[Pkg-privacy-commits] [torbrowser-launcher] 34/48: AppArmor: silence denial logs about permissions we don't need.

[Roger Shimizu]

This is an automated email from the git hooks/post-receive script.

rosh pushed a commit to branch debian/sid
in repository torbrowser-launcher.

commit 88d862a3828ef0b287232018e300dd6ce66b57a1
Author: intrigeri <intrigeri at boum.org>
Date:   Fri Jun 16 15:34:55 2017 +0000

    AppArmor: silence denial logs about permissions we don't need.
    
    As of Tor Browser 7.0.1:
    
     * /dev/dri/: we block access to the DRI nodes, so listing
       them would be useless
     * net/route: seems risky as it can leak information about IPs used on the LAN;
       Tor Browser seems to works perfectly without such access, so let's not
       grant it to be on the safe side
     * CPU maximum frequency:only used to optimize VP8/VP9 encoding
     * CPU cache size: seems unused
---
 apparmor/torbrowser.Browser.firefox | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/apparmor/torbrowser.Browser.firefox b/apparmor/torbrowser.Browser.firefox
index b4a1066..3b8e307 100644
--- a/apparmor/torbrowser.Browser.firefox
+++ b/apparmor/torbrowser.Browser.firefox
@@ -91,6 +91,12 @@
   # sourced by the gnome abstraction, that we include.
   deny /dev/dri/** rwklx,
 
+  # Silence denial logs about permissions we don't need
+  deny /dev/dri/   rwklx,
+  deny @{PROC}/@{pid}/net/route r,
+  deny /sys/devices/system/cpu/cpufreq/policy[0-9]*/cpuinfo_max_freq r,
+  deny /sys/devices/system/cpu/*/cache/index[0-9]*/size r,
+
   # KDE 4
   owner @{HOME}/.kde/share/config/* r,
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/torbrowser-launcher.git