]> git.lizzy.rs Git - torbrowser-launcher.git/blobdiff - apparmor/torbrowser.Browser.firefox
projects / torbrowser-launcher.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
AppArmor: silence sys_admin capability
[torbrowser-launcher.git] / apparmor / torbrowser.Browser.firefox
diff --git a/apparmor/torbrowser.Browser.firefox b/apparmor/torbrowser.Browser.firefox
index ece31599564c6c73b5d9187424a689844cf72eab..4363cdfac0a2d021ff7c3f395022b5b30cf4509d 100644 (file)
--- a/apparmor/torbrowser.Browser.firefox
+++ b/apparmor/torbrowser.Browser.firefox
@@ -124,6 +124,7 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
   deny /sys/devices/system/cpu/*/cache/index[0-9]*/size r,
   deny /run/user/[0-9]*/dconf/user rw,
   deny /usr/bin/lsb_release x,
+  deny capability sys_admin,
 
   # Silence denial logs about PulseAudio
   deny /etc/pulse/client.conf r,
Securely and easily download, verify, install, and launch Tor Browser in Linux