[Pkg-privacy-commits] [torbrowser-launcher] 01/01: d/patches: Add a patch to support sysvinit systems for AppArmor

[Roger Shimizu]

This is an automated email from the git hooks/post-receive script.

rosh pushed a commit to branch rosh/Bug874383
in repository torbrowser-launcher.

commit f6f832217a4d0855935c2f5de7c3cea26b05fdfc
Author: Roger Shimizu <rogershimizu at gmail.com>
Date:   Sun Sep 10 23:59:34 2017 +0900

    d/patches: Add a patch to support sysvinit systems for AppArmor
    
    Thanks to intrigeri and gregor herrmann
    
    Closes: #874383
---
 debian/changelog                                   |  3 ++
 .../0001-AppArmor-support-sysvinit-systems.patch   | 36 ++++++++++++++++++++++
 debian/patches/series                              |  1 +
 3 files changed, 40 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 63cc575..dc511c0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -6,6 +6,9 @@ torbrowser-launcher (0.2.8-2) UNRELEASED; urgency=medium
   * debian/rules and debian/help2man:
     - Add script to build manpage automatically.
   * Remove debian/torbrowser-launcher.1
+  * debian/patches:
+    - Add a patch to support sysvinit systems for AppArmor.
+      Thanks to intrigeri and gregor herrmann. (Closes: #874383)
 
  -- Roger Shimizu <rogershimizu at gmail.com>  Sun, 10 Sep 2017 12:27:52 +0900
 
diff --git a/debian/patches/0001-AppArmor-support-sysvinit-systems.patch b/debian/patches/0001-AppArmor-support-sysvinit-systems.patch
new file mode 100644
index 0000000..c74c943
--- /dev/null
+++ b/debian/patches/0001-AppArmor-support-sysvinit-systems.patch
@@ -0,0 +1,36 @@
+From: intrigeri <intrigeri at boum.org>
+Date: Sat, 9 Sep 2017 17:28:02 +0000
+Subject: AppArmor: support sysvinit systems.
+
+With systemd (at least on current Debian sid), /run/shm is a symlink to
+/dev/shm, so "owner /dev/shm/org.chromium.* rw," is enough. With sysvinit,
+apparently things are set up differently (perhaps the symlinks are in the
+opposite direction?) so Firefox tries to access /run/shm/org.chromium.*,
+which was rejected.
+
+Let's support both!
+
+Thanks to gregor herrmann <gregoa at debian.org> for the bug report:
+https://bugs.debian.org/874383
+
+Note that this problem happens with pristine 0.2.8 profiles,
+without the changes brought by my apparmor-e10s branch.
+
+(cherry picked from commit 72d385fb95f85fa7e6d1c2a8b7102b73f61c8e80)
+---
+ apparmor/torbrowser.Browser.firefox | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/apparmor/torbrowser.Browser.firefox b/apparmor/torbrowser.Browser.firefox
+index ff1bcdd..b1883c6 100644
+--- a/apparmor/torbrowser.Browser.firefox
++++ b/apparmor/torbrowser.Browser.firefox
+@@ -88,7 +88,7 @@
+   owner /{dev,run}/shm/shmfd-* rw,
+ 
+   # Required for multiprocess Firefox (aka Electrolysis, i.e. e10s)
+-  owner /dev/shm/org.chromium.* rw,
++  owner /{dev,run}/shm/org.chromium.* rw,
+ 
+   # Deny access to DRM nodes, that's granted by the X abstraction, which is
+   # sourced by the gnome abstraction, that we include.
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..d097395
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+0001-AppArmor-support-sysvinit-systems.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/torbrowser-launcher.git