[Pkg-anonymity-tools] [torbrowser-launcher] 18/43: AppArmor: enable Firefox to use GStreamer, again.
Ulrike Uhlig
u-guest at moszumanska.debian.org
Tue Sep 2 07:19:55 UTC 2014
This is an automated email from the git hooks/post-receive script.
u-guest pushed a commit to branch master
in repository torbrowser-launcher.
commit e263b8a81cbbd91367c926f7e2cc7281f60cbd89
Author: intrigeri <intrigeri at boum.org>
Date: Thu Aug 14 16:44:54 2014 +0000
AppArmor: enable Firefox to use GStreamer, again.
I've added these rules in 9d38e775 already. Now, commit 04b24660 made the
opposite change, for reasons that are unknown to me, while at the same time it
added direct access to sound devices, which seems inconsistent. So, I'm
reverting to the previous state.
If these rules are not consensual, let's discuss them instead of silently
dropping them. Thanks in advance.
---
apparmor/torbrowser.Browser.firefox | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/apparmor/torbrowser.Browser.firefox b/apparmor/torbrowser.Browser.firefox
index b7d6dad..13d3102 100644
--- a/apparmor/torbrowser.Browser.firefox
+++ b/apparmor/torbrowser.Browser.firefox
@@ -15,7 +15,6 @@
deny /etc/resolv.conf r,
deny /etc/passwd r,
deny /etc/group r,
- deny /etc/udev/udev.conf r,
deny /etc/mailcap r,
deny @{PROC}/[0-9]*/stat r,
@@ -26,8 +25,6 @@
deny @{PROC}/[0-9]*/stat r,
deny @{PROC}/[0-9]*/task/*/stat r,
- deny /run/udev/** r,
- deny /sys/devices/** r,
deny /etc/machine-id r,
deny /var/lib/dbus/machine-id r,
@@ -70,6 +67,12 @@
#/usr/share/fontconfig/conf.avail/* r,
#/var/cache/fontconfig/ rk,
+ # Should use abstractions/gstreamer instead once merged upstream
+ /etc/udev/udev.conf r,
+ /run/udev/data/+pci:* r,
+ /sys/devices/pci[0-9]*/**/uevent r,
+ owner /{dev,run}/shm/shmfd-* rw,
+
# KDE 4
owner @{HOME}/.kde/share/config/* r,
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/collab-maint/torbrowser-launcher.git
More information about the Pkg-anonymity-tools
mailing list