torproject/torbrowser-launcher
1
0
Fork 0
mirror of https://github.com/torproject/torbrowser-launcher.git synced 2024-11-27 03:20:33 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

apparmor: Tighten the /proc rules

Browse Source 
This prevents firefox from learning about other processes.
No actual security gain is expected.
This commit is contained in:
Nicolas Braud-Santoni 2016-06-28 01:05:43 +02:00
parent fefc2c1c38
commit 6a2daf51cb
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
apparmor/torbrowser.Browser.firefox
View File

@ -28,9 +28,9 @@
deny /etc/machine-id r,
deny /var/lib/dbus/machine-id r,
@{PROC}/[0-9]*/mountinfo r,
@{PROC}/[0-9]*/stat r,
@{PROC}/[0-9]*/task/*/stat r,
owner @{PROC}/[0-9]*/mountinfo r,
owner @{PROC}/[0-9]*/stat r,
owner @{PROC}/[0-9]*/task/*/stat r,
@{PROC}/sys/kernel/random/uuid r,
owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/ r,