Project

General

Profile

Bug #7018

Fails to setup firewall rules at early boot stage

Added by intrigeri over 5 years ago. Updated over 2 years ago.

Status:
Resolved
Priority:
Elevated
Assignee:
-
Category:
-
Target version:
Start date:
04/03/2014
Due date:
% Done:

100%

Feature Branch:
bugfix/7018-firewall-initial-setup
Type of work:
Code
Blueprint:
Starter:
No
Affected tool:

Description

ferm fails to apply the firewall rules at early boot, since the amnesia user was not created yet and we use uid matching. Luckily, we apply it as soon as a network interface gets up. Still, to avoid losing the race, we should have ferm load another, simpler and stricter, set of firewall rules at this time: blocking everything would be a bit safer.


Related issues

Duplicated by Tails - Bug #11933: ferm does not start Duplicate 11/16/2016

Associated revisions

Revision 60f4f7cf (diff)
Added by intrigeri almost 3 years ago

Fix firewall startup during early boot, by referring to the "amnesia" user via its UID (refs: #7018).

Revision e0ee009b
Added by intrigeri almost 3 years ago

Merge branch 'bugfix/7018-firewall-initial-setup' into feature/stretch (refs: #7018)

Revision df185687
Added by anonym almost 3 years ago

Merge remote-tracking branch 'origin/bugfix/7018-firewall-initial-setup' into devel

Fix-committed: #7018

Revision 8ac7a044 (diff)
Added by anonym over 2 years ago

Ferm: use the variable when referring to the Live user.

The firewall will fail to start during early boot otherwise since the
"amnesia" user hasn't been created yet.

Refs: #7018
Will-fix: #12208

History

#1 Updated by BitingBird over 4 years ago

This ticket has priority elevated since a year. Should it be a hole in the roof?

#2 Updated by intrigeri over 4 years ago

This ticket has priority elevated since a year. Should it be a hole in the roof?

I think so, yes.

#3 Updated by BitingBird over 4 years ago

  • Target version set to Hole in the Roof

#4 Updated by intrigeri over 3 years ago

A simpler way to fix that would be to s/uid-owner amnesia/uid-owner 1000/ in ferm.conf.

#5 Updated by intrigeri almost 3 years ago

  • Status changed from Confirmed to In Progress
  • Assignee set to intrigeri
  • Target version changed from Hole in the Roof to Tails_2.9.1
  • % Done changed from 0 to 10
  • Feature Branch set to bugfix/7018-firewall-initial-setup

This bug breaks the test suite on Stretch, so let's fix it properly, and while I'm at it why not fix it in Tails 2.x as well.

#6 Updated by intrigeri almost 3 years ago

  • Duplicated by Bug #11933: ferm does not start added

#7 Updated by intrigeri almost 3 years ago

  • Assignee changed from intrigeri to anonym
  • % Done changed from 10 to 50
  • QA Check set to Ready for QA

Works for me on Stretch and Jessie. Merged into feature/stretch already, but that was a Hole in the Roof so IMO it's worth getting it into 2.8 as well.

#8 Updated by anonym almost 3 years ago

  • Target version changed from Tails_2.9.1 to Tails 2.10

I was gonna merge it for 2.9, but skipped it since the branch is based on devel. Whatever. :)

#9 Updated by anonym almost 3 years ago

  • Status changed from In Progress to Fix committed
  • Assignee deleted (anonym)
  • % Done changed from 50 to 100
  • QA Check changed from Ready for QA to Pass

#10 Updated by anonym over 2 years ago

  • Status changed from Fix committed to Resolved

Also available in: Atom PDF