asciiwolf pushed to branch main at The Tor Project / Applications / torbrowser-launcher Commits: 7ff7c438 by intrigeri at 2026-02-17T13:38:00+00:00 AppArmor: generalize rule The auto-generated app name varies across GNOME (and perhaps systemd) versions, let's simplify and allow read access to `cpu.max` everywhere relevant. - - - - - ab081741 by intrigeri at 2026-02-17T13:38:59+00:00 AppArmor: allow newly needed access Sadly, I could not figure out which code needs this. But it seems pretty harmless. - - - - - 4bfb2021 by asciiwolf at 2026-02-28T20:02:09+00:00 Merge branch 'apparmor-fixes-2026-02-edition' into 'main' AppArmor: fixes for recent Debian sid See merge request tpo/applications/torbrowser-launcher!43 - - - - - 1 changed file: - apparmor/torbrowser.Browser.firefox Changes: ===================================== apparmor/torbrowser.Browser.firefox ===================================== @@ -124,10 +124,11 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} { @{sys}/devices/pci[0-9]*/**/irq r, /sys/devices/system/cpu/ r, /sys/devices/system/cpu/present r, + @{sys}/devices/system/cpu/cpu[0-9]*/cpu_capacity r, /sys/devices/system/node/ r, /sys/devices/system/node/node[0-9]*/meminfo r, /sys/fs/cgroup/cpu,cpuacct/{,user.slice/}cpu.cfs_quota_us r, - /sys/fs/cgroup/user.slice/user-[0-9]*.slice/user@[0-9]*.service/app.slice/app-gnome-torbrowser-[0-9]*.scope/cpu.max r, + @{sys}/fs/cgroup/**/cpu.max r, deny /sys/class/input/ r, deny /sys/devices/virtual/block/*/uevent r, View it on GitLab: https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/-/compare... -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/-/compare... You're receiving this email because of your account on gitlab.torproject.org.