[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [Git][tpo/applications/torbrowser-launcher][main] 3 commits: AppArmor: generalize rule

To: tor-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [Git][tpo/applications/torbrowser-launcher][main] 3 commits: AppArmor: generalize rule
From: "asciiwolf (@asciiwolf) via tor-commits" <tor-commits@xxxxxxxxxxxxxxxxxxxx>
Date: Sat, 28 Feb 2026 20:02:12 +0000
Auto-submitted: auto-generated
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
Reply-to: noreply@xxxxxxxxxxxxxx, "asciiwolf (@asciiwolf)" <git@xxxxxxxxxxxxxxxxxxxxx>

Title: GitLab

 asciiwolf pushed to branch main at The Tor Project / Applications / torbrowser-launcher


Commits:



7ff7c438

 by intrigeri   at 2026-02-17T13:38:00+00:00 

AppArmor: generalize rule

The auto-generated app name varies across GNOME (and perhaps systemd) versions,
let's simplify and allow read access to `cpu.max` everywhere relevant.



ab081741

 by intrigeri   at 2026-02-17T13:38:59+00:00 

AppArmor: allow newly needed access

Sadly, I could not figure out which code needs this.
But it seems pretty harmless.



4bfb2021

 by asciiwolf   at 2026-02-28T20:02:09+00:00 

Merge branch 'apparmor-fixes-2026-02-edition' into 'main'

AppArmor: fixes for recent Debian sid

See merge request tpo/applications/torbrowser-launcher!43



1 changed file:




apparmor/torbrowser.Browser.firefox




Changes:


apparmor/torbrowser.Browser.firefox



...
...
@@ -124,10 +124,11 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {



124


124

   @{sys}/devices/pci[0-9]*/**/irq r,




125


125

   /sys/devices/system/cpu/ r,




126


126

   /sys/devices/system/cpu/present r,




 


127

+  @{sys}/devices/system/cpu/cpu[0-9]*/cpu_capacity r,




127


128

   /sys/devices/system/node/ r,




128


129

   /sys/devices/system/node/node[0-9]*/meminfo r,




129


130

   /sys/fs/cgroup/cpu,cpuacct/{,user.slice/}cpu.cfs_quota_us r,




130


 

-  /sys/fs/cgroup/user.slice/user-[0-9]*.slice/user@[0-9]*.service/app.slice/app-gnome-torbrowser-[0-9]*.scope/cpu.max r,




 


131

+  @{sys}/fs/cgroup/**/cpu.max r,




131


132

   deny /sys/class/input/ r,




132


133

   deny /sys/devices/virtual/block/*/uevent r,




133


134

 











—


View it on GitLab.


You're receiving this email because of your account on gitlab.torproject.org. Manage all notifications · Help

Notification message regarding https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/-/compare/7f2f9441081d84048464f5d796fecc43117d8c74...4bfb202164808a760c973228e72570fec0db23f7 at 1772308932
@@ -124,10 +124,11 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
    @{sys}/devices/pci[0-9]*/**/irq r,
    /sys/devices/system/cpu/ r,
    /sys/devices/system/cpu/present r,
 +  @{sys}/devices/system/cpu/cpu[0-9]*/cpu_capacity r,
    /sys/devices/system/node/ r,
    /sys/devices/system/node/node[0-9]*/meminfo r,
    /sys/fs/cgroup/cpu,cpuacct/{,user.slice/}cpu.cfs_quota_us r,
 -  /sys/fs/cgroup/user.slice/user-[0-9]*.slice/user@[0-9]*.service/app.slice/app-gnome-torbrowser-[0-9]*.scope/cpu.max r,
 +  @{sys}/fs/cgroup/**/cpu.max r,
    deny /sys/class/input/ r,
    deny /sys/devices/virtual/block/*/uevent r,

_______________________________________________
tor-commits mailing list -- tor-commits@xxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to tor-commits-leave@xxxxxxxxxxxxxxxxxxxx

Next by Author: [tor-commits] [Git][tpo/applications/tor-browser-build][main] Bug 28595: Remove the need to update var/gradle_dependencies_version
Previous by thread: [tor-commits] [Git][tpo/applications/tor-browser][tor-browser-148.0a1-16.0-2] TB 31951: [Android] Disable Scroll to hide toolbar
Index(es):
- Author
- Thread