control: tags -1 +patch
On Fri, Jan 15, 2021 at 9:36 PM Paul Wise <p...@debian.org> wrote:
>
> Package: torbrowser-launcher
> Version: 0.3.3-3
> Severity: minor
> File: /etc/apparmor.d/torbrowser.Browser.firefox
> Usertags: warnings
>
> When I start torbrowser-launcher I get apparmor denials like the
> following. There don't appear to be any consequences for this denial,
> the Tor Browser window starts up and works just fine. Possibly the
> Firefox sandboxing uses this file but I'm not sure.
>
> Jan 15 20:22:03 audit[874474]: AVC apparmor="DENIED" operation="open"
> profile="torbrowser_firefox" name="/proc/874474/cgroup" pid=874474
> comm="firefox.real" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
Thanks for the report!
Enclose the patch I tested OK on my buster-backports system.
Cheers,
--
Roger Shimizu, GMT +9 Tokyo
PGP/GPG: 4096R/6C6ACD6417B3ACB1
From: Roger Shimizu <r...@debian.org>
Date: Sun, 25 Apr 2021 22:51:12 +0900
Subject: Update apparmor profile
Closes: #980155
---
apparmor/torbrowser.Browser.firefox | 2 ++
1 file changed, 2 insertions(+)
diff --git a/apparmor/torbrowser.Browser.firefox b/apparmor/torbrowser.Browser.firefox
index 57c0359..095b110 100644
--- a/apparmor/torbrowser.Browser.firefox
+++ b/apparmor/torbrowser.Browser.firefox
@@ -90,6 +90,7 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
/usr/share/gnome/applications/ r,
/usr/share/gnome/applications/kde4/ r,
/usr/share/poppler/cMap/ r,
+ /etc/xdg/mimeapps.list r,
# Distribution homepage
/usr/share/homepage/ r,
@@ -121,6 +122,7 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
deny @{HOME}/.cache/fontconfig/** rw,
deny @{HOME}/.config/gtk-2.0/ rw,
deny @{HOME}/.config/gtk-2.0/** rw,
+ deny @{PROC}/@{pid}/cgroup r,
deny @{PROC}/@{pid}/net/route r,
deny /sys/devices/system/cpu/cpufreq/policy[0-9]*/cpuinfo_max_freq r,
deny /sys/devices/system/cpu/*/cache/index[0-9]*/size r,
