Core problem traced back to what LOOKS to be a regression in AppArmor owned by the Security team.
For all intents and purposes, `/etc/apparmor.d/abstractions/X` should give read-write to the display sockets. HOWEVER, this has changed in AppArmor. Even if we include the abstractions if they exist to make sure things are read/write, it errors hard, lending itself to this AppArmor deny which causes the segfault once we handle the dbus whining with `#include <abstractions/dbus-session-strict>` in the apparmor rules for Tor Browser:
Core problem traced back to what LOOKS to be a regression in AppArmor owned by the Security team.
For all intents and purposes, `/etc/apparmor. d/abstractions/ X` should give read-write to the display sockets. HOWEVER, this has changed in AppArmor. Even if we include the abstractions if they exist to make sure things are read/write, it errors hard, lending itself to this AppArmor deny which causes the segfault once we handle the dbus whining with `#include <abstractions/ dbus-session- strict> ` in the apparmor rules for Tor Browser:
Jun 29 14:31:10 lubuntu- impish- testing kernel: [ 5332.955288] audit: type=1400 audit(162499147 0.229:1961) : apparmor="DENIED" operation="connect" profile= "torbrowser_ firefox" name="/ tmp/.X11- unix/X0" pid=5234 comm="MainThread" requested_mask="w" denied_mask="w" fsuid=1000 ouid=0
This is a regression in AppArmor because in focal and such it was "rw" in the rules. This may be the display launch problem.