Merge pull request #469 from rogers0/PR/apparmor_meek

AppArmor: Support pluggable transports especially meek
2024-11-23 09:29:42 +00:00 · 2020-08-18 09:15:56 +00:00 · 2020-08-18 09:15:56 +00:00 · 0d2f14c71a
commit 0d2f14c71a
parent 6c9abd2eae 50e62ceccd
1 changed files with 4 additions and 0 deletions
--- a/apparmor/torbrowser.Tor.tor
+++ b/apparmor/torbrowser.Tor.tor
@ -24,6 +24,7 @@ profile torbrowser_tor @{torbrowser_tor_executable} {
  # Support some of the included pluggable transports
  owner @{torbrowser_home_dir}/TorBrowser/Tor/PluggableTransports/** rix,
  @{PROC}/sys/net/core/somaxconn r,
+  #include <abstractions/ssl_certs>

  # Silence file_inherit logs
  deny @{torbrowser_home_dir}/{browser/,}omni.ja r,
@ -31,6 +32,9 @@ profile torbrowser_tor @{torbrowser_tor_executable} {
  deny @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/.parentlock rw,
  deny @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/extensions/*.xpi r,
  deny @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/startupCache/* r,
+  # Silence logs from included pluggable transports
+  deny /etc/hosts r,
+  deny /etc/services r,

  @{PROC}/sys/kernel/random/uuid r,
  /sys/devices/system/cpu/ r,