[tbb-commits] [Git][tpo/applications/torbrowser-launcher][main] 3 commits: AppArmor: generalize rule

[asciiwolf (@asciiwolf) via tbb-commits]

asciiwolf pushed to branch main at The Tor Project / Applications / 
torbrowser-launcher


Commits:
7ff7c438 by intrigeri at 2026-02-17T13:38:00+00:00
AppArmor: generalize rule

The auto-generated app name varies across GNOME (and perhaps systemd) versions,
let's simplify and allow read access to `cpu.max` everywhere relevant.

- - - - -
ab081741 by intrigeri at 2026-02-17T13:38:59+00:00
AppArmor: allow newly needed access

Sadly, I could not figure out which code needs this.
But it seems pretty harmless.

- - - - -
4bfb2021 by asciiwolf at 2026-02-28T20:02:09+00:00
Merge branch 'apparmor-fixes-2026-02-edition' into 'main'

AppArmor: fixes for recent Debian sid

See merge request tpo/applications/torbrowser-launcher!43
- - - - -


1 changed file:

- apparmor/torbrowser.Browser.firefox


Changes:

=====================================
apparmor/torbrowser.Browser.firefox
=====================================
@@ -124,10 +124,11 @@ profile torbrowser_firefox 
@{torbrowser_firefox_executable} {
   @{sys}/devices/pci[0-9]*/**/irq r,
   /sys/devices/system/cpu/ r,
   /sys/devices/system/cpu/present r,
+  @{sys}/devices/system/cpu/cpu[0-9]*/cpu_capacity r,
   /sys/devices/system/node/ r,
   /sys/devices/system/node/node[0-9]*/meminfo r,
   /sys/fs/cgroup/cpu,cpuacct/{,user.slice/}cpu.cfs_quota_us r,
-  
/sys/fs/cgroup/user.slice/user-[0-9]*.slice/user@[0-9]*.service/app.slice/app-gnome-torbrowser-[0-9]*.scope/cpu.max
 r,
+  @{sys}/fs/cgroup/**/cpu.max r,
   deny /sys/class/input/ r,
   deny /sys/devices/virtual/block/*/uevent r,
 



View it on GitLab: 
https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/-/compare/7f2f9441081d84048464f5d796fecc43117d8c74...4bfb202164808a760c973228e72570fec0db23f7

-- 
View it on GitLab: 
https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/-/compare/7f2f9441081d84048464f5d796fecc43117d8c74...4bfb202164808a760c973228e72570fec0db23f7
You're receiving this email because of your account on gitlab.torproject.org.



_______________________________________________
tbb-commits mailing list -- tbb-commits@lists.torproject.org
To unsubscribe send an email to tbb-commits-le...@lists.torproject.org