control: tags -1 +patch Dear intrigeri,
On Tue, Feb 4, 2020 at 2:29 AM Roger Shimizu <r...@debian.org> wrote: > > Now I can only see the appamor error log for lsb_release: > > audit: type=1400 audit(1580483233.981:104): apparmor="DENIED" > operation="exec" profile="torbrowser_firefox" name= > "/usr/bin/lsb_release" pid=29898 comm="firefox.real" > requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 > > but TB starts successfully. so it seems no harm. could you kindly review the patch enclosed? thank you! -- Roger Shimizu, GMT +9 Tokyo PGP/GPG: 4096R/6C6ACD6417B3ACB1
From c08280a8bd7cb0bd548a38acd9326e8647d00db8 Mon Sep 17 00:00:00 2001 From: Roger Shimizu <r...@debian.org> Date: Sun, 12 Apr 2020 16:02:51 +0900 Subject: [PATCH] Silence the deny apparmor log from lsb_release This resolves debian bug: https://bugs.debian.org/913104 --- apparmor/torbrowser.Browser.firefox | 1 + 1 file changed, 1 insertion(+) diff --git apparmor/torbrowser.Browser.firefox apparmor/torbrowser.Browser.firefox index 1266476..e7ebddc 100644 --- apparmor/torbrowser.Browser.firefox +++ apparmor/torbrowser.Browser.firefox @@ -122,6 +122,7 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} { deny /sys/devices/system/cpu/cpufreq/policy[0-9]*/cpuinfo_max_freq r, deny /sys/devices/system/cpu/*/cache/index[0-9]*/size r, deny /run/user/[0-9]*/dconf/user rw, + deny /usr/bin/lsb_release x, # Silence denial logs about PulseAudio deny /etc/pulse/client.conf r, -- 2.20.1
