[Pkg-privacy-commits] [torbrowser-launcher] 13/28: apparmor: Tighten the /proc rules
Ulrike Uhlig
u-guest at moszumanska.debian.org
Sun Jul 10 21:18:17 UTC 2016
This is an automated email from the git hooks/post-receive script.
u-guest pushed a commit to branch debian/sid
in repository torbrowser-launcher.
commit 6a2daf51cbed17b277430dfb28f9522b18a3c75f
Author: Nicolas Braud-Santoni <nicolas at braud-santoni.eu>
Date: Tue Jun 28 01:05:43 2016 +0200
apparmor: Tighten the /proc rules
This prevents firefox from learning about other processes.
No actual security gain is expected.
---
apparmor/torbrowser.Browser.firefox | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/apparmor/torbrowser.Browser.firefox b/apparmor/torbrowser.Browser.firefox
index 90d7c82..e1cda06 100644
--- a/apparmor/torbrowser.Browser.firefox
+++ b/apparmor/torbrowser.Browser.firefox
@@ -28,9 +28,9 @@
deny /etc/machine-id r,
deny /var/lib/dbus/machine-id r,
- @{PROC}/[0-9]*/mountinfo r,
- @{PROC}/[0-9]*/stat r,
- @{PROC}/[0-9]*/task/*/stat r,
+ owner @{PROC}/[0-9]*/mountinfo r,
+ owner @{PROC}/[0-9]*/stat r,
+ owner @{PROC}/[0-9]*/task/*/stat r,
@{PROC}/sys/kernel/random/uuid r,
owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/ r,
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/torbrowser-launcher.git
More information about the Pkg-privacy-commits
mailing list