Project

General

Profile

Bug #9534

Tighten AppArmor policy

Added by intrigeri over 4 years ago. Updated 9 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
06/04/2015
Due date:
% Done:

100%

Feature Branch:
Type of work:
Code
Starter:
Affected tool:

Description

The results of our self-audit (#8007) have lead to some fixes. Some are mostly ready in the topic branch, some need more thought and thus have dedicated subtasks.


Subtasks

Bug #9533: Tighten Evince AppArmor policyRejected

Bug #9756: Tighten AppArmor policy, phase 1Resolved

Feature #9539: Install the apparmor-profiles packageResolved

Bug #9558: Tor Browser confinement allows downloading to /tmpResolved

Bug #9552: Fix Vidalia's access to its configuration with hardened AppArmor policyResolved

Feature #9755: Test hardened AppArmor policy on a system with an incremental upgrade appliedResolved

Bug #9537: Fix torrc renaming with hardened AppArmor policyResolved

Bug #9757: Remove AppArmor profiles we don't useResolved

Bug #10462: Automatically test our AppArmor policy vs. hard linksRejected

Bug #10463: Mention the hardlinks topic in our AppArmor design docRejected

Bug #10836: Investigate why the Tor Browser AppArmor profile allows starting TotemResolved

Bug #11578: Totem AppArmor profile allows opening OTR private keyResolved

Feature #12125: Mount a tmpfs on /var/tmp, to mitigate the hardlinks permissions open by the user-tmp AppArmor abstractionResolved


Related issues

Related to Tails - Feature #8007: Self-audit our AppArmor profiles Resolved
Related to Tails - Feature #6178: Evaluate current state of Linux namespaces Rejected 07/20/2013
Related to Tails - Feature #10422: Grant Tor Browser access to files as designated by the user Confirmed 08/30/2018

History

#1 Updated by intrigeri over 4 years ago

  • Related to Feature #8007: Self-audit our AppArmor profiles added

#2 Updated by intrigeri over 4 years ago

  • Description updated (diff)

#3 Updated by intrigeri over 4 years ago

  • Target version changed from Tails_1.5 to Tails_1.7

Let's stabilize a subset of this (#9756 and subtasks) and postpone the rest.

#4 Updated by intrigeri over 4 years ago

  • Feature Branch deleted (bugfix/8007-AppArmor-hardening)

#5 Updated by intrigeri about 4 years ago

  • Target version changed from Tails_1.7 to 246

#6 Updated by sajolida about 4 years ago

  • Target version changed from 246 to Tails_2.0

#7 Updated by intrigeri about 4 years ago

  • Target version changed from Tails_2.0 to Tails_2.2

#8 Updated by intrigeri almost 4 years ago

  • Target version changed from Tails_2.2 to Tails_2.4

#9 Updated by intrigeri over 3 years ago

  • Target version changed from Tails_2.4 to Tails_2.6

#10 Updated by intrigeri over 3 years ago

  • Target version changed from Tails_2.6 to Tails_2.7

#11 Updated by intrigeri about 3 years ago

  • Target version changed from Tails_2.7 to 284

#12 Updated by anonym about 3 years ago

  • Target version changed from 284 to Tails 2.10

#13 Updated by intrigeri almost 3 years ago

  • Target version deleted (Tails 2.10)

#14 Updated by intrigeri over 2 years ago

I'm less and less convinced that it's the way to go: IMO our current AppArmor policy is close to achieve about the right balance between increasing safety, not being a PITA to maintain, and not affecting UX too negatively. For apps we would like to confine in a stricter way, I think AppArmor shall be complemented with other sandboxing technologies, such as Linux namespaces, as done by things like oz, snap, flatpak and various other sandboxing wrappers. So I would like us to take a step back and think about our goals here before I spend substantial time on this again.

#15 Updated by intrigeri over 2 years ago

  • Related to Feature #6178: Evaluate current state of Linux namespaces added

#16 Updated by intrigeri over 1 year ago

  • Assignee deleted (intrigeri)

#17 Updated by u over 1 year ago

Let's reevaluate this ticket in ~1 year then.

#18 Updated by u over 1 year ago

  • Related to Feature #10422: Grant Tor Browser access to files as designated by the user added

#19 Updated by intrigeri 9 months ago

  • Status changed from In Progress to Resolved

The most important bits were done years ago. I've unparented the remaining ones.

Also available in: Atom PDF