Commit db10573e authored by intrigeri's avatar intrigeri
Browse files

Tor Browser AppArmor profile patch: update to apply cleanly on top of torbrowser-launcher 0.2.9-4.

parent 5e23620d
diff --git a/etc/apparmor.d/torbrowser.Browser.firefox b/etc/apparmor.d/torbrowser.Browser.firefox
index d0aded9..87a0191 100644
index 69354d1..3429689 100644
--- a/etc/apparmor.d/torbrowser.Browser.firefox
+++ b/etc/apparmor.d/torbrowser.Browser.firefox
@@ -1,10 +1,11 @@
#include <tunables/global>
#include <tunables/torbrowser>
-@{torbrowser_firefox_executable} = /home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox
-@{torbrowser_firefox_executable} = /home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox.real
+@{torbrowser_firefox_executable} = /usr/local/lib/tor-browser/firefox.real
profile torbrowser_firefox @{torbrowser_firefox_executable} {
......@@ -15,7 +15,7 @@ index d0aded9..87a0191 100644
# Uncomment the following lines if you want to give the Tor Browser read-write
# access to most of your personal files.
@@ -25,13 +26,16 @@
@@ -25,13 +26,16 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
deny /etc/passwd r,
deny /etc/group r,
deny /etc/mailcap r,
......@@ -34,7 +34,7 @@ index d0aded9..87a0191 100644
owner @{PROC}/@{pid}/fd/ r,
owner @{PROC}/@{pid}/mountinfo r,
owner @{PROC}/@{pid}/stat r,
@@ -39,30 +43,32 @@
@@ -39,30 +43,32 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
owner @{PROC}/@{pid}/task/*/stat r,
@{PROC}/sys/kernel/random/uuid r,
......@@ -91,15 +91,7 @@ index d0aded9..87a0191 100644
/etc/mailcap r,
/etc/mime.types r,
@@ -70,6 +76,7 @@
/usr/share/ r,
/usr/share/mime/ r,
/usr/share/themes/ r,
+ /usr/share/glib-2.0/schemas/gschemas.compiled r,
/usr/share/applications/** rk,
/usr/share/gnome/applications/ r,
/usr/share/gnome/applications/kde4/ r,
@@ -85,12 +92,6 @@
@@ -86,12 +92,6 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
/sys/devices/system/node/node[0-9]*/meminfo r,
deny /sys/devices/virtual/block/*/uevent r,
......@@ -112,7 +104,7 @@ index d0aded9..87a0191 100644
# Required for multiprocess Firefox (aka Electrolysis, i.e. e10s)
owner /{dev,run}/shm/org.chromium.* rw,
@@ -104,6 +105,32 @@
@@ -105,6 +105,32 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
deny @{HOME}/.cache/fontconfig/** rw,
deny @{HOME}/.config/gtk-2.0/ rw,
deny @{HOME}/.config/gtk-2.0/** rw,
......@@ -145,7 +137,7 @@ index d0aded9..87a0191 100644
deny @{PROC}/@{pid}/net/route r,
deny /sys/devices/system/cpu/cpufreq/policy[0-9]*/cpuinfo_max_freq r,
deny /sys/devices/system/cpu/*/cache/index[0-9]*/size r,
@@ -119,5 +146,10 @@
@@ -120,5 +146,10 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
/etc/xfce4/defaults.list r,
/usr/share/xfce4/applications/ r,
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment