Skip to content

Commit

Permalink
AppArmor: allow access to /sys/devices/system/node/node[0-9]*/meminfo.
Browse files Browse the repository at this point in the history 
abstractions/base allows access to /proc/meminfo already, so this doesn't leak
much more information. I can't be sure by looking at the code, but I would
not be surprised if Firefox needed more info about available memory
to manage it pool of content rendering processes, when e10s is enabled.
  • Loading branch information
@intrigeri
intrigeri committed Jun 16, 2017
1 parent dde0ffd commit bf59f7e
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions apparmor/torbrowser.Browser.firefox
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,8 @@

/sys/devices/system/cpu/ r,
/sys/devices/system/cpu/present r,
/sys/devices/system/node/ r,
/sys/devices/system/node/node[0-9]*/meminfo r,
deny /sys/devices/virtual/block/*/uevent r,

# Should use abstractions/gstreamer instead once merged upstream
Expand Down

0 comments on commit bf59f7e

Please sign in to comment.