[Pkg-anonymity-tools] [torbrowser-launcher] 08/43: Explicitly run Tor with its own AppArmor profile.
Ulrike Uhlig
u-guest at moszumanska.debian.org
Tue Sep 2 07:19:54 UTC 2014
This is an automated email from the git hooks/post-receive script.
u-guest pushed a commit to branch master
in repository torbrowser-launcher.
commit ceda0e8ec213f29ed001994845726ba0216cbf8d
Author: intrigeri <intrigeri at boum.org>
Date: Thu Aug 14 16:23:07 2014 +0000
Explicitly run Tor with its own AppArmor profile.
Commit 04b24660 changed the way Tor is run, from Px to rix.
Px exec's to profile that matches executable name, with environment
variable scrubbing. rix makes the child process inherit the current
process' confinement. Given we ship a `torbrowser.Tor.tor` profile,
we'd better use it than inherit the browser's confinement.
---
apparmor/torbrowser.Browser.firefox | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/apparmor/torbrowser.Browser.firefox b/apparmor/torbrowser.Browser.firefox
index ff47ff3..118107f 100644
--- a/apparmor/torbrowser.Browser.firefox
+++ b/apparmor/torbrowser.Browser.firefox
@@ -45,7 +45,7 @@
owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Data/Browser/profile.default/** rwk,
owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Data/Tor/* rwk,
owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Tor/* mr,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Tor/tor rix,
+ owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Tor/tor Px,
owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Desktop/ r,
owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Desktop/** rwk,
owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Downloads/ r,
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/collab-maint/torbrowser-launcher.git
More information about the Pkg-anonymity-tools
mailing list