local repo vs torbrowser-launcher vs flatpak vs snap: what's the best way to get tor browser? #304
Comments
|
It looks like the project I previously linked to was deleted. What is currently the best way to install and use Tor Browser on a Linux-based operating system (unless I were to use something like Tails)? Is it best if Tor Browser is packaged to be directly included in the repositories, to use the torbrowser-launcher or to wait until there is a flatpak or snap package? What's the best way to go forward? |
baimafeima
changed the title
|
Snaps are probably the best option in terms of security.
The main difference between snap and flatpak seems to be that snap enforces the security boundaries using AppArmor, whereas flatpak does not use SELinux (yet) (an equivalent to AppArmor). Note that, for these sandboxes to make sense, Wayland is required. The legacy X display server does not isolate the GUI at all, meaning that sandboxed applications can still interact with other windows and intercept keyboard inputs. |
I don't know about security comparsion or if this is topical here, but for me the main difference between Snap and Flatpak is more of ideological, Snaps only support a single repository at a time and in my opinion this ties it to Ubuntu/Canonical tightly, while flatpaks are closer to traditional repositories and you can add as many as you want (and this is why I go with flatpaks first, snaps second). There is still the de-facto Flathub where everyone can get into, which is probably equivalent of Snapcraft.io/store. In distributions, Flatpak seems to often be more supported while Snapd is outdated according to kamikazow's wordpress. However that article may be starting to be a bit dated, I don't know if the situation has improved. |
I agree. Snap is tied too strongly to Canoncial. I'm not sure if 'the traditional' repository model is something to be desired though, in the end we just want our package to get out there without having to worry about which repository to use. It'd be great if we could all settle on a single packaging system that isn't tied to a particular distribution or vendor. |
flatpak does not use, or need SELinux to enforce security boundaries. It uses namespaces, cgroups and seccomp (like e.g. docker does too). This means it is sandboxed on all distros, independent on whether they support AppArmor, SELinux or neither. |
@alexlarsson It is my understanding that Snap requires Apparmor to be effective. So in that case Flatpak would be better since not all distributions have Apparmor. |
|
Yes, currently Snap is permissive on non-apparmor distros. However I believe Snap developers are working on SELinux support. I don't know the status of that though. |
|
I haven’t really found any technical comparisons between the two, but I’d like to better understand how the 2 isolate processes. @alexlarsson do you know of any technical documentation on the different isolation technologies used? |
|
Here is some docs on the flatpak sandbox: https://github.com/flatpak/flatpak/wiki/Sandbox |
|
Thanks! |
|
Have the issues raised by https://flatkill.org/ already been addressed within the Flatpak community? The fact that someone took the time to set up this website has to be taken seriously. Do I understand it correctly that the security of a flatpak application depends to a large degree on the one who packages it? |
|
That site is some hater and is purely made in bad faith. There is no realistic way to "address" it, because there is no way to reply to it, and the issues raised are either bullshit or things that affect all packaging systems in existance... |
@micahflee What do you think about the project to make Tor Browser available as a snap package run by Joe Borg? Is there a possibility to cooperate between your two projects? How safe will using Tor Browser be when available as a snap? https://github.com/snapcrafters/tor-browser
The text was updated successfully, but these errors were encountered: