From 5789d97945e59dc6dd280bb9c0280b459a74146e Mon Sep 17 00:00:00 2001
From: glitsj16 <glitsj16@users.noreply.github.com>
Date: Mon, 15 Feb 2021 07:20:02 +0000
Subject: Allow access to torbrowser-launcher under ${HOME}

Follow up for https://github.com/netblue30/firejail/pull/3988. We need to allow access to torbrowser-launcher executables installed under ${HOME}. Thanks @rusty-snake and @Vincent43 for motivational input.
---
 etc/apparmor/firejail-default | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'etc/apparmor')

diff --git a/etc/apparmor/firejail-default b/etc/apparmor/firejail-default
index ec87f1d2d..ab11f429d 100644
--- a/etc/apparmor/firejail-default
+++ b/etc/apparmor/firejail-default
@@ -82,6 +82,9 @@ owner /proc/@{PID}/{uid_map,gid_map,setgroups} w,
 owner /proc/@{PID}/oom_score_adj w,
 owner /proc/@{PID}/clear_refs w,
 
+# Needed for torbrowser-launcher
+owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/** ix,
+
 ##########
 # Allow running programs only from well-known system directories. If you need
 # to run programs from your home directory, uncomment /home line.
-- 
cgit v1.2.3-54-g00ecf