Allow torbrowser to access u2f devices

author Birger Schacht <birger@rantanplan.org>

Wed, 23 Oct 2019 17:47:55 +0000 (19:47 +0200)

committer Birger Schacht <birger@rantanplan.org>

Thu, 7 Nov 2019 11:51:04 +0000 (12:51 +0100)
author Birger Schacht <birger@rantanplan.org>
Wed, 23 Oct 2019 17:47:55 +0000 (19:47 +0200)
committer Birger Schacht <birger@rantanplan.org>
Thu, 7 Nov 2019 11:51:04 +0000 (12:51 +0100)
diff --git a/apparmor/torbrowser.Browser.firefox b/apparmor/torbrowser.Browser.firefox

index 42516b6d87b3a3b36d057bab9ec7ee0e56914107..c0673750e731f5f94949f43cd1c44255d14f530d 100644 (file)
--- a/apparmor/torbrowser.Browser.firefox
+++ b/apparmor/torbrowser.Browser.firefox
@@ -133,5 +133,14 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
    /etc/xfce4/defaults.list r,
    /usr/share/xfce4/applications/ r,
  
+  # u2f (tested with Yubikey 4)
+  /sys/class/ r,
+  /sys/bus/ r,
+  /sys/class/hidraw/ r,
+  /run/udev/data/c24{7,9}:* r,
+  /dev/hidraw* rw,
+  # Yubikey NEO also needs this:
+  /sys/devices/**/hidraw/hidraw*/uevent r,
+
    #include <local/torbrowser.Browser.firefox>
  }
author	Birger Schacht <birger@rantanplan.org>
	Wed, 23 Oct 2019 17:47:55 +0000 (19:47 +0200)
committer	Birger Schacht <birger@rantanplan.org>
	Thu, 7 Nov 2019 11:51:04 +0000 (12:51 +0100)