[Pkg-privacy-commits] [torbrowser-launcher] 22/59: AppArmor: support sysvinit systems.

Roger Shimizu rogershimizu at gmail.com
Mon Jan 29 13:43:57 UTC 2018 

This is an automated email from the git hooks/post-receive script.

rosh pushed a commit to branch debian/sid
in repository torbrowser-launcher.

commit 72d385fb95f85fa7e6d1c2a8b7102b73f61c8e80
Author: intrigeri <intrigeri at boum.org>
Date:   Sat Sep 9 17:28:02 2017 +0000

    AppArmor: support sysvinit systems.
    
    With systemd (at least on current Debian sid), /run/shm is a symlink to
    /dev/shm, so "owner /dev/shm/org.chromium.* rw," is enough. With sysvinit,
    apparently things are set up differently (perhaps the symlinks are in the
    opposite direction?) so Firefox tries to access /run/shm/org.chromium.*,
    which was rejected.
    
    Let's support both!
    
    Thanks to gregor herrmann <gregoa at debian.org> for the bug report:
    https://bugs.debian.org/874383
    
    Note that this problem happens with pristine 0.2.8 profiles,
    without the changes brought by my apparmor-e10s branch.
---
 apparmor/torbrowser.Browser.firefox          | 2 +-
 apparmor/torbrowser.Browser.plugin-container | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/apparmor/torbrowser.Browser.firefox b/apparmor/torbrowser.Browser.firefox
index 1d6421e..25a438b 100644
--- a/apparmor/torbrowser.Browser.firefox
+++ b/apparmor/torbrowser.Browser.firefox
@@ -80,7 +80,7 @@
   owner /{dev,run}/shm/shmfd-* rw,
 
   # Required for multiprocess Firefox (aka Electrolysis, i.e. e10s)
-  owner /dev/shm/org.chromium.* rw,
+  owner /{dev,run}/shm/org.chromium.* rw,
 
   # Deny access to DRM nodes, that's granted by the X abstraction, which is
   # sourced by the gnome abstraction, that we include.
diff --git a/apparmor/torbrowser.Browser.plugin-container b/apparmor/torbrowser.Browser.plugin-container
index 1214044..ee30fd4 100644
--- a/apparmor/torbrowser.Browser.plugin-container
+++ b/apparmor/torbrowser.Browser.plugin-container
@@ -66,7 +66,7 @@ profile torbrowser_plugin_container {
   owner /{dev,run}/shm/shmfd-* rw,
 
   # Required for multiprocess Firefox (aka Electrolysis, i.e. e10s)
-  owner /dev/shm/org.chromium.* rw,
+  owner /{dev,run}/shm/org.chromium.* rw,
 
   # Deny access to DRM nodes, that's granted by the X abstraction, which is
   # sourced by the gnome abstraction, that we include.

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/torbrowser-launcher.git

More information about the Pkg-privacy-commits mailing list