summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorsegfault <segfault@riseup.net>2019-08-29 16:07:37 +0200
committerintrigeri <intrigeri@boum.org>2019-08-31 15:25:16 +0000
commitc22e6fa510d8e6113fb4692d5631fd677085ee8b (patch)
tree115289f66f6f381d389e464592c5f3da0e94a06f
parent12f0e4388c5336c385d19ae17ceb2ae9d89005f2 (diff)
Update OnionShare AppArmor profile (refs: #16914)bugfix/16914-onionshare-xdg-open
OnionShare fails to open the URL providing more information about Stealth Onion Services. The added AppArmor rules allow executing xdg-open and dependencies to fix this. Edited by intrigeri: - Remove unnecessary permission to execute cut, head, awk, mawk, sed, tr, and xdg-mime. - Add missing permission to execute gio-launch-desktop.
-rw-r--r--config/chroot_local-includes/etc/apparmor.d/usr.bin.onionshare-gui8
1 files changed, 8 insertions, 0 deletions
diff --git a/config/chroot_local-includes/etc/apparmor.d/usr.bin.onionshare-gui b/config/chroot_local-includes/etc/apparmor.d/usr.bin.onionshare-gui
index 6655e25..37516f1 100644
--- a/config/chroot_local-includes/etc/apparmor.d/usr.bin.onionshare-gui
+++ b/config/chroot_local-includes/etc/apparmor.d/usr.bin.onionshare-gui
@@ -10,6 +10,14 @@
/usr/bin/onionshare-gui r,
/proc/*/cmdline r,
+ # Required to open URLs in Tor Browser
+ /{usr/,}bin/{e,}grep rix,
+ /{usr/,}bin/gio rix,
+ /{usr/,}bin/which rix,
+ /usr/bin/xdg-open rmix,
+ /usr/lib/@{multiarch}/glib-[0-9]*/gio-launch-desktop ix,
+ /usr/local/bin/tor-browser rmUx,
+
# The freedesktop.org abstraction doesn't allow `k`
/usr/share/icons/*/index.theme k,