felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

/run -> @{run}, [0-9]* -> @{uid}.

Browse source
This commit is contained in:
Alexandre Pujol 2021-10-07 14:52:41 +01:00
parent 9c8c2144b8
commit 2fc138a4d7
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
15 changed files with 35 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

6
apparmor.d/groups/browsers/torbrowser.Browser.firefox
View file

@ -108,7 +108,7 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
# Should use abstractions/gstreamer instead once merged upstream
/etc/udev/udev.conf r,
/run/udev/data/+pci:* r,
@{run}/udev/data/+pci:* r,
/sys/devices/pci[0-9]*/**/uevent r,
owner /{dev,run}/shm/shmfd-* rw,
@ -132,7 +132,7 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
deny @{PROC}/@{pid}/net/route r,
deny /sys/devices/system/cpu/cpufreq/policy[0-9]*/cpuinfo_max_freq r,
deny /sys/devices/system/cpu/*/cache/index[0-9]*/size r,
deny /run/user/[0-9]*/dconf/user rw,
deny @{run}/user/@{uid}/dconf/user rw,
deny /usr/bin/lsb_release x,
# Silence denial logs about PulseAudio
@ -150,7 +150,7 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
/sys/class/ r,
/sys/bus/ r,
/sys/class/hidraw/ r,
/run/udev/data/c24{5,7,9}:* r,
@{run}/udev/data/c24{5,7,9}:* r,
/dev/hidraw* rw,
# Yubikey NEO also needs this:
/sys/devices/**/hidraw/hidraw*/uevent r,

2
apparmor.d/groups/browsers/torbrowser.Browser.plugin-container
View file

@ -79,7 +79,7 @@ profile torbrowser_plugin_container {
# Should use abstractions/gstreamer instead once merged upstream
/etc/udev/udev.conf r,
/run/udev/data/+pci:* r,
@{run}/udev/data/+pci:* r,
/sys/devices/pci[0-9]*/**/uevent r,
owner /{dev,run}/shm/shmfd-* rw,