Feature #15301
Run Tails Server services in containers
50%
Description
Running the services in their own containers would provide better security by isolation, and ease the cleanup during service uninstallation, which will probably lead to fewer bugs.
Subtasks
History
#1 Updated by segfault 2018-02-10 10:45:10
I currently plan to do this with LXC.
#2 Updated by intrigeri 2018-02-11 06:50:15
> Running the services in their own containers would provide better security by isolation
FTR I’m not 100% convinced the (implementation complexity cost / security benefit) ratio is worth it compared to hardening individual services’ systemd unit files (+ possibly adding AppArmor profiles): systemd’s hardening features are getting very close to what containers can do nowadays, so let’s not overstate the additional security we would get from containers. But perhaps your other reason to lean towards containers (robustness) is enough to make the overall cost/benefit worth it, I dunno.
#3 Updated by segfault 2018-03-04 21:48:18
- Status changed from Confirmed to In Progress
- % Done changed from 0 to 50
LXC in combination with systemd-machined turned out to be buggy. I implemented running the services with systemd-nspawn now.
systemd-nspawn containers cannot be made as secure as LXC containers, because they are always granted a long list of capabilities, including CAP_SYS_ADMIN.
Also, I didn’t configure any security features for the containers yet, but plan to do so.
#4 Updated by segfault 2018-08-05 19:24:20
- Target version deleted (
Tails_3.9)
#5 Updated by segfault 2019-07-18 09:17:02
- Priority changed from Normal to Low
#6 Updated by segfault 2019-07-19 22:04:44
- Affected tool set to Server