Ubuntu
torbrowser-launcher package

tor browser not launching in impish (flavors; l/x/kubuntu)

Bug #1933886 reported by Chris Guiver
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
torbrowser-launcher (Ubuntu)
Fix Released
Medium
Thomas Ward

Bug Description

Trying to use tor-browser has the program open, then close but is unusable.

this issue has existed for a few weeks (3 weeks+?) on my primary box (impish).

I don't trust facebook, and use tor-browser to access fb to post UWN notice on my local Tuesday morning most weeks, and have thus resorted to using another box (focal setup) where it works last 3+ weeks.

The login & post takes 2-3 mins max so I've ignored issue.

I tried adding tor-browser to this recent QA-test install (impish), expecting it to work; alas I get the same issue here I have had for awhile on my primary box. Using a focal (daily) install does NOT have this issue.

This issue is a problem only in IMPISH.
It impacts flavors - Lubuntu, Kubuntu, Xubuntu
It does NOT impact Ubuntu with GNOME.

****
** To re-create

- grab & boot a impish daily (Xubuntu, Lubuntu, Kubuntu)
- open terminal
- `sudo apt install torbrowser-launcher`
- execute torbrower-launcher & let it download etc.

If using Ubuntu Desktop - you'll end up in browser
If using a flavor, refer "Actual Results"

****
** EXPECTED RESULTS

I expect tor-browser to start, establish connection & remain open on clicking in menu. This happens in Ubuntu Desktop with GNOME

****
** ACTUAL RESULTS

Tor browser opens at menu, establish connection dialog then it closes and cannot be used.
(Kubuntu, Lubuntu & Xubuntu tested & do this)

****
** ADDITIONAL blurb

No CRASH file exists in /var/crash/

This is a clean QA-test install of Lubuntu impish (maybe a few days old; I forget). The only change made was monitor settings adjustment (my screen setup differs to the default).

It occurs in DAILY ISOs without install, installed systems & my primary install (installed in artful cycle and upgraded every 6 months)

ProblemType: Bug
DistroRelease: Ubuntu 21.10
Package: torbrowser-launcher 0.3.3-6
ProcVersionSignature: Ubuntu 5.11.0-20.21+21.10.1-generic 5.11.21
Uname: Linux 5.11.0-20-generic x86_64
ApportVersion: 2.20.11-0ubuntu67
Architecture: amd64
CasperMD5CheckResult: unknown
CurrentDesktop: LXQt
Date: Tue Jun 29 09:13:19 2021
InstallationDate: Installed on 2021-06-26 (2 days ago)
InstallationMedia: Lubuntu 21.10 "Impish Indri" - Alpha amd64 (20210625)
SourcePackage: torbrowser-launcher
UpgradeStatus: No upgrade log present (probably fresh install)

See original description
Revision history for this message
Chris Guiver (guiverc) wrote :
Revision history for this message
Chris Guiver (guiverc) wrote :

Booted the focal QA-test install on the same box; performed the same `apt install` to install tor-browser on focal, and after the "establish connection" a tor browser window opens & remains open.

The issue occurs only in impish; has existed at least 3 weeks but may have been a few weeks beyond that also.

If dating when issue occurs is helpful; I could search back in #ubuntu-news (IRC) for mention of it; but may not be much more accurate than 3-5 (maybe 6) weeks

Revision history for this message
Thomas Ward (teward) wrote :

ERR:NOREPRO

Test environment: Ubuntu 21.10, fresh install. Wayland is the environment (because Wayland is default)

Changed in torbrowser-launcher (Ubuntu):
status: New → Incomplete
Revision history for this message
Chris Guiver (guiverc) wrote (last edit ):

Speaking with Thomas/teward on #ubuntu-devel

guiverc@d960-ubu2:~$ torbrowser-launcher
Tor Browser Launcher
By Micah Lee, licensed under MIT
version 0.3.3
https://github.com/micahflee/torbrowser-launcher
Launching Tor Browser.
Running /home/guiverc/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/start-tor-browser.desktop
Launching './Browser/start-tor-browser --detach'...

--
guiverc@d960-ubu2:~/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US$ cat start-tor-browser.desktop

shows

Exec=sh -c '"/home/guiverc/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/start-tor-browser" --detach || ([ ! -x "/home/guiverc/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/start-tor-browser" ] && "$(dirname "$*")"/Browser/start-tor-browser --detach)' dummy %k

so running "/home/guiverc/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/start-tor-browser"

at term gets me

window open "Establising connection" , bar fills then it closes, no output.

guiverc@d960-ubu2:~/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US$ /home/guiverc/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/start-tor-browser
guiverc@d960-ubu2:~/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US$

FYI: this was run on my primary box; not the QA-test install I filed bug report on.

Revision history for this message
Thomas Ward (teward) wrote :

Okay, so, I did some heavy hardcore digging.

The core execution string at the deepest level is something like this:

`$HOME/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/firefox --class "Tor Browser" -profile $HOME/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/TorBrowser'profile.default "http://cnn.com"`

With this in mind, I tested this on Ubuntu 21.04 direct which has Wayland and it worked. However, the same Firefox executable failed on Lubuntu 21.04. I have crash data (attached).

However, this is not an issue with torbrowser-launcher's package, because all it does is start and execute the `start-tor-browser` shell file that Tor Browser upstream has provided, which in turn executes its flavor of Firefox, and that flavor of Firefox crashes.

This is not necessarily an issue in the *package* torbrowser-launcher but an upstream Tor Browser problem, so I'm going to leave this bug as Incomplete unless someone can prove it's an issue with the torbrowser-launcher package.

Revision history for this message
Thomas Ward (teward) wrote :

More development chaos:

I downloaded Tor Browser from upstream directly. This issue is not reproducible on Upstream Tor Browser, which doesn't use a launcher mechanism like torbrowser-launcher does.

More digging for me, now...

Changed in torbrowser-launcher (Ubuntu):
status: Incomplete → New
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in torbrowser-launcher (Ubuntu):
status: New → Confirmed
Revision history for this message
Chris Guiver (guiverc) wrote (last edit ):

I booted Ubuntu impish daily (live) on the box the bug is reported under (a box I use for QA-test installs)
- hp dc7700 (c2d-e6320, 5gb, nvidia quadro nvs 290)

Adding the tor-browser package will result in a usable tor browser just as teward outlines.

This however does not occur with

- LUBUNTU (installed on my primary box or the QA-test install used in bug report), or daily images inc. todays

- KUBUNTU (yesterday's impish daily, today's impish daily) when run live on same box where Ubuntu works for me. I did a kubuntu QA install yesterday from memory which I could find & test, but I'd expect issues there just as I have in lubuntu I use daily

- XUBUNTU daily (run live on same box as report, where it works for Ubuntu).

What is different between flavors (Lubuntu/Kubuntu/Xubuntu) & main Ubuntu in relation to this package??

No crash files for any of Lubuntu, Xubuntu or Kubuntu found in /var/crash/

Chris Guiver (guiverc)
tags: added: kubuntu lubuntu xubuntu
Chris Guiver (guiverc)
summary: - tor browser not launching in impish
+ tor browser not launching in impish (flavors; l/x/kubuntu)
description: updated
Chris Guiver (guiverc)
description: updated
Revision history for this message
Thomas Ward (teward) wrote :
Revision history for this message
Thomas Ward (teward) wrote :

Did some more tracing. Narrowed this down to some kind of AppArmor issue in the Lubuntu environment possibly, but more importantly, this error shows up:

" Gtk-WARNING **: 01:33:02.634: cannot open display: :0"

This suggests that apparmor might be blocking things?

Revision history for this message
Thomas Ward (teward) wrote :

Core problem traced back to what LOOKS to be a regression in AppArmor owned by the Security team.

For all intents and purposes, `/etc/apparmor.d/abstractions/X` should give read-write to the display sockets. HOWEVER, this has changed in AppArmor. Even if we include the abstractions if they exist to make sure things are read/write, it errors hard, lending itself to this AppArmor deny which causes the segfault once we handle the dbus whining with `#include <abstractions/dbus-session-strict>` in the apparmor rules for Tor Browser:

Jun 29 14:31:10 lubuntu-impish-testing kernel: [ 5332.955288] audit: type=1400 audit(1624991470.229:1961): apparmor="DENIED" operation="connect" profile="torbrowser_firefox" name="/tmp/.X11-unix/X0" pid=5234 comm="MainThread" requested_mask="w" denied_mask="w" fsuid=1000 ouid=0

This is a regression in AppArmor because in focal and such it was "rw" in the rules. This may be the display launch problem.

Revision history for this message
Thomas Ward (teward) wrote :

Related Security Team bug for the apparmor regression:

https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1934005

Related Upstream bug because there'll need to be some abstractions included in the apparmor rules:

https://github.com/micahflee/torbrowser-launcher/issues/588

Revision history for this message
Thomas Ward (teward) wrote :

NOTE: The AppArmor profiles are **brand new** in Impish, and as such are incomplete. This plus the X abstractions regression explains why this is broken.

Thomas Ward (teward)
Changed in torbrowser-launcher (Ubuntu):
status: Confirmed → In Progress
importance: Undecided → Medium
assignee: nobody → Thomas Ward (teward)
Chris Guiver (guiverc)
description: updated
Revision history for this message
Chris Guiver (guiverc) wrote (last edit ):

I was able to load torbrowser on my primary impish desktop today to enable me to login to fb & paste UWN #690 for ubuntu_news. :) (hours ago now)

I've since zsync'd the lubuntu impish daily & in a live session; I can
- sudo apt install torbrowser-launcher
- torbrowser-launcher
  and select CONNECT and have the browser start up & run :)
(I'll assume it's the same in other flavors; given Thomas' explanation of what the issue was)

Thanks Thomas/teward

Later addition: Even though I'd not tested the issue in Ubuntu-MATE, I decided to have a look at it today; and tor-browser-launcher is working on that flavor too (tested using daily in live)

Thomas Ward (teward)
Changed in torbrowser-launcher (Ubuntu):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package torbrowser-launcher - 0.3.3-6ubuntu1

---------------
torbrowser-launcher (0.3.3-6ubuntu1) impish; urgency=medium

  * d/p/u17-apparmor-abstractions.patch:
    - Ubuntu specific patch based on upstream Pull Review by Thomas to
      add and include the DBus and X Abstractions for AppArmor into
      the torbrowser.Browser.Firefox apparmor rules, so that the Tor
      Browser firefox fork can actually bind to the display socket,
      and so that dialog boxes inside the Browser system can actually
      function effectively.
      (LP: #1933886)

 -- Thomas Ward <email address hidden> Thu, 15 Jul 2021 11:21:02 -0400

Changed in torbrowser-launcher (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.