[Pkg-anonymity-tools] [torbrowser-launcher] 10/43: Hide AppArmor log about torbrowser-launcher trying to read the Python interpreter.
Ulrike Uhlig
u-guest at moszumanska.debian.org
Tue Sep 2 07:19:55 UTC 2014
This is an automated email from the git hooks/post-receive script.
u-guest pushed a commit to branch master
in repository torbrowser-launcher.
commit bfabd820beb383e8326ba652eb91beafa0a67143
Author: intrigeri <intrigeri at boum.org>
Date: Thu Aug 14 16:27:45 2014 +0000
Hide AppArmor log about torbrowser-launcher trying to read the Python interpreter.
Oh well, this script doesn't really need to read the interpreter that's
running it.
---
apparmor/usr.bin.torbrowser-launcher | 3 +++
1 file changed, 3 insertions(+)
diff --git a/apparmor/usr.bin.torbrowser-launcher b/apparmor/usr.bin.torbrowser-launcher
index 1b2c03b..610bfd5 100644
--- a/apparmor/usr.bin.torbrowser-launcher
+++ b/apparmor/usr.bin.torbrowser-launcher
@@ -14,6 +14,9 @@
capability sys_ptrace,
+ # This script doesn't really need to read the interpreter that's running it.
+ deny /usr/bin/python{2,3}.[0-7]* r,
+
/bin/{dash,grep,ps} rix,
/dev/ r,
/etc/magic r,
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/collab-maint/torbrowser-launcher.git
More information about the Pkg-anonymity-tools
mailing list