Skip to content
Permalink
Browse files

AppArmor: grant permissions needed for audio support.

It's 2019. Users want to watch videos in Tor Browser. Having to edit files and
run commands as root is not a realistic expectation for Tor Browser users.
  • Loading branch information...
intrigeri committed Mar 31, 2019
1 parent 8a02a09 commit aab280fec0bdca54dd066c588693edac443e537d
Showing with 5 additions and 11 deletions.
  1. +5 −11 apparmor/torbrowser.Browser.firefox
@@ -4,22 +4,16 @@
@{torbrowser_firefox_executable} = /home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox.real

profile torbrowser_firefox @{torbrowser_firefox_executable} {
#include <abstractions/audio>
#include <abstractions/gnome>

# Uncomment the following lines if you want to give the Tor Browser read-write
# access to most of your personal files.
# #include <abstractions/user-download>
# @{HOME}/ r,

# Uncomment the following lines if you want Tor Browser
# to have direct access to your sound hardware. You will also
# need to remove, further bellow:
# - the "deny" word in the machine-id lines
# - the rules that deny reading /etc/pulse/client.conf
# and executing /usr/bin/pulseaudio
# #include <abstractions/audio>
# /etc/asound.conf r,
# owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/tmp/mozilla-temp-* rw,
# Audio support
/{,usr/}bin/pulseaudio Pixr,

#dbus,
network netlink raw,
@@ -36,8 +30,8 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
deny /etc/group r,
deny /etc/mailcap r,

deny /etc/machine-id r,
deny /var/lib/dbus/machine-id r,
/etc/machine-id r,
/var/lib/dbus/machine-id r,

/dev/ r,
/dev/shm/ r,

0 comments on commit aab280f

Please sign in to comment.
You can’t perform that action at this time.