Feature #15301

Run Tails Server services in containers

Added by segfault 2018-02-10 10:44:44 . Updated 2019-07-19 22:04:43 .

Status:
In Progress
Priority:
Low
Assignee:
segfault
Category:
Target version:
Start date:
2018-02-10
Due date:
% Done:

50%

Feature Branch:
Type of work:
Code
Blueprint:

Starter:
Affected tool:
Server
Deliverable for:

Description

Running the services in their own containers would provide better security by isolation, and ease the cleanup during service uninstallation, which will probably lead to fewer bugs.


Subtasks


History

#1 Updated by segfault 2018-02-10 10:45:10

I currently plan to do this with LXC.

#2 Updated by intrigeri 2018-02-11 06:50:15

> Running the services in their own containers would provide better security by isolation

FTR I’m not 100% convinced the (implementation complexity cost / security benefit) ratio is worth it compared to hardening individual services’ systemd unit files (+ possibly adding AppArmor profiles): systemd’s hardening features are getting very close to what containers can do nowadays, so let’s not overstate the additional security we would get from containers. But perhaps your other reason to lean towards containers (robustness) is enough to make the overall cost/benefit worth it, I dunno.

#3 Updated by segfault 2018-03-04 21:48:18

  • Status changed from Confirmed to In Progress
  • % Done changed from 0 to 50

LXC in combination with systemd-machined turned out to be buggy. I implemented running the services with systemd-nspawn now.

systemd-nspawn containers cannot be made as secure as LXC containers, because they are always granted a long list of capabilities, including CAP_SYS_ADMIN.

Also, I didn’t configure any security features for the containers yet, but plan to do so.

#4 Updated by segfault 2018-08-05 19:24:20

  • Target version deleted (Tails_3.9)

#5 Updated by segfault 2019-07-18 09:17:02

  • Priority changed from Normal to Low

#6 Updated by segfault 2019-07-19 22:04:44

  • Affected tool set to Server