torbrowser-launcher launcher scripts
====================================

These scripts are intended to run torbrowser-launcher (and thus torbrowser) as
another user in an Xephyr window server running inside your normal Xorg
session.

They assume the following packages are installed:

- torbrowser-launcher
- apparmor
- xserver-xephyr, awesome
- sudo, slay, psmisc

AppArmor should be enabled, but doesn't have to. I followed the HowTo from
https://wiki.debian.org/AppArmor, which can be summed up as just adding one
parameter to the kernel to enable it, followed by a reboot.

On wheezy, I'm using backports for torbrowser-launcher and apparmor.

The scripts assume they have been copied to /usr/local/bin/ and that there is a user
called "foo" (for running the actuall torbrowser(-launcher) process, and that
the current user has sudo rights for the following commands:

- sudo -i -u foo /usr/local/bin/tbb-l-wrapper
- sudo slay foo

There are two scripts, tbb-in-xephyr and tbb-l-wrapper. Only tbb-in-xephyr is
to be called directly and will result in torbrowser running in Xephyr.

Known problems:
---------------

- dbus is not started, so some input methods won't work. (Personally I don't
  want/need dbus though, so I'm awaiting a solution to
  https://trac.torproject.org/projects/tor/ticket/10014)
- not everybody likes awesome as the window manager being used ;)

Ideas, questions and ToDo:
--------------------------

- maybe all of this functionality could be integrated into.
  torbrowser-launcher itself, just writing this in shell was so easy.
- or for the time being, merge these two scripts into one, doing both,
  depending on how its called.
- run this in an unprivileged LXC container, which is also apparmor confined.
- (when) does this double confinement make sense?
- use a more sensible named default user (instead of foo).
- there should really be an option, so torbrowser-launcher doesn't detach
  itself, so that this "while;ps fax|grep" hack can go away.
- ship an usable sudoers.d example too.
- support for more users / instances

Feedback welcome, especially accompanied by patches! 


-- Holger Levsen, holger@debian.org, last updated: 2014-08-02
