[Pkg-anonymity-tools] [torbrowser-launcher] 25/43: AppArmor: allow Firefox to access mountinfo.

[Ulrike Uhlig]

This is an automated email from the git hooks/post-receive script.

u-guest pushed a commit to branch master
in repository torbrowser-launcher.

commit 58e09ac555ad87bf2f3257a024c681856259f2ef
Author: intrigeri <intrigeri at boum.org>
Date:   Thu Aug 14 17:32:38 2014 +0000

    AppArmor: allow Firefox to access mountinfo.
    
    It's used in the GetDeviceName function (xpcom/io/nsLocalFileUnix.cpp), which is
    in turn used by nsLocalFile::GetDiskSpaceAvailable. With this in mind, it's not
    clear to me what the consequences of not letting Firefox access this information
    are. E.g. it may very well let the user start downloading a file that won't fit
    on disk.
    
    So, unless good reasons are provided for blocking access to this file, I'm
    allowing Firefox to read it.
---
 apparmor/torbrowser.Browser.firefox | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apparmor/torbrowser.Browser.firefox b/apparmor/torbrowser.Browser.firefox
index da90762..3e6e49e 100644
--- a/apparmor/torbrowser.Browser.firefox
+++ b/apparmor/torbrowser.Browser.firefox
@@ -21,13 +21,13 @@
   deny /etc/group r,
   deny /etc/mailcap r,
 
-  deny @{PROC}/[0-9]*/mountinfo r,
   deny @{PROC}/[0-9]*/task/** r,
   deny @{PROC}/[0-9]*/fd/ r,
 
   deny /etc/machine-id r,
   deny /var/lib/dbus/machine-id r,
 
+  @{PROC}/[0-9]*/mountinfo r,
   @{PROC}/[0-9]*/stat r,
   @{PROC}/[0-9]*/task/*/stat r,
   @{PROC}/sys/kernel/random/uuid r,

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/collab-maint/torbrowser-launcher.git