diff options
author | glitsj16 <glitsj16@users.noreply.github.com> | 2021-02-16 21:34:08 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-02-16 21:34:08 +0000 |
commit | 9ce83f713ad527a1d487d9febe38f25a119ea47c (patch) | |
tree | 64e6e41c65b3e6669654c1bdecb3366f44b6c681 | |
parent | chroot: disable/enable x11 handling at compile time (diff) | |
parent | adapt to apparmor being opt-in for torbrowser-launcher (diff) | |
download | firejail-9ce83f713ad527a1d487d9febe38f25a119ea47c.tar.gz firejail-9ce83f713ad527a1d487d9febe38f25a119ea47c.tar.zst firejail-9ce83f713ad527a1d487d9febe38f25a119ea47c.zip |
Merge pull request #3990 from glitsj16/torbrowser
Follow-up fixes for torbrowser-launcher
-rw-r--r-- | etc/apparmor/firejail-local | 3 | ||||
-rw-r--r-- | etc/profile-m-z/start-tor-browser.desktop.profile | 5 | ||||
-rw-r--r-- | etc/profile-m-z/start-tor-browser.profile | 3 | ||||
-rw-r--r-- | etc/profile-m-z/torbrowser-launcher.profile | 5 |
4 files changed, 10 insertions, 6 deletions
diff --git a/etc/apparmor/firejail-local b/etc/apparmor/firejail-local index f086653f8..893a1ce46 100644 --- a/etc/apparmor/firejail-local +++ b/etc/apparmor/firejail-local | |||
@@ -1,2 +1,5 @@ | |||
1 | # Site-specific additions and overrides for 'firejail-default'. | 1 | # Site-specific additions and overrides for 'firejail-default'. |
2 | # For more details, please see /etc/apparmor.d/local/README. | 2 | # For more details, please see /etc/apparmor.d/local/README. |
3 | |||
4 | # Uncomment to opt-in to apparmor for torbrowser-launcher | ||
5 | #owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/** ix, | ||
diff --git a/etc/profile-m-z/start-tor-browser.desktop.profile b/etc/profile-m-z/start-tor-browser.desktop.profile index 7367d906e..2f73c9fee 100644 --- a/etc/profile-m-z/start-tor-browser.desktop.profile +++ b/etc/profile-m-z/start-tor-browser.desktop.profile | |||
@@ -4,7 +4,7 @@ | |||
4 | include start-tor-browser.desktop.local | 4 | include start-tor-browser.desktop.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | # added by included profile | 6 | # added by included profile |
7 | include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser* | 9 | noblacklist ${HOME}/.tor-browser* |
10 | 10 | ||
@@ -72,8 +72,5 @@ whitelist ${HOME}/.tor-browser_vi | |||
72 | whitelist ${HOME}/.tor-browser_zh-CN | 72 | whitelist ${HOME}/.tor-browser_zh-CN |
73 | whitelist ${HOME}/.tor-browser_zh-TW | 73 | whitelist ${HOME}/.tor-browser_zh-TW |
74 | 74 | ||
75 | # Ignoring apparmor, tor browser is installed in user home directory using the binary archive distributed by Tor Foundation | ||
76 | ignore apparmor | ||
77 | |||
78 | # Redirect | 75 | # Redirect |
79 | include torbrowser-launcher.profile | 76 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/start-tor-browser.profile b/etc/profile-m-z/start-tor-browser.profile index b5c4d211e..17ceedee7 100644 --- a/etc/profile-m-z/start-tor-browser.profile +++ b/etc/profile-m-z/start-tor-browser.profile | |||
@@ -3,7 +3,8 @@ | |||
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include start-tor-browser.local | 4 | include start-tor-browser.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | # added by included profile |
7 | #include globals.local | ||
7 | 8 | ||
8 | # Redirect | 9 | # Redirect |
9 | include start-tor-browser.desktop.profile | 10 | include start-tor-browser.desktop.profile |
diff --git a/etc/profile-m-z/torbrowser-launcher.profile b/etc/profile-m-z/torbrowser-launcher.profile index eb90f0030..1045fa02a 100644 --- a/etc/profile-m-z/torbrowser-launcher.profile +++ b/etc/profile-m-z/torbrowser-launcher.profile | |||
@@ -31,7 +31,10 @@ whitelist ${HOME}/.local/share/torbrowser | |||
31 | include whitelist-common.inc | 31 | include whitelist-common.inc |
32 | include whitelist-var-common.inc | 32 | include whitelist-var-common.inc |
33 | 33 | ||
34 | apparmor | 34 | # Uncomment the line below or put 'apparmor' in your torbrowser-launcher.local. |
35 | # IMPORTANT: the relevant rule in /etc/apparmor.d/local/firejail-default will need | ||
36 | # to be uncommented too for this to work as expected. | ||
37 | #apparmor | ||
35 | caps.drop all | 38 | caps.drop all |
36 | netfilter | 39 | netfilter |
37 | nodvd | 40 | nodvd |