[Pkg-anonymity-tools] [torbrowser-launcher] 01/14: AppArmor: silence denied access to /sys/devices/virtual/block/*/uevent.
Ulrike Uhlig
u-guest at moszumanska.debian.org
Thu May 14 20:32:44 UTC 2015
This is an automated email from the git hooks/post-receive script.
u-guest pushed a commit to annotated tag debian/0.2.0-1
in repository torbrowser-launcher.
commit 83f749f0d753f1aa70e011f72071a3dd465fb8cf
Author: intrigeri <intrigeri at boum.org>
Date: Thu Jan 29 16:11:57 2015 +0000
AppArmor: silence denied access to /sys/devices/virtual/block/*/uevent.
I've not found any security-related usage of this kernel interface in the Tor
Browser source tree, and the browser seems to work just fine without having
access to it, so let's make AppArmor silently deny it.
Note that this doesn't change any existing behaviour: only logging is affected.
---
apparmor/torbrowser.Browser.firefox | 1 +
1 file changed, 1 insertion(+)
diff --git a/apparmor/torbrowser.Browser.firefox b/apparmor/torbrowser.Browser.firefox
index 0df7ad9..7e68a08 100644
--- a/apparmor/torbrowser.Browser.firefox
+++ b/apparmor/torbrowser.Browser.firefox
@@ -65,6 +65,7 @@
/sys/devices/system/cpu/ r,
/sys/devices/system/cpu/present r,
+ deny /sys/devices/virtual/block/*/uevent r,
# Should use abstractions/gstreamer instead once merged upstream
/etc/udev/udev.conf r,
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/collab-maint/torbrowser-launcher.git
More information about the Pkg-anonymity-tools
mailing list