Commits on Source (45)
-
intrigeri authored064ad1f7
-
intrigeri authored
We already allow the main browser profile to do that but with e10s plugin-container now needs it as well.
cdb290fe -
intrigeri authored
With e10s Firefox does not need to ptrace itself anymore but instead it needs to ptrace and kill its child plugin-container processes.
9c609476 -
intrigeri authored
We already allow Firefox to send term signals to plugin-container; this is the receiving counterpart. This requires giving the Firefox profile a proper name (torbrowser_firefox) because this: signal (receive) set=("term") peer=/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox … does not work. Note to package maintainers =========================== (This should probably be copied to the release notes.) Due to the profile renaming, upgrading the /etc/apparmor.d/torbrowser.Browser.firefox file requires special care. The best option is probably to strongly recommend users to reboot their system after this upgrade. Other options I can think of have unacceptable consequences: - if we unload the old profile from the kernel, we will leave any already running Tor Browser's Firefox executable unconfined, which is an unacceptable violation of the user's security expectations; - if we don't unload the old profile from the kernel, surprising behaviour will happen such as: - any already running Tor Browser's Firefox executable will be left confined under the old profile which won't play well with new rules that have peer=torbrowser_firefox; - unpredictable behavior when a new Tor Browser is started, because two profiles matching the Tor Browser's Firefox executable are loaded.
d62a692a -
intrigeri authoredf4093174
-
intrigeri authored
So far we allowed it to do everything in there except a link operation, so let's be consistent.
936aee55 -
intrigeri authored
We don't currently allow access to the audio subsystem; let's not let AppArmor spam the logs about it.
27289e19 -
intrigeri authored0109e95e
-
intrigeri authoredb1e082fe
-
intrigeri authoreda9bef63b
-
intrigeri authored
This will allow us to handle upgrades more nicely in the future, e.g. when the executable path changes. Besides, this makes the output of aa-status and logs much easier to grasp. Note to packagers: exactly as for the similar change applied to the Tor Browser's Firefox profile, please consider recommending users to reboot their system after the upgrade that applies this change.
33fd86fa -
intrigeri authored
This fixes support for obfs4 and obfs3. meek and fte require vastly more extended permissions and thus dedicated child profiles.
850d5606 -
intrigeri authored
This matches how recent dh-apparmor behaves.
91652b64 -
intrigeri authored
AppArmor profiles, 2018-01 edition
-
intrigeri authored
Otherwise, Tor Browser 8.0a9 crashes when clicking "Save Page As".
ad95bbda -
Kunitsyn Andrey Sergeevich authored35d08323
-
Ulrike Uhlig authored5648d7d8
-
Carl Joseph Hirner III authored
-
Carl Joseph Hirner III authored
-
intrigeri authored
At this point it seems unlikely that the develop branch will be released before Tor Browser 8.0 so here we go, let's get ready. Note that I could have written firefox{,.real} instead, to support both Tor Browser 7.5 and 8.0, but then we would have to open the profile more broadly so the new shell wrapper installed as "firefox" by Tor Browser 8.0a10 can do its job. This does not seem worth the hassle and will be fine as long as this new torbrowser-launcher is released approximately at the same time as, or after, Tor Browser 8.
a67f026c -
Roger Shimizu authored
Fix appamor profile to support Tor Browser 8.0a9 Closes: #908068
7ff9b5bd -
Roger Shimizu authored6e1b7e18
-
Roger Shimizu authored
* debian/source/lintian-overrides: - Rename from debian/source.lintian-overrides * debian/control: - Rename tag X-Python-Version to XS-Python-Version.
8b15bbd4 -
intrigeri authored
AppArmor: confine Firefox 60 "Web Content" processes under the torbrowser_plugin_container AppArmor profile.
678d0834 -
intrigeri authored45265423
-
intrigeri authoredeb328f2a
-
Roger Shimizu authored
3 commits to fix appamor profile for Web Content process. Closes: #908463
df0873bb -
Micah Lee authored
-
Micah Lee authored
-
-
Micah Lee authored
-
Micah Lee authored
-
-
Micah Lee authored
-
Micah Lee authored
-
Micah Lee authored
-
Roger Shimizu authored
rm_conffile appamor profile /etc/apparmor.d/local/*, which was removed since 0.2.9-2. Thanks to gregor herrmann for the fix.
d0deb2f9 -
Roger Shimizu authorede20c71d8
-
Roger Shimizu authoredc8628ea7
-
Roger Shimizu authorede92689e8
-
Roger Shimizu authored
Version 0.3.0
78b2fb37 -
Roger Shimizu authored
Upstreamed patches are removed.
6fb3fc08 -
Roger Shimizu authored
Since lintian says it's not necessary.
4c1f9370 -
Roger Shimizu authored04d9921f
File moved