From 94d957023047ba018449196fcab2ae3323992db7 Mon Sep 17 00:00:00 2001
From: curiosityseeker <60518106+curiosityseeker@users.noreply.github.com>
Date: Wed, 29 May 2024 22:41:01 +0200
Subject: [PATCH] Firefox: using stacking for glxtest and vaapitest (#337)

The current implementation results in the following errors for the Firefox profile:

 @{lib}/firefox/glxtest rix -> firefox-glxtest,  # no new privs

@{lib}/firefox/vaapitest rix -> firefox-vaapitest,   # no new privs

Using stacking as suggested on https://apparmor.pujol.io/development/structure/#no-new-privileges gets rid of these errors.
---
 apparmor.d/abstractions/app/firefox | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/apparmor.d/abstractions/app/firefox b/apparmor.d/abstractions/app/firefox
index 109be2ea..13829466 100644
--- a/apparmor.d/abstractions/app/firefox
+++ b/apparmor.d/abstractions/app/firefox
@@ -51,11 +51,11 @@
   @{lib_dirs}/{,**}             r,
   @{lib_dirs}/*.so              mr,
   @{lib_dirs}/crashreporter     rPx,
-  @{lib_dirs}/glxtest           rPx,
+  @{lib_dirs}/glxtest           rPx -> firefox//&firefox-glxtest,
   @{lib_dirs}/minidump-analyzer rPx,
   @{lib_dirs}/pingsender        rPx,
   @{lib_dirs}/plugin-container  rPx,
-  @{lib_dirs}/vaapitest         rPx,
+  @{lib_dirs}/vaapitest         rPx -> firefox//&firefox-vaapitest,
 
   # Desktop integration
   @{bin}/lsb_release            rPx -> lsb_release,