[Pkg-privacy-commits] [torbrowser-launcher] 01/01: d/patches: Add AppArmor profiles, 2018-01 edition
Roger Shimizu
rosh at debian.org
Sun Mar 18 14:01:03 UTC 2018
This is an automated email from the git hooks/post-receive script.
rosh pushed a commit to branch rosh/apparmor
in repository torbrowser-launcher.
commit e83b226cd40b08783ba4680f27d50dc41756ebb1
Author: Roger Shimizu <rosh at debian.org>
Date: Sun Mar 18 22:58:41 2018 +0900
d/patches: Add AppArmor profiles, 2018-01 edition
Thanks to intrigeri.
Some breakdown of the patches:
- Make e10s work fine especially with a Linux 4.14 kernel
- Silencing all the denial logs I could observe
- Support for obfs4 and obfs3
- Various updates, refactoring and clean-ups
---
debian/changelog | 12 ++++
debian/patches/0001-Update-AppArmor-comments.patch | 25 ++++++++
.../0002-Drop-spurious-trailing-whitespace.patch | 16 +++++
...low-plugin-container-to-read-file-app-ass.patch | 25 ++++++++
...low-Firefox-to-ptrace-plugin-container-an.patch | 25 ++++++++
...low-plugin-container-to-receive-term-sign.patch | 75 ++++++++++++++++++++++
debian/patches/0006-Fix-comment.patch | 21 ++++++
...low-Firefox-to-fully-manage-its-fontconfi.patch | 23 +++++++
...ant-access-to-mostly-innocuous-stuff-plug.patch | 32 +++++++++
...rmor-silence-denial-logs-about-PulseAudio.patch | 53 +++++++++++++++
...ilence-more-inherited-files-access-denial.patch | 20 ++++++
...rmor-drop-support-for-long-obsolete-paths.patch | 49 ++++++++++++++
...factor-thanks-to-variables-defined-in-tun.patch | 50 +++++++++++++++
...pArmor-give-the-tor-profile-a-stable-name.patch | 30 +++++++++
...pport-some-of-the-included-pluggable-tran.patch | 33 ++++++++++
...move-boilerplate-from-local-override-file.patch | 32 +++++++++
debian/patches/series | 15 +++++
17 files changed, 536 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 27d8f85..b20f608 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,15 @@
+torbrowser-launcher (0.2.9-2) UNRELEASED; urgency=medium
+
+ * debian/patches:
+ - Add AppArmor profiles, 2018-01 edition. Thanks to intrigeri.
+ Some breakdown of the patches:
+ + Make e10s work fine especially with a Linux 4.14 kernel
+ + Silencing all the denial logs I could observe
+ + Support for obfs4 and obfs3
+ + Various updates, refactoring and clean-ups
+
+ -- Roger Shimizu <rosh at debian.org> Sun, 18 Mar 2018 22:39:20 +0900
+
torbrowser-launcher (0.2.9-1) unstable; urgency=medium
* New upstream release 0.2.9 (Closes: #888236)
diff --git a/debian/patches/0001-Update-AppArmor-comments.patch b/debian/patches/0001-Update-AppArmor-comments.patch
new file mode 100644
index 0000000..a75de14
--- /dev/null
+++ b/debian/patches/0001-Update-AppArmor-comments.patch
@@ -0,0 +1,25 @@
+From: Micah Lee <micah at micahflee.com>
+Date: Sun, 28 Jan 2018 11:19:20 -0800
+Subject: Update AppArmor comments
+
+---
+ apparmor/local/torbrowser.Browser.plugin-container | 2 +-
+ apparmor/local/torbrowser.Tor.tor | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/apparmor/local/torbrowser.Browser.plugin-container b/apparmor/local/torbrowser.Browser.plugin-container
+index da8acb0..39c9217 100644
+--- a/apparmor/local/torbrowser.Browser.plugin-container
++++ b/apparmor/local/torbrowser.Browser.plugin-container
+@@ -1,2 +1,2 @@
+-# Site-specific additions and overrides for torbrowser.Browser.firefox.
++# Site-specific additions and overrides for torbrowser.Browser.plugin-container.
+ # For more details, please see /etc/apparmor.d/local/README.
+diff --git a/apparmor/local/torbrowser.Tor.tor b/apparmor/local/torbrowser.Tor.tor
+index da8acb0..8ba4033 100644
+--- a/apparmor/local/torbrowser.Tor.tor
++++ b/apparmor/local/torbrowser.Tor.tor
+@@ -1,2 +1,2 @@
+-# Site-specific additions and overrides for torbrowser.Browser.firefox.
++# Site-specific additions and overrides for torbrowser.Tor.tor.
+ # For more details, please see /etc/apparmor.d/local/README.
diff --git a/debian/patches/0002-Drop-spurious-trailing-whitespace.patch b/debian/patches/0002-Drop-spurious-trailing-whitespace.patch
new file mode 100644
index 0000000..afbb70d
--- /dev/null
+++ b/debian/patches/0002-Drop-spurious-trailing-whitespace.patch
@@ -0,0 +1,16 @@
+From: intrigeri <intrigeri at boum.org>
+Date: Sun, 28 Jan 2018 18:51:40 +0000
+Subject: Drop spurious trailing whitespace.
+
+---
+ apparmor/local/torbrowser.Browser.firefox | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/apparmor/local/torbrowser.Browser.firefox b/apparmor/local/torbrowser.Browser.firefox
+index 2bbf71e..da8acb0 100644
+--- a/apparmor/local/torbrowser.Browser.firefox
++++ b/apparmor/local/torbrowser.Browser.firefox
+@@ -1,2 +1,2 @@
+ # Site-specific additions and overrides for torbrowser.Browser.firefox.
+-# For more details, please see /etc/apparmor.d/local/README.
++# For more details, please see /etc/apparmor.d/local/README.
diff --git a/debian/patches/0003-AppArmor-allow-plugin-container-to-read-file-app-ass.patch b/debian/patches/0003-AppArmor-allow-plugin-container-to-read-file-app-ass.patch
new file mode 100644
index 0000000..003c9ed
--- /dev/null
+++ b/debian/patches/0003-AppArmor-allow-plugin-container-to-read-file-app-ass.patch
@@ -0,0 +1,25 @@
+From: intrigeri <intrigeri at boum.org>
+Date: Mon, 29 Jan 2018 06:34:14 +0000
+Subject: AppArmor: allow plugin-container to read file/app association
+ information.
+
+We already allow the main browser profile to do that but with e10s
+plugin-container now needs it as well.
+---
+ apparmor/torbrowser.Browser.plugin-container | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/apparmor/torbrowser.Browser.plugin-container b/apparmor/torbrowser.Browser.plugin-container
+index ee30fd4..eb28cc0 100644
+--- a/apparmor/torbrowser.Browser.plugin-container
++++ b/apparmor/torbrowser.Browser.plugin-container
+@@ -24,6 +24,9 @@ profile torbrowser_plugin_container {
+ deny /etc/machine-id r,
+ deny /var/lib/dbus/machine-id r,
+
++ /etc/mime.types r,
++ /usr/share/applications/gnome-mimeapps.list r,
++
+ owner @{PROC}/@{pid}/mountinfo r,
+ owner @{PROC}/@{pid}/stat r,
+ owner @{PROC}/@{pid}/status r,
diff --git a/debian/patches/0004-AppArmor-allow-Firefox-to-ptrace-plugin-container-an.patch b/debian/patches/0004-AppArmor-allow-Firefox-to-ptrace-plugin-container-an.patch
new file mode 100644
index 0000000..d0671aa
--- /dev/null
+++ b/debian/patches/0004-AppArmor-allow-Firefox-to-ptrace-plugin-container-an.patch
@@ -0,0 +1,25 @@
+From: intrigeri <intrigeri at boum.org>
+Date: Mon, 29 Jan 2018 06:36:55 +0000
+Subject: AppArmor: allow Firefox to ptrace plugin-container and to send it
+ term signals.
+
+With e10s Firefox does not need to ptrace itself anymore but instead it needs
+to ptrace and kill its child plugin-container processes.
+---
+ apparmor/torbrowser.Browser.firefox | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/apparmor/torbrowser.Browser.firefox b/apparmor/torbrowser.Browser.firefox
+index 05f4d16..2069d6f 100644
+--- a/apparmor/torbrowser.Browser.firefox
++++ b/apparmor/torbrowser.Browser.firefox
+@@ -13,7 +13,8 @@
+ network netlink raw,
+ network tcp,
+
+- ptrace (trace) peer=@{profile_name},
++ ptrace (trace) peer=torbrowser_plugin_container,
++ signal (send) set=("term") peer=torbrowser_plugin_container,
+
+ deny /etc/host.conf r,
+ deny /etc/hosts r,
diff --git a/debian/patches/0005-AppArmor-allow-plugin-container-to-receive-term-sign.patch b/debian/patches/0005-AppArmor-allow-plugin-container-to-receive-term-sign.patch
new file mode 100644
index 0000000..91b5238
--- /dev/null
+++ b/debian/patches/0005-AppArmor-allow-plugin-container-to-receive-term-sign.patch
@@ -0,0 +1,75 @@
+From: intrigeri <intrigeri at boum.org>
+Date: Mon, 29 Jan 2018 06:43:43 +0000
+Subject: AppArmor: allow plugin-container to receive term signals from the
+ parent Firefox process.
+MIME-Version: 1.0
+Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: 8bit
+
+We already allow Firefox to send term signals to plugin-container;
+this is the receiving counterpart.
+
+This requires giving the Firefox profile a proper name (torbrowser_firefox)
+because this:
+
+ signal (receive) set=("term") peer=/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox
+
+… does not work.
+
+Note to package maintainers
+===========================
+
+(This should probably be copied to the release notes.)
+
+Due to the profile renaming, upgrading the
+/etc/apparmor.d/torbrowser.Browser.firefox file requires special care. The best
+option is probably to strongly recommend users to reboot their system after
+this upgrade.
+
+Other options I can think of have unacceptable consequences:
+
+ - if we unload the old profile from the kernel, we will leave any already
+ running Tor Browser's Firefox executable unconfined, which is an unacceptable
+ violation of the user's security expectations;
+
+ - if we don't unload the old profile from the kernel, surprising behaviour will
+ happen such as:
+
+ - any already running Tor Browser's Firefox executable will be left confined
+ under the old profile which won't play well with new rules that have
+ peer=torbrowser_firefox;
+ - unpredictable behavior when a new Tor Browser is started, because two
+ profiles matching the Tor Browser's Firefox executable are loaded.
+---
+ apparmor/torbrowser.Browser.firefox | 4 +++-
+ apparmor/torbrowser.Browser.plugin-container | 2 ++
+ 2 files changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/apparmor/torbrowser.Browser.firefox b/apparmor/torbrowser.Browser.firefox
+index 2069d6f..5f7f1a7 100644
+--- a/apparmor/torbrowser.Browser.firefox
++++ b/apparmor/torbrowser.Browser.firefox
+@@ -1,7 +1,9 @@
+ #include <tunables/global>
+ #include <tunables/torbrowser>
+
+-/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox {
++@{torbrowser_firefox_executable} = /home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox
++
++profile torbrowser_firefox @{torbrowser_firefox_executable} {
+ #include <abstractions/gnome>
+
+ # Uncomment the following lines if you want to give the Tor Browser read-write
+diff --git a/apparmor/torbrowser.Browser.plugin-container b/apparmor/torbrowser.Browser.plugin-container
+index eb28cc0..f5554db 100644
+--- a/apparmor/torbrowser.Browser.plugin-container
++++ b/apparmor/torbrowser.Browser.plugin-container
+@@ -13,6 +13,8 @@ profile torbrowser_plugin_container {
+ # owner @{PROC}/@{pid}/fd/ r,
+ # owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/tmp/mozilla-temp-* rw,
+
++ signal (receive) set=("term") peer=torbrowser_firefox,
++
+ deny /etc/host.conf r,
+ deny /etc/hosts r,
+ deny /etc/nsswitch.conf r,
diff --git a/debian/patches/0006-Fix-comment.patch b/debian/patches/0006-Fix-comment.patch
new file mode 100644
index 0000000..5a1a371
--- /dev/null
+++ b/debian/patches/0006-Fix-comment.patch
@@ -0,0 +1,21 @@
+From: intrigeri <intrigeri at boum.org>
+Date: Mon, 29 Jan 2018 07:24:29 +0000
+Subject: Fix comment.
+
+---
+ apparmor/torbrowser.Browser.plugin-container | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/apparmor/torbrowser.Browser.plugin-container b/apparmor/torbrowser.Browser.plugin-container
+index f5554db..5fd3efa 100644
+--- a/apparmor/torbrowser.Browser.plugin-container
++++ b/apparmor/torbrowser.Browser.plugin-container
+@@ -4,7 +4,7 @@
+ profile torbrowser_plugin_container {
+ #include <abstractions/gnome>
+
+- # Uncomment the following lines if you don'want the Tor Browser
++ # Uncomment the following lines if you want Tor Browser
+ # to have direct access to your sound hardware. You will also
+ # need to remove the "deny" word in the machine-id lines further
+ # bellow.
diff --git a/debian/patches/0007-AppArmor-allow-Firefox-to-fully-manage-its-fontconfi.patch b/debian/patches/0007-AppArmor-allow-Firefox-to-fully-manage-its-fontconfi.patch
new file mode 100644
index 0000000..e614b13
--- /dev/null
+++ b/debian/patches/0007-AppArmor-allow-Firefox-to-fully-manage-its-fontconfi.patch
@@ -0,0 +1,23 @@
+From: intrigeri <intrigeri at boum.org>
+Date: Mon, 29 Jan 2018 07:38:41 +0000
+Subject: AppArmor: allow Firefox to fully manage its fontconfig cache.
+
+So far we allowed it to do everything in there except a link operation, so let's
+be consistent.
+---
+ apparmor/torbrowser.Browser.firefox | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/apparmor/torbrowser.Browser.firefox b/apparmor/torbrowser.Browser.firefox
+index 5f7f1a7..e6a455b 100644
+--- a/apparmor/torbrowser.Browser.firefox
++++ b/apparmor/torbrowser.Browser.firefox
+@@ -49,6 +49,8 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
+ owner @{torbrowser_home_dir}.bak/ rwk,
+ owner @{torbrowser_home_dir}.bak/** rwk,
+ owner @{torbrowser_home_dir}/*.so mr,
++ owner @{torbrowser_home_dir}/.cache/fontconfig/ rwk,
++ owner @{torbrowser_home_dir}/.cache/fontconfig/** rwkl,
+ owner @{torbrowser_home_dir}/components/*.so mr,
+ owner @{torbrowser_home_dir}/browser/components/*.so mr,
+ owner @{torbrowser_home_dir}/firefox rix,
diff --git a/debian/patches/0008-AppArmor-grant-access-to-mostly-innocuous-stuff-plug.patch b/debian/patches/0008-AppArmor-grant-access-to-mostly-innocuous-stuff-plug.patch
new file mode 100644
index 0000000..653f34b
--- /dev/null
+++ b/debian/patches/0008-AppArmor-grant-access-to-mostly-innocuous-stuff-plug.patch
@@ -0,0 +1,32 @@
+From: intrigeri <intrigeri at boum.org>
+Date: Mon, 29 Jan 2018 07:40:37 +0000
+Subject: AppArmor: grant access to mostly innocuous stuff plugin-container
+ tries to read.
+
+Same rationale as commit 68f502c3fbb754742cd23967cf30038ff6ce799a.
+---
+ apparmor/torbrowser.Browser.plugin-container | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/apparmor/torbrowser.Browser.plugin-container b/apparmor/torbrowser.Browser.plugin-container
+index 5fd3efa..4ee65ec 100644
+--- a/apparmor/torbrowser.Browser.plugin-container
++++ b/apparmor/torbrowser.Browser.plugin-container
+@@ -10,7 +10,6 @@ profile torbrowser_plugin_container {
+ # bellow.
+ # #include <abstractions/audio>
+ # /etc/asound.conf r,
+- # owner @{PROC}/@{pid}/fd/ r,
+ # owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/tmp/mozilla-temp-* rw,
+
+ signal (receive) set=("term") peer=torbrowser_firefox,
+@@ -29,6 +28,9 @@ profile torbrowser_plugin_container {
+ /etc/mime.types r,
+ /usr/share/applications/gnome-mimeapps.list r,
+
++ /dev/shm/ r,
++
++ owner @{PROC}/@{pid}/fd/ r,
+ owner @{PROC}/@{pid}/mountinfo r,
+ owner @{PROC}/@{pid}/stat r,
+ owner @{PROC}/@{pid}/status r,
diff --git a/debian/patches/0009-AppArmor-silence-denial-logs-about-PulseAudio.patch b/debian/patches/0009-AppArmor-silence-denial-logs-about-PulseAudio.patch
new file mode 100644
index 0000000..e4c36a7
--- /dev/null
+++ b/debian/patches/0009-AppArmor-silence-denial-logs-about-PulseAudio.patch
@@ -0,0 +1,53 @@
+From: intrigeri <intrigeri at boum.org>
+Date: Mon, 29 Jan 2018 07:42:09 +0000
+Subject: AppArmor: silence denial logs about PulseAudio.
+
+We don't currently allow access to the audio subsystem; let's not let AppArmor
+spam the logs about it.
+---
+ apparmor/torbrowser.Browser.firefox | 4 ++++
+ apparmor/torbrowser.Browser.plugin-container | 10 ++++++++--
+ 2 files changed, 12 insertions(+), 2 deletions(-)
+
+diff --git a/apparmor/torbrowser.Browser.firefox b/apparmor/torbrowser.Browser.firefox
+index e6a455b..d0aded9 100644
+--- a/apparmor/torbrowser.Browser.firefox
++++ b/apparmor/torbrowser.Browser.firefox
+@@ -108,6 +108,10 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
+ deny /sys/devices/system/cpu/cpufreq/policy[0-9]*/cpuinfo_max_freq r,
+ deny /sys/devices/system/cpu/*/cache/index[0-9]*/size r,
+
++ # Silence denial logs about PulseAudio
++ deny /etc/pulse/client.conf r,
++ deny /usr/bin/pulseaudio x,
++
+ # KDE 4
+ owner @{HOME}/.kde/share/config/* r,
+
+diff --git a/apparmor/torbrowser.Browser.plugin-container b/apparmor/torbrowser.Browser.plugin-container
+index 4ee65ec..fe95fdb 100644
+--- a/apparmor/torbrowser.Browser.plugin-container
++++ b/apparmor/torbrowser.Browser.plugin-container
+@@ -6,8 +6,10 @@ profile torbrowser_plugin_container {
+
+ # Uncomment the following lines if you want Tor Browser
+ # to have direct access to your sound hardware. You will also
+- # need to remove the "deny" word in the machine-id lines further
+- # bellow.
++ # need to remove, further bellow:
++ # - the "deny" word in the machine-id lines
++ # - the rules that deny reading /etc/pulse/client.conf
++ # and executing /usr/bin/pulseaudio
+ # #include <abstractions/audio>
+ # /etc/asound.conf r,
+ # owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/tmp/mozilla-temp-* rw,
+@@ -85,5 +87,9 @@ profile torbrowser_plugin_container {
+ deny /sys/devices/system/cpu/cpufreq/policy[0-9]*/cpuinfo_max_freq r,
+ deny /sys/devices/system/cpu/*/cache/index[0-9]*/size r,
+
++ # Silence denial logs about PulseAudio
++ deny /etc/pulse/client.conf r,
++ deny /usr/bin/pulseaudio x,
++
+ #include <local/torbrowser.Browser.plugin-container>
+ }
diff --git a/debian/patches/0010-AppArmor-silence-more-inherited-files-access-denial.patch b/debian/patches/0010-AppArmor-silence-more-inherited-files-access-denial.patch
new file mode 100644
index 0000000..2819e0e
--- /dev/null
+++ b/debian/patches/0010-AppArmor-silence-more-inherited-files-access-denial.patch
@@ -0,0 +1,20 @@
+From: intrigeri <intrigeri at boum.org>
+Date: Mon, 29 Jan 2018 07:42:54 +0000
+Subject: AppArmor: silence more inherited files access denial.
+
+---
+ apparmor/torbrowser.Tor.tor | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/apparmor/torbrowser.Tor.tor b/apparmor/torbrowser.Tor.tor
+index 0ccd737..e848f1f 100644
+--- a/apparmor/torbrowser.Tor.tor
++++ b/apparmor/torbrowser.Tor.tor
+@@ -20,6 +20,7 @@
+
+ # Silence file_inherit logs
+ deny @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/{browser/,}omni.ja r,
++ deny @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/{browser/,}features/*.xpi r,
+ deny @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Data/Browser/profile.default/.parentlock rw,
+ deny @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Data/Browser/profile.default/extensions/*.xpi r,
+ deny @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Data/Browser/profile.default/startupCache/* r,
diff --git a/debian/patches/0011-AppArmor-drop-support-for-long-obsolete-paths.patch b/debian/patches/0011-AppArmor-drop-support-for-long-obsolete-paths.patch
new file mode 100644
index 0000000..dcc589b
--- /dev/null
+++ b/debian/patches/0011-AppArmor-drop-support-for-long-obsolete-paths.patch
@@ -0,0 +1,49 @@
+From: intrigeri <intrigeri at boum.org>
+Date: Mon, 29 Jan 2018 07:56:45 +0000
+Subject: AppArmor: drop support for long-obsolete paths.
+
+---
+ apparmor/torbrowser.Tor.tor | 20 ++++++++++----------
+ 1 file changed, 10 insertions(+), 10 deletions(-)
+
+diff --git a/apparmor/torbrowser.Tor.tor b/apparmor/torbrowser.Tor.tor
+index e848f1f..ee53ba9 100644
+--- a/apparmor/torbrowser.Tor.tor
++++ b/apparmor/torbrowser.Tor.tor
+@@ -1,6 +1,6 @@
+ #include <tunables/global>
+
+-/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Tor/tor {
++/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Tor/tor {
+ #include <abstractions/base>
+
+ network netlink raw,
+@@ -11,19 +11,19 @@
+ /etc/nsswitch.conf r,
+ /etc/passwd r,
+ /etc/resolv.conf r,
+- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Tor/tor mr,
+- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Data/Tor/ rw,
+- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Data/Tor/* rw,
+- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Data/Tor/lock rwk,
+- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/Tor,Lib}/*.so mr,
+- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/Tor,Lib}/*.so.* mr,
++ owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Tor/tor mr,
++ owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Data/Tor/ rw,
++ owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Data/Tor/* rw,
++ owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Data/Tor/lock rwk,
++ owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Tor/*.so mr,
++ owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Tor/*.so.* mr,
+
+ # Silence file_inherit logs
+ deny @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/{browser/,}omni.ja r,
+ deny @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/{browser/,}features/*.xpi r,
+- deny @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Data/Browser/profile.default/.parentlock rw,
+- deny @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Data/Browser/profile.default/extensions/*.xpi r,
+- deny @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Data/Browser/profile.default/startupCache/* r,
++ deny @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Data/Browser/profile.default/.parentlock rw,
++ deny @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Data/Browser/profile.default/extensions/*.xpi r,
++ deny @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Data/Browser/profile.default/startupCache/* r,
+
+ @{PROC}/sys/kernel/random/uuid r,
+ /sys/devices/system/cpu/ r,
diff --git a/debian/patches/0012-AppArmor-refactor-thanks-to-variables-defined-in-tun.patch b/debian/patches/0012-AppArmor-refactor-thanks-to-variables-defined-in-tun.patch
new file mode 100644
index 0000000..4cd0057
--- /dev/null
+++ b/debian/patches/0012-AppArmor-refactor-thanks-to-variables-defined-in-tun.patch
@@ -0,0 +1,50 @@
+From: intrigeri <intrigeri at boum.org>
+Date: Mon, 29 Jan 2018 07:59:51 +0000
+Subject: AppArmor: refactor thanks to variables defined in
+ tunables/torbrowser.
+
+---
+ apparmor/torbrowser.Tor.tor | 23 ++++++++++++-----------
+ 1 file changed, 12 insertions(+), 11 deletions(-)
+
+diff --git a/apparmor/torbrowser.Tor.tor b/apparmor/torbrowser.Tor.tor
+index ee53ba9..109eaf5 100644
+--- a/apparmor/torbrowser.Tor.tor
++++ b/apparmor/torbrowser.Tor.tor
+@@ -1,4 +1,5 @@
+ #include <tunables/global>
++#include <tunables/torbrowser>
+
+ /home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Tor/tor {
+ #include <abstractions/base>
+@@ -11,19 +12,19 @@
+ /etc/nsswitch.conf r,
+ /etc/passwd r,
+ /etc/resolv.conf r,
+- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Tor/tor mr,
+- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Data/Tor/ rw,
+- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Data/Tor/* rw,
+- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Data/Tor/lock rwk,
+- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Tor/*.so mr,
+- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Tor/*.so.* mr,
++ owner @{torbrowser_home_dir}/TorBrowser/Tor/tor mr,
++ owner @{torbrowser_home_dir}/TorBrowser/Data/Tor/ rw,
++ owner @{torbrowser_home_dir}/TorBrowser/Data/Tor/* rw,
++ owner @{torbrowser_home_dir}/TorBrowser/Data/Tor/lock rwk,
++ owner @{torbrowser_home_dir}/TorBrowser/Tor/*.so mr,
++ owner @{torbrowser_home_dir}/TorBrowser/Tor/*.so.* mr,
+
+ # Silence file_inherit logs
+- deny @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/{browser/,}omni.ja r,
+- deny @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/{browser/,}features/*.xpi r,
+- deny @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Data/Browser/profile.default/.parentlock rw,
+- deny @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Data/Browser/profile.default/extensions/*.xpi r,
+- deny @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Data/Browser/profile.default/startupCache/* r,
++ deny @{torbrowser_home_dir}/{browser/,}omni.ja r,
++ deny @{torbrowser_home_dir}/{browser/,}features/*.xpi r,
++ deny @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/.parentlock rw,
++ deny @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/extensions/*.xpi r,
++ deny @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/startupCache/* r,
+
+ @{PROC}/sys/kernel/random/uuid r,
+ /sys/devices/system/cpu/ r,
diff --git a/debian/patches/0013-AppArmor-give-the-tor-profile-a-stable-name.patch b/debian/patches/0013-AppArmor-give-the-tor-profile-a-stable-name.patch
new file mode 100644
index 0000000..82191c9
--- /dev/null
+++ b/debian/patches/0013-AppArmor-give-the-tor-profile-a-stable-name.patch
@@ -0,0 +1,30 @@
+From: intrigeri <intrigeri at boum.org>
+Date: Mon, 29 Jan 2018 08:01:12 +0000
+Subject: AppArmor: give the tor profile a stable name.
+
+This will allow us to handle upgrades more nicely in the future,
+e.g. when the executable path changes. Besides, this makes the output of
+aa-status and logs much easier to grasp.
+
+Note to packagers: exactly as for the similar change applied to the Tor
+Browser's Firefox profile, please consider recommending users to reboot their
+system after the upgrade that applies this change.
+---
+ apparmor/torbrowser.Tor.tor | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/apparmor/torbrowser.Tor.tor b/apparmor/torbrowser.Tor.tor
+index 109eaf5..7106a75 100644
+--- a/apparmor/torbrowser.Tor.tor
++++ b/apparmor/torbrowser.Tor.tor
+@@ -1,7 +1,9 @@
+ #include <tunables/global>
+ #include <tunables/torbrowser>
+
+-/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Tor/tor {
++@{torbrowser_tor_executable} = /home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Tor/tor
++
++profile torbrowser_tor @{torbrowser_tor_executable} {
+ #include <abstractions/base>
+
+ network netlink raw,
diff --git a/debian/patches/0014-AppArmor-support-some-of-the-included-pluggable-tran.patch b/debian/patches/0014-AppArmor-support-some-of-the-included-pluggable-tran.patch
new file mode 100644
index 0000000..79d9f29
--- /dev/null
+++ b/debian/patches/0014-AppArmor-support-some-of-the-included-pluggable-tran.patch
@@ -0,0 +1,33 @@
+From: intrigeri <intrigeri at boum.org>
+Date: Mon, 29 Jan 2018 08:19:04 +0000
+Subject: AppArmor: support some of the included pluggable transports.
+
+This fixes support for obfs4 and obfs3.
+
+meek and fte require vastly more extended permissions and thus dedicated
+child profiles.
+---
+ apparmor/torbrowser.Tor.tor | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/apparmor/torbrowser.Tor.tor b/apparmor/torbrowser.Tor.tor
+index 7106a75..b0bfce0 100644
+--- a/apparmor/torbrowser.Tor.tor
++++ b/apparmor/torbrowser.Tor.tor
+@@ -16,11 +16,15 @@ profile torbrowser_tor @{torbrowser_tor_executable} {
+ /etc/resolv.conf r,
+ owner @{torbrowser_home_dir}/TorBrowser/Tor/tor mr,
+ owner @{torbrowser_home_dir}/TorBrowser/Data/Tor/ rw,
+- owner @{torbrowser_home_dir}/TorBrowser/Data/Tor/* rw,
++ owner @{torbrowser_home_dir}/TorBrowser/Data/Tor/** rw,
+ owner @{torbrowser_home_dir}/TorBrowser/Data/Tor/lock rwk,
+ owner @{torbrowser_home_dir}/TorBrowser/Tor/*.so mr,
+ owner @{torbrowser_home_dir}/TorBrowser/Tor/*.so.* mr,
+
++ # Support some of the included pluggable transports
++ owner @{torbrowser_home_dir}/TorBrowser/Tor/PluggableTransports/** rix,
++ @{PROC}/sys/net/core/somaxconn r,
++
+ # Silence file_inherit logs
+ deny @{torbrowser_home_dir}/{browser/,}omni.ja r,
+ deny @{torbrowser_home_dir}/{browser/,}features/*.xpi r,
diff --git a/debian/patches/0015-AppArmor-remove-boilerplate-from-local-override-file.patch b/debian/patches/0015-AppArmor-remove-boilerplate-from-local-override-file.patch
new file mode 100644
index 0000000..57a76e3
--- /dev/null
+++ b/debian/patches/0015-AppArmor-remove-boilerplate-from-local-override-file.patch
@@ -0,0 +1,32 @@
+From: intrigeri <intrigeri at boum.org>
+Date: Mon, 29 Jan 2018 08:24:52 +0000
+Subject: AppArmor: remove boilerplate from local override files.
+
+This matches how recent dh-apparmor behaves.
+---
+ apparmor/local/torbrowser.Browser.firefox | 2 --
+ apparmor/local/torbrowser.Browser.plugin-container | 2 --
+ apparmor/local/torbrowser.Tor.tor | 2 --
+ 3 files changed, 6 deletions(-)
+
+diff --git a/apparmor/local/torbrowser.Browser.firefox b/apparmor/local/torbrowser.Browser.firefox
+index da8acb0..e69de29 100644
+--- a/apparmor/local/torbrowser.Browser.firefox
++++ b/apparmor/local/torbrowser.Browser.firefox
+@@ -1,2 +0,0 @@
+-# Site-specific additions and overrides for torbrowser.Browser.firefox.
+-# For more details, please see /etc/apparmor.d/local/README.
+diff --git a/apparmor/local/torbrowser.Browser.plugin-container b/apparmor/local/torbrowser.Browser.plugin-container
+index 39c9217..e69de29 100644
+--- a/apparmor/local/torbrowser.Browser.plugin-container
++++ b/apparmor/local/torbrowser.Browser.plugin-container
+@@ -1,2 +0,0 @@
+-# Site-specific additions and overrides for torbrowser.Browser.plugin-container.
+-# For more details, please see /etc/apparmor.d/local/README.
+diff --git a/apparmor/local/torbrowser.Tor.tor b/apparmor/local/torbrowser.Tor.tor
+index 8ba4033..e69de29 100644
+--- a/apparmor/local/torbrowser.Tor.tor
++++ b/apparmor/local/torbrowser.Tor.tor
+@@ -1,2 +0,0 @@
+-# Site-specific additions and overrides for torbrowser.Tor.tor.
+-# For more details, please see /etc/apparmor.d/local/README.
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..e98eadd
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1,15 @@
+0001-Update-AppArmor-comments.patch
+0002-Drop-spurious-trailing-whitespace.patch
+0003-AppArmor-allow-plugin-container-to-read-file-app-ass.patch
+0004-AppArmor-allow-Firefox-to-ptrace-plugin-container-an.patch
+0005-AppArmor-allow-plugin-container-to-receive-term-sign.patch
+0006-Fix-comment.patch
+0007-AppArmor-allow-Firefox-to-fully-manage-its-fontconfi.patch
+0008-AppArmor-grant-access-to-mostly-innocuous-stuff-plug.patch
+0009-AppArmor-silence-denial-logs-about-PulseAudio.patch
+0010-AppArmor-silence-more-inherited-files-access-denial.patch
+0011-AppArmor-drop-support-for-long-obsolete-paths.patch
+0012-AppArmor-refactor-thanks-to-variables-defined-in-tun.patch
+0013-AppArmor-give-the-tor-profile-a-stable-name.patch
+0014-AppArmor-support-some-of-the-included-pluggable-tran.patch
+0015-AppArmor-remove-boilerplate-from-local-override-file.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/torbrowser-launcher.git
More information about the Pkg-privacy-commits
mailing list