boklm pushed to branch main at The Tor Project / Applications / torbrowser-launcher

Commits:

3 changed files:

Changes:

  • apparmor/torbrowser.Browser.firefox
    1 1 
     #include <tunables/global>
    2 2 
     #include <tunables/torbrowser>
    3 3
    4 
    -@{torbrowser_firefox_executable} = /home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox.real
    4 
    +@{torbrowser_firefox_executable} = /home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser/Browser/firefox.real
    5 5
    6 6 
     profile torbrowser_firefox @{torbrowser_firefox_executable} {
    7 7 
       #include <abstractions/audio>
    ... ... @@ -12,6 +12,8 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
    12 12 
       #include <abstractions/opencl>
    13 13 
       #include if exists <abstractions/vulkan>
    14 14
    15 
    +  deny capability sys_ptrace,
    16 
    +
    15 17 
       # Uncomment the following lines if you want to give the Tor Browser read-write
    16 18 
       # access to most of your personal files.
    17 19 
       # #include <abstractions/user-download>
    ... ... @@ -46,10 +48,13 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
    46 48 
       owner @{PROC}/@{pid}/environ r,
    47 49 
       owner @{PROC}/@{pid}/fd/ r,
    48 50 
       owner @{PROC}/@{pid}/mountinfo r,
    51 
    +  owner @{PROC}/@{pid}/oom_score_adj rw,
    49 52 
       owner @{PROC}/@{pid}/smaps r,
    50 53 
       owner @{PROC}/@{pid}/stat r,
    51 54 
       owner @{PROC}/@{pid}/statm r,
    52 55 
       owner @{PROC}/@{pid}/status r,
    56 
    +  owner @{PROC}/@{pid}/task/ r,
    57 
    +  owner @{PROC}/@{pid}/task/*/comm r,
    53 58 
       owner @{PROC}/@{pid}/task/*/stat r,
    54 59 
       @{PROC}/sys/kernel/random/uuid r,
    55 60
    ... ... @@ -70,6 +75,7 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
    70 75 
       owner @{torbrowser_home_dir}/Downloads/ rwk,
    71 76 
       owner @{torbrowser_home_dir}/Downloads/** rwk,
    72 77 
       owner @{torbrowser_home_dir}/firefox rix,
    78 
    +  owner @{torbrowser_home_dir}/glxtest ix,
    73 79 
       owner @{torbrowser_home_dir}/{,TorBrowser/UpdateInfo/}updates/[0-9]*/* rw,
    74 80 
       owner @{torbrowser_home_dir}/{,TorBrowser/UpdateInfo/}updates/[0-9]*/{,MozUpdater/bgupdate/}updater ix,
    75 81 
       owner @{torbrowser_home_dir}/updater ix,
    ... ... @@ -111,6 +117,7 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
    111 117 
       /sys/devices/system/node/ r,
    112 118 
       /sys/devices/system/node/node[0-9]*/meminfo r,
    113 119 
       /sys/fs/cgroup/cpu,cpuacct/{,user.slice/}cpu.cfs_quota_us r,
    120 
    +  deny /sys/class/input/ r,
    114 121 
       deny /sys/devices/virtual/block/*/uevent r,
    115 122
    116 123 
       # Should use abstractions/gstreamer instead once merged upstream

  • apparmor/torbrowser.Tor.tor
    1 1 
     #include <tunables/global>
    2 2 
     #include <tunables/torbrowser>
    3 3
    4 
    -@{torbrowser_tor_executable} = /home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Tor/tor
    4 
    +@{torbrowser_tor_executable} = /home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser/Browser/TorBrowser/Tor/tor
    5 5
    6 6 
     profile torbrowser_tor @{torbrowser_tor_executable} {
    7 7 
       #include <abstractions/base>

  • apparmor/tunables/torbrowser
    1 
    -@{torbrowser_installation_dir}=@{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*
    1 
    +@{torbrowser_installation_dir}=@{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser
    2 2 
     @{torbrowser_home_dir}=@{torbrowser_installation_dir}/Browser


    • View it on GitLab.
    You're receiving this email because of your account on gitlab.torproject.org. Manage all notifications · Help