[Pkg-privacy-commits] [torbrowser-launcher] 06/59: AppArmor: fully transition to plugin-container's own confinement when starting it, i.e. don't inherit Firefox' confinement.

Roger Shimizu rogershimizu at gmail.com
Mon Jan 29 13:43:56 UTC 2018 

This is an automated email from the git hooks/post-receive script.

rosh pushed a commit to branch debian/sid
in repository torbrowser-launcher.

commit 46ea9f33383c69ec8c3ba8b9c9189a42cb5195c5
Author: intrigeri <intrigeri at boum.org>
Date:   Fri Jun 16 16:13:03 2017 +0000

    AppArmor: fully transition to plugin-container's own confinement when starting it, i.e. don't inherit Firefox' confinement.
    
    We will later remove credentials plugin-container doesn't need, in order to
    confine it more strictly. Such effort would be worthless if we kept inheriting
    the permissions we grant the parent Firefox process.
---
 apparmor/torbrowser.Browser.firefox | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apparmor/torbrowser.Browser.firefox b/apparmor/torbrowser.Browser.firefox
index ff1bcdd..2536d47 100644
--- a/apparmor/torbrowser.Browser.firefox
+++ b/apparmor/torbrowser.Browser.firefox
@@ -47,7 +47,7 @@
   owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/components/*.so mr,
   owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/browser/components/*.so mr,
   owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox rix,
-  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/plugin-container Pix,
+  @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/plugin-container px -> torbrowser_plugin_container,
   owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/{,TorBrowser/UpdateInfo/}updates/[0-9]*/updater ix,
   owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/{,TorBrowser/UpdateInfo/}updates/0/MozUpdater/bgupdate/updater ix,
   owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Data/Browser/profiles.ini r,

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/torbrowser-launcher.git

More information about the Pkg-privacy-commits mailing list