AppArmor: grant access to mostly innocuous stuff plugin-container tries to read.

Same rationale as commit 68f502c3fbb754742cd23967cf30038ff6ce799a.

diff --git a/apparmor/torbrowser.Browser.plugin-container b/apparmor/torbrowser.Browser.plugin-container
index 5fd3efac373ccd3a7df407fd602db6effb94f66d..4ee65ec6ccc132be31f5e89b6a0decc1bc9eb510 100644 (file)
--- a/apparmor/torbrowser.Browser.plugin-container
+++ b/apparmor/torbrowser.Browser.plugin-container
@@ -10,7 +10,6 @@ profile torbrowser_plugin_container {
   # bellow.
   # #include <abstractions/audio>
   # /etc/asound.conf r,
-  # owner @{PROC}/@{pid}/fd/ r,
   # owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/tmp/mozilla-temp-* rw,
 
   signal (receive) set=("term") peer=torbrowser_firefox,
@@ -29,6 +28,9 @@ profile torbrowser_plugin_container {
   /etc/mime.types r,
   /usr/share/applications/gnome-mimeapps.list r,
 
+  /dev/shm/ r,
+
+  owner @{PROC}/@{pid}/fd/ r,
   owner @{PROC}/@{pid}/mountinfo r,
   owner @{PROC}/@{pid}/stat r,
   owner @{PROC}/@{pid}/status r,