You are not logged in.
There seems to be some regression during the last few days: start-tor-browser does not connect to tor anymore using firejail, but it does without. If someone gave me some hints which firejail settings is causing this, we could fix this bug.
Offline
Same here.
firejail --profile=~/.config/firejail/start-tor-browser.profile /home/user/.local/opt/tor-browser/app/Browser/start-tor-browser
leads to
Reading profile /home/user/.config/firejail/start-tor-browser.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-devel.inc
Parent pid 97459, child pid 97460
Warning: cleaning all supplementary groups
Warning: cleaning all supplementary groups
Warning: cleaning all supplementary groups
17 programs installed in 13.53 ms
Warning: skipping empty for private /etc
Private /etc installed in 0.08 ms
Private /usr/etc installed in 0.00 ms
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Child process initialized in 47.88 ms
Error: no suitable /home/user/.local/opt/tor-browser/app/Browser/start-tor-browser executable found
~/.config/firejail/start-tor-browser.profile:
## Disable access
# Disable access to common system management tools (sudo, mount, etc.)
include /etc/firejail/disable-common.inc
# Disable access to common program configs in ${HOME}
include /etc/firejail/disable-programs.inc
# Disable access to common password manager files
include /etc/firejail/disable-passwdmgr.inc
# Disable access to development tools
include /etc/firejail/disable-devel.inc
## Security filters
# Blacklist all Linux capabilities
caps.drop all
# Ensures that child processes cannot acquire new privileges
nonewprivs
# No root account. Only one user, the current one
noroot
# Disable supplementary groups
nogroups
# Protocol filter for unix sockets and IPv4/IPv6
protocol unix,inet,inet6
# Run the program directly, without a user shell
shell none
# Enable default seccomp filter and blacklist the syscalls
seccomp
## Filesystem
# Mount an empty temporary filesystem on top of /tmp directory
private-tmp
# Create a new /dev directory
private-dev
# Build new /etc in a temporary filesystem (gets discarded).
private-etc empty
# Build new /bin in a temporary filesystem. Copy the programs in the list.
private-bin bash,sh,grep,tail,env,gpg,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf
# Use directory as user home
private /home/user/.local/opt/tor-browser/app/Browser/home
# Blacklist
blacklist /boot
blacklist /mnt
blacklist /media
blacklist /root
blacklist /srv
## Networking
# Default network filter for new created network namespace
netfilter
EDIT:
the following does work:
firejail --noprofile tor-browser
Last edited by kinoe (2021-09-14 19:09:50)
Windows assumes the user is an idiot.
Linux demands proof.
Offline