torproject/torbrowser-launcher
1
0
Fork 0
mirror of https://github.com/torproject/torbrowser-launcher.git synced 2025-02-10 02:32:31 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Stop confining start-tor-browser script with AppArmor, and fix profiles to work with TBB 4.5+ (#181)

Browse Source
This commit is contained in:
Micah Lee 2015-05-19 13:05:00 -07:00
parent 0d17b768b3
commit 39901c6ddc
4 changed files with 10 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
apparmor/torbrowser.Browser.firefox
View File

@ -43,14 +43,15 @@
owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/components/*.so mr,
owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/browser/components/*.so mr,
owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox rix,
owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Data/Browser/profiles.ini r,
owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Data/Browser/profile.default/ r,
owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Data/Browser/profile.default/** rwk,
owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Tor/tor Px,
owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/,}Desktop/ rw,
owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/,}Desktop/** rwk,
owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/,}Downloads/ rw,
owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/,}Downloads/** rwk,
owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Data/Browser/profiles.ini r,
owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Data/Browser/profile.default/ r,
owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Data/Browser/profile.default/** rwk,
owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Tor/tor Px,
owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Tor/libstdc++.so.6 m,
owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/Desktop/ rw,
owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/Desktop/** rwk,
owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/Downloads/ rw,
owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/Downloads/** rwk,
/etc/mailcap r,
/etc/mime.types r,

53
apparmor/torbrowser.start-tor-browser
View File

@ -1,53 +0,0 @@
#include <tunables/global>
/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/,}start-tor-browser {
#include <abstractions/base>
#include <abstractions/bash>
#include <abstractions/fonts>
#include <abstractions/freedesktop.org>
capability sys_ptrace,
/bin/cat rix,
/bin/bash r,
/bin/dash rix,
/bin/grep rix,
/bin/ln rix,
/bin/mkdir rix,
/bin/ps rix,
/bin/readlink ix,
/bin/sed rix,
/dev/pts/[0-9]* rw,
/dev/tty rw,
/etc/magic r,
owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/.config/ w,
owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/.config/ibus/ w,
owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/.config/ibus/bus w,
owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox Px,
owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Tor/tor r,
owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/,}start-tor-browser r,
@{PROC}/ r,
@{PROC}/[0-9]*/status r,
@{PROC}/[0-9]*/stat r,
@{PROC}/[0-9]*/cmdline r,
@{PROC}/meminfo r,
@{PROC}/sys/kernel/pid_max r,
@{PROC}/tty/drivers r,
@{PROC}/uptime r,
/{,var/}run/utmp r,
/dev/ptmx rw,
/usr/bin/dirname rix,
/usr/bin/expr rix,
/usr/bin/file rix,
/usr/bin/getconf rix,
/usr/bin/id rix,
/usr/bin/ldd rix,
/usr/bin/realpath ix,
/usr/bin/zenity ix,
/usr/lib{,32,64}/** mr,
/usr/share/file/magic.mgc r,
/usr/share/file/magic/ r,
/usr/share/zenity/zenity.ui r,
}

2
apparmor/usr.bin.torbrowser-launcher
View File

@ -27,7 +27,7 @@
@{HOME}/.local/share/torbrowser/ rw,
@{HOME}/.local/share/torbrowser/** mrwk,
@{HOME}/.local/share/torbrowser/gnupg_homedir/* l,
@{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/,}start-tor-browser Px,
@{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/start-tor-browser.desktop Ux,
@{PROC}/ r,
@{PROC}/[0-9]*/{cmdline,mountinfo,stat,status} r,

1
setup.py
View File

@ -54,7 +54,6 @@ if distro != 'Ubuntu':
# we're not in a virtualenv, so we can probably write to /etc
datafiles += [('/etc/apparmor.d/', [
'apparmor/torbrowser.Browser.firefox',
'apparmor/torbrowser.start-tor-browser',
'apparmor/torbrowser.Tor.tor',
'apparmor/usr.bin.torbrowser-launcher'])]