AppArmor: drop the usr.bin.torbrowser-launcher profile.

It's been broken since years and shipped in complain mode since 26 months.
It's now obvious that nobody cares enough about this profile to maintain it,
so let's drop it to avoid polluting system logs with tons of AppArmor messages:
with Linux 4.14, starting Tor Browser once triggers 27k+ such messages.

diff --git a/apparmor/usr.bin.torbrowser-launcher b/apparmor/usr.bin.torbrowser-launcher
deleted file mode 100644 (file)
index 3875d1f..0000000
--- a/apparmor/usr.bin.torbrowser-launcher
+++ /dev/null
@@ -1,54 +0,0 @@
-# Last Modified: Thu Jan  2 15:12:38 2014
-#include <tunables/global>
-
-/usr/bin/torbrowser-launcher flags=(complain) {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
-  #include <abstractions/python>
-  #include <abstractions/consoles>
-  #include <abstractions/gnome>
-  #include <abstractions/fonts>
-  #include <abstractions/X>
-  #include <abstractions/audio>
-  #include <abstractions/freedesktop.org>
-
-  capability sys_ptrace,
-
-  # This script doesn't really need to read the interpreter that's running it.
-  deny /usr/bin/python{2,3}.[0-7]* r,
-
-  /{usr/,}bin/{dash,grep,ps} rix,
-  /dev/ r,
-  /etc/magic r,
-  @{HOME}/.config/torbrowser/ rw,
-  @{HOME}/.config/torbrowser/** mrwk,
-  @{HOME}/.cache/torbrowser/ rw,
-  @{HOME}/.cache/torbrowser/** mrwk,
-  @{HOME}/.local/share/torbrowser/ rw,
-  @{HOME}/.local/share/torbrowser/** mrwk,
-  @{HOME}/.local/share/torbrowser/gnupg_homedir/* l,
-  @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/start-tor-browser.desktop Ux,
-
-  @{PROC}/ r,
-  @{PROC}/[0-9]*/{cmdline,mountinfo,stat,status} r,
-  @{PROC}/[0-9]*/task/** r,
-  @{PROC}/sys/kernel/pid_max r,
-  @{PROC}/tty/drivers r,
-  @{PROC}/uptime r,
-  /usr/bin/ r,
-  /usr/bin/{gpg,dirname,expr,file,getconf,id} rix,
-  /usr/bin/torbrowser-launcher r,
-  /usr/share/file/magic.mgc r,
-  /usr/share/file/magic/ r,
-  /usr/share/themes/** r,
-  /usr/share/torbrowser-launcher/** r,
-
-  /usr/share/glib-2.0/schemas/gschemas.compiled r,
-  owner @{HOME}/.config/dconf/user r,
-  owner /{,var/}run/user/*/dconf/user rw,
-
-  # including abstractions/audio is not enough to play modem sound
-  /usr/bin/pulseaudio Pixr,
-
-  #include <local/usr.bin.torbrowser-launcher>
-}

diff --git a/setup.py b/setup.py
index b573069a2fdb937bbe89dbe8c4f5b5bea143f92e..f3e32098e788f83cecf76dc9f384370a3157f220 100644 (file)
--- a/setup.py
+++ b/setup.py
@@ -73,8 +73,7 @@ if distro != 'Ubuntu':
         # we're not in a virtualenv, so we can probably write to /etc
         datafiles += [('/etc/apparmor.d/', [
             'apparmor/torbrowser.Browser.firefox',
-            'apparmor/torbrowser.Tor.tor',
-            'apparmor/usr.bin.torbrowser-launcher'])]
+            'apparmor/torbrowser.Tor.tor'])]
 
 datafiles += [('/usr/share/locale/', create_mo_files())]