Firejail: Tor Browser stopped working with firejail after a major update

Created on 7 Sep 2018 · 21Comments · Source: netblue30/firejail

I am using firejail-0.9.54 on Slackware64 Linux-14.2 and today Tor Browser updated itself from version 7.5.6 to version 8.0. After this Tor Browser doesn't work anymore when launched through firejail. Once the main window starts, it displays the message:

Gah. Your tab just crashed.

Same happens for any new opened tab. It works fine without firejail.

information

Source

ghost

Most helpful comment

That's not how Debian stable works. They take the last stable firejail version at the point of Debian release and stick with it forever. If you want to have firejail gradually updated to latest version then use backports, testing, unstable or different distro.

Security updates are exception, that's why they keep updating chromium and firefox esr.

Vincent43 on 8 Sep 2018

👍4

All 21 comments

Hi @somospocos, we believe this is already fixed for upcoming 0.9.56.

See defb5a48918c9fda82ac9bcf5c8a301e5f60da23 and 736216cacfe6a818b1ea0255f474089a8fa2f394

General question: Should this go to etc-fixes?

smitsohu on 7 Sep 2018

This has been reported against TorProject and FF. because it effects both of them and tested by me:

FF 60:

https://bugzilla.mozilla.org/show_bug.cgi?id=1488078

TBB 8.0:

https://trac.torproject.org/projects/tor/ticket/27407#ticket

TNTBOMBOM on 8 Sep 2018

@TNTBOMBOM
This is not something that upstream Mozilla can/will fix, this is purely an issue with our profiles.

This issue that has been fixed since 0.9.54 for Firefox and derivatives
and is fixed for Tor Browser in master (future 0.9.56).

What version of Firejail are you running?

SkewedZeppelin on 8 Sep 2018

👍1

@SkewedZeppelin 0.9.44.8 from debian stretch stable repo. if firejail have been fixing that why dont u push the changes to Debian Repo ??

TNTBOMBOM on 8 Sep 2018

@TNTBOMBOM 0.9.54 is available via stretch-backports

SkewedZeppelin on 8 Sep 2018

@SkewedZeppelin saw that , still bad if its a stable version then its better to be pushed for the stable repo.

TNTBOMBOM on 8 Sep 2018

Security updates are exception, that's why they keep updating chromium and firefox esr.

Vincent43 on 8 Sep 2018

👍4

@SkewedZeppelin @Vincent43 thats great it worked fine with FF , but sadly it break TBB. any idea how to overcome that?

TNTBOMBOM on 10 Sep 2018

Fixes for tor browser aren't part of 0.9.54, they will be in 0.9.56. For now you may copy profiles manually:
https://github.com/netblue30/firejail/blob/master/etc/start-tor-browser.profile
https://github.com/netblue30/firejail/blob/master/etc/torbrowser-launcher.profile

Vincent43 on 10 Sep 2018

Is the Tor fix part of 0.9.56~rc1?

I am running into the same problem with the tabs crashing on startup using 0.9.56~rc1.

HundyK on 12 Sep 2018

@HundyK the fix for TBB is not in 0.9.56rc1, only master (future 0.9.56 release).

SkewedZeppelin on 12 Sep 2018

👍2

Which has now been released! Closing this for now, but please feel free to reopen if you still have this issue after upgrading.

chiraag-nataraj on 25 Sep 2018

after adding profiles to /etc/firejail/torbrowser-launcher as copy/paste from this link:
https://github.com/netblue30/firejail/blob/master/etc/torbrowser-launcher.profile

result after that, by running firejail torbrowser-laucher will give:

user@debian:~$ firejail torbrowser-launcher 
Reading profile /etc/firejail/torbrowser-launcher.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Error: cannot access profile file
user@debian:~$

@chiraag-nataraj please re-open this ticket

TNTBOMBOM on 2 Oct 2018

@TNTBOMBOM What version of firejail are you using?
Can you also please run the following and paste the output back here?
firejail --debug torbrowser-launcher

Thanks!

EDIT: I expect you're using an older version of firejail that doesn't have /etc/firejail/disable-xdg.inc, but the profile you copied expects it. :wink: . If so, simply removing the line include /etc/firejail/disable-xdg.inc from your profile should fix this.

Fred-Barclay on 3 Oct 2018

👍2

@Fred-Barclay

Big Thanks!!!

TNTBOMBOM on 3 Oct 2018

👍1

Same problem here as TNTBOMBOM

firejail --debug torbrowser-launcher
Autoselecting /bin/bash as shell
Building quoted command line: 'torbrowser-launcher' 
Command name #torbrowser-launcher#
Found torbrowser-launcher profile in /usr/local/etc/firejail directory
Reading profile /usr/local/etc/firejail/torbrowser-launcher.profile
Error: cannot access profile file

Raw contents of https://github.com/netblue30/firejail/blob/master/etc/torbrowser-launcher.profile were cut/pasted, no file permissions changed. Tried removing the include /etc/firejail/disable-xdg.inc as suggested, same error. Running latest master from git.

Zypherspace on 23 Nov 2018

What system you using?

Vincent43 on 23 Nov 2018

Fedora 29 Cinnamon. It is working on a fresh install of Fed 29 Plasma without any changes to profile.
I've reinstalled Tor-Browser. TB runs correctly outside Firejail.

I see some errors in terminal during TB launch:

````
$ firejail /usr/bin/torbrowser-launcher
Reading profile /usr/local/etc/firejail/torbrowser-launcher.profile
Reading profile /usr/local/etc/firejail/globals.local
Reading profile /usr/local/etc/firejail/disable-common.inc
Reading profile /usr/local/etc/firejail/disable-devel.inc
Reading profile /usr/local/etc/firejail/disable-interpreters.inc
Reading profile /usr/local/etc/firejail/disable-passwdmgr.inc
Reading profile /usr/local/etc/firejail/disable-programs.inc
Reading profile /usr/local/etc/firejail/whitelist-common.inc
Reading profile /usr/local/etc/firejail/whitelist-var-common.inc
Parent pid 28462, child pid 28463

Interface MAC IP Mask Status
lo 127.0.0.1 255.0.0.0 UP
eth0-28462 9a:f1:78:a0:4c:91 192.168.50.247 255.255.255.0 UP
Default gateway 192.168.50.1

Warning: skipping ca-certificates for private /etc
Warning fcopy: skipping /etc/crypto-policies/back-ends/openssh-server.config, cannot find inode
Private /etc installed in 33.96 ms
52 programs installed in 32.12 ms
Warning: cleaning all supplementary groups
Warning: cleaning all supplementary groups
Warning: cleaning all supplementary groups
Blacklist violations are logged to syslog
Child process initialized in 1106.97 ms

(torbrowser-launcher:76): Gtk-WARNING **: 02:01:11.697: Unable to locate theme engine in module_path: "murrine",

(torbrowser-launcher:76): Gtk-WARNING **: 02:01:11.697: Unable to locate theme engine in module_path: "murrine",
Tor Browser Launcher
By Micah Lee, licensed under MIT
version 0.2.9
https://github.com/micahflee/torbrowser-launcher
Refreshing local keyring...
Keyring refreshed successfully...
No key updates for key: EF6E286DDA85EA2A4BA7DE684E2C6E8793298290
Launching './Browser/start-tor-browser --detach'...
`

```

Zypherspace on 24 Nov 2018

@Zypherspace please see https://github.com/netblue30/firejail/issues/2038#issuecomment-405096879

SkewedZeppelin on 24 Nov 2018

👍1

I tried the full scrub of firejail as detailed in #2038. I followed with a full recursive search and deleted any firejail remnants before reinstalling. Reinstalled with make rpms. Unfortunately I still see the Gah. Your tab just crashed. code on Tor-browser. Fedora has been updated several versions on the machine it's got a lot of ragtag symlinks, I'll reinstall a fresh release soon.

Zypherspace on 29 Nov 2018

Commenting out seccomp fixed it for me.