apparmor-profile-torbrowser allows access to user home folder

nurmagoz · August 31, 2022, 4:31pm

apparmor-profile-torbrowser was blocking the ability of TB to access to any /home/user/folder except for /Downloads and the one where TB exist.

Now the profile doenst do any of that instead it allowed the access to all folders.

Patrick · July 7, 2023, 9:30pm

File /etc/apparmor.d/home.tor-browser.firefox uses:

include <abstractions/user-download>

That means it uses the rules which are written in this file::

/etc/apparmor.d/abstractions/user-download

This file is owned by the apparmor package. Why do I think so? Commands:

dpkg -S /etc/apparmor.d/abstractions/user-download

shows:

apparmor: /etc/apparmor.d/abstractions/user-download

File /etc/apparmor.d/abstractions/user-download contains AppArmor rules which one could argue are too lenient.

AppArmor upstream file location:

It contains for example, quote:

owner @{HOME}/[^.]* rwl,

Patrick · July 7, 2023, 9:37pm

Reported a bug upstream: