/etc/resolv.conf r,
owner @{torbrowser_home_dir}/TorBrowser/Tor/tor mr,
owner @{torbrowser_home_dir}/TorBrowser/Data/Tor/ rw,
- owner @{torbrowser_home_dir}/TorBrowser/Data/Tor/* rw,
+ owner @{torbrowser_home_dir}/TorBrowser/Data/Tor/** rw,
owner @{torbrowser_home_dir}/TorBrowser/Data/Tor/lock rwk,
owner @{torbrowser_home_dir}/TorBrowser/Tor/*.so mr,
owner @{torbrowser_home_dir}/TorBrowser/Tor/*.so.* mr,
+ # Support some of the included pluggable transports
+ owner @{torbrowser_home_dir}/TorBrowser/Tor/PluggableTransports/** rix,
+ @{PROC}/sys/net/core/somaxconn r,
+ #include <abstractions/ssl_certs>
+
# Silence file_inherit logs
deny @{torbrowser_home_dir}/{browser/,}omni.ja r,
deny @{torbrowser_home_dir}/{browser/,}features/*.xpi r,
deny @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/.parentlock rw,
deny @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/extensions/*.xpi r,
deny @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/startupCache/* r,
+ # Silence logs from included pluggable transports
+ deny /etc/hosts r,
+ deny /etc/services r,
@{PROC}/sys/kernel/random/uuid r,
/sys/devices/system/cpu/ r,