#include <abstractions/X>
#include <abstractions/audio>
#include <abstractions/freedesktop.org>
-
+
capability sys_ptrace,
+ # This script doesn't really need to read the interpreter that's running it.
+ deny /usr/bin/python{2,3}.[0-7]* r,
+
/bin/{dash,grep,ps} rix,
/dev/ r,
/etc/magic r,
- @{HOME}/.torbrowser/ rw,
- @{HOME}/.torbrowser/** mrwk,
- @{HOME}/.torbrowser/gnupg_homedir/* l,
- @{HOME}/.torbrowser/tbb/{i686,x86_64}/tor-browser_*/start-tor-browser ux,
+ @{HOME}/.config/torbrowser/ rw,
+ @{HOME}/.config/torbrowser/** mrwk,
+ @{HOME}/.cache/torbrowser/ rw,
+ @{HOME}/.cache/torbrowser/** mrwk,
+ @{HOME}/.local/share/torbrowser/ rw,
+ @{HOME}/.local/share/torbrowser/** mrwk,
+ @{HOME}/.local/share/torbrowser/gnupg_homedir/* l,
+ @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/,}start-tor-browser Px,
+
@{PROC}/ r,
@{PROC}/[0-9]*/{cmdline,mountinfo,stat,status} r,
@{PROC}/[0-9]*/task/** r,
@{PROC}/uptime r,
/usr/bin/ r,
/usr/bin/{gpg,wmctrl,dirname,expr,file,getconf,id} rix,
- /usr/bin/torbrowser-launcher rux,
+ /usr/bin/torbrowser-launcher r,
/usr/share/file/magic.mgc r,
/usr/share/file/magic/ r,
/usr/share/themes/** r,
owner @{HOME}/.config/dconf/user r,
owner /{,var/}run/user/*/dconf/user rw,
+ # including abstractions/audio is not enough to play modem sound
+ /usr/bin/pulseaudio Pixr,
}
projects / torbrowser-launcher.git / blobdiff