]> git.lizzy.rs Git - torbrowser-launcher.git/blob - apparmor/torbrowser.Browser.firefox
projects / torbrowser-launcher.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
added <abstractions/gnome> back into torbrowser.Browser.firefox AppArmor profile...
[torbrowser-launcher.git] / apparmor / torbrowser.Browser.firefox
1 #include <tunables/global>
2
3 /home/*/.torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox {
4   #include <abstractions/gnome>
5
6   network tcp,
7
8   deny /etc/host.conf r,
9   deny /etc/hosts r,
10   deny /etc/nsswitch.conf r,
11   deny /etc/resolv.conf r,
12   deny @{PROC}/[0-9]*/mountinfo r,
13   deny @{HOME}/.config/user-dirs.dirs r,
14   deny @{HOME}/.gtk-bookmarks r,
15   deny @{HOME}/.local/share/recently-used.xbel* rw,
16
17   /bin/dash rix,
18   /etc/mailcap r,
19   /etc/mime.types r,
20   /etc/passwd r,
21   owner @{HOME}/.torbrowser/tbb/{i686,x86_64}/tor-browser_*/ r,
22   owner @{HOME}/.torbrowser/tbb/{i686,x86_64}/tor-browser_*/.fontconfig/ rw,
23   owner @{HOME}/.torbrowser/tbb/{i686,x86_64}/tor-browser_*/.fontconfig/** mrwl,
24   owner @{HOME}/.torbrowser/tbb/{i686,x86_64}/tor-browser_*/.gnome2{,_private}/ w,
25   owner @{HOME}/.torbrowser/tbb/{i686,x86_64}/tor-browser_*/.gnome2{,_private}/** w,
26   owner @{HOME}/.torbrowser/tbb/{i686,x86_64}/tor-browser_*/.mozilla/ w,
27   owner @{HOME}/.torbrowser/tbb/{i686,x86_64}/tor-browser_*/.mozilla/*/ w,
28   owner @{HOME}/.torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/** r,
29   owner @{HOME}/.torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/*.so mr,
30   owner @{HOME}/.torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/browser/components/*.so mr,
31   owner @{HOME}/.torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/components/*.so mr,
32   owner @{HOME}/.torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox rix,
33   owner @{HOME}/.torbrowser/tbb/{i686,x86_64}/tor-browser_*/Data/Browser/ r,
34   owner @{HOME}/.torbrowser/tbb/{i686,x86_64}/tor-browser_*/Data/Browser/** rwk,
35   owner @{HOME}/.torbrowser/tbb/{i686,x86_64}/tor-browser_*/Desktop/ rw,
36   owner @{HOME}/.torbrowser/tbb/{i686,x86_64}/tor-browser_*/Desktop/** rw,
37   owner @{HOME}/.torbrowser/tbb/{i686,x86_64}/tor-browser_*/Downloads/ rw,
38   owner @{HOME}/.torbrowser/tbb/{i686,x86_64}/tor-browser_*/Downloads/** rw,
39   owner @{HOME}/.torbrowser/tbb/{i686,x86_64}/tor-browser_*/Tor/tor Px,
40   owner @{HOME}/.torbrowser/tbb/{i686,x86_64}/tor-browser_*/Tor/*.so.* mr,
41   /sys/devices/system/cpu/ r,
42   /sys/devices/system/cpu/present r,
43   /tmp/.X[0-9]*-lock r,
44   /usr/share/ r,
45   /usr/share/mime/ r,
46   owner @{HOME}/.icons/** r,
47   @{PROC}/[0-9]*/fd/ r,
48   @{PROC}/[0-9]*/stat r,
49   @{PROC}/[0-9]*/task/*/stat r,
50
51   #dbus,
52
53   /usr/share/glib-2.0/schemas/gschemas.compiled r,
54   owner /{,var/}run/user/*/dconf/user rw,
55
56   /usr/share/gnome/applications/ r,
57   /usr/share/gnome/applications/kde4/ r,
58   /usr/share/applications/kde4/ r,
59   /usr/share/applications/kde/ r,
60
61   # Should use abstractions/gstreamer instead once merged upstream
62   /etc/udev/udev.conf r,
63   /run/udev/data/+pci:* r,
64   /sys/devices/pci[0-9]*/**/uevent r,
65   owner /{dev,run}/shm/shmfd-* rw,
66 }
Securely and easily download, verify, install, and launch Tor Browser in Linux