Allow access to torbrowser-launcher under ${HOME}

Follow up for https://github.com/netblue30/firejail/pull/3988. We need to allow access to torbrowser-launcher executables installed under ${HOME}. Thanks @rusty-snake and @Vincent43 for motivational input.
author: glitsj16 <glitsj16@users.noreply.github.com> 2021-02-15 07:20:02 +0000
committer: GitHub <noreply@github.com> 2021-02-15 07:20:02 +0000
commit: 5789d97945e59dc6dd280bb9c0280b459a74146e (patch)
tree: 7e2a347baba4d4494c4b2d82800e1d148cbebe1d /etc/apparmor
parent: Merge branch 'master' of https://github.com/netblue30/firejail (diff)
download: firejail-5789d97945e59dc6dd280bb9c0280b459a74146e.tar.gz
firejail-5789d97945e59dc6dd280bb9c0280b459a74146e.tar.zst
firejail-5789d97945e59dc6dd280bb9c0280b459a74146e.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/etc/apparmor/firejail-default b/etc/apparmor/firejail-default
index ec87f1d2d..ab11f429d 100644
--- a/etc/apparmor/firejail-default
+++ b/etc/apparmor/firejail-default
@@ -82,6 +82,9 @@ owner /proc/@{PID}/{uid_map,gid_map,setgroups} w,
 owner /proc/@{PID}/oom_score_adj w,
 owner /proc/@{PID}/clear_refs w,
+# Needed for torbrowser-launcher
+owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/** ix,
 ##########
 # Allow running programs only from well-known system directories. If you need
 # to run programs from your home directory, uncomment /home line.
author	glitsj16 <glitsj16@users.noreply.github.com>	2021-02-15 07:20:02 +0000
committer	GitHub <noreply@github.com>	2021-02-15 07:20:02 +0000
commit	5789d97945e59dc6dd280bb9c0280b459a74146e (patch)
tree	7e2a347baba4d4494c4b2d82800e1d148cbebe1d /etc/apparmor
parent	Merge branch 'master' of https://github.com/netblue30/firejail (diff)
download	firejail-5789d97945e59dc6dd280bb9c0280b459a74146e.tar.gz firejail-5789d97945e59dc6dd280bb9c0280b459a74146e.tar.zst firejail-5789d97945e59dc6dd280bb9c0280b459a74146e.zip

diff --git a/etc/apparmor/firejail-default b/etc/apparmor/firejail-default index ec87f1d2d..ab11f429d 100644 --- a/etc/apparmor/firejail-default +++ b/etc/apparmor/firejail-default
@@ -82,6 +82,9 @@ owner /proc/@{PID}/{uid_map,gid_map,setgroups} w,
82	owner /proc/@{PID}/oom_score_adj w,	82	owner /proc/@{PID}/oom_score_adj w,
83	owner /proc/@{PID}/clear_refs w,	83	owner /proc/@{PID}/clear_refs w,
84		84
		85	# Needed for torbrowser-launcher
		86	owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_/Browser/* ix,
		87
85	##########	88	##########
86	# Allow running programs only from well-known system directories. If you need	89	# Allow running programs only from well-known system directories. If you need
87	# to run programs from your home directory, uncomment /home line.	90	# to run programs from your home directory, uncomment /home line.