AppArmor, SELinux and other protections
We should create AppArmor, SELinux and other kernel level protection configurations for TorBrowser.
Activity
I would recommend closing this as a duplicate of #5791 (moved). Unless you intended this to be something different.
(Also, there is no trac user called 'helix'.)
Trac:
Cc: helix to helix, intrigeri@boum.orgTrac:
Cc: helix, intrigeri@boum.org to helix, intrigeri@boum.org, adrelanos@riseup.net
Parent: N/A to #5791 (moved)
Adding 'erinn' to cc list of every ticket with 'helix' in its cc list -- erinn is helix's trac username.
Trac:
Cc: helix, intrigeri@boum.org, adrelanos@riseup.net to helix, intrigeri@boum.org, adrelanos@riseup.net, erinn-
Removing helix from cc lists -- helix is not erinn's trac username.
Trac:
Cc: helix, intrigeri@boum.org, adrelanos@riseup.net, erinn to intrigeri@boum.org, adrelanos@riseup.net, erinn -
Trac:
Cc: intrigeri@boum.org, adrelanos@riseup.net, erinn to intrigeri, adrelanos@riseup.net, erinn -
FWIW, I've deeply reworked the AppArmor profiles shipped with the torbrowser-launcher, and they now look good: https://github.com/micahflee/torbrowser-launcher/tree/master/apparmor.
Note, though, that "thanks" to the way Ubuntu ships non-(upstream'ed|released)-yet AppArmor features, the profiles, the kernel logs will be polluted by denials to talk to dbus (reference: discussion starting at https://github.com/micahflee/torbrowser-launcher/issues/92#issuecomment-50591969). Yet, this apparently doesn't harm functionality.
Trac:
Cc: intrigeri, adrelanos@riseup.net, erinn to intrigeri, adrelanos@riseup.net, erinn, nicoo
Sponsor: N/A to N/Agroup tickets related to AppArmorForTBB/tor packages
Trac:
Keywords: N/A deleted, apparmor added
Duplicate of #5791 (moved).
Trac:
Reviewer: N/A to N/A
Status: new to closed
Resolution: N/A to duplicate