Feature #8415
Migrate from aufs to overlayfs
100%
Description
Tails uses aufs, that is 1. is a pain to use with the grsecurity patchset; 2. is out-of-tree and requires aufs-dkms. overlayfs has none of these problems. It’s been merged into Linux 3.18 and the Debian kernel team would like to drop support for aufs at some point.
team: segfault, intrigeri
Files
Subtasks
Feature #8456: Test whiteouts support with overlayfs | Resolved | 100 |
|||
Feature #8472: Wait for overlayfs to support multiple read-only lower layers | Resolved | 100 |
|||
Feature #8473: Add support to live-boot to support multiple read-only lower layers with overlayfs | Resolved | 100 |
|||
Feature #8474: Test overlayfs in Tails | Resolved | 100 |
|||
Bug #8483: Fix overlayfs support in live-boot upstream | Resolved | 100 |
|||
Feature #8801: Test our file ordering profiling process vs. overlayfs | Resolved | 100 |
|||
Bug #8908: bilibop doesn't support overlayfs and then the boot device has buggy permissions | Resolved | 100 |
|||
Bug #9045: overlayfs breaks AppArmor | Resolved | 100 |
|||
Feature #9373: Make tails-iuk support overlayfs | Resolved | 100 |
|||
Feature #9421: Upgrade the overlayfs branch to Linux 4.x | Resolved | 100 |
|||
Feature #12105: Adjust chrooted browsers to overlayfs | Resolved | 100 |
|||
Feature #12106: Adjust test suite to overlayfs | Resolved | 100 |
|||
Feature #12112: Drop aufs-specific kludges from AppArmor policy | Resolved | 100 |
|||
Bug #15689: Test if overlayfs is affected by the DAC bug wrt. incremental upgrades changing UID/GID | Resolved | 100 |
|||
Feature #17262: Make the build of overlayfs-based IUKs reproducible | Resolved | 100 |
|||
Feature #17440: Create overlayfs-based IUKs v2 for the test suite | Resolved | 100 |
|||
Feature #17451: Update / clean up remaining aufs-related bits | Resolved | 100 |
Related issues
Related to Tails - |
Resolved | 2018-06-28 | |
Related to Tails - |
Resolved | ||
Related to Tails - Feature #17258: Enable overlayfs options that make it act more like a standards compliant filesystem | In Progress | ||
Related to Tails - Bug #17361: Streamline our release process | Confirmed | ||
Related to Tails - |
Resolved | 2018-01-03 | |
Blocks Tails - |
Resolved | 2018-12-17 | |
Blocks Tails - Feature #16209: Core work: Foundations Team | Confirmed | ||
Blocks Tails - Feature #17256: Drop hacks regarding UID/GID changes | Confirmed |
History
#1 Updated by intrigeri 2014-12-11 13:15:03
- Description updated
#2 Updated by anonym 2014-12-17 17:22:56
Bad news: by default overlayfs only supports stacking two layers and I’ve verified that at least the current 3.18 “trunk” kernel has this limitation. Given that we have the following for the stated use cases:
> * regular usage
Not sure what this means.
> * persistence
It should be fine for us. The base Live system needs one layer for the filesystem.squashfs and COW-dir/tmpfs union, and we need no more for read-write persistence. Read-only persistence will indeed need a layer too, but it will be irrelevant since it will start a new union; its lowerdir
is not from another union but the persistence source directory on the persistence medium.
Actually I think Debian Live’s persistence is safe with this change in general.
> * incremental upgrades
Since the base Live system already occupies one layer, we’ll be limited to only one incremental upgrade.
Next up: whiteouts. It seems it’s a character devices, but I didn’t look into it.
> * chroots for web browsers
Affected by the same issue as incremental upgrades.
The stack depth limit of 2 has the following comment in the kernel sources: “Needs to be limited to prevent kernel stack overflow”. That’s vague, and 2 seems a bit arbitrary, so hopefully it can be increased without loss of stability, although it would require some serious testing. The question remains if we can get Debian to patch it to something higher, or, better yet, upstream Linux. For a stack depth limit of N, we can support N-1 incremental upgrades, so I guess we’d be happy with 8 or whatever.
To avoid more stacking than 2 layers we could resort to merging the contents of our squashfs when they’re installed, but that would increase the RAM needed (for temporary disk space to extract them) to perform an upgrade quite a bit.
#3 Updated by intrigeri 2014-12-17 18:18:42
anonym wrote:
> > * regular usage
>
> Not sure what this means.
I meant the stacked FS built by live-boot from the base squashfs and a tmpfs. Just what you describe below with “one layer for the […]” :)
> Next up: whiteouts. It seems it’s a character devices, but I didn’t look into it.
Indeed, for non-directories it’s a char device: does SquashFS support char devices?
But for directories it’s done with a xattr to make it opaque: does SquashFS support xattr?
> The stack depth limit of 2 has the following comment in the kernel sources: “Needs to be limited to prevent kernel stack overflow”. That’s vague, and 2 seems a bit arbitrary, so hopefully it can be increased without loss of stability, although it would require some serious testing. The question remains if we can get Debian to patch it to something higher, or, better yet, upstream Linux.
I wonder why “2” was chosen, as opposed e.g. to 4 or 8.
> For a stack depth limit of N, we can support N-1 incremental upgrades, so I guess we’d be happy with 8 or whatever.
Due to size limitations, we likely won’t be able to install more than 4 IUKs in a row anyway, so N=5 would be just fine for us.
> To avoid more stacking than 2 layers we could resort to merging the contents of our squashfs when they’re installed, but that would increase the RAM needed (for temporary disk space to extract them) to perform an upgrade quite a bit.
… and CPU usage to recompress the merged squashfs!
Anyway, there’s some hope: some work is in progress (by the current overlayfs maintainer) to support more than one read-only lower layer, and it’s said to be the “top feature request”. The code lives in git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs.git (branch overlayfs-next, currently). I’m not sure I got it right, but my understanding is that once this is implemented, we can merge all squashfs in one single mount in live-boot, and then both incremental upgrades (if whiteouts work right, otherwise we’ll have to resort to crazy kludges) and chroot’ed browsers work again.
Later on the same thread, there are also patches to make the stack depth limit configurable at runtime, but it was deemed risky by the overlayfs maintainer without more work to check that the stack will be safe.
#4 Updated by anonym 2014-12-18 10:55:38
intrigeri wrote:
> anonym wrote:
> > Next up: whiteouts. It seems it’s a character devices, but I didn’t look into it.
>
> Indeed, for non-directories it’s a char device: does SquashFS support char devices?
Yes. I created a file with mknod test c 0 0
and squashed and the unsquashed, and I got it back. However, when testing overlayfs I couldn’t for the life of me find the location of this whiteout character devices after deleting files..
> But for directories it’s done with a xattr to make it opaque: does SquashFS support xattr?
It seems it does. Both mksquashfs
has the -xattrs
option: “store extended attributes (default).”
> > For a stack depth limit of N, we can support N-1 incremental upgrades, so I guess we’d be happy with 8 or whatever.
>
> Due to size limitations, we likely won’t be able to install more than 4 IUKs in a row anyway, so N=5 would be just fine for us.
Right now, yes, but what about when we have same-day security updates? Then we probably would end up with several small IUKs between each planned (six week cycle) release.
> > To avoid more stacking than 2 layers we could resort to merging the contents of our squashfs when they’re installed, but that would increase the RAM needed (for temporary disk space to extract them) to perform an upgrade quite a bit.
>
> … and CPU usage to recompress the merged squashfs!
Right. While we cannot do anything about the CPU requirements I think we could at least reduce the memory needed for the squashfs merging by doing it on a file-by-file basis, i.e. use unsquashfs
to list the contents of the new .squashfs, and for each of those files we extract it and add it into the previous .squashfs .squashfs. We’d have to deal with deleted/whiteout:ed files some how, of course.
Actually, if this approach is applied to the filesystem.squash, we’d eliminate much of the extra space needed for incremental upgrades since we’d end up with something that is (more or less) identical to a properly Clone & Install version of the target Tails version (modulo partition table stuff and maybe some other lower level stuff). This would allow users to do incremental upgrades essentially forever.
OTOH, perhaps modifying filesystem.squashfs is risky since the current live system is running from it, but if so we could do it in a separate upgrades.squashfs file that is the only extra overlayfs layer we’d ever add, then we could support incremental upgrades more or less forever too, provided something like 1 GB of free space on the Tails partition after a fresh install.
In either case, perhaps it’d be sound to require a fresh start (“Clone & Upgrade”) for new Debian releases though. And with these approaches we probably could use tarballs instead of squashfs files for packaging the stuff inside the .iuk file. I would expect quite some complexity for dealing with deleted files, though.
I’ll stop rambling but at least it’s some food for thought.
> Anyway, there’s some hope: some work is in progress (by the current overlayfs maintainer) to support more than one read-only lower layer, and it’s said to be the “top feature request”. […]
Indeed, that is good news! So I guess we’ll be fine with living with the Jessie kernel until that feature hits a kernel in Debian Sid.
#5 Updated by intrigeri 2014-12-18 13:50:50
anonym wrote:
> intrigeri wrote:
>> anonym wrote:
>> > Next up: whiteouts. It seems it’s a character devices, but I didn’t look into it.
> […]
Thanks for the tests, and glad the results are good! Filed Feature #8456 to track the remaining bits on this front.
>> > For a stack depth limit of N, we can support N-1 incremental upgrades, so I guess we’d be happy with 8 or whatever.
>>
>> Due to size limitations, we likely won’t be able to install more than 4 IUKs in a row anyway, so N=5 would be just fine for us.
> Right now, yes, but what about when we have same-day security updates? Then we probably would end up with several small IUKs between each planned (six week cycle) release.
Indeed.
>> > To avoid more stacking than 2 layers we could resort to merging the contents of
>> > our squashfs when they’re installed, but that would increase the RAM needed (for
>> > temporary disk space to extract them) to perform an upgrade quite a bit.
>>
>> … and CPU usage to recompress the merged squashfs!
> Right. While we cannot do anything about the CPU requirements I think we could at least reduce the memory needed for the squashfs merging by doing it […] I’ll stop rambling but at least it’s some food for thought.
Wow, crazy idea — I like it! Given multiple read-only lower layers support WIP, this will hopefully be related to, but not blocking, when it comes to solving the problem at hand. Capture it in a low priority research ticket?
>> Anyway, there’s some hope: some work is in
>> progress
>> (by the current overlayfs maintainer) to support more than one read-only lower
>> layer, and it’s said to be the “top feature request”. […]
> Indeed, that is good news! So I guess we’ll be fine with living with the Jessie kernel until that feature hits a kernel in Debian Sid.
I hope so. Not sure if it’s worth testing their preliminary patches right now. On the one hand, it’s quite a lot of effort, that has great chances to be useless. OTOH, it would be sad to wait months for the feature to land, and then discover only then that it’s not fit for our use cases, for some reason. Thoughts?
#6 Updated by intrigeri 2014-12-21 21:57:42
- Assignee changed from intrigeri to anonym
- QA Check set to Info Needed
- Type of work changed from Test to Research
anonym wrote:
> > * chroots for web browsers
>
> Affected by the same issue as incremental upgrades.
I don’t get this part: we’ll only be stacking one browser chroot mount on top of the system one, so it should be fine, no?
#7 Updated by anonym 2015-01-05 20:47:54
intrigeri wrote:
> >> > To avoid more stacking than 2 layers we could resort to merging the contents of
> >> > our squashfs when they’re installed, but that would increase the RAM needed (for
> >> > temporary disk space to extract them) to perform an upgrade quite a bit.
> >>
> >> … and CPU usage to recompress the merged squashfs!
>
> > Right. While we cannot do anything about the CPU requirements I think we could at least reduce the memory needed for the squashfs merging by doing it […] I’ll stop rambling but at least it’s some food for thought.
>
> Wow, crazy idea — I like it! Given multiple read-only lower layers support WIP, this will hopefully be related to, but not blocking, when it comes to solving the problem at hand.
This idea would work even with the current limitations of overlayfs; the key difference is that with the idea’s approach we’d never introduce more than one squashfs:es due to incremental upgrades.
> Capture it in a low priority research ticket?
Done in Feature #8534. Unfortunately I discovered a serious limitation of the squashfs format while writing the ticket which now makes me a lot less enthusiastic about this whole idea.
> >> Anyway, there’s some hope: some work is in
> >> progress
> >> (by the current overlayfs maintainer) to support more than one read-only lower
> >> layer, and it’s said to be the “top feature request”. […]
>
> > Indeed, that is good news! So I guess we’ll be fine with living with the Jessie kernel until that feature hits a kernel in Debian Sid.
>
> I hope so. Not sure if it’s worth testing their preliminary patches right now. On the one hand, it’s quite a lot of effort, that has great chances to be useless. OTOH, it would be sad to wait months for the feature to land, and then discover only then that it’s not fit for our use cases, for some reason. Thoughts?
The only thing that worries me is how stacking will work w.r.t. whiteouts. I would assume it behaves in a sane way that would make sense for us, but many disasters has started with such assumptions. But building a Debian kernel with these patches applied cannot be that hard, right?
> > > * chroots for web browsers
> >
> > Affected by the same issue as incremental upgrades.
>
> I don’t get this part: we’ll only be stacking one browser chroot mount on top of the system one, so it should be fine, no?
The problem isn’t the mounting of the chroot inside the Live system’s root filesystem, but the actual construction of the chroot, which at the bottom of the stack will have the filesystem.squashfs
, and then any IUKs’ .squashfs
:s on top (and lastly a “COW” tmpfs), all to provide a “fresh” view of the Live system so no data trivially leaks from the running session into the browser’s chroot. This was what we fixed for bugs Bug #8152 and Bug #8158 in Tails 1.2.1.
#8 Updated by intrigeri 2015-01-08 12:26:41
- related to
Feature #8604: Evaluate a grsec kernel from corsac's APT repository in Tails added
#9 Updated by intrigeri 2015-01-08 12:26:48
- related to
Feature #8600: Evaluate a grsec kernel from spender's build service in Tails added
#10 Updated by intrigeri 2015-02-15 20:21:42
- Subject changed from Evaluate overlayfs to Migrate from aufs to overlayfs
Actually, it’s not as if we’re going to maintain our own Linux kernel with aufs ourselves.
#11 Updated by intrigeri 2015-02-15 23:07:36
- Assignee deleted (
anonym) - QA Check deleted (
Info Needed) - Type of work changed from Research to Code
#12 Updated by intrigeri 2015-02-17 19:24:09
- Feature Branch set to feature/8415-overlayfs
#13 Updated by intrigeri 2015-05-18 09:57:59
- Status changed from Confirmed to In Progress
#14 Updated by intrigeri 2015-07-13 03:48:21
- Target version set to Sustainability_M1
(If we don’t do that, we’ll be stuck forever with Jessie’s 3.16 kernel, which is not viable.)
#15 Updated by sajolida 2015-09-07 10:43:42
- Target version changed from Sustainability_M1 to 2016
#16 Updated by intrigeri 2015-09-28 06:51:33
- related to
Feature #10298: Upgrade to Linux 4.x added
#17 Updated by intrigeri 2016-06-10 12:21:52
I’ve seen no progress upstream on Bug #9045, and Feature #10298 now has a branch ready that doesn’t requires overlayfs, so I’m in favour of postponing this at least to 2017, or rather: let’s drop this from our roadmap until something forces us to migrate, if this ever happens. anonym, what do you think?
#18 Updated by BitingBird 2016-06-26 10:01:33
- Assignee set to anonym
- QA Check set to Info Needed
#19 Updated by intrigeri 2016-08-20 10:53:28
- Assignee deleted (
anonym) - Target version deleted (
2016)
Given we could do Feature #10298 without migrating to overlayfs, we removed this from our roadmap at the summit this year.
#20 Updated by BitingBird 2016-10-16 05:51:57
- QA Check deleted (
Info Needed)
#21 Updated by intrigeri 2017-01-01 11:27:18
- related to deleted (
)Feature #8604: Evaluate a grsec kernel from corsac's APT repository in Tails
#22 Updated by intrigeri 2017-01-01 11:27:20
- related to deleted (
)Feature #10298: Upgrade to Linux 4.x
#23 Updated by intrigeri 2017-01-01 11:27:23
- related to deleted (
)Feature #8600: Evaluate a grsec kernel from spender's build service in Tails
#24 Updated by intrigeri 2017-01-01 11:27:25
- related to
Feature #7649: Include a grsecurity-patched kernel added
#25 Updated by intrigeri 2017-01-01 18:31:37
- related to deleted (
)Feature #7649: Include a grsecurity-patched kernel
#26 Updated by intrigeri 2017-01-01 18:31:52
- blocks
Feature #7649: Include a grsecurity-patched kernel added
#27 Updated by intrigeri 2017-01-02 09:41:16
- Feature Branch changed from feature/8415-overlayfs to feature/8415-overlayfs-stretch
#28 Updated by intrigeri 2017-01-02 09:41:53
I’ve updated the branch, run the test suite, and created subtasks for what’s left to do.
#29 Updated by intrigeri 2017-01-02 09:44:21
- Description updated
#30 Updated by intrigeri 2017-05-31 16:06:43
- Feature Branch changed from feature/8415-overlayfs-stretch to wip/feature/8415-overlayfs-stretch
#31 Updated by intrigeri 2017-06-05 15:33:03
- Assignee set to intrigeri
The Debian kernel maintainers are waiting for us to do that before they can stop applying the aufs compat patch, so re-adding to my radar in the hope I think about it when we discuss our roadmap this year.
#32 Updated by intrigeri 2017-06-23 11:20:27
- blocked by deleted (
)Feature #7649: Include a grsecurity-patched kernel
#33 Updated by BitingBird 2017-08-28 20:39:32
- Assignee changed from intrigeri to anonym
- Target version set to 2018
#34 Updated by BitingBird 2017-08-28 20:40:12
- Description updated
#35 Updated by intrigeri 2018-02-03 17:00:02
In the current kernel I see:
fs/overlayfs/inode.c:#define OVL_MAX_NESTING FILESYSTEM_MAX_STACK_DEPTH
include/linux/fs.h:#define FILESYSTEM_MAX_STACK_DEPTH 2
So in order to switch to overlayfs, we do need to do a part of Bug #11831 (replacing older IUKs with a new one that has the diff between the version of Tails initially installed and the one we want to upgrade to). I’ll mark this ticket as blocked accordingly.
#36 Updated by intrigeri 2018-02-03 17:00:44
- blocked by
Bug #11831: NVIDIA Maxwell series graphic card: X.Org doesn't start, or slow graphics operations added
#37 Updated by intrigeri 2018-02-03 17:00:52
- blocks deleted (
)Bug #11831: NVIDIA Maxwell series graphic card: X.Org doesn't start, or slow graphics operations
#38 Updated by intrigeri 2018-02-03 17:00:59
- blocked by
Feature #11131: Endless automatic upgrades added
#39 Updated by intrigeri 2018-02-03 17:03:01
- Description updated
#40 Updated by anonym 2018-02-05 15:47:40
- related to
Feature #15281: Stack one single SquashFS diff when upgrading added
#41 Updated by intrigeri 2018-02-06 15:31:18
- blocks deleted (
)Feature #11131: Endless automatic upgrades
#42 Updated by intrigeri 2018-02-06 15:31:23
- related to deleted (
)Feature #15281: Stack one single SquashFS diff when upgrading
#43 Updated by intrigeri 2018-02-06 15:31:30
- blocked by
Feature #15281: Stack one single SquashFS diff when upgrading added
#44 Updated by intrigeri 2018-06-28 20:35:52
- related to
Bug #15407: Prevent system user uid:s and gid:s from changing between releases added
#45 Updated by Anonymous 2018-08-19 06:06:42
- related to
Feature #6876: Have the incremental upgrade process use less RAM added
#46 Updated by intrigeri 2018-09-12 06:55:47
- Description updated
- Assignee changed from anonym to segfault
- Target version changed from 2018 to Tails_3.11
#47 Updated by CyrilBrulebois 2018-12-16 13:52:34
- Target version changed from Tails_3.11 to Tails_3.12
#48 Updated by sajolida 2019-01-10 11:38:33
- Target version changed from Tails_3.12 to Tails_3.13
This ticket is blocked by Feature #15281 which is marked for 3.13.
#49 Updated by intrigeri 2019-01-12 16:34:01
- blocks
Feature #6560: UEFI Secure boot added
#50 Updated by sajolida 2019-03-14 17:04:24
- related to #15885 added
#51 Updated by CyrilBrulebois 2019-03-20 14:35:08
- Target version changed from Tails_3.13 to Tails_3.14
#52 Updated by intrigeri 2019-03-24 12:38:37
- Target version changed from Tails_3.14 to 2019
#53 Updated by intrigeri 2019-04-12 17:11:10
- File test-8415-overlayfs.sh added
Actually, I don’t think this is blocked by Feature #15281 anymore.
Documentation/filesystems/overlayfs.txt
in the kernel source code now reads:
Multiple lower layers
---------------------
Multiple lower layers can now be given using the the colon (":") as a
separator character between the directory names. For example:
mount -t overlay overlay -olowerdir=/lower1:/lower2:/lower3 /merged
As the example shows, "upperdir=" and "workdir=" may be omitted. In
that case the overlay will be read-only.
The specified lower directories will be stacked beginning from the
rightmost one and going left. In the above example lower1 will be the
top, lower2 the middle and lower3 the bottom layer.
This feature was added in Linux 4.0, after anonym did the initial analysis.
live-boot makes use of it so my understanding is that:
- the “2” number is how many overlayfs can be in a stack
- the root filesystem is built using one single overlayfs layer, that can have multiple read-only lower layers, i.e. `filesystem.squashfs` and any number of `$VERSION.squashfs` incremental upgrades
- the chrooted browsers filesystem is constructed in the exact same way as the root filesystem, except it takes its read-only lower layers straight from
/lib/live/mount/rootfs/*.squashfs/
(bind-mounted SquashFS’es). I don’t know if this qualifies as a 2nd layer of nesting merely because/lib/live/mount/rootfs
is on the aufs root filesystem but that should work.
So I quickly hacked something (attached) that seems to demonstrate that the number of incremental upgrades applied does not matter.
@anonym, could you please take a look and (re?)explain me what I missed, if anything?
#54 Updated by intrigeri 2019-04-12 17:11:31
- Assignee deleted (
segfault)
#55 Updated by intrigeri 2019-11-23 09:16:58
- Feature Branch changed from wip/feature/8415-overlayfs-stretch to feature/8415-overlayfs+force-all-tests
#56 Updated by intrigeri 2019-11-24 08:48:43
- blocks deleted (
)Feature #15281: Stack one single SquashFS diff when upgrading
#57 Updated by intrigeri 2019-12-01 11:05:05
- Target version changed from 2019 to Tails_4.5
The milestone for this is “March 2020” so the current goal is to have this ready in time for 4.5~rc1. We might manage to complete this earlier though — we’ll see!
#58 Updated by intrigeri 2019-12-01 11:07:50
- related to Feature #17258: Enable overlayfs options that make it act more like a standards compliant filesystem added
#59 Updated by intrigeri 2019-12-01 11:08:25
- blocks Feature #16209: Core work: Foundations Team added
#60 Updated by intrigeri 2019-12-01 11:22:03
- Priority changed from Elevated to High
#61 Updated by intrigeri 2019-12-17 12:02:37
- related to Bug #17361: Streamline our release process added
#62 Updated by segfault 2020-02-21 10:02:10
- blocks Feature #17256: Drop hacks regarding UID/GID changes added
#63 Updated by intrigeri 2020-03-15 15:41:32
In order to fix the build on Jenkins and to evaluate something closer to what we want to release, I’ve merged the devel branch into this one. This should also help avoid merging this branch into stable by mistake.
#64 Updated by intrigeri 2020-03-19 09:21:53
- Status changed from In Progress to Needs Validation
- Assignee set to anonym
#65 Updated by intrigeri 2020-03-20 08:55:07
- Feature Branch changed from feature/8415-overlayfs+force-all-tests to feature/6560-secure-boot+force-all-tests, https://salsa.debian.org/tails-team/tails/-/merge_requests/44/
#66 Updated by intrigeri 2020-03-20 08:56:35
(I’ve retired the feature/8415-overlayfs+force-all-tests branch: at this stage of the process, I see no benefit anymore in doing Feature #8415 and Feature #6560 in separate branches, while it has a non-negligible cost, e.g. to follow up on anonym’s review I would have to carefully distribute my commits over 2 branches.)
#67 Updated by intrigeri 2020-03-20 09:45:55
- related to
Bug #15146: Make memory erasure feature compatible with overlayfs added
#68 Updated by intrigeri 2020-03-21 09:06:04
- Assignee changed from anonym to intrigeri
(anonym ACK’ed the merge, I’ll coordinate when we do it.)
#69 Updated by intrigeri 2020-03-21 18:28:49
- Status changed from Needs Validation to Resolved
Applied in changeset commit:tails|7ca99d6f0e1670dc0c5daedf13a449528d5a7783.