AppArmor: give Tor Browser's Web Content process some more innocuous access it now...

author intrigeri <intrigeri@boum.org>

Mon, 10 Sep 2018 07:55:36 +0000 (07:55 +0000)

committer intrigeri <intrigeri@boum.org>

Mon, 10 Sep 2018 07:55:59 +0000 (07:55 +0000)
author intrigeri <intrigeri@boum.org>
Mon, 10 Sep 2018 07:55:36 +0000 (07:55 +0000)
committer intrigeri <intrigeri@boum.org>
Mon, 10 Sep 2018 07:55:59 +0000 (07:55 +0000)
diff --git a/apparmor/torbrowser.Browser.plugin-container b/apparmor/torbrowser.Browser.plugin-container

index c1c4ccb480b13a7891e7ef32ce5a87fca02ab7ac..ae2a9ba4dc3a4b47cbf4a6bee4aa02c3f1be827f 100644 (file)
--- a/apparmor/torbrowser.Browser.plugin-container
+++ b/apparmor/torbrowser.Browser.plugin-container
@@ -34,6 +34,7 @@ profile torbrowser_plugin_container {
  
    /dev/shm/ r,
  
+  owner @{PROC}/@{pid}/environ r,
    owner @{PROC}/@{pid}/fd/ r,
    owner @{PROC}/@{pid}/mountinfo r,
    owner @{PROC}/@{pid}/stat r,
@@ -51,6 +52,7 @@ profile torbrowser_plugin_container {
    owner @{torbrowser_home_dir}/browser/components/*.so mr,
    owner @{torbrowser_home_dir}/defaults/pref/     r,
    owner @{torbrowser_home_dir}/defaults/pref/*.js r,
+  owner @{torbrowser_home_dir}/dependentlibs.list r,
    owner @{torbrowser_home_dir}/fonts/   r,
    owner @{torbrowser_home_dir}/fonts/** r,
    owner @{torbrowser_home_dir}/omni.ja r,
author	intrigeri <intrigeri@boum.org>
	Mon, 10 Sep 2018 07:55:36 +0000 (07:55 +0000)
committer	intrigeri <intrigeri@boum.org>
	Mon, 10 Sep 2018 07:55:59 +0000 (07:55 +0000)