Bug #9534

Tighten AppArmor policy

Added by intrigeri 2015-06-04 16:05:39 . Updated 2019-03-07 15:48:53 .

Target version:
Start date:
Due date:
% Done:


Feature Branch:
Type of work:
Affected tool:
Deliverable for:


The results of our self-audit (Feature #8007) have lead to some fixes. Some are mostly ready in the topic branch, some need more thought and thus have dedicated subtasks.


Bug #9533: Tighten Evince AppArmor policy Rejected


Bug #9756: Tighten AppArmor policy, phase 1 Resolved


Bug #10462: Automatically test our AppArmor policy vs. hard links Rejected


Bug #10463: Mention the hardlinks topic in our AppArmor design doc Rejected


Bug #10836: Investigate why the Tor Browser AppArmor profile allows starting Totem Resolved


Bug #11578: Totem AppArmor profile allows opening OTR private key Resolved


Feature #12125: Mount a tmpfs on /var/tmp, to mitigate the hardlinks permissions open by the user-tmp AppArmor abstraction Resolved


Related issues

Related to Tails - Feature #8007: Self-audit our AppArmor profiles Resolved
Related to Tails - Feature #6178: Evaluate current state of Linux namespaces Rejected 2013-07-20
Related to Tails - Feature #10422: Grant Tor Browser access to files as designated by the user Confirmed 2018-08-30


#1 Updated by intrigeri 2015-06-04 16:05:59

  • related to Feature #8007: Self-audit our AppArmor profiles added

#2 Updated by intrigeri 2015-06-04 16:06:54

  • Description updated

#3 Updated by intrigeri 2015-07-18 08:01:45

  • Target version changed from Tails_1.5 to Tails_1.7

Let’s stabilize a subset of this (Bug #9756 and subtasks) and postpone the rest.

#4 Updated by intrigeri 2015-08-08 02:46:33

  • Feature Branch deleted (bugfix/8007-AppArmor-hardening)

#5 Updated by intrigeri 2015-10-05 13:23:34

  • Target version changed from Tails_1.7 to 246

#6 Updated by sajolida 2015-11-27 04:46:03

  • Target version changed from 246 to Tails_2.0

#7 Updated by intrigeri 2015-11-30 02:46:31

  • Target version changed from Tails_2.0 to Tails_2.2

#8 Updated by intrigeri 2016-02-05 20:52:38

  • Target version changed from Tails_2.2 to Tails_2.4

#9 Updated by intrigeri 2016-04-29 14:25:41

  • Target version changed from Tails_2.4 to Tails_2.6

#10 Updated by intrigeri 2016-07-19 08:51:54

  • Target version changed from Tails_2.6 to Tails_2.7

#11 Updated by intrigeri 2016-11-05 13:59:44

  • Target version changed from Tails_2.7 to 284

#12 Updated by anonym 2016-11-25 10:57:17

  • Target version changed from 284 to Tails 2.10

#13 Updated by intrigeri 2017-01-09 18:44:40

  • Target version deleted (Tails 2.10)

#14 Updated by intrigeri 2017-06-05 14:08:08

I’m less and less convinced that it’s the way to go: IMO our current AppArmor policy is close to achieve about the right balance between increasing safety, not being a PITA to maintain, and not affecting UX too negatively. For apps we would like to confine in a stricter way, I think AppArmor shall be complemented with other sandboxing technologies, such as Linux namespaces, as done by things like oz, snap, flatpak and various other sandboxing wrappers. So I would like us to take a step back and think about our goals here before I spend substantial time on this again.

#15 Updated by intrigeri 2017-06-05 14:14:29

  • related to Feature #6178: Evaluate current state of Linux namespaces added

#16 Updated by intrigeri 2018-08-18 09:18:04

  • Assignee deleted (intrigeri)

#17 Updated by Anonymous 2018-08-18 10:36:01

Let’s reevaluate this ticket in ~1 year then.

#18 Updated by Anonymous 2018-08-18 10:37:31

  • related to Feature #10422: Grant Tor Browser access to files as designated by the user added

#19 Updated by intrigeri 2019-03-07 15:48:53

  • Status changed from In Progress to Resolved

The most important bits were done years ago. I’ve unparented the remaining ones.