Hi, synthe: > I finally got round to looking into this matter properly. The inability to use > dotfiles persistence with the Tor Browser is, quite predictably, an Apparmor > issue. > tor-browser's access to the filesystem is (quite wisely) restricted to a > couple of > essential directories, and thus obviously cannot read from /lib/live... which > the > 'dotfiles' symlinks target.
> Symlinks themselves within profile.default work fine, as long as their target > is in a location TB is permitted to read from, such as ~/Tor Browser . > At this point three solutions come to mind: > 1. A documentation-only approach, allowing a power user to hardcode his > desired > Torbutton setting with a workaround. The dotfiles persistence approach could > still > work, albeit in a rather hacky way, such as automatically running a bash > script to > create ~/.tor-browser/profile.default/prefs.js as the amnesia user logs in. See my first reply in this thread, I think we're more or less on the same page here. Initially this could require some manual setup (via documentation) but we should aim for something that can be fully configured via the GUI. > 2. Modifying the TBB's Apparmor profile to allow access to a single additional > directory: > /lib/live/mount/persistence/TailsData_unlocked/dotfiles/.tor-browser/profile.default/preferences > . This would allow a user to use dotfile persistence with the browser. But > could it > introduce a security issue? Adjusting AppArmor settings if needed is an option. But beware: we can't persist ~/.tor-browser/profile.default/preferences entirely, otherwise the user will get frozen settings there, that never get updated when they upgrade Tails. Dotfiles should avoid this problem if used carefully. Cheers, -- intrigeri _______________________________________________ Tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
