]> git.lizzy.rs Git - torbrowser-launcher.git/blobdiff - apparmor/torbrowser.Browser.firefox
projects / torbrowser-launcher.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
AppArmor: allow usage of cgroups
[torbrowser-launcher.git] / apparmor / torbrowser.Browser.firefox
diff --git a/apparmor/torbrowser.Browser.firefox b/apparmor/torbrowser.Browser.firefox
index 0dae62850857a9c72f3366c072e6bf241ee649ed..f5ddc4a5f85a634314e080e674ec9b89f854fa54 100644 (file)
--- a/apparmor/torbrowser.Browser.firefox
+++ b/apparmor/torbrowser.Browser.firefox
@@ -38,6 +38,7 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
   /dev/ r,
   /dev/shm/ r,
 
+  owner @{PROC}/@{pid}/cgroup r,
   owner @{PROC}/@{pid}/environ r,
   owner @{PROC}/@{pid}/fd/ r,
   owner @{PROC}/@{pid}/mountinfo r,
@@ -101,6 +102,7 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
   /sys/devices/system/cpu/present r,
   /sys/devices/system/node/ r,
   /sys/devices/system/node/node[0-9]*/meminfo r,
+  /sys/fs/cgroup/cpu,cpuacct/user.slice/cpu.cfs_quota_us r,
   deny /sys/devices/virtual/block/*/uevent r,
 
   # Should use abstractions/gstreamer instead once merged upstream
Securely and easily download, verify, install, and launch Tor Browser in Linux