Commit 7ff7c438 authored by intrigeri's avatar intrigeri
Browse files

AppArmor: generalize rule 

The auto-generated app name varies across GNOME (and perhaps systemd) versions,
let's simplify and allow read access to `cpu.max` everywhere relevant.
parent 7f2f9441

apparmor/torbrowser.Browser.firefox

+1 −1
Original line number Diff line number Diff line
@@ -127,7 +127,7 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} { 
  /sys/devices/system/node/ r,

  /sys/devices/system/node/node[0-9]*/meminfo r,

  /sys/fs/cgroup/cpu,cpuacct/{,user.slice/}cpu.cfs_quota_us r,

  /sys/fs/cgroup/user.slice/user-[0-9]*.slice/user@[0-9]*.service/app.slice/app-gnome-torbrowser-[0-9]*.scope/cpu.max r,

  @{sys}/fs/cgroup/**/cpu.max r,

  deny /sys/class/input/ r,

  deny /sys/devices/virtual/block/*/uevent r,