boklm pushed to branch main at The Tor Project / Applications / torbrowser-launcher

Commits: 6ec48451 by Fei1Yang at 2023-09-21T08:40:50+00:00 Fix path variables in AppArmor profile

- - - - - 629493a6 by anonym at 2023-09-28T15:06:51+02:00 AppArmor: allow executing glxtest

This "Firefox OpenGL probe utility" was added in Tor Browser 13.

- - - - - 41f20588 by anonym at 2023-09-28T15:07:16+02:00 AppArmor: allow reading/writing to /proc/PID/oom_score_adj

Firefox adjusts the OOM scores of its processes so that if they are reaped they are killed in a sane order, e.g. the parent process last.

Source: hal/linux/LinuxProcessPriority.cpp

- - - - - b257da03 by anonym at 2023-09-28T15:08:01+02:00 AppArmor: give read access to proc info about which command the browser's threads use

- - - - - 29e1fe41 by anonym at 2023-09-28T15:08:17+02:00 AppArmor: silence denial of sys_ptrace capability

We already allow ptrace for its relevant subprocesses via ptrace rules, and I'm unsure if the full capability is really needed. I see lots of other profiles which have ptrace rules without the capability so I guess not. And I wonder if allowing the capability allows ptrace for arbitrary processes, which would be really bad.

So let's assume it's not needed and we'll see what happens.

- - - - - b80e0078 by anonym at 2023-09-28T15:08:58+02:00 AppArmor: silence denial to read /sys/class/input/

It is unclear to me what this is about.

- - - - - 25ebbe67 by intrigeri at 2023-10-04T11:13:50+02:00 Merge pull request #702 from Fei1Yang/apparmor-path

Fix path variables in AppArmor profile - - - - - 4652b442 by intrigeri at 2023-10-04T11:25:46+02:00 Merge pull request #709 from anonym/tor-browser-13.0

Adapt AppArmor profile for Tor browser 13.0 - - - - -

3 changed files:

- apparmor/torbrowser.Browser.firefox - apparmor/torbrowser.Tor.tor - apparmor/tunables/torbrowser

Changes:

===================================== apparmor/torbrowser.Browser.firefox ===================================== @@ -1,7 +1,7 @@ #include <tunables/global> #include <tunables/torbrowser>

-@{torbrowser_firefox_executable} = /home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox.real +@{torbrowser_firefox_executable} = /home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser/Browser/firefox.real

profile torbrowser_firefox @{torbrowser_firefox_executable} { #include <abstractions/audio> @@ -12,6 +12,8 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} { #include <abstractions/opencl> #include if exists <abstractions/vulkan>

+ deny capability sys_ptrace, + # Uncomment the following lines if you want to give the Tor Browser read-write # access to most of your personal files. # #include <abstractions/user-download> @@ -46,10 +48,13 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} { owner @{PROC}/@{pid}/environ r, owner @{PROC}/@{pid}/fd/ r, owner @{PROC}/@{pid}/mountinfo r, + owner @{PROC}/@{pid}/oom_score_adj rw, owner @{PROC}/@{pid}/smaps r, owner @{PROC}/@{pid}/stat r, owner @{PROC}/@{pid}/statm r, owner @{PROC}/@{pid}/status r, + owner @{PROC}/@{pid}/task/ r, + owner @{PROC}/@{pid}/task/*/comm r, owner @{PROC}/@{pid}/task/*/stat r, @{PROC}/sys/kernel/random/uuid r,

@@ -70,6 +75,7 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} { owner @{torbrowser_home_dir}/Downloads/ rwk, owner @{torbrowser_home_dir}/Downloads/** rwk, owner @{torbrowser_home_dir}/firefox rix, + owner @{torbrowser_home_dir}/glxtest ix, owner @{torbrowser_home_dir}/{,TorBrowser/UpdateInfo/}updates/[0-9]*/* rw, owner @{torbrowser_home_dir}/{,TorBrowser/UpdateInfo/}updates/[0-9]*/{,MozUpdater/bgupdate/}updater ix, owner @{torbrowser_home_dir}/updater ix, @@ -111,6 +117,7 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} { /sys/devices/system/node/ r, /sys/devices/system/node/node[0-9]*/meminfo r, /sys/fs/cgroup/cpu,cpuacct/{,user.slice/}cpu.cfs_quota_us r, + deny /sys/class/input/ r, deny /sys/devices/virtual/block/*/uevent r,

# Should use abstractions/gstreamer instead once merged upstream

===================================== apparmor/torbrowser.Tor.tor ===================================== @@ -1,7 +1,7 @@ #include <tunables/global> #include <tunables/torbrowser>

-@{torbrowser_tor_executable} = /home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Tor/tor +@{torbrowser_tor_executable} = /home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser/Browser/TorBrowser/Tor/tor

profile torbrowser_tor @{torbrowser_tor_executable} { #include <abstractions/base>

===================================== apparmor/tunables/torbrowser ===================================== @@ -1,2 +1,2 @@ -@{torbrowser_installation_dir}=@{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_* +@{torbrowser_installation_dir}=@{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser @{torbrowser_home_dir}=@{torbrowser_installation_dir}/Browser

View it on GitLab: https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/-/compare...