Tor Browser trying to read /etc/machine-id on start
Steps to reproduce:
- Tor Browser from the official website
- Download and enable the AppArmor profile from https://github.com/Whonix/apparmor-profile-torbrowser (you may need to modify 2 or 3 lines due to different naming, e.g. change
*-browser
to*-browser*
) - Start TorBrowser
- Inspect
/var/log/kern.log
You'll see a message like
Jun 29 01:23:45 debian kernel: [xxxxxx.xxxxxx] audit: type=1400 audit(xxxxxxxxxx.xxx:xx): apparmor="DENIED" operation="open" profile="/**/*-browser*/Browser/firefox" name="/etc/machine-id" pid=xxxx comm="firefox.real" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Not sure if this behaviour is also present in Firefox, maybe test it when I have time.
Debian 10 "Buster" Tor Browser 8.5.3 AppArmor 2.13.2-10
Trac:
Username: rain-undefined