Ability to set installation location

[t4777sd]

Right now where tor browser is installed is not configurable. It would be good to have a command switch, environment variable or something to set the directory where it will be installed.

[intrigeri]

I humbly suggest you explain what the expected benefit would be: without this, the developers will mostly see their side of the medal, i.e. the cost of adding flexibility.

[t4777sd]

The benefit is many systems assume Tor at specific locations in order to place it in a container. The browser launcher places tor in a nearly random location out of hundreds (depending on language, architecture, etc). The result is it is basically impossible to containerize it in a standard way.

[micahflee]

torbrowser-launcher comes with AppArmor profiles, which is basically a container. If we allowed it to go anywhere, it would break the AppArmor rules.

But you're right about the actual folder name not being consistent depending on language and architecture. It's always installed in ~/.local/share/torbrowser/tbb/, but on my system it's in ~/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US because I have an x86_64 processor and my language is set to English.

One simple solution maybe is that torbrowser-launcher could create a symlink, so that something like ~/.local/share/torbrowser/tbb/tor-browser always points to the correct Tor Browser folder after you install it. Would that be helpful?

What type of container are you trying to use btw?

[t4777sd]

I am just installing tor browser manually now, so the use-case I had is no longer needed. I was going to write a qubes utility that utilized torbrowser-launcher to install tor browser then setup the firejail rules and desktop files for qubes. However, I decided to abandon it for now and just do manual installations. Tor does a good job of auto-updating. I utilize firejail as a container solution inside of a qubes VM (I liked your presentation on qubes btw).

However, due to the attack surface of firejail, I will be moving more towards selinux.

[intrigeri]

One simple solution maybe is that torbrowser-launcher could create a symlink, so that something like `~/.local/share/torbrowser/tbb/tor-browser` always points to the correct Tor Browser folder after you install it. Would that be helpful?

That won't help wrt. AppArmor, which resolves symlinks before checking permissions (otherwise one could trivially bypass path-based permission checks by creating symlinks).