AppArmor: silence sys_admin capability

author Jonas Witschel <diabonas@archlinux.org>

Sun, 12 Jul 2020 18:10:39 +0000 (20:10 +0200)

committer Jonas Witschel <diabonas@archlinux.org>

Tue, 18 Aug 2020 10:41:52 +0000 (12:41 +0200)
author Jonas Witschel <diabonas@archlinux.org>
Sun, 12 Jul 2020 18:10:39 +0000 (20:10 +0200)
committer Jonas Witschel <diabonas@archlinux.org>
Tue, 18 Aug 2020 10:41:52 +0000 (12:41 +0200)
diff --git a/apparmor/torbrowser.Browser.firefox b/apparmor/torbrowser.Browser.firefox

index ece31599564c6c73b5d9187424a689844cf72eab..4363cdfac0a2d021ff7c3f395022b5b30cf4509d 100644 (file)
--- a/apparmor/torbrowser.Browser.firefox
+++ b/apparmor/torbrowser.Browser.firefox
@@ -124,6 +124,7 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
    deny /sys/devices/system/cpu/*/cache/index[0-9]*/size r,
    deny /run/user/[0-9]*/dconf/user rw,
    deny /usr/bin/lsb_release x,
+  deny capability sys_admin,
  
    # Silence denial logs about PulseAudio
    deny /etc/pulse/client.conf r,
author	Jonas Witschel <diabonas@archlinux.org>
	Sun, 12 Jul 2020 18:10:39 +0000 (20:10 +0200)
committer	Jonas Witschel <diabonas@archlinux.org>
	Tue, 18 Aug 2020 10:41:52 +0000 (12:41 +0200)