Commit 8b64c676 authored by intrigeri's avatar intrigeri Committed by segfault
Browse files

Update Tor Browser AppArmor profile to take into account new uBlock installation path (refs#16858).

parent 309a1172
diff --git a/etc/apparmor.d/torbrowser.Browser.firefox b/etc/apparmor.d/torbrowser.Browser.firefox
index 9f269e1..8c7c830 100644
index 9f269e1..82def53 100644
--- a/etc/apparmor.d/torbrowser.Browser.firefox
+++ b/etc/apparmor.d/torbrowser.Browser.firefox
@@ -1,10 +1,11 @@
......@@ -34,7 +34,7 @@ index 9f269e1..8c7c830 100644
owner @{PROC}/@{pid}/fd/ r,
owner @{PROC}/@{pid}/mountinfo r,
owner @{PROC}/@{pid}/stat r,
@@ -39,32 +43,34 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
@@ -39,32 +43,36 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
owner @{PROC}/@{pid}/task/*/stat r,
@{PROC}/sys/kernel/random/uuid r,
......@@ -83,6 +83,8 @@ index 9f269e1..8c7c830 100644
+ /usr/local/share/tor-browser-extensions/** rk,
+ /usr/share/{xul-,web}ext/ r,
+ /usr/share/{xul-,web}ext/** r,
+ /usr/share/mozilla/extensions/ r,
+ /usr/share/mozilla/extensions/** r,
+
+ /usr/share/doc/tails/website/ r,
+ /usr/share/doc/tails/website/** r,
......@@ -93,7 +95,7 @@ index 9f269e1..8c7c830 100644
/etc/mailcap r,
/etc/mime.types r,
@@ -88,12 +94,6 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
@@ -88,12 +96,6 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
/sys/devices/system/node/node[0-9]*/meminfo r,
deny /sys/devices/virtual/block/*/uevent r,
......@@ -106,7 +108,7 @@ index 9f269e1..8c7c830 100644
# Required for multiprocess Firefox (aka Electrolysis, i.e. e10s)
owner /{dev,run}/shm/org.chromium.* rw,
@@ -107,6 +107,29 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
@@ -107,6 +109,29 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
deny @{HOME}/.cache/fontconfig/** rw,
deny @{HOME}/.config/gtk-2.0/ rw,
deny @{HOME}/.config/gtk-2.0/** rw,
......@@ -136,7 +138,7 @@ index 9f269e1..8c7c830 100644
deny @{PROC}/@{pid}/net/route r,
deny /sys/devices/system/cpu/cpufreq/policy[0-9]*/cpuinfo_max_freq r,
deny /sys/devices/system/cpu/*/cache/index[0-9]*/size r,
@@ -122,5 +145,10 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
@@ -122,5 +147,10 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
/etc/xfce4/defaults.list r,
/usr/share/xfce4/applications/ r,
......@@ -149,7 +151,7 @@ index 9f269e1..8c7c830 100644
+ deny /tmp/ rwklx,
}
diff --git a/etc/apparmor.d/torbrowser.Browser.plugin-container b/etc/apparmor.d/torbrowser.Browser.plugin-container
index fdf5fda..346f2ad 100644
index fdf5fda..4015928 100644
--- a/etc/apparmor.d/torbrowser.Browser.plugin-container
+++ b/etc/apparmor.d/torbrowser.Browser.plugin-container
@@ -1,7 +1,7 @@
......@@ -185,7 +187,7 @@ index fdf5fda..346f2ad 100644
/etc/mime.types r,
/usr/share/applications/gnome-mimeapps.list r,
@@ -42,34 +42,29 @@ profile torbrowser_plugin_container {
@@ -42,34 +42,31 @@ profile torbrowser_plugin_container {
owner @{PROC}/@{pid}/task/*/stat r,
@{PROC}/sys/kernel/random/uuid r,
......@@ -235,6 +237,8 @@ index fdf5fda..346f2ad 100644
+ /usr/local/share/tor-browser-extensions/** rk,
+ /usr/share/{xul-,web}ext/ r,
+ /usr/share/{xul-,web}ext/** r,
+ /usr/share/mozilla/extensions/ r,
+ /usr/share/mozilla/extensions/** r,
+
+ /usr/share/doc/tails/website/ r,
+ /usr/share/doc/tails/website/** r,
......@@ -243,7 +247,7 @@ index fdf5fda..346f2ad 100644
/sys/devices/system/cpu/ r,
/sys/devices/system/cpu/present r,
@@ -95,10 +90,16 @@ profile torbrowser_plugin_container {
@@ -95,10 +92,16 @@ profile torbrowser_plugin_container {
deny @{PROC}/@{pid}/net/route r,
deny /sys/devices/system/cpu/cpufreq/policy[0-9]*/cpuinfo_max_freq r,
deny /sys/devices/system/cpu/*/cache/index[0-9]*/size r,
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment