Commit 692e28a1 authored by intrigeri's avatar intrigeri
Browse files

AppArmor: allow unprivileged user namespaces 

Firefox uses userns to set up its own sandboxing.

On Debian, AppArmor was already allowing this by default, until a recent
upload (that is now in Trixie) updated the features pinning to a version that
now mediates usage of userns, so this functionality is now blocked by profiles
that don't explicitly allow it. Let's repair this.

Also reported as Debian#1098845.
parent 40b03cdf

apparmor/torbrowser.Browser.firefox

+2 −0
Original line number Diff line number Diff line
@@ -13,6 +13,8 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} { 
  #include if exists <abstractions/vulkan>

  #include if exists <abstractions/dbus-session-strict>



  userns,



  deny capability sys_ptrace,



  # Uncomment the following lines if you want to give the Tor Browser read-write