Skip to content

Commit

Permalink
Merge pull request #469 from rogers0/PR/apparmor_meek
Browse files Browse the repository at this point in the history 
AppArmor: Support pluggable transports especially meek
  • Loading branch information
@intrigeri
intrigeri committed Aug 18, 2020
2 parents 6c9abd2 + 50e62ce commit 0d2f14c
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions apparmor/torbrowser.Tor.tor
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,13 +24,17 @@ profile torbrowser_tor @{torbrowser_tor_executable} {
# Support some of the included pluggable transports
owner @{torbrowser_home_dir}/TorBrowser/Tor/PluggableTransports/** rix,
@{PROC}/sys/net/core/somaxconn r,
#include <abstractions/ssl_certs>

# Silence file_inherit logs
deny @{torbrowser_home_dir}/{browser/,}omni.ja r,
deny @{torbrowser_home_dir}/{browser/,}features/*.xpi r,
deny @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/.parentlock rw,
deny @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/extensions/*.xpi r,
deny @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/startupCache/* r,
# Silence logs from included pluggable transports
deny /etc/hosts r,
deny /etc/services r,

@{PROC}/sys/kernel/random/uuid r,
/sys/devices/system/cpu/ r,
Expand Down

0 comments on commit 0d2f14c

Please sign in to comment.