Package: apparmor Version: 2.13.6-10 Severity: important X-Debbugs-Cc: hacerespa...@gmail.com
Dear Maintainer, * What led up to the situation? Istalling Tor Browser via the `torbrowser-launcher` (0.3.3-6) package in Debian 11. * What exactly did you do (or not do) that was effective (or ineffective)? Launching Tor in GNOME using the Wayland session with environmental variable MOZ_ENABLE_WAYLAND=1 in my .bashrc lead to an unusable Tor. However, Tor works fine in the X11 session or with MOZ_ENABLE_WAYLAND=0 under the Wayland session in GNOME. * What was the outcome of this action? Tor can't be used under Wayland. * What outcome did you expect instead? To be able to run Tor with environmental variable MOZ_ENABLE_WAYLAND=1. I found the following issue in torbrowser-launcher: https://github.com/micahflee/torbrowser-launcher/issues/591 According to the submitter of the issue, Paul Wise: >Since Tor Browser 10.5 (release notes, tbb#31729) when the MOZ_ENABLE_WAYLAND environment variable is set, the Firefox build that is part of Tor Browser will try to use Wayland IPC and if that fails then Tor Browser will not start. The current torbrowser.Browser.firefox apparmor profile denies access to the relevant Wayland IPC files/sockets: > Jul 07 08:23:15 audit[437003]: AVC apparmor="DENIED" operation="mknod" profile="torbrowser_firefox" name="/dev/shm/wayland.mozilla.ipc.0" pid=437003 comm="Compositor" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000 >I was able to workaround this issue using this command: > sudo sh -c 'echo "owner /dev/shm/wayland.mozilla.ipc.[0-9]* rw," > /etc/apparmor.d/local/torbrowser.Browser.firefox ; apparmor_parser -r /etc/apparmor.d/torbrowser.Browser.firefox' -- System Information: Debian Release: 11.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-9-amd64 (SMP w/4 CPU threads) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages apparmor depends on: ii debconf [debconf-2.0] 1.5.77 ii libc6 2.31-13+deb11u2 ii lsb-base 11.1.0 apparmor recommends no packages. Versions of packages apparmor suggests: pn apparmor-profiles-extra <none> pn apparmor-utils <none> -- debconf information: