Test if the persistent filesystem's root directory needs to be world-readable
Things like #7443 would not be an issue if
/live/persistence/TailsData_unlocked/ had e.g. permissions 0770. What prevents us from doing this? Possibly, we might want to add an ACL to grant the amnesia user read access to this directory, but it's probably not really needed, as the persistent directories are usually bind-mounted to places that this user can read.
#2 Updated by intrigeri over 2 years ago
- Subject changed from Investigate if the persistent filesystem's root directory needs to be world-readable to Test if the persistent filesystem's root directory needs to be world-readable
- Type of work changed from Research to Code
Next step: create a branch that implements what's described above, and see how our test suite likes it.
#3 Updated by intrigeri almost 2 years ago
bin/tails-fix-persistent-volume-permissions: chmod 0770 instead of 0775
- migrate existing persistent filesystems in
live-persist: before calling
mountpoint_has_correct_access_rights, if the mountpoint has the old permissions (775), chmod it 770