[Pkg-anonymity-tools] [torbrowser-launcher] 23/47: Drop Firefox privileges to (try to) play audio.

Holger Levsen holger at moszumanska.debian.org
Sat Aug 2 16:31:52 UTC 2014 

This is an automated email from the git hooks/post-receive script.

holger pushed a commit to branch master
in repository torbrowser-launcher.

commit 3f46ded893db15e1b4427bd3fcf8732faaef25bc
Author: intrigeri <intrigeri at boum.org>
Date:   Wed Jul 23 18:42:32 2014 +0000

    Drop Firefox privileges to (try to) play audio.
    
    On a vaguely modern GNU/Linux distribution, PulseAudio is used to play sound on
    the desktop. Given the TBB sets $HOME to its own directory, it doesn't find the
    current user's existing instance of PulseAudio, and then tries to start its own.
    
    Likely we don't want this to be allowed, in the context of these AppArmor
    profiles:
    
    * it's a pain to safely allow Firefox to run its own instance of PulseAudio;
    * even if we managed to do it, it's not obvious to me that two concurrent
      isntances of PulseAudio, running as the same user, but now aware of the other,
      would work fine together in any useful way.
    
    This can be revisited at a later point, but requires quite more work.
---
 apparmor/torbrowser.Browser.firefox | 2 --
 1 file changed, 2 deletions(-)

diff --git a/apparmor/torbrowser.Browser.firefox b/apparmor/torbrowser.Browser.firefox
index d65aa01..5ca75fb 100644
--- a/apparmor/torbrowser.Browser.firefox
+++ b/apparmor/torbrowser.Browser.firefox
@@ -1,7 +1,6 @@
 #include <tunables/global>
 
 /home/*/.torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox {
-  #include <abstractions/audio>
   #include <abstractions/gnome>
 
   network tcp,
@@ -20,7 +19,6 @@
   /etc/mime.types r,
   /etc/passwd r,
   owner @{HOME}/.torbrowser/tbb/{i686,x86_64}/tor-browser_*/ r,
-  owner @{HOME}/.torbrowser/tbb/{i686,x86_64}/tor-browser_*/.config/pulse/cookie rwk,
   owner @{HOME}/.torbrowser/tbb/{i686,x86_64}/tor-browser_*/.gnome2{,_private}/ w,
   owner @{HOME}/.torbrowser/tbb/{i686,x86_64}/tor-browser_*/.gnome2{,_private}/** w,
   owner @{HOME}/.torbrowser/tbb/{i686,x86_64}/tor-browser_*/.mozilla/ w,

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/collab-maint/torbrowser-launcher.git

More information about the Pkg-anonymity-tools mailing list