Tails

#1 Updated by intrigeri 2015-06-04 16:02:58

• Status changed from Confirmed to In Progress
• Type of work changed from Code to User interface design

Sent an initial proposal for review to -ux@.

#2 Updated by intrigeri 2015-06-04 16:03:15

• related to Feature #8007: Self-audit our AppArmor profiles added

#3 Updated by intrigeri 2015-06-04 16:05:52

• related to deleted (Feature #8007: Self-audit our AppArmor profiles)

#4 Updated by intrigeri 2015-06-04 16:06:12

• Parent task set to Bug #9534

#5 Updated by intrigeri 2015-06-06 13:40:37

• % Done changed from 0 to 10

#6 Updated by intrigeri 2015-06-10 09:02:47

• % Done changed from 10 to 20

Agreement was reached on -ux@ regarding the general idea and most of the proposed whitelist, added to the blueprint. Some details are left to be fine-tuned though.

#7 Updated by intrigeri 2015-07-18 08:00:57

• Target version changed from Tails_1.5 to Tails_1.7

#8 Updated by intrigeri 2015-08-08 02:46:18

• Feature Branch deleted (bugfix/8007-AppArmor-hardening)

#9 Updated by intrigeri 2015-10-05 13:23:05

• Target version changed from Tails_1.7 to 246

#10 Updated by sajolida 2015-11-27 04:47:24

• Target version changed from 246 to Tails_2.0

#11 Updated by intrigeri 2015-11-30 02:47:15

• Target version changed from Tails_2.0 to Tails_2.2

#12 Updated by intrigeri 2016-02-05 20:52:04

• Target version changed from Tails_2.2 to Tails_2.4

#13 Updated by intrigeri 2016-04-29 14:26:32

• Target version changed from Tails_2.4 to Tails_2.6

#14 Updated by intrigeri 2016-08-31 06:07:39

• Target version changed from Tails_2.6 to Tails_2.7

#15 Updated by intrigeri 2016-11-05 13:59:41

• Target version changed from Tails_2.7 to 284

#16 Updated by anonym 2016-11-25 10:57:19

• Target version changed from 284 to Tails 2.10

#17 Updated by intrigeri 2016-12-18 12:41:44

• Target version changed from Tails 2.10 to Tails_2.12

(I had to take over a bunch of more urgent sysadmin tasks so I’ll postpone this one.)

#18 Updated by intrigeri 2017-01-09 19:27:30

• related to Bug #11578: Totem AppArmor profile allows opening OTR private key added

#20 Updated by intrigeri 2017-03-08 15:19:03

• Target version changed from Tails_2.12 to Tails_3.2

#21 Updated by intrigeri 2017-06-05 14:04:28

• Target version deleted (Tails_3.2)

#22 Updated by intrigeri 2017-09-11 12:39:30

• Type of work changed from User interface design to Code

Since apparmor-profiles-extra 1.12, access to ~/.* is forbidden for Totem. We should do the same for Evince instead of spending time on the fine-grained list of directories this ticket was originally about: it’ll easier to implement and maintain, can be shared as-is between all distros (while my original plan was Tails-specific), and not much less safe.

Rationale: I want to stop investing too much time into confining GUI apps more strictly with AppArmor, because it only protects against non-sophisticated attackers (as long as access to a11y and input methods can’t be filtered precisely, escaping the sandbox is easy, even assuming X.Org → Wayland). The long-term solution is Flatpak-like confinement (bubblewrap + Portals), that will improve both UX and security. So until these new technologies are mature enough for us to switch, I’ll focus on low-hanging fruits only on the AppArmor side for GUI apps.

#23 Updated by intrigeri 2018-08-18 09:17:51

• Subject changed from Tighten Evince and Totem AppArmor policy to Tighten Evince AppArmor policy

#24 Updated by intrigeri 2019-03-07 15:45:17

• Status changed from In Progress to Rejected
• Assignee deleted (intrigeri)

One year later: I’ll happily review such work upstream but I don’t think that’s where I should spend my Tails time. As said above I’ll focus on evaluating how we could use other sandboxing solutions instead.