torproject/torbrowser-launcher
1
0
Fork 0
mirror of https://github.com/torproject/torbrowser-launcher.git synced 2024-11-27 03:20:33 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

AppArmor: allow usage of cgroups

Browse Source 
Firefox uses cgroups to determine how many CPUs are available,
and gather other information it needs about the CPUs.

I did not investigate what are the consequences of Firefox
lacking this information. I suspect performance, and thus UX,
may be impacted.

closes #547
This commit is contained in:
intrigeri 2021-05-16 14:00:51 +00:00
parent 6d32fe1200
commit 12477d3d5c
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apparmor/torbrowser.Browser.firefox
View File

@ -38,6 +38,7 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
/dev/ r,
/dev/shm/ r,
owner @{PROC}/@{pid}/cgroup r,
owner @{PROC}/@{pid}/environ r,
owner @{PROC}/@{pid}/fd/ r,
owner @{PROC}/@{pid}/mountinfo r,
@ -101,6 +102,7 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
/sys/devices/system/cpu/present r,
/sys/devices/system/node/ r,
/sys/devices/system/node/node[0-9]*/meminfo r,
/sys/fs/cgroup/cpu,cpuacct/user.slice/cpu.cfs_quota_us r,
deny /sys/devices/virtual/block/*/uevent r,
# Should use abstractions/gstreamer instead once merged upstream