Details
Jan 19 2023
This will be done when doing T927.
Nov 23 2019
Awesome!
I created the issue:
Could you add to git please?
Works.
Try adding:
Apr 6 2019
Mar 7 2018
Feb 6 2018
Sep 7 2017
Sep 6 2017
Ah I see.
Sep 5 2017
JasonJAyalaP (Jason J. Ayala P.):
JasonJAyalaP added a comment.
I changed it to NoNewPrivileges=No That's the only thing I can imagine that would be causing that parsing error. Testing now > torproject's stretch repository [1] does not contain tor_0.3.1.5 yet. Once TPOs stretch repo contains the latest, this workaround will no longer be needed, correct?
Sep 4 2017
with =no, I'm no longer getting the parsing error
I changed it to
NoNewPrivileges=No
That's the only thing I can imagine that would be causing that parsing error. Testing now
Sep 3 2017
Jul 6 2017
Thanks for updating me! No, then this needs to be removed. And the sandboxed tor browser chanter moved to https://www.whonix.org/wiki/Deprecated.
According to their wiki that you linked to: "Active development is on indefinite hiatus." Do you still want FP to talk about and link to that?
Please keep the Whonix 14 tag. I guess this can be closed, resolved?
JasonJAyalaP (Jason J. Ayala P.):
JasonJAyalaP added a comment.
Ok I created the workaround as you described: https://github.com/Whonix/anon-gw-anonymizer-config/commit/bfe28e340d03cc4d77e4f49e24bcc0a9da42da06
After FoxyProxy is installed, you may see an app-armory warning you
about the denied creation of dconf/user. The current Debian profile for
Firefox does not yet include the modern temporary file location /run/user.
JasonJAyalaP (Jason J. Ayala P.):
JasonJAyalaP added a comment.
@Patrick the FP template says "Tor Browser will soon ship with sandboxing on an opt-in basis." Wasn't this rejected?
JasonJAyalaP (Jason J. Ayala P.):
the FP template says "Tor Browser will soon ship with sandboxing on an opt-in basis." Wasn't this rejected?
Jul 5 2017
Debian bug report:
Ok I created the workaround as you described:
https://github.com/Whonix/anon-gw-anonymizer-config/blob/master/lib/systemd/system/tor@default.service.d/40_obfs4proxy-workaround.conf
Jul 4 2017
@Patrick
the FP template says "Tor Browser will soon ship with sandboxing on an opt-in basis." Wasn't this rejected?
Reported but to app armor:
https://bugs.launchpad.net/apparmor/+bug/1702360
Jul 1 2017
JasonJAyalaP (Jason J. Ayala P.):
JasonJAyalaP added a comment.
Two things work:
- Changing obfs4 execution permission in system_tor apparmor profile
(abstractions/tor) from PUx to ix.
- Keeping PUx but removing "NoNewPrivileges" from tor@default
systemd service (/lib/systemd/system)
JasonJAyalaP (Jason J. Ayala P.):
But it should be apart of abstractions/user-tmp. Are you comfortable doing this, Patrick?
I really think that "access to the temp folder" should be a basic AA allowance. In fact, it is right now with #include user-tmp. However, user-tmp is so old (I'm guessing) it doesn't have /run/user/[0-9]/**
Ok, the line should be:
I get the message after a reboot.
Ok. I added the commented line to home.tor-browser.firefox
Two things work:
Jun 30 2017
Pux (already Tor's default) is alright.
Ahh I see. I can setup i2p/freenet/zeronet and use FP to go through that.
I commented out the lines in local/system_tor about obfsproxy. This caused obfsproxy to fail. Changing obfsproxy to rix didn't work. But I'm confused at what I'm seeing, and so I'm still looking at it.
Comment that and obfs4proxy can run as PUx (instead of needing ix)
Jun 29 2017
To save you from somehow learning about systemd overrides the hard way...
In this case, a /local file can probably not do the trick.