Project

General

Profile

Bug #11578

Bug #9534: Tighten AppArmor policy

Totem AppArmor profile allows opening OTR private key

Added by intrigeri almost 3 years ago. Updated over 2 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
-
Target version:
Start date:
07/19/2016
Due date:
% Done:

100%

QA Check:
Pass
Feature Branch:
bugfix/11578-totem-vs-otr
Type of work:
Code
Blueprint:
Starter:
Affected tool:

Description

i.e. /home/amnesia/.purple/otr.private_key. One of the private-files* abstractions should forbid that... without blocking Pidgin's access to the OTR key.


Related issues

Related to Tails - Bug #11984: Error message when starting Totem: "Failed to get bookmarks list: library routine called out of sequence" Resolved 11/21/2016
Related to Tails - Bug #9533: Tighten Evince AppArmor policy Rejected 06/04/2015

Associated revisions

Revision 8402c706 (diff)
Added by intrigeri over 2 years ago

Forbid Totem from reading hidden files that it's not explicitly allowed to read.

refs: #11578

This commit imports the changes submitted upstream on
https://code.launchpad.net/~intrigeri/apparmor-profiles/+git/apparmor-profiles/+merge/310120

Revision 70d60cc5 (diff)
Added by intrigeri over 2 years ago

Test suite: add regression test for Totem being allowed to open OTR private keys.

refs: #11578

Revision 9c347ed4
Added by bertagaz over 2 years ago

Merge remote-tracking branch 'origin/bugfix/11578-totem-vs-otr' into stable

Fix-committed: #11578

History

#1 Updated by intrigeri almost 3 years ago

  • Target version changed from Tails_2.7 to Tails_2.6

#2 Updated by intrigeri almost 3 years ago

  • Parent task set to #9534

#3 Updated by intrigeri over 2 years ago

  • Target version changed from Tails_2.6 to Tails_2.7

#4 Updated by intrigeri over 2 years ago

  • Description updated (diff)

#5 Updated by intrigeri over 2 years ago

  • Status changed from Confirmed to In Progress
  • % Done changed from 0 to 10

#6 Updated by intrigeri over 2 years ago

  • Feature Branch set to bugfix/11578-totem-vs-otr

#8 Updated by intrigeri over 2 years ago

  • Assignee changed from intrigeri to bertagaz
  • % Done changed from 10 to 50
  • QA Check set to Ready for QA

#9 Updated by bertagaz over 2 years ago

  • Status changed from In Progress to Fix committed
  • Assignee deleted (bertagaz)
  • % Done changed from 50 to 100
  • QA Check changed from Ready for QA to Pass

intrigeri wrote:

The regression test I've added (expectedly) fails on some devel build from a month ago, and passes on this branch https://jenkins.tails.boum.org/view/Tails_ISO/job/test_Tails_ISO_bugfix-11578-totem-vs-otr/3/cucumberTestReport/using-totem/watching-a-mp4-video-stored-on-the-non-persistent-filesystem/.

Jenkins can't build at the moment due to bad routing to immerda, but this branch runs fine at $HOME. Code review passes with particular waves about test suite changes being only in a feature file, 0 step definition changes. Writing regression test became as easy as that commit. :)

Merged!

#10 Updated by bertagaz over 2 years ago

  • Status changed from Fix committed to Resolved

#11 Updated by intrigeri over 2 years ago

  • Related to Bug #11984: Error message when starting Totem: "Failed to get bookmarks list: library routine called out of sequence" added

#12 Updated by intrigeri over 2 years ago

  • Related to Bug #9533: Tighten Evince AppArmor policy added

Also available in: Atom PDF