[tor-dev] Enhanced Tor Browser sandboxing upstreaming

[procmem at riseup.net]

Hi. We aim to make enhanced sandboxing for Tor Browser widely available
on Linux that's well maintained in the long term. We would appreciate it
if TBB team provides the currently developed Apparmor and firejail
profiles below from your repos and run unit testing and check/fix any
breakages with updated browser versions.

It turns out there is an advantage to stacking both Apparmor and
Firejail. Firejail doesn’t offer nearly as good file path whitelisting
as AppArmor. Firejail also can’t do many things AppArmor can such as
managing ptrace or signals, yet firejail can use xpra to isolate Tor
Browser's access to X, pulseaudio and the clipboard. The Firejail
package included in Debian stable cannot keep pace with the needed
changes as Tor Browser continues to change.

Stacking is also a good defense in depth. If there’s a vulnerability in
Firejail then AppArmor will still restrict the application or vice versa.

Firejail provides a maintained official profile for Tor Browser [0].

We have a Apparmor profile that we've maintained for years [1].




[0]
https://github.com/netblue30/firejail/blob/master/etc/start-tor-browser.profile

[1] https://github.com/Whonix/apparmor-profile-torbrowser