[Pkg-privacy-commits] [torbrowser-launcher] 37/48: AppArmor: allow access to /sys/devices/system/node/node[0-9]*/meminfo.
Roger Shimizu
rosh at moszumanska.debian.org
Mon Sep 4 16:42:34 UTC 2017
This is an automated email from the git hooks/post-receive script.
rosh pushed a commit to branch debian/sid
in repository torbrowser-launcher.
commit bf59f7efffcfb529041f98d5968835f23d6a7b28
Author: intrigeri <intrigeri at boum.org>
Date: Fri Jun 16 15:59:22 2017 +0000
AppArmor: allow access to /sys/devices/system/node/node[0-9]*/meminfo.
abstractions/base allows access to /proc/meminfo already, so this doesn't leak
much more information. I can't be sure by looking at the code, but I would
not be surprised if Firefox needed more info about available memory
to manage it pool of content rendering processes, when e10s is enabled.
---
apparmor/torbrowser.Browser.firefox | 2 ++
1 file changed, 2 insertions(+)
diff --git a/apparmor/torbrowser.Browser.firefox b/apparmor/torbrowser.Browser.firefox
index 8833ff7..ff1bcdd 100644
--- a/apparmor/torbrowser.Browser.firefox
+++ b/apparmor/torbrowser.Browser.firefox
@@ -77,6 +77,8 @@
/sys/devices/system/cpu/ r,
/sys/devices/system/cpu/present r,
+ /sys/devices/system/node/ r,
+ /sys/devices/system/node/node[0-9]*/meminfo r,
deny /sys/devices/virtual/block/*/uevent r,
# Should use abstractions/gstreamer instead once merged upstream
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/torbrowser-launcher.git
More information about the Pkg-privacy-commits
mailing list