The results of our self-audit (#8007) have lead to some fixes. Some are mostly ready in the topic branch, some need more thought and thus have dedicated subtasks.
- Description updated (diff)
- Target version changed from Tails_1.5 to Tails_1.7
Let's stabilize a subset of this (#9756 and subtasks) and postpone the rest.
- Feature Branch deleted (
- Target version changed from Tails_1.7 to 246
- Target version changed from 246 to Tails_2.0
- Target version changed from Tails_2.0 to Tails_2.2
- Target version changed from Tails_2.2 to Tails_2.4
- Target version changed from Tails_2.4 to Tails_2.6
- Target version changed from Tails_2.6 to Tails_2.7
- Target version changed from Tails_2.7 to 284
- Target version changed from 284 to Tails 2.10
- Target version deleted (
I'm less and less convinced that it's the way to go: IMO our current AppArmor policy is close to achieve about the right balance between increasing safety, not being a PITA to maintain, and not affecting UX too negatively. For apps we would like to confine in a stricter way, I think AppArmor shall be complemented with other sandboxing technologies, such as Linux namespaces, as done by things like oz, snap, flatpak and various other sandboxing wrappers. So I would like us to take a step back and think about our goals here before I spend substantial time on this again.
- Related to Feature #6178: Evaluate current state of Linux namespaces added
- Assignee deleted (
Let's reevaluate this ticket in ~1 year then.
- Related to Feature #10422: Grant Tor Browser access to files as designated by the user added
- Status changed from In Progress to Resolved
The most important bits were done years ago. I've unparented the remaining ones.
Also available in: Atom