[Pkg-anonymity-tools] [torbrowser-launcher] 19/43: Remove probably useless commented out AppArmor rules.
Ulrike Uhlig
u-guest at moszumanska.debian.org
Tue Sep 2 07:19:56 UTC 2014
This is an automated email from the git hooks/post-receive script.
u-guest pushed a commit to branch master
in repository torbrowser-launcher.
commit 183906e7ce7ac7e79b124b894756a2be471ca602
Author: intrigeri <intrigeri at boum.org>
Date: Thu Aug 14 16:47:41 2014 +0000
Remove probably useless commented out AppArmor rules.
These rules are mostly duplicates from ones that are already in the `fonts`
abstraction, that we transitively include, so it's unclear to me when they
may be needed.
Note that the only difference between the abstraction's rules and these ones is
the "k" access granted on /var/cache/fontconfig/, which feels odd: even if
a non-root user is allowed to do that, none of my other confined
fontconfig-using applications need that, so I would be surprised if Firefox used
fontconfig in a way that requires locking that directory. Still, if I'm shown
rejection logs that show it's needed, then I'm happy to add it back... and then,
perhaps it will make more sense to push it to the upstream fonts abstraction.
---
apparmor/torbrowser.Browser.firefox | 3 ---
1 file changed, 3 deletions(-)
diff --git a/apparmor/torbrowser.Browser.firefox b/apparmor/torbrowser.Browser.firefox
index 13d3102..660ee72 100644
--- a/apparmor/torbrowser.Browser.firefox
+++ b/apparmor/torbrowser.Browser.firefox
@@ -63,9 +63,6 @@
/usr/share/gnome/applications/kde4/ r,
/usr/share/poppler/cMap/ r,
- ## Might flash a message when some packages are installed
- #/usr/share/fontconfig/conf.avail/* r,
- #/var/cache/fontconfig/ rk,
# Should use abstractions/gstreamer instead once merged upstream
/etc/udev/udev.conf r,
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/collab-maint/torbrowser-launcher.git
More information about the Pkg-anonymity-tools
mailing list