Tor Browser stopped working with firejail after a major update

[ghost]

I am using firejail-0.9.54 on Slackware64 Linux-14.2 and today Tor Browser updated itself from version 7.5.6 to version 8.0. After this Tor Browser doesn't work anymore when launched through firejail. Once the main window starts, it displays the message:

Gah. Your tab just crashed.

Same happens for any new opened tab. It works fine without firejail.

[smitsohu]

Hi @somospocos, we believe this is already fixed for upcoming 0.9.56.

See defb5a4 and 736216c

General question: Should this go to etc-fixes?

[TNTBOMBOM]

This has been reported against TorProject and FF. because it effects both of them and tested by me:

FF 60:

https://bugzilla.mozilla.org/show_bug.cgi?id=1488078

TBB 8.0:

https://trac.torproject.org/projects/tor/ticket/27407#ticket

[SkewedZeppelin]

@TNTBOMBOM
This is not something that upstream Mozilla can/will fix, this is purely an issue with our profiles.

This issue that has been fixed since 0.9.54 for Firefox and derivatives
and is fixed for Tor Browser in master (future 0.9.56).

What version of Firejail are you running?

[TNTBOMBOM]

@SkewedZeppelin 0.9.44.8 from debian stretch stable repo. if firejail have been fixing that why dont u push the changes to Debian Repo ??

[SkewedZeppelin]

@TNTBOMBOM 0.9.54 is available via stretch-backports

[TNTBOMBOM]

@SkewedZeppelin saw that , still bad if its a stable version then its better to be pushed for the stable repo.

[Vincent43]

That's not how Debian stable works. They take the last stable firejail version at the point of Debian release and stick with it forever. If you want to have firejail gradually updated to latest version then use backports, testing, unstable or different distro.

Security updates are exception, that's why they keep updating chromium and firefox esr.

[TNTBOMBOM]

@SkewedZeppelin @Vincent43 thats great it worked fine with FF , but sadly it break TBB. any idea how to overcome that?

[Vincent43]

Fixes for tor browser aren't part of 0.9.54, they will be in 0.9.56. For now you may copy profiles manually:
https://github.com/netblue30/firejail/blob/master/etc/start-tor-browser.profile
https://github.com/netblue30/firejail/blob/master/etc/torbrowser-launcher.profile

[HundyK]

Is the Tor fix part of 0.9.56~rc1?

I am running into the same problem with the tabs crashing on startup using 0.9.56~rc1.

[SkewedZeppelin]

@HundyK the fix for TBB is not in 0.9.56rc1, only master (future 0.9.56 release).

[chiraag-nataraj]

Which has now been released! Closing this for now, but please feel free to reopen if you still have this issue after upgrading.

[TNTBOMBOM]

after adding profiles to /etc/firejail/torbrowser-launcher as copy/paste from this link:
https://github.com/netblue30/firejail/blob/master/etc/torbrowser-launcher.profile

result after that, by running firejail torbrowser-laucher will give:

user@debian:~$ firejail torbrowser-launcher 
Reading profile /etc/firejail/torbrowser-launcher.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Error: cannot access profile file
user@debian:~$ 

@chiraag-nataraj please re-open this ticket

[Fred-Barclay]

@TNTBOMBOM What version of firejail are you using?
Can you also please run the following and paste the output back here?
firejail --debug torbrowser-launcher

Thanks!

EDIT: I expect you're using an older version of firejail that doesn't have /etc/firejail/disable-xdg.inc, but the profile you copied expects it. 😉 . If so, simply removing the line include /etc/firejail/disable-xdg.inc from your profile should fix this.

[TNTBOMBOM]

@Fred-Barclay

Big Thanks!!!

[Zypherspace]

Same problem here as TNTBOMBOM

firejail --debug torbrowser-launcher
Autoselecting /bin/bash as shell
Building quoted command line: 'torbrowser-launcher' 
Command name #torbrowser-launcher#
Found torbrowser-launcher profile in /usr/local/etc/firejail directory
Reading profile /usr/local/etc/firejail/torbrowser-launcher.profile
Error: cannot access profile file

Raw contents of https://github.com/netblue30/firejail/blob/master/etc/torbrowser-launcher.profile were cut/pasted, no file permissions changed. Tried removing the include /etc/firejail/disable-xdg.inc as suggested, same error. Running latest master from git.

[Vincent43]

What system you using?

[Zypherspace]

Fedora 29 Cinnamon. It is working on a fresh install of Fed 29 Plasma without any changes to profile.
I've reinstalled Tor-Browser. TB runs correctly outside Firejail.

I see some errors in terminal during TB launch:

$ firejail /usr/bin/torbrowser-launcher
Reading profile /usr/local/etc/firejail/torbrowser-launcher.profile
Reading profile /usr/local/etc/firejail/globals.local
Reading profile /usr/local/etc/firejail/disable-common.inc
Reading profile /usr/local/etc/firejail/disable-devel.inc
Reading profile /usr/local/etc/firejail/disable-interpreters.inc
Reading profile /usr/local/etc/firejail/disable-passwdmgr.inc
Reading profile /usr/local/etc/firejail/disable-programs.inc
Reading profile /usr/local/etc/firejail/whitelist-common.inc
Reading profile /usr/local/etc/firejail/whitelist-var-common.inc
Parent pid 28462, child pid 28463

Interface        MAC                IP               Mask             Status
lo                                  127.0.0.1        255.0.0.0        UP    
eth0-28462       9a:f1:78:a0:4c:91  192.168.50.247   255.255.255.0    UP    
Default gateway 192.168.50.1

Warning: skipping ca-certificates for private /etc
Warning fcopy: skipping /etc/crypto-policies/back-ends/openssh-server.config, cannot find inode
Private /etc installed in 33.96 ms
52 programs installed in 32.12 ms
Warning: cleaning all supplementary groups
Warning: cleaning all supplementary groups
Warning: cleaning all supplementary groups
Blacklist violations are logged to syslog
Child process initialized in 1106.97 ms

(torbrowser-launcher:76): Gtk-WARNING **: 02:01:11.697: Unable to locate theme engine in module_path: "murrine",

(torbrowser-launcher:76): Gtk-WARNING **: 02:01:11.697: Unable to locate theme engine in module_path: "murrine",

(torbrowser-launcher:76): Gtk-WARNING **: 02:01:11.697: Unable to locate theme engine in module_path: "murrine",

(torbrowser-launcher:76): Gtk-WARNING **: 02:01:11.697: Unable to locate theme engine in module_path: "murrine",

(torbrowser-launcher:76): Gtk-WARNING **: 02:01:11.697: Unable to locate theme engine in module_path: "murrine",

(torbrowser-launcher:76): Gtk-WARNING **: 02:01:11.697: Unable to locate theme engine in module_path: "murrine",

(torbrowser-launcher:76): Gtk-WARNING **: 02:01:11.697: Unable to locate theme engine in module_path: "murrine",
Tor Browser Launcher
By Micah Lee, licensed under MIT
version 0.2.9
https://github.com/micahflee/torbrowser-launcher
Refreshing local keyring...
Keyring refreshed successfully...
  No key updates for key: EF6E286DDA85EA2A4BA7DE684E2C6E8793298290
Launching './Browser/start-tor-browser --detach'...
`


```

[SkewedZeppelin]

@Zypherspace please see #2038 (comment)

[Zypherspace]

I tried the full scrub of firejail as detailed in #2038. I followed with a full recursive search and deleted any firejail remnants before reinstalling. Reinstalled with make rpms. Unfortunately I still see the Gah. Your tab just crashed. code on Tor-browser. Fedora has been updated several versions on the machine it's got a lot of ragtag symlinks, I'll reinstall a fresh release soon.

[Futureknows]

Commenting out seccomp fixed it for me.