New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
/usr/bin/env: error while loading shared libraries: cannot apply additional memory protection after relocation: Permission denied #177
Comments
Setting the torbrowser.start-tor-browser AppArmor profile to complain mode is a quick band-aid fix to the problem. Here's the output from /var/log/kern.log: Apr 28 14:29:13 listening-post kernel: [2128966.978926] audit_printk_skb: 24 callbacks suppressed |
The log messages are only about writing *.pyc files - either silence them with a deny rule or fix the packaging to get them pre-compiled. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783922 contains the more interesting log message: kernel: audit: type=1400 audit(1430470986.687:11317): apparmor="DENIED" That means you'll need to add "m" permissions for /usr/bin/env in the start-tor-browser profile. |
I've had lots of issues with the AppArmor profiles in Ubuntu, so I have been not enabling them by default in the Ubuntu release. Did you manually enable them? I'll still look into this regardless. |
This is starting to make sense. I bet the app armor profile were installed in a older version and then they weren't deleted on upgrade and uninstall/reinstall cycle also didn't remove them. Seems like the thing to is manual removal. I was confused because I see the app armor profiles on the machine that I've been running since the first release but not on machines I installed more recently. |
Yup, that's probably it. Here's the code that removes apparmor from the Ubuntu release: https://github.com/micahflee/torbrowser-launcher/blob/master/setup.py#L51
Do you want to manually delete those files from your own |
I commented on this bug only based on the log and my AppArmor knownledge ;-) (and re-reading the log entry and the profile, you might also need "r" permissions - or simply "rix") And instead of removing the AppArmor profiles, setting them into complain (learning) mode with aa-complain or by adding "flags=(complain)" is a better idea because this gives you log entries that help to update the profile ;-) |
Ha. Well, awhile ago I spent a decent amount of time making the very carefully-crafted Debian AppArmor profiles work in Ubuntu and ended up giving up. Mostly because I don't have vast AppArmor knowledge, or the time to spend on it, so I decided to just make AA profiles a Debian-only feature. If someone else wants to fix the AA profiles to work in Ubuntu but not make them less secure in the process, then pull requests are more than welcome :). Since this is an AA issue in Ubuntu, I'm gonna go ahead and close. |
Ubuntu 14.04 Trusty
Tor Browser Launcher
By Micah Lee, licensed under MIT
version 0.1.9
https://github.com/micahflee/torbrowser-launcher
Initializing Tor Browser Launcher
Importing keys
gpg: key 63FEE659: "Erinn Clark erinn@torproject.org" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
gpg: key 93298290: "Tor Browser Developers (signing key) torbrowser@torproject.org" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
Starting launcher dialog
LATEST VERSION 4.5
Checked for update within 24 hours, skipping
Latest version of TBB is installed, launching
/usr/bin/env: error while loading shared libraries: cannot apply additional memory protection after relocation: Permission denied
The text was updated successfully, but these errors were encountered: