[Pkg-privacy-commits] [torbrowser-launcher] 204/476: fix apparmor rules in ubuntu (#73)
Ximin Luo
infinity0 at moszumanska.debian.org
Sat Aug 22 13:21:37 UTC 2015
This is an automated email from the git hooks/post-receive script.
infinity0 pushed a commit to branch debian
in repository torbrowser-launcher.
commit 896285ddb87ccf6609067473916c3a11cd0f2515
Author: Micah Lee <micah at micahflee.com>
Date: Thu May 1 18:07:51 2014 -0700
fix apparmor rules in ubuntu (#73)
---
apparmor/torbrowser.Browser.firefox | 4 ++++
apparmor/usr.bin.torbrowser-launcher | 36 +++++++++++++++++-------------------
2 files changed, 21 insertions(+), 19 deletions(-)
diff --git a/apparmor/torbrowser.Browser.firefox b/apparmor/torbrowser.Browser.firefox
index 08ba41e..d38f187 100644
--- a/apparmor/torbrowser.Browser.firefox
+++ b/apparmor/torbrowser.Browser.firefox
@@ -84,4 +84,8 @@
dbus,
+ /usr/share/glib-2.0/schemas/gschemas.compiled r,
+ /usr/share/gvfs/remote-volume-monitors/* r,
+ owner /{,var/}run/user/*/dconf/user rw,
+
}
diff --git a/apparmor/usr.bin.torbrowser-launcher b/apparmor/usr.bin.torbrowser-launcher
index fd1a651..a445af9 100644
--- a/apparmor/usr.bin.torbrowser-launcher
+++ b/apparmor/usr.bin.torbrowser-launcher
@@ -5,41 +5,35 @@
#include <abstractions/base>
#include <abstractions/nameservice>
#include <abstractions/python>
+ #include <abstractions/consoles>
+ #include <abstractions/gnome>
+ #include <abstractions/fonts>
+ #include <abstractions/X>
+ #include <abstractions/audio>
+ #include <abstractions/freedesktop.org>
+ #include <abstractions/dconf>
capability sys_ptrace,
#/bin/{dash,grep,ps} rix,
- /dev/ r,
- /dev/pts/ r,
/etc/magic r,
- /etc/fonts/** r,
- /var/cache/fontconfig/* r,
- /usr/share/fonts/ r,
- @{HOME}/.Xauthority r,
- @{HOME}/.cache/fontconfig/e2d80dc3d99bd64349f910b1f0a35039-le64.cache-4 r,
- @{HOME}/.config/pulse/cookie rk,
- @{HOME}/.local/share/fonts/ r,
@{HOME}/.torbrowser/ rw,
@{HOME}/.torbrowser/** mrwk,
@{HOME}/.torbrowser/gnupg_homedir/* l,
@{HOME}/.torbrowser/tbb/{stable,alpha}/{i686,x86_64}/tor-browser_*/start-tor-browser ux,
@{PROC}/ r,
- @{PROC}/*/cmdline r,
- @{PROC}/*/maps r,
- @{PROC}/*/mountinfo r,
- @{PROC}/*/mounts r,
- @{PROC}/*/stat r,
- @{PROC}/*/status r,
- @{PROC}/*/task/** r,
- @{PROC}/filesystems r,
- @{PROC}/meminfo r,
+ @{PROC}/@{pid}/cmdline r,
+ @{PROC}/@{pid}/mountinfo r,
+ @{PROC}/@{pid}/stat r,
+ @{PROC}/@{pid}/status r,
+ @{PROC}/@{pid}/task/** r,
@{PROC}/sys/kernel/pid_max r,
@{PROC}/tty/drivers r,
@{PROC}/uptime r,
/usr/bin/ r,
/usr/bin/{gpg,wmctrl,dirname,expr,file,getconf,id,dash,grep,ps} rix,
/usr/bin/python2.7 rix,
- /usr/bin/torbrowser-launcher rix,
+ /usr/bin/torbrowser-launcher rux,
/usr/lib{,32,64}/** mr,
/usr/local/share/fonts/ r,
/usr/local/share/fonts/** r,
@@ -55,4 +49,8 @@
/usr/share/themes/** r,
/usr/share/torbrowser-launcher/** r,
+ /usr/share/glib-2.0/schemas/gschemas.compiled r,
+ /usr/lib{,32,64}/python{2,3}.[34567]/**.{pyc,so} mrw,
+ owner /{,var/}run/user/*/dconf/user rw,
+
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/torbrowser-launcher.git
More information about the Pkg-privacy-commits
mailing list