[Pkg-privacy-commits] [torbrowser-launcher] 334/476: Explicitly run Tor with its own AppArmor profile.

[Ximin Luo]

This is an automated email from the git hooks/post-receive script.

infinity0 pushed a commit to branch debian
in repository torbrowser-launcher.

commit ceda0e8ec213f29ed001994845726ba0216cbf8d
Author: intrigeri <intrigeri at boum.org>
Date:   Thu Aug 14 16:23:07 2014 +0000

    Explicitly run Tor with its own AppArmor profile.
    
    Commit 04b24660 changed the way Tor is run, from Px to rix.
    
    Px exec's to profile that matches executable name, with environment
    variable scrubbing. rix makes the child process inherit the current
    process' confinement. Given we ship a `torbrowser.Tor.tor` profile,
    we'd better use it than inherit the browser's confinement.
---
 apparmor/torbrowser.Browser.firefox | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apparmor/torbrowser.Browser.firefox b/apparmor/torbrowser.Browser.firefox
index ff47ff3..118107f 100644
--- a/apparmor/torbrowser.Browser.firefox
+++ b/apparmor/torbrowser.Browser.firefox
@@ -45,7 +45,7 @@
   owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Data/Browser/profile.default/** rwk,
   owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Data/Tor/* rwk,
   owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Tor/* mr,
-  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Tor/tor rix,
+  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Tor/tor Px,
   owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Desktop/ r,
   owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Desktop/** rwk,
   owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Downloads/ r,

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/torbrowser-launcher.git