[Pkg-privacy-commits] [torbrowser-launcher] 26/59: AppArmor: add rules needed with new mediation support added in Linux 4.14.

Roger Shimizu rogershimizu at gmail.com
Mon Jan 29 13:43:58 UTC 2018 

This is an automated email from the git hooks/post-receive script.

rosh pushed a commit to branch debian/sid
in repository torbrowser-launcher.

commit d043788f590e8ff2da585e3512a0e596e7460ff8
Author: intrigeri <intrigeri at boum.org>
Date:   Thu Oct 26 11:12:05 2017 +0000

    AppArmor: add rules needed with new mediation support added in Linux 4.14.
---
 apparmor/torbrowser.Browser.firefox | 3 +++
 apparmor/torbrowser.Tor.tor         | 7 +++++++
 2 files changed, 10 insertions(+)

diff --git a/apparmor/torbrowser.Browser.firefox b/apparmor/torbrowser.Browser.firefox
index ff1bcdd..7935987 100644
--- a/apparmor/torbrowser.Browser.firefox
+++ b/apparmor/torbrowser.Browser.firefox
@@ -15,8 +15,11 @@
   # @{HOME}/ r,
 
   #dbus,
+  network netlink raw,
   network tcp,
 
+  ptrace (trace) peer=@{profile_name},
+
   deny /etc/host.conf r,
   deny /etc/hosts r,
   deny /etc/nsswitch.conf r,
diff --git a/apparmor/torbrowser.Tor.tor b/apparmor/torbrowser.Tor.tor
index 013f458..423180d 100644
--- a/apparmor/torbrowser.Tor.tor
+++ b/apparmor/torbrowser.Tor.tor
@@ -3,6 +3,7 @@
 /home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Tor/tor {
   #include <abstractions/base>
 
+  network netlink raw,
   network tcp,
   network udp,
 
@@ -17,6 +18,12 @@
   owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/Tor,Lib}/*.so mr,
   owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/Tor,Lib}/*.so.* mr,
 
+  # Silence file_inherit logs
+  deny @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/{browser/,}omni.ja r,
+  deny @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Data/Browser/profile.default/.parentlock rw,
+  deny @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Data/Browser/profile.default/extensions/*.xpi r,
+  deny @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Data/Browser/profile.default/startupCache/* r,
+
   @{PROC}/sys/kernel/random/uuid r,
   /sys/devices/system/cpu/ r,
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/torbrowser-launcher.git

More information about the Pkg-privacy-commits mailing list