Adapt AppArmor profile for Tor browser 13.0 #709
Merged
Commits on Sep 28, 2023
-
AppArmor: allow executing glxtest
This "Firefox OpenGL probe utility" was added in Tor Browser 13.
-
AppArmor: allow reading/writing to /proc/PID/oom_score_adj
Firefox adjusts the OOM scores of its processes so that if they are reaped they are killed in a sane order, e.g. the parent process last. Source: hal/linux/LinuxProcessPriority.cpp
-
AppArmor: give read access to proc info about which command the brows…
…er's threads use
-
AppArmor: silence denial of sys_ptrace capability
We already allow ptrace for its relevant subprocesses via ptrace rules, and I'm unsure if the full capability is really needed. I see lots of other profiles which have ptrace rules without the capability so I guess not. And I wonder if allowing the capability allows ptrace for arbitrary processes, which would be really bad. So let's assume it's not needed and we'll see what happens.
-
AppArmor: silence denial to read /sys/class/input/
It is unclear to me what this is about.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.