[Pkg-privacy-commits] [torbrowser-launcher] 28/59: AppArmor: drop the usr.bin.torbrowser-launcher profile.
Roger Shimizu
rogershimizu at gmail.com
Mon Jan 29 13:43:58 UTC 2018
This is an automated email from the git hooks/post-receive script.
rosh pushed a commit to branch debian/sid
in repository torbrowser-launcher.
commit bc5f78f8d3f75e23d6edf5b4fe82339921c635d1
Author: intrigeri <intrigeri at boum.org>
Date: Thu Oct 26 11:16:58 2017 +0000
AppArmor: drop the usr.bin.torbrowser-launcher profile.
It's been broken since years and shipped in complain mode since 26 months.
It's now obvious that nobody cares enough about this profile to maintain it,
so let's drop it to avoid polluting system logs with tons of AppArmor messages:
with Linux 4.14, starting Tor Browser once triggers 27k+ such messages.
---
apparmor/usr.bin.torbrowser-launcher | 54 ------------------------------------
setup.py | 3 +-
2 files changed, 1 insertion(+), 56 deletions(-)
diff --git a/apparmor/usr.bin.torbrowser-launcher b/apparmor/usr.bin.torbrowser-launcher
deleted file mode 100644
index 3875d1f..0000000
--- a/apparmor/usr.bin.torbrowser-launcher
+++ /dev/null
@@ -1,54 +0,0 @@
-# Last Modified: Thu Jan 2 15:12:38 2014
-#include <tunables/global>
-
-/usr/bin/torbrowser-launcher flags=(complain) {
- #include <abstractions/base>
- #include <abstractions/nameservice>
- #include <abstractions/python>
- #include <abstractions/consoles>
- #include <abstractions/gnome>
- #include <abstractions/fonts>
- #include <abstractions/X>
- #include <abstractions/audio>
- #include <abstractions/freedesktop.org>
-
- capability sys_ptrace,
-
- # This script doesn't really need to read the interpreter that's running it.
- deny /usr/bin/python{2,3}.[0-7]* r,
-
- /{usr/,}bin/{dash,grep,ps} rix,
- /dev/ r,
- /etc/magic r,
- @{HOME}/.config/torbrowser/ rw,
- @{HOME}/.config/torbrowser/** mrwk,
- @{HOME}/.cache/torbrowser/ rw,
- @{HOME}/.cache/torbrowser/** mrwk,
- @{HOME}/.local/share/torbrowser/ rw,
- @{HOME}/.local/share/torbrowser/** mrwk,
- @{HOME}/.local/share/torbrowser/gnupg_homedir/* l,
- @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/start-tor-browser.desktop Ux,
-
- @{PROC}/ r,
- @{PROC}/[0-9]*/{cmdline,mountinfo,stat,status} r,
- @{PROC}/[0-9]*/task/** r,
- @{PROC}/sys/kernel/pid_max r,
- @{PROC}/tty/drivers r,
- @{PROC}/uptime r,
- /usr/bin/ r,
- /usr/bin/{gpg,dirname,expr,file,getconf,id} rix,
- /usr/bin/torbrowser-launcher r,
- /usr/share/file/magic.mgc r,
- /usr/share/file/magic/ r,
- /usr/share/themes/** r,
- /usr/share/torbrowser-launcher/** r,
-
- /usr/share/glib-2.0/schemas/gschemas.compiled r,
- owner @{HOME}/.config/dconf/user r,
- owner /{,var/}run/user/*/dconf/user rw,
-
- # including abstractions/audio is not enough to play modem sound
- /usr/bin/pulseaudio Pixr,
-
- #include <local/usr.bin.torbrowser-launcher>
-}
diff --git a/setup.py b/setup.py
index b573069..f3e3209 100644
--- a/setup.py
+++ b/setup.py
@@ -73,8 +73,7 @@ if distro != 'Ubuntu':
# we're not in a virtualenv, so we can probably write to /etc
datafiles += [('/etc/apparmor.d/', [
'apparmor/torbrowser.Browser.firefox',
- 'apparmor/torbrowser.Tor.tor',
- 'apparmor/usr.bin.torbrowser-launcher'])]
+ 'apparmor/torbrowser.Tor.tor'])]
datafiles += [('/usr/share/locale/', create_mo_files())]
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/torbrowser-launcher.git
More information about the Pkg-privacy-commits
mailing list