[Pkg-privacy-commits] [torbrowser-launcher] 27/59: AppArmor: grant access to mostly innocuous stuff Firefox tries to read.

[Roger Shimizu]

This is an automated email from the git hooks/post-receive script.

rosh pushed a commit to branch debian/sid
in repository torbrowser-launcher.

commit 68f502c3fbb754742cd23967cf30038ff6ce799a
Author: intrigeri <intrigeri at boum.org>
Date:   Thu Oct 26 11:12:52 2017 +0000

    AppArmor: grant access to mostly innocuous stuff Firefox tries to read.
    
    I did not check in details why it needs that nowadays but this does not
    increase the attack surface significantly, so let's allow it and don't
    take the risk of breaking security critical stuff by denying it blindly.
    
    If someone does the research and shows that it's safe to deny such access,
    then we can do so.
---
 apparmor/torbrowser.Browser.firefox | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/apparmor/torbrowser.Browser.firefox b/apparmor/torbrowser.Browser.firefox
index 7935987..abdcffc 100644
--- a/apparmor/torbrowser.Browser.firefox
+++ b/apparmor/torbrowser.Browser.firefox
@@ -31,6 +31,10 @@
   deny /etc/machine-id r,
   deny /var/lib/dbus/machine-id r,
 
+  /dev/ r,
+  /dev/shm/ r,
+
+  owner @{PROC}/@{pid}/fd/ r,
   owner @{PROC}/@{pid}/mountinfo r,
   owner @{PROC}/@{pid}/stat r,
   owner @{PROC}/@{pid}/status r,

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/torbrowser-launcher.git