I finally got round to looking into this matter properly. The inability to use dotfiles persistence with the Tor Browser is, quite predictably, an Apparmor issue. tor-browser's access to the filesystem is (quite wisely) restricted to a couple of essential directories, and thus obviously cannot read from /lib/live... which the 'dotfiles' symlinks target.
Symlinks themselves within profile.default work fine, as long as their target is in a location TB is permitted to read from, such as ~/Tor Browser . At this point three solutions come to mind: 1. A documentation-only approach, allowing a power user to hardcode his desired Torbutton setting with a workaround. The dotfiles persistence approach could still work, albeit in a rather hacky way, such as automatically running a bash script to create ~/.tor-browser/profile.default/prefs.js as the amnesia user logs in. 2. Modifying the TBB's Apparmor profile to allow access to a single additional directory: /lib/live/mount/persistence/TailsData_unlocked/dotfiles/.tor-browser/profile.default/preferences . This would allow a user to use dotfile persistence with the browser. But could it introduce a security issue? 3. Adding a prefs.js to the squashfs build, thus changing Tails' default Torbutton setting at boot from Low to High. This was briefly discussed (in a roundabout way) back in 2015 (Redmine, topic #10481), but a few key developers were not a fan of the concept at the time. Founders, developers,contributors... let me know what you think :) Synthe
_______________________________________________ Tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
