-launcher upstream, and
then they'll make it into Debian, and then we can revert this commit and replace
it with an updated
config/chroot_local-includes/usr/share/tails/torbrowser-AppArmor-profile.patch.

Revision c86c6eb4
Added by intrigeri about 1 month ago

Import Tor Browser AppArmor profiles with stricter content rendering processes confinement (refs: #12679).

These profiles were taken from the
feature/12679-sandbox-firefox-content-renderers branch in our
torbrowser-launcher.git repository at commit
807bd87e7ee51b179bbd7d394f57d939f314ae20, which is based on my
https://github.com/intrigeri/torbrowser-launcher/tree/apparmor-e10s branch at
commit 33502fa03669c009c4344eb825f1d58c95f1e929.

Note: we must not merge a branch with this commit as-is: once these profiles
have passed our own QA, I will submit a PR to torbrowser-launcher upstream, and
then they'll make it into Debian, and then we can revert this commit and replace
it with an updated
config/chroot_local-includes/usr/share/tails/torbrowser-AppArmor-profile.patch.

Revision 7623daa0
Added by intrigeri about 1 month ago

Add missing permissions to the torbrowser_plugin_container AppArmor profile (refs: #12679).

From the feature/12679-sandbox-firefox-content-renderers branch in our
torbrowser-launcher repository at
commit 9932f9c2f2417f91cb79483a53b293704cc4f38a.

Revision 1c603eb4
Added by intrigeri about 1 month ago

Update Tor Browser AppArmor profile (refs: #12679).

They come from the feature/12679-sandbox-firefox-content-renderers branch in our
torbrowser-launcher Git repo, at
commit f5ecf6452e77b25a2027f14fcc75c13fc23546d3.

Revision 59fcf762
Added by intrigeri about 1 month ago

Test suite: update Tor Browser tests to match current AppArmor confinement (refs: #12679).

History

#1 Updated by intrigeri about 1 month ago

  • Blocked by Feature #12653: Upstream changes to our Tor Browser 7.0 AppArmor profile added

#2 Updated by intrigeri about 1 month ago

(This blocking relationship is not exactly correct, but it would be nice to upstream our existing delta before adding some more.)

#3 Updated by intrigeri about 1 month ago

  • Status changed from Confirmed to In Progress
  • % Done changed from 0 to 10

I have something that Works On My Machine™. Up-to-date info about it can be found on https://github.com/micahflee/torbrowser-launcher/issues/278.

#4 Updated by intrigeri about 1 month ago

  • % Done changed from 10 to 20
  • Feature Branch set to feature/12679-sandbox-firefox-content-renderers

#5 Updated by intrigeri about 1 month ago

It passed the subset of our test suite we run on Jenkins.

Next step: run all affected tests locally.

#6 Updated by intrigeri about 1 month ago

  • % Done changed from 20 to 30

The branch now passes features/documentation.feature:4 features/localization.feature features/tor_enforcement.feature:15 features/tor_stream_isolation.feature:26 features/torified_browsing.feature features/unsafe_browser.feature locally. Next step: upstream my changes to tbl, and then wait for them to reach Debian sid, and then we can replace my hard-coded profiles in tails.git with a proper patch.

#7 Updated by intrigeri about 1 month ago

  • Type of work changed from Code to Wait

#8 Updated by intrigeri 27 days ago

#9 Updated by intrigeri 2 days ago

Also available in: Atom PDF